make mark-cstyle

make reindent

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970

1249 files changed, 66004 insertions, 66050 deletions

diff --git a/src/appl/bsd/defines.h b/src/appl/bsd/defines.h
index d04182bb9..b565cd87d 100644
--- a/src/appl/bsd/defines.h
+++ b/src/appl/bsd/defines.h
@@ -48,7 +48,7 @@ extern void rcmd_stream_init_normal(void);
 extern char *strsave(const char *sp);
 #endif
 
-krb5_error_code rd_and_store_for_creds(krb5_context context, 
+krb5_error_code rd_and_store_for_creds(krb5_context context,
 				       krb5_auth_context auth_context,
 				       krb5_data *inbuf, krb5_ticket *ticket,
 				       krb5_ccache *ccache);
@@ -65,20 +65,20 @@ extern int setenv(char *, char *, int);
 
 #ifdef KRB_DEFS
 krb5_error_code krb5_compat_recvauth(krb5_context, krb5_auth_context *,
-				     krb5_pointer, char *, krb5_principal, 
+				     krb5_pointer, char *, krb5_principal,
 				     krb5_int32, krb5_keytab,
 				     krb5_int32, char *, char *,
-				     struct sockaddr_in *, 
+				     struct sockaddr_in *,
 				     struct sockaddr_in *, char *,
-				     krb5_ticket **, krb5_int32 *, 
+				     krb5_ticket **, krb5_int32 *,
 				     AUTH_DAT **, Key_schedule, char *);
 
 krb5_error_code
 krb5_compat_recvauth_version(krb5_context, krb5_auth_context *,
-			     krb5_pointer, krb5_principal, krb5_int32, 
+			     krb5_pointer, krb5_principal, krb5_int32,
 			     krb5_keytab, krb5_int32, char *, char *,
 			     struct sockaddr_in *, struct sockaddr_in *,
-			     char *, krb5_ticket **, krb5_int32*, 
+			     char *, krb5_ticket **, krb5_int32*,
 			     AUTH_DAT **,  Key_schedule, krb5_data *);
 #endif
 
diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c
index 1ac2a2a2e..ad0680cd7 100644
--- a/src/appl/bsd/forward.c
+++ b/src/appl/bsd/forward.c
@@ -45,19 +45,19 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache)
     *ccache  = NULL;
 
     retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL);
-    if (retval) 
+    if (retval)
 	return(retval);
 
-    /* Set the KRB5CCNAME ENV variable to keep sessions 
-     * seperate. Use the process id of this process which is 
+    /* Set the KRB5CCNAME ENV variable to keep sessions
+     * seperate. Use the process id of this process which is
      * the rlogind or rshd. Set the environment variable as well.
      */
-  
+
     snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_p%ld", (long) getpid());
     setenv("KRB5CCNAME", ccname, 1);
-  
+
     retval = krb5_cc_resolve(context, ccname, ccache);
-    if (retval) 
+    if (retval)
 	goto cleanup;
 
     retval = krb5_cc_initialize(context, *ccache, ticket->enc_part2->client);
@@ -65,7 +65,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache)
 	goto cleanup;
 
     retval = krb5_cc_store_cred(context, *ccache, *creds);
-    if (retval) 
+    if (retval)
 	goto cleanup;
 
 cleanup:
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
index 16c8e0438..276c7038f 100644
--- a/src/appl/bsd/kcmd.c
+++ b/src/appl/bsd/kcmd.c
@@ -21,14 +21,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -39,14 +39,14 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
 /* derived from @(#)rcmd.c	5.17 (Berkeley) 6/27/88 */
-     
+
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -63,7 +63,7 @@
 #define _TYPES_
 #endif
 #include <fcntl.h>
-     
+
 #ifndef MAXPATHLEN
 #define MAXPATHLEN 1024
 #endif
@@ -80,7 +80,7 @@
 #define sigmask(m)    (1 << ((m)-1))
 #endif
 #endif
-     
+
 #ifndef roundup
 #define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
 #endif
@@ -110,7 +110,7 @@ char *default_service = "host";
  * Note that the encrypted rlogin packets take the form of a four-byte
  * length followed by encrypted data.  On writing the data out, a significant
  * performance penalty is suffered (at least one RTT per character, two if we
- * are waiting for a shell to echo) by writing the data separately from the 
+ * are waiting for a shell to echo) by writing the data separately from the
  * length.  So, unlike the input buffer, which just contains the output
  * data, the output buffer represents the entire packet.
  */
@@ -132,7 +132,7 @@ static char storage[2*RCMD_BUFSIZ];	 /* storage for the decryption */
 static size_t nstored = 0;
 static char *store_ptr = storage;
 static int twrite(int, char *, size_t, int);
-static int v5_des_read(int, char *, size_t, int), 
+static int v5_des_read(int, char *, size_t, int),
     v5_des_write(int, char *, size_t, int);
 static int do_lencheck;
 
@@ -405,9 +405,9 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     }
     cksumdat.data = cksumbuf;
     cksumdat.length = strlen(cksumbuf);
-	
+
     block_urgent(&oldmask);
-    
+
     if (!laddr) laddr = &local_laddr;
     if (kcmd_connect(&s, &addrfamily, &sockin, *ahost, &host_save, rport, 0, laddr) == -1) {
 	restore_sigs(&oldmask);
@@ -416,7 +416,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     *ahost = host_save;
     /* If no service is given set to the default service */
     if (!service) service = default_service;
-    
+
     if (!(get_cred = (krb5_creds *)calloc(1, sizeof(krb5_creds)))) {
         fprintf(stderr,"kcmd: no memory\n");
         return(-1);
@@ -433,7 +433,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
         status = krb5_set_principal_realm(bsd_context, get_cred->server,
 					  realm);
 	if (status) {
-	  fprintf(stderr, "kcmd: krb5_set_principal_realm failed %s\n", 
+	  fprintf(stderr, "kcmd: krb5_set_principal_realm failed %s\n",
 		  error_message(status));
 	  return(-1);
 	}
@@ -470,12 +470,12 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     authopts &= (~OPTS_FORWARD_CREDS);
     authopts &= (~OPTS_FORWARDABLE_CREDS);
 
-    if (krb5_auth_con_init(bsd_context, &auth_context)) 
+    if (krb5_auth_con_init(bsd_context, &auth_context))
 	goto bad2;
 
     if (krb5_auth_con_set_req_cksumtype(bsd_context, auth_context, CKSUMTYPE_RSA_MD5) !=0 )
 	goto bad2;
-    if (krb5_auth_con_setflags(bsd_context, auth_context, 
+    if (krb5_auth_con_setflags(bsd_context, auth_context,
 			       KRB5_AUTH_CONTEXT_RET_TIME))
 	goto bad2;
 
@@ -523,7 +523,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
 	    if (!suppress_err) {
 		fprintf(stderr, "Server returned error code %d (%s)\n",
 			error->error,
-			error_message(ERROR_TABLE_BASE_krb5 + 
+			error_message(ERROR_TABLE_BASE_krb5 +
 				      (int) error->error));
 		if (error->text.length) {
 		    fprintf(stderr, "Error text sent from server: %s\n",
@@ -533,17 +533,17 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
 	    krb5_free_error(bsd_context, error);
 	    error = 0;
 	}
-    }	
+    }
     if (status) goto bad2;
     if (rep_ret && server_seqno) {
 	*server_seqno = rep_ret->seq_number;
 	krb5_free_ap_rep_enc_part(bsd_context, rep_ret);
     }
-    
+
     (void) write(s, remuser, strlen(remuser)+1);
     (void) write(s, cmd, strlen(cmd)+1);
     (void) write(s, locuser, strlen(locuser)+1);
-    
+
     if (options & OPTS_FORWARD_CREDS) {   /* Forward credentials */
 	status = krb5_fwd_tgt_creds(bsd_context, auth_context,
 				    host_save,
@@ -589,13 +589,13 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     restore_sigs(&oldmask);
     *sock = s;
     *protonump = protonum;
-    
+
     /* pass back credentials if wanted */
     if (cred) krb5_copy_creds(bsd_context, ret_cred, cred);
     krb5_free_creds(bsd_context, ret_cred);
     if (authconp)
 	*authconp = auth_context;
-    
+
     return (0);
   bad2:
     if (lport)
@@ -723,7 +723,7 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck, am_client,
 
     use_ivecs = 1;
     switch (in_keyblock->enctype) {
-      /* 
+      /*
        * For the DES-based enctypes and the 3DES enctype we  want to use
        *  a non-zero  IV because that's what we did.  In the future we
        * use different keyusage for each channel and direction and a fresh
@@ -733,7 +733,7 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck, am_client,
     case ENCTYPE_DES_CBC_MD4:
     case ENCTYPE_DES_CBC_MD5:
     case ENCTYPE_DES3_CBC_SHA1:
-      
+
       status = krb5_c_block_size(bsd_context, keyblock->enctype,
 				 &blocksize);
       if (status) {
@@ -829,7 +829,7 @@ static int v5_des_read(fd, buf, len, secondary)
     krb5_error_code ret;
     krb5_data plain;
     krb5_enc_data cipher;
-    
+
     if (nstored >= len) {
 	memcpy(buf, store_ptr, len);
 	store_ptr += len;
@@ -991,7 +991,7 @@ strsave(sp)
     const char *sp;
 {
     register char *ret;
-    
+
     if((ret = strdup(sp)) == NULL) {
 	fprintf(stderr, "no memory for saving args\n");
 	exit(1);
@@ -1002,7 +1002,7 @@ strsave(sp)
 
 /* Server side authentication, etc */
 
-int princ_maps_to_lname(principal, luser)	
+int princ_maps_to_lname(principal, luser)
      krb5_principal principal;
      char *luser;
 {
@@ -1020,7 +1020,7 @@ int default_realm(principal)
 {
     char *def_realm;
     int retval;
-    
+
     if ((retval = krb5_get_default_realm(bsd_context, &def_realm))) {
 	return 0;
     }
@@ -1029,7 +1029,7 @@ int default_realm(principal)
 			def_realm)) {
 	free(def_realm);
 	return 0;
-    }	
+    }
     free(def_realm);
     return 1;
 }
diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c
index eed615ffa..0d9089a47 100644
--- a/src/appl/bsd/krcp.c
+++ b/src/appl/bsd/krcp.c
@@ -47,9 +47,9 @@ char copyright[] =
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/ioctl.h>
-     
+
 #include <netinet/in.h>
-     
+
 #include <stdio.h>
 #include <signal.h>
 #include <pwd.h>
@@ -71,7 +71,7 @@ char copyright[] =
 #include "defines.h"
 
 #define RCP_BUFSIZ 4096
-     
+
 int sock;
 char *krb_realm = NULL;
 char *krb_cache = NULL;
@@ -86,9 +86,9 @@ char	*strsave();
 #endif
 int	rcmd_stream_write(), rcmd_stream_read();
 void 	usage(void), sink(int, char **),
-    source(int, char **), rsource(char *, struct stat *), verifydir(char *), 
+    source(int, char **), rsource(char *, struct stat *), verifydir(char *),
     answer_auth(char *, char *);
-int	response(void), hosteq(char *, char *), okname(char *), 
+int	response(void), hosteq(char *, char *), okname(char *),
     susystem(char *);
 int	encryptflag = 0;
 
@@ -118,7 +118,7 @@ struct buffer {
 struct buffer *allocbuf(struct buffer *, int, int);
 
 #define	NULLBUF	(struct buffer *) 0
-  
+
 void 	error (char *fmt, ...)
 #if !defined (__cplusplus) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7))
        __attribute__ ((__format__ (__printf__, 1, 2)))
@@ -143,7 +143,7 @@ int main(argc, argv)
 #endif
 #ifdef KERBEROS
     krb5_flags authopts;
-    krb5_error_code status;	
+    krb5_error_code status;
     int euid;
     char **orig_argv = save_argv(argc, argv);
     krb5_auth_context auth_context;
@@ -161,19 +161,19 @@ int main(argc, argv)
 	fprintf(stderr, "who are you?\n");
 	exit(1);
     }
-    
+
     for (argc--, argv++; argc > 0 && **argv == '-'; argc--, argv++) {
 	(*argv)++;
 	while (**argv) switch (*(*argv)++) {
-	    
+
 	  case 'r':
 	    iamrecursive++;
 	    break;
-	    
+
 	  case 'p':		/* preserve mtimes and atimes */
 	    pflag++;
 	    break;
-	    
+
 	  case 'D':
 	    argc--, argv++;
 	    if (argc == 0)
@@ -191,7 +191,7 @@ int main(argc, argv)
 	    break;
 	  case 'k':		/* Change kerberos realm */
 	    argc--, argv++;
-	    if (argc == 0) 
+	    if (argc == 0)
 	      usage();
 	    if(!(krb_realm = strdup(*argv))){
 		fprintf(stderr, "rcp: Cannot malloc.\n");
@@ -200,7 +200,7 @@ int main(argc, argv)
 	    goto next_arg;
 	  case 'c':		/* Change default ccache file */
 	    argc--, argv++;
-	    if (argc == 0) 
+	    if (argc == 0)
 	      usage();
 	    if(!(krb_cache = strdup(*argv))){
 		fprintf(stderr, "rcp: Cannot malloc.\n");
@@ -209,7 +209,7 @@ int main(argc, argv)
 	    goto next_arg;
 	  case 'C':		/* Change default config file */
 	    argc--, argv++;
-	    if (argc == 0) 
+	    if (argc == 0)
 	      usage();
 	    if(!(krb_config = strdup(*argv))){
 		fprintf(stderr, "rcp: Cannot malloc.\n");
@@ -229,7 +229,7 @@ int main(argc, argv)
 	  case 'd':
 	    targetshouldbedirectory = 1;
 	    break;
-	    
+
 	  case 'f':		/* "from" */
 	    iamremote = 1;
 	    rcmd_stream_init_normal();
@@ -241,7 +241,7 @@ int main(argc, argv)
 	    (void) response();
 	    source(--argc, ++argv);
 	    exit(errs);
-	    
+
 	  case 't':		/* "to" */
 	    iamremote = 1;
 	    rcmd_stream_init_normal();
@@ -252,13 +252,13 @@ int main(argc, argv)
 
 	    sink(--argc, ++argv);
 	    exit(errs);
-	    
+
 	  default:
 	    usage();
 	}
       next_arg: ;
     }
-    
+
     if (argc < 2)
       usage();
     if (argc > 2)
@@ -272,7 +272,7 @@ int main(argc, argv)
 #else
       sp = getservbyname("shell", "tcp");
 #endif /* KERBEROS */
-    
+
       if (sp == NULL) {
 #ifdef KERBEROS
 	fprintf(stderr, "rcp: kshell/tcp: unknown service\n");
@@ -289,7 +289,7 @@ int main(argc, argv)
     if (asprintf(&cmd, "%srcp %s%s%s%s%s%s%s%s%s",
 		 encryptflag ? "-x " : "",
 
-		 iamrecursive ? " -r" : "", pflag ? " -p" : "", 
+		 iamrecursive ? " -r" : "", pflag ? " -p" : "",
 		 targetshouldbedirectory ? " -d" : "",
 		 krb_realm != NULL ? " -k " : "",
 		 krb_realm != NULL ? krb_realm : "",
@@ -303,10 +303,10 @@ int main(argc, argv)
 
 #else /* !KERBEROS */
     (void) snprintf(cmd, sizeof(cmdbuf), "rcp%s%s%s",
-		    iamrecursive ? " -r" : "", pflag ? " -p" : "", 
+		    iamrecursive ? " -r" : "", pflag ? " -p" : "",
 		    targetshouldbedirectory ? " -d" : "");
 #endif /* KERBEROS */
-    
+
 #ifdef POSIX_SIGNALS
     (void) sigemptyset(&sa.sa_mask);
     sa.sa_flags = 0;
@@ -316,19 +316,19 @@ int main(argc, argv)
     (void) signal(SIGPIPE, lostconn);
 #endif
     targ = colon(argv[argc - 1]);
-    
+
     /* Check if target machine is the current machine. */
-    
+
     gethostname(curhost, sizeof(curhost));
     if (targ) {				/* ... to remote */
 	*targ++ = 0;
 	if (hosteq(argv[argc - 1], curhost)) {
-	    
+
 	    /* If so, pretend there wasn't even one given
 	     * check for an argument of just "host:", it
 	     * should become "."
 	     */
-	    
+
 	    if (*targ == 0) {
 		targ = ".";
 		argv[argc - 1] = targ;
@@ -407,7 +407,7 @@ int main(argc, argv)
 				  0,
 				  "host",
 				  krb_realm,
-				  &cred,  
+				  &cred,
 				  0,  /* No seq # */
 				  0,  /* No server seq # */
 				  (struct sockaddr_in *) 0,
@@ -469,9 +469,9 @@ int main(argc, argv)
 	    if (src) {
 		*src++ = 0;
 		if (hosteq(argv[i], curhost)) {
-		    
+
 		    /* If so, pretend src machine never given */
-		    
+
 		    if (*src == 0) {
 			error("rcp: no path given in arg: %s:\n",
 			      argv[i]);
@@ -518,7 +518,7 @@ int main(argc, argv)
 			      0,
 			      "host",
 			      krb_realm,
-			      &cred,  
+			      &cred,
 			      0,  /* No seq # */
 			      0,  /* No server seq # */
 			      (struct sockaddr_in *) 0,
@@ -553,8 +553,8 @@ int main(argc, argv)
 
 		    rcmd_stream_init_krb5(key, encryptflag, 0, 1, kcmd_proto);
 		}
-		rem = sock; 
-				   
+		rem = sock;
+
 		euid = geteuid();
 		if (euid == 0) {
 		    if (setuid(0)) {
@@ -611,7 +611,7 @@ void verifydir(cp)
      char *cp;
 {
     struct stat stb;
-    
+
     if (stat(cp, &stb) >= 0) {
 	if ((stb.st_mode & S_IFMT) == S_IFDIR)
 	  return;
@@ -626,7 +626,7 @@ void verifydir(cp)
 char *colon(cp)
      char *cp;
 {
-    
+
     while (*cp) {
 	if (*cp == ':')
 	  return (cp);
@@ -644,7 +644,7 @@ int okname(cp0)
 {
     register char *cp = cp0;
     register int c;
-    
+
     do {
 	c = *cp;
 	if (c & 0200)
@@ -671,7 +671,7 @@ int susystem(s)
 #else
     register krb5_sigtype (bsd_context, *istat)(), (*qstat)();
 #endif
-    
+
     if ((pid = vfork()) == 0) {
 	execl("/bin/sh", "sh", "-c", s, (char *)0);
 	_exit(127);
@@ -687,7 +687,7 @@ int susystem(s)
     istat = signal(SIGINT, SIG_IGN);
     qstat = signal(SIGQUIT, SIG_IGN);
 #endif
-    
+
 #ifdef HAVE_WAITPID
     w = waitpid(pid, &status, 0);
 #else
@@ -699,11 +699,11 @@ int susystem(s)
 #ifdef POSIX_SIGNALS
     (void) sigaction(SIGINT, &isa, (struct sigaction *)0);
     (void) sigaction(SIGQUIT, &qsa, (struct sigaction *)0);
-#else    
+#else
     (void) signal(SIGINT, istat);
     (void) signal(SIGQUIT, qstat);
 #endif
-    
+
     return (status);
 }
 
@@ -719,7 +719,7 @@ void source(argc, argv)
     unsigned int amt;
     off_t i;
     char buf[RCP_BUFSIZ];
-    
+
     for (x = 0; x < argc; x++) {
 	name = argv[x];
 	if ((f = open(name, 0)) < 0) {
@@ -729,10 +729,10 @@ void source(argc, argv)
 	if (fstat(f, &stb) < 0)
 	  goto notreg;
 	switch (stb.st_mode&S_IFMT) {
-	    
+
 	  case S_IFREG:
 	    break;
-	    
+
 	  case S_IFDIR:
 	    if (iamrecursive) {
 		(void) close(f);
@@ -814,7 +814,7 @@ void rsource(name, statp)
 #endif
     char buf[RCP_BUFSIZ];
     char *bufv[1];
-    
+
     if (d == 0) {
 	error("rcp: %s: %s\n", name, error_message(errno));
 	return;
@@ -866,10 +866,10 @@ int response()
     if (rcmd_stream_read(rem, &resp, 1, 0) != 1)
       lostconn(0);
     switch (resp) {
-	
+
       case 0:				/* ok */
 	return (0);
-	
+
       default:
 	*cp++ = resp;
 	/* fall into... */
@@ -947,7 +947,7 @@ void sink(argc, argv)
 #define atime	tv[0]
 #define mtime	tv[1]
 #define	SCREWUP(str)	{ whopp = str; goto screwup; }
-    
+
     if (!pflag)
       (void) umask(mask);
     if (argc != 1) {
@@ -985,7 +985,7 @@ void sink(argc, argv)
 	    ga();
 	    return;
 	}
-	
+
 #define getnum(t) (t) = 0; while (isdigit((int) *cp)) (t) = (t) * 10 + (*cp++ - '0');
 	if (*cp == 'T') {
 	    setimes++;
@@ -1123,7 +1123,7 @@ void sink(argc, argv)
 	    if (utimes(nambuf, tv) < 0)
 	      error("rcp: can't set times on %s: %s\n",
 		    nambuf, error_message(errno));
-	}				   
+	}
 	if (wrerr)
 	  error("rcp: %s: %s\n", nambuf, error_message(errno));
 	else
@@ -1142,7 +1142,7 @@ struct buffer *allocbuf(bp, fd, blksize)
 {
     struct stat stb;
     int size;
-    
+
     if (fstat(fd, &stb) < 0) {
 	error("rcp: fstat: %s\n", error_message(errno));
 	return (NULLBUF);
@@ -1212,21 +1212,21 @@ int hosteq(h1, h2)
 {
     struct hostent *h_ptr;
     char hname1[256];
-    
+
     if (forcenet)
       return(0);
 
     /* get the official names for the two hosts */
-    
+
     if ((h_ptr = gethostbyname(h1)) == NULL)
       return(0);
     strncpy(hname1, h_ptr->h_name, sizeof (hname1));
     hname1[sizeof (hname1) - 1] = '\0';
     if ((h_ptr = gethostbyname(h2)) == NULL)
       return(0);
-    
+
     /*return if they are equal (strcmp returns 0 for equal - I return 1) */
-    
+
     return(!strcmp(hname1, h_ptr->h_name));
 }
 
@@ -1259,7 +1259,7 @@ char **save_argv(argc, argv)
      char **argv;
 {
     register int i;
-    
+
     char **local_argv = (char **)calloc((unsigned) argc+1,
 					(unsigned) sizeof(char *));
     /* allocate an extra pointer, so that it is initialized to NULL
@@ -1292,7 +1292,7 @@ void
     krb5_ccache cc;
     krb5_error_code status;
     krb5_auth_context auth_context = NULL;
-    
+
     if (config_file) {
     	const char * filenames[2];
     	filenames[1] = NULL;
@@ -1300,17 +1300,17 @@ void
     	if ((status = krb5_set_config_files(bsd_context, filenames)))
 	    exit(1);
     }
-    
+
     memset (&creds, 0, sizeof(creds));
 
     if ((status = krb5_read_message(bsd_context, (krb5_pointer)&rem,
 				    &pname_data)))
 	exit(1);
-    
+
     if ((status = krb5_read_message(bsd_context, (krb5_pointer) &rem,
 				    &creds.second_ticket)))
 	exit(1);
-    
+
     if (ccache_file == NULL) {
     	if ((status = krb5_cc_default(bsd_context, &cc)))
 	    exit(1);
@@ -1328,7 +1328,7 @@ void
 
     krb5_free_data_contents(bsd_context, &pname_data);
 
-    if ((status = krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc, 
+    if ((status = krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc,
 				       &creds, &new_creds)))
 	exit(1);
 
@@ -1336,16 +1336,16 @@ void
 				       AP_OPTS_USE_SESSION_KEY,
 				       NULL, new_creds, &msg)))
 	exit(1);
-    
+
     if ((status = krb5_write_message(bsd_context, (krb5_pointer) &rem,
 				     &msg))) {
     	krb5_free_data_contents(bsd_context, &msg);
 	exit(1);
     }
-    
+
     rcmd_stream_init_krb5(&new_creds->keyblock, encryptflag, 0, 0,
 			  KCMD_OLD_PROTOCOL);
-    
+
     /* cleanup */
     krb5_free_cred_contents(bsd_context, &creds);
     krb5_free_creds(bsd_context, new_creds);
diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c
index 0272b44aa..0a00e37e3 100644
--- a/src/appl/bsd/krlogin.c
+++ b/src/appl/bsd/krlogin.c
@@ -21,14 +21,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -39,7 +39,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -53,11 +53,11 @@ char copyright[] =
 
 /* based on @(#)rlogin.c	5.12 (Berkeley) 9/19/88 */
 
-     
+
      /*
       * rlogin - remote login
       */
-     
+
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -86,7 +86,7 @@ char copyright[] =
 #include <signal.h>
 #include <setjmp.h>
 #include <netdb.h>
-     
+
 #ifdef HAVE_SYS_FILIO_H
 /* Solaris needs <sys/filio.h> for FIONREAD */
 #include <sys/filio.h>
@@ -158,7 +158,7 @@ char copyright[] =
 #include <krb5.h>
 #include <com_err.h>
 #include "defines.h"
-     
+
 #define RLOGIN_BUFSIZ 5120
 
 void try_normal();
@@ -319,7 +319,7 @@ struct winsize *wp;
     if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0)
       return (error);
 #endif
-    
+
     wp->ws_row = ts.ts_lines;
     wp->ws_col = ts.ts_cols;
     wp->ws_xpixel = 0;
@@ -535,12 +535,12 @@ main(argc, argv)
 #ifdef KERBEROS
     /*
      * if there is an entry in /etc/services for Kerberos login,
-     * attempt to login with Kerberos. 
+     * attempt to login with Kerberos.
      * If we fail at any step,  use the standard rlogin
      */
       if (encrypt_flag)
 	sp = getservbyname("eklogin","tcp");
-      else 
+      else
 	sp = getservbyname("klogin","tcp");
       if (sp == 0) {
 		sp = &defaultservent;   /* ANL */
@@ -590,7 +590,7 @@ main(argc, argv)
     }
 #endif
     (void) get_window_size(0, &winsize);
-    
+
 #ifdef POSIX_TERMIOS
     tcgetattr(0, &defmodes);
     tcgetattr(0, &ixon_state);
@@ -610,7 +610,7 @@ main(argc, argv)
     sa.sa_flags = 0;
     sa.sa_handler = lostpeer;
     (void) sigaction(SIGPIPE, &sa, (struct sigaction *)0);
-    
+
     (void) sigemptyset(&urgmask);
     (void) sigaddset(&urgmask, SIGUSR1);
     oldmask = &omask;
@@ -667,9 +667,9 @@ main(argc, argv)
 
 	rcmd_stream_init_krb5(key, encrypt_flag, 1, 1, kcmd_proto);
     }
-	
+
     rem = sock;
-    
+
 #else
     rem = rcmd(&host, port,
 	       null_local_username ? "" : pwd->pw_name,
@@ -678,7 +678,7 @@ main(argc, argv)
 
     if (rem < 0)
       exit(1);
-    
+
     if (options & SO_DEBUG &&
 	setsockopt(rem, SOL_SOCKET, SO_DEBUG, (char*)&on, sizeof (on)) < 0)
       perror("rlogin: setsockopt (SO_DEBUG)");
@@ -711,12 +711,12 @@ static int confirm_death ()
     char input;
     int answer;
     if (!confirm) return (1);	/* no confirm, just die */
-    
+
     if (gethostname (hostname, sizeof(hostname)-1) != 0)
       strlcpy (hostname, "???", sizeof(hostname));
     else
       hostname[sizeof(hostname)-1] = '\0';
-    
+
     fprintf (stderr, "\r\nKill session on %s from %s (y/n)?  ",
 	     host, hostname);
     fflush (stderr);
@@ -800,7 +800,7 @@ static void doit(oldmask)
 #else
     struct sgttyb sb;
 #endif
-    
+
     (void) ioctl(0, TIOCGETP, (char *)&sb);
     defflags = sb.sg_flags;
 #ifdef USE_TERMIO
@@ -857,13 +857,13 @@ static void doit(oldmask)
 	prf("\007Connection closed.");
 	exit(3);
     }
-    
+
 #ifdef POSIX_SIGNALS
     /* "sa" has already been initialized above. */
 
     sa.sa_handler = writeroob;
     (void) sigaction(SIGUSR1, &sa, (struct sigaction *)0);
-    
+
     sigprocmask(SIG_SETMASK, oldmask, (sigset_t*)0);
 
     sa.sa_handler = catchild;
@@ -893,7 +893,7 @@ setsignal(sig, act)
 #ifdef POSIX_SIGNALS
     sigset_t omask, igmask;
     struct sigaction sa;
-    
+
     sigemptyset(&igmask);
     sigaddset(&igmask, sig);
     sigprocmask(SIG_BLOCK, &igmask, &omask);
@@ -904,7 +904,7 @@ setsignal(sig, act)
     int omask = sigblock(sigmask(sig));
 #endif
 #endif /* POSIX_SIGNALS */
-    
+
 #ifdef POSIX_SIGNALS
     (void) sigaction(sig, (struct sigaction *)0, &sa);
     if (sa.sa_handler != SIG_IGN) {
@@ -914,7 +914,7 @@ setsignal(sig, act)
 	(void) sigaction(sig, &sa, (struct sigaction *)0);
     }
     sigprocmask(SIG_SETMASK, &omask, (sigset_t*)0);
-#else    
+#else
     if (signal(sig, act) == SIG_IGN)
 	(void) signal(sig, SIG_IGN);
 #ifndef sgi
@@ -935,7 +935,7 @@ done(status)
 #ifndef HAVE_WAITPID
     pid_t w;
 #endif
-    
+
     mode(0);
     if (child > 0) {
 	/* make sure catchild does not snap it up */
@@ -947,7 +947,7 @@ done(status)
 #else
 	(void) signal(SIGCHLD, SIG_DFL);
 #endif
-	
+
 	if (kill(child, SIGKILL) >= 0) {
 #ifdef HAVE_WAITPID
 	    (void) waitpid(child, 0, 0);
@@ -976,7 +976,7 @@ int signo;
 #ifdef POSIX_SIGNALS
     struct sigaction sa;
 #endif
-    
+
     if (dosigwinch == 0) {
 	sendwindow();
 #ifdef POSIX_SIGNALS
@@ -1003,7 +1003,7 @@ int signo;
     union wait status;
 #endif
     int pid;
-    
+
   again:
 #ifdef HAVE_WAITPID
     pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
@@ -1041,10 +1041,10 @@ static void writer()
 		    was encountered */
     char c;
 
-#ifdef ultrix             
+#ifdef ultrix
     fd_set waitread;
     register n;
-    
+
     /* we need to wait until the reader() has set up the terminal, else
        the read() below may block and not unblock when the terminal
        state is reset.
@@ -1067,11 +1067,11 @@ static void writer()
 
     /* This loop works as follows.  Call read_wrapper to get data until
        we would block or until we read a cmdchar at the beginning of a line.
-       If got_esc is false, we just send everything we got back.  If got_esc 
-       is true, we send everything except the cmdchar at the end and look at 
+       If got_esc is false, we just send everything we got back.  If got_esc
+       is true, we send everything except the cmdchar at the end and look at
        the next char.  If its a "." we break out of the loop and terminate.
        If its ^Z or ^Y we call stop with the value of the char and continue.
-       If its none of those, we send the cmdchar and then send the char we 
+       If its none of those, we send the cmdchar and then send the char we
        just read, unless that char is also the cmdchar (in which case we are
        only supposed to send one of them).  When this loop ends, so does the
        program.
@@ -1081,12 +1081,12 @@ static void writer()
 
       /* read until we would block or we get a cmdchar */
       n_read = read_wrapper(0,buf,sizeof(buf),&got_esc);
-  
+
       /* if read returns an error or 0 bytes, just quit */
       if (n_read <= 0) {
 	break;
       }
-      
+
       if (!got_esc) {
 	if (rcmd_stream_write(rem, buf, (unsigned) n_read, 0) == 0) {
 	  prf("line gone");
@@ -1108,22 +1108,22 @@ static void writer()
 	}
 
 #ifdef POSIX_TERMIOS
-	if (c == '.' || c == deftty.c_cc[VEOF]) 
+	if (c == '.' || c == deftty.c_cc[VEOF])
 #else
-	  if (c == '.' || c == deftc.t_eofc) 
+	  if (c == '.' || c == deftc.t_eofc)
 #endif
 	    {
 	      if (confirm_death()) {
 		echo(c);
-		break; 
+		break;
 	      }
 	    }
 
 #ifdef POSIX_TERMIOS
 	if ( (
-	      (c == deftty.c_cc[VSUSP]) 
+	      (c == deftty.c_cc[VSUSP])
 #ifdef VDSUSP
-	      || (c == deftty.c_cc[VDSUSP]) 
+	      || (c == deftty.c_cc[VDSUSP])
 #endif
 	      )
 	     && !no_local_escape) {
@@ -1142,7 +1142,7 @@ static void writer()
 #endif /*TIOCGLTC*/
 #endif
 
-      
+
 	if (c != cmdchar) {
 	  rcmd_stream_write(rem, &cmdchar, 1, 0);
 	}
@@ -1160,15 +1160,15 @@ static void writer()
    copy more than size bytes.  In addition, if it encounters a cmdchar
    at the beginning of a line, it will copy everything up to and including
    the cmdchar, but nothing after that.  In this instance *esc_char is set
-   to true and any remaining data is buffered and copied on a subsequent 
+   to true and any remaining data is buffered and copied on a subsequent
    call.  Otherwise, *esc_char will be set to false and the minimum of size,
    1024, and the number of bytes that can be read without blocking will
-   be copied.  In all cases, a non-negative return value indicates the number 
+   be copied.  In all cases, a non-negative return value indicates the number
    of bytes actually copied and a return value of -1 indicates that there
-   was a read error (other than EINTR) and errno is set appropriately. 
+   was a read error (other than EINTR) and errno is set appropriately.
 */
 
-static int read_wrapper(fd,buf,size,got_esc) 
+static int read_wrapper(fd,buf,size,got_esc)
      int fd;
      char *buf;
      int size;
@@ -1201,7 +1201,7 @@ static int read_wrapper(fd,buf,size,got_esc)
   */
 
   while (data_start+return_length < data_end && return_length < size) {
-    
+
     c = *(data_start+return_length);
     return_length++;
 
@@ -1215,14 +1215,14 @@ static int read_wrapper(fd,buf,size,got_esc)
     bol = (c == deftty.c_cc[VKILL] ||
 	   c == deftty.c_cc[VINTR] ||
 	   c == '\r' || c == '\n');
-	
+
 #else /* !POSIX_TERMIOS */
     bol = c == defkill || c == deftc.t_eofc ||
       c == deftc.t_intrc || c == defltc.t_suspc ||
       c == '\r' || c == '\n';
 #endif
   }
-   
+
   memcpy(buf, data_start, return_length);
   data_start = data_start + return_length;
   return return_length;
@@ -1233,7 +1233,7 @@ static void echo(c)
 {
     char buf[8];
     register char *p = buf;
-    
+
     c &= 0177;
     *p++ = cmdchar;
     if (c < ' ') {
@@ -1257,7 +1257,7 @@ static void stop(cmdc)
 #ifdef POSIX_SIGNALS
     struct sigaction sa;
 #endif
-    
+
     mode(0);
 
 #ifdef POSIX_SIGNALS
@@ -1268,7 +1268,7 @@ static void stop(cmdc)
 #else
     (void) signal(SIGCHLD, SIG_IGN);
 #endif
-    
+
 #ifdef POSIX_TERMIOS
     (void) kill(cmdc == deftty.c_cc[VSUSP] ? 0 : getpid(), SIGTSTP);
 #else
@@ -1282,7 +1282,7 @@ static void stop(cmdc)
 #else
     (void) signal(SIGCHLD, catchild);
 #endif
-    
+
     mode(1);
     sigwinch(SIGWINCH);		/* check for size changes */
 }
@@ -1294,7 +1294,7 @@ krb5_sigtype
 int signo;
 {
     struct winsize ws;
-    
+
     if (dosigwinch && get_window_size(0, &ws) == 0 &&
 	memcmp(&winsize, &ws, sizeof (ws))) {
 	winsize = ws;
@@ -1311,7 +1311,7 @@ static void sendwindow()
 {
     char obuf[4 + sizeof (struct winsize)];
     struct winsize *wp = (struct winsize *)(void *)(obuf+4);
-    
+
     obuf[0] = 0377;
     obuf[1] = 0377;
     obuf[2] = 's';
@@ -1424,7 +1424,7 @@ void oob()
     int atmark, n;
 
     mark = 0;
-    
+
     recv(rem, &mark, 1, MSG_OOB);
 
     if (server_message(mark)) {
@@ -1445,7 +1445,7 @@ void oob()
 /* two control messages are defined:
 
    a double flag byte of 'o' indicates a one-byte message which is
-   identical to what was once carried out of band.  
+   identical to what was once carried out of band.
 
    a double flag byte of 'q' indicates a zero-byte message.  This
    message is interpreted as two \377 data bytes.  This is just a
@@ -1471,9 +1471,9 @@ static int control(cp, n)
 }
 
 /*
- * reader: read from remote: line -> 1 
+ * reader: read from remote: line -> 1
  */
-static int 
+static int
 reader(oldmask)
 #ifdef POSIX_SIGNALS
     sigset_t *oldmask;
@@ -1495,10 +1495,10 @@ reader(oldmask)
     sa.sa_handler = SIG_IGN;
     (void) sigaction(SIGTTOU, &sa, (struct sigaction *)0);
 
-#else    
+#else
     (void) signal(SIGTTOU, SIG_IGN);
 #endif
-    
+
     ppid = getppid();
     FD_ZERO(&readset);
     FD_ZERO(&excset);
@@ -1606,7 +1606,7 @@ int f;
 	/* there's a POSIX way of doing this, but do we need it general? */
 	newtty.c_cc[VLNEXT] = _POSIX_VDISABLE;
 #endif
-		
+
 	newtty.c_lflag &= ~(ICANON|ISIG|ECHO|IEXTEN);
 	newtty.c_iflag &= ~(ISTRIP|INLCR|ICRNL);
 
@@ -1648,10 +1648,10 @@ int f;
     int	lflags;
     (void) ioctl(0, TIOCLGET, (char *)&lflags);
 #endif
-    
+
     (void) ioctl(0, TIOCGETP, (char *)&sb);
     switch (f) {
-	
+
     case 0:
 #ifdef USE_TERMIO
 	/*
@@ -1674,7 +1674,7 @@ int f;
 #endif
 	ltc = &defltc;
 	break;
-	
+
     case 1:
 #ifdef USE_TERMIO
 	/*
@@ -1722,10 +1722,10 @@ int f;
 	tc = &notc;
 	sb.sg_flags &= ~defflags;
 #endif /* USE_TERMIO */
-	
+
 	ltc = &noltc;
 	break;
-	
+
     default:
 	return;
     }
@@ -1758,7 +1758,7 @@ void try_normal(argv)
 #ifdef POSIX_SIGNALS
     sigset_t mask;
 #endif
-    
+
 #ifndef KRB5_ATHENA_COMPAT
     if (encrypt_flag)
       exit(1);
@@ -1766,7 +1766,7 @@ void try_normal(argv)
     fprintf(stderr,"trying normal rlogin (%s)\n",
 	    UCB_RLOGIN);
     fflush(stderr);
-    
+
     nhost = strrchr(argv[0], '/');
     if (nhost)
       nhost++;
@@ -1774,7 +1774,7 @@ void try_normal(argv)
       nhost = argv[0];
     if (!strcmp(nhost, "rlogin") || !strcmp(nhost, "rsh"))
       argv[0] = UCB_RLOGIN;
-    
+
 #ifdef POSIX_SIGNALS
     sigemptyset(&mask);
     sigprocmask(SIG_SETMASK, &mask, NULL);
@@ -1801,7 +1801,7 @@ krb5_sigtype lostpeer(signo)
 #else
     (void) signal(SIGPIPE, SIG_IGN);
 #endif
-    
+
     prf("\007Connection closed.");
     done(1);
 }
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 09aeaad21..cc7acad64 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -21,14 +21,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -39,7 +39,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -52,7 +52,7 @@ char copyright[] =
 #endif /* not lint */
 
 /* based on @(#)rlogind.c	5.17 (Berkeley) 8/31/88 */
-     
+
      /*
       * remote login server:
       *	remuser\0
@@ -60,45 +60,45 @@ char copyright[] =
       *	terminal info\0
       *	data
       */
-     
+
 /*
- * This is the rlogin daemon. The very basic protocol for checking 
+ * This is the rlogin daemon. The very basic protocol for checking
  * authentication and authorization is:
  * 1) Check authentication.
- * 2) Check authorization via the access-control files: 
+ * 2) Check authorization via the access-control files:
  *    ~/.k5login (using krb5_kuserok) and/or
  * 3) Prompt for password if any checks fail, or if so configured.
- * Allow login if all goes well either by calling the accompanying 
- * login.krb5 or /bin/login, according to the definition of 
+ * Allow login if all goes well either by calling the accompanying
+ * login.krb5 or /bin/login, according to the definition of
  * DO_NOT_USE_K_LOGIN.l
- * 
- * The configuration is done either by command-line arguments passed by 
+ *
+ * The configuration is done either by command-line arguments passed by
  * inetd, or by the name of the daemon. If command-line arguments are
  * present, they  take priority. The options are:
  * -k means trust krb5
  * -p and -P means prompt for password.
- *    If the -P option is passed, then the password is verified in 
+ *    If the -P option is passed, then the password is verified in
  * addition to all other checks. If -p is not passed with -k or -r,
  * and both checks fail, then login permission is denied.
  *    - -e means use encryption.
  *
- *    If no command-line arguments are present, then the presence of the 
- * letters kKrRexpP in the program-name before "logind" determine the 
+ *    If no command-line arguments are present, then the presence of the
+ * letters kKrRexpP in the program-name before "logind" determine the
  * behaviour of the program exactly as with the command-line arguments.
  *
  * If the ruserok check is to be used, then the client should connect
  * from a privileged port, else deny permission.
- */ 
-     
+ */
+
 /* DEFINES:
  *   KERBEROS - Define this if application is to be kerberised.
  *   CRYPT    - Define this if encryption is to be an option.
  *   DO_NOT_USE_K_LOGIN - Define this if you want to use /bin/login
- *              instead  of the accompanying login.krb5. 
+ *              instead  of the accompanying login.krb5.
  *   LOG_ALL_LOGINS - Define this if you want to log all logins.
  *   LOG_OTHER_USERS - Define this if you want to log all principals
  *              that do not map onto the local user.
- *   LOG_REMOTE_REALM - Define this if you want to log all principals from 
+ *   LOG_REMOTE_REALM - Define this if you want to log all principals from
  *              remote realms.
  *       Note:  Root logins are always logged.
  */
@@ -139,14 +139,14 @@ char copyright[] =
 #include <netinet/in.h>
 #include <errno.h>
 #include <pwd.h>
-     
+
 #ifdef HAVE_SYS_LABEL_H
 /* only SunOS 4? */
 #include <sys/label.h>
 #include <sys/audit.h>
 #include <pwdadj.h>
 #endif
-     
+
 #include <signal.h>
 
 #if defined(hpux) || defined(__hpux)
@@ -219,7 +219,7 @@ struct winsize {
     unsigned short ws_xpixel, ws_ypixel;
 };
 #endif /* NO_WINSIZE */
-     
+
 #ifndef roundup
 #define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
 #endif
@@ -227,7 +227,7 @@ struct winsize {
 #include "fake-addrinfo.h"
 
 #ifdef KERBEROS
-     
+
 #include "k5-int.h"
 #include <libpty.h>
 #ifdef HAVE_UTMP_H
@@ -240,7 +240,7 @@ int non_privileged = 0; /* set when connection is seen to be from */
 
 #include "com_err.h"
 #include "defines.h"
-     
+
 #define SECURE_MESSAGE  "This rlogin session is encrypting all data transmissions.\r\n"
 
 krb5_authenticator      *kdata;
@@ -338,21 +338,21 @@ int main(argc, argv)
 #ifdef KERBEROS
     krb5_error_code status;
 #endif
-    
+
     progname = *argv;
-    
+
     pty_init();
-    
+
 #ifndef LOG_NDELAY
 #define LOG_NDELAY 0
 #endif
-    
+
 #ifndef LOG_AUTH /* 4.2 syslog */
     openlog(progname, LOG_PID | LOG_NDELAY);
 #else
     openlog(progname, LOG_PID | LOG_NDELAY, LOG_AUTH);
 #endif /* 4.2 syslog */
-    
+
 #ifdef KERBEROS
     status = krb5_init_context(&bsd_context);
     if (status) {
@@ -361,7 +361,7 @@ int main(argc, argv)
 	    exit(1);
     }
 #endif
-    
+
     /* Analyse parameters. */
     opterr = 0;
     while ((ch = getopt(argc, argv, ARGSTR)) != -1)
@@ -369,7 +369,7 @@ int main(argc, argv)
 #ifdef KERBEROS
 	case 'k':
 	break;
-	
+
       case '5':
 	break;
       case 'c':
@@ -378,7 +378,7 @@ int main(argc, argv)
       case 'i':
 	checksum_ignored = 1;
 	break;
-	
+
 #ifdef CRYPT
 	case 'x':         /* Use encryption. */
 	case 'X':
@@ -442,7 +442,7 @@ int main(argc, argv)
       }
     argc -= optind;
     argv += optind;
-    
+
     fromlen = sizeof (from);
 
     if (debug_port || do_fork) {
@@ -582,10 +582,10 @@ void doit(f, fromp)
 	syslog( LOG_CRIT, "Checksums are required and ignored; these options are mutually exclusive--check the documentation.");
 	fatal(f, "Configuration error: mutually exclusive options specified");
     }
-    
+
     alarm(60);
     read(f, &c, 1);
-    
+
     if (c != 0){
 	exit(1);
     }
@@ -594,7 +594,7 @@ void doit(f, fromp)
     /* Initialize syncpipe */
     if (pipe( syncpipe ) < 0 )
 	fatalperror ( f , "");
-    
+
 
 #ifdef POSIX_SIGNALS
     /* Initialize "sa" structure. */
@@ -608,7 +608,7 @@ void doit(f, fromp)
 	fatal(f, gai_strerror(retval));
     strncpy(rhost_addra, hname, sizeof(rhost_addra));
     rhost_addra[sizeof (rhost_addra) -1] = '\0';
-    
+
     retval = getnameinfo(fromp, socklen(fromp), hname, sizeof(hname), 0, 0, 0);
     if (retval)
 	fatal(f, gai_strerror(retval));
@@ -620,16 +620,16 @@ void doit(f, fromp)
 	/* Not a real problem, we just haven't bothered to update
 	   the port number checking code to handle ipv6.  */
       fatal(f, "Permission denied - Malformed from address\n");
-    
+
     if (fromp->sin_port >= IPPORT_RESERVED ||
 	fromp->sin_port < IPPORT_RESERVED/2)
       fatal(f, "Permission denied - Connection from bad port");
 #endif /* KERBEROS */
-    
+
     /* Set global netf to f now : we may need to drop everything
        in do_krb_login. */
     netf = f;
-    
+
 #if defined(KERBEROS)
     /* All validation, and authorization goes through do_krb_login() */
     do_krb_login(rhost_addra, rhost_name);
@@ -639,18 +639,18 @@ void doit(f, fromp)
     getstr(f, term, sizeof(term), "Terminal type");
     rcmd_stream_init_normal();
 #endif
-    
+
     write(f, "", 1);
     if ((retval = pty_getpty(&p,line, sizeof(line)))) {
 	com_err(progname, retval, "while getting master pty");
 	exit(2);
     }
-    
+
     Pfd = p;
 #ifdef TIOCSWINSZ
     (void) ioctl(p, TIOCSWINSZ, &win);
 #endif
-    
+
 #ifdef POSIX_SIGNALS
     sa.sa_handler = cleanup;
     (void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
@@ -672,7 +672,7 @@ void doit(f, fromp)
 	    fatal(f, error_message(retval));
 	    exit(1);
 	}
-	
+
 
 #if defined(POSIX_TERMIOS) && !defined(ultrix)
 	tcgetattr(t,&new_termio);
@@ -697,7 +697,7 @@ void doit(f, fromp)
 #endif /* POSIX_TERMIOS */
 
 	pid = 0;			/*reset pid incase exec fails*/
-	    
+
 	/*
 	 **      signal the parent that we have turned off echo
 	 **      on the slave side of the pty ... he's waiting
@@ -709,16 +709,16 @@ void doit(f, fromp)
 	(void) write(syncpipe[1], &c, 1);
 	(void) close(syncpipe[1]);
 	(void) close(syncpipe[0]);
-		
+
 	close(f), close(p);
 	dup2(t, 0), dup2(t, 1), dup2(t, 2);
 	if (t > 2)
 	  close(t);
-	
+
 #if defined(sysvimp)
 	setcompat (COMPAT_CLRPGROUP | (getcompat() & ~COMPAT_BSDTTY));
 #endif
-	
+
 	/* Log access to account */
 	pwd = (struct passwd *) getpwnam(lusername);
 	if (pwd && (pwd->pw_uid == 0)) {
@@ -727,7 +727,7 @@ void doit(f, fromp)
 		     krusername ? krusername : "",
 		     rusername, rhost_addra, rhost_name);
 	    else
-	      syslog(LOG_NOTICE, "ROOT login by %s (%s@%s (%s))", 
+	      syslog(LOG_NOTICE, "ROOT login by %s (%s@%s (%s))",
 		     krusername ? krusername : "",
 		     rusername, rhost_addra, rhost_name);
 	}
@@ -736,8 +736,8 @@ void doit(f, fromp)
 	/* Log if principal is from a remote realm */
         else if (client && !default_realm(client))
 #endif /* LOG_REMOTE_REALM */
-  
-#if defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS) 
+
+#if defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
 	/* Log if principal name does not map to local username */
         else if (client && !princ_maps_to_lname(client, lusername))
 #endif /* LOG_OTHER_USERS */
@@ -753,11 +753,11 @@ void doit(f, fromp)
 		     "login by %s (%s@%s (%s)) as %s forcing password access",
 		     krusername ? krusername : "", rusername,
 		     rhost_addra, rhost_name, lusername);
-	    else 
+	    else
 	      syslog(LOG_NOTICE,
 		     "login by %s (%s@%s (%s)) as %s",
 		     krusername ? krusername : "", rusername,
-		     rhost_addra, rhost_name, lusername); 
+		     rhost_addra, rhost_name, lusername);
 	}
 #endif /* LOG_REMOTE_REALM || LOG_OTHER_USERS || LOG_ALL_LOGINS */
 #endif /* KERBEROS */
@@ -771,8 +771,8 @@ void doit(f, fromp)
 #endif
 
 #ifdef USE_LOGIN_F
-/* use the vendors login, which has -p and -f. Tested on 
- * AIX 4.1.4 and HPUX 10 
+/* use the vendors login, which has -p and -f. Tested on
+ * AIX 4.1.4 and HPUX 10
  */
     {
         char *cp;
@@ -807,7 +807,7 @@ void doit(f, fromp)
      **      turning off echo on the slave side ...
      **      The master blocks here until it reads a byte.
      */
-    
+
 (void) close(syncpipe[1]);
     if (read(syncpipe[0], &c, 1) != 1) {
 	/*
@@ -818,8 +818,8 @@ void doit(f, fromp)
     }
     close(syncpipe[0]);
 
-    
-#if defined(KERBEROS) 
+
+#if defined(KERBEROS)
     if (do_encrypt) {
 	if (rcmd_stream_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE), 0) < 0){
 	    snprintf(buferror, sizeof(buferror),
@@ -827,7 +827,7 @@ void doit(f, fromp)
 	    fatal(p,buferror);
 	}
     }
-    else 
+    else
       /*
        * if encrypting, don't turn on NBIO, else the read/write routines
        * will fail to work properly
@@ -846,7 +846,7 @@ void doit(f, fromp)
     signal(SIGTSTP, SIG_IGN);
 #endif
 
-    
+
 #if !defined(USE_LOGIN_F)
     /* Pass down rusername and lusername to login. */
     (void) write(p, rusername, strlen(rusername) +1);
@@ -877,7 +877,7 @@ unsigned char	oobdata[] = {TIOCPKT_WINDOW};
 char    oobdata[] = {0};
 #endif
 
-static 
+static
 void sendoob(fd, byte)
      int fd;
      char *byte;
@@ -915,7 +915,7 @@ static int control(pty, cp, n)
 {
     struct winsize w;
     int pgrp, got_pgrp;
-    
+
     if (n < (int) 4+sizeof (w) || cp[2] != 's' || cp[3] != 's')
       return (0);
 #ifdef TIOCSWINSZ
@@ -956,11 +956,11 @@ void protocol(f, p)
     register int tiocpkt_on = 0;
     int on = 1;
 #endif
-    
+
 #if defined(TIOCPKT) && !(defined(__svr4__) || defined(HAVE_STREAMS)) \
 	|| defined(solaris20)
     /* if system has TIOCPKT, try to turn it on. Some drivers
-     * may not support it. Save flag for later. 
+     * may not support it. Save flag for later.
      */
    if ( ioctl(p, TIOCPKT, &on) < 0)
 	tiocpkt_on = 0;
@@ -1016,11 +1016,11 @@ void protocol(f, p)
 		register unsigned char *cp;
 		int n;
 		size_t left;
-		
+
 		if (fcc <= 0)
 		    break;
 		fbp = fibuf;
-		
+
 		for (cp = fibuf; cp < fibuf+fcc-1; cp++) {
 		    if (cp[0] == magic[0] &&
 			cp[1] == magic[1]) {
@@ -1037,7 +1037,7 @@ void protocol(f, p)
 		}
 	    }
 	}
-	
+
 	if (FD_ISSET(p, &obits) && fcc > 0) {
 	    cc = write(p, fbp, fcc);
 	    if (cc > 0) {
@@ -1045,7 +1045,7 @@ void protocol(f, p)
 		fbp += cc;
 	    }
 	}
-	
+
 	if (FD_ISSET(p, &ibits)) {
 	    pcc = read(p, pibuf, sizeof (pibuf));
 	    pbp = pibuf;
@@ -1134,7 +1134,7 @@ void fatal(f, msg)
 #ifdef POSIX_SIGNALS
     struct sigaction sa;
 #endif
-    
+
     buf[0] = '\01';		/* error indicator */
     (void) snprintf(buf + 1, sizeof(buf) - 1, "%s: %s.\r\n", progname, msg);
     if ((f == netf) && (pid > 0))
@@ -1169,7 +1169,7 @@ void fatalperror(f, msg)
      const char *msg;
 {
     char buf[512];
-    
+
     (void) snprintf(buf, sizeof(buf), "%s: %s", msg, error_message(errno));
     fatal(f, buf);
 }
@@ -1199,10 +1199,10 @@ do_krb_login(host_addr, hostname)
 	fatal(netf, "Kerberos authentication failed");
 	return;
     }
-    
+
     /* OK we have authenticated this user - now check authorization. */
     /* The Kerberos authenticated programs must use krb5_kuserok or kuserok*/
-    
+
     /* krb5_kuserok returns 1 if OK */
     if (!client || !krb5_kuserok(bsd_context, client, lusername)) {
 	if (asprintf(&msg_fail,
@@ -1216,7 +1216,7 @@ do_krb_login(host_addr, hostname)
 
     if (checksum_required && !valid_checksum) {
 	syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected.");
-	
+
 	fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized.");
     }
 }
@@ -1231,9 +1231,9 @@ void getstr(fd, buf, cnt, err)
      int cnt;
      char *err;
 {
-    
+
     char c;
-    
+
     do {
 	if (read(fd, &c, 1) != 1) {
 	    exit(1);
@@ -1251,10 +1251,10 @@ void getstr(fd, buf, cnt, err)
 void usage()
 {
 #ifdef KERBEROS
-    syslog(LOG_ERR, 
+    syslog(LOG_ERR,
 	   "usage: klogind [-ePf] [-D port] [-w[ip|maxhostlen[,[no]striplocal]]] or [r/R][k/K][x/e][p/P]logind");
 #else
-    syslog(LOG_ERR, 
+    syslog(LOG_ERR,
 	   "usage: rlogind [-rPf] [-D port] or [r/R][p/P]logind");
 #endif
 }
@@ -1290,7 +1290,7 @@ recvauth(valid_checksum)
     if (getsockname(netf, (struct sockaddr *)&laddr, &len)) {
 	    exit(1);
     }
-	
+
     len = sizeof(peersin);
     if (getpeername(netf, (struct sockaddr *)&peersin, &len)) {
 	syslog(LOG_ERR, "get peer name failed %d", netf);
@@ -1299,7 +1299,7 @@ recvauth(valid_checksum)
 
     if ((status = krb5_auth_con_init(bsd_context, &auth_context)))
         return status;
- 
+
     /* Only need remote address for rd_cred() to verify client */
     if ((status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf,
 		 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)))
@@ -1387,7 +1387,7 @@ recvauth(valid_checksum)
       krb5_free_authenticator(bsd_context, authenticator);
     }
 
-    if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, 
+    if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client,
 				      &client)))
 	return status;
 
@@ -1415,12 +1415,12 @@ recvauth(valid_checksum)
 
     if ((status = krb5_unparse_name(bsd_context, client, &krusername)))
 	return status;
-    
+
     if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)))
 	fatal(netf, "Error reading message");
 
     if ((inbuf.length) && /* Forwarding being done, read creds */
-	(status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf, 
+	(status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
 					  ticket, &ccache))) {
          fatal(netf, "Can't get forwarded credentials");
     }
diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c
index 1999bb5e1..028d3dd62 100644
--- a/src/appl/bsd/krsh.c
+++ b/src/appl/bsd/krsh.c
@@ -73,7 +73,7 @@ char copyright[] =
 #define SECURE_MESSAGE "This rsh session is encrypting input/output data transmissions.\r\n"
 
 int	error();
-     
+
 int	options;
 int	rfd2;
 int	nflag;
@@ -104,11 +104,11 @@ void	try_normal(char **);
 #define RLOGIN_PROGRAM UCB_RLOGIN
 #endif  /* KERBEROS */
 #endif /* !RLOGIN_PROGRAM */
-     
+
 #ifndef POSIX_SIGNALS
 #define	mask(s)	(1 << ((s) - 1))
 #endif /* POSIX_SIGNALS */
-     
+
 int
 main(argc, argv0)
      int argc;
@@ -142,12 +142,12 @@ main(argc, argv0)
 
     memset(&defaultservent, 0, sizeof(struct servent));
     if (strrchr(argv[0], '/'))
-      argv[0] = strrchr(argv[0], '/')+1; 
+      argv[0] = strrchr(argv[0], '/')+1;
 
     if ( argc < 2 ) goto usage;
     argc--;
     argv++;
-    
+
   another:
     if (argc > 0 && host == 0 && strncmp(*argv, "-", 1)) {
 	host = *argv;
@@ -316,14 +316,14 @@ main(argc, argv0)
     if(debug_port == 0) {
 #ifdef KERBEROS
       sp = getservbyname("kshell", "tcp");
-#else 
+#else
       sp = getservbyname("shell", "tcp");
 #endif  /* KERBEROS */
       if (sp == 0) {
 #ifdef KERBEROS
 	sp = &defaultservent;
 	sp->s_port = htons(544);
-#else 
+#else
 	fprintf(stderr, "rsh: shell/tcp: unknown service\n");
 	exit(1);
 #endif /* KERBEROS */
@@ -345,7 +345,7 @@ main(argc, argv0)
     if (fflag || Fflag)
       authopts |= OPTS_FORWARD_CREDS;
     if (Fflag)
-      authopts |= OPTS_FORWARDABLE_CREDS;    
+      authopts |= OPTS_FORWARDABLE_CREDS;
 #ifdef HAVE_ISATTY
     suppress = !isatty(fileno(stderr));
 #endif
@@ -391,7 +391,7 @@ main(argc, argv0)
 	write(2,SECURE_MESSAGE, strlen(SECURE_MESSAGE));
     }
 #endif
-    
+
 #else /* !KERBEROS */
     rem = rcmd(&host, debug_port, pwd->pw_name,
 	       user ? user : pwd->pw_name, args, &rfd2);
@@ -461,7 +461,7 @@ main(argc, argv0)
 	char *bp;
 	int wc;
 	fd_set rembits;
-	
+
 	(void) close(rfd2);
       reread:
 	errno = 0;
@@ -493,7 +493,7 @@ main(argc, argv0)
 	goto rewrite;
       done:
 	(void) shutdown(rem, 1);
-#ifdef KERBEROS 
+#ifdef KERBEROS
 	krb5_free_context(bsd_context);
 #endif
 	exit(0);
@@ -538,7 +538,7 @@ main(argc, argv0)
     } while (FD_ISSET(rem, &readfrom) || FD_ISSET(rfd2, &readfrom));
     if (nflag == 0)
       (void) kill(pid, SIGKILL);
-#ifdef KERBEROS 
+#ifdef KERBEROS
     krb5_free_context(bsd_context);
 #endif
     exit(0);
@@ -565,7 +565,7 @@ void try_normal(argv)
      char **argv;
 {
     char *host;
-    
+
 #ifndef KRB5_ATHENA_COMPAT
     if (encrypt_flag)
 	exit(1);
@@ -581,10 +581,10 @@ void try_normal(argv)
       host++;
     else
       host = argv[0];
-    
+
     if (!strcmp(host, "rsh"))
       argv++;
-    
+
     fprintf(stderr,"trying normal rsh (%s)\n",
 	    UCB_RSH);
     fflush(stderr);
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index 59a088ef1..d491e6e35 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -34,35 +34,35 @@ char copyright[] =
       *	command\0
       *	data
       */
-     
+
 /*
- * This is the rshell daemon. The very basic protocol for checking 
+ * This is the rshell daemon. The very basic protocol for checking
  * authentication and authorization is:
  * 1) Check authentication.
  * 2) Check authorization via the access-control files:
  *    ~/.k5login (using krb5_kuserok)
- * Execute command if configured authoriztion checks pass, else deny 
+ * Execute command if configured authoriztion checks pass, else deny
  * permission.
  */
-     
+
 /* DEFINES:
  *   KERBEROS - Define this if application is to be kerberised.
  *   LOG_ALL_LOGINS - Define this if you want to log all logins.
  *   LOG_OTHER_USERS - Define this if you want to log all principals that do
  *              not map onto the local user.
- *   LOG_REMOTE_REALM - Define this if you want to log all principals from 
+ *   LOG_REMOTE_REALM - Define this if you want to log all principals from
  *              remote realms.
  *   LOG_CMD - Define this if you want to log not only the user but also the
  *             command executed. This only decides the type of information
- *             logged. Whether or not to log is still decided by the above 
+ *             logged. Whether or not to log is still decided by the above
  *             three DEFINES.
  *       Note:  Root account access is always logged.
  */
-     
-#define SERVE_NON_KRB     
+
+#define SERVE_NON_KRB
 #define LOG_REMOTE_REALM
 #define LOG_CMD
-   
+
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -86,10 +86,10 @@ char copyright[] =
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #endif
-     
+
 #include <netinet/in.h>
 #include <arpa/inet.h>
-     
+
 #include <stdio.h>
 #include <grp.h>
 #include <errno.h>
@@ -98,7 +98,7 @@ char copyright[] =
 #include <string.h>
 #include <libpty.h>
 #include <sys/wait.h>
-     
+
 #ifdef HAVE_SYS_LABEL_H
 /* only SunOS 4? */
 #include <sys/label.h>
@@ -126,13 +126,13 @@ char copyright[] =
 #include <sys/unistd.h>
 #include <path.h>
 #endif /* CRAY */
-     
+
 #include <syslog.h>
 
 #ifdef POSIX_TERMIOS
 #include <termios.h>
 #endif
-     
+
 #ifdef HAVE_SYS_FILIO_H
 /* get FIONBIO from sys/filio.h, so what if it is a compatibility feature */
 #include <sys/filio.h>
@@ -194,12 +194,12 @@ static krb5_error_code recvauth(int netfd, struct sockaddr *peersin,
 #else /* !KERBEROS */
 
 #define ARGSTR	"RD:?"
-     
+
 #endif /* KERBEROS */
 
 static int accept_a_connection (int debug_port, struct sockaddr *from,
 				socklen_t *fromlenp);
-     
+
 #ifndef HAVE_KILLPG
 #define killpg(pid, sig) kill(-(pid), (sig))
 #endif
@@ -226,7 +226,7 @@ void 	error (char *fmt, ...)
 #endif
      ;
 
-void usage(void), getstr(int, char *, int, char *), 
+void usage(void), getstr(int, char *, int, char *),
     doit(int, struct sockaddr *);
 
 #ifndef HAVE_INITGROUPS
@@ -263,10 +263,10 @@ int main(argc, argv)
 #ifdef CRAY
     secflag = sysconf(_SC_CRAY_SECURE_SYS);
 #endif
-    
+
     progname = strrchr (*argv, '/');
     progname = progname ? progname + 1 : *argv;
-    
+
 #ifndef LOG_ODELAY /* 4.2 syslog */
     openlog(progname, LOG_PID);
 #else
@@ -275,7 +275,7 @@ int main(argc, argv)
 #endif
     openlog(progname, LOG_PID | LOG_ODELAY, LOG_AUTH);
 #endif /* 4.2 syslog */
-    
+
 #ifdef KERBEROS
     status = krb5_init_context(&bsd_context);
     if (status) {
@@ -284,7 +284,7 @@ int main(argc, argv)
 	    exit(1);
     }
 #endif
-    
+
     /* Analyze parameters. */
     opterr = 0;
     while ((ch = getopt(argc, argv, ARGSTR)) != -1)
@@ -292,7 +292,7 @@ int main(argc, argv)
 #ifdef KERBEROS
 	case 'k':
 	break;
-	
+
       case '5':
 	break;
       case 'c':
@@ -301,7 +301,7 @@ int main(argc, argv)
       case 'i':
 	checksum_ignored = 1;
 	break;
-	
+
         case 'e':
 	require_encrypt = 1;
 	  break;
@@ -332,7 +332,7 @@ int main(argc, argv)
 		  if(!save_env[num_env++]) {
 			  com_err(progname, ENOMEM, "in saving environment");
 			  exit(2);
-		  }		  
+		  }
 	  } else  {
 		  fprintf(stderr, "%s: Only %d -L arguments allowed\n",
 			  progname, MAXENV);
@@ -376,10 +376,10 @@ int main(argc, argv)
 	usage();
 	exit(1);
     }
-    
+
     argc -= optind;
     argv += optind;
-    
+
     fromlen = sizeof (from);
 
     if (debug_port)
@@ -454,16 +454,16 @@ char	local_port[64+NI_MAXSERV]; /* = "KRB5LOCALPORT=" */
 /* The following include extra space for TZ and MAXENV pointers... */
 #define COMMONVARS homedir, shell, 0/*path*/, username, term
 #ifdef CRAY
-char    *envinit[] = 
+char    *envinit[] =
 {COMMONVARS, "TZ=GMT0", tmpdir, SAVEENVPAD, KRBPAD, ADDRPAD, 0};
 #define TMPDIRENV 6
 char    *getenv();
 #else /* CRAY */
 #ifdef KERBEROS
-char    *envinit[] = 
+char    *envinit[] =
 {COMMONVARS, 0/*tz*/, SAVEENVPAD, KRBPAD, ADDRPAD, 0};
 #else /* KERBEROS */
-char	*envinit[] = 
+char	*envinit[] =
 {COMMONVARS, 0/*tz*/, SAVEENVPAD, ADDRPAD, 0};
 #endif /* KERBEROS */
 #endif /* CRAY */
@@ -486,7 +486,7 @@ int maxlogs;
 #define NCARGS 1024
 #endif
 
-#define NMAX   16 
+#define NMAX   16
 
 int pid;
 char locuser[NMAX+1];
@@ -518,7 +518,7 @@ ignore_signals()
     signal(SIGTERM, SIG_IGN);
     signal(SIGPIPE, SIG_IGN);
     signal(SIGHUP, SIG_IGN);
-    
+
     killpg(pid, SIGTERM);
 #endif
 }
@@ -529,7 +529,7 @@ cleanup(signumber)
 {
     ignore_signals();
     wait(0);
-    
+
     pty_logwtmp(ttyn,"","");
     syslog(LOG_INFO ,"Daemon terminated via signal %d.", signumber);
     if (ccache)
@@ -569,7 +569,7 @@ void doit(f, fromp)
     int packet_level;               /* Packet classification level */
     long packet_compart;            /* Packet compartments */
 #endif  /* CRAY */
-    
+
     int s = -1;
     char hostname[NI_MAXHOST];
     char *sane_host;
@@ -599,8 +599,8 @@ void doit(f, fromp)
 #endif
 #endif
 #endif /* IP_TOS */
-    
-    { 
+
+    {
 	socklen_t sin_len = sizeof (localaddr);
 	if (getsockname(f, (struct sockaddr*)&localaddr, &sin_len) < 0) {
 	    perror("getsockname");
@@ -649,9 +649,9 @@ void doit(f, fromp)
 	}
     }
 #endif /* KERBEROS */
-    
+
 #ifdef CRAY
-    
+
     /* If this is a secure system then get the packet classification
        of f.  ( Note IP_SECURITY is checked in get_packet_classification:
        if it's not set then the user's (root) default
@@ -680,10 +680,10 @@ void doit(f, fromp)
 		exit(1);
 	    }
 	}
-	
+
     }
 #endif /* CRAY */
-    
+
     (void) alarm(60);
     port = 0;
     for (;;) {
@@ -772,7 +772,7 @@ void doit(f, fromp)
     getstr(f, cmdbuf, sizeof(cmdbuf), "command");
     rcmd_stream_init_normal();
 #endif /* KERBEROS */
-    
+
 #ifdef CRAY
     paddr = inet_addr(inet_ntoa(fromp->sin_addr));
     if(secflag){
@@ -788,7 +788,7 @@ void doit(f, fromp)
 	}
     }
 #endif /* CRAY */
-    
+
     pwd = getpwnam(locuser);
     if (pwd == (struct passwd *) 0 ) {
 	syslog(LOG_ERR ,
@@ -798,9 +798,9 @@ void doit(f, fromp)
 	error("Login incorrect.\n");
 	exit(1);
     }
-    
+
 #ifdef CRAY
-    /* Setup job entry, and validate udb entry. 
+    /* Setup job entry, and validate udb entry.
        ( against packet level also ) */
     if ((jid = setjob(pwd->pw_uid, 0)) < 0) {
 	error("Unable to create new job.\n");
@@ -836,7 +836,7 @@ void doit(f, fromp)
     }
 #ifndef NO_UDB
     (void)getsysudb();
-    
+
     if ((ue = getudbnam(pwd->pw_name)) == (struct udb *)NULL) {
 	error("Unable to fetch account id.\n");
 	exit(1);
@@ -883,7 +883,7 @@ void doit(f, fromp)
 				   open so close it here. */
 #endif  /* !NO_UDB */
 #endif /*CRAY*/
-    
+
     /* Setup wtmp entry : we do it here so that if this is a CRAY
        the Process Id is correct and we have not lost our trusted
        privileges. */
@@ -898,13 +898,13 @@ void doit(f, fromp)
     else {
 	pty_logwtmp(ttyn,locuser,sane_host);
     }
-    
+
 #ifdef CRAY
-    
+
     /* If  we are a secure system then we need to get rid of our
        trusted facility, so that MAC on the chdir we work. Before we
        do this make an entry into wtmp, and any other audit recording. */
-    
+
     if (secflag) {
 	if (getusrv(&usrv)){
 	    syslog(LOG_ERR,"Cannot getusrv");
@@ -922,10 +922,10 @@ void doit(f, fromp)
 	    error("Permission denied.\n");
 	    goto signout_please;
 	}
-	
+
 	loglogin(sane_host, SLG_OKLOG, ue->ue_logfails,ue);
-	
-	/*	Setup usrv structure with user udb info and 
+
+	/*	Setup usrv structure with user udb info and
 		packet_level and packet_compart. */
 	usrv.sv_actlvl = packet_level;
 	usrv.sv_actcmp = packet_compart; /*Note get_packet_level sets
@@ -938,7 +938,7 @@ void doit(f, fromp)
 	usrv.sv_valcat = ue->ue_valcat;
 	usrv.sv_savcmp = 0;
 	usrv.sv_savlvl = 0;
-	
+
 	/*
 	 *      Set user values to workstation boundaries
 	 */
@@ -948,12 +948,12 @@ void doit(f, fromp)
 #ifdef MAX
 #undef MAX
 #endif
-	
+
 #define MIN(a,b) ((a) < (b) ? (a) : (b))
 #define MAX(a,b) ((a) > (b) ? (a) : (b))
-	
+
 	nal_error = 0;
-	
+
 	if (nal.na_sort) {
 	    if ((ue->ue_minlvl > nal.na_smax) ||
 		(ue->ue_maxlvl < nal.na_smin))
@@ -961,14 +961,14 @@ void doit(f, fromp)
 	    else {
 		usrv.sv_minlvl=MAX(ue->ue_minlvl, nal.na_smin);
 		usrv.sv_maxlvl=MIN(ue->ue_maxlvl, nal.na_smax);
-		
+
 #ifndef IP_SECURITY
 
 		if (usrv.sv_actlvl < usrv.sv_minlvl)
 		    usrv.sv_actlvl = usrv.sv_minlvl;
 		if (usrv.sv_actlvl > usrv.sv_maxlvl)
 		  usrv.sv_actlvl = usrv.sv_maxlvl;
-		
+
 #else /*IP_SECURITY*/
 		if (usrv.sv_actlvl < usrv.sv_minlvl)
 		  nal_error++;
@@ -976,7 +976,7 @@ void doit(f, fromp)
 		  nal_error++;
 		if (usrv.sv_actlvl != ue->ue_deflvl)
 		  nal_error++;
-		
+
 		usrv.sv_valcmp = ue->ue_comparts & nal.na_scmp;
 		usrv.sv_actcmp &= nal.na_scmp;
 #endif /*IP_SECURITY*/
@@ -1016,7 +1016,7 @@ void doit(f, fromp)
 #undef  MAX
 	/* Before the setusrv is done then do a sethost for paddr */
 	sethost(paddr);
-	
+
 	if (setusrv(&usrv) == -1) {
 	    loglogin(sane_host, SLG_LVERR, ue->ue_logfails,ue);
 	    error("Permission denied.\n");
@@ -1026,10 +1026,10 @@ void doit(f, fromp)
 	    error("Getusrv Permission denied.\n");
 	    goto signout_please;
 	}
-	
+
     }
 #endif /*CRAY*/
-    
+
     if (chdir(pwd->pw_dir) < 0) {
       if(chdir("/") < 0) {
       	error("No remote directory.\n");
@@ -1066,17 +1066,17 @@ void doit(f, fromp)
 	error("You must use encryption.\n");
 	goto signout_please;
     }
-    
+
     if (pwd->pw_uid && !access(NOLOGIN, F_OK)) {
 	error("Logins currently disabled.\n");
 	goto signout_please;
     }
-    
+
     /* Log access to account */
     pwd = (struct passwd *) getpwnam(locuser);
     if (pwd && (pwd->pw_uid == 0)) {
 #ifdef LOG_CMD
-	syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as ROOT", 
+	syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as ROOT",
 	       cmdbuf, kremuser, remuser, hostaddra, hostname);
 #else
 	syslog(LOG_NOTICE ,"Access as ROOT by principal %s (%s@%s (%s))",
@@ -1087,20 +1087,20 @@ void doit(f, fromp)
     /* Log if principal is from a remote realm */
     else if (client && !default_realm(client))
 #endif
-  
-#if defined(KERBEROS) && defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS) 
+
+#if defined(KERBEROS) && defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
     /* Log if principal name does not map to local username */
     else if (client && !princ_maps_to_lname(client, locuser))
 #endif /* LOG_OTHER_USERS */
-  
+
 #ifdef LOG_ALL_LOGINS /* Log everything */
-    else 
-#endif 
-  
+    else
+#endif
+
 #if defined(LOG_REMOTE_REALM) || defined(LOG_OTHER_USERS) || defined(LOG_ALL_LOGINS)
       {
 #ifdef LOG_CMD
-	  syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as local user %s", 
+	  syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as local user %s",
 		 cmdbuf, kremuser, remuser, hostaddra, hostname, locuser);
 #else
 	  syslog(LOG_NOTICE ,"Access as %s by principal %s (%s@%s (%s))",
@@ -1108,9 +1108,9 @@ void doit(f, fromp)
 #endif
       }
 #endif
-    
+
     (void) write(2, "", 1);
-    
+
     if (port||do_encrypt) {
 	if (port&&(pipe(pv) < 0)) {
 	    error("Can't make pipe.\n");
@@ -1139,7 +1139,7 @@ void doit(f, fromp)
 	    (void)sigaction(SIGHUP, &sa, (struct sigaction *)0);
 
 	    sa.sa_handler = SIG_IGN;
-	    /* SIGPIPE is a crutch that we don't need if we check 
+	    /* SIGPIPE is a crutch that we don't need if we check
 	       the exit status of write. */
 	    (void)sigaction(SIGPIPE, &sa, (struct sigaction *)0);
 	    (void)sigaction(SIGCHLD, &sa, (struct sigaction *)0);
@@ -1148,20 +1148,20 @@ void doit(f, fromp)
 	    signal(SIGQUIT, cleanup);
 	    signal(SIGTERM, cleanup);
 	    signal(SIGHUP, cleanup);
-	    /* SIGPIPE is a crutch that we don't need if we check 
+	    /* SIGPIPE is a crutch that we don't need if we check
 	       the exit status of write. */
 	    signal(SIGPIPE, SIG_IGN);
 	    signal(SIGCHLD,SIG_IGN);
 #endif
-	    
+
 	    (void) close(0); (void) close(1); (void) close(2);
 	    if(port)
 		(void) close(pv[1]);
 	    (void) close(pw[1]);
 	    (void) close(px[0]);
-	    
-	    
-	    
+
+
+
 	    FD_ZERO(&readfrom);
 	    FD_SET(f, &readfrom);
 	    maxfd = f;
@@ -1176,7 +1176,7 @@ void doit(f, fromp)
 	    FD_SET(pw[0], &readfrom);
 	    if (pw[0] > maxfd)
 		maxfd = pw[0];
-	    
+
 	    /* read from f, write to px[1] -- child stdin */
 	    /* read from s, signal child */
 	    /* read from pv[0], write to s -- child stderr */
@@ -1246,7 +1246,7 @@ void doit(f, fromp)
 			  (void) close(px[1]);
 			  FD_CLR(f, &readfrom);
 			} else if (wcc != cc) {
-			  syslog(LOG_INFO, "only wrote %d/%d to child", 
+			  syslog(LOG_INFO, "only wrote %d/%d to child",
 				 wcc, cc);
 			}
 		    }
@@ -1293,14 +1293,14 @@ void doit(f, fromp)
 	if(port)
 	    (void) close(pv[1]);
     }
-    
-    /*      We are simply execing a program over rshd : log entry into wtmp, 
+
+    /*      We are simply execing a program over rshd : log entry into wtmp,
 	    as kexe(pid), then finish out the session right after that.
 	    Syslog should have the information as to what was exec'd */
     else {
 	pty_logwtmp(ttyn,"","");
     }
-    
+
     if (*pwd->pw_shell == '\0')
       pwd->pw_shell = "/bin/sh";
     (void) close(f);
@@ -1317,7 +1317,7 @@ void doit(f, fromp)
 #ifdef	HAVE_SETLUID
     /*
      * If we're on a system which keeps track of login uids, then
-     * set the login uid. 
+     * set the login uid.
      */
     if (setluid((uid_t) pwd->pw_uid) < 0) {
 	perror("setluid");
@@ -1404,7 +1404,7 @@ void doit(f, fromp)
 	    char *buf2;
 
 	    if(getenv(save_env[cnt])) {
-		    if (asprintf(&buf2, "%s=%s", save_env[cnt], 
+		    if (asprintf(&buf2, "%s=%s", save_env[cnt],
 				 getenv(save_env[cnt])) >= 0) {
 			    for (i = 0; envinit[i]; i++);
 			    envinit[i] = buf2;
@@ -1415,7 +1415,7 @@ void doit(f, fromp)
     /* XXX - If we do anything else, make sure there is space in the array. */
 
     environ = envinit;
-    
+
 #ifdef KERBEROS
     /* To make Kerberos rcp work correctly, we must ensure that we
        invoke Kerberos rcp on this end, not normal rcp, even if the
@@ -1453,7 +1453,7 @@ void doit(f, fromp)
       cp++;
     else
       cp = pwd->pw_shell;
-    
+
     if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) {
 	execl(pwd->pw_shell, cp, "-c", (char *)cmdbuf + 3, (char *)NULL);
     }
@@ -1463,7 +1463,7 @@ void doit(f, fromp)
     perror(pwd->pw_shell);
     perror(cp);
     exit(1);
-    
+
   signout_please:
     if (ccache)
 	krb5_cc_destroy(bsd_context, ccache);
@@ -1485,7 +1485,7 @@ error(fmt, va_alist)
 {
     va_list ap;
     char buf[RCMD_BUFSIZ],  *cp = buf;
-    
+
 #ifdef HAVE_STDARG_H
     va_start(ap, fmt);
 #else
@@ -1508,7 +1508,7 @@ void getstr(fd, buf, cnt, err)
     char *err;
 {
     char c;
-    
+
     do {
 	if (read(fd, &c, 1) != 1)
 	  exit(1);
@@ -1526,11 +1526,11 @@ char *makejtmp(uid, gid, jid)
 {
     register char *endc, *tdp = &tmpdir[strlen(tmpdir)];
     register int i;
-    
+
     snprintf(tdp, sizeof(tmpdir) - (tdp - tmpdir), "%s/jtmp.%06d",
 	     JTMPDIR, jid);
     endc = &tmpdir[strlen(tmpdir)];
-    
+
     endc[1] = '\0';
     for (i = 0; i < 26; i++) {
 	endc[0] = 'a' + i;
@@ -1595,7 +1595,7 @@ static int get_packet_classification(fd,useruid,level,comp)
     struct udb *udb;
     int retval;
     int sockoptlen;
-    
+
     retval = 0;
     getsysudb ();
     udb = getudbuid ((int) useruid);
@@ -1631,8 +1631,8 @@ static int get_packet_classification(fd,useruid,level,comp)
 }
 
 #endif /* IP_SECURITY */
-	
-	
+
+
 
 /*
  * Make a security log entry for the login attempt.
@@ -1655,7 +1655,7 @@ loglogin(host, flag, failures, ue)
     char   urec[sizeof(struct slghdr) + sizeof(struct slglogin)];
     struct slghdr   *uhdr = (struct slghdr *)urec;
     struct slglogin *ulogin=(struct slglogin *)&urec[sizeof(struct slghdr)];
-    
+
     strncpy(ulogin->sl_line, ttyn, sizeof(ulogin->sl_line));
     strncpy(ulogin->sl_host, host, sizeof(ulogin->sl_host));
     ulogin->sl_failures = failures;
@@ -1671,7 +1671,7 @@ loglogin(host, flag, failures, ue)
     /*      uhdr->sl_scls = ue->ue_defcls;  enable for integrity policy */
     uhdr->sl_olvl = 0;
     uhdr->sl_len = sizeof(urec);
-    
+
 #ifdef  CRAY2
     slgentry(SLG_LOGN, (word *)urec);
 #else /*        ! CRAY2 */
@@ -1681,7 +1681,7 @@ loglogin(host, flag, failures, ue)
 }
 
 #endif /* CRAY */
-	
+
 
 
 void usage()
@@ -1728,7 +1728,7 @@ recvauth(netfd, peersin, valid_checksum)
     if (getsockname(netfd, (struct sockaddr *)&laddr, &len)) {
 	    exit(1);
     }
-	
+
 #ifdef unicos61
 #define SIZEOF_INADDR  SIZEOF_in_addr
 #else
@@ -1784,7 +1784,7 @@ recvauth(netfd, peersin, valid_checksum)
     getstr(netfd, cmdbuf, sizeof(cmdbuf), "command");
 
     /* Must be V5  */
-	
+
     kcmd_proto = KCMD_UNKNOWN_PROTOCOL;
     if (version.length != 9)
 	fatal (netfd, "bad application version length");
@@ -1795,17 +1795,17 @@ recvauth(netfd, peersin, valid_checksum)
 
     getstr(netfd, remuser, sizeof(locuser), "remuser");
 
-    if ((status = krb5_unparse_name(bsd_context, ticket->enc_part2->client, 
+    if ((status = krb5_unparse_name(bsd_context, ticket->enc_part2->client,
 				    &kremuser)))
 	return status;
-    
-    if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, 
+
+    if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client,
 				      &client)))
 	return status;
     if ((status = krb5_auth_con_getauthenticator(bsd_context, auth_context,
 						 &authenticator)))
       return status;
-    
+
     if (authenticator->checksum && !checksum_ignored) {
 	struct sockaddr_storage adr;
 	unsigned int adr_length = sizeof(adr);
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index 57680ad3c..fc6198c14 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -352,7 +352,7 @@ static void login_get_kconf(k)
 	kconf_names[0] = "login";
 	kconf_names[1] = login_conf_set[i].flagname;
 	kconf_names[2] = 0;
-	retval = profile_get_values(k->profile, 
+	retval = profile_get_values(k->profile,
 				    kconf_names, &kconf_val);
 	if (retval) {
 	    /* ignore most (all?) errors */
@@ -445,7 +445,7 @@ void k_init (ttyn)
 {
 #ifdef KRB5_GET_TICKETS
     krb5_error_code retval;
-    
+
     retval = krb5_init_secure_context(&kcontext);
     if (retval) {
 	com_err("login", retval, "while initializing krb5");
@@ -482,7 +482,7 @@ static int k5_get_password (user_pwstring, pwsize)
     unsigned int pwsize;
 {
     krb5_error_code code;
-    char prompt[255];			
+    char prompt[255];
     snprintf(prompt, sizeof(prompt), "Password for %s", username);
 
     /* reduce opportunities to be swapped out */
@@ -521,7 +521,7 @@ static int try_krb5 (me_p, pass)
     if (code) {
 	if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
 	    fprintf (stderr,
-		     "%s: Kerberos password incorrect\n", 
+		     "%s: Kerberos password incorrect\n",
 		     username);
 	else
 	    com_err ("login", code,
@@ -749,8 +749,8 @@ int main(argc, argv)
     /*
      * -p is used by getty to tell login not to destroy the environment
      * -r is used by rlogind to cause the autologin protocol;
-     * -f is used to skip a second login authentication 
-     * -F is used to skip a second login authentication, allows login as root 
+     * -f is used to skip a second login authentication
+     * -F is used to skip a second login authentication, allows login as root
      * -e is used to skip a second login authentication, but allows
      * 	login as root.
      * -h is used by other servers to pass the name of the
@@ -835,11 +835,11 @@ int main(argc, argv)
     /* Only do this we we're not using POSIX_TERMIOS */
     (void)ioctl(0, TIOCLSET, (char *)&ioctlval);
 #endif
-	
+
 #ifdef TIOCNXCL
     (void)ioctl(0, TIOCNXCL, (char *)0);
 #endif
-	
+
     ioctlval = fcntl(0, F_GETFL);
 #ifdef O_NONBLOCK
     ioctlval &= ~O_NONBLOCK;
@@ -861,7 +861,7 @@ int main(argc, argv)
 	    term[sizeof(term) - 1] = '\0';
 	}
     }
-	
+
     term_init (rflag || kflag || Kflag || eflag);
 
     for (cnt = getdtablesize(); cnt > 2; cnt--)
@@ -877,7 +877,7 @@ int main(argc, argv)
     else
 	tty = ttyn;
 
-#ifndef LOG_ODELAY /* 4.2 syslog ... */                      
+#ifndef LOG_ODELAY /* 4.2 syslog ... */
     openlog("login", 0);
 #else
     openlog("login", LOG_ODELAY, LOG_AUTH);
@@ -1106,7 +1106,7 @@ int main(argc, argv)
    controlling tty, which is the case (under SunOS at least.) */
 
     {
-	int pid = getpid(); 
+	int pid = getpid();
 	struct sigaction sa2, osa;
 
 	/* this will set the PGID to the PID. */
@@ -1251,14 +1251,14 @@ int main(argc, argv)
 
 #ifdef KRB5_GET_TICKETS
     if (got_v5_tickets) {
-	/* set up credential cache -- obeying KRB5_ENV_CCNAME 
+	/* set up credential cache -- obeying KRB5_ENV_CCNAME
 	   set earlier */
 	/* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */
 	if ((retval = krb5_cc_default(kcontext, &ccache))) {
 	    com_err(argv[0], retval, "while getting default ccache");
 	} else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) {
 	    com_err(argv[0], retval, "when initializing cache");
-	} else if ((retval = krb5_cc_store_cred(kcontext, ccache, 
+	} else if ((retval = krb5_cc_store_cred(kcontext, ccache,
 						&my_creds))) {
 	    com_err(argv[0], retval, "while storing credentials");
 	} else if (xtra_creds &&
@@ -1279,7 +1279,7 @@ int main(argc, argv)
 	    syslog(LOG_ERR,
 		   "%s while re-storing V5 credentials as user",
 		   error_message(retval));
-	    
+
 	}
 	krb5_free_cred_contents(kcontext, &save_v5creds);
     }
@@ -1672,7 +1672,7 @@ void dolastlog(hostname, quiet, tty)
 		printf("Last login: %.*s ", 24-5, (char *)ctime(&lltime));
 
 		if (*ll.ll_host != '\0')
-		    printf("from %.*s\n", (int) sizeof(ll.ll_host), 
+		    printf("from %.*s\n", (int) sizeof(ll.ll_host),
 			   ll.ll_host);
 		else
 		    printf("on %.*s\n", (int) sizeof(ll.ll_line), ll.ll_line);
@@ -1790,7 +1790,7 @@ dofork()
     int syncpipe[2];
     char c;
     int n;
-    
+
 #ifdef _IBMR2
     update_ref_count(1);
 #endif
@@ -1826,7 +1826,7 @@ dofork()
 
     /* Setup stuff?  This would be things we could do in parallel with login */
     (void) chdir("/");	/* Let's not keep the fs busy... */
-    
+
     /* If we're the parent, watch the child until it dies */
 
     while (1) {
@@ -1849,7 +1849,7 @@ dofork()
 	if (pid == child)
 	    break;
     }
-    
+
     /* Cleanup stuff */
     /* Run destroy_tickets to destroy tickets */
     (void) destroy_tickets();		/* If this fails, we lose quietly */
@@ -1873,7 +1873,7 @@ char *strsave(sp)
      char *sp;
 {
     register char *ret;
-    
+
     if ((ret = strdup(sp)) == NULL) {
 	fprintf(stderr, "no memory for saving args\n");
 	exit(1);
diff --git a/src/appl/bsd/loginpaths.h b/src/appl/bsd/loginpaths.h
index 0f2580bb9..8124e1abe 100644
--- a/src/appl/bsd/loginpaths.h
+++ b/src/appl/bsd/loginpaths.h
@@ -34,7 +34,7 @@
 #endif
 
 #ifdef _IBMR2
-/* 3.2.0 */ 
+/* 3.2.0 */
 #define LPATH "/usr/bin:/usr/ucb:/usr/bin/X11"
 #define RPATH "/usr/bin:/usr/ucb:/usr/bin/X11"
 #endif
diff --git a/src/appl/bsd/rpaths.h b/src/appl/bsd/rpaths.h
index 4925ea33a..b3946772c 100644
--- a/src/appl/bsd/rpaths.h
+++ b/src/appl/bsd/rpaths.h
@@ -28,4 +28,3 @@
 #undef UCB_RSH
 #define UCB_RSH "/usr/bin/remsh"
 #endif
-
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index f84d3c66b..3f861687f 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -27,7 +27,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -149,13 +149,13 @@ connect_to_server(host, port)
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * service_name is imported as a GSS-API name and a GSS-API context is
  * established with the corresponding service; the service should be
  * listening on the TCP connection s.  The default GSS-API mechanism
  * is used, and mutual authentication and replay detection are
  * requested.
- * 
+ *
  * If successful, the context handle is returned in context.  If
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
@@ -209,7 +209,7 @@ client_establish_context(s, service_name, gss_flags, auth_flag,
 	 * transmitted to the server; every received token is stored in
 	 * recv_tok, which token_ptr is then set to, to be processed by
 	 * the next call to gss_init_sec_context.
-	 * 
+	 *
 	 * GSS-API guarantees that send_tok's length will be non-zero
 	 * if and only if the server is expecting another token from us,
 	 * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
@@ -338,7 +338,7 @@ read_file(file_name, in_buf)
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * call_server opens a TCP connection to <host:port> and establishes a
  * GSS-API context with service_name over the connection.  It then
  * seals msg in a GSS-API token with gss_wrap, sends it to the server,
diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c
index cfaa0f8bd..3abb0ce1a 100644
--- a/src/appl/gss-sample/gss-misc.c
+++ b/src/appl/gss-sample/gss-misc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -27,7 +27,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -223,7 +223,7 @@ send_token(s, flags, tok)
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * recv_token reads the token flags (a single byte, even though
  * they're stored into an integer, then reads the token length (as a
  * network long), allocates memory to hold the data, and then reads
diff --git a/src/appl/gss-sample/gss-misc.h b/src/appl/gss-sample/gss-misc.h
index 35b3b7390..77d8190f9 100644
--- a/src/appl/gss-sample/gss-misc.h
+++ b/src/appl/gss-sample/gss-misc.h
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c
index 488f14ccc..158414d4f 100644
--- a/src/appl/gss-sample/gss-server.c
+++ b/src/appl/gss-sample/gss-server.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -27,7 +27,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -390,7 +390,7 @@ test_import_export_context(context)
  * 	service_name	(r) the ASCII name of the GSS-API service to
  * 			establish a context as
  *	export		(r) whether to test context exporting
- * 
+ *
  * Returns: -1 on error
  *
  * Effects:
@@ -624,7 +624,7 @@ worker_bee(void *param)
     struct _work_plan *work = (struct _work_plan *) param;
 
     /* this return value is not checked, because there's
-     * not really anything to do if it fails 
+     * not really anything to do if it fails
      */
     sign_server(work->s, work->server_creds, work->export);
     closesocket(work->s);
diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c
index 0e06a8d56..8bfd552f7 100644
--- a/src/appl/gssftp/ftp/cmds.c
+++ b/src/appl/gssftp/ftp/cmds.c
@@ -112,7 +112,7 @@ static char *domap (char *);
  *
  * Returns false if no new arguments have been added.
  */
-int 
+int
 another(pargc, pargv, prompt)
 	int *pargc;
 	char ***pargv;
@@ -260,7 +260,7 @@ void setpeer(argc, argv)
 				unix_proxy = 0;
 			else
 				unix_server = 0;
-			if (overbose && 
+			if (overbose &&
 			    !strncmp(reply_string, "215 TOPS20", 10))
 				printf(
 "Remember to set tenex mode when transfering binary files from this machine.\n");
@@ -355,7 +355,7 @@ void setclevel(argc, argv)
 	if (!strcmp(p->p_name, "clear")) {
 		comret = command("CCC");
 		if (comret == COMPLETE)
-			clevel = PROT_C; 
+			clevel = PROT_C;
 		return;
 	}
 	clevel = p->p_level;
@@ -1180,7 +1180,7 @@ void status(argc, argv)
 	}
 	printf("Hash mark printing: %s; Use of PORT cmds: %s\n",
 		onoff(hash), onoff(sendport));
-	printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", 
+	printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n",
 		onoff(verbose), onoff(bell), onoff(interactive),
 		onoff(doglob));
 	if (macnum > 0) {
@@ -1275,7 +1275,7 @@ void setprompt()
 /*VARARGS*/
 void setglob()
 {
-	
+
 	doglob = !doglob;
 	printf("Globbing %s.\n", onoff(doglob));
 	code = doglob;
@@ -1601,7 +1601,7 @@ void shell(argc, argv)
 {
 	int pid;
 	sig_t old1, old2;
-	char shellnam[40], *shellprog, *namep; 
+	char shellnam[40], *shellprog, *namep;
 #ifdef WAIT_USES_INT
 	int w_status;
 #else
@@ -1910,7 +1910,7 @@ void disconnect()
 		return;
 	(void) command("QUIT");
 	if (cout) {
-		(void) FCLOSE_SOCKET(cout);	
+		(void) FCLOSE_SOCKET(cout);
 		cout = NULL;
 	}
 	connected = 0;
@@ -2237,7 +2237,7 @@ domap(name)
 				break;
 			case '[':
 LOOP:
-				if (*++cp2 == '$' && isdigit((int) *(cp2+1))) { 
+				if (*++cp2 == '$' && isdigit((int) *(cp2+1))) {
 					if (*++cp2 == '0') {
 						char *cp3 = name;
 
@@ -2256,7 +2256,7 @@ LOOP:
 					}
 				}
 				else {
-					while (*cp2 && *cp2 != ',' && 
+					while (*cp2 && *cp2 != ',' &&
 					    *cp2 != ']') {
 						if (*cp2 == '\\') {
 							cp2++;
diff --git a/src/appl/gssftp/ftp/cmdtab.c b/src/appl/gssftp/ftp/cmdtab.c
index cfa11e371..76fdb46c1 100644
--- a/src/appl/gssftp/ftp/cmdtab.c
+++ b/src/appl/gssftp/ftp/cmdtab.c
@@ -206,4 +206,3 @@ struct cmd cmdtab[] = {
 };
 
 int	NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1;
-
diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c
index 79d844b4d..6d20fbffd 100644
--- a/src/appl/gssftp/ftp/ftp.c
+++ b/src/appl/gssftp/ftp/ftp.c
@@ -33,14 +33,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -51,7 +51,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -139,7 +139,7 @@ char	*auth_type;	/* Authentication succeeded?  If so, what type? */
 
 unsigned int maxbuf, actualbuf;
 unsigned char *ucbuf;
- 
+
 #define DEFINITIONS
 #include "ftp_var.h"
 #include "secure.h"
@@ -234,7 +234,7 @@ hookup(char* host, int port)
 			PERROR_SOCKET((char *) 0);
 			hp->h_addr_list++;
 			memcpy(&hisctladdr.sin_addr,
-			       hp->h_addr_list[0], 
+			       hp->h_addr_list[0],
 			       sizeof(hisctladdr.sin_addr));
 			fprintf(stdout, "Trying %s...\n",
 				inet_ntoa(hisctladdr.sin_addr));
@@ -448,12 +448,12 @@ static int secure_command(char* cmd)
 						 "gss_seal ENC didn't complete":
 						 "gss_seal MIC didn't complete");
 			} else if ((clevel == PROT_P) && !conf_state) {
-				fprintf(stderr, 
+				fprintf(stderr,
 					"GSSAPI didn't encrypt message");
 			} else {
 				if (debug)
 				  fprintf(stderr, "sealed (%s) %lu bytes\n",
-					  clevel==PROT_P?"ENC":"MIC", 
+					  clevel==PROT_P?"ENC":"MIC",
 					  (unsigned long) out_buf.length);
 				length=out_buf.length;
 				memcpy(out, out_buf.value, out_buf.length);
@@ -469,7 +469,7 @@ static int secure_command(char* cmd)
 			return(0);
 		}
 		fprintf(cout, "%s %s", clevel == PROT_P ? "ENC" : "MIC", in);
-		if(debug) 
+		if(debug)
 		  fprintf(stderr, "secure_command(%s)\nencoding %d bytes %s %s\n",
 			  cmd, length, clevel==PROT_P ? "ENC" : "MIC", in);
 	} else	fputs(cmd, cout);
@@ -492,7 +492,7 @@ int command(char *fmt, ...)
 		va_start(ap, fmt);
 		if (strncmp("PASS ", fmt, 5) == 0)
 			printf("PASS XXXX");
-		else 
+		else
 			vfprintf(stdout, fmt, ap);
 		va_end(ap);
 		printf("\n");
@@ -662,7 +662,7 @@ int getreply(int expecteof)
 		    else {
 			int len;
 			kerror = radix_encode((unsigned char *)obuf,
-					      (unsigned char *)ibuf, 
+					      (unsigned char *)ibuf,
 					      &len, 1);
 			if (kerror) {
 			    printf("Can't base 64 decode reply %d (%s)\n\"%s\"\n",
@@ -678,20 +678,20 @@ int getreply(int expecteof)
 				xmit_buf.length = len;
 				/* decrypt/verify the message */
 				conf_state = safe;
-				maj_stat = gss_unseal(&min_stat, gcontext, 
-						      &xmit_buf, &msg_buf, 
+				maj_stat = gss_unseal(&min_stat, gcontext,
+						      &xmit_buf, &msg_buf,
 						      &conf_state, NULL);
 				if (maj_stat != GSS_S_COMPLETE) {
-				  user_gss_error(maj_stat, min_stat, 
+				  user_gss_error(maj_stat, min_stat,
 						 "failed unsealing reply");
 				  n = '5';
 				} else {
 				  if(msg_buf.length < sizeof(ibuf) - 2 - 1) {
-				    memcpy(ibuf, msg_buf.value, 
+				    memcpy(ibuf, msg_buf.value,
 					   msg_buf.length);
 				    memcpy(&ibuf[msg_buf.length], "\r\n", 3);
 				  } else {
-				    user_gss_error(maj_stat, min_stat, 
+				    user_gss_error(maj_stat, min_stat,
 						   "reply was too long");
 				  }
 				  gss_release_buffer(&min_stat,&msg_buf);
@@ -838,7 +838,7 @@ void sendrequest(char *cmd, char *local, char *remote, int printnames)
 			fin = fopen(local, "rt");
 #else /* !_WIN32 */
 		fin = fopen(local, "r");
-#endif /* !_WIN32 */			
+#endif /* !_WIN32 */
 		if (fin == NULL) {
 			fprintf(stderr, "local: %s: %s\n", local,
 				strerror(errno));
@@ -927,7 +927,7 @@ void sendrequest(char *cmd, char *local, char *remote, int printnames)
 		while ((c = read(fileno(fin), buf, sizeof (buf))) > 0) {
 			bytes += c;
 			for (bufp = buf; c > 0; c -= d, bufp += d)
-				if ((d = secure_write(fileno(dout), bufp, 
+				if ((d = secure_write(fileno(dout), bufp,
 						      (unsigned int) c)) <= 0)
 					break;
 			if (hash) {
@@ -937,7 +937,7 @@ void sendrequest(char *cmd, char *local, char *remote, int printnames)
 				}
 				(void) fflush(stdout);
 			}
-			if (d <= 0 ) 
+			if (d <= 0 )
   break;
 		}
 		if (hash && bytes > 0) {
@@ -950,7 +950,7 @@ void sendrequest(char *cmd, char *local, char *remote, int printnames)
 			fprintf(stderr, "local: %s: %s\n", local,
 				strerror(errno));
 		if (d < 0 || (d = secure_flush(fileno(dout))) < 0) {
-			if (d == -1 && errno != EPIPE) 
+			if (d == -1 && errno != EPIPE)
 				perror("netout");
 			bytes = -1;
 		}
@@ -975,7 +975,7 @@ void sendrequest(char *cmd, char *local, char *remote, int printnames)
 	/*		if (c == '\r') {			  	*/
 	/*		(void)	putc('\0', dout);   this violates rfc */
 	/*			bytes++;				*/
-	/*		}                          			*/	
+	/*		}                          			*/
 		}
 		if (hash) {
 			if (bytes < hashbytes)
@@ -1444,7 +1444,7 @@ static int initconn()
 noport:
 	data_addr = myctladdr;
 	if (sendport)
-		data_addr.sin_port = 0;	/* let system pick one */ 
+		data_addr.sin_port = 0;	/* let system pick one */
 	if (data != INVALID_SOCKET)
 		(void) closesocket(data);
 	data = socket(AF_INET, SOCK_STREAM, 0);
@@ -1918,7 +1918,7 @@ int do_auth()
 	  char stbuf[FTP_BUFSIZ];
 	  int comcode, trial;
 	  struct gss_channel_bindings_struct chan;
-	  chan.initiator_addrtype = GSS_C_AF_INET; /* OM_uint32  */ 
+	  chan.initiator_addrtype = GSS_C_AF_INET; /* OM_uint32  */
 	  chan.initiator_address.length = 4;
 	  chan.initiator_address.value = &myctladdr.sin_addr.s_addr;
 	  chan.acceptor_addrtype = GSS_C_AF_INET; /* OM_uint32 */
@@ -1929,9 +1929,9 @@ int do_auth()
 
 	  if (verbose)
 	    printf("GSSAPI accepted as authentication type\n");
-	  
+
 	  /* blob from gss-client */
-	  
+
 	  for (trial = 0; trial < n_gss_trials; trial++) {
 	    /* ftp@hostname first, the host@hostname */
 	    /* the V5 GSSAPI binding canonicalizes this for us... */
@@ -1944,7 +1944,7 @@ int do_auth()
 	    send_tok.length = strlen(stbuf) + 1;
 	    maj_stat = gss_import_name(&min_stat, &send_tok,
 				       gss_nt_service_name, &target_name);
-	    
+
 	    if (maj_stat != GSS_S_COMPLETE) {
 		    user_gss_error(maj_stat, min_stat, "parsing name");
 		    secure_error("name parsed <%s>\n", stbuf);
@@ -1953,7 +1953,7 @@ int do_auth()
 
 	    token_ptr = GSS_C_NO_BUFFER;
 	    gcontext = GSS_C_NO_CONTEXT; /* structure copy */
-	    
+
 	    do {
 	      if (debug)
 		fprintf(stderr, "calling gss_init_sec_context\n");
@@ -1964,7 +1964,7 @@ int do_auth()
 				     target_name,
 				     (gss_OID_desc *)gss_trials[trial].mech_type,
 				     GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
-				       (forward ? GSS_C_DELEG_FLAG : 
+				       (forward ? GSS_C_DELEG_FLAG :
 					(unsigned) 0),
 				     0,
 				     &chan,	/* channel bindings */
@@ -1973,7 +1973,7 @@ int do_auth()
 				     &send_tok,
 				     NULL,	/* ignore ret_flags */
 				     NULL);	/* ignore time_rec */
-	      
+
 
 	      if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED){
 		if (trial == n_gss_trials-1)
@@ -1981,7 +1981,7 @@ int do_auth()
 		/* could just be that we missed on the service name */
 		goto outer_loop;
 	      }
-	    
+
 	      if (send_tok.length != 0) {
 		int len = send_tok.length;
 		reply_parse = "ADAT="; /* for command() later */
@@ -2105,7 +2105,7 @@ static void abort_remote(FILE *din)
 	(void) secure_command("ABOR");
 	FD_ZERO(&mask);
 	FD_SET(SOCKETNO(fileno(cin)), &mask);
-	if (din) { 
+	if (din) {
 		FD_SET(SOCKETNO(fileno(din)), &mask);
 	}
 	if ((nfnd = empty(&mask, 10)) <= 0) {
diff --git a/src/appl/gssftp/ftp/glob.c b/src/appl/gssftp/ftp/glob.c
index bbbcb4457..3d62284ba 100644
--- a/src/appl/gssftp/ftp/glob.c
+++ b/src/appl/gssftp/ftp/glob.c
@@ -86,12 +86,12 @@ char	*home;
 static	char *strspl (char *, char *), *strend (char *);
 char	**copyblk (char **);
 
-static void acollect (char *), addpath (int), 
-  collect (char *), expand (char *), 
+static void acollect (char *), addpath (int),
+  collect (char *), expand (char *),
   Gcat (char *, char *);
 static void ginit (char **), matchdir (char *),
   rscan (char **, int (*f)()), sort (void);
-static int amatch (char *, char *), 
+static int amatch (char *, char *),
   execbrc (char *, char *), match (char *, char *);
 static int digit (int), letter (int),
   any (int, char *);
diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c
index 6ec5ee1a8..48302cd51 100644
--- a/src/appl/gssftp/ftp/main.c
+++ b/src/appl/gssftp/ftp/main.c
@@ -92,7 +92,7 @@ static void cmdscanner (int);
 static char *slurpstring (void);
 
 
-int 
+int
 main(argc, argv)
 	volatile int argc;
 	char **volatile argv;
@@ -285,7 +285,7 @@ tail(filename)
 	char *filename;
 {
 	register char *s;
-	
+
 	while (*filename) {
 		s = strrchr(filename, '/');
 		if (s == NULL)
diff --git a/src/appl/gssftp/ftp/ruserpass.c b/src/appl/gssftp/ftp/ruserpass.c
index 6e603e459..03fbc7916 100644
--- a/src/appl/gssftp/ftp/ruserpass.c
+++ b/src/appl/gssftp/ftp/ruserpass.c
@@ -124,7 +124,7 @@ token()
 	return (ID);
 }
 
-int 
+int
 ruserpass(host, aname, apass, aacct)
 	char *host, **aname, **apass, **aacct;
 {
@@ -160,7 +160,7 @@ next:
 				continue;
 			/*
 			 * Allow match either for user's input host name
-			 * or official hostname.  Also allow match of 
+			 * or official hostname.  Also allow match of
 			 * incompletely-specified host in local domain.
 			 */
 			if (strcasecmp(host, tokval) == 0)
@@ -186,7 +186,7 @@ next:
 
 		case LOGIN:
 			if (token()) {
-				if (*aname == 0) { 
+				if (*aname == 0) {
 					*aname = strdup(tokval);
 				} else {
 					if (strcmp(*aname, tokval))
diff --git a/src/appl/gssftp/ftp/secure.c b/src/appl/gssftp/ftp/secure.c
index 3ed15ee97..584660460 100644
--- a/src/appl/gssftp/ftp/secure.c
+++ b/src/appl/gssftp/ftp/secure.c
@@ -68,9 +68,9 @@ extern unsigned int maxbuf; 	/* maximum output buffer size */
 extern unsigned char *ucbuf;	/* cleartext buffer */
 static unsigned int nout;	/* number of chars in ucbuf,
 				 * pointer into ucbuf */
-static unsigned int smaxbuf;    /* Internal saved value of maxbuf 
+static unsigned int smaxbuf;    /* Internal saved value of maxbuf
 				   in case changes on us */
-static unsigned int smaxqueue;  /* Maximum allowed to queue before 
+static unsigned int smaxqueue;  /* Maximum allowed to queue before
 				   flush buffer. < smaxbuf by fudgefactor */
 
 /* perhaps use these in general, certainly use them for GSSAPI */
@@ -114,7 +114,7 @@ looping_read(fd, buf, len)
 	    if (errno == EINTR)
 		continue;
 	    return(cc);		 /* errno is already set */
-	}		
+	}
 	else if (cc == 0) {
 	    return(len2);
 	} else {
@@ -131,9 +131,9 @@ looping_read(fd, buf, len)
 
 #define ERR	-2
 
-/* 
+/*
  * Given maxbuf as a buffer size, determine how much can we
- * really transfer given the overhead of different algorithms 
+ * really transfer given the overhead of different algorithms
  *
  * Sets smaxbuf and smaxqueue
  */
@@ -147,12 +147,12 @@ static int secure_determine_constants()
     if (strcmp(auth_type, "GSSAPI") == 0) {
 	OM_uint32 maj_stat, min_stat, mlen;
 	OM_uint32 msize = maxbuf;
-	maj_stat = gss_wrap_size_limit(&min_stat, gcontext, 
+	maj_stat = gss_wrap_size_limit(&min_stat, gcontext,
 				       (dlevel == PROT_P),
 				       GSS_C_QOP_DEFAULT,
 				       msize, &mlen);
 	if (maj_stat != GSS_S_COMPLETE) {
-			secure_gss_error(maj_stat, min_stat, 
+			secure_gss_error(maj_stat, min_stat,
 					 "GSSAPI fudge determination");
 			/* Return error how? */
 			return ERR;
@@ -160,7 +160,7 @@ static int secure_determine_constants()
 	smaxqueue = mlen;
     }
 #endif
-    
+
 	return 0;
 }
 
@@ -223,7 +223,7 @@ FILE *stream;
  *	-1  on error (errno set)
  *	-2  on security error
  */
-int 
+int
 secure_write(fd, buf, nbyte)
 int fd;
 unsigned char *buf;
@@ -264,7 +264,7 @@ unsigned int nbyte;
 		gss_buffer_desc in_buf, out_buf;
 		OM_uint32 maj_stat, min_stat;
 		int conf_state;
-		
+
 		in_buf.value = buf;
 		in_buf.length = nbyte;
 		maj_stat = gss_seal(&min_stat, gcontext,
@@ -326,7 +326,7 @@ int fd;
 			return(ERR);
 		}
 		if ((length = (u_long) ntohl(length)) > MAX) {
-			secure_error("Length (%d) of PROT buffer > PBSZ=%u", 
+			secure_error("Length (%d) of PROT buffer > PBSZ=%u",
 				     length, MAX);
 			return(ERR);
 		}
@@ -350,7 +350,7 @@ int fd;
 		  maj_stat = gss_unseal(&min_stat, gcontext, &xmit_buf,
 					&msg_buf, &conf_state, NULL);
 		  if (maj_stat != GSS_S_COMPLETE) {
-		    secure_gss_error(maj_stat, min_stat, 
+		    secure_gss_error(maj_stat, min_stat,
 				     (dlevel == PROT_P)?
 				     "failed unsealing ENC message":
 				     "failed unsealing MIC message");
diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c
index ad3c4201a..7958facfe 100644
--- a/src/appl/gssftp/ftpd/ftpd.c
+++ b/src/appl/gssftp/ftpd/ftpd.c
@@ -67,7 +67,7 @@ static char sccsid[] = "@(#)ftpd.c	5.40 (Berkeley) 7/2/91";
 #ifdef HAVE_SHADOW
 #include <shadow.h>
 #endif
-#include <grp.h> 
+#include <grp.h>
 #include <setjmp.h>
 #ifndef POSIX_SETJMP
 #undef sigjmp_buf
@@ -224,11 +224,11 @@ int	swaitmax = SWAITMAX;
 int	swaitint = SWAITINT;
 
 void	lostconn(int), myoob(int);
-FILE	*getdatasock(char *); 
+FILE	*getdatasock(char *);
 #if defined(__STDC__)
-/* 
+/*
  * The following prototypes must be ANSI for systems for which
- * sizeof(off_t) > sizeof(int) to prevent stack overflow problems 
+ * sizeof(off_t) > sizeof(int) to prevent stack overflow problems
  */
 FILE	*dataconn(char *name, off_t size, char *mymode);
 void	send_data(FILE *instr, FILE *outstr, off_t blksize);
@@ -740,7 +740,7 @@ user(name)
 			}
 			snprintf(buf, sizeof(buf),
 				 "GSSAPI user %s is%s authorized as %s",
-				(char *) client_name.value, 
+				(char *) client_name.value,
 				authorized ? "" : " not",
 				name);
 		}
@@ -800,7 +800,7 @@ checkuser(name)
 			     return (1);
 			if (strncmp(line, name, strlen(name)) == 0) {
 			     int i = strlen(name) + 1;
-			     
+
 			     /* Make sure foo doesn't match foobar */
 			     if (line[i] == '\0' || !isspace((int) line[i]))
 			          continue;
@@ -838,7 +838,7 @@ restricted_user(name)
  * Terminate login as previous user, if any, resetting state;
  * used when USER command is given or login fails.
  */
-static void 
+static void
 end_login()
 {
 
@@ -891,7 +891,7 @@ char *name, *passwd;
 	my_creds.server = server;
 	if (krb5_timeofday(kcontext, &now))
 		goto nuke_ccache;
-	my_creds.times.starttime = 0; /* start timer when 
+	my_creds.times.starttime = 0; /* start timer when
 					 request gets to KDC */
 	my_creds.times.endtime = now + 60 * 60 * 10;
 	my_creds.times.renew_till = 0;
@@ -933,7 +933,7 @@ pass(passwd)
 	if (logged_in || askpasswd == 0) {
 	  	reply(503, "Login with USER first.");
 		return;
-	} 
+	}
 
 	if (!guest) {
 	    	/* "ftp" is only account allowed no password */
@@ -1125,7 +1125,7 @@ retrieve(cmd, name)
 				}
 				if (c == '\n')
 					i++;
-			}	
+			}
 		} else if (lseek(fileno(fin), restart_point, L_SET) < 0) {
 			perror_reply(550, name);
 			goto done;
@@ -1184,7 +1184,7 @@ store_file(name, fmode, unique)
 				}
 				if (c == '\n')
 					i++;
-			}	
+			}
 			/*
 			 * We must do this seek to "current" position
 			 * because we are changing from reading to
@@ -1694,7 +1694,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5)
 			gss_buffer_desc in_buf, out_buf;
 			OM_uint32 maj_stat, min_stat;
 			int conf_state;
-		
+
 			in_buf.value = in;
 			in_buf.length = strlen(in);
 			maj_stat = gss_seal(&min_stat, gcontext,
@@ -1717,7 +1717,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5)
 				secure_error("GSSAPI didn't encrypt message");
 #endif /* 0 */
 			} else {
-				memcpy(out, out_buf.value, 
+				memcpy(out, out_buf.value,
 				       length=out_buf.length);
 				gss_release_buffer(&min_stat, &out_buf);
 			}
@@ -1992,10 +1992,10 @@ myoob(sig)
 	if (strcmp(cp, "STAT") == 0) {
 		if (file_size != (off_t) -1)
 			reply(213, "Status: %lu of %lu bytes transferred",
-			      (unsigned long) byte_count, 
+			      (unsigned long) byte_count,
 			      (unsigned long) file_size);
 		else
-			reply(213, "Status: %lu bytes transferred", 
+			reply(213, "Status: %lu bytes transferred",
 			      (unsigned long) byte_count);
 	}
 }
@@ -2196,7 +2196,7 @@ char *adata;
 			name_buf.length = strlen(name_buf.value) + 1;
 			if (debug)
 				syslog(LOG_INFO, "importing <%s>", service_name);
-			stat_maj = gss_import_name(&stat_min, &name_buf, 
+			stat_maj = gss_import_name(&stat_min, &name_buf,
 						   gss_nt_service_name,
 						   &server_name);
 			if (stat_maj != GSS_S_COMPLETE) {
@@ -2205,7 +2205,7 @@ char *adata;
 				syslog(LOG_ERR, "gssapi error importing name");
 				return 0;
 			}
-			
+
 			acquire_maj = gss_acquire_cred(&acquire_min, server_name, 0,
 						       GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
 						       &server_creds, NULL, NULL);
@@ -2271,7 +2271,7 @@ char *adata;
 			}
 
 			rad_len = out_tok.length;
-			kerror = radix_encode(out_tok.value, gbuf, 
+			kerror = radix_encode(out_tok.value, gbuf,
 					      &rad_len, 0);
 			out_tok.length = rad_len;
 			if (kerror) {
@@ -2301,7 +2301,7 @@ char *adata;
 						    &client_name, &mechid);
 			if (stat_maj != GSS_S_COMPLETE) {
 				/* "If the server rejects the security data (if
-				   a checksum fails, for instance), it should 
+				   a checksum fails, for instance), it should
 				   respond with reply code 535." */
 				reply_gss_error(535, stat_maj, stat_min,
 						"extracting GSSAPI identity name");
@@ -2335,7 +2335,7 @@ char *adata;
 			    else
 			      reply(235, "GSSAPI Authentication succeeded");
 			  }
-				
+
 			return(1);
 		} else if (accept_maj == GSS_S_CONTINUE_NEEDED) {
 			/* If the server accepts the security data, and
@@ -2348,10 +2348,10 @@ char *adata;
 			  (void) gss_release_cred(&stat_min, &deleg_creds);
 			return(0);
 		} else {
-			/* "If the server rejects the security data (if 
-			   a checksum fails, for instance), it should 
+			/* "If the server rejects the security data (if
+			   a checksum fails, for instance), it should
 			   respond with reply code 535." */
-			reply_gss_error(535, stat_maj, stat_min, 
+			reply_gss_error(535, stat_maj, stat_min,
 					"GSSAPI failed processing ADAT");
 			syslog(LOG_ERR, "GSSAPI failed processing ADAT");
 			(void) gss_release_cred(&stat_min, &server_creds);
@@ -2676,12 +2676,12 @@ ftpd_gss_userok(gclient_name, name)
 {
 	int retval = -1;
 	krb5_principal p;
-	
+
 	if (krb5_parse_name(kcontext, gclient_name->value, &p) != 0)
 		return -1;
 	if (krb5_kuserok(kcontext, p, name))
 		retval = 0;
-	else 
+	else
 		retval = 1;
 	krb5_free_principal(kcontext, p);
 	return retval;
@@ -2723,4 +2723,3 @@ cleanup:
 
 
 #endif /* GSSAPI */
-
diff --git a/src/appl/gssftp/ftpd/ftpd_var.h b/src/appl/gssftp/ftpd/ftpd_var.h
index 8d833e4ec..ea0ebe398 100644
--- a/src/appl/gssftp/ftpd/ftpd_var.h
+++ b/src/appl/gssftp/ftpd/ftpd_var.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Prototypes for various functions in the ftpd sources.
  */
diff --git a/src/appl/libpty/cleanup.c b/src/appl/libpty/cleanup.c
index 57cc796ac..2622d1920 100644
--- a/src/appl/libpty/cleanup.c
+++ b/src/appl/libpty/cleanup.c
@@ -3,7 +3,7 @@
  *
  * (C)Copyright 1995, 1996 by the Massachusetts Institute of Technology.
  *
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -17,7 +17,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
@@ -35,10 +35,10 @@ long pty_cleanup (char *slave,
 #ifdef VHANG_LAST
     int retval, fd;
 #endif
-    
+
     if (update_utmp)
 	pty_update_utmp(PTY_DEAD_PROCESS, pid,  "", slave, (char *)0, PTY_UTMP_USERNAME_VALID);
-    
+
     (void)chmod(slave, 0666);
     (void)chown(slave, 0, 0);
 #ifdef HAVE_REVOKE
diff --git a/src/appl/libpty/dump-utmp.c b/src/appl/libpty/dump-utmp.c
index d4c303fb3..de3a7467e 100644
--- a/src/appl/libpty/dump-utmp.c
+++ b/src/appl/libpty/dump-utmp.c
@@ -277,5 +277,5 @@ main(int argc, char **argv)
 #endif
 	}
     }
-    exit(0);    
+    exit(0);
 }
diff --git a/src/appl/libpty/getpty.c b/src/appl/libpty/getpty.c
index e5bf2854b..f262e61df 100644
--- a/src/appl/libpty/getpty.c
+++ b/src/appl/libpty/getpty.c
@@ -3,7 +3,7 @@
  *
  * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
  *
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -17,7 +17,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
@@ -67,7 +67,7 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
     }
     return 0;
 #else /*HAVE__GETPTY*/
-    
+
     *fd = open("/dev/ptym/clone", O_RDWR|O_NDELAY);	/* HPUX*/
 #ifdef HAVE_STREAMS
     if (*fd < 0) *fd = open("/dev/ptmx",O_RDWR|O_NDELAY); /*Solaris*/
@@ -81,7 +81,7 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
 	if (do_grantpt)
 	    if (grantpt(*fd) || unlockpt(*fd)) return PTY_GETPTY_STREAMS;
 #endif
-    
+
 #ifdef HAVE_PTSNAME
 	p = ptsname(*fd);
 #else
diff --git a/src/appl/libpty/init.c b/src/appl/libpty/init.c
index b48a1f8a7..0b7038b0a 100644
--- a/src/appl/libpty/init.c
+++ b/src/appl/libpty/init.c
@@ -1,11 +1,11 @@
 /*
  * pty_init: Initialize internal state of pty.
- * 
+ *
  * Currently initializes error tables.
- * 
+ *
  * Copyright 1995 by the Massachusetts Institute of Technology.
  *
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -19,7 +19,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
diff --git a/src/appl/libpty/init_slave.c b/src/appl/libpty/init_slave.c
index ce7507645..760d5acda 100644
--- a/src/appl/libpty/init_slave.c
+++ b/src/appl/libpty/init_slave.c
@@ -2,7 +2,7 @@
  * pty_init_slave: open slave side of terminal, clearing for use.
  *
  * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -16,7 +16,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
@@ -41,7 +41,7 @@ static char *push_list[] = {
   0};
 #endif /*HAVE_STREAMS but not HAVE_LINE_PUSH*/
 
- 
+
 
 long pty_initialize_slave (int fd)
 {
@@ -51,7 +51,7 @@ long pty_initialize_slave (int fd)
     struct sgttyb b;
 #endif /* POSIX_TERMIOS */
     int pid;
-	    
+
 #ifdef HAVE_STREAMS
 #ifdef HAVE_LINE_PUSH
         while (ioctl (fd, I_POP, 0) == 0); /*Clear out any old lined's*/
@@ -87,7 +87,7 @@ long pty_initialize_slave (int fd)
     ioctl(fd, TIOCSPGRP, &pid);
 #endif
 
-    
+
 #if defined(POSIX_TERMIOS) && !defined(ultrix)
 	tcsetpgrp(fd, pid);
 	tcgetattr(fd,&new_termio);
diff --git a/src/appl/libpty/libpty.h b/src/appl/libpty/libpty.h
index d95c8fe08..13cc5ecce 100644
--- a/src/appl/libpty/libpty.h
+++ b/src/appl/libpty/libpty.h
@@ -3,7 +3,7 @@
  *
  * Copyright 1995 by the Massachusetts Institute of Technology.
  *
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -17,7 +17,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #ifndef __LIBPTY_H__
diff --git a/src/appl/libpty/logwtmp.c b/src/appl/libpty/logwtmp.c
index 03cfab48f..2417fb4ce 100644
--- a/src/appl/libpty/logwtmp.c
+++ b/src/appl/libpty/logwtmp.c
@@ -2,7 +2,7 @@
  * pty_logwtmp: Implement the logwtmp function if not present.
  *
  * Copyright 1995, 2001 by the Massachusetts Institute of Technology.
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -16,7 +16,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
diff --git a/src/appl/libpty/open_ctty.c b/src/appl/libpty/open_ctty.c
index 5a1730b31..9d6fb0d95 100644
--- a/src/appl/libpty/open_ctty.c
+++ b/src/appl/libpty/open_ctty.c
@@ -16,14 +16,14 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
 #include "libpty.h"
 #include "pty-int.h"
 
-/* 
+/*
  * This function will be called twice.  The first time it will acquire
  * a controlling terminal from which to vhangup() or revoke() (see
  * comments in open_slave.c); the second time, it will be to open the
diff --git a/src/appl/libpty/open_slave.c b/src/appl/libpty/open_slave.c
index 5bab6bc36..97f20fe3b 100644
--- a/src/appl/libpty/open_slave.c
+++ b/src/appl/libpty/open_slave.c
@@ -4,7 +4,7 @@
  * Copyright 1995, 1996, 2001 by the Massachusetts Institute of
  * Technology.
  *
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -18,7 +18,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
diff --git a/src/appl/libpty/pty-int.h b/src/appl/libpty/pty-int.h
index b94a65c0e..3e7274fa0 100644
--- a/src/appl/libpty/pty-int.h
+++ b/src/appl/libpty/pty-int.h
@@ -49,14 +49,14 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <pwd.h>
-     
+
 #ifdef HAVE_SYS_LABEL_H
 /* only SunOS 4? */
 #include <sys/label.h>
 #include <sys/audit.h>
 #include <pwdadj.h>
 #endif
-     
+
 #include <signal.h>
 
 #ifdef hpux
@@ -80,7 +80,7 @@
 #else
 #include <sgtty.h>
 #endif
-     
+
 #include "port-sockets.h"
 #include <string.h>
 #include <sys/param.h>
diff --git a/src/appl/libpty/pty_paranoia.c b/src/appl/libpty/pty_paranoia.c
index 466a65888..18ef6e3c9 100644
--- a/src/appl/libpty/pty_paranoia.c
+++ b/src/appl/libpty/pty_paranoia.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 2001 by the Massachusetts Institute of Technology.
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
diff --git a/src/appl/libpty/sane_hostname.c b/src/appl/libpty/sane_hostname.c
index 8ef6de875..46ac842ee 100644
--- a/src/appl/libpty/sane_hostname.c
+++ b/src/appl/libpty/sane_hostname.c
@@ -1,7 +1,7 @@
 /*
  * pty_make_sane_hostname: Make a sane hostname from an IP address.
  * This returns allocated memory!
- * 
+ *
  * Copyright 1999, 2000, 2001 by the Massachusetts Institute of
  * Technology.
  *
@@ -18,7 +18,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 #include "com_err.h"
 #include "pty-int.h"
diff --git a/src/appl/libpty/update_utmp.c b/src/appl/libpty/update_utmp.c
index 292a1675b..bec57fa31 100644
--- a/src/appl/libpty/update_utmp.c
+++ b/src/appl/libpty/update_utmp.c
@@ -1,8 +1,8 @@
 /*
  * pty_update_utmp: Update or create a utmp entry
- * 
+ *
  * Copyright 1995, 2001 by the Massachusetts Institute of Technology.
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -257,7 +257,7 @@
  * In addition to other HP-UX issues, 11.23 includes yet another utmp
  * management interface in utmps.h.  This interface updates a umtpd
  * daemon which then manages local files.  Directly accessing the files
- * through the existing, yet deprecated, utmp.h interface results in 
+ * through the existing, yet deprecated, utmp.h interface results in
  * nothing.
  *
  * Irix 6.x:
@@ -333,7 +333,7 @@
 /*
  * The following grossness exists to avoid duplicating lots of code
  * between the cases where we have an old-style sysV utmp and where we
- * have a modern (Unix98 or XPG4) utmpx, or the new (hp-ux 11.23) utmps.  
+ * have a modern (Unix98 or XPG4) utmpx, or the new (hp-ux 11.23) utmps.
  * See the above history rant for further explanation.
  */
 #if defined(HAVE_SETUTXENT) || defined(HAVE_SETUTENT) || defined(HAVE_SETUTSENT)
diff --git a/src/appl/libpty/update_wtmp.c b/src/appl/libpty/update_wtmp.c
index 988bae61a..12a2720bb 100644
--- a/src/appl/libpty/update_wtmp.c
+++ b/src/appl/libpty/update_wtmp.c
@@ -2,7 +2,7 @@
  * ptyint_update_wtmp: Update wtmp.
  *
  * Copyright 1995, 2001 by the Massachusetts Institute of Technology.
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -16,7 +16,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
diff --git a/src/appl/libpty/vhangup.c b/src/appl/libpty/vhangup.c
index 292437142..a54250028 100644
--- a/src/appl/libpty/vhangup.c
+++ b/src/appl/libpty/vhangup.c
@@ -3,7 +3,7 @@
  *
  * Copyright 1995 by the Massachusetts Institute of Technology.
  *
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -17,7 +17,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
@@ -32,7 +32,7 @@ void ptyint_vhangup(void)
     /* Initialize "sa" structure. */
     (void) sigemptyset(&sa.sa_mask);
     sa.sa_flags = 0;
-    
+
 #endif
 
 #ifdef POSIX_SIGNALS
diff --git a/src/appl/libpty/void_assoc.c b/src/appl/libpty/void_assoc.c
index a39c9c723..91825893e 100644
--- a/src/appl/libpty/void_assoc.c
+++ b/src/appl/libpty/void_assoc.c
@@ -3,7 +3,7 @@
  *
  * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
  *
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
  * granted, provided that the above copyright notice appear in all
@@ -17,7 +17,7 @@
  * M.I.T. makes no representations about the suitability
  * of this software for any purpose.  It is provided "as is" without
  * express or implied warranty.
- * 
+ *
  */
 
 #include "com_err.h"
diff --git a/src/appl/sample/sample.h b/src/appl/sample/sample.h
index 6c81d9351..e61a2f3e0 100644
--- a/src/appl/sample/sample.h
+++ b/src/appl/sample/sample.h
@@ -7,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +21,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Common definitions for the sample client/server.
  */
diff --git a/src/appl/sample/sclient/sclient.c b/src/appl/sample/sclient/sclient.c
index bd9c4e889..2f9b47933 100644
--- a/src/appl/sample/sclient/sclient.c
+++ b/src/appl/sample/sclient/sclient.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Sample Kerberos v5 client.
  *
@@ -70,12 +70,12 @@ net_read(fd, buf, len)
 	if (cc < 0) {
 	    if (SOCKET_ERRNO == SOCKET_EINTR)
 		continue;
-		
+
 		/* XXX this interface sucks! */
-        errno = SOCKET_ERRNO;    
-               
+        errno = SOCKET_ERRNO;
+
 	    return(cc);		 /* errno is already set */
-	}		
+	}
 	else if (cc == 0) {
 	    return(len2);
 	} else {
@@ -209,7 +209,7 @@ main(int argc, char *argv[])
 			   ccdef, &err_ret, &rep_ret, NULL);
 
     krb5_free_principal(context, server);	/* finished using it */
-    krb5_free_principal(context, client);      
+    krb5_free_principal(context, client);
     krb5_cc_close(context, ccdef);
     if (auth_context) krb5_auth_con_free(context, auth_context);
 
diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c
index 39710fb2b..0ad9c07a4 100644
--- a/src/appl/sample/sserver/sserver.c
+++ b/src/appl/sample/sserver/sserver.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Sample Kerberos v5 server.
  *
@@ -69,7 +69,7 @@ usage(name)
 {
 	fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n",
 		name);
-}	
+}
 
 int
 main(argc, argv)
@@ -110,7 +110,7 @@ main(argc, argv)
 
     /*
      * Parse command line arguments
-     *  
+     *
      */
     opterr = 0;
     while ((ch = getopt(argc, argv, "p:S:s:")) != -1)
@@ -144,17 +144,17 @@ main(argc, argv)
 	    port = atoi(argv[1]);
     }
 
-    retval = krb5_sname_to_principal(context, NULL, service, 
+    retval = krb5_sname_to_principal(context, NULL, service,
 				     KRB5_NT_SRV_HST, &server);
     if (retval) {
 	syslog(LOG_ERR, "while generating service name (%s): %s",
 	       service, error_message(retval));
 	exit(1);
     }
-    
+
     /*
      * If user specified a port, then listen on that port; otherwise,
-     * assume we've been started out of inetd. 
+     * assume we've been started out of inetd.
      */
 
     if (port) {
@@ -200,7 +200,7 @@ main(argc, argv)
     }
 
     retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&sock,
-			   SAMPLE_VERSION, server, 
+			   SAMPLE_VERSION, server,
 			   0,	/* no flags */
 			   keytab,	/* default keytab is NULL */
 			   &ticket);
diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c
index 3cb71df52..4f5e40309 100644
--- a/src/appl/simple/client/sim_client.c
+++ b/src/appl/simple/client/sim_client.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Simple UDP-based sample client program.  For demonstration.
  * This program performs no useful function.
@@ -61,7 +61,7 @@ usage(name)
     char *name;
 {
 	fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name);
-}	
+}
 
 int
 main(argc, argv)
@@ -83,7 +83,7 @@ main(argc, argv)
     extern int opterr, optind;
     extern char * optarg;
     int	ch;
-    
+
     short port = 0;
     char *message = MSG;
     char *hostname = 0;
@@ -110,7 +110,7 @@ main(argc, argv)
 
     /*
      * Parse command line arguments
-     *  
+     *
      */
     opterr = 0;
     while ((ch = getopt(argc, argv, "p:m:h:s:")) != -1)
@@ -200,14 +200,14 @@ main(argc, argv)
     }
     memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr));
 #endif
-    
+
 
     /* Bind it to set the address; kernel will fill in port # */
     if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
 	com_err(progname, errno, "while binding datagram socket");
 	exit(1);
     }
-	
+
     /* PREPARE KRB_AP_REQ MESSAGE */
 
     inbuf.data = hostname;
@@ -234,8 +234,8 @@ main(argc, argv)
 	exit(1);
     }
     /* Send authentication info to server */
-    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, 
-		  flags)) < 0) 
+    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
+		  flags)) < 0)
 	com_err(progname, errno, "while sending KRB_AP_REQ message");
     printf("Sent authentication data: %d bytes\n", i);
     krb5_free_data_contents(context, &packet);
@@ -275,7 +275,7 @@ main(argc, argv)
 	com_err(progname, retval, "while generating port address");
 	exit(1);
     }
-    
+
     if ((retval = krb5_gen_replay_name(context,portlocal_addr,
 				       "_sim_clt",&cp))) {
 	com_err(progname, retval, "while generating replay cache name");
@@ -303,7 +303,7 @@ main(argc, argv)
     }
 
     /* Send it */
-    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, 
+    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
 		  flags)) < 0)
 	com_err(progname, errno, "while sending SAFE message");
     printf("Sent checksummed message: %d bytes\n", i);
@@ -319,7 +319,7 @@ main(argc, argv)
     }
 
     /* Send it */
-    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length, 
+    if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
 		  flags)) < 0)
 	com_err(progname, errno, "while sending PRIV message");
     printf("Sent encrypted message: %d bytes\n", i);
@@ -333,6 +333,6 @@ main(argc, argv)
     krb5_auth_con_setrcache(context, auth_context, NULL);
     krb5_auth_con_free(context, auth_context);
     krb5_free_context(context);
-    
+
     exit(0);
 }
diff --git a/src/appl/simple/server/sim_server.c b/src/appl/simple/server/sim_server.c
index bfe2f756b..c82c6f374 100644
--- a/src/appl/simple/server/sim_server.c
+++ b/src/appl/simple/server/sim_server.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Usage:
  * sample_server servername
@@ -57,7 +57,7 @@ usage(name)
     char *name;
 {
 	fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name);
-}	
+}
 
 int
 main(argc, argv)
@@ -99,7 +99,7 @@ char *argv[];
 
     /*
      * Parse command line arguments
-     *  
+     *
      */
     opterr = 0;
     while ((ch = getopt(argc, argv, "p:s:S:")) != -1)
@@ -125,7 +125,7 @@ char *argv[];
 	break;
     }
 
-    if ((retval = krb5_sname_to_principal(context, NULL, service, 
+    if ((retval = krb5_sname_to_principal(context, NULL, service,
 					  KRB5_NT_SRV_HST, &sprinc))) {
 	com_err(PROGNAME, retval, "while generating service name %s", service);
 	exit(1);
@@ -145,7 +145,7 @@ char *argv[];
     } else {
 	s_sock.sin_port = htons(port);
     }
-    
+
     if (gethostname(full_hname, sizeof(full_hname)) < 0) {
 	perror("gethostname");
 	exit(1);
@@ -192,7 +192,7 @@ char *argv[];
     packet.data = (krb5_pointer) pktbuf;
 
     /* Check authentication info */
-    if ((retval = krb5_rd_req(context, &auth_context, &packet, 
+    if ((retval = krb5_rd_req(context, &auth_context, &packet,
 			      sprinc, keytab, NULL, &ticket))) {
 	com_err(PROGNAME, retval, "while reading request");
 	exit(1);
@@ -263,13 +263,13 @@ char *argv[];
 
     packet.length = i;
     packet.data = (krb5_pointer) pktbuf;
-    
+
     if ((retval = krb5_rd_priv(context, auth_context, &packet,
 			       &message, NULL))) {
 	com_err(PROGNAME, retval, "while verifying PRIV message");
 	exit(1);
     }
-    printf("Decrypted message is: '%.*s'\n", (int) message.length, 
+    printf("Decrypted message is: '%.*s'\n", (int) message.length,
 	   message.data);
 
     krb5_auth_con_free(context, auth_context);
diff --git a/src/appl/simple/simple.h b/src/appl/simple/simple.h
index f230592e6..bbee79425 100644
--- a/src/appl/simple/simple.h
+++ b/src/appl/simple/simple.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Common definitions for the simple UDP-based Kerberos-mediated
  * server & client applications.
diff --git a/src/appl/telnet/libtelnet/auth-proto.h b/src/appl/telnet/libtelnet/auth-proto.h
index faf806fad..c0d666d11 100644
--- a/src/appl/telnet/libtelnet/auth-proto.h
+++ b/src/appl/telnet/libtelnet/auth-proto.h
@@ -40,7 +40,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/appl/telnet/libtelnet/auth.c b/src/appl/telnet/libtelnet/auth.c
index aed688799..a8801960f 100644
--- a/src/appl/telnet/libtelnet/auth.c
+++ b/src/appl/telnet/libtelnet/auth.c
@@ -36,7 +36,7 @@
 /*
  * Copyright (C) 1990 by the Massachusetts Institute of Technology
  *
- * Export of this software from the United States of America may 
+ * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
@@ -126,7 +126,7 @@ Authenticator authenticators[] = {
 				kerberos5_reply,
 				kerberos5_status,
 				kerberos5_printsub },
-#endif	
+#endif
 	{ AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
 				kerberos5_init,
 				kerberos5_send,
@@ -399,7 +399,7 @@ void auth_send_retry()
 	static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
 					    TELQUAL_IS, AUTHTYPE_NULL, 0,
 					    IAC, SE };
-	
+
 	if (Server) {
 		if (auth_debug_mode) {
 			printf(">>>%s: auth_send_retry called!\r\n", Name);
@@ -445,7 +445,7 @@ void auth_send_retry()
 	 *  We requested strong authentication, however no mechanisms worked.
 	 *  Therefore, exit on client end.
 	 */
-	printf("Unable to securely authenticate user ... exit\n"); 
+	printf("Unable to securely authenticate user ... exit\n");
 	exit(0);
 #endif /* KANNAN */
 }
diff --git a/src/appl/telnet/libtelnet/enc_des.c b/src/appl/telnet/libtelnet/enc_des.c
index 6dd48b696..9c20eb0d9 100644
--- a/src/appl/telnet/libtelnet/enc_des.c
+++ b/src/appl/telnet/libtelnet/enc_des.c
@@ -33,14 +33,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -51,7 +51,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -149,7 +149,7 @@ int fb64_reply (unsigned char *, int, struct fb *);
 static void fb64_session (Session_Key *, int, struct fb *);
 void fb64_stream_key (Block, struct stinfo *);
 int fb64_keyid (int, unsigned char *, int *, struct fb *);
-void fb64_printsub (unsigned char *, int, unsigned char *, int, 
+void fb64_printsub (unsigned char *, int, unsigned char *, int,
 		     unsigned char *);
 
 static void ecb_encrypt(stp, in, out)
@@ -160,7 +160,7 @@ static void ecb_encrypt(stp, in, out)
 	krb5_error_code code;
 	krb5_data din;
 	krb5_enc_data dout;
-	
+
 	din.length = 8;
 	din.data = in;
 
@@ -634,7 +634,7 @@ fb64_stream_key(key, stp)
  *  INPUT --(--------->(+)+---> DATA
  *          |             |
  *	    +-------------+
- *         
+ *
  *
  * Given:
  *	iV: Initial vector, 64 bits (8 bytes) long.
@@ -695,7 +695,7 @@ cfb64_decrypt(data)
 		ecb_encrypt(stp, stp->str_output, b);
 		memcpy(stp->str_feed, b, sizeof(Block));
 		stp->str_index = 1;	/* Next time will be 1 */
-		idx = 0;		/* But now use 0 */ 
+		idx = 0;		/* But now use 0 */
 	}
 
 	/* On decryption we store (data) which is cypher. */
@@ -768,7 +768,7 @@ ofb64_decrypt(data)
 		ecb_encrypt(stp, stp->str_feed, b);
 		memcpy(stp->str_feed, b, sizeof(Block));
 		stp->str_index = 1;	/* Next time will be 1 */
-		idx = 0;		/* But now use 0 */ 
+		idx = 0;		/* But now use 0 */
 	}
 
 	return(data ^ stp->str_feed[idx]);
diff --git a/src/appl/telnet/libtelnet/encrypt.c b/src/appl/telnet/libtelnet/encrypt.c
index 6317eceb3..19e855d3c 100644
--- a/src/appl/telnet/libtelnet/encrypt.c
+++ b/src/appl/telnet/libtelnet/encrypt.c
@@ -108,7 +108,7 @@ static long remote_supports_decrypt = 0;
 static Encryptions encryptions[] = {
 #ifdef	DES_ENCRYPTION
     { "DES_CFB64",	ENCTYPE_DES_CFB64,
-			cfb64_encrypt,	
+			cfb64_encrypt,
 			cfb64_decrypt,
 			cfb64_init,
 			cfb64_start,
@@ -118,7 +118,7 @@ static Encryptions encryptions[] = {
 			cfb64_keyid,
 			cfb64_printsub },
     { "DES_OFB64",	ENCTYPE_DES_OFB64,
-			ofb64_encrypt,	
+			ofb64_encrypt,
 			ofb64_decrypt,
 			ofb64_init,
 			ofb64_start,
@@ -563,7 +563,7 @@ encrypt_is(data, cnt)
 	} else {
 		ret = (*ep->is)(data, cnt);
 		if (encrypt_debug_mode)
-			printf("(*ep->is)(%lx, %d) returned %s(%d)\n", 
+			printf("(*ep->is)(%lx, %d) returned %s(%d)\n",
 			        (unsigned long) data, cnt,
 				(ret < 0) ? "FAIL " :
 				(ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
@@ -713,7 +713,7 @@ encrypt_request_end()
  * Called when ENCRYPT REQUEST-START is received.  If we receive
  * this before a type is picked, then that indicates that the
  * other side wants us to start encrypting data as soon as we
- * can. 
+ * can.
  */
 	void
 encrypt_request_start(data, cnt)
@@ -731,7 +731,7 @@ encrypt_request_start(data, cnt)
 static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
 
 static void encrypt_keyid (struct key_info *kp, unsigned char *, unsigned int);
-		
+
 void encrypt_enc_keyid(keyid, len)
 	unsigned char *keyid;
 	int len;
@@ -769,7 +769,7 @@ static void encrypt_keyid(kp, keyid, len)
 		if (ep->keyid)
 			(void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
 
-	} else if ((len != kp->keylen) || 
+	} else if ((len != kp->keylen) ||
 		   (memcmp(keyid, kp->keyid, len) != 0)) {
 		/*
 		 * Length or contents are different
@@ -858,7 +858,7 @@ encrypt_start_output(type)
 		i = (*ep->start)(DIR_ENCRYPT, Server);
 		if (encrypt_debug_mode) {
 			printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
-				Name, 
+				Name,
 				(i < 0) ? "failed" :
 					"initial negotiation in progress",
 				i, ENCTYPE_NAME(type));
diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c
index 98dcb7897..98afb395d 100644
--- a/src/appl/telnet/libtelnet/forward.c
+++ b/src/appl/telnet/libtelnet/forward.c
@@ -21,7 +21,7 @@
 
 
 /* General-purpose forwarding routines. These routines may be put into */
-/* libkrb5.a to allow widespread use */ 
+/* libkrb5.a to allow widespread use */
 
 #if defined(KERBEROS) || defined(KRB5)
 #include <stdio.h>
@@ -29,12 +29,12 @@
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
- 
+
 #include "krb5.h"
 #include <errno.h>
 
 #include "krb5forw.h"
- 
+
 #if defined(NEED_SETENV) || defined(NEED_SETENV_PROTO)
 extern int setenv(char *, char *, int);
 #endif
@@ -63,11 +63,11 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket)
     if ((retval = krb5_cc_resolve(context, ccname, &ccache)))
 	goto cleanup;
 
-    if ((retval = krb5_cc_initialize(context, ccache, 
+    if ((retval = krb5_cc_initialize(context, ccache,
 				     ticket->enc_part2->client)))
 	goto cleanup;
 
-    if ((retval = krb5_cc_store_cred(context, ccache, *creds))) 
+    if ((retval = krb5_cc_store_cred(context, ccache, *creds)))
 	goto cleanup;
 
 cleanup:
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index 77a1b5a6d..bc3cecf87 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -83,7 +83,7 @@ extern char *malloc();
 #else
 #include <strings.h>
 #endif
- 
+
 #include "encrypt.h"
 #include "auth.h"
 #include "misc.h"
@@ -182,7 +182,7 @@ kerberos5_init(ap, server)
 	int server;
 {
 	krb5_error_code retval;
-	
+
 	if (server)
 		str_data[3] = TELQUAL_REPLY;
 	else
@@ -201,7 +201,7 @@ kerberos5_cleanup()
     krb5_error_code retval;
     krb5_ccache ccache;
     char *ccname;
-    
+
     if (telnet_context == 0)
 	return;
 
@@ -306,7 +306,7 @@ kerberos5_send(ap)
 #ifdef ENCRYPTION
 	ap_opts |= AP_OPTS_USE_SUBKEY;
 #endif	/* ENCRYPTION */
-	    
+
 	if (auth_context) {
 	    krb5_auth_con_free(telnet_context, auth_context);
 	    auth_context = 0;
@@ -318,10 +318,10 @@ kerberos5_send(ap)
 	    }
 	    return(0);
 	}
-	
+
 	krb5_auth_con_setflags(telnet_context, auth_context,
 			       KRB5_AUTH_CONTEXT_RET_TIME);
-	
+
 	type_check[0] = ap->type;
 	type_check[1] = ap->way;
 	check_data.magic = KV5M_DATA;
@@ -366,7 +366,7 @@ kerberos5_send(ap)
 		return(0);
 	}
 
-        if (!auth_sendname((unsigned char *) UserNameRequested, 
+        if (!auth_sendname((unsigned char *) UserNameRequested,
 			   (int) strlen(UserNameRequested))) {
                 if (auth_debug_mode)
                         printf("telnet: Not enough room for user name\r\n");
@@ -415,7 +415,7 @@ kerberos5_is(ap, data, cnt)
 		    r = krb5_auth_con_init(telnet_context, &auth_context);
 		if (!r) {
 		    krb5_rcache rcache;
-		    
+
 		    r = krb5_auth_con_getrcache(telnet_context, auth_context,
 						&rcache);
 		    if (!r && !rcache) {
@@ -434,7 +434,7 @@ kerberos5_is(ap, data, cnt)
 						    auth_context, rcache);
 		}
 		if (!r && telnet_srvtab)
-		    r = krb5_kt_resolve(telnet_context, 
+		    r = krb5_kt_resolve(telnet_context,
 					telnet_srvtab, &keytabid);
 		if (!r)
 		    r = krb5_rd_req(telnet_context, &auth_context, &auth,
@@ -458,10 +458,10 @@ kerberos5_is(ap, data, cnt)
 		}
 		if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
 		    char princ[256];
-		    strncpy(princ,	
+		    strncpy(princ,
 			    krb5_princ_component(telnet_context, ticket->server,0)->data,
 			    krb5_princ_component(telnet_context, ticket->server,0)->length);
-		    princ[krb5_princ_component(telnet_context, 
+		    princ[krb5_princ_component(telnet_context,
 					       ticket->server,0)->length] = '\0';
 		    if (strcmp("host", princ)) {
                         if(strlen(princ) < sizeof(errbuf) - 39) {
@@ -543,8 +543,8 @@ kerberos5_is(ap, data, cnt)
 		    }
 
 		    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
-		} 
-		if (krb5_unparse_name(telnet_context, 
+		}
+		if (krb5_unparse_name(telnet_context,
 				      ticket->enc_part2 ->client,
 				      &name))
 			name = 0;
@@ -555,7 +555,7 @@ kerberos5_is(ap, data, cnt)
 							name ? name : "");
 		}
                 auth_finished(ap, AUTH_USER);
-		
+
 		if (name)
 		    free(name);
 		krb5_auth_con_getrecvsubkey(telnet_context, auth_context,
@@ -572,7 +572,7 @@ kerberos5_is(ap, data, cnt)
 				       ticket->enc_part2->session,
 				       &session_key);
 		}
-		
+
 #ifdef ENCRYPTION
 		skey.type = SK_DES;
 		skey.length = 8;
@@ -584,8 +584,8 @@ kerberos5_is(ap, data, cnt)
 	case KRB_FORWARD:
 		inbuf.length = cnt;
 		inbuf.data = (char *)data;
-		if ((r = krb5_auth_con_genaddrs(telnet_context, auth_context, 
-			net, KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)) || 
+		if ((r = krb5_auth_con_genaddrs(telnet_context, auth_context,
+			net, KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)) ||
 		    (r = rd_and_store_for_creds(telnet_context, auth_context,
 			   &inbuf, ticket))) {
 
@@ -599,7 +599,7 @@ kerberos5_is(ap, data, cnt)
 		      printf(
 			"telnetd: Could not read forwarded credentials\r\n");
 		}
-		else 
+		else
 		  Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
 		  if (auth_debug_mode)
 		    printf("telnetd: Forwarded credentials obtained\r\n");
@@ -613,7 +613,7 @@ kerberos5_is(ap, data, cnt)
 		break;
 	}
 	return;
-	
+
     errout:
 	{
 	    char eerrbuf[329];
@@ -745,7 +745,7 @@ kerberos5_status(ap, name, level)
 	}
 
 	if (UserNameRequested &&
-	    krb5_kuserok(telnet_context, ticket->enc_part2->client, 
+	    krb5_kuserok(telnet_context, ticket->enc_part2->client,
 			 UserNameRequested))
 	{
 		return(AUTH_VALID);
@@ -839,14 +839,14 @@ kerberos5_forward(ap)
     forw_creds.data = 0;
 
     if ((r = krb5_cc_default(telnet_context, &ccache))) {
-	if (auth_debug_mode) 
+	if (auth_debug_mode)
 	    printf("Kerberos V5: could not get default ccache - %s\r\n",
 		   error_message(r));
 	return;
     }
 
     if ((r = krb5_cc_get_principal(telnet_context, ccache, &client))) {
-	if (auth_debug_mode) 
+	if (auth_debug_mode)
 	    printf("Kerberos V5: could not get default principal - %s\r\n",
 		   error_message(r));
 	goto cleanup;
@@ -854,7 +854,7 @@ kerberos5_forward(ap)
 
     if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName, "host",
 				     KRB5_NT_SRV_HST, &server))) {
-	if (auth_debug_mode) 
+	if (auth_debug_mode)
 	    printf("Kerberos V5: could not make server principal - %s\r\n",
 		   error_message(r));
 	goto cleanup;
@@ -872,12 +872,12 @@ kerberos5_forward(ap)
 				server, ccache,
 				forward_flags & OPTS_FORWARDABLE_CREDS,
 				&forw_creds))) {
-	if (auth_debug_mode) 
+	if (auth_debug_mode)
 	    printf("Kerberos V5: error getting forwarded creds - %s\r\n",
 	  	   error_message(r));
 	goto cleanup;
     }
-    
+
     /* Send forwarded credentials */
     if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) {
 	if (auth_debug_mode)
@@ -886,7 +886,7 @@ kerberos5_forward(ap)
 	if (auth_debug_mode)
 	    printf("Forwarded local Kerberos V5 credentials to server\r\n");
     }
-    
+
 cleanup:
     if (client)
 	krb5_free_principal(telnet_context, client);
diff --git a/src/appl/telnet/libtelnet/krb5forw.h b/src/appl/telnet/libtelnet/krb5forw.h
index 1fb757ddf..4984d35b8 100644
--- a/src/appl/telnet/libtelnet/krb5forw.h
+++ b/src/appl/telnet/libtelnet/krb5forw.h
@@ -1,4 +1,3 @@
-extern krb5_error_code 
-rd_and_store_for_creds(krb5_context, krb5_auth_context, krb5_data *, 
+extern krb5_error_code
+rd_and_store_for_creds(krb5_context, krb5_auth_context, krb5_data *,
 		       krb5_ticket *);
-
diff --git a/src/appl/telnet/libtelnet/mem.c b/src/appl/telnet/libtelnet/mem.c
index 5a2ced8d5..4a1239dac 100644
--- a/src/appl/telnet/libtelnet/mem.c
+++ b/src/appl/telnet/libtelnet/mem.c
@@ -141,7 +141,7 @@ memset(dst0, c0, length)
 	 *
 	 * but we use a minimum of 3 here since the overhead of the code
 	 * to do word writes is substantial.
-	 */ 
+	 */
 	if (length < 3 * wsize) {
 		while (length != 0) {
 			*dst++ = VAL;
diff --git a/src/appl/telnet/libtelnet/parsetos.c b/src/appl/telnet/libtelnet/parsetos.c
index 303d7c3e5..92a3afc9f 100644
--- a/src/appl/telnet/libtelnet/parsetos.c
+++ b/src/appl/telnet/libtelnet/parsetos.c
@@ -1,4 +1,3 @@
-
 /*
  * The routine parsetos() for UNICOS 6.0/6.1, as well as more traditional
  * Unix systems.  This is part of UNICOS 7.0 and later.
diff --git a/src/appl/telnet/libtelnet/setenv.c b/src/appl/telnet/libtelnet/setenv.c
index 941b816ca..a917af1cf 100644
--- a/src/appl/telnet/libtelnet/setenv.c
+++ b/src/appl/telnet/libtelnet/setenv.c
@@ -44,7 +44,7 @@
 
 #include "misc-proto.h"
 
-static char *__findenv (const char *, int *); 
+static char *__findenv (const char *, int *);
 
 /*
  * setenv --
diff --git a/src/appl/telnet/telnet/authenc.c b/src/appl/telnet/telnet/authenc.c
index aa4459f27..ee312df3a 100644
--- a/src/appl/telnet/telnet/authenc.c
+++ b/src/appl/telnet/telnet/authenc.c
@@ -78,7 +78,7 @@ telnet_spin()
     scheduler_lockout_tty = 1;
     Scheduler(0);
     scheduler_lockout_tty = 0;
-    
+
     return 0;
 }
 
diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c
index a029e6381..6af6c5b4a 100644
--- a/src/appl/telnet/telnet/commands.c
+++ b/src/appl/telnet/telnet/commands.c
@@ -282,7 +282,7 @@ control(c)
  *	the "send" command.
  *
  */
- 
+
 struct sendlist {
     char	*name;		/* How user refers to it (case independent) */
     char	*help;		/* Help information (0 ==> no help) */
@@ -1931,7 +1931,7 @@ env_is_exported(var)
 		return ep->export;
 	return 0;
 }
-	    
+
 #if defined(OLD_ENVIRON) && defined(ENV_HACK)
 	void
 env_varval(what)
@@ -2398,7 +2398,7 @@ status(argc, argv)
  * Function that gets called when SIGINFO is received.
  */
 #if	defined(CRAY) || (defined(USE_TERMIO) && !defined(SYSV_TERMIO))
-void 
+void
 ayt_status()
 {
     (void) call(status, "status", "notmuch", 0);
@@ -3047,10 +3047,10 @@ cmdrc(m1, m2)
  *	*cpp:	If *cpp was equal to NULL, it will be filled
  *		in with a pointer to our static area that has
  *		the option filled in.  This will be 32bit aligned.
- * 
+ *
  *	*lenp:	This will be filled in with how long the option
  *		pointed to by *cpp is.
- *	
+ *
  */
 static	unsigned long
 sourceroute(arg, cpp, lenp)
diff --git a/src/appl/telnet/telnet/externs.h b/src/appl/telnet/telnet/externs.h
index 3d098adff..192663ab2 100644
--- a/src/appl/telnet/telnet/externs.h
+++ b/src/appl/telnet/telnet/externs.h
@@ -296,7 +296,7 @@ extern void
     lm_mode (unsigned char *, int, int);
 
 extern void
-    ExitString (char *, int), 
+    ExitString (char *, int),
     Exit (int),
     SetForExit (void),
     EmptyTerminal (void),
@@ -313,7 +313,7 @@ extern void
     slc_end_reply (void);
 
 extern int
-    quit (int, char *[]), 
+    quit (int, char *[]),
     ttyflush (int),
     rlogin_susp (void),
     tn (int, char **),
@@ -325,7 +325,7 @@ extern int
     slc_update (void),
     Scheduler (int),
     SetSockOpt (int, int, int, int),
-    stilloob (void), 
+    stilloob (void),
     telrcv (void),
     telnet_spin (void),
     TerminalWrite (unsigned char *, int),
diff --git a/src/appl/telnet/telnet/main.c b/src/appl/telnet/telnet/main.c
index c1dc2049a..e0bdb1856 100644
--- a/src/appl/telnet/telnet/main.c
+++ b/src/appl/telnet/telnet/main.c
@@ -71,7 +71,7 @@ tninit()
     init_terminal();
 
     init_network();
-    
+
     init_telnet();
 
     init_sys();
@@ -206,7 +206,7 @@ main(argc, argv)
 		case 'f':
 #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
 			if (forward_flags & OPTS_FORWARD_CREDS) {
-			    fprintf(stderr, 
+			    fprintf(stderr,
 				    "%s: Only one of -f and -F allowed.\n",
 				    prompt);
 			    usage();
@@ -214,14 +214,14 @@ main(argc, argv)
 			forward_flags |= OPTS_FORWARD_CREDS;
 #else
 			fprintf(stderr,
-			 "%s: Warning: -f ignored, no Kerberos V5 support.\n", 
+			 "%s: Warning: -f ignored, no Kerberos V5 support.\n",
 				prompt);
 #endif
 			break;
 		case 'F':
 #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
 			if (forward_flags & OPTS_FORWARD_CREDS) {
-			    fprintf(stderr, 
+			    fprintf(stderr,
 				    "%s: Only one of -f and -F allowed.\n",
 				    prompt);
 			    usage();
@@ -230,7 +230,7 @@ main(argc, argv)
 			forward_flags |= OPTS_FORWARDABLE_CREDS;
 #else
 			fprintf(stderr,
-			 "%s: Warning: -F ignored, no Kerberos V5 support.\n", 
+			 "%s: Warning: -F ignored, no Kerberos V5 support.\n",
 				prompt);
 #endif
 			break;
diff --git a/src/appl/telnet/telnet/sys_bsd.c b/src/appl/telnet/telnet/sys_bsd.c
index 89f9d4b5a..07def19fd 100644
--- a/src/appl/telnet/telnet/sys_bsd.c
+++ b/src/appl/telnet/telnet/sys_bsd.c
@@ -987,7 +987,7 @@ process_rings(netin, netout, netex, ttyin, ttyout, poll)
 
     if (netout) {
 	FD_SET(net, &obits);
-    } 
+    }
     if (ttyout) {
 	FD_SET(tout, &obits);
     }
diff --git a/src/appl/telnet/telnet/telnet.c b/src/appl/telnet/telnet/telnet.c
index be00687e7..0d05b8f64 100644
--- a/src/appl/telnet/telnet/telnet.c
+++ b/src/appl/telnet/telnet/telnet.c
@@ -75,7 +75,7 @@
 #include <libtelnet/encrypt.h>
 #endif
 
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION) 
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
 #include <libtelnet/misc-proto.h>
 #endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
 
@@ -207,7 +207,7 @@ init_telnet()
     ClearArray(options);
 
     connected = In3270 = ISend = localflow = donebinarytoggle = 0;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION) 
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
     auth_encrypt_connect(connected);
 #endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
     restartany = -1;
@@ -697,8 +697,8 @@ mklist(buf, name)
 			 */
 			if (n || (cp - cp2 > 41))
 				;
-			else if (name && (strncasecmp(name, cp2, 
-						      (unsigned) (cp-cp2)) 
+			else if (name && (strncasecmp(name, cp2,
+						      (unsigned) (cp-cp2))
 					  == 0))
 				*argv = cp2;
 			else if (is_unique(cp2, argv+1, argvp))
@@ -724,7 +724,7 @@ mklist(buf, name)
 		else if (islower((unsigned char) c))
 			*cp = toupper((unsigned char) c);
 	}
-	
+
 	/*
 	 * Check for an old V6 2 character name.  If the second
 	 * name points to the beginning of the buffer, and is
@@ -1874,7 +1874,7 @@ telrcv()
 	case TS_IAC:
 process_iac:
 	    switch (c) {
-	    
+
 	    case WILL:
 		telrcv_state = TS_WILL;
 		continue;
@@ -2292,10 +2292,10 @@ telnet(user)
     char *user;
 {
     int printed_encrypt = 0;
-    
+
     sys_telnet_init();
 
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION) 
+#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
     {
 	static char local_host[256] = { 0 };
 
@@ -2339,7 +2339,7 @@ telnet(user)
     /*
      * Note: we assume a tie to the authentication option here.  This
      * is necessary so that authentication fails, we don't spin
-     * forever. 
+     * forever.
      */
     if (wantencryption) {
 	extern int auth_has_failed;
@@ -2373,7 +2373,7 @@ telnet(user)
 		    printed_encrypt = 1;
 		    printf("Waiting for encryption to be negotiated...\n");
 		    /*
-		     * Turn on MODE_TRAPSIG and then turn off localchars 
+		     * Turn on MODE_TRAPSIG and then turn off localchars
 		     * so that ^C will cause telnet to exit.
 		     */
 		    TerminalNewMode(getconnmode()|MODE_TRAPSIG);
diff --git a/src/appl/telnet/telnet/utilities.c b/src/appl/telnet/telnet/utilities.c
index 4a076e530..dc9f3bc69 100644
--- a/src/appl/telnet/telnet/utilities.c
+++ b/src/appl/telnet/telnet/utilities.c
@@ -606,7 +606,7 @@ printsub(direction, pointer, length)
 		    break;
 		}
 		break;
-		
+
 	    case LM_SLC:
 		fprintf(NetTrace, "SLC");
 		for (i = 2; i < length - 2; i += 3) {
@@ -738,7 +738,7 @@ printsub(direction, pointer, length)
 			    fprintf(NetTrace, "\n");
 
 			break;
-				
+
 		    default:
 			fprintf(NetTrace, " %d", pointer[i]);
 			break;
diff --git a/src/appl/telnet/telnetd/pathnames.h b/src/appl/telnet/telnetd/pathnames.h
index c8b0806e7..4e14a88b4 100644
--- a/src/appl/telnet/telnetd/pathnames.h
+++ b/src/appl/telnet/telnetd/pathnames.h
@@ -42,7 +42,7 @@
 # endif
 
 #else
- 
+
 # define	_PATH_TTY	"/dev/tty"
 # ifndef _PATH_LOGIN
 #  define	_PATH_LOGIN	"/bin/login"
diff --git a/src/appl/telnet/telnetd/slc.c b/src/appl/telnet/telnetd/slc.c
index 8f32f433a..d5e2713a4 100644
--- a/src/appl/telnet/telnetd/slc.c
+++ b/src/appl/telnet/telnetd/slc.c
@@ -107,10 +107,10 @@ get_slc_defaults()
 	init_termbuf();
 
 	for (i = 1; i <= NSLC; i++) {
-		slctab[i].defset.flag = 
+		slctab[i].defset.flag =
 			spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
-		slctab[i].current.flag = SLC_NOSUPPORT; 
-		slctab[i].current.val = 0; 
+		slctab[i].current.flag = SLC_NOSUPPORT;
+		slctab[i].current.val = 0;
 	}
 
 }  /* end of get_slc_defaults */
@@ -285,7 +285,7 @@ change_slc(func, flag, val)
 	register cc_t val;
 {
 	register int hislevel, mylevel;
-	
+
 	hislevel = flag & SLC_LEVELBITS;
 	mylevel = slctab[func].defset.flag & SLC_LEVELBITS;
 	/*
@@ -344,7 +344,7 @@ change_slc(func, flag, val)
 		* request as he asks.
 		*
 		* If our level is DEFAULT, then just ack whatever was
-		* sent. 
+		* sent.
 		*
 		* If he can't change and we can't change,
 		* then degenerate to NOSUPPORT.
@@ -371,7 +371,7 @@ change_slc(func, flag, val)
 					slctab[func].defset.val;
 				val = slctab[func].current.val;
 			}
-			
+
 		}
 		add_slc(func, flag, val);
 	}
@@ -422,7 +422,7 @@ check_slc()
 						slctab[i].current.val);
 		}
 	}
-			
+
 }  /* check_slc */
 
 /*
diff --git a/src/appl/telnet/telnetd/state.c b/src/appl/telnet/telnetd/state.c
index 4693fc912..17d6fb6e8 100644
--- a/src/appl/telnet/telnetd/state.c
+++ b/src/appl/telnet/telnetd/state.c
@@ -403,7 +403,7 @@ gotiac:			switch (c) {
  * All state defaults are negative, and resp defaults to 0.
  *
  * When initiating a request to change state to new_state:
- * 
+ *
  * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
  *	do nothing;
  * } else {
@@ -1121,7 +1121,7 @@ suboption()
 		break;
 
 	sb_auth_complete();
-	
+
 	settimer(tspeedsubopt);
 
 	if (SB_EOF() || SB_GET() != TELQUAL_IS)
diff --git a/src/appl/telnet/telnetd/sys_term.c b/src/appl/telnet/telnetd/sys_term.c
index a0a0ee503..1535ac838 100644
--- a/src/appl/telnet/telnetd/sys_term.c
+++ b/src/appl/telnet/telnetd/sys_term.c
@@ -72,7 +72,7 @@ char 	utmpf[] = _PATH_UTMP;
 #else
 char	utmpf[] = "/etc/utmp";
 #endif
-  
+
 # ifdef CRAY
 #include <tmpdir.h>
 #include <sys/wait.h>
@@ -96,7 +96,7 @@ extern struct sysv sysv;
 
 #ifdef	STREAMSPTY
 #ifdef HAVE_SAC_H
-#include <sac.h> 
+#include <sac.h>
 #endif
 #include <sys/stropts.h>
 #endif
@@ -115,7 +115,7 @@ extern struct sysv sysv;
 #ifdef HAVE_SYS_TTY_H
 #include <sys/tty.h>
 #endif
-	
+
 #ifdef	t_erase
 #undef	t_erase
 #undef	t_kill
@@ -1076,9 +1076,9 @@ startslave(host, autologin, autoname)
 	register int n;
 #endif	/* NEWINIT */
 
-	if ( pipe(syncpipe) < 0 ) 
+	if ( pipe(syncpipe) < 0 )
 		fatal(net, "failed getting synchronization pipe");
-    
+
 #if	defined(AUTHENTICATION)
 	if (!autoname || !autoname[0])
 		autologin = 0;
@@ -1110,9 +1110,9 @@ startslave(host, autologin, autoname)
 		}
 
 		close(syncpipe[0]);
-		
+
 	} else {
-		
+
 		pty_update_utmp (PTY_LOGIN_PROCESS, getpid(), "LOGIN", line,
 				 host, PTY_TTYSLOT_USABLE);
 		getptyslave();
@@ -1121,7 +1121,7 @@ startslave(host, autologin, autoname)
 		write(syncpipe[1],"y",1);
 		close(syncpipe[0]);
 		close(syncpipe[1]);
-		
+
 		start_login(host, autologin, autoname);
 		/*NOTREACHED*/
 	}
@@ -1275,7 +1275,7 @@ start_login(host, autologin, name)
 	if (bftpd) {
 		argv = addarg(argv, "-e");
 		argv = addarg(argv, BFTPPATH);
-	} else 
+	} else
 #endif
 #if	defined (SecurID)
 	/*
@@ -1431,7 +1431,7 @@ start_login(host, autologin, name)
 /*
  * This code returns a pointer to the first element of the array and
  * expects the same to be called with.
- * Therefore the -1 reference is legal. 
+ * Therefore the -1 reference is legal.
  */
 
 static char **
@@ -1483,12 +1483,7 @@ cleanup(sig)
 #ifdef KRB5
 	kerberos5_cleanup();
 #endif
-    
+
 	(void) shutdown(net, 2);
 	exit(1);
 }
-
-
-
-
-
diff --git a/src/appl/telnet/telnetd/telnetd-ktd.c b/src/appl/telnet/telnetd/telnetd-ktd.c
index 5a340bd7f..86a594c6e 100644
--- a/src/appl/telnet/telnetd/telnetd-ktd.c
+++ b/src/appl/telnet/telnetd/telnetd-ktd.c
@@ -390,7 +390,7 @@ main(argc, argv)
 	secflag = sysconf(_SC_CRAY_SECURE_SYS);
 
 	/*
-	 *      Get socket's security label 
+	 *      Get socket's security label
 	 */
 	if (secflag)  {
 		int sz = sizeof(ss);
@@ -704,13 +704,13 @@ doit(who)
 	 */
 	if ( (retval = pty_getpty(&pty, line, sizeof(line)) < 0 ) {
 	    com_err(retval, "telnetd", "");
-	    
+
 	if (pty < 0)
 		fatal(net, "All network ports in use");
 
 #if	defined(_SC_CRAY_SECURE_SYS)
 	/*
-	 *	set ttyp line security label 
+	 *	set ttyp line security label
 	 */
 	if (secflag) {
 		extern char *myline;
@@ -1278,7 +1278,7 @@ telnet(f, p, host)
 	}
 	cleanup(0);
 }  /* end of telnet */
-	
+
 #ifndef	TCSIG
 # ifdef	TIOCSIG
 #  define TCSIG TIOCSIG
@@ -1354,7 +1354,7 @@ int readstream(p, ibuf, bufsize)
 			tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
 			vstop = tp->c_cc[VSTOP];
 			vstart = tp->c_cc[VSTART];
-			ixon = tp->c_iflag & IXON;      
+			ixon = tp->c_iflag & IXON;
 			break;
 		default:
 			errno = EAGAIN;
diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c
index 8ee129ec3..86280f3dc 100644
--- a/src/appl/telnet/telnetd/telnetd.c
+++ b/src/appl/telnet/telnetd/telnetd.c
@@ -199,7 +199,7 @@ get_default_IM()
 {
 	struct utsname name;
 	static char banner[1024];
-	
+
 	if (uname(&name) < 0)
 	    snprintf(banner, sizeof(banner),
 		     "\r\nError getting hostname: %s\r\n",
@@ -399,7 +399,7 @@ main(argc, argv)
 		    {
 			extern krb5_context telnet_context;
 			krb5_error_code retval;
-			
+
 			if (telnet_context == 0) {
 				retval = krb5_init_context(&telnet_context);
 				if (retval) {
@@ -640,7 +640,7 @@ main(argc, argv)
 #endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
 	net = 0;
 	doit((struct sockaddr *)&from);
-	
+
 	/* NOTREACHED */
 	return 0;
 }  /* end of main */
@@ -765,7 +765,7 @@ getterminaltype(name)
     }
     if (must_encrypt || auth_must_encrypt()) {
 	time_t timeout = time(0) + 60;
-	
+
 	if (my_state_is_dont(TELOPT_ENCRYPT) ||
 	    my_state_is_wont(TELOPT_ENCRYPT) ||
 	    his_state_is_wont(TELOPT_AUTHENTICATION))
@@ -956,7 +956,7 @@ static void doit(who)
 	 * Find an available pty to use.
 	 */
 	pty_init();
-	
+
 
 	if ((retval = pty_getpty(&pty, line, 17)) != 0) {
 		fatal(net, error_message(retval));
@@ -964,7 +964,7 @@ static void doit(who)
 
 #if	defined(_SC_CRAY_SECURE_SYS)
 	/*
-	 *	set ttyp line security label 
+	 *	set ttyp line security label
 	 */
 	if (secflag) {
 		char slave_dev[16];
@@ -1549,7 +1549,7 @@ telnet(f, p, host)
 	(void) signal(SIGCHLD, SIG_DFL);
 	cleanup(0);
 }  /* end of telnet */
-	
+
 #ifndef	TCSIG
 # ifdef	TIOCSIG
 #  define TCSIG TIOCSIG
@@ -1608,9 +1608,9 @@ int readstream(p, ibuf, bufsize)
 
 	case M_IOCTL:
 		ip = (struct iocblk *) (ibuf+1);
-		if (readstream_termio(ip->ioc_cmd, ibuf, 
+		if (readstream_termio(ip->ioc_cmd, ibuf,
 				      &vstop, &vstart, &ixon)) {
-		  if (readstream_termios(ip->ioc_cmd, ibuf, 
+		  if (readstream_termios(ip->ioc_cmd, ibuf,
 					 &vstop, &vstart, &ixon)) {
 		    errno = EAGAIN;
 		    return(-1);
diff --git a/src/appl/telnet/telnetd/telnetd.h b/src/appl/telnet/telnetd/telnetd.h
index f21f617e5..48980c5b6 100644
--- a/src/appl/telnet/telnetd/telnetd.h
+++ b/src/appl/telnet/telnetd/telnetd.h
@@ -45,4 +45,3 @@
 
 /* other external variables */
 extern	char **environ;
-
diff --git a/src/appl/telnet/telnetd/termio-tn.c b/src/appl/telnet/telnetd/termio-tn.c
index 7447f1eec..8f27d59d3 100644
--- a/src/appl/telnet/telnetd/termio-tn.c
+++ b/src/appl/telnet/telnetd/termio-tn.c
@@ -25,7 +25,7 @@ int readstream_termio(cmd, ibuf, vstop, vstart, ixon)
     *vstop = tp->c_cc[VSTOP];
     *vstart = tp->c_cc[VSTART];
 #endif
-    *ixon = tp->c_iflag & IXON;      
+    *ixon = tp->c_iflag & IXON;
     return 0;
   }
   return -1;
diff --git a/src/appl/telnet/telnetd/termstat.c b/src/appl/telnet/telnetd/termstat.c
index fa7803dfe..d62071997 100644
--- a/src/appl/telnet/telnetd/termstat.c
+++ b/src/appl/telnet/telnetd/termstat.c
@@ -316,7 +316,7 @@ localstat()
 				IAC, SE);
 			editmode = useeditmode;
 		}
-							
+
 
 		/*
 		 * Check for changes to special characters in use.
@@ -416,7 +416,7 @@ clientstat(code, parm1, parm2)
 					uselinemode = 1;
 				}
 			}
-		
+
 			/*
 			 * Quit now if we can't do it.
 			 */
@@ -456,7 +456,7 @@ clientstat(code, parm1, parm2)
 				send_will(TELOPT_ECHO, 1);
 		}
 		break;
-	
+
 	case LM_MODE:
 	    {
 		register int ack, changed;
@@ -504,7 +504,7 @@ clientstat(code, parm1, parm2)
  					useeditmode|MODE_ACK,
  					IAC, SE);
  			}
- 		
+
 			editmode = useeditmode;
 		}
 
@@ -538,9 +538,9 @@ clientstat(code, parm1, parm2)
 		(void) ioctl(pty, TIOCSWINSZ, (char *)&ws);
 	    }
 #endif	/* TIOCSWINSZ */
-		
+
 		break;
-	
+
 	case TELOPT_TSPEED:
 	    {
 		def_tspeed = parm1;
@@ -605,7 +605,7 @@ _termstat()
  *
  * Some things should not be done until after the login process has started
  * and all the pty modes are set to what they are supposed to be.  This
- * function is called when the pty state has been processed for the first time. 
+ * function is called when the pty state has been processed for the first time.
  * It calls other functions that do things that were deferred in each module.
  */
 	void
diff --git a/src/appl/telnet/telnetd/utility.c b/src/appl/telnet/telnetd/utility.c
index 4a4c1308e..7e53c486c 100644
--- a/src/appl/telnet/telnetd/utility.c
+++ b/src/appl/telnet/telnetd/utility.c
@@ -90,7 +90,7 @@ read_again:
     }
 }  /* end of ttloop */
 
-/* 
+/*
  * ttsuck - This is a horrible kludge to deal with a bug in
  * HostExplorer. HostExplorer thinks it knows how to do krb5 auth, but
  * it doesn't really. So if you offer it krb5 as an auth choice before
@@ -872,7 +872,7 @@ printsub(direction, pointer, length)
 		    break;
 		}
 		break;
-		
+
 	    case LM_SLC:
 		netputs("SLC");
 		for (i = 2; i < length - 2; i += 3) {
@@ -1010,7 +1010,7 @@ do {						\
 			netputs("\r\n");
 
 			break;
-				
+
 		    default:
 			netprintf(" %d", pointer[i]);
 			break;
@@ -1103,7 +1103,7 @@ do {						\
 #if	defined(AUTHENTICATION)
 	case TELOPT_AUTHENTICATION:
 	    netputs("AUTHENTICATION");
-	
+
 	    if (length < 2) {
 		netputs(" (empty suboption??\?)");
 		break;
@@ -1127,7 +1127,7 @@ do {						\
 		netputs(((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON)
 			? "|ENCRYPT" : "");
 
-		auth_printsub(&pointer[1], length - 1, (unsigned char *)buf, 
+		auth_printsub(&pointer[1], length - 1, (unsigned char *)buf,
 			      sizeof(buf));
 		netputs(buf);
 		break;
@@ -1215,7 +1215,7 @@ do {						\
 		    netprintf("%d (unknown)", pointer[2]);
 		netputs(" ");
 
-		encrypt_printsub(&pointer[1], length - 1, 
+		encrypt_printsub(&pointer[1], length - 1,
 				 (unsigned char *) buf, sizeof(buf));
 		netputs(buf);
 		break;
@@ -1283,7 +1283,7 @@ printdata(tag, ptr, cnt)
 		netputs(": ");
 		for (i = 0; i < 20 && cnt; i++) {
 			netprintf(nfrontp, "%02x", *ptr);
-			nfrontp += strlen(nfrontp); 
+			nfrontp += strlen(nfrontp);
 			if (isprint((int) *ptr)) {
 				xbuf[i] = *ptr;
 			} else {
@@ -1298,6 +1298,6 @@ printdata(tag, ptr, cnt)
 		netputs(" ");
 		netputs(xbuf);
 		netputs("\r\n");
-	} 
+	}
 }
 #endif /* DIAGNOSTICS */
diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c
index 6edf0ffff..a2f8e7f72 100644
--- a/src/appl/user_user/client.c
+++ b/src/appl/user_user/client.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Other end of user-user client/server pair.
  */
@@ -82,11 +82,11 @@ char *argv[];
   }
 
   if ((host = gethostbyname (argv[1])) == NULL) {
-      fprintf (stderr, "uu-client: can't get address of host \"%s\".\n", 
+      fprintf (stderr, "uu-client: can't get address of host \"%s\".\n",
 	       argv[1]);
       return 3;
   }
-  
+
   if (host->h_addrtype != AF_INET) {
       fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n",
 	       host->h_addrtype, argv[1]);
@@ -103,13 +103,13 @@ char *argv[];
       cli_net_addr.sin_family = AF_INET;
       cli_net_addr.sin_port = 0;
       cli_net_addr.sin_addr.s_addr = 0;
-      if (bind (s, (struct sockaddr *)&cli_net_addr, 
+      if (bind (s, (struct sockaddr *)&cli_net_addr,
 		sizeof (cli_net_addr)) < 0) {
 	  com_err ("uu-client", errno, "binding socket");
 	  return 4;
       }
   }
-  
+
   serv_net_addr.sin_family = AF_INET;
   serv_net_addr.sin_port = port;
 
@@ -120,10 +120,10 @@ char *argv[];
 	  return 5;
       }
 
-      memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++], 
+      memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++],
 	      sizeof(serv_net_addr.sin_addr));
 
-      if (connect(s, (struct sockaddr *)&serv_net_addr, 
+      if (connect(s, (struct sockaddr *)&serv_net_addr,
 		  sizeof (serv_net_addr)) == 0)
 	  break;
       com_err ("uu-client", errno, "connecting to \"%s\" (%s).",
@@ -146,12 +146,12 @@ char *argv[];
       com_err("uu-client", retval, "getting principal name");
       return 6;
   }
-  
+
   retval = krb5_unparse_name(context, creds.client, &princ);
   if (retval) {
       com_err("uu-client", retval, "printing principal name");
       return 7;
-  } 
+  }
   else
       fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ);
 
@@ -161,7 +161,7 @@ char *argv[];
       return 7;
   }
 
-  retval = 
+  retval =
       krb5_build_principal_ext(context, &creds.server,
 			       krb5_princ_realm(context, creds.client)->length,
 			       krb5_princ_realm(context, creds.client)->data,
@@ -173,9 +173,9 @@ char *argv[];
       com_err("uu-client", retval, "setting up tgt server name");
       return 7;
   }
-  
+
   /* Get TGT from credentials cache */
-  retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc, 
+  retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
 				&creds, &new_creds);
   if (retval) {
       com_err("uu-client", retval, "getting TGT");
@@ -193,9 +193,9 @@ char *argv[];
       com_err("uu-client", retval, "sending principal name to server");
       return 8;
   }
-  
+
   free(princ);
-  
+
   retval = krb5_write_message(context, (krb5_pointer) &s, &new_creds->ticket);
   if (retval) {
       com_err("uu-client", retval, "sending ticket to server");
@@ -213,8 +213,8 @@ char *argv[];
       com_err("uu-client", retval, "initializing the auth_context");
       return 9;
   }
-  
-  retval = 
+
+  retval =
       krb5_auth_con_genaddrs(context, auth_context, s,
 			     KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
 			     KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
@@ -229,14 +229,14 @@ char *argv[];
       com_err("uu-client", retval, "initializing the auth_context flags");
       return 9;
   }
-  
-  retval = krb5_auth_con_setuseruserkey(context, auth_context, 
+
+  retval = krb5_auth_con_setuseruserkey(context, auth_context,
 					&new_creds->keyblock);
   if (retval) {
       com_err("uu-client", retval, "setting useruserkey for authcontext");
       return 9;
   }
-  
+
 #if 1
   /* read the ap_req to get the session key */
   retval = krb5_rd_req(context, &auth_context, &reply,
@@ -246,7 +246,7 @@ char *argv[];
   retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???",
 			 0, /* server */, 0, NULL, &ticket);
 #endif
-  
+
   if (retval) {
       com_err("uu-client", retval, "reading AP_REQ from server");
       return 9;
@@ -265,7 +265,7 @@ char *argv[];
       com_err("uu-client", retval, "reading reply from server");
       return 9;
   }
-  
+
   retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL);
   if (retval) {
       com_err("uu-client", retval, "decoding reply from server");
@@ -275,4 +275,3 @@ char *argv[];
   printf ("uu-client: server says \"%s\".\n", msg.data);
   return 0;
 }
-
diff --git a/src/appl/user_user/server.c b/src/appl/user_user/server.c
index 40243fed0..8a66bbdc0 100644
--- a/src/appl/user_user/server.c
+++ b/src/appl/user_user/server.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * One end of the user-user client-server pair.
  */
@@ -75,12 +75,12 @@ char *argv[];
       int acc;
       struct servent *sp;
       socklen_t namelen = sizeof(f_inaddr);
-      
+
       if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
 	  com_err("uu-server", errno, "creating socket");
 	  exit(3);
       }
-      
+
       l_inaddr.sin_family = AF_INET;
       l_inaddr.sin_addr.s_addr = 0;
       if (!(sp = getservbyname("uu-sample", "tcp"))) {
@@ -145,7 +145,7 @@ char *argv[];
   printf ("uu-server: client ticket is %d bytes.\n",
 	  creds.second_ticket.length);
 
-  retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc, 
+  retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc,
 				&creds, &new_creds);
   if (retval) {
       com_err("uu-server", retval, "getting user-user ticket");
@@ -182,8 +182,8 @@ char *argv[];
       com_err("uu-server", retval, "initializing the auth_context flags");
       return 8;
   }
-  
-  retval = 
+
+  retval =
       krb5_auth_con_genaddrs(context, auth_context, sock,
 			     KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
 			     KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
@@ -191,10 +191,10 @@ char *argv[];
       com_err("uu-server", retval, "generating addrs for auth_context");
       return 9;
   }
-  
+
 #if 1
-  retval = krb5_mk_req_extended(context, &auth_context, 
-				AP_OPTS_USE_SESSION_KEY, 
+  retval = krb5_mk_req_extended(context, &auth_context,
+				AP_OPTS_USE_SESSION_KEY,
 				NULL, new_creds, &msg);
   if (retval) {
       com_err("uu-server", retval, "making AP_REQ");
@@ -208,12 +208,12 @@ char *argv[];
 #endif
   if (retval)
       goto cl_short_wrt;
-  
+
   free(msg.data);
-  
+
   msgtext.length = 32;
   msgtext.data = "Hello, other end of connection.";
-  
+
   retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL);
   if (retval) {
       com_err("uu-server", retval, "encoding message to client");
diff --git a/src/ccapi/common/cci_array_internal.c b/src/ccapi/common/cci_array_internal.c
index b5a0f693b..6e8bf2163 100644
--- a/src/ccapi/common/cci_array_internal.c
+++ b/src/ccapi/common/cci_array_internal.c
@@ -37,7 +37,7 @@ struct cci_array_d {
     cci_array_object_t *objects;
     cc_uint64 count;
     cc_uint64 max_count;
-    
+
     cci_array_object_release_t object_release;
 };
 
@@ -52,19 +52,19 @@ static cc_int32 cci_array_resize (cci_array_t io_array,
 {
     cc_int32 err = ccNoError;
     cc_uint64 new_max_count = 0;
-    
+
     if (!io_array) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         cc_uint64 old_max_count = io_array->max_count;
         new_max_count = io_array->max_count;
-        
+
         if (in_new_count > old_max_count) {
             /* Expand the array */
             while (in_new_count > new_max_count) {
                 new_max_count += CCI_ARRAY_COUNT_INCREMENT;
             }
-            
+
         } else if ((in_new_count + CCI_ARRAY_COUNT_INCREMENT) < old_max_count) {
             /* Shrink the array, but never drop below CC_ARRAY_COUNT_INCREMENT */
             while ((in_new_count + CCI_ARRAY_COUNT_INCREMENT) < new_max_count &&
@@ -73,24 +73,24 @@ static cc_int32 cci_array_resize (cci_array_t io_array,
             }
         }
     }
-    
+
     if (!err && io_array->max_count != new_max_count) {
         cci_array_object_t *objects = io_array->objects;
-        
+
         if (!objects) {
             objects = malloc (new_max_count * sizeof (*objects));
         } else {
             objects = realloc (objects, new_max_count * sizeof (*objects));
         }
         if (!objects) { err = cci_check_error (ccErrNoMem); }
-        
+
         if (!err) {
             io_array->objects = objects;
             io_array->max_count = new_max_count;
-        }        
+        }
     }
-    
-    return cci_check_error (err); 
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -104,27 +104,27 @@ cc_int32 cci_array_new (cci_array_t                *out_array,
 {
     cc_int32 err = ccNoError;
     cci_array_t array = NULL;
-    
+
     if (!out_array) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         array = malloc (sizeof (*array));
-        if (array) { 
+        if (array) {
             *array = cci_array_initializer;
             array->object_release = in_array_object_release;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         *out_array = array;
         array = NULL;
     }
-    
+
     cci_array_release (array);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -132,10 +132,10 @@ cc_int32 cci_array_new (cci_array_t                *out_array,
 cc_int32 cci_array_release (cci_array_t io_array)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_array) {
         cc_uint64 i;
-        
+
         if (io_array->object_release) {
 	    for (i = 0; i < io_array->count; i++) {
 		io_array->object_release (io_array->objects[i]);
@@ -144,8 +144,8 @@ cc_int32 cci_array_release (cci_array_t io_array)
         free (io_array->objects);
         free (io_array);
     }
-    
-    return err;        
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -166,9 +166,9 @@ cci_array_object_t cci_array_object_at_index (cci_array_t io_array,
         if (!io_array) {
             cci_debug_printf ("%s() got NULL array", __FUNCTION__);
         } else {
-            cci_debug_printf ("%s() got bad index %lld (count = %lld)", __FUNCTION__, 
+            cci_debug_printf ("%s() got bad index %lld (count = %lld)", __FUNCTION__,
                               in_position, io_array->count);
-        }     
+        }
         return NULL;
     }
 }
@@ -176,7 +176,7 @@ cci_array_object_t cci_array_object_at_index (cci_array_t io_array,
 #ifdef TARGET_OS_MAC
 #pragma mark -
 #endif
-    
+
 /* ------------------------------------------------------------------------ */
 
 cc_int32 cci_array_insert (cci_array_t        io_array,
@@ -184,34 +184,34 @@ cc_int32 cci_array_insert (cci_array_t        io_array,
                            cc_uint64          in_position)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_array ) { err = cci_check_error (ccErrBadParam); }
     if (!in_object) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         /* Don't try to insert past the end and don't overflow the array */
         if (in_position > io_array->count || io_array->count == UINT64_MAX) {
             err = cci_check_error (ccErrBadParam);
         }
     }
-    
+
     if (!err) {
         err = cci_array_resize (io_array, io_array->count + 1);
     }
-    
+
     if (!err) {
         cc_uint64 move_count = io_array->count - in_position;
-        
+
         if (move_count > 0) {
             memmove (&io_array->objects[in_position + 1], &io_array->objects[in_position],
                      move_count * sizeof (*io_array->objects));
         }
-        
+
         io_array->objects[in_position] = in_object;
         io_array->count++;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -220,29 +220,29 @@ cc_int32 cci_array_remove (cci_array_t io_array,
                            cc_uint64   in_position)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_array) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && in_position >= io_array->count) {
         err = cci_check_error (ccErrBadParam);
     }
-    
+
     if (!err) {
         cc_uint64 move_count = io_array->count - in_position - 1;
         cci_array_object_t object = io_array->objects[in_position];
-        
+
         if (move_count > 0) {
             memmove (&io_array->objects[in_position], &io_array->objects[in_position + 1],
                      move_count * sizeof (*io_array->objects));
         }
         io_array->count--;
-        
+
         if (io_array->object_release) { io_array->object_release (object); }
-        
+
         cci_array_resize (io_array, io_array->count);
      }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -253,14 +253,14 @@ cc_int32 cci_array_move (cci_array_t  io_array,
                          cc_uint64   *out_real_new_position)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_array             ) { err = cci_check_error (ccErrBadParam); }
     if (!out_real_new_position) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && in_position >= io_array->count) {
         err = cci_check_error (ccErrBadParam);
     }
-    
+
     if (!err && in_new_position > io_array->count) {
         err = cci_check_error (ccErrBadParam);
     }
@@ -269,7 +269,7 @@ cc_int32 cci_array_move (cci_array_t  io_array,
         cc_uint64 move_to = 0;
         cc_uint64 move_count = 0;
         cc_uint64 real_new_position = 0;
-        
+
         if (in_position < in_new_position) {
             /* shift right, making an empty space so the
              * actual new position is one less in_new_position */
@@ -277,30 +277,30 @@ cc_int32 cci_array_move (cci_array_t  io_array,
             move_to = in_position;
             move_count = in_new_position - in_position - 1;
             real_new_position = in_new_position - 1;
-	    
+
         } else if (in_position > in_new_position) {
             /* shift left */
             move_from = in_new_position;
             move_to = in_new_position + 1;
-            move_count = in_position - in_new_position;     
+            move_count = in_position - in_new_position;
             real_new_position = in_new_position;
-            
+
         } else {
             real_new_position = in_new_position;
         }
-        
+
         if (move_count > 0) {
             cci_array_object_t object = io_array->objects[in_position];
-            
-            memmove (&io_array->objects[move_to], &io_array->objects[move_from], 
+
+            memmove (&io_array->objects[move_to], &io_array->objects[move_from],
                      move_count * sizeof (*io_array->objects));
             io_array->objects[real_new_position] = object;
         }
-        
+
         *out_real_new_position = real_new_position;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -311,4 +311,3 @@ cc_int32 cci_array_push_front (cci_array_t io_array,
     cc_uint64 real_new_position = 0;
     return cci_array_move (io_array, in_position, 0, &real_new_position);
 }
-
diff --git a/src/ccapi/common/cci_cred_union.c b/src/ccapi/common/cci_cred_union.c
index 94aebddf2..a2f8ca877 100644
--- a/src/ccapi/common/cci_cred_union.c
+++ b/src/ccapi/common/cci_cred_union.c
@@ -35,14 +35,14 @@
 static cc_uint32 cci_credentials_v4_release (cc_credentials_v4_t *io_v4creds)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_v4creds) { err = ccErrBadParam; }
-    
+
     if (!err) {
         memset (io_v4creds, 0, sizeof (*io_v4creds));
         free (io_v4creds);
     }
-    
+
     return err;
 }
 
@@ -53,78 +53,78 @@ static cc_uint32 cci_credentials_v4_read (cc_credentials_v4_t **out_v4creds,
 {
     cc_int32 err = ccNoError;
     cc_credentials_v4_t *v4creds = NULL;
-    
+
     if (!io_stream  ) { err = cci_check_error (ccErrBadParam); }
     if (!out_v4creds) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         v4creds = malloc (sizeof (*v4creds));
         if (!v4creds) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &v4creds->version);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, v4creds->principal, cc_v4_name_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, v4creds->principal_instance, cc_v4_instance_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, v4creds->service, cc_v4_name_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, v4creds->service_instance, cc_v4_instance_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, v4creds->realm, cc_v4_realm_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, v4creds->session_key, cc_v4_key_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->kvno);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->string_to_key_type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (io_stream, &v4creds->issue_date);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->lifetime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &v4creds->address);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (io_stream, &v4creds->ticket_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, v4creds->ticket, cc_v4_ticket_size);
     }
-    
+
     if (!err) {
         *out_v4creds = v4creds;
         v4creds = NULL;
     }
-    
+
     free (v4creds);
-    
+
     return cci_check_error (err);
 }
 
@@ -134,66 +134,66 @@ static cc_uint32 cci_credentials_v4_write (cc_credentials_v4_t *in_v4creds,
                                            k5_ipc_stream         io_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_stream ) { err = cci_check_error (ccErrBadParam); }
     if (!in_v4creds) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (io_stream, in_v4creds->version);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, in_v4creds->principal, cc_v4_name_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, in_v4creds->principal_instance, cc_v4_instance_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, in_v4creds->service, cc_v4_name_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, in_v4creds->service_instance, cc_v4_instance_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, in_v4creds->realm, cc_v4_realm_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, in_v4creds->session_key, cc_v4_key_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->kvno);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->string_to_key_type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (io_stream, in_v4creds->issue_date);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->lifetime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (io_stream, in_v4creds->address);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (io_stream, in_v4creds->ticket_size);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, in_v4creds->ticket, cc_v4_ticket_size);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -206,16 +206,16 @@ static cc_uint32 cci_credentials_v4_write (cc_credentials_v4_t *in_v4creds,
 static cc_uint32 cci_cc_data_contents_release (cc_data *io_ccdata)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccdata && io_ccdata->data) { err = ccErrBadParam; }
-    
+
     if (!err) {
         if (io_ccdata->length) {
             memset (io_ccdata->data, 0, io_ccdata->length);
         }
         free (io_ccdata->data);
     }
-    
+
     return err;
 }
 
@@ -224,14 +224,14 @@ static cc_uint32 cci_cc_data_contents_release (cc_data *io_ccdata)
 static cc_uint32 cci_cc_data_release (cc_data *io_ccdata)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccdata) { err = ccErrBadParam; }
-    
+
     if (!err) {
         cci_cc_data_contents_release (io_ccdata);
         free (io_ccdata);
     }
-    
+
     return err;
 }
 
@@ -244,18 +244,18 @@ static cc_uint32 cci_cc_data_read (cc_data      *io_ccdata,
     cc_uint32 type = 0;
     cc_uint32 length = 0;
     char *data = NULL;
-    
+
     if (!io_stream) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccdata) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &length);
     }
-    
+
     if (!err && length > 0) {
         data = malloc (length);
         if (!data) { err = cci_check_error (ccErrNoMem); }
@@ -264,16 +264,16 @@ static cc_uint32 cci_cc_data_read (cc_data      *io_ccdata,
             err = krb5int_ipc_stream_read (io_stream, data, length);
         }
     }
-    
+
     if (!err) {
         io_ccdata->type = type;
         io_ccdata->length = length;
         io_ccdata->data = data;
         data = NULL;
     }
-    
+
     free (data);
-    
+
     return cci_check_error (err);
 }
 
@@ -283,22 +283,22 @@ static cc_uint32 cci_cc_data_write (cc_data      *in_ccdata,
                                     k5_ipc_stream io_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_stream) { err = cci_check_error (ccErrBadParam); }
     if (!in_ccdata) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (io_stream, in_ccdata->type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (io_stream, in_ccdata->length);
     }
-    
+
     if (!err && in_ccdata->length > 0) {
         err = krb5int_ipc_stream_write (io_stream, in_ccdata->data, in_ccdata->length);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -311,18 +311,18 @@ static cc_uint32 cci_cc_data_write (cc_data      *in_ccdata,
 static cc_uint32 cci_cc_data_array_release (cc_data **io_ccdata_array)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccdata_array) { err = ccErrBadParam; }
-    
+
     if (!err) {
         cc_uint32 i;
-        
+
         for (i = 0; io_ccdata_array && io_ccdata_array[i]; i++) {
             cci_cc_data_release (io_ccdata_array[i]);
         }
-        free (io_ccdata_array);        
+        free (io_ccdata_array);
     }
-    
+
     return err;
 }
 
@@ -335,41 +335,41 @@ static cc_uint32 cci_cc_data_array_read (cc_data      ***io_ccdata_array,
     cc_uint32 count = 0;
     cc_data **array = NULL;
     cc_uint32 i;
-    
+
     if (!io_stream      ) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccdata_array) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &count);
     }
-    
+
     if (!err && count > 0) {
         array = malloc ((count + 1) * sizeof (*array));
-        if (array) { 
+        if (array) {
             for (i = 0; i <= count; i++) { array[i] = NULL; }
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         for (i = 0; !err && i < count; i++) {
             array[i] = malloc (sizeof (cc_data));
             if (!array[i]) { err = cci_check_error (ccErrNoMem); }
-            
+
             if (!err) {
                 err = cci_cc_data_read (array[i], io_stream);
             }
         }
     }
-    
+
     if (!err) {
         *io_ccdata_array = array;
         array = NULL;
     }
-    
+
     cci_cc_data_array_release (array);
-    
+
     return cci_check_error (err);
 }
 
@@ -380,24 +380,24 @@ static cc_uint32 cci_cc_data_array_write (cc_data      **in_ccdata_array,
 {
     cc_int32 err = ccNoError;
     cc_uint32 count = 0;
-    
+
     if (!io_stream) { err = cci_check_error (ccErrBadParam); }
     /* in_ccdata_array may be NULL */
-    
+
     if (!err) {
         for (count = 0; in_ccdata_array && in_ccdata_array[count]; count++);
-        
+
         err = krb5int_ipc_stream_write_uint32 (io_stream, count);
     }
-    
+
     if (!err) {
         cc_uint32 i;
-        
+
         for (i = 0; !err && i < count; i++) {
             err = cci_cc_data_write (in_ccdata_array[i], io_stream);
-        }            
+        }
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -411,7 +411,7 @@ cc_credentials_v5_t cci_credentials_v5_initializer = {
     NULL,
     NULL,
     { 0, 0, NULL },
-    0, 0, 0, 0, 0, 0, 
+    0, 0, 0, 0, 0, 0,
     NULL,
     { 0, 0, NULL },
     { 0, 0, NULL },
@@ -423,9 +423,9 @@ cc_credentials_v5_t cci_credentials_v5_initializer = {
 static cc_uint32 cci_credentials_v5_release (cc_credentials_v5_t *io_v5creds)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_v5creds) { err = ccErrBadParam; }
-    
+
     if (!err) {
         free (io_v5creds->client);
         free (io_v5creds->server);
@@ -434,9 +434,9 @@ static cc_uint32 cci_credentials_v5_release (cc_credentials_v5_t *io_v5creds)
         cci_cc_data_contents_release (&io_v5creds->ticket);
         cci_cc_data_contents_release (&io_v5creds->second_ticket);
         cci_cc_data_array_release (io_v5creds->authdata);
-        free (io_v5creds);        
+        free (io_v5creds);
     }
-    
+
     return err;
 }
 
@@ -447,78 +447,78 @@ static cc_uint32 cci_credentials_v5_read (cc_credentials_v5_t **out_v5creds,
 {
     cc_int32 err = ccNoError;
     cc_credentials_v5_t *v5creds = NULL;
-    
+
     if (!io_stream  ) { err = cci_check_error (ccErrBadParam); }
     if (!out_v5creds) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         v5creds = malloc (sizeof (*v5creds));
-        if (v5creds) { 
+        if (v5creds) {
             *v5creds = cci_credentials_v5_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (io_stream, &v5creds->client);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (io_stream, &v5creds->server);
     }
-    
+
     if (!err) {
         err = cci_cc_data_read (&v5creds->keyblock, io_stream);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (io_stream, &v5creds->authtime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (io_stream, &v5creds->starttime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (io_stream, &v5creds->endtime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (io_stream, &v5creds->renew_till);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &v5creds->is_skey);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &v5creds->ticket_flags);
     }
-    
+
     if (!err) {
         err = cci_cc_data_array_read (&v5creds->addresses, io_stream);
     }
-        
+
     if (!err) {
         err = cci_cc_data_read (&v5creds->ticket, io_stream);
     }
-    
+
     if (!err) {
         err = cci_cc_data_read (&v5creds->second_ticket, io_stream);
     }
-    
+
     if (!err) {
         err = cci_cc_data_array_read (&v5creds->authdata, io_stream);
     }
-    
+
     if (!err) {
         *out_v5creds = v5creds;
         v5creds = NULL;
     }
-    
+
     cci_credentials_v5_release (v5creds);
-    
+
     return cci_check_error (err);
 }
 
@@ -528,63 +528,63 @@ static cc_uint32 cci_credentials_v5_write (cc_credentials_v5_t *in_v5creds,
                                            k5_ipc_stream         io_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_stream ) { err = cci_check_error (ccErrBadParam); }
     if (!in_v5creds) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (io_stream, in_v5creds->client);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (io_stream, in_v5creds->server);
     }
-    
+
     if (!err) {
         err = cci_cc_data_write (&in_v5creds->keyblock, io_stream);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->authtime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->starttime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->endtime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (io_stream, in_v5creds->renew_till);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (io_stream, in_v5creds->is_skey);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (io_stream, in_v5creds->ticket_flags);
     }
-    
+
     if (!err) {
         err = cci_cc_data_array_write (in_v5creds->addresses, io_stream);
     }
-    
+
     if (!err) {
         err = cci_cc_data_write (&in_v5creds->ticket, io_stream);
     }
-    
+
     if (!err) {
         err = cci_cc_data_write (&in_v5creds->second_ticket, io_stream);
     }
-    
+
     if (!err) {
         err = cci_cc_data_array_write (in_v5creds->authdata, io_stream);
     }
-    
-    
+
+
     return cci_check_error (err);
 }
 
@@ -597,9 +597,9 @@ static cc_uint32 cci_credentials_v5_write (cc_credentials_v5_t *in_v5creds,
 cc_uint32 cci_credentials_union_release (cc_credentials_union *io_cred_union)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_cred_union) { err = ccErrBadParam; }
-    
+
     if (!err) {
         if (io_cred_union->version == cc_credentials_v4) {
             cci_credentials_v4_release (io_cred_union->credentials.credentials_v4);
@@ -608,7 +608,7 @@ cc_uint32 cci_credentials_union_release (cc_credentials_union *io_cred_union)
         }
         free (io_cred_union);
     }
-    
+
     return err;
 }
 
@@ -619,41 +619,41 @@ cc_uint32 cci_credentials_union_read (cc_credentials_union **out_credentials_uni
 {
     cc_int32 err = ccNoError;
     cc_credentials_union *credentials_union = NULL;
-    
+
     if (!io_stream            ) { err = cci_check_error (ccErrBadParam); }
     if (!out_credentials_union) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         credentials_union = calloc (1, sizeof (*credentials_union));
         if (!credentials_union) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &credentials_union->version);
     }
-    
+
     if (!err) {
         if (credentials_union->version == cc_credentials_v4) {
             err = cci_credentials_v4_read (&credentials_union->credentials.credentials_v4,
                                            io_stream);
-        
+
         } else if (credentials_union->version == cc_credentials_v5) {
             err = cci_credentials_v5_read (&credentials_union->credentials.credentials_v5,
                                            io_stream);
-           
-        
+
+
         } else {
             err = ccErrBadCredentialsVersion;
         }
     }
-    
+
     if (!err) {
         *out_credentials_union = credentials_union;
         credentials_union = NULL;
     }
-    
+
     if (credentials_union) { cci_credentials_union_release (credentials_union); }
-    
+
     return cci_check_error (err);
 }
 
@@ -663,29 +663,29 @@ cc_uint32 cci_credentials_union_write (const cc_credentials_union *in_credential
                                        k5_ipc_stream                io_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_stream           ) { err = cci_check_error (ccErrBadParam); }
     if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (io_stream, in_credentials_union->version);
     }
-    
+
     if (!err) {
         if (in_credentials_union->version == cc_credentials_v4) {
             err = cci_credentials_v4_write (in_credentials_union->credentials.credentials_v4,
                                             io_stream);
-            
+
         } else if (in_credentials_union->version == cc_credentials_v5) {
             err = cci_credentials_v5_write (in_credentials_union->credentials.credentials_v5,
                                             io_stream);
-            
+
         } else {
             err = ccErrBadCredentialsVersion;
         }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -699,7 +699,7 @@ cc_credentials_v5_compat cci_credentials_v5_compat_initializer = {
     NULL,
     NULL,
     { 0, 0, NULL },
-    0, 0, 0, 0, 0, 0, 
+    0, 0, 0, 0, 0, 0,
     NULL,
     { 0, 0, NULL },
     { 0, 0, NULL },
@@ -711,14 +711,14 @@ cc_credentials_v5_compat cci_credentials_v5_compat_initializer = {
 cc_uint32 cci_cred_union_release (cred_union *io_cred_union)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_cred_union) { err = ccErrBadParam; }
-    
+
     if (!err) {
         if (io_cred_union->cred_type == CC_CRED_V4) {
             memset (io_cred_union->cred.pV4Cred, 0, sizeof (cc_credentials_v4_compat));
             free (io_cred_union->cred.pV4Cred);
-            
+
         } else if (io_cred_union->cred_type == CC_CRED_V5) {
             free (io_cred_union->cred.pV5Cred->client);
             free (io_cred_union->cred.pV5Cred->server);
@@ -727,11 +727,11 @@ cc_uint32 cci_cred_union_release (cred_union *io_cred_union)
             cci_cc_data_contents_release (&io_cred_union->cred.pV5Cred->ticket);
             cci_cc_data_contents_release (&io_cred_union->cred.pV5Cred->second_ticket);
             cci_cc_data_array_release (io_cred_union->cred.pV5Cred->authdata);
-            free (io_cred_union->cred.pV5Cred);        
+            free (io_cred_union->cred.pV5Cred);
         }
         free (io_cred_union);
     }
-    
+
     return err;
 }
 
@@ -742,28 +742,28 @@ static cc_uint32 cci_cc_data_copy_contents (cc_data      *io_ccdata,
 {
     cc_int32 err = ccNoError;
     char *data = NULL;
-    
+
     if (!io_ccdata) { err = cci_check_error (ccErrBadParam); }
     if (!in_ccdata) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && in_ccdata->length > 0) {
         data = malloc (in_ccdata->length);
         if (data) {
             memcpy (data, in_ccdata->data, in_ccdata->length);
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         io_ccdata->type = in_ccdata->type;
         io_ccdata->length = in_ccdata->length;
         io_ccdata->data = data;
         data = NULL;
     }
-    
+
     free (data);
-    
+
     return cci_check_error (err);
 }
 
@@ -776,40 +776,40 @@ static cc_uint32 cci_cc_data_array_copy (cc_data      ***io_ccdata_array,
     cc_uint32 count = 0;
     cc_data **array = NULL;
     cc_uint32 i;
-    
+
     if (!io_ccdata_array) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         for (count = 0; in_ccdata_array && in_ccdata_array[count]; count++);
     }
-    
+
     if (!err && count > 0) {
         array = malloc ((count + 1) * sizeof (*array));
-        if (array) { 
+        if (array) {
             for (i = 0; i <= count; i++) { array[i] = NULL; }
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         for (i = 0; !err && i < count; i++) {
             array[i] = malloc (sizeof (cc_data));
             if (!array[i]) { err = cci_check_error (ccErrNoMem); }
-            
+
             if (!err) {
                 err = cci_cc_data_copy_contents (array[i], in_ccdata_array[i]);
             }
         }
     }
-    
+
     if (!err) {
         *io_ccdata_array = array;
         array = NULL;
     }
-    
+
     cci_cc_data_array_release (array);
-    
+
     return cci_check_error (err);
 }
 
@@ -820,28 +820,28 @@ cc_uint32 cci_credentials_union_to_cred_union (const cc_credentials_union  *in_c
 {
     cc_int32 err = ccNoError;
     cred_union *compat_cred_union = NULL;
-    
+
     if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); }
     if (!out_cred_union      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         compat_cred_union = calloc (1, sizeof (*compat_cred_union));
         if (!compat_cred_union) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
         if (in_credentials_union->version == cc_credentials_v4) {
             cc_credentials_v4_compat *compat_v4creds = NULL;
-            
+
             compat_v4creds = malloc (sizeof (*compat_v4creds));
             if (!compat_v4creds) { err = cci_check_error (ccErrNoMem); }
-            
+
             if (!err) {
                 cc_credentials_v4_t *v4creds = in_credentials_union->credentials.credentials_v4;
-                
+
                 compat_cred_union->cred_type = CC_CRED_V4;
                 compat_cred_union->cred.pV4Cred = compat_v4creds;
-                
+
                 compat_v4creds->kversion = v4creds->version;
                 strncpy (compat_v4creds->principal,          v4creds->principal,          KRB_NAME_SZ+1);
                 strncpy (compat_v4creds->principal_instance, v4creds->principal_instance, KRB_INSTANCE_SZ+1);
@@ -858,60 +858,60 @@ cc_uint32 cci_credentials_union_to_cred_union (const cc_credentials_union  *in_c
                 memcpy (compat_v4creds->ticket, v4creds->ticket, MAX_V4_CRED_LEN);
                 compat_v4creds->oops = 0;
             }
-            
+
         } else if (in_credentials_union->version == cc_credentials_v5) {
             cc_credentials_v5_t *v5creds = in_credentials_union->credentials.credentials_v5;
             cc_credentials_v5_compat *compat_v5creds = NULL;
-            
+
             compat_v5creds = malloc (sizeof (*compat_v5creds));
-            if (compat_v5creds) { 
+            if (compat_v5creds) {
                 *compat_v5creds = cci_credentials_v5_compat_initializer;
             } else {
-                err = cci_check_error (ccErrNoMem); 
+                err = cci_check_error (ccErrNoMem);
             }
-            
+
             if (!err) {
-                if (!v5creds->client) { 
+                if (!v5creds->client) {
                     err = cci_check_error (ccErrBadParam);
                 } else {
                     compat_v5creds->client = strdup (v5creds->client);
                     if (!compat_v5creds->client) { err = cci_check_error (ccErrNoMem); }
                 }
             }
-            
+
             if (!err) {
-                if (!v5creds->server) { 
+                if (!v5creds->server) {
                     err = cci_check_error (ccErrBadParam);
                 } else {
                     compat_v5creds->server = strdup (v5creds->server);
                     if (!compat_v5creds->server) { err = cci_check_error (ccErrNoMem); }
                 }
             }
-            
+
             if (!err) {
                 err = cci_cc_data_copy_contents (&compat_v5creds->keyblock, &v5creds->keyblock);
             }
-            
+
             if (!err) {
                 err = cci_cc_data_array_copy (&compat_v5creds->addresses, v5creds->addresses);
             }
-            
+
             if (!err) {
                 err = cci_cc_data_copy_contents (&compat_v5creds->ticket, &v5creds->ticket);
             }
-            
+
             if (!err) {
                 err = cci_cc_data_copy_contents (&compat_v5creds->second_ticket, &v5creds->second_ticket);
             }
-            
+
             if (!err) {
                 err = cci_cc_data_array_copy (&compat_v5creds->authdata, v5creds->authdata);
             }
-            
+
             if (!err) {
                 compat_cred_union->cred_type = CC_CRED_V5;
                 compat_cred_union->cred.pV5Cred = compat_v5creds;
-                
+
                 compat_v5creds->keyblock      = v5creds->keyblock;
                 compat_v5creds->authtime      = v5creds->authtime;
                 compat_v5creds->starttime     = v5creds->starttime;
@@ -923,15 +923,15 @@ cc_uint32 cci_credentials_union_to_cred_union (const cc_credentials_union  *in_c
         } else {
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
-    } 
-    
+    }
+
     if (!err) {
         *out_cred_union = compat_cred_union;
         compat_cred_union = NULL;
     }
-    
+
     if (compat_cred_union) { cci_cred_union_release (compat_cred_union); }
-    
+
     return cci_check_error (err);
 }
 
@@ -942,29 +942,29 @@ cc_uint32 cci_cred_union_to_credentials_union (const cred_union      *in_cred_un
 {
     cc_int32 err = ccNoError;
     cc_credentials_union *creds_union = NULL;
-    
+
     if (!in_cred_union        ) { err = cci_check_error (ccErrBadParam); }
     if (!out_credentials_union) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         creds_union = calloc (1, sizeof (*creds_union));
         if (!creds_union) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
         if (in_cred_union->cred_type == CC_CRED_V4) {
             cc_credentials_v4_compat *compat_v4creds = in_cred_union->cred.pV4Cred;
             cc_credentials_v4_t *v4creds = NULL;
-            
+
             if (!err) {
                 v4creds = malloc (sizeof (*v4creds));
                 if (!v4creds) { err = cci_check_error (ccErrNoMem); }
             }
-            
+
             if (!err) {
                 creds_union->version = cc_credentials_v4;
                 creds_union->credentials.credentials_v4 = v4creds;
-                
+
                 v4creds->version = compat_v4creds->kversion;
                 strncpy (v4creds->principal,          compat_v4creds->principal,          KRB_NAME_SZ);
                 strncpy (v4creds->principal_instance, compat_v4creds->principal_instance, KRB_INSTANCE_SZ);
@@ -980,62 +980,62 @@ cc_uint32 cci_cred_union_to_credentials_union (const cred_union      *in_cred_un
                 v4creds->ticket_size        = compat_v4creds->ticket_sz;
                 memcpy (v4creds->ticket, compat_v4creds->ticket, MAX_V4_CRED_LEN);
             }
-            
+
         } else if (in_cred_union->cred_type == CC_CRED_V5) {
             cc_credentials_v5_compat *compat_v5creds = in_cred_union->cred.pV5Cred;
             cc_credentials_v5_t *v5creds = NULL;
-            
+
             if (!err) {
                 v5creds = malloc (sizeof (*v5creds));
-                if (v5creds) { 
+                if (v5creds) {
                     *v5creds = cci_credentials_v5_initializer;
                 } else {
-                    err = cci_check_error (ccErrNoMem); 
+                    err = cci_check_error (ccErrNoMem);
                 }
             }
-            
+
             if (!err) {
-                if (!compat_v5creds->client) { 
+                if (!compat_v5creds->client) {
                     err = cci_check_error (ccErrBadParam);
                 } else {
                     v5creds->client = strdup (compat_v5creds->client);
                     if (!v5creds->client) { err = cci_check_error (ccErrNoMem); }
                 }
             }
-            
+
             if (!err) {
-                if (!compat_v5creds->server) { 
+                if (!compat_v5creds->server) {
                     err = cci_check_error (ccErrBadParam);
                 } else {
                     v5creds->server = strdup (compat_v5creds->server);
                     if (!v5creds->server) { err = cci_check_error (ccErrNoMem); }
                 }
             }
-            
+
             if (!err) {
                 err = cci_cc_data_copy_contents (&v5creds->keyblock, &compat_v5creds->keyblock);
             }
-            
+
             if (!err) {
                 err = cci_cc_data_array_copy (&v5creds->addresses, compat_v5creds->addresses);
             }
-            
+
             if (!err) {
                 err = cci_cc_data_copy_contents (&v5creds->ticket, &compat_v5creds->ticket);
             }
-            
+
             if (!err) {
                 err = cci_cc_data_copy_contents (&v5creds->second_ticket, &compat_v5creds->second_ticket);
             }
-            
+
             if (!err) {
                 err = cci_cc_data_array_copy (&v5creds->authdata, compat_v5creds->authdata);
             }
-            
+
             if (!err) {
                 creds_union->version = cc_credentials_v5;
                 creds_union->credentials.credentials_v5 = v5creds;
-                
+
                 v5creds->authtime      = compat_v5creds->authtime;
                 v5creds->starttime     = compat_v5creds->starttime;
                 v5creds->endtime       = compat_v5creds->endtime;
@@ -1043,73 +1043,73 @@ cc_uint32 cci_cred_union_to_credentials_union (const cred_union      *in_cred_un
                 v5creds->is_skey       = compat_v5creds->is_skey;
                 v5creds->ticket_flags  = compat_v5creds->ticket_flags;
             }
-            
+
         } else {
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
-    } 
-    
+    }
+
     if (!err) {
         *out_credentials_union = creds_union;
         creds_union = NULL;
     }
-    
+
     if (creds_union) { cci_credentials_union_release (creds_union); }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_uint32 cci_cred_union_compare_to_credentials_union (const cred_union           *in_cred_union_compat,
                                                        const cc_credentials_union *in_credentials_union,
-                                                       cc_uint32                  *out_equal) 
+                                                       cc_uint32                  *out_equal)
 {
     cc_int32 err = ccNoError;
     cc_uint32 equal = 0;
-    
+
     if (!in_cred_union_compat) { err = cci_check_error (ccErrBadParam); }
     if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal           ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        if (in_cred_union_compat->cred_type == CC_CRED_V4 && 
+        if (in_cred_union_compat->cred_type == CC_CRED_V4 &&
             in_credentials_union->version == cc_credentials_v4) {
             cc_credentials_v4_compat *old_creds_v4 = in_cred_union_compat->cred.pV4Cred;
             cc_credentials_v4_t *new_creds_v4 = in_credentials_union->credentials.credentials_v4;
-            
+
             if (old_creds_v4 && new_creds_v4 &&
-                !strcmp (old_creds_v4->principal, 
+                !strcmp (old_creds_v4->principal,
                          new_creds_v4->principal) &&
-                !strcmp (old_creds_v4->principal_instance, 
+                !strcmp (old_creds_v4->principal_instance,
                          new_creds_v4->principal_instance) &&
-                !strcmp (old_creds_v4->service, 
+                !strcmp (old_creds_v4->service,
                          new_creds_v4->service) &&
-                !strcmp (old_creds_v4->service_instance, 
+                !strcmp (old_creds_v4->service_instance,
                          new_creds_v4->service_instance) &&
                 !strcmp (old_creds_v4->realm, new_creds_v4->realm) &&
-                (old_creds_v4->issue_date == (long) new_creds_v4->issue_date)) { 
+                (old_creds_v4->issue_date == (long) new_creds_v4->issue_date)) {
                 equal = 1;
             }
-            
-        } else if (in_cred_union_compat->cred_type == CC_CRED_V5 && 
+
+        } else if (in_cred_union_compat->cred_type == CC_CRED_V5 &&
                    in_credentials_union->version == cc_credentials_v5) {
             cc_credentials_v5_compat *old_creds_v5 = in_cred_union_compat->cred.pV5Cred;
             cc_credentials_v5_t *new_creds_v5 = in_credentials_union->credentials.credentials_v5;
-            
+
             /* Really should use krb5_parse_name and krb5_principal_compare */
             if (old_creds_v5 && new_creds_v5 &&
                 !strcmp (old_creds_v5->client, new_creds_v5->client) &&
                 !strcmp (old_creds_v5->server, new_creds_v5->server) &&
-                (old_creds_v5->starttime == new_creds_v5->starttime)) { 
+                (old_creds_v5->starttime == new_creds_v5->starttime)) {
                 equal = 1;
             }
         }
     }
-    
+
     if (!err) {
         *out_equal = equal;
     }
-    
+
     return cci_check_error (err);
 }
diff --git a/src/ccapi/common/cci_debugging.c b/src/ccapi/common/cci_debugging.c
index 4545b402e..d6b9c62c0 100644
--- a/src/ccapi/common/cci_debugging.c
+++ b/src/ccapi/common/cci_debugging.c
@@ -29,18 +29,18 @@
 
 /* ------------------------------------------------------------------------ */
 
-cc_int32 _cci_check_error (cc_int32    in_error, 
-                           const char *in_function, 
-                           const char *in_file, 
+cc_int32 _cci_check_error (cc_int32    in_error,
+                           const char *in_function,
+                           const char *in_file,
                            int         in_line)
 {
     /* Do not log for flow control errors or when there is no error at all */
     if (in_error != ccNoError && in_error != ccIteratorEnd) {
-        cci_debug_printf ("%s() got %d at %s: %d", in_function, 
+        cci_debug_printf ("%s() got %d at %s: %d", in_function,
                           in_error, in_file, in_line);
     }
-    
-    return in_error;    
+
+    return in_error;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -48,7 +48,7 @@ cc_int32 _cci_check_error (cc_int32    in_error,
 void cci_debug_printf (const char *in_format, ...)
 {
     va_list args;
-    
+
     va_start (args, in_format);
     cci_os_debug_vprintf (in_format, args);
     va_end (args);
diff --git a/src/ccapi/common/cci_debugging.h b/src/ccapi/common/cci_debugging.h
index 8875e1a03..aa2f1491b 100644
--- a/src/ccapi/common/cci_debugging.h
+++ b/src/ccapi/common/cci_debugging.h
@@ -29,9 +29,9 @@
 
 #include "cci_types.h"
 
-cc_int32 _cci_check_error (cc_int32    in_err, 
-                           const char *in_function, 
-                           const char *in_file, 
+cc_int32 _cci_check_error (cc_int32    in_err,
+                           const char *in_function,
+                           const char *in_file,
                            int         in_line);
 #define cci_check_error(err) _cci_check_error(err, __FUNCTION__, __FILE__, __LINE__)
 
diff --git a/src/ccapi/common/cci_identifier.c b/src/ccapi/common/cci_identifier.c
index a027c70c5..f1cc0cf92 100644
--- a/src/ccapi/common/cci_identifier.c
+++ b/src/ccapi/common/cci_identifier.c
@@ -37,9 +37,9 @@ struct cci_identifier_d cci_identifier_initializer = { NULL, NULL };
 #define cci_uninitialized_server_id "NEEDS_SYNC"
 #define cci_uninitialized_object_id "NEEDS_SYNC"
 
-struct cci_identifier_d cci_identifier_uninitialized_d = { 
-    cci_uninitialized_server_id, 
-    cci_uninitialized_object_id 
+struct cci_identifier_d cci_identifier_uninitialized_d = {
+    cci_uninitialized_server_id,
+    cci_uninitialized_object_id
 };
 const cci_identifier_t cci_identifier_uninitialized = &cci_identifier_uninitialized_d;
 
@@ -58,37 +58,37 @@ static cc_int32 cci_identifier_alloc (cci_identifier_t *out_identifier,
 {
     cc_int32 err = ccNoError;
     cci_identifier_t identifier = NULL;
-    
+
     if (!out_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!in_server_id  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_object_id  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         identifier = malloc (sizeof (*identifier));
-        if (identifier) { 
+        if (identifier) {
             *identifier = cci_identifier_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         identifier->server_id = strdup (in_server_id);
-        if (!identifier->server_id) { err = cci_check_error (ccErrNoMem); }        
+        if (!identifier->server_id) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
         identifier->object_id = strdup (in_object_id);
-        if (!identifier->object_id) { err = cci_check_error (ccErrNoMem); }        
+        if (!identifier->object_id) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
         *out_identifier = identifier;
         identifier = NULL; /* take ownership */
     }
-    
+
     cci_identifier_release (identifier);
-    
+
     return cci_check_error (err);
 }
 
@@ -99,18 +99,18 @@ cc_int32 cci_identifier_new (cci_identifier_t *out_identifier,
 {
     cc_int32 err = ccNoError;
     cci_uuid_string_t object_id = NULL;
-    
+
     if (!out_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!in_server_id  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_os_identifier_new_uuid (&object_id);
     }
-    
+
     if (!err) {
         err = cci_identifier_alloc (out_identifier, in_server_id, object_id);
     }
-    
+
     if (object_id) { free (object_id); }
 
     return cci_check_error (err);
@@ -125,13 +125,13 @@ cc_int32 cci_identifier_copy (cci_identifier_t *out_identifier,
 
     if (!out_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_identifier_alloc (out_identifier, 
+        err = cci_identifier_alloc (out_identifier,
                                     in_identifier->server_id,
                                     in_identifier->object_id);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -140,14 +140,14 @@ cc_int32 cci_identifier_copy (cci_identifier_t *out_identifier,
 cc_int32 cci_identifier_release (cci_identifier_t in_identifier)
 {
     cc_int32 err = ccNoError;
-    
+
     /* Do not free the static "uninitialized" identifier */
     if (!err && in_identifier && in_identifier != cci_identifier_uninitialized) {
         free (in_identifier->server_id);
         free (in_identifier->object_id);
         free (in_identifier);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -162,19 +162,19 @@ cc_int32 cci_identifier_compare (cci_identifier_t  in_identifier,
                                  cc_uint32        *out_equal)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
     if (!in_compare_to_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal               ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        *out_equal = (!strcmp (in_identifier->object_id, 
+        *out_equal = (!strcmp (in_identifier->object_id,
                                in_compare_to_identifier->object_id) &&
-                      !strcmp (in_identifier->server_id, 
+                      !strcmp (in_identifier->server_id,
                                in_compare_to_identifier->server_id));
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -184,17 +184,17 @@ cc_int32 cci_identifier_is_for_server (cci_identifier_t  in_identifier,
                                        cc_uint32        *out_is_for_server)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_identifier    ) { err = cci_check_error (ccErrBadParam); }
     if (!in_server_id     ) { err = cci_check_error (ccErrBadParam); }
     if (!out_is_for_server) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_is_for_server = (!strcmp (in_identifier->server_id, in_server_id) ||
                               !strcmp (in_identifier->server_id, cci_uninitialized_server_id));
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -204,17 +204,17 @@ cc_int32 cci_identifier_compare_server_id (cci_identifier_t  in_identifier,
                                            cc_uint32        *out_equal_server_id)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
     if (!in_compare_to_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal_server_id     ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        *out_equal_server_id = (!strcmp (in_identifier->server_id, 
+        *out_equal_server_id = (!strcmp (in_identifier->server_id,
                                          in_compare_to_identifier->server_id));
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -223,16 +223,16 @@ cc_int32 cci_identifier_is_initialized (cci_identifier_t  in_identifier,
                                         cc_uint32        *out_is_initialized)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_identifier     ) { err = cci_check_error (ccErrBadParam); }
     if (!out_is_initialized) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        *out_is_initialized = (strcmp (in_identifier->server_id, 
+        *out_is_initialized = (strcmp (in_identifier->server_id,
                                        cci_uninitialized_server_id) != 0);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -247,25 +247,25 @@ cc_uint32 cci_identifier_read (cci_identifier_t *out_identifier,
     cc_int32 err = ccNoError;
     cci_uuid_string_t server_id = NULL;
     cci_uuid_string_t object_id = NULL;
-    
+
     if (!out_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!io_stream     ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (io_stream, &server_id);
     }
 
     if (!err) {
         err = krb5int_ipc_stream_read_string (io_stream, &object_id);
-    }    
-     
+    }
+
     if (!err) {
         err = cci_identifier_alloc (out_identifier, server_id, object_id);
     }
-    
+
     krb5int_ipc_stream_free_string (server_id);
     krb5int_ipc_stream_free_string (object_id);
-    
+
     return cci_check_error (err);
 }
 
@@ -275,17 +275,17 @@ cc_uint32 cci_identifier_write (cci_identifier_t in_identifier,
                                 k5_ipc_stream     io_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!io_stream    ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (io_stream, in_identifier->server_id);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (io_stream, in_identifier->object_id);
     }
-    
+
     return cci_check_error (err);
 }
diff --git a/src/ccapi/common/cci_message.c b/src/ccapi/common/cci_message.c
index 0e12c0d48..af1f96153 100644
--- a/src/ccapi/common/cci_message.c
+++ b/src/ccapi/common/cci_message.c
@@ -31,27 +31,27 @@
 cc_int32 cci_message_invalid_object_err (enum cci_msg_id_t in_request_name)
 {
     cc_int32 err = ccNoError;
-    
+
     if (in_request_name > cci_context_first_msg_id &&
         in_request_name < cci_context_last_msg_id) {
         err = ccErrInvalidContext;
-        
+
     } else if (in_request_name > cci_ccache_first_msg_id &&
                in_request_name < cci_ccache_last_msg_id) {
         err = ccErrInvalidCCache;
-        
+
     } else if (in_request_name > cci_ccache_iterator_first_msg_id &&
                in_request_name < cci_ccache_iterator_last_msg_id) {
         err = ccErrInvalidCCacheIterator;
-        
+
     } else if (in_request_name > cci_credentials_iterator_first_msg_id &&
                in_request_name < cci_credentials_iterator_last_msg_id) {
         err = ccErrInvalidCredentialsIterator;
-        
+
     } else {
         err = ccErrBadInternalMessage;
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -63,28 +63,28 @@ cc_int32 cci_message_new_request_header (k5_ipc_stream      *out_request,
 {
     cc_int32 err = ccNoError;
     k5_ipc_stream request = NULL;
-    
+
     if (!out_request) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_request_name);
     }
-    
+
     if (!err) {
         err = cci_identifier_write (in_identifier, request);
     }
-    
+
     if (!err) {
         *out_request = request;
         request = NULL;
     }
-    
+
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -97,27 +97,27 @@ cc_int32 cci_message_read_request_header (k5_ipc_stream       in_request,
     cc_int32 err = ccNoError;
     cc_uint32 request_name;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_request      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_request_name) { err = cci_check_error (ccErrBadParam); }
     if (!out_identifier  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request, &request_name);
     }
-    
+
     if (!err) {
         err = cci_identifier_read (&identifier, in_request);
     }
-    
+
     if (!err) {
         *out_request_name = request_name;
         *out_identifier = identifier;
         identifier = NULL; /* take ownership */
     }
-    
+
     cci_identifier_release (identifier);
-    
+
     return cci_check_error (err);
 }
 
@@ -128,24 +128,24 @@ cc_int32 cci_message_new_reply_header (k5_ipc_stream     *out_reply,
 {
     cc_int32 err = ccNoError;
     k5_ipc_stream reply = NULL;
-    
+
     if (!out_reply) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (reply, in_error);
     }
-    
+
     if (!err) {
         *out_reply = reply;
         reply = NULL;
     }
-    
+
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -156,18 +156,18 @@ cc_int32 cci_message_read_reply_header (k5_ipc_stream      in_reply,
 {
     cc_int32 err = ccNoError;
     cc_int32 reply_err = 0;
-    
+
     if (!in_reply       ) { err = cci_check_error (ccErrBadParam); }
     if (!out_reply_error) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (in_reply, &reply_err);
     }
-    
+
     if (!err) {
         *out_reply_error = reply_err;
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -177,38 +177,38 @@ cc_int32 cci_message_read_reply_header (k5_ipc_stream      in_reply,
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_read_time (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_time (k5_ipc_stream  io_stream,
                                   cc_time_t     *out_time)
 {
     int32_t err = 0;
     int64_t t = 0;
-    
+
     if (!io_stream) { err = cci_check_error (ccErrBadParam); }
     if (!out_time ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int64 (io_stream, &t);
     }
-    
+
     if (!err) {
         *out_time = t;
     }
-    
+
     return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_write_time (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_time (k5_ipc_stream io_stream,
 					cc_time_t     in_time)
 {
     int32_t err = 0;
-    
+
     if (!io_stream) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int64 (io_stream, in_time);
     }
-    
+
     return cci_check_error (err);
 }
diff --git a/src/ccapi/common/cci_message.h b/src/ccapi/common/cci_message.h
index 8c1795b05..01085ac41 100644
--- a/src/ccapi/common/cci_message.h
+++ b/src/ccapi/common/cci_message.h
@@ -45,9 +45,9 @@ cc_int32 cci_message_new_reply_header (k5_ipc_stream     *out_reply,
 cc_int32 cci_message_read_reply_header (k5_ipc_stream in_reply,
                                         cc_int32     *out_reply_error);
 
-uint32_t krb5int_ipc_stream_read_time (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_time (k5_ipc_stream  io_stream,
 				       cc_time_t     *out_time);
-uint32_t krb5int_ipc_stream_write_time (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_time (k5_ipc_stream io_stream,
 					cc_time_t     in_time);
 
 #endif /* CCI_MESSAGE_H */
diff --git a/src/ccapi/common/cci_types.h b/src/ccapi/common/cci_types.h
index 43f7100ce..c3046331e 100644
--- a/src/ccapi/common/cci_types.h
+++ b/src/ccapi/common/cci_types.h
@@ -38,7 +38,7 @@ typedef struct cci_identifier_d *cci_identifier_t;
 enum cci_msg_id_t {
     /* cc_context_t */
     cci_context_first_msg_id,
-    
+
     cci_context_unused_release_msg_id,  /* Unused. Handle for old clients. */
     cci_context_sync_msg_id,
     cci_context_get_change_time_msg_id,
@@ -52,12 +52,12 @@ enum cci_msg_id_t {
     cci_context_new_ccache_iterator_msg_id,
     cci_context_lock_msg_id,
     cci_context_unlock_msg_id,
-    
+
     cci_context_last_msg_id,
-    
+
     /* cc_ccache_t */
     cci_ccache_first_msg_id,
-    
+
     cci_ccache_destroy_msg_id,
     cci_ccache_set_default_msg_id,
     cci_ccache_get_credentials_version_msg_id,
@@ -76,28 +76,28 @@ enum cci_msg_id_t {
     cci_ccache_get_kdc_time_offset_msg_id,
     cci_ccache_set_kdc_time_offset_msg_id,
     cci_ccache_clear_kdc_time_offset_msg_id,
-    
+
     cci_ccache_last_msg_id,
-    
+
     /* cc_ccache_iterator_t */
     cci_ccache_iterator_first_msg_id,
-    
+
     cci_ccache_iterator_release_msg_id,
     cci_ccache_iterator_next_msg_id,
     cci_ccache_iterator_clone_msg_id,
-    
+
     cci_ccache_iterator_last_msg_id,
-    
+
     /* cc_credentials_iterator_t */
     cci_credentials_iterator_first_msg_id,
-    
+
     cci_credentials_iterator_release_msg_id,
     cci_credentials_iterator_next_msg_id,
     cci_credentials_iterator_clone_msg_id,
-    
+
     cci_credentials_iterator_last_msg_id,
-    
+
     cci_max_msg_id  /* must be last! */
-};                              
+};
 
 #endif /* CCI_TYPES_H */
diff --git a/src/ccapi/common/mac/cci_os_identifier.c b/src/ccapi/common/mac/cci_os_identifier.c
index 5f3d0651a..e87e400fc 100644
--- a/src/ccapi/common/mac/cci_os_identifier.c
+++ b/src/ccapi/common/mac/cci_os_identifier.c
@@ -39,42 +39,41 @@ cc_int32 cci_os_identifier_new_uuid (cci_uuid_string_t *out_uuid_string)
     CFStringRef uuid_stringref = NULL;
     CFStringEncoding encoding = kCFStringEncodingUTF8;
     CFIndex length = 0;
-    
+
     if (!out_uuid_string) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         uuid = CFUUIDCreate (kCFAllocatorDefault);
         if (!uuid) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
-        uuid_stringref = CFUUIDCreateString (kCFAllocatorDefault, uuid); 
+        uuid_stringref = CFUUIDCreateString (kCFAllocatorDefault, uuid);
         if (!uuid_stringref) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
-        length = CFStringGetMaximumSizeForEncoding (CFStringGetLength (uuid_stringref), 
+        length = CFStringGetMaximumSizeForEncoding (CFStringGetLength (uuid_stringref),
                                                     encoding) + 1;
-        
+
         uuid_string = malloc (length);
         if (!uuid_string) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
         if (!CFStringGetCString (uuid_stringref, uuid_string, length, encoding)) {
             err = cci_check_error (ccErrNoMem);
-        }        
+        }
     }
-    
+
     if (!err) {
         *out_uuid_string = uuid_string;
         uuid_string = NULL; /* take ownership */
     }
-    
+
     if (uuid_string   ) { free (uuid_string); }
     if (uuid_stringref) { CFRelease (uuid_stringref); }
     if (uuid          ) { CFRelease (uuid); }
-    
+
     return cci_check_error (err);
 }
-
diff --git a/src/ccapi/common/win/OldCC/ccutils.c b/src/ccapi/common/win/OldCC/ccutils.c
index cf881cda1..220b1d1d2 100644
--- a/src/ccapi/common/win/OldCC/ccutils.c
+++ b/src/ccapi/common/win/OldCC/ccutils.c
@@ -57,7 +57,7 @@ BOOL isNT() {
             bIsNT = FALSE;
             break;
             }
-    
+
         if (!bSupportedVersion) {
             cci_debug_printf("%s Running on an unsupported version of Windows", __FUNCTION__);
             status  = 1;
@@ -104,7 +104,7 @@ HANDLE createThreadEvent(char* uuid, char* suffix) {
         }
 #if 0
     cci_debug_printf("%s event_name:%s", __FUNCTION__, event_name);
-#endif    
+#endif
     if (!status) {
         hEvent = CreateEvent(psa, FALSE, FALSE, event_name);
         if (!hEvent)     status = cci_check_error(GetLastError());
@@ -112,7 +112,7 @@ HANDLE createThreadEvent(char* uuid, char* suffix) {
 
     if (!status) ResetEvent(hEvent);
 
-    
+
     if (event_name) free(event_name);
     if (isNT())     free(sa.lpSecurityDescriptor);
 
@@ -137,4 +137,4 @@ HANDLE openThreadEvent(char* uuid, char* suffix) {
     if (event_name) free(event_name);
 
     return hEvent;
-    }
\ No newline at end of file
+    }
diff --git a/src/ccapi/common/win/cci_os_debugging.c b/src/ccapi/common/win/cci_os_debugging.c
index 6e6a7158d..5a8c9e723 100644
--- a/src/ccapi/common/win/cci_os_debugging.c
+++ b/src/ccapi/common/win/cci_os_debugging.c
@@ -24,7 +24,7 @@
  * or implied warranty.
  */
 
-#include <stdio.h> 
+#include <stdio.h>
 #include <stdarg.h>
 
 #include "cci_os_debugging.h"
diff --git a/src/ccapi/common/win/tls.c b/src/ccapi/common/win/tls.c
index 5e0e11d7a..60c8ea160 100644
--- a/src/ccapi/common/win/tls.c
+++ b/src/ccapi/common/win/tls.c
@@ -73,15 +73,15 @@ char*        tspdata_getUUID      (const struct tspdata* p)         {return p->_
 RPC_ASYNC_STATE* tspdata_getRpcAState (const struct tspdata* p)     {return p->_rpcState;}
 
 BOOL WINAPI PutTspData(DWORD dwTlsIndex, struct tspdata* dw) {
-    LPVOID              lpvData; 
-    struct tspdata**    pData;  // The stored memory pointer 
+    LPVOID              lpvData;
+    struct tspdata**    pData;  // The stored memory pointer
 
     // Retrieve a data pointer for the current thread:
-    lpvData = TlsGetValue(dwTlsIndex); 
+    lpvData = TlsGetValue(dwTlsIndex);
 
     // If NULL, allocate memory for the TLS slot for this thread:
     if (lpvData == NULL) {
-        lpvData = (LPVOID) LocalAlloc(LPTR, sizeof(struct tspdata)); 
+        lpvData = (LPVOID) LocalAlloc(LPTR, sizeof(struct tspdata));
         if (lpvData == NULL)                      return FALSE;
         if (!TlsSetValue(dwTlsIndex, lpvData))    return FALSE;
         }
@@ -95,12 +95,10 @@ BOOL WINAPI PutTspData(DWORD dwTlsIndex, struct tspdata* dw) {
     }
 
 BOOL WINAPI GetTspData(DWORD dwTlsIndex, struct tspdata**  pdw) {
-    struct tspdata*  pData;      // The stored memory pointer 
+    struct tspdata*  pData;      // The stored memory pointer
 
-    pData = (struct tspdata*)TlsGetValue(dwTlsIndex); 
+    pData = (struct tspdata*)TlsGetValue(dwTlsIndex);
     if (pData == NULL) return FALSE;
     (*pdw) = pData;
     return TRUE;
     }
-
-
diff --git a/src/ccapi/common/win/tls.h b/src/ccapi/common/win/tls.h
index 32854f076..d688ed230 100644
--- a/src/ccapi/common/win/tls.h
+++ b/src/ccapi/common/win/tls.h
@@ -37,7 +37,7 @@
 
 #define UUID_SIZE   128
 
-/* The client code can be run in any client thread.  
+/* The client code can be run in any client thread.
    The thread-specific data is defined here.
  */
 
diff --git a/src/ccapi/common/win/win-utils.c b/src/ccapi/common/win/win-utils.c
index f60ee3b8f..3795ca544 100644
--- a/src/ccapi/common/win/win-utils.c
+++ b/src/ccapi/common/win/win-utils.c
@@ -52,18 +52,18 @@ char* clientEndpoint(const char* UUID) {
     strncat(_clientEndpoint, UUID, UUID_SIZE);
 //    cci_debug_printf("%s returning %s", __FUNCTION__, _clientEndpoint);
     return _clientEndpoint;
-    }       
+    }
 
 char* serverEndpoint(const char* user) {
     char* _serverEndpoint   = (char*)malloc(strlen(user) + strlen(serverPrefix) + 2);
     strcpy(_serverEndpoint, serverPrefix);
     strncat(_serverEndpoint, user, UUID_SIZE);
     return _serverEndpoint;
-    }       
+    }
 
 char* timestamp() {
     SYSTEMTIME  _stime;
     GetSystemTime(&_stime);
     GetTimeFormat(LOCALE_SYSTEM_DEFAULT, 0, &_stime, "HH:mm:ss", _ts, sizeof(_ts)-1);
     return _ts;
-    }
\ No newline at end of file
+    }
diff --git a/src/ccapi/lib/ccapi_ccache.c b/src/ccapi/lib/ccapi_ccache.c
index ec64c44d2..9104c8e0f 100644
--- a/src/ccapi/lib/ccapi_ccache.c
+++ b/src/ccapi/lib/ccapi_ccache.c
@@ -45,14 +45,14 @@ typedef struct cci_ccache_d {
 
 /* ------------------------------------------------------------------------ */
 
-struct cci_ccache_d cci_ccache_initializer = { 
-    NULL 
-    VECTOR_FUNCTIONS_INITIALIZER, 
+struct cci_ccache_d cci_ccache_initializer = {
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
     NULL,
     0
 };
 
-cc_ccache_f cci_ccache_f_initializer = { 
+cc_ccache_f cci_ccache_f_initializer = {
     ccapi_ccache_release,
     ccapi_ccache_destroy,
     ccapi_ccache_set_default,
@@ -82,39 +82,39 @@ cc_int32 cci_ccache_new (cc_ccache_t      *out_ccache,
 {
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = NULL;
-    
+
     if (!out_ccache   ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
 
     if (!err) {
         ccache = malloc (sizeof (*ccache));
-        if (ccache) { 
+        if (ccache) {
             *ccache = cci_ccache_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         ccache->functions = malloc (sizeof (*ccache->functions));
-        if (ccache->functions) { 
+        if (ccache->functions) {
             *ccache->functions = cci_ccache_f_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = cci_identifier_copy (&ccache->identifier, in_identifier);
     }
-    
+
     if (!err) {
         *out_ccache = (cc_ccache_t) ccache;
         ccache = NULL; /* take ownership */
     }
-    
+
     ccapi_ccache_release ((cc_ccache_t) ccache);
-    
+
     return cci_check_error (err);
 }
 
@@ -125,14 +125,14 @@ cc_int32 cci_ccache_write (cc_ccache_t  in_ccache,
 {
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
-    
+
     if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
     if (!in_stream) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_identifier_write (ccache->identifier, in_stream);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -146,16 +146,16 @@ cc_int32 ccapi_ccache_release (cc_ccache_t io_ccache)
 {
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
-    
+
     if (!io_ccache) { err = ccErrBadParam; }
-    
+
     if (!err) {
         cci_identifier_release (ccache->identifier);
-        
+
         free ((char *) ccache->functions);
         free (ccache);
     }
-    
+
     return err;
 }
 
@@ -165,20 +165,20 @@ cc_int32 ccapi_ccache_destroy (cc_ccache_t io_ccache)
 {
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
-    
+
     if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_destroy_msg_id,
                              ccache->identifier,
                              NULL,
                              NULL);
     }
-    
+
     if (!err) {
         err = ccapi_ccache_release (io_ccache);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -188,16 +188,16 @@ cc_int32 ccapi_ccache_set_default (cc_ccache_t io_ccache)
 {
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
-    
+
     if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_set_default_msg_id,
                              ccache->identifier,
                              NULL,
                              NULL);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -209,23 +209,23 @@ cc_int32 ccapi_ccache_get_credentials_version (cc_ccache_t  in_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
     k5_ipc_stream reply = NULL;
-    
+
     if (!in_ccache              ) { err = cci_check_error (ccErrBadParam); }
     if (!out_credentials_version) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_get_credentials_version_msg_id,
                              ccache->identifier,
                              NULL,
                              &reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (reply, out_credentials_version);
     }
-    
+
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -238,28 +238,28 @@ cc_int32 ccapi_ccache_get_name (cc_ccache_t  in_ccache,
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
     k5_ipc_stream reply = NULL;
     char *name = NULL;
-    
+
     if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
     if (!out_name ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_get_name_msg_id,
                              ccache->identifier,
                              NULL,
                              &reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (reply, &name);
     }
-    
+
     if (!err) {
         err = cci_string_new (out_name, name);
     }
-    
+
     krb5int_ipc_stream_release (reply);
     krb5int_ipc_stream_free_string (name);
-        
+
     return cci_check_error (err);
 }
 
@@ -274,37 +274,37 @@ cc_int32 ccapi_ccache_get_principal (cc_ccache_t  in_ccache,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     char *principal = NULL;
-    
+
     if (!in_ccache    ) { err = cci_check_error (ccErrBadParam); }
     if (!out_principal) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_get_principal_msg_id,
                              ccache->identifier,
                              request,
                              &reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (reply, &principal);
     }
-    
+
     if (!err) {
         err = cci_string_new (out_principal, principal);
     }
-    
+
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
     krb5int_ipc_stream_free_string (principal);
-    
+
     return cci_check_error (err);
 }
 
@@ -317,18 +317,18 @@ cc_int32 ccapi_ccache_set_principal (cc_ccache_t  io_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
     k5_ipc_stream request = NULL;
-    
+
     if (!io_ccache   ) { err = cci_check_error (ccErrBadParam); }
     if (!in_principal) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, in_principal);
     }
@@ -339,7 +339,7 @@ cc_int32 ccapi_ccache_set_principal (cc_ccache_t  io_ccache,
                              request,
                              NULL);
     }
-    
+
     krb5int_ipc_stream_release (request);
 
     return cci_check_error (err);
@@ -353,27 +353,27 @@ cc_int32 ccapi_ccache_store_credentials (cc_ccache_t                 io_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
     k5_ipc_stream request = NULL;
-    
+
     if (!io_ccache           ) { err = cci_check_error (ccErrBadParam); }
     if (!in_credentials_union) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = cci_credentials_union_write (in_credentials_union, request);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_store_credentials_msg_id,
                              ccache->identifier,
                              request,
                              NULL);
     }
-    
+
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -385,27 +385,27 @@ cc_int32 ccapi_ccache_remove_credentials (cc_ccache_t      io_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
     k5_ipc_stream request = NULL;
-    
+
     if (!io_ccache     ) { err = cci_check_error (ccErrBadParam); }
     if (!in_credentials) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = cci_credentials_write (in_credentials, request);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_remove_credentials_msg_id,
                              ccache->identifier,
                              request,
                              NULL);
     }
-    
+
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -418,25 +418,25 @@ cc_int32 ccapi_ccache_new_credentials_iterator (cc_ccache_t                in_cc
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_ccache               ) { err = cci_check_error (ccErrBadParam); }
     if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_new_credentials_iterator_msg_id,
                              ccache->identifier,
                              NULL,
                              &reply);
     }
-    
+
     if (!err) {
         err =  cci_identifier_read (&identifier, reply);
     }
-    
+
     if (!err) {
         err = cci_credentials_iterator_new (out_credentials_iterator, identifier);
     }
-    
+
     krb5int_ipc_stream_release (reply);
     cci_identifier_release (identifier);
 
@@ -454,25 +454,25 @@ cc_int32 ccapi_ccache_move (cc_ccache_t io_source_ccache,
     cci_ccache_t source_ccache = (cci_ccache_t) io_source_ccache;
     cci_ccache_t destination_ccache = (cci_ccache_t) io_destination_ccache;
     k5_ipc_stream request = NULL;
-    
+
     if (!io_source_ccache     ) { err = cci_check_error (ccErrBadParam); }
     if (!io_destination_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = cci_identifier_write (source_ccache->identifier, request);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_move_msg_id,
                              destination_ccache->identifier,
                              request,
                              NULL);
     }
-    
+
     krb5int_ipc_stream_release (request);
 
     return cci_check_error (err);
@@ -487,30 +487,30 @@ cc_int32 ccapi_ccache_lock (cc_ccache_t io_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
     k5_ipc_stream request = NULL;
-    
+
     if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_lock_type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_block);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_lock_msg_id,
                              ccache->identifier,
                              request,
                              NULL);
     }
-    
+
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -520,16 +520,16 @@ cc_int32 ccapi_ccache_unlock (cc_ccache_t io_ccache)
 {
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
-    
+
     if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_unlock_msg_id,
                              ccache->identifier,
                              NULL,
                              NULL);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -541,21 +541,21 @@ cc_int32 ccapi_ccache_get_last_default_time (cc_ccache_t  in_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
     k5_ipc_stream reply = NULL;
-    
+
     if (!in_ccache            ) { err = cci_check_error (ccErrBadParam); }
     if (!out_last_default_time) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_get_last_default_time_msg_id,
                              ccache->identifier,
                              NULL,
                              &reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (reply, out_last_default_time);
     }
-    
+
     krb5int_ipc_stream_release (reply);
 
     return cci_check_error (err);
@@ -569,23 +569,23 @@ cc_int32 ccapi_ccache_get_change_time (cc_ccache_t  in_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
     k5_ipc_stream reply = NULL;
-    
+
     if (!in_ccache      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_change_time) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_get_change_time_msg_id,
                              ccache->identifier,
                              NULL,
                              &reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (reply, out_change_time);
     }
-    
+
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -597,31 +597,31 @@ cc_int32 ccapi_ccache_wait_for_change (cc_ccache_t  in_ccache)
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
-    
+
     if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (request, ccache->last_wait_for_change_time);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_wait_for_change_msg_id,
                              ccache->identifier,
-                             request, 
+                             request,
 			     &reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (reply, &ccache->last_wait_for_change_time);
-    }    
-        
+    }
+
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -634,17 +634,17 @@ cc_int32 ccapi_ccache_compare (cc_ccache_t  in_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
     cci_ccache_t compare_to_ccache = (cci_ccache_t) in_compare_to_ccache;
-    
+
     if (!in_ccache           ) { err = cci_check_error (ccErrBadParam); }
     if (!in_compare_to_ccache) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal           ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_identifier_compare (ccache->identifier, 
+        err = cci_identifier_compare (ccache->identifier,
                                       compare_to_ccache->identifier,
                                       out_equal);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -658,14 +658,14 @@ cc_int32 ccapi_ccache_get_kdc_time_offset (cc_ccache_t  in_ccache,
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
-    
+
     if (!in_ccache      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_time_offset) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
     }
@@ -676,14 +676,14 @@ cc_int32 ccapi_ccache_get_kdc_time_offset (cc_ccache_t  in_ccache,
                              request,
                              &reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (reply, out_time_offset);
     }
-    
+
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -696,30 +696,30 @@ cc_int32 ccapi_ccache_set_kdc_time_offset (cc_ccache_t io_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
     k5_ipc_stream request = NULL;
-    
+
     if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (request, in_time_offset);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_set_kdc_time_offset_msg_id,
                              ccache->identifier,
                              request,
                              NULL);
     }
-    
+
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -731,26 +731,26 @@ cc_int32 ccapi_ccache_clear_kdc_time_offset (cc_ccache_t io_ccache,
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
     k5_ipc_stream request = NULL;
-    
+
     if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_credentials_version);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_clear_kdc_time_offset_msg_id,
                              ccache->identifier,
                              request,
                              NULL);
     }
-    
+
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -765,14 +765,14 @@ cc_int32 cci_ccache_get_compat_version (cc_ccache_t  in_ccache,
 {
     cc_int32 err = ccNoError;
     cci_ccache_t ccache = (cci_ccache_t) in_ccache;
-    
+
     if (!in_ccache         ) { err = cci_check_error (ccErrBadParam); }
     if (!out_compat_version) { err = cci_check_error (ccErrBadParam); }
-   
+
     if (!err) {
         *out_compat_version = ccache->compat_version;
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -785,10 +785,10 @@ cc_int32 cci_ccache_set_compat_version (cc_ccache_t io_ccache,
     cci_ccache_t ccache = (cci_ccache_t) io_ccache;
 
     if (!io_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         ccache->compat_version = in_compat_version;
     }
-    
+
     return cci_check_error (err);
 }
diff --git a/src/ccapi/lib/ccapi_ccache_iterator.c b/src/ccapi/lib/ccapi_ccache_iterator.c
index 0df9e0f8e..aa10e1e42 100644
--- a/src/ccapi/lib/ccapi_ccache_iterator.c
+++ b/src/ccapi/lib/ccapi_ccache_iterator.c
@@ -41,14 +41,14 @@ typedef struct cci_ccache_iterator_d {
 
 /* ------------------------------------------------------------------------ */
 
-struct cci_ccache_iterator_d cci_ccache_iterator_initializer = { 
-    NULL 
-    VECTOR_FUNCTIONS_INITIALIZER, 
+struct cci_ccache_iterator_d cci_ccache_iterator_initializer = {
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
     NULL,
     NULL
 };
 
-cc_ccache_iterator_f cci_ccache_iterator_f_initializer = { 
+cc_ccache_iterator_f cci_ccache_iterator_f_initializer = {
     ccapi_ccache_iterator_release,
     ccapi_ccache_iterator_next,
     ccapi_ccache_iterator_clone
@@ -64,36 +64,36 @@ cc_int32 cci_ccache_iterator_new (cc_ccache_iterator_t *out_ccache_iterator,
 
     if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         ccache_iterator = malloc (sizeof (*ccache_iterator));
-        if (ccache_iterator) { 
+        if (ccache_iterator) {
             *ccache_iterator = cci_ccache_iterator_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         ccache_iterator->functions = malloc (sizeof (*ccache_iterator->functions));
-        if (ccache_iterator->functions) { 
+        if (ccache_iterator->functions) {
             *ccache_iterator->functions = cci_ccache_iterator_f_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = cci_identifier_copy (&ccache_iterator->identifier, in_identifier);
     }
-    
+
     if (!err) {
         *out_ccache_iterator = (cc_ccache_iterator_t) ccache_iterator;
         ccache_iterator = NULL; /* take ownership */
     }
-    
+
     ccapi_ccache_iterator_release ((cc_ccache_iterator_t) ccache_iterator);
-    
+
     return cci_check_error (err);
 }
 
@@ -104,14 +104,14 @@ cc_int32 cci_ccache_iterator_write (cc_ccache_iterator_t in_ccache_iterator,
 {
     cc_int32 err = ccNoError;
     cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) in_ccache_iterator;
-    
+
     if (!in_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!in_stream         ) { err = cci_check_error (ccErrBadParam); }
-        
+
     if (!err) {
         err =  cci_identifier_write (ccache_iterator->identifier, in_stream);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -121,35 +121,35 @@ cc_int32 ccapi_ccache_iterator_release (cc_ccache_iterator_t io_ccache_iterator)
 {
     cc_int32 err = ccNoError;
     cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) io_ccache_iterator;
-    
+
     if (!io_ccache_iterator) { err = ccErrBadParam; }
-    
+
     if (!err) {
         cc_uint32 initialized = 0;
-        
+
         err = cci_identifier_is_initialized (ccache_iterator->identifier,
                                              &initialized);
-        
+
         if (!err && initialized) {
             err =  cci_ipc_send (cci_ccache_iterator_release_msg_id,
                                  ccache_iterator->identifier,
                                  NULL,
                                  NULL);
             if (err) {
-                cci_debug_printf ("%s: cci_ipc_send failed with error %d", 
+                cci_debug_printf ("%s: cci_ipc_send failed with error %d",
                                  __FUNCTION__, err);
                 err = ccNoError;
             }
         }
     }
-    
+
     if (!err) {
         free ((char *) ccache_iterator->functions);
         cci_identifier_release (ccache_iterator->identifier);
         free (ccache_iterator->saved_ccache_name);
         free (ccache_iterator);
     }
-    
+
     return err;
 }
 
@@ -162,10 +162,10 @@ cc_int32 ccapi_ccache_iterator_next (cc_ccache_iterator_t  in_ccache_iterator,
     cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) in_ccache_iterator;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache        ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         cc_uint32 initialized = 0;
 
@@ -177,25 +177,25 @@ cc_int32 ccapi_ccache_iterator_next (cc_ccache_iterator_t  in_ccache_iterator,
             err = cci_check_error (ccIteratorEnd);
         }
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_ccache_iterator_next_msg_id,
                              ccache_iterator->identifier,
                              NULL,
                              &reply);
     }
-    
+
     if (!err) {
         err = cci_identifier_read (&identifier, reply);
     }
-    
+
     if (!err) {
         err = cci_ccache_new (out_ccache, identifier);
     }
-    
+
     krb5int_ipc_stream_release (reply);
     cci_identifier_release (identifier);
-    
+
     return cci_check_error (err);
 }
 
@@ -209,10 +209,10 @@ cc_int32 ccapi_ccache_iterator_clone (cc_ccache_iterator_t  in_ccache_iterator,
     k5_ipc_stream reply = NULL;
     cc_uint32 initialized = 0;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_ccache_iterator ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_identifier_is_initialized (ccache_iterator->identifier,
                                              &initialized);
@@ -224,7 +224,7 @@ cc_int32 ccapi_ccache_iterator_clone (cc_ccache_iterator_t  in_ccache_iterator,
                                  ccache_iterator->identifier,
                                  NULL,
                                  &reply);
-            
+
             if (!err) {
                 err =  cci_identifier_read (&identifier, reply);
             }
@@ -234,14 +234,14 @@ cc_int32 ccapi_ccache_iterator_clone (cc_ccache_iterator_t  in_ccache_iterator,
             identifier = cci_identifier_uninitialized;
         }
     }
-    
+
     if (!err) {
         err = cci_ccache_iterator_new (out_ccache_iterator, identifier);
     }
 
     cci_identifier_release (identifier);
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -252,14 +252,14 @@ cc_int32 cci_ccache_iterator_get_saved_ccache_name (cc_ccache_iterator_t   in_cc
 {
     cc_int32 err = ccNoError;
     cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) in_ccache_iterator;
-    
+
     if (!in_ccache_iterator   ) { err = cci_check_error (ccErrBadParam); }
     if (!out_saved_ccache_name) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_saved_ccache_name = ccache_iterator->saved_ccache_name;
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -271,22 +271,22 @@ cc_int32 cci_ccache_iterator_set_saved_ccache_name (cc_ccache_iterator_t  io_cca
     cc_int32 err = ccNoError;
     cci_ccache_iterator_t ccache_iterator = (cci_ccache_iterator_t) io_ccache_iterator;
     char *new_saved_ccache_name = NULL;
-    
+
     if (!io_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && in_saved_ccache_name) {
         new_saved_ccache_name = strdup (in_saved_ccache_name);
         if (!new_saved_ccache_name) { err = ccErrNoMem; }
     }
-    
+
     if (!err) {
         free (ccache_iterator->saved_ccache_name);
-        
+
         ccache_iterator->saved_ccache_name = new_saved_ccache_name;
         new_saved_ccache_name = NULL; /* take ownership */
     }
-    
+
     free (new_saved_ccache_name);
-    
+
     return cci_check_error (err);
 }
diff --git a/src/ccapi/lib/ccapi_context.c b/src/ccapi/lib/ccapi_context.c
index 9b1d05dc8..da8aa59f0 100644
--- a/src/ccapi/lib/ccapi_context.c
+++ b/src/ccapi/lib/ccapi_context.c
@@ -49,15 +49,15 @@ typedef struct cci_context_d {
 
 /* ------------------------------------------------------------------------ */
 
-struct cci_context_d cci_context_initializer = { 
-    NULL 
+struct cci_context_d cci_context_initializer = {
+    NULL
     VECTOR_FUNCTIONS_INITIALIZER,
     NULL,
     0,
     0
 };
 
-cc_context_f cci_context_f_initializer = { 
+cc_context_f cci_context_f_initializer = {
     ccapi_context_release,
     ccapi_context_get_change_time,
     ccapi_context_get_default_ccache_name,
@@ -73,7 +73,7 @@ cc_context_f cci_context_f_initializer = {
     ccapi_context_wait_for_change
 };
 
-static cc_int32 cci_context_sync (cci_context_t in_context, 
+static cc_int32 cci_context_sync (cci_context_t in_context,
                                   cc_uint32     in_launch);
 
 #ifdef TARGET_OS_MAC
@@ -88,19 +88,19 @@ MAKE_FINI_FUNCTION(cci_thread_fini);
 static int cci_thread_init (void)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err) {
         err = cci_context_change_time_thread_init ();
     }
-    
+
     if (!err) {
         err = cci_ipc_thread_init ();
     }
-    
+
     if (!err) {
         add_error_table (&et_CAPI_error_table);
     }
-    
+
     return err;
 }
 
@@ -111,7 +111,7 @@ static void cci_thread_fini (void)
     if (!INITIALIZER_RAN (cci_thread_init) || PROGRAM_EXITING ()) {
 	return;
     }
-    
+
     remove_error_table(&et_CAPI_error_table);
     cci_context_change_time_thread_fini ();
     cci_ipc_thread_fini ();
@@ -132,64 +132,64 @@ cc_int32 cc_initialize (cc_context_t  *out_context,
     cc_int32 err = ccNoError;
     cci_context_t context = NULL;
     static char *vendor_string = "MIT Kerberos CCAPI";
-    
+
     if (!out_context) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = CALL_INIT_FUNCTION (cci_thread_init);
     }
-    
+
     if (!err) {
-        switch (in_version) { 
-            case ccapi_version_2: 
+        switch (in_version) {
+            case ccapi_version_2:
             case ccapi_version_3:
             case ccapi_version_4:
             case ccapi_version_5:
             case ccapi_version_6:
             case ccapi_version_7:
                 break;
-            
-            default: 
+
+            default:
                 err = ccErrBadAPIVersion;
                 break;
         }
     }
-    
+
     if (!err) {
         context = malloc (sizeof (*context));
-        if (context) { 
+        if (context) {
             *context = cci_context_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         context->functions = malloc (sizeof (*context->functions));
-        if (context->functions) { 
+        if (context->functions) {
             *context->functions = cci_context_f_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         context->identifier = cci_identifier_uninitialized;
 
         *out_context = (cc_context_t) context;
         context = NULL; /* take ownership */
-        
+
         if (out_supported_version) {
             *out_supported_version = ccapi_version_max;
         }
-        
+
         if (out_vendor) {
             *out_vendor = vendor_string;
         }
     }
-    
+
     ccapi_context_release ((cc_context_t) context);
-    
+
     return cci_check_error (err);
 }
 
@@ -198,30 +198,30 @@ cc_int32 cc_initialize (cc_context_t  *out_context,
 #endif
 
 /* ------------------------------------------------------------------------ */
-/* 
- * Currently does not need to talk to the server since the server must 
- * handle cleaning up resources from crashed clients anyway.  
- * 
- * NOTE: if server communication is ever added here, make sure that 
+/*
+ * Currently does not need to talk to the server since the server must
+ * handle cleaning up resources from crashed clients anyway.
+ *
+ * NOTE: if server communication is ever added here, make sure that
  * krb5_stdcc_shutdown calls an internal function which does not talk to the
- * server.  krb5_stdcc_shutdown is called from thread fini functions and may 
- * crash talking to the server depending on what order the OS calls the fini 
- * functions (ie: if the ipc layer fini function is called first). 
+ * server.  krb5_stdcc_shutdown is called from thread fini functions and may
+ * crash talking to the server depending on what order the OS calls the fini
+ * functions (ie: if the ipc layer fini function is called first).
  */
 
 cc_int32 ccapi_context_release (cc_context_t in_context)
 {
     cc_int32 err = ccNoError;
     cci_context_t context = (cci_context_t) in_context;
-    
+
     if (!in_context) { err = ccErrBadParam; }
-    
+
     if (!err) {
         cci_identifier_release (context->identifier);
         free (context->functions);
         free (context);
     }
-    
+
     return err;
 }
 
@@ -233,10 +233,10 @@ cc_int32 ccapi_context_get_change_time (cc_context_t  in_context,
     cc_int32 err = ccNoError;
     cci_context_t context = (cci_context_t) in_context;
     k5_ipc_stream reply = NULL;
-    
+
     if (!in_context     ) { err = cci_check_error (ccErrBadParam); }
     if (!out_change_time) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_context_sync (context, 0);
     }
@@ -246,25 +246,25 @@ cc_int32 ccapi_context_get_change_time (cc_context_t  in_context,
                                        context->identifier,
                                        NULL, &reply);
     }
-    
+
     if (!err && krb5int_ipc_stream_size (reply) > 0) {
         cc_time_t change_time = 0;
-        
+
         /* got a response from the server */
         err = krb5int_ipc_stream_read_time (reply, &change_time);
-        
+
         if (!err) {
             err = cci_context_change_time_update (context->identifier,
                                                   change_time);
         }
     }
-    
+
     if (!err) {
         err = cci_context_change_time_get (out_change_time);
     }
-    
+
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -276,13 +276,13 @@ cc_int32 ccapi_context_wait_for_change (cc_context_t  in_context)
     cci_context_t context = (cci_context_t) in_context;
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (request, context->last_wait_for_change_time);
     }
@@ -290,18 +290,18 @@ cc_int32 ccapi_context_wait_for_change (cc_context_t  in_context)
     if (!err) {
         err = cci_context_sync (context, 1);
     }
-    
+
     if (!err) {
         err = cci_ipc_send (cci_context_wait_for_change_msg_id,
 			    context->identifier,
-			    request, 
+			    request,
 			    &reply);
     }
 
     if (!err) {
         err = krb5int_ipc_stream_read_time (reply, &context->last_wait_for_change_time);
     }
-    
+
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
 
@@ -318,26 +318,26 @@ cc_int32 ccapi_context_get_default_ccache_name (cc_context_t  in_context,
     k5_ipc_stream reply = NULL;
     char *reply_name = NULL;
     char *name = NULL;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!out_name  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_context_sync (context, 0);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send_no_launch (cci_context_get_default_ccache_name_msg_id,
                                        context->identifier,
                                        NULL,
                                        &reply);
     }
-    
+
     if (!err) {
         if (krb5int_ipc_stream_size (reply) > 0) {
             /* got a response from the server */
             err = krb5int_ipc_stream_read_string (reply, &reply_name);
-            
+
             if (!err) {
                 name = reply_name;
             }
@@ -345,14 +345,14 @@ cc_int32 ccapi_context_get_default_ccache_name (cc_context_t  in_context,
             name = k_cci_context_initial_ccache_name;
         }
     }
-    
+
     if (!err) {
         err = cci_string_new (out_name, name);
     }
-    
+
     krb5int_ipc_stream_release (reply);
     krb5int_ipc_stream_free_string (reply_name);
-    
+
     return cci_check_error (err);
 }
 
@@ -367,46 +367,46 @@ cc_int32 ccapi_context_open_ccache (cc_context_t  in_context,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_name     ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, in_name);
     }
-    
+
     if (!err) {
         err = cci_context_sync (context, 0);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send_no_launch (cci_context_open_ccache_msg_id,
                                        context->identifier,
                                        request,
                                        &reply);
     }
-    
+
     if (!err && !(krb5int_ipc_stream_size (reply) > 0)) {
         err = ccErrCCacheNotFound;
     }
-    
+
     if (!err) {
         err = cci_identifier_read (&identifier, reply);
     }
-    
+
     if (!err) {
         err = cci_ccache_new (out_ccache, identifier);
     }
-    
+
     cci_identifier_release (identifier);
     krb5int_ipc_stream_release (reply);
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -419,36 +419,36 @@ cc_int32 ccapi_context_open_default_ccache (cc_context_t  in_context,
     cci_context_t context = (cci_context_t) in_context;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_context_sync (context, 0);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send_no_launch (cci_context_open_default_ccache_msg_id,
                                        context->identifier,
                                        NULL,
                                        &reply);
     }
-    
+
     if (!err && !(krb5int_ipc_stream_size (reply) > 0)) {
         err = ccErrCCacheNotFound;
     }
-    
+
     if (!err) {
         err = cci_identifier_read (&identifier, reply);
     }
-    
+
     if (!err) {
         err = cci_ccache_new (out_ccache, identifier);
     }
-    
+
     cci_identifier_release (identifier);
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -457,7 +457,7 @@ cc_int32 ccapi_context_open_default_ccache (cc_context_t  in_context,
 cc_int32 ccapi_context_create_ccache (cc_context_t  in_context,
                                       const char   *in_name,
                                       cc_uint32     in_cred_vers,
-                                      const char   *in_principal, 
+                                      const char   *in_principal,
                                       cc_ccache_t  *out_ccache)
 {
     cc_int32 err = ccNoError;
@@ -465,51 +465,51 @@ cc_int32 ccapi_context_create_ccache (cc_context_t  in_context,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_name     ) { err = cci_check_error (ccErrBadParam); }
     if (!in_principal) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, in_name);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, in_principal);
     }
-    
+
     if (!err) {
         err = cci_context_sync (context, 1);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_context_create_ccache_msg_id,
                              context->identifier,
                              request,
                              &reply);
     }
-    
+
     if (!err) {
         err = cci_identifier_read (&identifier, reply);
     }
-    
+
     if (!err) {
         err = cci_ccache_new (out_ccache, identifier);
     }
-    
+
     cci_identifier_release (identifier);
     krb5int_ipc_stream_release (reply);
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -517,7 +517,7 @@ cc_int32 ccapi_context_create_ccache (cc_context_t  in_context,
 
 cc_int32 ccapi_context_create_default_ccache (cc_context_t  in_context,
                                               cc_uint32     in_cred_vers,
-                                              const char   *in_principal, 
+                                              const char   *in_principal,
                                               cc_ccache_t  *out_ccache)
 {
     cc_int32 err = ccNoError;
@@ -525,46 +525,46 @@ cc_int32 ccapi_context_create_default_ccache (cc_context_t  in_context,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_principal) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, in_principal);
     }
-    
+
     if (!err) {
         err = cci_context_sync (context, 1);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_context_create_default_ccache_msg_id,
                              context->identifier,
                              request,
                              &reply);
     }
-    
+
     if (!err) {
         err = cci_identifier_read (&identifier, reply);
     }
-    
+
     if (!err) {
         err = cci_ccache_new (out_ccache, identifier);
     }
-    
+
     cci_identifier_release (identifier);
     krb5int_ipc_stream_release (reply);
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -572,7 +572,7 @@ cc_int32 ccapi_context_create_default_ccache (cc_context_t  in_context,
 
 cc_int32 ccapi_context_create_new_ccache (cc_context_t in_context,
                                           cc_uint32    in_cred_vers,
-                                          const char  *in_principal, 
+                                          const char  *in_principal,
                                           cc_ccache_t *out_ccache)
 {
     cc_int32 err = ccNoError;
@@ -580,46 +580,46 @@ cc_int32 ccapi_context_create_new_ccache (cc_context_t in_context,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_principal) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_cred_vers);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, in_principal);
     }
-    
+
     if (!err) {
         err = cci_context_sync (context, 1);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_context_create_new_ccache_msg_id,
                              context->identifier,
                              request,
                              &reply);
     }
-    
+
     if (!err) {
         err = cci_identifier_read (&identifier, reply);
     }
-    
+
     if (!err) {
         err = cci_ccache_new (out_ccache, identifier);
     }
-    
+
     cci_identifier_release (identifier);
     krb5int_ipc_stream_release (reply);
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -632,21 +632,21 @@ cc_int32 ccapi_context_new_ccache_iterator (cc_context_t          in_context,
     cci_context_t context = (cci_context_t) in_context;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!out_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_context_sync (context, 0);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send_no_launch (cci_context_new_ccache_iterator_msg_id,
                                        context->identifier,
                                        NULL,
                                        &reply);
     }
-    
+
     if (!err) {
         if (krb5int_ipc_stream_size (reply) > 0) {
             err = cci_identifier_read (&identifier, reply);
@@ -654,7 +654,7 @@ cc_int32 ccapi_context_new_ccache_iterator (cc_context_t          in_context,
             identifier = cci_identifier_uninitialized;
         }
     }
-    
+
     if (!err) {
         err = cci_ccache_iterator_new (out_iterator, identifier);
     }
@@ -674,34 +674,34 @@ cc_int32 ccapi_context_lock (cc_context_t in_context,
     cc_int32 err = ccNoError;
     cci_context_t context = (cci_context_t) in_context;
     k5_ipc_stream request = NULL;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_lock_type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (request, in_block);
     }
-    
+
     if (!err) {
         err = cci_context_sync (context, 1);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_context_lock_msg_id,
                              context->identifier,
                              request,
                              NULL);
     }
-    
+
     krb5int_ipc_stream_release (request);
-    
+
     return cci_check_error (err);
 }
 
@@ -711,20 +711,20 @@ cc_int32 ccapi_context_unlock (cc_context_t in_context)
 {
     cc_int32 err = ccNoError;
     cci_context_t context = (cci_context_t) in_context;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_context_sync (context, 1);
     }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_context_unlock_msg_id,
                              context->identifier,
                              NULL,
                              NULL);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -737,27 +737,27 @@ cc_int32 ccapi_context_compare (cc_context_t  in_context,
     cc_int32 err = ccNoError;
     cci_context_t context = (cci_context_t) in_context;
     cci_context_t compare_to_context = (cci_context_t) in_compare_to_context;
-    
+
     if (!in_context           ) { err = cci_check_error (ccErrBadParam); }
     if (!in_compare_to_context) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal            ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_context_sync (context, 0);
     }
-    
+
     if (!err) {
         err = cci_context_sync (compare_to_context, 0);
     }
-    
+
     if (!err) {
-        /* If both contexts can't talk to the server, then 
+        /* If both contexts can't talk to the server, then
          * we assume they are equivalent */
-        err = cci_identifier_compare (context->identifier, 
+        err = cci_identifier_compare (context->identifier,
                                       compare_to_context->identifier,
                                       out_equal);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -767,16 +767,16 @@ cc_int32 ccapi_context_compare (cc_context_t  in_context,
 
 /* ------------------------------------------------------------------------ */
 
-static cc_int32 cci_context_sync (cci_context_t in_context, 
+static cc_int32 cci_context_sync (cci_context_t in_context,
                                   cc_uint32     in_launch)
 {
     cc_int32 err = ccNoError;
     cci_context_t context = (cci_context_t) in_context;
     k5_ipc_stream reply = NULL;
     cci_identifier_t new_identifier = NULL;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         /* Use the uninitialized identifier because we may be talking  */
         /* to a different server which would reject our identifier and */
@@ -793,7 +793,7 @@ static cc_int32 cci_context_sync (cci_context_t in_context,
                                            &reply);
         }
     }
-    
+
     if (!err) {
         if (krb5int_ipc_stream_size (reply) > 0) {
             err = cci_identifier_read (&new_identifier, reply);
@@ -801,7 +801,7 @@ static cc_int32 cci_context_sync (cci_context_t in_context,
             new_identifier = cci_identifier_uninitialized;
         }
     }
-    
+
     if (!err) {
         cc_uint32 equal = 0;
 
@@ -815,20 +815,19 @@ static cc_int32 cci_context_sync (cci_context_t in_context,
             new_identifier = NULL;  /* take ownership */
         }
     }
-        
+
     if (!err && context->synchronized) {
         err = cci_context_change_time_sync (context->identifier);
     }
-    
+
     if (!err && !context->synchronized) {
         /* Keep state about whether this is the first call to avoid always   */
         /* modifying the global change time on the context's first ipc call. */
         context->synchronized = 1;
     }
-        
+
     cci_identifier_release (new_identifier);
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
-
diff --git a/src/ccapi/lib/ccapi_context.h b/src/ccapi/lib/ccapi_context.h
index 564f49db9..8bc2e3613 100644
--- a/src/ccapi/lib/ccapi_context.h
+++ b/src/ccapi/lib/ccapi_context.h
@@ -29,7 +29,7 @@
 
 #include "cci_common.h"
 
-/* Used for freeing ccapi context in thread fini calls 
+/* Used for freeing ccapi context in thread fini calls
  * Does not tell the server you are exiting. */
 cc_int32 cci_context_destroy (cc_context_t in_context);
 
@@ -53,17 +53,17 @@ cc_int32 ccapi_context_open_default_ccache (cc_context_t  in_context,
 cc_int32 ccapi_context_create_ccache (cc_context_t  in_context,
                                       const char   *in_name,
                                       cc_uint32     in_cred_vers,
-                                      const char   *in_principal, 
+                                      const char   *in_principal,
                                       cc_ccache_t  *out_ccache);
 
 cc_int32 ccapi_context_create_default_ccache (cc_context_t  in_context,
                                               cc_uint32     in_cred_vers,
-                                              const char   *in_principal, 
+                                              const char   *in_principal,
                                               cc_ccache_t  *out_ccache);
 
 cc_int32 ccapi_context_create_new_ccache (cc_context_t in_context,
                                           cc_uint32    in_cred_vers,
-                                          const char  *in_principal, 
+                                          const char  *in_principal,
                                           cc_ccache_t *out_ccache);
 
 cc_int32 ccapi_context_new_ccache_iterator (cc_context_t          in_context,
diff --git a/src/ccapi/lib/ccapi_context_change_time.c b/src/ccapi/lib/ccapi_context_change_time.c
index 4efc7db60..602ab26cb 100644
--- a/src/ccapi/lib/ccapi_context_change_time.c
+++ b/src/ccapi/lib/ccapi_context_change_time.c
@@ -60,27 +60,27 @@ static cc_int32 cci_context_change_time_update_identifier (cci_identifier_t  in_
     cc_uint32 server_ids_match = 0;
     cc_uint32 old_server_running = 0;
     cc_uint32 new_server_running = 0;
-    
+
     if (!in_new_identifier) { err = cci_check_error (err); }
-    
+
     if (!err && !g_change_time_identifer) {
        g_change_time_identifer = cci_identifier_uninitialized;
     }
-    
+
     if (!err) {
         err = cci_identifier_compare_server_id (g_change_time_identifer,
                                                 in_new_identifier,
                                                 &server_ids_match);
     }
-    
+
     if (!err && out_old_server_running) {
         err = cci_identifier_is_initialized (g_change_time_identifer, &old_server_running);
     }
-    
+
     if (!err && out_new_server_running) {
         err = cci_identifier_is_initialized (in_new_identifier, &new_server_running);
     }
-    
+
     if (!err && !server_ids_match) {
         cci_identifier_t new_change_time_identifer = NULL;
 
@@ -94,14 +94,14 @@ static cc_int32 cci_context_change_time_update_identifier (cci_identifier_t  in_
             g_change_time_identifer = new_change_time_identifer;
         }
     }
-    
+
     if (!err) {
         if (out_server_ids_match  ) { *out_server_ids_match = server_ids_match; }
         if (out_old_server_running) { *out_old_server_running = old_server_running; }
         if (out_new_server_running) { *out_new_server_running = new_server_running; }
     }
-    
-    
+
+
     return cci_check_error (err);
 }
 
@@ -114,14 +114,14 @@ static cc_int32 cci_context_change_time_update_identifier (cci_identifier_t  in_
 cc_int32 cci_context_change_time_get (cc_time_t *out_change_time)
 {
     cc_int32 err = ccNoError;
-    
+
     err = k5_mutex_lock (&g_change_time_mutex);
-    
+
     if (!err) {
         *out_change_time = g_change_time + g_change_time_offset;
-        k5_mutex_unlock (&g_change_time_mutex);    
+        k5_mutex_unlock (&g_change_time_mutex);
     }
-    
+
     return err;
 }
 
@@ -132,25 +132,25 @@ cc_int32 cci_context_change_time_update (cci_identifier_t in_identifier,
 {
     cc_int32 err = ccNoError;
     cc_int32 lock_err = err = k5_mutex_lock (&g_change_time_mutex);
-    
+
     if (!err) {
         if (!in_identifier) { err = cci_check_error (err); }
     }
-    
+
     if (!err) {
         if (g_change_time < in_new_change_time) {
             /* Only update if it increases the time.  May be a different server. */
             g_change_time = in_new_change_time;
-            cci_debug_printf ("%s: setting change time to %d", 
+            cci_debug_printf ("%s: setting change time to %d",
                               __FUNCTION__, in_new_change_time);
         }
     }
-    
+
     if (!err) {
         err = cci_context_change_time_update_identifier (in_identifier,
                                                          NULL, NULL, NULL);
     }
-    
+
     if (!lock_err) {
         k5_mutex_unlock (&g_change_time_mutex);
     }
@@ -167,43 +167,43 @@ cc_int32 cci_context_change_time_sync (cci_identifier_t in_new_identifier)
     cc_uint32 server_ids_match = 0;
     cc_uint32 server_was_running = 0;
     cc_uint32 server_is_running = 0;
-    
+
     if (!err) {
         if (!in_new_identifier) { err = cci_check_error (err); }
     }
-    
+
     if (!err) {
         err = cci_context_change_time_update_identifier (in_new_identifier,
                                                          &server_ids_match,
                                                          &server_was_running,
                                                          &server_is_running);
     }
-    
-    if (!err && !server_ids_match) {        
+
+    if (!err && !server_ids_match) {
         /* Increment the change time so callers re-read */
-        g_change_time_offset++; 
-        
+        g_change_time_offset++;
+
         /* If the server died, absorb the offset */
         if (server_was_running && !server_is_running) {
             cc_time_t now = time (NULL);
-            
+
             g_change_time += g_change_time_offset;
             g_change_time_offset = 0;
-            
+
             /* Make sure the change time increases, ideally with the current time */
             g_change_time = (g_change_time < now) ? now : g_change_time;
         }
-        
+
         cci_debug_printf ("%s noticed server changed ("
                           "server_was_running = %d; server_is_running = %d; "
-                          "g_change_time = %d; g_change_time_offset = %d", 
-                          __FUNCTION__, server_was_running, server_is_running, 
-                          g_change_time, g_change_time_offset);            
+                          "g_change_time = %d; g_change_time_offset = %d",
+                          __FUNCTION__, server_was_running, server_is_running,
+                          g_change_time, g_change_time_offset);
     }
-    
+
     if (!lock_err) {
         k5_mutex_unlock (&g_change_time_mutex);
     }
-    
+
     return err;
 }
diff --git a/src/ccapi/lib/ccapi_credentials.c b/src/ccapi/lib/ccapi_credentials.c
index 6a3b4cb91..c94b551df 100644
--- a/src/ccapi/lib/ccapi_credentials.c
+++ b/src/ccapi/lib/ccapi_credentials.c
@@ -41,14 +41,14 @@ typedef struct cci_credentials_d {
 
 /* ------------------------------------------------------------------------ */
 
-struct cci_credentials_d cci_credentials_initializer = { 
-    NULL, 
-    NULL 
-    VECTOR_FUNCTIONS_INITIALIZER, 
+struct cci_credentials_d cci_credentials_initializer = {
+    NULL,
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
     NULL
 };
 
-cc_credentials_f cci_credentials_f_initializer = { 
+cc_credentials_f cci_credentials_f_initializer = {
     ccapi_credentials_release,
     ccapi_credentials_compare
 };
@@ -65,43 +65,43 @@ cc_int32 cci_credentials_read (cc_credentials_t *out_credentials,
 {
     cc_int32 err = ccNoError;
     cci_credentials_t credentials = NULL;
-    
+
     if (!out_credentials) { err = cci_check_error (ccErrBadParam); }
     if (!in_stream      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         credentials = malloc (sizeof (*credentials));
-        if (credentials) { 
+        if (credentials) {
             *credentials = cci_credentials_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         credentials->functions = malloc (sizeof (*credentials->functions));
-        if (credentials->functions) { 
+        if (credentials->functions) {
             *credentials->functions = cci_credentials_f_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = cci_identifier_read (&credentials->identifier, in_stream);
     }
-    
+
     if (!err) {
         err = cci_credentials_union_read (&credentials->data, in_stream);
     }
-    
+
     if (!err) {
         *out_credentials = (cc_credentials_t) credentials;
         credentials = NULL; /* take ownership */
     }
-    
+
     if (credentials) { ccapi_credentials_release ((cc_credentials_t) credentials); }
-    
+
     return cci_check_error (err);
 }
 
@@ -112,14 +112,14 @@ cc_int32 cci_credentials_write (cc_credentials_t in_credentials,
 {
     cc_int32 err = ccNoError;
     cci_credentials_t credentials = (cci_credentials_t) in_credentials;
-    
+
     if (!in_credentials) { err = cci_check_error (ccErrBadParam); }
     if (!in_stream     ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_identifier_write (credentials->identifier, in_stream);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -132,17 +132,17 @@ cc_int32 ccapi_credentials_compare (cc_credentials_t  in_credentials,
     cc_int32 err = ccNoError;
     cci_credentials_t credentials = (cci_credentials_t) in_credentials;
     cci_credentials_t compare_to_credentials = (cci_credentials_t) in_compare_to_credentials;
-    
+
     if (!in_credentials           ) { err = cci_check_error (ccErrBadParam); }
     if (!in_compare_to_credentials) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal                ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_identifier_compare (credentials->identifier, 
+        err = cci_identifier_compare (credentials->identifier,
                                       compare_to_credentials->identifier,
                                       out_equal);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -152,15 +152,15 @@ cc_int32 ccapi_credentials_release (cc_credentials_t io_credentials)
 {
     cc_int32 err = ccNoError;
     cci_credentials_t credentials = (cci_credentials_t) io_credentials;
-    
+
     if (!io_credentials) { err = ccErrBadParam; }
-    
+
     if (!err) {
         cci_credentials_union_release (credentials->data);
         free ((char *) credentials->functions);
         cci_identifier_release (credentials->identifier);
         free (credentials);
     }
-    
+
     return err;
 }
diff --git a/src/ccapi/lib/ccapi_credentials_iterator.c b/src/ccapi/lib/ccapi_credentials_iterator.c
index 59ffc7c64..0ff614849 100644
--- a/src/ccapi/lib/ccapi_credentials_iterator.c
+++ b/src/ccapi/lib/ccapi_credentials_iterator.c
@@ -41,14 +41,14 @@ typedef struct cci_credentials_iterator_d {
 
 /* ------------------------------------------------------------------------ */
 
-struct cci_credentials_iterator_d cci_credentials_iterator_initializer = { 
-    NULL 
-    VECTOR_FUNCTIONS_INITIALIZER, 
+struct cci_credentials_iterator_d cci_credentials_iterator_initializer = {
+    NULL
+    VECTOR_FUNCTIONS_INITIALIZER,
     NULL,
     0
 };
 
-cc_credentials_iterator_f cci_credentials_iterator_f_initializer = { 
+cc_credentials_iterator_f cci_credentials_iterator_f_initializer = {
     ccapi_credentials_iterator_release,
     ccapi_credentials_iterator_next,
     ccapi_credentials_iterator_clone
@@ -61,39 +61,39 @@ cc_int32 cci_credentials_iterator_new (cc_credentials_iterator_t *out_credential
 {
     cc_int32 err = ccNoError;
     cci_credentials_iterator_t credentials_iterator = NULL;
-    
+
     if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         credentials_iterator = malloc (sizeof (*credentials_iterator));
-        if (credentials_iterator) { 
+        if (credentials_iterator) {
             *credentials_iterator = cci_credentials_iterator_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         credentials_iterator->functions = malloc (sizeof (*credentials_iterator->functions));
-        if (credentials_iterator->functions) { 
+        if (credentials_iterator->functions) {
             *credentials_iterator->functions = cci_credentials_iterator_f_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = cci_identifier_copy (&credentials_iterator->identifier, in_identifier);
     }
-    
+
     if (!err) {
         *out_credentials_iterator = (cc_credentials_iterator_t) credentials_iterator;
         credentials_iterator = NULL; /* take ownership */
     }
-    
+
     if (credentials_iterator) { ccapi_credentials_iterator_release ((cc_credentials_iterator_t) credentials_iterator); }
-    
+
     return cci_check_error (err);
 }
 
@@ -104,14 +104,14 @@ cc_int32 cci_credentials_iterator_write (cc_credentials_iterator_t in_credential
 {
     cc_int32 err = ccNoError;
     cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) in_credentials_iterator;
-    
+
     if (!in_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!in_stream         ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_identifier_write (credentials_iterator->identifier, in_stream);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -121,16 +121,16 @@ cc_int32 ccapi_credentials_iterator_release (cc_credentials_iterator_t io_creden
 {
     cc_int32 err = ccNoError;
     cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) io_credentials_iterator;
-    
+
     if (!io_credentials_iterator) { err = ccErrBadParam; }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_credentials_iterator_release_msg_id,
                              credentials_iterator->identifier,
                              NULL,
                              NULL);
         if (err) {
-            cci_debug_printf ("%s: cci_ipc_send failed with error %d", 
+            cci_debug_printf ("%s: cci_ipc_send failed with error %d",
                              __FUNCTION__, err);
             err = ccNoError;
         }
@@ -141,7 +141,7 @@ cc_int32 ccapi_credentials_iterator_release (cc_credentials_iterator_t io_creden
         cci_identifier_release (credentials_iterator->identifier);
         free (credentials_iterator);
     }
-    
+
     return err;
 }
 
@@ -153,23 +153,23 @@ cc_int32 ccapi_credentials_iterator_next (cc_credentials_iterator_t  in_credenti
     cc_int32 err = ccNoError;
     cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) in_credentials_iterator;
     k5_ipc_stream reply = NULL;
-    
+
     if (!in_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!out_credentials        ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_credentials_iterator_next_msg_id,
                              credentials_iterator->identifier,
                              NULL,
                              &reply);
     }
-    
+
     if (!err) {
         err = cci_credentials_read (out_credentials, reply);
     }
-    
+
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
@@ -182,28 +182,28 @@ cc_int32 ccapi_credentials_iterator_clone (cc_credentials_iterator_t  in_credent
     cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) in_credentials_iterator;
     k5_ipc_stream reply = NULL;
     cci_identifier_t identifier = NULL;
-        
+
     if (!in_credentials_iterator ) { err = cci_check_error (ccErrBadParam); }
     if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err =  cci_ipc_send (cci_credentials_iterator_next_msg_id,
                              credentials_iterator->identifier,
                              NULL,
                              &reply);
     }
-    
+
     if (!err) {
         err =  cci_identifier_read (&identifier, reply);
     }
-    
+
     if (!err) {
         err = cci_credentials_iterator_new (out_credentials_iterator, identifier);
     }
-    
+
     krb5int_ipc_stream_release (reply);
     cci_identifier_release (identifier);
-    
+
     return cci_check_error (err);
 }
 
@@ -218,14 +218,14 @@ cc_int32 cci_credentials_iterator_get_compat_version (cc_credentials_iterator_t
 {
     cc_int32 err = ccNoError;
     cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) in_credentials_iterator;
-    
+
     if (!in_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!out_compat_version     ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_compat_version = credentials_iterator->compat_version;
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -236,12 +236,12 @@ cc_int32 cci_credentials_iterator_set_compat_version (cc_credentials_iterator_t
 {
     cc_int32 err = ccNoError;
     cci_credentials_iterator_t credentials_iterator = (cci_credentials_iterator_t) io_credentials_iterator;
-    
+
     if (!io_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         credentials_iterator->compat_version = in_compat_version;
     }
-    
+
     return cci_check_error (err);
 }
diff --git a/src/ccapi/lib/ccapi_ipc.c b/src/ccapi/lib/ccapi_ipc.c
index 8d8b2d209..54b5faa86 100644
--- a/src/ccapi/lib/ccapi_ipc.c
+++ b/src/ccapi/lib/ccapi_ipc.c
@@ -53,23 +53,23 @@ static cc_int32 _cci_ipc_send (enum cci_msg_id_t  in_request_name,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     cc_int32 reply_error = 0;
-    
+
     if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
     /* in_request_data may be NULL */
     /* out_reply_data may be NULL */
-    
+
     if (!err) {
         err = cci_message_new_request_header (&request,
                                               in_request_name,
                                               in_identifier);
     }
-    
+
     if (!err && in_request_data) {
-        err = krb5int_ipc_stream_write (request, 
-                                krb5int_ipc_stream_data (in_request_data), 
+        err = krb5int_ipc_stream_write (request,
+                                krb5int_ipc_stream_data (in_request_data),
                                 krb5int_ipc_stream_size (in_request_data));
     }
-    
+
     if (!err) {
         err = cci_os_ipc (in_launch_server, request, &reply);
 
@@ -77,19 +77,19 @@ static cc_int32 _cci_ipc_send (enum cci_msg_id_t  in_request_name,
             err = cci_message_read_reply_header (reply, &reply_error);
         }
     }
-    
-    if (!err && reply_error) { 
+
+    if (!err && reply_error) {
         err = reply_error;
     }
-    
+
     if (!err && out_reply_data) {
         *out_reply_data = reply;
         reply = NULL; /* take ownership */
     }
-    
+
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
-    
+
     return cci_check_error (err);
 }
 
diff --git a/src/ccapi/lib/ccapi_string.c b/src/ccapi/lib/ccapi_string.c
index 4f4db6f43..d0386c3bb 100644
--- a/src/ccapi/lib/ccapi_string.c
+++ b/src/ccapi/lib/ccapi_string.c
@@ -28,13 +28,13 @@
 
 /* ------------------------------------------------------------------------ */
 
-cc_string_d cci_string_d_initializer = { 
-    NULL, 
-    NULL 
+cc_string_d cci_string_d_initializer = {
+    NULL,
+    NULL
     VECTOR_FUNCTIONS_INITIALIZER };
 
-cc_string_f cci_string_f_initializer = { 
-    ccapi_string_release 
+cc_string_f cci_string_f_initializer = {
+    ccapi_string_release
 };
 
 /* ------------------------------------------------------------------------ */
@@ -44,43 +44,43 @@ cc_int32 cci_string_new (cc_string_t *out_string,
 {
     cc_int32 err = ccNoError;
     cc_string_t string = NULL;
-    
+
     if (!out_string) { err = cci_check_error (ccErrBadParam); }
     if (!in_cstring) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         string = malloc (sizeof (*string));
-        if (string) { 
+        if (string) {
             *string = cci_string_d_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
 
     if (!err) {
         string->functions = malloc (sizeof (*string->functions));
-        if (string->functions) { 
+        if (string->functions) {
             *((cc_string_f *) string->functions) = cci_string_f_initializer;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         string->data = strdup (in_cstring);
-        if (!string->data) { 
-            err = cci_check_error (ccErrNoMem); 
+        if (!string->data) {
+            err = cci_check_error (ccErrNoMem);
         }
-        
+
     }
-    
+
     if (!err) {
         *out_string = string;
         string = NULL; /* take ownership */
     }
-    
+
     if (string) { ccapi_string_release (string); }
-    
+
     return cci_check_error (err);
 }
 
@@ -89,14 +89,14 @@ cc_int32 cci_string_new (cc_string_t *out_string,
 cc_int32 ccapi_string_release (cc_string_t in_string)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_string) { err = ccErrBadParam; }
-    
+
     if (!err) {
         free ((char *) in_string->data);
         free ((char *) in_string->functions);
         free (in_string);
     }
-    
+
     return err;
 }
diff --git a/src/ccapi/lib/ccapi_v2.c b/src/ccapi/lib/ccapi_v2.c
index 08100481b..04edd863e 100644
--- a/src/ccapi/lib/ccapi_v2.c
+++ b/src/ccapi/lib/ccapi_v2.c
@@ -38,47 +38,47 @@ infoNC infoNC_initializer = { NULL, NULL, CC_CRED_UNKNOWN };
 /* ------------------------------------------------------------------------ */
 
 static cc_int32 cci_remap_version (cc_int32   in_v2_version,
-                                   cc_uint32 *out_v3_version) 
+                                   cc_uint32 *out_v3_version)
 {
     cc_result err = ccNoError;
-    
+
     if (!out_v3_version) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         if (in_v2_version == CC_CRED_V4) {
             *out_v3_version = cc_credentials_v4;
-            
-        } else if (in_v2_version == CC_CRED_V5) { 
+
+        } else if (in_v2_version == CC_CRED_V5) {
             *out_v3_version = cc_credentials_v5;
-            
+
         } else {
             err = ccErrBadCredentialsVersion;
         }
     }
-    
+
     return cci_check_error (err);
-}    
+}
 
 /* ------------------------------------------------------------------------ */
 
-static cc_result _cci_remap_error (cc_result   in_error, 
-                                   const char *in_function, 
-                                   const char *in_file, 
-                                   int         in_line) 
+static cc_result _cci_remap_error (cc_result   in_error,
+                                   const char *in_function,
+                                   const char *in_file,
+                                   int         in_line)
 {
     _cci_check_error (in_error, in_function, in_file, in_line);
-    
+
     if (in_error >= CC_NOERROR && in_error <= CC_ERR_CRED_VERSION) {
         return in_error;
     }
-    
+
     switch (in_error) {
         case ccNoError:
             return CC_NOERROR;
-            
+
         case ccIteratorEnd:
             return CC_END;
-            
+
         case ccErrBadParam:
         case ccErrContextNotFound:
         case ccErrInvalidContext:
@@ -88,42 +88,42 @@ static cc_result _cci_remap_error (cc_result   in_error,
         case ccErrInvalidLock:
         case ccErrBadLockType:
             return CC_BAD_PARM;
-            
+
         case ccErrNoMem:
             return CC_NOMEM;
-            
+
         case ccErrInvalidCCache:
         case ccErrCCacheNotFound:
             return CC_NO_EXIST;
-            
+
         case ccErrCredentialsNotFound:
             return CC_NOTFOUND;
-            
+
         case ccErrBadName:
             return CC_BADNAME;
-            
+
         case ccErrBadCredentialsVersion:
             return CC_ERR_CRED_VERSION;
-            
+
         case ccErrBadAPIVersion:
             return CC_BAD_API_VERSION;
-            
+
         case ccErrContextLocked:
         case ccErrContextUnlocked:
         case ccErrCCacheLocked:
         case ccErrCCacheUnlocked:
             return CC_LOCKED;
-            
+
         case ccErrServerUnavailable:
         case ccErrServerInsecure:
         case ccErrServerCantBecomeUID:
         case ccErrBadInternalMessage:
         case ccErrClientNotFound:
             return CC_IO;
-            
+
         case ccErrNotImplemented:
             return CC_NOT_SUPP;
-            
+
         default:
             cci_debug_printf ("%s(): Unhandled error", __FUNCTION__);
             return CC_BAD_PARM;
@@ -138,37 +138,37 @@ static cc_result _cci_remap_error (cc_result   in_error,
 
 /* ------------------------------------------------------------------------ */
 
-cc_result cc_shutdown (apiCB **io_context) 
+cc_result cc_shutdown (apiCB **io_context)
 {
     cc_result err = ccNoError;
-    
+
     if (!io_context) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_context_release (*io_context);
     }
-    
+
     if (!err) {
         *io_context = NULL;
     }
-    
+
     return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_get_change_time (apiCB     *in_context,
-                              cc_time_t *out_change_time) 
+                              cc_time_t *out_change_time)
 {
     cc_result err = ccNoError;
-    
+
     if (!in_context     ) { err = cci_check_error (ccErrBadParam); }
     if (!out_change_time) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_context_get_change_time (in_context, out_change_time);
     }
-    
+
     return cci_remap_error (err);
 }
 
@@ -181,86 +181,86 @@ cc_result cc_get_NC_info (apiCB    *in_context,
     infoNC **info = NULL;
     cc_uint64 count = 0; /* Preflight the size */
     cc_uint64 i;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!out_info  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         ccache_cit *iterator = NULL;
-        
+
         err = cc_seq_fetch_NCs_begin (in_context, &iterator);
-        
+
         while (!err) {
             ccache_p *ccache = NULL;
-            
+
             err = cc_seq_fetch_NCs_next (in_context, &ccache, iterator);
-            
+
             if (!err) { count++; }
-            
+
             if (ccache) { cc_close (in_context, &ccache); }
         }
         if (err == CC_END) { err = CC_NOERROR; }
-        
+
         if (!err) {
             err = cc_seq_fetch_NCs_end (in_context, &iterator);
-        }    
+        }
     }
-    
+
     if (!err) {
         info = malloc (sizeof (*info) * (count + 1));
-        if (info) { 
+        if (info) {
             for (i = 0; i < count + 1; i++) { info[i] = NULL; }
-        } else { 
-            err = cci_check_error (CC_NOMEM); 
+        } else {
+            err = cci_check_error (CC_NOMEM);
         }
     }
-    
+
     if (!err) {
         ccache_cit *iterator = NULL;
-        
+
         err = cc_seq_fetch_NCs_begin (in_context, &iterator);
-        
+
         for (i = 0; !err && i < count; i++) {
             ccache_p *ccache = NULL;
-            
+
             err = cc_seq_fetch_NCs_next (in_context, &ccache, iterator);
-            
+
             if (!err) {
                 info[i] = malloc (sizeof (*info[i]));
-                if (info[i]) { 
-                    *info[i] = infoNC_initializer; 
+                if (info[i]) {
+                    *info[i] = infoNC_initializer;
                 } else {
-                    err = cci_check_error (CC_NOMEM); 
+                    err = cci_check_error (CC_NOMEM);
                 }
             }
-            
+
             if (!err) {
                 err = cc_get_name (in_context, ccache, &info[i]->name);
             }
-            
+
             if (!err) {
                 err = cc_get_principal (in_context, ccache, &info[i]->principal);
             }
-            
+
             if (!err) {
                 err = cc_get_cred_version (in_context, ccache, &info[i]->vers);
             }
-            
+
             if (ccache) { cc_close (in_context, &ccache); }
         }
-        
+
         if (!err) {
             err = cc_seq_fetch_NCs_end (in_context, &iterator);
         }
     }
-    
+
     if (!err) {
         *out_info = info;
         info = NULL;
     }
-    
+
     if (info) { cc_free_NC_info (in_context, &info); }
-    
+
     return cci_check_error (err);
 }
 
@@ -274,17 +274,17 @@ cc_int32 cc_open (apiCB       *in_context,
                   const char  *in_name,
                   cc_int32     in_version,
                   cc_uint32    in_flags,
-                  ccache_p   **out_ccache) 
-{    
+                  ccache_p   **out_ccache)
+{
     cc_result err = ccNoError;
     cc_ccache_t ccache = NULL;
     cc_uint32 compat_version;
     cc_uint32 real_version;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!in_name   ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_remap_version (in_version, &compat_version);
     }
@@ -292,15 +292,15 @@ cc_int32 cc_open (apiCB       *in_context,
     if (!err) {
         err = ccapi_context_open_ccache (in_context, in_name, &ccache);
     }
-    
+
     /* We must not allow a CCAPI v2 caller to open a v5-only ccache
-     as a v4 ccache and vice versa. Allowing that would break 
+     as a v4 ccache and vice versa. Allowing that would break
      (valid) assumptions made by CCAPI v2 callers. */
-    
+
     if (!err) {
         err = ccapi_ccache_get_credentials_version (ccache, &real_version);
-    } 
-    
+    }
+
     if (!err) {
         /* check the version and set up the ccache to use it */
         if (compat_version & real_version) {
@@ -309,16 +309,16 @@ cc_int32 cc_open (apiCB       *in_context,
             err = ccErrBadCredentialsVersion;
         }
     }
-    
+
     if (!err) {
         *out_ccache = ccache;
         ccache = NULL;
     }
-    
+
     if (ccache) { ccapi_ccache_release (ccache); }
-    
+
     return cci_remap_error (err);
-}    
+}
 
 /* ------------------------------------------------------------------------ */
 
@@ -327,78 +327,78 @@ cc_result cc_create (apiCB       *in_context,
                      const char  *in_principal,
                      cc_int32     in_version,
                      cc_uint32    in_flags,
-                     ccache_p   **out_ccache) 
+                     ccache_p   **out_ccache)
 {
     cc_result err = ccNoError;
     cc_ccache_t	ccache = NULL;
     cc_uint32 compat_version;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!in_name   ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_remap_version (in_version, &compat_version);
     }
-    
+
     if (!err) {
         err = ccapi_context_create_ccache (in_context, in_name, compat_version,
                                            in_principal, &ccache);
     }
-    
+
     if (!err) {
         err = cci_ccache_set_compat_version (ccache, compat_version);
     }
-    
+
     if (!err) {
         *out_ccache = ccache;
         ccache = NULL;
     }
-    
+
     if (ccache) { ccapi_ccache_release (ccache); }
-    
+
     return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_close (apiCB     *in_context,
-                    ccache_p **io_ccache) 
+                    ccache_p **io_ccache)
 {
     cc_result err = ccNoError;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_ccache_release (*io_ccache);
     }
-        
+
     if (!err) {
         *io_ccache = NULL;
     }
-    
+
     return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_destroy (apiCB     *in_context,
-                      ccache_p **io_ccache) 
+                      ccache_p **io_ccache)
 {
     cc_result err = ccNoError;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_ccache_destroy (*io_ccache);
     }
-    
+
     if (!err) {
         *io_ccache = NULL;
     }
-    
+
     return cci_remap_error (err);
 }
 
@@ -406,63 +406,63 @@ cc_result cc_destroy (apiCB     *in_context,
 
 cc_result cc_get_name (apiCB     *in_context,
                        ccache_p  *in_ccache,
-                       char     **out_name) 
+                       char     **out_name)
 {
     cc_result err = ccNoError;
     cc_string_t name = NULL;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!in_ccache ) { err = cci_check_error (ccErrBadParam); }
     if (!out_name  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_ccache_get_name (in_ccache, &name);
     }
-    
+
     if (!err) {
         char *string = strdup (name->data);
-        if (string) { 
+        if (string) {
             *out_name = string;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (name) { ccapi_string_release (name); }
-    
-    return cci_remap_error (err);    
+
+    return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_get_cred_version (apiCB    *in_context,
                                ccache_p *in_ccache,
-                               cc_int32 *out_version) 
+                               cc_int32 *out_version)
 {
     cc_result err = ccNoError;
     cc_uint32 compat_version;
-    
+
     if (!in_context ) { err = cci_check_error (ccErrBadParam); }
     if (!in_ccache  ) { err = cci_check_error (ccErrBadParam); }
     if (!out_version) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_ccache_get_compat_version (in_ccache, &compat_version);
     }
-    
+
     if (!err) {
         if (compat_version == cc_credentials_v4) {
             *out_version = CC_CRED_V4;
-            
-        } else if (compat_version == cc_credentials_v5) { 
+
+        } else if (compat_version == cc_credentials_v5) {
             *out_version = CC_CRED_V5;
-            
+
         } else {
             err = ccErrBadCredentialsVersion;
         }
     }
-    
-    return cci_remap_error (err);    
+
+    return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -470,16 +470,16 @@ cc_result cc_get_cred_version (apiCB    *in_context,
 cc_result cc_set_principal (apiCB    *in_context,
                             ccache_p *io_ccache,
                             cc_int32  in_version,
-                            char     *in_principal) 
+                            char     *in_principal)
 {
     cc_result err = ccNoError;
     cc_uint32 version;
     cc_uint32 compat_version;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache   ) { err = cci_check_error (ccErrBadParam); }
     if (!in_principal) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_remap_version (in_version, &version);
     }
@@ -487,75 +487,75 @@ cc_result cc_set_principal (apiCB    *in_context,
     if (!err) {
         err = cci_ccache_get_compat_version (io_ccache, &compat_version);
     }
-    
+
     if (!err && version != compat_version) {
         err = cci_check_error (ccErrBadCredentialsVersion);
     }
-    
+
     if (!err) {
         err = ccapi_ccache_set_principal (io_ccache, version, in_principal);
     }
-    
-    return cci_remap_error (err);    
+
+    return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_get_principal (apiCB      *in_context,
                             ccache_p   *in_ccache,
-                            char      **out_principal) 
+                            char      **out_principal)
 {
     cc_result err = ccNoError;
     cc_uint32 compat_version;
     cc_string_t principal = NULL;
-    
+
     if (!in_context   ) { err = cci_check_error (ccErrBadParam); }
     if (!in_ccache    ) { err = cci_check_error (ccErrBadParam); }
     if (!out_principal) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_ccache_get_compat_version (in_ccache, &compat_version);
     }
-    
+
     if (!err) {
         err = ccapi_ccache_get_principal (in_ccache, compat_version, &principal);
     }
-    
+
     if (!err) {
         char *string = strdup (principal->data);
-        if (string) { 
+        if (string) {
             *out_principal = string;
-        } else { 
-            err = cci_check_error (ccErrNoMem); 
+        } else {
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (principal) { ccapi_string_release (principal); }
-    
-    return cci_remap_error (err);    
+
+    return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_store (apiCB      *in_context,
                     ccache_p   *io_ccache,
-                    cred_union  in_credentials) 
+                    cred_union  in_credentials)
 {
     cc_result err = ccNoError;
     cc_credentials_union *creds_union = NULL;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_cred_union_to_credentials_union (&in_credentials,
                                                    &creds_union);
     }
-    
+
     if (!err) {
         err = ccapi_ccache_store_credentials (io_ccache, creds_union);
     }
-    
+
     if (creds_union) { cci_credentials_union_release (creds_union); }
     return cci_remap_error (err);
 }
@@ -564,39 +564,39 @@ cc_result cc_store (apiCB      *in_context,
 
 cc_result cc_remove_cred (apiCB      *in_context,
                           ccache_p   *in_ccache,
-                          cred_union  in_credentials) 
+                          cred_union  in_credentials)
 {
     cc_result err = ccNoError;
     cc_credentials_iterator_t iterator = NULL;
     cc_uint32 found = 0;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!in_ccache ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_ccache_new_credentials_iterator (in_ccache, &iterator);
     }
-    
+
     while (!err && !found) {
         cc_credentials_t creds = NULL;
-        
+
         err = ccapi_credentials_iterator_next (iterator, &creds);
-        
+
         if (!err) {
-            err = cci_cred_union_compare_to_credentials_union (&in_credentials, 
+            err = cci_cred_union_compare_to_credentials_union (&in_credentials,
                                                                creds->data,
                                                                &found);
         }
-        
+
         if (!err && found) {
             err = ccapi_ccache_remove_credentials (in_ccache, creds);
         }
-        
+
         ccapi_credentials_release (creds);
     }
     if (err == ccIteratorEnd) { err = cci_check_error (ccErrCredentialsNotFound); }
-    
-    return cci_remap_error (err);    
+
+    return cci_remap_error (err);
 }
 
 #if TARGET_OS_MAC
@@ -606,25 +606,25 @@ cc_result cc_remove_cred (apiCB      *in_context,
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_seq_fetch_NCs_begin (apiCB       *in_context,
-                                  ccache_cit **out_iterator) 
+                                  ccache_cit **out_iterator)
 {
     cc_result err = ccNoError;
     cc_ccache_iterator_t iterator = NULL;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!out_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_context_new_ccache_iterator (in_context, &iterator);
     }
-    
+
     if (!err) {
         *out_iterator = (ccache_cit *) iterator;
         iterator = NULL; /* take ownership */
     }
-    
+
     if (iterator) { ccapi_ccache_iterator_release (iterator); }
-    
+
     return cci_remap_error (err);
 }
 
@@ -632,17 +632,17 @@ cc_result cc_seq_fetch_NCs_begin (apiCB       *in_context,
 
 cc_result cc_seq_fetch_NCs_next (apiCB       *in_context,
                                  ccache_p   **out_ccache,
-                                 ccache_cit  *in_iterator) 
+                                 ccache_cit  *in_iterator)
 {
     cc_result err = ccNoError;
     cc_ccache_iterator_t iterator = (cc_ccache_iterator_t) in_iterator;
     cc_ccache_t ccache = NULL;
     const char *saved_ccache_name;
-    
+
     if (!in_context ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache ) { err = cci_check_error (ccErrBadParam); }
     if (!in_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     /* CCache iterators need to return some ccaches twice (when v3 ccache has
      * two kinds of credentials). To do that, we return such ccaches twice
      * v4 first, then v5. */
@@ -651,82 +651,82 @@ cc_result cc_seq_fetch_NCs_next (apiCB       *in_context,
         err = cci_ccache_iterator_get_saved_ccache_name (iterator,
                                                          &saved_ccache_name);
     }
-    
+
     if (!err) {
         if (saved_ccache_name) {
-            err = ccapi_context_open_ccache (in_context, saved_ccache_name, 
+            err = ccapi_context_open_ccache (in_context, saved_ccache_name,
                                              &ccache);
-            
+
             if (!err) {
                 err = cci_ccache_set_compat_version (ccache, cc_credentials_v5);
             }
-            
+
             if (!err) {
                 err = cci_ccache_iterator_set_saved_ccache_name (iterator, NULL);
             }
-            
+
         } else {
             cc_uint32 version = 0;
-            
+
             err = ccapi_ccache_iterator_next (iterator, &ccache);
-            
+
             if (!err) {
                 err = ccapi_ccache_get_credentials_version (ccache, &version);
             }
-            
+
             if (!err) {
                 if (version == cc_credentials_v4_v5) {
                     cc_string_t name = NULL;
-                    
+
                     err = cci_ccache_set_compat_version (ccache, cc_credentials_v4);
-                    
-                    if (!err) {                    
+
+                    if (!err) {
                         err = ccapi_ccache_get_name (ccache, &name);
-                    } 
-                
+                    }
+
                     if (!err) {
-                        err = cci_ccache_iterator_set_saved_ccache_name (iterator,  
+                        err = cci_ccache_iterator_set_saved_ccache_name (iterator,
                                                                          name->data);
                     }
-                    
+
                     if (name) { ccapi_string_release (name); }
-                    
+
                 } else {
                     err = cci_ccache_set_compat_version (ccache, version);
                 }
             }
         }
     }
-    
+
     if (!err) {
         *out_ccache = ccache;
         ccache = NULL; /* take ownership */
     }
-    
+
     if (ccache) { ccapi_ccache_release (ccache); }
-        
+
     return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_seq_fetch_NCs_end (apiCB       *in_context,
-                                ccache_cit **io_iterator) 
+                                ccache_cit **io_iterator)
 {
     cc_result err = ccNoError;
     cc_ccache_iterator_t iterator = (cc_ccache_iterator_t) *io_iterator;
-    
+
     if (!in_context ) { err = cci_check_error (ccErrBadParam); }
     if (!io_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_ccache_iterator_release (iterator);
     }
-    
+
     if (!err) {
         *io_iterator = NULL;
     }
-    
+
     return cci_remap_error (err);
 }
 
@@ -738,38 +738,38 @@ cc_result cc_seq_fetch_NCs_end (apiCB       *in_context,
 
 cc_result cc_seq_fetch_creds_begin (apiCB           *in_context,
                                     const ccache_p  *in_ccache,
-                                    ccache_cit     **out_iterator) 
+                                    ccache_cit     **out_iterator)
 {
     cc_result err = ccNoError;
     cc_credentials_iterator_t iterator = NULL;
     cc_uint32 compat_version;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_ccache   ) { err = cci_check_error (ccErrBadParam); }
     if (!out_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_ccache_get_compat_version ((cc_ccache_t) in_ccache, 
+        err = cci_ccache_get_compat_version ((cc_ccache_t) in_ccache,
                                              &compat_version);
     }
-    
+
     if (!err) {
-        err = ccapi_ccache_new_credentials_iterator ((cc_ccache_t) in_ccache, 
+        err = ccapi_ccache_new_credentials_iterator ((cc_ccache_t) in_ccache,
                                                      &iterator);
     }
-    
+
     if (!err) {
-        err = cci_credentials_iterator_set_compat_version (iterator, 
+        err = cci_credentials_iterator_set_compat_version (iterator,
                                                            compat_version);
     }
-    
+
     if (!err) {
         *out_iterator = (ccache_cit *) iterator;
         iterator = NULL; /* take ownership */
     }
-    
+
     if (iterator) { ccapi_credentials_iterator_release (iterator); }
-    
+
     return cci_remap_error (err);
 }
 
@@ -777,58 +777,58 @@ cc_result cc_seq_fetch_creds_begin (apiCB           *in_context,
 
 cc_result cc_seq_fetch_creds_next (apiCB       *in_context,
                                    cred_union **out_creds,
-                                   ccache_cit  *in_iterator) 
+                                   ccache_cit  *in_iterator)
 {
     cc_result err = ccNoError;
     cc_credentials_iterator_t iterator = (cc_credentials_iterator_t) in_iterator;
     cc_uint32 compat_version;
-    
+
     if (!in_context ) { err = cci_check_error (ccErrBadParam); }
     if (!out_creds  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_credentials_iterator_get_compat_version (iterator, 
+        err = cci_credentials_iterator_get_compat_version (iterator,
                                                            &compat_version);
     }
 
     while (!err) {
         cc_credentials_t credentials = NULL;
-        
+
         err = ccapi_credentials_iterator_next (iterator, &credentials);
-        
+
         if (!err && (credentials->data->version & compat_version)) {
             /* got the next credentials for the correct version */
-            err = cci_credentials_union_to_cred_union (credentials->data, 
+            err = cci_credentials_union_to_cred_union (credentials->data,
                                                        out_creds);
             break;
         }
-        
+
         if (credentials) { ccapi_credentials_release (credentials); }
     }
-    
+
     return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_seq_fetch_creds_end (apiCB       *in_context,
-                                  ccache_cit **io_iterator) 
+                                  ccache_cit **io_iterator)
 {
     cc_result err = ccNoError;
     cc_credentials_iterator_t iterator = (cc_credentials_iterator_t) *io_iterator;
-    
+
     if (!in_context ) { err = cci_check_error (ccErrBadParam); }
     if (!io_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccapi_credentials_iterator_release (iterator);
     }
-    
+
     if (!err) {
         *io_iterator = NULL;
     }
-    
+
     return cci_remap_error (err);
 }
 
@@ -839,80 +839,80 @@ cc_result cc_seq_fetch_creds_end (apiCB       *in_context,
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_free_principal (apiCB  *in_context,
-                             char  **io_principal) 
+                             char  **io_principal)
 {
     cc_result err = ccNoError;
-    
+
     if (!in_context  ) { err = cci_check_error (ccErrBadParam); }
     if (!io_principal) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         free (*io_principal);
         *io_principal = NULL;
     }
-    
+
     return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_free_name (apiCB  *in_context,
-                        char  **io_name) 
-{    
+                        char  **io_name)
+{
     cc_result err = ccNoError;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!io_name   ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         free (*io_name);
         *io_name = NULL;
     }
-    
+
     return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_free_creds (apiCB       *in_context,
-                         cred_union **io_credentials) 
+                         cred_union **io_credentials)
 {
     cc_result err = ccNoError;
-    
+
     if (!in_context    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_credentials) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_cred_union_release (*io_credentials);
-        if (!err) { *io_credentials = NULL; } 
+        if (!err) { *io_credentials = NULL; }
     }
-    
+
     return cci_remap_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 cc_result cc_free_NC_info (apiCB    *in_context,
-                           infoNC ***io_info) 
-{    
+                           infoNC ***io_info)
+{
     cc_result err = ccNoError;
-    
+
     if (!in_context) { err = cci_check_error (ccErrBadParam); }
     if (!io_info   ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && *io_info) {
         infoNC **data = *io_info;
         int i;
-        
+
         for (i = 0; data[i] != NULL; i++) {
             cc_free_principal (in_context, &data[i]->principal);
             cc_free_name (in_context, &data[i]->name);
             free (data[i]);
         }
         free (data);
-        
+
         *io_info = NULL;
     }
-    
+
     return cci_remap_error (err);
 }
diff --git a/src/ccapi/lib/mac/ccapi_vector.c b/src/ccapi/lib/mac/ccapi_vector.c
index ea749c089..3893bc9b3 100644
--- a/src/ccapi/lib/mac/ccapi_vector.c
+++ b/src/ccapi/lib/mac/ccapi_vector.c
@@ -173,7 +173,7 @@ cc_int32 __cc_context_open_default_ccache_vector (cc_context_t  in_context,
 cc_int32 __cc_context_create_ccache_vector (cc_context_t  in_context,
                                             const char   *in_name,
                                             cc_uint32     in_cred_vers,
-                                            const char   *in_principal, 
+                                            const char   *in_principal,
                                             cc_ccache_t  *out_ccache)
 {
     cc_int32 err = ccNoError;
@@ -188,7 +188,7 @@ cc_int32 __cc_context_create_ccache_vector (cc_context_t  in_context,
 
 cc_int32 __cc_context_create_default_ccache_vector (cc_context_t  in_context,
                                                     cc_uint32     in_cred_vers,
-                                                    const char   *in_principal, 
+                                                    const char   *in_principal,
                                                     cc_ccache_t  *out_ccache)
 {
     cc_int32 err = ccNoError;
@@ -202,7 +202,7 @@ cc_int32 __cc_context_create_default_ccache_vector (cc_context_t  in_context,
 
 cc_int32 __cc_context_create_new_ccache_vector (cc_context_t in_context,
                                                 cc_uint32    in_cred_vers,
-                                                const char  *in_principal, 
+                                                const char  *in_principal,
                                                 cc_ccache_t *out_ccache)
 {
     cc_int32 err = ccNoError;
@@ -632,7 +632,7 @@ cc_int32 __cc_seq_fetch_NCs_begin_vector (apiCB       *in_context,
 
 cc_int32 __cc_seq_fetch_NCs_next_vector (apiCB       *in_context,
                                          ccache_p   **out_ccache,
-                                         ccache_cit  *in_iterator) 
+                                         ccache_cit  *in_iterator)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -660,7 +660,7 @@ cc_int32 __cc_seq_fetch_NCs_end_vector (apiCB       *in_context,
 
 cc_int32 __cc_get_name_vector (apiCB     *in_context,
                                ccache_p  *in_ccache,
-                               char     **out_name) 
+                               char     **out_name)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -675,7 +675,7 @@ cc_int32 __cc_get_name_vector (apiCB     *in_context,
 
 cc_int32 __cc_get_cred_version_vector (apiCB    *in_context,
                                        ccache_p *in_ccache,
-                                       cc_int32 *out_version) 
+                                       cc_int32 *out_version)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -691,7 +691,7 @@ cc_int32 __cc_get_cred_version_vector (apiCB    *in_context,
 cc_int32 __cc_set_principal_vector (apiCB    *in_context,
                                     ccache_p *io_ccache,
                                     cc_int32  in_version,
-                                    char     *in_principal) 
+                                    char     *in_principal)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -736,7 +736,7 @@ cc_int32 __cc_store_vector (apiCB      *in_context,
 
 cc_int32 __cc_remove_cred_vector (apiCB      *in_context,
                                   ccache_p   *in_ccache,
-                                  cred_union  in_credentials) 
+                                  cred_union  in_credentials)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -751,7 +751,7 @@ cc_int32 __cc_remove_cred_vector (apiCB      *in_context,
 
 cc_int32 __cc_seq_fetch_creds_begin_vector (apiCB           *in_context,
                                             const ccache_p  *in_ccache,
-                                            ccache_cit     **out_iterator) 
+                                            ccache_cit     **out_iterator)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -766,7 +766,7 @@ cc_int32 __cc_seq_fetch_creds_begin_vector (apiCB           *in_context,
 
 cc_int32 __cc_seq_fetch_creds_next_vector (apiCB       *in_context,
                                            cred_union **out_creds,
-                                           ccache_cit  *in_iterator) 
+                                           ccache_cit  *in_iterator)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -780,7 +780,7 @@ cc_int32 __cc_seq_fetch_creds_next_vector (apiCB       *in_context,
 /* ------------------------------------------------------------------------ */
 
 cc_int32 __cc_seq_fetch_creds_end_vector (apiCB       *in_context,
-                                          ccache_cit **io_iterator) 
+                                          ccache_cit **io_iterator)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -793,7 +793,7 @@ cc_int32 __cc_seq_fetch_creds_end_vector (apiCB       *in_context,
 /* ------------------------------------------------------------------------ */
 
 cc_int32 __cc_free_principal_vector (apiCB  *in_context,
-                                     char  **io_principal) 
+                                     char  **io_principal)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
@@ -805,7 +805,7 @@ cc_int32 __cc_free_principal_vector (apiCB  *in_context,
 /* ------------------------------------------------------------------------ */
 
 cc_int32 __cc_free_name_vector (apiCB  *in_context,
-                                char  **io_name) 
+                                char  **io_name)
 {
     cc_int32 err = ccNoError;
     cci_swap_context_functions (in_context);
diff --git a/src/ccapi/lib/mac/ccapi_vector.h b/src/ccapi/lib/mac/ccapi_vector.h
index 80840f111..4bce9a358 100644
--- a/src/ccapi/lib/mac/ccapi_vector.h
+++ b/src/ccapi/lib/mac/ccapi_vector.h
@@ -52,17 +52,17 @@ cc_int32 __cc_context_open_default_ccache_vector (cc_context_t  in_context,
 cc_int32 __cc_context_create_ccache_vector (cc_context_t  in_context,
                                             const char   *in_name,
                                             cc_uint32     in_cred_vers,
-                                            const char   *in_principal, 
+                                            const char   *in_principal,
                                             cc_ccache_t  *out_ccache);
 
 cc_int32 __cc_context_create_default_ccache_vector (cc_context_t  in_context,
                                                     cc_uint32     in_cred_vers,
-                                                    const char   *in_principal, 
+                                                    const char   *in_principal,
                                                     cc_ccache_t  *out_ccache);
 
 cc_int32 __cc_context_create_new_ccache_vector (cc_context_t in_context,
                                                 cc_uint32    in_cred_vers,
-                                                const char  *in_principal, 
+                                                const char  *in_principal,
                                                 cc_ccache_t *out_ccache);
 
 cc_int32 __cc_context_new_ccache_iterator_vector (cc_context_t          in_context,
@@ -174,23 +174,23 @@ cc_int32 __cc_seq_fetch_NCs_begin_vector (apiCB       *in_context,
 
 cc_int32 __cc_seq_fetch_NCs_next_vector (apiCB       *in_context,
                                          ccache_p   **out_ccache,
-                                         ccache_cit  *in_iterator); 
+                                         ccache_cit  *in_iterator);
 
 cc_int32 __cc_seq_fetch_NCs_end_vector (apiCB       *in_context,
                                         ccache_cit **io_iterator);
 
 cc_int32 __cc_get_name_vector (apiCB     *in_context,
                                ccache_p  *in_ccache,
-                               char     **out_name); 
+                               char     **out_name);
 
 cc_int32 __cc_get_cred_version_vector (apiCB    *in_context,
                                        ccache_p *in_ccache,
-                                       cc_int32 *out_version); 
+                                       cc_int32 *out_version);
 
 cc_int32 __cc_set_principal_vector (apiCB    *in_context,
                                     ccache_p *io_ccache,
                                     cc_int32  in_version,
-                                    char     *in_principal); 
+                                    char     *in_principal);
 
 cc_int32 __cc_get_principal_vector (apiCB      *in_context,
                                     ccache_p   *in_ccache,
@@ -202,24 +202,24 @@ cc_int32 __cc_store_vector (apiCB      *in_context,
 
 cc_int32 __cc_remove_cred_vector (apiCB      *in_context,
                                   ccache_p   *in_ccache,
-                                  cred_union  in_credentials); 
+                                  cred_union  in_credentials);
 
 cc_int32 __cc_seq_fetch_creds_begin_vector (apiCB           *in_context,
                                             const ccache_p  *in_ccache,
-                                            ccache_cit     **out_iterator); 
+                                            ccache_cit     **out_iterator);
 
 cc_int32 __cc_seq_fetch_creds_next_vector (apiCB       *in_context,
                                            cred_union **out_creds,
-                                           ccache_cit  *in_iterator); 
+                                           ccache_cit  *in_iterator);
 
 cc_int32 __cc_seq_fetch_creds_end_vector (apiCB       *in_context,
-                                          ccache_cit **io_iterator); 
+                                          ccache_cit **io_iterator);
 
 cc_int32 __cc_free_principal_vector (apiCB  *in_context,
-                                     char  **io_principal); 
+                                     char  **io_principal);
 
 cc_int32 __cc_free_name_vector (apiCB  *in_context,
-                                char  **io_name); 
+                                char  **io_name);
 
 cc_int32 __cc_free_creds_vector (apiCB       *in_context,
                                  cred_union **io_credentials);
diff --git a/src/ccapi/lib/win/OldCC/ccapi.h b/src/ccapi/lib/win/OldCC/ccapi.h
index c40bd1158..82512771a 100644
--- a/src/ccapi/lib/win/OldCC/ccapi.h
+++ b/src/ccapi/lib/win/OldCC/ccapi.h
@@ -1,5 +1,3 @@
-
-
 /* this ALWAYS GENERATED file contains the definitions for the interfaces */
 
 
@@ -9,8 +7,8 @@
 /* Compiler settings for ccapi.idl:
     Oic, W1, Zp8, env=Win32 (32b run)
     protocol : dce , ms_ext, c_ext, oldnames
-    error checks: allocation ref bounds_check enum stub_data 
-    VC __declspec() decoration level: 
+    error checks: allocation ref bounds_check enum stub_data
+    VC __declspec() decoration level:
          __declspec(uuid()), __declspec(selectany), __declspec(novtable)
          DECLSPEC_UUID(), MIDL_INTERFACE()
 */
@@ -34,20 +32,20 @@
 #pragma once
 #endif
 
-/* Forward Declarations */ 
+/* Forward Declarations */
 
 #ifdef __cplusplus
 extern "C"{
-#endif 
+#endif
 
 void * __RPC_USER MIDL_user_allocate(size_t);
-void __RPC_USER MIDL_user_free( void * ); 
+void __RPC_USER MIDL_user_free( void * );
 
 #ifndef __ccapi_INTERFACE_DEFINED__
 #define __ccapi_INTERFACE_DEFINED__
 
 /* interface ccapi */
-/* [implicit_handle][unique][version][uuid] */ 
+/* [implicit_handle][unique][version][uuid] */
 
 typedef /* [context_handle] */ struct opaque_handle_CTX *HCTX;
 
@@ -157,17 +155,17 @@ typedef struct _CRED_UNION
     /* [switch_is] */ CRED_PTR_UNION cred;
     } 	CRED_UNION;
 
-CC_INT32 rcc_initialize( 
+CC_INT32 rcc_initialize(
     /* [out] */ HCTX *pctx);
 
-CC_INT32 rcc_shutdown( 
+CC_INT32 rcc_shutdown(
     /* [out][in] */ HCTX *pctx);
 
-CC_INT32 rcc_get_change_time( 
+CC_INT32 rcc_get_change_time(
     /* [in] */ HCTX ctx,
     /* [out] */ CC_TIME_T *time);
 
-CC_INT32 rcc_create( 
+CC_INT32 rcc_create(
     /* [in] */ HCTX ctx,
     /* [string][in] */ const CC_CHAR *name,
     /* [string][in] */ const CC_CHAR *principal,
@@ -175,85 +173,85 @@ CC_INT32 rcc_create(
     /* [in] */ CC_UINT32 flags,
     /* [out] */ HCACHE *pcache);
 
-CC_INT32 rcc_open( 
+CC_INT32 rcc_open(
     /* [in] */ HCTX ctx,
     /* [string][in] */ const CC_CHAR *name,
     /* [in] */ CC_INT32 vers,
     /* [in] */ CC_UINT32 flags,
     /* [out] */ HCACHE *pcache);
 
-CC_INT32 rcc_close( 
+CC_INT32 rcc_close(
     /* [out][in] */ HCACHE *pcache);
 
-CC_INT32 rcc_destroy( 
+CC_INT32 rcc_destroy(
     /* [out][in] */ HCACHE *pcache);
 
-CC_INT32 rcc_seq_fetch_NCs_begin( 
+CC_INT32 rcc_seq_fetch_NCs_begin(
     /* [in] */ HCTX ctx,
     /* [out] */ HCACHE_ITER *piter);
 
-CC_INT32 rcc_seq_fetch_NCs_end( 
+CC_INT32 rcc_seq_fetch_NCs_end(
     /* [out][in] */ HCACHE_ITER *piter);
 
-CC_INT32 rcc_seq_fetch_NCs_next( 
+CC_INT32 rcc_seq_fetch_NCs_next(
     /* [in] */ HCACHE_ITER iter,
     /* [out] */ HCACHE *pcache);
 
-CC_INT32 rcc_seq_fetch_NCs( 
+CC_INT32 rcc_seq_fetch_NCs(
     /* [in] */ HCTX ctx,
     /* [out][in] */ HCACHE_ITER *piter,
     /* [out] */ HCACHE *pcache);
 
-CC_INT32 rcc_get_NC_info( 
+CC_INT32 rcc_get_NC_info(
     /* [in] */ HCTX ctx,
     /* [out] */ NC_INFO_LIST **info_list);
 
-CC_INT32 rcc_get_name( 
+CC_INT32 rcc_get_name(
     /* [in] */ HCACHE cache,
     /* [string][out] */ CC_CHAR **name);
 
-CC_INT32 rcc_set_principal( 
+CC_INT32 rcc_set_principal(
     /* [in] */ HCACHE cache,
     /* [in] */ CC_INT32 vers,
     /* [string][in] */ const CC_CHAR *principal);
 
-CC_INT32 rcc_get_principal( 
+CC_INT32 rcc_get_principal(
     /* [in] */ HCACHE cache,
     /* [string][out] */ CC_CHAR **principal);
 
-CC_INT32 rcc_get_cred_version( 
+CC_INT32 rcc_get_cred_version(
     /* [in] */ HCACHE cache,
     /* [out] */ CC_INT32 *vers);
 
-CC_INT32 rcc_lock_request( 
+CC_INT32 rcc_lock_request(
     /* [in] */ HCACHE cache,
     /* [in] */ CC_INT32 lock_type);
 
-CC_INT32 rcc_store( 
+CC_INT32 rcc_store(
     /* [in] */ HCACHE cache,
     /* [in] */ CRED_UNION cred);
 
-CC_INT32 rcc_remove_cred( 
+CC_INT32 rcc_remove_cred(
     /* [in] */ HCACHE cache,
     /* [in] */ CRED_UNION cred);
 
-CC_INT32 rcc_seq_fetch_creds( 
+CC_INT32 rcc_seq_fetch_creds(
     /* [in] */ HCACHE cache,
     /* [out][in] */ HCRED_ITER *piter,
     /* [out] */ CRED_UNION **cred);
 
-CC_INT32 rcc_seq_fetch_creds_begin( 
+CC_INT32 rcc_seq_fetch_creds_begin(
     /* [in] */ HCACHE cache,
     /* [out] */ HCRED_ITER *piter);
 
-CC_INT32 rcc_seq_fetch_creds_end( 
+CC_INT32 rcc_seq_fetch_creds_end(
     /* [out][in] */ HCRED_ITER *piter);
 
-CC_INT32 rcc_seq_fetch_creds_next( 
+CC_INT32 rcc_seq_fetch_creds_next(
     /* [in] */ HCRED_ITER iter,
     /* [out] */ CRED_UNION **cred);
 
-CC_UINT32 Connect( 
+CC_UINT32 Connect(
     /* [string][in] */ CC_CHAR *name);
 
 void Shutdown( void);
@@ -280,5 +278,3 @@ void __RPC_USER HCRED_ITER_rundown( HCRED_ITER );
 #endif
 
 #endif
-
-
diff --git a/src/ccapi/lib/win/ccs_reply_proc.c b/src/ccapi/lib/win/ccs_reply_proc.c
index b3ef3f740..4ac8940ae 100644
--- a/src/ccapi/lib/win/ccs_reply_proc.c
+++ b/src/ccapi/lib/win/ccs_reply_proc.c
@@ -52,7 +52,7 @@ void ccs_rpc_request_reply(
 #if 0
     cci_debug_printf("%s! msg#:%d SST:%ld uuid:%s", __FUNCTION__, rpcmsg, srvStartTime, uuid);
 #endif
-    if (!status) {                         
+    if (!status) {
         status = krb5int_ipc_stream_new (&stream);  /* Create a stream for the request data */
         }
 
diff --git a/src/ccapi/lib/win/dllmain.h b/src/ccapi/lib/win/dllmain.h
index abf6afd4a..a43262d52 100644
--- a/src/ccapi/lib/win/dllmain.h
+++ b/src/ccapi/lib/win/dllmain.h
@@ -29,7 +29,7 @@
 
 #include "windows.h"
 
-#ifdef __cplusplus    // If used by C++ code, 
+#ifdef __cplusplus    // If used by C++ code,
 extern "C" {          // we need to export the C interface
 #endif
 
@@ -39,4 +39,4 @@ DWORD GetTlsIndex();
 }
 #endif
 
-#endif _dll_h
\ No newline at end of file
+#endif _dll_h
diff --git a/src/ccapi/server/ccs_array.c b/src/ccapi/server/ccs_array.c
index d5dd4adb2..c5fb4f3b5 100644
--- a/src/ccapi/server/ccs_array.c
+++ b/src/ccapi/server/ccs_array.c
@@ -31,7 +31,7 @@
 
 static cc_int32 ccs_client_object_release (cci_array_object_t io_client)
 {
-    return cci_check_error (ccs_client_release ((ccs_client_t) io_client));    
+    return cci_check_error (ccs_client_release ((ccs_client_t) io_client));
 }
 
 /* ------------------------------------------------------------------------ */
@@ -88,7 +88,7 @@ cc_int32 ccs_client_array_remove (ccs_client_array_t io_array,
 
 static cc_int32 ccs_lock_object_release (cci_array_object_t io_lock)
 {
-    return cci_check_error (ccs_lock_release ((ccs_lock_t) io_lock));    
+    return cci_check_error (ccs_lock_release ((ccs_lock_t) io_lock));
 }
 
 /* ------------------------------------------------------------------------ */
@@ -154,7 +154,7 @@ cc_int32 ccs_lock_array_move (ccs_lock_array_t  io_array,
 
 static cc_int32 ccs_callback_object_release (cci_array_object_t io_callback)
 {
-    return cci_check_error (ccs_callback_release ((ccs_callback_t) io_callback));    
+    return cci_check_error (ccs_callback_release ((ccs_callback_t) io_callback));
 }
 
 /* ------------------------------------------------------------------------ */
@@ -286,7 +286,7 @@ cc_uint64 ccs_iteratorref_array_count (ccs_iteratorref_array_t in_array)
 ccs_generic_list_iterator_t ccs_iteratorref_array_object_at_index (ccs_iteratorref_array_t io_array,
                                                                    cc_uint64               in_position)
 {
-    return (ccs_generic_list_iterator_t) cci_array_object_at_index (io_array, 
+    return (ccs_generic_list_iterator_t) cci_array_object_at_index (io_array,
                                                                     in_position);
 }
 
@@ -296,8 +296,8 @@ cc_int32 ccs_iteratorref_array_insert (ccs_iteratorref_array_t     io_array,
 				       ccs_generic_list_iterator_t in_iterator,
 				       cc_uint64                   in_position)
 {
-    return cci_array_insert (io_array, 
-                             (cci_array_object_t) in_iterator, 
+    return cci_array_insert (io_array,
+                             (cci_array_object_t) in_iterator,
                              in_position);
 }
 
diff --git a/src/ccapi/server/ccs_cache_collection.c b/src/ccapi/server/ccs_cache_collection.c
index 2137e816a..c96a75bee 100644
--- a/src/ccapi/server/ccs_cache_collection.c
+++ b/src/ccapi/server/ccs_cache_collection.c
@@ -45,48 +45,48 @@ cc_int32 ccs_cache_collection_new (ccs_cache_collection_t *out_cache_collection)
 {
     cc_int32 err = ccNoError;
     ccs_cache_collection_t cache_collection = NULL;
-    
+
     if (!out_cache_collection) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         cache_collection = malloc (sizeof (*cache_collection));
-        if (cache_collection) { 
+        if (cache_collection) {
             *cache_collection = ccs_cache_collection_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = ccs_server_new_identifier (&cache_collection->identifier);
     }
-    
+
     if (!err) {
         err = ccs_lock_state_new (&cache_collection->lock_state,
                                   ccErrInvalidContext,
                                   ccErrContextLocked,
                                   ccErrContextUnlocked);
     }
-    
+
     if (!err) {
         err = ccs_ccache_list_new (&cache_collection->ccaches);
     }
-    
+
     if (!err) {
         err = ccs_callback_array_new (&cache_collection->change_callbacks);
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_changed (cache_collection);
     }
-    
+
     if (!err) {
         *out_cache_collection = cache_collection;
         cache_collection = NULL;
     }
-    
+
     ccs_cache_collection_release (cache_collection);
-    
+
     return cci_check_error (err);
 }
 
@@ -95,7 +95,7 @@ cc_int32 ccs_cache_collection_new (ccs_cache_collection_t *out_cache_collection)
 cc_int32 ccs_cache_collection_release (ccs_cache_collection_t io_cache_collection)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_cache_collection) {
         cci_identifier_release (io_cache_collection->identifier);
         ccs_lock_state_release (io_cache_collection->lock_state);
@@ -103,7 +103,7 @@ cc_int32 ccs_cache_collection_release (ccs_cache_collection_t io_cache_collectio
         ccs_callback_array_release (io_cache_collection->change_callbacks);
         free (io_cache_collection);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -114,17 +114,17 @@ cc_int32 ccs_cache_collection_compare_identifier (ccs_cache_collection_t  in_cac
                                                   cc_uint32              *out_equal)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal          ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_identifier_compare (in_cache_collection->identifier, 
-                                      in_identifier, 
+        err = cci_identifier_compare (in_cache_collection->identifier,
+                                      in_identifier,
                                       out_equal);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -138,19 +138,19 @@ cc_int32 ccs_cache_collection_changed (ccs_cache_collection_t io_cache_collectio
 {
     cc_int32 err = ccNoError;
     k5_ipc_stream reply_data = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
 
     if (!err) {
         cc_time_t now = time (NULL);
-        
+
         if (io_cache_collection->last_changed_time < now) {
             io_cache_collection->last_changed_time = now;
         } else {
             io_cache_collection->last_changed_time++;
         }
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&reply_data);
     }
@@ -158,17 +158,17 @@ cc_int32 ccs_cache_collection_changed (ccs_cache_collection_t io_cache_collectio
     if (!err) {
 	err = krb5int_ipc_stream_write_time (reply_data, io_cache_collection->last_changed_time);
     }
-    
+
     if (!err) {
 	/* Loop over callbacks sending messages to them */
 	cc_uint64 i;
         cc_uint64 count = ccs_callback_array_count (io_cache_collection->change_callbacks);
-        
+
         for (i = 0; !err && i < count; i++) {
             ccs_callback_t callback = ccs_callback_array_object_at_index (io_cache_collection->change_callbacks, i);
-            
+
 	    err = ccs_callback_reply_to_client (callback, reply_data);
-	    
+
 	    if (!err) {
 		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
 		err = ccs_callback_array_remove (io_cache_collection->change_callbacks, i);
@@ -176,13 +176,13 @@ cc_int32 ccs_cache_collection_changed (ccs_cache_collection_t io_cache_collectio
 	    }
         }
     }
-    
+
     if (!err) {
         err = ccs_os_notify_cache_collection_changed (io_cache_collection);
     }
-    
+
     krb5int_ipc_stream_release (reply_data);
-    
+
     return cci_check_error (err);
 }
 
@@ -192,19 +192,19 @@ static cc_int32 ccs_cache_collection_invalidate_change_callback (ccs_callback_ow
 								 ccs_callback_t       in_callback)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_callback        ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
 	/* Remove callback */
 	ccs_cache_collection_t cache_collection = (ccs_cache_collection_t) io_cache_collection;
 	cc_uint64 i;
         cc_uint64 count = ccs_callback_array_count (cache_collection->change_callbacks);
-        
+
         for (i = 0; !err && i < count; i++) {
             ccs_callback_t callback = ccs_callback_array_object_at_index (cache_collection->change_callbacks, i);
-            
+
 	    if (callback == in_callback) {
 		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
 		err = ccs_callback_array_remove (cache_collection->change_callbacks, i);
@@ -212,7 +212,7 @@ static cc_int32 ccs_cache_collection_invalidate_change_callback (ccs_callback_ow
 	    }
         }
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -228,27 +228,27 @@ static cc_int32 ccs_cache_collection_find_ccache_by_name (ccs_cache_collection_t
 {
     cc_int32 err = ccNoError;
     ccs_ccache_list_iterator_t iterator = NULL;
-    
+
     if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_name            ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache         ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_ccache_list_new_iterator (in_cache_collection->ccaches, 
-                                            CCS_PIPE_NULL, 
+        err = ccs_ccache_list_new_iterator (in_cache_collection->ccaches,
+                                            CCS_PIPE_NULL,
                                             &iterator);
     }
-    
+
     while (!err) {
         ccs_ccache_t ccache = NULL;
-        
+
         err = ccs_ccache_list_iterator_next (iterator, &ccache);
-        
+
         if (!err) {
             cc_uint32 equal = 0;
-            
+
             err = ccs_ccache_compare_name (ccache, in_name, &equal);
-            
+
             if (!err && equal) {
                 *out_ccache = ccache;
                 break;
@@ -256,9 +256,9 @@ static cc_int32 ccs_cache_collection_find_ccache_by_name (ccs_cache_collection_t
         }
     }
     if (err == ccIteratorEnd) { err = ccErrCCacheNotFound; }
-    
+
     if (iterator) { ccs_ccache_list_iterator_release (iterator); }
-    
+
     return cci_check_error (err);
 }
 
@@ -273,16 +273,16 @@ cc_int32 ccs_cache_collection_find_ccache (ccs_cache_collection_t  in_cache_coll
                                            ccs_ccache_t           *out_ccache)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache         ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_ccache_list_find (in_cache_collection->ccaches,
                                     in_identifier, out_ccache);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -294,28 +294,28 @@ cc_int32 ccs_ccache_collection_move_ccache (ccs_cache_collection_t io_cache_coll
 {
     cc_int32 err = ccNoError;
     ccs_ccache_t source_ccache = NULL;
-    
+
     if (!io_cache_collection  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_source_identifier ) { err = cci_check_error (ccErrBadParam); }
     if (!io_destination_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_cache_collection_find_ccache (io_cache_collection,
-                                                in_source_identifier, 
+                                                in_source_identifier,
                                                 &source_ccache);
     }
-    
+
     if (!err) {
-        err = ccs_ccache_swap_contents (source_ccache, 
-					io_destination_ccache, 
+        err = ccs_ccache_swap_contents (source_ccache,
+					io_destination_ccache,
 					io_cache_collection);
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_destroy_ccache (io_cache_collection,
                                                    in_source_identifier);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -326,16 +326,16 @@ cc_int32 ccs_cache_collection_destroy_ccache (ccs_cache_collection_t  io_cache_c
 {
     cc_int32 err = ccNoError;
     ccs_ccache_t ccache = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_cache_collection_find_ccache (io_cache_collection,
-                                                in_identifier, 
+                                                in_identifier,
                                                 &ccache);
     }
-    
+
     if (!err) {
         /* Notify before deletion because after deletion the ccache
          * will no longer exist (and won't know about its clients) */
@@ -361,17 +361,17 @@ cc_int32 ccs_cache_collection_find_ccache_iterator (ccs_cache_collection_t  in_c
                                                     ccs_ccache_iterator_t  *out_ccache_iterator)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_ccache_list_find_iterator (in_cache_collection->ccaches,
                                              in_identifier,
                                              out_ccache_iterator);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -388,36 +388,36 @@ cc_int32 ccs_cache_collection_find_credentials_iterator (ccs_cache_collection_t
 {
     cc_int32 err = ccNoError;
     ccs_ccache_list_iterator_t iterator = NULL;
-    
+
     if (!in_cache_collection     ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
     if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_ccache_list_new_iterator (in_cache_collection->ccaches, 
-                                            CCS_PIPE_NULL, 
+        err = ccs_ccache_list_new_iterator (in_cache_collection->ccaches,
+                                            CCS_PIPE_NULL,
                                             &iterator);
     }
-    
+
     while (!err) {
         ccs_ccache_t ccache = NULL;
-        
+
         err = ccs_ccache_list_iterator_next (iterator, &ccache);
-        
+
         if (!err) {
-            cc_int32 terr = ccs_ccache_find_credentials_iterator (ccache, 
+            cc_int32 terr = ccs_ccache_find_credentials_iterator (ccache,
                                                                   in_identifier,
                                                                   out_credentials_iterator);
-            if (!terr) { 
+            if (!terr) {
                 *out_ccache = ccache;
-                break; 
+                break;
             }
         }
     }
     if (err == ccIteratorEnd) { err = cci_check_error (ccErrInvalidCredentialsIterator); }
-    
+
     if (iterator) { ccs_ccache_list_iterator_release (iterator); }
-    
+
     return cci_check_error (err);
 }
 
@@ -433,27 +433,27 @@ static cc_int32 ccs_cache_collection_get_next_unique_ccache_name (ccs_cache_coll
     cc_int32 err = ccNoError;
     cc_uint64 count = 0;
     char *name = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!out_name           ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_cache_collection_list_count (io_cache_collection->ccaches, &count);
     }
-    
+
     if (!err) {
         if (count > 0) {
             while (!err) {
                 int ret = asprintf (&name, "%lld", io_cache_collection->next_unique_name++);
                 if (ret < 0 || !name) { err = cci_check_error (ccErrNoMem); }
-                
+
                 if (!err) {
                     ccs_ccache_t ccache = NULL;  /* temporary to hold ccache pointer */
-                    err = ccs_cache_collection_find_ccache_by_name (io_cache_collection, 
+                    err = ccs_cache_collection_find_ccache_by_name (io_cache_collection,
                                                                     name, &ccache);
                 }
-                
-                if (err == ccErrCCacheNotFound) { 
+
+                if (err == ccErrCCacheNotFound) {
                     err = ccNoError;
                     break;   /* found a unique one */
                 }
@@ -463,9 +463,9 @@ static cc_int32 ccs_cache_collection_get_next_unique_ccache_name (ccs_cache_coll
             if (!name) { err = cci_check_error (ccErrNoMem); }
         }
     }
-    
+
     if (!err) {
-        *out_name = name; 
+        *out_name = name;
         name = NULL;
     }
 
@@ -476,86 +476,86 @@ static cc_int32 ccs_cache_collection_get_next_unique_ccache_name (ccs_cache_coll
 
 /* ------------------------------------------------------------------------ */
 
-static cc_int32 ccs_cache_collection_get_default_ccache (ccs_cache_collection_t  in_cache_collection, 
+static cc_int32 ccs_cache_collection_get_default_ccache (ccs_cache_collection_t  in_cache_collection,
                                                          ccs_ccache_t           *out_ccache)
 {
     cc_int32 err = ccNoError;
     cc_uint64 count = 0;
-    
+
     if (!in_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!out_ccache         ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_ccache_list_count (in_cache_collection->ccaches, &count);
     }
-    
+
     if (!err) {
         if (count > 0) {
             /* First ccache is the default */
             ccs_ccache_list_iterator_t iterator = NULL;
-            
+
             err = ccs_ccache_list_new_iterator (in_cache_collection->ccaches,
-                                                CCS_PIPE_NULL, 
+                                                CCS_PIPE_NULL,
                                                 &iterator);
-            
+
             if (!err) {
                 err = ccs_ccache_list_iterator_next (iterator, out_ccache);
             }
-            
+
             ccs_ccache_list_iterator_release (iterator);
-            
+
         } else {
             err = cci_check_error (ccErrCCacheNotFound);
         }
     }
-    
+
     return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-cc_int32 ccs_cache_collection_set_default_ccache (ccs_cache_collection_t  io_cache_collection, 
+cc_int32 ccs_cache_collection_set_default_ccache (ccs_cache_collection_t  io_cache_collection,
                                                   cci_identifier_t        in_identifier)
 {
     cc_int32 err = ccNoError;
     ccs_ccache_t old_default = NULL;
     ccs_ccache_t new_default = NULL;
     cc_uint32 equal = 0;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_cache_collection_get_default_ccache (io_cache_collection, 
+        err = ccs_cache_collection_get_default_ccache (io_cache_collection,
                                                        &old_default);
     }
-    
+
     if (!err) {
 	err = ccs_ccache_compare_identifier (old_default, in_identifier, &equal);
     }
-    
-    
+
+
     if (!err && !equal) {
         err = ccs_ccache_list_push_front (io_cache_collection->ccaches,
                                           in_identifier);
-	
+
 	if (!err) {
 	    err = ccs_ccache_notify_default_state_changed (old_default,
 							   io_cache_collection,
 							   0 /* no longer default */);
 	}
-	
+
 	if (!err) {
-	    err = ccs_cache_collection_get_default_ccache (io_cache_collection, 
+	    err = ccs_cache_collection_get_default_ccache (io_cache_collection,
 							   &new_default);
 	}
-	
+
 	if (!err) {
 	    err = ccs_ccache_notify_default_state_changed (new_default,
 							   io_cache_collection,
 							   1 /* now default */);
 	}
-	
+
 	if (!err) {
 	    err = ccs_cache_collection_changed (io_cache_collection);
 	}
@@ -576,16 +576,16 @@ static cc_int32 ccs_cache_collection_sync (ccs_cache_collection_t io_cache_colle
                                             k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_identifier_write (io_cache_collection->identifier, io_reply_data);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -595,16 +595,16 @@ static cc_int32 ccs_cache_collection_get_change_time (ccs_cache_collection_t io_
                                                        k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (io_reply_data, io_cache_collection->last_changed_time);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -619,27 +619,27 @@ static cc_int32 ccs_cache_collection_wait_for_change (ccs_pipe_t              in
     cc_int32 err = ccNoError;
     cc_time_t last_wait_for_change_time = 0;
     cc_uint32 will_block = 0;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe )) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
     if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (in_request_data, &last_wait_for_change_time);
     }
-    
+
     if (!err) {
 	if (last_wait_for_change_time < io_cache_collection->last_changed_time) {
 	    err = krb5int_ipc_stream_write_time (io_reply_data, io_cache_collection->last_changed_time);
-	
+
 	} else {
 	    ccs_callback_t callback = NULL;
 
-	    err = ccs_callback_new (&callback, 
-				    ccErrInvalidContext, 
-				    in_client_pipe, 
+	    err = ccs_callback_new (&callback,
+				    ccErrInvalidContext,
+				    in_client_pipe,
 				    in_reply_pipe,
 				    (ccs_callback_owner_t) io_cache_collection,
 				    ccs_cache_collection_invalidate_change_callback);
@@ -648,19 +648,19 @@ static cc_int32 ccs_cache_collection_wait_for_change (ccs_pipe_t              in
 		err = ccs_callback_array_insert (io_cache_collection->change_callbacks, callback,
 						 ccs_callback_array_count (io_cache_collection->change_callbacks));
 		if (!err) { callback = NULL; /* take ownership */ }
-		
+
 		will_block = 1;
 	    }
 
 	    ccs_callback_release (callback);
 	}
     }
-    
+
     if (!err) {
 	*out_will_block = will_block;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -671,31 +671,31 @@ static cc_int32 ccs_cache_collection_get_default_ccache_name (ccs_cache_collecti
 {
     cc_int32 err = ccNoError;
     cc_uint64 count = 0;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_cache_collection_list_count (io_cache_collection->ccaches, &count);
     }
-    
+
     if (!err) {
         if (count > 0) {
             ccs_ccache_t ccache = NULL;
 
             err = ccs_cache_collection_get_default_ccache (io_cache_collection, &ccache);
-            
+
             if (!err) {
                 err = ccs_ccache_write_name (ccache, io_reply_data);
             }
         } else {
-            err = krb5int_ipc_stream_write_string (io_reply_data, 
+            err = krb5int_ipc_stream_write_string (io_reply_data,
                                            k_cci_context_initial_ccache_name);
         }
     }
 
-    return cci_check_error (err);    
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -707,27 +707,27 @@ static cc_int32 ccs_cache_collection_open_ccache (ccs_cache_collection_t io_cach
     cc_int32 err = ccNoError;
     char *name = NULL;
     ccs_ccache_t ccache = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (in_request_data, &name);
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_find_ccache_by_name (io_cache_collection,
                                                         name, &ccache);
     }
-    
+
     if (!err) {
         err = ccs_ccache_write (ccache, io_reply_data);
     }
-    
+
     krb5int_ipc_stream_free_string (name);
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -738,21 +738,21 @@ static cc_int32 ccs_cache_collection_open_default_ccache (ccs_cache_collection_t
 {
     cc_int32 err = ccNoError;
     ccs_ccache_t ccache = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-         err = ccs_cache_collection_get_default_ccache (io_cache_collection, 
+         err = ccs_cache_collection_get_default_ccache (io_cache_collection,
                                                         &ccache);
     }
-    
+
     if (!err) {
         err = ccs_ccache_write (ccache, io_reply_data);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -766,49 +766,49 @@ static cc_int32 ccs_cache_collection_create_ccache (ccs_cache_collection_t io_ca
     cc_uint32 cred_vers;
     char *principal = NULL;
     ccs_ccache_t ccache = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (in_request_data, &name);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (in_request_data, &principal);
     }
-    
+
     if (!err) {
         cc_int32 terr = ccs_cache_collection_find_ccache_by_name (io_cache_collection,
                                                                   name,
                                                                   &ccache);
-        
+
         if (!terr) {
             err = ccs_ccache_reset (ccache, io_cache_collection, cred_vers, principal);
-            
+
         } else {
-            err = ccs_ccache_new (&ccache, cred_vers, name, principal, 
+            err = ccs_ccache_new (&ccache, cred_vers, name, principal,
                                   io_cache_collection->ccaches);
         }
     }
-    
+
     if (!err) {
         err = ccs_ccache_write (ccache, io_reply_data);
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_changed (io_cache_collection);
     }
-    
+
     krb5int_ipc_stream_free_string (name);
     krb5int_ipc_stream_free_string (principal);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -821,52 +821,52 @@ static cc_int32 ccs_cache_collection_create_default_ccache (ccs_cache_collection
     cc_uint32 cred_vers;
     char *principal = NULL;
     ccs_ccache_t ccache = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (in_request_data, &principal);
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_get_default_ccache (io_cache_collection,
                                                        &ccache);
-        
+
         if (!err) {
             err = ccs_ccache_reset (ccache, io_cache_collection, cred_vers, principal);
 
         } else if (err == ccErrCCacheNotFound) {
             char *name = NULL;
-            
-            err = ccs_cache_collection_get_next_unique_ccache_name (io_cache_collection, 
+
+            err = ccs_cache_collection_get_next_unique_ccache_name (io_cache_collection,
                                                                     &name);
-            
+
             if (!err) {
-                err = ccs_ccache_new (&ccache, cred_vers, name, principal, 
+                err = ccs_ccache_new (&ccache, cred_vers, name, principal,
                                       io_cache_collection->ccaches);
             }
-            
+
             free (name);
         }
     }
-    
+
     if (!err) {
         err = ccs_ccache_write (ccache, io_reply_data);
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_changed (io_cache_collection);
     }
-    
+
     krb5int_ipc_stream_free_string (principal);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -880,41 +880,41 @@ static cc_int32 ccs_cache_collection_create_new_ccache (ccs_cache_collection_t i
     char *principal = NULL;
     char *name = NULL;
     ccs_ccache_t ccache = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (in_request_data, &principal);
     }
-    
+
     if (!err) {
-        err = ccs_cache_collection_get_next_unique_ccache_name (io_cache_collection, 
+        err = ccs_cache_collection_get_next_unique_ccache_name (io_cache_collection,
                                                                 &name);
     }
-    
+
     if (!err) {
-        err = ccs_ccache_new (&ccache, cred_vers, name, principal, 
+        err = ccs_ccache_new (&ccache, cred_vers, name, principal,
                               io_cache_collection->ccaches);
     }
-    
+
     if (!err) {
         err = ccs_ccache_write (ccache, io_reply_data);
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_changed (io_cache_collection);
     }
-    
+
     free (name);
     krb5int_ipc_stream_free_string (principal);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -926,22 +926,22 @@ static  cc_int32 ccs_cache_collection_new_ccache_iterator (ccs_cache_collection_
 {
     cc_int32 err = ccNoError;
     ccs_ccache_iterator_t ccache_iterator = NULL;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_ccache_list_new_iterator (io_cache_collection->ccaches,
                                             in_client_pipe,
                                             &ccache_iterator);
     }
-    
+
     if (!err) {
         err = ccs_ccache_list_iterator_write (ccache_iterator, io_reply_data);
     }
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -956,28 +956,28 @@ static cc_int32 ccs_cache_collection_lock (ccs_pipe_t              in_client_pip
     cc_int32 err = ccNoError;
     cc_uint32 lock_type;
     cc_uint32 block;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
     if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &lock_type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &block);
     }
-    
+
     if (!err) {
-        err = ccs_lock_state_add (io_cache_collection->lock_state, 
-                                  in_client_pipe, in_reply_pipe, 
+        err = ccs_lock_state_add (io_cache_collection->lock_state,
+                                  in_client_pipe, in_reply_pipe,
                                   lock_type, block, out_will_block);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -988,18 +988,18 @@ static cc_int32 ccs_cache_collection_unlock (ccs_pipe_t             in_client_pi
                                              k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_lock_state_remove (io_cache_collection->lock_state, 
+        err = ccs_lock_state_remove (io_cache_collection->lock_state,
                                      in_client_pipe);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -1019,81 +1019,81 @@ static cc_int32 ccs_cache_collection_unlock (ccs_pipe_t             in_client_pi
     cc_int32 err = ccNoError;
     cc_uint32 will_block = 0;
     k5_ipc_stream reply_data = NULL;
-     
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
     if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
     if (!out_reply_data                 ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&reply_data);
     }
-    
+
     if (!err) {
         if (in_request_name == cci_context_unused_release_msg_id) {
             /* Old release message.  Do nothing. */
-            
+
         } else if (in_request_name == cci_context_sync_msg_id) {
             err = ccs_cache_collection_sync (io_cache_collection,
                                              in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_context_get_change_time_msg_id) {
             err = ccs_cache_collection_get_change_time (io_cache_collection,
                                                         in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_context_wait_for_change_msg_id) {
-            err = ccs_cache_collection_wait_for_change (in_client_pipe, in_reply_pipe, 
+            err = ccs_cache_collection_wait_for_change (in_client_pipe, in_reply_pipe,
 							io_cache_collection,
                                                         in_request_data, reply_data,
 							&will_block);
-            
+
         } else if (in_request_name == cci_context_get_default_ccache_name_msg_id) {
             err = ccs_cache_collection_get_default_ccache_name (io_cache_collection,
                                                                 in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_context_open_ccache_msg_id) {
             err = ccs_cache_collection_open_ccache (io_cache_collection,
                                                     in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_context_open_default_ccache_msg_id) {
             err = ccs_cache_collection_open_default_ccache (io_cache_collection,
                                                             in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_context_create_ccache_msg_id) {
             err = ccs_cache_collection_create_ccache (io_cache_collection,
                                                       in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_context_create_default_ccache_msg_id) {
             err = ccs_cache_collection_create_default_ccache (io_cache_collection,
                                                               in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_context_create_new_ccache_msg_id) {
             err = ccs_cache_collection_create_new_ccache (io_cache_collection,
                                                           in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_context_new_ccache_iterator_msg_id) {
             err = ccs_cache_collection_new_ccache_iterator (io_cache_collection,
                                                             in_client_pipe,
-                                                            in_request_data, 
+                                                            in_request_data,
                                                             reply_data);
-            
+
         } else if (in_request_name == cci_context_lock_msg_id) {
-            err = ccs_cache_collection_lock (in_client_pipe, in_reply_pipe, 
+            err = ccs_cache_collection_lock (in_client_pipe, in_reply_pipe,
                                              io_cache_collection,
-                                             in_request_data, 
+                                             in_request_data,
                                              &will_block, reply_data);
-            
+
         } else if (in_request_name == cci_context_unlock_msg_id) {
             err = ccs_cache_collection_unlock (in_client_pipe, io_cache_collection,
                                                in_request_data, reply_data);
-           
+
         } else {
             err = ccErrBadInternalMessage;
         }
     }
-    
+
     if (!err) {
         *out_will_block = will_block;
         if (!will_block) {
@@ -1103,8 +1103,8 @@ static cc_int32 ccs_cache_collection_unlock (ccs_pipe_t             in_client_pi
             *out_reply_data = NULL;
         }
     }
-    
+
     krb5int_ipc_stream_release (reply_data);
-    
+
     return cci_check_error (err);
 }
diff --git a/src/ccapi/server/ccs_cache_collection.h b/src/ccapi/server/ccs_cache_collection.h
index f0507967b..53f97092f 100644
--- a/src/ccapi/server/ccs_cache_collection.h
+++ b/src/ccapi/server/ccs_cache_collection.h
@@ -39,7 +39,7 @@ cc_int32 ccs_cache_collection_compare_identifier (ccs_cache_collection_t  in_cac
 
 cc_int32 ccs_cache_collection_changed (ccs_cache_collection_t io_cache_collection);
 
-cc_int32 ccs_cache_collection_set_default_ccache (ccs_cache_collection_t  in_cache_collection, 
+cc_int32 ccs_cache_collection_set_default_ccache (ccs_cache_collection_t  in_cache_collection,
                                                   cci_identifier_t        in_identifier);
 
 cc_int32 ccs_cache_collection_find_ccache (ccs_cache_collection_t  in_cache_collection,
diff --git a/src/ccapi/server/ccs_callback.c b/src/ccapi/server/ccs_callback.c
index 94e9d9b4b..499ba30de 100644
--- a/src/ccapi/server/ccs_callback.c
+++ b/src/ccapi/server/ccs_callback.c
@@ -49,52 +49,52 @@ cc_int32 ccs_callback_new (ccs_callback_t                  *out_callback,
     cc_int32 err = ccNoError;
     ccs_callback_t callback = NULL;
     ccs_client_t client = NULL;
-    
+
     if (!out_callback                   ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
     if (!in_owner                       ) { err = cci_check_error (ccErrBadParam); }
     if (!in_owner_invalidate_function   ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         callback = malloc (sizeof (*callback));
-        if (callback) { 
+        if (callback) {
             *callback = ccs_callback_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = ccs_server_client_for_pipe (in_client_pipe, &client);
     }
-    
+
     if (!err) {
 	err = ccs_pipe_copy (&callback->client_pipe, in_client_pipe);
     }
-    
+
     if (!err) {
 	err = ccs_pipe_copy (&callback->reply_pipe, in_reply_pipe);
     }
-    
+
     if (!err) {
         callback->client_pipe = in_client_pipe;
         callback->reply_pipe = in_reply_pipe;
         callback->invalid_object_err = in_invalid_object_err;
         callback->owner = in_owner;
         callback->owner_invalidate = in_owner_invalidate_function;
-    
+
         err = ccs_client_add_callback (client, callback);
     }
-     
+
     if (!err) {
         *out_callback = callback;
         callback = NULL;
     }
-    
+
     ccs_callback_release (callback);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -102,34 +102,34 @@ cc_int32 ccs_callback_new (ccs_callback_t                  *out_callback,
 cc_int32 ccs_callback_release (ccs_callback_t io_callback)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_callback) {
 	ccs_client_t client = NULL;
 
 	if (io_callback->pending) {
-	    err = ccs_server_send_reply (io_callback->reply_pipe, 
+	    err = ccs_server_send_reply (io_callback->reply_pipe,
 					 io_callback->invalid_object_err, NULL);
-	    
+
 	    io_callback->pending = 0;
 	}
-	
+
 	if (!err) {
 	    err = ccs_server_client_for_pipe (io_callback->client_pipe, &client);
 	}
-	
+
 	if (!err && client) {
 	    /* if client object still has a reference to us, remove it */
 	    err = ccs_client_remove_callback (client, io_callback);
 	}
-	
+
 	if (!err) {
 	    ccs_pipe_release (io_callback->client_pipe);
 	    ccs_pipe_release (io_callback->reply_pipe);
 	    free (io_callback);
 	}
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -137,19 +137,19 @@ cc_int32 ccs_callback_release (ccs_callback_t io_callback)
 cc_int32 ccs_callback_invalidate (ccs_callback_t io_callback)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_callback) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         io_callback->pending = 0; /* client is dead, don't try to talk to it */
 	if (io_callback->owner_invalidate) {
 	    err = io_callback->owner_invalidate (io_callback->owner, io_callback);
 	} else {
-	    cci_debug_printf ("WARNING %s() unable to notify callback owner!", 
+	    cci_debug_printf ("WARNING %s() unable to notify callback owner!",
 			      __FUNCTION__);
 	}
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -159,28 +159,28 @@ cc_int32 ccs_callback_reply_to_client (ccs_callback_t io_callback,
 				       k5_ipc_stream   in_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_callback) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         if (io_callback->pending) {
 	    cci_debug_printf ("%s: callback %p replying to client.", __FUNCTION__, io_callback);
 
             err = ccs_server_send_reply (io_callback->reply_pipe, err, in_stream);
-            
+
             if (err) {
-                cci_debug_printf ("WARNING %s() called on a lock belonging to a dead client!", 
+                cci_debug_printf ("WARNING %s() called on a lock belonging to a dead client!",
                                   __FUNCTION__);
             }
-            
+
             io_callback->pending = 0;
         } else {
-            cci_debug_printf ("WARNING %s() called on non-pending callback!", 
+            cci_debug_printf ("WARNING %s() called on non-pending callback!",
                               __FUNCTION__);
         }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -189,15 +189,15 @@ cc_uint32 ccs_callback_is_pending (ccs_callback_t  in_callback,
 				   cc_uint32      *out_pending)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_callback) { err = cci_check_error (ccErrBadParam); }
     if (!out_pending) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_pending = in_callback->pending;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -207,17 +207,17 @@ cc_int32 ccs_callback_is_for_client_pipe (ccs_callback_t  in_callback,
 					  cc_uint32      *out_is_for_client_pipe)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_callback                    ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!out_is_for_client_pipe         ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_pipe_compare (in_callback->client_pipe, in_client_pipe, 
+        err = ccs_pipe_compare (in_callback->client_pipe, in_client_pipe,
                                 out_is_for_client_pipe);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 
@@ -227,13 +227,13 @@ cc_int32 ccs_callback_client_pipe (ccs_callback_t  in_callback,
 				   ccs_pipe_t     *out_client_pipe)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_callback    ) { err = cci_check_error (ccErrBadParam); }
     if (!out_client_pipe) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_client_pipe = in_callback->client_pipe;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
diff --git a/src/ccapi/server/ccs_ccache.c b/src/ccapi/server/ccs_ccache.c
index d7662343a..c1e91bce8 100644
--- a/src/ccapi/server/ccs_ccache.c
+++ b/src/ccapi/server/ccs_ccache.c
@@ -56,43 +56,43 @@ cc_int32 ccs_ccache_new (ccs_ccache_t      *out_ccache,
 {
     cc_int32 err = ccNoError;
     ccs_ccache_t ccache = NULL;
-    
+
     if (!out_ccache  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_name     ) { err = cci_check_error (ccErrBadParam); }
     if (!in_principal) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         ccache = malloc (sizeof (*ccache));
-        if (ccache) { 
+        if (ccache) {
             *ccache = ccs_ccache_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = ccs_server_new_identifier (&ccache->identifier);
     }
-    
+
     if (!err) {
         err = ccs_lock_state_new (&ccache->lock_state,
                                   ccErrInvalidCCache,
                                   ccErrCCacheLocked,
                                   ccErrCCacheUnlocked);
     }
-    
+
     if (!err) {
         ccache->name = strdup (in_name);
         if (!ccache->name) { err = cci_check_error (ccErrNoMem); }
     }
-    
+
     if (!err) {
         ccache->creds_version = in_creds_version;
 
         if (ccache->creds_version == cc_credentials_v4) {
             ccache->v4_principal = strdup (in_principal);
             if (!ccache->v4_principal) { err = cci_check_error (ccErrNoMem); }
-            
+
         } else if (ccache->creds_version == cc_credentials_v5) {
             ccache->v5_principal = strdup (in_principal);
             if (!ccache->v5_principal) { err = cci_check_error (ccErrNoMem); }
@@ -101,43 +101,43 @@ cc_int32 ccs_ccache_new (ccs_ccache_t      *out_ccache,
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
     }
-    
+
     if (!err) {
         err = ccs_credentials_list_new (&ccache->credentials);
     }
-    
+
     if (!err) {
         err = ccs_callback_array_new (&ccache->change_callbacks);
     }
-    
+
     if (!err) {
         cc_uint64 now = time (NULL);
         cc_uint64 count = 0;
-        
+
         err = ccs_ccache_list_count (io_ccache_list, &count);
-        
+
         if (!err) {
             /* first cache is default */
             ccache->last_default_time = (count == 0) ? now : 0;
-	    cci_debug_printf ("%s ccache->last_default_time is %d.", 
+	    cci_debug_printf ("%s ccache->last_default_time is %d.",
 			     __FUNCTION__, ccache->last_default_time);
             ccache->last_changed_time = now;
         }
     }
-        
+
     if (!err) {
         /* Add self to the list of ccaches */
         err = ccs_ccache_list_add (io_ccache_list, ccache);
     }
-    
+
     if (!err) {
         *out_ccache = ccache;
         ccache = NULL;
     }
-    
+
     ccs_ccache_release (ccache);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -151,41 +151,41 @@ cc_int32 ccs_ccache_reset (ccs_ccache_t            io_ccache,
     char *v4_principal = NULL;
     char *v5_principal = NULL;
     ccs_credentials_list_t credentials = NULL;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_principal       ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         io_ccache->creds_version = in_creds_version;
-        
+
         if (io_ccache->creds_version == cc_credentials_v4) {
             v4_principal = strdup (in_principal);
             if (!v4_principal) { err = cci_check_error (ccErrNoMem); }
-            
+
         } else if (io_ccache->creds_version == cc_credentials_v5) {
             v5_principal = strdup (in_principal);
             if (!v5_principal) { err = cci_check_error (ccErrNoMem); }
-            
+
         } else {
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
     }
-    
+
     if (!err) {
         err = ccs_credentials_list_new (&credentials);
     }
-    
+
     if (!err) {
         io_ccache->kdc_time_offset_v4 = 0;
         io_ccache->kdc_time_offset_v4_valid = 0;
         io_ccache->kdc_time_offset_v5 = 0;
         io_ccache->kdc_time_offset_v5_valid = 0;
-        
+
         if (io_ccache->v4_principal) { free (io_ccache->v4_principal); }
         io_ccache->v4_principal = v4_principal;
         v4_principal = NULL; /* take ownership */
-        
+
         if (io_ccache->v5_principal) { free (io_ccache->v5_principal); }
         io_ccache->v5_principal = v5_principal;
         v5_principal = NULL; /* take ownership */
@@ -193,51 +193,51 @@ cc_int32 ccs_ccache_reset (ccs_ccache_t            io_ccache,
         ccs_credentials_list_release (io_ccache->credentials);
         io_ccache->credentials = credentials;
         credentials = NULL; /* take ownership */
-        
+
 	err = ccs_ccache_changed (io_ccache, io_cache_collection);
     }
-    
+
     free (v4_principal);
     free (v5_principal);
     ccs_credentials_list_release (credentials);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-cc_int32 ccs_ccache_swap_contents (ccs_ccache_t           io_source_ccache, 
+cc_int32 ccs_ccache_swap_contents (ccs_ccache_t           io_source_ccache,
                                    ccs_ccache_t           io_destination_ccache,
 				   ccs_cache_collection_t io_cache_collection)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_source_ccache     ) { err = cci_check_error (ccErrBadParam); }
     if (!io_destination_ccache) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         struct ccs_ccache_d temp_ccache = *io_destination_ccache;
-        
+
         /* swap everything */
         *io_destination_ccache = *io_source_ccache;
         *io_source_ccache = temp_ccache;
-        
+
         /* swap back the name and identifier */
         io_source_ccache->identifier = io_destination_ccache->identifier;
         io_destination_ccache->identifier = temp_ccache.identifier;
-        
+
         io_source_ccache->name = io_destination_ccache->name;
         io_destination_ccache->name = temp_ccache.name;
     }
-    
+
     if (!err) {
         err = ccs_ccache_changed (io_source_ccache, io_cache_collection);
     }
-    
+
     if (!err) {
         err = ccs_ccache_changed (io_destination_ccache, io_cache_collection);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -246,7 +246,7 @@ cc_int32 ccs_ccache_swap_contents (ccs_ccache_t           io_source_ccache,
 cc_int32 ccs_ccache_release (ccs_ccache_t io_ccache)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_ccache) {
         cci_identifier_release (io_ccache->identifier);
         ccs_lock_state_release (io_ccache->lock_state);
@@ -257,8 +257,8 @@ cc_int32 ccs_ccache_release (ccs_ccache_t io_ccache)
         ccs_callback_array_release (io_ccache->change_callbacks);
         free (io_ccache);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -272,17 +272,17 @@ cc_int32 ccs_ccache_compare_identifier (ccs_ccache_t      in_ccache,
                                         cc_uint32        *out_equal)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_ccache    ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal    ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_identifier_compare (in_ccache->identifier, 
-                                      in_identifier, 
+        err = cci_identifier_compare (in_ccache->identifier,
+                                      in_identifier,
                                       out_equal);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -293,15 +293,15 @@ cc_int32 ccs_ccache_compare_name (ccs_ccache_t  in_ccache,
                                   cc_uint32    *out_equal)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
     if (!in_name  ) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_equal = (strcmp (in_ccache->name, in_name) == 0);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -316,28 +316,28 @@ cc_int32 ccs_ccache_changed (ccs_ccache_t           io_ccache,
 {
     cc_int32 err = ccNoError;
     k5_ipc_stream reply_data = NULL;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         cc_time_t now = time (NULL);
-        
+
         if (io_ccache->last_changed_time < now) {
             io_ccache->last_changed_time = now;
         } else {
             io_ccache->last_changed_time++;
         }
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_changed (io_cache_collection);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&reply_data);
     }
-    
+
     if (!err) {
 	err = krb5int_ipc_stream_write_time (reply_data, io_ccache->last_changed_time);
     }
@@ -346,12 +346,12 @@ cc_int32 ccs_ccache_changed (ccs_ccache_t           io_ccache,
 	/* Loop over callbacks sending messages to them */
 	cc_uint64 i;
         cc_uint64 count = ccs_callback_array_count (io_ccache->change_callbacks);
-        
+
         for (i = 0; !err && i < count; i++) {
             ccs_callback_t callback = ccs_callback_array_object_at_index (io_ccache->change_callbacks, i);
-            
+
 	    err = ccs_callback_reply_to_client (callback, reply_data);
-	    
+
 	    if (!err) {
 		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
 		err = ccs_callback_array_remove (io_ccache->change_callbacks, i);
@@ -359,14 +359,14 @@ cc_int32 ccs_ccache_changed (ccs_ccache_t           io_ccache,
 	    }
         }
     }
-    
+
     if (!err) {
-        err = ccs_os_notify_ccache_changed (io_cache_collection, 
+        err = ccs_os_notify_ccache_changed (io_cache_collection,
                                             io_ccache->name);
     }
-    
+
     krb5int_ipc_stream_release (reply_data);
-    
+
     return cci_check_error (err);
 }
 
@@ -376,19 +376,19 @@ static cc_int32 ccs_ccache_invalidate_change_callback (ccs_callback_owner_t io_c
 						       ccs_callback_t       in_callback)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_callback) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
 	/* Remove callback */
 	ccs_ccache_t ccache = (ccs_ccache_t) io_ccache;
 	cc_uint64 i;
         cc_uint64 count = ccs_callback_array_count (ccache->change_callbacks);
-        
+
         for (i = 0; !err && i < count; i++) {
             ccs_callback_t callback = ccs_callback_array_object_at_index (ccache->change_callbacks, i);
-            
+
 	    if (callback == in_callback) {
 		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
 		err = ccs_callback_array_remove (ccache->change_callbacks, i);
@@ -396,7 +396,7 @@ static cc_int32 ccs_ccache_invalidate_change_callback (ccs_callback_owner_t io_c
 	    }
         }
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -407,24 +407,24 @@ cc_int32 ccs_ccache_notify_default_state_changed (ccs_ccache_t           io_ccac
                                                   cc_uint32              in_new_default_state)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && in_new_default_state) {
         cc_time_t now = time (NULL);
-        
+
         if (io_ccache->last_default_time < now) {
             io_ccache->last_default_time = now;
         } else {
             io_ccache->last_default_time++;
         }
     }
-    
+
     if (!err) {
         err = ccs_ccache_changed (io_ccache, io_cache_collection);
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -439,17 +439,17 @@ cc_int32 ccs_ccache_find_credentials_iterator (ccs_ccache_t                in_cc
                                                ccs_credentials_iterator_t *out_credentials_iterator)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_ccache               ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier           ) { err = cci_check_error (ccErrBadParam); }
     if (!out_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_credentials_list_find_iterator (in_ccache->credentials,
                                                   in_identifier,
                                                   out_credentials_iterator);
     }
-    
+
     // Don't report ccErrInvalidCredentials to the log file.  Non-fatal.
     return (err == ccErrInvalidCredentials) ? err : cci_check_error (err);
 }
@@ -464,15 +464,15 @@ cc_int32 ccs_ccache_write (ccs_ccache_t in_ccache,
                            k5_ipc_stream io_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
     if (!io_stream) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_identifier_write (in_ccache->identifier, io_stream);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 
@@ -482,15 +482,15 @@ cc_int32 ccs_ccache_write_name (ccs_ccache_t in_ccache,
                                 k5_ipc_stream io_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_ccache) { err = cci_check_error (ccErrBadParam); }
     if (!io_stream) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (io_stream, in_ccache->name);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -506,23 +506,23 @@ static cc_int32 ccs_ccache_destroy (ccs_ccache_t           io_ccache,
                                     k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_cache_collection_destroy_ccache (io_cache_collection, 
+        err = ccs_cache_collection_destroy_ccache (io_cache_collection,
                                                    io_ccache->identifier);
     }
-    
+
     if (!err) {
         /* ccache has been destroyed so just mark the cache collection */
         err = ccs_cache_collection_changed (io_cache_collection);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -533,18 +533,18 @@ static cc_int32 ccs_ccache_set_default (ccs_ccache_t           io_ccache,
                                         k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_cache_collection_set_default_ccache (io_cache_collection, 
+        err = ccs_cache_collection_set_default_ccache (io_cache_collection,
                                                        io_ccache->identifier);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -555,17 +555,17 @@ static cc_int32 ccs_ccache_get_credentials_version (ccs_ccache_t           io_cc
                                                     k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_uint32 (io_reply_data, io_ccache->creds_version);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -576,17 +576,17 @@ static cc_int32 ccs_ccache_get_name (ccs_ccache_t           io_ccache,
                                      k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->name);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -598,33 +598,33 @@ static cc_int32 ccs_ccache_get_principal (ccs_ccache_t           io_ccache,
 {
     cc_int32 err = ccNoError;
     cc_uint32 version = 0;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &version);
     }
-    
+
     if (!err && version == cc_credentials_v4_v5) {
         err = cci_check_error (ccErrBadCredentialsVersion);
     }
-    
+
     if (!err) {
         if (version == cc_credentials_v4) {
             err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v4_principal);
-            
+
         } else if (version == cc_credentials_v5) {
             err = krb5int_ipc_stream_write_string (io_reply_data, io_ccache->v5_principal);
-            
+
         } else {
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -637,35 +637,35 @@ static cc_int32 ccs_ccache_set_principal (ccs_ccache_t           io_ccache,
     cc_int32 err = ccNoError;
     cc_uint32 version = 0;
     char *principal = NULL;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &version);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_string (in_request_data, &principal);
     }
-    
+
     if (!err) {
         /* reset KDC time offsets because they are per-KDC */
         if (version == cc_credentials_v4) {
             io_ccache->kdc_time_offset_v4 = 0;
             io_ccache->kdc_time_offset_v4_valid = 0;
-            
+
             if (io_ccache->v4_principal) { free (io_ccache->v4_principal); }
             io_ccache->v4_principal = principal;
             principal = NULL; /* take ownership */
-            
-            
+
+
         } else if (version == cc_credentials_v5) {
             io_ccache->kdc_time_offset_v5 = 0;
             io_ccache->kdc_time_offset_v5_valid = 0;
-            
+
             if (io_ccache->v5_principal) { free (io_ccache->v5_principal); }
             io_ccache->v5_principal = principal;
             principal = NULL; /* take ownership */
@@ -674,16 +674,16 @@ static cc_int32 ccs_ccache_set_principal (ccs_ccache_t           io_ccache,
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
     }
-    
+
     if (!err) {
         io_ccache->creds_version |= version;
-        
+
         err = ccs_ccache_changed (io_ccache, io_cache_collection);
     }
-    
+
     krb5int_ipc_stream_free_string (principal);
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -695,24 +695,24 @@ static cc_int32 ccs_ccache_store_credentials (ccs_ccache_t           io_ccache,
 {
     cc_int32 err = ccNoError;
     ccs_credentials_t credentials = NULL;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_credentials_new (&credentials, in_request_data, 
-                                   io_ccache->creds_version, 
+        err = ccs_credentials_new (&credentials, in_request_data,
+                                   io_ccache->creds_version,
                                    io_ccache->credentials);
     }
-    
+
     if (!err) {
         err = ccs_ccache_changed (io_ccache, io_cache_collection);
     }
-    
-    
-    return cci_check_error (err);    
+
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -724,27 +724,27 @@ static cc_int32 ccs_ccache_remove_credentials (ccs_ccache_t           io_ccache,
 {
     cc_int32 err = ccNoError;
     cci_identifier_t credentials_identifier = NULL;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_identifier_read (&credentials_identifier, in_request_data);
     }
-    
+
     if (!err) {
         err = ccs_credentials_list_remove (io_ccache->credentials, credentials_identifier);
     }
-    
+
     if (!err) {
         err = ccs_ccache_changed (io_ccache, io_cache_collection);
     }
-    
+
     cci_identifier_release (credentials_identifier);
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -757,23 +757,23 @@ static cc_int32 ccs_ccache_new_credentials_iterator (ccs_ccache_t           io_c
 {
     cc_int32 err = ccNoError;
     ccs_credentials_iterator_t credentials_iterator = NULL;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_credentials_list_new_iterator (io_ccache->credentials,
                                                  in_client_pipe,
                                                  &credentials_iterator);
     }
-    
+
     if (!err) {
         err = ccs_credentials_list_iterator_write (credentials_iterator, io_reply_data);
     }
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -785,31 +785,31 @@ static cc_int32 ccs_ccache_move (ccs_ccache_t           io_ccache,
 {
     cc_int32 err = ccNoError;
     cci_identifier_t source_identifier = NULL;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         /* Note: message is sent as the destination ccache to avoid     */
         /* extra work on the server when deleting it the source ccache. */
         err = cci_identifier_read (&source_identifier, in_request_data);
     }
-    
+
     if (!err) {
         err = ccs_ccache_collection_move_ccache (io_cache_collection,
-                                                 source_identifier, 
+                                                 source_identifier,
                                                  io_ccache);
     }
-    
+
     if (!err) {
         err = ccs_ccache_changed (io_ccache, io_cache_collection);
     }
-    
+
     cci_identifier_release (source_identifier);
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -825,29 +825,29 @@ static cc_int32 ccs_ccache_lock (ccs_pipe_t             in_client_pipe,
     cc_int32 err = ccNoError;
     cc_uint32 lock_type;
     cc_uint32 block;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
     if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &lock_type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &block);
     }
-    
+
     if (!err) {
-        err = ccs_lock_state_add (io_ccache->lock_state, 
-                                  in_client_pipe, in_reply_pipe, 
+        err = ccs_lock_state_add (io_ccache->lock_state,
+                                  in_client_pipe, in_reply_pipe,
                                   lock_type, block, out_will_block);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -859,18 +859,18 @@ static cc_int32 ccs_ccache_unlock (ccs_pipe_t             in_client_pipe,
                                    k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data                  ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_lock_state_remove (io_ccache->lock_state, in_client_pipe);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -881,21 +881,21 @@ static cc_int32 ccs_ccache_get_last_default_time (ccs_ccache_t           io_ccac
                                                   k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && io_ccache->last_default_time == 0) {
         err = cci_check_error (ccErrNeverDefault);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_default_time);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -906,17 +906,17 @@ static cc_int32 ccs_ccache_get_change_time (ccs_ccache_t           io_ccache,
                                             k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -932,51 +932,51 @@ static cc_int32 ccs_ccache_wait_for_change (ccs_pipe_t              in_client_pi
     cc_int32 err = ccNoError;
     cc_time_t last_wait_for_change_time = 0;
     cc_uint32 will_block = 0;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe )) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache                      ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
     if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_time (in_request_data, &last_wait_for_change_time);
     }
-    
+
     if (!err) {
 	if (last_wait_for_change_time < io_ccache->last_changed_time) {
 	    cci_debug_printf ("%s returning immediately", __FUNCTION__);
 	    err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->last_changed_time);
-	    
+
 	} else {
 	    ccs_callback_t callback = NULL;
 
-	    err = ccs_callback_new (&callback, 
-				    ccErrInvalidCCache, 
-				    in_client_pipe, 
+	    err = ccs_callback_new (&callback,
+				    ccErrInvalidCCache,
+				    in_client_pipe,
 				    in_reply_pipe,
 				    (ccs_callback_owner_t) io_ccache,
 				    ccs_ccache_invalidate_change_callback);
-	
+
 	    if (!err) {
 		err = ccs_callback_array_insert (io_ccache->change_callbacks, callback,
 						 ccs_callback_array_count (io_ccache->change_callbacks));
 		if (!err) { callback = NULL; /* take ownership */ }
-		
+
 		cci_debug_printf ("%s blocking", __FUNCTION__);
 		will_block = 1;
 	    }
-	    
+
 	    ccs_callback_release (callback);
 	}
     }
-	
+
     if (!err) {
 	*out_will_block = will_block;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -988,16 +988,16 @@ static cc_int32 ccs_ccache_get_kdc_time_offset (ccs_ccache_t           io_ccache
 {
     cc_int32 err = ccNoError;
     cc_uint32 cred_vers = 0;
-        
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
     }
-    
+
     if (!err) {
         if (cred_vers == cc_credentials_v4) {
             if (io_ccache->kdc_time_offset_v4_valid) {
@@ -1005,20 +1005,20 @@ static cc_int32 ccs_ccache_get_kdc_time_offset (ccs_ccache_t           io_ccache
             } else {
                 err = cci_check_error (ccErrTimeOffsetNotSet);
             }
-            
+
         } else if (cred_vers == cc_credentials_v5) {
             if (io_ccache->kdc_time_offset_v5_valid) {
                 err = krb5int_ipc_stream_write_time (io_reply_data, io_ccache->kdc_time_offset_v5);
             } else {
                 err = cci_check_error (ccErrTimeOffsetNotSet);
             }
-            
+
         } else {
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
     }
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -1030,26 +1030,26 @@ static cc_int32 ccs_ccache_set_kdc_time_offset (ccs_ccache_t           io_ccache
 {
     cc_int32 err = ccNoError;
     cc_uint32 cred_vers = 0;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
     }
-    
+
     if (!err) {
         if (cred_vers == cc_credentials_v4) {
             err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v4);
-            
+
             if (!err) {
                 io_ccache->kdc_time_offset_v4_valid = 1;
             }
         } else if (cred_vers == cc_credentials_v5) {
             err = krb5int_ipc_stream_read_time (in_request_data, &io_ccache->kdc_time_offset_v5);
-            
+
             if (!err) {
                 io_ccache->kdc_time_offset_v5_valid = 1;
             }
@@ -1057,12 +1057,12 @@ static cc_int32 ccs_ccache_set_kdc_time_offset (ccs_ccache_t           io_ccache
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
     }
-    
+
     if (!err) {
         err = ccs_ccache_changed (io_ccache, io_cache_collection);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -1074,35 +1074,35 @@ static cc_int32 ccs_ccache_clear_kdc_time_offset (ccs_ccache_t           io_ccac
 {
     cc_int32 err = ccNoError;
     cc_uint32 cred_vers = 0;
-    
+
     if (!io_ccache          ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (in_request_data, &cred_vers);
     }
-    
+
     if (!err) {
         if (cred_vers == cc_credentials_v4) {
             io_ccache->kdc_time_offset_v4 = 0;
             io_ccache->kdc_time_offset_v4_valid = 0;
-            
+
         } else if (cred_vers == cc_credentials_v5) {
             io_ccache->kdc_time_offset_v5 = 0;
             io_ccache->kdc_time_offset_v5_valid = 0;
-            
+
         } else {
             err = cci_check_error (ccErrBadCredentialsVersion);
         }
     }
-        
+
     if (!err) {
         err = ccs_ccache_changed (io_ccache, io_cache_collection);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -1123,104 +1123,104 @@ cc_int32 ccs_ccache_handle_message (ccs_pipe_t              in_client_pipe,
     cc_int32 err = ccNoError;
     cc_uint32 will_block = 0;
     k5_ipc_stream reply_data = NULL;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection            ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data                ) { err = cci_check_error (ccErrBadParam); }
     if (!out_will_block                 ) { err = cci_check_error (ccErrBadParam); }
     if (!out_reply_data                 ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&reply_data);
     }
-    
+
     if (!err) {
         if (in_request_name == cci_ccache_destroy_msg_id) {
             err = ccs_ccache_destroy (io_ccache, io_cache_collection,
                                       in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_set_default_msg_id) {
             err = ccs_ccache_set_default (io_ccache, io_cache_collection,
                                           in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_get_credentials_version_msg_id) {
             err = ccs_ccache_get_credentials_version (io_ccache, io_cache_collection,
                                                       in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_get_name_msg_id) {
             err = ccs_ccache_get_name (io_ccache, io_cache_collection,
                                        in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_get_principal_msg_id) {
             err = ccs_ccache_get_principal (io_ccache, io_cache_collection,
                                             in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_set_principal_msg_id) {
             err = ccs_ccache_set_principal (io_ccache, io_cache_collection,
                                             in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_store_credentials_msg_id) {
             err = ccs_ccache_store_credentials (io_ccache, io_cache_collection,
                                                 in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_remove_credentials_msg_id) {
             err = ccs_ccache_remove_credentials (io_ccache, io_cache_collection,
                                                  in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_new_credentials_iterator_msg_id) {
-            err = ccs_ccache_new_credentials_iterator (io_ccache, 
+            err = ccs_ccache_new_credentials_iterator (io_ccache,
                                                        io_cache_collection,
                                                        in_client_pipe,
-                                                       in_request_data, 
+                                                       in_request_data,
                                                        reply_data);
-            
+
         } else if (in_request_name == cci_ccache_move_msg_id) {
             err = ccs_ccache_move (io_ccache, io_cache_collection,
                                    in_request_data, reply_data);
-                                       
+
         } else if (in_request_name == cci_ccache_lock_msg_id) {
-            err = ccs_ccache_lock (in_client_pipe, in_reply_pipe, 
+            err = ccs_ccache_lock (in_client_pipe, in_reply_pipe,
                                    io_ccache, io_cache_collection,
-                                   in_request_data, 
+                                   in_request_data,
                                    &will_block, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_unlock_msg_id) {
-            err = ccs_ccache_unlock (in_client_pipe, 
+            err = ccs_ccache_unlock (in_client_pipe,
                                      io_ccache, io_cache_collection,
                                      in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_get_last_default_time_msg_id) {
             err = ccs_ccache_get_last_default_time (io_ccache, io_cache_collection,
                                                     in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_get_change_time_msg_id) {
             err = ccs_ccache_get_change_time (io_ccache, io_cache_collection,
                                               in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_wait_for_change_msg_id) {
-            err = ccs_ccache_wait_for_change (in_client_pipe, in_reply_pipe, 
+            err = ccs_ccache_wait_for_change (in_client_pipe, in_reply_pipe,
 					      io_ccache, io_cache_collection,
 					      in_request_data, reply_data,
 					      &will_block);
-            
+
         } else if (in_request_name == cci_ccache_get_kdc_time_offset_msg_id) {
             err = ccs_ccache_get_kdc_time_offset (io_ccache, io_cache_collection,
                                                   in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_set_kdc_time_offset_msg_id) {
             err = ccs_ccache_set_kdc_time_offset (io_ccache, io_cache_collection,
                                                   in_request_data, reply_data);
-            
+
         } else if (in_request_name == cci_ccache_clear_kdc_time_offset_msg_id) {
             err = ccs_ccache_clear_kdc_time_offset (io_ccache, io_cache_collection,
                                                     in_request_data, reply_data);
-            
+
         } else {
             err = ccErrBadInternalMessage;
         }
     }
-    
+
     if (!err) {
         *out_will_block = will_block;
         if (!will_block) {
@@ -1230,9 +1230,8 @@ cc_int32 ccs_ccache_handle_message (ccs_pipe_t              in_client_pipe,
             *out_reply_data = NULL;
         }
     }
-    
+
     krb5int_ipc_stream_release (reply_data);
-    
+
     return cci_check_error (err);
 }
-
diff --git a/src/ccapi/server/ccs_ccache.h b/src/ccapi/server/ccs_ccache.h
index 21c9f410f..9d4e607a8 100644
--- a/src/ccapi/server/ccs_ccache.h
+++ b/src/ccapi/server/ccs_ccache.h
@@ -40,7 +40,7 @@ cc_int32 ccs_ccache_reset (ccs_ccache_t            io_ccache,
                            cc_uint32               in_cred_vers,
                            const char             *in_principal);
 
-cc_int32 ccs_ccache_swap_contents (ccs_ccache_t           io_source_ccache, 
+cc_int32 ccs_ccache_swap_contents (ccs_ccache_t           io_source_ccache,
                                    ccs_ccache_t           io_destination_ccache,
 				   ccs_cache_collection_t io_cache_collection);
 
diff --git a/src/ccapi/server/ccs_ccache_iterator.c b/src/ccapi/server/ccs_ccache_iterator.c
index fb007bf6b..045ad3d09 100644
--- a/src/ccapi/server/ccs_ccache_iterator.c
+++ b/src/ccapi/server/ccs_ccache_iterator.c
@@ -34,17 +34,17 @@ static  cc_int32 ccs_ccache_iterator_release (ccs_ccache_iterator_t  io_ccache_i
                                               k5_ipc_stream           io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_ccache_iterator ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_ccache_list_iterator_release (io_ccache_iterator);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -56,21 +56,21 @@ static  cc_int32 ccs_ccache_iterator_next (ccs_ccache_iterator_t  io_ccache_iter
 {
     cc_int32 err = ccNoError;
     ccs_ccache_t ccache = NULL;
-    
+
     if (!io_ccache_iterator ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_ccache_list_iterator_next (io_ccache_iterator, &ccache);
     }
-    
+
     if (!err) {
         err = ccs_ccache_write (ccache, io_reply_data);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -82,22 +82,22 @@ static  cc_int32 ccs_ccache_iterator_clone (ccs_ccache_iterator_t  io_ccache_ite
 {
     cc_int32 err = ccNoError;
     ccs_ccache_iterator_t ccache_iterator = NULL;
-    
+
     if (!io_ccache_iterator ) { err = cci_check_error (ccErrBadParam); }
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data    ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_ccache_list_iterator_clone (io_ccache_iterator,
                                               &ccache_iterator);
     }
-    
+
     if (!err) {
         err = ccs_ccache_list_iterator_write (ccache_iterator, io_reply_data);
     }
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -114,45 +114,44 @@ static  cc_int32 ccs_ccache_iterator_clone (ccs_ccache_iterator_t  io_ccache_ite
 {
     cc_int32 err = ccNoError;
     k5_ipc_stream reply_data = NULL;
-    
+
     if (!in_request_data) { err = cci_check_error (ccErrBadParam); }
     if (!out_reply_data ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&reply_data);
     }
-    
+
     if (!err) {
         if (in_request_name == cci_ccache_iterator_release_msg_id) {
             err = ccs_ccache_iterator_release (io_ccache_iterator,
                                                io_cache_collection,
-                                               in_request_data, 
+                                               in_request_data,
                                                reply_data);
-            
+
         } else if (in_request_name == cci_ccache_iterator_next_msg_id) {
             err = ccs_ccache_iterator_next (io_ccache_iterator,
                                             io_cache_collection,
-                                            in_request_data, 
+                                            in_request_data,
                                             reply_data);
-            
+
         } else if (in_request_name == cci_ccache_iterator_clone_msg_id) {
             err = ccs_ccache_iterator_clone (io_ccache_iterator,
                                              io_cache_collection,
-                                             in_request_data, 
+                                             in_request_data,
                                              reply_data);
-            
+
         } else {
             err = ccErrBadInternalMessage;
         }
     }
-    
+
     if (!err) {
         *out_reply_data = reply_data;
         reply_data = NULL; /* take ownership */
     }
-    
+
     krb5int_ipc_stream_release (reply_data);
-    
+
     return cci_check_error (err);
 }
-
diff --git a/src/ccapi/server/ccs_client.c b/src/ccapi/server/ccs_client.c
index 31ed14ff4..72ae89de1 100644
--- a/src/ccapi/server/ccs_client.c
+++ b/src/ccapi/server/ccs_client.c
@@ -43,39 +43,39 @@ cc_int32 ccs_client_new (ccs_client_t *out_client,
 {
     cc_int32 err = ccNoError;
     ccs_client_t client = NULL;
-    
+
     if (!out_client                     ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         client = malloc (sizeof (*client));
-        if (client) { 
+        if (client) {
             *client = ccs_client_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = ccs_callbackref_array_new (&client->callbacks);
     }
-    
+
     if (!err) {
         err = ccs_iteratorref_array_new (&client->iterators);
     }
-    
+
     if (!err) {
 	err = ccs_pipe_copy (&client->client_pipe, in_client_pipe);
     }
-        
+
     if (!err) {
         *out_client = client;
         client = NULL;
     }
-    
+
     ccs_client_release (client);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -83,26 +83,26 @@ cc_int32 ccs_client_new (ccs_client_t *out_client,
 cc_int32 ccs_client_release (ccs_client_t io_client)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_client) {
 	cc_uint64 i;
 	cc_uint64 callback_count = ccs_callbackref_array_count (io_client->callbacks);
 	cc_uint64 iterator_count = ccs_iteratorref_array_count (io_client->iterators);
-	
+
 	for (i = 0; !err && i < callback_count; i++) {
 	    ccs_callback_t callback = ccs_callbackref_array_object_at_index (io_client->callbacks, i);
-	    
-	    cci_debug_printf ("%s: Invalidating callback reference %p.", 
+
+	    cci_debug_printf ("%s: Invalidating callback reference %p.",
                               __FUNCTION__, callback);
 	    ccs_callback_invalidate (callback);
 	}
-	
+
 	for (i = 0; !err && i < iterator_count; i++) {
 	    ccs_generic_list_iterator_t iterator = ccs_iteratorref_array_object_at_index (io_client->iterators, i);
-	    
-	    cci_debug_printf ("%s: Invalidating iterator reference %p.", 
+
+	    cci_debug_printf ("%s: Invalidating iterator reference %p.",
                               __FUNCTION__, iterator);
-	    ccs_generic_list_iterator_invalidate (iterator); 
+	    ccs_generic_list_iterator_invalidate (iterator);
 	}
 
 	ccs_callbackref_array_release (io_client->callbacks);
@@ -110,8 +110,8 @@ cc_int32 ccs_client_release (ccs_client_t io_client)
 	ccs_pipe_release (io_client->client_pipe);
 	free (io_client);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -120,16 +120,16 @@ cc_int32 ccs_client_add_callback (ccs_client_t   io_client,
 				  ccs_callback_t in_callback)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_client  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_callback) { err = cci_check_error (ccErrBadParam); }
-    
+
      if (!err) {
         err = ccs_callbackref_array_insert (io_client->callbacks, in_callback,
 					    ccs_callbackref_array_count (io_client->callbacks));
      }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 
@@ -140,16 +140,16 @@ cc_int32 ccs_client_remove_callback (ccs_client_t   io_client,
 {
     cc_int32 err = ccNoError;
     cc_uint32 found_callback = 0;
-    
+
     if (!io_client) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         cc_uint64 i;
         cc_uint64 lock_count = ccs_callbackref_array_count (io_client->callbacks);
-        
+
         for (i = 0; !err && i < lock_count; i++) {
             ccs_callback_t callback = ccs_callbackref_array_object_at_index (io_client->callbacks, i);
-            
+
             if (callback == in_callback) {
 		cci_debug_printf ("%s: Removing callback reference %p.", __FUNCTION__, callback);
 		found_callback = 1;
@@ -158,12 +158,12 @@ cc_int32 ccs_client_remove_callback (ccs_client_t   io_client,
             }
         }
     }
-    
+
     if (!err && !found_callback) {
         cci_debug_printf ("%s: WARNING! callback not found.", __FUNCTION__);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -172,16 +172,16 @@ cc_int32 ccs_client_add_iterator (ccs_client_t                io_client,
 				  ccs_generic_list_iterator_t in_iterator)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_client  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_iteratorref_array_insert (io_client->iterators, in_iterator,
                                             ccs_iteratorref_array_count (io_client->iterators));
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -191,16 +191,16 @@ cc_int32 ccs_client_remove_iterator (ccs_client_t                io_client,
 {
     cc_int32 err = ccNoError;
     cc_uint32 found_iterator = 0;
-    
+
     if (!io_client) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         cc_uint64 i;
         cc_uint64 lock_count = ccs_iteratorref_array_count (io_client->iterators);
-        
+
         for (i = 0; !err && i < lock_count; i++) {
             ccs_generic_list_iterator_t iterator = ccs_iteratorref_array_object_at_index (io_client->iterators, i);
-            
+
             if (iterator == in_iterator) {
 		cci_debug_printf ("%s: Removing iterator reference %p.", __FUNCTION__, iterator);
 		found_iterator = 1;
@@ -209,12 +209,12 @@ cc_int32 ccs_client_remove_iterator (ccs_client_t                io_client,
             }
         }
     }
-    
+
     if (!err && !found_iterator) {
         cci_debug_printf ("%s: WARNING! iterator not found.", __FUNCTION__);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -224,14 +224,14 @@ cc_int32 ccs_client_uses_pipe (ccs_client_t  in_client,
                                cc_uint32    *out_uses_pipe)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_client    ) { err = cci_check_error (ccErrBadParam); }
     if (!in_pipe      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_uses_pipe) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_pipe_compare (in_client->client_pipe, in_pipe, out_uses_pipe);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
diff --git a/src/ccapi/server/ccs_credentials.c b/src/ccapi/server/ccs_credentials.c
index 56b5a5799..9795ef86f 100644
--- a/src/ccapi/server/ccs_credentials.c
+++ b/src/ccapi/server/ccs_credentials.c
@@ -42,44 +42,44 @@ cc_int32 ccs_credentials_new (ccs_credentials_t      *out_credentials,
 {
     cc_int32 err = ccNoError;
     ccs_credentials_t credentials = NULL;
-    
+
     if (!out_credentials) { err = cci_check_error (ccErrBadParam); }
     if (!in_stream      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         credentials = malloc (sizeof (*credentials));
-        if (credentials) { 
+        if (credentials) {
             *credentials = ccs_credentials_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = cci_credentials_union_read (&credentials->cred_union, in_stream);
     }
-    
+
     if (!err && !(credentials->cred_union->version & in_ccache_version)) {
         /* ccache does not have a principal set for this credentials version */
         err = cci_check_error (ccErrBadCredentialsVersion);
     }
-    
+
     if (!err) {
         err = ccs_server_new_identifier (&credentials->identifier);
     }
-    
+
     if (!err) {
         err = ccs_credentials_list_add (io_credentials_list, credentials);
     }
-    
+
     if (!err) {
         *out_credentials = credentials;
         credentials = NULL;
     }
-    
+
     ccs_credentials_release (credentials);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -87,14 +87,14 @@ cc_int32 ccs_credentials_new (ccs_credentials_t      *out_credentials,
 cc_int32 ccs_credentials_release (ccs_credentials_t io_credentials)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_credentials) {
         cci_credentials_union_release (io_credentials->cred_union);
         cci_identifier_release (io_credentials->identifier);
         free (io_credentials);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -103,19 +103,19 @@ cc_int32 ccs_credentials_write (ccs_credentials_t in_credentials,
                                 k5_ipc_stream      io_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_credentials) { err = cci_check_error (ccErrBadParam); }
     if (!io_stream     ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_identifier_write (in_credentials->identifier, io_stream);
     }
-    
+
     if (!err) {
         err = cci_credentials_union_write (in_credentials->cred_union, io_stream);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -125,16 +125,16 @@ cc_int32 ccs_credentials_compare_identifier (ccs_credentials_t  in_credentials,
                                              cc_uint32         *out_equal)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_credentials) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier ) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal     ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_identifier_compare (in_credentials->identifier, 
-                                      in_identifier, 
+        err = cci_identifier_compare (in_credentials->identifier,
+                                      in_identifier,
                                       out_equal);
     }
-    
+
     return cci_check_error (err);
 }
diff --git a/src/ccapi/server/ccs_credentials_iterator.c b/src/ccapi/server/ccs_credentials_iterator.c
index 3ca7eeeea..27751ed75 100644
--- a/src/ccapi/server/ccs_credentials_iterator.c
+++ b/src/ccapi/server/ccs_credentials_iterator.c
@@ -34,17 +34,17 @@ static cc_int32 ccs_credentials_iterator_release (ccs_credentials_iterator_t io_
 						  k5_ipc_stream               io_reply_data)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache              ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data        ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data          ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_credentials_list_iterator_release (io_credentials_iterator);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -56,22 +56,22 @@ static cc_int32 ccs_credentials_iterator_next (ccs_credentials_iterator_t io_cre
 {
     cc_int32 err = ccNoError;
     ccs_credentials_t credentials = NULL;
-    
+
     if (!io_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache              ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data        ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data          ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_credentials_list_iterator_next (io_credentials_iterator,
                                                   &credentials);
     }
-    
+
     if (!err) {
         err = ccs_credentials_write (credentials, io_reply_data);
     }
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -83,23 +83,23 @@ static  cc_int32 ccs_credentials_iterator_clone (ccs_credentials_iterator_t io_c
 {
     cc_int32 err = ccNoError;
     ccs_credentials_iterator_t credentials_iterator = NULL;
-    
+
     if (!io_credentials_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!io_ccache              ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request_data        ) { err = cci_check_error (ccErrBadParam); }
     if (!io_reply_data          ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_credentials_list_iterator_clone (io_credentials_iterator,
                                                    &credentials_iterator);
     }
-    
+
     if (!err) {
-        err = ccs_credentials_list_iterator_write (credentials_iterator, 
+        err = ccs_credentials_list_iterator_write (credentials_iterator,
                                                    io_reply_data);
     }
-        
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -116,45 +116,44 @@ static  cc_int32 ccs_credentials_iterator_clone (ccs_credentials_iterator_t io_c
 {
     cc_int32 err = ccNoError;
     k5_ipc_stream reply_data = NULL;
-    
+
     if (!in_request_data) { err = cci_check_error (ccErrBadParam); }
     if (!out_reply_data ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&reply_data);
     }
-    
+
     if (!err) {
         if (in_request_name == cci_credentials_iterator_release_msg_id) {
             err = ccs_credentials_iterator_release (io_credentials_iterator,
                                                     io_ccache,
                                                     in_request_data,
                                                     reply_data);
-            
+
         } else if (in_request_name == cci_credentials_iterator_next_msg_id) {
             err = ccs_credentials_iterator_next (io_credentials_iterator,
                                                  io_ccache,
                                                  in_request_data,
                                                  reply_data);
-            
+
         } else if (in_request_name == cci_credentials_iterator_clone_msg_id) {
             err = ccs_credentials_iterator_clone (io_credentials_iterator,
                                                   io_ccache,
                                                   in_request_data,
                                                   reply_data);
-            
+
         } else {
             err = ccErrBadInternalMessage;
         }
     }
-    
+
     if (!err) {
         *out_reply_data = reply_data;
         reply_data = NULL; /* take ownership */
     }
-    
+
     krb5int_ipc_stream_release (reply_data);
-    
+
     return cci_check_error (err);
 }
-
diff --git a/src/ccapi/server/ccs_list.c b/src/ccapi/server/ccs_list.c
index c5b1eb421..8896734b8 100644
--- a/src/ccapi/server/ccs_list.c
+++ b/src/ccapi/server/ccs_list.c
@@ -49,7 +49,7 @@ static cc_int32 ccs_cache_collection_list_object_compare_identifier (ccs_list_ob
 
 cc_int32 ccs_cache_collection_list_new (ccs_cache_collection_list_t *out_list)
 {
-    return ccs_list_new (out_list, 
+    return ccs_list_new (out_list,
                          ccErrInvalidContext,
                          ccErrInvalidContext,
                          ccs_cache_collection_list_object_compare_identifier,
@@ -122,7 +122,7 @@ static cc_int32 ccs_ccache_list_object_compare_identifier (ccs_list_object_t  in
 
 cc_int32 ccs_ccache_list_new (ccs_ccache_list_t *out_list)
 {
-    return ccs_list_new (out_list, 
+    return ccs_list_new (out_list,
                          ccErrInvalidCCache,
                          ccErrInvalidCCacheIterator,
                          ccs_ccache_list_object_compare_identifier,
@@ -161,7 +161,7 @@ cc_int32 ccs_ccache_list_find_iterator (ccs_ccache_list_t           in_list,
                                         cci_identifier_t            in_identifier,
                                         ccs_ccache_list_iterator_t *out_list_iterator)
 {
-    return ccs_list_find_iterator (in_list, in_identifier, 
+    return ccs_list_find_iterator (in_list, in_identifier,
                                    (ccs_list_iterator_t *) out_list_iterator);
 }
 
@@ -201,7 +201,7 @@ cc_int32 ccs_ccache_list_release (ccs_ccache_list_t io_list)
 cc_int32 ccs_ccache_list_iterator_write (ccs_ccache_list_iterator_t in_list_iterator,
                                          k5_ipc_stream               in_stream)
 {
-    return ccs_list_iterator_write (in_list_iterator, in_stream);    
+    return ccs_list_iterator_write (in_list_iterator, in_stream);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -253,8 +253,8 @@ static cc_int32 ccs_credentials_list_object_compare_identifier (ccs_list_object_
 
 cc_int32 ccs_credentials_list_new (ccs_credentials_list_t *out_list)
 {
-    return ccs_list_new (out_list, 
-                         ccErrInvalidCredentials, 
+    return ccs_list_new (out_list,
+                         ccErrInvalidCredentials,
                          ccErrInvalidCredentialsIterator,
                          ccs_credentials_list_object_compare_identifier,
                          ccs_credentials_list_object_release);
@@ -292,7 +292,7 @@ cc_int32 ccs_credentials_list_find_iterator (ccs_credentials_list_t           in
                                              cci_identifier_t                 in_identifier,
                                              ccs_credentials_list_iterator_t *out_list_iterator)
 {
-    return ccs_list_find_iterator (in_list, in_identifier, 
+    return ccs_list_find_iterator (in_list, in_identifier,
                                    (ccs_list_iterator_t *) out_list_iterator);
 }
 
@@ -324,7 +324,7 @@ cc_int32 ccs_credentials_list_release (ccs_credentials_list_t io_list)
 cc_int32 ccs_credentials_list_iterator_write (ccs_credentials_list_iterator_t in_list_iterator,
                                               k5_ipc_stream                    in_stream)
 {
-    return ccs_list_iterator_write (in_list_iterator, in_stream);    
+    return ccs_list_iterator_write (in_list_iterator, in_stream);
 }
 
 /* ------------------------------------------------------------------------ */
diff --git a/src/ccapi/server/ccs_list_internal.c b/src/ccapi/server/ccs_list_internal.c
index 74bc45a6a..834a7bc47 100644
--- a/src/ccapi/server/ccs_list_internal.c
+++ b/src/ccapi/server/ccs_list_internal.c
@@ -84,37 +84,37 @@ cc_int32 ccs_list_new (ccs_list_t                      *out_list,
 {
     cc_int32 err = ccNoError;
     ccs_list_t list = NULL;
-    
+
     if (!out_list) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         list = malloc (sizeof (*list));
-        if (list) { 
+        if (list) {
             *list = ccs_list_initializer;
             list->object_not_found_err = in_object_not_found_err;
             list->iterator_not_found_err = in_iterator_not_found_err;
             list->object_compare_identifier = in_object_compare_identifier;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = cci_array_new (&list->objects, in_object_release);
     }
-    
+
     if (!err) {
         err = cci_array_new (&list->iterators, ccs_list_iterator_object_release);
     }
-    
+
     if (!err) {
         *out_list = list;
         list = NULL;
     }
-    
+
     ccs_list_release (list);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -122,14 +122,14 @@ cc_int32 ccs_list_new (ccs_list_t                      *out_list,
 cc_int32 ccs_list_release (ccs_list_t io_list)
 {
     cc_int32 err = ccNoError;
-    
-    if (!err && io_list) {        
+
+    if (!err && io_list) {
         cci_array_release (io_list->iterators);
         cci_array_release (io_list->objects);
         free (io_list);
     }
-    
-    return err;        
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -138,8 +138,8 @@ cc_int32 ccs_list_new_iterator (ccs_list_t           io_list,
                                 ccs_pipe_t           in_client_pipe,
                                 ccs_list_iterator_t *out_list_iterator)
 {
-    return cci_check_error (ccs_list_iterator_new (out_list_iterator, 
-                                                   io_list, 
+    return cci_check_error (ccs_list_iterator_new (out_list_iterator,
+                                                   io_list,
                                                    in_client_pipe));
 }
 
@@ -150,19 +150,19 @@ cc_int32 ccs_list_release_iterator (ccs_list_t       io_list,
 {
     cc_int32 err = ccNoError;
     ccs_list_iterator_t iterator = NULL;
-    
+
     if (!io_list      ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_list_find_iterator (io_list, in_identifier, &iterator);
     }
-    
+
     if (!err) {
         err = ccs_list_iterator_release (iterator);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -171,15 +171,15 @@ cc_int32 ccs_list_count (ccs_list_t  in_list,
                          cc_uint64  *out_count)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_list  ) { err = cci_check_error (ccErrBadParam); }
     if (!out_count) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_count = cci_array_count (in_list->objects);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -187,7 +187,7 @@ cc_int32 ccs_list_count (ccs_list_t  in_list,
 static ccs_list_iterator_t ccs_list_iterator_at_index (ccs_list_t in_list,
 						       cc_uint64  in_index)
 {
-    return (ccs_list_iterator_t) cci_array_object_at_index (in_list->iterators, in_index);   
+    return (ccs_list_iterator_t) cci_array_object_at_index (in_list->iterators, in_index);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -198,33 +198,33 @@ static cc_int32 ccs_list_find_index (ccs_list_t        in_list,
 {
     cc_int32 err = ccNoError;
     cc_int32 found = 0;
-    
+
     if (!in_list         ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier   ) { err = cci_check_error (ccErrBadParam); }
     if (!out_object_index) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && !found) {
         cc_uint64 i;
-        
+
         for (i = 0; !err && i < cci_array_count (in_list->objects); i++) {
             cc_uint32 equal = 0;
             cci_array_object_t object = cci_array_object_at_index (in_list->objects, i);
-            
+
             err = in_list->object_compare_identifier (object, in_identifier, &equal);
-            
+
             if (!err && equal) {
                 found = 1;
                 *out_object_index = i;
                 break;
             }
-        }        
+        }
     }
-    
+
     if (!err && !found) {
-        err = cci_check_error (in_list->object_not_found_err); 
+        err = cci_check_error (in_list->object_not_found_err);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -234,20 +234,20 @@ cc_int32 ccs_list_find (ccs_list_t         in_list,
 {
     cc_int32 err = ccNoError;
     cc_uint64 i;
-    
+
     if (!in_list      ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
     if (!out_object   ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_list_find_index (in_list, in_identifier, &i);
     }
-    
+
     if (!err) {
         *out_object = cci_array_object_at_index (in_list->objects, i);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -258,33 +258,33 @@ static cc_int32 ccs_list_find_iterator_index (ccs_list_t        in_list,
 {
     cc_int32 err = ccNoError;
     cc_int32 found = 0;
-    
+
     if (!in_list         ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier   ) { err = cci_check_error (ccErrBadParam); }
     if (!out_object_index) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err && !found) {
         cc_uint64 i;
-        
+
         for (i = 0; !err && i < cci_array_count (in_list->iterators); i++) {
             cc_uint32 equal = 0;
             ccs_list_iterator_t iterator = ccs_list_iterator_at_index (in_list, i);
-            
+
             err = cci_identifier_compare (iterator->identifier, in_identifier, &equal);
-            
+
             if (!err && equal) {
                 found = 1;
                 *out_object_index = i;
                 break;
             }
-        }        
+        }
     }
-    
+
     if (!err && !found) {
         // Don't report this error to the log file.  Non-fatal.
-        return in_list->object_not_found_err; 
+        return in_list->object_not_found_err;
     } else {
-        return cci_check_error (err);    
+        return cci_check_error (err);
     }
 }
 
@@ -296,20 +296,20 @@ cc_int32 ccs_list_find_iterator (ccs_list_t           in_list,
 {
     cc_int32 err = ccNoError;
     cc_uint64 i;
-    
+
     if (!in_list          ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier    ) { err = cci_check_error (ccErrBadParam); }
     if (!out_list_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_list_find_iterator_index (in_list, in_identifier, &i);
     }
-    
+
     if (!err) {
         *out_list_iterator = ccs_list_iterator_at_index (in_list, i);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -319,28 +319,28 @@ cc_int32 ccs_list_add (ccs_list_t        io_list,
 {
     cc_int32 err = ccNoError;
     cc_uint64 add_index;
-    
+
     if (!io_list  ) { err = cci_check_error (ccErrBadParam); }
     if (!in_object) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         add_index = cci_array_count (io_list->objects);
-        
+
         err = cci_array_insert (io_list->objects, in_object, add_index);
     }
-    
+
     if (!err) {
         /* Fixup iterator indexes */
         cc_uint64 i;
-        
+
         for (i = 0; !err && i < cci_array_count (io_list->iterators); i++) {
             ccs_list_iterator_t iterator = ccs_list_iterator_at_index (io_list, i);
-            
+
             err = ccs_list_iterator_update (iterator, ccs_list_action_insert, add_index);
-        }        
-    }    
-    
-    return cci_check_error (err);    
+        }
+    }
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -350,30 +350,30 @@ cc_int32 ccs_list_remove (ccs_list_t       io_list,
 {
     cc_int32 err = ccNoError;
     cc_uint64 remove_index;
-    
+
     if (!io_list      ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_list_find_index (io_list, in_identifier, &remove_index);
     }
-    
+
     if (!err) {
         err = cci_array_remove (io_list->objects, remove_index);
     }
-    
+
     if (!err) {
         /* Fixup iterator indexes */
         cc_uint64 i;
-        
+
         for (i = 0; !err && i < cci_array_count (io_list->iterators); i++) {
             ccs_list_iterator_t iterator = ccs_list_iterator_at_index (io_list, i);
-            
+
             err = ccs_list_iterator_update (iterator, ccs_list_action_remove, remove_index);
-        }        
-    }    
-    
-    return cci_check_error (err);    
+        }
+    }
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -383,32 +383,32 @@ cc_int32 ccs_list_push_front (ccs_list_t       io_list,
 {
     cc_int32 err = ccNoError;
     cc_uint64 push_front_index;
-    
+
     if (!io_list      ) { err = cci_check_error (ccErrBadParam); }
     if (!in_identifier) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_list_find_index (io_list, in_identifier, &push_front_index);
     }
-    
+
     if (!err) {
-        err = cci_array_push_front (io_list->objects, push_front_index);        
+        err = cci_array_push_front (io_list->objects, push_front_index);
     }
-    
+
     if (!err) {
         /* Fixup iterator indexes */
         cc_uint64 i;
-        
+
         for (i = 0; !err && i < cci_array_count (io_list->iterators); i++) {
             ccs_list_iterator_t iterator = ccs_list_iterator_at_index (io_list, i);
-            
-            err = ccs_list_iterator_update (iterator, 
-                                            ccs_list_action_push_front, 
+
+            err = ccs_list_iterator_update (iterator,
+                                            ccs_list_action_push_front,
                                             push_front_index);
-        }        
-    }    
-    
-    return cci_check_error (err);    
+        }
+    }
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -423,20 +423,20 @@ static cc_int32 ccs_list_iterator_new (ccs_list_iterator_t *out_list_iterator,
 {
     cc_int32 err = ccNoError;
     ccs_list_iterator_t list_iterator = NULL;
-    
+
     if (!out_list_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!io_list          ) { err = cci_check_error (ccErrBadParam); }
     /* client_pipe may be NULL if the iterator exists for internal server use */
-    
+
     if (!err) {
         list_iterator = malloc (sizeof (*list_iterator));
-        if (list_iterator) { 
+        if (list_iterator) {
             *list_iterator = ccs_list_iterator_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = ccs_server_new_identifier (&list_iterator->identifier);
     }
@@ -444,21 +444,21 @@ static cc_int32 ccs_list_iterator_new (ccs_list_iterator_t *out_list_iterator,
     if (!err) {
         list_iterator->list = io_list;
         list_iterator->current = 0;
-        
-        err = cci_array_insert (io_list->iterators, 
-                                (cci_array_object_t) list_iterator, 
+
+        err = cci_array_insert (io_list->iterators,
+                                (cci_array_object_t) list_iterator,
 				cci_array_count (io_list->iterators));
     }
-    
+
     if (!err && ccs_pipe_valid (in_client_pipe)) {
         ccs_client_t client = NULL;
-        
+
         err = ccs_pipe_copy (&list_iterator->client_pipe, in_client_pipe);
-        
+
         if (!err) {
             err = ccs_server_client_for_pipe (in_client_pipe, &client);
         }
-        
+
         if (!err) {
             err = ccs_client_add_iterator (client, list_iterator);
         }
@@ -468,10 +468,10 @@ static cc_int32 ccs_list_iterator_new (ccs_list_iterator_t *out_list_iterator,
         *out_list_iterator = list_iterator;
         list_iterator = NULL;
     }
-    
+
     ccs_list_iterator_release (list_iterator);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -480,16 +480,16 @@ cc_int32 ccs_list_iterator_write (ccs_list_iterator_t in_list_iterator,
                                   k5_ipc_stream        in_stream)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_list_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!in_stream       ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = cci_identifier_write (in_list_iterator->identifier, 
+        err = cci_identifier_write (in_list_iterator->identifier,
                                     in_stream);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -499,26 +499,26 @@ cc_int32 ccs_list_iterator_clone (ccs_list_iterator_t  in_list_iterator,
 {
     cc_int32 err = ccNoError;
     ccs_list_iterator_t list_iterator = NULL;
-    
+
     if (!in_list_iterator ) { err = cci_check_error (ccErrBadParam); }
     if (!out_list_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_list_iterator_new (&list_iterator, 
-                                     in_list_iterator->list, 
+        err = ccs_list_iterator_new (&list_iterator,
+                                     in_list_iterator->list,
                                      in_list_iterator->client_pipe);
     }
-    
+
     if (!err) {
         list_iterator->current = in_list_iterator->current;
 
         *out_list_iterator = list_iterator;
         list_iterator = NULL;
     }
-    
+
     ccs_list_iterator_release (list_iterator);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -527,27 +527,27 @@ static cc_int32 ccs_list_iterator_object_release (cci_array_object_t io_list_ite
 {
     cc_int32 err = ccNoError;
     ccs_list_iterator_t list_iterator = (ccs_list_iterator_t) io_list_iterator;
-    
+
     if (!io_list_iterator) { err = ccErrBadParam; }
-    
+
     if (!err && ccs_pipe_valid (list_iterator->client_pipe)) {
 	ccs_client_t client = NULL;
 
         err = ccs_server_client_for_pipe (list_iterator->client_pipe, &client);
-        
+
         if (!err && client) {
 	    /* if client object still has a reference to us, remove it */
 	    err = ccs_client_remove_iterator (client, list_iterator);
         }
     }
-    
+
     if (!err) {
         ccs_pipe_release (list_iterator->client_pipe);
         cci_identifier_release (list_iterator->identifier);
         free (io_list_iterator);
     }
-    
-    return err;    
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -555,12 +555,12 @@ static cc_int32 ccs_list_iterator_object_release (cci_array_object_t io_list_ite
 cc_int32 ccs_list_iterator_release (ccs_list_iterator_t io_list_iterator)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_list_iterator) {
         cc_uint64 i = 0;
-        
-        if (ccs_list_find_iterator_index (io_list_iterator->list, 
-                                          io_list_iterator->identifier, 
+
+        if (ccs_list_find_iterator_index (io_list_iterator->list,
+                                          io_list_iterator->identifier,
                                           &i) == ccNoError) {
             /* cci_array_remove will call ccs_list_iterator_object_release */
             err = cci_array_remove (io_list_iterator->list->iterators, i);
@@ -568,8 +568,8 @@ cc_int32 ccs_list_iterator_release (ccs_list_iterator_t io_list_iterator)
             cci_debug_printf ("Warning: iterator not in iterator list!");
         }
     }
-    
-    return err;        
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -578,20 +578,20 @@ cc_int32 ccs_list_iterator_invalidate (ccs_list_iterator_t io_list_iterator)
 {
     cc_int32 err = ccNoError;
     ccs_list_iterator_t list_iterator = (ccs_list_iterator_t) io_list_iterator;
-    
+
     if (!io_list_iterator) { err = ccErrBadParam; }
-    
+
     if (!err) {
         /* Client owner died.  Remove client reference and then the iterator. */
-        if (ccs_pipe_valid (list_iterator->client_pipe)) { 
+        if (ccs_pipe_valid (list_iterator->client_pipe)) {
             ccs_pipe_release (list_iterator->client_pipe);
             list_iterator->client_pipe = CCS_PIPE_NULL;
         }
-        
+
         err = ccs_list_iterator_release (io_list_iterator);
     }
-    
-    return err;        
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -600,20 +600,20 @@ cc_int32 ccs_list_iterator_current (ccs_list_iterator_t  io_list_iterator,
                                     ccs_list_object_t   *out_object)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_list_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!out_object      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         if (io_list_iterator->current < cci_array_count (io_list_iterator->list->objects)) {
-            *out_object = cci_array_object_at_index (io_list_iterator->list->objects, 
+            *out_object = cci_array_object_at_index (io_list_iterator->list->objects,
                                                      io_list_iterator->current);
         } else {
             err = ccIteratorEnd;
         }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -622,21 +622,21 @@ cc_int32 ccs_list_iterator_next (ccs_list_iterator_t  io_list_iterator,
                                  ccs_list_object_t   *out_object)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_list_iterator) { err = cci_check_error (ccErrBadParam); }
     if (!out_object      ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         if (io_list_iterator->current < cci_array_count (io_list_iterator->list->objects)) {
-            *out_object = cci_array_object_at_index (io_list_iterator->list->objects, 
+            *out_object = cci_array_object_at_index (io_list_iterator->list->objects,
                                                      io_list_iterator->current);
             io_list_iterator->current++;
         } else {
             err = ccIteratorEnd;
         }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -646,9 +646,9 @@ static cc_int32 ccs_list_iterator_update (ccs_list_iterator_t  io_list_iterator,
                                           cc_uint64            in_object_index)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_list_iterator) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         /* When the list changes adjust the current index so that */
         /* we don't unnecessarily skip or double count items      */
@@ -656,22 +656,21 @@ static cc_int32 ccs_list_iterator_update (ccs_list_iterator_t  io_list_iterator,
             if (io_list_iterator->current > in_object_index) {
                 io_list_iterator->current++;
             }
-            
+
         } else if (in_action == ccs_list_action_remove) {
             if (io_list_iterator->current >= in_object_index) {
                 io_list_iterator->current--;
             }
-            
+
         } else if (in_action == ccs_list_action_push_front) {
             if (io_list_iterator->current < in_object_index) {
                 io_list_iterator->current++;
             }
-            
+
         } else {
             err = cci_check_error (ccErrBadParam);
         }
     }
-    
-    return cci_check_error (err);    
-}
 
+    return cci_check_error (err);
+}
diff --git a/src/ccapi/server/ccs_lock.c b/src/ccapi/server/ccs_lock.c
index 639bd1732..23756b49c 100644
--- a/src/ccapi/server/ccs_lock.c
+++ b/src/ccapi/server/ccs_lock.c
@@ -48,48 +48,48 @@ cc_int32 ccs_lock_new (ccs_lock_t       *out_lock,
 {
     cc_int32 err = ccNoError;
     ccs_lock_t lock = NULL;
-    
+
     if (!out_lock                       ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
     if (!in_lock_state_owner            ) { err = cci_check_error (ccErrBadParam); }
-    
-    if (in_type != cc_lock_read && 
+
+    if (in_type != cc_lock_read &&
         in_type != cc_lock_write &&
         in_type != cc_lock_upgrade &&
-        in_type != cc_lock_downgrade) { 
-        err = cci_check_error (ccErrBadLockType); 
+        in_type != cc_lock_downgrade) {
+        err = cci_check_error (ccErrBadLockType);
     }
-    
+
     if (!err) {
         lock = malloc (sizeof (*lock));
-        if (lock) { 
+        if (lock) {
             *lock = ccs_lock_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         lock->type = in_type;
         lock->lock_state_owner = in_lock_state_owner;
 
-        err = ccs_callback_new (&lock->callback, 
-				in_invalid_object_err, 
-				in_client_pipe, 
+        err = ccs_callback_new (&lock->callback,
+				in_invalid_object_err,
+				in_client_pipe,
 				in_reply_pipe,
 				(ccs_callback_owner_t) lock,
 				ccs_lock_invalidate_callback);
     }
-    
+
     if (!err) {
         *out_lock = lock;
         lock = NULL;
     }
-    
+
     ccs_lock_release (lock);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -97,13 +97,13 @@ cc_int32 ccs_lock_new (ccs_lock_t       *out_lock,
 cc_int32 ccs_lock_release (ccs_lock_t io_lock)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_lock) {
 	ccs_callback_release (io_lock->callback);
         free (io_lock);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -112,17 +112,17 @@ static cc_int32 ccs_lock_invalidate_callback (ccs_callback_owner_t io_lock,
 					      ccs_callback_t       in_callback)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_lock    ) { err = cci_check_error (ccErrBadParam); }
     if (!in_callback) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
 	ccs_lock_t lock = (ccs_lock_t) io_lock;
-	
+
 	err = ccs_lock_state_invalidate_lock (lock->lock_state_owner, lock);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -130,14 +130,14 @@ static cc_int32 ccs_lock_invalidate_callback (ccs_callback_owner_t io_lock,
 cc_int32 ccs_lock_grant_lock (ccs_lock_t io_lock)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_lock) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
 	err = ccs_callback_reply_to_client (io_lock->callback, NULL);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -146,15 +146,15 @@ cc_uint32 ccs_lock_is_pending (ccs_lock_t  in_lock,
                                cc_uint32  *out_pending)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_lock    ) { err = cci_check_error (ccErrBadParam); }
     if (!out_pending) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
 	err = ccs_callback_is_pending (in_lock->callback, out_pending);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -163,15 +163,15 @@ cc_int32 ccs_lock_type (ccs_lock_t  in_lock,
                         cc_uint32  *out_lock_type)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_lock      ) { err = cci_check_error (ccErrBadParam); }
     if (!out_lock_type) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_lock_type = in_lock->type;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -180,16 +180,16 @@ cc_int32 ccs_lock_is_read_lock (ccs_lock_t  in_lock,
                                 cc_uint32  *out_is_read_lock)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_lock         ) { err = cci_check_error (ccErrBadParam); }
     if (!out_is_read_lock) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        *out_is_read_lock = (in_lock->type == cc_lock_read || 
+        *out_is_read_lock = (in_lock->type == cc_lock_read ||
                              in_lock->type == cc_lock_downgrade);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -198,16 +198,16 @@ cc_int32 ccs_lock_is_write_lock (ccs_lock_t  in_lock,
                                  cc_uint32  *out_is_write_lock)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_lock          ) { err = cci_check_error (ccErrBadParam); }
     if (!out_is_write_lock) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        *out_is_write_lock = (in_lock->type == cc_lock_write || 
+        *out_is_write_lock = (in_lock->type == cc_lock_write ||
                               in_lock->type == cc_lock_upgrade);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -217,17 +217,17 @@ cc_int32 ccs_lock_is_for_client_pipe (ccs_lock_t     in_lock,
                                       cc_uint32     *out_is_for_client_pipe)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_lock                        ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!out_is_for_client_pipe         ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-	err = ccs_callback_is_for_client_pipe (in_lock->callback, in_client_pipe, 
+	err = ccs_callback_is_for_client_pipe (in_lock->callback, in_client_pipe,
 					       out_is_for_client_pipe);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 
@@ -237,13 +237,13 @@ cc_int32 ccs_lock_client_pipe (ccs_lock_t  in_lock,
                                ccs_pipe_t *out_client_pipe)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_lock        ) { err = cci_check_error (ccErrBadParam); }
     if (!out_client_pipe) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
 	err = ccs_callback_client_pipe (in_lock->callback, out_client_pipe);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
diff --git a/src/ccapi/server/ccs_lock_state.c b/src/ccapi/server/ccs_lock_state.c
index 516a1e26a..94edcec0f 100644
--- a/src/ccapi/server/ccs_lock_state.c
+++ b/src/ccapi/server/ccs_lock_state.c
@@ -38,41 +38,41 @@ struct ccs_lock_state_d ccs_lock_state_initializer = { 1, 1, 1, NULL, 0 };
 
 /* ------------------------------------------------------------------------ */
 
-cc_int32 ccs_lock_state_new (ccs_lock_state_t *out_lock_state, 
-                             cc_int32          in_invalid_object_err, 
-                             cc_int32          in_pending_lock_err, 
+cc_int32 ccs_lock_state_new (ccs_lock_state_t *out_lock_state,
+                             cc_int32          in_invalid_object_err,
+                             cc_int32          in_pending_lock_err,
                              cc_int32          in_no_lock_err)
 {
     cc_int32 err = ccNoError;
     ccs_lock_state_t lock_state = NULL;
-    
+
     if (!out_lock_state) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         lock_state = malloc (sizeof (*lock_state));
-        if (lock_state) { 
+        if (lock_state) {
             *lock_state = ccs_lock_state_initializer;
         } else {
-            err = cci_check_error (ccErrNoMem); 
+            err = cci_check_error (ccErrNoMem);
         }
     }
-    
+
     if (!err) {
         err = ccs_lock_array_new (&lock_state->locks);
     }
-    
+
     if (!err) {
         lock_state->invalid_object_err = in_invalid_object_err;
         lock_state->pending_lock_err = in_pending_lock_err;
         lock_state->no_lock_err = in_no_lock_err;
-        
+
         *out_lock_state = lock_state;
         lock_state = NULL;
     }
-    
+
     ccs_lock_state_release (lock_state);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -80,13 +80,13 @@ cc_int32 ccs_lock_state_new (ccs_lock_state_t *out_lock_state,
 cc_int32 ccs_lock_state_release (ccs_lock_state_t io_lock_state)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!err && io_lock_state) {
         ccs_lock_array_release (io_lock_state->locks);
         free (io_lock_state);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -103,31 +103,31 @@ static cc_int32 ccs_lock_status_add_pending_lock (ccs_lock_state_t  io_lock_stat
 {
     cc_int32 err = ccNoError;
     ccs_lock_t lock = NULL;
-    
+
     if (!io_lock_state                  ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        err = ccs_lock_new (&lock, in_lock_type, 
+        err = ccs_lock_new (&lock, in_lock_type,
                             io_lock_state->invalid_object_err,
-                            in_client_pipe, in_reply_pipe, 
+                            in_client_pipe, in_reply_pipe,
                             io_lock_state);
     }
-    
+
     if (!err) {
         err = ccs_lock_array_insert (io_lock_state->locks, lock,
                                      ccs_lock_array_count (io_lock_state->locks));
         if (!err) { lock = NULL; /* take ownership */ }
     }
-    
+
     if (!err) {
         *out_lock_index = ccs_lock_array_count (io_lock_state->locks) - 1;
     }
-    
+
     ccs_lock_release (lock);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -136,18 +136,18 @@ static cc_int32 ccs_lock_status_remove_lock (ccs_lock_state_t io_lock_state,
                                              cc_uint64        in_lock_index)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_lock_state) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_lock_array_remove (io_lock_state->locks, in_lock_index);
-        
-        if (!err && in_lock_index < io_lock_state->first_pending_lock_index) { 
-            io_lock_state->first_pending_lock_index--; 
+
+        if (!err && in_lock_index < io_lock_state->first_pending_lock_index) {
+            io_lock_state->first_pending_lock_index--;
         }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -160,36 +160,36 @@ static cc_int32 ccs_lock_status_grant_lock (ccs_lock_state_t io_lock_state,
     cc_uint32 type = 0;
 
     if (!io_lock_state) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
-        pending_lock = ccs_lock_array_object_at_index (io_lock_state->locks, 
+        pending_lock = ccs_lock_array_object_at_index (io_lock_state->locks,
                                                        in_pending_lock_index);
         if (!pending_lock || in_pending_lock_index < io_lock_state->first_pending_lock_index) {
             err = cci_check_error (ccErrBadParam);
         }
     }
-    
+
     if (!err) {
         err = ccs_lock_type (pending_lock, &type);
     }
-    
+
     if (!err && (type == cc_lock_upgrade || type == cc_lock_downgrade)) {
         /* lock upgrades or downgrades.  Find the old lock and remove it. */
         ccs_pipe_t pending_client_pipe = CCS_PIPE_NULL;
-        
+
         err = ccs_lock_client_pipe (pending_lock, &pending_client_pipe);
 
         if (!err) {
             cc_uint64 i;
-            
+
             for (i = 0; !err && i < io_lock_state->first_pending_lock_index; i++) {
                 ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
                 cc_uint32 is_lock_for_client = 0;
-                
+
                 err = ccs_lock_is_for_client_pipe (lock, pending_client_pipe, &is_lock_for_client);
-                
+
                 if (!err && is_lock_for_client) {
-                    cci_debug_printf ("%s: Removing old lock %p at index %d to replace with pending lock %p.", 
+                    cci_debug_printf ("%s: Removing old lock %p at index %d to replace with pending lock %p.",
                                       __FUNCTION__, lock, (int) i, pending_lock);
                     err = ccs_lock_status_remove_lock (io_lock_state, i);
                     if (!err) { i--; in_pending_lock_index--; /* We removed one so back up an index */ }
@@ -198,22 +198,22 @@ static cc_int32 ccs_lock_status_grant_lock (ccs_lock_state_t io_lock_state,
             }
         }
     }
-    
-    if (!err) {        
+
+    if (!err) {
         cc_uint64 new_lock_index = 0;
 
-        err = ccs_lock_array_move (io_lock_state->locks, 
-                                   in_pending_lock_index, 
+        err = ccs_lock_array_move (io_lock_state->locks,
+                                   in_pending_lock_index,
                                    io_lock_state->first_pending_lock_index,
                                    &new_lock_index);
         if (!err) { io_lock_state->first_pending_lock_index++; }
     }
-    
+
     if (!err) {
         err = ccs_lock_grant_lock (pending_lock);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -234,35 +234,35 @@ static cc_int32 ccs_lock_state_check_pending_lock (ccs_lock_state_t  io_lock_sta
     cc_uint32 client_lock_type = 0;
     cc_uint64 client_lock_index = 0;
     cc_uint32 grant_lock = 0;
-    
+
     if (!io_lock_state                               ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_pending_lock_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!out_grant_lock                              ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         cc_uint64 i;
         cc_uint64 lock_count = io_lock_state->first_pending_lock_index;
-        
+
         for (i = 0; !err && i < lock_count; i++) {
             ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
             cc_uint32 lock_type = 0;
             cc_uint32 lock_is_for_client = 0;
-            
+
             err = ccs_lock_type (lock, &lock_type);
-            
+
             if (!err) {
-                err = ccs_lock_is_for_client_pipe (lock, in_pending_lock_client_pipe, 
+                err = ccs_lock_is_for_client_pipe (lock, in_pending_lock_client_pipe,
                                                    &lock_is_for_client);
             }
-            
+
             if (!err) {
                 if (lock_type == cc_lock_write || lock_type == cc_lock_upgrade) {
                     is_write_locked = 1;
                 }
-                
+
                 if (!lock_is_for_client) {
                     other_clients_have_locks = 1;
-                    
+
                 } else if (!client_has_lock) { /* only record type of 1st lock */
                     client_has_lock = 1;
                     client_lock_type = lock_type;
@@ -271,35 +271,35 @@ static cc_int32 ccs_lock_state_check_pending_lock (ccs_lock_state_t  io_lock_sta
             }
         }
     }
-    
+
     if (!err) {
         cc_uint64 lock_count = io_lock_state->first_pending_lock_index;
-        
+
         if (in_pending_lock_type == cc_lock_write) {
             if (client_has_lock) {
                 err = cci_check_error (ccErrBadLockType);
             } else {
                 grant_lock = (lock_count == 0);
             }
-            
+
         } else if (in_pending_lock_type == cc_lock_read) {
             if (client_has_lock) {
                 err = cci_check_error (ccErrBadLockType);
             } else {
                 grant_lock = !is_write_locked;
             }
-            
+
         } else if (in_pending_lock_type == cc_lock_upgrade) {
-            if (!client_has_lock || (client_lock_type != cc_lock_read && 
+            if (!client_has_lock || (client_lock_type != cc_lock_read &&
                                      client_lock_type != cc_lock_downgrade)) {
                 err = cci_check_error (ccErrBadLockType);
             } else {
                 /* don't grant if other clients have read locks */
-                grant_lock = !other_clients_have_locks; 
+                grant_lock = !other_clients_have_locks;
             }
-            
+
         } else if (in_pending_lock_type == cc_lock_downgrade) {
-            if (!client_has_lock || (client_lock_type != cc_lock_write && 
+            if (!client_has_lock || (client_lock_type != cc_lock_write &&
                                      client_lock_type != cc_lock_upgrade)) {
                 err = cci_check_error (ccErrBadLockType);
             } else {
@@ -310,62 +310,62 @@ static cc_int32 ccs_lock_state_check_pending_lock (ccs_lock_state_t  io_lock_sta
             err = cci_check_error (ccErrBadLockType);
         }
     }
-    
+
     if (!err) {
         *out_grant_lock = grant_lock;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-static cc_int32 ccs_lock_status_try_to_grant_pending_locks (ccs_lock_state_t io_lock_state) 
+static cc_int32 ccs_lock_status_try_to_grant_pending_locks (ccs_lock_state_t io_lock_state)
 {
     cc_int32 err = ccNoError;
     cc_uint32 done = 0;
-    
+
     if (!io_lock_state) { err = cci_check_error (ccErrBadParam); }
-    
-    /* Look at the pending locks and see if we can grant them. 
+
+    /* Look at the pending locks and see if we can grant them.
      * Note that downgrade locks mean we must check all pending locks each pass
      * since a downgrade lock might be last in the list. */
-    
+
     while (!err && !done) {
         cc_uint64 i;
         cc_uint64 count = ccs_lock_array_count (io_lock_state->locks);
         cc_uint32 granted_lock = 0;
-        
+
         for (i = io_lock_state->first_pending_lock_index; !err && i < count; i++) {
             ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
             cc_uint32 lock_type = 0;
             ccs_pipe_t client_pipe = CCS_PIPE_NULL;
             cc_uint32 can_grant_lock_now = 0;
-            
+
             err = ccs_lock_client_pipe (lock, &client_pipe);
-            
+
             if (!err) {
                 err = ccs_lock_type (lock, &lock_type);
             }
-            
+
             if (!err) {
                 err = ccs_lock_state_check_pending_lock (io_lock_state, client_pipe,
                                                          lock_type, &can_grant_lock_now);
             }
-            
+
             if (!err && can_grant_lock_now) {
                 err = ccs_lock_status_grant_lock (io_lock_state, i);
                 if (!err) { granted_lock = 1; }
             }
         }
-        
+
         if (!err && !granted_lock) {
             /* we walked over all the locks and couldn't grant any of them */
             done = 1;
         }
-    } 
-    
-    return cci_check_error (err);    
+    }
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -383,54 +383,54 @@ cc_int32 ccs_lock_state_add (ccs_lock_state_t  io_lock_state,
 {
     cc_int32 err = ccNoError;
     cc_uint32 can_grant_lock_now = 0;
-    
+
     if (!io_lock_state                  ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
     if (!out_will_send_reply            ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         /* Sanity check: if there are any pending locks for this client
          * the client must have timed out waiting for our reply.  Remove any
          * existing pending locks for the client. */
         cc_uint64 i;
-        
+
         for (i = io_lock_state->first_pending_lock_index; !err && i < ccs_lock_array_count (io_lock_state->locks); i++) {
             ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
             cc_uint32 has_pending_lock_for_client = 0;
-            
+
             err = ccs_lock_is_for_client_pipe (lock, in_client_pipe, &has_pending_lock_for_client);
-            
+
             if (!err && has_pending_lock_for_client) {
-                cci_debug_printf ("WARNING %s: Removing unexpected pending lock %p at index %d.", 
+                cci_debug_printf ("WARNING %s: Removing unexpected pending lock %p at index %d.",
                                   __FUNCTION__, lock, (int) i);
                 err = ccs_lock_status_remove_lock (io_lock_state, i);
                 if (!err) { i--;  /* We removed one so back up an index */ }
             }
         }
     }
-    
+
     if (!err) {
         err = ccs_lock_state_check_pending_lock (io_lock_state, in_client_pipe,
                                                  in_lock_type, &can_grant_lock_now);
     }
-    
+
     if (!err) {
         if (!can_grant_lock_now && (in_block == cc_lock_noblock)) {
             err = cci_check_error (io_lock_state->pending_lock_err);
-            
+
         } else {
             cc_uint64 new_lock_index = 0;
-            
+
             err = ccs_lock_status_add_pending_lock (io_lock_state,
                                                     in_client_pipe,
                                                     in_reply_pipe,
                                                     in_lock_type,
                                                     &new_lock_index);
-            
+
             if (!err && can_grant_lock_now) {
                 err = ccs_lock_status_grant_lock (io_lock_state, new_lock_index);
-                
+
                 if (!err && (in_lock_type == cc_lock_downgrade)) {
                     /* downgrades can allow us to grant other locks */
                     err = ccs_lock_status_try_to_grant_pending_locks (io_lock_state);
@@ -438,13 +438,13 @@ cc_int32 ccs_lock_state_add (ccs_lock_state_t  io_lock_state,
             }
         }
     }
-    
+
     if (!err) {
         /* ccs_lock_state_add sends its replies via callback so caller shouldn't */
         *out_will_send_reply = 1;
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -454,45 +454,45 @@ cc_int32 ccs_lock_state_remove (ccs_lock_state_t io_lock_state,
 {
     cc_int32 err = ccNoError;
     cc_uint32 found_lock = 0;
-    
+
     if (!io_lock_state                  ) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         cc_uint64 i;
-        
-        /* Remove all locks for this client.  
+
+        /* Remove all locks for this client.
          * There should only be one so warn if there are multiple */
         for (i = 0; !err && i < io_lock_state->first_pending_lock_index; i++) {
             ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
             cc_uint32 is_for_client = 0;
-            
+
             err = ccs_lock_is_for_client_pipe (lock, in_client_pipe, &is_for_client);
-            
+
             if (!err && is_for_client) {
                 if (found_lock) {
-                    cci_debug_printf ("WARNING %s: Found multiple locks for client.", 
+                    cci_debug_printf ("WARNING %s: Found multiple locks for client.",
                                       __FUNCTION__);
                 }
-                
+
                 found_lock = 1;
-                
+
                 cci_debug_printf ("%s: Removing lock %p at index %d.", __FUNCTION__, lock, (int) i);
                 err = ccs_lock_status_remove_lock (io_lock_state, i);
                 if (!err) { i--;  /* We removed one so back up an index */ }
             }
         }
     }
-    
+
     if (!err && !found_lock) {
         err = cci_check_error (io_lock_state->no_lock_err);
     }
-    
+
     if (!err) {
         err = ccs_lock_status_try_to_grant_pending_locks (io_lock_state);
-    }    
-    
-    return cci_check_error (err);    
+    }
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -501,26 +501,26 @@ cc_int32 ccs_lock_state_invalidate_lock (ccs_lock_state_t io_lock_state,
                                          ccs_lock_t       in_lock)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_lock_state) { err = ccErrBadParam; }
-    
+
     if (!err) {
         cc_uint64 i;
         cc_uint64 count = ccs_lock_array_count (io_lock_state->locks);
-        
+
         for (i = 0; !err && i < count; i++) {
             ccs_lock_t lock = ccs_lock_array_object_at_index (io_lock_state->locks, i);
-            
+
             if (lock == in_lock) {
                 err = ccs_lock_status_remove_lock (io_lock_state, i);
-                
+
                 if (!err) {
                     err = ccs_lock_status_try_to_grant_pending_locks (io_lock_state);
                     break;
-                }                        
+                }
             }
         }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
diff --git a/src/ccapi/server/ccs_lock_state.h b/src/ccapi/server/ccs_lock_state.h
index c6b9bdb0d..aa0c23a3c 100644
--- a/src/ccapi/server/ccs_lock_state.h
+++ b/src/ccapi/server/ccs_lock_state.h
@@ -29,9 +29,9 @@
 
 #include "ccs_types.h"
 
-cc_int32 ccs_lock_state_new (ccs_lock_state_t *out_lock_state, 
-                             cc_int32          in_invalid_object_err, 
-                             cc_int32          in_pending_lock_err, 
+cc_int32 ccs_lock_state_new (ccs_lock_state_t *out_lock_state,
+                             cc_int32          in_invalid_object_err,
+                             cc_int32          in_pending_lock_err,
                              cc_int32          in_no_lock_err);
 
 cc_int32 ccs_lock_state_release (ccs_lock_state_t io_lock_state);
diff --git a/src/ccapi/server/ccs_pipe.c b/src/ccapi/server/ccs_pipe.c
index 0a65a0aeb..41ec60c79 100644
--- a/src/ccapi/server/ccs_pipe.c
+++ b/src/ccapi/server/ccs_pipe.c
@@ -40,7 +40,7 @@ cc_int32 ccs_pipe_compare (ccs_pipe_t  in_pipe,
                            ccs_pipe_t  in_compare_to_pipe,
                            cc_uint32  *out_equal)
 {
-    return ccs_os_pipe_compare (in_pipe, in_compare_to_pipe, out_equal);    
+    return ccs_os_pipe_compare (in_pipe, in_compare_to_pipe, out_equal);
 }
 
 /* ------------------------------------------------------------------------ */
diff --git a/src/ccapi/server/ccs_server.c b/src/ccapi/server/ccs_server.c
index 30476e407..469834196 100644
--- a/src/ccapi/server/ccs_server.c
+++ b/src/ccapi/server/ccs_server.c
@@ -38,35 +38,35 @@ ccs_client_array_t g_client_array = NULL;
 int main (int argc, const char *argv[])
 {
     cc_int32 err = 0;
-    
+
     if (!err) {
         err = ccs_os_server_initialize (argc, argv);
     }
-    
+
     if (!err) {
         err = cci_identifier_new_uuid (&g_server_id);
     }
-    
+
     if (!err) {
         err = ccs_cache_collection_new (&g_cache_collection);
     }
-    
+
     if (!err) {
         err = ccs_client_array_new (&g_client_array);
     }
-    
+
     if (!err) {
         err = ccs_os_server_listen_loop (argc, argv);
     }
-    
+
     if (!err) {
         free (g_server_id);
         cci_check_error (ccs_cache_collection_release (g_cache_collection));
         cci_check_error (ccs_client_array_release (g_client_array));
-        
+
         err = ccs_os_server_cleanup (argc, argv);
     }
-    
+
     return cci_check_error (err) ? 1 : 0;
 }
 
@@ -92,19 +92,19 @@ cc_int32 ccs_server_add_client (ccs_pipe_t in_connection_pipe)
 {
     cc_int32 err = ccNoError;
     ccs_client_t client = NULL;
-    
+
     if (!err) {
         err = ccs_client_new (&client, in_connection_pipe);
     }
-    
+
     if (!err) {
         cci_debug_printf ("%s: Adding client %p.", __FUNCTION__, client);
-        err = ccs_client_array_insert (g_client_array, 
+        err = ccs_client_array_insert (g_client_array,
                                        client,
                                        ccs_client_array_count (g_client_array));
     }
 
-    return cci_check_error (err);    
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -117,26 +117,26 @@ cc_int32 ccs_server_remove_client (ccs_pipe_t in_connection_pipe)
         cc_uint64 i;
         cc_uint64 count = ccs_client_array_count (g_client_array);
         cc_uint32 found = 0;
-        
+
         for (i = 0; !err && i < count; i++) {
             ccs_client_t client = ccs_client_array_object_at_index (g_client_array, i);
-            
+
             err = ccs_client_uses_pipe (client, in_connection_pipe, &found);
-            
+
             if (!err && found) {
                 cci_debug_printf ("%s: Removing client %p.", __FUNCTION__, client);
                 err = ccs_client_array_remove (g_client_array, i);
                 break;
             }
         }
-        
+
         if (!err && !found) {
-            cci_debug_printf ("WARNING %s() didn't find client in client list.", 
+            cci_debug_printf ("WARNING %s() didn't find client in client list.",
                               __FUNCTION__);
-        }        
+        }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -146,32 +146,32 @@ cc_int32 ccs_server_client_for_pipe (ccs_pipe_t    in_client_pipe,
 {
     cc_int32 err = ccNoError;
     ccs_client_t client_for_pipe = NULL;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!out_client                     ) { err = cci_check_error (ccErrBadParam); }
 
     if (!err) {
         cc_uint64 i;
         cc_uint64 count = ccs_client_array_count (g_client_array);
-        
+
         for (i = 0; !err && i < count; i++) {
             ccs_client_t client = ccs_client_array_object_at_index (g_client_array, i);
             cc_uint32 uses_pipe = 0;
-            
+
             err = ccs_client_uses_pipe (client, in_client_pipe, &uses_pipe);
-            
+
             if (!err && uses_pipe) {
                 client_for_pipe = client;
                 break;
             }
         }
     }
-    
+
     if (!err) {
         *out_client = client_for_pipe; /* may be NULL if not found */
     }
 
-    return cci_check_error (err);    
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -181,19 +181,19 @@ cc_int32 ccs_server_client_is_valid (ccs_pipe_t  in_client_pipe,
 {
     cc_int32 err = ccNoError;
     ccs_client_t client = NULL;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!out_client_is_valid            ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = ccs_server_client_for_pipe (in_client_pipe, &client);
     }
-    
+
     if (!err) {
         *out_client_is_valid = (client != NULL);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 #ifdef TARGET_OS_MAC
@@ -221,9 +221,9 @@ static cc_int32 ccs_server_request_demux (ccs_pipe_t              in_client_pipe
     if (!err) {
         if (in_request_name > cci_context_first_msg_id &&
             in_request_name < cci_context_last_msg_id) {
-            /* Note: context identifier doesn't need to match.  
+            /* Note: context identifier doesn't need to match.
              * Client just uses the identifier to detect server relaunch. */
-            
+
             if (!err) {
                 err = ccs_cache_collection_handle_message (in_client_pipe,
                                                            in_reply_pipe,
@@ -233,15 +233,15 @@ static cc_int32 ccs_server_request_demux (ccs_pipe_t              in_client_pipe
                                                            out_will_block,
                                                            out_reply_data);
             }
-                
+
         } else if (in_request_name > cci_ccache_first_msg_id &&
                    in_request_name < cci_ccache_last_msg_id) {
             ccs_ccache_t ccache = NULL;
-            
+
             err = ccs_cache_collection_find_ccache (in_cache_collection,
                                                     in_request_identifier,
-                                                    &ccache);            
-            
+                                                    &ccache);
+
             if (!err) {
                 err = ccs_ccache_handle_message (in_client_pipe,
                                                  in_reply_pipe,
@@ -251,16 +251,16 @@ static cc_int32 ccs_server_request_demux (ccs_pipe_t              in_client_pipe
                                                  in_request_data,
                                                  out_will_block,
                                                  out_reply_data);
-            }                
-                        
+            }
+
         } else if (in_request_name > cci_ccache_iterator_first_msg_id &&
                    in_request_name < cci_ccache_iterator_last_msg_id) {
             ccs_ccache_iterator_t ccache_iterator = NULL;
-            
+
             err = ccs_cache_collection_find_ccache_iterator (in_cache_collection,
                                                              in_request_identifier,
-                                                             &ccache_iterator);            
-            
+                                                             &ccache_iterator);
+
             if (!err) {
                 err = ccs_ccache_iterator_handle_message (ccache_iterator,
                                                           in_cache_collection,
@@ -268,21 +268,21 @@ static cc_int32 ccs_server_request_demux (ccs_pipe_t              in_client_pipe
                                                           in_request_data,
                                                           out_reply_data);
             }
-            
+
             if (!err) {
                 *out_will_block = 0; /* can't block */
             }
-            
+
         } else if (in_request_name > cci_credentials_iterator_first_msg_id &&
                    in_request_name < cci_credentials_iterator_last_msg_id) {
             ccs_credentials_iterator_t credentials_iterator = NULL;
             ccs_ccache_t ccache = NULL;
-            
+
             err = ccs_cache_collection_find_credentials_iterator (in_cache_collection,
                                                                   in_request_identifier,
                                                                   &ccache,
-                                                                  &credentials_iterator);            
-            
+                                                                  &credentials_iterator);
+
             if (!err) {
                 err = ccs_credentials_iterator_handle_message (credentials_iterator,
                                                                ccache,
@@ -290,16 +290,16 @@ static cc_int32 ccs_server_request_demux (ccs_pipe_t              in_client_pipe
                                                                in_request_data,
                                                                out_reply_data);
             }
-            
+
             if (!err) {
                 *out_will_block = 0; /* can't block */
             }
- 
+
         } else {
             err = ccErrBadInternalMessage;
         }
     }
-    
+
     return cci_check_error (err);
 }
 
@@ -318,46 +318,46 @@ cc_int32 ccs_server_handle_request (ccs_pipe_t     in_client_pipe,
     cci_identifier_t request_identifier = NULL;
     cc_uint32 will_block = 0;
     k5_ipc_stream reply_data = NULL;
-    
+
     if (!ccs_pipe_valid (in_client_pipe)) { err = cci_check_error (ccErrBadParam); }
     if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
     if (!in_request                     ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_message_read_request_header (in_request,
                                                &request_name,
                                                &request_identifier);
     }
-    
+
     if (!err) {
         cc_uint32 server_err = 0;
         cc_uint32 valid = 0;
         ccs_cache_collection_t cache_collection = g_cache_collection;
-        
-        server_err = cci_identifier_is_for_server (request_identifier, 
-                                                   g_server_id, 
+
+        server_err = cci_identifier_is_for_server (request_identifier,
+                                                   g_server_id,
                                                    &valid);
-        
+
         if (!server_err && !valid) {
             server_err = cci_message_invalid_object_err (request_name);
         }
-        
+
         if (!server_err) {
-            
-            /* Monolithic server implementation would need to select 
+
+            /* Monolithic server implementation would need to select
              * cache collection here.  Currently we only support per-user
              * servers so we always use the same cache collection. */
-            
+
             server_err = ccs_server_request_demux (in_client_pipe,
                                                    in_reply_pipe,
                                                    cache_collection,
                                                    request_name,
                                                    request_identifier,
-                                                   in_request, 
+                                                   in_request,
                                                    &will_block,
                                                    &reply_data);
         }
-        
+
         if (server_err || !will_block) {
 
             /* send a reply now if the server isn't blocked on something */
@@ -367,8 +367,8 @@ cc_int32 ccs_server_handle_request (ccs_pipe_t     in_client_pipe,
 
     cci_identifier_release (request_identifier);
     krb5int_ipc_stream_release (reply_data);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -379,24 +379,24 @@ cc_int32 ccs_server_send_reply (ccs_pipe_t     in_reply_pipe,
 {
     cc_int32 err = ccNoError;
     k5_ipc_stream reply = NULL;
-    
+
     if (!ccs_pipe_valid (in_reply_pipe) ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         err = cci_message_new_reply_header (&reply, in_reply_err);
     }
-    
+
     if (!err && in_reply_data && krb5int_ipc_stream_size (in_reply_data) > 0) {
-        err = krb5int_ipc_stream_write (reply, 
-                                krb5int_ipc_stream_data (in_reply_data), 
+        err = krb5int_ipc_stream_write (reply,
+                                krb5int_ipc_stream_data (in_reply_data),
                                 krb5int_ipc_stream_size (in_reply_data));
     }
-    
+
     if (!err) {
         err = ccs_os_server_send_reply (in_reply_pipe, reply);
     }
-    
+
     krb5int_ipc_stream_release (reply);
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
diff --git a/src/ccapi/server/mac/ccs_os_notify.c b/src/ccapi/server/mac/ccs_os_notify.c
index 920282316..84501fbd6 100644
--- a/src/ccapi/server/mac/ccs_os_notify.c
+++ b/src/ccapi/server/mac/ccs_os_notify.c
@@ -33,22 +33,22 @@
 cc_int32 ccs_os_notify_cache_collection_changed (ccs_cache_collection_t io_cache_collection)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         CFNotificationCenterRef center = CFNotificationCenterGetDistributedCenter ();
 
-        if (center) { 
+        if (center) {
             CFNotificationCenterPostNotification (center,
                                                   kCCAPICacheCollectionChangedNotification,
                                                   NULL, NULL, TRUE);
         }
     }
-    
-    
-    
-    return cci_check_error (err);    
+
+
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -57,24 +57,24 @@ cc_int32 ccs_os_notify_ccache_changed (ccs_cache_collection_t  io_cache_collecti
                                        const char             *in_ccache_name)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); }
     if (!in_ccache_name     ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         CFNotificationCenterRef center = CFNotificationCenterGetDistributedCenter ();
         CFStringRef name = CFStringCreateWithCString (kCFAllocatorDefault,
                                                       in_ccache_name,
                                                       kCFStringEncodingUTF8);
-        
-        if (center && name) { 
+
+        if (center && name) {
             CFNotificationCenterPostNotification (center,
                                                   kCCAPICCacheChangedNotification,
                                                   name, NULL, TRUE);
         }
-        
+
         if (name) { CFRelease (name); }
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
diff --git a/src/ccapi/server/mac/ccs_os_pipe.c b/src/ccapi/server/mac/ccs_os_pipe.c
index 91227676c..0462a64e6 100644
--- a/src/ccapi/server/mac/ccs_os_pipe.c
+++ b/src/ccapi/server/mac/ccs_os_pipe.c
@@ -44,16 +44,16 @@ cc_int32 ccs_os_pipe_compare (ccs_pipe_t  in_pipe,
                               cc_uint32  *out_equal)
 {
     cc_int32 err = ccNoError;
-    
+
     if (!in_pipe           ) { err = cci_check_error (ccErrBadParam); }
     if (!in_compare_to_pipe) { err = cci_check_error (ccErrBadParam); }
     if (!out_equal         ) { err = cci_check_error (ccErrBadParam); }
-    
+
     if (!err) {
         *out_equal = (in_pipe == in_compare_to_pipe);
     }
-    
-    return cci_check_error (err);    
+
+    return cci_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -62,9 +62,9 @@ cc_int32 ccs_os_pipe_copy (ccs_pipe_t *out_pipe,
 			   ccs_pipe_t  in_pipe)
 {
     cc_int32 err = 0;
-    
+
     *out_pipe = in_pipe;
-    
+
     return cci_check_error (err);
 }
 
@@ -73,9 +73,8 @@ cc_int32 ccs_os_pipe_copy (ccs_pipe_t *out_pipe,
 cc_int32 ccs_os_pipe_release (ccs_pipe_t io_pipe)
 {
     cc_int32 err = 0;
-    
+
     /* Nothing to do here on Mac OS X */
-    
+
     return cci_check_error (err);
 }
-
diff --git a/src/ccapi/server/mac/ccs_os_server.c b/src/ccapi/server/mac/ccs_os_server.c
index 98bc6b30a..276c1ad14 100644
--- a/src/ccapi/server/mac/ccs_os_server.c
+++ b/src/ccapi/server/mac/ccs_os_server.c
@@ -51,8 +51,8 @@ kern_return_t k5_ipc_server_handle_request (mach_port_t    in_connection_port,
                                             mach_port_t    in_reply_port,
                                             k5_ipc_stream  in_request_stream)
 {
-    return cci_check_error (ccs_server_handle_request (in_connection_port, 
-                                                       in_reply_port, 
+    return cci_check_error (ccs_server_handle_request (in_connection_port,
+                                                       in_reply_port,
                                                        in_request_stream));
 }
 
@@ -63,10 +63,10 @@ kern_return_t k5_ipc_server_handle_request (mach_port_t    in_connection_port,
 cc_int32 ccs_os_server_initialize (int argc, const char *argv[])
 {
     cc_int32 err = 0;
-    
+
     openlog (argv[0], LOG_CONS | LOG_PID, LOG_AUTH);
-    syslog (LOG_INFO, "Starting up.");   
-    
+    syslog (LOG_INFO, "Starting up.");
+
     return cci_check_error (err);
 }
 
@@ -75,9 +75,9 @@ cc_int32 ccs_os_server_initialize (int argc, const char *argv[])
 cc_int32 ccs_os_server_cleanup (int argc, const char *argv[])
 {
     cc_int32 err = 0;
-    
+
     syslog (LOG_NOTICE, "Exiting.");
-    
+
     return cci_check_error (err);
 }
 
@@ -93,6 +93,6 @@ cc_int32 ccs_os_server_listen_loop (int argc, const char *argv[])
 cc_int32 ccs_os_server_send_reply (ccs_pipe_t   in_reply_pipe,
                                    k5_ipc_stream in_reply_stream)
 {
-    return cci_check_error (k5_ipc_server_send_reply (in_reply_pipe, 
+    return cci_check_error (k5_ipc_server_send_reply (in_reply_pipe,
                                                       in_reply_stream));
 }
diff --git a/src/ccapi/server/win/ccs_os_pipe.c b/src/ccapi/server/win/ccs_os_pipe.c
index 95af378e7..4573fa5e9 100644
--- a/src/ccapi/server/win/ccs_os_pipe.c
+++ b/src/ccapi/server/win/ccs_os_pipe.c
@@ -31,7 +31,7 @@
 /* ------------------------------------------------------------------------ */
 
 /* On Windows, a pipe is a struct.  See ccs_win_pipe.h for details.         */
-   
+
 
 /* ------------------------------------------------------------------------ */
 
@@ -43,7 +43,7 @@ cc_int32 ccs_os_pipe_valid (ccs_pipe_t in_pipe) {
 
 cc_int32 ccs_os_pipe_copy (ccs_pipe_t* out_pipe, ccs_pipe_t  in_pipe) {
     return ccs_win_pipe_copy(
-        out_pipe, 
+        out_pipe,
         in_pipe);
     }
 
@@ -61,4 +61,3 @@ cc_int32 ccs_os_pipe_compare (ccs_pipe_t  pipe_1,
 
     return ccs_win_pipe_compare(pipe_1, pipe_2, out_equal);
     }
-
diff --git a/src/ccapi/server/win/ccs_request_proc.c b/src/ccapi/server/win/ccs_request_proc.c
index 8421b7224..00a8f032d 100644
--- a/src/ccapi/server/win/ccs_request_proc.c
+++ b/src/ccapi/server/win/ccs_request_proc.c
@@ -50,8 +50,8 @@ void ccs_rpc_request(
     cci_debug_printf("%s rpcmsg:%d; UUID:<%s> SST:<%s>", __FUNCTION__, rpcmsg, pszUUID, serverStartTime);
 #endif
     status = (rpcmsg != CCMSG_REQUEST) && (rpcmsg != CCMSG_PING);
-    
-    if (!status) {                         
+
+    if (!status) {
         status = krb5int_ipc_stream_new (&stream);  /* Create a stream for the request data */
         }
 
@@ -59,7 +59,7 @@ void ccs_rpc_request(
         status = krb5int_ipc_stream_write (stream, pbRequest, lenRequest);
         }
 
-    pipe = ccs_win_pipe_new(pszUUID, *p);    
+    pipe = ccs_win_pipe_new(pszUUID, *p);
     worklist_add(rpcmsg, pipe, stream, serverStartTime);
     *return_status = status;
     }
@@ -76,7 +76,7 @@ void ccs_rpc_connect(
 #if 0
     cci_debug_printf("%s; rpcmsg:%d; UUID: <%s>", __FUNCTION__, rpcmsg, pszUUID);
 #endif
-    worklist_add(   rpcmsg, 
+    worklist_add(   rpcmsg,
                     pipe,
                     NULL,               /* No payload with connect request */
                     (const time_t)0 );  /* No server session number with connect request */
diff --git a/src/ccapi/server/win/ccs_win_pipe.c b/src/ccapi/server/win/ccs_win_pipe.c
index 4ef807dd5..243f8f222 100644
--- a/src/ccapi/server/win/ccs_win_pipe.c
+++ b/src/ccapi/server/win/ccs_win_pipe.c
@@ -55,7 +55,7 @@ struct ccs_win_pipe_t* ccs_win_pipe_new (const char* uuid, const HANDLE h) {
         if (!uuidCopy)  {err = cci_check_error(ccErrBadParam);}
         strcpy(uuidCopy, uuid);
         }
-    
+
     if (!err) {
         out_pipe = (struct ccs_win_pipe_t*)malloc(sizeof(struct ccs_win_pipe_t));
         if (!out_pipe)  {err = cci_check_error(ccErrBadParam);}
@@ -70,10 +70,10 @@ struct ccs_win_pipe_t* ccs_win_pipe_new (const char* uuid, const HANDLE h) {
 
 /* ------------------------------------------------------------------------ */
 
-cc_int32 ccs_win_pipe_copy (WIN_PIPE** out_pipe, 
+cc_int32 ccs_win_pipe_copy (WIN_PIPE** out_pipe,
                             const WIN_PIPE* in_pipe) {
 
-    *out_pipe = 
+    *out_pipe =
         ccs_win_pipe_new(
             ccs_win_pipe_getUuid  (in_pipe),
             ccs_win_pipe_getHandle(in_pipe) );
diff --git a/src/ccapi/server/win/ccs_win_pipe.h b/src/ccapi/server/win/ccs_win_pipe.h
index 3600d12af..c489aafd2 100644
--- a/src/ccapi/server/win/ccs_win_pipe.h
+++ b/src/ccapi/server/win/ccs_win_pipe.h
@@ -33,16 +33,16 @@
 
 /* ------------------------------------------------------------------------ */
 
-/* On Windows, a pipe is a struct containing a UUID and a handle.  Both the 
-   UUID and handle are supplied by the client.  
-   
-   The UUID is used to build the client's reply endpoint.  
-   
+/* On Windows, a pipe is a struct containing a UUID and a handle.  Both the
+   UUID and handle are supplied by the client.
+
+   The UUID is used to build the client's reply endpoint.
+
    The handle is to the requesting client thread's thread local storage struct,
    so that the client's one and only reply handler can put reply data where
    the requesting thread will be able to see it.
  */
-   
+
 struct ccs_win_pipe_t {
     char*   uuid;
     HANDLE  clientHandle;
@@ -58,7 +58,7 @@ cc_int32    ccs_win_pipe_compare    (const WIN_PIPE* win_pipe_1,
                                      const WIN_PIPE* win_pipe_2,
                                      cc_uint32  *out_equal);
 
-cc_int32    ccs_win_pipe_copy       (WIN_PIPE** out_pipe, 
+cc_int32    ccs_win_pipe_copy       (WIN_PIPE** out_pipe,
                                      const WIN_PIPE* in_pipe);
 
 cc_int32    ccs_win_pipe_valid      (const WIN_PIPE* in_pipe);
@@ -66,4 +66,4 @@ cc_int32    ccs_win_pipe_valid      (const WIN_PIPE* in_pipe);
 char*       ccs_win_pipe_getUuid    (const WIN_PIPE* in_pipe);
 HANDLE      ccs_win_pipe_getHandle  (const WIN_PIPE* in_pipe);
 
-#endif // _ccs_win_pipe_h_
\ No newline at end of file
+#endif // _ccs_win_pipe_h_
diff --git a/src/ccapi/server/win/workitem.h b/src/ccapi/server/win/workitem.h
index 9829f8500..1d3df155c 100644
--- a/src/ccapi/server/win/workitem.h
+++ b/src/ccapi/server/win/workitem.h
@@ -15,9 +15,9 @@ private:
     const long            _rpcmsg;
     const long            _sst;
 public:
-    WorkItem(   k5_ipc_stream buf, 
-                WIN_PIPE*     pipe, 
-                const long    type, 
+    WorkItem(   k5_ipc_stream buf,
+                WIN_PIPE*     pipe,
+                const long    type,
                 const long    serverStartTime);
     WorkItem(   const         WorkItem&);
     WorkItem();
diff --git a/src/ccapi/test/main.c b/src/ccapi/test/main.c
index d48601003..2ace96783 100644
--- a/src/ccapi/test/main.c
+++ b/src/ccapi/test/main.c
@@ -11,16 +11,16 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 //	cc_ccache_iterator_t cache_iterator = NULL;
 //	cc_credentials_iterator_t cred_iterator = NULL;
-	
+
 	fprintf(stdout, "Testing CCAPI against CCAPI v3 rev 8 documentation...\n");
 	fprintf(stdout, "Warning: this test suite is woefully incomplete and unpolished.\n");
-	
+
 	T_CCAPI_INIT;
-	
+
 	// *** ccapi v2 compat ***
 	err = check_cc_shutdown();
 	err = check_cc_get_change_time();
@@ -39,9 +39,9 @@ int main (int argc, const char * argv[]) {
 	err = check_cc_seq_fetch_creds_begin();
 	err = check_cc_seq_fetch_creds_next();
 	err = check_cc_get_NC_info();
-    
+
 	err = check_constants();
-	
+
 	// *** cc_context ***
 	err = check_cc_initialize();
 	err = check_cc_context_release();
@@ -56,7 +56,7 @@ int main (int argc, const char * argv[]) {
 	// err = check_cc_context_lock();
 	// err = check_cc_context_unlock();
 	err = check_cc_context_compare();
-	
+
 	// *** cc_ccache ***
 	err = check_cc_ccache_release();
 	err = check_cc_ccache_destroy();
@@ -77,14 +77,14 @@ int main (int argc, const char * argv[]) {
 	err = check_cc_ccache_get_kdc_time_offset();
 	err = check_cc_ccache_set_kdc_time_offset();
 	err = check_cc_ccache_clear_kdc_time_offset();
-	
+
 	// *** cc_ccache_iterator ***
 	err = check_cc_ccache_iterator_next();
-	
+
 	// *** cc_credentials_iterator ***
 	err = check_cc_credentials_iterator_next();
-	
+
 	fprintf(stdout, "\nFinished testing CCAPI. %d failure%s in total.\n", total_failure_count, (total_failure_count == 1) ? "" : "s");
-	
+
     return err;
 }
diff --git a/src/ccapi/test/pingtest.c b/src/ccapi/test/pingtest.c
index 637f8ab18..d64db2e4b 100644
--- a/src/ccapi/test/pingtest.c
+++ b/src/ccapi/test/pingtest.c
@@ -30,9 +30,9 @@ RPC_STATUS send_test(char* endpoint) {
     unsigned char*  pszNetworkAddress   = NULL;
     unsigned char*  pszOptions          = NULL;
     unsigned char*  pszStringBinding    = NULL;
-    unsigned char*  pszUuid             = NULL; 
+    unsigned char*  pszUuid             = NULL;
     RPC_STATUS      status;
- 
+
     status = RpcStringBindingCompose(pszUuid,
                                      (RPC_CSTR)"ncalrpc",
                                      pszNetworkAddress,
@@ -73,7 +73,7 @@ int main(   int argc, char *argv[]) {
     char*           message         = "Hello, RPC!";
 
 
-    if ((dwTlsIndex = TlsAlloc()) == TLS_OUT_OF_INDEXES) return FALSE; 
+    if ((dwTlsIndex = TlsAlloc()) == TLS_OUT_OF_INDEXES) return FALSE;
 
 //    send_test("krbcc.229026.0.ep");
 
@@ -90,14 +90,14 @@ int main(   int argc, char *argv[]) {
         }
 
     if (!err) {
-        err = cci_os_ipc_msg(TRUE, send_stream, CCMSG_PING, &reply_stream); 
+        err = cci_os_ipc_msg(TRUE, send_stream, CCMSG_PING, &reply_stream);
         }
     Sleep(10*1000);
     cci_debug_printf("Try finishing async call.");
 
     Sleep(INFINITE);
     cci_debug_printf("main: return. err == %d", err);
-    
+
     return 0;
     }
 
diff --git a/src/ccapi/test/simple_lock_test.c b/src/ccapi/test/simple_lock_test.c
index 418d56ad0..8961d9999 100644
--- a/src/ccapi/test/simple_lock_test.c
+++ b/src/ccapi/test/simple_lock_test.c
@@ -1,6 +1,6 @@
 /*
     simple_lock_test.c
-    
+
     Initializes two contexts in two different threads and tries to get read locks on both at the same time.
     Hangs at line 24.
 */
@@ -25,7 +25,7 @@
 void *other_thread (void) {
     cc_int32 err;
     cc_context_t context = NULL;
-    
+
     err = cc_initialize(&context, ccapi_version_7, NULL, NULL);
 
     log_error("thread: attempting lock. may hang. err == %d", err);
@@ -57,7 +57,7 @@ int main (int argc, char *argv[]) {
     if (!err) {
         err = cc_context_lock(context, cc_lock_read, cc_lock_noblock);
     }
-    
+
     log_error("main: initialized and read locked context. err == %d", err);
 
 #ifdef TARGET_OS_MAC
@@ -71,9 +71,9 @@ int main (int argc, char *argv[]) {
 #else
 
 #endif
-    
+
     log_error("main: unlocking and releasing context. err == %d", err);
-    
+
     if (context) {
         log_error("main: calling cc_context_unlock");
         cc_context_unlock(context);
@@ -83,7 +83,7 @@ int main (int argc, char *argv[]) {
     }
 
     log_error("main: return. err == %d", err);
-    
+
 #if defined(_WIN32)
     UNREFERENCED_PARAMETER(status);       // no whining!
 #endif
diff --git a/src/ccapi/test/test_cc_ccache_compare.c b/src/ccapi/test/test_cc_ccache_compare.c
index 6034a341d..96aaa56c7 100644
--- a/src/ccapi/test/test_cc_ccache_compare.c
+++ b/src/ccapi/test/test_cc_ccache_compare.c
@@ -7,7 +7,7 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_compare();
diff --git a/src/ccapi/test/test_cc_ccache_destroy.c b/src/ccapi/test/test_cc_ccache_destroy.c
index 2b56f10c0..95c417ca5 100644
--- a/src/ccapi/test/test_cc_ccache_destroy.c
+++ b/src/ccapi/test/test_cc_ccache_destroy.c
@@ -7,7 +7,7 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_destroy();
diff --git a/src/ccapi/test/test_cc_ccache_get_change_time.c b/src/ccapi/test/test_cc_ccache_get_change_time.c
index 323c66fe9..a515d5bdc 100644
--- a/src/ccapi/test/test_cc_ccache_get_change_time.c
+++ b/src/ccapi/test/test_cc_ccache_get_change_time.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_get_change_time();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_get_credentials_version.c b/src/ccapi/test/test_cc_ccache_get_credentials_version.c
index 7f3e71461..f5df7c078 100644
--- a/src/ccapi/test/test_cc_ccache_get_credentials_version.c
+++ b/src/ccapi/test/test_cc_ccache_get_credentials_version.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_get_credentials_version();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_get_kdc_time_offset.c b/src/ccapi/test/test_cc_ccache_get_kdc_time_offset.c
index 871342a10..13e61165c 100644
--- a/src/ccapi/test/test_cc_ccache_get_kdc_time_offset.c
+++ b/src/ccapi/test/test_cc_ccache_get_kdc_time_offset.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_get_kdc_time_offset();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_get_last_default_time.c b/src/ccapi/test/test_cc_ccache_get_last_default_time.c
index a820d1385..4de22e4a0 100644
--- a/src/ccapi/test/test_cc_ccache_get_last_default_time.c
+++ b/src/ccapi/test/test_cc_ccache_get_last_default_time.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_get_last_default_time();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_get_name.c b/src/ccapi/test/test_cc_ccache_get_name.c
index 77e525a31..f6649974f 100644
--- a/src/ccapi/test/test_cc_ccache_get_name.c
+++ b/src/ccapi/test/test_cc_ccache_get_name.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_get_name();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_get_principal.c b/src/ccapi/test/test_cc_ccache_get_principal.c
index 8e110ed01..05d7c4349 100644
--- a/src/ccapi/test/test_cc_ccache_get_principal.c
+++ b/src/ccapi/test/test_cc_ccache_get_principal.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_get_principal();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_iterator_next.c b/src/ccapi/test/test_cc_ccache_iterator_next.c
index ec81103d8..945a98d26 100644
--- a/src/ccapi/test/test_cc_ccache_iterator_next.c
+++ b/src/ccapi/test/test_cc_ccache_iterator_next.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_iterator_next();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_move.c b/src/ccapi/test/test_cc_ccache_move.c
index 37793181f..880198c89 100644
--- a/src/ccapi/test/test_cc_ccache_move.c
+++ b/src/ccapi/test/test_cc_ccache_move.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_move();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_new_credentials_iterator.c b/src/ccapi/test/test_cc_ccache_new_credentials_iterator.c
index cd18693d4..1338e832a 100644
--- a/src/ccapi/test/test_cc_ccache_new_credentials_iterator.c
+++ b/src/ccapi/test/test_cc_ccache_new_credentials_iterator.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_new_credentials_iterator();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_release.c b/src/ccapi/test/test_cc_ccache_release.c
index 4a8e685bd..75d604c91 100644
--- a/src/ccapi/test/test_cc_ccache_release.c
+++ b/src/ccapi/test/test_cc_ccache_release.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_release();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_remove_credentials.c b/src/ccapi/test/test_cc_ccache_remove_credentials.c
index c13a618ef..679da85c5 100644
--- a/src/ccapi/test/test_cc_ccache_remove_credentials.c
+++ b/src/ccapi/test/test_cc_ccache_remove_credentials.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_remove_credentials();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_set_default.c b/src/ccapi/test/test_cc_ccache_set_default.c
index 6adf3e977..71bba2a46 100644
--- a/src/ccapi/test/test_cc_ccache_set_default.c
+++ b/src/ccapi/test/test_cc_ccache_set_default.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_set_default();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_set_kdc_time_offset.c b/src/ccapi/test/test_cc_ccache_set_kdc_time_offset.c
index e15f246e9..b8b21e987 100644
--- a/src/ccapi/test/test_cc_ccache_set_kdc_time_offset.c
+++ b/src/ccapi/test/test_cc_ccache_set_kdc_time_offset.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_set_kdc_time_offset();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_set_principal.c b/src/ccapi/test/test_cc_ccache_set_principal.c
index 4cc453402..ec55acd71 100644
--- a/src/ccapi/test/test_cc_ccache_set_principal.c
+++ b/src/ccapi/test/test_cc_ccache_set_principal.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_set_principal();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_ccache_store_credentials.c b/src/ccapi/test/test_cc_ccache_store_credentials.c
index 53a6564c7..c52125bdb 100644
--- a/src/ccapi/test/test_cc_ccache_store_credentials.c
+++ b/src/ccapi/test/test_cc_ccache_store_credentials.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_ccache_store_credentials();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_close.c b/src/ccapi/test/test_cc_close.c
index b3a5bc2ef..b6bc3afaa 100644
--- a/src/ccapi/test/test_cc_close.c
+++ b/src/ccapi/test/test_cc_close.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_close();
diff --git a/src/ccapi/test/test_cc_context_compare.c b/src/ccapi/test/test_cc_context_compare.c
index 9b2626a5d..f4965af3a 100644
--- a/src/ccapi/test/test_cc_context_compare.c
+++ b/src/ccapi/test/test_cc_context_compare.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_compare();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_create_ccache.c b/src/ccapi/test/test_cc_context_create_ccache.c
index a616e1cab..c94294513 100644
--- a/src/ccapi/test/test_cc_context_create_ccache.c
+++ b/src/ccapi/test/test_cc_context_create_ccache.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_create_ccache();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_create_default_ccache.c b/src/ccapi/test/test_cc_context_create_default_ccache.c
index aaad4ab57..c3fb4054e 100644
--- a/src/ccapi/test/test_cc_context_create_default_ccache.c
+++ b/src/ccapi/test/test_cc_context_create_default_ccache.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_create_default_ccache();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_create_new_ccache.c b/src/ccapi/test/test_cc_context_create_new_ccache.c
index c77d931ff..d89fa4f3f 100644
--- a/src/ccapi/test/test_cc_context_create_new_ccache.c
+++ b/src/ccapi/test/test_cc_context_create_new_ccache.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_create_new_ccache();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_get_change_time.c b/src/ccapi/test/test_cc_context_get_change_time.c
index f98b2ce64..ad5c0a346 100644
--- a/src/ccapi/test/test_cc_context_get_change_time.c
+++ b/src/ccapi/test/test_cc_context_get_change_time.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_get_change_time();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_get_default_ccache_name.c b/src/ccapi/test/test_cc_context_get_default_ccache_name.c
index ffa8c2cbf..06fff955f 100644
--- a/src/ccapi/test/test_cc_context_get_default_ccache_name.c
+++ b/src/ccapi/test/test_cc_context_get_default_ccache_name.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_get_default_ccache_name();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_new_ccache_iterator.c b/src/ccapi/test/test_cc_context_new_ccache_iterator.c
index b7885de64..82209854a 100644
--- a/src/ccapi/test/test_cc_context_new_ccache_iterator.c
+++ b/src/ccapi/test/test_cc_context_new_ccache_iterator.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_new_ccache_iterator();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_open_ccache.c b/src/ccapi/test/test_cc_context_open_ccache.c
index 8e7e825b9..461d8df63 100644
--- a/src/ccapi/test/test_cc_context_open_ccache.c
+++ b/src/ccapi/test/test_cc_context_open_ccache.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_open_ccache();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_open_default_ccache.c b/src/ccapi/test/test_cc_context_open_default_ccache.c
index e6e72fa62..09c6b7c39 100644
--- a/src/ccapi/test/test_cc_context_open_default_ccache.c
+++ b/src/ccapi/test/test_cc_context_open_default_ccache.c
@@ -7,10 +7,9 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_open_default_ccache();
     return err;
 }
-	
\ No newline at end of file
diff --git a/src/ccapi/test/test_cc_context_release.c b/src/ccapi/test/test_cc_context_release.c
index 5510ab961..03faf233d 100644
--- a/src/ccapi/test/test_cc_context_release.c
+++ b/src/ccapi/test/test_cc_context_release.c
@@ -7,7 +7,7 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_context_release();
diff --git a/src/ccapi/test/test_cc_create.c b/src/ccapi/test/test_cc_create.c
index d591d47be..a21c44334 100644
--- a/src/ccapi/test/test_cc_create.c
+++ b/src/ccapi/test/test_cc_create.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_create();
diff --git a/src/ccapi/test/test_cc_credentials_iterator_next.c b/src/ccapi/test/test_cc_credentials_iterator_next.c
index 5ae961154..beed791b8 100644
--- a/src/ccapi/test/test_cc_credentials_iterator_next.c
+++ b/src/ccapi/test/test_cc_credentials_iterator_next.c
@@ -7,7 +7,7 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_credentials_iterator_next();
diff --git a/src/ccapi/test/test_cc_destroy.c b/src/ccapi/test/test_cc_destroy.c
index 13eae7b00..e55a83788 100644
--- a/src/ccapi/test/test_cc_destroy.c
+++ b/src/ccapi/test/test_cc_destroy.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_destroy();
diff --git a/src/ccapi/test/test_cc_get_NC_info.c b/src/ccapi/test/test_cc_get_NC_info.c
index fe72cbe35..6b8eb3748 100644
--- a/src/ccapi/test/test_cc_get_NC_info.c
+++ b/src/ccapi/test/test_cc_get_NC_info.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_get_NC_info();
diff --git a/src/ccapi/test/test_cc_get_change_time.c b/src/ccapi/test/test_cc_get_change_time.c
index 8b031c1a3..d2058fec5 100644
--- a/src/ccapi/test/test_cc_get_change_time.c
+++ b/src/ccapi/test/test_cc_get_change_time.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_get_change_time();
diff --git a/src/ccapi/test/test_cc_get_cred_version.c b/src/ccapi/test/test_cc_get_cred_version.c
index 865abf00f..1ff86781e 100644
--- a/src/ccapi/test/test_cc_get_cred_version.c
+++ b/src/ccapi/test/test_cc_get_cred_version.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_get_cred_version();
diff --git a/src/ccapi/test/test_cc_get_name.c b/src/ccapi/test/test_cc_get_name.c
index b4efa40fc..5b6e1462a 100644
--- a/src/ccapi/test/test_cc_get_name.c
+++ b/src/ccapi/test/test_cc_get_name.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_get_name();
diff --git a/src/ccapi/test/test_cc_get_principal.c b/src/ccapi/test/test_cc_get_principal.c
index f0078561d..a809e5d12 100644
--- a/src/ccapi/test/test_cc_get_principal.c
+++ b/src/ccapi/test/test_cc_get_principal.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_get_principal();
diff --git a/src/ccapi/test/test_cc_initialize.c b/src/ccapi/test/test_cc_initialize.c
index bf2fcdc26..1669a29a3 100644
--- a/src/ccapi/test/test_cc_initialize.c
+++ b/src/ccapi/test/test_cc_initialize.c
@@ -7,7 +7,7 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_cc_initialize();
diff --git a/src/ccapi/test/test_cc_open.c b/src/ccapi/test/test_cc_open.c
index d3253d8a3..83bb60201 100644
--- a/src/ccapi/test/test_cc_open.c
+++ b/src/ccapi/test/test_cc_open.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_open();
diff --git a/src/ccapi/test/test_cc_remove_cred.c b/src/ccapi/test/test_cc_remove_cred.c
index 121ad1b52..6f841bbc0 100644
--- a/src/ccapi/test/test_cc_remove_cred.c
+++ b/src/ccapi/test/test_cc_remove_cred.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_remove_cred();
diff --git a/src/ccapi/test/test_cc_seq_fetch_NCs_begin.c b/src/ccapi/test/test_cc_seq_fetch_NCs_begin.c
index 0d08e9151..329ca26ed 100644
--- a/src/ccapi/test/test_cc_seq_fetch_NCs_begin.c
+++ b/src/ccapi/test/test_cc_seq_fetch_NCs_begin.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_seq_fetch_NCs_begin();
diff --git a/src/ccapi/test/test_cc_seq_fetch_NCs_next.c b/src/ccapi/test/test_cc_seq_fetch_NCs_next.c
index c941fd4fe..31b5ac07c 100644
--- a/src/ccapi/test/test_cc_seq_fetch_NCs_next.c
+++ b/src/ccapi/test/test_cc_seq_fetch_NCs_next.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_seq_fetch_NCs_next();
diff --git a/src/ccapi/test/test_cc_seq_fetch_creds_begin.c b/src/ccapi/test/test_cc_seq_fetch_creds_begin.c
index 16c0a72cb..5bb5e9164 100644
--- a/src/ccapi/test/test_cc_seq_fetch_creds_begin.c
+++ b/src/ccapi/test/test_cc_seq_fetch_creds_begin.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_seq_fetch_creds_begin();
diff --git a/src/ccapi/test/test_cc_seq_fetch_creds_next.c b/src/ccapi/test/test_cc_seq_fetch_creds_next.c
index eaaf451c4..83528b30e 100644
--- a/src/ccapi/test/test_cc_seq_fetch_creds_next.c
+++ b/src/ccapi/test/test_cc_seq_fetch_creds_next.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_seq_fetch_creds_next();
diff --git a/src/ccapi/test/test_cc_set_principal.c b/src/ccapi/test/test_cc_set_principal.c
index bfe9162bf..04b55df9e 100644
--- a/src/ccapi/test/test_cc_set_principal.c
+++ b/src/ccapi/test/test_cc_set_principal.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_set_principal();
diff --git a/src/ccapi/test/test_cc_shutdown.c b/src/ccapi/test/test_cc_shutdown.c
index 31c3d7c57..8756ca9f3 100644
--- a/src/ccapi/test/test_cc_shutdown.c
+++ b/src/ccapi/test/test_cc_shutdown.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_shutdown();
diff --git a/src/ccapi/test/test_cc_store.c b/src/ccapi/test/test_cc_store.c
index 7edc77715..507b36120 100644
--- a/src/ccapi/test/test_cc_store.c
+++ b/src/ccapi/test/test_cc_store.c
@@ -6,7 +6,7 @@
 #include "test_ccapi_v2.h"
 
 int main (int argc, const char * argv[]) {
-    
+
     cc_int32 err = ccNoError;
     T_CCAPI_INIT;
     err = check_cc_store();
diff --git a/src/ccapi/test/test_ccapi_ccache.c b/src/ccapi/test/test_ccapi_ccache.c
index 64a70e3c2..a0fd84af1 100644
--- a/src/ccapi/test/test_ccapi_ccache.c
+++ b/src/ccapi/test/test_ccapi_ccache.c
@@ -1,4 +1,3 @@
-
 #include <string.h>
 #include <stdlib.h>
 #include <errno.h>
@@ -15,69 +14,69 @@ int check_cc_ccache_release(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_release");
-	
+
 	#ifndef cc_ccache_release
 	log_error("cc_ccache_release is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 	}
-	
-	
-	
+
+
+
 	if (!err) {
 		check_once_cc_ccache_release(context, ccache, ccNoError, NULL);
 		ccache = NULL;
 	}
-	
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_ccache_release */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_release(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
-	
+
 	cc_int32 possible_return_values[2] = {
-		ccNoError, 
-		ccErrInvalidCCache, 
+		ccNoError,
+		ccErrInvalidCCache,
 	};
 
 	cc_string_t name = NULL;
-	
+
 	err = cc_ccache_get_name(ccache, &name);
 	err = cc_ccache_release(ccache);
 	ccache = NULL;
-	
+
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_release
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err && name) { // try opening released ccache to make sure it still exists
 		err = cc_context_open_ccache(context, name->data, &ccache);
 	}
 	check_if(err == ccErrCCacheNotFound, "released ccache was actually destroyed instead");
-	
+
 	if (ccache) { cc_ccache_destroy(ccache); }
 	if (name) { cc_string_release(name); }
-	
+
 	#endif /* cc_ccache_release */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -89,69 +88,69 @@ int check_cc_ccache_destroy(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_destroy");
-	
+
 	#ifndef cc_ccache_destroy
 	log_error("cc_ccache_destroy is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 	}
-	
-	
-	
+
+
+
 	if (!err) {
 		check_once_cc_ccache_destroy(context, ccache, ccNoError, NULL);
 		ccache = NULL;
 	}
-		
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_ccache_destroy */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_destroy(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
-	
+
 	cc_int32 possible_return_values[2] = {
-		ccNoError, 
-		ccErrInvalidCCache, 
+		ccNoError,
+		ccErrInvalidCCache,
 	};
 
 	cc_string_t name = NULL;
-	
+
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_destroy
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_ccache_get_name(ccache, &name);
 	err = cc_ccache_destroy(ccache);
 	ccache = NULL;
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err && name) { // try opening released ccache to make sure it still exists
 		err = cc_context_open_ccache(context, name->data, &ccache);
 	}
 	check_if(err != ccErrCCacheNotFound, "destroyed ccache was actually released instead");
-	
+
 	if (ccache) { cc_ccache_destroy(ccache); }
 	if (name) { cc_string_release(name); }
-	
+
 	#endif /* cc_ccache_destroy */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -163,16 +162,16 @@ int check_cc_ccache_set_default(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_set_default");
-	
+
 	#ifndef cc_ccache_set_default
 	log_error("cc_ccache_set_default is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	// try when it's the only ccache (already default)
 	if (!err) {
 		err = destroy_all_ccaches(context);
@@ -187,7 +186,7 @@ int check_cc_ccache_set_default(void) {
 		err = cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-	
+
 	// try when it's not the only ccache (and not default)
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "baz@BAR.ORG", &ccache);
@@ -199,8 +198,8 @@ int check_cc_ccache_set_default(void) {
 		err = cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-	
-	// try when it's not the only ccache (and already default)	
+
+	// try when it's not the only ccache (and already default)
 	if (!err) {
 		err = cc_context_open_default_ccache(context, &ccache);
 	}
@@ -211,41 +210,41 @@ int check_cc_ccache_set_default(void) {
 		err = cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-			
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_ccache_set_default */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_set_default(cc_context_t context, cc_ccache_t ccache, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
-	
+
 	cc_int32 possible_return_values[3] = {
-		ccNoError, 
-		ccErrInvalidCCache, 
-		ccErrCCacheNotFound, 
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrCCacheNotFound,
 	};
 
 	cc_ccache_t default_ccache = NULL;
 	cc_string_t name = NULL;
 	cc_string_t default_name = NULL;
-	
+
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_set_default
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_ccache_set_default(ccache);
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		err = cc_ccache_get_name(ccache, &name);
 	}
@@ -261,16 +260,16 @@ cc_int32 check_once_cc_ccache_set_default(cc_context_t context, cc_ccache_t ccac
 	else {
 		check_if(1, "cc_ccache_get_name failed");
 	}
-		
+
 	if (default_ccache) { cc_ccache_release(default_ccache); }
 	//if (ccache) { cc_ccache_destroy(ccache); } // ccache is released by the caller
 	if (default_name) { cc_string_release(default_name); }
 	if (name) { cc_string_release(name); }
-	
+
 	#endif /* cc_ccache_set_default */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -282,16 +281,16 @@ int check_cc_ccache_get_credentials_version(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_get_credentials_version");
-	
+
 	#ifndef cc_ccache_get_credentials_version
 	log_error("cc_ccache_get_credentials_version is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	// try one created with v5 creds
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
@@ -303,7 +302,7 @@ int check_cc_ccache_get_credentials_version(void) {
 		log_error("cc_context_create_new_ccache failed, can't complete test");
 		failure_count++;
 	}
-	
+
 	// try it with added v4 creds
 	if (!err) {
 		err = cc_ccache_set_principal(ccache, cc_credentials_v4, "foo@BAR.ORG");
@@ -315,14 +314,14 @@ int check_cc_ccache_get_credentials_version(void) {
 		log_error("cc_ccache_set_principal failed, can't complete test");
 		failure_count++;
 	}
-	
+
 	if (ccache) {
 		cc_ccache_destroy(ccache);
 		ccache = NULL;
 	}
-	
+
 	err = ccNoError;
-	
+
 	// try one created with v4 creds
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAR.ORG", &ccache);
@@ -334,62 +333,62 @@ int check_cc_ccache_get_credentials_version(void) {
 		log_error("cc_context_create_new_ccache failed, can't complete test");
 		failure_count++;
 	}
-	
+
 	// try it with added v5 creds
 	if (!err) {
 		err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
 	}
 	if (!err) {
 		check_once_cc_ccache_get_credentials_version(ccache, cc_credentials_v4_v5, ccNoError, "v4 with v5 creds added");
-	}	
+	}
 	else {
 		log_error("cc_ccache_set_principal failed, can't complete test");
 		failure_count++;
 	}
-	
+
 	if (ccache) {
 		cc_ccache_destroy(ccache);
 		ccache = NULL;
 	}
-	
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_ccache_get_credentials_version */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_get_credentials_version(cc_ccache_t ccache, cc_uint32 expected_cred_vers, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
-	
+
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrInvalidCCache, 
-		ccErrBadParam, 
-		ccErrCCacheNotFound, 
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrCCacheNotFound,
 	};
 
 	cc_uint32 stored_cred_vers = 0;
-	
+
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_get_credentials_version
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_ccache_get_credentials_version(ccache, &stored_cred_vers);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		check_if(stored_cred_vers != expected_cred_vers, NULL);
 	}
-	
+
 	#endif /* cc_ccache_get_credentials_version */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -401,20 +400,20 @@ int check_cc_ccache_get_name(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_get_name");
-	
+
 	#ifndef cc_ccache_get_name
 	log_error("cc_ccache_get_name is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	// try with unique ccache (which happens to be default)
 	if (!err) {
 		err = cc_context_create_ccache(context, "0", cc_credentials_v5, "foo@BAR.ORG", &ccache);
@@ -425,12 +424,12 @@ int check_cc_ccache_get_name(void) {
 	else {
 		log_error("cc_context_create_ccache failed, can't complete test");
 		failure_count++;
-	}	
+	}
 	if (ccache) {
 		cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-	
+
 	// try with unique ccache (which is not default)
 	if (!err) {
 		err = cc_context_create_ccache(context, "1", cc_credentials_v5, "foo@BAR.ORG", &ccache);
@@ -442,7 +441,7 @@ int check_cc_ccache_get_name(void) {
 		log_error("cc_context_create_ccache failed, can't complete test");
 		failure_count++;
 	}
-	
+
 	// try with bad param
 	if (!err) {
 		check_once_cc_ccache_get_name(ccache, NULL, ccErrBadParam, "NULL param");
@@ -451,104 +450,104 @@ int check_cc_ccache_get_name(void) {
 		cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-	
-	if (context) { 
+
+	if (context) {
 		err = destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_get_name */
-	
-	END_TEST_AND_RETURN	
+
+	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_get_name(cc_ccache_t ccache, const char *expected_name, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
-	
+
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrInvalidCCache, 
-		ccErrBadParam, 
-		ccErrCCacheNotFound, 
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrCCacheNotFound,
 	};
 
 	cc_string_t stored_name = NULL;
-	
+
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_get_name
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (expected_name == NULL) { // we want to try with a NULL param
 		err = cc_ccache_get_name(ccache, NULL);
 	}
 	else {
 		err = cc_ccache_get_name(ccache, &stored_name);
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		check_if(strcmp(stored_name->data, expected_name), NULL);
 	}
-	
+
 	if (stored_name) { cc_string_release(stored_name); }
-	
+
 	#endif /* cc_ccache_get_name */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
 
 // ---------------------------------------------------------------------------
 
-cc_int32 check_once_cc_ccache_get_principal(cc_ccache_t ccache, 
-                                            cc_uint32 cred_vers, 
-                                            const char *expected_principal, 
-                                            cc_int32 expected_err, 
+cc_int32 check_once_cc_ccache_get_principal(cc_ccache_t ccache,
+                                            cc_uint32 cred_vers,
+                                            const char *expected_principal,
+                                            cc_int32 expected_err,
                                             const char *description) {
 	cc_int32 err = ccNoError;
 	cc_string_t stored_principal = NULL;
-		
+
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccErrNoMem, 
-		ccErrBadCredentialsVersion, 
-		ccErrBadParam, 
-		ccErrInvalidCCache, 
-		ccErrCCacheNotFound, 
+		ccNoError,
+		ccErrNoMem,
+		ccErrBadCredentialsVersion,
+		ccErrBadParam,
+		ccErrInvalidCCache,
+		ccErrCCacheNotFound,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_get_principal
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (expected_principal == NULL) { // we want to try with a NULL param
 		err = cc_ccache_get_principal(ccache, cred_vers, NULL);
 	}
 	else {
 		err = cc_ccache_get_principal(ccache, cred_vers, &stored_principal);
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		check_if(strcmp(stored_principal->data, expected_principal), "expected princ == \"%s\" stored princ == \"%s\"", expected_principal, stored_principal->data);
 	}
-	
+
 	if (stored_principal) { cc_string_release(stored_principal); }
-	
+
 	#endif /* cc_ccache_get_principal */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -558,20 +557,20 @@ int check_cc_ccache_get_principal(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_get_principal");
-	
+
 	#ifndef cc_ccache_get_principal
 	log_error("cc_ccache_get_principal is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	// try with krb5 principal
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo/BAR@BAZ.ORG", &ccache);
@@ -587,7 +586,7 @@ int check_cc_ccache_get_principal(void) {
 		cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-	
+
 	// try with krb4 principal
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo.BAR@BAZ.ORG", &ccache);
@@ -599,29 +598,29 @@ int check_cc_ccache_get_principal(void) {
 		log_error("cc_context_create_new_ccache failed, can't complete test");
 		failure_count++;
 	}
-	
+
 	// try with bad param
 	if (!err) {
 		// cc_ccache_t doesn't have any concept of the difference between a v4 and v5 principal
-		check_once_cc_ccache_get_principal(ccache, cc_credentials_v4_v5, "foo.BAR@BAZ.ORG", 
+		check_once_cc_ccache_get_principal(ccache, cc_credentials_v4_v5, "foo.BAR@BAZ.ORG",
 			ccErrBadCredentialsVersion,
 			"passing cc_credentials_v4_v5 (shouldn't be allowed)");
 		check_once_cc_ccache_get_principal(ccache, cc_credentials_v5, NULL, ccErrBadParam, "passed null out param");
 	}
-	
+
 	if (ccache) {
 		cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-	
-	if (context) { 
+
+	if (context) {
 		err = destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_get_principal */
-	
-	END_TEST_AND_RETURN	
+
+	END_TEST_AND_RETURN
 }
 
 // ---------------------------------------------------------------------------
@@ -630,20 +629,20 @@ int check_cc_ccache_set_principal(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_set_principal");
-	
+
 	#ifndef cc_ccache_set_principal
 	log_error("cc_ccache_set_principal is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	// bad params
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
@@ -660,7 +659,7 @@ int check_cc_ccache_set_principal(void) {
 		cc_ccache_destroy(ccache);
 		ccache = NULL;
 	}
-	
+
 
 	// empty ccache
 
@@ -679,7 +678,7 @@ int check_cc_ccache_set_principal(void) {
 			cc_ccache_destroy(ccache);
 			ccache = NULL;
 		}
-		
+
 		// add v4 principal to v5 only ccache
 		if (!err) {
 			err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
@@ -711,7 +710,7 @@ int check_cc_ccache_set_principal(void) {
 			cc_ccache_destroy(ccache);
 			ccache = NULL;
 		}
-		
+
 		// add v5 principal to v4 only ccache
 		if (!err) {
 			err = cc_context_create_new_ccache(context, cc_credentials_v4, "foo@BAZ.ORG", &ccache);
@@ -727,66 +726,66 @@ int check_cc_ccache_set_principal(void) {
 			cc_ccache_destroy(ccache);
 			ccache = NULL;
 		}
-		
+
 	// with credentials
-	
+
 		// replace v5 only ccache's principal
-		
+
 		// add v4 principal to v5 only ccache
 
 		// replace v4 only ccache's principal
-		
+
 		// add v5 principal to v4 only ccache
-	
-	if (context) { 
+
+	if (context) {
 		err = destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_set_principal */
-	
-	END_TEST_AND_RETURN	
+
+	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_set_principal(cc_ccache_t ccache, cc_uint32 cred_vers, const char *in_principal, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
 	cc_string_t stored_principal = NULL;
-		
+
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccErrNoMem, 
-		ccErrInvalidCCache, 
-		ccErrBadCredentialsVersion, 
-		ccErrBadParam, 
-		ccErrCCacheNotFound, 
+		ccNoError,
+		ccErrNoMem,
+		ccErrInvalidCCache,
+		ccErrBadCredentialsVersion,
+		ccErrBadParam,
+		ccErrCCacheNotFound,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_set_principal
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_ccache_set_principal(ccache, cred_vers, in_principal);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		err = cc_ccache_get_principal(ccache, cred_vers, &stored_principal);
 	}
-	
+
 	// compare stored with input
 	if (!err) {
 		check_if(strcmp(stored_principal->data, in_principal), "expected princ == \"%s\" stored princ == \"%s\"", in_principal, stored_principal->data);
 	}
-	
+
 	if (stored_principal) { cc_string_release(stored_principal); }
-	
+
 	#endif /* cc_ccache_set_principal */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -801,20 +800,20 @@ int check_cc_ccache_store_credentials(void) {
 	cc_ccache_t dup_ccache = NULL;
 	cc_credentials_union creds_union;
 	cc_string_t name = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_store_credentials");
-	
+
 	#ifndef cc_ccache_store_credentials
 	log_error("cc_ccache_store_credentials is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 	}
@@ -823,21 +822,21 @@ int check_cc_ccache_store_credentials(void) {
 	if (!err) {
 		err = new_v5_creds_union(&creds_union, "BAR.ORG");
 	}
-	
+
 	if (!err) {
 		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccNoError, "ok creds");
 	}
-	
+
 	if (&creds_union) { release_v5_creds_union(&creds_union); }
-	
+
 	// try with bad params
 	check_once_cc_ccache_store_credentials(ccache, NULL, ccErrBadParam, "NULL creds param");
-	
+
 	// invalid creds
 	if (!err) {
 		err = new_v5_creds_union(&creds_union, "BAR.ORG");
 	}
-	
+
 	if (!err) {
 		if (creds_union.credentials.credentials_v5->client) {
 			free(creds_union.credentials.credentials_v5->client);
@@ -845,14 +844,14 @@ int check_cc_ccache_store_credentials(void) {
 		}
 		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadParam, "invalid creds (NULL client string)");
 	}
-	
+
 	if (&creds_union) { release_v5_creds_union(&creds_union); }
-	
+
 	// bad creds version
 	if (!err) {
 		err = new_v5_creds_union(&creds_union, "BAR.ORG");
 	}
-	
+
 	if (!err) {
 		creds_union.version = cc_credentials_v4_v5;
 		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadCredentialsVersion, "v4_v5 creds (invalid) into a ccache with only v5 princ");
@@ -860,11 +859,11 @@ int check_cc_ccache_store_credentials(void) {
 		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrBadCredentialsVersion, "v4 creds into a ccache with only v5 princ");
 		creds_union.version = cc_credentials_v5;
 	}
-	
+
 	if (&creds_union) { release_v5_creds_union(&creds_union); }
-	
+
 	// non-existent ccache
-	if (ccache) { 
+	if (ccache) {
 		err = cc_ccache_get_name(ccache, &name);
 		if (!err) {
 			err = cc_context_open_ccache(context, name->data, &dup_ccache);
@@ -872,24 +871,24 @@ int check_cc_ccache_store_credentials(void) {
 		if (name) { cc_string_release(name); }
 		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
 	}
-	
+
 	if (!err) {
 		err = new_v5_creds_union(&creds_union, "BAR.ORG");
 	}
-	
+
 	if (!err) {
 		check_once_cc_ccache_store_credentials(ccache, &creds_union, ccErrInvalidCCache, "invalid ccache");
 	}
-	
+
 	if (&creds_union) { release_v5_creds_union(&creds_union); }
 	if (ccache) { cc_ccache_release(ccache); }
-	if (context) { 
+	if (context) {
 		destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_store_credentials */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -897,27 +896,27 @@ cc_int32 check_once_cc_ccache_store_credentials(cc_ccache_t ccache, const cc_cre
 	cc_int32 err = ccNoError;
 	cc_credentials_iterator_t creds_iterator = NULL;
 	cc_credentials_t creds = NULL;
-		
+
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccErrBadParam, 
-		ccErrInvalidCCache, 
-		ccErrInvalidCredentials, 
-		ccErrBadCredentialsVersion, 
-		ccErrCCacheNotFound, 
+		ccNoError,
+		ccErrBadParam,
+		ccErrInvalidCCache,
+		ccErrInvalidCredentials,
+		ccErrBadCredentialsVersion,
+		ccErrCCacheNotFound,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_store_credentials
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_ccache_store_credentials(ccache, credentials);
-		
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	// make sure credentials were truly stored
 	if (!err) {
 		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
@@ -929,20 +928,20 @@ cc_int32 check_once_cc_ccache_store_credentials(cc_ccache_t ccache, const cc_cre
 				break;
 			}
 			cc_credentials_release(creds);
-			creds = NULL;			
+			creds = NULL;
 		}
 	}
-	
-	if (err == ccIteratorEnd) { 
+
+	if (err == ccIteratorEnd) {
 		check_if((creds != NULL), "stored credentials not found in ccache");
 		err = ccNoError;
 	}
 	if (creds) { cc_credentials_release(creds); }
-	
+
 	#endif /* cc_ccache_store_credentials */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -961,24 +960,24 @@ int check_cc_ccache_remove_credentials(void) {
 	cc_credentials_iterator_t creds_iterator = NULL;
 	cc_string_t name = NULL;
 	unsigned int i;
-	
+
 	BEGIN_TEST("cc_ccache_remove_credentials");
-	
+
 	#ifndef cc_ccache_remove_credentials
 	log_error("cc_ccache_remove_credentials is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 	}
-	
+
 	// store 10 creds and retrieve their cc_credentials_t representations
 	for(i = 0; !err && (i < 10); i++) {
 		new_v5_creds_union(&creds_union, "BAR.ORG");
@@ -1000,7 +999,7 @@ int check_cc_ccache_remove_credentials(void) {
 		}
 	}
 	if (err == ccIteratorEnd) { err = ccNoError; }
-	
+
 	// remove 10 valid creds
 	for (i = 0; !err && (i < 8); i++) {
 		check_once_cc_ccache_remove_credentials(ccache, creds_array[i], ccNoError, "10 ok creds");
@@ -1008,12 +1007,12 @@ int check_cc_ccache_remove_credentials(void) {
 
 	// NULL param
 	check_once_cc_ccache_remove_credentials(ccache, NULL, ccErrBadParam, "NULL creds in param");
-	
+
 	// non-existent creds (remove same one twice)
 	check_once_cc_ccache_remove_credentials(ccache, creds_array[0], ccErrInvalidCredentials, "removed same creds twice");
-	
+
 	// non-existent ccache
-	if (ccache) { 
+	if (ccache) {
 		err = cc_ccache_get_name(ccache, &name);
 		if (!err) {
 			err = cc_context_open_ccache(context, name->data, &dup_ccache);
@@ -1021,11 +1020,11 @@ int check_cc_ccache_remove_credentials(void) {
 		if (name) { cc_string_release(name); }
 		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
 	}
-	
+
 	if (!err) {
 		err = new_v5_creds_union(&creds_union, "BAR.ORG");
 	}
-	
+
 	if (!err) {
 		check_once_cc_ccache_remove_credentials(ccache, creds_array[8], ccErrInvalidCCache, "invalid ccache");
 	}
@@ -1035,13 +1034,13 @@ int check_cc_ccache_remove_credentials(void) {
 	}
 
 	if (ccache) { cc_ccache_release(ccache); }
-	if (context) { 
+	if (context) {
 		destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_remove_credentials */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -1049,27 +1048,27 @@ cc_int32 check_once_cc_ccache_remove_credentials(cc_ccache_t ccache, cc_credenti
 	cc_int32 err = ccNoError;
 	cc_credentials_iterator_t creds_iterator = NULL;
 	cc_credentials_t creds = NULL;
-		
+
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccErrBadParam, 
-		ccErrInvalidCCache, 
-		ccErrInvalidCredentials, 
-		ccErrCredentialsNotFound, 
+		ccNoError,
+		ccErrBadParam,
+		ccErrInvalidCCache,
+		ccErrInvalidCredentials,
+		ccErrCredentialsNotFound,
 		ccErrCCacheNotFound,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_remove_credentials
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_ccache_remove_credentials(ccache, in_creds);
-		
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	// make sure credentials were truly removed
 	if (!err) {
 		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
@@ -1081,22 +1080,22 @@ cc_int32 check_once_cc_ccache_remove_credentials(cc_ccache_t ccache, cc_credenti
 				break;
 			}
 			cc_credentials_release(creds);
-			creds = NULL;			
+			creds = NULL;
 		}
 	}
-	
-	if (err == ccIteratorEnd) { 
+
+	if (err == ccIteratorEnd) {
 		err = ccNoError;
 	}
 	else {
 		check_if((creds != NULL), "credentials not removed from ccache");
 	}
 	if (creds) { cc_credentials_release(creds); }
-	
+
 	#endif /* cc_ccache_remove_credentials */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -1111,44 +1110,44 @@ int check_cc_ccache_new_credentials_iterator(void) {
 	cc_ccache_t dup_ccache = NULL;
 	cc_credentials_iterator_t creds_iterator = NULL;
 	cc_string_t name = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_new_credentials_iterator");
-	
+
 	#ifndef cc_ccache_new_credentials_iterator
 	log_error("cc_ccache_new_credentials_iterator is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 	}
-	
+
 	// valid params
 	if (!err) {
 		check_once_cc_ccache_new_credentials_iterator(ccache, &creds_iterator, ccNoError, "valid params");
 	}
-	if (creds_iterator) { 
-		cc_credentials_iterator_release(creds_iterator); 
+	if (creds_iterator) {
+		cc_credentials_iterator_release(creds_iterator);
 		creds_iterator = NULL;
 	}
-	
+
 	// NULL out param
 	if (!err) {
 		check_once_cc_ccache_new_credentials_iterator(ccache, NULL, ccErrBadParam, "NULL out iterator param");
 	}
-	if (creds_iterator) { 
-		cc_credentials_iterator_release(creds_iterator); 
+	if (creds_iterator) {
+		cc_credentials_iterator_release(creds_iterator);
 		creds_iterator = NULL;
 	}
-	
+
 	// non-existent ccache
-	if (ccache) { 
+	if (ccache) {
 		err = cc_ccache_get_name(ccache, &name);
 		if (!err) {
 			err = cc_context_open_ccache(context, name->data, &dup_ccache);
@@ -1156,53 +1155,53 @@ int check_cc_ccache_new_credentials_iterator(void) {
 		if (name) { cc_string_release(name); }
 		if (dup_ccache) { cc_ccache_destroy(dup_ccache); }
 	}
-	
+
 	if (!err) {
 		check_once_cc_ccache_new_credentials_iterator(ccache, &creds_iterator, ccErrInvalidCCache, "invalid ccache");
 	}
-	
-	if (creds_iterator) { 
-		cc_credentials_iterator_release(creds_iterator); 
+
+	if (creds_iterator) {
+		cc_credentials_iterator_release(creds_iterator);
 		creds_iterator = NULL;
 	}
 	if (ccache) { cc_ccache_release(ccache); }
-	if (context) { 
+	if (context) {
 		destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_new_credentials_iterator */
-	
+
 	END_TEST_AND_RETURN
 }
 
 
 cc_int32 check_once_cc_ccache_new_credentials_iterator(cc_ccache_t ccache, cc_credentials_iterator_t *iterator, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
-	
+
 	cc_int32 possible_return_values[5] = {
-		ccNoError, 
-		ccErrBadParam, 
-		ccErrNoMem, 
-		ccErrCCacheNotFound, 
-		ccErrInvalidCCache, 
+		ccNoError,
+		ccErrBadParam,
+		ccErrNoMem,
+		ccErrCCacheNotFound,
+		ccErrInvalidCCache,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_new_credentials_iterator
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_ccache_new_credentials_iterator(ccache, iterator);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	#endif /* cc_ccache_new_credentials_iterator */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -1212,38 +1211,38 @@ cc_int32 check_once_cc_ccache_new_credentials_iterator(cc_ccache_t ccache, cc_cr
 cc_int32 check_once_cc_ccache_get_change_time(cc_ccache_t ccache, cc_time_t *last_time, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
 	cc_time_t this_time = 0;
-		
+
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrInvalidCCache, 
-		ccErrBadParam, 
-		ccErrCCacheNotFound, 
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrCCacheNotFound,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_get_change_time
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (last_time == NULL) {
 		err = cc_ccache_get_change_time(ccache, NULL); // passed NULL to compare against because intention is actually to pass bad param instead
 	} else {
 		err = cc_ccache_get_change_time(ccache, &this_time);
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if ((!err) && last_time) {
 		check_if(this_time <= *last_time, "change time didn't increase when expected");
 		*last_time = this_time;
 	}
-		
+
 	#endif /* cc_ccache_get_change_time */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -1258,20 +1257,20 @@ int check_cc_ccache_get_change_time(void) {
 	cc_credentials_iterator_t creds_iterator = NULL;
 	cc_credentials_t credentials = NULL;
 	cc_time_t last_time = 0;
-	
+
     BEGIN_TEST("cc_ccache_get_change_time");
-	
+
 	#ifndef cc_ccache_get_change_time
 	log_error("cc_ccache_get_change_time is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	// create some ccaches (so that the one we keep around as 'ccache' is not default)
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
@@ -1282,14 +1281,14 @@ int check_cc_ccache_get_change_time(void) {
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAZ.ORG", &ccache);
 	}
-	
+
 	// change it in all the ways it can change, checking after each
-	
+
 	// the ccache is created
 	if (!err) {
 		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "new ccache (change time should be > 0)");
 	}
-	
+
 	// the ccache is made default
 	if (!err) {
 		err = cc_ccache_set_default(ccache);
@@ -1297,7 +1296,7 @@ int check_cc_ccache_get_change_time(void) {
 	if (!err) {
 		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "non-default ccache became default");
 	}
-	
+
 	// the ccache is made not-default
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "something@ELSE.COM", &dummy_ccache);
@@ -1305,20 +1304,20 @@ int check_cc_ccache_get_change_time(void) {
 	if (!err) {
 		err = cc_ccache_set_default(dummy_ccache);
 	}
-	if (dummy_ccache) {	
+	if (dummy_ccache) {
 		cc_ccache_release(dummy_ccache);
 	}
 	if (!err) {
 		check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "default ccache became non-default");
 	}
-	
+
 	// try with bad params
-	
+
 	// NULL out param
 	if (!err) {
 		check_once_cc_ccache_get_change_time(ccache, NULL, ccErrBadParam, "NULL out param for time");
 	}
-	
+
 	// store a credential
 	if (!err) {
 		new_v5_creds_union(&creds_union, "BAR.ORG");
@@ -1326,7 +1325,7 @@ int check_cc_ccache_get_change_time(void) {
 		release_v5_creds_union(&creds_union);
 	}
 	check_once_cc_ccache_get_change_time(ccache, &last_time, ccNoError, "stored new credential");
-	
+
 	if (!err) {
 		// change principal (fails with ccErrBadInternalMessage)
 		err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
@@ -1337,7 +1336,7 @@ int check_cc_ccache_get_change_time(void) {
 		}
 	}
 	check_once_cc_context_get_change_time(context, &last_time, ccNoError, "after changing a principle");
-	
+
 	// remove a credential
 	if (!err) {
 		err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
@@ -1352,8 +1351,8 @@ int check_cc_ccache_get_change_time(void) {
 		err = cc_ccache_remove_credentials(ccache, credentials);
 	}
 	check_once_cc_context_get_change_time(context, &last_time, ccNoError, "after removing a credential");
-	
-	
+
+
 	// invalid ccache
 	if (!err) {
 		err = destroy_all_ccaches(context);
@@ -1361,15 +1360,15 @@ int check_cc_ccache_get_change_time(void) {
 	if (!err) {
 		check_once_cc_ccache_get_change_time(ccache, &last_time, ccErrInvalidCCache, "getting change time on destroyed ccache");
 	}
-	
+
 	if (ccache) { cc_ccache_release(ccache); }
-	if (context) { 
+	if (context) {
 		destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_get_change_time */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -1379,39 +1378,39 @@ int check_cc_ccache_get_change_time(void) {
 cc_int32 check_once_cc_ccache_get_last_default_time(cc_ccache_t ccache, cc_time_t *last_time, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
 	cc_time_t this_time = 0;
-		
+
 	cc_int32 possible_return_values[5] = {
-		ccNoError, 
-		ccErrInvalidCCache, 
-		ccErrBadParam, 
-		ccErrNeverDefault, 
-		ccErrCCacheNotFound, 
+		ccNoError,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrNeverDefault,
+		ccErrCCacheNotFound,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_get_last_default_time
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (last_time == NULL) {
 		err = cc_ccache_get_last_default_time(ccache, NULL); // passed NULL to compare against because intention is actually to pass bad param instead
 	} else {
 		err = cc_ccache_get_last_default_time(ccache, &this_time);
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err && last_time) {
 		check_if(this_time > *last_time, "last default time isn't as expected");
 		*last_time = this_time;
 	}
-		
+
 	#endif /* cc_ccache_get_last_default_time */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -1425,20 +1424,20 @@ int check_cc_ccache_get_last_default_time(void) {
 	cc_time_t last_time_1 = 0;
 	cc_time_t last_time_2 = 0;
 	cc_string_t name = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_get_last_default_time");
-	
+
 	#ifndef cc_ccache_get_last_default_time
 	log_error("cc_ccache_get_last_default_time is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	// create 2 ccaches
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@ONE.ORG", &ccache_1);
@@ -1446,18 +1445,18 @@ int check_cc_ccache_get_last_default_time(void) {
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@TWO.ORG", &ccache_2);
 	}
-	
+
 	if (!err) {
 		err = cc_ccache_get_change_time(ccache_1, &last_time_1);
 	}
-	
-	// since we destroyed all ccaches before creating these two, 
+
+	// since we destroyed all ccaches before creating these two,
 	// ccache_1 should be default and ccache_2 should never have been default
 	if (!err) {
 		check_once_cc_ccache_get_last_default_time(ccache_1, &last_time_1, ccNoError, "ccache_1 default at creation");
 		check_once_cc_ccache_get_last_default_time(ccache_2, &last_time_2, ccErrNeverDefault, "ccache_2 never default");
 	}
-	
+
 	// make ccache_2 default and check each of their times again
 	if (!err) {
 		err = cc_ccache_set_default(ccache_2);
@@ -1474,10 +1473,10 @@ int check_cc_ccache_get_last_default_time(void) {
 	if (!err) {
 		check_once_cc_ccache_get_last_default_time(ccache_1, NULL, ccErrBadParam, "NULL out param");
 	}
-	
+
 	// non-existent ccache
-	if (ccache_2) { 
-		cc_ccache_release(ccache_2); 
+	if (ccache_2) {
+		cc_ccache_release(ccache_2);
 		ccache_2 = NULL;
 	}
 	if (!err) {
@@ -1490,20 +1489,20 @@ int check_cc_ccache_get_last_default_time(void) {
 		cc_ccache_destroy(ccache_2);
 		ccache_2 = NULL;
 	}
-	
+
 	if (!err) {
 		check_once_cc_ccache_get_last_default_time(ccache_1, &last_time_1, ccErrInvalidCCache, "destroyed ccache");
 	}
-	
+
 	if (ccache_1) { cc_ccache_release(ccache_1); }
-	
-	if (context) { 
+
+	if (context) {
 		destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_get_last_default_time */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -1514,23 +1513,23 @@ int check_cc_ccache_move(void) {
 	cc_context_t context = NULL;
 	cc_ccache_t source = NULL;
 	cc_ccache_t destination = NULL;
-	
+
 	cc_credentials_union creds_union;
 	unsigned int i = 0;
-	
+
 	BEGIN_TEST("cc_ccache_move");
-	
+
 	#ifndef cc_ccache_move
 	log_error("cc_ccache_move is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	// create 2 ccaches
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@ONE.ORG", &source);
@@ -1538,7 +1537,7 @@ int check_cc_ccache_move(void) {
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@TWO.ORG", &destination);
 	}
-	
+
 	// store credentials in each
 	for (i = 0; !err && (i < 10); i++) {
 		new_v5_creds_union(&creds_union, "ONE.ORG");
@@ -1548,7 +1547,7 @@ int check_cc_ccache_move(void) {
 		new_v5_creds_union(&creds_union, "TWO.ORG");
 		err = cc_ccache_store_credentials(destination, &creds_union);
 	}
-	
+
 	// move source into destination
 	if (!err) {
 		check_once_cc_ccache_move(source, destination, ccNoError, "valid params");
@@ -1558,25 +1557,25 @@ int check_cc_ccache_move(void) {
 	if (!err) {
 		check_once_cc_ccache_move(destination, NULL, ccErrBadParam, "NULL destination param");
 	}
-	
+
 	// non-existent ccache
 	if (!err) {
 		check_once_cc_ccache_move(destination, source, ccErrInvalidCCache, "recently moved source as destination param");
 	}
-	
+
 	if (source) { cc_ccache_release(source); }
 	if (destination) { cc_ccache_release(destination); }
-	
-	if (context) { 
+
+	if (context) {
 		destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_move */
-	
+
 	END_TEST_AND_RETURN
-	
-	
+
+
 }
 
 cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination, cc_int32 expected_err, const char *description) {
@@ -1585,25 +1584,25 @@ cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination,
 	cc_credentials_t creds = NULL;
 	cc_credentials_iterator_t cred_iterator = NULL;
 	unsigned int i = 0;
-	
+
 	cc_string_t src_principal = NULL;
 	cc_string_t dst_principal = NULL;
-	
+
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrBadParam, 
-		ccErrInvalidCCache, 
+		ccNoError,
+		ccErrBadParam,
+		ccErrInvalidCCache,
 		ccErrCCacheNotFound,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_ccache_move
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (destination) {
-		// verify all of destination's credentials are no longer there (save a list and call remove_cred for each, expecting an err in response)	
+		// verify all of destination's credentials are no longer there (save a list and call remove_cred for each, expecting an err in response)
 		if (!err) {
 			err = cc_ccache_new_credentials_iterator(destination, &cred_iterator);
 		}
@@ -1616,8 +1615,8 @@ cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination,
 		if (err == ccIteratorEnd) {
 			err = ccNoError;
 		}
-		if (cred_iterator) { 
-			cc_credentials_iterator_release(cred_iterator); 
+		if (cred_iterator) {
+			cc_credentials_iterator_release(cred_iterator);
 			cred_iterator = NULL;
 		}
 
@@ -1626,16 +1625,16 @@ cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination,
 			err = cc_ccache_get_principal(source, cc_credentials_v5, &src_principal);
 		}
 	}
-	
-	
+
+
 	if (!err) {
 		err = cc_ccache_move(source, destination);
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
-	
+
+
 	if (!err) {
 		// verify all of destination's credentials are no longer there (save a list and call remove_cred for each, expecting an err in response)
 		i = 0;
@@ -1657,7 +1656,7 @@ cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination,
 		}
 
 		// verify that handles for source are no longer valid (get_change_time)
-		if (src_principal) { 
+		if (src_principal) {
 			cc_string_release(src_principal);
 			src_principal = NULL;
 		}
@@ -1665,16 +1664,16 @@ cc_int32 check_once_cc_ccache_move(cc_ccache_t source, cc_ccache_t destination,
 			err = cc_ccache_get_principal(source, cc_credentials_v5, &src_principal);
 			check_if(err != ccErrInvalidCCache, "source ccache was not invalidated after move");
 		}
-	
-	
+
+
 	if (cred_iterator) { cc_credentials_iterator_release(cred_iterator); }
 	if (src_principal) { cc_string_release(src_principal); }
 	if (dst_principal) { cc_string_release(dst_principal); }
-		
+
 	#endif /* cc_ccache_move */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -1687,14 +1686,14 @@ int check_cc_ccache_compare(void) {
 	cc_ccache_t ccache_a = NULL;
 	cc_ccache_t ccache_b = NULL;
 	cc_uint32 equal = 0;
-	
+
 	BEGIN_TEST("cc_ccache_compare");
-	
+
 	#ifndef cc_ccache_compare
 	log_error("cc_ccache_compare is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
 
 	if (!err) {
@@ -1711,7 +1710,7 @@ int check_cc_ccache_compare(void) {
 	check_once_cc_ccache_compare(ccache_a, ccache_a, &equal, ccNoError, "compare ccache with same pointer");
 	equal = 1;
 	check_once_cc_ccache_compare(ccache_a, ccache_b, &equal, ccNoError, "compare different handles to same ccache");
-	
+
 	if (ccache_b) {
 		cc_ccache_release(ccache_b);
 		ccache_b = NULL;
@@ -1726,40 +1725,40 @@ int check_cc_ccache_compare(void) {
 
 	if (ccache_a) { cc_ccache_release(ccache_a); }
 	if (ccache_b) { cc_ccache_release(ccache_b); }
-	
-	if (context) { 
+
+	if (context) {
 		err = destroy_all_ccaches(context);
-		cc_context_release(context); 
+		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_compare */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_compare(cc_ccache_t ccache, cc_ccache_t compare_to, cc_uint32 *equal, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
 	cc_uint32 actually_equal = 0;
-	
+
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrInvalidContext, 
-		ccErrBadParam, 
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrBadParam,
 		ccErrServerUnavailable,
 	};
 
     BEGIN_CHECK_ONCE(description);
 
 	#ifdef cc_ccache_compare
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (equal) {
 		actually_equal = *equal;
-	} 
-	
+	}
+
 	err = cc_ccache_compare(ccache, compare_to, equal);
-	
+
 	if (!err && equal) {
 		if (actually_equal) {
 			check_if(actually_equal != *equal, "equal ccaches not considered equal");
@@ -1768,12 +1767,12 @@ cc_int32 check_once_cc_ccache_compare(cc_ccache_t ccache, cc_ccache_t compare_to
 			check_if(actually_equal != *equal, "non-equal ccaches considered equal");
 		}
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	#endif /* cc_ccache_compare */
-	
+
 	return err;
 }
 
@@ -1785,14 +1784,14 @@ int check_cc_ccache_get_kdc_time_offset(void) {
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
 	cc_time_t time_offset = 0;
-	
+
 	BEGIN_TEST("cc_ccache_get_kdc_time_offset");
-	
+
 	#ifndef cc_ccache_get_kdc_time_offset
 	log_error("cc_ccache_get_kdc_time_offset is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
 
 	if (!err) {
@@ -1804,7 +1803,7 @@ int check_cc_ccache_get_kdc_time_offset(void) {
 
 	time_offset = 0;
 	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, &time_offset, ccErrTimeOffsetNotSet, "brand new ccache (offset not yet set)");
-	
+
 	time_offset = 10;
 	if (!err) {
 		err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, time_offset);
@@ -1821,58 +1820,58 @@ int check_cc_ccache_get_kdc_time_offset(void) {
 	if (!err) {
 		check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4, &time_offset, ccNoError, "asking for v4 offset when v4 and v5 are set");
 	}
-	
+
 
 	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v5, NULL, ccErrBadParam, "NULL time_offset out param");
 	check_once_cc_ccache_get_kdc_time_offset(ccache, cc_credentials_v4_v5, &time_offset, ccErrBadCredentialsVersion, "v4_v5 creds_vers in param (invalid)");
 
 	if (ccache) { cc_ccache_release(ccache); }
-	
-	if (context) { 
+
+	if (context) {
 		err = destroy_all_ccaches(context);
-		cc_context_release(context); 
+		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_get_kdc_time_offset */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_get_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_time_t *time_offset, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
 	cc_time_t expected_offset;
-	
+
 	cc_int32 possible_return_values[7] = {
-		ccNoError, 
-		ccErrTimeOffsetNotSet, 
-		ccErrCCacheNotFound, 
-		ccErrInvalidCCache, 
-		ccErrBadParam, 
-		ccErrServerUnavailable, 
-		ccErrBadCredentialsVersion,	
+		ccNoError,
+		ccErrTimeOffsetNotSet,
+		ccErrCCacheNotFound,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrServerUnavailable,
+		ccErrBadCredentialsVersion,
 	};
 
     BEGIN_CHECK_ONCE(description);
 
 	#ifdef cc_ccache_get_kdc_time_offset
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (time_offset) {
 		expected_offset = *time_offset;
 	}
-	
+
 	err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, time_offset);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err && time_offset) {
 		check_if(*time_offset != expected_offset, "kdc time offset doesn't match expected value");
 	}
-	
+
 	#endif /* cc_ccache_get_kdc_time_offset */
-	
+
 	return err;
 }
 
@@ -1883,14 +1882,14 @@ int check_cc_ccache_set_kdc_time_offset(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_set_kdc_time_offset");
-	
+
 	#ifndef cc_ccache_set_kdc_time_offset
 	log_error("cc_ccache_set_kdc_time_offset is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
 
 	if (!err) {
@@ -1902,55 +1901,55 @@ int check_cc_ccache_set_kdc_time_offset(void) {
 
 	check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0, ccNoError, "first time setting offset (v5)");
 	check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, 0, ccNoError, "first time setting offset (v4)");
-	
+
 	check_once_cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4_v5, 0, ccErrBadCredentialsVersion, "invalid creds_vers (v4_v5)");
 
 	if (ccache) { cc_ccache_release(ccache); }
-	
-	if (context) { 
+
+	if (context) {
 		err = destroy_all_ccaches(context);
-		cc_context_release(context); 
+		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_set_kdc_time_offset */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_set_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_time_t time_offset, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
 	cc_time_t stored_offset = 0;
-		
+
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccErrCCacheNotFound, 
-		ccErrInvalidCCache, 
-		ccErrBadParam, 
-		ccErrServerUnavailable, 
+		ccNoError,
+		ccErrCCacheNotFound,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrServerUnavailable,
 		ccErrBadCredentialsVersion,
 	};
 
     BEGIN_CHECK_ONCE(description);
 
 	#ifdef cc_ccache_set_kdc_time_offset
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_ccache_set_kdc_time_offset(ccache, credentials_version, time_offset);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, &stored_offset);
 	}
-	
+
 	if (!err) {
 		check_if(time_offset != stored_offset, "kdc time offset doesn't match expected value");
 	}
-	
+
 	#endif /* cc_ccache_set_kdc_time_offset */
-	
+
 	return err;
 }
 
@@ -1961,14 +1960,14 @@ int check_cc_ccache_clear_kdc_time_offset(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_ccache_clear_kdc_time_offset");
-	
+
 	#ifndef cc_ccache_clear_kdc_time_offset
 	log_error("cc_ccache_clear_kdc_time_offset is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
 
 	if (!err) {
@@ -1983,55 +1982,53 @@ int check_cc_ccache_clear_kdc_time_offset(void) {
 
 	err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v5, 0);
 	err = cc_ccache_set_kdc_time_offset(ccache, cc_credentials_v4, 0);
-	
+
 	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v5, ccNoError, "clearing v5");
 	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4, ccNoError, "clearing v4");
-	
+
 	check_once_cc_ccache_clear_kdc_time_offset(ccache, cc_credentials_v4_v5, ccErrBadCredentialsVersion, "bad in param creds vers (v4_v5)");
-	
+
 	if (ccache) { cc_ccache_release(ccache); }
-	
-	if (context) { 
+
+	if (context) {
 		err = destroy_all_ccaches(context);
-		cc_context_release(context); 
+		cc_context_release(context);
 	}
-	
+
 	#endif /* cc_ccache_clear_kdc_time_offset */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_ccache_clear_kdc_time_offset(cc_ccache_t ccache, cc_int32 credentials_version, cc_int32 expected_err, const char *description) {
 	cc_int32 err = ccNoError;
 	cc_time_t stored_offset = 0;
-	
+
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccErrCCacheNotFound, 
-		ccErrInvalidCCache, 
-		ccErrBadParam, 
-		ccErrServerUnavailable, 
+		ccNoError,
+		ccErrCCacheNotFound,
+		ccErrInvalidCCache,
+		ccErrBadParam,
+		ccErrServerUnavailable,
 		ccErrBadCredentialsVersion,
 	};
 	BEGIN_CHECK_ONCE(description);
 
 	#ifdef cc_ccache_clear_kdc_time_offset
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
 
 	err = cc_ccache_clear_kdc_time_offset(ccache, credentials_version);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		err = cc_ccache_get_kdc_time_offset(ccache, credentials_version, &stored_offset);
 		check_if(err != ccErrTimeOffsetNotSet, "time offset not cleared");
 	}
-	
+
 	#endif /* cc_ccache_clear_kdc_time_offset */
-	
+
 	return err;
 }
-
-
diff --git a/src/ccapi/test/test_ccapi_check.c b/src/ccapi/test/test_ccapi_check.c
index 8352adfdc..7f55b4557 100644
--- a/src/ccapi/test/test_ccapi_check.c
+++ b/src/ccapi/test/test_ccapi_check.c
@@ -14,20 +14,20 @@ int _check_if(int expression, const char *file, int line, const char *expression
 			_log_error_v(file, line, format, ap);
 			va_end(ap);
 		}
-		
+
 		if (current_test_activity) {
 			fprintf(stdout, " (%s)", current_test_activity);
 		}
 	}
-	
-	return (expression != 0);	
+
+	return (expression != 0);
 }
 
 int array_contains_int(cc_int32 *array, int size, cc_int32 value) {
 	if (array != NULL && size > 0) {
 		int i = 0;
-		while (i < size && array[i] != value) { 
-			i++; 
+		while (i < size && array[i] != value) {
+			i++;
 		}
 		if (i < size) {
 			return 1;
diff --git a/src/ccapi/test/test_ccapi_check.h b/src/ccapi/test/test_ccapi_check.h
index c05a5152e..0a953481a 100644
--- a/src/ccapi/test/test_ccapi_check.h
+++ b/src/ccapi/test/test_ccapi_check.h
@@ -7,21 +7,21 @@
 #include "test_ccapi_globals.h"
 
 int _check_if(int expression, const char *file, int line, const char *expression_string, const char *format, ...);
-		
+
 #define check_int(a, b) \
 		check_if(a != b, NULL)
 
 /*
  *	if expression evaluates to true, check_if increments the failure_count and prints:
- *	
+ *
  *	check_if(a!=a, NULL);
- *	==> "/path/to/file:line: a!=a" 
- *	
+ *	==> "/path/to/file:line: a!=a"
+ *
  *	check_if(a!=a, "This shouldn't be happening");
  *	==> "/path/to/file:line: This shouldn't be happening"
- *	
+ *
  *	check_if(a!=a, "This has happened %d times now", 3);
- *	==> "/path/to/file:line: This has happened 3 times now"	
+ *	==> "/path/to/file:line: This has happened 3 times now"
 */
 
 #define check_if(expression, format, ...) \
diff --git a/src/ccapi/test/test_ccapi_constants.c b/src/ccapi/test/test_ccapi_constants.c
index 10d07f061..9f2aecbc2 100644
--- a/src/ccapi/test/test_ccapi_constants.c
+++ b/src/ccapi/test/test_ccapi_constants.c
@@ -5,16 +5,16 @@
 int check_constants(void) {
 	BEGIN_TEST("constants");
 	/* API versions */
-	
+
 	check_int(ccapi_version_2, 2);
 	check_int(ccapi_version_3, 3);
 	check_int(ccapi_version_4, 4);
 	check_int(ccapi_version_5, 5);
 	check_int(ccapi_version_6, 6);
-	
+
 	/* Errors */
-	
-	check_int(ccNoError 					  , 0  );	 //   0               
+
+	check_int(ccNoError 					  , 0  );	 //   0
 	check_int(ccIteratorEnd 				  , 201);    // 201
 	check_int(ccErrBadParam 			      , 202);    // 202
 	check_int(ccErrNoMem 					  , 203);    // 203
@@ -45,7 +45,7 @@ int check_constants(void) {
 	check_int(ccErrNotImplemented             , 228);    // 228
 
 	/* Credentials versions */
-	
+
 	check_int(cc_credentials_v4,    1);
 	check_int(cc_credentials_v5,    2);
 	check_int(cc_credentials_v4_v5, (cc_credentials_v4 | cc_credentials_v5));
@@ -58,9 +58,9 @@ int check_constants(void) {
 	check_int(cc_lock_downgrade, 3);
 
     /* Locking Modes */
-  
+
 	check_int(cc_lock_noblock, 0);
 	check_int(cc_lock_block,   1);
-	
+
 	END_TEST_AND_RETURN
 }
diff --git a/src/ccapi/test/test_ccapi_context.c b/src/ccapi/test/test_ccapi_context.c
index 51714539e..09feebee5 100644
--- a/src/ccapi/test/test_ccapi_context.c
+++ b/src/ccapi/test/test_ccapi_context.c
@@ -7,110 +7,110 @@
 int check_cc_initialize(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
-	
+
 	BEGIN_TEST("cc_initialize");
-	
+
 	// try every api_version
 	err = check_once_cc_initialize(&context, ccapi_version_2, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_2");   	   // err == CC_BAD_API_VERSION (9) would be imported by CredentialsCache2.h
-	err = check_once_cc_initialize(&context, ccapi_version_3, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_3");   	   // !err                                    
-	err = check_once_cc_initialize(&context, ccapi_version_4, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_4");   	   //        "                                            
-	err = check_once_cc_initialize(&context, ccapi_version_5, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_5");   	   //        "                                            
-	err = check_once_cc_initialize(&context, ccapi_version_6, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_6");   	   //        "                                            
-	
+	err = check_once_cc_initialize(&context, ccapi_version_3, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_3");   	   // !err
+	err = check_once_cc_initialize(&context, ccapi_version_4, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_4");   	   //        "
+	err = check_once_cc_initialize(&context, ccapi_version_5, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_5");   	   //        "
+	err = check_once_cc_initialize(&context, ccapi_version_6, NULL, NULL, ccNoError, "cc_initialize with ccapi_version_6");   	   //        "
+
 	// try bad api_version
-	err = check_once_cc_initialize(&context, INT_MAX,         NULL, NULL, ccErrBadAPIVersion, NULL); // err == ccErrBadAPIVersion                             
-	
+	err = check_once_cc_initialize(&context, INT_MAX,         NULL, NULL, ccErrBadAPIVersion, NULL); // err == ccErrBadAPIVersion
+
 	// try bad param
-	err = check_once_cc_initialize(NULL,     ccapi_version_3, NULL, NULL, ccErrBadParam, NULL);  	   // err == ccErrBadParam                                
-	
+	err = check_once_cc_initialize(NULL,     ccapi_version_3, NULL, NULL, ccErrBadParam, NULL);  	   // err == ccErrBadParam
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_initialize(cc_context_t *out_context, cc_int32 in_version, cc_int32 *out_supported_version, char const **out_vendor, cc_int32 expected_err, const char *description) {
 	cc_int32 err = 0;
 	cc_context_t context;
-	
+
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrNoMem, 
-		ccErrBadAPIVersion, 
+		ccNoError,
+		ccErrNoMem,
+		ccErrBadAPIVersion,
 		ccErrBadParam,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_initialize(out_context, in_version, out_supported_version, out_vendor);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (out_context) { context = *out_context; }
 	else { context = NULL; }
-	
+
 	// check output parameters
 	if (!err) {
 		check_if(context == NULL, NULL);
-		if (context) { 
-			cc_context_release(context); 
+		if (context) {
+			cc_context_release(context);
 			*out_context = NULL;
 		}
 	} else {
 		check_if(context != NULL, NULL);
 	}
-	
+
 	return err;
 }
 
 int check_cc_context_release(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
-	
+
 	BEGIN_TEST("cc_context_release");
-	
+
 	#ifndef cc_context_release
 	log_error("cc_context_release is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	// try with valid context
 	err = check_once_cc_context_release(&context, ccNoError, NULL);
-	
+
 	// try with NULL
 	//err = check_once_cc_context_release(NULL, ccErrInvalidContext);
-	/* calling with NULL context crashes, because this macro expands to 
+	/* calling with NULL context crashes, because this macro expands to
 	   ((NULL) -> functions -> release (NULL)) which is dereferencing NULL which is bad. */
-	
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_context_release */
-	
+
 	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_context_release(cc_context_t *out_context, cc_int32 expected_err, const char *description) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
-		
+
 	cc_int32 possible_return_values[2] = {
-		ccNoError, 
-		ccErrInvalidContext, 
+		ccNoError,
+		ccErrInvalidContext,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_context_release
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (out_context) {
 		err = cc_initialize(out_context, ccapi_version_3, NULL, NULL);
-		if (!err) { 
-			context = *out_context; 
+		if (!err) {
+			context = *out_context;
 		}
 	}
-	
+
 	if (err != ccNoError) {
 		log_error("failure in cc_initialize, unable to perform check");
 		return err;
@@ -120,13 +120,13 @@ cc_int32 check_once_cc_context_release(cc_context_t *out_context, cc_int32 expec
 		// check returned error
 		check_err(err, expected_err, possible_return_values);
 	}
-	
+
 	*out_context = NULL;
-	
+
 	#endif /* cc_context_release */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -138,32 +138,32 @@ int check_cc_context_get_change_time(void) {
 	cc_credentials_union creds_union;
 	cc_credentials_iterator_t creds_iterator = NULL;
 	cc_credentials_t credentials = NULL;
-	
+
 	BEGIN_TEST("cc_context_get_change_time");
-	
+
 	#ifndef cc_context_get_change_time
 	log_error("cc_context_get_change_time is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	/*
 	 * Make a context
 	 * make sure the change time changes after:
-	 * 	a ccache is created  
-	 * 	a ccache is destroyed  
-	 * 	a credential is stored  
-	 * 	a credential is removed  
-	 * 	a ccache principal is changed  
+	 * 	a ccache is created
+	 * 	a ccache is destroyed
+	 * 	a credential is stored
+	 * 	a credential is removed
+	 * 	a ccache principal is changed
 	 * 	the default ccache is changed
 	 * clean up memory
 	 */
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
 	if (!err) {
-		
+
 		// try bad parameters first
 		err = check_once_cc_context_get_change_time(context, NULL, ccErrBadParam, "NULL param, should fail");
-		
+
 		// make sure we have a default ccache
 		err = cc_context_open_default_ccache(context, &ccache);
 		if (err == ccErrCCacheNotFound) {
@@ -175,11 +175,11 @@ int check_cc_context_get_change_time(void) {
 		// either the default ccache already existed or we just created it
 		// either way, the get_change_time should now give something > 0
 		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "first-run, should be > 0");
-		
+
 		// create a ccache
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after creating a new ccache");
-		
+
 		// store a credential
 		if (!err) {
 			new_v5_creds_union(&creds_union, "BAR.ORG");
@@ -187,7 +187,7 @@ int check_cc_context_get_change_time(void) {
 			release_v5_creds_union(&creds_union);
 		}
 		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after storing a credential");
-		
+
 		if (!err) {
 			// change principal (fails with ccErrBadInternalMessage)
 			err = cc_ccache_set_principal(ccache, cc_credentials_v5, "foo@BAR.ORG");
@@ -198,7 +198,7 @@ int check_cc_context_get_change_time(void) {
 			}
 		}
 		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after changing a principle");
-		
+
 		// remove a credential
 		if (!err) {
 			err = cc_ccache_new_credentials_iterator(ccache, &creds_iterator);
@@ -212,25 +212,25 @@ int check_cc_context_get_change_time(void) {
 		if (!err) {
 			err = cc_ccache_remove_credentials(ccache, credentials);
 		}
-		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after removing a credential");		
-		
+		check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after removing a credential");
+
 		if (!err) {
 			// change default ccache
 			err = cc_ccache_set_default(ccache);
 			check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after changing default ccache");
 		}
-		
+
 		if (ccache) {
 			// destroy a ccache
 			err = cc_ccache_destroy(ccache);
 			check_once_cc_context_get_change_time(context, &last_change_time, ccNoError, "after destroying a ccache");
 		}
 	}
-	
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_get_change_time */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -238,37 +238,37 @@ cc_int32 check_once_cc_context_get_change_time(cc_context_t context, cc_time_t *
 	cc_int32 err = 0;
 	cc_time_t last_change_time;
 	cc_time_t current_change_time = 0;
-		
+
 	cc_int32 possible_return_values[3] = {
-		ccNoError, 
-		ccErrInvalidContext, 
+		ccNoError,
+		ccErrInvalidContext,
 		ccErrBadParam,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_context_get_change_time
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	if (time != NULL) { // if we were passed NULL, then we're looking to pass a bad param
 		err = cc_context_get_change_time(context, &current_change_time);
 	} else {
 		err = cc_context_get_change_time(context, NULL);
 	}
-	
+
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		last_change_time = *time;
 		check_if(current_change_time <= last_change_time, "context change time did not increase when it was supposed to (%d <= %d)", current_change_time, last_change_time);
 		*time = current_change_time;
 	}
-	
+
 	#endif /* cc_context_get_change_time */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -277,19 +277,19 @@ int check_cc_context_get_default_ccache_name(void) {
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
 	cc_string_t name = NULL;
-	
+
 	BEGIN_TEST("cc_context_get_default_ccache_name");
-	
+
 	#ifndef cc_context_get_default_ccache_name
 	log_error("cc_context_get_default_ccache_name is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	if (!err) {	
+	if (!err) {
 		// try bad parameters first
 		err = check_once_cc_context_get_default_ccache_name(context, NULL, ccErrBadParam, NULL);
-		
+
 		// try with no default
 		err = destroy_all_ccaches(context);
 		err = cc_context_open_default_ccache(context, &ccache);
@@ -297,54 +297,54 @@ int check_cc_context_get_default_ccache_name(void) {
 			log_error("didn't remove all ccaches");
 		}
 		err = check_once_cc_context_get_default_ccache_name(context, &name, ccNoError, NULL);
-		
+
 		// try normally
 		err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 		if (ccache) { cc_ccache_release(ccache); }
 		err = check_once_cc_context_get_default_ccache_name(context, &name, ccNoError, NULL);
-		
+
 	}
-	
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_context_get_default_ccache_name */
-	
-	END_TEST_AND_RETURN	
+
+	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_context_get_default_ccache_name(cc_context_t context, cc_string_t *name, cc_int32 expected_err, const char *description) {
 	cc_int32 err = 0;
-	
+
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrInvalidContext, 
-		ccErrBadParam, 
-		ccErrNoMem, 
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrBadParam,
+		ccErrNoMem,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_context_get_default_ccache_name
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-		
+
 	if (name != NULL) { // if we were passed NULL, then we're looking to pass a bad param
 		err = cc_context_get_default_ccache_name(context, name);
 	} else {
 		err = cc_context_get_default_ccache_name(context, NULL);
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	// not really anything else to check
-	
+
 	if (name && *name) { cc_string_release(*name); }
-	
+
 	#endif /* cc_context_get_default_ccache_name */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -353,16 +353,16 @@ int check_cc_context_open_ccache(void) {
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
 	cc_string_t name = NULL;
-	
+
 	BEGIN_TEST("cc_context_open_ccache");
-	
+
 	#ifndef cc_context_open_ccache
 	log_error("cc_context_open_ccache is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	if (!err) {	
+	if (!err) {
 		// make sure we have a default ccache
 		err = cc_context_open_default_ccache(context, &ccache);
 		if (err == ccErrCCacheNotFound) {
@@ -372,7 +372,7 @@ int check_cc_context_open_ccache(void) {
 			err = cc_ccache_release(ccache);
 			ccache = NULL;
 		}
-		
+
 		// try default ccache
 		err = cc_context_get_default_ccache_name(context, &name);
 		if (!err) {
@@ -382,7 +382,7 @@ int check_cc_context_open_ccache(void) {
 		// try bad parameters
 		err = check_once_cc_context_open_ccache(context, NULL, &ccache, ccErrBadParam, NULL);
 		err = check_once_cc_context_open_ccache(context, name->data, NULL, ccErrBadParam, NULL);
-		
+
 		// try a ccache that doesn't exist (create one and then destroy it)
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 		if (!err) {
@@ -392,67 +392,67 @@ int check_cc_context_open_ccache(void) {
 			err = cc_ccache_destroy(ccache);
 			ccache = NULL;
 		}
-		
+
 		err = check_once_cc_context_open_ccache(context, name->data, &ccache, ccErrCCacheNotFound, NULL);
 	}
-	
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_context_open_ccache */
-	
-	END_TEST_AND_RETURN	
+
+	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_context_open_ccache(cc_context_t context, const char *name, cc_ccache_t *ccache, cc_int32 expected_err, const char *description) {
 	cc_int32 err = 0;
 	cc_string_t stored_name = NULL;
-	
+
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccErrBadName, 
-		ccErrInvalidContext, 
-		ccErrNoMem, 
-		ccErrCCacheNotFound, 
-		ccErrBadParam, 
+		ccNoError,
+		ccErrBadName,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrCCacheNotFound,
+		ccErrBadParam,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_context_open_ccache
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-		
+
 	if (ccache != NULL) { // if we were passed NULL, then we're looking to pass a bad param
 		err = cc_context_open_ccache(context, name, ccache);
 	} else {
 		err = cc_context_open_ccache(context, name, NULL);
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		check_if(*ccache == NULL, NULL);
-		
+
 		if (!err) {
 			err = cc_ccache_get_name(*ccache, &stored_name);
 		}
-		if (!err) { 
-			check_if(strcmp(stored_name->data, name), NULL); 
+		if (!err) {
+			check_if(strcmp(stored_name->data, name), NULL);
 		}
 		if (stored_name) { cc_string_release(stored_name); }
-		
-		
+
+
 		if (ccache && *ccache) {
 			cc_ccache_release(*ccache);
 			*ccache = NULL;
 		}
 	}
-	
+
 	#endif /* cc_context_open_ccache */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -460,38 +460,38 @@ int check_cc_context_open_default_ccache(void) {
 	cc_int32 err = 0;
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
-	
+
 	BEGIN_TEST("cc_context_open_default_ccache");
-	
+
 	#ifndef cc_context_open_default_ccache
 	log_error("cc_context_open_default_ccache is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	if (!err) {	
+	if (!err) {
 		// make sure we have a default ccache
 		err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo/bar@BAZ.ORG", &ccache);
 		if (ccache) { cc_ccache_release(ccache); }
-		
+
 		// try default ccache
 		if (!err) {
 			err = check_once_cc_context_open_default_ccache(context, &ccache, ccNoError, NULL);
 		}
-		
+
 		// try bad parameters
 		err = check_once_cc_context_open_default_ccache(context, NULL, ccErrBadParam, NULL);
-		
+
 		// try with no default ccache (destroy all ccaches first)
 		err = destroy_all_ccaches(context);
-		
+
 		err = check_once_cc_context_open_default_ccache(context, &ccache, ccErrCCacheNotFound, NULL);
 	}
-	
+
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_context_open_default_ccache */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -499,33 +499,33 @@ cc_int32 check_once_cc_context_open_default_ccache(cc_context_t context, cc_ccac
 	cc_int32 err = 0;
 	cc_string_t given_name = NULL;
 	cc_string_t default_name = NULL;
-	
+
 	cc_int32 possible_return_values[5] = {
-		ccNoError, 
-		ccErrInvalidContext, 
-		ccErrNoMem, 
-		ccErrCCacheNotFound, 
-		ccErrBadParam, 
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrCCacheNotFound,
+		ccErrBadParam,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_context_open_default_ccache
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-		
+
 	if (ccache != NULL) { // if we were passed NULL, then we're looking to pass a bad param
 		err = cc_context_open_default_ccache(context, ccache);
 	} else {
 		err = cc_context_open_default_ccache(context, NULL);
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		check_if(*ccache == NULL, NULL);
-		
+
 		// make sure this ccache is the one we were looking to get back (compare name with cc_context_get_default_ccache_name)
 		err = cc_ccache_get_name(*ccache, &given_name);
 		err = cc_context_get_default_ccache_name(context, &default_name);
@@ -534,17 +534,17 @@ cc_int32 check_once_cc_context_open_default_ccache(cc_context_t context, cc_ccac
 		}
 		if (given_name) { cc_string_release(given_name); }
 		if (default_name) { cc_string_release(default_name); }
-		
+
 		if (ccache && *ccache) {
 			cc_ccache_release(*ccache);
 			*ccache = NULL;
 		}
 	}
-	
+
 	#endif /* cc_context_open_default_ccache */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -553,16 +553,16 @@ int check_cc_context_create_ccache(void) {
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
 	cc_string_t name = NULL;
-	
+
 	BEGIN_TEST("cc_context_create_ccache");
-	
+
 	#ifndef cc_context_create_ccache
 	log_error("cc_context_create_ccache is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	if (!err) {	
+	if (!err) {
 		// try making a ccache with a non-unique name (the existing default's name)
 		if (!err) {
 			err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo/bar@BAZ.ORG", &ccache);
@@ -574,26 +574,26 @@ int check_cc_context_create_ccache(void) {
 		if (!err) {
 			err = check_once_cc_context_create_ccache(context, name->data, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccNoError, NULL);
 		}
-		
+
 		// try making a ccache with a unique name (the now destroyed default's name)
 		if (ccache) { cc_ccache_destroy(ccache); }
 		if (!err) {
 			err = check_once_cc_context_create_ccache(context, name->data, cc_credentials_v5, "foo/baz@BAR.ORG", &ccache, ccNoError, NULL);
 		}
-				
+
 		// try bad parameters
 		err = check_once_cc_context_create_ccache(context, NULL, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccErrBadParam, "NULL name");                    // NULL name
 		err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
 		err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal");                          // NULL principal
 		err = check_once_cc_context_create_ccache(context, "name", cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache");                    // NULL ccache
 	}
-	
+
 	if (name) { cc_string_release(name); }
 	if (ccache) { cc_ccache_destroy(ccache); }
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_context_create_ccache */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -604,27 +604,27 @@ cc_int32 check_once_cc_context_create_ccache(cc_context_t context, const char *n
 	cc_uint32 stored_creds_vers = 0;
 
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccErrBadName, 
-		ccErrBadParam, 
-		ccErrInvalidContext, 
-		ccErrNoMem, 
-		ccErrBadCredentialsVersion, 
+		ccNoError,
+		ccErrBadName,
+		ccErrBadParam,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrBadCredentialsVersion,
 	};
 	BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_context_create_ccache
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-		
+
 	err = cc_context_create_ccache(context, name, cred_vers, principal, ccache);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		check_if(*ccache == NULL, NULL);
-		
+
 		// make sure all of the ccache's info matches what we gave it
 		// name
 		err = cc_ccache_get_name(*ccache, &stored_name);
@@ -639,17 +639,17 @@ cc_int32 check_once_cc_context_create_ccache(cc_context_t context, const char *n
 		err = cc_ccache_get_principal(*ccache, cc_credentials_v5, &stored_principal);
 		if (!err) { check_if(strcmp(stored_principal->data, principal), NULL); }
 		if (stored_principal) { cc_string_release(stored_principal); }
-				
+
 		if (ccache && *ccache) {
 			cc_ccache_destroy(*ccache);
 			*ccache = NULL;
 		}
 	}
-	
+
 	#endif /* cc_context_create_ccache */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -658,41 +658,41 @@ int check_cc_context_create_default_ccache(void) {
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
 	cc_string_t name = NULL;
-	
+
 	BEGIN_TEST("cc_context_create_default_ccache");
-	
+
 	#ifndef cc_context_create_default_ccache
 	log_error("cc_context_create_default_ccache is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	if (!err) {	
+	if (!err) {
 		// try making the default when there are no existing ccaches
 		err = destroy_all_ccaches(context);
 		if (!err) {
 			err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccNoError, NULL);
 		}
 		if (ccache) { cc_ccache_release(ccache); }
-		
+
 		// try making a new default when one already exists
 		if (!err) {
 			err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, "foo/baz@BAR.ORG", &ccache, ccNoError, NULL);
 		}
-		
+
 		// try bad parameters
 		err = check_once_cc_context_create_default_ccache(context, cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
 		err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal");                          // NULL principal
 		err = check_once_cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache");                    // NULL ccache
 	}
-	
+
 	if (name) { cc_string_release(name); }
 	if (ccache) { cc_ccache_destroy(ccache); }
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_context_create_default_ccache */
-	
-	END_TEST_AND_RETURN	
+
+	END_TEST_AND_RETURN
 }
 
 cc_int32 check_once_cc_context_create_default_ccache(cc_context_t context, cc_uint32 cred_vers, const char *principal, cc_ccache_t *ccache, cc_int32 expected_err, const char *description) {
@@ -701,25 +701,25 @@ cc_int32 check_once_cc_context_create_default_ccache(cc_context_t context, cc_ui
 	cc_uint32 stored_creds_vers = 0;
 
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
+		ccNoError,
 		ccErrBadName, // how can this be possible when the name isn't a parameter?
-		ccErrBadParam, 
-		ccErrInvalidContext, 
-		ccErrNoMem, 
-		ccErrBadCredentialsVersion, 
+		ccErrBadParam,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrBadCredentialsVersion,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_context_create_default_ccache
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-		
+
 	err = cc_context_create_default_ccache(context, cred_vers, principal, ccache);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		if (ccache) { check_if(*ccache == NULL, NULL); }
 		// make sure all of the ccache's info matches what we gave it
@@ -730,17 +730,17 @@ cc_int32 check_once_cc_context_create_default_ccache(cc_context_t context, cc_ui
 		err = cc_ccache_get_principal(*ccache, cc_credentials_v5, &stored_principal);
 		if (!err) { check_if(strcmp(stored_principal->data, principal), NULL); }
 		if (stored_principal) { cc_string_release(stored_principal); }
-				
+
 		if (ccache && *ccache) {
 			cc_ccache_release(*ccache);
 			*ccache = NULL;
 		}
 	}
-	
+
 	#endif /* cc_context_create_default_ccache */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -749,41 +749,41 @@ int check_cc_context_create_new_ccache(void) {
 	cc_context_t context = NULL;
 	cc_ccache_t ccache = NULL;
 	cc_string_t name = NULL;
-	
+
 	BEGIN_TEST("cc_context_create_new_ccache");
-	
+
 	#ifndef cc_context_create_new_ccache
 	log_error("cc_context_create_new_ccache is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	if (!err) {	
+	if (!err) {
 		// try making when there are no existing ccaches (should have name of default)
 		err = destroy_all_ccaches(context);
 		if (!err) {
 			err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, "foo@BAR.ORG", &ccache, ccNoError, NULL);
 		}
 		if (ccache) { cc_ccache_release(ccache); }
-		
+
 		// try making a new ccache when one already exists (should not have name of default)
 		if (!err) {
 			err = check_once_cc_context_create_new_ccache(context, 0, cc_credentials_v5, "foo/baz@BAR.ORG", &ccache, ccNoError, NULL);
 		}
 		if (ccache) { cc_ccache_release(ccache); }
-		
+
 		// try bad parameters
 		err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v4_v5, "foo@BAR.ORG", &ccache, ccErrBadCredentialsVersion, "invalid creds_vers"); // invalid creds_vers
 		err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, NULL, &ccache, ccErrBadParam, "NULL principal");                          // NULL principal
 		err = check_once_cc_context_create_new_ccache(context, 1, cc_credentials_v5, "foo@BAR.ORG", NULL, ccErrBadParam, "NULL ccache");                    // NULL ccache
 	}
-	
+
 	if (name) { cc_string_release(name); }
 	if (ccache) { cc_ccache_destroy(ccache); }
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_context_create_new_ccache */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -793,27 +793,27 @@ cc_int32 check_once_cc_context_create_new_ccache(cc_context_t context, cc_int32
 	cc_string_t stored_name = NULL;
 	cc_string_t stored_principal = NULL;
 	cc_uint32 stored_creds_vers = 0;
-	
+
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
+		ccNoError,
 		ccErrBadName, // how can this be possible when the name isn't a parameter?
-		ccErrBadParam, 
-		ccErrInvalidContext, 
-		ccErrNoMem, 
-		ccErrBadCredentialsVersion, 
+		ccErrBadParam,
+		ccErrInvalidContext,
+		ccErrNoMem,
+		ccErrBadCredentialsVersion,
 	};
 
     BEGIN_CHECK_ONCE(description);
-	
+
 	#ifdef cc_context_create_new_ccache
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-		
+
 	err = cc_context_create_new_ccache(context, cred_vers, principal, ccache);
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	if (!err) {
 		if (ccache) { check_if(*ccache == NULL, NULL); }
 		// make sure all of the ccache's info matches what we gave it
@@ -823,17 +823,17 @@ cc_int32 check_once_cc_context_create_new_ccache(cc_context_t context, cc_int32
 		if (!err) {
 			err = cc_ccache_get_name(*ccache, &stored_name);
 		}
-		if (!err) { 
+		if (!err) {
 			if (should_be_default) {
-				check_if(strcmp(stored_name->data, name->data), "new ccache does not have name of default"); 
+				check_if(strcmp(stored_name->data, name->data), "new ccache does not have name of default");
 			}
 			else {
-				check_if((strcmp(stored_name->data, name->data) == 0), "new cache has name of default"); 
-			}	
+				check_if((strcmp(stored_name->data, name->data) == 0), "new cache has name of default");
+			}
 		}
 		if (name) { cc_string_release(name); }
 		if (stored_name) { cc_string_release(stored_name); }
-		
+
 		// cred_vers
 		err = cc_ccache_get_credentials_version(*ccache, &stored_creds_vers);
 		if (!err) { check_if(stored_creds_vers != cred_vers, NULL); }
@@ -841,17 +841,17 @@ cc_int32 check_once_cc_context_create_new_ccache(cc_context_t context, cc_int32
 		err = cc_ccache_get_principal(*ccache, cc_credentials_v5, &stored_principal);
 		if (!err) { check_if(strcmp(stored_principal->data, principal), NULL); }
 		if (stored_principal) { cc_string_release(stored_principal); }
-				
+
 		if (ccache && *ccache) {
 			cc_ccache_release(*ccache);
 			*ccache = NULL;
 		}
 	}
-	
+
 	#endif /* cc_context_create_new_ccache */
-	
+
 	END_CHECK_ONCE;
-	
+
 	return err;
 }
 
@@ -861,39 +861,39 @@ int check_cc_context_new_ccache_iterator(void) {
 	cc_ccache_t ccache = NULL;
 	cc_string_t name = NULL;
 	cc_ccache_iterator_t iterator = NULL;
-	
+
 	BEGIN_TEST("cc_context_new_ccache_iterator");
-	
+
 	#ifndef cc_context_new_ccache_iterator
 	log_error("cc_context_new_ccache_iterator is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	if (!err) {	
+	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	if (!err) {	
+	if (!err) {
 		// try making when there are no existing ccaches (shouldn't make a difference, but just in case)
 		check_once_cc_context_new_ccache_iterator(context, &iterator, ccNoError, "when there are no existing ccaches");
-	
+
 		err = cc_context_create_default_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 	}
-	if (!err) {	
+	if (!err) {
 		// try making when at least one ccache already exists (just to cover all our bases)
 		check_once_cc_context_new_ccache_iterator(context, &iterator, ccNoError, "when at least one ccache already exists");
-		
+
 		// try bad parameters
 		check_once_cc_context_new_ccache_iterator(context, NULL, ccErrBadParam, "NULL param"); // NULL iterator
 	}
 		// we'll do a comprehensive test of cc_ccache_iterator related functions later in the test suite
-	
+
 	if (name) { cc_string_release(name); }
 	if (ccache) { cc_ccache_destroy(ccache); }
 	if (context) { cc_context_release(context); }
-	
+
 	#endif /* cc_context_new_ccache_iterator */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -901,27 +901,27 @@ cc_int32 check_once_cc_context_new_ccache_iterator(cc_context_t context, cc_ccac
 	cc_int32 err = ccNoError;
 
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrBadParam, 
-		ccErrNoMem, 
-		ccErrInvalidContext, 
+		ccNoError,
+		ccErrBadParam,
+		ccErrNoMem,
+		ccErrInvalidContext,
 	};
 
     BEGIN_CHECK_ONCE(description);
 
 	#ifdef cc_context_create_new_ccache
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_context_new_ccache_iterator(context, iterator);
-		
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	// we'll do a comprehensive test of cc_ccache_iterator related functions later
-	
+
 	#endif /* cc_context_create_new_ccache */
-	
+
 	return err;
 }
 
@@ -933,14 +933,14 @@ int check_cc_context_compare(void) {
 	cc_context_t context_a = NULL;
 	cc_context_t context_b = NULL;
 	cc_uint32 equal = 0;
-	
+
 	BEGIN_TEST("cc_context_compare");
-	
+
 	#ifndef cc_context_compare
 	log_error("cc_context_compare is not implemented yet");
 	failure_count++;
 	#else
-	
+
 	err = cc_initialize(&context_a, ccapi_version_3, NULL, NULL);
 	if (!err) {
 		err = cc_initialize(&context_b, ccapi_version_3, NULL, NULL);
@@ -953,9 +953,9 @@ int check_cc_context_compare(void) {
 
 	if (context_a) { cc_context_release(context_a); }
 	if (context_b) { cc_context_release(context_b); }
-	
+
 	#endif /* cc_context_compare */
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -963,28 +963,28 @@ cc_int32 check_once_cc_context_compare(cc_context_t context, cc_context_t compar
 	cc_int32 err = ccNoError;
 
 	cc_int32 possible_return_values[4] = {
-		ccNoError, 
-		ccErrInvalidContext, 
-		ccErrBadParam, 
+		ccNoError,
+		ccErrInvalidContext,
+		ccErrBadParam,
 		ccErrServerUnavailable,
 	};
 
     BEGIN_CHECK_ONCE(description);
 
 	#ifdef cc_context_compare
-	
+
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-	
+
 	err = cc_context_compare(context, compare_to, equal);
-	
+
 	if (!err) {
 		*equal = 0;
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	#endif /* cc_context_compare */
-	
+
 	return err;
 }
diff --git a/src/ccapi/test/test_ccapi_globals.c b/src/ccapi/test/test_ccapi_globals.c
index f9aadbdda..a4ea63158 100644
--- a/src/ccapi/test/test_ccapi_globals.c
+++ b/src/ccapi/test/test_ccapi_globals.c
@@ -8,7 +8,7 @@ const char *current_test_name;
 const char *current_test_activity;
 
 const char * ccapi_error_strings[30] = {
-	
+
 	"ccNoError",						/* 0 */
 	"ccIteratorEnd",					/* 201 */
     "ccErrBadParam",
@@ -39,15 +39,15 @@ const char * ccapi_error_strings[30] = {
     "ccErrServerUnavailable",
     "ccErrServerInsecure",
     "ccErrServerCantBecomeUID",
-    
+
     "ccErrTimeOffsetNotSet",			/* 226 */
     "ccErrBadInternalMessage",
     "ccErrNotImplemented",
-	
+
 };
 
 const char * ccapiv2_error_strings[24] = {
-    
+
     "CC_NOERROR",
     "CC_BADNAME",
     "CC_NOTFOUND",
@@ -65,23 +65,23 @@ const char * ccapiv2_error_strings[24] = {
     "CC_ERR_CACHE_RELEASE",
     "CC_ERR_CACHE_FULL",
     "CC_ERR_CRED_VERSION"
-    
+
 };
 
 const char *translate_ccapi_error(cc_int32 err) {
-	
+
 	if (err == 0) {
 		return ccapi_error_strings[0];
-	} else 
+	} else
             if (err >= 0 && err <= 16){
 		return ccapiv2_error_strings[err];
-        } else 
+        } else
             if (err >= 201 && err <= 228){
 		return ccapi_error_strings[err - 200];
 	}
 	else {
 		return "\"Invalid or private CCAPI error\"";
 	}
-	
+
 	return "";
 }
diff --git a/src/ccapi/test/test_ccapi_iterators.c b/src/ccapi/test/test_ccapi_iterators.c
index c3254fbb2..e51c7cf32 100644
--- a/src/ccapi/test/test_ccapi_iterators.c
+++ b/src/ccapi/test/test_ccapi_iterators.c
@@ -13,13 +13,13 @@ int check_cc_ccache_iterator_next(void) {
 	unsigned int i;
 
     BEGIN_TEST("cc_ccache_iterator_next");
-	
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	// iterate with no ccaches
 	if (!err) {
 		err = cc_context_new_ccache_iterator(context, &iterator);
@@ -29,7 +29,7 @@ int check_cc_ccache_iterator_next(void) {
 		cc_ccache_iterator_release(iterator);
 		iterator = NULL;
 	}
-	
+
 	// iterate with one ccache
 	if (!err) {
 		destroy_all_ccaches(context);
@@ -47,14 +47,14 @@ int check_cc_ccache_iterator_next(void) {
 		cc_ccache_iterator_release(iterator);
 		iterator = NULL;
 	}
-	
+
 	// iterate with several ccaches
 	if (!err) {
 		destroy_all_ccaches(context);
 	}
 	for(i = 0; !err && (i < 1000); i++)
 	{
-        if (i%100 == 0) fprintf(stdout, ".");	
+        if (i%100 == 0) fprintf(stdout, ".");
         err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 		if (ccache) {
 			cc_ccache_release(ccache);
@@ -69,15 +69,15 @@ int check_cc_ccache_iterator_next(void) {
 		cc_ccache_iterator_release(iterator);
 		iterator = NULL;
 	}
-	
+
 
 	if (ccache) { cc_ccache_release(ccache); }
 	if (iterator) { cc_ccache_iterator_release(iterator); }
-	if (context) { 
+	if (context) {
 		destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -87,11 +87,11 @@ cc_int32 check_once_cc_ccache_iterator_next(cc_ccache_iterator_t iterator, cc_ui
 //	BEGIN_CHECK_ONCE(description);
 
 	cc_int32 possible_return_values[6] = {
-		ccNoError, 
-		ccIteratorEnd, 
-		ccErrBadParam, 
-		ccErrNoMem, 
-		ccErrInvalidCCacheIterator, 
+		ccNoError,
+		ccIteratorEnd,
+		ccErrBadParam,
+		ccErrNoMem,
+		ccErrInvalidCCacheIterator,
 		ccErrCCacheNotFound,
 	};
 	#define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
@@ -110,15 +110,15 @@ cc_int32 check_once_cc_ccache_iterator_next(cc_ccache_iterator_t iterator, cc_ui
 	if (err == ccIteratorEnd) {
 		err = ccNoError;
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	check_if(actual_count != expected_count, "iterator didn't iterate over all ccaches");
 
 //	END_CHECK_ONCE;
 
-	return err;	
+	return err;
 }
 
 
@@ -131,15 +131,15 @@ int check_cc_credentials_iterator_next(void) {
 	cc_credentials_union creds_union;
 	cc_credentials_iterator_t iterator = NULL;
 	unsigned int i;
-	
+
 	BEGIN_TEST("cc_credentials_iterator_next");
-		
+
 	err = cc_initialize(&context, ccapi_version_3, NULL, NULL);
-	
+
 	if (!err) {
 		err = destroy_all_ccaches(context);
 	}
-	
+
 	// iterate with no creds
 	if (!err) {
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
@@ -156,7 +156,7 @@ int check_cc_credentials_iterator_next(void) {
 		cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-	
+
 	// iterate with one cred
 	if (!err) {
 		destroy_all_ccaches(context);
@@ -179,14 +179,14 @@ int check_cc_credentials_iterator_next(void) {
 		cc_ccache_release(ccache);
 		ccache = NULL;
 	}
-	
+
 	// iterate with several creds
 	if (!err) {
 		destroy_all_ccaches(context);
 		err = cc_context_create_new_ccache(context, cc_credentials_v5, "foo@BAR.ORG", &ccache);
 	}
 	for(i = 0; !err && (i < 1000); i++) {
-        if (i%100 == 0) fprintf(stdout, ".");	
+        if (i%100 == 0) fprintf(stdout, ".");
 		new_v5_creds_union(&creds_union, "BAR.ORG");
 		err = cc_ccache_store_credentials(ccache, &creds_union);
 		release_v5_creds_union(&creds_union);
@@ -194,15 +194,15 @@ int check_cc_credentials_iterator_next(void) {
 	if (!err) {
 		err = cc_ccache_new_credentials_iterator(ccache, &iterator);
 	}
-	check_once_cc_credentials_iterator_next(iterator, 1000, ccNoError, "iterating over a ccache with 1000 creds");	
+	check_once_cc_credentials_iterator_next(iterator, 1000, ccNoError, "iterating over a ccache with 1000 creds");
 
 	if (ccache) { cc_ccache_release(ccache); }
 	if (iterator) { cc_credentials_iterator_release(iterator); }
-	if (context) { 
+	if (context) {
 		destroy_all_ccaches(context);
 		cc_context_release(context);
 	}
-	
+
 	END_TEST_AND_RETURN
 }
 
@@ -212,10 +212,10 @@ cc_int32 check_once_cc_credentials_iterator_next(cc_credentials_iterator_t itera
 	cc_uint32           actual_count    = 0;
 
 	cc_int32 possible_return_values[5] = {
-		ccNoError, 
-		ccIteratorEnd, 
-		ccErrBadParam, 
-		ccErrNoMem, 
+		ccNoError,
+		ccIteratorEnd,
+		ccErrBadParam,
+		ccErrNoMem,
 		ccErrInvalidCredentialsIterator,
 	};
 
@@ -234,13 +234,13 @@ cc_int32 check_once_cc_credentials_iterator_next(cc_credentials_iterator_t itera
 	if (err == ccIteratorEnd) {
 		err = ccNoError;
 	}
-	
+
 	// check returned error
 	check_err(err, expected_err, possible_return_values);
-	
+
 	check_if(actual_count != expected_count, "iterator didn't iterate over all ccaches");
 
 	END_CHECK_ONCE;
 
-	return err;	
+	return err;
 }
diff --git a/src/ccapi/test/test_ccapi_log.c b/src/ccapi/test/test_ccapi_log.c
index 348d55cdc..8ecb6931f 100644
--- a/src/ccapi/test/test_ccapi_log.c
+++ b/src/ccapi/test/test_ccapi_log.c
@@ -15,7 +15,7 @@ void _log_error_v(const char *file, int line, const char *format, va_list ap)
 }
 
 void _log_error(const char *file, int line, const char *format, ...)
-{	
+{
 	va_list ap;
 	va_start(ap, format);
 	_log_error_v(file, line, format, ap);
@@ -36,7 +36,7 @@ void test_footer(const char *msg, int err) {
 		}
 		else {
 			fprintf(stdout, "\n*** %d failure%s in %s ***\n", err, (err == 1) ? "" : "s", msg);
-		}		
+		}
 	}
 }
 
diff --git a/src/ccapi/test/test_ccapi_util.c b/src/ccapi/test/test_ccapi_util.c
index 1f66c991b..9af1a6b63 100644
--- a/src/ccapi/test/test_ccapi_util.c
+++ b/src/ccapi/test/test_ccapi_util.c
@@ -14,7 +14,7 @@
 cc_int32 destroy_all_ccaches(cc_context_t context) {
 	cc_int32 err = ccNoError;
 	cc_ccache_t ccache = NULL;
-	
+
 	while (!err) {
 		err = cc_context_open_default_ccache(context, &ccache);
 		if (!err) {
@@ -42,9 +42,9 @@ cc_int32 new_v5_creds_union (cc_credentials_union *out_union, const char *realm)
     static int num_runs = 1;
 	char *client = NULL;
 	char *server = NULL;
-	
+
     if (!out_union) { err = ccErrBadParam; }
-    
+
 	if (!err) {
 		v5creds = malloc (sizeof (*v5creds));
 		if (!v5creds) {
@@ -81,22 +81,22 @@ cc_int32 new_v5_creds_union (cc_credentials_union *out_union, const char *realm)
 		v5creds->second_ticket.data = NULL;
 		v5creds->authdata = NULL;
 	}
-	
-	
+
+
     if (!err) {
         cred_union = malloc (sizeof (*cred_union));
-        if (cred_union) { 
+        if (cred_union) {
 			cred_union->version = cc_credentials_v5;
 			cred_union->credentials.credentials_v5 = v5creds;
-        } else { 
-            err = ccErrNoMem; 
+        } else {
+            err = ccErrNoMem;
         }
     }
 	if (!err) {
 		*out_union = *cred_union;
 		cred_union = NULL;
 	}
-    
+
     return err;
 }
 
@@ -105,7 +105,7 @@ cc_int32 new_v5_creds_union (cc_credentials_union *out_union, const char *realm)
 
 void release_v5_creds_union(cc_credentials_union *creds_union) {
 	cc_credentials_v5_t *v5creds = NULL;
-	
+
 	if (creds_union) {
 		if (creds_union->credentials.credentials_v5) {
 			v5creds = creds_union->credentials.credentials_v5;
@@ -115,7 +115,7 @@ void release_v5_creds_union(cc_credentials_union *creds_union) {
 			if (v5creds->ticket.data) { free(v5creds->ticket.data); }
 			if (v5creds->second_ticket.data) { free(v5creds->second_ticket.data); }
 			free(v5creds);
-		}		
+		}
 		//free(creds_union);
 	}
 }
@@ -127,16 +127,16 @@ void release_v5_creds_union(cc_credentials_union *creds_union) {
 
 int compare_v5_creds_unions(const cc_credentials_union *a, const cc_credentials_union *b) {
 	int retval = -1;
-	
-	if (a && 
+
+	if (a &&
 		b &&
 		(a->version == cc_credentials_v5) &&
-		(a->version == b->version) && 
-		(strcmp(a->credentials.credentials_v5->client, b->credentials.credentials_v5->client) == 0) && 
-		(strcmp(a->credentials.credentials_v5->server, b->credentials.credentials_v5->server) == 0)) 
+		(a->version == b->version) &&
+		(strcmp(a->credentials.credentials_v5->client, b->credentials.credentials_v5->client) == 0) &&
+		(strcmp(a->credentials.credentials_v5->server, b->credentials.credentials_v5->server) == 0))
 	{
 		retval = 0;
 	}
-	
+
 	return retval;
 }
diff --git a/src/ccapi/test/test_ccapi_v2.c b/src/ccapi/test/test_ccapi_v2.c
index 054d216e6..9d9a7a56f 100644
--- a/src/ccapi/test/test_ccapi_v2.c
+++ b/src/ccapi/test/test_ccapi_v2.c
@@ -12,23 +12,23 @@ static cc_result destroy_all_ccaches_v2(apiCB *context) {
     cc_result err = CC_NOERROR;
     infoNC **info = NULL;
     int i = 0;
-    
+
     err = cc_get_NC_info(context, &info);
-    
+
     for (i = 0; !err && info[i]; i++) {
         ccache_p *ccache = NULL;
- 
+
         err = cc_open(context, info[i]->name, info[i]->vers, 0, &ccache);
-        
+
         if (!err) { cc_destroy(context, &ccache); }
     }
-    
+
     if (info) { cc_free_NC_info(context, &info); }
-    
+
     if (err) {
         log_error("cc_get_NC_info or cc_open failed with %s (%d)", translate_ccapi_error(err), err);
     }
-    
+
     return err;
 }
 
@@ -37,31 +37,31 @@ static cc_result destroy_all_ccaches_v2(apiCB *context) {
 
 static int compare_v5_creds_unions_compat(const cred_union *a, const cred_union *b) {
     int retval = -1;
-    
+
     if (a && b && a->cred_type == b->cred_type) {
         if (a->cred_type == CC_CRED_V5) {
-            if (!strcmp(a->cred.pV5Cred->client, b->cred.pV5Cred->client) && 
+            if (!strcmp(a->cred.pV5Cred->client, b->cred.pV5Cred->client) &&
                 !strcmp(a->cred.pV5Cred->server, b->cred.pV5Cred->server) &&
                 a->cred.pV5Cred->starttime == b->cred.pV5Cred->starttime) {
                 retval = 0;
             }
         } else if (a->cred_type == CC_CRED_V4) {
-            if (!strcmp (a->cred.pV4Cred->principal, 
+            if (!strcmp (a->cred.pV4Cred->principal,
                          b->cred.pV4Cred->principal) &&
-                !strcmp (a->cred.pV4Cred->principal_instance, 
+                !strcmp (a->cred.pV4Cred->principal_instance,
                          b->cred.pV4Cred->principal_instance) &&
-                !strcmp (a->cred.pV4Cred->service, 
+                !strcmp (a->cred.pV4Cred->service,
                          b->cred.pV4Cred->service) &&
-                !strcmp (a->cred.pV4Cred->service_instance, 
+                !strcmp (a->cred.pV4Cred->service_instance,
                          b->cred.pV4Cred->service_instance) &&
-                !strcmp (a->cred.pV4Cred->realm, 
+                !strcmp (a->cred.pV4Cred->realm,
                          b->cred.pV4Cred->realm) &&
                 a->cred.pV4Cred->issue_date == b->cred.pV4Cred->issue_date) {
                 retval = 0;
-            }            
+            }
         }
     }
-    
+
     return retval;
 }
 
@@ -75,16 +75,16 @@ static cc_result new_v5_creds_union_compat (cred_union *out_union, const char *r
     static int num_runs = 1;
     char *client = NULL;
     char *server = NULL;
-    
+
     if (!out_union) { err = CC_BAD_PARM; }
-    
+
     if (!err) {
         v5creds = malloc (sizeof (*v5creds));
         if (!v5creds) {
             err = CC_NOMEM;
         }
     }
-    
+
     if (!err) {
         asprintf(&client, "client@%s", realm);
         asprintf(&server, "host/%d%s@%s", num_runs++, realm, realm);
@@ -92,7 +92,7 @@ static cc_result new_v5_creds_union_compat (cred_union *out_union, const char *r
             err = CC_NOMEM;
         }
     }
-    
+
     if (!err) {
         v5creds->client = client;
         v5creds->server = server;
@@ -114,22 +114,22 @@ static cc_result new_v5_creds_union_compat (cred_union *out_union, const char *r
         v5creds->second_ticket.data = NULL;
         v5creds->authdata = NULL;
     }
-    
-    
+
+
     if (!err) {
         creds_union = malloc (sizeof (*creds_union));
-        if (creds_union) { 
+        if (creds_union) {
             creds_union->cred_type = CC_CRED_V5;
             creds_union->cred.pV5Cred = v5creds;
-        } else { 
-            err = CC_NOMEM; 
+        } else {
+            err = CC_NOMEM;
         }
     }
     if (!err) {
         *out_union = *creds_union;
         creds_union = NULL;
     }
-    
+
     return err;
 }
 
@@ -137,7 +137,7 @@ static cc_result new_v5_creds_union_compat (cred_union *out_union, const char *r
 
 static void release_v5_creds_union_compat(cred_union *creds_union) {
     cc_credentials_v5_compat *v5creds = NULL;
-    
+
     if (creds_union) {
         if (creds_union->cred.pV5Cred) {
             v5creds = creds_union->cred.pV5Cred;
@@ -147,7 +147,7 @@ static void release_v5_creds_union_compat(cred_union *creds_union) {
             if (v5creds->ticket.data) { free(v5creds->ticket.data); }
             if (v5creds->second_ticket.data) { free(v5creds->second_ticket.data); }
             free(v5creds);
-        }		
+        }
     }
 }
 
@@ -156,56 +156,56 @@ static void release_v5_creds_union_compat(cred_union *creds_union) {
 int check_cc_shutdown(void) {
     cc_result err = 0;
     apiCB *context = NULL;
-    
+
     BEGIN_TEST("cc_shutdown");
-    
+
     // try with valid context
     err = check_once_cc_shutdown(&context, CC_NOERROR, NULL);
-    
+
     // try with NULL
     err = check_once_cc_shutdown(NULL, CC_BAD_PARM, NULL);
-    
+
     if (context) { cc_shutdown(&context); }
-    
+
     END_TEST_AND_RETURN
 }
 
 cc_result check_once_cc_shutdown(apiCB **out_context, cc_result expected_err, const char *description) {
     cc_result err = 0;
     apiCB *context = NULL;
-    
+
     cc_result possible_return_values[2] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
+        CC_NOERROR,
+        CC_BAD_PARM,
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     if (out_context) {
         err = cc_initialize(out_context, ccapi_version_2, NULL, NULL);
-        if (!err) { 
-            context = *out_context; 
+        if (!err) {
+            context = *out_context;
         } else {
             log_error("failure in cc_initialize, unable to perform check");
             return err;
         }
     }
-    
+
     if (!err) {
         err = cc_shutdown(&context);
         // check returned error
         check_err(err, expected_err, possible_return_values);
 
     }
-    
+
     if (out_context) {
         *out_context = NULL;
     }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -217,29 +217,29 @@ int check_cc_get_change_time(void) {
     cc_time_t last_change_time = 0;
     ccache_p *ccache = NULL;
     cred_union creds_union;
-    
+
     BEGIN_TEST("cc_get_change_time");
-    
+
     /*
      * Make a context
      * make sure the change time changes after:
-     * 	a ccache is created  
-     * 	a ccache is destroyed  
-     * 	a credential is stored  
-     * 	a credential is removed  
-     * 	a ccache principal is changed  
+     * 	a ccache is created
+     * 	a ccache is destroyed
+     * 	a credential is stored
+     * 	a credential is removed
+     * 	a ccache principal is changed
      * clean up memory
      */
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
     if (!err) {
-        
+
         // try bad parameters first
         err = check_once_cc_get_change_time(context, NULL, CC_BAD_PARM, "NULL param, should fail");
-        
+
         // get_change_time should always give something > 0
         check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "first-run, should be > 0");
-        
+
         // create a ccache
         err = cc_create(context, "TEST_CCACHE", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
         if (err) {
@@ -247,7 +247,7 @@ int check_cc_get_change_time(void) {
             failure_count++;
         }
         check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after creating a new ccache");
-        
+
         if (!err) {
             // change principal
             err = cc_set_principal(context, ccache, CC_CRED_V5, "foo@BAR.ORG");
@@ -258,7 +258,7 @@ int check_cc_get_change_time(void) {
             }
         }
         check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after changing a principle");
-        
+
         new_v5_creds_union_compat(&creds_union, "BAR.ORG");
 
         // store a credential
@@ -271,7 +271,7 @@ int check_cc_get_change_time(void) {
             }
         }
         check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after storing a credential");
-        
+
         // remove a credential
         if (!err) {
             err = cc_remove_cred(context, ccache, creds_union);
@@ -281,19 +281,19 @@ int check_cc_get_change_time(void) {
                 err = CC_NOERROR;
             }
         }
-        check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after removing a credential");		
+        check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after removing a credential");
 
         release_v5_creds_union_compat(&creds_union);
-        
+
         if (ccache) {
             // destroy a ccache
             err = cc_destroy(context, &ccache);
             check_once_cc_get_change_time(context, &last_change_time, CC_NOERROR, "after destroying a ccache");
         }
     }
-    
+
     if (context) { cc_shutdown(&context); }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -303,33 +303,33 @@ cc_int32 check_once_cc_get_change_time(apiCB *context, cc_time_t *last_time, cc_
     cc_result err = 0;
     cc_time_t last_change_time;
     cc_time_t current_change_time = 0;
-    
+
     cc_result possible_return_values[3] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
+        CC_NOERROR,
+        CC_BAD_PARM,
         CC_NO_EXIST,
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     if (last_time != NULL) { // if we were passed NULL, then we're looking to pass a bad param
         err = cc_get_change_time(context, &current_change_time);
     } else {
         err = cc_get_change_time(context, NULL);
     }
-    
+
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err) {
         last_change_time = *last_time;
         check_if(current_change_time <= last_change_time, "context change time did not increase when it was supposed to (%d <= %d)", current_change_time, last_change_time);
         *last_time = current_change_time;
     }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -340,11 +340,11 @@ int check_cc_open(void) {
     apiCB *context = NULL;
     ccache_p *ccache = NULL;
     char *name = "TEST_OPEN_CCACHE";
-    
+
     BEGIN_TEST("cc_open");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    if (!err) {	
+    if (!err) {
         // create a ccache
         err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
         if (err) {
@@ -355,12 +355,12 @@ int check_cc_open(void) {
             err = cc_close(context, &ccache);
             ccache = NULL;
         }
-        
+
         // try default ccache
         if (!err) {
             err = check_once_cc_open(context, name, CC_CRED_V5, &ccache, CC_NOERROR, NULL);
         }
-        
+
         // check version
         if (!err) {
             err = check_once_cc_open(context, name, CC_CRED_V4, &ccache, CC_ERR_CRED_VERSION, NULL);
@@ -370,10 +370,10 @@ int check_cc_open(void) {
         err = check_once_cc_open(context, name, CC_CRED_V5, NULL, CC_BAD_PARM, NULL);
         err = check_once_cc_open(context, name, CC_CRED_UNKNOWN, &ccache, CC_ERR_CRED_VERSION, NULL);
      }
-    
+
     if (context) { cc_shutdown(&context); }
-    
-    END_TEST_AND_RETURN	
+
+    END_TEST_AND_RETURN
 }
 
 // ---------------------------------------------------------------------------
@@ -381,48 +381,48 @@ int check_cc_open(void) {
 cc_result check_once_cc_open(apiCB *context, const char *name, cc_int32 version, ccache_p **ccache, cc_result expected_err, const char *description) {
     cc_result err = 0;
     char *stored_name = NULL;
-    
+
     cc_result possible_return_values[5] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
+        CC_NOERROR,
+        CC_BAD_PARM,
         CC_NO_EXIST,
         CC_NOMEM,
         CC_ERR_CRED_VERSION
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     if (ccache != NULL) { // if we were passed NULL, then we're looking to pass a bad param
         err = cc_open(context, name, version, 0, ccache);
     } else {
         err = cc_open(context, name, version, 0, NULL);
     }
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err) {
         check_if(*ccache == NULL, NULL);
-        
+
         if (!err) {
             err = cc_get_name(context, *ccache, &stored_name);
         }
-        if (!err) { 
-            check_if(strcmp(stored_name, name), NULL); 
+        if (!err) {
+            check_if(strcmp(stored_name, name), NULL);
         }
         if (stored_name) { cc_free_name(context, &stored_name); }
-        
-        
+
+
         if (ccache && *ccache) {
             cc_ccache_release(*ccache);
             *ccache = NULL;
         }
     }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -433,11 +433,11 @@ int check_cc_create(void) {
     apiCB *context = NULL;
     ccache_p *ccache = NULL;
     char *name = "TEST_CC_CREATE";
-    
+
     BEGIN_TEST("cc_create");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    if (!err) {	
+    if (!err) {
         if (!err) {
             err = cc_open(context, name, CC_CRED_V5, 0, &ccache);
             if (!err) {
@@ -450,22 +450,22 @@ int check_cc_create(void) {
         if (!err) {
             err = check_once_cc_create(context, name, CC_CRED_V5, "foo@BAR.ORG", &ccache, CC_NOERROR, NULL);
         }
-        
+
         // try making a ccache with a non-unique name (the existing cache's name)
         if (!err) {
             err = check_once_cc_create(context, name, CC_CRED_V5, "foo/baz@BAR.ORG", &ccache, CC_NOERROR, NULL);
         }
-        
+
         // try bad parameters
         err = check_once_cc_create(context, NULL, CC_CRED_V5, "foo@BAR.ORG", &ccache, CC_BAD_PARM, "NULL name");                    // NULL name
         err = check_once_cc_create(context, "name", CC_CRED_MAX, "foo@BAR.ORG", &ccache, CC_ERR_CRED_VERSION, "invalid creds_vers"); // invalid creds_vers
         err = check_once_cc_create(context, "name", CC_CRED_V5, NULL, &ccache, CC_BAD_PARM, "NULL principal");                          // NULL principal
         err = check_once_cc_create(context, "name", CC_CRED_V5, "foo@BAR.ORG", NULL, CC_BAD_PARM, "NULL ccache");                    // NULL ccache
     }
-    
+
     if (ccache) { cc_destroy(context, &ccache); }
     if (context) { cc_shutdown(&context); }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -476,27 +476,27 @@ cc_result check_once_cc_create(apiCB  *context, const char *name, cc_int32 cred_
     char *stored_name = NULL;
     char *stored_principal = NULL;
     cc_int32 stored_creds_vers = 0;
-    
+
     cc_result possible_return_values[6] = {
-        CC_NOERROR, 
-        CC_BADNAME, 
-        CC_BAD_PARM, 
-        CC_NO_EXIST, 
-        CC_NOMEM, 
-        CC_ERR_CRED_VERSION, 
+        CC_NOERROR,
+        CC_BADNAME,
+        CC_BAD_PARM,
+        CC_NO_EXIST,
+        CC_NOMEM,
+        CC_ERR_CRED_VERSION,
     };
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     err = cc_create(context, name, principal, cred_vers, 0, ccache);
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err) {
         check_if(*ccache == NULL, NULL);
-        
+
         // make sure all of the ccache's info matches what we gave it
         // name
         err = cc_get_name(context, *ccache, &stored_name);
@@ -509,15 +509,15 @@ cc_result check_once_cc_create(apiCB  *context, const char *name, cc_int32 cred_
         err = cc_get_principal(context, *ccache, &stored_principal);
         if (!err) { check_if(strcmp(stored_principal, principal), NULL); }
         if (stored_principal) { cc_free_principal(context, &stored_principal); }
-        
+
         if (ccache && *ccache) {
             cc_destroy(context, ccache);
             *ccache = NULL;
         }
     }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -528,22 +528,22 @@ int check_cc_close(void) {
     apiCB *context = NULL;
     ccache_p *ccache = NULL;
     char *name = "TEST_CC_CLOSE";
-    
+
     BEGIN_TEST("cc_close");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
     }
-    
+
     if (!err) {
         check_once_cc_close(context, ccache, CC_NOERROR, NULL);
         ccache = NULL;
     }
-    
+
     if (context) { cc_shutdown(&context); }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -551,36 +551,36 @@ int check_cc_close(void) {
 
 cc_result check_once_cc_close(apiCB *context, ccache_p *ccache, cc_result expected_err, const char *description) {
     cc_result err = CC_NOERROR;
-    
+
     cc_result possible_return_values[2] = {
         CC_NOERROR,
-        CC_BAD_PARM 
+        CC_BAD_PARM
     };
-    
+
     char *name = NULL;
-    
+
     err = cc_get_name(context, ccache, &name);
     err = cc_close(context, &ccache);
     ccache = NULL;
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err && name) { // try opening released ccache to make sure it still exists
         err = cc_open(context, name, CC_CRED_V5, 0, &ccache);
     }
     check_if(err == CC_NO_EXIST, "released ccache was actually destroyed instead");
     check_if(err != CC_NOERROR, "released ccache cannot be opened");
-    
+
     if (ccache) { cc_destroy(context, &ccache); }
     if (name) { cc_free_name(context, &name); }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -591,22 +591,22 @@ int check_cc_destroy(void) {
     apiCB *context = NULL;
     ccache_p *ccache = NULL;
     char *name = "TEST_CC_DESTROY";
-    
+
     BEGIN_TEST("cc_destroy");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
     }
-    
+
     if (!err) {
         check_once_cc_destroy(context, ccache, CC_NOERROR, NULL);
         ccache = NULL;
     }
-    
+
     if (context) { cc_shutdown(&context); }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -614,39 +614,39 @@ int check_cc_destroy(void) {
 
 cc_result check_once_cc_destroy(apiCB *context, ccache_p *ccache, cc_int32 expected_err, const char *description) {
     cc_result err = CC_NOERROR;
-    
+
     cc_result possible_return_values[2] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
+        CC_NOERROR,
+        CC_BAD_PARM,
     };
-    
+
     char *name = NULL;
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #ifdef cc_ccache_destroy
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     err = cc_get_name(context, ccache, &name);
     err = cc_destroy(context, &ccache);
     ccache = NULL;
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err && name) { // try opening released ccache to make sure it still exists
         err = cc_open(context, name, CC_CRED_V5, 0, &ccache);
     }
     check_if(err != CC_NO_EXIST, "destroyed ccache was actually released instead");
-    
+
     if (ccache) { cc_destroy(context, &ccache); }
     if (name) { cc_free_name(context, &name); }
-    
+
 #endif /* cc_ccache_destroy */
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -657,11 +657,11 @@ int check_cc_get_cred_version(void) {
     apiCB *context = NULL;
     ccache_p *ccache = NULL;
     char *name = "TEST_CC_GET_CRED_VERSION_V5";
-    
+
     BEGIN_TEST("cc_get_cred_version");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     // try one created with v5 creds
     if (!err) {
         err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
@@ -673,14 +673,14 @@ int check_cc_get_cred_version(void) {
         log_error("cc_context_create_new_ccache failed, can't complete test");
         failure_count++;
     }
-    
+
     if (ccache) {
         cc_destroy(context, &ccache);
         ccache = NULL;
     }
-    
+
     err = CC_NOERROR;
-    
+
     // try one created with v4 creds
     if (!err) {
         err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V4, 0, &ccache);
@@ -696,9 +696,9 @@ int check_cc_get_cred_version(void) {
         cc_destroy(context, &ccache);
         ccache = NULL;
     }
-    
+
     if (context) { cc_shutdown(&context); }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -706,30 +706,30 @@ int check_cc_get_cred_version(void) {
 
 cc_result check_once_cc_get_cred_version(apiCB *context, ccache_p *ccache, cc_int32 expected_cred_vers, cc_int32 expected_err, const char *description) {
     cc_result err = CC_NOERROR;
-    
+
     cc_result possible_return_values[3] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
-        CC_NO_EXIST, 
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NO_EXIST,
     };
-    
+
     cc_int32 stored_cred_vers = 0;
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     err = cc_get_cred_version(context, ccache, &stored_cred_vers);
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err) {
         check_if(stored_cred_vers != expected_cred_vers, NULL);
     }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -739,15 +739,15 @@ int check_cc_get_name(void) {
     cc_result err = 0;
     apiCB *context = NULL;
     ccache_p *ccache = NULL;
-    
+
     BEGIN_TEST("cc_get_name");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     // try with unique ccache (which happens to be default)
     if (!err) {
         err = cc_create(context, "0", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
@@ -758,12 +758,12 @@ int check_cc_get_name(void) {
     else {
         log_error("cc_context_create_ccache failed, can't complete test");
         failure_count++;
-    }	
+    }
     if (ccache) {
         cc_close(context, &ccache);
         ccache = NULL;
     }
-    
+
     // try with unique ccache (which is not default)
     if (!err) {
         err = cc_context_create_ccache(context, "1", CC_CRED_V5, "foo@BAR.ORG", &ccache);
@@ -775,7 +775,7 @@ int check_cc_get_name(void) {
         log_error("cc_context_create_ccache failed, can't complete test");
         failure_count++;
     }
-    
+
     // try with bad param
     if (!err) {
         check_once_cc_get_name(context, ccache, NULL, CC_BAD_PARM, "NULL param");
@@ -784,51 +784,51 @@ int check_cc_get_name(void) {
         cc_close(context, &ccache);
         ccache = NULL;
     }
-    
-    if (context) { 
+
+    if (context) {
         err = destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
-    END_TEST_AND_RETURN	
+
+    END_TEST_AND_RETURN
 }
 
 // ---------------------------------------------------------------------------
 
 cc_int32 check_once_cc_get_name(apiCB *context, ccache_p *ccache, const char *expected_name, cc_int32 expected_err, const char *description) {
     cc_result err = CC_NOERROR;
-    
+
     cc_result possible_return_values[4] = {
-        CC_NOERROR, 
-        CC_NOMEM, 
-        CC_BAD_PARM, 
-        CC_NO_EXIST, 
+        CC_NOERROR,
+        CC_NOMEM,
+        CC_BAD_PARM,
+        CC_NO_EXIST,
     };
-    
+
     char *stored_name = NULL;
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     if (expected_name == NULL) { // we want to try with a NULL param
         err = cc_get_name(context, ccache, NULL);
     }
     else {
         err = cc_get_name(context, ccache, &stored_name);
     }
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err) {
         check_if(strcmp(stored_name, expected_name), NULL);
     }
-    
+
     if (stored_name) { cc_free_name(context, &stored_name); }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -841,15 +841,15 @@ int check_cc_get_principal(void) {
     ccache_p *ccache = NULL;
     char *name_v5 = "TEST_CC_GET_PRINCIPAL_V5";
     char *name_v4 = "TEST_CC_GET_PRINCIPAL_V4";
-    
+
     BEGIN_TEST("cc_get_principal");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     // try with krb5 principal
     if (!err) {
         err = cc_create(context, name_v5, "foo/BAR@BAZ.ORG", CC_CRED_V5, 0, &ccache);
@@ -865,7 +865,7 @@ int check_cc_get_principal(void) {
         cc_close(context, &ccache);
         ccache = NULL;
     }
-    
+
     // try with krb4 principal
     if (!err) {
         err = cc_create(context, name_v4, "foo.BAR@BAZ.ORG", CC_CRED_V4, 0, &ccache);
@@ -877,64 +877,64 @@ int check_cc_get_principal(void) {
         log_error("cc_create failed, can't complete test");
         failure_count++;
     }
-    
+
     // try with bad param
     if (!err) {
         check_once_cc_get_principal(context, ccache, NULL, CC_BAD_PARM, "passed null out param");
     }
-    
+
     if (ccache) {
         cc_close(context, &ccache);
         ccache = NULL;
     }
-    
-    if (context) { 
+
+    if (context) {
         err = destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
-    END_TEST_AND_RETURN	
+
+    END_TEST_AND_RETURN
 }
 
 // ---------------------------------------------------------------------------
 
-cc_result check_once_cc_get_principal(apiCB *context, 
-                                      ccache_p *ccache, 
-                                      const char *expected_principal, 
-                                      cc_int32 expected_err, 
+cc_result check_once_cc_get_principal(apiCB *context,
+                                      ccache_p *ccache,
+                                      const char *expected_principal,
+                                      cc_int32 expected_err,
                                       const char *description) {
     cc_result err = CC_NOERROR;
     char *stored_principal = NULL;
-    
+
     cc_result possible_return_values[4] = {
-        CC_NOERROR, 
-        CC_NOMEM, 
-        CC_NO_EXIST, 
+        CC_NOERROR,
+        CC_NOMEM,
+        CC_NO_EXIST,
         CC_BAD_PARM
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     if (expected_principal == NULL) { // we want to try with a NULL param
         err = cc_get_principal(context, ccache, NULL);
     }
     else {
         err = cc_get_principal(context, ccache, &stored_principal);
     }
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err) {
         check_if(strcmp(stored_principal, expected_principal), "expected princ == \"%s\" stored princ == \"%s\"", expected_principal, stored_principal);
     }
-    
+
     if (stored_principal) { cc_free_principal(context, &stored_principal); }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -946,15 +946,15 @@ int check_cc_set_principal(void) {
     ccache_p *ccache = NULL;
     char *name_v5 = "TEST_CC_GET_PRINCIPAL_V5";
     char *name_v4 = "TEST_CC_GET_PRINCIPAL_V4";
-    
+
     BEGIN_TEST("cc_set_principal");
-        
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     // bad params
     if (!err) {
         err = cc_create(context, name_v5, "foo@BAZ.ORG", CC_CRED_V5, 0, &ccache);
@@ -971,9 +971,9 @@ int check_cc_set_principal(void) {
         cc_destroy(context, &ccache);
         ccache = NULL;
     }
-    
+
     // empty ccache
-    
+
     // replace v5 ccache's principal
     if (!err) {
         err = cc_create(context, name_v5, "foo@BAZ.ORG", CC_CRED_V5, 0, &ccache);
@@ -990,7 +990,7 @@ int check_cc_set_principal(void) {
         cc_destroy(context, &ccache);
         ccache = NULL;
     }
-    
+
     // replace v4 ccache's principal
     if (!err) {
         err = cc_create(context, name_v4, "foo@BAZ.ORG", CC_CRED_V4, 0, &ccache);
@@ -1007,13 +1007,13 @@ int check_cc_set_principal(void) {
         cc_destroy(context, &ccache);
         ccache = NULL;
     }
-    
-    if (context) { 
+
+    if (context) {
         err = destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
-    END_TEST_AND_RETURN	
+
+    END_TEST_AND_RETURN
 }
 
 // ---------------------------------------------------------------------------
@@ -1021,37 +1021,37 @@ int check_cc_set_principal(void) {
 cc_int32 check_once_cc_set_principal(apiCB *context, ccache_p *ccache, cc_int32 cred_vers, const char *in_principal, cc_int32 expected_err, const char *description) {
     cc_result err = CC_NOERROR;
     char *stored_principal = NULL;
-    
+
     cc_result possible_return_values[5] = {
-        CC_NOERROR, 
-        CC_NOMEM, 
-        CC_NO_EXIST, 
-        CC_ERR_CRED_VERSION, 
+        CC_NOERROR,
+        CC_NOMEM,
+        CC_NO_EXIST,
+        CC_ERR_CRED_VERSION,
         CC_BAD_PARM
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     err = cc_set_principal(context, ccache, cred_vers, (char *) in_principal);
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     if (!err) {
         err = cc_get_principal(context, ccache, &stored_principal);
     }
-    
+
     // compare stored with input
     if (!err) {
         check_if(strcmp(stored_principal, in_principal), "expected princ == \"%s\" stored princ == \"%s\"", in_principal, stored_principal);
     }
-    
+
     if (stored_principal) { cc_free_principal(context, &stored_principal); }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -1064,61 +1064,61 @@ int check_cc_store(void) {
     ccache_p *dup_ccache = NULL;
     cred_union creds_union;
     char *name = NULL;
-    
+
     BEGIN_TEST("cc_store");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     if (!err) {
         err = cc_create(context, "TEST_CC_STORE", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
     }
-    
+
     // cred with matching version and realm
     if (!err) {
         err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
-        
+
         if (!err) {
             check_once_cc_store(context, ccache, creds_union, CC_NOERROR, "ok creds");
             release_v5_creds_union_compat(&creds_union);
         }
     }
-        
+
     // invalid creds
     if (!err) {
         err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
- 
+
         if (!err) {
             if (creds_union.cred.pV5Cred->client) {
                 free(creds_union.cred.pV5Cred->client);
                 creds_union.cred.pV5Cred->client = NULL;
             }
             check_once_cc_store(context, ccache, creds_union, CC_BAD_PARM, "invalid creds (NULL client string)");
-            
+
             release_v5_creds_union_compat(&creds_union);
         }
     }
-    
+
     // bad creds version
     if (!err) {
         err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
- 
+
         if (!err) {
             creds_union.cred_type = CC_CRED_MAX;
             check_once_cc_store(context, ccache, creds_union, CC_ERR_CRED_VERSION, "CC_CRED_MAX (invalid) into a ccache with only v5 princ");
             creds_union.cred_type = CC_CRED_V4;
             check_once_cc_store(context, ccache, creds_union, CC_ERR_CRED_VERSION, "v4 creds into a v5 ccache");
             creds_union.cred_type = CC_CRED_V5;
-            
+
             release_v5_creds_union_compat(&creds_union);
         }
     }
-    
+
     // non-existent ccache
-    if (ccache) { 
+    if (ccache) {
         err = cc_get_name(context, ccache, &name);
         if (!err) {
             err = cc_open(context, name, CC_CRED_V5, 0, &dup_ccache);
@@ -1126,23 +1126,23 @@ int check_cc_store(void) {
         if (name) { cc_free_name(context, &name); }
         if (dup_ccache) { cc_destroy(context, &dup_ccache); }
     }
-    
+
     if (!err) {
         err = new_v5_creds_union_compat(&creds_union, "BAR.ORG");
-  
+
         if (!err) {
             check_once_cc_store(context, ccache, creds_union, CC_NO_EXIST, "invalid ccache");
-            
+
             release_v5_creds_union_compat(&creds_union);
         }
     }
-    
+
     if (ccache) { cc_close(context, &ccache); }
-    if (context) { 
+    if (context) {
         destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -1152,24 +1152,24 @@ cc_result check_once_cc_store(apiCB *context, ccache_p *ccache, const cred_union
     cc_result err = CC_NOERROR;
     ccache_cit *iterator = NULL;
     int found = 0;
-    
+
     cc_result possible_return_values[5] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
-        CC_ERR_CACHE_FULL, 
-        CC_ERR_CRED_VERSION, 
-        CC_NO_EXIST 
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_ERR_CACHE_FULL,
+        CC_ERR_CRED_VERSION,
+        CC_NO_EXIST
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     err = cc_store(context, ccache, in_creds);
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     // make sure credentials were truly stored
     if (!err) {
         err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
@@ -1181,19 +1181,19 @@ cc_result check_once_cc_store(apiCB *context, ccache_p *ccache, const cred_union
         if (!err) {
             found = !compare_v5_creds_unions_compat(&in_creds, creds);
         }
-        
+
         if (creds) { cc_free_creds(context, &creds); }
     }
-    
-    if (err == CC_END) { 
+
+    if (err == CC_END) {
         check_if(found, "stored credentials not found in ccache");
         err = CC_NOERROR;
     }
-    
+
     if (iterator) { cc_seq_fetch_creds_end(context, &iterator); }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -1207,19 +1207,19 @@ int check_cc_remove_cred(void) {
     ccache_cit *iterator = NULL;
     char *name = NULL;
     unsigned int i;
-    
+
     BEGIN_TEST("cc_remove_cred");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     if (!err) {
         err = cc_create(context, "TEST_CC_REMOVE_CRED", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
     }
-    
+
     // store 10 creds and retrieve their cc_credentials_t representations
     for(i = 0; !err && (i < 10); i++) {
         cred_union creds;
@@ -1231,55 +1231,55 @@ int check_cc_remove_cred(void) {
         }
         release_v5_creds_union_compat(&creds);
     }
-    
+
     if (!err) {
         err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
     }
- 
+
     for (i = 0; !err && i < 10; i++) {
         creds_array[i] = NULL;
         err = cc_seq_fetch_creds_next(context, &creds_array[i], iterator);
     }
     if (err == CC_END) { err = CC_NOERROR; }
-    
+
     // remove 10 valid creds
     for (i = 0; !err && (i < 10); i++) {
         check_once_cc_remove_cred(context, ccache, *creds_array[i], CC_NOERROR, "10 ok creds");
     }
-        
+
     // non-existent creds (remove same one twice)
     check_once_cc_remove_cred(context, ccache, *creds_array[0], CC_NOTFOUND, "removed same creds twice");
-    
+
     // non-existent ccache
-    if (ccache) { 
+    if (ccache) {
         ccache_p *dup_ccache = NULL;
 
         err = cc_get_name(context, ccache, &name);
-        
+
         if (!err) {
             err = cc_open(context, name, CC_CRED_V5, 0, &dup_ccache);
         }
-        
+
         if (!err) {
             err = cc_destroy(context, &dup_ccache);
             check_once_cc_remove_cred(context, ccache, *creds_array[0], CC_NO_EXIST, "invalid ccache");
         }
-        
+
         if (name) { cc_free_name(context, &name); }
     }
-    
+
      for(i = 0; i < 10 && creds_array[i]; i++) {
         cc_free_creds(context, &creds_array[i]);
     }
-    
-    
+
+
     if (iterator) { cc_seq_fetch_creds_end(context, &iterator); iterator = NULL; }
     if (ccache) { cc_close(context, &ccache); }
-    if (context) { 
+    if (context) {
         destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -1289,49 +1289,49 @@ cc_result check_once_cc_remove_cred(apiCB *context, ccache_p *ccache, cred_union
     cc_result err = CC_NOERROR;
     ccache_cit *iterator = NULL;
     int found = 0;
-    
+
     cc_result possible_return_values[5] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
-        CC_ERR_CRED_VERSION, 
-        CC_NOTFOUND, 
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_ERR_CRED_VERSION,
+        CC_NOTFOUND,
         CC_NO_EXIST
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     err = cc_remove_cred(context, ccache, in_creds);
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     // make sure credentials were truly stored
     if (!err) {
         err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
     }
-    
+
     while (!err && !found) {
         cred_union *creds = NULL;
-        
+
         err = cc_seq_fetch_creds_next(context, &creds, iterator);
         if (!err) {
             found = !compare_v5_creds_unions_compat(&in_creds, creds);
         }
-        
+
         if (creds) { cc_free_creds(context, &creds); }
     }
-    
-    if (err == CC_END) { 
+
+    if (err == CC_END) {
         check_if(found, "credentials not removed from ccache");
         err = CC_NOERROR;
     }
-    
+
     if (iterator) { cc_seq_fetch_creds_end(context, &iterator); }
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -1342,31 +1342,31 @@ int check_cc_seq_fetch_NCs_begin(void) {
     apiCB *context = NULL;
     ccache_p *ccache = NULL;
     ccache_cit *iterator = NULL;
-    
+
     BEGIN_TEST("cc_seq_fetch_NCs_begin");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    if (!err) {	
+    if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    if (!err) {	
+    if (!err) {
         // try making when there are no existing ccaches (shouldn't make a difference, but just in case)
         check_once_cc_seq_fetch_NCs_begin(context, &iterator, CC_NOERROR, "when there are no existing ccaches");
-	
+
         err = cc_create(context, "TEST_CC_SEQ_FETCH_NCS_BEGIN", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
     }
-    if (!err) {	
+    if (!err) {
         // try making when at least one ccache already exists (just to cover all our bases)
         check_once_cc_seq_fetch_NCs_begin(context, &iterator, CC_NOERROR, "when at least one ccache already exists");
-        
+
         // try bad parameters
         check_once_cc_seq_fetch_NCs_begin(context, NULL, CC_BAD_PARM, "NULL param"); // NULL iterator
     }
     // we'll do a comprehensive test of cc_ccache_iterator related functions later in the test suite
-    
+
     if (ccache ) { cc_close(context, &ccache); }
     if (context) { cc_shutdown(&context); }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -1374,25 +1374,25 @@ int check_cc_seq_fetch_NCs_begin(void) {
 
 cc_result check_once_cc_seq_fetch_NCs_begin(apiCB *context, ccache_cit **iterator, cc_result expected_err, const char *description) {
     cc_result err = CC_NOERROR;
-    
+
     cc_result possible_return_values[4] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
-        CC_NOMEM, 
-        CC_NO_EXIST 
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NOMEM,
+        CC_NO_EXIST
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
      err = cc_seq_fetch_NCs_begin(context, iterator);
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     // we'll do a comprehensive test of cc_ccache_iterator related functions later
-    
+
     return err;
 }
 
@@ -1404,15 +1404,15 @@ int check_cc_seq_fetch_NCs_next(void) {
     ccache_p *ccache = NULL;
     ccache_cit *iterator = NULL;
     unsigned int i;
-    
+
     BEGIN_TEST("cc_seq_fetch_NCs_next");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     // iterate with no ccaches
     if (!err) {
         err = cc_seq_fetch_NCs_begin(context, &iterator);
@@ -1422,7 +1422,7 @@ int check_cc_seq_fetch_NCs_next(void) {
         cc_seq_fetch_creds_end(context, &iterator);
         iterator = NULL;
     }
-    
+
     // iterate with one ccache
     if (!err) {
         destroy_all_ccaches_v2(context);
@@ -1440,7 +1440,7 @@ int check_cc_seq_fetch_NCs_next(void) {
         cc_seq_fetch_creds_end(context, &iterator);
         iterator = NULL;
     }
-    
+
     // iterate with several ccaches
     if (!err) {
         destroy_all_ccaches_v2(context);
@@ -1448,8 +1448,8 @@ int check_cc_seq_fetch_NCs_next(void) {
     for(i = 0; !err && (i < 1000); i++)
     {
         char *name = NULL;
-        
-        if (i%100 == 0) fprintf(stdout, ".");	
+
+        if (i%100 == 0) fprintf(stdout, ".");
         asprintf (&name, "TEST_CC_SEQ_FETCH_NCS_NEXT_%d", i);
         err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
         if (ccache) {
@@ -1466,15 +1466,15 @@ int check_cc_seq_fetch_NCs_next(void) {
         cc_seq_fetch_creds_end(context, &iterator);
         iterator = NULL;
     }
-    
-    
+
+
     if (ccache) { cc_close(context, &ccache); }
     if (iterator) { cc_seq_fetch_creds_end(context, &iterator); }
-    if (context) { 
+    if (context) {
         destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -1482,21 +1482,21 @@ int check_cc_seq_fetch_NCs_next(void) {
 
 cc_result check_once_cc_seq_fetch_NCs_next(apiCB *context, ccache_cit *iterator, cc_uint32 expected_count, cc_result expected_err, const char *description) {
     cc_result err = CC_NOERROR;
-    
+
     cc_result possible_return_values[5] = {
-        CC_NOERROR, 
-        CC_END, 
-        CC_BAD_PARM, 
-        CC_NOMEM, 
+        CC_NOERROR,
+        CC_END,
+        CC_BAD_PARM,
+        CC_NOMEM,
         CC_NO_EXIST
     };
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     ccache_p *ccache = NULL;
     cc_uint32 actual_count = 0;
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
     while (!err) {
         err = cc_seq_fetch_NCs_next(context, &ccache, iterator);
         if (ccache) {
@@ -1508,15 +1508,15 @@ cc_result check_once_cc_seq_fetch_NCs_next(apiCB *context, ccache_cit *iterator,
     if (err == CC_END) {
         err = CC_NOERROR;
     }
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     check_if(actual_count != expected_count, "iterator didn't iterate over all ccaches");
-    
+
     END_CHECK_ONCE;
-    
-    return err;	
+
+    return err;
 }
 
 // ---------------------------------------------------------------------------
@@ -1526,18 +1526,18 @@ int check_cc_get_NC_info(void) {
     apiCB *context = NULL;
     ccache_p *ccache = NULL;
     unsigned int i;
-    
+
     BEGIN_TEST("cc_get_NC_info");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     // iterate with no ccaches
     check_once_cc_get_NC_info(context, "", "", CC_CRED_MAX, 0, CC_NOERROR, "iterating over an empty collection");
-    
+
     // iterate with one ccache
     if (!err) {
         destroy_all_ccaches_v2(context);
@@ -1548,7 +1548,7 @@ int check_cc_get_NC_info(void) {
         ccache = NULL;
     }
     check_once_cc_get_NC_info(context, "TEST_CC_GET_NC_INFO", "foo@BAR.ORG", CC_CRED_V5, 1, CC_NOERROR, "iterating over a collection of 1 ccache");
-    
+
     // iterate with several ccaches
     if (!err) {
         destroy_all_ccaches_v2(context);
@@ -1556,8 +1556,8 @@ int check_cc_get_NC_info(void) {
     for(i = 0; !err && (i < 1000); i++)
     {
         char *name = NULL;
-        
-        if (i%100 == 0) fprintf(stdout, ".");	
+
+        if (i%100 == 0) fprintf(stdout, ".");
         asprintf (&name, "TEST_CC_GET_NC_INFO_%d", i);
         err = cc_create(context, name, "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
         if (ccache) {
@@ -1566,58 +1566,58 @@ int check_cc_get_NC_info(void) {
         }
         free (name);
     }
-    check_once_cc_get_NC_info(context, "TEST_CC_GET_NC_INFO", "foo@BAR.ORG", CC_CRED_V5, 1000, CC_NOERROR, "iterating over a collection of 1000 ccache");    
-    
+    check_once_cc_get_NC_info(context, "TEST_CC_GET_NC_INFO", "foo@BAR.ORG", CC_CRED_V5, 1000, CC_NOERROR, "iterating over a collection of 1000 ccache");
+
     if (ccache) { cc_close(context, &ccache); }
-    if (context) { 
+    if (context) {
         destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
+
     END_TEST_AND_RETURN
 }
 
 // ---------------------------------------------------------------------------
 
-cc_result check_once_cc_get_NC_info(apiCB *context, 
-                                    const char *expected_name_prefix, 
-                                    const char *expected_principal, 
-                                    cc_int32 expected_version, 
-                                    cc_uint32 expected_count, 
-                                    cc_result expected_err, 
+cc_result check_once_cc_get_NC_info(apiCB *context,
+                                    const char *expected_name_prefix,
+                                    const char *expected_principal,
+                                    cc_int32 expected_version,
+                                    cc_uint32 expected_count,
+                                    cc_result expected_err,
                                     const char *description) {
     cc_result err = CC_NOERROR;
     infoNC **info = NULL;
-    
+
     cc_result possible_return_values[4] = {
         CC_NOERROR,
-        CC_BAD_PARM, 
-        CC_NOMEM, 
+        CC_BAD_PARM,
+        CC_NOMEM,
         CC_NO_EXIST
     };
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     cc_uint32 actual_count = 0;
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
     err = cc_get_NC_info(context, &info);
-    
+
     for (actual_count = 0; !err && info[actual_count]; actual_count++) {
         check_if(strncmp(info[actual_count]->name, expected_name_prefix, strlen(expected_name_prefix)), "got incorrect ccache name");
         check_if(strcmp(info[actual_count]->principal, expected_principal), "got incorrect principal name");
         check_if(info[actual_count]->vers != expected_version, "got incorrect cred version");
     }
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     check_if(actual_count != expected_count, "NC info didn't list all ccaches");
-    
+
     if (info) { cc_free_NC_info (context, &info); }
     END_CHECK_ONCE;
-    
-    return err;	
+
+    return err;
 }
 
 // ---------------------------------------------------------------------------
@@ -1629,39 +1629,39 @@ int check_cc_seq_fetch_creds_begin(void) {
     ccache_p *dup_ccache = NULL;
     ccache_cit *creds_iterator = NULL;
     char *name = NULL;
-    
+
     BEGIN_TEST("cc_seq_fetch_creds_begin");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     if (!err) {
         err = cc_create(context, "TEST_CC_SEQ_FETCH_CREDS_BEGIN", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
     }
-    
+
     // valid params
     if (!err) {
         check_once_cc_seq_fetch_creds_begin(context, ccache, &creds_iterator, CC_NOERROR, "valid params");
     }
-    if (creds_iterator) { 
-        cc_seq_fetch_creds_end(context, &creds_iterator); 
+    if (creds_iterator) {
+        cc_seq_fetch_creds_end(context, &creds_iterator);
         creds_iterator = NULL;
     }
-    
+
     // NULL out param
     if (!err) {
         check_once_cc_seq_fetch_creds_begin(context, ccache, NULL, CC_BAD_PARM, "NULL out iterator param");
     }
-    if (creds_iterator) { 
-        cc_seq_fetch_creds_end(context, &creds_iterator); 
+    if (creds_iterator) {
+        cc_seq_fetch_creds_end(context, &creds_iterator);
         creds_iterator = NULL;
     }
-    
+
     // non-existent ccache
-    if (ccache) { 
+    if (ccache) {
         err = cc_get_name(context, ccache, &name);
         if (!err) {
             err = cc_open(context, name, CC_CRED_V5, 0, &dup_ccache);
@@ -1669,21 +1669,21 @@ int check_cc_seq_fetch_creds_begin(void) {
         if (name) { cc_free_name(context, &name); }
         if (dup_ccache) { cc_destroy(context, &dup_ccache); }
     }
-    
+
     if (!err) {
         check_once_cc_seq_fetch_creds_begin(context, ccache, &creds_iterator, CC_NO_EXIST, "invalid ccache");
     }
-    
-    if (creds_iterator) { 
-        cc_seq_fetch_creds_end(context, &creds_iterator); 
+
+    if (creds_iterator) {
+        cc_seq_fetch_creds_end(context, &creds_iterator);
         creds_iterator = NULL;
     }
     if (ccache) { cc_close(context, &ccache); }
-    if (context) { 
+    if (context) {
         destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -1691,25 +1691,25 @@ int check_cc_seq_fetch_creds_begin(void) {
 
 cc_result check_once_cc_seq_fetch_creds_begin(apiCB *context, ccache_p *ccache, ccache_cit **iterator, cc_result expected_err, const char *description) {
     cc_result err = CC_NOERROR;
-    
+
     cc_result possible_return_values[5] = {
-        CC_NOERROR, 
-        CC_BAD_PARM, 
-        CC_NOMEM, 
+        CC_NOERROR,
+        CC_BAD_PARM,
+        CC_NOMEM,
         CC_NO_EXIST
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     err = cc_seq_fetch_creds_begin(context, ccache, iterator);
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     END_CHECK_ONCE;
-    
+
     return err;
 }
 
@@ -1722,15 +1722,15 @@ int check_cc_seq_fetch_creds_next(void) {
     cred_union creds_union;
     ccache_cit *iterator = NULL;
     unsigned int i;
-    
+
     BEGIN_TEST("cc_seq_fetch_creds_next");
-    
+
     err = cc_initialize(&context, ccapi_version_2, NULL, NULL);
-    
+
     if (!err) {
         err = destroy_all_ccaches_v2(context);
     }
-    
+
     // iterate with no creds
     if (!err) {
         err = cc_create(context, "TEST_CC_SEQ_FETCH_CREDS_NEXT", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
@@ -1747,7 +1747,7 @@ int check_cc_seq_fetch_creds_next(void) {
         cc_close(context, &ccache);
         ccache = NULL;
     }
-    
+
     // iterate with one cred
     if (!err) {
         destroy_all_ccaches_v2(context);
@@ -1770,14 +1770,14 @@ int check_cc_seq_fetch_creds_next(void) {
         cc_close(context, &ccache);
         ccache = NULL;
     }
-    
+
     // iterate with several creds
     if (!err) {
         destroy_all_ccaches_v2(context);
         err = cc_create(context, "TEST_CC_SEQ_FETCH_CREDS_NEXT", "foo@BAR.ORG", CC_CRED_V5, 0, &ccache);
     }
     for(i = 0; !err && (i < 1000); i++) {
-        if (i%100 == 0) fprintf(stdout, ".");	
+        if (i%100 == 0) fprintf(stdout, ".");
         new_v5_creds_union_compat(&creds_union, "BAR.ORG");
         err = cc_store(context, ccache, creds_union);
         release_v5_creds_union_compat(&creds_union);
@@ -1785,15 +1785,15 @@ int check_cc_seq_fetch_creds_next(void) {
     if (!err) {
         err = cc_seq_fetch_creds_begin(context, ccache, &iterator);
     }
-    check_once_cc_seq_fetch_creds_next(context, iterator, 1000, CC_NOERROR, "iterating over a ccache with 1000 creds");	
-    
+    check_once_cc_seq_fetch_creds_next(context, iterator, 1000, CC_NOERROR, "iterating over a ccache with 1000 creds");
+
     if (ccache) { cc_close(context, &ccache); }
     if (iterator) { cc_seq_fetch_creds_end(context, &iterator); }
-    if (context) { 
+    if (context) {
         destroy_all_ccaches_v2(context);
         cc_shutdown(&context);
     }
-    
+
     END_TEST_AND_RETURN
 }
 
@@ -1803,19 +1803,19 @@ cc_result check_once_cc_seq_fetch_creds_next(apiCB *context, ccache_cit *iterato
     cc_result   err             = CC_NOERROR;
     cred_union *creds           = NULL;
     cc_uint32   actual_count    = 0;
-    
+
     cc_result possible_return_values[5] = {
-        CC_NOERROR, 
-        CC_END, 
-        CC_BAD_PARM, 
-        CC_NOMEM, 
+        CC_NOERROR,
+        CC_END,
+        CC_BAD_PARM,
+        CC_NOMEM,
         CC_NO_EXIST,
     };
-    
+
     BEGIN_CHECK_ONCE(description);
-    
+
 #define possible_ret_val_count sizeof(possible_return_values)/sizeof(possible_return_values[0])
-    
+
     while (!err) {
         err = cc_seq_fetch_creds_next(context, &creds, iterator);
         if (creds) {
@@ -1827,14 +1827,13 @@ cc_result check_once_cc_seq_fetch_creds_next(apiCB *context, ccache_cit *iterato
     if (err == CC_END) {
         err = CC_NOERROR;
     }
-    
+
     // check returned error
     check_err(err, expected_err, possible_return_values);
-    
+
     check_if(actual_count != expected_count, "iterator didn't iterate over all ccaches");
-    
+
     END_CHECK_ONCE;
-    
-    return err;	
-}
 
+    return err;
+}
diff --git a/src/ccapi/test/test_ccapi_v2.h b/src/ccapi/test/test_ccapi_v2.h
index 55abdffde..8508daa45 100644
--- a/src/ccapi/test/test_ccapi_v2.h
+++ b/src/ccapi/test/test_ccapi_v2.h
@@ -34,10 +34,10 @@ int check_cc_get_name(void);
 cc_int32 check_once_cc_get_name(apiCB *context, ccache_p *ccache, const char *expected_name, cc_int32 expected_err, const char *description);
 
 int check_cc_get_principal(void);
-cc_result check_once_cc_get_principal(apiCB *context, 
-                                      ccache_p *ccache, 
-                                      const char *expected_principal, 
-                                      cc_int32 expected_err, 
+cc_result check_once_cc_get_principal(apiCB *context,
+                                      ccache_p *ccache,
+                                      const char *expected_principal,
+                                      cc_int32 expected_err,
                                       const char *description);
 
 int check_cc_set_principal(void);
@@ -56,18 +56,18 @@ int check_cc_seq_fetch_NCs_next(void);
 cc_result check_once_cc_seq_fetch_NCs_next(apiCB *context, ccache_cit *iterator, cc_uint32 expected_count, cc_result expected_err, const char *description);
 
 int check_cc_get_NC_info(void);
-cc_result check_once_cc_get_NC_info(apiCB *context, 
-                                    const char *expected_name, 
-                                    const char *expected_principal, 
-                                    cc_int32 expected_version, 
-                                    cc_uint32 expected_count, 
-                                    cc_result expected_err, 
+cc_result check_once_cc_get_NC_info(apiCB *context,
+                                    const char *expected_name,
+                                    const char *expected_principal,
+                                    cc_int32 expected_version,
+                                    cc_uint32 expected_count,
+                                    cc_result expected_err,
                                     const char *description);
 
 int check_cc_seq_fetch_creds_begin(void);
 cc_result check_once_cc_seq_fetch_creds_begin(apiCB *context, ccache_p *ccache, ccache_cit **iterator, cc_result expected_err, const char *description);
 
 int check_cc_seq_fetch_creds_next(void);
-cc_result check_once_cc_seq_fetch_creds_next(apiCB *context, ccache_cit *iterator, cc_uint32 expected_count, cc_result expected_err, const char *description);    
+cc_result check_once_cc_seq_fetch_creds_next(apiCB *context, ccache_cit *iterator, cc_uint32 expected_count, cc_result expected_err, const char *description);
 
 #endif /* _TEST_CCAPI_V2_H_ */
diff --git a/src/ccapi/test/test_constants.c b/src/ccapi/test/test_constants.c
index 367baac4c..f4f272c4d 100644
--- a/src/ccapi/test/test_constants.c
+++ b/src/ccapi/test/test_constants.c
@@ -7,7 +7,7 @@
 #include "test_ccapi_ccache.h"
 
 int main (int argc, const char * argv[]) {
-    
+
 	cc_int32 err = ccNoError;
 	T_CCAPI_INIT;
 	err = check_constants();
diff --git a/src/clients/kcpytkt/kcpytkt.c b/src/clients/kcpytkt/kcpytkt.c
index 8efddb413..d39af4585 100644
--- a/src/clients/kcpytkt/kcpytkt.c
+++ b/src/clients/kcpytkt/kcpytkt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -33,34 +34,34 @@ int main(int argc, char *argv[])
     prog = prog ? (prog + 1) : argv[0];
 
     while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) {
-	switch (option) {
+        switch (option) {
         case 'c':
             fromccachestr = optarg;
             break;
-	case 'e':
-	    etypestr = optarg;
-	    break;
+        case 'e':
+            etypestr = optarg;
+            break;
         case 'f':
             flags = atoi(optarg);
             break;
-	case 'q':
-	    quiet = 1;
-	    break;
-	case 'h':
-	default:
-	    xusage();
-	    break;
-	}
+        case 'q':
+            quiet = 1;
+            break;
+        case 'h':
+        default:
+            xusage();
+        break;
+        }
     }
 
     if ((argc - optind) < 2)
-	xusage();
+        xusage();
 
     do_kcpytkt(argc - optind, argv + optind, fromccachestr, etypestr, flags);
     return 0;
 }
 
-static void do_kcpytkt (int count, char *names[], 
+static void do_kcpytkt (int count, char *names[],
                         char *fromccachestr, char *etypestr, int flags)
 {
     krb5_context context;
@@ -76,19 +77,19 @@ static void do_kcpytkt (int count, char *names[],
 
     ret = krb5_init_context(&context);
     if (ret) {
-	com_err(prog, ret, "while initializing krb5 library");
-	exit(1);
+        com_err(prog, ret, "while initializing krb5 library");
+        exit(1);
     }
 
     if (etypestr) {
         ret = krb5_string_to_enctype(etypestr, &etype);
-	if (ret) {
-	    com_err(prog, ret, "while converting etype");
-	    exit(1);
-	}
+        if (ret) {
+            com_err(prog, ret, "while converting etype");
+            exit(1);
+        }
         retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES;
     } else {
-	etype = 0;
+        etype = 0;
         retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
     }
 
@@ -97,76 +98,76 @@ static void do_kcpytkt (int count, char *names[],
     else
         ret = krb5_cc_default(context, &fromccache);
     if (ret) {
-	com_err(prog, ret, "while opening source ccache");
-	exit(1);
+        com_err(prog, ret, "while opening source ccache");
+        exit(1);
     }
 
     ret = krb5_cc_get_principal(context, fromccache, &me);
     if (ret) {
-	com_err(prog, ret, "while getting client principal name");
-	exit(1);
+        com_err(prog, ret, "while getting client principal name");
+        exit(1);
     }
 
     ret = krb5_cc_resolve(context, names[0], &destccache);
     if (ret) {
-	com_err(prog, ret, "while opening destination cache");
-	exit(1);
+        com_err(prog, ret, "while opening destination cache");
+        exit(1);
     }
 
     errors = 0;
 
     for (i = 1; i < count; i++) {
-	memset(&in_creds, 0, sizeof(in_creds));
+        memset(&in_creds, 0, sizeof(in_creds));
 
-	in_creds.client = me;
+        in_creds.client = me;
 
-	ret = krb5_parse_name(context, names[i], &in_creds.server);
-	if (ret) {
-	    if (!quiet)
-		fprintf(stderr, "%s: %s while parsing principal name\n",
-			names[i], error_message(ret));
-	    errors++;
-	    continue;
-	}
+        ret = krb5_parse_name(context, names[i], &in_creds.server);
+        if (ret) {
+            if (!quiet)
+                fprintf(stderr, "%s: %s while parsing principal name\n",
+                        names[i], error_message(ret));
+            errors++;
+            continue;
+        }
 
-	ret = krb5_unparse_name(context, in_creds.server, &princ);
-	if (ret) {
-	    fprintf(stderr, "%s: %s while printing principal name\n",
-		    names[i], error_message(ret));
-	    errors++;
-	    continue;
-	}
+        ret = krb5_unparse_name(context, in_creds.server, &princ);
+        if (ret) {
+            fprintf(stderr, "%s: %s while printing principal name\n",
+                    names[i], error_message(ret));
+            errors++;
+            continue;
+        }
 
-	in_creds.keyblock.enctype = etype;
+        in_creds.keyblock.enctype = etype;
 
         ret = krb5_cc_retrieve_cred(context, fromccache, retflags,
-                                    &in_creds, &out_creds);  
-	if (ret) {
-	    fprintf(stderr, "%s: %s while retrieving credentials\n",
-		    princ, error_message(ret));
+                                    &in_creds, &out_creds);
+        if (ret) {
+            fprintf(stderr, "%s: %s while retrieving credentials\n",
+                    princ, error_message(ret));
 
-	    krb5_free_unparsed_name(context, princ);
+            krb5_free_unparsed_name(context, princ);
 
-	    errors++;
-	    continue;
-	}
+            errors++;
+            continue;
+        }
 
-	ret = krb5_cc_store_cred(context, destccache, &out_creds);
+        ret = krb5_cc_store_cred(context, destccache, &out_creds);
 
-	krb5_free_principal(context, in_creds.server);
+        krb5_free_principal(context, in_creds.server);
 
-	if (ret) {
-	    fprintf(stderr, "%s: %s while removing credentials\n",
-		    princ, error_message(ret));
+        if (ret) {
+            fprintf(stderr, "%s: %s while removing credentials\n",
+                    princ, error_message(ret));
 
             krb5_free_cred_contents(context, &out_creds);
-	    krb5_free_unparsed_name(context, princ);
+            krb5_free_unparsed_name(context, princ);
 
-	    errors++;
-	    continue;
-	}
+            errors++;
+            continue;
+        }
 
-	krb5_free_unparsed_name(context, princ);
+        krb5_free_unparsed_name(context, princ);
         krb5_free_cred_contents(context, &out_creds);
     }
 
@@ -176,7 +177,7 @@ static void do_kcpytkt (int count, char *names[],
     krb5_free_context(context);
 
     if (errors)
-	exit(1);
+        exit(1);
 
     exit(0);
 }
diff --git a/src/clients/kdeltkt/kdeltkt.c b/src/clients/kdeltkt/kdeltkt.c
index 832a07075..2ca42c1f4 100644
--- a/src/clients/kdeltkt/kdeltkt.c
+++ b/src/clients/kdeltkt/kdeltkt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -33,34 +34,34 @@ int main(int argc, char *argv[])
     prog = prog ? (prog + 1) : argv[0];
 
     while ((option = getopt(argc, argv, "c:e:f:hq")) != -1) {
-	switch (option) {
+        switch (option) {
         case 'c':
             ccachestr = optarg;
             break;
-	case 'e':
-	    etypestr = optarg;
-	    break;
+        case 'e':
+            etypestr = optarg;
+            break;
         case 'f':
             flags = atoi(optarg);
             break;
-	case 'q':
-	    quiet = 1;
-	    break;
-	case 'h':
-	default:
-	    xusage();
-	    break;
-	}
+        case 'q':
+            quiet = 1;
+            break;
+        case 'h':
+        default:
+            xusage();
+        break;
+        }
     }
 
     if ((argc - optind) < 1)
-	xusage();
+        xusage();
 
     do_kdeltkt(argc - optind, argv + optind, ccachestr, etypestr, flags);
     return 0;
 }
 
-static void do_kdeltkt (int count, char *names[], 
+static void do_kdeltkt (int count, char *names[],
                         char *ccachestr, char *etypestr, int flags)
 {
     krb5_context context;
@@ -75,19 +76,19 @@ static void do_kdeltkt (int count, char *names[],
 
     ret = krb5_init_context(&context);
     if (ret) {
-	com_err(prog, ret, "while initializing krb5 library");
-	exit(1);
+        com_err(prog, ret, "while initializing krb5 library");
+        exit(1);
     }
 
     if (etypestr) {
         ret = krb5_string_to_enctype(etypestr, &etype);
-	if (ret) {
-	    com_err(prog, ret, "while converting etype");
-	    exit(1);
-	}
+        if (ret) {
+            com_err(prog, ret, "while converting etype");
+            exit(1);
+        }
         retflags = KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES;
     } else {
-	etype = 0;
+        etype = 0;
         retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
     }
 
@@ -96,71 +97,71 @@ static void do_kdeltkt (int count, char *names[],
     else
         ret = krb5_cc_default(context, &ccache);
     if (ret) {
-	com_err(prog, ret, "while opening ccache");
-	exit(1);
+        com_err(prog, ret, "while opening ccache");
+        exit(1);
     }
 
     ret = krb5_cc_get_principal(context, ccache, &me);
     if (ret) {
-	com_err(prog, ret, "while getting client principal name");
-	exit(1);
+        com_err(prog, ret, "while getting client principal name");
+        exit(1);
     }
 
     errors = 0;
 
     for (i = 0; i < count; i++) {
-	memset(&in_creds, 0, sizeof(in_creds));
+        memset(&in_creds, 0, sizeof(in_creds));
 
-	in_creds.client = me;
+        in_creds.client = me;
 
-	ret = krb5_parse_name(context, names[i], &in_creds.server);
-	if (ret) {
-	    if (!quiet)
-		fprintf(stderr, "%s: %s while parsing principal name\n",
-			names[i], error_message(ret));
-	    errors++;
-	    continue;
-	}
+        ret = krb5_parse_name(context, names[i], &in_creds.server);
+        if (ret) {
+            if (!quiet)
+                fprintf(stderr, "%s: %s while parsing principal name\n",
+                        names[i], error_message(ret));
+            errors++;
+            continue;
+        }
 
-	ret = krb5_unparse_name(context, in_creds.server, &princ);
-	if (ret) {
-	    fprintf(stderr, "%s: %s while printing principal name\n",
-		    names[i], error_message(ret));
-	    errors++;
-	    continue;
-	}
+        ret = krb5_unparse_name(context, in_creds.server, &princ);
+        if (ret) {
+            fprintf(stderr, "%s: %s while printing principal name\n",
+                    names[i], error_message(ret));
+            errors++;
+            continue;
+        }
 
-	in_creds.keyblock.enctype = etype;
+        in_creds.keyblock.enctype = etype;
 
         ret = krb5_cc_retrieve_cred(context, ccache, retflags,
-                                    &in_creds, &out_creds);  
-	if (ret) {
-	    fprintf(stderr, "%s: %s while retrieving credentials\n",
-		    princ, error_message(ret));
+                                    &in_creds, &out_creds);
+        if (ret) {
+            fprintf(stderr, "%s: %s while retrieving credentials\n",
+                    princ, error_message(ret));
 
-	    krb5_free_unparsed_name(context, princ);
+            krb5_free_unparsed_name(context, princ);
 
-	    errors++;
-	    continue;
-	}
+            errors++;
+            continue;
+        }
 
-	ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
+        ret = krb5_cc_remove_cred(context, ccache, flags, &out_creds);
 
-	krb5_free_principal(context, in_creds.server);
+        krb5_free_principal(context, in_creds.server);
 
-	if (ret) {
-	    fprintf(stderr, "%s: %s while removing credentials\n",
-		    princ, error_message(ret));
+        if (ret) {
+            fprintf(stderr, "%s: %s while removing credentials\n",
+                    princ, error_message(ret));
 
             krb5_free_cred_contents(context, &out_creds);
-	    krb5_free_unparsed_name(context, princ);
+            krb5_free_unparsed_name(context, princ);
 
-	    errors++;
-	    continue;
-	}
+            errors++;
+            continue;
+        }
 
-	krb5_free_unparsed_name(context, princ);
-    krb5_free_cred_contents(context, &out_creds);
+        krb5_free_unparsed_name(context, princ);
+        krb5_free_cred_contents(context, &out_creds);
     }
 
     krb5_free_principal(context, me);
@@ -168,7 +169,7 @@ static void do_kdeltkt (int count, char *names[],
     krb5_free_context(context);
 
     if (errors)
-	exit(1);
+        exit(1);
 
     exit(0);
 }
diff --git a/src/clients/kdestroy/kdestroy.c b/src/clients/kdestroy/kdestroy.c
index 3f2f32682..4741f1a35 100644
--- a/src/clients/kdestroy/kdestroy.c
+++ b/src/clients/kdestroy/kdestroy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * clients/kdestroy/kdestroy.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Destroy the contents of your credential cache.
  */
@@ -81,70 +82,70 @@ main(argc, argv)
     progname = GET_PROGNAME(argv[0]);
 
     while ((c = getopt(argc, argv, "54qc:")) != -1) {
-	switch (c) {
-	case 'q':
-	    quiet = 1;
-	    break;	
-	case 'c':
-	    if (cache_name) {
-		fprintf(stderr, "Only one -c option allowed\n");
-		errflg++;
-	    } else {
-		cache_name = optarg;
-	    }
-	    break;
-	case '4':
-	    fprintf(stderr, "Kerberos 4 is no longer supported\n");
-	    exit(3);
-	    break;
-	case '5':
-	    break;
-	case '?':
-	default:
-	    errflg++;
-	    break;
-	}
+        switch (c) {
+        case 'q':
+            quiet = 1;
+            break;
+        case 'c':
+            if (cache_name) {
+                fprintf(stderr, "Only one -c option allowed\n");
+                errflg++;
+            } else {
+                cache_name = optarg;
+            }
+            break;
+        case '4':
+            fprintf(stderr, "Kerberos 4 is no longer supported\n");
+            exit(3);
+            break;
+        case '5':
+            break;
+        case '?':
+        default:
+            errflg++;
+        break;
+        }
     }
 
     if (optind != argc)
-	errflg++;
-    
+        errflg++;
+
     if (errflg) {
-	usage();
+        usage();
     }
 
     retval = krb5_init_context(&kcontext);
     if (retval) {
-	com_err(progname, retval, "while initializing krb5");
-	exit(1);
+        com_err(progname, retval, "while initializing krb5");
+        exit(1);
     }
 
     if (cache_name) {
-	code = krb5_cc_resolve (kcontext, cache_name, &cache);
-	if (code != 0) {
-	    com_err (progname, code, "while resolving %s", cache_name);
-	    exit(1);
-	}
+        code = krb5_cc_resolve (kcontext, cache_name, &cache);
+        if (code != 0) {
+            com_err (progname, code, "while resolving %s", cache_name);
+            exit(1);
+        }
     } else {
-	code = krb5_cc_default(kcontext, &cache);
-	if (code) {
-	    com_err(progname, code, "while getting default ccache");
-	    exit(1);
-	}
+        code = krb5_cc_default(kcontext, &cache);
+        if (code) {
+            com_err(progname, code, "while getting default ccache");
+            exit(1);
+        }
     }
 
     code = krb5_cc_destroy (kcontext, cache);
     if (code != 0) {
-	com_err (progname, code, "while destroying cache");
-	if (code != KRB5_FCC_NOFILE) {
-	    if (quiet)
-		fprintf(stderr, "Ticket cache NOT destroyed!\n");
-	    else {
-		fprintf(stderr, "Ticket cache %cNOT%c destroyed!\n", 
-			BELL_CHAR, BELL_CHAR);
-	    }
-	    errflg = 1;
-	}
+        com_err (progname, code, "while destroying cache");
+        if (code != KRB5_FCC_NOFILE) {
+            if (quiet)
+                fprintf(stderr, "Ticket cache NOT destroyed!\n");
+            else {
+                fprintf(stderr, "Ticket cache %cNOT%c destroyed!\n",
+                        BELL_CHAR, BELL_CHAR);
+            }
+            errflg = 1;
+        }
     }
     return errflg;
 }
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index 808107f79..96bb9cdcc 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * clients/kinit/kinit.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,13 +23,13 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Initialize a credentials cache.
  */
 
 #include "autoconf.h"
-#include "k5-platform.h"	/* for asprintf */
+#include "k5-platform.h"        /* for asprintf */
 #include <krb5.h>
 #include <string.h>
 #include <stdio.h>
@@ -61,12 +62,12 @@ extern int getopt();
 
 #ifdef HAVE_PWD_H
 #include <pwd.h>
-static 
+static
 char * get_name_from_os()
 {
     struct passwd *pw;
     if ((pw = getpwuid((int) getuid())))
-	return pw->pw_name;
+        return pw->pw_name;
     return 0;
 }
 #else /* HAVE_PWD_H */
@@ -77,10 +78,10 @@ char * get_name_from_os()
     static char name[1024];
     DWORD name_size = sizeof(name);
     if (GetUserName(name, &name_size)) {
-	name[sizeof(name)-1] = 0; /* Just to be extra safe */
-	return name;
+        name[sizeof(name)-1] = 0; /* Just to be extra safe */
+        return name;
     } else {
-	return 0;
+        return 0;
     }
 }
 #else /* _WIN32 */
@@ -175,34 +176,34 @@ usage()
 #define USAGE_LONG_FORWARDABLE  ""
 #define USAGE_LONG_PROXIABLE    ""
 #define USAGE_LONG_ADDRESSES    ""
-#define USAGE_LONG_CANONICALIZE	""
-#define USAGE_LONG_ENTERPRISE	""
+#define USAGE_LONG_CANONICALIZE ""
+#define USAGE_LONG_ENTERPRISE   ""
 #define USAGE_BREAK_LONG        ""
 #endif
 
     fprintf(stderr, "Usage: %s [-V] "
-	    "[-l lifetime] [-s start_time] "
-	    USAGE_BREAK
-	    "[-r renewable_life] "
-	    "[-f | -F" USAGE_LONG_FORWARDABLE "] "
-	    USAGE_BREAK_LONG
-	    "[-p | -P" USAGE_LONG_PROXIABLE "] "
-	    USAGE_BREAK_LONG
-	    "[-a | -A" USAGE_LONG_ADDRESSES "] "
-	    USAGE_BREAK_LONG
-	    "[-C" USAGE_LONG_CANONICALIZE "] "
-	    USAGE_BREAK
-	    "[-E" USAGE_LONG_ENTERPRISE "] "
-	    USAGE_BREAK
-	    "[-v] [-R] "
-	    "[-k [-t keytab_file]] "
-	    "[-c cachename] " 
-	    USAGE_BREAK
-	    "[-S service_name] [-T ticket_armor_cache]"
-	    USAGE_BREAK
-	    "[-X <attribute>[=<value>]] [principal]"
-	    "\n\n", 
-	    progname);
+            "[-l lifetime] [-s start_time] "
+            USAGE_BREAK
+            "[-r renewable_life] "
+            "[-f | -F" USAGE_LONG_FORWARDABLE "] "
+            USAGE_BREAK_LONG
+            "[-p | -P" USAGE_LONG_PROXIABLE "] "
+            USAGE_BREAK_LONG
+            "[-a | -A" USAGE_LONG_ADDRESSES "] "
+            USAGE_BREAK_LONG
+            "[-C" USAGE_LONG_CANONICALIZE "] "
+            USAGE_BREAK
+            "[-E" USAGE_LONG_ENTERPRISE "] "
+            USAGE_BREAK
+            "[-v] [-R] "
+            "[-k [-t keytab_file]] "
+            "[-c cachename] "
+            USAGE_BREAK
+            "[-S service_name] [-T ticket_armor_cache]"
+            USAGE_BREAK
+            "[-X <attribute>[=<value>]] [principal]"
+            "\n\n",
+            progname);
 
     fprintf(stderr, "    options:");
     fprintf(stderr, "\t-V verbose\n");
@@ -230,7 +231,7 @@ usage()
 
 static krb5_context errctx;
 static void extended_com_err_fn (const char *myprog, errcode_t code,
-				 const char *fmt, va_list args)
+                                 const char *fmt, va_list args)
 {
     const char *emsg;
     emsg = krb5_get_error_message (errctx, code);
@@ -247,24 +248,24 @@ add_preauth_opt(struct k_opts *opts, char *av)
     krb5_gic_opt_pa_data *p, *x;
 
     if (opts->num_pa_opts == 0) {
-	opts->pa_opts = malloc(sizeof(krb5_gic_opt_pa_data));
-	if (opts->pa_opts == NULL)
-	    return ENOMEM;
+        opts->pa_opts = malloc(sizeof(krb5_gic_opt_pa_data));
+        if (opts->pa_opts == NULL)
+            return ENOMEM;
     } else {
-	size_t newsize = (opts->num_pa_opts + 1) * sizeof(krb5_gic_opt_pa_data);
-	x = realloc(opts->pa_opts, newsize);
-	if (x == NULL)
-	    return ENOMEM;
-	opts->pa_opts = x;
+        size_t newsize = (opts->num_pa_opts + 1) * sizeof(krb5_gic_opt_pa_data);
+        x = realloc(opts->pa_opts, newsize);
+        if (x == NULL)
+            return ENOMEM;
+        opts->pa_opts = x;
     }
     p = &opts->pa_opts[opts->num_pa_opts];
     sep = strchr(av, '=');
     if (sep) {
-	*sep = '\0';
-	v = ++sep;
-	p->value = v;
+        *sep = '\0';
+        v = ++sep;
+        p->value = v;
     } else {
-	p->value = "yes";
+        p->value = "yes";
     }
     p->attr = av;
     opts->num_pa_opts++;
@@ -282,145 +283,145 @@ parse_options(argc, argv, opts)
     int i;
 
     while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:T:RS:vX:CE"))
-	   != -1) {
-	switch (i) {
-	case 'V':
-	    opts->verbose = 1;
-	    break;
-	case 'l':
-	    /* Lifetime */
-	    code = krb5_string_to_deltat(optarg, &opts->lifetime);
-	    if (code != 0 || opts->lifetime == 0) {
-		fprintf(stderr, "Bad lifetime value %s\n", optarg);
-		errflg++;
-	    }
-	    break;
-	case 'r':
-	    /* Renewable Time */
-	    code = krb5_string_to_deltat(optarg, &opts->rlife);
-	    if (code != 0 || opts->rlife == 0) {
-		fprintf(stderr, "Bad lifetime value %s\n", optarg);
-		errflg++;
-	    }
-	    break;
-	case 'f':
-	    opts->forwardable = 1;
-	    break;
-	case 'F':
-	    opts->not_forwardable = 1;
-	    break;
-	case 'p':
-	    opts->proxiable = 1;
-	    break;
-	case 'P':
-	    opts->not_proxiable = 1;
-	    break;
-	case 'a':
-	    opts->addresses = 1;
-	    break;
-	case 'A':
-	    opts->no_addresses = 1;
-	    break;
-       	case 's':
-	    code = krb5_string_to_deltat(optarg, &opts->starttime);
-	    if (code != 0 || opts->starttime == 0) {
-		krb5_timestamp abs_starttime;
-
-		code = krb5_string_to_timestamp(optarg, &abs_starttime);
-		if (code != 0 || abs_starttime == 0) {
-		    fprintf(stderr, "Bad start time value %s\n", optarg);
-		    errflg++;
-		} else {
-		    opts->starttime = abs_starttime - time(0);
-		}
-	    }
-	    break;
-	case 'S':
-	    opts->service_name = optarg;
-	    break;
-	case 'k':
-	    opts->action = INIT_KT;
-	    break;
-	case 't':
-	    if (opts->keytab_name)
-	    {
-		fprintf(stderr, "Only one -t option allowed.\n");
-		errflg++;
-	    } else {
-		opts->keytab_name = optarg;
-	    }
-	    break;
-	case 'T':
-	    if (opts->armor_ccache) {
-		fprintf(stderr, "Only one armor_ccache\n");
-		errflg++;
-	    } else opts->armor_ccache = optarg;
-	    break;
-	case 'R':
-	    opts->action = RENEW;
-	    break;
-	case 'v':
-	    opts->action = VALIDATE;
-	    break;
-       	case 'c':
-	    if (opts->k5_cache_name)
-	    {
-		fprintf(stderr, "Only one -c option allowed\n");
-		errflg++;
-	    } else {
-		opts->k5_cache_name = optarg;
-	    }
-	    break;
-	case 'X':
-	    code = add_preauth_opt(opts, optarg);
-	    if (code)
-	    {
-		com_err(progname, code, "while adding preauth option");
-		errflg++;
-	    }
-	    break;
-	case 'C':
-	    opts->canonicalize = 1;
-	    break;
-	case 'E':
-	    opts->enterprise = 1;
-	    break;
-	case '4':
-	    fprintf(stderr, "Kerberos 4 is no longer supported\n");
-	    exit(3);
-	    break;
-	case '5':
-	    break;
-	default:
-	    errflg++;
-	    break;
-	}
+           != -1) {
+        switch (i) {
+        case 'V':
+            opts->verbose = 1;
+            break;
+        case 'l':
+            /* Lifetime */
+            code = krb5_string_to_deltat(optarg, &opts->lifetime);
+            if (code != 0 || opts->lifetime == 0) {
+                fprintf(stderr, "Bad lifetime value %s\n", optarg);
+                errflg++;
+            }
+            break;
+        case 'r':
+            /* Renewable Time */
+            code = krb5_string_to_deltat(optarg, &opts->rlife);
+            if (code != 0 || opts->rlife == 0) {
+                fprintf(stderr, "Bad lifetime value %s\n", optarg);
+                errflg++;
+            }
+            break;
+        case 'f':
+            opts->forwardable = 1;
+            break;
+        case 'F':
+            opts->not_forwardable = 1;
+            break;
+        case 'p':
+            opts->proxiable = 1;
+            break;
+        case 'P':
+            opts->not_proxiable = 1;
+            break;
+        case 'a':
+            opts->addresses = 1;
+            break;
+        case 'A':
+            opts->no_addresses = 1;
+            break;
+        case 's':
+            code = krb5_string_to_deltat(optarg, &opts->starttime);
+            if (code != 0 || opts->starttime == 0) {
+                krb5_timestamp abs_starttime;
+
+                code = krb5_string_to_timestamp(optarg, &abs_starttime);
+                if (code != 0 || abs_starttime == 0) {
+                    fprintf(stderr, "Bad start time value %s\n", optarg);
+                    errflg++;
+                } else {
+                    opts->starttime = abs_starttime - time(0);
+                }
+            }
+            break;
+        case 'S':
+            opts->service_name = optarg;
+            break;
+        case 'k':
+            opts->action = INIT_KT;
+            break;
+        case 't':
+            if (opts->keytab_name)
+            {
+                fprintf(stderr, "Only one -t option allowed.\n");
+                errflg++;
+            } else {
+                opts->keytab_name = optarg;
+            }
+            break;
+        case 'T':
+            if (opts->armor_ccache) {
+                fprintf(stderr, "Only one armor_ccache\n");
+                errflg++;
+            } else opts->armor_ccache = optarg;
+            break;
+        case 'R':
+            opts->action = RENEW;
+            break;
+        case 'v':
+            opts->action = VALIDATE;
+            break;
+        case 'c':
+            if (opts->k5_cache_name)
+            {
+                fprintf(stderr, "Only one -c option allowed\n");
+                errflg++;
+            } else {
+                opts->k5_cache_name = optarg;
+            }
+            break;
+        case 'X':
+            code = add_preauth_opt(opts, optarg);
+            if (code)
+            {
+                com_err(progname, code, "while adding preauth option");
+                errflg++;
+            }
+            break;
+        case 'C':
+            opts->canonicalize = 1;
+            break;
+        case 'E':
+            opts->enterprise = 1;
+            break;
+        case '4':
+            fprintf(stderr, "Kerberos 4 is no longer supported\n");
+            exit(3);
+            break;
+        case '5':
+            break;
+        default:
+            errflg++;
+            break;
+        }
     }
 
     if (opts->forwardable && opts->not_forwardable)
     {
-	fprintf(stderr, "Only one of -f and -F allowed\n");
-	errflg++;
+        fprintf(stderr, "Only one of -f and -F allowed\n");
+        errflg++;
     }
     if (opts->proxiable && opts->not_proxiable)
     {
-	fprintf(stderr, "Only one of -p and -P allowed\n");
-	errflg++;
+        fprintf(stderr, "Only one of -p and -P allowed\n");
+        errflg++;
     }
     if (opts->addresses && opts->no_addresses)
     {
-	fprintf(stderr, "Only one of -a and -A allowed\n");
-	errflg++;
+        fprintf(stderr, "Only one of -a and -A allowed\n");
+        errflg++;
     }
 
     if (argc - optind > 1) {
-	fprintf(stderr, "Extra arguments (starting with \"%s\").\n",
-		argv[optind+1]);
-	errflg++;
+        fprintf(stderr, "Extra arguments (starting with \"%s\").\n",
+                argv[optind+1]);
+        errflg++;
     }
 
     if (errflg) {
-	usage();
+        usage();
     }
 
     opts->principal_name = (optind == argc-1) ? argv[optind] : 0;
@@ -437,86 +438,86 @@ k5_begin(opts, k5)
 
     code = krb5_init_context(&k5->ctx);
     if (code) {
-	com_err(progname, code, "while initializing Kerberos 5 library");
-	return 0;
+        com_err(progname, code, "while initializing Kerberos 5 library");
+        return 0;
     }
     errctx = k5->ctx;
     if (opts->k5_cache_name)
     {
-	code = krb5_cc_resolve(k5->ctx, opts->k5_cache_name, &k5->cc);
-	if (code != 0) {
-	    com_err(progname, code, "resolving ccache %s",
-		    opts->k5_cache_name);
-	    return 0;
-	}
-    } 
+        code = krb5_cc_resolve(k5->ctx, opts->k5_cache_name, &k5->cc);
+        if (code != 0) {
+            com_err(progname, code, "resolving ccache %s",
+                    opts->k5_cache_name);
+            return 0;
+        }
+    }
     else
     {
-	if ((code = krb5_cc_default(k5->ctx, &k5->cc))) {
-	    com_err(progname, code, "while getting default ccache");
-	    return 0;
-	}
+        if ((code = krb5_cc_default(k5->ctx, &k5->cc))) {
+            com_err(progname, code, "while getting default ccache");
+            return 0;
+        }
     }
 
     if (opts->principal_name)
     {
-	/* Use specified name */
-	if ((code = krb5_parse_name_flags(k5->ctx, opts->principal_name, 
-					  flags, &k5->me))) {
-	    com_err(progname, code, "when parsing name %s", 
-		    opts->principal_name);
-	    return 0;
-	}
+        /* Use specified name */
+        if ((code = krb5_parse_name_flags(k5->ctx, opts->principal_name,
+                                          flags, &k5->me))) {
+            com_err(progname, code, "when parsing name %s",
+                    opts->principal_name);
+            return 0;
+        }
     }
     else
     {
-	/* No principal name specified */
-	if (opts->action == INIT_KT) {
-	    /* Use the default host/service name */
-	  code = krb5_sname_to_principal(k5->ctx, NULL, NULL,
-					 KRB5_NT_SRV_HST, &k5->me);
-	  if (code) {
-	    com_err(progname, code,
-		    "when creating default server principal name");
-	    return 0;
-	  }
-	  if (k5->me->realm.data[0] == 0) {
-	      code = krb5_unparse_name(k5->ctx, k5->me, &k5->name);
-	      if (code == 0)
-		  com_err(progname, KRB5_ERR_HOST_REALM_UNKNOWN,
-			  "(principal %s)", k5->name);
-	      else
-		  com_err(progname, KRB5_ERR_HOST_REALM_UNKNOWN,
-			  "for local services");
-	      return 0;
-	  }
-	} else {
-	  /* Get default principal from cache if one exists */
-	  code = krb5_cc_get_principal(k5->ctx, k5->cc, 
-				       &k5->me);
-	  if (code)
-	    {
-	      char *name = get_name_from_os();
-	      if (!name)
-		{
-		  fprintf(stderr, "Unable to identify user\n");
-		  return 0;
-		}
-	      if ((code = krb5_parse_name_flags(k5->ctx, name, 
-					        flags, &k5->me)))
-		{
-		  com_err(progname, code, "when parsing name %s", 
-			  name);
-		  return 0;
-		}
-	    }
-	}
+        /* No principal name specified */
+        if (opts->action == INIT_KT) {
+            /* Use the default host/service name */
+            code = krb5_sname_to_principal(k5->ctx, NULL, NULL,
+                                           KRB5_NT_SRV_HST, &k5->me);
+            if (code) {
+                com_err(progname, code,
+                        "when creating default server principal name");
+                return 0;
+            }
+            if (k5->me->realm.data[0] == 0) {
+                code = krb5_unparse_name(k5->ctx, k5->me, &k5->name);
+                if (code == 0)
+                    com_err(progname, KRB5_ERR_HOST_REALM_UNKNOWN,
+                            "(principal %s)", k5->name);
+                else
+                    com_err(progname, KRB5_ERR_HOST_REALM_UNKNOWN,
+                            "for local services");
+                return 0;
+            }
+        } else {
+            /* Get default principal from cache if one exists */
+            code = krb5_cc_get_principal(k5->ctx, k5->cc,
+                                         &k5->me);
+            if (code)
+            {
+                char *name = get_name_from_os();
+                if (!name)
+                {
+                    fprintf(stderr, "Unable to identify user\n");
+                    return 0;
+                }
+                if ((code = krb5_parse_name_flags(k5->ctx, name,
+                                                  flags, &k5->me)))
+                {
+                    com_err(progname, code, "when parsing name %s",
+                            name);
+                    return 0;
+                }
+            }
+        }
     }
 
     code = krb5_unparse_name(k5->ctx, k5->me, &k5->name);
     if (code) {
-	com_err(progname, code, "when unparsing name");
-	return 0;
+        com_err(progname, code, "when unparsing name");
+        return 0;
     }
     opts->principal_name = k5->name;
 
@@ -528,13 +529,13 @@ k5_end(k5)
     struct k5_data* k5;
 {
     if (k5->name)
-	krb5_free_unparsed_name(k5->ctx, k5->name);
+        krb5_free_unparsed_name(k5->ctx, k5->name);
     if (k5->me)
-	krb5_free_principal(k5->ctx, k5->me);
+        krb5_free_principal(k5->ctx, k5->me);
     if (k5->cc)
-	krb5_cc_close(k5->ctx, k5->cc);
+        krb5_cc_close(k5->ctx, k5->cc);
     if (k5->ctx)
-	krb5_free_context(k5->ctx);
+        krb5_free_context(k5->ctx);
     errctx = NULL;
     memset(k5, 0, sizeof(*k5));
 }
@@ -548,10 +549,10 @@ kinit_prompter(
     const char *banner,
     int num_prompts,
     krb5_prompt prompts[]
-    )
+)
 {
     krb5_error_code rc =
-	krb5_prompter_posix(ctx, data, name, banner, num_prompts, prompts);
+        krb5_prompter_posix(ctx, data, name, banner, num_prompts, prompts);
     return rc;
 }
 
@@ -571,7 +572,7 @@ k5_kinit(opts, k5)
 
     code = krb5_get_init_creds_opt_alloc(k5->ctx, &options);
     if (code)
-	goto cleanup;
+        goto cleanup;
 
     /*
       From this point on, we can goto cleanup because my_creds is
@@ -579,134 +580,134 @@ k5_kinit(opts, k5)
     */
 
     if (opts->lifetime)
-	krb5_get_init_creds_opt_set_tkt_life(options, opts->lifetime);
+        krb5_get_init_creds_opt_set_tkt_life(options, opts->lifetime);
     if (opts->rlife)
-	krb5_get_init_creds_opt_set_renew_life(options, opts->rlife);
+        krb5_get_init_creds_opt_set_renew_life(options, opts->rlife);
     if (opts->forwardable)
-	krb5_get_init_creds_opt_set_forwardable(options, 1);
+        krb5_get_init_creds_opt_set_forwardable(options, 1);
     if (opts->not_forwardable)
-	krb5_get_init_creds_opt_set_forwardable(options, 0);
+        krb5_get_init_creds_opt_set_forwardable(options, 0);
     if (opts->proxiable)
-	krb5_get_init_creds_opt_set_proxiable(options, 1);
+        krb5_get_init_creds_opt_set_proxiable(options, 1);
     if (opts->not_proxiable)
-	krb5_get_init_creds_opt_set_proxiable(options, 0);
+        krb5_get_init_creds_opt_set_proxiable(options, 0);
     if (opts->canonicalize)
-	krb5_get_init_creds_opt_set_canonicalize(options, 1);
+        krb5_get_init_creds_opt_set_canonicalize(options, 1);
     if (opts->addresses)
     {
-	krb5_address **addresses = NULL;
-	code = krb5_os_localaddr(k5->ctx, &addresses);
-	if (code != 0) {
-	    com_err(progname, code, "getting local addresses");
-	    goto cleanup;
-	}
-	krb5_get_init_creds_opt_set_address_list(options, addresses);
+        krb5_address **addresses = NULL;
+        code = krb5_os_localaddr(k5->ctx, &addresses);
+        if (code != 0) {
+            com_err(progname, code, "getting local addresses");
+            goto cleanup;
+        }
+        krb5_get_init_creds_opt_set_address_list(options, addresses);
     }
     if (opts->no_addresses)
-	krb5_get_init_creds_opt_set_address_list(options, NULL);
+        krb5_get_init_creds_opt_set_address_list(options, NULL);
     if (opts->armor_ccache)
-    krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, opts->armor_ccache);
-						 
+        krb5_get_init_creds_opt_set_fast_ccache_name(k5->ctx, options, opts->armor_ccache);
+
 
     if ((opts->action == INIT_KT) && opts->keytab_name)
     {
-	code = krb5_kt_resolve(k5->ctx, opts->keytab_name, &keytab);
-	if (code != 0) {
-	    com_err(progname, code, "resolving keytab %s", 
-		    opts->keytab_name);
-	    goto cleanup;
-	}
+        code = krb5_kt_resolve(k5->ctx, opts->keytab_name, &keytab);
+        if (code != 0) {
+            com_err(progname, code, "resolving keytab %s",
+                    opts->keytab_name);
+            goto cleanup;
+        }
     }
 
     for (i = 0; i < opts->num_pa_opts; i++) {
-	code = krb5_get_init_creds_opt_set_pa(k5->ctx, options,
-					      opts->pa_opts[i].attr,
-					      opts->pa_opts[i].value);
-	if (code != 0) {
-	    com_err(progname, code, "while setting '%s'='%s'",
-		    opts->pa_opts[i].attr, opts->pa_opts[i].value);
-	    goto cleanup;
-	}
+        code = krb5_get_init_creds_opt_set_pa(k5->ctx, options,
+                                              opts->pa_opts[i].attr,
+                                              opts->pa_opts[i].value);
+        if (code != 0) {
+            com_err(progname, code, "while setting '%s'='%s'",
+                    opts->pa_opts[i].attr, opts->pa_opts[i].value);
+            goto cleanup;
+        }
     }
 
     switch (opts->action) {
     case INIT_PW:
-	code = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me,
-					    0, kinit_prompter, 0,
-					    opts->starttime, 
-					    opts->service_name,
-					    options);
-	break;
+        code = krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me,
+                                            0, kinit_prompter, 0,
+                                            opts->starttime,
+                                            opts->service_name,
+                                            options);
+        break;
     case INIT_KT:
-	code = krb5_get_init_creds_keytab(k5->ctx, &my_creds, k5->me,
-					  keytab,
-					  opts->starttime, 
-					  opts->service_name,
-					  options);
-	break;
+        code = krb5_get_init_creds_keytab(k5->ctx, &my_creds, k5->me,
+                                          keytab,
+                                          opts->starttime,
+                                          opts->service_name,
+                                          options);
+        break;
     case VALIDATE:
-	code = krb5_get_validated_creds(k5->ctx, &my_creds, k5->me, k5->cc,
-					opts->service_name);
-	break;
+        code = krb5_get_validated_creds(k5->ctx, &my_creds, k5->me, k5->cc,
+                                        opts->service_name);
+        break;
     case RENEW:
-	code = krb5_get_renewed_creds(k5->ctx, &my_creds, k5->me, k5->cc,
-				      opts->service_name);
-	break;
+        code = krb5_get_renewed_creds(k5->ctx, &my_creds, k5->me, k5->cc,
+                                      opts->service_name);
+        break;
     }
 
     if (code) {
-	char *doing = 0;
-	switch (opts->action) {
-	case INIT_PW:
-	case INIT_KT:
-	    doing = "getting initial credentials";
-	    break;
-	case VALIDATE:
-	    doing = "validating credentials";
-	    break;
-	case RENEW:
-	    doing = "renewing credentials";
-	    break;
-	}
-
-	if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-	    fprintf(stderr, "%s: Password incorrect while %s\n", progname,
-		    doing);
-	else
-	    com_err(progname, code, "while %s", doing);
-	goto cleanup;
+        char *doing = 0;
+        switch (opts->action) {
+        case INIT_PW:
+        case INIT_KT:
+            doing = "getting initial credentials";
+            break;
+        case VALIDATE:
+            doing = "validating credentials";
+            break;
+        case RENEW:
+            doing = "renewing credentials";
+            break;
+        }
+
+        if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+            fprintf(stderr, "%s: Password incorrect while %s\n", progname,
+                    doing);
+        else
+            com_err(progname, code, "while %s", doing);
+        goto cleanup;
     }
 
     code = krb5_cc_initialize(k5->ctx, k5->cc,
-			      opts->canonicalize ? my_creds.client : k5->me);
+                              opts->canonicalize ? my_creds.client : k5->me);
     if (code) {
-	com_err(progname, code, "when initializing cache %s",
-		opts->k5_cache_name?opts->k5_cache_name:"");
-	goto cleanup;
+        com_err(progname, code, "when initializing cache %s",
+                opts->k5_cache_name?opts->k5_cache_name:"");
+        goto cleanup;
     }
 
     code = krb5_cc_store_cred(k5->ctx, k5->cc, &my_creds);
     if (code) {
-	com_err(progname, code, "while storing credentials");
-	goto cleanup;
+        com_err(progname, code, "while storing credentials");
+        goto cleanup;
     }
 
     notix = 0;
 
- cleanup:
+cleanup:
     if (options)
-	krb5_get_init_creds_opt_free(k5->ctx, options);
+        krb5_get_init_creds_opt_free(k5->ctx, options);
     if (my_creds.client == k5->me) {
-	my_creds.client = 0;
+        my_creds.client = 0;
     }
     if (opts->pa_opts) {
-	free(opts->pa_opts);
-	opts->pa_opts = NULL;
-	opts->num_pa_opts = 0;
+        free(opts->pa_opts);
+        opts->pa_opts = NULL;
+        opts->num_pa_opts = 0;
     }
     krb5_free_cred_contents(k5->ctx, &my_creds);
     if (keytab)
-	krb5_kt_close(k5->ctx, keytab);
+        krb5_kt_close(k5->ctx, keytab);
     return notix?0:1;
 }
 
@@ -723,11 +724,11 @@ main(argc, argv)
 
     /* Ensure we can be driven from a pipe */
     if(!isatty(fileno(stdin)))
-	setvbuf(stdin, 0, _IONBF, 0);
+        setvbuf(stdin, 0, _IONBF, 0);
     if(!isatty(fileno(stdout)))
-	setvbuf(stdout, 0, _IONBF, 0);
+        setvbuf(stdout, 0, _IONBF, 0);
     if(!isatty(fileno(stderr)))
-	setvbuf(stderr, 0, _IONBF, 0);
+        setvbuf(stderr, 0, _IONBF, 0);
 
     memset(&opts, 0, sizeof(opts));
     opts.action = INIT_PW;
@@ -739,14 +740,14 @@ main(argc, argv)
     parse_options(argc, argv, &opts);
 
     if (k5_begin(&opts, &k5))
-	authed_k5 = k5_kinit(&opts, &k5);
+        authed_k5 = k5_kinit(&opts, &k5);
 
     if (authed_k5 && opts.verbose)
-	fprintf(stderr, "Authenticated to Kerberos v5\n");
+        fprintf(stderr, "Authenticated to Kerberos v5\n");
 
     k5_end(&k5);
 
     if (!authed_k5)
-	exit(1);
+        exit(1);
     return 0;
 }
diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index 9e93f7b35..1a6309eb1 100644
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * clients/klist/klist.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * List out the contents of your credential cache or keytab.
  */
@@ -67,7 +68,7 @@ krb5_context kcontext;
 
 char * etype_string (krb5_enctype );
 void show_credential (krb5_creds *);
-	
+
 void do_ccache (char *);
 void do_keytab (char *);
 void printtime (time_t);
@@ -83,7 +84,7 @@ static void usage()
 #define KRB_AVAIL_STRING(x) ((x)?"available":"not available")
 
     fprintf(stderr, "Usage: %s [-e] [-V] [[-c] [-d] [-f] [-s] [-a [-n]]] %s",
-	     progname, "[-k [-t] [-K]] [name]\n"); 
+            progname, "[-k [-t] [-K]] [name]\n");
     fprintf(stderr, "\t-c specifies credentials cache\n");
     fprintf(stderr, "\t-k specifies keytab\n");
     fprintf(stderr, "\t   (Default is credentials cache)\n");
@@ -116,194 +117,194 @@ main(argc, argv)
     mode = DEFAULT;
     /* V=version so v can be used for verbose later if desired.  */
     while ((c = getopt(argc, argv, "dfetKsnack45V")) != -1) {
-	switch (c) {
-	case 'd':
-	    show_adtype = 1;
-	    break;
-	case 'f':
-	    show_flags = 1;
-	    break;
-	case 'e':
-	    show_etype = 1;
-	    break;
-	case 't':
-	    show_time = 1;
-	    break;
-	case 'K':
-	    show_keys = 1;
-	    break;
-	case 's':
-	    status_only = 1;
-	    break;
-	case 'n':
-	    no_resolve = 1;
-	    break;
-	case 'a':
-	    show_addresses = 1;
-	    break;
-	case 'c':
-	    if (mode != DEFAULT) usage();
-	    mode = CCACHE;
-	    break;
-	case 'k':
-	    if (mode != DEFAULT) usage();
-	    mode = KEYTAB;
-	    break;
-	case '4':
-	    fprintf(stderr, "Kerberos 4 is no longer supported\n");
-	    exit(3);
-	    break;
-	case '5':
-	    break;
-	case 'V':
-	    print_version = 1;
-	    break;
-	default:
-	    usage();
-	    break;
-	}
+        switch (c) {
+        case 'd':
+            show_adtype = 1;
+            break;
+        case 'f':
+            show_flags = 1;
+            break;
+        case 'e':
+            show_etype = 1;
+            break;
+        case 't':
+            show_time = 1;
+            break;
+        case 'K':
+            show_keys = 1;
+            break;
+        case 's':
+            status_only = 1;
+            break;
+        case 'n':
+            no_resolve = 1;
+            break;
+        case 'a':
+            show_addresses = 1;
+            break;
+        case 'c':
+            if (mode != DEFAULT) usage();
+            mode = CCACHE;
+            break;
+        case 'k':
+            if (mode != DEFAULT) usage();
+            mode = KEYTAB;
+            break;
+        case '4':
+            fprintf(stderr, "Kerberos 4 is no longer supported\n");
+            exit(3);
+            break;
+        case '5':
+            break;
+        case 'V':
+            print_version = 1;
+            break;
+        default:
+            usage();
+            break;
+        }
     }
 
     if (no_resolve && !show_addresses) {
-	usage();
+        usage();
     }
 
     if (mode == DEFAULT || mode == CCACHE) {
-	if (show_time || show_keys)
-	    usage();
+        if (show_time || show_keys)
+            usage();
     } else {
-	if (show_flags || status_only || show_addresses)
-	    usage();
+        if (show_flags || status_only || show_addresses)
+            usage();
     }
 
     if (argc - optind > 1) {
-	fprintf(stderr, "Extra arguments (starting with \"%s\").\n",
-		argv[optind+1]);
-	usage();
+        fprintf(stderr, "Extra arguments (starting with \"%s\").\n",
+                argv[optind+1]);
+        usage();
     }
 
     if (print_version) {
-	printf("%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION);
-	exit(0);
+        printf("%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION);
+        exit(0);
     }
 
     name = (optind == argc-1) ? argv[optind] : 0;
 
     now = time(0);
     {
-	char tmp[BUFSIZ];
-
-	if (!krb5_timestamp_to_sfstring(now, tmp, 20, (char *) NULL) ||
-	    !krb5_timestamp_to_sfstring(now, tmp, sizeof(tmp), 
-					(char *) NULL))
-	    timestamp_width = (int) strlen(tmp);
-	else
-	    timestamp_width = 15;
+        char tmp[BUFSIZ];
+
+        if (!krb5_timestamp_to_sfstring(now, tmp, 20, (char *) NULL) ||
+            !krb5_timestamp_to_sfstring(now, tmp, sizeof(tmp),
+                                        (char *) NULL))
+            timestamp_width = (int) strlen(tmp);
+        else
+            timestamp_width = 15;
     }
 
     {
-	krb5_error_code retval;
-	retval = krb5_init_context(&kcontext);
-	if (retval) {
-	    com_err(progname, retval, "while initializing krb5");
-	    exit(1);
-	}
-
-	if (mode == DEFAULT || mode == CCACHE)
-	    do_ccache(name);
-	else
-	    do_keytab(name);
+        krb5_error_code retval;
+        retval = krb5_init_context(&kcontext);
+        if (retval) {
+            com_err(progname, retval, "while initializing krb5");
+            exit(1);
+        }
+
+        if (mode == DEFAULT || mode == CCACHE)
+            do_ccache(name);
+        else
+            do_keytab(name);
     }
 
     return 0;
-}    
+}
 
 void do_keytab(name)
-   char *name;
+    char *name;
 {
-     krb5_keytab kt;
-     krb5_keytab_entry entry;
-     krb5_kt_cursor cursor;
-     char buf[BUFSIZ]; /* hopefully large enough for any type */
-     char *pname;
-     int code;
-     
-     if (name == NULL) {
-	  if ((code = krb5_kt_default(kcontext, &kt))) {
-	       com_err(progname, code, "while getting default keytab");
-	       exit(1);
-	  }
-     } else {
-	  if ((code = krb5_kt_resolve(kcontext, name, &kt))) {
-	       com_err(progname, code, "while resolving keytab %s",
-		       name);
-	       exit(1);
-	  }
-     }
-
-     if ((code = krb5_kt_get_name(kcontext, kt, buf, BUFSIZ))) {
-	  com_err(progname, code, "while getting keytab name");
-	  exit(1);
-     }
-
-     printf("Keytab name: %s\n", buf);
-     
-     if ((code = krb5_kt_start_seq_get(kcontext, kt, &cursor))) {
-	  com_err(progname, code, "while starting keytab scan");
-	  exit(1);
-     }
-
-     if (show_time) {
-	  printf("KVNO Timestamp");
-	  fillit(stdout, timestamp_width - sizeof("Timestamp") + 2, (int) ' ');
-	  printf("Principal\n");
-	  printf("---- ");
-	  fillit(stdout, timestamp_width, (int) '-');
-	  printf(" ");
-	  fillit(stdout, 78 - timestamp_width - sizeof("KVNO"), (int) '-');
-	  printf("\n");
-     } else {
-	  printf("KVNO Principal\n");
-	  printf("---- --------------------------------------------------------------------------\n");
-     }
-     
-     while ((code = krb5_kt_next_entry(kcontext, kt, &entry, &cursor)) == 0) {
-	  if ((code = krb5_unparse_name(kcontext, entry.principal, &pname))) {
-	       com_err(progname, code, "while unparsing principal name");
-	       exit(1);
-	  }
-	  printf("%4d ", entry.vno);
-	  if (show_time) {
-	       printtime(entry.timestamp);
-	       printf(" ");
-	  }
-	  printf("%s", pname);
-	  if (show_etype)
-	      printf(" (%s) " , etype_string(entry.key.enctype));
-	  if (show_keys) {
-	       printf(" (0x");
-	       {
-		    int i;
-		    for (i = 0; i < entry.key.length; i++)
-			 printf("%02x", entry.key.contents[i]);
-	       }
-	       printf(")");
-	  }
-	  printf("\n");
-	  krb5_free_unparsed_name(kcontext, pname);
-     }
-     if (code && code != KRB5_KT_END) {
-	  com_err(progname, code, "while scanning keytab");
-	  exit(1);
-     }
-     if ((code = krb5_kt_end_seq_get(kcontext, kt, &cursor))) {
-	  com_err(progname, code, "while ending keytab scan");
-	  exit(1);
-     }
-     exit(0);
+    krb5_keytab kt;
+    krb5_keytab_entry entry;
+    krb5_kt_cursor cursor;
+    char buf[BUFSIZ]; /* hopefully large enough for any type */
+    char *pname;
+    int code;
+
+    if (name == NULL) {
+        if ((code = krb5_kt_default(kcontext, &kt))) {
+            com_err(progname, code, "while getting default keytab");
+            exit(1);
+        }
+    } else {
+        if ((code = krb5_kt_resolve(kcontext, name, &kt))) {
+            com_err(progname, code, "while resolving keytab %s",
+                    name);
+            exit(1);
+        }
+    }
+
+    if ((code = krb5_kt_get_name(kcontext, kt, buf, BUFSIZ))) {
+        com_err(progname, code, "while getting keytab name");
+        exit(1);
+    }
+
+    printf("Keytab name: %s\n", buf);
+
+    if ((code = krb5_kt_start_seq_get(kcontext, kt, &cursor))) {
+        com_err(progname, code, "while starting keytab scan");
+        exit(1);
+    }
+
+    if (show_time) {
+        printf("KVNO Timestamp");
+        fillit(stdout, timestamp_width - sizeof("Timestamp") + 2, (int) ' ');
+        printf("Principal\n");
+        printf("---- ");
+        fillit(stdout, timestamp_width, (int) '-');
+        printf(" ");
+        fillit(stdout, 78 - timestamp_width - sizeof("KVNO"), (int) '-');
+        printf("\n");
+    } else {
+        printf("KVNO Principal\n");
+        printf("---- --------------------------------------------------------------------------\n");
+    }
+
+    while ((code = krb5_kt_next_entry(kcontext, kt, &entry, &cursor)) == 0) {
+        if ((code = krb5_unparse_name(kcontext, entry.principal, &pname))) {
+            com_err(progname, code, "while unparsing principal name");
+            exit(1);
+        }
+        printf("%4d ", entry.vno);
+        if (show_time) {
+            printtime(entry.timestamp);
+            printf(" ");
+        }
+        printf("%s", pname);
+        if (show_etype)
+            printf(" (%s) " , etype_string(entry.key.enctype));
+        if (show_keys) {
+            printf(" (0x");
+            {
+                int i;
+                for (i = 0; i < entry.key.length; i++)
+                    printf("%02x", entry.key.contents[i]);
+            }
+            printf(")");
+        }
+        printf("\n");
+        krb5_free_unparsed_name(kcontext, pname);
+    }
+    if (code && code != KRB5_KT_END) {
+        com_err(progname, code, "while scanning keytab");
+        exit(1);
+    }
+    if ((code = krb5_kt_end_seq_get(kcontext, kt, &cursor))) {
+        com_err(progname, code, "while ending keytab scan");
+        exit(1);
+    }
+    exit(0);
 }
 void do_ccache(name)
-   char *name;
+    char *name;
 {
     krb5_ccache cache = NULL;
     krb5_cc_cursor cur;
@@ -311,111 +312,111 @@ void do_ccache(name)
     krb5_principal princ;
     krb5_flags flags;
     krb5_error_code code;
-    int	exit_status = 0;
-	    
+    int exit_status = 0;
+
     if (status_only)
-	/* exit_status is set back to 0 if a valid tgt is found */
-	exit_status = 1;
+        /* exit_status is set back to 0 if a valid tgt is found */
+        exit_status = 1;
 
     if (name == NULL) {
-	if ((code = krb5_cc_default(kcontext, &cache))) {
-	    if (!status_only)
-		com_err(progname, code, "while getting default ccache");
-	    exit(1);
-	    }
+        if ((code = krb5_cc_default(kcontext, &cache))) {
+            if (!status_only)
+                com_err(progname, code, "while getting default ccache");
+            exit(1);
+        }
     } else {
-	if ((code = krb5_cc_resolve(kcontext, name, &cache))) {
-	    if (!status_only)
-		com_err(progname, code, "while resolving ccache %s",
-			name);
-	    exit(1);
-	}
-    }
- 
-    flags = 0;				/* turns off OPENCLOSE mode */
+        if ((code = krb5_cc_resolve(kcontext, name, &cache))) {
+            if (!status_only)
+                com_err(progname, code, "while resolving ccache %s",
+                        name);
+            exit(1);
+        }
+    }
+
+    flags = 0;                          /* turns off OPENCLOSE mode */
     if ((code = krb5_cc_set_flags(kcontext, cache, flags))) {
-	if (code == KRB5_FCC_NOFILE) {
-	    if (!status_only) {
-		com_err(progname, code, "(ticket cache %s:%s)",
-			krb5_cc_get_type(kcontext, cache),
-			krb5_cc_get_name(kcontext, cache));
+        if (code == KRB5_FCC_NOFILE) {
+            if (!status_only) {
+                com_err(progname, code, "(ticket cache %s:%s)",
+                        krb5_cc_get_type(kcontext, cache),
+                        krb5_cc_get_name(kcontext, cache));
 #ifdef KRB5_KRB4_COMPAT
-		if (name == NULL)
-		    do_v4_ccache(0);
+                if (name == NULL)
+                    do_v4_ccache(0);
 #endif
-	    }
-	} else {
-	    if (!status_only)
-		com_err(progname, code,
-			"while setting cache flags (ticket cache %s:%s)",
-			krb5_cc_get_type(kcontext, cache),
-			krb5_cc_get_name(kcontext, cache));
-	}
-	exit(1);
+            }
+        } else {
+            if (!status_only)
+                com_err(progname, code,
+                        "while setting cache flags (ticket cache %s:%s)",
+                        krb5_cc_get_type(kcontext, cache),
+                        krb5_cc_get_name(kcontext, cache));
+        }
+        exit(1);
     }
     if ((code = krb5_cc_get_principal(kcontext, cache, &princ))) {
-	if (!status_only)
-	    com_err(progname, code, "while retrieving principal name");
-	exit(1);
+        if (!status_only)
+            com_err(progname, code, "while retrieving principal name");
+        exit(1);
     }
     if ((code = krb5_unparse_name(kcontext, princ, &defname))) {
-	if (!status_only)
-	    com_err(progname, code, "while unparsing principal name");
-	exit(1);
+        if (!status_only)
+            com_err(progname, code, "while unparsing principal name");
+        exit(1);
     }
     if (!status_only) {
-	printf("Ticket cache: %s:%s\nDefault principal: %s\n\n",
-	       krb5_cc_get_type(kcontext, cache),
-	       krb5_cc_get_name(kcontext, cache), defname);
-	fputs("Valid starting", stdout);
-	fillit(stdout, timestamp_width - sizeof("Valid starting") + 3,
-	       (int) ' ');
-	fputs("Expires", stdout);
-	fillit(stdout, timestamp_width - sizeof("Expires") + 3,
-	       (int) ' ');
-	fputs("Service principal\n", stdout);
+        printf("Ticket cache: %s:%s\nDefault principal: %s\n\n",
+               krb5_cc_get_type(kcontext, cache),
+               krb5_cc_get_name(kcontext, cache), defname);
+        fputs("Valid starting", stdout);
+        fillit(stdout, timestamp_width - sizeof("Valid starting") + 3,
+               (int) ' ');
+        fputs("Expires", stdout);
+        fillit(stdout, timestamp_width - sizeof("Expires") + 3,
+               (int) ' ');
+        fputs("Service principal\n", stdout);
     }
     if ((code = krb5_cc_start_seq_get(kcontext, cache, &cur))) {
-	if (!status_only)
-	    com_err(progname, code, "while starting to retrieve tickets");
-	exit(1);
+        if (!status_only)
+            com_err(progname, code, "while starting to retrieve tickets");
+        exit(1);
     }
     while (!(code = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) {
-	if (status_only) {
-	    if (exit_status && creds.server->length == 2 &&
-		strcmp(creds.server->realm.data, princ->realm.data) == 0 &&
-		strcmp((char *)creds.server->data[0].data, "krbtgt") == 0 &&
-		strcmp((char *)creds.server->data[1].data,
-		       princ->realm.data) == 0 && 
-		creds.times.endtime > now)
-		exit_status = 0;
-	} else {
-	    show_credential(&creds);
-	}
-	krb5_free_cred_contents(kcontext, &creds);
+        if (status_only) {
+            if (exit_status && creds.server->length == 2 &&
+                strcmp(creds.server->realm.data, princ->realm.data) == 0 &&
+                strcmp((char *)creds.server->data[0].data, "krbtgt") == 0 &&
+                strcmp((char *)creds.server->data[1].data,
+                       princ->realm.data) == 0 &&
+                creds.times.endtime > now)
+                exit_status = 0;
+        } else {
+            show_credential(&creds);
+        }
+        krb5_free_cred_contents(kcontext, &creds);
     }
     if (code == KRB5_CC_END) {
-	if ((code = krb5_cc_end_seq_get(kcontext, cache, &cur))) {
-	    if (!status_only)
-		com_err(progname, code, "while finishing ticket retrieval");
-	    exit(1);
-	}
-	flags = KRB5_TC_OPENCLOSE;	/* turns on OPENCLOSE mode */
-	if ((code = krb5_cc_set_flags(kcontext, cache, flags))) {
-	    if (!status_only)
-		com_err(progname, code, "while closing ccache");
-	    exit(1);
-	}
+        if ((code = krb5_cc_end_seq_get(kcontext, cache, &cur))) {
+            if (!status_only)
+                com_err(progname, code, "while finishing ticket retrieval");
+            exit(1);
+        }
+        flags = KRB5_TC_OPENCLOSE;      /* turns on OPENCLOSE mode */
+        if ((code = krb5_cc_set_flags(kcontext, cache, flags))) {
+            if (!status_only)
+                com_err(progname, code, "while closing ccache");
+            exit(1);
+        }
 #ifdef KRB5_KRB4_COMPAT
-	if (name == NULL && !status_only)
-	    do_v4_ccache(0);
+        if (name == NULL && !status_only)
+            do_v4_ccache(0);
 #endif
-	exit(exit_status);
+        exit(exit_status);
     } else {
-	if (!status_only)
-	    com_err(progname, code, "while retrieving a ticket");
-	exit(1);
-    }	
+        if (!status_only)
+            com_err(progname, code, "while retrieving a ticket");
+        exit(1);
+    }
 }
 
 char *
@@ -424,10 +425,10 @@ etype_string(enctype)
 {
     static char buf[100];
     krb5_error_code retval;
-    
+
     if ((retval = krb5_enctype_to_string(enctype, buf, sizeof(buf)))) {
-	/* XXX if there's an error != EINVAL, I should probably report it */
-	snprintf(buf, sizeof(buf), "etype %d", enctype);
+        /* XXX if there's an error != EINVAL, I should probably report it */
+        snprintf(buf, sizeof(buf), "etype %d", enctype);
     }
 
     return buf;
@@ -439,40 +440,40 @@ flags_string(cred)
 {
     static char buf[32];
     int i = 0;
-	
+
     if (cred->ticket_flags & TKT_FLG_FORWARDABLE)
-	buf[i++] = 'F';
+        buf[i++] = 'F';
     if (cred->ticket_flags & TKT_FLG_FORWARDED)
-	buf[i++] = 'f';
+        buf[i++] = 'f';
     if (cred->ticket_flags & TKT_FLG_PROXIABLE)
-	buf[i++] = 'P';
+        buf[i++] = 'P';
     if (cred->ticket_flags & TKT_FLG_PROXY)
-	buf[i++] = 'p';
+        buf[i++] = 'p';
     if (cred->ticket_flags & TKT_FLG_MAY_POSTDATE)
-	buf[i++] = 'D';
+        buf[i++] = 'D';
     if (cred->ticket_flags & TKT_FLG_POSTDATED)
-	buf[i++] = 'd';
+        buf[i++] = 'd';
     if (cred->ticket_flags & TKT_FLG_INVALID)
-	buf[i++] = 'i';
+        buf[i++] = 'i';
     if (cred->ticket_flags & TKT_FLG_RENEWABLE)
-	buf[i++] = 'R';
+        buf[i++] = 'R';
     if (cred->ticket_flags & TKT_FLG_INITIAL)
-	buf[i++] = 'I';
+        buf[i++] = 'I';
     if (cred->ticket_flags & TKT_FLG_HW_AUTH)
-	buf[i++] = 'H';
+        buf[i++] = 'H';
     if (cred->ticket_flags & TKT_FLG_PRE_AUTH)
-	buf[i++] = 'A';
+        buf[i++] = 'A';
     if (cred->ticket_flags & TKT_FLG_TRANSIT_POLICY_CHECKED)
-	buf[i++] = 'T';
+        buf[i++] = 'T';
     if (cred->ticket_flags & TKT_FLG_OK_AS_DELEGATE)
-	buf[i++] = 'O';		/* D/d are taken.  Use short strings?  */
+        buf[i++] = 'O';         /* D/d are taken.  Use short strings?  */
     if (cred->ticket_flags & TKT_FLG_ANONYMOUS)
-	buf[i++] = 'a';
+        buf[i++] = 'a';
     buf[i] = '\0';
     return(buf);
 }
 
-void 
+void
 printtime(tv)
     time_t tv;
 {
@@ -481,10 +482,10 @@ printtime(tv)
 
     fill = ' ';
     if (!krb5_timestamp_to_sfstring((krb5_timestamp) tv,
-				    timestring,
-				    timestamp_width+1,
-				    &fill)) {
-	printf(timestring);
+                                    timestring,
+                                    timestamp_width+1,
+                                    &fill)) {
+        printf(timestring);
     }
 }
 
@@ -495,21 +496,21 @@ show_credential(cred)
     krb5_error_code retval;
     krb5_ticket *tkt;
     char *name, *sname, *flags;
-    int	extra_field = 0;
+    int extra_field = 0;
 
     retval = krb5_unparse_name(kcontext, cred->client, &name);
     if (retval) {
-	com_err(progname, retval, "while unparsing client name");
-	return;
+        com_err(progname, retval, "while unparsing client name");
+        return;
     }
     retval = krb5_unparse_name(kcontext, cred->server, &sname);
     if (retval) {
-	com_err(progname, retval, "while unparsing server name");
-	krb5_free_unparsed_name(kcontext, name);
-	return;
+        com_err(progname, retval, "while unparsing server name");
+        krb5_free_unparsed_name(kcontext, name);
+        return;
     }
     if (!cred->times.starttime)
-	cred->times.starttime = cred->times.authtime;
+        cred->times.starttime = cred->times.authtime;
 
     printtime(cred->times.starttime);
     putchar(' '); putchar(' ');
@@ -519,101 +520,101 @@ show_credential(cred)
     printf("%s\n", sname);
 
     if (strcmp(name, defname)) {
-	    printf("\tfor client %s", name);
-	    extra_field++;
+        printf("\tfor client %s", name);
+        extra_field++;
     }
-    
+
     if (cred->times.renew_till) {
-	if (!extra_field)
-		fputs("\t",stdout);
-	else
-		fputs(", ",stdout);
-	fputs("renew until ", stdout);
-	printtime(cred->times.renew_till);
-	extra_field += 2;
+        if (!extra_field)
+            fputs("\t",stdout);
+        else
+            fputs(", ",stdout);
+        fputs("renew until ", stdout);
+        printtime(cred->times.renew_till);
+        extra_field += 2;
     }
 
     if (extra_field > 3) {
-	fputs("\n", stdout);
-	extra_field = 0;
+        fputs("\n", stdout);
+        extra_field = 0;
     }
 
     if (show_flags) {
-	flags = flags_string(cred);
-	if (flags && *flags) {
-	    if (!extra_field)
-		fputs("\t",stdout);
-	    else
-		fputs(", ",stdout);
-	    printf("Flags: %s", flags);
-	    extra_field++;
-	}
+        flags = flags_string(cred);
+        if (flags && *flags) {
+            if (!extra_field)
+                fputs("\t",stdout);
+            else
+                fputs(", ",stdout);
+            printf("Flags: %s", flags);
+            extra_field++;
+        }
     }
 
     if (extra_field > 2) {
-	fputs("\n", stdout);
-	extra_field = 0;
+        fputs("\n", stdout);
+        extra_field = 0;
     }
 
     if (show_etype) {
-	retval = krb5_decode_ticket(&cred->ticket, &tkt);
-	if (retval)
-	    goto err_tkt;
-
-	if (!extra_field)
-	    fputs("\t",stdout);
-	else
-	    fputs(", ",stdout);
-	printf("Etype (skey, tkt): %s, ",
-	       etype_string(cred->keyblock.enctype));
-	printf("%s ",
-	       etype_string(tkt->enc_part.enctype));
-	extra_field++;
+        retval = krb5_decode_ticket(&cred->ticket, &tkt);
+        if (retval)
+            goto err_tkt;
+
+        if (!extra_field)
+            fputs("\t",stdout);
+        else
+            fputs(", ",stdout);
+        printf("Etype (skey, tkt): %s, ",
+               etype_string(cred->keyblock.enctype));
+        printf("%s ",
+               etype_string(tkt->enc_part.enctype));
+        extra_field++;
 
     err_tkt:
-	if (tkt != NULL)
-	    krb5_free_ticket(kcontext, tkt);
+        if (tkt != NULL)
+            krb5_free_ticket(kcontext, tkt);
     }
 
     if (show_adtype) {
-	int i;
-
-	if (cred->authdata != NULL) {
-	    if (!extra_field)
-		fputs("\t",stdout);
-	    else
-		fputs(", ",stdout);
-	    printf("AD types: ");
-	    for (i = 0; cred->authdata[i] != NULL; i++) {
-		if (i)
-		    printf(", ");
-		printf("%d", cred->authdata[i]->ad_type);
-	    }
-	    extra_field++;
-	}
+        int i;
+
+        if (cred->authdata != NULL) {
+            if (!extra_field)
+                fputs("\t",stdout);
+            else
+                fputs(", ",stdout);
+            printf("AD types: ");
+            for (i = 0; cred->authdata[i] != NULL; i++) {
+                if (i)
+                    printf(", ");
+                printf("%d", cred->authdata[i]->ad_type);
+            }
+            extra_field++;
+        }
     }
 
     /* if any additional info was printed, extra_field is non-zero */
     if (extra_field)
-	putchar('\n');
+        putchar('\n');
 
 
     if (show_addresses) {
-	if (!cred->addresses || !cred->addresses[0]) {
-	    printf("\tAddresses: (none)\n");
-	} else {
-	    int i;
+        if (!cred->addresses || !cred->addresses[0]) {
+            printf("\tAddresses: (none)\n");
+        } else {
+            int i;
 
-	    printf("\tAddresses: ");
-	    one_addr(cred->addresses[0]);
+            printf("\tAddresses: ");
+            one_addr(cred->addresses[0]);
 
-	    for (i=1; cred->addresses[i]; i++) {
-		printf(", ");
-		one_addr(cred->addresses[i]);
-	    }
+            for (i=1; cred->addresses[i]; i++) {
+                printf(", ");
+                one_addr(cred->addresses[i]);
+            }
 
-	    printf("\n");
-	}
+            printf("\n");
+        }
     }
 
     krb5_free_unparsed_name(kcontext, name);
@@ -635,60 +636,60 @@ void one_addr(a)
 
     switch (a->addrtype) {
     case ADDRTYPE_INET:
-	if (a->length != 4) {
-	broken:
-	    printf ("broken address (type %d length %d)",
-		    a->addrtype, a->length);
-	    return;
-	}
-	{
-	    struct sockaddr_in *sinp = ss2sin (&ss);
-	    sinp->sin_family = AF_INET;
+        if (a->length != 4) {
+        broken:
+            printf ("broken address (type %d length %d)",
+                    a->addrtype, a->length);
+            return;
+        }
+        {
+            struct sockaddr_in *sinp = ss2sin (&ss);
+            sinp->sin_family = AF_INET;
 #ifdef HAVE_SA_LEN
-	    sinp->sin_len = sizeof (struct sockaddr_in);
+            sinp->sin_len = sizeof (struct sockaddr_in);
 #endif
-	    memcpy (&sinp->sin_addr, a->contents, 4);
-	}
-	break;
+            memcpy (&sinp->sin_addr, a->contents, 4);
+        }
+        break;
 #ifdef KRB5_USE_INET6
     case ADDRTYPE_INET6:
-	if (a->length != 16)
-	    goto broken;
-	{
-	    struct sockaddr_in6 *sin6p = ss2sin6 (&ss);
-	    sin6p->sin6_family = AF_INET6;
+        if (a->length != 16)
+            goto broken;
+        {
+            struct sockaddr_in6 *sin6p = ss2sin6 (&ss);
+            sin6p->sin6_family = AF_INET6;
 #ifdef HAVE_SA_LEN
-	    sin6p->sin6_len = sizeof (struct sockaddr_in6);
+            sin6p->sin6_len = sizeof (struct sockaddr_in6);
 #endif
-	    memcpy (&sin6p->sin6_addr, a->contents, 16);
-	}
-	break;
+            memcpy (&sin6p->sin6_addr, a->contents, 16);
+        }
+        break;
 #endif
     default:
-	printf ("unknown addrtype %d", a->addrtype);
-	return;
+        printf ("unknown addrtype %d", a->addrtype);
+        return;
     }
 
     namebuf[0] = 0;
     err = getnameinfo (ss2sa (&ss), socklen (ss2sa (&ss)),
-		       namebuf, sizeof (namebuf), 0, 0,
-		       no_resolve ? NI_NUMERICHOST : 0U);
+                       namebuf, sizeof (namebuf), 0, 0,
+                       no_resolve ? NI_NUMERICHOST : 0U);
     if (err) {
-	printf ("unprintable address (type %d, error %d %s)", a->addrtype, err,
-		gai_strerror (err));
-	return;
+        printf ("unprintable address (type %d, error %d %s)", a->addrtype, err,
+                gai_strerror (err));
+        return;
     }
     printf ("%s", namebuf);
 }
 
 void
 fillit(f, num, c)
-    FILE		*f;
-    unsigned int	num;
-    int			c;
+    FILE                *f;
+    unsigned int        num;
+    int                 c;
 {
     int i;
 
     for (i=0; i<num; i++)
-	fputc(c, f);
+        fputc(c, f);
 }
diff --git a/src/clients/kpasswd/kpasswd.c b/src/clients/kpasswd/kpasswd.c
index 204a8bfdb..6bc0668e4 100644
--- a/src/clients/kpasswd/kpasswd.c
+++ b/src/clients/kpasswd/kpasswd.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <sys/types.h>
 #include "autoconf.h"
@@ -23,13 +24,13 @@ void get_name_from_passwd_file(program_name, kcontext, me)
     struct passwd *pw;
     krb5_error_code code;
     if ((pw = getpwuid(getuid()))) {
-	if ((code = krb5_parse_name(kcontext, pw->pw_name, me))) {
-	    com_err (program_name, code, "when parsing name %s", pw->pw_name);
-	    exit(1);
-	}
+        if ((code = krb5_parse_name(kcontext, pw->pw_name, me))) {
+            com_err (program_name, code, "when parsing name %s", pw->pw_name);
+            exit(1);
+        }
     } else {
-	fprintf(stderr, "Unable to identify user from password file\n");
-	exit(1);
+        fprintf(stderr, "Unable to identify user from password file\n");
+        exit(1);
     }
 }
 #else /* HAVE_PWD_H */
@@ -44,116 +45,116 @@ void get_name_from_passwd_file(kcontext, me)
 
 int main(int argc, char *argv[])
 {
-   krb5_error_code ret;
-   krb5_context context;
-   krb5_principal princ;
-   char *pname;
-   krb5_ccache ccache;
-   krb5_get_init_creds_opt *opts = NULL;
-   krb5_creds creds;
-
-   char pw[1024];
-   unsigned int pwlen;
-   int result_code;
-   krb5_data result_code_string, result_string;
-
-   if (argc > 2) {
-      fprintf(stderr, "usage: %s [principal]\n", argv[0]);
-      exit(1);
-   }
-
-   pname = argv[1];
-
-   ret = krb5_init_context(&context);
-   if (ret) {
-      com_err(argv[0], ret, "initializing kerberos library");
-      exit(1);
-   }
-
-   /* in order, use the first of:
-      - a name specified on the command line
-      - the principal name from an existing ccache
-      - the name corresponding to the ruid of the process
-
-      otherwise, it's an error.
-      */
-
-   if (pname) {
-      if ((ret = krb5_parse_name(context, pname, &princ))) {
-	 com_err(argv[0], ret, "parsing client name");
-	 exit(1);
-      }
-   } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) {
-      if (ret) {
-	 com_err(argv[0], ret, "opening default ccache");
-	 exit(1);
-      }
-
-      if ((ret = krb5_cc_get_principal(context, ccache, &princ))) {
-	 com_err(argv[0], ret, "getting principal from ccache");
-	 exit(1);
-      }
-
-      if ((ret = krb5_cc_close(context, ccache))) {
-	 com_err(argv[0], ret, "closing ccache");
-	 exit(1);
-      }
-   } else {
-       get_name_from_passwd_file(argv[0], context, &princ);
-   }
-
-   if ((ret = krb5_get_init_creds_opt_alloc(context, &opts))) {
-	 com_err(argv[0], ret, "allocating krb5_get_init_creds_opt");
-	 exit(1);
-   }
-   krb5_get_init_creds_opt_set_tkt_life(opts, 5*60);
-   krb5_get_init_creds_opt_set_renew_life(opts, 0);
-   krb5_get_init_creds_opt_set_forwardable(opts, 0);
-   krb5_get_init_creds_opt_set_proxiable(opts, 0);
-
-   if ((ret = krb5_get_init_creds_password(context, &creds, princ, NULL,
-					   krb5_prompter_posix, NULL, 
-					   0, "kadmin/changepw", opts))) {
-      if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-	 com_err(argv[0], 0,
-		 "Password incorrect while getting initial ticket");
-      else
-	 com_err(argv[0], ret, "getting initial ticket");
-      krb5_get_init_creds_opt_free(context, opts);
-      exit(1);
-   }
-
-   pwlen = sizeof(pw);
-   if ((ret = krb5_read_password(context, P1, P2, pw, &pwlen))) {
-      com_err(argv[0], ret, "while reading password");
-      krb5_get_init_creds_opt_free(context, opts);
-      exit(1);
-   }
-
-   if ((ret = krb5_change_password(context, &creds, pw,
-				   &result_code, &result_code_string,
-				   &result_string))) {
-      com_err(argv[0], ret, "changing password");
-      krb5_get_init_creds_opt_free(context, opts);
-      exit(1);
-   }
-
-   if (result_code) {
-      printf("%.*s%s%.*s\n",
-	     (int) result_code_string.length, result_code_string.data,
-	     result_string.length?": ":"",
-	     (int) result_string.length,
-	     result_string.data ? result_string.data : "");
-      krb5_get_init_creds_opt_free(context, opts);
-      exit(2);
-   }
-
-   if (result_string.data != NULL) 
-       free(result_string.data);
-   if (result_code_string.data != NULL)
-       free(result_code_string.data);
-   krb5_get_init_creds_opt_free(context, opts);
-
-   printf("Password changed.\n");
-   exit(0);
+    krb5_error_code ret;
+    krb5_context context;
+    krb5_principal princ;
+    char *pname;
+    krb5_ccache ccache;
+    krb5_get_init_creds_opt *opts = NULL;
+    krb5_creds creds;
+
+    char pw[1024];
+    unsigned int pwlen;
+    int result_code;
+    krb5_data result_code_string, result_string;
+
+    if (argc > 2) {
+        fprintf(stderr, "usage: %s [principal]\n", argv[0]);
+        exit(1);
+    }
+
+    pname = argv[1];
+
+    ret = krb5_init_context(&context);
+    if (ret) {
+        com_err(argv[0], ret, "initializing kerberos library");
+        exit(1);
+    }
+
+    /* in order, use the first of:
+       - a name specified on the command line
+       - the principal name from an existing ccache
+       - the name corresponding to the ruid of the process
+
+       otherwise, it's an error.
+    */
+
+    if (pname) {
+        if ((ret = krb5_parse_name(context, pname, &princ))) {
+            com_err(argv[0], ret, "parsing client name");
+            exit(1);
+        }
+    } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) {
+        if (ret) {
+            com_err(argv[0], ret, "opening default ccache");
+            exit(1);
+        }
+
+        if ((ret = krb5_cc_get_principal(context, ccache, &princ))) {
+            com_err(argv[0], ret, "getting principal from ccache");
+            exit(1);
+        }
+
+        if ((ret = krb5_cc_close(context, ccache))) {
+            com_err(argv[0], ret, "closing ccache");
+            exit(1);
+        }
+    } else {
+        get_name_from_passwd_file(argv[0], context, &princ);
+    }
+
+    if ((ret = krb5_get_init_creds_opt_alloc(context, &opts))) {
+        com_err(argv[0], ret, "allocating krb5_get_init_creds_opt");
+        exit(1);
+    }
+    krb5_get_init_creds_opt_set_tkt_life(opts, 5*60);
+    krb5_get_init_creds_opt_set_renew_life(opts, 0);
+    krb5_get_init_creds_opt_set_forwardable(opts, 0);
+    krb5_get_init_creds_opt_set_proxiable(opts, 0);
+
+    if ((ret = krb5_get_init_creds_password(context, &creds, princ, NULL,
+                                            krb5_prompter_posix, NULL,
+                                            0, "kadmin/changepw", opts))) {
+        if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+            com_err(argv[0], 0,
+                    "Password incorrect while getting initial ticket");
+        else
+            com_err(argv[0], ret, "getting initial ticket");
+        krb5_get_init_creds_opt_free(context, opts);
+        exit(1);
+    }
+
+    pwlen = sizeof(pw);
+    if ((ret = krb5_read_password(context, P1, P2, pw, &pwlen))) {
+        com_err(argv[0], ret, "while reading password");
+        krb5_get_init_creds_opt_free(context, opts);
+        exit(1);
+    }
+
+    if ((ret = krb5_change_password(context, &creds, pw,
+                                    &result_code, &result_code_string,
+                                    &result_string))) {
+        com_err(argv[0], ret, "changing password");
+        krb5_get_init_creds_opt_free(context, opts);
+        exit(1);
+    }
+
+    if (result_code) {
+        printf("%.*s%s%.*s\n",
+               (int) result_code_string.length, result_code_string.data,
+               result_string.length?": ":"",
+               (int) result_string.length,
+               result_string.data ? result_string.data : "");
+        krb5_get_init_creds_opt_free(context, opts);
+        exit(2);
+    }
+
+    if (result_string.data != NULL)
+        free(result_string.data);
+    if (result_code_string.data != NULL)
+        free(result_code_string.data);
+    krb5_get_init_creds_opt_free(context, opts);
+
+    printf("Password changed.\n");
+    exit(0);
 }
diff --git a/src/clients/kpasswd/ksetpwd.c b/src/clients/kpasswd/ksetpwd.c
index a489f06e3..971990506 100644
--- a/src/clients/kpasswd/ksetpwd.c
+++ b/src/clients/kpasswd/ksetpwd.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <krb5.h>
 #include <string.h>
 #include <unistd.h>
@@ -9,26 +10,26 @@
 
 static int verify_creds()
 {
-	krb5_context	kcontext;
-	krb5_ccache		ccache;
-	krb5_error_code	kres;
+    krb5_context    kcontext;
+    krb5_ccache             ccache;
+    krb5_error_code kres;
 
-	kres = krb5_init_context(&kcontext);
-	if( kres == 0 )
-	{
-		kres = krb5_cc_default( kcontext, &ccache );
-		if( kres == 0 )
-		{
-			krb5_principal	user_princ;
+    kres = krb5_init_context(&kcontext);
+    if( kres == 0 )
+    {
+        kres = krb5_cc_default( kcontext, &ccache );
+        if( kres == 0 )
+        {
+            krb5_principal  user_princ;
 
-			kres = krb5_cc_get_principal( kcontext, ccache, &user_princ );
-			if( kres == 0 )
-				krb5_free_principal( kcontext, user_princ );
-			krb5_cc_close( kcontext, ccache );
-		}
-		krb5_free_context(kcontext);
-	}
-	return kres;
+            kres = krb5_cc_get_principal( kcontext, ccache, &user_princ );
+            if( kres == 0 )
+                krb5_free_principal( kcontext, user_princ );
+            krb5_cc_close( kcontext, ccache );
+        }
+        krb5_free_context(kcontext);
+    }
+    return kres;
 }
 
 static void get_init_creds_opt_init( krb5_get_init_creds_opt *outOptions )
@@ -44,269 +45,269 @@ typedef void * kbrccache_t;
 #define CCACHE_PREFIX_DEFAULT "MEMORY:C_"
 
 static kbrccache_t userinitcontext(
-	const char * user, const char * domain, const char * passwd, const char * cachename, int initialize,
-	int * outError )
+    const char * user, const char * domain, const char * passwd, const char * cachename, int initialize,
+    int * outError )
 {
-	krb5_context	kcontext = 0;
-	krb5_ccache		kcache = 0;
-	krb5_creds		kcreds;
-	krb5_principal	kme = 0;
-	krb5_error_code	kres;
-	char *			pPass = strdup( passwd );
-	char *			pName = NULL;
-	char *			pCacheName = NULL;
-	int				numCreds = 0;
+    krb5_context    kcontext = 0;
+    krb5_ccache             kcache = 0;
+    krb5_creds              kcreds;
+    krb5_principal  kme = 0;
+    krb5_error_code kres;
+    char *                  pPass = strdup( passwd );
+    char *                  pName = NULL;
+    char *                  pCacheName = NULL;
+    int                             numCreds = 0;
 
-	memset( &kcreds, 0, sizeof(kcreds) );
-	kres = krb5_init_context( &kcontext );
-	if( kres )
-		goto return_error;
-	if( domain )
-		kres = krb5_build_principal( kcontext, &kme, strlen(domain), domain, user, (char *) 0 );
-	else
-		kres = krb5_parse_name( kcontext, user, &kme );
-	if( kres )
-		goto fail;
-	krb5_unparse_name( kcontext, kme, &pName );
-	if( cachename )
-	{
-		if (asprintf(&pCacheName, "%s%s", cachename, pName) < 0)
-		{
-			kres = KRB5_CC_NOMEM;
-			goto fail;
-		}
-		kres = krb5_cc_resolve( kcontext, pCacheName, &kcache );
-		if( kres )
-		{
-			kres = krb5_cc_resolve( kcontext, CCACHE_PREFIX_DEFAULT, &kcache );
-			if( kres == 0 )
-				pCacheName = strdup(CCACHE_PREFIX_DEFAULT);
-		}
-	}
-	else
-	{
-		kres = krb5_cc_default( kcontext, &kcache );
-		pCacheName = strdup( krb5_cc_get_name( kcontext, kcache ) );
-	}
-	if( kres )
-	{
-		krb5_free_context(kcontext);
-		goto return_error;
-	}
-	if( initialize )
-		krb5_cc_initialize( kcontext, kcache, kme );
-	if( kres == 0 && user && passwd )
-	{
-		long timeneeded = time(0L) +TKTTIMELEFT;
-		int have_credentials = 0;
-		krb5_cc_cursor cc_curs = NULL;
-		numCreds = 0;
-		if( (kres=krb5_cc_start_seq_get(kcontext, kcache, &cc_curs)) >= 0 )
-		{
-			while( (kres=krb5_cc_next_cred(kcontext, kcache, &cc_curs, &kcreds))== 0)
-			{
-				numCreds++;
-				if( krb5_principal_compare( kcontext, kme, kcreds.client ) )
-				{
-					if( kcreds.ticket_flags & TKT_FLG_INITIAL && kcreds.times.endtime>timeneeded )
-						have_credentials = 1;
-				}
-				krb5_free_cred_contents( kcontext, &kcreds );
-				if( have_credentials )
-					break;
-			}
-			krb5_cc_end_seq_get( kcontext, kcache, &cc_curs );
-		}
-		else
-		{
-			const char * errmsg = error_message(kres);
-			fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg );
-		}
-		if( kres != 0 || have_credentials == 0 )
-		{
-			krb5_get_init_creds_opt *options = NULL;
-			kres = krb5_get_init_creds_opt_alloc(kcontext, &options);
-			if ( kres == 0 )
-			{
-				get_init_creds_opt_init(options);
+    memset( &kcreds, 0, sizeof(kcreds) );
+    kres = krb5_init_context( &kcontext );
+    if( kres )
+        goto return_error;
+    if( domain )
+        kres = krb5_build_principal( kcontext, &kme, strlen(domain), domain, user, (char *) 0 );
+    else
+        kres = krb5_parse_name( kcontext, user, &kme );
+    if( kres )
+        goto fail;
+    krb5_unparse_name( kcontext, kme, &pName );
+    if( cachename )
+    {
+        if (asprintf(&pCacheName, "%s%s", cachename, pName) < 0)
+        {
+            kres = KRB5_CC_NOMEM;
+            goto fail;
+        }
+        kres = krb5_cc_resolve( kcontext, pCacheName, &kcache );
+        if( kres )
+        {
+            kres = krb5_cc_resolve( kcontext, CCACHE_PREFIX_DEFAULT, &kcache );
+            if( kres == 0 )
+                pCacheName = strdup(CCACHE_PREFIX_DEFAULT);
+        }
+    }
+    else
+    {
+        kres = krb5_cc_default( kcontext, &kcache );
+        pCacheName = strdup( krb5_cc_get_name( kcontext, kcache ) );
+    }
+    if( kres )
+    {
+        krb5_free_context(kcontext);
+        goto return_error;
+    }
+    if( initialize )
+        krb5_cc_initialize( kcontext, kcache, kme );
+    if( kres == 0 && user && passwd )
+    {
+        long timeneeded = time(0L) +TKTTIMELEFT;
+        int have_credentials = 0;
+        krb5_cc_cursor cc_curs = NULL;
+        numCreds = 0;
+        if( (kres=krb5_cc_start_seq_get(kcontext, kcache, &cc_curs)) >= 0 )
+        {
+            while( (kres=krb5_cc_next_cred(kcontext, kcache, &cc_curs, &kcreds))== 0)
+            {
+                numCreds++;
+                if( krb5_principal_compare( kcontext, kme, kcreds.client ) )
+                {
+                    if( kcreds.ticket_flags & TKT_FLG_INITIAL && kcreds.times.endtime>timeneeded )
+                        have_credentials = 1;
+                }
+                krb5_free_cred_contents( kcontext, &kcreds );
+                if( have_credentials )
+                    break;
+            }
+            krb5_cc_end_seq_get( kcontext, kcache, &cc_curs );
+        }
+        else
+        {
+            const char * errmsg = error_message(kres);
+            fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg );
+        }
+        if( kres != 0 || have_credentials == 0 )
+        {
+            krb5_get_init_creds_opt *options = NULL;
+            kres = krb5_get_init_creds_opt_alloc(kcontext, &options);
+            if ( kres == 0 )
+            {
+                get_init_creds_opt_init(options);
 /*
 ** no valid credentials - get new ones
 */
-				kres = krb5_get_init_creds_password( kcontext, &kcreds, kme, pPass,
-						NULL /*prompter*/, 
-						NULL /*data*/,
-						0 /*starttime*/,
-						0 /*in_tkt_service*/,
-						options /*options*/ );
-			}
-			if( kres == 0 )
-			{
-				if( numCreds <= 0 )
-					kres = krb5_cc_initialize( kcontext, kcache, kme );
-				if( kres == 0 )
-					kres = krb5_cc_store_cred( kcontext, kcache, &kcreds );
-				if( kres == 0 )
-					have_credentials = 1;
-			}
-			krb5_get_init_creds_opt_free(kcontext, options);
-		}
+                kres = krb5_get_init_creds_password( kcontext, &kcreds, kme, pPass,
+                                                     NULL /*prompter*/,
+                                                     NULL /*data*/,
+                                                     0 /*starttime*/,
+                                                     0 /*in_tkt_service*/,
+                                                     options /*options*/ );
+            }
+            if( kres == 0 )
+            {
+                if( numCreds <= 0 )
+                    kres = krb5_cc_initialize( kcontext, kcache, kme );
+                if( kres == 0 )
+                    kres = krb5_cc_store_cred( kcontext, kcache, &kcreds );
+                if( kres == 0 )
+                    have_credentials = 1;
+            }
+            krb5_get_init_creds_opt_free(kcontext, options);
+        }
 #ifdef NOTUSED
-		if( have_credentials )
-		{
-			int mstat;
-			kres = gss_krb5_ccache_name( &mstat, pCacheName, NULL );
-			if( getenv( ENV_DEBUG_LDAPKERB ) )
-				fprintf( stderr, "gss credentials cache set to %s(%d)\n", pCacheName, kres );
-		}
+        if( have_credentials )
+        {
+            int mstat;
+            kres = gss_krb5_ccache_name( &mstat, pCacheName, NULL );
+            if( getenv( ENV_DEBUG_LDAPKERB ) )
+                fprintf( stderr, "gss credentials cache set to %s(%d)\n", pCacheName, kres );
+        }
 #endif
-		krb5_cc_close( kcontext, kcache );
-	}
+        krb5_cc_close( kcontext, kcache );
+    }
 fail:
-	if( kres )
-	{
-			const char * errmsg = error_message(kres);
-			fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg );
-	}
-	krb5_free_principal( kcontext, kme );
-	krb5_free_cred_contents( kcontext, &kcreds );
-	if( pName )
-		free( pName );
-	free(pPass);
-	krb5_free_context(kcontext);
+    if( kres )
+    {
+        const char * errmsg = error_message(kres);
+        fprintf( stderr, "%s user init(%s): %s\n", "setpass", pName, errmsg );
+    }
+    krb5_free_principal( kcontext, kme );
+    krb5_free_cred_contents( kcontext, &kcreds );
+    if( pName )
+        free( pName );
+    free(pPass);
+    krb5_free_context(kcontext);
 
 return_error:
-	if( kres )
-	{
-		if( pCacheName )
-		{
-			free(pCacheName);
-			pCacheName = NULL;
-		}
-	}
-	if( outError )
-		*outError = kres;
-	return pCacheName;
+    if( kres )
+    {
+        if( pCacheName )
+        {
+            free(pCacheName);
+            pCacheName = NULL;
+        }
+    }
+    if( outError )
+        *outError = kres;
+    return pCacheName;
 }
 
 static int init_creds()
 {
-	char user[512];
-	char * password = NULL;
-	int result;
+    char user[512];
+    char * password = NULL;
+    int result;
 
-	user[0] = 0;
-	result = -1;
+    user[0] = 0;
+    result = -1;
 
-	for(;;)
-	{
-		while( user[0] == 0 )
-		{
-			int userlen;
-			printf( "Username: ");
-			fflush(stdout);
-			if( fgets( user, sizeof(user), stdin ) == NULL )
-				return -1;
-			userlen = strlen( user);
-			if( userlen < 2 )
-				continue;
-			user[userlen-1] = 0;	/* get rid of the newline */
-			break;
-		}
-		{
-			kbrccache_t usercontext;
-			password = getpass( "Password: ");
-			if( ! password )
-				return -1;
-			result = 0;
-			usercontext = userinitcontext( user, NULL, password, NULL, 1, &result );
-			if( usercontext )
-				break;
-		}
-	}
-	return result;
+    for(;;)
+    {
+        while( user[0] == 0 )
+        {
+            int userlen;
+            printf( "Username: ");
+            fflush(stdout);
+            if( fgets( user, sizeof(user), stdin ) == NULL )
+                return -1;
+            userlen = strlen( user);
+            if( userlen < 2 )
+                continue;
+            user[userlen-1] = 0;    /* get rid of the newline */
+            break;
+        }
+        {
+            kbrccache_t usercontext;
+            password = getpass( "Password: ");
+            if( ! password )
+                return -1;
+            result = 0;
+            usercontext = userinitcontext( user, NULL, password, NULL, 1, &result );
+            if( usercontext )
+                break;
+        }
+    }
+    return result;
 }
 
 int main( int argc, char ** argv )
 {
-	char * new_password = NULL;
-	char * new_password2;
-	krb5_context	kcontext;
-	krb5_error_code	kerr;
-	krb5_principal	target_principal;
+    char * new_password = NULL;
+    char * new_password2;
+    krb5_context    kcontext;
+    krb5_error_code kerr;
+    krb5_principal  target_principal;
 
 
-	if( argc < 2 )
-	{
-		fprintf( stderr, "Usage: setpass user@REALM\n");
-		exit(1);
-	}
+    if( argc < 2 )
+    {
+        fprintf( stderr, "Usage: setpass user@REALM\n");
+        exit(1);
+    }
 
 /*
 ** verify credentials -
 */
-	if( verify_creds() )
-		init_creds();
-	if( verify_creds() )
-	{
-		fprintf( stderr, "No user credentials available\n");
-		exit(1);
-	}
+    if( verify_creds() )
+        init_creds();
+    if( verify_creds() )
+    {
+        fprintf( stderr, "No user credentials available\n");
+        exit(1);
+    }
 /*
 ** check the principal name -
 */
-	krb5_init_context(&kcontext);
-	kerr = krb5_parse_name( kcontext, argv[1], &target_principal );
+    krb5_init_context(&kcontext);
+    kerr = krb5_parse_name( kcontext, argv[1], &target_principal );
 
-	{
-		char * pname = NULL;
-		kerr = krb5_unparse_name( kcontext, target_principal, &pname );
-		printf( "Changing password for %s:\n", pname);
-		fflush( stdout );
-		free( pname );
-	}
+    {
+        char * pname = NULL;
+        kerr = krb5_unparse_name( kcontext, target_principal, &pname );
+        printf( "Changing password for %s:\n", pname);
+        fflush( stdout );
+        free( pname );
+    }
 /*
 ** get the new password -
 */
-	while( !new_password )
-	{
-		new_password = getpass("Enter new password: ");
-		new_password2 = getpass("Verify new password: ");
-		if( strcmp( new_password, new_password2 ) )
-		{
-			printf("Passwords do not match\n");
-			free( new_password );
-			free( new_password2 );
-			continue;
-		}
-	}
+    while( !new_password )
+    {
+        new_password = getpass("Enter new password: ");
+        new_password2 = getpass("Verify new password: ");
+        if( strcmp( new_password, new_password2 ) )
+        {
+            printf("Passwords do not match\n");
+            free( new_password );
+            free( new_password2 );
+            continue;
+        }
+    }
 /*
 ** change the password -
 */
-	{
-		int pw_result;
-		krb5_ccache ccache;
-		krb5_data	pw_res_string, res_string;
+    {
+        int pw_result;
+        krb5_ccache ccache;
+        krb5_data       pw_res_string, res_string;
 
-		kerr = krb5_cc_default( kcontext, &ccache );
-		if( kerr == 0 )
-		{
-			kerr = krb5_set_password_using_ccache(kcontext, ccache, new_password, target_principal,
-						&pw_result, &pw_res_string, &res_string );
-			if( kerr )
-				fprintf( stderr, "Failed: %s\n", error_message(kerr) );
-			else
-			{
-				if( pw_result )
-				{
-					fprintf( stderr, "Failed(%d)", pw_result );
-					if( pw_res_string.length > 0 )
-						fprintf( stderr, ": %s", pw_res_string.data);
-					if( res_string.length > 0 )
-						fprintf( stderr, " %s", res_string.data);
-					fprintf( stderr, "\n");
-				}
-			}
-		}
-	}
-	return(0);
+        kerr = krb5_cc_default( kcontext, &ccache );
+        if( kerr == 0 )
+        {
+            kerr = krb5_set_password_using_ccache(kcontext, ccache, new_password, target_principal,
+                                                  &pw_result, &pw_res_string, &res_string );
+            if( kerr )
+                fprintf( stderr, "Failed: %s\n", error_message(kerr) );
+            else
+            {
+                if( pw_result )
+                {
+                    fprintf( stderr, "Failed(%d)", pw_result );
+                    if( pw_res_string.length > 0 )
+                        fprintf( stderr, ": %s", pw_res_string.data);
+                    if( res_string.length > 0 )
+                        fprintf( stderr, " %s", res_string.data);
+                    fprintf( stderr, "\n");
+                }
+            }
+        }
+    }
+    return(0);
 }
diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c
index 0c90d2713..fcc5ca99d 100644
--- a/src/clients/ksu/authorization.c
+++ b/src/clients/ksu/authorization.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 1994 by the University of Southern California
  *
@@ -40,11 +41,11 @@ krb5_boolean fowner(fp, uid)
      * the user himself, or by root.  Otherwise, don't grant access.
      */
     if (fstat(fileno(fp), &sbuf)) {
-	return(FALSE);
+        return(FALSE);
     }
 
     if ((sbuf.st_uid != uid) && sbuf.st_uid) {
-	return(FALSE);
+        return(FALSE);
     }
 
     return(TRUE);
@@ -59,8 +60,8 @@ krb5_boolean fowner(fp, uid)
  */
 
 krb5_error_code krb5_authorization(context, principal, luser,
-				   cmd, ok, out_fcmd)
-    /* IN */
+                                   cmd, ok, out_fcmd)
+/* IN */
     krb5_context context;
     krb5_principal principal;
     const char *luser;
@@ -82,11 +83,11 @@ krb5_error_code krb5_authorization(context, principal, luser,
 
     /* no account => no access */
     if ((pwd = getpwnam(luser)) == NULL)
-	return 0;
+        return 0;
 
     retval = krb5_unparse_name(context, principal, &princname);
     if (retval)
-	return retval;
+        return retval;
 
 #ifdef DEBUG
     printf("principal to be authorized %s\n", princname);
@@ -99,43 +100,43 @@ krb5_error_code krb5_authorization(context, principal, luser,
 
     /* k5login and k5users must be owned by target user or root */
     if (!k5login_flag){
-    	if ((login_fp = fopen(k5login_path, "r")) == NULL)
-	    return 0;
-	if ( fowner(login_fp, pwd->pw_uid) == FALSE) {
-	    fclose(login_fp);
-	    return 0;
-	}
+        if ((login_fp = fopen(k5login_path, "r")) == NULL)
+            return 0;
+        if ( fowner(login_fp, pwd->pw_uid) == FALSE) {
+            fclose(login_fp);
+            return 0;
+        }
     }
 
     if (!k5users_flag){
-    	if ((users_fp = fopen(k5users_path, "r")) == NULL) {
-	    return 0;
-    	}
-	if ( fowner(users_fp, pwd->pw_uid) == FALSE){
-	    fclose(users_fp);
-	    return 0;
-    	}
+        if ((users_fp = fopen(k5users_path, "r")) == NULL) {
+            return 0;
+        }
+        if ( fowner(users_fp, pwd->pw_uid) == FALSE){
+            fclose(users_fp);
+            return 0;
+        }
     }
 
     if (auth_debug){
-	fprintf(stderr,
-		"In krb5_authorization: if auth files exist -> can access\n");
+        fprintf(stderr,
+                "In krb5_authorization: if auth files exist -> can access\n");
     }
 
 #if 0
     if (cmd){
-	if(k5users_flag){
-	    return 0; /* if  kusers does not exist -> done */
-	}else{
-	    if(retval = k5users_lookup(users_fp,princname,
-				       cmd,&retbool,out_fcmd)){
-		auth_cleanup(users_fp, login_fp, princname);
-		return retval;
-	    }else{
-		*ok =retbool;
-		return retval;
-	    }
-	}
+        if(k5users_flag){
+            return 0; /* if  kusers does not exist -> done */
+        }else{
+            if(retval = k5users_lookup(users_fp,princname,
+                                       cmd,&retbool,out_fcmd)){
+                auth_cleanup(users_fp, login_fp, princname);
+                return retval;
+            }else{
+                *ok =retbool;
+                return retval;
+            }
+        }
     }
 #endif
 
@@ -144,41 +145,41 @@ krb5_error_code krb5_authorization(context, principal, luser,
        if it's not there check the k5users file */
 
     if (!k5login_flag){
-	if (auth_debug)
-	    fprintf(stderr,
-		    "In krb5_authorization: principal to be authorized %s\n",
-		    princname);
-
-	retval = k5login_lookup(login_fp,  princname, &retbool);
-	if (retval) {
-	    auth_cleanup(users_fp, login_fp, princname);
-	    return retval;
-	}
-	if (retbool) {
-	    if (cmd)
-		*out_fcmd = xstrdup(cmd);
-	}
+        if (auth_debug)
+            fprintf(stderr,
+                    "In krb5_authorization: principal to be authorized %s\n",
+                    princname);
+
+        retval = k5login_lookup(login_fp,  princname, &retbool);
+        if (retval) {
+            auth_cleanup(users_fp, login_fp, princname);
+            return retval;
+        }
+        if (retbool) {
+            if (cmd)
+                *out_fcmd = xstrdup(cmd);
+        }
     }
 
     if ((!k5users_flag) && (retbool == FALSE) ){
-	retval = k5users_lookup (users_fp, princname,
-				 cmd, &retbool, out_fcmd);
-	if(retval) {
-	    auth_cleanup(users_fp, login_fp, princname);
-	    return retval;
-	}
+        retval = k5users_lookup (users_fp, princname,
+                                 cmd, &retbool, out_fcmd);
+        if(retval) {
+            auth_cleanup(users_fp, login_fp, princname);
+            return retval;
+        }
     }
 
     if (k5login_flag && k5users_flag){
 
-	char * kuser =  (char *) xcalloc (strlen(princname), sizeof(char));
-	if (!(krb5_aname_to_localname(context, principal,
-				      strlen(princname), kuser))
-	    && (strcmp(kuser, luser) == 0)) {
-	    retbool = TRUE;
-	}
+        char * kuser =  (char *) xcalloc (strlen(princname), sizeof(char));
+        if (!(krb5_aname_to_localname(context, principal,
+                                      strlen(princname), kuser))
+            && (strcmp(kuser, luser) == 0)) {
+            retbool = TRUE;
+        }
 
-	free(kuser);
+        free(kuser);
     }
 
     *ok =retbool;
@@ -208,28 +209,28 @@ krb5_error_code k5login_lookup (fp, princname, found)
 
     retval = get_line(fp, &line);
     if (retval)
-	return retval;
+        return retval;
 
     while (line){
-	fprinc = get_first_token (line, &lp);
-
-	if (fprinc && (!strcmp(princname, fprinc))){
-	    if( get_next_token (&lp) ){
-		free (line);
-		break;  /* nothing should follow princname*/
-	    }
-	    else{
-		loc_found = TRUE;
-		free (line);
-		break;
-	    }
-	}
-
-	free (line);
-
-	retval = get_line(fp, &line);
-	if (retval)
-	    return retval;
+        fprinc = get_first_token (line, &lp);
+
+        if (fprinc && (!strcmp(princname, fprinc))){
+            if( get_next_token (&lp) ){
+                free (line);
+                break;  /* nothing should follow princname*/
+            }
+            else{
+                loc_found = TRUE;
+                free (line);
+                break;
+            }
+        }
+
+        free (line);
+
+        retval = get_line(fp, &line);
+        if (retval)
+            return retval;
     }
 
 
@@ -248,10 +249,10 @@ authorization alg:
 if princname is not found return false.
 
 if princname is found{
-	 if cmd == NULL then the file entry after principal
-			name must be nothing or *
+         if cmd == NULL then the file entry after principal
+                        name must be nothing or *
 
-	 if cmd !=NULL  then entry must be matched (* is ok)
+         if cmd !=NULL  then entry must be matched (* is ok)
 }
 
 
@@ -272,62 +273,62 @@ krb5_error_code k5users_lookup (fp, princname, cmd, found, out_fcmd)
 
     retval = get_line(fp, &line);
     if (retval)
-	return retval;
+        return retval;
 
     while (line){
-	fprinc = get_first_token (line, &lp);
-
-	if (fprinc && (!strcmp(princname, fprinc))){
-	    fcmd = get_next_token (&lp);
-
-	    if ((fcmd) && (!strcmp(fcmd, PERMIT_ALL_COMMANDS))){
-		if (get_next_token(&lp) == NULL){
-		    loc_fcmd =cmd ? xstrdup(cmd): NULL;
-		    loc_found = TRUE;
-		}
-		free (line);
-		break;
-	    }
-
-	    if (cmd == NULL){
-		if (fcmd == NULL)
-		    loc_found = TRUE;
-		free (line);
-		break;
-
-	    }else{
-		if (fcmd != NULL) {
-		    char * temp_rfcmd, *err;
-		    krb5_boolean match;
-		    do {
-			if(match_commands(fcmd,cmd,&match,
-					  &temp_rfcmd, &err)){
-			    if (auth_debug){
-				fprintf(stderr,"%s",err);
-			    }
-			    loc_fcmd = err;
-			    break;
-			}else{
-			    if (match == TRUE){
-				loc_fcmd = temp_rfcmd;
-				loc_found = TRUE;
-				break;
-			    }
-			}
-
-		    }while ((fcmd = get_next_token( &lp)));
-		}
-		free (line);
-		break;
-	    }
-	}
-
-	free (line);
-
-	retval = get_line(fp, &line);
-	if (retval) { 
-	    return retval;
-	}
+        fprinc = get_first_token (line, &lp);
+
+        if (fprinc && (!strcmp(princname, fprinc))){
+            fcmd = get_next_token (&lp);
+
+            if ((fcmd) && (!strcmp(fcmd, PERMIT_ALL_COMMANDS))){
+                if (get_next_token(&lp) == NULL){
+                    loc_fcmd =cmd ? xstrdup(cmd): NULL;
+                    loc_found = TRUE;
+                }
+                free (line);
+                break;
+            }
+
+            if (cmd == NULL){
+                if (fcmd == NULL)
+                    loc_found = TRUE;
+                free (line);
+                break;
+
+            }else{
+                if (fcmd != NULL) {
+                    char * temp_rfcmd, *err;
+                    krb5_boolean match;
+                    do {
+                        if(match_commands(fcmd,cmd,&match,
+                                          &temp_rfcmd, &err)){
+                            if (auth_debug){
+                                fprintf(stderr,"%s",err);
+                            }
+                            loc_fcmd = err;
+                            break;
+                        }else{
+                            if (match == TRUE){
+                                loc_fcmd = temp_rfcmd;
+                                loc_found = TRUE;
+                                break;
+                            }
+                        }
+
+                    }while ((fcmd = get_next_token( &lp)));
+                }
+                free (line);
+                break;
+            }
+        }
+
+        free (line);
+
+        retval = get_line(fp, &line);
+        if (retval) {
+            return retval;
+        }
     }
 
     *out_fcmd = loc_fcmd;
@@ -358,54 +359,54 @@ krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err)
     tmp_fcmd = (char **) xcalloc (MAX_CMD, sizeof(char *));
 
     if (*fcmd == '/'){  /* must be full path */
-	tmp_fcmd[0] = xstrdup(fcmd);
-	tmp_fcmd[1] = NULL;
-	*out_fcmd = tmp_fcmd;
-	return TRUE;
+        tmp_fcmd[0] = xstrdup(fcmd);
+        tmp_fcmd[1] = NULL;
+        *out_fcmd = tmp_fcmd;
+        return TRUE;
     }else{
-	/* must be either full path or just the cmd name */
-	if (strchr(fcmd, '/')){
-	    asprintf(&err,"Error: bad entry - %s in %s file, must be either full path or just the cmd name\n", fcmd, KRB5_USERS_NAME);
-	    *out_err = err;
-	    return FALSE;
-	}
+        /* must be either full path or just the cmd name */
+        if (strchr(fcmd, '/')){
+            asprintf(&err,"Error: bad entry - %s in %s file, must be either full path or just the cmd name\n", fcmd, KRB5_USERS_NAME);
+            *out_err = err;
+            return FALSE;
+        }
 
 #ifndef CMD_PATH
-	asprintf(&err,"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH must be defined \n", fcmd, KRB5_USERS_NAME, fcmd);
-	*out_err = err;
-	return FALSE;
+        asprintf(&err,"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH must be defined \n", fcmd, KRB5_USERS_NAME, fcmd);
+        *out_err = err;
+        return FALSE;
 #else
 
-	path = xstrdup (CMD_PATH);
-	path_ptr = path;
+        path = xstrdup (CMD_PATH);
+        path_ptr = path;
 
-	while ((*path_ptr == ' ') || (*path_ptr == '\t')) path_ptr ++;
+        while ((*path_ptr == ' ') || (*path_ptr == '\t')) path_ptr ++;
 
-	tc = get_first_token (path_ptr, &lp);
+        tc = get_first_token (path_ptr, &lp);
 
-	if (! tc){
-	    asprintf(&err,"Error: bad entry - %s in %s file, CMD_PATH contains no paths \n",  fcmd, KRB5_USERS_NAME);
-	    *out_err = err;
-	    return FALSE;
-	}
+        if (! tc){
+            asprintf(&err,"Error: bad entry - %s in %s file, CMD_PATH contains no paths \n",  fcmd, KRB5_USERS_NAME);
+            *out_err = err;
+            return FALSE;
+        }
 
-	i=0;
-	do{
-	    if (*tc != '/'){  /* must be full path */
-		asprintf(&err,"Error: bad path %s in CMD_PATH for %s must start with '/' \n",tc, KRB5_USERS_NAME );
-		*out_err = err;
-		return FALSE;
-	    }
+        i=0;
+        do{
+            if (*tc != '/'){  /* must be full path */
+                asprintf(&err,"Error: bad path %s in CMD_PATH for %s must start with '/' \n",tc, KRB5_USERS_NAME );
+                *out_err = err;
+                return FALSE;
+            }
 
-	    tmp_fcmd[i] = xasprintf("%s/%s", tc, fcmd);
+            tmp_fcmd[i] = xasprintf("%s/%s", tc, fcmd);
 
-	    i++;
+            i++;
 
-	} while((tc = get_next_token (&lp)));
+        } while((tc = get_next_token (&lp)));
 
-	tmp_fcmd[i] = NULL;
-	*out_fcmd = tmp_fcmd;
-	return TRUE;
+        tmp_fcmd[i] = NULL;
+        *out_fcmd = tmp_fcmd;
+        return TRUE;
 
 #endif /* CMD_PATH */
     }
@@ -413,7 +414,7 @@ krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err)
 
 /********************************************
 cmd_single - checks if cmd consists of a path
-	     or a single token
+             or a single token
 
 ********************************************/
 
@@ -422,9 +423,9 @@ krb5_boolean cmd_single(cmd)
 {
 
     if ( ( strrchr( cmd, '/')) ==  NULL){
-	return TRUE;
+        return TRUE;
     }else{
-	return FALSE;
+        return FALSE;
     }
 }
 
@@ -443,17 +444,17 @@ int cmd_arr_cmp_postfix(fcmd_arr, cmd)
     int i = 0;
 
     while(fcmd_arr[i]){
-	if ( (ptr = strrchr( fcmd_arr[i], '/')) ==  NULL){
-	    temp_fcmd = fcmd_arr[i];
-	}else {
-	    temp_fcmd = ptr + 1;
-	}
-
-	result = strcmp (temp_fcmd, cmd);
-	if (result == 0){
-	    break;
-	}
-	i++;
+        if ( (ptr = strrchr( fcmd_arr[i], '/')) ==  NULL){
+            temp_fcmd = fcmd_arr[i];
+        }else {
+            temp_fcmd = ptr + 1;
+        }
+
+        result = strcmp (temp_fcmd, cmd);
+        if (result == 0){
+            break;
+        }
+        i++;
     }
 
     return result;
@@ -475,11 +476,11 @@ int cmd_arr_cmp (fcmd_arr, cmd)
     int i = 0;
 
     while(fcmd_arr[i]){
-	result = strcmp (fcmd_arr[i], cmd);
-	if (result == 0){
-	    break;
-	}
-	i++;
+        result = strcmp (fcmd_arr[i], cmd);
+        if (result == 0){
+            break;
+        }
+        i++;
     }
     return result;
 }
@@ -497,25 +498,25 @@ krb5_boolean find_first_cmd_that_exists(fcmd_arr, cmd_out, err_out)
     struct k5buf buf;
 
     while(fcmd_arr[i]){
-	if (!stat (fcmd_arr[i], &st_temp )){
-	    *cmd_out = xstrdup(fcmd_arr[i]);
-	    retbool = TRUE;
-	    break;
-	}
-	i++;
+        if (!stat (fcmd_arr[i], &st_temp )){
+            *cmd_out = xstrdup(fcmd_arr[i]);
+            retbool = TRUE;
+            break;
+        }
+        i++;
     }
 
     if (retbool == FALSE ){
-	krb5int_buf_init_dynamic(&buf);
-	krb5int_buf_add(&buf, "Error: not found -> ");
-	for(j= 0; j < i; j ++)
-	    krb5int_buf_add_fmt(&buf, " %s ", fcmd_arr[j]);
-	krb5int_buf_add(&buf, "\n");
-	*err_out = krb5int_buf_data(&buf);
-	if (*err_out == NULL) {
-	    perror(prog_name);
-	    exit(1);
-	}
+        krb5int_buf_init_dynamic(&buf);
+        krb5int_buf_add(&buf, "Error: not found -> ");
+        for(j= 0; j < i; j ++)
+            krb5int_buf_add_fmt(&buf, " %s ", fcmd_arr[j]);
+        krb5int_buf_add(&buf, "\n");
+        *err_out = krb5int_buf_data(&buf);
+        if (*err_out == NULL) {
+            perror(prog_name);
+            exit(1);
+        }
     }
 
 
@@ -539,45 +540,45 @@ int match_commands (fcmd, cmd, match, cmd_out, err_out)
     char * cmd_temp;
 
     if(fcmd_resolve(fcmd, &fcmd_arr, &err )== FALSE ){
-	*err_out = err;
-	return 1;
+        *err_out = err;
+        return 1;
     }
 
     if (cmd_single( cmd ) == TRUE){
-	if (!cmd_arr_cmp_postfix(fcmd_arr, cmd)){ /* found */
-
-	    if(find_first_cmd_that_exists( fcmd_arr,&cmd_temp,&err)== TRUE){
-		*match = TRUE;
-		*cmd_out = cmd_temp;
-		return 0;
-	    }else{
-		*err_out = err;
-		return 1;
-	    }
-	}else{
-	    *match = FALSE;
-	    return 0;
-	}
+        if (!cmd_arr_cmp_postfix(fcmd_arr, cmd)){ /* found */
+
+            if(find_first_cmd_that_exists( fcmd_arr,&cmd_temp,&err)== TRUE){
+                *match = TRUE;
+                *cmd_out = cmd_temp;
+                return 0;
+            }else{
+                *err_out = err;
+                return 1;
+            }
+        }else{
+            *match = FALSE;
+            return 0;
+        }
     }else{
-	if (!cmd_arr_cmp(fcmd_arr, cmd)){  /* found */
-	    *match = TRUE;
-	    *cmd_out = xstrdup(cmd);
-	    return 0;
-	} else{
-	    *match = FALSE;
-	    return 0;
-	}
+        if (!cmd_arr_cmp(fcmd_arr, cmd)){  /* found */
+            *match = TRUE;
+            *cmd_out = xstrdup(cmd);
+            return 0;
+        } else{
+            *match = FALSE;
+            return 0;
+        }
     }
 
 }
 
 /*********************************************************
    get_line - returns a line of any length.  out_line
-	      is set to null if eof.
+              is set to null if eof.
 *********************************************************/
 
 krb5_error_code get_line (fp, out_line)
-    /* IN */
+/* IN */
     FILE *fp;
     /* OUT */
     char **out_line;
@@ -590,27 +591,27 @@ krb5_error_code get_line (fp, out_line)
     line[0] = '\0';
 
     while (( r = fgets(line_ptr, BUFSIZ , fp)) != NULL){
-	newline = strchr(line_ptr, '\n');
-	if (newline) {
-	    *newline = '\0';
-	    break;
-	}
-	else {
-	    chunk_count ++;
-	    if(!( line = (char *) realloc( line,
-					   chunk_count * sizeof(char) * BUFSIZ))){
-		return  ENOMEM;
-	    }
-
-	    line_ptr = line + (BUFSIZ -1) *( chunk_count -1) ;
-	}
+        newline = strchr(line_ptr, '\n');
+        if (newline) {
+            *newline = '\0';
+            break;
+        }
+        else {
+            chunk_count ++;
+            if(!( line = (char *) realloc( line,
+                                           chunk_count * sizeof(char) * BUFSIZ))){
+                return  ENOMEM;
+            }
+
+            line_ptr = line + (BUFSIZ -1) *( chunk_count -1) ;
+        }
     }
 
     if ((r == NULL) && (strlen(line) == 0)) {
-	*out_line = NULL;
+        *out_line = NULL;
     }
     else{
-	*out_line = line;
+        *out_line = line;
     }
 
     return 0;
@@ -635,20 +636,20 @@ char *  get_first_token (line, lnext)
 
     out_ptr = line;
     lptr = line;
-    
+
     while (( *lptr == ' ') || (*lptr == '\t')) lptr ++;
-    
+
     if (strlen(lptr) == 0) return NULL;
-    
+
     while (( *lptr != ' ') && (*lptr != '\t') && (*lptr != '\0')) lptr ++;
-    
+
     if (*lptr == '\0'){
-	*lnext = lptr;
+        *lnext = lptr;
     } else{
-	*lptr = '\0';
-	*lnext = lptr + 1;
+        *lptr = '\0';
+        *lnext = lptr + 1;
     }
-    
+
     return out_ptr;
 }
 /**********************************************************
@@ -678,10 +679,10 @@ char *  get_next_token (lnext)
     while (( *lptr != ' ') && (*lptr != '\t') && (*lptr != '\0')) lptr ++;
 
     if (*lptr == '\0'){
-	*lnext = lptr;
+        *lnext = lptr;
     } else{
-	*lptr = '\0';
-	*lnext = lptr + 1;
+        *lptr = '\0';
+        *lnext = lptr + 1;
     }
 
     return out_ptr;
@@ -695,9 +696,9 @@ static void auth_cleanup(users_fp, login_fp, princname)
 
     free (princname);
     if (users_fp)
-	fclose(users_fp);
+        fclose(users_fp);
     if (login_fp)
-	fclose(login_fp);
+        fclose(login_fp);
 }
 
 void init_auth_names(pw_dir)
@@ -708,14 +709,14 @@ void init_auth_names(pw_dir)
 
     sep = ((strlen(pw_dir) == 1) && (*pw_dir == '/')) ? "" : "/";
     r1 = snprintf(k5login_path, sizeof(k5login_path), "%s%s%s",
-		  pw_dir, sep, KRB5_LOGIN_NAME);
+                  pw_dir, sep, KRB5_LOGIN_NAME);
     r2 = snprintf(k5users_path, sizeof(k5users_path), "%s%s%s",
-		  pw_dir, sep, KRB5_USERS_NAME);
+                  pw_dir, sep, KRB5_USERS_NAME);
     if (SNPRINTF_OVERFLOW(r1, sizeof(k5login_path)) ||
-	SNPRINTF_OVERFLOW(r2, sizeof(k5users_path))) {
-	fprintf (stderr,
-		 "home directory name `%s' too long, can't search for .k5login\n",
-		 pw_dir);
-	exit (1);
+        SNPRINTF_OVERFLOW(r2, sizeof(k5users_path))) {
+        fprintf (stderr,
+                 "home directory name `%s' too long, can't search for .k5login\n",
+                 pw_dir);
+        exit (1);
     }
 }
diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c
index 8ed5fb185..2eafd0934 100644
--- a/src/clients/ksu/ccache.c
+++ b/src/clients/ksu/ccache.c
@@ -1,4 +1,5 @@
-/* 
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
  * Copyright (c) 1994 by the University of Southern California
  *
  * EXPORT OF THIS SOFTWARE from the United States of America may
@@ -10,7 +11,7 @@
  *     this software and its documentation in source and binary forms is
  *     hereby granted, provided that any documentation or other materials
  *     related to such distribution or use acknowledge that the software
- *     was developed by the University of Southern California. 
+ *     was developed by the University of Southern California.
  *
  * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
  *     University of Southern California MAKES NO REPRESENTATIONS OR
@@ -25,7 +26,7 @@
  * KSU was writen by:  Ari Medvinsky, ari@isi.edu
  */
 
-#include "ksu.h" 
+#include "ksu.h"
 #include "adm_proto.h"
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -34,95 +35,95 @@
 krb5_cache_copy
 
 gets rid of any expired tickets in the secondary cache,
-copies the default cache into the secondary cache, 
+copies the default cache into the secondary cache,
 
 ************************************************************************/
 
 void show_credential();
 
 /* modifies only the cc_other, the algorithm may look a bit funny,
-   but I had to do it this way, since remove function did not come 
-   with k5 beta 3 release.                                          
+   but I had to do it this way, since remove function did not come
+   with k5 beta 3 release.
 */
 
-krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag, 
-				  primary_principal, cc_out, stored, target_uid)
-    /* IN */
+krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag,
+                                  primary_principal, cc_out, stored, target_uid)
+/* IN */
     krb5_context context;
     krb5_ccache cc_def;
     char *cc_other_tag;
     krb5_principal primary_principal;
-uid_t target_uid;
+    uid_t target_uid;
     /* OUT */
     krb5_ccache *cc_out;
     krb5_boolean *stored;
 {
-int i=0; 
-krb5_ccache  * cc_other;
-const char * cc_def_name;
-const char * cc_other_name; 
-krb5_error_code retval=0;
-krb5_creds ** cc_def_creds_arr = NULL;
-krb5_creds ** cc_other_creds_arr = NULL;
-struct stat st_temp;
+    int i=0;
+    krb5_ccache  * cc_other;
+    const char * cc_def_name;
+    const char * cc_other_name;
+    krb5_error_code retval=0;
+    krb5_creds ** cc_def_creds_arr = NULL;
+    krb5_creds ** cc_other_creds_arr = NULL;
+    struct stat st_temp;
 
-    cc_other = (krb5_ccache *)  xcalloc(1, sizeof (krb5_ccache));  	
+    cc_other = (krb5_ccache *)  xcalloc(1, sizeof (krb5_ccache));
 
     if ((retval = krb5_cc_resolve(context, cc_other_tag, cc_other))){
-               com_err (prog_name, retval, "resolving ccache %s",
-                        cc_other_tag);
-		return retval;
+        com_err (prog_name, retval, "resolving ccache %s",
+                 cc_other_tag);
+        return retval;
     }
 
-    cc_def_name = krb5_cc_get_name(context, cc_def);    
-    cc_other_name = krb5_cc_get_name(context, *cc_other);    
+    cc_def_name = krb5_cc_get_name(context, cc_def);
+    cc_other_name = krb5_cc_get_name(context, *cc_other);
 
     if ( ! stat(cc_def_name, &st_temp)){
-	if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
-		return retval;
-	}
+        if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
+            return retval;
+        }
     }
 
     *stored = krb5_find_princ_in_cred_list(context, cc_def_creds_arr,
-					   primary_principal);
+                                           primary_principal);
 
 #ifdef HAVE_LSTAT
     if (!lstat( cc_other_name, &st_temp))
 #else /*HAVE_LSTAT*/
-    if (!stat( cc_other_name, &st_temp))
+        if (!stat( cc_other_name, &st_temp))
 #endif
-      return EINVAL;
-    
-      if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
-	return errno;
-      }
-      
-      
+            return EINVAL;
+
+    if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
+        return errno;
+    }
+
+
     if ((retval = krb5_cc_initialize(context, *cc_other, primary_principal))){
-	return retval; 
+        return retval;
     }
 
-    retval = krb5_store_all_creds(context, * cc_other, cc_def_creds_arr, 
-				  cc_other_creds_arr); 
+    retval = krb5_store_all_creds(context, * cc_other, cc_def_creds_arr,
+                                  cc_other_creds_arr);
 
-    if (cc_def_creds_arr){ 	
- 	   while (cc_def_creds_arr[i]){
-    		krb5_free_creds(context, cc_def_creds_arr[i]);	
-		i++;
-    	   }
-    }	
+    if (cc_def_creds_arr){
+        while (cc_def_creds_arr[i]){
+            krb5_free_creds(context, cc_def_creds_arr[i]);
+            i++;
+        }
+    }
 
     i=0;
 
-    if(cc_other_creds_arr){	
-    	while (cc_other_creds_arr[i]){
-    		krb5_free_creds(context, cc_other_creds_arr[i]);	
-		i++;
-	}
+    if(cc_other_creds_arr){
+        while (cc_other_creds_arr[i]){
+            krb5_free_creds(context, cc_other_creds_arr[i]);
+            i++;
+        }
     }
 
-    *cc_out = *cc_other; 	
-    return retval;	
+    *cc_out = *cc_other;
+    return retval;
 }
 
 
@@ -133,65 +134,65 @@ krb5_error_code krb5_store_all_creds(context, cc, creds_def, creds_other)
     krb5_creds **creds_other;
 {
 
-int i = 0; 
-krb5_error_code retval = 0;  
-krb5_creds ** temp_creds= NULL;   
-
-	
-	if ((creds_def == NULL) && (creds_other == NULL)) 
-		return 0;	
-
-	if ((creds_def == NULL) && (creds_other != NULL)) 
-		temp_creds = creds_other; 		
-
-	if ((creds_def != NULL) && (creds_other == NULL)) 
-		temp_creds = creds_def; 		
-
-
-	if (temp_creds){	
-		while(temp_creds[i]){ 
-			if ((retval= krb5_cc_store_cred(context, cc, 
-							temp_creds[i]))){
-				return retval; 
-			}
-			i++;	
-		}
-	}	
-	else { /* both arrays have elements in them */       
-
-		return  KRB5KRB_ERR_GENERIC;
-
-/************	while(creds_other[i]){ 
-			cmp = FALSE;	
-			j = 0;			
-			while(creds_def[j]){ 
-			   cmp = compare_creds(creds_other[i],creds_def[j]);
-
-			   if( cmp == TRUE) break;    		
-
-			   j++; 	
-			}
-			if (cmp == FALSE){
-				if (retval= krb5_cc_store_cred(context, cc,
-							 creds_other[i])){
-						return retval; 
-				}
-			}
-			i ++;
-		}
-
-		i=0;	
-		while(creds_def[i]){ 
-			if (retval= krb5_cc_store_cred(context, cc, 
-						       creds_def[i])){
-				return retval; 
-			}
-			i++;	
-		}
+    int i = 0;
+    krb5_error_code retval = 0;
+    krb5_creds ** temp_creds= NULL;
+
+
+    if ((creds_def == NULL) && (creds_other == NULL))
+        return 0;
+
+    if ((creds_def == NULL) && (creds_other != NULL))
+        temp_creds = creds_other;
+
+    if ((creds_def != NULL) && (creds_other == NULL))
+        temp_creds = creds_def;
+
+
+    if (temp_creds){
+        while(temp_creds[i]){
+            if ((retval= krb5_cc_store_cred(context, cc,
+                                            temp_creds[i]))){
+                return retval;
+            }
+            i++;
+        }
+    }
+    else { /* both arrays have elements in them */
+
+        return  KRB5KRB_ERR_GENERIC;
+
+/************   while(creds_other[i]){
+                        cmp = FALSE;
+                        j = 0;
+                        while(creds_def[j]){
+                           cmp = compare_creds(creds_other[i],creds_def[j]);
+
+                           if( cmp == TRUE) break;
+
+                           j++;
+                        }
+                        if (cmp == FALSE){
+                                if (retval= krb5_cc_store_cred(context, cc,
+                                                         creds_other[i])){
+                                                return retval;
+                                }
+                        }
+                        i ++;
+                }
+
+                i=0;
+                while(creds_def[i]){
+                        if (retval= krb5_cc_store_cred(context, cc,
+                                                       creds_def[i])){
+                                return retval;
+                        }
+                        i++;
+                }
 
 **************/
-	}
-	return 0;
+    }
+    return 0;
 }
 
 krb5_boolean compare_creds(context, cred1, cred2)
@@ -199,86 +200,86 @@ krb5_boolean compare_creds(context, cred1, cred2)
     krb5_creds *cred1;
     krb5_creds *cred2;
 {
-krb5_boolean retval; 
+    krb5_boolean retval;
 
-	retval = krb5_principal_compare (context, cred1->client, cred2->client);
+    retval = krb5_principal_compare (context, cred1->client, cred2->client);
 
-	if (retval == TRUE) 
-		retval = krb5_principal_compare (context, cred1->server, 							 cred2->server);
+    if (retval == TRUE)
+        retval = krb5_principal_compare (context, cred1->server,                                                         cred2->server);
 
-	return retval;
+    return retval;
 }
 
 
 
- 
+
 krb5_error_code krb5_get_nonexp_tkts(context, cc, creds_array)
     krb5_context context;
     krb5_ccache cc;
     krb5_creds ***creds_array;
 {
 
-krb5_creds creds, temp_tktq, temp_tkt;
-krb5_creds **temp_creds; 
-krb5_error_code retval=0;
-krb5_cc_cursor cur; 
-int count = 0;
-int chunk_count = 1; 
-	
-  if ( ! ( temp_creds = (krb5_creds **) malloc( CHUNK * sizeof(krb5_creds *)))){
-                return ENOMEM;
-        }
+    krb5_creds creds, temp_tktq, temp_tkt;
+    krb5_creds **temp_creds;
+    krb5_error_code retval=0;
+    krb5_cc_cursor cur;
+    int count = 0;
+    int chunk_count = 1;
+
+    if ( ! ( temp_creds = (krb5_creds **) malloc( CHUNK * sizeof(krb5_creds *)))){
+        return ENOMEM;
+    }
 
 
-   memset(&temp_tktq, 0, sizeof(temp_tktq));
-   memset(&temp_tkt, 0, sizeof(temp_tkt));
-   memset(&creds, 0, sizeof(creds));
+    memset(&temp_tktq, 0, sizeof(temp_tktq));
+    memset(&temp_tkt, 0, sizeof(temp_tkt));
+    memset(&creds, 0, sizeof(creds));
 
-	/* initialize the cursor */    	
+    /* initialize the cursor */
     if ((retval = krb5_cc_start_seq_get(context, cc, &cur))) {
-	return retval; 
+        return retval;
     }
 
     while (!(retval = krb5_cc_next_cred(context, cc, &cur, &creds))){
 
-	if ((retval = krb5_check_exp(context, creds.times))){
-		if (retval != KRB5KRB_AP_ERR_TKT_EXPIRED){ 
-			return retval;
-		} 
-		if (auth_debug){ 
-			fprintf(stderr,"krb5_ccache_copy: CREDS EXPIRED:\n");  
-			fputs("  Valid starting		Expires		Service principal\n",stdout);
-			show_credential(context, &creds, cc); 
-			fprintf(stderr,"\n");  
-		}
-	}
-	else {   /* these credentials didn't expire */      
-	
-			if ((retval = krb5_copy_creds(context, &creds, 
-						      &temp_creds[count]))){
-			return retval;				
-		}
-		count ++;
-
-	 	if (count == (chunk_count * CHUNK -1)){
-               		  chunk_count ++;
-                	 if (!(temp_creds = (krb5_creds **) realloc(temp_creds,
-                       	       chunk_count * CHUNK * sizeof(krb5_creds *)))){
-                       	       return ENOMEM;
-                 	}
-         	}
-	}
-		
-    }
-
-    temp_creds[count] = NULL;	
-    *creds_array   = temp_creds; 	
+        if ((retval = krb5_check_exp(context, creds.times))){
+            if (retval != KRB5KRB_AP_ERR_TKT_EXPIRED){
+                return retval;
+            }
+            if (auth_debug){
+                fprintf(stderr,"krb5_ccache_copy: CREDS EXPIRED:\n");
+                fputs("  Valid starting         Expires         Service principal\n",stdout);
+                show_credential(context, &creds, cc);
+                fprintf(stderr,"\n");
+            }
+        }
+        else {   /* these credentials didn't expire */
+
+            if ((retval = krb5_copy_creds(context, &creds,
+                                          &temp_creds[count]))){
+                return retval;
+            }
+            count ++;
+
+            if (count == (chunk_count * CHUNK -1)){
+                chunk_count ++;
+                if (!(temp_creds = (krb5_creds **) realloc(temp_creds,
+                                                           chunk_count * CHUNK * sizeof(krb5_creds *)))){
+                    return ENOMEM;
+                }
+            }
+        }
+
+    }
+
+    temp_creds[count] = NULL;
+    *creds_array   = temp_creds;
 
     if (retval == KRB5_CC_END) {
-		retval = krb5_cc_end_seq_get(context, cc, &cur);
-    }	
+        retval = krb5_cc_end_seq_get(context, cc, &cur);
+    }
 
-    return retval;	
+    return retval;
 
 }
 
@@ -287,27 +288,27 @@ krb5_error_code krb5_check_exp(context, tkt_time)
     krb5_context context;
     krb5_ticket_times tkt_time;
 {
-krb5_error_code retval =0;
-krb5_timestamp currenttime;
-
-	if ((retval = krb5_timeofday (context, &currenttime))){ 
-		return retval;		
-	}	
-	if (auth_debug){
-		fprintf(stderr,"krb5_check_exp: the krb5_clockskew is %d \n",
-			context->clockskew);
-
-		fprintf(stderr,"krb5_check_exp: currenttime - endtime %d \n",
-	(currenttime - tkt_time.endtime )); 
-		
-	}
-
-	if (currenttime - tkt_time.endtime > context->clockskew){ 
-		retval = KRB5KRB_AP_ERR_TKT_EXPIRED ;
-		return retval;
-	}
-
-	return 0;
+    krb5_error_code retval =0;
+    krb5_timestamp currenttime;
+
+    if ((retval = krb5_timeofday (context, &currenttime))){
+        return retval;
+    }
+    if (auth_debug){
+        fprintf(stderr,"krb5_check_exp: the krb5_clockskew is %d \n",
+                context->clockskew);
+
+        fprintf(stderr,"krb5_check_exp: currenttime - endtime %d \n",
+                (currenttime - tkt_time.endtime ));
+
+    }
+
+    if (currenttime - tkt_time.endtime > context->clockskew){
+        retval = KRB5KRB_AP_ERR_TKT_EXPIRED ;
+        return retval;
+    }
+
+    return 0;
 }
 
 
@@ -316,7 +317,7 @@ char *flags_string(cred)
 {
     static char buf[32];
     int i = 0;
-	
+
     if (cred->ticket_flags & TKT_FLG_FORWARDABLE)
         buf[i++] = 'F';
     if (cred->ticket_flags & TKT_FLG_FORWARDED)
@@ -355,10 +356,10 @@ void printtime(tv)
     tstamp = tv;
     fill = ' ';
     if (!krb5_timestamp_to_sfstring(tstamp,
-				    fmtbuf,
-				    sizeof(fmtbuf),
-				    &fill))
-	printf(fmtbuf);
+                                    fmtbuf,
+                                    sizeof(fmtbuf),
+                                    &fill))
+        printf(fmtbuf);
 }
 
 
@@ -376,39 +377,39 @@ krb5_get_login_princ(luser, princ_list)
     int gobble, result;
     char ** buf_out;
     struct stat st_temp;
-    int count = 0, chunk_count = 1; 
+    int count = 0, chunk_count = 1;
 
     /* no account => no access */
 
     if ((pwd = getpwnam(luser)) == NULL) {
-	return 0;
+        return 0;
     }
     result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir);
     if (SNPRINTF_OVERFLOW(result, sizeof(pbuf))) {
-	fprintf (stderr, "home directory path for %s too long\n", luser);
-	exit (1);
+        fprintf (stderr, "home directory path for %s too long\n", luser);
+        exit (1);
     }
 
-    if (stat(pbuf, &st_temp)) {	 /* not accessible */
-	return 0;
+    if (stat(pbuf, &st_temp)) {  /* not accessible */
+        return 0;
     }
 
 
     /* open ~/.k5login */
     if ((fp = fopen(pbuf, "r")) == NULL) {
-	return 0;
+        return 0;
     }
     /*
      * For security reasons, the .k5login file must be owned either by
      * the user himself, or by root.  Otherwise, don't grant access.
      */
     if (fstat(fileno(fp), &sbuf)) {
-	fclose(fp);
-	return 0;
+        fclose(fp);
+        return 0;
     }
     if ((sbuf.st_uid != pwd->pw_uid) && sbuf.st_uid) {
-	fclose(fp);
-	return 0;
+        fclose(fp);
+        return 0;
     }
 
     /* check each line */
@@ -419,33 +420,33 @@ krb5_get_login_princ(luser, princ_list)
     if (!(buf_out = (char **) malloc( CHUNK * sizeof(char *)))) return ENOMEM;
 
     while ( fgets(linebuf, BUFSIZ, fp) != NULL) {
-	/* null-terminate the input string */
-	linebuf[BUFSIZ-1] = '\0';
-	newline = NULL;
-	/* nuke the newline if it exists */
-	if ((newline = strchr(linebuf, '\n')))
-	    *newline = '\0';
-
-	buf_out[count] = linebuf;
+        /* null-terminate the input string */
+        linebuf[BUFSIZ-1] = '\0';
+        newline = NULL;
+        /* nuke the newline if it exists */
+        if ((newline = strchr(linebuf, '\n')))
+            *newline = '\0';
+
+        buf_out[count] = linebuf;
         count ++;
 
         if (count == (chunk_count * CHUNK -1)){
             chunk_count ++;
             if (!(buf_out = (char **) realloc(buf_out,
-                            chunk_count * CHUNK * sizeof(char *)))){
-                            return ENOMEM;
+                                              chunk_count * CHUNK * sizeof(char *)))){
+                return ENOMEM;
             }
         }
 
-	/* clean up the rest of the line if necessary */
-	if (!newline)
-	    while (((gobble = getc(fp)) != EOF) && gobble != '\n');
+        /* clean up the rest of the line if necessary */
+        if (!newline)
+            while (((gobble = getc(fp)) != EOF) && gobble != '\n');
 
-    	if( !(linebuf = (char *) calloc (BUFSIZ, sizeof(char)))) return ENOMEM;
+        if( !(linebuf = (char *) calloc (BUFSIZ, sizeof(char)))) return ENOMEM;
     }
 
     buf_out[count] = NULL;
-    *princ_list = buf_out; 	
+    *princ_list = buf_out;
     fclose(fp);
     return 0;
 }
@@ -460,34 +461,34 @@ show_credential(context, cred, cc)
 {
     krb5_error_code retval;
     char *name, *sname, *flags;
-    int	first = 1;
+    int first = 1;
     krb5_principal princ;
-    char * defname;	
+    char * defname;
     int show_flags =1;
 
     retval = krb5_unparse_name(context, cred->client, &name);
     if (retval) {
-	com_err(prog_name, retval, "while unparsing client name");
-	return;
+        com_err(prog_name, retval, "while unparsing client name");
+        return;
     }
     retval = krb5_unparse_name(context, cred->server, &sname);
     if (retval) {
-	com_err(prog_name, retval, "while unparsing server name");
-	free(name);
-	return;
+        com_err(prog_name, retval, "while unparsing server name");
+        free(name);
+        return;
     }
 
     if ((retval = krb5_cc_get_principal(context, cc, &princ))) {
         com_err(prog_name, retval, "while retrieving principal name");
-	return;
+        return;
     }
     if ((retval = krb5_unparse_name(context, princ, &defname))) {
         com_err(prog_name, retval, "while unparsing principal name");
-	return;
-    }	
+        return;
+    }
 
     if (!cred->times.starttime)
-	cred->times.starttime = cred->times.authtime;
+        cred->times.starttime = cred->times.authtime;
 
     printtime(cred->times.starttime);
     putchar(' '); putchar(' ');
@@ -497,27 +498,27 @@ show_credential(context, cred, cc)
     printf("%s\n", sname);
 
     if (strcmp(name, defname)) {
-	    printf("\tfor client %s", name);
-	    first = 0;
+        printf("\tfor client %s", name);
+        first = 0;
     }
-    
+
     if (cred->times.renew_till) {
-	if (first)
-		fputs("\t",stdout);
-	else
-		fputs(", ",stdout);
-	fputs("renew until ", stdout);
+        if (first)
+            fputs("\t",stdout);
+        else
+            fputs(", ",stdout);
+        fputs("renew until ", stdout);
         printtime(cred->times.renew_till);
     }
     if (show_flags) {
-	flags = flags_string(cred);
-	if (flags && *flags) {
-	    if (first)
-		fputs("\t",stdout);
-	    else
-		fputs(", ",stdout);
-	    printf("Flags: %s", flags);
-	    first = 0;
+        flags = flags_string(cred);
+        if (flags && *flags) {
+            if (first)
+                fputs("\t",stdout);
+            else
+                fputs(", ",stdout);
+            printf("Flags: %s", flags);
+            first = 0;
         }
     }
     putchar('\n');
@@ -526,9 +527,9 @@ show_credential(context, cred, cc)
 }
 
 int gen_sym(){
-	static int i = 0; 
-	i ++;
-	return i;
+    static int i = 0;
+    i ++;
+    return i;
 }
 
 krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal)
@@ -537,49 +538,49 @@ krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal)
     krb5_ccache cct;
     krb5_principal primary_principal;
 {
-const char * cct_name;
-const char * ccs_name; 
-krb5_error_code retval=0;
-krb5_principal temp_principal;
-krb5_creds ** ccs_creds_arr = NULL;
-int i=0; 
-struct stat st_temp;
+    const char * cct_name;
+    const char * ccs_name;
+    krb5_error_code retval=0;
+    krb5_principal temp_principal;
+    krb5_creds ** ccs_creds_arr = NULL;
+    int i=0;
+    struct stat st_temp;
 
-    ccs_name = krb5_cc_get_name(context, ccs);    
-    cct_name = krb5_cc_get_name(context, cct);    
+    ccs_name = krb5_cc_get_name(context, ccs);
+    cct_name = krb5_cc_get_name(context, cct);
 
     if ( ! stat(ccs_name, &st_temp)){
-	if ((retval = krb5_get_nonexp_tkts(context,  ccs, &ccs_creds_arr))){
-		return retval;
-	}
-    }	
+        if ((retval = krb5_get_nonexp_tkts(context,  ccs, &ccs_creds_arr))){
+            return retval;
+        }
+    }
 
     if ( ! stat(cct_name, &st_temp)){
-	if ((retval = krb5_cc_get_principal(context, cct, &temp_principal))){ 
-		return retval;
-	}
+        if ((retval = krb5_cc_get_principal(context, cct, &temp_principal))){
+            return retval;
+        }
     }else{
-	temp_principal = primary_principal; 
+        temp_principal = primary_principal;
     }
 
     if ((retval = krb5_cc_initialize(context, cct, temp_principal))){
-	return retval; 
+        return retval;
     }
 
-    retval = krb5_store_all_creds(context, cct, ccs_creds_arr, NULL); 
+    retval = krb5_store_all_creds(context, cct, ccs_creds_arr, NULL);
 
-    if (ccs_creds_arr){ 	
- 	   while (ccs_creds_arr[i]){
-    		krb5_free_creds(context, ccs_creds_arr[i]);	
-		i++;
-    	   }
-    }	
+    if (ccs_creds_arr){
+        while (ccs_creds_arr[i]){
+            krb5_free_creds(context, ccs_creds_arr[i]);
+            i++;
+        }
+    }
 
-    return retval;	
+    return retval;
 }
 
 krb5_error_code krb5_store_some_creds(context, cc, creds_def, creds_other, prst,
-				      stored)
+                                      stored)
     krb5_context context;
     krb5_ccache cc;
     krb5_creds **creds_def;
@@ -588,231 +589,231 @@ krb5_error_code krb5_store_some_creds(context, cc, creds_def, creds_other, prst,
     krb5_boolean *stored;
 {
 
-int i = 0; 
-krb5_error_code retval = 0;  
-krb5_creds ** temp_creds= NULL;   
-krb5_boolean temp_stored = FALSE; 
+    int i = 0;
+    krb5_error_code retval = 0;
+    krb5_creds ** temp_creds= NULL;
+    krb5_boolean temp_stored = FALSE;
 
-	
-	if ((creds_def == NULL) && (creds_other == NULL)) 
-		return 0;	
 
-	if ((creds_def == NULL) && (creds_other != NULL)) 
-		temp_creds = creds_other; 		
+    if ((creds_def == NULL) && (creds_other == NULL))
+        return 0;
 
-	if ((creds_def != NULL) && (creds_other == NULL)) 
-		temp_creds = creds_def; 		
+    if ((creds_def == NULL) && (creds_other != NULL))
+        temp_creds = creds_other;
 
+    if ((creds_def != NULL) && (creds_other == NULL))
+        temp_creds = creds_def;
 
-	if (temp_creds){	
-		while(temp_creds[i]){ 
-			if (krb5_principal_compare(context, 
-						   temp_creds[i]->client,
-						   prst)== TRUE) {
 
-				if ((retval = krb5_cc_store_cred(context, 
-							cc,temp_creds[i]))){
-					return retval; 
-				}
-				temp_stored = TRUE;
-			}
+    if (temp_creds){
+        while(temp_creds[i]){
+            if (krb5_principal_compare(context,
+                                       temp_creds[i]->client,
+                                       prst)== TRUE) {
 
-			i++;	
-		}
-	}	
-	else { /* both arrays have elements in them */       
-		return KRB5KRB_ERR_GENERIC;
-	}
+                if ((retval = krb5_cc_store_cred(context,
+                                                 cc,temp_creds[i]))){
+                    return retval;
+                }
+                temp_stored = TRUE;
+            }
 
-*stored = temp_stored;
-return 0;
+            i++;
+        }
+    }
+    else { /* both arrays have elements in them */
+        return KRB5KRB_ERR_GENERIC;
+    }
+
+    *stored = temp_stored;
+    return 0;
 }
 /******************************************************************
 krb5_cache_copy_restricted
 
 gets rid of any expired tickets in the secondary cache,
-copies the default cache into the secondary cache,  
-only credentials that are for prst are copied.            
+copies the default cache into the secondary cache,
+only credentials that are for prst are copied.
 
 the algorithm may look a bit funny,
-but I had to do it this way, since cc_remove function did not come 
-with k5 beta 3 release.                                          
+but I had to do it this way, since cc_remove function did not come
+with k5 beta 3 release.
 ************************************************************************/
 
-krb5_error_code krb5_ccache_copy_restricted (context, cc_def, cc_other_tag, 
-					     prst, cc_out, stored, target_uid)
+krb5_error_code krb5_ccache_copy_restricted (context, cc_def, cc_other_tag,
+                                             prst, cc_out, stored, target_uid)
     krb5_context context;
     krb5_ccache cc_def;
     char *cc_other_tag;
     krb5_principal prst;
-uid_t target_uid;
+    uid_t target_uid;
     /* OUT */
     krb5_ccache *cc_out;
     krb5_boolean *stored;
 {
 
-int i=0; 
-krb5_ccache  * cc_other;
-const char * cc_def_name;
-const char * cc_other_name; 
-krb5_error_code retval=0;
-krb5_creds ** cc_def_creds_arr = NULL;
-krb5_creds ** cc_other_creds_arr = NULL;
-struct stat st_temp;
+    int i=0;
+    krb5_ccache  * cc_other;
+    const char * cc_def_name;
+    const char * cc_other_name;
+    krb5_error_code retval=0;
+    krb5_creds ** cc_def_creds_arr = NULL;
+    krb5_creds ** cc_other_creds_arr = NULL;
+    struct stat st_temp;
 
-    cc_other = (krb5_ccache *)  xcalloc(1, sizeof (krb5_ccache));  	
+    cc_other = (krb5_ccache *)  xcalloc(1, sizeof (krb5_ccache));
 
     if ((retval = krb5_cc_resolve(context, cc_other_tag, cc_other))){
-               com_err (prog_name, retval, "resolving ccache %s",
-                        cc_other_tag);
-		return retval;
+        com_err (prog_name, retval, "resolving ccache %s",
+                 cc_other_tag);
+        return retval;
     }
 
-    cc_def_name = krb5_cc_get_name(context, cc_def);    
-    cc_other_name = krb5_cc_get_name(context, *cc_other);    
+    cc_def_name = krb5_cc_get_name(context, cc_def);
+    cc_other_name = krb5_cc_get_name(context, *cc_other);
 
     if ( ! stat(cc_def_name, &st_temp)){
-	if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
-		return retval;
-	}
+        if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
+            return retval;
+        }
 
     }
 
 #ifdef HAVE_LSTAT
     if (!lstat( cc_other_name, &st_temp)) {
 #else /*HAVE_LSTAT*/
-    if (!stat( cc_other_name, &st_temp)) {
+        if (!stat( cc_other_name, &st_temp)) {
 #endif
-      return EINVAL;
-    }
-    
-      if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
-	return errno;
-      }
-      
-    
-    if ((retval = krb5_cc_initialize(context, *cc_other, prst))){
-	return retval; 
-    }
+            return EINVAL;
+        }
 
-    retval = krb5_store_some_creds(context, * cc_other, 
-			cc_def_creds_arr, cc_other_creds_arr, prst, stored); 
+        if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
+            return errno;
+        }
 
 
+        if ((retval = krb5_cc_initialize(context, *cc_other, prst))){
+            return retval;
+        }
 
-    if (cc_def_creds_arr){ 	
- 	   while (cc_def_creds_arr[i]){
-    		krb5_free_creds(context, cc_def_creds_arr[i]);	
-		i++;
-    	   }
-    }	
+        retval = krb5_store_some_creds(context, * cc_other,
+                                       cc_def_creds_arr, cc_other_creds_arr, prst, stored);
 
-    i=0;
 
-    if(cc_other_creds_arr){	
-    	while (cc_other_creds_arr[i]){
-    		krb5_free_creds(context, cc_other_creds_arr[i]);	
-		i++;
-	}
-    }
 
-    *cc_out = *cc_other; 	
-    return retval;	
-}
+        if (cc_def_creds_arr){
+            while (cc_def_creds_arr[i]){
+                krb5_free_creds(context, cc_def_creds_arr[i]);
+                i++;
+            }
+        }
 
-krb5_error_code krb5_ccache_filter (context, cc, prst)
-    krb5_context context;
+        i=0;
+
+        if(cc_other_creds_arr){
+            while (cc_other_creds_arr[i]){
+                krb5_free_creds(context, cc_other_creds_arr[i]);
+                i++;
+            }
+        }
+
+        *cc_out = *cc_other;
+        return retval;
+    }
+
+    krb5_error_code krb5_ccache_filter (context, cc, prst)
+        krb5_context context;
     krb5_ccache cc;
     krb5_principal prst;
-{
+    {
 
-int i=0; 
-krb5_error_code retval=0;
-krb5_principal temp_principal;
-krb5_creds ** cc_creds_arr = NULL;
-const char * cc_name;
-krb5_boolean stored;
-struct stat st_temp;
+        int i=0;
+        krb5_error_code retval=0;
+        krb5_principal temp_principal;
+        krb5_creds ** cc_creds_arr = NULL;
+        const char * cc_name;
+        krb5_boolean stored;
+        struct stat st_temp;
 
-    cc_name = krb5_cc_get_name(context, cc);    
+        cc_name = krb5_cc_get_name(context, cc);
 
-    if ( ! stat(cc_name, &st_temp)){
+        if ( ! stat(cc_name, &st_temp)){
 
-	if (auth_debug) {  
-	      fprintf(stderr,"putting cache %s through a filter for -z option\n", 		      cc_name);
-	}
+            if (auth_debug) {
+                fprintf(stderr,"putting cache %s through a filter for -z option\n",                     cc_name);
+            }
 
-	if ((retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr))){
-		return retval;
-	}
+            if ((retval = krb5_get_nonexp_tkts(context, cc, &cc_creds_arr))){
+                return retval;
+            }
 
-	if ((retval = krb5_cc_get_principal(context, cc, &temp_principal))){ 
-		return retval;
-	}
+            if ((retval = krb5_cc_get_principal(context, cc, &temp_principal))){
+                return retval;
+            }
 
-    	if ((retval = krb5_cc_initialize(context, cc, temp_principal))){
-		return retval; 
-    	}
+            if ((retval = krb5_cc_initialize(context, cc, temp_principal))){
+                return retval;
+            }
 
-	if ((retval = krb5_store_some_creds(context, cc, cc_creds_arr,
-					    NULL, prst, &stored))){ 
-		return retval; 
-    	}
+            if ((retval = krb5_store_some_creds(context, cc, cc_creds_arr,
+                                                NULL, prst, &stored))){
+                return retval;
+            }
 
-   	if (cc_creds_arr){ 	
- 	  	 while (cc_creds_arr[i]){
-    			krb5_free_creds(context, cc_creds_arr[i]);	
-			i++;
-    	   	}
-    	}	
+            if (cc_creds_arr){
+                while (cc_creds_arr[i]){
+                    krb5_free_creds(context, cc_creds_arr[i]);
+                    i++;
+                }
+            }
+        }
+        return 0;
     }
-    return 0;	
-}
 
-krb5_boolean  krb5_find_princ_in_cred_list (context, creds_list, princ)
-    krb5_context context;
+    krb5_boolean  krb5_find_princ_in_cred_list (context, creds_list, princ)
+        krb5_context context;
     krb5_creds **creds_list;
     krb5_principal princ;
-{
+    {
 
-int i = 0; 
-krb5_boolean temp_stored = FALSE; 
+        int i = 0;
+        krb5_boolean temp_stored = FALSE;
 
-	if (creds_list){	
-		while(creds_list[i]){ 
-			if (krb5_principal_compare(context, 
-						   creds_list[i]->client,
-						   princ)== TRUE){
-				temp_stored = TRUE;
-				break;
-			}
+        if (creds_list){
+            while(creds_list[i]){
+                if (krb5_principal_compare(context,
+                                           creds_list[i]->client,
+                                           princ)== TRUE){
+                    temp_stored = TRUE;
+                    break;
+                }
 
-			i++;	
-		}
-	}	
+                i++;
+            }
+        }
 
-return temp_stored;
-}
+        return temp_stored;
+    }
 
-krb5_error_code  krb5_find_princ_in_cache (context, cc, princ, found)
-    krb5_context context;
+    krb5_error_code  krb5_find_princ_in_cache (context, cc, princ, found)
+        krb5_context context;
     krb5_ccache cc;
     krb5_principal princ;
     krb5_boolean *found;
-{
-krb5_error_code retval;
-krb5_creds ** creds_list = NULL;
-const char * cc_name;
-struct stat st_temp;
+    {
+        krb5_error_code retval;
+        krb5_creds ** creds_list = NULL;
+        const char * cc_name;
+        struct stat st_temp;
 
-    cc_name = krb5_cc_get_name(context, cc);    
+        cc_name = krb5_cc_get_name(context, cc);
 
-    if ( ! stat(cc_name, &st_temp)){
-	if ((retval = krb5_get_nonexp_tkts(context, cc, &creds_list))){
-		return retval;
-	}
-    }
+        if ( ! stat(cc_name, &st_temp)){
+            if ((retval = krb5_get_nonexp_tkts(context, cc, &creds_list))){
+                return retval;
+            }
+        }
 
-    *found = krb5_find_princ_in_cred_list(context, creds_list, princ); 
-return 0;
-}
+        *found = krb5_find_princ_in_cred_list(context, creds_list, princ);
+        return 0;
+    }
diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c
index 65d44a39b..c7e691cd6 100644
--- a/src/clients/ksu/heuristic.c
+++ b/src/clients/ksu/heuristic.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 1994 by the University of Southern California
  *
@@ -34,7 +35,7 @@
 
 /*******************************************************************
 get_all_princ_from_file - retrieves all principal names
-			from file pointed to by fp.
+                        from file pointed to by fp.
 
 *******************************************************************/
 static void close_time (int, FILE *, int, FILE *);
@@ -50,33 +51,33 @@ krb5_error_code get_all_princ_from_file (fp, plist)
     int count = 0, chunk_count = 1;
 
     if (!(temp_list = (char **) malloc( CHUNK * sizeof(char *))))
-	return ENOMEM;
+        return ENOMEM;
 
     retval = get_line(fp, &line);
     if (retval)
-	return retval;	
+        return retval;
 
     while (line){
-	fprinc = get_first_token (line, &lp);
-		
-	if (fprinc ){
-	    temp_list[count] = xstrdup(fprinc);
-	    count ++;
-	}
-
-	if(count == (chunk_count * CHUNK -1)){
-	    chunk_count ++;
-	    if (!(temp_list = (char **) realloc(temp_list,
-						chunk_count * CHUNK * sizeof(char *)))){
-		return ENOMEM;
-	    }
-	}
-
-
-	free (line);
-	retval = get_line(fp, &line);
-	if (retval)
-	    return retval;
+        fprinc = get_first_token (line, &lp);
+
+        if (fprinc ){
+            temp_list[count] = xstrdup(fprinc);
+            count ++;
+        }
+
+        if(count == (chunk_count * CHUNK -1)){
+            chunk_count ++;
+            if (!(temp_list = (char **) realloc(temp_list,
+                                                chunk_count * CHUNK * sizeof(char *)))){
+                return ENOMEM;
+            }
+        }
+
+
+        free (line);
+        retval = get_line(fp, &line);
+        if (retval)
+            return retval;
     }
 
     temp_list[count] = NULL;
@@ -87,8 +88,8 @@ krb5_error_code get_all_princ_from_file (fp, plist)
 
 /*************************************************************
 list_union - combines list1 and list2 into combined_list.
-	     the  space for list1 and list2 is either freed
-	     or used by combined_list.
+             the  space for list1 and list2 is either freed
+             or used by combined_list.
 **************************************************************/
 
 krb5_error_code list_union(list1, list2, combined_list)
@@ -100,39 +101,39 @@ krb5_error_code list_union(list1, list2, combined_list)
     unsigned int c1 =0, c2 = 0, i=0, j=0;
     char ** tlist;
 
-    if (! list1){   	
-	*combined_list = list2;   	
-	return 0;
+    if (! list1){
+        *combined_list = list2;
+        return 0;
     }
 
-    if (! list2){   	
-	*combined_list = list1;   	
-	return 0;
+    if (! list2){
+        *combined_list = list1;
+        return 0;
     }
 
     while (list1[c1]) c1++;
     while (list2[c2]) c2++;
-	
+
     if (!(tlist = (char **) calloc( c1 + c2 + 1, sizeof ( char *))))
-	return ENOMEM;
+        return ENOMEM;
 
     i = 0;
     while(list1[i]) {
-	tlist[i] = list1[i];
-	i++;
+        tlist[i] = list1[i];
+        i++;
     }
     j = 0;
     while(list2[j]){
-	if(find_str_in_list(list1, list2[j])==FALSE){   	
-	    tlist[i] = list2[j];
-	    i++;
-	}
-	j++;
+        if(find_str_in_list(list1, list2[j])==FALSE){
+            tlist[i] = list2[j];
+            i++;
+        }
+        j++;
     }
 
-    free (list1); 	
-    free (list2); 	
-	
+    free (list1);
+    free (list2);
+
     tlist[i]= NULL;
 
     *combined_list = tlist;
@@ -150,44 +151,44 @@ filter(fp, cmd, k5users_list, k5users_filt_list)
     krb5_error_code retval =0;
     krb5_boolean found = FALSE;
     char * out_cmd = NULL;
-    unsigned int i=0, j=0, found_count = 0, k=0;	
+    unsigned int i=0, j=0, found_count = 0, k=0;
     char ** temp_filt_list;
 
     *k5users_filt_list = NULL;
 
-    if (! k5users_list){		
-	return 0;
+    if (! k5users_list){
+        return 0;
     }
 
-    while(k5users_list[i]){	
+    while(k5users_list[i]){
 
-	retval= k5users_lookup(fp, k5users_list[i], cmd, &found, &out_cmd);
-	if (retval)
-	    return retval;
+        retval= k5users_lookup(fp, k5users_list[i], cmd, &found, &out_cmd);
+        if (retval)
+            return retval;
 
-	if (found == FALSE){ 		
-	    free (k5users_list[i]);
-	    k5users_list[i] = NULL;
-	    if (out_cmd) gb_err = out_cmd;
-	} else
-	    found_count ++;	
+        if (found == FALSE){
+            free (k5users_list[i]);
+            k5users_list[i] = NULL;
+            if (out_cmd) gb_err = out_cmd;
+        } else
+            found_count ++;
 
-	i++;
+        i++;
     }
 
     if (! (temp_filt_list = (char **) calloc(found_count +1, sizeof (char*))))
-	return ENOMEM;
+        return ENOMEM;
 
-    for(j= 0, k=0; j < i; j++ ) {	
-	if (k5users_list[j]){
-	    temp_filt_list[k] = k5users_list[j]; 		
-	    k++;
-	}
+    for(j= 0, k=0; j < i; j++ ) {
+        if (k5users_list[j]){
+            temp_filt_list[k] = k5users_list[j];
+            k++;
+        }
     }
 
     temp_filt_list[k] = NULL;
 
-    free (k5users_list);	
+    free (k5users_list);
 
     *k5users_filt_list = temp_filt_list;
     return 0;
@@ -208,74 +209,74 @@ get_authorized_princ_names(luser, cmd, princ_list)
     char ** k5users_filt_list = NULL;
     char ** combined_list = NULL;
     struct stat tb;
-    krb5_error_code retval;	
+    krb5_error_code retval;
 
-    *princ_list = NULL; 	
+    *princ_list = NULL;
 
     /* no account => no access */
 
     if ((pwd = getpwnam(luser)) == NULL)
-	return 0;
+        return 0;
 
     k5login_flag = stat(k5login_path, &tb);
     k5users_flag = stat(k5users_path, &tb);
 
     if (!k5login_flag){
         if ((login_fp = fopen(k5login_path, "r")) == NULL)
-	    return 0;
+            return 0;
         if ( fowner(login_fp, pwd->pw_uid) == FALSE){
-	    close_time(1 /*k5users_flag*/, (FILE *) 0 /*users_fp*/, 
-		       k5login_flag,login_fp);
-	    return 0;
+            close_time(1 /*k5users_flag*/, (FILE *) 0 /*users_fp*/,
+                       k5login_flag,login_fp);
+            return 0;
         }
     }
     if (!k5users_flag){
         if ((users_fp = fopen(k5users_path, "r")) == NULL)
-	    return 0;
+            return 0;
 
         if ( fowner(users_fp, pwd->pw_uid) == FALSE){
-	    close_time(k5users_flag,users_fp, k5login_flag,login_fp);
-	    return 0;
+            close_time(k5users_flag,users_fp, k5login_flag,login_fp);
+            return 0;
+        }
+
+        retval = get_all_princ_from_file (users_fp, &k5users_list);
+        if(retval) {
+            close_time(k5users_flag,users_fp, k5login_flag,login_fp);
+            return retval;
         }
 
-	retval = get_all_princ_from_file (users_fp, &k5users_list);
-   	if(retval) {
-	    close_time(k5users_flag,users_fp, k5login_flag,login_fp);
-	    return retval;
-   	}
-
-	rewind(users_fp);	
-	
-	retval = filter(users_fp,cmd, k5users_list, &k5users_filt_list);
-	if(retval) {
-	    close_time(k5users_flag,users_fp, k5login_flag, login_fp);
-	    return retval;
-	}
+        rewind(users_fp);
+
+        retval = filter(users_fp,cmd, k5users_list, &k5users_filt_list);
+        if(retval) {
+            close_time(k5users_flag,users_fp, k5login_flag, login_fp);
+            return retval;
+        }
     }
- 	
+
     if (!k5login_flag){
-	retval = get_all_princ_from_file (login_fp, &k5login_list);
-   	if(retval) {
-	    close_time(k5users_flag,users_fp, k5login_flag,login_fp);
-	    return retval;
-   	}
-    }	
+        retval = get_all_princ_from_file (login_fp, &k5login_list);
+        if(retval) {
+            close_time(k5users_flag,users_fp, k5login_flag,login_fp);
+            return retval;
+        }
+    }
 
     close_time(k5users_flag,users_fp, k5login_flag, login_fp);
 
     if (cmd) {
-      retval = list_union(k5login_list, k5users_filt_list, &combined_list);
-      if (retval){
-	  close_time(k5users_flag,users_fp, k5login_flag,login_fp);
-	  return retval;
-      }
-      *princ_list = combined_list;
-      return 0;
+        retval = list_union(k5login_list, k5users_filt_list, &combined_list);
+        if (retval){
+            close_time(k5users_flag,users_fp, k5login_flag,login_fp);
+            return retval;
+        }
+        *princ_list = combined_list;
+        return 0;
     } else {
-	if (k5users_filt_list != NULL)
-	    free(k5users_filt_list);
-	*princ_list = k5login_list;
-	return 0;
+        if (k5users_filt_list != NULL)
+            free(k5users_filt_list);
+        *princ_list = k5login_list;
+        return 0;
     }
 }
 
@@ -303,8 +304,8 @@ static krb5_boolean find_str_in_list(list , elm)
 
     while (list[i] ){
         if (!strcmp(list[i], elm)){
-	    found = TRUE;
-	    break;
+            found = TRUE;
+            break;
         }
         i++;
     }
@@ -331,7 +332,7 @@ krb5_error_code get_closest_principal(context, plist, client, found)
     krb5_principal temp_client, best_client = NULL;
     int i = 0, j=0, cnelem, pnelem;
     krb5_boolean got_one;
-	
+
     *found = FALSE;
 
     if (! plist ) return 0;
@@ -340,48 +341,48 @@ krb5_error_code get_closest_principal(context, plist, client, found)
 
     while(plist[i]){
 
-	retval = krb5_parse_name(context, plist[i], &temp_client);
-	if (retval)
-	    return retval;
-	
-	pnelem = krb5_princ_size(context, temp_client);
-	
-	if ( cnelem > pnelem){	
-	    i++;
-	    continue;
-	}
-	
-	if (data_eq(*krb5_princ_realm(context, *client),
-		    *krb5_princ_realm(context, temp_client))) {
-	    
-	    got_one = TRUE;
-	    for(j =0; j < cnelem; j ++){
-		krb5_data *p1 =
-		    krb5_princ_component(context, *client, j);
-		krb5_data *p2 =
-		    krb5_princ_component(context, temp_client, j);
-		
-		if (!p1 || !p2 || !data_eq(*p1, *p2)) {
-		    got_one = FALSE;
-		    break;
-		}
-	    }
-	    if (got_one == TRUE){		
-		if(best_client){
-		    if(krb5_princ_size(context, best_client) >
-		       krb5_princ_size(context, temp_client)){
-			best_client = temp_client;
-		    }
-		}else
-		    best_client = temp_client;
-	    }
-	}
-	i++;
+        retval = krb5_parse_name(context, plist[i], &temp_client);
+        if (retval)
+            return retval;
+
+        pnelem = krb5_princ_size(context, temp_client);
+
+        if ( cnelem > pnelem){
+            i++;
+            continue;
+        }
+
+        if (data_eq(*krb5_princ_realm(context, *client),
+                    *krb5_princ_realm(context, temp_client))) {
+
+            got_one = TRUE;
+            for(j =0; j < cnelem; j ++){
+                krb5_data *p1 =
+                    krb5_princ_component(context, *client, j);
+                krb5_data *p2 =
+                    krb5_princ_component(context, temp_client, j);
+
+                if (!p1 || !p2 || !data_eq(*p1, *p2)) {
+                    got_one = FALSE;
+                    break;
+                }
+            }
+            if (got_one == TRUE){
+                if(best_client){
+                    if(krb5_princ_size(context, best_client) >
+                       krb5_princ_size(context, temp_client)){
+                        best_client = temp_client;
+                    }
+                }else
+                    best_client = temp_client;
+            }
+        }
+        i++;
     }
-    
+
     if (best_client) {
-	*found = TRUE;
-	*client = best_client;
+        *found = TRUE;
+        *client = best_client;
     }
 
     return 0;
@@ -410,24 +411,24 @@ krb5_error_code find_either_ticket (context, cc, client, end_server, found)
 
     if ( ! stat(cc_source_name, &st_temp)){
 
-	retval = find_ticket(context, cc, client, end_server, &temp_found);
-	if (retval)
-	    return retval;
- 	
-	if (temp_found == FALSE){
-	    retval = ksu_tgtname(context,
-				  krb5_princ_realm(context, client),
-				  krb5_princ_realm(context, client),
-				  &kdc_server);
-	    if (retval)
-		return retval;
-
-	    retval = find_ticket(context, cc,client, kdc_server, &temp_found);
-	    if(retval)
-		return retval;
-	}
-	else if (auth_debug)
-	    printf("find_either_ticket: found end server ticket\n");
+        retval = find_ticket(context, cc, client, end_server, &temp_found);
+        if (retval)
+            return retval;
+
+        if (temp_found == FALSE){
+            retval = ksu_tgtname(context,
+                                 krb5_princ_realm(context, client),
+                                 krb5_princ_realm(context, client),
+                                 &kdc_server);
+            if (retval)
+                return retval;
+
+            retval = find_ticket(context, cc,client, kdc_server, &temp_found);
+            if(retval)
+                return retval;
+        }
+        else if (auth_debug)
+            printf("find_either_ticket: found end server ticket\n");
     }
 
     *found = temp_found;
@@ -446,7 +447,7 @@ krb5_error_code find_ticket (context, cc, client, server, found)
 
     krb5_creds tgt, tgtq;
     krb5_error_code retval;
-	
+
     *found = FALSE;
 
     memset(&tgtq, 0, sizeof(tgtq));
@@ -454,25 +455,25 @@ krb5_error_code find_ticket (context, cc, client, server, found)
 
     retval= krb5_copy_principal(context,  client, &tgtq.client);
     if (retval)
-	return retval; 	
+        return retval;
 
     retval= krb5_copy_principal(context,  server, &tgtq.server);
     if (retval)
-	return retval ; 	
+        return retval ;
 
     retval = krb5_cc_retrieve_cred(context, cc, KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
-				   &tgtq, &tgt);
+                                   &tgtq, &tgt);
 
     if (! retval) retval = krb5_check_exp(context, tgt.times);
 
     if (retval){
-	if ((retval != KRB5_CC_NOTFOUND) &&
-	    (retval != KRB5KRB_AP_ERR_TKT_EXPIRED)){
-	    return retval ;
-	}
+        if ((retval != KRB5_CC_NOTFOUND) &&
+            (retval != KRB5KRB_AP_ERR_TKT_EXPIRED)){
+            return retval ;
+        }
     } else{
-	*found = TRUE;
-	return 0;	
+        *found = TRUE;
+        return 0;
     }
 
     free(tgtq.server);
@@ -500,14 +501,14 @@ krb5_error_code find_princ_in_list (context, princ, plist, found)
 
     retval = krb5_unparse_name(context, princ, &princname);
     if (retval)
-	return retval;
+        return retval;
 
     while (plist[i] ){
-	if (!strcmp(plist[i], princname)){
-	    *found = TRUE;
-	    break;
-	}
-	i++;
+        if (!strcmp(plist[i], princname)){
+            *found = TRUE;
+            break;
+        }
+        i++;
     }
 
     return 0;
@@ -515,8 +516,8 @@ krb5_error_code find_princ_in_list (context, princ, plist, found)
 }
 
 typedef struct princ_info {
-	krb5_principal p;
-	krb5_boolean found;
+    krb5_principal p;
+    krb5_boolean found;
 }princ_info;
 
 /**********************************************************************
@@ -528,9 +529,9 @@ path_out gets set to ...
 ***********************************************************************/
 
 krb5_error_code get_best_princ_for_target(context, source_uid, target_uid,
-					  source_user, target_user,
-					  cc_source, options, cmd,
-					  hostname, client, path_out)
+                                          source_user, target_user,
+                                          cc_source, options, cmd,
+                                          hostname, client, path_out)
     krb5_context context;
     uid_t source_uid;
     uid_t target_uid;
@@ -563,88 +564,88 @@ krb5_error_code get_best_princ_for_target(context, source_uid, target_uid,
 
     /* -n option was specified client is set we are done */
     if (options->princ)
-	return 0;
+        return 0;
 
     cc_source_name = krb5_cc_get_name(context, cc_source);
 
-	
+
     if (! stat(cc_source_name, &st_temp)) {
-	retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
-	if (retval)
-	    return retval;
+        retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
+        if (retval)
+            return retval;
     }
 
     retval=krb5_parse_name(context, target_user, &target_client);
     if (retval)
-	return retval;
+        return retval;
 
     retval=krb5_parse_name(context, source_user, &source_client);
     if (retval)
-	return retval;
+        return retval;
 
     if (source_uid == 0){
-	if (target_uid != 0)
-	    *client = target_client; /* this will be used to restrict
-					the cache copty */   	
-	else {
-	    if(cc_def_princ)
-		*client = cc_def_princ;
-	    else
-		*client = target_client;
-	}
-
-	if (auth_debug)
-	    printf(" GET_best_princ_for_target: via source_uid == 0\n");
-
-	return 0;
+        if (target_uid != 0)
+            *client = target_client; /* this will be used to restrict
+                                        the cache copty */
+        else {
+            if(cc_def_princ)
+                *client = cc_def_princ;
+            else
+                *client = target_client;
+        }
+
+        if (auth_debug)
+            printf(" GET_best_princ_for_target: via source_uid == 0\n");
+
+        return 0;
     }
 
     /* from here on, the code is for source_uid !=  0 */
 
     if (source_uid && (source_uid == target_uid)){
-	if(cc_def_princ)
-	    *client = cc_def_princ;
-	else
-	    *client = target_client;
-	if (auth_debug)
-	    printf("GET_best_princ_for_target: via source_uid == target_uid\n");
-	return 0;
+        if(cc_def_princ)
+            *client = cc_def_princ;
+        else
+            *client = target_client;
+        if (auth_debug)
+            printf("GET_best_princ_for_target: via source_uid == target_uid\n");
+        return 0;
     }
 
     /* Become root, then target for looking at .k5login.*/
     if (krb5_seteuid(0) || krb5_seteuid(target_uid) ) {
-      return errno;
+        return errno;
     }
-    
-    /* if .k5users and .k5login do not exist */  	
+
+    /* if .k5users and .k5login do not exist */
     if (stat(k5login_path, &tb) && stat(k5users_path, &tb) ){
-	*client = target_client;
+        *client = target_client;
 
-	if (cmd)
-	    *path_out = NOT_AUTHORIZED;
+        if (cmd)
+            *path_out = NOT_AUTHORIZED;
 
-	if (auth_debug)
-	    printf(" GET_best_princ_for_target: via no auth files path\n");
+        if (auth_debug)
+            printf(" GET_best_princ_for_target: via no auth files path\n");
 
-	return 0;	
+        return 0;
     }else{
-	retval = get_authorized_princ_names(target_user, cmd, &aplist);
-	if (retval)
-	    return retval;
-
-	/* .k5users or .k5login exist, but no authorization */
-	if ((!aplist) || (!aplist[0])) {
-	    *path_out = NOT_AUTHORIZED;
-	    if (auth_debug)
-		printf("GET_best_princ_for_target: via empty auth files path\n");
-	    return 0;	
-	}
+        retval = get_authorized_princ_names(target_user, cmd, &aplist);
+        if (retval)
+            return retval;
+
+        /* .k5users or .k5login exist, but no authorization */
+        if ((!aplist) || (!aplist[0])) {
+            *path_out = NOT_AUTHORIZED;
+            if (auth_debug)
+                printf("GET_best_princ_for_target: via empty auth files path\n");
+            return 0;
+        }
     }
 
     retval = krb5_sname_to_principal(context, hostname, NULL,
-				     KRB5_NT_SRV_HST, &end_server);
+                                     KRB5_NT_SRV_HST, &end_server);
     if (retval)
-	return retval;
+        return retval;
 
 
     /* first see if default principal of the source cache
@@ -653,39 +654,39 @@ krb5_error_code get_best_princ_for_target(context, source_uid, target_uid,
      * other ticket in the cache. */
 
     if (cc_def_princ)
-	princ_trials[count ++].p = cc_def_princ;
+        princ_trials[count ++].p = cc_def_princ;
     else
-	princ_trials[count ++].p = NULL;
+        princ_trials[count ++].p = NULL;
 
     princ_trials[count ++].p = target_client;
     princ_trials[count ++].p = source_client;
 
     for (i= 0; i < count; i ++)
-	princ_trials[i].found = FALSE;
+        princ_trials[i].found = FALSE;
 
     for (i= 0; i < count; i ++){
-	if(princ_trials[i].p) {	
-	    retval= find_princ_in_list(context, princ_trials[i].p, aplist, 
-				       &found);
-	    if (retval)
-		return retval;	
-	
-	    if (found == TRUE){
-		princ_trials[i].found = TRUE;
-
-		retval = find_either_ticket (context, cc_source, 
-					     princ_trials[i].p,
-					     end_server, &found);
- 		if (retval)
-		    return retval;
-		if (found == TRUE){
-		    *client = princ_trials[i].p;
-		    if (auth_debug)
-			printf("GET_best_princ_for_target: via ticket file, choice #%d\n", i);
-		    return 0;	
-		}
-	    }	
-	}
+        if(princ_trials[i].p) {
+            retval= find_princ_in_list(context, princ_trials[i].p, aplist,
+                                       &found);
+            if (retval)
+                return retval;
+
+            if (found == TRUE){
+                princ_trials[i].found = TRUE;
+
+                retval = find_either_ticket (context, cc_source,
+                                             princ_trials[i].p,
+                                             end_server, &found);
+                if (retval)
+                    return retval;
+                if (found == TRUE){
+                    *client = princ_trials[i].p;
+                    if (auth_debug)
+                        printf("GET_best_princ_for_target: via ticket file, choice #%d\n", i);
+                    return 0;
+                }
+            }
+        }
     }
 
     /* out of preferred principals, see if there is any ticket that will
@@ -693,25 +694,25 @@ krb5_error_code get_best_princ_for_target(context, source_uid, target_uid,
 
     i=0;
     while (aplist[i]){
-	retval = krb5_parse_name(context, aplist[i], &temp_client);
- 	if (retval)
-	    return retval;
-
-	retval = find_either_ticket (context, cc_source, temp_client,
-				     end_server, &found);
-	if (retval)
-	    return retval;
-
-	if (found == TRUE){
-	    if (auth_debug)
-		printf("GET_best_princ_for_target: via ticket file, choice: any ok ticket \n" );
-	    *client = temp_client;
-	    return 0;	
-	}
+        retval = krb5_parse_name(context, aplist[i], &temp_client);
+        if (retval)
+            return retval;
+
+        retval = find_either_ticket (context, cc_source, temp_client,
+                                     end_server, &found);
+        if (retval)
+            return retval;
+
+        if (found == TRUE){
+            if (auth_debug)
+                printf("GET_best_princ_for_target: via ticket file, choice: any ok ticket \n" );
+            *client = temp_client;
+            return 0;
+        }
 
-	krb5_free_principal(context, temp_client);
+        krb5_free_principal(context, temp_client);
 
-	i++;
+        i++;
     }
 
     /* no tickets qualified, select a principal, that may be used
@@ -719,46 +720,46 @@ krb5_error_code get_best_princ_for_target(context, source_uid, target_uid,
 
 
     for (i=0; i < count; i ++){
-	if (princ_trials[i].found == TRUE){
-	    *client = princ_trials[i].p;
+        if (princ_trials[i].found == TRUE){
+            *client = princ_trials[i].p;
 
-	    if (auth_debug)
-		printf("GET_best_princ_for_target: via prompt passwd list choice #%d \n",i);
-	    return  0;	
-	}
+            if (auth_debug)
+                printf("GET_best_princ_for_target: via prompt passwd list choice #%d \n",i);
+            return  0;
+        }
     }
 
 #ifdef PRINC_LOOK_AHEAD
     for (i=0; i < count; i ++){
-	if (princ_trials[i].p){
-	    retval=krb5_copy_principal(context, princ_trials[i].p,
-				       &temp_client);
-	    if(retval)
-		return retval; 	
-
-	    /* get the client name that is the closest
-	       to the three princ in trials */
-
-	    retval=get_closest_principal(context, aplist, &temp_client, 
-					 &found);
-	    if(retval)
-		return retval; 	
-
-	    if (found == TRUE){
-		*client = temp_client; 	
-		if (auth_debug)
-		    printf("GET_best_princ_for_target: via prompt passwd list choice: approximation of princ in trials # %d \n",i);
-		return 0;
-	    }
-	    krb5_free_principal(context, temp_client);
-	}
+        if (princ_trials[i].p){
+            retval=krb5_copy_principal(context, princ_trials[i].p,
+                                       &temp_client);
+            if(retval)
+                return retval;
+
+            /* get the client name that is the closest
+               to the three princ in trials */
+
+            retval=get_closest_principal(context, aplist, &temp_client,
+                                         &found);
+            if(retval)
+                return retval;
+
+            if (found == TRUE){
+                *client = temp_client;
+                if (auth_debug)
+                    printf("GET_best_princ_for_target: via prompt passwd list choice: approximation of princ in trials # %d \n",i);
+                return 0;
+            }
+            krb5_free_principal(context, temp_client);
+        }
     }
 
 #endif /* PRINC_LOOK_AHEAD */
 
 
     if(auth_debug)
-	printf( "GET_best_princ_for_target: out of luck, can't get appropriate default principal\n");
+        printf( "GET_best_princ_for_target: out of luck, can't get appropriate default principal\n");
 
     *path_out = NOT_AUTHORIZED;
     return 0;
diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c
index 230a1b399..39b85473f 100644
--- a/src/clients/ksu/krb_auth_su.c
+++ b/src/clients/ksu/krb_auth_su.c
@@ -1,4 +1,5 @@
-/* 
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
  * Copyright (c) 1994 by the University of Southern California
  *
  * EXPORT OF THIS SOFTWARE from the United States of America may
@@ -10,7 +11,7 @@
  *     this software and its documentation in source and binary forms is
  *     hereby granted, provided that any documentation or other materials
  *     related to such distribution or use acknowledge that the software
- *     was developed by the University of Southern California. 
+ *     was developed by the University of Southern California.
  *
  * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
  *     University of Southern California MAKES NO REPRESENTATIONS OR
@@ -26,7 +27,7 @@
  */
 
 #include "ksu.h"
-    
+
 
 void plain_dump_principal ();
 
@@ -38,7 +39,7 @@ krb5_preauthtype * preauth_ptr = NULL;
 
 
 krb5_boolean krb5_auth_check(context, client_pname, hostname, options,
-			     target_user, cc, path_passwd, target_uid)
+                             target_user, cc, path_passwd, target_uid)
     krb5_context context;
     krb5_principal client_pname;
     char *hostname;
@@ -51,183 +52,183 @@ krb5_boolean krb5_auth_check(context, client_pname, hostname, options,
     krb5_principal client, server;
     krb5_verify_init_creds_opt vfy_opts;
     krb5_creds tgt, tgtq, in_creds, * out_creds;
-    krb5_creds **tgts = NULL; /* list of ticket granting tickets */       
-    
-    krb5_ticket * target_tkt; /* decrypted ticket for server */                
+    krb5_creds **tgts = NULL; /* list of ticket granting tickets */
+
+    krb5_ticket * target_tkt; /* decrypted ticket for server */
     krb5_error_code retval =0;
-    int got_it = 0; 
+    int got_it = 0;
     krb5_boolean zero_password;
-    
+
     *path_passwd = 0;
-    memset(&tgtq, 0, sizeof(tgtq)); 
-    memset(&tgt, 0, sizeof(tgt)); 
-    memset(&in_creds, 0, sizeof(krb5_creds)); 
-    
-	
+    memset(&tgtq, 0, sizeof(tgtq));
+    memset(&tgt, 0, sizeof(tgt));
+    memset(&in_creds, 0, sizeof(krb5_creds));
+
+
     if ((retval= krb5_copy_principal(context,  client_pname, &client))){
-	com_err(prog_name, retval,"while copying client principal");   
-	return (FALSE) ; 	
+        com_err(prog_name, retval,"while copying client principal");
+        return (FALSE) ;
     }
-    
+
     if (auth_debug) {
-	dump_principal(context, "krb5_auth_check: Client principal name", 
-		       client); 
+        dump_principal(context, "krb5_auth_check: Client principal name",
+                       client);
     }
-    
+
     if ((retval = krb5_sname_to_principal(context, hostname, NULL,
-					  KRB5_NT_SRV_HST, &server))){
-	com_err(prog_name, retval, 
-		"while creating server %s principal name", hostname);  
-	krb5_free_principal(context, client);
-	return (FALSE) ; 	
+                                          KRB5_NT_SRV_HST, &server))){
+        com_err(prog_name, retval,
+                "while creating server %s principal name", hostname);
+        krb5_free_principal(context, client);
+        return (FALSE) ;
     }
-    
+
     if (auth_debug) {
-	dump_principal(context, "krb5_auth_check: Server principal name", 
-		       server); 
+        dump_principal(context, "krb5_auth_check: Server principal name",
+                       server);
     }
-    
-    
-    
+
+
+
     /* check if ticket is already in the cache, if it is
-       then use it.    
-       */
+       then use it.
+    */
     if( krb5_fast_auth(context, client, server, target_user, cc) == TRUE){
-	if (auth_debug ){ 	
-	    fprintf (stderr,"Authenticated via fast_auth \n");
-	}
-	return TRUE;
+        if (auth_debug ){
+            fprintf (stderr,"Authenticated via fast_auth \n");
+        }
+        return TRUE;
     }
-    
-    /* check to see if the local tgt is in the cache */         
-    
+
+    /* check to see if the local tgt is in the cache */
+
     if ((retval= krb5_copy_principal(context,  client, &tgtq.client))){
-	com_err(prog_name, retval,"while copying client principal");   
-	return (FALSE) ; 	
+        com_err(prog_name, retval,"while copying client principal");
+        return (FALSE) ;
     }
-    
+
     if ((retval = ksu_tgtname(context,  krb5_princ_realm(context, client),
-			       krb5_princ_realm(context, client),
-			       &tgtq.server))){ 		
-	com_err(prog_name, retval, "while creating tgt for local realm");  
-	krb5_free_principal(context, client);
-	krb5_free_principal(context, server);
-	return (FALSE) ; 	
-    }	
-
-    if (auth_debug){ dump_principal(context, "local tgt principal name", tgtq.server ); } 	
+                              krb5_princ_realm(context, client),
+                              &tgtq.server))){
+        com_err(prog_name, retval, "while creating tgt for local realm");
+        krb5_free_principal(context, client);
+        krb5_free_principal(context, server);
+        return (FALSE) ;
+    }
+
+    if (auth_debug){ dump_principal(context, "local tgt principal name", tgtq.server ); }
     retval = krb5_cc_retrieve_cred(context, cc,
-				   KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
-				   &tgtq, &tgt); 
-    
+                                   KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
+                                   &tgtq, &tgt);
+
     if (! retval) retval = krb5_check_exp(context, tgt.times);
-    
-    if (retval){	
-	if ((retval != KRB5_CC_NOTFOUND) &&  
-	    (retval != KRB5KRB_AP_ERR_TKT_EXPIRED)){
-	    com_err(prog_name, retval, 
-		    "while retrieving creds from cache");
-	    return (FALSE) ; 	
-	}
+
+    if (retval){
+        if ((retval != KRB5_CC_NOTFOUND) &&
+            (retval != KRB5KRB_AP_ERR_TKT_EXPIRED)){
+            com_err(prog_name, retval,
+                    "while retrieving creds from cache");
+            return (FALSE) ;
+        }
     } else{
-	got_it = 1;	
+        got_it = 1;
     }
-    
+
     if (! got_it){
-	
+
 #ifdef GET_TGT_VIA_PASSWD
-	if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
-	    com_err("ksu", errno, "while switching to target uid");
-	    return FALSE;
-	}
-	
-
-	fprintf(stderr,"WARNING: Your password may be exposed if you enter it here and are logged \n");
-	fprintf(stderr,"         in remotely using an unsecure (non-encrypted) channel. \n");
-	
-	/*get the ticket granting ticket, via passwd(promt for passwd)*/
-	if (krb5_get_tkt_via_passwd (context, &cc, client, tgtq.server,
-				     options, & zero_password) == FALSE){ 
-	    krb5_seteuid(0);
-	    
-	    return FALSE;
-	}
-	*path_passwd = 1;
-	if (krb5_seteuid(0)) {
-	    com_err("ksu", errno, "while reclaiming root uid");
-	    return FALSE;
-	}
-	
+        if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
+            com_err("ksu", errno, "while switching to target uid");
+            return FALSE;
+        }
+
+
+        fprintf(stderr,"WARNING: Your password may be exposed if you enter it here and are logged \n");
+        fprintf(stderr,"         in remotely using an unsecure (non-encrypted) channel. \n");
+
+        /*get the ticket granting ticket, via passwd(promt for passwd)*/
+        if (krb5_get_tkt_via_passwd (context, &cc, client, tgtq.server,
+                                     options, & zero_password) == FALSE){
+            krb5_seteuid(0);
+
+            return FALSE;
+        }
+        *path_passwd = 1;
+        if (krb5_seteuid(0)) {
+            com_err("ksu", errno, "while reclaiming root uid");
+            return FALSE;
+        }
+
 #else
-	plain_dump_principal (context, client);
-	fprintf(stderr,"does not have any appropriate tickets in the cache.\n");
-	return FALSE;
-	
-#endif /* GET_TGT_VIA_PASSWD */ 
+        plain_dump_principal (context, client);
+        fprintf(stderr,"does not have any appropriate tickets in the cache.\n");
+        return FALSE;
+
+#endif /* GET_TGT_VIA_PASSWD */
 
     }
-    
+
     if ((retval= krb5_copy_principal(context, client, &in_creds.client))){
-	com_err(prog_name, retval,"while copying client principal");   
-	return (FALSE) ; 	
+        com_err(prog_name, retval,"while copying client principal");
+        return (FALSE) ;
     }
-    
+
     if ((retval= krb5_copy_principal(context, server, &in_creds.server))){
-	com_err(prog_name, retval,"while copying client principal");   
-	return (FALSE) ; 	
+        com_err(prog_name, retval,"while copying client principal");
+        return (FALSE) ;
     }
-    
-    if ((retval = krb5_get_cred_from_kdc(context, cc, &in_creds, 
-					 &out_creds, &tgts))){
-	com_err(prog_name, retval, "while getting credentials from kdc");  
-	return (FALSE);
+
+    if ((retval = krb5_get_cred_from_kdc(context, cc, &in_creds,
+                                         &out_creds, &tgts))){
+        com_err(prog_name, retval, "while getting credentials from kdc");
+        return (FALSE);
     }
-    
-
-    if (auth_debug){ 
-	fprintf(stderr,"krb5_auth_check: got ticket for end server \n"); 
-	dump_principal(context, "out_creds->server", out_creds->server ); 
-    } 	
-    
-    
-    if (tgts){   
-	register int i =0;
-	
-	if (auth_debug){	
-	    fprintf(stderr, "krb5_auth_check: went via multiple realms");
-	}
-	while (tgts[i]){
-	    if ((retval=krb5_cc_store_cred(context,cc,tgts[i]))) {
-		com_err(prog_name, retval,
-			"while storing credentials from cross-realm walk");
-		return (FALSE);
-	    }
-	    i++;
-	}
-	krb5_free_tgt_creds(context, tgts);
+
+
+    if (auth_debug){
+        fprintf(stderr,"krb5_auth_check: got ticket for end server \n");
+        dump_principal(context, "out_creds->server", out_creds->server );
     }
-    
+
+
+    if (tgts){
+        register int i =0;
+
+        if (auth_debug){
+            fprintf(stderr, "krb5_auth_check: went via multiple realms");
+        }
+        while (tgts[i]){
+            if ((retval=krb5_cc_store_cred(context,cc,tgts[i]))) {
+                com_err(prog_name, retval,
+                        "while storing credentials from cross-realm walk");
+                return (FALSE);
+            }
+            i++;
+        }
+        krb5_free_tgt_creds(context, tgts);
+    }
+
     krb5_verify_init_creds_opt_init(&vfy_opts);
     krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1);
-	retval = krb5_verify_init_creds(context, out_creds, server, NULL /*keytab*/,
-					NULL /*output ccache*/,
-					&vfy_opts);
+    retval = krb5_verify_init_creds(context, out_creds, server, NULL /*keytab*/,
+                                    NULL /*output ccache*/,
+                                    &vfy_opts);
     if (retval) {
-	com_err(prog_name, retval, "while verifying ticket for server");
-	return (FALSE);
+        com_err(prog_name, retval, "while verifying ticket for server");
+        return (FALSE);
     }
-    
+
     if ((retval = krb5_cc_store_cred(context,  cc, out_creds))){
-	com_err(prog_name, retval,
-		"While storing credentials");
-	return (FALSE);
+        com_err(prog_name, retval,
+                "While storing credentials");
+        return (FALSE);
     }
 
     return (TRUE);
 }
 
 /* krb5_fast_auth checks if ticket for the end server is already in
-   the cache, if it is, we don't need a tgt */     
+   the cache, if it is, we don't need a tgt */
 
 krb5_boolean krb5_fast_auth(context, client, server, target_user, cc)
     krb5_context context;
@@ -236,49 +237,49 @@ krb5_boolean krb5_fast_auth(context, client, server, target_user, cc)
     char *target_user;
     krb5_ccache cc;
 {
-				 
+
     krb5_creds tgt, tgtq;
     krb5_verify_init_creds_opt vfy_opts;
     krb5_error_code retval;
-    
-    memset(&tgtq, 0, sizeof(tgtq)); 
-    memset(&tgt, 0, sizeof(tgt)); 
-    
+
+    memset(&tgtq, 0, sizeof(tgtq));
+    memset(&tgt, 0, sizeof(tgt));
+
     if ((retval= krb5_copy_principal(context, client, &tgtq.client))){
-	com_err(prog_name, retval,"while copying client principal");   
-	return (FALSE) ; 	
+        com_err(prog_name, retval,"while copying client principal");
+        return (FALSE) ;
     }
-    
+
     if ((retval= krb5_copy_principal(context, server, &tgtq.server))){
-	com_err(prog_name, retval,"while copying client principal");   
-	return (FALSE) ; 	
+        com_err(prog_name, retval,"while copying client principal");
+        return (FALSE) ;
     }
-    
+
     if ((retval = krb5_cc_retrieve_cred(context, cc,
-					KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
-					&tgtq, &tgt))){ 
-	if (auth_debug)
-	    com_err(prog_name, retval,"While Retrieving credentials"); 
-	return (FALSE) ; 	
-	
+                                        KRB5_TC_MATCH_SRV_NAMEONLY | KRB5_TC_SUPPORTED_KTYPES,
+                                        &tgtq, &tgt))){
+        if (auth_debug)
+            com_err(prog_name, retval,"While Retrieving credentials");
+        return (FALSE) ;
+
     }
     krb5_verify_init_creds_opt_init(&vfy_opts);
     krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1);
-	retval = krb5_verify_init_creds(context, &tgt, server, NULL /*keytab*/,
-					NULL /*output ccache*/,
-					&vfy_opts);
-					if (retval){
-	com_err(prog_name, retval, "while verifing ticket for server"); 
-	return (FALSE);
+    retval = krb5_verify_init_creds(context, &tgt, server, NULL /*keytab*/,
+                                    NULL /*output ccache*/,
+                                    &vfy_opts);
+    if (retval){
+        com_err(prog_name, retval, "while verifing ticket for server");
+        return (FALSE);
     }
-    
+
     return TRUE;
 }
 
 
 
 krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server,
-				      options, zero_password)
+                                      options, zero_password)
     krb5_context context;
     krb5_ccache *ccache;
     krb5_principal client;
@@ -293,77 +294,77 @@ krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server,
     char password[255], *client_name, prompt[255];
     int result;
 
-    *zero_password = FALSE;	
-    
+    *zero_password = FALSE;
+
     if ((code = krb5_unparse_name(context, client, &client_name))) {
         com_err (prog_name, code, "when unparsing name");
         return (FALSE);
     }
 
     memset(&my_creds, 0, sizeof(my_creds));
-    
-    if ((code = krb5_copy_principal(context, client, &my_creds.client))){ 
+
+    if ((code = krb5_copy_principal(context, client, &my_creds.client))){
         com_err (prog_name, code, "while copying principal");
-	return (FALSE);	
-    }	
+        return (FALSE);
+    }
 
-    if ((code = krb5_copy_principal(context, server, &my_creds.server))){ 
+    if ((code = krb5_copy_principal(context, server, &my_creds.server))){
         com_err (prog_name, code, "while copying principal");
-	return (FALSE);	
-    }	
+        return (FALSE);
+    }
 
     if ((code = krb5_timeofday(context, &now))) {
-	com_err(prog_name, code, "while getting time of day");
-	return (FALSE);	
+        com_err(prog_name, code, "while getting time of day");
+        return (FALSE);
     }
 
-    my_creds.times.starttime = 0;	/* start timer when request
-					   gets to KDC */
-    
+    my_creds.times.starttime = 0;       /* start timer when request
+                                           gets to KDC */
+
     my_creds.times.endtime = now + options->lifetime;
     if (options->opt & KDC_OPT_RENEWABLE) {
-	my_creds.times.renew_till = now + options->rlife;
+        my_creds.times.renew_till = now + options->rlife;
     } else
-	my_creds.times.renew_till = 0;
+        my_creds.times.renew_till = 0;
 
     result = snprintf(prompt, sizeof(prompt), "Kerberos password for %s: ",
-		      client_name);
+                      client_name);
     if (SNPRINTF_OVERFLOW(result, sizeof(prompt))) {
-	fprintf (stderr,
-		 "principal name %s too long for internal buffer space\n",
-		 client_name);
-	return FALSE;
+        fprintf (stderr,
+                 "principal name %s too long for internal buffer space\n",
+                 client_name);
+        return FALSE;
     }
-    
+
     pwsize = sizeof(password);
-    
+
     code = krb5_read_password(context, prompt, 0, password, &pwsize);
     if (code ) {
-	com_err(prog_name, code, "while reading password for '%s'\n",
-		client_name);
-	memset(password, 0, sizeof(password));
-	return (FALSE); 
+        com_err(prog_name, code, "while reading password for '%s'\n",
+                client_name);
+        memset(password, 0, sizeof(password));
+        return (FALSE);
     }
-    
+
     if ( pwsize == 0) {
-	fprintf(stderr, "No password given\n");
-	*zero_password = TRUE;
-	memset(password, 0, sizeof(password));
-	return (FALSE); 
+        fprintf(stderr, "No password given\n");
+        *zero_password = TRUE;
+        memset(password, 0, sizeof(password));
+        return (FALSE);
     }
-    
-    code = krb5_get_in_tkt_with_password(context, options->opt, 
-					 0, NULL, preauth_ptr,
-					 password, *ccache, &my_creds, 0);
+
+    code = krb5_get_in_tkt_with_password(context, options->opt,
+                                         0, NULL, preauth_ptr,
+                                         password, *ccache, &my_creds, 0);
     memset(password, 0, sizeof(password));
-    
-    
+
+
     if (code) {
-	if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-	    fprintf (stderr, "%s: Password incorrect\n", prog_name);
-	else
-	    com_err (prog_name, code, "while getting initial credentials");
-	return (FALSE);
+        if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+            fprintf (stderr, "%s: Password incorrect\n", prog_name);
+        else
+            com_err (prog_name, code, "while getting initial credentials");
+        return (FALSE);
     }
     return (TRUE);
 }
@@ -375,10 +376,10 @@ void dump_principal (context, str, p)
     krb5_principal p;
 {
     char * stname;
-    krb5_error_code retval; 
+    krb5_error_code retval;
 
     if ((retval = krb5_unparse_name(context, p, &stname))) {
-	fprintf(stderr, " %s while unparsing name\n", error_message(retval));
+        fprintf(stderr, " %s while unparsing name\n", error_message(retval));
     }
     fprintf(stderr, " %s: %s\n", str, stname);
 }
@@ -386,21 +387,21 @@ void dump_principal (context, str, p)
 void plain_dump_principal (context, p)
     krb5_context context;
     krb5_principal p;
-{    
+{
     char * stname;
-    krb5_error_code retval; 
+    krb5_error_code retval;
 
     if ((retval = krb5_unparse_name(context, p, &stname)))
-	fprintf(stderr, " %s while unparsing name\n", error_message(retval));
+        fprintf(stderr, " %s while unparsing name\n", error_message(retval));
     fprintf(stderr, "%s ", stname);
 }
 
 
 /**********************************************************************
 returns the principal that is closest to client. plist contains
-a principal list obtained from .k5login and parhaps .k5users file.   
-This routine gets called before getting the password for a tgt.             
-A principal is picked that has the best chance of getting in.          
+a principal list obtained from .k5login and parhaps .k5users file.
+This routine gets called before getting the password for a tgt.
+A principal is picked that has the best chance of getting in.
 
 **********************************************************************/
 
@@ -410,55 +411,55 @@ krb5_error_code get_best_principal(context, plist, client)
     char **plist;
     krb5_principal *client;
 {
-    krb5_error_code retval =0; 
+    krb5_error_code retval =0;
     krb5_principal temp_client, best_client = NULL;
-    
+
     int i = 0, nelem;
-    
+
     if (! plist ) return 0;
-    
+
     nelem = krb5_princ_size(context, *client);
-    
+
     while(plist[i]){
-	
-	if ((retval = krb5_parse_name(context, plist[i], &temp_client))){
-	    return retval;
-	}
-	
-	if (data_eq(*krb5_princ_realm(context, *client),
-		    *krb5_princ_realm(context, temp_client))) {
-
-	    if (nelem &&
-		krb5_princ_size(context, *client) > 0 &&
-		krb5_princ_size(context, temp_client) > 0) {
-		krb5_data *p1 =
-		    krb5_princ_component(context, *client, 0);
-		krb5_data *p2 = 
-		    krb5_princ_component(context, temp_client, 0);
-
-		if (data_eq(*p1, *p2)) {
-		    
-		    if (auth_debug){
-			fprintf(stderr,
-				"get_best_principal: compare with %s\n",
-				plist[i]);
-		    }
-		    
-		    if(best_client){
-			if(krb5_princ_size(context, best_client) >
-			   krb5_princ_size(context, temp_client)){
-			    best_client = temp_client;
-			}
-		    }else{
-			best_client = temp_client;
-		    }
-		}
-	    }
-	    
-	}
-	i++;
+
+        if ((retval = krb5_parse_name(context, plist[i], &temp_client))){
+            return retval;
+        }
+
+        if (data_eq(*krb5_princ_realm(context, *client),
+                    *krb5_princ_realm(context, temp_client))) {
+
+            if (nelem &&
+                krb5_princ_size(context, *client) > 0 &&
+                krb5_princ_size(context, temp_client) > 0) {
+                krb5_data *p1 =
+                    krb5_princ_component(context, *client, 0);
+                krb5_data *p2 =
+                    krb5_princ_component(context, temp_client, 0);
+
+                if (data_eq(*p1, *p2)) {
+
+                    if (auth_debug){
+                        fprintf(stderr,
+                                "get_best_principal: compare with %s\n",
+                                plist[i]);
+                    }
+
+                    if(best_client){
+                        if(krb5_princ_size(context, best_client) >
+                           krb5_princ_size(context, temp_client)){
+                            best_client = temp_client;
+                        }
+                    }else{
+                        best_client = temp_client;
+                    }
+                }
+            }
+
+        }
+        i++;
     }
-    
+
     if (best_client) *client = best_client;
     return 0;
 }
diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h
index 76ed7032d..f2c0811fc 100644
--- a/src/clients/ksu/ksu.h
+++ b/src/clients/ksu/ksu.h
@@ -1,4 +1,5 @@
-/* 
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
  * Copyright (c) 1994 by the University of Southern California
  *
  * EXPORT OF THIS SOFTWARE from the United States of America may
@@ -10,7 +11,7 @@
  *     this software and its documentation in source and binary forms is
  *     hereby granted, provided that any documentation or other materials
  *     related to such distribution or use acknowledge that the software
- *     was developed by the University of Southern California. 
+ *     was developed by the University of Southern California.
  *
  * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
  *     University of Southern California MAKES NO REPRESENTATIONS OR
@@ -29,7 +30,7 @@
 #include "k5-util.h"
 #include <stdio.h>
 #include "com_err.h"
-#include <sys/types.h> 
+#include <sys/types.h>
 #include <sys/param.h>
 #include <pwd.h>
 #include <unistd.h>
@@ -48,15 +49,15 @@
 #define KRB5_LOGIN_NAME ".k5login"
 #define KRB5_USERS_NAME ".k5users"
 #define USE_DEFAULT_REALM_NAME "."
-#define PERMIT_ALL_COMMANDS "*" 
+#define PERMIT_ALL_COMMANDS "*"
 #define KRB5_SEC_BUFFSIZE 80
 #define NOT_AUTHORIZED 1
 
 #define CHUNK 3
 #define CACHE_MODE 0600
-#define MAX_CMD 2048 /* this is temp, should use realloc instead,          
-			as done in most of the code */       
-		      
+#define MAX_CMD 2048 /* this is temp, should use realloc instead,
+                        as done in most of the code */
+
 
 extern int optind;
 extern char * optarg;
@@ -71,90 +72,90 @@ extern char * gb_err;
 /***********/
 
 typedef struct opt_info{
-	int opt;
-	krb5_deltat lifetime;
-	krb5_deltat rlife;
-	int princ;
+    int opt;
+    krb5_deltat lifetime;
+    krb5_deltat rlife;
+    int princ;
 }opt_info;
 
 /* krb_auth_su.c */
 extern krb5_boolean krb5_auth_check
-        (krb5_context, krb5_principal, char *, opt_info *,
-		   char *, krb5_ccache, int *, uid_t);
+(krb5_context, krb5_principal, char *, opt_info *,
+ char *, krb5_ccache, int *, uid_t);
 
 extern krb5_boolean krb5_fast_auth
-        (krb5_context, krb5_principal, krb5_principal, char *,
-		   krb5_ccache);
+(krb5_context, krb5_principal, krb5_principal, char *,
+ krb5_ccache);
 
-extern krb5_boolean krb5_get_tkt_via_passwd 
-	(krb5_context, krb5_ccache *, krb5_principal,
-		   krb5_principal, opt_info *, krb5_boolean *);
+extern krb5_boolean krb5_get_tkt_via_passwd
+(krb5_context, krb5_ccache *, krb5_principal,
+ krb5_principal, opt_info *, krb5_boolean *);
 
-extern void dump_principal 
-	(krb5_context, char *, krb5_principal);
+extern void dump_principal
+(krb5_context, char *, krb5_principal);
 
-extern void plain_dump_principal 
-	(krb5_context, krb5_principal);
+extern void plain_dump_principal
+(krb5_context, krb5_principal);
 
 
 extern krb5_error_code krb5_parse_lifetime
-	(char *, long *);
+(char *, long *);
 
 extern krb5_error_code get_best_principal
-	(krb5_context, char **, krb5_principal *);
+(krb5_context, char **, krb5_principal *);
 
 /* ccache.c */
 extern krb5_error_code krb5_ccache_copy
-	(krb5_context, krb5_ccache, char *, krb5_principal, 
-		   krb5_ccache *, krb5_boolean *, uid_t);
+(krb5_context, krb5_ccache, char *, krb5_principal,
+ krb5_ccache *, krb5_boolean *, uid_t);
 
 extern krb5_error_code krb5_store_all_creds
-	(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);
+(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);
 
 extern krb5_error_code krb5_store_all_creds
-	(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);
+(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);
 
 extern krb5_boolean compare_creds
-	(krb5_context, krb5_creds *, krb5_creds *);
+(krb5_context, krb5_creds *, krb5_creds *);
 
 extern krb5_error_code krb5_get_nonexp_tkts
-	(krb5_context, krb5_ccache, krb5_creds ***);
+(krb5_context, krb5_ccache, krb5_creds ***);
 
 extern krb5_error_code krb5_check_exp
-	(krb5_context, krb5_ticket_times);
+(krb5_context, krb5_ticket_times);
 
 extern char *flags_string (krb5_creds *);
 
 extern krb5_error_code krb5_get_login_princ
-	(const char *, char ***);
+(const char *, char ***);
 
 extern void show_credential
-	(krb5_context, krb5_creds *, krb5_ccache);
+(krb5_context, krb5_creds *, krb5_ccache);
 
 extern int gen_sym (void);
 
 extern krb5_error_code krb5_ccache_overwrite
-	(krb5_context, krb5_ccache, krb5_ccache, krb5_principal);
+(krb5_context, krb5_ccache, krb5_ccache, krb5_principal);
 
 extern krb5_error_code krb5_store_some_creds
-	(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **,
-		   krb5_principal, krb5_boolean *);
+(krb5_context, krb5_ccache, krb5_creds **, krb5_creds **,
+ krb5_principal, krb5_boolean *);
 
 extern krb5_error_code krb5_ccache_copy_restricted
-	(krb5_context, krb5_ccache, char *, krb5_principal, 
-		   krb5_ccache *, krb5_boolean *, uid_t);
+(krb5_context, krb5_ccache, char *, krb5_principal,
+ krb5_ccache *, krb5_boolean *, uid_t);
 
 extern krb5_error_code krb5_ccache_refresh
-	(krb5_context, krb5_ccache);
+(krb5_context, krb5_ccache);
 
 extern krb5_error_code krb5_ccache_filter
-	(krb5_context, krb5_ccache, krb5_principal);
+(krb5_context, krb5_ccache, krb5_principal);
 
 extern krb5_boolean krb5_find_princ_in_cred_list
-	(krb5_context, krb5_creds **, krb5_principal);
+(krb5_context, krb5_creds **, krb5_principal);
 
 extern krb5_error_code krb5_find_princ_in_cache
-	(krb5_context, krb5_ccache, krb5_principal, krb5_boolean *);
+(krb5_context, krb5_ccache, krb5_principal, krb5_boolean *);
 
 extern void printtime (time_t);
 
@@ -162,17 +163,17 @@ extern void printtime (time_t);
 extern krb5_boolean fowner (FILE *, uid_t);
 
 extern krb5_error_code krb5_authorization
-	(krb5_context, krb5_principal, const char *, char *, 
-		   krb5_boolean *, char **);
+(krb5_context, krb5_principal, const char *, char *,
+ krb5_boolean *, char **);
 
 extern krb5_error_code k5login_lookup (FILE *, char *,
-						 krb5_boolean *);
+                                       krb5_boolean *);
 
-extern krb5_error_code k5users_lookup 
-	(FILE *, char *, char *, krb5_boolean *, char **);
+extern krb5_error_code k5users_lookup
+(FILE *, char *, char *, krb5_boolean *, char **);
 
 extern krb5_boolean fcmd_resolve
-	(char *, char ***, char **);
+(char *, char ***, char **);
 
 extern krb5_boolean cmd_single (char *);
 
@@ -180,11 +181,11 @@ extern int cmd_arr_cmp_postfix (char **, char *);
 
 extern int cmd_arr_cmp (char **, char *);
 
-extern krb5_boolean find_first_cmd_that_exists 
-	(char **, char **, char **);
+extern krb5_boolean find_first_cmd_that_exists
+(char **, char **, char **);
 
-extern int match_commands 
-	(char *, char *, krb5_boolean *, char **, char **);
+extern int match_commands
+(char *, char *, krb5_boolean *, char **, char **);
 
 extern krb5_error_code get_line (FILE *, char **);
 
@@ -211,30 +212,30 @@ extern krb5_error_code list_union (char **, char **, char ***);
 extern krb5_error_code filter (FILE *, char *, char **, char ***);
 
 extern krb5_error_code get_authorized_princ_names
-	(const char *, char *, char ***);
+(const char *, char *, char ***);
 
-extern krb5_error_code get_closest_principal 
-	(krb5_context, char **, krb5_principal *, krb5_boolean *);
+extern krb5_error_code get_closest_principal
+(krb5_context, char **, krb5_principal *, krb5_boolean *);
 
-extern krb5_error_code find_either_ticket 
-	(krb5_context, krb5_ccache, krb5_principal,
-		krb5_principal, krb5_boolean *);
+extern krb5_error_code find_either_ticket
+(krb5_context, krb5_ccache, krb5_principal,
+ krb5_principal, krb5_boolean *);
 
-extern krb5_error_code find_ticket 
-	(krb5_context, krb5_ccache, krb5_principal,
-		krb5_principal, krb5_boolean *);
+extern krb5_error_code find_ticket
+(krb5_context, krb5_ccache, krb5_principal,
+ krb5_principal, krb5_boolean *);
 
 
 extern krb5_error_code find_princ_in_list
-	(krb5_context, krb5_principal, char **, krb5_boolean *);
+(krb5_context, krb5_principal, char **, krb5_boolean *);
 
 extern krb5_error_code get_best_princ_for_target
-	(krb5_context, uid_t, uid_t, char *, char *, krb5_ccache, 
-		opt_info *, char *, char *, krb5_principal *, int *);
+(krb5_context, uid_t, uid_t, char *, char *, krb5_ccache,
+ opt_info *, char *, char *, krb5_principal *, int *);
 
 extern krb5_error_code ksu_tgtname (krb5_context, const krb5_data *,
-					      const krb5_data *, 
-					      krb5_principal *tgtprinc);
+                                    const krb5_data *,
+                                    krb5_principal *tgtprinc);
 
 #ifndef min
 #define min(a,b) ((a) > (b) ? (b) : (a))
@@ -242,14 +243,14 @@ extern krb5_error_code ksu_tgtname (krb5_context, const krb5_data *,
 
 
 extern char *krb5_lname_file;  /* Note: print this out just be sure
-				  that it gets set */   	    
+                                  that it gets set */
 
-extern void *xmalloc (size_t), 
-    *xrealloc (void *, size_t), 
+extern void *xmalloc (size_t),
+    *xrealloc (void *, size_t),
     *xcalloc (size_t, size_t);
-extern char *xstrdup (const char *);
-extern char *xasprintf (const char *format, ...);
+                             extern char *xstrdup (const char *);
+                             extern char *xasprintf (const char *format, ...);
 
 #ifndef HAVE_UNSETENV
-void unsetenv (char *);
+                             void unsetenv (char *);
 #endif
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
index 0aba56933..b7dcdadc6 100644
--- a/src/clients/ksu/main.c
+++ b/src/clients/ksu/main.c
@@ -1,4 +1,5 @@
-/* 
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
  * Copyright (c) 1994 by the University of Southern California
  *
  * EXPORT OF THIS SOFTWARE from the United States of America may
@@ -10,7 +11,7 @@
  *     this software and its documentation in source and binary forms is
  *     hereby granted, provided that any documentation or other materials
  *     related to such distribution or use acknowledge that the software
- *     was developed by the University of Southern California. 
+ *     was developed by the University of Southern California.
  *
  * DISCLAIMER OF WARRANTY.  THIS SOFTWARE IS PROVIDED "AS IS".  The
  *     University of Southern California MAKES NO REPRESENTATIONS OR
@@ -34,31 +35,31 @@
 
 /* globals */
 char * prog_name;
-int auth_debug =0;     
+int auth_debug =0;
 char k5login_path[MAXPATHLEN];
 char k5users_path[MAXPATHLEN];
 char * gb_err = NULL;
 int quiet = 0;
 /***********/
 
-#define _DEF_CSH "/bin/csh" 
+#define _DEF_CSH "/bin/csh"
 static int set_env_var (char *, char *);
 static void sweep_up (krb5_context, krb5_ccache);
 static char * ontty (void);
 #ifdef HAVE_STDARG_H
 static void print_status( const char *fmt, ...)
 #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
-     __attribute__ ((__format__ (__printf__, 1, 2)))
+    __attribute__ ((__format__ (__printf__, 1, 2)))
 #endif
-     ;
+    ;
 #else
 static void print_status();
 #endif
-char * get_dir_of_file();     
+char * get_dir_of_file();
 
 /* Note -e and -a options are mutually exclusive */
-/* insure the proper specification of target user as well as catching         
-   ill specified arguments to commands */        
+/* insure the proper specification of target user as well as catching
+   ill specified arguments to commands */
 
 void usage (){
     fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
@@ -76,31 +77,31 @@ int
 main (argc, argv)
     int argc;
     char ** argv;
-{ 
+{
     int hp =0;
-    int some_rest_copy = 0;	
-    int all_rest_copy = 0;	
+    int some_rest_copy = 0;
+    int all_rest_copy = 0;
     char *localhostname = NULL;
     opt_info options;
     int option=0;
     int statusp=0;
-    krb5_error_code retval = 0; 
+    krb5_error_code retval = 0;
     krb5_principal client = NULL;
     krb5_ccache cc_target = NULL;
     krb5_context ksu_context;
-    char * cc_target_tag = NULL; 
+    char * cc_target_tag = NULL;
     char * target_user = NULL;
     char * source_user;
-    
+
     krb5_ccache cc_source = NULL;
-    const char * cc_source_tag = NULL; 
+    const char * cc_source_tag = NULL;
     uid_t source_gid, target_gid;
     const char * cc_source_tag_tmp = NULL;
-    char * cc_target_tag_tmp=NULL; 
+    char * cc_target_tag_tmp=NULL;
     char * cmd = NULL, * exec_cmd = NULL;
     int errflg = 0;
-    krb5_boolean auth_val; 
-    krb5_boolean authorization_val = FALSE; 
+    krb5_boolean auth_val;
+    krb5_boolean authorization_val = FALSE;
     int path_passwd = 0;
     int done =0,i,j;
     uid_t ruid = getuid ();
@@ -116,12 +117,12 @@ main (argc, argv)
     krb5_boolean stored = FALSE;
     krb5_principal  kdc_server;
     krb5_boolean zero_password;
-    char * dir_of_cc_target;     
-    
+    char * dir_of_cc_target;
+
     options.opt = KRB5_DEFAULT_OPTIONS;
     options.lifetime = KRB5_DEFAULT_TKT_LIFE;
-    options.rlife =0; 
-    options.princ =0;	
+    options.rlife =0;
+    options.princ =0;
 
     params = (char **) xcalloc (2, sizeof (char *));
     params[1] = NULL;
@@ -132,157 +133,157 @@ main (argc, argv)
     retval = krb5_init_secure_context(&ksu_context);
     if (retval) {
         com_err(argv[0], retval, "while initializing krb5");
-	exit(1);
+        exit(1);
     }
 
     if (strrchr(argv[0], '/'))
-	argv[0] = strrchr(argv[0], '/')+1;
+        argv[0] = strrchr(argv[0], '/')+1;
     prog_name = argv[0];
     if (strlen (prog_name) > 50) {
-	/* this many chars *after* last / ?? */
-	com_err(prog_name, 0, "program name too long - quitting to avoid triggering system logging bugs");
-	exit (1);
+        /* this many chars *after* last / ?? */
+        com_err(prog_name, 0, "program name too long - quitting to avoid triggering system logging bugs");
+        exit (1);
     }
 
 
 #ifndef LOG_NDELAY
 #define LOG_NDELAY 0
 #endif
-    
+
 #ifndef LOG_AUTH /* 4.2 syslog */
     openlog(prog_name, LOG_PID|LOG_NDELAY);
 #else
     openlog(prog_name, LOG_PID | LOG_NDELAY, LOG_AUTH);
 #endif /* 4.2 syslog */
-    
-      
+
+
     if (( argc == 1) || (argv[1][0] == '-')){
-	target_user = xstrdup("root");
-	pargc = argc;
-	pargv = argv;
+        target_user = xstrdup("root");
+        pargc = argc;
+        pargv = argv;
     } else {
-	target_user = xstrdup(argv[1]);
-	pargc = argc -1;
-	
-	if ((pargv =(char **) calloc(pargc +1,sizeof(char *)))==NULL){
-	    com_err(prog_name, errno, "while allocating memory");
-	    exit(1);
-	}
-	
-	pargv[pargc] = NULL;
-	pargv[0] = argv[0];
-	
-	for(i =1; i< pargc; i ++){
-	    pargv[i] = argv[i + 1];
-	}
-    }
-    
+        target_user = xstrdup(argv[1]);
+        pargc = argc -1;
+
+        if ((pargv =(char **) calloc(pargc +1,sizeof(char *)))==NULL){
+            com_err(prog_name, errno, "while allocating memory");
+            exit(1);
+        }
+
+        pargv[pargc] = NULL;
+        pargv[0] = argv[0];
+
+        for(i =1; i< pargc; i ++){
+            pargv[i] = argv[i + 1];
+        }
+    }
+
     if (krb5_seteuid (ruid)) {
-	com_err (prog_name, errno, "while setting euid to source user");
-	exit (1);
+        com_err (prog_name, errno, "while setting euid to source user");
+        exit (1);
     }
     while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
-	switch (option) {
-	case 'r':
-	    options.opt |= KDC_OPT_RENEWABLE;
-	    if (strlen (optarg) >= 14)
-		optarg = "bad-time";
-	    retval = krb5_string_to_deltat(optarg, &options.rlife);
-	    if (retval != 0 || options.rlife == 0) {
-		fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg);
-		errflg++;
-	    }
-	    break;
-	case 'a':
+        switch (option) {
+        case 'r':
+            options.opt |= KDC_OPT_RENEWABLE;
+            if (strlen (optarg) >= 14)
+                optarg = "bad-time";
+            retval = krb5_string_to_deltat(optarg, &options.rlife);
+            if (retval != 0 || options.rlife == 0) {
+                fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg);
+                errflg++;
+            }
+            break;
+        case 'a':
             /* when integrating this remember to pass in pargc, pargv and
                take care of params argument */
-	    optind --;	
-	    if (auth_debug){printf("Before get_params optind=%d\n", optind);}
-	    
+            optind --;
+            if (auth_debug){printf("Before get_params optind=%d\n", optind);}
+
             if ((retval = get_params( & optind, pargc, pargv, &params))){
                 com_err(prog_name, retval, "when gathering parameters");
                 errflg++;
             }
             if(auth_debug){ printf("After get_params optind=%d\n", optind);}
-	    done = 1;
+            done = 1;
+            break;
+        case 'p':
+            options.opt |= KDC_OPT_PROXIABLE;
+            break;
+        case 'f':
+            options.opt |= KDC_OPT_FORWARDABLE;
+            break;
+        case 'k':
+            keep_target_cache =1;
+            break;
+        case 'q':
+            quiet =1;
             break;
-	case 'p':
-	    options.opt |= KDC_OPT_PROXIABLE;
-	    break;
-	case 'f':
-	    options.opt |= KDC_OPT_FORWARDABLE;
-	    break;
-	case 'k':
-	    keep_target_cache =1;
-	    break;
-	case 'q':
-	    quiet =1;
-	    break;
         case 'l':
-	    if (strlen (optarg) >= 14)
-		optarg = "bad-time";
-	    retval = krb5_string_to_deltat(optarg, &options.lifetime);
-	    if (retval != 0 || options.lifetime == 0) {
-		fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg);
-		errflg++;
-	    }
-	    break;
-	case 'n': 
-	    if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
-		com_err(prog_name, retval, "when parsing name %s", optarg); 
-		errflg++;
-	    }	
-	    
-    	    options.princ = 1;
-	    
-	    break;
+            if (strlen (optarg) >= 14)
+                optarg = "bad-time";
+            retval = krb5_string_to_deltat(optarg, &options.lifetime);
+            if (retval != 0 || options.lifetime == 0) {
+                fprintf(stderr, "Bad lifetime value (%s hours?)\n", optarg);
+                errflg++;
+            }
+            break;
+        case 'n':
+            if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
+                com_err(prog_name, retval, "when parsing name %s", optarg);
+                errflg++;
+            }
+
+            options.princ = 1;
+
+            break;
 #ifdef DEBUG
-	case 'D':
-	    auth_debug = 1;	
-	    break;
+        case 'D':
+            auth_debug = 1;
+            break;
 #endif
-	case 'z':
-	    some_rest_copy = 1;	
-	    if(all_rest_copy) {  	
-		fprintf(stderr, 
-			"-z option is mutually exclusive with -Z.\n"); 
-		errflg++;
-	    }	
-	    break;	
-	case 'Z':
-	    all_rest_copy = 1;	
-	    if(some_rest_copy) {  	
-		fprintf(stderr, 
-			"-Z option is mutually exclusive with -z.\n"); 
-		errflg++;
-	    } 	
-	    break;	
-	case 'c':
-	    if (cc_source_tag == NULL) {
-		cc_source_tag = xstrdup(optarg);
-		if ( strchr(cc_source_tag, ':')){
-		    cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
-		    
-		    if( stat( cc_source_tag_tmp, &st_temp)){
-			com_err (prog_name, errno,
-				 "while looking for credentials file %s",
-				 cc_source_tag_tmp);
-			exit (1);
-		    }
-		}
-		else { 
-		    fprintf(stderr,"malformed credential cache name %s\n",
-			    cc_source_tag); 
-		    errflg++;
-		}
-		
-	    } else {
-		fprintf(stderr, "Only one -c option allowed\n");
-		errflg++;
-	    }
-	    break;
-	case 'e': 
-	    cmd = xstrdup(optarg);
+        case 'z':
+            some_rest_copy = 1;
+            if(all_rest_copy) {
+                fprintf(stderr,
+                        "-z option is mutually exclusive with -Z.\n");
+                errflg++;
+            }
+            break;
+        case 'Z':
+            all_rest_copy = 1;
+            if(some_rest_copy) {
+                fprintf(stderr,
+                        "-Z option is mutually exclusive with -z.\n");
+                errflg++;
+            }
+            break;
+        case 'c':
+            if (cc_source_tag == NULL) {
+                cc_source_tag = xstrdup(optarg);
+                if ( strchr(cc_source_tag, ':')){
+                    cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
+
+                    if( stat( cc_source_tag_tmp, &st_temp)){
+                        com_err (prog_name, errno,
+                                 "while looking for credentials file %s",
+                                 cc_source_tag_tmp);
+                        exit (1);
+                    }
+                }
+                else {
+                    fprintf(stderr,"malformed credential cache name %s\n",
+                            cc_source_tag);
+                    errflg++;
+                }
+
+            } else {
+                fprintf(stderr, "Only one -c option allowed\n");
+                errflg++;
+            }
+            break;
+        case 'e':
+            cmd = xstrdup(optarg);
             if(auth_debug){printf("Before get_params optind=%d\n", optind);}
             if ((retval = get_params( & optind, pargc, pargv, &params))){
                 com_err(prog_name, retval, "when gathering parameters");
@@ -295,16 +296,16 @@ main (argc, argv)
                 fprintf(stderr,"Command to be executed: %s\n", cmd);
             }
             break;
-	case '?':
-	default:
-	    errflg++;
-	    break;
-	}
+        case '?':
+        default:
+            errflg++;
+        break;
+        }
     }
 
     if (errflg) {
-	usage();
-	exit(2);
+        usage();
+        exit(2);
     }
 
     if (optind != pargc ){
@@ -312,544 +313,544 @@ main (argc, argv)
         exit(2);
     }
 
-    if (auth_debug){	
-	for(j=1; params[j] != NULL; j++){
-	    fprintf (stderr,"params[%d]= %s\n", j,params[j]);
-	}
-    }	
+    if (auth_debug){
+        for(j=1; params[j] != NULL; j++){
+            fprintf (stderr,"params[%d]= %s\n", j,params[j]);
+        }
+    }
 
     /***********************************/
     source_user = getlogin(); /*checks for the the login name in /etc/utmp*/
-    
+
     /* verify that that the user exists and get his passwd structure */
-    
+
     if (source_user == NULL ||(pwd = getpwnam(source_user)) == NULL ||
-	pwd->pw_uid != ruid){
-	pwd = getpwuid(ruid);
+        pwd->pw_uid != ruid){
+        pwd = getpwuid(ruid);
     }
-    
+
     if (pwd == NULL) {
-	fprintf(stderr, "ksu: who are you?\n");
-	exit(1);
+        fprintf(stderr, "ksu: who are you?\n");
+        exit(1);
     }
     if (pwd->pw_uid != ruid) {
-	fprintf (stderr, "Your uid doesn't match your passwd entry?!\n");
-	exit (1);
+        fprintf (stderr, "Your uid doesn't match your passwd entry?!\n");
+        exit (1);
     }
     /* Okay, now we have *some* passwd entry that matches the
        current real uid.  */
-    
-    /* allocate space and copy the usernamane there */        
+
+    /* allocate space and copy the usernamane there */
     source_user = xstrdup(pwd->pw_name);
     source_uid = pwd->pw_uid;
     source_gid = pwd->pw_gid;
-    
-    
+
+
     if (!strcmp(SOURCE_USER_LOGIN, target_user)){
-	target_user = xstrdup (source_user);			
+        target_user = xstrdup (source_user);
     }
-    
-    if ((target_pwd = getpwnam(target_user)) == NULL){ 
-	fprintf(stderr, "ksu: unknown login %s\n", target_user); 
-	exit(1);
+
+    if ((target_pwd = getpwnam(target_user)) == NULL){
+        fprintf(stderr, "ksu: unknown login %s\n", target_user);
+        exit(1);
     }
     target_uid = target_pwd->pw_uid;
     target_gid = target_pwd->pw_gid;
-    
+
     init_auth_names(target_pwd->pw_dir);
-    
+
     /***********************************/
-    
+
     if (cc_source_tag == NULL){
-	cc_source_tag = krb5_cc_default_name(ksu_context);
-	cc_source_tag_tmp = strchr(cc_source_tag, ':');
-	if (cc_source_tag_tmp == 0)
-	    cc_source_tag_tmp = cc_source_tag;
-	else
-	    cc_source_tag_tmp++;
-    }
-    
-    /* get a handle for the cache */      
+        cc_source_tag = krb5_cc_default_name(ksu_context);
+        cc_source_tag_tmp = strchr(cc_source_tag, ':');
+        if (cc_source_tag_tmp == 0)
+            cc_source_tag_tmp = cc_source_tag;
+        else
+            cc_source_tag_tmp++;
+    }
+
+    /* get a handle for the cache */
     if ((retval = krb5_cc_resolve(ksu_context, cc_source_tag, &cc_source))){
-	com_err(prog_name, retval,"while getting source cache");    
-	exit(1);
+        com_err(prog_name, retval,"while getting source cache");
+        exit(1);
     }
-    
+
     if (((retval = krb5_cc_set_flags(ksu_context,  cc_source, 0x0)) != 0)
-	&& (retval != KRB5_FCC_NOFILE)) {
-	    com_err(prog_name, retval, "while opening ccache");
-	    exit(1);
+        && (retval != KRB5_FCC_NOFILE)) {
+        com_err(prog_name, retval, "while opening ccache");
+        exit(1);
     }
     if ((retval = get_best_princ_for_target(ksu_context, source_uid,
-					    target_uid, source_user, 
-					    target_user, cc_source, 
-					    &options, cmd, localhostname, 
-					    &client, &hp))){
-	com_err(prog_name,retval, "while selecting the best principal"); 
-	exit(1);
-    }
-    
+                                            target_uid, source_user,
+                                            target_user, cc_source,
+                                            &options, cmd, localhostname,
+                                            &client, &hp))){
+        com_err(prog_name,retval, "while selecting the best principal");
+        exit(1);
+    }
+
     /* We may be running as either source or target, depending on
        what happened; become source.*/
     if ( geteuid() != source_uid) {
-	if (krb5_seteuid(0) || krb5_seteuid(source_uid) ) {
-	    com_err(prog_name, errno, "while returning to source uid after finding best principal");
-	    exit(1);
-	}
+        if (krb5_seteuid(0) || krb5_seteuid(source_uid) ) {
+            com_err(prog_name, errno, "while returning to source uid after finding best principal");
+            exit(1);
+        }
     }
-    
+
     if (auth_debug){
-	if (hp){	
-	    fprintf(stderr,
-		    "GET_best_princ_for_target result: NOT AUTHORIZED\n");
-	}else{
-	    fprintf(stderr,
-		    "GET_best_princ_for_target result-best principal ");
-	    plain_dump_principal (ksu_context, client);
-	    fprintf(stderr,"\n");
-	}
-    }
-    
-    if (hp){	
-	if (gb_err) fprintf(stderr, "%s", gb_err);
-	fprintf(stderr,"account %s: authorization failed\n",target_user);
-	exit(1);
-    }
-    
+        if (hp){
+            fprintf(stderr,
+                    "GET_best_princ_for_target result: NOT AUTHORIZED\n");
+        }else{
+            fprintf(stderr,
+                    "GET_best_princ_for_target result-best principal ");
+            plain_dump_principal (ksu_context, client);
+            fprintf(stderr,"\n");
+        }
+    }
+
+    if (hp){
+        if (gb_err) fprintf(stderr, "%s", gb_err);
+        fprintf(stderr,"account %s: authorization failed\n",target_user);
+        exit(1);
+    }
+
     if (cc_target_tag == NULL) {
-	
-	cc_target_tag = (char *)xcalloc(KRB5_SEC_BUFFSIZE ,sizeof(char));
-	/* make sure that the new ticket file does not already exist
-	   This is run as source_uid because it is reasonable to
-	   require the source user to have write to where the target
-	   cache will be created.*/
-	
-	do {
-	    snprintf(cc_target_tag, KRB5_SEC_BUFFSIZE, "%s%ld.%d",
-		     KRB5_SECONDARY_CACHE,
-		     (long) target_uid, gen_sym());
-	    cc_target_tag_tmp = strchr(cc_target_tag, ':') + 1;
-	    
-	}while ( !stat ( cc_target_tag_tmp, &st_temp)); 
-    }
-    
-    
+
+        cc_target_tag = (char *)xcalloc(KRB5_SEC_BUFFSIZE ,sizeof(char));
+        /* make sure that the new ticket file does not already exist
+           This is run as source_uid because it is reasonable to
+           require the source user to have write to where the target
+           cache will be created.*/
+
+        do {
+            snprintf(cc_target_tag, KRB5_SEC_BUFFSIZE, "%s%ld.%d",
+                     KRB5_SECONDARY_CACHE,
+                     (long) target_uid, gen_sym());
+            cc_target_tag_tmp = strchr(cc_target_tag, ':') + 1;
+
+        }while ( !stat ( cc_target_tag_tmp, &st_temp));
+    }
+
+
     dir_of_cc_target = get_dir_of_file(cc_target_tag_tmp);
-    
+
     if (access(dir_of_cc_target, R_OK | W_OK )){
-	fprintf(stderr,
-		"%s does not have correct permissions for %s\n", 
-		source_user, cc_target_tag); 
-	exit(1); 	
-    }
-    
-    if (auth_debug){	
-	fprintf(stderr, " source cache =  %s\n", cc_source_tag); 
-	fprintf(stderr, " target cache =  %s\n", cc_target_tag); 
-    }
-    
-    /* 
+        fprintf(stderr,
+                "%s does not have correct permissions for %s\n",
+                source_user, cc_target_tag);
+        exit(1);
+    }
+
+    if (auth_debug){
+        fprintf(stderr, " source cache =  %s\n", cc_source_tag);
+        fprintf(stderr, " target cache =  %s\n", cc_target_tag);
+    }
+
+    /*
        Only when proper authentication and authorization
-       takes place, the target user becomes the owner of the cache.         
-       */           
-    
+       takes place, the target user becomes the owner of the cache.
+    */
+
     /* we continue to run as source uid until
        the middle of the copy, when becomewe become the target user
        The cache is owned by the target user.*/
-    
-	
-    /* if root ksu's to a regular user, then      
-       then only the credentials for that particular user 
-       should be copied */            
-    
+
+
+    /* if root ksu's to a regular user, then
+       then only the credentials for that particular user
+       should be copied */
+
     if ((source_uid == 0) && (target_uid != 0)) {
-	
-	if ((retval = krb5_ccache_copy_restricted(ksu_context,  cc_source,
-						  cc_target_tag, client, 
-						  &cc_target, &stored, 
-						  target_uid))){
-	    com_err (prog_name, retval, 
-		     "while copying cache %s to %s",
-		     krb5_cc_get_name(ksu_context, cc_source),cc_target_tag);
-	    exit(1);
-	}
-	
+
+        if ((retval = krb5_ccache_copy_restricted(ksu_context,  cc_source,
+                                                  cc_target_tag, client,
+                                                  &cc_target, &stored,
+                                                  target_uid))){
+            com_err (prog_name, retval,
+                     "while copying cache %s to %s",
+                     krb5_cc_get_name(ksu_context, cc_source),cc_target_tag);
+            exit(1);
+        }
+
     } else {
-	if ((retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag,
-				       client,&cc_target, &stored, target_uid))) {
-	    com_err (prog_name, retval, 
-		     "while copying cache %s to %s",
-		     krb5_cc_get_name(ksu_context, cc_source),
-		     cc_target_tag);
-	    exit(1);
-	}
-	
-    }
-    
+        if ((retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag,
+                                       client,&cc_target, &stored, target_uid))) {
+            com_err (prog_name, retval,
+                     "while copying cache %s to %s",
+                     krb5_cc_get_name(ksu_context, cc_source),
+                     cc_target_tag);
+            exit(1);
+        }
+
+    }
+
     /* Become root for authentication*/
-    
+
     if (krb5_seteuid(0)) {
-	com_err(prog_name, errno, "while reclaiming root uid");
-	exit(1);
+        com_err(prog_name, errno, "while reclaiming root uid");
+        exit(1);
     }
-    
+
     if ((source_uid == 0) || (target_uid == source_uid)){
 #ifdef GET_TGT_VIA_PASSWD
-	if ((!all_rest_copy) && options.princ && (stored == FALSE)){
-	    if ((retval = ksu_tgtname(ksu_context, 
-				       krb5_princ_realm (ksu_context, client),
-				       krb5_princ_realm(ksu_context, client),
-				       &kdc_server))){
-		com_err(prog_name, retval,
-			"while creating tgt for local realm");
-		sweep_up(ksu_context, cc_target);
-		exit(1);
-	    }
-	    
-	    fprintf(stderr,"WARNING: Your password may be exposed if you enter it here and are logged\n");
-	    fprintf(stderr,"         in remotely using an unsecure (non-encrypted) channel.\n");
-	    if (krb5_get_tkt_via_passwd (ksu_context, &cc_target, client,
-					 kdc_server, &options, 
-					 &zero_password) == FALSE){
-		
-		if (zero_password == FALSE){  
-		    fprintf(stderr,"Goodbye\n");
-		    sweep_up(ksu_context, cc_target);
-		    exit(1);
-		}
-		
-		fprintf(stderr,
-			"Could not get a tgt for ");    
-		plain_dump_principal (ksu_context, client);
-		fprintf(stderr, "\n");    
-		
-	    }
-	}
+        if ((!all_rest_copy) && options.princ && (stored == FALSE)){
+            if ((retval = ksu_tgtname(ksu_context,
+                                      krb5_princ_realm (ksu_context, client),
+                                      krb5_princ_realm(ksu_context, client),
+                                      &kdc_server))){
+                com_err(prog_name, retval,
+                        "while creating tgt for local realm");
+                sweep_up(ksu_context, cc_target);
+                exit(1);
+            }
+
+            fprintf(stderr,"WARNING: Your password may be exposed if you enter it here and are logged\n");
+            fprintf(stderr,"         in remotely using an unsecure (non-encrypted) channel.\n");
+            if (krb5_get_tkt_via_passwd (ksu_context, &cc_target, client,
+                                         kdc_server, &options,
+                                         &zero_password) == FALSE){
+
+                if (zero_password == FALSE){
+                    fprintf(stderr,"Goodbye\n");
+                    sweep_up(ksu_context, cc_target);
+                    exit(1);
+                }
+
+                fprintf(stderr,
+                        "Could not get a tgt for ");
+                plain_dump_principal (ksu_context, client);
+                fprintf(stderr, "\n");
+
+            }
+        }
 #endif /* GET_TGT_VIA_PASSWD */
     }
-    
+
     /* if the user is root or same uid then authentication is not neccesary,
-       root gets in automatically */   	
-    
+       root gets in automatically */
+
     if (source_uid && (source_uid != target_uid)) {
-	char * client_name;
-	
-	auth_val = krb5_auth_check(ksu_context, client, localhostname, &options,
-				   target_user,cc_target, &path_passwd, target_uid); 
-	
-	/* if Kerberos authentication failed then exit */     
-	if (auth_val ==FALSE){
-	    fprintf(stderr, "Authentication failed.\n");
-	    syslog(LOG_WARNING,
-		   "'%s %s' authentication failed for %s%s",
-		   prog_name,target_user,source_user,ontty());
-	    sweep_up(ksu_context, cc_target);
-	    exit(1);
-	}
-	
+        char * client_name;
+
+        auth_val = krb5_auth_check(ksu_context, client, localhostname, &options,
+                                   target_user,cc_target, &path_passwd, target_uid);
+
+        /* if Kerberos authentication failed then exit */
+        if (auth_val ==FALSE){
+            fprintf(stderr, "Authentication failed.\n");
+            syslog(LOG_WARNING,
+                   "'%s %s' authentication failed for %s%s",
+                   prog_name,target_user,source_user,ontty());
+            sweep_up(ksu_context, cc_target);
+            exit(1);
+        }
+
 #if 0
-	/* At best, this avoids a single kdc request
-	   It is hard to implement dealing with file permissions and
-	   is unnecessary.  It is important
-	   to properly handle races in chown if this code is ever re-enabled.
-	   */
-	/* cache the tickets if possible in the source cache */ 
-	if (!path_passwd){ 	
-	    
-	    if ((retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source,
-						client))){
-		com_err (prog_name, retval,
-			 "while copying cache %s to %s",
-			 krb5_cc_get_name(ksu_context, cc_target),
-			 krb5_cc_get_name(ksu_context, cc_source));
-		sweep_up(ksu_context, cc_target);
-		exit(1);
-	    }
-	    if (chown(cc_source_tag_tmp, source_uid, source_gid)){  
-		com_err(prog_name, errno, 
-			"while changing owner for %s",
-			cc_source_tag_tmp);   
-		exit(1);
-	    }
-	}
+        /* At best, this avoids a single kdc request
+           It is hard to implement dealing with file permissions and
+           is unnecessary.  It is important
+           to properly handle races in chown if this code is ever re-enabled.
+        */
+        /* cache the tickets if possible in the source cache */
+        if (!path_passwd){
+
+            if ((retval = krb5_ccache_overwrite(ksu_context, cc_target, cc_source,
+                                                client))){
+                com_err (prog_name, retval,
+                         "while copying cache %s to %s",
+                         krb5_cc_get_name(ksu_context, cc_target),
+                         krb5_cc_get_name(ksu_context, cc_source));
+                sweep_up(ksu_context, cc_target);
+                exit(1);
+            }
+            if (chown(cc_source_tag_tmp, source_uid, source_gid)){
+                com_err(prog_name, errno,
+                        "while changing owner for %s",
+                        cc_source_tag_tmp);
+                exit(1);
+            }
+        }
 #endif /*0*/
 
-	if ((retval = krb5_unparse_name(ksu_context, client, &client_name))) {
-	    com_err (prog_name, retval, "When unparsing name");
-	    sweep_up(ksu_context, cc_target);
-	    exit(1);
-	}     
-	
-	print_status("Authenticated %s\n", client_name);
-	syslog(LOG_NOTICE,"'%s %s' authenticated %s for %s%s",
-	       prog_name,target_user,client_name,
-	       source_user,ontty());
-	
-	/* Run authorization as target.*/
-	if (krb5_seteuid(target_uid)) {
-	    com_err(prog_name, errno, "while switching to target for authorization check");
-	    sweep_up(ksu_context, cc_target);
-	    exit(1);
-	}
-	
-	if ((retval = krb5_authorization(ksu_context, client,target_user,
-					 cmd, &authorization_val, &exec_cmd))){
-	    com_err(prog_name,retval,"while checking authorization");
-	    krb5_seteuid(0); /*So we have some chance of sweeping up*/
-	    sweep_up(ksu_context, cc_target);
-	    exit(1);
-	}
-	
-	if (krb5_seteuid(0)) {
-	    com_err(prog_name, errno, "while switching back from  target after authorization check");
-	    sweep_up(ksu_context, cc_target);
-	    exit(1);
-	}
-	if (authorization_val == TRUE){
-
-	    if (cmd) {	
-		print_status(
-		    "Account %s: authorization for %s for execution of\n",
-		    target_user, client_name);
-		print_status("               %s successful\n",exec_cmd);
-		syslog(LOG_NOTICE,
-		       "Account %s: authorization for %s for execution of %s successful",
-		       target_user, client_name, exec_cmd);
-		
-	    }else{
-		print_status(
-		    "Account %s: authorization for %s successful\n",
-			  	target_user, client_name);
-		syslog(LOG_NOTICE,
-		       "Account %s: authorization for %s successful",
-		       target_user, client_name);
-	    }
-	}else {
-	    if (cmd){ 	
-		if (exec_cmd){ /* was used to pass back the error msg */
-		    fprintf(stderr, "%s", exec_cmd );
-		    syslog(LOG_WARNING, "%s",exec_cmd);
-		}
-		fprintf(stderr,
-			"Account %s: authorization for %s for execution of %s failed\n",
-			target_user, client_name, cmd );
-		syslog(LOG_WARNING,
-		       "Account %s: authorization for %s for execution of %s failed",
-		       target_user, client_name, cmd );
-		
-	    }else{
-		fprintf(stderr,
-			"Account %s: authorization of %s failed\n",
-			target_user, client_name);
-		syslog(LOG_WARNING,
-		       "Account %s: authorization of %s failed",
-		       target_user, client_name);
-		
-	    }
-	    
-	    sweep_up(ksu_context, cc_target);
-	    exit(1);
-	}
-    }
-    
-    if( some_rest_copy){ 
-	if ((retval = krb5_ccache_filter(ksu_context, cc_target, client))){ 	
-	    com_err(prog_name,retval,"while calling cc_filter");
-	    sweep_up(ksu_context, cc_target);
-	    exit(1);
-	}
-    }
-    
+        if ((retval = krb5_unparse_name(ksu_context, client, &client_name))) {
+            com_err (prog_name, retval, "When unparsing name");
+            sweep_up(ksu_context, cc_target);
+            exit(1);
+        }
+
+        print_status("Authenticated %s\n", client_name);
+        syslog(LOG_NOTICE,"'%s %s' authenticated %s for %s%s",
+               prog_name,target_user,client_name,
+               source_user,ontty());
+
+        /* Run authorization as target.*/
+        if (krb5_seteuid(target_uid)) {
+            com_err(prog_name, errno, "while switching to target for authorization check");
+            sweep_up(ksu_context, cc_target);
+            exit(1);
+        }
+
+        if ((retval = krb5_authorization(ksu_context, client,target_user,
+                                         cmd, &authorization_val, &exec_cmd))){
+            com_err(prog_name,retval,"while checking authorization");
+            krb5_seteuid(0); /*So we have some chance of sweeping up*/
+            sweep_up(ksu_context, cc_target);
+            exit(1);
+        }
+
+        if (krb5_seteuid(0)) {
+            com_err(prog_name, errno, "while switching back from  target after authorization check");
+            sweep_up(ksu_context, cc_target);
+            exit(1);
+        }
+        if (authorization_val == TRUE){
+
+            if (cmd) {
+                print_status(
+                    "Account %s: authorization for %s for execution of\n",
+                    target_user, client_name);
+                print_status("               %s successful\n",exec_cmd);
+                syslog(LOG_NOTICE,
+                       "Account %s: authorization for %s for execution of %s successful",
+                       target_user, client_name, exec_cmd);
+
+            }else{
+                print_status(
+                    "Account %s: authorization for %s successful\n",
+                    target_user, client_name);
+                syslog(LOG_NOTICE,
+                       "Account %s: authorization for %s successful",
+                       target_user, client_name);
+            }
+        }else {
+            if (cmd){
+                if (exec_cmd){ /* was used to pass back the error msg */
+                    fprintf(stderr, "%s", exec_cmd );
+                    syslog(LOG_WARNING, "%s",exec_cmd);
+                }
+                fprintf(stderr,
+                        "Account %s: authorization for %s for execution of %s failed\n",
+                        target_user, client_name, cmd );
+                syslog(LOG_WARNING,
+                       "Account %s: authorization for %s for execution of %s failed",
+                       target_user, client_name, cmd );
+
+            }else{
+                fprintf(stderr,
+                        "Account %s: authorization of %s failed\n",
+                        target_user, client_name);
+                syslog(LOG_WARNING,
+                       "Account %s: authorization of %s failed",
+                       target_user, client_name);
+
+            }
+
+            sweep_up(ksu_context, cc_target);
+            exit(1);
+        }
+    }
+
+    if( some_rest_copy){
+        if ((retval = krb5_ccache_filter(ksu_context, cc_target, client))){
+            com_err(prog_name,retval,"while calling cc_filter");
+            sweep_up(ksu_context, cc_target);
+            exit(1);
+        }
+    }
+
     if (all_rest_copy){
-	if ((retval = krb5_cc_initialize(ksu_context, cc_target, client))){  
-	    com_err(prog_name, retval,
-		    "while erasing target cache");    
-	    exit(1);
-	}
-	
-    }
-    
-    /* get the shell of the user, this will be the shell used by su */      
+        if ((retval = krb5_cc_initialize(ksu_context, cc_target, client))){
+            com_err(prog_name, retval,
+                    "while erasing target cache");
+            exit(1);
+        }
+
+    }
+
+    /* get the shell of the user, this will be the shell used by su */
     target_pwd = getpwnam(target_user);
-    
+
     if (target_pwd->pw_shell)
-	shell = xstrdup(target_pwd->pw_shell);
+        shell = xstrdup(target_pwd->pw_shell);
     else {
-	shell = _DEF_CSH;  /* default is cshell */   
+        shell = _DEF_CSH;  /* default is cshell */
     }
-    
+
 #ifdef HAVE_GETUSERSHELL
-    
-    /* insist that the target login uses a standard shell (root is omited) */ 
-    
+
+    /* insist that the target login uses a standard shell (root is omited) */
+
     if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-	fprintf(stderr, "ksu: permission denied (shell).\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
+        fprintf(stderr, "ksu: permission denied (shell).\n");
+        sweep_up(ksu_context, cc_target);
+        exit(1);
     }
 #endif /* HAVE_GETUSERSHELL */
-    
+
     if (target_pwd->pw_uid){
-	
-	if(set_env_var("USER", target_pwd->pw_name)){
-	    fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	    sweep_up(ksu_context, cc_target);
-	    exit(1);
-	} 			
-    }	
-    
+
+        if(set_env_var("USER", target_pwd->pw_name)){
+            fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+            sweep_up(ksu_context, cc_target);
+            exit(1);
+        }
+    }
+
     if(set_env_var( "HOME", target_pwd->pw_dir)){
-	fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    } 			
-    
+        fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+        sweep_up(ksu_context, cc_target);
+        exit(1);
+    }
+
     if(set_env_var( "SHELL", shell)){
-	fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    } 			
-    
-    /* set the cc env name to target */         	
-    
+        fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+        sweep_up(ksu_context, cc_target);
+        exit(1);
+    }
+
+    /* set the cc env name to target */
+
     if(set_env_var( KRB5_ENV_CCNAME, cc_target_tag)){
-	fprintf(stderr,"ksu: couldn't set environment variable %s\n",
-		KRB5_ENV_CCNAME);
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    } 			
-    
+        fprintf(stderr,"ksu: couldn't set environment variable %s\n",
+                KRB5_ENV_CCNAME);
+        sweep_up(ksu_context, cc_target);
+        exit(1);
+    }
+
     /* set permissions */
     if (setgid(target_pwd->pw_gid) < 0) {
-	perror("ksu: setgid");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
+        perror("ksu: setgid");
+        sweep_up(ksu_context, cc_target);
+        exit(1);
     }
-    
-    
+
+
     if (initgroups(target_user, target_pwd->pw_gid)) {
-	fprintf(stderr, "ksu: initgroups failed.\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    }
-    
-    if ( ! strcmp(target_user, source_user)){ 			
-	print_status("Leaving uid as %s (%ld)\n",
-		     target_user, (long) target_pwd->pw_uid); 
+        fprintf(stderr, "ksu: initgroups failed.\n");
+        sweep_up(ksu_context, cc_target);
+        exit(1);
+    }
+
+    if ( ! strcmp(target_user, source_user)){
+        print_status("Leaving uid as %s (%ld)\n",
+                     target_user, (long) target_pwd->pw_uid);
     }else{
-	print_status("Changing uid to %s (%ld)\n", 
-		     target_user, (long) target_pwd->pw_uid); 
+        print_status("Changing uid to %s (%ld)\n",
+                     target_user, (long) target_pwd->pw_uid);
     }
-    
-#ifdef	HAVE_SETLUID
+
+#ifdef  HAVE_SETLUID
     /*
      * If we're on a system which keeps track of login uids, then
      * set the login uid. If this fails this opens up a problem on DEC OSF
      * with C2 enabled.
      */
     if (setluid((uid_t) pwd->pw_uid) < 0) {
-	perror("setluid");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
+        perror("setluid");
+        sweep_up(ksu_context, cc_target);
+        exit(1);
     }
-#endif	/* HAVE_SETLUID */
-    
+#endif  /* HAVE_SETLUID */
+
     if (setuid(target_pwd->pw_uid) < 0) {
-	perror("ksu: setuid");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    }   
-    
+        perror("ksu: setuid");
+        sweep_up(ksu_context, cc_target);
+        exit(1);
+    }
+
     if (access( cc_target_tag_tmp, R_OK | W_OK )){
-	com_err(prog_name, errno,
-		"%s does not have correct permissions for %s, %s aborted",
-		target_user, cc_target_tag_tmp, prog_name);
-	exit(1);
+        com_err(prog_name, errno,
+                "%s does not have correct permissions for %s, %s aborted",
+                target_user, cc_target_tag_tmp, prog_name);
+        exit(1);
     }
-    
+
     if ( cc_source)
-	krb5_cc_close(ksu_context, cc_source);
-    
+        krb5_cc_close(ksu_context, cc_source);
+
     if (cmd){
-	if ((source_uid == 0) || (source_uid == target_uid )){
-	    exec_cmd = cmd;
-	}
-	
-	if( !exec_cmd){ 
-	    fprintf(stderr,
-		    "Internal error: command %s did not get resolved\n",cmd);
-	    exit(1);	
-	}
-	
-	params[0] = exec_cmd;
+        if ((source_uid == 0) || (source_uid == target_uid )){
+            exec_cmd = cmd;
+        }
+
+        if( !exec_cmd){
+            fprintf(stderr,
+                    "Internal error: command %s did not get resolved\n",cmd);
+            exit(1);
+        }
+
+        params[0] = exec_cmd;
     }
     else{
-	params[0] = shell;
+        params[0] = shell;
     }
-    
-    if (auth_debug){		
-	fprintf(stderr, "program to be execed %s\n",params[0]);
+
+    if (auth_debug){
+        fprintf(stderr, "program to be execed %s\n",params[0]);
     }
-    
+
     if( keep_target_cache ) {
-	execv(params[0], params);
-	com_err(prog_name, errno, "while trying to execv %s",
-		params[0]);
-	sweep_up(ksu_context, cc_target);
-	exit(1);
+        execv(params[0], params);
+        com_err(prog_name, errno, "while trying to execv %s",
+                params[0]);
+        sweep_up(ksu_context, cc_target);
+        exit(1);
     }else{
-	statusp = 1;
-	switch ((child_pid = fork())) {
-	default:
-	    if (auth_debug){
-	 	printf(" The child pid is %ld\n", (long) child_pid);
-        	printf(" The parent pid is %ld\n", (long) getpid());
-	    }
+        statusp = 1;
+        switch ((child_pid = fork())) {
+        default:
+            if (auth_debug){
+                printf(" The child pid is %ld\n", (long) child_pid);
+                printf(" The parent pid is %ld\n", (long) getpid());
+            }
             while ((ret_pid = waitpid(child_pid, &statusp, WUNTRACED)) != -1) {
-		if (WIFSTOPPED(statusp)) {
-		    child_pgrp = tcgetpgrp(1);
-		    kill(getpid(), SIGSTOP);
-		    tcsetpgrp(1, child_pgrp);
-		    kill(child_pid, SIGCONT); 
-		    statusp = 1;
-		    continue;
-		}
-		break;
+                if (WIFSTOPPED(statusp)) {
+                    child_pgrp = tcgetpgrp(1);
+                    kill(getpid(), SIGSTOP);
+                    tcsetpgrp(1, child_pgrp);
+                    kill(child_pid, SIGCONT);
+                    statusp = 1;
+                    continue;
+                }
+                break;
+            }
+            if (auth_debug){
+                printf("The exit status of the child is %d\n", statusp);
+            }
+            if (ret_pid == -1) {
+                com_err(prog_name, errno, "while calling waitpid");
             }
-	    if (auth_debug){
-		printf("The exit status of the child is %d\n", statusp); 
-	    }
-	    if (ret_pid == -1) {
-	    	com_err(prog_name, errno, "while calling waitpid");
-	    }
-	    sweep_up(ksu_context, cc_target);
-	    exit (statusp);
-	case -1:
-	    com_err(prog_name, errno, "while trying to fork.");
-	    sweep_up(ksu_context, cc_target);
-	    exit (1);
-	case 0:
-	    execv(params[0], params);
-	    com_err(prog_name, errno, "while trying to execv %s", params[0]);
-	    exit (1);
-	}
+            sweep_up(ksu_context, cc_target);
+            exit (statusp);
+        case -1:
+            com_err(prog_name, errno, "while trying to fork.");
+            sweep_up(ksu_context, cc_target);
+            exit (1);
+        case 0:
+            execv(params[0], params);
+            com_err(prog_name, errno, "while trying to execv %s", params[0]);
+            exit (1);
+        }
     }
 }
 
 #ifdef HAVE_GETUSERSHELL
 
 int standard_shell(sh)
-char *sh;
+    char *sh;
 {
     register char *cp;
     char *getusershell();
-    
+
     while ((cp = getusershell()) != NULL)
-	if (!strcmp(cp, sh))
-	    return (1);
-    return (0);    
+        if (!strcmp(cp, sh))
+            return (1);
+    return (0);
 }
-						  
+
 #endif /* HAVE_GETUSERSHELL */
 
 static char * ontty()
@@ -857,14 +858,14 @@ static char * ontty()
     char *p, *ttyname();
     static char buf[MAXPATHLEN + 5];
     int result;
-    
+
     buf[0] = 0;
     if ((p = ttyname(STDERR_FILENO))) {
-	result = snprintf(buf, sizeof(buf), " on %s", p);
-	if (SNPRINTF_OVERFLOW(result, sizeof(buf))) {
-	    fprintf (stderr, "terminal name %s too long\n", p);
-	    exit (1);
-	}
+        result = snprintf(buf, sizeof(buf), " on %s", p);
+        if (SNPRINTF_OVERFLOW(result, sizeof(buf))) {
+            fprintf (stderr, "terminal name %s too long\n", p);
+            exit (1);
+        }
     }
     return (buf);
 }
@@ -875,33 +876,33 @@ static int set_env_var(name, value)
     char *value;
 {
     char * env_var_buf;
-    
-    asprintf(&env_var_buf,"%s=%s",name, value);  
+
+    asprintf(&env_var_buf,"%s=%s",name, value);
     return putenv(env_var_buf);
-    
+
 }
 
 static void sweep_up(context, cc)
     krb5_context context;
     krb5_ccache cc;
 {
-    krb5_error_code retval; 
+    krb5_error_code retval;
     const char * cc_name;
     struct stat  st_temp;
 
     krb5_seteuid(0);
     if (krb5_seteuid(target_uid) < 0) {
-	com_err(prog_name, errno,
-		"while changing to target uid for destroying ccache");
-	exit(1);
+        com_err(prog_name, errno,
+                "while changing to target uid for destroying ccache");
+        exit(1);
     }
 
     cc_name = krb5_cc_get_name(context, cc);
     if ( ! stat(cc_name, &st_temp)){
-	if ((retval = krb5_cc_destroy(context, cc))){
-	    com_err(prog_name, retval, 
-		    "while destroying cache");   
-	}
+        if ((retval = krb5_cc_destroy(context, cc))){
+            com_err(prog_name, retval,
+                    "while destroying cache");
+        }
     }
 }
 
@@ -926,16 +927,16 @@ get_params(optindex, pargc, pargv, params)
     int i,j;
     char ** ret_params;
     int size = pargc - *optindex + 2;
-    
+
     if ((ret_params = (char **) calloc(size, sizeof (char *)))== NULL ){
-	return ENOMEM;
+        return ENOMEM;
     }
-    
+
     for (i = *optindex, j=1; i < pargc; i++,j++){
-	ret_params[j] = pargv[i];
-	*optindex = *optindex + 1;
+        ret_params[j] = pargv[i];
+        *optindex = *optindex + 1;
     }
-    
+
     ret_params[size-1] = NULL;
     *params = ret_params;
     return 0;
@@ -945,8 +946,8 @@ static
 #ifdef HAVE_STDARG_H
 void print_status( const char *fmt, ...)
 #else
-void print_status (va_alist)
-     va_dcl
+    void print_status (va_alist)
+    va_dcl
 #endif
 {
     va_list ap;
@@ -958,9 +959,9 @@ void print_status (va_alist)
     va_end(ap);
 #else
     if (! quiet){
-	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
-	va_end(ap);
+        va_start(ap, fmt);
+        vfprintf(stderr, fmt, ap);
+        va_end(ap);
     }
 #endif
 }
@@ -969,20 +970,20 @@ void print_status (va_alist)
 char *get_dir_of_file(path)
     const char *path;
 {
-    char * temp_path;      
+    char * temp_path;
     char * ptr;
 
     temp_path =  xstrdup(path);
-    
+
     if ((ptr = strrchr( temp_path, '/'))) {
-	*ptr = '\0';  
+        *ptr = '\0';
     } else {
-	free (temp_path);
-	temp_path = xmalloc(MAXPATHLEN);
-	if (temp_path)
-	    getcwd(temp_path, MAXPATHLEN);
+        free (temp_path);
+        temp_path = xmalloc(MAXPATHLEN);
+        if (temp_path)
+            getcwd(temp_path, MAXPATHLEN);
     }
-    return temp_path;  
+    return temp_path;
 }
 
 krb5_error_code
@@ -992,7 +993,7 @@ ksu_tgtname(context, server, client, tgtprinc)
     krb5_principal *tgtprinc;
 {
     return krb5_build_principal_ext(context, tgtprinc, client->length, client->data,
-				    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, 
-				    server->length, server->data,
-				    0);
+                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                    server->length, server->data,
+                                    0);
 }
diff --git a/src/clients/ksu/setenv.c b/src/clients/ksu/setenv.c
index 056a478e5..6e8710df6 100644
--- a/src/clients/ksu/setenv.c
+++ b/src/clients/ksu/setenv.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 1987 Regents of the University of California.
  * All rights reserved.
@@ -15,7 +16,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-/* based on @(#)setenv.c	5.2 (Berkeley) 6/27/88 */
+/* based on @(#)setenv.c        5.2 (Berkeley) 6/27/88 */
 
 #include <sys/types.h>
 #include <stdio.h>
@@ -33,81 +34,81 @@ extern void unsetenv(char *);
 
 /*
  * setenv --
- *	Set the value of the environmental variable "name" to be
- *	"value".  If rewrite is set, replace any current value.
+ *      Set the value of the environmental variable "name" to be
+ *      "value".  If rewrite is set, replace any current value.
  */
 #ifndef HAVE_SETENV
 int
 setenv(name, value, rewrite)
-	register char *name, *value;
-	int rewrite;
+    register char *name, *value;
+    int rewrite;
 {
-	extern char **environ;
-	static int alloced;			/* if allocated space before */
-	register char *C;
-	int l_value, offset;
+    extern char **environ;
+    static int alloced;                     /* if allocated space before */
+    register char *C;
+    int l_value, offset;
 
-	if (*value == '=')			/* no `=' in value */
-		++value;
-	l_value = strlen(value);
-	if ((C = _findenv(name, &offset))) {	/* find if already exists */
-		if (!rewrite)
-			return(0);
-		if (strlen(C) >= l_value) {	/* old larger; copy over */
-			while ((*C++ = *value++));
-			return(0);
-		}
-	}
-	else {					/* create new slot */
-		register int	cnt;
-		register char	**P;
+    if (*value == '=')                      /* no `=' in value */
+        ++value;
+    l_value = strlen(value);
+    if ((C = _findenv(name, &offset))) {    /* find if already exists */
+        if (!rewrite)
+            return(0);
+        if (strlen(C) >= l_value) {     /* old larger; copy over */
+            while ((*C++ = *value++));
+            return(0);
+        }
+    }
+    else {                                  /* create new slot */
+        register int    cnt;
+        register char   **P;
 
-		for (P = environ, cnt = 0; *P; ++P, ++cnt);
-		if (alloced) {			/* just increase size */
-			environ = (char **)realloc((char *)environ,
-			    (u_int)(sizeof(char *) * (cnt + 2)));
-			if (!environ)
-				return(-1);
-		}
-		else {				/* get new space */
-			alloced = 1;		/* copy old entries into it */
-			P = (char **)malloc((u_int)(sizeof(char *) *
-			    (cnt + 2)));
-			if (!P)
-				return(-1);
-			memcpy(P, environ, cnt * sizeof(char *));
-			environ = P;
-		}
-		environ[cnt + 1] = NULL;
-		offset = cnt;
-	}
-	for (C = name; *C && *C != '='; ++C);	/* no `=' in name */
-	if (!(environ[offset] =			/* name + `=' + value */
-	    malloc((u_int)((int)(C - name) + l_value + 2))))
-		return(-1);
-	for (C = environ[offset]; (*C = *name++) &&( *C != '='); ++C);
-	for (*C++ = '='; (*C++ = *value++) != NULL;);
-	return(0);
+        for (P = environ, cnt = 0; *P; ++P, ++cnt);
+        if (alloced) {                  /* just increase size */
+            environ = (char **)realloc((char *)environ,
+                                       (u_int)(sizeof(char *) * (cnt + 2)));
+            if (!environ)
+                return(-1);
+        }
+        else {                          /* get new space */
+            alloced = 1;            /* copy old entries into it */
+            P = (char **)malloc((u_int)(sizeof(char *) *
+                                        (cnt + 2)));
+            if (!P)
+                return(-1);
+            memcpy(P, environ, cnt * sizeof(char *));
+            environ = P;
+        }
+        environ[cnt + 1] = NULL;
+        offset = cnt;
+    }
+    for (C = name; *C && *C != '='; ++C);   /* no `=' in name */
+    if (!(environ[offset] =                 /* name + `=' + value */
+          malloc((u_int)((int)(C - name) + l_value + 2))))
+        return(-1);
+    for (C = environ[offset]; (*C = *name++) &&( *C != '='); ++C);
+    for (*C++ = '='; (*C++ = *value++) != NULL;);
+    return(0);
 }
 #endif
 
 /*
  * unsetenv(name) --
- *	Delete environmental variable "name".
+ *      Delete environmental variable "name".
  */
 #ifndef HAVE_UNSETENV
 void
 unsetenv(name)
-	char	*name;
+    char    *name;
 {
-	extern	char	**environ;
-	register char	**P;
-	int	offset;
+    extern  char    **environ;
+    register char   **P;
+    int     offset;
 
-	while (_findenv(name, &offset))		/* if set multiple times */
-		for (P = &environ[offset];; ++P)
-			if (!(*P = *(P + 1)))
-				break;
+    while (_findenv(name, &offset))         /* if set multiple times */
+        for (P = &environ[offset];; ++P)
+            if (!(*P = *(P + 1)))
+                break;
 }
 #endif
 /*
@@ -127,46 +128,46 @@ unsetenv(name)
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-/* based on @(#)getenv.c	5.5 (Berkeley) 6/27/88 */
+/* based on @(#)getenv.c        5.5 (Berkeley) 6/27/88 */
 
 /*
  * getenv --
- *	Returns ptr to value associated with name, if any, else NULL.
+ *      Returns ptr to value associated with name, if any, else NULL.
  */
 #ifndef HAVE_GETENV
 char *
 getenv(name)
-	char *name;
+    char *name;
 {
-	int offset;
+    int offset;
 
-	return(_findenv(name, &offset));
+    return(_findenv(name, &offset));
 }
 #endif
 
 /*
  * _findenv --
- *	Returns pointer to value associated with name, if any, else NULL.
- *	Sets offset to be the offset of the name/value combination in the
- *	environmental array, for use by setenv(3) and unsetenv(3).
- *	Explicitly removes '=' in argument name.
+ *      Returns pointer to value associated with name, if any, else NULL.
+ *      Sets offset to be the offset of the name/value combination in the
+ *      environmental array, for use by setenv(3) and unsetenv(3).
+ *      Explicitly removes '=' in argument name.
  *
  */
 static char *
 _findenv(name, offset)
-	register char *name;
-	int *offset;
+    register char *name;
+    int *offset;
 {
-	extern char **environ;
-	register int len;
-	register char **P, *C;
+    extern char **environ;
+    register int len;
+    register char **P, *C;
 
-	for (C = name, len = 0; *C && *C != '='; ++C, ++len);
-	for (P = environ; *P; ++P)
-		if (!strncmp(*P, name, len))
-			if (*(C = *P + len) == '=') {
-				*offset = P - environ;
-				return(++C);
-			}
-	return(NULL);
+    for (C = name, len = 0; *C && *C != '='; ++C, ++len);
+    for (P = environ; *P; ++P)
+        if (!strncmp(*P, name, len))
+            if (*(C = *P + len) == '=') {
+                *offset = P - environ;
+                return(++C);
+            }
+    return(NULL);
 }
diff --git a/src/clients/ksu/xmalloc.c b/src/clients/ksu/xmalloc.c
index 44bdca16d..f88c0a652 100644
--- a/src/clients/ksu/xmalloc.c
+++ b/src/clients/ksu/xmalloc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * clients/ksu/xmalloc.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Perform simple allocation/copy operations, exiting on failure.
  */
@@ -35,8 +36,8 @@ void *xmalloc (size_t sz)
 {
     void *ret = malloc (sz);
     if (ret == 0 && sz != 0) {
-	perror (prog_name);
-	exit (1);
+        perror (prog_name);
+        exit (1);
     }
     return ret;
 }
@@ -45,8 +46,8 @@ void *xrealloc (void *old, size_t newsz)
 {
     void *ret = realloc (old, newsz);
     if (ret == 0 && newsz != 0) {
-	perror (prog_name);
-	exit (1);
+        perror (prog_name);
+        exit (1);
     }
     return ret;
 }
@@ -55,8 +56,8 @@ void *xcalloc (size_t nelts, size_t eltsz)
 {
     void *ret = calloc (nelts, eltsz);
     if (ret == 0 && nelts != 0 && eltsz != 0) {
-	perror (prog_name);
-	exit (1);
+        perror (prog_name);
+        exit (1);
     }
     return ret;
 }
@@ -76,8 +77,8 @@ char *xasprintf (const char *format, ...)
 
     va_start (args, format);
     if (vasprintf(&out, format, args) < 0) {
-	perror (prog_name);
-	exit (1);
+        perror (prog_name);
+        exit (1);
     }
     va_end(args);
     return out;
diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c
index 58702525f..3f01b0eb9 100644
--- a/src/clients/kvno/kvno.c
+++ b/src/clients/kvno/kvno.c
@@ -1,13 +1,14 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +19,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -47,14 +48,14 @@ static void xusage()
 
 int quiet = 0;
 
-static void do_v5_kvno (int argc, char *argv[], 
+static void do_v5_kvno (int argc, char *argv[],
                         char *ccachestr, char *etypestr, char *keytab_name,
-			char *sname, int canon, int unknown,
-			char *for_user, int proxy);
+                        char *sname, int canon, int unknown,
+                        char *for_user, int proxy);
 
 #include <com_err.h>
 static void extended_com_err_fn (const char *, errcode_t, const char *,
-				 va_list);
+                                 va_list);
 
 int main(int argc, char *argv[])
 {
@@ -70,76 +71,76 @@ int main(int argc, char *argv[])
     prog = prog ? (prog + 1) : argv[0];
 
     while ((option = getopt(argc, argv, "uCc:e:hk:qPS:U:")) != -1) {
-	switch (option) {
-	case 'C':
-	    canon = 1;
-	    break;
-	case 'c':
-	    ccachestr = optarg;
-	    break;
-	case 'e':
-	    etypestr = optarg;
-	    break;
-	case 'h':
-	    xusage();
-	    break;
-	case 'k':
-	    keytab_name = optarg;
-	    break;
-	case 'q':
-	    quiet = 1;
-	    break;
-	case 'P':
-	    proxy = 1; /* S4U2Proxy - constrained delegation */
-	    break;
-	case 'S':
-	    sname = optarg;
-            if (unknown == 1){ 
+        switch (option) {
+        case 'C':
+            canon = 1;
+            break;
+        case 'c':
+            ccachestr = optarg;
+            break;
+        case 'e':
+            etypestr = optarg;
+            break;
+        case 'h':
+            xusage();
+            break;
+        case 'k':
+            keytab_name = optarg;
+            break;
+        case 'q':
+            quiet = 1;
+            break;
+        case 'P':
+            proxy = 1; /* S4U2Proxy - constrained delegation */
+            break;
+        case 'S':
+            sname = optarg;
+            if (unknown == 1){
                 fprintf(stderr, "Options -u and -S are mutually exclusive\n");
-	        xusage();
+                xusage();
             }
-	    break;
+            break;
         case 'u':
             unknown = 1;
-            if (sname){ 
+            if (sname){
                 fprintf(stderr, "Options -u and -S are mutually exclusive\n");
-	        xusage();
+                xusage();
             }
             break;
-	case 'U':
-	    for_user = optarg; /* S4U2Self - protocol transition */
-	    break;
-	default:
-	    xusage();
-	    break;
-	}
+        case 'U':
+            for_user = optarg; /* S4U2Self - protocol transition */
+            break;
+        default:
+            xusage();
+            break;
+        }
     }
 
     if (proxy) {
-	if (keytab_name == NULL) {
-	    fprintf(stderr, "Option -P (constrained delegation) "
-			    "requires keytab to be specified\n");
-	    xusage();
-	} else if (for_user == NULL) {
-	    fprintf(stderr, "Option -P (constrained delegation) requires "
-			    "option -U (protocol transition)\n");
-	    xusage();
-	}
+        if (keytab_name == NULL) {
+            fprintf(stderr, "Option -P (constrained delegation) "
+                    "requires keytab to be specified\n");
+            xusage();
+        } else if (for_user == NULL) {
+            fprintf(stderr, "Option -P (constrained delegation) requires "
+                    "option -U (protocol transition)\n");
+            xusage();
+        }
     }
 
     if ((argc - optind) < 1)
-	xusage();
+        xusage();
 
-	do_v5_kvno(argc - optind, argv + optind,
-		   ccachestr, etypestr, keytab_name, sname,
-		   canon, unknown, for_user, proxy);
+    do_v5_kvno(argc - optind, argv + optind,
+               ccachestr, etypestr, keytab_name, sname,
+               canon, unknown, for_user, proxy);
     return 0;
 }
 
 #include <k5-int.h>
 static krb5_context context;
 static void extended_com_err_fn (const char *myprog, errcode_t code,
-				 const char *fmt, va_list args)
+                                 const char *fmt, va_list args)
 {
     const char *emsg;
     emsg = krb5_get_error_message (context, code);
@@ -149,10 +150,10 @@ static void extended_com_err_fn (const char *myprog, errcode_t code,
     fprintf (stderr, "\n");
 }
 
-static void do_v5_kvno (int count, char *names[], 
+static void do_v5_kvno (int count, char *names[],
                         char * ccachestr, char *etypestr, char *keytab_name,
-			char *sname, int canon, int unknown, char *for_user,
-			int proxy)
+                        char *sname, int canon, int unknown, char *for_user,
+                        int proxy)
 {
     krb5_error_code ret;
     int i, errors;
@@ -166,18 +167,18 @@ static void do_v5_kvno (int count, char *names[],
 
     ret = krb5_init_context(&context);
     if (ret) {
-	com_err(prog, ret, "while initializing krb5 library");
-	exit(1);
+        com_err(prog, ret, "while initializing krb5 library");
+        exit(1);
     }
 
     if (etypestr) {
         ret = krb5_string_to_enctype(etypestr, &etype);
-	if (ret) {
-	    com_err(prog, ret, "while converting etype");
-	    exit(1);
-	}
+        if (ret) {
+            com_err(prog, ret, "while converting etype");
+            exit(1);
+        }
     } else {
-	etype = 0;
+        etype = 0;
     }
 
     if (ccachestr)
@@ -185,166 +186,166 @@ static void do_v5_kvno (int count, char *names[],
     else
         ret = krb5_cc_default(context, &ccache);
     if (ret) {
-	com_err(prog, ret, "while opening ccache");
-	exit(1);
+        com_err(prog, ret, "while opening ccache");
+        exit(1);
     }
 
     if (keytab_name) {
-	ret = krb5_kt_resolve(context, keytab_name, &keytab);
-	if (ret) {
-	    com_err(prog, ret, "resolving keytab %s", keytab_name);
-	    exit(1);
-	}
+        ret = krb5_kt_resolve(context, keytab_name, &keytab);
+        if (ret) {
+            com_err(prog, ret, "resolving keytab %s", keytab_name);
+            exit(1);
+        }
     }
 
     if (for_user) {
-	ret = krb5_parse_name_flags(context, for_user,
-				    KRB5_PRINCIPAL_PARSE_ENTERPRISE,
-				    &for_user_princ);
-	if (ret) {
-	    com_err(prog, ret, "while parsing principal name %s", for_user);
-	    exit(1);
-	}
+        ret = krb5_parse_name_flags(context, for_user,
+                                    KRB5_PRINCIPAL_PARSE_ENTERPRISE,
+                                    &for_user_princ);
+        if (ret) {
+            com_err(prog, ret, "while parsing principal name %s", for_user);
+            exit(1);
+        }
     }
 
     ret = krb5_cc_get_principal(context, ccache, &me);
     if (ret) {
-	com_err(prog, ret, "while getting client principal name");
-	exit(1);
+        com_err(prog, ret, "while getting client principal name");
+        exit(1);
     }
 
     errors = 0;
 
     options = 0;
     if (canon)
-	options |= KRB5_GC_CANONICALIZE;
+        options |= KRB5_GC_CANONICALIZE;
 
     for (i = 0; i < count; i++) {
-	krb5_principal server = NULL;
-	krb5_ticket *ticket = NULL;
-	krb5_creds *out_creds = NULL;
-	char *princ = NULL;
-
-	memset(&in_creds, 0, sizeof(in_creds));
-
-	if (sname != NULL) {
-	    ret = krb5_sname_to_principal(context, names[i],
-					  sname, KRB5_NT_SRV_HST,
-					  &server);
-	} else {
-	    ret = krb5_parse_name(context, names[i], &server);
-	}
-	if (ret) {
-	    if (!quiet)
-		com_err(prog, ret, "while parsing principal name %s", names[i]);
-	    goto error;
-	}
+        krb5_principal server = NULL;
+        krb5_ticket *ticket = NULL;
+        krb5_creds *out_creds = NULL;
+        char *princ = NULL;
+
+        memset(&in_creds, 0, sizeof(in_creds));
+
+        if (sname != NULL) {
+            ret = krb5_sname_to_principal(context, names[i],
+                                          sname, KRB5_NT_SRV_HST,
+                                          &server);
+        } else {
+            ret = krb5_parse_name(context, names[i], &server);
+        }
+        if (ret) {
+            if (!quiet)
+                com_err(prog, ret, "while parsing principal name %s", names[i]);
+            goto error;
+        }
         if (unknown == 1) {
             krb5_princ_type(context, server) = KRB5_NT_UNKNOWN;
         }
 
-	ret = krb5_unparse_name(context, server, &princ);
-	if (ret) {
-	    com_err(prog, ret,
-		    "while formatting parsed principal name for '%s'",
-		    names[i]);
-	    goto error;
-	}
-
-	in_creds.keyblock.enctype = etype;
-
-	if (for_user) {
-	    if (!proxy &&
-		!krb5_principal_compare(context, me, server)) {
-		com_err(prog, EINVAL,
-			"client and server principal names must match");
-		goto error;
-	    }
-
-	    in_creds.client = for_user_princ;
-	    in_creds.server = me;
-
-	    ret = krb5_get_credentials_for_user(context, options, ccache,
-						&in_creds, NULL, &out_creds);
-	} else {
-	    in_creds.client = me;
-	    in_creds.server = server;
-	    ret = krb5_get_credentials(context, options, ccache,
-				       &in_creds, &out_creds);
-	}
-
-	if (ret) {
-	    com_err(prog, ret, "while getting credentials for %s", princ);
-	    goto error;
-	}
-
-	/* we need a native ticket */
-	ret = krb5_decode_ticket(&out_creds->ticket, &ticket);
-	if (ret) {
-	    com_err(prog, ret, "while decoding ticket for %s", princ);
-	    goto error;
-	}
-
-	if (keytab) {
-	    ret = krb5_server_decrypt_ticket_keytab(context, keytab, ticket);
-	    if (ret) {
-		if (!quiet) {
-		    fprintf(stderr, "%s: kvno = %d, keytab entry invalid\n",
-			    princ, ticket->enc_part.kvno);
-		}
-		com_err(prog, ret, "while decrypting ticket for %s", princ);
-		goto error;
-	    }
-	    if (!quiet)
-		printf("%s: kvno = %d, keytab entry valid\n",
-		       princ, ticket->enc_part.kvno);
-	    if (proxy) {
-		krb5_free_creds(context, out_creds);
-		out_creds = NULL;
-
-		in_creds.client = ticket->enc_part2->client;
-		in_creds.server = server;
-
-		ret = krb5_get_credentials_for_proxy(context,
-						     KRB5_GC_CANONICALIZE,
-						     ccache,
-						     &in_creds,
-						     ticket,
-						     &out_creds);
-		if (ret) {
-		    com_err(prog, ret,
-			    "%s: constrained delegation failed", princ);
-		    goto error;
-		}
-	    }
-	} else {
-	    if (!quiet)
-		printf("%s: kvno = %d\n", princ, ticket->enc_part.kvno);
-	}
-
-	continue;
-
-error:
-	if (server != NULL)
-	    krb5_free_principal(context, server);
-	if (ticket != NULL)
-	    krb5_free_ticket(context, ticket);
-	if (out_creds != NULL)
-	    krb5_free_creds(context, out_creds);
-	if (princ != NULL)
-	    krb5_free_unparsed_name(context, princ);
-	errors++;
+        ret = krb5_unparse_name(context, server, &princ);
+        if (ret) {
+            com_err(prog, ret,
+                    "while formatting parsed principal name for '%s'",
+                    names[i]);
+            goto error;
+        }
+
+        in_creds.keyblock.enctype = etype;
+
+        if (for_user) {
+            if (!proxy &&
+                !krb5_principal_compare(context, me, server)) {
+                com_err(prog, EINVAL,
+                        "client and server principal names must match");
+                goto error;
+            }
+
+            in_creds.client = for_user_princ;
+            in_creds.server = me;
+
+            ret = krb5_get_credentials_for_user(context, options, ccache,
+                                                &in_creds, NULL, &out_creds);
+        } else {
+            in_creds.client = me;
+            in_creds.server = server;
+            ret = krb5_get_credentials(context, options, ccache,
+                                       &in_creds, &out_creds);
+        }
+
+        if (ret) {
+            com_err(prog, ret, "while getting credentials for %s", princ);
+            goto error;
+        }
+
+        /* we need a native ticket */
+        ret = krb5_decode_ticket(&out_creds->ticket, &ticket);
+        if (ret) {
+            com_err(prog, ret, "while decoding ticket for %s", princ);
+            goto error;
+        }
+
+        if (keytab) {
+            ret = krb5_server_decrypt_ticket_keytab(context, keytab, ticket);
+            if (ret) {
+                if (!quiet) {
+                    fprintf(stderr, "%s: kvno = %d, keytab entry invalid\n",
+                            princ, ticket->enc_part.kvno);
+                }
+                com_err(prog, ret, "while decrypting ticket for %s", princ);
+                goto error;
+            }
+            if (!quiet)
+                printf("%s: kvno = %d, keytab entry valid\n",
+                       princ, ticket->enc_part.kvno);
+            if (proxy) {
+                krb5_free_creds(context, out_creds);
+                out_creds = NULL;
+
+                in_creds.client = ticket->enc_part2->client;
+                in_creds.server = server;
+
+                ret = krb5_get_credentials_for_proxy(context,
+                                                     KRB5_GC_CANONICALIZE,
+                                                     ccache,
+                                                     &in_creds,
+                                                     ticket,
+                                                     &out_creds);
+                if (ret) {
+                    com_err(prog, ret,
+                            "%s: constrained delegation failed", princ);
+                    goto error;
+                }
+            }
+        } else {
+            if (!quiet)
+                printf("%s: kvno = %d\n", princ, ticket->enc_part.kvno);
+        }
+
+        continue;
+
+    error:
+        if (server != NULL)
+            krb5_free_principal(context, server);
+        if (ticket != NULL)
+            krb5_free_ticket(context, ticket);
+        if (out_creds != NULL)
+            krb5_free_creds(context, out_creds);
+        if (princ != NULL)
+            krb5_free_unparsed_name(context, princ);
+        errors++;
     }
 
     if (keytab)
-	krb5_kt_close(context, keytab);
+        krb5_kt_close(context, keytab);
     krb5_free_principal(context, me);
     krb5_free_principal(context, for_user_princ);
     krb5_cc_close(context, ccache);
     krb5_free_context(context);
 
     if (errors)
-	exit(1);
+        exit(1);
 
     exit(0);
 }
diff --git a/src/include/CredentialsCache.h b/src/include/CredentialsCache.h
index cd573e710..656b43625 100644
--- a/src/include/CredentialsCache.h
+++ b/src/include/CredentialsCache.h
@@ -23,7 +23,7 @@
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
  */
- 
+
 #ifndef __CREDENTIALSCACHE__
 #define __CREDENTIALSCACHE__
 
@@ -35,7 +35,7 @@
  * The object for kCCAPICacheCollectionChangedNotification is NULL.
  * The object for kCCAPICCacheChangedNotification is a CFString containing the
  * name of the ccache.
- * 
+ *
  * Note: Notifications are not sent if the CCacheServer crashes.  */
 #define kCCAPICacheCollectionChangedNotification CFSTR ("CCAPICacheCollectionChangedNotification")
 #define kCCAPICCacheChangedNotification          CFSTR ("CCAPICCacheChangedNotification")
@@ -54,7 +54,7 @@ extern "C" {
 
 #if TARGET_OS_MAC
 #pragma pack(push,2)
-#endif    
+#endif
 
 #if defined(_WIN32)
 #define CCACHE_API 	__declspec(dllexport)
@@ -64,7 +64,7 @@ extern "C" {
 #error time_t has been defined as a 64-bit integer which is incompatible with Kerberos on this platform.
 #endif /* _TIME_T_DEFINED */
 #define _USE_32BIT_TIME_T
-#endif 
+#endif
 #else
 #define CCACHE_API
 #endif
@@ -100,89 +100,89 @@ extern "C" {
  *
  * \li \ref cc_string_reference
  * \li \ref cc_string_f "cc_string_t Functions"
- * 
+ *
  * \section introduction Introduction
  *
- * This is the specification for an API which provides Credentials Cache 
- * services for both Kerberos v5 and v4. The idea behind this API is that 
- * multiple Kerberos implementations can share a single collection of 
- * credentials caches, mediated by this API specification. On the Mac OS 
- * and Microsoft Windows platforms this will allow single-login, even when 
+ * This is the specification for an API which provides Credentials Cache
+ * services for both Kerberos v5 and v4. The idea behind this API is that
+ * multiple Kerberos implementations can share a single collection of
+ * credentials caches, mediated by this API specification. On the Mac OS
+ * and Microsoft Windows platforms this will allow single-login, even when
  * more than one Kerberos shared library is in use on a particular system.
  *
- * Abstractly, a credentials cache collection contains one or more credentials 
- * caches, or ccaches. A ccache is uniquely identified by its name, which is 
- * a string internal to the API and not intended to be presented to users. 
+ * Abstractly, a credentials cache collection contains one or more credentials
+ * caches, or ccaches. A ccache is uniquely identified by its name, which is
+ * a string internal to the API and not intended to be presented to users.
  * The user presentable identifier of a ccache is its principal.
  *
- * Unlike the previous versions of the API, version 3 of the API stores both 
+ * Unlike the previous versions of the API, version 3 of the API stores both
  * Kerberos v4 and v5 credentials in the same ccache.
  *
- * At any given time, one ccache is the "default" ccache. The exact meaning 
- * of a default ccache is OS-specific; refer to implementation requirements 
+ * At any given time, one ccache is the "default" ccache. The exact meaning
+ * of a default ccache is OS-specific; refer to implementation requirements
  * for details.
  *
  * \section error_handling Error Handling
  *
- * All functions of the API return some of the error constants listed FIXME; 
- * the exact list of error constants returned by any API function is provided 
+ * All functions of the API return some of the error constants listed FIXME;
+ * the exact list of error constants returned by any API function is provided
  * in the function descriptions below.
- * 
- * When returning an error constant other than ccNoError or ccIteratorEnd, API 
+ *
+ * When returning an error constant other than ccNoError or ccIteratorEnd, API
  * functions never modify any of the values passed in by reference.
  *
  * \section synchronization_atomicity Synchronization and Atomicity
- * 
+ *
  * Every function in the API is atomic.  In order to make a series of calls
  * atomic, callers should lock the ccache or cache collection they are working
- * with to advise other callers not to modify that container.  Note that 
- * advisory locks are per container so even if you have a read lock on the cache 
- * collection other callers can obtain write locks on ccaches in that cache 
+ * with to advise other callers not to modify that container.  Note that
+ * advisory locks are per container so even if you have a read lock on the cache
+ * collection other callers can obtain write locks on ccaches in that cache
  * collection.
- * 
- * Note that iterators do not iterate over ccaches and credentials atomically 
- * because locking ccaches and the cache collection over every iteration would 
- * degrade performance considerably under high load.  However, iterators do 
- * guarantee a consistent view of items they are iterating over.  Iterators 
- * will never return duplicate entries or skip entries when items are removed 
- * or added to the container they are iterating over.  
- * 
+ *
+ * Note that iterators do not iterate over ccaches and credentials atomically
+ * because locking ccaches and the cache collection over every iteration would
+ * degrade performance considerably under high load.  However, iterators do
+ * guarantee a consistent view of items they are iterating over.  Iterators
+ * will never return duplicate entries or skip entries when items are removed
+ * or added to the container they are iterating over.
+ *
  * An application can always lock a ccache or the cache collection to guarantee
- * that other callers participating in the advisory locking system do not 
+ * that other callers participating in the advisory locking system do not
  * modify the ccache or cache collection.
- * 
+ *
  * Implementations should not use copy-on-write techniques to implement locks
- * because those techniques imply that same parts of the ccache collection 
- * remain visible to some callers even though they are not present in the 
- * collection, which is a potential security risk. For example, a copy-on-write 
- * technique might make a copy of the entire collection when a read lock is 
- * acquired, so as to allow the owner of the lock to access the collection in 
- * an apparently unmodified state, while also allowing others to make 
- * modifications to the collection. However, this would also enable the owner 
- * of the lock to indefinitely (until the expiration time) use credentials that 
+ * because those techniques imply that same parts of the ccache collection
+ * remain visible to some callers even though they are not present in the
+ * collection, which is a potential security risk. For example, a copy-on-write
+ * technique might make a copy of the entire collection when a read lock is
+ * acquired, so as to allow the owner of the lock to access the collection in
+ * an apparently unmodified state, while also allowing others to make
+ * modifications to the collection. However, this would also enable the owner
+ * of the lock to indefinitely (until the expiration time) use credentials that
  * have actually been deleted from the collection.
- * 
+ *
  * \section memory_management Object Memory Management
- * 
- * The lifetime of an object returned by the API is until release() is called 
- * for it. Releasing one object has no effect on existence of any other object. 
- * For example, a ccache obtained within a context continue to exist when the 
+ *
+ * The lifetime of an object returned by the API is until release() is called
+ * for it. Releasing one object has no effect on existence of any other object.
+ * For example, a ccache obtained within a context continue to exist when the
  * context is released.
- * 
- * Every object returned by the API (cc_context_t, cc_ccache_t, cc_ccache_iterator_t, 
- * cc_credentials_t, cc_credentials_iterator_t, cc_string_t) is owned by the 
- * caller of the API, and it is the responsibility of the caller to call release() 
+ *
+ * Every object returned by the API (cc_context_t, cc_ccache_t, cc_ccache_iterator_t,
+ * cc_credentials_t, cc_credentials_iterator_t, cc_string_t) is owned by the
+ * caller of the API, and it is the responsibility of the caller to call release()
  * for every object to prevent memory leaks.
- * 
+ *
  * \section opaque_types Opaque Types
- * 
- * All of the opaque high-level types in CCache API are implemented as structures 
- * of function pointers and private data. To perform some operation on a type, the 
- * caller of the API has to first obtain an instance of that type, and then call the 
- * appropriate function pointer from that instance. For example, to call 
- * get_change_time() on a cc_context_t, one would call cc_initialize() which creates 
+ *
+ * All of the opaque high-level types in CCache API are implemented as structures
+ * of function pointers and private data. To perform some operation on a type, the
+ * caller of the API has to first obtain an instance of that type, and then call the
+ * appropriate function pointer from that instance. For example, to call
+ * get_change_time() on a cc_context_t, one would call cc_initialize() which creates
  * a new cc_context_t and then call its get_change_time(), like this:
- * 
+ *
  * \code
  * cc_context_t context;
  * cc_int32 err = cc_initialize (&context, ccapi_version_3, nil, nil);
@@ -190,10 +190,10 @@ extern "C" {
  * time = context->functions->get_change_time (context)
  * \endcode
  *
- * All API functions also have convenience preprocessor macros, which make the API 
- * seem completely function-based. For example, cc_context_get_change_time 
- * (context, time) is equivalent to context->functions->get_change_time 
- * (context, time). The convenience macros follow the following naming convention: 
+ * All API functions also have convenience preprocessor macros, which make the API
+ * seem completely function-based. For example, cc_context_get_change_time
+ * (context, time) is equivalent to context->functions->get_change_time
+ * (context, time). The convenience macros follow the following naming convention:
  *
  * The API function some_function()
  * \code
@@ -207,39 +207,39 @@ extern "C" {
  * result = cc_type_some_function (an_object, args)
  * \endcode
  *
- * The specifications below include the names for both the functions and the 
- * convenience macros, in that order. For clarity, it is recommended that clients 
+ * The specifications below include the names for both the functions and the
+ * convenience macros, in that order. For clarity, it is recommended that clients
  * using the API use the convenience macros, but that is merely a stylistic choice.
  *
- * Implementing the API in this manner allows us to extend and change the interface 
+ * Implementing the API in this manner allows us to extend and change the interface
  * in the future, while preserving compatibility with older clients.
  *
- * For example, consider the case when the signature or the semantics of a cc_ccache_t 
- * function is changed. The API version number is incremented. The library 
- * implementation contains both a function with the old signature and semantics and 
- * a function with the new signature and semantics. When a context is created, the API 
- * version number used in that context is stored in the context, and therefore it can 
- * be used whenever a ccache is created in that context. When a ccache is created in a 
- * context with the old API version number, the function pointer structure for the 
- * ccache is filled with pointers to functions implementing the old semantics; when a 
- * ccache is created in a context with the new API version number, the function pointer 
- * structure for the ccache is filled with poitners to functions implementing the new 
+ * For example, consider the case when the signature or the semantics of a cc_ccache_t
+ * function is changed. The API version number is incremented. The library
+ * implementation contains both a function with the old signature and semantics and
+ * a function with the new signature and semantics. When a context is created, the API
+ * version number used in that context is stored in the context, and therefore it can
+ * be used whenever a ccache is created in that context. When a ccache is created in a
+ * context with the old API version number, the function pointer structure for the
+ * ccache is filled with pointers to functions implementing the old semantics; when a
+ * ccache is created in a context with the new API version number, the function pointer
+ * structure for the ccache is filled with poitners to functions implementing the new
  * semantics.
  *
- * Similarly, if a function is added to the API, the version number in the context can 
- * be used to decide whether to include the implementation of the new function in the 
+ * Similarly, if a function is added to the API, the version number in the context can
+ * be used to decide whether to include the implementation of the new function in the
  * appropriate function pointer structure or not.
  */
-    
+
 /*!
  * \defgroup ccapi_constants_reference Constants
  * @{
  */
-    
+
 /*!
- * API version numbers 
+ * API version numbers
  *
- * These constants are passed into cc_initialize() to indicate the version 
+ * These constants are passed into cc_initialize() to indicate the version
  * of the API the caller wants to use.
  *
  * CCAPI v1 and v2 are deprecated and should not be used.
@@ -253,67 +253,67 @@ enum {
     ccapi_version_7 = 7,
     ccapi_version_max = ccapi_version_7
 };
- 
-/*! 
- * Error codes 
+
+/*!
+ * Error codes
  */
 enum {
-    
-    ccNoError = 0,  /*!< Success. */						
 
-    ccIteratorEnd = 201,  /*!< Iterator is done iterating. */					    
+    ccNoError = 0,  /*!< Success. */
+
+    ccIteratorEnd = 201,  /*!< Iterator is done iterating. */
     ccErrBadParam,  /*!< Bad parameter (NULL or invalid pointer where valid pointer expected). */
     ccErrNoMem,  /*!< Not enough memory to complete the operation. */
     ccErrInvalidContext,  /*!< Context is invalid (e.g., it was released). */
     ccErrInvalidCCache,  /*!< CCache is invalid (e.g., it was released or destroyed). */
 
     /* 206 */
-    ccErrInvalidString,	 /*!< String is invalid (e.g., it was released). */				
+    ccErrInvalidString,	 /*!< String is invalid (e.g., it was released). */
     ccErrInvalidCredentials,  /*!< Credentials are invalid (e.g., they were released), or they have a bad version. */
     ccErrInvalidCCacheIterator,  /*!< CCache iterator is invalid (e.g., it was released). */
     ccErrInvalidCredentialsIterator,  /*!< Credentials iterator is invalid (e.g., it was released). */
     ccErrInvalidLock,  /*!< Lock is invalid (e.g., it was released). */
 
     /* 211 */
-    ccErrBadName,  /*!< Bad credential cache name format. */					
+    ccErrBadName,  /*!< Bad credential cache name format. */
     ccErrBadCredentialsVersion,  /*!< Credentials version is invalid. */
     ccErrBadAPIVersion,  /*!< Unsupported API version. */
     ccErrContextLocked,  /*!< Context is already locked. */
     ccErrContextUnlocked,  /*!< Context is not locked by the caller. */
 
     /* 216 */
-    ccErrCCacheLocked,	 /*!< CCache is already locked. */				
+    ccErrCCacheLocked,	 /*!< CCache is already locked. */
     ccErrCCacheUnlocked,  /*!< CCache is not locked by the caller. */
     ccErrBadLockType,  /*!< Bad lock type. */
     ccErrNeverDefault,  /*!< CCache was never default. */
     ccErrCredentialsNotFound,  /*!< Matching credentials not found in the ccache. */
 
     /* 221 */
-    ccErrCCacheNotFound,  /*!< Matching ccache not found in the collection. */				
+    ccErrCCacheNotFound,  /*!< Matching ccache not found in the collection. */
     ccErrContextNotFound,  /*!< Matching cache collection not found. */
     ccErrServerUnavailable,  /*!< CCacheServer is unavailable. */
     ccErrServerInsecure,  /*!< CCacheServer has detected that it is running as the wrong user. */
     ccErrServerCantBecomeUID,  /*!< CCacheServer failed to start running as the user. */
-    
+
     /* 226 */
-    ccErrTimeOffsetNotSet,  /*!< KDC time offset not set for this ccache. */				
+    ccErrTimeOffsetNotSet,  /*!< KDC time offset not set for this ccache. */
     ccErrBadInternalMessage,  /*!< The client and CCacheServer can't communicate (e.g., a version mismatch). */
     ccErrNotImplemented,  /*!< API function not supported by this implementation. */
     ccErrClientNotFound  /*!< CCacheServer has no record of the caller's process (e.g., the server crashed). */
 };
 
-/*! 
- * Credentials versions 
+/*!
+ * Credentials versions
  *
- * These constants are used in several places in the API to discern 
- * between Kerberos v4 and Kerberos v5. Not all values are valid 
- * inputs and outputs for all functions; function specifications 
+ * These constants are used in several places in the API to discern
+ * between Kerberos v4 and Kerberos v5. Not all values are valid
+ * inputs and outputs for all functions; function specifications
  * below detail the allowed values.
  *
- * Kerberos version constants will always be a bit-field, and can be 
+ * Kerberos version constants will always be a bit-field, and can be
  * tested as such; for example the following test will tell you if
  * a ccacheVersion includes v5 credentials:
- * 
+ *
  * if ((ccacheVersion & cc_credentials_v5) != 0)
  */
 enum cc_credential_versions {
@@ -322,9 +322,9 @@ enum cc_credential_versions {
     cc_credentials_v4_v5 = 3
 };
 
-/*! 
- * Lock types 
- * 
+/*!
+ * Lock types
+ *
  * These constants are used in the locking functions to describe the
  * type of lock requested.  Note that all CCAPI locks are advisory
  * so only callers using the lock calls will be blocked by each other.
@@ -338,14 +338,14 @@ enum cc_lock_types {
     cc_lock_downgrade = 3
 };
 
-/*! 
- * Locking Modes 
+/*!
+ * Locking Modes
  *
- * These constants are used in the advisory locking functions to 
- * describe whether or not the lock function should block waiting for 
- * a lock or return an error immediately.   For example, attempting to 
- * acquire a lock with a non-blocking call will result in an error if the 
- * lock cannot be acquired; otherwise, the call will block until the lock 
+ * These constants are used in the advisory locking functions to
+ * describe whether or not the lock function should block waiting for
+ * a lock or return an error immediately.   For example, attempting to
+ * acquire a lock with a non-blocking call will result in an error if the
+ * lock cannot be acquired; otherwise, the call will block until the lock
  * can be acquired.
  */
 enum cc_lock_modes {
@@ -353,10 +353,10 @@ enum cc_lock_modes {
     cc_lock_block = 1
 };
 
-/*! 
+/*!
  * Sizes of fields in cc_credentials_v4_t.
  */
-enum {	
+enum {
     /* Make sure all of these are multiples of four (for alignment sanity) */
     cc_v4_name_size     = 40,
     cc_v4_instance_size	= 40,
@@ -396,8 +396,8 @@ typedef int64_t             cc_int64;
 /*! Signed 64-bit integer type */
 typedef uint64_t            cc_uint64;
 #endif
-/*! 
- * The cc_time_t type is used to represent a time in seconds. The time must 
+/*!
+ * The cc_time_t type is used to represent a time in seconds. The time must
  * be stored as the number of seconds since midnight GMT on January 1, 1970.
  */
 typedef cc_uint32           cc_time_t;
@@ -407,10 +407,10 @@ typedef cc_uint32           cc_time_t;
 /*!
  * \defgroup cc_context_reference cc_context_t Overview
  * @{
- * 
- * The cc_context_t type gives the caller access to a ccache collection. 
- * Before being able to call any functions in the CCache API, the caller 
- * needs to acquire an instance of cc_context_t by calling cc_initialize(). 
+ *
+ * The cc_context_t type gives the caller access to a ccache collection.
+ * Before being able to call any functions in the CCache API, the caller
+ * needs to acquire an instance of cc_context_t by calling cc_initialize().
  *
  * For API function documentation see \ref cc_context_f.
  */
@@ -431,11 +431,11 @@ typedef cc_context_d *cc_context_t;
 /*!
  * \defgroup cc_ccache_reference cc_ccache_t Overview
  * @{
- * 
- * The cc_ccache_t type represents a reference to a ccache. 
- * Callers can access a ccache and the credentials stored in it 
- * via a cc_ccache_t. A cc_ccache_t can be acquired via 
- * cc_context_open_ccache(), cc_context_open_default_ccache(), or 
+ *
+ * The cc_ccache_t type represents a reference to a ccache.
+ * Callers can access a ccache and the credentials stored in it
+ * via a cc_ccache_t. A cc_ccache_t can be acquired via
+ * cc_context_open_ccache(), cc_context_open_default_ccache(), or
  * cc_ccache_iterator_next().
  *
  * For API function documentation see \ref cc_ccache_f.
@@ -457,10 +457,10 @@ typedef cc_ccache_d *cc_ccache_t;
 /*!
  * \defgroup cc_ccache_iterator_reference cc_ccache_iterator_t Overview
  * @{
- * 
- * The cc_ccache_iterator_t type represents an iterator that 
- * iterates over a set of ccaches and returns them in all in some 
- * order. A new instance of this type can be obtained by calling 
+ *
+ * The cc_ccache_iterator_t type represents an iterator that
+ * iterates over a set of ccaches and returns them in all in some
+ * order. A new instance of this type can be obtained by calling
  * cc_context_new_ccache_iterator().
  *
  * For API function documentation see \ref cc_ccache_iterator_f.
@@ -481,30 +481,30 @@ typedef cc_ccache_iterator_d *cc_ccache_iterator_t;
 /*!
  * \defgroup cc_credentials_reference cc_credentials_t Overview
  * @{
- * 
- * The cc_credentials_t type is used to store a single set of 
- * credentials for either Kerberos v4 or Kerberos v5. In addition 
- * to its only function, release(), it contains a pointer to a 
- * cc_credentials_union structure. A cc_credentials_union 
- * structure contains an integer of the enumerator type 
- * cc_credentials_version, which is either #cc_credentials_v4 or 
- * #cc_credentials_v5, and a pointer union, which contains either a 
- * cc_credentials_v4_t pointer or a cc_credentials_v5_t pointer, 
- * depending on the value in version. 
- * 
+ *
+ * The cc_credentials_t type is used to store a single set of
+ * credentials for either Kerberos v4 or Kerberos v5. In addition
+ * to its only function, release(), it contains a pointer to a
+ * cc_credentials_union structure. A cc_credentials_union
+ * structure contains an integer of the enumerator type
+ * cc_credentials_version, which is either #cc_credentials_v4 or
+ * #cc_credentials_v5, and a pointer union, which contains either a
+ * cc_credentials_v4_t pointer or a cc_credentials_v5_t pointer,
+ * depending on the value in version.
+ *
  * Variables of the type cc_credentials_t are allocated by the CCAPI
- * implementation, and should be released with their release() 
- * function. API functions which receive credentials structures 
- * from the caller always accept cc_credentials_union, which is 
+ * implementation, and should be released with their release()
+ * function. API functions which receive credentials structures
+ * from the caller always accept cc_credentials_union, which is
  * allocated by the caller, and accordingly disposed by the caller.
  *
  * For API functions see \ref cc_credentials_f.
  */
 
 /*!
- * If a cc_credentials_t variable is used to store Kerberos v4 
- * credentials, then credentials.credentials_v4 points to a v4 
- * credentials structure.  This structure is similar to a 
+ * If a cc_credentials_t variable is used to store Kerberos v4
+ * credentials, then credentials.credentials_v4 points to a v4
+ * credentials structure.  This structure is similar to a
  * krb4 API CREDENTIALS structure.
  */
 struct cc_credentials_v4_t {
@@ -535,20 +535,20 @@ struct cc_credentials_v4_t {
     cc_int32        ticket_size;
     /*! Ticket data */
     unsigned char   ticket [cc_v4_ticket_size];
-};      
+};
 typedef struct cc_credentials_v4_t cc_credentials_v4_t;
 
 /*!
  * The CCAPI data structure.  This structure is similar to a krb5_data structure.
- * In a v5 credentials structure, cc_data structures are used 
- * to store tagged variable-length binary data. Specifically, 
- * for cc_credentials_v5.ticket and 
- * cc_credentials_v5.second_ticket, the cc_data.type field must 
- * be zero. For the cc_credentials_v5.addresses, 
- * cc_credentials_v5.authdata, and cc_credentials_v5.keyblock, 
- * the cc_data.type field should be the address type, 
- * authorization data type, and encryption type, as defined by 
- * the Kerberos v5 protocol definition.  
+ * In a v5 credentials structure, cc_data structures are used
+ * to store tagged variable-length binary data. Specifically,
+ * for cc_credentials_v5.ticket and
+ * cc_credentials_v5.second_ticket, the cc_data.type field must
+ * be zero. For the cc_credentials_v5.addresses,
+ * cc_credentials_v5.authdata, and cc_credentials_v5.keyblock,
+ * the cc_data.type field should be the address type,
+ * authorization data type, and encryption type, as defined by
+ * the Kerberos v5 protocol definition.
  */
 struct cc_data {
     /*! The type of the data as defined by the krb5_data structure. */
@@ -557,13 +557,13 @@ struct cc_data {
     cc_uint32			length;
     /*! The data buffer. */
     void*			data;
-};      
+};
 typedef struct cc_data cc_data;
 
 /*!
  * If a cc_credentials_t variable is used to store Kerberos v5 c
- * redentials, and then credentials.credentials_v5 points to a 
- * v5 credentials structure.  This structure is similar to a 
+ * redentials, and then credentials.credentials_v5 points to a
+ * v5 credentials structure.  This structure is similar to a
  * krb5_creds structure.
  */
 struct cc_credentials_v5_t {
@@ -585,7 +585,7 @@ struct cc_credentials_v5_t {
     cc_uint32  is_skey;
     /*! Ticket flags, as defined by the Kerberos 5 API. */
     cc_uint32  ticket_flags;
-    /*! The the list of network addresses of hosts that are allowed to authenticate 
+    /*! The the list of network addresses of hosts that are allowed to authenticate
      * using this ticket. */
     cc_data**  addresses;
     /*! Ticket data. */
@@ -594,7 +594,7 @@ struct cc_credentials_v5_t {
     cc_data    second_ticket;
     /*! Authorization data. */
     cc_data**  authdata;
-};      
+};
 typedef struct cc_credentials_v5_t cc_credentials_v5_t;
 
 struct cc_credentials_union {
@@ -628,8 +628,8 @@ typedef cc_credentials_d *cc_credentials_t;
  * \defgroup cc_credentials_iterator_reference cc_credentials_iterator_t
  * @{
  * The cc_credentials_iterator_t type represents an iterator that
- * iterates over a set of credentials. A new instance of this type 
- * can be obtained by calling cc_ccache_new_credentials_iterator(). 
+ * iterates over a set of credentials. A new instance of this type
+ * can be obtained by calling cc_ccache_new_credentials_iterator().
  *
  * For API function documentation see \ref cc_credentials_iterator_f.
  */
@@ -649,11 +649,11 @@ typedef cc_credentials_iterator_d *cc_credentials_iterator_t;
 /*!
  * \defgroup cc_string_reference cc_string_t Overview
  * @{
- * The cc_string_t represents a C string returned by the API. 
- * It has a pointer to the string data and a release() function. 
- * This type is used for both principal names and ccache names 
- * returned by the API. Principal names may contain UTF-8 encoded 
- * strings for internationalization purposes. 
+ * The cc_string_t represents a C string returned by the API.
+ * It has a pointer to the string data and a release() function.
+ * This type is used for both principal names and ccache names
+ * returned by the API. Principal names may contain UTF-8 encoded
+ * strings for internationalization purposes.
  *
  * For API function documentation see \ref cc_string_f.
  */
@@ -672,7 +672,7 @@ typedef cc_string_d *cc_string_t;
 /*!@}*/
 
 /*!
- * Function pointer table for cc_context_t.  For more information see 
+ * Function pointer table for cc_context_t.  For more information see
  * \ref cc_context_reference.
  */
 struct cc_context_f {
@@ -682,19 +682,19 @@ struct cc_context_f {
      * \brief \b cc_context_release(): Release memory associated with a cc_context_t.
      */
     cc_int32 (*release) (cc_context_t io_context);
-    
+
     /*!
      * \param in_context the context object for the cache collection to examine.
      * \param out_time on exit, the time of the most recent change for the entire ccache collection.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_context_get_change_time(): Get the last time the cache collection changed.
-     * 
-     * This function returns the time of the most recent change for the entire ccache collection. 
-     * By maintaining a local copy the caller can deduce whether or not the ccache collection has  
+     *
+     * This function returns the time of the most recent change for the entire ccache collection.
+     * By maintaining a local copy the caller can deduce whether or not the ccache collection has
      * been modified since the previous call to cc_context_get_change_time().
-     * 
+     *
      * The time returned by cc_context_get_changed_time() increases whenever:
-     * 
+     *
      * \li a ccache is created
      * \li a ccache is destroyed
      * \li a credential is stored
@@ -702,76 +702,76 @@ struct cc_context_f {
      * \li a ccache principal is changed
      * \li the default ccache is changed
      *
-     * \note In order to be able to compare two values returned by cc_context_get_change_time(), 
-     * the caller must use the same context to acquire them. Callers should maintain a single 
-     * context in memory for cc_context_get_change_time() calls rather than creating a new 
+     * \note In order to be able to compare two values returned by cc_context_get_change_time(),
+     * the caller must use the same context to acquire them. Callers should maintain a single
+     * context in memory for cc_context_get_change_time() calls rather than creating a new
      * context for every call.
-     * 
+     *
      * \sa wait_for_change
      */
     cc_int32 (*get_change_time) (cc_context_t  in_context,
                                  cc_time_t    *out_time);
-    
+
     /*!
      * \param in_context the context object for the cache collection.
      * \param out_name on exit, the name of the default ccache.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_context_get_default_ccache_name(): Get the name of the default ccache.
-     * 
-     * This function returns the name of the default ccache. When the default ccache 
-     * exists, its name is returned. If there are no ccaches in the collection, and 
-     * thus there is no default ccache, the name that the default ccache should have 
-     * is returned. The ccache with that name will be used as the default ccache by 
+     *
+     * This function returns the name of the default ccache. When the default ccache
+     * exists, its name is returned. If there are no ccaches in the collection, and
+     * thus there is no default ccache, the name that the default ccache should have
+     * is returned. The ccache with that name will be used as the default ccache by
      * all processes which initialized Kerberos libraries before the ccache was created.
-     * 
-     * If there is no default ccache, and the client is creating a new ccache, it 
+     *
+     * If there is no default ccache, and the client is creating a new ccache, it
      * should be created with the default name. If there already is a default ccache,
-     * and the client wants to create a new ccache (as opposed to reusing an existing 
-     * ccache), it should be created with any unique name; #create_new_ccache() 
+     * and the client wants to create a new ccache (as opposed to reusing an existing
+     * ccache), it should be created with any unique name; #create_new_ccache()
      * can be used to accomplish that more easily.
-     * 
-     * If the first ccache is created with a name other than the default name, then 
-     * the processes already running will not notice the credentials stored in the 
+     *
+     * If the first ccache is created with a name other than the default name, then
+     * the processes already running will not notice the credentials stored in the
      * new ccache, which is normally undesirable.
      */
     cc_int32 (*get_default_ccache_name) (cc_context_t  in_context,
                                          cc_string_t  *out_name);
-    
+
     /*!
      * \param in_context the context object for the cache collection.
      * \param in_name the name of the ccache to open.
      * \param out_ccache on exit, a ccache object for the ccache
-     * \return On success, #ccNoError.  If no ccache named \a in_name exists, 
+     * \return On success, #ccNoError.  If no ccache named \a in_name exists,
      * #ccErrCCacheNotFound. On failure, an error code representing the failure.
      * \brief \b cc_context_open_ccache(): Open a ccache.
-     * 
-     * Opens an already existing ccache identified by its name. It returns a reference 
+     *
+     * Opens an already existing ccache identified by its name. It returns a reference
      * to the ccache in \a out_ccache.
      *
-     * The list of all ccache names, principals, and credentials versions may be retrieved 
-     * by calling cc_context_new_cache_iterator(), cc_ccache_get_name(), 
+     * The list of all ccache names, principals, and credentials versions may be retrieved
+     * by calling cc_context_new_cache_iterator(), cc_ccache_get_name(),
      * cc_ccache_get_principal(), and cc_ccache_get_cred_version().
      */
     cc_int32 (*open_ccache) (cc_context_t  in_context,
                              const char   *in_name,
                              cc_ccache_t  *out_ccache);
-    
+
      /*!
       * \param in_context the context object for the cache collection.
       * \param out_ccache on exit, a ccache object for the default ccache
-      * \return On success, #ccNoError.  If no default ccache exists, 
+      * \return On success, #ccNoError.  If no default ccache exists,
       * #ccErrCCacheNotFound. On failure, an error code representing the failure.
       * \brief \b cc_context_open_default_ccache(): Open the default ccache.
-      * 
+      *
       * Opens the default ccache. It returns a reference to the ccache in *ccache.
-      * 
-      * This function performs the same function as calling 
+      *
+      * This function performs the same function as calling
       * cc_context_get_default_ccache_name followed by cc_context_open_ccache,
       * but it performs it atomically.
       */
     cc_int32 (*open_default_ccache) (cc_context_t  in_context,
                                      cc_ccache_t  *out_ccache);
-    
+
      /*!
       * \param in_context the context object for the cache collection.
       * \param in_name the name of the new ccache to create
@@ -780,51 +780,51 @@ struct cc_context_f {
       * \param out_ccache on exit, a ccache object for the newly created ccache
       * \return On success, #ccNoError.  On failure, an error code representing the failure.
       * \brief \b cc_context_create_ccache(): Create a new ccache.
-      * 
-      * Create a new credentials cache. The ccache is uniquely identified by its name. 
-      * The principal given is also associated with the ccache and the credentials 
-      * version specified. A NULL name is not allowed (and ccErrBadName is returned 
-      * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid 
-      * input values for cred_vers. If you want to create a new ccache that will hold 
-      * both versions of credentials, call cc_context_create_ccache() with one version, 
+      *
+      * Create a new credentials cache. The ccache is uniquely identified by its name.
+      * The principal given is also associated with the ccache and the credentials
+      * version specified. A NULL name is not allowed (and ccErrBadName is returned
+      * if one is passed in). Only cc_credentials_v4 and cc_credentials_v5 are valid
+      * input values for cred_vers. If you want to create a new ccache that will hold
+      * both versions of credentials, call cc_context_create_ccache() with one version,
       * and then cc_ccache_set_principal() with the other version.
-      * 
-      * If you want to create a new ccache (with a unique name), you should use 
-      * cc_context_create_new_ccache() instead. If you want to create or reinitialize 
+      *
+      * If you want to create a new ccache (with a unique name), you should use
+      * cc_context_create_new_ccache() instead. If you want to create or reinitialize
       * the default cache, you should use cc_context_create_default_ccache().
-      * 
+      *
       * If name is non-NULL and there is already a ccache named name:
-      * 
+      *
       * \li the credentials in the ccache whose version is cred_vers are removed
       * \li the principal (of the existing ccache) associated with cred_vers is set to principal
       * \li a handle for the existing ccache is returned and all existing handles for the ccache remain valid
       *
       * If no ccache named name already exists:
-      * 
+      *
       * \li a new empty ccache is created
       * \li the principal of the new ccache associated with cred_vers is set to principal
       * \li a handle for the new ccache is returned
       *
-      * For a new ccache, the name should be any unique string. The name is not 
+      * For a new ccache, the name should be any unique string. The name is not
       * intended to be presented to users.
-      * 
-      * If the created ccache is the first ccache in the collection, it is made 
-      * the default ccache. Note that normally it is undesirable to create the first 
-      * ccache with a name different from the default ccache name (as returned by 
-      * cc_context_get_default_ccache_name()); see the description of 
+      *
+      * If the created ccache is the first ccache in the collection, it is made
+      * the default ccache. Note that normally it is undesirable to create the first
+      * ccache with a name different from the default ccache name (as returned by
+      * cc_context_get_default_ccache_name()); see the description of
       * cc_context_get_default_ccache_name() for details.
-      * 
-      * The principal should be a C string containing an unparsed Kerberos principal 
-      * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ 
-      * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim 
-      * for Kerberos v5. 
+      *
+      * The principal should be a C string containing an unparsed Kerberos principal
+      * in the format of the appropriate Kerberos version, i.e. \verbatim foo.bar/@BAZ
+      * \endverbatim for Kerberos v4 and \verbatim foo/bar/@BAZ \endverbatim
+      * for Kerberos v5.
       */
      cc_int32 (*create_ccache) (cc_context_t  in_context,
                                const char   *in_name,
                                cc_uint32     in_cred_vers,
-                               const char   *in_principal, 
+                               const char   *in_principal,
                                cc_ccache_t  *out_ccache);
-    
+
      /*!
       * \param in_context the context object for the cache collection.
       * \param in_cred_vers the version of the credentials the new default ccache will hold
@@ -833,19 +833,19 @@ struct cc_context_f {
       * \return On success, #ccNoError.  On failure, an error code representing the failure.
       * \brief \b cc_context_create_default_ccache(): Create a new default ccache.
       *
-      * Create the default credentials cache. The behavior of this function is 
-      * similar to that of cc_create_ccache(). If there is a default ccache 
-      * (which is always the case except when there are no ccaches at all in 
-      * the collection), it is initialized with the specified credentials version 
-      * and principal, as per cc_create_ccache(); otherwise, a new ccache is 
-      * created, and its name is the name returned by 
+      * Create the default credentials cache. The behavior of this function is
+      * similar to that of cc_create_ccache(). If there is a default ccache
+      * (which is always the case except when there are no ccaches at all in
+      * the collection), it is initialized with the specified credentials version
+      * and principal, as per cc_create_ccache(); otherwise, a new ccache is
+      * created, and its name is the name returned by
       * cc_context_get_default_ccache_name().
       */
      cc_int32 (*create_default_ccache) (cc_context_t  in_context,
                                        cc_uint32     in_cred_vers,
-                                       const char   *in_principal, 
+                                       const char   *in_principal,
                                        cc_ccache_t  *out_ccache);
-    
+
      /*!
       * \param in_context the context object for the cache collection.
       * \param in_cred_vers the version of the credentials the new ccache will hold
@@ -854,36 +854,36 @@ struct cc_context_f {
       * \return On success, #ccNoError.  On failure, an error code representing the failure.
       * \brief \b cc_context_create_new_ccache(): Create a new uniquely named ccache.
       *
-      * Create a new unique credentials cache. The behavior of this function 
-      * is similar to that of cc_create_ccache(). If there are no ccaches, and 
-      * therefore no default ccache, the new ccache is created with the default 
-      * ccache name as would be returned by get_default_ccache_name(). If there 
-      * are some ccaches, and therefore there is a default ccache, the new ccache 
-      * is created with a new unique name. Clearly, this function never reinitializes 
+      * Create a new unique credentials cache. The behavior of this function
+      * is similar to that of cc_create_ccache(). If there are no ccaches, and
+      * therefore no default ccache, the new ccache is created with the default
+      * ccache name as would be returned by get_default_ccache_name(). If there
+      * are some ccaches, and therefore there is a default ccache, the new ccache
+      * is created with a new unique name. Clearly, this function never reinitializes
       * a ccache, since it always uses a unique name.
       */
      cc_int32 (*create_new_ccache) (cc_context_t in_context,
                                    cc_uint32    in_cred_vers,
-                                   const char  *in_principal, 
+                                   const char  *in_principal,
                                    cc_ccache_t *out_ccache);
-    
+
      /*!
       * \param in_context the context object for the cache collection.
       * \param out_iterator on exit, a ccache iterator object for the ccache collection.
       * \return On success, #ccNoError.  On failure, an error code representing the failure.
       * \brief \b cc_context_new_ccache_iterator(): Get an iterator for the cache collection.
       *
-      * Used to allocate memory and initialize iterator. Successive calls to iterator's 
+      * Used to allocate memory and initialize iterator. Successive calls to iterator's
       * next() function will return ccaches in the collection.
       *
-      * If changes are made to the collection while an iterator is being used 
-      * on it, the iterator must return at least the intersection, and at most 
-      * the union, of the set of ccaches that were present when the iteration 
+      * If changes are made to the collection while an iterator is being used
+      * on it, the iterator must return at least the intersection, and at most
+      * the union, of the set of ccaches that were present when the iteration
       * began and the set of ccaches that are present when it ends.
       */
      cc_int32 (*new_ccache_iterator) (cc_context_t          in_context,
                                      cc_ccache_iterator_t *out_iterator);
-    
+
      /*!
       * \param in_context the context object for the cache collection.
       * \param in_lock_type the type of lock to obtain.
@@ -891,49 +891,49 @@ struct cc_context_f {
       * \return On success, #ccNoError.  On failure, an error code representing the failure.
       * \brief \b cc_context_lock(): Lock the cache collection.
       *
-      * Attempts to acquire an advisory lock for the ccache collection. Allowed values 
+      * Attempts to acquire an advisory lock for the ccache collection. Allowed values
       * for lock_type are:
-      * 
+      *
       * \li cc_lock_read: a read lock.
       * \li cc_lock_write: a write lock
       * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock
       * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock
-      * 
-      * If block is cc_lock_block, lock() will not return until the lock is acquired. 
-      * If block is cc_lock_noblock, lock() will return immediately, either acquiring 
-      * the lock and returning ccNoError, or failing to acquire the lock and returning 
+      *
+      * If block is cc_lock_block, lock() will not return until the lock is acquired.
+      * If block is cc_lock_noblock, lock() will return immediately, either acquiring
+      * the lock and returning ccNoError, or failing to acquire the lock and returning
       * an error explaining why.
       *
       * Locks apply only to the list of ccaches, not the contents of those ccaches.  To
       * prevent callers participating in the advisory locking from changing the credentials
       * in a cache you must also lock that ccache with cc_ccache_lock().  This is so
-      * that you can get the list of ccaches without preventing applications from 
+      * that you can get the list of ccaches without preventing applications from
       * simultaneously obtaining service tickets.
-      * 
-      * To avoid having to deal with differences between thread semantics on different 
-      * platforms, locks are granted per context, rather than per thread or per process. 
-      * That means that different threads of execution have to acquire separate contexts 
+      *
+      * To avoid having to deal with differences between thread semantics on different
+      * platforms, locks are granted per context, rather than per thread or per process.
+      * That means that different threads of execution have to acquire separate contexts
       * in order to be able to synchronize with each other.
       *
       * The lock should be unlocked by using cc_context_unlock().
-      * 
-      * \note All locks are advisory.  For example, callers which do not call 
-      * cc_context_lock() and cc_context_unlock() will not be prevented from writing 
+      *
+      * \note All locks are advisory.  For example, callers which do not call
+      * cc_context_lock() and cc_context_unlock() will not be prevented from writing
       * to the cache collection when you have a read lock.  This is because the CCAPI
-      * locking was added after the first release and thus adding mandatory locks would 
+      * locking was added after the first release and thus adding mandatory locks would
       * have changed the user experience and performance of existing applications.
       */
      cc_int32 (*lock) (cc_context_t in_context,
                       cc_uint32    in_lock_type,
                       cc_uint32    in_block);
-    
+
      /*!
       * \param in_context the context object for the cache collection.
       * \return On success, #ccNoError.  On failure, an error code representing the failure.
       * \brief \b cc_context_unlock(): Unlock the cache collection.
       */
      cc_int32 (*unlock) (cc_context_t in_cc_context);
-    
+
      /*!
       * \param in_context a context object.
       * \param in_compare_to_context a context object to compare with \a in_context.
@@ -944,20 +944,20 @@ struct cc_context_f {
      cc_int32 (*compare) (cc_context_t  in_cc_context,
 			  cc_context_t  in_compare_to_context,
 			  cc_uint32    *out_equal);
-    
+
      /*!
       * \param in_context a context object.
       * \return On success, #ccNoError.  On failure, an error code representing the failure.
       * \brief \b cc_context_wait_for_change(): Wait for the next change in the cache collection.
       *
-      * This function blocks until the next change is made to the cache collection 
-      * ccache collection. By repeatedly calling cc_context_wait_for_change() from 
-      * a worker thread the caller can effectively receive callbacks whenever the 
+      * This function blocks until the next change is made to the cache collection
+      * ccache collection. By repeatedly calling cc_context_wait_for_change() from
+      * a worker thread the caller can effectively receive callbacks whenever the
       * cache collection changes.  This is considerably more efficient than polling
       * with cc_context_get_change_time().
-      * 
+      *
       * cc_context_wait_for_change() will return whenever:
-      * 
+      *
       * \li a ccache is created
       * \li a ccache is destroyed
       * \li a credential is stored
@@ -965,19 +965,19 @@ struct cc_context_f {
       * \li a ccache principal is changed
       * \li the default ccache is changed
       *
-      * \note In order to make sure that the caller doesn't miss any changes, 
+      * \note In order to make sure that the caller doesn't miss any changes,
       * cc_context_wait_for_change() always returns immediately after the first time it
       * is called on a new context object. Callers must use the same context object
-      * for successive calls to cc_context_wait_for_change() rather than creating a new 
+      * for successive calls to cc_context_wait_for_change() rather than creating a new
       * context for every call.
-      * 
+      *
       * \sa get_change_time
       */
      cc_int32 (*wait_for_change) (cc_context_t in_cc_context);
 };
 
 /*!
- * Function pointer table for cc_ccache_t.  For more information see 
+ * Function pointer table for cc_ccache_t.  For more information see
  * \ref cc_ccache_reference.
  */
 struct cc_ccache_f {
@@ -988,54 +988,54 @@ struct cc_ccache_f {
      * \note Does not modify the ccache.  If you wish to remove the ccache see cc_ccache_destroy().
      */
     cc_int32 (*release) (cc_ccache_t io_ccache);
-    
+
     /*!
      * \param io_ccache the ccache object to destroy and release.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_destroy(): Destroy a ccache.
-     * 
+     *
      * Destroy the ccache referred to by \a io_ccache and releases memory associated with
-     * the \a io_ccache object.  After this call \a io_ccache becomes invalid.  If 
+     * the \a io_ccache object.  After this call \a io_ccache becomes invalid.  If
      * \a io_ccache was the default ccache, the next ccache in the cache collection (if any)
      * becomes the new default.
      */
     cc_int32 (*destroy) (cc_ccache_t io_ccache);
-    
+
     /*!
      * \param io_ccache a ccache object to make the new default ccache.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_set_default(): Make a ccache the default ccache.
      */
     cc_int32 (*set_default) (cc_ccache_t io_ccache);
-    
+
     /*!
      * \param in_ccache a ccache object.
      * \param out_credentials_version on exit, the credentials version of \a in_ccache.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_get_credentials_version(): Get the credentials version of a ccache.
      *
-     * cc_ccache_get_credentials_version() returns one value of the enumerated type 
-     * cc_credentials_vers. The possible return values are #cc_credentials_v4 
-     * (if ccache's v4 principal has been set), #cc_credentials_v5 
-     * (if ccache's v5 principal has been set), or #cc_credentials_v4_v5 
-     * (if both ccache's v4 and v5 principals have been set). A ccache's 
-     * principal is set with one of cc_context_create_ccache(), 
-     * cc_context_create_new_ccache(), cc_context_create_default_ccache(), or 
+     * cc_ccache_get_credentials_version() returns one value of the enumerated type
+     * cc_credentials_vers. The possible return values are #cc_credentials_v4
+     * (if ccache's v4 principal has been set), #cc_credentials_v5
+     * (if ccache's v5 principal has been set), or #cc_credentials_v4_v5
+     * (if both ccache's v4 and v5 principals have been set). A ccache's
+     * principal is set with one of cc_context_create_ccache(),
+     * cc_context_create_new_ccache(), cc_context_create_default_ccache(), or
      * cc_ccache_set_principal().
      */
     cc_int32 (*get_credentials_version) (cc_ccache_t  in_ccache,
                                          cc_uint32   *out_credentials_version);
-    
+
     /*!
      * \param in_ccache a ccache object.
-     * \param out_name on exit, a cc_string_t representing the name of \a in_ccache.  
+     * \param out_name on exit, a cc_string_t representing the name of \a in_ccache.
      * \a out_name must be released with cc_string_release().
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_get_name(): Get the name of a ccache.
      */
     cc_int32 (*get_name) (cc_ccache_t  in_ccache,
                           cc_string_t *out_name);
-    
+
     /*!
      * \param in_ccache a ccache object.
      * \param in_credentials_version the credentials version to get the principal for.
@@ -1043,118 +1043,118 @@ struct cc_ccache_f {
      * \a out_principal must be released with cc_string_release().
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_get_principal(): Get the principal of a ccache.
-     * 
-     * Return the principal for the ccache that was set via cc_context_create_ccache(), 
-     * cc_context_create_default_ccache(), cc_context_create_new_ccache(), or 
-     * cc_ccache_set_principal(). Principals for v4 and v5 are separate, but 
-     * should be kept synchronized for each ccache; they can be retrieved by 
-     * passing cc_credentials_v4 or cc_credentials_v5 in cred_vers. Passing 
+     *
+     * Return the principal for the ccache that was set via cc_context_create_ccache(),
+     * cc_context_create_default_ccache(), cc_context_create_new_ccache(), or
+     * cc_ccache_set_principal(). Principals for v4 and v5 are separate, but
+     * should be kept synchronized for each ccache; they can be retrieved by
+     * passing cc_credentials_v4 or cc_credentials_v5 in cred_vers. Passing
      * cc_credentials_v4_v5 will result in the error ccErrBadCredentialsVersion.
      */
     cc_int32 (*get_principal) (cc_ccache_t  in_ccache,
                                cc_uint32    in_credentials_version,
                                cc_string_t *out_principal);
-    
-    
+
+
     /*!
      * \param in_ccache a ccache object.
      * \param in_credentials_version the credentials version to set the principal for.
      * \param in_principal a C string representing the new principal of \a in_ccache.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_set_principal(): Set the principal of a ccache.
-     * 
-     * Set the a principal for ccache. The v4 and v5 principals can be set 
-     * independently, but they should always be kept equal, up to differences in 
-     * string representation between v4 and v5. Passing cc_credentials_v4_v5 in 
+     *
+     * Set the a principal for ccache. The v4 and v5 principals can be set
+     * independently, but they should always be kept equal, up to differences in
+     * string representation between v4 and v5. Passing cc_credentials_v4_v5 in
      * cred_vers will result in the error ccErrBadCredentialsVersion.
      */
     cc_int32 (*set_principal) (cc_ccache_t  io_ccache,
                                cc_uint32    in_credentials_version,
                                const char  *in_principal);
-    
+
     /*!
      * \param io_ccache a ccache object.
      * \param in_credentials_union the credentials to store in \a io_ccache.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_store_credentials(): Store credentials in a ccache.
-     * 
+     *
      * Store a copy of credentials in the ccache.
-     * 
-     * See the description of the credentials types for the meaning of 
+     *
+     * See the description of the credentials types for the meaning of
      * cc_credentials_union fields.
-     * 
-     * Before credentials of a specific credential type can be stored in a ccache, 
-     * the corresponding principal version has to be set. For example, before you can  
-     * store Kerberos v4 credentials in a ccache, the Kerberos v4 principal has to be set 
-     * either by cc_context_create_ccache(), cc_context_create_default_ccache(), 
-     * cc_context_create_new_ccache(), or cc_ccache_set_principal(); likewise for 
+     *
+     * Before credentials of a specific credential type can be stored in a ccache,
+     * the corresponding principal version has to be set. For example, before you can
+     * store Kerberos v4 credentials in a ccache, the Kerberos v4 principal has to be set
+     * either by cc_context_create_ccache(), cc_context_create_default_ccache(),
+     * cc_context_create_new_ccache(), or cc_ccache_set_principal(); likewise for
      * Kerberos v5. Otherwise, ccErrBadCredentialsVersion is returned.
      */
     cc_int32 (*store_credentials) (cc_ccache_t                 io_ccache,
                                    const cc_credentials_union *in_credentials_union);
-    
+
     /*!
      * \param io_ccache a ccache object.
      * \param in_credentials the credentials to remove from \a io_ccache.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_remove_credentials(): Remove credentials from a ccache.
-     * 
-     * Removes credentials from a ccache. Note that credentials must be previously 
-     * acquired from the CCache API; only exactly matching credentials will be 
-     * removed. (This places the burden of determining exactly which credentials 
-     * to remove on the caller, but ensures there is no ambigity about which 
-     * credentials will be removed.) cc_credentials_t objects can be obtained by 
+     *
+     * Removes credentials from a ccache. Note that credentials must be previously
+     * acquired from the CCache API; only exactly matching credentials will be
+     * removed. (This places the burden of determining exactly which credentials
+     * to remove on the caller, but ensures there is no ambigity about which
+     * credentials will be removed.) cc_credentials_t objects can be obtained by
      * iterating over the ccache's credentials with cc_ccache_new_credentials_iterator().
-     * 
-     * If found, the credentials are removed from the ccache. The credentials 
-     * parameter is not modified and should be freed by the caller. It is 
-     * legitimate to call this function while an iterator is traversing the 
-     * ccache, and the deletion of a credential already returned by 
-     * cc_credentials_iterator_next() will not disturb sequence of credentials 
+     *
+     * If found, the credentials are removed from the ccache. The credentials
+     * parameter is not modified and should be freed by the caller. It is
+     * legitimate to call this function while an iterator is traversing the
+     * ccache, and the deletion of a credential already returned by
+     * cc_credentials_iterator_next() will not disturb sequence of credentials
      * returned by cc_credentials_iterator_next().
      */
     cc_int32 (*remove_credentials) (cc_ccache_t      io_ccache,
                                     cc_credentials_t in_credentials);
-    
+
     /*!
      * \param in_ccache a ccache object.
      * \param out_credentials_iterator a credentials iterator for \a io_ccache.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_new_credentials_iterator(): Iterate over credentials in a ccache.
-     * 
-     * Allocates memory for iterator and initializes it. Successive calls to 
+     *
+     * Allocates memory for iterator and initializes it. Successive calls to
      * cc_credentials_iterator_next() will return credentials from the ccache.
-     * 
-     * If changes are made to the ccache while an iterator is being used on it, 
-     * the iterator must return at least the intersection, and at most the union, 
-     * of the set of credentials that were in the ccache when the iteration began 
+     *
+     * If changes are made to the ccache while an iterator is being used on it,
+     * the iterator must return at least the intersection, and at most the union,
+     * of the set of credentials that were in the ccache when the iteration began
      * and the set of credentials that are in the ccache when it ends.
      */
     cc_int32 (*new_credentials_iterator) (cc_ccache_t                in_ccache,
                                           cc_credentials_iterator_t *out_credentials_iterator);
-    
+
     /*!
      * \param io_source_ccache a ccache object to move.
      * \param io_destination_ccache a ccache object replace with the contents of \a io_source_ccache.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_move(): Move the contents of one ccache into another, destroying the source.
-     * 
-     * cc_ccache_move() atomically copies the credentials, credential versions and principals 
-     * from one ccache to another.  On successful completion \a io_source_ccache will be 
+     *
+     * cc_ccache_move() atomically copies the credentials, credential versions and principals
+     * from one ccache to another.  On successful completion \a io_source_ccache will be
      * released and the ccache it points to will be destroyed.  Any credentials previously
      * in \a io_destination_ccache will be replaced with credentials from \a io_source_ccache.
      * The only part of \a io_destination_ccache which remains constant is the name.  Any other
      * callers referring to \a io_destination_ccache will suddenly see new data in it.
      *
-     * Typically cc_ccache_move() is used when the caller wishes to safely overwrite the 
-     * contents of a ccache with new data which requires several steps to generate.  
-     * cc_ccache_move() allows the caller to create a temporary ccache 
+     * Typically cc_ccache_move() is used when the caller wishes to safely overwrite the
+     * contents of a ccache with new data which requires several steps to generate.
+     * cc_ccache_move() allows the caller to create a temporary ccache
      * (which can be destroyed if any intermediate step fails) and the atomically copy
      * the temporary cache into the destination.
      */
     cc_int32 (*move) (cc_ccache_t io_source_ccache,
                       cc_ccache_t io_destination_ccache);
-    
+
     /*!
      * \param io_ccache the ccache object for the ccache you wish to lock.
      * \param in_lock_type the type of lock to obtain.
@@ -1163,84 +1163,84 @@ struct cc_ccache_f {
      * \brief \b cc_ccache_lock(): Lock a ccache.
      *
      * Attempts to acquire an advisory lock for a ccache. Allowed values for lock_type are:
-     * 
+     *
      * \li cc_lock_read: a read lock.
      * \li cc_lock_write: a write lock
      * \li cc_lock_upgrade: upgrade an already-obtained read lock to a write lock
      * \li cc_lock_downgrade: downgrade an already-obtained write lock to a read lock
-     * 
-     * If block is cc_lock_block, lock() will not return until the lock is acquired. 
-     * If block is cc_lock_noblock, lock() will return immediately, either acquiring 
-     * the lock and returning ccNoError, or failing to acquire the lock and returning 
+     *
+     * If block is cc_lock_block, lock() will not return until the lock is acquired.
+     * If block is cc_lock_noblock, lock() will return immediately, either acquiring
+     * the lock and returning ccNoError, or failing to acquire the lock and returning
      * an error explaining why.
      *
-     * To avoid having to deal with differences between thread semantics on different 
-     * platforms, locks are granted per ccache, rather than per thread or per process. 
-     * That means that different threads of execution have to acquire separate contexts 
+     * To avoid having to deal with differences between thread semantics on different
+     * platforms, locks are granted per ccache, rather than per thread or per process.
+     * That means that different threads of execution have to acquire separate contexts
      * in order to be able to synchronize with each other.
      *
      * The lock should be unlocked by using cc_ccache_unlock().
-     * 
-     * \note All locks are advisory.  For example, callers which do not call 
-     * cc_ccache_lock() and cc_ccache_unlock() will not be prevented from writing 
+     *
+     * \note All locks are advisory.  For example, callers which do not call
+     * cc_ccache_lock() and cc_ccache_unlock() will not be prevented from writing
      * to the ccache when you have a read lock.  This is because the CCAPI
-     * locking was added after the first release and thus adding mandatory locks would 
+     * locking was added after the first release and thus adding mandatory locks would
      * have changed the user experience and performance of existing applications.
      */
     cc_int32 (*lock) (cc_ccache_t io_ccache,
                       cc_uint32   in_lock_type,
                       cc_uint32   in_block);
-    
+
     /*!
      * \param io_ccache a ccache object.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_unlock(): Unlock a ccache.
      */
     cc_int32 (*unlock) (cc_ccache_t io_ccache);
-    
+
     /*!
      * \param in_ccache a cache object.
      * \param out_last_default_time on exit, the last time the ccache was default.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_get_change_time(): Get the last time a ccache was the default ccache.
-     * 
-     * This function returns the last time when the ccache was made the default ccache. 
-     * This allows clients to sort the ccaches by how recently they were default, which 
-     * is useful for user listing of ccaches. If the ccache was never default, 
+     *
+     * This function returns the last time when the ccache was made the default ccache.
+     * This allows clients to sort the ccaches by how recently they were default, which
+     * is useful for user listing of ccaches. If the ccache was never default,
      * ccErrNeverDefault is returned.
      */
     cc_int32 (*get_last_default_time) (cc_ccache_t  in_ccache,
                                        cc_time_t   *out_last_default_time);
-    
+
     /*!
      * \param in_ccache a cache object.
      * \param out_change_time on exit, the last time the ccache changed.
      * \return On success, #ccNoError.  If the ccache was never the default ccache,
      * #ccErrNeverDefault.  Otherwise, an error code representing the failure.
      * \brief \b cc_ccache_get_change_time(): Get the last time a ccache changed.
-     * 
-     * This function returns the time of the most recent change made to a ccache. 
-     * By maintaining a local copy the caller can deduce whether or not the ccache has  
+     *
+     * This function returns the time of the most recent change made to a ccache.
+     * By maintaining a local copy the caller can deduce whether or not the ccache has
      * been modified since the previous call to cc_ccache_get_change_time().
-     * 
+     *
      * The time returned by cc_ccache_get_change_time() increases whenever:
-     * 
+     *
      * \li a credential is stored
      * \li a credential is removed
      * \li a ccache principal is changed
      * \li the ccache becomes the default ccache
      * \li the ccache is no longer the default ccache
      *
-     * \note In order to be able to compare two values returned by cc_ccache_get_change_time(), 
-     * the caller must use the same ccache object to acquire them. Callers should maintain a 
-     * single ccache object in memory for cc_ccache_get_change_time() calls rather than 
+     * \note In order to be able to compare two values returned by cc_ccache_get_change_time(),
+     * the caller must use the same ccache object to acquire them. Callers should maintain a
+     * single ccache object in memory for cc_ccache_get_change_time() calls rather than
      * creating a new ccache object for every call.
-     * 
+     *
      * \sa wait_for_change
      */
     cc_int32 (*get_change_time) (cc_ccache_t  in_ccache,
                                  cc_time_t   *out_change_time);
-    
+
     /*!
      * \param in_ccache a ccache object.
      * \param in_compare_to_ccache a ccache object to compare with \a in_ccache.
@@ -1251,26 +1251,26 @@ struct cc_ccache_f {
     cc_int32 (*compare) (cc_ccache_t  in_ccache,
                          cc_ccache_t  in_compare_to_ccache,
                          cc_uint32   *out_equal);
-    
+
     /*!
      * \param in_ccache a ccache object.
      * \param in_credentials_version the credentials version to get the time offset for.
      * \param out_time_offset on exit, the KDC time offset for \a in_ccache for credentials version
      * \a in_credentials_version.
-     * \return On success, #ccNoError if a time offset was obtained or #ccErrTimeOffsetNotSet 
+     * \return On success, #ccNoError if a time offset was obtained or #ccErrTimeOffsetNotSet
      * if a time offset has not been set.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_get_kdc_time_offset(): Get the KDC time offset for credentials in a ccache.
      * \sa set_kdc_time_offset, clear_kdc_time_offset
-     * 
+     *
      * Sometimes the KDC and client's clocks get out of sync.  cc_ccache_get_kdc_time_offset()
-     * returns the difference between the KDC and client's clocks at the time credentials were 
-     * acquired.  This offset allows callers to figure out how much time is left on a given  
+     * returns the difference between the KDC and client's clocks at the time credentials were
+     * acquired.  This offset allows callers to figure out how much time is left on a given
      * credential even though the end_time is based on the KDC's clock not the client's clock.
      */
     cc_int32 (*get_kdc_time_offset) (cc_ccache_t  in_ccache,
                                      cc_uint32    in_credentials_version,
                                      cc_time_t   *out_time_offset);
-    
+
     /*!
      * \param in_ccache a ccache object.
      * \param in_credentials_version the credentials version to get the time offset for.
@@ -1279,63 +1279,63 @@ struct cc_ccache_f {
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_set_kdc_time_offset(): Set the KDC time offset for credentials in a ccache.
      * \sa get_kdc_time_offset, clear_kdc_time_offset
-     * 
+     *
      * Sometimes the KDC and client's clocks get out of sync.  cc_ccache_set_kdc_time_offset()
-     * sets the difference between the KDC and client's clocks at the time credentials were 
-     * acquired.  This offset allows callers to figure out how much time is left on a given  
+     * sets the difference between the KDC and client's clocks at the time credentials were
+     * acquired.  This offset allows callers to figure out how much time is left on a given
      * credential even though the end_time is based on the KDC's clock not the client's clock.
      */
     cc_int32 (*set_kdc_time_offset) (cc_ccache_t io_ccache,
                                      cc_uint32   in_credentials_version,
                                      cc_time_t   in_time_offset);
-    
+
     /*!
      * \param in_ccache a ccache object.
      * \param in_credentials_version the credentials version to get the time offset for.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_clear_kdc_time_offset(): Clear the KDC time offset for credentials in a ccache.
      * \sa get_kdc_time_offset, set_kdc_time_offset
-     * 
+     *
      * Sometimes the KDC and client's clocks get out of sync.  cc_ccache_clear_kdc_time_offset()
-     * clears the difference between the KDC and client's clocks at the time credentials were 
-     * acquired.  This offset allows callers to figure out how much time is left on a given  
+     * clears the difference between the KDC and client's clocks at the time credentials were
+     * acquired.  This offset allows callers to figure out how much time is left on a given
      * credential even though the end_time is based on the KDC's clock not the client's clock.
      */
     cc_int32 (*clear_kdc_time_offset) (cc_ccache_t io_ccache,
                                        cc_uint32   in_credentials_version);
-    
+
     /*!
      * \param in_ccache a ccache object.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_ccache_wait_for_change(): Wait for the next change to a ccache.
      *
-     * This function blocks until the next change is made to the ccache referenced by 
-     * \a in_ccache. By repeatedly calling cc_ccache_wait_for_change() from 
-     * a worker thread the caller can effectively receive callbacks whenever the 
+     * This function blocks until the next change is made to the ccache referenced by
+     * \a in_ccache. By repeatedly calling cc_ccache_wait_for_change() from
+     * a worker thread the caller can effectively receive callbacks whenever the
      * ccache changes.  This is considerably more efficient than polling
      * with cc_ccache_get_change_time().
-     * 
+     *
      * cc_ccache_wait_for_change() will return whenever:
-     * 
+     *
      * \li a credential is stored
      * \li a credential is removed
      * \li the ccache principal is changed
      * \li the ccache becomes the default ccache
      * \li the ccache is no longer the default ccache
      *
-     * \note In order to make sure that the caller doesn't miss any changes, 
+     * \note In order to make sure that the caller doesn't miss any changes,
      * cc_ccache_wait_for_change() always returns immediately after the first time it
      * is called on a new ccache object. Callers must use the same ccache object
-     * for successive calls to cc_ccache_wait_for_change() rather than creating a new 
+     * for successive calls to cc_ccache_wait_for_change() rather than creating a new
      * ccache object for every call.
-     * 
+     *
      * \sa get_change_time
      */
     cc_int32 (*wait_for_change) (cc_ccache_t in_ccache);
 };
 
 /*!
- * Function pointer table for cc_string_t.  For more information see 
+ * Function pointer table for cc_string_t.  For more information see
  * \ref cc_string_reference.
  */
 struct cc_string_f {
@@ -1348,7 +1348,7 @@ struct cc_string_f {
 };
 
 /*!
- * Function pointer table for cc_credentials_t.  For more information see 
+ * Function pointer table for cc_credentials_t.  For more information see
  * \ref cc_credentials_reference.
  */
 struct cc_credentials_f {
@@ -1358,11 +1358,11 @@ struct cc_credentials_f {
      * \brief \b cc_credentials_release(): Release memory associated with a cc_credentials_t object.
      */
     cc_int32 (*release) (cc_credentials_t  io_credentials);
-    
+
     /*!
      * \param in_credentials a credentials object.
      * \param in_compare_to_credentials a credentials object to compare with \a in_credentials.
-     * \param out_equal on exit, whether or not the two credentials objects refer to the 
+     * \param out_equal on exit, whether or not the two credentials objects refer to the
      * same credentials in the cache collection.
      * \return On success, #ccNoError.  On failure, an error code representing the failure.
      * \brief \b cc_credentials_compare(): Compare two credentials objects.
@@ -1373,7 +1373,7 @@ struct cc_credentials_f {
 };
 
 /*!
- * Function pointer table for cc_ccache_iterator_t.  For more information see 
+ * Function pointer table for cc_ccache_iterator_t.  For more information see
  * \ref cc_ccache_iterator_reference.
  */
 struct cc_ccache_iterator_f {
@@ -1383,18 +1383,18 @@ struct cc_ccache_iterator_f {
      * \brief \b cc_ccache_iterator_release(): Release memory associated with a cc_ccache_iterator_t object.
      */
     cc_int32 (*release) (cc_ccache_iterator_t io_ccache_iterator);
-    
+
     /*!
      * \param in_ccache_iterator a ccache iterator object.
      * \param out_ccache on exit, the next ccache in the cache collection.
-     * \return On success, #ccNoError if the next ccache in the cache collection was 
-     * obtained or #ccIteratorEnd if there are no more ccaches.  
+     * \return On success, #ccNoError if the next ccache in the cache collection was
+     * obtained or #ccIteratorEnd if there are no more ccaches.
      * On failure, an error code representing the failure.
      * \brief \b cc_ccache_iterator_next(): Get the next ccache in the cache collection.
      */
     cc_int32 (*next) (cc_ccache_iterator_t  in_ccache_iterator,
                       cc_ccache_t          *out_ccache);
-    
+
     /*!
      * \param in_ccache_iterator a ccache iterator object.
      * \param out_ccache_iterator on exit, a copy of \a in_ccache_iterator.
@@ -1406,7 +1406,7 @@ struct cc_ccache_iterator_f {
 };
 
 /*!
- * Function pointer table for cc_credentials_iterator_t.  For more information see 
+ * Function pointer table for cc_credentials_iterator_t.  For more information see
  * \ref cc_credentials_iterator_reference.
  */
 struct cc_credentials_iterator_f {
@@ -1416,18 +1416,18 @@ struct cc_credentials_iterator_f {
      * \brief \b cc_credentials_iterator_release(): Release memory associated with a cc_credentials_iterator_t object.
      */
     cc_int32 (*release) (cc_credentials_iterator_t io_credentials_iterator);
-    
+
     /*!
      * \param in_credentials_iterator a credentials iterator object.
      * \param out_credentials on exit, the next credentials in the ccache.
      * \return On success, #ccNoError if the next credential in the ccache was obtained
-     * or #ccIteratorEnd if there are no more credentials.  
+     * or #ccIteratorEnd if there are no more credentials.
      * On failure, an error code representing the failure.
      * \brief \b cc_credentials_iterator_next(): Get the next credentials in the ccache.
      */
     cc_int32 (*next) (cc_credentials_iterator_t  in_credentials_iterator,
                       cc_credentials_t          *out_credentials);
-    
+
     /*!
      * \ingroup cc_credentials_iterator_reference
      * \param in_credentials_iterator a credentials iterator object.
@@ -1442,11 +1442,11 @@ struct cc_credentials_iterator_f {
 /*!
  * \ingroup cc_context_reference
  * \param out_context on exit, a new context object.  Must be free with cc_context_release().
- * \param in_version  the requested API version.  This should be the maximum version the 
+ * \param in_version  the requested API version.  This should be the maximum version the
  * application supports.
  * \param out_supported_version if non-NULL, on exit contains the maximum API version
  * supported by the implementation.
- * \param out_vendor if non-NULL, on exit contains a pointer to a read-only C string which 
+ * \param out_vendor if non-NULL, on exit contains a pointer to a read-only C string which
  * contains a string describing the vendor which implemented the credentials cache API.
  * \return On success, #ccNoError.  On failure, an error code representing the failure.
  * May return CCAPI v2 error CC_BAD_API_VERSION if #ccapi_version_2 is passed in.
@@ -1456,7 +1456,7 @@ CCACHE_API cc_int32 cc_initialize (cc_context_t  *out_context,
                                    cc_int32       in_version,
                                    cc_int32      *out_supported_version,
                                    char const   **out_vendor);
-	
+
 
 /*! \defgroup helper_macros CCAPI Function Helper Macros
  * @{ */
@@ -1582,7 +1582,7 @@ CCACHE_API cc_int32 cc_initialize (cc_context_t  *out_context,
 /*! Helper macro for cc_ccache_iterator_f clone() */
 #define		cc_ccache_iterator_clone(iterator, new_iterator) \
 			((iterator) -> functions -> clone (iterator, new_iterator))
-	
+
 /*! Helper macro for cc_credentials_iterator_f release() */
 #define		cc_credentials_iterator_release(iterator) \
 			((iterator) -> functions -> release (iterator))
diff --git a/src/include/CredentialsCache2.h b/src/include/CredentialsCache2.h
index b0c45d59e..e9ea311cf 100644
--- a/src/include/CredentialsCache2.h
+++ b/src/include/CredentialsCache2.h
@@ -25,13 +25,13 @@
  */
 
 /*
- * This is backwards compatibility for CCache API v2 clients to be able to run 
+ * This is backwards compatibility for CCache API v2 clients to be able to run
  * against the CCache API v3 library
  */
- 
+
 #ifndef CCAPI_V2_H
 #define CCAPI_V2_H
- 
+
 #include <CredentialsCache.h>
 
 #if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
@@ -53,7 +53,7 @@ extern "C" {
 #if TARGET_OS_MAC
 #pragma pack(push,2)
 #endif
-    
+
 /* Some old types get directly mapped to new types */
 
 typedef cc_context_d apiCB;
@@ -84,17 +84,17 @@ typedef struct cc_credentials_v5_compat {
     cc_data_compat		second_ticket;
     cc_data_compat**	        authdata;
 } cc_credentials_v5_compat;
- 
+
 enum {
     MAX_V4_CRED_LEN = 1250
 };
- 
+
 enum {
     KRB_NAME_SZ = 40,
     KRB_INSTANCE_SZ = 40,
     KRB_REALM_SZ = 40
 };
- 
+
 typedef struct cc_credentials_v4_compat {
     unsigned char	kversion;
     char		principal[KRB_NAME_SZ+1];
@@ -117,7 +117,7 @@ typedef union cred_ptr_union_compat {
     cc_credentials_v4_compat* pV4Cred;
     cc_credentials_v5_compat* pV5Cred;
 } cred_ptr_union_compat;
- 
+
 typedef struct cred_union {
     cc_int32              cred_type;  /* cc_cred_vers */
     cred_ptr_union_compat cred;
@@ -162,7 +162,7 @@ enum {
     CC_ERR_CACHE_RELEASE,
     CC_ERR_CACHE_FULL,
     CC_ERR_CRED_VERSION
-};      
+};
 
 enum {
     CC_CRED_UNKNOWN,
@@ -178,21 +178,21 @@ enum {
     CC_LOCK_NOBLOCK = 16
 };
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_shutdown (apiCB **io_context)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_get_NC_info (apiCB    *in_context,
                 infoNC ***out_info)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_get_change_time (apiCB     *in_context,
                     cc_time_t *out_change_time)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_open (apiCB       *in_context,
          const char  *in_name,
          cc_int32     in_version,
@@ -200,7 +200,7 @@ cc_open (apiCB       *in_context,
          ccache_p   **out_ccache)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_create (apiCB       *in_context,
            const char  *in_name,
            const char  *in_principal,
@@ -209,107 +209,107 @@ cc_create (apiCB       *in_context,
            ccache_p   **out_ccache)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_close (apiCB     *in_context,
           ccache_p **ioCCache)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_destroy (apiCB     *in_context,
             ccache_p **io_ccache)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_seq_fetch_NCs_begin (apiCB       *in_context,
                         ccache_cit **out_nc_iterator)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_seq_fetch_NCs_next (apiCB       *in_context,
                        ccache_p   **out_ccache,
                        ccache_cit  *in_nc_iterator)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_seq_fetch_NCs_end (apiCB       *in_context,
                       ccache_cit **io_nc_iterator)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_get_name (apiCB     *in_context,
              ccache_p  *in_ccache,
              char     **out_name)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_get_cred_version (apiCB    *in_context,
                      ccache_p *in_ccache,
                      cc_int32 *out_version)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_set_principal (apiCB    *in_context,
                   ccache_p *in_ccache,
                   cc_int32  in_version,
                   char     *in_principal)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_get_principal (apiCB     *in_context,
                   ccache_p  *in_ccache,
                   char     **out_principal)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_store (apiCB      *in_context,
           ccache_p   *in_ccache,
           cred_union  in_credentials)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_remove_cred (apiCB      *in_context,
                 ccache_p   *in_ccache,
                 cred_union  in_credentials)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_seq_fetch_creds_begin (apiCB           *in_context,
                           const ccache_p  *in_ccache,
                           ccache_cit     **out_ccache_iterator)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_seq_fetch_creds_next (apiCB       *in_context,
                          cred_union **out_cred_union,
                          ccache_cit  *in_ccache_iterator)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_seq_fetch_creds_end (apiCB       *in_context,
                         ccache_cit **io_ccache_iterator)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_free_principal (apiCB  *in_context,
                    char  **io_principal)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_free_name (apiCB  *in_context,
               char  **io_name)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_free_creds (apiCB       *in_context,
                cred_union **io_cred_union)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_free_NC_info (apiCB    *in_context,
                  infoNC ***io_info)
 CCAPI_DEPRECATED;
 
-CCACHE_API cc_int32 
+CCACHE_API cc_int32
 cc_lock_request (apiCB          *in_context,
                  const ccache_p *in_ccache,
                  const cc_int32  in_lock_type)
diff --git a/src/include/adm_proto.h b/src/include/adm_proto.h
index 47d500d0d..cd17a2fa6 100644
--- a/src/include/adm_proto.h
+++ b/src/include/adm_proto.h
@@ -111,7 +111,7 @@ krb5_flags_to_string (krb5_flags,
 		      char *,
 		      size_t);
 krb5_error_code
-krb5_input_flag_to_string (int, 
+krb5_input_flag_to_string (int,
 			   char *,
 			   size_t);
 
@@ -128,7 +128,7 @@ krb5_keysalt_iterate (krb5_key_salt_tuple *,
 		      krb5_error_code (*) (krb5_key_salt_tuple *,
 					   krb5_pointer),
 		      krb5_pointer);
-				     
+
 krb5_error_code
 krb5_string_to_keysalts (char *,
 			 const char *,
diff --git a/src/include/cm.h b/src/include/cm.h
index 716e6cb59..a317c835a 100644
--- a/src/include/cm.h
+++ b/src/include/cm.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -75,7 +75,7 @@ struct conn_state {
 struct sendto_callback_info {
     int  (*pfn_callback) (struct conn_state *, void *, krb5_data *);
     void (*pfn_cleanup)  (void *, krb5_data *);
-    void  *context;	
+    void  *context;
 };
 
 
diff --git a/src/include/copyright.h b/src/include/copyright.h
index b1740ce3c..68dcfdbdb 100644
--- a/src/include/copyright.h
+++ b/src/include/copyright.h
@@ -1,40 +1,40 @@
 /*
  * Copyright (C) 1989-1994 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
diff --git a/src/include/fake-addrinfo.h b/src/include/fake-addrinfo.h
index 952b43f0b..d6ba0fb7c 100644
--- a/src/include/fake-addrinfo.h
+++ b/src/include/fake-addrinfo.h
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 2001,2002,2003,2004 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 
 /* Approach overview:
@@ -202,7 +202,7 @@ struct addrinfo {
 # define AI_DEFAULT (AI_ADDRCONFIG|AI_V4MAPPED)
 #endif
 
-#if defined(KRB5_USE_INET6) && defined(NEED_INSIXADDR_ANY) 
+#if defined(KRB5_USE_INET6) && defined(NEED_INSIXADDR_ANY)
 /* If compiling with IPv6 support and C library does not define in6addr_any */
 extern const struct in6_addr krb5int_in6addr_any;
 #undef in6addr_any
diff --git a/src/include/foreachaddr.h b/src/include/foreachaddr.h
index 57591f596..ae422c7b1 100644
--- a/src/include/foreachaddr.h
+++ b/src/include/foreachaddr.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Iterate over the protocol addresses supported by this host, invoking
  * a callback function or three supplied by the caller.
diff --git a/src/include/gssapi.h b/src/include/gssapi.h
index f55768144..7ce379ac4 100644
--- a/src/include/gssapi.h
+++ b/src/include/gssapi.h
@@ -1,4 +1,4 @@
-/* 
+/*
  * Wrapper so that #include <gssapi.h> will work without special include
  * paths.
  */
diff --git a/src/include/gssrpc/auth.h b/src/include/gssrpc/auth.h
index cc3de9764..0bcb90148 100644
--- a/src/include/gssrpc/auth.h
+++ b/src/include/gssrpc/auth.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -115,11 +115,11 @@ typedef struct AUTH {
 	        /* destroy this structure */
 		void	(*ah_destroy)(struct AUTH *);
 		/* encode data for wire */
-		int     (*ah_wrap)(struct AUTH *, XDR *, 
+		int     (*ah_wrap)(struct AUTH *, XDR *,
 				   xdrproc_t, caddr_t);
 	        /* decode data from wire */
-  	        int	(*ah_unwrap)(struct AUTH *, XDR *, 
-				     xdrproc_t, caddr_t);	
+  	        int	(*ah_unwrap)(struct AUTH *, XDR *,
+				     xdrproc_t, caddr_t);
 	} *ah_ops;
 	void *ah_private;
 } AUTH;
diff --git a/src/include/gssrpc/auth_gss.h b/src/include/gssrpc/auth_gss.h
index ea5db92b9..c850b03bb 100644
--- a/src/include/gssrpc/auth_gss.h
+++ b/src/include/gssrpc/auth_gss.h
@@ -1,9 +1,9 @@
 /*
   auth_gssapi.h
-  
+
   Copyright (c) 2000 The Regents of the University of Michigan.
   All rights reserved.
-  
+
   Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
   All rights reserved, all wrongs reversed.
 
@@ -81,20 +81,20 @@ struct authgss_private_data {
 	uint32_t	pd_seq_win;	/* Sequence window */
 };
 
-/* Krb 5 default mechanism 
+/* Krb 5 default mechanism
 #define KRB5OID  "1.2.840.113554.1.2.2"
 
 gss_OID_desc krb5oid = {
-	20, KRB5OID 
+	20, KRB5OID
 };
  */
 
 /*
-struct rpc_gss_sec krb5mech = { 
+struct rpc_gss_sec krb5mech = {
 	(gss_OID)&krb5oid,
 	GSS_QOP_DEFAULT,
 	RPCSEC_GSS_SVC_NONE
-}; 
+};
 */
 
 /* Credentials. */
diff --git a/src/include/gssrpc/auth_gssapi.h b/src/include/gssrpc/auth_gssapi.h
index 73a2f0b16..cd405d407 100644
--- a/src/include/gssrpc/auth_gssapi.h
+++ b/src/include/gssrpc/auth_gssapi.h
@@ -1,6 +1,6 @@
 /*
  * auth_gssapi.h, Protocol for GSS-API style authentication parameters for RPC
- * 
+ *
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
  *
  * $Id$
@@ -57,7 +57,7 @@ typedef void (*auth_gssapi_log_badauth_func)
 		OM_uint32 minor,
 		struct sockaddr_in *raddr,
 		caddr_t data);
-   
+
 typedef void (*auth_gssapi_log_badverf_func)
      (gss_name_t client,
 		gss_name_t server,
@@ -105,7 +105,7 @@ AUTH *auth_gssapi_create_default
 
 void auth_gssapi_display_status
 (char *msg, OM_uint32 major,
-	   OM_uint32 minor); 
+	   OM_uint32 minor);
 
 bool_t auth_gssapi_seal_seq
 (gss_ctx_id_t context, uint32_t seq_num, gss_buffer_t out_buf);
diff --git a/src/include/gssrpc/auth_unix.h b/src/include/gssrpc/auth_unix.h
index 9be442278..b19bb72b4 100644
--- a/src/include/gssrpc/auth_unix.h
+++ b/src/include/gssrpc/auth_unix.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -66,8 +66,8 @@ struct authunix_parms {
 
 extern bool_t xdr_authunix_parms(XDR *, struct authunix_parms *);
 
-/* 
- * If a response verifier has flavor AUTH_SHORT, 
+/*
+ * If a response verifier has flavor AUTH_SHORT,
  * then the body of the response verifier encapsulates the following structure;
  * again it is serialized in the obvious fashion.
  */
diff --git a/src/include/gssrpc/clnt.h b/src/include/gssrpc/clnt.h
index 95450a241..36707c78e 100644
--- a/src/include/gssrpc/clnt.h
+++ b/src/include/gssrpc/clnt.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -117,13 +117,13 @@ typedef struct CLIENT {
 	        /* call remote procedure */
 	        enum clnt_stat	(*cl_call)(struct CLIENT *,
 					   rpcproc_t, xdrproc_t, void *,
-					   xdrproc_t, void *, 
-					   struct timeval);	
+					   xdrproc_t, void *,
+					   struct timeval);
                 /* abort a call */
-		void		(*cl_abort)(struct CLIENT *);	
+		void		(*cl_abort)(struct CLIENT *);
                 /* get specific error code */
-		void		(*cl_geterr)(struct CLIENT *, 
-					     struct rpc_err *);	
+		void		(*cl_geterr)(struct CLIENT *,
+					     struct rpc_err *);
                 /* frees results */
 		bool_t		(*cl_freeres)(struct CLIENT *,
 					      xdrproc_t, void *);
@@ -242,7 +242,7 @@ typedef struct CLIENT {
 
 /*
  * Below are the client handle creation routines for the various
- * implementations of client side rpc.  They can return NULL if a 
+ * implementations of client side rpc.  They can return NULL if a
  * creation failure occurs.
  */
 
@@ -310,7 +310,7 @@ char *clnt_spcreateerror(char *);	/* string */
 
 /*
  * Like clnt_perror(), but is more verbose in its output
- */ 
+ */
 void clnt_perrno(enum clnt_stat);	/* stderr */
 
 /*
@@ -319,7 +319,7 @@ void clnt_perrno(enum clnt_stat);	/* stderr */
 void clnt_perror(CLIENT *, char *); 	/* stderr */
 char *clnt_sperror(CLIENT *, char *);	/* string */
 
-/* 
+/*
  * If a creation fails, the following allows the user to figure out why.
  */
 struct rpc_createerr {
diff --git a/src/include/gssrpc/netdb.h b/src/include/gssrpc/netdb.h
index 69267874e..1cb082a4e 100644
--- a/src/include/gssrpc/netdb.h
+++ b/src/include/gssrpc/netdb.h
@@ -9,11 +9,11 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
@@ -21,11 +21,11 @@
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/include/gssrpc/pmap_clnt.h b/src/include/gssrpc/pmap_clnt.h
index 808306865..2bdfc1e7f 100644
--- a/src/include/gssrpc/pmap_clnt.h
+++ b/src/include/gssrpc/pmap_clnt.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -46,7 +46,7 @@
  *	head = pmap_getmaps(address);
  *	clnt_stat = pmap_rmtcall(address, program, version, procedure,
  *		xdrargs, argsp, xdrres, resp, tout, port_ptr)
- *		(works for udp only.) 
+ *		(works for udp only.)
  * 	clnt_stat = clnt_broadcast(program, version, procedure,
  *		xdrargs, argsp,	xdrres, resp, eachresult)
  *		(like pmap_rmtcall, except the call is broadcasted to all
@@ -64,9 +64,9 @@ GSSRPC__BEGIN_DECLS
 extern bool_t		pmap_set(rpcprog_t, rpcvers_t, rpcprot_t, u_int);
 extern bool_t		pmap_unset(rpcprog_t, rpcvers_t);
 extern struct pmaplist	*pmap_getmaps(struct sockaddr_in *);
-enum clnt_stat		pmap_rmtcall(struct sockaddr_in *, rpcprog_t, 
-				     rpcvers_t, rpcproc_t, xdrproc_t, 
-				     caddr_t, xdrproc_t, caddr_t, 
+enum clnt_stat		pmap_rmtcall(struct sockaddr_in *, rpcprog_t,
+				     rpcvers_t, rpcproc_t, xdrproc_t,
+				     caddr_t, xdrproc_t, caddr_t,
 				     struct timeval, rpcport_t *);
 
 typedef bool_t (*resultproc_t)(caddr_t, struct sockaddr_in *);
@@ -74,8 +74,8 @@ typedef bool_t (*resultproc_t)(caddr_t, struct sockaddr_in *);
 enum clnt_stat		clnt_broadcast(rpcprog_t, rpcvers_t, rpcproc_t,
 				       xdrproc_t, caddr_t, xdrproc_t,
 				       caddr_t, resultproc_t);
-extern u_short		pmap_getport(struct sockaddr_in *, 
-				     rpcprog_t, 
+extern u_short		pmap_getport(struct sockaddr_in *,
+				     rpcprog_t,
 				     rpcvers_t, rpcprot_t);
 GSSRPC__END_DECLS
 #endif /* !defined(GSSRPC_PMAP_CLNT_H) */
diff --git a/src/include/gssrpc/pmap_prot.h b/src/include/gssrpc/pmap_prot.h
index 8a8802b05..5069723ff 100644
--- a/src/include/gssrpc/pmap_prot.h
+++ b/src/include/gssrpc/pmap_prot.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/include/gssrpc/pmap_rmt.h b/src/include/gssrpc/pmap_rmt.h
index 48789b453..ca3f35d26 100644
--- a/src/include/gssrpc/pmap_rmt.h
+++ b/src/include/gssrpc/pmap_rmt.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/include/gssrpc/rename.h b/src/include/gssrpc/rename.h
index 6e472e617..a4da2cdfb 100644
--- a/src/include/gssrpc/rename.h
+++ b/src/include/gssrpc/rename.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/include/gssrpc/rpc.h b/src/include/gssrpc/rpc.h
index 0f1730d18..6aa1f9471 100644
--- a/src/include/gssrpc/rpc.h
+++ b/src/include/gssrpc/rpc.h
@@ -6,11 +6,11 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
@@ -54,7 +54,7 @@
 #include <gssrpc/auth_unix.h>	/* protocol for unix style cred */
 #include <gssrpc/auth_gss.h>	/* RPCSEC_GSS */
 /*
- *  Uncomment-out the next line if you are building the rpc library with    
+ *  Uncomment-out the next line if you are building the rpc library with
  *  DES Authentication (see the README file in the secure_rpc/ directory).
  */
 #if 0
diff --git a/src/include/gssrpc/rpc_msg.h b/src/include/gssrpc/rpc_msg.h
index 62d632967..6e91de6c9 100644
--- a/src/include/gssrpc/rpc_msg.h
+++ b/src/include/gssrpc/rpc_msg.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/include/gssrpc/svc.h b/src/include/gssrpc/svc.h
index dfe0bec65..16f07206b 100644
--- a/src/include/gssrpc/svc.h
+++ b/src/include/gssrpc/svc.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -82,18 +82,18 @@ typedef struct SVCXPRT {
 	    /* receive incomming requests */
 	    bool_t	(*xp_recv)(struct SVCXPRT *, struct rpc_msg *);
 	    /* get transport status */
-	    enum xprt_stat (*xp_stat)(struct SVCXPRT *); 
+	    enum xprt_stat (*xp_stat)(struct SVCXPRT *);
 	    /* get arguments */
 	    bool_t	(*xp_getargs)(struct SVCXPRT *, xdrproc_t,
 				      void *);
 	    /* send reply */
 	    bool_t	(*xp_reply)(struct SVCXPRT *,
-				    struct rpc_msg *);	 
+				    struct rpc_msg *);
             /* free mem allocated for args */
 	    bool_t	(*xp_freeargs)(struct SVCXPRT *, xdrproc_t,
 				       void *);
 	    /* destroy this struct */
-	    void	(*xp_destroy)(struct SVCXPRT *); 
+	    void	(*xp_destroy)(struct SVCXPRT *);
 	} *xp_ops;
 	int		xp_addrlen;	 /* length of remote address */
 	struct sockaddr_in xp_raddr;	 /* remote address */
@@ -188,7 +188,7 @@ struct svc_req {
  *	rpcprog_t prog;
  *	rpcvers_t vers;
  *	void (*dispatch)();
- *	int protocol;  like IPPROTO_TCP or _UDP; zero means do not register 
+ *	int protocol;  like IPPROTO_TCP or _UDP; zero means do not register
  *
  * registerrpc(prog, vers, proc, routine, inproc, outproc)
  * 	returns 0 upon success, -1 if error.
@@ -241,7 +241,7 @@ extern void	xprt_unregister(SVCXPRT *);
  * Note: do not confuse access-control failure with weak authentication!
  *
  * NB: In pure implementations of rpc, the caller always waits for a reply
- * msg.  This message is sent when svc_sendreply is called.  
+ * msg.  This message is sent when svc_sendreply is called.
  * Therefore pure service implementations should always call
  * svc_sendreply even if the function logically returns void;  use
  * xdr.h - xdr_void for the xdr routine.  HOWEVER, tcp based rpc allows
@@ -275,7 +275,7 @@ extern void	svcerr_systemerr(SVCXPRT *);
 
 /*
  * Global keeper of rpc service descriptors in use
- * dynamic; must be inspected before each call to select 
+ * dynamic; must be inspected before each call to select
  */
 extern int svc_maxfd;
 #ifdef FD_SETSIZE
diff --git a/src/include/gssrpc/svc_auth.h b/src/include/gssrpc/svc_auth.h
index 541aa4514..4c2719c03 100644
--- a/src/include/gssrpc/svc_auth.h
+++ b/src/include/gssrpc/svc_auth.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -31,7 +31,7 @@
 
 /*
  * svc_auth.h, Service side of rpc authentication.
- * 
+ *
  * Copyright (C) 1984, Sun Microsystems, Inc.
  */
 
diff --git a/src/include/gssrpc/types.hin b/src/include/gssrpc/types.hin
index ed612f1f5..c048129da 100644
--- a/src/include/gssrpc/types.hin
+++ b/src/include/gssrpc/types.hin
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -157,7 +157,7 @@ typedef int32_t		rpc_inline_t;
 #if 0
 #include <netdb.h> /* XXX This should not have to be here.
 		    * I got sick of seeing the warnings for MAXHOSTNAMELEN
-		    * and the two values were different. -- shanzer 
+		    * and the two values were different. -- shanzer
 		    */
 #endif
 
diff --git a/src/include/gssrpc/xdr.h b/src/include/gssrpc/xdr.h
index b7c2843a4..9fbf26585 100644
--- a/src/include/gssrpc/xdr.h
+++ b/src/include/gssrpc/xdr.h
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/include/k5-err.h b/src/include/k5-err.h
index e5fc9bddf..4259ce682 100644
--- a/src/include/k5-err.h
+++ b/src/include/k5-err.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Error-message handling
  */
diff --git a/src/include/k5-gmt_mktime.h b/src/include/k5-gmt_mktime.h
index d9d1d1e5a..e7115a54f 100644
--- a/src/include/k5-gmt_mktime.h
+++ b/src/include/k5-gmt_mktime.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * GMT struct tm conversion
  *
diff --git a/src/include/k5-int-pkinit.h b/src/include/k5-int-pkinit.h
index 2fb5f8719..2acc956f9 100644
--- a/src/include/k5-int-pkinit.h
+++ b/src/include/k5-int-pkinit.h
@@ -2,7 +2,7 @@
  * COPYRIGHT (C) 2006
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
  * ALL RIGHTS RESERVED
- * 
+ *
  * Permission is granted to use, copy, create derivative works
  * and redistribute this software and such derivative works
  * for any purpose, so long as the name of The University of
@@ -13,7 +13,7 @@
  * University of Michigan is included in any copy of any
  * portion of this software, then the disclaimer below must
  * also be included.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
  * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
  * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
@@ -249,7 +249,7 @@ krb5_error_code decode_krb5_auth_pack
 krb5_error_code decode_krb5_auth_pack_draft9
 	(const krb5_data *, krb5_auth_pack_draft9 **);
 
-krb5_error_code decode_krb5_kdc_dh_key_info 
+krb5_error_code decode_krb5_kdc_dh_key_info
 	(const krb5_data *, krb5_kdc_dh_key_info **);
 
 krb5_error_code decode_krb5_principal_name
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index f6f091fcc..c583efd1f 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1,54 +1,54 @@
 /*
  * Copyright (C) 1989,1990,1991,1992,1993,1994,1995,2000,2001, 2003,2006,2007,2008,2009 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -59,7 +59,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -96,7 +96,7 @@
 #ifndef KRB5_CONFIG__
 #define KRB5_CONFIG__
 
-/* 
+/*
  * Machine-type definitions: PC Clone 386 running Microloss Windows
  */
 
@@ -140,7 +140,7 @@ typedef INT64_TYPE krb5_int64;
 #define	KRB5_KDB_MAX_RLIFE	(60*60*24*7) /* one week */
 #define	KRB5_KDB_EXPIRATION	2145830400 /* Thu Jan  1 00:00:00 2038 UTC */
 
-/* 
+/*
  * Windows requires a different api interface to each function. Here
  * just define it as NULL.
  */
@@ -381,11 +381,11 @@ typedef struct _krb5_etype_info_entry {
     krb5_data s2kparams;
 } krb5_etype_info_entry;
 
-/* 
+/*
  *  This is essentially -1 without sign extension which can screw up
  *  comparisons on 64 bit machines. If the length is this value, then
  *  the salt data is not present. This is to distinguish between not
- *  being set and being of 0 length. 
+ *  being set and being of 0 length.
  */
 #define KRB5_ETYPE_NO_SALT VALID_UINT_BITS
 
@@ -398,7 +398,7 @@ typedef struct _krb5_etype_list {
 } krb5_etype_list;
 
 /*
- * a sam_challenge is returned for alternate preauth 
+ * a sam_challenge is returned for alternate preauth
  */
 /*
           SAMFlags ::= BIT STRING {
@@ -597,9 +597,9 @@ krb5_error_code krb5_os_init_context (krb5_context, krb5_boolean);
 
 void krb5_os_free_context (krb5_context);
 
-/* This function is needed by KfM's KerberosPreferences API 
+/* This function is needed by KfM's KerberosPreferences API
  * because it needs to be able to specify "secure" */
-krb5_error_code os_get_default_config_files 
+krb5_error_code os_get_default_config_files
     (profile_filespec_t **pfiles, krb5_boolean secure);
 
 krb5_error_code krb5_os_hostaddr
@@ -651,7 +651,7 @@ struct krb5_key_st {
 /* new encryption provider api */
 
 struct krb5_enc_provider {
-    /* keybytes is the input size to make_key; 
+    /* keybytes is the input size to make_key;
        keylength is the output size */
     size_t block_size, keybytes, keylength;
 
@@ -817,7 +817,7 @@ zapfree(void *ptr, size_t len)
 krb5_error_code krb5int_des_init_state
 (const krb5_keyblock *key, krb5_keyusage keyusage, krb5_data *new_state);
 
-/* 
+/*
  * normally to free a cipher_state you can just memset the length to zero and
  * free it.
  */
@@ -839,7 +839,7 @@ void  krb5int_c_free_keyblock_contents
 	(krb5_context, krb5_keyblock *);
 krb5_error_code krb5int_c_init_keyblock
 		(krb5_context, krb5_enctype enctype,
-		size_t length, krb5_keyblock **out); 
+		size_t length, krb5_keyblock **out);
 krb5_error_code krb5int_c_copy_keyblock
 (krb5_context context, const krb5_keyblock *from, krb5_keyblock **to);
 krb5_error_code krb5int_c_copy_keyblock_contents
@@ -851,7 +851,7 @@ krb5_error_code krb5int_c_copy_keyblock_contents
 extern void krb5int_prng_cleanup (void);
 
 
-/* 
+/*
  * These declarations are here, so both krb5 and k5crypto
  * can get to them.
  * krb5 needs to get to them so it can  make them available to libgssapi.
@@ -942,10 +942,10 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
  * (Originally written by Glen Machin at Sandia Labs.)
  */
 /*
- * Sandia National Laboratories also makes no representations about the 
- * suitability of the modifications, or additions to this software for 
+ * Sandia National Laboratories also makes no representations about the
+ * suitability of the modifications, or additions to this software for
  * any purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  */
 #ifndef KRB5_PREAUTH__
 #define KRB5_PREAUTH__
@@ -1079,7 +1079,7 @@ typedef krb5_error_code (*krb5_preauth_obtain_proc)
     (krb5_context,
 		    krb5_pa_data *,
 		    krb5_etype_info,
-		    krb5_keyblock *, 
+		    krb5_keyblock *,
 		    krb5_error_code ( * )(krb5_context,
 					  const krb5_enctype,
 					  krb5_data *,
@@ -1106,7 +1106,7 @@ typedef krb5_error_code (*krb5_preauth_process_proc)
 					  krb5_const_pointer,
 					  krb5_kdc_rep * ),
 		    krb5_keyblock **,
-		    krb5_creds *, 
+		    krb5_creds *,
 		    krb5_int32 *,
 		    krb5_int32 *);
 
@@ -1126,7 +1126,7 @@ krb5_error_code krb5_obtain_padata
 						      krb5_data *,
 						      krb5_const_pointer,
 						      krb5_keyblock **),
-		krb5_const_pointer, 
+		krb5_const_pointer,
 		krb5_creds *,
 		krb5_kdc_req *);
 
@@ -1144,9 +1144,9 @@ krb5_error_code krb5_process_padata
 						      const krb5_keyblock *,
 						      krb5_const_pointer,
 						      krb5_kdc_rep * ),
-		krb5_keyblock **, 	
-		krb5_creds *, 
-		krb5_int32 *);		
+		krb5_keyblock **,
+		krb5_creds *,
+		krb5_int32 *);
 
 krb5_pa_data * krb5int_find_pa_data
 (krb5_context,  krb5_pa_data * const *, krb5_preauthtype);
@@ -1185,7 +1185,7 @@ void krb5_free_etype_info
  * with the new krb5_get_init_creds_opt_alloc() function.
  * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended
  * structure is a shadow copy of an original krb5_get_init_creds_opt
- * structure.  
+ * structure.
  * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to
  * krb5int_gic_opt_to_opte(), the resulting extended structure should be
  * freed (using krb5_get_init_creds_free).  Otherwise, the original
@@ -1357,7 +1357,7 @@ void KRB5_CALLCONV krb5_free_enc_sam_response_enc_contents
 	(krb5_context, krb5_enc_sam_response_enc * );
 void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents
 	(krb5_context, krb5_enc_sam_response_enc_2 * );
- 
+
 void KRB5_CALLCONV krb5_free_pa_enc_ts
 	(krb5_context, krb5_pa_enc_ts *);
 void KRB5_CALLCONV krb5_free_pa_for_user
@@ -1591,7 +1591,7 @@ void KRB5_CALLCONV krb5_free_priv_enc_part
 
 /* ASN.1 encoding knowledge; KEEP IN SYNC WITH ASN.1 defs! */
 /* here we use some knowledge of ASN.1 encodings */
-/* 
+/*
   Ticket is APPLICATION 1.
   Authenticator is APPLICATION 2.
   AS_REQ is APPLICATION 10.
@@ -1661,11 +1661,11 @@ krb5_error_code encode_krb5_enc_tkt_part
 krb5_error_code encode_krb5_enc_kdc_rep_part
 	(const krb5_enc_kdc_rep_part *rep, krb5_data **code);
 
-/* yes, the translation is identical to that used for KDC__REP */ 
+/* yes, the translation is identical to that used for KDC__REP */
 krb5_error_code encode_krb5_as_rep
 	(const krb5_kdc_rep *rep, krb5_data **code);
 
-/* yes, the translation is identical to that used for KDC__REP */ 
+/* yes, the translation is identical to that used for KDC__REP */
 krb5_error_code encode_krb5_tgs_rep
 	(const krb5_kdc_rep *rep, krb5_data **code);
 
@@ -1848,13 +1848,13 @@ krb5_error_code decode_krb5_sam_response_2
  *************************************************************************/
 
 krb5_error_code krb5_validate_times
-       (krb5_context, 
+       (krb5_context,
 		       krb5_ticket_times *);
 
 /*
    krb5_error_code decode_krb5_structure(const krb5_data *code,
                                          krb5_structure **rep);
-                                         
+
    requires  Expects **rep to not have been allocated;
               a new *rep is allocated regardless of the old value.
    effects   Decodes *code into **rep.
@@ -2165,7 +2165,7 @@ krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context,
 /* set and change password helpers */
 
 krb5_error_code krb5int_mk_chpw_req
-	(krb5_context context, krb5_auth_context auth_context, 
+	(krb5_context context, krb5_auth_context auth_context,
  			krb5_data *ap_req, char *passwd, krb5_data *packet);
 krb5_error_code krb5int_rd_chpw_rep
 	(krb5_context context, krb5_auth_context auth_context,
@@ -2425,7 +2425,7 @@ struct _krb5_cc_ops {
 						   krb5_ccache *);
     krb5_error_code (KRB5_CALLCONV *ptcursor_free)(krb5_context,
 						   krb5_cc_ptcursor *);
-    krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache, 
+    krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache,
 						krb5_ccache);
     krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
 						krb5_ccache, krb5_timestamp *);
@@ -2450,23 +2450,23 @@ typedef struct _krb5_donot_replay {
     krb5_timestamp ctime;
 } krb5_donot_replay;
 
-krb5_error_code krb5_rc_default 
+krb5_error_code krb5_rc_default
 	(krb5_context,
 		krb5_rcache *);
-krb5_error_code krb5_rc_resolve_type 
+krb5_error_code krb5_rc_resolve_type
 	(krb5_context,
 		krb5_rcache *,char *);
-krb5_error_code krb5_rc_resolve_full 
+krb5_error_code krb5_rc_resolve_full
 	(krb5_context,
 		krb5_rcache *,char *);
-char * krb5_rc_get_type 
+char * krb5_rc_get_type
 	(krb5_context,
 		krb5_rcache);
-char * krb5_rc_default_type 
+char * krb5_rc_default_type
 	(krb5_context);
-char * krb5_rc_default_name 
+char * krb5_rc_default_name
 	(krb5_context);
-krb5_error_code krb5_auth_to_rep 
+krb5_error_code krb5_auth_to_rep
 	(krb5_context,
 		krb5_tkt_authent *,
 		krb5_donot_replay *);
@@ -2500,44 +2500,44 @@ typedef struct _krb5_kt_ops {
     krb5_magic magic;
     char *prefix;
     /* routines always present */
-    krb5_error_code (KRB5_CALLCONV *resolve) 
+    krb5_error_code (KRB5_CALLCONV *resolve)
 	(krb5_context,
 		 const char *,
 		 krb5_keytab *);
-    krb5_error_code (KRB5_CALLCONV *get_name) 
+    krb5_error_code (KRB5_CALLCONV *get_name)
 	(krb5_context,
 		 krb5_keytab,
 		 char *,
 		 unsigned int);
-    krb5_error_code (KRB5_CALLCONV *close) 
+    krb5_error_code (KRB5_CALLCONV *close)
 	(krb5_context,
 		 krb5_keytab);
-    krb5_error_code (KRB5_CALLCONV *get) 
+    krb5_error_code (KRB5_CALLCONV *get)
 	(krb5_context,
 		 krb5_keytab,
 		 krb5_const_principal,
 		 krb5_kvno,
 		 krb5_enctype,
 		 krb5_keytab_entry *);
-    krb5_error_code (KRB5_CALLCONV *start_seq_get) 
+    krb5_error_code (KRB5_CALLCONV *start_seq_get)
 	(krb5_context,
 		 krb5_keytab,
-		 krb5_kt_cursor *);	
-    krb5_error_code (KRB5_CALLCONV *get_next) 
+		 krb5_kt_cursor *);
+    krb5_error_code (KRB5_CALLCONV *get_next)
 	(krb5_context,
 		 krb5_keytab,
 		 krb5_keytab_entry *,
 		 krb5_kt_cursor *);
-    krb5_error_code (KRB5_CALLCONV *end_get) 
+    krb5_error_code (KRB5_CALLCONV *end_get)
 	(krb5_context,
 		 krb5_keytab,
 		 krb5_kt_cursor *);
     /* routines to be included on extended version (write routines) */
-    krb5_error_code (KRB5_CALLCONV *add) 
+    krb5_error_code (KRB5_CALLCONV *add)
 	(krb5_context,
 		 krb5_keytab,
 		 krb5_keytab_entry *);
-    krb5_error_code (KRB5_CALLCONV *remove) 
+    krb5_error_code (KRB5_CALLCONV *remove)
 	(krb5_context,
 		 krb5_keytab,
 		  krb5_keytab_entry *);
@@ -2588,13 +2588,13 @@ krb5_error_code KRB5_CALLCONV krb5_random_confounder
 	(size_t, krb5_pointer);
 
 krb5_error_code krb5_encrypt_data
-	(krb5_context context, krb5_keyblock *key, 
-		krb5_pointer ivec, krb5_data *data, 
+	(krb5_context context, krb5_keyblock *key,
+		krb5_pointer ivec, krb5_data *data,
 		krb5_enc_data *enc_data);
 
 krb5_error_code krb5_decrypt_data
-	(krb5_context context, krb5_keyblock *key, 
-		krb5_pointer ivec, krb5_enc_data *data, 
+	(krb5_context context, krb5_keyblock *key,
+		krb5_pointer ivec, krb5_enc_data *data,
 		krb5_data *enc_data);
 
 krb5_error_code
@@ -2639,7 +2639,7 @@ typedef struct
         krb5_int32 etype_count;
 } krb5_etypes_permitted;
 
-krb5_boolean krb5_is_permitted_enctype_ext 
+krb5_boolean krb5_is_permitted_enctype_ext
          ( krb5_context, krb5_etypes_permitted *);
 
 krb5_boolean KRB5_CALLCONV krb5int_c_weak_enctype(krb5_enctype);
@@ -2944,10 +2944,10 @@ void KRB5_CALLCONV krb5_free_realm_string
 
 /* Internal principal function used by KIM to avoid code duplication */
 krb5_error_code KRB5_CALLCONV
-krb5int_build_principal_alloc_va(krb5_context context, 
-                                 krb5_principal *princ, 
-                                 unsigned int rlen, 
-                                 const char *realm, 
+krb5int_build_principal_alloc_va(krb5_context context,
+                                 krb5_principal *princ,
+                                 unsigned int rlen,
+                                 const char *realm,
                                  const char *first,
                                  va_list ap);
 
diff --git a/src/include/k5-ipc_stream.h b/src/include/k5-ipc_stream.h
index 680b763b0..1f56d76f2 100644
--- a/src/include/k5-ipc_stream.h
+++ b/src/include/k5-ipc_stream.h
@@ -41,37 +41,37 @@ uint64_t krb5int_ipc_stream_size (k5_ipc_stream in_stream);
 
 const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream);
 
-uint32_t krb5int_ipc_stream_read (k5_ipc_stream  in_stream, 
+uint32_t krb5int_ipc_stream_read (k5_ipc_stream  in_stream,
 				  void          *io_data,
 				  uint64_t       in_size);
-uint32_t krb5int_ipc_stream_write (k5_ipc_stream  in_stream, 
+uint32_t krb5int_ipc_stream_write (k5_ipc_stream  in_stream,
 				   const void    *in_data,
 				   uint64_t       in_size);
 
-uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream   io_stream, 
+uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream   io_stream,
 					 char          **out_string);
-uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream,
 					  const char    *in_string);
 void krb5int_ipc_stream_free_string (char *in_string);
 
-uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream  io_stream,
 					int32_t       *out_int32);
-uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream,
 					 int32_t       in_int32);
 
-uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream  io_stream,
 					 uint32_t      *out_uint32);
-uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream,
 					  uint32_t      in_uint32);
 
-uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream  io_stream,
 					int64_t       *out_int64);
-uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream,
 					 int64_t       in_int64);
 
-uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream  io_stream,
 					 uint64_t      *out_uint64);
-uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream,
 					  uint64_t      in_uint64);
 
 #endif /* K5_IPC_STREAM_H */
diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h
index ef5dd419b..d4d05aee1 100644
--- a/src/include/k5-platform.h
+++ b/src/include/k5-platform.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Some platform-dependent definitions to sync up the C support level.
  * Some to a C99-ish level, some related utility code.
diff --git a/src/include/k5-plugin.h b/src/include/k5-plugin.h
index 2190c0349..498c5668c 100644
--- a/src/include/k5-plugin.h
+++ b/src/include/k5-plugin.h
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 2006 Massachusetts Institute of Technology.
  * All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 
 /* Just those definitions which are needed by util/support/plugins.c,
@@ -108,19 +108,19 @@ krb5int_get_plugin_func (struct plugin_file_handle *, const char *,
 long KRB5_CALLCONV
 krb5int_open_plugin_dirs (const char * const *, const char * const *,
 			  struct plugin_dir_handle *, struct errinfo *);
-void KRB5_CALLCONV 
+void KRB5_CALLCONV
 krb5int_close_plugin_dirs (struct plugin_dir_handle *);
 
-long KRB5_CALLCONV 
-krb5int_get_plugin_dir_data (struct plugin_dir_handle *, const char *, 
+long KRB5_CALLCONV
+krb5int_get_plugin_dir_data (struct plugin_dir_handle *, const char *,
 			     void ***, struct errinfo *);
-void KRB5_CALLCONV 
+void KRB5_CALLCONV
 krb5int_free_plugin_dir_data (void **);
 
-long KRB5_CALLCONV 
-krb5int_get_plugin_dir_func (struct plugin_dir_handle *, const char *, 
+long KRB5_CALLCONV
+krb5int_get_plugin_dir_func (struct plugin_dir_handle *, const char *,
 			     void (***)(void), struct errinfo *);
-void KRB5_CALLCONV 
+void KRB5_CALLCONV
 krb5int_free_plugin_dir_func (void (**)(void));
 
 #endif /* K5_PLUGIN_H */
diff --git a/src/include/k5-thread.h b/src/include/k5-thread.h
index 821fe8457..069b51c74 100644
--- a/src/include/k5-thread.h
+++ b/src/include/k5-thread.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Preliminary thread support.
  */
diff --git a/src/include/k5-unicode.h b/src/include/k5-unicode.h
index 0f8f12a38..3a42a8269 100644
--- a/src/include/k5-unicode.h
+++ b/src/include/k5-unicode.h
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 2008 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
diff --git a/src/include/k5-utf8.h b/src/include/k5-utf8.h
index e3f134b56..c27d20923 100644
--- a/src/include/k5-utf8.h
+++ b/src/include/k5-utf8.h
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 2008 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
diff --git a/src/include/k5-util.h b/src/include/k5-util.h
index 7bb8cfbe9..11b275f55 100644
--- a/src/include/k5-util.h
+++ b/src/include/k5-util.h
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 1989-1998,2002 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 
 /*
diff --git a/src/include/kdb.h b/src/include/kdb.h
index d74e3e323..7506f1c0e 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +22,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * KDC Database interface definitions.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +47,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -112,12 +112,12 @@
  */
 typedef struct _krb5_tl_data {
     struct _krb5_tl_data* tl_data_next;		/* NOT saved */
-    krb5_int16 		  tl_data_type;		
-    krb5_ui_2		  tl_data_length;	
-    krb5_octet 	        * tl_data_contents;	
+    krb5_int16 		  tl_data_type;
+    krb5_ui_2		  tl_data_length;
+    krb5_octet 	        * tl_data_contents;
 } krb5_tl_data;
 
-/* 
+/*
  * If this ever changes up the version number and make the arrays be as
  * big as necessary.
  *
@@ -134,14 +134,14 @@ typedef struct _krb5_key_data {
 #define KRB5_KDB_V1_KEY_DATA_ARRAY	2	/* # of array elements */
 
 typedef struct _krb5_keysalt {
-    krb5_int16		  type;	
+    krb5_int16		  type;
     krb5_data		  data;			/* Length, data */
 } krb5_keysalt;
 
 typedef struct _krb5_db_entry_new {
     krb5_magic 		  magic;		/* NOT saved */
-    krb5_ui_2		  len;			
-    krb5_ui_4             mask;                 /* members currently changed/set */	
+    krb5_ui_2		  len;
+    krb5_ui_4             mask;                 /* members currently changed/set */
     krb5_flags 		  attributes;
     krb5_deltat		  max_life;
     krb5_deltat		  max_renewable_life;
@@ -155,7 +155,7 @@ typedef struct _krb5_db_entry_new {
     krb5_ui_2		  e_length;		/* Length of extra data */
     krb5_octet		* e_data;		/* Extra data to be saved */
 
-    krb5_principal 	  princ;		/* Length, data */	
+    krb5_principal 	  princ;		/* Length, data */
     krb5_tl_data	* tl_data;		/* Linked list */
     krb5_key_data       * key_data;		/* Array */
 } krb5_db_entry;
@@ -259,11 +259,11 @@ extern char *krb5_mkey_pwd_prompt2;
 #define KRB5_KDB_OPEN_RO                1
 
 #ifndef KRB5_KDB_SRV_TYPE_KDC
-#define KRB5_KDB_SRV_TYPE_KDC           0x0100        
+#define KRB5_KDB_SRV_TYPE_KDC           0x0100
 #endif
 
 #ifndef KRB5_KDB_SRV_TYPE_ADMIN
-#define KRB5_KDB_SRV_TYPE_ADMIN         0x0200  
+#define KRB5_KDB_SRV_TYPE_ADMIN         0x0200
 #endif
 
 #ifndef KRB5_KDB_SRV_TYPE_PASSWD
@@ -271,7 +271,7 @@ extern char *krb5_mkey_pwd_prompt2;
 #endif
 
 #ifndef KRB5_KDB_SRV_TYPE_OTHER
-#define KRB5_KDB_SRV_TYPE_OTHER         0x0400  
+#define KRB5_KDB_SRV_TYPE_OTHER         0x0400
 #endif
 
 #define KRB5_KDB_OPT_SET_DB_NAME        0
@@ -322,7 +322,7 @@ krb5_error_code krb5_free_supported_realms ( krb5_context kcontext,
 krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
 					     char *pwd,
 					     krb5_keyblock *key );
-krb5_error_code krb5_db_set_mkey ( krb5_context context, 
+krb5_error_code krb5_db_set_mkey ( krb5_context context,
 				   krb5_keyblock *key);
 krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
 				   krb5_keyblock **key );
@@ -335,14 +335,14 @@ krb5_error_code krb5_db_get_mkey_list( krb5_context kcontext,
 
 krb5_error_code krb5_db_free_master_key ( krb5_context kcontext,
 					  krb5_keyblock *key );
-krb5_error_code krb5_db_store_master_key  ( krb5_context kcontext, 
-					    char *keyfile, 
+krb5_error_code krb5_db_store_master_key  ( krb5_context kcontext,
+					    char *keyfile,
 					    krb5_principal mname,
 					    krb5_kvno kvno,
 					    krb5_keyblock *key,
 					    char *master_pwd);
-krb5_error_code krb5_db_store_master_key_list  ( krb5_context kcontext, 
-						 char *keyfile, 
+krb5_error_code krb5_db_store_master_key_list  ( krb5_context kcontext,
+						 char *keyfile,
 						 krb5_principal mname,
 						 krb5_keylist_node *keylist,
 						 char *master_pwd);
@@ -379,12 +379,12 @@ krb5_dbe_find_enctype( krb5_context	kcontext,
 		       krb5_key_data	**kdatap);
 
 
-krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, 
-					  krb5_db_entry *dbentp, 
-					  krb5_int32 *start, 
-					  krb5_int32 ktype, 
-					  krb5_int32 stype, 
-					  krb5_int32 kvno, 
+krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext,
+					  krb5_db_entry *dbentp,
+					  krb5_int32 *start,
+					  krb5_int32 ktype,
+					  krb5_int32 stype,
+					  krb5_int32 kvno,
 					  krb5_key_data **kdatap);
 
 krb5_error_code
@@ -437,7 +437,7 @@ krb5_dbe_lookup_mod_princ_data( krb5_context          context,
 				krb5_db_entry       * entry,
 				krb5_timestamp      * mod_time,
 				krb5_principal      * mod_princ);
- 
+
 krb5_error_code
 krb5_dbe_lookup_mkey_aux( krb5_context         context,
 		          krb5_db_entry      * entry,
@@ -552,12 +552,12 @@ krb5_db_get_key_data_kvno( krb5_context	   context,
  */
 
 krb5_error_code
-krb5_dbe_def_search_enctype( krb5_context kcontext, 
-			     krb5_db_entry *dbentp, 
-			     krb5_int32 *start, 
-			     krb5_int32 ktype, 
-			     krb5_int32 stype, 
-			     krb5_int32 kvno, 
+krb5_dbe_def_search_enctype( krb5_context kcontext,
+			     krb5_db_entry *dbentp,
+			     krb5_int32 *start,
+			     krb5_int32 ktype,
+			     krb5_int32 stype,
+			     krb5_int32 kvno,
 			     krb5_key_data **kdatap);
 
 krb5_error_code
@@ -651,32 +651,32 @@ krb5_dbekd_def_encrypt_key_data( krb5_context 		  context,
 				 int			  keyver,
 				 krb5_key_data	        * key_data);
 
-krb5_error_code 
-krb5_db_create_policy( krb5_context kcontext, 
+krb5_error_code
+krb5_db_create_policy( krb5_context kcontext,
 		       osa_policy_ent_t policy);
 
-krb5_error_code 
-krb5_db_get_policy ( krb5_context kcontext, 
-		     char *name, 
+krb5_error_code
+krb5_db_get_policy ( krb5_context kcontext,
+		     char *name,
 		     osa_policy_ent_t *policy,
 		     int *nentries);
 
-krb5_error_code 
-krb5_db_put_policy( krb5_context kcontext, 
+krb5_error_code
+krb5_db_put_policy( krb5_context kcontext,
 		    osa_policy_ent_t policy);
 
-krb5_error_code 
+krb5_error_code
 krb5_db_iter_policy( krb5_context kcontext,
 		     char *match_entry,
 		     osa_adb_iter_policy_func func,
 		     void *data);
 
-krb5_error_code 
-krb5_db_delete_policy( krb5_context kcontext, 
+krb5_error_code
+krb5_db_delete_policy( krb5_context kcontext,
 		       char *policy);
 
-void 
-krb5_db_free_policy( krb5_context kcontext, 
+void
+krb5_db_free_policy( krb5_context kcontext,
 		     osa_policy_ent_t policy);
 
 
@@ -741,8 +741,8 @@ typedef struct _kdb_vftabl {
 				    char *conf_section,
 				    char ** db_args );
 
-    krb5_error_code (*db_get_age) ( krb5_context kcontext, 
-				    char *db_name, 
+    krb5_error_code (*db_get_age) ( krb5_context kcontext,
+				    char *db_name,
 				    time_t *age );
 
     krb5_error_code (*db_set_option) ( krb5_context kcontext,
@@ -820,8 +820,8 @@ typedef struct _kdb_vftabl {
 
 
     /* optional functions */
-    krb5_error_code (*set_master_key)    ( krb5_context kcontext, 
-					   char *pwd, 
+    krb5_error_code (*set_master_key)    ( krb5_context kcontext,
+					   char *pwd,
 					   krb5_keyblock *key);
 
     krb5_error_code (*get_master_key)    ( krb5_context kcontext,
@@ -835,12 +835,12 @@ typedef struct _kdb_vftabl {
 
     krb5_error_code (*setup_master_key_name) ( krb5_context kcontext,
 					       char *keyname,
-					       char *realm, 
-					       char **fullname, 
+					       char *realm,
+					       char **fullname,
 					       krb5_principal  *principal);
 
-    krb5_error_code (*store_master_key)  ( krb5_context kcontext, 
-					   char *db_arg, 
+    krb5_error_code (*store_master_key)  ( krb5_context kcontext,
+					   char *db_arg,
 					   krb5_principal mname,
 					   krb5_kvno kvno,
 					   krb5_keyblock *key,
@@ -863,20 +863,20 @@ typedef struct _kdb_vftabl {
 					      krb5_kvno            kvno,
 					      krb5_keylist_node  **mkeys_list);
 
-    krb5_error_code (*store_master_key_list)  ( krb5_context kcontext, 
-						char *db_arg, 
+    krb5_error_code (*store_master_key_list)  ( krb5_context kcontext,
+						char *db_arg,
 						krb5_principal mname,
 						krb5_keylist_node *keylist,
 						char *master_pwd);
 
-    krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext, 
-					    krb5_db_entry *dbentp, 
-					    krb5_int32 *start, 
-					    krb5_int32 ktype, 
-					    krb5_int32 stype, 
-					    krb5_int32 kvno, 
+    krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext,
+					    krb5_db_entry *dbentp,
+					    krb5_int32 *start,
+					    krb5_int32 ktype,
+					    krb5_int32 stype,
+					    krb5_int32 kvno,
 					    krb5_key_data **kdatap);
-    
+
 
     krb5_error_code
     (*db_change_pwd) ( krb5_context	  context,
diff --git a/src/include/kdb_kt.h b/src/include/kdb_kt.h
index 1dbd7f30d..a628bb326 100644
--- a/src/include/kdb_kt.h
+++ b/src/include/kdb_kt.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * KDC keytab definitions.
  */
diff --git a/src/include/kim/kim.h b/src/include/kim/kim.h
index 050e01b03..83248e3d1 100644
--- a/src/include/kim/kim.h
+++ b/src/include/kim/kim.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -44,68 +44,68 @@ extern "C" {
  *
  * \section introduction Introduction
  *
- * The Kerberos Identity Management API is a high level API for managing the selection 
+ * The Kerberos Identity Management API is a high level API for managing the selection
  * and management of Kerberos credentials.  It is intended for use by applications,
- * credential management applications (eg: kinit, kpasswd, etc) and internally by the 
- * Kerberos libraries.  Under some circumstances client applications may also benefit 
+ * credential management applications (eg: kinit, kpasswd, etc) and internally by the
+ * Kerberos libraries.  Under some circumstances client applications may also benefit
  * from the Kerberos Identity Management API.
  *
  *
  * \section conventions API Conventions
  *
- * Although KIM currently only provides a C API, it attempts to make that API as 
- * object-oriented as possible.  KIM functions are grouped by object and all of the 
- * object types are opaque, including errors.  The reason for this is two-fold.  First,   
- * the KIM API is rather large.  Grouping functions by object allows the API to be  
- * broken up into smaller, more manageable chunks.  Second, providing an object-like C 
+ * Although KIM currently only provides a C API, it attempts to make that API as
+ * object-oriented as possible.  KIM functions are grouped by object and all of the
+ * object types are opaque, including errors.  The reason for this is two-fold.  First,
+ * the KIM API is rather large.  Grouping functions by object allows the API to be
+ * broken up into smaller, more manageable chunks.  Second, providing an object-like C
  * API will make it easier to port to object oriented languages.
  *
- * Because C lacks classes and other object oriented syntax, KIM functions adhere to 
+ * Because C lacks classes and other object oriented syntax, KIM functions adhere to
  * the following naming conventions to make functions easier to identify:
  *
  * \li Functions beginning with \b kim_object_create are constructors for an object of
  * type kim_object.  On success these functions return a newly allocated object which
  * must later be freed by the caller.
- * 
+ *
  * \li Functions of the form \b kim_object_copy are copy constructors.  They instantiate
  * a new object of kim_object from an object of the same type.
- * 
- * \li Functions of the form \b kim_object_free are destructors for objects of type 
- * kim_object.  
+ *
+ * \li Functions of the form \b kim_object_free are destructors for objects of type
+ * kim_object.
  *
  * \li Functions beginning with \b kim_object_get and \b kim_object_set
  * examine and modify properties of objects of type kim_object.
  *
- * \li All KIM APIs except destructors and error management APIs return a 
- * KIM Error object (kim_error_t).  
+ * \li All KIM APIs except destructors and error management APIs return a
+ * KIM Error object (kim_error_t).
  *
  *
  * \section terminology Terminology
  *
  * Kerberos organizes its authentication tokens by client identity (the name of the user)
- * and service identity (the name of a service).  The following terms are used throughout 
+ * and service identity (the name of a service).  The following terms are used throughout
  * this documentation:
  *
- * \li <b>credential</b> - A token which authenticates a client identity to a 
- *                         service identity. 
+ * \li <b>credential</b> - A token which authenticates a client identity to a
+ *                         service identity.
  *
- * \li <b>ccache</b> - Short for "credentials cache".  A set of credentials for a single 
+ * \li <b>ccache</b> - Short for "credentials cache".  A set of credentials for a single
  *                     client identity.
  *
  * \li <b>cache collection</b> - The set of all credential caches.
  *
- * \li <b>default ccache</b> - A credentials cache that the Kerberos libraries will use  
+ * \li <b>default ccache</b> - A credentials cache that the Kerberos libraries will use
  *                             if no ccache is specified by the caller.  Use of the default
- *                             ccache is now discouraged.  Instead applications should use 
+ *                             ccache is now discouraged.  Instead applications should use
  *                             selection hints to choose an appropriate client identity.
  *
  * \section selection_api Client Identity Selection APIs
  *
- * KIM provides high level APIs for applications to select which client identity to 
- * use.  Use of these APIs is intended to replace the traditional "default ccache" 
+ * KIM provides high level APIs for applications to select which client identity to
+ * use.  Use of these APIs is intended to replace the traditional "default ccache"
  * mechanism previously used by Kerberos.
- * 
- * <B>KIM Selection Hints (kim_selection_hints_t)</B> controls options for selecting 
+ *
+ * <B>KIM Selection Hints (kim_selection_hints_t)</B> controls options for selecting
  * a client identity:
  * - \subpage kim_selection_hints_overview
  * - \subpage kim_selection_hints_reference
@@ -117,14 +117,14 @@ extern "C" {
  *
  * \section management_api Credential Management APIs
  *
- * KIM also provides APIs for acquiring new credentials over the network 
+ * KIM also provides APIs for acquiring new credentials over the network
  * by contacting a KDC and for viewing and modifying the existing credentials
  * in the cache collection
  *
  * Whether or not you use the credential or ccache APIs depends on
  * whether you want KIM to store any newly acquired credentials in the
- * cache collection.  KIM ccache APIs always create a ccache in the cache 
- * collection containing newly acquired credentials whereas the KIM 
+ * cache collection.  KIM ccache APIs always create a ccache in the cache
+ * collection containing newly acquired credentials whereas the KIM
  * credential APIs just return a credential object.  In general most
  * callers want to store newly acquired credentials and should use the
  * KIM ccache APIs when acquiring credentials.
@@ -133,14 +133,14 @@ extern "C" {
  * - \subpage kim_ccache_overview
  * - \subpage kim_ccache_reference
  *
- * <B>KIM Credential (kim_credential_t)</B> manipulates credentials: 
+ * <B>KIM Credential (kim_credential_t)</B> manipulates credentials:
  * - \subpage kim_credential_overview
  * - \subpage kim_credential_reference
  *
  * <B>KIM Options (kim_options_t)</B> control options for credential acquisition:
  * - \subpage kim_options_overview
  * - \subpage kim_options_reference
- * 
+ *
  * <B>KIM Preferences (kim_preferences_t)</B> views and edits the current user's preferences:
  * - \subpage kim_preferences_overview
  * - \subpage kim_preferences_reference
diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h
index a1cba1710..88cfeb602 100644
--- a/src/include/kim/kim_ccache.h
+++ b/src/include/kim/kim_ccache.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -30,45 +30,45 @@ extern "C" {
 #endif
 
 #include <kim/kim_types.h>
-    
+
 /*!
  * \page kim_ccache_overview KIM CCache Overview
  *
  * \section kim_ccache_introduction Introduction
  *
  * Kerberos credentials are stored in "ccaches" (short for "credentials caches").
- * The set of all ccaches which the KIM can use is called the "cache collection".   
- * Each ccache has a name and type which uniquely identify it in the cache 
- * collection and a client identity.  The ccache's client identity is the 
- * identity whose credentials are stored in the ccache.  This allows for easy  
- * lookup of all the credentials for a given identity. 
+ * The set of all ccaches which the KIM can use is called the "cache collection".
+ * Each ccache has a name and type which uniquely identify it in the cache
+ * collection and a client identity.  The ccache's client identity is the
+ * identity whose credentials are stored in the ccache.  This allows for easy
+ * lookup of all the credentials for a given identity.
  *
  * KIM attempts to preserve a one-to-one relationship between client identities
  * and ccaches.  If the KIM is used to manipulate the cache collection, there
  * will be one ccache per identity.  However, because low-level APIs allow callers
- * to create multiple ccaches for the same client identity or a single ccache 
+ * to create multiple ccaches for the same client identity or a single ccache
  * containing credentials for different client identities, KIM handles those
- * situations.  In general when searching KIM will find the first ccache matching 
- * the requested client identity.  It will not find credentials for the requested  
+ * situations.  In general when searching KIM will find the first ccache matching
+ * the requested client identity.  It will not find credentials for the requested
  * client identity if they are in a ccache with a different client identity.
  *
- * The kim_ccache_t object is a reference to a ccache in the cache collection.  
- * If other applications make changes to the the ccache pointed to by a KIM ccache 
- * object, the object will immediately show those changes.  KIM performs locking 
- * on the cache collection to prevent deadlocks and maintain a consistent behavior 
+ * The kim_ccache_t object is a reference to a ccache in the cache collection.
+ * If other applications make changes to the the ccache pointed to by a KIM ccache
+ * object, the object will immediately show those changes.  KIM performs locking
+ * on the cache collection to prevent deadlocks and maintain a consistent behavior
  * when multiple applications attempt to modify the cache collection.
  *
- * \note KIM ccache APIs are intended for applications and system 
+ * \note KIM ccache APIs are intended for applications and system
  * tools which manage credentials for the user.  They are not a substitute for
  * krb5 and GSSAPI functions which obtain service credentials for the purpose
  * of authenticating a client to an application server.
- * 
+ *
  * \section kim_credential_cache_collection Acquiring a CCache from the Cache Collection
  *
  * KIM provides a simple iterator API for iterating over the ccaches
- * in the cache collection.  First, call #kim_ccache_iterator_create() to obtain 
- * an iterator for the cache collection.  Then loop calling 
- * #kim_ccache_iterator_next() until either you find the ccache you are looking 
+ * in the cache collection.  First, call #kim_ccache_iterator_create() to obtain
+ * an iterator for the cache collection.  Then loop calling
+ * #kim_ccache_iterator_next() until either you find the ccache you are looking
  * for or the API returns a NULL ccache, indicating that there are no more
  * ccaches in the cache collection.  When you are done with the iterator, call
  * #kim_ccache_iterator_free().
@@ -80,15 +80,15 @@ extern "C" {
  * which returns the ccache for a specific client identity, if any exists.
  * Typically callers of this API obtain the client identity using
  * #kim_selection_hints_get_identity().
- * 
+ *
  *
  * \section kim_ccache_acquire_default Acquiring Credentials from the Default CCache
  *
  * #kim_ccache_create_from_default() returns the default ccache.
- * The default ccache is a legacy concept which was replaced by selection 
- * hints.  Prior to the existence of selection hints, applications always 
- * looked at the default ccache for credentials.  By setting the system default 
- * ccache, users could manually control which credentials each application used.  
+ * The default ccache is a legacy concept which was replaced by selection
+ * hints.  Prior to the existence of selection hints, applications always
+ * looked at the default ccache for credentials.  By setting the system default
+ * ccache, users could manually control which credentials each application used.
  * As the number of ccaches and applications has grown, this mechanism has become
  * unusable.  You should avoid using this API whenever possible.
  *
@@ -96,39 +96,39 @@ extern "C" {
  * \section kim_ccache_acquire_new Acquiring New Credentials in a CCache
  *
  * KIM provides the #kim_ccache_create_new() API for acquiring new
- * credentials and storing them in a ccache.  Credentials can either be 
- * obtained for a specific client identity or by specifying 
- * #KIM_IDENTITY_ANY to allow the user to choose.  Typically 
- * callers of this API obtain the client identity using 
+ * credentials and storing them in a ccache.  Credentials can either be
+ * obtained for a specific client identity or by specifying
+ * #KIM_IDENTITY_ANY to allow the user to choose.  Typically
+ * callers of this API obtain the client identity using
  * #kim_selection_hints_get_identity().  Depending on the kim_options
- * specified, #kim_ccache_create_new() may present a GUI or command line 
+ * specified, #kim_ccache_create_new() may present a GUI or command line
  * prompt to obtain information from the user.
- * 
- * #kim_ccache_create_new_if_needed() 
+ *
+ * #kim_ccache_create_new_if_needed()
  * searches the cache collection for a ccache for the client identity
  * and if no appropriate ccache is available, attempts to acquire
- * new credentials and store them in a new ccache.  Depending on the 
- * kim_options specified, #kim_ccache_create_new_if_needed() may 
- * present a GUI or command line prompt to obtain information from the 
- * user. This function exists for convenience and to avoid code duplication.  
- * It can be trivially implemented using 
- * #kim_ccache_create_from_client_identity() and #kim_ccache_create_new().  
+ * new credentials and store them in a new ccache.  Depending on the
+ * kim_options specified, #kim_ccache_create_new_if_needed() may
+ * present a GUI or command line prompt to obtain information from the
+ * user. This function exists for convenience and to avoid code duplication.
+ * It can be trivially implemented using
+ * #kim_ccache_create_from_client_identity() and #kim_ccache_create_new().
  *
  * For legacy password-based Kerberos environments KIM also provides
- * #kim_ccache_create_new_with_password() and 
- * #kim_ccache_create_new_if_needed_with_password().  You should not use these 
- * functions unless you know that they will only be used in environments using 
+ * #kim_ccache_create_new_with_password() and
+ * #kim_ccache_create_new_if_needed_with_password().  You should not use these
+ * functions unless you know that they will only be used in environments using
  * passwords.  Otherwise users without passwords may be prompted for them.
  *
- * KIM provides the #kim_ccache_create_from_keytab() to create credentials 
- * using a keytab and store them in the cache collection. A keytab is an 
- * on-disk copy of a client identity's secret key.  Typically sites use 
- * keytabs for client identities that identify a machine or service and 
- * protect the keytab with disk permissions.  Because a keytab is 
- * sufficient to obtain credentials, keytabs will normally only be readable 
- * by root, Administrator or some other privileged account.  
+ * KIM provides the #kim_ccache_create_from_keytab() to create credentials
+ * using a keytab and store them in the cache collection. A keytab is an
+ * on-disk copy of a client identity's secret key.  Typically sites use
+ * keytabs for client identities that identify a machine or service and
+ * protect the keytab with disk permissions.  Because a keytab is
+ * sufficient to obtain credentials, keytabs will normally only be readable
+ * by root, Administrator or some other privileged account.
  * Typically applications use credentials obtained from keytabs to obtain
- * credentials for batch processes.  These keytabs and credentials are usually 
+ * credentials for batch processes.  These keytabs and credentials are usually
  * for a special identity used for the batch process rather than a user
  * identity.
  *
@@ -136,16 +136,16 @@ extern "C" {
  * \section kim_ccache_validate Validating Credentials in a CCache
  *
  * A credential with a start time in the future (ie: after the issue date)
- * is called a post-dated credential.  Because the KDC administrator may 
+ * is called a post-dated credential.  Because the KDC administrator may
  * wish to disable a identity, once the start time is reached, all post-dated
  * credentials must be validated before they can be used.  Otherwise an
- * attacker using a compromised account could acquire lots of post-dated 
+ * attacker using a compromised account could acquire lots of post-dated
  * credentials to circumvent the acccount being disabled.
  *
- * KIM provides the #kim_ccache_validate() API to validate the TGT  
- * credential in a ccache. Note that this API replaces any existing 
+ * KIM provides the #kim_ccache_validate() API to validate the TGT
+ * credential in a ccache. Note that this API replaces any existing
  * credentials with the validated credential.
- * 
+ *
  *
  * \section kim_ccache_renew Renewing Credentials in a CCache
  *
@@ -155,52 +155,52 @@ extern "C" {
  * valid.
  *
  * KIM provides the #kim_ccache_renew() API to renew the TGT credential
- * in a ccache. Note that this API replaces any existing credentials with the 
+ * in a ccache. Note that this API replaces any existing credentials with the
  * renewed credential.
  *
  *
  * \section kim_ccache_verify Verifying Credentials in a CCache
  *
  * When a program acquires TGT credentials for the purpose of authenticating
- * itself to the machine it is running on, it is insufficient for the machine 
- * to assume that the caller is authorized just because it got credentials.  
- * Instead, the credentials must be verified using a key the local machine.  
- * The reason this is necessary is because an attacker can trick the  
+ * itself to the machine it is running on, it is insufficient for the machine
+ * to assume that the caller is authorized just because it got credentials.
+ * Instead, the credentials must be verified using a key the local machine.
+ * The reason this is necessary is because an attacker can trick the
  * machine into obtaining credentials from any KDC, including malicious ones
- * with the same realm name as the local machine's realm.  This exploit is 
- * called the Zanarotti attack.  
+ * with the same realm name as the local machine's realm.  This exploit is
+ * called the Zanarotti attack.
  *
  * In order to avoid the Zanarotti attack, the local machine must authenticate
  * the process in the same way an application server would authenticate a client.
- * Like an application server, the local machine must have its own identity in 
+ * Like an application server, the local machine must have its own identity in
  * its realm and a keytab for that identity on its local disk.    However,
- * rather than forcing system daemons to use the network-oriented calls in the 
- * krb5 and GSS APIs, KIM provides the #kim_ccache_verify() API to 
- * verify credentials directly.  
- * 
- * The most common reason for using #kim_ccache_verify() is user login.  
+ * rather than forcing system daemons to use the network-oriented calls in the
+ * krb5 and GSS APIs, KIM provides the #kim_ccache_verify() API to
+ * verify credentials directly.
+ *
+ * The most common reason for using #kim_ccache_verify() is user login.
  * If the local machine wants to use Kerberos to verify the username and password
  * provided by the user, it must call #kim_ccache_verify() on the credentials
  * it obtains to make sure they are really from a KDC it trusts.  Another common
  * case is a server which is only using Kerberos internally.  For example an
  * LDAP or web server might use a username and password obtained over the network
- * to get Kerberos credentials.  In order to make sure they aren't being tricked 
- * into talking to the wrong KDC, these servers must also call 
+ * to get Kerberos credentials.  In order to make sure they aren't being tricked
+ * into talking to the wrong KDC, these servers must also call
  * #kim_ccache_verify().
- * 
- * The Zanarotti attack is only a concern if the act of accessing the machine 
- * gives the process special access.  Thus a managed cluster machine with 
- * Kerberos-authenticated networked home directories does not need to call 
- * #kim_ccache_verify().  Even though an attacker can log in as any user on   
- * the cluster machine, the attacker can't actually access any of the user's data 
- * or use any of their privileges because those are all authenticated via  
- * Kerberized application servers (and thus require actually having credentials 
+ *
+ * The Zanarotti attack is only a concern if the act of accessing the machine
+ * gives the process special access.  Thus a managed cluster machine with
+ * Kerberos-authenticated networked home directories does not need to call
+ * #kim_ccache_verify().  Even though an attacker can log in as any user on
+ * the cluster machine, the attacker can't actually access any of the user's data
+ * or use any of their privileges because those are all authenticated via
+ * Kerberized application servers (and thus require actually having credentials
  * for the real local realm).
  *
- * #kim_ccache_verify() provides an option to 
- * return success even if the machine's host key is not present.  This option 
- * exists for sites which have a mix of different machines, some of which are  
- * vulnerable to the Zanarotti attack and some are not.  If this option is used, 
+ * #kim_ccache_verify() provides an option to
+ * return success even if the machine's host key is not present.  This option
+ * exists for sites which have a mix of different machines, some of which are
+ * vulnerable to the Zanarotti attack and some are not.  If this option is used,
  * it is the responsiblity of the machine's maintainer to obtain a keytab
  * for their machine if it needs one.
  *
@@ -219,48 +219,48 @@ extern "C" {
  * identifies a ccache.  A ccache display name is of the form "<type>:<name>"
  * and can be displayed to the user or used as an argument to certain krb5
  * APIs, such as krb5_cc_resolve().
- * 
+ *
  * \li #kim_ccache_get_client_identity()
  * returns the ccache's client identity.
  *
- * \li #kim_ccache_get_valid_credential() 
- * returns the first valid TGT in the ccache for its client identity.  
+ * \li #kim_ccache_get_valid_credential()
+ * returns the first valid TGT in the ccache for its client identity.
  * If there are no TGTs in the ccache, it returns the first
- * valid non-TGT credential for the ccache's client identity. 
- * TGT credentials (ie: "ticket-granting tickets") are credentials for  
- * the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>".   
- * These credentials allow the entity named by the client identity to obtain  
+ * valid non-TGT credential for the ccache's client identity.
+ * TGT credentials (ie: "ticket-granting tickets") are credentials for
+ * the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>".
+ * These credentials allow the entity named by the client identity to obtain
  * additional credentials without resending shared secrets (such as a password)
  * to the KDC. Kerberos uses TGTs to provide single sign-on authentication.
  *
- * \li #kim_ccache_get_start_time() 
- * returns when the credential's in a ccache will become valid.  
- * Credentials may be "post-dated" which means that their lifetime starts sometime 
- * in the future.  Note that when a post-dated credential's start time is reached, 
+ * \li #kim_ccache_get_start_time()
+ * returns when the credential's in a ccache will become valid.
+ * Credentials may be "post-dated" which means that their lifetime starts sometime
+ * in the future.  Note that when a post-dated credential's start time is reached,
  * the credential must be validated.  See \ref kim_credential_validate for more information.
  *
- * \li #kim_ccache_get_expiration_time() 
- * returns when the credential's in a ccache will expire. 
- * Credentials are time limited by the lifetime of the credential.  While you can 
- * request a credential of any lifetime, the KDC limits the credential lifetime 
+ * \li #kim_ccache_get_expiration_time()
+ * returns when the credential's in a ccache will expire.
+ * Credentials are time limited by the lifetime of the credential.  While you can
+ * request a credential of any lifetime, the KDC limits the credential lifetime
  * to a administrator-defined maximum.  Typically credential lifetime range from 10
  * to 21 hours.
  *
- * \li #kim_ccache_get_renewal_expiration_time() 
- * returns when the credential's in a ccache will no longer be renewable. 
- * Valid credentials may be renewed up until their renewal expiration time.  
- * Renewing credentials acquires a fresh set of credentials with a full lifetime 
- * without resending secrets to the KDC (such as a password).  If credentials are 
+ * \li #kim_ccache_get_renewal_expiration_time()
+ * returns when the credential's in a ccache will no longer be renewable.
+ * Valid credentials may be renewed up until their renewal expiration time.
+ * Renewing credentials acquires a fresh set of credentials with a full lifetime
+ * without resending secrets to the KDC (such as a password).  If credentials are
  * not renewable, this function will return an error.
  *
- * \li #kim_ccache_get_options() 
+ * \li #kim_ccache_get_options()
  * returns a kim_options object with the credential options of the credentials
- * in the ccache.  This function is intended to be used when adding 
+ * in the ccache.  This function is intended to be used when adding
  * an identity with existing credentials to the favorite identities list.
  * By passing in the options returned by this call, future requests for the
  * favorite identity will use the same credential options.
  *
- * See \ref kim_ccache_reference and \ref kim_ccache_iterator_reference for 
+ * See \ref kim_ccache_reference and \ref kim_ccache_iterator_reference for
  * information on specific APIs.
  */
 
@@ -279,8 +279,8 @@ kim_error kim_ccache_iterator_create (kim_ccache_iterator *out_ccache_iterator);
 
 /*!
  * \param in_ccache_iterator a ccache iterator object.
- * \param out_ccache         on exit, the next ccache in the cache collection. If there are 
- *                           no more ccaches in the cache collection this argument will be 
+ * \param out_ccache         on exit, the next ccache in the cache collection. If there are
+ *                           no more ccaches in the cache collection this argument will be
  *                           set to NULL.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the next ccache in the cache collection.
@@ -302,13 +302,13 @@ void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator);
  */
 
 /*!
- * \param out_ccache          on exit, a new cache object for a ccache containing a newly acquired 
+ * \param out_ccache          on exit, a new cache object for a ccache containing a newly acquired
  *      		      initial credential.  Must be freed with kim_ccache_free().
- * \param in_client_identity  a client identity to obtain a credential for.   Specify KIM_IDENTITY_ANY to 
+ * \param in_client_identity  a client identity to obtain a credential for.   Specify KIM_IDENTITY_ANY to
  *                            allow the user to choose.
- * \param in_options          options to control credential acquisition. 
- * \note #kim_ccache_create_new() may 
- * present a GUI or command line prompt to obtain information from the user. 
+ * \param in_options          options to control credential acquisition.
+ * \note #kim_ccache_create_new() may
+ * present a GUI or command line prompt to obtain information from the user.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Acquire a new initial credential and store it in a ccache.
  */
@@ -317,14 +317,14 @@ kim_error kim_ccache_create_new (kim_ccache          *out_ccache,
                                  kim_options          in_options);
 
 /*!
- * \param out_ccache          on exit, a new cache object for a ccache containing a newly acquired 
+ * \param out_ccache          on exit, a new cache object for a ccache containing a newly acquired
  *      		      initial credential.  Must be freed with kim_ccache_free().
- * \param in_client_identity  a client identity to obtain a credential for.   Specify KIM_IDENTITY_ANY to 
+ * \param in_client_identity  a client identity to obtain a credential for.   Specify KIM_IDENTITY_ANY to
  *                            allow the user to choose.
- * \param in_options          options to control credential acquisition. 
- * \param in_password         a password to be used while obtaining credentials. 
+ * \param in_options          options to control credential acquisition.
+ * \param in_password         a password to be used while obtaining credentials.
  * \note #kim_ccache_create_new_with_password() exists to support
- * legacy password-based Kerberos environments.  You should not use this 
+ * legacy password-based Kerberos environments.  You should not use this
  * function unless you know that it will only be used in environments using passwords.
  * This function may also present a GUI or command line prompt to obtain
  * additional information needed to obtain credentials (eg: SecurID pin).
@@ -338,12 +338,12 @@ kim_error kim_ccache_create_new_with_password (kim_ccache   *out_ccache,
                                                kim_string    in_password);
 
 /*!
- * \param out_ccache          on exit, a ccache object for a ccache containing a newly acquired   
+ * \param out_ccache          on exit, a ccache object for a ccache containing a newly acquired
  *                            initial credential. Must be freed with kim_ccache_free().
  * \param in_client_identity  a client identity to obtain a credential for.
- * \param in_options          options to control credential acquisition (if a credential is acquired). 
- * \note #kim_ccache_create_new_if_needed() may 
- * present a GUI or command line prompt to obtain information from the user. 
+ * \param in_options          options to control credential acquisition (if a credential is acquired).
+ * \note #kim_ccache_create_new_if_needed() may
+ * present a GUI or command line prompt to obtain information from the user.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Find a ccache containing a valid initial credential in the cache collection, or if
  *        unavailable, acquire and store a new initial credential.
@@ -353,13 +353,13 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache   *out_ccache,
                                            kim_options   in_options);
 
 /*!
- * \param out_ccache          on exit, a ccache object for a ccache containing a newly acquired   
+ * \param out_ccache          on exit, a ccache object for a ccache containing a newly acquired
  *                            initial credential. Must be freed with kim_ccache_free().
  * \param in_client_identity  a client identity to obtain a credential for.
- * \param in_options          options to control credential acquisition (if a credential is acquired). 
- * \param in_password         a password to be used while obtaining credentials. 
+ * \param in_options          options to control credential acquisition (if a credential is acquired).
+ * \param in_password         a password to be used while obtaining credentials.
  * \note #kim_ccache_create_new_if_needed_with_password() exists to support
- * legacy password-based Kerberos environments.  You should not use this 
+ * legacy password-based Kerberos environments.  You should not use this
  * function unless you know that it will only be used in environments using passwords.
  * This function may also present a GUI or command line prompt to obtain
  * additional information needed to obtain credentials (eg: SecurID pin).
@@ -373,10 +373,10 @@ kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache   *out_ccach
                                                          kim_string    in_password);
 
 /*!
- * \param out_ccache          on exit, a ccache object for a ccache containing a TGT  
+ * \param out_ccache          on exit, a ccache object for a ccache containing a TGT
  *                            credential. Must be freed with kim_ccache_free().
- * \param in_client_identity  a client identity to find a ccache for.  If 
- *                            \a in_client_identity is #KIM_IDENTITY_ANY, this  
+ * \param in_client_identity  a client identity to find a ccache for.  If
+ *                            \a in_client_identity is #KIM_IDENTITY_ANY, this
  *                            function returns the default ccache
  *                            (ie: is equivalent to #kim_ccache_create_from_default()).
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -386,13 +386,13 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache   *out_ccache,
                                                   kim_identity  in_client_identity);
 
 /*!
- * \param out_ccache      on exit, a new ccache object containing an initial credential 
- *      		  for the client identity \a in_identity obtained using in_keytab.  
+ * \param out_ccache      on exit, a new ccache object containing an initial credential
+ *      		  for the client identity \a in_identity obtained using in_keytab.
  *      		  Must be freed with kim_ccache_free().
  * \param in_identity     a client identity to obtain a credential for.  Specify NULL for
  *      		  the first client identity in the keytab.
- * \param in_options      options to control credential acquisition. 
- * \param in_keytab       a path to a keytab.  Specify NULL for the default keytab location. 
+ * \param in_options      options to control credential acquisition.
+ * \param in_keytab       a path to a keytab.  Specify NULL for the default keytab location.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Acquire a new initial credential from a keytab and store it in a ccache.
  */
@@ -402,7 +402,7 @@ kim_error kim_ccache_create_from_keytab (kim_ccache    *out_ccache,
                                          kim_string     in_keytab);
 
 /*!
- * \param out_ccache on exit, a ccache object for the default ccache.  
+ * \param out_ccache on exit, a ccache object for the default ccache.
  *                   Must be freed with kim_ccache_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the default ccache.
@@ -410,7 +410,7 @@ kim_error kim_ccache_create_from_keytab (kim_ccache    *out_ccache,
 kim_error kim_ccache_create_from_default (kim_ccache *out_ccache);
 
 /*!
- * \param out_ccache      on exit, a ccache object for the ccache identified by 
+ * \param out_ccache      on exit, a ccache object for the ccache identified by
  *                        \a in_display_name.  Must be freed with kim_ccache_free().
  * \param in_display_name a ccache display name string (ie: "TYPE:NAME").
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -421,10 +421,10 @@ kim_error kim_ccache_create_from_display_name (kim_ccache  *out_ccache,
                                                kim_string   in_display_name);
 
 /*!
- * \param out_ccache  on exit, a ccache object for the ccache identified by 
+ * \param out_ccache  on exit, a ccache object for the ccache identified by
  *                    \a in_type and \a in_name.  Must be freed with kim_ccache_free().
- * \param in_type     a ccache type string. 
- * \param in_name     a ccache name string. 
+ * \param in_type     a ccache type string.
+ * \param in_name     a ccache name string.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \note This API is provided for backwards compatibilty with applications which are not
  *       KIM-aware and should be avoided whenever possible.
@@ -435,10 +435,10 @@ kim_error kim_ccache_create_from_type_and_name (kim_ccache  *out_ccache,
                                                 kim_string   in_name);
 
 /*!
- * \param out_ccache      on exit, a new ccache object which is a copy of in_krb5_ccache.  
+ * \param out_ccache      on exit, a new ccache object which is a copy of in_krb5_ccache.
  *      		  Must be freed with kim_ccache_free().
- * \param in_krb5_context the krb5 context used to create \a in_krb5_ccache. 
- * \param in_krb5_ccache  a krb5 ccache object. 
+ * \param in_krb5_context the krb5 context used to create \a in_krb5_ccache.
+ * \param in_krb5_ccache  a krb5 ccache object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get a ccache for a krb5 ccache.
  */
@@ -447,9 +447,9 @@ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache  *out_ccache,
                                               krb5_ccache  in_krb5_ccache);
 
 /*!
- * \param out_ccache on exit, the new ccache object which is a copy of in_ccache.  
+ * \param out_ccache on exit, the new ccache object which is a copy of in_ccache.
  *      	     Must be freed with kim_ccache_free().
- * \param in_ccache  a ccache object. 
+ * \param in_ccache  a ccache object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Copy a ccache.
  */
@@ -459,7 +459,7 @@ kim_error kim_ccache_copy (kim_ccache  *out_ccache,
 /*!
  * \param in_ccache             a ccache object.
  * \param in_compare_to_ccache  a ccache object.
- * \param out_comparison        on exit, a comparison of \a in_ccache and 
+ * \param out_comparison        on exit, a comparison of \a in_ccache and
  *                              \a in_compare_to_ccache which determines whether
  *                              or not the two ccache objects refer to the same ccache.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -468,11 +468,11 @@ kim_error kim_ccache_copy (kim_ccache  *out_ccache,
 kim_error kim_ccache_compare (kim_ccache      in_ccache,
                               kim_ccache      in_compare_to_ccache,
                               kim_comparison *out_comparison);
-    
+
 /*!
- * \param in_ccache        a ccache object. 
- * \param in_krb5_context  a krb5 context which will be used to create out_krb5_ccache. 
- * \param out_krb5_ccache  on exit, a new krb5 ccache object which is a copy of in_ccache.  
+ * \param in_ccache        a ccache object.
+ * \param in_krb5_context  a krb5 context which will be used to create out_krb5_ccache.
+ * \param out_krb5_ccache  on exit, a new krb5 ccache object which is a copy of in_ccache.
  *      		   Must be freed with krb5_cc_close() or krb5_cc_destroy().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get a krb5 ccache for a ccache.
@@ -482,7 +482,7 @@ kim_error kim_ccache_get_krb5_ccache (kim_ccache  in_ccache,
                                       krb5_ccache  *out_krb5_ccache);
 
 /*!
- * \param in_ccache  a ccache object. 
+ * \param in_ccache  a ccache object.
  * \param out_name   on exit, the name string of \a in_ccache.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the name of a ccache.
@@ -491,7 +491,7 @@ kim_error kim_ccache_get_name (kim_ccache  in_ccache,
                                kim_string *out_name);
 
 /*!
- * \param in_ccache  a ccache object. 
+ * \param in_ccache  a ccache object.
  * \param out_type   on exit, the type string of \a in_ccache.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the type of a ccache.
@@ -500,8 +500,8 @@ kim_error kim_ccache_get_type (kim_ccache  in_ccache,
                                kim_string *out_type);
 
 /*!
- * \param in_ccache        a ccache object. 
- * \param out_display_name on exit, the type and name of \a in_ccache in a format appropriate for  
+ * \param in_ccache        a ccache object.
+ * \param out_display_name on exit, the type and name of \a in_ccache in a format appropriate for
  *                         display to the user in command line programs.  (ie: "<type>:<name>")
  *      		   Must be freed with kim_string_free().
  *                         Note: this string can also be passed to krb5_cc_resolve().
@@ -512,8 +512,8 @@ kim_error kim_ccache_get_display_name (kim_ccache  in_ccache,
                                        kim_string *out_display_name);
 
 /*!
- * \param in_ccache            a ccache object. 
- * \param out_client_identity  on exit, an identity object containing the client identity of   
+ * \param in_ccache            a ccache object.
+ * \param out_client_identity  on exit, an identity object containing the client identity of
  *      		       \a in_ccache. Must be freed with kim_identity_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the client identity for a ccache.
@@ -522,15 +522,15 @@ kim_error kim_ccache_get_client_identity (kim_ccache    in_ccache,
                                           kim_identity *out_client_identity);
 
 /*!
- * \param in_ccache       a ccache object. 
- * \param out_credential  on exit, the first valid credential in \a in_ccache. 
+ * \param in_ccache       a ccache object.
+ * \param out_credential  on exit, the first valid credential in \a in_ccache.
  *      		  Must be freed with kim_credential_free().  Set to NULL
  *                        if you only want return value, not the actual credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the first valid credential in a ccache.
  * \note This function prefers valid TGT credentials.  If there are only non-valid TGTs
- *       in the ccache, it will always return an error.  However, if there are no 
- *       TGTs at all, it will return the first valid non-TGT credential. If you only want 
+ *       in the ccache, it will always return an error.  However, if there are no
+ *       TGTs at all, it will return the first valid non-TGT credential. If you only want
  *       TGTs, use kim_credential_is_tgt() to verify that \a out_credential is a tgt.
  */
 kim_error kim_ccache_get_valid_credential (kim_ccache      in_ccache,
@@ -538,20 +538,20 @@ kim_error kim_ccache_get_valid_credential (kim_ccache      in_ccache,
 
 /*!
  * \param in_ccache     a ccache object.
- * \param out_state     on exit, the state of the credentials in \a in_ccache.  
+ * \param out_state     on exit, the state of the credentials in \a in_ccache.
  *                      See #kim_credential_state_enum for the possible values
  *                      of \a out_state.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Check the state of the credentials in a ccache (valid, expired, postdated, etc).
- * \note This function prefers TGT credentials.  If there are any TGTs in the 
- *       ccache, it will always return their state.  However, if there are no 
+ * \note This function prefers TGT credentials.  If there are any TGTs in the
+ *       ccache, it will always return their state.  However, if there are no
  *       TGTs at all, it will return the state of the first non-TGT credential.
  */
 kim_error kim_ccache_get_state (kim_ccache            in_ccache,
                                 kim_credential_state *out_state);
-    
+
 /*!
- * \param in_ccache      a ccache object. 
+ * \param in_ccache      a ccache object.
  * \param out_start_time on exit, the time when the credentials in \a in_ccache
  *                       become valid.  May be in the past or future.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -561,8 +561,8 @@ kim_error kim_ccache_get_start_time (kim_ccache  in_ccache,
                                      kim_time   *out_start_time);
 
 /*!
- * \param in_ccache           a ccache object. 
- * \param out_expiration_time on exit, the time when the credentials in 
+ * \param in_ccache           a ccache object.
+ * \param out_expiration_time on exit, the time when the credentials in
  *                            \a in_ccache will expire.  May be in the past or future.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the time when the credentials in the ccache will expire.
@@ -571,8 +571,8 @@ kim_error kim_ccache_get_expiration_time (kim_ccache  in_ccache,
                                           kim_time   *out_expiration_time);
 
 /*!
- * \param in_ccache                   a ccache object. 
- * \param out_renewal_expiration_time on exit, the time when the credentials in \a in_ccache 
+ * \param in_ccache                   a ccache object.
+ * \param out_renewal_expiration_time on exit, the time when the credentials in \a in_ccache
  *                                    will no longer be renewable. May be in the past or future.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the time when the credentials in the ccache will no longer be renewable.
@@ -581,7 +581,7 @@ kim_error kim_ccache_get_renewal_expiration_time (kim_ccache  in_ccache,
                                                   kim_time   *out_renewal_expiration_time);
 
 /*!
- * \param in_ccache      a ccache object. 
+ * \param in_ccache      a ccache object.
  * \param out_options    on exit, an options object reflecting the ticket
  *                       options of the credentials in \a in_ccache.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -591,7 +591,7 @@ kim_error kim_ccache_get_options (kim_ccache   in_ccache,
                                   kim_options *out_options);
 
 /*!
- * \param io_ccache a ccache object which will be set to the default ccache. 
+ * \param io_ccache a ccache object which will be set to the default ccache.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \note This API is provided for backwards compatibilty with applications which are not
  *       KIM-aware and should be avoided whenever possible.
@@ -600,14 +600,14 @@ kim_error kim_ccache_get_options (kim_ccache   in_ccache,
 kim_error kim_ccache_set_default (kim_ccache io_ccache);
 
 /*!
- * \param in_ccache              a ccache object containing the TGT credential to be verified. 
- * \param in_service_identity    a service identity to look for in the keytab.  Specify 
+ * \param in_ccache              a ccache object containing the TGT credential to be verified.
+ * \param in_service_identity    a service identity to look for in the keytab.  Specify
  *                               KIM_IDENTITY_ANY to use the default service identity
  *                               (usually host/<host's FQDN>@<host's local realm>).
- * \param in_keytab              a path to a keytab.  Specify NULL for the default keytab location. 
+ * \param in_keytab              a path to a keytab.  Specify NULL for the default keytab location.
  * \param in_fail_if_no_service_key whether or not the absence of a key for \a in_service_identity
- *                                  in the host's keytab will cause a failure. 
- * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to 
+ *                                  in the host's keytab will cause a failure.
+ * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to
  * the Zanarotti attack if the host has no keytab installed.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Verify the TGT in a ccache.
@@ -618,7 +618,7 @@ kim_error kim_ccache_verify (kim_ccache   in_ccache,
                              kim_boolean  in_fail_if_no_service_key);
 
 /*!
- * \param in_ccache  a ccache object containing a TGT to be renewed. 
+ * \param in_ccache  a ccache object containing a TGT to be renewed.
  * \param in_options initial credential options to be used if a new credential is obtained.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Renew the TGT in a ccache.
@@ -627,7 +627,7 @@ kim_error kim_ccache_renew (kim_ccache  in_ccache,
                             kim_options in_options);
 
 /*!
- * \param in_ccache  a ccache object containing a TGT to be validated. 
+ * \param in_ccache  a ccache object containing a TGT to be validated.
  * \param in_options initial credential options.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Validate the TGT in a ccache.
diff --git a/src/include/kim/kim_credential.h b/src/include/kim/kim_credential.h
index c061f1199..634c458f0 100644
--- a/src/include/kim/kim_credential.h
+++ b/src/include/kim/kim_credential.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -28,10 +28,10 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
-    
+
 #include <kim/kim_types.h>
 #include <krb5.h>
-    
+
 /*!
  * \addtogroup kim_types_reference
  * @{
@@ -41,12 +41,12 @@ extern "C" {
  * Possible credential states.  Credentials may be:
  * \li valid - The credential can be used.
  * \li expired - The credential's lifetime has been exceeded.
- * \li not_yet_valid - The credential is post dated and the time when 
+ * \li not_yet_valid - The credential is post dated and the time when
  *                     it becomes valid has not yet been reached.
  * \li needs_validation - The credential is post-dated and although
  *                        the time when it becomes valid has been reached
  *                        it has not yet been validated.
- * \li address_mismatch - The credential contains IP address(es) which do 
+ * \li address_mismatch - The credential contains IP address(es) which do
  *                        not match the host's local address(es).
  */
 enum kim_credential_state_enum {
@@ -63,23 +63,23 @@ enum kim_credential_state_enum {
  */
 typedef int kim_credential_state;
 
-/*! @} */    
+/*! @} */
 
 /*!
  * \page kim_credential_overview KIM Credential Overview
  *
  * \section kim_credential_introduction Introduction
  *
- * A Kerberos credential (also called a "Kerberos ticket") is a time-limited  
- * token issued by a KDC which authenticates the entity named by the credential's 
- * client identity to the service named by the credential's service identity. 
+ * A Kerberos credential (also called a "Kerberos ticket") is a time-limited
+ * token issued by a KDC which authenticates the entity named by the credential's
+ * client identity to the service named by the credential's service identity.
  *
  * The kim_credential object contains a single Kerberos credential.  KIM credentials
  * objects are always copies of credentials, not references to credentials
- * stored in the cache collection.  Modifying credential objects in the ccache 
+ * stored in the cache collection.  Modifying credential objects in the ccache
  * collection will not change any existing KIM credential objects.
  *
- * KIM credential APIs are intended for applications and system 
+ * KIM credential APIs are intended for applications and system
  * tools which manage credentials for the user.  They are not a substitute for
  * krb5 and GSSAPI functions which obtain service credentials for the purpose
  * of authenticating a client to an application server.
@@ -87,7 +87,7 @@ typedef int kim_credential_state;
  * \note Many of the APIs listed below have equivalent functions which
  * operate on ccaches.  In most cases applications will want to use the
  * ccache versions of these APIs since they automatically store any
- * newly created credentials.  See \ref kim_ccache_overview for more 
+ * newly created credentials.  See \ref kim_ccache_overview for more
  * information.
  *
  *
@@ -95,25 +95,25 @@ typedef int kim_credential_state;
  *
  * KIM provides the #kim_credential_create_new() API for acquiring new
  * credentials.  Credentials can either be obtained for a specific
- * client identity or by specifying #KIM_IDENTITY_ANY to allow  
+ * client identity or by specifying #KIM_IDENTITY_ANY to allow
  * the user to choose.  Typically callers of this API obtain the client
- * identity using #kim_selection_hints_get_identity().  Depending on the 
- * kim_options specified, #kim_credential_create_new() may present a 
+ * identity using #kim_selection_hints_get_identity().  Depending on the
+ * kim_options specified, #kim_credential_create_new() may present a
  * GUI or command line prompt to obtain information from the user.
  *
  * For legacy password-based Kerberos environments KIM also provides
- * #kim_credential_create_new_with_password().  You should not use this 
- * function unless you know that it will only be used in environments using 
+ * #kim_credential_create_new_with_password().  You should not use this
+ * function unless you know that it will only be used in environments using
  * passwords.  Otherwise users without passwords may be prompted for them.
  *
- * KIM provides the #kim_credential_create_from_keytab() to create credentials 
- * using a keytab. A keytab is an on-disk copy of a client identity's secret 
- * key.  Typically sites use keytabs for client identities that identify a 
- * machine or service and protect the keytab with disk permissions.  Because 
- * a keytab is sufficient to obtain credentials, keytabs will normally only 
- * be readable by root, Administrator or some other privileged account.  
+ * KIM provides the #kim_credential_create_from_keytab() to create credentials
+ * using a keytab. A keytab is an on-disk copy of a client identity's secret
+ * key.  Typically sites use keytabs for client identities that identify a
+ * machine or service and protect the keytab with disk permissions.  Because
+ * a keytab is sufficient to obtain credentials, keytabs will normally only
+ * be readable by root, Administrator or some other privileged account.
  * Typically applications use credentials obtained from keytabs to obtain
- * credentials for batch processes.  These keytabs and credentials are usually 
+ * credentials for batch processes.  These keytabs and credentials are usually
  * for a special identity used for the batch process rather than a user
  * identity.
  *
@@ -121,18 +121,18 @@ typedef int kim_credential_state;
  * \section kim_credential_validate Validating Credentials
  *
  * A credential with a start time in the future (ie: after the issue date)
- * is called a post-dated credential.  Because the KDC administrator may 
+ * is called a post-dated credential.  Because the KDC administrator may
  * wish to disable a identity, once the start time is reached, all post-dated
  * credentials must be validated before they can be used.  Otherwise an
- * attacker using a compromised account could acquire lots of post-dated 
+ * attacker using a compromised account could acquire lots of post-dated
  * credentials to circumvent the acccount being disabled.
  *
  * KIM provides the #kim_credential_validate() API to validate a credential.
- * Note that this API replaces the credential object with a new validated 
- * credential object.  If you wish to store the new credential in the 
- * ccache collection you must either call #kim_credential_store() on the 
+ * Note that this API replaces the credential object with a new validated
+ * credential object.  If you wish to store the new credential in the
+ * ccache collection you must either call #kim_credential_store() on the
  * validated credential or use #kim_ccache_validate() instead.
- * 
+ *
  *
  * \section kim_credential_renew Renewing Credentials
  *
@@ -142,19 +142,19 @@ typedef int kim_credential_state;
  * valid.
  *
  * KIM provides the #kim_credential_renew() API to renew a credential.
- * Note that this API replaces the credential object with a new renewed 
- * credential object.  If you wish to store the new credential in the 
- * ccache collection you must either call #kim_credential_store() on the 
+ * Note that this API replaces the credential object with a new renewed
+ * credential object.  If you wish to store the new credential in the
+ * ccache collection you must either call #kim_credential_store() on the
  * renewed credential or use #kim_ccache_renew() instead.
  *
  *
  * \section kim_credential_storing Storing Credentials in the Cache Collection
  *
- * KIM credential objects may be stored in the ccache collection using 
+ * KIM credential objects may be stored in the ccache collection using
  * #kim_credential_store().  This function runs any KIM authentication
- * plugins on the credential and if the plugins return successfully, creates a 
- * new ccache for the credential's client identity in the cache collection 
- * and stores the credential in that ccache.  Any existing ccaches and credentials 
+ * plugins on the credential and if the plugins return successfully, creates a
+ * new ccache for the credential's client identity in the cache collection
+ * and stores the credential in that ccache.  Any existing ccaches and credentials
  * for that client identity will be overwritten.   #kim_credential_store() may
  * optionally return a kim_ccache object for the new ccache if you need to perform
  * further operations on the new ccache.
@@ -168,9 +168,9 @@ typedef int kim_credential_state;
  * \section kim_credential_iterator Iterating over the Credentials in a CCache
  *
  * KIM provides a simple iterator API for iterating over the credentials
- * in a ccache.  First, call #kim_credential_iterator_create() to obtain 
+ * in a ccache.  First, call #kim_credential_iterator_create() to obtain
  * an iterator for a ccache.  Then loop calling #kim_credential_iterator_next()
- * until either you find the credential you are looking for or the API 
+ * until either you find the credential you are looking for or the API
  * returns a NULL credential, indicating that there are no more
  * credentials in the ccache.  When you are done with the iterator, call
  * #kim_credential_iterator_free().
@@ -182,65 +182,65 @@ typedef int kim_credential_state;
  * \section kim_credential_verify Verifying Credentials
  *
  * When a program acquires TGT credentials for the purpose of authenticating
- * itself to the machine it is running on, it is insufficient for the machine 
- * to assume that the caller is authorized just because it got credentials.  
- * Instead, the credentials must be verified using a key the local machine.  
- * The reason this is necessary is because an attacker can trick the  
+ * itself to the machine it is running on, it is insufficient for the machine
+ * to assume that the caller is authorized just because it got credentials.
+ * Instead, the credentials must be verified using a key the local machine.
+ * The reason this is necessary is because an attacker can trick the
  * machine into obtaining credentials from any KDC, including malicious ones
- * with the same realm name as the local machine's realm.  This exploit is 
- * called the Zanarotti attack.  
+ * with the same realm name as the local machine's realm.  This exploit is
+ * called the Zanarotti attack.
  *
  * In order to avoid the Zanarotti attack, the local machine must authenticate
  * the process in the same way an application server would authenticate a client.
- * Like an application server, the local machine must have its own identity in 
+ * Like an application server, the local machine must have its own identity in
  * its realm and a keytab for that identity on its local disk.    However,
- * rather than forcing system daemons to use the network-oriented calls in the 
- * krb5 and GSS APIs, KIM provides the #kim_credential_verify() API to 
- * verify credentials directly.  
- * 
- * The most common reason for using #kim_credential_verify() is user login.  
+ * rather than forcing system daemons to use the network-oriented calls in the
+ * krb5 and GSS APIs, KIM provides the #kim_credential_verify() API to
+ * verify credentials directly.
+ *
+ * The most common reason for using #kim_credential_verify() is user login.
  * If the local machine wants to use Kerberos to verify the username and password
  * provided by the user, it must call #kim_credential_verify() on the credentials
  * it obtains to make sure they are really from a KDC it trusts.  Another common
  * case is a server which is only using Kerberos internally.  For example an
  * LDAP or web server might use a username and password obtained over the network
- * to get Kerberos credentials.  In order to make sure they aren't being tricked 
- * into talking to the wrong KDC, these servers must also call 
+ * to get Kerberos credentials.  In order to make sure they aren't being tricked
+ * into talking to the wrong KDC, these servers must also call
  * #kim_credential_verify().
- * 
- * The Zanarotti attack is only a concern if the act of accessing the machine 
- * gives the process special access.  Thus a managed cluster machine with 
- * Kerberos-authenticated networked home directories does not need to call 
- * #kim_credential_verify().  Even though an attacker can log in as any user on   
- * the cluster machine, the attacker can't actually access any of the user's data 
- * or use any of their privileges because those are all authenticated via  
- * Kerberized application servers (and thus require actually having credentials 
+ *
+ * The Zanarotti attack is only a concern if the act of accessing the machine
+ * gives the process special access.  Thus a managed cluster machine with
+ * Kerberos-authenticated networked home directories does not need to call
+ * #kim_credential_verify().  Even though an attacker can log in as any user on
+ * the cluster machine, the attacker can't actually access any of the user's data
+ * or use any of their privileges because those are all authenticated via
+ * Kerberized application servers (and thus require actually having credentials
  * for the real local realm).
  *
- * #kim_credential_verify() provides an option to 
- * return success even if the machine's host key is not present.  This option 
- * exists for sites which have a mix of different machines, some of which are  
- * vulnerable to the Zanarotti attack and some are not.  If this option is used, 
+ * #kim_credential_verify() provides an option to
+ * return success even if the machine's host key is not present.  This option
+ * exists for sites which have a mix of different machines, some of which are
+ * vulnerable to the Zanarotti attack and some are not.  If this option is used,
  * it is the responsiblity of the machine's maintainer to obtain a keytab
  * for their machine if it needs one.
  *
  *
  * \section kim_credential_properties Examining Credential Properties
- * 
+ *
  * \li #kim_credential_get_client_identity()
  *     returns the credential's client identity.
  *
- * \li #kim_credential_get_service_identity() 
+ * \li #kim_credential_get_service_identity()
  *     returns the credential's service identity.
  *
- * \li #kim_credential_is_tgt() 
- *     returns whether the credential is a TGT (ie: "ticket-granting ticket").  TGTs are  
- *     credentials for the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>".   
- *     These credentials allow the entity named by the client identity to obtain  
+ * \li #kim_credential_is_tgt()
+ *     returns whether the credential is a TGT (ie: "ticket-granting ticket").  TGTs are
+ *     credentials for the krbtgt service: a service identity of the form "krbtgt/<REALM>@<REALM>".
+ *     These credentials allow the entity named by the client identity to obtain
  *     additional service credentials without resending shared secrets (such as a password)
  *     to the KDC. Kerberos uses TGTs to provide single sign-on authentication.
  *
- * \li #kim_credential_get_state() 
+ * \li #kim_credential_get_state()
  *     returns a #kim_credential_state containing the state of the credential.
  *     Possible values are:
  *     * kim_credentials_state_valid
@@ -249,35 +249,35 @@ typedef int kim_credential_state;
  *     * kim_credentials_state_needs_validation
  *     * kim_credentials_state_address_mismatch
  *
- * \li #kim_credential_get_start_time() 
- *     returns when the credential will become valid.  
- *     Credentials may be "post-dated" which means that their lifetime starts sometime 
- *     in the future.  Note that when a post-dated credential's start time is reached, 
+ * \li #kim_credential_get_start_time()
+ *     returns when the credential will become valid.
+ *     Credentials may be "post-dated" which means that their lifetime starts sometime
+ *     in the future.  Note that when a post-dated credential's start time is reached,
  *     the credential must be validated.  See \ref kim_credential_validate for more information.
  *
- * \li #kim_credential_get_expiration_time() 
- *     returns when the credential will expire. 
- *     Credentials are time limited by the lifetime of the credential.  While you can 
- *     request a credential of any lifetime, the KDC limits the credential lifetime 
+ * \li #kim_credential_get_expiration_time()
+ *     returns when the credential will expire.
+ *     Credentials are time limited by the lifetime of the credential.  While you can
+ *     request a credential of any lifetime, the KDC limits the credential lifetime
  *     to a administrator-defined maximum.  Typically credential lifetime range from 10
  *     to 21 hours.
  *
- * \li #kim_credential_get_renewal_expiration_time() 
- *     returns when the credential will no longer be renewable. 
- *     Valid credentials may be renewed up until their renewal expiration time.  
- *     Renewing credentials acquires a fresh set of credentials with a full lifetime 
- *     without resending secrets to the KDC (such as a password).  If credentials are 
+ * \li #kim_credential_get_renewal_expiration_time()
+ *     returns when the credential will no longer be renewable.
+ *     Valid credentials may be renewed up until their renewal expiration time.
+ *     Renewing credentials acquires a fresh set of credentials with a full lifetime
+ *     without resending secrets to the KDC (such as a password).  If credentials are
  *     not renewable, this function will return a renewal expiration time of 0.
  *
- * \li #kim_credential_get_options() 
- *     returns a kim_options object with the credential options of the 
- *     credential.  This function is intended to be used when adding 
+ * \li #kim_credential_get_options()
+ *     returns a kim_options object with the credential options of the
+ *     credential.  This function is intended to be used when adding
  *     an identity with existing credentials to the favorite identities list.
  *     By passing in the options returned by this call, future requests for the
  *     favorite identity will use the same credential options.
  *
  *
- * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for 
+ * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for
  * information on specific APIs.
  */
 
@@ -299,8 +299,8 @@ kim_error kim_credential_iterator_create (kim_credential_iterator *out_credentia
 
 /*!
  * \param in_credential_iterator a credential iterator object.
- * \param out_credential         on exit, the next credential in the ccache iterated by 
- *                               \a in_credential_iterator.   Must be freed with 
+ * \param out_credential         on exit, the next credential in the ccache iterated by
+ *                               \a in_credential_iterator.   Must be freed with
  *                               kim_credential_free(). If there are no more credentials
  *                               this argument will be set to NULL.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -324,13 +324,13 @@ void kim_credential_iterator_free (kim_credential_iterator *io_credential_iterat
  */
 
 /*!
- * \param out_credential      on exit, a new credential object containing a newly acquired 
+ * \param out_credential      on exit, a new credential object containing a newly acquired
  *                            initial credential.  Must be freed with kim_credential_free().
- * \param in_client_identity  a client identity to obtain a credential for.   Specify NULL to 
+ * \param in_client_identity  a client identity to obtain a credential for.   Specify NULL to
  *                            allow the user to choose the identity
- * \param in_options          options to control credential acquisition. 
- * \note #kim_credential_create_new() may 
- * present a GUI or command line prompt to obtain information from the user. 
+ * \param in_options          options to control credential acquisition.
+ * \note #kim_credential_create_new() may
+ * present a GUI or command line prompt to obtain information from the user.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Acquire a new initial credential.
  * \sa kim_ccache_create_new
@@ -340,14 +340,14 @@ kim_error kim_credential_create_new (kim_credential *out_credential,
                                      kim_options     in_options);
 
 /*!
- * \param out_credential      on exit, a new credential object containing a newly acquired 
+ * \param out_credential      on exit, a new credential object containing a newly acquired
  *                            initial credential.  Must be freed with kim_credential_free().
- * \param in_client_identity  a client identity to obtain a credential for.   Specify NULL to 
+ * \param in_client_identity  a client identity to obtain a credential for.   Specify NULL to
  *                            allow the user to choose the identity
- * \param in_options          options to control credential acquisition. 
- * \param in_password         a password to be used while obtaining the credential. 
+ * \param in_options          options to control credential acquisition.
+ * \param in_password         a password to be used while obtaining the credential.
  * \note #kim_credential_create_new_with_password() exists to support
- * legacy password-based Kerberos environments.  You should not use this 
+ * legacy password-based Kerberos environments.  You should not use this
  * function unless you know that it will only be used in environments using passwords.
  * This function may also present a GUI or command line prompt to obtain
  * additional information needed to obtain credentials (eg: SecurID pin).
@@ -359,15 +359,15 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia
                                                    kim_identity    in_client_identity,
                                                    kim_options     in_options,
                                                    kim_string      in_password);
-    
+
 /*!
  * \param out_credential  on exit, a new credential object containing an initial credential
- *                        for \a in_identity obtained using \a in_keytab.  
+ *                        for \a in_identity obtained using \a in_keytab.
  *                        Must be freed with kim_credential_free().
  * \param in_identity     a client identity to obtain a credential for.  Specify NULL for
  *                        the first identity in the keytab.
- * \param in_options      options to control credential acquisition. 
- * \param in_keytab       a path to a keytab.  Specify NULL for the default keytab location. 
+ * \param in_options      options to control credential acquisition.
+ * \param in_keytab       a path to a keytab.  Specify NULL for the default keytab location.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Acquire a new initial credential from a keytab.
  * \sa kim_ccache_create_from_keytab
@@ -378,10 +378,10 @@ kim_error kim_credential_create_from_keytab (kim_credential *out_credential,
                                              kim_string      in_keytab);
 
 /*!
- * \param out_credential  on exit, a new credential object which is a copy of \a in_krb5_creds.  
+ * \param out_credential  on exit, a new credential object which is a copy of \a in_krb5_creds.
  *                        Must be freed with kim_credential_free().
- * \param in_krb5_context the krb5 context used to create \a in_krb5_creds. 
- * \param in_krb5_creds   a krb5 credential object. 
+ * \param in_krb5_context the krb5 context used to create \a in_krb5_creds.
+ * \param in_krb5_creds   a krb5 credential object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Copy a credential from a krb5 credential object.
  */
@@ -390,9 +390,9 @@ kim_error kim_credential_create_from_krb5_creds (kim_credential *out_credential,
                                                  krb5_creds       *in_krb5_creds);
 
 /*!
- * \param out_credential  on exit, a new credential object which is a copy of \a in_credential.  
+ * \param out_credential  on exit, a new credential object which is a copy of \a in_credential.
  *                        Must be freed with kim_credential_free().
- * \param in_credential   a credential object. 
+ * \param in_credential   a credential object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Copy a credential object.
  */
@@ -400,9 +400,9 @@ kim_error kim_credential_copy (kim_credential *out_credential,
                                kim_credential  in_credential);
 
 /*!
- * \param in_credential    a credential object. 
- * \param in_krb5_context  a krb5 context which will be used to create \a out_krb5_creds. 
- * \param out_krb5_creds   on exit, a new krb5 creds object which is a copy of \a in_credential.  
+ * \param in_credential    a credential object.
+ * \param in_krb5_context  a krb5 context which will be used to create \a out_krb5_creds.
+ * \param out_krb5_creds   on exit, a new krb5 creds object which is a copy of \a in_credential.
  *                         Must be freed with krb5_free_creds().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get a krb5 credentials object for a credential object.
@@ -412,8 +412,8 @@ kim_error kim_credential_get_krb5_creds (kim_credential   in_credential,
                                          krb5_creds       **out_krb5_creds);
 
 /*!
- * \param in_credential        a credential object. 
- * \param out_client_identity  on exit, an identity object containing the client identity of   
+ * \param in_credential        a credential object.
+ * \param out_client_identity  on exit, an identity object containing the client identity of
  *                             \a in_credential. Must be freed with kim_identity_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the client identity of a credential object.
@@ -422,8 +422,8 @@ kim_error kim_credential_get_client_identity (kim_credential  in_credential,
                                               kim_identity   *out_client_identity);
 
 /*!
- * \param in_credential         a credential object. 
- * \param out_service_identity  on exit, an identity object containing the service identity of   
+ * \param in_credential         a credential object.
+ * \param out_service_identity  on exit, an identity object containing the service identity of
  *                              \a in_credential. Must be freed with kim_identity_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the service identity of a credential object.
@@ -432,7 +432,7 @@ kim_error kim_credential_get_service_identity (kim_credential  in_credential,
                                                kim_identity   *out_service_identity);
 
 /*!
- * \param in_credential a credential object. 
+ * \param in_credential a credential object.
  * \param out_is_tgt    on exit, whether or not the credential is a TGT.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Check if a credential is a ticket granting ticket.
@@ -441,7 +441,7 @@ kim_error kim_credential_is_tgt (kim_credential  in_credential,
                                  kim_boolean     *out_is_tgt);
 
 /*!
- * \param in_credential a credential object. 
+ * \param in_credential a credential object.
  * \param out_state     on exit, the state of the credential.  See #kim_credential_state_enum
  *                      for the possible values of \a out_state.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -451,7 +451,7 @@ kim_error kim_credential_get_state (kim_credential        in_credential,
                                     kim_credential_state *out_state);
 
 /*!
- * \param in_credential  a credential object. 
+ * \param in_credential  a credential object.
  * \param out_start_time on exit, the time when \a in_credential becomes valid.
  *                       May be in the past or future.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -462,7 +462,7 @@ kim_error kim_credential_get_start_time (kim_credential  in_credential,
                                          kim_time       *out_start_time);
 
 /*!
- * \param in_credential       a credential object. 
+ * \param in_credential       a credential object.
  * \param out_expiration_time on exit, the time when \a in_credential will expire.
  *                            May be in the past or future.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -473,9 +473,9 @@ kim_error kim_credential_get_expiration_time (kim_credential  in_credential,
                                               kim_time       *out_expiration_time);
 
 /*!
- * \param in_credential               a credential object. 
- * \param out_renewal_expiration_time on exit, the time when \a in_credential will no longer 
- *                                    be renewable. May be in the past or future.  If 
+ * \param in_credential               a credential object.
+ * \param out_renewal_expiration_time on exit, the time when \a in_credential will no longer
+ *                                    be renewable. May be in the past or future.  If
  *                                    credentials are not renewable at all, returns 0.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the time when the credentials will no longer be renewable.
@@ -485,7 +485,7 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential  in_credent
                                                       kim_time       *out_renewal_expiration_time);
 
 /*!
- * \param in_credential  a credential object. 
+ * \param in_credential  a credential object.
  * \param out_options    on exit, an options object reflecting the ticket
  *                       options of \a in_credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -493,11 +493,11 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential  in_credent
  */
 kim_error kim_credential_get_options (kim_credential  in_credential,
                                       kim_options    *out_options);
-    
+
 /*!
- * \param in_credential       a credential object. 
+ * \param in_credential       a credential object.
  * \param in_client_identity  a client identity.
- * \param out_ccache          on exit, a ccache object containing \a in_credential with the client  
+ * \param out_ccache          on exit, a ccache object containing \a in_credential with the client
  *      		      identity \a in_client_identity.  Must be freed with kim_ccache_free().
  *                            Specify NULL if you don't want this return value.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -508,14 +508,14 @@ kim_error kim_credential_store (kim_credential  in_credential,
                                 kim_ccache     *out_ccache);
 
 /*!
- * \param in_credential          a TGT credential to be verified. 
- * \param in_service_identity    a service identity to look for in the keytab.  Specify 
+ * \param in_credential          a TGT credential to be verified.
+ * \param in_service_identity    a service identity to look for in the keytab.  Specify
  *                               KIM_IDENTITY_ANY to use the default service identity
  *                               (usually host/<host's FQDN>@<host's local realm>).
- * \param in_keytab              a path to a keytab.  Specify NULL for the default keytab location. 
+ * \param in_keytab              a path to a keytab.  Specify NULL for the default keytab location.
  * \param in_fail_if_no_service_key whether or not the absence of a key for \a in_service_identity
- *                                  in the host's keytab will cause a failure. 
- * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to 
+ *                                  in the host's keytab will cause a failure.
+ * \note specifying FALSE for \a in_fail_if_no_service_key may expose the calling program to
  * the Zanarotti attack if the host has no keytab installed.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Verify a TGT credential.
@@ -527,9 +527,9 @@ kim_error kim_credential_verify (kim_credential in_credential,
                                  kim_boolean    in_fail_if_no_service_key);
 
 /*!
- * \param io_credential  a TGT credential to be renewed.  On exit, the old credential  
- *                       object will be freed and \a io_credential will be replaced 
- *                       with a new renewed credential.  The new credential must be freed 
+ * \param io_credential  a TGT credential to be renewed.  On exit, the old credential
+ *                       object will be freed and \a io_credential will be replaced
+ *                       with a new renewed credential.  The new credential must be freed
  *                       with kim_credential_free().
  * \param in_options     initial credential options.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -540,9 +540,9 @@ kim_error kim_credential_renew (kim_credential *io_credential,
                                 kim_options     in_options);
 
 /*!
- * \param io_credential  a credential object to be validated. On exit, the old credential  
- *                       object will be freed and \a io_credential will be replaced 
- *                       with a new validated credential.  The new credential must be freed 
+ * \param io_credential  a credential object to be validated. On exit, the old credential
+ *                       object will be freed and \a io_credential will be replaced
+ *                       with a new validated credential.  The new credential must be freed
  *                       with kim_credential_free().
  * \param in_options     initial credential options.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -559,8 +559,8 @@ kim_error kim_credential_validate (kim_credential *io_credential,
 void kim_credential_free (kim_credential *io_credential);
 
 /*!@}*/
-    
-    
+
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/include/kim/kim_identity.h b/src/include/kim/kim_identity.h
index cd50a4080..a8540277d 100644
--- a/src/include/kim/kim_identity.h
+++ b/src/include/kim/kim_identity.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -32,13 +32,13 @@ extern "C" {
 #include <kim/kim_types.h>
 #include <krb5.h>
 #include <gssapi/gssapi.h>
-    
+
 /*!
  * \ingroup kim_types_reference
  * Constant to specify any Kerberos identity is acceptable.
  */
 #define KIM_IDENTITY_ANY ((kim_identity) NULL)
-    
+
 /*!
  * \page kim_identity_overview KIM Identity Overview
  *
@@ -46,22 +46,22 @@ extern "C" {
  *
  * Identities in Kerberos are named by "principals".  These identies may be people (users)
  * or services (a server running on a host).  When Kerberos issues credentials which
- * authenticate one identity to another, the identity being authenticated is called 
- * the "client identity" and the identity being authenticated to is called the 
- * "service identity".  
+ * authenticate one identity to another, the identity being authenticated is called
+ * the "client identity" and the identity being authenticated to is called the
+ * "service identity".
  *
- * Kerberos identities are made up of one or more components, as well as the Kerberos realm 
- * the entity belongs to.  For client identities the first component is usually the client 
- * username (eg: "jdoe").  For service identities the first component is the name of the 
+ * Kerberos identities are made up of one or more components, as well as the Kerberos realm
+ * the entity belongs to.  For client identities the first component is usually the client
+ * username (eg: "jdoe").  For service identities the first component is the name of the
  * service (eg: "imap").
  *
- * Kerberos identities have both a binary (opaque) representation and also a string 
+ * Kerberos identities have both a binary (opaque) representation and also a string
  * representation.  The string representation consists of the components separated by '/'
  * followed by an '@' and then the realm.  For example, the identity "jdoe/admin@EXAMPLE.COM"
- * represents John Doe's administrator identity at the realm EXAMPLE.COM.  Note that 
+ * represents John Doe's administrator identity at the realm EXAMPLE.COM.  Note that
  * identity components may contain both '/' and '@' characters.  When building a
- * identity from its string representation these syntactic characters must be escaped 
- * with '\'. 
+ * identity from its string representation these syntactic characters must be escaped
+ * with '\'.
  *
  *
  * \section kim_identity_create_display Creating and Displaying Identities
@@ -70,7 +70,7 @@ extern "C" {
  * or from a krb5_principal.  Once you have a KIM identity object, you can also get
  * the component, string or krb5_principal representations back out:
  *
- * \li #kim_identity_create_from_components() creates an identity object from a list of components.  
+ * \li #kim_identity_create_from_components() creates an identity object from a list of components.
  * \li #kim_identity_get_number_of_components() returns the number of components in an identity object.
  * \li #kim_identity_get_component_at_index() return a component of an identity object.
  * \li #kim_identity_get_realm() returns the identity's realm.
@@ -88,15 +88,15 @@ extern "C" {
  *
  * \section kim_identity_selection Choosing a Client Identity
  *
- * Unfortunately most of the time applications don't know what client identity to use.  
- * Users may have identities for multiple Kerberos realms, as well as multiple identities 
+ * Unfortunately most of the time applications don't know what client identity to use.
+ * Users may have identities for multiple Kerberos realms, as well as multiple identities
  * in a single realm (such as a user and administrator identity).
  *
  * To solve this problem, #kim_selection_hints_get_identity() takes information
  * from the application in the form of a selection hints object and returns the best
  * matching client identity, if one is available.  See \ref kim_selection_hints_overview
  * for more information.
- * 
+ *
  *
  * \section kim_identity_password Changing a Identity's Password
  *
@@ -105,12 +105,12 @@ extern "C" {
  * change the identity's password directly, and also handles changing the identity's
  * password when it has expired.
  *
- * #kim_identity_change_password() presents a user interface to obtain the old and 
- * new passwords from the user.   
+ * #kim_identity_change_password() presents a user interface to obtain the old and
+ * new passwords from the user.
  *
- * \note Not all identities have a password. Some sites use certificates (pkinit) 
+ * \note Not all identities have a password. Some sites use certificates (pkinit)
  * and in the future there may be other authentication mechanisms (eg: smart cards).
- * 
+ *
  * See \ref kim_identity_reference for information on specific APIs.
  */
 
@@ -121,7 +121,7 @@ extern "C" {
 
 /*!
  * \param out_identity  on exit, a new identity object. Must be freed with kim_identity_free().
- * \param in_string     a string representation of a Kerberos identity.  
+ * \param in_string     a string representation of a Kerberos identity.
  *                      Special characters such as '/' and '@' must be escaped with '\'.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Create a identity from a string.
@@ -131,26 +131,26 @@ kim_error kim_identity_create_from_string (kim_identity *out_identity,
 
 /*!
  * \param out_identity     on exit, a new identity object.  Must be freed with kim_identity_free().
- * \param in_realm         a string representation of a Kerberos realm. 
+ * \param in_realm         a string representation of a Kerberos realm.
  * \param in_1st_component a string representing the first component of the identity.
- * \param ...              zero or more strings of type kim_string_t representing additional components  
- *                         of the identity followed by a terminating NULL.  Components will be assembled in  
- *                         order (ie: the 4th argument to kim_identity_create_from_components() will be  
+ * \param ...              zero or more strings of type kim_string_t representing additional components
+ *                         of the identity followed by a terminating NULL.  Components will be assembled in
+ *                         order (ie: the 4th argument to kim_identity_create_from_components() will be
  *                         the 2nd component of the identity).
  * \note The last argument must be a NULL or kim_identity_create_from_components() may crash.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Create a identity from a realm and component strings.
  */
 kim_error kim_identity_create_from_components (kim_identity *out_identity,
-                                                 kim_string    in_realm, 
+                                                 kim_string    in_realm,
                                                  kim_string    in_1st_component,
                                                  ...);
 
 /*!
- * \param out_identity      on exit, a new identity object which is a copy of \a in_krb5_principal.  
+ * \param out_identity      on exit, a new identity object which is a copy of \a in_krb5_principal.
  *                          Must be freed with kim_identity_free().
  * \param in_krb5_context   the krb5 context used to create \a in_krb5_principal.
- * \param in_krb5_principal a krb5 principal object. 
+ * \param in_krb5_principal a krb5 principal object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Create an identity object from a krb5_principal.
  */
@@ -159,9 +159,9 @@ kim_error kim_identity_create_from_krb5_principal (kim_identity *out_identity,
                                                      krb5_principal  in_krb5_principal);
 
 /*!
- * \param out_identity  on exit, a new identity object which is a copy of \a in_identity.  
+ * \param out_identity  on exit, a new identity object which is a copy of \a in_identity.
  *                      Must be freed with kim_identity_free().
- * \param in_identity  an identity object. 
+ * \param in_identity  an identity object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Copy an identity object.
  */
@@ -172,7 +172,7 @@ kim_error kim_identity_copy (kim_identity *out_identity,
 /*!
  * \param in_identity             an identity object.
  * \param in_compare_to_identity  an identity object.
- * \param out_comparison          on exit, a comparison of \a in_identity and 
+ * \param out_comparison          on exit, a comparison of \a in_identity and
  *                                \a in_compare_to_identity which determines whether
  *                                or not the two identities are equivalent and their
  *                                sort order (for display to the user) if they are not.
@@ -183,8 +183,8 @@ kim_error kim_identity_compare (kim_identity    in_identity,
                                   kim_identity    in_compare_to_identity,
                                   kim_comparison *out_comparison);
 /*!
- * \param in_identity  an identity object. 
- * \param out_string   on exit, a string representation of \a in_identity.  
+ * \param in_identity  an identity object.
+ * \param out_string   on exit, a string representation of \a in_identity.
  *                     Must be freed with kim_string_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the string representation of a identity.
@@ -195,7 +195,7 @@ kim_error kim_identity_get_string (kim_identity   in_identity,
 
 
 /*!
- * \param in_identity        an identity object. 
+ * \param in_identity        an identity object.
  * \param out_display_string on exit, a string representation of \a in_identity appropriate for
  *                           display to the user.  Must be freed with kim_string_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -209,7 +209,7 @@ kim_error kim_identity_get_display_string (kim_identity   in_identity,
                                              kim_string    *out_display_string);
 
 /*!
- * \param in_identity     an identity object. 
+ * \param in_identity     an identity object.
  * \param out_realm_string on exit, a string representation of \a in_identity's realm.
  *                         Must be freed with kim_string_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -219,7 +219,7 @@ kim_error kim_identity_get_realm (kim_identity  in_identity,
                                     kim_string   *out_realm_string);
 
 /*!
- * \param in_identity             an identity object. 
+ * \param in_identity             an identity object.
  * \param out_number_of_components on exit the number of components in \a in_identity.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the number of components of an identity.
@@ -230,7 +230,7 @@ kim_error kim_identity_get_number_of_components (kim_identity  in_identity,
 /*!
  * \param in_identity          an identity object.
  * \param in_index             the index of the desired component.  Component indexes start at 0.
- * \param out_component_string on exit, a string representation of the component in \a in_identity 
+ * \param out_component_string on exit, a string representation of the component in \a in_identity
  *                             specified by \a in_index.  Must be freed with kim_string_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the Nth component of an identity.
@@ -241,19 +241,19 @@ kim_error kim_identity_get_component_at_index (kim_identity  in_identity,
 
 /*!
  * \param in_identity      an identity object.
- * \param out_components   on exit, a string of the non-realm components of \a in_identity 
+ * \param out_components   on exit, a string of the non-realm components of \a in_identity
  *                         separated by '/' characters.  Must be freed with kim_string_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get a display string of the non-realm components of an identity.
  */
 kim_error kim_identity_get_components_string (kim_identity  in_identity,
                                               kim_string   *out_components);
-    
+
 /*!
  * \param in_identity        an identity object.
- * \param in_krb5_context    a krb5 context object.  
+ * \param in_krb5_context    a krb5 context object.
  * \param out_krb5_principal on exit, a krb5_principal representation of \a in_identity
- *                           allocated with \a in_krb5_context. Must be freed with 
+ *                           allocated with \a in_krb5_context. Must be freed with
  *                           krb5_free_principal() using \a in_krb5_context.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the krb5_principal representation of an identity.
@@ -266,8 +266,8 @@ kim_error kim_identity_get_krb5_principal (kim_identity  in_identity,
  * \param in_identity  an identity object whose password will be changed.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Change the password for an identity.
- * \note kim_identity_change_password() will acquire a temporary credential to change 
- * the password.    
+ * \note kim_identity_change_password() will acquire a temporary credential to change
+ * the password.
  */
 kim_error kim_identity_change_password (kim_identity  in_identity);
 
diff --git a/src/include/kim/kim_library.h b/src/include/kim/kim_library.h
index 681f58e79..fe351f7fc 100644
--- a/src/include/kim/kim_library.h
+++ b/src/include/kim/kim_library.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/include/kim/kim_options.h b/src/include/kim/kim_options.h
index d36aa0c02..85facfbbc 100644
--- a/src/include/kim/kim_options.h
+++ b/src/include/kim/kim_options.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -28,9 +28,9 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
-    
+
 #include <kim/kim_types.h>
-    
+
 /*!
  * \addtogroup kim_types_reference
  * @{
@@ -56,39 +56,39 @@ extern "C" {
  * Kerberos Identity Management Options (kim_options_t) allows you to control how
  * the Kerberos library obtains credentials.  When the options structure is initialized with
  * #kim_options_create(), each option is filled in with a default value which can then be modified
- * with the kim_options_set_*() APIs.  If you only want to use the default values, you may pass 
+ * with the kim_options_set_*() APIs.  If you only want to use the default values, you may pass
  * #KIM_OPTIONS_DEFAULT into any KIM function that takes a kim_options_t.
- * 
- * KIM options fall into two major categories: options for controlling how credentials are 
+ *
+ * KIM options fall into two major categories: options for controlling how credentials are
  * acquired and options for controlling what properties the newly acquired credentials will have:
  *
  * \section kim_options_credential_properties Options for Controlling Credential Properties
  *
  * Kerberos credentials have a number of different properties which can be requested
- * when credentials are acquired.  These properties control when and for how long the 
- * credentials are valid and what you can do with them.  
- 
- * Note that setting these properties in the KIM options only changes what the Kerberos 
- * libraries \em request from the KDC.  The KDC itself may choose not to honor your 
- * requested properties if they violate the site security policy.  For example, most sites 
- * place an upper bound on how long credentials may be valid.  If you request a credential 
- * lifetime longer than this upper bound, the KDC may return credentials with a shorter 
+ * when credentials are acquired.  These properties control when and for how long the
+ * credentials are valid and what you can do with them.
+
+ * Note that setting these properties in the KIM options only changes what the Kerberos
+ * libraries \em request from the KDC.  The KDC itself may choose not to honor your
+ * requested properties if they violate the site security policy.  For example, most sites
+ * place an upper bound on how long credentials may be valid.  If you request a credential
+ * lifetime longer than this upper bound, the KDC may return credentials with a shorter
  * lifetime than you requested.
  *
  * \subsection kim_options_lifetimes Credential Lifetime
  *
- * Kerberos credentials have start time and a lifetime during which they are valid.  
- * Once the lifetime has passed, credentials "expire" and can no longer be used.  
+ * Kerberos credentials have start time and a lifetime during which they are valid.
+ * Once the lifetime has passed, credentials "expire" and can no longer be used.
  *
- * The requested credential start time can be set with #kim_options_set_start_time() 
+ * The requested credential start time can be set with #kim_options_set_start_time()
  * and examined with #kim_options_get_start_time().  The requested credential
  * lifetime can be set with #kim_options_set_lifetime() and examined with
  * #kim_options_get_lifetime().
- * 
+ *
  * \subsection kim_options_renewable Renewable Credentials
  *
  * Credentials with very long lifetimes are more convenient since the user does not
- * have authenticate as often.  Unfortunately they are also a higher security 
+ * have authenticate as often.  Unfortunately they are also a higher security
  * risk: if credentials are stolen they can be used until they expire.
  * Credential renewal exists to compromise between these two conflicting goals.
  *
@@ -101,45 +101,45 @@ extern "C" {
  * the end of the renewal lifetime, their lifetime will be capped to the end of the
  * renewal lifetime.
  *
- * Note that credentials must be valid to be renewed and therefore may not be 
+ * Note that credentials must be valid to be renewed and therefore may not be
  * an appropriate solution for all use cases.  Sites which use renewable
- * credentials often create helper processes running as the user which will 
+ * credentials often create helper processes running as the user which will
  * automatically renew the user's credentials when they get close to expiration.
- * 
+ *
  * Use #kim_options_set_renewable() to change whether or not the Kerberos libraries
- * request renewable credentials and #kim_options_get_renewable() to find out the 
+ * request renewable credentials and #kim_options_get_renewable() to find out the
  * current setting.  Use #kim_options_set_renewal_lifetime() to change the requested
- * renewal lifetime and #kim_options_get_renewal_lifetime() to find out the current 
+ * renewal lifetime and #kim_options_get_renewal_lifetime() to find out the current
  * value.
  *
  * \subsection kim_options_addressless Addressless Credentials
  *
- * Traditionally Kerberos used the host's IP address as a mechanism to restrict 
- * the user's credentials to a specific host, thus making it harder to use stolen 
+ * Traditionally Kerberos used the host's IP address as a mechanism to restrict
+ * the user's credentials to a specific host, thus making it harder to use stolen
  * credentials.  When authenticating to a remote service with credentials containing
- * addresses, the remote service verifies that the client's IP address is one of the 
- * addresses listed in the credential.  Unfortunately, modern network technologies 
- * such as NAT rewrite the IP address in transit, making it difficult to use 
- * credentials with addresses in them.  As a result, most Kerberos sites now obtain 
- * addressless credentials. 
+ * addresses, the remote service verifies that the client's IP address is one of the
+ * addresses listed in the credential.  Unfortunately, modern network technologies
+ * such as NAT rewrite the IP address in transit, making it difficult to use
+ * credentials with addresses in them.  As a result, most Kerberos sites now obtain
+ * addressless credentials.
  *
  * Use #kim_options_set_addressless() to change whether or not the Kerberos libraries
- * request addressless credentials.  Use #kim_options_get_addressless() to find out the 
+ * request addressless credentials.  Use #kim_options_get_addressless() to find out the
  * current setting.
  *
  * \subsection kim_options_forwardable Forwardable Credentials
  *
- * Forwardable credentials are TGT credentials which can be forwarded to a service 
- * you have authenticated to.  If the credentials contain IP addresses, the addresses 
- * are changed to reflect the service's IP address.  Credential forwarding is most 
- * commonly used for Kerberos-authenticated remote login services.  By forwarding 
- * TGT credentials through the remote login service, the user's credentials will 
- * appear on the remote host when the user logs in.  
+ * Forwardable credentials are TGT credentials which can be forwarded to a service
+ * you have authenticated to.  If the credentials contain IP addresses, the addresses
+ * are changed to reflect the service's IP address.  Credential forwarding is most
+ * commonly used for Kerberos-authenticated remote login services.  By forwarding
+ * TGT credentials through the remote login service, the user's credentials will
+ * appear on the remote host when the user logs in.
  *
  * The forwardable flag only applies to TGT credentials.
  *
  * Use #kim_options_set_forwardable() to change whether or not the Kerberos libraries
- * request forwardable credentials.  Use #kim_options_get_forwardable() to find out the 
+ * request forwardable credentials.  Use #kim_options_get_forwardable() to find out the
  * current setting.
  *
  * \subsection kim_options_proxiable Proxiable Credentials
@@ -147,29 +147,29 @@ extern "C" {
  * Proxiable credentials are similar to forwardable credentials except that instead of
  * forwarding the a TGT credential itself, a service credential is forwarded
  * instead.  Using proxiable credentials, a user can permit a service to perform
- * a specific task as the user using one of the user's service credentials.  
+ * a specific task as the user using one of the user's service credentials.
  *
  * Like forwardability, the proxiable flag only applies to TGT credentials.  Unlike
- * forwarded credentials, the IP address of proxiable credentials are not modified for  
+ * forwarded credentials, the IP address of proxiable credentials are not modified for
  * the service when being proxied.  This can be solved by also requesting addressless
  * credentials.
  *
  * Use #kim_options_set_proxiable() to change whether or not the Kerberos libraries
- * request proxiable credentials.  Use #kim_options_get_proxiable() to find out the 
+ * request proxiable credentials.  Use #kim_options_get_proxiable() to find out the
  * current setting.
  *
  * \subsection kim_options_service_name Service Name
  *
- * Normally users acquire TGT credentials (ie "ticket granting tickets") and then 
- * use those credentials to acquire service credentials.  This allows Kerberos to 
- * provide single sign-on while still providing mutual authentication to services.  
- * However, sometimes you just want an initial credential for a service.  KIM 
- * options allows you to set the service name with 
- * #kim_options_set_service_name() and query it with 
+ * Normally users acquire TGT credentials (ie "ticket granting tickets") and then
+ * use those credentials to acquire service credentials.  This allows Kerberos to
+ * provide single sign-on while still providing mutual authentication to services.
+ * However, sometimes you just want an initial credential for a service.  KIM
+ * options allows you to set the service name with
+ * #kim_options_set_service_name() and query it with
  * #kim_options_get_service_name().
  *
  * See \ref kim_options_reference for information on specific APIs.
- */ 
+ */
 
 /*!
  * \defgroup kim_options_reference KIM Options Reference Documentation
@@ -184,10 +184,10 @@ extern "C" {
 kim_error kim_options_create (kim_options *out_options);
 
 /*!
- * \param out_options on exit, a new options object which is a copy of \a in_options.  
+ * \param out_options on exit, a new options object which is a copy of \a in_options.
  *                    Must be freed with kim_options_free().  If passed KIM_OPTIONS_DEFAULT
  *                    will set \a out_options to KIM_OPTIONS_DEFAULT.
- * \param in_options  a options object. 
+ * \param in_options  a options object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Copy options.
  */
@@ -196,13 +196,13 @@ kim_error kim_options_copy (kim_options *out_options,
 
 /*!
  * \param io_options    an options object to modify.
- * \param in_start_time a start date (in seconds since January 1, 1970).  Set to  
- *                      #KIM_OPTIONS_START_IMMEDIATELY for the acquired credential to be valid 
+ * \param in_start_time a start date (in seconds since January 1, 1970).  Set to
+ *                      #KIM_OPTIONS_START_IMMEDIATELY for the acquired credential to be valid
  *                      immediately.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set the date when a credential should become valid.
- * \note When using a start time in the future, once the start time has been reached the credential 
- *       must be validated before it can be used. 
+ * \note When using a start time in the future, once the start time has been reached the credential
+ *       must be validated before it can be used.
  * \par Default value
  * 0, indicating "now".  The credential will be valid immediately.
  * \sa kim_options_get_start_time(), kim_credential_validate(), kim_ccache_validate(), kim_identity_validate()
@@ -212,12 +212,12 @@ kim_error kim_options_set_start_time (kim_options io_options,
 
 /*!
  * \param in_options     an options object.
- * \param out_start_time on exit, the start date (in seconds since January 1, 1970) specified by 
+ * \param out_start_time on exit, the start date (in seconds since January 1, 1970) specified by
  *                       \a in_options. #KIM_OPTIONS_START_IMMEDIATELY indicates the credential
  *                       will be valid immediately.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the date when a credential should become valid.
- * \note When using a start time in the future, once the start time has been reached the credential 
+ * \note When using a start time in the future, once the start time has been reached the credential
  *       must be validated before it can be used.
  * \par Default value
  * 0, indicating "now".  The credential will be valid immediately.
@@ -258,7 +258,7 @@ kim_error kim_options_get_lifetime (kim_options   in_options,
 
 /*!
  * \param io_options    an options object to modify.
- * \param in_renewable a boolean value indicating whether or not to request a renewable 
+ * \param in_renewable a boolean value indicating whether or not to request a renewable
  *                     credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set whether or not to request a renewable credential.
@@ -271,7 +271,7 @@ kim_error kim_options_set_renewable (kim_options io_options,
 
 /*!
  * \param in_options     an options object.
- * \param out_renewable on exit, a boolean value indicating whether or \a in_options will 
+ * \param out_renewable on exit, a boolean value indicating whether or \a in_options will
  *                      request a renewable credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get whether or not to request a renewable credential.
@@ -299,7 +299,7 @@ kim_error kim_options_set_renewal_lifetime (kim_options  io_options,
 
 /*!
  * \param in_options   an options object.
- * \param out_renewal_lifetime on exit, the renewal lifetime duration (in seconds) specified  
+ * \param out_renewal_lifetime on exit, the renewal lifetime duration (in seconds) specified
  *                             in \a in_options.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the duration during which a valid credential should be renewable.
@@ -315,7 +315,7 @@ kim_error kim_options_get_renewal_lifetime (kim_options   in_options,
 
 /*!
  * \param io_options     an options object to modify.
- * \param in_forwardable a boolean value indicating whether or not to request a forwardable 
+ * \param in_forwardable a boolean value indicating whether or not to request a forwardable
  *                       credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set whether or not to request a forwardable credential.
@@ -328,7 +328,7 @@ kim_error kim_options_set_forwardable (kim_options io_options,
 
 /*!
  * \param in_options      an options object.
- * \param out_forwardable on exit, a boolean value indicating whether or \a in_options will 
+ * \param out_forwardable on exit, a boolean value indicating whether or \a in_options will
  *                        request a forwardable credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get whether or not to request a forwardable credential.
@@ -341,7 +341,7 @@ kim_error kim_options_get_forwardable (kim_options  in_options,
 
 /*!
  * \param io_options   an options object to modify.
- * \param in_proxiable a boolean value indicating whether or not to request a proxiable 
+ * \param in_proxiable a boolean value indicating whether or not to request a proxiable
  *                     credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set whether or not to request a proxiable credential.
@@ -354,7 +354,7 @@ kim_error kim_options_set_proxiable (kim_options io_options,
 
 /*!
  * \param in_options    an options object.
- * \param out_proxiable on exit, a boolean value indicating whether or \a in_options will 
+ * \param out_proxiable on exit, a boolean value indicating whether or \a in_options will
  *                      request a proxiable credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get whether or not to request a proxiable credential.
@@ -367,7 +367,7 @@ kim_error kim_options_get_proxiable (kim_options  in_options,
 
 /*!
  * \param io_options     an options object to modify.
- * \param in_addressless a boolean value indicating whether or not to request an addressless 
+ * \param in_addressless a boolean value indicating whether or not to request an addressless
  *                       credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set whether or not to request an addressless credential.
@@ -380,7 +380,7 @@ kim_error kim_options_set_addressless (kim_options io_options,
 
 /*!
  * \param in_options      an options object.
- * \param out_addressless on exit, a boolean value indicating whether or \a in_options will 
+ * \param out_addressless on exit, a boolean value indicating whether or \a in_options will
  *                        request an addressless credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get whether or not to request an addressless credential.
diff --git a/src/include/kim/kim_preferences.h b/src/include/kim/kim_preferences.h
index d7970ba04..77edde462 100644
--- a/src/include/kim/kim_preferences.h
+++ b/src/include/kim/kim_preferences.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -30,20 +30,20 @@ extern "C" {
 #endif
 
 #include <kim/kim_types.h>
-    
+
 /*!
  * \page kim_preferences_overview KIM Preferences Overview
  *
  * \section kim_preferences_introduction Introduction
  *
  * In addition to the site preferences stored in the Kerberos configuration, users may also
- * want to have their own personal preferences for controlling credential acquisition.  
- * As a result, KIM provides user preferences for initial credential options and 
+ * want to have their own personal preferences for controlling credential acquisition.
+ * As a result, KIM provides user preferences for initial credential options and
  * user interface behavior such as the default client identity and the favorite identities list.
  *
  * \section kim_preferences_edit Viewing and Editing the Preferences
- * 
- * In order to view and edit the user's preferences, call #kim_preferences_create() to acquire a 
+ *
+ * In order to view and edit the user's preferences, call #kim_preferences_create() to acquire a
  * preferences object containing the user's preferences.  You can examine preferences
  * with the functions starting with "kim_preferences_get_" and change preferences with
  * the functions starting with "kim_preferences_set_".  Once you are done making changes,
@@ -56,88 +56,88 @@ extern "C" {
  * \section kim_preferences_options Initial Credential Options Preferences
  *
  * KIM provides user preferences for initial credential options.  These
- * are the options #kim_options_create() will use when creating a new KIM 
+ * are the options #kim_options_create() will use when creating a new KIM
  * options object.  They are also the options specified by KIM_OPTIONS_DEFAULT.
- * You can view and edit the initial credential options using 
- * #kim_preferences_get_options() and #kim_preferences_set_options(). 
+ * You can view and edit the initial credential options using
+ * #kim_preferences_get_options() and #kim_preferences_set_options().
  *
- * \note Not all credential options in the kim_options_t object have corresponding 
+ * \note Not all credential options in the kim_options_t object have corresponding
  * user preferences.  For example, the prompt callback function is not stored
- * in the user preferences since it has no meaning outside of the current 
+ * in the user preferences since it has no meaning outside of the current
  * application.  Some options which are not currently stored in the
- * preferences may be stored there in the future. 
+ * preferences may be stored there in the future.
  *
- * If you are implementing a user interface for credentials acquisition, 
+ * If you are implementing a user interface for credentials acquisition,
  * you should be aware that KIM has a user preference to manage the initial
- * credential options preferences. If the user successfully acquires credentials 
- * with non-default options and #kim_preferences_get_remember_options() is set 
- * to TRUE, you should store the options used to get credentials with 
- * #kim_preferences_set_options().  
+ * credential options preferences. If the user successfully acquires credentials
+ * with non-default options and #kim_preferences_get_remember_options() is set
+ * to TRUE, you should store the options used to get credentials with
+ * #kim_preferences_set_options().
  *
  * \section kim_preferences_client_identity Client Identity Preferences
  *
- * KIM also provides user preferences for the default client identity.   
+ * KIM also provides user preferences for the default client identity.
  * This identity is used whenever KIM needs to display a graphical dialog for
  * credential acquisition but does not know what client identity to use.
- * You can view and edit the default client identity using 
- * #kim_preferences_get_client_identity() and 
- * #kim_preferences_set_client_identity(). 
+ * You can view and edit the default client identity using
+ * #kim_preferences_get_client_identity() and
+ * #kim_preferences_set_client_identity().
  *
- * If you are implementing a user interface for credentials acquisition, 
- * you should be aware that KIM has a user preference to manage 
- * the client identity preferences. If the user successfully acquires credentials 
- * with non-default options and #kim_preferences_get_remember_client_identity() is  
+ * If you are implementing a user interface for credentials acquisition,
+ * you should be aware that KIM has a user preference to manage
+ * the client identity preferences. If the user successfully acquires credentials
+ * with non-default options and #kim_preferences_get_remember_client_identity() is
  * set to TRUE, you should store the client identity for which credentials were
- * acquired using #kim_preferences_set_client_identity(). 
- * 
+ * acquired using #kim_preferences_set_client_identity().
+ *
  * \section kim_preferences_favorite_identities Favorite Identities Preferences
  *
  * As Kerberos becomes more widespread, the number of possible Kerberos
  * identities and realms a user might want to use will become very large.
- * Sites may list hundreds of realms in their Kerberos configuration files. 
+ * Sites may list hundreds of realms in their Kerberos configuration files.
  * In addition, sites may wish to use DNS SRV records to avoid having to list
- * all the realms they use in their Kerberos configuration.  As a result, the 
- * list of realms in the Kerberos configuration may be exceedingly large and/or 
+ * all the realms they use in their Kerberos configuration.  As a result, the
+ * list of realms in the Kerberos configuration may be exceedingly large and/or
  * incomplete.  Users may also use multiple identities from the same realm.
  *
  * On platforms which use a GUI to acquire credentials, the KIM would like
- * to to display a list of identities for the user to select from.  Depending on 
- * what is appropriate for the platform, identities may be displayed in a popup 
- * menu or other list.  
+ * to to display a list of identities for the user to select from.  Depending on
+ * what is appropriate for the platform, identities may be displayed in a popup
+ * menu or other list.
  *
- * To solve this problem, the KIM maintains a list of favorite identities 
- * specifically for identity selection.  This list is a set of unique identities 
- * in alphabetical order (as appropriate for the user's language localization).  
+ * To solve this problem, the KIM maintains a list of favorite identities
+ * specifically for identity selection.  This list is a set of unique identities
+ * in alphabetical order (as appropriate for the user's language localization).
  *
  * Each identity may optionally have its own options for ticket acquisition.
  * This allows KIM UIs to remember what ticket options worked for a specific
  * identity.  For example if the user normally wants renewable tickets but
  * they have one identity at a KDC which rejects requests for renewable tickets,
- * the "not renewable" option can be associated with that identity without 
+ * the "not renewable" option can be associated with that identity without
  * changing the user's default preference to get renewable tickets.  If an
  * identity should use the default options, just pass KIM_OPTIONS_DEFAULT.
  *
  * Most callers will not need to use the favorite identities APIs.  However if you
- * are implementing your own graphical prompt callback or a credential management 
+ * are implementing your own graphical prompt callback or a credential management
  * application, you may to view and/or edit the user's favorite identities.
  *
  * \section kim_favorite_identities_edit Viewing and Editing the Favorite Identities
- * 
+ *
  * First, you need to acquire the Favorite Identities stored in the user's
  * preferences using #kim_preferences_create().
- * 
- * Then use #kim_preferences_get_number_of_favorite_identities() and 
- * #kim_preferences_get_favorite_identity_at_index() to display the identities list.  
- * Use #kim_preferences_add_favorite_identity() and #kim_preferences_remove_favorite_identity() 
+ *
+ * Then use #kim_preferences_get_number_of_favorite_identities() and
+ * #kim_preferences_get_favorite_identity_at_index() to display the identities list.
+ * Use #kim_preferences_add_favorite_identity() and #kim_preferences_remove_favorite_identity()
  * to change which identities are in the identities list.  Identities are always stored in
  * alphabetical order and duplicate identities are not permitted, so when you add or remove a
  * identity you should redisplay the entire list.  If you wish to replace the
  * identities list entirely, use #kim_preferences_remove_all_favorite_identities()
  * to clear the list before adding your identities.
  *
- * Once you are done editing the favorite identities list, store changes in the 
+ * Once you are done editing the favorite identities list, store changes in the
  * user's preference file using #kim_preferences_synchronize().
- * 
+ *
  * See \ref kim_preferences_reference for information on specific APIs.
  */
 
@@ -147,7 +147,7 @@ extern "C" {
  */
 
 /*!
- * \param out_preferences on exit, a new preferences object.  
+ * \param out_preferences on exit, a new preferences object.
  *                        Must be freed with kim_preferences_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Create a new preferences object from the current user's preferences.
@@ -155,9 +155,9 @@ extern "C" {
 kim_error kim_preferences_create (kim_preferences *out_preferences);
 
 /*!
- * \param out_preferences on exit, a new preferences object which is a copy of in_preferences.  
+ * \param out_preferences on exit, a new preferences object which is a copy of in_preferences.
  *                        Must be freed with kim_preferences_free().
- * \param in_preferences  a preferences object. 
+ * \param in_preferences  a preferences object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Copy a preferences object.
  */
@@ -188,7 +188,7 @@ kim_error kim_preferences_get_options (kim_preferences  in_preferences,
 
 /*!
  * \param io_preferences      a preferences object to modify.
- * \param in_remember_options a boolean value indicating whether or not to remember the last 
+ * \param in_remember_options a boolean value indicating whether or not to remember the last
  *                            options used to acquire a credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set whether or not to remember the last options the user used to acquire a credential.
@@ -199,7 +199,7 @@ kim_error kim_preferences_set_remember_options (kim_preferences io_preferences,
 
 /*!
  * \param in_preferences       a preferences object.
- * \param out_remember_options on exit, a boolean value indicating whether or \a in_preferences will 
+ * \param out_remember_options on exit, a boolean value indicating whether or \a in_preferences will
  *                             remember the last options used to acquire a credential.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get whether or not to remember the last options the user used to acquire a credential.
@@ -231,7 +231,7 @@ kim_error kim_preferences_get_client_identity (kim_preferences  in_preferences,
 
 /*!
  * \param io_preferences               a preferences object to modify.
- * \param in_remember_client_identity  a boolean value indicating whether or not to remember the last 
+ * \param in_remember_client_identity  a boolean value indicating whether or not to remember the last
  *                                     client identity for which a credential was acquired.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set whether or not to remember the last client identity the user acquired a credential for.
@@ -242,7 +242,7 @@ kim_error kim_preferences_set_remember_client_identity (kim_preferences io_prefe
 
 /*!
  * \param in_preferences                a preferences object.
- * \param out_remember_client_identity  on exit, a boolean value indicating whether or \a in_preferences will 
+ * \param out_remember_client_identity  on exit, a boolean value indicating whether or \a in_preferences will
  *                                      remember the last client identity for which a credential was acquired.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get whether or not to remember the last client identity the user acquired a credential for.
@@ -264,7 +264,7 @@ kim_error kim_preferences_set_minimum_lifetime (kim_preferences io_preferences,
 
 /*!
  * \param in_preferences        a preferences object.
- * \param out_minimum_lifetime  on exit, the minimum lifetime that GUI tools will 
+ * \param out_minimum_lifetime  on exit, the minimum lifetime that GUI tools will
  *                              allow the user to specify for credentials.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the minimum credential lifetime for GUI credential lifetime controls.
@@ -286,7 +286,7 @@ kim_error kim_preferences_set_maximum_lifetime (kim_preferences io_preferences,
 
 /*!
  * \param in_preferences        a preferences object.
- * \param out_maximum_lifetime  on exit, the maximum lifetime that GUI tools will 
+ * \param out_maximum_lifetime  on exit, the maximum lifetime that GUI tools will
  *                              allow the user to specify for credentials.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the maximum credential lifetime for GUI credential lifetime controls.
@@ -298,7 +298,7 @@ kim_error kim_preferences_get_maximum_lifetime (kim_preferences  in_preferences,
 /*!
  * \param io_preferences               a preferences object to modify.
  * \param in_minimum_renewal_lifetime  a minimum lifetime indicating how small a lifetime the
- *                                     GUI tools should allow the user to specify for 
+ *                                     GUI tools should allow the user to specify for
  *                                     credential renewal.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set the minimum credential renewal lifetime for GUI credential lifetime controls.
@@ -309,7 +309,7 @@ kim_error kim_preferences_set_minimum_renewal_lifetime (kim_preferences io_prefe
 
 /*!
  * \param in_preferences                a preferences object.
- * \param out_minimum_renewal_lifetime  on exit, the minimum lifetime that GUI tools will 
+ * \param out_minimum_renewal_lifetime  on exit, the minimum lifetime that GUI tools will
  *                                      allow the user to specify for credential renewal.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the minimum credential renewal lifetime for GUI credential lifetime controls.
@@ -321,7 +321,7 @@ kim_error kim_preferences_get_minimum_renewal_lifetime (kim_preferences  in_pref
 /*!
  * \param io_preferences               a preferences object to modify.
  * \param in_maximum_renewal_lifetime  a maximum lifetime indicating how large a lifetime the
- *                                     GUI tools should allow the user to specify for 
+ *                                     GUI tools should allow the user to specify for
  *                                     credential renewal.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set the maximum credential renewal lifetime for GUI credential lifetime controls.
@@ -332,7 +332,7 @@ kim_error kim_preferences_set_maximum_renewal_lifetime (kim_preferences io_prefe
 
 /*!
  * \param in_preferences                a preferences object.
- * \param out_maximum_renewal_lifetime  on exit, the maximum lifetime that GUI tools will 
+ * \param out_maximum_renewal_lifetime  on exit, the maximum lifetime that GUI tools will
  *                                      allow the user to specify for credential renewal.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Get the maximum credential renewal lifetime for GUI credential lifetime controls.
@@ -355,7 +355,7 @@ kim_error kim_preferences_get_number_of_favorite_identities (kim_preferences  in
  * \param in_index           a index into the identities list (starting at 0).
  * \param out_identity       on exit, the identity at \a in_index in \a in_preferences.
  *                           Must be freed with kim_string_free().
- * \param out_options        on exit, the options associated with identity at \a in_index 
+ * \param out_options        on exit, the options associated with identity at \a in_index
  *                           in \a in_favorite_identities.  May be KIM_OPTIONS_DEFAULT.
  *                           Pass NULL if you do not want the options associated with the identity.
  *                           Must be freed with kim_options_free().
diff --git a/src/include/kim/kim_selection_hints.h b/src/include/kim/kim_selection_hints.h
index 1abbd0211..20af083a9 100644
--- a/src/include/kim/kim_selection_hints.h
+++ b/src/include/kim/kim_selection_hints.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -30,63 +30,63 @@ extern "C" {
 #endif
 
 #include <kim/kim_types.h>
-    
+
 /*!
  * \page kim_selection_hints_overview KIM Selection Hints Overview
  *
  * \section kim_selection_hints_introduction Introduction
  *
  * Most users belong to multiple organizations and thus need
- * to authenticate to multiple Kerberos realms.  Traditionally Kerberos sites 
- * solved this problem by setting up a cross-realm relationship, which allowed 
- * the user to use TGT credentials for their client identity in one realm 
- * to obtain credentials in another realm via cross-realm authentication.  As a 
- * result users could acquire credentials for a single client identity and use 
+ * to authenticate to multiple Kerberos realms.  Traditionally Kerberos sites
+ * solved this problem by setting up a cross-realm relationship, which allowed
+ * the user to use TGT credentials for their client identity in one realm
+ * to obtain credentials in another realm via cross-realm authentication.  As a
+ * result users could acquire credentials for a single client identity and use
  * them everywhere.
  *
- * Setting up cross-realm requires that realms share a secret, so sites must 
- * coordinate with one another to set up a cross-realm relationship.  In 
- * addition, sites must set up authorization policies for users from other  
- * realms.  As Kerberos becomes increasingly wide-spread, many realms will 
- * not have cross-realm relationships, and users will need to   
+ * Setting up cross-realm requires that realms share a secret, so sites must
+ * coordinate with one another to set up a cross-realm relationship.  In
+ * addition, sites must set up authorization policies for users from other
+ * realms.  As Kerberos becomes increasingly wide-spread, many realms will
+ * not have cross-realm relationships, and users will need to
  * manually obtain credentials for their client identity at each realm
- * (eg: "user@BANK.COM", "user@UNIVERSITY.EDU", etc).  As a result, users 
+ * (eg: "user@BANK.COM", "user@UNIVERSITY.EDU", etc).  As a result, users
  * will often have multiple credentials caches, one for each client identity.
  *
  * Unfortunately this presents a problem for applications which need to obtain
- * service credentials.  Which client identity should they use?  
+ * service credentials.  Which client identity should they use?
  * Rather than having each application to manually search the cache collection,
- * KIM provides a selection hints API for choosing the best client identity.  
- * This API is intended to simplify the process of choosing credentials 
+ * KIM provides a selection hints API for choosing the best client identity.
+ * This API is intended to simplify the process of choosing credentials
  * and provide consistent behavior across all applications.
  *
  * Searching the cache collection for credentials may be expensive if there
- * are a large number of caches.  If credentials for the client identity 
+ * are a large number of caches.  If credentials for the client identity
  * are expired or not present, KIM may also wish to prompt the user for
- * new credentials for the appropriate client identity.  As a result, 
+ * new credentials for the appropriate client identity.  As a result,
  * applications might want to remember which client identity worked in
- * the past and always request credentials using that identity.  
- * 
+ * the past and always request credentials using that identity.
+ *
  *
  * \section kim_selection_hints_creating Creating KIM Selection Hints
- * 
- * A KIM selection hints object consists of an application identifier and one or 
- * more pieces of information about the service the client application will be 
- * contacting.  The application identifier is used by user preferences 
+ *
+ * A KIM selection hints object consists of an application identifier and one or
+ * more pieces of information about the service the client application will be
+ * contacting.  The application identifier is used by user preferences
  * to control how applications share cache entries.  It is important to be
- * consistent about what application identifier you provide.  Java-style  
+ * consistent about what application identifier you provide.  Java-style
  * identifiers are recommended to avoid collisions.
  *
  * \section kim_selection_hints_searching Selection Hint Search Behavior
  *
- * When using selection hints to search for an appropriate client identity, 
- * KIM uses a consistent hint search order.  This allows applications to specify 
- * potentially contradictory information without preventing KIM from locating a 
- * single ccache.  In addition the selection hint search order may change, 
- * especially if more hints are added.  
+ * When using selection hints to search for an appropriate client identity,
+ * KIM uses a consistent hint search order.  This allows applications to specify
+ * potentially contradictory information without preventing KIM from locating a
+ * single ccache.  In addition the selection hint search order may change,
+ * especially if more hints are added.
  *
- * As a result, callers are encouraged to provide all relevant search hints, 
- * even if only a subset of those search hints are necessary to get reasonable 
+ * As a result, callers are encouraged to provide all relevant search hints,
+ * even if only a subset of those search hints are necessary to get reasonable
  * behavior in the current implementation.  Doing so will provide the most
  * user-friendly selection experience.
  *
@@ -99,14 +99,14 @@ extern "C" {
  * \li <B>Client Realm</B> A client identity in this realm.
  * \li <B>User</B> A client identity whose first component is this user string.
  *
- * For example, if you specify a service identity and a credential for 
- * that identity already exists in the ccache collection, KIM may use that 
- * ccache, even if your user and client realm entries in the selection hints would  
+ * For example, if you specify a service identity and a credential for
+ * that identity already exists in the ccache collection, KIM may use that
+ * ccache, even if your user and client realm entries in the selection hints would
  * lead it to choose a different ccache.  If no credentials for the service identity
  * exist then KIM will fall back on the user and realm hints.
  *
- * \note Due to performance and information exposure concerns, currently all 
- * searching is done by examining the cache collection.  In the future the KIM 
+ * \note Due to performance and information exposure concerns, currently all
+ * searching is done by examining the cache collection.  In the future the KIM
  * may also make network requests as part of its search algorithm.  For example
  * it might check to see if the TGT credentials in each ccache can obtain
  * credentials for the service identity specified by the selection hints.
@@ -114,56 +114,56 @@ extern "C" {
  * \section kim_selection_hints_selecting Selecting an Identity Using Selection Hints
  *
  * Once you have provided search criteria for selecting an identity, use
- * #kim_selection_hints_get_identity() to obtain an identity object.  
+ * #kim_selection_hints_get_identity() to obtain an identity object.
  * You can then use #kim_identity_get_string() to obtain a krb5 principal
- * string for use with gss_import_name() and gss_acquire_cred().  Alternatively, 
- * you can use #kim_ccache_create_from_client_identity() to obtain a ccache  
+ * string for use with gss_import_name() and gss_acquire_cred().  Alternatively,
+ * you can use #kim_ccache_create_from_client_identity() to obtain a ccache
  * containing credentials for the identity.
  *
  * \note #kim_selection_hints_get_identity() obtains an identity based on
- * the current state of the selection hints object.  If you change the 
+ * the current state of the selection hints object.  If you change the
  * selection hints object you must call #kim_selection_hints_get_identity()
  * again.
  *
  * \section kim_selection_hints_caching Selection Hint Caching Behavior
- * 
+ *
  * In addition to using selection hints to search for an appropriate client
- * identity, KIM can also use them to remember which client identity worked.  
+ * identity, KIM can also use them to remember which client identity worked.
  * KIM maintains a per-user cache mapping selection hints to identities so
- * that applications do not have to maintain their own caches or present 
+ * that applications do not have to maintain their own caches or present
  * user interface for selecting which cache to use.
  *
  * When #kim_selection_hints_get_identity() is called KIM looks up in the
- * cache and returns the identity which the selection hints map to.  If 
- * there is not a preexisting cache entry for the selection hints then 
+ * cache and returns the identity which the selection hints map to.  If
+ * there is not a preexisting cache entry for the selection hints then
  * #kim_selection_hints_get_identity() will search for an identity and
- * prompt the user if it cannot find an appropriate one. 
- * 
- * If the client identity returned by KIM authenticates and passes 
+ * prompt the user if it cannot find an appropriate one.
+ *
+ * If the client identity returned by KIM authenticates and passes
  * authorization checks, you should tell KIM to cache the identity by calling
  * #kim_selection_hints_remember_identity().  This will create a cache entry
- * for the mapping between your selection hints and the identity so that 
- * subsequent calls to #kim_selection_hints_get_identity() do not need to 
- * prompt the user. 
+ * for the mapping between your selection hints and the identity so that
+ * subsequent calls to #kim_selection_hints_get_identity() do not need to
+ * prompt the user.
  *
  * If the client identity returned by KIM fails to authenticate or fails
- * authorization checks, you must call #kim_selection_hints_forget_identity() 
+ * authorization checks, you must call #kim_selection_hints_forget_identity()
  * to remove any mapping that already exists.  After this function is called,
- * future calls to #kim_selection_hints_get_identity() will search for an 
- * identity again.  You may also wish to call this function if the user 
- * changes your application preferences such that the identity might be 
+ * future calls to #kim_selection_hints_get_identity() will search for an
+ * identity again.  You may also wish to call this function if the user
+ * changes your application preferences such that the identity might be
  * invalidated.
- * 
+ *
  * \note It is very important that you call #kim_selection_hints_forget_identity()
  * if your application fails to successfully establish a connection with the
- * server. Otherwise the user can get "stuck" using the same non-working 
- * identity if they chose the wrong one accidentally or if their identity 
- * information changes.  Because only your application understands the 
+ * server. Otherwise the user can get "stuck" using the same non-working
+ * identity if they chose the wrong one accidentally or if their identity
+ * information changes.  Because only your application understands the
  * authorization checksof the protocol it uses, KIM cannot tell whether or not
  * the identity worked.
- * 
+ *
  * If you wish to search and prompt for an identity without using
- * the cached mappings, you can turn off the cached mapping lookups using 
+ * the cached mappings, you can turn off the cached mapping lookups using
  * #kim_selection_hints_set_remember_identity().  This is not recommended
  * for most applications since it will result in a lot of unnecessary
  * searching and prompting for identities.
@@ -173,40 +173,40 @@ extern "C" {
  * service.  Otherwise KIM will not always find the cache entries.
  *
  * \section kim_selection_hints_prompt Selection Hint Prompting Behavior
- * 
+ *
  * If valid credentials for identity in the selection hints cache are
  * unavailable or if no identity could be found using searching or caching
- * when #kim_selection_hints_get_identity() is called, KIM may present a 
- * GUI to ask the user to select an identity or acquire credentials for 
- * an identity.  
- *
- * \note Because of the caching behavior described above the user will 
- * only be prompted to choose an identity when setting up the application 
- * or when their identity stops working. 
- *
- * In order to let the user know why Kerberos needs their assistance, KIM  
- * displays the name of the application which requested the identity   
- * selection. Unfortunately, some platforms do not provide a runtime 
- * mechanism for determining the name of the calling process.  If your 
- * application runs on one of these platforms (or is cross-platform) 
- * you should provide a localized version of its name with 
+ * when #kim_selection_hints_get_identity() is called, KIM may present a
+ * GUI to ask the user to select an identity or acquire credentials for
+ * an identity.
+ *
+ * \note Because of the caching behavior described above the user will
+ * only be prompted to choose an identity when setting up the application
+ * or when their identity stops working.
+ *
+ * In order to let the user know why Kerberos needs their assistance, KIM
+ * displays the name of the application which requested the identity
+ * selection. Unfortunately, some platforms do not provide a runtime
+ * mechanism for determining the name of the calling process.  If your
+ * application runs on one of these platforms (or is cross-platform)
+ * you should provide a localized version of its name with
  * the private function #kim_library_set_application_name().
  *
- * In many cases a single application may select different identities for 
- * different purposes.  For example an email application might use different 
- * identities to check mail for different accounts.  If your application 
- * has this property you may need to provide the user with a localized 
- * string describing how the identity will be used.  You can specify 
- * this string with #kim_selection_hints_get_explanation().  You can find 
+ * In many cases a single application may select different identities for
+ * different purposes.  For example an email application might use different
+ * identities to check mail for different accounts.  If your application
+ * has this property you may need to provide the user with a localized
+ * string describing how the identity will be used.  You can specify
+ * this string with #kim_selection_hints_get_explanation().  You can find
  * out what string will be used with kim_selection_hints_set_explanation().
  *
  * Since the user may choose to acquire credentials when selection an
- * identity, KIM also provides #kim_selection_hints_set_options() to 
- * set what credential acquisition options are used.  
- * #kim_selection_hints_get_options() returns the options which will be used. 
+ * identity, KIM also provides #kim_selection_hints_set_options() to
+ * set what credential acquisition options are used.
+ * #kim_selection_hints_get_options() returns the options which will be used.
  *
- * If you need to disable user interaction, use 
- * #kim_selection_hints_set_allow_user_interaction().  Use 
+ * If you need to disable user interaction, use
+ * #kim_selection_hints_set_allow_user_interaction().  Use
  * #kim_selection_hints_get_allow_user_interaction() to find out whether or
  * not user interaction is enabled.  User interaction is enabled by default.
  *
@@ -218,11 +218,11 @@ extern "C" {
  * @{
  */
 
-/*! A client identity in this realm. 
+/*! A client identity in this realm.
  * See \ref kim_selection_hints_overview for more information */
 #define kim_hint_key_client_realm     "kim_hint_key_client_realm"
 
-/*! A client identity whose first component is this user string. 
+/*! A client identity whose first component is this user string.
  * See \ref kim_selection_hints_overview for more information */
 #define kim_hint_key_user             "kim_hint_key_user"
 
@@ -230,7 +230,7 @@ extern "C" {
  * See \ref kim_selection_hints_overview for more information */
 #define kim_hint_key_service_realm    "kim_hint_key_service_realm"
 
-/*! A client identity which has obtained a service credential for this service. 
+/*! A client identity which has obtained a service credential for this service.
  * See \ref kim_selection_hints_overview for more information */
 #define kim_hint_key_service          "kim_hint_key_service"
 
@@ -238,14 +238,14 @@ extern "C" {
  * See \ref kim_selection_hints_overview for more information */
 #define kim_hint_key_server           "kim_hint_key_server"
 
-/*! The client identity which has obtained a service credential for this service identity. 
+/*! The client identity which has obtained a service credential for this service identity.
  * See \ref kim_selection_hints_overview for more information */
 #define kim_hint_key_service_identity "kim_hint_key_service_identity"
-    
+
 /*!
- * \param out_selection_hints       on exit, a new selection hints object.  
+ * \param out_selection_hints       on exit, a new selection hints object.
  *                                  Must be freed with kim_selection_hints_free().
- * \param in_application_identifier an application identifier string.  Java-style identifiers are recommended 
+ * \param in_application_identifier an application identifier string.  Java-style identifiers are recommended
  *                                  to avoid cache entry collisions (eg: "com.example.MyApplication")
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Create a new selection hints object.
@@ -254,9 +254,9 @@ kim_error kim_selection_hints_create (kim_selection_hints *out_selection_hints,
                                         kim_string           in_application_identifier);
 
 /*!
- * \param out_selection_hints on exit, a new selection hints object which is a copy of in_selection_hints.  
+ * \param out_selection_hints on exit, a new selection hints object which is a copy of in_selection_hints.
  *                            Must be freed with kim_selection_hints_free().
- * \param in_selection_hints  a selection hints object. 
+ * \param in_selection_hints  a selection hints object.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Copy a selection hints object.
  */
@@ -278,9 +278,9 @@ kim_error kim_selection_hints_set_hint (kim_selection_hints io_selection_hints,
 
 /*!
  * \param in_selection_hints    a selection hints object.
- * \param in_hint_key           A string representing the type of hint to 
+ * \param in_hint_key           A string representing the type of hint to
  *                              obtain.
- * \param out_hint_string       On exit, a string representation of the hint 
+ * \param out_hint_string       On exit, a string representation of the hint
  *                              \a in_hint_key in \a in_selection_hints.
  *                              If the hint is not set, sets the value pointed
  *                              to by \a out_hint_string to NULL;
@@ -296,7 +296,7 @@ kim_error kim_selection_hints_get_hint (kim_selection_hints  in_selection_hints,
 /*!
  * \param io_selection_hints  a selection hints object to modify.
  * \param in_explanation      a localized string describing why the caller needs the identity.
- * \note If the application only does one thing (the reason it needs an identity is obvious) 
+ * \note If the application only does one thing (the reason it needs an identity is obvious)
  * then you may not need to call this function.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set the strings used to prompt the user to select the identity.
@@ -320,7 +320,7 @@ kim_error kim_selection_hints_get_explanation (kim_selection_hints  in_selection
 
 /*!
  * \param io_selection_hints  a selection hints object to modify.
- * \param in_options          options to control credential acquisition. 
+ * \param in_options          options to control credential acquisition.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Set the options which will be used if credentials need to be acquired.
  * \sa kim_selection_hints_get_options()
@@ -330,7 +330,7 @@ kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hint
 
 /*!
  * \param in_selection_hints a selection hints object.
- * \param out_options        on exit, the options to control credential acquisition  
+ * \param out_options        on exit, the options to control credential acquisition
  *                           specified in \a in_selection_hints.  May be KIM_OPTIONS_DEFAULT.
  *                           If not, must be freed with kim_options_free().
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -354,8 +354,8 @@ kim_error kim_selection_hints_set_allow_user_interaction (kim_selection_hints in
 
 /*!
  * \param in_selection_hints         a selection hints object to modify
- * \param out_allow_user_interaction on exit, a boolean value specifying whether or not KIM 
- *                                   should ask the user to select an identity for 
+ * \param out_allow_user_interaction on exit, a boolean value specifying whether or not KIM
+ *                                   should ask the user to select an identity for
  *                                   \a in_selection_hints.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \note This setting defaults to TRUE.
@@ -379,7 +379,7 @@ kim_error kim_selection_hints_set_remember_identity (kim_selection_hints in_sele
 
 /*!
  * \param in_selection_hints     a selection hints object to modify
- * \param out_remember_identity on exit, a boolean value specifying whether or not KIM will use a 
+ * \param out_remember_identity on exit, a boolean value specifying whether or not KIM will use a
  *                               cached mapping between \a in_selection_hints and a Kerberos identity.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \note This setting defaults to TRUE.
@@ -407,7 +407,7 @@ kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hin
  * \param in_selection_hints the selection hints to add to the cache.
  * \param in_identity the Kerberos identity \a in_selection_hints maps to.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
- * \brief Add an entry for the selection hints to the selection hints cache, 
+ * \brief Add an entry for the selection hints to the selection hints cache,
  * replacing any existing entry.
  */
 
diff --git a/src/include/kim/kim_string.h b/src/include/kim/kim_string.h
index f68f4a409..283a49742 100644
--- a/src/include/kim/kim_string.h
+++ b/src/include/kim/kim_string.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -34,8 +34,8 @@ extern "C" {
 /*!
  * \page kim_string_overview KIM String Overview
  *
- * A UTF8 string.  
- * 
+ * A UTF8 string.
+ *
  * Memory management routines are provided for runtime consistency on
  * operating systems with shared libraries and multiple runtimes.
  *
@@ -43,21 +43,21 @@ extern "C" {
  *
  * Like most C APIs, the KIM API returns numeric error codes.  These error
  * codes may come from KIM, krb5 or GSS APIs.  In most cases the caller will
- * want to handle these error programmatically.  However, in some circumstances 
- * the caller may wish to print an error string to the user.  
+ * want to handle these error programmatically.  However, in some circumstances
+ * the caller may wish to print an error string to the user.
  *
  * One problem with just printing the error code to the user is that frequently
- * the context behind the error has been lost.  For example if KIM is trying to 
+ * the context behind the error has been lost.  For example if KIM is trying to
  * obtain credentials via referrals, it may fail partway through the process.
  * In this case the error code will be KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, which
  * maps to "Client not found in Kerberos database".  Unfortunately this error
  * isn't terribly helpful because it doesn't tell the user whether they typoed
- * their principal name or if referrals failed.  
+ * their principal name or if referrals failed.
  *
- * To avoid this problem, KIM maintains an explanatory string for the last 
+ * To avoid this problem, KIM maintains an explanatory string for the last
  * error seen in each thread calling into KIM.  If a caller wishes to display
  * an error to the user, immediately after getting the error the caller should
- * call #kim_string_create_for_last_error() to obtain a copy of the  
+ * call #kim_string_create_for_last_error() to obtain a copy of the
  * descriptive error message.
  *
  * See \ref kim_string_reference for information on specific APIs.
@@ -69,24 +69,24 @@ extern "C" {
  */
 
 /*!
- * \param out_string On success, a human-readable UTF-8 string describing the 
+ * \param out_string On success, a human-readable UTF-8 string describing the
  *                   error representedby \a in_error.  Must be freed with
  *                   kim_string_free().
  * \param in_error   an error code.  Used to verify that the correct error
  *                   string will be returned (see note below).
- * \return On success, KIM_NO_ERROR.  
- * \note This API is implemented using thread local storage.  It should be 
+ * \return On success, KIM_NO_ERROR.
+ * \note This API is implemented using thread local storage.  It should be
  * called immediately after a KIM API returns an error code so that the correct
- * string is returned.  The returned copy may then be held by the caller until 
+ * string is returned.  The returned copy may then be held by the caller until
  * needed.  If \a in_error does not match the last saved error KIM may return
  * a less descriptive string.
  * \brief Get a text description of an error suitable for display to the user.
  */
 kim_error kim_string_create_for_last_error (kim_string *out_string,
                                             kim_error   in_error);
-    
+
 /*!
- * \param out_string on exit, a new string object which is a copy of \a in_string.  
+ * \param out_string on exit, a new string object which is a copy of \a in_string.
                      Must be freed with kim_string_free().
  * \param in_string  the string to copy.
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
@@ -103,10 +103,10 @@ kim_error kim_string_copy (kim_string       *out_string,
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Compare two strings.
  */
-kim_error kim_string_compare (kim_string      in_string, 
+kim_error kim_string_compare (kim_string      in_string,
                               kim_string      in_compare_to_string,
                               kim_comparison *out_comparison);
-    
+
 /*!
  * \param io_string a string to be freed.  Set to NULL on exit.
  * \brief Free memory associated with a string.
diff --git a/src/include/kim/kim_types.h b/src/include/kim/kim_types.h
index a871410bb..7723407cf 100644
--- a/src/include/kim/kim_types.h
+++ b/src/include/kim/kim_types.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -42,7 +42,7 @@ extern "C" {
 typedef int32_t     kim_error;
 
 /*!
- * No error value for the kim_error type.  
+ * No error value for the kim_error type.
  */
 #define KIM_NO_ERROR ((kim_error) 0)
 
@@ -73,7 +73,7 @@ typedef int         kim_boolean;
  * \li Greater than 0 means the first object is greater than the second.
  * \note Convenience macros are provided for interpreting #kim_comparison
  * values to improve code readability.
- * See #kim_comparison_is_less_than(), #kim_comparison_is_equal_to() and 
+ * See #kim_comparison_is_less_than(), #kim_comparison_is_equal_to() and
  * #kim_comparison_is_greater_than()
  */
 typedef int         kim_comparison;
@@ -86,7 +86,7 @@ typedef int         kim_comparison;
 /*!
  * Convenience macro for interpreting #kim_comparison.
  */
-#define kim_comparison_is_equal_to(c)        (c == 0) 
+#define kim_comparison_is_equal_to(c)        (c == 0)
 
 /*!
  * Convenience macro for interpreting #kim_comparison.
diff --git a/src/include/kim/kim_ui_plugin.h b/src/include/kim/kim_ui_plugin.h
index a15aa419a..d5a08a87d 100644
--- a/src/include/kim/kim_ui_plugin.h
+++ b/src/include/kim/kim_ui_plugin.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -43,38 +43,38 @@ enum kim_prompt_type_enum {
 
 /*
  * Plugins for Controlling Identity Selection and Credential Acquisition
- * 
+ *
  * In order to acquire credentials, Kerberos needs to obtain one or more secrets from the user.
- * These secrets may be a certificate, password, SecurID pin, or information from a smart card.  
+ * These secrets may be a certificate, password, SecurID pin, or information from a smart card.
  * If obtaining the secret requires interaction with the user, the Kerberos libraries call a
  * "prompter callback" to display a dialog or command line prompt to request information from
- * the user.  If you want to provide your own custom dialogs or command line prompts, 
- * the KIM APIs provide a plugin mechanism for replacing the default prompt ui with your own.  
+ * the user.  If you want to provide your own custom dialogs or command line prompts,
+ * the KIM APIs provide a plugin mechanism for replacing the default prompt ui with your own.
  *
- * The function table / structure which a KIM ui plugin module must export 
- * as "kim_ui_0".  If the interfaces work correctly, future versions of the 
- * table will add either more callbacks or more arguments to callbacks, and 
+ * The function table / structure which a KIM ui plugin module must export
+ * as "kim_ui_0".  If the interfaces work correctly, future versions of the
+ * table will add either more callbacks or more arguments to callbacks, and
  * in both cases we'll be able to wrap the v0 functions.
  */
 /* extern kim_ui_plugin_ftable_v0 kim_ui_0; */
 
-    
+
 typedef struct kim_ui_plugin_ftable_v0 {
     int minor_version;		/* currently 0 */
-    
+
     /* Called before other calls to allow the UI to initialize.
-     * Return an error if you can't display your UI in this environment. 
+     * Return an error if you can't display your UI in this environment.
      * To allow your plugin to be called from multiple threads, pass back
-     * state associated with this instance of your UI in out_context.  
+     * state associated with this instance of your UI in out_context.
      * The same context pointer will be provided to all plugin calls for
      * this ui. */
     kim_error (*init) (void **out_context);
-    
+
     /* Present UI which allows the user to enter a new identity.
-     * This is typically called when the user selects a "new tickets" 
+     * This is typically called when the user selects a "new tickets"
      * control or menu item from a ticket management utility.
-     * If this UI calls into KIM to get new credentials it may 
-     * call auth_prompt below. 
+     * If this UI calls into KIM to get new credentials it may
+     * call auth_prompt below.
      * If out_change_password is set to TRUE, KIM will call change_password
      * on the identity and then call enter_identity again, allowing you
      * to have a change password option on your UI. */
@@ -82,12 +82,12 @@ typedef struct kim_ui_plugin_ftable_v0 {
                                  kim_options   io_options,
                                  kim_identity *out_identity,
                                  kim_boolean  *out_change_password);
-    
+
     /* Present UI to select which identity to use.
      * This is typically called the first time an application tries to use
      * Kerberos and is used to establish a hints preference for the application.
-     * If this UI calls into KIM to get new credentials it may 
-     * call auth_prompt below. 
+     * If this UI calls into KIM to get new credentials it may
+     * call auth_prompt below.
      * If out_change_password is set to TRUE, KIM will call change_password
      * on the identity and then call select_identity again, allowing you
      * to have a change password option on your UI. */
@@ -95,7 +95,7 @@ typedef struct kim_ui_plugin_ftable_v0 {
                                   kim_selection_hints  io_hints,
                                   kim_identity        *out_identity,
                                   kim_boolean         *out_change_password);
-    
+
     /* Present UI to display authentication to the user */
     /* If in_allow_save_reply is FALSE do not display UI to allow the user
      * to save their password. In this case the value of out_save_reply will
@@ -103,17 +103,17 @@ typedef struct kim_ui_plugin_ftable_v0 {
     kim_error (*auth_prompt) (void              *in_context,
                               kim_identity       in_identity,
                               kim_prompt_type    in_type,
-                              kim_boolean        in_allow_save_reply, 
-                              kim_boolean        in_hide_reply, 
+                              kim_boolean        in_allow_save_reply,
+                              kim_boolean        in_hide_reply,
                               kim_string         in_title,
                               kim_string         in_message,
                               kim_string         in_description,
                               char             **out_reply,
                               kim_boolean       *out_save_reply);
-    
-    /* Prompt to change the identity's password. 
+
+    /* Prompt to change the identity's password.
      * May be combined with an auth_prompt if additional auth is required,
-     * eg: SecurID pin. 
+     * eg: SecurID pin.
      * If in_old_password_expired is true, this callback is in response
      * to an expired password error.  If this is the case the same context
      * which generated the error will be used for this callback. */
@@ -123,28 +123,28 @@ typedef struct kim_ui_plugin_ftable_v0 {
                                   char         **out_old_password,
                                   char         **out_new_password,
                                   char         **out_verify_password);
-    
+
     /* Display an error to the user; may be called after any of the prompts */
     kim_error (*handle_error) (void         *in_context,
                                kim_identity  in_identity,
                                kim_error     in_error,
                                kim_string    in_error_message,
                                kim_string    in_error_description);
-    
+
     /* Free strings returned by the UI. Will be called once for each string
      * returned from a plugin callback.  If you have returned a string twice
      * just make sure your free function checks for NULL and sets the pointer
      * to NULL when done freeing memory.  */
     void (*free_string) (void  *in_context,
                          char **io_string);
-    
+
     /* Called after the last prompt (even on error) to allow the UI to
      * free allocated resources associated with its context. */
     kim_error (*fini) (void *io_context);
 
 } kim_ui_plugin_ftable_v0;
 
-    
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index e0128d058..464f3fa30 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +22,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * General definitions for Kerberos version 5.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +47,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -162,7 +162,7 @@ typedef	unsigned short	krb5_ui_4;
    indicator */
 #define KRB5_INT32_MIN	(-KRB5_INT32_MAX-1)
 
-#define KRB5_INT16_MAX 65535	
+#define KRB5_INT16_MAX 65535
 /* this strange form is necessary since - is a unary operator, not a sign
    indicator */
 #define KRB5_INT16_MIN	(-KRB5_INT16_MAX-1)
@@ -187,8 +187,8 @@ typedef	unsigned short	krb5_ui_4;
 #endif
 
 typedef	unsigned int krb5_boolean;
-typedef	unsigned int krb5_msgtype;	
-typedef	unsigned int krb5_kvno;	
+typedef	unsigned int krb5_msgtype;
+typedef	unsigned int krb5_kvno;
 
 typedef	krb5_int32 krb5_addrtype;
 typedef krb5_int32 krb5_enctype;
@@ -217,9 +217,9 @@ typedef struct _krb5_octet_data {
 	krb5_octet *data;
 } krb5_octet_data;
 
-/* 
+/*
  * Hack length for crypto library to use the afs_string_to_key It is
- * equivalent to -1 without possible sign extension 
+ * equivalent to -1 without possible sign extension
  * We also overload for an unset salt type length - which is also -1, but
  * hey, why not....
 */
@@ -548,9 +548,9 @@ krb5_error_code KRB5_CALLCONV
     (krb5_context context, krb5_data *data);
 
 /*
-* Collect entropy from the OS if possible. strong requests that as strong 
-* of a source of entropy  as available be used.  Setting strong may 
-* increase the probability of blocking and should not  be used for normal 
+* Collect entropy from the OS if possible. strong requests that as strong
+* of a source of entropy  as available be used.  Setting strong may
+* increase the probability of blocking and should not  be used for normal
 * applications.  Good uses include seeding the PRNG for kadmind
 * and realm setup.
 * If successful is non-null, then successful is set to 1 if the OS provided
@@ -587,15 +587,15 @@ krb5_error_code KRB5_CALLCONV
     (krb5_context context, krb5_cksumtype cksumtype,
 		    const krb5_keyblock *key, krb5_keyusage usage,
 		    const krb5_data *input, krb5_checksum *cksum);
-    
+
 krb5_error_code KRB5_CALLCONV
     krb5_c_verify_checksum
-    (krb5_context context, 
+    (krb5_context context,
 		    const krb5_keyblock *key, krb5_keyusage usage,
 		    const krb5_data *data,
 		    const krb5_checksum *cksum,
 		    krb5_boolean *valid);
-    
+
 krb5_error_code KRB5_CALLCONV
     krb5_c_checksum_length
     (krb5_context context, krb5_cksumtype cksumtype,
@@ -603,7 +603,7 @@ krb5_error_code KRB5_CALLCONV
 
 krb5_error_code KRB5_CALLCONV
     krb5_c_keyed_checksum_types
-    (krb5_context context, krb5_enctype enctype, 
+    (krb5_context context, krb5_enctype enctype,
 		    unsigned int *count, krb5_cksumtype **cksumtypes);
 
 #define KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS		1
@@ -683,7 +683,7 @@ krb5_error_code KRB5_CALLCONV
 
 krb5_error_code KRB5_CALLCONV
     krb5_c_verify_checksum_iov
-    (krb5_context context, 
+    (krb5_context context,
 		    krb5_cksumtype cksumtype,
 		    const krb5_keyblock *key, krb5_keyusage usage,
 		    const krb5_crypto_iov *data, size_t num_data,
@@ -896,7 +896,7 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum
 /*
  * Mask of ticket flags in the TGT which should be converted into KDC
  * options when using the TGT to get derivitive tickets.
- * 
+ *
  *  New mask = KDC_OPT_FORWARDABLE | KDC_OPT_PROXIABLE |
  *	       KDC_OPT_ALLOW_POSTDATE | KDC_OPT_RENEWABLE
  */
@@ -1113,7 +1113,7 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum
 /* Time set */
 typedef struct _krb5_ticket_times {
     krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
-				in ticket? otherwise client can't get this */ 
+				in ticket? otherwise client can't get this */
     krb5_timestamp starttime;		/* optional in ticket, if not present,
 					   use authtime */
     krb5_timestamp endtime;
@@ -1330,7 +1330,7 @@ typedef struct _krb5_cred_enc_part {
     krb5_address *s_address;	/* sender address, optional */
     krb5_address *r_address;	/* recipient address, optional */
     krb5_cred_info **ticket_info;
-} krb5_cred_enc_part;	 
+} krb5_cred_enc_part;
 
 typedef struct _krb5_cred {
     krb5_magic magic;
@@ -1385,11 +1385,11 @@ typedef struct _krb5_pa_pac_req {
 #define KRB5_AUTH_CONTEXT_RET_SEQUENCE	0x00000008
 #define KRB5_AUTH_CONTEXT_PERMIT_ALL	0x00000010
 #define KRB5_AUTH_CONTEXT_USE_SUBKEY	0x00000020
- 
-typedef struct krb5_replay_data { 
-    krb5_timestamp	timestamp; 
+
+typedef struct krb5_replay_data {
+    krb5_timestamp	timestamp;
     krb5_int32		usec;
-    krb5_ui_4		seq; 
+    krb5_ui_4		seq;
 } krb5_replay_data;
 
 /* flags for krb5_auth_con_genaddrs() */
@@ -1401,7 +1401,7 @@ typedef struct krb5_replay_data {
 /* type of function used as a callback to generate checksum data for
  * mk_req */
 
-typedef krb5_error_code 
+typedef krb5_error_code
 (KRB5_CALLCONV * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,
 			       krb5_data **);
 
@@ -1502,8 +1502,8 @@ krb5_cc_move (krb5_context context, krb5_ccache src, krb5_ccache dst);
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_last_change_time (
-    krb5_context context, 
-    krb5_ccache ccache, 
+    krb5_context context,
+    krb5_ccache ccache,
     krb5_timestamp *change_time);
 
 krb5_error_code KRB5_CALLCONV
@@ -1615,7 +1615,7 @@ void KRB5_CALLCONV krb5_free_context
 krb5_error_code KRB5_CALLCONV krb5_copy_context
 	(krb5_context, krb5_context *);
 
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_set_default_tgs_enctypes
 	(krb5_context,
 		const krb5_enctype *);
@@ -1792,7 +1792,7 @@ krb5_boolean KRB5_CALLCONV krb5_principal_compare_flags
 		int);
 krb5_error_code KRB5_CALLCONV  krb5_init_keyblock
 		(krb5_context, krb5_enctype enctype,
-		size_t length, krb5_keyblock **out); 
+		size_t length, krb5_keyblock **out);
   		/* Initialize a new keyblock and allocate storage
 		 * for the contents of the key, which will be freed along
 		 * with the keyblock when krb5_free_keyblock is called.
@@ -1875,7 +1875,7 @@ krb5_error_code KRB5_CALLCONV krb5_425_conv_principal
 		krb5_principal *princ);
 
 krb5_error_code KRB5_CALLCONV krb5_524_conv_principal
-	(krb5_context context, krb5_const_principal princ, 
+	(krb5_context context, krb5_const_principal princ,
 		char *name, char *inst, char *realm);
 
 struct credentials;
@@ -2102,7 +2102,7 @@ krb5_error_code KRB5_CALLCONV krb5_mk_priv
 		krb5_data *,
 		krb5_replay_data *);
 
-krb5_error_code KRB5_CALLCONV krb5_sendauth 
+krb5_error_code KRB5_CALLCONV krb5_sendauth
 	(krb5_context,
 		krb5_auth_context *,
 		krb5_pointer,
@@ -2116,14 +2116,14 @@ krb5_error_code KRB5_CALLCONV krb5_sendauth
 		krb5_error **,
 		krb5_ap_rep_enc_part **,
 		krb5_creds **);
-	
+
 krb5_error_code KRB5_CALLCONV krb5_recvauth
 	(krb5_context,
 		krb5_auth_context *,
 		krb5_pointer,
 		char *,
 		krb5_principal,
-		krb5_int32, 
+		krb5_int32,
 		krb5_keytab,
 		krb5_ticket **);
 krb5_error_code KRB5_CALLCONV krb5_recvauth_version
@@ -2131,7 +2131,7 @@ krb5_error_code KRB5_CALLCONV krb5_recvauth_version
 		krb5_auth_context *,
 		krb5_pointer,
 		krb5_principal,
-		krb5_int32, 
+		krb5_int32,
 		krb5_keytab,
 		krb5_ticket **,
 		krb5_data *);
@@ -2158,14 +2158,14 @@ krb5_error_code KRB5_CALLCONV krb5_rd_cred
 		krb5_replay_data *);
 
 krb5_error_code KRB5_CALLCONV krb5_fwd_tgt_creds
-	(krb5_context, 
+	(krb5_context,
 		krb5_auth_context,
 		char *,
-		krb5_principal, 
-		krb5_principal, 
+		krb5_principal,
+		krb5_principal,
 		krb5_ccache,
 		int forwardable,
-		krb5_data *);	
+		krb5_data *);
 
 krb5_error_code KRB5_CALLCONV krb5_auth_con_init
 	(krb5_context,
@@ -2564,13 +2564,13 @@ krb5_get_renewed_creds
 
 krb5_error_code KRB5_CALLCONV
 krb5_decode_ticket
-(const krb5_data *code, 
+(const krb5_data *code,
 		krb5_ticket **rep);
 
 void KRB5_CALLCONV
 krb5_appdefault_string
 (krb5_context context,
-		const char *appname,  
+		const char *appname,
 	        const krb5_data *realm,
  		const char *option,
 		const char *default_value,
@@ -2579,7 +2579,7 @@ krb5_appdefault_string
 void KRB5_CALLCONV
 krb5_appdefault_boolean
 (krb5_context context,
-		const char *appname,  
+		const char *appname,
 	        const krb5_data *realm,
  		const char *option,
 		int default_value,
diff --git a/src/include/krb5/locate_plugin.h b/src/include/krb5/locate_plugin.h
index f9f29baf7..8496f276b 100644
--- a/src/include/krb5/locate_plugin.h
+++ b/src/include/krb5/locate_plugin.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Service location plugin definitions for Kerberos 5.
  */
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h
index e11913e3f..dd0820af1 100644
--- a/src/include/krb5/preauth_plugin.h
+++ b/src/include/krb5/preauth_plugin.h
@@ -367,7 +367,7 @@ typedef void
 
 /* Return the flags which the KDC should use for this module.  This is a
  * callback instead of a static value because the module may or may not
- * wish to count itself as a hardware preauthentication module (in other 
+ * wish to count itself as a hardware preauthentication module (in other
  * words, the flags may be affected by the configuration, for example if a
  * site administrator can force a particular preauthentication type to be
  * supported using only hardware).  This function is called for each entry
diff --git a/src/include/krb54proto.h b/src/include/krb54proto.h
index d1d16e1ba..65cf5f939 100644
--- a/src/include/krb54proto.h
+++ b/src/include/krb54proto.h
@@ -9,10 +9,9 @@ extern krb5_error_code krb54_get_service_keyblock
 extern int decomp_tkt_krb5
 	(KTEXT tkt, unsigned char *flags, char *pname,
 		   char *pinstance, char *prealm, unsigned KRB4_32 *paddress,
-		   des_cblock session, int *life, unsigned KRB4_32 *time_sec, 
+		   des_cblock session, int *life, unsigned KRB4_32 *time_sec,
 		   char *sname, char *sinstance, krb5_keyblock *k5key);
 extern int krb_set_key_krb5
 	(krb5_context ctx, krb5_keyblock *key);
 void krb_clear_key_krb5
 	(krb5_context ctx);
-
diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index 339e4b228..dd3f976c7 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Site- and OS- dependant configuration.
  */
diff --git a/src/include/pkinit_apple_utils.h b/src/include/pkinit_apple_utils.h
index 313955f39..857b1685c 100644
--- a/src/include/pkinit_apple_utils.h
+++ b/src/include/pkinit_apple_utils.h
@@ -28,7 +28,7 @@
  *
  * Created 19 May 2004 by Doug Mitchell.
  */
- 
+
 #ifndef	_PKINIT_APPLE_UTILS_H_
 #define _PKINIT_APPLE_UTILS_H_
 
@@ -70,7 +70,7 @@ CSSM_CL_HANDLE pkiClStartup(void);
  * CSSM_DATA <--> krb5_ui_4
  */
 krb5_error_code pkiDataToInt(
-    const CSSM_DATA *cdata, 
+    const CSSM_DATA *cdata,
     krb5_int32       *i);	/* RETURNED */
 
 krb5_error_code pkiIntToData(
@@ -86,13 +86,13 @@ krb5_error_code pkiDataToKrb5Data(
     unsigned dataLen,
     krb5_data *kd);		/* content mallocd and RETURNED */
 
-/* 
+/*
  * CSSM_DATA <--> krb5_data
  *
  * CSSM_DATA data is managed by a SecAsn1CoderRef; krb5_data.data is mallocd.
  */
 krb5_error_code pkiCssmDataToKrb5Data(
-    const CSSM_DATA *cd, 
+    const CSSM_DATA *cd,
     krb5_data *kd);		/* content mallocd and RETURNED */
 
 
@@ -101,13 +101,13 @@ krb5_error_code pkiKrb5DataToCssm(
     CSSM_DATA       *cdata,     /* allocated in coder space and RETURNED */
     SecAsn1CoderRef coder);
 
-/* 
+/*
  * CFDataRef --> krb5_data, mallocing the destination contents.
  */
 krb5_error_code pkiCfDataToKrb5Data(
     CFDataRef	    cfData,
     krb5_data	    *kd);	/* content mallocd and RETURNED */
-    
+
 /*
  * Non-mallocing conversion between CSSM_DATA and krb5_data
  */
@@ -126,7 +126,7 @@ krb5_boolean pkiCompareCssmData(
     const CSSM_DATA *d1,
     const CSSM_DATA *d2);
 
-/* 
+/*
  * krb5_timestamp <--> a mallocd string in generalized format
  */
 krb5_error_code pkiKrbTimestampToStr(
diff --git a/src/include/pkinit_asn1.h b/src/include/pkinit_asn1.h
index b90ae5960..8e33a69a6 100644
--- a/src/include/pkinit_asn1.h
+++ b/src/include/pkinit_asn1.h
@@ -28,7 +28,7 @@
  *
  * Created 18 May 2004 by Doug Mitchell.
  */
- 
+
 #ifndef	_PKINIT_ASN1_H_
 #define _PKINIT_ASN1_H_
 
@@ -44,18 +44,18 @@ typedef struct {
     krb5_data	parameters;	/* ASN_ANY, defined by algorithm */
 } krb5int_algorithm_id;
 
-/* 
+/*
  * Encode and decode AuthPack, public key version (no Diffie-Hellman components).
  */
 krb5_error_code krb5int_pkinit_auth_pack_encode(
-    krb5_timestamp		kctime,      
+    krb5_timestamp		kctime,
     krb5_int32			cusec,		    /* microseconds */
     krb5_ui_4			nonce,
     const krb5_checksum		*pa_checksum,
     const krb5int_algorithm_id	*cms_types,	    /* optional */
     krb5_ui_4			num_cms_types,
     krb5_data			*auth_pack);	    /* mallocd and RETURNED */
-    
+
 /* all returned values are optional - pass NULL if you don't want them */
 krb5_error_code krb5int_pkinit_auth_pack_decode(
     const krb5_data	*auth_pack,	    /* DER encoded */
@@ -65,10 +65,10 @@ krb5_error_code krb5int_pkinit_auth_pack_decode(
     krb5_checksum       *pa_checksum,	    /* contents mallocd and RETURNED */
     krb5int_algorithm_id **cms_types,	    /* mallocd and RETURNED */
     krb5_ui_4		*num_cms_types);    /* RETURNED */
-    
-    
+
+
 /*
- * Given DER-encoded issuer and serial number, create an encoded 
+ * Given DER-encoded issuer and serial number, create an encoded
  * IssuerAndSerialNumber.
  */
 krb5_error_code krb5int_pkinit_issuer_serial_encode(
@@ -85,9 +85,9 @@ krb5_error_code krb5int_pkinit_issuer_serial_decode(
     krb5_data       *serial_num);	    /* RETURNED */
 
 /*
- * Top-level encode for PA-PK-AS-REQ.  
+ * Top-level encode for PA-PK-AS-REQ.
  * The signed_auth_pack field is wrapped in an OCTET STRING, content
- * specific tag 0, during encode. 
+ * specific tag 0, during encode.
  */
 krb5_error_code krb5int_pkinit_pa_pk_as_req_encode(
     const krb5_data *signed_auth_pack,	/* DER encoded ContentInfo */
@@ -98,24 +98,24 @@ krb5_error_code krb5int_pkinit_pa_pk_as_req_encode(
     krb5_data       *pa_pk_as_req);	/* mallocd and RETURNED */
 
 /*
- * Top-level decode for PA-PK-AS-REQ. Does not perform cert verification on the 
+ * Top-level decode for PA-PK-AS-REQ. Does not perform cert verification on the
  * ContentInfo; that is returned in BER-encoded form and processed elsewhere.
- * The OCTET STRING wrapping the signed_auth_pack field is removed during the 
+ * The OCTET STRING wrapping the signed_auth_pack field is removed during the
  * decode.
  */
 krb5_error_code krb5int_pkinit_pa_pk_as_req_decode(
     const krb5_data *pa_pk_as_req,
     krb5_data *signed_auth_pack,	/* DER encoded ContentInfo, RETURNED */
-    /* 
-     * Remainder are optionally RETURNED (specify NULL for pointers to 
+    /*
+     * Remainder are optionally RETURNED (specify NULL for pointers to
      * items you're not interested in).
      */
     krb5_ui_4 *num_trusted_CAs,		/* sizeof trusted_CAs */
-    krb5_data **trusted_CAs,		/* mallocd array of DER-encoded TrustedCAs 
+    krb5_data **trusted_CAs,		/* mallocd array of DER-encoded TrustedCAs
 					 *   issuer/serial */
     krb5_data *kdc_cert);		/* DER encoded issuer/serial */
 
-/* 
+/*
  * Encode a ReplyKeyPack. The result is used as the Content of a SignedData.
  */
 krb5_error_code krb5int_pkinit_reply_key_pack_encode(
@@ -123,7 +123,7 @@ krb5_error_code krb5int_pkinit_reply_key_pack_encode(
     const krb5_checksum *checksum,
     krb5_data		*reply_key_pack);   /* mallocd and RETURNED */
 
-/* 
+/*
  * Decode a ReplyKeyPack.
  */
 krb5_error_code krb5int_pkinit_reply_key_pack_decode(
@@ -131,31 +131,31 @@ krb5_error_code krb5int_pkinit_reply_key_pack_decode(
     krb5_keyblock       *key_block,	    /* RETURNED */
     krb5_checksum	*checksum);	    /* contents mallocd and RETURNED */
 
-/* 
+/*
  * Encode a PA-PK-AS-REP.
  * Exactly one of {dh_signed_data, enc_key_pack} is non-NULL on entry;
- * each is a previously encoded item. 
+ * each is a previously encoded item.
  *
  * dh_signed_data, if specified, is an encoded DHRepInfo.
  * enc_key_pack, if specified, is EnvelopedData(signedData(ReplyKeyPack)
  */
 krb5_error_code krb5int_pkinit_pa_pk_as_rep_encode(
-    const krb5_data     *dh_signed_data, 
+    const krb5_data     *dh_signed_data,
     const krb5_data     *enc_key_pack,	    /* EnvelopedData(signedData(ReplyKeyPack) */
     krb5_data		*pa_pk_as_rep);	    /* mallocd and RETURNED */
 
-/* 
+/*
  * Decode a PA-PK-AS-REP.
  * On successful return, exactly one of {dh_signed_data, enc_key_pack}
  * will be non-NULL, each of which is mallocd and must be freed by
- * caller. 
+ * caller.
  *
  * dh_signed_data, if returned, is an encoded DHRepInfo.
  * enc_key_pack, if specified, is EnvelopedData(signedData(ReplyKeyPack)
  */
 krb5_error_code krb5int_pkinit_pa_pk_as_rep_decode(
     const krb5_data     *pa_pk_as_rep,
-    krb5_data		*dh_signed_data, 
+    krb5_data		*dh_signed_data,
     krb5_data		*enc_key_pack);
 
 /*
diff --git a/src/include/pkinit_cert_store.h b/src/include/pkinit_cert_store.h
index 6811d5a72..b7f70d388 100644
--- a/src/include/pkinit_cert_store.h
+++ b/src/include/pkinit_cert_store.h
@@ -28,7 +28,7 @@
  *
  * Created 26 May 2004 by Doug Mitchell at Apple.
  */
- 
+
 #ifndef	_PKINIT_CERT_STORE_H_
 #define _PKINIT_CERT_STORE_H_
 
@@ -50,13 +50,13 @@ typedef void *krb5_pkinit_signing_cert_t;
  */
 typedef void *krb5_pkinit_cert_t;
 
-/* 
- * Opaque reference to a database in which PKINIT-related certificates are stored. 
+/*
+ * Opaque reference to a database in which PKINIT-related certificates are stored.
  */
 typedef void *krb5_pkinit_cert_db_t;
 
 /*
- * Obtain signing cert for specified principal. On successful return, 
+ * Obtain signing cert for specified principal. On successful return,
  * caller must eventually release the cert with krb5_pkinit_release_cert().
  *
  * Returns KRB5_PRINC_NOMATCH if client cert not found.
@@ -64,8 +64,8 @@ typedef void *krb5_pkinit_cert_db_t;
 krb5_error_code krb5_pkinit_get_client_cert(
     const char			*principal,     /* full principal string */
     krb5_pkinit_signing_cert_t	*client_cert);  /* RETURNED */
-    
-/* 
+
+/*
  * Determine if the specified client has a signing cert. Returns TRUE
  * if so, else returns FALSE.
  */
@@ -85,7 +85,7 @@ krb5_error_code krb5_pkinit_set_client_cert(
     const char			*principal,     /* full principal string */
     krb5_pkinit_cert_t	client_cert);
 
-/* 
+/*
  * Obtain a reference to the client's cert database. Specify either principal
  * name or client_cert as obtained from krb5_pkinit_get_client_cert().
  */
@@ -100,10 +100,10 @@ krb5_error_code krb5_pkinit_get_client_cert_db(
  *
  * The client_spec argument is typically provided by the client as kdcPkId.
  *
- * If trusted_CAs and client_spec are NULL, a platform-dependent preferred 
- * KDC signing cert is returned, if one exists. 
+ * If trusted_CAs and client_spec are NULL, a platform-dependent preferred
+ * KDC signing cert is returned, if one exists.
  *
- * On successful return, caller must eventually release the cert with 
+ * On successful return, caller must eventually release the cert with
  * krb5_pkinit_release_cert(). Outside of an unusual test configuration this =
  *
  * Returns KRB5_PRINC_NOMATCH if KDC cert not found.
@@ -115,7 +115,7 @@ krb5_error_code krb5_pkinit_get_kdc_cert(
     krb5_data			*client_spec,	    /* optional */
     krb5_pkinit_signing_cert_t	*kdc_cert);	    /* RETURNED */
 
-/* 
+/*
  * Obtain a reference to the KDC's cert database.
  */
 krb5_error_code krb5_pkinit_get_kdc_cert_db(
@@ -127,27 +127,27 @@ krb5_error_code krb5_pkinit_get_kdc_cert_db(
  */
 extern void krb5_pkinit_release_cert(
     krb5_pkinit_signing_cert_t   cert);
-    
+
 /*
  * Release database references obtained via krb5_pkinit_get_client_cert_db() and
  * krb5_pkinit_get_kdc_cert_db().
  */
 extern void krb5_pkinit_release_cert_db(
     krb5_pkinit_cert_db_t	cert_db);
-    
-/* 
- * Obtain a mallocd C-string representation of a certificate's SHA1 digest. 
- * Only error is a NULL return indicating memory failure. 
+
+/*
+ * Obtain a mallocd C-string representation of a certificate's SHA1 digest.
+ * Only error is a NULL return indicating memory failure.
  * Caller must free the returned string.
  */
 char *krb5_pkinit_cert_hash_str(
     const krb5_data *cert);
-    
-/* 
+
+/*
  * Obtain a client's optional list of trusted KDC CA certs (trustedCertifiers)
- * and/or trusted KDC cert (kdcPkId) for a given client and server. 
- * All returned values are mallocd and must be freed by caller; the contents 
- * of the krb5_datas are DER-encoded certificates. 
+ * and/or trusted KDC cert (kdcPkId) for a given client and server.
+ * All returned values are mallocd and must be freed by caller; the contents
+ * of the krb5_datas are DER-encoded certificates.
  */
 krb5_error_code krb5_pkinit_get_server_certs(
     const char *client_principal,
diff --git a/src/include/pkinit_client.h b/src/include/pkinit_client.h
index 31951caaf..3b9a841ba 100644
--- a/src/include/pkinit_client.h
+++ b/src/include/pkinit_client.h
@@ -45,27 +45,27 @@ extern "C" {
  */
 krb5_error_code krb5int_pkinit_as_req_create(
     krb5_context		context,
-    krb5_timestamp		kctime,      
+    krb5_timestamp		kctime,
     krb5_int32			cusec,		/* microseconds */
     krb5_ui_4			nonce,
     const krb5_checksum		*cksum,
     krb5_pkinit_signing_cert_t	client_cert,	/* required! */
-    
-    /* 
+
+    /*
      * trusted_CAs correponds to PA-PK-AS-REQ.trustedCertifiers.
-     * Expressed here as an optional list of DER-encoded certs. 
+     * Expressed here as an optional list of DER-encoded certs.
      */
-    const krb5_data		*trusted_CAs,	
+    const krb5_data		*trusted_CAs,
     krb5_ui_4			num_trusted_CAs,
-    
-    /* optional PA-PK-AS-REQ.kdcPkId, expressed here as a 
+
+    /* optional PA-PK-AS-REQ.kdcPkId, expressed here as a
      * DER-encoded cert */
-    const krb5_data		*kdc_cert,	
+    const krb5_data		*kdc_cert,
     krb5_data			*as_req);	/* mallocd and RETURNED */
 
 /*
- * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain. 
- * Optionally returns various components. 
+ * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain.
+ * Optionally returns various components.
  */
 krb5_error_code krb5int_pkinit_as_rep_parse(
     krb5_context		context,
@@ -81,7 +81,7 @@ krb5_error_code krb5int_pkinit_as_rep_parse(
      *
      * signer_cert is the DER-encoded leaf cert from the incoming SignedData.
      * all_certs is an array of all of the certs in the incoming SignedData,
-     *    in full DER-encoded form. 
+     *    in full DER-encoded form.
      */
     krb5_data		    *signer_cert,   /* content mallocd */
     unsigned		    *num_all_certs, /* sizeof *all_certs */
diff --git a/src/include/pkinit_cms.h b/src/include/pkinit_cms.h
index 6e5fb96ce..accf8bfb3 100644
--- a/src/include/pkinit_cms.h
+++ b/src/include/pkinit_cms.h
@@ -45,27 +45,27 @@ extern "C" {
  */
 enum {
     /* normal CMS ContentTypes */
-    ECT_Data,	
+    ECT_Data,
     ECT_SignedData,
     ECT_EnvelopedData,
     ECT_EncryptedData,
-    
+
     /*
      * For SignedAuthPack
      * pkauthdata: { iso (1) org (3) dod (6) internet (1)
      *               security (5) kerberosv5 (2) pkinit (3) pkauthdata (1)}
      */
     ECT_PkAuthData,
-    
+
     /*
      * For ReplyKeyPack
      * pkrkeydata: { iso (1) org (3) dod (6) internet (1)
      *               security (5) kerberosv5 (2) pkinit (3) pkrkeydata (3) }
      */
     ECT_PkReplyKeyKata,
-    
+
     /*
-     * Other - i.e., unrecognized ContentType on decode. 
+     * Other - i.e., unrecognized ContentType on decode.
      */
     ECT_Other
 };
@@ -96,7 +96,7 @@ enum {
 typedef krb5_int32 krb5int_cert_sig_status;
 
 /*
- * Create a CMS message: either encrypted (EnvelopedData), signed 
+ * Create a CMS message: either encrypted (EnvelopedData), signed
  * (SignedData), or both (EnvelopedData(SignedData(content)).
  *
  * The message is signed iff signing_cert is non-NULL.
@@ -107,8 +107,8 @@ typedef krb5_int32 krb5int_cert_sig_status;
  * if the message is not to be signed.
  *
  * The cms_types argument optionally specifies a list, in order
- * of decreasing preference, of CMS algorithms to use in the 
- * creation of the CMS message. 
+ * of decreasing preference, of CMS algorithms to use in the
+ * creation of the CMS message.
  */
 krb5_error_code krb5int_pkinit_create_cms_msg(
     const krb5_data		*content,	/* Content */
@@ -120,19 +120,19 @@ krb5_error_code krb5int_pkinit_create_cms_msg(
     krb5_data			*content_info); /* contents mallocd and RETURNED */
 
 /*
- * Parse a ContentInfo as best we can. All returned fields are optional - 
- * pass NULL for values you don't need. 
+ * Parse a ContentInfo as best we can. All returned fields are optional -
+ * pass NULL for values you don't need.
  *
- * If signer_cert_status is NULL on entry, NO signature or cert evaluation 
- * will be performed. 
+ * If signer_cert_status is NULL on entry, NO signature or cert evaluation
+ * will be performed.
  *
  * The is_client_msg argument indicates whether the CMS message originated
  * from the client (TRUE) or server (FALSE) and may be used in platform-
- * dependent certificate evaluation. 
+ * dependent certificate evaluation.
  *
  * Note that signature and certificate verification errors do NOT cause
- * this routine itself to return an error; caller is reponsible for 
- * handling such errors per the signer_cert_status out parameter. 
+ * this routine itself to return an error; caller is reponsible for
+ * handling such errors per the signer_cert_status out parameter.
  */
 krb5_error_code krb5int_pkinit_parse_cms_msg(
     const krb5_data     *content_info,
@@ -150,14 +150,14 @@ krb5_error_code krb5int_pkinit_parse_cms_msg(
     unsigned		*num_all_certs,		/* size of *all_certs RETURNED */
     krb5_data		**all_certs);		/* entire cert chain RETURNED */
 
-/* 
- * An AuthPack contains an optional set of AlgorithmIdentifiers 
- * which define the CMS algorithms supported by the client, in 
- * order of decreasing preference. 
+/*
+ * An AuthPack contains an optional set of AlgorithmIdentifiers
+ * which define the CMS algorithms supported by the client, in
+ * order of decreasing preference.
  *
  * krb5int_pkinit_get_cms_types() is a CMS-implementation-dependent
  * function returning supported CMS algorithms in the form of a
- * pointer and a length suitable for passing to 
+ * pointer and a length suitable for passing to
  * krb5int_pkinit_auth_pack_encode. If no preference is to be expressed,
  * this function returns NULL/0 (without returning a nonzero krb5_error_code).
  *
@@ -167,7 +167,7 @@ krb5_error_code krb5int_pkinit_parse_cms_msg(
 krb5_error_code krb5int_pkinit_get_cms_types(
     krb5int_algorithm_id    **supported_cms_types,	/* RETURNED */
     krb5_ui_4		    *num_supported_cms_types);	/* RETURNED */
-    
+
 krb5_error_code krb5int_pkinit_free_cms_types(
     krb5int_algorithm_id    *supported_cms_types,
     krb5_ui_4		    num_supported_cms_types);
diff --git a/src/include/socket-utils.h b/src/include/socket-utils.h
index 070bb2ff1..d87405801 100644
--- a/src/include/socket-utils.h
+++ b/src/include/socket-utils.h
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 2001,2005 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 
 #ifndef SOCKET_UTILS_H
diff --git a/src/include/spnego-asn1.h b/src/include/spnego-asn1.h
index 8070a9f99..211ba37d8 100644
--- a/src/include/spnego-asn1.h
+++ b/src/include/spnego-asn1.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,9 +22,9 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
  *
- * This file contains structure definitions 
+ *
+ * This file contains structure definitions
  * for the SPNEGO GSSAPI mechanism (RFC 2478).  This file is
  *an internal interface between the GSSAPI library  and the ASN.1
  *encoders/decoders for the SPNEGO structures in the krb5 library.
diff --git a/src/include/win-mac.h b/src/include/win-mac.h
index f77cd2b41..408648765 100644
--- a/src/include/win-mac.h
+++ b/src/include/win-mac.h
@@ -25,8 +25,8 @@
 
 #else /* ! RES_ONLY */
 
-/* To ensure backward compatibility of the ABI use 32-bit time_t on 
- * 32-bit Windows. 
+/* To ensure backward compatibility of the ABI use 32-bit time_t on
+ * 32-bit Windows.
  */
 #ifdef _KRB5_INT_H
 #ifdef KRB5_GENERAL__
@@ -37,7 +37,7 @@
 #error time_t has been defined as a 64-bit integer which is incompatible with Kerberos on this platform.
 #endif /* _TIME_T_DEFINED */
 #define _USE_32BIT_TIME_T
-#endif 
+#endif
 #endif
 
 #define SIZEOF_INT      4
@@ -102,7 +102,7 @@ typedef _W64 int 	 ssize_t;
 
 #define HAVE_NETINET_IN_H
 #define MSDOS_FILESYSTEM
-#define HAVE_STRING_H 
+#define HAVE_STRING_H
 #define HAVE_SRAND
 #define HAVE_ERRNO
 #define HAVE_STRDUP
@@ -154,7 +154,7 @@ typedef _W64 int 	 ssize_t;
 #endif
 #define INI_KRB_REALMS  "krb.realms"    /* Location of krb.realms file */
 #define DEF_KRB_REALMS  "krb.realms"    /* Default name for krb.realms file */
-#define INI_RECENT_LOGINS "Recent Logins"    
+#define INI_RECENT_LOGINS "Recent Logins"
 #define INI_LOGIN       "Login"
 
 #define HAS_VOID_TYPE
@@ -176,7 +176,7 @@ typedef _W64 int 	 ssize_t;
 
 /* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o
  * routines directly. Rather, they only export the _<function> version.
- * The following defines works around this problem. 
+ * The following defines works around this problem.
  */
 #include <sys\types.h>
 #include <sys\stat.h>
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index 22a67ab15..c8cb3fb58 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -60,22 +60,22 @@ struct pflag {
 };
 
 static struct pflag flags[] = {
-{"allow_postdated",     15,     KRB5_KDB_DISALLOW_POSTDATED,    1 },
-{"allow_forwardable",   17,     KRB5_KDB_DISALLOW_FORWARDABLE,  1 },
-{"allow_tgs_req",       13,     KRB5_KDB_DISALLOW_TGT_BASED,    1 },
-{"allow_renewable",     15,     KRB5_KDB_DISALLOW_RENEWABLE,    1 },
-{"allow_proxiable",     15,     KRB5_KDB_DISALLOW_PROXIABLE,    1 },
-{"allow_dup_skey",      14,     KRB5_KDB_DISALLOW_DUP_SKEY,     1 },
-{"allow_tix",            9,     KRB5_KDB_DISALLOW_ALL_TIX,      1 },
-{"requires_preauth",    16,     KRB5_KDB_REQUIRES_PRE_AUTH,     0 },
-{"requires_hwauth",     15,     KRB5_KDB_REQUIRES_HW_AUTH,      0 },
-{"needchange",          10,     KRB5_KDB_REQUIRES_PWCHANGE,     0 },
-{"allow_svr",            9,     KRB5_KDB_DISALLOW_SVR,          1 },
-{"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE,    0 },
-{"support_desmd5",      14,     KRB5_KDB_SUPPORT_DESMD5,        0 },
-{"ok_as_delegate",      14,     KRB5_KDB_OK_AS_DELEGATE,        0 },
-{"ok_to_auth_as_delegate", 22,  KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0 },
-{"no_auth_data_required", 21,   KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0 },
+    {"allow_postdated",     15,     KRB5_KDB_DISALLOW_POSTDATED,    1 },
+    {"allow_forwardable",   17,     KRB5_KDB_DISALLOW_FORWARDABLE,  1 },
+    {"allow_tgs_req",       13,     KRB5_KDB_DISALLOW_TGT_BASED,    1 },
+    {"allow_renewable",     15,     KRB5_KDB_DISALLOW_RENEWABLE,    1 },
+    {"allow_proxiable",     15,     KRB5_KDB_DISALLOW_PROXIABLE,    1 },
+    {"allow_dup_skey",      14,     KRB5_KDB_DISALLOW_DUP_SKEY,     1 },
+    {"allow_tix",            9,     KRB5_KDB_DISALLOW_ALL_TIX,      1 },
+    {"requires_preauth",    16,     KRB5_KDB_REQUIRES_PRE_AUTH,     0 },
+    {"requires_hwauth",     15,     KRB5_KDB_REQUIRES_HW_AUTH,      0 },
+    {"needchange",          10,     KRB5_KDB_REQUIRES_PWCHANGE,     0 },
+    {"allow_svr",            9,     KRB5_KDB_DISALLOW_SVR,          1 },
+    {"password_changing_service", 25, KRB5_KDB_PWCHANGE_SERVICE,    0 },
+    {"support_desmd5",      14,     KRB5_KDB_SUPPORT_DESMD5,        0 },
+    {"ok_as_delegate",      14,     KRB5_KDB_OK_AS_DELEGATE,        0 },
+    {"ok_to_auth_as_delegate", 22,  KRB5_KDB_OK_TO_AUTH_AS_DELEGATE, 0 },
+    {"no_auth_data_required", 21,   KRB5_KDB_NO_AUTH_DATA_REQUIRED, 0 },
 };
 
 static char *prflags[] = {
@@ -1036,7 +1036,7 @@ kadmin_addprinc_usage()
 #if APPLE_PKINIT
             "\t\t[-certhash hash_string]\n"
 #endif /* APPLE_PKINIT */
-            );
+    );
     fprintf(stderr, "\tattributes are:\n");
     fprintf(stderr, "%s%s%s",
             "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
@@ -1061,7 +1061,7 @@ kadmin_modprinc_usage()
             "\t\tok_as_delegate ok_to_auth_as_delegate no_auth_data_required\n"
             "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
             "\t\t\tLook at each database documentation for supported arguments\n"
-        );
+    );
 }
 
 /* Create a dummy password for old-style (pre-1.8) randkey creation. */
@@ -1111,7 +1111,7 @@ kadmin_addprinc(int argc, char *argv[])
 #if APPLE_PKINIT
     if(cert_hash != NULL) {
         fprintf(stderr,
-              "add_principal: -certhash not allowed; use modify_principal\n");
+                "add_principal: -certhash not allowed; use modify_principal\n");
         goto cleanup;
     }
 #endif /* APPLE_PKINIT */
@@ -1643,9 +1643,9 @@ kadmin_getpol(int argc, char *argv[])
         printf("Maximum password failures before lockout: %lu\n",
                (unsigned long)policy.pw_max_fail);
         printf("Password failure count reset interval: %ld\n",
-                (long)policy.pw_failcnt_interval);
+               (long)policy.pw_failcnt_interval);
         printf("Password lockout duration: %ld\n",
-                (long)policy.pw_lockout_duration);
+               (long)policy.pw_lockout_duration);
     } else {
         printf("\"%s\"\t%ld\t%ld\t%ld\t%ld\t%ld\t%ld\t%lu\t%ld\t%ld\n",
                policy.policy, policy.pw_max_life, policy.pw_min_life,
diff --git a/src/kadmin/cli/kadmin.h b/src/kadmin/cli/kadmin.h
index 745ebcb2b..5c9decc7d 100644
--- a/src/kadmin/cli/kadmin.h
+++ b/src/kadmin/cli/kadmin.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/cli/kadmin.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Prototypes for kadmin functions called from SS library.
  */
@@ -67,9 +68,8 @@ extern time_t get_date(char *);
 
 /* Yucky global variables */
 extern krb5_context context;
-extern char *krb5_defkeyname;	 
+extern char *krb5_defkeyname;
 extern char *whoami;
 extern void *handle;
 
 #endif /* __KADMIN_H__ */
-
diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c
index fa2de42a8..8d14f860a 100644
--- a/src/kadmin/cli/keytab.c
+++ b/src/kadmin/cli/keytab.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
  *
@@ -285,11 +285,11 @@ add_principal(void *lhandle, char *keytab_str, krb5_keytab keytab,
         code = kadm5_get_principal_keys(handle, princ, &keys, &nkeys);
     else
 #endif
-    if (keepold || ks_tuple != NULL) {
-        code = kadm5_randkey_principal_3(lhandle, princ, keepold,
-                                         n_ks_tuple, ks_tuple, &keys, &nkeys);
-    } else
-        code = kadm5_randkey_principal(lhandle, princ, &keys, &nkeys);
+        if (keepold || ks_tuple != NULL) {
+            code = kadm5_randkey_principal_3(lhandle, princ, keepold,
+                                             n_ks_tuple, ks_tuple, &keys, &nkeys);
+        } else
+            code = kadm5_randkey_principal(lhandle, princ, &keys, &nkeys);
     if (code != 0) {
         if (code == KADM5_UNK_PRINC) {
             fprintf(stderr, "%s: Principal %s does not exist.\n",
diff --git a/src/kadmin/cli/keytab_local.c b/src/kadmin/cli/keytab_local.c
index 1f029a7a9..bb9cd88df 100644
--- a/src/kadmin/cli/keytab_local.c
+++ b/src/kadmin/cli/keytab_local.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * A wrapper around keytab.c used by kadmin.local to expose the -norandkey
  * flag.  This avoids building two object files from the same source file,
diff --git a/src/kadmin/cli/ss_wrapper.c b/src/kadmin/cli/ss_wrapper.c
index 93cf1dc7d..92ea16a54 100644
--- a/src/kadmin/cli/ss_wrapper.c
+++ b/src/kadmin/cli/ss_wrapper.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -7,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +21,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * ss wrapper for kadmin
  */
@@ -52,12 +52,12 @@ main(int argc, char *argv[])
         exit(1);
     }
     if (request) {
-            code = ss_execute_line(sci_idx, request);
-            if (code != 0) {
-                    ss_perror(sci_idx, code, request);
-                    exit_status++;
-            }
+        code = ss_execute_line(sci_idx, request);
+        if (code != 0) {
+            ss_perror(sci_idx, code, request);
+            exit_status++;
+        }
     } else
-            retval = ss_listen(sci_idx);
+        retval = ss_listen(sci_idx);
     return quit() ? 1 : exit_status;
 }
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
index c03e88d12..636127184 100644
--- a/src/kadmin/dbutil/dump.c
+++ b/src/kadmin/dbutil/dump.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/dbutil/dump.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Dump a KDC database
  */
@@ -40,240 +41,240 @@
 #include "kdb5_util.h"
 #if defined(HAVE_REGEX_H) && defined(HAVE_REGCOMP)
 #include <regex.h>
-#endif	/* HAVE_REGEX_H */
+#endif  /* HAVE_REGEX_H */
 
 /*
  * Needed for master key conversion.
  */
-static int			mkey_convert;
-krb5_keyblock			new_master_keyblock;
+static int                      mkey_convert;
+krb5_keyblock                   new_master_keyblock;
 krb5_kvno                       new_mkvno;
 
-static int	backwards;
-static int	recursive;
+static int      backwards;
+static int      recursive;
 
 /*
  * Use compile(3) if no regcomp present.
  */
-#if	!defined(HAVE_REGCOMP) && defined(HAVE_REGEXP_H)
-#define	INIT		char *sp = instring;
-#define	GETC()		(*sp++)
-#define	PEEKC()		(*sp)
-#define	UNGETC(c)	(--sp)
-#define	RETURN(c)	return(c)
-#define	ERROR(c)	
-#define	RE_BUF_SIZE	1024
+#if     !defined(HAVE_REGCOMP) && defined(HAVE_REGEXP_H)
+#define INIT            char *sp = instring;
+#define GETC()          (*sp++)
+#define PEEKC()         (*sp)
+#define UNGETC(c)       (--sp)
+#define RETURN(c)       return(c)
+#define ERROR(c)
+#define RE_BUF_SIZE     1024
 #include <regexp.h>
-#endif	/* !HAVE_REGCOMP && HAVE_REGEXP_H */
+#endif  /* !HAVE_REGCOMP && HAVE_REGEXP_H */
 
-#define FLAG_VERBOSE	0x1	/* be verbose */
-#define FLAG_UPDATE	0x2	/* processing an update */
-#define FLAG_OMIT_NRA	0x4	/* avoid dumping non-replicated attrs */
+#define FLAG_VERBOSE    0x1     /* be verbose */
+#define FLAG_UPDATE     0x2     /* processing an update */
+#define FLAG_OMIT_NRA   0x4     /* avoid dumping non-replicated attrs */
 
 struct dump_args {
-    char		*programname;
-    FILE		*ofile;
-    krb5_context	kcontext;
-    char		**names;
-    int			nnames;
-    int			flags;
+    char                *programname;
+    FILE                *ofile;
+    krb5_context        kcontext;
+    char                **names;
+    int                 nnames;
+    int                 flags;
 };
 
 static krb5_error_code dump_k5beta_iterator (krb5_pointer,
-					     krb5_db_entry *);
+                                             krb5_db_entry *);
 static krb5_error_code dump_k5beta6_iterator (krb5_pointer,
-					      krb5_db_entry *);
+                                              krb5_db_entry *);
 static krb5_error_code dump_k5beta6_iterator_ext (krb5_pointer,
-						  krb5_db_entry *,
-						  int);
+                                                  krb5_db_entry *,
+                                                  int);
 static krb5_error_code dump_k5beta7_princ (krb5_pointer,
-					   krb5_db_entry *);
+                                           krb5_db_entry *);
 static krb5_error_code dump_k5beta7_princ_ext (krb5_pointer,
-					       krb5_db_entry *,
-					       int);
+                                               krb5_db_entry *,
+                                               int);
 static krb5_error_code dump_k5beta7_princ_withpolicy
-			(krb5_pointer, krb5_db_entry *);
+(krb5_pointer, krb5_db_entry *);
 static krb5_error_code dump_ov_princ (krb5_pointer,
-				      krb5_db_entry *);
+                                      krb5_db_entry *);
 static void dump_k5beta7_policy (void *, osa_policy_ent_t);
 static void dump_r1_8_policy (void *, osa_policy_ent_t);
 
 typedef krb5_error_code (*dump_func)(krb5_pointer,
-				     krb5_db_entry *);
+                                     krb5_db_entry *);
 
 static int process_k5beta_record (char *, krb5_context,
-				  FILE *, int, int *);
+                                  FILE *, int, int *);
 static int process_k5beta6_record (char *, krb5_context,
-				   FILE *, int, int *);
+                                   FILE *, int, int *);
 static int process_k5beta7_record (char *, krb5_context,
-				   FILE *, int, int *);
+                                   FILE *, int, int *);
 static int process_r1_8_record (char *, krb5_context,
-				   FILE *, int, int *);
+                                FILE *, int, int *);
 static int process_ov_record (char *, krb5_context,
-			      FILE *, int, int *);
+                              FILE *, int, int *);
 typedef krb5_error_code (*load_func)(char *, krb5_context,
-				     FILE *, int, int *);
+                                     FILE *, int, int *);
 
 typedef struct _dump_version {
-     char *name;
-     char *header;
-     int updateonly;
-     int create_kadm5;
-     dump_func dump_princ;
-     osa_adb_iter_policy_func dump_policy;
-     load_func load_record;
+    char *name;
+    char *header;
+    int updateonly;
+    int create_kadm5;
+    dump_func dump_princ;
+    osa_adb_iter_policy_func dump_policy;
+    load_func load_record;
 } dump_version;
 
 dump_version old_version = {
-     "Kerberos version 5 old format",
-     "kdb5_edit load_dump version 2.0\n",
-     0,
-     1,
-     dump_k5beta_iterator,
-     NULL,
-     process_k5beta_record,
+    "Kerberos version 5 old format",
+    "kdb5_edit load_dump version 2.0\n",
+    0,
+    1,
+    dump_k5beta_iterator,
+    NULL,
+    process_k5beta_record,
 };
 dump_version beta6_version = {
-     "Kerberos version 5 beta 6 format",
-     "kdb5_edit load_dump version 3.0\n",
-     0,
-     1,
-     dump_k5beta6_iterator,
-     NULL,
-     process_k5beta6_record,
+    "Kerberos version 5 beta 6 format",
+    "kdb5_edit load_dump version 3.0\n",
+    0,
+    1,
+    dump_k5beta6_iterator,
+    NULL,
+    process_k5beta6_record,
 };
 dump_version beta7_version = {
-     "Kerberos version 5",
-     "kdb5_util load_dump version 4\n",
-     0,
-     0,
-     dump_k5beta7_princ,
-     dump_k5beta7_policy,
-     process_k5beta7_record,
+    "Kerberos version 5",
+    "kdb5_util load_dump version 4\n",
+    0,
+    0,
+    dump_k5beta7_princ,
+    dump_k5beta7_policy,
+    process_k5beta7_record,
 };
 dump_version iprop_version = {
-     "Kerberos iprop version",
-     "iprop",
-     0,
-     0,
-     dump_k5beta7_princ_withpolicy,
-     dump_k5beta7_policy,
-     process_k5beta7_record,
+    "Kerberos iprop version",
+    "iprop",
+    0,
+    0,
+    dump_k5beta7_princ_withpolicy,
+    dump_k5beta7_policy,
+    process_k5beta7_record,
 };
 dump_version ov_version = {
-     "OpenV*Secure V1.0",
-     "OpenV*Secure V1.0\t",
-     1,
-     1,
-     dump_ov_princ,
-     dump_k5beta7_policy,
-     process_ov_record
+    "OpenV*Secure V1.0",
+    "OpenV*Secure V1.0\t",
+    1,
+    1,
+    dump_ov_princ,
+    dump_k5beta7_policy,
+    process_ov_record
 };
 
 dump_version r1_3_version = {
-     "Kerberos version 5 release 1.3",
-     "kdb5_util load_dump version 5\n",
-     0,
-     0,
-     dump_k5beta7_princ_withpolicy,
-     dump_k5beta7_policy,
-     process_k5beta7_record,
+    "Kerberos version 5 release 1.3",
+    "kdb5_util load_dump version 5\n",
+    0,
+    0,
+    dump_k5beta7_princ_withpolicy,
+    dump_k5beta7_policy,
+    process_k5beta7_record,
 };
 dump_version r1_8_version = {
-     "Kerberos version 5 release 1.8",
-     "kdb5_util load_dump version 6\n",
-     0,
-     0,
-     dump_k5beta7_princ_withpolicy,
-     dump_r1_8_policy,
-     process_r1_8_record,
+    "Kerberos version 5 release 1.8",
+    "kdb5_util load_dump version 6\n",
+    0,
+    0,
+    dump_k5beta7_princ_withpolicy,
+    dump_r1_8_policy,
+    process_r1_8_record,
 };
 dump_version ipropx_1_version = {
-     "Kerberos iprop extensible version",
-     "ipropx",
-     0,
-     0,
-     dump_k5beta7_princ_withpolicy,
-     dump_r1_8_policy,
-     process_r1_8_record,
+    "Kerberos iprop extensible version",
+    "ipropx",
+    0,
+    0,
+    dump_k5beta7_princ_withpolicy,
+    dump_r1_8_policy,
+    process_r1_8_record,
 };
 
 /* External data */
-extern char		*current_dbname;
-extern krb5_boolean	dbactive;
-extern int		exit_status;
-extern krb5_context	util_context;
+extern char             *current_dbname;
+extern krb5_boolean     dbactive;
+extern int              exit_status;
+extern krb5_context     util_context;
 extern kadm5_config_params global_params;
 extern krb5_db_entry      master_entry;
 
 /* Strings */
 
-#define k5beta_dump_header	"kdb5_edit load_dump version 2.0\n"
+#define k5beta_dump_header      "kdb5_edit load_dump version 2.0\n"
 
 static const char null_mprinc_name[] = "kdb5_dump@MISSING";
 
 /* Message strings */
-#define regex_err		"%s: regular expression error - %s\n"
-#define regex_merr		"%s: regular expression match error - %s\n"
-#define pname_unp_err		"%s: cannot unparse principal name (%s)\n"
-#define mname_unp_err		"%s: cannot unparse modifier name (%s)\n"
-#define nokeys_err		"%s: cannot find any standard key for %s\n"
-#define sdump_tl_inc_err	"%s: tagged data list inconsistency for %s (counted %d, stored %d)\n"
-#define stand_fmt_name		"Kerberos version 5"
-#define old_fmt_name		"Kerberos version 5 old format"
-#define b6_fmt_name		"Kerberos version 5 beta 6 format"
-#define r1_3_fmt_name		"Kerberos version 5 release 1.3 format"
-#define ofopen_error		"%s: cannot open %s for writing (%s)\n"
-#define oflock_error		"%s: cannot lock %s (%s)\n"
-#define dumprec_err		"%s: error performing %s dump (%s)\n"
-#define dumphdr_err		"%s: error dumping %s header (%s)\n"
-#define trash_end_fmt		"%s(%d): ignoring trash at end of line: "
-#define read_name_string	"name string"
-#define read_key_type		"key type"
-#define read_key_data		"key data"
-#define read_pr_data1		"first set of principal attributes"
-#define read_mod_name		"modifier name"
-#define read_pr_data2		"second set of principal attributes"
-#define read_salt_data		"salt data"
-#define read_akey_type		"alternate key type"
-#define read_akey_data		"alternate key data"
-#define read_asalt_type		"alternate salt type"
-#define read_asalt_data		"alternate salt data"
-#define read_exp_data		"expansion data"
-#define store_err_fmt		"%s(%d): cannot store %s(%s)\n"
-#define add_princ_fmt		"%s\n"
-#define parse_err_fmt		"%s(%d): cannot parse %s (%s)\n"
-#define read_err_fmt		"%s(%d): cannot read %s\n"
-#define no_mem_fmt		"%s(%d): no memory for buffers\n"
-#define rhead_err_fmt		"%s(%d): cannot match size tokens\n"
-#define err_line_fmt		"%s: error processing line %d of %s\n"
-#define head_bad_fmt		"%s: dump header bad in %s\n"
-#define read_bytecnt		"record byte count"
-#define read_encdata		"encoded data"
-#define n_name_unp_fmt		"%s(%s): cannot unparse name\n"
-#define n_dec_cont_fmt		"%s(%s): cannot decode contents\n"
-#define read_nint_data		"principal static attributes"
-#define read_tcontents		"tagged data contents"
-#define read_ttypelen		"tagged data type and length"
-#define read_kcontents		"key data contents"
-#define read_ktypelen		"key data type and length"
-#define read_econtents		"extra data contents"
-#define k5beta_fmt_name		"Kerberos version 5 old format"
-#define standard_fmt_name	"Kerberos version 5 format"
-#define no_name_mem_fmt		"%s: cannot get memory for temporary name\n"
-#define ctx_err_fmt		"%s: cannot initialize Kerberos context\n"
-#define stdin_name		"standard input"
-#define remaster_err_fmt	"while re-encoding keys for principal %s with new master key"
-#define restfail_fmt		"%s: %s restore failed\n"
-#define close_err_fmt		"%s: cannot close database (%s)\n"
-#define dbinit_err_fmt		"%s: cannot initialize database (%s)\n"
-#define dblock_err_fmt		"%s: cannot initialize database lock (%s)\n"
-#define dbname_err_fmt		"%s: cannot set database name to %s (%s)\n"
-#define dbdelerr_fmt		"%s: cannot delete bad database %s (%s)\n"
-#define dbunlockerr_fmt		"%s: cannot unlock database %s (%s)\n"
-#define dbrenerr_fmt		"%s: cannot rename database %s to %s (%s)\n"
-#define dbcreaterr_fmt		"%s: cannot create database %s (%s)\n"
-#define dfile_err_fmt		"%s: cannot open %s (%s)\n"
+#define regex_err               "%s: regular expression error - %s\n"
+#define regex_merr              "%s: regular expression match error - %s\n"
+#define pname_unp_err           "%s: cannot unparse principal name (%s)\n"
+#define mname_unp_err           "%s: cannot unparse modifier name (%s)\n"
+#define nokeys_err              "%s: cannot find any standard key for %s\n"
+#define sdump_tl_inc_err        "%s: tagged data list inconsistency for %s (counted %d, stored %d)\n"
+#define stand_fmt_name          "Kerberos version 5"
+#define old_fmt_name            "Kerberos version 5 old format"
+#define b6_fmt_name             "Kerberos version 5 beta 6 format"
+#define r1_3_fmt_name           "Kerberos version 5 release 1.3 format"
+#define ofopen_error            "%s: cannot open %s for writing (%s)\n"
+#define oflock_error            "%s: cannot lock %s (%s)\n"
+#define dumprec_err             "%s: error performing %s dump (%s)\n"
+#define dumphdr_err             "%s: error dumping %s header (%s)\n"
+#define trash_end_fmt           "%s(%d): ignoring trash at end of line: "
+#define read_name_string        "name string"
+#define read_key_type           "key type"
+#define read_key_data           "key data"
+#define read_pr_data1           "first set of principal attributes"
+#define read_mod_name           "modifier name"
+#define read_pr_data2           "second set of principal attributes"
+#define read_salt_data          "salt data"
+#define read_akey_type          "alternate key type"
+#define read_akey_data          "alternate key data"
+#define read_asalt_type         "alternate salt type"
+#define read_asalt_data         "alternate salt data"
+#define read_exp_data           "expansion data"
+#define store_err_fmt           "%s(%d): cannot store %s(%s)\n"
+#define add_princ_fmt           "%s\n"
+#define parse_err_fmt           "%s(%d): cannot parse %s (%s)\n"
+#define read_err_fmt            "%s(%d): cannot read %s\n"
+#define no_mem_fmt              "%s(%d): no memory for buffers\n"
+#define rhead_err_fmt           "%s(%d): cannot match size tokens\n"
+#define err_line_fmt            "%s: error processing line %d of %s\n"
+#define head_bad_fmt            "%s: dump header bad in %s\n"
+#define read_bytecnt            "record byte count"
+#define read_encdata            "encoded data"
+#define n_name_unp_fmt          "%s(%s): cannot unparse name\n"
+#define n_dec_cont_fmt          "%s(%s): cannot decode contents\n"
+#define read_nint_data          "principal static attributes"
+#define read_tcontents          "tagged data contents"
+#define read_ttypelen           "tagged data type and length"
+#define read_kcontents          "key data contents"
+#define read_ktypelen           "key data type and length"
+#define read_econtents          "extra data contents"
+#define k5beta_fmt_name         "Kerberos version 5 old format"
+#define standard_fmt_name       "Kerberos version 5 format"
+#define no_name_mem_fmt         "%s: cannot get memory for temporary name\n"
+#define ctx_err_fmt             "%s: cannot initialize Kerberos context\n"
+#define stdin_name              "standard input"
+#define remaster_err_fmt        "while re-encoding keys for principal %s with new master key"
+#define restfail_fmt            "%s: %s restore failed\n"
+#define close_err_fmt           "%s: cannot close database (%s)\n"
+#define dbinit_err_fmt          "%s: cannot initialize database (%s)\n"
+#define dblock_err_fmt          "%s: cannot initialize database lock (%s)\n"
+#define dbname_err_fmt          "%s: cannot set database name to %s (%s)\n"
+#define dbdelerr_fmt            "%s: cannot delete bad database %s (%s)\n"
+#define dbunlockerr_fmt         "%s: cannot unlock database %s (%s)\n"
+#define dbrenerr_fmt            "%s: cannot rename database %s to %s (%s)\n"
+#define dbcreaterr_fmt          "%s: cannot create database %s (%s)\n"
+#define dfile_err_fmt           "%s: cannot open %s (%s)\n"
 
 static const char oldoption[] = "-old";
 static const char b6option[] = "-b6";
@@ -290,15 +291,15 @@ static const char dump_tmptrail[] = "~";
  * Re-encrypt the key_data with the new master key...
  */
 krb5_error_code master_key_convert(context, db_entry)
-    krb5_context	  context;
-    krb5_db_entry	* db_entry;
+    krb5_context          context;
+    krb5_db_entry       * db_entry;
 {
-    krb5_error_code	retval;
-    krb5_keyblock 	v5plainkey, *key_ptr;
-    krb5_keysalt 	keysalt;
-    int	      i, j;
-    krb5_key_data	new_key_data, *key_data;
-    krb5_boolean	is_mkey;
+    krb5_error_code     retval;
+    krb5_keyblock       v5plainkey, *key_ptr;
+    krb5_keysalt        keysalt;
+    int       i, j;
+    krb5_key_data       new_key_data, *key_data;
+    krb5_boolean        is_mkey;
     krb5_kvno           kvno;
 
     is_mkey = krb5_principal_compare(context, master_princ, db_entry->princ);
@@ -321,7 +322,7 @@ krb5_error_code master_key_convert(context, db_entry)
                                                  key_data, &v5plainkey,
                                                  &keysalt);
             if (retval)
-                    return retval;
+                return retval;
 
             memset(&new_key_data, 0, sizeof(new_key_data));
 
@@ -333,7 +334,7 @@ krb5_error_code master_key_convert(context, db_entry)
                                                  (int) kvno,
                                                  &new_key_data);
             if (retval)
-                    return retval;
+                return retval;
             krb5_free_keyblock_contents(context, &v5plainkey);
             for (j = 0; j < key_data->key_data_ver; j++) {
                 if (key_data->key_data_length[j]) {
@@ -342,10 +343,10 @@ krb5_error_code master_key_convert(context, db_entry)
             }
             *key_data = new_key_data;
         }
-	assert(new_mkvno > 0);
+        assert(new_mkvno > 0);
         retval = krb5_dbe_update_mkvno(context, db_entry, new_mkvno);
         if (retval)
-                return retval;
+            return retval;
     }
     return 0;
 }
@@ -354,173 +355,173 @@ krb5_error_code master_key_convert(context, db_entry)
  * Update the "ok" file.
  */
 void update_ok_file (file_name)
-     char *file_name;
+    char *file_name;
 {
-	/* handle slave locking/failure stuff */
-	char *file_ok;
-	int fd;
-	static char ok[]=".dump_ok";
-
-	if (asprintf(&file_ok, "%s%s", file_name, ok) < 0) {
-		com_err(progname, ENOMEM,
-			"while allocating filename for update_ok_file");
-		exit_status++;
-		return;
-	}
-	if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
-		com_err(progname, errno, "while creating 'ok' file, '%s'",
-			file_ok);
-		exit_status++;
-		free(file_ok);
-		return;
-	}
-	if (write(fd, "", 1) != 1) {
-	    com_err(progname, errno, "while writing to 'ok' file, '%s'",
-		    file_ok);
-	     exit_status++;
-	     free(file_ok);
-	     return;
-	}
-
-	free(file_ok);
-	close(fd);
-	return;
+    /* handle slave locking/failure stuff */
+    char *file_ok;
+    int fd;
+    static char ok[]=".dump_ok";
+
+    if (asprintf(&file_ok, "%s%s", file_name, ok) < 0) {
+        com_err(progname, ENOMEM,
+                "while allocating filename for update_ok_file");
+        exit_status++;
+        return;
+    }
+    if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
+        com_err(progname, errno, "while creating 'ok' file, '%s'",
+                file_ok);
+        exit_status++;
+        free(file_ok);
+        return;
+    }
+    if (write(fd, "", 1) != 1) {
+        com_err(progname, errno, "while writing to 'ok' file, '%s'",
+                file_ok);
+        exit_status++;
+        free(file_ok);
+        return;
+    }
+
+    free(file_ok);
+    close(fd);
+    return;
 }
 
 /*
- * name_matches()	- See if a principal name matches a regular expression
- *			  or string.
+ * name_matches()       - See if a principal name matches a regular expression
+ *                        or string.
  */
 static int
 name_matches(name, arglist)
-    char		*name;
-    struct dump_args	*arglist;
+    char                *name;
+    struct dump_args    *arglist;
 {
-#if	HAVE_REGCOMP
-    regex_t	match_exp;
-    regmatch_t	match_match;
-    int		match_error;
-    char	match_errmsg[BUFSIZ];
-    size_t	errmsg_size;
-#elif	HAVE_REGEXP_H
-    char	regexp_buffer[RE_BUF_SIZE];
-#elif	HAVE_RE_COMP
-    extern char	*re_comp();
-    char	*re_result;
-#endif	/* HAVE_RE_COMP */
-    int		i, match;
+#if     HAVE_REGCOMP
+    regex_t     match_exp;
+    regmatch_t  match_match;
+    int         match_error;
+    char        match_errmsg[BUFSIZ];
+    size_t      errmsg_size;
+#elif   HAVE_REGEXP_H
+    char        regexp_buffer[RE_BUF_SIZE];
+#elif   HAVE_RE_COMP
+    extern char *re_comp();
+    char        *re_result;
+#endif  /* HAVE_RE_COMP */
+    int         i, match;
 
     /*
      * Plow, brute force, through the list of names/regular expressions.
      */
     match = (arglist->nnames) ? 0 : 1;
     for (i=0; i<arglist->nnames; i++) {
-#if	HAVE_REGCOMP
-	/*
-	 * Compile the regular expression.
-	 */
-	match_error = regcomp(&match_exp, arglist->names[i], REG_EXTENDED);
-	if (match_error) {
-	    errmsg_size = regerror(match_error,
-				   &match_exp,
-				   match_errmsg,
-				   sizeof(match_errmsg));
-	    fprintf(stderr, regex_err, arglist->programname, match_errmsg);
-	    break;
-	}
-	/*
-	 * See if we have a match.
-	 */
-	match_error = regexec(&match_exp, name, 1, &match_match, 0);
-	if (match_error) {
-	    if (match_error != REG_NOMATCH) {
-		errmsg_size = regerror(match_error,
-				       &match_exp,
-				       match_errmsg,
-				       sizeof(match_errmsg));
-		fprintf(stderr, regex_merr,
-			arglist->programname, match_errmsg);
-		break;
-	    }
-	}
-	else {
-	    /*
-	     * We have a match.  See if it matches the whole
-	     * name.
-	     */
-	    if ((match_match.rm_so == 0) &&
-		(match_match.rm_eo == strlen(name)))
-		match = 1;
-	}
-	regfree(&match_exp);
-#elif	HAVE_REGEXP_H
-	/*
-	 * Compile the regular expression.
-	 */
-	compile(arglist->names[i],
-		regexp_buffer, 
-		&regexp_buffer[RE_BUF_SIZE],
-		'\0');
-	if (step(name, regexp_buffer)) {
-	    if ((loc1 == name) &&
-		(loc2 == &name[strlen(name)]))
-		match = 1;
-	}
-#elif	HAVE_RE_COMP
-	/*
-	 * Compile the regular expression.
-	 */
-	if (re_result = re_comp(arglist->names[i])) {
-	    fprintf(stderr, regex_err, arglist->programname, re_result);
-	    break;
-	}
-	if (re_exec(name))
-	    match = 1;
-#else	/* HAVE_RE_COMP */
-	/*
-	 * If no regular expression support, then just compare the strings.
-	 */
-	if (!strcmp(arglist->names[i], name))
-	    match = 1;
-#endif	/* HAVE_REGCOMP */
-	if (match)
-	    break;
+#if     HAVE_REGCOMP
+        /*
+         * Compile the regular expression.
+         */
+        match_error = regcomp(&match_exp, arglist->names[i], REG_EXTENDED);
+        if (match_error) {
+            errmsg_size = regerror(match_error,
+                                   &match_exp,
+                                   match_errmsg,
+                                   sizeof(match_errmsg));
+            fprintf(stderr, regex_err, arglist->programname, match_errmsg);
+            break;
+        }
+        /*
+         * See if we have a match.
+         */
+        match_error = regexec(&match_exp, name, 1, &match_match, 0);
+        if (match_error) {
+            if (match_error != REG_NOMATCH) {
+                errmsg_size = regerror(match_error,
+                                       &match_exp,
+                                       match_errmsg,
+                                       sizeof(match_errmsg));
+                fprintf(stderr, regex_merr,
+                        arglist->programname, match_errmsg);
+                break;
+            }
+        }
+        else {
+            /*
+             * We have a match.  See if it matches the whole
+             * name.
+             */
+            if ((match_match.rm_so == 0) &&
+                (match_match.rm_eo == strlen(name)))
+                match = 1;
+        }
+        regfree(&match_exp);
+#elif   HAVE_REGEXP_H
+        /*
+         * Compile the regular expression.
+         */
+        compile(arglist->names[i],
+                regexp_buffer,
+                &regexp_buffer[RE_BUF_SIZE],
+                '\0');
+        if (step(name, regexp_buffer)) {
+            if ((loc1 == name) &&
+                (loc2 == &name[strlen(name)]))
+                match = 1;
+        }
+#elif   HAVE_RE_COMP
+        /*
+         * Compile the regular expression.
+         */
+        if (re_result = re_comp(arglist->names[i])) {
+            fprintf(stderr, regex_err, arglist->programname, re_result);
+            break;
+        }
+        if (re_exec(name))
+            match = 1;
+#else   /* HAVE_RE_COMP */
+        /*
+         * If no regular expression support, then just compare the strings.
+         */
+        if (!strcmp(arglist->names[i], name))
+            match = 1;
+#endif  /* HAVE_REGCOMP */
+        if (match)
+            break;
     }
     return(match);
 }
 
 static krb5_error_code
 find_enctype(dbentp, enctype, salttype, kentp)
-    krb5_db_entry	*dbentp;
-    krb5_enctype	enctype;
-    krb5_int32		salttype;
-    krb5_key_data	**kentp;
+    krb5_db_entry       *dbentp;
+    krb5_enctype        enctype;
+    krb5_int32          salttype;
+    krb5_key_data       **kentp;
 {
-    int			i;
-    int			maxkvno;
-    krb5_key_data	*datap;
+    int                 i;
+    int                 maxkvno;
+    krb5_key_data       *datap;
 
     maxkvno = -1;
     datap = (krb5_key_data *) NULL;
     for (i=0; i<dbentp->n_key_data; i++) {
-	if (( (krb5_enctype)dbentp->key_data[i].key_data_type[0] == enctype) &&
-	    ((dbentp->key_data[i].key_data_type[1] == salttype) ||
-	     (salttype < 0))) {
-	    maxkvno = dbentp->key_data[i].key_data_kvno;
-	    datap = &dbentp->key_data[i];
-	}
+        if (( (krb5_enctype)dbentp->key_data[i].key_data_type[0] == enctype) &&
+            ((dbentp->key_data[i].key_data_type[1] == salttype) ||
+             (salttype < 0))) {
+            maxkvno = dbentp->key_data[i].key_data_kvno;
+            datap = &dbentp->key_data[i];
+        }
     }
     if (maxkvno >= 0) {
-	*kentp = datap;
-	return(0);
+        *kentp = datap;
+        return(0);
     }
-    return(ENOENT);    
+    return(ENOENT);
 }
 
 #if 0
 /*
- * dump_k5beta_header()	- Make a dump header that is recognizable by Kerberos
- *			  Version 5 Beta 5 and previous releases.
+ * dump_k5beta_header() - Make a dump header that is recognizable by Kerberos
+ *                        Version 5 Beta 5 and previous releases.
  */
 static krb5_error_code
 dump_k5beta_header(arglist)
@@ -533,22 +534,22 @@ dump_k5beta_header(arglist)
 #endif
 
 /*
- * dump_k5beta_iterator()	- Dump an entry in a format that is usable
- *				  by Kerberos Version 5 Beta 5 and previous
- *				  releases.
+ * dump_k5beta_iterator()       - Dump an entry in a format that is usable
+ *                                by Kerberos Version 5 Beta 5 and previous
+ *                                releases.
  */
 static krb5_error_code
 dump_k5beta_iterator(ptr, entry)
-    krb5_pointer	ptr;
-    krb5_db_entry	*entry;
+    krb5_pointer        ptr;
+    krb5_db_entry       *entry;
 {
-    krb5_error_code	retval;
-    struct dump_args	*arg;
-    char		*name, *mod_name;
-    krb5_principal	mod_princ;
-    krb5_key_data	*pkey, *akey, nullkey;
-    krb5_timestamp	mod_date, last_pwd_change;
-    int			i;
+    krb5_error_code     retval;
+    struct dump_args    *arg;
+    char                *name, *mod_name;
+    krb5_principal      mod_princ;
+    krb5_key_data       *pkey, *akey, nullkey;
+    krb5_timestamp      mod_date, last_pwd_change;
+    int                 i;
 
     /* Initialize */
     arg = (struct dump_args *) ptr;
@@ -560,177 +561,177 @@ dump_k5beta_iterator(ptr, entry)
      * Flatten the principal name.
      */
     if ((retval = krb5_unparse_name(arg->kcontext,
-				    entry->princ,
-				    &name))) {
-	fprintf(stderr, pname_unp_err, 
-		arg->programname, error_message(retval));
-	return(retval);
+                                    entry->princ,
+                                    &name))) {
+        fprintf(stderr, pname_unp_err,
+                arg->programname, error_message(retval));
+        return(retval);
     }
 
     /*
      * Re-encode the keys in the new master key, if necessary.
      */
     if (mkey_convert) {
-	retval = master_key_convert(arg->kcontext, entry);
-	if (retval) {
-	    com_err(arg->programname, retval, remaster_err_fmt, name);
-	    return retval;
-	}
+        retval = master_key_convert(arg->kcontext, entry);
+        if (retval) {
+            com_err(arg->programname, retval, remaster_err_fmt, name);
+            return retval;
+        }
     }
-    
+
     /*
      * If we don't have any match strings, or if our name matches, then
      * proceed with the dump, otherwise, just forget about it.
      */
     if (!arg->nnames || name_matches(name, arg)) {
-	/*
-	 * Deserialize the modifier record.
-	 */
-	mod_name = (char *) NULL;
-	mod_princ = NULL;
-	last_pwd_change = mod_date = 0;
-	pkey = akey = (krb5_key_data *) NULL;
-	if (!(retval = krb5_dbe_lookup_mod_princ_data(arg->kcontext,
-						      entry,
-						      &mod_date,
-						      &mod_princ))) {
-	    if (mod_princ) {
-		/*
-		 * Flatten the modifier name.
-		 */
-		if ((retval = krb5_unparse_name(arg->kcontext,
-						mod_princ,
-						&mod_name)))
-		    fprintf(stderr, mname_unp_err, arg->programname,
-			    error_message(retval));
-		krb5_free_principal(arg->kcontext, mod_princ);
-	    }
-	}
-	if (!mod_name)
-	    mod_name = strdup(null_mprinc_name);
-
-	/*
-	 * Find the last password change record and set it straight.
-	 */
-	if ((retval =
-	     krb5_dbe_lookup_last_pwd_change(arg->kcontext, entry,
-					     &last_pwd_change))) {
-	    fprintf(stderr, nokeys_err, arg->programname, name);
-	    free(mod_name);
-	    free(name);
-	    return(retval);
-	}
-
-	/*
-	 * Find the 'primary' key and the 'alternate' key.
-	 */
-	if ((retval = find_enctype(entry,
-				   ENCTYPE_DES_CBC_CRC,
-				   KRB5_KDB_SALTTYPE_NORMAL,
-				   &pkey)) &&
-	    (retval = find_enctype(entry,
-				   ENCTYPE_DES_CBC_CRC,
-				   KRB5_KDB_SALTTYPE_V4,
-				   &akey))) {
-	    fprintf(stderr, nokeys_err, arg->programname, name);
-	    free(mod_name);
-	    free(name);
-	    return(retval);
-	}
-
-	/* If we only have one type, then ship it out as the primary. */
-	if (!pkey && akey) {
-	    pkey = akey;
-	    akey = &nullkey;
-	}
-	else {
-	    if (!akey)
-		akey = &nullkey;
-	}
-
-	/*
-	 * First put out strings representing the length of the variable
-	 * length data in this record, then the name and the primary key type.
-	 */
-	fprintf(arg->ofile, "%lu\t%lu\t%d\t%d\t%d\t%d\t%s\t%d\t",
-		(unsigned long) strlen(name),
-		(unsigned long) strlen(mod_name),
-		(krb5_int32) pkey->key_data_length[0],
-		(krb5_int32) akey->key_data_length[0],
-		(krb5_int32) pkey->key_data_length[1],
-		(krb5_int32) akey->key_data_length[1],
-		name,
-		(krb5_int32) pkey->key_data_type[0]);
-	for (i=0; i<pkey->key_data_length[0]; i++) {
-	    fprintf(arg->ofile, "%02x", pkey->key_data_contents[0][i]);
-	}
-	/*
-	 * Second, print out strings representing the standard integer
-	 * data in this record.
-	 */
-	fprintf(arg->ofile,
-		"\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%s\t%u\t%u\t%u\t",
-		(krb5_int32) pkey->key_data_kvno,
-		entry->max_life, entry->max_renewable_life,
-		1 /* Fake mkvno */, entry->expiration, entry->pw_expiration,
-		last_pwd_change,
-		(arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_success,
-		(arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_failed,
-		(arg->flags & FLAG_OMIT_NRA) ? 0 : entry->fail_auth_count,
-		mod_name, mod_date,
-		entry->attributes, pkey->key_data_type[1]);
-
-	/* Pound out the salt data, if present. */
-	for (i=0; i<pkey->key_data_length[1]; i++) {
-	    fprintf(arg->ofile, "%02x", pkey->key_data_contents[1][i]);
-	}
-	/* Pound out the alternate key type and contents */
-	fprintf(arg->ofile, "\t%u\t", akey->key_data_type[0]);
-	for (i=0; i<akey->key_data_length[0]; i++) {
-	    fprintf(arg->ofile, "%02x", akey->key_data_contents[0][i]);
-	}
-	/* Pound out the alternate salt type and contents */
-	fprintf(arg->ofile, "\t%u\t", akey->key_data_type[1]);
-	for (i=0; i<akey->key_data_length[1]; i++) {
-	    fprintf(arg->ofile, "%02x", akey->key_data_contents[1][i]);
-	}
-	/* Pound out the expansion data. (is null) */
-	for (i=0; i < 8; i++) {
-	    fprintf(arg->ofile, "\t%u", 0);
-	}
-	fprintf(arg->ofile, ";\n");
-	/* If we're blabbing, do it */
-	if (arg->flags & FLAG_VERBOSE)
-	    fprintf(stderr, "%s\n", name);
-	free(mod_name);
+        /*
+         * Deserialize the modifier record.
+         */
+        mod_name = (char *) NULL;
+        mod_princ = NULL;
+        last_pwd_change = mod_date = 0;
+        pkey = akey = (krb5_key_data *) NULL;
+        if (!(retval = krb5_dbe_lookup_mod_princ_data(arg->kcontext,
+                                                      entry,
+                                                      &mod_date,
+                                                      &mod_princ))) {
+            if (mod_princ) {
+                /*
+                 * Flatten the modifier name.
+                 */
+                if ((retval = krb5_unparse_name(arg->kcontext,
+                                                mod_princ,
+                                                &mod_name)))
+                    fprintf(stderr, mname_unp_err, arg->programname,
+                            error_message(retval));
+                krb5_free_principal(arg->kcontext, mod_princ);
+            }
+        }
+        if (!mod_name)
+            mod_name = strdup(null_mprinc_name);
+
+        /*
+         * Find the last password change record and set it straight.
+         */
+        if ((retval =
+             krb5_dbe_lookup_last_pwd_change(arg->kcontext, entry,
+                                             &last_pwd_change))) {
+            fprintf(stderr, nokeys_err, arg->programname, name);
+            free(mod_name);
+            free(name);
+            return(retval);
+        }
+
+        /*
+         * Find the 'primary' key and the 'alternate' key.
+         */
+        if ((retval = find_enctype(entry,
+                                   ENCTYPE_DES_CBC_CRC,
+                                   KRB5_KDB_SALTTYPE_NORMAL,
+                                   &pkey)) &&
+            (retval = find_enctype(entry,
+                                   ENCTYPE_DES_CBC_CRC,
+                                   KRB5_KDB_SALTTYPE_V4,
+                                   &akey))) {
+            fprintf(stderr, nokeys_err, arg->programname, name);
+            free(mod_name);
+            free(name);
+            return(retval);
+        }
+
+        /* If we only have one type, then ship it out as the primary. */
+        if (!pkey && akey) {
+            pkey = akey;
+            akey = &nullkey;
+        }
+        else {
+            if (!akey)
+                akey = &nullkey;
+        }
+
+        /*
+         * First put out strings representing the length of the variable
+         * length data in this record, then the name and the primary key type.
+         */
+        fprintf(arg->ofile, "%lu\t%lu\t%d\t%d\t%d\t%d\t%s\t%d\t",
+                (unsigned long) strlen(name),
+                (unsigned long) strlen(mod_name),
+                (krb5_int32) pkey->key_data_length[0],
+                (krb5_int32) akey->key_data_length[0],
+                (krb5_int32) pkey->key_data_length[1],
+                (krb5_int32) akey->key_data_length[1],
+                name,
+                (krb5_int32) pkey->key_data_type[0]);
+        for (i=0; i<pkey->key_data_length[0]; i++) {
+            fprintf(arg->ofile, "%02x", pkey->key_data_contents[0][i]);
+        }
+        /*
+         * Second, print out strings representing the standard integer
+         * data in this record.
+         */
+        fprintf(arg->ofile,
+                "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%s\t%u\t%u\t%u\t",
+                (krb5_int32) pkey->key_data_kvno,
+                entry->max_life, entry->max_renewable_life,
+                1 /* Fake mkvno */, entry->expiration, entry->pw_expiration,
+                last_pwd_change,
+                (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_success,
+                (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_failed,
+                (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->fail_auth_count,
+                mod_name, mod_date,
+                entry->attributes, pkey->key_data_type[1]);
+
+        /* Pound out the salt data, if present. */
+        for (i=0; i<pkey->key_data_length[1]; i++) {
+            fprintf(arg->ofile, "%02x", pkey->key_data_contents[1][i]);
+        }
+        /* Pound out the alternate key type and contents */
+        fprintf(arg->ofile, "\t%u\t", akey->key_data_type[0]);
+        for (i=0; i<akey->key_data_length[0]; i++) {
+            fprintf(arg->ofile, "%02x", akey->key_data_contents[0][i]);
+        }
+        /* Pound out the alternate salt type and contents */
+        fprintf(arg->ofile, "\t%u\t", akey->key_data_type[1]);
+        for (i=0; i<akey->key_data_length[1]; i++) {
+            fprintf(arg->ofile, "%02x", akey->key_data_contents[1][i]);
+        }
+        /* Pound out the expansion data. (is null) */
+        for (i=0; i < 8; i++) {
+            fprintf(arg->ofile, "\t%u", 0);
+        }
+        fprintf(arg->ofile, ";\n");
+        /* If we're blabbing, do it */
+        if (arg->flags & FLAG_VERBOSE)
+            fprintf(stderr, "%s\n", name);
+        free(mod_name);
     }
     free(name);
     return(0);
 }
 
 /*
- * dump_k5beta6_iterator()	- Output a dump record in krb5b6 format.
+ * dump_k5beta6_iterator()      - Output a dump record in krb5b6 format.
  */
 static krb5_error_code
 dump_k5beta6_iterator(ptr, entry)
-    krb5_pointer	ptr;
-    krb5_db_entry	*entry;
+    krb5_pointer        ptr;
+    krb5_db_entry       *entry;
 {
     return dump_k5beta6_iterator_ext(ptr, entry, 0);
 }
 
 static krb5_error_code
 dump_k5beta6_iterator_ext(ptr, entry, kadm)
-    krb5_pointer	ptr;
-    krb5_db_entry	*entry;
-    int			kadm;
+    krb5_pointer        ptr;
+    krb5_db_entry       *entry;
+    int                 kadm;
 {
-    krb5_error_code	retval;
-    struct dump_args	*arg;
-    char		*name;
-    krb5_tl_data	*tlp;
-    krb5_key_data	*kdata;
-    int			counter, skip, i, j;
+    krb5_error_code     retval;
+    struct dump_args    *arg;
+    char                *name;
+    krb5_tl_data        *tlp;
+    krb5_key_data       *kdata;
+    int                 counter, skip, i, j;
 
     /* Initialize */
     arg = (struct dump_args *) ptr;
@@ -740,274 +741,274 @@ dump_k5beta6_iterator_ext(ptr, entry, kadm)
      * Flatten the principal name.
      */
     if ((retval = krb5_unparse_name(arg->kcontext,
-				    entry->princ,
-				    &name))) {
-	fprintf(stderr, pname_unp_err, 
-		arg->programname, error_message(retval));
-	return(retval);
+                                    entry->princ,
+                                    &name))) {
+        fprintf(stderr, pname_unp_err,
+                arg->programname, error_message(retval));
+        return(retval);
     }
 
     /*
      * Re-encode the keys in the new master key, if necessary.
      */
     if (mkey_convert) {
-	retval = master_key_convert(arg->kcontext, entry);
-	if (retval) {
-	    com_err(arg->programname, retval, remaster_err_fmt, name);
-	    return retval;
-	}
+        retval = master_key_convert(arg->kcontext, entry);
+        if (retval) {
+            com_err(arg->programname, retval, remaster_err_fmt, name);
+            return retval;
+        }
     }
-    
+
     /*
      * If we don't have any match strings, or if our name matches, then
      * proceed with the dump, otherwise, just forget about it.
      */
     if (!arg->nnames || name_matches(name, arg)) {
-	/*
-	 * We'd like to just blast out the contents as they would appear in
-	 * the database so that we can just suck it back in, but it doesn't
-	 * lend itself to easy editing.
-	 */
-
-	/*
-	 * The dump format is as follows:
-	 *	len strlen(name) n_tl_data n_key_data e_length
-	 *	name
-	 *	attributes max_life max_renewable_life expiration
-	 *	pw_expiration last_success last_failed fail_auth_count
-	 *	n_tl_data*[type length <contents>]
-	 *	n_key_data*[ver kvno ver*(type length <contents>)]
-	 *	<e_data>
-	 * Fields which are not encapsulated by angle-brackets are to appear
-	 * verbatim.  A bracketed field's absence is indicated by a -1 in its
-	 * place
-	 */
-
-	/*
-	 * Make sure that the tagged list is reasonably correct.
-	 */
-	counter = skip = 0;
-	for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) {
-	     /*
-	      * don't dump tl data types we know aren't understood by
-	      * earlier revisions [krb5-admin/89]
-	      */
-	     switch (tlp->tl_data_type) {
-	     case KRB5_TL_KADM_DATA:
-		  if (kadm)
-		      counter++;
-		  else
-		      skip++;
-		  break;
-	     default:
-		  counter++;
-		  break;
-	     }
-	}
-	
-	if (counter + skip == entry->n_tl_data) {
-	    /* Pound out header */
-	    fprintf(arg->ofile, "%d\t%lu\t%d\t%d\t%d\t%s\t",
-		    (int) entry->len,
-		    (unsigned long) strlen(name),
-		    counter,
-		    (int) entry->n_key_data,
-		    (int) entry->e_length,
-		    name);
-	    fprintf(arg->ofile, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t",
-		    entry->attributes,
-		    entry->max_life,
-		    entry->max_renewable_life,
-		    entry->expiration,
-		    entry->pw_expiration,
-		    (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_success,
-		    (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_failed,
-		    (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->fail_auth_count);
-	    /* Pound out tagged data. */
-	    for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) {
-		if (tlp->tl_data_type == KRB5_TL_KADM_DATA && !kadm)
-		     continue; /* see above, [krb5-admin/89] */
-
-		fprintf(arg->ofile, "%d\t%d\t",
-			(int) tlp->tl_data_type,
-			(int) tlp->tl_data_length);
-		if (tlp->tl_data_length)
-		    for (i=0; i<tlp->tl_data_length; i++)
-			fprintf(arg->ofile, "%02x", tlp->tl_data_contents[i]);
-		else
-		    fprintf(arg->ofile, "%d", -1);
-		fprintf(arg->ofile, "\t");
-	    }
-
-	    /* Pound out key data */
-	    for (counter=0; counter<entry->n_key_data; counter++) {
-		kdata = &entry->key_data[counter];
-		fprintf(arg->ofile, "%d\t%d\t",
-			(int) kdata->key_data_ver,
-			(int) kdata->key_data_kvno);
-		for (i=0; i<kdata->key_data_ver; i++) {
-		    fprintf(arg->ofile, "%d\t%d\t",
-			    kdata->key_data_type[i],
-			    kdata->key_data_length[i]);
-		    if (kdata->key_data_length[i])
-			for (j=0; j<kdata->key_data_length[i]; j++)
-			    fprintf(arg->ofile, "%02x",
-				    kdata->key_data_contents[i][j]);
-		    else
-			fprintf(arg->ofile, "%d", -1);
-		    fprintf(arg->ofile, "\t");
-		}
-	    }
-
-	    /* Pound out extra data */
-	    if (entry->e_length)
-		for (i=0; i<entry->e_length; i++)
-		    fprintf(arg->ofile, "%02x", entry->e_data[i]);
-	    else
-		fprintf(arg->ofile, "%d", -1);
-
-	    /* Print trailer */
-	    fprintf(arg->ofile, ";\n");
-
-	    if (arg->flags & FLAG_VERBOSE)
-		fprintf(stderr, "%s\n", name);
-	}
-	else {
-	    fprintf(stderr, sdump_tl_inc_err,
-		    arg->programname, name, counter+skip,
-		    (int) entry->n_tl_data); 
-	    retval = EINVAL;
-	}
+        /*
+         * We'd like to just blast out the contents as they would appear in
+         * the database so that we can just suck it back in, but it doesn't
+         * lend itself to easy editing.
+         */
+
+        /*
+         * The dump format is as follows:
+         *      len strlen(name) n_tl_data n_key_data e_length
+         *      name
+         *      attributes max_life max_renewable_life expiration
+         *      pw_expiration last_success last_failed fail_auth_count
+         *      n_tl_data*[type length <contents>]
+         *      n_key_data*[ver kvno ver*(type length <contents>)]
+         *      <e_data>
+         * Fields which are not encapsulated by angle-brackets are to appear
+         * verbatim.  A bracketed field's absence is indicated by a -1 in its
+         * place
+         */
+
+        /*
+         * Make sure that the tagged list is reasonably correct.
+         */
+        counter = skip = 0;
+        for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) {
+            /*
+             * don't dump tl data types we know aren't understood by
+             * earlier revisions [krb5-admin/89]
+             */
+            switch (tlp->tl_data_type) {
+            case KRB5_TL_KADM_DATA:
+                if (kadm)
+                    counter++;
+                else
+                    skip++;
+                break;
+            default:
+                counter++;
+                break;
+            }
+        }
+
+        if (counter + skip == entry->n_tl_data) {
+            /* Pound out header */
+            fprintf(arg->ofile, "%d\t%lu\t%d\t%d\t%d\t%s\t",
+                    (int) entry->len,
+                    (unsigned long) strlen(name),
+                    counter,
+                    (int) entry->n_key_data,
+                    (int) entry->e_length,
+                    name);
+            fprintf(arg->ofile, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t",
+                    entry->attributes,
+                    entry->max_life,
+                    entry->max_renewable_life,
+                    entry->expiration,
+                    entry->pw_expiration,
+                    (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_success,
+                    (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->last_failed,
+                    (arg->flags & FLAG_OMIT_NRA) ? 0 : entry->fail_auth_count);
+            /* Pound out tagged data. */
+            for (tlp = entry->tl_data; tlp; tlp = tlp->tl_data_next) {
+                if (tlp->tl_data_type == KRB5_TL_KADM_DATA && !kadm)
+                    continue; /* see above, [krb5-admin/89] */
+
+                fprintf(arg->ofile, "%d\t%d\t",
+                        (int) tlp->tl_data_type,
+                        (int) tlp->tl_data_length);
+                if (tlp->tl_data_length)
+                    for (i=0; i<tlp->tl_data_length; i++)
+                        fprintf(arg->ofile, "%02x", tlp->tl_data_contents[i]);
+                else
+                    fprintf(arg->ofile, "%d", -1);
+                fprintf(arg->ofile, "\t");
+            }
+
+            /* Pound out key data */
+            for (counter=0; counter<entry->n_key_data; counter++) {
+                kdata = &entry->key_data[counter];
+                fprintf(arg->ofile, "%d\t%d\t",
+                        (int) kdata->key_data_ver,
+                        (int) kdata->key_data_kvno);
+                for (i=0; i<kdata->key_data_ver; i++) {
+                    fprintf(arg->ofile, "%d\t%d\t",
+                            kdata->key_data_type[i],
+                            kdata->key_data_length[i]);
+                    if (kdata->key_data_length[i])
+                        for (j=0; j<kdata->key_data_length[i]; j++)
+                            fprintf(arg->ofile, "%02x",
+                                    kdata->key_data_contents[i][j]);
+                    else
+                        fprintf(arg->ofile, "%d", -1);
+                    fprintf(arg->ofile, "\t");
+                }
+            }
+
+            /* Pound out extra data */
+            if (entry->e_length)
+                for (i=0; i<entry->e_length; i++)
+                    fprintf(arg->ofile, "%02x", entry->e_data[i]);
+            else
+                fprintf(arg->ofile, "%d", -1);
+
+            /* Print trailer */
+            fprintf(arg->ofile, ";\n");
+
+            if (arg->flags & FLAG_VERBOSE)
+                fprintf(stderr, "%s\n", name);
+        }
+        else {
+            fprintf(stderr, sdump_tl_inc_err,
+                    arg->programname, name, counter+skip,
+                    (int) entry->n_tl_data);
+            retval = EINVAL;
+        }
     }
     free(name);
     return(retval);
 }
 
 /*
- * dump_k5beta7_iterator()	- Output a dump record in krb5b7 format.
+ * dump_k5beta7_iterator()      - Output a dump record in krb5b7 format.
  */
 static krb5_error_code
 dump_k5beta7_princ(ptr, entry)
-    krb5_pointer	ptr;
-    krb5_db_entry	*entry;
+    krb5_pointer        ptr;
+    krb5_db_entry       *entry;
 {
     return dump_k5beta7_princ_ext(ptr, entry, 0);
 }
 
 static krb5_error_code
 dump_k5beta7_princ_ext(ptr, entry, kadm)
-    krb5_pointer	ptr;
-    krb5_db_entry	*entry;
-    int			kadm;
+    krb5_pointer        ptr;
+    krb5_db_entry       *entry;
+    int                 kadm;
 {
-     krb5_error_code retval;
-     struct dump_args *arg;
-     char *name;
-     int tmp_nnames;
-
-     /* Initialize */
-     arg = (struct dump_args *) ptr;
-     name = (char *) NULL;
-
-     /*
-      * Flatten the principal name.
-      */
-     if ((retval = krb5_unparse_name(arg->kcontext,
-				     entry->princ,
-				     &name))) {
-	  fprintf(stderr, pname_unp_err, 
-		  arg->programname, error_message(retval));
-	  return(retval);
-     }
-     /*
-      * If we don't have any match strings, or if our name matches, then
-      * proceed with the dump, otherwise, just forget about it.
-      */
-     if (!arg->nnames || name_matches(name, arg)) {
-	  fprintf(arg->ofile, "princ\t");
-	  
-	  /* save the callee from matching the name again */
-	  tmp_nnames = arg->nnames;
-	  arg->nnames = 0;
-	  retval = dump_k5beta6_iterator_ext(ptr, entry, kadm);
-	  arg->nnames = tmp_nnames;
-     }
-
-     free(name);
-     return retval;
+    krb5_error_code retval;
+    struct dump_args *arg;
+    char *name;
+    int tmp_nnames;
+
+    /* Initialize */
+    arg = (struct dump_args *) ptr;
+    name = (char *) NULL;
+
+    /*
+     * Flatten the principal name.
+     */
+    if ((retval = krb5_unparse_name(arg->kcontext,
+                                    entry->princ,
+                                    &name))) {
+        fprintf(stderr, pname_unp_err,
+                arg->programname, error_message(retval));
+        return(retval);
+    }
+    /*
+     * If we don't have any match strings, or if our name matches, then
+     * proceed with the dump, otherwise, just forget about it.
+     */
+    if (!arg->nnames || name_matches(name, arg)) {
+        fprintf(arg->ofile, "princ\t");
+
+        /* save the callee from matching the name again */
+        tmp_nnames = arg->nnames;
+        arg->nnames = 0;
+        retval = dump_k5beta6_iterator_ext(ptr, entry, kadm);
+        arg->nnames = tmp_nnames;
+    }
+
+    free(name);
+    return retval;
 }
 
 static krb5_error_code
 dump_k5beta7_princ_withpolicy(ptr, entry)
-    krb5_pointer	ptr;
-    krb5_db_entry	*entry;
+    krb5_pointer        ptr;
+    krb5_db_entry       *entry;
 {
     return dump_k5beta7_princ_ext(ptr, entry, 1);
 }
 
 void dump_k5beta7_policy(void *data, osa_policy_ent_t entry)
 {
-     struct dump_args *arg;
+    struct dump_args *arg;
 
-     arg = (struct dump_args *) data;
-     fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\n", entry->name,
-	     entry->pw_min_life, entry->pw_max_life, entry->pw_min_length,
-	     entry->pw_min_classes, entry->pw_history_num,
-	     entry->policy_refcnt);
+    arg = (struct dump_args *) data;
+    fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\n", entry->name,
+            entry->pw_min_life, entry->pw_max_life, entry->pw_min_length,
+            entry->pw_min_classes, entry->pw_history_num,
+            entry->policy_refcnt);
 }
 
 void dump_r1_8_policy(void *data, osa_policy_ent_t entry)
 {
-     struct dump_args *arg;
-
-     arg = (struct dump_args *) data;
-     fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\n",
-	     entry->name,
-	     entry->pw_min_life, entry->pw_max_life, entry->pw_min_length,
-	     entry->pw_min_classes, entry->pw_history_num,
-	     entry->policy_refcnt, entry->pw_max_fail,
-	     entry->pw_failcnt_interval, entry->pw_lockout_duration);
+    struct dump_args *arg;
+
+    arg = (struct dump_args *) data;
+    fprintf(arg->ofile, "policy\t%s\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\n",
+            entry->name,
+            entry->pw_min_life, entry->pw_max_life, entry->pw_min_length,
+            entry->pw_min_classes, entry->pw_history_num,
+            entry->policy_refcnt, entry->pw_max_fail,
+            entry->pw_failcnt_interval, entry->pw_lockout_duration);
 }
 
 static void print_key_data(FILE *f, krb5_key_data *key_data)
 {
-     int c;
-     
-     fprintf(f, "%d\t%d\t", key_data->key_data_type[0],
-	     key_data->key_data_length[0]);
-     for(c = 0; c < key_data->key_data_length[0]; c++) 
-	  fprintf(f, "%02x ",
-		  key_data->key_data_contents[0][c]);
+    int c;
+
+    fprintf(f, "%d\t%d\t", key_data->key_data_type[0],
+            key_data->key_data_length[0]);
+    for(c = 0; c < key_data->key_data_length[0]; c++)
+        fprintf(f, "%02x ",
+                key_data->key_data_contents[0][c]);
 }
 
 /*
  * Function: print_princ
- * 
+ *
  * Purpose: output osa_adb_princ_ent data in a human
- *	    readable format (which is a format suitable for
- *	    ovsec_adm_import consumption)
+ *          readable format (which is a format suitable for
+ *          ovsec_adm_import consumption)
  *
  * Arguments:
- *	data		(input) pointer to a structure containing a FILE *
- *			        and a record counter.
- *	entry		(input) entry to get dumped.
- * 	<return value>	void
+ *      data            (input) pointer to a structure containing a FILE *
+ *                              and a record counter.
+ *      entry           (input) entry to get dumped.
+ *      <return value>  void
  *
  * Requires:
- *	nuttin
- * 
+ *      nuttin
+ *
  * Effects:
- *	writes data to the specified file pointerp.
+ *      writes data to the specified file pointerp.
  *
  * Modifies:
- *	nuttin
- * 
+ *      nuttin
+ *
  */
 static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb)
 {
     char *princstr;
     unsigned int x;
-    int	y, foundcrc;
+    int y, foundcrc;
     struct dump_args *arg;
     krb5_tl_data tl_data;
     osa_princ_ent_rec adb;
@@ -1026,49 +1027,49 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb)
      */
     tl_data.tl_data_type = KRB5_TL_KADM_DATA;
     if (krb5_dbe_lookup_tl_data(arg->kcontext, kdb, &tl_data)
-	|| (tl_data.tl_data_length == 0))
-	 return 0;
+        || (tl_data.tl_data_length == 0))
+        return 0;
 
     memset(&adb, 0, sizeof(adb));
     xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents,
-		  tl_data.tl_data_length, XDR_DECODE);
+                  tl_data.tl_data_length, XDR_DECODE);
     if (! xdr_osa_princ_ent_rec(&xdrs, &adb)) {
-	 xdr_destroy(&xdrs);
-	 return(KADM5_XDR_FAILURE);
+        xdr_destroy(&xdrs);
+        return(KADM5_XDR_FAILURE);
     }
     xdr_destroy(&xdrs);
-    
+
     krb5_unparse_name(arg->kcontext, kdb->princ, &princstr);
     fprintf(arg->ofile, "princ\t%s\t", princstr);
     if(adb.policy == NULL)
-	fputc('\t', arg->ofile);
+        fputc('\t', arg->ofile);
     else
-	fprintf(arg->ofile, "%s\t", adb.policy);
+        fprintf(arg->ofile, "%s\t", adb.policy);
     fprintf(arg->ofile, "%lx\t%d\t%d\t%d", adb.aux_attributes,
-	    adb.old_key_len,adb.old_key_next, adb.admin_history_kvno);
+            adb.old_key_len,adb.old_key_next, adb.admin_history_kvno);
 
     for (x = 0; x < adb.old_key_len; x++) {
-	 foundcrc = 0;
-	 for (y = 0; y < adb.old_keys[x].n_key_data; y++) {
-	      krb5_key_data *key_data = &adb.old_keys[x].key_data[y];
-
-	      if (key_data->key_data_type[0] != ENCTYPE_DES_CBC_CRC)
-		   continue;
-	      if (foundcrc) {
-		   fprintf(stderr, "Warning!  Multiple DES-CBC-CRC keys "
-			   "for principal %s; skipping duplicates.\n",
-			   princstr);
-		   continue;
-	      }
-	      foundcrc++;
-
-	      fputc('\t', arg->ofile);
-	      print_key_data(arg->ofile, key_data);
-	 }
-	 if (!foundcrc)
-	      fprintf(stderr, "Warning!  No DES-CBC-CRC key for principal "
-		      "%s, cannot generate OV-compatible record; skipping\n",
-		      princstr);
+        foundcrc = 0;
+        for (y = 0; y < adb.old_keys[x].n_key_data; y++) {
+            krb5_key_data *key_data = &adb.old_keys[x].key_data[y];
+
+            if (key_data->key_data_type[0] != ENCTYPE_DES_CBC_CRC)
+                continue;
+            if (foundcrc) {
+                fprintf(stderr, "Warning!  Multiple DES-CBC-CRC keys "
+                        "for principal %s; skipping duplicates.\n",
+                        princstr);
+                continue;
+            }
+            foundcrc++;
+
+            fputc('\t', arg->ofile);
+            print_key_data(arg->ofile, key_data);
+        }
+        if (!foundcrc)
+            fprintf(stderr, "Warning!  No DES-CBC-CRC key for principal "
+                    "%s, cannot generate OV-compatible record; skipping\n",
+                    princstr);
     }
 
     fputc('\n', arg->ofile);
@@ -1078,27 +1079,27 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb)
 
 /*
  * usage is:
- *	dump_db [-old] [-b6] [-b7] [-ov] [-r13] [-verbose] [-mkey_convert]
- *		[-new_mkey_file mkey_file] [-rev] [-recurse]
- *		[filename [principals...]]
+ *      dump_db [-old] [-b6] [-b7] [-ov] [-r13] [-verbose] [-mkey_convert]
+ *              [-new_mkey_file mkey_file] [-rev] [-recurse]
+ *              [filename [principals...]]
  */
 void
 dump_db(argc, argv)
-    int		argc;
-    char	**argv;
+    int         argc;
+    char        **argv;
 {
-    FILE		*f;
-    struct dump_args	arglist;
-    char		*ofile;
-    krb5_error_code	kret, retval;
-    dump_version	*dump;
-    int			aindex;
-    krb5_boolean	locked;
-    char		*new_mkey_file = 0;
-    bool_t		dump_sno = FALSE;
-    kdb_log_context	*log_ctx;
-    char		**db_args = 0; /* XXX */
-    unsigned int	ipropx_version = IPROPX_VERSION_0;
+    FILE                *f;
+    struct dump_args    arglist;
+    char                *ofile;
+    krb5_error_code     kret, retval;
+    dump_version        *dump;
+    int                 aindex;
+    krb5_boolean        locked;
+    char                *new_mkey_file = 0;
+    bool_t              dump_sno = FALSE;
+    kdb_log_context     *log_ctx;
+    char                **db_args = 0; /* XXX */
+    unsigned int        ipropx_version = IPROPX_VERSION_0;
 
     /*
      * Parse the arguments.
@@ -1116,62 +1117,62 @@ dump_db(argc, argv)
      * Parse the qualifiers.
      */
     for (aindex = 1; aindex < argc; aindex++) {
-	if (!strcmp(argv[aindex], oldoption))
-	     dump = &old_version;
-	else if (!strcmp(argv[aindex], b6option))
-	     dump = &beta6_version;
-	else if (!strcmp(argv[aindex], b7option))
-	     dump = &beta7_version;
-	else if (!strcmp(argv[aindex], ovoption))
-	     dump = &ov_version;
-	else if (!strcmp(argv[aindex], r13option))
-	     dump = &r1_3_version;
-	else if (!strncmp(argv[aindex], ipropoption, sizeof(ipropoption) - 1)) {
-	    if (log_ctx && log_ctx->iproprole) {
-		/* Note: ipropx_version is the maximum version acceptable */
-		ipropx_version = atoi(argv[aindex] + sizeof(ipropoption) - 1);
-		dump = ipropx_version ? &ipropx_1_version : &iprop_version;
-		/*
-		 * dump_sno is used to indicate if the serial
-		 * # should be populated in the output
-		 * file to be used later by iprop for updating
-		 * the slave's update log when loading
-		 */
-		dump_sno = TRUE;
-		/*
-		 * FLAG_OMIT_NRA is set to indicate that non-replicated
-		 * attributes should be omitted.
-		 */
-		arglist.flags |= FLAG_OMIT_NRA;
-	    } else {
-		fprintf(stderr, _("Iprop not enabled\n"));
-		exit_status++;
-		return;
-	    }
-	} else if (!strcmp(argv[aindex], verboseoption))
-	    arglist.flags |= FLAG_VERBOSE;
-	else if (!strcmp(argv[aindex], "-mkey_convert"))
-	    mkey_convert = 1;
-	else if (!strcmp(argv[aindex], "-new_mkey_file")) {
-	    new_mkey_file = argv[++aindex];
-	    mkey_convert = 1;
+        if (!strcmp(argv[aindex], oldoption))
+            dump = &old_version;
+        else if (!strcmp(argv[aindex], b6option))
+            dump = &beta6_version;
+        else if (!strcmp(argv[aindex], b7option))
+            dump = &beta7_version;
+        else if (!strcmp(argv[aindex], ovoption))
+            dump = &ov_version;
+        else if (!strcmp(argv[aindex], r13option))
+            dump = &r1_3_version;
+        else if (!strncmp(argv[aindex], ipropoption, sizeof(ipropoption) - 1)) {
+            if (log_ctx && log_ctx->iproprole) {
+                /* Note: ipropx_version is the maximum version acceptable */
+                ipropx_version = atoi(argv[aindex] + sizeof(ipropoption) - 1);
+                dump = ipropx_version ? &ipropx_1_version : &iprop_version;
+                /*
+                 * dump_sno is used to indicate if the serial
+                 * # should be populated in the output
+                 * file to be used later by iprop for updating
+                 * the slave's update log when loading
+                 */
+                dump_sno = TRUE;
+                /*
+                 * FLAG_OMIT_NRA is set to indicate that non-replicated
+                 * attributes should be omitted.
+                 */
+                arglist.flags |= FLAG_OMIT_NRA;
+            } else {
+                fprintf(stderr, _("Iprop not enabled\n"));
+                exit_status++;
+                return;
+            }
+        } else if (!strcmp(argv[aindex], verboseoption))
+            arglist.flags |= FLAG_VERBOSE;
+        else if (!strcmp(argv[aindex], "-mkey_convert"))
+            mkey_convert = 1;
+        else if (!strcmp(argv[aindex], "-new_mkey_file")) {
+            new_mkey_file = argv[++aindex];
+            mkey_convert = 1;
         } else if (!strcmp(argv[aindex], "-rev"))
-	    backwards = 1;
-	else if (!strcmp(argv[aindex], "-recurse"))
-	    recursive = 1;
-	else
-	    break;
+            backwards = 1;
+        else if (!strcmp(argv[aindex], "-recurse"))
+            recursive = 1;
+        else
+            break;
     }
 
     arglist.names = (char **) NULL;
     arglist.nnames = 0;
     if (aindex < argc) {
-	ofile = argv[aindex];
-	aindex++;
-	if (aindex < argc) {
-	    arglist.names = &argv[aindex];
-	    arglist.nnames = argc - aindex;
-	}
+        ofile = argv[aindex];
+        aindex++;
+        if (aindex < argc) {
+            arglist.names = &argv[aindex];
+            arglist.nnames = argc - aindex;
+        }
     }
 
     /*
@@ -1179,183 +1180,183 @@ dump_db(argc, argv)
      * to be opened if we try a dump that uses it.
      */
     if (!dbactive) {
-	com_err(progname, 0, Err_no_database);
-	exit_status++;
-	return;
+        com_err(progname, 0, Err_no_database);
+        exit_status++;
+        return;
     }
 
     /*
      * If we're doing a master key conversion, set up for it.
      */
     if (mkey_convert) {
-	    if (!valid_master_key) {
-		    /* TRUE here means read the keyboard, but only once */
-		    retval = krb5_db_fetch_mkey(util_context,
-						master_princ,
-						master_keyblock.enctype,
-						TRUE, FALSE,
-						(char *) NULL,
-						NULL, NULL,
-						&master_keyblock);
-		    if (retval) {
-			    com_err(progname, retval,
-				    "while reading master key");
-			    exit(1);
-		    }
-		    retval = krb5_db_verify_master_key(util_context,
-						       master_princ,
-						       IGNORE_VNO,
-						       &master_keyblock);
-		    if (retval) {
-			    com_err(progname, retval,
-				    "while verifying master key");
-			    exit(1);
-		    }
-	    }
-	    new_master_keyblock.enctype = global_params.enctype;
-	    if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN)
-		    new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
-
-	    if (new_mkey_file) {
-		    krb5_kvno kt_kvno;
-
-		    if (global_params.mask & KADM5_CONFIG_KVNO)
-			    kt_kvno = global_params.kvno;
-		    else
-			    kt_kvno = IGNORE_VNO;
-
-		    if ((retval = krb5_db_fetch_mkey(util_context, master_princ, 
-						     new_master_keyblock.enctype,
-						     FALSE, 
-						     FALSE, 
-						     new_mkey_file,
-						     &kt_kvno,
-						     NULL,
-						     &new_master_keyblock))) { 
-			    com_err(progname, retval, "while reading new master key");
-			    exit(1);
-		    }
-	    } else {
-		    printf("Please enter new master key....\n");
-		    if ((retval = krb5_db_fetch_mkey(util_context, master_princ, 
-						     new_master_keyblock.enctype,
-						     TRUE,
-						     TRUE, 
-						     NULL, NULL, NULL,
-						     &new_master_keyblock))) { 
-			    com_err(progname, retval, "while reading new master key");
-			    exit(1);
-		    }
-	    }
-            /*
-             * get new master key vno that will be used to protect princs, used
-             * later on.
-             */
-            new_mkvno = get_next_kvno(util_context, &master_entry);
+        if (!valid_master_key) {
+            /* TRUE here means read the keyboard, but only once */
+            retval = krb5_db_fetch_mkey(util_context,
+                                        master_princ,
+                                        master_keyblock.enctype,
+                                        TRUE, FALSE,
+                                        (char *) NULL,
+                                        NULL, NULL,
+                                        &master_keyblock);
+            if (retval) {
+                com_err(progname, retval,
+                        "while reading master key");
+                exit(1);
+            }
+            retval = krb5_db_verify_master_key(util_context,
+                                               master_princ,
+                                               IGNORE_VNO,
+                                               &master_keyblock);
+            if (retval) {
+                com_err(progname, retval,
+                        "while verifying master key");
+                exit(1);
+            }
+        }
+        new_master_keyblock.enctype = global_params.enctype;
+        if (new_master_keyblock.enctype == ENCTYPE_UNKNOWN)
+            new_master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+
+        if (new_mkey_file) {
+            krb5_kvno kt_kvno;
+
+            if (global_params.mask & KADM5_CONFIG_KVNO)
+                kt_kvno = global_params.kvno;
+            else
+                kt_kvno = IGNORE_VNO;
+
+            if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
+                                             new_master_keyblock.enctype,
+                                             FALSE,
+                                             FALSE,
+                                             new_mkey_file,
+                                             &kt_kvno,
+                                             NULL,
+                                             &new_master_keyblock))) {
+                com_err(progname, retval, "while reading new master key");
+                exit(1);
+            }
+        } else {
+            printf("Please enter new master key....\n");
+            if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
+                                             new_master_keyblock.enctype,
+                                             TRUE,
+                                             TRUE,
+                                             NULL, NULL, NULL,
+                                             &new_master_keyblock))) {
+                com_err(progname, retval, "while reading new master key");
+                exit(1);
+            }
+        }
+        /*
+         * get new master key vno that will be used to protect princs, used
+         * later on.
+         */
+        new_mkvno = get_next_kvno(util_context, &master_entry);
     }
 
     kret = 0;
     locked = 0;
     if (ofile && strcmp(ofile, "-")) {
-	/*
-	 * Discourage accidental dumping to filenames beginning with '-'.
-	 */
-	if (ofile[0] == '-')
-	    usage();
-	/*
-	 * Make sure that we don't open and truncate on the fopen,
-	 * since that may hose an on-going kprop process.
-	 * 
-	 * We could also control this by opening for read and
-	 * write, doing an flock with LOCK_EX, and then
-	 * truncating the file once we have gotten the lock,
-	 * but that would involve more OS dependencies than I
-	 * want to get into.
-	 */
-	unlink(ofile);
-	if (!(f = fopen(ofile, "w"))) {
-	    fprintf(stderr, ofopen_error,
-		    progname, ofile, error_message(errno));
-	    exit_status++;
-	    return;
-       }
-	if ((kret = krb5_lock_file(util_context,
-				   fileno(f),
-				   KRB5_LOCKMODE_EXCLUSIVE))) {
-	    fprintf(stderr, oflock_error,
-		    progname, ofile, error_message(kret));
-	    exit_status++;
-	}
-	else
-	    locked = 1;
+        /*
+         * Discourage accidental dumping to filenames beginning with '-'.
+         */
+        if (ofile[0] == '-')
+            usage();
+        /*
+         * Make sure that we don't open and truncate on the fopen,
+         * since that may hose an on-going kprop process.
+         *
+         * We could also control this by opening for read and
+         * write, doing an flock with LOCK_EX, and then
+         * truncating the file once we have gotten the lock,
+         * but that would involve more OS dependencies than I
+         * want to get into.
+         */
+        unlink(ofile);
+        if (!(f = fopen(ofile, "w"))) {
+            fprintf(stderr, ofopen_error,
+                    progname, ofile, error_message(errno));
+            exit_status++;
+            return;
+        }
+        if ((kret = krb5_lock_file(util_context,
+                                   fileno(f),
+                                   KRB5_LOCKMODE_EXCLUSIVE))) {
+            fprintf(stderr, oflock_error,
+                    progname, ofile, error_message(kret));
+            exit_status++;
+        }
+        else
+            locked = 1;
     } else {
-	f = stdout;
+        f = stdout;
     }
     if (f && !(kret)) {
-	arglist.programname = progname;
-	arglist.ofile = f;
-	arglist.kcontext = util_context;
-	fprintf(arglist.ofile, "%s", dump->header);
-
-	if (dump_sno) {
-	    if (ulog_map(util_context, global_params.iprop_logfile,
-			 global_params.iprop_ulogsize, FKCOMMAND, db_args)) {
-		fprintf(stderr,
-			_("%s: Could not map log\n"), progname);
-		exit_status++;
-		goto unlock_and_return;
-	    }
-
-	    /*
-	     * We grab the lock twice (once again in the iterator call),
-	     * but that's ok since the lock func handles incr locks held.
-	     */
-	    if (krb5_db_lock(util_context, KRB5_LOCKMODE_SHARED)) {
-		fprintf(stderr,
-			_("%s: Couldn't grab lock\n"), progname);
-		exit_status++;
-		goto unlock_and_return;
-	    }
-
-	    if (ipropx_version)
-		fprintf(f, " %u", IPROPX_VERSION);
-	    fprintf(f, " %u", log_ctx->ulog->kdb_last_sno);
-	    fprintf(f, " %u", log_ctx->ulog->kdb_last_time.seconds);
-	    fprintf(f, " %u", log_ctx->ulog->kdb_last_time.useconds);
-	}
-
-	if (dump->header[strlen(dump->header)-1] != '\n')
-	     fputc('\n', arglist.ofile);
-	
-	if ((kret = krb5_db_iterate(util_context,
-				    NULL,
-				    dump->dump_princ,
-				    (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */
-	     fprintf(stderr, dumprec_err,
-		     progname, dump->name, error_message(kret));
-	     exit_status++;
-	     if (dump_sno)
-		 (void) krb5_db_unlock(util_context);
-	}
-	if (dump->dump_policy &&
-	    (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy,
-					 &arglist))) { 
-	     fprintf(stderr, dumprec_err, progname, dump->name,
-		     error_message(kret));
-	     exit_status++;
-	}
-	if (ofile && f != stdout && !exit_status) {
-	    if (locked) {
-		(void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK);
-		locked = 0;
-	    }
-	    fclose(f);
-	    update_ok_file(ofile);
-	}
+        arglist.programname = progname;
+        arglist.ofile = f;
+        arglist.kcontext = util_context;
+        fprintf(arglist.ofile, "%s", dump->header);
+
+        if (dump_sno) {
+            if (ulog_map(util_context, global_params.iprop_logfile,
+                         global_params.iprop_ulogsize, FKCOMMAND, db_args)) {
+                fprintf(stderr,
+                        _("%s: Could not map log\n"), progname);
+                exit_status++;
+                goto unlock_and_return;
+            }
+
+            /*
+             * We grab the lock twice (once again in the iterator call),
+             * but that's ok since the lock func handles incr locks held.
+             */
+            if (krb5_db_lock(util_context, KRB5_LOCKMODE_SHARED)) {
+                fprintf(stderr,
+                        _("%s: Couldn't grab lock\n"), progname);
+                exit_status++;
+                goto unlock_and_return;
+            }
+
+            if (ipropx_version)
+                fprintf(f, " %u", IPROPX_VERSION);
+            fprintf(f, " %u", log_ctx->ulog->kdb_last_sno);
+            fprintf(f, " %u", log_ctx->ulog->kdb_last_time.seconds);
+            fprintf(f, " %u", log_ctx->ulog->kdb_last_time.useconds);
+        }
+
+        if (dump->header[strlen(dump->header)-1] != '\n')
+            fputc('\n', arglist.ofile);
+
+        if ((kret = krb5_db_iterate(util_context,
+                                    NULL,
+                                    dump->dump_princ,
+                                    (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */
+            fprintf(stderr, dumprec_err,
+                    progname, dump->name, error_message(kret));
+            exit_status++;
+            if (dump_sno)
+                (void) krb5_db_unlock(util_context);
+        }
+        if (dump->dump_policy &&
+            (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy,
+                                         &arglist))) {
+            fprintf(stderr, dumprec_err, progname, dump->name,
+                    error_message(kret));
+            exit_status++;
+        }
+        if (ofile && f != stdout && !exit_status) {
+            if (locked) {
+                (void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK);
+                locked = 0;
+            }
+            fclose(f);
+            update_ok_file(ofile);
+        }
     }
 unlock_and_return:
     if (locked)
-	(void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK);
+        (void) krb5_lock_file(util_context, fileno(f), KRB5_LOCKMODE_UNLOCK);
 }
 
 /*
@@ -1363,24 +1364,24 @@ unlock_and_return:
  */
 static int
 read_string(f, buf, len, lp)
-    FILE	*f;
-    char	*buf;
-    int		len;
-    int		*lp;
+    FILE        *f;
+    char        *buf;
+    int         len;
+    int         *lp;
 {
     int c;
     int i, retval;
 
     retval = 0;
     for (i=0; i<len; i++) {
-	c = fgetc(f);
-	if (c < 0) {
-	    retval = 1;
-	    break;
-	}
-	if (c == '\n')
-	    (*lp)++;
-	buf[i] = (char) c;
+        c = fgetc(f);
+        if (c < 0) {
+            retval = 1;
+            break;
+        }
+        if (c == '\n')
+            (*lp)++;
+        buf[i] = (char) c;
     }
     buf[len] = '\0';
     return(retval);
@@ -1391,20 +1392,20 @@ read_string(f, buf, len, lp)
  */
 static int
 read_octet_string(f, buf, len)
-    FILE	*f;
-    krb5_octet	*buf;
-    int		len;
+    FILE        *f;
+    krb5_octet  *buf;
+    int         len;
 {
     int c;
     int i, retval;
 
     retval = 0;
     for (i=0; i<len; i++) {
-	if (fscanf(f, "%02x", &c) != 1) {
-	    retval = 1;
-	    break;
-	}
-	buf[i] = (krb5_octet) c;
+        if (fscanf(f, "%02x", &c) != 1) {
+            retval = 1;
+            break;
+        }
+        buf[i] = (krb5_octet) c;
     }
     return(retval);
 }
@@ -1414,35 +1415,35 @@ read_octet_string(f, buf, len)
  */
 static void
 find_record_end(f, fn, lineno)
-    FILE	*f;
-    char	*fn;
-    int		lineno;
+    FILE        *f;
+    char        *fn;
+    int         lineno;
 {
-    int	ch;
+    int ch;
 
     if (((ch = fgetc(f)) != ';') || ((ch = fgetc(f)) != '\n')) {
-	fprintf(stderr, trash_end_fmt, fn, lineno);
-	while (ch != '\n') {
-	    putc(ch, stderr);
-	    ch = fgetc(f);
-	}
-	putc(ch, stderr);
+        fprintf(stderr, trash_end_fmt, fn, lineno);
+        while (ch != '\n') {
+            putc(ch, stderr);
+            ch = fgetc(f);
+        }
+        putc(ch, stderr);
     }
 }
 
 #if 0
 /*
- * update_tl_data()	- Generate the tl_data entries.
+ * update_tl_data()     - Generate the tl_data entries.
  */
 static krb5_error_code
 update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change)
-    krb5_context	kcontext;
-    krb5_db_entry	*dbentp;
-    krb5_principal	mod_name;
-    krb5_timestamp	mod_date;
-    krb5_timestamp	last_pwd_change;
+    krb5_context        kcontext;
+    krb5_db_entry       *dbentp;
+    krb5_principal      mod_name;
+    krb5_timestamp      mod_date;
+    krb5_timestamp      last_pwd_change;
 {
-    krb5_error_code	kret;
+    krb5_error_code     kret;
 
     kret = 0 ;
 
@@ -1450,67 +1451,67 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change)
      * Handle modification principal.
      */
     if (mod_name) {
-	krb5_tl_mod_princ	mprinc;
-
-	memset(&mprinc, 0, sizeof(mprinc));
-	if (!(kret = krb5_copy_principal(kcontext,
-					 mod_name,
-					 &mprinc.mod_princ))) {
-	    mprinc.mod_date = mod_date;
-	    kret = krb5_dbe_encode_mod_princ_data(kcontext,
-						  &mprinc,
-						  dbentp);
-	}
-	if (mprinc.mod_princ)
-	    krb5_free_principal(kcontext, mprinc.mod_princ);
+        krb5_tl_mod_princ       mprinc;
+
+        memset(&mprinc, 0, sizeof(mprinc));
+        if (!(kret = krb5_copy_principal(kcontext,
+                                         mod_name,
+                                         &mprinc.mod_princ))) {
+            mprinc.mod_date = mod_date;
+            kret = krb5_dbe_encode_mod_princ_data(kcontext,
+                                                  &mprinc,
+                                                  dbentp);
+        }
+        if (mprinc.mod_princ)
+            krb5_free_principal(kcontext, mprinc.mod_princ);
     }
 
     /*
      * Handle last password change.
      */
     if (!kret) {
-	krb5_tl_data	*pwchg;
-	krb5_boolean	linked;
-
-	/* Find a previously existing entry */
-	for (pwchg = dbentp->tl_data;
-	     (pwchg) && (pwchg->tl_data_type != KRB5_TL_LAST_PWD_CHANGE);
-	     pwchg = pwchg->tl_data_next);
-
-	/* Check to see if we found one. */
-	linked = 0;
-	if (!pwchg) {
-	    /* No, allocate a new one */
-	    if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) {
-		memset(pwchg, 0, sizeof(krb5_tl_data));
-		if (!(pwchg->tl_data_contents =
-		      (krb5_octet *) malloc(sizeof(krb5_timestamp)))) {
-		    free(pwchg);
-		    pwchg = (krb5_tl_data *) NULL;
-		}
-		else {
-		    pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
-		    pwchg->tl_data_length =
-			(krb5_int16) sizeof(krb5_timestamp);
-		}
-	    }
-	}
-	else
-	    linked = 1;
-
-	/* Do we have an entry? */
-	if (pwchg && pwchg->tl_data_contents) {
-	    /* Encode it */
-	    krb5_kdb_encode_int32(last_pwd_change, pwchg->tl_data_contents);
-	    /* Link it in if necessary */
-	    if (!linked) {
-		pwchg->tl_data_next = dbentp->tl_data;
-		dbentp->tl_data = pwchg;
-		dbentp->n_tl_data++;
-	    }
-	}
-	else
-	    kret = ENOMEM;
+        krb5_tl_data    *pwchg;
+        krb5_boolean    linked;
+
+        /* Find a previously existing entry */
+        for (pwchg = dbentp->tl_data;
+             (pwchg) && (pwchg->tl_data_type != KRB5_TL_LAST_PWD_CHANGE);
+             pwchg = pwchg->tl_data_next);
+
+        /* Check to see if we found one. */
+        linked = 0;
+        if (!pwchg) {
+            /* No, allocate a new one */
+            if ((pwchg = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) {
+                memset(pwchg, 0, sizeof(krb5_tl_data));
+                if (!(pwchg->tl_data_contents =
+                      (krb5_octet *) malloc(sizeof(krb5_timestamp)))) {
+                    free(pwchg);
+                    pwchg = (krb5_tl_data *) NULL;
+                }
+                else {
+                    pwchg->tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+                    pwchg->tl_data_length =
+                        (krb5_int16) sizeof(krb5_timestamp);
+                }
+            }
+        }
+        else
+            linked = 1;
+
+        /* Do we have an entry? */
+        if (pwchg && pwchg->tl_data_contents) {
+            /* Encode it */
+            krb5_kdb_encode_int32(last_pwd_change, pwchg->tl_data_contents);
+            /* Link it in if necessary */
+            if (!linked) {
+                pwchg->tl_data_next = dbentp->tl_data;
+                dbentp->tl_data = pwchg;
+                dbentp->n_tl_data++;
+            }
+        }
+        else
+            kret = ENOMEM;
     }
 
     return(kret);
@@ -1518,33 +1519,33 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change)
 #endif
 
 /*
- * process_k5beta_record()	- Handle a dump record in old format.
+ * process_k5beta_record()      - Handle a dump record in old format.
  *
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
 process_k5beta_record(fname, kcontext, filep, flags, linenop)
-    char		*fname;
-    krb5_context	kcontext;
-    FILE		*filep;
-    int			flags;
-    int			*linenop;
+    char                *fname;
+    krb5_context        kcontext;
+    FILE                *filep;
+    int                 flags;
+    int                 *linenop;
 {
-    int			nmatched;
-    int			retval;
-    krb5_db_entry	dbent;
-    int			name_len, mod_name_len, key_len;
-    int			alt_key_len, salt_len, alt_salt_len;
-    char		*name;
-    char		*mod_name;
-    int			tmpint1, tmpint2, tmpint3;
-    int			error;
-    const char		*try2read;
-    int			i;
-    krb5_key_data	*pkey, *akey;
-    krb5_timestamp	last_pwd_change, mod_date;
-    krb5_principal	mod_princ;
-    krb5_error_code	kret;
+    int                 nmatched;
+    int                 retval;
+    krb5_db_entry       dbent;
+    int                 name_len, mod_name_len, key_len;
+    int                 alt_key_len, salt_len, alt_salt_len;
+    char                *name;
+    char                *mod_name;
+    int                 tmpint1, tmpint2, tmpint3;
+    int                 error;
+    const char          *try2read;
+    int                 i;
+    krb5_key_data       *pkey, *akey;
+    krb5_timestamp      last_pwd_change, mod_date;
+    krb5_principal      mod_princ;
+    krb5_error_code     kret;
 
     try2read = (char *) NULL;
     (*linenop)++;
@@ -1553,9 +1554,9 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
 
     /* Make sure we've got key_data entries */
     if (krb5_dbe_create_key_data(kcontext, &dbent) ||
-	krb5_dbe_create_key_data(kcontext, &dbent)) {
-	krb5_db_free_principal(kcontext, &dbent, 1);
-	return(1);
+        krb5_dbe_create_key_data(kcontext, &dbent)) {
+        krb5_db_free_principal(kcontext, &dbent, 1);
+        return(1);
     }
     pkey = &dbent.key_data[0];
     akey = &dbent.key_data[1];
@@ -1564,290 +1565,290 @@ process_k5beta_record(fname, kcontext, filep, flags, linenop)
      * Match the sizes.  6 tokens to match.
      */
     nmatched = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t",
-		      &name_len, &mod_name_len, &key_len,
-		      &alt_key_len, &salt_len, &alt_salt_len);
+                      &name_len, &mod_name_len, &key_len,
+                      &alt_key_len, &salt_len, &alt_salt_len);
     if (nmatched == 6) {
         pkey->key_data_length[0] = key_len;
-	akey->key_data_length[0] = alt_key_len;
-	pkey->key_data_length[1] = salt_len;
-	akey->key_data_length[1] = alt_salt_len;
-	name = (char *) NULL;
-	mod_name = (char *) NULL;
-	/*
-	 * Get the memory for the variable length fields.
-	 */
-	if ((name = (char *) malloc((size_t) (name_len + 1))) &&
-	    (mod_name = (char *) malloc((size_t) (mod_name_len + 1))) &&
-	    (!key_len ||
-	     (pkey->key_data_contents[0] = 
-	      (krb5_octet *) malloc((size_t) (key_len + 1)))) &&
-	    (!alt_key_len ||
-	     (akey->key_data_contents[0] = 
-	      (krb5_octet *) malloc((size_t) (alt_key_len + 1)))) &&
-	    (!salt_len ||
-	     (pkey->key_data_contents[1] = 
-	      (krb5_octet *) malloc((size_t) (salt_len + 1)))) &&
-	    (!alt_salt_len ||
-	     (akey->key_data_contents[1] = 
-	      (krb5_octet *) malloc((size_t) (alt_salt_len + 1))))
-	    ) {
-	    error = 0;
-
-	    /* Read the principal name */
-	    if (read_string(filep, name, name_len, linenop)) {
-		try2read = read_name_string;
-		error++;
-	    }
-	    /* Read the key type */
-	    if (!error && (fscanf(filep, "\t%d\t", &tmpint1) != 1)) {
-		try2read = read_key_type;
-		error++;
-	    }
-	    pkey->key_data_type[0] = tmpint1;
-	    /* Read the old format key */
-	    if (!error && read_octet_string(filep,
-					    pkey->key_data_contents[0],
-					    pkey->key_data_length[0])) {
-		try2read = read_key_data;
-		error++;
-	    }
-	    /* convert to a new format key */
-	    /* the encrypted version is stored as the unencrypted key length
-	       (4 bytes, MSB first) followed by the encrypted key. */
-	    if ((pkey->key_data_length[0] > 4)
-		&& (pkey->key_data_contents[0][0] == 0)
-		&& (pkey->key_data_contents[0][1] == 0)) {
-	      /* this really does look like an old key, so drop and swap */
-	      /* the *new* length is 2 bytes, LSB first, sigh. */
-	      size_t shortlen = pkey->key_data_length[0]-4+2;
-	      krb5_octet *shortcopy = (krb5_octet *) malloc(shortlen);
-	      krb5_octet *origdata = pkey->key_data_contents[0];
-	      shortcopy[0] = origdata[3];
-	      shortcopy[1] = origdata[2];
-	      memcpy(shortcopy+2,origdata+4,shortlen-2);
-	      free(origdata);
-	      pkey->key_data_length[0] = shortlen;
-	      pkey->key_data_contents[0] = shortcopy;
-	    }
-	      
-	    /* Read principal attributes */
-	    if (!error && (fscanf(filep,
-				  "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t",
-				  &tmpint1, &dbent.max_life,
-				  &dbent.max_renewable_life,
-				  &tmpint2, &dbent.expiration,
-				  &dbent.pw_expiration, &last_pwd_change,
-				  &dbent.last_success, &dbent.last_failed,
-				  &tmpint3) != 10)) {
-		try2read = read_pr_data1;
-		error++;
-	    }
-	    pkey->key_data_kvno = tmpint1;
-	    dbent.fail_auth_count = tmpint3;
-	    /* Read modifier name */
-	    if (!error && read_string(filep,
-				      mod_name,
-				      mod_name_len,
-				      linenop)) {
-		try2read = read_mod_name;
-		error++;
-	    }
-	    /* Read second set of attributes */
-	    if (!error && (fscanf(filep, "\t%u\t%u\t%u\t",
-				  &mod_date, &dbent.attributes,
-				  &tmpint1) != 3)) {
-		try2read = read_pr_data2;
-		error++;
-	    }
-	    pkey->key_data_type[1] = tmpint1;
-	    /* Read salt data */
-	    if (!error && read_octet_string(filep,
-					    pkey->key_data_contents[1],
-					    pkey->key_data_length[1])) {
-		try2read = read_salt_data;
-		error++;
-	    }
-	    /* Read alternate key type */
-	    if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
-		try2read = read_akey_type;
-		error++;
-	    }
-	    akey->key_data_type[0] = tmpint1;
-	    /* Read alternate key */
-	    if (!error && read_octet_string(filep,
-					    akey->key_data_contents[0],
-					    akey->key_data_length[0])) {
-		try2read = read_akey_data;
-		error++;
-	    }
-
-	    /* convert to a new format key */
-	    /* the encrypted version is stored as the unencrypted key length
-	       (4 bytes, MSB first) followed by the encrypted key. */
-	    if ((akey->key_data_length[0] > 4)
-		&& (akey->key_data_contents[0][0] == 0)
-		&& (akey->key_data_contents[0][1] == 0)) {
-	      /* this really does look like an old key, so drop and swap */
-	      /* the *new* length is 2 bytes, LSB first, sigh. */
-	      size_t shortlen = akey->key_data_length[0]-4+2;
-	      krb5_octet *shortcopy = (krb5_octet *) malloc(shortlen);
-	      krb5_octet *origdata = akey->key_data_contents[0];
-	      shortcopy[0] = origdata[3];
-	      shortcopy[1] = origdata[2];
-	      memcpy(shortcopy+2,origdata+4,shortlen-2);
-	      free(origdata);
-	      akey->key_data_length[0] = shortlen;
-	      akey->key_data_contents[0] = shortcopy;
-	    }
-	      
-	    /* Read alternate salt type */
-	    if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
-		try2read = read_asalt_type;
-		error++;
-	    }
-	    akey->key_data_type[1] = tmpint1;
-	    /* Read alternate salt data */
-	    if (!error && read_octet_string(filep,
-					    akey->key_data_contents[1],
-					    akey->key_data_length[1])) {
-		try2read = read_asalt_data;
-		error++;
-	    }
-	    /* Read expansion data - discard it */
-	    if (!error) {
-		for (i=0; i<8; i++) {
-		    if (fscanf(filep, "\t%u", &tmpint1) != 1) {
-			try2read = read_exp_data;
-			error++;
-			break;
-		    }
-		}
-		if (!error)
-		    find_record_end(filep, fname, *linenop);
-	    }
-	
-	    /*
-	     * If no error, then we're done reading.  Now parse the names
-	     * and store the database dbent.
-	     */
-	    if (!error) {
-		if (!(kret = krb5_parse_name(kcontext,
-					     name,
-					     &dbent.princ))) {
-		    if (!(kret = krb5_parse_name(kcontext,
-						 mod_name,
-						 &mod_princ))) {
-			if (!(kret =
-			      krb5_dbe_update_mod_princ_data(kcontext,
-							     &dbent,
-							     mod_date,
-							     mod_princ)) &&
-			    !(kret =
-			      krb5_dbe_update_last_pwd_change(kcontext,
-							      &dbent,
-							      last_pwd_change))) {
-			    int one = 1;
-
-			    dbent.len = KRB5_KDB_V1_BASE_LENGTH;
-			    pkey->key_data_ver = (pkey->key_data_type[1] || pkey->key_data_length[1]) ?
-				2 : 1;
-			    akey->key_data_ver = (akey->key_data_type[1] || akey->key_data_length[1]) ?
-				2 : 1;
-			    if ((pkey->key_data_type[0] ==
-				 akey->key_data_type[0]) &&
-				(pkey->key_data_type[1] ==
-				 akey->key_data_type[1]))
-				dbent.n_key_data--;
-			    else if ((akey->key_data_type[0] == 0)
-				     && (akey->key_data_length[0] == 0)
-				     && (akey->key_data_type[1] == 0)
-				     && (akey->key_data_length[1] == 0))
-			        dbent.n_key_data--;
-
-			    dbent.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
-				KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_KEY_DATA |
-				KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |
-				KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;
-
-			    if ((kret = krb5_db_put_principal(kcontext,
-							      &dbent,
-							      &one)) ||
-				(one != 1)) {
-				fprintf(stderr, store_err_fmt,
-					fname, *linenop, name,
-					error_message(kret));
-				error++;
-			    }
-			    else {
-				if (flags & FLAG_VERBOSE)
-				    fprintf(stderr, add_princ_fmt, name);
-				retval = 0;
-			    }
-			    dbent.n_key_data = 2;
-			}
-			krb5_free_principal(kcontext, mod_princ);
-		    }
-		    else {
-			fprintf(stderr, parse_err_fmt, 
-				fname, *linenop, mod_name, 
-				error_message(kret));
-			error++;
-		    }
-		}
-		else {
-		    fprintf(stderr, parse_err_fmt,
-			    fname, *linenop, name, error_message(kret));
-		    error++;
-		}
-	    }
-	    else {
-		fprintf(stderr, read_err_fmt, fname, *linenop, try2read);
-	    }
-	}
-	else {
-	    fprintf(stderr, no_mem_fmt, fname, *linenop);
-	}
-
-	krb5_db_free_principal(kcontext, &dbent, 1);
-	if (mod_name)
-	    free(mod_name);
-	if (name)
-	    free(name);
+        akey->key_data_length[0] = alt_key_len;
+        pkey->key_data_length[1] = salt_len;
+        akey->key_data_length[1] = alt_salt_len;
+        name = (char *) NULL;
+        mod_name = (char *) NULL;
+        /*
+         * Get the memory for the variable length fields.
+         */
+        if ((name = (char *) malloc((size_t) (name_len + 1))) &&
+            (mod_name = (char *) malloc((size_t) (mod_name_len + 1))) &&
+            (!key_len ||
+             (pkey->key_data_contents[0] =
+              (krb5_octet *) malloc((size_t) (key_len + 1)))) &&
+            (!alt_key_len ||
+             (akey->key_data_contents[0] =
+              (krb5_octet *) malloc((size_t) (alt_key_len + 1)))) &&
+            (!salt_len ||
+             (pkey->key_data_contents[1] =
+              (krb5_octet *) malloc((size_t) (salt_len + 1)))) &&
+            (!alt_salt_len ||
+             (akey->key_data_contents[1] =
+              (krb5_octet *) malloc((size_t) (alt_salt_len + 1))))
+        ) {
+            error = 0;
+
+            /* Read the principal name */
+            if (read_string(filep, name, name_len, linenop)) {
+                try2read = read_name_string;
+                error++;
+            }
+            /* Read the key type */
+            if (!error && (fscanf(filep, "\t%d\t", &tmpint1) != 1)) {
+                try2read = read_key_type;
+                error++;
+            }
+            pkey->key_data_type[0] = tmpint1;
+            /* Read the old format key */
+            if (!error && read_octet_string(filep,
+                                            pkey->key_data_contents[0],
+                                            pkey->key_data_length[0])) {
+                try2read = read_key_data;
+                error++;
+            }
+            /* convert to a new format key */
+            /* the encrypted version is stored as the unencrypted key length
+               (4 bytes, MSB first) followed by the encrypted key. */
+            if ((pkey->key_data_length[0] > 4)
+                && (pkey->key_data_contents[0][0] == 0)
+                && (pkey->key_data_contents[0][1] == 0)) {
+                /* this really does look like an old key, so drop and swap */
+                /* the *new* length is 2 bytes, LSB first, sigh. */
+                size_t shortlen = pkey->key_data_length[0]-4+2;
+                krb5_octet *shortcopy = (krb5_octet *) malloc(shortlen);
+                krb5_octet *origdata = pkey->key_data_contents[0];
+                shortcopy[0] = origdata[3];
+                shortcopy[1] = origdata[2];
+                memcpy(shortcopy+2,origdata+4,shortlen-2);
+                free(origdata);
+                pkey->key_data_length[0] = shortlen;
+                pkey->key_data_contents[0] = shortcopy;
+            }
+
+            /* Read principal attributes */
+            if (!error && (fscanf(filep,
+                                  "\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t%u\t",
+                                  &tmpint1, &dbent.max_life,
+                                  &dbent.max_renewable_life,
+                                  &tmpint2, &dbent.expiration,
+                                  &dbent.pw_expiration, &last_pwd_change,
+                                  &dbent.last_success, &dbent.last_failed,
+                                  &tmpint3) != 10)) {
+                try2read = read_pr_data1;
+                error++;
+            }
+            pkey->key_data_kvno = tmpint1;
+            dbent.fail_auth_count = tmpint3;
+            /* Read modifier name */
+            if (!error && read_string(filep,
+                                      mod_name,
+                                      mod_name_len,
+                                      linenop)) {
+                try2read = read_mod_name;
+                error++;
+            }
+            /* Read second set of attributes */
+            if (!error && (fscanf(filep, "\t%u\t%u\t%u\t",
+                                  &mod_date, &dbent.attributes,
+                                  &tmpint1) != 3)) {
+                try2read = read_pr_data2;
+                error++;
+            }
+            pkey->key_data_type[1] = tmpint1;
+            /* Read salt data */
+            if (!error && read_octet_string(filep,
+                                            pkey->key_data_contents[1],
+                                            pkey->key_data_length[1])) {
+                try2read = read_salt_data;
+                error++;
+            }
+            /* Read alternate key type */
+            if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
+                try2read = read_akey_type;
+                error++;
+            }
+            akey->key_data_type[0] = tmpint1;
+            /* Read alternate key */
+            if (!error && read_octet_string(filep,
+                                            akey->key_data_contents[0],
+                                            akey->key_data_length[0])) {
+                try2read = read_akey_data;
+                error++;
+            }
+
+            /* convert to a new format key */
+            /* the encrypted version is stored as the unencrypted key length
+               (4 bytes, MSB first) followed by the encrypted key. */
+            if ((akey->key_data_length[0] > 4)
+                && (akey->key_data_contents[0][0] == 0)
+                && (akey->key_data_contents[0][1] == 0)) {
+                /* this really does look like an old key, so drop and swap */
+                /* the *new* length is 2 bytes, LSB first, sigh. */
+                size_t shortlen = akey->key_data_length[0]-4+2;
+                krb5_octet *shortcopy = (krb5_octet *) malloc(shortlen);
+                krb5_octet *origdata = akey->key_data_contents[0];
+                shortcopy[0] = origdata[3];
+                shortcopy[1] = origdata[2];
+                memcpy(shortcopy+2,origdata+4,shortlen-2);
+                free(origdata);
+                akey->key_data_length[0] = shortlen;
+                akey->key_data_contents[0] = shortcopy;
+            }
+
+            /* Read alternate salt type */
+            if (!error && (fscanf(filep, "\t%u\t", &tmpint1) != 1)) {
+                try2read = read_asalt_type;
+                error++;
+            }
+            akey->key_data_type[1] = tmpint1;
+            /* Read alternate salt data */
+            if (!error && read_octet_string(filep,
+                                            akey->key_data_contents[1],
+                                            akey->key_data_length[1])) {
+                try2read = read_asalt_data;
+                error++;
+            }
+            /* Read expansion data - discard it */
+            if (!error) {
+                for (i=0; i<8; i++) {
+                    if (fscanf(filep, "\t%u", &tmpint1) != 1) {
+                        try2read = read_exp_data;
+                        error++;
+                        break;
+                    }
+                }
+                if (!error)
+                    find_record_end(filep, fname, *linenop);
+            }
+
+            /*
+             * If no error, then we're done reading.  Now parse the names
+             * and store the database dbent.
+             */
+            if (!error) {
+                if (!(kret = krb5_parse_name(kcontext,
+                                             name,
+                                             &dbent.princ))) {
+                    if (!(kret = krb5_parse_name(kcontext,
+                                                 mod_name,
+                                                 &mod_princ))) {
+                        if (!(kret =
+                              krb5_dbe_update_mod_princ_data(kcontext,
+                                                             &dbent,
+                                                             mod_date,
+                                                             mod_princ)) &&
+                            !(kret =
+                              krb5_dbe_update_last_pwd_change(kcontext,
+                                                              &dbent,
+                                                              last_pwd_change))) {
+                            int one = 1;
+
+                            dbent.len = KRB5_KDB_V1_BASE_LENGTH;
+                            pkey->key_data_ver = (pkey->key_data_type[1] || pkey->key_data_length[1]) ?
+                                2 : 1;
+                            akey->key_data_ver = (akey->key_data_type[1] || akey->key_data_length[1]) ?
+                                2 : 1;
+                            if ((pkey->key_data_type[0] ==
+                                 akey->key_data_type[0]) &&
+                                (pkey->key_data_type[1] ==
+                                 akey->key_data_type[1]))
+                                dbent.n_key_data--;
+                            else if ((akey->key_data_type[0] == 0)
+                                     && (akey->key_data_length[0] == 0)
+                                     && (akey->key_data_type[1] == 0)
+                                     && (akey->key_data_length[1] == 0))
+                                dbent.n_key_data--;
+
+                            dbent.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+                                KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_KEY_DATA |
+                                KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |
+                                KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;
+
+                            if ((kret = krb5_db_put_principal(kcontext,
+                                                              &dbent,
+                                                              &one)) ||
+                                (one != 1)) {
+                                fprintf(stderr, store_err_fmt,
+                                        fname, *linenop, name,
+                                        error_message(kret));
+                                error++;
+                            }
+                            else {
+                                if (flags & FLAG_VERBOSE)
+                                    fprintf(stderr, add_princ_fmt, name);
+                                retval = 0;
+                            }
+                            dbent.n_key_data = 2;
+                        }
+                        krb5_free_principal(kcontext, mod_princ);
+                    }
+                    else {
+                        fprintf(stderr, parse_err_fmt,
+                                fname, *linenop, mod_name,
+                                error_message(kret));
+                        error++;
+                    }
+                }
+                else {
+                    fprintf(stderr, parse_err_fmt,
+                            fname, *linenop, name, error_message(kret));
+                    error++;
+                }
+            }
+            else {
+                fprintf(stderr, read_err_fmt, fname, *linenop, try2read);
+            }
+        }
+        else {
+            fprintf(stderr, no_mem_fmt, fname, *linenop);
+        }
+
+        krb5_db_free_principal(kcontext, &dbent, 1);
+        if (mod_name)
+            free(mod_name);
+        if (name)
+            free(name);
     }
     else {
-	if (nmatched != EOF)
-	    fprintf(stderr, rhead_err_fmt, fname, *linenop);
-	else
-	    retval = -1;
+        if (nmatched != EOF)
+            fprintf(stderr, rhead_err_fmt, fname, *linenop);
+        else
+            retval = -1;
     }
     return(retval);
 }
 
 /*
- * process_k5beta6_record()	- Handle a dump record in krb5b6 format.
+ * process_k5beta6_record()     - Handle a dump record in krb5b6 format.
  *
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
 process_k5beta6_record(fname, kcontext, filep, flags, linenop)
-    char		*fname;
-    krb5_context	kcontext;
-    FILE		*filep;
-    int			flags;
-    int			*linenop;
+    char                *fname;
+    krb5_context        kcontext;
+    FILE                *filep;
+    int                 flags;
+    int                 *linenop;
 {
-    int			retval;
-    krb5_db_entry	dbentry;
-    krb5_int32		t1, t2, t3, t4, t5, t6, t7, t8, t9;
-    int			nread;
-    int			error;
-    int			i, j, one;
-    char		*name;
-    krb5_key_data	*kp, *kdatap;
-    krb5_tl_data	**tlp, *tl;
-    krb5_octet 		*op;
-    krb5_error_code	kret;
-    const char		*try2read;
+    int                 retval;
+    krb5_db_entry       dbentry;
+    krb5_int32          t1, t2, t3, t4, t5, t6, t7, t8, t9;
+    int                 nread;
+    int                 error;
+    int                 i, j, one;
+    char                *name;
+    krb5_key_data       *kp, *kdatap;
+    krb5_tl_data        **tlp, *tl;
+    krb5_octet          *op;
+    krb5_error_code     kret;
+    const char          *try2read;
 
     try2read = (char *) NULL;
     memset(&dbentry, 0, sizeof(dbentry));
@@ -1860,269 +1861,269 @@ process_k5beta6_record(fname, kcontext, filep, flags, linenop)
     kret = 0;
     nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t", &t1, &t2, &t3, &t4, &t5);
     if (nread == 5) {
-	/* Get memory for flattened principal name */
-	if (!(name = (char *) malloc((size_t) t2 + 1)))
-	    error++;
-
-	/* Get memory for and form tagged data linked list */
-	tlp = &dbentry.tl_data;
-	for (i=0; i<t3; i++) {
-	    if ((*tlp = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) {
-		memset(*tlp, 0, sizeof(krb5_tl_data));
-		tlp = &((*tlp)->tl_data_next);
-		dbentry.n_tl_data++;
-	    }
-	    else {
-		error++;
-		break;
-	    }
-	}
-
-	/* Get memory for key list */
-	if (t4 && !(kp = (krb5_key_data *) malloc((size_t)
-						  (t4*sizeof(krb5_key_data)))))
-	    error++;
-
-	/* Get memory for extra data */
-	if (t5 && !(op = (krb5_octet *) malloc((size_t) t5)))
-	    error++;
-
-	if (!error) {
-	    dbentry.len = t1;
-	    dbentry.n_key_data = t4;
-	    dbentry.e_length = t5;
-	    if (kp) {
-		memset(kp, 0, (size_t) (t4*sizeof(krb5_key_data)));
-		dbentry.key_data = kp;
-		kp = (krb5_key_data *) NULL;
-	    }
-	    if (op) {
-		memset(op, 0, (size_t) t5);
-		dbentry.e_data = op;
-		op = (krb5_octet *) NULL;
-	    }
-
-	    /* Read in and parse the principal name */
-	    if (!read_string(filep, name, t2, linenop) &&
-		!(kret = krb5_parse_name(kcontext, name, &dbentry.princ))) {
-
-		/* Get the fixed principal attributes */
-		nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t",
-			       &t2, &t3, &t4, &t5, &t6, &t7, &t8, &t9);
-		if (nread == 8) {
-		    dbentry.attributes = (krb5_flags) t2;
-		    dbentry.max_life = (krb5_deltat) t3;
-		    dbentry.max_renewable_life = (krb5_deltat) t4;
-		    dbentry.expiration = (krb5_timestamp) t5;
-		    dbentry.pw_expiration = (krb5_timestamp) t6;
-		    dbentry.last_success = (krb5_timestamp) t7;
-		    dbentry.last_failed = (krb5_timestamp) t8;
-		    dbentry.fail_auth_count = (krb5_kvno) t9;
-		    dbentry.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
-			KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
-			KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |
-			KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;
-		} else {
-		    try2read = read_nint_data;
-		    error++;
-		}
-
-		/*
-		 * Get the tagged data.
-		 *
-		 * Really, this code ought to discard tl data types
-		 * that it knows are special to the current version
-		 * and were not supported in the previous version.
-		 * But it's a pain to implement that here, and doing
-		 * it at dump time has almost as good an effect, so
-		 * that's what I did.  [krb5-admin/89]
-		 */
-		if (!error && dbentry.n_tl_data) {
-		    for (tl = dbentry.tl_data; tl; tl = tl->tl_data_next) {
-			nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
-			if (nread == 2) {
-			    tl->tl_data_type = (krb5_int16) t1;
-			    tl->tl_data_length = (krb5_int16) t2;
-			    if (tl->tl_data_length) {
-				if (!(tl->tl_data_contents =
-				      (krb5_octet *) malloc((size_t) t2+1)) ||
-				    read_octet_string(filep,
-						      tl->tl_data_contents,
-						      t2)) {
-				    try2read = read_tcontents;
-				    error++;
-				    break;
-				}
-				/* test to set mask fields */
-				if (t1 == KRB5_TL_KADM_DATA) {
-				    XDR xdrs;
-				    osa_princ_ent_rec osa_princ_ent;
-
-				    /* 
-				     * Assuming aux_attributes will always be
-				     * there
-				     */
-				    dbentry.mask |= KADM5_AUX_ATTRIBUTES;
-
-				    /* test for an actual policy reference */
-				    memset(&osa_princ_ent, 0, sizeof(osa_princ_ent));
-				    xdrmem_create(&xdrs, (char *)tl->tl_data_contents,
-					    tl->tl_data_length, XDR_DECODE);
-				    if (xdr_osa_princ_ent_rec(&xdrs, &osa_princ_ent) &&
-					    (osa_princ_ent.aux_attributes & KADM5_POLICY) &&
-					    osa_princ_ent.policy != NULL) {
-
-					dbentry.mask |= KADM5_POLICY;
-					kdb_free_entry(NULL, NULL, &osa_princ_ent);
-				    }
-				    xdr_destroy(&xdrs);
-				}
-			    }
-			    else {
-				/* Should be a null field */
-				nread = fscanf(filep, "%d", &t9);
-				if ((nread != 1) || (t9 != -1)) {
-				    error++;
-				    try2read = read_tcontents;
-				    break;
-				}
-			    }
-			}
-			else {
-			    try2read = read_ttypelen;
-			    error++;
-			    break;
-			}
-		    }
-		    if (!error)
-			dbentry.mask |= KADM5_TL_DATA;
-		}
-
-		/* Get the key data */
-		if (!error && dbentry.n_key_data) {
-		    for (i=0; !error && (i<dbentry.n_key_data); i++) {
-			kdatap = &dbentry.key_data[i];
-			nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
-			if (nread == 2) {
-			    kdatap->key_data_ver = (krb5_int16) t1;
-			    kdatap->key_data_kvno = (krb5_int16) t2;
-
-			    for (j=0; j<t1; j++) {
-				nread = fscanf(filep, "%d\t%d\t", &t3, &t4);
-				if (nread == 2) {
-				    kdatap->key_data_type[j] = t3;
-				    kdatap->key_data_length[j] = t4;
-				    if (t4) {
-					if (!(kdatap->key_data_contents[j] =
-					      (krb5_octet *)
-					      malloc((size_t) t4+1)) ||
-					    read_octet_string(filep,
-							      kdatap->key_data_contents[j],
-							      t4)) {
-					    try2read = read_kcontents;
-					    error++;
-					    break;
-					}
-				    }
-				    else {
-					/* Should be a null field */
-					nread = fscanf(filep, "%d", &t9);
-					if ((nread != 1) || (t9 != -1)) {
-					    error++;
-					    try2read = read_kcontents;
-					    break;
-					}
-				    }
-				}
-				else {
-				    try2read = read_ktypelen;
-				    error++;
-				    break;
-				}
-			    }
-			}
-		    }
-		    if (!error)
-			dbentry.mask |= KADM5_KEY_DATA;
-		}
-
-		/* Get the extra data */
-		if (!error && dbentry.e_length) {
-		    if (read_octet_string(filep,
-					  dbentry.e_data,
-					  (int) dbentry.e_length)) {
-			try2read = read_econtents;
-			error++;
-		    }
-		}
-		else {
-		    nread = fscanf(filep, "%d", &t9);
-		    if ((nread != 1) || (t9 != -1)) {
-			error++;
-			try2read = read_econtents;
-		    }
-		}
-
-		/* Finally, find the end of the record. */
-		if (!error)
-		    find_record_end(filep, fname, *linenop);
-
-		/*
-		 * We have either read in all the data or choked.
-		 */
-		if (!error) {
-		    one = 1;
-		    if ((kret = krb5_db_put_principal(kcontext,
-						      &dbentry,
-						      &one))) {
-			fprintf(stderr, store_err_fmt,
-				fname, *linenop,
-				name, error_message(kret));
-		    }
-		    else {
-			if (flags & FLAG_VERBOSE)
-			    fprintf(stderr, add_princ_fmt, name);
-			retval = 0;
-		    }
-		}
-		else {
-		    fprintf(stderr, read_err_fmt, fname, *linenop, try2read);
-		}
-	    }
-	    else {
-		if (kret)
-		    fprintf(stderr, parse_err_fmt,
-			    fname, *linenop, name, error_message(kret));
-		else
-		    fprintf(stderr, no_mem_fmt, fname, *linenop);
-	    }
-	}
-	else {
-	    fprintf(stderr, rhead_err_fmt, fname, *linenop);
-	}
-
-	if (op)
-	    free(op);
-	if (kp)
-	    free(kp);
-	if (name)
-	    free(name);
-	krb5_db_free_principal(kcontext, &dbentry, 1);
+        /* Get memory for flattened principal name */
+        if (!(name = (char *) malloc((size_t) t2 + 1)))
+            error++;
+
+        /* Get memory for and form tagged data linked list */
+        tlp = &dbentry.tl_data;
+        for (i=0; i<t3; i++) {
+            if ((*tlp = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)))) {
+                memset(*tlp, 0, sizeof(krb5_tl_data));
+                tlp = &((*tlp)->tl_data_next);
+                dbentry.n_tl_data++;
+            }
+            else {
+                error++;
+                break;
+            }
+        }
+
+        /* Get memory for key list */
+        if (t4 && !(kp = (krb5_key_data *) malloc((size_t)
+                                                  (t4*sizeof(krb5_key_data)))))
+            error++;
+
+        /* Get memory for extra data */
+        if (t5 && !(op = (krb5_octet *) malloc((size_t) t5)))
+            error++;
+
+        if (!error) {
+            dbentry.len = t1;
+            dbentry.n_key_data = t4;
+            dbentry.e_length = t5;
+            if (kp) {
+                memset(kp, 0, (size_t) (t4*sizeof(krb5_key_data)));
+                dbentry.key_data = kp;
+                kp = (krb5_key_data *) NULL;
+            }
+            if (op) {
+                memset(op, 0, (size_t) t5);
+                dbentry.e_data = op;
+                op = (krb5_octet *) NULL;
+            }
+
+            /* Read in and parse the principal name */
+            if (!read_string(filep, name, t2, linenop) &&
+                !(kret = krb5_parse_name(kcontext, name, &dbentry.princ))) {
+
+                /* Get the fixed principal attributes */
+                nread = fscanf(filep, "%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t",
+                               &t2, &t3, &t4, &t5, &t6, &t7, &t8, &t9);
+                if (nread == 8) {
+                    dbentry.attributes = (krb5_flags) t2;
+                    dbentry.max_life = (krb5_deltat) t3;
+                    dbentry.max_renewable_life = (krb5_deltat) t4;
+                    dbentry.expiration = (krb5_timestamp) t5;
+                    dbentry.pw_expiration = (krb5_timestamp) t6;
+                    dbentry.last_success = (krb5_timestamp) t7;
+                    dbentry.last_failed = (krb5_timestamp) t8;
+                    dbentry.fail_auth_count = (krb5_kvno) t9;
+                    dbentry.mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+                        KADM5_MAX_LIFE | KADM5_MAX_RLIFE |
+                        KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |
+                        KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;
+                } else {
+                    try2read = read_nint_data;
+                    error++;
+                }
+
+                /*
+                 * Get the tagged data.
+                 *
+                 * Really, this code ought to discard tl data types
+                 * that it knows are special to the current version
+                 * and were not supported in the previous version.
+                 * But it's a pain to implement that here, and doing
+                 * it at dump time has almost as good an effect, so
+                 * that's what I did.  [krb5-admin/89]
+                 */
+                if (!error && dbentry.n_tl_data) {
+                    for (tl = dbentry.tl_data; tl; tl = tl->tl_data_next) {
+                        nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
+                        if (nread == 2) {
+                            tl->tl_data_type = (krb5_int16) t1;
+                            tl->tl_data_length = (krb5_int16) t2;
+                            if (tl->tl_data_length) {
+                                if (!(tl->tl_data_contents =
+                                      (krb5_octet *) malloc((size_t) t2+1)) ||
+                                    read_octet_string(filep,
+                                                      tl->tl_data_contents,
+                                                      t2)) {
+                                    try2read = read_tcontents;
+                                    error++;
+                                    break;
+                                }
+                                /* test to set mask fields */
+                                if (t1 == KRB5_TL_KADM_DATA) {
+                                    XDR xdrs;
+                                    osa_princ_ent_rec osa_princ_ent;
+
+                                    /*
+                                     * Assuming aux_attributes will always be
+                                     * there
+                                     */
+                                    dbentry.mask |= KADM5_AUX_ATTRIBUTES;
+
+                                    /* test for an actual policy reference */
+                                    memset(&osa_princ_ent, 0, sizeof(osa_princ_ent));
+                                    xdrmem_create(&xdrs, (char *)tl->tl_data_contents,
+                                                  tl->tl_data_length, XDR_DECODE);
+                                    if (xdr_osa_princ_ent_rec(&xdrs, &osa_princ_ent) &&
+                                        (osa_princ_ent.aux_attributes & KADM5_POLICY) &&
+                                        osa_princ_ent.policy != NULL) {
+
+                                        dbentry.mask |= KADM5_POLICY;
+                                        kdb_free_entry(NULL, NULL, &osa_princ_ent);
+                                    }
+                                    xdr_destroy(&xdrs);
+                                }
+                            }
+                            else {
+                                /* Should be a null field */
+                                nread = fscanf(filep, "%d", &t9);
+                                if ((nread != 1) || (t9 != -1)) {
+                                    error++;
+                                    try2read = read_tcontents;
+                                    break;
+                                }
+                            }
+                        }
+                        else {
+                            try2read = read_ttypelen;
+                            error++;
+                            break;
+                        }
+                    }
+                    if (!error)
+                        dbentry.mask |= KADM5_TL_DATA;
+                }
+
+                /* Get the key data */
+                if (!error && dbentry.n_key_data) {
+                    for (i=0; !error && (i<dbentry.n_key_data); i++) {
+                        kdatap = &dbentry.key_data[i];
+                        nread = fscanf(filep, "%d\t%d\t", &t1, &t2);
+                        if (nread == 2) {
+                            kdatap->key_data_ver = (krb5_int16) t1;
+                            kdatap->key_data_kvno = (krb5_int16) t2;
+
+                            for (j=0; j<t1; j++) {
+                                nread = fscanf(filep, "%d\t%d\t", &t3, &t4);
+                                if (nread == 2) {
+                                    kdatap->key_data_type[j] = t3;
+                                    kdatap->key_data_length[j] = t4;
+                                    if (t4) {
+                                        if (!(kdatap->key_data_contents[j] =
+                                              (krb5_octet *)
+                                              malloc((size_t) t4+1)) ||
+                                            read_octet_string(filep,
+                                                              kdatap->key_data_contents[j],
+                                                              t4)) {
+                                            try2read = read_kcontents;
+                                            error++;
+                                            break;
+                                        }
+                                    }
+                                    else {
+                                        /* Should be a null field */
+                                        nread = fscanf(filep, "%d", &t9);
+                                        if ((nread != 1) || (t9 != -1)) {
+                                            error++;
+                                            try2read = read_kcontents;
+                                            break;
+                                        }
+                                    }
+                                }
+                                else {
+                                    try2read = read_ktypelen;
+                                    error++;
+                                    break;
+                                }
+                            }
+                        }
+                    }
+                    if (!error)
+                        dbentry.mask |= KADM5_KEY_DATA;
+                }
+
+                /* Get the extra data */
+                if (!error && dbentry.e_length) {
+                    if (read_octet_string(filep,
+                                          dbentry.e_data,
+                                          (int) dbentry.e_length)) {
+                        try2read = read_econtents;
+                        error++;
+                    }
+                }
+                else {
+                    nread = fscanf(filep, "%d", &t9);
+                    if ((nread != 1) || (t9 != -1)) {
+                        error++;
+                        try2read = read_econtents;
+                    }
+                }
+
+                /* Finally, find the end of the record. */
+                if (!error)
+                    find_record_end(filep, fname, *linenop);
+
+                /*
+                 * We have either read in all the data or choked.
+                 */
+                if (!error) {
+                    one = 1;
+                    if ((kret = krb5_db_put_principal(kcontext,
+                                                      &dbentry,
+                                                      &one))) {
+                        fprintf(stderr, store_err_fmt,
+                                fname, *linenop,
+                                name, error_message(kret));
+                    }
+                    else {
+                        if (flags & FLAG_VERBOSE)
+                            fprintf(stderr, add_princ_fmt, name);
+                        retval = 0;
+                    }
+                }
+                else {
+                    fprintf(stderr, read_err_fmt, fname, *linenop, try2read);
+                }
+            }
+            else {
+                if (kret)
+                    fprintf(stderr, parse_err_fmt,
+                            fname, *linenop, name, error_message(kret));
+                else
+                    fprintf(stderr, no_mem_fmt, fname, *linenop);
+            }
+        }
+        else {
+            fprintf(stderr, rhead_err_fmt, fname, *linenop);
+        }
+
+        if (op)
+            free(op);
+        if (kp)
+            free(kp);
+        if (name)
+            free(name);
+        krb5_db_free_principal(kcontext, &dbentry, 1);
     }
     else {
-	if (nread == EOF)
-	    retval = -1;
+        if (nread == EOF)
+            retval = -1;
     }
     return(retval);
 }
 
-static int 
+static int
 process_k5beta7_policy(fname, kcontext, filep, flags, linenop)
-    char		*fname;
-    krb5_context	kcontext;
-    FILE		*filep;
-    int			flags;
-    int			*linenop;
+    char                *fname;
+    krb5_context        kcontext;
+    FILE                *filep;
+    int                 flags;
+    int                 *linenop;
 {
     osa_policy_ent_rec rec;
     char namebuf[1024];
@@ -2134,38 +2135,38 @@ process_k5beta7_policy(fname, kcontext, filep, flags, linenop)
     rec.name = namebuf;
 
     nread = fscanf(filep, "%1024s\t%d\t%d\t%d\t%d\t%d\t%d", rec.name,
-		   &rec.pw_min_life, &rec.pw_max_life,
-		   &rec.pw_min_length, &rec.pw_min_classes,
-		   &rec.pw_history_num, &rec.policy_refcnt);
+                   &rec.pw_min_life, &rec.pw_max_life,
+                   &rec.pw_min_length, &rec.pw_min_classes,
+                   &rec.pw_history_num, &rec.policy_refcnt);
     if (nread == EOF)
-	 return -1;
+        return -1;
     else if (nread != 7) {
-	 fprintf(stderr, "cannot parse policy on line %d (%d read)\n",
-		 *linenop, nread);
-	 return 1;
+        fprintf(stderr, "cannot parse policy on line %d (%d read)\n",
+                *linenop, nread);
+        return 1;
     }
 
     if ((ret = krb5_db_create_policy(kcontext, &rec))) {
-	 if (ret &&
-	     ((ret = krb5_db_put_policy(kcontext, &rec)))) {
-	      fprintf(stderr, "cannot create policy on line %d: %s\n",
-		      *linenop, error_message(ret));
-	      return 1;
-	 }
+        if (ret &&
+            ((ret = krb5_db_put_policy(kcontext, &rec)))) {
+            fprintf(stderr, "cannot create policy on line %d: %s\n",
+                    *linenop, error_message(ret));
+            return 1;
+        }
     }
     if (flags & FLAG_VERBOSE)
-	 fprintf(stderr, "created policy %s\n", rec.name);
-    
+        fprintf(stderr, "created policy %s\n", rec.name);
+
     return 0;
 }
 
 static int
 process_r1_8_policy(fname, kcontext, filep, flags, linenop)
-    char		*fname;
-    krb5_context	kcontext;
-    FILE		*filep;
-    int			flags;
-    int			*linenop;
+    char                *fname;
+    krb5_context        kcontext;
+    FILE                *filep;
+    int                 flags;
+    int                 *linenop;
 {
     osa_policy_ent_rec rec;
     char namebuf[1024];
@@ -2181,158 +2182,158 @@ process_r1_8_policy(fname, kcontext, filep, flags, linenop)
      * ignore any additional values.
      */
     nread = fscanf(filep, "%1024s\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d\t%d",
-		   rec.name,
-		   &rec.pw_min_life, &rec.pw_max_life,
-		   &rec.pw_min_length, &rec.pw_min_classes,
-		   &rec.pw_history_num, &rec.policy_refcnt,
-		   &rec.pw_max_fail, &rec.pw_failcnt_interval,
-		   &rec.pw_lockout_duration);
+                   rec.name,
+                   &rec.pw_min_life, &rec.pw_max_life,
+                   &rec.pw_min_length, &rec.pw_min_classes,
+                   &rec.pw_history_num, &rec.policy_refcnt,
+                   &rec.pw_max_fail, &rec.pw_failcnt_interval,
+                   &rec.pw_lockout_duration);
     if (nread == EOF)
-	 return -1;
+        return -1;
     else if (nread < 10) {
-	 fprintf(stderr, "cannot parse policy on line %d (%d read)\n",
-		 *linenop, nread);
-	 return 1;
+        fprintf(stderr, "cannot parse policy on line %d (%d read)\n",
+                *linenop, nread);
+        return 1;
     }
 
     if ((ret = krb5_db_create_policy(kcontext, &rec))) {
-	 if (ret &&
-	     ((ret = krb5_db_put_policy(kcontext, &rec)))) {
-	      fprintf(stderr, "cannot create policy on line %d: %s\n",
-		      *linenop, error_message(ret));
-	      return 1;
-	 }
+        if (ret &&
+            ((ret = krb5_db_put_policy(kcontext, &rec)))) {
+            fprintf(stderr, "cannot create policy on line %d: %s\n",
+                    *linenop, error_message(ret));
+            return 1;
+        }
     }
     if (flags & FLAG_VERBOSE)
-	 fprintf(stderr, "created policy %s\n", rec.name);
+        fprintf(stderr, "created policy %s\n", rec.name);
 
     return 0;
 }
 
 /*
- * process_k5beta7_record()	- Handle a dump record in krb5b7 format.
+ * process_k5beta7_record()     - Handle a dump record in krb5b7 format.
  *
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
 process_k5beta7_record(fname, kcontext, filep, flags, linenop)
-    char		*fname;
-    krb5_context	kcontext;
-    FILE		*filep;
-    int			flags;
-    int			*linenop;
+    char                *fname;
+    krb5_context        kcontext;
+    FILE                *filep;
+    int                 flags;
+    int                 *linenop;
 {
-     int nread;
-     char rectype[100];
-
-     nread = fscanf(filep, "%100s\t", rectype);
-     if (nread == EOF)
-	  return -1;
-     else if (nread != 1)
-	  return 1;
-     if (strcmp(rectype, "princ") == 0)
-	  process_k5beta6_record(fname, kcontext, filep, flags,
-				 linenop);
-     else if (strcmp(rectype, "policy") == 0)
-	  process_k5beta7_policy(fname, kcontext, filep, flags,
-				 linenop);
-     else {
-	  fprintf(stderr, "unknown record type \"%s\" on line %d\n",
-		  rectype, *linenop);
-	  return 1;
-     }
-
-     return 0;
+    int nread;
+    char rectype[100];
+
+    nread = fscanf(filep, "%100s\t", rectype);
+    if (nread == EOF)
+        return -1;
+    else if (nread != 1)
+        return 1;
+    if (strcmp(rectype, "princ") == 0)
+        process_k5beta6_record(fname, kcontext, filep, flags,
+                               linenop);
+    else if (strcmp(rectype, "policy") == 0)
+        process_k5beta7_policy(fname, kcontext, filep, flags,
+                               linenop);
+    else {
+        fprintf(stderr, "unknown record type \"%s\" on line %d\n",
+                rectype, *linenop);
+        return 1;
+    }
+
+    return 0;
 }
 
 /*
- * process_ov_record()	- Handle a dump record in OpenV*Secure 1.0 format.
+ * process_ov_record()  - Handle a dump record in OpenV*Secure 1.0 format.
  *
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
 process_ov_record(fname, kcontext, filep, flags, linenop)
-    char		*fname;
-    krb5_context	kcontext;
-    FILE		*filep;
-    int			flags;
-    int			*linenop;
+    char                *fname;
+    krb5_context        kcontext;
+    FILE                *filep;
+    int                 flags;
+    int                 *linenop;
 {
-     int nread;
-     char rectype[100];
-
-     nread = fscanf(filep, "%100s\t", rectype);
-     if (nread == EOF)
-	  return -1;
-     else if (nread != 1)
-	  return 1;
-     if (strcmp(rectype, "princ") == 0)
-	  process_ov_principal(fname, kcontext, filep, flags,
-			       linenop);
-     else if (strcmp(rectype, "policy") == 0)
-	  process_k5beta7_policy(fname, kcontext, filep, flags,
-				 linenop);
-     else if (strcmp(rectype, "End") == 0)
-	  return -1;
-     else {
-	  fprintf(stderr, "unknown record type \"%s\" on line %d\n",
-		  rectype, *linenop);
-	  return 1;
-     }
-
-     return 0;
+    int nread;
+    char rectype[100];
+
+    nread = fscanf(filep, "%100s\t", rectype);
+    if (nread == EOF)
+        return -1;
+    else if (nread != 1)
+        return 1;
+    if (strcmp(rectype, "princ") == 0)
+        process_ov_principal(fname, kcontext, filep, flags,
+                             linenop);
+    else if (strcmp(rectype, "policy") == 0)
+        process_k5beta7_policy(fname, kcontext, filep, flags,
+                               linenop);
+    else if (strcmp(rectype, "End") == 0)
+        return -1;
+    else {
+        fprintf(stderr, "unknown record type \"%s\" on line %d\n",
+                rectype, *linenop);
+        return 1;
+    }
+
+    return 0;
 }
 
 /*
- * process_r1_8_record()	- Handle a dump record in krb5 1.8 format.
+ * process_r1_8_record()        - Handle a dump record in krb5 1.8 format.
  *
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
 process_r1_8_record(fname, kcontext, filep, flags, linenop)
-    char		*fname;
-    krb5_context	kcontext;
-    FILE		*filep;
-    int			flags;
-    int			*linenop;
+    char                *fname;
+    krb5_context        kcontext;
+    FILE                *filep;
+    int                 flags;
+    int                 *linenop;
 {
-     int nread;
-     char rectype[100];
-
-     nread = fscanf(filep, "%100s\t", rectype);
-     if (nread == EOF)
-	  return -1;
-     else if (nread != 1)
-	  return 1;
-     if (strcmp(rectype, "princ") == 0)
-	  process_k5beta6_record(fname, kcontext, filep, flags,
-				 linenop);
-     else if (strcmp(rectype, "policy") == 0)
-	  process_r1_8_policy(fname, kcontext, filep, flags,
-			      linenop);
-     else {
-	  fprintf(stderr, "unknown record type \"%s\" on line %d\n",
-		  rectype, *linenop);
-	  return 1;
-     }
-
-     return 0;
+    int nread;
+    char rectype[100];
+
+    nread = fscanf(filep, "%100s\t", rectype);
+    if (nread == EOF)
+        return -1;
+    else if (nread != 1)
+        return 1;
+    if (strcmp(rectype, "princ") == 0)
+        process_k5beta6_record(fname, kcontext, filep, flags,
+                               linenop);
+    else if (strcmp(rectype, "policy") == 0)
+        process_r1_8_policy(fname, kcontext, filep, flags,
+                            linenop);
+    else {
+        fprintf(stderr, "unknown record type \"%s\" on line %d\n",
+                rectype, *linenop);
+        return 1;
+    }
+
+    return 0;
 }
 
 /*
- * restore_dump()	- Restore the database from any version dump file.
+ * restore_dump()       - Restore the database from any version dump file.
  */
 static int
 restore_dump(programname, kcontext, dumpfile, f, flags, dump)
-    char		*programname;
-    krb5_context	kcontext;
-    char		*dumpfile;
-    FILE		*f;
-    int			flags;
-    dump_version	*dump;
+    char                *programname;
+    krb5_context        kcontext;
+    char                *dumpfile;
+    FILE                *f;
+    int                 flags;
+    dump_version        *dump;
 {
-    int		error;	
-    int		lineno;
+    int         error;
+    int         lineno;
 
     error = 0;
     lineno = 1;
@@ -2341,15 +2342,15 @@ restore_dump(programname, kcontext, dumpfile, f, flags, dump)
      * Process the records.
      */
     while (!(error = (*dump->load_record)(dumpfile,
-					  kcontext, 
-					  f,
-					  flags,
-					  &lineno)))
-	 ;
+                                          kcontext,
+                                          f,
+                                          flags,
+                                          &lineno)))
+        ;
     if (error != -1)
-	 fprintf(stderr, err_line_fmt, programname, lineno, dumpfile);
+        fprintf(stderr, err_line_fmt, programname, lineno, dumpfile);
     else
-	 error = 0;
+        error = 0;
 
     return(error);
 }
@@ -2360,28 +2361,28 @@ restore_dump(programname, kcontext, dumpfile, f, flags, dump)
  */
 void
 load_db(argc, argv)
-    int		argc;
-    char	**argv;
+    int         argc;
+    char        **argv;
 {
     kadm5_config_params newparams;
-    krb5_error_code	kret;
-    krb5_context	kcontext;
-    FILE		*f;
-    extern char		*optarg;
-    extern int		optind;
-    char		*dumpfile;
-    char		*dbname;
-    char		*dbname_tmp;
-    char		buf[BUFSIZ];
-    dump_version	*load;
-    int			flags;
-    krb5_int32		crflags;
-    int			aindex;
-    int			db_locked = 0;
-    char		iheader[MAX_HEADER];
-    kdb_log_context	*log_ctx;
-    krb5_boolean	add_update = TRUE;
-    uint32_t		caller, last_sno, last_seconds, last_useconds;
+    krb5_error_code     kret;
+    krb5_context        kcontext;
+    FILE                *f;
+    extern char         *optarg;
+    extern int          optind;
+    char                *dumpfile;
+    char                *dbname;
+    char                *dbname_tmp;
+    char                buf[BUFSIZ];
+    dump_version        *load;
+    int                 flags;
+    krb5_int32          crflags;
+    int                 aindex;
+    int                 db_locked = 0;
+    char                iheader[MAX_HEADER];
+    kdb_log_context     *log_ctx;
+    krb5_boolean        add_update = TRUE;
+    uint32_t            caller, last_sno, last_seconds, last_useconds;
 
     /*
      * Parse the arguments.
@@ -2396,89 +2397,89 @@ load_db(argc, argv)
     log_ctx = util_context->kdblog_context;
 
     for (aindex = 1; aindex < argc; aindex++) {
-	if (!strcmp(argv[aindex], oldoption))
-	     load = &old_version;
-	else if (!strcmp(argv[aindex], b6option))
-	     load = &beta6_version;
-	else if (!strcmp(argv[aindex], b7option))
-	     load = &beta7_version;
-	else if (!strcmp(argv[aindex], ovoption))
-	     load = &ov_version;
-	else if (!strcmp(argv[aindex], r13option))
-	     load = &r1_3_version;
-	else if (!strcmp(argv[aindex], ipropoption)) {
-	    if (log_ctx && log_ctx->iproprole) {
-		load = &iprop_version;
-		add_update = FALSE;
-	    } else {
-		fprintf(stderr, _("Iprop not enabled\n"));
-		exit_status++;
-		return;
-	    }
-	} else if (!strcmp(argv[aindex], verboseoption))
-	    flags |= FLAG_VERBOSE;
-	else if (!strcmp(argv[aindex], updateoption))
-	    flags |= FLAG_UPDATE;
-	else if (!strcmp(argv[aindex], hashoption)) {
-	    if (!add_db_arg("hash=true")) {
-		com_err(progname, ENOMEM, "while parsing command arguments\n");
-		exit(1);
-	    }
-	} else
-	    break;
+        if (!strcmp(argv[aindex], oldoption))
+            load = &old_version;
+        else if (!strcmp(argv[aindex], b6option))
+            load = &beta6_version;
+        else if (!strcmp(argv[aindex], b7option))
+            load = &beta7_version;
+        else if (!strcmp(argv[aindex], ovoption))
+            load = &ov_version;
+        else if (!strcmp(argv[aindex], r13option))
+            load = &r1_3_version;
+        else if (!strcmp(argv[aindex], ipropoption)) {
+            if (log_ctx && log_ctx->iproprole) {
+                load = &iprop_version;
+                add_update = FALSE;
+            } else {
+                fprintf(stderr, _("Iprop not enabled\n"));
+                exit_status++;
+                return;
+            }
+        } else if (!strcmp(argv[aindex], verboseoption))
+            flags |= FLAG_VERBOSE;
+        else if (!strcmp(argv[aindex], updateoption))
+            flags |= FLAG_UPDATE;
+        else if (!strcmp(argv[aindex], hashoption)) {
+            if (!add_db_arg("hash=true")) {
+                com_err(progname, ENOMEM, "while parsing command arguments\n");
+                exit(1);
+            }
+        } else
+            break;
     }
     if ((argc - aindex) != 1) {
-	usage();
-	return;
+        usage();
+        return;
     }
     dumpfile = argv[aindex];
 
     if (asprintf(&dbname_tmp, "%s%s", dbname, dump_tmptrail) < 0) {
-	fprintf(stderr, no_name_mem_fmt, progname);
-	exit_status++;
-	return;
+        fprintf(stderr, no_name_mem_fmt, progname);
+        exit_status++;
+        return;
     }
 
     /*
      * Initialize the Kerberos context and error tables.
      */
     if ((kret = kadm5_init_krb5_context(&kcontext))) {
-	fprintf(stderr, ctx_err_fmt, progname);
-	free(dbname_tmp);
-	exit_status++;
-	return;
+        fprintf(stderr, ctx_err_fmt, progname);
+        free(dbname_tmp);
+        exit_status++;
+        return;
     }
 
     if( (kret = krb5_set_default_realm(kcontext, util_context->default_realm)) )
     {
-	fprintf(stderr, "%s: Unable to set the default realm\n", progname);
-	free(dbname_tmp);
-	exit_status++;
-	return;
+        fprintf(stderr, "%s: Unable to set the default realm\n", progname);
+        free(dbname_tmp);
+        exit_status++;
+        return;
     }
 
     if (log_ctx && log_ctx->iproprole)
-	kcontext->kdblog_context = log_ctx;
+        kcontext->kdblog_context = log_ctx;
 
     /*
      * Open the dumpfile
      */
     if (dumpfile) {
-	if ((f = fopen(dumpfile, "r")) == NULL) {
-	     fprintf(stderr, dfile_err_fmt, progname, dumpfile,
-		     error_message(errno)); 
-	     exit_status++;
-	     return;
-	}
-	if ((kret = krb5_lock_file(kcontext, fileno(f),
-				   KRB5_LOCKMODE_SHARED))) {
-	     fprintf(stderr, "%s: Cannot lock %s: %s\n", progname,
-		     dumpfile, error_message(errno));
-	     exit_status++;
-	     return;
-	}
+        if ((f = fopen(dumpfile, "r")) == NULL) {
+            fprintf(stderr, dfile_err_fmt, progname, dumpfile,
+                    error_message(errno));
+            exit_status++;
+            return;
+        }
+        if ((kret = krb5_lock_file(kcontext, fileno(f),
+                                   KRB5_LOCKMODE_SHARED))) {
+            fprintf(stderr, "%s: Cannot lock %s: %s\n", progname,
+                    dumpfile, error_message(errno));
+            exit_status++;
+            return;
+        }
     } else
-	f = stdin;
+        f = stdin;
 
     /*
      * Auto-detect dump version if we weren't told, verify if we
@@ -2486,41 +2487,41 @@ load_db(argc, argv)
      */
     fgets(buf, sizeof(buf), f);
     if (load) {
-	 /* only check what we know; some headers only contain a prefix */
-	 /* NB: this should work for ipropx even though load is iprop */
-	 if (strncmp(buf, load->header, strlen(load->header)) != 0) {
-	      fprintf(stderr, head_bad_fmt, progname, dumpfile);
-	      exit_status++;
-	      if (dumpfile) fclose(f);
-	      return;
-	 }
+        /* only check what we know; some headers only contain a prefix */
+        /* NB: this should work for ipropx even though load is iprop */
+        if (strncmp(buf, load->header, strlen(load->header)) != 0) {
+            fprintf(stderr, head_bad_fmt, progname, dumpfile);
+            exit_status++;
+            if (dumpfile) fclose(f);
+            return;
+        }
     } else {
-	 /* perhaps this should be in an array, but so what? */
-	 if (strcmp(buf, old_version.header) == 0)
-	      load = &old_version;
-	 else if (strcmp(buf, beta6_version.header) == 0)
-	      load = &beta6_version;
-	 else if (strcmp(buf, beta7_version.header) == 0)
-	      load = &beta7_version;
-	 else if (strcmp(buf, r1_3_version.header) == 0)
-	      load = &r1_3_version;
-	 else if (strcmp(buf, r1_8_version.header) == 0)
-	      load = &r1_8_version;
-	 else if (strncmp(buf, ov_version.header,
-			  strlen(ov_version.header)) == 0)
-	      load = &ov_version;
-	 else {
-	      fprintf(stderr, head_bad_fmt, progname, dumpfile);
-	      exit_status++;
-	      if (dumpfile) fclose(f);
-	      return;
-	 }
+        /* perhaps this should be in an array, but so what? */
+        if (strcmp(buf, old_version.header) == 0)
+            load = &old_version;
+        else if (strcmp(buf, beta6_version.header) == 0)
+            load = &beta6_version;
+        else if (strcmp(buf, beta7_version.header) == 0)
+            load = &beta7_version;
+        else if (strcmp(buf, r1_3_version.header) == 0)
+            load = &r1_3_version;
+        else if (strcmp(buf, r1_8_version.header) == 0)
+            load = &r1_8_version;
+        else if (strncmp(buf, ov_version.header,
+                         strlen(ov_version.header)) == 0)
+            load = &ov_version;
+        else {
+            fprintf(stderr, head_bad_fmt, progname, dumpfile);
+            exit_status++;
+            if (dumpfile) fclose(f);
+            return;
+        }
     }
     if (load->updateonly && !(flags & FLAG_UPDATE)) {
-	 fprintf(stderr, "%s: dump version %s can only be loaded with the "
-		 "-update flag\n", progname, load->name);
-	 exit_status++;
-	 return;
+        fprintf(stderr, "%s: dump version %s can only be loaded with the "
+                "-update flag\n", progname, load->name);
+        exit_status++;
+        return;
     }
 
     /*
@@ -2530,74 +2531,74 @@ load_db(argc, argv)
      */
     newparams = global_params;
     if (! (flags & FLAG_UPDATE)) {
-	 newparams.mask |= KADM5_CONFIG_DBNAME;
-	 newparams.dbname = dbname_tmp;
-
-	 if ((kret = kadm5_get_config_params(kcontext, 1,
-					     &newparams, &newparams))) {
-	      com_err(progname, kret,
-		      "while retreiving new configuration parameters");
-	      exit_status++;
-	      return;
-	 }
-
-	 if (!add_db_arg("temporary")) {
-	     com_err(progname, ENOMEM, "computing parameters for database");
-	     exit(1);
-	 }
-
-	 if (!add_update && !add_db_arg("merge_nra")) {
-	     com_err(progname, ENOMEM, "computing parameters for database");
-	     exit(1);
-	 }
+        newparams.mask |= KADM5_CONFIG_DBNAME;
+        newparams.dbname = dbname_tmp;
+
+        if ((kret = kadm5_get_config_params(kcontext, 1,
+                                            &newparams, &newparams))) {
+            com_err(progname, kret,
+                    "while retreiving new configuration parameters");
+            exit_status++;
+            return;
+        }
+
+        if (!add_db_arg("temporary")) {
+            com_err(progname, ENOMEM, "computing parameters for database");
+            exit(1);
+        }
+
+        if (!add_update && !add_db_arg("merge_nra")) {
+            com_err(progname, ENOMEM, "computing parameters for database");
+            exit(1);
+        }
     }
-    
+
     /*
      * If not an update restoration, create the database. otherwise open
      */
     if (!(flags & FLAG_UPDATE)) {
-	if((kret = krb5_db_create(kcontext, db5util_db_args))) {
-	    const char *emsg = krb5_get_error_message(kcontext, kret);
-	    /* 
-	     * See if something (like DAL KDB plugin) has set a specific error
-	     * message and use that otherwise use default.
-	     */
-
-	    if (emsg != NULL) {
-		fprintf(stderr, "%s: %s\n", progname, emsg);
-		krb5_free_error_message (kcontext, emsg);
-	    } else {
-		fprintf(stderr, dbcreaterr_fmt,
-			progname, dbname, error_message(kret));
-	    }
-	    exit_status++;
-	    kadm5_free_config_params(kcontext, &newparams);
-	    if (dumpfile) fclose(f);
-	    return;
-	}
+        if((kret = krb5_db_create(kcontext, db5util_db_args))) {
+            const char *emsg = krb5_get_error_message(kcontext, kret);
+            /*
+             * See if something (like DAL KDB plugin) has set a specific error
+             * message and use that otherwise use default.
+             */
+
+            if (emsg != NULL) {
+                fprintf(stderr, "%s: %s\n", progname, emsg);
+                krb5_free_error_message (kcontext, emsg);
+            } else {
+                fprintf(stderr, dbcreaterr_fmt,
+                        progname, dbname, error_message(kret));
+            }
+            exit_status++;
+            kadm5_free_config_params(kcontext, &newparams);
+            if (dumpfile) fclose(f);
+            return;
+        }
     }
     else {
-	    /*
-	     * Initialize the database.
-	     */
-	    if ((kret = krb5_db_open(kcontext, db5util_db_args, 
-				     KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) {
-		const char *emsg = krb5_get_error_message(kcontext, kret);
-		/* 
-		 * See if something (like DAL KDB plugin) has set a specific
-		 * error message and use that otherwise use default.
-		 */
-
-		if (emsg != NULL) {
-		    fprintf(stderr, "%s: %s\n", progname, emsg);
-		    krb5_free_error_message (kcontext, emsg);
-		} else {
-		    fprintf(stderr, dbinit_err_fmt,
-			    progname, error_message(kret));
-		}
-		exit_status++;
-		goto error;
-	    }
+        /*
+         * Initialize the database.
+         */
+        if ((kret = krb5_db_open(kcontext, db5util_db_args,
+                                 KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) {
+            const char *emsg = krb5_get_error_message(kcontext, kret);
+            /*
+             * See if something (like DAL KDB plugin) has set a specific
+             * error message and use that otherwise use default.
+             */
+
+            if (emsg != NULL) {
+                fprintf(stderr, "%s: %s\n", progname, emsg);
+                krb5_free_error_message (kcontext, emsg);
+            } else {
+                fprintf(stderr, dbinit_err_fmt,
+                        progname, error_message(kret));
+            }
+            exit_status++;
+            goto error;
+        }
     }
 
 
@@ -2606,132 +2607,132 @@ load_db(argc, argv)
      * the update fails.
      */
     if ((kret = krb5_db_lock(kcontext,
-			     (flags & FLAG_UPDATE) ?
-				KRB5_DB_LOCKMODE_PERMANENT :
-				KRB5_DB_LOCKMODE_EXCLUSIVE))) {
-	/* 
-	 * Ignore a not supported error since there is nothing to do about it
-	 * anyway.
-	 */
-	if (kret != KRB5_PLUGIN_OP_NOTSUPP) {
-	    fprintf(stderr, "%s: %s while permanently locking database\n",
-		    progname, error_message(kret));
-	    exit_status++;
-	    goto error;
-	}
+                             (flags & FLAG_UPDATE) ?
+                             KRB5_DB_LOCKMODE_PERMANENT :
+                             KRB5_DB_LOCKMODE_EXCLUSIVE))) {
+        /*
+         * Ignore a not supported error since there is nothing to do about it
+         * anyway.
+         */
+        if (kret != KRB5_PLUGIN_OP_NOTSUPP) {
+            fprintf(stderr, "%s: %s while permanently locking database\n",
+                    progname, error_message(kret));
+            exit_status++;
+            goto error;
+        }
     }
     else
-	db_locked = 1;
-    
+        db_locked = 1;
+
     if (log_ctx && log_ctx->iproprole) {
-	if (add_update)
-	    caller = FKCOMMAND;
-	else
-	    caller = FKPROPD;
-
-	if (ulog_map(kcontext, global_params.iprop_logfile,
-		     global_params.iprop_ulogsize, caller, db5util_db_args)) {
-	    fprintf(stderr, _("%s: Could not map log\n"),
-		    progname);
-	    exit_status++;
-	    goto error;
-	}
-
-	/*
-	 * We don't want to take out the ulog out from underneath
-	 * kadmind so we reinit the header log.
-	 *
-	 * We also don't want to add to the update log since we
-	 * are doing a whole sale replace of the db, because:
-	 * 	we could easily exceed # of update entries
-	 * 	we could implicity delete db entries during a replace
-	 *	no advantage in incr updates when entire db is replaced
-	 */
-	if (!(flags & FLAG_UPDATE)) {
-	    memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t));
-
-	    log_ctx->ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
-	    log_ctx->ulog->db_version_num = KDB_VERSION;
-	    log_ctx->ulog->kdb_state = KDB_STABLE;
-	    log_ctx->ulog->kdb_block = ULOG_BLOCK;
-
-	    log_ctx->iproprole = IPROP_NULL;
-
-	    if (!add_update) {
-		unsigned int ipropx_version = IPROPX_VERSION_0;
-
-		if (!strncmp(buf, "ipropx ", sizeof("ipropx ") - 1))
-		    sscanf(buf, "%s %u %u %u %u", iheader,
-			   &ipropx_version, &last_sno,
-			   &last_seconds, &last_useconds);
-		else
-		    sscanf(buf, "%s %u %u %u", iheader, &last_sno,
-		       &last_seconds, &last_useconds);
-
-		switch (ipropx_version) {
-		case IPROPX_VERSION_0:
-		    load = &iprop_version;
-		    break;
-		case IPROPX_VERSION_1:
-		    load = &ipropx_1_version;
-		    break;
-		default:
-		    fprintf(stderr, _("%s: Unknown iprop dump version %d\n"),
-			    progname, ipropx_version);
-		    exit_status++;
-		    goto error;
-		}
-
-		log_ctx->ulog->kdb_last_sno = last_sno;
-		log_ctx->ulog->kdb_last_time.seconds =
-		    last_seconds;
-		log_ctx->ulog->kdb_last_time.useconds =
-		    last_useconds;
-	    }
-	}
+        if (add_update)
+            caller = FKCOMMAND;
+        else
+            caller = FKPROPD;
+
+        if (ulog_map(kcontext, global_params.iprop_logfile,
+                     global_params.iprop_ulogsize, caller, db5util_db_args)) {
+            fprintf(stderr, _("%s: Could not map log\n"),
+                    progname);
+            exit_status++;
+            goto error;
+        }
+
+        /*
+         * We don't want to take out the ulog out from underneath
+         * kadmind so we reinit the header log.
+         *
+         * We also don't want to add to the update log since we
+         * are doing a whole sale replace of the db, because:
+         *      we could easily exceed # of update entries
+         *      we could implicity delete db entries during a replace
+         *      no advantage in incr updates when entire db is replaced
+         */
+        if (!(flags & FLAG_UPDATE)) {
+            memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t));
+
+            log_ctx->ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
+            log_ctx->ulog->db_version_num = KDB_VERSION;
+            log_ctx->ulog->kdb_state = KDB_STABLE;
+            log_ctx->ulog->kdb_block = ULOG_BLOCK;
+
+            log_ctx->iproprole = IPROP_NULL;
+
+            if (!add_update) {
+                unsigned int ipropx_version = IPROPX_VERSION_0;
+
+                if (!strncmp(buf, "ipropx ", sizeof("ipropx ") - 1))
+                    sscanf(buf, "%s %u %u %u %u", iheader,
+                           &ipropx_version, &last_sno,
+                           &last_seconds, &last_useconds);
+                else
+                    sscanf(buf, "%s %u %u %u", iheader, &last_sno,
+                           &last_seconds, &last_useconds);
+
+                switch (ipropx_version) {
+                case IPROPX_VERSION_0:
+                    load = &iprop_version;
+                    break;
+                case IPROPX_VERSION_1:
+                    load = &ipropx_1_version;
+                    break;
+                default:
+                    fprintf(stderr, _("%s: Unknown iprop dump version %d\n"),
+                            progname, ipropx_version);
+                    exit_status++;
+                    goto error;
+                }
+
+                log_ctx->ulog->kdb_last_sno = last_sno;
+                log_ctx->ulog->kdb_last_time.seconds =
+                    last_seconds;
+                log_ctx->ulog->kdb_last_time.useconds =
+                    last_useconds;
+            }
+        }
     }
 
     if (restore_dump(progname, kcontext, (dumpfile) ? dumpfile : stdin_name,
-		     f, flags, load)) {
-	 fprintf(stderr, restfail_fmt,
-		 progname, load->name);
-	 exit_status++;
+                     f, flags, load)) {
+        fprintf(stderr, restfail_fmt,
+                progname, load->name);
+        exit_status++;
     }
 
     if (!(flags & FLAG_UPDATE) && load->create_kadm5 &&
-	((kret = kadm5_create_magic_princs(&newparams, kcontext)))) {
-	 /* error message printed by create_magic_princs */
-	 exit_status++;
+        ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) {
+        /* error message printed by create_magic_princs */
+        exit_status++;
     }
-    
+
     if (db_locked && (kret = krb5_db_unlock(kcontext))) {
-	 /* change this error? */
-	 fprintf(stderr, dbunlockerr_fmt,
-		 progname, dbname, error_message(kret));
-	 exit_status++;
+        /* change this error? */
+        fprintf(stderr, dbunlockerr_fmt,
+                progname, dbname, error_message(kret));
+        exit_status++;
     }
 
 #if 0
     if ((kret = krb5_db_fini(kcontext))) {
-	 fprintf(stderr, close_err_fmt,
-		 progname, error_message(kret));
-	 exit_status++;
+        fprintf(stderr, close_err_fmt,
+                progname, error_message(kret));
+        exit_status++;
     }
 #endif
 
     /* close policy db below */
 
     if (exit_status == 0 && !(flags & FLAG_UPDATE)) {
-	kret = krb5_db_promote(kcontext, db5util_db_args);
-	/* 
-	 * Ignore a not supported error since there is nothing to do about it
-	 * anyway.
-	 */
-	if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
-	    fprintf(stderr, "%s: cannot make newly loaded database live (%s)\n",
-		    progname, error_message(kret));
-	    exit_status++;
-	}
+        kret = krb5_db_promote(kcontext, db5util_db_args);
+        /*
+         * Ignore a not supported error since there is nothing to do about it
+         * anyway.
+         */
+        if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
+            fprintf(stderr, "%s: cannot make newly loaded database live (%s)\n",
+                    progname, error_message(kret));
+            exit_status++;
+        }
     }
 
 error:
@@ -2742,26 +2743,26 @@ error:
      * If an update: if there was no error, unlock the database.
      */
     if (!(flags & FLAG_UPDATE)) {
-	 if (exit_status) {
-	      kret = krb5_db_destroy(kcontext, db5util_db_args);
-	      /* 
-	       * Ignore a not supported error since there is nothing to do about
-	       * it anyway.
-	       */
-	      if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
-		   fprintf(stderr, dbdelerr_fmt,
-			   progname, dbname, error_message(kret));
-		   exit_status++;
-	      }
-	 }
+        if (exit_status) {
+            kret = krb5_db_destroy(kcontext, db5util_db_args);
+            /*
+             * Ignore a not supported error since there is nothing to do about
+             * it anyway.
+             */
+            if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) {
+                fprintf(stderr, dbdelerr_fmt,
+                        progname, dbname, error_message(kret));
+                exit_status++;
+            }
+        }
     }
 
     if (dumpfile) {
-	 (void) krb5_lock_file(kcontext, fileno(f), KRB5_LOCKMODE_UNLOCK);
-	 fclose(f);
+        (void) krb5_lock_file(kcontext, fileno(f), KRB5_LOCKMODE_UNLOCK);
+        fclose(f);
     }
 
     if (dbname_tmp)
-	 free(dbname_tmp);
+        free(dbname_tmp);
     krb5_free_context(kcontext);
 }
diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
index a232babd1..5cce78cb8 100644
--- a/src/kadmin/dbutil/kadm5_create.c
+++ b/src/kadmin/dbutil/kadm5_create.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
  *
@@ -6,14 +7,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -24,7 +25,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -49,7 +50,7 @@
 #include "kdb5_util.h"
 
 static int add_admin_princ(void *handle, krb5_context context,
-		    char *name, char *realm, int attrs, int lifetime);
+                           char *name, char *realm, int attrs, int lifetime);
 static int add_admin_princs(void *handle, krb5_context context, char *realm);
 
 #define ERR 1
@@ -63,65 +64,65 @@ static int add_admin_princs(void *handle, krb5_context context, char *realm);
  *
  * Purpose: create admin principals in KDC database
  *
- * Arguments:	params	(r) configuration parameters to use
- *      
+ * Arguments:   params  (r) configuration parameters to use
+ *
  * Effects:  Creates KADM5_ADMIN_SERVICE and KADM5_CHANGEPW_SERVICE
  * principals in the KDC database and sets their attributes
  * appropriately.
  */
 int kadm5_create(kadm5_config_params *params)
 {
-     int retval;
-     krb5_context context;
+    int retval;
+    krb5_context context;
 
-     kadm5_config_params lparams;
+    kadm5_config_params lparams;
 
-     if ((retval = kadm5_init_krb5_context(&context)))
-	  exit(ERR);
+    if ((retval = kadm5_init_krb5_context(&context)))
+        exit(ERR);
 
-     /*
-      * The lock file has to exist before calling kadm5_init, but
-      * params->admin_lockfile may not be set yet...
-      */
-     if ((retval = kadm5_get_config_params(context, 1,
-					   params, &lparams))) {
-	  com_err(progname, retval, "while looking up the Kerberos configuration");
-	  return 1;
-     }
+    /*
+     * The lock file has to exist before calling kadm5_init, but
+     * params->admin_lockfile may not be set yet...
+     */
+    if ((retval = kadm5_get_config_params(context, 1,
+                                          params, &lparams))) {
+        com_err(progname, retval, "while looking up the Kerberos configuration");
+        return 1;
+    }
 
-     retval = kadm5_create_magic_princs(&lparams, context);
+    retval = kadm5_create_magic_princs(&lparams, context);
 
-     kadm5_free_config_params(context, &lparams);
-     krb5_free_context(context);
+    kadm5_free_config_params(context, &lparams);
+    krb5_free_context(context);
 
-     return retval;
+    return retval;
 }
 
 int kadm5_create_magic_princs(kadm5_config_params *params,
-			      krb5_context context)
+                              krb5_context context)
 {
-     int retval;
-     void *handle;
-     
-     retval = krb5_klog_init(context, "admin_server", progname, 0);
-     if (retval)
-	  return retval;
-     if ((retval = kadm5_init(context, progname, NULL, NULL, params,
-			      KADM5_STRUCT_VERSION,
-			      KADM5_API_VERSION_3,
-			      db5util_db_args,
-			      &handle))) {
-	  com_err(progname, retval, "while initializing the Kerberos admin interface");
-	  return retval;
-     }
-
-     retval = add_admin_princs(handle, context, params->realm);
-
-     kadm5_destroy(handle);
-
-     krb5_klog_close(context);
-
-     return retval;
+    int retval;
+    void *handle;
+
+    retval = krb5_klog_init(context, "admin_server", progname, 0);
+    if (retval)
+        return retval;
+    if ((retval = kadm5_init(context, progname, NULL, NULL, params,
+                             KADM5_STRUCT_VERSION,
+                             KADM5_API_VERSION_3,
+                             db5util_db_args,
+                             &handle))) {
+        com_err(progname, retval, "while initializing the Kerberos admin interface");
+        return retval;
+    }
+
+    retval = add_admin_princs(handle, context, params->realm);
+
+    kadm5_destroy(handle);
+
+    krb5_klog_close(context);
+
+    return retval;
 }
 
 /*
@@ -131,22 +132,22 @@ int kadm5_create_magic_princs(kadm5_config_params *params,
  *
  * Arguments:
  *
- * 	name	(input) the name
- * 	realm	(input) the realm
+ *      name    (input) the name
+ *      realm   (input) the realm
  *
  * Returns:
  *
- * 	pointer to name@realm, in allocated memory, or NULL if it
- * 	cannot be allocated
+ *      pointer to name@realm, in allocated memory, or NULL if it
+ *      cannot be allocated
  *
  * Requires: both strings are null-terminated
  */
 static char *build_name_with_realm(char *name, char *realm)
 {
-     char *n;
+    char *n;
 
-     asprintf(&n, "%s@%s", name, realm);
-     return n;
+    asprintf(&n, "%s@%s", name, realm);
+    return n;
 }
 
 /*
@@ -156,14 +157,14 @@ static char *build_name_with_realm(char *name, char *realm)
  *
  * Arguments:
  *
- * 	rseed		(input) random seed
- * 	realm		(input) realm, or NULL for default realm
+ *      rseed           (input) random seed
+ *      realm           (input) realm, or NULL for default realm
  *      <return value>  (output) status, 0 for success, 1 for serious error
- *      
+ *
  * Requires:
- *      
+ *
  * Effects:
- *      
+ *
  * add_admin_princs creates KADM5_ADMIN_SERVICE,
  * KADM5_CHANGEPW_SERVICE.  If any of these exist a message is
  * printed.  If any of these existing principal do not have the proper
@@ -171,79 +172,79 @@ static char *build_name_with_realm(char *name, char *realm)
  */
 static int add_admin_princs(void *handle, krb5_context context, char *realm)
 {
-  krb5_error_code ret = 0;
-  char *service_name = 0, *p;
-  char localname[MAXHOSTNAMELEN];
-  struct addrinfo *ai, ai_hints;
-  int gai_error;
-
-  if (gethostname(localname, MAXHOSTNAMELEN)) {
-      ret = errno;
-      perror("gethostname");
-      goto clean_and_exit;
-  }
-  memset(&ai_hints, 0, sizeof(ai_hints));
-  ai_hints.ai_flags = AI_CANONNAME;
-  gai_error = getaddrinfo(localname, (char *)NULL, &ai_hints, &ai);
-  if (gai_error) {
-      ret = EINVAL;
-      fprintf(stderr, "getaddrinfo(%s): %s\n", localname,
-	      gai_strerror(gai_error));
-      goto clean_and_exit;
-  }
-  if (ai->ai_canonname == NULL) {
-      ret = EINVAL;
-      fprintf(stderr,
-	      "getaddrinfo(%s): Cannot determine canonical hostname.\n",
-	      localname);
-      freeaddrinfo(ai);
-      goto clean_and_exit;
-  }
-  for (p = ai->ai_canonname; *p; p++) {
+    krb5_error_code ret = 0;
+    char *service_name = 0, *p;
+    char localname[MAXHOSTNAMELEN];
+    struct addrinfo *ai, ai_hints;
+    int gai_error;
+
+    if (gethostname(localname, MAXHOSTNAMELEN)) {
+        ret = errno;
+        perror("gethostname");
+        goto clean_and_exit;
+    }
+    memset(&ai_hints, 0, sizeof(ai_hints));
+    ai_hints.ai_flags = AI_CANONNAME;
+    gai_error = getaddrinfo(localname, (char *)NULL, &ai_hints, &ai);
+    if (gai_error) {
+        ret = EINVAL;
+        fprintf(stderr, "getaddrinfo(%s): %s\n", localname,
+                gai_strerror(gai_error));
+        goto clean_and_exit;
+    }
+    if (ai->ai_canonname == NULL) {
+        ret = EINVAL;
+        fprintf(stderr,
+                "getaddrinfo(%s): Cannot determine canonical hostname.\n",
+                localname);
+        freeaddrinfo(ai);
+        goto clean_and_exit;
+    }
+    for (p = ai->ai_canonname; *p; p++) {
 #ifdef isascii
-      if (!isascii(*p))
-	  continue;
+        if (!isascii(*p))
+            continue;
 #else
-      if (*p < ' ')
-	  continue;
-      if (*p > '~')
-	  continue;
+        if (*p < ' ')
+            continue;
+        if (*p > '~')
+            continue;
 #endif
-      if (!isupper(*p))
-	  continue;
-      *p = tolower(*p);
-  }
-  if (asprintf(&service_name, "kadmin/%s", ai->ai_canonname) < 0) {
-      ret = ENOMEM;
-      fprintf(stderr, "Out of memory\n");
-      freeaddrinfo(ai);
-      goto clean_and_exit;
-  }
-  freeaddrinfo(ai);
-
-  if ((ret = add_admin_princ(handle, context,
-			     service_name, realm,
-			     KRB5_KDB_DISALLOW_TGT_BASED,
-			     ADMIN_LIFETIME)))
-      goto clean_and_exit;
-
-  if ((ret = add_admin_princ(handle, context,
-			     KADM5_ADMIN_SERVICE, realm,
-			     KRB5_KDB_DISALLOW_TGT_BASED,
-			     ADMIN_LIFETIME)))
-       goto clean_and_exit;
-
-  if ((ret = add_admin_princ(handle, context, 
-			     KADM5_CHANGEPW_SERVICE, realm, 
-			     KRB5_KDB_DISALLOW_TGT_BASED |
-			     KRB5_KDB_PWCHANGE_SERVICE,
-			     CHANGEPW_LIFETIME)))
-       goto clean_and_exit;
-  
+        if (!isupper(*p))
+            continue;
+        *p = tolower(*p);
+    }
+    if (asprintf(&service_name, "kadmin/%s", ai->ai_canonname) < 0) {
+        ret = ENOMEM;
+        fprintf(stderr, "Out of memory\n");
+        freeaddrinfo(ai);
+        goto clean_and_exit;
+    }
+    freeaddrinfo(ai);
+
+    if ((ret = add_admin_princ(handle, context,
+                               service_name, realm,
+                               KRB5_KDB_DISALLOW_TGT_BASED,
+                               ADMIN_LIFETIME)))
+        goto clean_and_exit;
+
+    if ((ret = add_admin_princ(handle, context,
+                               KADM5_ADMIN_SERVICE, realm,
+                               KRB5_KDB_DISALLOW_TGT_BASED,
+                               ADMIN_LIFETIME)))
+        goto clean_and_exit;
+
+    if ((ret = add_admin_princ(handle, context,
+                               KADM5_CHANGEPW_SERVICE, realm,
+                               KRB5_KDB_DISALLOW_TGT_BASED |
+                               KRB5_KDB_PWCHANGE_SERVICE,
+                               CHANGEPW_LIFETIME)))
+        goto clean_and_exit;
+
 clean_and_exit:
-  free(service_name);
+    free(service_name);
 
-  return ret;
+    return ret;
 }
 
 /*
@@ -251,23 +252,23 @@ clean_and_exit:
  *
  * Arguments:
  *
- * 	creator		(r) principal to use as "mod_by"
- * 	rseed		(r) seed for random key generator
- * 	name		(r) principal name
- * 	realm		(r) realm name for principal
- * 	attrs		(r) principal's attributes
- * 	lifetime	(r) principal's max life, or 0
- * 	not_unique	(r) error message for multiple entries, never used
- * 	exists		(r) warning message for principal exists
- * 	wrong_attrs	(r) warning message for wrong attributes
+ *      creator         (r) principal to use as "mod_by"
+ *      rseed           (r) seed for random key generator
+ *      name            (r) principal name
+ *      realm           (r) realm name for principal
+ *      attrs           (r) principal's attributes
+ *      lifetime        (r) principal's max life, or 0
+ *      not_unique      (r) error message for multiple entries, never used
+ *      exists          (r) warning message for principal exists
+ *      wrong_attrs     (r) warning message for wrong attributes
  *
  * Returns:
  *
- * 	OK on success
- * 	ERR on serious errors
+ *      OK on success
+ *      ERR on serious errors
  *
  * Effects:
- * 
+ *
  * If the principal is not unique, not_unique is printed (but this
  * never happens).  If the principal exists, then exists is printed
  * and if the principals attributes != attrs, wrong_attrs is printed.
@@ -276,56 +277,56 @@ clean_and_exit:
  */
 
 int add_admin_princ(void *handle, krb5_context context,
-		    char *name, char *realm, int attrs, int lifetime)
+                    char *name, char *realm, int attrs, int lifetime)
 {
-     char *fullname;
-     krb5_error_code ret;
-     kadm5_principal_ent_rec ent;
-
-     memset(&ent, 0, sizeof(ent));
-
-     fullname = build_name_with_realm(name, realm);
-     ret = krb5_parse_name(context, fullname, &ent.principal);
-     if (ret) {
-	  com_err(progname, ret, str_PARSE_NAME);
-	  return(ERR);
-     }
-     ent.max_life = lifetime;
-     ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX;
-     
-     ret = kadm5_create_principal(handle, &ent,
-				  (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
-				   KADM5_ATTRIBUTES),
-				  "to-be-random");
-     if (ret) {
-	  if (ret != KADM5_DUP) {
-	       com_err(progname, ret, str_PUT_PRINC, fullname);
-	       krb5_free_principal(context, ent.principal);
-	       free(fullname);
-	       return ERR;
-	  }
-     } else {
-	  /* only randomize key if we created the principal */
-	  ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL);
-	  if (ret) {
-	       com_err(progname, ret, str_RANDOM_KEY, fullname);
-	       krb5_free_principal(context, ent.principal);
-	       free(fullname);
-	       return ERR;
-	  }
-	  
-	  ent.attributes = attrs;
-	  ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES);
-	  if (ret) {
-	       com_err(progname, ret, str_PUT_PRINC, fullname);
-	       krb5_free_principal(context, ent.principal);
-	       free(fullname);
-	       return ERR;
-	  }
-     }
-     
-     krb5_free_principal(context, ent.principal);
-     free(fullname);
-
-     return OK;
+    char *fullname;
+    krb5_error_code ret;
+    kadm5_principal_ent_rec ent;
+
+    memset(&ent, 0, sizeof(ent));
+
+    fullname = build_name_with_realm(name, realm);
+    ret = krb5_parse_name(context, fullname, &ent.principal);
+    if (ret) {
+        com_err(progname, ret, str_PARSE_NAME);
+        return(ERR);
+    }
+    ent.max_life = lifetime;
+    ent.attributes = attrs | KRB5_KDB_DISALLOW_ALL_TIX;
+
+    ret = kadm5_create_principal(handle, &ent,
+                                 (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
+                                  KADM5_ATTRIBUTES),
+                                 "to-be-random");
+    if (ret) {
+        if (ret != KADM5_DUP) {
+            com_err(progname, ret, str_PUT_PRINC, fullname);
+            krb5_free_principal(context, ent.principal);
+            free(fullname);
+            return ERR;
+        }
+    } else {
+        /* only randomize key if we created the principal */
+        ret = kadm5_randkey_principal(handle, ent.principal, NULL, NULL);
+        if (ret) {
+            com_err(progname, ret, str_RANDOM_KEY, fullname);
+            krb5_free_principal(context, ent.principal);
+            free(fullname);
+            return ERR;
+        }
+
+        ent.attributes = attrs;
+        ret = kadm5_modify_principal(handle, &ent, KADM5_ATTRIBUTES);
+        if (ret) {
+            com_err(progname, ret, str_PUT_PRINC, fullname);
+            krb5_free_principal(context, ent.principal);
+            free(fullname);
+            return ERR;
+        }
+    }
+
+    krb5_free_principal(context, ent.principal);
+    free(fullname);
+
+    return OK;
 }
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index 3cf84fee0..358577180 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/dbutil/kdb5_create.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +23,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Generate (from scratch) a Kerberos KDC database.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +48,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -66,9 +67,9 @@
 #include "kdb5_util.h"
 
 enum ap_op {
-    NULL_KEY,				/* setup null keys */
-    MASTER_KEY,				/* use master key as new key */
-    TGT_KEY				/* special handling for tgt key */
+    NULL_KEY,                           /* setup null keys */
+    MASTER_KEY,                         /* use master key as new key */
+    TGT_KEY                             /* special handling for tgt key */
 };
 
 krb5_key_salt_tuple def_kslist = { ENCTYPE_DES_CBC_CRC, KRB5_KDB_SALTTYPE_NORMAL };
@@ -92,16 +93,16 @@ struct realm_info {
 };
 
 struct iterate_args {
-    krb5_context	ctx;
-    struct realm_info	*rblock;
-    krb5_db_entry	*dbentp;
+    krb5_context        ctx;
+    struct realm_info   *rblock;
+    krb5_db_entry       *dbentp;
 };
 
-static krb5_error_code add_principal 
-	(krb5_context,
-	 krb5_principal,
-	 enum ap_op,
-	 struct realm_info *);
+static krb5_error_code add_principal
+(krb5_context,
+ krb5_principal,
+ enum ap_op,
+ struct realm_info *);
 
 /*
  * Steps in creating a database:
@@ -122,28 +123,28 @@ extern krb5_principal master_princ;
 krb5_data master_salt;
 
 krb5_data tgt_princ_entries[] = {
-	{0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
-	{0, 0, 0} };
+    {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
+    {0, 0, 0} };
 
 krb5_data db_creator_entries[] = {
-	{0, sizeof("db_creation")-1, "db_creation"} };
+    {0, sizeof("db_creation")-1, "db_creation"} };
 
 /* XXX knows about contents of krb5_principal, and that tgt names
- are of form TGT/REALM@REALM */
+   are of form TGT/REALM@REALM */
 krb5_principal_data tgt_princ = {
-        0,					/* magic number */
-	{0, 0, 0},				/* krb5_data realm */
-	tgt_princ_entries,			/* krb5_data *data */
-	2,					/* int length */
-	KRB5_NT_SRV_INST			/* int type */
+    0,                                      /* magic number */
+    {0, 0, 0},                              /* krb5_data realm */
+    tgt_princ_entries,                      /* krb5_data *data */
+    2,                                      /* int length */
+    KRB5_NT_SRV_INST                        /* int type */
 };
 
 krb5_principal_data db_create_princ = {
-        0,					/* magic number */
-	{0, 0, 0},				/* krb5_data realm */
-	db_creator_entries,			/* krb5_data *data */
-	1,					/* int length */
-	KRB5_NT_SRV_INST			/* int type */
+    0,                                      /* magic number */
+    {0, 0, 0},                              /* krb5_data realm */
+    db_creator_entries,                     /* krb5_data *data */
+    1,                                      /* int length */
+    KRB5_NT_SRV_INST                        /* int type */
 };
 
 extern char *mkey_password;
@@ -154,8 +155,8 @@ extern kadm5_config_params global_params;
 extern krb5_context util_context;
 
 void kdb5_create(argc, argv)
-   int argc;
-   char *argv[];
+    int argc;
+    char *argv[];
 {
     int optchar;
 
@@ -168,26 +169,26 @@ void kdb5_create(argc, argv)
     kdb_log_context *log_ctx;
     krb5_kvno mkey_kvno;
     int strong_random = 1;
-	   
+
     while ((optchar = getopt(argc, argv, "sW")) != -1) {
-	switch(optchar) {
-	case 's':
-	    do_stash++;
-	    break;
-	case 'h':
-	    if (!add_db_arg("hash=true")) {
-		com_err(progname, ENOMEM, "while parsing command arguments\n");
-		exit(1);
-	    }
-	    break;
-	case 'W':
-	    strong_random = 0;
-	    break;
-	case '?':
-	default:
-	    usage();
-	    return;
-	}
+        switch(optchar) {
+        case 's':
+            do_stash++;
+            break;
+        case 'h':
+            if (!add_db_arg("hash=true")) {
+                com_err(progname, ENOMEM, "while parsing command arguments\n");
+                exit(1);
+            }
+            break;
+        case 'W':
+            strong_random = 0;
+            break;
+        case '?':
+        default:
+            usage();
+        return;
+        }
     }
 
     rblock.max_life = global_params.max_life;
@@ -202,18 +203,18 @@ void kdb5_create(argc, argv)
     printf ("Loading random data\n");
     retval = krb5_c_random_os_entropy (util_context, strong_random, NULL);
     if (retval) {
-      com_err (progname, retval, "Loading random data");
-      exit_status++; return;
+        com_err (progname, retval, "Loading random data");
+        exit_status++; return;
     }
-    
+
     /* assemble & parse the master key name */
 
     if ((retval = krb5_db_setup_mkey_name(util_context,
-					  global_params.mkey_name,
-					  global_params.realm,  
-					  &mkey_fullname, &master_princ))) {
-	com_err(progname, retval, "while setting up master key name");
-	exit_status++; return;
+                                          global_params.mkey_name,
+                                          global_params.realm,
+                                          &mkey_fullname, &master_princ))) {
+        com_err(progname, retval, "while setting up master key name");
+        exit_status++; return;
     }
 
     krb5_princ_set_realm_data(util_context, &db_create_princ, global_params.realm);
@@ -225,42 +226,42 @@ void kdb5_create(argc, argv)
 
     printf("Initializing database '%s' for realm '%s',\n\
 master key name '%s'\n",
-	   global_params.dbname, global_params.realm, mkey_fullname);
+           global_params.dbname, global_params.realm, mkey_fullname);
 
     if (!mkey_password) {
-	printf("You will be prompted for the database Master Password.\n");
-	printf("It is important that you NOT FORGET this password.\n");
-	fflush(stdout);
-
-	pw_size = 1024;
-	pw_str = malloc(pw_size);
-	if (pw_str == NULL) {
-	    com_err(progname, ENOMEM, "while creating new master key");
-	    exit_status++; return;
-	}
-	
-	retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
-				    pw_str, &pw_size);
-	if (retval) {
-	    com_err(progname, retval, "while reading master key from keyboard");
-	    exit_status++; return;
-	}
-	mkey_password = pw_str;
+        printf("You will be prompted for the database Master Password.\n");
+        printf("It is important that you NOT FORGET this password.\n");
+        fflush(stdout);
+
+        pw_size = 1024;
+        pw_str = malloc(pw_size);
+        if (pw_str == NULL) {
+            com_err(progname, ENOMEM, "while creating new master key");
+            exit_status++; return;
+        }
+
+        retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
+                                    pw_str, &pw_size);
+        if (retval) {
+            com_err(progname, retval, "while reading master key from keyboard");
+            exit_status++; return;
+        }
+        mkey_password = pw_str;
     }
 
     pwd.data = mkey_password;
     pwd.length = strlen(mkey_password);
     retval = krb5_principal2salt(util_context, master_princ, &master_salt);
     if (retval) {
-	com_err(progname, retval, "while calculating master key salt");
-	exit_status++; return;
+        com_err(progname, retval, "while calculating master key salt");
+        exit_status++; return;
     }
 
-    retval = krb5_c_string_to_key(util_context, master_keyblock.enctype, 
-				  &pwd, &master_salt, &master_keyblock);
+    retval = krb5_c_string_to_key(util_context, master_keyblock.enctype,
+                                  &pwd, &master_salt, &master_keyblock);
     if (retval) {
-	com_err(progname, retval, "while transforming master key from password");
-	exit_status++; return;
+        com_err(progname, retval, "while transforming master key from password");
+        exit_status++; return;
     }
 
     rblock.key = &master_keyblock;
@@ -269,59 +270,59 @@ master key name '%s'\n",
     seed.data = master_keyblock.contents;
 
     if ((retval = krb5_c_random_seed(util_context, &seed))) {
-	com_err(progname, retval, "while initializing random key generator");
-	exit_status++; return;
+        com_err(progname, retval, "while initializing random key generator");
+        exit_status++; return;
     }
     if ((retval = krb5_db_create(util_context,
-				 db5util_db_args))) {
-	com_err(progname, retval, "while creating database '%s'",
-		global_params.dbname);
-	exit_status++; return;
+                                 db5util_db_args))) {
+        com_err(progname, retval, "while creating database '%s'",
+                global_params.dbname);
+        exit_status++; return;
     }
 /*     if ((retval = krb5_db_fini(util_context))) { */
 /*         com_err(progname, retval, "while closing current database"); */
 /*         exit_status++; return; */
 /*     } */
 /*     if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { */
-/* 	com_err(progname, retval, "while initializing the database '%s'", */
-/* 		global_params.dbname); */
-/* 	exit_status++; return; */
+/*      com_err(progname, retval, "while initializing the database '%s'", */
+/*              global_params.dbname); */
+/*      exit_status++; return; */
 /*     } */
 
     if (log_ctx && log_ctx->iproprole) {
-	    if ((retval = ulog_map(util_context, global_params.iprop_logfile,
-				   global_params.iprop_ulogsize, FKCOMMAND,
-				   db5util_db_args))) {
-	    com_err(argv[0], retval,
-		    _("while creating update log"));
-	    exit_status++;
-	    return;
-	}
-
-	/*
-	 * We're reinitializing the update log in case one already
-	 * existed, but this should never happen.
-	 */
-	(void) memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t));
-
-	log_ctx->ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
-	log_ctx->ulog->db_version_num = KDB_VERSION;
-	log_ctx->ulog->kdb_state = KDB_STABLE;
-	log_ctx->ulog->kdb_block = ULOG_BLOCK;
-
-	/*
-	 * Since we're creating a new db we shouldn't worry about
-	 * adding the initial principals since any slave might as well
-	 * do full resyncs from this newly created db.
-	 */
-	log_ctx->iproprole = IPROP_NULL;
+        if ((retval = ulog_map(util_context, global_params.iprop_logfile,
+                               global_params.iprop_ulogsize, FKCOMMAND,
+                               db5util_db_args))) {
+            com_err(argv[0], retval,
+                    _("while creating update log"));
+            exit_status++;
+            return;
+        }
+
+        /*
+         * We're reinitializing the update log in case one already
+         * existed, but this should never happen.
+         */
+        (void) memset(log_ctx->ulog, 0, sizeof (kdb_hlog_t));
+
+        log_ctx->ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
+        log_ctx->ulog->db_version_num = KDB_VERSION;
+        log_ctx->ulog->kdb_state = KDB_STABLE;
+        log_ctx->ulog->kdb_block = ULOG_BLOCK;
+
+        /*
+         * Since we're creating a new db we shouldn't worry about
+         * adding the initial principals since any slave might as well
+         * do full resyncs from this newly created db.
+         */
+        log_ctx->iproprole = IPROP_NULL;
     }
 
     if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) ||
-	(retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
-	(void) krb5_db_fini(util_context);
-	com_err(progname, retval, "while adding entries to the database");
-	exit_status++; return;
+        (retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
+        (void) krb5_db_fini(util_context);
+        com_err(progname, retval, "while adding entries to the database");
+        exit_status++; return;
     }
 
 
@@ -342,29 +343,29 @@ master key name '%s'\n",
         mkey_kvno = 1;  /* Default */
 
     retval = krb5_db_store_master_key(util_context,
-				      global_params.stash_file,
-				      master_princ,
-				      mkey_kvno,
-				      &master_keyblock,
-				      mkey_password);
+                                      global_params.stash_file,
+                                      master_princ,
+                                      mkey_kvno,
+                                      &master_keyblock,
+                                      mkey_password);
     if (retval) {
-	com_err(progname, errno, "while storing key");
-	printf("Warning: couldn't stash master key.\n");
+        com_err(progname, errno, "while storing key");
+        printf("Warning: couldn't stash master key.\n");
     }
     /* clean up */
     (void) krb5_db_fini(util_context);
     memset(master_keyblock.contents, 0, master_keyblock.length);
     free(master_keyblock.contents);
     if (pw_str) {
-	memset(pw_str, 0, pw_size);
-	free(pw_str);
+        memset(pw_str, 0, pw_size);
+        free(pw_str);
     }
     free(master_salt.data);
 
     if (kadm5_create(&global_params)) {
-	 if (!do_stash) unlink(global_params.stash_file);
-	 exit_status++;
-	 return;
+        if (!do_stash) unlink(global_params.stash_file);
+        exit_status++;
+        return;
     }
     if (!do_stash) unlink(global_params.stash_file);
 
@@ -373,15 +374,15 @@ master key name '%s'\n",
 
 static krb5_error_code
 tgt_keysalt_iterate(ksent, ptr)
-    krb5_key_salt_tuple	*ksent;
-    krb5_pointer	ptr;
+    krb5_key_salt_tuple *ksent;
+    krb5_pointer        ptr;
 {
-    krb5_context	context;
-    krb5_error_code	kret;
-    struct iterate_args	*iargs;
-    krb5_keyblock	key;
-    krb5_int32		ind;
-    krb5_data	pwd;
+    krb5_context        context;
+    krb5_error_code     kret;
+    struct iterate_args *iargs;
+    krb5_keyblock       key;
+    krb5_int32          ind;
+    krb5_data   pwd;
 
     iargs = (struct iterate_args *) ptr;
     kret = 0;
@@ -396,20 +397,20 @@ tgt_keysalt_iterate(ksent, ptr)
     pwd.length = strlen(mkey_password);
     kret = krb5_c_random_seed(context, &pwd);
     if (kret)
-	return kret;
+        return kret;
 
     if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {
-	ind = iargs->dbentp->n_key_data-1;
-	if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
-					    &key))) {
-	    kret = krb5_dbekd_encrypt_key_data(context,
-					       iargs->rblock->key,
-					       &key, 
-					       NULL,
-					       1,
-					       &iargs->dbentp->key_data[ind]);
-	    krb5_free_keyblock_contents(context, &key);
-	}
+        ind = iargs->dbentp->n_key_data-1;
+        if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
+                                            &key))) {
+            kret = krb5_dbekd_encrypt_key_data(context,
+                                               iargs->rblock->key,
+                                               &key,
+                                               NULL,
+                                               1,
+                                               &iargs->dbentp->key_data[ind]);
+            krb5_free_keyblock_contents(context, &key);
+        }
     }
 
     return(kret);
@@ -422,12 +423,12 @@ add_principal(context, princ, op, pblock)
     enum ap_op op;
     struct realm_info *pblock;
 {
-    krb5_error_code 	  retval;
-    krb5_db_entry 	  entry;
+    krb5_error_code       retval;
+    krb5_db_entry         entry;
     krb5_kvno             mkey_kvno;
-    krb5_timestamp	  now;
-    struct iterate_args	  iargs;
-    int			  nentries = 1;
+    krb5_timestamp        now;
+    struct iterate_args   iargs;
+    int                   nentries = 1;
     krb5_actkvno_node     actkvno;
 
     memset(&entry, 0, sizeof(entry));
@@ -439,32 +440,32 @@ add_principal(context, princ, op, pblock)
     entry.expiration = pblock->expiration;
 
     if ((retval = krb5_copy_principal(context, princ, &entry.princ)))
-	goto error_out;
+        goto error_out;
 
     if ((retval = krb5_timeofday(context, &now)))
-	goto error_out;
+        goto error_out;
 
     if ((retval = krb5_dbe_update_mod_princ_data(context, &entry,
-						 now, &db_create_princ)))
-	goto error_out;
+                                                 now, &db_create_princ)))
+        goto error_out;
 
     switch (op) {
     case MASTER_KEY:
-	if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data)))
-	    == NULL)
-	    goto error_out;
-	memset(entry.key_data, 0, sizeof(krb5_key_data));
-	entry.n_key_data = 1;
+        if ((entry.key_data=(krb5_key_data*)malloc(sizeof(krb5_key_data)))
+            == NULL)
+            goto error_out;
+        memset(entry.key_data, 0, sizeof(krb5_key_data));
+        entry.n_key_data = 1;
 
         if (global_params.mask & KADM5_CONFIG_KVNO)
             mkey_kvno = global_params.kvno; /* user specified */
         else
             mkey_kvno = 1;  /* Default */
-	entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-	if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
-						  &master_keyblock, NULL, 
-						  mkey_kvno, entry.key_data)))
-	    return retval;
+        entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+        if ((retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
+                                                  &master_keyblock, NULL,
+                                                  mkey_kvno, entry.key_data)))
+            return retval;
         /*
          * There should always be at least one "active" mkey so creating the
          * KRB5_TL_ACTKVNO entry now so the initial mkey is active.
@@ -480,30 +481,30 @@ add_principal(context, princ, op, pblock)
         if ((retval = krb5_dbe_update_mkvno(context, &entry, mkey_kvno)))
             return retval;
 
-	break;
+        break;
     case TGT_KEY:
-	iargs.ctx = context;
-	iargs.rblock = pblock;
-	iargs.dbentp = &entry;
-	/*
-	 * Iterate through the key/salt list, ignoring salt types.
-	 */
-	if ((retval = krb5_keysalt_iterate(pblock->kslist,
-					   pblock->nkslist,
-					   1,
-					   tgt_keysalt_iterate,
-					   (krb5_pointer) &iargs)))
-	    return retval;
-	break;
+        iargs.ctx = context;
+        iargs.rblock = pblock;
+        iargs.dbentp = &entry;
+        /*
+         * Iterate through the key/salt list, ignoring salt types.
+         */
+        if ((retval = krb5_keysalt_iterate(pblock->kslist,
+                                           pblock->nkslist,
+                                           1,
+                                           tgt_keysalt_iterate,
+                                           (krb5_pointer) &iargs)))
+            return retval;
+        break;
     case NULL_KEY:
-	return EOPNOTSUPP;
+        return EOPNOTSUPP;
     default:
-	break;
+        break;
     }
 
     entry.mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
-	KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA |
-	KADM5_PRINC_EXPIRE_TIME);
+                  KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA |
+                  KADM5_PRINC_EXPIRE_TIME);
 
     retval = krb5_db_put_principal(context, &entry, &nentries);
 
diff --git a/src/kadmin/dbutil/kdb5_destroy.c b/src/kadmin/dbutil/kdb5_destroy.c
index 9640286ae..d5e8e9e43 100644
--- a/src/kadmin/dbutil/kdb5_destroy.c
+++ b/src/kadmin/dbutil/kdb5_destroy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * admin/destroy/kdb5_destroy.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * kdb_dest(roy): destroy the named database.
  *
@@ -40,8 +41,8 @@ extern int exit_status;
 extern krb5_boolean dbactive;
 extern kadm5_config_params global_params;
 
-char *yes = "yes\n";			/* \n to compare against result of
-					   fgets */
+char *yes = "yes\n";                    /* \n to compare against result of
+                                           fgets */
 
 void
 kdb5_destroy(argc, argv)
@@ -60,51 +61,51 @@ kdb5_destroy(argc, argv)
     retval1 = kadm5_init_krb5_context(&context);
     if( retval1 )
     {
-	com_err(progname, retval1, "while initializing krb5_context");
-	exit(1);
+        com_err(progname, retval1, "while initializing krb5_context");
+        exit(1);
     }
 
     if ((retval1 = krb5_set_default_realm(context,
-					  util_context->default_realm))) {
-	com_err(progname, retval1, "while setting default realm name");
-	exit(1);
+                                          util_context->default_realm))) {
+        com_err(progname, retval1, "while setting default realm name");
+        exit(1);
     }
-    
+
     dbname = global_params.dbname;
 
     optind = 1;
     while ((optchar = getopt(argc, argv, "f")) != -1) {
-	switch(optchar) {
-	case 'f':
-	    force++;
-	    break;
-	case '?':
-	default:
-	    usage();
-	    return;
-	    /*NOTREACHED*/
-	}
+        switch(optchar) {
+        case 'f':
+            force++;
+            break;
+        case '?':
+        default:
+            usage();
+        return;
+        /*NOTREACHED*/
+        }
     }
     if (!force) {
-	printf("Deleting KDC database stored in '%s', are you sure?\n", dbname);
-	printf("(type 'yes' to confirm)? ");
-	if (fgets(buf, sizeof(buf), stdin) == NULL) {
-	    exit_status++; return;
+        printf("Deleting KDC database stored in '%s', are you sure?\n", dbname);
+        printf("(type 'yes' to confirm)? ");
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            exit_status++; return;
         }
-	if (strcmp(buf, yes)) {
-	    exit_status++; return;
+        if (strcmp(buf, yes)) {
+            exit_status++; return;
         }
-	printf("OK, deleting database '%s'...\n", dbname);
+        printf("OK, deleting database '%s'...\n", dbname);
     }
 
     retval1 = krb5_db_destroy(context, db5util_db_args);
     if (retval1) {
-	com_err(progname, retval1, "deleting database '%s'",dbname);
-	exit_status++; return;
+        com_err(progname, retval1, "deleting database '%s'",dbname);
+        exit_status++; return;
     }
 
     if (global_params.iprop_enabled) {
-	(void) unlink(global_params.iprop_logfile);
+        (void) unlink(global_params.iprop_logfile);
     }
 
     dbactive = FALSE;
diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 7827b2959..a5be00199 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
@@ -23,10 +23,10 @@
 #error I cannot find any regexp functions
 #endif
 #ifdef SOLARIS_REGEXPS
-#include	<regexpr.h>
+#include        <regexpr.h>
 #endif
 #ifdef POSIX_REGEXPS
-#include	<regex.h>
+#include        <regex.h>
 #endif
 
 extern krb5_keyblock master_keyblock; /* current mkey */
@@ -106,7 +106,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
     /* Note, mkey does not have salt */
     /* add new mkey encrypted with itself to mkey princ entry */
     if ((retval = krb5_dbekd_encrypt_key_data(context, new_mkey,
-                                              new_mkey, NULL, 
+                                              new_mkey, NULL,
                                               (int) new_mkey_kvno,
                                               &master_entry->key_data[0]))) {
         return (retval);
@@ -234,7 +234,7 @@ kdb5_add_mkey(int argc, char *argv[])
         case '?':
         default:
             usage();
-            return;
+        return;
         }
     }
 
@@ -244,7 +244,7 @@ kdb5_add_mkey(int argc, char *argv[])
     /* assemble & parse the master key name */
     if ((retval = krb5_db_setup_mkey_name(util_context,
                                           global_params.mkey_name,
-                                          global_params.realm,  
+                                          global_params.realm,
                                           &mkey_fullname, &master_princ))) {
         com_err(progname, retval, "while setting up master key name");
         exit_status++;
@@ -274,7 +274,7 @@ kdb5_add_mkey(int argc, char *argv[])
     }
 
     printf("Creating new master key for master key principal '%s'\n",
-        mkey_fullname);
+           mkey_fullname);
 
     printf("You will be prompted for a new database Master Password.\n");
     printf("It is important that you NOT FORGET this password.\n");
@@ -306,7 +306,7 @@ kdb5_add_mkey(int argc, char *argv[])
         goto cleanup_return;
     }
 
-    retval = krb5_c_string_to_key(util_context, new_master_enctype, 
+    retval = krb5_c_string_to_key(util_context, new_master_enctype,
                                   &pwd, &master_salt, &new_mkeyblock);
     if (retval) {
         com_err(progname, retval, "while transforming master key from password");
@@ -378,7 +378,7 @@ kdb5_use_mkey(int argc, char *argv[])
     krb5_kvno  use_kvno;
     krb5_timestamp now, start_time;
     krb5_actkvno_node *actkvno_list = NULL, *new_actkvno = NULL,
-                      *prev_actkvno, *cur_actkvno;
+        *prev_actkvno, *cur_actkvno;
     krb5_db_entry master_entry;
     int nentries = 0;
     krb5_boolean more = FALSE;
@@ -443,7 +443,7 @@ kdb5_use_mkey(int argc, char *argv[])
     /* assemble & parse the master key name */
     if ((retval = krb5_db_setup_mkey_name(util_context,
                                           global_params.mkey_name,
-                                          global_params.realm,  
+                                          global_params.realm,
                                           &mkey_fullname, &master_princ))) {
         com_err(progname, retval, "while setting up master key name");
         exit_status++;
@@ -609,7 +609,7 @@ kdb5_list_mkeys(int argc, char *argv[])
     /* assemble & parse the master key name */
     if ((retval = krb5_db_setup_mkey_name(util_context,
                                           global_params.mkey_name,
-                                          global_params.realm,  
+                                          global_params.realm,
                                           &mkey_fullname, &master_princ))) {
         com_err(progname, retval, "while setting up master key name");
         exit_status++;
@@ -752,9 +752,9 @@ struct update_enc_mkvno {
  *
  * Arguments:
  *
- *	glob	(r) the shell-style glob (?*[]) to convert
- *	realm	(r) the default realm to append, or NULL
- *	regexp	(w) the ed-style regexp created from glob
+ *      glob    (r) the shell-style glob (?*[]) to convert
+ *      realm   (r) the default realm to append, or NULL
+ *      regexp  (w) the ed-style regexp created from glob
  *
  * Effects:
  *
@@ -765,69 +765,69 @@ struct update_enc_mkvno {
  *
  * Conversion algorithm:
  *
- *	quoted characters are copied quoted
- *	? is converted to .
- *	* is converted to .*
- * 	active characters are quoted: ^, $, .
- *	[ and ] are active but supported and have the same meaning, so
- *		they are copied
- *	other characters are copied
- *	regexp is anchored with ^ and $
+ *      quoted characters are copied quoted
+ *      ? is converted to .
+ *      * is converted to .*
+ *      active characters are quoted: ^, $, .
+ *      [ and ] are active but supported and have the same meaning, so
+ *              they are copied
+ *      other characters are copied
+ *      regexp is anchored with ^ and $
  */
 static int glob_to_regexp(char *glob, char *realm, char **regexp)
 {
-     int append_realm;
-     char *p;
-
-     /* validate the glob */
-     if (glob[strlen(glob)-1] == '\\')
-	  return EINVAL;
-
-     /* A character of glob can turn into two in regexp, plus ^ and $ */
-     /* and trailing null.  If glob has no @, also allocate space for */
-     /* the realm. */
-     append_realm = (realm != NULL) && (strchr(glob, '@') == NULL);
-     p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0));
-     if (p == NULL)
-	  return ENOMEM;
-     *regexp = p;
-
-     *p++ = '^';
-     while (*glob) {
-	  switch (*glob) {
-	  case '?':
-	       *p++ = '.';
-	       break;
-	  case '*':
-	       *p++ = '.';
-	       *p++ = '*';
-	       break;
-	  case '.':
-	  case '^':
-	  case '$':
-	       *p++ = '\\';
-	       *p++ = *glob;
-	       break;
-	  case '\\':
-	       *p++ = '\\';
-	       *p++ = *++glob;
-	       break;
-	  default:
-	       *p++ = *glob;
-	       break;
-	  }
-	  glob++;
-     }
-
-     if (append_realm) {
-	  *p++ = '@';
-	  *p++ = '.';
-	  *p++ = '*';
-     }
-
-     *p++ = '$';
-     *p++ = '\0';
-     return 0;
+    int append_realm;
+    char *p;
+
+    /* validate the glob */
+    if (glob[strlen(glob)-1] == '\\')
+        return EINVAL;
+
+    /* A character of glob can turn into two in regexp, plus ^ and $ */
+    /* and trailing null.  If glob has no @, also allocate space for */
+    /* the realm. */
+    append_realm = (realm != NULL) && (strchr(glob, '@') == NULL);
+    p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0));
+    if (p == NULL)
+        return ENOMEM;
+    *regexp = p;
+
+    *p++ = '^';
+    while (*glob) {
+        switch (*glob) {
+        case '?':
+            *p++ = '.';
+            break;
+        case '*':
+            *p++ = '.';
+            *p++ = '*';
+            break;
+        case '.':
+        case '^':
+        case '$':
+            *p++ = '\\';
+        *p++ = *glob;
+        break;
+        case '\\':
+            *p++ = '\\';
+            *p++ = *++glob;
+            break;
+        default:
+            *p++ = *glob;
+            break;
+        }
+        glob++;
+    }
+
+    if (append_realm) {
+        *p++ = '@';
+        *p++ = '.';
+        *p++ = '*';
+    }
+
+    *p++ = '$';
+    *p++ = '\0';
+    return 0;
 }
 
 static int
@@ -1029,7 +1029,7 @@ kdb5_update_princ_encryption(int argc, char *argv[])
 #ifdef BSD_REGEXPS
         ((msg = (char *) re_comp(regexp)) != NULL)
 #endif
-        ) {
+    ) {
         /* XXX syslog msg or regerr(regerrno) */
         com_err(progname, 0, "error compiling converted regexp '%s'", regexp);
         exit_status++;
@@ -1189,14 +1189,14 @@ kdb5_purge_mkeys(int argc, char *argv[])
         case '?':
         default:
             usage();
-            return;
+        return;
         }
     }
 
     /* assemble & parse the master key name */
     if ((retval = krb5_db_setup_mkey_name(util_context,
                                           global_params.mkey_name,
-                                          global_params.realm,  
+                                          global_params.realm,
                                           &mkey_fullname, &master_princ))) {
         com_err(progname, retval, "while setting up master key name");
         exit_status++;
diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c
index cdd947ac4..3f42134ae 100644
--- a/src/kadmin/dbutil/kdb5_stash.c
+++ b/src/kadmin/dbutil/kdb5_stash.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * admin/stash/kdb5_stash.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +23,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Store the master database key in a file.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +48,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -87,14 +88,14 @@ kdb5_stash(argc, argv)
     retval = kadm5_init_krb5_context(&context);
     if( retval )
     {
-	com_err(progname, retval, "while initializing krb5_context");
-	exit(1);
+        com_err(progname, retval, "while initializing krb5_context");
+        exit(1);
     }
 
     if ((retval = krb5_set_default_realm(context,
-					  util_context->default_realm))) {
-	com_err(progname, retval, "while setting default realm name");
-	exit(1);
+                                         util_context->default_realm))) {
+        com_err(progname, retval, "while setting default realm name");
+        exit(1);
     }
 
     dbname = global_params.dbname;
@@ -104,41 +105,41 @@ kdb5_stash(argc, argv)
 
     optind = 1;
     while ((optchar = getopt(argc, argv, "f:")) != -1) {
-	switch(optchar) {
-	case 'f':
-	    keyfile = optarg;
-	    break;
-	case '?':
-	default:
-	    usage();
-	    return;
-	}
+        switch(optchar) {
+        case 'f':
+            keyfile = optarg;
+            break;
+        case '?':
+        default:
+            usage();
+        return;
+        }
     }
 
     if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
-	char tmp[32];
-	if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp)))
-	    com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
-		    "while setting up enctype %d", master_keyblock.enctype);
-	else
-	    com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp);
-	exit_status++; return; 
+        char tmp[32];
+        if (krb5_enctype_to_string(master_keyblock.enctype, tmp, sizeof(tmp)))
+            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+                    "while setting up enctype %d", master_keyblock.enctype);
+        else
+            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP, tmp);
+        exit_status++; return;
     }
 
     /* assemble & parse the master key name */
-    retval = krb5_db_setup_mkey_name(context, mkey_name, realm, 
-				     &mkey_fullname, &master_princ);
+    retval = krb5_db_setup_mkey_name(context, mkey_name, realm,
+                                     &mkey_fullname, &master_princ);
     if (retval) {
-	com_err(progname, retval, "while setting up master key name");
-	exit_status++; return; 
+        com_err(progname, retval, "while setting up master key name");
+        exit_status++; return;
     }
 
-    retval = krb5_db_open(context, db5util_db_args, 
-			  KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
+    retval = krb5_db_open(context, db5util_db_args,
+                          KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER);
     if (retval) {
-	com_err(progname, retval, "while initializing the database '%s'",
-		dbname);
-	exit_status++; return; 
+        com_err(progname, retval, "while initializing the database '%s'",
+                dbname);
+        exit_status++; return;
     }
 
     if (global_params.mask & KADM5_CONFIG_KVNO)
@@ -147,45 +148,45 @@ kdb5_stash(argc, argv)
         mkey_kvno = IGNORE_VNO; /* use whatever krb5_db_fetch_mkey finds */
 
     if (!valid_master_key) {
-	/* TRUE here means read the keyboard, but only once */
-	retval = krb5_db_fetch_mkey(context, master_princ,
-				    master_keyblock.enctype,
-				    TRUE, FALSE, (char *) NULL,
-				    &mkey_kvno,
-				    NULL, &master_keyblock);
-	if (retval) {
-	    com_err(progname, retval, "while reading master key");
-	    (void) krb5_db_fini(context);
-	    exit_status++; return; 
-	}
-
-	retval = krb5_db_fetch_mkey_list(context, master_princ,
-					 &master_keyblock, mkey_kvno,
-					 &master_keylist);
-	if (retval) {
-	    com_err(progname, retval, "while getting master key list");
-	    (void) krb5_db_fini(context);
-	    exit_status++; return;
-	}
+        /* TRUE here means read the keyboard, but only once */
+        retval = krb5_db_fetch_mkey(context, master_princ,
+                                    master_keyblock.enctype,
+                                    TRUE, FALSE, (char *) NULL,
+                                    &mkey_kvno,
+                                    NULL, &master_keyblock);
+        if (retval) {
+            com_err(progname, retval, "while reading master key");
+            (void) krb5_db_fini(context);
+            exit_status++; return;
+        }
+
+        retval = krb5_db_fetch_mkey_list(context, master_princ,
+                                         &master_keyblock, mkey_kvno,
+                                         &master_keylist);
+        if (retval) {
+            com_err(progname, retval, "while getting master key list");
+            (void) krb5_db_fini(context);
+            exit_status++; return;
+        }
     } else {
-	printf("Using existing stashed keys to update stash file.\n");
+        printf("Using existing stashed keys to update stash file.\n");
     }
 
-    retval = krb5_db_store_master_key_list(context, keyfile, master_princ, 
-					   master_keylist, NULL);
+    retval = krb5_db_store_master_key_list(context, keyfile, master_princ,
+                                           master_keylist, NULL);
     if (retval) {
-	com_err(progname, errno, "while storing key");
-	(void) krb5_db_fini(context);
-	exit_status++; return; 
+        com_err(progname, errno, "while storing key");
+        (void) krb5_db_fini(context);
+        exit_status++; return;
     }
 
     retval = krb5_db_fini(context);
     if (retval) {
-	com_err(progname, retval, "closing database '%s'", dbname);
-	exit_status++; return; 
+        com_err(progname, retval, "closing database '%s'", dbname);
+        exit_status++; return;
     }
 
     krb5_free_context(context);
     exit_status = 0;
-    return; 
+    return;
 }
diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c
index a4b2e686d..ed6ce65c2 100644
--- a/src/kadmin/dbutil/kdb5_util.c
+++ b/src/kadmin/dbutil/kdb5_util.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * admin/edit/kdb5_edit.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +23,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Edit a KDC database.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +48,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -65,8 +66,8 @@
 #include <time.h>
 #include "kdb5_util.h"
 
-char	*Err_no_master_msg = "Master key not entered!\n";
-char	*Err_no_database = "Database not currently opened!\n";
+char    *Err_no_master_msg = "Master key not entered!\n";
+char    *Err_no_database = "Database not currently opened!\n";
 
 /*
  * XXX Ick, ick, ick.  These global variables shouldn't be global....
@@ -84,28 +85,28 @@ kadm5_config_params global_params;
 
 void usage()
 {
-     fprintf(stderr, "Usage: "
-	     "kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n"
-	     "\t        [-kv mkeyVNO] [-sf stashfilename] [-m] cmd [cmd_options]\n"
-	     "\tcreate	[-s]\n"
-	     "\tdestroy	[-f]\n"
-	     "\tstash	[-f keyfile]\n"
-	     "\tdump	[-old|-ov|-b6|-b7|-r13] [-verbose]\n"
-	     "\t	[-mkey_convert] [-new_mkey_file mkey_file]\n"
-	     "\t	[-rev] [-recurse] [filename [princs...]]\n"
-	     "\tload	[-old|-ov|-b6|-b7|-r13] [-verbose] [-update] filename\n"
-	     "\tark	[-e etype_list] principal\n"
-	     "\tadd_mkey [-e etype] [-s]\n"
-	     "\tuse_mkey kvno [time]\n"
-	     "\tlist_mkeys\n"
-             );
-     /* avoid a string length compiler warning */
-     fprintf(stderr,
-	     "\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
-	     "\tpurge_mkeys [-f] [-n] [-v]\n"
-	     "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
-	     "\t\t\tLook at each database documentation for supported arguments\n");
-     exit(1);
+    fprintf(stderr, "Usage: "
+            "kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n"
+            "\t        [-kv mkeyVNO] [-sf stashfilename] [-m] cmd [cmd_options]\n"
+            "\tcreate  [-s]\n"
+            "\tdestroy [-f]\n"
+            "\tstash   [-f keyfile]\n"
+            "\tdump    [-old|-ov|-b6|-b7|-r13] [-verbose]\n"
+            "\t        [-mkey_convert] [-new_mkey_file mkey_file]\n"
+            "\t        [-rev] [-recurse] [filename [princs...]]\n"
+            "\tload    [-old|-ov|-b6|-b7|-r13] [-verbose] [-update] filename\n"
+            "\tark     [-e etype_list] principal\n"
+            "\tadd_mkey [-e etype] [-s]\n"
+            "\tuse_mkey kvno [time]\n"
+            "\tlist_mkeys\n"
+    );
+    /* avoid a string length compiler warning */
+    fprintf(stderr,
+            "\tupdate_princ_encryption [-f] [-n] [-v] [princ-pattern]\n"
+            "\tpurge_mkeys [-f] [-n] [-v]\n"
+            "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n");
+    exit(1);
 }
 
 extern krb5_keyblock master_keyblock;
@@ -113,7 +114,7 @@ krb5_kvno   master_kvno; /* fetched */
 extern krb5_keylist_node *master_keylist;
 extern krb5_principal master_princ;
 krb5_db_entry master_entry;
-int	valid_master_key = 0;
+int     valid_master_key = 0;
 
 char *progname;
 krb5_boolean manual_mkey = FALSE;
@@ -122,57 +123,57 @@ krb5_boolean dbactive = FALSE;
 static int open_db_and_mkey(void);
 
 static void add_random_key(int, char **);
-   
+
 typedef void (*cmd_func)(int, char **);
 
 struct _cmd_table {
-     char *name;
-     cmd_func func;
-     int opendb;
+    char *name;
+    cmd_func func;
+    int opendb;
 } cmd_table[] = {
-     {"create", kdb5_create, 0},
-     {"destroy", kdb5_destroy, 1}, /* 1 opens the kdb */
-     {"stash", kdb5_stash, 1},
-     {"dump", dump_db, 1},
-     {"load", load_db, 0},
-     {"ark", add_random_key, 1},
-     {"add_mkey", kdb5_add_mkey, 1},
-     {"use_mkey", kdb5_use_mkey, 1},
-     {"list_mkeys", kdb5_list_mkeys, 1},
-     {"update_princ_encryption", kdb5_update_princ_encryption, 1},
-     {"purge_mkeys", kdb5_purge_mkeys, 1},
-     {NULL, NULL, 0},
+    {"create", kdb5_create, 0},
+    {"destroy", kdb5_destroy, 1}, /* 1 opens the kdb */
+    {"stash", kdb5_stash, 1},
+    {"dump", dump_db, 1},
+    {"load", load_db, 0},
+    {"ark", add_random_key, 1},
+    {"add_mkey", kdb5_add_mkey, 1},
+    {"use_mkey", kdb5_use_mkey, 1},
+    {"list_mkeys", kdb5_list_mkeys, 1},
+    {"update_princ_encryption", kdb5_update_princ_encryption, 1},
+    {"purge_mkeys", kdb5_purge_mkeys, 1},
+    {NULL, NULL, 0},
 };
 
 static struct _cmd_table *cmd_lookup(name)
-   char *name;
+    char *name;
 {
-     struct _cmd_table *cmd = cmd_table;
-     while (cmd->name) {
-	  if (strcmp(cmd->name, name) == 0)
-	       return cmd;
-	  else
-	       cmd++;
-     }
-     
-     return NULL;
+    struct _cmd_table *cmd = cmd_table;
+    while (cmd->name) {
+        if (strcmp(cmd->name, name) == 0)
+            return cmd;
+        else
+            cmd++;
+    }
+
+    return NULL;
 }
 
 #define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL))
 
 char **db5util_db_args = NULL;
 int    db5util_db_args_size = 0;
-     
+
 static void extended_com_err_fn (const char *myprog, errcode_t code,
-				 const char *fmt, va_list args)
+                                 const char *fmt, va_list args)
 {
     const char *emsg;
     if (code) {
-	emsg = krb5_get_error_message (util_context, code);
-	fprintf (stderr, "%s: %s ", myprog, emsg);
-	krb5_free_error_message (util_context, emsg);
+        emsg = krb5_get_error_message (util_context, code);
+        fprintf (stderr, "%s: %s ", myprog, emsg);
+        krb5_free_error_message (util_context, emsg);
     } else {
-	fprintf (stderr, "%s: ", myprog);
+        fprintf (stderr, "%s: ", myprog);
     }
     vfprintf (stderr, fmt, args);
     fprintf (stderr, "\n");
@@ -183,9 +184,9 @@ int add_db_arg(char *arg)
     char **temp;
     db5util_db_args_size++;
     temp = realloc(db5util_db_args,
-		   sizeof(char *) * (db5util_db_args_size + 1));
+                   sizeof(char *) * (db5util_db_args_size + 1));
     if (temp == NULL)
-	return 0;
+        return 0;
     db5util_db_args = temp;
     db5util_db_args[db5util_db_args_size-1] = arg;
     db5util_db_args[db5util_db_args_size]   = NULL;
@@ -197,7 +198,7 @@ int main(argc, argv)
     char *argv[];
 {
     struct _cmd_table *cmd = NULL;
-    char *koptarg, **cmd_argv;	
+    char *koptarg, **cmd_argv;
     char *db_name_tmp = NULL;
     int cmd_argc;
     krb5_error_code retval;
@@ -208,111 +209,111 @@ int main(argc, argv)
      * Ensure that "progname" is set before calling com_err.
      */
     progname = (strrchr(argv[0], '/') ?
-	    strrchr(argv[0], '/') + 1 : argv[0]);
+                strrchr(argv[0], '/') + 1 : argv[0]);
 
     retval = kadm5_init_krb5_context(&util_context);
     if (retval) {
-	    com_err (progname, retval, "while initializing Kerberos code");
-	    exit(1);
+        com_err (progname, retval, "while initializing Kerberos code");
+        exit(1);
     }
 
     cmd_argv = (char **) malloc(sizeof(char *)*argc);
     if (cmd_argv == NULL) {
-	 com_err(progname, ENOMEM, "while creating sub-command arguments");
-	 exit(1);
+        com_err(progname, ENOMEM, "while creating sub-command arguments");
+        exit(1);
     }
     memset(cmd_argv, 0, sizeof(char *)*argc);
     cmd_argc = 1;
 
     argv++; argc--;
     while (*argv) {
-       if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
-	    mkey_password = koptarg;
-	    manual_mkey = TRUE;
-       } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) {
-	    global_params.dbname = koptarg;
-	    global_params.mask |= KADM5_CONFIG_DBNAME;
-
-	    if (asprintf(&db_name_tmp, "dbname=%s", global_params.dbname) < 0)
-	    {
-		com_err(progname, ENOMEM, "while parsing command arguments");
-		exit(1);
-	    }
-
-	    if (!add_db_arg(db_name_tmp)) {
-		com_err(progname, ENOMEM, "while parsing command arguments\n");
-		exit(1);
-	    }
-
-       } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) {
-	   if (!add_db_arg(koptarg)) {
-		com_err(progname, ENOMEM, "while parsing command arguments\n");
-		exit(1);
-	   }
-
-       } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
-	    global_params.realm = koptarg;
-	    global_params.mask |= KADM5_CONFIG_REALM;
-	    /* not sure this is really necessary */
-	    if ((retval = krb5_set_default_realm(util_context,
-						 global_params.realm))) {
-		 com_err(progname, retval, "while setting default realm name");
-		 exit(1);
-	    }
-       } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
-	    if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
-		com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg);
+        if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
+            mkey_password = koptarg;
+            manual_mkey = TRUE;
+        } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) {
+            global_params.dbname = koptarg;
+            global_params.mask |= KADM5_CONFIG_DBNAME;
+
+            if (asprintf(&db_name_tmp, "dbname=%s", global_params.dbname) < 0)
+            {
+                com_err(progname, ENOMEM, "while parsing command arguments");
+                exit(1);
+            }
+
+            if (!add_db_arg(db_name_tmp)) {
+                com_err(progname, ENOMEM, "while parsing command arguments\n");
+                exit(1);
+            }
+
+        } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) {
+            if (!add_db_arg(koptarg)) {
+                com_err(progname, ENOMEM, "while parsing command arguments\n");
+                exit(1);
+            }
+
+        } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
+            global_params.realm = koptarg;
+            global_params.mask |= KADM5_CONFIG_REALM;
+            /* not sure this is really necessary */
+            if ((retval = krb5_set_default_realm(util_context,
+                                                 global_params.realm))) {
+                com_err(progname, retval, "while setting default realm name");
+                exit(1);
+            }
+        } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
+            if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
+                com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg);
                 exit(1);
             } else
-		 global_params.mask |= KADM5_CONFIG_ENCTYPE;
-       } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) {
-	    global_params.kvno = (krb5_kvno) atoi(koptarg);
+                global_params.mask |= KADM5_CONFIG_ENCTYPE;
+        } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) {
+            global_params.kvno = (krb5_kvno) atoi(koptarg);
             if (global_params.kvno == IGNORE_VNO) {
                 com_err(progname, EINVAL, ": %s is an invalid mkeyVNO", koptarg);
                 exit(1);
             } else
                 global_params.mask |= KADM5_CONFIG_KVNO;
-       } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
-	    global_params.mkey_name = koptarg;
-	    global_params.mask |= KADM5_CONFIG_MKEY_NAME;
-       } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
-	    global_params.stash_file = koptarg;
-	    global_params.mask |= KADM5_CONFIG_STASH_FILE;
-       } else if (strcmp(*argv, "-m") == 0) {
-	    manual_mkey = TRUE;
-	    global_params.mkey_from_kbd = 1;
-	    global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
-       } else if (cmd_lookup(*argv) != NULL) {
-	    if (cmd_argv[0] == NULL)
-		 cmd_argv[0] = *argv;
-	    else
-		 usage();
-       } else {
-	    cmd_argv[cmd_argc++] = *argv;
-       }
-       argv++; argc--;
+        } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
+            global_params.mkey_name = koptarg;
+            global_params.mask |= KADM5_CONFIG_MKEY_NAME;
+        } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
+            global_params.stash_file = koptarg;
+            global_params.mask |= KADM5_CONFIG_STASH_FILE;
+        } else if (strcmp(*argv, "-m") == 0) {
+            manual_mkey = TRUE;
+            global_params.mkey_from_kbd = 1;
+            global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        } else if (cmd_lookup(*argv) != NULL) {
+            if (cmd_argv[0] == NULL)
+                cmd_argv[0] = *argv;
+            else
+                usage();
+        } else {
+            cmd_argv[cmd_argc++] = *argv;
+        }
+        argv++; argc--;
     }
 
     if (cmd_argv[0] == NULL)
-	 usage();
-    
+        usage();
+
     if( !util_context->default_realm )
     {
-	char *temp = NULL;
-	retval = krb5_get_default_realm(util_context, &temp);
-	if( retval )
-	{
-	    com_err (progname, retval, "while getting default realm");
-	    exit(1);
-	}
-	util_context->default_realm = temp;
+        char *temp = NULL;
+        retval = krb5_get_default_realm(util_context, &temp);
+        if( retval )
+        {
+            com_err (progname, retval, "while getting default realm");
+            exit(1);
+        }
+        util_context->default_realm = temp;
     }
 
     retval = kadm5_get_config_params(util_context, 1,
-				     &global_params, &global_params);
+                                     &global_params, &global_params);
     if (retval) {
-	 com_err(progname, retval, "while retreiving configuration parameters");
-	 exit(1);
+        com_err(progname, retval, "while retreiving configuration parameters");
+        exit(1);
     }
 
     /*
@@ -323,27 +324,27 @@ int main(argc, argv)
 
     master_keyblock.enctype = global_params.enctype;
     if ((master_keyblock.enctype != ENCTYPE_UNKNOWN) &&
-	(!krb5_c_valid_enctype(master_keyblock.enctype))) {
-	com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
-		"while setting up enctype %d", master_keyblock.enctype);
+        (!krb5_c_valid_enctype(master_keyblock.enctype))) {
+        com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+                "while setting up enctype %d", master_keyblock.enctype);
     }
 
     cmd = cmd_lookup(cmd_argv[0]);
     if (cmd->opendb && open_db_and_mkey())
-	 return exit_status;
+        return exit_status;
 
     if (global_params.iprop_enabled == TRUE)
-	ulog_set_role(util_context, IPROP_MASTER);
+        ulog_set_role(util_context, IPROP_MASTER);
     else
-	ulog_set_role(util_context, IPROP_NULL);
+        ulog_set_role(util_context, IPROP_NULL);
 
     (*cmd->func)(cmd_argc, cmd_argv);
 
     if( db_name_tmp )
-	free( db_name_tmp );
+        free( db_name_tmp );
 
     if( db5util_db_args )
-	free(db5util_db_args);
+        free(db5util_db_args);
 
     kadm5_free_config_params(util_context, &global_params);
     krb5_free_context(util_context);
@@ -362,24 +363,24 @@ void set_dbname(argc, argv)
     krb5_error_code retval;
 
     if (argc < 3) {
-	com_err(argv[0], 0, "Too few arguments");
-	com_err(progname, 0, "Usage: %s dbpathname realmname", argv[0]);
-	exit_status++;
-	return;
+        com_err(argv[0], 0, "Too few arguments");
+        com_err(progname, 0, "Usage: %s dbpathname realmname", argv[0]);
+        exit_status++;
+        return;
     }
     if (dbactive) {
-	if ((retval = krb5_db_fini(util_context)) && retval!= KRB5_KDB_DBNOTINITED) {
-	    com_err(progname, retval, "while closing previous database");
-	    exit_status++;
-	    return;
-	}
-	if (valid_master_key) {
-	    krb5_free_keyblock_contents(util_context, &master_keyblock);
-	    master_keyblock.contents = NULL;
-	    valid_master_key = 0;
-	}
-	krb5_free_principal(util_context, master_princ);
-	dbactive = FALSE;
+        if ((retval = krb5_db_fini(util_context)) && retval!= KRB5_KDB_DBNOTINITED) {
+            com_err(progname, retval, "while closing previous database");
+            exit_status++;
+            return;
+        }
+        if (valid_master_key) {
+            krb5_free_keyblock_contents(util_context, &master_keyblock);
+            master_keyblock.contents = NULL;
+            valid_master_key = 0;
+        }
+        krb5_free_principal(util_context, master_princ);
+        dbactive = FALSE;
     }
 
     (void) set_dbname_help(progname, argv[1]);
@@ -406,41 +407,41 @@ static int open_db_and_mkey()
     dbactive = FALSE;
     valid_master_key = 0;
 
-    if ((retval = krb5_db_open(util_context, db5util_db_args, 
-			       KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) {
-	com_err(progname, retval, "while initializing database");
-	exit_status++;
-	return(1);
+    if ((retval = krb5_db_open(util_context, db5util_db_args,
+                               KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) {
+        com_err(progname, retval, "while initializing database");
+        exit_status++;
+        return(1);
     }
 
-   /* assemble & parse the master key name */
+    /* assemble & parse the master key name */
 
     if ((retval = krb5_db_setup_mkey_name(util_context,
-					  global_params.mkey_name,
-					  global_params.realm, 
-					  0, &master_princ))) {
-	com_err(progname, retval, "while setting up master key name");
-	exit_status++;
-	return(1);
+                                          global_params.mkey_name,
+                                          global_params.realm,
+                                          0, &master_princ))) {
+        com_err(progname, retval, "while setting up master key name");
+        exit_status++;
+        return(1);
     }
     nentries = 1;
-    if ((retval = krb5_db_get_principal(util_context, master_princ, 
-					&master_entry, &nentries, &more))) {
-	com_err(progname, retval, "while retrieving master entry");
-	exit_status++;
-	(void) krb5_db_fini(util_context);
-	return(1);
+    if ((retval = krb5_db_get_principal(util_context, master_princ,
+                                        &master_entry, &nentries, &more))) {
+        com_err(progname, retval, "while retrieving master entry");
+        exit_status++;
+        (void) krb5_db_fini(util_context);
+        return(1);
     } else if (more) {
-	com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
-		"while retrieving master entry");
-	exit_status++;
-	(void) krb5_db_fini(util_context);
-	return(1);
+        com_err(progname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
+                "while retrieving master entry");
+        exit_status++;
+        (void) krb5_db_fini(util_context);
+        return(1);
     } else if (!nentries) {
-	com_err(progname, KRB5_KDB_NOENTRY, "while retrieving master entry");
-	exit_status++;
-	(void) krb5_db_fini(util_context);
-	return(1);
+        com_err(progname, KRB5_KDB_NOENTRY, "while retrieving master entry");
+        exit_status++;
+        (void) krb5_db_fini(util_context);
+        return(1);
     }
 
     if (global_params.mask & KADM5_CONFIG_KVNO)
@@ -450,43 +451,43 @@ static int open_db_and_mkey()
 
     /* the databases are now open, and the master principal exists */
     dbactive = TRUE;
-    
+
     if (mkey_password) {
-	pwd.data = mkey_password;
-	pwd.length = strlen(mkey_password);
-	retval = krb5_principal2salt(util_context, master_princ, &scratch);
-	if (retval) {
-	    com_err(progname, retval, "while calculated master key salt");
-	    exit_status++;
-	    return(1);
-	}
-
-	/* If no encryption type is set, use the default */
-	if (master_keyblock.enctype == ENCTYPE_UNKNOWN)
-	    master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(util_context, master_princ, &scratch);
+        if (retval) {
+            com_err(progname, retval, "while calculated master key salt");
+            exit_status++;
+            return(1);
+        }
+
+        /* If no encryption type is set, use the default */
+        if (master_keyblock.enctype == ENCTYPE_UNKNOWN)
+            master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
         if (!krb5_c_valid_enctype(master_keyblock.enctype))
             com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
                     "while setting up enctype %d",
                     master_keyblock.enctype);
 
-	retval = krb5_c_string_to_key(util_context, master_keyblock.enctype, 
-				      &pwd, &scratch, &master_keyblock);
-	if (retval) {
-	    com_err(progname, retval,
-		    "while transforming master key from password");
-	    exit_status++;
-	    return(1);
-	}
-	free(scratch.data);
-	mkey_password = 0;
+        retval = krb5_c_string_to_key(util_context, master_keyblock.enctype,
+                                      &pwd, &scratch, &master_keyblock);
+        if (retval) {
+            com_err(progname, retval,
+                    "while transforming master key from password");
+            exit_status++;
+            return(1);
+        }
+        free(scratch.data);
+        mkey_password = 0;
 
     } else {
-        if ((retval = krb5_db_fetch_mkey(util_context, master_princ, 
-					    master_keyblock.enctype,
-					    manual_mkey, FALSE,
-					    global_params.stash_file,
-					    &master_kvno,
-                                            0, &master_keyblock))) {
+        if ((retval = krb5_db_fetch_mkey(util_context, master_princ,
+                                         master_keyblock.enctype,
+                                         manual_mkey, FALSE,
+                                         global_params.stash_file,
+                                         &master_kvno,
+                                         0, &master_keyblock))) {
             com_err(progname, retval, "while reading master key");
             com_err(progname, 0, "Warning: proceeding without master key");
             exit_status++;
@@ -495,34 +496,34 @@ static int open_db_and_mkey()
     }
 #if 0 /************** Begin IFDEF'ed OUT *******************************/
     /* krb5_db_fetch_mkey_list will verify the mkey */
-    if ((retval = krb5_db_verify_master_key(util_context, master_princ, 
-					    master_kvno, &master_keyblock))) {
-	com_err(progname, retval, "while verifying master key");
-	exit_status++;
-	krb5_free_keyblock_contents(util_context, &master_keyblock);
-	return(1);
+    if ((retval = krb5_db_verify_master_key(util_context, master_princ,
+                                            master_kvno, &master_keyblock))) {
+        com_err(progname, retval, "while verifying master key");
+        exit_status++;
+        krb5_free_keyblock_contents(util_context, &master_keyblock);
+        return(1);
     }
 #endif /**************** END IFDEF'ed OUT *******************************/
 
     if ((retval = krb5_db_fetch_mkey_list(util_context, master_princ,
-				          &master_keyblock, master_kvno,
+                                          &master_keyblock, master_kvno,
                                           &master_keylist))) {
-	com_err(progname, retval, "while getting master key list");
-	com_err(progname, 0, "Warning: proceeding without master key list");
-	exit_status++;
-	return(0);
+        com_err(progname, retval, "while getting master key list");
+        com_err(progname, 0, "Warning: proceeding without master key list");
+        exit_status++;
+        return(0);
     }
 
     seed.length = master_keyblock.length;
     seed.data = (char *) master_keyblock.contents;
 
     if ((retval = krb5_c_random_seed(util_context, &seed))) {
-	com_err(progname, retval, "while seeding random number generator");
-	exit_status++;
-	memset(master_keyblock.contents, 0, master_keyblock.length);
-	krb5_free_keyblock_contents(util_context, &master_keyblock);
+        com_err(progname, retval, "while seeding random number generator");
+        exit_status++;
+        memset(master_keyblock.contents, 0, master_keyblock.length);
+        krb5_free_keyblock_contents(util_context, &master_keyblock);
         krb5_db_free_mkey_list(util_context, master_keylist);
-	return(1);
+        return(1);
     }
 
     valid_master_key = 1;
@@ -534,22 +535,22 @@ static int open_db_and_mkey()
 #undef getwd
 #endif
 
-int 
+int
 quit()
 {
     krb5_error_code retval;
     static krb5_boolean finished = 0;
 
     if (finished)
-	return 0;
+        return 0;
     krb5_db_free_mkey_list(util_context, master_keylist);
     retval = krb5_db_fini(util_context);
     memset(master_keyblock.contents, 0, master_keyblock.length);
     finished = TRUE;
     if (retval && retval != KRB5_KDB_DBNOTINITED) {
-	com_err(progname, retval, "while closing database");
-	exit_status++;
-	return 1;
+        com_err(progname, retval, "while closing database");
+        exit_status++;
+        return 1;
     }
     return 0;
 }
@@ -576,99 +577,99 @@ add_random_key(argc, argv)
     krb5_keyblock *tmp_mkey;
 
     if (argc < 2)
-	usage();
+        usage();
     for (argv++, argc--; *argv; argv++, argc--) {
-	if (!strcmp(*argv, "-e")) {
-	    argv++; argc--;
-	    ks_str = *argv;
-	    continue;
-	} else
-	    break;
+        if (!strcmp(*argv, "-e")) {
+            argv++; argc--;
+            ks_str = *argv;
+            continue;
+        } else
+            break;
     }
     if (argc < 1)
-	usage();
+        usage();
     pr_str = *argv;
     ret = krb5_parse_name(util_context, pr_str, &princ);
     if (ret) {
-	com_err(me, ret, "while parsing principal name %s", pr_str);
-	exit_status++;
-	return;
+        com_err(me, ret, "while parsing principal name %s", pr_str);
+        exit_status++;
+        return;
     }
     n = 1;
     ret = krb5_db_get_principal(util_context, princ, &dbent,
-				&n, &more);
+                                &n, &more);
     if (ret) {
-	com_err(me, ret, "while fetching principal %s", pr_str);
-	exit_status++;
-	return;
+        com_err(me, ret, "while fetching principal %s", pr_str);
+        exit_status++;
+        return;
     }
     if (n != 1) {
-	fprintf(stderr, "principal %s not found\n", pr_str);
-	exit_status++;
-	return;
+        fprintf(stderr, "principal %s not found\n", pr_str);
+        exit_status++;
+        return;
     }
     if (more) {
-	fprintf(stderr, "principal %s not unique\n", pr_str);
-	krb5_db_free_principal(util_context, &dbent, 1);
-	exit_status++;
-	return;
+        fprintf(stderr, "principal %s not unique\n", pr_str);
+        krb5_db_free_principal(util_context, &dbent, 1);
+        exit_status++;
+        return;
     }
     ret = krb5_string_to_keysalts(ks_str,
-				  ", \t", ":.-", 0,
-				  &keysalts,
-				  &num_keysalts);
+                                  ", \t", ":.-", 0,
+                                  &keysalts,
+                                  &num_keysalts);
     if (ret) {
-	com_err(me, ret, "while parsing keysalts %s", ks_str);
-	exit_status++;
-	return;
+        com_err(me, ret, "while parsing keysalts %s", ks_str);
+        exit_status++;
+        return;
     }
     if (!num_keysalts || keysalts == NULL) {
-	num_keysalts = global_params.num_keysalts;
-	keysalts = global_params.keysalts;
-	free_keysalts = 0;
+        num_keysalts = global_params.num_keysalts;
+        keysalts = global_params.keysalts;
+        free_keysalts = 0;
     } else
-	free_keysalts = 1;
+        free_keysalts = 1;
 
     /* Find the mkey used to protect the existing keys */
     ret = krb5_dbe_find_mkey(util_context, master_keylist, &dbent, &tmp_mkey);
     if (ret) {
-	com_err(me, ret, "while finding mkey");
-	exit_status++;
-	return;
+        com_err(me, ret, "while finding mkey");
+        exit_status++;
+        return;
     }
 
     ret = krb5_dbe_ark(util_context, tmp_mkey,
-		       keysalts, num_keysalts,
-		       &dbent);
+                       keysalts, num_keysalts,
+                       &dbent);
     if (free_keysalts)
-	free(keysalts);
+        free(keysalts);
     if (ret) {
-	com_err(me, ret, "while randomizing principal %s", pr_str);
-	krb5_db_free_principal(util_context, &dbent, 1);
-	exit_status++;
-	return;
+        com_err(me, ret, "while randomizing principal %s", pr_str);
+        krb5_db_free_principal(util_context, &dbent, 1);
+        exit_status++;
+        return;
     }
     dbent.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
     ret = krb5_timeofday(util_context, &now);
     if (ret) {
-	com_err(me, ret, "while getting time");
-	krb5_db_free_principal(util_context, &dbent, 1);
-	exit_status++;
-	return;
+        com_err(me, ret, "while getting time");
+        krb5_db_free_principal(util_context, &dbent, 1);
+        exit_status++;
+        return;
     }
     ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now);
     if (ret) {
-	com_err(me, ret, "while setting changetime");
-	krb5_db_free_principal(util_context, &dbent, 1);
-	exit_status++;
-	return;
+        com_err(me, ret, "while setting changetime");
+        krb5_db_free_principal(util_context, &dbent, 1);
+        exit_status++;
+        return;
     }
     ret = krb5_db_put_principal(util_context, &dbent, &n);
     krb5_db_free_principal(util_context, &dbent, 1);
     if (ret) {
-	com_err(me, ret, "while saving principal %s", pr_str);
-	exit_status++;
-	return;
+        com_err(me, ret, "while saving principal %s", pr_str);
+        exit_status++;
+        return;
     }
     printf("%s changed\n", pr_str);
 }
diff --git a/src/kadmin/dbutil/kdb5_util.h b/src/kadmin/dbutil/kdb5_util.h
index 6e99ac378..26a6a4168 100644
--- a/src/kadmin/dbutil/kdb5_util.h
+++ b/src/kadmin/dbutil/kdb5_util.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * admin/edit/kdb5_edit.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,14 +23,14 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #include <kdb_log.h>
 
-#define MAX_HEADER	1024
-#define REALM_SEP	'@'
-#define REALM_SEP_STR	"@"
+#define MAX_HEADER      1024
+#define REALM_SEP       '@'
+#define REALM_SEP_STR   "@"
 
 extern char *progname;
 extern char *Err_no_database;
@@ -52,31 +53,31 @@ extern int add_db_arg(char *arg);
 
 extern void usage(void);
 
-extern void add_key 
-	(char const *, char const *, 
-		   krb5_const_principal, const krb5_keyblock *, 
-		   krb5_kvno, krb5_keysalt *);
+extern void add_key
+(char const *, char const *,
+ krb5_const_principal, const krb5_keyblock *,
+ krb5_kvno, krb5_keysalt *);
 extern int set_dbname_help
-	(char *, char *);
+(char *, char *);
 
 extern char *kdb5_util_Init (int, char **);
 
 extern int quit (void);
 
 extern int check_for_match
-	(char *, int, krb5_db_entry *, int, int);
+(char *, int, krb5_db_entry *, int, int);
 
 extern void parse_token
-	(char *, int *, int *, char *);
+(char *, int *, int *, char *);
 
 extern int create_db_entry (krb5_principal, krb5_db_entry *);
 
 extern int kadm5_create_magic_princs (kadm5_config_params *params,
-						krb5_context context);
+                                      krb5_context context);
 
-extern int process_ov_principal (char *fname, krb5_context kcontext, 
-					   FILE *filep, int verbose, 
-					   int *linenop);
+extern int process_ov_principal (char *fname, krb5_context kcontext,
+                                 FILE *filep, int verbose,
+                                 int *linenop);
 
 extern void load_db (int argc, char **argv);
 extern void dump_db (int argc, char **argv);
@@ -88,7 +89,7 @@ extern void kdb5_use_mkey (int argc, char **argv);
 extern void kdb5_list_mkeys (int argc, char **argv);
 extern void kdb5_update_princ_encryption (int argc, char **argv);
 extern krb5_error_code master_key_convert(krb5_context context,
-					  krb5_db_entry *db_entry);
+                                          krb5_db_entry *db_entry);
 extern void kdb5_purge_mkeys (int argc, char **argv);
 
 extern void update_ok_file (char *file_name);
@@ -101,4 +102,3 @@ extern krb5_error_code add_new_mkey(krb5_context, krb5_db_entry *,
 extern krb5_kvno get_next_kvno(krb5_context, krb5_db_entry *);
 
 void usage (void);
-
diff --git a/src/kadmin/dbutil/nstrtok.h b/src/kadmin/dbutil/nstrtok.h
index f7f0d4a69..3ee8f634c 100644
--- a/src/kadmin/dbutil/nstrtok.h
+++ b/src/kadmin/dbutil/nstrtok.h
@@ -1,3 +1,3 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* Prototype for nstrtok */
 char *nstrtok(char *, const char *delim);
-
diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c
index 46036478f..e2afd5844 100644
--- a/src/kadmin/dbutil/ovload.c
+++ b/src/kadmin/dbutil/ovload.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include    <unistd.h>
 #include    <string.h>
 #include    <stdlib.h>
@@ -14,172 +15,172 @@
 #include    "kdb5_util.h"
 #include    "nstrtok.h"
 
-#define LINESIZE	32768 /* XXX */
+#define LINESIZE        32768 /* XXX */
 
 static int parse_pw_hist_ent(current, hist)
-   char *current;
-   osa_pw_hist_ent *hist;
+    char *current;
+    osa_pw_hist_ent *hist;
 {
-     int tmp, i, j, ret;
-     char *cp;
-
-     ret = 0;
-     hist->n_key_data = 1;
-
-     hist->key_data = (krb5_key_data *) malloc(hist->n_key_data *
-					       sizeof(krb5_key_data));
-     if (hist->key_data == NULL)
-	  return ENOMEM;
-     memset(hist->key_data, 0, sizeof(krb5_key_data)*hist->n_key_data);
-
-     for (i = 0; i < hist->n_key_data; i++) {
-	  krb5_key_data *key_data = &hist->key_data[i];
-
-	  key_data->key_data_ver = 1;
-	  
-	  if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
-	       com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-	       ret = IMPORT_FAILED;
-	       goto done;
-	  }
-	  key_data->key_data_type[0] = atoi(cp);
-
-	  if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
-	       com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-	       ret =  IMPORT_FAILED;
-	       goto done;
-	  }
-	  key_data->key_data_length[0] = atoi(cp);
-	  
-	  if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
-	       com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-	       ret = IMPORT_FAILED;
-	       goto done;
-	  }
-	  if(!(key_data->key_data_contents[0] =
-	       (krb5_octet *) malloc(key_data->key_data_length[0]+1))) {
-	       ret = ENOMEM;
-	       goto done;
-	  }
-	  for(j = 0; j < key_data->key_data_length[0]; j++) {
-	       if(sscanf(cp, "%02x", &tmp) != 1) {
-		    com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-		    ret = IMPORT_FAILED;
-		    goto done;
-	       }
-	       key_data->key_data_contents[0][j] = tmp;
-	       cp = strchr(cp, ' ') + 1;
-	  }
-     }
-     
+    int tmp, i, j, ret;
+    char *cp;
+
+    ret = 0;
+    hist->n_key_data = 1;
+
+    hist->key_data = (krb5_key_data *) malloc(hist->n_key_data *
+                                              sizeof(krb5_key_data));
+    if (hist->key_data == NULL)
+        return ENOMEM;
+    memset(hist->key_data, 0, sizeof(krb5_key_data)*hist->n_key_data);
+
+    for (i = 0; i < hist->n_key_data; i++) {
+        krb5_key_data *key_data = &hist->key_data[i];
+
+        key_data->key_data_ver = 1;
+
+        if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+            com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+            ret = IMPORT_FAILED;
+            goto done;
+        }
+        key_data->key_data_type[0] = atoi(cp);
+
+        if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+            com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+            ret =  IMPORT_FAILED;
+            goto done;
+        }
+        key_data->key_data_length[0] = atoi(cp);
+
+        if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
+            com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+            ret = IMPORT_FAILED;
+            goto done;
+        }
+        if(!(key_data->key_data_contents[0] =
+             (krb5_octet *) malloc(key_data->key_data_length[0]+1))) {
+            ret = ENOMEM;
+            goto done;
+        }
+        for(j = 0; j < key_data->key_data_length[0]; j++) {
+            if(sscanf(cp, "%02x", &tmp) != 1) {
+                com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+                ret = IMPORT_FAILED;
+                goto done;
+            }
+            key_data->key_data_contents[0][j] = tmp;
+            cp = strchr(cp, ' ') + 1;
+        }
+    }
+
 done:
-     return ret;
+    return ret;
 }
 
 /*
  * Function: parse_principal
- * 
+ *
  * Purpose: parse principal line in db dump file
  *
  * Arguments:
- * 	<return value>	0 on success, error code on failure
+ *      <return value>  0 on success, error code on failure
  *
  * Requires:
- *	principal database to be opened.
- *	nstrtok(3) to have a valid buffer in memory.
- * 
+ *      principal database to be opened.
+ *      nstrtok(3) to have a valid buffer in memory.
+ *
  * Effects:
- *	[effects]
+ *      [effects]
  *
  * Modifies:
- *	[modifies]
- * 
+ *      [modifies]
+ *
  */
 int process_ov_principal(fname, kcontext, filep, verbose, linenop)
-    char		*fname;
-    krb5_context	kcontext;
-    FILE		*filep;
-    int			verbose;
-    int			*linenop;
+    char                *fname;
+    krb5_context        kcontext;
+    FILE                *filep;
+    int                 verbose;
+    int                 *linenop;
 {
-    XDR			    xdrs;
-    osa_princ_ent_t	    rec;
-    krb5_error_code	    ret;
-    krb5_tl_data	    tl_data;
-    krb5_principal	    princ;
-    krb5_db_entry	    kdb;
-    char		    *current = 0;
-    char		    *cp;
-    int			    x, one;
-    krb5_boolean	    more;
-    char		    line[LINESIZE];
+    XDR                     xdrs;
+    osa_princ_ent_t         rec;
+    krb5_error_code         ret;
+    krb5_tl_data            tl_data;
+    krb5_principal          princ;
+    krb5_db_entry           kdb;
+    char                    *current = 0;
+    char                    *cp;
+    int                     x, one;
+    krb5_boolean            more;
+    char                    line[LINESIZE];
 
     if (fgets(line, LINESIZE, filep) == (char *) NULL) {
-	 return IMPORT_BAD_FILE;
+        return IMPORT_BAD_FILE;
     }
     if((cp = nstrtok(line, "\t")) == NULL)
-	return IMPORT_BAD_FILE;
+        return IMPORT_BAD_FILE;
     if((rec = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset(rec, 0, sizeof(osa_princ_ent_rec));
-    if((ret = krb5_parse_name(kcontext, cp, &princ))) 
-	goto done;
+    if((ret = krb5_parse_name(kcontext, cp, &princ)))
+        goto done;
     krb5_unparse_name(kcontext, princ, &current);
     if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
-	com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-	ret =  IMPORT_FAILED;
-	goto done;
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret =  IMPORT_FAILED;
+        goto done;
     } else {
-	if(strcmp(cp, "")) {
-	    if((rec->policy = strdup(cp)) == NULL)  {
-		ret = ENOMEM;
-		goto done;
-	    }
-	} else rec->policy = NULL;
+        if(strcmp(cp, "")) {
+            if((rec->policy = strdup(cp)) == NULL)  {
+                ret = ENOMEM;
+                goto done;
+            }
+        } else rec->policy = NULL;
     }
     if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
-	com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-	ret = IMPORT_FAILED;
-	goto done;
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret = IMPORT_FAILED;
+        goto done;
     }
     rec->aux_attributes = strtol(cp, (char  **)NULL, 16);
     if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
-	com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-	ret = IMPORT_FAILED;
-	goto done;
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret = IMPORT_FAILED;
+        goto done;
     }
     rec->old_key_len = atoi(cp);
     if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
-	com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-	ret = IMPORT_FAILED;
-	goto done;
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret = IMPORT_FAILED;
+        goto done;
     }
     rec->old_key_next = atoi(cp);
     if((cp = nstrtok((char *) NULL, "\t")) == NULL) {
-	com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
-	ret = IMPORT_FAILED;
-	goto done;
+        com_err(NULL, IMPORT_BAD_RECORD, "%s", current);
+        ret = IMPORT_FAILED;
+        goto done;
     }
     rec->admin_history_kvno = atoi(cp);
     if (! rec->old_key_len) {
-       rec->old_keys = NULL;
+        rec->old_keys = NULL;
     } else {
-       if(!(rec->old_keys = (osa_pw_hist_ent *)
-	    malloc(sizeof(osa_pw_hist_ent) * rec->old_key_len))) {
-	  ret = ENOMEM;
-	  goto done;
-       }
-       memset(rec->old_keys,0,
-	      sizeof(osa_pw_hist_ent) * rec->old_key_len);
-       for(x = 0; x < rec->old_key_len; x++)
-	    parse_pw_hist_ent(current, &rec->old_keys[x]);
+        if(!(rec->old_keys = (osa_pw_hist_ent *)
+             malloc(sizeof(osa_pw_hist_ent) * rec->old_key_len))) {
+            ret = ENOMEM;
+            goto done;
+        }
+        memset(rec->old_keys,0,
+               sizeof(osa_pw_hist_ent) * rec->old_key_len);
+        for(x = 0; x < rec->old_key_len; x++)
+            parse_pw_hist_ent(current, &rec->old_keys[x]);
     }
 
     xdralloc_create(&xdrs, XDR_ENCODE);
     if (! xdr_osa_princ_ent_rec(&xdrs, rec)) {
-	 xdr_destroy(&xdrs);
-	 ret = KADM5_XDR_FAILURE;
-	 goto done;
+        xdr_destroy(&xdrs);
+        ret = KADM5_XDR_FAILURE;
+        goto done;
     }
 
     tl_data.tl_data_type = KRB5_TL_KADM_DATA;
@@ -189,15 +190,15 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop)
     one = 1;
     ret = krb5_db_get_principal(kcontext, princ, &kdb, &one, &more);
     if (ret)
-	 goto done;
-    
+        goto done;
+
     ret = krb5_dbe_update_tl_data(kcontext, &kdb, &tl_data);
     if (ret)
-	 goto done;
+        goto done;
 
     ret = krb5_db_put_principal(kcontext, &kdb, &one);
     if (ret)
-	 goto done;
+        goto done;
 
     xdr_destroy(&xdrs);
 
diff --git a/src/kadmin/dbutil/string_table.c b/src/kadmin/dbutil/string_table.c
index 1caa1402e..27def9d75 100644
--- a/src/kadmin/dbutil/string_table.c
+++ b/src/kadmin/dbutil/string_table.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
- * 
+ *
  */
 
 /* String table of messages for kadm5_create */
@@ -15,36 +16,36 @@ char *str_CHANGEPW_PRINC_EXISTS = "Warning! Changepw principal already exists.";
 
 char *str_HISTORY_PRINC_EXISTS = "Warning! Admin history principal already exists.";
 
-char *str_ADMIN_PRINC_WRONG_ATTRS = 
+char *str_ADMIN_PRINC_WRONG_ATTRS =
     "Warning! Admin principal has incorrect attributes.\n"
     "\tDISALLOW_TGT should be set, and max_life should be three hours.\n"
     "\tThis program will leave them as-is, but beware!.";
 
-char *str_CHANGEPW_PRINC_WRONG_ATTRS = 
+char *str_CHANGEPW_PRINC_WRONG_ATTRS =
     "Warning! Changepw principal has incorrect attributes.\n"
     "\tDISALLOW_TGT and PW_CHANGE_SERVICE should both be set, and "
-     "max_life should be five minutes.\n"
+    "max_life should be five minutes.\n"
     "\tThis program will leave them as-is, but beware!.";
 
-char *str_HISTORY_PRINC_WRONG_ATTRS = 
+char *str_HISTORY_PRINC_WRONG_ATTRS =
     "Warning! Admin history principal has incorrect attributes.\n"
-    "\tDISALLOW_ALL_TIX should be set.\n" 
+    "\tDISALLOW_ALL_TIX should be set.\n"
     "\tThis program will leave it as-is, but beware!.";
 
 char *str_CREATED_PRINC_DB =
-	"%s: Admin principal database created (or it already existed).\n"; /* whoami */
+    "%s: Admin principal database created (or it already existed).\n"; /* whoami */
 
 char *str_CREATED_POLICY_DB =
-	"%s: Admin policy database created (or it already existed).\n"; /* whoami */
+    "%s: Admin policy database created (or it already existed).\n"; /* whoami */
 
 char *str_RANDOM_KEY =
-	"while calling random key for %s.";  /* principal name */
+    "while calling random key for %s.";  /* principal name */
 
 char *str_ENCRYPT_KEY =
-	"while calling encrypt key for %s."; /* principal name */
+    "while calling encrypt key for %s."; /* principal name */
 
 char *str_PUT_PRINC =
-	"while storing %s in Kerberos database.";  /* principal name */
+    "while storing %s in Kerberos database.";  /* principal name */
 
 char *str_CREATING_POLICY_DB = "while creating/opening admin policy database.";
 
@@ -55,7 +56,7 @@ char *str_CREATING_PRINC_DB = "while creating/opening admin principal database."
 char *str_CLOSING_PRINC_DB = "while closing admin principal database.";
 
 char *str_CREATING_PRINC_ENTRY =
-	"while creating admin principal database entry for %s."; /* princ_name */
+    "while creating admin principal database entry for %s."; /* princ_name */
 
 char *str_A_PRINC = "a principal";
 
@@ -65,20 +66,20 @@ char *str_CREATED_PRINC = "%s: Created %s principal.\n"; /* whoami, princ_name *
 
 char *str_INIT_KDB = "while initializing kdb.";
 
-char *str_NO_KDB = 
-"while initializing kdb.\nThe Kerberos KDC database needs to exist in /krb5.\n\
+char *str_NO_KDB =
+    "while initializing kdb.\nThe Kerberos KDC database needs to exist in /krb5.\n\
 If you haven't run kdb5_create you need to do so before running this command.";
 
 
 char *str_INIT_RANDOM_KEY = "while initializing random key generator.";
 
-char *str_TOO_MANY_ADMIN_PRINC = 
-	"while fetching admin princ. Can only have one admin principal.";
+char *str_TOO_MANY_ADMIN_PRINC =
+    "while fetching admin princ. Can only have one admin principal.";
 
-char *str_TOO_MANY_CHANGEPW_PRINC = 
-	"while fetching changepw princ. Can only have one changepw principal.";
+char *str_TOO_MANY_CHANGEPW_PRINC =
+    "while fetching changepw princ. Can only have one changepw principal.";
 
-char *str_TOO_MANY_HIST_PRINC = 
-	"while fetching history princ. Can only have one history principal.";
+char *str_TOO_MANY_HIST_PRINC =
+    "while fetching history princ. Can only have one history principal.";
 
 char *str_WHILE_DESTROYING_ADMIN_SESSION = "while closing session with admin server and destroying tickets.";
diff --git a/src/kadmin/dbutil/string_table.h b/src/kadmin/dbutil/string_table.h
index b89b9f1fa..83acfefd2 100644
--- a/src/kadmin/dbutil/string_table.h
+++ b/src/kadmin/dbutil/string_table.h
@@ -1,12 +1,13 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
-  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
-  * 
-  * $Header$
-  *
-  */
- 
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
+ *
+ * $Header$
+ *
+ */
+
 #ifndef _OVSEC_ADM_STRINGS_
- 
+
 extern char *str_PARSE_NAME;
 extern char *str_HISTORY_PARSE_NAME;
 extern char *str_ADMIN_PRINC_EXISTS;
@@ -35,5 +36,5 @@ extern char *str_TOO_MANY_ADMIN_PRINC;
 extern char *str_TOO_MANY_CHANGEPW_PRINC;
 extern char *str_TOO_MANY_HIST_PRINC;
 extern char *str_WHILE_DESTROYING_ADMIN_SESSION;
- 
+
 #endif /* _OVSEC_ADM_STRINGS_ */
diff --git a/src/kadmin/dbutil/strtok.c b/src/kadmin/dbutil/strtok.c
index 80117a31b..0640c747e 100644
--- a/src/kadmin/dbutil/strtok.c
+++ b/src/kadmin/dbutil/strtok.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -28,78 +29,77 @@
 
 /*
  * Function: nstrtok
- * 
+ *
  * Purpose: the same as strtok ... just different. does not deal with
- *	    multiple tokens in row.
+ *          multiple tokens in row.
  *
  * Arguments:
- *	s	    (input) string to scan
- *	delim	    (input) list of delimiters
- * 	<return value> string or null on error.
+ *      s           (input) string to scan
+ *      delim       (input) list of delimiters
+ *      <return value> string or null on error.
  *
  * Requires:
- *	nuttin
- * 
+ *      nuttin
+ *
  * Effects:
- *	sets last to string
+ *      sets last to string
  *
  * Modifies:
- *	last
- * 
+ *      last
+ *
  */
 
 char *
 nstrtok(s, delim)
-	register char *s;
-	register const char *delim;
+    register char *s;
+    register const char *delim;
 {
-	register const char *spanp;
-	register int c, sc;
-	char *tok;
-	static char *last;
+    register const char *spanp;
+    register int c, sc;
+    char *tok;
+    static char *last;
 
 
-	if (s == NULL && (s = last) == NULL)
-		return (NULL);
+    if (s == NULL && (s = last) == NULL)
+        return (NULL);
 
-	/*
-	 * Skip (span) leading delimiters (s += strspn(s, delim), sort of).
-	 */
-#ifdef OLD	 
+    /*
+     * Skip (span) leading delimiters (s += strspn(s, delim), sort of).
+     */
+#ifdef OLD
 cont:
-	c = *s++;
-	for (spanp = delim; (sc = *spanp++) != 0;) {
-		if (c == sc)
-			goto cont;
-	}
+    c = *s++;
+    for (spanp = delim; (sc = *spanp++) != 0;) {
+        if (c == sc)
+            goto cont;
+    }
 
-	if (c == 0) {		/* no non-delimiter characters */
-		last = NULL;
-		return (NULL);
-	}
-	tok = s - 1;
+    if (c == 0) {           /* no non-delimiter characters */
+        last = NULL;
+        return (NULL);
+    }
+    tok = s - 1;
 #else
-	tok = s;
-#endif	
+    tok = s;
+#endif
 
-	/*
-	 * Scan token (scan for delimiters: s += strcspn(s, delim), sort of).
-	 * Note that delim must have one NUL; we stop if we see that, too.
-	 */
-	for (;;) {
-		c = *s++;
-		spanp = delim;
-		do {
-			if ((sc = *spanp++) == c) {
-				if (c == 0)
-					s = NULL;
-				else
-					s[-1] = 0;
-				last = s;
-				return (tok);
-			}
-		} while (sc != 0);
-	}
-	/* NOTREACHED */
+    /*
+     * Scan token (scan for delimiters: s += strcspn(s, delim), sort of).
+     * Note that delim must have one NUL; we stop if we see that, too.
+     */
+    for (;;) {
+        c = *s++;
+        spanp = delim;
+        do {
+            if ((sc = *spanp++) == c) {
+                if (c == 0)
+                    s = NULL;
+                else
+                    s[-1] = 0;
+                last = s;
+                return (tok);
+            }
+        } while (sc != 0);
+    }
+    /* NOTREACHED */
 }
-
diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c
index 5a6ee783b..c5f0fe0af 100644
--- a/src/kadmin/ktutil/ktutil.c
+++ b/src/kadmin/ktutil/ktutil.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ktutil/ktutil.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * SS user interface for ktutil.
  */
 
@@ -50,13 +51,13 @@ int main(argc, argv)
     retval = krb5_init_context(&kcontext);
     if (retval) {
         com_err(argv[0], retval, "while initializing krb5");
-	exit(1);
+        exit(1);
     }
     sci_idx = ss_create_invocation("ktutil", "5.0", (char *)NULL,
-				   &ktutil_cmds, &retval);
+                                   &ktutil_cmds, &retval);
     if (retval) {
-	ss_perror(sci_idx, retval, "creating invocation");
-	exit(1);
+        ss_perror(sci_idx, retval, "creating invocation");
+        exit(1);
     }
     retval = ss_listen(sci_idx);
     ktutil_free_kt_list(kcontext, ktlist);
@@ -70,12 +71,12 @@ void ktutil_clear_list(argc, argv)
     krb5_error_code retval;
 
     if (argc != 1) {
-	fprintf(stderr, "%s: invalid arguments\n", argv[0]);
-	return;
+        fprintf(stderr, "%s: invalid arguments\n", argv[0]);
+        return;
     }
     retval = ktutil_free_kt_list(kcontext, ktlist);
     if (retval)
-	com_err(argv[0], retval, "while freeing ktlist");
+        com_err(argv[0], retval, "while freeing ktlist");
     ktlist = NULL;
 }
 
@@ -86,12 +87,12 @@ void ktutil_read_v5(argc, argv)
     krb5_error_code retval;
 
     if (argc != 2) {
-	fprintf(stderr, "%s: must specify keytab to read\n", argv[0]);
-	return;
+        fprintf(stderr, "%s: must specify keytab to read\n", argv[0]);
+        return;
     }
     retval = ktutil_read_keytab(kcontext, argv[1], &ktlist);
     if (retval)
-	com_err(argv[0], retval, "while reading keytab \"%s\"", argv[1]);
+        com_err(argv[0], retval, "while reading keytab \"%s\"", argv[1]);
 }
 
 void ktutil_read_v4(argc, argv)
@@ -101,12 +102,12 @@ void ktutil_read_v4(argc, argv)
     krb5_error_code retval;
 
     if (argc != 2) {
-	fprintf(stderr, "%s: must specify the srvtab to read\n", argv[0]);
-	return;
+        fprintf(stderr, "%s: must specify the srvtab to read\n", argv[0]);
+        return;
     }
     retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist);
     if (retval)
-	com_err(argv[0], retval, "while reading srvtab \"%s\"", argv[1]);
+        com_err(argv[0], retval, "while reading srvtab \"%s\"", argv[1]);
 }
 
 void ktutil_write_v5(argc, argv)
@@ -116,12 +117,12 @@ void ktutil_write_v5(argc, argv)
     krb5_error_code retval;
 
     if (argc != 2) {
-	fprintf(stderr, "%s: must specify keytab to write\n", argv[0]);
-	return;
+        fprintf(stderr, "%s: must specify keytab to write\n", argv[0]);
+        return;
     }
     retval = ktutil_write_keytab(kcontext, ktlist, argv[1]);
     if (retval)
-	com_err(argv[0], retval, "while writing keytab \"%s\"", argv[1]);
+        com_err(argv[0], retval, "while writing keytab \"%s\"", argv[1]);
 }
 
 void ktutil_write_v4(argc, argv)
@@ -139,35 +140,35 @@ void ktutil_add_entry(argc, argv)
     char *princ = NULL;
     char *enctype = NULL;
     krb5_kvno kvno = 0;
-    int use_pass = 0, use_key = 0, i;    
+    int use_pass = 0, use_key = 0, i;
 
     for (i = 1; i < argc; i++) {
-	if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
-	    princ = argv[++i];
-	    continue;
-	}
-	if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
-	    kvno = (krb5_kvno) atoi(argv[++i]);
-	    continue;
-	}
-	if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
-	    enctype = argv[++i];
-	    continue;
-	}
-	if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) {
-	    use_pass++;
-	    continue;
-	}
-	if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) {
-	    use_key++;
-	    continue;
-	}
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
+            princ = argv[++i];
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
+            kvno = (krb5_kvno) atoi(argv[++i]);
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
+            enctype = argv[++i];
+            continue;
+        }
+        if ((strlen(argv[i]) == 9) && !strncmp(argv[i], "-password", 9)) {
+            use_pass++;
+            continue;
+        }
+        if ((strlen(argv[i]) == 4) && !strncmp(argv[i], "-key", 4)) {
+            use_key++;
+            continue;
+        }
     }
 
     if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) {
         fprintf(stderr, "usage: %s (-key | -password) -p principal "
-		"-k kvno -e enctype\n", argv[0]);
-	return;
+                "-k kvno -e enctype\n", argv[0]);
+        return;
     }
 
     retval = ktutil_add(kcontext, &ktlist, princ, kvno, enctype, use_pass);
@@ -182,12 +183,12 @@ void ktutil_delete_entry(argc, argv)
     krb5_error_code retval;
 
     if (argc != 2) {
-	fprintf(stderr, "%s: must specify entry to delete\n", argv[0]);
-	return;
+        fprintf(stderr, "%s: must specify entry to delete\n", argv[0]);
+        return;
     }
     retval = ktutil_delete(kcontext, &ktlist, atoi(argv[1]));
     if (retval)
-	com_err(argv[0], retval, "while deleting entry %d", atoi(argv[1]));
+        com_err(argv[0], retval, "while deleting entry %d", atoi(argv[1]));
 }
 
 void ktutil_list(argc, argv)
@@ -201,80 +202,70 @@ void ktutil_list(argc, argv)
     char *pname;
 
     for (i = 1; i < argc; i++) {
-	if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) {
-	    show_time++;
-	    continue;
-	}
-	if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
-	    show_keys++;
-	    continue;
-	}
-	if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
-	    show_enctype++;
-	    continue;
-	}
-
-	fprintf(stderr, "%s: usage: %s [-t] [-k] [-e]\n", argv[0], argv[0]);
-	return;
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-t", 2)) {
+            show_time++;
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
+            show_keys++;
+            continue;
+        }
+        if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
+            show_enctype++;
+            continue;
+        }
+
+        fprintf(stderr, "%s: usage: %s [-t] [-k] [-e]\n", argv[0], argv[0]);
+        return;
     }
     if (show_time) {
-	printf("slot KVNO Timestamp         Principal\n");
-	printf("---- ---- ----------------- ---------------------------------------------------\n");
+        printf("slot KVNO Timestamp         Principal\n");
+        printf("---- ---- ----------------- ---------------------------------------------------\n");
     } else {
-	printf("slot KVNO Principal\n");
-	printf("---- ---- ---------------------------------------------------------------------\n");
+        printf("slot KVNO Principal\n");
+        printf("---- ---- ---------------------------------------------------------------------\n");
     }
     for (i = 1, lp = ktlist; lp; i++, lp = lp->next) {
-	retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname);
-	if (retval) {
-	    com_err(argv[0], retval, "while unparsing principal name");
-	    return;
-	}
-	printf("%4d %4d ", i, lp->entry->vno);
-	if (show_time) {
-	    char fmtbuf[18];
-	    char fill;
-	    time_t tstamp;
-
-	    tstamp = lp->entry->timestamp;
-	    (void) localtime(&tstamp);
-	    lp->entry->timestamp = tstamp;
-	    fill = ' ';
-	    if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry->
-					    	timestamp,
-					    fmtbuf,
-					    sizeof(fmtbuf),
-					    &fill))
-		printf("%s ", fmtbuf);
-	}
-	printf("%40s", pname);
-	if (show_enctype) {
-	    static char buf[256];
-		if ((retval = krb5_enctype_to_string(
-		    lp->entry->key.enctype, buf, 256))) {
-		    com_err(argv[0], retval, "While converting enctype to string");
-		    return;
-		}
-	    printf(" (%s) ", buf);
-	}
-	
-	if (show_keys) {
-	    printf(" (0x");
-	    for (j = 0; j < lp->entry->key.length; j++)
-		printf("%02x", lp->entry->key.contents[j]);
-	    printf(")");
-	}
-	printf("\n");
-	free(pname);
+        retval = krb5_unparse_name(kcontext, lp->entry->principal, &pname);
+        if (retval) {
+            com_err(argv[0], retval, "while unparsing principal name");
+            return;
+        }
+        printf("%4d %4d ", i, lp->entry->vno);
+        if (show_time) {
+            char fmtbuf[18];
+            char fill;
+            time_t tstamp;
+
+            tstamp = lp->entry->timestamp;
+            (void) localtime(&tstamp);
+            lp->entry->timestamp = tstamp;
+            fill = ' ';
+            if (!krb5_timestamp_to_sfstring((krb5_timestamp)lp->entry->
+                                            timestamp,
+                                            fmtbuf,
+                                            sizeof(fmtbuf),
+                                            &fill))
+                printf("%s ", fmtbuf);
+        }
+        printf("%40s", pname);
+        if (show_enctype) {
+            static char buf[256];
+            if ((retval = krb5_enctype_to_string(
+                     lp->entry->key.enctype, buf, 256))) {
+                com_err(argv[0], retval, "While converting enctype to string");
+                return;
+            }
+            printf(" (%s) ", buf);
+        }
+
+        if (show_keys) {
+            printf(" (0x");
+            for (j = 0; j < lp->entry->key.length; j++)
+                printf("%02x", lp->entry->key.contents[j]);
+            printf(")");
+        }
+        printf("\n");
+        free(pname);
     }
 }
-
-
-
-
-
-
-
-
-
-
diff --git a/src/kadmin/ktutil/ktutil.h b/src/kadmin/ktutil/ktutil.h
index 5ecc7d4ad..7a3c53e56 100644
--- a/src/kadmin/ktutil/ktutil.h
+++ b/src/kadmin/ktutil/ktutil.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ktutil/ktutil.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 typedef struct _krb5_kt_list {
@@ -35,23 +36,23 @@ krb5_error_code ktutil_free_kt_list (krb5_context, krb5_kt_list);
 krb5_error_code ktutil_delete (krb5_context, krb5_kt_list *, int);
 
 krb5_error_code ktutil_add (krb5_context,
-			    krb5_kt_list *,
-			    char *,
-			    krb5_kvno,
-			    char *,
-			    int);
+                            krb5_kt_list *,
+                            char *,
+                            krb5_kvno,
+                            char *,
+                            int);
 
 krb5_error_code ktutil_read_keytab (krb5_context,
-				    char *,
-				    krb5_kt_list *);
+                                    char *,
+                                    krb5_kt_list *);
 
 krb5_error_code ktutil_write_keytab (krb5_context,
-				     krb5_kt_list,
-				     char *);
+                                     krb5_kt_list,
+                                     char *);
 
 krb5_error_code ktutil_read_srvtab (krb5_context,
-				    char *,
-				    krb5_kt_list *);
+                                    char *,
+                                    krb5_kt_list *);
 
 void ktutil_add_entry (int, char *[]);
 
diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c
index e3e9204d9..1aa74dec8 100644
--- a/src/kadmin/ktutil/ktutil_funcs.c
+++ b/src/kadmin/ktutil/ktutil_funcs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ktutil/ktutil_funcs.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * Utility functions for ktutil.
  */
 
@@ -42,13 +43,13 @@ krb5_error_code ktutil_free_kt_list(context, list)
     krb5_error_code retval = 0;
 
     for (lp = list; lp;) {
-	retval = krb5_kt_free_entry(context, lp->entry);
-	free(lp->entry);
-	if (retval)
-	    break;
-	prev = lp;
-	lp = lp->next;
-	free(prev);
+        retval = krb5_kt_free_entry(context, lp->entry);
+        free(lp->entry);
+        if (retval)
+            break;
+        prev = lp;
+        lp = lp->next;
+        free(prev);
     }
     return retval;
 }
@@ -66,14 +67,14 @@ krb5_error_code ktutil_delete(context, list, idx)
     int i;
 
     for (lp = *list, i = 1; lp; prev = lp, lp = lp->next, i++) {
-	if (i == idx) {
-	    if (i == 1)
-		*list = lp->next;
-	    else
-		prev->next = lp->next;
-	    lp->next = NULL;
-	    return ktutil_free_kt_list(context, lp);
-	}
+        if (i == idx) {
+            if (i == 1)
+                *list = lp->next;
+            else
+                prev->next = lp->next;
+            lp->next = NULL;
+            return ktutil_free_kt_list(context, lp);
+        }
     }
     return EINVAL;
 }
@@ -85,7 +86,7 @@ krb5_error_code ktutil_delete(context, list, idx)
  * one first.
  */
 krb5_error_code ktutil_add(context, list, princ_str, kvno,
-			   enctype_str, use_pass)
+                           enctype_str, use_pass)
     krb5_context context;
     krb5_kt_list *list;
     char *princ_str;
@@ -117,7 +118,7 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno,
     if (retval)
         return retval;
     retval = krb5_string_to_enctype(enctype_str, &enctype);
-    if (retval) 
+    if (retval)
         return KRB5_BAD_ENCTYPE;
     retval = krb5_timeofday(context, &now);
     if (retval)
@@ -133,93 +134,93 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno,
     }
     memset(entry, 0, sizeof(*entry));
 
-    if (!lp) {		/* if list is empty, start one */
+    if (!lp) {          /* if list is empty, start one */
         lp = (krb5_kt_list) malloc(sizeof(*lp));
-	if (!lp) {
-	    return ENOMEM;
-	}
+        if (!lp) {
+            return ENOMEM;
+        }
     } else {
         lp->next = (krb5_kt_list) malloc(sizeof(*lp));
-	if (!lp->next) {
-	    return ENOMEM;
-	}
-	prev = lp;
-	lp = lp->next;
-    }          
+        if (!lp->next) {
+            return ENOMEM;
+        }
+        prev = lp;
+        lp = lp->next;
+    }
     lp->next = NULL;
     lp->entry = entry;
 
     if (use_pass) {
         password.length = pwsize;
-	password.data = (char *) malloc(pwsize);
-	if (!password.data) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
+        password.data = (char *) malloc(pwsize);
+        if (!password.data) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
 
-	snprintf(promptstr, sizeof(promptstr), "Password for %.1000s",
-		 princ_str);
+        snprintf(promptstr, sizeof(promptstr), "Password for %.1000s",
+                 princ_str);
         retval = krb5_read_password(context, promptstr, NULL, password.data,
-				    &password.length);
-	if (retval)
-	    goto cleanup;
-	retval = krb5_principal2salt(context, princ, &salt);
-	if (retval)
-	    goto cleanup;
-	retval = krb5_c_string_to_key(context, enctype, &password,
-				      &salt, &key);
-	if (retval)
-	    goto cleanup;
-	memset(password.data, 0, password.length);
-	password.length = 0;
-	lp->entry->key = key;
+                                    &password.length);
+        if (retval)
+            goto cleanup;
+        retval = krb5_principal2salt(context, princ, &salt);
+        if (retval)
+            goto cleanup;
+        retval = krb5_c_string_to_key(context, enctype, &password,
+                                      &salt, &key);
+        if (retval)
+            goto cleanup;
+        memset(password.data, 0, password.length);
+        password.length = 0;
+        lp->entry->key = key;
     } else {
         printf("Key for %s (hex): ", princ_str);
-	fgets(buf, BUFSIZ, stdin);
-	/*
-	 * We need to get rid of the trailing '\n' from fgets.
-	 * If we have an even number of hex digits (as we should),
-	 * write a '\0' over the '\n'.  If for some reason we have
-	 * an odd number of hex digits, force an even number of hex
-	 * digits by writing a '0' into the last position (the string
-	 * will still be null-terminated).
-	 */
-	buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0';
-	if (strlen(buf) == 0) {
-	    fprintf(stderr, "addent: Error reading key.\n");
-	    retval = 0;
-	    goto cleanup;
-	}
-	
+        fgets(buf, BUFSIZ, stdin);
+        /*
+         * We need to get rid of the trailing '\n' from fgets.
+         * If we have an even number of hex digits (as we should),
+         * write a '\0' over the '\n'.  If for some reason we have
+         * an odd number of hex digits, force an even number of hex
+         * digits by writing a '0' into the last position (the string
+         * will still be null-terminated).
+         */
+        buf[strlen(buf) - 1] = strlen(buf) % 2 ? '\0' : '0';
+        if (strlen(buf) == 0) {
+            fprintf(stderr, "addent: Error reading key.\n");
+            retval = 0;
+            goto cleanup;
+        }
+
         lp->entry->key.enctype = enctype;
-	lp->entry->key.contents = (krb5_octet *) malloc((strlen(buf) + 1) / 2);
-	if (!lp->entry->key.contents) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
+        lp->entry->key.contents = (krb5_octet *) malloc((strlen(buf) + 1) / 2);
+        if (!lp->entry->key.contents) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
 
-	i = 0;
-	for (cp = buf; *cp; cp += 2) {
-	    if (!isxdigit((int) cp[0]) || !isxdigit((int) cp[1])) {
-	        fprintf(stderr, "addent: Illegal character in key.\n");
-		retval = 0;
-		goto cleanup;
-	    }
-	    sscanf(cp, "%02x", &tmp);
-	    lp->entry->key.contents[i++] = (krb5_octet) tmp;
-	}
-	lp->entry->key.length = i;
+        i = 0;
+        for (cp = buf; *cp; cp += 2) {
+            if (!isxdigit((int) cp[0]) || !isxdigit((int) cp[1])) {
+                fprintf(stderr, "addent: Illegal character in key.\n");
+                retval = 0;
+                goto cleanup;
+            }
+            sscanf(cp, "%02x", &tmp);
+            lp->entry->key.contents[i++] = (krb5_octet) tmp;
+        }
+        lp->entry->key.length = i;
     }
     lp->entry->principal = princ;
     lp->entry->vno = kvno;
     lp->entry->timestamp = now;
 
     if (!*list)
-	*list = lp;
+        *list = lp;
 
     return 0;
 
- cleanup:
+cleanup:
     if (prev)
         prev->next = NULL;
     ktutil_free_kt_list(context, lp);
@@ -242,62 +243,62 @@ krb5_error_code ktutil_read_keytab(context, name, list)
     krb5_error_code retval = 0;
 
     if (*list) {
-	/* point lp at the tail of the list */
-	for (lp = *list; lp->next; lp = lp->next);
-	back = lp;
+        /* point lp at the tail of the list */
+        for (lp = *list; lp->next; lp = lp->next);
+        back = lp;
     }
     retval = krb5_kt_resolve(context, name, &kt);
     if (retval)
-	return retval;
+        return retval;
     retval = krb5_kt_start_seq_get(context, kt, &cursor);
     if (retval)
-	goto close_kt;
+        goto close_kt;
     for (;;) {
-	entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry));
-	if (!entry) {
-	    retval = ENOMEM;
-	    break;
-	}
-	memset(entry, 0, sizeof (*entry));
-	retval = krb5_kt_next_entry(context, kt, entry, &cursor);
-	if (retval)
-	    break;
+        entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry));
+        if (!entry) {
+            retval = ENOMEM;
+            break;
+        }
+        memset(entry, 0, sizeof (*entry));
+        retval = krb5_kt_next_entry(context, kt, entry, &cursor);
+        if (retval)
+            break;
 
-	if (!lp) {		/* if list is empty, start one */
-	    lp = (krb5_kt_list)malloc(sizeof (*lp));
-	    if (!lp) {
-		retval = ENOMEM;
-		break;
-	    }
-	} else {
-	    lp->next = (krb5_kt_list)malloc(sizeof (*lp));
-	    if (!lp->next) {
-		retval = ENOMEM;
-		break;
-	    }
-	    lp = lp->next;
-	}
-	if (!tail)
-	    tail = lp;
-	lp->next = NULL;
-	lp->entry = entry;
+        if (!lp) {              /* if list is empty, start one */
+            lp = (krb5_kt_list)malloc(sizeof (*lp));
+            if (!lp) {
+                retval = ENOMEM;
+                break;
+            }
+        } else {
+            lp->next = (krb5_kt_list)malloc(sizeof (*lp));
+            if (!lp->next) {
+                retval = ENOMEM;
+                break;
+            }
+            lp = lp->next;
+        }
+        if (!tail)
+            tail = lp;
+        lp->next = NULL;
+        lp->entry = entry;
     }
     if (entry)
-	free(entry);
+        free(entry);
     if (retval) {
-	if (retval == KRB5_KT_END)
-	    retval = 0;
-	else {
-	    ktutil_free_kt_list(context, tail);
-	    tail = NULL;
-	    if (back)
-		back->next = NULL;
-	}
+        if (retval == KRB5_KT_END)
+            retval = 0;
+        else {
+            ktutil_free_kt_list(context, tail);
+            tail = NULL;
+            if (back)
+                back->next = NULL;
+        }
     }
     if (!*list)
-	*list = tail;
+        *list = tail;
     krb5_kt_end_seq_get(context, kt, &cursor);
- close_kt:
+close_kt:
     krb5_kt_close(context, kt);
     return retval;
 }
@@ -318,14 +319,14 @@ krb5_error_code ktutil_write_keytab(context, list, name)
 
     result = snprintf(ktname, sizeof(ktname), "WRFILE:%s", name);
     if (SNPRINTF_OVERFLOW(result, sizeof(ktname)))
-	return ENAMETOOLONG;
+        return ENAMETOOLONG;
     retval = krb5_kt_resolve(context, ktname, &kt);
     if (retval)
-	return retval;
+        return retval;
     for (lp = list; lp; lp = lp->next) {
-	retval = krb5_kt_add_entry(context, kt, lp->entry);
-	if (retval)
-	    break;
+        retval = krb5_kt_add_entry(context, kt, lp->entry);
+        if (retval)
+            break;
     }
     krb5_kt_close(context, kt);
     return retval;
@@ -344,7 +345,7 @@ krb5_error_code ktutil_read_srvtab(context, name, list)
     krb5_error_code result;
 
     if (asprintf(&ktname, "SRVTAB:%s", name) < 0)
-	return ENOMEM;
+        return ENOMEM;
     result = ktutil_read_keytab(context, ktname, list);
     free(ktname);
     return result;
diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c
index 68d8af497..9b556e925 100644
--- a/src/kadmin/server/kadm_rpc_svc.c
+++ b/src/kadmin/server/kadm_rpc_svc.c
@@ -28,7 +28,7 @@ static int check_rpcsec_auth(struct svc_req *);
 
 /*
  * Function: kadm_1
- * 
+ *
  * Purpose: RPC proccessing procedure.
  *	    originally generated from rpcgen
  *
@@ -79,36 +79,36 @@ void kadm_1(rqstp, transp)
 	  svcerr_weakauth(transp);
 	  return;
      }
-     
+
      switch (rqstp->rq_proc) {
      case NULLPROC:
 	  (void) svc_sendreply(transp, xdr_void, (char *)NULL);
 	  return;
-	  
+
      case CREATE_PRINCIPAL:
 	  xdr_argument = xdr_cprinc_arg;
 	  xdr_result = xdr_generic_ret;
 	  local = (char *(*)()) create_principal_2_svc;
 	  break;
-	  
+
      case DELETE_PRINCIPAL:
 	  xdr_argument = xdr_dprinc_arg;
 	  xdr_result = xdr_generic_ret;
 	  local = (char *(*)()) delete_principal_2_svc;
 	  break;
-	  
+
      case MODIFY_PRINCIPAL:
 	  xdr_argument = xdr_mprinc_arg;
 	  xdr_result = xdr_generic_ret;
 	  local = (char *(*)()) modify_principal_2_svc;
 	  break;
-	  
+
      case RENAME_PRINCIPAL:
 	  xdr_argument = xdr_rprinc_arg;
 	  xdr_result = xdr_generic_ret;
 	  local = (char *(*)()) rename_principal_2_svc;
 	  break;
-	  
+
      case GET_PRINCIPAL:
 	  xdr_argument = xdr_gprinc_arg;
 	  xdr_result = xdr_gprinc_ret;
@@ -120,7 +120,7 @@ void kadm_1(rqstp, transp)
 	  xdr_result = xdr_gprincs_ret;
 	  local = (char *(*)()) get_princs_2_svc;
 	  break;
-	  
+
      case CHPASS_PRINCIPAL:
 	  xdr_argument = xdr_chpass_arg;
 	  xdr_result = xdr_generic_ret;
@@ -138,31 +138,31 @@ void kadm_1(rqstp, transp)
 	  xdr_result = xdr_generic_ret;
 	  local = (char *(*)()) setkey_principal_2_svc;
 	  break;
-	  
+
      case CHRAND_PRINCIPAL:
 	  xdr_argument = xdr_chrand_arg;
 	  xdr_result = xdr_chrand_ret;
 	  local = (char *(*)()) chrand_principal_2_svc;
 	  break;
-	  
+
      case CREATE_POLICY:
 	  xdr_argument = xdr_cpol_arg;
 	  xdr_result = xdr_generic_ret;
 	  local = (char *(*)()) create_policy_2_svc;
 	  break;
-	  
+
      case DELETE_POLICY:
 	  xdr_argument = xdr_dpol_arg;
 	  xdr_result = xdr_generic_ret;
 	  local = (char *(*)()) delete_policy_2_svc;
 	  break;
-	  
+
      case MODIFY_POLICY:
 	  xdr_argument = xdr_mpol_arg;
 	  xdr_result = xdr_generic_ret;
 	  local = (char *(*)()) modify_policy_2_svc;
 	  break;
-	  
+
      case GET_POLICY:
 	  xdr_argument = xdr_gpol_arg;
 	  xdr_result = xdr_gpol_ret;
@@ -174,7 +174,7 @@ void kadm_1(rqstp, transp)
 	  xdr_result = xdr_gpols_ret;
 	  local = (char *(*)()) get_pols_2_svc;
 	  break;
-	  
+
      case GET_PRIVS:
 	  xdr_argument = xdr_u_int32;
 	  xdr_result = xdr_getprivs_ret;
diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
index 1725fbf7d..375fbd151 100644
--- a/src/kadmin/server/misc.c
+++ b/src/kadmin/server/misc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -11,109 +12,109 @@
 
 /*
  * Function: chpass_principal_wrapper_3
- * 
+ *
  * Purpose: wrapper to kadm5_chpass_principal that checks to see if
- *	    pw_min_life has been reached. if not it returns an error.
- *	    otherwise it calls kadm5_chpass_principal
+ *          pw_min_life has been reached. if not it returns an error.
+ *          otherwise it calls kadm5_chpass_principal
  *
  * Arguments:
- *	principal	(input) krb5_principals whose password we are
- *				changing
- *	keepold 	(input) whether to preserve old keys
- *	n_ks_tuple	(input) the number of key-salt tuples in ks_tuple
- *	ks_tuple	(input) array of tuples indicating the caller's
- *				requested enctypes/salttypes
- *	password	(input) password we are going to change to.
- * 	<return value>	0 on success error code on failure.
+ *      principal       (input) krb5_principals whose password we are
+ *                              changing
+ *      keepold         (input) whether to preserve old keys
+ *      n_ks_tuple      (input) the number of key-salt tuples in ks_tuple
+ *      ks_tuple        (input) array of tuples indicating the caller's
+ *                              requested enctypes/salttypes
+ *      password        (input) password we are going to change to.
+ *      <return value>  0 on success error code on failure.
  *
  * Requires:
- *	kadm5_init to have been run.
- * 
+ *      kadm5_init to have been run.
+ *
  * Effects:
- *	calls kadm5_chpass_principal which changes the kdb and the
- *	the admin db.
+ *      calls kadm5_chpass_principal which changes the kdb and the
+ *      the admin db.
  *
  */
 kadm5_ret_t
 chpass_principal_wrapper_3(void *server_handle,
-			   krb5_principal principal,
-			   krb5_boolean keepold,
-			   int n_ks_tuple,
-			   krb5_key_salt_tuple *ks_tuple,
-			   char *password)
+                           krb5_principal principal,
+                           krb5_boolean keepold,
+                           int n_ks_tuple,
+                           krb5_key_salt_tuple *ks_tuple,
+                           char *password)
 {
-    kadm5_ret_t			ret;
+    kadm5_ret_t                 ret;
 
     ret = check_min_life(server_handle, principal, NULL, 0);
     if (ret)
-	 return ret;
+        return ret;
 
     return kadm5_chpass_principal_3(server_handle, principal,
-				    keepold, n_ks_tuple, ks_tuple,
-				    password);
+                                    keepold, n_ks_tuple, ks_tuple,
+                                    password);
 }
 
 
 /*
  * Function: randkey_principal_wrapper_3
- * 
+ *
  * Purpose: wrapper to kadm5_randkey_principal which checks the
- *	    password's min. life.
+ *          password's min. life.
  *
  * Arguments:
- *	principal	    (input) krb5_principal whose password we are
- *				    changing
- *	keepold 	(input) whether to preserve old keys
- *	n_ks_tuple	(input) the number of key-salt tuples in ks_tuple
- *	ks_tuple	(input) array of tuples indicating the caller's
- *				requested enctypes/salttypes
- *	key		    (output) new random key
- * 	<return value>	    0, error code on error.
+ *      principal           (input) krb5_principal whose password we are
+ *                                  changing
+ *      keepold         (input) whether to preserve old keys
+ *      n_ks_tuple      (input) the number of key-salt tuples in ks_tuple
+ *      ks_tuple        (input) array of tuples indicating the caller's
+ *                              requested enctypes/salttypes
+ *      key                 (output) new random key
+ *      <return value>      0, error code on error.
  *
  * Requires:
- *	kadm5_init	 needs to be run
- * 
+ *      kadm5_init       needs to be run
+ *
  * Effects:
- *	calls kadm5_randkey_principal
+ *      calls kadm5_randkey_principal
  *
  */
 kadm5_ret_t
 randkey_principal_wrapper_3(void *server_handle,
-			    krb5_principal principal,
-			    krb5_boolean keepold,
-			    int n_ks_tuple,
-			    krb5_key_salt_tuple *ks_tuple,
-			    krb5_keyblock **keys, int *n_keys)
+                            krb5_principal principal,
+                            krb5_boolean keepold,
+                            int n_ks_tuple,
+                            krb5_key_salt_tuple *ks_tuple,
+                            krb5_keyblock **keys, int *n_keys)
 {
-    kadm5_ret_t			ret;
+    kadm5_ret_t                 ret;
 
     ret = check_min_life(server_handle, principal, NULL, 0);
     if (ret)
-	 return ret;
+        return ret;
     return kadm5_randkey_principal_3(server_handle, principal,
-				     keepold, n_ks_tuple, ks_tuple,
-				     keys, n_keys);
+                                     keepold, n_ks_tuple, ks_tuple,
+                                     keys, n_keys);
 }
 
 kadm5_ret_t
 schpw_util_wrapper(void *server_handle,
-		   krb5_principal client,
-		   krb5_principal target,
-		   krb5_boolean initial_flag,
-		   char *new_pw, char **ret_pw,
-		   char *msg_ret, unsigned int msg_len)
+                   krb5_principal client,
+                   krb5_principal target,
+                   krb5_boolean initial_flag,
+                   char *new_pw, char **ret_pw,
+                   char *msg_ret, unsigned int msg_len)
 {
-    kadm5_ret_t			ret;
-    kadm5_server_handle_t	handle = server_handle;
-    krb5_boolean		access_granted;
-    krb5_boolean		self;
+    kadm5_ret_t                 ret;
+    kadm5_server_handle_t       handle = server_handle;
+    krb5_boolean                access_granted;
+    krb5_boolean                self;
 
     /*
      * If no target is explicitly provided, then the target principal
      * is the client principal.
      */
     if (target == NULL)
-	target = client;
+        target = client;
 
     /*
      * A principal can always change its own password, as long as it
@@ -122,32 +123,32 @@ schpw_util_wrapper(void *server_handle,
      */
     self = krb5_principal_compare(handle->context, client, target);
     if (self) {
-	ret = check_min_life(server_handle, target, msg_ret, msg_len);
-	if (ret != 0)
-	    return ret;
+        ret = check_min_life(server_handle, target, msg_ret, msg_len);
+        if (ret != 0)
+            return ret;
 
-	access_granted = initial_flag;
+        access_granted = initial_flag;
     } else
-	access_granted = FALSE;
+        access_granted = FALSE;
 
     if (!access_granted &&
-	kadm5int_acl_check_krb(handle->context, client,
-			       ACL_CHANGEPW, target, NULL)) {
-	/*
-	 * Otherwise, principals with appropriate privileges can change
-	 * any password
-	 */
-	access_granted = TRUE;
+        kadm5int_acl_check_krb(handle->context, client,
+                               ACL_CHANGEPW, target, NULL)) {
+        /*
+         * Otherwise, principals with appropriate privileges can change
+         * any password
+         */
+        access_granted = TRUE;
     }
 
     if (access_granted) {
-	ret = kadm5_chpass_principal_util(server_handle,
-					  target,
-					  new_pw, ret_pw,
-					  msg_ret, msg_len);
+        ret = kadm5_chpass_principal_util(server_handle,
+                                          target,
+                                          new_pw, ret_pw,
+                                          msg_ret, msg_len);
     } else {
-	ret = KADM5_AUTH_CHANGEPW;
-	strlcpy(msg_ret, "Unauthorized request", msg_len);
+        ret = KADM5_AUTH_CHANGEPW;
+        strlcpy(msg_ret, "Unauthorized request", msg_len);
     }
 
     return ret;
@@ -155,60 +156,60 @@ schpw_util_wrapper(void *server_handle,
 
 kadm5_ret_t
 check_min_life(void *server_handle, krb5_principal principal,
-	       char *msg_ret, unsigned int msg_len)
+               char *msg_ret, unsigned int msg_len)
 {
-    krb5_int32			now;
-    kadm5_ret_t			ret;
-    kadm5_policy_ent_rec	pol;
-    kadm5_principal_ent_rec	princ;
-    kadm5_server_handle_t	handle = server_handle;
+    krb5_int32                  now;
+    kadm5_ret_t                 ret;
+    kadm5_policy_ent_rec        pol;
+    kadm5_principal_ent_rec     princ;
+    kadm5_server_handle_t       handle = server_handle;
 
     if (msg_ret != NULL)
-	*msg_ret = '\0';
+        *msg_ret = '\0';
 
     ret = krb5_timeofday(handle->context, &now);
     if (ret)
-	return ret;
+        return ret;
 
-    ret = kadm5_get_principal(handle->lhandle, principal, 
-			      &princ, KADM5_PRINCIPAL_NORMAL_MASK);
-    if(ret) 
-	 return ret;
+    ret = kadm5_get_principal(handle->lhandle, principal,
+                              &princ, KADM5_PRINCIPAL_NORMAL_MASK);
+    if(ret)
+        return ret;
     if(princ.aux_attributes & KADM5_POLICY) {
-	if((ret=kadm5_get_policy(handle->lhandle,
-				 princ.policy, &pol)) != KADM5_OK) {
-	    (void) kadm5_free_principal_ent(handle->lhandle, &princ);
-	    return ret;
-	}
-	if((now - princ.last_pwd_change) < pol.pw_min_life &&
-	   !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
-	    if (msg_ret != NULL) {
-		time_t until;
-		char *time_string, *ptr, *errstr;
-
-		until = princ.last_pwd_change + pol.pw_min_life;
-
-		time_string = ctime(&until);
-		errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
-
-		if (strlen(errstr) + strlen(time_string) >= msg_len) {
-		    *errstr = '\0';
-		} else {
-		    if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
-			*ptr = '\0';
-		    snprintf(msg_ret, msg_len, errstr, time_string);
-		}
-	    }
-
-	    (void) kadm5_free_policy_ent(handle->lhandle, &pol);
-	    (void) kadm5_free_principal_ent(handle->lhandle, &princ);
-	    return KADM5_PASS_TOOSOON;
-	}
-
-	ret = kadm5_free_policy_ent(handle->lhandle, &pol);
-	if (ret) {
-	    (void) kadm5_free_principal_ent(handle->lhandle, &princ);
-	    return ret;
+        if((ret=kadm5_get_policy(handle->lhandle,
+                                 princ.policy, &pol)) != KADM5_OK) {
+            (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+            return ret;
+        }
+        if((now - princ.last_pwd_change) < pol.pw_min_life &&
+           !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+            if (msg_ret != NULL) {
+                time_t until;
+                char *time_string, *ptr, *errstr;
+
+                until = princ.last_pwd_change + pol.pw_min_life;
+
+                time_string = ctime(&until);
+                errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
+
+                if (strlen(errstr) + strlen(time_string) >= msg_len) {
+                    *errstr = '\0';
+                } else {
+                    if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+                        *ptr = '\0';
+                    snprintf(msg_ret, msg_len, errstr, time_string);
+                }
+            }
+
+            (void) kadm5_free_policy_ent(handle->lhandle, &pol);
+            (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+            return KADM5_PASS_TOOSOON;
+        }
+
+        ret = kadm5_free_policy_ent(handle->lhandle, &pol);
+        if (ret) {
+            (void) kadm5_free_principal_ent(handle->lhandle, &princ);
+            return ret;
         }
     }
 
diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h
index 073f6ff10..10e6054db 100644
--- a/src/kadmin/server/misc.h
+++ b/src/kadmin/server/misc.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -7,51 +8,51 @@
 #define _MISC_H 1
 
 typedef struct _krb5_fulladdr {
-    krb5_address *	address;
-    krb5_ui_4		port;
+    krb5_address *      address;
+    krb5_ui_4           port;
 } krb5_fulladdr;
 
 void
 log_badauth(OM_uint32 major, OM_uint32 minor,
-	    struct sockaddr_in *addr, char *data);
+            struct sockaddr_in *addr, char *data);
 
 int
 setup_gss_names(struct svc_req *, gss_buffer_desc *,
-		gss_buffer_desc *);
+                gss_buffer_desc *);
 
 
 kadm5_ret_t
 chpass_principal_wrapper_3(void *server_handle,
-			   krb5_principal principal,
-			   krb5_boolean keepold,
-			   int n_ks_tuple,
-			   krb5_key_salt_tuple *ks_tuple,
-			   char *password);
+                           krb5_principal principal,
+                           krb5_boolean keepold,
+                           int n_ks_tuple,
+                           krb5_key_salt_tuple *ks_tuple,
+                           char *password);
 
 kadm5_ret_t
 randkey_principal_wrapper_3(void *server_handle,
-			    krb5_principal principal,
-			    krb5_boolean keepold,
-			    int n_ks_tuple,
-			    krb5_key_salt_tuple *ks_tuple,
-			    krb5_keyblock **keys, int *n_keys);
+                            krb5_principal principal,
+                            krb5_boolean keepold,
+                            int n_ks_tuple,
+                            krb5_key_salt_tuple *ks_tuple,
+                            krb5_keyblock **keys, int *n_keys);
 
 kadm5_ret_t
 schpw_util_wrapper(void *server_handle, krb5_principal client,
-		   krb5_principal target, krb5_boolean initial_flag,
-		   char *new_pw, char **ret_pw,
-		   char *msg_ret, unsigned int msg_len);
+                   krb5_principal target, krb5_boolean initial_flag,
+                   char *new_pw, char **ret_pw,
+                   char *msg_ret, unsigned int msg_len);
 
 kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
-			   char *msg_ret, unsigned int msg_len);
+                           char *msg_ret, unsigned int msg_len);
 
-krb5_error_code process_chpw_request(krb5_context context, 
-				     void *server_handle, 
-				     char *realm,
-				     krb5_keytab keytab, 
-				     krb5_fulladdr *local_faddr,
-				     krb5_fulladdr *remote_faddr,
-				     krb5_data *req, krb5_data *rep);
+krb5_error_code process_chpw_request(krb5_context context,
+                                     void *server_handle,
+                                     char *realm,
+                                     krb5_keytab keytab,
+                                     krb5_fulladdr *local_faddr,
+                                     krb5_fulladdr *remote_faddr,
+                                     krb5_data *req, krb5_data *rep);
 
 void kadm_1(struct svc_req *, SVCXPRT *);
 void krb5_iprop_prog_1(struct svc_req *, SVCXPRT *);
@@ -60,7 +61,7 @@ void trunc_name(size_t *len, char **dots);
 
 int
 gss_to_krb5_name_1(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name,
-		   krb5_principal *princ, gss_buffer_t gss_str);
+                   krb5_principal *princ, gss_buffer_t gss_str);
 
 
 extern volatile int signal_request_exit;
@@ -69,7 +70,7 @@ extern volatile int signal_request_hup;
 void reset_db(void);
 
 void log_badauth(OM_uint32 major, OM_uint32 minor,
-		 struct sockaddr_in *addr, char *data);
+                 struct sockaddr_in *addr, char *data);
 
 /* network.c */
 krb5_error_code setup_network(void *handle, const char *prog);
@@ -77,13 +78,13 @@ krb5_error_code listen_and_process(void *handle, const char *prog);
 krb5_error_code closedown_network(void *handle, const char *prog);
 
 
-void 
+void
 krb5_iprop_prog_1(struct svc_req *rqstp, SVCXPRT *transp);
 
-kadm5_ret_t 
+kadm5_ret_t
 kiprop_get_adm_host_srv_name(krb5_context,
-			     const char *,
-			     char **);
+                             const char *,
+                             char **);
 
 
 #endif /* _MISC_H */
diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c
index df3f01cf0..5dd7f2e02 100644
--- a/src/kadmin/server/network.c
+++ b/src/kadmin/server/network.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/server/network.c
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Network code for Kerberos v5 kadmin server (based on KDC code).
  */
@@ -61,7 +62,7 @@
 #endif
 
 #ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>		/* FIONBIO */
+#include <sys/filio.h>          /* FIONBIO */
 #endif
 
 #include "fake-addrinfo.h"
@@ -75,15 +76,15 @@ set_sa_port(struct sockaddr *addr, int port)
 {
     switch (addr->sa_family) {
     case AF_INET:
-	sa2sin(addr)->sin_port = port;
-	break;
+        sa2sin(addr)->sin_port = port;
+        break;
 #ifdef KRB5_USE_INET6
     case AF_INET6:
-	sa2sin6(addr)->sin6_port = port;
-	break;
+        sa2sin6(addr)->sin6_port = port;
+        break;
 #endif
     default:
-	break;
+        break;
     }
 }
 
@@ -92,13 +93,13 @@ static int ipv6_enabled()
 #ifdef KRB5_USE_INET6
     static int result = -1;
     if (result == -1) {
-	int s;
-	s = socket(AF_INET6, SOCK_STREAM, 0);
-	if (s >= 0) {
-	    result = 1;
-	    close(s);
-	} else
-	    result = 0;
+        int s;
+        s = socket(AF_INET6, SOCK_STREAM, 0);
+        if (s >= 0) {
+            result = 1;
+            close(s);
+        } else
+            result = 0;
     }
     return result;
 #else
@@ -139,21 +140,21 @@ set_pktinfo(int sock, int family)
     switch (family) {
 #if defined(IP_PKTINFO) && defined(HAVE_STRUCT_IN_PKTINFO)
     case AF_INET:
-	proto = IPPROTO_IP;
-	option = IP_RECVPKTINFO;
-	break;
+        proto = IPPROTO_IP;
+        option = IP_RECVPKTINFO;
+        break;
 #endif
 #if defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO)
     case AF_INET6:
-	proto = IPPROTO_IPV6;
-	option = IPV6_RECVPKTINFO;
-	break;
+        proto = IPPROTO_IPV6;
+        option = IPV6_RECVPKTINFO;
+        break;
 #endif
     default:
-	return EINVAL;
+        return EINVAL;
     }
     if (setsockopt(sock, proto, option, &sockopt, sizeof(sockopt)))
-	return errno;
+        return errno;
     return 0;
 }
 
@@ -163,17 +164,17 @@ static const char *paddr (struct sockaddr *sa)
     static char buf[100];
     char portbuf[10];
     if (getnameinfo(sa, socklen(sa),
-		    buf, sizeof(buf), portbuf, sizeof(portbuf),
-		    NI_NUMERICHOST|NI_NUMERICSERV))
-	strlcpy(buf, "<unprintable>", sizeof(buf));
+                    buf, sizeof(buf), portbuf, sizeof(portbuf),
+                    NI_NUMERICHOST|NI_NUMERICSERV))
+        strlcpy(buf, "<unprintable>", sizeof(buf));
     else {
-	unsigned int len = sizeof(buf) - strlen(buf);
-	char *p = buf + strlen(buf);
-	if (len > 2+strlen(portbuf)) {
-	    *p++ = '.';
-	    len--;
-	    strncpy(p, portbuf, len);
-	}
+        unsigned int len = sizeof(buf) - strlen(buf);
+        char *p = buf + strlen(buf);
+        if (len > 2+strlen(portbuf)) {
+            *p++ = '.';
+            len--;
+            strncpy(p, portbuf, len);
+        }
     }
     return buf;
 }
@@ -192,31 +193,31 @@ struct connection {
     enum conn_type type;
     void (*service)(void *handle, struct connection *, const char *, int);
     union {
-	/* Type-specific information.  */
-	struct {
-	    /* connection */
-	    struct sockaddr_storage addr_s;
-	    socklen_t addrlen;
-	    char addrbuf[56];
-	    krb5_fulladdr faddr;
-	    krb5_address kaddr;
-	    /* incoming */
-	    size_t bufsiz;
-	    size_t offset;
-	    char *buffer;
-	    size_t msglen;
-	    /* outgoing */
-	    krb5_data *response;
-	    unsigned char lenbuf[4];
-	    sg_buf sgbuf[2];
-	    sg_buf *sgp;
-	    int sgnum;
-	    /* crude denial-of-service avoidance support */
-	    time_t start_time;
-	} tcp;
-	struct {
-	    SVCXPRT *transp;
-	} rpc;
+        /* Type-specific information.  */
+        struct {
+            /* connection */
+            struct sockaddr_storage addr_s;
+            socklen_t addrlen;
+            char addrbuf[56];
+            krb5_fulladdr faddr;
+            krb5_address kaddr;
+            /* incoming */
+            size_t bufsiz;
+            size_t offset;
+            char *buffer;
+            size_t msglen;
+            /* outgoing */
+            krb5_data *response;
+            unsigned char lenbuf[4];
+            sg_buf sgbuf[2];
+            sg_buf *sgp;
+            int sgnum;
+            /* crude denial-of-service avoidance support */
+            time_t start_time;
+        } tcp;
+        struct {
+            SVCXPRT *transp;
+        } rpc;
     } u;
 };
 
@@ -226,47 +227,47 @@ struct connection {
 /* Start at the top and work down -- this should allow for deletions
    without disrupting the iteration, since we delete by overwriting
    the element to be removed with the last element.  */
-#define FOREACH_ELT(set,idx,vvar) \
-  for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--)
-
-#define GROW_SET(set, incr, tmpptr) \
-  (((int)(set.max + incr) < set.max					\
-    || (((size_t)((int)(set.max + incr) * sizeof(set.data[0]))		\
-	 / sizeof(set.data[0]))						\
-	!= (set.max + incr)))						\
-   ? 0				/* overflow */				\
-   : ((tmpptr = realloc(set.data,					\
-			(int)(set.max + incr) * sizeof(set.data[0])))	\
-      ? (set.data = tmpptr, set.max += incr, 1)				\
-      : 0))
+#define FOREACH_ELT(set,idx,vvar)                                       \
+    for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--)
+
+#define GROW_SET(set, incr, tmpptr)                                     \
+    (((int)(set.max + incr) < set.max                                   \
+      || (((size_t)((int)(set.max + incr) * sizeof(set.data[0]))        \
+           / sizeof(set.data[0]))                                       \
+          != (set.max + incr)))                                         \
+     ? 0                          /* overflow */                        \
+     : ((tmpptr = realloc(set.data,                                     \
+                          (int)(set.max + incr) * sizeof(set.data[0]))) \
+        ? (set.data = tmpptr, set.max += incr, 1)                       \
+        : 0))
 
 /* 1 = success, 0 = failure */
-#define ADD(set, val, tmpptr) \
-  ((set.n < set.max || GROW_SET(set, 10, tmpptr))			\
-   ? (set.data[set.n++] = val, 1)					\
-   : 0)
+#define ADD(set, val, tmpptr)                           \
+    ((set.n < set.max || GROW_SET(set, 10, tmpptr))     \
+     ? (set.data[set.n++] = val, 1)                     \
+     : 0)
 
-#define DEL(set, idx) \
-  (set.data[idx] = set.data[--set.n], 0)
+#define DEL(set, idx)                           \
+    (set.data[idx] = set.data[--set.n], 0)
 
-#define FREE_SET_DATA(set) \
-  (free(set.data), set.data = 0, set.max = 0, set.n = 0)
+#define FREE_SET_DATA(set)                                      \
+    (free(set.data), set.data = 0, set.max = 0, set.n = 0)
 
 
 /* Set<struct connection *> connections; */
 static SET(struct connection *) connections;
-#define n_sockets	connections.n
-#define conns		connections.data
+#define n_sockets       connections.n
+#define conns           connections.data
 
 /* Set<u_short> udp_port_data, tcp_port_data; */
 static SET(u_short) udp_port_data, tcp_port_data;
 
-struct rpc_svc_data {
-    u_short port;
-    u_long prognum;
-    u_long versnum;
-    void (*dispatch)();
-};
+                    struct rpc_svc_data {
+                        u_short port;
+                        u_long prognum;
+                        u_long versnum;
+                        void (*dispatch)();
+                    };
 
 static SET(struct rpc_svc_data) rpc_svc_data;
 
@@ -277,60 +278,60 @@ static fd_set rpc_listenfds;
 
 static krb5_error_code add_udp_port(int port)
 {
-    int	i;
+    int i;
     void *tmp;
     u_short val;
     u_short s_port = port;
 
     if (s_port != port)
-	return EINVAL;
+        return EINVAL;
 
     FOREACH_ELT (udp_port_data, i, val)
-	if (s_port == val)
-	    return 0;
+        if (s_port == val)
+            return 0;
     if (!ADD(udp_port_data, s_port, tmp))
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
 
 static krb5_error_code add_tcp_port(int port)
 {
-    int	i;
+    int i;
     void *tmp;
     u_short val;
     u_short s_port = port;
 
     if (s_port != port)
-	return EINVAL;
+        return EINVAL;
 
     FOREACH_ELT (tcp_port_data, i, val)
-	if (s_port == val)
-	    return 0;
+        if (s_port == val)
+            return 0;
     if (!ADD(tcp_port_data, s_port, tmp))
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
 
 static krb5_error_code add_rpc_service(int port, u_long prognum, u_long versnum,
-				       void (*dispatch)())
+                                       void (*dispatch)())
 {
-    int	i;
+    int i;
     void *tmp;
     struct rpc_svc_data svc, val;
 
     svc.port = port;
     if (svc.port != port)
-	return EINVAL;
+        return EINVAL;
     svc.prognum = prognum;
     svc.versnum = versnum;
     svc.dispatch = dispatch;
 
     FOREACH_ELT (rpc_svc_data, i, val) {
-	if (val.port == port)
-	    return 0;
+        if (val.port == port)
+            return 0;
     }
     if (!ADD(rpc_svc_data, svc, tmp))
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
 
@@ -351,31 +352,31 @@ struct socksetup {
 
 static struct connection *
 add_fd (struct socksetup *data, int sock, enum conn_type conntype,
-	void (*service)(void *handle, struct connection *, const char *, int))
+        void (*service)(void *handle, struct connection *, const char *, int))
 {
     struct connection *newconn;
     void *tmp;
 
 #ifndef _WIN32
     if (sock >= FD_SETSIZE) {
-	data->retval = EMFILE;	/* XXX */
-	com_err(data->prog, 0,
-		"file descriptor number %d too high", sock);
-	return 0;
+        data->retval = EMFILE;  /* XXX */
+        com_err(data->prog, 0,
+                "file descriptor number %d too high", sock);
+        return 0;
     }
 #endif
     newconn = (struct connection *)malloc(sizeof(*newconn));
     if (newconn == NULL) {
-	data->retval = ENOMEM;
-	com_err(data->prog, ENOMEM,
-		"cannot allocate storage for connection info");
-	return 0;
+        data->retval = ENOMEM;
+        com_err(data->prog, ENOMEM,
+                "cannot allocate storage for connection info");
+        return 0;
     }
     if (!ADD(connections, newconn, tmp)) {
-	data->retval = ENOMEM;
-	com_err(data->prog, ENOMEM, "cannot save socket info");
-	free(newconn);
-	return 0;
+        data->retval = ENOMEM;
+        com_err(data->prog, ENOMEM, "cannot save socket info");
+        free(newconn);
+        return 0;
     }
 
     memset(newconn, 0, sizeof(*newconn));
@@ -395,7 +396,7 @@ static struct connection *
 add_udp_fd (struct socksetup *data, int sock, int pktinfo)
 {
     return add_fd(data, sock, pktinfo ? CONN_UDP_PKTINFO : CONN_UDP,
-		  process_packet);
+                  process_packet);
 }
 
 static struct connection *
@@ -417,10 +418,10 @@ delete_fd (struct connection *xconn)
     int i;
 
     FOREACH_ELT(connections, i, conn)
-	if (conn == xconn) {
-	    DEL(connections, i);
-	    break;
-	}
+        if (conn == xconn) {
+            DEL(connections, i);
+            break;
+        }
     free(xconn);
 }
 
@@ -431,22 +432,22 @@ add_rpc_listener_fd (struct socksetup *data, struct rpc_svc_data *svc, int sock)
 
     conn = add_fd(data, sock, CONN_RPC_LISTENER, accept_rpc_connection);
     if (conn == NULL)
-	return NULL;
+        return NULL;
 
     conn->u.rpc.transp = svctcp_create(sock, 0, 0);
     if (conn->u.rpc.transp == NULL) {
-	krb5_klog_syslog(LOG_ERR, "Cannot create RPC service: %s; continuing",
-			 strerror(errno));
-	delete_fd(conn);
-	return NULL;
+        krb5_klog_syslog(LOG_ERR, "Cannot create RPC service: %s; continuing",
+                         strerror(errno));
+        delete_fd(conn);
+        return NULL;
     }
 
     if (!svc_register(conn->u.rpc.transp, svc->prognum, svc->versnum,
-		      svc->dispatch, 0)) {
-	krb5_klog_syslog(LOG_ERR, "Cannot register RPC service: %s; continuing",
-			 strerror(errno));
-	delete_fd(conn);
-	return NULL;
+                      svc->dispatch, 0)) {
+        krb5_klog_syslog(LOG_ERR, "Cannot register RPC service: %s; continuing",
+                         strerror(errno));
+        delete_fd(conn);
+        return NULL;
     }
 
     return conn;
@@ -487,60 +488,60 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr)
 
     sock = socket(addr->sa_family, SOCK_STREAM, 0);
     if (sock == -1) {
-	com_err(data->prog, errno, "Cannot create TCP server socket on %s",
-		paddr(addr));
-	return -1;
+        com_err(data->prog, errno, "Cannot create TCP server socket on %s",
+                paddr(addr));
+        return -1;
     }
     set_cloexec_fd(sock);
 #ifndef _WIN32
     if (sock >= FD_SETSIZE) {
-	close(sock);
-	com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high",
-		sock, paddr(addr));
-	return -1;
+        close(sock);
+        com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high",
+                sock, paddr(addr));
+        return -1;
     }
 #endif
     if (setreuseaddr(sock, 1) < 0)
-	com_err(data->prog, errno,
-		"Cannot enable SO_REUSEADDR on fd %d", sock);
+        com_err(data->prog, errno,
+                "Cannot enable SO_REUSEADDR on fd %d", sock);
 #ifdef KRB5_USE_INET6
     if (addr->sa_family == AF_INET6) {
 #ifdef IPV6_V6ONLY
-	if (setv6only(sock, 1))
-	    com_err(data->prog, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed",
-		    sock);
-	else
-	    com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked",
-		    sock);
+        if (setv6only(sock, 1))
+            com_err(data->prog, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed",
+                    sock);
+        else
+            com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked",
+                    sock);
 #else
-	krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
+        krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
 #endif /* IPV6_V6ONLY */
     }
 #endif /* KRB5_USE_INET6 */
     if (bind(sock, addr, socklen(addr)) == -1) {
-	com_err(data->prog, errno,
-		"Cannot bind TCP server socket on %s", paddr(addr));
-	close(sock);
-	return -1;
+        com_err(data->prog, errno,
+                "Cannot bind TCP server socket on %s", paddr(addr));
+        close(sock);
+        return -1;
     }
     if (listen(sock, 5) < 0) {
-	com_err(data->prog, errno, "Cannot listen on TCP server socket on %s",
-		paddr(addr));
-	close(sock);
-	return -1;
+        com_err(data->prog, errno, "Cannot listen on TCP server socket on %s",
+                paddr(addr));
+        close(sock);
+        return -1;
     }
     if (setnbio(sock)) {
-	com_err(data->prog, errno,
-		"cannot set listening tcp socket on %s non-blocking",
-		paddr(addr));
-	close(sock);
-	return -1;
+        com_err(data->prog, errno,
+                "cannot set listening tcp socket on %s non-blocking",
+                paddr(addr));
+        close(sock);
+        return -1;
     }
     if (setnolinger(sock)) {
-	com_err(data->prog, errno, "disabling SO_LINGER on TCP socket on %s",
-		paddr(addr));
-	close(sock);
-	return -1;
+        com_err(data->prog, errno, "disabling SO_LINGER on TCP socket on %s",
+                paddr(addr));
+        close(sock);
+        return -1;
     }
     return sock;
 }
@@ -553,27 +554,27 @@ setup_a_rpc_listener(struct socksetup *data, struct sockaddr *addr)
 
     sock = socket(addr->sa_family, SOCK_STREAM, 0);
     if (sock == -1) {
-	com_err(data->prog, errno, "Cannot create RPC server socket on %s",
-		paddr(addr));
-	return -1;
+        com_err(data->prog, errno, "Cannot create RPC server socket on %s",
+                paddr(addr));
+        return -1;
     }
     set_cloexec_fd(sock);
 #ifndef _WIN32
     if (sock >= FD_SETSIZE) {
-	close(sock);
-	com_err(data->prog, 0, "RPC socket fd number %d (for %s) too high",
-		sock, paddr(addr));
-	return -1;
+        close(sock);
+        com_err(data->prog, 0, "RPC socket fd number %d (for %s) too high",
+                sock, paddr(addr));
+        return -1;
     }
 #endif
     if (setreuseaddr(sock, 1) < 0)
-	com_err(data->prog, errno,
-		"Cannot enable SO_REUSEADDR on fd %d", sock);
+        com_err(data->prog, errno,
+                "Cannot enable SO_REUSEADDR on fd %d", sock);
     if (bind(sock, addr, socklen(addr)) == -1) {
-	com_err(data->prog, errno,
-		"Cannot bind RPC server socket on %s", paddr(addr));
-	close(sock);
-	return -1;
+        com_err(data->prog, errno,
+                "Cannot bind RPC server socket on %s", paddr(addr));
+        close(sock);
+        return -1;
     }
     return sock;
 }
@@ -604,58 +605,58 @@ setup_tcp_listener_ports(struct socksetup *data)
 #endif
 
     FOREACH_ELT (tcp_port_data, i, port) {
-	int s4, s6;
-
-	set_sa_port((struct sockaddr *)&sin4, htons(port));
-	if (!ipv6_enabled()) {
-	    s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
-	    if (s4 < 0)
-		return -1;
-	    s6 = -1;
-	} else {
+        int s4, s6;
+
+        set_sa_port((struct sockaddr *)&sin4, htons(port));
+        if (!ipv6_enabled()) {
+            s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
+            if (s4 < 0)
+                return -1;
+            s6 = -1;
+        } else {
 #ifndef KRB5_USE_INET6
-	    abort();
+            abort();
 #else
-	    s4 = s6 = -1;
+            s4 = s6 = -1;
 
-	    set_sa_port((struct sockaddr *)&sin6, htons(port));
+            set_sa_port((struct sockaddr *)&sin6, htons(port));
 
-	    s6 = setup_a_tcp_listener(data, (struct sockaddr *)&sin6);
-	    if (s6 < 0)
-		return -1;
+            s6 = setup_a_tcp_listener(data, (struct sockaddr *)&sin6);
+            if (s6 < 0)
+                return -1;
 
-	    s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
+            s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
 #endif /* KRB5_USE_INET6 */
-	}
-
-	/* Sockets are created, prepare to listen on them.  */
-	if (s4 >= 0) {
-	    if (add_tcp_listener_fd(data, s4) == NULL)
-		close(s4);
-	    else {
-		FD_SET(s4, &sstate.rfds);
-		if (s4 >= sstate.max)
-		    sstate.max = s4 + 1;
-		krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
-				 s4, paddr((struct sockaddr *)&sin4));
-	    }
-	}
+        }
+
+        /* Sockets are created, prepare to listen on them.  */
+        if (s4 >= 0) {
+            if (add_tcp_listener_fd(data, s4) == NULL)
+                close(s4);
+            else {
+                FD_SET(s4, &sstate.rfds);
+                if (s4 >= sstate.max)
+                    sstate.max = s4 + 1;
+                krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
+                                 s4, paddr((struct sockaddr *)&sin4));
+            }
+        }
 #ifdef KRB5_USE_INET6
-	if (s6 >= 0) {
-	    if (add_tcp_listener_fd(data, s6) == NULL) {
-		close(s6);
-		s6 = -1;
-	    } else {
-		FD_SET(s6, &sstate.rfds);
-		if (s6 >= sstate.max)
-		    sstate.max = s6 + 1;
-		krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
-				 s6, paddr((struct sockaddr *)&sin6));
-	    }
-	    if (s4 < 0)
-		krb5_klog_syslog(LOG_INFO,
-				 "assuming IPv6 socket accepts IPv4");
-	}
+        if (s6 >= 0) {
+            if (add_tcp_listener_fd(data, s6) == NULL) {
+                close(s6);
+                s6 = -1;
+            } else {
+                FD_SET(s6, &sstate.rfds);
+                if (s6 >= sstate.max)
+                    sstate.max = s6 + 1;
+                krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
+                                 s6, paddr((struct sockaddr *)&sin6));
+            }
+            if (s4 < 0)
+                krb5_klog_syslog(LOG_INFO,
+                                 "assuming IPv6 socket accepts IPv4");
+        }
 #endif
     }
     return 0;
@@ -676,23 +677,23 @@ setup_rpc_listener_ports(struct socksetup *data)
     sin4.sin_addr.s_addr = INADDR_ANY;
 
     FOREACH_ELT (rpc_svc_data, i, svc) {
-	int s4;
-
-	set_sa_port((struct sockaddr *)&sin4, htons(svc.port));
-	s4 = setup_a_rpc_listener(data, (struct sockaddr *)&sin4);
-	if (s4 < 0)
-	    return -1;
-	else {
-	    if (add_rpc_listener_fd(data, &svc, s4) == NULL)
-		close(s4);
-	    else {
-		FD_SET(s4, &sstate.rfds);
-		if (s4 >= sstate.max)
-		    sstate.max = s4 + 1;
-		krb5_klog_syslog(LOG_INFO, "listening on fd %d: rpc %s",
-				 s4, paddr((struct sockaddr *)&sin4));
-	    }
-	}
+        int s4;
+
+        set_sa_port((struct sockaddr *)&sin4, htons(svc.port));
+        s4 = setup_a_rpc_listener(data, (struct sockaddr *)&sin4);
+        if (s4 < 0)
+            return -1;
+        else {
+            if (add_rpc_listener_fd(data, &svc, s4) == NULL)
+                close(s4);
+            else {
+                FD_SET(s4, &sstate.rfds);
+                if (s4 >= sstate.max)
+                    sstate.max = s4 + 1;
+                krb5_klog_syslog(LOG_INFO, "listening on fd %d: rpc %s",
+                                 s4, paddr((struct sockaddr *)&sin4));
+            }
+        }
     }
     FD_ZERO(&rpc_listenfds);
     rpc_listenfds = svc_fdset;
@@ -712,39 +713,39 @@ union pktinfo {
 
 static int
 setup_udp_port_1(struct socksetup *data, struct sockaddr *addr,
-		 char *haddrbuf, int pktinfo);
+                 char *haddrbuf, int pktinfo);
 
 static void
 setup_udp_pktinfo_ports(struct socksetup *data)
 {
 #ifdef IP_PKTINFO
     {
-	struct sockaddr_in sa;
-	int r;
+        struct sockaddr_in sa;
+        int r;
 
-	memset(&sa, 0, sizeof(sa));
-	sa.sin_family = AF_INET;
+        memset(&sa, 0, sizeof(sa));
+        sa.sin_family = AF_INET;
 #ifdef HAVE_SA_LEN
-	sa.sin_len = sizeof(sa);
+        sa.sin_len = sizeof(sa);
 #endif
-	r = setup_udp_port_1(data, (struct sockaddr *) &sa, "0.0.0.0", 4);
-	if (r == 0)
-	    data->udp_flags &= ~UDP_DO_IPV4;
+        r = setup_udp_port_1(data, (struct sockaddr *) &sa, "0.0.0.0", 4);
+        if (r == 0)
+            data->udp_flags &= ~UDP_DO_IPV4;
     }
 #endif
 #ifdef IPV6_PKTINFO
     {
-	struct sockaddr_in6 sa;
-	int r;
+        struct sockaddr_in6 sa;
+        int r;
 
-	memset(&sa, 0, sizeof(sa));
-	sa.sin6_family = AF_INET6;
+        memset(&sa, 0, sizeof(sa));
+        sa.sin6_family = AF_INET6;
 #ifdef HAVE_SA_LEN
-	sa.sin6_len = sizeof(sa);
+        sa.sin6_len = sizeof(sa);
 #endif
-	r = setup_udp_port_1(data, (struct sockaddr *) &sa, "::", 6);
-	if (r == 0)
-	    data->udp_flags &= ~UDP_DO_IPV6;
+        r = setup_udp_port_1(data, (struct sockaddr *) &sa, "::", 6);
+        if (r == 0)
+            data->udp_flags &= ~UDP_DO_IPV6;
     }
 #endif
 }
@@ -757,67 +758,67 @@ setup_udp_pktinfo_ports(struct socksetup *data)
 
 static int
 setup_udp_port_1(struct socksetup *data, struct sockaddr *addr,
-		 char *haddrbuf, int pktinfo)
+                 char *haddrbuf, int pktinfo)
 {
     int sock = -1, i, r;
     u_short port;
 
     FOREACH_ELT (udp_port_data, i, port) {
-	sock = socket (addr->sa_family, SOCK_DGRAM, 0);
-	if (sock == -1) {
-	    data->retval = errno;
-	    com_err(data->prog, data->retval,
-		    "Cannot create server socket for port %d address %s",
-		    port, haddrbuf);
-	    return 1;
-	}
-	set_cloexec_fd(sock);
+        sock = socket (addr->sa_family, SOCK_DGRAM, 0);
+        if (sock == -1) {
+            data->retval = errno;
+            com_err(data->prog, data->retval,
+                    "Cannot create server socket for port %d address %s",
+                    port, haddrbuf);
+            return 1;
+        }
+        set_cloexec_fd(sock);
 #ifdef KRB5_USE_INET6
-	if (addr->sa_family == AF_INET6) {
+        if (addr->sa_family == AF_INET6) {
 #ifdef IPV6_V6ONLY
-	    if (setv6only(sock, 1))
-		com_err(data->prog, errno,
-			"setsockopt(%d,IPV6_V6ONLY,1) failed", sock);
-	    else
-		com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked",
-			sock);
+            if (setv6only(sock, 1))
+                com_err(data->prog, errno,
+                        "setsockopt(%d,IPV6_V6ONLY,1) failed", sock);
+            else
+                com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked",
+                        sock);
 #else
-	    krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
+            krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
 #endif /* IPV6_V6ONLY */
-	}
+        }
 #endif
-	set_sa_port(addr, htons(port));
-	if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) {
-	    data->retval = errno;
-	    com_err(data->prog, data->retval,
-		    "Cannot bind server socket to port %d address %s",
-		    port, haddrbuf);
-	    close(sock);
-	    return 1;
-	}
+        set_sa_port(addr, htons(port));
+        if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) {
+            data->retval = errno;
+            com_err(data->prog, data->retval,
+                    "Cannot bind server socket to port %d address %s",
+                    port, haddrbuf);
+            close(sock);
+            return 1;
+        }
 #if !(defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) && (defined(IP_PKTINFO) || defined(IPV6_PKTINFO)))
-	assert(pktinfo == 0);
+        assert(pktinfo == 0);
 #endif
-	if (pktinfo) {
-	    r = set_pktinfo(sock, addr->sa_family);
-	    if (r) {
-		com_err(data->prog, r,
-			"Cannot request packet info for udp socket address %s port %d",
-			haddrbuf, port);
-		close(sock);
-		return 1;
-	    }
-	}
-	krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock,
-			  paddr((struct sockaddr *)addr),
-			  pktinfo ? " (pktinfo)" : "");
-	if (add_udp_fd (data, sock, pktinfo) == 0) {
-	    close(sock);
-	    return 1;
-	}
-	FD_SET (sock, &sstate.rfds);
-	if (sock >= sstate.max)
-	    sstate.max = sock + 1;
+        if (pktinfo) {
+            r = set_pktinfo(sock, addr->sa_family);
+            if (r) {
+                com_err(data->prog, r,
+                        "Cannot request packet info for udp socket address %s port %d",
+                        haddrbuf, port);
+                close(sock);
+                return 1;
+            }
+        }
+        krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock,
+                          paddr((struct sockaddr *)addr),
+                          pktinfo ? " (pktinfo)" : "");
+        if (add_udp_fd (data, sock, pktinfo) == 0) {
+            close(sock);
+            return 1;
+        }
+        FD_SET (sock, &sstate.rfds);
+        if (sock >= sstate.max)
+            sstate.max = sock + 1;
     }
     return 0;
 }
@@ -830,51 +831,51 @@ setup_udp_port(void *P_data, struct sockaddr *addr)
     int err;
 
     if (addr->sa_family == AF_INET && !(data->udp_flags & UDP_DO_IPV4))
-	return 0;
+        return 0;
 #ifdef AF_INET6
     if (addr->sa_family == AF_INET6 && !(data->udp_flags & UDP_DO_IPV6))
-	return 0;
+        return 0;
 #endif
     err = getnameinfo(addr, socklen(addr), haddrbuf, sizeof(haddrbuf),
-		      0, 0, NI_NUMERICHOST);
+                      0, 0, NI_NUMERICHOST);
     if (err)
-	strlcpy(haddrbuf, "<unprintable>", sizeof(haddrbuf));
+        strlcpy(haddrbuf, "<unprintable>", sizeof(haddrbuf));
 
     switch (addr->sa_family) {
     case AF_INET:
-	break;
+        break;
 #ifdef AF_INET6
     case AF_INET6:
 #ifdef KRB5_USE_INET6
-	break;
+        break;
 #else
-	{
-	    static int first = 1;
-	    if (first) {
-		krb5_klog_syslog (LOG_INFO, "skipping local ipv6 addresses");
-		first = 0;
-	    }
-	    return 0;
-	}
+        {
+            static int first = 1;
+            if (first) {
+                krb5_klog_syslog (LOG_INFO, "skipping local ipv6 addresses");
+                first = 0;
+            }
+            return 0;
+        }
 #endif
 #endif
 #ifdef AF_LINK /* some BSD systems, AIX */
     case AF_LINK:
-	return 0;
+        return 0;
 #endif
 #ifdef AF_DLI /* Direct Link Interface - DEC Ultrix/OSF1 link layer? */
     case AF_DLI:
-	return 0;
+        return 0;
 #endif
 #ifdef AF_APPLETALK
     case AF_APPLETALK:
-	return 0;
+        return 0;
 #endif
     default:
-	krb5_klog_syslog (LOG_INFO,
-			  "skipping unrecognized local address family %d",
-			  addr->sa_family);
-	return 0;
+        krb5_klog_syslog (LOG_INFO,
+                          "skipping unrecognized local address family %d",
+                          addr->sa_family);
+        return 0;
     }
     return setup_udp_port_1(data, addr, haddrbuf, 0);
 }
@@ -886,40 +887,40 @@ static void klog_handler(const void *data, size_t len)
     static int bufoffset;
     void *p;
 
-#define flush_buf() \
-  (bufoffset						\
-   ? (((buf[0] == 0 || buf[0] == '\n')			\
-       ? (fork()==0?abort():(void)0)			\
-       : (void)0),					\
-      krb5_klog_syslog(LOG_INFO, "%s", buf),		\
-      memset(buf, 0, sizeof(buf)),			\
-      bufoffset = 0)					\
-   : 0)
+#define flush_buf()                             \
+    (bufoffset                                  \
+     ? (((buf[0] == 0 || buf[0] == '\n')        \
+         ? (fork()==0?abort():(void)0)          \
+         : (void)0),                            \
+        krb5_klog_syslog(LOG_INFO, "%s", buf),  \
+        memset(buf, 0, sizeof(buf)),            \
+        bufoffset = 0)                          \
+     : 0)
 
     p = memchr(data, 0, len);
     if (p)
-	len = (const char *)p - (const char *)data;
+        len = (const char *)p - (const char *)data;
 scan_for_newlines:
     if (len == 0)
-	return;
+        return;
     p = memchr(data, '\n', len);
     if (p) {
-	if (p != data)
-	    klog_handler(data, (size_t)((const char *)p - (const char *)data));
-	flush_buf();
-	len -= ((const char *)p - (const char *)data) + 1;
-	data = 1 + (const char *)p;
-	goto scan_for_newlines;
+        if (p != data)
+            klog_handler(data, (size_t)((const char *)p - (const char *)data));
+        flush_buf();
+        len -= ((const char *)p - (const char *)data) + 1;
+        data = 1 + (const char *)p;
+        goto scan_for_newlines;
     } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) {
-	size_t x = sizeof(buf) - len - 1;
-	klog_handler(data, x);
-	flush_buf();
-	len -= x;
-	data = (const char *)data + x;
-	goto scan_for_newlines;
+        size_t x = sizeof(buf) - len - 1;
+        klog_handler(data, x);
+        flush_buf();
+        len -= x;
+        data = (const char *)data + x;
+        goto scan_for_newlines;
     } else {
-	memcpy(buf + bufoffset, data, len);
-	bufoffset += len;
+        memcpy(buf + bufoffset, data, len);
+        bufoffset += len;
     }
 }
 #endif
@@ -953,70 +954,70 @@ static char *rtm_type_name(int type)
 }
 
 static void process_routing_update(void *handle, struct connection *conn,
-				   const char *prog, int selflags)
+                                   const char *prog, int selflags)
 {
     int n_read;
     struct rt_msghdr rtm;
 
     krb5_klog_syslog(LOG_INFO, "routing socket readable");
     while ((n_read = read(conn->fd, &rtm, sizeof(rtm))) > 0) {
-	if (n_read < sizeof(rtm)) {
-	    /* Quick hack to figure out if the interesting
-	       fields are present in a short read.
+        if (n_read < sizeof(rtm)) {
+            /* Quick hack to figure out if the interesting
+               fields are present in a short read.
 
-	       A short read seems to be normal for some message types.
-	       Only complain if we don't have the critical initial
-	       header fields.  */
+               A short read seems to be normal for some message types.
+               Only complain if we don't have the critical initial
+               header fields.  */
 #define RS(FIELD) (offsetof(struct rt_msghdr, FIELD) + sizeof(rtm.FIELD))
-	    if (n_read < RS(rtm_type) ||
-		n_read < RS(rtm_version) ||
-		n_read < RS(rtm_msglen)) {
-		krb5_klog_syslog(LOG_ERR,
-				 "short read (%d/%d) from routing socket",
-				 n_read, (int) sizeof(rtm));
-		return;
-	    }
-	}
-	krb5_klog_syslog(LOG_INFO,
-			 "got routing msg type %d(%s) v%d",
-			 rtm.rtm_type, rtm_type_name(rtm.rtm_type),
-			 rtm.rtm_version);
-	if (rtm.rtm_msglen > sizeof(rtm)) {
-	    /* It appears we get a partial message and the rest is
-	       thrown away?  */
-	} else if (rtm.rtm_msglen != n_read) {
-	    krb5_klog_syslog(LOG_ERR,
-			     "read %d from routing socket but msglen is %d",
-			     n_read, rtm.rtm_msglen);
-	}
-	switch (rtm.rtm_type) {
-	case RTM_ADD:
-	case RTM_DELETE:
-	case RTM_NEWADDR:
-	case RTM_DELADDR:
-	case RTM_IFINFO:
-	case RTM_OLDADD:
-	case RTM_OLDDEL:
-	    krb5_klog_syslog(LOG_INFO, "reconfiguration needed");
-	    network_reconfiguration_needed = 1;
-	    break;
-	case RTM_RESOLVE:
+            if (n_read < RS(rtm_type) ||
+                n_read < RS(rtm_version) ||
+                n_read < RS(rtm_msglen)) {
+                krb5_klog_syslog(LOG_ERR,
+                                 "short read (%d/%d) from routing socket",
+                                 n_read, (int) sizeof(rtm));
+                return;
+            }
+        }
+        krb5_klog_syslog(LOG_INFO,
+                         "got routing msg type %d(%s) v%d",
+                         rtm.rtm_type, rtm_type_name(rtm.rtm_type),
+                         rtm.rtm_version);
+        if (rtm.rtm_msglen > sizeof(rtm)) {
+            /* It appears we get a partial message and the rest is
+               thrown away?  */
+        } else if (rtm.rtm_msglen != n_read) {
+            krb5_klog_syslog(LOG_ERR,
+                             "read %d from routing socket but msglen is %d",
+                             n_read, rtm.rtm_msglen);
+        }
+        switch (rtm.rtm_type) {
+        case RTM_ADD:
+        case RTM_DELETE:
+        case RTM_NEWADDR:
+        case RTM_DELADDR:
+        case RTM_IFINFO:
+        case RTM_OLDADD:
+        case RTM_OLDDEL:
+            krb5_klog_syslog(LOG_INFO, "reconfiguration needed");
+            network_reconfiguration_needed = 1;
+            break;
+        case RTM_RESOLVE:
 #ifdef RTM_NEWMADDR
-	case RTM_NEWMADDR:
-	case RTM_DELMADDR:
+        case RTM_NEWMADDR:
+        case RTM_DELMADDR:
 #endif
-	case RTM_MISS:
-	case RTM_REDIRECT:
-	case RTM_LOSING:
-	case RTM_GET:
-	    /* Not interesting.  */
-	    krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting");
-	    break;
-	default:
-	    krb5_klog_syslog(LOG_INFO, "unhandled routing message type, will reconfigure just for the fun of it");
-	    network_reconfiguration_needed = 1;
-	    break;
-	}
+        case RTM_MISS:
+        case RTM_REDIRECT:
+        case RTM_LOSING:
+        case RTM_GET:
+            /* Not interesting.  */
+            krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting");
+            break;
+        default:
+            krb5_klog_syslog(LOG_INFO, "unhandled routing message type, will reconfigure just for the fun of it");
+            network_reconfiguration_needed = 1;
+            break;
+        }
     }
 }
 
@@ -1025,14 +1026,14 @@ setup_routing_socket(struct socksetup *data)
 {
     int sock = socket(PF_ROUTE, SOCK_RAW, 0);
     if (sock < 0) {
-	int e = errno;
-	krb5_klog_syslog(LOG_INFO, "couldn't set up routing socket: %s",
-			 strerror(e));
+        int e = errno;
+        krb5_klog_syslog(LOG_INFO, "couldn't set up routing socket: %s",
+                         strerror(e));
     } else {
-	krb5_klog_syslog(LOG_INFO, "routing socket is fd %d", sock);
-	add_fd(data, sock, CONN_ROUTING, process_routing_update);
-	setnbio(sock);
-	FD_SET(sock, &sstate.rfds);
+        krb5_klog_syslog(LOG_INFO, "routing socket is fd %d", sock);
+        add_fd(data, sock, CONN_ROUTING, process_routing_update);
+        setnbio(sock);
+        FD_SET(sock, &sstate.rfds);
     }
 }
 #endif
@@ -1058,25 +1059,25 @@ setup_network(void *handle, const char *prog)
 
     retval = add_udp_port(server_handle->params.kpasswd_port);
     if (retval)
-	return retval;
+        return retval;
 
     retval = add_tcp_port(server_handle->params.kpasswd_port);
     if (retval)
-	return retval;
+        return retval;
 
     retval = add_rpc_service(server_handle->params.kadmind_port,
-			     KADM, KADMVERS,
-			     kadm_1);
+                             KADM, KADMVERS,
+                             kadm_1);
     if (retval)
-	return retval;
+        return retval;
 
 #ifndef DISABLE_IPROP
     if (server_handle->params.iprop_enabled) {
-	retval = add_rpc_service(server_handle->params.iprop_port,
-				 KRB5_IPROP_PROG, KRB5_IPROP_VERS,
-				 krb5_iprop_prog_1);
-	if (retval)
-	    return retval;
+        retval = add_rpc_service(server_handle->params.iprop_port,
+                                 KRB5_IPROP_PROG, KRB5_IPROP_VERS,
+                                 krb5_iprop_prog_1);
+        if (retval)
+            return retval;
     }
 #endif /* DISABLE_IPROP */
 
@@ -1093,16 +1094,16 @@ setup_network(void *handle, const char *prog)
     setup_data.udp_flags = UDP_DO_IPV4 | UDP_DO_IPV6;
     setup_udp_pktinfo_ports(&setup_data);
     if (setup_data.udp_flags) {
-	if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
-	    return setup_data.retval;
-	}
+        if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
+            return setup_data.retval;
+        }
     }
     setup_tcp_listener_ports(&setup_data);
     setup_rpc_listener_ports(&setup_data);
     krb5_klog_syslog (LOG_INFO, "set up %d sockets", n_sockets);
     if (n_sockets == 0) {
-	com_err(prog, 0, "no sockets set up?");
-	exit (1);
+        com_err(prog, 0, "no sockets set up?");
+        exit (1);
     }
 
     return 0;
@@ -1112,45 +1113,45 @@ static void init_addr(krb5_fulladdr *faddr, struct sockaddr *sa)
 {
     switch (sa->sa_family) {
     case AF_INET:
-	faddr->address->addrtype = ADDRTYPE_INET;
-	faddr->address->length = 4;
-	faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr;
-	faddr->port = ntohs(sa2sin(sa)->sin_port);
-	break;
+        faddr->address->addrtype = ADDRTYPE_INET;
+        faddr->address->length = 4;
+        faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr;
+        faddr->port = ntohs(sa2sin(sa)->sin_port);
+        break;
 #ifdef KRB5_USE_INET6
     case AF_INET6:
-	if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) {
-	    faddr->address->addrtype = ADDRTYPE_INET;
-	    faddr->address->length = 4;
-	    faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr;
-	} else {
-	    faddr->address->addrtype = ADDRTYPE_INET6;
-	    faddr->address->length = 16;
-	    faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr;
-	}
-	faddr->port = ntohs(sa2sin6(sa)->sin6_port);
-	break;
+        if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) {
+            faddr->address->addrtype = ADDRTYPE_INET;
+            faddr->address->length = 4;
+            faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr;
+        } else {
+            faddr->address->addrtype = ADDRTYPE_INET6;
+            faddr->address->length = 16;
+            faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr;
+        }
+        faddr->port = ntohs(sa2sin6(sa)->sin6_port);
+        break;
 #endif
     default:
-	faddr->address->addrtype = -1;
-	faddr->address->length = 0;
-	faddr->address->contents = 0;
-	faddr->port = 0;
-	break;
+        faddr->address->addrtype = -1;
+        faddr->address->length = 0;
+        faddr->address->contents = 0;
+        faddr->port = 0;
+        break;
     }
 }
 
 static int
 recv_from_to(int s, void *buf, size_t len, int flags,
-	     struct sockaddr *from, socklen_t *fromlen,
-	     struct sockaddr *to, socklen_t *tolen)
+             struct sockaddr *from, socklen_t *fromlen,
+             struct sockaddr *to, socklen_t *tolen)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
     if (to && tolen) {
-	/* Clobber with something recognizeable in case we try to use
-	   the address.  */
-	memset(to, 0x40, *tolen);
-	*tolen = 0;
+        /* Clobber with something recognizeable in case we try to use
+           the address.  */
+        memset(to, 0x40, *tolen);
+        *tolen = 0;
     }
 
     return recvfrom(s, buf, len, flags, from, fromlen);
@@ -1162,7 +1163,7 @@ recv_from_to(int s, void *buf, size_t len, int flags,
     struct msghdr msg;
 
     if (!to || !tolen)
-	return recvfrom(s, buf, len, flags, from, fromlen);
+        return recvfrom(s, buf, len, flags, from, fromlen);
 
     /* Clobber with something recognizeable in case we can't extract
        the address but try to use it anyways.  */
@@ -1180,7 +1181,7 @@ recv_from_to(int s, void *buf, size_t len, int flags,
 
     r = recvmsg(s, &msg, flags);
     if (r < 0)
-	return r;
+        return r;
     *fromlen = msg.msg_namelen;
 
     /* On Darwin (and presumably all *BSD with KAME stacks),
@@ -1188,36 +1189,36 @@ recv_from_to(int s, void *buf, size_t len, int flags,
        3542 recommends making this check, even though the (new) spec
        for CMSG_FIRSTHDR says it's supposed to do the check.  */
     if (msg.msg_controllen) {
-	cmsgptr = CMSG_FIRSTHDR(&msg);
-	while (cmsgptr) {
+        cmsgptr = CMSG_FIRSTHDR(&msg);
+        while (cmsgptr) {
 #ifdef IP_PKTINFO
-	    if (cmsgptr->cmsg_level == IPPROTO_IP
-		&& cmsgptr->cmsg_type == IP_PKTINFO
-		&& *tolen >= sizeof(struct sockaddr_in)) {
-		struct in_pktinfo *pktinfo;
-		memset(to, 0, sizeof(struct sockaddr_in));
-		pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
-		((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr;
-		((struct sockaddr_in *)to)->sin_family = AF_INET;
-		*tolen = sizeof(struct sockaddr_in);
-		return r;
-	    }
+            if (cmsgptr->cmsg_level == IPPROTO_IP
+                && cmsgptr->cmsg_type == IP_PKTINFO
+                && *tolen >= sizeof(struct sockaddr_in)) {
+                struct in_pktinfo *pktinfo;
+                memset(to, 0, sizeof(struct sockaddr_in));
+                pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
+                ((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr;
+                ((struct sockaddr_in *)to)->sin_family = AF_INET;
+                *tolen = sizeof(struct sockaddr_in);
+                return r;
+            }
 #endif
 #if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO)&& defined(HAVE_STRUCT_IN6_PKTINFO)
-	    if (cmsgptr->cmsg_level == IPPROTO_IPV6
-		&& cmsgptr->cmsg_type == IPV6_PKTINFO
-		&& *tolen >= sizeof(struct sockaddr_in6)) {
-		struct in6_pktinfo *pktinfo;
-		memset(to, 0, sizeof(struct sockaddr_in6));
-		pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
-		((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr;
-		((struct sockaddr_in6 *)to)->sin6_family = AF_INET6;
-		*tolen = sizeof(struct sockaddr_in6);
-		return r;
-	    }
+            if (cmsgptr->cmsg_level == IPPROTO_IPV6
+                && cmsgptr->cmsg_type == IPV6_PKTINFO
+                && *tolen >= sizeof(struct sockaddr_in6)) {
+                struct in6_pktinfo *pktinfo;
+                memset(to, 0, sizeof(struct sockaddr_in6));
+                pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
+                ((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr;
+                ((struct sockaddr_in6 *)to)->sin6_family = AF_INET6;
+                *tolen = sizeof(struct sockaddr_in6);
+                return r;
+            }
 #endif
-	    cmsgptr = CMSG_NXTHDR(&msg, cmsgptr);
-	}
+            cmsgptr = CMSG_NXTHDR(&msg, cmsgptr);
+        }
     }
     /* No info about destination addr was available.  */
     *tolen = 0;
@@ -1227,8 +1228,8 @@ recv_from_to(int s, void *buf, size_t len, int flags,
 
 static int
 send_to_from(int s, void *buf, size_t len, int flags,
-	     const struct sockaddr *to, socklen_t tolen,
-	     const struct sockaddr *from, socklen_t fromlen)
+             const struct sockaddr *to, socklen_t tolen,
+             const struct sockaddr *from, socklen_t fromlen)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
     return sendto(s, buf, len, flags, to, tolen);
@@ -1240,14 +1241,14 @@ send_to_from(int s, void *buf, size_t len, int flags,
 
     if (from == 0 || fromlen == 0 || from->sa_family != to->sa_family) {
     use_sendto:
-	return sendto(s, buf, len, flags, to, tolen);
+        return sendto(s, buf, len, flags, to, tolen);
     }
 
     iov.iov_base = buf;
     iov.iov_len = len;
     /* Truncation?  */
     if (iov.iov_len != len)
-	return EINVAL;
+        return EINVAL;
     memset(cbuf, 0, sizeof(cbuf));
     memset(&msg, 0, sizeof(msg));
     msg.msg_name = (void *) to;
@@ -1264,36 +1265,36 @@ send_to_from(int s, void *buf, size_t len, int flags,
     switch (from->sa_family) {
 #if defined(IP_PKTINFO)
     case AF_INET:
-	if (fromlen != sizeof(struct sockaddr_in))
-	    goto use_sendto;
-	cmsgptr->cmsg_level = IPPROTO_IP;
-	cmsgptr->cmsg_type = IP_PKTINFO;
-	cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
-	{
-	    struct in_pktinfo *p = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
-	    const struct sockaddr_in *from4 = (const struct sockaddr_in *)from;
-	    p->ipi_spec_dst = from4->sin_addr;
-	}
-	msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
-	break;
+        if (fromlen != sizeof(struct sockaddr_in))
+            goto use_sendto;
+        cmsgptr->cmsg_level = IPPROTO_IP;
+        cmsgptr->cmsg_type = IP_PKTINFO;
+        cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+        {
+            struct in_pktinfo *p = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
+            const struct sockaddr_in *from4 = (const struct sockaddr_in *)from;
+            p->ipi_spec_dst = from4->sin_addr;
+        }
+        msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
+        break;
 #endif
 #if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO)
     case AF_INET6:
-	if (fromlen != sizeof(struct sockaddr_in6))
-	    goto use_sendto;
-	cmsgptr->cmsg_level = IPPROTO_IPV6;
-	cmsgptr->cmsg_type = IPV6_PKTINFO;
-	cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
-	{
-	    struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
-	    const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from;
-	    p->ipi6_addr = from6->sin6_addr;
-	}
-	msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
-	break;
+        if (fromlen != sizeof(struct sockaddr_in6))
+            goto use_sendto;
+        cmsgptr->cmsg_level = IPPROTO_IPV6;
+        cmsgptr->cmsg_type = IPV6_PKTINFO;
+        cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+        {
+            struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
+            const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from;
+            p->ipi6_addr = from6->sin6_addr;
+        }
+        msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
+        break;
 #endif
     default:
-	goto use_sendto;
+        goto use_sendto;
     }
     return sendmsg(s, &msg, flags);
 #endif
@@ -1302,8 +1303,8 @@ send_to_from(int s, void *buf, size_t len, int flags,
 /* Dispatch routine for set/change password */
 static krb5_error_code
 dispatch(void *handle,
-	 struct sockaddr *local_saddr, krb5_fulladdr *remote_faddr,
-	 krb5_data *request, krb5_data **response)
+         struct sockaddr *local_saddr, krb5_fulladdr *remote_faddr,
+         krb5_data *request, krb5_data **response)
 {
     krb5_error_code ret;
     krb5_keytab kt = NULL;
@@ -1314,42 +1315,42 @@ dispatch(void *handle,
     *response = NULL;
 
     if (local_saddr == NULL) {
-	ret = krb5_os_localaddr(server_handle->context, &local_kaddrs);
-	if (ret != 0)
-	    goto cleanup;
+        ret = krb5_os_localaddr(server_handle->context, &local_kaddrs);
+        if (ret != 0)
+            goto cleanup;
 
-	local_faddr.address = local_kaddrs[0];
-	local_faddr.port = 0;
+        local_faddr.address = local_kaddrs[0];
+        local_faddr.port = 0;
     } else {
-	local_faddr.address = &local_kaddr_buf;
-	init_addr(&local_faddr, local_saddr);
+        local_faddr.address = &local_kaddr_buf;
+        init_addr(&local_faddr, local_saddr);
     }
 
     ret = krb5_kt_resolve(server_handle->context, "KDB:", &kt);
     if (ret != 0) {
-	krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s",
-			 krb5_get_error_message(server_handle->context, ret));
-	goto cleanup;
+        krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s",
+                         krb5_get_error_message(server_handle->context, ret));
+        goto cleanup;
     }
 
     *response = (krb5_data *)malloc(sizeof(krb5_data));
     if (*response == NULL) {
-	ret = ENOMEM;
-	goto cleanup;
+        ret = ENOMEM;
+        goto cleanup;
     }
 
     ret = process_chpw_request(server_handle->context,
-			       handle,
-			       server_handle->params.realm,
-			       kt,
-			       &local_faddr,
-			       remote_faddr,
-			       request,
-			       *response);
+                               handle,
+                               server_handle->params.realm,
+                               kt,
+                               &local_faddr,
+                               remote_faddr,
+                               request,
+                               *response);
 
 cleanup:
     if (local_kaddrs != NULL)
-	krb5_free_addresses(server_handle->context, local_kaddrs);
+        krb5_free_addresses(server_handle->context, local_kaddrs);
 
     krb5_kt_close(server_handle->context, kt);
 
@@ -1357,8 +1358,8 @@ cleanup:
 }
 
 static void process_packet(void *handle,
-			   struct connection *conn, const char *prog,
-			   int selflags)
+                           struct connection *conn, const char *prog,
+                           int selflags)
 {
     int cc;
     socklen_t saddr_len, daddr_len;
@@ -1376,40 +1377,40 @@ static void process_packet(void *handle,
     saddr_len = sizeof(saddr);
     daddr_len = sizeof(daddr);
     cc = recv_from_to(port_fd, pktbuf, sizeof(pktbuf), 0,
-		      (struct sockaddr *)&saddr, &saddr_len,
-		      (struct sockaddr *)&daddr, &daddr_len);
+                      (struct sockaddr *)&saddr, &saddr_len,
+                      (struct sockaddr *)&daddr, &daddr_len);
     if (cc == -1) {
-	if (errno != EINTR
-	    /* This is how Linux indicates that a previous
-	       transmission was refused, e.g., if the client timed out
-	       before getting the response packet.  */
-	    && errno != ECONNREFUSED
-	    )
-	    com_err(prog, errno, "while receiving from network");
-	return;
+        if (errno != EINTR
+            /* This is how Linux indicates that a previous
+               transmission was refused, e.g., if the client timed out
+               before getting the response packet.  */
+            && errno != ECONNREFUSED
+        )
+            com_err(prog, errno, "while receiving from network");
+        return;
     }
     if (!cc)
-	return;		/* zero-length packet? */
+        return;         /* zero-length packet? */
 
 #if 0
     if (daddr_len > 0) {
-	char addrbuf[100];
-	if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf),
-			0, 0, NI_NUMERICHOST))
-	    strlcpy(addrbuf, "?", sizeof(addrbuf));
-	com_err(prog, 0, "pktinfo says local addr is %s", addrbuf);
+        char addrbuf[100];
+        if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf),
+                        0, 0, NI_NUMERICHOST))
+            strlcpy(addrbuf, "?", sizeof(addrbuf));
+        com_err(prog, 0, "pktinfo says local addr is %s", addrbuf);
     }
 #endif
 
     if (daddr_len == 0 && conn->type == CONN_UDP) {
-	/* If the PKTINFO option isn't set, this socket should be
-	   bound to a specific local address.  This info probably
-	   should've been saved in our socket data structure at setup
-	   time.  */
-	daddr_len = sizeof(daddr);
-	if (getsockname(port_fd, (struct sockaddr *)&daddr, &daddr_len) != 0)
-	    daddr_len = 0;
-	/* On failure, keep going anyways.  */
+        /* If the PKTINFO option isn't set, this socket should be
+           bound to a specific local address.  This info probably
+           should've been saved in our socket data structure at setup
+           time.  */
+        daddr_len = sizeof(daddr);
+        if (getsockname(port_fd, (struct sockaddr *)&daddr, &daddr_len) != 0)
+            daddr_len = 0;
+        /* On failure, keep going anyways.  */
     }
 
     request.length = cc;
@@ -1418,28 +1419,28 @@ static void process_packet(void *handle,
     init_addr(&faddr, ss2sa(&saddr));
     /* this address is in net order */
     if ((retval = dispatch(handle, ss2sa(&daddr), &faddr, &request, &response))) {
-	com_err(prog, retval, "while dispatching (udp)");
-	return;
+        com_err(prog, retval, "while dispatching (udp)");
+        return;
     }
     if (response == NULL)
-	return;
+        return;
     cc = send_to_from(port_fd, response->data, (socklen_t) response->length, 0,
-		      (struct sockaddr *)&saddr, saddr_len,
-		      (struct sockaddr *)&daddr, daddr_len);
+                      (struct sockaddr *)&saddr, saddr_len,
+                      (struct sockaddr *)&daddr, daddr_len);
     if (cc == -1) {
-	char addrbuf[46];
+        char addrbuf[46];
         krb5_free_data(server_handle->context, response);
-	if (inet_ntop(((struct sockaddr *)&saddr)->sa_family,
-		      addr.contents, addrbuf, sizeof(addrbuf)) == 0) {
-	    strlcpy(addrbuf, "?", sizeof(addrbuf));
-	}
-	com_err(prog, errno, "while sending reply to %s/%d",
-		addrbuf, faddr.port);
-	return;
+        if (inet_ntop(((struct sockaddr *)&saddr)->sa_family,
+                      addr.contents, addrbuf, sizeof(addrbuf)) == 0) {
+            strlcpy(addrbuf, "?", sizeof(addrbuf));
+        }
+        com_err(prog, errno, "while sending reply to %s/%d",
+                addrbuf, faddr.port);
+        return;
     }
     if (cc != response->length) {
-	com_err(prog, 0, "short reply write %d vs %d\n",
-		response->length, cc);
+        com_err(prog, 0, "short reply write %d vs %d\n",
+                response->length, cc);
     }
     krb5_free_data(server_handle->context, response);
     return;
@@ -1459,31 +1460,31 @@ static int kill_lru_tcp_or_rpc_connection(void *handle, struct connection *newco
     krb5_klog_syslog(LOG_INFO, "too many connections");
 
     FOREACH_ELT (connections, i, c) {
-	if (c->type != CONN_TCP && c->type != CONN_RPC)
-	    continue;
-	if (c == newconn)
-	    continue;
+        if (c->type != CONN_TCP && c->type != CONN_RPC)
+            continue;
+        if (c == newconn)
+            continue;
 #if 0
-	krb5_klog_syslog(LOG_INFO, "fd %d started at %ld", c->fd,
-			 c->u.tcp.start_time);
+        krb5_klog_syslog(LOG_INFO, "fd %d started at %ld", c->fd,
+                         c->u.tcp.start_time);
 #endif
-	if (oldest_tcp == NULL
-	    || oldest_tcp->u.tcp.start_time > c->u.tcp.start_time)
-	    oldest_tcp = c;
+        if (oldest_tcp == NULL
+            || oldest_tcp->u.tcp.start_time > c->u.tcp.start_time)
+            oldest_tcp = c;
     }
     if (oldest_tcp != NULL) {
-	krb5_klog_syslog(LOG_INFO, "dropping %s fd %d from %s",
-			 c->type == CONN_RPC ? "rpc" : "tcp",
-			 oldest_tcp->fd, oldest_tcp->u.tcp.addrbuf);
-	fd = oldest_tcp->fd;
-	kill_tcp_or_rpc_connection(handle, oldest_tcp, 1);
+        krb5_klog_syslog(LOG_INFO, "dropping %s fd %d from %s",
+                         c->type == CONN_RPC ? "rpc" : "tcp",
+                         oldest_tcp->fd, oldest_tcp->u.tcp.addrbuf);
+        fd = oldest_tcp->fd;
+        kill_tcp_or_rpc_connection(handle, oldest_tcp, 1);
     }
     return fd;
 }
 
 static void accept_tcp_connection(void *handle,
-				  struct connection *conn, const char *prog,
-				  int selflags)
+                                  struct connection *conn, const char *prog,
+                                  int selflags)
 {
     int s;
     struct sockaddr_storage addr_s;
@@ -1495,12 +1496,12 @@ static void accept_tcp_connection(void *handle,
 
     s = accept(conn->fd, addr, &addrlen);
     if (s < 0)
-	return;
+        return;
     set_cloexec_fd(s);
 #ifndef _WIN32
     if (s >= FD_SETSIZE) {
-	close(s);
-	return;
+        close(s);
+        return;
     }
 #endif
     setnbio(s), setnolinger(s), setkeepalive(s);
@@ -1510,26 +1511,26 @@ static void accept_tcp_connection(void *handle,
 
     newconn = add_tcp_data_fd(&sockdata, s);
     if (newconn == NULL)
-	return;
+        return;
 
     if (getnameinfo((struct sockaddr *)&addr_s, addrlen,
-		    newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf),
-		    tmpbuf, sizeof(tmpbuf),
-		    NI_NUMERICHOST | NI_NUMERICSERV))
-	strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf));
+                    newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf),
+                    tmpbuf, sizeof(tmpbuf),
+                    NI_NUMERICHOST | NI_NUMERICSERV))
+        strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf));
     else {
-	char *p, *end;
-	p = newconn->u.tcp.addrbuf;
-	end = p + sizeof(newconn->u.tcp.addrbuf);
-	p += strlen(p);
-	if (end - p > 2 + strlen(tmpbuf)) {
-	    *p++ = '.';
-	    strlcpy(p, tmpbuf, end - p);
-	}
+        char *p, *end;
+        p = newconn->u.tcp.addrbuf;
+        end = p + sizeof(newconn->u.tcp.addrbuf);
+        p += strlen(p);
+        if (end - p > 2 + strlen(tmpbuf)) {
+            *p++ = '.';
+            strlcpy(p, tmpbuf, end - p);
+        }
     }
 #if 0
     krb5_klog_syslog(LOG_INFO, "accepted TCP connection on socket %d from %s",
-		     s, newconn->u.tcp.addrbuf);
+                     s, newconn->u.tcp.addrbuf);
 #endif
 
     newconn->u.tcp.addr_s = addr_s;
@@ -1539,15 +1540,15 @@ static void accept_tcp_connection(void *handle,
     newconn->u.tcp.start_time = time(0);
 
     if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
-	kill_lru_tcp_or_rpc_connection(handle, newconn);
+        kill_lru_tcp_or_rpc_connection(handle, newconn);
 
     if (newconn->u.tcp.buffer == 0) {
-	com_err(prog, errno, "allocating buffer for new TCP session from %s",
-		newconn->u.tcp.addrbuf);
-	delete_fd(newconn);
-	close(s);
-	tcp_or_rpc_data_counter--;
-	return;
+        com_err(prog, errno, "allocating buffer for new TCP session from %s",
+                newconn->u.tcp.addrbuf);
+        delete_fd(newconn);
+        close(s);
+        tcp_or_rpc_data_counter--;
+        return;
     }
     newconn->u.tcp.offset = 0;
     newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr;
@@ -1557,7 +1558,7 @@ static void accept_tcp_connection(void *handle,
 
     FD_SET(s, &sstate.rfds);
     if (sstate.max <= s)
-	sstate.max = s + 1;
+        sstate.max = s + 1;
 }
 
 static void
@@ -1569,37 +1570,37 @@ kill_tcp_or_rpc_connection(void *handle, struct connection *conn, int isForcedCl
     assert(conn->fd != -1);
 
     if (conn->u.tcp.response)
-	krb5_free_data(server_handle->context, conn->u.tcp.response);
+        krb5_free_data(server_handle->context, conn->u.tcp.response);
     if (conn->u.tcp.buffer)
-	free(conn->u.tcp.buffer);
+        free(conn->u.tcp.buffer);
     FD_CLR(conn->fd, &sstate.rfds);
     FD_CLR(conn->fd, &sstate.wfds);
     if (sstate.max == conn->fd + 1)
-	while (sstate.max > 0
-	       && ! FD_ISSET(sstate.max-1, &sstate.rfds)
-	       && ! FD_ISSET(sstate.max-1, &sstate.wfds)
-	       /* && ! FD_ISSET(sstate.max-1, &sstate.xfds) */
-	    )
-	    sstate.max--;
+        while (sstate.max > 0
+               && ! FD_ISSET(sstate.max-1, &sstate.rfds)
+               && ! FD_ISSET(sstate.max-1, &sstate.wfds)
+               /* && ! FD_ISSET(sstate.max-1, &sstate.xfds) */
+        )
+            sstate.max--;
 
     /* In the non-forced case, the RPC runtime will close the descriptor for us */
     if (conn->type == CONN_TCP || isForcedClose) {
-	close(conn->fd);
+        close(conn->fd);
     }
 
     /* For RPC connections, call into RPC runtime to flush out any internal state */
     if (conn->type == CONN_RPC && isForcedClose) {
-	fd_set fds;
+        fd_set fds;
 
-	FD_ZERO(&fds);
-	FD_SET(conn->fd, &fds);
+        FD_ZERO(&fds);
+        FD_SET(conn->fd, &fds);
 
-	svc_getreqset(&fds);
+        svc_getreqset(&fds);
 
-	if (FD_ISSET(conn->fd, &svc_fdset)) {
-	    krb5_klog_syslog(LOG_ERR,
-			     "descriptor %d closed but still in svc_fdset", conn->fd);
-	}
+        if (FD_ISSET(conn->fd, &svc_fdset)) {
+            krb5_klog_syslog(LOG_ERR,
+                             "descriptor %d closed but still in svc_fdset", conn->fd);
+        }
     }
 
     conn->fd = -1;
@@ -1617,14 +1618,14 @@ make_toolong_error (void *handle, krb5_data **out)
 
     retval = krb5_us_timeofday(server_handle->context, &errpkt.stime, &errpkt.susec);
     if (retval)
-	return retval;
+        return retval;
     errpkt.error = KRB_ERR_FIELD_TOOLONG;
     retval = krb5_build_principal(server_handle->context, &errpkt.server,
-				  strlen(server_handle->params.realm),
-				  server_handle->params.realm,
-				  "kadmin", "changepw", NULL);
+                                  strlen(server_handle->params.realm),
+                                  server_handle->params.realm,
+                                  "kadmin", "changepw", NULL);
     if (retval)
-	return retval;
+        return retval;
     errpkt.client = NULL;
     errpkt.cusec = 0;
     errpkt.ctime = 0;
@@ -1634,11 +1635,11 @@ make_toolong_error (void *handle, krb5_data **out)
     errpkt.e_data.data = 0;
     scratch = malloc(sizeof(*scratch));
     if (scratch == NULL)
-	return ENOMEM;
+        return ENOMEM;
     retval = krb5_mk_error(server_handle->context, &errpkt, scratch);
     if (retval) {
-	free(scratch);
-	return retval;
+        free(scratch);
+        return retval;
     }
 
     *out = scratch;
@@ -1650,7 +1651,7 @@ queue_tcp_outgoing_response(struct connection *conn)
 {
     store_32_be(conn->u.tcp.response->length, conn->u.tcp.lenbuf);
     SG_SET(&conn->u.tcp.sgbuf[1], conn->u.tcp.response->data,
-	   conn->u.tcp.response->length);
+           conn->u.tcp.response->length);
     conn->u.tcp.sgp = conn->u.tcp.sgbuf;
     conn->u.tcp.sgnum = 2;
     FD_SET(conn->fd, &sstate.wfds);
@@ -1658,128 +1659,128 @@ queue_tcp_outgoing_response(struct connection *conn)
 
 static void
 process_tcp_connection(void *handle,
-		       struct connection *conn, const char *prog, int selflags)
+                       struct connection *conn, const char *prog, int selflags)
 {
     int isForcedClose = 1; /* not used now, but for completeness */
 
     if (selflags & SSF_WRITE) {
-	ssize_t nwrote;
-	SOCKET_WRITEV_TEMP tmp;
-
-	nwrote = SOCKET_WRITEV(conn->fd, conn->u.tcp.sgp, conn->u.tcp.sgnum,
-			       tmp);
-	if (nwrote < 0) {
-	    goto kill_tcp_connection;
-	}
-	if (nwrote == 0) {
-	    /* eof */
-	    isForcedClose = 0;
-	    goto kill_tcp_connection;
-	}
-	while (nwrote) {
-	    sg_buf *sgp = conn->u.tcp.sgp;
-	    if (nwrote < SG_LEN(sgp)) {
-		SG_ADVANCE(sgp, nwrote);
-		nwrote = 0;
-	    } else {
-		nwrote -= SG_LEN(sgp);
-		conn->u.tcp.sgp++;
-		conn->u.tcp.sgnum--;
-		if (conn->u.tcp.sgnum == 0 && nwrote != 0)
-		    abort();
-	    }
-	}
-	if (conn->u.tcp.sgnum == 0) {
-	    /* finished sending */
-	    /* We should go back to reading, though if we sent a
-	       FIELD_TOOLONG error in reply to a length with the high
-	       bit set, RFC 4120 says we have to close the TCP
-	       stream.  */
-	    isForcedClose = 0;
-	    goto kill_tcp_connection;
-	}
+        ssize_t nwrote;
+        SOCKET_WRITEV_TEMP tmp;
+
+        nwrote = SOCKET_WRITEV(conn->fd, conn->u.tcp.sgp, conn->u.tcp.sgnum,
+                               tmp);
+        if (nwrote < 0) {
+            goto kill_tcp_connection;
+        }
+        if (nwrote == 0) {
+            /* eof */
+            isForcedClose = 0;
+            goto kill_tcp_connection;
+        }
+        while (nwrote) {
+            sg_buf *sgp = conn->u.tcp.sgp;
+            if (nwrote < SG_LEN(sgp)) {
+                SG_ADVANCE(sgp, nwrote);
+                nwrote = 0;
+            } else {
+                nwrote -= SG_LEN(sgp);
+                conn->u.tcp.sgp++;
+                conn->u.tcp.sgnum--;
+                if (conn->u.tcp.sgnum == 0 && nwrote != 0)
+                    abort();
+            }
+        }
+        if (conn->u.tcp.sgnum == 0) {
+            /* finished sending */
+            /* We should go back to reading, though if we sent a
+               FIELD_TOOLONG error in reply to a length with the high
+               bit set, RFC 4120 says we have to close the TCP
+               stream.  */
+            isForcedClose = 0;
+            goto kill_tcp_connection;
+        }
     } else if (selflags & SSF_READ) {
-	/* Read message length and data into one big buffer, already
-	   allocated at connect time.  If we have a complete message,
-	   we stop reading, so we should only be here if there is no
-	   data in the buffer, or only an incomplete message.  */
-	size_t len;
-	ssize_t nread;
-	if (conn->u.tcp.offset < 4) {
-	    /* msglen has not been computed */
-	    /* XXX Doing at least two reads here, letting the kernel
-	       worry about buffering.  It'll be faster when we add
-	       code to manage the buffer here.  */
-	    len = 4 - conn->u.tcp.offset;
-	    nread = SOCKET_READ(conn->fd,
-				conn->u.tcp.buffer + conn->u.tcp.offset, len);
-	    if (nread < 0)
-		/* error */
-		goto kill_tcp_connection;
-	    if (nread == 0)
-		/* eof */
-		goto kill_tcp_connection;
-	    conn->u.tcp.offset += nread;
-	    if (conn->u.tcp.offset == 4) {
-		unsigned char *p = (unsigned char *)conn->u.tcp.buffer;
-		conn->u.tcp.msglen = load_32_be(p);
-		if (conn->u.tcp.msglen > conn->u.tcp.bufsiz - 4) {
-		    krb5_error_code err;
-		    /* message too big */
-		    krb5_klog_syslog(LOG_ERR, "TCP client %s wants %lu bytes, cap is %lu",
-				     conn->u.tcp.addrbuf, (unsigned long) conn->u.tcp.msglen,
-				     (unsigned long) conn->u.tcp.bufsiz - 4);
-		    /* XXX Should return an error.  */
-		    err = make_toolong_error (handle, &conn->u.tcp.response);
-		    if (err) {
-			krb5_klog_syslog(LOG_ERR,
-					 "error constructing KRB_ERR_FIELD_TOOLONG error! %s",
-					 error_message(err));
-			goto kill_tcp_connection;
-		    }
-		    goto have_response;
-		}
-	    }
-	} else {
-	    /* msglen known */
-	    krb5_data request;
-	    krb5_error_code err;
-	    struct sockaddr_storage local_saddr;
-	    socklen_t local_saddrlen = sizeof(local_saddr);
-	    struct sockaddr *local_saddrp = NULL;
-
-	    len = conn->u.tcp.msglen - (conn->u.tcp.offset - 4);
-	    nread = SOCKET_READ(conn->fd,
-				conn->u.tcp.buffer + conn->u.tcp.offset, len);
-	    if (nread < 0)
-		/* error */
-		goto kill_tcp_connection;
-	    if (nread == 0)
-		/* eof */
-		goto kill_tcp_connection;
-	    conn->u.tcp.offset += nread;
-	    if (conn->u.tcp.offset < conn->u.tcp.msglen + 4)
-		return;
-	    /* have a complete message, and exactly one message */
-	    request.length = conn->u.tcp.msglen;
-	    request.data = conn->u.tcp.buffer + 4;
-
-	    if (getsockname(conn->fd, ss2sa(&local_saddr), &local_saddrlen) == 0) {
-		local_saddrp = ss2sa(&local_saddr);
-	    }
-
-	    err = dispatch(handle, local_saddrp, &conn->u.tcp.faddr,
-			   &request, &conn->u.tcp.response);
-	    if (err) {
-		com_err(prog, err, "while dispatching (tcp)");
-		goto kill_tcp_connection;
-	    }
-	have_response:
-	    queue_tcp_outgoing_response(conn);
-	    FD_CLR(conn->fd, &sstate.rfds);
-	}
+        /* Read message length and data into one big buffer, already
+           allocated at connect time.  If we have a complete message,
+           we stop reading, so we should only be here if there is no
+           data in the buffer, or only an incomplete message.  */
+        size_t len;
+        ssize_t nread;
+        if (conn->u.tcp.offset < 4) {
+            /* msglen has not been computed */
+            /* XXX Doing at least two reads here, letting the kernel
+               worry about buffering.  It'll be faster when we add
+               code to manage the buffer here.  */
+            len = 4 - conn->u.tcp.offset;
+            nread = SOCKET_READ(conn->fd,
+                                conn->u.tcp.buffer + conn->u.tcp.offset, len);
+            if (nread < 0)
+                /* error */
+                goto kill_tcp_connection;
+            if (nread == 0)
+                /* eof */
+                goto kill_tcp_connection;
+            conn->u.tcp.offset += nread;
+            if (conn->u.tcp.offset == 4) {
+                unsigned char *p = (unsigned char *)conn->u.tcp.buffer;
+                conn->u.tcp.msglen = load_32_be(p);
+                if (conn->u.tcp.msglen > conn->u.tcp.bufsiz - 4) {
+                    krb5_error_code err;
+                    /* message too big */
+                    krb5_klog_syslog(LOG_ERR, "TCP client %s wants %lu bytes, cap is %lu",
+                                     conn->u.tcp.addrbuf, (unsigned long) conn->u.tcp.msglen,
+                                     (unsigned long) conn->u.tcp.bufsiz - 4);
+                    /* XXX Should return an error.  */
+                    err = make_toolong_error (handle, &conn->u.tcp.response);
+                    if (err) {
+                        krb5_klog_syslog(LOG_ERR,
+                                         "error constructing KRB_ERR_FIELD_TOOLONG error! %s",
+                                         error_message(err));
+                        goto kill_tcp_connection;
+                    }
+                    goto have_response;
+                }
+            }
+        } else {
+            /* msglen known */
+            krb5_data request;
+            krb5_error_code err;
+            struct sockaddr_storage local_saddr;
+            socklen_t local_saddrlen = sizeof(local_saddr);
+            struct sockaddr *local_saddrp = NULL;
+
+            len = conn->u.tcp.msglen - (conn->u.tcp.offset - 4);
+            nread = SOCKET_READ(conn->fd,
+                                conn->u.tcp.buffer + conn->u.tcp.offset, len);
+            if (nread < 0)
+                /* error */
+                goto kill_tcp_connection;
+            if (nread == 0)
+                /* eof */
+                goto kill_tcp_connection;
+            conn->u.tcp.offset += nread;
+            if (conn->u.tcp.offset < conn->u.tcp.msglen + 4)
+                return;
+            /* have a complete message, and exactly one message */
+            request.length = conn->u.tcp.msglen;
+            request.data = conn->u.tcp.buffer + 4;
+
+            if (getsockname(conn->fd, ss2sa(&local_saddr), &local_saddrlen) == 0) {
+                local_saddrp = ss2sa(&local_saddr);
+            }
+
+            err = dispatch(handle, local_saddrp, &conn->u.tcp.faddr,
+                           &request, &conn->u.tcp.response);
+            if (err) {
+                com_err(prog, err, "while dispatching (tcp)");
+                goto kill_tcp_connection;
+            }
+        have_response:
+            queue_tcp_outgoing_response(conn);
+            FD_CLR(conn->fd, &sstate.rfds);
+        }
     } else
-	abort();
+        abort();
 
     return;
 
@@ -1788,8 +1789,8 @@ kill_tcp_connection:
 }
 
 static void service_conn(void *handle,
-			 struct connection *conn, const char *prog,
-			 int selflags)
+                         struct connection *conn, const char *prog,
+                         int selflags)
 {
     conn->service(handle, conn, prog, selflags);
 }
@@ -1810,82 +1811,82 @@ static int getcurtime(struct timeval *tvp)
 krb5_error_code
 listen_and_process(void *handle, const char *prog)
 {
-    int			nfound;
+    int                 nfound;
     /* This struct contains 3 fd_set objects; on some platforms, they
        can be rather large.  Making this static avoids putting all
        that junk on the stack.  */
     static struct select_state sout;
-    int			i, sret, netchanged = 0;
-    krb5_error_code	err;
+    int                 i, sret, netchanged = 0;
+    krb5_error_code     err;
     kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle;
 
     if (conns == (struct connection **) NULL)
-	return KDC5_NONET;
-    
+        return KDC5_NONET;
+
     while (!signal_request_exit) {
-	if (signal_request_hup) {
-	    krb5_klog_reopen(server_handle->context);
-	    reset_db();
-	    signal_request_hup = 0;
-	}
+        if (signal_request_hup) {
+            krb5_klog_reopen(server_handle->context);
+            reset_db();
+            signal_request_hup = 0;
+        }
 #ifdef PURIFY
-	if (signal_pure_report) {
-	    purify_new_reports();
-	    signal_pure_report = 0;
-	}
-	if (signal_pure_clear) {
-	    purify_clear_new_reports();
-	    signal_pure_clear = 0;
-	}
+        if (signal_pure_report) {
+            purify_new_reports();
+            signal_pure_report = 0;
+        }
+        if (signal_pure_clear) {
+            purify_clear_new_reports();
+            signal_pure_clear = 0;
+        }
 #endif /* PURIFY */
-	if (network_reconfiguration_needed) {
-	    krb5_klog_syslog(LOG_INFO, "network reconfiguration needed");
-	    /* It might be tidier to add a timer-callback interface to
-	       the control loop here, but for this one use, it's not a
-	       big deal.  */
-	    err = getcurtime(&sstate.end_time);
-	    if (err) {
-		com_err(prog, err, "while getting the time");
-		continue;
-	    }
-	    sstate.end_time.tv_sec += 3;
-	    netchanged = 1;
-	} else
-	    sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
-
-	err = krb5int_cm_call_select(&sstate, &sout, &sret);
-	if (err) {
-	    if (err != EINTR)
-		com_err(prog, err, "while selecting for network input(1)");
-	    continue;
-	}
-	if (sret == 0 && netchanged) {
-	    network_reconfiguration_needed = 0;
-	    closedown_network(handle, prog);
-	    err = setup_network(handle, prog);
-	    if (err) {
-		com_err(prog, err, "while reinitializing network");
-		return err;
-	    }
-	    netchanged = 0;
-	}
-	if (sret == -1) {
-	    if (errno != EINTR)
-		com_err(prog, errno, "while selecting for network input(2)");
-	    continue;
-	}
-	nfound = sret;
-	for (i=0; i<n_sockets && nfound > 0; i++) {
-	    int sflags = 0;
-	    if (conns[i]->fd < 0)
-		abort();
-	    if (FD_ISSET(conns[i]->fd, &sout.rfds))
-		sflags |= SSF_READ, nfound--;
-	    if (FD_ISSET(conns[i]->fd, &sout.wfds))
-		sflags |= SSF_WRITE, nfound--;
-	    if (sflags)
-		service_conn(handle, conns[i], prog, sflags);
-	}
+        if (network_reconfiguration_needed) {
+            krb5_klog_syslog(LOG_INFO, "network reconfiguration needed");
+            /* It might be tidier to add a timer-callback interface to
+               the control loop here, but for this one use, it's not a
+               big deal.  */
+            err = getcurtime(&sstate.end_time);
+            if (err) {
+                com_err(prog, err, "while getting the time");
+                continue;
+            }
+            sstate.end_time.tv_sec += 3;
+            netchanged = 1;
+        } else
+            sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
+
+        err = krb5int_cm_call_select(&sstate, &sout, &sret);
+        if (err) {
+            if (err != EINTR)
+                com_err(prog, err, "while selecting for network input(1)");
+            continue;
+        }
+        if (sret == 0 && netchanged) {
+            network_reconfiguration_needed = 0;
+            closedown_network(handle, prog);
+            err = setup_network(handle, prog);
+            if (err) {
+                com_err(prog, err, "while reinitializing network");
+                return err;
+            }
+            netchanged = 0;
+        }
+        if (sret == -1) {
+            if (errno != EINTR)
+                com_err(prog, errno, "while selecting for network input(2)");
+            continue;
+        }
+        nfound = sret;
+        for (i=0; i<n_sockets && nfound > 0; i++) {
+            int sflags = 0;
+            if (conns[i]->fd < 0)
+                abort();
+            if (FD_ISSET(conns[i]->fd, &sout.rfds))
+                sflags |= SSF_READ, nfound--;
+            if (FD_ISSET(conns[i]->fd, &sout.wfds))
+                sflags |= SSF_WRITE, nfound--;
+            if (sflags)
+                service_conn(handle, conns[i], prog, sflags);
+        }
     }
     krb5_klog_syslog(LOG_INFO, "shutdown signal received");
     return 0;
@@ -1898,31 +1899,31 @@ closedown_network(void *handle, const char *prog)
     struct connection *conn;
 
     if (conns == (struct connection **) NULL)
-	return KDC5_NONET;
+        return KDC5_NONET;
 
     FOREACH_ELT (connections, i, conn) {
-	if (conn->fd >= 0) {
-	    krb5_klog_syslog(LOG_INFO, "closing down fd %d", conn->fd);
-	    (void) close(conn->fd);
-	    if (conn->type == CONN_RPC) {
-		fd_set fds;
-
-		FD_ZERO(&fds);
-		FD_SET(conn->fd, &fds);
-
-		svc_getreqset(&fds);
-	    }
-	}
-	if (conn->type == CONN_RPC_LISTENER) {
-	    if (conn->u.rpc.transp != NULL)
-		svc_destroy(conn->u.rpc.transp);
-	}
-	DEL (connections, i);
-	/* There may also be per-connection data in the tcp structure
-	   (tcp.buffer, tcp.response) that we're not freeing here.
-	   That should only happen if we quit with a connection in
-	   progress.  */
-	free(conn);
+        if (conn->fd >= 0) {
+            krb5_klog_syslog(LOG_INFO, "closing down fd %d", conn->fd);
+            (void) close(conn->fd);
+            if (conn->type == CONN_RPC) {
+                fd_set fds;
+
+                FD_ZERO(&fds);
+                FD_SET(conn->fd, &fds);
+
+                svc_getreqset(&fds);
+            }
+        }
+        if (conn->type == CONN_RPC_LISTENER) {
+            if (conn->u.rpc.transp != NULL)
+                svc_destroy(conn->u.rpc.transp);
+        }
+        DEL (connections, i);
+        /* There may also be per-connection data in the tcp structure
+           (tcp.buffer, tcp.response) that we're not freeing here.
+           That should only happen if we quit with a connection in
+           progress.  */
+        free(conn);
     }
     FREE_SET_DATA(connections);
     FREE_SET_DATA(udp_port_data);
@@ -1933,7 +1934,7 @@ closedown_network(void *handle, const char *prog)
 }
 
 static void accept_rpc_connection(void *handle, struct connection *conn,
-				  const char *prog, int selflags)
+                                  const char *prog, int selflags)
 {
     struct socksetup sockdata;
     fd_set fds;
@@ -1942,7 +1943,7 @@ static void accept_rpc_connection(void *handle, struct connection *conn,
     assert(selflags & SSF_READ);
 
     if ((selflags & SSF_READ) == 0)
-	return;
+        return;
 
     sockdata.prog = prog;
     sockdata.retval = 0;
@@ -1959,73 +1960,73 @@ static void accept_rpc_connection(void *handle, struct connection *conn,
      * Scan svc_fdset for any new connections.
      */
     for (s = 0; s < FD_SETSIZE; s++) {
-	/* sstate.rfds |= svc_fdset & ~(rpc_listenfds | sstate.rfds) */
-	if (FD_ISSET(s, &svc_fdset)
-	    && !FD_ISSET(s, &rpc_listenfds)
-	    && !FD_ISSET(s, &sstate.rfds))
-	{
-	    struct connection *newconn;
-	    struct sockaddr_storage addr_s;
-	    struct sockaddr *addr = (struct sockaddr *)&addr_s;
-	    socklen_t addrlen = sizeof(addr_s);
-	    char tmpbuf[10];
-
-	    newconn = add_rpc_data_fd(&sockdata, s);
-	    if (newconn == NULL)
-		continue;
-
-	    set_cloexec_fd(s);
+        /* sstate.rfds |= svc_fdset & ~(rpc_listenfds | sstate.rfds) */
+        if (FD_ISSET(s, &svc_fdset)
+            && !FD_ISSET(s, &rpc_listenfds)
+            && !FD_ISSET(s, &sstate.rfds))
+        {
+            struct connection *newconn;
+            struct sockaddr_storage addr_s;
+            struct sockaddr *addr = (struct sockaddr *)&addr_s;
+            socklen_t addrlen = sizeof(addr_s);
+            char tmpbuf[10];
+
+            newconn = add_rpc_data_fd(&sockdata, s);
+            if (newconn == NULL)
+                continue;
+
+            set_cloexec_fd(s);
 #if 0
-	    setnbio(s), setnolinger(s), setkeepalive(s);
+            setnbio(s), setnolinger(s), setkeepalive(s);
 #endif
 
-	    if (getpeername(s, addr, &addrlen) ||
-		getnameinfo(addr, addrlen,
-			    newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf),
-			    tmpbuf, sizeof(tmpbuf),
-			    NI_NUMERICHOST | NI_NUMERICSERV))
-		strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf));
-	    else {
-		char *p, *end;
-		p = newconn->u.tcp.addrbuf;
-		end = p + sizeof(newconn->u.tcp.addrbuf);
-		p += strlen(p);
-		if (end - p > 2 + strlen(tmpbuf)) {
-		    *p++ = '.';
-		    strlcpy(p, tmpbuf, end - p);
-		}
-	    }
+            if (getpeername(s, addr, &addrlen) ||
+                getnameinfo(addr, addrlen,
+                            newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf),
+                            tmpbuf, sizeof(tmpbuf),
+                            NI_NUMERICHOST | NI_NUMERICSERV))
+                strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf));
+            else {
+                char *p, *end;
+                p = newconn->u.tcp.addrbuf;
+                end = p + sizeof(newconn->u.tcp.addrbuf);
+                p += strlen(p);
+                if (end - p > 2 + strlen(tmpbuf)) {
+                    *p++ = '.';
+                    strlcpy(p, tmpbuf, end - p);
+                }
+            }
 #if 0
-	    krb5_klog_syslog(LOG_INFO, "accepted RPC connection on socket %d from %s", 
-			     s, newconn->u.tcp.addrbuf);
+            krb5_klog_syslog(LOG_INFO, "accepted RPC connection on socket %d from %s",
+                             s, newconn->u.tcp.addrbuf);
 #endif
 
-	    newconn->u.tcp.addr_s = addr_s;
-	    newconn->u.tcp.addrlen = addrlen;
-	    newconn->u.tcp.start_time = time(0);
+            newconn->u.tcp.addr_s = addr_s;
+            newconn->u.tcp.addrlen = addrlen;
+            newconn->u.tcp.start_time = time(0);
 
-	    if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
-		kill_lru_tcp_or_rpc_connection(handle, newconn);
+            if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections)
+                kill_lru_tcp_or_rpc_connection(handle, newconn);
 
-	    newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr;
-	    init_addr(&newconn->u.tcp.faddr, ss2sa(&newconn->u.tcp.addr_s));
+            newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr;
+            init_addr(&newconn->u.tcp.faddr, ss2sa(&newconn->u.tcp.addr_s));
 
-	    FD_SET(s, &sstate.rfds);
-	    if (sstate.max <= s)
-		sstate.max = s + 1;
-	}
+            FD_SET(s, &sstate.rfds);
+            if (sstate.max <= s)
+                sstate.max = s + 1;
+        }
     }
 }
 
 static void process_rpc_connection(void *handle, struct connection *conn,
-				   const char *prog, int selflags)
+                                   const char *prog, int selflags)
 {
     fd_set fds;
 
     assert(selflags & SSF_READ);
 
     if ((selflags & SSF_READ) == 0)
-	return;
+        return;
 
     FD_ZERO(&fds);
     FD_SET(conn->fd, &fds);
@@ -2033,7 +2034,7 @@ static void process_rpc_connection(void *handle, struct connection *conn,
     svc_getreqset(&fds);
 
     if (!FD_ISSET(conn->fd, &svc_fdset))
-	kill_tcp_or_rpc_connection(handle, conn, 0);
+        kill_tcp_or_rpc_connection(handle, conn, 0);
 }
 
 #endif /* INET */
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index c01cbef73..1615877fb 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -5,14 +6,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -23,7 +24,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -50,7 +51,7 @@
 #include    <kadm5/kadm_rpc.h>
 #include    <kadm5/server_acl.h>
 #include    <adm_proto.h>
-#include    "kdb_kt.h"	/* for krb5_ktkdb_set_context */
+#include    "kdb_kt.h"  /* for krb5_ktkdb_set_context */
 #include    <string.h>
 #include    "kadm5/server_internal.h" /* XXX for kadm5_server_handle_t */
 #include    <kdb_log.h>
@@ -60,30 +61,30 @@
 #ifdef PURIFY
 #include    "purify.h"
 
-int	signal_pure_report = 0;
-int	signal_pure_clear = 0;
-void	request_pure_report(int);
-void	request_pure_clear(int);
+int     signal_pure_report = 0;
+int     signal_pure_clear = 0;
+void    request_pure_report(int);
+void    request_pure_clear(int);
 #endif /* PURIFY */
 
 #if defined(NEED_DAEMON_PROTO)
 extern int daemon(int, int);
 #endif
 
-volatile int	signal_request_exit = 0;
-volatile int	signal_request_hup = 0;
+volatile int    signal_request_exit = 0;
+volatile int    signal_request_hup = 0;
 void    setup_signal_handlers(iprop_role iproprole);
-void	request_exit(int);
-void	request_hup(int);
-void	reset_db(void);
-void	sig_pipe(int);
+void    request_exit(int);
+void    request_hup(int);
+void    reset_db(void);
+void    sig_pipe(int);
 
 #ifdef POSIX_SIGNALS
 static struct sigaction s_action;
 #endif /* POSIX_SIGNALS */
 
 
-#define	TIMEOUT	15
+#define TIMEOUT 15
 
 gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
 gss_name_t gss_kadmin_name = NULL;
@@ -94,16 +95,16 @@ extern krb5_keylist_node  *master_keylist;
 
 char *build_princ_name(char *name, char *realm);
 void log_badauth(OM_uint32 major, OM_uint32 minor,
-		 struct sockaddr_in *addr, char *data);
+                 struct sockaddr_in *addr, char *data);
 void log_badverf(gss_name_t client_name, gss_name_t server_name,
-		 struct svc_req *rqst, struct rpc_msg *msg,
-		 char *data);
+                 struct svc_req *rqst, struct rpc_msg *msg,
+                 char *data);
 void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg, char
-		 *error, char *data);
+                 *error, char *data);
 void log_badauth_display_status(char *msg, OM_uint32 major, OM_uint32 minor);
 void log_badauth_display_status_1(char *m, OM_uint32 code, int type,
-				  int rec);
-	
+                                  int rec);
+
 int schpw;
 void do_schpw(int s, kadm5_config_params *params);
 
@@ -117,7 +118,7 @@ void kadm5_set_use_password_server (void);
 
 /*
  * Function: usage
- * 
+ *
  * Purpose: print out the server usage message
  *
  * Arguments:
@@ -128,15 +129,15 @@ void kadm5_set_use_password_server (void);
 
 static void usage()
 {
-     fprintf(stderr, "Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] "
+    fprintf(stderr, "Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] "
 #ifdef USE_PASSWORD_SERVER
-             "[-passwordserver] "
+            "[-passwordserver] "
 #endif
-	     "[-port port-number]\n"
-	     "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
-	     "\t\t\tLook at each database documentation for supported arguments\n"
-	     );
-     exit(1);
+            "[-port port-number]\n"
+            "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n"
+    );
+    exit(1);
 }
 
 /*
@@ -146,9 +147,9 @@ static void usage()
  *
  * Arguments:
  *
- * 	msg		a string to be displayed with the message
- * 	maj_stat	the GSS-API major status code
- * 	min_stat	the GSS-API minor status code
+ *      msg             a string to be displayed with the message
+ *      maj_stat        the GSS-API major status code
+ *      min_stat        the GSS-API minor status code
  *
  * Effects:
  *
@@ -159,35 +160,35 @@ static void usage()
 static void display_status_1(char *, OM_uint32, int);
 
 static void display_status(msg, maj_stat, min_stat)
-     char *msg;
-     OM_uint32 maj_stat;
-     OM_uint32 min_stat;
+    char *msg;
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
 {
-     display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
-     display_status_1(msg, min_stat, GSS_C_MECH_CODE);
+    display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
+    display_status_1(msg, min_stat, GSS_C_MECH_CODE);
 }
 
 static void display_status_1(m, code, type)
-     char *m;
-     OM_uint32 code;
-     int type;
+    char *m;
+    OM_uint32 code;
+    int type;
 {
-	OM_uint32 maj_stat, min_stat;
-	gss_buffer_desc msg;
-	OM_uint32 msg_ctx;
-     
-	msg_ctx = 0;
-	while (1) {
-		maj_stat = gss_display_status(&min_stat, code,
-					      type, GSS_C_NULL_OID,
-					      &msg_ctx, &msg);
-		fprintf(stderr, "GSS-API error %s: %s\n", m,
-			(char *)msg.value); 
-		(void) gss_release_buffer(&min_stat, &msg);
-	  
-		if (!msg_ctx)
-			break;
-	}
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx;
+
+    msg_ctx = 0;
+    while (1) {
+        maj_stat = gss_display_status(&min_stat, code,
+                                      type, GSS_C_NULL_OID,
+                                      &msg_ctx, &msg);
+        fprintf(stderr, "GSS-API error %s: %s\n", m,
+                (char *)msg.value);
+        (void) gss_release_buffer(&min_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
 }
 
 
@@ -200,410 +201,410 @@ int nofork = 0;
 
 int main(int argc, char *argv[])
 {
-     extern	char *optarg;
-     extern	int optind, opterr;
-     int ret;
-     OM_uint32 OMret, major_status, minor_status;
-     char *whoami;
-     gss_buffer_desc in_buf;
-     auth_gssapi_name names[4];
-     gss_buffer_desc gssbuf;
-     gss_OID nt_krb5_name_oid;
-     kadm5_config_params params;
-     char **db_args      = NULL;
-     int    db_args_size = 0;
-     char *errmsg;
-     int i;
-     int strong_random = 1;
-
-     kdb_log_context *log_ctx;
-
-     setvbuf(stderr, NULL, _IONBF, 0);
-
-     /* This is OID value the Krb5_Name NameType */
-     gssbuf.value = "{1 2 840 113554 1 2 2 1}";
-     gssbuf.length = strlen(gssbuf.value);
-     major_status = gss_str_to_oid(&minor_status, &gssbuf, &nt_krb5_name_oid);
-     if (major_status != GSS_S_COMPLETE) {
-	     fprintf(stderr, "Couldn't create KRB5 Name NameType OID\n");
-	     display_status("str_to_oid", major_status, minor_status);
-	     exit(1);
-     }
-
-     names[0].name = names[1].name = names[2].name = names[3].name = NULL;
-     names[0].type = names[1].type = names[2].type = names[3].type =
-	     nt_krb5_name_oid;
+    extern     char *optarg;
+    extern     int optind, opterr;
+    int ret;
+    OM_uint32 OMret, major_status, minor_status;
+    char *whoami;
+    gss_buffer_desc in_buf;
+    auth_gssapi_name names[4];
+    gss_buffer_desc gssbuf;
+    gss_OID nt_krb5_name_oid;
+    kadm5_config_params params;
+    char **db_args      = NULL;
+    int    db_args_size = 0;
+    char *errmsg;
+    int i;
+    int strong_random = 1;
+
+    kdb_log_context *log_ctx;
+
+    setvbuf(stderr, NULL, _IONBF, 0);
+
+    /* This is OID value the Krb5_Name NameType */
+    gssbuf.value = "{1 2 840 113554 1 2 2 1}";
+    gssbuf.length = strlen(gssbuf.value);
+    major_status = gss_str_to_oid(&minor_status, &gssbuf, &nt_krb5_name_oid);
+    if (major_status != GSS_S_COMPLETE) {
+        fprintf(stderr, "Couldn't create KRB5 Name NameType OID\n");
+        display_status("str_to_oid", major_status, minor_status);
+        exit(1);
+    }
+
+    names[0].name = names[1].name = names[2].name = names[3].name = NULL;
+    names[0].type = names[1].type = names[2].type = names[3].type =
+        nt_krb5_name_oid;
 
 #ifdef PURIFY
-     purify_start_batch();
+    purify_start_batch();
 #endif /* PURIFY */
-     whoami = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
-
-     nofork = 0;
-
-     memset(&params, 0, sizeof(params));
-     
-     argc--; argv++;
-     while (argc) {
-          if (strcmp(*argv, "-x") == 0) {
-	       argc--; argv++;
-	       if (!argc)
-		    usage();
-	       db_args_size++;
-	       {
-		   char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
-		   if( temp == NULL )
-		   {
-		       fprintf(stderr,"%s: cannot initialize. Not enough memory\n",
-			       whoami);
-		       exit(1);
-		   }
-		   db_args = temp;
-	       }
-	       db_args[db_args_size-1] = *argv;
-	       db_args[db_args_size]   = NULL;
-	  }else if (strcmp(*argv, "-r") == 0) {
-	       argc--; argv++;
-	       if (!argc)
-		    usage();
-	       params.realm = *argv;
-	       params.mask |= KADM5_CONFIG_REALM;
-	       argc--; argv++;
-	       continue;
-	  } else if (strcmp(*argv, "-m") == 0) {
-	       params.mkey_from_kbd = 1;
-	       params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
-	  } else if (strcmp(*argv, "-nofork") == 0) {
-	       nofork = 1;
+    whoami = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
+
+    nofork = 0;
+
+    memset(&params, 0, sizeof(params));
+
+    argc--; argv++;
+    while (argc) {
+        if (strcmp(*argv, "-x") == 0) {
+            argc--; argv++;
+            if (!argc)
+                usage();
+            db_args_size++;
+            {
+                char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+                if( temp == NULL )
+                {
+                    fprintf(stderr,"%s: cannot initialize. Not enough memory\n",
+                            whoami);
+                    exit(1);
+                }
+                db_args = temp;
+            }
+            db_args[db_args_size-1] = *argv;
+            db_args[db_args_size]   = NULL;
+        }else if (strcmp(*argv, "-r") == 0) {
+            argc--; argv++;
+            if (!argc)
+                usage();
+            params.realm = *argv;
+            params.mask |= KADM5_CONFIG_REALM;
+            argc--; argv++;
+            continue;
+        } else if (strcmp(*argv, "-m") == 0) {
+            params.mkey_from_kbd = 1;
+            params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        } else if (strcmp(*argv, "-nofork") == 0) {
+            nofork = 1;
 #ifdef USE_PASSWORD_SERVER
-          } else if (strcmp(*argv, "-passwordserver") == 0) {
-              kadm5_set_use_password_server ();
-#endif              
-	  } else if(strcmp(*argv, "-port") == 0) {
-	    argc--; argv++;
-	    if(!argc)
-	      usage();
-	    params.kadmind_port = atoi(*argv);
-	    params.mask |= KADM5_CONFIG_KADMIND_PORT;
-	  } else if (strcmp(*argv, "-W") == 0) {
-	      strong_random = 0;
-	  } else
-	       break;
-	  argc--; argv++;
-     }
-     
-     if (argc != 0)
-	  usage();
-
-     if ((ret = kadm5_init_krb5_context(&context))) {
-	  fprintf(stderr, "%s: %s while initializing context, aborting\n",
-		  whoami, error_message(ret));
-	  exit(1);
-     }
-
-     krb5_klog_init(context, "admin_server", whoami, 1);
-
-     if((ret = kadm5_init(context, "kadmind", NULL,
-			  NULL, &params,
-			  KADM5_STRUCT_VERSION,
-			  KADM5_API_VERSION_3,
-			  db_args,
-		     &global_server_handle)) != KADM5_OK) {
-	  const char *e_txt = krb5_get_error_message (context, ret);
-	  krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting",
-			   e_txt);
-	  fprintf(stderr, "%s: %s while initializing, aborting\n",
-		  whoami, e_txt);
-	  krb5_klog_close(context);
-	  exit(1);
-     }
-
-     if ((ret = kadm5_get_config_params(context, 1, &params,
-					&params))) {
-	  const char *e_txt = krb5_get_error_message (context, ret);
-	  krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting",
-			   whoami, e_txt);
-	  fprintf(stderr, "%s: %s while initializing, aborting\n",
-		  whoami, e_txt);
-	  kadm5_destroy(global_server_handle);
-	  krb5_klog_close(context);
-	  exit(1);
-     }
+        } else if (strcmp(*argv, "-passwordserver") == 0) {
+            kadm5_set_use_password_server ();
+#endif
+        } else if(strcmp(*argv, "-port") == 0) {
+            argc--; argv++;
+            if(!argc)
+                usage();
+            params.kadmind_port = atoi(*argv);
+            params.mask |= KADM5_CONFIG_KADMIND_PORT;
+        } else if (strcmp(*argv, "-W") == 0) {
+            strong_random = 0;
+        } else
+            break;
+        argc--; argv++;
+    }
+
+    if (argc != 0)
+        usage();
+
+    if ((ret = kadm5_init_krb5_context(&context))) {
+        fprintf(stderr, "%s: %s while initializing context, aborting\n",
+                whoami, error_message(ret));
+        exit(1);
+    }
+
+    krb5_klog_init(context, "admin_server", whoami, 1);
+
+    if((ret = kadm5_init(context, "kadmind", NULL,
+                         NULL, &params,
+                         KADM5_STRUCT_VERSION,
+                         KADM5_API_VERSION_3,
+                         db_args,
+                         &global_server_handle)) != KADM5_OK) {
+        const char *e_txt = krb5_get_error_message (context, ret);
+        krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting",
+                         e_txt);
+        fprintf(stderr, "%s: %s while initializing, aborting\n",
+                whoami, e_txt);
+        krb5_klog_close(context);
+        exit(1);
+    }
+
+    if ((ret = kadm5_get_config_params(context, 1, &params,
+                                       &params))) {
+        const char *e_txt = krb5_get_error_message (context, ret);
+        krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting",
+                         whoami, e_txt);
+        fprintf(stderr, "%s: %s while initializing, aborting\n",
+                whoami, e_txt);
+        kadm5_destroy(global_server_handle);
+        krb5_klog_close(context);
+        exit(1);
+    }
 
 #define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_ACL_FILE)
 
-     if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
-	  krb5_klog_syslog(LOG_ERR, "%s: Missing required configuration values "
-			   "(%lx) while initializing, aborting", whoami,
-			   (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
-	  fprintf(stderr, "%s: Missing required configuration values "
-		  "(%lx) while initializing, aborting\n", whoami,
-		  (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
-	  krb5_klog_close(context);
-	  kadm5_destroy(global_server_handle);
-	  exit(1);
-     }
-
-     if ((ret = setup_network(global_server_handle, whoami))) {
-	  const char *e_txt = krb5_get_error_message (context, ret);
-	  krb5_klog_syslog(LOG_ERR, "%s: %s while initializing network, aborting",
-			   whoami, e_txt);
-	  fprintf(stderr, "%s: %s while initializing network, aborting\n",
-		  whoami, e_txt);
-	  kadm5_destroy(global_server_handle);
-	  krb5_klog_close(context);
-	  exit(1);
-     }
-
-     names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
-     names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
-     if (names[0].name == NULL || names[1].name == NULL) {
-	  krb5_klog_syslog(LOG_ERR,
-			   "Cannot build GSS-API authentication names, "
-			   "failing.");
-	  fprintf(stderr, "%s: Cannot build GSS-API authentication names.\n",
-		  whoami);
-	  kadm5_destroy(global_server_handle);
-	  krb5_klog_close(context);	  
-	  exit(1);
-     }
-
-     /*
-      * Go through some contortions to point gssapi at a kdb keytab.
-      * This prevents kadmind from needing to use an actual file-based
-      * keytab.
-      */
-     /* XXX extract kadm5's krb5_context */
-     hctx = ((kadm5_server_handle_t)global_server_handle)->context;
-     /* Set ktkdb's internal krb5_context. */
-     ret = krb5_ktkdb_set_context(hctx);
-     if (ret) {
-	  krb5_klog_syslog(LOG_ERR, "Can't set kdb keytab's internal context.");
-	  goto kterr;
-     }
-     /* XXX master_keyblock is in guts of lib/kadm5/server_kdb.c */
-     ret = krb5_db_set_mkey(hctx, &master_keyblock);
-     if (ret) {
-	  krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab.");
-	  goto kterr;
-     }
-     ret = krb5_db_set_mkey_list(hctx, master_keylist);
-     if (ret) {
-	  krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab.");
-	  goto kterr;
-     }
-     ret = krb5_kt_register(context, &krb5_kt_kdb_ops);
-     if (ret) {
-	  krb5_klog_syslog(LOG_ERR, "Can't register kdb keytab.");
-	  goto kterr;
-     }
-     /* Tell gssapi about the kdb keytab. */
-     ret = krb5_gss_register_acceptor_identity("KDB:");
-     if (ret) {
-	  krb5_klog_syslog(LOG_ERR, "Can't register acceptor keytab.");
-	  goto kterr;
-     }
+    if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+        krb5_klog_syslog(LOG_ERR, "%s: Missing required configuration values "
+                         "(%lx) while initializing, aborting", whoami,
+                         (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
+        fprintf(stderr, "%s: Missing required configuration values "
+                "(%lx) while initializing, aborting\n", whoami,
+                (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
+        krb5_klog_close(context);
+        kadm5_destroy(global_server_handle);
+        exit(1);
+    }
+
+    if ((ret = setup_network(global_server_handle, whoami))) {
+        const char *e_txt = krb5_get_error_message (context, ret);
+        krb5_klog_syslog(LOG_ERR, "%s: %s while initializing network, aborting",
+                         whoami, e_txt);
+        fprintf(stderr, "%s: %s while initializing network, aborting\n",
+                whoami, e_txt);
+        kadm5_destroy(global_server_handle);
+        krb5_klog_close(context);
+        exit(1);
+    }
+
+    names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
+    names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
+    if (names[0].name == NULL || names[1].name == NULL) {
+        krb5_klog_syslog(LOG_ERR,
+                         "Cannot build GSS-API authentication names, "
+                         "failing.");
+        fprintf(stderr, "%s: Cannot build GSS-API authentication names.\n",
+                whoami);
+        kadm5_destroy(global_server_handle);
+        krb5_klog_close(context);
+        exit(1);
+    }
+
+    /*
+     * Go through some contortions to point gssapi at a kdb keytab.
+     * This prevents kadmind from needing to use an actual file-based
+     * keytab.
+     */
+    /* XXX extract kadm5's krb5_context */
+    hctx = ((kadm5_server_handle_t)global_server_handle)->context;
+    /* Set ktkdb's internal krb5_context. */
+    ret = krb5_ktkdb_set_context(hctx);
+    if (ret) {
+        krb5_klog_syslog(LOG_ERR, "Can't set kdb keytab's internal context.");
+        goto kterr;
+    }
+    /* XXX master_keyblock is in guts of lib/kadm5/server_kdb.c */
+    ret = krb5_db_set_mkey(hctx, &master_keyblock);
+    if (ret) {
+        krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab.");
+        goto kterr;
+    }
+    ret = krb5_db_set_mkey_list(hctx, master_keylist);
+    if (ret) {
+        krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab.");
+        goto kterr;
+    }
+    ret = krb5_kt_register(context, &krb5_kt_kdb_ops);
+    if (ret) {
+        krb5_klog_syslog(LOG_ERR, "Can't register kdb keytab.");
+        goto kterr;
+    }
+    /* Tell gssapi about the kdb keytab. */
+    ret = krb5_gss_register_acceptor_identity("KDB:");
+    if (ret) {
+        krb5_klog_syslog(LOG_ERR, "Can't register acceptor keytab.");
+        goto kterr;
+    }
 kterr:
-     if (ret) {
-	  krb5_klog_syslog(LOG_ERR, "%s", krb5_get_error_message (context, ret));
-	  fprintf(stderr, "%s: Can't set up keytab for RPC.\n", whoami);
-	  kadm5_destroy(global_server_handle);
-	  krb5_klog_close(context);
-	  exit(1);
-     }
-
-     if (svcauth_gssapi_set_names(names, 2) == FALSE) {
-	  krb5_klog_syslog(LOG_ERR,
-			   "Cannot set GSS-API authentication names (keytab not present?), "
-			   "failing.");
-	  fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n",
-		  whoami);
-	  svcauth_gssapi_unset_names();
-	  kadm5_destroy(global_server_handle);
-	  krb5_klog_close(context);	  
-	  exit(1);
-     }
-
-     /* if set_names succeeded, this will too */
-     in_buf.value = names[1].name;
-     in_buf.length = strlen(names[1].name) + 1;
-     (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
-			    &gss_changepw_name);
-
-     svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
-     svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
-     svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
-     
-     svcauth_gss_set_log_badauth_func(log_badauth, NULL);
-     svcauth_gss_set_log_badverf_func(log_badverf, NULL);
-     svcauth_gss_set_log_miscerr_func(log_miscerr, NULL);
-     
-     if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE) {
-	 fprintf(stderr, "%s: Cannot initialize RPCSEC_GSS service name.\n",
-		 whoami);
-	 exit(1);
-     }
-
-     if ((ret = kadm5int_acl_init(context, 0, params.acl_file))) {
-	  errmsg = krb5_get_error_message (context, ret);
-	  krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s",
-		 errmsg);
-	  fprintf(stderr, "%s: Cannot initialize acl file: %s\n",
-		  whoami, errmsg);
-	  svcauth_gssapi_unset_names();
-	  kadm5_destroy(global_server_handle);
-	  krb5_klog_close(context);
-	  exit(1);
-     }
-
-     if (!nofork && (ret = daemon(0, 0))) {
-	  ret = errno;
-	  errmsg = krb5_get_error_message (context, ret);
-	  krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", errmsg);
-	  fprintf(stderr, "%s: Cannot detach from tty: %s\n",
-		  whoami, errmsg);
-	  svcauth_gssapi_unset_names();
-	  kadm5_destroy(global_server_handle);
-	  krb5_klog_close(context);
-	  exit(1);
-     }
-     
-     krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
-     ret = krb5_c_random_os_entropy(context, strong_random, NULL);
-     if (ret) {
-	  krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting",
-			   krb5_get_error_message(context, ret));
-	  svcauth_gssapi_unset_names();
-	  kadm5_destroy(global_server_handle);
-	  krb5_klog_close(context);
-	  exit(1);
-     }
-	  
+    if (ret) {
+        krb5_klog_syslog(LOG_ERR, "%s", krb5_get_error_message (context, ret));
+        fprintf(stderr, "%s: Can't set up keytab for RPC.\n", whoami);
+        kadm5_destroy(global_server_handle);
+        krb5_klog_close(context);
+        exit(1);
+    }
+
+    if (svcauth_gssapi_set_names(names, 2) == FALSE) {
+        krb5_klog_syslog(LOG_ERR,
+                         "Cannot set GSS-API authentication names (keytab not present?), "
+                         "failing.");
+        fprintf(stderr, "%s: Cannot set GSS-API authentication names.\n",
+                whoami);
+        svcauth_gssapi_unset_names();
+        kadm5_destroy(global_server_handle);
+        krb5_klog_close(context);
+        exit(1);
+    }
+
+    /* if set_names succeeded, this will too */
+    in_buf.value = names[1].name;
+    in_buf.length = strlen(names[1].name) + 1;
+    (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
+                           &gss_changepw_name);
+
+    svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
+    svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
+    svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
+
+    svcauth_gss_set_log_badauth_func(log_badauth, NULL);
+    svcauth_gss_set_log_badverf_func(log_badverf, NULL);
+    svcauth_gss_set_log_miscerr_func(log_miscerr, NULL);
+
+    if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE) {
+        fprintf(stderr, "%s: Cannot initialize RPCSEC_GSS service name.\n",
+                whoami);
+        exit(1);
+    }
+
+    if ((ret = kadm5int_acl_init(context, 0, params.acl_file))) {
+        errmsg = krb5_get_error_message (context, ret);
+        krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s",
+                         errmsg);
+        fprintf(stderr, "%s: Cannot initialize acl file: %s\n",
+                whoami, errmsg);
+        svcauth_gssapi_unset_names();
+        kadm5_destroy(global_server_handle);
+        krb5_klog_close(context);
+        exit(1);
+    }
+
+    if (!nofork && (ret = daemon(0, 0))) {
+        ret = errno;
+        errmsg = krb5_get_error_message (context, ret);
+        krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", errmsg);
+        fprintf(stderr, "%s: Cannot detach from tty: %s\n",
+                whoami, errmsg);
+        svcauth_gssapi_unset_names();
+        kadm5_destroy(global_server_handle);
+        krb5_klog_close(context);
+        exit(1);
+    }
+
+    krb5_klog_syslog(LOG_INFO, "Seeding random number generator");
+    ret = krb5_c_random_os_entropy(context, strong_random, NULL);
+    if (ret) {
+        krb5_klog_syslog(LOG_ERR, "Error getting random seed: %s, aborting",
+                         krb5_get_error_message(context, ret));
+        svcauth_gssapi_unset_names();
+        kadm5_destroy(global_server_handle);
+        krb5_klog_close(context);
+        exit(1);
+    }
+
     if (params.iprop_enabled == TRUE)
-	ulog_set_role(hctx, IPROP_MASTER);
+        ulog_set_role(hctx, IPROP_MASTER);
     else
-	ulog_set_role(hctx, IPROP_NULL);
+        ulog_set_role(hctx, IPROP_NULL);
 
     log_ctx = hctx->kdblog_context;
 
     if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) {
-	/*
-	 * IProp is enabled, so let's map in the update log
-	 * and setup the service.
-	 */
-	if ((ret = ulog_map(hctx, params.iprop_logfile,
-			    params.iprop_ulogsize, FKADMIND, db_args)) != 0) {
-	    fprintf(stderr,
-		    _("%s: %s while mapping update log (`%s.ulog')\n"),
-		    whoami, error_message(ret), params.dbname);
-	    krb5_klog_syslog(LOG_ERR,
-			     _("%s while mapping update log (`%s.ulog')"),
-			     error_message(ret), params.dbname);
-	    krb5_klog_close(context);
-	    exit(1);
-	}
-
- 
-	if (nofork)
-	    fprintf(stderr,
-		    "%s: create IPROP svc (PROG=%d, VERS=%d)\n",
-		    whoami, KRB5_IPROP_PROG, KRB5_IPROP_VERS);
+        /*
+         * IProp is enabled, so let's map in the update log
+         * and setup the service.
+         */
+        if ((ret = ulog_map(hctx, params.iprop_logfile,
+                            params.iprop_ulogsize, FKADMIND, db_args)) != 0) {
+            fprintf(stderr,
+                    _("%s: %s while mapping update log (`%s.ulog')\n"),
+                    whoami, error_message(ret), params.dbname);
+            krb5_klog_syslog(LOG_ERR,
+                             _("%s while mapping update log (`%s.ulog')"),
+                             error_message(ret), params.dbname);
+            krb5_klog_close(context);
+            exit(1);
+        }
+
+
+        if (nofork)
+            fprintf(stderr,
+                    "%s: create IPROP svc (PROG=%d, VERS=%d)\n",
+                    whoami, KRB5_IPROP_PROG, KRB5_IPROP_VERS);
 
 #if 0
-	if (!svc_create(krb5_iprop_prog_1,
-			KRB5_IPROP_PROG, KRB5_IPROP_VERS,
-			"circuit_v")) {
-	    fprintf(stderr,
-		    _("%s: Cannot create IProp RPC service (PROG=%d, VERS=%d)\n"),
-		    whoami,
-		    KRB5_IPROP_PROG, KRB5_IPROP_VERS);
-	    krb5_klog_syslog(LOG_ERR,
-			     _("Cannot create IProp RPC service (PROG=%d, VERS=%d), failing."),
-			     KRB5_IPROP_PROG, KRB5_IPROP_VERS);
-	    krb5_klog_close(context);
-	    exit(1);
-	}
+        if (!svc_create(krb5_iprop_prog_1,
+                        KRB5_IPROP_PROG, KRB5_IPROP_VERS,
+                        "circuit_v")) {
+            fprintf(stderr,
+                    _("%s: Cannot create IProp RPC service (PROG=%d, VERS=%d)\n"),
+                    whoami,
+                    KRB5_IPROP_PROG, KRB5_IPROP_VERS);
+            krb5_klog_syslog(LOG_ERR,
+                             _("Cannot create IProp RPC service (PROG=%d, VERS=%d), failing."),
+                             KRB5_IPROP_PROG, KRB5_IPROP_VERS);
+            krb5_klog_close(context);
+            exit(1);
+        }
 #endif
 
 #if 0 /* authgss only? */
-	if ((ret = kiprop_get_adm_host_srv_name(context,
-						params.realm,
-						&kiprop_name)) != 0) {
-	    krb5_klog_syslog(LOG_ERR,
-			     _("%s while getting IProp svc name, failing"),
-			     error_message(ret));
-	    fprintf(stderr,
-		    _("%s: %s while getting IProp svc name, failing\n"),
-		    whoami, error_message(ret));
-	    krb5_klog_close(context);
-	    exit(1);
-	}
-
-	auth_gssapi_name iprop_name;
-	iprop_name.name = build_princ_name(foo, bar);
-	if (iprop_name.name == NULL) {
-	    foo error;
-	}
-	iprop_name.type = nt_krb5_name_oid;
-	if (svcauth_gssapi_set_names(&iprop_name, 1) == FALSE) {
-	    foo error;
-	}
-	if (!rpc_gss_set_svc_name(kiprop_name, "kerberos_v5", 0,
-				  KRB5_IPROP_PROG, KRB5_IPROP_VERS)) {
-	    rpc_gss_error_t err;
-	    (void) rpc_gss_get_error(&err);
-
-	    krb5_klog_syslog(LOG_ERR,
-			     _("Unable to set RPCSEC_GSS service name (`%s'), failing."),
-			     kiprop_name ? kiprop_name : "<null>");
-
-	    fprintf(stderr,
-		    _("%s: Unable to set RPCSEC_GSS service name (`%s'), failing.\n"),
-		    whoami,
-		    kiprop_name ? kiprop_name : "<null>");
-
-	    if (nofork) {
-		fprintf(stderr,
-			"%s: set svc name (rpcsec err=%d, sys err=%d)\n",
-			whoami,
-			err.rpc_gss_error,
-			err.system_error);
-	    }
-
-	    exit(1);
-	}
-	free(kiprop_name);
+        if ((ret = kiprop_get_adm_host_srv_name(context,
+                                                params.realm,
+                                                &kiprop_name)) != 0) {
+            krb5_klog_syslog(LOG_ERR,
+                             _("%s while getting IProp svc name, failing"),
+                             error_message(ret));
+            fprintf(stderr,
+                    _("%s: %s while getting IProp svc name, failing\n"),
+                    whoami, error_message(ret));
+            krb5_klog_close(context);
+            exit(1);
+        }
+
+        auth_gssapi_name iprop_name;
+        iprop_name.name = build_princ_name(foo, bar);
+        if (iprop_name.name == NULL) {
+            foo error;
+        }
+        iprop_name.type = nt_krb5_name_oid;
+        if (svcauth_gssapi_set_names(&iprop_name, 1) == FALSE) {
+            foo error;
+        }
+        if (!rpc_gss_set_svc_name(kiprop_name, "kerberos_v5", 0,
+                                  KRB5_IPROP_PROG, KRB5_IPROP_VERS)) {
+            rpc_gss_error_t err;
+            (void) rpc_gss_get_error(&err);
+
+            krb5_klog_syslog(LOG_ERR,
+                             _("Unable to set RPCSEC_GSS service name (`%s'), failing."),
+                             kiprop_name ? kiprop_name : "<null>");
+
+            fprintf(stderr,
+                    _("%s: Unable to set RPCSEC_GSS service name (`%s'), failing.\n"),
+                    whoami,
+                    kiprop_name ? kiprop_name : "<null>");
+
+            if (nofork) {
+                fprintf(stderr,
+                        "%s: set svc name (rpcsec err=%d, sys err=%d)\n",
+                        whoami,
+                        err.rpc_gss_error,
+                        err.system_error);
+            }
+
+            exit(1);
+        }
+        free(kiprop_name);
 #endif
     }
 
     setup_signal_handlers(log_ctx->iproprole);
     krb5_klog_syslog(LOG_INFO, _("starting"));
     if (nofork)
-	fprintf(stderr, "%s: starting...\n", whoami);
-
-     listen_and_process(global_server_handle, whoami);
-     krb5_klog_syslog(LOG_INFO, "finished, exiting");
-
-     /* Clean up memory, etc */
-     svcauth_gssapi_unset_names();
-     kadm5_destroy(global_server_handle);
-     closedown_network(global_server_handle, whoami);
-     kadm5int_acl_finish(context, 0);
-     if(gss_changepw_name) {
-          (void) gss_release_name(&OMret, &gss_changepw_name);
-     }
-     if(gss_oldchangepw_name) {
-          (void) gss_release_name(&OMret, &gss_oldchangepw_name);
-     }
-     for(i = 0 ; i < 4; i++) {
-          if (names[i].name) {
-	        free(names[i].name);
-	  }
-     }
-
-     krb5_klog_close(context);
-     krb5_free_context(context);
-     exit(2);
+        fprintf(stderr, "%s: starting...\n", whoami);
+
+    listen_and_process(global_server_handle, whoami);
+    krb5_klog_syslog(LOG_INFO, "finished, exiting");
+
+    /* Clean up memory, etc */
+    svcauth_gssapi_unset_names();
+    kadm5_destroy(global_server_handle);
+    closedown_network(global_server_handle, whoami);
+    kadm5int_acl_finish(context, 0);
+    if(gss_changepw_name) {
+        (void) gss_release_name(&OMret, &gss_changepw_name);
+    }
+    if(gss_oldchangepw_name) {
+        (void) gss_release_name(&OMret, &gss_oldchangepw_name);
+    }
+    for(i = 0 ; i < 4; i++) {
+        if (names[i].name) {
+            free(names[i].name);
+        }
+    }
+
+    krb5_klog_close(context);
+    krb5_free_context(context);
+    exit(2);
 }
 
 /*
@@ -615,123 +616,123 @@ kterr:
 
 void setup_signal_handlers(iprop_role iproprole) {
 #ifdef POSIX_SIGNALS
-     (void) sigemptyset(&s_action.sa_mask);
-     s_action.sa_handler = request_exit;
-     (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
-     (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
-     (void) sigaction(SIGQUIT, &s_action, (struct sigaction *) NULL);
-     s_action.sa_handler = request_hup;
-     (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
-     s_action.sa_handler = sig_pipe;
-     (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
+    (void) sigemptyset(&s_action.sa_mask);
+    s_action.sa_handler = request_exit;
+    (void) sigaction(SIGINT, &s_action, (struct sigaction *) NULL);
+    (void) sigaction(SIGTERM, &s_action, (struct sigaction *) NULL);
+    (void) sigaction(SIGQUIT, &s_action, (struct sigaction *) NULL);
+    s_action.sa_handler = request_hup;
+    (void) sigaction(SIGHUP, &s_action, (struct sigaction *) NULL);
+    s_action.sa_handler = sig_pipe;
+    (void) sigaction(SIGPIPE, &s_action, (struct sigaction *) NULL);
 #ifdef PURIFY
-     s_action.sa_handler = request_pure_report;
-     (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL);
-     s_action.sa_handler = request_pure_clear;
-     (void) sigaction(SIGUSR2, &s_action, (struct sigaction *) NULL);
+    s_action.sa_handler = request_pure_report;
+    (void) sigaction(SIGUSR1, &s_action, (struct sigaction *) NULL);
+    s_action.sa_handler = request_pure_clear;
+    (void) sigaction(SIGUSR2, &s_action, (struct sigaction *) NULL);
 #endif /* PURIFY */
 
-     /*
-      * IProp will fork for a full-resync, we don't want to
-      * wait on it and we don't want the living dead procs either.
-      */
-     if (iproprole == IPROP_MASTER) {
-	 s_action.sa_handler = SIG_IGN;
-	 (void) sigaction(SIGCHLD, &s_action, (struct sigaction *) NULL);
-     }
+    /*
+     * IProp will fork for a full-resync, we don't want to
+     * wait on it and we don't want the living dead procs either.
+     */
+    if (iproprole == IPROP_MASTER) {
+        s_action.sa_handler = SIG_IGN;
+        (void) sigaction(SIGCHLD, &s_action, (struct sigaction *) NULL);
+    }
 #else /* POSIX_SIGNALS */
-     signal(SIGINT, request_exit);
-     signal(SIGTERM, request_exit);
-     signal(SIGQUIT, request_exit);
-     signal(SIGHUP, request_hup);
-     signal(SIGPIPE, sig_pipe);
+    signal(SIGINT, request_exit);
+    signal(SIGTERM, request_exit);
+    signal(SIGQUIT, request_exit);
+    signal(SIGHUP, request_hup);
+    signal(SIGPIPE, sig_pipe);
 #ifdef PURIFY
-     signal(SIGUSR1, request_pure_report);
-     signal(SIGUSR2, request_pure_clear);
+    signal(SIGUSR1, request_pure_report);
+    signal(SIGUSR2, request_pure_clear);
 #endif /* PURIFY */
 
-     /*
-      * IProp will fork for a full-resync, we don't want to
-      * wait on it and we don't want the living dead procs either.
-      */
-     if (iproprole == IPROP_MASTER)
-	 (void) signal(SIGCHLD, SIG_IGN);
+    /*
+     * IProp will fork for a full-resync, we don't want to
+     * wait on it and we don't want the living dead procs either.
+     */
+    if (iproprole == IPROP_MASTER)
+        (void) signal(SIGCHLD, SIG_IGN);
 #endif /* POSIX_SIGNALS */
 }
 
 #ifdef PURIFY
 /*
  * Function: request_pure_report
- * 
+ *
  * Purpose: sets flag saying the server got a signal and that it should
- *		dump a purify report when convenient.
+ *              dump a purify report when convenient.
  *
  * Arguments:
  * Requires:
  * Effects:
  * Modifies:
- *	sets signal_pure_report to one
+ *      sets signal_pure_report to one
  */
 
 void request_pure_report(int signum)
 {
-     krb5_klog_syslog(LOG_DEBUG, "Got signal to request a Purify report");
-     signal_pure_report = 1;
-     return;
+    krb5_klog_syslog(LOG_DEBUG, "Got signal to request a Purify report");
+    signal_pure_report = 1;
+    return;
 }
 
 /*
  * Function: request_pure_clear
- * 
+ *
  * Purpose: sets flag saying the server got a signal and that it should
- *		dump a purify report when convenient, then clear the
- *		purify tables.
+ *              dump a purify report when convenient, then clear the
+ *              purify tables.
  *
  * Arguments:
  * Requires:
  * Effects:
  * Modifies:
- *	sets signal_pure_report to one
- *	sets signal_pure_clear to one
+ *      sets signal_pure_report to one
+ *      sets signal_pure_clear to one
  */
 
 void request_pure_clear(int signum)
 {
-     krb5_klog_syslog(LOG_DEBUG, "Got signal to request a Purify report and clear the old Purify info");
-     signal_pure_report = 1;
-     signal_pure_clear = 1;
-     return;
+    krb5_klog_syslog(LOG_DEBUG, "Got signal to request a Purify report and clear the old Purify info");
+    signal_pure_report = 1;
+    signal_pure_clear = 1;
+    return;
 }
 #endif /* PURIFY */
 
 /*
  * Function: request_hup
- * 
+ *
  * Purpose: sets flag saying the server got a signal and that it should
- *		reset the database files when convenient.
+ *              reset the database files when convenient.
  *
  * Arguments:
  * Requires:
  * Effects:
  * Modifies:
- *	sets signal_request_hup to one
+ *      sets signal_request_hup to one
  */
 
 void request_hup(int signum)
 {
-     signal_request_hup = 1;
-     return;
+    signal_request_hup = 1;
+    return;
 }
 
 /*
  * Function: reset_db
- * 
+ *
  * Purpose: flushes the currently opened database files to disk.
  *
  * Arguments:
  * Requires:
  * Effects:
- * 
+ *
  * Currently, just sets signal_request_reset to 0.  The kdb and adb
  * libraries used to be sufficiently broken that it was prudent to
  * close and reopen the databases periodically.  They are no longer
@@ -740,42 +741,42 @@ void request_hup(int signum)
 void reset_db(void)
 {
 #ifdef notdef
-     kadm5_ret_t ret;
-     char *errmsg;
-     
-     if (ret = kadm5_flush(global_server_handle)) {
-	  krb5_klog_syslog(LOG_ERR, "FATAL ERROR!  %s while flushing databases.  "
-		 "Databases may be corrupt!  Aborting.",
-		 krb5_get_error_message (context, ret));
-	  krb5_klog_close(context);
-	  exit(3);
-     }
+    kadm5_ret_t ret;
+    char *errmsg;
+
+    if (ret = kadm5_flush(global_server_handle)) {
+        krb5_klog_syslog(LOG_ERR, "FATAL ERROR!  %s while flushing databases.  "
+                         "Databases may be corrupt!  Aborting.",
+                         krb5_get_error_message (context, ret));
+        krb5_klog_close(context);
+        exit(3);
+    }
 #endif
 
-     return;
+    return;
 }
 
 /*
  * Function: request_exit
- * 
+ *
  * Purpose: sets flags saying the server got a signal and that it
- *	    should exit when convient.
+ *          should exit when convient.
  *
  * Arguments:
  * Requires:
  * Effects:
- *	modifies signal_request_exit which ideally makes the server exit
- *	at some point.
+ *      modifies signal_request_exit which ideally makes the server exit
+ *      at some point.
  *
  * Modifies:
- *	signal_request_exit
+ *      signal_request_exit
  */
 
 void request_exit(int signum)
 {
-     krb5_klog_syslog(LOG_DEBUG, "Got signal to request exit");
-     signal_request_exit = 1;
-     return;
+    krb5_klog_syslog(LOG_DEBUG, "Got signal to request exit");
+    signal_request_exit = 1;
+    return;
 }
 
 /*
@@ -789,40 +790,40 @@ void request_exit(int signum)
  */
 void sig_pipe(int unused)
 {
-     krb5_klog_syslog(LOG_NOTICE, "Warning: Received a SIGPIPE; probably a "
-	    "client aborted.  Continuing.");
-     return;
+    krb5_klog_syslog(LOG_NOTICE, "Warning: Received a SIGPIPE; probably a "
+                     "client aborted.  Continuing.");
+    return;
 }
 
 /*
  * Function: build_princ_name
- * 
+ *
  * Purpose: takes a name and a realm and builds a string that can be
- *	    consumed by krb5_parse_name.
+ *          consumed by krb5_parse_name.
  *
  * Arguments:
- *	name		    (input) name to be part of principal
- *	realm		    (input) realm part of principal
- * 	<return value>	    char * pointing to "name@realm"
+ *      name                (input) name to be part of principal
+ *      realm               (input) realm part of principal
+ *      <return value>      char * pointing to "name@realm"
  *
  * Requires:
- *	name be non-null.
- * 
+ *      name be non-null.
+ *
  * Effects:
  * Modifies:
  */
 
 char *build_princ_name(char *name, char *realm)
 {
-     char *fullname;
+    char *fullname;
 
-     if (realm) {
-	 if (asprintf(&fullname, "%s@%s", name, realm) < 0)
-	     fullname = NULL;
-     } else
-	 fullname = strdup(name);
+    if (realm) {
+        if (asprintf(&fullname, "%s@%s", name, realm) < 0)
+            fullname = NULL;
+    } else
+        fullname = strdup(name);
 
-     return fullname;
+    return fullname;
 }
 
 /*
@@ -832,11 +833,11 @@ char *build_princ_name(char *name, char *realm)
  * messages.
  *
  * Argiments:
- * 	client_name	(r) GSS-API client name
- * 	server_name	(r) GSS-API server name
- * 	rqst		(r) RPC service request
- * 	msg		(r) RPC message
- * 	data		(r) arbitrary data (NULL), not used
+ *      client_name     (r) GSS-API client name
+ *      server_name     (r) GSS-API server name
+ *      rqst            (r) RPC service request
+ *      msg             (r) RPC message
+ *      data            (r) arbitrary data (NULL), not used
  *
  * Effects:
  *
@@ -844,91 +845,91 @@ char *build_princ_name(char *name, char *realm)
  * format.
  */
 void log_badverf(gss_name_t client_name, gss_name_t server_name,
-		 struct svc_req *rqst, struct rpc_msg *msg, char
-		 *data)
+                 struct svc_req *rqst, struct rpc_msg *msg, char
+                 *data)
 {
-     struct procnames {
-	  rpcproc_t proc;
-	  const char *proc_name;
-     };
-     static const struct procnames proc_names[] = {
-	  {1, "CREATE_PRINCIPAL"},
-	  {2, "DELETE_PRINCIPAL"},
-	  {3, "MODIFY_PRINCIPAL"},
-	  {4, "RENAME_PRINCIPAL"},
-	  {5, "GET_PRINCIPAL"},
-	  {6, "CHPASS_PRINCIPAL"},
-	  {7, "CHRAND_PRINCIPAL"},
-	  {8, "CREATE_POLICY"},
-	  {9, "DELETE_POLICY"},
-	  {10, "MODIFY_POLICY"},
-	  {11, "GET_POLICY"},
-	  {12, "GET_PRIVS"},
-	  {13, "INIT"},
-	  {14, "GET_PRINCS"},
-	  {15, "GET_POLS"},
-	  {16, "SETKEY_PRINCIPAL"},
-	  {17, "SETV4KEY_PRINCIPAL"},
-	  {18, "CREATE_PRINCIPAL3"},
-	  {19, "CHPASS_PRINCIPAL3"},
-	  {20, "CHRAND_PRINCIPAL3"},
-	  {21, "SETKEY_PRINCIPAL3"}
-     };
+    struct procnames {
+        rpcproc_t proc;
+        const char *proc_name;
+    };
+    static const struct procnames proc_names[] = {
+        {1, "CREATE_PRINCIPAL"},
+        {2, "DELETE_PRINCIPAL"},
+        {3, "MODIFY_PRINCIPAL"},
+        {4, "RENAME_PRINCIPAL"},
+        {5, "GET_PRINCIPAL"},
+        {6, "CHPASS_PRINCIPAL"},
+        {7, "CHRAND_PRINCIPAL"},
+        {8, "CREATE_POLICY"},
+        {9, "DELETE_POLICY"},
+        {10, "MODIFY_POLICY"},
+        {11, "GET_POLICY"},
+        {12, "GET_PRIVS"},
+        {13, "INIT"},
+        {14, "GET_PRINCS"},
+        {15, "GET_POLS"},
+        {16, "SETKEY_PRINCIPAL"},
+        {17, "SETV4KEY_PRINCIPAL"},
+        {18, "CREATE_PRINCIPAL3"},
+        {19, "CHPASS_PRINCIPAL3"},
+        {20, "CHRAND_PRINCIPAL3"},
+        {21, "SETKEY_PRINCIPAL3"}
+    };
 #define NPROCNAMES (sizeof (proc_names) / sizeof (struct procnames))
-     OM_uint32 minor;
-     gss_buffer_desc client, server;
-     gss_OID gss_type;
-     char *a;
-     rpcproc_t proc;
-     int i;
-     const char *procname;
-     size_t clen, slen;
-     char *cdots, *sdots;
-
-     client.length = 0;
-     client.value = NULL;
-     server.length = 0;
-     server.value = NULL;
-
-     (void) gss_display_name(&minor, client_name, &client, &gss_type);
-     (void) gss_display_name(&minor, server_name, &server, &gss_type);
-     if (client.value == NULL) {
-	 client.value = "(null)";
-	 clen = sizeof("(null)") -1;
-     } else {
-	 clen = client.length;
-     }
-     trunc_name(&clen, &cdots);
-     if (server.value == NULL) {
-	 server.value = "(null)";
-	 slen = sizeof("(null)") - 1;
-     } else {
-	 slen = server.length;
-     }
-     trunc_name(&slen, &sdots);
-     a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
-
-     proc = msg->rm_call.cb_proc;
-     procname = NULL;
-     for (i = 0; i < NPROCNAMES; i++) {
-	  if (proc_names[i].proc == proc) {
-	       procname = proc_names[i].proc_name;
-	       break;
-	  }
-     }
-     if (procname != NULL)
-	  krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, "
-			   "claimed client = %.*s%s, server = %.*s%s, addr = %s",
-			   procname, (int) clen, (char *) client.value, cdots,
-			   (int) slen, (char *) server.value, sdots, a);
-     else
-	  krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, "
-			   "claimed client = %.*s%s, server = %.*s%s, addr = %s",
-			   proc, (int) clen, (char *) client.value, cdots,
-			   (int) slen, (char *) server.value, sdots, a);
-
-     (void) gss_release_buffer(&minor, &client);
-     (void) gss_release_buffer(&minor, &server);
+    OM_uint32 minor;
+    gss_buffer_desc client, server;
+    gss_OID gss_type;
+    char *a;
+    rpcproc_t proc;
+    int i;
+    const char *procname;
+    size_t clen, slen;
+    char *cdots, *sdots;
+
+    client.length = 0;
+    client.value = NULL;
+    server.length = 0;
+    server.value = NULL;
+
+    (void) gss_display_name(&minor, client_name, &client, &gss_type);
+    (void) gss_display_name(&minor, server_name, &server, &gss_type);
+    if (client.value == NULL) {
+        client.value = "(null)";
+        clen = sizeof("(null)") -1;
+    } else {
+        clen = client.length;
+    }
+    trunc_name(&clen, &cdots);
+    if (server.value == NULL) {
+        server.value = "(null)";
+        slen = sizeof("(null)") - 1;
+    } else {
+        slen = server.length;
+    }
+    trunc_name(&slen, &sdots);
+    a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
+
+    proc = msg->rm_call.cb_proc;
+    procname = NULL;
+    for (i = 0; i < NPROCNAMES; i++) {
+        if (proc_names[i].proc == proc) {
+            procname = proc_names[i].proc_name;
+            break;
+        }
+    }
+    if (procname != NULL)
+        krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %s, "
+                         "claimed client = %.*s%s, server = %.*s%s, addr = %s",
+                         procname, (int) clen, (char *) client.value, cdots,
+                         (int) slen, (char *) server.value, sdots, a);
+    else
+        krb5_klog_syslog(LOG_NOTICE, "WARNING! Forged/garbled request: %d, "
+                         "claimed client = %.*s%s, server = %.*s%s, addr = %s",
+                         proc, (int) clen, (char *) client.value, cdots,
+                         (int) slen, (char *) server.value, sdots, a);
+
+    (void) gss_release_buffer(&minor, &client);
+    (void) gss_release_buffer(&minor, &server);
 }
 
 /*
@@ -937,10 +938,10 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name,
  * Purpose: Callback from GSS-API Sun RPC for miscellaneous errors
  *
  * Arguments:
- * 	rqst		(r) RPC service request
- * 	msg		(r) RPC message
- *	error		(r) error message from RPC
- * 	data		(r) arbitrary data (NULL), not used
+ *      rqst            (r) RPC service request
+ *      msg             (r) RPC message
+ *      error           (r) error message from RPC
+ *      data            (r) arbitrary data (NULL), not used
  *
  * Effects:
  *
@@ -948,12 +949,12 @@ void log_badverf(gss_name_t client_name, gss_name_t server_name,
  * format.
  */
 void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
-		 char *error, char *data)
+                 char *error, char *data)
 {
-     char *a;
-     
-     a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
-     krb5_klog_syslog(LOG_NOTICE, "Miscellaneous RPC error: %s, %s", a, error);
+    char *a;
+
+    a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
+    krb5_klog_syslog(LOG_NOTICE, "Miscellaneous RPC error: %s, %s", a, error);
 }
 
 
@@ -965,10 +966,10 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
  * failures/errors.
  *
  * Arguments:
- * 	major 		(r) GSS-API major status
- * 	minor		(r) GSS-API minor status
- * 	addr		(r) originating address
- * 	data		(r) arbitrary data (NULL), not used
+ *      major           (r) GSS-API major status
+ *      minor           (r) GSS-API minor status
+ *      addr            (r) originating address
+ *      data            (r) arbitrary data (NULL), not used
  *
  * Effects:
  *
@@ -976,57 +977,56 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
  * format.
  */
 void log_badauth(OM_uint32 major, OM_uint32 minor,
-		 struct sockaddr_in *addr, char *data)
+                 struct sockaddr_in *addr, char *data)
 {
-     char *a;
-     
-     /* Authentication attempt failed: <IP address>, <GSS-API error */
-     /* strings> */
+    char *a;
+
+    /* Authentication attempt failed: <IP address>, <GSS-API error */
+    /* strings> */
 
-     a = inet_ntoa(addr->sin_addr);
+    a = inet_ntoa(addr->sin_addr);
 
-     krb5_klog_syslog(LOG_NOTICE, "Authentication attempt failed: %s, GSS-API "
-	    "error strings are:", a);
-     log_badauth_display_status("   ", major, minor);
-     krb5_klog_syslog(LOG_NOTICE, "   GSS-API error strings complete.");
+    krb5_klog_syslog(LOG_NOTICE, "Authentication attempt failed: %s, GSS-API "
+                     "error strings are:", a);
+    log_badauth_display_status("   ", major, minor);
+    krb5_klog_syslog(LOG_NOTICE, "   GSS-API error strings complete.");
 }
 
 void log_badauth_display_status(char *msg, OM_uint32 major, OM_uint32 minor)
 {
-     log_badauth_display_status_1(msg, major, GSS_C_GSS_CODE, 0);
-     log_badauth_display_status_1(msg, minor, GSS_C_MECH_CODE, 0);
+    log_badauth_display_status_1(msg, major, GSS_C_GSS_CODE, 0);
+    log_badauth_display_status_1(msg, minor, GSS_C_MECH_CODE, 0);
 }
 
 void log_badauth_display_status_1(char *m, OM_uint32 code, int type,
-				  int rec)
+                                  int rec)
 {
-     OM_uint32 gssstat, minor_stat;
-     gss_buffer_desc msg;
-     OM_uint32 msg_ctx;
-
-     msg_ctx = 0;
-     while (1) {
-	  gssstat = gss_display_status(&minor_stat, code,
-				       type, GSS_C_NULL_OID,
-				       &msg_ctx, &msg);
-	  if (gssstat != GSS_S_COMPLETE) {
- 	       if (!rec) {
-		    log_badauth_display_status_1(m,gssstat,GSS_C_GSS_CODE,1); 
-		    log_badauth_display_status_1(m, minor_stat,
-						 GSS_C_MECH_CODE, 1);
-	       } else
-		    krb5_klog_syslog(LOG_ERR, "GSS-API authentication error %.*s: "
-				     "recursive failure!", (int) msg.length,
-				     (char *) msg.value);
-	       return;
-	  }
-
-	  krb5_klog_syslog(LOG_NOTICE, "%s %.*s", m, (int)msg.length,
-			   (char *)msg.value);
-	  (void) gss_release_buffer(&minor_stat, &msg);
-	  
-	  if (!msg_ctx)
-	       break;
-     }
+    OM_uint32 gssstat, minor_stat;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx;
+
+    msg_ctx = 0;
+    while (1) {
+        gssstat = gss_display_status(&minor_stat, code,
+                                     type, GSS_C_NULL_OID,
+                                     &msg_ctx, &msg);
+        if (gssstat != GSS_S_COMPLETE) {
+            if (!rec) {
+                log_badauth_display_status_1(m,gssstat,GSS_C_GSS_CODE,1);
+                log_badauth_display_status_1(m, minor_stat,
+                                             GSS_C_MECH_CODE, 1);
+            } else
+                krb5_klog_syslog(LOG_ERR, "GSS-API authentication error %.*s: "
+                                 "recursive failure!", (int) msg.length,
+                                 (char *) msg.value);
+            return;
+        }
+
+        krb5_klog_syslog(LOG_NOTICE, "%s %.*s", m, (int)msg.length,
+                         (char *)msg.value);
+        (void) gss_release_buffer(&minor_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
 }
-
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index c3b7fa1e3..c1b221732 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -1,7 +1,8 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include <kadm5/admin.h>
 #include <syslog.h>
-#include <adm_proto.h>	/* krb5_klog_syslog */
+#include <adm_proto.h>  /* krb5_klog_syslog */
 #include <stdio.h>
 #include <errno.h>
 
@@ -11,19 +12,19 @@
 #define GETSOCKNAME_ARG3_TYPE int
 #endif
 
-#define RFC3244_VERSION	0xff80
+#define RFC3244_VERSION 0xff80
 
 krb5_error_code
 process_chpw_request(context, server_handle, realm, keytab,
-		     local_faddr, remote_faddr, req, rep)
-     krb5_context context;
-     void *server_handle;
-     char *realm;
-     krb5_keytab keytab;
-     krb5_fulladdr *local_faddr;
-     krb5_fulladdr *remote_faddr;
-     krb5_data *req;
-     krb5_data *rep;
+                     local_faddr, remote_faddr, req, rep)
+    krb5_context context;
+    void *server_handle;
+    char *realm;
+    krb5_keytab keytab;
+    krb5_fulladdr *local_faddr;
+    krb5_fulladdr *remote_faddr;
+    krb5_data *req;
+    krb5_data *rep;
 {
     krb5_error_code ret;
     char *ptr;
@@ -58,12 +59,12 @@ process_chpw_request(context, server_handle, realm, keytab,
     cipher.length = 0;
 
     if (req->length < 4) {
-	/* either this, or the server is printing bad messages,
-	   or the caller passed in garbage */
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	numresult = KRB5_KPASSWD_MALFORMED;
-	strlcpy(strresult, "Request was truncated", sizeof(strresult));
-	goto chpwfail;
+        /* either this, or the server is printing bad messages,
+           or the caller passed in garbage */
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        numresult = KRB5_KPASSWD_MALFORMED;
+        strlcpy(strresult, "Request was truncated", sizeof(strresult));
+        goto chpwfail;
     }
 
     ptr = req->data;
@@ -74,7 +75,7 @@ process_chpw_request(context, server_handle, realm, keytab,
     plen = (plen<<8) | (*ptr++ & 0xff);
 
     if (plen != req->length)
-	return(KRB5KRB_AP_ERR_MODIFIED);
+        return(KRB5KRB_AP_ERR_MODIFIED);
 
     /* verify version number */
 
@@ -82,11 +83,11 @@ process_chpw_request(context, server_handle, realm, keytab,
     vno = (vno<<8) | (*ptr++ & 0xff);
 
     if (vno != 1 && vno != RFC3244_VERSION) {
-	ret = KRB5KDC_ERR_BAD_PVNO;
-	numresult = KRB5_KPASSWD_BAD_VERSION;
-	snprintf(strresult, sizeof(strresult),
-		 "Request contained unknown protocol version number %d", vno);
-	goto chpwfail;
+        ret = KRB5KDC_ERR_BAD_PVNO;
+        numresult = KRB5_KPASSWD_BAD_VERSION;
+        snprintf(strresult, sizeof(strresult),
+                 "Request contained unknown protocol version number %d", vno);
+        goto chpwfail;
     }
 
     /* read, check ap-req length */
@@ -95,11 +96,11 @@ process_chpw_request(context, server_handle, realm, keytab,
     ap_req.length = (ap_req.length<<8) | (*ptr++ & 0xff);
 
     if (ptr + ap_req.length >= req->data + req->length) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	numresult = KRB5_KPASSWD_MALFORMED;
-	strlcpy(strresult, "Request was truncated in AP-REQ",
-		sizeof(strresult));
-	goto chpwfail;
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        numresult = KRB5_KPASSWD_MALFORMED;
+        strlcpy(strresult, "Request was truncated in AP-REQ",
+                sizeof(strresult));
+        goto chpwfail;
     }
 
     /* verify ap_req */
@@ -109,38 +110,38 @@ process_chpw_request(context, server_handle, realm, keytab,
 
     ret = krb5_auth_con_init(context, &auth_context);
     if (ret) {
-	numresult = KRB5_KPASSWD_HARDERROR;
-	strlcpy(strresult, "Failed initializing auth context",
-		sizeof(strresult));
-	goto chpwfail;
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed initializing auth context",
+                sizeof(strresult));
+        goto chpwfail;
     }
 
     ret = krb5_auth_con_setflags(context, auth_context,
-				 KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+                                 KRB5_AUTH_CONTEXT_DO_SEQUENCE);
     if (ret) {
-	numresult = KRB5_KPASSWD_HARDERROR;
-	strlcpy(strresult, "Failed initializing auth context",
-		sizeof(strresult));
-	goto chpwfail;
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed initializing auth context",
+                sizeof(strresult));
+        goto chpwfail;
     }
-	
+
     ret = krb5_build_principal(context, &changepw, strlen(realm), realm,
-			       "kadmin", "changepw", NULL);
+                               "kadmin", "changepw", NULL);
     if (ret) {
-	numresult = KRB5_KPASSWD_HARDERROR;
-	strlcpy(strresult, "Failed building kadmin/changepw principal",
-		sizeof(strresult));
-	goto chpwfail;
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed building kadmin/changepw principal",
+                sizeof(strresult));
+        goto chpwfail;
     }
 
     ret = krb5_rd_req(context, &auth_context, &ap_req, changepw, keytab,
-		      NULL, &ticket);
+                      NULL, &ticket);
 
     if (ret) {
-	numresult = KRB5_KPASSWD_AUTHERROR;
-	strlcpy(strresult, "Failed reading application request",
-		sizeof(strresult));
-	goto chpwfail;
+        numresult = KRB5_KPASSWD_AUTHERROR;
+        strlcpy(strresult, "Failed reading application request",
+                sizeof(strresult));
+        goto chpwfail;
     }
 
     /* mk_priv requires that the local address be set.
@@ -158,22 +159,22 @@ process_chpw_request(context, server_handle, realm, keytab,
        is specified.  Are we having fun yet?  */
 
     ret = krb5_auth_con_setaddrs(context, auth_context, NULL,
-			         remote_faddr->address);
+                                 remote_faddr->address);
     if (ret) {
-	numresult = KRB5_KPASSWD_HARDERROR;
-	strlcpy(strresult, "Failed storing client internet address",
-		sizeof(strresult));
-	goto chpwfail;
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed storing client internet address",
+                sizeof(strresult));
+        goto chpwfail;
     }
 
     /* construct the ap-rep */
 
     ret = krb5_mk_rep(context, auth_context, &ap_rep);
     if (ret) {
-	numresult = KRB5_KPASSWD_AUTHERROR;
-	strlcpy(strresult, "Failed replying to application request",
-		sizeof(strresult));
-	goto chpwfail;
+        numresult = KRB5_KPASSWD_AUTHERROR;
+        strlcpy(strresult, "Failed replying to application request",
+                sizeof(strresult));
+        goto chpwfail;
     }
 
     /* decrypt the ChangePasswdData */
@@ -183,57 +184,57 @@ process_chpw_request(context, server_handle, realm, keytab,
 
     ret = krb5_rd_priv(context, auth_context, &cipher, &clear, &replay);
     if (ret) {
-	numresult = KRB5_KPASSWD_HARDERROR;
-	strlcpy(strresult, "Failed decrypting request", sizeof(strresult));
-	goto chpwfail;
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed decrypting request", sizeof(strresult));
+        goto chpwfail;
     }
 
     client = ticket->enc_part2->client;
 
     /* decode ChangePasswdData for setpw requests */
     if (vno == RFC3244_VERSION) {
-	krb5_data *clear_data;
-
-	ret = decode_krb5_setpw_req(&clear, &clear_data, &target);
-	if (ret != 0) {
-	    numresult = KRB5_KPASSWD_MALFORMED;
-	    strlcpy(strresult, "Failed decoding ChangePasswdData",
-		    sizeof(strresult));
-	    goto chpwfail;
-	}
-
-	memset(clear.data, 0, clear.length);
-	free(clear.data);
-
-	clear = *clear_data;
-	free(clear_data);
-
-	if (target != NULL) {
-	    ret = krb5_unparse_name(context, target, &targetstr);
-	    if (ret != 0) {
-		numresult = KRB5_KPASSWD_HARDERROR;
-		strlcpy(strresult, "Failed unparsing target name for log",
-			sizeof(strresult));
-		goto chpwfail;
-	    }
-	}
+        krb5_data *clear_data;
+
+        ret = decode_krb5_setpw_req(&clear, &clear_data, &target);
+        if (ret != 0) {
+            numresult = KRB5_KPASSWD_MALFORMED;
+            strlcpy(strresult, "Failed decoding ChangePasswdData",
+                    sizeof(strresult));
+            goto chpwfail;
+        }
+
+        memset(clear.data, 0, clear.length);
+        free(clear.data);
+
+        clear = *clear_data;
+        free(clear_data);
+
+        if (target != NULL) {
+            ret = krb5_unparse_name(context, target, &targetstr);
+            if (ret != 0) {
+                numresult = KRB5_KPASSWD_HARDERROR;
+                strlcpy(strresult, "Failed unparsing target name for log",
+                        sizeof(strresult));
+                goto chpwfail;
+            }
+        }
     }
 
     ret = krb5_unparse_name(context, client, &clientstr);
     if (ret) {
-	numresult = KRB5_KPASSWD_HARDERROR;
-	strlcpy(strresult, "Failed unparsing client name for log",
-		sizeof(strresult));
-	goto chpwfail;
+        numresult = KRB5_KPASSWD_HARDERROR;
+        strlcpy(strresult, "Failed unparsing client name for log",
+                sizeof(strresult));
+        goto chpwfail;
     }
 
     /* for cpw, verify that this is an AS_REQ ticket */
     if (vno == 1 &&
-	(ticket->enc_part2->flags & TKT_FLG_INITIAL) == 0) {
-	numresult = KRB5_KPASSWD_INITIAL_FLAG_NEEDED;
-	strlcpy(strresult, "Ticket must be derived from a password",
-		sizeof(strresult));
-	goto chpwfail;
+        (ticket->enc_part2->flags & TKT_FLG_INITIAL) == 0) {
+        numresult = KRB5_KPASSWD_INITIAL_FLAG_NEEDED;
+        strlcpy(strresult, "Ticket must be derived from a password",
+                sizeof(strresult));
+        goto chpwfail;
     }
 
     /* change the password */
@@ -243,10 +244,10 @@ process_chpw_request(context, server_handle, realm, keytab,
     ptr[clear.length] = '\0';
 
     ret = schpw_util_wrapper(server_handle, client, target,
-			     (ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0,
-			     ptr, NULL, strresult, sizeof(strresult));
+                             (ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0,
+                             ptr, NULL, strresult, sizeof(strresult));
     if (ret)
-	errmsg = krb5_get_error_message(context, ret);
+        errmsg = krb5_get_error_message(context, ret);
 
     /* zap the password */
     memset(clear.data, 0, clear.length);
@@ -260,81 +261,81 @@ process_chpw_request(context, server_handle, realm, keytab,
 
     switch (addr->addrtype) {
     case ADDRTYPE_INET: {
-	struct sockaddr_in *sin = ss2sin(&ss);
+        struct sockaddr_in *sin = ss2sin(&ss);
 
-	sin->sin_family = AF_INET;
-	memcpy(&sin->sin_addr, addr->contents, addr->length);
-	sin->sin_port = htons(remote_faddr->port);
-	salen = sizeof(*sin);
-	break;
+        sin->sin_family = AF_INET;
+        memcpy(&sin->sin_addr, addr->contents, addr->length);
+        sin->sin_port = htons(remote_faddr->port);
+        salen = sizeof(*sin);
+        break;
     }
     case ADDRTYPE_INET6: {
-	struct sockaddr_in6 *sin6 = ss2sin6(&ss);
+        struct sockaddr_in6 *sin6 = ss2sin6(&ss);
 
-	sin6->sin6_family = AF_INET6;
-	memcpy(&sin6->sin6_addr, addr->contents, addr->length);
-	sin6->sin6_port = htons(remote_faddr->port);
-	salen = sizeof(*sin6);
-	break;
+        sin6->sin6_family = AF_INET6;
+        memcpy(&sin6->sin6_addr, addr->contents, addr->length);
+        sin6->sin6_port = htons(remote_faddr->port);
+        salen = sizeof(*sin6);
+        break;
     }
     default: {
-	struct sockaddr *sa = ss2sa(&ss);
+        struct sockaddr *sa = ss2sa(&ss);
 
-	sa->sa_family = AF_UNSPEC;
-	salen = sizeof(*sa);
-	break;
+        sa->sa_family = AF_UNSPEC;
+        salen = sizeof(*sa);
+        break;
     }
     }
 
     if (getnameinfo(ss2sa(&ss), salen,
-		    addrbuf, sizeof(addrbuf), NULL, 0,
-		    NI_NUMERICHOST | NI_NUMERICSERV) != 0)
-	strlcpy(addrbuf, "<unprintable>", sizeof(addrbuf));
+                    addrbuf, sizeof(addrbuf), NULL, 0,
+                    NI_NUMERICHOST | NI_NUMERICSERV) != 0)
+        strlcpy(addrbuf, "<unprintable>", sizeof(addrbuf));
 
     if (vno == RFC3244_VERSION) {
-	size_t tlen;
-	char *tdots;
-	const char *targetp;
-
-	if (target == NULL) {
-	    tlen = clen;
-	    tdots = cdots;
-	    targetp = targetstr;
-	} else {
-	    tlen = strlen(targetstr);
-	    trunc_name(&tlen, &tdots);
-	    targetp = clientstr;
-	}
-
-	krb5_klog_syslog(LOG_NOTICE, "setpw request from %s by %.*s%s for %.*s%s: %s",
-			 addrbuf,
-			 (int) clen, clientstr, cdots,
-			 (int) tlen, targetp, tdots,
-			 errmsg ? errmsg : "success");
+        size_t tlen;
+        char *tdots;
+        const char *targetp;
+
+        if (target == NULL) {
+            tlen = clen;
+            tdots = cdots;
+            targetp = targetstr;
+        } else {
+            tlen = strlen(targetstr);
+            trunc_name(&tlen, &tdots);
+            targetp = clientstr;
+        }
+
+        krb5_klog_syslog(LOG_NOTICE, "setpw request from %s by %.*s%s for %.*s%s: %s",
+                         addrbuf,
+                         (int) clen, clientstr, cdots,
+                         (int) tlen, targetp, tdots,
+                         errmsg ? errmsg : "success");
     } else {
-	krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s",
-			 addrbuf,
-			 (int) clen, clientstr, cdots,
-			 errmsg ? errmsg : "success");
+        krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s",
+                         addrbuf,
+                         (int) clen, clientstr, cdots,
+                         errmsg ? errmsg : "success");
     }
     switch (ret) {
     case KADM5_AUTH_CHANGEPW:
-	numresult = KRB5_KPASSWD_ACCESSDENIED;
-	break;
+        numresult = KRB5_KPASSWD_ACCESSDENIED;
+        break;
     case KADM5_PASS_Q_TOOSHORT:
     case KADM5_PASS_REUSE:
     case KADM5_PASS_Q_CLASS:
     case KADM5_PASS_Q_DICT:
     case KADM5_PASS_TOOSOON:
-	numresult = KRB5_KPASSWD_HARDERROR;
-	break;
+        numresult = KRB5_KPASSWD_HARDERROR;
+        break;
     case 0:
-	numresult = KRB5_KPASSWD_SUCCESS;
-	strlcpy(strresult, "", sizeof(strresult));
-	break;
+        numresult = KRB5_KPASSWD_SUCCESS;
+        strlcpy(strresult, "", sizeof(strresult));
+        break;
     default:
-	numresult = KRB5_KPASSWD_SOFTERROR;
-	break;
+        numresult = KRB5_KPASSWD_SOFTERROR;
+        break;
     }
 
 chpwfail:
@@ -352,66 +353,66 @@ chpwfail:
     cipher.length = 0;
 
     if (ap_rep.length) {
-	ret = krb5_auth_con_setaddrs(context, auth_context,
-				     local_faddr->address, NULL);
-	if (ret) {
-	    numresult = KRB5_KPASSWD_HARDERROR;
-	    strlcpy(strresult,
-		    "Failed storing client and server internet addresses",
-		    sizeof(strresult));
-	} else {
-	    ret = krb5_mk_priv(context, auth_context, &clear, &cipher,
-			       &replay);
-	    if (ret) {
-		numresult = KRB5_KPASSWD_HARDERROR;
-		strlcpy(strresult, "Failed encrypting reply",
-			sizeof(strresult));
-	    }
-	}
+        ret = krb5_auth_con_setaddrs(context, auth_context,
+                                     local_faddr->address, NULL);
+        if (ret) {
+            numresult = KRB5_KPASSWD_HARDERROR;
+            strlcpy(strresult,
+                    "Failed storing client and server internet addresses",
+                    sizeof(strresult));
+        } else {
+            ret = krb5_mk_priv(context, auth_context, &clear, &cipher,
+                               &replay);
+            if (ret) {
+                numresult = KRB5_KPASSWD_HARDERROR;
+                strlcpy(strresult, "Failed encrypting reply",
+                        sizeof(strresult));
+            }
+        }
     }
 
     /* if no KRB-PRIV was constructed, then we need a KRB-ERROR.
        if this fails, just bail.  there's nothing else we can do. */
 
     if (cipher.length == 0) {
-	/* clear out ap_rep now, so that it won't be inserted in the
+        /* clear out ap_rep now, so that it won't be inserted in the
            reply */
 
-	if (ap_rep.length) {
-	    free(ap_rep.data);
-	    ap_rep.length = 0;
-	}
-
-	krberror.ctime = 0;
-	krberror.cusec = 0;
-	krberror.susec = 0;
-	ret = krb5_timeofday(context, &krberror.stime);
-	if (ret)
-	    goto bailout;
-
-	/* this is really icky.  but it's what all the other callers
-	   to mk_error do. */
-	krberror.error = ret;
-	krberror.error -= ERROR_TABLE_BASE_krb5;
-	if (krberror.error < 0 || krberror.error > 128)
-	    krberror.error = KRB_ERR_GENERIC;
-
-	krberror.client = NULL;
-
-	ret = krb5_build_principal(context, &krberror.server,
-				   strlen(realm), realm,
-				   "kadmin", "changepw", NULL);
-	if (ret)
-	    goto bailout;
-	krberror.text.length = 0;
-	krberror.e_data = clear;
-
-	ret = krb5_mk_error(context, &krberror, &cipher);
-
-	krb5_free_principal(context, krberror.server);
-
-	if (ret)
-	    goto bailout;
+        if (ap_rep.length) {
+            free(ap_rep.data);
+            ap_rep.length = 0;
+        }
+
+        krberror.ctime = 0;
+        krberror.cusec = 0;
+        krberror.susec = 0;
+        ret = krb5_timeofday(context, &krberror.stime);
+        if (ret)
+            goto bailout;
+
+        /* this is really icky.  but it's what all the other callers
+           to mk_error do. */
+        krberror.error = ret;
+        krberror.error -= ERROR_TABLE_BASE_krb5;
+        if (krberror.error < 0 || krberror.error > 128)
+            krberror.error = KRB_ERR_GENERIC;
+
+        krberror.client = NULL;
+
+        ret = krb5_build_principal(context, &krberror.server,
+                                   strlen(realm), realm,
+                                   "kadmin", "changepw", NULL);
+        if (ret)
+            goto bailout;
+        krberror.text.length = 0;
+        krberror.e_data = clear;
+
+        ret = krb5_mk_error(context, &krberror, &cipher);
+
+        krb5_free_principal(context, krberror.server);
+
+        if (ret)
+            goto bailout;
     }
 
     /* construct the reply */
@@ -419,9 +420,9 @@ chpwfail:
     rep->length = 6 + ap_rep.length + cipher.length;
     rep->data = (char *) malloc(rep->length);
     if (rep->data == NULL) {
-	rep->length = 0;	/* checked by caller */
-	ret = ENOMEM;
-	goto bailout;
+        rep->length = 0;        /* checked by caller */
+        ret = ENOMEM;
+        goto bailout;
     }
     ptr = rep->data;
 
@@ -443,8 +444,8 @@ chpwfail:
     /* ap-rep data */
 
     if (ap_rep.length) {
-	memcpy(ptr, ap_rep.data, ap_rep.length);
-	ptr += ap_rep.length;
+        memcpy(ptr, ap_rep.data, ap_rep.length);
+        ptr += ap_rep.length;
     }
 
     /* krb-priv or krb-error */
@@ -453,25 +454,25 @@ chpwfail:
 
 bailout:
     if (auth_context)
-	krb5_auth_con_free(context, auth_context);
+        krb5_auth_con_free(context, auth_context);
     if (changepw)
-	krb5_free_principal(context, changepw);
+        krb5_free_principal(context, changepw);
     if (ap_rep.length)
-	free(ap_rep.data);
+        free(ap_rep.data);
     if (ticket)
-	krb5_free_ticket(context, ticket);
+        krb5_free_ticket(context, ticket);
     if (clear.length)
-	free(clear.data);
+        free(clear.data);
     if (cipher.length)
-	free(cipher.data);
+        free(cipher.data);
     if (target)
-	krb5_free_principal(context, target);
+        krb5_free_principal(context, target);
     if (targetstr)
-	krb5_free_unparsed_name(context, targetstr);
+        krb5_free_unparsed_name(context, targetstr);
     if (clientstr)
-	krb5_free_unparsed_name(context, clientstr);
+        krb5_free_unparsed_name(context, clientstr);
     if (errmsg)
-	krb5_free_error_message(context, errmsg);
+        krb5_free_error_message(context, errmsg);
 
     return(ret);
 }
diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
index 9449fe8c2..29a8805ee 100644
--- a/src/kadmin/server/server_stubs.c
+++ b/src/kadmin/server/server_stubs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -17,21 +18,21 @@
 #include <string.h>
 
 #define LOG_UNAUTH  "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s"
-#define	LOG_DONE    "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
+#define LOG_DONE    "Request: %s, %s, %s, client=%s, service=%s, addr=%s"
 
-extern gss_name_t 			gss_changepw_name;
-extern gss_name_t			gss_oldchangepw_name;
-extern void *				global_server_handle;
+extern gss_name_t                       gss_changepw_name;
+extern gss_name_t                       gss_oldchangepw_name;
+extern void *                           global_server_handle;
 
-#define CHANGEPW_SERVICE(rqstp) \
-	(cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred), gss_changepw_name) |\
-	 (gss_oldchangepw_name && \
-	  cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred), \
-			gss_oldchangepw_name)))
+#define CHANGEPW_SERVICE(rqstp)                                         \
+    (cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred), gss_changepw_name) | \
+     (gss_oldchangepw_name &&                                           \
+      cmp_gss_names_rel_1(acceptor_name(rqstp->rq_svccred),             \
+                          gss_oldchangepw_name)))
 
 
 static int gss_to_krb5_name(kadm5_server_handle_t handle,
-		     gss_name_t gss_name, krb5_principal *princ);
+                            gss_name_t gss_name, krb5_principal *princ);
 
 static int gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str);
 
@@ -41,25 +42,25 @@ gss_name_t rqst2name(struct svc_req *rqstp);
 
 static int cmp_gss_names(gss_name_t n1, gss_name_t n2)
 {
-   OM_uint32 emaj, emin;
-   int equal;
+    OM_uint32 emaj, emin;
+    int equal;
 
-   if (GSS_ERROR(emaj = gss_compare_name(&emin, n1, n2, &equal)))
-      return(0);
+    if (GSS_ERROR(emaj = gss_compare_name(&emin, n1, n2, &equal)))
+        return(0);
 
-   return(equal);
+    return(equal);
 }
 
 /* Does a comparison of the names and then releases the first entity */
 /* For use above in CHANGEPW_SERVICE */
 static int cmp_gss_names_rel_1(gss_name_t n1, gss_name_t n2)
 {
-   OM_uint32 min_stat;
-   int ret;
+    OM_uint32 min_stat;
+    int ret;
 
-   ret = cmp_gss_names(n1, n2);
-   if (n1) (void) gss_release_name(&min_stat, &n1);
-   return ret;
+    ret = cmp_gss_names(n1, n2);
+    if (n1) (void) gss_release_name(&min_stat, &n1);
+    return ret;
 }
 
 /*
@@ -70,13 +71,13 @@ static int cmp_gss_names_rel_1(gss_name_t n1, gss_name_t n2)
  *
  * Arguments:
  *
- * 	handle		The server handle.
+ *      handle          The server handle.
  */
 
 static int check_handle(void *handle)
 {
-     CHECK_HANDLE(handle);
-     return 0;
+    CHECK_HANDLE(handle);
+    return 0;
 }
 
 /*
@@ -88,45 +89,45 @@ static int check_handle(void *handle)
  * kadm5_init.
  *
  * Arguments:
- * 	api_version	(input) The API version specified by the client
- * 	rqstp		(input) The RPC request
- * 	handle		(output) The returned handle
- *	<return value>	(output) An error code, or 0 if no error occurred
- * 
+ *      api_version     (input) The API version specified by the client
+ *      rqstp           (input) The RPC request
+ *      handle          (output) The returned handle
+ *      <return value>  (output) An error code, or 0 if no error occurred
+ *
  * Effects:
- * 	Returns a pointer to allocated storage containing the server
- * 	handle.  If an error occurs, then no allocated storage is
- *	returned, and the return value of the function will be a
- * 	non-zero com_err code.
- *      
+ *      Returns a pointer to allocated storage containing the server
+ *      handle.  If an error occurs, then no allocated storage is
+ *      returned, and the return value of the function will be a
+ *      non-zero com_err code.
+ *
  *      The allocated storage for the handle should be freed with
- * 	free_server_handle (see below) when it is no longer needed.
+ *      free_server_handle (see below) when it is no longer needed.
  */
 
 static kadm5_ret_t new_server_handle(krb5_ui_4 api_version,
-					  struct svc_req *rqstp,
-					  kadm5_server_handle_t
-					  *out_handle)
+                                     struct svc_req *rqstp,
+                                     kadm5_server_handle_t
+                                     *out_handle)
 {
-     kadm5_server_handle_t handle;
+    kadm5_server_handle_t handle;
 
-     *out_handle = NULL;
+    *out_handle = NULL;
 
-     if (! (handle = (kadm5_server_handle_t)
-	    malloc(sizeof(*handle))))
-	  return ENOMEM;
+    if (! (handle = (kadm5_server_handle_t)
+           malloc(sizeof(*handle))))
+        return ENOMEM;
 
-     *handle = *(kadm5_server_handle_t)global_server_handle;
-     handle->api_version = api_version;
+    *handle = *(kadm5_server_handle_t)global_server_handle;
+    handle->api_version = api_version;
 
-     if (! gss_to_krb5_name(handle, rqst2name(rqstp),
-			    &handle->current_caller)) {
-	  free(handle);
-	  return KADM5_FAILURE;
-     }
+    if (! gss_to_krb5_name(handle, rqst2name(rqstp),
+                           &handle->current_caller)) {
+        free(handle);
+        return KADM5_FAILURE;
+    }
 
-     *out_handle = handle;
-     return 0;
+    *out_handle = handle;
+    return 0;
 }
 
 /*
@@ -135,14 +136,14 @@ static kadm5_ret_t new_server_handle(krb5_ui_4 api_version,
  * Purpose: Free handle memory allocated by new_server_handle
  *
  * Arguments:
- * 	handle		(input/output) The handle to free
+ *      handle          (input/output) The handle to free
  */
 static void free_server_handle(kadm5_server_handle_t handle)
 {
-     if (!handle)
-	  return;
-     krb5_free_principal(handle->context, handle->current_caller);
-     free(handle);
+    if (!handle)
+        return;
+    krb5_free_principal(handle->context, handle->current_caller);
+    free(handle);
 }
 
 /*
@@ -152,9 +153,9 @@ static void free_server_handle(kadm5_server_handle_t handle)
  * names.
  *
  * Arguments:
- * 	rqstp		(r) the RPC request
- * 	client_name	(w) the gss_buffer_t for the client name
- * 	server_name	(w) the gss_buffer_t for the server name
+ *      rqstp           (r) the RPC request
+ *      client_name     (w) the gss_buffer_t for the client name
+ *      server_name     (w) the gss_buffer_t for the server name
  *
  * Effects:
  *
@@ -163,82 +164,82 @@ static void free_server_handle(kadm5_server_handle_t handle)
  * on success and -1 on failure.
  */
 int setup_gss_names(struct svc_req *rqstp,
-		    gss_buffer_desc *client_name,
-		    gss_buffer_desc *server_name)
+                    gss_buffer_desc *client_name,
+                    gss_buffer_desc *server_name)
 {
-     OM_uint32 maj_stat, min_stat;
-     gss_name_t server_gss_name;
-
-     if (gss_name_to_string(rqst2name(rqstp), client_name) != 0)
-	  return -1;
-     maj_stat = gss_inquire_context(&min_stat, rqstp->rq_svccred, NULL,
-				    &server_gss_name, NULL, NULL, NULL,
-				    NULL, NULL);
-     if (maj_stat != GSS_S_COMPLETE) {
-	  gss_release_buffer(&min_stat, client_name);
-          gss_release_name(&min_stat, &server_gss_name);
-	  return -1;
-     }
-     if (gss_name_to_string(server_gss_name, server_name) != 0) {
-	  gss_release_buffer(&min_stat, client_name);
-          gss_release_name(&min_stat, &server_gss_name);
-	  return -1;
-     }
-     gss_release_name(&min_stat, &server_gss_name);
-     return 0;
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t server_gss_name;
+
+    if (gss_name_to_string(rqst2name(rqstp), client_name) != 0)
+        return -1;
+    maj_stat = gss_inquire_context(&min_stat, rqstp->rq_svccred, NULL,
+                                   &server_gss_name, NULL, NULL, NULL,
+                                   NULL, NULL);
+    if (maj_stat != GSS_S_COMPLETE) {
+        gss_release_buffer(&min_stat, client_name);
+        gss_release_name(&min_stat, &server_gss_name);
+        return -1;
+    }
+    if (gss_name_to_string(server_gss_name, server_name) != 0) {
+        gss_release_buffer(&min_stat, client_name);
+        gss_release_name(&min_stat, &server_gss_name);
+        return -1;
+    }
+    gss_release_name(&min_stat, &server_gss_name);
+    return 0;
 }
 
 static gss_name_t acceptor_name(gss_ctx_id_t context)
 {
-     OM_uint32 maj_stat, min_stat;
-     gss_name_t name;
-     
-     maj_stat = gss_inquire_context(&min_stat, context, NULL, &name,
-				    NULL, NULL, NULL, NULL, NULL);
-     if (maj_stat != GSS_S_COMPLETE)
-	  return NULL;
-     return name;
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t name;
+
+    maj_stat = gss_inquire_context(&min_stat, context, NULL, &name,
+                                   NULL, NULL, NULL, NULL, NULL);
+    if (maj_stat != GSS_S_COMPLETE)
+        return NULL;
+    return name;
 }
-     
+
 static int cmp_gss_krb5_name(kadm5_server_handle_t handle,
-		      gss_name_t gss_name, krb5_principal princ)
+                             gss_name_t gss_name, krb5_principal princ)
 {
-     krb5_principal princ2;
-     int status;
-
-     if (! gss_to_krb5_name(handle, gss_name, &princ2))
-	  return 0;
-     status = krb5_principal_compare(handle->context, princ, princ2);
-     krb5_free_principal(handle->context, princ2);
-     return status;
+    krb5_principal princ2;
+    int status;
+
+    if (! gss_to_krb5_name(handle, gss_name, &princ2))
+        return 0;
+    status = krb5_principal_compare(handle->context, princ, princ2);
+    krb5_free_principal(handle->context, princ2);
+    return status;
 }
 
 static int gss_to_krb5_name(kadm5_server_handle_t handle,
-		     gss_name_t gss_name, krb5_principal *princ)
+                            gss_name_t gss_name, krb5_principal *princ)
 {
-     OM_uint32 status, minor_stat;
-     gss_buffer_desc gss_str;
-     gss_OID gss_type;
-     int success;
-
-     status = gss_display_name(&minor_stat, gss_name, &gss_str, &gss_type);
-     if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name))
-	  return 0;
-     success = (krb5_parse_name(handle->context, gss_str.value, princ) == 0);
-     gss_release_buffer(&minor_stat, &gss_str);
-     return success;
+    OM_uint32 status, minor_stat;
+    gss_buffer_desc gss_str;
+    gss_OID gss_type;
+    int success;
+
+    status = gss_display_name(&minor_stat, gss_name, &gss_str, &gss_type);
+    if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name))
+        return 0;
+    success = (krb5_parse_name(handle->context, gss_str.value, princ) == 0);
+    gss_release_buffer(&minor_stat, &gss_str);
+    return success;
 }
 
 static int
 gss_name_to_string(gss_name_t gss_name, gss_buffer_desc *str)
 {
-     OM_uint32 status, minor_stat;
-     gss_OID gss_type;
+    OM_uint32 status, minor_stat;
+    gss_OID gss_type;
 
-     status = gss_display_name(&minor_stat, gss_name, str, &gss_type);
-     if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name))
-	  return 1;
-     return 0;
+    status = gss_display_name(&minor_stat, gss_name, str, &gss_type);
+    if ((status != GSS_S_COMPLETE) || (gss_type != gss_nt_krb5_name))
+        return 1;
+    return 0;
 }
 
 static int
@@ -261,12 +262,12 @@ log_unauth(
 
     /* okay to cast lengths to int because trunc_name limits max value */
     return krb5_klog_syslog(LOG_NOTICE,
-			    "Unauthorized request: %s, %.*s%s, "
-			    "client=%.*s%s, service=%.*s%s, addr=%s",
-			    op, (int)tlen, target, tdots,
-			    (int)clen, (char *)client->value, cdots,
-			    (int)slen, (char *)server->value, sdots,
-			    inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+                            "Unauthorized request: %s, %.*s%s, "
+                            "client=%.*s%s, service=%.*s%s, addr=%s",
+                            op, (int)tlen, target, tdots,
+                            (int)clen, (char *)client->value, cdots,
+                            (int)slen, (char *)server->value, sdots,
+                            inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 }
 
 static int
@@ -290,72 +291,72 @@ log_done(
 
     /* okay to cast lengths to int because trunc_name limits max value */
     return krb5_klog_syslog(LOG_NOTICE,
-			    "Request: %s, %.*s%s, %s, "
-			    "client=%.*s%s, service=%.*s%s, addr=%s",
-			    op, (int)tlen, target, tdots, errmsg,
-			    (int)clen, (char *)client->value, cdots,
-			    (int)slen, (char *)server->value, sdots,
-			    inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+                            "Request: %s, %.*s%s, %s, "
+                            "client=%.*s%s, service=%.*s%s, addr=%s",
+                            op, (int)tlen, target, tdots, errmsg,
+                            (int)clen, (char *)client->value, cdots,
+                            (int)slen, (char *)server->value, sdots,
+                            inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
 }
 
 generic_ret *
 create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		ret;
-    char			*prime_arg;
-    gss_buffer_desc		client_name, service_name;
-    OM_uint32			minor_stat;
-    kadm5_server_handle_t	handle;
-    restriction_t		*rp;
-    const char			*errmsg = NULL;
+    static generic_ret          ret;
+    char                        *prime_arg;
+    gss_buffer_desc             client_name, service_name;
+    OM_uint32                   minor_stat;
+    kadm5_server_handle_t       handle;
+    restriction_t               *rp;
+    const char                  *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (CHANGEPW_SERVICE(rqstp)
-	|| !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
-		      arg->rec.principal, &rp)
-	|| kadm5int_acl_impose_restrictions(handle->context,
-				   &arg->rec, &arg->mask, rp)) {
-	 ret.code = KADM5_AUTH_ADD;
-	 log_unauth("kadm5_create_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
+        || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
+                               arg->rec.principal, &rp)
+        || kadm5int_acl_impose_restrictions(handle->context,
+                                            &arg->rec, &arg->mask, rp)) {
+        ret.code = KADM5_AUTH_ADD;
+        log_unauth("kadm5_create_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
     } else {
-	 ret.code = kadm5_create_principal((void *)handle,
-						&arg->rec, arg->mask,
-						arg->passwd);
+        ret.code = kadm5_create_principal((void *)handle,
+                                          &arg->rec, arg->mask,
+                                          arg->passwd);
 
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	 log_done("kadm5_create_principal", prime_arg,
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
+        log_done("kadm5_create_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 
- exit_func:
+exit_func:
     free_server_handle(handle);
     return &ret;
 }
@@ -363,56 +364,56 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp)
 generic_ret *
 create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		ret;
-    char			*prime_arg;
-    gss_buffer_desc		client_name, service_name;
-    OM_uint32			minor_stat;
-    kadm5_server_handle_t	handle;
-    restriction_t		*rp;
-    const char			*errmsg = NULL;
+    static generic_ret          ret;
+    char                        *prime_arg;
+    gss_buffer_desc             client_name, service_name;
+    OM_uint32                   minor_stat;
+    kadm5_server_handle_t       handle;
+    restriction_t               *rp;
+    const char                  *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (CHANGEPW_SERVICE(rqstp)
-	|| !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
-		      arg->rec.principal, &rp)
-	|| kadm5int_acl_impose_restrictions(handle->context,
-				   &arg->rec, &arg->mask, rp)) {
-	 ret.code = KADM5_AUTH_ADD;
-	 log_unauth("kadm5_create_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
+        || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_ADD,
+                               arg->rec.principal, &rp)
+        || kadm5int_acl_impose_restrictions(handle->context,
+                                            &arg->rec, &arg->mask, rp)) {
+        ret.code = KADM5_AUTH_ADD;
+        log_unauth("kadm5_create_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
     } else {
-	 ret.code = kadm5_create_principal_3((void *)handle,
-					     &arg->rec, arg->mask,
-					     arg->n_ks_tuple,
-					     arg->ks_tuple,
-					     arg->passwd);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
-
-	 log_done("kadm5_create_principal", prime_arg,
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
-
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        ret.code = kadm5_create_principal_3((void *)handle,
+                                            &arg->rec, arg->mask,
+                                            arg->n_ks_tuple,
+                                            arg->ks_tuple,
+                                            arg->passwd);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
+
+        log_done("kadm5_create_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
@@ -426,50 +427,50 @@ exit_func:
 generic_ret *
 delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
-    
+
     if (CHANGEPW_SERVICE(rqstp)
-	|| !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
-		      arg->princ, NULL)) {
-	 ret.code = KADM5_AUTH_DELETE;
-	 log_unauth("kadm5_delete_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
+        || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_DELETE,
+                               arg->princ, NULL)) {
+        ret.code = KADM5_AUTH_DELETE;
+        log_unauth("kadm5_delete_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
     } else {
-	 ret.code = kadm5_delete_principal((void *)handle, arg->princ);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        ret.code = kadm5_delete_principal((void *)handle, arg->princ);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	 log_done("kadm5_delete_principal", prime_arg,
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
+        log_done("kadm5_delete_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	  if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
 
     }
     free(prime_arg);
@@ -484,52 +485,52 @@ exit_func:
 generic_ret *
 modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    restriction_t		    *rp;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    restriction_t                   *rp;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (CHANGEPW_SERVICE(rqstp)
-	|| !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY,
-		      arg->rec.principal, &rp)
-	|| kadm5int_acl_impose_restrictions(handle->context,
-				   &arg->rec, &arg->mask, rp)) {
-	 ret.code = KADM5_AUTH_MODIFY;
-	 log_unauth("kadm5_modify_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
+        || !kadm5int_acl_check(handle->context, rqst2name(rqstp), ACL_MODIFY,
+                               arg->rec.principal, &rp)
+        || kadm5int_acl_impose_restrictions(handle->context,
+                                            &arg->rec, &arg->mask, rp)) {
+        ret.code = KADM5_AUTH_MODIFY;
+        log_unauth("kadm5_modify_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
     } else {
-	 ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
-						arg->mask);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
+                                          arg->mask);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	 log_done("kadm5_modify_principal", prime_arg,
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
+        log_done("kadm5_modify_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	  if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
@@ -542,34 +543,34 @@ exit_func:
 generic_ret *
 rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		ret;
-    char			*prime_arg1,
-				*prime_arg2;
-    gss_buffer_desc		client_name,
-				service_name;
-    OM_uint32			minor_stat;
-    kadm5_server_handle_t	handle;
-    restriction_t		*rp;
-    const char			*errmsg = NULL;
-    size_t			tlen1, tlen2, clen, slen;
-    char			*tdots1, *tdots2, *cdots, *sdots;
+    static generic_ret          ret;
+    char                        *prime_arg1,
+        *prime_arg2;
+    gss_buffer_desc             client_name,
+        service_name;
+    OM_uint32                   minor_stat;
+    kadm5_server_handle_t       handle;
+    restriction_t               *rp;
+    const char                  *errmsg = NULL;
+    size_t                      tlen1, tlen2, clen, slen;
+    char                        *tdots1, *tdots2, *cdots, *sdots;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) ||
         krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
     tlen1 = strlen(prime_arg1);
     trunc_name(&tlen1, &tdots1);
@@ -582,54 +583,54 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp)
 
     ret.code = KADM5_OK;
     if (! CHANGEPW_SERVICE(rqstp)) {
-	 if (!kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			ACL_DELETE, arg->src, NULL))
-	      ret.code = KADM5_AUTH_DELETE;
-	 /* any restrictions at all on the ADD kills the RENAME */
-	 if (!kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			ACL_ADD, arg->dest, &rp) || rp) {
-	      if (ret.code == KADM5_AUTH_DELETE)
-		   ret.code = KADM5_AUTH_INSUFFICIENT;
-	      else
-		   ret.code = KADM5_AUTH_ADD;
-	 }
+        if (!kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                                ACL_DELETE, arg->src, NULL))
+            ret.code = KADM5_AUTH_DELETE;
+        /* any restrictions at all on the ADD kills the RENAME */
+        if (!kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                                ACL_ADD, arg->dest, &rp) || rp) {
+            if (ret.code == KADM5_AUTH_DELETE)
+                ret.code = KADM5_AUTH_INSUFFICIENT;
+            else
+                ret.code = KADM5_AUTH_ADD;
+        }
     } else
-	 ret.code = KADM5_AUTH_INSUFFICIENT;
+        ret.code = KADM5_AUTH_INSUFFICIENT;
     if (ret.code != KADM5_OK) {
-	 /* okay to cast lengths to int because trunc_name limits max value */
-	 krb5_klog_syslog(LOG_NOTICE,
-			  "Unauthorized request: kadm5_rename_principal, "
-			  "%.*s%s to %.*s%s, "
-			  "client=%.*s%s, service=%.*s%s, addr=%s",
-			  (int)tlen1, prime_arg1, tdots1,
-			  (int)tlen2, prime_arg2, tdots2,
-			  (int)clen, (char *)client_name.value, cdots,
-			  (int)slen, (char *)service_name.value, sdots,
-			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+        /* okay to cast lengths to int because trunc_name limits max value */
+        krb5_klog_syslog(LOG_NOTICE,
+                         "Unauthorized request: kadm5_rename_principal, "
+                         "%.*s%s to %.*s%s, "
+                         "client=%.*s%s, service=%.*s%s, addr=%s",
+                         (int)tlen1, prime_arg1, tdots1,
+                         (int)tlen2, prime_arg2, tdots2,
+                         (int)clen, (char *)client_name.value, cdots,
+                         (int)slen, (char *)service_name.value, sdots,
+                         inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
     } else {
-	 ret.code = kadm5_rename_principal((void *)handle, arg->src,
-						arg->dest);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
-
-	 /* okay to cast lengths to int because trunc_name limits max value */
-	 krb5_klog_syslog(LOG_NOTICE,
-			  "Request: kadm5_rename_principal, "
-			  "%.*s%s to %.*s%s, %s, "
-			  "client=%.*s%s, service=%.*s%s, addr=%s",
-			  (int)tlen1, prime_arg1, tdots1,
-			  (int)tlen2, prime_arg2, tdots2,
-			  errmsg ? errmsg : "success",
-			  (int)clen, (char *)client_name.value, cdots,
-			  (int)slen, (char *)service_name.value, sdots,
-			  inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
-
-	 if (errmsg != NULL)
-	     krb5_free_error_message(handle->context, errmsg);
+        ret.code = kadm5_rename_principal((void *)handle, arg->src,
+                                          arg->dest);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
+
+        /* okay to cast lengths to int because trunc_name limits max value */
+        krb5_klog_syslog(LOG_NOTICE,
+                         "Request: kadm5_rename_principal, "
+                         "%.*s%s to %.*s%s, %s, "
+                         "client=%.*s%s, service=%.*s%s, addr=%s",
+                         (int)tlen1, prime_arg1, tdots1,
+                         (int)tlen2, prime_arg2, tdots2,
+                         errmsg ? errmsg : "success",
+                         (int)clen, (char *)client_name.value, cdots,
+                         (int)slen, (char *)service_name.value, sdots,
+                         inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
 
     }
     free(prime_arg1);
-    free(prime_arg2);    
+    free(prime_arg2);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
 exit_func:
@@ -640,56 +641,56 @@ exit_func:
 gprinc_ret *
 get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
 {
-    static gprinc_ret		    ret;
-    char			    *prime_arg, *funcname;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static gprinc_ret               ret;
+    char                            *prime_arg, *funcname;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_gprinc_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     funcname = "kadm5_get_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) &&
-	(CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
-					       rqst2name(rqstp),
-					       ACL_INQUIRE,
-					       arg->princ,
-					       NULL))) {
-	 ret.code = KADM5_AUTH_GET;
-	 log_unauth(funcname, prime_arg,
-		    &client_name, &service_name, rqstp);
+        (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
+                                                        rqst2name(rqstp),
+                                                        ACL_INQUIRE,
+                                                        arg->princ,
+                                                        NULL))) {
+        ret.code = KADM5_AUTH_GET;
+        log_unauth(funcname, prime_arg,
+                   &client_name, &service_name, rqstp);
     } else {
-	 ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec,
-					arg->mask);
-	 
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec,
+                                       arg->mask);
 
-	 log_done(funcname, prime_arg, errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	  if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        log_done(funcname, prime_arg, errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
@@ -702,53 +703,53 @@ exit_func:
 gprincs_ret *
 get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp)
 {
-    static gprincs_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static gprincs_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_gprincs_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     prime_arg = arg->exp;
     if (prime_arg == NULL)
-	 prime_arg = "*";
+        prime_arg = "*";
 
     if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
-					      rqst2name(rqstp),
-					      ACL_LIST,
-					      NULL,
-					      NULL)) {
-	 ret.code = KADM5_AUTH_LIST;
-	 log_unauth("kadm5_get_principals", prime_arg,
-		    &client_name, &service_name, rqstp);
+                                                       rqst2name(rqstp),
+                                                       ACL_LIST,
+                                                       NULL,
+                                                       NULL)) {
+        ret.code = KADM5_AUTH_LIST;
+        log_unauth("kadm5_get_principals", prime_arg,
+                   &client_name, &service_name, rqstp);
     } else {
-	 ret.code  = kadm5_get_principals((void *)handle,
-					       arg->exp, &ret.princs,
-					       &ret.count);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        ret.code  = kadm5_get_principals((void *)handle,
+                                         arg->exp, &ret.princs,
+                                         &ret.count);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	 log_done("kadm5_get_principals", prime_arg,
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
+        log_done("kadm5_get_principals", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	 if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
 
     }
     gss_release_buffer(&minor_stat, &client_name);
@@ -761,57 +762,57 @@ exit_func:
 generic_ret *
 chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
-	 ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
-					       FALSE, 0, NULL, arg->pass);
+        ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
+                                              FALSE, 0, NULL, arg->pass);
     } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-	       kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			 ACL_CHANGEPW, arg->princ, NULL)) {
-	 ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
-						arg->pass);
+               kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                                  ACL_CHANGEPW, arg->princ, NULL)) {
+        ret.code = kadm5_chpass_principal((void *)handle, arg->princ,
+                                          arg->pass);
     } else {
-	 log_unauth("kadm5_chpass_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_CHANGEPW;
+        log_unauth("kadm5_chpass_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_CHANGEPW;
     }
 
     if (ret.code != KADM5_AUTH_CHANGEPW) {
-	if (ret.code != 0)
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        if (ret.code != 0)
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	log_done("kadm5_chpass_principal", prime_arg,
-		 errmsg ? errmsg : "success",
-		 &client_name, &service_name, rqstp);
+        log_done("kadm5_chpass_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
 
     free(prime_arg);
@@ -825,63 +826,63 @@ exit_func:
 generic_ret *
 chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
-	 ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
-					       arg->keepold,
-					       arg->n_ks_tuple,
-					       arg->ks_tuple,
-					       arg->pass);
+        ret.code = chpass_principal_wrapper_3((void *)handle, arg->princ,
+                                              arg->keepold,
+                                              arg->n_ks_tuple,
+                                              arg->ks_tuple,
+                                              arg->pass);
     } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-	       kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			 ACL_CHANGEPW, arg->princ, NULL)) {
-	 ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ,
-					     arg->keepold,
-					     arg->n_ks_tuple,
-					     arg->ks_tuple,
-					     arg->pass);
+               kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                                  ACL_CHANGEPW, arg->princ, NULL)) {
+        ret.code = kadm5_chpass_principal_3((void *)handle, arg->princ,
+                                            arg->keepold,
+                                            arg->n_ks_tuple,
+                                            arg->ks_tuple,
+                                            arg->pass);
     } else {
-	 log_unauth("kadm5_chpass_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_CHANGEPW;
+        log_unauth("kadm5_chpass_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_CHANGEPW;
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
-	if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	log_done("kadm5_chpass_principal", prime_arg,
-		 errmsg ? errmsg : "success",
-		 &client_name, &service_name, rqstp);
+        log_done("kadm5_chpass_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
 
     free(prime_arg);
@@ -895,54 +896,54 @@ exit_func:
 generic_ret *
 setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
-	       kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			 ACL_SETKEY, arg->princ, NULL)) {
-	 ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
-					     arg->keyblock);
+        kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                           ACL_SETKEY, arg->princ, NULL)) {
+        ret.code = kadm5_setv4key_principal((void *)handle, arg->princ,
+                                            arg->keyblock);
     } else {
-	 log_unauth("kadm5_setv4key_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_SETKEY;
+        log_unauth("kadm5_setv4key_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_SETKEY;
     }
 
     if(ret.code != KADM5_AUTH_SETKEY) {
-	if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	log_done("kadm5_setv4key_principal", prime_arg,
-		 errmsg ? errmsg : "success",
-		 &client_name, &service_name, rqstp);
+        log_done("kadm5_setv4key_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
 
     free(prime_arg);
@@ -956,54 +957,54 @@ exit_func:
 generic_ret *
 setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
-	       kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			 ACL_SETKEY, arg->princ, NULL)) {
-	 ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
-					   arg->keyblocks, arg->n_keys);
+        kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                           ACL_SETKEY, arg->princ, NULL)) {
+        ret.code = kadm5_setkey_principal((void *)handle, arg->princ,
+                                          arg->keyblocks, arg->n_keys);
     } else {
-	 log_unauth("kadm5_setkey_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_SETKEY;
+        log_unauth("kadm5_setkey_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_SETKEY;
     }
 
     if(ret.code != KADM5_AUTH_SETKEY) {
-	if( ret.code != 0 )
-	    errmsg = krb5_get_error_message(handle->context, ret.code);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	log_done("kadm5_setkey_principal", prime_arg,
-		 errmsg ? errmsg : "success",
-		 &client_name, &service_name, rqstp);
+        log_done("kadm5_setkey_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
 
     free(prime_arg);
@@ -1017,57 +1018,57 @@ exit_func:
 generic_ret *
 setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
-	       kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			 ACL_SETKEY, arg->princ, NULL)) {
-	 ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ,
-					     arg->keepold,
-					     arg->n_ks_tuple,
-					     arg->ks_tuple,
-					     arg->keyblocks, arg->n_keys);
+        kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                           ACL_SETKEY, arg->princ, NULL)) {
+        ret.code = kadm5_setkey_principal_3((void *)handle, arg->princ,
+                                            arg->keepold,
+                                            arg->n_ks_tuple,
+                                            arg->ks_tuple,
+                                            arg->keyblocks, arg->n_keys);
     } else {
-	 log_unauth("kadm5_setkey_principal", prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_SETKEY;
+        log_unauth("kadm5_setkey_principal", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_SETKEY;
     }
 
     if(ret.code != KADM5_AUTH_SETKEY) {
-	if( ret.code != 0 )
-	    errmsg = krb5_get_error_message(handle->context, ret.code);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	log_done("kadm5_setkey_principal", prime_arg,
-		 errmsg ? errmsg : "success",
-		 &client_name, &service_name, rqstp);
+        log_done("kadm5_setkey_principal", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
 
     free(prime_arg);
@@ -1081,66 +1082,66 @@ exit_func:
 chrand_ret *
 chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
 {
-    static chrand_ret		ret;
-    krb5_keyblock		*k;
-    int				nkeys;
-    char			*prime_arg, *funcname;
-    gss_buffer_desc		client_name,
-	    			service_name;
-    OM_uint32			minor_stat;
-    kadm5_server_handle_t	handle;
-    const char			*errmsg = NULL;
+    static chrand_ret           ret;
+    krb5_keyblock               *k;
+    int                         nkeys;
+    char                        *prime_arg, *funcname;
+    gss_buffer_desc             client_name,
+        service_name;
+    OM_uint32                   minor_stat;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL;
 
     xdr_free(xdr_chrand_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     funcname = "kadm5_randkey_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
-	 ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
-						FALSE, 0, NULL, &k, &nkeys);
+        ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
+                                               FALSE, 0, NULL, &k, &nkeys);
     } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-	       kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			 ACL_CHANGEPW, arg->princ, NULL)) {
-	 ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
-					    &k, &nkeys);
+               kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                                  ACL_CHANGEPW, arg->princ, NULL)) {
+        ret.code = kadm5_randkey_principal((void *)handle, arg->princ,
+                                           &k, &nkeys);
     } else {
-	 log_unauth(funcname, prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_CHANGEPW;
+        log_unauth(funcname, prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_CHANGEPW;
     }
 
     if(ret.code == KADM5_OK) {
-	 ret.keys = k;
-	 ret.n_keys = nkeys;
+        ret.keys = k;
+        ret.n_keys = nkeys;
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
-	if( ret.code != 0 )
-	    errmsg = krb5_get_error_message(handle->context, ret.code);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	log_done(funcname, prime_arg, errmsg ? errmsg : "success",
-		 &client_name, &service_name, rqstp);
+        log_done(funcname, prime_arg, errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
@@ -1153,71 +1154,71 @@ exit_func:
 chrand_ret *
 chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
 {
-    static chrand_ret		ret;
-    krb5_keyblock		*k;
-    int				nkeys;
-    char			*prime_arg, *funcname;
-    gss_buffer_desc		client_name,
-	    			service_name;
-    OM_uint32			minor_stat;
-    kadm5_server_handle_t	handle;
-    const char			*errmsg = NULL;
+    static chrand_ret           ret;
+    krb5_keyblock               *k;
+    int                         nkeys;
+    char                        *prime_arg, *funcname;
+    gss_buffer_desc             client_name,
+        service_name;
+    OM_uint32                   minor_stat;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL;
 
     xdr_free(xdr_chrand_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     funcname = "kadm5_randkey_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
-	 ret.code = KADM5_BAD_PRINCIPAL;
-	 goto exit_func;
+        ret.code = KADM5_BAD_PRINCIPAL;
+        goto exit_func;
     }
 
     if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
-	 ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
-						arg->keepold,
-						arg->n_ks_tuple,
-						arg->ks_tuple,
-						&k, &nkeys);
+        ret.code = randkey_principal_wrapper_3((void *)handle, arg->princ,
+                                               arg->keepold,
+                                               arg->n_ks_tuple,
+                                               arg->ks_tuple,
+                                               &k, &nkeys);
     } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-	       kadm5int_acl_check(handle->context, rqst2name(rqstp),
-			 ACL_CHANGEPW, arg->princ, NULL)) {
-	 ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ,
-					      arg->keepold,
-					      arg->n_ks_tuple,
-					      arg->ks_tuple,
-					      &k, &nkeys);
+               kadm5int_acl_check(handle->context, rqst2name(rqstp),
+                                  ACL_CHANGEPW, arg->princ, NULL)) {
+        ret.code = kadm5_randkey_principal_3((void *)handle, arg->princ,
+                                             arg->keepold,
+                                             arg->n_ks_tuple,
+                                             arg->ks_tuple,
+                                             &k, &nkeys);
     } else {
-	 log_unauth(funcname, prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_CHANGEPW;
+        log_unauth(funcname, prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_CHANGEPW;
     }
 
     if(ret.code == KADM5_OK) {
-	 ret.keys = k;
-	 ret.n_keys = nkeys;
+        ret.keys = k;
+        ret.n_keys = nkeys;
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
-	if( ret.code != 0 )
-	    errmsg = krb5_get_error_message(handle->context, ret.code);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	log_done(funcname, prime_arg, errmsg ? errmsg : "success",
-		 &client_name, &service_name, rqstp);
+        log_done(funcname, prime_arg, errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
@@ -1230,50 +1231,50 @@ exit_func:
 generic_ret *
 create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;    
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     prime_arg = arg->rec.policy;
 
     if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
-					      rqst2name(rqstp),
-					      ACL_ADD, NULL, NULL)) {
-	 ret.code = KADM5_AUTH_ADD;
-	 log_unauth("kadm5_create_policy", prime_arg,
-		    &client_name, &service_name, rqstp);
+                                                       rqst2name(rqstp),
+                                                       ACL_ADD, NULL, NULL)) {
+        ret.code = KADM5_AUTH_ADD;
+        log_unauth("kadm5_create_policy", prime_arg,
+                   &client_name, &service_name, rqstp);
 
     } else {
-	 ret.code = kadm5_create_policy((void *)handle, &arg->rec,
-					     arg->mask);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
-
-	 log_done("kadm5_create_policy",
-		  ((prime_arg == NULL) ? "(null)" : prime_arg),
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
-
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        ret.code = kadm5_create_policy((void *)handle, &arg->rec,
+                                       arg->mask);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
+
+        log_done("kadm5_create_policy",
+                 ((prime_arg == NULL) ? "(null)" : prime_arg),
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
@@ -1285,48 +1286,48 @@ exit_func:
 generic_ret *
 delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;    
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     prime_arg = arg->name;
-    
+
     if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
-					      rqst2name(rqstp),
-					      ACL_DELETE, NULL, NULL)) {
-	 log_unauth("kadm5_delete_policy", prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_DELETE;
+                                                       rqst2name(rqstp),
+                                                       ACL_DELETE, NULL, NULL)) {
+        log_unauth("kadm5_delete_policy", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_DELETE;
     } else {
-	 ret.code = kadm5_delete_policy((void *)handle, arg->name);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
+        ret.code = kadm5_delete_policy((void *)handle, arg->name);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
 
-	 log_done("kadm5_delete_policy",
-		  ((prime_arg == NULL) ? "(null)" : prime_arg),
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
+        log_done("kadm5_delete_policy",
+                 ((prime_arg == NULL) ? "(null)" : prime_arg),
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
 
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
@@ -1338,49 +1339,49 @@ exit_func:
 generic_ret *
 modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp)
 {
-    static generic_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;    
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static generic_ret              ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     prime_arg = arg->rec.policy;
 
     if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
-					      rqst2name(rqstp),
-					      ACL_MODIFY, NULL, NULL)) {
-	 log_unauth("kadm5_modify_policy", prime_arg,
-		    &client_name, &service_name, rqstp);
-	 ret.code = KADM5_AUTH_MODIFY;
+                                                       rqst2name(rqstp),
+                                                       ACL_MODIFY, NULL, NULL)) {
+        log_unauth("kadm5_modify_policy", prime_arg,
+                   &client_name, &service_name, rqstp);
+        ret.code = KADM5_AUTH_MODIFY;
     } else {
-	 ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
-					     arg->mask);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
-
-	 log_done("kadm5_modify_policy",
-		  ((prime_arg == NULL) ? "(null)" : prime_arg),
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
-
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
+                                       arg->mask);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
+
+        log_done("kadm5_modify_policy",
+                 ((prime_arg == NULL) ? "(null)" : prime_arg),
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
@@ -1389,74 +1390,74 @@ exit_func:
     return &ret;
 }
 
-gpol_ret * 
+gpol_ret *
 get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
 {
-    static gpol_ret		ret;
-    kadm5_ret_t		ret2;
-    char			*prime_arg, *funcname;
-    gss_buffer_desc		client_name,
-				service_name;
-    OM_uint32			minor_stat;    
-    kadm5_principal_ent_rec	caller_ent;
-    kadm5_server_handle_t	handle;
-    const char			*errmsg = NULL;
+    static gpol_ret             ret;
+    kadm5_ret_t         ret2;
+    char                        *prime_arg, *funcname;
+    gss_buffer_desc             client_name,
+        service_name;
+    OM_uint32                   minor_stat;
+    kadm5_principal_ent_rec     caller_ent;
+    kadm5_server_handle_t       handle;
+    const char                  *errmsg = NULL;
 
     xdr_free(xdr_gpol_ret,  &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     funcname = "kadm5_get_policy";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     prime_arg = arg->name;
 
     ret.code = KADM5_AUTH_GET;
     if (!CHANGEPW_SERVICE(rqstp) && kadm5int_acl_check(handle->context,
-					      rqst2name(rqstp),
-					      ACL_INQUIRE, NULL, NULL))
-	 ret.code = KADM5_OK;
+                                                       rqst2name(rqstp),
+                                                       ACL_INQUIRE, NULL, NULL))
+        ret.code = KADM5_OK;
     else {
-	 ret.code = kadm5_get_principal(handle->lhandle,
-					handle->current_caller,
-					&caller_ent,
-					KADM5_PRINCIPAL_NORMAL_MASK);
-	 if (ret.code == KADM5_OK) {
-	      if (caller_ent.aux_attributes & KADM5_POLICY &&
-		  strcmp(caller_ent.policy, arg->name) == 0) {
-		   ret.code = KADM5_OK;
-	      } else ret.code = KADM5_AUTH_GET;
-	      ret2 = kadm5_free_principal_ent(handle->lhandle,
-					      &caller_ent);
-	      ret.code = ret.code ? ret.code : ret2;
-	 }
-    }
-    
+        ret.code = kadm5_get_principal(handle->lhandle,
+                                       handle->current_caller,
+                                       &caller_ent,
+                                       KADM5_PRINCIPAL_NORMAL_MASK);
+        if (ret.code == KADM5_OK) {
+            if (caller_ent.aux_attributes & KADM5_POLICY &&
+                strcmp(caller_ent.policy, arg->name) == 0) {
+                ret.code = KADM5_OK;
+            } else ret.code = KADM5_AUTH_GET;
+            ret2 = kadm5_free_principal_ent(handle->lhandle,
+                                            &caller_ent);
+            ret.code = ret.code ? ret.code : ret2;
+        }
+    }
+
     if (ret.code == KADM5_OK) {
-	 ret.code = kadm5_get_policy(handle, arg->name, &ret.rec);
-	 
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
-
-	 log_done(funcname,
-		  ((prime_arg == NULL) ? "(null)" : prime_arg),
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
-	 if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        ret.code = kadm5_get_policy(handle, arg->name, &ret.rec);
+
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
+
+        log_done(funcname,
+                 ((prime_arg == NULL) ? "(null)" : prime_arg),
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
 
     } else {
-	 log_unauth(funcname, prime_arg,
-		    &client_name, &service_name, rqstp);
+        log_unauth(funcname, prime_arg,
+                   &client_name, &service_name, rqstp);
     }
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
@@ -1469,51 +1470,51 @@ exit_func:
 gpols_ret *
 get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp)
 {
-    static gpols_ret		    ret;
-    char			    *prime_arg;
-    gss_buffer_desc		    client_name,
-				    service_name;
-    OM_uint32			    minor_stat;
-    kadm5_server_handle_t	    handle;
-    const char			    *errmsg = NULL;
+    static gpols_ret                ret;
+    char                            *prime_arg;
+    gss_buffer_desc                 client_name,
+        service_name;
+    OM_uint32                       minor_stat;
+    kadm5_server_handle_t           handle;
+    const char                      *errmsg = NULL;
 
     xdr_free(xdr_gpols_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-	 goto exit_func;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle)))
-	 goto exit_func;
+        goto exit_func;
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	 ret.code = KADM5_FAILURE;
-	 goto exit_func;
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
     }
     prime_arg = arg->exp;
     if (prime_arg == NULL)
-	 prime_arg = "*";
+        prime_arg = "*";
 
     if (CHANGEPW_SERVICE(rqstp) || !kadm5int_acl_check(handle->context,
-					      rqst2name(rqstp),
-					      ACL_LIST, NULL, NULL)) {
-	 ret.code = KADM5_AUTH_LIST;
-	 log_unauth("kadm5_get_policies", prime_arg,
-		    &client_name, &service_name, rqstp);
+                                                       rqst2name(rqstp),
+                                                       ACL_LIST, NULL, NULL)) {
+        ret.code = KADM5_AUTH_LIST;
+        log_unauth("kadm5_get_policies", prime_arg,
+                   &client_name, &service_name, rqstp);
     } else {
-	 ret.code  = kadm5_get_policies((void *)handle,
-					       arg->exp, &ret.pols,
-					       &ret.count);
-	 if( ret.code != 0 )
-	     errmsg = krb5_get_error_message(handle->context, ret.code);
-
-	 log_done("kadm5_get_policies", prime_arg,
-		  errmsg ? errmsg : "success",
-		  &client_name, &service_name, rqstp);
-
-	if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+        ret.code  = kadm5_get_policies((void *)handle,
+                                       arg->exp, &ret.pols,
+                                       &ret.count);
+        if( ret.code != 0 )
+            errmsg = krb5_get_error_message(handle->context, ret.code);
+
+        log_done("kadm5_get_policies", prime_arg,
+                 errmsg ? errmsg : "success",
+                 &client_name, &service_name, rqstp);
+
+        if (errmsg != NULL)
+            krb5_free_error_message(handle->context, errmsg);
     }
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
@@ -1524,104 +1525,104 @@ exit_func:
 
 getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
 {
-     static getprivs_ret	    ret;
-     gss_buffer_desc		    client_name, service_name;
-     OM_uint32			    minor_stat;
-     kadm5_server_handle_t	    handle;
-     const char			    *errmsg = NULL;
+    static getprivs_ret            ret;
+    gss_buffer_desc                client_name, service_name;
+    OM_uint32                      minor_stat;
+    kadm5_server_handle_t          handle;
+    const char                     *errmsg = NULL;
 
-     xdr_free(xdr_getprivs_ret, &ret);
+    xdr_free(xdr_getprivs_ret, &ret);
 
-     if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
-	  goto exit_func;
+    if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
+        goto exit_func;
 
-     if ((ret.code = check_handle((void *)handle)))
-	  goto exit_func;
+    if ((ret.code = check_handle((void *)handle)))
+        goto exit_func;
 
-     ret.api_version = handle->api_version;
+    ret.api_version = handle->api_version;
 
-     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	  ret.code = KADM5_FAILURE;
-	  goto exit_func;
-     }
+    if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
+    }
 
-     ret.code = kadm5_get_privs((void *)handle, &ret.privs);
-     if( ret.code != 0 )
-	 errmsg = krb5_get_error_message(handle->context, ret.code);
+    ret.code = kadm5_get_privs((void *)handle, &ret.privs);
+    if( ret.code != 0 )
+        errmsg = krb5_get_error_message(handle->context, ret.code);
 
-     log_done("kadm5_get_privs", client_name.value,
-	      errmsg ? errmsg : "success",
-	      &client_name, &service_name, rqstp);
+    log_done("kadm5_get_privs", client_name.value,
+             errmsg ? errmsg : "success",
+             &client_name, &service_name, rqstp);
 
-     if (errmsg != NULL)
-		krb5_free_error_message(handle->context, errmsg);
+    if (errmsg != NULL)
+        krb5_free_error_message(handle->context, errmsg);
 
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
+    gss_release_buffer(&minor_stat, &client_name);
+    gss_release_buffer(&minor_stat, &service_name);
 exit_func:
-     free_server_handle(handle);
-     return &ret;
+    free_server_handle(handle);
+    return &ret;
 }
 
 generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
 {
-     static generic_ret		ret;
-     gss_buffer_desc		client_name,
-	 			service_name;
-     kadm5_server_handle_t	handle;
-     OM_uint32			minor_stat;
-     const char			*errmsg = NULL;
-     size_t clen, slen;
-     char *cdots, *sdots;
-
-     xdr_free(xdr_generic_ret, &ret);
-
-     if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
-	  goto exit_func;
-     if (! (ret.code = check_handle((void *)handle))) {
-	 ret.api_version = handle->api_version;
-     }
-
-     free_server_handle(handle);
-
-     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
-	  ret.code = KADM5_FAILURE;
-	  goto exit_func;
-     }
-
-     if (ret.code != 0)
-	 errmsg = krb5_get_error_message(NULL, ret.code);
-
-     clen = client_name.length;
-     trunc_name(&clen, &cdots);
-     slen = service_name.length;
-     trunc_name(&slen, &sdots);
-     /* okay to cast lengths to int because trunc_name limits max value */
-     krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, "
-		      "client=%.*s%s, service=%.*s%s, addr=%s, "
-		      "vers=%d, flavor=%d",
-		      (int)clen, (char *)client_name.value, cdots,
-		      errmsg ? errmsg : "success",
-		      (int)clen, (char *)client_name.value, cdots,
-		      (int)slen, (char *)service_name.value, sdots,
-		      inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
-		      ret.api_version & ~(KADM5_API_VERSION_MASK),
-		      rqstp->rq_cred.oa_flavor);
-     if (errmsg != NULL)
-	 krb5_free_error_message(NULL, errmsg);
-     gss_release_buffer(&minor_stat, &client_name);
-     gss_release_buffer(&minor_stat, &service_name);
-	    
+    static generic_ret         ret;
+    gss_buffer_desc            client_name,
+        service_name;
+    kadm5_server_handle_t      handle;
+    OM_uint32                  minor_stat;
+    const char                 *errmsg = NULL;
+    size_t clen, slen;
+    char *cdots, *sdots;
+
+    xdr_free(xdr_generic_ret, &ret);
+
+    if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
+        goto exit_func;
+    if (! (ret.code = check_handle((void *)handle))) {
+        ret.api_version = handle->api_version;
+    }
+
+    free_server_handle(handle);
+
+    if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
+        ret.code = KADM5_FAILURE;
+        goto exit_func;
+    }
+
+    if (ret.code != 0)
+        errmsg = krb5_get_error_message(NULL, ret.code);
+
+    clen = client_name.length;
+    trunc_name(&clen, &cdots);
+    slen = service_name.length;
+    trunc_name(&slen, &sdots);
+    /* okay to cast lengths to int because trunc_name limits max value */
+    krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, "
+                     "client=%.*s%s, service=%.*s%s, addr=%s, "
+                     "vers=%d, flavor=%d",
+                     (int)clen, (char *)client_name.value, cdots,
+                     errmsg ? errmsg : "success",
+                     (int)clen, (char *)client_name.value, cdots,
+                     (int)slen, (char *)service_name.value, sdots,
+                     inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr),
+                     ret.api_version & ~(KADM5_API_VERSION_MASK),
+                     rqstp->rq_cred.oa_flavor);
+    if (errmsg != NULL)
+        krb5_free_error_message(NULL, errmsg);
+    gss_release_buffer(&minor_stat, &client_name);
+    gss_release_buffer(&minor_stat, &service_name);
+
 exit_func:
-     return(&ret);
+    return(&ret);
 }
 
 gss_name_t
 rqst2name(struct svc_req *rqstp)
 {
 
-     if (rqstp->rq_cred.oa_flavor == RPCSEC_GSS)
-	  return rqstp->rq_clntname;
-     else
-	  return rqstp->rq_clntcred;
+    if (rqstp->rq_cred.oa_flavor == RPCSEC_GSS)
+        return rqstp->rq_clntname;
+    else
+        return rqstp->rq_clntcred;
 }
diff --git a/src/kadmin/testing/util/bsddb_dump.c b/src/kadmin/testing/util/bsddb_dump.c
index ba69b8461..5dbe7ae9c 100644
--- a/src/kadmin/testing/util/bsddb_dump.c
+++ b/src/kadmin/testing/util/bsddb_dump.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * $Id$
  */
@@ -9,56 +10,56 @@
 
 main(int argc, char *argv[])
 {
-   char *file;
-   DB *db;
-   DBT dbkey, dbdata;
-   int code, i;
+    char *file;
+    DB *db;
+    DBT dbkey, dbdata;
+    int code, i;
 
-   HASHINFO	info;
+    HASHINFO     info;
 
-   info.hash = NULL;
-   info.bsize = 256;
-   info.ffactor = 8;
-   info.nelem = 25000;
-   info.lorder = 0;
+    info.hash = NULL;
+    info.bsize = 256;
+    info.ffactor = 8;
+    info.nelem = 25000;
+    info.lorder = 0;
 
-   if (argc != 2) {
-      fprintf(stderr, "usage: argv[0] dbfile\n");
-      exit(2);
-   }
-	      
-   file = argv[1];
+    if (argc != 2) {
+        fprintf(stderr, "usage: argv[0] dbfile\n");
+        exit(2);
+    }
 
-   if((db = dbopen(file, O_RDWR, 0666, DB_HASH, &info)) == NULL) {
-      perror("Opening db file");
-      exit(1);
-   }
+    file = argv[1];
 
-   if ((code = (*db->seq)(db, &dbkey, &dbdata, R_FIRST)) == -1) { 
-      perror("starting db iteration");
-      exit(1);
-   }
+    if((db = dbopen(file, O_RDWR, 0666, DB_HASH, &info)) == NULL) {
+        perror("Opening db file");
+        exit(1);
+    }
 
-   while (code == 0) {
-      for (i=0; i<dbkey.size; i++)
-	 printf("%02x", (int) ((unsigned char *) dbkey.data)[i]);
-      printf("\t");
-      for (i=0; i<dbdata.size; i++)
-	 printf("%02x", (int) ((unsigned char *) dbdata.data)[i]);
-      printf("\n");
+    if ((code = (*db->seq)(db, &dbkey, &dbdata, R_FIRST)) == -1) {
+        perror("starting db iteration");
+        exit(1);
+    }
 
-      code = (*db->seq)(db, &dbkey, &dbdata, R_NEXT);
-   }
+    while (code == 0) {
+        for (i=0; i<dbkey.size; i++)
+            printf("%02x", (int) ((unsigned char *) dbkey.data)[i]);
+        printf("\t");
+        for (i=0; i<dbdata.size; i++)
+            printf("%02x", (int) ((unsigned char *) dbdata.data)[i]);
+        printf("\n");
 
-   if (code == -1) {
-      perror("during db iteration");
-      exit(1);
-   }
+        code = (*db->seq)(db, &dbkey, &dbdata, R_NEXT);
+    }
 
-   if ((*db->close)(db) == -1) {
-      perror("closing db");
-      exit(1);
-   }
+    if (code == -1) {
+        perror("during db iteration");
+        exit(1);
+    }
 
-   exit(0);
+    if ((*db->close)(db) == -1) {
+        perror("closing db");
+        exit(1);
+    }
+
+    exit(0);
 }
diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c
index 08f3a52a4..b28635699 100644
--- a/src/kadmin/testing/util/tcl_kadm5.c
+++ b/src/kadmin/testing/util/tcl_kadm5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "autoconf.h"
 #include <stdio.h>
 #include <string.h>
@@ -15,96 +16,96 @@
 #include "tcl_kadm5.h"
 
 struct flagval {
-     char *name;
-     krb5_flags val;
+    char *name;
+    krb5_flags val;
 };
 
 /* XXX This should probably be in the hash table like server_handle */
 static krb5_context context;
 
 static struct flagval krb5_flags_array[] = {
-     {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED},
-     {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE},
-     {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED},
-     {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE},
-     {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE},
-     {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY},
-     {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX},
-     {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH},
-     {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH},
-     {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE},
-     {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR},
-     {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE}
+    {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED},
+    {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE},
+    {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED},
+    {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE},
+    {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE},
+    {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY},
+    {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX},
+    {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH},
+    {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH},
+    {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE},
+    {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR},
+    {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE}
 };
 
 static struct flagval aux_attributes[] = {
-     {"KADM5_POLICY",   KADM5_POLICY}
+    {"KADM5_POLICY",   KADM5_POLICY}
 };
 
 static struct flagval principal_mask_flags[] = {
-     {"KADM5_PRINCIPAL", KADM5_PRINCIPAL},
-     {"KADM5_PRINC_EXPIRE_TIME", KADM5_PRINC_EXPIRE_TIME},
-     {"KADM5_PW_EXPIRATION", KADM5_PW_EXPIRATION},
-     {"KADM5_LAST_PWD_CHANGE", KADM5_LAST_PWD_CHANGE},
-     {"KADM5_ATTRIBUTES", KADM5_ATTRIBUTES},
-     {"KADM5_MAX_LIFE", KADM5_MAX_LIFE},
-     {"KADM5_MOD_TIME", KADM5_MOD_TIME},
-     {"KADM5_MOD_NAME", KADM5_MOD_NAME},
-     {"KADM5_KVNO", KADM5_KVNO},
-     {"KADM5_MKVNO", KADM5_MKVNO},
-     {"KADM5_AUX_ATTRIBUTES", KADM5_AUX_ATTRIBUTES},
-     {"KADM5_POLICY", KADM5_POLICY},
-     {"KADM5_POLICY_CLR", KADM5_POLICY_CLR},
-     {"KADM5_MAX_RLIFE", KADM5_MAX_RLIFE},
-     {"KADM5_LAST_SUCCESS", KADM5_LAST_SUCCESS},
-     {"KADM5_LAST_FAILED", KADM5_LAST_FAILED},
-     {"KADM5_FAIL_AUTH_COUNT", KADM5_FAIL_AUTH_COUNT},
-     {"KADM5_KEY_DATA", KADM5_KEY_DATA},
-     {"KADM5_TL_DATA", KADM5_TL_DATA},
-     {"KADM5_PRINCIPAL_NORMAL_MASK", KADM5_PRINCIPAL_NORMAL_MASK}
+    {"KADM5_PRINCIPAL", KADM5_PRINCIPAL},
+    {"KADM5_PRINC_EXPIRE_TIME", KADM5_PRINC_EXPIRE_TIME},
+    {"KADM5_PW_EXPIRATION", KADM5_PW_EXPIRATION},
+    {"KADM5_LAST_PWD_CHANGE", KADM5_LAST_PWD_CHANGE},
+    {"KADM5_ATTRIBUTES", KADM5_ATTRIBUTES},
+    {"KADM5_MAX_LIFE", KADM5_MAX_LIFE},
+    {"KADM5_MOD_TIME", KADM5_MOD_TIME},
+    {"KADM5_MOD_NAME", KADM5_MOD_NAME},
+    {"KADM5_KVNO", KADM5_KVNO},
+    {"KADM5_MKVNO", KADM5_MKVNO},
+    {"KADM5_AUX_ATTRIBUTES", KADM5_AUX_ATTRIBUTES},
+    {"KADM5_POLICY", KADM5_POLICY},
+    {"KADM5_POLICY_CLR", KADM5_POLICY_CLR},
+    {"KADM5_MAX_RLIFE", KADM5_MAX_RLIFE},
+    {"KADM5_LAST_SUCCESS", KADM5_LAST_SUCCESS},
+    {"KADM5_LAST_FAILED", KADM5_LAST_FAILED},
+    {"KADM5_FAIL_AUTH_COUNT", KADM5_FAIL_AUTH_COUNT},
+    {"KADM5_KEY_DATA", KADM5_KEY_DATA},
+    {"KADM5_TL_DATA", KADM5_TL_DATA},
+    {"KADM5_PRINCIPAL_NORMAL_MASK", KADM5_PRINCIPAL_NORMAL_MASK}
 };
 
 static struct flagval policy_mask_flags[] = {
-     {"KADM5_POLICY", KADM5_POLICY},
-     {"KADM5_PW_MAX_LIFE", KADM5_PW_MAX_LIFE},
-     {"KADM5_PW_MIN_LIFE", KADM5_PW_MIN_LIFE},
-     {"KADM5_PW_MIN_LENGTH", KADM5_PW_MIN_LENGTH},
-     {"KADM5_PW_MIN_CLASSES", KADM5_PW_MIN_CLASSES},
-     {"KADM5_PW_HISTORY_NUM", KADM5_PW_HISTORY_NUM},
-     {"KADM5_REF_COUNT", KADM5_REF_COUNT},
-     {"KADM5_PW_MAX_FAILURE", KADM5_PW_MAX_FAILURE},
-     {"KADM5_PW_FAILURE_COUNT_INTERVAL", KADM5_PW_FAILURE_COUNT_INTERVAL},
-     {"KADM5_PW_LOCKOUT_DURATION", KADM5_PW_LOCKOUT_DURATION},
+    {"KADM5_POLICY", KADM5_POLICY},
+    {"KADM5_PW_MAX_LIFE", KADM5_PW_MAX_LIFE},
+    {"KADM5_PW_MIN_LIFE", KADM5_PW_MIN_LIFE},
+    {"KADM5_PW_MIN_LENGTH", KADM5_PW_MIN_LENGTH},
+    {"KADM5_PW_MIN_CLASSES", KADM5_PW_MIN_CLASSES},
+    {"KADM5_PW_HISTORY_NUM", KADM5_PW_HISTORY_NUM},
+    {"KADM5_REF_COUNT", KADM5_REF_COUNT},
+    {"KADM5_PW_MAX_FAILURE", KADM5_PW_MAX_FAILURE},
+    {"KADM5_PW_FAILURE_COUNT_INTERVAL", KADM5_PW_FAILURE_COUNT_INTERVAL},
+    {"KADM5_PW_LOCKOUT_DURATION", KADM5_PW_LOCKOUT_DURATION},
 };
 
 static struct flagval config_mask_flags[] = {
-     {"KADM5_CONFIG_REALM", KADM5_CONFIG_REALM},
-     {"KADM5_CONFIG_DBNAME", KADM5_CONFIG_DBNAME},
-     {"KADM5_CONFIG_MKEY_NAME", KADM5_CONFIG_MKEY_NAME},
-     {"KADM5_CONFIG_MAX_LIFE", KADM5_CONFIG_MAX_LIFE},
-     {"KADM5_CONFIG_MAX_RLIFE", KADM5_CONFIG_MAX_RLIFE},
-     {"KADM5_CONFIG_EXPIRATION", KADM5_CONFIG_EXPIRATION},
-     {"KADM5_CONFIG_FLAGS", KADM5_CONFIG_FLAGS},
-     {"KADM5_CONFIG_ADMIN_KEYTAB", KADM5_CONFIG_ADMIN_KEYTAB},
-     {"KADM5_CONFIG_STASH_FILE", KADM5_CONFIG_STASH_FILE},
-     {"KADM5_CONFIG_ENCTYPE", KADM5_CONFIG_ENCTYPE},
-     {"KADM5_CONFIG_ADBNAME", KADM5_CONFIG_ADBNAME},
-     {"KADM5_CONFIG_ADB_LOCKFILE", KADM5_CONFIG_ADB_LOCKFILE},
-     {"KADM5_CONFIG_ACL_FILE", KADM5_CONFIG_ACL_FILE},
-     {"KADM5_CONFIG_KADMIND_PORT", KADM5_CONFIG_KADMIND_PORT},
-     {"KADM5_CONFIG_ENCTYPES", KADM5_CONFIG_ENCTYPES},
-     {"KADM5_CONFIG_ADMIN_SERVER", KADM5_CONFIG_ADMIN_SERVER},
-     {"KADM5_CONFIG_DICT_FILE", KADM5_CONFIG_DICT_FILE},
-     {"KADM5_CONFIG_MKEY_FROM_KBD", KADM5_CONFIG_MKEY_FROM_KBD},
+    {"KADM5_CONFIG_REALM", KADM5_CONFIG_REALM},
+    {"KADM5_CONFIG_DBNAME", KADM5_CONFIG_DBNAME},
+    {"KADM5_CONFIG_MKEY_NAME", KADM5_CONFIG_MKEY_NAME},
+    {"KADM5_CONFIG_MAX_LIFE", KADM5_CONFIG_MAX_LIFE},
+    {"KADM5_CONFIG_MAX_RLIFE", KADM5_CONFIG_MAX_RLIFE},
+    {"KADM5_CONFIG_EXPIRATION", KADM5_CONFIG_EXPIRATION},
+    {"KADM5_CONFIG_FLAGS", KADM5_CONFIG_FLAGS},
+    {"KADM5_CONFIG_ADMIN_KEYTAB", KADM5_CONFIG_ADMIN_KEYTAB},
+    {"KADM5_CONFIG_STASH_FILE", KADM5_CONFIG_STASH_FILE},
+    {"KADM5_CONFIG_ENCTYPE", KADM5_CONFIG_ENCTYPE},
+    {"KADM5_CONFIG_ADBNAME", KADM5_CONFIG_ADBNAME},
+    {"KADM5_CONFIG_ADB_LOCKFILE", KADM5_CONFIG_ADB_LOCKFILE},
+    {"KADM5_CONFIG_ACL_FILE", KADM5_CONFIG_ACL_FILE},
+    {"KADM5_CONFIG_KADMIND_PORT", KADM5_CONFIG_KADMIND_PORT},
+    {"KADM5_CONFIG_ENCTYPES", KADM5_CONFIG_ENCTYPES},
+    {"KADM5_CONFIG_ADMIN_SERVER", KADM5_CONFIG_ADMIN_SERVER},
+    {"KADM5_CONFIG_DICT_FILE", KADM5_CONFIG_DICT_FILE},
+    {"KADM5_CONFIG_MKEY_FROM_KBD", KADM5_CONFIG_MKEY_FROM_KBD},
 };
 
 static struct flagval priv_flags[] = {
-     {"KADM5_PRIV_GET", KADM5_PRIV_GET},
-     {"KADM5_PRIV_ADD", KADM5_PRIV_ADD},
-     {"KADM5_PRIV_MODIFY", KADM5_PRIV_MODIFY},
-     {"KADM5_PRIV_DELETE", KADM5_PRIV_DELETE}
+    {"KADM5_PRIV_GET", KADM5_PRIV_GET},
+    {"KADM5_PRIV_ADD", KADM5_PRIV_ADD},
+    {"KADM5_PRIV_MODIFY", KADM5_PRIV_MODIFY},
+    {"KADM5_PRIV_DELETE", KADM5_PRIV_DELETE}
 };
-    
+
 
 static char *arg_error = "wrong # args";
 
@@ -117,18 +118,18 @@ static int put_server_handle(Tcl_Interp *interp, void *handle, char **name)
     Tcl_HashEntry *entry;
 
     if (! struct_table) {
-	if (! (struct_table =
-	       malloc(sizeof(*struct_table)))) {
-	    fprintf(stderr, "Out of memory!\n");
-	    exit(1); /* XXX */
-	}
-	Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
+        if (! (struct_table =
+               malloc(sizeof(*struct_table)))) {
+            fprintf(stderr, "Out of memory!\n");
+            exit(1); /* XXX */
+        }
+        Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
     }
 
     do {
-	sprintf(buf, "kadm5_handle%d", i);
-	entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
-	i++;
+        sprintf(buf, "kadm5_handle%d", i);
+        entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
+        i++;
     } while (! newPtr);
 
     Tcl_SetHashValue(entry, handle);
@@ -139,19 +140,19 @@ static int put_server_handle(Tcl_Interp *interp, void *handle, char **name)
 }
 
 static int get_server_handle(Tcl_Interp *interp, const char *name,
-			     void **handle) 
+                             void **handle)
 {
     Tcl_HashEntry *entry;
 
     if(!strcasecmp(name, "null"))
-	*handle = 0;
+        *handle = 0;
     else {
-	if (! (struct_table &&
-	       (entry = Tcl_FindHashEntry(struct_table, name)))) {
-	    Tcl_AppendResult(interp, "unknown server handle ", name, 0);
-	    return TCL_ERROR;
-	}
-	*handle = (void *) Tcl_GetHashValue(entry);
+        if (! (struct_table &&
+               (entry = Tcl_FindHashEntry(struct_table, name)))) {
+            Tcl_AppendResult(interp, "unknown server handle ", name, 0);
+            return TCL_ERROR;
+        }
+        *handle = (void *) Tcl_GetHashValue(entry);
     }
     return TCL_OK;
 }
@@ -161,2413 +162,2413 @@ static int remove_server_handle(Tcl_Interp *interp, const char *name)
     Tcl_HashEntry *entry;
 
     if (! (struct_table &&
-	   (entry = Tcl_FindHashEntry(struct_table, name)))) {
-	Tcl_AppendResult(interp, "unknown server handle ", name, 0);
-	return TCL_ERROR;
+           (entry = Tcl_FindHashEntry(struct_table, name)))) {
+        Tcl_AppendResult(interp, "unknown server handle ", name, 0);
+        return TCL_ERROR;
     }
 
     Tcl_SetHashValue(entry, NULL);
     return TCL_OK;
 }
 
-#define GET_HANDLE(num_args, ignored) \
-    void *server_handle; \
-    const char *whoami = argv[0]; \
-    argv++, argc--; \
-    if (argc != num_args + 1) { \
-	Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \
-	return TCL_ERROR; \
-    } \
-    { \
-	int ltcl_ret; \
-	if ((ltcl_ret = get_server_handle(interp, argv[0], &server_handle)) \
-	    != TCL_OK) { \
-	    return ltcl_ret; \
-	} \
-    } \
+#define GET_HANDLE(num_args, ignored)                                   \
+    void *server_handle;                                                \
+    const char *whoami = argv[0];                                       \
+    argv++, argc--;                                                     \
+    if (argc != num_args + 1) {                                         \
+        Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);           \
+        return TCL_ERROR;                                               \
+    }                                                                   \
+    {                                                                   \
+        int ltcl_ret;                                                   \
+        if ((ltcl_ret = get_server_handle(interp, argv[0], &server_handle)) \
+            != TCL_OK) {                                                \
+            return ltcl_ret;                                            \
+        }                                                               \
+    }                                                                   \
     argv++, argc--;
 
 static Tcl_HashTable *create_flag_table(struct flagval *flags, int size)
 {
-     Tcl_HashTable *table;
-     Tcl_HashEntry *entry;
-     int i;
+    Tcl_HashTable *table;
+    Tcl_HashEntry *entry;
+    int i;
 
-     if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
+    if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
 
-     Tcl_InitHashTable(table, TCL_STRING_KEYS);
+    Tcl_InitHashTable(table, TCL_STRING_KEYS);
 
-     for (i = 0; i < size; i++) {
-	  int newPtr;
-	       
-	  if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) {
-	       fprintf(stderr, "Out of memory!\n");
-	       exit(1); /* XXX */
-	  }
+    for (i = 0; i < size; i++) {
+        int newPtr;
 
-	  Tcl_SetHashValue(entry, &flags[i].val);
-     }
+        if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) {
+            fprintf(stderr, "Out of memory!\n");
+            exit(1); /* XXX */
+        }
 
-     return table;
+        Tcl_SetHashValue(entry, &flags[i].val);
+    }
+
+    return table;
 }
 
 
 static Tcl_DString *unparse_str(char *in_str)
 {
-     Tcl_DString *str;
+    Tcl_DString *str;
 
-     if (! (str = malloc(sizeof(*str)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
+    if (! (str = malloc(sizeof(*str)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
 
-     Tcl_DStringInit(str);
+    Tcl_DStringInit(str);
 
-     if (! in_str) {
-	  Tcl_DStringAppend(str, "null", -1);
-     }
-     else {
-	  Tcl_DStringAppend(str, in_str, -1);
-     }
+    if (! in_str) {
+        Tcl_DStringAppend(str, "null", -1);
+    }
+    else {
+        Tcl_DStringAppend(str, in_str, -1);
+    }
 
-     return str;
+    return str;
 }
 
 
-	  
+
 static int parse_str(Tcl_Interp *interp, const char *in_str, char **out_str)
 {
-     if (! in_str) {
-	  *out_str = 0;
-     }
-     else if (! strcasecmp(in_str, "null")) {
-	  *out_str = 0;
-     }
-     else {
-	  *out_str = (char *) in_str;
-     }
-     return TCL_OK;
+    if (! in_str) {
+        *out_str = 0;
+    }
+    else if (! strcasecmp(in_str, "null")) {
+        *out_str = 0;
+    }
+    else {
+        *out_str = (char *) in_str;
+    }
+    return TCL_OK;
 }
 
 
 static void set_ok(Tcl_Interp *interp, char *string)
 {
-     Tcl_SetResult(interp, "OK", TCL_STATIC);
-     Tcl_AppendElement(interp, "KADM5_OK");
-     Tcl_AppendElement(interp, string);
+    Tcl_SetResult(interp, "OK", TCL_STATIC);
+    Tcl_AppendElement(interp, "KADM5_OK");
+    Tcl_AppendElement(interp, string);
 }
 
 
 
 static Tcl_DString *unparse_err(kadm5_ret_t code)
 {
-     char *code_string;
-     const char *error_string;
-     Tcl_DString *dstring;
-
-     switch (code) {
-     case KADM5_FAILURE: code_string = "KADM5_FAILURE"; break;
-     case KADM5_AUTH_GET: code_string = "KADM5_AUTH_GET"; break;
-     case KADM5_AUTH_ADD: code_string = "KADM5_AUTH_ADD"; break;
-     case KADM5_AUTH_MODIFY:
-	  code_string = "KADM5_AUTH_MODIFY"; break;
-     case KADM5_AUTH_DELETE:
-	  code_string = "KADM5_AUTH_DELETE"; break;
-     case KADM5_AUTH_INSUFFICIENT:
-	  code_string = "KADM5_AUTH_INSUFFICIENT"; break;
-     case KADM5_BAD_DB: code_string = "KADM5_BAD_DB"; break;
-     case KADM5_DUP: code_string = "KADM5_DUP"; break;
-     case KADM5_RPC_ERROR: code_string = "KADM5_RPC_ERROR"; break;
-     case KADM5_NO_SRV: code_string = "KADM5_NO_SRV"; break;
-     case KADM5_BAD_HIST_KEY:
-	  code_string = "KADM5_BAD_HIST_KEY"; break;
-     case KADM5_NOT_INIT: code_string = "KADM5_NOT_INIT"; break;
-     case KADM5_INIT: code_string = "KADM5_INIT"; break;
-     case KADM5_BAD_PASSWORD:
-	  code_string = "KADM5_BAD_PASSWORD"; break;
-     case KADM5_UNK_PRINC: code_string = "KADM5_UNK_PRINC"; break;
-     case KADM5_UNK_POLICY: code_string = "KADM5_UNK_POLICY"; break;
-     case KADM5_BAD_MASK: code_string = "KADM5_BAD_MASK"; break;
-     case KADM5_BAD_CLASS: code_string = "KADM5_BAD_CLASS"; break;
-     case KADM5_BAD_LENGTH: code_string = "KADM5_BAD_LENGTH"; break;
-     case KADM5_BAD_POLICY: code_string = "KADM5_BAD_POLICY"; break;
-     case KADM5_BAD_HISTORY: code_string = "KADM5_BAD_HISTORY"; break;
-     case KADM5_BAD_PRINCIPAL:
-	  code_string = "KADM5_BAD_PRINCIPAL"; break;
-     case KADM5_BAD_AUX_ATTR:
-	  code_string = "KADM5_BAD_AUX_ATTR"; break;
-     case KADM5_PASS_Q_TOOSHORT:
-	  code_string = "KADM5_PASS_Q_TOOSHORT"; break;
-     case KADM5_PASS_Q_CLASS:
-	  code_string = "KADM5_PASS_Q_CLASS"; break;
-     case KADM5_PASS_Q_DICT:
-	  code_string = "KADM5_PASS_Q_DICT"; break;
-     case KADM5_PASS_REUSE: code_string = "KADM5_PASS_REUSE"; break;
-     case KADM5_PASS_TOOSOON:
-	  code_string = "KADM5_PASS_TOOSOON"; break;
-     case KADM5_POLICY_REF:
-	  code_string = "KADM5_POLICY_REF"; break;
-     case KADM5_PROTECT_PRINCIPAL:
-	  code_string = "KADM5_PROTECT_PRINCIPAL"; break;
-     case KADM5_BAD_SERVER_HANDLE:
-	  code_string = "KADM5_BAD_SERVER_HANDLE"; break;
-     case KADM5_BAD_STRUCT_VERSION:
-     	  code_string = "KADM5_BAD_STRUCT_VERSION"; break;
-     case KADM5_OLD_STRUCT_VERSION:
-	  code_string = "KADM5_OLD_STRUCT_VERSION"; break;
-     case KADM5_NEW_STRUCT_VERSION:
-	  code_string = "KADM5_NEW_STRUCT_VERSION"; break;
-     case KADM5_BAD_API_VERSION:
-	  code_string = "KADM5_BAD_API_VERSION"; break;
-     case KADM5_OLD_LIB_API_VERSION:
-     	  code_string = "KADM5_OLD_LIB_API_VERSION"; break;
-     case KADM5_OLD_SERVER_API_VERSION:
-     	  code_string = "KADM5_OLD_SERVER_API_VERSION"; break;
-     case KADM5_NEW_LIB_API_VERSION:
-     	  code_string = "KADM5_NEW_LIB_API_VERSION"; break;
-     case KADM5_NEW_SERVER_API_VERSION:
-	  code_string = "KADM5_NEW_SERVER_API_VERSION"; break;
-     case KADM5_SECURE_PRINC_MISSING:
-	  code_string = "KADM5_SECURE_PRINC_MISSING"; break;
-     case KADM5_NO_RENAME_SALT:
-	  code_string = "KADM5_NO_RENAME_SALT"; break;
-     case KADM5_BAD_CLIENT_PARAMS:
-	  code_string = "KADM5_BAD_CLIENT_PARAMS"; break;
-     case KADM5_BAD_SERVER_PARAMS:
-	  code_string = "KADM5_BAD_SERVER_PARAMS"; break;
-     case KADM5_AUTH_LIST:
-	  code_string = "KADM5_AUTH_LIST"; break;
-     case KADM5_AUTH_CHANGEPW:
-	  code_string = "KADM5_AUTH_CHANGEPW"; break;
-     case KADM5_GSS_ERROR: code_string = "KADM5_GSS_ERROR"; break;
-     case KADM5_BAD_TL_TYPE: code_string = "KADM5_BAD_TL_TYPE"; break; 
-     case KADM5_MISSING_CONF_PARAMS:
-	  code_string = "KADM5_MISSING_CONF_PARAMS"; break;
-     case KADM5_BAD_SERVER_NAME:
-	  code_string = "KADM5_BAD_SERVER_NAME"; break;
-     case KADM5_MISSING_KRB5_CONF_PARAMS:
-	  code_string = "KADM5_MISSING_KRB5_CONF_PARAMS"; break;
-
-
-     case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break;
-     case OSA_ADB_NOENT: code_string = "ENOENT"; break;
-     case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break;
-     case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break;
-     case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break;
-     case OSA_ADB_BAD_DB: code_string = "Invalid database."; break;
-     case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break;
-     case OSA_ADB_BADLOCKMODE: code_string = "OSA_ADB_BADLOCKMODE"; break;
-     case OSA_ADB_CANTLOCK_DB: code_string = "OSA_ADB_CANTLOCK_DB"; break;
-     case OSA_ADB_NOTLOCKED: code_string = "OSA_ADB_NOTLOCKED"; break;
-     case OSA_ADB_NOLOCKFILE: code_string = "OSA_ADB_NOLOCKFILE"; break;
-     case OSA_ADB_NOEXCL_PERM: code_string = "OSA_ADB_NOEXCL_PERM"; break;
-
-     case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break;
-     case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break;
-     case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break;
-     case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break;
-     case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break;
-     case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break;
-     case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break;
-     case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break;
-     case KRB5_KDB_TRUNCATED_RECORD:
-	  code_string = "KRB5_KDB_TRUNCATED_RECORD"; break;
-     case KRB5_KDB_RECURSIVELOCK:
-	  code_string = "KRB5_KDB_RECURSIVELOCK"; break;
-     case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break;
-     case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break;
-     case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break;
-     case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break;
-     case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break;
-     case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break;
-     case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break;
-     case KRB5_KDB_INVALIDKEYSIZE:
-	  code_string = "KRB5_KDB_INVALIDKEYSIZE"; break;
-     case KRB5_KDB_CANTREAD_STORED:
-	  code_string = "KRB5_KDB_CANTREAD_STORED"; break;
-     case KRB5_KDB_BADSTORED_MKEY:
-	  code_string = "KRB5_KDB_BADSTORED_MKEY"; break;
-     case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break;
-     case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break;
-
-     case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break;
-     case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break;
-     case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break;
-     case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break;
-     case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break;
-     case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break;
-     case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string  = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break;
-     case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break;
-     case KRB5_CONFIG_BADFORMAT: code_string = "KRB5_CONFIG_BADFORMAT"; break;
-
-     case KRB5_CC_NOTFOUND: code_string = "KRB5_CC_NOTFOUND"; break;
-     case KRB5_FCC_NOFILE: code_string = "KRB5_FCC_NOFILE"; break;
-
-     case EINVAL: code_string = "EINVAL"; break;
-     case ENOENT: code_string = "ENOENT"; break;
-
-     default:
-	 fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code,
-		 error_message (code));
-	 code_string = "UNKNOWN";
-	 break;
-     }
-
-     error_string = error_message(code);
-
-     if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX Do we really want to exit?  Ok if this is */
-		   /* just a test program, but what about if it gets */
-		   /* used for other things later? */
-     }
-
-     Tcl_DStringInit(dstring);
-
-     if (! (Tcl_DStringAppendElement(dstring, "ERROR") &&
-	    Tcl_DStringAppendElement(dstring, code_string) &&
-	    Tcl_DStringAppendElement(dstring, error_string))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
-     
-     return dstring;
+    char *code_string;
+    const char *error_string;
+    Tcl_DString *dstring;
+
+    switch (code) {
+    case KADM5_FAILURE: code_string = "KADM5_FAILURE"; break;
+    case KADM5_AUTH_GET: code_string = "KADM5_AUTH_GET"; break;
+    case KADM5_AUTH_ADD: code_string = "KADM5_AUTH_ADD"; break;
+    case KADM5_AUTH_MODIFY:
+        code_string = "KADM5_AUTH_MODIFY"; break;
+    case KADM5_AUTH_DELETE:
+        code_string = "KADM5_AUTH_DELETE"; break;
+    case KADM5_AUTH_INSUFFICIENT:
+        code_string = "KADM5_AUTH_INSUFFICIENT"; break;
+    case KADM5_BAD_DB: code_string = "KADM5_BAD_DB"; break;
+    case KADM5_DUP: code_string = "KADM5_DUP"; break;
+    case KADM5_RPC_ERROR: code_string = "KADM5_RPC_ERROR"; break;
+    case KADM5_NO_SRV: code_string = "KADM5_NO_SRV"; break;
+    case KADM5_BAD_HIST_KEY:
+        code_string = "KADM5_BAD_HIST_KEY"; break;
+    case KADM5_NOT_INIT: code_string = "KADM5_NOT_INIT"; break;
+    case KADM5_INIT: code_string = "KADM5_INIT"; break;
+    case KADM5_BAD_PASSWORD:
+        code_string = "KADM5_BAD_PASSWORD"; break;
+    case KADM5_UNK_PRINC: code_string = "KADM5_UNK_PRINC"; break;
+    case KADM5_UNK_POLICY: code_string = "KADM5_UNK_POLICY"; break;
+    case KADM5_BAD_MASK: code_string = "KADM5_BAD_MASK"; break;
+    case KADM5_BAD_CLASS: code_string = "KADM5_BAD_CLASS"; break;
+    case KADM5_BAD_LENGTH: code_string = "KADM5_BAD_LENGTH"; break;
+    case KADM5_BAD_POLICY: code_string = "KADM5_BAD_POLICY"; break;
+    case KADM5_BAD_HISTORY: code_string = "KADM5_BAD_HISTORY"; break;
+    case KADM5_BAD_PRINCIPAL:
+        code_string = "KADM5_BAD_PRINCIPAL"; break;
+    case KADM5_BAD_AUX_ATTR:
+        code_string = "KADM5_BAD_AUX_ATTR"; break;
+    case KADM5_PASS_Q_TOOSHORT:
+        code_string = "KADM5_PASS_Q_TOOSHORT"; break;
+    case KADM5_PASS_Q_CLASS:
+        code_string = "KADM5_PASS_Q_CLASS"; break;
+    case KADM5_PASS_Q_DICT:
+        code_string = "KADM5_PASS_Q_DICT"; break;
+    case KADM5_PASS_REUSE: code_string = "KADM5_PASS_REUSE"; break;
+    case KADM5_PASS_TOOSOON:
+        code_string = "KADM5_PASS_TOOSOON"; break;
+    case KADM5_POLICY_REF:
+        code_string = "KADM5_POLICY_REF"; break;
+    case KADM5_PROTECT_PRINCIPAL:
+        code_string = "KADM5_PROTECT_PRINCIPAL"; break;
+    case KADM5_BAD_SERVER_HANDLE:
+        code_string = "KADM5_BAD_SERVER_HANDLE"; break;
+    case KADM5_BAD_STRUCT_VERSION:
+        code_string = "KADM5_BAD_STRUCT_VERSION"; break;
+    case KADM5_OLD_STRUCT_VERSION:
+        code_string = "KADM5_OLD_STRUCT_VERSION"; break;
+    case KADM5_NEW_STRUCT_VERSION:
+        code_string = "KADM5_NEW_STRUCT_VERSION"; break;
+    case KADM5_BAD_API_VERSION:
+        code_string = "KADM5_BAD_API_VERSION"; break;
+    case KADM5_OLD_LIB_API_VERSION:
+        code_string = "KADM5_OLD_LIB_API_VERSION"; break;
+    case KADM5_OLD_SERVER_API_VERSION:
+        code_string = "KADM5_OLD_SERVER_API_VERSION"; break;
+    case KADM5_NEW_LIB_API_VERSION:
+        code_string = "KADM5_NEW_LIB_API_VERSION"; break;
+    case KADM5_NEW_SERVER_API_VERSION:
+        code_string = "KADM5_NEW_SERVER_API_VERSION"; break;
+    case KADM5_SECURE_PRINC_MISSING:
+        code_string = "KADM5_SECURE_PRINC_MISSING"; break;
+    case KADM5_NO_RENAME_SALT:
+        code_string = "KADM5_NO_RENAME_SALT"; break;
+    case KADM5_BAD_CLIENT_PARAMS:
+        code_string = "KADM5_BAD_CLIENT_PARAMS"; break;
+    case KADM5_BAD_SERVER_PARAMS:
+        code_string = "KADM5_BAD_SERVER_PARAMS"; break;
+    case KADM5_AUTH_LIST:
+        code_string = "KADM5_AUTH_LIST"; break;
+    case KADM5_AUTH_CHANGEPW:
+        code_string = "KADM5_AUTH_CHANGEPW"; break;
+    case KADM5_GSS_ERROR: code_string = "KADM5_GSS_ERROR"; break;
+    case KADM5_BAD_TL_TYPE: code_string = "KADM5_BAD_TL_TYPE"; break;
+    case KADM5_MISSING_CONF_PARAMS:
+        code_string = "KADM5_MISSING_CONF_PARAMS"; break;
+    case KADM5_BAD_SERVER_NAME:
+        code_string = "KADM5_BAD_SERVER_NAME"; break;
+    case KADM5_MISSING_KRB5_CONF_PARAMS:
+        code_string = "KADM5_MISSING_KRB5_CONF_PARAMS"; break;
+
+
+    case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break;
+    case OSA_ADB_NOENT: code_string = "ENOENT"; break;
+    case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break;
+    case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break;
+    case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break;
+    case OSA_ADB_BAD_DB: code_string = "Invalid database."; break;
+    case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break;
+    case OSA_ADB_BADLOCKMODE: code_string = "OSA_ADB_BADLOCKMODE"; break;
+    case OSA_ADB_CANTLOCK_DB: code_string = "OSA_ADB_CANTLOCK_DB"; break;
+    case OSA_ADB_NOTLOCKED: code_string = "OSA_ADB_NOTLOCKED"; break;
+    case OSA_ADB_NOLOCKFILE: code_string = "OSA_ADB_NOLOCKFILE"; break;
+    case OSA_ADB_NOEXCL_PERM: code_string = "OSA_ADB_NOEXCL_PERM"; break;
+
+    case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break;
+    case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break;
+    case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break;
+    case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break;
+    case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break;
+    case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break;
+    case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break;
+    case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break;
+    case KRB5_KDB_TRUNCATED_RECORD:
+        code_string = "KRB5_KDB_TRUNCATED_RECORD"; break;
+    case KRB5_KDB_RECURSIVELOCK:
+        code_string = "KRB5_KDB_RECURSIVELOCK"; break;
+    case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break;
+    case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break;
+    case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break;
+    case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break;
+    case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break;
+    case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break;
+    case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break;
+    case KRB5_KDB_INVALIDKEYSIZE:
+        code_string = "KRB5_KDB_INVALIDKEYSIZE"; break;
+    case KRB5_KDB_CANTREAD_STORED:
+        code_string = "KRB5_KDB_CANTREAD_STORED"; break;
+    case KRB5_KDB_BADSTORED_MKEY:
+        code_string = "KRB5_KDB_BADSTORED_MKEY"; break;
+    case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break;
+    case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break;
+
+    case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break;
+    case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break;
+    case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break;
+    case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break;
+    case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break;
+    case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break;
+    case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string  = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break;
+    case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break;
+    case KRB5_CONFIG_BADFORMAT: code_string = "KRB5_CONFIG_BADFORMAT"; break;
+
+    case KRB5_CC_NOTFOUND: code_string = "KRB5_CC_NOTFOUND"; break;
+    case KRB5_FCC_NOFILE: code_string = "KRB5_FCC_NOFILE"; break;
+
+    case EINVAL: code_string = "EINVAL"; break;
+    case ENOENT: code_string = "ENOENT"; break;
+
+    default:
+        fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code,
+                error_message (code));
+        code_string = "UNKNOWN";
+        break;
+    }
+
+    error_string = error_message(code);
+
+    if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX Do we really want to exit?  Ok if this is */
+        /* just a test program, but what about if it gets */
+        /* used for other things later? */
+    }
+
+    Tcl_DStringInit(dstring);
+
+    if (! (Tcl_DStringAppendElement(dstring, "ERROR") &&
+           Tcl_DStringAppendElement(dstring, code_string) &&
+           Tcl_DStringAppendElement(dstring, error_string))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
+
+    return dstring;
 }
 
 
 
 static void stash_error(Tcl_Interp *interp, krb5_error_code code)
 {
-     Tcl_DString *dstring = unparse_err(code);
-     Tcl_DStringResult(interp, dstring);
-     Tcl_DStringFree(dstring);
-     free(dstring);
+    Tcl_DString *dstring = unparse_err(code);
+    Tcl_DStringResult(interp, dstring);
+    Tcl_DStringFree(dstring);
+    free(dstring);
 }
 
 static Tcl_DString *unparse_key_data(krb5_key_data *key_data, int n_key_data)
 {
-     Tcl_DString *str;
-     char buf[2048];
-     int i, j;
-
-     if (! (str = malloc(sizeof(*str)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-     for (i = 0; i < n_key_data; i++) {
-	  krb5_key_data *key = &key_data[i];
-
-	  Tcl_DStringStartSublist(str);
-	  sprintf(buf, "%d", key->key_data_type[0]);
-	  Tcl_DStringAppendElement(str, buf);
-	  sprintf(buf, "%d", key->key_data_ver > 1 ?
-		  key->key_data_type[1] : -1);
-	  Tcl_DStringAppendElement(str, buf);
-	  if (key->key_data_contents[0]) {
-	       sprintf(buf, "0x");
-	       for (j = 0; j < key->key_data_length[0]; j++) {
-		    sprintf(buf + 2*(j+1), "%02x",
-			    key->key_data_contents[0][j]);
-	       }
-	  } else *buf = '\0';
-	  Tcl_DStringAppendElement(str, buf);
-	  Tcl_DStringEndSublist(str);
-     }
-     
-     return str;
+    Tcl_DString *str;
+    char buf[2048];
+    int i, j;
+
+    if (! (str = malloc(sizeof(*str)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
+
+    Tcl_DStringInit(str);
+    for (i = 0; i < n_key_data; i++) {
+        krb5_key_data *key = &key_data[i];
+
+        Tcl_DStringStartSublist(str);
+        sprintf(buf, "%d", key->key_data_type[0]);
+        Tcl_DStringAppendElement(str, buf);
+        sprintf(buf, "%d", key->key_data_ver > 1 ?
+                key->key_data_type[1] : -1);
+        Tcl_DStringAppendElement(str, buf);
+        if (key->key_data_contents[0]) {
+            sprintf(buf, "0x");
+            for (j = 0; j < key->key_data_length[0]; j++) {
+                sprintf(buf + 2*(j+1), "%02x",
+                        key->key_data_contents[0][j]);
+            }
+        } else *buf = '\0';
+        Tcl_DStringAppendElement(str, buf);
+        Tcl_DStringEndSublist(str);
+    }
+
+    return str;
 }
 
 static Tcl_DString *unparse_tl_data(krb5_tl_data *tl_data, int n_tl_data)
 {
-     Tcl_DString *str;
-     char buf[2048];
-
-     if (! (str = malloc(sizeof(*str)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-     Tcl_DStringStartSublist(str);
-     for (; tl_data; tl_data = tl_data->tl_data_next) {
-	  Tcl_DStringStartSublist(str);
-	  sprintf(buf, "%d", tl_data->tl_data_type);
-	  Tcl_DStringAppendElement(str, buf);
-	  sprintf(buf, "%d", tl_data->tl_data_length);
-	  Tcl_DStringAppendElement(str, buf);
-	  Tcl_DStringAppend(str, " ", 1);
-	  Tcl_DStringAppend(str, (char *) tl_data->tl_data_contents,
-			    tl_data->tl_data_length);
-	  Tcl_DStringEndSublist(str);
-     }
-     Tcl_DStringEndSublist(str);
-     
-     return str;
+    Tcl_DString *str;
+    char buf[2048];
+
+    if (! (str = malloc(sizeof(*str)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
+
+    Tcl_DStringInit(str);
+    Tcl_DStringStartSublist(str);
+    for (; tl_data; tl_data = tl_data->tl_data_next) {
+        Tcl_DStringStartSublist(str);
+        sprintf(buf, "%d", tl_data->tl_data_type);
+        Tcl_DStringAppendElement(str, buf);
+        sprintf(buf, "%d", tl_data->tl_data_length);
+        Tcl_DStringAppendElement(str, buf);
+        Tcl_DStringAppend(str, " ", 1);
+        Tcl_DStringAppend(str, (char *) tl_data->tl_data_contents,
+                          tl_data->tl_data_length);
+        Tcl_DStringEndSublist(str);
+    }
+    Tcl_DStringEndSublist(str);
+
+    return str;
 }
 
 static Tcl_DString *unparse_flags(struct flagval *array, int size,
-				  krb5_int32 flags)
+                                  krb5_int32 flags)
 {
-     int i;
-     Tcl_DString *str;
+    int i;
+    Tcl_DString *str;
 
-     if (! (str = malloc(sizeof(*str)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
+    if (! (str = malloc(sizeof(*str)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
 
-     Tcl_DStringInit(str);
+    Tcl_DStringInit(str);
 
-     for (i = 0; i < size; i++) {
-	  if (flags & array[i].val) {
-	       Tcl_DStringAppendElement(str, array[i].name);
-	  }
-     }
+    for (i = 0; i < size; i++) {
+        if (flags & array[i].val) {
+            Tcl_DStringAppendElement(str, array[i].name);
+        }
+    }
 
-     return str;
+    return str;
 }
 
 
 static int parse_flags(Tcl_Interp *interp, Tcl_HashTable *table,
-		       struct flagval *array, int size, const char *str,
-		       krb5_flags *flags)
+                       struct flagval *array, int size, const char *str,
+                       krb5_flags *flags)
 {
-     int tmp, argc, i, retcode = TCL_OK;
-     const char **argv;
-     Tcl_HashEntry *entry;
-
-     if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) {
-	  *flags = tmp;
-	  return TCL_OK;
-     }
-     Tcl_ResetResult(interp);
-
-     if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) {
-	  return TCL_ERROR;
-     }
-
-     if (! table) {
-	  table = create_flag_table(array, size);
-     }
-
-     *flags = 0;
-
-     for (i = 0; i < argc; i++) {
-	  if (! (entry = Tcl_FindHashEntry(table, argv[i]))) {
-	       Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0);
-	       retcode = TCL_ERROR;
-	       break;
-	  }
-	  *flags |= *(krb5_flags *) Tcl_GetHashValue(entry);
-     }
-  
-     Tcl_Free((char *) argv);
-     return(retcode);
+    int tmp, argc, i, retcode = TCL_OK;
+    const char **argv;
+    Tcl_HashEntry *entry;
+
+    if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) {
+        *flags = tmp;
+        return TCL_OK;
+    }
+    Tcl_ResetResult(interp);
+
+    if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) {
+        return TCL_ERROR;
+    }
+
+    if (! table) {
+        table = create_flag_table(array, size);
+    }
+
+    *flags = 0;
+
+    for (i = 0; i < argc; i++) {
+        if (! (entry = Tcl_FindHashEntry(table, argv[i]))) {
+            Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0);
+            retcode = TCL_ERROR;
+            break;
+        }
+        *flags |= *(krb5_flags *) Tcl_GetHashValue(entry);
+    }
+
+    Tcl_Free((char *) argv);
+    return(retcode);
 }
 
 static Tcl_DString *unparse_privs(krb5_flags flags)
 {
-     return unparse_flags(priv_flags, sizeof(priv_flags) /
-			  sizeof(struct flagval), flags);
+    return unparse_flags(priv_flags, sizeof(priv_flags) /
+                         sizeof(struct flagval), flags);
 }
 
 
 static Tcl_DString *unparse_krb5_flags(krb5_flags flags)
 {
-     return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) /
-			  sizeof(struct flagval), flags);
+    return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) /
+                         sizeof(struct flagval), flags);
 }
 
 static int parse_krb5_flags(Tcl_Interp *interp, const char *str,
-			    krb5_flags *flags)
+                            krb5_flags *flags)
 {
-     krb5_flags tmp;
-     static Tcl_HashTable *table = 0;
-     int tcl_ret;
-     
-     if ((tcl_ret = parse_flags(interp, table, krb5_flags_array,
-				sizeof(krb5_flags_array) /
-				sizeof(struct flagval),
-				str, &tmp)) != TCL_OK) {
-	  return tcl_ret;
-     }
-
-     *flags = tmp;
-     return TCL_OK;
+    krb5_flags tmp;
+    static Tcl_HashTable *table = 0;
+    int tcl_ret;
+
+    if ((tcl_ret = parse_flags(interp, table, krb5_flags_array,
+                               sizeof(krb5_flags_array) /
+                               sizeof(struct flagval),
+                               str, &tmp)) != TCL_OK) {
+        return tcl_ret;
+    }
+
+    *flags = tmp;
+    return TCL_OK;
 }
 
 static Tcl_DString *unparse_aux_attributes(krb5_int32 flags)
 {
-     return unparse_flags(aux_attributes, sizeof(aux_attributes) /
-			  sizeof(struct flagval), flags);
+    return unparse_flags(aux_attributes, sizeof(aux_attributes) /
+                         sizeof(struct flagval), flags);
 }
 
 
 static int parse_aux_attributes(Tcl_Interp *interp, const char *str,
-				long *flags)
+                                long *flags)
 {
-     krb5_flags tmp;
-     static Tcl_HashTable *table = 0;
-     int tcl_ret;
-     
-     if ((tcl_ret = parse_flags(interp, table, aux_attributes,
-				sizeof(aux_attributes) /
-				sizeof(struct flagval),
-				str, &tmp)) != TCL_OK) {
-	  return tcl_ret;
-     }
-
-     *flags = tmp;
-     return TCL_OK;
+    krb5_flags tmp;
+    static Tcl_HashTable *table = 0;
+    int tcl_ret;
+
+    if ((tcl_ret = parse_flags(interp, table, aux_attributes,
+                               sizeof(aux_attributes) /
+                               sizeof(struct flagval),
+                               str, &tmp)) != TCL_OK) {
+        return tcl_ret;
+    }
+
+    *flags = tmp;
+    return TCL_OK;
 }
 
 static int parse_principal_mask(Tcl_Interp *interp, const char *str,
-				krb5_int32 *flags)
+                                krb5_int32 *flags)
 {
-     krb5_flags tmp;
-     static Tcl_HashTable *table = 0;
-     int tcl_ret;
-     
-     if ((tcl_ret = parse_flags(interp, table, principal_mask_flags,
-				sizeof(principal_mask_flags) /
-				sizeof(struct flagval),
-				str, &tmp)) != TCL_OK) {
-	  return tcl_ret;
-     }
-
-     *flags = tmp;
-     return TCL_OK;
+    krb5_flags tmp;
+    static Tcl_HashTable *table = 0;
+    int tcl_ret;
+
+    if ((tcl_ret = parse_flags(interp, table, principal_mask_flags,
+                               sizeof(principal_mask_flags) /
+                               sizeof(struct flagval),
+                               str, &tmp)) != TCL_OK) {
+        return tcl_ret;
+    }
+
+    *flags = tmp;
+    return TCL_OK;
 }
 
 static int parse_policy_mask(Tcl_Interp *interp, const char *str,
-			     krb5_int32 *flags)
+                             krb5_int32 *flags)
 {
-     krb5_flags tmp;
-     static Tcl_HashTable *table = 0;
-     int tcl_ret;
-     
-     if ((tcl_ret = parse_flags(interp, table, policy_mask_flags,
-				sizeof(policy_mask_flags) /
-				sizeof(struct flagval),
-				str, &tmp)) != TCL_OK) {
-	  return tcl_ret;
-     }
-
-     *flags = tmp;
-     return TCL_OK;
+    krb5_flags tmp;
+    static Tcl_HashTable *table = 0;
+    int tcl_ret;
+
+    if ((tcl_ret = parse_flags(interp, table, policy_mask_flags,
+                               sizeof(policy_mask_flags) /
+                               sizeof(struct flagval),
+                               str, &tmp)) != TCL_OK) {
+        return tcl_ret;
+    }
+
+    *flags = tmp;
+    return TCL_OK;
 }
 
 
 static Tcl_DString *unparse_principal_ent(kadm5_principal_ent_t princ,
-					  krb5_int32 mask)
+                                          krb5_int32 mask)
 {
-     Tcl_DString *str, *tmp_dstring;
-     char *tmp;
-     char buf[20];
-     krb5_error_code krb5_ret;
-
-     if (! (str = malloc(sizeof(*str)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     tmp = 0; /* It looks to me from looking at the library source */
-	      /* code for krb5_parse_name that the pointer passed into */
-	      /* it should be initialized to 0 if I want it do be */
-	      /* allocated automatically. */
-     if (mask & KADM5_PRINCIPAL) {
-          krb5_ret = krb5_unparse_name(context, princ->principal, &tmp);
-	  if (krb5_ret) {
-	       /* XXX Do we want to return an error?  Not sure. */
-	       Tcl_DStringAppendElement(str, "[unparseable principal]");
-	  }
-	  else {
-	       Tcl_DStringAppendElement(str, tmp);
-	       free(tmp);
-	  }
-     } else
-	  Tcl_DStringAppendElement(str, "null");
-
-     sprintf(buf, "%d", princ->princ_expire_time);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->last_pwd_change);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->pw_expiration);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->max_life);
-     Tcl_DStringAppendElement(str, buf);
-
-     tmp = 0;
-     if (mask & KADM5_MOD_NAME) {
-	  if ((krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp))) {
-	       /* XXX */
-	       Tcl_DStringAppendElement(str, "[unparseable principal]");
-	  }
-	  else {
-	       Tcl_DStringAppendElement(str, tmp);
-	       free(tmp);
-	  }
-     } else
-	  Tcl_DStringAppendElement(str, "null");
-
-     sprintf(buf, "%d", princ->mod_date);
-     Tcl_DStringAppendElement(str, buf);
-
-     if (mask & KADM5_ATTRIBUTES) {
-	  tmp_dstring = unparse_krb5_flags(princ->attributes);
-	  Tcl_DStringAppendElement(str, tmp_dstring->string);
-	  Tcl_DStringFree(tmp_dstring);
-	  free(tmp_dstring);
-     } else
-	  Tcl_DStringAppendElement(str, "null");
-
-     sprintf(buf, "%d", princ->kvno);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->mkvno);
-     Tcl_DStringAppendElement(str, buf);
-
-     /* XXX This may be dangerous, because the contents of the policy */
-     /* field are undefined if the POLICY bit isn't set.  However, I */
-     /* think it's a bug for the field not to be null in that case */
-     /* anyway, so we should assume that it will be null so that we'll */
-     /* catch it if it isn't. */
-     
-     tmp_dstring = unparse_str(princ->policy);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-
-     tmp_dstring = unparse_aux_attributes(princ->aux_attributes);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-
-     sprintf(buf, "%d", princ->max_renewable_life);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->last_success);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->last_failed);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->fail_auth_count);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->n_key_data);
-     Tcl_DStringAppendElement(str, buf);
-
-     sprintf(buf, "%d", princ->n_tl_data);
-     Tcl_DStringAppendElement(str, buf);
-
-     tmp_dstring = unparse_key_data(princ->key_data, princ->n_key_data);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-
-     tmp_dstring = unparse_tl_data(princ->tl_data, princ->n_tl_data);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-     
-     return str;
+    Tcl_DString *str, *tmp_dstring;
+    char *tmp;
+    char buf[20];
+    krb5_error_code krb5_ret;
+
+    if (! (str = malloc(sizeof(*str)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
+
+    Tcl_DStringInit(str);
+
+    tmp = 0; /* It looks to me from looking at the library source */
+    /* code for krb5_parse_name that the pointer passed into */
+    /* it should be initialized to 0 if I want it do be */
+    /* allocated automatically. */
+    if (mask & KADM5_PRINCIPAL) {
+        krb5_ret = krb5_unparse_name(context, princ->principal, &tmp);
+        if (krb5_ret) {
+            /* XXX Do we want to return an error?  Not sure. */
+            Tcl_DStringAppendElement(str, "[unparseable principal]");
+        }
+        else {
+            Tcl_DStringAppendElement(str, tmp);
+            free(tmp);
+        }
+    } else
+        Tcl_DStringAppendElement(str, "null");
+
+    sprintf(buf, "%d", princ->princ_expire_time);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->last_pwd_change);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->pw_expiration);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->max_life);
+    Tcl_DStringAppendElement(str, buf);
+
+    tmp = 0;
+    if (mask & KADM5_MOD_NAME) {
+        if ((krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp))) {
+            /* XXX */
+            Tcl_DStringAppendElement(str, "[unparseable principal]");
+        }
+        else {
+            Tcl_DStringAppendElement(str, tmp);
+            free(tmp);
+        }
+    } else
+        Tcl_DStringAppendElement(str, "null");
+
+    sprintf(buf, "%d", princ->mod_date);
+    Tcl_DStringAppendElement(str, buf);
+
+    if (mask & KADM5_ATTRIBUTES) {
+        tmp_dstring = unparse_krb5_flags(princ->attributes);
+        Tcl_DStringAppendElement(str, tmp_dstring->string);
+        Tcl_DStringFree(tmp_dstring);
+        free(tmp_dstring);
+    } else
+        Tcl_DStringAppendElement(str, "null");
+
+    sprintf(buf, "%d", princ->kvno);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->mkvno);
+    Tcl_DStringAppendElement(str, buf);
+
+    /* XXX This may be dangerous, because the contents of the policy */
+    /* field are undefined if the POLICY bit isn't set.  However, I */
+    /* think it's a bug for the field not to be null in that case */
+    /* anyway, so we should assume that it will be null so that we'll */
+    /* catch it if it isn't. */
+
+    tmp_dstring = unparse_str(princ->policy);
+    Tcl_DStringAppendElement(str, tmp_dstring->string);
+    Tcl_DStringFree(tmp_dstring);
+    free(tmp_dstring);
+
+    tmp_dstring = unparse_aux_attributes(princ->aux_attributes);
+    Tcl_DStringAppendElement(str, tmp_dstring->string);
+    Tcl_DStringFree(tmp_dstring);
+    free(tmp_dstring);
+
+    sprintf(buf, "%d", princ->max_renewable_life);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->last_success);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->last_failed);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->fail_auth_count);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->n_key_data);
+    Tcl_DStringAppendElement(str, buf);
+
+    sprintf(buf, "%d", princ->n_tl_data);
+    Tcl_DStringAppendElement(str, buf);
+
+    tmp_dstring = unparse_key_data(princ->key_data, princ->n_key_data);
+    Tcl_DStringAppendElement(str, tmp_dstring->string);
+    Tcl_DStringFree(tmp_dstring);
+    free(tmp_dstring);
+
+    tmp_dstring = unparse_tl_data(princ->tl_data, princ->n_tl_data);
+    Tcl_DStringAppendElement(str, tmp_dstring->string);
+    Tcl_DStringFree(tmp_dstring);
+    free(tmp_dstring);
+
+    return str;
 }
 
 static int parse_keysalts(Tcl_Interp *interp, const char *list,
-			  krb5_key_salt_tuple **keysalts,
-			  int num_keysalts)
+                          krb5_key_salt_tuple **keysalts,
+                          int num_keysalts)
 {
-     const char **argv, **argv1 = NULL;
-     int i, tmp, argc, argc1, retcode;
-
-     *keysalts = NULL;
-     if (list == NULL)
-	  return TCL_OK;
-     
-     if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
-	  return retcode;
-     }
-     if (argc != num_keysalts) {
-	  sprintf(interp->result, "%d keysalts specified, "
-		  "but num_keysalts is %d", argc, num_keysalts);
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     *keysalts = (krb5_key_salt_tuple *)
-	  malloc(sizeof(krb5_key_salt_tuple)*num_keysalts);
-     for (i = 0; i < num_keysalts; i++) {
-	  if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) !=
-	      TCL_OK) { 
-	       goto finished;
-	  }
-	  if (argc1 != 2) {
-	       sprintf(interp->result, "wrong # fields in keysalt "
-		       "(%d should be 2)", argc1);
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  }
-	  /* XXX this used to be argv1[1] too! */
-	  if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp))
-	      != TCL_OK) {
-	       Tcl_AppendElement(interp, "while parsing ks_enctype");
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  }
-	  (*keysalts)[i].ks_enctype = tmp;
-	  if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp))
-	      != TCL_OK) {
-	       Tcl_AppendElement(interp, "while parsing ks_salttype");
-	       goto finished;
-	  }
-	  (*keysalts)[i].ks_salttype = tmp;
-
-	  Tcl_Free((char *) argv1);
-	  argv1 = NULL;
-     }
+    const char **argv, **argv1 = NULL;
+    int i, tmp, argc, argc1, retcode;
+
+    *keysalts = NULL;
+    if (list == NULL)
+        return TCL_OK;
+
+    if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
+        return retcode;
+    }
+    if (argc != num_keysalts) {
+        sprintf(interp->result, "%d keysalts specified, "
+                "but num_keysalts is %d", argc, num_keysalts);
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    *keysalts = (krb5_key_salt_tuple *)
+        malloc(sizeof(krb5_key_salt_tuple)*num_keysalts);
+    for (i = 0; i < num_keysalts; i++) {
+        if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) !=
+            TCL_OK) {
+            goto finished;
+        }
+        if (argc1 != 2) {
+            sprintf(interp->result, "wrong # fields in keysalt "
+                    "(%d should be 2)", argc1);
+            retcode = TCL_ERROR;
+            goto finished;
+        }
+        /* XXX this used to be argv1[1] too! */
+        if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp))
+            != TCL_OK) {
+            Tcl_AppendElement(interp, "while parsing ks_enctype");
+            retcode = TCL_ERROR;
+            goto finished;
+        }
+        (*keysalts)[i].ks_enctype = tmp;
+        if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp))
+            != TCL_OK) {
+            Tcl_AppendElement(interp, "while parsing ks_salttype");
+            goto finished;
+        }
+        (*keysalts)[i].ks_salttype = tmp;
+
+        Tcl_Free((char *) argv1);
+        argv1 = NULL;
+    }
 
 finished:
-     if (argv1) {
-	 Tcl_Free((char *) argv1);
-     }
-     Tcl_Free((char *) argv);
-     return retcode;
+    if (argv1) {
+        Tcl_Free((char *) argv1);
+    }
+    Tcl_Free((char *) argv);
+    return retcode;
 }
 
 static int parse_key_data(Tcl_Interp *interp, const char *list,
-			  krb5_key_data **key_data,
-			  int n_key_data)
+                          krb5_key_data **key_data,
+                          int n_key_data)
 {
-     const char **argv;
-     int argc, retcode;
-
-     *key_data = NULL;
-     if (list == NULL) {
-	  if (n_key_data != 0) {
-	       sprintf(interp->result, "0 key_datas specified, "
-		       "but n_key_data is %d", n_key_data);
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  } else
-	       return TCL_OK;
-     }
-     
-     if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
-	  return retcode;
-     }
-     if (argc != n_key_data) {
-	  sprintf(interp->result, "%d key_datas specified, "
-		  "but n_key_data is %d", argc, n_key_data);
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if (argc != 0) {
-	  sprintf(interp->result, "cannot parse key_data yet");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
+    const char **argv;
+    int argc, retcode;
+
+    *key_data = NULL;
+    if (list == NULL) {
+        if (n_key_data != 0) {
+            sprintf(interp->result, "0 key_datas specified, "
+                    "but n_key_data is %d", n_key_data);
+            retcode = TCL_ERROR;
+            goto finished;
+        } else
+            return TCL_OK;
+    }
+
+    if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
+        return retcode;
+    }
+    if (argc != n_key_data) {
+        sprintf(interp->result, "%d key_datas specified, "
+                "but n_key_data is %d", argc, n_key_data);
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if (argc != 0) {
+        sprintf(interp->result, "cannot parse key_data yet");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
 
 finished:
-     Tcl_Free((char *) argv);
-     return retcode;
+    Tcl_Free((char *) argv);
+    return retcode;
 }
 
 static int parse_tl_data(Tcl_Interp *interp, const char *list,
-			 krb5_tl_data **tlp,
-			 int n_tl_data)
+                         krb5_tl_data **tlp,
+                         int n_tl_data)
 {
-     krb5_tl_data *tl, *tl2;
-     const char **argv, **argv1 = NULL;
-     int i, tmp, argc, argc1, retcode;
-
-     *tlp = NULL;
-     if (list == NULL) {
-	  if (n_tl_data != 0) {
-	       sprintf(interp->result, "0 tl_datas specified, "
-		       "but n_tl_data is %d", n_tl_data);
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  } else
-	       return TCL_OK;
-     }
-     
-     if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
-	  return retcode;
-     }
-     if (argc != n_tl_data) {
-	  sprintf(interp->result, "%d tl_datas specified, "
-		  "but n_tl_data is %d", argc, n_tl_data);
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     tl = tl2 = NULL;
-     for (i = 0; i < n_tl_data; i++) {
-	  tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
-	  memset(tl2, 0, sizeof(krb5_tl_data));
-	  tl2->tl_data_next = tl;
-	  tl = tl2;
-     }
-     tl2 = tl;
-	  
-     for (i = 0; i < n_tl_data; i++) {
-	  if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) !=
-	      TCL_OK) { 
-	       goto finished;
-	  }
-	  if (argc1 != 3) {
-	       sprintf(interp->result, "wrong # fields in tl_data "
-		       "(%d should be 3)", argc1);
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  }
-	  if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp))
-	      != TCL_OK) {
-	       Tcl_AppendElement(interp, "while parsing tl_data_type");
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  }
-	  tl->tl_data_type = tmp;
-	  if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp))
-	      != TCL_OK) {
-	       Tcl_AppendElement(interp, "while parsing tl_data_length");
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  }
-	  tl->tl_data_length = tmp;
-	  if (tl->tl_data_length != strlen(argv1[2])) {
-	       sprintf(interp->result, "specified length %d does not "
-		       "match length %lu of string \"%s\"", tmp,
-		       (unsigned long) strlen(argv1[2]), argv1[2]);
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  }
-	  tl->tl_data_contents = (krb5_octet *) strdup(argv1[2]);
-
-	  Tcl_Free((char *) argv1);
-	  argv1 = NULL;
-	  tl = tl->tl_data_next;
-     }
-     if (tl != NULL) {
-	  sprintf(interp->result, "tl is not NULL!");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     *tlp = tl2;
+    krb5_tl_data *tl, *tl2;
+    const char **argv, **argv1 = NULL;
+    int i, tmp, argc, argc1, retcode;
+
+    *tlp = NULL;
+    if (list == NULL) {
+        if (n_tl_data != 0) {
+            sprintf(interp->result, "0 tl_datas specified, "
+                    "but n_tl_data is %d", n_tl_data);
+            retcode = TCL_ERROR;
+            goto finished;
+        } else
+            return TCL_OK;
+    }
+
+    if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
+        return retcode;
+    }
+    if (argc != n_tl_data) {
+        sprintf(interp->result, "%d tl_datas specified, "
+                "but n_tl_data is %d", argc, n_tl_data);
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    tl = tl2 = NULL;
+    for (i = 0; i < n_tl_data; i++) {
+        tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
+        memset(tl2, 0, sizeof(krb5_tl_data));
+        tl2->tl_data_next = tl;
+        tl = tl2;
+    }
+    tl2 = tl;
+
+    for (i = 0; i < n_tl_data; i++) {
+        if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) !=
+            TCL_OK) {
+            goto finished;
+        }
+        if (argc1 != 3) {
+            sprintf(interp->result, "wrong # fields in tl_data "
+                    "(%d should be 3)", argc1);
+            retcode = TCL_ERROR;
+            goto finished;
+        }
+        if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp))
+            != TCL_OK) {
+            Tcl_AppendElement(interp, "while parsing tl_data_type");
+            retcode = TCL_ERROR;
+            goto finished;
+        }
+        tl->tl_data_type = tmp;
+        if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp))
+            != TCL_OK) {
+            Tcl_AppendElement(interp, "while parsing tl_data_length");
+            retcode = TCL_ERROR;
+            goto finished;
+        }
+        tl->tl_data_length = tmp;
+        if (tl->tl_data_length != strlen(argv1[2])) {
+            sprintf(interp->result, "specified length %d does not "
+                    "match length %lu of string \"%s\"", tmp,
+                    (unsigned long) strlen(argv1[2]), argv1[2]);
+            retcode = TCL_ERROR;
+            goto finished;
+        }
+        tl->tl_data_contents = (krb5_octet *) strdup(argv1[2]);
+
+        Tcl_Free((char *) argv1);
+        argv1 = NULL;
+        tl = tl->tl_data_next;
+    }
+    if (tl != NULL) {
+        sprintf(interp->result, "tl is not NULL!");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    *tlp = tl2;
 
 finished:
-     if (argv1) {
-	 Tcl_Free((char *) argv1);
-     }
-     Tcl_Free((char *) argv);
-     return retcode;
+    if (argv1) {
+        Tcl_Free((char *) argv1);
+    }
+    Tcl_Free((char *) argv);
+    return retcode;
 }
 
 static int parse_config_params(Tcl_Interp *interp, char *list,
-			       kadm5_config_params *params)
+                               kadm5_config_params *params)
 {
-     static Tcl_HashTable *table = 0;
-     const char **argv = NULL;
-     int tmp, argc, retcode;
-
-     memset(params, 0, sizeof(kadm5_config_params));
-     if (list == NULL)
-	  return TCL_OK;
-     
-     if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
-	  return retcode;
-     }
-
-     if (argc != 20) {
-	  sprintf(interp->result,
-		  "wrong # args in config params structure (%d should be 20)", 
-		  argc);
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if ((retcode = parse_flags(interp, table, config_mask_flags,
-				sizeof(config_mask_flags) /
-				sizeof(struct flagval),
-				argv[0], &tmp)) != TCL_OK) {
-	  goto finished;
-     }
-     params->mask = tmp;
-
-     if ((retcode = parse_str(interp, argv[1], &params->realm)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing realm name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if ((retcode = Tcl_GetInt(interp, argv[2], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing kadmind_port");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     params->kadmind_port = tmp;
-     if ((retcode = parse_str(interp, argv[3], &params->admin_server))
-	 != TCL_OK) { 
-	  Tcl_AppendElement(interp, "while parsing profile name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if ((retcode = parse_str(interp, argv[4], &params->dbname)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing profile name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     /* Ignore argv[5], which used to set the admin_dbname field.  */
-     /* Ignore argv[6], which used to set the admin_lockfile field.  */
-     if ((retcode = parse_str(interp, argv[7], &params->admin_keytab)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing admin_keytab name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if ((retcode = parse_str(interp, argv[8], &params->acl_file)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing acl_file name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if ((retcode = parse_str(interp, argv[9], &params->dict_file)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing dict_file name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if ((retcode = Tcl_GetInt(interp, argv[10], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing mkey_from_kbd");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     params->mkey_from_kbd = tmp;
-     if ((retcode = parse_str(interp, argv[11], &params->stash_file)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing stash_file name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if ((retcode = parse_str(interp, argv[12], &params->mkey_name)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing mkey_name name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if ((retcode = Tcl_GetInt(interp, argv[13], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing enctype");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     params->enctype = tmp;
-     if ((retcode = Tcl_GetInt(interp, argv[14], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing max_life");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     params->max_life = tmp;
-     if ((retcode = Tcl_GetInt(interp, argv[15], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing max_rlife");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     params->max_rlife = tmp;
-     if ((retcode = Tcl_GetInt(interp, argv[16], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing expiration");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     params->expiration = tmp;
-     if ((retcode = parse_krb5_flags(interp, argv[17], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing flags");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     params->flags = tmp;
-     if ((retcode = Tcl_GetInt(interp, argv[18], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing num_keysalts");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     params->num_keysalts = tmp;
-     if ((retcode = parse_keysalts(interp, argv[19], &params->keysalts,
-				   params->num_keysalts)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing keysalts");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
+    static Tcl_HashTable *table = 0;
+    const char **argv = NULL;
+    int tmp, argc, retcode;
+
+    memset(params, 0, sizeof(kadm5_config_params));
+    if (list == NULL)
+        return TCL_OK;
+
+    if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
+        return retcode;
+    }
+
+    if (argc != 20) {
+        sprintf(interp->result,
+                "wrong # args in config params structure (%d should be 20)",
+                argc);
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if ((retcode = parse_flags(interp, table, config_mask_flags,
+                               sizeof(config_mask_flags) /
+                               sizeof(struct flagval),
+                               argv[0], &tmp)) != TCL_OK) {
+        goto finished;
+    }
+    params->mask = tmp;
+
+    if ((retcode = parse_str(interp, argv[1], &params->realm)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing realm name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if ((retcode = Tcl_GetInt(interp, argv[2], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing kadmind_port");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    params->kadmind_port = tmp;
+    if ((retcode = parse_str(interp, argv[3], &params->admin_server))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing profile name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if ((retcode = parse_str(interp, argv[4], &params->dbname)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing profile name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    /* Ignore argv[5], which used to set the admin_dbname field.  */
+    /* Ignore argv[6], which used to set the admin_lockfile field.  */
+    if ((retcode = parse_str(interp, argv[7], &params->admin_keytab)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing admin_keytab name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if ((retcode = parse_str(interp, argv[8], &params->acl_file)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing acl_file name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if ((retcode = parse_str(interp, argv[9], &params->dict_file)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing dict_file name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if ((retcode = Tcl_GetInt(interp, argv[10], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing mkey_from_kbd");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    params->mkey_from_kbd = tmp;
+    if ((retcode = parse_str(interp, argv[11], &params->stash_file)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing stash_file name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if ((retcode = parse_str(interp, argv[12], &params->mkey_name)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing mkey_name name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if ((retcode = Tcl_GetInt(interp, argv[13], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing enctype");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    params->enctype = tmp;
+    if ((retcode = Tcl_GetInt(interp, argv[14], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing max_life");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    params->max_life = tmp;
+    if ((retcode = Tcl_GetInt(interp, argv[15], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing max_rlife");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    params->max_rlife = tmp;
+    if ((retcode = Tcl_GetInt(interp, argv[16], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing expiration");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    params->expiration = tmp;
+    if ((retcode = parse_krb5_flags(interp, argv[17], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing flags");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    params->flags = tmp;
+    if ((retcode = Tcl_GetInt(interp, argv[18], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing num_keysalts");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    params->num_keysalts = tmp;
+    if ((retcode = parse_keysalts(interp, argv[19], &params->keysalts,
+                                  params->num_keysalts)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing keysalts");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
 
 finished:
-     return retcode;
+    return retcode;
 }
-     
+
 static int parse_principal_ent(Tcl_Interp *interp, char *list,
-			       kadm5_principal_ent_t *out_princ)
+                               kadm5_principal_ent_t *out_princ)
 {
-     kadm5_principal_ent_t princ = 0;
-     krb5_error_code krb5_ret;
-     int tcl_ret;
-     int argc;
-     const char **argv;
-     int tmp;
-     int retcode = TCL_OK;
-
-     if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
-	  return tcl_ret;
-     }
-
-     if (argc != 12 && argc != 20) {
-	  sprintf(interp->result,
-             "wrong # args in principal structure (%d should be 12 or 20)",
-		  argc);
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if (! (princ = malloc(sizeof *princ))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
-     memset(princ, 0, sizeof(*princ));
-     
-     if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) {
-	  stash_error(interp, krb5_ret);
-	  Tcl_AppendElement(interp, "while parsing principal");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     /*
-      * All of the numerical values parsed here are parsed into an
-      * "int" and then assigned into the structure in case the actual
-      * width of the field in the Kerberos structure is different from
-      * the width of an integer.
-      */
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing princ_expire_time");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->princ_expire_time = tmp;
-     
-     if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing last_pwd_change");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->last_pwd_change = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_expiration");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->pw_expiration = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing max_life");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->max_life = tmp;
-
-     if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) {
-	  stash_error(interp, krb5_ret);
-	  Tcl_AppendElement(interp, "while parsing mod_name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-	  
-     if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing mod_date");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->mod_date = tmp;
-
-     if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing attributes");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing kvno");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->kvno = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing mkvno");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->mkvno = tmp;
-
-     if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing policy");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if(princ->policy != NULL) {
-	if(!(princ->policy = strdup(princ->policy))) {
-	    fprintf(stderr, "Out of memory!\n");
-	    exit(1);
-	}
-     }
-
-     if ((tcl_ret = parse_aux_attributes(interp, argv[11],
-					 &princ->aux_attributes)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing aux_attributes");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if (argc == 12) goto finished;
-     
-     if ((tcl_ret = Tcl_GetInt(interp, argv[12], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing max_renewable_life");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->max_renewable_life = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[13], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing last_success");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->last_success = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[14], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing last_failed");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->last_failed = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[15], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing fail_auth_count");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->fail_auth_count = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[16], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing n_key_data");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->n_key_data = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[17], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing n_tl_data");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->n_tl_data = tmp;
-
-     if ((tcl_ret = parse_key_data(interp, argv[18],
-				   &princ->key_data,
-				   princ->n_key_data)) != TCL_OK) { 
-	  Tcl_AppendElement(interp, "while parsing key_data");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if ((tcl_ret = parse_tl_data(interp, argv[19],
-				  &princ->tl_data,
-				  princ->n_tl_data)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing tl_data");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     princ->n_tl_data = tmp;
+    kadm5_principal_ent_t princ = 0;
+    krb5_error_code krb5_ret;
+    int tcl_ret;
+    int argc;
+    const char **argv;
+    int tmp;
+    int retcode = TCL_OK;
+
+    if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
+        return tcl_ret;
+    }
+
+    if (argc != 12 && argc != 20) {
+        sprintf(interp->result,
+                "wrong # args in principal structure (%d should be 12 or 20)",
+                argc);
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if (! (princ = malloc(sizeof *princ))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
+    memset(princ, 0, sizeof(*princ));
+
+    if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) {
+        stash_error(interp, krb5_ret);
+        Tcl_AppendElement(interp, "while parsing principal");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    /*
+     * All of the numerical values parsed here are parsed into an
+     * "int" and then assigned into the structure in case the actual
+     * width of the field in the Kerberos structure is different from
+     * the width of an integer.
+     */
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing princ_expire_time");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->princ_expire_time = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing last_pwd_change");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->last_pwd_change = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_expiration");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->pw_expiration = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing max_life");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->max_life = tmp;
+
+    if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) {
+        stash_error(interp, krb5_ret);
+        Tcl_AppendElement(interp, "while parsing mod_name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing mod_date");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->mod_date = tmp;
+
+    if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing attributes");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing kvno");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->kvno = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing mkvno");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->mkvno = tmp;
+
+    if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing policy");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if(princ->policy != NULL) {
+        if(!(princ->policy = strdup(princ->policy))) {
+            fprintf(stderr, "Out of memory!\n");
+            exit(1);
+        }
+    }
+
+    if ((tcl_ret = parse_aux_attributes(interp, argv[11],
+                                        &princ->aux_attributes)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing aux_attributes");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if (argc == 12) goto finished;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[12], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing max_renewable_life");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->max_renewable_life = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[13], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing last_success");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->last_success = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[14], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing last_failed");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->last_failed = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[15], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing fail_auth_count");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->fail_auth_count = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[16], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing n_key_data");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->n_key_data = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[17], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing n_tl_data");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->n_tl_data = tmp;
+
+    if ((tcl_ret = parse_key_data(interp, argv[18],
+                                  &princ->key_data,
+                                  princ->n_key_data)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing key_data");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if ((tcl_ret = parse_tl_data(interp, argv[19],
+                                 &princ->tl_data,
+                                 princ->n_tl_data)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing tl_data");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    princ->n_tl_data = tmp;
 
 finished:
-     Tcl_Free((char *) argv);
-     *out_princ = princ;
-     return retcode;
+    Tcl_Free((char *) argv);
+    *out_princ = princ;
+    return retcode;
 }
 
 
 static void free_principal_ent(kadm5_principal_ent_t *princ)
 {
-     krb5_free_principal(context, (*princ)->principal);
-     krb5_free_principal(context, (*princ)->mod_name);
-     free(*princ);
-     *princ = 0;
+    krb5_free_principal(context, (*princ)->principal);
+    krb5_free_principal(context, (*princ)->mod_name);
+    free(*princ);
+    *princ = 0;
 }
 
 static Tcl_DString *unparse_policy_ent(kadm5_policy_ent_t policy)
 {
-     Tcl_DString *str, *tmp_dstring;
-     char buf[20];
+    Tcl_DString *str, *tmp_dstring;
+    char buf[20];
+
+    if (! (str = malloc(sizeof(*str)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
 
-     if (! (str = malloc(sizeof(*str)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
+    Tcl_DStringInit(str);
 
-     Tcl_DStringInit(str);
+    tmp_dstring = unparse_str(policy->policy);
+    Tcl_DStringAppendElement(str, tmp_dstring->string);
+    Tcl_DStringFree(tmp_dstring);
+    free(tmp_dstring);
 
-     tmp_dstring = unparse_str(policy->policy);
-     Tcl_DStringAppendElement(str, tmp_dstring->string);
-     Tcl_DStringFree(tmp_dstring);
-     free(tmp_dstring);
-     
-     sprintf(buf, "%ld", policy->pw_min_life);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%ld", policy->pw_min_life);
+    Tcl_DStringAppendElement(str, buf);
 
-     sprintf(buf, "%ld", policy->pw_max_life);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%ld", policy->pw_max_life);
+    Tcl_DStringAppendElement(str, buf);
 
-     sprintf(buf, "%ld", policy->pw_min_length);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%ld", policy->pw_min_length);
+    Tcl_DStringAppendElement(str, buf);
 
-     sprintf(buf, "%ld", policy->pw_min_classes);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%ld", policy->pw_min_classes);
+    Tcl_DStringAppendElement(str, buf);
 
-     sprintf(buf, "%ld", policy->pw_history_num);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%ld", policy->pw_history_num);
+    Tcl_DStringAppendElement(str, buf);
 
-     sprintf(buf, "%ld", policy->policy_refcnt);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%ld", policy->policy_refcnt);
+    Tcl_DStringAppendElement(str, buf);
 
-     sprintf(buf, "%d", policy->pw_max_fail);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%d", policy->pw_max_fail);
+    Tcl_DStringAppendElement(str, buf);
 
-     sprintf(buf, "%d", policy->pw_failcnt_interval);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%d", policy->pw_failcnt_interval);
+    Tcl_DStringAppendElement(str, buf);
 
-     sprintf(buf, "%d", policy->pw_lockout_duration);
-     Tcl_DStringAppendElement(str, buf);
+    sprintf(buf, "%d", policy->pw_lockout_duration);
+    Tcl_DStringAppendElement(str, buf);
 
-     return str;
+    return str;
 }
 
-     
-     
+
+
 static int parse_policy_ent(Tcl_Interp *interp, char *list,
-			    kadm5_policy_ent_t *out_policy)
+                            kadm5_policy_ent_t *out_policy)
 {
-     kadm5_policy_ent_t policy = 0;
-     int tcl_ret;
-     int argc;
-     const char **argv;
-     int tmp;
-     int retcode = TCL_OK;
-
-     if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
-	  return tcl_ret;
-     }
-
-     if (argc != 7 && argc != 10) {
-	  sprintf(interp->result, "wrong # args in policy structure (%d should be 7 or 10)",
-		  argc);
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if (! (policy = malloc(sizeof *policy))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
-  
-     if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing policy name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if(policy->policy != NULL) {
-	if (! (policy->policy = strdup(policy->policy))) {
-	    fprintf(stderr, "Out of memory!\n");
-	    exit(1); /* XXX */
-	}
-     }
-     
-     /*
-      * All of the numerical values parsed here are parsed into an
-      * "int" and then assigned into the structure in case the actual
-      * width of the field in the Kerberos structure is different from
-      * the width of an integer.
-      */
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_min_life");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->pw_min_life = tmp;
-     
-     if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_max_life");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->pw_max_life = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_min_length");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->pw_min_length = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_min_classes");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->pw_min_classes = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_history_num");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->pw_history_num = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing policy_refcnt");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->policy_refcnt = tmp;
-
-     if (argc == 7) goto finished;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[7], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_max_fail");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->pw_max_fail = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_failcnt_interval");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->pw_failcnt_interval = tmp;
-
-     if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
-	 != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_lockout_duration");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     policy->pw_lockout_duration = tmp;
+    kadm5_policy_ent_t policy = 0;
+    int tcl_ret;
+    int argc;
+    const char **argv;
+    int tmp;
+    int retcode = TCL_OK;
+
+    if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
+        return tcl_ret;
+    }
+
+    if (argc != 7 && argc != 10) {
+        sprintf(interp->result, "wrong # args in policy structure (%d should be 7 or 10)",
+                argc);
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if (! (policy = malloc(sizeof *policy))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
+
+    if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing policy name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if(policy->policy != NULL) {
+        if (! (policy->policy = strdup(policy->policy))) {
+            fprintf(stderr, "Out of memory!\n");
+            exit(1); /* XXX */
+        }
+    }
+
+    /*
+     * All of the numerical values parsed here are parsed into an
+     * "int" and then assigned into the structure in case the actual
+     * width of the field in the Kerberos structure is different from
+     * the width of an integer.
+     */
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_min_life");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->pw_min_life = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_max_life");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->pw_max_life = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_min_length");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->pw_min_length = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_min_classes");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->pw_min_classes = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_history_num");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->pw_history_num = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing policy_refcnt");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->policy_refcnt = tmp;
+
+    if (argc == 7) goto finished;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[7], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_max_fail");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->pw_max_fail = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_failcnt_interval");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->pw_failcnt_interval = tmp;
+
+    if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
+        != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_lockout_duration");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    policy->pw_lockout_duration = tmp;
 
 finished:
-     Tcl_Free((char *) argv);
-     *out_policy = policy;
-     return retcode;
+    Tcl_Free((char *) argv);
+    *out_policy = policy;
+    return retcode;
 }
 
 
 static void free_policy_ent(kadm5_policy_ent_t *policy)
 {
-     free(*policy);
-     *policy = 0;
+    free(*policy);
+    *policy = 0;
 }
 
 static Tcl_DString *unparse_keytype(krb5_enctype enctype)
 {
-     Tcl_DString *str;
-     char buf[50];
-
-     if (! (str = malloc(sizeof(*str)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     switch (enctype) {
-	  /* XXX is this right? */
-     case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break;
-     case ENCTYPE_DES_CBC_CRC:
-	  Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break;
-     default:
-	  sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype);
-	  Tcl_DStringAppend(str, buf, -1);
-	  break;
-     }
-
-     return str;
+    Tcl_DString *str;
+    char buf[50];
+
+    if (! (str = malloc(sizeof(*str)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
+
+    Tcl_DStringInit(str);
+
+    switch (enctype) {
+        /* XXX is this right? */
+    case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break;
+    case ENCTYPE_DES_CBC_CRC:
+        Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break;
+    default:
+        sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype);
+        Tcl_DStringAppend(str, buf, -1);
+        break;
+    }
+
+    return str;
 }
-	  
-	  
+
+
 static Tcl_DString *unparse_keyblocks(krb5_keyblock *keyblocks, int num_keys)
 {
-     Tcl_DString *str;
-     Tcl_DString *keytype;
-     int i, j;
-     
-     if (! (str = malloc(sizeof(*str)))) {
-	  fprintf(stderr, "Out of memory!\n");
-	  exit(1); /* XXX */
-     }
-
-     Tcl_DStringInit(str);
-
-     for (j = 0; j < num_keys; j++) {
-	  krb5_keyblock *keyblock = &keyblocks[j];
-	  
-	  Tcl_DStringStartSublist(str);
-
-	  keytype = unparse_keytype(keyblock->enctype);
-	  Tcl_DStringAppendElement(str, keytype->string);
-	  Tcl_DStringFree(keytype);
-	  free(keytype);
-	  if (keyblock->length == 0) {
-	       Tcl_DStringAppendElement(str, "0x00");
-	  }
-	  else {
-	       Tcl_DStringAppendElement(str, "0x");
-	       for (i = 0; i < keyblock->length; i++) {
-		    char buf[3];
-		    sprintf(buf, "%02x", (int) keyblock->contents[i]);
-		    Tcl_DStringAppend(str, buf, -1);
-	       }
-	  }
-
-	  Tcl_DStringEndSublist(str);
-     }
-     
-
-     return str;
+    Tcl_DString *str;
+    Tcl_DString *keytype;
+    int i, j;
+
+    if (! (str = malloc(sizeof(*str)))) {
+        fprintf(stderr, "Out of memory!\n");
+        exit(1); /* XXX */
+    }
+
+    Tcl_DStringInit(str);
+
+    for (j = 0; j < num_keys; j++) {
+        krb5_keyblock *keyblock = &keyblocks[j];
+
+        Tcl_DStringStartSublist(str);
+
+        keytype = unparse_keytype(keyblock->enctype);
+        Tcl_DStringAppendElement(str, keytype->string);
+        Tcl_DStringFree(keytype);
+        free(keytype);
+        if (keyblock->length == 0) {
+            Tcl_DStringAppendElement(str, "0x00");
+        }
+        else {
+            Tcl_DStringAppendElement(str, "0x");
+            for (i = 0; i < keyblock->length; i++) {
+                char buf[3];
+                sprintf(buf, "%02x", (int) keyblock->contents[i]);
+                Tcl_DStringAppend(str, buf, -1);
+            }
+        }
+
+        Tcl_DStringEndSublist(str);
+    }
+
+
+    return str;
 }
 
 enum init_type { INIT_NONE, INIT_PASS, INIT_CREDS };
-     
+
 static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData,
-			Tcl_Interp *interp, int argc, const char *argv[])
+                               Tcl_Interp *interp, int argc, const char *argv[])
 {
-     kadm5_ret_t ret;
-     char *client_name, *pass, *service_name;
-     int tcl_ret;
-     krb5_ui_4 struct_version, api_version;
-     const char *handle_var;
-     void *server_handle;
-     char *handle_name, *params_str;
-     const char *whoami = argv[0];
-     kadm5_config_params params;
-
-     argv++, argc--;
-
-     kadm5_init_krb5_context(&context);
-
-     if (argc != 7) {
-	  Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);
-	  return TCL_ERROR;
-     }
-
-     if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) ||
-	 ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) ||
-	 ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) ||
-	 ((tcl_ret = parse_str(interp, argv[3], &params_str)) != TCL_OK) ||
-	 ((tcl_ret = parse_config_params(interp, params_str, &params))
-	  != TCL_OK) ||
-	 ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) !=
-	  TCL_OK) ||
-	 ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) !=
-	  TCL_OK)) {
-	  return tcl_ret;
-     }
-
-     handle_var = argv[6];
-
-     if (! (handle_var && *handle_var)) {
-	 Tcl_SetResult(interp, "must specify server handle variable name",
-		       TCL_STATIC);
-	 return TCL_ERROR;
-     }
-
-     if (init_type == INIT_CREDS) {
-	  krb5_ccache cc;
-	  
-	  if (pass == NULL) {
-	       if ((ret = krb5_cc_default(context, &cc))) {
-		    stash_error(interp, ret);
-		    return TCL_ERROR;
-	       }
-	  } else {
-	       if ((ret = krb5_cc_resolve(context, pass, &cc))) {
-		    stash_error(interp, ret);
-		    return TCL_ERROR;
-	       }
-	  }
-
-	  ret = kadm5_init_with_creds(context, client_name, cc, service_name,
-				      &params, struct_version,
-				      api_version, NULL, &server_handle); 
-	  
-	  (void) krb5_cc_close(context, cc);
-     } else
-	  ret = kadm5_init(context, client_name, pass, service_name, &params,
-			   struct_version, api_version, NULL, &server_handle);
-
-     if (ret != KADM5_OK) {
-	  stash_error(interp, ret);
-	  return TCL_ERROR;
-     }
-
-     if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name))
-	 != TCL_OK) {
-	 return tcl_ret;
-     }
-     
-     if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) {
-	 return TCL_ERROR;
-     }
-     
-     set_ok(interp, "KADM5 API initialized.");
-     return TCL_OK;
+    kadm5_ret_t ret;
+    char *client_name, *pass, *service_name;
+    int tcl_ret;
+    krb5_ui_4 struct_version, api_version;
+    const char *handle_var;
+    void *server_handle;
+    char *handle_name, *params_str;
+    const char *whoami = argv[0];
+    kadm5_config_params params;
+
+    argv++, argc--;
+
+    kadm5_init_krb5_context(&context);
+
+    if (argc != 7) {
+        Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);
+        return TCL_ERROR;
+    }
+
+    if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) ||
+        ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) ||
+        ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) ||
+        ((tcl_ret = parse_str(interp, argv[3], &params_str)) != TCL_OK) ||
+        ((tcl_ret = parse_config_params(interp, params_str, &params))
+         != TCL_OK) ||
+        ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) !=
+         TCL_OK) ||
+        ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) !=
+         TCL_OK)) {
+        return tcl_ret;
+    }
+
+    handle_var = argv[6];
+
+    if (! (handle_var && *handle_var)) {
+        Tcl_SetResult(interp, "must specify server handle variable name",
+                      TCL_STATIC);
+        return TCL_ERROR;
+    }
+
+    if (init_type == INIT_CREDS) {
+        krb5_ccache cc;
+
+        if (pass == NULL) {
+            if ((ret = krb5_cc_default(context, &cc))) {
+                stash_error(interp, ret);
+                return TCL_ERROR;
+            }
+        } else {
+            if ((ret = krb5_cc_resolve(context, pass, &cc))) {
+                stash_error(interp, ret);
+                return TCL_ERROR;
+            }
+        }
+
+        ret = kadm5_init_with_creds(context, client_name, cc, service_name,
+                                    &params, struct_version,
+                                    api_version, NULL, &server_handle);
+
+        (void) krb5_cc_close(context, cc);
+    } else
+        ret = kadm5_init(context, client_name, pass, service_name, &params,
+                         struct_version, api_version, NULL, &server_handle);
+
+    if (ret != KADM5_OK) {
+        stash_error(interp, ret);
+        return TCL_ERROR;
+    }
+
+    if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name))
+        != TCL_OK) {
+        return tcl_ret;
+    }
+
+    if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) {
+        return TCL_ERROR;
+    }
+
+    set_ok(interp, "KADM5 API initialized.");
+    return TCL_OK;
 }
 
 static int tcl_kadm5_init(ClientData clientData, Tcl_Interp *interp,
-			  int argc, const char *argv[])
+                          int argc, const char *argv[])
 {
-     return _tcl_kadm5_init_any(INIT_PASS, clientData, interp, argc, argv);
+    return _tcl_kadm5_init_any(INIT_PASS, clientData, interp, argc, argv);
 }
 
 static int tcl_kadm5_init_with_creds(ClientData clientData, Tcl_Interp *interp,
-				     int argc, const char *argv[])
+                                     int argc, const char *argv[])
 {
-     return _tcl_kadm5_init_any(INIT_CREDS, clientData, interp, argc, argv);
+    return _tcl_kadm5_init_any(INIT_CREDS, clientData, interp, argc, argv);
 }
 
 static int tcl_kadm5_destroy(ClientData clientData, Tcl_Interp *interp,
-			     int argc, const char *argv[])
+                             int argc, const char *argv[])
 {
-     kadm5_ret_t ret;
-     int tcl_ret;
+    kadm5_ret_t ret;
+    int tcl_ret;
+
+    GET_HANDLE(0, 0);
 
-     GET_HANDLE(0, 0);
+    ret = kadm5_destroy(server_handle);
 
-     ret = kadm5_destroy(server_handle);
+    if (ret != KADM5_OK) {
+        stash_error(interp, ret);
+        return TCL_ERROR;
+    }
 
-     if (ret != KADM5_OK) {
-	  stash_error(interp, ret);
-	  return TCL_ERROR;
-     }
+    if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) {
+        return tcl_ret;
+    }
 
-     if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) {
-	 return tcl_ret;
-     }
-     
-     set_ok(interp, "KADM5 API deinitialized.");
-     return TCL_OK;
-}	  
+    set_ok(interp, "KADM5 API deinitialized.");
+    return TCL_OK;
+}
 
-static int tcl_kadm5_create_principal(ClientData clientData, 
-				      Tcl_Interp *interp,
-				      int argc, const char *argv[])
+static int tcl_kadm5_create_principal(ClientData clientData,
+                                      Tcl_Interp *interp,
+                                      int argc, const char *argv[])
 {
-     int tcl_ret;
-     kadm5_ret_t ret;
-     int retcode = TCL_OK;
-     char *princ_string;
-     kadm5_principal_ent_t princ = 0;
-     krb5_int32 mask;
-     char *pw;
-#ifdef OVERRIDE     
-     int override_qual;
-#endif     
-
-     GET_HANDLE(3, 0);
-
-     if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing principal");
-	  return tcl_ret;
-     }
-
-     if (princ_string &&
-	 ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
-	  != TCL_OK)) {
-	  return tcl_ret;
-     }
-
-     if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
-	  retcode = tcl_ret;
-	  goto finished;
-     }
-
-     if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) {
-	  retcode = tcl_ret;
-	  goto finished;
-     }
+    int tcl_ret;
+    kadm5_ret_t ret;
+    int retcode = TCL_OK;
+    char *princ_string;
+    kadm5_principal_ent_t princ = 0;
+    krb5_int32 mask;
+    char *pw;
+#ifdef OVERRIDE
+    int override_qual;
+#endif
+
+    GET_HANDLE(3, 0);
+
+    if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing principal");
+        return tcl_ret;
+    }
+
+    if (princ_string &&
+        ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
+         != TCL_OK)) {
+        return tcl_ret;
+    }
+
+    if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
+        retcode = tcl_ret;
+        goto finished;
+    }
+
+    if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) {
+        retcode = tcl_ret;
+        goto finished;
+    }
 #ifdef OVERRIDE
-     if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) !=
-	 TCL_OK) {
-	  retcode = tcl_ret;
-	  goto finished;
-     }
-#endif     
+    if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) !=
+        TCL_OK) {
+        retcode = tcl_ret;
+        goto finished;
+    }
+#endif
 
 #ifdef OVERRIDE
-     ret = kadm5_create_principal(server_handle, princ, mask, pw,
-				       override_qual);
+    ret = kadm5_create_principal(server_handle, princ, mask, pw,
+                                 override_qual);
 #else
-     ret = kadm5_create_principal(server_handle, princ, mask, pw);
-#endif     
-
-     if (ret != KADM5_OK) {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     else {
-	  set_ok(interp, "Principal created.");
-     }
+    ret = kadm5_create_principal(server_handle, princ, mask, pw);
+#endif
+
+    if (ret != KADM5_OK) {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    else {
+        set_ok(interp, "Principal created.");
+    }
 
 finished:
-     if (princ) {
-	  free_principal_ent(&princ);
-     }
-     return retcode;
+    if (princ) {
+        free_principal_ent(&princ);
+    }
+    return retcode;
 }
 
 
 
-static int tcl_kadm5_delete_principal(ClientData clientData, 
-				      Tcl_Interp *interp,
-				      int argc, const char *argv[])
+static int tcl_kadm5_delete_principal(ClientData clientData,
+                                      Tcl_Interp *interp,
+                                      int argc, const char *argv[])
 {
-     krb5_principal princ;
-     krb5_error_code krb5_ret;
-     kadm5_ret_t ret;
-     int tcl_ret;
-     char *name;
-     
-     GET_HANDLE(1, 0);
-
-     if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
-	return tcl_ret;
-     if(name != NULL) {
-	if ((krb5_ret = krb5_parse_name(context, name, &princ))) {
-	    stash_error(interp, krb5_ret);
-	    Tcl_AppendElement(interp, "while parsing principal");
-	    return TCL_ERROR;
-	}
-     } else princ = NULL;
-     ret = kadm5_delete_principal(server_handle, princ);
-
-     if(princ != NULL) 
-	krb5_free_principal(context, princ);
-
-     if (ret != KADM5_OK) {
-	  stash_error(interp, ret);
-	  return TCL_ERROR;
-     }
-     else {
-	  set_ok(interp, "Principal deleted.");
-	  return TCL_OK;
-     }
+    krb5_principal princ;
+    krb5_error_code krb5_ret;
+    kadm5_ret_t ret;
+    int tcl_ret;
+    char *name;
+
+    GET_HANDLE(1, 0);
+
+    if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
+        return tcl_ret;
+    if(name != NULL) {
+        if ((krb5_ret = krb5_parse_name(context, name, &princ))) {
+            stash_error(interp, krb5_ret);
+            Tcl_AppendElement(interp, "while parsing principal");
+            return TCL_ERROR;
+        }
+    } else princ = NULL;
+    ret = kadm5_delete_principal(server_handle, princ);
+
+    if(princ != NULL)
+        krb5_free_principal(context, princ);
+
+    if (ret != KADM5_OK) {
+        stash_error(interp, ret);
+        return TCL_ERROR;
+    }
+    else {
+        set_ok(interp, "Principal deleted.");
+        return TCL_OK;
+    }
 }
 
 
 
-static int tcl_kadm5_modify_principal(ClientData clientData, 
-				      Tcl_Interp *interp,
-				      int argc, const char *argv[])
+static int tcl_kadm5_modify_principal(ClientData clientData,
+                                      Tcl_Interp *interp,
+                                      int argc, const char *argv[])
 {
-     char *princ_string;
-     kadm5_principal_ent_t princ = 0;
-     int tcl_ret;
-     krb5_int32 mask;
-     int retcode = TCL_OK;
-     kadm5_ret_t ret;
-
-     GET_HANDLE(2, 0);
-
-     if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing principal");
-	  return tcl_ret;
-     }
-
-     if (princ_string &&
-	 ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
-	  != TCL_OK)) {
-	  return tcl_ret;
-     }
-     
-     if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     ret = kadm5_modify_principal(server_handle, princ, mask);
-
-     if (ret != KADM5_OK) {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
-     else {
-	  set_ok(interp, "Principal modified.");
-     }
+    char *princ_string;
+    kadm5_principal_ent_t princ = 0;
+    int tcl_ret;
+    krb5_int32 mask;
+    int retcode = TCL_OK;
+    kadm5_ret_t ret;
+
+    GET_HANDLE(2, 0);
+
+    if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing principal");
+        return tcl_ret;
+    }
+
+    if (princ_string &&
+        ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
+         != TCL_OK)) {
+        return tcl_ret;
+    }
+
+    if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    ret = kadm5_modify_principal(server_handle, princ, mask);
+
+    if (ret != KADM5_OK) {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
+    else {
+        set_ok(interp, "Principal modified.");
+    }
 
 finished:
-     if (princ) {
-	  free_principal_ent(&princ);
-     }
-     return retcode;
+    if (princ) {
+        free_principal_ent(&princ);
+    }
+    return retcode;
 }
 
 
-static int tcl_kadm5_rename_principal(ClientData clientData, 
-				      Tcl_Interp *interp,
-				      int argc, const char *argv[])
+static int tcl_kadm5_rename_principal(ClientData clientData,
+                                      Tcl_Interp *interp,
+                                      int argc, const char *argv[])
 {
-     krb5_principal source, target;
-     krb5_error_code krb5_ret;
-     kadm5_ret_t ret;
-     int retcode = TCL_OK;
-
-     GET_HANDLE(2, 0);
-
-     if ((krb5_ret = krb5_parse_name(context, argv[0], &source)) != 0) {
-	  stash_error(interp, krb5_ret);
-	  Tcl_AppendElement(interp, "while parsing source");
-	  return TCL_ERROR;
-     }
-
-     if ((krb5_ret = krb5_parse_name(context, argv[1], &target)) != 0) {
-	  stash_error(interp, krb5_ret);
-	  Tcl_AppendElement(interp, "while parsing target");
-	  krb5_free_principal(context, source);
-	  return TCL_ERROR;
-     }
-
-     ret = kadm5_rename_principal(server_handle, source, target);
-
-     if (ret == KADM5_OK) {
-	  set_ok(interp, "Principal renamed.");
-     }
-     else {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
-
-     krb5_free_principal(context, source);
-     krb5_free_principal(context, target);
-     return retcode;
+    krb5_principal source, target;
+    krb5_error_code krb5_ret;
+    kadm5_ret_t ret;
+    int retcode = TCL_OK;
+
+    GET_HANDLE(2, 0);
+
+    if ((krb5_ret = krb5_parse_name(context, argv[0], &source)) != 0) {
+        stash_error(interp, krb5_ret);
+        Tcl_AppendElement(interp, "while parsing source");
+        return TCL_ERROR;
+    }
+
+    if ((krb5_ret = krb5_parse_name(context, argv[1], &target)) != 0) {
+        stash_error(interp, krb5_ret);
+        Tcl_AppendElement(interp, "while parsing target");
+        krb5_free_principal(context, source);
+        return TCL_ERROR;
+    }
+
+    ret = kadm5_rename_principal(server_handle, source, target);
+
+    if (ret == KADM5_OK) {
+        set_ok(interp, "Principal renamed.");
+    }
+    else {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
+
+    krb5_free_principal(context, source);
+    krb5_free_principal(context, target);
+    return retcode;
 }
 
 
-	  
-static int tcl_kadm5_chpass_principal(ClientData clientData, 
-				      Tcl_Interp *interp,
-				      int argc, const char *argv[])
+
+static int tcl_kadm5_chpass_principal(ClientData clientData,
+                                      Tcl_Interp *interp,
+                                      int argc, const char *argv[])
 {
-     krb5_principal princ;
-     char *pw;
-#ifdef OVERRIDE     
-     int override_qual;
-#endif     
-     krb5_error_code krb5_ret;
-     int retcode = TCL_OK;
-     kadm5_ret_t ret;
-
-     GET_HANDLE(2, 0);
-
-     if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
-	  stash_error(interp, krb5_ret);
-	  Tcl_AppendElement(interp, "while parsing principal name");
-	  return TCL_ERROR;
-     }
-
-     if (parse_str(interp, argv[1], &pw) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing password");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
+    krb5_principal princ;
+    char *pw;
+#ifdef OVERRIDE
+    int override_qual;
+#endif
+    krb5_error_code krb5_ret;
+    int retcode = TCL_OK;
+    kadm5_ret_t ret;
+
+    GET_HANDLE(2, 0);
+
+    if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
+        stash_error(interp, krb5_ret);
+        Tcl_AppendElement(interp, "while parsing principal name");
+        return TCL_ERROR;
+    }
+
+    if (parse_str(interp, argv[1], &pw) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing password");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
 
 #ifdef OVERRIDE
-     if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing override_qual");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     
-     ret = kadm5_chpass_principal(server_handle,
-				       princ, pw, override_qual);
+    if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing override_qual");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    ret = kadm5_chpass_principal(server_handle,
+                                 princ, pw, override_qual);
 #else
-     ret = kadm5_chpass_principal(server_handle, princ, pw);
-#endif     
-
-     if (ret == KADM5_OK) {
-	  set_ok(interp, "Password changed.");
-	  goto finished;
-     }
-     else {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
+    ret = kadm5_chpass_principal(server_handle, princ, pw);
+#endif
+
+    if (ret == KADM5_OK) {
+        set_ok(interp, "Password changed.");
+        goto finished;
+    }
+    else {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
 
 finished:
-     krb5_free_principal(context, princ);
-     return retcode;
+    krb5_free_principal(context, princ);
+    return retcode;
 }
 
 
 
 static int tcl_kadm5_chpass_principal_util(ClientData clientData,
-					   Tcl_Interp *interp,
-					   int argc, const char *argv[])
+                                           Tcl_Interp *interp,
+                                           int argc, const char *argv[])
 {
-     krb5_principal princ;
-     char *new_pw;
-#ifdef OVERRIDE     
-     int override_qual;
-#endif     
-     char *pw_ret, *pw_ret_var;
-     char msg_ret[1024], *msg_ret_var;
-     krb5_error_code krb5_ret;
-     kadm5_ret_t ret;
-     int retcode = TCL_OK;
-
-     GET_HANDLE(4, 0);
-
-     if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
-	  stash_error(interp, krb5_ret);
-	  Tcl_AppendElement(interp, "while parsing principal name");
-	  return TCL_ERROR;
-     }
-
-     if (parse_str(interp, argv[1], &new_pw) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing new password");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
+    krb5_principal princ;
+    char *new_pw;
 #ifdef OVERRIDE
-     if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing override_qual");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
+    int override_qual;
 #endif
-     if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing pw_ret variable name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing msg_ret variable name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     ret = kadm5_chpass_principal_util(server_handle, princ, new_pw,
-#ifdef OVERRIDE     
-					    override_qual,
-#endif					    
-					    pw_ret_var ? &pw_ret : 0,
-					    msg_ret_var ? msg_ret : 0,
-				            msg_ret_var ? sizeof(msg_ret) : 0);
-
-     if (ret == KADM5_OK) {
-	  if (pw_ret_var &&
-	      (! Tcl_SetVar(interp, pw_ret_var, pw_ret,
-			    TCL_LEAVE_ERR_MSG))) {
-	       Tcl_AppendElement(interp, "while setting pw_ret variable");
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  }
-	  if (msg_ret_var &&
-	      (! Tcl_SetVar(interp, msg_ret_var, msg_ret,
-			    TCL_LEAVE_ERR_MSG))) {
-	       Tcl_AppendElement(interp,
-				 "while setting msg_ret variable");
-	       retcode = TCL_ERROR;
-	       goto finished;
-	  }
-	  set_ok(interp, "Password changed.");
-     }
-     else {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
+    char *pw_ret, *pw_ret_var;
+    char msg_ret[1024], *msg_ret_var;
+    krb5_error_code krb5_ret;
+    kadm5_ret_t ret;
+    int retcode = TCL_OK;
+
+    GET_HANDLE(4, 0);
+
+    if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
+        stash_error(interp, krb5_ret);
+        Tcl_AppendElement(interp, "while parsing principal name");
+        return TCL_ERROR;
+    }
+
+    if (parse_str(interp, argv[1], &new_pw) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing new password");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+#ifdef OVERRIDE
+    if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing override_qual");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+#endif
+    if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing pw_ret variable name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing msg_ret variable name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    ret = kadm5_chpass_principal_util(server_handle, princ, new_pw,
+#ifdef OVERRIDE
+                                      override_qual,
+#endif
+                                      pw_ret_var ? &pw_ret : 0,
+                                      msg_ret_var ? msg_ret : 0,
+                                      msg_ret_var ? sizeof(msg_ret) : 0);
+
+    if (ret == KADM5_OK) {
+        if (pw_ret_var &&
+            (! Tcl_SetVar(interp, pw_ret_var, pw_ret,
+                          TCL_LEAVE_ERR_MSG))) {
+            Tcl_AppendElement(interp, "while setting pw_ret variable");
+            retcode = TCL_ERROR;
+            goto finished;
+        }
+        if (msg_ret_var &&
+            (! Tcl_SetVar(interp, msg_ret_var, msg_ret,
+                          TCL_LEAVE_ERR_MSG))) {
+            Tcl_AppendElement(interp,
+                              "while setting msg_ret variable");
+            retcode = TCL_ERROR;
+            goto finished;
+        }
+        set_ok(interp, "Password changed.");
+    }
+    else {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
 
 finished:
-     krb5_free_principal(context, princ);
-     return retcode;
+    krb5_free_principal(context, princ);
+    return retcode;
 }
 
 
 
-static int tcl_kadm5_randkey_principal(ClientData clientData, 
-				       Tcl_Interp *interp,
-				       int argc, const char *argv[])
+static int tcl_kadm5_randkey_principal(ClientData clientData,
+                                       Tcl_Interp *interp,
+                                       int argc, const char *argv[])
 {
-     krb5_principal princ;
-     krb5_keyblock *keyblocks;
-     int num_keys;
-     char *keyblock_var, *num_var, buf[50];
-     Tcl_DString *keyblock_dstring = 0;
-     krb5_error_code krb5_ret;
-     kadm5_ret_t ret;
-     int retcode = TCL_OK;
-
-     GET_HANDLE(3, 0);
-
-     if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
-	  stash_error(interp, krb5_ret);
-	  Tcl_AppendElement(interp, "while parsing principal name");
-	  return TCL_ERROR;
-     }
-
-     if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing keyblock variable name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if (parse_str(interp, argv[2], &num_var) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing keyblock variable name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     ret = kadm5_randkey_principal(server_handle,
-				   princ, keyblock_var ? &keyblocks : 0,
-				   &num_keys);
-
-     if (ret == KADM5_OK) {
-	  if (keyblock_var) {
-	       keyblock_dstring = unparse_keyblocks(keyblocks, num_keys);
-	       if (! Tcl_SetVar(interp, keyblock_var,
-				keyblock_dstring->string,
-				TCL_LEAVE_ERR_MSG)) {
-		    Tcl_AppendElement(interp,
-				      "while setting keyblock variable");
-		    retcode = TCL_ERROR;
-		    goto finished;
-	       }
-	  }
-	  if (num_var) {
-	       sprintf(buf, "%d", num_keys);
-	       if (! Tcl_SetVar(interp, num_var, buf,
-				TCL_LEAVE_ERR_MSG)) {
-		    Tcl_AppendElement(interp,
-				      "while setting num_keys variable");
-	       }
-	  }
-	  set_ok(interp, "Key randomized.");
-     }
-     else {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
+    krb5_principal princ;
+    krb5_keyblock *keyblocks;
+    int num_keys;
+    char *keyblock_var, *num_var, buf[50];
+    Tcl_DString *keyblock_dstring = 0;
+    krb5_error_code krb5_ret;
+    kadm5_ret_t ret;
+    int retcode = TCL_OK;
+
+    GET_HANDLE(3, 0);
+
+    if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
+        stash_error(interp, krb5_ret);
+        Tcl_AppendElement(interp, "while parsing principal name");
+        return TCL_ERROR;
+    }
+
+    if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing keyblock variable name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if (parse_str(interp, argv[2], &num_var) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing keyblock variable name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    ret = kadm5_randkey_principal(server_handle,
+                                  princ, keyblock_var ? &keyblocks : 0,
+                                  &num_keys);
+
+    if (ret == KADM5_OK) {
+        if (keyblock_var) {
+            keyblock_dstring = unparse_keyblocks(keyblocks, num_keys);
+            if (! Tcl_SetVar(interp, keyblock_var,
+                             keyblock_dstring->string,
+                             TCL_LEAVE_ERR_MSG)) {
+                Tcl_AppendElement(interp,
+                                  "while setting keyblock variable");
+                retcode = TCL_ERROR;
+                goto finished;
+            }
+        }
+        if (num_var) {
+            sprintf(buf, "%d", num_keys);
+            if (! Tcl_SetVar(interp, num_var, buf,
+                             TCL_LEAVE_ERR_MSG)) {
+                Tcl_AppendElement(interp,
+                                  "while setting num_keys variable");
+            }
+        }
+        set_ok(interp, "Key randomized.");
+    }
+    else {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
 
 finished:
-     krb5_free_principal(context, princ);
-     if (keyblock_dstring) {
-	  Tcl_DStringFree(keyblock_dstring);
-	  free(keyblock_dstring);
-     }
-     return retcode;
+    krb5_free_principal(context, princ);
+    if (keyblock_dstring) {
+        Tcl_DStringFree(keyblock_dstring);
+        free(keyblock_dstring);
+    }
+    return retcode;
 }
 
 
 
 static int tcl_kadm5_get_principal(ClientData clientData, Tcl_Interp *interp,
-				   int argc, const char *argv[])
+                                   int argc, const char *argv[])
 {
-     krb5_principal princ;
-     kadm5_principal_ent_rec ent;
-     Tcl_DString *ent_dstring = 0;
-     char *ent_var;
-     char *name;
-     krb5_error_code krb5_ret;
-     int tcl_ret;
-     kadm5_ret_t ret = -1;
-     krb5_int32 mask;
-     int retcode = TCL_OK;
-     
-     GET_HANDLE(3, 1);
-
-     if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
-	return tcl_ret;
-     if(name != NULL) {
-	if ((krb5_ret = krb5_parse_name(context, name, &princ)) != 0) {
-	    stash_error(interp, krb5_ret);
-	    Tcl_AppendElement(interp, "while parsing principal name");
-	    return TCL_ERROR;
-	}
-     } else princ = NULL;
-
-     if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing entry variable name");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     if ((tcl_ret = parse_principal_mask(interp, argv[2], &mask)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing principal mask");
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     
-     ret = kadm5_get_principal(server_handle, princ, ent_var ? &ent : 0,
-			       mask);
-
-     if (ret == KADM5_OK) {
-	  if (ent_var) {
-	       ent_dstring = unparse_principal_ent(&ent, mask);
-	       if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
-				TCL_LEAVE_ERR_MSG)) {
-		    Tcl_AppendElement(interp,
-				      "while setting entry variable");
-		    retcode = TCL_ERROR;
-		    goto finished;
-	       }
-	       set_ok(interp, "Principal retrieved.");
-	  }
-     }
-     else {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
+    krb5_principal princ;
+    kadm5_principal_ent_rec ent;
+    Tcl_DString *ent_dstring = 0;
+    char *ent_var;
+    char *name;
+    krb5_error_code krb5_ret;
+    int tcl_ret;
+    kadm5_ret_t ret = -1;
+    krb5_int32 mask;
+    int retcode = TCL_OK;
+
+    GET_HANDLE(3, 1);
+
+    if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
+        return tcl_ret;
+    if(name != NULL) {
+        if ((krb5_ret = krb5_parse_name(context, name, &princ)) != 0) {
+            stash_error(interp, krb5_ret);
+            Tcl_AppendElement(interp, "while parsing principal name");
+            return TCL_ERROR;
+        }
+    } else princ = NULL;
+
+    if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing entry variable name");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    if ((tcl_ret = parse_principal_mask(interp, argv[2], &mask)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing principal mask");
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    ret = kadm5_get_principal(server_handle, princ, ent_var ? &ent : 0,
+                              mask);
+
+    if (ret == KADM5_OK) {
+        if (ent_var) {
+            ent_dstring = unparse_principal_ent(&ent, mask);
+            if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
+                             TCL_LEAVE_ERR_MSG)) {
+                Tcl_AppendElement(interp,
+                                  "while setting entry variable");
+                retcode = TCL_ERROR;
+                goto finished;
+            }
+            set_ok(interp, "Principal retrieved.");
+        }
+    }
+    else {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
 
 finished:
-     if (ent_dstring) {
-	  Tcl_DStringFree(ent_dstring);
-	  free(ent_dstring);
-     }
-     if(princ != NULL)
-	krb5_free_principal(context, princ);
-     if (ret == KADM5_OK && ent_var &&
-	 (ret = kadm5_free_principal_ent(server_handle, &ent)) &&
-	 (retcode == TCL_OK)) {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
-     return retcode;
+    if (ent_dstring) {
+        Tcl_DStringFree(ent_dstring);
+        free(ent_dstring);
+    }
+    if(princ != NULL)
+        krb5_free_principal(context, princ);
+    if (ret == KADM5_OK && ent_var &&
+        (ret = kadm5_free_principal_ent(server_handle, &ent)) &&
+        (retcode == TCL_OK)) {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
+    return retcode;
 }
-     
+
 static int tcl_kadm5_create_policy(ClientData clientData, Tcl_Interp *interp,
-				   int argc, const char *argv[])
+                                   int argc, const char *argv[])
 {
-     int tcl_ret;
-     kadm5_ret_t ret;
-     int retcode = TCL_OK;
-     char *policy_string;
-     kadm5_policy_ent_t policy = 0;
-     krb5_int32 mask;
-
-     GET_HANDLE(2, 0);
-
-     if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing policy");
-	  return tcl_ret;
-     }
-
-     if (policy_string &&
-	 ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
-	  != TCL_OK)) {
-	  return tcl_ret;
-     }
-
-     if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
-	  retcode = tcl_ret;
-	  goto finished;
-     }
-
-     ret = kadm5_create_policy(server_handle, policy, mask);
-
-     if (ret != KADM5_OK) {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-     else {
-	  set_ok(interp, "Policy created.");
-     }
+    int tcl_ret;
+    kadm5_ret_t ret;
+    int retcode = TCL_OK;
+    char *policy_string;
+    kadm5_policy_ent_t policy = 0;
+    krb5_int32 mask;
+
+    GET_HANDLE(2, 0);
+
+    if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing policy");
+        return tcl_ret;
+    }
+
+    if (policy_string &&
+        ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
+         != TCL_OK)) {
+        return tcl_ret;
+    }
+
+    if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
+        retcode = tcl_ret;
+        goto finished;
+    }
+
+    ret = kadm5_create_policy(server_handle, policy, mask);
+
+    if (ret != KADM5_OK) {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+    else {
+        set_ok(interp, "Policy created.");
+    }
 
 finished:
-     if (policy) {
-	  free_policy_ent(&policy);
-     }
-     return retcode;
+    if (policy) {
+        free_policy_ent(&policy);
+    }
+    return retcode;
 }
 
 
 
 static int tcl_kadm5_delete_policy(ClientData clientData, Tcl_Interp *interp,
-				   int argc, const char *argv[])
+                                   int argc, const char *argv[])
 {
-     kadm5_ret_t ret;
-     char *policy;
-
-     GET_HANDLE(1, 0);
-
-     if (parse_str(interp, argv[0], &policy) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing policy name");
-	  return TCL_ERROR;
-     }
-     
-     ret = kadm5_delete_policy(server_handle, policy);
-
-     if (ret != KADM5_OK) {
-	  stash_error(interp, ret);
-	  return TCL_ERROR;
-     }
-     else {
-	  set_ok(interp, "Policy deleted.");
-	  return TCL_OK;
-     }
+    kadm5_ret_t ret;
+    char *policy;
+
+    GET_HANDLE(1, 0);
+
+    if (parse_str(interp, argv[0], &policy) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing policy name");
+        return TCL_ERROR;
+    }
+
+    ret = kadm5_delete_policy(server_handle, policy);
+
+    if (ret != KADM5_OK) {
+        stash_error(interp, ret);
+        return TCL_ERROR;
+    }
+    else {
+        set_ok(interp, "Policy deleted.");
+        return TCL_OK;
+    }
 }
 
 
 
 static int tcl_kadm5_modify_policy(ClientData clientData, Tcl_Interp *interp,
-				   int argc, const char *argv[])
+                                   int argc, const char *argv[])
 {
-     char *policy_string;
-     kadm5_policy_ent_t policy = 0;
-     int tcl_ret;
-     krb5_int32 mask;
-     int retcode = TCL_OK;
-     kadm5_ret_t ret;
-
-     GET_HANDLE(2, 0);
-
-     if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing policy");
-	  return tcl_ret;
-     }
-
-     if (policy_string &&
-	 ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
-	  != TCL_OK)) {
-	  return tcl_ret;
-     }
-
-     if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
-	  retcode = TCL_ERROR;
-	  goto finished;
-     }
-
-     ret = kadm5_modify_policy(server_handle, policy, mask);
-
-     if (ret != KADM5_OK) {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
-     else {
-	  set_ok(interp, "Policy modified.");
-     }
+    char *policy_string;
+    kadm5_policy_ent_t policy = 0;
+    int tcl_ret;
+    krb5_int32 mask;
+    int retcode = TCL_OK;
+    kadm5_ret_t ret;
+
+    GET_HANDLE(2, 0);
+
+    if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing policy");
+        return tcl_ret;
+    }
+
+    if (policy_string &&
+        ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
+         != TCL_OK)) {
+        return tcl_ret;
+    }
+
+    if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
+        retcode = TCL_ERROR;
+        goto finished;
+    }
+
+    ret = kadm5_modify_policy(server_handle, policy, mask);
+
+    if (ret != KADM5_OK) {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
+    else {
+        set_ok(interp, "Policy modified.");
+    }
 
 finished:
-     if (policy) {
-	  free_policy_ent(&policy);
-     }
-     return retcode;
+    if (policy) {
+        free_policy_ent(&policy);
+    }
+    return retcode;
 }
 
 
 static int tcl_kadm5_get_policy(ClientData clientData, Tcl_Interp *interp,
-				int argc, const char *argv[])
+                                int argc, const char *argv[])
 {
-     kadm5_policy_ent_rec ent;
-     Tcl_DString *ent_dstring = 0;
-     char *policy;
-     char *ent_var;
-     kadm5_ret_t ret;
-     int retcode = TCL_OK;
-
-     GET_HANDLE(2, 1);
-
-     if (parse_str(interp, argv[0], &policy) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing policy name");
-	  return TCL_ERROR;
-     }
-     
-     if (parse_str(interp, argv[1], &ent_var) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing entry variable name");
-	  return TCL_ERROR;
-     }
-     
-     ret = kadm5_get_policy(server_handle, policy, ent_var ? &ent : 0);
-
-     if (ret == KADM5_OK) {
-	  if (ent_var) {
-	       ent_dstring = unparse_policy_ent(&ent);
-	       if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
-				TCL_LEAVE_ERR_MSG)) {
-		    Tcl_AppendElement(interp,
-				      "while setting entry variable");
-		    retcode = TCL_ERROR;
-		    goto finished;
-	       }
-	       set_ok(interp, "Policy retrieved.");
-	  }
-     }
-     else {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
+    kadm5_policy_ent_rec ent;
+    Tcl_DString *ent_dstring = 0;
+    char *policy;
+    char *ent_var;
+    kadm5_ret_t ret;
+    int retcode = TCL_OK;
+
+    GET_HANDLE(2, 1);
+
+    if (parse_str(interp, argv[0], &policy) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing policy name");
+        return TCL_ERROR;
+    }
+
+    if (parse_str(interp, argv[1], &ent_var) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing entry variable name");
+        return TCL_ERROR;
+    }
+
+    ret = kadm5_get_policy(server_handle, policy, ent_var ? &ent : 0);
+
+    if (ret == KADM5_OK) {
+        if (ent_var) {
+            ent_dstring = unparse_policy_ent(&ent);
+            if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
+                             TCL_LEAVE_ERR_MSG)) {
+                Tcl_AppendElement(interp,
+                                  "while setting entry variable");
+                retcode = TCL_ERROR;
+                goto finished;
+            }
+            set_ok(interp, "Policy retrieved.");
+        }
+    }
+    else {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
 
 finished:
-     if (ent_dstring) {
-	  Tcl_DStringFree(ent_dstring);
-	  free(ent_dstring);
-     }
-     if (ent_var && ret == KADM5_OK &&
-	 (ret = kadm5_free_policy_ent(server_handle, &ent)) &&
-	 (retcode == TCL_OK)) {
-	  stash_error(interp, ret);
-	  retcode = TCL_ERROR;
-     }
-     return retcode;
+    if (ent_dstring) {
+        Tcl_DStringFree(ent_dstring);
+        free(ent_dstring);
+    }
+    if (ent_var && ret == KADM5_OK &&
+        (ret = kadm5_free_policy_ent(server_handle, &ent)) &&
+        (retcode == TCL_OK)) {
+        stash_error(interp, ret);
+        retcode = TCL_ERROR;
+    }
+    return retcode;
 }
 
-     
-     
+
+
 static int tcl_kadm5_free_principal_ent(ClientData clientData,
-					Tcl_Interp *interp,
-					int argc, const char *argv[])
+                                        Tcl_Interp *interp,
+                                        int argc, const char *argv[])
 {
-     char *ent_name;
-     kadm5_principal_ent_t ent;
-     kadm5_ret_t ret;
-
-     GET_HANDLE(1, 0);
-
-     if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing entry name");
-	  return TCL_ERROR;
-     }
-
-     if ((! ent_name) &&
-	 (ret = kadm5_free_principal_ent(server_handle, 0))) {
-	 stash_error(interp, ret);
-	 return TCL_ERROR;
-     }
-     else {
-	  Tcl_HashEntry *entry;
-
-	  if (strncmp(ent_name, "principal", sizeof("principal")-1)) {
-	       Tcl_AppendResult(interp, "invalid principal handle \"",
-				ent_name, "\"", 0);
-	       return TCL_ERROR;
-	  }
-	  if (! struct_table) {
-	       if (! (struct_table = malloc(sizeof(*struct_table)))) {
-		    fprintf(stderr, "Out of memory!\n");
-		    exit(1); /* XXX */
-	       }
-	       Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
-	  }
-	  
-	  if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
-	       Tcl_AppendResult(interp, "principal handle \"", ent_name,
-				"\" not found", 0);
-	       return TCL_ERROR;
-	  }
-
-	  ent = (kadm5_principal_ent_t) Tcl_GetHashValue(entry);
-
-	  ret = kadm5_free_principal_ent(server_handle, ent);
-	  if (ret != KADM5_OK) {
-	      stash_error(interp, ret);
-	      return TCL_ERROR;
-	  }
-	  Tcl_DeleteHashEntry(entry);
-     }
-     set_ok(interp, "Principal freed.");
-     return TCL_OK;
+    char *ent_name;
+    kadm5_principal_ent_t ent;
+    kadm5_ret_t ret;
+
+    GET_HANDLE(1, 0);
+
+    if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing entry name");
+        return TCL_ERROR;
+    }
+
+    if ((! ent_name) &&
+        (ret = kadm5_free_principal_ent(server_handle, 0))) {
+        stash_error(interp, ret);
+        return TCL_ERROR;
+    }
+    else {
+        Tcl_HashEntry *entry;
+
+        if (strncmp(ent_name, "principal", sizeof("principal")-1)) {
+            Tcl_AppendResult(interp, "invalid principal handle \"",
+                             ent_name, "\"", 0);
+            return TCL_ERROR;
+        }
+        if (! struct_table) {
+            if (! (struct_table = malloc(sizeof(*struct_table)))) {
+                fprintf(stderr, "Out of memory!\n");
+                exit(1); /* XXX */
+            }
+            Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
+        }
+
+        if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
+            Tcl_AppendResult(interp, "principal handle \"", ent_name,
+                             "\" not found", 0);
+            return TCL_ERROR;
+        }
+
+        ent = (kadm5_principal_ent_t) Tcl_GetHashValue(entry);
+
+        ret = kadm5_free_principal_ent(server_handle, ent);
+        if (ret != KADM5_OK) {
+            stash_error(interp, ret);
+            return TCL_ERROR;
+        }
+        Tcl_DeleteHashEntry(entry);
+    }
+    set_ok(interp, "Principal freed.");
+    return TCL_OK;
 }
-	  
-		    
+
+
 static int tcl_kadm5_free_policy_ent(ClientData clientData,
-				     Tcl_Interp *interp,
-				     int argc, const char *argv[])
+                                     Tcl_Interp *interp,
+                                     int argc, const char *argv[])
 {
-     char *ent_name;
-     kadm5_policy_ent_t ent;
-     kadm5_ret_t ret;
-
-     GET_HANDLE(1, 0);
-
-     if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing entry name");
-	  return TCL_ERROR;
-     }
-
-     if ((! ent_name) &&
-	 (ret = kadm5_free_policy_ent(server_handle, 0))) {
-	 stash_error(interp, ret);
-	 return TCL_ERROR;
-     }
-     else {
-	  Tcl_HashEntry *entry;
-
-	  if (strncmp(ent_name, "policy", sizeof("policy")-1)) {
-	       Tcl_AppendResult(interp, "invalid principal handle \"",
-				ent_name, "\"", 0);
-	       return TCL_ERROR;
-	  }
-	  if (! struct_table) {
-	       if (! (struct_table = malloc(sizeof(*struct_table)))) {
-		    fprintf(stderr, "Out of memory!\n");
-		    exit(1); /* XXX */
-	       }
-	       Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
-	  }
-	  
-	  if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
-	       Tcl_AppendResult(interp, "policy handle \"", ent_name,
-				"\" not found", 0);
-	       return TCL_ERROR;
-	  }
-
-	  ent = (kadm5_policy_ent_t) Tcl_GetHashValue(entry);
-
-	  if ((ret = kadm5_free_policy_ent(server_handle, ent)) != KADM5_OK) {
-	      stash_error(interp, ret);
-	      return TCL_ERROR;
-	  }
-	  Tcl_DeleteHashEntry(entry);
-     }
-     set_ok(interp, "Policy freed.");
-     return TCL_OK;
+    char *ent_name;
+    kadm5_policy_ent_t ent;
+    kadm5_ret_t ret;
+
+    GET_HANDLE(1, 0);
+
+    if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing entry name");
+        return TCL_ERROR;
+    }
+
+    if ((! ent_name) &&
+        (ret = kadm5_free_policy_ent(server_handle, 0))) {
+        stash_error(interp, ret);
+        return TCL_ERROR;
+    }
+    else {
+        Tcl_HashEntry *entry;
+
+        if (strncmp(ent_name, "policy", sizeof("policy")-1)) {
+            Tcl_AppendResult(interp, "invalid principal handle \"",
+                             ent_name, "\"", 0);
+            return TCL_ERROR;
+        }
+        if (! struct_table) {
+            if (! (struct_table = malloc(sizeof(*struct_table)))) {
+                fprintf(stderr, "Out of memory!\n");
+                exit(1); /* XXX */
+            }
+            Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
+        }
+
+        if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
+            Tcl_AppendResult(interp, "policy handle \"", ent_name,
+                             "\" not found", 0);
+            return TCL_ERROR;
+        }
+
+        ent = (kadm5_policy_ent_t) Tcl_GetHashValue(entry);
+
+        if ((ret = kadm5_free_policy_ent(server_handle, ent)) != KADM5_OK) {
+            stash_error(interp, ret);
+            return TCL_ERROR;
+        }
+        Tcl_DeleteHashEntry(entry);
+    }
+    set_ok(interp, "Policy freed.");
+    return TCL_OK;
 }
-	  
-		    
+
+
 static int tcl_kadm5_get_privs(ClientData clientData, Tcl_Interp *interp,
-			       int argc, const char *argv[])
+                               int argc, const char *argv[])
 {
-     const char *set_ret;
-     kadm5_ret_t ret;
-     char *priv_var;
-     long privs;
-
-     GET_HANDLE(1, 0);
-
-     if (parse_str(interp, argv[0], &priv_var) != TCL_OK) {
-	  Tcl_AppendElement(interp, "while parsing privs variable name");
-	  return TCL_ERROR;
-     }
-
-     ret = kadm5_get_privs(server_handle, priv_var ? &privs : 0);
-
-     if (ret == KADM5_OK) {
-	  if (priv_var) {
-	       Tcl_DString *str = unparse_privs(privs);
-	       set_ret = Tcl_SetVar(interp, priv_var, str->string,
-				    TCL_LEAVE_ERR_MSG);
-	       Tcl_DStringFree(str);
-	       free(str);
-	       if (! set_ret) {
-		    Tcl_AppendElement(interp, "while setting priv variable");
-		    return TCL_ERROR;
-	       }
-	  }
-	  set_ok(interp, "Privileges retrieved.");
-	  return TCL_OK;
-     }
-     else {
-	  stash_error(interp, ret);
-	  return TCL_ERROR;
-     }
+    const char *set_ret;
+    kadm5_ret_t ret;
+    char *priv_var;
+    long privs;
+
+    GET_HANDLE(1, 0);
+
+    if (parse_str(interp, argv[0], &priv_var) != TCL_OK) {
+        Tcl_AppendElement(interp, "while parsing privs variable name");
+        return TCL_ERROR;
+    }
+
+    ret = kadm5_get_privs(server_handle, priv_var ? &privs : 0);
+
+    if (ret == KADM5_OK) {
+        if (priv_var) {
+            Tcl_DString *str = unparse_privs(privs);
+            set_ret = Tcl_SetVar(interp, priv_var, str->string,
+                                 TCL_LEAVE_ERR_MSG);
+            Tcl_DStringFree(str);
+            free(str);
+            if (! set_ret) {
+                Tcl_AppendElement(interp, "while setting priv variable");
+                return TCL_ERROR;
+            }
+        }
+        set_ok(interp, "Privileges retrieved.");
+        return TCL_OK;
+    }
+    else {
+        stash_error(interp, ret);
+        return TCL_ERROR;
+    }
 }
-		    
+
 
 void Tcl_kadm5_init(Tcl_Interp *interp)
 {
     char buf[20];
 
-     Tcl_SetVar(interp, "KADM5_ADMIN_SERVICE",
-		KADM5_ADMIN_SERVICE, TCL_GLOBAL_ONLY);
-     Tcl_SetVar(interp, "KADM5_CHANGEPW_SERVICE",
-		KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
+    Tcl_SetVar(interp, "KADM5_ADMIN_SERVICE",
+               KADM5_ADMIN_SERVICE, TCL_GLOBAL_ONLY);
+    Tcl_SetVar(interp, "KADM5_CHANGEPW_SERVICE",
+               KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
     (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION);
-     Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
+    Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
     (void) sprintf(buf, "%d", KADM5_API_VERSION_2);
-     Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY);
+    Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY);
     (void) sprintf(buf, "%d", KADM5_API_VERSION_3);
-     Tcl_SetVar(interp, "KADM5_API_VERSION_3", buf, TCL_GLOBAL_ONLY);
+    Tcl_SetVar(interp, "KADM5_API_VERSION_3", buf, TCL_GLOBAL_ONLY);
     (void) sprintf(buf, "%d", KADM5_API_VERSION_MASK);
-     Tcl_SetVar(interp, "KADM5_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY);
+    Tcl_SetVar(interp, "KADM5_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY);
     (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION_MASK);
-     Tcl_SetVar(interp, "KADM5_STRUCT_VERSION_MASK", buf,
-		TCL_GLOBAL_ONLY);
-
-     Tcl_CreateCommand(interp, "kadm5_init", tcl_kadm5_init, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_init_with_creds",
-		       tcl_kadm5_init_with_creds, 0, 0); 
-     Tcl_CreateCommand(interp, "kadm5_destroy", tcl_kadm5_destroy, 0,
-		       0);
-     Tcl_CreateCommand(interp, "kadm5_create_principal",
-		       tcl_kadm5_create_principal, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_delete_principal",
-		       tcl_kadm5_delete_principal, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_modify_principal",
-		       tcl_kadm5_modify_principal, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_rename_principal",
-		       tcl_kadm5_rename_principal, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_chpass_principal",
-		       tcl_kadm5_chpass_principal, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_chpass_principal_util",
-		       tcl_kadm5_chpass_principal_util, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_randkey_principal",
-		       tcl_kadm5_randkey_principal, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_get_principal",
-		       tcl_kadm5_get_principal, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_create_policy",
-		       tcl_kadm5_create_policy, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_delete_policy",
-		       tcl_kadm5_delete_policy, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_modify_policy",
-		       tcl_kadm5_modify_policy, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_get_policy",
-		       tcl_kadm5_get_policy, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_free_principal_ent",
-		       tcl_kadm5_free_principal_ent, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_free_policy_ent",
-		       tcl_kadm5_free_policy_ent, 0, 0);
-     Tcl_CreateCommand(interp, "kadm5_get_privs",
-		       tcl_kadm5_get_privs, 0, 0);
+    Tcl_SetVar(interp, "KADM5_STRUCT_VERSION_MASK", buf,
+               TCL_GLOBAL_ONLY);
+
+    Tcl_CreateCommand(interp, "kadm5_init", tcl_kadm5_init, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_init_with_creds",
+                      tcl_kadm5_init_with_creds, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_destroy", tcl_kadm5_destroy, 0,
+                      0);
+    Tcl_CreateCommand(interp, "kadm5_create_principal",
+                      tcl_kadm5_create_principal, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_delete_principal",
+                      tcl_kadm5_delete_principal, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_modify_principal",
+                      tcl_kadm5_modify_principal, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_rename_principal",
+                      tcl_kadm5_rename_principal, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_chpass_principal",
+                      tcl_kadm5_chpass_principal, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_chpass_principal_util",
+                      tcl_kadm5_chpass_principal_util, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_randkey_principal",
+                      tcl_kadm5_randkey_principal, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_get_principal",
+                      tcl_kadm5_get_principal, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_create_policy",
+                      tcl_kadm5_create_policy, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_delete_policy",
+                      tcl_kadm5_delete_policy, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_modify_policy",
+                      tcl_kadm5_modify_policy, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_get_policy",
+                      tcl_kadm5_get_policy, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_free_principal_ent",
+                      tcl_kadm5_free_principal_ent, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_free_policy_ent",
+                      tcl_kadm5_free_policy_ent, 0, 0);
+    Tcl_CreateCommand(interp, "kadm5_get_privs",
+                      tcl_kadm5_get_privs, 0, 0);
 }
diff --git a/src/kadmin/testing/util/tcl_kadm5.h b/src/kadmin/testing/util/tcl_kadm5.h
index d2fdd1d03..1f91a11a1 100644
--- a/src/kadmin/testing/util/tcl_kadm5.h
+++ b/src/kadmin/testing/util/tcl_kadm5.h
@@ -1,3 +1,3 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 void Tcl_kadm5_init(Tcl_Interp *interp);
-
diff --git a/src/kadmin/testing/util/tcl_krb5_hash.c b/src/kadmin/testing/util/tcl_krb5_hash.c
index 7fe1b8f74..35c6bb0b3 100644
--- a/src/kadmin/testing/util/tcl_krb5_hash.c
+++ b/src/kadmin/testing/util/tcl_krb5_hash.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * All of the TCL krb5 functions which return (or place into output
  * variables) structures or pointers to structures that can't be
@@ -10,7 +11,7 @@
  * table.
  *
  * The functions in this file do four things:
- * 
+ *
  * 1) Given a pointer to a datum and a string representing the type of
  * datum to which the pointer refers, create a new handle for the
  * datum, store the datum in the hash table using the new handle as
@@ -54,114 +55,113 @@ static char *memory_error = "out of memory";
  */
 
 static TclHashTable *get_hash_table(Tcl_Interp *interp,
-				    char *type)
+                                    char *type)
 {
-     static Tcl_HashTable *hash_table = 0;
-
-     if (! hash_table) {
-	  if (! (hash_table = malloc(sizeof(*hash_table)))) {
-	       Tcl_SetResult(interp, memory_error, TCL_STATIC);
-	       return 0;
-	  }
-	  Tcl_InitHashTable(hash_table, TCL_STRING_KEYS);
-     }
-     return hash_table;
+    static Tcl_HashTable *hash_table = 0;
+
+    if (! hash_table) {
+        if (! (hash_table = malloc(sizeof(*hash_table)))) {
+            Tcl_SetResult(interp, memory_error, TCL_STATIC);
+            return 0;
+        }
+        Tcl_InitHashTable(hash_table, TCL_STRING_KEYS);
+    }
+    return hash_table;
 }
 
 #define MAX_ID 999999999
 #define ID_BUF_SIZE 10
 
 static Tcl_HashEntry *get_new_handle(Tcl_Interp *interp,
-				     char *type)
+                                     char *type)
 {
-     static unsigned long int id_counter = 0;
-     Tcl_DString *handle;
-     char int_buf[ID_BUF_SIZE];
-     
-     if (! (handle = malloc(sizeof(*handle)))) {
-	  Tcl_SetResult(interp, memory_error, TCL_STATIC);
-	  return 0;
-     }
-     Tcl_DStringInit(handle);
+    static unsigned long int id_counter = 0;
+    Tcl_DString *handle;
+    char int_buf[ID_BUF_SIZE];
+
+    if (! (handle = malloc(sizeof(*handle)))) {
+        Tcl_SetResult(interp, memory_error, TCL_STATIC);
+        return 0;
+    }
+    Tcl_DStringInit(handle);
 
-     assert(id_counter <= MAX_ID);
+    assert(id_counter <= MAX_ID);
 
-     sprintf(int_buf, "%d", id_counter++);
+    sprintf(int_buf, "%d", id_counter++);
 
-     Tcl_DStringAppend(handle, type, -1);
-     Tcl_DStringAppend(handle, SEP_STR, -1);
-     Tcl_DStringAppend(handle, int_buf, -1);
+    Tcl_DStringAppend(handle, type, -1);
+    Tcl_DStringAppend(handle, SEP_STR, -1);
+    Tcl_DStringAppend(handle, int_buf, -1);
 
-     return handle;
+    return handle;
 }
-     
-     
+
+
 Tcl_DString *tcl_krb5_create_object(Tcl_Interp *interp,
-				    char *type,
-				    ClientData datum)
+                                    char *type,
+                                    ClientData datum)
 {
-     Tcl_HashTable *table;
-     Tcl_DString *handle;
-     Tcl_HashEntry *entry;
-     int entry_created = 0;
+    Tcl_HashTable *table;
+    Tcl_DString *handle;
+    Tcl_HashEntry *entry;
+    int entry_created = 0;
 
-     if (! (table = get_hash_table(interp, type))) {
-	  return 0;
-     }
+    if (! (table = get_hash_table(interp, type))) {
+        return 0;
+    }
 
-     if (! (handle = get_new_handle(interp, type))) {
-	  return 0;
-     }
+    if (! (handle = get_new_handle(interp, type))) {
+        return 0;
+    }
 
-     if (! (entry = Tcl_CreateHashEntry(table, handle, &entry_created))) {
-	  Tcl_SetResult(interp, "error creating hash entry", TCL_STATIC);
-	  Tcl_DStringFree(handle);
-	  return TCL_ERROR;
-     }
+    if (! (entry = Tcl_CreateHashEntry(table, handle, &entry_created))) {
+        Tcl_SetResult(interp, "error creating hash entry", TCL_STATIC);
+        Tcl_DStringFree(handle);
+        return TCL_ERROR;
+    }
 
-     assert(entry_created);
+    assert(entry_created);
 
-     Tcl_SetHashValue(entry, datum);
+    Tcl_SetHashValue(entry, datum);
 
-     return handle;
+    return handle;
 }
 
 ClientData tcl_krb5_get_object(Tcl_Interp *interp,
-			       char *handle)
+                               char *handle)
 {
-     char *myhandle, *id_ptr;
-     Tcl_HashTable *table;
-     Tcl_HashEntry *entry;
-
-     if (! (myhandle = strdup(handle))) {
-	  Tcl_SetResult(interp, memory_error, TCL_STATIC);
-	  return 0;
-     }
-
-     if (! (id_ptr = index(myhandle, *SEP_STR))) {
-	  free(myhandle);
-	  Tcl_ResetResult(interp);
-	  Tcl_AppendResult(interp, "malformatted handle \"", handle,
-			   "\"", 0);
-	  return 0;
-     }
-
-     *id_ptr = '\0';
-     
-     if (! (table = get_hash_table(interp, myhandle))) {
-	  free(myhandle);
-	  return 0;
-     }
-
-     free(myhandle);
-
-     if (! (entry = Tcl_FindHashEntry(table, handle))) {
-	  Tcl_ResetResult(interp);
-	  Tcl_AppendResult(interp, "no object corresponding to handle \"",
-			   handle, "\"", 0);
-	  return 0;
-     }
-
-     return(Tcl_GetHashValue(entry));
+    char *myhandle, *id_ptr;
+    Tcl_HashTable *table;
+    Tcl_HashEntry *entry;
+
+    if (! (myhandle = strdup(handle))) {
+        Tcl_SetResult(interp, memory_error, TCL_STATIC);
+        return 0;
+    }
+
+    if (! (id_ptr = index(myhandle, *SEP_STR))) {
+        free(myhandle);
+        Tcl_ResetResult(interp);
+        Tcl_AppendResult(interp, "malformatted handle \"", handle,
+                         "\"", 0);
+        return 0;
+    }
+
+    *id_ptr = '\0';
+
+    if (! (table = get_hash_table(interp, myhandle))) {
+        free(myhandle);
+        return 0;
+    }
+
+    free(myhandle);
+
+    if (! (entry = Tcl_FindHashEntry(table, handle))) {
+        Tcl_ResetResult(interp);
+        Tcl_AppendResult(interp, "no object corresponding to handle \"",
+                         handle, "\"", 0);
+        return 0;
+    }
+
+    return(Tcl_GetHashValue(entry));
 }
-
diff --git a/src/kadmin/testing/util/test.c b/src/kadmin/testing/util/test.c
index 7f93eb460..37e49d680 100644
--- a/src/kadmin/testing/util/test.c
+++ b/src/kadmin/testing/util/test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "autoconf.h"
 #if HAVE_TCL_H
 #include <tcl.h>
@@ -11,11 +12,11 @@
 #if _TCL_MAIN
 int
 main(argc, argv)
-    int argc;			/* Number of command-line arguments. */
-    char **argv;		/* Values of command-line arguments. */
+    int argc;                   /* Number of command-line arguments. */
+    char **argv;                /* Values of command-line arguments. */
 {
     Tcl_Main(argc, argv, Tcl_AppInit);
-    return 0;			/* Needed only to prevent compiler warning. */
+    return 0;                   /* Needed only to prevent compiler warning. */
 }
 #else
 /*
@@ -31,7 +32,7 @@ int *tclDummyMainPtr = (int *) main;
 
 int Tcl_AppInit(Tcl_Interp *interp)
 {
-     Tcl_kadm5_init(interp);
+    Tcl_kadm5_init(interp);
 
-     return(TCL_OK);
+    return(TCL_OK);
 }
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 36786457f..3885b4ee4 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/dispatch.c
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Dispatch an incoming packet.
  */
@@ -44,68 +45,68 @@ dispatch(krb5_data *pkt, const krb5_fulladdr *from, krb5_data **response)
     krb5_error_code retval;
     krb5_kdc_req *as_req;
     krb5_int32 now, now_usec;
-    
+
     /* decode incoming packet, and dispatch */
 
 #ifndef NOCACHE
     /* try the replay lookaside buffer */
     if (kdc_check_lookaside(pkt, response)) {
-	/* a hit! */
-	const char *name = 0;
-	char buf[46];
+        /* a hit! */
+        const char *name = 0;
+        char buf[46];
 
-	name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype),
-			  from->address->contents, buf, sizeof (buf));
-	if (name == 0)
-	    name = "[unknown address type]";
-	krb5_klog_syslog(LOG_INFO,
-			 "DISPATCH: repeated (retransmitted?) request from %s, resending previous response",
-			 name);
-	return 0;
+        name = inet_ntop (ADDRTYPE2FAMILY (from->address->addrtype),
+                          from->address->contents, buf, sizeof (buf));
+        if (name == 0)
+            name = "[unknown address type]";
+        krb5_klog_syslog(LOG_INFO,
+                         "DISPATCH: repeated (retransmitted?) request from %s, resending previous response",
+                         name);
+        return 0;
     }
 #endif
     retval = krb5_crypto_us_timeofday(&now, &now_usec);
     if (retval == 0) {
-      krb5_int32 usec_difference = now_usec-last_usec;
-      krb5_data data;
-      if(last_os_random == 0)
-	last_os_random = now;
-      /* Grab random data from OS every hour*/
-      if(now-last_os_random >= 60*60) {
-	krb5_c_random_os_entropy(kdc_context, 0, NULL);
-	last_os_random = now;
-      }
-      
-      data.length = sizeof(krb5_int32);
-      data.data = (void *) &usec_difference;
-      
-      krb5_c_random_add_entropy(kdc_context,
-				KRB5_C_RANDSOURCE_TIMING, &data);
-      last_usec = now_usec;
+        krb5_int32 usec_difference = now_usec-last_usec;
+        krb5_data data;
+        if(last_os_random == 0)
+            last_os_random = now;
+        /* Grab random data from OS every hour*/
+        if(now-last_os_random >= 60*60) {
+            krb5_c_random_os_entropy(kdc_context, 0, NULL);
+            last_os_random = now;
+        }
+
+        data.length = sizeof(krb5_int32);
+        data.data = (void *) &usec_difference;
+
+        krb5_c_random_add_entropy(kdc_context,
+                                  KRB5_C_RANDSOURCE_TIMING, &data);
+        last_usec = now_usec;
     }
     /* try TGS_REQ first; they are more common! */
 
     if (krb5_is_tgs_req(pkt)) {
-	retval = process_tgs_req(pkt, from, response);
+        retval = process_tgs_req(pkt, from, response);
     } else if (krb5_is_as_req(pkt)) {
-	if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
-	    /*
-	     * setup_server_realm() sets up the global realm-specific data
-	     * pointer.
-	     * process_as_req frees the request if it is called
-	     */
-	    if (!(retval = setup_server_realm(as_req->server))) {
-		retval = process_as_req(as_req, pkt, from, response);
-	    }
-	    else 	    krb5_free_kdc_req(kdc_context, as_req);
-	}
+        if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
+            /*
+             * setup_server_realm() sets up the global realm-specific data
+             * pointer.
+             * process_as_req frees the request if it is called
+             */
+            if (!(retval = setup_server_realm(as_req->server))) {
+                retval = process_as_req(as_req, pkt, from, response);
+            }
+            else            krb5_free_kdc_req(kdc_context, as_req);
+        }
     }
     else
-	retval = KRB5KRB_AP_ERR_MSG_TYPE;
+        retval = KRB5KRB_AP_ERR_MSG_TYPE;
 #ifndef NOCACHE
     /* put the response into the lookaside buffer */
     if (!retval && *response != NULL)
-	kdc_insert_lookaside(pkt, *response);
+        kdc_insert_lookaside(pkt, *response);
 #endif
 
     return retval;
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 1feb468be..5067ff8fd 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/do_as_req.c
  *
@@ -9,7 +10,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -23,7 +24,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * KDC Routines to deal with AS_REQ's
  */
@@ -64,7 +65,7 @@
 #include <netinet/in.h>
 #ifndef hpux
 #include <arpa/inet.h>
-#endif	/* hpux */
+#endif  /* hpux */
 #endif /* HAVE_NETINET_IN_H */
 
 #include "kdc_util.h"
@@ -75,21 +76,21 @@
 
 #if APPLE_PKINIT
 #define     AS_REQ_DEBUG    0
-#if	    AS_REQ_DEBUG
+#if         AS_REQ_DEBUG
 #define     asReqDebug(args...)       printf(args)
 #else
 #define     asReqDebug(args...)
 #endif
 #endif /* APPLE_PKINIT */
 
-static krb5_error_code prepare_error_as (struct kdc_request_state *, krb5_kdc_req *, int, krb5_data *, 
-					 krb5_principal, krb5_data **,
-					 const char *);
+static krb5_error_code prepare_error_as (struct kdc_request_state *, krb5_kdc_req *, int, krb5_data *,
+                                         krb5_principal, krb5_data **,
+                                         const char *);
 
 /*ARGSUSED*/
 krb5_error_code
 process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
-	       const krb5_fulladdr *from, krb5_data **response)
+               const krb5_fulladdr *from, krb5_data **response)
 {
     krb5_db_entry client, server;
     krb5_kdc_rep reply;
@@ -119,11 +120,11 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     struct kdc_request_state *state = NULL;
     krb5_data encoded_req_body;
     krb5_keyblock *as_encrypting_key = NULL;
-    
+
 
 #if APPLE_PKINIT
-    asReqDebug("process_as_req top realm %s name %s\n", 
-	request->client->realm.data, request->client->data->data);
+    asReqDebug("process_as_req top realm %s name %s\n",
+               request->client->realm.data, request->client->data->data);
 #endif /* APPLE_PKINIT */
 
     ticket_reply.enc_part.ciphertext.data = 0;
@@ -138,42 +139,42 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     errcode = kdc_make_rstate(&state);
     if (errcode != 0) {
-	status = "constructing state";
-	goto errout;
+        status = "constructing state";
+        goto errout;
     }
     if (fetch_asn1_field((unsigned char *) req_pkt->data,
-			 1, 4, &encoded_req_body) != 0) {
+                         1, 4, &encoded_req_body) != 0) {
         errcode = ASN1_BAD_ID;
         status = "Finding req_body";
-	goto errout;
+        goto errout;
     }
     errcode = kdc_find_fast(&request, &encoded_req_body, NULL /*TGS key*/, NULL, state);
     if (errcode) {
-	status = "error decoding FAST";
-	goto errout;
+        status = "error decoding FAST";
+        goto errout;
     }
     request->kdc_state = state;
     if (!request->client) {
-	status = "NULL_CLIENT";
-	errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-	goto errout;
+        status = "NULL_CLIENT";
+        errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+        goto errout;
     }
     if ((errcode = krb5_unparse_name(kdc_context, request->client, &cname))) {
-	status = "UNPARSING_CLIENT";
-	goto errout;
+        status = "UNPARSING_CLIENT";
+        goto errout;
     }
     limit_string(cname);
     if (!request->server) {
-	status = "NULL_SERVER";
-	errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	goto errout;
+        status = "NULL_SERVER";
+        errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+        goto errout;
     }
     if ((errcode = krb5_unparse_name(kdc_context, request->server, &sname))) {
-	status = "UNPARSING_SERVER";
-	goto errout;
+        status = "UNPARSING_SERVER";
+        goto errout;
     }
     limit_string(sname);
-    
+
     /*
      * We set KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY as a hint
      * to the backend to return naming information in lieu
@@ -185,109 +186,109 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
      * always canonicalize enterprise principal names.
      */
     if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE) ||
-	krb5_princ_type(kdc_context,
-			request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
-	setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE); 
+        krb5_princ_type(kdc_context,
+                        request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+        setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE);
     }
     if (include_pac_p(kdc_context, request)) {
-	setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC); 
+        setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC);
     }
     c_nprincs = 1;
     if ((errcode = krb5_db_get_principal_ext(kdc_context, request->client,
-					     c_flags, &client, &c_nprincs,
-					     &more))) {
-	status = "LOOKING_UP_CLIENT";
-	c_nprincs = 0;
-	goto errout;
+                                             c_flags, &client, &c_nprincs,
+                                             &more))) {
+        status = "LOOKING_UP_CLIENT";
+        c_nprincs = 0;
+        goto errout;
     }
 
     if (more) {
-	status = "NON-UNIQUE_CLIENT";
-	errcode = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
-	goto errout;
+        status = "NON-UNIQUE_CLIENT";
+        errcode = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
+        goto errout;
     } else if (c_nprincs != 1) {
-	status = "CLIENT_NOT_FOUND";
-	if (vague_errors)
-	    errcode = KRB5KRB_ERR_GENERIC;
-	else
-	    errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-	goto errout;
-    }
-   
+        status = "CLIENT_NOT_FOUND";
+        if (vague_errors)
+            errcode = KRB5KRB_ERR_GENERIC;
+        else
+            errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+        goto errout;
+    }
+
     /*
      * If the backend returned a principal that is not in the local
      * realm, then we need to refer the client to that realm.
      */
     if (!is_local_principal(client.princ)) {
- 	/* Entry is a referral to another realm */
- 	status = "REFERRAL";
- 	errcode = KRB5KDC_ERR_WRONG_REALM;
- 	goto errout;
+        /* Entry is a referral to another realm */
+        status = "REFERRAL";
+        errcode = KRB5KDC_ERR_WRONG_REALM;
+        goto errout;
     }
 
-#if 0 
+#if 0
     /*
      * Turn off canonicalization if client is marked DES only
      * (unless enterprise principal name was requested)
      */
     if (isflagset(client.attributes, KRB5_KDB_NON_MS_PRINCIPAL) &&
- 	krb5_princ_type(kdc_context,
- 			request->client) != KRB5_NT_ENTERPRISE_PRINCIPAL) {
- 	clear(c_flags, KRB5_KDB_FLAG_CANONICALIZE);
+        krb5_princ_type(kdc_context,
+                        request->client) != KRB5_NT_ENTERPRISE_PRINCIPAL) {
+        clear(c_flags, KRB5_KDB_FLAG_CANONICALIZE);
     }
 #endif
- 
+
     s_flags = 0;
     if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) {
- 	setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE); 
+        setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE);
     }
     s_nprincs = 1;
     if ((errcode = krb5_db_get_principal_ext(kdc_context, request->server,
- 					     s_flags, &server,
- 					     &s_nprincs, &more))) {
- 	status = "LOOKING_UP_SERVER";
- 	goto errout;
+                                             s_flags, &server,
+                                             &s_nprincs, &more))) {
+        status = "LOOKING_UP_SERVER";
+        goto errout;
     }
     if (more) {
-	status = "NON-UNIQUE_SERVER";
-	errcode = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
-	goto errout;
+        status = "NON-UNIQUE_SERVER";
+        errcode = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
+        goto errout;
     } else if (s_nprincs != 1) {
-	status = "SERVER_NOT_FOUND";
-	errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	goto errout;
+        status = "SERVER_NOT_FOUND";
+        errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+        goto errout;
     }
 
     if ((errcode = krb5_timeofday(kdc_context, &kdc_time))) {
-	status = "TIMEOFDAY";
-	goto errout;
+        status = "TIMEOFDAY";
+        goto errout;
     }
     authtime = kdc_time; /* for audit_as_request() */
 
     if ((errcode = validate_as_request(request, client, server,
-				       kdc_time, &status, &e_data))) {
-	if (!status) 
-	    status = "UNKNOWN_REASON";
-	errcode += ERROR_TABLE_BASE_krb5;
-	goto errout;
+                                       kdc_time, &status, &e_data))) {
+        if (!status)
+            status = "UNKNOWN_REASON";
+        errcode += ERROR_TABLE_BASE_krb5;
+        goto errout;
     }
-      
+
     /*
      * Select the keytype for the ticket session key.
      */
     if ((useenctype = select_session_keytype(kdc_context, &server,
-					     request->nktypes,
-					     request->ktype)) == 0) {
-	/* unsupported ktype */
-	status = "BAD_ENCRYPTION_TYPE";
-	errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
-	goto errout;
+                                             request->nktypes,
+                                             request->ktype)) == 0) {
+        /* unsupported ktype */
+        status = "BAD_ENCRYPTION_TYPE";
+        errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
+        goto errout;
     }
 
     if ((errcode = krb5_c_make_random_key(kdc_context, useenctype,
-					  &session_key))) {
-	status = "RANDOM_KEY_FAILED";
-	goto errout;
+                                          &session_key))) {
+        status = "RANDOM_KEY_FAILED";
+        goto errout;
     }
 
     /*
@@ -296,11 +297,11 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
      * aliases, nothing more).
      */
     if (isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE) &&
-	krb5_is_tgs_principal(request->server) &&
-	krb5_is_tgs_principal(server.princ)) {
-	ticket_reply.server = server.princ;
+        krb5_is_tgs_principal(request->server) &&
+        krb5_is_tgs_principal(server.princ)) {
+        ticket_reply.server = server.princ;
     } else {
-	ticket_reply.server = request->server;
+        ticket_reply.server = request->server;
     }
 
     enc_tkt_reply.flags = 0;
@@ -308,94 +309,94 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     setflag(enc_tkt_reply.flags, TKT_FLG_INITIAL);
 
-    	/* It should be noted that local policy may affect the  */
-        /* processing of any of these flags.  For example, some */
-        /* realms may refuse to issue renewable tickets         */
+    /* It should be noted that local policy may affect the  */
+    /* processing of any of these flags.  For example, some */
+    /* realms may refuse to issue renewable tickets         */
 
     if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE))
-	setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
+        setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
 
     if (isflagset(request->kdc_options, KDC_OPT_PROXIABLE))
-	    setflag(enc_tkt_reply.flags, TKT_FLG_PROXIABLE);
+        setflag(enc_tkt_reply.flags, TKT_FLG_PROXIABLE);
 
     if (isflagset(request->kdc_options, KDC_OPT_ALLOW_POSTDATE))
-	    setflag(enc_tkt_reply.flags, TKT_FLG_MAY_POSTDATE);
+        setflag(enc_tkt_reply.flags, TKT_FLG_MAY_POSTDATE);
 
     enc_tkt_reply.session = &session_key;
     if (isflagset(c_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
-	client_princ = *(client.princ);
+        client_princ = *(client.princ);
     } else {
-	client_princ = *(request->client);
-	/* The realm is always canonicalized */
-	client_princ.realm = *(krb5_princ_realm(context, client.princ));
+        client_princ = *(request->client);
+        /* The realm is always canonicalized */
+        client_princ.realm = *(krb5_princ_realm(context, client.princ));
     }
     enc_tkt_reply.client = &client_princ;
     enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS;
     enc_tkt_reply.transited.tr_contents = empty_string; /* equivalent of "" */
 
     if (isflagset(request->kdc_options, KDC_OPT_POSTDATED)) {
-	setflag(enc_tkt_reply.flags, TKT_FLG_POSTDATED);
-	setflag(enc_tkt_reply.flags, TKT_FLG_INVALID);
-	enc_tkt_reply.times.starttime = request->from;
+        setflag(enc_tkt_reply.flags, TKT_FLG_POSTDATED);
+        setflag(enc_tkt_reply.flags, TKT_FLG_INVALID);
+        enc_tkt_reply.times.starttime = request->from;
     } else
-	enc_tkt_reply.times.starttime = kdc_time;
+        enc_tkt_reply.times.starttime = kdc_time;
 
     kdc_get_ticket_endtime(kdc_context,
-			   enc_tkt_reply.times.starttime,
-			   kdc_infinity,
-			   request->till,
-			   &client,
-			   &server,
-			   &enc_tkt_reply.times.endtime);
+                           enc_tkt_reply.times.starttime,
+                           kdc_infinity,
+                           request->till,
+                           &client,
+                           &server,
+                           &enc_tkt_reply.times.endtime);
 
     if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE_OK) &&
-	!isflagset(client.attributes, KRB5_KDB_DISALLOW_RENEWABLE) &&
-	(enc_tkt_reply.times.endtime < request->till)) {
+        !isflagset(client.attributes, KRB5_KDB_DISALLOW_RENEWABLE) &&
+        (enc_tkt_reply.times.endtime < request->till)) {
 
-	/* we set the RENEWABLE option for later processing */
+        /* we set the RENEWABLE option for later processing */
 
-	setflag(request->kdc_options, KDC_OPT_RENEWABLE);
-	request->rtime = request->till;
+        setflag(request->kdc_options, KDC_OPT_RENEWABLE);
+        request->rtime = request->till;
     }
     rtime = (request->rtime == 0) ? kdc_infinity : request->rtime;
 
     if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE)) {
-	/*
-	 * XXX Should we squelch the output renew_till to be no
-	 * earlier than the endtime of the ticket? 
-	 */
-	setflag(enc_tkt_reply.flags, TKT_FLG_RENEWABLE);
-	enc_tkt_reply.times.renew_till =
-	    min(rtime, enc_tkt_reply.times.starttime +
-		       min(client.max_renewable_life,
-			   min(server.max_renewable_life,
-			       max_renewable_life_for_realm)));
+        /*
+         * XXX Should we squelch the output renew_till to be no
+         * earlier than the endtime of the ticket?
+         */
+        setflag(enc_tkt_reply.flags, TKT_FLG_RENEWABLE);
+        enc_tkt_reply.times.renew_till =
+            min(rtime, enc_tkt_reply.times.starttime +
+                min(client.max_renewable_life,
+                    min(server.max_renewable_life,
+                        max_renewable_life_for_realm)));
     } else
-	enc_tkt_reply.times.renew_till = 0; /* XXX */
+        enc_tkt_reply.times.renew_till = 0; /* XXX */
 
     /* starttime is optional, and treated as authtime if not present.
        so we can nuke it if it matches */
     if (enc_tkt_reply.times.starttime == enc_tkt_reply.times.authtime)
-	enc_tkt_reply.times.starttime = 0;
+        enc_tkt_reply.times.starttime = 0;
 
     enc_tkt_reply.caddrs = request->addresses;
     enc_tkt_reply.authorization_data = 0;
 
-    /* 
+    /*
      * Check the preauthentication if it is there.
      */
     if (request->padata) {
-	errcode = check_padata(kdc_context, &client, req_pkt, request,
-			       &enc_tkt_reply, &pa_context, &e_data);
-	if (errcode) {
-	    if (errcode == KRB5KDC_ERR_PREAUTH_FAILED)
-		get_preauth_hint_list(request, &client, &server, &e_data);
-	    
-	    status = "PREAUTH_FAILED";
-	    if (vague_errors)
-		errcode = KRB5KRB_ERR_GENERIC;
-	    goto errout;
-	} 
+        errcode = check_padata(kdc_context, &client, req_pkt, request,
+                               &enc_tkt_reply, &pa_context, &e_data);
+        if (errcode) {
+            if (errcode == KRB5KDC_ERR_PREAUTH_FAILED)
+                get_preauth_hint_list(request, &client, &server, &e_data);
+
+            status = "PREAUTH_FAILED";
+            if (vague_errors)
+                errcode = KRB5KRB_ERR_GENERIC;
+            goto errout;
+        }
     }
 
     /*
@@ -405,15 +406,15 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
      */
     status = missing_required_preauth(&client, &server, &enc_tkt_reply);
     if (status) {
-	errcode = KRB5KDC_ERR_PREAUTH_REQUIRED;
-	get_preauth_hint_list(request, &client, &server, &e_data);
-	goto errout;
+        errcode = KRB5KDC_ERR_PREAUTH_REQUIRED;
+        get_preauth_hint_list(request, &client, &server, &e_data);
+        goto errout;
     }
 
     if ((errcode = validate_forwardable(request, client, server,
-					kdc_time, &status))) {
-	errcode += ERROR_TABLE_BASE_krb5;
-	goto errout;
+                                        kdc_time, &status))) {
+        errcode += ERROR_TABLE_BASE_krb5;
+        goto errout;
     }
 
     ticket_reply.enc_part2 = &enc_tkt_reply;
@@ -422,12 +423,12 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
      * Find the server key
      */
     if ((errcode = krb5_dbe_find_enctype(kdc_context, &server,
-					 -1, /* ignore keytype */
-					 -1,		/* Ignore salttype */
-					 0,		/* Get highest kvno */
-					 &server_key))) {
-	status = "FINDING_SERVER_KEY";
-	goto errout;
+                                         -1, /* ignore keytype */
+                                         -1,            /* Ignore salttype */
+                                         0,             /* Get highest kvno */
+                                         &server_key))) {
+        status = "FINDING_SERVER_KEY";
+        goto errout;
     }
 
     if ((errcode = krb5_dbe_find_mkey(kdc_context, master_keylist, &server,
@@ -451,33 +452,33 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     /* convert server.key into a real key (it may be encrypted
        in the database) */
-    if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr, 
-    /* server_keyblock is later used to generate auth data signatures */
-					       server_key, &server_keyblock,
-					       NULL))) {
-	status = "DECRYPT_SERVER_KEY";
-	goto errout;
-    }
-	
+    if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
+                                               /* server_keyblock is later used to generate auth data signatures */
+                                               server_key, &server_keyblock,
+                                               NULL))) {
+        status = "DECRYPT_SERVER_KEY";
+        goto errout;
+    }
+
     /*
      * Find the appropriate client key.  We search in the order specified
      * by request keytype list.
      */
     client_key = (krb5_key_data *) NULL;
     for (i = 0; i < request->nktypes; i++) {
-	useenctype = request->ktype[i];
-	if (!krb5_c_valid_enctype(useenctype))
-	    continue;
+        useenctype = request->ktype[i];
+        if (!krb5_c_valid_enctype(useenctype))
+            continue;
 
-	if (!krb5_dbe_find_enctype(kdc_context, &client, useenctype, -1,
-				   0, &client_key))
-	    break;
+        if (!krb5_dbe_find_enctype(kdc_context, &client, useenctype, -1,
+                                   0, &client_key))
+            break;
     }
     if (!(client_key)) {
-	/* Cannot find an appropriate key */
-	status = "CANT_FIND_CLIENT_KEY";
-	errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
-	goto errout;
+        /* Cannot find an appropriate key */
+        status = "CANT_FIND_CLIENT_KEY";
+        errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
+        goto errout;
     }
 
     if ((errcode = krb5_dbe_find_mkey(kdc_context, master_keylist, &client,
@@ -500,11 +501,11 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     }
 
     /* convert client.key_data into a real key */
-    if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr, 
-					       client_key, &client_keyblock,
-					       NULL))) {
-	status = "DECRYPT_CLIENT_KEY";
-	goto errout;
+    if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
+                                               client_key, &client_keyblock,
+                                               NULL))) {
+        status = "DECRYPT_CLIENT_KEY";
+        goto errout;
     }
     client_keyblock.enctype = useenctype;
 
@@ -514,8 +515,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     reply.ticket = &ticket_reply;
     reply_encpart.session = &session_key;
     if ((errcode = fetch_last_req_info(&client, &reply_encpart.last_req))) {
-	status = "FETCH_LAST_REQ";
-	goto errout;
+        status = "FETCH_LAST_REQ";
+        goto errout;
     }
     reply_encpart.nonce = request->nonce;
     reply_encpart.key_exp = client.expiration;
@@ -533,54 +534,54 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     /* Fetch the padata info to be returned (do this before
        authdata to handle possible replacement of reply key */
     errcode = return_padata(kdc_context, &client, req_pkt, request,
-			    &reply, client_key, &client_keyblock, &pa_context);
+                            &reply, client_key, &client_keyblock, &pa_context);
     if (errcode) {
-	status = "KDC_RETURN_PADATA";
-	goto errout;
+        status = "KDC_RETURN_PADATA";
+        goto errout;
     }
 
 #if APPLE_PKINIT
-    asReqDebug("process_as_req reply realm %s name %s\n", 
-	reply.client->realm.data, reply.client->data->data);
+    asReqDebug("process_as_req reply realm %s name %s\n",
+               reply.client->realm.data, reply.client->data->data);
 #endif /* APPLE_PKINIT */
 
     errcode = return_svr_referral_data(kdc_context,
-				       &server, &reply_encpart);
+                                       &server, &reply_encpart);
     if (errcode) {
-	status = "KDC_RETURN_ENC_PADATA";
-	goto errout;
+        status = "KDC_RETURN_ENC_PADATA";
+        goto errout;
     }
 
-    
+
     errcode = handle_authdata(kdc_context,
-			      c_flags,
-			      &client,
-			      &server,
-			      &server,
-			      &client_keyblock,
-			      &server_keyblock,
-			      &server_keyblock,
-			      req_pkt,
-			      request,
-			      NULL, /* for_user_princ */
-			      NULL, /* enc_tkt_request */
-			      &enc_tkt_reply);
+                              c_flags,
+                              &client,
+                              &server,
+                              &server,
+                              &client_keyblock,
+                              &server_keyblock,
+                              &server_keyblock,
+                              req_pkt,
+                              request,
+                              NULL, /* for_user_princ */
+                              NULL, /* enc_tkt_request */
+                              &enc_tkt_reply);
     if (errcode) {
-	krb5_klog_syslog(LOG_INFO, "AS_REQ : handle_authdata (%d)", errcode);
-	status = "HANDLE_AUTHDATA";
-	goto errout;
+        krb5_klog_syslog(LOG_INFO, "AS_REQ : handle_authdata (%d)", errcode);
+        status = "HANDLE_AUTHDATA";
+        goto errout;
     }
 
     errcode = krb5_encrypt_tkt_part(kdc_context, &server_keyblock, &ticket_reply);
     if (errcode) {
-	status = "ENCRYPTING_TICKET";
-	goto errout;
+        status = "ENCRYPTING_TICKET";
+        goto errout;
     }
     ticket_reply.enc_part.kvno = server_key->key_data_kvno;
     errcode = kdc_fast_response_handle_padata(state, request, &reply, client_keyblock.enctype);
     if (errcode) {
-	status = "fast response handling";
-	goto errout;
+        status = "fast response handling";
+        goto errout;
     }
 
     /* now encode/encrypt the response */
@@ -589,24 +590,24 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
 
     errcode = kdc_fast_handle_reply_key(state, &client_keyblock, &as_encrypting_key);
     if (errcode) {
-	status = "generating reply key";
-	goto errout;
+        status = "generating reply key";
+        goto errout;
     }
-        errcode = krb5_encode_kdc_rep(kdc_context, KRB5_AS_REP, &reply_encpart, 
-				  0, as_encrypting_key,  &reply, response);
+    errcode = krb5_encode_kdc_rep(kdc_context, KRB5_AS_REP, &reply_encpart,
+                                  0, as_encrypting_key,  &reply, response);
     reply.enc_part.kvno = client_key->key_data_kvno;
     if (errcode) {
-	status = "ENCODE_KDC_REP";
-	goto errout;
+        status = "ENCODE_KDC_REP";
+        goto errout;
     }
-    
+
     /* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
        can use them in raw form if needed.  But, we don't... */
     memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
     free(reply.enc_part.ciphertext.data);
 
     log_as_req(from, request, &reply, &client, cname, &server, sname,
-	       authtime, 0, 0, 0);
+               authtime, 0, 0, 0);
     did_log = 1;
 
     goto egress;
@@ -617,56 +618,56 @@ errout:
 
 egress:
     if (pa_context)
-	free_padata_context(kdc_context, &pa_context);
+        free_padata_context(kdc_context, &pa_context);
     if (as_encrypting_key)
-	krb5_free_keyblock(kdc_context, as_encrypting_key);
+        krb5_free_keyblock(kdc_context, as_encrypting_key);
     if (errcode)
-	emsg = krb5_get_error_message(kdc_context, errcode);
+        emsg = krb5_get_error_message(kdc_context, errcode);
 
     if (status) {
-	log_as_req(from, request, &reply, &client, cname, &server, sname,
-		   authtime, status, errcode, emsg);
-	did_log = 1;
+        log_as_req(from, request, &reply, &client, cname, &server, sname,
+                   authtime, status, errcode, emsg);
+        did_log = 1;
     }
     if (errcode) {
-	if (status == 0) {
-	    status = emsg;
-	}
-	errcode -= ERROR_TABLE_BASE_krb5;
-	if (errcode < 0 || errcode > 128)
-	    errcode = KRB_ERR_GENERIC;
-	    
-	errcode = prepare_error_as(state, request, errcode, &e_data,
- 				   c_nprincs ? client.princ : NULL,
-				   response, status);
-	status = 0;
+        if (status == 0) {
+            status = emsg;
+        }
+        errcode -= ERROR_TABLE_BASE_krb5;
+        if (errcode < 0 || errcode > 128)
+            errcode = KRB_ERR_GENERIC;
+
+        errcode = prepare_error_as(state, request, errcode, &e_data,
+                                   c_nprincs ? client.princ : NULL,
+                                   response, status);
+        status = 0;
     }
     if (emsg)
-	krb5_free_error_message(kdc_context, emsg);
+        krb5_free_error_message(kdc_context, emsg);
 
     if (enc_tkt_reply.authorization_data != NULL)
-	krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data);
+        krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data);
     if (server_keyblock.contents != NULL)
- 	krb5_free_keyblock_contents(kdc_context, &server_keyblock);
+        krb5_free_keyblock_contents(kdc_context, &server_keyblock);
     if (client_keyblock.contents != NULL)
-	krb5_free_keyblock_contents(kdc_context, &client_keyblock);
+        krb5_free_keyblock_contents(kdc_context, &client_keyblock);
     if (reply.padata != NULL)
-	krb5_free_pa_data(kdc_context, reply.padata);
+        krb5_free_pa_data(kdc_context, reply.padata);
 
     if (cname != NULL)
-	    free(cname);
+        free(cname);
     if (sname != NULL)
-	    free(sname);
+        free(sname);
     if (c_nprincs)
-	krb5_db_free_principal(kdc_context, &client, c_nprincs);
+        krb5_db_free_principal(kdc_context, &client, c_nprincs);
     if (s_nprincs)
-	krb5_db_free_principal(kdc_context, &server, s_nprincs);
+        krb5_db_free_principal(kdc_context, &server, s_nprincs);
     if (session_key.contents != NULL)
-	krb5_free_keyblock_contents(kdc_context, &session_key);
+        krb5_free_keyblock_contents(kdc_context, &session_key);
     if (ticket_reply.enc_part.ciphertext.data != NULL) {
-	memset(ticket_reply.enc_part.ciphertext.data , 0,
-	       ticket_reply.enc_part.ciphertext.length);
-	free(ticket_reply.enc_part.ciphertext.data);
+        memset(ticket_reply.enc_part.ciphertext.data , 0,
+               ticket_reply.enc_part.ciphertext.length);
+        free(ticket_reply.enc_part.ciphertext.data);
     }
 
     krb5_free_data_contents(kdc_context, &e_data);
@@ -679,8 +680,8 @@ egress:
 
 static krb5_error_code
 prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, int error, krb5_data *e_data,
-		  krb5_principal canon_client, krb5_data **response,
-		  const char *status)
+                  krb5_principal canon_client, krb5_data **response,
+                  const char *status)
 {
     krb5_error errpkt;
     krb5_error_code retval;
@@ -688,66 +689,66 @@ prepare_error_as (struct kdc_request_state *rstate, krb5_kdc_req *request, int e
     krb5_pa_data **pa = NULL;
     krb5_typed_data **td = NULL;
     size_t size;
-    
+
     errpkt.ctime = request->nonce;
     errpkt.cusec = 0;
 
     if ((retval = krb5_us_timeofday(kdc_context, &errpkt.stime,
-				    &errpkt.susec)))
-	return(retval);
+                                    &errpkt.susec)))
+        return(retval);
     errpkt.error = error;
     errpkt.server = request->server;
 
     if (error == KRB5KDC_ERR_WRONG_REALM)
-	errpkt.client = canon_client;
+        errpkt.client = canon_client;
     else
-	errpkt.client = request->client;
+        errpkt.client = request->client;
     errpkt.text.length = strlen(status) + 1;
     if (!(errpkt.text.data = strdup(status)))
-	return ENOMEM;
+        return ENOMEM;
 
     if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
-	free(errpkt.text.data);
-	return ENOMEM;
+        free(errpkt.text.data);
+        return ENOMEM;
     }
     if (e_data  != NULL&& e_data->data != NULL) {
-	errpkt.e_data = *e_data;
+        errpkt.e_data = *e_data;
     } else {
-	errpkt.e_data.length = 0;
-	errpkt.e_data.data = NULL;
+        errpkt.e_data.length = 0;
+        errpkt.e_data.data = NULL;
     }
     /*We need to try and produce a padata sequence for FAST*/
     retval = decode_krb5_padata_sequence(e_data, &pa);
     if (retval != 0) {
-	retval = decode_krb5_typed_data(e_data, &td);
-	if (retval == 0) {
-	    for (size =0; td[size]; size++);
-	    pa = calloc(size+1, sizeof(*pa));
-	    if (pa == NULL)
-		retval = ENOMEM;
-	    else 		for (size = 0; td[size]; size++) {
-		krb5_pa_data *pad = malloc(sizeof(krb5_pa_data ));
-		if (pad == NULL) {
-		    retval = ENOMEM;
-		    break;
-		}
-		pad->pa_type = td[size]->type;
-		pad->contents = td[size]->data;
-		pad->length = td[size]->length;
-		pa[size] = pad;
-	    }
-	    krb5_free_typed_data(kdc_context, td);
-	}
+        retval = decode_krb5_typed_data(e_data, &td);
+        if (retval == 0) {
+            for (size =0; td[size]; size++);
+            pa = calloc(size+1, sizeof(*pa));
+            if (pa == NULL)
+                retval = ENOMEM;
+            else                for (size = 0; td[size]; size++) {
+                    krb5_pa_data *pad = malloc(sizeof(krb5_pa_data ));
+                    if (pad == NULL) {
+                        retval = ENOMEM;
+                        break;
+                    }
+                    pad->pa_type = td[size]->type;
+                    pad->contents = td[size]->data;
+                    pad->length = td[size]->length;
+                    pa[size] = pad;
+                }
+            krb5_free_typed_data(kdc_context, td);
+        }
     }
     retval = kdc_fast_handle_error(kdc_context, rstate,
-				   request, pa, &errpkt);
+                                   request, pa, &errpkt);
     if (retval == 0)
-    retval = krb5_mk_error(kdc_context, &errpkt, scratch);
+        retval = krb5_mk_error(kdc_context, &errpkt, scratch);
     free(errpkt.text.data);
     if (retval)
-	free(scratch);
-    else 
-	*response = scratch;
+        free(scratch);
+    else
+        *response = scratch;
     krb5_free_pa_data(kdc_context, pa);
     return retval;
 }
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 103a29fb1..24e32df44 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/do_tgs_req.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * KDC Routines to deal with TGS_REQ's
  */
@@ -71,11 +72,11 @@
 #include "adm_proto.h"
 #include <ctype.h>
 
-static void 
+static void
 find_alternate_tgs(krb5_kdc_req *,krb5_db_entry *,
                    krb5_boolean *,int *);
 
-static krb5_error_code 
+static krb5_error_code
 prepare_error_tgs(struct kdc_request_state *, krb5_kdc_req *,krb5_ticket *,int,
                   krb5_principal,krb5_data **,const char *, krb5_data *);
 
@@ -152,7 +153,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
                                   &krbtgt, &k_nprincs, &tgskey,
                                   &subkey, &pa_tgs_req);
     if (header_ticket && header_ticket->enc_part2 &&
-        (errcode2 = krb5_unparse_name(kdc_context, 
+        (errcode2 = krb5_unparse_name(kdc_context,
                                       header_ticket->enc_part2->client,
                                       &cname))) {
         status = "UNPARSING CLIENT";
@@ -160,7 +161,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
         goto cleanup;
     }
     limit_string(cname);
-    
+
     if (errcode) {
         status = "PROCESS_TGS";
         goto cleanup;
@@ -173,18 +174,18 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
     }
     errcode = kdc_make_rstate(&state);
     if (errcode !=0) {
-	status = "making state";
-	goto cleanup;
+        status = "making state";
+        goto cleanup;
     }
     scratch.length = pa_tgs_req->length;
     scratch.data = (char *) pa_tgs_req->contents;
     errcode = kdc_find_fast(&request, &scratch, subkey, header_ticket->enc_part2->session, state);
     if (errcode !=0) {
-	status = "kdc_find_fast";
-		goto cleanup;
+        status = "kdc_find_fast";
+        goto cleanup;
     }
-    
-    
+
+
     /*
      * Pointer to the encrypted part of the header ticket, which may be
      * replaced to point to the encrypted part of the evidence ticket
@@ -192,7 +193,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
      * special cases for constrained delegation.
      */
     header_enc_tkt = header_ticket->enc_part2;
-    
+
     /*
      * We've already dealt with the AP_REQ authentication, so we can
      * use header_ticket freely.  The encrypted part (if any) has been
@@ -240,8 +241,8 @@ tgt_again:
         if (firstpass ) {
 
             if ( krb5_is_tgs_principal(request->server) == TRUE) { /* Principal is a name of krb ticket service */
-                if (krb5_princ_size(kdc_context, request->server) == 2) { 
-                                          
+                if (krb5_princ_size(kdc_context, request->server) == 2) {
+
                     server_1 = krb5_princ_component(kdc_context, request->server, 1);
                     tgs_1 = krb5_princ_component(kdc_context, tgs_server, 1);
 
@@ -251,7 +252,7 @@ tgt_again:
                         firstpass = 0;
                         goto tgt_again;
                     }
-                }  
+                }
                 krb5_db_free_principal(kdc_context, &server, nprincs);
                 status = "UNKNOWN_SERVER";
                 errcode = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
@@ -264,7 +265,7 @@ tgt_again:
                     retval = krb5_copy_principal(kdc_context, krbtgt_princ, &(request->server));
                     if (!retval) {
                         db_ref_done = TRUE;
-                        if (sname != NULL) 
+                        if (sname != NULL)
                             free(sname);
                         goto ref_tgt_again;
                     }
@@ -282,11 +283,11 @@ tgt_again:
         status = "TIME_OF_DAY";
         goto cleanup;
     }
-    
+
     if ((retval = validate_tgs_request(request, server, header_ticket,
                                        kdc_time, &status, &e_data))) {
-    if (!status)
-        status = "UNKNOWN_REASON";
+        if (!status)
+            status = "UNKNOWN_REASON";
         errcode = retval + ERROR_TABLE_BASE_krb5;
         goto cleanup;
     }
@@ -299,16 +300,16 @@ tgt_again:
 
     /* Check for protocol transition */
     errcode = kdc_process_s4u2self_req(kdc_context,
-				       request,
-				       header_enc_tkt->client,
+                                       request,
+                                       header_enc_tkt->client,
                                        &server,
-				       subkey,
-				       header_enc_tkt->session,
-				       kdc_time,
+                                       subkey,
+                                       header_enc_tkt->session,
+                                       kdc_time,
                                        &s4u_x509_user,
-				       &client,
-				       &c_nprincs,
-				       &status);
+                                       &client,
+                                       &c_nprincs,
+                                       &status);
     if (errcode)
         goto cleanup;
     if (s4u_x509_user != NULL)
@@ -316,7 +317,7 @@ tgt_again:
 
     /*
      * We pick the session keytype here....
-     * 
+     *
      * Some special care needs to be taken in the user-to-user
      * case, since we don't know what keytypes the application server
      * which is doing user-to-user authentication can support.  We
@@ -327,7 +328,7 @@ tgt_again:
      */
     useenctype = 0;
     if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY |
-                        KDC_OPT_CNAME_IN_ADDL_TKT)) {
+                  KDC_OPT_CNAME_IN_ADDL_TKT)) {
         krb5_keyblock *        st_sealing_key;
         krb5_kvno       st_srv_kvno;
         krb5_enctype    etype;
@@ -348,14 +349,14 @@ tgt_again:
             goto cleanup;
         }
         errcode = krb5_decrypt_tkt_part(kdc_context, st_sealing_key,
-                                    request->second_ticket[st_idx]);
+                                        request->second_ticket[st_idx]);
         krb5_free_keyblock(kdc_context, st_sealing_key);
         if (errcode) {
             status = "2ND_TKT_DECRYPT";
             krb5_db_free_principal(kdc_context, &st_client, st_nprincs);
             goto cleanup;
         }
-        
+
         etype = request->second_ticket[st_idx]->enc_part2->session->enctype;
         if (!krb5_c_valid_enctype(etype)) {
             status = "BAD_ETYPE_IN_2ND_TKT";
@@ -363,7 +364,7 @@ tgt_again:
             krb5_db_free_principal(kdc_context, &st_client, st_nprincs);
             goto cleanup;
         }
-        
+
         for (i = 0; i < request->nktypes; i++) {
             if (request->ktype[i] == etype) {
                 useenctype = etype;
@@ -386,7 +387,7 @@ tgt_again:
             setflag(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION);
 
             assert(krb5_is_tgs_principal(header_ticket->server));
- 
+
             /* From now on, use evidence ticket as header ticket */
             header_enc_tkt = request->second_ticket[st_idx]->enc_part2;
 
@@ -405,14 +406,14 @@ tgt_again:
      */
     if ((useenctype == 0) &&
         (useenctype = select_session_keytype(kdc_context, &server,
-        request->nktypes,
-        request->ktype)) == 0) {
+                                             request->nktypes,
+                                             request->ktype)) == 0) {
         /* unsupported ktype */
         status = "BAD_ENCRYPTION_TYPE";
         errcode = KRB5KDC_ERR_ETYPE_NOSUPP;
         goto cleanup;
     }
-    
+
     errcode = krb5_c_make_random_key(kdc_context, useenctype, &session_key);
 
     if (errcode) {
@@ -478,7 +479,7 @@ tgt_again:
              * S4U2Self in order for forwardable tickets to be returned.
              */
             else if (!is_referral &&
-                !isflagset(server.attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE))
+                     !isflagset(server.attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE))
                 clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE);
         }
     }
@@ -490,7 +491,7 @@ tgt_again:
 
         enc_tkt_reply.caddrs = request->addresses;
         reply_encpart.caddrs = request->addresses;
-    }        
+    }
     if (isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDED))
         setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDED);
 
@@ -544,13 +545,13 @@ tgt_again:
         /* not a renew request */
         enc_tkt_reply.times.starttime = kdc_time;
 
-	kdc_get_ticket_endtime(kdc_context,
-			       enc_tkt_reply.times.starttime,
-			       header_enc_tkt->times.endtime,
-			       request->till,
-			       &client,
-			       &server,
-			       &enc_tkt_reply.times.endtime);
+        kdc_get_ticket_endtime(kdc_context,
+                               enc_tkt_reply.times.starttime,
+                               header_enc_tkt->times.endtime,
+                               request->till,
+                               &client,
+                               &server,
+                               &enc_tkt_reply.times.endtime);
 
         if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE_OK) &&
             (enc_tkt_reply.times.endtime < request->till) &&
@@ -558,7 +559,7 @@ tgt_again:
             setflag(request->kdc_options, KDC_OPT_RENEWABLE);
             request->rtime =
                 min(request->till, header_enc_tkt->times.renew_till);
-	}
+        }
     }
     rtime = (request->rtime == 0) ? kdc_infinity : request->rtime;
 
@@ -567,20 +568,20 @@ tgt_again:
            renewable ticket using a non-renewable ticket */
         setflag(enc_tkt_reply.flags, TKT_FLG_RENEWABLE);
         enc_tkt_reply.times.renew_till =
-                        min(rtime,
-                            min(header_enc_tkt->times.renew_till,
-                                enc_tkt_reply.times.starttime +
-                                min(server.max_renewable_life,
-                                max_renewable_life_for_realm)));
+            min(rtime,
+                min(header_enc_tkt->times.renew_till,
+                    enc_tkt_reply.times.starttime +
+                    min(server.max_renewable_life,
+                        max_renewable_life_for_realm)));
     } else {
         enc_tkt_reply.times.renew_till = 0;
     }
-    
+
     /*
      * Set authtime to be the same as header_ticket's
      */
     enc_tkt_reply.times.authtime = header_enc_tkt->times.authtime;
-    
+
     /*
      * Propagate the preauthentication flags through to the returned ticket.
      */
@@ -589,7 +590,7 @@ tgt_again:
 
     if (isflagset(header_enc_tkt->flags, TKT_FLG_HW_AUTH))
         setflag(enc_tkt_reply.flags, TKT_FLG_HW_AUTH);
-    
+
     /* starttime is optional, and treated as authtime if not present.
        so we can nuke it if it matches */
     if (enc_tkt_reply.times.starttime == enc_tkt_reply.times.authtime)
@@ -615,7 +616,7 @@ tgt_again:
          * Find the server key
          */
         if ((errcode = krb5_dbe_find_enctype(kdc_context, &server,
-                             -1, /* ignore keytype */
+                                             -1, /* ignore keytype */
                                              -1, /* Ignore salttype */
                                              0,/* Get highest kvno */
                                              &server_key))) {
@@ -646,7 +647,7 @@ tgt_again:
         /* convert server.key into a real key (it may be encrypted
          *        in the database) */
         if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context,
-                                                   mkey_ptr, 
+                                                   mkey_ptr,
                                                    server_key, &encrypting_key,
                                                    NULL))) {
             status = "DECRYPT_SERVER_KEY";
@@ -727,7 +728,7 @@ tgt_again:
                               pkt,
                               request,
                               s4u_x509_user ?
-				s4u_x509_user->user_id.user : NULL,
+                              s4u_x509_user->user_id.user : NULL,
                               header_enc_tkt,
                               &enc_tkt_reply);
     if (errcode) {
@@ -746,7 +747,7 @@ tgt_again:
     }
 
     /*
-     * Only add the realm of the presented tgt to the transited list if 
+     * Only add the realm of the presented tgt to the transited list if
      * it is different than the local realm (cross-realm) and it is different
      * than the realm of the client (since the realm of the client is already
      * implicitly part of the transited list and should not be explicitly
@@ -774,20 +775,20 @@ tgt_again:
         enc_tkt_transited.tr_contents.length = 0;
         enc_tkt_reply.transited = enc_tkt_transited;
         if ((errcode =
-            add_to_transited(&header_enc_tkt->transited.tr_contents,
-                             &enc_tkt_reply.transited.tr_contents,
-                             header_ticket->server,
-                             enc_tkt_reply.client,
-                             request->server))) {
-                                 status = "ADD_TR_FAIL";
-                                 goto cleanup;
+             add_to_transited(&header_enc_tkt->transited.tr_contents,
+                              &enc_tkt_reply.transited.tr_contents,
+                              header_ticket->server,
+                              enc_tkt_reply.client,
+                              request->server))) {
+            status = "ADD_TR_FAIL";
+            goto cleanup;
         }
         newtransited = 1;
     }
     if (isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) {
         errcode = validate_transit_path(kdc_context, header_enc_tkt->client,
-        &server,
-        (k_nprincs != 0) ? &krbtgt : NULL);
+                                        &server,
+                                        (k_nprincs != 0) ? &krbtgt : NULL);
         if (errcode) {
             status = "NON_TRANSITIVE";
             goto cleanup;
@@ -863,7 +864,7 @@ tgt_again:
             status = "2ND_TKT_MISMATCH";
             goto cleanup;
         }
-            
+
         ticket_kvno = 0;
         ticket_reply.enc_part.enctype = t2enc->session->enctype;
         st_idx++;
@@ -872,7 +873,7 @@ tgt_again:
     }
 
     errcode = krb5_encrypt_tkt_part(kdc_context, &encrypting_key,
-                    &ticket_reply);
+                                    &ticket_reply);
     if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY))
         krb5_free_keyblock_contents(kdc_context, &encrypting_key);
     if (errcode) {
@@ -921,27 +922,27 @@ tgt_again:
     reply_encpart.key_exp = 0;/* ditto */
     reply_encpart.flags = enc_tkt_reply.flags;
     reply_encpart.server = ticket_reply.server;
-    
+
     /* use the session key in the ticket, unless there's a subsession key
        in the AP_REQ */
 
     reply.enc_part.enctype = subkey ? subkey->enctype :
-    header_ticket->enc_part2->session->enctype;
+        header_ticket->enc_part2->session->enctype;
     errcode  = kdc_fast_response_handle_padata(state, request, &reply,
-					       subkey?subkey->enctype:header_ticket->enc_part2->session->enctype);
+                                               subkey?subkey->enctype:header_ticket->enc_part2->session->enctype);
     if (errcode !=0 ) {
-	status = "Preparing FAST padata";
-	goto cleanup;
+        status = "Preparing FAST padata";
+        goto cleanup;
     }
     errcode =kdc_fast_handle_reply_key(state, subkey?subkey:header_ticket->enc_part2->session, &reply_key);
     if (errcode) {
-      status  = "generating reply key";
-      goto cleanup;
+        status  = "generating reply key";
+        goto cleanup;
     }
-            errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart, 
-                  subkey ? 1 : 0,
-					  reply_key,
-                  &reply, response);
+    errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
+                                  subkey ? 1 : 0,
+                                  reply_key,
+                                  &reply, response);
     if (errcode) {
         status = "ENCODE_KDC_REP";
     } else {
@@ -956,12 +957,12 @@ tgt_again:
     memset(reply.enc_part.ciphertext.data, 0,
            reply.enc_part.ciphertext.length);
     free(reply.enc_part.ciphertext.data);
-    
+
 cleanup:
     assert(status != NULL);
     if (reply_key)
-      krb5_free_keyblock(kdc_context, reply_key);
-    if (errcode) 
+        krb5_free_keyblock(kdc_context, reply_key);
+    if (errcode)
         emsg = krb5_get_error_message (kdc_context, errcode);
     log_tgs_req(from, request, &reply, cname, sname, altcname, authtime,
                 c_flags, s4u_name, status, errcode, emsg);
@@ -979,22 +980,22 @@ cleanup:
         errcode -= ERROR_TABLE_BASE_krb5;
         if (errcode < 0 || errcode > 128)
             errcode = KRB_ERR_GENERIC;
-            
+
         retval = prepare_error_tgs(state, request, header_ticket, errcode,
-        nprincs ? server.princ : NULL,
-                   response, status, &e_data);
+                                   nprincs ? server.princ : NULL,
+                                   response, status, &e_data);
         if (got_err) {
             krb5_free_error_message (kdc_context, status);
             status = 0;
         }
     }
-    
+
     if (header_ticket != NULL)
         krb5_free_ticket(kdc_context, header_ticket);
     if (request != NULL)
         krb5_free_kdc_req(kdc_context, request);
     if (state)
-	kdc_free_rstate(state);
+        kdc_free_rstate(state);
     if (cname != NULL)
         free(cname);
     if (sname != NULL)
@@ -1030,10 +1031,10 @@ cleanup:
 
 static krb5_error_code
 prepare_error_tgs (struct kdc_request_state *state,
-		   krb5_kdc_req *request, krb5_ticket *ticket, int error,
+                   krb5_kdc_req *request, krb5_ticket *ticket, int error,
                    krb5_principal canon_server,
                    krb5_data **response, const char *status,
-		   krb5_data *e_data)
+                   krb5_data *e_data)
 {
     krb5_error errpkt;
     krb5_error_code retval = 0;
@@ -1043,7 +1044,7 @@ prepare_error_tgs (struct kdc_request_state *state,
     errpkt.cusec = 0;
 
     if ((retval = krb5_us_timeofday(kdc_context, &errpkt.stime,
-                    &errpkt.susec)))
+                                    &errpkt.susec)))
         return(retval);
     errpkt.error = error;
     errpkt.server = request->server;
@@ -1054,18 +1055,18 @@ prepare_error_tgs (struct kdc_request_state *state,
     errpkt.text.length = strlen(status) + 1;
     if (!(errpkt.text.data = strdup(status)))
         return ENOMEM;
-    
+
     if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) {
         free(errpkt.text.data);
         return ENOMEM;
     }
     errpkt.e_data = *e_data;
     if (state)
-	retval = kdc_fast_handle_error(kdc_context, state, request, NULL, &errpkt);
+        retval = kdc_fast_handle_error(kdc_context, state, request, NULL, &errpkt);
     if (retval) {
-	free(scratch);
-	free(errpkt.text.data);
-	return retval;
+        free(scratch);
+        free(errpkt.text.data);
+        return retval;
     }
     retval = krb5_mk_error(kdc_context, &errpkt, scratch);
     free(errpkt.text.data);
@@ -1099,10 +1100,10 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
      * somewhere that has already checked the number of components in
      * the principal.
      */
-    if ((retval = krb5_walk_realm_tree(kdc_context, 
-      krb5_princ_realm(kdc_context, request->server),
-      krb5_princ_component(kdc_context, request->server, 1),
-                      &plist, KRB5_REALM_BRANCH_CHAR)))
+    if ((retval = krb5_walk_realm_tree(kdc_context,
+                                       krb5_princ_realm(kdc_context, request->server),
+                                       krb5_princ_component(kdc_context, request->server, 1),
+                                       &plist, KRB5_REALM_BRANCH_CHAR)))
         return;
 
     /* move to the end */
@@ -1113,8 +1114,8 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
     while (--pl2 > plist) {
         *nprincs = 1;
         tmp = *krb5_princ_realm(kdc_context, *pl2);
-        krb5_princ_set_realm(kdc_context, *pl2, 
-             krb5_princ_realm(kdc_context, tgs_server));
+        krb5_princ_set_realm(kdc_context, *pl2,
+                             krb5_princ_realm(kdc_context, tgs_server));
         retval = get_principal(kdc_context, *pl2, server, nprincs, more);
         krb5_princ_set_realm(kdc_context, *pl2, &tmp);
         if (retval) {
@@ -1131,12 +1132,12 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
             krb5_principal tmpprinc;
 
             tmp = *krb5_princ_realm(kdc_context, *pl2);
-            krb5_princ_set_realm(kdc_context, *pl2, 
-                 krb5_princ_realm(kdc_context, tgs_server));
+            krb5_princ_set_realm(kdc_context, *pl2,
+                                 krb5_princ_realm(kdc_context, tgs_server));
             if ((retval = krb5_copy_principal(kdc_context, *pl2, &tmpprinc))) {
-                                              krb5_db_free_principal(kdc_context, server, *nprincs);
-                                              krb5_princ_set_realm(kdc_context, *pl2, &tmp);
-                                              continue;
+                krb5_db_free_principal(kdc_context, server, *nprincs);
+                krb5_princ_set_realm(kdc_context, *pl2, &tmp);
+                continue;
             }
             krb5_princ_set_realm(kdc_context, *pl2, &tmp);
 
@@ -1157,54 +1158,54 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server,
 }
 
 static krb5_int32
-prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ) 
+prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ)
 {
     krb5_error_code retval = KRB5KRB_AP_ERR_BADMATCH;
     char **realms, **cpp, *temp_buf=NULL;
-    krb5_data *comp1 = NULL, *comp2 = NULL; 
-    char *comp1_str = NULL; 
+    krb5_data *comp1 = NULL, *comp2 = NULL;
+    char *comp1_str = NULL;
 
     /* By now we know that server principal name is unknown.
-     * If CANONICALIZE flag is set in the request                                 
-     * If req is not U2U authn. req                                               
-     * the requested server princ. has exactly two components                     
-     * either 
-     *      the name type is NT-SRV-HST                                           
-     *      or name type is NT-UNKNOWN and 
-     *         the 1st component is listed in conf file under host_based_services 
-     * the 1st component is not in a list in conf under "no_host_referral"        
-     * the 2d component looks like fully-qualified domain name (FQDN)              
-     * If all of these conditions are satisfied - try mapping the FQDN and 
+     * If CANONICALIZE flag is set in the request
+     * If req is not U2U authn. req
+     * the requested server princ. has exactly two components
+     * either
+     *      the name type is NT-SRV-HST
+     *      or name type is NT-UNKNOWN and
+     *         the 1st component is listed in conf file under host_based_services
+     * the 1st component is not in a list in conf under "no_host_referral"
+     * the 2d component looks like fully-qualified domain name (FQDN)
+     * If all of these conditions are satisfied - try mapping the FQDN and
      * re-process the request as if client had asked for cross-realm TGT.
      */
-    if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE) &&   
-        !isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY) && 
-        krb5_princ_size(kdc_context, request->server) == 2) {             
+    if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE) &&
+        !isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY) &&
+        krb5_princ_size(kdc_context, request->server) == 2) {
 
         comp1 = krb5_princ_component(kdc_context, request->server, 0);
         comp2 = krb5_princ_component(kdc_context, request->server, 1);
 
         comp1_str = calloc(1,comp1->length+1);
         if (!comp1_str) {
-            retval = ENOMEM; 
-            goto cleanup; 
-         }
+            retval = ENOMEM;
+            goto cleanup;
+        }
         strlcpy(comp1_str,comp1->data,comp1->length+1);
 
-        if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST || 
-            (krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN &&   
-            kdc_active_realm->realm_host_based_services != NULL &&
-            (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, comp1_str) == TRUE ||
-             krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE))) &&
-            (kdc_active_realm->realm_no_host_referral == NULL || 
-            (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, KRB5_CONF_ASTERISK) == FALSE &&
-             krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) { 
-
-	    if (memchr(comp2->data, '.', comp2->length) == NULL)
-		goto cleanup;
+        if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST ||
+             (krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN &&
+              kdc_active_realm->realm_host_based_services != NULL &&
+              (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, comp1_str) == TRUE ||
+               krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE))) &&
+            (kdc_active_realm->realm_no_host_referral == NULL ||
+             (krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, KRB5_CONF_ASTERISK) == FALSE &&
+              krb5_match_config_pattern(kdc_active_realm->realm_no_host_referral, comp1_str) == FALSE))) {
+
+            if (memchr(comp2->data, '.', comp2->length) == NULL)
+                goto cleanup;
             temp_buf = calloc(1, comp2->length+1);
             if (!temp_buf){
-                retval = ENOMEM; 
+                retval = ENOMEM;
                 goto cleanup;
             }
             strlcpy(temp_buf, comp2->data,comp2->length+1);
@@ -1224,21 +1225,19 @@ prep_reprocess_req(krb5_kdc_req *request, krb5_principal *krbtgt_princ)
                 retval = KRB5KRB_AP_ERR_BADMATCH;
                 goto cleanup;
             }
-            /* Modify request. 
-             * Construct cross-realm tgt :  krbtgt/REMOTE_REALM@LOCAL_REALM 
-             * and use it as a principal in this req. 
+            /* Modify request.
+             * Construct cross-realm tgt :  krbtgt/REMOTE_REALM@LOCAL_REALM
+             * and use it as a principal in this req.
              */
-            retval = krb5_build_principal(kdc_context, krbtgt_princ, 
-                                          (*request->server).realm.length, 
-                                          (*request->server).realm.data, 
+            retval = krb5_build_principal(kdc_context, krbtgt_princ,
+                                          (*request->server).realm.length,
+                                          (*request->server).realm.data,
                                           "krbtgt", realms[0], (char *)0);
-            for (cpp = realms; *cpp; cpp++)  
-                   free(*cpp);
+            for (cpp = realms; *cpp; cpp++)
+                free(*cpp);
         }
     }
 cleanup:
     free(comp1_str);
     return retval;
 }
-
-
diff --git a/src/kdc/extern.c b/src/kdc/extern.c
index 7ebc7bb3a..763adf57d 100644
--- a/src/kdc/extern.c
+++ b/src/kdc/extern.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/extern.c
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * allocations of extern stuff
  */
@@ -31,14 +32,14 @@
 #include "extern.h"
 
 /* real declarations of KDC's externs */
-kdc_realm_t	**kdc_realmlist = (kdc_realm_t **) NULL;
-int		kdc_numrealms = 0;
-kdc_realm_t	*kdc_active_realm = (kdc_realm_t *) NULL;
+kdc_realm_t     **kdc_realmlist = (kdc_realm_t **) NULL;
+int             kdc_numrealms = 0;
+kdc_realm_t     *kdc_active_realm = (kdc_realm_t *) NULL;
 krb5_data empty_string = {0, 0, ""};
 krb5_timestamp kdc_infinity = KRB5_INT32_MAX; /* XXX */
-krb5_rcache	kdc_rcache = (krb5_rcache) NULL;
-krb5_keyblock	psr_key;
-krb5_int32	max_dgram_reply_size = MAX_DGRAM_SIZE;
+krb5_rcache     kdc_rcache = (krb5_rcache) NULL;
+krb5_keyblock   psr_key;
+krb5_int32      max_dgram_reply_size = MAX_DGRAM_SIZE;
 
-volatile int signal_requests_exit = 0;	/* gets set when signal hits */
+volatile int signal_requests_exit = 0;  /* gets set when signal hits */
 volatile int signal_requests_hup = 0;   /* ditto */
diff --git a/src/kdc/extern.h b/src/kdc/extern.h
index 079f0e47f..af5b3086c 100644
--- a/src/kdc/extern.h
+++ b/src/kdc/extern.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/extern.h
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * <<< Description >>>
  */
@@ -33,52 +34,52 @@ typedef struct __kdc_realm_data {
     /*
      * General Kerberos per-realm data.
      */
-    char *		realm_name;	/* Realm name			    */
-/* XXX the real context should go away once the db_context is done. 
- * The db_context is then associated with the realm keytab using 
- * krb5_ktkdb_resolv(). There should be nothing in the context which 
+    char *              realm_name;     /* Realm name                       */
+/* XXX the real context should go away once the db_context is done.
+ * The db_context is then associated with the realm keytab using
+ * krb5_ktkdb_resolv(). There should be nothing in the context which
  * cannot span multiple realms -- proven */
-    krb5_context	realm_context;	/* Context to be used for realm	    */
-    krb5_keytab		realm_keytab; 	/* keytab to be used for this realm */
-    char *		realm_profile;	/* Profile file for this realm	    */
-    char *              realm_host_based_services; /* do referral processing for these services 
+    krb5_context        realm_context;  /* Context to be used for realm     */
+    krb5_keytab         realm_keytab;   /* keytab to be used for this realm */
+    char *              realm_profile;  /* Profile file for this realm      */
+    char *              realm_host_based_services; /* do referral processing for these services
                                                     * If '*' - allow all referrals */
     char *              realm_no_host_referral; /* no referral for these services.
-                                                 * If '*' - disallow all referrals and  
+                                                 * If '*' - disallow all referrals and
                                                  * ignore realm_host_based_services */
     /*
      * Database per-realm data.
      */
-    char *		realm_dbname;	/* Database name for realm	    */
-    char *		realm_stash;	/* Stash file name for realm	    */
-    char *		realm_mpname;	/* Master principal name for realm  */
-    krb5_principal	realm_mprinc;	/* Master principal for realm	    */
+    char *              realm_dbname;   /* Database name for realm          */
+    char *              realm_stash;    /* Stash file name for realm        */
+    char *              realm_mpname;   /* Master principal name for realm  */
+    krb5_principal      realm_mprinc;   /* Master principal for realm       */
     /*
      * Note realm_mkey is mkey read from stash or keyboard and may not be the
      * latest.  The mkey_list will have all the mkeys in use.
      */
-    krb5_keyblock	realm_mkey;	/* Master key for this realm	    */
-    krb5_keylist_node * mkey_list;	/* list of mkeys in use for this realm */
+    krb5_keyblock       realm_mkey;     /* Master key for this realm        */
+    krb5_keylist_node * mkey_list;      /* list of mkeys in use for this realm */
     /*
      * TGS per-realm data.
      */
-    krb5_principal	realm_tgsprinc;	/* TGS principal for this realm	    */
+    krb5_principal      realm_tgsprinc; /* TGS principal for this realm     */
     /*
      * Other per-realm data.
      */
-    char		*realm_ports;	/* Per-realm KDC UDP port */
-    char		*realm_tcp_ports; /* Per-realm KDC TCP port */
+    char                *realm_ports;   /* Per-realm KDC UDP port */
+    char                *realm_tcp_ports; /* Per-realm KDC TCP port */
     /*
      * Per-realm parameters.
      */
-    krb5_deltat		realm_maxlife;	/* Maximum ticket life for realm    */
-    krb5_deltat		realm_maxrlife;	/* Maximum renewable life for realm */
-    krb5_boolean	realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
+    krb5_deltat         realm_maxlife;  /* Maximum ticket life for realm    */
+    krb5_deltat         realm_maxrlife; /* Maximum renewable life for realm */
+    krb5_boolean        realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */
 } kdc_realm_t;
 
-extern kdc_realm_t	**kdc_realmlist;
-extern int		kdc_numrealms;
-extern kdc_realm_t	*kdc_active_realm;
+extern kdc_realm_t      **kdc_realmlist;
+extern int              kdc_numrealms;
+extern kdc_realm_t      *kdc_active_realm;
 
 kdc_realm_t *find_realm_data (char *, krb5_ui_4);
 
@@ -87,25 +88,25 @@ kdc_realm_t *find_realm_data (char *, krb5_ui_4);
  * realm data.  This allows us to support multiple realms with minimal logic
  * changes.
  */
-#define	kdc_context			kdc_active_realm->realm_context
-#define	max_life_for_realm		kdc_active_realm->realm_maxlife
-#define	max_renewable_life_for_realm	kdc_active_realm->realm_maxrlife
-#define	master_keyblock			kdc_active_realm->realm_mkey
-#define	master_keylist			kdc_active_realm->mkey_list
-#define	master_princ			kdc_active_realm->realm_mprinc
-#define	tgs_server			kdc_active_realm->realm_tgsprinc
-#define reject_bad_transit		kdc_active_realm->realm_reject_bad_transit
+#define kdc_context                     kdc_active_realm->realm_context
+#define max_life_for_realm              kdc_active_realm->realm_maxlife
+#define max_renewable_life_for_realm    kdc_active_realm->realm_maxrlife
+#define master_keyblock                 kdc_active_realm->realm_mkey
+#define master_keylist                  kdc_active_realm->mkey_list
+#define master_princ                    kdc_active_realm->realm_mprinc
+#define tgs_server                      kdc_active_realm->realm_tgsprinc
+#define reject_bad_transit              kdc_active_realm->realm_reject_bad_transit
 
 /* various externs for KDC */
-extern krb5_data 	empty_string;	/* an empty string */
-extern krb5_timestamp 	kdc_infinity;	/* greater than all other timestamps */
-extern krb5_rcache	kdc_rcache;	/* replay cache */
-extern krb5_keyblock	psr_key;	/* key for predicted sam response */
-extern const int	kdc_modifies_kdb;
-extern char		**db_args;
-extern krb5_int32	max_dgram_reply_size; /* maximum datagram size */
+extern krb5_data        empty_string;   /* an empty string */
+extern krb5_timestamp   kdc_infinity;   /* greater than all other timestamps */
+extern krb5_rcache      kdc_rcache;     /* replay cache */
+extern krb5_keyblock    psr_key;        /* key for predicted sam response */
+extern const int        kdc_modifies_kdb;
+extern char             **db_args;
+extern krb5_int32       max_dgram_reply_size; /* maximum datagram size */
 
-extern const int	vague_errors;
+extern const int        vague_errors;
 
 extern volatile int signal_requests_exit;
 extern volatile int signal_requests_hup;
diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
index f02410b96..f7a1ac43a 100644
--- a/src/kdc/fast_util.c
+++ b/src/kdc/fast_util.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/fast_util.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +23,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  */
 
@@ -49,49 +50,49 @@ static krb5_error_code armor_ap_request
     krb5_auth_context authcontext = NULL;
     krb5_ticket *ticket = NULL;
     krb5_keyblock *subkey = NULL;
-    
+
     assert(armor->armor_type == KRB5_FAST_ARMOR_AP_REQUEST);
     krb5_clear_error_message(kdc_context);
     retval = krb5_auth_con_init(kdc_context, &authcontext);
     if (retval == 0)
-	retval = krb5_auth_con_setflags(kdc_context, authcontext, 0); /*disable replay cache*/
+        retval = krb5_auth_con_setflags(kdc_context, authcontext, 0); /*disable replay cache*/
     retval = krb5_rd_req(kdc_context, &authcontext,
-			 &armor->armor_value, NULL /*server*/,
-			 kdc_active_realm->realm_keytab,  NULL, &ticket);
+                         &armor->armor_value, NULL /*server*/,
+                         kdc_active_realm->realm_keytab,  NULL, &ticket);
     if (retval !=0) {
-	const char * errmsg = krb5_get_error_message(kdc_context, retval);
-		krb5_set_error_message(kdc_context, retval,
-				       "%s while handling ap-request armor", errmsg);
-		krb5_free_error_message(kdc_context, errmsg);
+        const char * errmsg = krb5_get_error_message(kdc_context, retval);
+        krb5_set_error_message(kdc_context, retval,
+                               "%s while handling ap-request armor", errmsg);
+        krb5_free_error_message(kdc_context, errmsg);
     }
     if (retval == 0) {
-	if (!krb5_principal_compare_any_realm(kdc_context,
-					      tgs_server,
-					      ticket->server)) {
-	    krb5_set_error_message(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH,
-				   "ap-request armor for something other than  the local TGS");
-	    retval = KRB5KDC_ERR_SERVER_NOMATCH;
-	}
+        if (!krb5_principal_compare_any_realm(kdc_context,
+                                              tgs_server,
+                                              ticket->server)) {
+            krb5_set_error_message(kdc_context, KRB5KDC_ERR_SERVER_NOMATCH,
+                                   "ap-request armor for something other than  the local TGS");
+            retval = KRB5KDC_ERR_SERVER_NOMATCH;
+        }
     }
     if (retval ==0) {
-	retval = krb5_auth_con_getrecvsubkey(kdc_context, authcontext, &subkey);
-	if (retval !=0 || subkey == NULL) {
-	    krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
-				   "ap-request armor without subkey");
-	    retval = KRB5KDC_ERR_POLICY;
-	}
+        retval = krb5_auth_con_getrecvsubkey(kdc_context, authcontext, &subkey);
+        if (retval !=0 || subkey == NULL) {
+            krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
+                                   "ap-request armor without subkey");
+            retval = KRB5KDC_ERR_POLICY;
+        }
     }
-    if (retval==0) 
-	retval = krb5_c_fx_cf2_simple(kdc_context,
-				      subkey, "subkeyarmor",
-				      ticket->enc_part2->session, "ticketarmor",
-				      &state->armor_key);
+    if (retval==0)
+        retval = krb5_c_fx_cf2_simple(kdc_context,
+                                      subkey, "subkeyarmor",
+                                      ticket->enc_part2->session, "ticketarmor",
+                                      &state->armor_key);
     if (ticket)
-	krb5_free_ticket(kdc_context, ticket);
+        krb5_free_ticket(kdc_context, ticket);
     if (subkey)
-	krb5_free_keyblock(kdc_context, subkey);
+        krb5_free_keyblock(kdc_context, subkey);
     if (authcontext)
-	krb5_auth_con_free(kdc_context, authcontext);
+        krb5_auth_con_free(kdc_context, authcontext);
     return retval;
 }
 
@@ -104,22 +105,22 @@ static krb5_error_code encrypt_fast_reply
     krb5_data *encoded_response = NULL;
     assert(state->armor_key);
     retval = encode_krb5_fast_response(response, &encoded_response);
-    if (retval== 0) 
-	retval = krb5_encrypt_helper(kdc_context, state->armor_key,
-				     KRB5_KEYUSAGE_FAST_REP,
-				     encoded_response, &encrypted_reply);
+    if (retval== 0)
+        retval = krb5_encrypt_helper(kdc_context, state->armor_key,
+                                     KRB5_KEYUSAGE_FAST_REP,
+                                     encoded_response, &encrypted_reply);
     if (encoded_response)
-	krb5_free_data(kdc_context, encoded_response);
+        krb5_free_data(kdc_context, encoded_response);
     encoded_response = NULL;
     if (retval == 0) {
-	retval = encode_krb5_pa_fx_fast_reply(&encrypted_reply,
-					      fx_fast_reply);
-	krb5_free_data_contents(kdc_context, &encrypted_reply.ciphertext);
+        retval = encode_krb5_pa_fx_fast_reply(&encrypted_reply,
+                                              fx_fast_reply);
+        krb5_free_data_contents(kdc_context, &encrypted_reply.ciphertext);
     }
     return retval;
 }
 
-	
+
 krb5_error_code  kdc_find_fast
 (krb5_kdc_req **requestptr,  krb5_data *checksummed_data,
  krb5_keyblock *tgs_subkey,
@@ -139,115 +140,115 @@ krb5_error_code  kdc_find_fast
     krb5_clear_error_message(kdc_context);
     memset(&empty_keyblock, 0, sizeof(krb5_keyblock));
     fast_padata = find_pa_data(request->padata,
-			       KRB5_PADATA_FX_FAST);
+                               KRB5_PADATA_FX_FAST);
     if (fast_padata !=  NULL){
-    scratch.length = fast_padata->length;
-    scratch.data = (char *) fast_padata->contents;
-    retval = decode_krb5_pa_fx_fast_request(&scratch, &fast_armored_req);
-    if (retval == 0 &&fast_armored_req->armor) {
-	switch (fast_armored_req->armor->armor_type) {
-	case KRB5_FAST_ARMOR_AP_REQUEST:
-	    retval = armor_ap_request(state, fast_armored_req->armor);
-	    break;
-	default:
-	    krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
-				   "Unknow FAST armor type %d",
-				   fast_armored_req->armor->armor_type);
-	    retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	}
-    }
-    if (retval == 0 && !state->armor_key) {
-	if (tgs_subkey)
-	  retval = krb5_c_fx_cf2_simple(kdc_context,
-					tgs_subkey, "subkeyarmor",
-					tgs_session, "ticketarmor",
-					&state->armor_key);
-	else {
-	    krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
-				   "No armor key but FAST armored request present");
-	    retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	}
-    }
-    if (retval == 0) {
-	krb5_data plaintext;
-	plaintext.length = fast_armored_req->enc_part.ciphertext.length;
-	plaintext.data = malloc(plaintext.length);
-	if (plaintext.data == NULL)
-	    retval = ENOMEM;
-	retval = krb5_c_decrypt(kdc_context,
-				state->armor_key,
-				KRB5_KEYUSAGE_FAST_ENC, NULL,
-				&fast_armored_req->enc_part,
-				&plaintext);
-	if (retval == 0)
-	    retval = decode_krb5_fast_req(&plaintext, &fast_req);
-	if (plaintext.data)
-	    free(plaintext.data);
-    }
-    if (retval == 0)
-      retval = krb5_c_verify_checksum(kdc_context, state->armor_key,
-				      KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
-				      checksummed_data, &fast_armored_req->req_checksum,
-				      &cksum_valid);
-    if (retval == 0 && !cksum_valid) {
-      retval = KRB5KRB_AP_ERR_MODIFIED;
-      krb5_set_error_message(kdc_context, KRB5KRB_AP_ERR_MODIFIED,
-			     "FAST req_checksum invalid; request modified");
-    }
-    if (retval == 0) {
-	krb5_error_code ret;
-	/* We need to confirm that a keyed checksum is used for the
-	 * fast_req checksum.  In April 2009, the best way to do this is
-	 * to try verifying the checksum with a keyblock with an zero
-	 * length; if it succeeds, then an unkeyed checksum is used.*/
-	ret  = krb5_c_verify_checksum(kdc_context, &empty_keyblock,
-				      KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
-				      checksummed_data, &fast_armored_req->req_checksum,
-				      &cksum_valid);
-	if (ret == 0) {
-	    retval = KRB5KDC_ERR_POLICY;
-	    krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
-				   "Unkeyed checksum used in fast_req");
-	}
-    }
-    if (retval == 0) {
-	if ((fast_req->fast_options & UNSUPPORTED_CRITICAL_FAST_OPTIONS) !=0)
-	    retval = KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION;
-    }
-	    if (retval == 0)
-	        cookie_padata = find_pa_data(fast_req->req_body->padata, KRB5_PADATA_FX_COOKIE);
-	    if (retval == 0) {
-	      state->fast_options = fast_req->fast_options;
-	      if (request->kdc_state == state)
-		request->kdc_state = NULL;
-	      krb5_free_kdc_req( kdc_context, request);
-	      *requestptr = fast_req->req_body;
-	      fast_req->req_body = NULL;
-	
-	    }
+        scratch.length = fast_padata->length;
+        scratch.data = (char *) fast_padata->contents;
+        retval = decode_krb5_pa_fx_fast_request(&scratch, &fast_armored_req);
+        if (retval == 0 &&fast_armored_req->armor) {
+            switch (fast_armored_req->armor->armor_type) {
+            case KRB5_FAST_ARMOR_AP_REQUEST:
+                retval = armor_ap_request(state, fast_armored_req->armor);
+                break;
+            default:
+                krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
+                                       "Unknow FAST armor type %d",
+                                       fast_armored_req->armor->armor_type);
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            }
+        }
+        if (retval == 0 && !state->armor_key) {
+            if (tgs_subkey)
+                retval = krb5_c_fx_cf2_simple(kdc_context,
+                                              tgs_subkey, "subkeyarmor",
+                                              tgs_session, "ticketarmor",
+                                              &state->armor_key);
+            else {
+                krb5_set_error_message(kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
+                                       "No armor key but FAST armored request present");
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            }
+        }
+        if (retval == 0) {
+            krb5_data plaintext;
+            plaintext.length = fast_armored_req->enc_part.ciphertext.length;
+            plaintext.data = malloc(plaintext.length);
+            if (plaintext.data == NULL)
+                retval = ENOMEM;
+            retval = krb5_c_decrypt(kdc_context,
+                                    state->armor_key,
+                                    KRB5_KEYUSAGE_FAST_ENC, NULL,
+                                    &fast_armored_req->enc_part,
+                                    &plaintext);
+            if (retval == 0)
+                retval = decode_krb5_fast_req(&plaintext, &fast_req);
+            if (plaintext.data)
+                free(plaintext.data);
+        }
+        if (retval == 0)
+            retval = krb5_c_verify_checksum(kdc_context, state->armor_key,
+                                            KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
+                                            checksummed_data, &fast_armored_req->req_checksum,
+                                            &cksum_valid);
+        if (retval == 0 && !cksum_valid) {
+            retval = KRB5KRB_AP_ERR_MODIFIED;
+            krb5_set_error_message(kdc_context, KRB5KRB_AP_ERR_MODIFIED,
+                                   "FAST req_checksum invalid; request modified");
+        }
+        if (retval == 0) {
+            krb5_error_code ret;
+            /* We need to confirm that a keyed checksum is used for the
+             * fast_req checksum.  In April 2009, the best way to do this is
+             * to try verifying the checksum with a keyblock with an zero
+             * length; if it succeeds, then an unkeyed checksum is used.*/
+            ret  = krb5_c_verify_checksum(kdc_context, &empty_keyblock,
+                                          KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
+                                          checksummed_data, &fast_armored_req->req_checksum,
+                                          &cksum_valid);
+            if (ret == 0) {
+                retval = KRB5KDC_ERR_POLICY;
+                krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
+                                       "Unkeyed checksum used in fast_req");
+            }
+        }
+        if (retval == 0) {
+            if ((fast_req->fast_options & UNSUPPORTED_CRITICAL_FAST_OPTIONS) !=0)
+                retval = KRB5KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTION;
+        }
+        if (retval == 0)
+            cookie_padata = find_pa_data(fast_req->req_body->padata, KRB5_PADATA_FX_COOKIE);
+        if (retval == 0) {
+            state->fast_options = fast_req->fast_options;
+            if (request->kdc_state == state)
+                request->kdc_state = NULL;
+            krb5_free_kdc_req( kdc_context, request);
+            *requestptr = fast_req->req_body;
+            fast_req->req_body = NULL;
+
+        }
     }
     else cookie_padata = find_pa_data(request->padata, KRB5_PADATA_FX_COOKIE);
-        if (retval == 0 && cookie_padata != NULL) {
-	krb5_pa_data *new_padata = malloc(sizeof (krb5_pa_data));
-	if (new_padata == NULL) {
-	    retval = ENOMEM;
-	} else {
-	    new_padata->pa_type = KRB5_PADATA_FX_COOKIE;
-	    new_padata->length = cookie_padata->length;
-	    new_padata->contents = malloc(new_padata->length);
-	    if (new_padata->contents == NULL) {
-		retval = ENOMEM;
-		free(new_padata);
-	    } else {
-		memcpy(new_padata->contents, cookie_padata->contents, new_padata->length);
-		state->cookie = new_padata;
-	    }
-	}
+    if (retval == 0 && cookie_padata != NULL) {
+        krb5_pa_data *new_padata = malloc(sizeof (krb5_pa_data));
+        if (new_padata == NULL) {
+            retval = ENOMEM;
+        } else {
+            new_padata->pa_type = KRB5_PADATA_FX_COOKIE;
+            new_padata->length = cookie_padata->length;
+            new_padata->contents = malloc(new_padata->length);
+            if (new_padata->contents == NULL) {
+                retval = ENOMEM;
+                free(new_padata);
+            } else {
+                memcpy(new_padata->contents, cookie_padata->contents, new_padata->length);
+                state->cookie = new_padata;
+            }
+        }
     }
-	if (fast_req)
-	krb5_free_fast_req( kdc_context, fast_req);
+    if (fast_req)
+        krb5_free_fast_req( kdc_context, fast_req);
     if (fast_armored_req)
-	krb5_free_fast_armored_req(kdc_context, fast_armored_req);
+        krb5_free_fast_armored_req(kdc_context, fast_armored_req);
     return retval;
 }
 
@@ -256,7 +257,7 @@ krb5_error_code kdc_make_rstate(struct kdc_request_state **out)
 {
     struct kdc_request_state *state = malloc( sizeof(struct kdc_request_state));
     if (state == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset( state, 0, sizeof(struct kdc_request_state));
     *out = state;
     return 0;
@@ -265,15 +266,15 @@ krb5_error_code kdc_make_rstate(struct kdc_request_state **out)
 void kdc_free_rstate
 (struct kdc_request_state *s)
 {
-  if (s == NULL)
-    return;
+    if (s == NULL)
+        return;
     if (s->armor_key)
-	krb5_free_keyblock(kdc_context, s->armor_key);
+        krb5_free_keyblock(kdc_context, s->armor_key);
     if (s->strengthen_key)
-	krb5_free_keyblock(kdc_context, s->strengthen_key);
+        krb5_free_keyblock(kdc_context, s->strengthen_key);
     if (s->cookie) {
-	free(s->cookie->contents);
-	free(s->cookie);
+        free(s->cookie->contents);
+        free(s->cookie);
     }
     free(s);
 }
@@ -292,70 +293,70 @@ krb5_error_code kdc_fast_response_handle_padata
     krb5_cksumtype cksumtype = CKSUMTYPE_RSA_MD5;
     krb5_pa_data *empty_padata[] = {NULL};
     krb5_keyblock *strengthen_key = NULL;
-    
+
     if (!state->armor_key)
-	return 0;
+        return 0;
     memset(&finish, 0, sizeof(finish));
     retval = krb5_init_keyblock(kdc_context, enctype, 0, &strengthen_key);
     if (retval == 0)
-	retval = krb5_c_make_random_key(kdc_context, enctype, strengthen_key);
+        retval = krb5_c_make_random_key(kdc_context, enctype, strengthen_key);
     if (retval == 0) {
-	state->strengthen_key = strengthen_key;
-	strengthen_key = NULL;
+        state->strengthen_key = strengthen_key;
+        strengthen_key = NULL;
     }
-    
+
     fast_response.padata = rep->padata;
     if (fast_response.padata == NULL)
-	fast_response.padata = &empty_padata[0];
-        fast_response.strengthen_key = state->strengthen_key;
+        fast_response.padata = &empty_padata[0];
+    fast_response.strengthen_key = state->strengthen_key;
     fast_response.nonce = request->nonce;
     fast_response.finished = &finish;
     finish.client = rep->client;
     pa_array = calloc(3, sizeof(*pa_array));
     if (pa_array == NULL)
-	retval = ENOMEM;
+        retval = ENOMEM;
     pa = calloc(1, sizeof(krb5_pa_data));
     if (retval == 0 && pa == NULL)
-	retval = ENOMEM;
+        retval = ENOMEM;
     if (retval == 0)
-	retval = krb5_us_timeofday(kdc_context, &finish.timestamp, &finish.usec);
+        retval = krb5_us_timeofday(kdc_context, &finish.timestamp, &finish.usec);
     if (retval == 0)
-	retval = encode_krb5_ticket(rep->ticket, &encoded_ticket);
+        retval = encode_krb5_ticket(rep->ticket, &encoded_ticket);
     if (retval == 0)
-    retval = krb5int_c_mandatory_cksumtype(kdc_context, state->armor_key->enctype, &cksumtype);
+        retval = krb5int_c_mandatory_cksumtype(kdc_context, state->armor_key->enctype, &cksumtype);
     if (retval == 0)
-	retval = krb5_c_make_checksum(kdc_context, cksumtype,
-				      state->armor_key, KRB5_KEYUSAGE_FAST_FINISHED,
-				      encoded_ticket, &finish.ticket_checksum);
+        retval = krb5_c_make_checksum(kdc_context, cksumtype,
+                                      state->armor_key, KRB5_KEYUSAGE_FAST_FINISHED,
+                                      encoded_ticket, &finish.ticket_checksum);
     if (retval == 0)
-	retval = encrypt_fast_reply(state, &fast_response, &encrypted_reply);
+        retval = encrypt_fast_reply(state, &fast_response, &encrypted_reply);
     if (retval == 0) {
-	pa[0].pa_type = KRB5_PADATA_FX_FAST;
-	pa[0].length = encrypted_reply->length;
-	pa[0].contents = (unsigned char *)  encrypted_reply->data;
-	pa_array[0] = &pa[0];
-	rep->padata = pa_array;
-	pa_array = NULL;
-	free(encrypted_reply);
-	encrypted_reply = NULL;
-	pa = NULL;
+        pa[0].pa_type = KRB5_PADATA_FX_FAST;
+        pa[0].length = encrypted_reply->length;
+        pa[0].contents = (unsigned char *)  encrypted_reply->data;
+        pa_array[0] = &pa[0];
+        rep->padata = pa_array;
+        pa_array = NULL;
+        free(encrypted_reply);
+        encrypted_reply = NULL;
+        pa = NULL;
     }
     if (pa)
-      free(pa);
+        free(pa);
     if (pa_array)
-	free(pa_array);
+        free(pa_array);
     if (encrypted_reply)
-	krb5_free_data(kdc_context, encrypted_reply);
+        krb5_free_data(kdc_context, encrypted_reply);
     if (encoded_ticket)
-	krb5_free_data(kdc_context, encoded_ticket);
+        krb5_free_data(kdc_context, encoded_ticket);
     if (strengthen_key != NULL)
-	krb5_free_keyblock(kdc_context, strengthen_key);
+        krb5_free_keyblock(kdc_context, strengthen_key);
     if (finish.ticket_checksum.contents)
-	krb5_free_checksum_contents(kdc_context, &finish.ticket_checksum);
+        krb5_free_checksum_contents(kdc_context, &finish.ticket_checksum);
     return retval;
 }
 
-	
+
 /*
  * We assume the caller is responsible for passing us an in_padata
  * sufficient to include in a FAST error.  In the FAST case we will
@@ -379,7 +380,7 @@ krb5_error_code kdc_fast_handle_error
 
     memset(outer_pa, 0, sizeof(outer_pa));
     if (!state->armor_key)
-	return 0;
+        return 0;
     fx_error = *err;
     fx_error.e_data.data = NULL;
     fx_error.e_data.length = 0;
@@ -387,76 +388,76 @@ krb5_error_code kdc_fast_handle_error
     size +=3;
     inner_pa = calloc(size, sizeof(krb5_pa_data *));
     if (inner_pa == NULL)
-	retval = ENOMEM;
+        retval = ENOMEM;
     if (retval == 0)
-	for (size=0; in_padata&&in_padata[size]; size++)
-	    inner_pa[size] = in_padata[size];
+        for (size=0; in_padata&&in_padata[size]; size++)
+            inner_pa[size] = in_padata[size];
     if (retval == 0)
-	retval = encode_krb5_error(&fx_error, &encoded_fx_error);
+        retval = encode_krb5_error(&fx_error, &encoded_fx_error);
     if (retval == 0) {
-	pa[0].pa_type = KRB5_PADATA_FX_ERROR;
-	pa[0].length = encoded_fx_error->length;
-	pa[0].contents = (unsigned char *) encoded_fx_error->data;
-	inner_pa[size++] = &pa[0];
-	if (find_pa_data(inner_pa, KRB5_PADATA_FX_COOKIE) == NULL)
-	    retval = kdc_preauth_get_cookie(state, &cookie);
+        pa[0].pa_type = KRB5_PADATA_FX_ERROR;
+        pa[0].length = encoded_fx_error->length;
+        pa[0].contents = (unsigned char *) encoded_fx_error->data;
+        inner_pa[size++] = &pa[0];
+        if (find_pa_data(inner_pa, KRB5_PADATA_FX_COOKIE) == NULL)
+            retval = kdc_preauth_get_cookie(state, &cookie);
     }
     if (cookie != NULL)
-	inner_pa[size++] = cookie;
+        inner_pa[size++] = cookie;
     if (retval == 0) {
-		resp.padata = inner_pa;
-	resp.nonce = request->nonce;
-	resp.strengthen_key = NULL;
-	resp.finished = NULL;
+        resp.padata = inner_pa;
+        resp.nonce = request->nonce;
+        resp.strengthen_key = NULL;
+        resp.finished = NULL;
     }
     if (retval == 0)
-	retval = encrypt_fast_reply(state, &resp, &encrypted_reply);
+        retval = encrypt_fast_reply(state, &resp, &encrypted_reply);
     if (inner_pa)
-	free(inner_pa); /*contained storage from caller and our stack*/
+        free(inner_pa); /*contained storage from caller and our stack*/
     if (cookie) {
-	free(cookie->contents);
-	free(cookie);
-	cookie = NULL;
+        free(cookie->contents);
+        free(cookie);
+        cookie = NULL;
     }
     if (retval == 0) {
-	pa[0].pa_type = KRB5_PADATA_FX_FAST;
-	pa[0].length = encrypted_reply->length;
-	pa[0].contents = (unsigned char *) encrypted_reply->data;
-	outer_pa[0] = &pa[0];
+        pa[0].pa_type = KRB5_PADATA_FX_FAST;
+        pa[0].length = encrypted_reply->length;
+        pa[0].contents = (unsigned char *) encrypted_reply->data;
+        outer_pa[0] = &pa[0];
     }
     retval = encode_krb5_padata_sequence(outer_pa, &encoded_e_data);
     if (retval == 0) {
-      /*process_as holds onto a pointer to the original e_data and frees it*/
-	err->e_data = *encoded_e_data;
-	free(encoded_e_data); /*contents belong to err*/
-	encoded_e_data = NULL;
+        /*process_as holds onto a pointer to the original e_data and frees it*/
+        err->e_data = *encoded_e_data;
+        free(encoded_e_data); /*contents belong to err*/
+        encoded_e_data = NULL;
     }
     if (encoded_e_data)
-	krb5_free_data(kdc_context, encoded_e_data);
+        krb5_free_data(kdc_context, encoded_e_data);
     if (encrypted_reply)
-	krb5_free_data(kdc_context, encrypted_reply);
+        krb5_free_data(kdc_context, encrypted_reply);
     if (encoded_fx_error)
-	krb5_free_data(kdc_context, encoded_fx_error);
+        krb5_free_data(kdc_context, encoded_fx_error);
     return retval;
 }
 
 krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state,
-					  krb5_keyblock *existing_key,
-					  krb5_keyblock **out_key)
+                                          krb5_keyblock *existing_key,
+                                          krb5_keyblock **out_key)
 {
     krb5_error_code retval = 0;
     if (state->armor_key)
-	retval = krb5_c_fx_cf2_simple(kdc_context,
-				      state->strengthen_key, "strengthenkey", 
-				      existing_key,
-				      "replykey", out_key);
+        retval = krb5_c_fx_cf2_simple(kdc_context,
+                                      state->strengthen_key, "strengthenkey",
+                                      existing_key,
+                                      "replykey", out_key);
     else retval = krb5_copy_keyblock(kdc_context, existing_key, out_key);
     return retval;
 }
 
 
 krb5_error_code kdc_preauth_get_cookie(struct kdc_request_state *state,
-				    krb5_pa_data **cookie)
+                                       krb5_pa_data **cookie)
 {
     char *contents;
     krb5_pa_data *pa = NULL;
@@ -469,11 +470,11 @@ krb5_error_code kdc_preauth_get_cookie(struct kdc_request_state *state,
      */
     contents = strdup("MIT");
     if (contents == NULL)
-	return ENOMEM;
+        return ENOMEM;
     pa = calloc(1, sizeof(krb5_pa_data));
     if (pa == NULL) {
-	free(contents);
-	return ENOMEM;
+        free(contents);
+        return ENOMEM;
     }
     pa->pa_type = KRB5_PADATA_FX_COOKIE;
     pa->length = strlen(contents);
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index 4ccfcb98b..e6d4bd2b6 100644
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/kdc_authdata.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * AuthorizationData routines for the KDC.
  */
 
@@ -45,74 +46,74 @@ static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL };
 
 /* MIT Kerberos 1.6 (V0) authdata plugin callback */
 typedef krb5_error_code (*authdata_proc_0)
-    (krb5_context, krb5_db_entry *client,
-     krb5_data *req_pkt,
-     krb5_kdc_req *request,
-     krb5_enc_tkt_part * enc_tkt_reply);
+(krb5_context, krb5_db_entry *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part * enc_tkt_reply);
 /* MIT Kerberos 1.8 (V2) authdata plugin callback */
 typedef krb5_error_code (*authdata_proc_2)
-    (krb5_context, unsigned int flags,
-     krb5_db_entry *client, krb5_db_entry *server,
-     krb5_db_entry *krbtgt,
-     krb5_keyblock *client_key,
-     krb5_keyblock *server_key,
-     krb5_keyblock *krbtgt_key,
-     krb5_data *req_pkt,
-     krb5_kdc_req *request,
-     krb5_const_principal for_user_princ,
-     krb5_enc_tkt_part *enc_tkt_request,
-     krb5_enc_tkt_part *enc_tkt_reply);
+(krb5_context, unsigned int flags,
+ krb5_db_entry *client, krb5_db_entry *server,
+ krb5_db_entry *krbtgt,
+ krb5_keyblock *client_key,
+ krb5_keyblock *server_key,
+ krb5_keyblock *krbtgt_key,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_const_principal for_user_princ,
+ krb5_enc_tkt_part *enc_tkt_request,
+ krb5_enc_tkt_part *enc_tkt_reply);
 typedef krb5_error_code (*init_proc)
-    (krb5_context, void **);
+(krb5_context, void **);
 typedef void (*fini_proc)
-    (krb5_context, void *);
+(krb5_context, void *);
 
 /* Internal authdata system for copying TGS-REQ authdata to ticket */
 static krb5_error_code handle_request_authdata
-    (krb5_context context,
-     unsigned int flags,
-     krb5_db_entry *client,
-     krb5_db_entry *server,
-     krb5_db_entry *krbtgt,
-     krb5_keyblock *client_key,
-     krb5_keyblock *server_key,
-     krb5_keyblock *krbtgt_key,
-     krb5_data *req_pkt,
-     krb5_kdc_req *request,
-     krb5_const_principal for_user_princ,
-     krb5_enc_tkt_part *enc_tkt_request,
-     krb5_enc_tkt_part *enc_tkt_reply);
+(krb5_context context,
+ unsigned int flags,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_db_entry *krbtgt,
+ krb5_keyblock *client_key,
+ krb5_keyblock *server_key,
+ krb5_keyblock *krbtgt_key,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_const_principal for_user_princ,
+ krb5_enc_tkt_part *enc_tkt_request,
+ krb5_enc_tkt_part *enc_tkt_reply);
 
 /* Internal authdata system for handling KDC-issued authdata */
 static krb5_error_code handle_tgt_authdata
-    (krb5_context context,
-     unsigned int flags,
-     krb5_db_entry *client,
-     krb5_db_entry *server,
-     krb5_db_entry *krbtgt,
-     krb5_keyblock *client_key,
-     krb5_keyblock *server_key,
-     krb5_keyblock *krbtgt_key,
-     krb5_data *req_pkt,
-     krb5_kdc_req *request,
-     krb5_const_principal for_user_princ,
-     krb5_enc_tkt_part *enc_tkt_request,
-     krb5_enc_tkt_part *enc_tkt_reply);
+(krb5_context context,
+ unsigned int flags,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_db_entry *krbtgt,
+ krb5_keyblock *client_key,
+ krb5_keyblock *server_key,
+ krb5_keyblock *krbtgt_key,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_const_principal for_user_princ,
+ krb5_enc_tkt_part *enc_tkt_request,
+ krb5_enc_tkt_part *enc_tkt_reply);
 
 typedef struct _krb5_authdata_systems {
     const char *name;
-#define AUTHDATA_SYSTEM_UNKNOWN	-1
-#define AUTHDATA_SYSTEM_V0	0
-#define AUTHDATA_SYSTEM_V2	2
+#define AUTHDATA_SYSTEM_UNKNOWN -1
+#define AUTHDATA_SYSTEM_V0      0
+#define AUTHDATA_SYSTEM_V2      2
     int         type;
-#define AUTHDATA_FLAG_CRITICAL	0x1
+#define AUTHDATA_FLAG_CRITICAL  0x1
     int         flags;
     void       *plugin_context;
     init_proc   init;
     fini_proc   fini;
     union {
-	authdata_proc_2 v2;
-	authdata_proc_0 v0;
+        authdata_proc_2 v2;
+        authdata_proc_0 v0;
     } handle_authdata;
 } krb5_authdata_systems;
 
@@ -139,10 +140,10 @@ load_authdata_plugins(krb5_context context)
     /* Attempt to load all of the authdata plugins we can find. */
     PLUGIN_DIR_INIT(&authdata_plugins);
     if (PLUGIN_DIR_OPEN(&authdata_plugins) == 0) {
-	if (krb5int_open_plugin_dirs(objdirs, NULL,
-				     &authdata_plugins, &context->err) != 0) {
-	    return KRB5_PLUGIN_NO_HANDLE;
-	}
+        if (krb5int_open_plugin_dirs(objdirs, NULL,
+                                     &authdata_plugins, &context->err) != 0) {
+            return KRB5_PLUGIN_NO_HANDLE;
+        }
     }
 
     /* Get the method tables provided by the loaded plugins. */
@@ -151,141 +152,141 @@ load_authdata_plugins(krb5_context context)
     n_authdata_systems = 0;
 
     if (krb5int_get_plugin_dir_data(&authdata_plugins,
-				    "authdata_server_2",
-				    &authdata_plugins_ftables_v2, &context->err) != 0 ||
-	krb5int_get_plugin_dir_data(&authdata_plugins,
-				    "authdata_server_0",
-				    &authdata_plugins_ftables_v0, &context->err) != 0) {
-	code = KRB5_PLUGIN_NO_HANDLE;
-	goto cleanup;
+                                    "authdata_server_2",
+                                    &authdata_plugins_ftables_v2, &context->err) != 0 ||
+        krb5int_get_plugin_dir_data(&authdata_plugins,
+                                    "authdata_server_0",
+                                    &authdata_plugins_ftables_v0, &context->err) != 0) {
+        code = KRB5_PLUGIN_NO_HANDLE;
+        goto cleanup;
     }
 
-    /* Count the valid modules. */ 
+    /* Count the valid modules. */
     module_count = 0;
 
     if (authdata_plugins_ftables_v2 != NULL) {
-	struct krb5plugin_authdata_server_ftable_v2 *ftable;
+        struct krb5plugin_authdata_server_ftable_v2 *ftable;
 
-	for (i = 0; authdata_plugins_ftables_v2[i] != NULL; i++) {
-	    ftable = authdata_plugins_ftables_v2[i];
-	    if (ftable->authdata_proc != NULL)
-		module_count++;
-	}
+        for (i = 0; authdata_plugins_ftables_v2[i] != NULL; i++) {
+            ftable = authdata_plugins_ftables_v2[i];
+            if (ftable->authdata_proc != NULL)
+                module_count++;
+        }
     }
- 
+
     if (authdata_plugins_ftables_v0 != NULL) {
-	struct krb5plugin_authdata_server_ftable_v0 *ftable;
+        struct krb5plugin_authdata_server_ftable_v0 *ftable;
 
-	for (i = 0; authdata_plugins_ftables_v0[i] != NULL; i++) {
-	    ftable = authdata_plugins_ftables_v0[i];
-	    if (ftable->authdata_proc != NULL)
-		module_count++;
-	}
+        for (i = 0; authdata_plugins_ftables_v0[i] != NULL; i++) {
+            ftable = authdata_plugins_ftables_v0[i];
+            if (ftable->authdata_proc != NULL)
+                module_count++;
+        }
     }
 
     module_count += sizeof(static_authdata_systems)
-	/ sizeof(static_authdata_systems[0]);
+        / sizeof(static_authdata_systems[0]);
 
     /* Build the complete list of supported authdata options, and
      * leave room for a terminator entry. */
     authdata_systems = calloc(module_count + 1, sizeof(krb5_authdata_systems));
     if (authdata_systems == NULL) {
-	code = ENOMEM;
-	goto cleanup;
+        code = ENOMEM;
+        goto cleanup;
     }
 
     k = 0;
 
     /* Add dynamically loaded V2 plugins */
     if (authdata_plugins_ftables_v2 != NULL) {
-	struct krb5plugin_authdata_server_ftable_v2 *ftable;
-
-	for (i = 0; authdata_plugins_ftables_v2[i] != NULL; i++) {
-	    krb5_error_code initerr;
-	    void *pctx = NULL;
-
-	    ftable = authdata_plugins_ftables_v2[i];
-	    if ((ftable->authdata_proc == NULL)) {
-		continue;
-	    }
-	    server_init_proc = ftable->init_proc;
-	    if ((server_init_proc != NULL) &&
-		((initerr = (*server_init_proc)(context, &pctx)) != 0)) {
-		const char *emsg;
-		emsg = krb5_get_error_message(context, initerr);
-		if (emsg) {
-		    krb5_klog_syslog(LOG_ERR,
-				     "authdata %s failed to initialize: %s",
-				     ftable->name, emsg);
-		    krb5_free_error_message(context, emsg);
-		}
-		memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
-	
-		continue;
-	    }
-    
-	    authdata_systems[k].name = ftable->name;
-	    authdata_systems[k].type = AUTHDATA_SYSTEM_V2;
-	    authdata_systems[k].init = server_init_proc;
-	    authdata_systems[k].fini = ftable->fini_proc;
-	    authdata_systems[k].handle_authdata.v2 = ftable->authdata_proc;
-	    authdata_systems[k].plugin_context = pctx;
-	    k++;
-	}
+        struct krb5plugin_authdata_server_ftable_v2 *ftable;
+
+        for (i = 0; authdata_plugins_ftables_v2[i] != NULL; i++) {
+            krb5_error_code initerr;
+            void *pctx = NULL;
+
+            ftable = authdata_plugins_ftables_v2[i];
+            if ((ftable->authdata_proc == NULL)) {
+                continue;
+            }
+            server_init_proc = ftable->init_proc;
+            if ((server_init_proc != NULL) &&
+                ((initerr = (*server_init_proc)(context, &pctx)) != 0)) {
+                const char *emsg;
+                emsg = krb5_get_error_message(context, initerr);
+                if (emsg) {
+                    krb5_klog_syslog(LOG_ERR,
+                                     "authdata %s failed to initialize: %s",
+                                     ftable->name, emsg);
+                    krb5_free_error_message(context, emsg);
+                }
+                memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
+
+                continue;
+            }
+
+            authdata_systems[k].name = ftable->name;
+            authdata_systems[k].type = AUTHDATA_SYSTEM_V2;
+            authdata_systems[k].init = server_init_proc;
+            authdata_systems[k].fini = ftable->fini_proc;
+            authdata_systems[k].handle_authdata.v2 = ftable->authdata_proc;
+            authdata_systems[k].plugin_context = pctx;
+            k++;
+        }
     }
 
     /* Add dynamically loaded V0 plugins */
     if (authdata_plugins_ftables_v0 != NULL) {
-	struct krb5plugin_authdata_server_ftable_v0 *ftable;
-
-	for (i = 0; authdata_plugins_ftables_v0[i] != NULL; i++) {
-	    krb5_error_code initerr;
-	    void *pctx = NULL;
-
-	    ftable = authdata_plugins_ftables_v0[i];
-	    if ((ftable->authdata_proc == NULL)) {
-		continue;
-	    }
-	    server_init_proc = ftable->init_proc;
-	    if ((server_init_proc != NULL) &&
-		((initerr = (*server_init_proc)(context, &pctx)) != 0)) {
-		const char *emsg;
-		emsg = krb5_get_error_message(context, initerr);
-		if (emsg) {
-		    krb5_klog_syslog(LOG_ERR,
-				     "authdata %s failed to initialize: %s",
-				     ftable->name, emsg);
-		    krb5_free_error_message(context, emsg);
-		}
-		memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
-	
-		continue;
-	    }
-    
-	    authdata_systems[k].name = ftable->name;
-	    authdata_systems[k].type = AUTHDATA_SYSTEM_V0;
-	    authdata_systems[k].init = server_init_proc;
-	    authdata_systems[k].fini = ftable->fini_proc;
-	    authdata_systems[k].handle_authdata.v0 = ftable->authdata_proc;
-	    authdata_systems[k].plugin_context = pctx;
-	    k++;
-	}
+        struct krb5plugin_authdata_server_ftable_v0 *ftable;
+
+        for (i = 0; authdata_plugins_ftables_v0[i] != NULL; i++) {
+            krb5_error_code initerr;
+            void *pctx = NULL;
+
+            ftable = authdata_plugins_ftables_v0[i];
+            if ((ftable->authdata_proc == NULL)) {
+                continue;
+            }
+            server_init_proc = ftable->init_proc;
+            if ((server_init_proc != NULL) &&
+                ((initerr = (*server_init_proc)(context, &pctx)) != 0)) {
+                const char *emsg;
+                emsg = krb5_get_error_message(context, initerr);
+                if (emsg) {
+                    krb5_klog_syslog(LOG_ERR,
+                                     "authdata %s failed to initialize: %s",
+                                     ftable->name, emsg);
+                    krb5_free_error_message(context, emsg);
+                }
+                memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
+
+                continue;
+            }
+
+            authdata_systems[k].name = ftable->name;
+            authdata_systems[k].type = AUTHDATA_SYSTEM_V0;
+            authdata_systems[k].init = server_init_proc;
+            authdata_systems[k].fini = ftable->fini_proc;
+            authdata_systems[k].handle_authdata.v0 = ftable->authdata_proc;
+            authdata_systems[k].plugin_context = pctx;
+            k++;
+        }
     }
 
     /* Add the locally-supplied mechanisms to the dynamic list first. */
     for (i = 0;
-	 i < sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]);
-	 i++) {
-	authdata_systems[k] = static_authdata_systems[i];
-	/* Try to initialize the authdata system.  If it fails, we'll remove it
-	 * from the list of systems we'll be using. */
-	server_init_proc = static_authdata_systems[i].init;
-	if ((server_init_proc != NULL) &&
-	    ((*server_init_proc)(context, &authdata_systems[k].plugin_context) != 0)) {
-	    memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
-	    continue;
-	}
-	k++;
+         i < sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]);
+         i++) {
+        authdata_systems[k] = static_authdata_systems[i];
+        /* Try to initialize the authdata system.  If it fails, we'll remove it
+         * from the list of systems we'll be using. */
+        server_init_proc = static_authdata_systems[i].init;
+        if ((server_init_proc != NULL) &&
+            ((*server_init_proc)(context, &authdata_systems[k].plugin_context) != 0)) {
+            memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
+            continue;
+        }
+        k++;
     }
 
     n_authdata_systems = k;
@@ -296,9 +297,9 @@ load_authdata_plugins(krb5_context context)
 
 cleanup:
     if (authdata_plugins_ftables_v2 != NULL)
-	krb5int_free_plugin_dir_data(authdata_plugins_ftables_v2);
+        krb5int_free_plugin_dir_data(authdata_plugins_ftables_v2);
     if (authdata_plugins_ftables_v0 != NULL)
-	krb5int_free_plugin_dir_data(authdata_plugins_ftables_v0);
+        krb5int_free_plugin_dir_data(authdata_plugins_ftables_v0);
 
     return code;
 }
@@ -308,17 +309,17 @@ unload_authdata_plugins(krb5_context context)
 {
     int i;
     if (authdata_systems != NULL) {
-	for (i = 0; i < n_authdata_systems; i++) {
-	    if (authdata_systems[i].fini != NULL) {
-		(*authdata_systems[i].fini)(context,
-					    authdata_systems[i].plugin_context);
-	    }
-	    memset(&authdata_systems[i], 0, sizeof(authdata_systems[i]));
-	}
-	free(authdata_systems);
-	authdata_systems = NULL;
-	n_authdata_systems = 0;
-	krb5int_close_plugin_dirs(&authdata_plugins);
+        for (i = 0; i < n_authdata_systems; i++) {
+            if (authdata_systems[i].fini != NULL) {
+                (*authdata_systems[i].fini)(context,
+                                            authdata_systems[i].plugin_context);
+            }
+            memset(&authdata_systems[i], 0, sizeof(authdata_systems[i]));
+        }
+        free(authdata_systems);
+        authdata_systems = NULL;
+        n_authdata_systems = 0;
+        krb5int_close_plugin_dirs(&authdata_plugins);
     }
     return 0;
 }
@@ -326,46 +327,46 @@ unload_authdata_plugins(krb5_context context)
 /* Merge authdata. If copy == 0, in_authdata is invalid on return */
 static krb5_error_code
 merge_authdata (krb5_context context,
-		krb5_authdata **in_authdata,
-		krb5_authdata ***out_authdata,
-		krb5_boolean copy)
+                krb5_authdata **in_authdata,
+                krb5_authdata ***out_authdata,
+                krb5_boolean copy)
 {
     size_t i, nadata = 0;
     krb5_authdata **authdata = *out_authdata;
 
     if (in_authdata == NULL || in_authdata[0] == NULL)
-	return 0;
+        return 0;
 
     if (authdata != NULL) {
-	for (nadata = 0; authdata[nadata] != NULL; nadata++)
-	    ;
+        for (nadata = 0; authdata[nadata] != NULL; nadata++)
+            ;
     }
 
     for (i = 0; in_authdata[i] != NULL; i++)
-	;
+        ;
 
     if (authdata == NULL) {
-	authdata = (krb5_authdata **)calloc(i + 1, sizeof(krb5_authdata *));
+        authdata = (krb5_authdata **)calloc(i + 1, sizeof(krb5_authdata *));
     } else {
-	authdata = (krb5_authdata **)realloc(authdata,
-	    ((nadata + i + 1) * sizeof(krb5_authdata *)));
+        authdata = (krb5_authdata **)realloc(authdata,
+                                             ((nadata + i + 1) * sizeof(krb5_authdata *)));
     }
     if (authdata == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     if (copy) {
-	krb5_error_code code;
-	krb5_authdata **tmp;
+        krb5_error_code code;
+        krb5_authdata **tmp;
 
-	code = krb5_copy_authdata(context, in_authdata, &tmp);
-	if (code != 0)
-	    return code;
+        code = krb5_copy_authdata(context, in_authdata, &tmp);
+        if (code != 0)
+            return code;
 
-	in_authdata = tmp;
+        in_authdata = tmp;
     }
 
     for (i = 0; in_authdata[i] != NULL; i++)
-	authdata[nadata + i] = in_authdata[i];
+        authdata[nadata + i] = in_authdata[i];
 
     authdata[nadata + i] = NULL;
 
@@ -379,32 +380,32 @@ merge_authdata (krb5_context context,
 /* Handle copying TGS-REQ authorization data into reply */
 static krb5_error_code
 handle_request_authdata (krb5_context context,
-			 unsigned int flags,
-			 krb5_db_entry *client,
-			 krb5_db_entry *server,
-			 krb5_db_entry *krbtgt,
-			 krb5_keyblock *client_key,
-			 krb5_keyblock *server_key,
+                         unsigned int flags,
+                         krb5_db_entry *client,
+                         krb5_db_entry *server,
+                         krb5_db_entry *krbtgt,
+                         krb5_keyblock *client_key,
+                         krb5_keyblock *server_key,
                          krb5_keyblock *krbtgt_key,
-			 krb5_data *req_pkt,
-			 krb5_kdc_req *request,
-			 krb5_const_principal for_user_princ,
-			 krb5_enc_tkt_part *enc_tkt_request,
-			 krb5_enc_tkt_part *enc_tkt_reply)
+                         krb5_data *req_pkt,
+                         krb5_kdc_req *request,
+                         krb5_const_principal for_user_princ,
+                         krb5_enc_tkt_part *enc_tkt_request,
+                         krb5_enc_tkt_part *enc_tkt_reply)
 {
     krb5_error_code code;
     krb5_data scratch;
 
     if (request->msg_type != KRB5_TGS_REQ ||
-	request->authorization_data.ciphertext.data == NULL)
-	return 0;
+        request->authorization_data.ciphertext.data == NULL)
+        return 0;
 
     assert(enc_tkt_request != NULL);
 
     scratch.length = request->authorization_data.ciphertext.length;
     scratch.data = malloc(scratch.length);
     if (scratch.data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     /*
      * RFC 4120 requires authdata in the TGS body to be encrypted in
@@ -418,34 +419,34 @@ handle_request_authdata (krb5_context context,
      * fails.
      */
     code = krb5_c_decrypt(context,
-			  enc_tkt_request->session,
-			  KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY,
-			  0, &request->authorization_data,
-			  &scratch);
+                          enc_tkt_request->session,
+                          KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY,
+                          0, &request->authorization_data,
+                          &scratch);
     if (code != 0)
-	code = krb5_c_decrypt(context,
-			      client_key,
-			      KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
-			      0, &request->authorization_data,
-			      &scratch);
+        code = krb5_c_decrypt(context,
+                              client_key,
+                              KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
+                              0, &request->authorization_data,
+                              &scratch);
 
     if (code != 0) {
-	free(scratch.data);
-	return code;
+        free(scratch.data);
+        return code;
     }
 
     /* scratch now has the authorization data, so we decode it, and make
      * it available to subsequent authdata plugins */
     code = decode_krb5_authdata(&scratch, &request->unenc_authdata);
     if (code != 0) {
-	free(scratch.data);
-	return code;
+        free(scratch.data);
+        return code;
     }
 
     free(scratch.data);
 
     code = merge_authdata(context, request->unenc_authdata,
-			  &enc_tkt_reply->authorization_data, TRUE /* copy */);
+                          &enc_tkt_reply->authorization_data, TRUE /* copy */);
 
     return code;
 }
@@ -453,18 +454,18 @@ handle_request_authdata (krb5_context context,
 /* Handle backend-managed authorization data */
 static krb5_error_code
 handle_tgt_authdata (krb5_context context,
-		     unsigned int flags,
-		     krb5_db_entry *client,
-		     krb5_db_entry *server,
-		     krb5_db_entry *krbtgt,
-		     krb5_keyblock *client_key,
-		     krb5_keyblock *server_key,
-		     krb5_keyblock *krbtgt_key,
-		     krb5_data *req_pkt,
-		     krb5_kdc_req *request,
-		     krb5_const_principal for_user_princ,
-		     krb5_enc_tkt_part *enc_tkt_request,
-		     krb5_enc_tkt_part *enc_tkt_reply)
+                     unsigned int flags,
+                     krb5_db_entry *client,
+                     krb5_db_entry *server,
+                     krb5_db_entry *krbtgt,
+                     krb5_keyblock *client_key,
+                     krb5_keyblock *server_key,
+                     krb5_keyblock *krbtgt_key,
+                     krb5_data *req_pkt,
+                     krb5_kdc_req *request,
+                     krb5_const_principal for_user_princ,
+                     krb5_enc_tkt_part *enc_tkt_request,
+                     krb5_enc_tkt_part *enc_tkt_reply)
 {
     krb5_error_code code;
     krb5_authdata **db_authdata = NULL;
@@ -488,19 +489,19 @@ handle_tgt_authdata (krb5_context context,
      * for cross-realm protocol transition below).
      */
     if (tgs_req) {
-	assert(enc_tkt_request != NULL);
+        assert(enc_tkt_request != NULL);
 
-	if (isflagset(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED))
-	    return 0;
+        if (isflagset(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED))
+            return 0;
 
-	if (enc_tkt_request->authorization_data == NULL &&
-	    !isflagset(flags, KRB5_KDB_FLAG_CROSS_REALM | KRB5_KDB_FLAGS_S4U))
-	    return 0;
+        if (enc_tkt_request->authorization_data == NULL &&
+            !isflagset(flags, KRB5_KDB_FLAG_CROSS_REALM | KRB5_KDB_FLAGS_S4U))
+            return 0;
 
-	assert(enc_tkt_reply->times.authtime == enc_tkt_request->times.authtime);
+        assert(enc_tkt_reply->times.authtime == enc_tkt_request->times.authtime);
     } else {
-	if (!isflagset(flags, KRB5_KDB_FLAG_INCLUDE_PAC))
-	    return 0;
+        if (!isflagset(flags, KRB5_KDB_FLAG_INCLUDE_PAC))
+            return 0;
     }
 
     /*
@@ -509,9 +510,9 @@ handle_tgt_authdata (krb5_context context,
      * not be changed until the final hop.
      */
     if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
-	actual_client = for_user_princ;
+        actual_client = for_user_princ;
     else
-	actual_client = enc_tkt_reply->client;
+        actual_client = enc_tkt_reply->client;
 
     /*
      * If the backend does not implement the sign authdata method, then
@@ -524,37 +525,37 @@ handle_tgt_authdata (krb5_context context,
      * to influence (eg. possibly restrict) the reply auth data.
      */
     code = sign_db_authdata(context,
-			    flags,
-			    actual_client,
-			    client,
-			    server,
-			    krbtgt,
-			    client_key,
-			    server_key, /* U2U or server key */
-			    krbtgt_key,
-			    enc_tkt_reply->times.authtime,
-			    tgs_req ? enc_tkt_request->authorization_data : NULL,
-			    enc_tkt_reply->session,
-			    &db_authdata);
+                            flags,
+                            actual_client,
+                            client,
+                            server,
+                            krbtgt,
+                            client_key,
+                            server_key, /* U2U or server key */
+                            krbtgt_key,
+                            enc_tkt_reply->times.authtime,
+                            tgs_req ? enc_tkt_request->authorization_data : NULL,
+                            enc_tkt_reply->session,
+                            &db_authdata);
     if (code == KRB5_KDB_DBTYPE_NOSUP) {
-	assert(db_authdata == NULL);
+        assert(db_authdata == NULL);
 
-	if (isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
-	    return KRB5KDC_ERR_POLICY;
+        if (isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
+            return KRB5KDC_ERR_POLICY;
 
-	if (tgs_req)
-	    return merge_authdata(context, enc_tkt_request->authorization_data,
-				  &enc_tkt_reply->authorization_data, TRUE);
-	else
-	    return 0;
+        if (tgs_req)
+            return merge_authdata(context, enc_tkt_request->authorization_data,
+                                  &enc_tkt_reply->authorization_data, TRUE);
+        else
+            return 0;
     }
 
     if (db_authdata != NULL) {
-	code = merge_authdata(context, db_authdata,
-			      &enc_tkt_reply->authorization_data,
-			      FALSE);
-	if (code != 0)
-	    krb5_free_authdata(context, db_authdata);
+        code = merge_authdata(context, db_authdata,
+                              &enc_tkt_reply->authorization_data,
+                              FALSE);
+        if (code != 0)
+            krb5_free_authdata(context, db_authdata);
     }
 
     return code;
@@ -562,60 +563,59 @@ handle_tgt_authdata (krb5_context context,
 
 krb5_error_code
 handle_authdata (krb5_context context,
-		 unsigned int flags,
-		 krb5_db_entry *client,
-		 krb5_db_entry *server,
-		 krb5_db_entry *krbtgt,
-		 krb5_keyblock *client_key,
-		 krb5_keyblock *server_key,
-		 krb5_keyblock *krbtgt_key,
-		 krb5_data *req_pkt,
-		 krb5_kdc_req *request,
-		 krb5_const_principal for_user_princ,
-		 krb5_enc_tkt_part *enc_tkt_request,
-		 krb5_enc_tkt_part *enc_tkt_reply)
+                 unsigned int flags,
+                 krb5_db_entry *client,
+                 krb5_db_entry *server,
+                 krb5_db_entry *krbtgt,
+                 krb5_keyblock *client_key,
+                 krb5_keyblock *server_key,
+                 krb5_keyblock *krbtgt_key,
+                 krb5_data *req_pkt,
+                 krb5_kdc_req *request,
+                 krb5_const_principal for_user_princ,
+                 krb5_enc_tkt_part *enc_tkt_request,
+                 krb5_enc_tkt_part *enc_tkt_reply)
 {
     krb5_error_code code = 0;
     int i;
 
     for (i = 0; i < n_authdata_systems; i++) {
-	const krb5_authdata_systems *asys = &authdata_systems[i];
-
-	switch (asys->type) {
-	case AUTHDATA_SYSTEM_V0:
-	    /* V0 was only in AS-REQ code path */
-	    if (request->msg_type != KRB5_AS_REQ)
-		continue;
-
-	    code = (*asys->handle_authdata.v0)(context, client, req_pkt,
-					       request, enc_tkt_reply);
-	    break;
-	case AUTHDATA_SYSTEM_V2:
-	    code = (*asys->handle_authdata.v2)(context, flags,
-					      client, server, krbtgt,
-					      client_key, server_key, krbtgt_key,
-					      req_pkt, request, for_user_princ,
-					      enc_tkt_request,
-					      enc_tkt_reply);
-	    break;
-	default:
-	    code = 0;
-	    break;
-	}
-	if (code != 0) {
-	    const char *emsg;
-
-	    emsg = krb5_get_error_message (context, code);
-	    krb5_klog_syslog (LOG_INFO,
-			      "authdata (%s) handling failure: %s",
-			      asys->name, emsg);
-	    krb5_free_error_message (context, emsg);
-
-	    if (asys->flags & AUTHDATA_FLAG_CRITICAL)
-		break;
-	}
+        const krb5_authdata_systems *asys = &authdata_systems[i];
+
+        switch (asys->type) {
+        case AUTHDATA_SYSTEM_V0:
+            /* V0 was only in AS-REQ code path */
+            if (request->msg_type != KRB5_AS_REQ)
+                continue;
+
+            code = (*asys->handle_authdata.v0)(context, client, req_pkt,
+                                               request, enc_tkt_reply);
+            break;
+        case AUTHDATA_SYSTEM_V2:
+            code = (*asys->handle_authdata.v2)(context, flags,
+                                               client, server, krbtgt,
+                                               client_key, server_key, krbtgt_key,
+                                               req_pkt, request, for_user_princ,
+                                               enc_tkt_request,
+                                               enc_tkt_reply);
+            break;
+        default:
+            code = 0;
+            break;
+        }
+        if (code != 0) {
+            const char *emsg;
+
+            emsg = krb5_get_error_message (context, code);
+            krb5_klog_syslog (LOG_INFO,
+                              "authdata (%s) handling failure: %s",
+                              asys->name, emsg);
+            krb5_free_error_message (context, emsg);
+
+            if (asys->flags & AUTHDATA_FLAG_CRITICAL)
+                break;
+        }
     }
 
     return code;
 }
-
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 2149fd1ac..1eda93ba9 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/kdc_preauth.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,20 +23,20 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * Preauthentication routines for the KDC.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -46,7 +47,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -103,7 +104,7 @@ static const char *objdirs[] = { LIBDIR "/krb5/plugins/preauth", NULL };
 /* XXX This is ugly and should be in a header file somewhere */
 #ifndef KRB5INT_DES_TYPES_DEFINED
 #define KRB5INT_DES_TYPES_DEFINED
-typedef unsigned char des_cblock[8];	/* crypto-block size */
+typedef unsigned char des_cblock[8];    /* crypto-block size */
 #endif
 typedef des_cblock mit_des_cblock;
 extern void mit_des_fixup_key_parity (mit_des_cblock );
@@ -111,127 +112,127 @@ extern int mit_des_is_weak_key (mit_des_cblock );
 
 typedef struct _krb5_preauth_systems {
     const char *name;
-    int		type;
-    int		flags;
+    int         type;
+    int         flags;
     void       *plugin_context;
-    preauth_server_init_proc	init;
-    preauth_server_fini_proc	fini;
-    preauth_server_edata_proc	get_edata;
-    preauth_server_verify_proc	verify_padata;
-    preauth_server_return_proc	return_padata;
-    preauth_server_free_reqcontext_proc	free_pa_reqctx;
+    preauth_server_init_proc    init;
+    preauth_server_fini_proc    fini;
+    preauth_server_edata_proc   get_edata;
+    preauth_server_verify_proc  verify_padata;
+    preauth_server_return_proc  return_padata;
+    preauth_server_free_reqcontext_proc free_pa_reqctx;
 } krb5_preauth_systems;
 
 static krb5_error_code verify_enc_timestamp
-    (krb5_context, krb5_db_entry *client,
-		    krb5_data *req_pkt,
-		    krb5_kdc_req *request,
-		    krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data,
-		    preauth_get_entry_data_proc get_entry_data,
-		    void *pa_system_context,
-		    void **pa_request_context,
-		    krb5_data **e_data,
-		    krb5_authdata ***authz_data);
+(krb5_context, krb5_db_entry *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data,
+ preauth_get_entry_data_proc get_entry_data,
+ void *pa_system_context,
+ void **pa_request_context,
+ krb5_data **e_data,
+ krb5_authdata ***authz_data);
 
 static krb5_error_code get_enc_ts
-    (krb5_context, krb5_kdc_req *request,
-		    krb5_db_entry *client, krb5_db_entry *server,
-		    preauth_get_entry_data_proc get_entry_data,
-		    void *pa_system_context,
-		    krb5_pa_data *data);
+(krb5_context, krb5_kdc_req *request,
+ krb5_db_entry *client, krb5_db_entry *server,
+ preauth_get_entry_data_proc get_entry_data,
+ void *pa_system_context,
+ krb5_pa_data *data);
 static krb5_error_code get_etype_info
-    (krb5_context, krb5_kdc_req *request,
-		    krb5_db_entry *client, krb5_db_entry *server,
-		    preauth_get_entry_data_proc get_entry_data,
-		    void *pa_system_context,
-		    krb5_pa_data *data);
+(krb5_context, krb5_kdc_req *request,
+ krb5_db_entry *client, krb5_db_entry *server,
+ preauth_get_entry_data_proc get_entry_data,
+ void *pa_system_context,
+ krb5_pa_data *data);
 static krb5_error_code
 get_etype_info2(krb5_context context, krb5_kdc_req *request,
-	        krb5_db_entry *client, krb5_db_entry *server,
-		preauth_get_entry_data_proc get_entry_data,
-		void *pa_system_context,
-		krb5_pa_data *pa_data);
+                krb5_db_entry *client, krb5_db_entry *server,
+                preauth_get_entry_data_proc get_entry_data,
+                void *pa_system_context,
+                krb5_pa_data *pa_data);
 static krb5_error_code
-etype_info_as_rep_helper(krb5_context context, krb5_pa_data * padata, 
-			 krb5_db_entry *client,
-			 krb5_kdc_req *request, krb5_kdc_rep *reply,
-			 krb5_key_data *client_key,
-			 krb5_keyblock *encrypting_key,
-			 krb5_pa_data **send_pa,
-			 int etype_info2);
+etype_info_as_rep_helper(krb5_context context, krb5_pa_data * padata,
+                         krb5_db_entry *client,
+                         krb5_kdc_req *request, krb5_kdc_rep *reply,
+                         krb5_key_data *client_key,
+                         krb5_keyblock *encrypting_key,
+                         krb5_pa_data **send_pa,
+                         int etype_info2);
 
 static krb5_error_code
-return_etype_info(krb5_context, krb5_pa_data * padata, 
-		  krb5_db_entry *client,
-		  krb5_data *req_pkt,
-		  krb5_kdc_req *request, krb5_kdc_rep *reply,
-		  krb5_key_data *client_key,
-		  krb5_keyblock *encrypting_key,
-		  krb5_pa_data **send_pa,
-		  preauth_get_entry_data_proc get_entry_data,
-		  void *pa_system_context,
-		  void **pa_request_context);
+return_etype_info(krb5_context, krb5_pa_data * padata,
+                  krb5_db_entry *client,
+                  krb5_data *req_pkt,
+                  krb5_kdc_req *request, krb5_kdc_rep *reply,
+                  krb5_key_data *client_key,
+                  krb5_keyblock *encrypting_key,
+                  krb5_pa_data **send_pa,
+                  preauth_get_entry_data_proc get_entry_data,
+                  void *pa_system_context,
+                  void **pa_request_context);
 
 static krb5_error_code
-return_etype_info2(krb5_context, krb5_pa_data * padata, 
-		   krb5_db_entry *client,
-		   krb5_data *req_pkt,
-		   krb5_kdc_req *request, krb5_kdc_rep *reply,
-		   krb5_key_data *client_key,
-		   krb5_keyblock *encrypting_key,
-		   krb5_pa_data **send_pa,
-		   preauth_get_entry_data_proc get_entry_data,
-		   void *pa_system_context,
-		   void **pa_request_context);
+return_etype_info2(krb5_context, krb5_pa_data * padata,
+                   krb5_db_entry *client,
+                   krb5_data *req_pkt,
+                   krb5_kdc_req *request, krb5_kdc_rep *reply,
+                   krb5_key_data *client_key,
+                   krb5_keyblock *encrypting_key,
+                   krb5_pa_data **send_pa,
+                   preauth_get_entry_data_proc get_entry_data,
+                   void *pa_system_context,
+                   void **pa_request_context);
 
 static krb5_error_code return_pw_salt
-    (krb5_context, krb5_pa_data * padata, 
-		    krb5_db_entry *client,
-		    krb5_data *req_pkt,
-		    krb5_kdc_req *request, krb5_kdc_rep *reply,
-		    krb5_key_data *client_key,
-		    krb5_keyblock *encrypting_key,
-		    krb5_pa_data **send_pa,
-		    preauth_get_entry_data_proc get_entry_data,
-		    void *pa_system_context,
-		    void **pa_request_context);
+(krb5_context, krb5_pa_data * padata,
+ krb5_db_entry *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key,
+ krb5_pa_data **send_pa,
+ preauth_get_entry_data_proc get_entry_data,
+ void *pa_system_context,
+ void **pa_request_context);
 
 /* SAM preauth support */
 static krb5_error_code verify_sam_response
-    (krb5_context, krb5_db_entry *client,
-		    krb5_data *req_pkt,
-		    krb5_kdc_req *request,
-		    krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data,
-		    preauth_get_entry_data_proc get_entry_data,
-		    void *pa_module_context,
-		    void **pa_request_context,
-		    krb5_data **e_data,
-		    krb5_authdata ***authz_data);
+(krb5_context, krb5_db_entry *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data *data,
+ preauth_get_entry_data_proc get_entry_data,
+ void *pa_module_context,
+ void **pa_request_context,
+ krb5_data **e_data,
+ krb5_authdata ***authz_data);
 
 static krb5_error_code get_sam_edata
-    (krb5_context, krb5_kdc_req *request,
-		    krb5_db_entry *client, krb5_db_entry *server,
-		    preauth_get_entry_data_proc get_entry_data,
-		    void *pa_module_context,
-		    krb5_pa_data *data);
+(krb5_context, krb5_kdc_req *request,
+ krb5_db_entry *client, krb5_db_entry *server,
+ preauth_get_entry_data_proc get_entry_data,
+ void *pa_module_context,
+ krb5_pa_data *data);
 static krb5_error_code return_sam_data
-    (krb5_context, krb5_pa_data * padata, 
-		    krb5_db_entry *client,
-		    krb5_data *req_pkt,
-		    krb5_kdc_req *request, krb5_kdc_rep *reply,
-		    krb5_key_data *client_key,
-		    krb5_keyblock *encrypting_key,
-		    krb5_pa_data **send_pa,
-		    preauth_get_entry_data_proc get_entry_data,
-		    void *pa_module_context,
-		    void **pa_request_context);
+(krb5_context, krb5_pa_data * padata,
+ krb5_db_entry *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key,
+ krb5_keyblock *encrypting_key,
+ krb5_pa_data **send_pa,
+ preauth_get_entry_data_proc get_entry_data,
+ void *pa_module_context,
+ void **pa_request_context);
 
 #if APPLE_PKINIT
 /* PKINIT preauth support */
 static krb5_error_code get_pkinit_edata(
-    krb5_context context, 
+    krb5_context context,
     krb5_kdc_req *request,
-    krb5_db_entry *client, 
+    krb5_db_entry *client,
     krb5_db_entry *server,
     preauth_get_entry_data_proc get_entry_data,
     void *pa_module_context,
@@ -241,7 +242,7 @@ static krb5_error_code verify_pkinit_request(
     krb5_db_entry *client,
     krb5_data *req_pkt,
     krb5_kdc_req *request,
-    krb5_enc_tkt_part *enc_tkt_reply, 
+    krb5_enc_tkt_part *enc_tkt_reply,
     krb5_pa_data *data,
     preauth_get_entry_data_proc get_entry_data,
     void *pa_module_context,
@@ -249,11 +250,11 @@ static krb5_error_code verify_pkinit_request(
     krb5_data **e_data,
     krb5_authdata ***authz_data);
 static krb5_error_code return_pkinit_response(
-    krb5_context context, 
-    krb5_pa_data * padata, 
+    krb5_context context,
+    krb5_pa_data * padata,
     krb5_db_entry *client,
     krb5_data *req_pkt,
-    krb5_kdc_req *request, 
+    krb5_kdc_req *request,
     krb5_kdc_rep *reply,
     krb5_key_data *client_key,
     krb5_keyblock *encrypting_key,
@@ -266,114 +267,114 @@ static krb5_error_code return_pkinit_response(
 static krb5_preauth_systems static_preauth_systems[] = {
 #if APPLE_PKINIT
     {
-	"pkinit",
-	KRB5_PADATA_PK_AS_REQ,
-	PA_SUFFICIENT,	
-	NULL,			/* pa_sys_context */
-	NULL,			/* init */
-	NULL,			/* fini */
-	get_pkinit_edata,	
-	verify_pkinit_request,
-	return_pkinit_response,
-	NULL			/* free_pa_request_context */
+        "pkinit",
+        KRB5_PADATA_PK_AS_REQ,
+        PA_SUFFICIENT,
+        NULL,                   /* pa_sys_context */
+        NULL,                   /* init */
+        NULL,                   /* fini */
+        get_pkinit_edata,
+        verify_pkinit_request,
+        return_pkinit_response,
+        NULL                    /* free_pa_request_context */
     },
 #endif /* APPLE_PKINIT */
     {
-	"timestamp",
+        "timestamp",
         KRB5_PADATA_ENC_TIMESTAMP,
         0,
-	NULL,
-	NULL,
-	NULL,
+        NULL,
+        NULL,
+        NULL,
         get_enc_ts,
-	verify_enc_timestamp,
-	0
+        verify_enc_timestamp,
+        0
     },
     {
-	"FAST",
+        "FAST",
         KRB5_PADATA_FX_FAST,
         PA_HARDWARE,
-	NULL,
-	NULL,
-	NULL,
         NULL,
-	NULL,
-	0
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        0
     },
     {
-	"etype-info",
-	KRB5_PADATA_ETYPE_INFO,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	get_etype_info,
-	0,
-	return_etype_info
+        "etype-info",
+        KRB5_PADATA_ETYPE_INFO,
+        0,
+        NULL,
+        NULL,
+        NULL,
+        get_etype_info,
+        0,
+        return_etype_info
     },
     {
-	"etype-info2",
-	KRB5_PADATA_ETYPE_INFO2,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	get_etype_info2,
-	0,
-	return_etype_info2
+        "etype-info2",
+        KRB5_PADATA_ETYPE_INFO2,
+        0,
+        NULL,
+        NULL,
+        NULL,
+        get_etype_info2,
+        0,
+        return_etype_info2
     },
     {
-	"pw-salt",
-	KRB5_PADATA_PW_SALT,
-	PA_PSEUDO,		/* Don't include this in the error list */
-	NULL,
-	NULL,
-	NULL,
-	0, 
-	0,
-	return_pw_salt
+        "pw-salt",
+        KRB5_PADATA_PW_SALT,
+        PA_PSEUDO,              /* Don't include this in the error list */
+        NULL,
+        NULL,
+        NULL,
+        0,
+        0,
+        return_pw_salt
     },
     {
-	"sam-response",
-	KRB5_PADATA_SAM_RESPONSE,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	0,
-	verify_sam_response,
-	return_sam_data
+        "sam-response",
+        KRB5_PADATA_SAM_RESPONSE,
+        0,
+        NULL,
+        NULL,
+        NULL,
+        0,
+        verify_sam_response,
+        return_sam_data
     },
     {
-	"sam-challenge",
-	KRB5_PADATA_SAM_CHALLENGE,
-	PA_HARDWARE,		/* causes get_preauth_hint_list to use this */
-	NULL,
-	NULL,
-	NULL,
-	get_sam_edata,
-	0,
-	0
+        "sam-challenge",
+        KRB5_PADATA_SAM_CHALLENGE,
+        PA_HARDWARE,            /* causes get_preauth_hint_list to use this */
+        NULL,
+        NULL,
+        NULL,
+        get_sam_edata,
+        0,
+        0
     },
     {
-	"pac-request",
-	KRB5_PADATA_PAC_REQUEST,
-	PA_PSEUDO,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL
+        "pac-request",
+        KRB5_PADATA_PAC_REQUEST,
+        PA_PSEUDO,
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        NULL
     },
 #if 0
     {
-	"server-referral",
-	KRB5_PADATA_SERVER_REFERRAL,
-	PA_PSEUDO,
-	0,
-	0,
-	return_server_referral
+        "server-referral",
+        KRB5_PADATA_SERVER_REFERRAL,
+        PA_PSEUDO,
+        0,
+        0,
+        return_server_referral
     },
 #endif
     { "[end]", -1,}
@@ -396,140 +397,140 @@ load_preauth_plugins(krb5_context context)
     /* Attempt to load all of the preauth plugins we can find. */
     PLUGIN_DIR_INIT(&preauth_plugins);
     if (PLUGIN_DIR_OPEN(&preauth_plugins) == 0) {
-	if (krb5int_open_plugin_dirs(objdirs, NULL,
-				     &preauth_plugins, &context->err) != 0) {
-	    return KRB5_PLUGIN_NO_HANDLE;
-	}
+        if (krb5int_open_plugin_dirs(objdirs, NULL,
+                                     &preauth_plugins, &context->err) != 0) {
+            return KRB5_PLUGIN_NO_HANDLE;
+        }
     }
 
     /* Get the method tables provided by the loaded plugins. */
     preauth_plugins_ftables = NULL;
     if (krb5int_get_plugin_dir_data(&preauth_plugins,
-				    "preauthentication_server_1",
-				    &preauth_plugins_ftables, &context->err) != 0) {
-	return KRB5_PLUGIN_NO_HANDLE;
+                                    "preauthentication_server_1",
+                                    &preauth_plugins_ftables, &context->err) != 0) {
+        return KRB5_PLUGIN_NO_HANDLE;
     }
 
     /* Count the valid modules. */
     module_count = sizeof(static_preauth_systems)
-		   / sizeof(static_preauth_systems[0]);
+        / sizeof(static_preauth_systems[0]);
     if (preauth_plugins_ftables != NULL) {
-	for (i = 0; preauth_plugins_ftables[i] != NULL; i++) {
-	    ftable = preauth_plugins_ftables[i];
-	    if ((ftable->flags_proc == NULL) &&
-		(ftable->edata_proc == NULL) &&
-		(ftable->verify_proc == NULL) &&
-		(ftable->return_proc == NULL)) {
-		continue;
-	    }
-	    for (j = 0;
-		 ftable->pa_type_list != NULL &&
-		 ftable->pa_type_list[j] > 0;
-		 j++) {
-		module_count++;
-	    }
-	}
+        for (i = 0; preauth_plugins_ftables[i] != NULL; i++) {
+            ftable = preauth_plugins_ftables[i];
+            if ((ftable->flags_proc == NULL) &&
+                (ftable->edata_proc == NULL) &&
+                (ftable->verify_proc == NULL) &&
+                (ftable->return_proc == NULL)) {
+                continue;
+            }
+            for (j = 0;
+                 ftable->pa_type_list != NULL &&
+                     ftable->pa_type_list[j] > 0;
+                 j++) {
+                module_count++;
+            }
+        }
     }
 
     /* Build the complete list of supported preauthentication options, and
      * leave room for a terminator entry. */
     preauth_systems = malloc(sizeof(krb5_preauth_systems) * (module_count + 1));
     if (preauth_systems == NULL) {
-	krb5int_free_plugin_dir_data(preauth_plugins_ftables);
-	return ENOMEM;
+        krb5int_free_plugin_dir_data(preauth_plugins_ftables);
+        return ENOMEM;
     }
 
     /* Build a list of the names of the supported realms for this KDC.
      * The list of names is terminated with a NULL. */
     kdc_realm_names = malloc(sizeof(char *) * (kdc_numrealms + 1));
     if (kdc_realm_names == NULL) {
-	krb5int_free_plugin_dir_data(preauth_plugins_ftables);
-	return ENOMEM;
+        krb5int_free_plugin_dir_data(preauth_plugins_ftables);
+        return ENOMEM;
     }
     for (i = 0; i < (size_t)kdc_numrealms; i++) {
-	kdc_realm_names[i] = kdc_realmlist[i]->realm_name;
+        kdc_realm_names[i] = kdc_realmlist[i]->realm_name;
     }
     kdc_realm_names[i] = NULL;
 
     /* Add the locally-supplied mechanisms to the dynamic list first. */
     for (i = 0, k = 0;
-	 i < sizeof(static_preauth_systems) / sizeof(static_preauth_systems[0]);
-	 i++) {
-	if (static_preauth_systems[i].type == -1)
-	    break;
-	preauth_systems[k] = static_preauth_systems[i];
-	/* Try to initialize the preauth system.  If it fails, we'll remove it
-	 * from the list of systems we'll be using. */
-	plugin_context = NULL;
-	server_init_proc = static_preauth_systems[i].init;
-	if ((server_init_proc != NULL) &&
-	    ((*server_init_proc)(context, &plugin_context, (const char **)kdc_realm_names) != 0)) {
-	    memset(&preauth_systems[k], 0, sizeof(preauth_systems[k]));
-	    continue;
-	}
-	preauth_systems[k].plugin_context = plugin_context;
-	k++;
+         i < sizeof(static_preauth_systems) / sizeof(static_preauth_systems[0]);
+         i++) {
+        if (static_preauth_systems[i].type == -1)
+            break;
+        preauth_systems[k] = static_preauth_systems[i];
+        /* Try to initialize the preauth system.  If it fails, we'll remove it
+         * from the list of systems we'll be using. */
+        plugin_context = NULL;
+        server_init_proc = static_preauth_systems[i].init;
+        if ((server_init_proc != NULL) &&
+            ((*server_init_proc)(context, &plugin_context, (const char **)kdc_realm_names) != 0)) {
+            memset(&preauth_systems[k], 0, sizeof(preauth_systems[k]));
+            continue;
+        }
+        preauth_systems[k].plugin_context = plugin_context;
+        k++;
     }
 
     /* Now add the dynamically-loaded mechanisms to the list. */
     if (preauth_plugins_ftables != NULL) {
-	for (i = 0; preauth_plugins_ftables[i] != NULL; i++) {
-	    ftable = preauth_plugins_ftables[i];
-	    if ((ftable->flags_proc == NULL) &&
-		(ftable->edata_proc == NULL) &&
-		(ftable->verify_proc == NULL) &&
-		(ftable->return_proc == NULL)) {
-		continue;
-	    }
-	    plugin_context = NULL;
-	    for (j = 0;
-		 ftable->pa_type_list != NULL &&
-		 ftable->pa_type_list[j] > 0;
-		 j++) {
-		/* Try to initialize the plugin.  If it fails, we'll remove it
-		 * from the list of modules we'll be using. */
-		if (j == 0) {
-		    server_init_proc = ftable->init_proc;
-		    if (server_init_proc != NULL) {
-			krb5_error_code initerr;
-			initerr = (*server_init_proc)(context, &plugin_context, (const char **)kdc_realm_names);
-			if (initerr) {
-			    const char *emsg;
-			    emsg = krb5_get_error_message(context, initerr);
-			    if (emsg) {
-				krb5_klog_syslog(LOG_ERR,
-					"preauth %s failed to initialize: %s",
-					ftable->name, emsg);
-				krb5_free_error_message(context, emsg);
-			    }
-			    memset(&preauth_systems[k], 0, sizeof(preauth_systems[k]));
-
-			    break;	/* skip all modules in this plugin */
-			}
-		    }
-		}
-		preauth_systems[k].name = ftable->name;
-		preauth_systems[k].type = ftable->pa_type_list[j];
-		if (ftable->flags_proc != NULL)
-		    preauth_systems[k].flags = ftable->flags_proc(context, preauth_systems[k].type);
-		else
-		    preauth_systems[k].flags = 0;
-		preauth_systems[k].plugin_context = plugin_context;
-		preauth_systems[k].init = server_init_proc;
-		/* Only call fini once for each plugin */
-		if (j == 0)
-		    preauth_systems[k].fini = ftable->fini_proc;
-		else
-		    preauth_systems[k].fini = NULL;
-		preauth_systems[k].get_edata = ftable->edata_proc;
-		preauth_systems[k].verify_padata = ftable->verify_proc;
-		preauth_systems[k].return_padata = ftable->return_proc;
-		preauth_systems[k].free_pa_reqctx =
-		    ftable->freepa_reqcontext_proc;
-		k++;
-	    }
-	}
-	krb5int_free_plugin_dir_data(preauth_plugins_ftables);
+        for (i = 0; preauth_plugins_ftables[i] != NULL; i++) {
+            ftable = preauth_plugins_ftables[i];
+            if ((ftable->flags_proc == NULL) &&
+                (ftable->edata_proc == NULL) &&
+                (ftable->verify_proc == NULL) &&
+                (ftable->return_proc == NULL)) {
+                continue;
+            }
+            plugin_context = NULL;
+            for (j = 0;
+                 ftable->pa_type_list != NULL &&
+                     ftable->pa_type_list[j] > 0;
+                 j++) {
+                /* Try to initialize the plugin.  If it fails, we'll remove it
+                 * from the list of modules we'll be using. */
+                if (j == 0) {
+                    server_init_proc = ftable->init_proc;
+                    if (server_init_proc != NULL) {
+                        krb5_error_code initerr;
+                        initerr = (*server_init_proc)(context, &plugin_context, (const char **)kdc_realm_names);
+                        if (initerr) {
+                            const char *emsg;
+                            emsg = krb5_get_error_message(context, initerr);
+                            if (emsg) {
+                                krb5_klog_syslog(LOG_ERR,
+                                                 "preauth %s failed to initialize: %s",
+                                                 ftable->name, emsg);
+                                krb5_free_error_message(context, emsg);
+                            }
+                            memset(&preauth_systems[k], 0, sizeof(preauth_systems[k]));
+
+                            break;      /* skip all modules in this plugin */
+                        }
+                    }
+                }
+                preauth_systems[k].name = ftable->name;
+                preauth_systems[k].type = ftable->pa_type_list[j];
+                if (ftable->flags_proc != NULL)
+                    preauth_systems[k].flags = ftable->flags_proc(context, preauth_systems[k].type);
+                else
+                    preauth_systems[k].flags = 0;
+                preauth_systems[k].plugin_context = plugin_context;
+                preauth_systems[k].init = server_init_proc;
+                /* Only call fini once for each plugin */
+                if (j == 0)
+                    preauth_systems[k].fini = ftable->fini_proc;
+                else
+                    preauth_systems[k].fini = NULL;
+                preauth_systems[k].get_edata = ftable->edata_proc;
+                preauth_systems[k].verify_padata = ftable->verify_proc;
+                preauth_systems[k].return_padata = ftable->return_proc;
+                preauth_systems[k].free_pa_reqctx =
+                    ftable->freepa_reqcontext_proc;
+                k++;
+            }
+        }
+        krb5int_free_plugin_dir_data(preauth_plugins_ftables);
     }
     free(kdc_realm_names);
     n_preauth_systems = k;
@@ -544,17 +545,17 @@ unload_preauth_plugins(krb5_context context)
 {
     int i;
     if (preauth_systems != NULL) {
-	for (i = 0; i < n_preauth_systems; i++) {
-	    if (preauth_systems[i].fini != NULL) {
-	        (*preauth_systems[i].fini)(context,
-					   preauth_systems[i].plugin_context);
-	    }
-	    memset(&preauth_systems[i], 0, sizeof(preauth_systems[i]));
-	}
-	free(preauth_systems);
-	preauth_systems = NULL;
-	n_preauth_systems = 0;
-	krb5int_close_plugin_dirs(&preauth_plugins);
+        for (i = 0; i < n_preauth_systems; i++) {
+            if (preauth_systems[i].fini != NULL) {
+                (*preauth_systems[i].fini)(context,
+                                           preauth_systems[i].plugin_context);
+            }
+            memset(&preauth_systems[i], 0, sizeof(preauth_systems[i]));
+        }
+        free(preauth_systems);
+        preauth_systems = NULL;
+        n_preauth_systems = 0;
+        krb5int_close_plugin_dirs(&preauth_plugins);
     }
     return 0;
 }
@@ -567,8 +568,8 @@ unload_preauth_plugins(krb5_context context)
 struct request_pa_context {
     int n_contexts;
     struct {
-	krb5_preauth_systems *pa_system;
-	void *pa_context;
+        krb5_preauth_systems *pa_system;
+        void *pa_context;
     } *contexts;
 };
 
@@ -580,21 +581,21 @@ make_padata_context(krb5_context context, void **padata_context)
 
     ret = malloc(sizeof(*ret));
     if (ret == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     ret->n_contexts = n_preauth_systems;
     ret->contexts = malloc(sizeof(ret->contexts[0]) * ret->n_contexts);
     if (ret->contexts == NULL) {
-	free(ret);
-	return ENOMEM;
+        free(ret);
+        return ENOMEM;
     }
 
     memset(ret->contexts, 0, sizeof(ret->contexts[0]) * ret->n_contexts);
 
     for (i = 0; i < ret->n_contexts; i++) {
-	ret->contexts[i].pa_system = &preauth_systems[i];
-	ret->contexts[i].pa_context = NULL;
+        ret->contexts[i].pa_system = &preauth_systems[i];
+        ret->contexts[i].pa_context = NULL;
     }
 
     *padata_context = ret;
@@ -616,20 +617,20 @@ free_padata_context(krb5_context kcontext, void **padata_context)
     int i;
 
     if (padata_context == NULL)
-	return 0;
+        return 0;
 
     context = *padata_context;
 
     for (i = 0; i < context->n_contexts; i++) {
-	if (context->contexts[i].pa_context != NULL) {
-	    preauth_system = context->contexts[i].pa_system;
-	    mctx = preauth_system->plugin_context;
-	    if (preauth_system->free_pa_reqctx != NULL) {
-		pctx = &context->contexts[i].pa_context;
-		(*preauth_system->free_pa_reqctx)(kcontext, mctx, pctx);
-	    }
-	    context->contexts[i].pa_context = NULL;
-	}
+        if (context->contexts[i].pa_context != NULL) {
+            preauth_system = context->contexts[i].pa_system;
+            mctx = preauth_system->plugin_context;
+            if (preauth_system->free_pa_reqctx != NULL) {
+                pctx = &context->contexts[i].pa_context;
+                (*preauth_system->free_pa_reqctx)(kcontext, mctx, pctx);
+            }
+            context->contexts[i].pa_context = NULL;
+        }
     }
 
     free(context->contexts);
@@ -642,25 +643,25 @@ free_padata_context(krb5_context kcontext, void **padata_context)
  * contents in a new krb5_data, which must be freed by the caller. */
 static krb5_error_code
 get_entry_tl_data(krb5_context context, krb5_db_entry *entry,
-		  krb5_int16 tl_data_type, krb5_data **result)
+                  krb5_int16 tl_data_type, krb5_data **result)
 {
     krb5_tl_data *tl;
     for (tl = entry->tl_data; tl != NULL; tl = tl->tl_data_next) {
-	if (tl->tl_data_type == tl_data_type) {
-	    *result = malloc(sizeof(krb5_data));
-	    if (*result == NULL) {
-		return ENOMEM;
-	    }
-	    (*result)->magic = KV5M_DATA;
-	    (*result)->data = malloc(tl->tl_data_length);
-	    if ((*result)->data == NULL) {
-		free(*result);
-		*result = NULL;
-		return ENOMEM;
-	    }
-	    memcpy((*result)->data, tl->tl_data_contents, tl->tl_data_length);
-	    return 0;
-	}
+        if (tl->tl_data_type == tl_data_type) {
+            *result = malloc(sizeof(krb5_data));
+            if (*result == NULL) {
+                return ENOMEM;
+            }
+            (*result)->magic = KV5M_DATA;
+            (*result)->data = malloc(tl->tl_data_length);
+            if ((*result)->data == NULL) {
+                free(*result);
+                *result = NULL;
+                return ENOMEM;
+            }
+            memcpy((*result)->data, tl->tl_data_contents, tl->tl_data_length);
+            return 0;
+        }
     }
     return ENOENT;
 }
@@ -675,9 +676,9 @@ get_entry_tl_data(krb5_context context, krb5_db_entry *entry,
  */
 static krb5_error_code
 get_entry_data(krb5_context context,
-	       krb5_kdc_req *request, krb5_db_entry *entry,
-	       krb5_int32  type,
-	       krb5_data **result)
+               krb5_kdc_req *request, krb5_db_entry *entry,
+               krb5_int32  type,
+               krb5_data **result)
 {
     int i, k;
     krb5_data *ret;
@@ -689,37 +690,37 @@ get_entry_data(krb5_context context,
 
     switch (type) {
     case krb5plugin_preauth_entry_request_certificate:
-	return get_entry_tl_data(context, entry,
-				 KRB5_TL_USER_CERTIFICATE, result);
-	break;
+        return get_entry_tl_data(context, entry,
+                                 KRB5_TL_USER_CERTIFICATE, result);
+        break;
     case krb5plugin_preauth_entry_max_time_skew:
-	ret = malloc(sizeof(krb5_data));
-	if (ret == NULL)
-	    return ENOMEM;
-	delta = malloc(sizeof(krb5_deltat));
-	if (delta == NULL) {
-	    free(ret);
-	    return ENOMEM;
-	}
-	*delta = context->clockskew;
-	ret->data = (char *) delta;
-	ret->length = sizeof(*delta);
-	*result = ret;
-	return 0;
-	break;
+        ret = malloc(sizeof(krb5_data));
+        if (ret == NULL)
+            return ENOMEM;
+        delta = malloc(sizeof(krb5_deltat));
+        if (delta == NULL) {
+            free(ret);
+            return ENOMEM;
+        }
+        *delta = context->clockskew;
+        ret->data = (char *) delta;
+        ret->length = sizeof(*delta);
+        *result = ret;
+        return 0;
+        break;
     case krb5plugin_preauth_keys:
-	ret = malloc(sizeof(krb5_data));
-	if (ret == NULL)
-	    return ENOMEM;
-	keys = malloc(sizeof(krb5_keyblock) * (request->nktypes + 1));
-	if (keys == NULL) {
-	    free(ret);
-	    return ENOMEM;
-	}
-	ret->data = (char *) keys;
-	ret->length = sizeof(krb5_keyblock) * (request->nktypes + 1);
-	memset(ret->data, 0, ret->length);
-	if ((error = krb5_dbe_find_mkey(context, master_keylist, entry,
+        ret = malloc(sizeof(krb5_data));
+        if (ret == NULL)
+            return ENOMEM;
+        keys = malloc(sizeof(krb5_keyblock) * (request->nktypes + 1));
+        if (keys == NULL) {
+            free(ret);
+            return ENOMEM;
+        }
+        ret->data = (char *) keys;
+        ret->length = sizeof(krb5_keyblock) * (request->nktypes + 1);
+        memset(ret->data, 0, ret->length);
+        if ((error = krb5_dbe_find_mkey(context, master_keylist, entry,
                                         &mkey_ptr))) {
             krb5_keylist_node *tmp_mkey_list;
             /* try refreshing the mkey list in case it's been updated */
@@ -738,64 +739,64 @@ get_entry_data(krb5_context context,
                 return (error);
             }
         }
-	k = 0;
-	for (i = 0; i < request->nktypes; i++) {
-	    entry_key = NULL;
-	    if (krb5_dbe_find_enctype(context, entry, request->ktype[i],
-				      -1, 0, &entry_key) != 0)
-		continue;
-	    if (krb5_dbekd_decrypt_key_data(context, mkey_ptr,
-					    entry_key, &keys[k], NULL) != 0) {
-		if (keys[k].contents != NULL)
-		    krb5_free_keyblock_contents(context, &keys[k]);
-		memset(&keys[k], 0, sizeof(keys[k]));
-		continue;
-	    }
-	    k++;
-	}
-	if (k > 0) {
-	    *result = ret;
-	    return 0;
-	} else {
-	    free(keys);
-	    free(ret);
-	}
-	break;
+        k = 0;
+        for (i = 0; i < request->nktypes; i++) {
+            entry_key = NULL;
+            if (krb5_dbe_find_enctype(context, entry, request->ktype[i],
+                                      -1, 0, &entry_key) != 0)
+                continue;
+            if (krb5_dbekd_decrypt_key_data(context, mkey_ptr,
+                                            entry_key, &keys[k], NULL) != 0) {
+                if (keys[k].contents != NULL)
+                    krb5_free_keyblock_contents(context, &keys[k]);
+                memset(&keys[k], 0, sizeof(keys[k]));
+                continue;
+            }
+            k++;
+        }
+        if (k > 0) {
+            *result = ret;
+            return 0;
+        } else {
+            free(keys);
+            free(ret);
+        }
+        break;
     case krb5plugin_preauth_request_body:
-	ret = NULL;
-	encode_krb5_kdc_req_body(request, &ret);
-	if (ret != NULL) {
-	    *result = ret;
-	    return 0;
-	}
-	return ASN1_PARSE_ERROR;
-	break;
+        ret = NULL;
+        encode_krb5_kdc_req_body(request, &ret);
+        if (ret != NULL) {
+            *result = ret;
+            return 0;
+        }
+        return ASN1_PARSE_ERROR;
+        break;
     case krb5plugin_preauth_fast_armor:
-	ret = calloc(1, sizeof(krb5_data));
-	if (ret == NULL)
-	    return ENOMEM;
-	if (state->armor_key == NULL) {
-	    *result = ret;
-	    return 0;
-	}
-	error = krb5_copy_keyblock(context, state->armor_key, &keys);
-	if (error == 0) {
-	    ret->data = (char *) keys;
-	    ret->length = sizeof(krb5_keyblock);
-	    *result = ret;
-	    return 0;
-	}
-	free(ret);
-	return error;
+        ret = calloc(1, sizeof(krb5_data));
+        if (ret == NULL)
+            return ENOMEM;
+        if (state->armor_key == NULL) {
+            *result = ret;
+            return 0;
+        }
+        error = krb5_copy_keyblock(context, state->armor_key, &keys);
+        if (error == 0) {
+            ret->data = (char *) keys;
+            ret->length = sizeof(krb5_keyblock);
+            *result = ret;
+            return 0;
+        }
+        free(ret);
+        return error;
     case krb5plugin_preauth_free_fast_armor:
-	if ((*result)->data) {
-	    keys = (krb5_keyblock *) (*result)->data;
-	    krb5_free_keyblock(context, keys);
-	}
-	free(*result);
-	return 0;
+        if ((*result)->data) {
+            keys = (krb5_keyblock *) (*result)->data;
+            krb5_free_keyblock(context, keys);
+        }
+        free(*result);
+        return 0;
     default:
-	break;
+        break;
     }
     return ENOENT;
 }
@@ -807,30 +808,30 @@ find_pa_system(int type, krb5_preauth_systems **preauth)
 
     ap = preauth_systems ? preauth_systems : static_preauth_systems;
     while ((ap->type != -1) && (ap->type != type))
-	ap++;
+        ap++;
     if (ap->type == -1)
-	return(KRB5_PREAUTH_BAD_TYPE);
+        return(KRB5_PREAUTH_BAD_TYPE);
     *preauth = ap;
     return 0;
-} 
+}
 
 static krb5_error_code
 find_pa_context(krb5_preauth_systems *pa_sys,
-		struct request_pa_context *context,
-		void ***pa_context)
+                struct request_pa_context *context,
+                void ***pa_context)
 {
     int i;
 
     *pa_context = 0;
 
     if (context == NULL)
-	return KRB5KRB_ERR_GENERIC;
+        return KRB5KRB_ERR_GENERIC;
 
     for (i = 0; i < context->n_contexts; i++) {
-	if (context->contexts[i].pa_system == pa_sys) {
-	    *pa_context = &context->contexts[i].pa_context;
-	    return 0;
-	}
+        if (context->contexts[i].pa_system == pa_sys) {
+            *pa_context = &context->contexts[i].pa_context;
+            return 0;
+        }
     }
 
     return KRB5KRB_ERR_GENERIC;
@@ -844,9 +845,9 @@ static krb5_boolean
 pa_list_includes(krb5_pa_data **pa_data, krb5_preauthtype pa_type)
 {
     while (*pa_data != NULL) {
-	if ((*pa_data)->pa_type == pa_type)
-	    return TRUE;
-	pa_data++;
+        if ((*pa_data)->pa_type == pa_type)
+            return TRUE;
+        pa_data++;
     }
     return FALSE;
 }
@@ -859,158 +860,158 @@ sort_pa_order(krb5_context context, krb5_kdc_req *request, int *pa_order)
     i = 0;
     for (j = 0; j < n_preauth_systems; j++) {
         if (preauth_systems[j].return_padata != NULL)
-	    pa_order[i++] = j;
+            pa_order[i++] = j;
     }
     n_repliers = i;
     pa_order[n_repliers] = -1;
 
     /* Reorder so that PA_REPLACES_KEY modules are listed first. */
     for (i = 0; i < n_repliers; i++) {
-	/* If this module replaces the key, then it's okay to leave it where it
-	 * is in the order. */
-	if (preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY)
-	    continue;
-	/* If not, search for a module which does, and swap in the first one we
-	 * find. */
+        /* If this module replaces the key, then it's okay to leave it where it
+         * is in the order. */
+        if (preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY)
+            continue;
+        /* If not, search for a module which does, and swap in the first one we
+         * find. */
         for (j = i + 1; j < n_repliers; j++) {
-	    if (preauth_systems[pa_order[j]].flags & PA_REPLACES_KEY) {
+            if (preauth_systems[pa_order[j]].flags & PA_REPLACES_KEY) {
                 k = pa_order[j];
-		pa_order[j] = pa_order[i];
-		pa_order[i] = k;
-		break;
-	    }
+                pa_order[j] = pa_order[i];
+                pa_order[i] = k;
+                break;
+            }
         }
     }
 
     if (request->padata != NULL) {
-	/* Now reorder the subset of modules which replace the key,
-	 * bubbling those which handle pa_data types provided by the
-	 * client ahead of the others. */
-	for (i = 0; preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY; i++) {
-	    continue;
-	}
-	n_key_replacers = i;
-	for (i = 0; i < n_key_replacers; i++) {
-	    if (pa_list_includes(request->padata,
-				preauth_systems[pa_order[i]].type))
-		continue;
-	    for (j = i + 1; j < n_key_replacers; j++) {
-		if (pa_list_includes(request->padata,
-				    preauth_systems[pa_order[j]].type)) {
-		    k = pa_order[j];
-		    pa_order[j] = pa_order[i];
-		    pa_order[i] = k;
-		    break;
-		}
-	    }
-	}
+        /* Now reorder the subset of modules which replace the key,
+         * bubbling those which handle pa_data types provided by the
+         * client ahead of the others. */
+        for (i = 0; preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY; i++) {
+            continue;
+        }
+        n_key_replacers = i;
+        for (i = 0; i < n_key_replacers; i++) {
+            if (pa_list_includes(request->padata,
+                                 preauth_systems[pa_order[i]].type))
+                continue;
+            for (j = i + 1; j < n_key_replacers; j++) {
+                if (pa_list_includes(request->padata,
+                                     preauth_systems[pa_order[j]].type)) {
+                    k = pa_order[j];
+                    pa_order[j] = pa_order[i];
+                    pa_order[i] = k;
+                    break;
+                }
+            }
+        }
     }
 #ifdef DEBUG
     krb5_klog_syslog(LOG_DEBUG, "original preauth mechanism list:");
     for (i = 0; i < n_preauth_systems; i++) {
-	if (preauth_systems[i].return_padata != NULL)
+        if (preauth_systems[i].return_padata != NULL)
             krb5_klog_syslog(LOG_DEBUG, "... %s(%d)", preauth_systems[i].name,
-			     preauth_systems[i].type);
+                             preauth_systems[i].type);
     }
     krb5_klog_syslog(LOG_DEBUG, "sorted preauth mechanism list:");
     for (i = 0; pa_order[i] != -1; i++) {
         krb5_klog_syslog(LOG_DEBUG, "... %s(%d)",
-			 preauth_systems[pa_order[i]].name,
-			 preauth_systems[pa_order[i]].type);
+                         preauth_systems[pa_order[i]].name,
+                         preauth_systems[pa_order[i]].type);
     }
 #endif
 }
 
 const char *missing_required_preauth(krb5_db_entry *client,
-				     krb5_db_entry *server,
-				     krb5_enc_tkt_part *enc_tkt_reply)
+                                     krb5_db_entry *server,
+                                     krb5_enc_tkt_part *enc_tkt_reply)
 {
 #if 0
     /*
      * If this is the pwchange service, and the pre-auth bit is set,
      * allow it even if the HW preauth would normally be required.
-     * 
+     *
      * Sandia national labs wanted this for some strange reason... we
      * leave it disabled normally.
      */
     if (isflagset(server->attributes, KRB5_KDB_PWCHANGE_SERVICE) &&
-	isflagset(enc_tkt_reply->flags, TKT_FLG_PRE_AUTH))
-	return 0;
+        isflagset(enc_tkt_reply->flags, TKT_FLG_PRE_AUTH))
+        return 0;
 #endif
-    
+
 #ifdef DEBUG
     krb5_klog_syslog (LOG_DEBUG,
-		      "client needs %spreauth, %shw preauth; request has %spreauth, %shw preauth",
-		      isflagset (client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) ? "" : "no ",
-		      isflagset (client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) ? "" : "no ",
-		      isflagset (enc_tkt_reply->flags, TKT_FLG_PRE_AUTH) ? "" : "no ",
-		      isflagset (enc_tkt_reply->flags, TKT_FLG_HW_AUTH) ? "" : "no ");
+                      "client needs %spreauth, %shw preauth; request has %spreauth, %shw preauth",
+                      isflagset (client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) ? "" : "no ",
+                      isflagset (client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) ? "" : "no ",
+                      isflagset (enc_tkt_reply->flags, TKT_FLG_PRE_AUTH) ? "" : "no ",
+                      isflagset (enc_tkt_reply->flags, TKT_FLG_HW_AUTH) ? "" : "no ");
 #endif
 
     if (isflagset(client->attributes, KRB5_KDB_REQUIRES_PRE_AUTH) &&
-	 !isflagset(enc_tkt_reply->flags, TKT_FLG_PRE_AUTH))
-	return "NEEDED_PREAUTH";
+        !isflagset(enc_tkt_reply->flags, TKT_FLG_PRE_AUTH))
+        return "NEEDED_PREAUTH";
 
     if (isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH) &&
-	!isflagset(enc_tkt_reply->flags, TKT_FLG_HW_AUTH))
-	return "NEEDED_HW_PREAUTH";
+        !isflagset(enc_tkt_reply->flags, TKT_FLG_HW_AUTH))
+        return "NEEDED_HW_PREAUTH";
 
     return 0;
 }
 
 void get_preauth_hint_list(krb5_kdc_req *request, krb5_db_entry *client,
-			   krb5_db_entry *server, krb5_data *e_data)
+                           krb5_db_entry *server, krb5_data *e_data)
 {
     int hw_only;
     krb5_preauth_systems *ap;
     krb5_pa_data **pa_data, **pa;
     krb5_data *edat;
     krb5_error_code retval;
-    
+
     /* Zero these out in case we need to abort */
     e_data->length = 0;
     e_data->data = 0;
-    
+
     hw_only = isflagset(client->attributes, KRB5_KDB_REQUIRES_HW_AUTH);
     /* Allocate two extra entries for the cookie and the terminator. */
     pa_data = calloc(n_preauth_systems + 2, sizeof(krb5_pa_data *));
     if (pa_data == 0)
-	return;
+        return;
     pa = pa_data;
 
     for (ap = preauth_systems; ap->type != -1; ap++) {
-	if (hw_only && !(ap->flags & PA_HARDWARE))
-	    continue;
-	if (ap->flags & PA_PSEUDO)
-	    continue;
-	*pa = malloc(sizeof(krb5_pa_data));
-	if (*pa == 0)
-	    goto errout;
-	memset(*pa, 0, sizeof(krb5_pa_data));
-	(*pa)->magic = KV5M_PA_DATA;
-	(*pa)->pa_type = ap->type;
-	if (ap->get_edata) {
-	  retval = (ap->get_edata)(kdc_context, request, client, server,
-				   get_entry_data, ap->plugin_context, *pa);
-	  if (retval) {
-	    /* just failed on this type, continue */
-	    free(*pa);
-	    *pa = 0;
-	    continue;
-	  }
-	}
-	pa++;
+        if (hw_only && !(ap->flags & PA_HARDWARE))
+            continue;
+        if (ap->flags & PA_PSEUDO)
+            continue;
+        *pa = malloc(sizeof(krb5_pa_data));
+        if (*pa == 0)
+            goto errout;
+        memset(*pa, 0, sizeof(krb5_pa_data));
+        (*pa)->magic = KV5M_PA_DATA;
+        (*pa)->pa_type = ap->type;
+        if (ap->get_edata) {
+            retval = (ap->get_edata)(kdc_context, request, client, server,
+                                     get_entry_data, ap->plugin_context, *pa);
+            if (retval) {
+                /* just failed on this type, continue */
+                free(*pa);
+                *pa = 0;
+                continue;
+            }
+        }
+        pa++;
     }
     if (pa_data[0] == 0) {
-	krb5_klog_syslog (LOG_INFO,
-			  "%spreauth required but hint list is empty",
-			  hw_only ? "hw" : "");
+        krb5_klog_syslog (LOG_INFO,
+                          "%spreauth required but hint list is empty",
+                          hw_only ? "hw" : "");
     }
 /* If we fail to get the cookie it is probably still reasonable to continue with the response*/
     kdc_preauth_get_cookie(request->kdc_state, pa);
     retval = encode_krb5_padata_sequence(pa_data, &edat);
     if (retval)
-	goto errout;
+        goto errout;
     *e_data = *edat;
     free(edat);
 
@@ -1031,36 +1032,36 @@ add_authorization_data(krb5_enc_tkt_part *enc_tkt_part, krb5_authdata **ad)
     int i;
 
     if (enc_tkt_part == NULL || ad == NULL)
-	return EINVAL;
+        return EINVAL;
 
     for (newones = 0; ad[newones] != NULL; newones++);
     if (newones == 0)
-	return 0;   /* nothing to add */
+        return 0;   /* nothing to add */
 
     if (enc_tkt_part->authorization_data == NULL)
-	oldones = 0;
+        oldones = 0;
     else
-	for (oldones = 0;
-	     enc_tkt_part->authorization_data[oldones] != NULL; oldones++);
+        for (oldones = 0;
+             enc_tkt_part->authorization_data[oldones] != NULL; oldones++);
 
     newad = malloc((oldones + newones + 1) * sizeof(krb5_authdata *));
     if (newad == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     /* Copy any existing pointers */
     for (i = 0; i < oldones; i++)
-	newad[i] = enc_tkt_part->authorization_data[i];
+        newad[i] = enc_tkt_part->authorization_data[i];
 
     /* Add the new ones */
     for (i = 0; i < newones; i++)
-	newad[oldones+i] = ad[i];
+        newad[oldones+i] = ad[i];
 
     /* Terminate the new list */
     newad[oldones+i] = NULL;
 
     /* Free any existing list */
     if (enc_tkt_part->authorization_data != NULL)
-	free(enc_tkt_part->authorization_data);
+        free(enc_tkt_part->authorization_data);
 
     /* Install our new list */
     enc_tkt_part->authorization_data = newad;
@@ -1078,25 +1079,25 @@ add_authorization_data(krb5_enc_tkt_part *enc_tkt_part, krb5_authdata **ad)
 
 krb5_error_code
 check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
-	      krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
-	      void **padata_context, krb5_data *e_data)
+              krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+              void **padata_context, krb5_data *e_data)
 {
     krb5_error_code retval = 0;
     krb5_pa_data **padata;
     krb5_preauth_systems *pa_sys;
     void **pa_context;
     krb5_data *pa_e_data = NULL, *tmp_e_data = NULL;
-    int	pa_ok = 0, pa_found = 0;
+    int pa_ok = 0, pa_found = 0;
     krb5_error_code saved_retval = 0;
     int use_saved_retval = 0;
     const char *emsg;
     krb5_authdata **tmp_authz_data = NULL;
 
     if (request->padata == 0)
-	return 0;
+        return 0;
 
     if (make_padata_context(context, padata_context) != 0) {
-	return KRB5KRB_ERR_GENERIC;
+        return KRB5KRB_ERR_GENERIC;
     }
 
 #ifdef DEBUG
@@ -1104,109 +1105,109 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
 #endif
     for (padata = request->padata; *padata; padata++) {
 #ifdef DEBUG
-	krb5_klog_syslog (LOG_DEBUG, ".. pa_type 0x%x", (*padata)->pa_type);
+        krb5_klog_syslog (LOG_DEBUG, ".. pa_type 0x%x", (*padata)->pa_type);
 #endif
-	if (find_pa_system((*padata)->pa_type, &pa_sys))
-	    continue;
-	if (find_pa_context(pa_sys, *padata_context, &pa_context))
-	    continue;
+        if (find_pa_system((*padata)->pa_type, &pa_sys))
+            continue;
+        if (find_pa_context(pa_sys, *padata_context, &pa_context))
+            continue;
 #ifdef DEBUG
-	krb5_klog_syslog (LOG_DEBUG, ".. pa_type %s", pa_sys->name);
+        krb5_klog_syslog (LOG_DEBUG, ".. pa_type %s", pa_sys->name);
 #endif
-	if (pa_sys->verify_padata == 0)
-	    continue;
-	pa_found++;
-	retval = pa_sys->verify_padata(context, client, req_pkt, request,
-				       enc_tkt_reply, *padata,
-				       get_entry_data, pa_sys->plugin_context,
-				       pa_context, &tmp_e_data, &tmp_authz_data);
-	if (retval) {
-	    emsg = krb5_get_error_message (context, retval);
-	    krb5_klog_syslog (LOG_INFO, "preauth (%s) verify failure: %s",
-			      pa_sys->name, emsg);
-	    krb5_free_error_message (context, emsg);
-	    /* Ignore authorization data returned from modules that fail */
-	    if (tmp_authz_data != NULL) {
-		krb5_free_authdata(context, tmp_authz_data);
-		tmp_authz_data = NULL;
-	    }
-	    if (pa_sys->flags & PA_REQUIRED) {
-		/* free up any previous edata we might have been saving */
-		if (pa_e_data != NULL)
-		    krb5_free_data(context, pa_e_data);
-		pa_e_data = tmp_e_data;
-		tmp_e_data = NULL;
-		use_saved_retval = 0; /* Make sure we use the current retval */
-		pa_ok = 0;
-		break;
-	    }
-	    /*
-	     * We'll return edata from either the first PA_REQUIRED module
-	     * that fails, or the first non-PA_REQUIRED module that fails.
-	     * Hang on to edata from the first non-PA_REQUIRED module.
-	     * If we've already got one saved, simply discard this one.
-	     */
-	    if (tmp_e_data != NULL) {
-		if (pa_e_data == NULL) {
-		    /* save the first error code and e-data */
-		    pa_e_data = tmp_e_data;
-		    tmp_e_data = NULL;
-		    saved_retval = retval;
-		    use_saved_retval = 1;
-		} else {
-		    /* discard this extra e-data from non-PA_REQUIRED module */
-		    krb5_free_data(context, tmp_e_data);
-		    tmp_e_data = NULL;
-		}
-	    }
-	} else {
+        if (pa_sys->verify_padata == 0)
+            continue;
+        pa_found++;
+        retval = pa_sys->verify_padata(context, client, req_pkt, request,
+                                       enc_tkt_reply, *padata,
+                                       get_entry_data, pa_sys->plugin_context,
+                                       pa_context, &tmp_e_data, &tmp_authz_data);
+        if (retval) {
+            emsg = krb5_get_error_message (context, retval);
+            krb5_klog_syslog (LOG_INFO, "preauth (%s) verify failure: %s",
+                              pa_sys->name, emsg);
+            krb5_free_error_message (context, emsg);
+            /* Ignore authorization data returned from modules that fail */
+            if (tmp_authz_data != NULL) {
+                krb5_free_authdata(context, tmp_authz_data);
+                tmp_authz_data = NULL;
+            }
+            if (pa_sys->flags & PA_REQUIRED) {
+                /* free up any previous edata we might have been saving */
+                if (pa_e_data != NULL)
+                    krb5_free_data(context, pa_e_data);
+                pa_e_data = tmp_e_data;
+                tmp_e_data = NULL;
+                use_saved_retval = 0; /* Make sure we use the current retval */
+                pa_ok = 0;
+                break;
+            }
+            /*
+             * We'll return edata from either the first PA_REQUIRED module
+             * that fails, or the first non-PA_REQUIRED module that fails.
+             * Hang on to edata from the first non-PA_REQUIRED module.
+             * If we've already got one saved, simply discard this one.
+             */
+            if (tmp_e_data != NULL) {
+                if (pa_e_data == NULL) {
+                    /* save the first error code and e-data */
+                    pa_e_data = tmp_e_data;
+                    tmp_e_data = NULL;
+                    saved_retval = retval;
+                    use_saved_retval = 1;
+                } else {
+                    /* discard this extra e-data from non-PA_REQUIRED module */
+                    krb5_free_data(context, tmp_e_data);
+                    tmp_e_data = NULL;
+                }
+            }
+        } else {
 #ifdef DEBUG
-	    krb5_klog_syslog (LOG_DEBUG, ".. .. ok");
+            krb5_klog_syslog (LOG_DEBUG, ".. .. ok");
 #endif
-	    /* Ignore any edata returned on success */
-	    if (tmp_e_data != NULL) {
-	        krb5_free_data(context, tmp_e_data);
-		tmp_e_data = NULL;
-	    }
-	    /* Add any authorization data to the ticket */
-	    if (tmp_authz_data != NULL) {
-		add_authorization_data(enc_tkt_reply, tmp_authz_data);
-		free(tmp_authz_data);
-		tmp_authz_data = NULL;
-	    }
-	    pa_ok = 1;
-	    if (pa_sys->flags & PA_SUFFICIENT)
-		break;
-	}
+            /* Ignore any edata returned on success */
+            if (tmp_e_data != NULL) {
+                krb5_free_data(context, tmp_e_data);
+                tmp_e_data = NULL;
+            }
+            /* Add any authorization data to the ticket */
+            if (tmp_authz_data != NULL) {
+                add_authorization_data(enc_tkt_reply, tmp_authz_data);
+                free(tmp_authz_data);
+                tmp_authz_data = NULL;
+            }
+            pa_ok = 1;
+            if (pa_sys->flags & PA_SUFFICIENT)
+                break;
+        }
     }
 
     /* Don't bother copying and returning e-data on success */
     if (pa_ok && pa_e_data != NULL) {
-	krb5_free_data(context, pa_e_data);
-	pa_e_data = NULL;
+        krb5_free_data(context, pa_e_data);
+        pa_e_data = NULL;
     }
     /* Return any e-data from the preauth that caused us to exit the loop */
     if (pa_e_data != NULL) {
-	e_data->data = malloc(pa_e_data->length);
-	if (e_data->data == NULL) {
-	    krb5_free_data(context, pa_e_data);
-	    return KRB5KRB_ERR_GENERIC;
-	}
-	memcpy(e_data->data, pa_e_data->data, pa_e_data->length);
-	e_data->length = pa_e_data->length;
-	krb5_free_data(context, pa_e_data);
-	pa_e_data = NULL;
-	if (use_saved_retval != 0)
-	    retval = saved_retval;
+        e_data->data = malloc(pa_e_data->length);
+        if (e_data->data == NULL) {
+            krb5_free_data(context, pa_e_data);
+            return KRB5KRB_ERR_GENERIC;
+        }
+        memcpy(e_data->data, pa_e_data->data, pa_e_data->length);
+        e_data->length = pa_e_data->length;
+        krb5_free_data(context, pa_e_data);
+        pa_e_data = NULL;
+        if (use_saved_retval != 0)
+            retval = saved_retval;
     }
 
     if (pa_ok)
-	return 0;
+        return 0;
 
     /* pa system was not found; we may return PREAUTH_REQUIRED later,
        but we did not actually fail to verify the pre-auth. */
     if (!pa_found)
-       return 0;
+        return 0;
 
 
     /* The following switch statement allows us
@@ -1217,7 +1218,7 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
     case KRB5KRB_AP_ERR_BAD_INTEGRITY:
     case KRB5KRB_AP_ERR_SKEW:
     case KRB5KDC_ERR_ETYPE_NOSUPP:
-    /* rfc 4556 */
+        /* rfc 4556 */
     case KRB5KDC_ERR_CLIENT_NOT_TRUSTED:
     case KRB5KDC_ERR_INVALID_SIG:
     case KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED:
@@ -1231,15 +1232,15 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
     case KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED:
     case KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED:
     case KRB5KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED:
-    /* earlier drafts of what became rfc 4556 */
+        /* earlier drafts of what became rfc 4556 */
     case KRB5KDC_ERR_CERTIFICATE_MISMATCH:
     case KRB5KDC_ERR_KDC_NOT_TRUSTED:
     case KRB5KDC_ERR_REVOCATION_STATUS_UNAVAILABLE:
-    /* This value is shared with KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */
-    /* case KRB5KDC_ERR_KEY_TOO_WEAK: */
-	return retval;
+        /* This value is shared with KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */
+        /* case KRB5KDC_ERR_KEY_TOO_WEAK: */
+        return retval;
     default:
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 }
 
@@ -1249,45 +1250,45 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
  */
 krb5_error_code
 return_padata(krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
-	      krb5_kdc_req *request, krb5_kdc_rep *reply,
-	      krb5_key_data *client_key, krb5_keyblock *encrypting_key,
-	      void **padata_context)
+              krb5_kdc_req *request, krb5_kdc_rep *reply,
+              krb5_key_data *client_key, krb5_keyblock *encrypting_key,
+              void **padata_context)
 {
-    krb5_error_code		retval;
-    krb5_pa_data **		padata;
-    krb5_pa_data **		send_pa_list;
-    krb5_pa_data **		send_pa;
-    krb5_pa_data *		pa = 0;
-    krb5_preauth_systems *	ap;
-    int *			pa_order;
-    int *			pa_type;
-    int 			size = 0;
-    void **			pa_context;
-    krb5_boolean		key_modified;
-    krb5_keyblock		original_key;
+    krb5_error_code             retval;
+    krb5_pa_data **             padata;
+    krb5_pa_data **             send_pa_list;
+    krb5_pa_data **             send_pa;
+    krb5_pa_data *              pa = 0;
+    krb5_preauth_systems *      ap;
+    int *                       pa_order;
+    int *                       pa_type;
+    int                         size = 0;
+    void **                     pa_context;
+    krb5_boolean                key_modified;
+    krb5_keyblock               original_key;
     if ((!*padata_context)&& (make_padata_context(context, padata_context) != 0)) {
-	return KRB5KRB_ERR_GENERIC;
+        return KRB5KRB_ERR_GENERIC;
     }
 
     for (ap = preauth_systems; ap->type != -1; ap++) {
-	if (ap->return_padata)
-	    size++;
+        if (ap->return_padata)
+            size++;
     }
 
     if ((send_pa_list = malloc((size+1) * sizeof(krb5_pa_data *))) == NULL)
-	return ENOMEM;
+        return ENOMEM;
     if ((pa_order = malloc((size+1) * sizeof(int))) == NULL) {
-	free(send_pa_list);
-	return ENOMEM;
+        free(send_pa_list);
+        return ENOMEM;
     }
     sort_pa_order(context, request, pa_order);
 
     retval = krb5_copy_keyblock_contents(context, encrypting_key,
-					 &original_key);
+                                         &original_key);
     if (retval) {
-	free(send_pa_list);
-	free(pa_order);
-	return retval;
+        free(send_pa_list);
+        free(pa_order);
+        return retval;
     }
     key_modified = FALSE;
 
@@ -1295,117 +1296,117 @@ return_padata(krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
     *send_pa = 0;
 
     for (pa_type = pa_order; *pa_type != -1; pa_type++) {
-	ap = &preauth_systems[*pa_type];
+        ap = &preauth_systems[*pa_type];
         if (!key_modified)
-	    if (original_key.enctype != encrypting_key->enctype)
+            if (original_key.enctype != encrypting_key->enctype)
                 key_modified = TRUE;
         if (!key_modified)
-	    if (original_key.length != encrypting_key->length)
+            if (original_key.length != encrypting_key->length)
                 key_modified = TRUE;
         if (!key_modified)
-	    if (memcmp(original_key.contents, encrypting_key->contents,
-		       original_key.length) != 0)
+            if (memcmp(original_key.contents, encrypting_key->contents,
+                       original_key.length) != 0)
                 key_modified = TRUE;
-	if (key_modified && (ap->flags & PA_REPLACES_KEY))
-	    continue;
-	if (ap->return_padata == 0)
-	    continue;
-	if (find_pa_context(ap, *padata_context, &pa_context))
-	    continue;
-	pa = 0;
-	if (request->padata) {
-	    for (padata = request->padata; *padata; padata++) {
-		if ((*padata)->pa_type == ap->type) {
-		    pa = *padata;
-		    break;
-		}
-	    }
-	}
-	if ((retval = ap->return_padata(context, pa, client, req_pkt, request, reply,
-					client_key, encrypting_key, send_pa,
-					get_entry_data, ap->plugin_context,
-					pa_context))) {
-	    goto cleanup;
-	}
-
-	if (*send_pa)
-	    send_pa++;
-	*send_pa = 0;
-    }
-    
+        if (key_modified && (ap->flags & PA_REPLACES_KEY))
+            continue;
+        if (ap->return_padata == 0)
+            continue;
+        if (find_pa_context(ap, *padata_context, &pa_context))
+            continue;
+        pa = 0;
+        if (request->padata) {
+            for (padata = request->padata; *padata; padata++) {
+                if ((*padata)->pa_type == ap->type) {
+                    pa = *padata;
+                    break;
+                }
+            }
+        }
+        if ((retval = ap->return_padata(context, pa, client, req_pkt, request, reply,
+                                        client_key, encrypting_key, send_pa,
+                                        get_entry_data, ap->plugin_context,
+                                        pa_context))) {
+            goto cleanup;
+        }
+
+        if (*send_pa)
+            send_pa++;
+        *send_pa = 0;
+    }
+
     retval = 0;
 
     if (send_pa_list[0]) {
-	reply->padata = send_pa_list;
-	send_pa_list = 0;
+        reply->padata = send_pa_list;
+        send_pa_list = 0;
     }
-    
+
 cleanup:
     krb5_free_keyblock_contents(context, &original_key);
     free(pa_order);
     if (send_pa_list)
-	krb5_free_pa_data(context, send_pa_list);
+        krb5_free_pa_data(context, send_pa_list);
     return (retval);
 }
 
 static krb5_boolean
 request_contains_enctype (krb5_context context,  const krb5_kdc_req *request,
-			  krb5_enctype enctype)
+                          krb5_enctype enctype)
 {
     int i;
     for (i =0; i < request->nktypes; i++)
-	if (request->ktype[i] == enctype)
-	    return 1;
+        if (request->ktype[i] == enctype)
+            return 1;
     return 0;
 }
 
 static krb5_error_code get_enc_ts
-    (krb5_context context, krb5_kdc_req *request,
-		    krb5_db_entry *client, krb5_db_entry *server,
-		    preauth_get_entry_data_proc get_entry_data_proc,
-		    void *pa_system_context,
-		    krb5_pa_data *data)
+(krb5_context context, krb5_kdc_req *request,
+ krb5_db_entry *client, krb5_db_entry *server,
+ preauth_get_entry_data_proc get_entry_data_proc,
+ void *pa_system_context,
+ krb5_pa_data *data)
 {
-  struct kdc_request_state *state = request->kdc_state;
-  if (state->armor_key)
-    return ENOENT;
-  return 0;
+    struct kdc_request_state *state = request->kdc_state;
+    if (state->armor_key)
+        return ENOENT;
+    return 0;
 }
-  
-  
+
+
 static krb5_error_code
 verify_enc_timestamp(krb5_context context, krb5_db_entry *client,
-		     krb5_data *req_pkt,
-		     krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
-		     krb5_pa_data *pa,
-		     preauth_get_entry_data_proc ets_get_entry_data,
-		     void *pa_system_context,
-		     void **pa_request_context,
-		     krb5_data **e_data,
-		     krb5_authdata ***authz_data)
+                     krb5_data *req_pkt,
+                     krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+                     krb5_pa_data *pa,
+                     preauth_get_entry_data_proc ets_get_entry_data,
+                     void *pa_system_context,
+                     void **pa_request_context,
+                     krb5_data **e_data,
+                     krb5_authdata ***authz_data)
 {
-    krb5_pa_enc_ts *		pa_enc = 0;
-    krb5_error_code		retval;
-    krb5_data			scratch;
-    krb5_data			enc_ts_data;
-    krb5_enc_data 		*enc_data = 0;
-    krb5_keyblock		key, *mkey_ptr;
-    krb5_key_data *		client_key;
-    krb5_int32			start;
-    krb5_timestamp		timenow;
-    krb5_error_code		decrypt_err = 0;
+    krb5_pa_enc_ts *            pa_enc = 0;
+    krb5_error_code             retval;
+    krb5_data                   scratch;
+    krb5_data                   enc_ts_data;
+    krb5_enc_data               *enc_data = 0;
+    krb5_keyblock               key, *mkey_ptr;
+    krb5_key_data *             client_key;
+    krb5_int32                  start;
+    krb5_timestamp              timenow;
+    krb5_error_code             decrypt_err = 0;
 
     scratch.data = (char *)pa->contents;
     scratch.length = pa->length;
 
     enc_ts_data.data = 0;
-    
+
     if ((retval = decode_krb5_enc_data(&scratch, &enc_data)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     enc_ts_data.length = enc_data->ciphertext.length;
     if ((enc_ts_data.data = (char *) malloc(enc_ts_data.length)) == NULL)
-	goto cleanup;
+        goto cleanup;
 
     if ((retval = krb5_dbe_find_mkey(context, master_keylist, client,
                                      &mkey_ptr))) {
@@ -1428,49 +1429,49 @@ verify_enc_timestamp(krb5_context context, krb5_db_entry *client,
     start = 0;
     decrypt_err = 0;
     while (1) {
-	if ((retval = krb5_dbe_search_enctype(context, client,
-					      &start, enc_data->enctype,
-					      -1, 0, &client_key)))
-	    goto cleanup;
+        if ((retval = krb5_dbe_search_enctype(context, client,
+                                              &start, enc_data->enctype,
+                                              -1, 0, &client_key)))
+            goto cleanup;
 
-	if ((retval = krb5_dbekd_decrypt_key_data(context, mkey_ptr, 
-						  client_key, &key, NULL)))
-	    goto cleanup;
+        if ((retval = krb5_dbekd_decrypt_key_data(context, mkey_ptr,
+                                                  client_key, &key, NULL)))
+            goto cleanup;
 
-	key.enctype = enc_data->enctype;
+        key.enctype = enc_data->enctype;
 
-	retval = krb5_c_decrypt(context, &key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS,
-				0, enc_data, &enc_ts_data);
-	krb5_free_keyblock_contents(context, &key);
-	if (retval == 0)
-	    break;
-	else
-	    decrypt_err = retval;
+        retval = krb5_c_decrypt(context, &key, KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS,
+                                0, enc_data, &enc_ts_data);
+        krb5_free_keyblock_contents(context, &key);
+        if (retval == 0)
+            break;
+        else
+            decrypt_err = retval;
     }
 
     if ((retval = decode_krb5_pa_enc_ts(&enc_ts_data, &pa_enc)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     if ((retval = krb5_timeofday(context, &timenow)) != 0)
-	goto cleanup;
-    
+        goto cleanup;
+
     if (labs(timenow - pa_enc->patimestamp) > context->clockskew) {
-	retval = KRB5KRB_AP_ERR_SKEW;
-	goto cleanup;
+        retval = KRB5KRB_AP_ERR_SKEW;
+        goto cleanup;
     }
 
     setflag(enc_tkt_reply->flags, TKT_FLG_PRE_AUTH);
 
     retval = 0;
-    
+
 cleanup:
     if (enc_data) {
-	krb5_free_data_contents(context, &enc_data->ciphertext);
-	free(enc_data);
+        krb5_free_data_contents(context, &enc_data->ciphertext);
+        free(enc_data);
     }
     krb5_free_data_contents(context, &enc_ts_data);
     if (pa_enc)
-	free(pa_enc);
+        free(pa_enc);
     /*
      * If we get NO_MATCHING_KEY and decryption previously failed, and
      * we failed to find any other keys of the correct enctype after
@@ -1478,22 +1479,22 @@ cleanup:
      * incorrect.
      */
     if (retval == KRB5_KDB_NO_MATCHING_KEY && decrypt_err != 0)
-	retval = decrypt_err;
+        retval = decrypt_err;
     return retval;
 }
 
 static krb5_error_code
 _make_etype_info_entry(krb5_context context,
-		       krb5_principal client_princ, krb5_key_data *client_key,
-		       krb5_enctype etype, krb5_etype_info_entry **entry,
-		       int etype_info2)
+                       krb5_principal client_princ, krb5_key_data *client_key,
+                       krb5_enctype etype, krb5_etype_info_entry **entry,
+                       int etype_info2)
 {
-    krb5_data			salt;
-    krb5_etype_info_entry *	tmp_entry; 
-    krb5_error_code		retval;
+    krb5_data                   salt;
+    krb5_etype_info_entry *     tmp_entry;
+    krb5_error_code             retval;
 
     if ((tmp_entry = malloc(sizeof(krb5_etype_info_entry))) == NULL)
-       return ENOMEM;
+        return ENOMEM;
 
     salt.data = 0;
 
@@ -1505,125 +1506,125 @@ _make_etype_info_entry(krb5_context context,
     tmp_entry->s2kparams.length = 0;
     retval = get_salt_from_key(context, client_princ, client_key, &salt);
     if (retval)
-	goto fail;
+        goto fail;
     if (etype_info2 && client_key->key_data_ver > 1 &&
-	client_key->key_data_type[1] == KRB5_KDB_SALTTYPE_AFS3) {
-	switch (etype) {
-	case ENCTYPE_DES_CBC_CRC:
-	case ENCTYPE_DES_CBC_MD4:
-	case ENCTYPE_DES_CBC_MD5:
-	    tmp_entry->s2kparams.data = malloc(1);
-	    if (tmp_entry->s2kparams.data == NULL) {
-		retval = ENOMEM;
-		goto fail;
-	    }
-	    tmp_entry->s2kparams.length = 1;
-	    tmp_entry->s2kparams.data[0] = 1;
-	    break;
-	default:
-	    break;
-	}
+        client_key->key_data_type[1] == KRB5_KDB_SALTTYPE_AFS3) {
+        switch (etype) {
+        case ENCTYPE_DES_CBC_CRC:
+        case ENCTYPE_DES_CBC_MD4:
+        case ENCTYPE_DES_CBC_MD5:
+            tmp_entry->s2kparams.data = malloc(1);
+            if (tmp_entry->s2kparams.data == NULL) {
+                retval = ENOMEM;
+                goto fail;
+            }
+            tmp_entry->s2kparams.length = 1;
+            tmp_entry->s2kparams.data[0] = 1;
+            break;
+        default:
+            break;
+        }
     }
 
     if (salt.length >= 0) {
-	tmp_entry->length = salt.length;
-	tmp_entry->salt = (unsigned char *) salt.data;
-	salt.data = 0;
+        tmp_entry->length = salt.length;
+        tmp_entry->salt = (unsigned char *) salt.data;
+        salt.data = 0;
     }
     *entry = tmp_entry;
     return 0;
 
 fail:
     if (tmp_entry) {
-	if (tmp_entry->s2kparams.data)
-	    free(tmp_entry->s2kparams.data);
-	free(tmp_entry);
+        if (tmp_entry->s2kparams.data)
+            free(tmp_entry->s2kparams.data);
+        free(tmp_entry);
     }
     if (salt.data)
-	free(salt.data);
+        free(salt.data);
     return retval;
 }
 /*
  * This function returns the etype information for a particular
  * client, to be passed back in the preauth list in the KRB_ERROR
  * message.  It supports generating both etype_info  and etype_info2
- *  as most of the work is the same.   
+ *  as most of the work is the same.
  */
 static krb5_error_code
 etype_info_helper(krb5_context context, krb5_kdc_req *request,
-	       krb5_db_entry *client, krb5_db_entry *server,
-	       krb5_pa_data *pa_data, int etype_info2)
+                  krb5_db_entry *client, krb5_db_entry *server,
+                  krb5_pa_data *pa_data, int etype_info2)
 {
-    krb5_etype_info_entry **	entry = 0;
-    krb5_key_data		*client_key;
-    krb5_error_code		retval;
-    krb5_data *			scratch;
-    krb5_enctype		db_etype;
-    int 			i = 0;
-    int 			start = 0;
-    int				seen_des = 0;
+    krb5_etype_info_entry **    entry = 0;
+    krb5_key_data               *client_key;
+    krb5_error_code             retval;
+    krb5_data *                 scratch;
+    krb5_enctype                db_etype;
+    int                         i = 0;
+    int                         start = 0;
+    int                         seen_des = 0;
 
     entry = malloc((client->n_key_data * 2 + 1) * sizeof(krb5_etype_info_entry *));
     if (entry == NULL)
-	return ENOMEM;
+        return ENOMEM;
     entry[0] = NULL;
 
     while (1) {
-	retval = krb5_dbe_search_enctype(context, client, &start, -1,
-					 -1, 0, &client_key);
-	if (retval == KRB5_KDB_NO_MATCHING_KEY)
-	    break;
-	if (retval)
-	    goto cleanup;
-	db_etype = client_key->key_data_type[0];
-	if (db_etype == ENCTYPE_DES_CBC_MD4)
-	    db_etype = ENCTYPE_DES_CBC_MD5;
-	
-	if (request_contains_enctype(context, request, db_etype)) {
-	    assert(etype_info2 ||
-		   !enctype_requires_etype_info_2(db_etype));
-	    retval = _make_etype_info_entry(context, client->princ, client_key,
-					    db_etype, &entry[i], etype_info2);
-	    if (retval != 0)
-		goto cleanup;
-	    entry[i+1] = 0;
-	    i++;
-	}
-
-	/* 
-	 * If there is a des key in the kdb, try the "similar" enctypes,
-	 * avoid duplicate entries. 
-	 */
-	if (!seen_des) {
-	    switch (db_etype) {
-	    case ENCTYPE_DES_CBC_MD5:
-		db_etype = ENCTYPE_DES_CBC_CRC;
-		break;
-	    case ENCTYPE_DES_CBC_CRC:
-		db_etype = ENCTYPE_DES_CBC_MD5;
-		break;
-	    default:
-		continue;
-
-	    }
-	    if (request_contains_enctype(context, request, db_etype)) {
-		retval = _make_etype_info_entry(context, client->princ,
-						client_key, db_etype,
-						&entry[i], etype_info2);
-		if (retval != 0)
-		    goto cleanup;
-		entry[i+1] = 0;
-		i++;
-	    }
-	    seen_des++;
-	}
+        retval = krb5_dbe_search_enctype(context, client, &start, -1,
+                                         -1, 0, &client_key);
+        if (retval == KRB5_KDB_NO_MATCHING_KEY)
+            break;
+        if (retval)
+            goto cleanup;
+        db_etype = client_key->key_data_type[0];
+        if (db_etype == ENCTYPE_DES_CBC_MD4)
+            db_etype = ENCTYPE_DES_CBC_MD5;
+
+        if (request_contains_enctype(context, request, db_etype)) {
+            assert(etype_info2 ||
+                   !enctype_requires_etype_info_2(db_etype));
+            retval = _make_etype_info_entry(context, client->princ, client_key,
+                                            db_etype, &entry[i], etype_info2);
+            if (retval != 0)
+                goto cleanup;
+            entry[i+1] = 0;
+            i++;
+        }
+
+        /*
+         * If there is a des key in the kdb, try the "similar" enctypes,
+         * avoid duplicate entries.
+         */
+        if (!seen_des) {
+            switch (db_etype) {
+            case ENCTYPE_DES_CBC_MD5:
+                db_etype = ENCTYPE_DES_CBC_CRC;
+                break;
+            case ENCTYPE_DES_CBC_CRC:
+                db_etype = ENCTYPE_DES_CBC_MD5;
+                break;
+            default:
+                continue;
+
+            }
+            if (request_contains_enctype(context, request, db_etype)) {
+                retval = _make_etype_info_entry(context, client->princ,
+                                                client_key, db_etype,
+                                                &entry[i], etype_info2);
+                if (retval != 0)
+                    goto cleanup;
+                entry[i+1] = 0;
+                i++;
+            }
+            seen_des++;
+        }
     }
     if (etype_info2)
-	retval = encode_krb5_etype_info2(entry, &scratch);
+        retval = encode_krb5_etype_info2(entry, &scratch);
     else
- 	retval = encode_krb5_etype_info(entry, &scratch);
+        retval = encode_krb5_etype_info(entry, &scratch);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     pa_data->contents = (unsigned char *)scratch->data;
     pa_data->length = scratch->length;
     free(scratch);
@@ -1632,45 +1633,45 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
 
 cleanup:
     if (entry)
-	krb5_free_etype_info(context, entry);
+        krb5_free_etype_info(context, entry);
     return retval;
 }
 
 static krb5_error_code
 get_etype_info(krb5_context context, krb5_kdc_req *request,
-	       krb5_db_entry *client, krb5_db_entry *server,
-	       preauth_get_entry_data_proc etype_get_entry_data,
-	       void *pa_system_context,
-	       krb5_pa_data *pa_data)
+               krb5_db_entry *client, krb5_db_entry *server,
+               preauth_get_entry_data_proc etype_get_entry_data,
+               void *pa_system_context,
+               krb5_pa_data *pa_data)
 {
-  int i;
+    int i;
     for (i=0;  i < request->nktypes; i++) {
-	if (enctype_requires_etype_info_2(request->ktype[i])) 
-	    return KRB5KDC_ERR_PADATA_TYPE_NOSUPP ;;;; /*Caller will
-							* skip this
-							* type*/
+        if (enctype_requires_etype_info_2(request->ktype[i]))
+            return KRB5KDC_ERR_PADATA_TYPE_NOSUPP ;;;; /*Caller will
+                                                        * skip this
+                                                        * type*/
     }
     return etype_info_helper(context, request, client, server, pa_data, 0);
 }
 
 static krb5_error_code
 get_etype_info2(krb5_context context, krb5_kdc_req *request,
-	       krb5_db_entry *client, krb5_db_entry *server,
-	       preauth_get_entry_data_proc etype_get_entry_data,
-	       void *pa_system_context,
-	       krb5_pa_data *pa_data)
+                krb5_db_entry *client, krb5_db_entry *server,
+                preauth_get_entry_data_proc etype_get_entry_data,
+                void *pa_system_context,
+                krb5_pa_data *pa_data)
 {
     return etype_info_helper( context, request, client, server, pa_data, 1);
 }
 
 static krb5_error_code
-etype_info_as_rep_helper(krb5_context context, krb5_pa_data * padata, 
-			 krb5_db_entry *client,
-			 krb5_kdc_req *request, krb5_kdc_rep *reply,
-			 krb5_key_data *client_key,
-			 krb5_keyblock *encrypting_key,
-			 krb5_pa_data **send_pa,
-			 int etype_info2)
+etype_info_as_rep_helper(krb5_context context, krb5_pa_data * padata,
+                         krb5_db_entry *client,
+                         krb5_kdc_req *request, krb5_kdc_rep *reply,
+                         krb5_key_data *client_key,
+                         krb5_keyblock *encrypting_key,
+                         krb5_pa_data **send_pa,
+                         int etype_info2)
 {
     int i;
     krb5_error_code retval;
@@ -1683,181 +1684,181 @@ etype_info_as_rep_helper(krb5_context context, krb5_pa_data * padata,
      * enctypes.
      */
     if (!etype_info2) {
-	for (i = 0; i < request->nktypes; i++) {
-	    if (enctype_requires_etype_info_2(request->ktype[i])) {
-		*send_pa = NULL;
-		return 0;
-	    }
-	}
+        for (i = 0; i < request->nktypes; i++) {
+            if (enctype_requires_etype_info_2(request->ktype[i])) {
+                *send_pa = NULL;
+                return 0;
+            }
+        }
     }
 
     tmp_padata = malloc( sizeof(krb5_pa_data));
     if (tmp_padata == NULL)
-	return ENOMEM;
+        return ENOMEM;
     if (etype_info2)
-	tmp_padata->pa_type = KRB5_PADATA_ETYPE_INFO2;
+        tmp_padata->pa_type = KRB5_PADATA_ETYPE_INFO2;
     else
-	tmp_padata->pa_type = KRB5_PADATA_ETYPE_INFO;
+        tmp_padata->pa_type = KRB5_PADATA_ETYPE_INFO;
 
     entry = malloc(2 * sizeof(krb5_etype_info_entry *));
     if (entry == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     entry[0] = NULL;
     entry[1] = NULL;
     retval = _make_etype_info_entry(context, client->princ, client_key,
-				    encrypting_key->enctype, entry,
-				    etype_info2);
+                                    encrypting_key->enctype, entry,
+                                    etype_info2);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     if (etype_info2)
-	retval = encode_krb5_etype_info2(entry, &scratch);
+        retval = encode_krb5_etype_info2(entry, &scratch);
     else
-	retval = encode_krb5_etype_info(entry, &scratch);
+        retval = encode_krb5_etype_info(entry, &scratch);
 
     if (retval)
-	goto cleanup;
+        goto cleanup;
     tmp_padata->contents = (krb5_octet *)scratch->data;
     tmp_padata->length = scratch->length;
     *send_pa = tmp_padata;
 
-    /* For cleanup - we no longer own the contents of the krb5_data 
+    /* For cleanup - we no longer own the contents of the krb5_data
      * only to pointer to the krb5_data
      */
     scratch->data = 0;
 
- cleanup:
+cleanup:
     if (entry)
-	krb5_free_etype_info(context, entry);
+        krb5_free_etype_info(context, entry);
     if (retval) {
-	if (tmp_padata)
-	    free(tmp_padata);
+        if (tmp_padata)
+            free(tmp_padata);
     }
     if (scratch)
-	    krb5_free_data(context, scratch);
+        krb5_free_data(context, scratch);
     return retval;
 }
 
 static krb5_error_code
-return_etype_info2(krb5_context context, krb5_pa_data * padata, 
-		   krb5_db_entry *client,
-		   krb5_data *req_pkt,
-		   krb5_kdc_req *request, krb5_kdc_rep *reply,
-		   krb5_key_data *client_key,
-		   krb5_keyblock *encrypting_key,
-		   krb5_pa_data **send_pa,
-		   preauth_get_entry_data_proc etype_get_entry_data,
-	           void *pa_system_context,
-		   void **pa_request_context)
+return_etype_info2(krb5_context context, krb5_pa_data * padata,
+                   krb5_db_entry *client,
+                   krb5_data *req_pkt,
+                   krb5_kdc_req *request, krb5_kdc_rep *reply,
+                   krb5_key_data *client_key,
+                   krb5_keyblock *encrypting_key,
+                   krb5_pa_data **send_pa,
+                   preauth_get_entry_data_proc etype_get_entry_data,
+                   void *pa_system_context,
+                   void **pa_request_context)
 {
     return etype_info_as_rep_helper(context, padata, client, request, reply,
-				    client_key, encrypting_key, send_pa, 1);
+                                    client_key, encrypting_key, send_pa, 1);
 }
 
 
 static krb5_error_code
-return_etype_info(krb5_context context, krb5_pa_data * padata, 
-		  krb5_db_entry *client,
-		  krb5_data *req_pkt,
-		  krb5_kdc_req *request, krb5_kdc_rep *reply,
-		  krb5_key_data *client_key,
-		  krb5_keyblock *encrypting_key,
-		  krb5_pa_data **send_pa,
-		  preauth_get_entry_data_proc etypeget_entry_data,
-	          void *pa_system_context,
-		  void **pa_request_context)
+return_etype_info(krb5_context context, krb5_pa_data * padata,
+                  krb5_db_entry *client,
+                  krb5_data *req_pkt,
+                  krb5_kdc_req *request, krb5_kdc_rep *reply,
+                  krb5_key_data *client_key,
+                  krb5_keyblock *encrypting_key,
+                  krb5_pa_data **send_pa,
+                  preauth_get_entry_data_proc etypeget_entry_data,
+                  void *pa_system_context,
+                  void **pa_request_context)
 {
     return etype_info_as_rep_helper(context, padata, client, request, reply,
-				    client_key, encrypting_key, send_pa, 0);
+                                    client_key, encrypting_key, send_pa, 0);
 }
 
 static krb5_error_code
 return_pw_salt(krb5_context context, krb5_pa_data *in_padata,
-	       krb5_db_entry *client, krb5_data *req_pkt, krb5_kdc_req *request,
-	       krb5_kdc_rep *reply, krb5_key_data *client_key,
-	       krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
-	       preauth_get_entry_data_proc etype_get_entry_data,
-	       void *pa_system_context,
-	       void **pa_request_context)
+               krb5_db_entry *client, krb5_data *req_pkt, krb5_kdc_req *request,
+               krb5_kdc_rep *reply, krb5_key_data *client_key,
+               krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
+               preauth_get_entry_data_proc etype_get_entry_data,
+               void *pa_system_context,
+               void **pa_request_context)
 {
-    krb5_error_code	retval;
-    krb5_pa_data *	padata;
-    krb5_data *		scratch;
-    krb5_data		salt_data;
+    krb5_error_code     retval;
+    krb5_pa_data *      padata;
+    krb5_data *         scratch;
+    krb5_data           salt_data;
     int i;
-    
+
     for (i = 0; i < request->nktypes; i++) {
-	if (enctype_requires_etype_info_2(request->ktype[i]))
-	    return 0;
+        if (enctype_requires_etype_info_2(request->ktype[i]))
+            return 0;
     }
     if (client_key->key_data_ver == 1 ||
-	client_key->key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)
-	return 0;
+        client_key->key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)
+        return 0;
 
     if ((padata = malloc(sizeof(krb5_pa_data))) == NULL)
-	return ENOMEM;
+        return ENOMEM;
     padata->magic = KV5M_PA_DATA;
     padata->pa_type = KRB5_PADATA_PW_SALT;
-    
+
     switch (client_key->key_data_type[1]) {
     case KRB5_KDB_SALTTYPE_V4:
-	/* send an empty (V4) salt */
-	padata->contents = 0;
-	padata->length = 0;
-	break;
+        /* send an empty (V4) salt */
+        padata->contents = 0;
+        padata->length = 0;
+        break;
     case KRB5_KDB_SALTTYPE_NOREALM:
-	if ((retval = krb5_principal2salt_norealm(kdc_context, 
-						   request->client,
-						   &salt_data)))
-	    goto cleanup;
-	padata->contents = (krb5_octet *)salt_data.data;
-	padata->length = salt_data.length;
-	break;
+        if ((retval = krb5_principal2salt_norealm(kdc_context,
+                                                  request->client,
+                                                  &salt_data)))
+            goto cleanup;
+        padata->contents = (krb5_octet *)salt_data.data;
+        padata->length = salt_data.length;
+        break;
     case KRB5_KDB_SALTTYPE_AFS3:
-	/* send an AFS style realm-based salt */
-	/* for now, just pass the realm back and let the client
-	   do the work. In the future, add a kdc configuration
-	   variable that specifies the old cell name. */
-	padata->pa_type = KRB5_PADATA_AFS3_SALT;
-	/* it would be just like ONLYREALM, but we need to pass the 0 */
-	scratch = krb5_princ_realm(kdc_context, request->client);
-	if ((padata->contents = malloc(scratch->length+1)) == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	memcpy(padata->contents, scratch->data, scratch->length);
-	padata->length = scratch->length+1;
-	padata->contents[scratch->length] = 0;
-	break;
+        /* send an AFS style realm-based salt */
+        /* for now, just pass the realm back and let the client
+           do the work. In the future, add a kdc configuration
+           variable that specifies the old cell name. */
+        padata->pa_type = KRB5_PADATA_AFS3_SALT;
+        /* it would be just like ONLYREALM, but we need to pass the 0 */
+        scratch = krb5_princ_realm(kdc_context, request->client);
+        if ((padata->contents = malloc(scratch->length+1)) == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(padata->contents, scratch->data, scratch->length);
+        padata->length = scratch->length+1;
+        padata->contents[scratch->length] = 0;
+        break;
     case KRB5_KDB_SALTTYPE_ONLYREALM:
-	scratch = krb5_princ_realm(kdc_context, request->client);
-	if ((padata->contents = malloc(scratch->length)) == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	memcpy(padata->contents, scratch->data, scratch->length);
-	padata->length = scratch->length;
-	break;
+        scratch = krb5_princ_realm(kdc_context, request->client);
+        if ((padata->contents = malloc(scratch->length)) == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(padata->contents, scratch->data, scratch->length);
+        padata->length = scratch->length;
+        break;
     case KRB5_KDB_SALTTYPE_SPECIAL:
-	if ((padata->contents = malloc(client_key->key_data_length[1]))
-	    == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	memcpy(padata->contents, client_key->key_data_contents[1],
-	       client_key->key_data_length[1]);
-	padata->length = client_key->key_data_length[1];
-	break;
+        if ((padata->contents = malloc(client_key->key_data_length[1]))
+            == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(padata->contents, client_key->key_data_contents[1],
+               client_key->key_data_length[1]);
+        padata->length = client_key->key_data_length[1];
+        break;
     default:
-	free(padata);
-	return 0;
+        free(padata);
+        return 0;
     }
 
     *send_pa = padata;
     return 0;
-    
+
 cleanup:
     free(padata);
     return retval;
@@ -1865,22 +1866,22 @@ cleanup:
 
 static krb5_error_code
 return_sam_data(krb5_context context, krb5_pa_data *in_padata,
-		krb5_db_entry *client, krb5_data *req_pkt, krb5_kdc_req *request,
-		krb5_kdc_rep *reply, krb5_key_data *client_key,
-		krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
-		preauth_get_entry_data_proc sam_get_entry_data,
-		void *pa_system_context,
-		void **pa_request_context)
+                krb5_db_entry *client, krb5_data *req_pkt, krb5_kdc_req *request,
+                krb5_kdc_rep *reply, krb5_key_data *client_key,
+                krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
+                preauth_get_entry_data_proc sam_get_entry_data,
+                void *pa_system_context,
+                void **pa_request_context)
 {
-    krb5_error_code	retval;
-    krb5_data		scratch;
-    int			i;
+    krb5_error_code     retval;
+    krb5_data           scratch;
+    int                 i;
 
-    krb5_sam_response		*sr = 0;
-    krb5_predicted_sam_response	*psr = 0;
+    krb5_sam_response           *sr = 0;
+    krb5_predicted_sam_response *psr = 0;
 
     if (in_padata == 0)
-	return 0;
+        return 0;
 
     /*
      * We start by doing the same thing verify_sam_response() does:
@@ -1891,71 +1892,71 @@ return_sam_data(krb5_context context, krb5_pa_data *in_padata,
 
     scratch.data = (char *)in_padata->contents;
     scratch.length = in_padata->length;
-    
+
     if ((retval = decode_krb5_sam_response(&scratch, &sr))) {
-	kdc_err(context, retval,
-		"return_sam_data(): decode_krb5_sam_response failed");
-	goto cleanup;
+        kdc_err(context, retval,
+                "return_sam_data(): decode_krb5_sam_response failed");
+        goto cleanup;
     }
 
     {
-	krb5_enc_data tmpdata;
+        krb5_enc_data tmpdata;
 
-	tmpdata.enctype = ENCTYPE_UNKNOWN;
-	tmpdata.ciphertext = sr->sam_track_id;
+        tmpdata.enctype = ENCTYPE_UNKNOWN;
+        tmpdata.ciphertext = sr->sam_track_id;
 
-	scratch.length = tmpdata.ciphertext.length;
-	if ((scratch.data = (char *) malloc(scratch.length)) == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
+        scratch.length = tmpdata.ciphertext.length;
+        if ((scratch.data = (char *) malloc(scratch.length)) == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
 
-	if ((retval = krb5_c_decrypt(context, &psr_key, /* XXX */ 0, 0,
-				     &tmpdata, &scratch))) {
-	    kdc_err(context, retval,
-		    "return_sam_data(): decrypt track_id failed");
-	    free(scratch.data);
-	    goto cleanup;
-	}
+        if ((retval = krb5_c_decrypt(context, &psr_key, /* XXX */ 0, 0,
+                                     &tmpdata, &scratch))) {
+            kdc_err(context, retval,
+                    "return_sam_data(): decrypt track_id failed");
+            free(scratch.data);
+            goto cleanup;
+        }
     }
 
     if ((retval = decode_krb5_predicted_sam_response(&scratch, &psr))) {
-	kdc_err(context, retval,
-		"return_sam_data(): decode_krb5_predicted_sam_response failed");
-	free(scratch.data);
-	goto cleanup;
+        kdc_err(context, retval,
+                "return_sam_data(): decode_krb5_predicted_sam_response failed");
+        free(scratch.data);
+        goto cleanup;
     }
 
     /* We could use sr->sam_flags, but it may be absent or altered. */
     if (psr->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) {
-	kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
-		"Unsupported SAM flag must-pk-encrypt-sad");
-	goto cleanup;
+        kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
+                "Unsupported SAM flag must-pk-encrypt-sad");
+        goto cleanup;
     }
     if (psr->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
-	/* No key munging */
-	goto cleanup;
+        /* No key munging */
+        goto cleanup;
     }
     if (psr->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) {
-	/* Use sam_key instead of client key */
-	krb5_free_keyblock_contents(context, encrypting_key);
-	krb5_copy_keyblock_contents(context, &psr->sam_key, encrypting_key);
-	/* XXX Attach a useful pa_data */
-	goto cleanup;
+        /* Use sam_key instead of client key */
+        krb5_free_keyblock_contents(context, encrypting_key);
+        krb5_copy_keyblock_contents(context, &psr->sam_key, encrypting_key);
+        /* XXX Attach a useful pa_data */
+        goto cleanup;
     }
 
     /* Otherwise (no flags set), we XOR the keys */
     /* XXX The passwords-04 draft is underspecified here wrt different
-	   key types. We will do what I hope to get into the -05 draft. */
+       key types. We will do what I hope to get into the -05 draft. */
     {
-	krb5_octet *p = encrypting_key->contents;
-	krb5_octet *q = psr->sam_key.contents;
-	int length = ((encrypting_key->length < psr->sam_key.length)
-		      ? encrypting_key->length
-		      : psr->sam_key.length);
+        krb5_octet *p = encrypting_key->contents;
+        krb5_octet *q = psr->sam_key.contents;
+        int length = ((encrypting_key->length < psr->sam_key.length)
+                      ? encrypting_key->length
+                      : psr->sam_key.length);
 
-	for (i = 0; i < length; i++)
-	    p[i] ^= q[i];
+        for (i = 0; i < length; i++)
+            p[i] ^= q[i];
     }
 
     /* Post-mixing key correction */
@@ -1964,58 +1965,58 @@ return_sam_data(krb5_context context, krb5_pa_data *in_padata,
     case ENCTYPE_DES_CBC_MD4:
     case ENCTYPE_DES_CBC_MD5:
     case ENCTYPE_DES_CBC_RAW:
-	mit_des_fixup_key_parity(encrypting_key->contents);
-	if (mit_des_is_weak_key(encrypting_key->contents))
-	    ((krb5_octet *) encrypting_key->contents)[7] ^= 0xf0;
-	break;
+        mit_des_fixup_key_parity(encrypting_key->contents);
+        if (mit_des_is_weak_key(encrypting_key->contents))
+            ((krb5_octet *) encrypting_key->contents)[7] ^= 0xf0;
+        break;
 
-    /* XXX case ENCTYPE_DES3_CBC_MD5: listed in 1510bis-04 draft */
+        /* XXX case ENCTYPE_DES3_CBC_MD5: listed in 1510bis-04 draft */
     case ENCTYPE_DES3_CBC_SHA: /* XXX deprecated? */
     case ENCTYPE_DES3_CBC_RAW:
     case ENCTYPE_DES3_CBC_SHA1:
-	for (i = 0; i < 3; i++) {
-	    mit_des_fixup_key_parity(encrypting_key->contents + i * 8);
-	    if (mit_des_is_weak_key(encrypting_key->contents + i * 8))
-		((krb5_octet *) encrypting_key->contents)[7 + i * 8] ^= 0xf0;
-	}
-	break;
+        for (i = 0; i < 3; i++) {
+            mit_des_fixup_key_parity(encrypting_key->contents + i * 8);
+            if (mit_des_is_weak_key(encrypting_key->contents + i * 8))
+                ((krb5_octet *) encrypting_key->contents)[7 + i * 8] ^= 0xf0;
+        }
+        break;
 
     default:
-	kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
-		"Unimplemented keytype for SAM key mixing");
-	goto cleanup;
+        kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
+                "Unimplemented keytype for SAM key mixing");
+        goto cleanup;
     }
 
     /* XXX Attach a useful pa_data */
 cleanup:
     if (sr)
-	krb5_free_sam_response(context, sr);
+        krb5_free_sam_response(context, sr);
     if (psr)
-	krb5_free_predicted_sam_response(context, psr);
+        krb5_free_predicted_sam_response(context, psr);
 
     return retval;
 }
-    
+
 static struct {
-  char* name;
-  int   sam_type;
+    char* name;
+    int   sam_type;
 } *sam_ptr, sam_inst_map[] = {
-  { "SNK4", PA_SAM_TYPE_DIGI_PATH, },
-  { "SECURID", PA_SAM_TYPE_SECURID, },
-  { "GRAIL", PA_SAM_TYPE_GRAIL, },
-  { 0, 0 },
+    { "SNK4", PA_SAM_TYPE_DIGI_PATH, },
+    { "SECURID", PA_SAM_TYPE_SECURID, },
+    { "GRAIL", PA_SAM_TYPE_GRAIL, },
+    { 0, 0 },
 };
 
 static krb5_error_code
 get_sam_edata(krb5_context context, krb5_kdc_req *request,
-	      krb5_db_entry *client, krb5_db_entry *server,
-	      preauth_get_entry_data_proc sam_get_entry_data,
-	      void *pa_system_context, krb5_pa_data *pa_data)
+              krb5_db_entry *client, krb5_db_entry *server,
+              preauth_get_entry_data_proc sam_get_entry_data,
+              void *pa_system_context, krb5_pa_data *pa_data)
 {
-    krb5_error_code		retval;
-    krb5_sam_challenge		sc;
-    krb5_predicted_sam_response	psr;
-    krb5_data *			scratch;
+    krb5_error_code             retval;
+    krb5_sam_challenge          sc;
+    krb5_predicted_sam_response psr;
+    krb5_data *                 scratch;
     krb5_keyblock encrypting_key, *mkey_ptr;
     char response[9];
     char inputblock[8];
@@ -2029,368 +2030,368 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request,
        names that match the types of preauth used. Later we should
        make this mapping show up in kdc.conf. In the meantime, we
        hardcode the following:
-		/SNK4 -- Digital Pathways SNK/4 preauth.
-		/GRAIL -- experimental preauth
+       /SNK4 -- Digital Pathways SNK/4 preauth.
+       /GRAIL -- experimental preauth
        The first one found is used. See sam_inst_map above.
 
        For SNK4 in particular, the key in the database is the key for
        the device; kadmin needs a special interface for it.
-     */
+    */
 
     {
-      int npr = 1;
-      krb5_boolean more;
-      krb5_db_entry assoc;
-      krb5_key_data  *assoc_key;
-      krb5_principal newp;
-      int probeslot;
-
-      sc.sam_type = 0;
-
-      retval = krb5_copy_principal(kdc_context, request->client, &newp);
-      if (retval) {
-	kdc_err(kdc_context, retval, "copying client name for preauth probe");
-	return retval;
-      }
-
-      probeslot = krb5_princ_size(context, newp)++;
-      krb5_princ_name(kdc_context, newp) = 
-	realloc(krb5_princ_name(kdc_context, newp),
-		krb5_princ_size(context, newp) * sizeof(krb5_data));
-
-      for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) {
-	krb5_princ_component(kdc_context,newp,probeslot)->data = sam_ptr->name;
-	krb5_princ_component(kdc_context,newp,probeslot)->length = 
-	  strlen(sam_ptr->name);
-	npr = 1;
-	retval = get_principal(kdc_context, newp, &assoc, &npr, &more);
-	if(!retval && npr) {
-	  sc.sam_type = sam_ptr->sam_type;
-	  break;
-	}
-      }
-
-      krb5_princ_component(kdc_context,newp,probeslot)->data = 0;
-      krb5_princ_component(kdc_context,newp,probeslot)->length = 0;
-      krb5_princ_size(context, newp)--;
-
-      krb5_free_principal(kdc_context, newp);
-
-      /* if sc.sam_type is set, it worked */
-      if (sc.sam_type) {
-	/* so use assoc to get the key out! */
-	{
-          if ((retval = krb5_dbe_find_mkey(context, master_keylist, &assoc,
-                                           &mkey_ptr))) {
-              krb5_keylist_node *tmp_mkey_list;
-              /* try refreshing the mkey list in case it's been updated */
-              if (krb5_db_fetch_mkey_list(context, master_princ,
-                                          &master_keyblock, 0,
-                                          &tmp_mkey_list) == 0) {
-                  krb5_dbe_free_key_list(context, master_keylist);
-                  master_keylist = tmp_mkey_list;
-                  if ((retval = krb5_dbe_find_mkey(context, master_keylist, &assoc,
-                                                   &mkey_ptr))) {
-                      return (retval);
-                  }
-              } else {
-                  return (retval);
-              }
-          }
-
-	  /* here's what do_tgs_req does */
-	  retval = krb5_dbe_find_enctype(kdc_context, &assoc,
-					 ENCTYPE_DES_CBC_RAW,
-					 KRB5_KDB_SALTTYPE_NORMAL,
-					 0,		/* Get highest kvno */
-					 &assoc_key);
-	  if (retval) {
-	    char *sname;
-	    krb5_unparse_name(kdc_context, request->client, &sname);
-	    kdc_err(kdc_context, retval, 
-		    "snk4 finding the enctype and key <%s>", sname);
-	    free(sname);
-	    return retval;
-	  }
-	  /* convert server.key into a real key */
-	  retval = krb5_dbekd_decrypt_key_data(kdc_context,
-					       mkey_ptr, 
-					       assoc_key, &encrypting_key,
-					       NULL);
-	  if (retval) {
-	    kdc_err(kdc_context, retval, 
-		    "snk4 pulling out key entry");
-	    return retval;
-	  }
-	  /* now we can use encrypting_key... */
-	}
-      } else {
-	/* SAM is not an option - so don't return as hint */
-	return KRB5_PREAUTH_BAD_TYPE;
-      }
+        int npr = 1;
+        krb5_boolean more;
+        krb5_db_entry assoc;
+        krb5_key_data  *assoc_key;
+        krb5_principal newp;
+        int probeslot;
+
+        sc.sam_type = 0;
+
+        retval = krb5_copy_principal(kdc_context, request->client, &newp);
+        if (retval) {
+            kdc_err(kdc_context, retval, "copying client name for preauth probe");
+            return retval;
+        }
+
+        probeslot = krb5_princ_size(context, newp)++;
+        krb5_princ_name(kdc_context, newp) =
+            realloc(krb5_princ_name(kdc_context, newp),
+                    krb5_princ_size(context, newp) * sizeof(krb5_data));
+
+        for(sam_ptr = sam_inst_map; sam_ptr->name; sam_ptr++) {
+            krb5_princ_component(kdc_context,newp,probeslot)->data = sam_ptr->name;
+            krb5_princ_component(kdc_context,newp,probeslot)->length =
+                strlen(sam_ptr->name);
+            npr = 1;
+            retval = get_principal(kdc_context, newp, &assoc, &npr, &more);
+            if(!retval && npr) {
+                sc.sam_type = sam_ptr->sam_type;
+                break;
+            }
+        }
+
+        krb5_princ_component(kdc_context,newp,probeslot)->data = 0;
+        krb5_princ_component(kdc_context,newp,probeslot)->length = 0;
+        krb5_princ_size(context, newp)--;
+
+        krb5_free_principal(kdc_context, newp);
+
+        /* if sc.sam_type is set, it worked */
+        if (sc.sam_type) {
+            /* so use assoc to get the key out! */
+            {
+                if ((retval = krb5_dbe_find_mkey(context, master_keylist, &assoc,
+                                                 &mkey_ptr))) {
+                    krb5_keylist_node *tmp_mkey_list;
+                    /* try refreshing the mkey list in case it's been updated */
+                    if (krb5_db_fetch_mkey_list(context, master_princ,
+                                                &master_keyblock, 0,
+                                                &tmp_mkey_list) == 0) {
+                        krb5_dbe_free_key_list(context, master_keylist);
+                        master_keylist = tmp_mkey_list;
+                        if ((retval = krb5_dbe_find_mkey(context, master_keylist, &assoc,
+                                                         &mkey_ptr))) {
+                            return (retval);
+                        }
+                    } else {
+                        return (retval);
+                    }
+                }
+
+                /* here's what do_tgs_req does */
+                retval = krb5_dbe_find_enctype(kdc_context, &assoc,
+                                               ENCTYPE_DES_CBC_RAW,
+                                               KRB5_KDB_SALTTYPE_NORMAL,
+                                               0,             /* Get highest kvno */
+                                               &assoc_key);
+                if (retval) {
+                    char *sname;
+                    krb5_unparse_name(kdc_context, request->client, &sname);
+                    kdc_err(kdc_context, retval,
+                            "snk4 finding the enctype and key <%s>", sname);
+                    free(sname);
+                    return retval;
+                }
+                /* convert server.key into a real key */
+                retval = krb5_dbekd_decrypt_key_data(kdc_context,
+                                                     mkey_ptr,
+                                                     assoc_key, &encrypting_key,
+                                                     NULL);
+                if (retval) {
+                    kdc_err(kdc_context, retval,
+                            "snk4 pulling out key entry");
+                    return retval;
+                }
+                /* now we can use encrypting_key... */
+            }
+        } else {
+            /* SAM is not an option - so don't return as hint */
+            return KRB5_PREAUTH_BAD_TYPE;
+        }
     }
     sc.magic = KV5M_SAM_CHALLENGE;
     psr.sam_flags = sc.sam_flags = KRB5_SAM_USE_SAD_AS_KEY;
 
     /* Replay prevention */
     if ((retval = krb5_copy_principal(context, request->client, &psr.client)))
-	return retval;
+        return retval;
 #ifdef USE_RCACHE
     if ((retval = krb5_us_timeofday(context, &psr.stime, &psr.susec)))
-	return retval;
+        return retval;
 #endif /* USE_RCACHE */
 
     switch (sc.sam_type) {
     case PA_SAM_TYPE_GRAIL:
-      sc.sam_type_name.data = "Experimental System";
-      sc.sam_type_name.length = strlen(sc.sam_type_name.data);
-      sc.sam_challenge_label.data = "experimental challenge label";
-      sc.sam_challenge_label.length = strlen(sc.sam_challenge_label.data);
-      sc.sam_challenge.data = "12345";
-      sc.sam_challenge.length = strlen(sc.sam_challenge.data);
+        sc.sam_type_name.data = "Experimental System";
+        sc.sam_type_name.length = strlen(sc.sam_type_name.data);
+        sc.sam_challenge_label.data = "experimental challenge label";
+        sc.sam_challenge_label.length = strlen(sc.sam_challenge_label.data);
+        sc.sam_challenge.data = "12345";
+        sc.sam_challenge.length = strlen(sc.sam_challenge.data);
 
 #if 0 /* Enable this to test "normal" (no flags set) mode.  */
-      psr.sam_flags = sc.sam_flags = 0;
+        psr.sam_flags = sc.sam_flags = 0;
 #endif
 
-      psr.magic = KV5M_PREDICTED_SAM_RESPONSE;
-      /* string2key on sc.sam_challenge goes in here */
-      /* eblock is just to set the enctype */
-      {
-	const krb5_enctype type = ENCTYPE_DES_CBC_MD5;
-
-	if ((retval = krb5_c_string_to_key(context, type, &sc.sam_challenge,
-					   0 /* salt */, &psr.sam_key)))
-	    goto cleanup;
-
-	if ((retval = encode_krb5_predicted_sam_response(&psr, &scratch)))
-	    goto cleanup;
-	
-	{
-	    size_t enclen;
-	    krb5_enc_data tmpdata;
-
-	    if ((retval = krb5_c_encrypt_length(context,
-						psr_key.enctype,
-						scratch->length, &enclen)))
-		goto cleanup;
-
-	    if ((tmpdata.ciphertext.data = (char *) malloc(enclen)) == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    tmpdata.ciphertext.length = enclen;
-
-	    if ((retval = krb5_c_encrypt(context, &psr_key,
-					 /* XXX */ 0, 0, scratch, &tmpdata)))
-		goto cleanup;
-
-	    sc.sam_track_id = tmpdata.ciphertext;
-	}
-      }
-
-      sc.sam_response_prompt.data = "response prompt";
-      sc.sam_response_prompt.length = strlen(sc.sam_response_prompt.data);
-      sc.sam_pk_for_sad.length = 0;
-      sc.sam_nonce = 0;
-      /* Generate checksum */
-      /*krb5_checksum_size(context, ctype)*/
-      /*krb5_calculate_checksum(context,ctype,in,in_length,seed,
-	seed_length,outcksum) */
-      /*krb5_verify_checksum(context,ctype,cksum,in,in_length,seed,
-	seed_length) */
+        psr.magic = KV5M_PREDICTED_SAM_RESPONSE;
+        /* string2key on sc.sam_challenge goes in here */
+        /* eblock is just to set the enctype */
+        {
+            const krb5_enctype type = ENCTYPE_DES_CBC_MD5;
+
+            if ((retval = krb5_c_string_to_key(context, type, &sc.sam_challenge,
+                                               0 /* salt */, &psr.sam_key)))
+                goto cleanup;
+
+            if ((retval = encode_krb5_predicted_sam_response(&psr, &scratch)))
+                goto cleanup;
+
+            {
+                size_t enclen;
+                krb5_enc_data tmpdata;
+
+                if ((retval = krb5_c_encrypt_length(context,
+                                                    psr_key.enctype,
+                                                    scratch->length, &enclen)))
+                    goto cleanup;
+
+                if ((tmpdata.ciphertext.data = (char *) malloc(enclen)) == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                tmpdata.ciphertext.length = enclen;
+
+                if ((retval = krb5_c_encrypt(context, &psr_key,
+                                             /* XXX */ 0, 0, scratch, &tmpdata)))
+                    goto cleanup;
+
+                sc.sam_track_id = tmpdata.ciphertext;
+            }
+        }
+
+        sc.sam_response_prompt.data = "response prompt";
+        sc.sam_response_prompt.length = strlen(sc.sam_response_prompt.data);
+        sc.sam_pk_for_sad.length = 0;
+        sc.sam_nonce = 0;
+        /* Generate checksum */
+        /*krb5_checksum_size(context, ctype)*/
+        /*krb5_calculate_checksum(context,ctype,in,in_length,seed,
+          seed_length,outcksum) */
+        /*krb5_verify_checksum(context,ctype,cksum,in,in_length,seed,
+          seed_length) */
 #if 0 /* XXX a) glue appears broken; b) this gives up the SAD */
-      sc.sam_cksum.contents = (krb5_octet *)
-	malloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES));
-      if (sc.sam_cksum.contents == NULL) return(ENOMEM);
-
-      retval = krb5_calculate_checksum(context, CKSUMTYPE_RSA_MD5_DES,
-				       sc.sam_challenge.data,
-				       sc.sam_challenge.length,
-				       psr.sam_key.contents, /* key */
-				       psr.sam_key.length, /* key length */
-				       &sc.sam_cksum);
-      if (retval) { free(sc.sam_cksum.contents); return(retval); }
+        sc.sam_cksum.contents = (krb5_octet *)
+            malloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES));
+        if (sc.sam_cksum.contents == NULL) return(ENOMEM);
+
+        retval = krb5_calculate_checksum(context, CKSUMTYPE_RSA_MD5_DES,
+                                         sc.sam_challenge.data,
+                                         sc.sam_challenge.length,
+                                         psr.sam_key.contents, /* key */
+                                         psr.sam_key.length, /* key length */
+                                         &sc.sam_cksum);
+        if (retval) { free(sc.sam_cksum.contents); return(retval); }
 #endif /* 0 */
-      
-      retval = encode_krb5_sam_challenge(&sc, &scratch);
-      if (retval) goto cleanup;
-      pa_data->magic = KV5M_PA_DATA;
-      pa_data->pa_type = KRB5_PADATA_SAM_CHALLENGE;
-      pa_data->contents = (krb5_octet *)scratch->data;
-      pa_data->length = scratch->length;
-      
-      retval = 0;
-      break;
+
+        retval = encode_krb5_sam_challenge(&sc, &scratch);
+        if (retval) goto cleanup;
+        pa_data->magic = KV5M_PA_DATA;
+        pa_data->pa_type = KRB5_PADATA_SAM_CHALLENGE;
+        pa_data->contents = (krb5_octet *)scratch->data;
+        pa_data->length = scratch->length;
+
+        retval = 0;
+        break;
     case PA_SAM_TYPE_DIGI_PATH:
-      sc.sam_type_name.data = "Digital Pathways";
-      sc.sam_type_name.length = strlen(sc.sam_type_name.data);
+        sc.sam_type_name.data = "Digital Pathways";
+        sc.sam_type_name.length = strlen(sc.sam_type_name.data);
 #if 1
-      sc.sam_challenge_label.data = "Enter the following on your keypad";
-      sc.sam_challenge_label.length = strlen(sc.sam_challenge_label.data);
+        sc.sam_challenge_label.data = "Enter the following on your keypad";
+        sc.sam_challenge_label.length = strlen(sc.sam_challenge_label.data);
 #endif
-      /* generate digit string, take it mod 1000000 (six digits.) */
-      {
-	int j;
-	krb5_keyblock session_key;
-	char outputblock[8];
-	int i;
-
-	session_key.contents = 0;
-
-	memset(inputblock, 0, 8);
-
-	retval = krb5_c_make_random_key(kdc_context, ENCTYPE_DES_CBC_CRC,
-					&session_key);
-
-	if (retval) {
-	  /* random key failed */
-	  kdc_err(kdc_context, retval,
-		  "generating random challenge for preauth");
-	  return retval;
-	}
-	/* now session_key has a key which we can pick bits out of */
-	/* we need six decimal digits. Grab 6 bytes, div 2, mod 10 each. */
-	if (session_key.length != 8) {
-	  kdc_err(kdc_context, retval = KRB5KDC_ERR_ETYPE_NOSUPP,
-		  "keytype didn't match code expectations");
-	  return retval;
-	}
-	for(i = 0; i<6; i++) {
-	  inputblock[i] = '0' + ((session_key.contents[i]/2) % 10);
-	}
-	if (session_key.contents)
-	  krb5_free_keyblock_contents(kdc_context, &session_key);
-
-	/* retval = krb5_finish_key(kdc_context, &eblock); */
-	/* now we have inputblock containing the 8 byte input to DES... */
-	sc.sam_challenge.data = inputblock;
-	sc.sam_challenge.length = 6;
-
-	encrypting_key.enctype = ENCTYPE_DES_CBC_RAW;
-
-	if (retval)
-	    kdc_err(kdc_context, retval, "snk4 processing key");
-
-	{
-	    krb5_data plain;
-	    krb5_enc_data cipher;
-
-	    plain.length = 8;
-	    plain.data = inputblock;
-
-	    /* XXX I know this is enough because of the fixed raw enctype.
-	       if it's not, the underlying code will return a reasonable
-	       error, which should never happen */
-	    cipher.ciphertext.length = 8;
-	    cipher.ciphertext.data = outputblock;
-
-	    if ((retval = krb5_c_encrypt(kdc_context, &encrypting_key,
-					 /* XXX */ 0, 0, &plain, &cipher))) {
-		kdc_err(kdc_context, retval,
-			"snk4 response generation failed");
-		return retval;
-	    }
-	}
-
-	/* now output block is the raw bits of the response; convert it
-	   to display form */
-	for (j=0; j<4; j++) {
-	  char n[2];
-	  int k;
-	  n[0] = outputblock[j] & 0xf;
-	  n[1] = (outputblock[j]>>4) & 0xf;
-	  for (k=0; k<2; k++) {
-	    if(n[k] > 9) n[k] = ((n[k]-1)>>2);
-	    /* This is equivalent to:
-	       if(n[k]>=0xa && n[k]<=0xc) n[k] = 2;
-	       if(n[k]>=0xd && n[k]<=0xf) n[k] = 3;
-	       */
-	  }
-	  /* for v4, we keygen: *(j+(char*)&key1) = (n[1]<<4) | n[0]; */
-	  /* for v5, we just generate a string */
-	  response[2*j+0] = '0' + n[1];
-	  response[2*j+1] = '0' + n[0];
-	  /* and now, response has what we work with. */
-	}
-	response[8] = 0;
-	predict_response.data = response;
-	predict_response.length = 8;
-#if 0				/* for debugging, hack the output too! */
-sc.sam_challenge_label.data = response;
-sc.sam_challenge_label.length = strlen(sc.sam_challenge_label.data);
+        /* generate digit string, take it mod 1000000 (six digits.) */
+        {
+            int j;
+            krb5_keyblock session_key;
+            char outputblock[8];
+            int i;
+
+            session_key.contents = 0;
+
+            memset(inputblock, 0, 8);
+
+            retval = krb5_c_make_random_key(kdc_context, ENCTYPE_DES_CBC_CRC,
+                                            &session_key);
+
+            if (retval) {
+                /* random key failed */
+                kdc_err(kdc_context, retval,
+                        "generating random challenge for preauth");
+                return retval;
+            }
+            /* now session_key has a key which we can pick bits out of */
+            /* we need six decimal digits. Grab 6 bytes, div 2, mod 10 each. */
+            if (session_key.length != 8) {
+                kdc_err(kdc_context, retval = KRB5KDC_ERR_ETYPE_NOSUPP,
+                        "keytype didn't match code expectations");
+                return retval;
+            }
+            for(i = 0; i<6; i++) {
+                inputblock[i] = '0' + ((session_key.contents[i]/2) % 10);
+            }
+            if (session_key.contents)
+                krb5_free_keyblock_contents(kdc_context, &session_key);
+
+            /* retval = krb5_finish_key(kdc_context, &eblock); */
+            /* now we have inputblock containing the 8 byte input to DES... */
+            sc.sam_challenge.data = inputblock;
+            sc.sam_challenge.length = 6;
+
+            encrypting_key.enctype = ENCTYPE_DES_CBC_RAW;
+
+            if (retval)
+                kdc_err(kdc_context, retval, "snk4 processing key");
+
+            {
+                krb5_data plain;
+                krb5_enc_data cipher;
+
+                plain.length = 8;
+                plain.data = inputblock;
+
+                /* XXX I know this is enough because of the fixed raw enctype.
+                   if it's not, the underlying code will return a reasonable
+                   error, which should never happen */
+                cipher.ciphertext.length = 8;
+                cipher.ciphertext.data = outputblock;
+
+                if ((retval = krb5_c_encrypt(kdc_context, &encrypting_key,
+                                             /* XXX */ 0, 0, &plain, &cipher))) {
+                    kdc_err(kdc_context, retval,
+                            "snk4 response generation failed");
+                    return retval;
+                }
+            }
+
+            /* now output block is the raw bits of the response; convert it
+               to display form */
+            for (j=0; j<4; j++) {
+                char n[2];
+                int k;
+                n[0] = outputblock[j] & 0xf;
+                n[1] = (outputblock[j]>>4) & 0xf;
+                for (k=0; k<2; k++) {
+                    if(n[k] > 9) n[k] = ((n[k]-1)>>2);
+                    /* This is equivalent to:
+                       if(n[k]>=0xa && n[k]<=0xc) n[k] = 2;
+                       if(n[k]>=0xd && n[k]<=0xf) n[k] = 3;
+                    */
+                }
+                /* for v4, we keygen: *(j+(char*)&key1) = (n[1]<<4) | n[0]; */
+                /* for v5, we just generate a string */
+                response[2*j+0] = '0' + n[1];
+                response[2*j+1] = '0' + n[0];
+                /* and now, response has what we work with. */
+            }
+            response[8] = 0;
+            predict_response.data = response;
+            predict_response.length = 8;
+#if 0                           /* for debugging, hack the output too! */
+            sc.sam_challenge_label.data = response;
+            sc.sam_challenge_label.length = strlen(sc.sam_challenge_label.data);
 #endif
-      }
-
-      psr.magic = KV5M_PREDICTED_SAM_RESPONSE;
-      /* string2key on sc.sam_challenge goes in here */
-      /* eblock is just to set the enctype */
-      {
-	retval = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
-				      &predict_response, 0 /* salt */,
-				      &psr.sam_key);
-	if (retval) goto cleanup;
-
-	retval = encode_krb5_predicted_sam_response(&psr, &scratch);
-	if (retval) goto cleanup;
-	
-	{
-	    size_t enclen;
-	    krb5_enc_data tmpdata;
-
-	    if ((retval = krb5_c_encrypt_length(context,
-						psr_key.enctype,
-						scratch->length, &enclen)))
-		goto cleanup;
-
-	    if ((tmpdata.ciphertext.data = (char *) malloc(enclen)) == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    tmpdata.ciphertext.length = enclen;
-
-	    if ((retval = krb5_c_encrypt(context, &psr_key,
-					 /* XXX */ 0, 0, scratch, &tmpdata)))
-		goto cleanup;
-
-	    sc.sam_track_id = tmpdata.ciphertext;
-	}
-	if (retval) goto cleanup;
-      }
-
-      sc.sam_response_prompt.data = "Enter the displayed response";
-      sc.sam_response_prompt.length = strlen(sc.sam_response_prompt.data);
-      sc.sam_pk_for_sad.length = 0;
-      sc.sam_nonce = 0;
-      /* Generate checksum */
-      /*krb5_checksum_size(context, ctype)*/
-      /*krb5_calculate_checksum(context,ctype,in,in_length,seed,
-	seed_length,outcksum) */
-      /*krb5_verify_checksum(context,ctype,cksum,in,in_length,seed,
-	seed_length) */
+        }
+
+        psr.magic = KV5M_PREDICTED_SAM_RESPONSE;
+        /* string2key on sc.sam_challenge goes in here */
+        /* eblock is just to set the enctype */
+        {
+            retval = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
+                                          &predict_response, 0 /* salt */,
+                                          &psr.sam_key);
+            if (retval) goto cleanup;
+
+            retval = encode_krb5_predicted_sam_response(&psr, &scratch);
+            if (retval) goto cleanup;
+
+            {
+                size_t enclen;
+                krb5_enc_data tmpdata;
+
+                if ((retval = krb5_c_encrypt_length(context,
+                                                    psr_key.enctype,
+                                                    scratch->length, &enclen)))
+                    goto cleanup;
+
+                if ((tmpdata.ciphertext.data = (char *) malloc(enclen)) == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                tmpdata.ciphertext.length = enclen;
+
+                if ((retval = krb5_c_encrypt(context, &psr_key,
+                                             /* XXX */ 0, 0, scratch, &tmpdata)))
+                    goto cleanup;
+
+                sc.sam_track_id = tmpdata.ciphertext;
+            }
+            if (retval) goto cleanup;
+        }
+
+        sc.sam_response_prompt.data = "Enter the displayed response";
+        sc.sam_response_prompt.length = strlen(sc.sam_response_prompt.data);
+        sc.sam_pk_for_sad.length = 0;
+        sc.sam_nonce = 0;
+        /* Generate checksum */
+        /*krb5_checksum_size(context, ctype)*/
+        /*krb5_calculate_checksum(context,ctype,in,in_length,seed,
+          seed_length,outcksum) */
+        /*krb5_verify_checksum(context,ctype,cksum,in,in_length,seed,
+          seed_length) */
 #if 0 /* XXX a) glue appears broken; b) this gives up the SAD */
-      sc.sam_cksum.contents = (krb5_octet *)
-	malloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES));
-      if (sc.sam_cksum.contents == NULL) return(ENOMEM);
-
-      retval = krb5_calculate_checksum(context, CKSUMTYPE_RSA_MD5_DES,
-				       sc.sam_challenge.data,
-				       sc.sam_challenge.length,
-				       psr.sam_key.contents, /* key */
-				       psr.sam_key.length, /* key length */
-				       &sc.sam_cksum);
-      if (retval) { free(sc.sam_cksum.contents); return(retval); }
+        sc.sam_cksum.contents = (krb5_octet *)
+            malloc(krb5_checksum_size(context, CKSUMTYPE_RSA_MD5_DES));
+        if (sc.sam_cksum.contents == NULL) return(ENOMEM);
+
+        retval = krb5_calculate_checksum(context, CKSUMTYPE_RSA_MD5_DES,
+                                         sc.sam_challenge.data,
+                                         sc.sam_challenge.length,
+                                         psr.sam_key.contents, /* key */
+                                         psr.sam_key.length, /* key length */
+                                         &sc.sam_cksum);
+        if (retval) { free(sc.sam_cksum.contents); return(retval); }
 #endif /* 0 */
-      
-      retval = encode_krb5_sam_challenge(&sc, &scratch);
-      if (retval) goto cleanup;
-      pa_data->magic = KV5M_PA_DATA;
-      pa_data->pa_type = KRB5_PADATA_SAM_CHALLENGE;
-      pa_data->contents = (krb5_octet *)scratch->data;
-      pa_data->length = scratch->length;
-      
-      retval = 0;
-      break;
+
+        retval = encode_krb5_sam_challenge(&sc, &scratch);
+        if (retval) goto cleanup;
+        pa_data->magic = KV5M_PA_DATA;
+        pa_data->pa_type = KRB5_PADATA_SAM_CHALLENGE;
+        pa_data->contents = (krb5_octet *)scratch->data;
+        pa_data->length = scratch->length;
+
+        retval = 0;
+        break;
     }
 
 cleanup:
@@ -2400,138 +2401,138 @@ cleanup:
 
 static krb5_error_code
 verify_sam_response(krb5_context context, krb5_db_entry *client,
-		    krb5_data *req_pkt,
-		    krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
-		    krb5_pa_data *pa,
-		    preauth_get_entry_data_proc sam_get_entry_data,
-		    void *pa_system_context,
-		    void **pa_request_context,
-		    krb5_data **e_data,
-		    krb5_authdata ***authz_data)
+                    krb5_data *req_pkt,
+                    krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+                    krb5_pa_data *pa,
+                    preauth_get_entry_data_proc sam_get_entry_data,
+                    void *pa_system_context,
+                    void **pa_request_context,
+                    krb5_data **e_data,
+                    krb5_authdata ***authz_data)
 {
-    krb5_error_code		retval;
-    krb5_data			scratch;
-    krb5_sam_response		*sr = 0;
-    krb5_predicted_sam_response	*psr = 0;
-    krb5_enc_sam_response_enc	*esre = 0;
-    krb5_timestamp		timenow;
-    char			*princ_req = 0, *princ_psr = 0;
+    krb5_error_code             retval;
+    krb5_data                   scratch;
+    krb5_sam_response           *sr = 0;
+    krb5_predicted_sam_response *psr = 0;
+    krb5_enc_sam_response_enc   *esre = 0;
+    krb5_timestamp              timenow;
+    char                        *princ_req = 0, *princ_psr = 0;
 
     scratch.data = (char *)pa->contents;
     scratch.length = pa->length;
-    
+
     if ((retval = decode_krb5_sam_response(&scratch, &sr))) {
-	scratch.data = 0;
-	kdc_err(context, retval, "decode_krb5_sam_response failed");
-	goto cleanup;
+        scratch.data = 0;
+        kdc_err(context, retval, "decode_krb5_sam_response failed");
+        goto cleanup;
     }
 
     /* XXX We can only handle the challenge/response model of SAM.
-	   See passwords-04, par 4.1, 4.2 */
+       See passwords-04, par 4.1, 4.2 */
     {
-      krb5_enc_data tmpdata;
+        krb5_enc_data tmpdata;
 
-      tmpdata.enctype = ENCTYPE_UNKNOWN;
-      tmpdata.ciphertext = sr->sam_track_id;
+        tmpdata.enctype = ENCTYPE_UNKNOWN;
+        tmpdata.ciphertext = sr->sam_track_id;
 
-      scratch.length = tmpdata.ciphertext.length;
-      if ((scratch.data = (char *) malloc(scratch.length)) == NULL) {
-	  retval = ENOMEM;
-	  goto cleanup;
-      }
+        scratch.length = tmpdata.ciphertext.length;
+        if ((scratch.data = (char *) malloc(scratch.length)) == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
 
-      if ((retval = krb5_c_decrypt(context, &psr_key, /* XXX */ 0, 0,
-				   &tmpdata, &scratch))) {
-	  kdc_err(context, retval, "decrypt track_id failed");
-	  goto cleanup;
-      }
+        if ((retval = krb5_c_decrypt(context, &psr_key, /* XXX */ 0, 0,
+                                     &tmpdata, &scratch))) {
+            kdc_err(context, retval, "decrypt track_id failed");
+            goto cleanup;
+        }
     }
 
     if ((retval = decode_krb5_predicted_sam_response(&scratch, &psr))) {
-	kdc_err(context, retval,
-		"decode_krb5_predicted_sam_response failed -- replay attack?");
-	goto cleanup;
+        kdc_err(context, retval,
+                "decode_krb5_predicted_sam_response failed -- replay attack?");
+        goto cleanup;
     }
 
     /* Replay detection */
     if ((retval = krb5_unparse_name(context, request->client, &princ_req)))
-	goto cleanup;
+        goto cleanup;
     if ((retval = krb5_unparse_name(context, psr->client, &princ_psr)))
-	goto cleanup;
+        goto cleanup;
     if (strcmp(princ_req, princ_psr) != 0) {
-	kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
-		"Principal mismatch in SAM psr! -- replay attack?");
-	goto cleanup;
+        kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
+                "Principal mismatch in SAM psr! -- replay attack?");
+        goto cleanup;
     }
 
     if ((retval = krb5_timeofday(context, &timenow)))
-	goto cleanup;
+        goto cleanup;
 
 #ifdef USE_RCACHE
     {
-	krb5_donot_replay rep;
-	extern krb5_deltat rc_lifetime;
-	/*
-	 * Verify this response came back in a timely manner.
-	 * We do this b/c otherwise very old (expunged from the rcache)
-	 * psr's would be able to be replayed.
-	 */
-	if (timenow - psr->stime > rc_lifetime) {
-	    kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
-	    "SAM psr came back too late! -- replay attack?");
-	    goto cleanup;
-	}
-
-	/* Now check the replay cache. */
-	rep.client = princ_psr;
-	rep.server = "SAM/rc";  /* Should not match any principal name. */
-	rep.msghash = NULL;
-	rep.ctime = psr->stime;
-	rep.cusec = psr->susec;
-	retval = krb5_rc_store(kdc_context, kdc_rcache, &rep);
-	if (retval) {
-	    kdc_err(kdc_context, retval, "SAM psr replay attack!");
-	    goto cleanup;
-	}
+        krb5_donot_replay rep;
+        extern krb5_deltat rc_lifetime;
+        /*
+         * Verify this response came back in a timely manner.
+         * We do this b/c otherwise very old (expunged from the rcache)
+         * psr's would be able to be replayed.
+         */
+        if (timenow - psr->stime > rc_lifetime) {
+            kdc_err(context, retval = KRB5KDC_ERR_PREAUTH_FAILED,
+                    "SAM psr came back too late! -- replay attack?");
+            goto cleanup;
+        }
+
+        /* Now check the replay cache. */
+        rep.client = princ_psr;
+        rep.server = "SAM/rc";  /* Should not match any principal name. */
+        rep.msghash = NULL;
+        rep.ctime = psr->stime;
+        rep.cusec = psr->susec;
+        retval = krb5_rc_store(kdc_context, kdc_rcache, &rep);
+        if (retval) {
+            kdc_err(kdc_context, retval, "SAM psr replay attack!");
+            goto cleanup;
+        }
     }
 #endif /* USE_RCACHE */
 
 
     {
-	free(scratch.data);
-	scratch.length = sr->sam_enc_nonce_or_ts.ciphertext.length;
-	if ((scratch.data = (char *) malloc(scratch.length)) == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
+        free(scratch.data);
+        scratch.length = sr->sam_enc_nonce_or_ts.ciphertext.length;
+        if ((scratch.data = (char *) malloc(scratch.length)) == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
 
-	if ((retval = krb5_c_decrypt(context, &psr->sam_key, /* XXX */ 0,
-				     0, &sr->sam_enc_nonce_or_ts, &scratch))) {
-	    kdc_err(context, retval, "decrypt nonce_or_ts failed");
-	    goto cleanup;
-	}
+        if ((retval = krb5_c_decrypt(context, &psr->sam_key, /* XXX */ 0,
+                                     0, &sr->sam_enc_nonce_or_ts, &scratch))) {
+            kdc_err(context, retval, "decrypt nonce_or_ts failed");
+            goto cleanup;
+        }
     }
 
     if ((retval = decode_krb5_enc_sam_response_enc(&scratch, &esre))) {
-	kdc_err(context, retval, "decode_krb5_enc_sam_response_enc failed");
-	goto cleanup;
+        kdc_err(context, retval, "decode_krb5_enc_sam_response_enc failed");
+        goto cleanup;
     }
 
     if (esre->sam_timestamp != sr->sam_patimestamp) {
-      retval = KRB5KDC_ERR_PREAUTH_FAILED;
-      goto cleanup;
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
     }
-    
+
     if (labs(timenow - sr->sam_patimestamp) > context->clockskew) {
-	retval = KRB5KRB_AP_ERR_SKEW;
-	goto cleanup;
+        retval = KRB5KRB_AP_ERR_SKEW;
+        goto cleanup;
     }
 
     setflag(enc_tkt_reply->flags, TKT_FLG_HW_AUTH);
 
-  cleanup:
+cleanup:
     if (retval)
-	kdc_err(context, retval, "sam verify failure");
+        kdc_err(context, retval, "sam verify failure");
     if (scratch.data) free(scratch.data);
     if (sr) free(sr);
     if (psr) free(psr);
@@ -2552,14 +2553,14 @@ verify_sam_response(krb5_context context, krb5_db_entry *client,
 #endif
 
 /*
- * get_edata() - our only job is to determine whether this KDC is capable of 
- * performing PKINIT. We infer that from the presence or absence of any 
+ * get_edata() - our only job is to determine whether this KDC is capable of
+ * performing PKINIT. We infer that from the presence or absence of any
  * KDC signing cert.
  */
 static krb5_error_code get_pkinit_edata(
-    krb5_context context, 
+    krb5_context context,
     krb5_kdc_req *request,
-    krb5_db_entry *client, 
+    krb5_db_entry *client,
     krb5_db_entry *server,
     preauth_get_entry_data_proc pkinit_get_entry_data,
     void *pa_module_context,
@@ -2567,17 +2568,17 @@ static krb5_error_code get_pkinit_edata(
 {
     krb5_pkinit_signing_cert_t cert = NULL;
     krb5_error_code err = krb5_pkinit_get_kdc_cert(0, NULL, NULL, &cert);
-    
+
     kdcPkinitDebug("get_pkinit_edata: kdc cert %s\n", err ? "NOT FOUND" : "FOUND");
     if(cert) {
-	krb5_pkinit_release_cert(cert);
+        krb5_pkinit_release_cert(cert);
     }
     return err;
 }
 
-/* 
+/*
  * This is 0 only for testing until the KDC DB contains
- * the hash of the client cert 
+ * the hash of the client cert
  */
 #define REQUIRE_CLIENT_CERT_MATCH   1
 
@@ -2586,7 +2587,7 @@ static krb5_error_code verify_pkinit_request(
     krb5_db_entry *client,
     krb5_data *req_pkt,
     krb5_kdc_req *request,
-    krb5_enc_tkt_part *enc_tkt_reply, 
+    krb5_enc_tkt_part *enc_tkt_reply,
     krb5_pa_data *data,
     preauth_get_entry_data_proc pkinit_get_entry_data,
     void *pa_module_context,
@@ -2594,156 +2595,156 @@ static krb5_error_code verify_pkinit_request(
     krb5_data **e_data,
     krb5_authdata ***authz_data)
 {
-    krb5_error_code	    krtn;
-    krb5_data		    pa_data;
-    krb5_data		    *der_req = NULL;
-    krb5_boolean	    valid_cksum;
-    char		    *cert_hash = NULL;
-    unsigned		    cert_hash_len;
-    unsigned		    key_dex;
-    unsigned		    cert_match = 0;
-    krb5_keyblock	    decrypted_key, *mkey_ptr;
-    
+    krb5_error_code         krtn;
+    krb5_data               pa_data;
+    krb5_data               *der_req = NULL;
+    krb5_boolean            valid_cksum;
+    char                    *cert_hash = NULL;
+    unsigned                cert_hash_len;
+    unsigned                key_dex;
+    unsigned                cert_match = 0;
+    krb5_keyblock           decrypted_key, *mkey_ptr;
+
     /* the data we get from the AS-REQ */
-    krb5_timestamp	    client_ctime = 0;
-    krb5_ui_4		    client_cusec = 0;
-    krb5_timestamp	    kdc_ctime = 0;
-    krb5_int32		    kdc_cusec = 0;
-    krb5_ui_4		    nonce = 0;
-    krb5_checksum	    pa_cksum;
+    krb5_timestamp          client_ctime = 0;
+    krb5_ui_4               client_cusec = 0;
+    krb5_timestamp          kdc_ctime = 0;
+    krb5_int32              kdc_cusec = 0;
+    krb5_ui_4               nonce = 0;
+    krb5_checksum           pa_cksum;
     krb5int_cert_sig_status cert_sig_status;
-    krb5_data		    client_cert = {0, 0, NULL};
-    
+    krb5_data               client_cert = {0, 0, NULL};
+
     krb5_kdc_req *tmp_as_req = NULL;
-    
+
     kdcPkinitDebug("verify_pkinit_request\n");
 
     decrypted_key.contents = NULL;
     pa_data.data = (char *)data->contents;
     pa_data.length = data->length;
-    krtn = krb5int_pkinit_as_req_parse(context, &pa_data, 
-	&client_ctime, &client_cusec, 
-	&nonce, &pa_cksum,
-	&cert_sig_status, 
-	NULL, NULL,	    /* num_cms_types, cms_types */
-	&client_cert,	    /* signer_cert */
-	/* remaining fields unused (for now) */
-	NULL, NULL,	    /* num_all_certs, all_certs */
-	NULL, NULL,	    /* num_trusted_CAs, trusted_CAs */
-	NULL);		    /* kdc_cert */
+    krtn = krb5int_pkinit_as_req_parse(context, &pa_data,
+                                       &client_ctime, &client_cusec,
+                                       &nonce, &pa_cksum,
+                                       &cert_sig_status,
+                                       NULL, NULL,         /* num_cms_types, cms_types */
+                                       &client_cert,       /* signer_cert */
+                                       /* remaining fields unused (for now) */
+                                       NULL, NULL,         /* num_all_certs, all_certs */
+                                       NULL, NULL,         /* num_trusted_CAs, trusted_CAs */
+                                       NULL);              /* kdc_cert */
     if(krtn) {
-	kdcPkinitDebug("pa_pk_as_req_parse returned %d; PKINIT aborting.\n", 
-	    (int)krtn);
-	return krtn;
+        kdcPkinitDebug("pa_pk_as_req_parse returned %d; PKINIT aborting.\n",
+                       (int)krtn);
+        return krtn;
     }
-    #if	    PKINIT_DEBUG
+#if     PKINIT_DEBUG
     if(cert_sig_status != pki_cs_good) {
-	kdcPkinitDebug("verify_pkinit_request: cert_sig_status %d\n", 
-	    (int)cert_sig_status);
+        kdcPkinitDebug("verify_pkinit_request: cert_sig_status %d\n",
+                       (int)cert_sig_status);
     }
-    #endif  /* PKINIT_DEBUG */
-    
-    /* 
+#endif  /* PKINIT_DEBUG */
+
+    /*
      * Verify signature and cert.
      * FIXME: The spec calls for an e-data with error-specific type to be
      * returned on error here. TD_TRUSTED_CERTIFIERS
-     * to be returned to the client here. There is no way for a preauth 
-     * module to pass back e-data to process_as_req at this time. We 
-     * might want to add such capability via an out param to check_padata 
-     * and to its callees. 
+     * to be returned to the client here. There is no way for a preauth
+     * module to pass back e-data to process_as_req at this time. We
+     * might want to add such capability via an out param to check_padata
+     * and to its callees.
      */
     switch(cert_sig_status) {
-	case pki_cs_good:
-	    break;
-	case pki_cs_sig_verify_fail:
-	    /* no e-data */
-	    krtn = KDC_ERR_INVALID_SIG;
-	    goto cleanup;
-	case pki_cs_no_root:
-	case pki_cs_unknown_root:  
-	case pki_cs_untrusted:
-	    /* 
-	     * Can't verify to known root.
-	     * e-data TD_TRUSTED_CERTIFIERS
-	     */
-	    kdcPkinitDebug("verify_pkinit_request: KDC_ERR_CANT_VERIFY_CERTIFICATE\n");
-	    krtn = KDC_ERR_CANT_VERIFY_CERTIFICATE;
-	    goto cleanup;
-	case pki_cs_bad_leaf:
-	case pki_cs_expired:
-	case pki_cs_not_valid_yet:
-	    /* 
-	     * Problems with client cert itself.
-	     * e-data type TD_INVALID_CERTIFICATES
-	     */
-	    krtn = KDC_ERR_INVALID_CERTIFICATE;
-	    goto cleanup;
-	case pki_cs_revoked:
-	    /* e-data type TD-INVALID-CERTIFICATES */
-	    krtn = KDC_ERR_REVOKED_CERTIFICATE;
-	    goto cleanup;
-	case pki_bad_key_use:
-	    krtn = KDC_ERR_INCONSISTENT_KEY_PURPOSE;
-	    /* no e-data */
-	    goto cleanup;
-	case pki_bad_digest:
-	    /* undefined (explicitly!) e-data */
-	    krtn = KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED;
-	    goto cleanup;
-	case pki_bad_cms:
-	case pki_cs_other_err:
-	default:
-	    krtn = KRB5KDC_ERR_PREAUTH_FAILED;
-	    goto cleanup;
-    }
-    
+    case pki_cs_good:
+        break;
+    case pki_cs_sig_verify_fail:
+        /* no e-data */
+        krtn = KDC_ERR_INVALID_SIG;
+        goto cleanup;
+    case pki_cs_no_root:
+    case pki_cs_unknown_root:
+    case pki_cs_untrusted:
+        /*
+         * Can't verify to known root.
+         * e-data TD_TRUSTED_CERTIFIERS
+         */
+        kdcPkinitDebug("verify_pkinit_request: KDC_ERR_CANT_VERIFY_CERTIFICATE\n");
+        krtn = KDC_ERR_CANT_VERIFY_CERTIFICATE;
+        goto cleanup;
+    case pki_cs_bad_leaf:
+    case pki_cs_expired:
+    case pki_cs_not_valid_yet:
+        /*
+         * Problems with client cert itself.
+         * e-data type TD_INVALID_CERTIFICATES
+         */
+        krtn = KDC_ERR_INVALID_CERTIFICATE;
+        goto cleanup;
+    case pki_cs_revoked:
+        /* e-data type TD-INVALID-CERTIFICATES */
+        krtn = KDC_ERR_REVOKED_CERTIFICATE;
+        goto cleanup;
+    case pki_bad_key_use:
+        krtn = KDC_ERR_INCONSISTENT_KEY_PURPOSE;
+        /* no e-data */
+        goto cleanup;
+    case pki_bad_digest:
+        /* undefined (explicitly!) e-data */
+        krtn = KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED;
+        goto cleanup;
+    case pki_bad_cms:
+    case pki_cs_other_err:
+    default:
+        krtn = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
     krtn = krb5_us_timeofday(context, &kdc_ctime, &kdc_cusec);
     if(krtn) {
-	goto cleanup;
+        goto cleanup;
     }
     if (labs(kdc_ctime - client_ctime) > context->clockskew) {
-	kdcPkinitDebug("verify_pkinit_request: clock skew violation client %d svr %d\n",
-	    (int)client_ctime, (int)kdc_ctime);
-	krtn = KRB5KRB_AP_ERR_SKEW;
-	goto cleanup;
+        kdcPkinitDebug("verify_pkinit_request: clock skew violation client %d svr %d\n",
+                       (int)client_ctime, (int)kdc_ctime);
+        krtn = KRB5KRB_AP_ERR_SKEW;
+        goto cleanup;
     }
-    
+
     /*
      * The KDC may have modified the request after decoding it.
      * We need to compute the checksum on the data that
      * came from the client.  Therefore, we use the original
      * packet contents.
      */
-    krtn = decode_krb5_as_req(req_pkt, &tmp_as_req); 
+    krtn = decode_krb5_as_req(req_pkt, &tmp_as_req);
     if(krtn) {
-	kdcPkinitDebug("decode_krb5_as_req returned %d\n", (int)krtn);
-	goto cleanup;
+        kdcPkinitDebug("decode_krb5_as_req returned %d\n", (int)krtn);
+        goto cleanup;
     }
-    
+
     /* calculate and compare checksum */
     krtn = encode_krb5_kdc_req_body(tmp_as_req, &der_req);
     if(krtn) {
-	kdcPkinitDebug("encode_krb5_kdc_req_body returned %d\n", (int)krtn);
-	goto cleanup;
+        kdcPkinitDebug("encode_krb5_kdc_req_body returned %d\n", (int)krtn);
+        goto cleanup;
     }
-    krtn = krb5_c_verify_checksum(context, NULL, 0, der_req, 
-	&pa_cksum, &valid_cksum);
+    krtn = krb5_c_verify_checksum(context, NULL, 0, der_req,
+                                  &pa_cksum, &valid_cksum);
     if(krtn) {
-	kdcPkinitDebug("krb5_c_verify_checksum returned %d\n", (int)krtn);
-	goto cleanup;
+        kdcPkinitDebug("krb5_c_verify_checksum returned %d\n", (int)krtn);
+        goto cleanup;
     }
     if(!valid_cksum) {
-	kdcPkinitDebug("verify_pkinit_request: checksum error\n");
-	krtn = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
+        kdcPkinitDebug("verify_pkinit_request: checksum error\n");
+        krtn = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
     }
-    
-    #if REQUIRE_CLIENT_CERT_MATCH
+
+#if REQUIRE_CLIENT_CERT_MATCH
     /* look up in the KDB to ensure correct client/cert binding */
     cert_hash = krb5_pkinit_cert_hash_str(&client_cert);
     if(cert_hash == NULL) {
-	krtn = ENOMEM;
-	goto cleanup;
+        krtn = ENOMEM;
+        goto cleanup;
     }
     cert_hash_len = strlen(cert_hash);
     if ((krtn = krb5_dbe_find_mkey(context, master_keylist, &entry, &mkey_ptr))) {
@@ -2763,70 +2764,70 @@ static krb5_error_code verify_pkinit_request(
         }
     }
     for(key_dex=0; key_dex<client->n_key_data; key_dex++) {
-	krb5_key_data *key_data = &client->key_data[key_dex];
-	kdcPkinitDebug("--- key %u type[0] %u length[0] %u type[1] %u length[1] %u\n",
-	    key_dex, 
-	    key_data->key_data_type[0], key_data->key_data_length[0],
-	    key_data->key_data_type[1], key_data->key_data_length[1]);
-	if(key_data->key_data_type[1] != KRB5_KDB_SALTTYPE_CERTHASH) {
-	    continue;
-	}
-
-	/*
-	 * Unfortunately this key is stored encrypted even though it's
-	 * not sensitive... 
-	 */
-	krtn = krb5_dbekd_decrypt_key_data(context, mkey_ptr, 
-		    key_data, &decrypted_key, NULL);
-	if(krtn) {
-	    kdcPkinitDebug("verify_pkinit_request: error decrypting cert hash block\n");
-	    break;
-	}
-	if((decrypted_key.contents != NULL) &&
-	   (cert_hash_len == decrypted_key.length) &&
-	   !memcmp(decrypted_key.contents, cert_hash, cert_hash_len)) {
-		cert_match = 1;
-		break;
-	}
+        krb5_key_data *key_data = &client->key_data[key_dex];
+        kdcPkinitDebug("--- key %u type[0] %u length[0] %u type[1] %u length[1] %u\n",
+                       key_dex,
+                       key_data->key_data_type[0], key_data->key_data_length[0],
+                       key_data->key_data_type[1], key_data->key_data_length[1]);
+        if(key_data->key_data_type[1] != KRB5_KDB_SALTTYPE_CERTHASH) {
+            continue;
+        }
+
+        /*
+         * Unfortunately this key is stored encrypted even though it's
+         * not sensitive...
+         */
+        krtn = krb5_dbekd_decrypt_key_data(context, mkey_ptr,
+                                           key_data, &decrypted_key, NULL);
+        if(krtn) {
+            kdcPkinitDebug("verify_pkinit_request: error decrypting cert hash block\n");
+            break;
+        }
+        if((decrypted_key.contents != NULL) &&
+           (cert_hash_len == decrypted_key.length) &&
+           !memcmp(decrypted_key.contents, cert_hash, cert_hash_len)) {
+            cert_match = 1;
+            break;
+        }
     }
     if(decrypted_key.contents) {
-	krb5_free_keyblock_contents(context, &decrypted_key);
+        krb5_free_keyblock_contents(context, &decrypted_key);
     }
     if(!cert_match) {
-	kdcPkinitDebug("verify_pkinit_request: client cert does not match\n");
-	krtn = KDC_ERR_CLIENT_NOT_TRUSTED;
-	goto cleanup;
-    } 
-    #endif   /* REQUIRE_CLIENT_CERT_MATCH */
+        kdcPkinitDebug("verify_pkinit_request: client cert does not match\n");
+        krtn = KDC_ERR_CLIENT_NOT_TRUSTED;
+        goto cleanup;
+    }
+#endif   /* REQUIRE_CLIENT_CERT_MATCH */
     krtn = 0;
     setflag(enc_tkt_reply->flags, TKT_FLG_PRE_AUTH);
-    
+
 cleanup:
     if(pa_cksum.contents) {
-	free(pa_cksum.contents);
+        free(pa_cksum.contents);
     }
     if (tmp_as_req) {
-	krb5_free_kdc_req(context, tmp_as_req); 
+        krb5_free_kdc_req(context, tmp_as_req);
     }
     if (der_req) {
-	krb5_free_data(context, der_req);
+        krb5_free_data(context, der_req);
     }
     if(cert_hash) {
-	free(cert_hash);
+        free(cert_hash);
     }
     if(client_cert.data) {
-	free(client_cert.data);
+        free(client_cert.data);
     }
     kdcPkinitDebug("verify_pkinit_request: returning %d\n", (int)krtn);
     return krtn;
 }
 
 static krb5_error_code return_pkinit_response(
-    krb5_context context, 
-    krb5_pa_data * padata, 
+    krb5_context context,
+    krb5_pa_data * padata,
     krb5_db_entry *client,
     krb5_data *req_pkt,
-    krb5_kdc_req *request, 
+    krb5_kdc_req *request,
     krb5_kdc_rep *reply,
     krb5_key_data *client_key,
     krb5_keyblock *encrypting_key,
@@ -2835,79 +2836,79 @@ static krb5_error_code return_pkinit_response(
     void *pa_module_context,
     void **pa_request_context)
 {
-    krb5_error_code		krtn;
-    krb5_data			pa_data;
-    krb5_pkinit_signing_cert_t	signing_cert = NULL;
-    krb5_checksum		as_req_checksum = {0};
-    krb5_data			*encoded_as_req = NULL;
-    krb5int_algorithm_id	*cms_types = NULL;
-    krb5_ui_4			num_cms_types = 0;
+    krb5_error_code             krtn;
+    krb5_data                   pa_data;
+    krb5_pkinit_signing_cert_t  signing_cert = NULL;
+    krb5_checksum               as_req_checksum = {0};
+    krb5_data                   *encoded_as_req = NULL;
+    krb5int_algorithm_id        *cms_types = NULL;
+    krb5_ui_4                   num_cms_types = 0;
 
     /* the data we get from the AS-REQ */
-    krb5_ui_4			nonce = 0;
-    krb5_data			client_cert = {0};
- 
-    /* 
+    krb5_ui_4                   nonce = 0;
+    krb5_data                   client_cert = {0};
+
+    /*
      * Trusted CA list and specific KC cert optionally obtained via
-     * krb5int_pkinit_as_req_parse(). All are DER-encoded 
-     * issuerAndSerialNumbers. 
+     * krb5int_pkinit_as_req_parse(). All are DER-encoded
+     * issuerAndSerialNumbers.
      */
-    krb5_data			*trusted_CAs = NULL;
-    krb5_ui_4			num_trusted_CAs;
-    krb5_data			kdc_cert = {0};
-   
+    krb5_data                   *trusted_CAs = NULL;
+    krb5_ui_4                   num_trusted_CAs;
+    krb5_data                   kdc_cert = {0};
+
     if (padata == NULL) {
-	/* Client has to send us something */
-	return 0;
+        /* Client has to send us something */
+        return 0;
     }
-    
+
     kdcPkinitDebug("return_pkinit_response\n");
     pa_data.data = (char *)padata->contents;
     pa_data.length = padata->length;
 
-    /* 
-     * We've already verified; just obtain the fields we need to create a response 
+    /*
+     * We've already verified; just obtain the fields we need to create a response
      */
-    krtn = krb5int_pkinit_as_req_parse(context, 
-	&pa_data, 
-	NULL, NULL, &nonce,	/* ctime, cusec, nonce */
-	NULL, NULL,		/* pa_cksum, cert_status */
-	&num_cms_types, &cms_types,
-	&client_cert,		/* signer_cert: we encrypt for this */   
-	/* remaining fields unused (for now) */
-	NULL, NULL,		/* num_all_certs, all_certs */
-	&num_trusted_CAs, &trusted_CAs, 
-	&kdc_cert);
+    krtn = krb5int_pkinit_as_req_parse(context,
+                                       &pa_data,
+                                       NULL, NULL, &nonce,     /* ctime, cusec, nonce */
+                                       NULL, NULL,             /* pa_cksum, cert_status */
+                                       &num_cms_types, &cms_types,
+                                       &client_cert,           /* signer_cert: we encrypt for this */
+                                       /* remaining fields unused (for now) */
+                                       NULL, NULL,             /* num_all_certs, all_certs */
+                                       &num_trusted_CAs, &trusted_CAs,
+                                       &kdc_cert);
     if(krtn) {
-	kdcPkinitDebug("pa_pk_as_req_parse returned %d; PKINIT aborting.\n", (int)krtn);
-	goto cleanup;
+        kdcPkinitDebug("pa_pk_as_req_parse returned %d; PKINIT aborting.\n", (int)krtn);
+        goto cleanup;
     }
     if(client_cert.data == NULL) {
-	kdcPkinitDebug("pa_pk_as_req_parse failed to give a client_cert; aborting.\n");
-	krtn = KRB5KDC_ERR_PREAUTH_FAILED;
-	goto cleanup;
+        kdcPkinitDebug("pa_pk_as_req_parse failed to give a client_cert; aborting.\n");
+        krtn = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
     }
 
     if(krb5_pkinit_get_kdc_cert(num_trusted_CAs, trusted_CAs,
-	(kdc_cert.data ? &kdc_cert : NULL),
-	&signing_cert)) {
-	/* 
-	 * Since get_pkinit_edata was able to obtain *some* KDC cert,
-	 * this means that we can't satisfy the client's requirement.
-	 * FIXME - particular error status for this?
-	 */
-	kdcPkinitDebug("return_pkinit_response: NO appropriate signing cert!\n");
-	krtn = KRB5KDC_ERR_PREAUTH_FAILED;
-	goto cleanup;
-    }
-
-    /* 
+                                (kdc_cert.data ? &kdc_cert : NULL),
+                                &signing_cert)) {
+        /*
+         * Since get_pkinit_edata was able to obtain *some* KDC cert,
+         * this means that we can't satisfy the client's requirement.
+         * FIXME - particular error status for this?
+         */
+        kdcPkinitDebug("return_pkinit_response: NO appropriate signing cert!\n");
+        krtn = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
+    }
+
+    /*
      * Cook up keyblock for caller and for outgoing AS-REP.
      * FIXME how much is known to be valid about encrypting_key?
      * Will encrypting_key->enctype always be valid here? Seems that
      * if we allow for clients without a shared secret (i.e. preauth
-     * by PKINIT only) there won't be a valid encrypting_key set up 
-     * here for us. 
+     * by PKINIT only) there won't be a valid encrypting_key set up
+     * here for us.
      */
     krb5_free_keyblock_contents(context, encrypting_key);
     krb5_c_make_random_key(context, encrypting_key->enctype, encrypting_key);
@@ -2915,39 +2916,39 @@ static krb5_error_code return_pkinit_response(
     /* calculate checksum of incoming AS-REQ */
     krtn = encode_krb5_as_req(request, &encoded_as_req);
     if(krtn) {
-	kdcPkinitDebug("encode_krb5_as_req returned %d; PKINIT aborting.\n", (int)krtn);
-	goto cleanup;
+        kdcPkinitDebug("encode_krb5_as_req returned %d; PKINIT aborting.\n", (int)krtn);
+        goto cleanup;
     }
-    krtn = krb5_c_make_checksum(context, context->kdc_req_sumtype, 
-	encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, 
-	encoded_as_req, &as_req_checksum);
+    krtn = krb5_c_make_checksum(context, context->kdc_req_sumtype,
+                                encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                encoded_as_req, &as_req_checksum);
     if(krtn) {
-	goto cleanup;
+        goto cleanup;
     }
-    
-    /* 
-     * FIXME: here we assume that the client has one cert - the one that 
+
+    /*
+     * FIXME: here we assume that the client has one cert - the one that
      * signed the AuthPack in the request (and that we therefore obtained from
-     * krb5int_pkinit_as_req_parse()), and the one we're using to encrypt the 
+     * krb5int_pkinit_as_req_parse()), and the one we're using to encrypt the
      * ReplyKeyPack with here. This may need rethinking.
      */
-    krtn = krb5int_pkinit_as_rep_create(context, 
-	encrypting_key, &as_req_checksum, signing_cert, TRUE,
-	&client_cert, 
-	num_cms_types, cms_types,
-	num_trusted_CAs, trusted_CAs,
-	(kdc_cert.data ? &kdc_cert : NULL),
-	&pa_data);
+    krtn = krb5int_pkinit_as_rep_create(context,
+                                        encrypting_key, &as_req_checksum, signing_cert, TRUE,
+                                        &client_cert,
+                                        num_cms_types, cms_types,
+                                        num_trusted_CAs, trusted_CAs,
+                                        (kdc_cert.data ? &kdc_cert : NULL),
+                                        &pa_data);
     if(krtn) {
-	kdcPkinitDebug("pa_pk_as_rep_create returned %d; PKINIT aborting.\n", (int)krtn);
-	goto cleanup;
+        kdcPkinitDebug("pa_pk_as_rep_create returned %d; PKINIT aborting.\n", (int)krtn);
+        goto cleanup;
     }
-    
+
     *send_pa = (krb5_pa_data *)malloc(sizeof(krb5_pa_data));
     if(*send_pa == NULL) {
-	krtn = ENOMEM;
-	free(pa_data.data);
-	goto cleanup;
+        krtn = ENOMEM;
+        free(pa_data.data);
+        goto cleanup;
     }
     (*send_pa)->magic = KV5M_PA_DATA;
     (*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP;
@@ -2955,49 +2956,49 @@ static krb5_error_code return_pkinit_response(
     (*send_pa)->contents = (krb5_octet *)pa_data.data;
     krtn = 0;
 
-    #if PKINIT_DEBUG
+#if PKINIT_DEBUG
     fprintf(stderr, "return_pkinit_response: SUCCESS\n");
     fprintf(stderr, "nonce 0x%x enctype %d keydata %02x %02x %02x %02x...\n",
-	(int)nonce, (int)encrypting_key->enctype, 
-	encrypting_key->contents[0], encrypting_key->contents[1], 
-	encrypting_key->contents[2], encrypting_key->contents[3]);
-    #endif
+            (int)nonce, (int)encrypting_key->enctype,
+            encrypting_key->contents[0], encrypting_key->contents[1],
+            encrypting_key->contents[2], encrypting_key->contents[3]);
+#endif
 
 cleanup:
     /* all of this was allocd by krb5int_pkinit_as_req_parse() */
     if(signing_cert) {
-	krb5_pkinit_release_cert(signing_cert);
+        krb5_pkinit_release_cert(signing_cert);
     }
     if(cms_types) {
-	unsigned dex;
-	krb5int_algorithm_id *alg_id;
-	
-	for(dex=0; dex<num_cms_types; dex++) {
-	    alg_id = &cms_types[dex];
-	    if(alg_id->algorithm.data) {
-		free(alg_id->algorithm.data);
-	    }
-	    if(alg_id->parameters.data) {
-		free(alg_id->parameters.data);
-	    }
-	}
-	free(cms_types);
+        unsigned dex;
+        krb5int_algorithm_id *alg_id;
+
+        for(dex=0; dex<num_cms_types; dex++) {
+            alg_id = &cms_types[dex];
+            if(alg_id->algorithm.data) {
+                free(alg_id->algorithm.data);
+            }
+            if(alg_id->parameters.data) {
+                free(alg_id->parameters.data);
+            }
+        }
+        free(cms_types);
     }
     if(trusted_CAs) {
-	unsigned dex;
-	for(dex=0; dex<num_trusted_CAs; dex++) {
-	    free(trusted_CAs[dex].data);
-	}
-	free(trusted_CAs);
+        unsigned dex;
+        for(dex=0; dex<num_trusted_CAs; dex++) {
+            free(trusted_CAs[dex].data);
+        }
+        free(trusted_CAs);
     }
     if(kdc_cert.data) {
-	free(kdc_cert.data);
+        free(kdc_cert.data);
     }
     if(client_cert.data) {
-	free(client_cert.data);
+        free(client_cert.data);
     }
     if(encoded_as_req) {
-	krb5_free_data(context, encoded_as_req);
+        krb5_free_data(context, encoded_as_req);
     }
     return krtn;
 }
@@ -3010,29 +3011,29 @@ cleanup:
 krb5_boolean
 include_pac_p(krb5_context context, krb5_kdc_req *request)
 {
-    krb5_error_code		code;
-    krb5_pa_data		**padata;
-    krb5_boolean		retval = TRUE; /* default is to return PAC */
-    krb5_data			data;
-    krb5_pa_pac_req		*req = NULL;
+    krb5_error_code             code;
+    krb5_pa_data                **padata;
+    krb5_boolean                retval = TRUE; /* default is to return PAC */
+    krb5_data                   data;
+    krb5_pa_pac_req             *req = NULL;
 
     if (request->padata == NULL) {
-	return retval;
+        return retval;
     }
 
     for (padata = request->padata; *padata != NULL; padata++) {
-	if ((*padata)->pa_type == KRB5_PADATA_PAC_REQUEST) {
-	    data.data = (char *)(*padata)->contents;
-	    data.length = (*padata)->length;
-
-	    code = decode_krb5_pa_pac_req(&data, &req);
-	    if (code == 0) {
-		retval = req->include_pac;
-		krb5_free_pa_pac_req(context, req);
-		req = NULL;
-	    }
-	    break;
-	}
+        if ((*padata)->pa_type == KRB5_PADATA_PAC_REQUEST) {
+            data.data = (char *)(*padata)->contents;
+            data.length = (*padata)->length;
+
+            code = decode_krb5_pa_pac_req(&data, &req);
+            if (code == 0) {
+                retval = req->include_pac;
+                krb5_free_pa_pac_req(context, req);
+                req = NULL;
+            }
+            break;
+        }
     }
 
     return retval;
@@ -3040,12 +3041,12 @@ include_pac_p(krb5_context context, krb5_kdc_req *request)
 
 krb5_error_code
 return_svr_referral_data(krb5_context context,
-			 krb5_db_entry *server,
-			 krb5_enc_kdc_rep_part *reply_encpart)
+                         krb5_db_entry *server,
+                         krb5_enc_kdc_rep_part *reply_encpart)
 {
-    krb5_error_code		code;
-    krb5_tl_data		tl_data;
-    krb5_pa_data		*pa_data;
+    krb5_error_code             code;
+    krb5_tl_data                tl_data;
+    krb5_pa_data                *pa_data;
 
     /* This should be initialized and only used for Win2K compat */
     assert(reply_encpart->enc_padata == NULL);
@@ -3054,28 +3055,28 @@ return_svr_referral_data(krb5_context context,
 
     code = krb5_dbe_lookup_tl_data(context, server, &tl_data);
     if (code || tl_data.tl_data_length == 0)
-	return 0; /* no server referrals to return */
+        return 0; /* no server referrals to return */
 
     pa_data = (krb5_pa_data *)malloc(sizeof(*pa_data));
     if (pa_data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     pa_data->magic = KV5M_PA_DATA;
     pa_data->pa_type = KRB5_PADATA_SVR_REFERRAL_INFO;
     pa_data->length = tl_data.tl_data_length;
     pa_data->contents = malloc(pa_data->length);
     if (pa_data->contents == NULL) {
-	free(pa_data);
-	return ENOMEM;
+        free(pa_data);
+        return ENOMEM;
     }
     memcpy(pa_data->contents, tl_data.tl_data_contents, tl_data.tl_data_length);
 
     reply_encpart->enc_padata = (krb5_pa_data **)calloc(2, sizeof(krb5_pa_data *));
     if (reply_encpart->enc_padata == NULL) {
-	free(pa_data->contents);
-	free(pa_data);
-	return ENOMEM;
-    }    
+        free(pa_data->contents);
+        free(pa_data);
+        return ENOMEM;
+    }
 
     reply_encpart->enc_padata[0] = pa_data;
     reply_encpart->enc_padata[1] = NULL;
@@ -3085,20 +3086,20 @@ return_svr_referral_data(krb5_context context,
 
 #if 0
 static krb5_error_code return_server_referral(krb5_context context,
-					      krb5_pa_data * padata, 
-					      krb5_db_entry *client,
-					      krb5_db_entry *server,
-					      krb5_kdc_req *request, krb5_kdc_rep *reply,
-					      krb5_key_data *client_key,
-					      krb5_keyblock *encrypting_key,
-					      krb5_pa_data **send_pa)
+                                              krb5_pa_data * padata,
+                                              krb5_db_entry *client,
+                                              krb5_db_entry *server,
+                                              krb5_kdc_req *request, krb5_kdc_rep *reply,
+                                              krb5_key_data *client_key,
+                                              krb5_keyblock *encrypting_key,
+                                              krb5_pa_data **send_pa)
 {
-    krb5_error_code		code;
-    krb5_tl_data		tl_data;
-    krb5_pa_data		*pa_data;
-    krb5_enc_data		enc_data;
-    krb5_data			plain;
-    krb5_data			*enc_pa_data;
+    krb5_error_code             code;
+    krb5_tl_data                tl_data;
+    krb5_pa_data                *pa_data;
+    krb5_enc_data               enc_data;
+    krb5_data                   plain;
+    krb5_data                   *enc_pa_data;
 
     *send_pa = NULL;
 
@@ -3106,23 +3107,23 @@ static krb5_error_code return_server_referral(krb5_context context,
 
     code = krb5_dbe_lookup_tl_data(context, server, &tl_data);
     if (code || tl_data.tl_data_length == 0)
-	return 0; /* no server referrals to return */
+        return 0; /* no server referrals to return */
 
     plain.length = tl_data.tl_data_length;
     plain.data = tl_data.tl_data_contents;
 
     /* Encrypt ServerReferralData */
     code = krb5_encrypt_helper(context, encrypting_key,
-			       KRB5_KEYUSAGE_PA_SERVER_REFERRAL_DATA,
-			       &plain, &enc_data);
+                               KRB5_KEYUSAGE_PA_SERVER_REFERRAL_DATA,
+                               &plain, &enc_data);
     if (code)
-	return code;
+        return code;
 
     /* Encode ServerReferralData into PA-SERVER-REFERRAL-DATA */
     code = encode_krb5_enc_data(&enc_data, &enc_pa_data);
     if (code) {
-	krb5_free_data_contents(context, &enc_data.ciphertext);
-	return code;
+        krb5_free_data_contents(context, &enc_data.ciphertext);
+        return code;
     }
 
     krb5_free_data_contents(context, &enc_data.ciphertext);
@@ -3130,8 +3131,8 @@ static krb5_error_code return_server_referral(krb5_context context,
     /* Return PA-SERVER-REFERRAL-DATA */
     pa_data = (krb5_pa_data *)malloc(sizeof(*pa_data));
     if (pa_data == NULL) {
-	krb5_free_data(context, enc_pa_data);
-	return ENOMEM;
+        krb5_free_data(context, enc_pa_data);
+        return ENOMEM;
     }
 
     pa_data->magic = KV5M_PA_DATA;
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 96dc34135..39c6be600 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/kdc_util.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Utility functions for the KDC implementation.
  */
@@ -82,9 +83,9 @@ const int vague_errors = 0;
 krb5_error_code
 kdc_initialize_rcache(krb5_context kcontext, char *rcache_name)
 {
-    krb5_error_code	retval;
-    char		*rcname;
-    char		*sname;
+    krb5_error_code     retval;
+    char                *rcname;
+    char                *sname;
 
     rcname = (rcache_name) ? rcache_name : kdc_current_rcname;
 
@@ -93,24 +94,24 @@ kdc_initialize_rcache(krb5_context kcontext, char *rcache_name)
     rc_lifetime = kcontext->clockskew;
 
     if (!rcname)
-	rcname = KDCRCACHE;
+        rcname = KDCRCACHE;
     if (!(retval = krb5_rc_resolve_full(kcontext, &kdc_rcache, rcname))) {
-	/* Recover or initialize the replay cache */
-	if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
-	    !(retval = krb5_rc_initialize(kcontext,
-					  kdc_rcache,
-					  kcontext->clockskew))
-	    ) {
-	    /* Expunge the replay cache */
-	    if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
-		sname = kdc_current_rcname;
-		kdc_current_rcname = strdup(rcname);
-		if (sname)
-		    free(sname);
-	    }
-	}
-	if (retval)
-	    krb5_rc_close(kcontext, kdc_rcache);
+        /* Recover or initialize the replay cache */
+        if (!(retval = krb5_rc_recover(kcontext, kdc_rcache)) ||
+            !(retval = krb5_rc_initialize(kcontext,
+                                          kdc_rcache,
+                                          kcontext->clockskew))
+        ) {
+            /* Expunge the replay cache */
+            if (!(retval = krb5_rc_expunge(kcontext, kdc_rcache))) {
+                sname = kdc_current_rcname;
+                kdc_current_rcname = strdup(rcname);
+                if (sname)
+                    free(sname);
+            }
+        }
+        if (retval)
+            krb5_rc_close(kcontext, kdc_rcache);
     }
     return(retval);
 }
@@ -122,7 +123,7 @@ kdc_initialize_rcache(krb5_context kcontext, char *rcache_name)
  */
 krb5_error_code
 concat_authorization_data(krb5_authdata **first, krb5_authdata **second,
-			  krb5_authdata ***output)
+                          krb5_authdata ***output)
 {
     register int i, j;
     register krb5_authdata **ptr, **retdata;
@@ -130,37 +131,37 @@ concat_authorization_data(krb5_authdata **first, krb5_authdata **second,
     /* count up the entries */
     i = 0;
     if (first)
-	for (ptr = first; *ptr; ptr++)
-	    i++;
+        for (ptr = first; *ptr; ptr++)
+            i++;
     if (second)
-	for (ptr = second; *ptr; ptr++)
-	    i++;
-    
+        for (ptr = second; *ptr; ptr++)
+            i++;
+
     retdata = (krb5_authdata **)malloc((i+1)*sizeof(*retdata));
     if (!retdata)
-	return ENOMEM;
-    retdata[i] = 0;			/* null-terminated array */
+        return ENOMEM;
+    retdata[i] = 0;                     /* null-terminated array */
     for (i = 0, j = 0, ptr = first; j < 2 ; ptr = second, j++)
-	while (ptr && *ptr) {
-	    /* now walk & copy */
-	    retdata[i] = (krb5_authdata *)malloc(sizeof(*retdata[i]));
-	    if (!retdata[i]) {
-		krb5_free_authdata(kdc_context, retdata);
-		return ENOMEM;
-	    }
-	    *retdata[i] = **ptr;
-	    if (!(retdata[i]->contents =
-		  (krb5_octet *)malloc(retdata[i]->length))) {
-		free(retdata[i]);
-		retdata[i] = 0;
-		krb5_free_authdata(kdc_context, retdata);
-		return ENOMEM;
-	    }
-	    memcpy(retdata[i]->contents, (*ptr)->contents, retdata[i]->length);
-
-	    ptr++;
-	    i++;
-	}
+        while (ptr && *ptr) {
+            /* now walk & copy */
+            retdata[i] = (krb5_authdata *)malloc(sizeof(*retdata[i]));
+            if (!retdata[i]) {
+                krb5_free_authdata(kdc_context, retdata);
+                return ENOMEM;
+            }
+            *retdata[i] = **ptr;
+            if (!(retdata[i]->contents =
+                  (krb5_octet *)malloc(retdata[i]->length))) {
+                free(retdata[i]);
+                retdata[i] = 0;
+                krb5_free_authdata(kdc_context, retdata);
+                return ENOMEM;
+            }
+            memcpy(retdata[i]->contents, (*ptr)->contents, retdata[i]->length);
+
+            ptr++;
+            i++;
+        }
     *output = retdata;
     return 0;
 }
@@ -184,9 +185,9 @@ is_local_principal(krb5_const_principal princ1)
 krb5_boolean krb5_is_tgs_principal(krb5_const_principal principal)
 {
     if ((krb5_princ_size(kdc_context, principal) > 0) &&
-	data_eq_string (*krb5_princ_component(kdc_context, principal, 0),
-			KRB5_TGS_NAME))
-	return TRUE;
+        data_eq_string (*krb5_princ_component(kdc_context, principal, 0),
+                        KRB5_TGS_NAME))
+        return TRUE;
     return FALSE;
 }
 
@@ -196,26 +197,26 @@ krb5_boolean krb5_is_tgs_principal(krb5_const_principal principal)
  */
 static krb5_error_code
 comp_cksum(krb5_context kcontext, krb5_data *source, krb5_ticket *ticket,
-	   krb5_checksum *his_cksum)
+           krb5_checksum *his_cksum)
 {
-    krb5_error_code 	  retval;
-    krb5_boolean	  valid;
+    krb5_error_code       retval;
+    krb5_boolean          valid;
 
-    if (!krb5_c_valid_cksumtype(his_cksum->checksum_type)) 
-	return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+    if (!krb5_c_valid_cksumtype(his_cksum->checksum_type))
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
 
     /* must be collision proof */
     if (!krb5_c_is_coll_proof_cksum(his_cksum->checksum_type))
-	return KRB5KRB_AP_ERR_INAPP_CKSUM;
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
 
     /* verify checksum */
     if ((retval = krb5_c_verify_checksum(kcontext, ticket->enc_part2->session,
-					 KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
-					 source, his_cksum, &valid)))
-	return(retval);
+                                         KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                         source, his_cksum, &valid)))
+        return(retval);
 
     if (!valid)
-	return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
+        return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
 
     return(0);
 }
@@ -226,180 +227,180 @@ find_pa_data(krb5_pa_data **padata, krb5_preauthtype pa_type)
     return krb5int_find_pa_data(kdc_context, padata, pa_type);
 }
 
-krb5_error_code 
+krb5_error_code
 kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from,
-		    krb5_data *pkt, krb5_ticket **ticket,
-		    krb5_db_entry *krbtgt, int *nprincs,
-		    krb5_keyblock **tgskey,
-		    krb5_keyblock **subkey,
-		    krb5_pa_data **pa_tgs_req)
+                    krb5_data *pkt, krb5_ticket **ticket,
+                    krb5_db_entry *krbtgt, int *nprincs,
+                    krb5_keyblock **tgskey,
+                    krb5_keyblock **subkey,
+                    krb5_pa_data **pa_tgs_req)
 {
     krb5_pa_data        * tmppa;
-    krb5_ap_req 	* apreq;
-    krb5_error_code 	  retval;
+    krb5_ap_req         * apreq;
+    krb5_error_code       retval;
     krb5_authdata **authdata = NULL;
-    krb5_data		  scratch1;
-    krb5_data 		* scratch = NULL;
-    krb5_boolean 	  foreign_server = FALSE;
-    krb5_auth_context 	  auth_context = NULL;
-    krb5_authenticator	* authenticator = NULL;
-    krb5_checksum 	* his_cksum = NULL;
-    krb5_kvno 		  kvno = 0;
+    krb5_data             scratch1;
+    krb5_data           * scratch = NULL;
+    krb5_boolean          foreign_server = FALSE;
+    krb5_auth_context     auth_context = NULL;
+    krb5_authenticator  * authenticator = NULL;
+    krb5_checksum       * his_cksum = NULL;
+    krb5_kvno             kvno = 0;
 
     *nprincs = 0;
     *tgskey = NULL;
 
     tmppa = find_pa_data(request->padata, KRB5_PADATA_AP_REQ);
     if (!tmppa)
-	return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+        return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
 
     scratch1.length = tmppa->length;
     scratch1.data = (char *)tmppa->contents;
     if ((retval = decode_krb5_ap_req(&scratch1, &apreq)))
-	return retval;
+        return retval;
 
     if (isflagset(apreq->ap_options, AP_OPTS_USE_SESSION_KEY) ||
-	isflagset(apreq->ap_options, AP_OPTS_MUTUAL_REQUIRED)) {
-	krb5_klog_syslog(LOG_INFO, "TGS_REQ: SESSION KEY or MUTUAL");
-	retval = KRB5KDC_ERR_POLICY;
-	goto cleanup;
+        isflagset(apreq->ap_options, AP_OPTS_MUTUAL_REQUIRED)) {
+        krb5_klog_syslog(LOG_INFO, "TGS_REQ: SESSION KEY or MUTUAL");
+        retval = KRB5KDC_ERR_POLICY;
+        goto cleanup;
     }
 
     /* If the "server" principal in the ticket is not something
        in the local realm, then we must refuse to service the request
        if the client claims to be from the local realm.
-       
+
        If we don't do this, then some other realm's nasty KDC can
        claim to be authenticating a client from our realm, and we'll
        give out tickets concurring with it!
-       
+
        we set a flag here for checking below.
-       */
+    */
     foreign_server = !is_local_principal(apreq->ticket->server);
 
     if ((retval = krb5_auth_con_init(kdc_context, &auth_context)))
-	goto cleanup;
+        goto cleanup;
 
     if ((retval = krb5_auth_con_setaddrs(kdc_context, auth_context, NULL,
-					 from->address)) )
-	goto cleanup_auth_context;
+                                         from->address)) )
+        goto cleanup_auth_context;
 #ifdef USE_RCACHE
     if ((retval = krb5_auth_con_setrcache(kdc_context, auth_context,
-					  kdc_rcache)))
-	goto cleanup_auth_context;
+                                          kdc_rcache)))
+        goto cleanup_auth_context;
 #endif
 
     if ((retval = kdc_get_server_key(apreq->ticket, 0, foreign_server,
-				     krbtgt, nprincs, tgskey, &kvno)))
-	goto cleanup_auth_context;
+                                     krbtgt, nprincs, tgskey, &kvno)))
+        goto cleanup_auth_context;
     /*
      * We do not use the KDB keytab because other parts of the TGS need the TGT key.
      */
     retval = krb5_auth_con_setuseruserkey(kdc_context, auth_context, *tgskey);
-    if (retval) 
-	goto cleanup_auth_context;
+    if (retval)
+        goto cleanup_auth_context;
 
-    if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq, 
-				      apreq->ticket->server, 
-				      kdc_active_realm->realm_keytab,
-				      NULL, ticket))) {
+    if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq,
+                                              apreq->ticket->server,
+                                              kdc_active_realm->realm_keytab,
+                                              NULL, ticket))) {
 #ifdef USE_RCACHE
-	/*
-	 * I'm not so sure that this is right, but it's better than nothing
-	 * at all.
-	 *
-	 * If we choke in the rd_req because of the replay cache, then attempt
-	 * to reinitialize the replay cache because somebody could have deleted
-	 * it from underneath us (e.g. a cron job)
-	 */
-	if ((retval == KRB5_RC_IO_IO) ||
-	    (retval == KRB5_RC_IO_UNKNOWN)) {
-	    (void) krb5_rc_close(kdc_context, kdc_rcache);
-	    kdc_rcache = (krb5_rcache) NULL;
-	    if (!(retval = kdc_initialize_rcache(kdc_context, (char *) NULL))) {
-		if ((retval = krb5_auth_con_setrcache(kdc_context, auth_context,
-						      kdc_rcache)) ||
-		    (retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context,
-						  apreq, apreq->ticket->server,
-				      		 kdc_active_realm->realm_keytab,
-						  NULL, ticket))
-		    )
-		    goto cleanup_auth_context;
-	    }
-	} else
-	    goto cleanup_auth_context; 
+        /*
+         * I'm not so sure that this is right, but it's better than nothing
+         * at all.
+         *
+         * If we choke in the rd_req because of the replay cache, then attempt
+         * to reinitialize the replay cache because somebody could have deleted
+         * it from underneath us (e.g. a cron job)
+         */
+        if ((retval == KRB5_RC_IO_IO) ||
+            (retval == KRB5_RC_IO_UNKNOWN)) {
+            (void) krb5_rc_close(kdc_context, kdc_rcache);
+            kdc_rcache = (krb5_rcache) NULL;
+            if (!(retval = kdc_initialize_rcache(kdc_context, (char *) NULL))) {
+                if ((retval = krb5_auth_con_setrcache(kdc_context, auth_context,
+                                                      kdc_rcache)) ||
+                    (retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context,
+                                                          apreq, apreq->ticket->server,
+                                                          kdc_active_realm->realm_keytab,
+                                                          NULL, ticket))
+                )
+                    goto cleanup_auth_context;
+            }
+        } else
+            goto cleanup_auth_context;
 #else
-	goto cleanup_auth_context; 
+        goto cleanup_auth_context;
 #endif
     }
 
     /* "invalid flag" tickets can must be used to validate */
     if (isflagset((*ticket)->enc_part2->flags, TKT_FLG_INVALID)
-	&& !isflagset(request->kdc_options, KDC_OPT_VALIDATE)) {
+        && !isflagset(request->kdc_options, KDC_OPT_VALIDATE)) {
         retval = KRB5KRB_AP_ERR_TKT_INVALID;
-	goto cleanup_auth_context;
+        goto cleanup_auth_context;
     }
 
     if ((retval = krb5_auth_con_getrecvsubkey(kdc_context,
-					      auth_context, subkey)))
-	goto cleanup_auth_context;
+                                              auth_context, subkey)))
+        goto cleanup_auth_context;
 
     if ((retval = krb5_auth_con_getauthenticator(kdc_context, auth_context,
-						 &authenticator)))
-	goto cleanup_auth_context;
+                                                 &authenticator)))
+        goto cleanup_auth_context;
 
     retval = krb5int_find_authdata(kdc_context,
-				   (*ticket)->enc_part2->authorization_data,
-				   authenticator->authorization_data,
-				   KRB5_AUTHDATA_FX_ARMOR, &authdata);
+                                   (*ticket)->enc_part2->authorization_data,
+                                   authenticator->authorization_data,
+                                   KRB5_AUTHDATA_FX_ARMOR, &authdata);
     if (retval != 0)
-	goto cleanup_authenticator;
-        if (authdata&& authdata[0]) {
-	krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
-			       "ticket valid only as FAST armor");
-	retval = KRB5KDC_ERR_POLICY;
-	krb5_free_authdata(kdc_context, authdata);
-	goto cleanup_authenticator;
+        goto cleanup_authenticator;
+    if (authdata&& authdata[0]) {
+        krb5_set_error_message(kdc_context, KRB5KDC_ERR_POLICY,
+                               "ticket valid only as FAST armor");
+        retval = KRB5KDC_ERR_POLICY;
+        krb5_free_authdata(kdc_context, authdata);
+        goto cleanup_authenticator;
     }
     krb5_free_authdata(kdc_context, authdata);
-    
-			       
+
+
     /* Check for a checksum */
     if (!(his_cksum = authenticator->checksum)) {
-	retval = KRB5KRB_AP_ERR_INAPP_CKSUM; 
-	goto cleanup_authenticator;
+        retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
+        goto cleanup_authenticator;
     }
 
     /* make sure the client is of proper lineage (see above) */
     if (foreign_server &&
-	!find_pa_data(request->padata, KRB5_PADATA_FOR_USER)) {
-	if (is_local_principal((*ticket)->enc_part2->client)) {
-	    /* someone in a foreign realm claiming to be local */
-	    krb5_klog_syslog(LOG_INFO, "PROCESS_TGS: failed lineage check");
-	    retval = KRB5KDC_ERR_POLICY;
-	    goto cleanup_authenticator;
-	}
+        !find_pa_data(request->padata, KRB5_PADATA_FOR_USER)) {
+        if (is_local_principal((*ticket)->enc_part2->client)) {
+            /* someone in a foreign realm claiming to be local */
+            krb5_klog_syslog(LOG_INFO, "PROCESS_TGS: failed lineage check");
+            retval = KRB5KDC_ERR_POLICY;
+            goto cleanup_authenticator;
+        }
     }
 
     /*
      * Check application checksum vs. tgs request
-     * 	 
+     *
      * We try checksumming the req-body two different ways: first we
      * try reaching into the raw asn.1 stream (if available), and
      * checksum that directly; if that fails, then we try encoding
      * using our local asn.1 library.
      */
     if (pkt && (fetch_asn1_field((unsigned char *) pkt->data,
-				 1, 4, &scratch1) >= 0)) {
-	if (comp_cksum(kdc_context, &scratch1, *ticket, his_cksum)) {
-	    if (!(retval = encode_krb5_kdc_req_body(request, &scratch))) 
-	        retval = comp_cksum(kdc_context, scratch, *ticket, his_cksum);
-	    krb5_free_data(kdc_context, scratch);
-	}
+                                 1, 4, &scratch1) >= 0)) {
+        if (comp_cksum(kdc_context, &scratch1, *ticket, his_cksum)) {
+            if (!(retval = encode_krb5_kdc_req_body(request, &scratch)))
+                retval = comp_cksum(kdc_context, scratch, *ticket, his_cksum);
+            krb5_free_data(kdc_context, scratch);
+        }
     }
 
     if (retval == 0)
-      *pa_tgs_req = tmppa;
+        *pa_tgs_req = tmppa;
 cleanup_authenticator:
     krb5_free_authenticator(kdc_context, authenticator);
 
@@ -412,15 +413,15 @@ cleanup_auth_context:
 
 cleanup:
     if (retval != 0) {
-	krb5_free_keyblock(kdc_context, *tgskey);
-	*tgskey = NULL;
+        krb5_free_keyblock(kdc_context, *tgskey);
+        *tgskey = NULL;
     }
     krb5_free_ap_req(kdc_context, apreq);
     return retval;
 }
 
-/* XXX This function should no longer be necessary. 
- * The KDC should take the keytab associated with the realm and pass that to 
+/* XXX This function should no longer be necessary.
+ * The KDC should take the keytab associated with the realm and pass that to
  * the krb5_rd_req_decode(). --proven
  *
  * It's actually still used by do_tgs_req() for u2u auth, and not too
@@ -428,42 +429,42 @@ cleanup:
  */
 krb5_error_code
 kdc_get_server_key(krb5_ticket *ticket, unsigned int flags,
-		   krb5_boolean match_enctype, krb5_db_entry *server,
-		   int *nprincs, krb5_keyblock **key, krb5_kvno *kvno)
+                   krb5_boolean match_enctype, krb5_db_entry *server,
+                   int *nprincs, krb5_keyblock **key, krb5_kvno *kvno)
 {
-    krb5_error_code 	  retval;
-    krb5_boolean 	  more, similar;
-    krb5_key_data	* server_key;
+    krb5_error_code       retval;
+    krb5_boolean          more, similar;
+    krb5_key_data       * server_key;
     krb5_keyblock       * mkey_ptr;
 
     *nprincs = 1;
 
     retval = krb5_db_get_principal_ext(kdc_context,
-				       ticket->server,
-				       flags,
-				       server,
-				       nprincs,
-				       &more);
+                                       ticket->server,
+                                       flags,
+                                       server,
+                                       nprincs,
+                                       &more);
     if (retval) {
-	return(retval);
+        return(retval);
     }
     if (more) {
-	return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
+        return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
     } else if (*nprincs != 1) {
-	char *sname;
+        char *sname;
 
-	if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) {
-	    limit_string(sname);
-	    krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'",
-			     sname);
-	    free(sname);
-	}
-	return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN);
+        if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) {
+            limit_string(sname);
+            krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'",
+                             sname);
+            free(sname);
+        }
+        return(KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN);
     }
     if (server->attributes & KRB5_KDB_DISALLOW_SVR ||
-	server->attributes & KRB5_KDB_DISALLOW_ALL_TIX) {
-	retval = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
-	goto errout;
+        server->attributes & KRB5_KDB_DISALLOW_ALL_TIX) {
+        retval = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+        goto errout;
     }
 
     if ((retval = krb5_dbe_find_mkey(kdc_context, master_keylist, server,
@@ -475,7 +476,7 @@ kdc_get_server_key(krb5_ticket *ticket, unsigned int flags,
                                     &master_keyblock, 0, &tmp_mkey_list) == 0) {
             krb5_dbe_free_key_list(kdc_context, master_keylist);
             master_keylist = tmp_mkey_list;
-	    retval = krb5_db_set_mkey_list(kdc_context, master_keylist);
+            retval = krb5_db_set_mkey_list(kdc_context, master_keylist);
             if (retval)
                 goto errout;
             if ((retval = krb5_dbe_find_mkey(kdc_context, master_keylist,
@@ -488,9 +489,9 @@ kdc_get_server_key(krb5_ticket *ticket, unsigned int flags,
     }
 
     retval = krb5_dbe_find_enctype(kdc_context, server,
-				   match_enctype ? ticket->enc_part.enctype : -1,
-				   -1, (krb5_int32)ticket->enc_part.kvno,
-				   &server_key);
+                                   match_enctype ? ticket->enc_part.enctype : -1,
+                                   -1, (krb5_int32)ticket->enc_part.kvno,
+                                   &server_key);
     if (retval)
         goto errout;
     if (!server_key) {
@@ -498,25 +499,25 @@ kdc_get_server_key(krb5_ticket *ticket, unsigned int flags,
         goto errout;
     }
     if ((*key = (krb5_keyblock *)malloc(sizeof **key))) {
-	retval = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
-					     server_key,
-					     *key, NULL);
+        retval = krb5_dbekd_decrypt_key_data(kdc_context, mkey_ptr,
+                                             server_key,
+                                             *key, NULL);
     } else
-	retval = ENOMEM;
+        retval = ENOMEM;
     retval = krb5_c_enctype_compare(kdc_context, ticket->enc_part.enctype,
-				    (*key)->enctype, &similar);
+                                    (*key)->enctype, &similar);
     if (retval)
-	goto errout;
+        goto errout;
     if (!similar) {
-	retval = KRB5_KDB_NO_PERMITTED_KEY;
-	goto errout;
+        retval = KRB5_KDB_NO_PERMITTED_KEY;
+        goto errout;
     }
     (*key)->enctype = ticket->enc_part.enctype;
     *kvno = server_key->key_data_kvno;
 errout:
     if (retval != 0) {
-	krb5_db_free_principal(kdc_context, server, *nprincs);
-	*nprincs = 0;
+        krb5_db_free_principal(kdc_context, server, *nprincs);
+        *nprincs = 0;
     }
 
     return retval;
@@ -547,13 +548,13 @@ check_hot_list(krb5_ticket *ticket)
 #define MAX_REALM_LN 500
 
 
-/* 
+/*
  * subrealm - determine if r2 is a subrealm of r1
  *
- *            SUBREALM takes two realms, r1 and r2, and 
- *            determines if r2 is a subrealm of r1.   
+ *            SUBREALM takes two realms, r1 and r2, and
+ *            determines if r2 is a subrealm of r1.
  *            r2 is a subrealm of r1 if (r1 is a prefix
- *            of r2 AND r1 and r2 begin with a /) or if 
+ *            of r2 AND r1 and r2 begin with a /) or if
  *            (r1 is a suffix of r2 and neither r1 nor r2
  *            begin with a /).
  *
@@ -576,7 +577,7 @@ subrealm(char *r1, char *r2)
     if(l2 <= l1) return(0);
     if((*r1 == '/') && (*r2 == '/') && (strncmp(r1,r2,l1) == 0)) return(l1-l2);
     if((*r1 != '/') && (*r2 != '/') && (strncmp(r1,r2+l2-l1,l1) == 0))
-	return(l2-l1);
+        return(l2-l1);
     return(0);
 }
 
@@ -585,7 +586,7 @@ subrealm(char *r1, char *r2)
  *                   ticket granting ticket on which the new ticket to
  *                   be issued is based (note that this is the same as
  *                   the realm of the server listed in the ticket
- *                   granting ticket. 
+ *                   granting ticket.
  *
  * ASSUMPTIONS:  This procedure assumes that the transited field from
  *               the existing ticket granting ticket already appears
@@ -616,21 +617,21 @@ subrealm(char *r1, char *r2)
  *
  * MODIFIES:  new_trans:  ->length will contain the length of the new
  *                        transited field.
- * 
+ *
  *                        If ->data was not null when this procedure
  *                        is called, the memory referenced by ->data
- *                        will be deallocated. 
+ *                        will be deallocated.
  *
  *                        Memory will be allocated for the new transited field
  *                        ->data will be updated to point to the newly
- *                        allocated memory.  
+ *                        allocated memory.
  *
  * BUGS:  The space allocated for the new transited field is the
  *        maximum that might be needed given the old transited field,
  *        and the realm to be added.  This length is calculated
  *        assuming that no compression of the new realm is possible.
  *        This has no adverse consequences other than the allocation
- *        of more space than required.  
+ *        of more space than required.
  *
  *        This procedure will not yet use the null subfield notation,
  *        and it will get confused if it sees it.
@@ -645,283 +646,283 @@ data2string (krb5_data *d)
     char *s;
     s = malloc(d->length + 1);
     if (s) {
-	memcpy(s, d->data, d->length);
-	s[d->length] = 0;
+        memcpy(s, d->data, d->length);
+        s[d->length] = 0;
     }
     return s;
 }
 
-krb5_error_code 
+krb5_error_code
 add_to_transited(krb5_data *tgt_trans, krb5_data *new_trans,
-		 krb5_principal tgs, krb5_principal client,
-		 krb5_principal server)
+                 krb5_principal tgs, krb5_principal client,
+                 krb5_principal server)
 {
-  krb5_error_code retval;
-  char        *realm;
-  char        *trans;
-  char        *otrans, *otrans_ptr;
-  size_t       bufsize;
-
-  /* The following are for stepping through the transited field     */
-
-  char        prev[MAX_REALM_LN];
-  char        next[MAX_REALM_LN];
-  char        current[MAX_REALM_LN];
-  char        exp[MAX_REALM_LN];      /* Expanded current realm name     */
-
-  int	      i;
-  int         clst, nlst;    /* count of last character in current and next */
-  int         pl, pl1;       /* prefix length                               */
-  int         added;         /* TRUE = new realm has been added             */
-
-  realm = data2string(krb5_princ_realm(kdc_context, tgs));
-  if (realm == NULL)
-      return(ENOMEM);
-
-  otrans = data2string(tgt_trans);
-  if (otrans == NULL) {
-      free(realm);
-      return(ENOMEM);
-  }
-  /* Keep track of start so we can free */
-  otrans_ptr = otrans;
-
-  /* +1 for null, 
-     +1 for extra comma which may be added between
-     +1 for potential space when leading slash in realm */
-  bufsize = strlen(realm) + strlen(otrans) + 3;
-  if (bufsize > MAX_REALM_LN)
-    bufsize = MAX_REALM_LN;
-  if (!(trans = (char *) malloc(bufsize))) {
-    retval = ENOMEM;
-    goto fail;
-  }
-
-  if (new_trans->data)  free(new_trans->data);
-  new_trans->data = trans;
-  new_trans->length = 0;
-
-  trans[0] = '\0';
-
-  /* For the purpose of appending, the realm preceding the first */
-  /* realm in the transited field is considered the null realm   */
-
-  prev[0] = '\0';
-
-  /* read field into current */
-  for (i = 0; *otrans != '\0';) {
-      if (*otrans == '\\') {
-	  if (*(++otrans) == '\0')
-	      break;
-	  else
-	      continue;
-      }
-      if (*otrans == ',') {
-	  otrans++;
-	  break;
-      }
-      current[i++] = *otrans++;
-      if (i >= MAX_REALM_LN) {
-	  retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	  goto fail;
-      }
-  }
-  current[i] = '\0';
-
-  added = (krb5_princ_realm(kdc_context, client)->length == strlen(realm) &&
-           !strncmp(krb5_princ_realm(kdc_context, client)->data, realm, strlen(realm))) ||
-          (krb5_princ_realm(kdc_context, server)->length == strlen(realm) &&
-           !strncmp(krb5_princ_realm(kdc_context, server)->data, realm, strlen(realm)));
-
-  while (current[0]) {
-
-    /* figure out expanded form of current name */
-
-    clst = strlen(current) - 1;
-    if (current[0] == ' ') {
-      strncpy(exp, current+1, sizeof(exp) - 1);
-      exp[sizeof(exp) - 1] = '\0';
-    }
-    else if ((current[0] == '/') && (prev[0] == '/')) {
-      strncpy(exp, prev, sizeof(exp) - 1);
-      exp[sizeof(exp) - 1] = '\0';
-      if (strlen(exp) + strlen(current) + 1 >= MAX_REALM_LN) {
-	retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	goto fail;
-      }
-      strncat(exp, current, sizeof(exp) - 1 - strlen(exp));
-    }
-    else if (current[clst] == '.') {
-      strncpy(exp, current, sizeof(exp) - 1);
-      exp[sizeof(exp) - 1] = '\0';
-      if (strlen(exp) + strlen(prev) + 1 >= MAX_REALM_LN) {
-	retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	goto fail;
-      }
-      strncat(exp, prev, sizeof(exp) - 1 - strlen(exp));
-    }
-    else {
-      strncpy(exp, current, sizeof(exp) - 1);
-      exp[sizeof(exp) - 1] = '\0';
-    }
-
-    /* read field into next */
-    for (i = 0; *otrans != '\0';) {
-	if (*otrans == '\\') {
-	    if (*(++otrans) == '\0')
-		break;
-	    else
-		continue;
-	}
-	if (*otrans == ',') {
-	    otrans++;
-	    break;
-	}
-	next[i++] = *otrans++;
-	if (i >= MAX_REALM_LN) {
-	    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	    goto fail;
-	}
-    }
-    next[i] = '\0';
-    nlst = i - 1;
-
-    if (!strcmp(exp, realm))  added = TRUE;
-
-    /* If we still have to insert the new realm */
+    krb5_error_code retval;
+    char        *realm;
+    char        *trans;
+    char        *otrans, *otrans_ptr;
+    size_t       bufsize;
 
-    if (!added) {
+    /* The following are for stepping through the transited field     */
+
+    char        prev[MAX_REALM_LN];
+    char        next[MAX_REALM_LN];
+    char        current[MAX_REALM_LN];
+    char        exp[MAX_REALM_LN];      /* Expanded current realm name     */
+
+    int         i;
+    int         clst, nlst;    /* count of last character in current and next */
+    int         pl, pl1;       /* prefix length                               */
+    int         added;         /* TRUE = new realm has been added             */
+
+    realm = data2string(krb5_princ_realm(kdc_context, tgs));
+    if (realm == NULL)
+        return(ENOMEM);
 
-      /* Is the next field compressed?  If not, and if the new */
-      /* realm is a subrealm of the current realm, compress    */
-      /* the new realm, and insert immediately following the   */
-      /* current one.  Note that we can not do this if the next*/
-      /* field is already compressed since it would mess up    */
-      /* what has already been done.  In most cases, this is   */
-      /* not a problem because the realm to be added will be a */
-      /* subrealm of the next field too, and we will catch     */
-      /* it in a future iteration.                             */
-
-	/* Note that the second test here is an unsigned comparison,
-	   so the first half (or a cast) is also required.  */
-      assert(nlst < 0 || nlst < (int)sizeof(next));
-      if ((nlst < 0 || next[nlst] != '.') &&
-	  (next[0] != '/') &&
-	  (pl = subrealm(exp, realm))) {
-        added = TRUE;
-	current[sizeof(current) - 1] = '\0';
-	if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
-	  retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	  goto fail;
-	}
-        strncat(current, ",", sizeof(current) - 1 - strlen(current));
-        if (pl > 0) {
-          strncat(current, realm, (unsigned) pl);
+    otrans = data2string(tgt_trans);
+    if (otrans == NULL) {
+        free(realm);
+        return(ENOMEM);
+    }
+    /* Keep track of start so we can free */
+    otrans_ptr = otrans;
+
+    /* +1 for null,
+       +1 for extra comma which may be added between
+       +1 for potential space when leading slash in realm */
+    bufsize = strlen(realm) + strlen(otrans) + 3;
+    if (bufsize > MAX_REALM_LN)
+        bufsize = MAX_REALM_LN;
+    if (!(trans = (char *) malloc(bufsize))) {
+        retval = ENOMEM;
+        goto fail;
+    }
+
+    if (new_trans->data)  free(new_trans->data);
+    new_trans->data = trans;
+    new_trans->length = 0;
+
+    trans[0] = '\0';
+
+    /* For the purpose of appending, the realm preceding the first */
+    /* realm in the transited field is considered the null realm   */
+
+    prev[0] = '\0';
+
+    /* read field into current */
+    for (i = 0; *otrans != '\0';) {
+        if (*otrans == '\\') {
+            if (*(++otrans) == '\0')
+                break;
+            else
+                continue;
         }
-        else {
-          strncat(current, realm+strlen(realm)+pl, (unsigned) (-pl));
+        if (*otrans == ',') {
+            otrans++;
+            break;
         }
-      }
-
-      /* Whether or not the next field is compressed, if the    */
-      /* realm to be added is a superrealm of the current realm,*/
-      /* then the current realm can be compressed.  First the   */
-      /* realm to be added must be compressed relative to the   */
-      /* previous realm (if possible), and then the current     */
-      /* realm compressed relative to the new realm.  Note that */
-      /* if the realm to be added is also a superrealm of the   */
-      /* previous realm, it would have been added earlier, and  */
-      /* we would not reach this step this time around.         */
-
-      else if ((pl = subrealm(realm, exp))) {
-        added      = TRUE;
-        current[0] = '\0';
-        if ((pl1 = subrealm(prev,realm))) {
-	  if (strlen(current) + (pl1>0?pl1:-pl1) + 1 >= MAX_REALM_LN) {
-	    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	    goto fail;
-	  }
-          if (pl1 > 0) {
-            strncat(current, realm, (unsigned) pl1);
-          }
-          else {
-            strncat(current, realm+strlen(realm)+pl1, (unsigned) (-pl1));
-          }
+        current[i++] = *otrans++;
+        if (i >= MAX_REALM_LN) {
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+            goto fail;
         }
-        else { /* If not a subrealm */
-          if ((realm[0] == '/') && prev[0]) {
-	    if (strlen(current) + 2 >= MAX_REALM_LN) {
-	      retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	      goto fail;
-	    }
-	    strncat(current, " ", sizeof(current) - 1 - strlen(current));
-	    current[sizeof(current) - 1] = '\0';
-          }
-	  if (strlen(current) + strlen(realm) + 1 >= MAX_REALM_LN) {
-	    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	    goto fail;
-	  }
-          strncat(current, realm, sizeof(current) - 1 - strlen(current));
-	  current[sizeof(current) - 1] = '\0';
+    }
+    current[i] = '\0';
+
+    added = (krb5_princ_realm(kdc_context, client)->length == strlen(realm) &&
+             !strncmp(krb5_princ_realm(kdc_context, client)->data, realm, strlen(realm))) ||
+        (krb5_princ_realm(kdc_context, server)->length == strlen(realm) &&
+         !strncmp(krb5_princ_realm(kdc_context, server)->data, realm, strlen(realm)));
+
+    while (current[0]) {
+
+        /* figure out expanded form of current name */
+
+        clst = strlen(current) - 1;
+        if (current[0] == ' ') {
+            strncpy(exp, current+1, sizeof(exp) - 1);
+            exp[sizeof(exp) - 1] = '\0';
         }
-	if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
-	  retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	  goto fail;
-	}
-        strncat(current,",", sizeof(current) - 1 - strlen(current));
-	current[sizeof(current) - 1] = '\0';
-        if (pl > 0) {
-          strncat(current, exp, (unsigned) pl);
+        else if ((current[0] == '/') && (prev[0] == '/')) {
+            strncpy(exp, prev, sizeof(exp) - 1);
+            exp[sizeof(exp) - 1] = '\0';
+            if (strlen(exp) + strlen(current) + 1 >= MAX_REALM_LN) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+            strncat(exp, current, sizeof(exp) - 1 - strlen(exp));
+        }
+        else if (current[clst] == '.') {
+            strncpy(exp, current, sizeof(exp) - 1);
+            exp[sizeof(exp) - 1] = '\0';
+            if (strlen(exp) + strlen(prev) + 1 >= MAX_REALM_LN) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+            strncat(exp, prev, sizeof(exp) - 1 - strlen(exp));
         }
         else {
-          strncat(current, exp+strlen(exp)+pl, (unsigned)(-pl));
+            strncpy(exp, current, sizeof(exp) - 1);
+            exp[sizeof(exp) - 1] = '\0';
         }
-      }
-    }
 
-    if (new_trans->length != 0) {
-      if (strlcat(trans, ",", bufsize) >= bufsize) {
-	retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	goto fail;
-      }
-    }
-    if (strlcat(trans, current, bufsize) >= bufsize) {
-      retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-      goto fail;
-    }
-    new_trans->length = strlen(trans);
+        /* read field into next */
+        for (i = 0; *otrans != '\0';) {
+            if (*otrans == '\\') {
+                if (*(++otrans) == '\0')
+                    break;
+                else
+                    continue;
+            }
+            if (*otrans == ',') {
+                otrans++;
+                break;
+            }
+            next[i++] = *otrans++;
+            if (i >= MAX_REALM_LN) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+        }
+        next[i] = '\0';
+        nlst = i - 1;
+
+        if (!strcmp(exp, realm))  added = TRUE;
+
+        /* If we still have to insert the new realm */
+
+        if (!added) {
+
+            /* Is the next field compressed?  If not, and if the new */
+            /* realm is a subrealm of the current realm, compress    */
+            /* the new realm, and insert immediately following the   */
+            /* current one.  Note that we can not do this if the next*/
+            /* field is already compressed since it would mess up    */
+            /* what has already been done.  In most cases, this is   */
+            /* not a problem because the realm to be added will be a */
+            /* subrealm of the next field too, and we will catch     */
+            /* it in a future iteration.                             */
+
+            /* Note that the second test here is an unsigned comparison,
+               so the first half (or a cast) is also required.  */
+            assert(nlst < 0 || nlst < (int)sizeof(next));
+            if ((nlst < 0 || next[nlst] != '.') &&
+                (next[0] != '/') &&
+                (pl = subrealm(exp, realm))) {
+                added = TRUE;
+                current[sizeof(current) - 1] = '\0';
+                if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
+                    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                    goto fail;
+                }
+                strncat(current, ",", sizeof(current) - 1 - strlen(current));
+                if (pl > 0) {
+                    strncat(current, realm, (unsigned) pl);
+                }
+                else {
+                    strncat(current, realm+strlen(realm)+pl, (unsigned) (-pl));
+                }
+            }
 
-    strncpy(prev, exp, sizeof(prev) - 1);
-    prev[sizeof(prev) - 1] = '\0';
-    strncpy(current, next, sizeof(current) - 1);
-    current[sizeof(current) - 1] = '\0';
-  }
+            /* Whether or not the next field is compressed, if the    */
+            /* realm to be added is a superrealm of the current realm,*/
+            /* then the current realm can be compressed.  First the   */
+            /* realm to be added must be compressed relative to the   */
+            /* previous realm (if possible), and then the current     */
+            /* realm compressed relative to the new realm.  Note that */
+            /* if the realm to be added is also a superrealm of the   */
+            /* previous realm, it would have been added earlier, and  */
+            /* we would not reach this step this time around.         */
+
+            else if ((pl = subrealm(realm, exp))) {
+                added      = TRUE;
+                current[0] = '\0';
+                if ((pl1 = subrealm(prev,realm))) {
+                    if (strlen(current) + (pl1>0?pl1:-pl1) + 1 >= MAX_REALM_LN) {
+                        retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                        goto fail;
+                    }
+                    if (pl1 > 0) {
+                        strncat(current, realm, (unsigned) pl1);
+                    }
+                    else {
+                        strncat(current, realm+strlen(realm)+pl1, (unsigned) (-pl1));
+                    }
+                }
+                else { /* If not a subrealm */
+                    if ((realm[0] == '/') && prev[0]) {
+                        if (strlen(current) + 2 >= MAX_REALM_LN) {
+                            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                            goto fail;
+                        }
+                        strncat(current, " ", sizeof(current) - 1 - strlen(current));
+                        current[sizeof(current) - 1] = '\0';
+                    }
+                    if (strlen(current) + strlen(realm) + 1 >= MAX_REALM_LN) {
+                        retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                        goto fail;
+                    }
+                    strncat(current, realm, sizeof(current) - 1 - strlen(current));
+                    current[sizeof(current) - 1] = '\0';
+                }
+                if (strlen(current) + (pl>0?pl:-pl) + 2 >= MAX_REALM_LN) {
+                    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                    goto fail;
+                }
+                strncat(current,",", sizeof(current) - 1 - strlen(current));
+                current[sizeof(current) - 1] = '\0';
+                if (pl > 0) {
+                    strncat(current, exp, (unsigned) pl);
+                }
+                else {
+                    strncat(current, exp+strlen(exp)+pl, (unsigned)(-pl));
+                }
+            }
+        }
 
-  if (!added) {
-    if (new_trans->length != 0) {
-      if (strlcat(trans, ",", bufsize) >= bufsize) {
-	retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	goto fail;
-      }
-    }
-    if((realm[0] == '/') && trans[0]) {
-      if (strlcat(trans, " ", bufsize) >= bufsize) {
-	retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-	goto fail;
-      }
+        if (new_trans->length != 0) {
+            if (strlcat(trans, ",", bufsize) >= bufsize) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+        }
+        if (strlcat(trans, current, bufsize) >= bufsize) {
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+            goto fail;
+        }
+        new_trans->length = strlen(trans);
+
+        strncpy(prev, exp, sizeof(prev) - 1);
+        prev[sizeof(prev) - 1] = '\0';
+        strncpy(current, next, sizeof(current) - 1);
+        current[sizeof(current) - 1] = '\0';
     }
-    if (strlcat(trans, realm, bufsize) >= bufsize) {
-      retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-      goto fail;
+
+    if (!added) {
+        if (new_trans->length != 0) {
+            if (strlcat(trans, ",", bufsize) >= bufsize) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+        }
+        if((realm[0] == '/') && trans[0]) {
+            if (strlcat(trans, " ", bufsize) >= bufsize) {
+                retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+                goto fail;
+            }
+        }
+        if (strlcat(trans, realm, bufsize) >= bufsize) {
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+            goto fail;
+        }
+        new_trans->length = strlen(trans);
     }
-    new_trans->length = strlen(trans);
-  }
 
-  retval = 0;
+    retval = 0;
 fail:
-  free(realm);
-  free(otrans_ptr);
-  return (retval);
+    free(realm);
+    free(otrans_ptr);
+    return (retval);
 }
 
 /*
@@ -930,67 +931,67 @@ fail:
  * Returns a Kerberos protocol error number, which is _not_ the same
  * as a com_err error number!
  */
-#define AS_INVALID_OPTIONS (KDC_OPT_FORWARDED | KDC_OPT_PROXY |\
-			    KDC_OPT_VALIDATE | KDC_OPT_RENEW | \
-			    KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)
+#define AS_INVALID_OPTIONS (KDC_OPT_FORWARDED | KDC_OPT_PROXY |         \
+                            KDC_OPT_VALIDATE | KDC_OPT_RENEW |          \
+                            KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)
 int
 validate_as_request(register krb5_kdc_req *request, krb5_db_entry client,
-		    krb5_db_entry server, krb5_timestamp kdc_time,
-		    const char **status, krb5_data *e_data)
+                    krb5_db_entry server, krb5_timestamp kdc_time,
+                    const char **status, krb5_data *e_data)
 {
-    int		errcode;
-    
+    int         errcode;
+
     /*
      * If an option is set that is only allowed in TGS requests, complain.
      */
     if (request->kdc_options & AS_INVALID_OPTIONS) {
-	*status = "INVALID AS OPTIONS";
-	return KDC_ERR_BADOPTION;
+        *status = "INVALID AS OPTIONS";
+        return KDC_ERR_BADOPTION;
     }
 
     /* The client must not be expired */
     if (client.expiration && client.expiration < kdc_time) {
-	*status = "CLIENT EXPIRED";
-	if (vague_errors)
-	    return(KRB_ERR_GENERIC);
-	else
-	    return(KDC_ERR_NAME_EXP);
+        *status = "CLIENT EXPIRED";
+        if (vague_errors)
+            return(KRB_ERR_GENERIC);
+        else
+            return(KDC_ERR_NAME_EXP);
     }
 
     /* The client's password must not be expired, unless the server is
-      a KRB5_KDC_PWCHANGE_SERVICE. */
+       a KRB5_KDC_PWCHANGE_SERVICE. */
     if (client.pw_expiration && client.pw_expiration < kdc_time &&
-	!isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
-	*status = "CLIENT KEY EXPIRED";
-	if (vague_errors)
-	    return(KRB_ERR_GENERIC);
-	else
-	    return(KDC_ERR_KEY_EXP);
+        !isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
+        *status = "CLIENT KEY EXPIRED";
+        if (vague_errors)
+            return(KRB_ERR_GENERIC);
+        else
+            return(KDC_ERR_KEY_EXP);
     }
 
     /* The server must not be expired */
     if (server.expiration && server.expiration < kdc_time) {
-	*status = "SERVICE EXPIRED";
-	    return(KDC_ERR_SERVICE_EXP);
+        *status = "SERVICE EXPIRED";
+        return(KDC_ERR_SERVICE_EXP);
     }
 
     /*
-     * If the client requires password changing, then only allow the 
+     * If the client requires password changing, then only allow the
      * pwchange service.
      */
     if (isflagset(client.attributes, KRB5_KDB_REQUIRES_PWCHANGE) &&
-	!isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
-	*status = "REQUIRED PWCHANGE";
-	return(KDC_ERR_KEY_EXP);
+        !isflagset(server.attributes, KRB5_KDB_PWCHANGE_SERVICE)) {
+        *status = "REQUIRED PWCHANGE";
+        return(KDC_ERR_KEY_EXP);
     }
 
     /* Client and server must allow postdating tickets */
     if ((isflagset(request->kdc_options, KDC_OPT_ALLOW_POSTDATE) ||
-	 isflagset(request->kdc_options, KDC_OPT_POSTDATED)) && 
-	(isflagset(client.attributes, KRB5_KDB_DISALLOW_POSTDATED) ||
-	 isflagset(server.attributes, KRB5_KDB_DISALLOW_POSTDATED))) {
-	*status = "POSTDATE NOT ALLOWED";
-	return(KDC_ERR_CANNOT_POSTDATE);
+         isflagset(request->kdc_options, KDC_OPT_POSTDATED)) &&
+        (isflagset(client.attributes, KRB5_KDB_DISALLOW_POSTDATED) ||
+         isflagset(server.attributes, KRB5_KDB_DISALLOW_POSTDATED))) {
+        *status = "POSTDATE NOT ALLOWED";
+        return(KDC_ERR_CANNOT_POSTDATE);
     }
 
     /*
@@ -999,86 +1000,86 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client,
      *
      *   - KDC_OPT_FORWARDABLE is set in KDCOptions but local
      *     policy has KRB5_KDB_DISALLOW_FORWARDABLE set for the
-     *	   client, and;
+     *     client, and;
      *   - KRB5_KDB_REQUIRES_PRE_AUTH is set for the client but
-     *	   preauthentication data is absent in the request.
+     *     preauthentication data is absent in the request.
      *
      * Hence, this check most be done after the check for preauth
      * data, and is now performed by validate_forwardable() (the
      * contents of which were previously below).
      */
-    
+
     /* Client and server must allow renewable tickets */
     if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE) &&
-	(isflagset(client.attributes, KRB5_KDB_DISALLOW_RENEWABLE) ||
-	 isflagset(server.attributes, KRB5_KDB_DISALLOW_RENEWABLE))) {
-	*status = "RENEWABLE NOT ALLOWED";
-	return(KDC_ERR_POLICY);
+        (isflagset(client.attributes, KRB5_KDB_DISALLOW_RENEWABLE) ||
+         isflagset(server.attributes, KRB5_KDB_DISALLOW_RENEWABLE))) {
+        *status = "RENEWABLE NOT ALLOWED";
+        return(KDC_ERR_POLICY);
     }
-    
+
     /* Client and server must allow proxiable tickets */
     if (isflagset(request->kdc_options, KDC_OPT_PROXIABLE) &&
-	(isflagset(client.attributes, KRB5_KDB_DISALLOW_PROXIABLE) ||
-	 isflagset(server.attributes, KRB5_KDB_DISALLOW_PROXIABLE))) {
-	*status = "PROXIABLE NOT ALLOWED";
-	return(KDC_ERR_POLICY);
+        (isflagset(client.attributes, KRB5_KDB_DISALLOW_PROXIABLE) ||
+         isflagset(server.attributes, KRB5_KDB_DISALLOW_PROXIABLE))) {
+        *status = "PROXIABLE NOT ALLOWED";
+        return(KDC_ERR_POLICY);
     }
-    
+
     /* Check to see if client is locked out */
     if (isflagset(client.attributes, KRB5_KDB_DISALLOW_ALL_TIX)) {
-	*status = "CLIENT LOCKED OUT";
-	return(KDC_ERR_CLIENT_REVOKED);
+        *status = "CLIENT LOCKED OUT";
+        return(KDC_ERR_CLIENT_REVOKED);
     }
 
     /* Check to see if server is locked out */
     if (isflagset(server.attributes, KRB5_KDB_DISALLOW_ALL_TIX)) {
-	*status = "SERVICE LOCKED OUT";
-	return(KDC_ERR_S_PRINCIPAL_UNKNOWN);
+        *status = "SERVICE LOCKED OUT";
+        return(KDC_ERR_S_PRINCIPAL_UNKNOWN);
     }
-	
+
     /* Check to see if server is allowed to be a service */
     if (isflagset(server.attributes, KRB5_KDB_DISALLOW_SVR)) {
-	*status = "SERVICE NOT ALLOWED";
-	return(KDC_ERR_MUST_USE_USER2USER);
+        *status = "SERVICE NOT ALLOWED";
+        return(KDC_ERR_MUST_USE_USER2USER);
     }
 
     /*
      * Check against local policy
      */
     errcode = against_local_policy_as(request, client, server,
-				      kdc_time, status, e_data);
+                                      kdc_time, status, e_data);
     if (errcode)
-	return errcode;
+        return errcode;
 
     return 0;
 }
 
 int
 validate_forwardable(krb5_kdc_req *request, krb5_db_entry client,
-		     krb5_db_entry server, krb5_timestamp kdc_time,
-		     const char **status)
+                     krb5_db_entry server, krb5_timestamp kdc_time,
+                     const char **status)
 {
     *status = NULL;
     if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE) &&
-	(isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE) ||
-	 isflagset(server.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))) {
-	*status = "FORWARDABLE NOT ALLOWED";
-	return(KDC_ERR_POLICY);
+        (isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE) ||
+         isflagset(server.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))) {
+        *status = "FORWARDABLE NOT ALLOWED";
+        return(KDC_ERR_POLICY);
     } else
-	return 0;
+        return 0;
 }
 
-#define ASN1_ID_CLASS	(0xc0)
+#define ASN1_ID_CLASS   (0xc0)
 #define ASN1_ID_TYPE    (0x20)
-#define ASN1_ID_TAG	(0x1f)	
-#define ASN1_CLASS_UNIV	(0)
-#define ASN1_CLASS_APP	(1)
-#define ASN1_CLASS_CTX	(2)
-#define ASN1_CLASS_PRIV	(3)
-#define asn1_id_constructed(x) 	(x & ASN1_ID_TYPE)
-#define asn1_id_primitive(x) 	(!asn1_id_constructed(x))
-#define asn1_id_class(x)	((x & ASN1_ID_CLASS) >> 6)
-#define asn1_id_tag(x)		(x & ASN1_ID_TAG)
+#define ASN1_ID_TAG     (0x1f)
+#define ASN1_CLASS_UNIV (0)
+#define ASN1_CLASS_APP  (1)
+#define ASN1_CLASS_CTX  (2)
+#define ASN1_CLASS_PRIV (3)
+#define asn1_id_constructed(x)  (x & ASN1_ID_TYPE)
+#define asn1_id_primitive(x)    (!asn1_id_constructed(x))
+#define asn1_id_class(x)        ((x & ASN1_ID_CLASS) >> 6)
+#define asn1_id_tag(x)          (x & ASN1_ID_TAG)
 
 /*
  * asn1length - return encoded length of value.
@@ -1091,42 +1092,42 @@ validate_forwardable(krb5_kdc_req *request, krb5_db_entry client,
 static int
 asn1length(unsigned char **astream)
 {
-    int length;		/* resulting length */
-    int sublen;		/* sublengths */
-    int blen;		/* bytes of length */ 
-    unsigned char *p;	/* substring searching */	
+    int length;         /* resulting length */
+    int sublen;         /* sublengths */
+    int blen;           /* bytes of length */
+    unsigned char *p;   /* substring searching */
 
     if (**astream & 0x80) {
         blen = **astream & 0x7f;
-	if (blen > 3) {
-	   return(-1);
-	}
-	for (++*astream, length = 0; blen; ++*astream, blen--) {
-	    length = (length << 8) | **astream;
-	}
-	if (length == 0) {
-		/* indefinite length, figure out by hand */
-	    p = *astream;
-	    p++;
-	    while (1) {
-		/* compute value length. */
-		if ((sublen = asn1length(&p)) < 0) {
-		    return(-1);
-		}
-		p += sublen;
+        if (blen > 3) {
+            return(-1);
+        }
+        for (++*astream, length = 0; blen; ++*astream, blen--) {
+            length = (length << 8) | **astream;
+        }
+        if (length == 0) {
+            /* indefinite length, figure out by hand */
+            p = *astream;
+            p++;
+            while (1) {
+                /* compute value length. */
+                if ((sublen = asn1length(&p)) < 0) {
+                    return(-1);
+                }
+                p += sublen;
                 /* check for termination */
-		if ((!*p++) && (!*p)) {
-		    p++;
-		    break;
-		}
-	    }
-	    length = p - *astream;	 
-	}
+                if ((!*p++) && (!*p)) {
+                    p++;
+                    break;
+                }
+            }
+            length = p - *astream;
+        }
     } else {
-	length = **astream;
-	++*astream;
-    } 
-   return(length);
+        length = **astream;
+        ++*astream;
+    }
+    return(length);
 }
 
 /*
@@ -1135,81 +1136,81 @@ asn1length(unsigned char **astream)
  * this routine is passed a context-dependent tag number and "level" and returns
  * the size and length of the corresponding level subfield.
  *
- * levels and are numbered starting from 1.  
+ * levels and are numbered starting from 1.
  *
  * returns 0 on success, -1 otherwise.
  */
 int
 fetch_asn1_field(unsigned char *astream, unsigned int level,
-		 unsigned int field, krb5_data *data)
+                 unsigned int field, krb5_data *data)
 {
-    unsigned char *estream;	/* end of stream */
-    int classes;		/* # classes seen so far this level */
-    unsigned int levels = 0;		/* levels seen so far */
+    unsigned char *estream;     /* end of stream */
+    int classes;                /* # classes seen so far this level */
+    unsigned int levels = 0;            /* levels seen so far */
     int lastlevel = 1000;       /* last level seen */
-    int length;			/* various lengths */
-    int tag;			/* tag number */
+    int length;                 /* various lengths */
+    int tag;                    /* tag number */
     unsigned char savelen;      /* saved length of our field */
 
     classes = -1;
-    /* we assume that the first identifier/length will tell us 
+    /* we assume that the first identifier/length will tell us
        how long the entire stream is. */
     astream++;
     estream = astream;
     if ((length = asn1length(&astream)) < 0) {
-	return(-1);
+        return(-1);
     }
     estream += length;
     /* search down the stream, checking identifiers.  we process identifiers
        until we hit the "level" we want, and then process that level for our
        subfield, always making sure we don't go off the end of the stream.  */
     while (astream < estream) {
-	if (!asn1_id_constructed(*astream)) {
-	    return(-1);
-	}
+        if (!asn1_id_constructed(*astream)) {
+            return(-1);
+        }
         if (asn1_id_class(*astream) == ASN1_CLASS_CTX) {
             if ((tag = (int)asn1_id_tag(*astream)) <= lastlevel) {
                 levels++;
                 classes = -1;
             }
-            lastlevel = tag; 
+            lastlevel = tag;
             if (levels == level) {
-	        /* in our context-dependent class, is this the one we're looking for ? */
-	        if (tag == (int)field) {
-		    /* return length and data */ 
-		    astream++;
-		    savelen = *astream;
-		    if ((data->length = asn1length(&astream)) < 0) {
-		        return(-1);
-	 	    }
-		    /* if the field length is indefinite, we will have to subtract two
+                /* in our context-dependent class, is this the one we're looking for ? */
+                if (tag == (int)field) {
+                    /* return length and data */
+                    astream++;
+                    savelen = *astream;
+                    if ((data->length = asn1length(&astream)) < 0) {
+                        return(-1);
+                    }
+                    /* if the field length is indefinite, we will have to subtract two
                        (terminating octets) from the length returned since we don't want
                        to pass any info from the "wrapper" back.  asn1length will always return
-                       the *total* length of the field, not just what's contained in it */ 
-		    if ((savelen & 0xff) == 0x80) {
-		      data->length -=2 ;
-		    }
-		    data->data = (char *)astream;
-		    return(0);
-	        } else if (tag <= classes) {
-		    /* we've seen this class before, something must be wrong */
-		    return(-1);
-	        } else {
-		    classes = tag;
-	        }
-	    }
+                       the *total* length of the field, not just what's contained in it */
+                    if ((savelen & 0xff) == 0x80) {
+                        data->length -=2 ;
+                    }
+                    data->data = (char *)astream;
+                    return(0);
+                } else if (tag <= classes) {
+                    /* we've seen this class before, something must be wrong */
+                    return(-1);
+                } else {
+                    classes = tag;
+                }
+            }
         }
         /* if we're not on our level yet, process this value.  otherwise skip over it */
-	astream++;
-	if ((length = asn1length(&astream)) < 0) {
-	    return(-1);
-	}
-	if (levels == level) {
-	    astream += length;
-	}
+        astream++;
+        if ((length = asn1length(&astream)) < 0) {
+            return(-1);
+        }
+        if (levels == level) {
+            astream += length;
+        }
     }
     return(-1);
-}	
+}
 
 /*
  * Routines that validate a TGS request; checks a lot of things.  :-)
@@ -1217,22 +1218,22 @@ fetch_asn1_field(unsigned char *astream, unsigned int level,
  * Returns a Kerberos protocol error number, which is _not_ the same
  * as a com_err error number!
  */
-#define TGS_OPTIONS_HANDLED (KDC_OPT_FORWARDABLE | KDC_OPT_FORWARDED | \
-			     KDC_OPT_PROXIABLE | KDC_OPT_PROXY | \
-			     KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED | \
-			     KDC_OPT_RENEWABLE | KDC_OPT_RENEWABLE_OK | \
-			     KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_RENEW | \
-			     KDC_OPT_VALIDATE | KDC_OPT_CANONICALIZE | KDC_OPT_CNAME_IN_ADDL_TKT)
+#define TGS_OPTIONS_HANDLED (KDC_OPT_FORWARDABLE | KDC_OPT_FORWARDED |  \
+                             KDC_OPT_PROXIABLE | KDC_OPT_PROXY |        \
+                             KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED | \
+                             KDC_OPT_RENEWABLE | KDC_OPT_RENEWABLE_OK | \
+                             KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_RENEW |  \
+                             KDC_OPT_VALIDATE | KDC_OPT_CANONICALIZE | KDC_OPT_CNAME_IN_ADDL_TKT)
 #define NO_TGT_OPTION (KDC_OPT_FORWARDED | KDC_OPT_PROXY | KDC_OPT_RENEW | \
-		       KDC_OPT_VALIDATE)
+                       KDC_OPT_VALIDATE)
 
 int
 validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
-		     krb5_ticket *ticket, krb5_timestamp kdc_time,
-		     const char **status, krb5_data *e_data)
+                     krb5_ticket *ticket, krb5_timestamp kdc_time,
+                     const char **status, krb5_data *e_data)
 {
-    int		errcode;
-    int		st_idx = 0;
+    int         errcode;
+    int         st_idx = 0;
 
     /*
      * If an illegal option is set, ignore it.
@@ -1241,8 +1242,8 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
 
     /* Check to see if server has expired */
     if (server.expiration && server.expiration < kdc_time) {
-	*status = "SERVICE EXPIRED";
-	return(KDC_ERR_SERVICE_EXP);
+        *status = "SERVICE EXPIRED";
+        return(KDC_ERR_SERVICE_EXP);
     }
 
     /*
@@ -1251,172 +1252,172 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
      * originally requested)
      */
     if (request->kdc_options & NO_TGT_OPTION) {
-	if (!krb5_principal_compare(kdc_context, ticket->server, request->server)) {
-	    *status = "SERVER DIDN'T MATCH TICKET FOR RENEW/FORWARD/ETC";
-	    return(KDC_ERR_SERVER_NOMATCH);
-	}
+        if (!krb5_principal_compare(kdc_context, ticket->server, request->server)) {
+            *status = "SERVER DIDN'T MATCH TICKET FOR RENEW/FORWARD/ETC";
+            return(KDC_ERR_SERVER_NOMATCH);
+        }
     } else {
-	/*
-	 * OK, we need to validate the krbtgt service in the ticket.
-	 *
-	 * The krbtgt service is of the form:
-	 * 		krbtgt/realm-A@realm-B
-	 *
-	 * Realm A is the "server realm"; the realm of the
-	 * server of the requested ticket must match this realm.
-	 * Of course, it should be a realm serviced by this KDC.
-	 *
-	 * Realm B is the "client realm"; this is what should be
-	 * added to the transited field.  (which is done elsewhere)
-	 */
-
-	/* Make sure there are two components... */
-	if (krb5_princ_size(kdc_context, ticket->server) != 2) {
-	    *status = "BAD TGS SERVER LENGTH";
-	    return KRB_AP_ERR_NOT_US;
-	}
-	/* ...that the first component is krbtgt... */
-	if (!krb5_is_tgs_principal(ticket->server)) {
-	    *status = "BAD TGS SERVER NAME";
-	    return KRB_AP_ERR_NOT_US;
-	}
-	/* ...and that the second component matches the server realm... */
-	if ((krb5_princ_size(kdc_context, ticket->server) <= 1) ||
-	    !data_eq(*krb5_princ_component(kdc_context, ticket->server, 1),
-		     *krb5_princ_realm(kdc_context, request->server))) {
-	    *status = "BAD TGS SERVER INSTANCE";
-	    return KRB_AP_ERR_NOT_US;
-	}
-	/* XXX add check that second component must match locally
-	 * supported realm?
-	 */
-
-	/* Server must allow TGS based issuances */
-	if (isflagset(server.attributes, KRB5_KDB_DISALLOW_TGT_BASED)) {
-	    *status = "TGT BASED NOT ALLOWED";
-	    return(KDC_ERR_POLICY);
-	}
-    }
-	    
+        /*
+         * OK, we need to validate the krbtgt service in the ticket.
+         *
+         * The krbtgt service is of the form:
+         *              krbtgt/realm-A@realm-B
+         *
+         * Realm A is the "server realm"; the realm of the
+         * server of the requested ticket must match this realm.
+         * Of course, it should be a realm serviced by this KDC.
+         *
+         * Realm B is the "client realm"; this is what should be
+         * added to the transited field.  (which is done elsewhere)
+         */
+
+        /* Make sure there are two components... */
+        if (krb5_princ_size(kdc_context, ticket->server) != 2) {
+            *status = "BAD TGS SERVER LENGTH";
+            return KRB_AP_ERR_NOT_US;
+        }
+        /* ...that the first component is krbtgt... */
+        if (!krb5_is_tgs_principal(ticket->server)) {
+            *status = "BAD TGS SERVER NAME";
+            return KRB_AP_ERR_NOT_US;
+        }
+        /* ...and that the second component matches the server realm... */
+        if ((krb5_princ_size(kdc_context, ticket->server) <= 1) ||
+            !data_eq(*krb5_princ_component(kdc_context, ticket->server, 1),
+                     *krb5_princ_realm(kdc_context, request->server))) {
+            *status = "BAD TGS SERVER INSTANCE";
+            return KRB_AP_ERR_NOT_US;
+        }
+        /* XXX add check that second component must match locally
+         * supported realm?
+         */
+
+        /* Server must allow TGS based issuances */
+        if (isflagset(server.attributes, KRB5_KDB_DISALLOW_TGT_BASED)) {
+            *status = "TGT BASED NOT ALLOWED";
+            return(KDC_ERR_POLICY);
+        }
+    }
+
     /* TGS must be forwardable to get forwarded or forwardable ticket */
     if ((isflagset(request->kdc_options, KDC_OPT_FORWARDED) ||
-	 isflagset(request->kdc_options, KDC_OPT_FORWARDABLE)) &&
-	!isflagset(ticket->enc_part2->flags, TKT_FLG_FORWARDABLE)) {
-	*status = "TGT NOT FORWARDABLE";
+         isflagset(request->kdc_options, KDC_OPT_FORWARDABLE)) &&
+        !isflagset(ticket->enc_part2->flags, TKT_FLG_FORWARDABLE)) {
+        *status = "TGT NOT FORWARDABLE";
 
-	return KDC_ERR_BADOPTION;
+        return KDC_ERR_BADOPTION;
     }
 
-    /* TGS must be proxiable to get proxiable ticket */    
+    /* TGS must be proxiable to get proxiable ticket */
     if ((isflagset(request->kdc_options, KDC_OPT_PROXY) ||
-	 isflagset(request->kdc_options, KDC_OPT_PROXIABLE)) &&
-	!isflagset(ticket->enc_part2->flags, TKT_FLG_PROXIABLE)) {
-	*status = "TGT NOT PROXIABLE";
-	return KDC_ERR_BADOPTION;
+         isflagset(request->kdc_options, KDC_OPT_PROXIABLE)) &&
+        !isflagset(ticket->enc_part2->flags, TKT_FLG_PROXIABLE)) {
+        *status = "TGT NOT PROXIABLE";
+        return KDC_ERR_BADOPTION;
     }
 
     /* TGS must allow postdating to get postdated ticket */
     if ((isflagset(request->kdc_options, KDC_OPT_ALLOW_POSTDATE) ||
-	  isflagset(request->kdc_options, KDC_OPT_POSTDATED)) &&
-	!isflagset(ticket->enc_part2->flags, TKT_FLG_MAY_POSTDATE)) {
-	*status = "TGT NOT POSTDATABLE";
-	return KDC_ERR_BADOPTION;
+         isflagset(request->kdc_options, KDC_OPT_POSTDATED)) &&
+        !isflagset(ticket->enc_part2->flags, TKT_FLG_MAY_POSTDATE)) {
+        *status = "TGT NOT POSTDATABLE";
+        return KDC_ERR_BADOPTION;
     }
 
     /* can only validate invalid tix */
     if (isflagset(request->kdc_options, KDC_OPT_VALIDATE) &&
-	!isflagset(ticket->enc_part2->flags, TKT_FLG_INVALID)) {
-	*status = "VALIDATE VALID TICKET";
-	return KDC_ERR_BADOPTION;
+        !isflagset(ticket->enc_part2->flags, TKT_FLG_INVALID)) {
+        *status = "VALIDATE VALID TICKET";
+        return KDC_ERR_BADOPTION;
     }
 
     /* can only renew renewable tix */
     if ((isflagset(request->kdc_options, KDC_OPT_RENEW) ||
-	  isflagset(request->kdc_options, KDC_OPT_RENEWABLE)) &&
-	!isflagset(ticket->enc_part2->flags, TKT_FLG_RENEWABLE)) {
-	*status = "TICKET NOT RENEWABLE";
-	return KDC_ERR_BADOPTION;
+         isflagset(request->kdc_options, KDC_OPT_RENEWABLE)) &&
+        !isflagset(ticket->enc_part2->flags, TKT_FLG_RENEWABLE)) {
+        *status = "TICKET NOT RENEWABLE";
+        return KDC_ERR_BADOPTION;
     }
 
     /* can not proxy ticket granting tickets */
     if (isflagset(request->kdc_options, KDC_OPT_PROXY) &&
-	(!request->server->data ||
-	 !data_eq_string(request->server->data[0], KRB5_TGS_NAME))) {
-	*status = "CAN'T PROXY TGT";
-	return KDC_ERR_BADOPTION;
+        (!request->server->data ||
+         !data_eq_string(request->server->data[0], KRB5_TGS_NAME))) {
+        *status = "CAN'T PROXY TGT";
+        return KDC_ERR_BADOPTION;
     }
-    
+
     /* Server must allow forwardable tickets */
     if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE) &&
-	isflagset(server.attributes, KRB5_KDB_DISALLOW_FORWARDABLE)) {
-	*status = "NON-FORWARDABLE TICKET";
-	return(KDC_ERR_POLICY);
+        isflagset(server.attributes, KRB5_KDB_DISALLOW_FORWARDABLE)) {
+        *status = "NON-FORWARDABLE TICKET";
+        return(KDC_ERR_POLICY);
     }
-    
+
     /* Server must allow renewable tickets */
     if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE) &&
-	isflagset(server.attributes, KRB5_KDB_DISALLOW_RENEWABLE)) {
-	*status = "NON-RENEWABLE TICKET";
-	return(KDC_ERR_POLICY);
+        isflagset(server.attributes, KRB5_KDB_DISALLOW_RENEWABLE)) {
+        *status = "NON-RENEWABLE TICKET";
+        return(KDC_ERR_POLICY);
     }
-    
+
     /* Server must allow proxiable tickets */
     if (isflagset(request->kdc_options, KDC_OPT_PROXIABLE) &&
-	isflagset(server.attributes, KRB5_KDB_DISALLOW_PROXIABLE)) {
-	*status = "NON-PROXIABLE TICKET";
-	return(KDC_ERR_POLICY);
+        isflagset(server.attributes, KRB5_KDB_DISALLOW_PROXIABLE)) {
+        *status = "NON-PROXIABLE TICKET";
+        return(KDC_ERR_POLICY);
     }
-    
+
     /* Server must allow postdated tickets */
     if (isflagset(request->kdc_options, KDC_OPT_ALLOW_POSTDATE) &&
-	isflagset(server.attributes, KRB5_KDB_DISALLOW_POSTDATED)) {
-	*status = "NON-POSTDATABLE TICKET";
-	return(KDC_ERR_CANNOT_POSTDATE);
+        isflagset(server.attributes, KRB5_KDB_DISALLOW_POSTDATED)) {
+        *status = "NON-POSTDATABLE TICKET";
+        return(KDC_ERR_CANNOT_POSTDATE);
     }
-    
+
     /* Server must allow DUP SKEY requests */
     if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY) &&
-	isflagset(server.attributes, KRB5_KDB_DISALLOW_DUP_SKEY)) {
-	*status = "DUP_SKEY DISALLOWED";
-	return(KDC_ERR_POLICY);
+        isflagset(server.attributes, KRB5_KDB_DISALLOW_DUP_SKEY)) {
+        *status = "DUP_SKEY DISALLOWED";
+        return(KDC_ERR_POLICY);
     }
 
     /* Server must not be locked out */
     if (isflagset(server.attributes, KRB5_KDB_DISALLOW_ALL_TIX)) {
-	*status = "SERVER LOCKED OUT";
-	return(KDC_ERR_S_PRINCIPAL_UNKNOWN);
+        *status = "SERVER LOCKED OUT";
+        return(KDC_ERR_S_PRINCIPAL_UNKNOWN);
     }
-	
+
     /* Server must be allowed to be a service */
     if (isflagset(server.attributes, KRB5_KDB_DISALLOW_SVR)) {
-	*status = "SERVER NOT ALLOWED";
-	return(KDC_ERR_MUST_USE_USER2USER);
+        *status = "SERVER NOT ALLOWED";
+        return(KDC_ERR_MUST_USE_USER2USER);
     }
 
     /* Check the hot list */
     if (check_hot_list(ticket)) {
-	*status = "HOT_LIST";
-	return(KRB_AP_ERR_REPEAT);
+        *status = "HOT_LIST";
+        return(KRB_AP_ERR_REPEAT);
     }
-    
+
     /* Check the start time vs. the KDC time */
     if (isflagset(request->kdc_options, KDC_OPT_VALIDATE)) {
-	if (ticket->enc_part2->times.starttime > kdc_time) {
-	    *status = "NOT_YET_VALID";
-	    return(KRB_AP_ERR_TKT_NYV);
-	}
+        if (ticket->enc_part2->times.starttime > kdc_time) {
+            *status = "NOT_YET_VALID";
+            return(KRB_AP_ERR_TKT_NYV);
+        }
     }
-    
+
     /*
      * Check the renew_till time.  The endtime was already
      * been checked in the initial authentication check.
      */
     if (isflagset(request->kdc_options, KDC_OPT_RENEW) &&
-	(ticket->enc_part2->times.renew_till < kdc_time)) {
-	*status = "TKT_EXPIRED";
-	return(KRB_AP_ERR_TKT_EXPIRED);
+        (ticket->enc_part2->times.renew_till < kdc_time)) {
+        *status = "TKT_EXPIRED";
+        return(KRB_AP_ERR_TKT_EXPIRED);
     }
-    
+
     /*
      * Checks for ENC_TKT_IN_SKEY:
      *
@@ -1424,50 +1425,50 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
      * (2) Make sure it is a ticket granting ticket
      */
     if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) {
-	if (!request->second_ticket ||
-	    !request->second_ticket[st_idx]) {
-	    *status = "NO_2ND_TKT";
-	    return(KDC_ERR_BADOPTION);
-	}
-	if (!krb5_principal_compare(kdc_context, request->second_ticket[st_idx]->server,
-				    tgs_server)) {
-		*status = "2ND_TKT_NOT_TGS";
-		return(KDC_ERR_POLICY);
-	}
-	st_idx++;
+        if (!request->second_ticket ||
+            !request->second_ticket[st_idx]) {
+            *status = "NO_2ND_TKT";
+            return(KDC_ERR_BADOPTION);
+        }
+        if (!krb5_principal_compare(kdc_context, request->second_ticket[st_idx]->server,
+                                    tgs_server)) {
+            *status = "2ND_TKT_NOT_TGS";
+            return(KDC_ERR_POLICY);
+        }
+        st_idx++;
     }
     if (isflagset(request->kdc_options, KDC_OPT_CNAME_IN_ADDL_TKT)) {
-	if (!request->second_ticket ||
-	    !request->second_ticket[st_idx]) {
-	    *status = "NO_2ND_TKT";
-	    return(KDC_ERR_BADOPTION);
-	}
-	st_idx++;
+        if (!request->second_ticket ||
+            !request->second_ticket[st_idx]) {
+            *status = "NO_2ND_TKT";
+            return(KDC_ERR_BADOPTION);
+        }
+        st_idx++;
     }
 
     /* Check for hardware preauthentication */
     if (isflagset(server.attributes, KRB5_KDB_REQUIRES_HW_AUTH) &&
-	!isflagset(ticket->enc_part2->flags,TKT_FLG_HW_AUTH)) {
-	*status = "NO HW PREAUTH";
-	return KRB_ERR_GENERIC;
+        !isflagset(ticket->enc_part2->flags,TKT_FLG_HW_AUTH)) {
+        *status = "NO HW PREAUTH";
+        return KRB_ERR_GENERIC;
     }
 
     /* Check for any kind of preauthentication */
     if (isflagset(server.attributes, KRB5_KDB_REQUIRES_PRE_AUTH) &&
-	!isflagset(ticket->enc_part2->flags, TKT_FLG_PRE_AUTH)) {
-	*status = "NO PREAUTH";
-	return KRB_ERR_GENERIC;
+        !isflagset(ticket->enc_part2->flags, TKT_FLG_PRE_AUTH)) {
+        *status = "NO PREAUTH";
+        return KRB_ERR_GENERIC;
     }
-    
+
     /*
      * Check local policy
      */
     errcode = against_local_policy_tgs(request, server, ticket,
-				       status, e_data);
+                                       status, e_data);
     if (errcode)
-	return errcode;
-    
-    
+        return errcode;
+
+
     return 0;
 }
 
@@ -1477,17 +1478,17 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
  */
 int
 dbentry_has_key_for_enctype(krb5_context context, krb5_db_entry *client,
-			    krb5_enctype enctype)
+                            krb5_enctype enctype)
 {
-    krb5_error_code	retval;
-    krb5_key_data	*datap;
+    krb5_error_code     retval;
+    krb5_key_data       *datap;
 
     retval = krb5_dbe_find_enctype(context, client, enctype,
-				   -1, 0, &datap);
+                                   -1, 0, &datap);
     if (retval)
-	return 0;
+        return 0;
     else
-	return 1;
+        return 1;
 }
 
 /*
@@ -1501,7 +1502,7 @@ dbentry_has_key_for_enctype(krb5_context context, krb5_db_entry *client,
  */
 int
 dbentry_supports_enctype(krb5_context context, krb5_db_entry *client,
-			 krb5_enctype enctype)
+                         krb5_enctype enctype)
 {
     /*
      * If it's DES_CBC_MD5, there's a bit in the attribute mask which
@@ -1512,14 +1513,14 @@ dbentry_supports_enctype(krb5_context context, krb5_db_entry *client,
      * that's not the reality....
      */
     if (enctype == ENCTYPE_DES_CBC_MD5)
-	return 0;
+        return 0;
 
     /*
      * XXX we assume everything can understand DES_CBC_CRC
      */
     if (enctype == ENCTYPE_DES_CBC_CRC)
-	return 1;
-    
+        return 1;
+
     /*
      * If we have a key for the encryption system, we assume it's
      * supported.
@@ -1534,19 +1535,19 @@ dbentry_supports_enctype(krb5_context context, krb5_db_entry *client,
  */
 krb5_enctype
 select_session_keytype(krb5_context context, krb5_db_entry *server,
-		       int nktypes, krb5_enctype *ktype)
+                       int nktypes, krb5_enctype *ktype)
 {
-    int		i;
-    
+    int         i;
+
     for (i = 0; i < nktypes; i++) {
-	if (!krb5_c_valid_enctype(ktype[i]))
-	    continue;
+        if (!krb5_c_valid_enctype(ktype[i]))
+            continue;
 
-	if (!krb5_is_permitted_enctype(context, ktype[i]))
-	    continue;
+        if (!krb5_is_permitted_enctype(context, ktype[i]))
+            continue;
 
-	if (dbentry_supports_enctype(context, server, ktype[i]))
-	    return ktype[i];
+        if (dbentry_supports_enctype(context, server, ktype[i]))
+            return ktype[i];
     }
     return 0;
 }
@@ -1556,53 +1557,53 @@ select_session_keytype(krb5_context context, krb5_db_entry *server,
  */
 krb5_error_code
 get_salt_from_key(krb5_context context, krb5_principal client,
-		  krb5_key_data *client_key, krb5_data *salt)
+                  krb5_key_data *client_key, krb5_data *salt)
 {
-    krb5_error_code		retval;
-    krb5_data *			realm;
-    
+    krb5_error_code             retval;
+    krb5_data *                 realm;
+
     salt->data = 0;
     salt->length = SALT_TYPE_NO_LENGTH;
-    
+
     if (client_key->key_data_ver == 1)
-	return 0;
+        return 0;
 
     switch (client_key->key_data_type[1]) {
     case KRB5_KDB_SALTTYPE_NORMAL:
-	/*
-	 * The client could infer the salt from the principal, but
-	 * might use the wrong principal name if this is an alias.  So
-	 * it's more reliable to send an explicit salt.
-	 */
-	if ((retval = krb5_principal2salt(context, client, salt)))
-	    return retval;
-	break;
+        /*
+         * The client could infer the salt from the principal, but
+         * might use the wrong principal name if this is an alias.  So
+         * it's more reliable to send an explicit salt.
+         */
+        if ((retval = krb5_principal2salt(context, client, salt)))
+            return retval;
+        break;
     case KRB5_KDB_SALTTYPE_V4:
-	/* send an empty (V4) salt */
-	salt->data = 0;
-	salt->length = 0;
-	break;
+        /* send an empty (V4) salt */
+        salt->data = 0;
+        salt->length = 0;
+        break;
     case KRB5_KDB_SALTTYPE_NOREALM:
-	if ((retval = krb5_principal2salt_norealm(context, client, salt)))
-	    return retval;
-	break;
+        if ((retval = krb5_principal2salt_norealm(context, client, salt)))
+            return retval;
+        break;
     case KRB5_KDB_SALTTYPE_AFS3:
-	/* send the same salt as with onlyrealm - but with no type info,
-	   we just hope they figure it out on the other end. */
-	/* fall through to onlyrealm: */
+        /* send the same salt as with onlyrealm - but with no type info,
+           we just hope they figure it out on the other end. */
+        /* fall through to onlyrealm: */
     case KRB5_KDB_SALTTYPE_ONLYREALM:
-	realm = krb5_princ_realm(context, client);
-	salt->length = realm->length;
-	if ((salt->data = malloc(realm->length)) == NULL)
-	    return ENOMEM;
-	memcpy(salt->data, realm->data, realm->length);
-	break;
+        realm = krb5_princ_realm(context, client);
+        salt->length = realm->length;
+        if ((salt->data = malloc(realm->length)) == NULL)
+            return ENOMEM;
+        memcpy(salt->data, realm->data, realm->length);
+        break;
     case KRB5_KDB_SALTTYPE_SPECIAL:
-	salt->length = client_key->key_data_length[1];
-	if ((salt->data = malloc(salt->length)) == NULL)
-	    return ENOMEM;
-	memcpy(salt->data, client_key->key_data_contents[1], salt->length);
-	break;
+        salt->length = client_key->key_data_length[1];
+        if ((salt->data = malloc(salt->length)) == NULL)
+            return ENOMEM;
+        memcpy(salt->data, client_key->key_data_contents[1], salt->length);
+        break;
     }
     return 0;
 }
@@ -1615,20 +1616,20 @@ get_salt_from_key(krb5_context context, krb5_principal client,
 
 void limit_string(char *name)
 {
-	int	i;
+    int     i;
 
-	if (!name)
-		return;
+    if (!name)
+        return;
 
-	if (strlen(name) < NAME_LENGTH_LIMIT)
-		return;
+    if (strlen(name) < NAME_LENGTH_LIMIT)
+        return;
 
-	i = NAME_LENGTH_LIMIT-4;
-	name[i++] = '.';
-	name[i++] = '.';
-	name[i++] = '.';
-	name[i] = '\0';
-	return;
+    i = NAME_LENGTH_LIMIT-4;
+    name[i++] = '.';
+    name[i++] = '.';
+    name[i++] = '.';
+    name[i] = '\0';
+    return;
 }
 
 /*
@@ -1650,32 +1651,32 @@ ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype)
     char *p;
 
     if (nktypes < 0
-	|| len < (sizeof(" etypes {...}") + D_LEN(int))) {
-	*s = '\0';
-	return;
+        || len < (sizeof(" etypes {...}") + D_LEN(int))) {
+        *s = '\0';
+        return;
     }
 
     snprintf(s, len, "%d etypes {", nktypes);
     for (i = 0; i < nktypes; i++) {
-	snprintf(stmp, sizeof(stmp), "%s%ld", i ? " " : "", (long)ktype[i]);
-	if (strlen(s) + strlen(stmp) + sizeof("}") > len)
-	    break;
-	strlcat(s, stmp, len);
+        snprintf(stmp, sizeof(stmp), "%s%ld", i ? " " : "", (long)ktype[i]);
+        if (strlen(s) + strlen(stmp) + sizeof("}") > len)
+            break;
+        strlcat(s, stmp, len);
     }
     if (i < nktypes) {
-	/*
-	 * We broke out of the loop. Try to truncate the list.
-	 */
-	p = s + strlen(s);
-	while (p - s + sizeof("...}") > len) {
-	    while (p > s && *p != ' ' && *p != '{')
-		*p-- = '\0';
-	    if (p > s && *p == ' ') {
-		*p-- = '\0';
-		continue;
-	    }
-	}
-	strlcat(s, "...", len);
+        /*
+         * We broke out of the loop. Try to truncate the list.
+         */
+        p = s + strlen(s);
+        while (p - s + sizeof("...}") > len) {
+            while (p > s && *p != ' ' && *p != '{')
+                *p-- = '\0';
+            if (p > s && *p == ' ') {
+                *p-- = '\0';
+                continue;
+            }
+        }
+        strlcat(s, "...", len);
     }
     strlcat(s, "}", len);
     return;
@@ -1687,25 +1688,25 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep)
     char stmp[sizeof("ses=") + D_LEN(krb5_enctype)];
 
     if (len < (3 * D_LEN(krb5_enctype)
-	       + sizeof("etypes {rep= tkt= ses=}"))) {
-	*s = '\0';
-	return;
+               + sizeof("etypes {rep= tkt= ses=}"))) {
+        *s = '\0';
+        return;
     }
 
     snprintf(s, len, "etypes {rep=%ld", (long)rep->enc_part.enctype);
 
     if (rep->ticket != NULL) {
-	snprintf(stmp, sizeof(stmp),
-		 " tkt=%ld", (long)rep->ticket->enc_part.enctype);
-	strlcat(s, stmp, len);
+        snprintf(stmp, sizeof(stmp),
+                 " tkt=%ld", (long)rep->ticket->enc_part.enctype);
+        strlcat(s, stmp, len);
     }
 
     if (rep->ticket != NULL
-	&& rep->ticket->enc_part2 != NULL
-	&& rep->ticket->enc_part2->session != NULL) {
-	snprintf(stmp, sizeof(stmp), " ses=%ld",
-		 (long)rep->ticket->enc_part2->session->enctype);
-	strlcat(s, stmp, len);
+        && rep->ticket->enc_part2 != NULL
+        && rep->ticket->enc_part2->session != NULL) {
+        snprintf(stmp, sizeof(stmp), " ses=%ld",
+                 (long)rep->ticket->enc_part2->session->enctype);
+        strlcat(s, stmp, len);
     }
     strlcat(s, "}", len);
     return;
@@ -1713,40 +1714,40 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep)
 
 krb5_error_code
 get_principal_locked (krb5_context kcontext,
-		      krb5_const_principal search_for,
-		      krb5_db_entry *entries, int *nentries,
-		      krb5_boolean *more)
+                      krb5_const_principal search_for,
+                      krb5_db_entry *entries, int *nentries,
+                      krb5_boolean *more)
 {
     return krb5_db_get_principal (kcontext, search_for, entries, nentries,
-				  more);
+                                  more);
 }
 
 krb5_error_code
 get_principal (krb5_context kcontext,
-	       krb5_const_principal search_for,
-	       krb5_db_entry *entries, int *nentries, krb5_boolean *more)
+               krb5_const_principal search_for,
+               krb5_db_entry *entries, int *nentries, krb5_boolean *more)
 {
     /* Eventually this will be used to manage locking while looking up
        principals in the database.  */
     return get_principal_locked (kcontext, search_for, entries, nentries,
-				 more);
+                                 more);
 }
 
 
 krb5_error_code
 sign_db_authdata (krb5_context context,
-		  unsigned int flags,
-		  krb5_const_principal client_princ,
-		  krb5_db_entry *client,
-		  krb5_db_entry *server,
-		  krb5_db_entry *krbtgt,
-		  krb5_keyblock *client_key,
-		  krb5_keyblock *server_key,
-		  krb5_keyblock *krbtgt_key,
-		  krb5_timestamp authtime,
-		  krb5_authdata **tgs_authdata,
-		  krb5_keyblock *session_key,
-		  krb5_authdata ***ret_authdata)
+                  unsigned int flags,
+                  krb5_const_principal client_princ,
+                  krb5_db_entry *client,
+                  krb5_db_entry *server,
+                  krb5_db_entry *krbtgt,
+                  krb5_keyblock *client_key,
+                  krb5_keyblock *server_key,
+                  krb5_keyblock *krbtgt_key,
+                  krb5_timestamp authtime,
+                  krb5_authdata **tgs_authdata,
+                  krb5_keyblock *session_key,
+                  krb5_authdata ***ret_authdata)
 {
     krb5_error_code code;
     kdb_sign_auth_data_req req;
@@ -1759,17 +1760,17 @@ sign_db_authdata (krb5_context context,
     memset(&req, 0, sizeof(req));
     memset(&rep, 0, sizeof(rep));
 
-    req.flags			= flags;
-    req.client_princ		= client_princ;
-    req.client			= client;
-    req.server			= server;
-    req.krbtgt			= krbtgt;
-    req.client_key		= client_key;
-    req.server_key		= server_key;
-    req.authtime		= authtime;
-    req.auth_data		= tgs_authdata;
-    req.session_key		= session_key;
-    req.krbtgt_key		= krbtgt_key;
+    req.flags                   = flags;
+    req.client_princ            = client_princ;
+    req.client                  = client;
+    req.server                  = server;
+    req.krbtgt                  = krbtgt;
+    req.client_key              = client_key;
+    req.server_key              = server_key;
+    req.authtime                = authtime;
+    req.auth_data               = tgs_authdata;
+    req.session_key             = session_key;
+    req.krbtgt_key              = krbtgt_key;
 
     req_data.data = (void *)&req;
     req_data.length = sizeof(req);
@@ -1778,29 +1779,29 @@ sign_db_authdata (krb5_context context,
     rep_data.length = sizeof(rep);
 
     code = krb5_db_invoke(context,
-			  KRB5_KDB_METHOD_SIGN_AUTH_DATA,
-			  &req_data,
-			  &rep_data);
+                          KRB5_KDB_METHOD_SIGN_AUTH_DATA,
+                          &req_data,
+                          &rep_data);
 
     *ret_authdata = rep.auth_data;
- 
+
     return code;
 }
 
 static krb5_error_code
 verify_for_user_checksum(krb5_context context,
-			 krb5_keyblock *key,
-			 krb5_pa_for_user *req)
+                         krb5_keyblock *key,
+                         krb5_pa_for_user *req)
 {
-    krb5_error_code		code;
-    int				i;
-    krb5_int32			name_type;
-    char			*p;
-    krb5_data			data;
-    krb5_boolean		valid = FALSE;
+    krb5_error_code             code;
+    int                         i;
+    krb5_int32                  name_type;
+    char                        *p;
+    krb5_data                   data;
+    krb5_boolean                valid = FALSE;
 
     if (!krb5_c_is_keyed_cksum(req->cksum.checksum_type)) {
-	return KRB5KRB_AP_ERR_INAPP_CKSUM;
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
     }
 
     /*
@@ -1809,14 +1810,14 @@ verify_for_user_checksum(krb5_context context,
      */
     data.length = 4;
     for (i = 0; i < krb5_princ_size(context, req->user); i++) {
-	data.length += krb5_princ_component(context, req->user, i)->length;
+        data.length += krb5_princ_component(context, req->user, i)->length;
     }
     data.length += krb5_princ_realm(context, req->user)->length;
     data.length += req->auth_package.length;
 
     p = data.data = malloc(data.length);
     if (data.data == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     name_type = krb5_princ_type(context, req->user);
@@ -1827,27 +1828,27 @@ verify_for_user_checksum(krb5_context context,
     p += 4;
 
     for (i = 0; i < krb5_princ_size(context, req->user); i++) {
-	memcpy(p, krb5_princ_component(context, req->user, i)->data,
-	       krb5_princ_component(context, req->user, i)->length);
-	p += krb5_princ_component(context, req->user, i)->length;
+        memcpy(p, krb5_princ_component(context, req->user, i)->data,
+               krb5_princ_component(context, req->user, i)->length);
+        p += krb5_princ_component(context, req->user, i)->length;
     }
 
     memcpy(p, krb5_princ_realm(context, req->user)->data,
-	   krb5_princ_realm(context, req->user)->length);
+           krb5_princ_realm(context, req->user)->length);
     p += krb5_princ_realm(context, req->user)->length;
 
     memcpy(p, req->auth_package.data, req->auth_package.length);
     p += req->auth_package.length;
 
     code = krb5_c_verify_checksum(context,
-				  key,
-				  KRB5_KEYUSAGE_APP_DATA_CKSUM,
-				  &data,
-				  &req->cksum,
-				  &valid);
+                                  key,
+                                  KRB5_KEYUSAGE_APP_DATA_CKSUM,
+                                  &data,
+                                  &req->cksum,
+                                  &valid);
 
     if (code == 0 && valid == FALSE)
-	code = KRB5KRB_AP_ERR_MODIFIED;
+        code = KRB5KRB_AP_ERR_MODIFIED;
 
     free(data.data);
 
@@ -1859,33 +1860,33 @@ verify_for_user_checksum(krb5_context context,
  */
 static krb5_error_code
 kdc_process_for_user(krb5_context context,
-		     krb5_pa_data *pa_data,
-		     krb5_keyblock *tgs_session,
-		     krb5_pa_s4u_x509_user **s4u_x509_user,
-		     const char **status)
+                     krb5_pa_data *pa_data,
+                     krb5_keyblock *tgs_session,
+                     krb5_pa_s4u_x509_user **s4u_x509_user,
+                     const char **status)
 {
-    krb5_error_code		code;
-    krb5_pa_for_user		*for_user;
-    krb5_data			req_data;
+    krb5_error_code             code;
+    krb5_pa_for_user            *for_user;
+    krb5_data                   req_data;
 
     req_data.length = pa_data->length;
     req_data.data = (char *)pa_data->contents;
 
     code = decode_krb5_pa_for_user(&req_data, &for_user);
     if (code)
-	return code;
+        return code;
 
     code = verify_for_user_checksum(context, tgs_session, for_user);
     if (code) {
-	*status = "INVALID_S4U2SELF_CHECKSUM";
-	krb5_free_pa_for_user(kdc_context, for_user);
-	return code;
+        *status = "INVALID_S4U2SELF_CHECKSUM";
+        krb5_free_pa_for_user(kdc_context, for_user);
+        return code;
     }
 
     *s4u_x509_user = calloc(1, sizeof(krb5_pa_s4u_x509_user));
     if (*s4u_x509_user == NULL) {
-	krb5_free_pa_for_user(kdc_context, for_user);
-	return ENOMEM;
+        krb5_free_pa_for_user(kdc_context, for_user);
+        return ENOMEM;
     }
 
     (*s4u_x509_user)->user_id.user = for_user->user;
@@ -1897,21 +1898,21 @@ kdc_process_for_user(krb5_context context,
 
 static krb5_error_code
 verify_s4u_x509_user_checksum(krb5_context context,
-			      krb5_keyblock *key,
-			      krb5_data *req_data,
-			      krb5_int32 kdc_req_nonce,
-			      krb5_pa_s4u_x509_user *req)
+                              krb5_keyblock *key,
+                              krb5_data *req_data,
+                              krb5_int32 kdc_req_nonce,
+                              krb5_pa_s4u_x509_user *req)
 {
-    krb5_error_code		code;
-    krb5_data			scratch;
-    krb5_boolean		valid = FALSE;
+    krb5_error_code             code;
+    krb5_data                   scratch;
+    krb5_boolean                valid = FALSE;
 
     if (enctype_requires_etype_info_2(key->enctype) &&
-	!krb5_c_is_keyed_cksum(req->cksum.checksum_type))
-	return KRB5KRB_AP_ERR_INAPP_CKSUM;
+        !krb5_c_is_keyed_cksum(req->cksum.checksum_type))
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
 
     if (req->user_id.nonce != kdc_req_nonce)
-	return KRB5KRB_AP_ERR_MODIFIED;
+        return KRB5KRB_AP_ERR_MODIFIED;
 
     /*
      * Verify checksum over the encoded userid. If that fails,
@@ -1919,35 +1920,35 @@ verify_s4u_x509_user_checksum(krb5_context context,
      * behaviour in kdc_process_tgs_req().
      */
     if (fetch_asn1_field((unsigned char *)req_data->data, 1, 0, &scratch) < 0)
-	return ASN1_PARSE_ERROR;
+        return ASN1_PARSE_ERROR;
 
     code = krb5_c_verify_checksum(context,
-				  key,
-				  KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST,
-				  &scratch,
-				  &req->cksum,
-				  &valid);
+                                  key,
+                                  KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST,
+                                  &scratch,
+                                  &req->cksum,
+                                  &valid);
     if (code != 0)
-	return code;
+        return code;
 
     if (valid == FALSE) {
-	krb5_data *data;
+        krb5_data *data;
 
-	code = encode_krb5_s4u_userid(&req->user_id, &data);
-	if (code != 0)
-	    return code;
+        code = encode_krb5_s4u_userid(&req->user_id, &data);
+        if (code != 0)
+            return code;
 
-	code = krb5_c_verify_checksum(context,
-				      key,
-				      KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST,
-				      data,
-				      &req->cksum,
-				      &valid);
+        code = krb5_c_verify_checksum(context,
+                                      key,
+                                      KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST,
+                                      data,
+                                      &req->cksum,
+                                      &valid);
 
-	krb5_free_data(context, data);
+        krb5_free_data(context, data);
 
-	if (code != 0)
-	    return code;
+        if (code != 0)
+            return code;
     }
 
     return valid ? 0 : KRB5KRB_AP_ERR_MODIFIED;
@@ -1958,42 +1959,42 @@ verify_s4u_x509_user_checksum(krb5_context context,
  */
 static krb5_error_code
 kdc_process_s4u_x509_user(krb5_context context,
-			  krb5_kdc_req *request,
-			  krb5_pa_data *pa_data,
-			  krb5_keyblock *tgs_subkey,
-			  krb5_keyblock *tgs_session,
-			  krb5_pa_s4u_x509_user **s4u_x509_user,
-			  const char **status)
+                          krb5_kdc_req *request,
+                          krb5_pa_data *pa_data,
+                          krb5_keyblock *tgs_subkey,
+                          krb5_keyblock *tgs_session,
+                          krb5_pa_s4u_x509_user **s4u_x509_user,
+                          const char **status)
 {
-    krb5_error_code		code;
-    krb5_data			req_data;
+    krb5_error_code             code;
+    krb5_data                   req_data;
 
     req_data.length = pa_data->length;
     req_data.data = (char *)pa_data->contents;
 
     code = decode_krb5_pa_s4u_x509_user(&req_data, s4u_x509_user);
     if (code)
-	return code;
+        return code;
 
     code = verify_s4u_x509_user_checksum(context,
-					 tgs_subkey ? tgs_subkey :
-					    tgs_session,
-					 &req_data,
-					 request->nonce, *s4u_x509_user);
+                                         tgs_subkey ? tgs_subkey :
+                                         tgs_session,
+                                         &req_data,
+                                         request->nonce, *s4u_x509_user);
 
     if (code) {
-	*status = "INVALID_S4U2SELF_CHECKSUM";
-	krb5_free_pa_s4u_x509_user(context, *s4u_x509_user);
-	*s4u_x509_user = NULL;
-	return code;
+        *status = "INVALID_S4U2SELF_CHECKSUM";
+        krb5_free_pa_s4u_x509_user(context, *s4u_x509_user);
+        *s4u_x509_user = NULL;
+        return code;
     }
 
     if (krb5_princ_size(context, (*s4u_x509_user)->user_id.user) == 0 ||
-	(*s4u_x509_user)->user_id.subject_cert.length != 0) {
-	*status = "INVALID_S4U2SELF_REQUEST";
-	krb5_free_pa_s4u_x509_user(context, *s4u_x509_user);
-	*s4u_x509_user = NULL;
-	return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+        (*s4u_x509_user)->user_id.subject_cert.length != 0) {
+        *status = "INVALID_S4U2SELF_REQUEST";
+        krb5_free_pa_s4u_x509_user(context, *s4u_x509_user);
+        *s4u_x509_user = NULL;
+        return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
     }
 
     return 0;
@@ -2001,25 +2002,25 @@ kdc_process_s4u_x509_user(krb5_context context,
 
 krb5_error_code
 kdc_make_s4u2self_rep(krb5_context context,
-		      krb5_keyblock *tgs_subkey,
-		      krb5_keyblock *tgs_session,
-		      krb5_pa_s4u_x509_user *req_s4u_user,
-		      krb5_kdc_rep *reply,
-		      krb5_enc_kdc_rep_part *reply_encpart)
+                      krb5_keyblock *tgs_subkey,
+                      krb5_keyblock *tgs_session,
+                      krb5_pa_s4u_x509_user *req_s4u_user,
+                      krb5_kdc_rep *reply,
+                      krb5_enc_kdc_rep_part *reply_encpart)
 {
-    krb5_error_code		code;
-    krb5_data			*data = NULL;
-    krb5_pa_s4u_x509_user	rep_s4u_user;
-    krb5_pa_data		padata;
-    krb5_enctype		enctype;
-    krb5_keyusage		usage;
+    krb5_error_code             code;
+    krb5_data                   *data = NULL;
+    krb5_pa_s4u_x509_user       rep_s4u_user;
+    krb5_pa_data                padata;
+    krb5_enctype                enctype;
+    krb5_keyusage               usage;
 
     memset(&rep_s4u_user, 0, sizeof(rep_s4u_user));
 
     rep_s4u_user.user_id.nonce   = req_s4u_user->user_id.nonce;
     rep_s4u_user.user_id.user    = req_s4u_user->user_id.user;
     rep_s4u_user.user_id.options =
-	req_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE;
+        req_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE;
 
     code = encode_krb5_s4u_userid(&rep_s4u_user.user_id, &data);
     if (code != 0)
@@ -2031,7 +2032,7 @@ kdc_make_s4u2self_rep(krb5_context context,
         usage = KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST;
 
     code = krb5_c_make_checksum(context, req_s4u_user->cksum.checksum_type,
-				tgs_subkey != NULL ? tgs_subkey : tgs_session,
+                                tgs_subkey != NULL ? tgs_subkey : tgs_session,
                                 usage, data,
                                 &rep_s4u_user.cksum);
     if (code != 0)
@@ -2051,15 +2052,15 @@ kdc_make_s4u2self_rep(krb5_context context,
 
     code = add_pa_data_element(context, &padata, &reply->padata, FALSE);
     if (code != 0)
-	goto cleanup;
+        goto cleanup;
 
     free(data);
     data = NULL;
 
     if (tgs_subkey != NULL)
-	enctype = tgs_subkey->enctype;
+        enctype = tgs_subkey->enctype;
     else
-	enctype = tgs_session->enctype;
+        enctype = tgs_session->enctype;
 
     /*
      * Owing to a bug in Windows, unkeyed checksums were used for older
@@ -2067,26 +2068,26 @@ kdc_make_s4u2self_rep(krb5_context context,
      * includes the checksum bytes in the encrypted padata.
      */
     if ((req_s4u_user->user_id.options & KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE) &&
-	enctype_requires_etype_info_2(enctype) == FALSE) {
-	padata.length = req_s4u_user->cksum.length +
-		        rep_s4u_user.cksum.length;
-	padata.contents = malloc(padata.length);
-	if (padata.contents == NULL) {
-	    code = ENOMEM;
-	    goto cleanup;
-	}
-
-	memcpy(padata.contents,
-	       req_s4u_user->cksum.contents,
-	       req_s4u_user->cksum.length);
-	memcpy(&padata.contents[req_s4u_user->cksum.length],
-	       rep_s4u_user.cksum.contents,
-	       rep_s4u_user.cksum.length);
-
-	code = add_pa_data_element(context,&padata,
-				   &reply_encpart->enc_padata, FALSE);
-	if (code != 0)
-	    goto cleanup;
+        enctype_requires_etype_info_2(enctype) == FALSE) {
+        padata.length = req_s4u_user->cksum.length +
+            rep_s4u_user.cksum.length;
+        padata.contents = malloc(padata.length);
+        if (padata.contents == NULL) {
+            code = ENOMEM;
+            goto cleanup;
+        }
+
+        memcpy(padata.contents,
+               req_s4u_user->cksum.contents,
+               req_s4u_user->cksum.length);
+        memcpy(&padata.contents[req_s4u_user->cksum.length],
+               rep_s4u_user.cksum.contents,
+               rep_s4u_user.cksum.length);
+
+        code = add_pa_data_element(context,&padata,
+                                   &reply_encpart->enc_padata, FALSE);
+        if (code != 0)
+            goto cleanup;
     }
 
 cleanup:
@@ -2102,48 +2103,48 @@ cleanup:
  */
 krb5_error_code
 kdc_process_s4u2self_req(krb5_context context,
-			 krb5_kdc_req *request,
-			 krb5_const_principal client_princ,
-			 const krb5_db_entry *server,
-			 krb5_keyblock *tgs_subkey,
-			 krb5_keyblock *tgs_session,
-			 krb5_timestamp kdc_time,
-			 krb5_pa_s4u_x509_user **s4u_x509_user,
-			 krb5_db_entry *princ,
-			 int *nprincs,
-			 const char **status)
+                         krb5_kdc_req *request,
+                         krb5_const_principal client_princ,
+                         const krb5_db_entry *server,
+                         krb5_keyblock *tgs_subkey,
+                         krb5_keyblock *tgs_session,
+                         krb5_timestamp kdc_time,
+                         krb5_pa_s4u_x509_user **s4u_x509_user,
+                         krb5_db_entry *princ,
+                         int *nprincs,
+                         const char **status)
 {
-    krb5_error_code		code;
-    krb5_pa_data		*pa_data;
-    krb5_boolean		more;
-    int				flags;
+    krb5_error_code             code;
+    krb5_pa_data                *pa_data;
+    krb5_boolean                more;
+    int                         flags;
 
     *nprincs = 0;
     memset(princ, 0, sizeof(*princ));
 
     pa_data = find_pa_data(request->padata, KRB5_PADATA_S4U_X509_USER);
     if (pa_data != NULL) {
-	code = kdc_process_s4u_x509_user(context,
-					 request,
-					 pa_data,
-					 tgs_subkey,
-					 tgs_session,
-					 s4u_x509_user,
-					 status);
-	if (code != 0)
-	    return code;
+        code = kdc_process_s4u_x509_user(context,
+                                         request,
+                                         pa_data,
+                                         tgs_subkey,
+                                         tgs_session,
+                                         s4u_x509_user,
+                                         status);
+        if (code != 0)
+            return code;
     } else {
-	pa_data = find_pa_data(request->padata, KRB5_PADATA_FOR_USER);
-	if (pa_data != NULL) {
-	    code = kdc_process_for_user(context,
-					pa_data,
-					tgs_session,
-					s4u_x509_user,
-					status);
-	    if (code != 0)
-		return code;
-	} else
-	    return 0;
+        pa_data = find_pa_data(request->padata, KRB5_PADATA_FOR_USER);
+        if (pa_data != NULL) {
+            code = kdc_process_for_user(context,
+                                        pa_data,
+                                        tgs_session,
+                                        s4u_x509_user,
+                                        status);
+            if (code != 0)
+                return code;
+        } else
+            return 0;
     }
 
     /*
@@ -2174,23 +2175,23 @@ kdc_process_s4u2self_req(krb5_context context,
      */
     flags = 0;
     switch (krb5_princ_type(context, request->server)) {
-    case KRB5_NT_SRV_HST:		    /* (1) */
-	if (krb5_princ_size(context, request->server) == 2)
-	    flags |= KRB5_PRINCIPAL_COMPARE_IGNORE_REALM;
-	break;
-    case KRB5_NT_ENTERPRISE_PRINCIPAL:	    /* (2) */
-	flags |= KRB5_PRINCIPAL_COMPARE_ENTERPRISE;
-	break;
-    default:				    /* (3) */
-	break;
+    case KRB5_NT_SRV_HST:                   /* (1) */
+        if (krb5_princ_size(context, request->server) == 2)
+            flags |= KRB5_PRINCIPAL_COMPARE_IGNORE_REALM;
+        break;
+    case KRB5_NT_ENTERPRISE_PRINCIPAL:      /* (2) */
+        flags |= KRB5_PRINCIPAL_COMPARE_ENTERPRISE;
+        break;
+    default:                                /* (3) */
+        break;
     }
 
     if (!krb5_principal_compare_flags(context,
-				      request->server,
-				      client_princ,
-				      flags)) {
-	*status = "INVALID_S4U2SELF_REQUEST";
-	return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; /* match Windows error code */
+                                      request->server,
+                                      client_princ,
+                                      flags)) {
+        *status = "INVALID_S4U2SELF_REQUEST";
+        return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; /* match Windows error code */
     }
 
     /*
@@ -2202,45 +2203,45 @@ kdc_process_s4u2self_req(krb5_context context,
      * that is validated previously in validate_tgs_request().
      */
     if (request->kdc_options & AS_INVALID_OPTIONS) {
-	*status = "INVALID AS OPTIONS";
-	return KRB5KDC_ERR_BADOPTION;
+        *status = "INVALID AS OPTIONS";
+        return KRB5KDC_ERR_BADOPTION;
     }
 
     /*
      * Do not attempt to lookup principals in foreign realms.
      */
     if (is_local_principal((*s4u_x509_user)->user_id.user)) {
-	krb5_db_entry no_server;
-	krb5_data e_data;
-
-	e_data.data = NULL;
-	*nprincs = 1;
-	code = krb5_db_get_principal_ext(context,
-					 (*s4u_x509_user)->user_id.user,
-					 KRB5_KDB_FLAG_INCLUDE_PAC,
-					 princ, nprincs, &more);
-	if (code) {
-	    *status = "LOOKING_UP_S4U2SELF_PRINCIPAL";
-	    *nprincs = 0;
-	    return code; /* caller can free for_user */
-	}
-
-	if (more) {
-	    *status = "NON_UNIQUE_S4U2SELF_PRINCIPAL";
-	    return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
-	} else if (*nprincs != 1) {
-	    *status = "UNKNOWN_S4U2SELF_PRINCIPAL";
-	    return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-	}
-
-	memset(&no_server, 0, sizeof(no_server));
-
-	code = validate_as_request(request, *princ,
-				   no_server, kdc_time, status, &e_data);
-	if (code) {
-	    krb5_free_data_contents(context, &e_data);
-	    return code;
-	}
+        krb5_db_entry no_server;
+        krb5_data e_data;
+
+        e_data.data = NULL;
+        *nprincs = 1;
+        code = krb5_db_get_principal_ext(context,
+                                         (*s4u_x509_user)->user_id.user,
+                                         KRB5_KDB_FLAG_INCLUDE_PAC,
+                                         princ, nprincs, &more);
+        if (code) {
+            *status = "LOOKING_UP_S4U2SELF_PRINCIPAL";
+            *nprincs = 0;
+            return code; /* caller can free for_user */
+        }
+
+        if (more) {
+            *status = "NON_UNIQUE_S4U2SELF_PRINCIPAL";
+            return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
+        } else if (*nprincs != 1) {
+            *status = "UNKNOWN_S4U2SELF_PRINCIPAL";
+            return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+        }
+
+        memset(&no_server, 0, sizeof(no_server));
+
+        code = validate_as_request(request, *princ,
+                                   no_server, kdc_time, status, &e_data);
+        if (code) {
+            krb5_free_data_contents(context, &e_data);
+            return code;
+        }
     }
 
     return 0;
@@ -2248,23 +2249,23 @@ kdc_process_s4u2self_req(krb5_context context,
 
 static krb5_error_code
 check_allowed_to_delegate_to(krb5_context context,
-			     krb5_const_principal client,
-			     const krb5_db_entry *server,
-			     krb5_const_principal proxy)
+                             krb5_const_principal client,
+                             const krb5_db_entry *server,
+                             krb5_const_principal proxy)
 {
     kdb_check_allowed_to_delegate_req   req;
-    krb5_data			req_data;
-    krb5_data			rep_data;
-    krb5_error_code		code;
+    krb5_data                   req_data;
+    krb5_data                   rep_data;
+    krb5_error_code             code;
 
     /* Can't get a TGT (otherwise it would be unconstrained delegation) */
     if (krb5_is_tgs_principal(proxy)) {
-	return KRB5KDC_ERR_POLICY;
+        return KRB5KDC_ERR_POLICY;
     }
 
     /* Must be in same realm */
     if (!krb5_realm_compare(context, server->princ, proxy)) {
-	return KRB5KDC_ERR_POLICY;
+        return KRB5KDC_ERR_POLICY;
     }
 
     req.server = server;
@@ -2278,11 +2279,11 @@ check_allowed_to_delegate_to(krb5_context context,
     rep_data.length = 0;
 
     code = krb5_db_invoke(context,
-			  KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE,
-			  &req_data,
-			  &rep_data);
+                          KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE,
+                          &req_data,
+                          &rep_data);
     if (code == KRB5_KDB_DBTYPE_NOSUP) {
-	code = KRB5KDC_ERR_POLICY;
+        code = KRB5KDC_ERR_POLICY;
     }
 
     assert(rep_data.length == 0);
@@ -2292,12 +2293,12 @@ check_allowed_to_delegate_to(krb5_context context,
 
 krb5_error_code
 kdc_process_s4u2proxy_req(krb5_context context,
-			  krb5_kdc_req *request,
-			  const krb5_enc_tkt_part *t2enc,
-			  const krb5_db_entry *server,
-			  krb5_const_principal server_princ,
-			  krb5_const_principal proxy_princ,
-			  const char **status)
+                          krb5_kdc_req *request,
+                          const krb5_enc_tkt_part *t2enc,
+                          const krb5_db_entry *server,
+                          krb5_const_principal server_princ,
+                          krb5_const_principal proxy_princ,
+                          const char **status)
 {
     krb5_error_code errcode;
 
@@ -2307,29 +2308,29 @@ kdc_process_s4u2proxy_req(krb5_context context,
      * that is validated previously in validate_tgs_request().
      */
     if (request->kdc_options & (NO_TGT_OPTION | KDC_OPT_ENC_TKT_IN_SKEY)) {
-	return KRB5KDC_ERR_BADOPTION;
+        return KRB5KDC_ERR_BADOPTION;
     }
 
     /* Ensure that evidence ticket server matches TGT client */
     if (!krb5_principal_compare(kdc_context,
-				server->princ, /* after canon */
-				server_princ)) {
-	return KRB5KDC_ERR_SERVER_NOMATCH;
+                                server->princ, /* after canon */
+                                server_princ)) {
+        return KRB5KDC_ERR_SERVER_NOMATCH;
     }
 
     if (!isflagset(t2enc->flags, TKT_FLG_FORWARDABLE)) {
-	*status = "EVIDENCE_TKT_NOT_FORWARDABLE";
-	return KRB5_TKT_NOT_FORWARDABLE;
+        *status = "EVIDENCE_TKT_NOT_FORWARDABLE";
+        return KRB5_TKT_NOT_FORWARDABLE;
     }
 
     /* Backend policy check */
     errcode = check_allowed_to_delegate_to(kdc_context,
-					   t2enc->client,
-					   server,
-					   proxy_princ);
+                                           t2enc->client,
+                                           server,
+                                           proxy_princ);
     if (errcode) {
-	*status = "NOT_ALLOWED_TO_DELEGATE";
-	return errcode;
+        *status = "NOT_ALLOWED_TO_DELEGATE";
+        return errcode;
     }
 
     return 0;
@@ -2337,25 +2338,25 @@ kdc_process_s4u2proxy_req(krb5_context context,
 
 krb5_error_code
 kdc_check_transited_list(krb5_context context,
-			 const krb5_data *trans,
-			 const krb5_data *realm1,
-			 const krb5_data *realm2)
+                         const krb5_data *trans,
+                         const krb5_data *realm1,
+                         const krb5_data *realm2)
 {
-    krb5_error_code		code;
-    kdb_check_transited_realms_req	req;
-    krb5_data			req_data;
-    krb5_data			rep_data;
+    krb5_error_code             code;
+    kdb_check_transited_realms_req      req;
+    krb5_data                   req_data;
+    krb5_data                   rep_data;
 
     /* First check using krb5.conf */
     code = krb5_check_transited_list(kdc_context, trans, realm1, realm2);
     if (code)
-	return code;
+        return code;
 
     memset(&req, 0, sizeof(req));
 
-    req.tr_contents		= trans;
-    req.client_realm		= realm1;
-    req.server_realm		= realm2;
+    req.tr_contents             = trans;
+    req.client_realm            = realm1;
+    req.server_realm            = realm2;
 
     req_data.data = (void *)&req;
     req_data.length = sizeof(req);
@@ -2364,11 +2365,11 @@ kdc_check_transited_list(krb5_context context,
     rep_data.length = 0;
 
     code = krb5_db_invoke(context,
-			  KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS,
-			  &req_data,
-			  &rep_data);
+                          KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS,
+                          &req_data,
+                          &rep_data);
     if (code == KRB5_KDB_DBTYPE_NOSUP) {
-	code = 0;
+        code = 0;
     }
 
     assert(rep_data.length == 0);
@@ -2378,20 +2379,20 @@ kdc_check_transited_list(krb5_context context,
 
 krb5_error_code
 validate_transit_path(krb5_context context,
-		      krb5_const_principal client,
-		      krb5_db_entry *server,
-		      krb5_db_entry *krbtgt)
+                      krb5_const_principal client,
+                      krb5_db_entry *server,
+                      krb5_db_entry *krbtgt)
 {
     /* Incoming */
     if (isflagset(server->attributes, KRB5_KDB_XREALM_NON_TRANSITIVE)) {
-	return KRB5KDC_ERR_PATH_NOT_ACCEPTED;
+        return KRB5KDC_ERR_PATH_NOT_ACCEPTED;
     }
 
     /* Outgoing */
     if (isflagset(krbtgt->attributes, KRB5_KDB_XREALM_NON_TRANSITIVE) &&
-	(!krb5_principal_compare(context, server->princ, krbtgt->princ) ||
-	 !krb5_realm_compare(context, client, krbtgt->princ))) {
-	return KRB5KDC_ERR_PATH_NOT_ACCEPTED;
+        (!krb5_principal_compare(context, server->princ, krbtgt->princ) ||
+         !krb5_realm_compare(context, client, krbtgt->princ))) {
+        return KRB5KDC_ERR_PATH_NOT_ACCEPTED;
     }
 
     return 0;
@@ -2410,11 +2411,11 @@ validate_transit_path(krb5_context context,
 /* Currently no info about name canonicalization is logged.  */
 void
 log_as_req(const krb5_fulladdr *from,
-	   krb5_kdc_req *request, krb5_kdc_rep *reply,
-	   krb5_db_entry *client, const char *cname,
-	   krb5_db_entry *server, const char *sname,
-	   krb5_timestamp authtime,
-	   const char *status, krb5_error_code errcode, const char *emsg)
+           krb5_kdc_req *request, krb5_kdc_rep *reply,
+           krb5_db_entry *client, const char *cname,
+           krb5_db_entry *server, const char *sname,
+           krb5_timestamp authtime,
+           const char *status, krb5_error_code errcode, const char *emsg)
 {
     const char *fromstring = 0;
     char fromstringbuf[70];
@@ -2423,26 +2424,26 @@ log_as_req(const krb5_fulladdr *from,
     const char *sname2 = sname ? sname : "<unknown server>";
 
     fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype),
-			   from->address->contents,
-			   fromstringbuf, sizeof(fromstringbuf));
+                           from->address->contents,
+                           fromstringbuf, sizeof(fromstringbuf));
     if (!fromstring)
-	fromstring = "<unknown>";
+        fromstring = "<unknown>";
     ktypes2str(ktypestr, sizeof(ktypestr),
-	       request->nktypes, request->ktype);
+               request->nktypes, request->ktype);
 
     if (status == NULL) {
-	/* success */
-	char rep_etypestr[128];
-	rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
-	krb5_klog_syslog(LOG_INFO,
-			 "AS_REQ (%s) %s: ISSUE: authtime %d, %s, %s for %s",
-			 ktypestr, fromstring, authtime,
-			 rep_etypestr, cname2, sname2);
+        /* success */
+        char rep_etypestr[128];
+        rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
+        krb5_klog_syslog(LOG_INFO,
+                         "AS_REQ (%s) %s: ISSUE: authtime %d, %s, %s for %s",
+                         ktypestr, fromstring, authtime,
+                         rep_etypestr, cname2, sname2);
     } else {
-	/* fail */
+        /* fail */
         krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s",
-			 ktypestr, fromstring, status, 
-			 cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
+                         ktypestr, fromstring, status,
+                         cname2, sname2, emsg ? ", " : "", emsg ? emsg : "");
     }
 #if 0
     /* Sun (OpenSolaris) version would probably something like this.
@@ -2450,33 +2451,33 @@ log_as_req(const krb5_fulladdr *from,
        logging routines used above.  Note that a struct in_addr is
        used, but the real address could be an IPv6 address.  */
     audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0,
-			 cname, sname, errcode);
+                         cname, sname, errcode);
 #endif
 #if 1
     {
-	kdb_audit_as_req	req;
-	krb5_data		req_data;
-	krb5_data		rep_data;
+        kdb_audit_as_req        req;
+        krb5_data               req_data;
+        krb5_data               rep_data;
 
-	memset(&req, 0, sizeof(req));
+        memset(&req, 0, sizeof(req));
 
-	req.request		= request;
-	req.client		= client;
-	req.server		= server;
-	req.authtime		= authtime;
-	req.error_code		= errcode;
+        req.request             = request;
+        req.client              = client;
+        req.server              = server;
+        req.authtime            = authtime;
+        req.error_code          = errcode;
 
-	req_data.data = (void *)&req;
-	req_data.length = sizeof(req);
+        req_data.data = (void *)&req;
+        req_data.length = sizeof(req);
 
-	rep_data.data = NULL;
-	rep_data.length = 0;
+        rep_data.data = NULL;
+        rep_data.length = 0;
 
-	(void) krb5_db_invoke(kdc_context,
-			      KRB5_KDB_METHOD_AUDIT_AS,
-			      &req_data,
-			      &rep_data);
-	assert(rep_data.length == 0);
+        (void) krb5_db_invoke(kdc_context,
+                              KRB5_KDB_METHOD_AUDIT_AS,
+                              &req_data,
+                              &rep_data);
+        assert(rep_data.length == 0);
     }
 #endif
 }
@@ -2487,11 +2488,11 @@ log_as_req(const krb5_fulladdr *from,
    Currently no info about name canonicalization is logged.  */
 void
 log_tgs_req(const krb5_fulladdr *from,
-	    krb5_kdc_req *request, krb5_kdc_rep *reply,
-	    const char *cname, const char *sname, const char *altcname,
-	    krb5_timestamp authtime,
-	    unsigned int c_flags, const char *s4u_name,
-	    const char *status, krb5_error_code errcode, const char *emsg)
+            krb5_kdc_req *request, krb5_kdc_rep *reply,
+            const char *cname, const char *sname, const char *altcname,
+            krb5_timestamp authtime,
+            unsigned int c_flags, const char *s4u_name,
+            const char *status, krb5_error_code errcode, const char *emsg)
 {
     char ktypestr[128];
     const char *fromstring = 0;
@@ -2499,49 +2500,49 @@ log_tgs_req(const krb5_fulladdr *from,
     char rep_etypestr[128];
 
     fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype),
-			   from->address->contents,
-			   fromstringbuf, sizeof(fromstringbuf));
+                           from->address->contents,
+                           fromstringbuf, sizeof(fromstringbuf));
     if (!fromstring)
-	fromstring = "<unknown>";
+        fromstring = "<unknown>";
     ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype);
     if (!errcode)
-	rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
+        rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply);
     else
-	rep_etypestr[0] = 0;
+        rep_etypestr[0] = 0;
 
     /* Differences: server-nomatch message logs 2nd ticket's client
        name (useful), and doesn't log ktypestr (probably not
        important).  */
     if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) {
-	krb5_klog_syslog(LOG_INFO,
-			 "TGS_REQ (%s) %s: %s: authtime %d, %s%s %s for %s%s%s",
-			 ktypestr,
-			 fromstring, status, authtime,
-			 rep_etypestr,
-			 !errcode ? "," : "",
-			 cname ? cname : "<unknown client>",
-			 sname ? sname : "<unknown server>",
-			 errcode ? ", " : "",
-			 errcode ? emsg : "");
-	if (s4u_name) {
-	    assert(isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) ||
-		   isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION));
-	    if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
-		krb5_klog_syslog(LOG_INFO,
-				 "... PROTOCOL-TRANSITION s4u-client=%s",
-				 s4u_name);
-	    else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
-		krb5_klog_syslog(LOG_INFO,
-				 "... CONSTRAINED-DELEGATION s4u-client=%s",
-				 s4u_name);
-	}
+        krb5_klog_syslog(LOG_INFO,
+                         "TGS_REQ (%s) %s: %s: authtime %d, %s%s %s for %s%s%s",
+                         ktypestr,
+                         fromstring, status, authtime,
+                         rep_etypestr,
+                         !errcode ? "," : "",
+                         cname ? cname : "<unknown client>",
+                         sname ? sname : "<unknown server>",
+                         errcode ? ", " : "",
+                         errcode ? emsg : "");
+        if (s4u_name) {
+            assert(isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) ||
+                   isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION));
+            if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION))
+                krb5_klog_syslog(LOG_INFO,
+                                 "... PROTOCOL-TRANSITION s4u-client=%s",
+                                 s4u_name);
+            else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION))
+                krb5_klog_syslog(LOG_INFO,
+                                 "... CONSTRAINED-DELEGATION s4u-client=%s",
+                                 s4u_name);
+        }
     } else
-	krb5_klog_syslog(LOG_INFO,
-			 "TGS_REQ %s: %s: authtime %d, %s for %s, 2nd tkt client %s",
-			 fromstring, status, authtime,
-			 cname ? cname : "<unknown client>",
-			 sname ? sname : "<unknown server>",
-			 altcname ? altcname : "<unknown>");
+        krb5_klog_syslog(LOG_INFO,
+                         "TGS_REQ %s: %s: authtime %d, %s for %s, 2nd tkt client %s",
+                         fromstring, status, authtime,
+                         cname ? cname : "<unknown client>",
+                         sname ? sname : "<unknown server>",
+                         altcname ? altcname : "<unknown>");
 
     /* OpenSolaris: audit_krb5kdc_tgs_req(...)  or
        audit_krb5kdc_tgs_req_2ndtktmm(...) */
@@ -2553,12 +2554,12 @@ log_tgs_alt_tgt(krb5_principal p)
 {
     char *sname;
     if (krb5_unparse_name(kdc_context, p, &sname)) {
-	krb5_klog_syslog(LOG_INFO,
-			 "TGS_REQ: issuing alternate <un-unparseable> TGT");
+        krb5_klog_syslog(LOG_INFO,
+                         "TGS_REQ: issuing alternate <un-unparseable> TGT");
     } else {
-	limit_string(sname);
-	krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing TGT %s", sname);
-	free(sname);
+        limit_string(sname);
+        krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing TGT %s", sname);
+        free(sname);
     }
     /* OpenSolaris: audit_krb5kdc_tgs_req_alt_tgt(...) */
 }
@@ -2574,50 +2575,50 @@ enctype_requires_etype_info_2(krb5_enctype enctype)
     case ENCTYPE_DES3_CBC_RAW:
     case ENCTYPE_ARCFOUR_HMAC:
     case ENCTYPE_ARCFOUR_HMAC_EXP :
-	return 0;
+        return 0;
     default:
-	return krb5_c_valid_enctype(enctype);
+        return krb5_c_valid_enctype(enctype);
     }
 }
 
 /* XXX where are the generic helper routines for this? */
 krb5_error_code
 add_pa_data_element(krb5_context context,
-		    krb5_pa_data *padata,
-		    krb5_pa_data ***inout_padata,
-		    krb5_boolean copy)
+                    krb5_pa_data *padata,
+                    krb5_pa_data ***inout_padata,
+                    krb5_boolean copy)
 {
-    int				i;
-    krb5_pa_data		**p;
+    int                         i;
+    krb5_pa_data                **p;
 
     if (*inout_padata != NULL) {
-	for (i = 0; (*inout_padata)[i] != NULL; i++)
-	    ;
+        for (i = 0; (*inout_padata)[i] != NULL; i++)
+            ;
     } else
-	i = 0;
+        i = 0;
 
     p = realloc(*inout_padata, (i + 2) * sizeof(krb5_pa_data *));
     if (p == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     *inout_padata = p;
 
     p[i] = (krb5_pa_data *)malloc(sizeof(krb5_pa_data));
     if (p[i] == NULL)
-	return ENOMEM;
+        return ENOMEM;
     *(p[i]) = *padata;
 
     p[i + 1] = NULL;
 
     if (copy) {
-	p[i]->contents = (krb5_octet *)malloc(padata->length);
-	if (p[i]->contents == NULL) {
-	    free(p[i]);
-	    p[i] = NULL;
-	    return ENOMEM;
-	}
+        p[i]->contents = (krb5_octet *)malloc(padata->length);
+        if (p[i]->contents == NULL) {
+            free(p[i]);
+            p[i] = NULL;
+            return ENOMEM;
+        }
 
-	memcpy(p[i]->contents, padata->contents, padata->length);
+        memcpy(p[i]->contents, padata->contents, padata->length);
     }
 
     return 0;
@@ -2625,29 +2626,28 @@ add_pa_data_element(krb5_context context,
 
 void
 kdc_get_ticket_endtime(krb5_context context,
-		       krb5_timestamp starttime,
-		       krb5_timestamp endtime,
-		       krb5_timestamp till,
-		       krb5_db_entry *client,
-		       krb5_db_entry *server,
-		       krb5_timestamp *out_endtime)
+                       krb5_timestamp starttime,
+                       krb5_timestamp endtime,
+                       krb5_timestamp till,
+                       krb5_db_entry *client,
+                       krb5_db_entry *server,
+                       krb5_timestamp *out_endtime)
 {
     krb5_timestamp until, life;
 
     if (till == 0)
-	till = kdc_infinity;
+        till = kdc_infinity;
 
     until = min(till, endtime);
 
     life = until - starttime;
 
     if (client->max_life != 0)
-	life = min(life, client->max_life);
+        life = min(life, client->max_life);
     if (server->max_life != 0)
-	life = min(life, server->max_life);
+        life = min(life, server->max_life);
     if (max_life_for_realm != 0)
-	life = min(life, max_life_for_realm);
+        life = min(life, max_life_for_realm);
 
     *out_endtime = starttime + life;
 }
-
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index 84319f7b8..1950ec090 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/kdc_util.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Declarations for policy.c
  */
@@ -34,8 +35,8 @@
 #include "kdb_ext.h"
 
 typedef struct _krb5_fulladdr {
-    krb5_address *	address;
-    krb5_ui_4		port;
+    krb5_address *      address;
+    krb5_ui_4           port;
 } krb5_fulladdr;
 
 krb5_error_code check_hot_list (krb5_ticket *);
@@ -43,71 +44,71 @@ krb5_boolean realm_compare (krb5_const_principal, krb5_const_principal);
 krb5_boolean is_local_principal(krb5_const_principal princ1);
 krb5_boolean krb5_is_tgs_principal (krb5_const_principal);
 krb5_error_code add_to_transited (krb5_data *,
-					    krb5_data *,
-					    krb5_principal,
-					    krb5_principal,
-					    krb5_principal);
+                                  krb5_data *,
+                                  krb5_principal,
+                                  krb5_principal,
+                                  krb5_principal);
 krb5_error_code compress_transited (krb5_data *,
-					      krb5_principal,
-					      krb5_data *);
+                                    krb5_principal,
+                                    krb5_data *);
 krb5_error_code concat_authorization_data (krb5_authdata **,
-						     krb5_authdata **,
-						     krb5_authdata ***);
+                                           krb5_authdata **,
+                                           krb5_authdata ***);
 krb5_error_code fetch_last_req_info (krb5_db_entry *,
-					       krb5_last_req_entry ***);
+                                     krb5_last_req_entry ***);
 
 krb5_error_code kdc_convert_key (krb5_keyblock *,
-					   krb5_keyblock *,
-					   int);
-krb5_error_code kdc_process_tgs_req 
-	(krb5_kdc_req *,
-	           const krb5_fulladdr *,
-	           krb5_data *,
-	           krb5_ticket **,
-		   krb5_db_entry *krbtgt,
-		   int *nprincs,
-	           krb5_keyblock **, krb5_keyblock **,
-		   krb5_pa_data **pa_tgs_req);
+                                 krb5_keyblock *,
+                                 int);
+krb5_error_code kdc_process_tgs_req
+(krb5_kdc_req *,
+ const krb5_fulladdr *,
+ krb5_data *,
+ krb5_ticket **,
+ krb5_db_entry *krbtgt,
+ int *nprincs,
+ krb5_keyblock **, krb5_keyblock **,
+ krb5_pa_data **pa_tgs_req);
 
 krb5_error_code kdc_get_server_key (krb5_ticket *, unsigned int,
-				    krb5_boolean match_enctype,
-				    krb5_db_entry *, int *,
-				    krb5_keyblock **, krb5_kvno *);
+                                    krb5_boolean match_enctype,
+                                    krb5_db_entry *, int *,
+                                    krb5_keyblock **, krb5_kvno *);
 
-int validate_as_request (krb5_kdc_req *, krb5_db_entry, 
-					  krb5_db_entry, krb5_timestamp,
-					  const char **, krb5_data *);
+int validate_as_request (krb5_kdc_req *, krb5_db_entry,
+                         krb5_db_entry, krb5_timestamp,
+                         const char **, krb5_data *);
 
-int validate_forwardable(krb5_kdc_req *, krb5_db_entry, 
-			 krb5_db_entry, krb5_timestamp,
-			 const char **);
+int validate_forwardable(krb5_kdc_req *, krb5_db_entry,
+                         krb5_db_entry, krb5_timestamp,
+                         const char **);
 
-int validate_tgs_request (krb5_kdc_req *, krb5_db_entry, 
-					  krb5_ticket *, krb5_timestamp,
-					  const char **, krb5_data *);
+int validate_tgs_request (krb5_kdc_req *, krb5_db_entry,
+                          krb5_ticket *, krb5_timestamp,
+                          const char **, krb5_data *);
 
 int fetch_asn1_field (unsigned char *, unsigned int, unsigned int,
-				 krb5_data *);
+                      krb5_data *);
 
 int
 dbentry_has_key_for_enctype (krb5_context context,
-				       krb5_db_entry *client,
-				       krb5_enctype enctype);
-    
+                             krb5_db_entry *client,
+                             krb5_enctype enctype);
+
 int
 dbentry_supports_enctype (krb5_context context,
-				    krb5_db_entry *client,
-				    krb5_enctype enctype);
+                          krb5_db_entry *client,
+                          krb5_enctype enctype);
 
 krb5_enctype
 select_session_keytype (krb5_context context,
-				  krb5_db_entry *server,
-				  int nktypes,
-				  krb5_enctype *ktypes);
+                        krb5_db_entry *server,
+                        int nktypes,
+                        krb5_enctype *ktypes);
 
 krb5_error_code
 get_salt_from_key (krb5_context, krb5_principal,
-			     krb5_key_data *, krb5_data *);
+                   krb5_key_data *, krb5_data *);
 
 void limit_string (char *name);
 
@@ -119,17 +120,17 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
 
 /* do_as_req.c */
 krb5_error_code process_as_req (krb5_kdc_req *, krb5_data *,
-					  const krb5_fulladdr *,
-					  krb5_data ** );
+                                const krb5_fulladdr *,
+                                krb5_data ** );
 
 /* do_tgs_req.c */
 krb5_error_code process_tgs_req (krb5_data *,
-					   const krb5_fulladdr *,
-					   krb5_data ** );
+                                 const krb5_fulladdr *,
+                                 krb5_data ** );
 /* dispatch.c */
 krb5_error_code dispatch (krb5_data *,
-				    const krb5_fulladdr *,
-				    krb5_data **);
+                          const krb5_fulladdr *,
+                          krb5_data **);
 
 /* main.c */
 krb5_error_code kdc_initialize_rcache (krb5_context, char *);
@@ -144,48 +145,48 @@ krb5_error_code closedown_network (void);
 
 /* policy.c */
 int against_local_policy_as (krb5_kdc_req *, krb5_db_entry,
-					krb5_db_entry, krb5_timestamp,
-					const char **, krb5_data *);
+                             krb5_db_entry, krb5_timestamp,
+                             const char **, krb5_data *);
 
 int against_local_policy_tgs (krb5_kdc_req *, krb5_db_entry,
-					krb5_ticket *, const char **,
-					krb5_data *);
+                              krb5_ticket *, const char **,
+                              krb5_data *);
 
 /* kdc_preauth.c */
 krb5_boolean enctype_requires_etype_info_2(krb5_enctype enctype);
 
 const char * missing_required_preauth
-    (krb5_db_entry *client, krb5_db_entry *server,
-	       krb5_enc_tkt_part *enc_tkt_reply);
+(krb5_db_entry *client, krb5_db_entry *server,
+ krb5_enc_tkt_part *enc_tkt_reply);
 void get_preauth_hint_list (krb5_kdc_req * request,
-				      krb5_db_entry *client,
-				      krb5_db_entry *server,
-				      krb5_data *e_data);
+                            krb5_db_entry *client,
+                            krb5_db_entry *server,
+                            krb5_data *e_data);
 krb5_error_code load_preauth_plugins(krb5_context context);
 krb5_error_code unload_preauth_plugins(krb5_context context);
 
 krb5_error_code check_padata
-    (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
-	       krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
-	       void **padata_context, krb5_data *e_data);
-    
+(krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
+ krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+ void **padata_context, krb5_data *e_data);
+
 krb5_error_code return_padata
-    (krb5_context context, krb5_db_entry *client,
-	       krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply,
-	       krb5_key_data *client_key, krb5_keyblock *encrypting_key,
-	       void **padata_context);
-    
+(krb5_context context, krb5_db_entry *client,
+ krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply,
+ krb5_key_data *client_key, krb5_keyblock *encrypting_key,
+ void **padata_context);
+
 krb5_error_code free_padata_context
-    (krb5_context context, void **padata_context);
+(krb5_context context, void **padata_context);
 
 krb5_pa_data *find_pa_data
-    (krb5_pa_data **padata, krb5_preauthtype pa_type);
+(krb5_pa_data **padata, krb5_preauthtype pa_type);
 
 krb5_error_code add_pa_data_element
-    (krb5_context context,
-		    krb5_pa_data *padata,
-		    krb5_pa_data ***out_padata,
-		    krb5_boolean copy);
+(krb5_context context,
+ krb5_pa_data *padata,
+ krb5_pa_data ***out_padata,
+ krb5_boolean copy);
 
 /* kdc_authdata.c */
 krb5_error_code load_authdata_plugins(krb5_context context);
@@ -193,18 +194,18 @@ krb5_error_code unload_authdata_plugins(krb5_context context);
 
 krb5_error_code
 handle_authdata (krb5_context context,
-		 unsigned int flags,
-		 krb5_db_entry *client,
-		 krb5_db_entry *server,
-		 krb5_db_entry *krbtgt,
-		 krb5_keyblock *client_key,
-		 krb5_keyblock *server_key,
-		 krb5_keyblock *krbtgt_key,
-		 krb5_data *req_pkt,
-		 krb5_kdc_req *request,
-		 krb5_const_principal for_user_princ,
-		 krb5_enc_tkt_part *enc_tkt_request,
-		 krb5_enc_tkt_part *enc_tkt_reply);
+                 unsigned int flags,
+                 krb5_db_entry *client,
+                 krb5_db_entry *server,
+                 krb5_db_entry *krbtgt,
+                 krb5_keyblock *client_key,
+                 krb5_keyblock *server_key,
+                 krb5_keyblock *krbtgt_key,
+                 krb5_data *req_pkt,
+                 krb5_kdc_req *request,
+                 krb5_const_principal for_user_princ,
+                 krb5_enc_tkt_part *enc_tkt_request,
+                 krb5_enc_tkt_part *enc_tkt_reply);
 
 /* replay.c */
 krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
@@ -214,122 +215,122 @@ void kdc_free_lookaside(krb5_context);
 /* kdc_util.c */
 krb5_error_code
 get_principal_locked (krb5_context kcontext,
-		      krb5_const_principal search_for,
-		      krb5_db_entry *entries, int *nentries,
-		      krb5_boolean *more);
+                      krb5_const_principal search_for,
+                      krb5_db_entry *entries, int *nentries,
+                      krb5_boolean *more);
 krb5_error_code
 get_principal (krb5_context kcontext,
-	       krb5_const_principal search_for,
-	       krb5_db_entry *entries, int *nentries, krb5_boolean *more);
+               krb5_const_principal search_for,
+               krb5_db_entry *entries, int *nentries, krb5_boolean *more);
 
 krb5_boolean
 include_pac_p(krb5_context context, krb5_kdc_req *request);
 
 krb5_error_code return_svr_referral_data
-   (krb5_context context,
-		krb5_db_entry *server,
-		krb5_enc_kdc_rep_part *reply_encpart);
+(krb5_context context,
+ krb5_db_entry *server,
+ krb5_enc_kdc_rep_part *reply_encpart);
 
 krb5_error_code sign_db_authdata
-    (krb5_context context,
-		unsigned int flags,
-		krb5_const_principal client_princ,
-		krb5_db_entry *client,
-		krb5_db_entry *server,
-		krb5_db_entry *krbtgt,
-		krb5_keyblock *client_key,
-		krb5_keyblock *server_key,
-		krb5_keyblock *krbtgt_key,
-		krb5_timestamp authtime,
-		krb5_authdata **tgs_authdata,
-		krb5_keyblock *session_key,
-		krb5_authdata ***ret_authdata);
+(krb5_context context,
+ unsigned int flags,
+ krb5_const_principal client_princ,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_db_entry *krbtgt,
+ krb5_keyblock *client_key,
+ krb5_keyblock *server_key,
+ krb5_keyblock *krbtgt_key,
+ krb5_timestamp authtime,
+ krb5_authdata **tgs_authdata,
+ krb5_keyblock *session_key,
+ krb5_authdata ***ret_authdata);
 
 krb5_error_code kdc_process_s4u2self_req
-	(krb5_context context,
-		krb5_kdc_req *request,
-		krb5_const_principal client_princ,
-		const krb5_db_entry *server,
-		krb5_keyblock *tgs_subkey,
-		krb5_keyblock *tgs_session,
-		krb5_timestamp kdc_time,
-		krb5_pa_s4u_x509_user **s4u2self_req,
-		krb5_db_entry *princ,
-		int *nprincs,
-		const char **status);
+(krb5_context context,
+ krb5_kdc_req *request,
+ krb5_const_principal client_princ,
+ const krb5_db_entry *server,
+ krb5_keyblock *tgs_subkey,
+ krb5_keyblock *tgs_session,
+ krb5_timestamp kdc_time,
+ krb5_pa_s4u_x509_user **s4u2self_req,
+ krb5_db_entry *princ,
+ int *nprincs,
+ const char **status);
 
 krb5_error_code kdc_make_s4u2self_rep
-	(krb5_context context,
-		krb5_keyblock *tgs_subkey,
-		krb5_keyblock *tgs_session,
-		krb5_pa_s4u_x509_user *req_s4u_user,
-		krb5_kdc_rep *reply,
-		krb5_enc_kdc_rep_part *reply_encpart);
+(krb5_context context,
+ krb5_keyblock *tgs_subkey,
+ krb5_keyblock *tgs_session,
+ krb5_pa_s4u_x509_user *req_s4u_user,
+ krb5_kdc_rep *reply,
+ krb5_enc_kdc_rep_part *reply_encpart);
 
 krb5_error_code kdc_process_s4u2proxy_req
-	(krb5_context context,
-		krb5_kdc_req *request,
-		const krb5_enc_tkt_part *t2enc,
-		const krb5_db_entry *server,
-		krb5_const_principal server_princ,
-		krb5_const_principal proxy_princ,
-		const char **status);
+(krb5_context context,
+ krb5_kdc_req *request,
+ const krb5_enc_tkt_part *t2enc,
+ const krb5_db_entry *server,
+ krb5_const_principal server_princ,
+ krb5_const_principal proxy_princ,
+ const char **status);
 
 krb5_error_code kdc_check_transited_list
-	(krb5_context context,
-		const krb5_data *trans,
-		const krb5_data *realm1,
-		const krb5_data *realm2);
+(krb5_context context,
+ const krb5_data *trans,
+ const krb5_data *realm1,
+ const krb5_data *realm2);
 
 krb5_error_code audit_as_request
-	(krb5_kdc_req *request,
-		krb5_db_entry *client,
-		krb5_db_entry *server,
-		krb5_timestamp authtime,
-		krb5_error_code errcode);
+(krb5_kdc_req *request,
+ krb5_db_entry *client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code errcode);
 
 krb5_error_code audit_tgs_request
-	(krb5_kdc_req *request,
-		krb5_const_principal client,
-		krb5_db_entry *server,
-		krb5_timestamp authtime,
-		krb5_error_code errcode);
+(krb5_kdc_req *request,
+ krb5_const_principal client,
+ krb5_db_entry *server,
+ krb5_timestamp authtime,
+ krb5_error_code errcode);
 
 krb5_error_code
 validate_transit_path(krb5_context context,
-	krb5_const_principal client,
-		krb5_db_entry *server,
-		      krb5_db_entry *krbtgt);
+                      krb5_const_principal client,
+                      krb5_db_entry *server,
+                      krb5_db_entry *krbtgt);
 void
 kdc_get_ticket_endtime(krb5_context context,
-       krb5_timestamp now,
-	       krb5_timestamp endtime,
-	       krb5_timestamp till,
-	       krb5_db_entry *client,
-	       krb5_db_entry *server,
-	       krb5_timestamp *out_endtime);
+                       krb5_timestamp now,
+                       krb5_timestamp endtime,
+                       krb5_timestamp till,
+                       krb5_db_entry *client,
+                       krb5_db_entry *server,
+                       krb5_timestamp *out_endtime);
 
 void
 log_as_req(const krb5_fulladdr *from,
-	   krb5_kdc_req *request, krb5_kdc_rep *reply,
-	   krb5_db_entry *client, const char *cname,
-	   krb5_db_entry *server, const char *sname,
-	   krb5_timestamp authtime,
-	   const char *status, krb5_error_code errcode, const char *emsg);
+           krb5_kdc_req *request, krb5_kdc_rep *reply,
+           krb5_db_entry *client, const char *cname,
+           krb5_db_entry *server, const char *sname,
+           krb5_timestamp authtime,
+           const char *status, krb5_error_code errcode, const char *emsg);
 void
 log_tgs_req(const krb5_fulladdr *from,
-	    krb5_kdc_req *request, krb5_kdc_rep *reply,
-	    const char *cname, const char *sname, const char *altcname,
-	    krb5_timestamp authtime,
-	    unsigned int c_flags, const char *s4u_name,
-	    const char *status, krb5_error_code errcode, const char *emsg);
+            krb5_kdc_req *request, krb5_kdc_rep *reply,
+            const char *cname, const char *sname, const char *altcname,
+            krb5_timestamp authtime,
+            unsigned int c_flags, const char *s4u_name,
+            const char *status, krb5_error_code errcode, const char *emsg);
 void log_tgs_alt_tgt(krb5_principal p);
 
 /*Request state*/
 
 struct kdc_request_state {
     krb5_keyblock *armor_key;
-  krb5_keyblock *strengthen_key; 
+    krb5_keyblock *strengthen_key;
     krb5_pa_data *cookie;
     krb5_int32 fast_options;
     krb5_int32 fast_internal_flags;
@@ -361,31 +362,31 @@ krb5_error_code kdc_fast_handle_error
  krb5_pa_data  **in_padata, krb5_error *err);
 
 krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state,
-					  krb5_keyblock *existing_key,
-					  krb5_keyblock **out_key);
+                                          krb5_keyblock *existing_key,
+                                          krb5_keyblock **out_key);
 
 
 krb5_error_code kdc_preauth_get_cookie(struct kdc_request_state *state,
-				    krb5_pa_data **cookie);
+                                       krb5_pa_data **cookie);
+
 
- 
 
 
 #define isflagset(flagfield, flag) (flagfield & (flag))
 #define setflag(flagfield, flag) (flagfield |= (flag))
 #define clear(flagfield, flag) (flagfield &= ~(flag))
 
-#ifndef	min
-#define	min(a, b)	((a) < (b) ? (a) : (b))
-#define	max(a, b)	((a) > (b) ? (a) : (b))
+#ifndef min
+#define min(a, b)       ((a) < (b) ? (a) : (b))
+#define max(a, b)       ((a) > (b) ? (a) : (b))
 #endif
 
 #ifdef KRB5_USE_INET6
-#define ADDRTYPE2FAMILY(X) \
-  ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
+#define ADDRTYPE2FAMILY(X)                                              \
+    ((X) == ADDRTYPE_INET6 ? AF_INET6 : (X) == ADDRTYPE_INET ? AF_INET : -1)
 #else
-#define ADDRTYPE2FAMILY(X) \
-  ((X) == ADDRTYPE_INET ? AF_INET : -1)
+#define ADDRTYPE2FAMILY(X)                      \
+    ((X) == ADDRTYPE_INET ? AF_INET : -1)
 #endif
 
 /* RFC 4120: KRB5KDC_ERR_KEY_TOO_WEAK
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 039d918d1..64b6beb55 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/main.c
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Main procedure body for the KDC server process.
  */
@@ -95,7 +96,7 @@ static int rkey_init_done = 0;
 static struct sigaction s_action;
 #endif /* POSIX_SIGNALS */
 
-#define	KRB5_KDC_MAX_REALMS	32
+#define KRB5_KDC_MAX_REALMS     32
 
 static krb5_context kdc_err_context;
 static const char *kdc_progname;
@@ -116,7 +117,7 @@ kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...)
     va_list ap;
 
     if (call_context)
-	krb5_copy_error_message(kdc_err_context, call_context);
+        krb5_copy_error_message(kdc_err_context, call_context);
     va_start(ap, fmt);
     com_err_va(kdc_progname, code, fmt, ap);
     va_end(ap);
@@ -130,9 +131,9 @@ find_realm_data(char *rname, krb5_ui_4 rsize)
 {
     int i;
     for (i=0; i<kdc_numrealms; i++) {
-	if ((rsize == strlen(kdc_realmlist[i]->realm_name)) &&
-	    !strncmp(rname, kdc_realmlist[i]->realm_name, rsize))
-	    return(kdc_realmlist[i]);
+        if ((rsize == strlen(kdc_realmlist[i]->realm_name)) &&
+            !strncmp(rname, kdc_realmlist[i]->realm_name, rsize))
+            return(kdc_realmlist[i]);
     }
     return((kdc_realm_t *) NULL);
 }
@@ -140,19 +141,19 @@ find_realm_data(char *rname, krb5_ui_4 rsize)
 krb5_error_code
 setup_server_realm(krb5_principal sprinc)
 {
-    krb5_error_code	kret;
-    kdc_realm_t		*newrealm;
+    krb5_error_code     kret;
+    kdc_realm_t         *newrealm;
 
     kret = 0;
     if (kdc_numrealms > 1) {
-	if (!(newrealm = find_realm_data(sprinc->realm.data,
-					 (krb5_ui_4) sprinc->realm.length)))
-	    kret = ENOENT;
-	else
-	    kdc_active_realm = newrealm;
+        if (!(newrealm = find_realm_data(sprinc->realm.data,
+                                         (krb5_ui_4) sprinc->realm.length)))
+            kret = ENOENT;
+        else
+            kdc_active_realm = newrealm;
     }
     else
-	kdc_active_realm = kdc_realmlist[0];
+        kdc_active_realm = kdc_realmlist[0];
     return(kret);
 }
 
@@ -160,43 +161,43 @@ static void
 finish_realm(kdc_realm_t *rdp)
 {
     if (rdp->realm_dbname)
-	free(rdp->realm_dbname);
+        free(rdp->realm_dbname);
     if (rdp->realm_mpname)
-	free(rdp->realm_mpname);
+        free(rdp->realm_mpname);
     if (rdp->realm_stash)
-	free(rdp->realm_stash);
+        free(rdp->realm_stash);
     if (rdp->realm_ports)
-	free(rdp->realm_ports);
+        free(rdp->realm_ports);
     if (rdp->realm_tcp_ports)
-	free(rdp->realm_tcp_ports);
+        free(rdp->realm_tcp_ports);
     if (rdp->realm_keytab)
-	krb5_kt_close(rdp->realm_context, rdp->realm_keytab);
+        krb5_kt_close(rdp->realm_context, rdp->realm_keytab);
     if (rdp->realm_host_based_services)
-	free(rdp->realm_host_based_services);
+        free(rdp->realm_host_based_services);
     if (rdp->realm_no_host_referral)
-	free(rdp->realm_no_host_referral);
+        free(rdp->realm_no_host_referral);
     if (rdp->realm_context) {
-	if (rdp->realm_mprinc)
-	    krb5_free_principal(rdp->realm_context, rdp->realm_mprinc);
-	if (rdp->realm_mkey.length && rdp->realm_mkey.contents) {
+        if (rdp->realm_mprinc)
+            krb5_free_principal(rdp->realm_context, rdp->realm_mprinc);
+        if (rdp->realm_mkey.length && rdp->realm_mkey.contents) {
             /* XXX shouldn't memset be zap for safety? */
-	    memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
-	    free(rdp->realm_mkey.contents);
-	}
+            memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length);
+            free(rdp->realm_mkey.contents);
+        }
         if (rdp->mkey_list)
             krb5_dbe_free_key_list(rdp->realm_context, rdp->mkey_list);
-	krb5_db_fini(rdp->realm_context);
-	if (rdp->realm_tgsprinc)
-	    krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
-	krb5_free_context(rdp->realm_context);
+        krb5_db_fini(rdp->realm_context);
+        if (rdp->realm_tgsprinc)
+            krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc);
+        krb5_free_context(rdp->realm_context);
     }
     memset(rdp, 0, sizeof(*rdp));
     free(rdp);
 }
 
-static krb5_error_code 
-handle_referral_params(krb5_realm_params *rparams, 
-                       char *no_refrls, char *host_based_srvcs, 
+static krb5_error_code
+handle_referral_params(krb5_realm_params *rparams,
+                       char *no_refrls, char *host_based_srvcs,
                        kdc_realm_t *rdp )
 {
     krb5_error_code retval = 0;
@@ -210,46 +211,46 @@ handle_referral_params(krb5_realm_params *rparams,
                 rdp->realm_no_host_referral = strdup(KRB5_CONF_ASTERISK);
                 if (!rdp->realm_no_host_referral)
                     retval = ENOMEM;
-           } else if  (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s",
-                        " ", no_refrls," ",rparams->realm_no_host_referral, " ") < 0))
-                retval = ENOMEM; 
-            else if (asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", 
-                        rparams->realm_no_host_referral, " ") < 0) 
-                retval = ENOMEM; 
+            } else if  (no_refrls && (asprintf(&(rdp->realm_no_host_referral), "%s%s%s%s%s",
+                                               " ", no_refrls," ",rparams->realm_no_host_referral, " ") < 0))
+                retval = ENOMEM;
+            else if (asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ",
+                              rparams->realm_no_host_referral, " ") < 0)
+                retval = ENOMEM;
         } else if( no_refrls != NULL) {
             if ( asprintf(&(rdp->realm_no_host_referral),"%s%s%s", " ", no_refrls, " ") < 0)
-                retval = ENOMEM; 
+                retval = ENOMEM;
         } else
             rdp->realm_no_host_referral = NULL;
     }
 
     if (rdp->realm_no_host_referral && krb5_match_config_pattern(rdp->realm_no_host_referral, KRB5_CONF_ASTERISK) == TRUE) {
-        rdp->realm_host_based_services = NULL; 
+        rdp->realm_host_based_services = NULL;
         return 0;
     }
 
     if (host_based_srvcs && (krb5_match_config_pattern(host_based_srvcs, KRB5_CONF_ASTERISK) == TRUE)) {
-            rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK);
-            if (!rdp->realm_host_based_services)
-                retval = ENOMEM;
+        rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK);
+        if (!rdp->realm_host_based_services)
+            retval = ENOMEM;
     } else {
-            if (rparams && rparams->realm_host_based_services) {
-                if (krb5_match_config_pattern(rparams->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE) {
-                    rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK);
-                    if (!rdp->realm_host_based_services)
-                        retval = ENOMEM;
-                } else if (host_based_srvcs) {
-                    if (asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s",
-                           " ", host_based_srvcs," ",rparams->realm_host_based_services, " ") < 0)
-                    retval = ENOMEM; 
-                } else if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", 
-                           rparams->realm_host_based_services, " ") < 0) 
-                    retval = ENOMEM; 
+        if (rparams && rparams->realm_host_based_services) {
+            if (krb5_match_config_pattern(rparams->realm_host_based_services, KRB5_CONF_ASTERISK) == TRUE) {
+                rdp->realm_host_based_services = strdup(KRB5_CONF_ASTERISK);
+                if (!rdp->realm_host_based_services)
+                    retval = ENOMEM;
             } else if (host_based_srvcs) {
-                if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", host_based_srvcs, " ") < 0)
-                    retval = ENOMEM; 
-            } else
-                rdp->realm_host_based_services = NULL;
+                if (asprintf(&(rdp->realm_host_based_services), "%s%s%s%s%s",
+                             " ", host_based_srvcs," ",rparams->realm_host_based_services, " ") < 0)
+                    retval = ENOMEM;
+            } else if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ",
+                                rparams->realm_host_based_services, " ") < 0)
+                retval = ENOMEM;
+        } else if (host_based_srvcs) {
+            if (asprintf(&(rdp->realm_host_based_services),"%s%s%s", " ", host_based_srvcs, " ") < 0)
+                retval = ENOMEM;
+        } else
+            rdp->realm_host_based_services = NULL;
     }
 
     return retval;
@@ -263,39 +264,39 @@ handle_referral_params(krb5_realm_params *rparams,
  */
 static krb5_error_code
 init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
-	   krb5_enctype def_enctype, char *def_udp_ports, char *def_tcp_ports,
-	   krb5_boolean def_manual, char **db_args, char *no_refrls,
-	   char *host_based_srvcs)
+           krb5_enctype def_enctype, char *def_udp_ports, char *def_tcp_ports,
+           krb5_boolean def_manual, char **db_args, char *no_refrls,
+           char *host_based_srvcs)
 {
-    krb5_error_code	kret;
-    krb5_boolean	manual;
-    krb5_realm_params	*rparams;
-    int			kdb_open_flags;
+    krb5_error_code     kret;
+    krb5_boolean        manual;
+    krb5_realm_params   *rparams;
+    int                 kdb_open_flags;
     krb5_kvno       mkvno = IGNORE_VNO;
 
     memset(rdp, 0, sizeof(kdc_realm_t));
     if (!realm) {
-	kret = EINVAL;
-	goto whoops;
+        kret = EINVAL;
+        goto whoops;
     }
-	
+
     rdp->realm_name = realm;
     kret = krb5int_init_context_kdc(&rdp->realm_context);
     if (kret) {
-	kdc_err(NULL, kret, "while getting context for realm %s", realm);
-	goto whoops;
+        kdc_err(NULL, kret, "while getting context for realm %s", realm);
+        goto whoops;
     }
 
     kret = krb5_read_realm_params(rdp->realm_context, rdp->realm_name,
-				  &rparams);
+                                  &rparams);
     if (kret) {
-	kdc_err(rdp->realm_context, kret, "while reading realm parameters");
-	goto whoops;
+        kdc_err(rdp->realm_context, kret, "while reading realm parameters");
+        goto whoops;
     }
-    
+
     /* Handle profile file name */
     if (rparams && rparams->realm_profile) {
-	rdp->realm_profile = strdup(rparams->realm_profile);
+        rdp->realm_profile = strdup(rparams->realm_profile);
         if (!rdp->realm_profile) {
             kret = ENOMEM;
             goto whoops;
@@ -304,10 +305,10 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
 
     /* Handle master key name */
     if (rparams && rparams->realm_mkey_name)
-	rdp->realm_mpname = strdup(rparams->realm_mkey_name);
+        rdp->realm_mpname = strdup(rparams->realm_mkey_name);
     else
-	rdp->realm_mpname = (def_mpname) ? strdup(def_mpname) :
-	    strdup(KRB5_KDB_M_NAME);
+        rdp->realm_mpname = (def_mpname) ? strdup(def_mpname) :
+            strdup(KRB5_KDB_M_NAME);
     if (!rdp->realm_mpname) {
         kret = ENOMEM;
         goto whoops;
@@ -315,59 +316,59 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
 
     /* Handle KDC ports */
     if (rparams && rparams->realm_kdc_ports)
-	rdp->realm_ports = strdup(rparams->realm_kdc_ports);
+        rdp->realm_ports = strdup(rparams->realm_kdc_ports);
     else
-	rdp->realm_ports = strdup(def_udp_ports);
+        rdp->realm_ports = strdup(def_udp_ports);
     if (!rdp->realm_ports) {
         kret = ENOMEM;
         goto whoops;
     }
     if (rparams && rparams->realm_kdc_tcp_ports)
-	rdp->realm_tcp_ports = strdup(rparams->realm_kdc_tcp_ports);
+        rdp->realm_tcp_ports = strdup(rparams->realm_kdc_tcp_ports);
     else
-	rdp->realm_tcp_ports = strdup(def_tcp_ports);
+        rdp->realm_tcp_ports = strdup(def_tcp_ports);
     if (!rdp->realm_tcp_ports) {
         kret = ENOMEM;
         goto whoops;
     }
     /* Handle stash file */
     if (rparams && rparams->realm_stash_file) {
-	rdp->realm_stash = strdup(rparams->realm_stash_file);
+        rdp->realm_stash = strdup(rparams->realm_stash_file);
         if (!rdp->realm_stash) {
             kret = ENOMEM;
             goto whoops;
         }
-	manual = FALSE;
+        manual = FALSE;
     } else
-	manual = def_manual;
+        manual = def_manual;
 
     /* Handle master key type */
     if (rparams && rparams->realm_enctype_valid)
-	rdp->realm_mkey.enctype = (krb5_enctype) rparams->realm_enctype;
+        rdp->realm_mkey.enctype = (krb5_enctype) rparams->realm_enctype;
     else
-	rdp->realm_mkey.enctype = manual ? def_enctype : ENCTYPE_UNKNOWN;
+        rdp->realm_mkey.enctype = manual ? def_enctype : ENCTYPE_UNKNOWN;
 
     /* Handle reject-bad-transit flag */
     if (rparams && rparams->realm_reject_bad_transit_valid)
-	rdp->realm_reject_bad_transit = rparams->realm_reject_bad_transit;
+        rdp->realm_reject_bad_transit = rparams->realm_reject_bad_transit;
     else
-	rdp->realm_reject_bad_transit = 1;
- 
+        rdp->realm_reject_bad_transit = 1;
+
     /* Handle ticket maximum life */
     rdp->realm_maxlife = (rparams && rparams->realm_max_life_valid) ?
-	rparams->realm_max_life : KRB5_KDB_MAX_LIFE;
+        rparams->realm_max_life : KRB5_KDB_MAX_LIFE;
 
     /* Handle ticket renewable maximum life */
     rdp->realm_maxrlife = (rparams && rparams->realm_max_rlife_valid) ?
-	rparams->realm_max_rlife : KRB5_KDB_MAX_RLIFE;
+        rparams->realm_max_rlife : KRB5_KDB_MAX_RLIFE;
 
     /* Handle KDC referrals */
     kret = handle_referral_params(rparams, no_refrls, host_based_srvcs, rdp);
     if (kret == ENOMEM)
-	goto whoops;
+        goto whoops;
 
     if (rparams)
-	krb5_free_realm_params(rdp->realm_context, rparams);
+        krb5_free_realm_params(rdp->realm_context, rparams);
 
     /*
      * We've got our parameters, now go and setup our realm context.
@@ -375,40 +376,40 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
 
     /* Set the default realm of this context */
     if ((kret = krb5_set_default_realm(rdp->realm_context, realm))) {
-	kdc_err(rdp->realm_context, kret, "while setting default realm to %s",
-		realm);
-	goto whoops;
+        kdc_err(rdp->realm_context, kret, "while setting default realm to %s",
+                realm);
+        goto whoops;
     }
 
     /* first open the database  before doing anything */
     kdb_open_flags = KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_KDC;
     if ((kret = krb5_db_open(rdp->realm_context, db_args, kdb_open_flags))) {
-	kdc_err(rdp->realm_context, kret,
-		"while initializing database for realm %s", realm);
-	goto whoops;
+        kdc_err(rdp->realm_context, kret,
+                "while initializing database for realm %s", realm);
+        goto whoops;
     }
 
     /* Assemble and parse the master key name */
     if ((kret = krb5_db_setup_mkey_name(rdp->realm_context, rdp->realm_mpname,
-					rdp->realm_name, (char **) NULL,
-					&rdp->realm_mprinc))) {
-	kdc_err(rdp->realm_context, kret,
-		"while setting up master key name %s for realm %s",
-		rdp->realm_mpname, realm);
-	goto whoops;
+                                        rdp->realm_name, (char **) NULL,
+                                        &rdp->realm_mprinc))) {
+        kdc_err(rdp->realm_context, kret,
+                "while setting up master key name %s for realm %s",
+                rdp->realm_mpname, realm);
+        goto whoops;
     }
 
     /*
      * Get the master key (note, may not be the most current mkey).
      */
     if ((kret = krb5_db_fetch_mkey(rdp->realm_context, rdp->realm_mprinc,
-				   rdp->realm_mkey.enctype, manual,
-				   FALSE, rdp->realm_stash,
-				   &mkvno, NULL, &rdp->realm_mkey))) {
-	kdc_err(rdp->realm_context, kret,
-		"while fetching master key %s for realm %s",
-		rdp->realm_mpname, realm);
-	goto whoops;
+                                   rdp->realm_mkey.enctype, manual,
+                                   FALSE, rdp->realm_stash,
+                                   &mkvno, NULL, &rdp->realm_mkey))) {
+        kdc_err(rdp->realm_context, kret,
+                "while fetching master key %s for realm %s",
+                rdp->realm_mpname, realm);
+        goto whoops;
     }
 #if 0 /************** Begin IFDEF'ed OUT *******************************/
     /*
@@ -419,26 +420,26 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
      */
     /* Verify the master key */
     if ((kret = krb5_db_verify_master_key(rdp->realm_context,
-					  rdp->realm_mprinc,
+                                          rdp->realm_mprinc,
                                           IGNORE_VNO,
-					  &rdp->realm_mkey))) {
-	kdc_err(rdp->realm_context, kret,
-		"while verifying master key for realm %s", realm);
-	goto whoops;
+                                          &rdp->realm_mkey))) {
+        kdc_err(rdp->realm_context, kret,
+                "while verifying master key for realm %s", realm);
+        goto whoops;
     }
 #endif /**************** END IFDEF'ed OUT *******************************/
 
     if ((kret = krb5_db_fetch_mkey_list(rdp->realm_context, rdp->realm_mprinc,
-				   &rdp->realm_mkey, mkvno, &rdp->mkey_list))) {
-	kdc_err(rdp->realm_context, kret,
-		"while fetching master keys list for realm %s", realm);
-	goto whoops;
+                                        &rdp->realm_mkey, mkvno, &rdp->mkey_list))) {
+        kdc_err(rdp->realm_context, kret,
+                "while fetching master keys list for realm %s", realm);
+        goto whoops;
     }
 
     if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) {
-	kdc_err(rdp->realm_context, kret,
-		"while setting master key for realm %s", realm);
-	goto whoops;
+        kdc_err(rdp->realm_context, kret,
+                "while setting master key for realm %s", realm);
+        goto whoops;
     }
     kret = krb5_db_set_mkey_list(rdp->realm_context, rdp->mkey_list);
     if (kret) {
@@ -449,44 +450,44 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
 
     /* Set up the keytab */
     if ((kret = krb5_ktkdb_resolve(rdp->realm_context, NULL,
-				   &rdp->realm_keytab))) {
-	kdc_err(rdp->realm_context, kret,
-		"while resolving kdb keytab for realm %s", realm);
-	goto whoops;
+                                   &rdp->realm_keytab))) {
+        kdc_err(rdp->realm_context, kret,
+                "while resolving kdb keytab for realm %s", realm);
+        goto whoops;
     }
 
     /* Preformat the TGS name */
     if ((kret = krb5_build_principal(rdp->realm_context, &rdp->realm_tgsprinc,
-				     strlen(realm), realm, KRB5_TGS_NAME,
-				     realm, (char *) NULL))) {
-	kdc_err(rdp->realm_context, kret,
-		"while building TGS name for realm %s", realm);
-	goto whoops;
+                                     strlen(realm), realm, KRB5_TGS_NAME,
+                                     realm, (char *) NULL))) {
+        kdc_err(rdp->realm_context, kret,
+                "while building TGS name for realm %s", realm);
+        goto whoops;
     }
 
     if (!rkey_init_done) {
-	krb5_data seed;
-	/*
-	 * If all that worked, then initialize the random key
-	 * generators.
-	 */
+        krb5_data seed;
+        /*
+         * If all that worked, then initialize the random key
+         * generators.
+         */
 
-	seed.length = rdp->realm_mkey.length;
-	seed.data = (char *)rdp->realm_mkey.contents;
+        seed.length = rdp->realm_mkey.length;
+        seed.data = (char *)rdp->realm_mkey.contents;
 
-	if ((kret = krb5_c_random_add_entropy(rdp->realm_context,
-					     KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
-	    goto whoops;
+        if ((kret = krb5_c_random_add_entropy(rdp->realm_context,
+                                              KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
+            goto whoops;
 
-	rkey_init_done = 1;
+        rkey_init_done = 1;
     }
- whoops:
+whoops:
     /*
      * If we choked, then clean up any dirt we may have dropped on the floor.
      */
     if (kret) {
-        
-	finish_realm(rdp);
+
+        finish_realm(rdp);
     }
     return(kret);
 }
@@ -548,9 +549,9 @@ void
 usage(char *name)
 {
     fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [-n]\n"
-	    "\nwhere,\n\t[-x db_args]* - Any number of database specific arguments.  Look at\n"
-	    "\t\t\teach database module documentation for supported\n\t\t\targuments\n",
-	    name);
+            "\nwhere,\n\t[-x db_args]* - Any number of database specific arguments.  Look at\n"
+            "\t\t\teach database module documentation for supported\n\t\t\targuments\n",
+            name);
     return;
 }
 
@@ -558,19 +559,19 @@ char               **db_args      = NULL;
 void
 initialize_realms(krb5_context kcontext, int argc, char **argv)
 {
-    int 		c;
-    char		*db_name = (char *) NULL;
-    char		*lrealm = (char *) NULL;
-    char		*mkey_name = (char *) NULL;
-    char		*rcname = KDCRCACHE;
-    krb5_error_code	retval;
-    krb5_enctype	menctype = ENCTYPE_UNKNOWN;
-    kdc_realm_t		*rdatap = NULL;
-    krb5_boolean	manual = FALSE;
-    char		*default_udp_ports = 0;
-    char		*default_tcp_ports = 0;
-    krb5_pointer	aprof;
-    const char		*hierarchy[3];
+    int                 c;
+    char                *db_name = (char *) NULL;
+    char                *lrealm = (char *) NULL;
+    char                *mkey_name = (char *) NULL;
+    char                *rcname = KDCRCACHE;
+    krb5_error_code     retval;
+    krb5_enctype        menctype = ENCTYPE_UNKNOWN;
+    kdc_realm_t         *rdatap = NULL;
+    krb5_boolean        manual = FALSE;
+    char                *default_udp_ports = 0;
+    char                *default_tcp_ports = 0;
+    krb5_pointer        aprof;
+    const char          *hierarchy[3];
     char                *no_refrls = NULL;
     char                *host_based_srvcs = NULL;
     int                  db_args_size = 0;
@@ -578,19 +579,19 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
     extern char *optarg;
 
     if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) {
-	hierarchy[0] = KRB5_CONF_KDCDEFAULTS;
-	hierarchy[1] = KRB5_CONF_KDC_PORTS;
-	hierarchy[2] = (char *) NULL;
-	if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_udp_ports))
-	    default_udp_ports = 0;
-	hierarchy[1] = KRB5_CONF_KDC_TCP_PORTS;
-	if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_tcp_ports))
-	    default_tcp_ports = 0;
-	hierarchy[1] = KRB5_CONF_MAX_DGRAM_REPLY_SIZE;
-	if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, &max_dgram_reply_size))
-	    max_dgram_reply_size = MAX_DGRAM_SIZE;
+        hierarchy[0] = KRB5_CONF_KDCDEFAULTS;
+        hierarchy[1] = KRB5_CONF_KDC_PORTS;
+        hierarchy[2] = (char *) NULL;
+        if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_udp_ports))
+            default_udp_ports = 0;
+        hierarchy[1] = KRB5_CONF_KDC_TCP_PORTS;
+        if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_tcp_ports))
+            default_tcp_ports = 0;
+        hierarchy[1] = KRB5_CONF_MAX_DGRAM_REPLY_SIZE;
+        if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, &max_dgram_reply_size))
+            max_dgram_reply_size = MAX_DGRAM_SIZE;
         hierarchy[1] = KRB5_CONF_NO_HOST_REFERRAL;
-        if (krb5_aprof_get_string_all(aprof, hierarchy, &no_refrls)) 
+        if (krb5_aprof_get_string_all(aprof, hierarchy, &no_refrls))
             no_refrls = 0;
         if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) {
             hierarchy[1] = KRB5_CONF_HOST_BASED_SERVICES;
@@ -598,13 +599,13 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
                 host_based_srvcs = 0;
         }
 
-	/* aprof_init can return 0 with aprof == NULL */
-	if (aprof)
-	     krb5_aprof_finish(aprof);
+        /* aprof_init can return 0 with aprof == NULL */
+        if (aprof)
+            krb5_aprof_finish(aprof);
     }
-  
+
     if (default_udp_ports == 0) {
-	default_udp_ports = strdup(DEFAULT_KDC_UDP_PORTLIST);
+        default_udp_ports = strdup(DEFAULT_KDC_UDP_PORTLIST);
         if (default_udp_ports == 0) {
             fprintf(stderr," KDC cannot initialize. Not enough memory\n");
             exit(1);
@@ -623,140 +624,140 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
      * use the previously scanned options to fill in for defaults.
      */
     while ((c = getopt(argc, argv, "x:r:d:mM:k:R:e:p:s:n4:X3")) != -1) {
-	switch(c) {
-	case 'x':
-	    db_args_size++;
-	    {
-		char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
-		if( temp == NULL )
-		{
-		    fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n",
-			    argv[0]);
-		    exit(1);
-		}
-
-		db_args = temp;
-	    }
-	    db_args[db_args_size-1] = optarg;
-	    db_args[db_args_size]   = NULL;
-	  break;
-
-	case 'r':			/* realm name for db */
-	    if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) {
-		if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
-		    if ((retval = init_realm(rdatap, optarg, mkey_name,
-					     menctype, default_udp_ports,
-					     default_tcp_ports, manual, db_args,
+        switch(c) {
+        case 'x':
+            db_args_size++;
+            {
+                char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+                if( temp == NULL )
+                {
+                    fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n",
+                            argv[0]);
+                    exit(1);
+                }
+
+                db_args = temp;
+            }
+            db_args[db_args_size-1] = optarg;
+            db_args[db_args_size]   = NULL;
+            break;
+
+        case 'r':                       /* realm name for db */
+            if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) {
+                if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
+                    if ((retval = init_realm(rdatap, optarg, mkey_name,
+                                             menctype, default_udp_ports,
+                                             default_tcp_ports, manual, db_args,
                                              no_refrls, host_based_srvcs))) {
-			fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n",
-				argv[0], optarg);
-			exit(1);
-		    }
-		    kdc_realmlist[kdc_numrealms] = rdatap;
-		    kdc_numrealms++;
-		    free(db_args), db_args=NULL, db_args_size = 0;
-		}
-		else
-		{
-			fprintf(stderr,"%s: cannot initialize realm %s. Not enough memory\n",
-				argv[0], optarg);
-			exit(1);
-		}
-	    }
-	    break;
-	case 'd':			/* pathname for db */
-	    /* now db_name is not a seperate argument. It has to be passed as part of the db_args */
-	    if( db_name == NULL ) {
-		if (asprintf(&db_name, "dbname=%s", optarg) < 0) {
-		    fprintf(stderr,
-			    "%s: KDC cannot initialize. Not enough memory\n",
-			    argv[0]);
-		    exit(1);
-		}
-	    }
-
-	    db_args_size++;
-	    {
-		char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
-		if( temp == NULL )
-		{
-		    fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n",
-			    argv[0]);
-		    exit(1);
-		}
-
-		db_args = temp;
-	    }
-	    db_args[db_args_size-1] = db_name;
-	    db_args[db_args_size]   = NULL;
-	    break;
-	case 'm':			/* manual type-in of master key */
-	    manual = TRUE;
-	    if (menctype == ENCTYPE_UNKNOWN)
-		menctype = ENCTYPE_DES_CBC_CRC;
-	    break;
-	case 'M':			/* master key name in DB */
-	    mkey_name = optarg;
-	    break;
-	case 'n':
-	    nofork++;			/* don't detach from terminal */
-	    break;
-	case 'k':			/* enctype for master key */
-	    if (krb5_string_to_enctype(optarg, &menctype))
-		com_err(argv[0], 0, "invalid enctype %s", optarg);
-	    break;
-	case 'R':
-	    rcname = optarg;
-	    break;
-	case 'p':
-	    if (default_udp_ports)
-		free(default_udp_ports);
-	    default_udp_ports = strdup(optarg);
+                        fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n",
+                                argv[0], optarg);
+                        exit(1);
+                    }
+                    kdc_realmlist[kdc_numrealms] = rdatap;
+                    kdc_numrealms++;
+                    free(db_args), db_args=NULL, db_args_size = 0;
+                }
+                else
+                {
+                    fprintf(stderr,"%s: cannot initialize realm %s. Not enough memory\n",
+                            argv[0], optarg);
+                    exit(1);
+                }
+            }
+            break;
+        case 'd':                       /* pathname for db */
+            /* now db_name is not a seperate argument. It has to be passed as part of the db_args */
+            if( db_name == NULL ) {
+                if (asprintf(&db_name, "dbname=%s", optarg) < 0) {
+                    fprintf(stderr,
+                            "%s: KDC cannot initialize. Not enough memory\n",
+                            argv[0]);
+                    exit(1);
+                }
+            }
+
+            db_args_size++;
+            {
+                char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+                if( temp == NULL )
+                {
+                    fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n",
+                            argv[0]);
+                    exit(1);
+                }
+
+                db_args = temp;
+            }
+            db_args[db_args_size-1] = db_name;
+            db_args[db_args_size]   = NULL;
+            break;
+        case 'm':                       /* manual type-in of master key */
+            manual = TRUE;
+            if (menctype == ENCTYPE_UNKNOWN)
+                menctype = ENCTYPE_DES_CBC_CRC;
+            break;
+        case 'M':                       /* master key name in DB */
+            mkey_name = optarg;
+            break;
+        case 'n':
+            nofork++;                   /* don't detach from terminal */
+            break;
+        case 'k':                       /* enctype for master key */
+            if (krb5_string_to_enctype(optarg, &menctype))
+                com_err(argv[0], 0, "invalid enctype %s", optarg);
+            break;
+        case 'R':
+            rcname = optarg;
+            break;
+        case 'p':
+            if (default_udp_ports)
+                free(default_udp_ports);
+            default_udp_ports = strdup(optarg);
             if (!default_udp_ports) {
                 fprintf(stderr," KDC cannot initialize. Not enough memory\n");
                 exit(1);
             }
 #if 0 /* not yet */
-	    if (default_tcp_ports)
-		free(default_tcp_ports);
-	    default_tcp_ports = strdup(optarg);
+            if (default_tcp_ports)
+                free(default_tcp_ports);
+            default_tcp_ports = strdup(optarg);
 #endif
-	    break;
-	case '4':
-	    break;
-	case 'X':
-	    break;
-	case '?':
-	default:
-	    usage(argv[0]);
-	    exit(1);
-	}
+            break;
+        case '4':
+            break;
+        case 'X':
+            break;
+        case '?':
+        default:
+            usage(argv[0]);
+        exit(1);
+        }
     }
 
     /*
      * Check to see if we processed any realms.
      */
     if (kdc_numrealms == 0) {
-	/* no realm specified, use default realm */
-	if ((retval = krb5_get_default_realm(kcontext, &lrealm))) {
-	    com_err(argv[0], retval,
-		    "while attempting to retrieve default realm");
-	    fprintf (stderr, "%s: %s, attempting to retrieve default realm\n",
-		     argv[0], krb5_get_error_message(kcontext, retval));
-	    exit(1);
-	}
-	if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
-	    if ((retval = init_realm(rdatap, lrealm, mkey_name, menctype,
-				     default_udp_ports, default_tcp_ports,
-				     manual, db_args, no_refrls,
-				     host_based_srvcs))) {
-		fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n",
-			argv[0], lrealm);
-		exit(1);
-	    }
-	    kdc_realmlist[0] = rdatap;
-	    kdc_numrealms++;
-	}
+        /* no realm specified, use default realm */
+        if ((retval = krb5_get_default_realm(kcontext, &lrealm))) {
+            com_err(argv[0], retval,
+                    "while attempting to retrieve default realm");
+            fprintf (stderr, "%s: %s, attempting to retrieve default realm\n",
+                     argv[0], krb5_get_error_message(kcontext, retval));
+            exit(1);
+        }
+        if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
+            if ((retval = init_realm(rdatap, lrealm, mkey_name, menctype,
+                                     default_udp_ports, default_tcp_ports,
+                                     manual, db_args, no_refrls,
+                                     host_based_srvcs))) {
+                fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n",
+                        argv[0], lrealm);
+                exit(1);
+            }
+            kdc_realmlist[0] = rdatap;
+            kdc_numrealms++;
+        }
     }
 
 #ifdef USE_RCACHE
@@ -764,22 +765,22 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
      * Now handle the replay cache.
      */
     if ((retval = kdc_initialize_rcache(kcontext, rcname))) {
-	com_err(argv[0], retval, "while initializing KDC replay cache '%s'",
-		rcname);
-	exit(1);
+        com_err(argv[0], retval, "while initializing KDC replay cache '%s'",
+                rcname);
+        exit(1);
     }
 #endif
 
     /* Ensure that this is set for our first request. */
     kdc_active_realm = kdc_realmlist[0];
     if (default_udp_ports)
-	free(default_udp_ports);
+        free(default_udp_ports);
     if (default_tcp_ports)
-	free(default_tcp_ports);
+        free(default_tcp_ports);
     if (db_args)
-	free(db_args);
+        free(db_args);
     if (db_name)
-	free(db_name);
+        free(db_name);
     if (host_based_srvcs)
         free(host_based_srvcs);
     if (no_refrls)
@@ -794,53 +795,53 @@ finish_realms()
     int i;
 
     for (i = 0; i < kdc_numrealms; i++) {
-	finish_realm(kdc_realmlist[i]);
-	kdc_realmlist[i] = 0;
+        finish_realm(kdc_realmlist[i]);
+        kdc_realmlist[i] = 0;
     }
 }
 
 /*
- outline:
+  outline:
 
- process args & setup
+  process args & setup
 
- initialize database access (fetch master key, open DB)
+  initialize database access (fetch master key, open DB)
 
- initialize network
+  initialize network
 
- loop:
- 	listen for packet
+  loop:
+  listen for packet
 
-	determine packet type, dispatch to handling routine
-		(AS or TGS (or V4?))
+  determine packet type, dispatch to handling routine
+  (AS or TGS (or V4?))
 
-	reflect response
+  reflect response
 
-	exit on signal
+  exit on signal
 
- clean up secrets, close db
+  clean up secrets, close db
 
- shut down network
+  shut down network
 
- exit
- */
+  exit
+*/
 
 int main(int argc, char **argv)
 {
-    krb5_error_code	retval;
-    krb5_context	kcontext;
+    krb5_error_code     retval;
+    krb5_context        kcontext;
     int errout = 0;
 
     if (strrchr(argv[0], '/'))
-	argv[0] = strrchr(argv[0], '/')+1;
+        argv[0] = strrchr(argv[0], '/')+1;
 
-    if (!(kdc_realmlist = (kdc_realm_t **) malloc(sizeof(kdc_realm_t *) * 
-						  KRB5_KDC_MAX_REALMS))) {
-	fprintf(stderr, "%s: cannot get memory for realm list\n", argv[0]);
-	exit(1);
+    if (!(kdc_realmlist = (kdc_realm_t **) malloc(sizeof(kdc_realm_t *) *
+                                                  KRB5_KDC_MAX_REALMS))) {
+        fprintf(stderr, "%s: cannot get memory for realm list\n", argv[0]);
+        exit(1);
     }
     memset(kdc_realmlist, 0,
-	   (size_t) (sizeof(kdc_realm_t *) * KRB5_KDC_MAX_REALMS));
+           (size_t) (sizeof(kdc_realm_t *) * KRB5_KDC_MAX_REALMS));
 
     /*
      * A note about Kerberos contexts: This context, "kcontext", is used
@@ -850,8 +851,8 @@ int main(int argc, char **argv)
      */
     retval = krb5int_init_context_kdc(&kcontext);
     if (retval) {
-	    com_err(argv[0], retval, "while initializing krb5");
-	    exit(1);
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
     }
     krb5_klog_init(kcontext, "kdc", argv[0], 1);
     kdc_err_context = kcontext;
@@ -875,39 +876,39 @@ int main(int argc, char **argv)
 
     retval = setup_sam();
     if (retval) {
-	kdc_err(kcontext, retval, "while initializing SAM");
-	finish_realms();
-	return 1;
+        kdc_err(kcontext, retval, "while initializing SAM");
+        finish_realms();
+        return 1;
     }
 
     if ((retval = setup_network())) {
-	kdc_err(kcontext, retval, "while initializing network");
-	finish_realms();
-	return 1;
+        kdc_err(kcontext, retval, "while initializing network");
+        finish_realms();
+        return 1;
     }
     if (!nofork && daemon(0, 0)) {
-	kdc_err(kcontext, errno, "while detaching from tty");
-	finish_realms();
-	return 1;
+        kdc_err(kcontext, errno, "while detaching from tty");
+        finish_realms();
+        return 1;
     }
     krb5_klog_syslog(LOG_INFO, "commencing operation");
     if (nofork)
-	fprintf(stderr, "%s: starting...\n", kdc_progname);
+        fprintf(stderr, "%s: starting...\n", kdc_progname);
     if ((retval = listen_and_process())) {
-	kdc_err(kcontext, retval, "while processing network requests");
-	errout++;
+        kdc_err(kcontext, retval, "while processing network requests");
+        errout++;
     }
     if ((retval = closedown_network())) {
-	kdc_err(kcontext, retval, "while shutting down network");
-	errout++;
+        kdc_err(kcontext, retval, "while shutting down network");
+        errout++;
     }
     krb5_klog_syslog(LOG_INFO, "shutting down");
     unload_preauth_plugins(kcontext);
     unload_authdata_plugins(kcontext);
     krb5_klog_close(kdc_context);
     finish_realms();
-    if (kdc_realmlist) 
-      free(kdc_realmlist);
+    if (kdc_realmlist)
+        free(kdc_realmlist);
 #ifdef USE_RCACHE
     (void) krb5_rc_close(kcontext, kdc_rcache);
 #endif
@@ -917,5 +918,3 @@ int main(int argc, char **argv)
     krb5_free_context(kcontext);
     return errout;
 }
-
-
diff --git a/src/kdc/network.c b/src/kdc/network.c
index 4fdfcf1c6..ec0262231 100644
--- a/src/kdc/network.c
+++ b/src/kdc/network.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/network.c
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Network code for Kerberos v5 KDC.
  */
@@ -58,7 +59,7 @@
 #endif
 
 #ifdef HAVE_SYS_FILIO_H
-#include <sys/filio.h>		/* FIONBIO */
+#include <sys/filio.h>          /* FIONBIO */
 #endif
 
 #include "fake-addrinfo.h"
@@ -69,15 +70,15 @@ set_sa_port(struct sockaddr *addr, int port)
 {
     switch (addr->sa_family) {
     case AF_INET:
-	sa2sin(addr)->sin_port = port;
-	break;
+        sa2sin(addr)->sin_port = port;
+        break;
 #ifdef KRB5_USE_INET6
     case AF_INET6:
-	sa2sin6(addr)->sin6_port = port;
-	break;
+        sa2sin6(addr)->sin6_port = port;
+        break;
 #endif
     default:
-	break;
+        break;
     }
 }
 
@@ -86,13 +87,13 @@ static int ipv6_enabled()
 #ifdef KRB5_USE_INET6
     static int result = -1;
     if (result == -1) {
-	int s;
-	s = socket(AF_INET6, SOCK_STREAM, 0);
-	if (s >= 0) {
-	    result = 1;
-	    close(s);
-	} else
-	    result = 0;
+        int s;
+        s = socket(AF_INET6, SOCK_STREAM, 0);
+        if (s >= 0) {
+            result = 1;
+            close(s);
+        } else
+            result = 0;
     }
     return result;
 #else
@@ -133,21 +134,21 @@ set_pktinfo(int sock, int family)
     switch (family) {
 #if defined(IP_PKTINFO) && defined(HAVE_STRUCT_IN_PKTINFO)
     case AF_INET:
-	proto = IPPROTO_IP;
-	option = IP_RECVPKTINFO;
-	break;
+        proto = IPPROTO_IP;
+        option = IP_RECVPKTINFO;
+        break;
 #endif
 #if defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO)
     case AF_INET6:
-	proto = IPPROTO_IPV6;
-	option = IPV6_RECVPKTINFO;
-	break;
+        proto = IPPROTO_IPV6;
+        option = IPV6_RECVPKTINFO;
+        break;
 #endif
     default:
-	return EINVAL;
+        return EINVAL;
     }
     if (setsockopt(sock, proto, option, &sockopt, sizeof(sockopt)))
-	return errno;
+        return errno;
     return 0;
 }
 
@@ -157,17 +158,17 @@ static const char *paddr (struct sockaddr *sa)
     static char buf[100];
     char portbuf[10];
     if (getnameinfo(sa, socklen(sa),
-		    buf, sizeof(buf), portbuf, sizeof(portbuf),
-		    NI_NUMERICHOST|NI_NUMERICSERV))
-	strlcpy(buf, "<unprintable>", sizeof(buf));
+                    buf, sizeof(buf), portbuf, sizeof(portbuf),
+                    NI_NUMERICHOST|NI_NUMERICSERV))
+        strlcpy(buf, "<unprintable>", sizeof(buf));
     else {
-	unsigned int len = sizeof(buf) - strlen(buf);
-	char *p = buf + strlen(buf);
-	if (len > 2+strlen(portbuf)) {
-	    *p++ = '.';
-	    len--;
-	    strncpy(p, portbuf, len);
-	}
+        unsigned int len = sizeof(buf) - strlen(buf);
+        char *p = buf + strlen(buf);
+        if (len > 2+strlen(portbuf)) {
+            *p++ = '.';
+            len--;
+            strncpy(p, portbuf, len);
+        }
     }
     return buf;
 }
@@ -185,28 +186,28 @@ struct connection {
     enum conn_type type;
     void (*service)(struct connection *, int);
     union {
-	/* Type-specific information.  */
-	struct {
-	    /* connection */
-	    struct sockaddr_storage addr_s;
-	    socklen_t addrlen;
-	    char addrbuf[56];
-	    krb5_fulladdr faddr;
-	    krb5_address kaddr;
-	    /* incoming */
-	    size_t bufsiz;
-	    size_t offset;
-	    char *buffer;
-	    size_t msglen;
-	    /* outgoing */
-	    krb5_data *response;
-	    unsigned char lenbuf[4];
-	    sg_buf sgbuf[2];
-	    sg_buf *sgp;
-	    int sgnum;
-	    /* crude denial-of-service avoidance support */
-	    time_t start_time;
-	} tcp;
+        /* Type-specific information.  */
+        struct {
+            /* connection */
+            struct sockaddr_storage addr_s;
+            socklen_t addrlen;
+            char addrbuf[56];
+            krb5_fulladdr faddr;
+            krb5_address kaddr;
+            /* incoming */
+            size_t bufsiz;
+            size_t offset;
+            char *buffer;
+            size_t msglen;
+            /* outgoing */
+            krb5_data *response;
+            unsigned char lenbuf[4];
+            sg_buf sgbuf[2];
+            sg_buf *sgp;
+            int sgnum;
+            /* crude denial-of-service avoidance support */
+            time_t start_time;
+        } tcp;
     } u;
 };
 
@@ -216,78 +217,78 @@ struct connection {
 /* Start at the top and work down -- this should allow for deletions
    without disrupting the iteration, since we delete by overwriting
    the element to be removed with the last element.  */
-#define FOREACH_ELT(set,idx,vvar) \
-  for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--)
-
-#define GROW_SET(set, incr, tmpptr) \
-  (((int)(set.max + incr) < set.max					\
-    || (((size_t)((int)(set.max + incr) * sizeof(set.data[0]))		\
-	 / sizeof(set.data[0]))						\
-	!= (set.max + incr)))						\
-   ? 0				/* overflow */				\
-   : ((tmpptr = realloc(set.data,					\
-			(int)(set.max + incr) * sizeof(set.data[0])))	\
-      ? (set.data = tmpptr, set.max += incr, 1)				\
-      : 0))
+#define FOREACH_ELT(set,idx,vvar)                                       \
+    for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--)
+
+#define GROW_SET(set, incr, tmpptr)                                     \
+    (((int)(set.max + incr) < set.max                                   \
+      || (((size_t)((int)(set.max + incr) * sizeof(set.data[0]))        \
+           / sizeof(set.data[0]))                                       \
+          != (set.max + incr)))                                         \
+     ? 0                          /* overflow */                        \
+     : ((tmpptr = realloc(set.data,                                     \
+                          (int)(set.max + incr) * sizeof(set.data[0]))) \
+        ? (set.data = tmpptr, set.max += incr, 1)                       \
+        : 0))
 
 /* 1 = success, 0 = failure */
-#define ADD(set, val, tmpptr) \
-  ((set.n < set.max || GROW_SET(set, 10, tmpptr))			\
-   ? (set.data[set.n++] = val, 1)					\
-   : 0)
+#define ADD(set, val, tmpptr)                           \
+    ((set.n < set.max || GROW_SET(set, 10, tmpptr))     \
+     ? (set.data[set.n++] = val, 1)                     \
+     : 0)
 
-#define DEL(set, idx) \
-  (set.data[idx] = set.data[--set.n], 0)
+#define DEL(set, idx)                           \
+    (set.data[idx] = set.data[--set.n], 0)
 
-#define FREE_SET_DATA(set) \
-  (free(set.data), set.data = 0, set.max = 0, set.n = 0)
+#define FREE_SET_DATA(set)                                      \
+    (free(set.data), set.data = 0, set.max = 0, set.n = 0)
 
 
 /* Set<struct connection *> connections; */
 static SET(struct connection *) connections;
-#define n_sockets	connections.n
-#define conns		connections.data
+#define n_sockets       connections.n
+#define conns           connections.data
 
 /* Set<u_short> udp_port_data, tcp_port_data; */
 static SET(u_short) udp_port_data, tcp_port_data;
 
 #include "cm.h"
 
-static struct select_state sstate;
+                    static struct select_state sstate;
 
-static krb5_error_code add_udp_port(int port)
+                    static krb5_error_code add_udp_port(int port)
 {
-    int	i;
+    int i;
     void *tmp;
     u_short val;
     u_short s_port = port;
 
     if (s_port != port)
-	return EINVAL;
+        return EINVAL;
 
     FOREACH_ELT (udp_port_data, i, val)
-	if (s_port == val)
-	    return 0;
+        if (s_port == val)
+            return 0;
     if (!ADD(udp_port_data, s_port, tmp))
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
 
 static krb5_error_code add_tcp_port(int port)
 {
-    int	i;
+    int i;
     void *tmp;
     u_short val;
     u_short s_port = port;
 
     if (s_port != port)
-	return EINVAL;
+        return EINVAL;
 
     FOREACH_ELT (tcp_port_data, i, val)
-	if (s_port == val)
-	    return 0;
+        if (s_port == val)
+            return 0;
     if (!ADD(tcp_port_data, s_port, tmp))
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
 
@@ -307,29 +308,29 @@ struct socksetup {
 
 static struct connection *
 add_fd (struct socksetup *data, int sock, enum conn_type conntype,
-	void (*service)(struct connection *, int))
+        void (*service)(struct connection *, int))
 {
     struct connection *newconn;
     void *tmp;
 
 #ifndef _WIN32
     if (sock >= FD_SETSIZE) {
-	data->retval = EMFILE;	/* XXX */
-	kdc_err(NULL, 0, "file descriptor number %d too high", sock);
-	return 0;
+        data->retval = EMFILE;  /* XXX */
+        kdc_err(NULL, 0, "file descriptor number %d too high", sock);
+        return 0;
     }
 #endif
     newconn = malloc(sizeof(*newconn));
     if (newconn == 0) {
-	data->retval = ENOMEM;
-	kdc_err(NULL, ENOMEM, "cannot allocate storage for connection info");
-	return 0;
+        data->retval = ENOMEM;
+        kdc_err(NULL, ENOMEM, "cannot allocate storage for connection info");
+        return 0;
     }
     if (!ADD(connections, newconn, tmp)) {
-	data->retval = ENOMEM;
-	kdc_err(NULL, ENOMEM, "cannot save socket info");
-	free(newconn);
-	return 0;
+        data->retval = ENOMEM;
+        kdc_err(NULL, ENOMEM, "cannot save socket info");
+        free(newconn);
+        return 0;
     }
 
     memset(newconn, 0, sizeof(*newconn));
@@ -347,7 +348,7 @@ static struct connection *
 add_udp_fd (struct socksetup *data, int sock, int pktinfo)
 {
     return add_fd(data, sock, pktinfo ? CONN_UDP_PKTINFO : CONN_UDP,
-		  process_packet);
+                  process_packet);
 }
 
 static struct connection *
@@ -369,10 +370,10 @@ delete_fd (struct connection *xconn)
     int i;
 
     FOREACH_ELT(connections, i, conn)
-	if (conn == xconn) {
-	    DEL(connections, i);
-	    break;
-	}
+        if (conn == xconn) {
+            DEL(connections, i);
+            break;
+        }
     free(xconn);
 }
 
@@ -405,57 +406,57 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr)
 
     sock = socket(addr->sa_family, SOCK_STREAM, 0);
     if (sock == -1) {
-	kdc_err(NULL, errno, "Cannot create TCP server socket on %s",
-		paddr(addr));
-	return -1;
+        kdc_err(NULL, errno, "Cannot create TCP server socket on %s",
+                paddr(addr));
+        return -1;
     }
     set_cloexec_fd(sock);
 #ifndef _WIN32
     if (sock >= FD_SETSIZE) {
-	close(sock);
-	kdc_err(NULL, 0, "TCP socket fd number %d (for %s) too high",
-		sock, paddr(addr));
-	return -1;
+        close(sock);
+        kdc_err(NULL, 0, "TCP socket fd number %d (for %s) too high",
+                sock, paddr(addr));
+        return -1;
     }
 #endif
     if (setreuseaddr(sock, 1) < 0)
-	kdc_err(NULL, errno, "Cannot enable SO_REUSEADDR on fd %d", sock);
+        kdc_err(NULL, errno, "Cannot enable SO_REUSEADDR on fd %d", sock);
 #ifdef KRB5_USE_INET6
     if (addr->sa_family == AF_INET6) {
 #ifdef IPV6_V6ONLY
-	if (setv6only(sock, 1))
-	    kdc_err(NULL, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", sock);
-	else
-	    kdc_err(NULL, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", sock);
+        if (setv6only(sock, 1))
+            kdc_err(NULL, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", sock);
+        else
+            kdc_err(NULL, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", sock);
 #else
-	krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
+        krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
 #endif /* IPV6_V6ONLY */
     }
 #endif /* KRB5_USE_INET6 */
     if (bind(sock, addr, socklen(addr)) == -1) {
-	kdc_err(NULL, errno, "Cannot bind TCP server socket on %s",
-		paddr(addr));
-	close(sock);
-	return -1;
+        kdc_err(NULL, errno, "Cannot bind TCP server socket on %s",
+                paddr(addr));
+        close(sock);
+        return -1;
     }
     if (listen(sock, 5) < 0) {
-	kdc_err(NULL, errno, "Cannot listen on TCP server socket on %s",
-		paddr(addr));
-	close(sock);
-	return -1;
+        kdc_err(NULL, errno, "Cannot listen on TCP server socket on %s",
+                paddr(addr));
+        close(sock);
+        return -1;
     }
     if (setnbio(sock)) {
-	kdc_err(NULL, errno,
-		"cannot set listening tcp socket on %s non-blocking",
-		paddr(addr));
-	close(sock);
-	return -1;
+        kdc_err(NULL, errno,
+                "cannot set listening tcp socket on %s non-blocking",
+                paddr(addr));
+        close(sock);
+        return -1;
     }
     if (setnolinger(sock)) {
-	kdc_err(NULL, errno, "disabling SO_LINGER on TCP socket on %s",
-		paddr(addr));
-	close(sock);
-	return -1;
+        kdc_err(NULL, errno, "disabling SO_LINGER on TCP socket on %s",
+                paddr(addr));
+        close(sock);
+        return -1;
     }
     return sock;
 }
@@ -486,58 +487,58 @@ setup_tcp_listener_ports(struct socksetup *data)
 #endif
 
     FOREACH_ELT (tcp_port_data, i, port) {
-	int s4, s6;
-
-	set_sa_port((struct sockaddr *)&sin4, htons(port));
-	if (!ipv6_enabled()) {
-	    s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
-	    if (s4 < 0)
-		return -1;
-	    s6 = -1;
-	} else {
+        int s4, s6;
+
+        set_sa_port((struct sockaddr *)&sin4, htons(port));
+        if (!ipv6_enabled()) {
+            s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
+            if (s4 < 0)
+                return -1;
+            s6 = -1;
+        } else {
 #ifndef KRB5_USE_INET6
-	    abort();
+            abort();
 #else
-	    s4 = s6 = -1;
+            s4 = s6 = -1;
 
-	    set_sa_port((struct sockaddr *)&sin6, htons(port));
+            set_sa_port((struct sockaddr *)&sin6, htons(port));
 
-	    s6 = setup_a_tcp_listener(data, (struct sockaddr *)&sin6);
-	    if (s6 < 0)
-		return -1;
+            s6 = setup_a_tcp_listener(data, (struct sockaddr *)&sin6);
+            if (s6 < 0)
+                return -1;
 
-	    s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
+            s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4);
 #endif /* KRB5_USE_INET6 */
-	}
-
-	/* Sockets are created, prepare to listen on them.  */
-	if (s4 >= 0) {
-	    if (add_tcp_listener_fd(data, s4) == NULL)
-		close(s4);
-	    else {
-		FD_SET(s4, &sstate.rfds);
-		if (s4 >= sstate.max)
-		    sstate.max = s4 + 1;
-		krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
-				 s4, paddr((struct sockaddr *)&sin4));
-	    }
-	}
+        }
+
+        /* Sockets are created, prepare to listen on them.  */
+        if (s4 >= 0) {
+            if (add_tcp_listener_fd(data, s4) == NULL)
+                close(s4);
+            else {
+                FD_SET(s4, &sstate.rfds);
+                if (s4 >= sstate.max)
+                    sstate.max = s4 + 1;
+                krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
+                                 s4, paddr((struct sockaddr *)&sin4));
+            }
+        }
 #ifdef KRB5_USE_INET6
-	if (s6 >= 0) {
-	    if (add_tcp_listener_fd(data, s6) == NULL) {
-		close(s6);
-		s6 = -1;
-	    } else {
-		FD_SET(s6, &sstate.rfds);
-		if (s6 >= sstate.max)
-		    sstate.max = s6 + 1;
-		krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
-				 s6, paddr((struct sockaddr *)&sin6));
-	    }
-	    if (s4 < 0)
-		krb5_klog_syslog(LOG_INFO,
-				 "assuming IPv6 socket accepts IPv4");
-	}
+        if (s6 >= 0) {
+            if (add_tcp_listener_fd(data, s6) == NULL) {
+                close(s6);
+                s6 = -1;
+            } else {
+                FD_SET(s6, &sstate.rfds);
+                if (s6 >= sstate.max)
+                    sstate.max = s6 + 1;
+                krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s",
+                                 s6, paddr((struct sockaddr *)&sin6));
+            }
+            if (s4 < 0)
+                krb5_klog_syslog(LOG_INFO,
+                                 "assuming IPv6 socket accepts IPv4");
+        }
 #endif
     }
     return 0;
@@ -556,39 +557,39 @@ union pktinfo {
 
 static int
 setup_udp_port_1(struct socksetup *data, struct sockaddr *addr,
-		 char *haddrbuf, int pktinfo);
+                 char *haddrbuf, int pktinfo);
 
 static void
 setup_udp_pktinfo_ports(struct socksetup *data)
 {
 #ifdef IP_PKTINFO
     {
-	struct sockaddr_in sa;
-	int r;
+        struct sockaddr_in sa;
+        int r;
 
-	memset(&sa, 0, sizeof(sa));
-	sa.sin_family = AF_INET;
+        memset(&sa, 0, sizeof(sa));
+        sa.sin_family = AF_INET;
 #ifdef HAVE_SA_LEN
-	sa.sin_len = sizeof(sa);
+        sa.sin_len = sizeof(sa);
 #endif
-	r = setup_udp_port_1(data, (struct sockaddr *) &sa, "0.0.0.0", 4);
-	if (r == 0)
-	    data->udp_flags &= ~UDP_DO_IPV4;
+        r = setup_udp_port_1(data, (struct sockaddr *) &sa, "0.0.0.0", 4);
+        if (r == 0)
+            data->udp_flags &= ~UDP_DO_IPV4;
     }
 #endif
 #ifdef IPV6_PKTINFO
     {
-	struct sockaddr_in6 sa;
-	int r;
+        struct sockaddr_in6 sa;
+        int r;
 
-	memset(&sa, 0, sizeof(sa));
-	sa.sin6_family = AF_INET6;
+        memset(&sa, 0, sizeof(sa));
+        sa.sin6_family = AF_INET6;
 #ifdef HAVE_SA_LEN
-	sa.sin6_len = sizeof(sa);
+        sa.sin6_len = sizeof(sa);
 #endif
-	r = setup_udp_port_1(data, (struct sockaddr *) &sa, "::", 6);
-	if (r == 0)
-	    data->udp_flags &= ~UDP_DO_IPV6;
+        r = setup_udp_port_1(data, (struct sockaddr *) &sa, "::", 6);
+        if (r == 0)
+            data->udp_flags &= ~UDP_DO_IPV6;
     }
 #endif
 }
@@ -601,66 +602,66 @@ setup_udp_pktinfo_ports(struct socksetup *data)
 
 static int
 setup_udp_port_1(struct socksetup *data, struct sockaddr *addr,
-		 char *haddrbuf, int pktinfo)
+                 char *haddrbuf, int pktinfo)
 {
     int sock = -1, i, r;
     u_short port;
 
     FOREACH_ELT (udp_port_data, i, port) {
-	sock = socket (addr->sa_family, SOCK_DGRAM, 0);
-	if (sock == -1) {
-	    data->retval = errno;
-	    kdc_err(NULL, data->retval,
-		    "Cannot create server socket for port %d address %s",
-		    port, haddrbuf);
-	    return 1;
-	}
-	set_cloexec_fd(sock);
+        sock = socket (addr->sa_family, SOCK_DGRAM, 0);
+        if (sock == -1) {
+            data->retval = errno;
+            kdc_err(NULL, data->retval,
+                    "Cannot create server socket for port %d address %s",
+                    port, haddrbuf);
+            return 1;
+        }
+        set_cloexec_fd(sock);
 #ifdef KRB5_USE_INET6
-	if (addr->sa_family == AF_INET6) {
+        if (addr->sa_family == AF_INET6) {
 #ifdef IPV6_V6ONLY
-	    if (setv6only(sock, 1))
-		kdc_err(NULL, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed",
-			sock);
-	    else
-		kdc_err(NULL, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", sock);
+            if (setv6only(sock, 1))
+                kdc_err(NULL, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed",
+                        sock);
+            else
+                kdc_err(NULL, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", sock);
 #else
-	    krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
+            krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support");
 #endif /* IPV6_V6ONLY */
-	}
+        }
 #endif
-	set_sa_port(addr, htons(port));
-	if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) {
-	    data->retval = errno;
-	    kdc_err(NULL, data->retval,
-		    "Cannot bind server socket to port %d address %s",
-		    port, haddrbuf);
-	    close(sock);
-	    return 1;
-	}
+        set_sa_port(addr, htons(port));
+        if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) {
+            data->retval = errno;
+            kdc_err(NULL, data->retval,
+                    "Cannot bind server socket to port %d address %s",
+                    port, haddrbuf);
+            close(sock);
+            return 1;
+        }
 #if !(defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) && (defined(IP_PKTINFO) || defined(IPV6_PKTINFO)))
-	assert(pktinfo == 0);
+        assert(pktinfo == 0);
 #endif
-	if (pktinfo) {
-	    r = set_pktinfo(sock, addr->sa_family);
-	    if (r) {
-		kdc_err(NULL, r,
-			"Cannot request packet info for udp socket address %s port %d",
-			haddrbuf, port);
-		close(sock);
-		return 1;
-	    }
-	}
-	krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock,
-			  paddr((struct sockaddr *)addr),
-			  pktinfo ? " (pktinfo)" : "");
-	if (add_udp_fd (data, sock, pktinfo) == 0) {
-	    close(sock);
-	    return 1;
-	}
-	FD_SET (sock, &sstate.rfds);
-	if (sock >= sstate.max)
-	    sstate.max = sock + 1;
+        if (pktinfo) {
+            r = set_pktinfo(sock, addr->sa_family);
+            if (r) {
+                kdc_err(NULL, r,
+                        "Cannot request packet info for udp socket address %s port %d",
+                        haddrbuf, port);
+                close(sock);
+                return 1;
+            }
+        }
+        krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock,
+                          paddr((struct sockaddr *)addr),
+                          pktinfo ? " (pktinfo)" : "");
+        if (add_udp_fd (data, sock, pktinfo) == 0) {
+            close(sock);
+            return 1;
+        }
+        FD_SET (sock, &sstate.rfds);
+        if (sock >= sstate.max)
+            sstate.max = sock + 1;
     }
     return 0;
 }
@@ -673,51 +674,51 @@ setup_udp_port(void *P_data, struct sockaddr *addr)
     int err;
 
     if (addr->sa_family == AF_INET && !(data->udp_flags & UDP_DO_IPV4))
-	return 0;
+        return 0;
 #ifdef AF_INET6
     if (addr->sa_family == AF_INET6 && !(data->udp_flags & UDP_DO_IPV6))
-	return 0;
+        return 0;
 #endif
     err = getnameinfo(addr, socklen(addr), haddrbuf, sizeof(haddrbuf),
-		      0, 0, NI_NUMERICHOST);
+                      0, 0, NI_NUMERICHOST);
     if (err)
-	strlcpy(haddrbuf, "<unprintable>", sizeof(haddrbuf));
+        strlcpy(haddrbuf, "<unprintable>", sizeof(haddrbuf));
 
     switch (addr->sa_family) {
     case AF_INET:
-	break;
+        break;
 #ifdef AF_INET6
     case AF_INET6:
 #ifdef KRB5_USE_INET6
-	break;
+        break;
 #else
-	{
-	    static int first = 1;
-	    if (first) {
-		krb5_klog_syslog (LOG_INFO, "skipping local ipv6 addresses");
-		first = 0;
-	    }
-	    return 0;
-	}
+        {
+            static int first = 1;
+            if (first) {
+                krb5_klog_syslog (LOG_INFO, "skipping local ipv6 addresses");
+                first = 0;
+            }
+            return 0;
+        }
 #endif
 #endif
 #ifdef AF_LINK /* some BSD systems, AIX */
     case AF_LINK:
-	return 0;
+        return 0;
 #endif
 #ifdef AF_DLI /* Direct Link Interface - DEC Ultrix/OSF1 link layer? */
     case AF_DLI:
-	return 0;
+        return 0;
 #endif
 #ifdef AF_APPLETALK
     case AF_APPLETALK:
-	return 0;
+        return 0;
 #endif
     default:
-	krb5_klog_syslog (LOG_INFO,
-			  "skipping unrecognized local address family %d",
-			  addr->sa_family);
-	return 0;
+        krb5_klog_syslog (LOG_INFO,
+                          "skipping unrecognized local address family %d",
+                          addr->sa_family);
+        return 0;
     }
     return setup_udp_port_1(data, addr, haddrbuf, 0);
 }
@@ -729,40 +730,40 @@ static void klog_handler(const void *data, size_t len)
     static int bufoffset;
     void *p;
 
-#define flush_buf() \
-  (bufoffset						\
-   ? (((buf[0] == 0 || buf[0] == '\n')			\
-       ? (fork()==0?abort():(void)0)			\
-       : (void)0),					\
-      krb5_klog_syslog(LOG_INFO, "%s", buf),		\
-      memset(buf, 0, sizeof(buf)),			\
-      bufoffset = 0)					\
-   : 0)
+#define flush_buf()                             \
+    (bufoffset                                  \
+     ? (((buf[0] == 0 || buf[0] == '\n')        \
+         ? (fork()==0?abort():(void)0)          \
+         : (void)0),                            \
+        krb5_klog_syslog(LOG_INFO, "%s", buf),  \
+        memset(buf, 0, sizeof(buf)),            \
+        bufoffset = 0)                          \
+     : 0)
 
     p = memchr(data, 0, len);
     if (p)
-	len = (const char *)p - (const char *)data;
+        len = (const char *)p - (const char *)data;
 scan_for_newlines:
     if (len == 0)
-	return;
+        return;
     p = memchr(data, '\n', len);
     if (p) {
-	if (p != data)
-	    klog_handler(data, (size_t)((const char *)p - (const char *)data));
-	flush_buf();
-	len -= ((const char *)p - (const char *)data) + 1;
-	data = 1 + (const char *)p;
-	goto scan_for_newlines;
+        if (p != data)
+            klog_handler(data, (size_t)((const char *)p - (const char *)data));
+        flush_buf();
+        len -= ((const char *)p - (const char *)data) + 1;
+        data = 1 + (const char *)p;
+        goto scan_for_newlines;
     } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) {
-	size_t x = sizeof(buf) - len - 1;
-	klog_handler(data, x);
-	flush_buf();
-	len -= x;
-	data = (const char *)data + x;
-	goto scan_for_newlines;
+        size_t x = sizeof(buf) - len - 1;
+        klog_handler(data, x);
+        flush_buf();
+        len -= x;
+        data = (const char *)data + x;
+        goto scan_for_newlines;
     } else {
-	memcpy(buf + bufoffset, data, len);
-	bufoffset += len;
+        memcpy(buf + bufoffset, data, len);
+        bufoffset += len;
     }
 }
 #endif
@@ -801,73 +802,73 @@ static void process_routing_update(struct connection *conn, int selflags)
     struct rt_msghdr rtm;
 
     while ((n_read = read(conn->fd, &rtm, sizeof(rtm))) > 0) {
-	if (n_read < sizeof(rtm)) {
-	    /* Quick hack to figure out if the interesting
-	       fields are present in a short read.
+        if (n_read < sizeof(rtm)) {
+            /* Quick hack to figure out if the interesting
+               fields are present in a short read.
 
-	       A short read seems to be normal for some message types.
-	       Only complain if we don't have the critical initial
-	       header fields.  */
+               A short read seems to be normal for some message types.
+               Only complain if we don't have the critical initial
+               header fields.  */
 #define RS(FIELD) (offsetof(struct rt_msghdr, FIELD) + sizeof(rtm.FIELD))
-	    if (n_read < RS(rtm_type) ||
-		n_read < RS(rtm_version) ||
-		n_read < RS(rtm_msglen)) {
-		krb5_klog_syslog(LOG_ERR,
-				 "short read (%d/%d) from routing socket",
-				 n_read, (int) sizeof(rtm));
-		return;
-	    }
-	}
+            if (n_read < RS(rtm_type) ||
+                n_read < RS(rtm_version) ||
+                n_read < RS(rtm_msglen)) {
+                krb5_klog_syslog(LOG_ERR,
+                                 "short read (%d/%d) from routing socket",
+                                 n_read, (int) sizeof(rtm));
+                return;
+            }
+        }
 #if 0
-	krb5_klog_syslog(LOG_INFO,
-			 "got routing msg type %d(%s) v%d",
-			 rtm.rtm_type, rtm_type_name(rtm.rtm_type),
-			 rtm.rtm_version);
+        krb5_klog_syslog(LOG_INFO,
+                         "got routing msg type %d(%s) v%d",
+                         rtm.rtm_type, rtm_type_name(rtm.rtm_type),
+                         rtm.rtm_version);
 #endif
-	if (rtm.rtm_msglen > sizeof(rtm)) {
-	    /* It appears we get a partial message and the rest is
-	       thrown away?  */
-	} else if (rtm.rtm_msglen != n_read) {
-	    krb5_klog_syslog(LOG_ERR,
-			     "read %d from routing socket but msglen is %d",
-			     n_read, rtm.rtm_msglen);
-	}
-	switch (rtm.rtm_type) {
-	case RTM_ADD:
-	case RTM_DELETE:
-	case RTM_NEWADDR:
-	case RTM_DELADDR:
-	case RTM_IFINFO:
-	case RTM_OLDADD:
-	case RTM_OLDDEL:
+        if (rtm.rtm_msglen > sizeof(rtm)) {
+            /* It appears we get a partial message and the rest is
+               thrown away?  */
+        } else if (rtm.rtm_msglen != n_read) {
+            krb5_klog_syslog(LOG_ERR,
+                             "read %d from routing socket but msglen is %d",
+                             n_read, rtm.rtm_msglen);
+        }
+        switch (rtm.rtm_type) {
+        case RTM_ADD:
+        case RTM_DELETE:
+        case RTM_NEWADDR:
+        case RTM_DELADDR:
+        case RTM_IFINFO:
+        case RTM_OLDADD:
+        case RTM_OLDDEL:
 #if 0
-	    krb5_klog_syslog(LOG_DEBUG,
-			     "network reconfiguration message (%s) received",
-			     rtm_type_name(rtm.rtm_type));
+            krb5_klog_syslog(LOG_DEBUG,
+                             "network reconfiguration message (%s) received",
+                             rtm_type_name(rtm.rtm_type));
 #endif
-	    network_reconfiguration_needed = 1;
-	    break;
-	case RTM_RESOLVE:
+            network_reconfiguration_needed = 1;
+            break;
+        case RTM_RESOLVE:
 #ifdef RTM_NEWMADDR
-	case RTM_NEWMADDR:
-	case RTM_DELMADDR:
+        case RTM_NEWMADDR:
+        case RTM_DELMADDR:
 #endif
-	case RTM_MISS:
-	case RTM_REDIRECT:
-	case RTM_LOSING:
-	case RTM_GET:
-	    /* Not interesting.  */
+        case RTM_MISS:
+        case RTM_REDIRECT:
+        case RTM_LOSING:
+        case RTM_GET:
+            /* Not interesting.  */
 #if 0
-	    krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting");
+            krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting");
 #endif
-	    break;
-	default:
-	    krb5_klog_syslog(LOG_INFO,
-			     "unhandled routing message type %d, will reconfigure just for the fun of it",
-			     rtm.rtm_type);
-	    network_reconfiguration_needed = 1;
-	    break;
-	}
+            break;
+        default:
+            krb5_klog_syslog(LOG_INFO,
+                             "unhandled routing message type %d, will reconfigure just for the fun of it",
+                             rtm.rtm_type);
+            network_reconfiguration_needed = 1;
+            break;
+        }
     }
 }
 
@@ -876,14 +877,14 @@ setup_routing_socket(struct socksetup *data)
 {
     int sock = socket(PF_ROUTE, SOCK_RAW, 0);
     if (sock < 0) {
-	int e = errno;
-	krb5_klog_syslog(LOG_INFO, "couldn't set up routing socket: %s",
-			 strerror(e));
+        int e = errno;
+        krb5_klog_syslog(LOG_INFO, "couldn't set up routing socket: %s",
+                         strerror(e));
     } else {
-	krb5_klog_syslog(LOG_INFO, "routing socket is fd %d", sock);
-	add_fd(data, sock, CONN_ROUTING, process_routing_update);
-	setnbio(sock);
-	FD_SET(sock, &sstate.rfds);
+        krb5_klog_syslog(LOG_INFO, "routing socket is fd %d", sock);
+        add_fd(data, sock, CONN_ROUTING, process_routing_update);
+        setnbio(sock);
+        FD_SET(sock, &sstate.rfds);
     }
 }
 #endif
@@ -910,33 +911,33 @@ setup_network()
 
     /* Handle each realm's ports */
     for (i=0; i<kdc_numrealms; i++) {
-	cp = kdc_realmlist[i]->realm_ports;
-	while (cp && *cp) {
-	    if (*cp == ',' || isspace((int) *cp)) {
-		cp++;
-		continue;
-	    }
-	    port = strtol(cp, &cp, 10);
-	    if (cp == 0)
-		break;
-	    retval = add_udp_port(port);
-	    if (retval)
-		return retval;
-	}
-
-	cp = kdc_realmlist[i]->realm_tcp_ports;
-	while (cp && *cp) {
-	    if (*cp == ',' || isspace((int) *cp)) {
-		cp++;
-		continue;
-	    }
-	    port = strtol(cp, &cp, 10);
-	    if (cp == 0)
-		break;
-	    retval = add_tcp_port(port);
-	    if (retval)
-		return retval;
-	}
+        cp = kdc_realmlist[i]->realm_ports;
+        while (cp && *cp) {
+            if (*cp == ',' || isspace((int) *cp)) {
+                cp++;
+                continue;
+            }
+            port = strtol(cp, &cp, 10);
+            if (cp == 0)
+                break;
+            retval = add_udp_port(port);
+            if (retval)
+                return retval;
+        }
+
+        cp = kdc_realmlist[i]->realm_tcp_ports;
+        while (cp && *cp) {
+            if (*cp == ',' || isspace((int) *cp)) {
+                cp++;
+                continue;
+            }
+            port = strtol(cp, &cp, 10);
+            if (cp == 0)
+                break;
+            retval = add_tcp_port(port);
+            if (retval)
+                return retval;
+        }
     }
 
     setup_data.retval = 0;
@@ -951,15 +952,15 @@ setup_network()
     setup_data.udp_flags = UDP_DO_IPV4 | UDP_DO_IPV6;
     setup_udp_pktinfo_ports(&setup_data);
     if (setup_data.udp_flags) {
-	if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
-	    return setup_data.retval;
-	}
+        if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) {
+            return setup_data.retval;
+        }
     }
     setup_tcp_listener_ports(&setup_data);
     krb5_klog_syslog (LOG_INFO, "set up %d sockets", n_sockets);
     if (n_sockets == 0) {
-	kdc_err(NULL, 0, "no sockets set up?");
-	exit (1);
+        kdc_err(NULL, 0, "no sockets set up?");
+        exit (1);
     }
 
     return 0;
@@ -969,45 +970,45 @@ static void init_addr(krb5_fulladdr *faddr, struct sockaddr *sa)
 {
     switch (sa->sa_family) {
     case AF_INET:
-	faddr->address->addrtype = ADDRTYPE_INET;
-	faddr->address->length = 4;
-	faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr;
-	faddr->port = ntohs(sa2sin(sa)->sin_port);
-	break;
+        faddr->address->addrtype = ADDRTYPE_INET;
+        faddr->address->length = 4;
+        faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr;
+        faddr->port = ntohs(sa2sin(sa)->sin_port);
+        break;
 #ifdef KRB5_USE_INET6
     case AF_INET6:
-	if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) {
-	    faddr->address->addrtype = ADDRTYPE_INET;
-	    faddr->address->length = 4;
-	    faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr;
-	} else {
-	    faddr->address->addrtype = ADDRTYPE_INET6;
-	    faddr->address->length = 16;
-	    faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr;
-	}
-	faddr->port = ntohs(sa2sin6(sa)->sin6_port);
-	break;
+        if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) {
+            faddr->address->addrtype = ADDRTYPE_INET;
+            faddr->address->length = 4;
+            faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr;
+        } else {
+            faddr->address->addrtype = ADDRTYPE_INET6;
+            faddr->address->length = 16;
+            faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr;
+        }
+        faddr->port = ntohs(sa2sin6(sa)->sin6_port);
+        break;
 #endif
     default:
-	faddr->address->addrtype = -1;
-	faddr->address->length = 0;
-	faddr->address->contents = 0;
-	faddr->port = 0;
-	break;
+        faddr->address->addrtype = -1;
+        faddr->address->length = 0;
+        faddr->address->contents = 0;
+        faddr->port = 0;
+        break;
     }
 }
 
 static int
 recv_from_to(int s, void *buf, size_t len, int flags,
-	     struct sockaddr *from, socklen_t *fromlen,
-	     struct sockaddr *to, socklen_t *tolen)
+             struct sockaddr *from, socklen_t *fromlen,
+             struct sockaddr *to, socklen_t *tolen)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
     if (to && tolen) {
-	/* Clobber with something recognizeable in case we try to use
-	   the address.  */
-	memset(to, 0x40, *tolen);
-	*tolen = 0;
+        /* Clobber with something recognizeable in case we try to use
+           the address.  */
+        memset(to, 0x40, *tolen);
+        *tolen = 0;
     }
     return recvfrom(s, buf, len, flags, from, fromlen);
 #else
@@ -1018,7 +1019,7 @@ recv_from_to(int s, void *buf, size_t len, int flags,
     struct msghdr msg;
 
     if (!to || !tolen)
-	return recvfrom(s, buf, len, flags, from, fromlen);
+        return recvfrom(s, buf, len, flags, from, fromlen);
 
     /* Clobber with something recognizeable in case we can't extract
        the address but try to use it anyways.  */
@@ -1036,7 +1037,7 @@ recv_from_to(int s, void *buf, size_t len, int flags,
 
     r = recvmsg(s, &msg, flags);
     if (r < 0)
-	return r;
+        return r;
     *fromlen = msg.msg_namelen;
 
     /* On Darwin (and presumably all *BSD with KAME stacks),
@@ -1044,36 +1045,36 @@ recv_from_to(int s, void *buf, size_t len, int flags,
        3542 recommends making this check, even though the (new) spec
        for CMSG_FIRSTHDR says it's supposed to do the check.  */
     if (msg.msg_controllen) {
-	cmsgptr = CMSG_FIRSTHDR(&msg);
-	while (cmsgptr) {
+        cmsgptr = CMSG_FIRSTHDR(&msg);
+        while (cmsgptr) {
 #ifdef IP_PKTINFO
-	    if (cmsgptr->cmsg_level == IPPROTO_IP
-		&& cmsgptr->cmsg_type == IP_PKTINFO
-		&& *tolen >= sizeof(struct sockaddr_in)) {
-		struct in_pktinfo *pktinfo;
-		memset(to, 0, sizeof(struct sockaddr_in));
-		pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
-		((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr;
-		((struct sockaddr_in *)to)->sin_family = AF_INET;
-		*tolen = sizeof(struct sockaddr_in);
-		return r;
-	    }
+            if (cmsgptr->cmsg_level == IPPROTO_IP
+                && cmsgptr->cmsg_type == IP_PKTINFO
+                && *tolen >= sizeof(struct sockaddr_in)) {
+                struct in_pktinfo *pktinfo;
+                memset(to, 0, sizeof(struct sockaddr_in));
+                pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
+                ((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr;
+                ((struct sockaddr_in *)to)->sin_family = AF_INET;
+                *tolen = sizeof(struct sockaddr_in);
+                return r;
+            }
 #endif
 #if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO)&& defined(HAVE_STRUCT_IN6_PKTINFO)
-	    if (cmsgptr->cmsg_level == IPPROTO_IPV6
-		&& cmsgptr->cmsg_type == IPV6_PKTINFO
-		&& *tolen >= sizeof(struct sockaddr_in6)) {
-		struct in6_pktinfo *pktinfo;
-		memset(to, 0, sizeof(struct sockaddr_in6));
-		pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
-		((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr;
-		((struct sockaddr_in6 *)to)->sin6_family = AF_INET6;
-		*tolen = sizeof(struct sockaddr_in6);
-		return r;
-	    }
+            if (cmsgptr->cmsg_level == IPPROTO_IPV6
+                && cmsgptr->cmsg_type == IPV6_PKTINFO
+                && *tolen >= sizeof(struct sockaddr_in6)) {
+                struct in6_pktinfo *pktinfo;
+                memset(to, 0, sizeof(struct sockaddr_in6));
+                pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
+                ((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr;
+                ((struct sockaddr_in6 *)to)->sin6_family = AF_INET6;
+                *tolen = sizeof(struct sockaddr_in6);
+                return r;
+            }
 #endif
-	    cmsgptr = CMSG_NXTHDR(&msg, cmsgptr);
-	}
+            cmsgptr = CMSG_NXTHDR(&msg, cmsgptr);
+        }
     }
     /* No info about destination addr was available.  */
     *tolen = 0;
@@ -1083,8 +1084,8 @@ recv_from_to(int s, void *buf, size_t len, int flags,
 
 static int
 send_to_from(int s, void *buf, size_t len, int flags,
-	     const struct sockaddr *to, socklen_t tolen,
-	     const struct sockaddr *from, socklen_t fromlen)
+             const struct sockaddr *to, socklen_t tolen,
+             const struct sockaddr *from, socklen_t fromlen)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
     return sendto(s, buf, len, flags, to, tolen);
@@ -1096,14 +1097,14 @@ send_to_from(int s, void *buf, size_t len, int flags,
 
     if (from == 0 || fromlen == 0 || from->sa_family != to->sa_family) {
     use_sendto:
-	return sendto(s, buf, len, flags, to, tolen);
+        return sendto(s, buf, len, flags, to, tolen);
     }
 
     iov.iov_base = buf;
     iov.iov_len = len;
     /* Truncation?  */
     if (iov.iov_len != len)
-	return EINVAL;
+        return EINVAL;
     memset(cbuf, 0, sizeof(cbuf));
     memset(&msg, 0, sizeof(msg));
     msg.msg_name = (void *) to;
@@ -1120,36 +1121,36 @@ send_to_from(int s, void *buf, size_t len, int flags,
     switch (from->sa_family) {
 #if defined(IP_PKTINFO)
     case AF_INET:
-	if (fromlen != sizeof(struct sockaddr_in))
-	    goto use_sendto;
-	cmsgptr->cmsg_level = IPPROTO_IP;
-	cmsgptr->cmsg_type = IP_PKTINFO;
-	cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
-	{
-	    struct in_pktinfo *p = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
-	    const struct sockaddr_in *from4 = (const struct sockaddr_in *)from;
-	    p->ipi_spec_dst = from4->sin_addr;
-	}
-	msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
-	break;
+        if (fromlen != sizeof(struct sockaddr_in))
+            goto use_sendto;
+        cmsgptr->cmsg_level = IPPROTO_IP;
+        cmsgptr->cmsg_type = IP_PKTINFO;
+        cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+        {
+            struct in_pktinfo *p = (struct in_pktinfo *)CMSG_DATA(cmsgptr);
+            const struct sockaddr_in *from4 = (const struct sockaddr_in *)from;
+            p->ipi_spec_dst = from4->sin_addr;
+        }
+        msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo));
+        break;
 #endif
 #if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO)
     case AF_INET6:
-	if (fromlen != sizeof(struct sockaddr_in6))
-	    goto use_sendto;
-	cmsgptr->cmsg_level = IPPROTO_IPV6;
-	cmsgptr->cmsg_type = IPV6_PKTINFO;
-	cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
-	{
-	    struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
-	    const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from;
-	    p->ipi6_addr = from6->sin6_addr;
-	}
-	msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
-	break;
+        if (fromlen != sizeof(struct sockaddr_in6))
+            goto use_sendto;
+        cmsgptr->cmsg_level = IPPROTO_IPV6;
+        cmsgptr->cmsg_type = IPV6_PKTINFO;
+        cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+        {
+            struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
+            const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from;
+            p->ipi6_addr = from6->sin6_addr;
+        }
+        msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
+        break;
 #endif
     default:
-	goto use_sendto;
+        goto use_sendto;
     }
     return sendmsg(s, &msg, flags);
 #endif
@@ -1167,7 +1168,7 @@ make_too_big_error (krb5_data **out)
 
     retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec);
     if (retval)
-	return retval;  
+        return retval;
     errpkt.error = KRB_ERR_RESPONSE_TOO_BIG;
     errpkt.server = tgs_server;
     errpkt.client = NULL;
@@ -1177,11 +1178,11 @@ make_too_big_error (krb5_data **out)
     errpkt.e_data.data = 0;
     scratch = malloc(sizeof(*scratch));
     if (scratch == NULL)
-	return ENOMEM;
+        return ENOMEM;
     retval = krb5_mk_error(kdc_context, &errpkt, scratch);
     if (retval) {
-	free(scratch);
-	return retval;
+        free(scratch);
+        return retval;
     }
 
     *out = scratch;
@@ -1205,28 +1206,28 @@ static void process_packet(struct connection *conn, int selflags)
     saddr_len = sizeof(saddr);
     daddr_len = sizeof(daddr);
     cc = recv_from_to(port_fd, pktbuf, sizeof(pktbuf), 0,
-		      (struct sockaddr *)&saddr, &saddr_len,
-		      (struct sockaddr *)&daddr, &daddr_len);
+                      (struct sockaddr *)&saddr, &saddr_len,
+                      (struct sockaddr *)&daddr, &daddr_len);
     if (cc == -1) {
-	if (errno != EINTR
-	    /* This is how Linux indicates that a previous
-	       transmission was refused, e.g., if the client timed out
-	       before getting the response packet.  */
-	    && errno != ECONNREFUSED
-	    )
-	    kdc_err(NULL, errno, "while receiving from network");
-	return;
+        if (errno != EINTR
+            /* This is how Linux indicates that a previous
+               transmission was refused, e.g., if the client timed out
+               before getting the response packet.  */
+            && errno != ECONNREFUSED
+        )
+            kdc_err(NULL, errno, "while receiving from network");
+        return;
     }
     if (!cc)
-	return;		/* zero-length packet? */
+        return;         /* zero-length packet? */
 
 #if 0
     if (daddr_len > 0) {
-	char addrbuf[100];
-	if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf),
-			0, 0, NI_NUMERICHOST))
-	    strlcpy(addrbuf, "?", sizeof(addrbuf));
-	kdc_err(NULL, 0, "pktinfo says local addr is %s", addrbuf);
+        char addrbuf[100];
+        if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf),
+                        0, 0, NI_NUMERICHOST))
+            strlcpy(addrbuf, "?", sizeof(addrbuf));
+        kdc_err(NULL, 0, "pktinfo says local addr is %s", addrbuf);
     }
 #endif
 
@@ -1236,38 +1237,38 @@ static void process_packet(struct connection *conn, int selflags)
     init_addr(&faddr, ss2sa(&saddr));
     /* this address is in net order */
     if ((retval = dispatch(&request, &faddr, &response))) {
-	kdc_err(NULL, retval, "while dispatching (udp)");
-	return;
+        kdc_err(NULL, retval, "while dispatching (udp)");
+        return;
     }
     if (response == NULL)
-	return;
+        return;
     if (response->length > max_dgram_reply_size) {
-	krb5_free_data(kdc_context, response);
-	retval = make_too_big_error(&response);
-	if (retval) {
-	    krb5_klog_syslog(LOG_ERR,
-			     "error constructing KRB_ERR_RESPONSE_TOO_BIG error: %s",
-			     error_message(retval));
-	    return;
-	}
+        krb5_free_data(kdc_context, response);
+        retval = make_too_big_error(&response);
+        if (retval) {
+            krb5_klog_syslog(LOG_ERR,
+                             "error constructing KRB_ERR_RESPONSE_TOO_BIG error: %s",
+                             error_message(retval));
+            return;
+        }
     }
     cc = send_to_from(port_fd, response->data, (socklen_t) response->length, 0,
-		      (struct sockaddr *)&saddr, saddr_len,
-		      (struct sockaddr *)&daddr, daddr_len);
+                      (struct sockaddr *)&saddr, saddr_len,
+                      (struct sockaddr *)&daddr, daddr_len);
     if (cc == -1) {
-	char addrbuf[46];
+        char addrbuf[46];
         krb5_free_data(kdc_context, response);
-	if (inet_ntop(((struct sockaddr *)&saddr)->sa_family,
-		      addr.contents, addrbuf, sizeof(addrbuf)) == 0) {
-	    strlcpy(addrbuf, "?", sizeof(addrbuf));
-	}
-	kdc_err(NULL, errno, "while sending reply to %s/%d",
-		addrbuf, faddr.port);
-	return;
+        if (inet_ntop(((struct sockaddr *)&saddr)->sa_family,
+                      addr.contents, addrbuf, sizeof(addrbuf)) == 0) {
+            strlcpy(addrbuf, "?", sizeof(addrbuf));
+        }
+        kdc_err(NULL, errno, "while sending reply to %s/%d",
+                addrbuf, faddr.port);
+        return;
     }
     if (cc != response->length) {
-	kdc_err(NULL, 0, "short reply write %d vs %d\n",
-		response->length, cc);
+        kdc_err(NULL, 0, "short reply write %d vs %d\n",
+                response->length, cc);
     }
     krb5_free_data(kdc_context, response);
     return;
@@ -1290,12 +1291,12 @@ static void accept_tcp_connection(struct connection *conn, int selflags)
 
     s = accept(conn->fd, addr, &addrlen);
     if (s < 0)
-	return;
+        return;
     set_cloexec_fd(s);
 #ifndef _WIN32
     if (s >= FD_SETSIZE) {
-	close(s);
-	return;
+        close(s);
+        return;
     }
 #endif
     setnbio(s), setnolinger(s), setkeepalive(s);
@@ -1304,26 +1305,26 @@ static void accept_tcp_connection(struct connection *conn, int selflags)
 
     newconn = add_tcp_data_fd(&sockdata, s);
     if (newconn == NULL)
-	return;
+        return;
 
     if (getnameinfo((struct sockaddr *)&addr_s, addrlen,
-		    newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf),
-		    tmpbuf, sizeof(tmpbuf),
-		    NI_NUMERICHOST | NI_NUMERICSERV))
-	strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf));
+                    newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf),
+                    tmpbuf, sizeof(tmpbuf),
+                    NI_NUMERICHOST | NI_NUMERICSERV))
+        strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf));
     else {
-	char *p, *end;
-	p = newconn->u.tcp.addrbuf;
-	end = p + sizeof(newconn->u.tcp.addrbuf);
-	p += strlen(p);
-	if (end - p > 2 + strlen(tmpbuf)) {
-	    *p++ = '.';
-	    strlcpy(p, tmpbuf, end - p);
-	}
+        char *p, *end;
+        p = newconn->u.tcp.addrbuf;
+        end = p + sizeof(newconn->u.tcp.addrbuf);
+        p += strlen(p);
+        if (end - p > 2 + strlen(tmpbuf)) {
+            *p++ = '.';
+            strlcpy(p, tmpbuf, end - p);
+        }
     }
 #if 0
     krb5_klog_syslog(LOG_INFO, "accepted TCP connection on socket %d from %s",
-		     s, newconn->u.tcp.addrbuf);
+                     s, newconn->u.tcp.addrbuf);
 #endif
 
     newconn->u.tcp.addr_s = addr_s;
@@ -1333,38 +1334,38 @@ static void accept_tcp_connection(struct connection *conn, int selflags)
     newconn->u.tcp.start_time = time(0);
 
     if (++tcp_data_counter > max_tcp_data_connections) {
-	struct connection *oldest_tcp = NULL;
-	struct connection *c;
-	int i;
+        struct connection *oldest_tcp = NULL;
+        struct connection *c;
+        int i;
 
-	krb5_klog_syslog(LOG_INFO, "too many connections");
+        krb5_klog_syslog(LOG_INFO, "too many connections");
 
-	FOREACH_ELT (connections, i, c) {
-	    if (c->type != CONN_TCP)
-		continue;
-	    if (c == newconn)
-		continue;
+        FOREACH_ELT (connections, i, c) {
+            if (c->type != CONN_TCP)
+                continue;
+            if (c == newconn)
+                continue;
 #if 0
-	    krb5_klog_syslog(LOG_INFO, "fd %d started at %ld", c->fd,
-			     c->u.tcp.start_time);
+            krb5_klog_syslog(LOG_INFO, "fd %d started at %ld", c->fd,
+                             c->u.tcp.start_time);
 #endif
-	    if (oldest_tcp == NULL
-		|| oldest_tcp->u.tcp.start_time > c->u.tcp.start_time)
-		oldest_tcp = c;
-	}
-	if (oldest_tcp != NULL) {
-	    krb5_klog_syslog(LOG_INFO, "dropping tcp fd %d from %s",
-			     oldest_tcp->fd, oldest_tcp->u.tcp.addrbuf);
-	    kill_tcp_connection(oldest_tcp);
-	}
+            if (oldest_tcp == NULL
+                || oldest_tcp->u.tcp.start_time > c->u.tcp.start_time)
+                oldest_tcp = c;
+        }
+        if (oldest_tcp != NULL) {
+            krb5_klog_syslog(LOG_INFO, "dropping tcp fd %d from %s",
+                             oldest_tcp->fd, oldest_tcp->u.tcp.addrbuf);
+            kill_tcp_connection(oldest_tcp);
+        }
     }
     if (newconn->u.tcp.buffer == 0) {
-	kdc_err(NULL, errno, "allocating buffer for new TCP session from %s",
-		newconn->u.tcp.addrbuf);
-	delete_fd(newconn);
-	close(s);
-	tcp_data_counter--;
-	return;
+        kdc_err(NULL, errno, "allocating buffer for new TCP session from %s",
+                newconn->u.tcp.addrbuf);
+        delete_fd(newconn);
+        close(s);
+        tcp_data_counter--;
+        return;
     }
     newconn->u.tcp.offset = 0;
     newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr;
@@ -1374,25 +1375,25 @@ static void accept_tcp_connection(struct connection *conn, int selflags)
 
     FD_SET(s, &sstate.rfds);
     if (sstate.max <= s)
-	sstate.max = s + 1;
+        sstate.max = s + 1;
 }
 
 static void
 kill_tcp_connection(struct connection *conn)
 {
     if (conn->u.tcp.response)
-	krb5_free_data(kdc_context, conn->u.tcp.response);
+        krb5_free_data(kdc_context, conn->u.tcp.response);
     if (conn->u.tcp.buffer)
-	free(conn->u.tcp.buffer);
+        free(conn->u.tcp.buffer);
     FD_CLR(conn->fd, &sstate.rfds);
     FD_CLR(conn->fd, &sstate.wfds);
     if (sstate.max == conn->fd + 1)
-	while (sstate.max > 0
-	       && ! FD_ISSET(sstate.max-1, &sstate.rfds)
-	       && ! FD_ISSET(sstate.max-1, &sstate.wfds)
-	       /* && ! FD_ISSET(sstate.max-1, &sstate.xfds) */
-	    )
-	    sstate.max--;
+        while (sstate.max > 0
+               && ! FD_ISSET(sstate.max-1, &sstate.rfds)
+               && ! FD_ISSET(sstate.max-1, &sstate.wfds)
+               /* && ! FD_ISSET(sstate.max-1, &sstate.xfds) */
+        )
+            sstate.max--;
     close(conn->fd);
     conn->fd = -1;
     delete_fd(conn);
@@ -1408,7 +1409,7 @@ make_toolong_error (krb5_data **out)
 
     retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec);
     if (retval)
-	return retval;
+        return retval;
     errpkt.error = KRB_ERR_FIELD_TOOLONG;
     errpkt.server = tgs_server;
     errpkt.client = NULL;
@@ -1420,11 +1421,11 @@ make_toolong_error (krb5_data **out)
     errpkt.e_data.data = 0;
     scratch = malloc(sizeof(*scratch));
     if (scratch == NULL)
-	return ENOMEM;
+        return ENOMEM;
     retval = krb5_mk_error(kdc_context, &errpkt, scratch);
     if (retval) {
-	free(scratch);
-	return retval;
+        free(scratch);
+        return retval;
     }
 
     *out = scratch;
@@ -1436,7 +1437,7 @@ queue_tcp_outgoing_response(struct connection *conn)
 {
     store_32_be(conn->u.tcp.response->length, conn->u.tcp.lenbuf);
     SG_SET(&conn->u.tcp.sgbuf[1], conn->u.tcp.response->data,
-	   conn->u.tcp.response->length);
+           conn->u.tcp.response->length);
     conn->u.tcp.sgp = conn->u.tcp.sgbuf;
     conn->u.tcp.sgnum = 2;
     FD_SET(conn->fd, &sstate.wfds);
@@ -1446,112 +1447,112 @@ static void
 process_tcp_connection(struct connection *conn, int selflags)
 {
     if (selflags & SSF_WRITE) {
-	ssize_t nwrote;
-	SOCKET_WRITEV_TEMP tmp;
-
-	nwrote = SOCKET_WRITEV(conn->fd, conn->u.tcp.sgp, conn->u.tcp.sgnum,
-			       tmp);
-	if (nwrote < 0) {
-	    goto kill_tcp_connection;
-	}
-	if (nwrote == 0)
-	    /* eof */
-	    goto kill_tcp_connection;
-	while (nwrote) {
-	    sg_buf *sgp = conn->u.tcp.sgp;
-	    if (nwrote < SG_LEN(sgp)) {
-		SG_ADVANCE(sgp, nwrote);
-		nwrote = 0;
-	    } else {
-		nwrote -= SG_LEN(sgp);
-		conn->u.tcp.sgp++;
-		conn->u.tcp.sgnum--;
-		if (conn->u.tcp.sgnum == 0 && nwrote != 0)
-		    abort();
-	    }
-	}
-	if (conn->u.tcp.sgnum == 0) {
-	    /* finished sending */
-	    /* We should go back to reading, though if we sent a
-	       FIELD_TOOLONG error in reply to a length with the high
-	       bit set, RFC 4120 says we have to close the TCP
-	       stream.  */
-	    goto kill_tcp_connection;
-	}
+        ssize_t nwrote;
+        SOCKET_WRITEV_TEMP tmp;
+
+        nwrote = SOCKET_WRITEV(conn->fd, conn->u.tcp.sgp, conn->u.tcp.sgnum,
+                               tmp);
+        if (nwrote < 0) {
+            goto kill_tcp_connection;
+        }
+        if (nwrote == 0)
+            /* eof */
+            goto kill_tcp_connection;
+        while (nwrote) {
+            sg_buf *sgp = conn->u.tcp.sgp;
+            if (nwrote < SG_LEN(sgp)) {
+                SG_ADVANCE(sgp, nwrote);
+                nwrote = 0;
+            } else {
+                nwrote -= SG_LEN(sgp);
+                conn->u.tcp.sgp++;
+                conn->u.tcp.sgnum--;
+                if (conn->u.tcp.sgnum == 0 && nwrote != 0)
+                    abort();
+            }
+        }
+        if (conn->u.tcp.sgnum == 0) {
+            /* finished sending */
+            /* We should go back to reading, though if we sent a
+               FIELD_TOOLONG error in reply to a length with the high
+               bit set, RFC 4120 says we have to close the TCP
+               stream.  */
+            goto kill_tcp_connection;
+        }
     } else if (selflags & SSF_READ) {
-	/* Read message length and data into one big buffer, already
-	   allocated at connect time.  If we have a complete message,
-	   we stop reading, so we should only be here if there is no
-	   data in the buffer, or only an incomplete message.  */
-	size_t len;
-	ssize_t nread;
-	if (conn->u.tcp.offset < 4) {
-	    /* msglen has not been computed */
-	    /* XXX Doing at least two reads here, letting the kernel
-	       worry about buffering.  It'll be faster when we add
-	       code to manage the buffer here.  */
-	    len = 4 - conn->u.tcp.offset;
-	    nread = SOCKET_READ(conn->fd,
-				conn->u.tcp.buffer + conn->u.tcp.offset, len);
-	    if (nread < 0)
-		/* error */
-		goto kill_tcp_connection;
-	    if (nread == 0)
-		/* eof */
-		goto kill_tcp_connection;
-	    conn->u.tcp.offset += nread;
-	    if (conn->u.tcp.offset == 4) {
-		unsigned char *p = (unsigned char *)conn->u.tcp.buffer;
-		conn->u.tcp.msglen = load_32_be(p);
-		if (conn->u.tcp.msglen > conn->u.tcp.bufsiz - 4) {
-		    krb5_error_code err;
-		    /* message too big */
-		    krb5_klog_syslog(LOG_ERR, "TCP client %s wants %lu bytes, cap is %lu",
-				     conn->u.tcp.addrbuf, (unsigned long) conn->u.tcp.msglen,
-				     (unsigned long) conn->u.tcp.bufsiz - 4);
-		    /* XXX Should return an error.  */
-		    err = make_toolong_error (&conn->u.tcp.response);
-		    if (err) {
-			krb5_klog_syslog(LOG_ERR,
-					 "error constructing KRB_ERR_FIELD_TOOLONG error! %s",
-					 error_message(err));
-			goto kill_tcp_connection;
-		    }
-		    goto have_response;
-		}
-	    }
-	} else {
-	    /* msglen known */
-	    krb5_data request;
-	    krb5_error_code err;
-
-	    len = conn->u.tcp.msglen - (conn->u.tcp.offset - 4);
-	    nread = SOCKET_READ(conn->fd,
-				conn->u.tcp.buffer + conn->u.tcp.offset, len);
-	    if (nread < 0)
-		/* error */
-		goto kill_tcp_connection;
-	    if (nread == 0)
-		/* eof */
-		goto kill_tcp_connection;
-	    conn->u.tcp.offset += nread;
-	    if (conn->u.tcp.offset < conn->u.tcp.msglen + 4)
-		return;
-	    /* have a complete message, and exactly one message */
-	    request.length = conn->u.tcp.msglen;
-	    request.data = conn->u.tcp.buffer + 4;
-	    err = dispatch(&request, &conn->u.tcp.faddr,
-			   &conn->u.tcp.response);
-	    if (err) {
-		kdc_err(NULL, err, "while dispatching (tcp)");
-		goto kill_tcp_connection;
-	    }
-	have_response:
-	    queue_tcp_outgoing_response(conn);
-	    FD_CLR(conn->fd, &sstate.rfds);
-	}
+        /* Read message length and data into one big buffer, already
+           allocated at connect time.  If we have a complete message,
+           we stop reading, so we should only be here if there is no
+           data in the buffer, or only an incomplete message.  */
+        size_t len;
+        ssize_t nread;
+        if (conn->u.tcp.offset < 4) {
+            /* msglen has not been computed */
+            /* XXX Doing at least two reads here, letting the kernel
+               worry about buffering.  It'll be faster when we add
+               code to manage the buffer here.  */
+            len = 4 - conn->u.tcp.offset;
+            nread = SOCKET_READ(conn->fd,
+                                conn->u.tcp.buffer + conn->u.tcp.offset, len);
+            if (nread < 0)
+                /* error */
+                goto kill_tcp_connection;
+            if (nread == 0)
+                /* eof */
+                goto kill_tcp_connection;
+            conn->u.tcp.offset += nread;
+            if (conn->u.tcp.offset == 4) {
+                unsigned char *p = (unsigned char *)conn->u.tcp.buffer;
+                conn->u.tcp.msglen = load_32_be(p);
+                if (conn->u.tcp.msglen > conn->u.tcp.bufsiz - 4) {
+                    krb5_error_code err;
+                    /* message too big */
+                    krb5_klog_syslog(LOG_ERR, "TCP client %s wants %lu bytes, cap is %lu",
+                                     conn->u.tcp.addrbuf, (unsigned long) conn->u.tcp.msglen,
+                                     (unsigned long) conn->u.tcp.bufsiz - 4);
+                    /* XXX Should return an error.  */
+                    err = make_toolong_error (&conn->u.tcp.response);
+                    if (err) {
+                        krb5_klog_syslog(LOG_ERR,
+                                         "error constructing KRB_ERR_FIELD_TOOLONG error! %s",
+                                         error_message(err));
+                        goto kill_tcp_connection;
+                    }
+                    goto have_response;
+                }
+            }
+        } else {
+            /* msglen known */
+            krb5_data request;
+            krb5_error_code err;
+
+            len = conn->u.tcp.msglen - (conn->u.tcp.offset - 4);
+            nread = SOCKET_READ(conn->fd,
+                                conn->u.tcp.buffer + conn->u.tcp.offset, len);
+            if (nread < 0)
+                /* error */
+                goto kill_tcp_connection;
+            if (nread == 0)
+                /* eof */
+                goto kill_tcp_connection;
+            conn->u.tcp.offset += nread;
+            if (conn->u.tcp.offset < conn->u.tcp.msglen + 4)
+                return;
+            /* have a complete message, and exactly one message */
+            request.length = conn->u.tcp.msglen;
+            request.data = conn->u.tcp.buffer + 4;
+            err = dispatch(&request, &conn->u.tcp.faddr,
+                           &conn->u.tcp.response);
+            if (err) {
+                kdc_err(NULL, err, "while dispatching (tcp)");
+                goto kill_tcp_connection;
+            }
+        have_response:
+            queue_tcp_outgoing_response(conn);
+            FD_CLR(conn->fd, &sstate.rfds);
+        }
     } else
-	abort();
+        abort();
 
     return;
 
@@ -1581,79 +1582,79 @@ static int getcurtime(struct timeval *tvp)
 krb5_error_code
 listen_and_process()
 {
-    int			nfound;
+    int                 nfound;
     /* This struct contains 3 fd_set objects; on some platforms, they
        can be rather large.  Making this static avoids putting all
        that junk on the stack.  */
     static struct select_state sout;
-    int			i, sret, netchanged = 0;
-    krb5_error_code	err;
+    int                 i, sret, netchanged = 0;
+    krb5_error_code     err;
 
     if (conns == (struct connection **) NULL)
-	return KDC5_NONET;
-    
+        return KDC5_NONET;
+
     while (!signal_requests_exit) {
-	if (signal_requests_hup) {
-	    int k;
-
-	    krb5_klog_reopen(kdc_context);
-	    for (k = 0; k < kdc_numrealms; k++)
-		krb5_db_invoke(kdc_realmlist[k]->realm_context,
-			       KRB5_KDB_METHOD_REFRESH_POLICY,
-			       NULL, NULL);
-	    signal_requests_hup = 0;
-	}
-
-	if (network_reconfiguration_needed) {
-	    /* No point in re-logging what we've just logged.  */
-	    if (netchanged == 0)
-		krb5_klog_syslog(LOG_INFO, "network reconfiguration needed");
-	    /* It might be tidier to add a timer-callback interface to
-	       the control loop here, but for this one use, it's not a
-	       big deal.  */
-	    err = getcurtime(&sstate.end_time);
-	    if (err) {
-		kdc_err(NULL, err, "while getting the time");
-		continue;
-	    }
-	    sstate.end_time.tv_sec += 3;
-	    netchanged = 1;
-	} else
-	    sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
-
-	err = krb5int_cm_call_select(&sstate, &sout, &sret);
-	if (err) {
-	    if (err != EINTR)
-		kdc_err(NULL, err, "while selecting for network input(1)");
-	    continue;
-	}
-	if (sret == 0 && netchanged) {
-	    network_reconfiguration_needed = 0;
-	    closedown_network();
-	    err = setup_network();
-	    if (err) {
-		kdc_err(NULL, err, "while reinitializing network");
-		return err;
-	    }
-	    netchanged = 0;
-	}
-	if (sret == -1) {
-	    if (errno != EINTR)
-		kdc_err(NULL, errno, "while selecting for network input(2)");
-	    continue;
-	}
-	nfound = sret;
-	for (i=0; i<n_sockets && nfound > 0; i++) {
-	    int sflags = 0;
-	    if (conns[i]->fd < 0)
-		abort();
-	    if (FD_ISSET(conns[i]->fd, &sout.rfds))
-		sflags |= SSF_READ, nfound--;
-	    if (FD_ISSET(conns[i]->fd, &sout.wfds))
-		sflags |= SSF_WRITE, nfound--;
-	    if (sflags)
-		service_conn(conns[i], sflags);
-	}
+        if (signal_requests_hup) {
+            int k;
+
+            krb5_klog_reopen(kdc_context);
+            for (k = 0; k < kdc_numrealms; k++)
+                krb5_db_invoke(kdc_realmlist[k]->realm_context,
+                               KRB5_KDB_METHOD_REFRESH_POLICY,
+                               NULL, NULL);
+            signal_requests_hup = 0;
+        }
+
+        if (network_reconfiguration_needed) {
+            /* No point in re-logging what we've just logged.  */
+            if (netchanged == 0)
+                krb5_klog_syslog(LOG_INFO, "network reconfiguration needed");
+            /* It might be tidier to add a timer-callback interface to
+               the control loop here, but for this one use, it's not a
+               big deal.  */
+            err = getcurtime(&sstate.end_time);
+            if (err) {
+                kdc_err(NULL, err, "while getting the time");
+                continue;
+            }
+            sstate.end_time.tv_sec += 3;
+            netchanged = 1;
+        } else
+            sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0;
+
+        err = krb5int_cm_call_select(&sstate, &sout, &sret);
+        if (err) {
+            if (err != EINTR)
+                kdc_err(NULL, err, "while selecting for network input(1)");
+            continue;
+        }
+        if (sret == 0 && netchanged) {
+            network_reconfiguration_needed = 0;
+            closedown_network();
+            err = setup_network();
+            if (err) {
+                kdc_err(NULL, err, "while reinitializing network");
+                return err;
+            }
+            netchanged = 0;
+        }
+        if (sret == -1) {
+            if (errno != EINTR)
+                kdc_err(NULL, errno, "while selecting for network input(2)");
+            continue;
+        }
+        nfound = sret;
+        for (i=0; i<n_sockets && nfound > 0; i++) {
+            int sflags = 0;
+            if (conns[i]->fd < 0)
+                abort();
+            if (FD_ISSET(conns[i]->fd, &sout.rfds))
+                sflags |= SSF_READ, nfound--;
+            if (FD_ISSET(conns[i]->fd, &sout.wfds))
+                sflags |= SSF_WRITE, nfound--;
+            if (sflags)
+                service_conn(conns[i], sflags);
+        }
     }
     krb5_klog_syslog(LOG_INFO, "shutdown signal received");
     return 0;
@@ -1666,19 +1667,19 @@ closedown_network()
     struct connection *conn;
 
     if (conns == (struct connection **) NULL)
-	return KDC5_NONET;
+        return KDC5_NONET;
 
     FOREACH_ELT (connections, i, conn) {
-	if (conn->fd >= 0) {
-	    krb5_klog_syslog(LOG_INFO, "closing down fd %d", conn->fd);
-	    (void) close(conn->fd);
-	}
-	DEL (connections, i);
-	/* There may also be per-connection data in the tcp structure
-	   (tcp.buffer, tcp.response) that we're not freeing here.
-	   That should only happen if we quit with a connection in
-	   progress.  */
-	free(conn);
+        if (conn->fd >= 0) {
+            krb5_klog_syslog(LOG_INFO, "closing down fd %d", conn->fd);
+            (void) close(conn->fd);
+        }
+        DEL (connections, i);
+        /* There may also be per-connection data in the tcp structure
+           (tcp.buffer, tcp.response) that we're not freeing here.
+           That should only happen if we quit with a connection in
+           progress.  */
+        free(conn);
     }
     FREE_SET_DATA(connections);
     FREE_SET_DATA(udp_port_data);
diff --git a/src/kdc/pkinit_apple_server.c b/src/kdc/pkinit_apple_server.c
index b86c63444..ade1b8b76 100644
--- a/src/kdc/pkinit_apple_server.c
+++ b/src/kdc/pkinit_apple_server.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2004-2008 Apple Inc.  All Rights Reserved.
  *
@@ -37,47 +38,47 @@
 #include <assert.h>
 
 #define     PKINIT_DEBUG    0
-#if	    PKINIT_DEBUG
+#if         PKINIT_DEBUG
 #define     pkiDebug(args...)       printf(args)
 #else
 #define     pkiDebug(args...)
 #endif
 
 /*
- * Parse PA-PK-AS-REQ message. Optionally evaluates the message's certificate chain. 
- * Optionally returns various components. 
+ * Parse PA-PK-AS-REQ message. Optionally evaluates the message's certificate chain.
+ * Optionally returns various components.
  */
 krb5_error_code krb5int_pkinit_as_req_parse(
-    krb5_context	context,
-    const krb5_data	*as_req,
-    krb5_timestamp      *kctime,	/* optionally RETURNED */
-    krb5_ui_4		*cusec,		/* microseconds, optionally RETURNED */
-    krb5_ui_4		*nonce,		/* optionally RETURNED */
-    krb5_checksum       *pa_cksum,	/* optional, contents mallocd and RETURNED */
+    krb5_context        context,
+    const krb5_data     *as_req,
+    krb5_timestamp      *kctime,        /* optionally RETURNED */
+    krb5_ui_4           *cusec,         /* microseconds, optionally RETURNED */
+    krb5_ui_4           *nonce,         /* optionally RETURNED */
+    krb5_checksum       *pa_cksum,      /* optional, contents mallocd and RETURNED */
     krb5int_cert_sig_status *cert_status,/* optionally RETURNED */
-    krb5_ui_4		*num_cms_types,	/* optionally RETURNED */
-    krb5int_algorithm_id **cms_types,	/* optionally mallocd and RETURNED */
+    krb5_ui_4           *num_cms_types, /* optionally RETURNED */
+    krb5int_algorithm_id **cms_types,   /* optionally mallocd and RETURNED */
 
     /*
      * Cert fields, all optionally RETURNED.
      *
      * signer_cert is the full X.509 leaf cert from the incoming SignedData.
      * all_certs is an array of all of the certs in the incoming SignedData,
-     *    in full X.509 form. 
+     *    in full X.509 form.
      */
-    krb5_data		*signer_cert,   /* content mallocd */
-    krb5_ui_4		*num_all_certs, /* sizeof *all_certs */
-    krb5_data		**all_certs,    /* krb5_data's and their content mallocd */
-    
+    krb5_data           *signer_cert,   /* content mallocd */
+    krb5_ui_4           *num_all_certs, /* sizeof *all_certs */
+    krb5_data           **all_certs,    /* krb5_data's and their content mallocd */
+
     /*
-     * Array of trustedCertifiers, optionally RETURNED. These are DER-encoded 
-     * issuer/serial numbers. 
+     * Array of trustedCertifiers, optionally RETURNED. These are DER-encoded
+     * issuer/serial numbers.
      */
-    krb5_ui_4		*num_trusted_CAs,   /* sizeof *trusted_CAs */
-    krb5_data		**trusted_CAs,       /* krb5_data's and their content mallocd */
-    
+    krb5_ui_4           *num_trusted_CAs,   /* sizeof *trusted_CAs */
+    krb5_data           **trusted_CAs,       /* krb5_data's and their content mallocd */
+
     /* KDC cert specified by client as kdcPkId. DER-encoded issuer/serial number. */
-    krb5_data		*kdc_cert)
+    krb5_data           *kdc_cert)
 {
     krb5_error_code krtn;
     krb5_data signed_auth_pack = {0, 0, NULL};
@@ -89,84 +90,84 @@ krb5_error_code krb5int_pkinit_as_req_parse(
     krb5_pkinit_cert_db_t cert_db = NULL;
     krb5_boolean is_signed;
     krb5_boolean is_encrypted;
-   
+
     assert(as_req != NULL);
-    
-    /* 
+
+    /*
      * We always have to decode the top-level AS-REQ...
      */
     krtn = krb5int_pkinit_pa_pk_as_req_decode(as_req, &signed_auth_pack,
-	    num_trusted_CAs, trusted_CAs,	    /* optional */
-	    kdc_cert);				    /* optional */
+                                              num_trusted_CAs, trusted_CAs,           /* optional */
+                                              kdc_cert);                              /* optional */
     if (krtn) {
-	pkiDebug("krb5int_pkinit_pa_pk_as_req_decode returned %d\n", (int)krtn);
-	return krtn;
+        pkiDebug("krb5int_pkinit_pa_pk_as_req_decode returned %d\n", (int)krtn);
+        return krtn;
     }
 
     /* Do we need info about or from the ContentInto or AuthPack? */
-    if ((kctime != NULL) || (cusec != NULL) || (nonce != NULL) || 
+    if ((kctime != NULL) || (cusec != NULL) || (nonce != NULL) ||
         (pa_cksum != NULL) || (cms_types != NULL)) {
-	need_auth_pack = TRUE;
-	raw_auth_pack_p = &raw_auth_pack;
+        need_auth_pack = TRUE;
+        raw_auth_pack_p = &raw_auth_pack;
     }
     if (need_auth_pack || (cert_status != NULL) ||
         (signer_cert != NULL) || (all_certs != NULL)) {
-	proceed = TRUE;
+        proceed = TRUE;
     }
     if (!proceed) {
-	krtn = 0;
-	goto err_out;
+        krtn = 0;
+        goto err_out;
     }
-    
+
     /* Parse and possibly verify the ContentInfo */
     krtn = krb5_pkinit_get_kdc_cert_db(&cert_db);
     if (krtn) {
-	pkiDebug("pa_pk_as_req_parse: error in krb5_pkinit_get_kdc_cert_db\n");
-	goto err_out;
+        pkiDebug("pa_pk_as_req_parse: error in krb5_pkinit_get_kdc_cert_db\n");
+        goto err_out;
     }
     krtn = krb5int_pkinit_parse_cms_msg(&signed_auth_pack, cert_db, TRUE,
-	&is_signed, &is_encrypted,
-	raw_auth_pack_p, &content_type, signer_cert, cert_status, 
-	num_all_certs, all_certs);
+                                        &is_signed, &is_encrypted,
+                                        raw_auth_pack_p, &content_type, signer_cert, cert_status,
+                                        num_all_certs, all_certs);
     if (krtn) {
-	pkiDebug("krb5int_pkinit_parse_content_info returned %d\n", (int)krtn);
-	goto err_out;
+        pkiDebug("krb5int_pkinit_parse_content_info returned %d\n", (int)krtn);
+        goto err_out;
     }
 
     if (is_encrypted || !is_signed) {
-	pkiDebug("pkinit_parse_content_info: is_encrypted %s is_signed %s!\n",
-	    is_encrypted ? "true" :"false",
-	    is_signed ? "true" : "false");
-	krtn = KRB5KDC_ERR_PREAUTH_FAILED;
-	goto err_out;
+        pkiDebug("pkinit_parse_content_info: is_encrypted %s is_signed %s!\n",
+                 is_encrypted ? "true" :"false",
+                 is_signed ? "true" : "false");
+        krtn = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto err_out;
     }
     if (content_type != ECT_PkAuthData) {
-	pkiDebug("authPack eContentType %d!\n", (int)content_type);
-	krtn = KRB5KDC_ERR_PREAUTH_FAILED;
-	goto err_out;
+        pkiDebug("authPack eContentType %d!\n", (int)content_type);
+        krtn = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto err_out;
     }
-    
+
     /* optionally parse contents of authPack */
     if (need_auth_pack) {
-	krtn = krb5int_pkinit_auth_pack_decode(&raw_auth_pack, kctime, 
-                                               cusec, nonce, pa_cksum, 
+        krtn = krb5int_pkinit_auth_pack_decode(&raw_auth_pack, kctime,
+                                               cusec, nonce, pa_cksum,
                                                cms_types, num_cms_types);
-	if(krtn) {
-	    pkiDebug("krb5int_pkinit_auth_pack_decode returned %d\n", (int)krtn);
-	    goto err_out;
-	}
+        if(krtn) {
+            pkiDebug("krb5int_pkinit_auth_pack_decode returned %d\n", (int)krtn);
+            goto err_out;
+        }
     }
 
 err_out:
     /* free temp mallocd data that we didn't pass back to caller */
     if(signed_auth_pack.data) {
-	free(signed_auth_pack.data);
+        free(signed_auth_pack.data);
     }
     if(raw_auth_pack.data) {
-	free(raw_auth_pack.data);
+        free(raw_auth_pack.data);
     }
     if(cert_db) {
-	krb5_pkinit_release_cert_db(cert_db);
+        krb5_pkinit_release_cert_db(cert_db);
     }
     return krtn;
 }
@@ -179,61 +180,61 @@ err_out:
  * PA-PK-AS-REP ::= EnvelopedData(SignedData(ReplyKeyPack))
  */
 krb5_error_code krb5int_pkinit_as_rep_create(
-    krb5_context		context,
-    const krb5_keyblock		*key_block,
-    const krb5_checksum		*checksum,	    /* checksum of corresponding AS-REQ */
-    krb5_pkinit_signing_cert_t	signer_cert,	    /* server's cert */
-    krb5_boolean		include_server_cert,/* include signer_cert in SignerInfo */
-    const krb5_data		*recipient_cert,    /* client's cert */
-
-    /* 
-     * These correspond to the same out-parameters from 
-     * krb5int_pkinit_as_req_parse(). All are optional. 
+    krb5_context                context,
+    const krb5_keyblock         *key_block,
+    const krb5_checksum         *checksum,          /* checksum of corresponding AS-REQ */
+    krb5_pkinit_signing_cert_t  signer_cert,        /* server's cert */
+    krb5_boolean                include_server_cert,/* include signer_cert in SignerInfo */
+    const krb5_data             *recipient_cert,    /* client's cert */
+
+    /*
+     * These correspond to the same out-parameters from
+     * krb5int_pkinit_as_req_parse(). All are optional.
      */
-    krb5_ui_4			num_cms_types,	
-    const krb5int_algorithm_id	*cms_types,	
-    krb5_ui_4			num_trusted_CAs,
-    krb5_data			*trusted_CAs,   
-    krb5_data			*kdc_cert,
-    
-    krb5_data			*as_rep)	    /* mallocd and RETURNED */
+    krb5_ui_4                   num_cms_types,
+    const krb5int_algorithm_id  *cms_types,
+    krb5_ui_4                   num_trusted_CAs,
+    krb5_data                   *trusted_CAs,
+    krb5_data                   *kdc_cert,
+
+    krb5_data                   *as_rep)            /* mallocd and RETURNED */
 {
     krb5_data reply_key_pack = {0, 0, NULL};
     krb5_error_code krtn;
     krb5_data enc_key_pack = {0, 0, NULL};
-    
+
     /* innermost content = ReplyKeyPack */
-    krtn = krb5int_pkinit_reply_key_pack_encode(key_block, checksum, 
+    krtn = krb5int_pkinit_reply_key_pack_encode(key_block, checksum,
                                                 &reply_key_pack);
     if (krtn) {
-	return krtn;
+        return krtn;
     }
-    
-    /* 
+
+    /*
      * Put that in an EnvelopedData(SignedData)
      * -- SignedData.EncapsulatedData.ContentType = id-pkinit-rkeyData
      */
     krtn = krb5int_pkinit_create_cms_msg(&reply_key_pack,
-	signer_cert,
-	recipient_cert,
-	ECT_PkReplyKeyKata,
-	num_cms_types, cms_types, 
-	&enc_key_pack);
+                                         signer_cert,
+                                         recipient_cert,
+                                         ECT_PkReplyKeyKata,
+                                         num_cms_types, cms_types,
+                                         &enc_key_pack);
     if (krtn) {
-	goto err_out;
+        goto err_out;
     }
-    
+
     /*
      * Finally, wrap that inside of PA-PK-AS-REP
      */
     krtn = krb5int_pkinit_pa_pk_as_rep_encode(NULL, &enc_key_pack, as_rep);
-    
+
 err_out:
     if (reply_key_pack.data) {
-	free(reply_key_pack.data);
+        free(reply_key_pack.data);
     }
     if (enc_key_pack.data) {
-	free(enc_key_pack.data);
+        free(enc_key_pack.data);
     }
     return krtn;
 }
diff --git a/src/kdc/pkinit_server.h b/src/kdc/pkinit_server.h
index 773b497e0..b97cb9867 100644
--- a/src/kdc/pkinit_server.h
+++ b/src/kdc/pkinit_server.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2004-2008 Apple Inc.  All Rights Reserved.
  *
@@ -42,41 +43,41 @@ extern "C" {
 
 /*
  * Parse PA-PK-AS-REQ message. Optionally evaluates the message's certificate chain
- * if cert_status is non-NULL. Optionally returns various components. 
+ * if cert_status is non-NULL. Optionally returns various components.
  */
 krb5_error_code krb5int_pkinit_as_req_parse(
-    krb5_context	context,
-    const krb5_data	*as_req,
-    krb5_timestamp      *kctime,	/* optionally RETURNED */
-    krb5_ui_4		*cusec,		/* microseconds, optionally RETURNED */
-    krb5_ui_4		*nonce,		/* optionally RETURNED */
-    krb5_checksum       *pa_cksum,	/* optional, contents mallocd and RETURNED */
+    krb5_context        context,
+    const krb5_data     *as_req,
+    krb5_timestamp      *kctime,        /* optionally RETURNED */
+    krb5_ui_4           *cusec,         /* microseconds, optionally RETURNED */
+    krb5_ui_4           *nonce,         /* optionally RETURNED */
+    krb5_checksum       *pa_cksum,      /* optional, contents mallocd and RETURNED */
     krb5int_cert_sig_status *cert_status,   /* optionally RETURNED */
-    krb5_ui_4		*num_cms_types,	/* optionally RETURNED */
-    krb5int_algorithm_id **cms_types,	/* optionally mallocd and RETURNED */
+    krb5_ui_4           *num_cms_types, /* optionally RETURNED */
+    krb5int_algorithm_id **cms_types,   /* optionally mallocd and RETURNED */
 
     /*
      * Cert fields, all optionally RETURNED.
      *
      * signer_cert is the full X.509 leaf cert from the incoming SignedData.
      * all_certs is an array of all of the certs in the incoming SignedData,
-     *    in full X.509 form. 
+     *    in full X.509 form.
      */
-    krb5_data		*signer_cert,   /* content mallocd */
-    krb5_ui_4		*num_all_certs, /* sizeof *all_certs */
-    krb5_data		**all_certs,    /* krb5_data's and their content mallocd */
-    
+    krb5_data           *signer_cert,   /* content mallocd */
+    krb5_ui_4           *num_all_certs, /* sizeof *all_certs */
+    krb5_data           **all_certs,    /* krb5_data's and their content mallocd */
+
     /*
-     * Array of trustedCertifiers, optionally RETURNED. These are DER-encoded 
-     * issuer/serial numbers. 
+     * Array of trustedCertifiers, optionally RETURNED. These are DER-encoded
+     * issuer/serial numbers.
      */
-    krb5_ui_4		*num_trusted_CAs,   /* sizeof *trustedCAs */
-    krb5_data		**trusted_CAs,      /* krb5_data's and their content mallocd */
-    
+    krb5_ui_4           *num_trusted_CAs,   /* sizeof *trustedCAs */
+    krb5_data           **trusted_CAs,      /* krb5_data's and their content mallocd */
+
     /* KDC cert specified by client as kdcPkId. DER-encoded issuer/serial number. */
-    krb5_data		*kdc_cert);
-    
-    
+    krb5_data           *kdc_cert);
+
+
 /*
  * Create a PA-PK-AS-REP message, public key (no Diffie Hellman) version.
  *
@@ -85,26 +86,26 @@ krb5_error_code krb5int_pkinit_as_req_parse(
  * PA-PK-AS-REP ::= EnvelopedData(SignedData(ReplyKeyPack))
  */
 krb5_error_code krb5int_pkinit_as_rep_create(
-    krb5_context		context,
-    const krb5_keyblock		*key_block,
-    const krb5_checksum		*checksum,		/* checksum of corresponding AS-REQ */
-    krb5_pkinit_signing_cert_t	signer_cert,		/* server's cert */
-    krb5_boolean		include_server_cert,	/* include signer_cert in SignerInfo */
-    const krb5_data		*recipient_cert,	/* client's cert */
-    
-    /* 
-     * These correspond to the same out-parameters from 
-     * krb5int_pkinit_as_req_parse(). All are optional. 
+    krb5_context                context,
+    const krb5_keyblock         *key_block,
+    const krb5_checksum         *checksum,              /* checksum of corresponding AS-REQ */
+    krb5_pkinit_signing_cert_t  signer_cert,            /* server's cert */
+    krb5_boolean                include_server_cert,    /* include signer_cert in SignerInfo */
+    const krb5_data             *recipient_cert,        /* client's cert */
+
+    /*
+     * These correspond to the same out-parameters from
+     * krb5int_pkinit_as_req_parse(). All are optional.
      */
-    krb5_ui_4			num_cms_types,
-    const krb5int_algorithm_id	*cms_types,	
-    krb5_ui_4			num_trusted_CAs,
-    krb5_data			*trusted_CAs,   
-    krb5_data			*kdc_cert,
-    
+    krb5_ui_4                   num_cms_types,
+    const krb5int_algorithm_id  *cms_types,
+    krb5_ui_4                   num_trusted_CAs,
+    krb5_data                   *trusted_CAs,
+    krb5_data                   *kdc_cert,
+
     /* result here, mallocd and RETURNED */
-    krb5_data			*as_rep);
-    
+    krb5_data                   *as_rep);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/kdc/policy.c b/src/kdc/policy.c
index d4a70feb6..aefddfffc 100644
--- a/src/kdc/policy.c
+++ b/src/kdc/policy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/policy.c
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Policy decision routines for KDC.
  */
@@ -59,30 +60,30 @@
 
 int
 against_local_policy_as(register krb5_kdc_req *request, krb5_db_entry client,
-			krb5_db_entry server, krb5_timestamp kdc_time,
-			const char **status, krb5_data *e_data)
+                        krb5_db_entry server, krb5_timestamp kdc_time,
+                        const char **status, krb5_data *e_data)
 {
-    krb5_error_code		code;
-    kdb_check_policy_as_req	req;
-    kdb_check_policy_as_rep	rep;
-    krb5_data			req_data;
-    krb5_data			rep_data;
+    krb5_error_code             code;
+    kdb_check_policy_as_req     req;
+    kdb_check_policy_as_rep     rep;
+    krb5_data                   req_data;
+    krb5_data                   rep_data;
 
 #if 0
-     /* An AS request must include the addresses field */
+    /* An AS request must include the addresses field */
     if (request->addresses == 0) {
-	*status = "NO ADDRESS";
-	return KRB5KDC_ERR_POLICY;
+        *status = "NO ADDRESS";
+        return KRB5KDC_ERR_POLICY;
     }
 #endif
 
     memset(&req, 0, sizeof(req));
     memset(&rep, 0, sizeof(rep));
 
-    req.request			= request;
-    req.client			= &client;
-    req.server			= &server;
-    req.kdc_time		= kdc_time;
+    req.request                 = request;
+    req.client                  = &client;
+    req.server                  = &server;
+    req.kdc_time                = kdc_time;
 
     req_data.data = (void *)&req;
     req_data.length = sizeof(req);
@@ -91,19 +92,19 @@ against_local_policy_as(register krb5_kdc_req *request, krb5_db_entry client,
     rep_data.length = sizeof(rep);
 
     code = krb5_db_invoke(kdc_context,
-			  KRB5_KDB_METHOD_CHECK_POLICY_AS,
-			  &req_data,
-			  &rep_data);
+                          KRB5_KDB_METHOD_CHECK_POLICY_AS,
+                          &req_data,
+                          &rep_data);
     if (code == KRB5_KDB_DBTYPE_NOSUP)
-	return 0;
+        return 0;
 
     *status = rep.status;
     *e_data = rep.e_data;
 
     if (code != 0) {
-	code -= ERROR_TABLE_BASE_krb5;
-	if (code < 0 || code > 128)
-	    code = KRB_ERR_GENERIC;
+        code -= ERROR_TABLE_BASE_krb5;
+        if (code < 0 || code > 128)
+            code = KRB_ERR_GENERIC;
     }
 
     return code;
@@ -114,33 +115,33 @@ against_local_policy_as(register krb5_kdc_req *request, krb5_db_entry client,
  */
 krb5_error_code
 against_local_policy_tgs(register krb5_kdc_req *request, krb5_db_entry server,
-			 krb5_ticket *ticket, const char **status,
-			 krb5_data *e_data)
+                         krb5_ticket *ticket, const char **status,
+                         krb5_data *e_data)
 {
-    krb5_error_code		code;
-    kdb_check_policy_tgs_req	req;
-    kdb_check_policy_tgs_rep	rep;
-    krb5_data			req_data;
-    krb5_data			rep_data;
+    krb5_error_code             code;
+    kdb_check_policy_tgs_req    req;
+    kdb_check_policy_tgs_rep    rep;
+    krb5_data                   req_data;
+    krb5_data                   rep_data;
 
 #if 0
     /*
      * For example, if your site wants to disallow ticket forwarding,
      * you might do something like this:
      */
-    
+
     if (isflagset(request->kdc_options, KDC_OPT_FORWARDED)) {
-	*status = "FORWARD POLICY";
-	return KRB5KDC_ERR_POLICY;
+        *status = "FORWARD POLICY";
+        return KRB5KDC_ERR_POLICY;
     }
 #endif
 
     memset(&req, 0, sizeof(req));
     memset(&rep, 0, sizeof(rep));
 
-    req.request			= request;
-    req.server			= &server;
-    req.ticket			= ticket;
+    req.request                 = request;
+    req.server                  = &server;
+    req.ticket                  = ticket;
 
     req_data.data = (void *)&req;
     req_data.length = sizeof(req);
@@ -149,21 +150,20 @@ against_local_policy_tgs(register krb5_kdc_req *request, krb5_db_entry server,
     rep_data.length = sizeof(rep);
 
     code = krb5_db_invoke(kdc_context,
-			  KRB5_KDB_METHOD_CHECK_POLICY_TGS,
-			  &req_data,
-			  &rep_data);
+                          KRB5_KDB_METHOD_CHECK_POLICY_TGS,
+                          &req_data,
+                          &rep_data);
     if (code == KRB5_KDB_DBTYPE_NOSUP)
-	return 0;
+        return 0;
 
     *status = rep.status;
     *e_data = rep.e_data;
 
     if (code != 0) {
-	code -= ERROR_TABLE_BASE_krb5;
-	if (code < 0 || code > 128)
-	    code = KRB_ERR_GENERIC;
+        code -= ERROR_TABLE_BASE_krb5;
+        if (code < 0 || code > 128)
+            code = KRB_ERR_GENERIC;
     }
 
     return code;
 }
-
diff --git a/src/kdc/policy.h b/src/kdc/policy.h
index fe8307625..9ccf392b5 100644
--- a/src/kdc/policy.h
+++ b/src/kdc/policy.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/policy.h
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Declarations for policy.c
  */
@@ -34,6 +35,6 @@ extern int against_postdate_policy (krb5_timestamp);
 extern int against_flag_policy_as (const krb5_kdc_req *);
 
 extern int against_flag_policy_tgs (const krb5_kdc_req *,
-					      const krb5_ticket *);
+                                    const krb5_ticket *);
 
 #endif /* __KRB5_KDC_POLICY__ */
diff --git a/src/kdc/replay.c b/src/kdc/replay.c
index e6c48a4ea..d53936f24 100644
--- a/src/kdc/replay.c
+++ b/src/kdc/replay.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/replay.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Replay lookaside cache for the KDC, to avoid extra work.
  *
@@ -50,17 +51,17 @@ static int calls = 0;
 static int max_hits_per_entry = 0;
 static int num_entries = 0;
 
-#define STALE_TIME	2*60		/* two minutes */
-#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) ||	\
-		    ((ptr)->db_age != db_age))
+#define STALE_TIME      2*60            /* two minutes */
+#define STALE(ptr) ((abs((ptr)->timein - timenow) >= STALE_TIME) ||     \
+                    ((ptr)->db_age != db_age))
 
-#define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) &&	\
-		    !memcmp((ptr)->req_packet->data, inpkt->data,	\
-			    inpkt->length) &&				\
-		    ((ptr)->db_age == db_age))
+#define MATCH(ptr) (((ptr)->req_packet->length == inpkt->length) &&     \
+                    !memcmp((ptr)->req_packet->data, inpkt->data,       \
+                            inpkt->length) &&                           \
+                    ((ptr)->db_age == db_age))
 /* XXX
    Todo:  quench the size of the queue...
- */
+*/
 
 /* return TRUE if outpkt is filled in with a packet to reply with,
    FALSE if the caller should do the work */
@@ -72,9 +73,9 @@ kdc_check_lookaside(krb5_data *inpkt, krb5_data **outpkt)
     register krb5_kdc_replay_ent *eptr, *last, *hold;
     time_t db_age;
 
-    if (krb5_timeofday(kdc_context, &timenow) || 
-	krb5_db_get_age(kdc_context, 0, &db_age))
-	return FALSE;
+    if (krb5_timeofday(kdc_context, &timenow) ||
+        krb5_db_get_age(kdc_context, 0, &db_age))
+        return FALSE;
 
     calls++;
 
@@ -82,34 +83,34 @@ kdc_check_lookaside(krb5_data *inpkt, krb5_data **outpkt)
        stale entries while we're here */
 
     if (root_ptr.next) {
-	for (last = &root_ptr, eptr = root_ptr.next;
-	     eptr;
-	     eptr = eptr->next) {
-	    if (MATCH(eptr)) {
-		eptr->num_hits++;
-		hits++;
-
-		if (krb5_copy_data(kdc_context, eptr->reply_packet, outpkt))
-		    return FALSE;
-		else
-		    return TRUE;
-		/* return here, don't bother flushing even if it is stale.
-		   if we just matched, we may get another retransmit... */
-	    }
-	    if (STALE(eptr)) {
-		/* flush it and collect stats */
-		max_hits_per_entry = max(max_hits_per_entry, eptr->num_hits);
-		krb5_free_data(kdc_context, eptr->req_packet);
-		krb5_free_data(kdc_context, eptr->reply_packet);
-		hold = eptr;
-		last->next = eptr->next;
-		eptr = last;
-		free(hold);
-	    } else {
-		/* this isn't it, just move along */
-		last = eptr;
-	    }
-	}
+        for (last = &root_ptr, eptr = root_ptr.next;
+             eptr;
+             eptr = eptr->next) {
+            if (MATCH(eptr)) {
+                eptr->num_hits++;
+                hits++;
+
+                if (krb5_copy_data(kdc_context, eptr->reply_packet, outpkt))
+                    return FALSE;
+                else
+                    return TRUE;
+                /* return here, don't bother flushing even if it is stale.
+                   if we just matched, we may get another retransmit... */
+            }
+            if (STALE(eptr)) {
+                /* flush it and collect stats */
+                max_hits_per_entry = max(max_hits_per_entry, eptr->num_hits);
+                krb5_free_data(kdc_context, eptr->req_packet);
+                krb5_free_data(kdc_context, eptr->reply_packet);
+                hold = eptr;
+                last->next = eptr->next;
+                eptr = last;
+                free(hold);
+            } else {
+                /* this isn't it, just move along */
+                last = eptr;
+            }
+        }
     }
     return FALSE;
 }
@@ -120,18 +121,18 @@ kdc_check_lookaside(krb5_data *inpkt, krb5_data **outpkt)
 void
 kdc_insert_lookaside(krb5_data *inpkt, krb5_data *outpkt)
 {
-    register krb5_kdc_replay_ent *eptr;    
+    register krb5_kdc_replay_ent *eptr;
     krb5_int32 timenow;
     time_t db_age;
 
-    if (krb5_timeofday(kdc_context, &timenow) || 
-	krb5_db_get_age(kdc_context, 0, &db_age))
-	return;
+    if (krb5_timeofday(kdc_context, &timenow) ||
+        krb5_db_get_age(kdc_context, 0, &db_age))
+        return;
 
     /* this is a new entry */
     eptr = (krb5_kdc_replay_ent *)calloc(1, sizeof(*eptr));
     if (!eptr)
-	return;
+        return;
     eptr->timein = timenow;
     eptr->db_age = db_age;
     /*
@@ -140,13 +141,13 @@ kdc_insert_lookaside(krb5_data *inpkt, krb5_data *outpkt)
      * ARGH!
      */
     if (krb5_copy_data(kdc_context, inpkt, &eptr->req_packet)) {
-	free(eptr);
-	return;
+        free(eptr);
+        return;
     }
     if (krb5_copy_data(kdc_context, outpkt, &eptr->reply_packet)) {
-	krb5_free_data(kdc_context, eptr->req_packet);
-	free(eptr);
-	return;
+        krb5_free_data(kdc_context, eptr->req_packet);
+        free(eptr);
+        return;
     }
     eptr->next = root_ptr.next;
     root_ptr.next = eptr;
@@ -161,14 +162,14 @@ kdc_free_lookaside(krb5_context kcontext)
     register krb5_kdc_replay_ent *eptr, *last, *hold;
     if (root_ptr.next) {
         for (last = &root_ptr, eptr = root_ptr.next;
-	     eptr; eptr = eptr->next) {
-		krb5_free_data(kcontext, eptr->req_packet);
-		krb5_free_data(kcontext, eptr->reply_packet);
-		hold = eptr;
-		last->next = eptr->next;
-		eptr = last;
-		free(hold);
-	}
+             eptr; eptr = eptr->next) {
+            krb5_free_data(kcontext, eptr->req_packet);
+            krb5_free_data(kcontext, eptr->reply_packet);
+            hold = eptr;
+            last->next = eptr->next;
+            eptr = last;
+            free(hold);
+        }
     }
 }
 
diff --git a/src/kdc/rtest.c b/src/kdc/rtest.c
index 87f4a9652..4e3cd7bda 100644
--- a/src/kdc/rtest.c
+++ b/src/kdc/rtest.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kdc/rtest.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  */
 
@@ -33,84 +34,84 @@
 
 void krb5_klog_syslog(void);
 
-static krb5_principal 
+static krb5_principal
 make_princ(krb5_context ctx, const char *str, const char *prog)
 {
     krb5_principal ret;
     char *dat;
 
     if(!(ret = (krb5_principal) malloc(sizeof(krb5_principal_data)))) {
-	  com_err(prog, ENOMEM, "while allocating principal data");
-	  exit(3);
+        com_err(prog, ENOMEM, "while allocating principal data");
+        exit(3);
     }
     memset(ret, 0, sizeof(krb5_principal_data));
 
     /* We do not include the null... */
     if(!(dat = (char *) malloc(strlen(str)))) {
-	  com_err(prog, ENOMEM, "while allocating principal realm data");
-	  exit(3);
+        com_err(prog, ENOMEM, "while allocating principal realm data");
+        exit(3);
     }
     memcpy(dat, str, strlen(str));
     krb5_princ_set_realm_data(ctx, ret, dat);
     krb5_princ_set_realm_length(ctx, ret, strlen(str));
-    
+
     return ret;
 }
 
 int
 main(int argc, char **argv)
 {
-	krb5_data otrans;
-	krb5_data ntrans;
-	krb5_principal tgs, cl, sv;
-	krb5_error_code kret;
-	kdc_realm_t	kdc_realm;
-
-	if (argc < 4) {
-	    fprintf(stderr, "not enough args\n");
-	    exit(1);
-	}
-
-
-	/* Get a context */
-	kret = krb5int_init_context_kdc(&kdc_realm.realm_context);
-	if (kret) {
-	  com_err(argv[0], kret, "while getting krb5 context");
-	  exit(2);
-	}
-	/* Needed so kdc_context will work */
-	kdc_active_realm = &kdc_realm;
-
-	ntrans.length = 0;
-	ntrans.data = 0;
-
-	otrans.length = strlen(argv[1]);
-	if (otrans.length) 
-	  otrans.data = (char *) malloc(otrans.length);
-	else 
-	  otrans.data = 0;
-	memcpy(otrans.data,argv[1], otrans.length);
-
-	tgs = make_princ(kdc_context, argv[2], argv[0]);
-	cl  = make_princ(kdc_context, argv[3], argv[0]);
-	sv  = make_princ(kdc_context, argv[4], argv[0]);
-	
-	add_to_transited(&otrans,&ntrans,tgs,cl,sv);
-
-	printf("%s\n",ntrans.data);
-
-	/* Free up all memory so we can profile for leaks */
-	if (otrans.data)
-	  free(otrans.data);
-	free(ntrans.data);
-
-	krb5_free_principal(kdc_realm.realm_context, tgs);
-	krb5_free_principal(kdc_realm.realm_context, cl);
-	krb5_free_principal(kdc_realm.realm_context, sv);
-	krb5_free_context(kdc_realm.realm_context);
-
-	exit(0);
+    krb5_data otrans;
+    krb5_data ntrans;
+    krb5_principal tgs, cl, sv;
+    krb5_error_code kret;
+    kdc_realm_t     kdc_realm;
+
+    if (argc < 4) {
+        fprintf(stderr, "not enough args\n");
+        exit(1);
+    }
+
+
+    /* Get a context */
+    kret = krb5int_init_context_kdc(&kdc_realm.realm_context);
+    if (kret) {
+        com_err(argv[0], kret, "while getting krb5 context");
+        exit(2);
     }
+    /* Needed so kdc_context will work */
+    kdc_active_realm = &kdc_realm;
+
+    ntrans.length = 0;
+    ntrans.data = 0;
+
+    otrans.length = strlen(argv[1]);
+    if (otrans.length)
+        otrans.data = (char *) malloc(otrans.length);
+    else
+        otrans.data = 0;
+    memcpy(otrans.data,argv[1], otrans.length);
+
+    tgs = make_princ(kdc_context, argv[2], argv[0]);
+    cl  = make_princ(kdc_context, argv[3], argv[0]);
+    sv  = make_princ(kdc_context, argv[4], argv[0]);
+
+    add_to_transited(&otrans,&ntrans,tgs,cl,sv);
+
+    printf("%s\n",ntrans.data);
+
+    /* Free up all memory so we can profile for leaks */
+    if (otrans.data)
+        free(otrans.data);
+    free(ntrans.data);
+
+    krb5_free_principal(kdc_realm.realm_context, tgs);
+    krb5_free_principal(kdc_realm.realm_context, cl);
+    krb5_free_principal(kdc_realm.realm_context, sv);
+    krb5_free_context(kdc_realm.realm_context);
+
+    exit(0);
+}
 
 void krb5_klog_syslog(void) {}
 kdc_realm_t *find_realm_data (char *rname, krb5_ui_4 rsize) { return 0; }
diff --git a/src/kim/agent/mac/AuthenticationController.h b/src/kim/agent/mac/AuthenticationController.h
index ba0b21223..03b76ce53 100644
--- a/src/kim/agent/mac/AuthenticationController.h
+++ b/src/kim/agent/mac/AuthenticationController.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -30,9 +30,9 @@
 
 @interface AuthenticationController : NSWindowController {
     IPCClient *associatedClient;
-    
+
     IBOutlet KerberosTimeFormatter *lifetimeFormatter;
-    
+
     IBOutlet NSView *containerView;
     IBOutlet NSView *identityView;
     IBOutlet NSView *passwordView;
@@ -46,30 +46,30 @@
     IBOutlet BadgedImageView *samBadge;
     IBOutlet BadgedImageView *changePasswordBadge;
     IBOutlet BadgedImageView *errorBadge;
-    
+
     IBOutlet NSProgressIndicator *enterSpinny;
     IBOutlet NSProgressIndicator *passwordSpinny;
     IBOutlet NSProgressIndicator *samSpinny;
     IBOutlet NSProgressIndicator *changePasswordSpinny;
-    
+
     // Controls that need to be made key
     IBOutlet NSTextField *identityField;
     IBOutlet NSTextField *passwordField;
     IBOutlet NSTextField *samPromptField;
     IBOutlet NSTextField *oldPasswordField;
-    
+
     // Other controls of interest
     IBOutlet NSButton *rememberPasswordInKeychainCheckBox;
-    
+
     IBOutlet NSObjectController *glueController;
 
     IBOutlet NSWindow *ticketOptionsSheet;
     IBOutlet NSObjectController *ticketOptionsController;
     BOOL visibleAsSheet;
-    
+
     IBOutlet NSSlider *validLifetimeSlider;
     IBOutlet NSSlider *renewableLifetimeSlider;
-    
+
     NSMutableArray *favoriteIdentities;
     NSMutableDictionary *favoriteOptions;
 }
@@ -102,11 +102,11 @@
 
 - (IBAction) cancelAuthSheet: (id) sender;
 
-- (void) authSheetDidEnd: (NSWindow *) sheet 
-              returnCode: (int) returnCode 
+- (void) authSheetDidEnd: (NSWindow *) sheet
+              returnCode: (int) returnCode
              contextInfo: (void *) contextInfo;
-- (void) ticketOptionsSheetDidEnd: (NSWindow *) sheet 
-          returnCode: (int) returnCode 
+- (void) ticketOptionsSheetDidEnd: (NSWindow *) sheet
+          returnCode: (int) returnCode
          contextInfo: (void *) contextInfo;
 
 - (IBAction) changePasswordGearAction: (id) sender;
diff --git a/src/kim/agent/mac/BadgedImageView.h b/src/kim/agent/mac/BadgedImageView.h
index 4fba86727..489a90954 100644
--- a/src/kim/agent/mac/BadgedImageView.h
+++ b/src/kim/agent/mac/BadgedImageView.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/kim/agent/mac/IPCClient.h b/src/kim/agent/mac/IPCClient.h
index 0bea6000b..a700a6a53 100644
--- a/src/kim/agent/mac/IPCClient.h
+++ b/src/kim/agent/mac/IPCClient.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -59,11 +59,11 @@
 - (kim_error) handleError: (NSDictionary *) info;
 
 - (void) didCancel;
-- (void) didSelectIdentity: (NSString *) identityString 
-                   options: (NSDictionary *) options 
+- (void) didSelectIdentity: (NSString *) identityString
+                   options: (NSDictionary *) options
        wantsChangePassword: (BOOL) wantsChangePassword;
-- (void) didEnterIdentity: (NSString *) identityString 
-                  options: (NSDictionary *) options 
+- (void) didEnterIdentity: (NSString *) identityString
+                  options: (NSDictionary *) options
       wantsChangePassword: (BOOL) wantsChangePassword;
 - (void) didPromptForAuth: (NSString *) responseString saveResponse: (NSNumber *) saveResponse;
 - (void) didChangePassword: (NSString *) oldPassword
diff --git a/src/kim/agent/mac/Identities.h b/src/kim/agent/mac/Identities.h
index 712abb31c..72f735522 100644
--- a/src/kim/agent/mac/Identities.h
+++ b/src/kim/agent/mac/Identities.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/kim/agent/mac/KIMUtilities.h b/src/kim/agent/mac/KIMUtilities.h
index 6575ca712..adbc15914 100644
--- a/src/kim/agent/mac/KIMUtilities.h
+++ b/src/kim/agent/mac/KIMUtilities.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/kim/agent/mac/KerberosAgentController.h b/src/kim/agent/mac/KerberosAgentController.h
index 876961163..c6fae8670 100644
--- a/src/kim/agent/mac/KerberosAgentController.h
+++ b/src/kim/agent/mac/KerberosAgentController.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/kim/agent/mac/KerberosAgentListener.h b/src/kim/agent/mac/KerberosAgentListener.h
index 2d9378aff..4e0dc3dbb 100644
--- a/src/kim/agent/mac/KerberosAgentListener.h
+++ b/src/kim/agent/mac/KerberosAgentListener.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -46,7 +46,7 @@
                       path: (kim_string) path;
 
 // contains reply_port
-+ (void) didAddClient: (NSDictionary *) info 
++ (void) didAddClient: (NSDictionary *) info
                 error: (int32_t) error;
 
 + (void) enterIdentityWithClientPort: (mach_port_t) client_port
@@ -54,7 +54,7 @@
                              options: (kim_options) options;
 
 // contains reply_port, kim_identity
-+ (void) didEnterIdentity: (NSDictionary *) info 
++ (void) didEnterIdentity: (NSDictionary *) info
                     error: (int32_t) error;
 
 + (void) selectIdentityWithClientPort: (mach_port_t) client_port
@@ -62,21 +62,21 @@
                                 hints: (kim_selection_hints) hints;
 
 // contains reply_port, kim_identity
-+ (void) didSelectIdentity: (NSDictionary *) info 
++ (void) didSelectIdentity: (NSDictionary *) info
                      error: (int32_t) error;
 
 + (void) promptForAuthWithClientPort: (mach_port_t) client_port
                            replyPort: (mach_port_t) reply_port
                             identity: (kim_string) identity_string
                           promptType: (uint32_t) prompt_type
-                           allowSave: (kim_boolean) allow_save  
+                           allowSave: (kim_boolean) allow_save
                            hideReply: (kim_boolean) hide_reply
                                title: (kim_string) title
                              message: (kim_string) message
                          description: (kim_string) description;
 
 // contains reply_port, (string) prompt_response
-+ (void) didPromptForAuth: (NSDictionary *) info 
++ (void) didPromptForAuth: (NSDictionary *) info
                     error: (int32_t) error;
 
 + (void) changePasswordWithClientPort: (mach_port_t) client_port
@@ -85,7 +85,7 @@
                               expired: (kim_boolean) expired;
 
 // contains reply_port, old password, new password, verify password
-+ (void) didChangePassword: (NSDictionary *) info 
++ (void) didChangePassword: (NSDictionary *) info
                      error: (int32_t) error;
 
 + (void) handleErrorWithClientPort: (mach_port_t) client_port
@@ -96,7 +96,7 @@
                        description: (kim_string) description;
 
 // contains reply_port
-+ (void) didHandleError: (NSDictionary *) info 
++ (void) didHandleError: (NSDictionary *) info
                   error: (int32_t) error;
 
 
diff --git a/src/kim/agent/mac/KerberosFormatters.h b/src/kim/agent/mac/KerberosFormatters.h
index 104ea5f42..7dd28b7ab 100644
--- a/src/kim/agent/mac/KerberosFormatters.h
+++ b/src/kim/agent/mac/KerberosFormatters.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -35,7 +35,7 @@
 
 - (NSString *)stringForObjectValue:(id)anObject;
 
-- (NSAttributedString *)attributedStringForObjectValue:(id)anObject 
+- (NSAttributedString *)attributedStringForObjectValue:(id)anObject
 				 withDefaultAttributes:(NSDictionary *)attributes;
 
 - (NSString *) stringForLifetime: (time_t) lifetime;
@@ -43,11 +43,11 @@
 @end
 
 @interface KerberosFavoriteFormatter : NSFormatter {
-    
+
 }
 
 - (NSString *)stringForObjectValue:(id)anObject;
 
-- (NSAttributedString *)attributedStringForObjectValue:(id)anObject 
+- (NSAttributedString *)attributedStringForObjectValue:(id)anObject
 				 withDefaultAttributes:(NSDictionary *)attributes;
 @end
diff --git a/src/kim/agent/mac/PopupButton.h b/src/kim/agent/mac/PopupButton.h
index 5ced9513e..823ecb26e 100644
--- a/src/kim/agent/mac/PopupButton.h
+++ b/src/kim/agent/mac/PopupButton.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/kim/agent/mac/SelectIdentityController.h b/src/kim/agent/mac/SelectIdentityController.h
index 4d744ba08..b5f0bceb2 100644
--- a/src/kim/agent/mac/SelectIdentityController.h
+++ b/src/kim/agent/mac/SelectIdentityController.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -31,17 +31,17 @@
 
 @interface SelectIdentityController : NSWindowController {
     IPCClient *associatedClient;
-    
+
     IBOutlet KerberosTimeFormatter *shortTimeFormatter;
     IBOutlet KerberosTimeFormatter *longTimeFormatter;
-    
+
     IBOutlet NSObjectController *identitiesController;
     IBOutlet NSArrayController *identityArrayController;
 
     IBOutlet BadgedImageView *kerberosIconImageView;
     IBOutlet NSTextField *headerTextField;
     IBOutlet NSTextField *explanationTextField;
-    
+
     IBOutlet NSScrollView *identityTableScrollView;
     IBOutlet NSTableView *identityTableView;
     IBOutlet NSButton *addIdentityButton;
@@ -51,9 +51,9 @@
 
     Identities *identities;
     NSTimer *refreshTimer;
-    
+
     IBOutlet NSObjectController *glueController;
-    
+
     IBOutlet NSWindow *ticketOptionsWindow;
     IBOutlet NSObjectController *identityOptionsController;
     IBOutlet NSTextField *identityField;
@@ -61,7 +61,7 @@
 
     IBOutlet NSSlider *validLifetimeSlider;
     IBOutlet NSSlider *renewableLifetimeSlider;
-    
+
     IBOutlet NSBox *ticketOptionsBox;
     IBOutlet NSButton *ticketOptionsOkButton;
     IBOutlet NSButton *ticketOptionsToggleButton;
diff --git a/src/kim/agent/mac/ServerDemux.h b/src/kim/agent/mac/ServerDemux.h
index 39fd28107..b454376ca 100644
--- a/src/kim/agent/mac/ServerDemux.h
+++ b/src/kim/agent/mac/ServerDemux.h
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -30,34 +30,34 @@
 
 int32_t kim_agent_listen_loop (void);
 
-int32_t kim_handle_reply_init (mach_port_t   in_reply_port, 
+int32_t kim_handle_reply_init (mach_port_t   in_reply_port,
                                int32_t       in_error);
 
-int32_t kim_handle_reply_enter_identity (mach_port_t   in_reply_port, 
+int32_t kim_handle_reply_enter_identity (mach_port_t   in_reply_port,
                                          kim_identity  in_identity,
                                          kim_options   in_options,
                                          kim_boolean   in_change_password,
                                          int32_t       in_error);
 
-int32_t kim_handle_reply_select_identity (mach_port_t   in_reply_port, 
+int32_t kim_handle_reply_select_identity (mach_port_t   in_reply_port,
                                           kim_identity  in_identity,
                                           kim_options   in_options,
                                           kim_boolean   in_change_password,
                                           int32_t       in_error);
 
-int32_t kim_handle_reply_auth_prompt (mach_port_t   in_reply_port, 
+int32_t kim_handle_reply_auth_prompt (mach_port_t   in_reply_port,
                                       kim_string    in_prompt_response,
                                       kim_boolean   in_allow_save_response,
                                       int32_t       in_error);
 
-int32_t kim_handle_reply_change_password (mach_port_t   in_reply_port, 
+int32_t kim_handle_reply_change_password (mach_port_t   in_reply_port,
                                           kim_string    in_old_password,
                                           kim_string    in_new_password,
                                           kim_string    in_vfy_password,
                                           int32_t       in_error);
 
-int32_t kim_handle_reply_handle_error (mach_port_t   in_reply_port, 
+int32_t kim_handle_reply_handle_error (mach_port_t   in_reply_port,
                                        int32_t       in_error);
 
-int32_t kim_handle_reply_fini (mach_port_t   in_reply_port, 
+int32_t kim_handle_reply_fini (mach_port_t   in_reply_port,
                                int32_t       in_error);
diff --git a/src/kim/lib/kim_ccache.c b/src/kim/lib/kim_ccache.c
index cf6a18315..6e48eda43 100644
--- a/src/kim/lib/kim_ccache.c
+++ b/src/kim/lib/kim_ccache.c
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -40,35 +40,35 @@ kim_error kim_ccache_iterator_create (kim_ccache_iterator *out_ccache_iterator)
 {
     kim_error err = kim_library_init ();
     kim_ccache_iterator ccache_iterator = NULL;
-    
+
     if (!err && !out_ccache_iterator) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         ccache_iterator = malloc (sizeof (*ccache_iterator));
-        if (ccache_iterator) { 
+        if (ccache_iterator) {
             *ccache_iterator = kim_ccache_iterator_initializer;
         } else {
-            err = KIM_OUT_OF_MEMORY_ERR; 
+            err = KIM_OUT_OF_MEMORY_ERR;
         }
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&ccache_iterator->context));
     }
-    
+
     if (!err) {
         err = krb5_error (ccache_iterator->context,
                           krb5_cccol_cursor_new (ccache_iterator->context,
                                                  &ccache_iterator->cursor));
     }
-    
-    if (!err) {    
+
+    if (!err) {
         *out_ccache_iterator = ccache_iterator;
         ccache_iterator = NULL;
     }
-    
+
     kim_ccache_iterator_free (&ccache_iterator);
-    
+
     return check_error (err);
 }
 
@@ -79,54 +79,54 @@ kim_error kim_ccache_iterator_next (kim_ccache_iterator  in_ccache_iterator,
 {
     kim_error err = KIM_NO_ERROR;
     krb5_ccache ccache = NULL;
-    
+
     if (!err && !in_ccache_iterator) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_ccache        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = krb5_cccol_cursor_next (in_ccache_iterator->context, 
+        err = krb5_cccol_cursor_next (in_ccache_iterator->context,
                                       in_ccache_iterator->cursor,
                                       &ccache);
         if (err == KRB5_CC_END) {
             ccache = NULL; /* out of ccaches */
             err = KIM_NO_ERROR;
-        }        
+        }
     }
-    
+
     if (!err && ccache && in_ccache_iterator->first) {
         krb5_principal principal = NULL;
-        
+
         /* krb5 API is sneaky and returns a single empty ccache if the
          * cache collection is empty.  Check for it: */
         err = krb5_error (in_ccache_iterator->context,
-                           krb5_cc_get_principal (in_ccache_iterator->context, 
-                                                  ccache, 
+                           krb5_cc_get_principal (in_ccache_iterator->context,
+                                                  ccache,
                                                   &principal));
-        
+
         if (err) {
             krb5_cc_close (in_ccache_iterator->context, ccache);
             ccache = NULL;
             err = KIM_NO_ERROR;
         }
-        
-        if (principal) { krb5_free_principal (in_ccache_iterator->context, 
+
+        if (principal) { krb5_free_principal (in_ccache_iterator->context,
                                               principal); }
     }
-    
+
     if (!err) {
         in_ccache_iterator->first = 0;
-        
+
         if (ccache) {
             err = kim_ccache_create_from_krb5_ccache (out_ccache,
-                                                      in_ccache_iterator->context, 
+                                                      in_ccache_iterator->context,
                                                       ccache);
         } else {
             *out_ccache = NULL; /* no more ccaches */
-        }        
+        }
     }
-    
+
     if (ccache) { krb5_cc_close (in_ccache_iterator->context, ccache); }
-    
+
     return check_error (err);
 }
 
@@ -135,12 +135,12 @@ kim_error kim_ccache_iterator_next (kim_ccache_iterator  in_ccache_iterator,
 void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator)
 {
     if (io_ccache_iterator && *io_ccache_iterator) {
-        if ((*io_ccache_iterator)->context) { 
+        if ((*io_ccache_iterator)->context) {
             if ((*io_ccache_iterator)->cursor) {
-                krb5_cccol_cursor_free ((*io_ccache_iterator)->context, 
+                krb5_cccol_cursor_free ((*io_ccache_iterator)->context,
                                         &(*io_ccache_iterator)->cursor);
             }
-            krb5_free_context ((*io_ccache_iterator)->context); 
+            krb5_free_context ((*io_ccache_iterator)->context);
         }
         free (*io_ccache_iterator);
         *io_ccache_iterator = NULL;
@@ -165,16 +165,16 @@ static kim_error kim_ccache_create_resolve_name (kim_string *out_resolve_name,
                                                  kim_string  in_type)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !out_resolve_name) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_name         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_type         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_string_create_from_format (out_resolve_name, "%s:%s", 
+        err = kim_string_create_from_format (out_resolve_name, "%s:%s",
                                              in_type, in_name);
     }
-    
+
     return check_error (err);
 }
 
@@ -186,23 +186,23 @@ static inline kim_error kim_ccache_allocate (kim_ccache *out_ccache)
 {
     kim_error err = kim_library_init ();
     kim_ccache ccache = NULL;
-    
+
     if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         ccache = malloc (sizeof (*ccache));
         if (!ccache) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         *ccache = kim_ccache_initializer;
         *out_ccache = ccache;
         ccache = NULL;
     }
-    
+
     kim_ccache_free (&ccache);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -227,27 +227,27 @@ kim_error kim_ccache_create_new_with_password (kim_ccache   *out_ccache,
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
     kim_identity client_identity = NULL;
-    
+
     if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_credential_create_new_with_password (&credential, 
-                                                       in_client_identity, 
+        err = kim_credential_create_new_with_password (&credential,
+                                                       in_client_identity,
                                                        in_options,
                                                        in_password);
     }
-    
+
     if (!err) {
         err = kim_credential_get_client_identity (credential, &client_identity);
     }
-    
+
     if (!err) {
         err = kim_credential_store (credential, client_identity, out_ccache);
     }
-    
+
     kim_identity_free (&client_identity);
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -272,20 +272,20 @@ kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache   *out_ccach
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
+
     if (!err && !out_ccache        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_credential_state state;
-        
-        err = kim_ccache_create_from_client_identity (&ccache, 
+
+        err = kim_ccache_create_from_client_identity (&ccache,
                                                       in_client_identity);
-        
+
         if (!err) {
             err = kim_ccache_get_state (ccache, &state);
         }
-        
+
         if (!err && state != kim_credentials_state_valid) {
             if (state == kim_credentials_state_needs_validation) {
                 err = kim_ccache_validate (ccache, in_options);
@@ -294,23 +294,23 @@ kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache   *out_ccach
                 ccache = NULL;
             }
         }
-        
+
         if (!ccache) {
             /* ccache does not already exist, create a new one */
-            err = kim_ccache_create_new_with_password (&ccache, 
-                                                       in_client_identity, 
-                                                       in_options, 
+            err = kim_ccache_create_new_with_password (&ccache,
+                                                       in_client_identity,
+                                                       in_options,
                                                        in_password);
-        }        
+        }
     }
-    
+
     if (!err) {
         *out_ccache = ccache;
         ccache = NULL;
     }
-    
+
     kim_ccache_free (&ccache);
-    
+
     return check_error (err);
 }
 
@@ -320,62 +320,62 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache   *out_ccache,
                                                   kim_identity  in_client_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && in_client_identity) {
         kim_ccache_iterator iterator = NULL;
         kim_boolean found = FALSE;
 
         err = kim_ccache_iterator_create (&iterator);
-        
+
         while (!err && !found) {
             kim_ccache ccache = NULL;
             kim_identity identity = NULL;
             kim_comparison comparison;
-            
+
             err = kim_ccache_iterator_next (iterator, &ccache);
-            
+
             if (!err && !ccache) {
                 kim_string string = NULL;
-                
-                err = kim_identity_get_display_string (in_client_identity, 
+
+                err = kim_identity_get_display_string (in_client_identity,
                                                        &string);
-                
+
                 if (!err) {
-                    err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR, 
+                    err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR,
                                                           string);
                 }
-                
+
                 kim_string_free (&string);
             }
-            
+
             if (!err) {
                 err = kim_ccache_get_client_identity (ccache, &identity);
             }
-            
+
             if (!err) {
-                err = kim_identity_compare (in_client_identity, identity, 
+                err = kim_identity_compare (in_client_identity, identity,
                                             &comparison);
             }
-            
+
             if (!err && kim_comparison_is_equal_to (comparison)) {
                 found = 1;
                 *out_ccache = ccache;
                 ccache = NULL;
             }
-            
+
             kim_identity_free (&identity);
             kim_ccache_free (&ccache);
         }
-        
+
         kim_ccache_iterator_free (&iterator);
-        
+
     } else if (!err) {
         /* in_client_identity is NULL, get default ccache */
         err = kim_ccache_create_from_default (out_ccache);
     }
-    
+
     return check_error (err);
 }
 
@@ -391,25 +391,25 @@ kim_error kim_ccache_create_from_keytab (kim_ccache    *out_ccache,
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
     kim_identity client_identity = NULL;
-    
+
     if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_credential_create_from_keytab (&credential, in_identity, 
+        err = kim_credential_create_from_keytab (&credential, in_identity,
                                                  in_options, in_keytab);
     }
-    
+
     if (!err) {
         err = kim_credential_get_client_identity (credential, &client_identity);
     }
-    
+
     if (!err) {
         err = kim_credential_store (credential, client_identity, out_ccache);
     }
-    
+
     kim_identity_free (&client_identity);
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -421,29 +421,29 @@ kim_error kim_ccache_create_from_default (kim_ccache *out_ccache)
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
+
     if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ccache_allocate (&ccache);
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&ccache->context));
     }
-    
+
     if (!err) {
         err = krb5_error (ccache->context,
                           krb5_cc_default (ccache->context, &ccache->ccache));
     }
-    
+
     if (!err) {
         *out_ccache = ccache;
         ccache = NULL;
     }
-    
+
     kim_ccache_free (&ccache);
-    
+
     return check_error (err);
 }
 
@@ -454,31 +454,31 @@ kim_error kim_ccache_create_from_display_name (kim_ccache  *out_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
+
     if (!err && !out_ccache     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_display_name) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ccache_allocate (&ccache);
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&ccache->context));
     }
-    
+
     if (!err) {
         err = krb5_error (ccache->context,
-                          krb5_cc_resolve (ccache->context, in_display_name, 
+                          krb5_cc_resolve (ccache->context, in_display_name,
                                            &ccache->ccache));
     }
-    
+
     if (!err) {
         *out_ccache = ccache;
         ccache = NULL;
     }
-    
+
     kim_ccache_free (&ccache);
-    
+
     return check_error (err);
 }
 
@@ -490,21 +490,21 @@ kim_error kim_ccache_create_from_type_and_name (kim_ccache  *out_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     kim_string resolve_name = NULL;
-    
+
     if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_name   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_type   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ccache_create_resolve_name (&resolve_name, in_name, in_type);
     }
-    
+
     if (!err) {
         err = kim_ccache_create_from_display_name (out_ccache, resolve_name);
     }
-    
+
     kim_string_free (&resolve_name);
-    
+
     return check_error (err);
 }
 
@@ -515,18 +515,18 @@ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache  *out_ccache,
                                               krb5_ccache    in_krb5_ccache)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !out_ccache     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_krb5_ccache ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_krb5_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_string type = krb5_cc_get_type (in_krb5_context, in_krb5_ccache);
         kim_string name = krb5_cc_get_name (in_krb5_context, in_krb5_ccache);
-        
+
         err = kim_ccache_create_from_type_and_name (out_ccache, type, name);
     }
-    
+
     return check_error (err);
 }
 
@@ -538,25 +538,25 @@ kim_error kim_ccache_copy (kim_ccache  *out_ccache,
     kim_error err = KIM_NO_ERROR;
     kim_string name = NULL;
     kim_string type = NULL;
-    
+
     if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_ccache ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ccache_get_name (in_ccache, &name);
     }
-    
+
     if (!err) {
         err = kim_ccache_get_type (in_ccache, &type);
     }
-    
+
     if (!err) {
         err = kim_ccache_create_from_type_and_name (out_ccache, type, name);
     }
-    
+
     kim_string_free (&name);
     kim_string_free (&type);
-    
+
     return check_error (err);
 }
 
@@ -569,28 +569,28 @@ kim_error kim_ccache_compare (kim_ccache      in_ccache,
                               kim_comparison *out_comparison)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_ccache           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_compare_to_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_comparison      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        const char *type            = krb5_cc_get_type (in_ccache->context, 
+        const char *type            = krb5_cc_get_type (in_ccache->context,
                                                         in_ccache->ccache);
-        const char *compare_to_type = krb5_cc_get_type (in_compare_to_ccache->context, 
+        const char *compare_to_type = krb5_cc_get_type (in_compare_to_ccache->context,
                                                         in_compare_to_ccache->ccache);
-        const char *name            = krb5_cc_get_name (in_ccache->context, 
+        const char *name            = krb5_cc_get_name (in_ccache->context,
                                                         in_ccache->ccache);
-        const char *compare_to_name = krb5_cc_get_name (in_compare_to_ccache->context, 
+        const char *compare_to_name = krb5_cc_get_name (in_compare_to_ccache->context,
                                                         in_compare_to_ccache->ccache);
-        
+
         *out_comparison = strcmp (type, compare_to_type);
-        
+
         if (*out_comparison == 0) {
             *out_comparison = strcmp (name, compare_to_name);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -602,23 +602,23 @@ kim_error kim_ccache_get_krb5_ccache (kim_ccache  in_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     kim_string resolve_name = NULL;
-    
+
     if (!err && !in_ccache      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_krb5_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_krb5_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ccache_get_display_name (in_ccache, &resolve_name);
     }
-    
+
     if (!err) {
         err = krb5_error (in_krb5_context,
-                          krb5_cc_resolve (in_krb5_context, resolve_name, 
+                          krb5_cc_resolve (in_krb5_context, resolve_name,
                                            out_krb5_ccache));
     }
-    
+
     kim_string_free (&resolve_name);
-    
+
     return check_error (err);
 }
 
@@ -628,15 +628,15 @@ kim_error kim_ccache_get_type (kim_ccache  in_ccache,
                                kim_string *out_type)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_type ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_string_copy (out_type, krb5_cc_get_type (in_ccache->context, 
+        err = kim_string_copy (out_type, krb5_cc_get_type (in_ccache->context,
                                                            in_ccache->ccache));
     }
-    
+
     return check_error (err);
 }
 
@@ -646,15 +646,15 @@ kim_error kim_ccache_get_name (kim_ccache  in_ccache,
                                kim_string *out_name)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_name ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_string_copy (out_name, krb5_cc_get_name (in_ccache->context, 
+        err = kim_string_copy (out_name, krb5_cc_get_name (in_ccache->context,
                                                            in_ccache->ccache));
     }
-    
+
     return check_error (err);
 }
 
@@ -664,19 +664,19 @@ kim_error kim_ccache_get_display_name (kim_ccache  in_ccache,
                                        kim_string *out_display_name)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_ccache       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_display_name) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        kim_string type = krb5_cc_get_type (in_ccache->context, 
+        kim_string type = krb5_cc_get_type (in_ccache->context,
                                             in_ccache->ccache);
-        kim_string name = krb5_cc_get_name (in_ccache->context, 
+        kim_string name = krb5_cc_get_name (in_ccache->context,
                                             in_ccache->ccache);
-        
+
         err = kim_ccache_create_resolve_name (out_display_name, name, type);
     }
-    
+
     return check_error (err);
 }
 
@@ -687,25 +687,25 @@ kim_error kim_ccache_get_client_identity (kim_ccache    in_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     krb5_principal principal = NULL;
-    
+
     if (!err && !in_ccache          ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = krb5_error (in_ccache->context,
-                          krb5_cc_get_principal (in_ccache->context, 
-                                                 in_ccache->ccache, 
+                          krb5_cc_get_principal (in_ccache->context,
+                                                 in_ccache->ccache,
                                                  &principal));
     }
-    
+
     if (!err) {
         err = kim_identity_create_from_krb5_principal (out_client_identity,
-                                                       in_ccache->context, 
+                                                       in_ccache->context,
                                                        principal);
     }
-    
+
     if (principal) { krb5_free_principal (in_ccache->context, principal); }
-    
+
     return check_error (err);
 }
 
@@ -723,110 +723,110 @@ static kim_error kim_ccache_get_dominant_credential (kim_ccache            in_cc
     kim_boolean dominant_is_tgt = FALSE;
     kim_credential_state dominant_state = kim_credentials_state_valid;
     kim_credential dominant_credential = NULL;
-    
+
     if (!err && !in_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_iterator_create (&iterator, in_ccache);
     }
-    
+
     while (!err && !out_of_credentials && !found_valid_tgt) {
         kim_credential credential = NULL;
-        
+
         err = kim_credential_iterator_next (iterator, &credential);
-        
+
         if (!err && !credential) {
             out_of_credentials = TRUE;
-            
+
         } else if (!err) {
             kim_credential_state state = kim_credentials_state_valid;
             kim_boolean is_tgt = FALSE;
-            
+
             err = kim_credential_get_state (credential, &state);
-            
+
             if (!err) {
                 kim_identity service_identity = NULL;
-                
-                err = kim_credential_get_service_identity (credential, 
+
+                err = kim_credential_get_service_identity (credential,
                                                            &service_identity);
-                
+
                 if (!err) {
                     err = kim_identity_is_tgt_service (service_identity, &is_tgt);
                 }
-                
+
                 kim_identity_free (&service_identity);
             }
-            
+
             if (!err) {
-                /* There are three cases where we replace: 
+                /* There are three cases where we replace:
                  * 1) We don't have a dominant yet
                  * 2) This is a tgt and dominant isn't
                  * 3) Both are tgts but this is valid and dominant isn't */
-                
-                if ((!dominant_credential)        /* 1 */ || 
+
+                if ((!dominant_credential)        /* 1 */ ||
                     (is_tgt && !dominant_is_tgt)  /* 2 */ ||
-                    (is_tgt && dominant_is_tgt && /* 3 */ 
+                    (is_tgt && dominant_is_tgt && /* 3 */
                      state == kim_credentials_state_valid &&
                      dominant_state != kim_credentials_state_valid)) {
                     /* replace */
                     kim_credential_free (&dominant_credential);
-                    
+
                     dominant_credential = credential;
                     credential = NULL; /* take ownership */
-                    
+
                     dominant_is_tgt = is_tgt;
                     dominant_state = state;
                 }
-                
-                if (dominant_is_tgt && 
+
+                if (dominant_is_tgt &&
                     dominant_state == kim_credentials_state_valid) {
                     /* Since we will never replace a valid tgt, stop here */
                     found_valid_tgt = TRUE;
                 }
             }
         }
-        
+
         kim_credential_free (&credential);
     }
-    
+
     if (!err && !dominant_credential) {
         kim_identity identity = NULL;
         kim_string identity_string = NULL;
-        
+
         err = kim_ccache_get_client_identity (in_ccache, &identity);
-        
+
         if (!err) {
-            err = kim_identity_get_display_string (identity, 
+            err = kim_identity_get_display_string (identity,
                                                    &identity_string);
         }
-        
+
         if (!err) {
-            err = kim_error_set_message_for_code (KIM_NO_CREDENTIALS_ERR, 
+            err = kim_error_set_message_for_code (KIM_NO_CREDENTIALS_ERR,
                                                   identity_string);
-        }    
+        }
 
         kim_string_free (&identity_string);
         kim_identity_free (&identity);
     }
-        
+
     if (!err) {
         if (out_is_tgt) {
             *out_is_tgt = dominant_is_tgt;
         }
-        
+
         if (out_state) {
             *out_state = dominant_state;
         }
-         
+
         if (out_credential) {
             *out_credential = dominant_credential;
             dominant_credential = NULL;  /* take ownership */
         }
     }
-    
+
     kim_credential_free (&dominant_credential);
     kim_credential_iterator_free (&iterator);
-    
+
     return check_error (err);
 }
 
@@ -839,57 +839,57 @@ kim_error kim_ccache_get_valid_credential (kim_ccache      in_ccache,
     kim_boolean is_tgt = FALSE;
     kim_credential_state state = kim_credentials_state_valid;
     kim_credential credential = NULL;
-    
+
     if (!err && !in_ccache     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_ccache_get_dominant_credential (in_ccache, 
+        err = kim_ccache_get_dominant_credential (in_ccache,
                                                   &state, &is_tgt, &credential);
     }
-    
+
     if (!err && state != kim_credentials_state_valid) {
         kim_identity identity = NULL;
         kim_string identity_string = NULL;
-        
+
         err = kim_ccache_get_client_identity (in_ccache, &identity);
-        
+
         if (!err) {
-            err = kim_identity_get_display_string (identity, 
+            err = kim_identity_get_display_string (identity,
                                                    &identity_string);
         }
-        
+
         if (!err) {
             if (state == kim_credentials_state_expired) {
-                err = kim_error_set_message_for_code (KIM_CREDENTIALS_EXPIRED_ERR, 
+                err = kim_error_set_message_for_code (KIM_CREDENTIALS_EXPIRED_ERR,
                                                   identity_string);
-                
+
             } else if (state == kim_credentials_state_not_yet_valid ||
                        state == kim_credentials_state_needs_validation) {
-                err = kim_error_set_message_for_code (KIM_NEEDS_VALIDATION_ERR, 
+                err = kim_error_set_message_for_code (KIM_NEEDS_VALIDATION_ERR,
                                                       identity_string);
-                
+
             } else if (state == kim_credentials_state_address_mismatch) {
-                err = kim_error_set_message_for_code (KIM_BAD_IP_ADDRESS_ERR, 
-                                                      identity_string);                
+                err = kim_error_set_message_for_code (KIM_BAD_IP_ADDRESS_ERR,
+                                                      identity_string);
             } else {
                 /* just default to this */
-                err = kim_error_set_message_for_code (KIM_NEEDS_VALIDATION_ERR, 
+                err = kim_error_set_message_for_code (KIM_NEEDS_VALIDATION_ERR,
                                                       identity_string);
             }
         }
-        
+
         kim_string_free (&identity_string);
         kim_identity_free (&identity);
     }
-    
+
     if (!err) {
         *out_credential = credential;
         credential = NULL;  /* take ownership */
     }
-    
+
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -899,16 +899,16 @@ kim_error kim_ccache_get_state (kim_ccache            in_ccache,
                                 kim_credential_state *out_state)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_state) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_ccache_get_dominant_credential (in_ccache, 
+        err = kim_ccache_get_dominant_credential (in_ccache,
                                                   out_state, NULL, NULL);
     }
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -918,21 +918,21 @@ kim_error kim_ccache_get_start_time (kim_ccache  in_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
-    
+
     if (!err && !in_ccache     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_start_time) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL, 
+        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL,
                                                   &credential);
     }
-    
+
     if (!err) {
         err = kim_credential_get_start_time (credential, out_start_time);
     }
-    
+
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -943,22 +943,22 @@ kim_error kim_ccache_get_expiration_time (kim_ccache  in_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
-    
+
     if (!err && !in_ccache          ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_expiration_time) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL, 
+        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL,
                                                   &credential);
     }
-    
+
     if (!err) {
-        err = kim_credential_get_expiration_time (credential, 
+        err = kim_credential_get_expiration_time (credential,
                                                   out_expiration_time);
     }
-    
+
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -969,22 +969,22 @@ kim_error kim_ccache_get_renewal_expiration_time (kim_ccache  in_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
-    
+
     if (!err && !in_ccache                  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_renewal_expiration_time) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL, 
+        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL,
                                                   &credential);
     }
-    
+
     if (!err) {
-        err = kim_credential_get_renewal_expiration_time (credential, 
+        err = kim_credential_get_renewal_expiration_time (credential,
                                                           out_renewal_expiration_time);
     }
-    
+
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -995,21 +995,21 @@ kim_error kim_ccache_get_options (kim_ccache   in_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
-    
+
     if (!err && !in_ccache  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL, 
+        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL,
                                                   &credential);
     }
-    
+
     if (!err) {
         err = kim_credential_get_options (credential, out_options);
     }
-    
+
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -1020,104 +1020,104 @@ kim_error kim_ccache_get_options (kim_ccache   in_ccache,
 kim_error kim_ccache_set_default (kim_ccache io_ccache)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         char *environment_ccache_name = getenv ("KRB5CCNAME");
-        
+
         if (environment_ccache_name) {
             kim_ccache environment_ccache = NULL;
             kim_comparison comparison;
-            
+
             err = kim_ccache_create_from_display_name (&environment_ccache,
                                                        environment_ccache_name);
-            
+
             if (!err) {
-                err = kim_ccache_compare (io_ccache, 
+                err = kim_ccache_compare (io_ccache,
                                           environment_ccache,
                                           &comparison);
             }
-            
+
             if (!err && !kim_comparison_is_equal_to (comparison)) {
                 krb5_principal client_principal = NULL;
 
-                /* KRB5CCNAME is set and does not point to this ccache.  
+                /* KRB5CCNAME is set and does not point to this ccache.
                  * Move the creds and make this kim_ccache_t object refer to that ccache.  */
-                
+
                 err = krb5_error (io_ccache->context,
-                                  krb5_cc_get_principal (io_ccache->context, 
-                                                         io_ccache->ccache, 
+                                  krb5_cc_get_principal (io_ccache->context,
+                                                         io_ccache->ccache,
                                                          &client_principal));
-                
+
                 if (!err) {
                     err = krb5_error (io_ccache->context,
-                                      krb5_cc_initialize (environment_ccache->context, 
-                                                          environment_ccache->ccache, 
+                                      krb5_cc_initialize (environment_ccache->context,
+                                                          environment_ccache->ccache,
                                                           client_principal));
                 }
-                
+
                 if (!err) {
                     err = krb5_error (io_ccache->context,
-                                      krb5_cc_copy_creds (io_ccache->context, 
-                                                          io_ccache->ccache, 
+                                      krb5_cc_copy_creds (io_ccache->context,
+                                                          io_ccache->ccache,
                                                           environment_ccache->ccache));
                 }
-                
-                if (client_principal) { krb5_free_principal (io_ccache->context, 
+
+                if (client_principal) { krb5_free_principal (io_ccache->context,
                                                              client_principal); }
-                
+
                 if (!err) {
                     kim_ccache_destroy (&io_ccache);
                     io_ccache = environment_ccache;
                     environment_ccache = NULL; /* take ownership */
                 }
             }
-            
+
             kim_ccache_free (&environment_ccache);
-            
+
         } else {
 #ifdef USE_CCAPI
             kim_string type = NULL;
             kim_string name = NULL;
             cc_context_t cc_context = NULL;
             cc_ccache_t cc_ccache = NULL;
-            
+
             err = kim_ccache_get_type (io_ccache, &type);
-            
+
             if (!err && strcmp (type, "API")) {
 #endif
                 kim_string display_name = NULL;
                 /* Not a CCAPI ccache; can't set to default */
-                
+
                 err = kim_ccache_get_display_name (io_ccache, &display_name);
-                
+
                 if (!err) {
-                    err = kim_error_set_message_for_code (KIM_CANT_BECOME_DEFAULT_ERR, 
+                    err = kim_error_set_message_for_code (KIM_CANT_BECOME_DEFAULT_ERR,
                                                           display_name);
                 }
-                
+
                 kim_string_free (&display_name);
 #ifdef USE_CCAPI
             }
-            
+
             if (!err) {
                 err = kim_ccache_get_name (io_ccache, &name);
             }
-            
+
             /* get a CCAPI ccache for this cache */
             if (!err) {
                 err = cc_initialize (&cc_context, ccapi_version_4, NULL, NULL);
             }
-            
+
             if (!err) {
                 err = cc_context_open_ccache (cc_context, name, &cc_ccache);
             }
-            
+
             if (!err) {
                 err = cc_ccache_set_default (cc_ccache);
             }
-            
+
             if (cc_context) { cc_context_release (cc_context); }
             if (cc_ccache ) { cc_ccache_release (cc_ccache); }
             kim_string_free (&name);
@@ -1125,7 +1125,7 @@ kim_error kim_ccache_set_default (kim_ccache io_ccache)
 #endif
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -1140,20 +1140,20 @@ kim_error kim_ccache_verify (kim_ccache   in_ccache,
 {
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
-    
+
     if (!err && !in_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ccache_get_valid_credential (in_ccache, &credential);
     }
-    
+
     if (!err) {
-        err = kim_credential_verify (credential, in_service_identity, 
+        err = kim_credential_verify (credential, in_service_identity,
                                      in_keytab, in_fail_if_no_service_key);
     }
-    
+
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -1167,28 +1167,28 @@ kim_error kim_ccache_renew (kim_ccache  in_ccache,
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
     kim_identity client_identity = NULL;
-    
+
     if (!err && !in_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ccache_get_valid_credential (in_ccache, &credential);
     }
-    
+
     if (!err) {
         err = kim_credential_renew (&credential, in_options);
     }
-    
+
     if (!err) {
         err = kim_ccache_get_client_identity (in_ccache, &client_identity);
     }
-    
+
     if (!err) {
         err = kim_credential_store (credential, client_identity, NULL);
     }
-    
+
     kim_identity_free (&client_identity);
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -1200,28 +1200,28 @@ kim_error kim_ccache_validate (kim_ccache  in_ccache,
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
     kim_identity client_identity = NULL;
-    
+
     if (!err && !in_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ccache_get_valid_credential (in_ccache, &credential);
     }
-    
+
     if (!err) {
         err = kim_credential_validate (&credential, in_options);
     }
-    
+
     if (!err) {
         err = kim_ccache_get_client_identity (in_ccache, &client_identity);
     }
-    
+
     if (!err) {
         err = kim_credential_store (credential, client_identity, NULL);
     }
-    
+
     kim_identity_free (&client_identity);
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -1232,18 +1232,18 @@ kim_error kim_ccache_validate (kim_ccache  in_ccache,
 kim_error kim_ccache_destroy (kim_ccache *io_ccache)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (io_ccache && *io_ccache) {
         err = krb5_error ((*io_ccache)->context,
-                          krb5_cc_destroy ((*io_ccache)->context, 
+                          krb5_cc_destroy ((*io_ccache)->context,
                                            (*io_ccache)->ccache));
-        
-        if (!err) { 
-            (*io_ccache)->ccache = NULL; 
+
+        if (!err) {
+            (*io_ccache)->ccache = NULL;
             kim_ccache_free (io_ccache);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -1252,14 +1252,13 @@ kim_error kim_ccache_destroy (kim_ccache *io_ccache)
 void kim_ccache_free (kim_ccache *io_ccache)
 {
     if (io_ccache && *io_ccache) {
-        if ((*io_ccache)->context) { 
+        if ((*io_ccache)->context) {
             if ((*io_ccache)->ccache) {
                 krb5_cc_close ((*io_ccache)->context, (*io_ccache)->ccache);
             }
-            krb5_free_context ((*io_ccache)->context); 
+            krb5_free_context ((*io_ccache)->context);
         }
         free (*io_ccache);
         *io_ccache = NULL;
     }
 }
-
diff --git a/src/kim/lib/kim_credential.c b/src/kim/lib/kim_credential.c
index 8d2c1ee60..fe910cf04 100644
--- a/src/kim/lib/kim_credential.c
+++ b/src/kim/lib/kim_credential.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -43,42 +43,42 @@ kim_error kim_credential_iterator_create (kim_credential_iterator *out_credentia
 {
     kim_error err = kim_library_init ();
     kim_credential_iterator credential_iterator = NULL;
-    
+
     if (!err && !out_credential_iterator) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_ccache              ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         credential_iterator = malloc (sizeof (*credential_iterator));
-        if (credential_iterator) { 
+        if (credential_iterator) {
             *credential_iterator = kim_credential_iterator_initializer;
         } else {
-            err = KIM_OUT_OF_MEMORY_ERR; 
+            err = KIM_OUT_OF_MEMORY_ERR;
         }
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&credential_iterator->context));
     }
-    
+
     if (!err) {
         err = kim_ccache_get_krb5_ccache (in_ccache,
                                           credential_iterator->context,
                                           &credential_iterator->ccache);
     }
-    
+
     if (!err) {
         /* Turn off OPENCLOSE mode */
         err = krb5_error (credential_iterator->context,
                           krb5_cc_get_flags (credential_iterator->context,
                                              credential_iterator->ccache,
                                              &credential_iterator->old_flags));
-        
+
         if (!err && credential_iterator->old_flags & KRB5_TC_OPENCLOSE) {
             krb5_flags new_flags = credential_iterator->old_flags & ~KRB5_TC_OPENCLOSE;
-            
+
             err = krb5_error (credential_iterator->context,
-                              krb5_cc_set_flags (credential_iterator->context, 
-                                                 credential_iterator->ccache, 
+                              krb5_cc_set_flags (credential_iterator->context,
+                                                 credential_iterator->ccache,
                                                  new_flags));
             if (err == KRB5_FCC_NOFILE) { err = KIM_NO_ERROR; }
         }
@@ -86,18 +86,18 @@ kim_error kim_credential_iterator_create (kim_credential_iterator *out_credentia
 
     if (!err) {
         err = krb5_error (credential_iterator->context,
-                          krb5_cc_start_seq_get (credential_iterator->context, 
+                          krb5_cc_start_seq_get (credential_iterator->context,
                                                  credential_iterator->ccache,
                                                  &credential_iterator->cursor));
     }
-    
+
     if (!err) {
         *out_credential_iterator = credential_iterator;
         credential_iterator = NULL;
     }
-    
+
     kim_credential_iterator_free (&credential_iterator);
-    
+
     return check_error (err);
 }
 
@@ -107,33 +107,33 @@ kim_error kim_credential_iterator_next (kim_credential_iterator  in_credential_i
                                         kim_credential          *out_credential)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_credential_iterator) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_credential        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         krb5_creds creds;
-        
-        krb5_error_code terr = krb5_cc_next_cred (in_credential_iterator->context, 
+
+        krb5_error_code terr = krb5_cc_next_cred (in_credential_iterator->context,
                                                   in_credential_iterator->ccache,
                                                   &in_credential_iterator->cursor,
                                                   &creds);
-        
+
         if (!terr) {
             err = kim_credential_create_from_krb5_creds (out_credential,
                                                          in_credential_iterator->context,
                                                          &creds);
-            
+
             krb5_free_cred_contents (in_credential_iterator->context, &creds);
-            
+
         } else if (terr == KRB5_CC_END) {
             *out_credential = NULL; /* no more ccaches */
-            
+
         } else {
             err = krb5_error (in_credential_iterator->context, terr);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -142,21 +142,21 @@ kim_error kim_credential_iterator_next (kim_credential_iterator  in_credential_i
 void kim_credential_iterator_free (kim_credential_iterator *io_credential_iterator)
 {
     if (io_credential_iterator && *io_credential_iterator) {
-        if ((*io_credential_iterator)->context) { 
+        if ((*io_credential_iterator)->context) {
             if ((*io_credential_iterator)->ccache) {
                 if ((*io_credential_iterator)->cursor) {
-                    krb5_cc_end_seq_get ((*io_credential_iterator)->context, 
+                    krb5_cc_end_seq_get ((*io_credential_iterator)->context,
                                          (*io_credential_iterator)->ccache,
                                          &(*io_credential_iterator)->cursor);
 
-                    krb5_cc_set_flags ((*io_credential_iterator)->context, 
-                                       (*io_credential_iterator)->ccache, 
+                    krb5_cc_set_flags ((*io_credential_iterator)->context,
+                                       (*io_credential_iterator)->ccache,
                                        (*io_credential_iterator)->old_flags);
                 }
-                krb5_cc_close ((*io_credential_iterator)->context, 
+                krb5_cc_close ((*io_credential_iterator)->context,
                                (*io_credential_iterator)->ccache);
             }
-            krb5_free_context ((*io_credential_iterator)->context); 
+            krb5_free_context ((*io_credential_iterator)->context);
         }
         free (*io_credential_iterator);
         *io_credential_iterator = NULL;
@@ -180,23 +180,23 @@ static inline kim_error kim_credential_allocate (kim_credential *out_credential)
 {
     kim_error err = kim_library_init ();
     kim_credential credential = NULL;
-    
+
     if (!err && !out_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         credential = malloc (sizeof (*credential));
         if (!credential) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         *credential = kim_credential_initializer;
         *out_credential = credential;
         credential = NULL;
     }
-    
+
     kim_credential_free (&credential);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -220,34 +220,34 @@ static void kim_credential_remember_prefs (kim_identity in_identity,
     kim_preferences prefs = NULL;
     kim_boolean remember_identity = 0;
     kim_boolean remember_options = 0;
-    
+
     err = kim_preferences_create (&prefs);
-    
+
     if (!err && in_options) {
-        err = kim_preferences_get_remember_options (prefs, 
+        err = kim_preferences_get_remember_options (prefs,
                                                     &remember_options);
     }
-    
+
     if (!err && in_identity) {
-        err = kim_preferences_get_remember_client_identity (prefs, 
+        err = kim_preferences_get_remember_client_identity (prefs,
                                                             &remember_identity);
     }
-    
+
     if (!err && remember_options) {
         err = kim_preferences_set_options (prefs, in_options);
     }
-    
+
     if (!err && remember_identity) {
         err = kim_preferences_set_client_identity (prefs, in_identity);
-        
-    }        
-    
+
+    }
+
     if (!err && (remember_options || remember_identity)) {
         err = kim_preferences_synchronize (prefs);
     }
-    
+
     kim_preferences_free (&prefs);
-    
+
     check_error (err);
 }
 
@@ -266,15 +266,15 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia
     kim_boolean done_with_identity = 0;
 
     if (!err && !out_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_allocate (&credential);
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&credential->context));
     }
-    
+
     if (!err) {
         if (in_options) {
             options = in_options;
@@ -282,48 +282,48 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia
             err = kim_options_create (&options);
         }
     }
-    
+
     if (!err) {
         err = kim_ui_init (&context);
         if (!err) { ui_inited = 1; }
     }
-    
+
     while (!err && !done_with_identity) {
         kim_identity identity = in_identity;
         kim_boolean done_with_credentials = 0;
 
         if (identity) {
             done_with_identity = 1;
-            
+
         } else while (!err && !identity) {
             kim_boolean user_wants_change_password = 0;
-            
-            err = kim_ui_enter_identity (&context, options, 
-                                         &identity, 
+
+            err = kim_ui_enter_identity (&context, options,
+                                         &identity,
                                          &user_wants_change_password);
-            
+
             if (!err && user_wants_change_password) {
-                err = kim_identity_change_password_common (identity, 0, 
-                                                           &context, 
+                err = kim_identity_change_password_common (identity, 0,
+                                                           &context,
                                                            NULL);
-                
+
                 /* reenter enter_identity so just forget this identity
                  * even if we got an error */
-                if (err == KIM_USER_CANCELED_ERR || 
-                    err == KIM_DUPLICATE_UI_REQUEST_ERR) { 
-                    err = KIM_NO_ERROR; 
+                if (err == KIM_USER_CANCELED_ERR ||
+                    err == KIM_DUPLICATE_UI_REQUEST_ERR) {
+                    err = KIM_NO_ERROR;
                 }
-                
+
                 kim_identity_free (&identity);
             }
-            
+
         }
-        
+
         if (!err) {
             context.identity = identity; /* used by kim_ui_prompter */
         }
-        
-        while (!err && !done_with_credentials) { 
+
+        while (!err && !done_with_credentials) {
             krb5_creds creds;
             kim_boolean free_creds = 0;
             kim_count prompt_count;
@@ -331,149 +331,149 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia
             krb5_get_init_creds_opt *opts = kim_options_init_cred_options (options);
             char *service = kim_options_service_name (options);
             kim_time start_time = kim_options_start_time (options);
-            
+
             /* set counter to zero so we can tell if we got prompted */
             context.prompt_count = 0;
             context.password_to_save = NULL;
-            
+
             err = krb5_error (credential->context,
-                              krb5_get_init_creds_password (credential->context, 
+                              krb5_get_init_creds_password (credential->context,
                                                             &creds,
                                                             principal,
-                                                            (char *) in_password, 
-                                                            kim_ui_prompter, 
+                                                            (char *) in_password,
+                                                            kim_ui_prompter,
                                                             &context,
-                                                            start_time, 
-                                                            service, 
+                                                            start_time,
+                                                            service,
                                                             opts));
-            
+
             prompt_count = context.prompt_count; /* remember if we got prompts */
             if (!err) { free_creds = 1; }
-            
+
             if (!err) {
                 err = krb5_error (credential->context,
                                   krb5_copy_creds (credential->context,
-                                                   &creds, 
+                                                   &creds,
                                                    &credential->creds));
             }
-            
+
             if (!err && context.password_to_save) {
                 /* If we were successful, save any password we got */
                 err = kim_os_identity_set_saved_password (identity,
                                                           context.password_to_save);
-                
-                
-            }        
-            
+
+
+            }
+
             if (err == KRB5KDC_ERR_KEY_EXP) {
                 kim_string new_password = NULL;
-                
-                err = kim_identity_change_password_common (identity, 1, 
-                                                           &context, 
+
+                err = kim_identity_change_password_common (identity, 1,
+                                                           &context,
                                                            &new_password);
-                
+
                 if (!err) {
                     /* set counter to zero so we can tell if we got prompted */
                     context.prompt_count = 0;
-                    
+
                     err = krb5_error (credential->context,
-                                      krb5_get_init_creds_password (credential->context, 
+                                      krb5_get_init_creds_password (credential->context,
                                                                     &creds,
                                                                     principal,
-                                                                    (char *) new_password, 
-                                                                    kim_ui_prompter, 
+                                                                    (char *) new_password,
+                                                                    kim_ui_prompter,
                                                                     &context,
-                                                                    start_time, 
-                                                                    service, 
+                                                                    start_time,
+                                                                    service,
                                                                     opts));
-                    
+
                     prompt_count = context.prompt_count; /* remember if we got prompts */
                     if (!err) { free_creds = 1; }
-                    
+
                     if (!err) {
                         err = krb5_error (credential->context,
                                           krb5_copy_creds (credential->context,
-                                                           &creds, 
+                                                           &creds,
                                                            &credential->creds));
-                    }                
+                    }
                 }
-                
+
                 kim_string_free (&new_password);
             }
-            
-            if (!err || err == KIM_USER_CANCELED_ERR || 
+
+            if (!err || err == KIM_USER_CANCELED_ERR ||
                         err == KIM_DUPLICATE_UI_REQUEST_ERR) {
                 /* new creds obtained or the user gave up */
                 done_with_credentials = 1;
-                
+
                 if (!err) {
                     /* remember identity and options if the user wanted to */
                     kim_credential_remember_prefs (identity, options);
                 }
-                
-                if (err == KIM_DUPLICATE_UI_REQUEST_ERR) { 
+
+                if (err == KIM_DUPLICATE_UI_REQUEST_ERR) {
                     kim_ccache ccache = NULL;
-                    /* credential for this identity was obtained, but via a different 
+                    /* credential for this identity was obtained, but via a different
                      * dialog.  Find it.  */
-                    
-                    err = kim_ccache_create_from_client_identity (&ccache, 
+
+                    err = kim_ccache_create_from_client_identity (&ccache,
                                                                   identity);
-                    
+
                     if (!err) {
-                        err = kim_ccache_get_valid_credential (ccache, 
+                        err = kim_ccache_get_valid_credential (ccache,
                                                                &credential);
                     }
-                    
+
                     kim_ccache_free (&ccache);
-                }                
-                
+                }
+
             } else if (prompt_count) {
-                /* User was prompted and might have entered bad info 
+                /* User was prompted and might have entered bad info
                  * so report error and try again. */
- 
-                err = kim_ui_handle_kim_error (&context, identity, 
+
+                err = kim_ui_handle_kim_error (&context, identity,
                                                kim_ui_error_type_authentication,
                                                err);
             }
-            
-            if (err == KRB5KRB_AP_ERR_BAD_INTEGRITY || 
+
+            if (err == KRB5KRB_AP_ERR_BAD_INTEGRITY ||
                 err == KRB5KDC_ERR_PREAUTH_FAILED ||
                 err == KIM_BAD_PASSWORD_ERR || err == KIM_PREAUTH_FAILED_ERR) {
                 /* if the password could have failed, remove any saved ones
                  * or the user will get stuck. */
                 kim_os_identity_remove_saved_password (identity);
             }
-            
+
             if (free_creds) { krb5_free_cred_contents (credential->context, &creds); }
         }
-        
+
         if (!err || err == KIM_USER_CANCELED_ERR) {
             /* identity obtained or the user gave up */
             done_with_identity = 1;
-            
+
         } else if (!in_identity) {
             /* User entered an identity so report error and try again */
-            err = kim_ui_handle_kim_error (&context, identity, 
+            err = kim_ui_handle_kim_error (&context, identity,
                                            kim_ui_error_type_authentication,
                                            err);
-        }            
-    
+        }
+
         if (identity != in_identity) { kim_identity_free (&identity); }
     }
-    
+
     if (ui_inited) {
         kim_error fini_err = kim_ui_fini (&context);
         if (!err) { err = check_error (fini_err); }
     }
-        
+
     if (!err) {
         *out_credential = credential;
         credential = NULL;
     }
-    
+
     if (options != in_options) { kim_options_free (&options); }
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -493,91 +493,91 @@ kim_error kim_credential_create_from_keytab (kim_credential *out_credential,
     kim_boolean free_creds = FALSE;
     krb5_principal principal = NULL;
     kim_options options = in_options;
-    
+
     if (!err && !out_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_allocate (&credential);
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&credential->context));
     }
-    
+
     if (!err && !options) {
         err = kim_options_create (&options);
     }
-    
+
     if (!err) {
         if (in_keytab) {
             err = krb5_error (credential->context,
-                              krb5_kt_resolve (credential->context, 
+                              krb5_kt_resolve (credential->context,
                                                in_keytab, &keytab));
         } else {
             err = krb5_error (credential->context,
                               krb5_kt_default (credential->context, &keytab));
         }
     }
-    
+
     if (!err) {
         if (in_identity) {
-            err = kim_identity_get_krb5_principal (in_identity, 
-                                                   credential->context, 
+            err = kim_identity_get_krb5_principal (in_identity,
+                                                   credential->context,
                                                    &principal);
         } else {
             krb5_kt_cursor cursor = NULL;
             krb5_keytab_entry entry;
             kim_boolean entry_allocated = FALSE;
-            
+
             err = krb5_error (credential->context,
-                              krb5_kt_start_seq_get (credential->context, 
-                                                     keytab, 
+                              krb5_kt_start_seq_get (credential->context,
+                                                     keytab,
                                                      &cursor));
-            
+
             if (!err) {
                 err = krb5_error (credential->context,
-                                  krb5_kt_next_entry (credential->context, 
-                                                      keytab, 
-                                                      &entry, 
+                                  krb5_kt_next_entry (credential->context,
+                                                      keytab,
+                                                      &entry,
                                                       &cursor));
                 entry_allocated = (err == KIM_NO_ERROR); /* remember to free later */
             }
-            
+
             if (!err) {
                 err = krb5_error (credential->context,
-                                  krb5_copy_principal (credential->context, 
-                                                       entry.principal, 
+                                  krb5_copy_principal (credential->context,
+                                                       entry.principal,
                                                        &principal));
             }
-            
+
             if (entry_allocated) { krb5_free_keytab_entry_contents (credential->context, &entry); }
             if (cursor         ) { krb5_kt_end_seq_get (credential->context, keytab, &cursor); }
         }
     }
-    
+
     if (!err) {
         krb5_get_init_creds_opt *opts = kim_options_init_cred_options (options);
         char *service = kim_options_service_name (options);
         kim_time start_time = kim_options_start_time (options);
-        
+
         err = krb5_error (credential->context,
-                          krb5_get_init_creds_keytab (credential->context, 
-                                                      &creds, 
-                                                      principal, 
-                                                      keytab, 
-                                                      start_time, 
-                                                      service, 
+                          krb5_get_init_creds_keytab (credential->context,
+                                                      &creds,
+                                                      principal,
+                                                      keytab,
+                                                      start_time,
+                                                      service,
                                                       opts));
         if (!err) { free_creds = TRUE; }
     }
-    
+
     if (!err) {
         err = krb5_error (credential->context,
                           krb5_copy_creds (credential->context,
-                                           &creds, 
+                                           &creds,
                                            &credential->creds));
     }
-    
+
     if (principal ) { krb5_free_principal (credential->context, principal); }
     if (free_creds) { krb5_free_cred_contents (credential->context, &creds); }
 
@@ -585,10 +585,10 @@ kim_error kim_credential_create_from_keytab (kim_credential *out_credential,
         *out_credential = credential;
         credential = NULL;
     }
-    
+
     if (options != in_options) { kim_options_free (&options); }
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -602,33 +602,33 @@ kim_error kim_credential_create_from_krb5_creds (kim_credential *out_credential,
 {
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
-    
+
     if (!err && !out_credential ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_krb5_creds  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_krb5_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_allocate (&credential);
     }
-    
+
     if (!err) {
-        err = krb5_error (in_krb5_context, 
+        err = krb5_error (in_krb5_context,
                           krb5_copy_context (in_krb5_context,
                                              &credential->context));
     }
-    
+
     if (!err) {
         err = krb5_error (credential->context,
-                          krb5_copy_creds (credential->context, 
-                                           in_krb5_creds, 
+                          krb5_copy_creds (credential->context,
+                                           in_krb5_creds,
                                            &credential->creds));
     }
-    
+
     if (!err) {
         *out_credential = credential;
         credential = NULL;
     }
-    
+
     return check_error (err);
 }
 /* ------------------------------------------------------------------------ */
@@ -644,76 +644,76 @@ kim_error kim_credential_create_for_change_password (kim_credential  *out_creden
     kim_string realm = NULL;
     kim_string service = NULL;
     kim_string service_format = "kadmin/changepw@%s";
-    
+
     if (!err && !out_credential       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity          ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_old_password      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_user_was_prompted) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_allocate (&credential);
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&credential->context));
     }
-    
+
     if (!err) {
         err = kim_identity_get_realm (in_identity, &realm);
     }
-    
+
     if (!err) {
         err = kim_string_create_from_format (&service, service_format, realm);
     }
-    
+
     if (!err) {
         krb5_creds creds;
         kim_boolean free_creds = 0;
         krb5_principal principal = kim_identity_krb5_principal (in_identity);
         krb5_get_init_creds_opt	opts;
-        
+
         krb5_get_init_creds_opt_init (&opts);
         krb5_get_init_creds_opt_set_tkt_life (&opts, 5*60);
         krb5_get_init_creds_opt_set_renew_life (&opts, 0);
         krb5_get_init_creds_opt_set_forwardable (&opts, 0);
         krb5_get_init_creds_opt_set_proxiable (&opts, 0);
-        
+
         /* set counter to zero so we can tell if we got prompted */
-        in_ui_context->prompt_count = 0; 
+        in_ui_context->prompt_count = 0;
         in_ui_context->identity = in_identity;
 
         err = krb5_error (credential->context,
-                          krb5_get_init_creds_password (credential->context, 
+                          krb5_get_init_creds_password (credential->context,
                                                         &creds,
                                                         principal,
-                                                        (char *) in_old_password, 
-                                                        kim_ui_prompter, 
-                                                        in_ui_context, 0, 
-                                                        (char *) service, 
-                                                        &opts));  
-        
+                                                        (char *) in_old_password,
+                                                        kim_ui_prompter,
+                                                        in_ui_context, 0,
+                                                        (char *) service,
+                                                        &opts));
+
        if (!err) { free_creds = 1; }
-        
+
         if (!err) {
             err = krb5_error (credential->context,
                               krb5_copy_creds (credential->context,
-                                               &creds, 
+                                               &creds,
                                                &credential->creds));
         }
-                
+
         if (free_creds) { krb5_free_cred_contents (credential->context, &creds); }
     }
-    
+
     if (!err) {
         *out_user_was_prompted = (in_ui_context->prompt_count > 0);
         *out_credential = credential;
         credential = NULL;
     }
-    
+
     kim_string_free (&realm);
     kim_string_free (&service);
     kim_credential_free (&credential);
-    
+
     return check_error (err);
 }
 
@@ -724,32 +724,32 @@ kim_error kim_credential_copy (kim_credential *out_credential,
 {
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
-    
+
     if (!err && !out_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_credential ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_allocate (&credential);
     }
-    
+
     if (!err) {
-        err = krb5_error (in_credential->context, 
+        err = krb5_error (in_credential->context,
                           krb5_copy_context (in_credential->context,
                                              &credential->context));
     }
-    
+
     if (!err) {
         err = krb5_error (credential->context,
-                          krb5_copy_creds (credential->context, 
-                                           in_credential->creds, 
+                          krb5_copy_creds (credential->context,
+                                           in_credential->creds,
                                            &credential->creds));
     }
-    
+
     if (!err) {
         *out_credential = credential;
         credential = NULL;
     }
-    
+
     return check_error (err);
 }
 
@@ -760,18 +760,18 @@ kim_error kim_credential_get_krb5_creds (kim_credential   in_credential,
                                          krb5_creds     **out_krb5_creds)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_credential  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_krb5_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_krb5_creds ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = krb5_error (in_krb5_context,
-                          krb5_copy_creds (in_krb5_context, 
-                                           in_credential->creds, 
+                          krb5_copy_creds (in_krb5_context,
+                                           in_credential->creds,
                                            out_krb5_creds));
     }
-    
+
     return check_error (err);
 }
 
@@ -781,16 +781,16 @@ kim_error kim_credential_get_client_identity (kim_credential  in_credential,
                                               kim_identity   *out_client_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_credential      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_create_from_krb5_principal (out_client_identity,
                                                        in_credential->context,
                                                        in_credential->creds->client);
     }
-    
+
     return check_error (err);
 }
 
@@ -800,16 +800,16 @@ kim_error kim_credential_get_service_identity (kim_credential  in_credential,
                                                kim_identity   *out_service_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_credential       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_service_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_create_from_krb5_principal (out_service_identity,
                                                        in_credential->context,
                                                        in_credential->creds->server);
     }
-    
+
     return check_error (err);
 }
 
@@ -820,20 +820,20 @@ kim_error kim_credential_is_tgt (kim_credential  in_credential,
 {
     kim_error err = KIM_NO_ERROR;
     kim_identity service = NULL;
-    
+
     if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_is_tgt   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_get_service_identity (in_credential, &service);
     }
-    
+
     if (!err) {
         err = kim_identity_is_tgt_service (service, out_is_tgt);
     }
-    
+
     kim_identity_free (&service);
-    
+
     return check_error (err);
 }
 
@@ -846,70 +846,70 @@ kim_error kim_credential_get_state (kim_credential           in_credential,
     kim_time expiration_time = 0;
     kim_time start_time = 0;
     krb5_timestamp now = 0;
-    
+
     if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_state    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_get_expiration_time (in_credential, &expiration_time);
     }
-    
+
     if (!err) {
         err = kim_credential_get_start_time (in_credential, &start_time);
     }
-    
+
     if (!err) {
         krb5_int32 usec;
-        
+
         err = krb5_error (in_credential->context,
-                          krb5_us_timeofday (in_credential->context, 
+                          krb5_us_timeofday (in_credential->context,
                                              &now, &usec));
     }
-    
+
     if (!err) {
         *out_state = kim_credentials_state_valid;
-        
+
         if (expiration_time <= now) {
             *out_state = kim_credentials_state_expired;
-            
-        } else if ((in_credential->creds->ticket_flags & TKT_FLG_POSTDATED) && 
+
+        } else if ((in_credential->creds->ticket_flags & TKT_FLG_POSTDATED) &&
                    (in_credential->creds->ticket_flags & TKT_FLG_INVALID)) {
-            if (start_time > now) { 
+            if (start_time > now) {
                 *out_state = kim_credentials_state_not_yet_valid;
             } else {
                 *out_state = kim_credentials_state_needs_validation;
             }
-            
+
         } else if (in_credential->creds->addresses) { /* ticket contains addresses */
             krb5_address **laddresses = NULL;
-            
-            krb5_error_code code = krb5_os_localaddr (in_credential->context, 
+
+            krb5_error_code code = krb5_os_localaddr (in_credential->context,
                                                       &laddresses);
             if (!code) { laddresses = NULL; }
-            
+
             if (laddresses) { /* assume valid if the local host has no addresses */
                 kim_boolean found_match = FALSE;
                 kim_count i = 0;
-                
+
                 for (i = 0; in_credential->creds->addresses[i]; i++) {
-                    if (!krb5_address_search (in_credential->context, 
-                                              in_credential->creds->addresses[i], 
+                    if (!krb5_address_search (in_credential->context,
+                                              in_credential->creds->addresses[i],
                                               laddresses)) {
                         found_match = TRUE;
                         break;
                     }
                 }
-                
+
                 if (!found_match) {
                     *out_state = kim_credentials_state_address_mismatch;
                 }
             }
-            
-            if (laddresses) { krb5_free_addresses (in_credential->context, 
+
+            if (laddresses) { krb5_free_addresses (in_credential->context,
                                                    laddresses); }
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -919,16 +919,16 @@ kim_error kim_credential_get_start_time (kim_credential  in_credential,
                                          kim_time       *out_start_time)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_credential ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_start_time) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        *out_start_time = (in_credential->creds->times.starttime ? 
+        *out_start_time = (in_credential->creds->times.starttime ?
                            in_credential->creds->times.starttime :
                            in_credential->creds->times.authtime);
     }
-    
+
     return check_error (err);
 }
 
@@ -938,13 +938,13 @@ kim_error kim_credential_get_expiration_time (kim_credential  in_credential,
                                               kim_time       *out_expiration_time)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_expiration_time = in_credential->creds->times.endtime;
     }
-    
+
     return check_error (err);
 }
 
@@ -954,10 +954,10 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential  in_credent
                                                       kim_time       *out_renewal_expiration_time)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_credential              ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_renewal_expiration_time) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         if (in_credential->creds->ticket_flags & TKT_FLG_RENEWABLE) {
             *out_renewal_expiration_time = in_credential->creds->times.renew_till;
@@ -965,7 +965,7 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential  in_credent
             *out_renewal_expiration_time = 0;
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -977,95 +977,95 @@ kim_error kim_credential_get_options (kim_credential  in_credential,
     kim_error err = KIM_NO_ERROR;
     kim_options options = NULL;
     krb5_creds *creds = NULL;
-    
+
     if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_options  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         creds = in_credential->creds;
-        
+
         err = kim_options_create (&options);
     }
-    
+
     if (!err) {
         err = kim_options_set_start_time (options, creds->times.starttime);
     }
-    
+
     if (!err) {
         kim_lifetime lifetime = (creds->times.endtime -
                                  (creds->times.starttime ?
                                   creds->times.starttime :
                                   creds->times.authtime));
-        
+
         err = kim_options_set_lifetime (options, lifetime);
     }
-    
+
     if (!err) {
         kim_boolean renewable = (creds->ticket_flags & TKT_FLG_RENEWABLE);
-        
+
         err = kim_options_set_renewable (options, renewable);
     }
-    
+
     if (!err) {
         kim_lifetime rlifetime = (creds->ticket_flags & TKT_FLG_RENEWABLE ?
                                   creds->times.renew_till -
                                   (creds->times.starttime ?
                                    creds->times.starttime :
                                    creds->times.authtime) : 0);
-        
+
         err = kim_options_set_renewal_lifetime (options, rlifetime);
     }
-    
+
     if (!err) {
         kim_boolean forwardable = (creds->ticket_flags & TKT_FLG_FORWARDABLE);
-        
+
         err = kim_options_set_forwardable (options, forwardable);
     }
-    
+
     if (!err) {
         kim_boolean proxiable = (creds->ticket_flags & TKT_FLG_PROXIABLE);
-        
+
         err = kim_options_set_proxiable (options, proxiable);
     }
-    
+
     if (!err) {
         kim_boolean addressless = (!creds->addresses || !creds->addresses[0]);
 
         err = kim_options_set_addressless (options, addressless);
     }
-    
+
     if (!err) {
         kim_boolean is_tgt = 0;
         kim_string service = NULL; /* tgt service */
-        
+
         err = kim_credential_is_tgt (in_credential, &is_tgt);
-        
+
         if (!err && !is_tgt) {
             kim_identity identity = NULL;
-            
+
             err = kim_credential_get_service_identity (in_credential, &identity);
-            
+
             if (!err) {
                 err = kim_identity_get_string (identity, &service);
             }
 
             kim_identity_free (&identity);
         }
-         
+
         if (!err) {
             err = kim_options_set_service_name (options, service);
         }
-        
+
         kim_string_free (&service);
     }
-    
+
     if (!err) {
         *out_options = options;
         options = NULL;
     }
-    
+
     kim_options_free (&options);
-    
+
     return check_error (err);
 }
 
@@ -1078,70 +1078,70 @@ kim_error kim_credential_store (kim_credential  in_credential,
     kim_error err = KIM_NO_ERROR;
     krb5_ccache k5ccache = NULL;
     kim_boolean destroy_ccache_on_error = FALSE;
-    
+
     if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         char *environment_ccache = getenv ("KRB5CCNAME");
-        
+
         if (environment_ccache) {
             err = krb5_error (in_credential->context,
-                              krb5_cc_resolve (in_credential->context, 
-                                               environment_ccache, 
+                              krb5_cc_resolve (in_credential->context,
+                                               environment_ccache,
                                                &k5ccache));
-            
+
         } else {
             kim_ccache ccache = NULL;
-            
-            err = kim_ccache_create_from_client_identity (&ccache, 
+
+            err = kim_ccache_create_from_client_identity (&ccache,
                                                           in_identity);
-            
+
             if (!err) {
-                err = kim_ccache_get_krb5_ccache (ccache, 
-                                                  in_credential->context, 
+                err = kim_ccache_get_krb5_ccache (ccache,
+                                                  in_credential->context,
                                                   &k5ccache);
-                
+
             } else if (err == KIM_NO_SUCH_PRINCIPAL_ERR) {
                 /* Nothing to replace, create a new ccache */
                 err = krb5_error (in_credential->context,
-                                  krb5_cc_new_unique (in_credential->context, 
+                                  krb5_cc_new_unique (in_credential->context,
                                                       "API", NULL, &k5ccache));
                 if (!err) { destroy_ccache_on_error = TRUE; }
             }
-            
+
             kim_ccache_free (&ccache);
         }
     }
-    
+
     if (!err) {
         krb5_principal principal = kim_identity_krb5_principal (in_identity);
-        
+
 	err = krb5_error (in_credential->context,
-                          krb5_cc_initialize (in_credential->context, 
+                          krb5_cc_initialize (in_credential->context,
                                               k5ccache, principal));
     }
-    
+
     if (!err) {
 	err = krb5_error (in_credential->context,
-                          krb5_cc_store_cred (in_credential->context, 
+                          krb5_cc_store_cred (in_credential->context,
                                               k5ccache, in_credential->creds));
     }
-    
+
     if (!err && out_ccache) {
-        err = kim_ccache_create_from_krb5_ccache (out_ccache, 
-                                                  in_credential->context, 
+        err = kim_ccache_create_from_krb5_ccache (out_ccache,
+                                                  in_credential->context,
                                                   k5ccache);
     }
-    
-    if (k5ccache) { 
+
+    if (k5ccache) {
         if (err && destroy_ccache_on_error) {
-            krb5_cc_destroy (in_credential->context, k5ccache); 
+            krb5_cc_destroy (in_credential->context, k5ccache);
         } else {
-            krb5_cc_close (in_credential->context, k5ccache); 
+            krb5_cc_close (in_credential->context, k5ccache);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -1157,89 +1157,89 @@ kim_error kim_credential_verify (kim_credential in_credential,
     kim_error err = KIM_NO_ERROR;
     krb5_context scontext = NULL;
     krb5_keytab keytab = NULL;
-    
+
     if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
 	err = krb5_error (NULL, krb5_init_secure_context (&scontext));
     }
-    
+
     if (in_keytab) {
-	err = krb5_error (scontext, 
+	err = krb5_error (scontext,
                           krb5_kt_resolve (scontext, in_keytab, &keytab));
     }
-    
+
     if (!err) {
         krb5_principal sprincipal = NULL;
 	krb5_verify_init_creds_opt options;
-        
+
 	/* That's "no key == fail" not "no fail" >.< */
         krb5_verify_init_creds_opt_init (&options);
         krb5_verify_init_creds_opt_set_ap_req_nofail (&options, in_fail_if_no_service_key);
-        
-        if (in_service_identity) { 
-            sprincipal = kim_identity_krb5_principal (in_service_identity); 
+
+        if (in_service_identity) {
+            sprincipal = kim_identity_krb5_principal (in_service_identity);
         }
-        
+
 	err = krb5_error (scontext,
-                          krb5_verify_init_creds (scontext, 
-                                                  in_credential->creds, 
+                          krb5_verify_init_creds (scontext,
+                                                  in_credential->creds,
 						  sprincipal,
 						  keytab,
 						  NULL /* don't store creds in ccache */,
 						  &options));
-	
+
 	if (err && !in_service_identity && in_fail_if_no_service_key) {
 	    /* If the service principal wasn't specified but we are supposed to
-             * fail without a key we should walk the keytab trying to find one 
+             * fail without a key we should walk the keytab trying to find one
              * that succeeds. */
             krb5_error_code terr = 0;
             kim_boolean verified = 0;
 	    krb5_kt_cursor cursor = NULL;
 	    krb5_keytab_entry entry;
-            
-	    
+
+
 	    if (!keytab) {
                 terr = krb5_kt_default (scontext, &keytab);
 	    }
-	    
+
 	    if (!terr) {
 		terr = krb5_kt_start_seq_get (scontext, keytab, &cursor);
 	    }
-	    
+
 	    while (!terr && !verified) {
                 kim_boolean free_entry = 0;
-                
+
 		terr = krb5_kt_next_entry (scontext, keytab, &entry, &cursor);
 		free_entry = !terr; /* remember to free */
-                
+
                 if (!terr) {
                     terr = krb5_verify_init_creds (scontext, in_credential->creds,
-                                                   entry.principal /* get principal for the 1st entry */, 
+                                                   entry.principal /* get principal for the 1st entry */,
                                                    keytab,
                                                    NULL /* don't store creds in ccache */,
                                                    &options);
                 }
-                
+
                 if (!terr) {
                     verified = 1;
                 }
-                
+
                 if (free_entry) { krb5_free_keytab_entry_contents (scontext, &entry); }
 	    }
-            
+
             if (!terr && verified) {
                 /* We found a key that verified! */
                 err = KIM_NO_ERROR;
             }
-            
+
 	    if (cursor) { krb5_kt_end_seq_get (scontext, keytab, &cursor); }
 	}
     }
-    
+
     if (keytab  ) { krb5_kt_close (scontext, keytab); }
     if (scontext) { krb5_free_context (scontext); }
-    
+
     return check_error (err);
 }
 
@@ -1253,71 +1253,71 @@ kim_error kim_credential_renew (kim_credential *io_credential,
     kim_error err = KIM_NO_ERROR;
     kim_string service_name = NULL;
     krb5_ccache ccache = NULL;
-    
+
     if (!err && !io_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_options options = in_options;
-	
+
         if (!options) {
             err = kim_options_create (&options);
         }
-        
+
 	if (!err) {
 	    err = kim_options_get_service_name (options, &service_name);
 	}
-        
+
         if (options != in_options) { kim_options_free (&options); }
     }
-    
+
     if (!err) {
 	err = krb5_error ((*io_credential)->context,
-                          krb5_cc_new_unique ((*io_credential)->context, 
-					      "MEMORY", NULL, 
+                          krb5_cc_new_unique ((*io_credential)->context,
+					      "MEMORY", NULL,
 					      &ccache));
     }
-    
+
     if (!err) {
 	err = krb5_error ((*io_credential)->context,
-                          krb5_cc_initialize ((*io_credential)->context, ccache, 
+                          krb5_cc_initialize ((*io_credential)->context, ccache,
 					      (*io_credential)->creds->client));
     }
-    
+
     if (!err) {
 	err = krb5_error ((*io_credential)->context,
-                          krb5_cc_store_cred ((*io_credential)->context, ccache, 
+                          krb5_cc_store_cred ((*io_credential)->context, ccache,
 					      (*io_credential)->creds));
     }
-    
+
     if (!err) {
 	krb5_creds creds;
 	krb5_creds *renewed_creds = NULL;
 	kim_boolean free_creds = 0;
-	
+
 	err = krb5_error ((*io_credential)->context,
-                          krb5_get_renewed_creds ((*io_credential)->context, 
+                          krb5_get_renewed_creds ((*io_credential)->context,
 						  &creds, (*io_credential)->creds->client,
 						  ccache, (char *) service_name));
 	if (!err) { free_creds = 1; }
-        
+
 	if (!err) {
 	    err = krb5_error ((*io_credential)->context,
-                              krb5_copy_creds ((*io_credential)->context, 
+                              krb5_copy_creds ((*io_credential)->context,
                                                &creds, &renewed_creds));
 	}
-	
+
 	if (!err) {
 	    /* replace the credentials */
-	    krb5_free_creds ((*io_credential)->context, (*io_credential)->creds);	    
+	    krb5_free_creds ((*io_credential)->context, (*io_credential)->creds);
 	    (*io_credential)->creds = renewed_creds;
 	}
-	
+
 	if (free_creds) { krb5_free_cred_contents ((*io_credential)->context, &creds); }
     }
-    
+
     if (ccache) { krb5_cc_destroy ((*io_credential)->context, ccache); }
     kim_string_free (&service_name);
-    
+
     return check_error (err);
 }
 
@@ -1329,73 +1329,73 @@ kim_error kim_credential_validate (kim_credential *io_credential,
     kim_error err = KIM_NO_ERROR;
     kim_string service_name = NULL;
     krb5_ccache ccache = NULL;
-    
+
     if (!err && !io_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_options options = in_options;
-	
+
         if (!options) {
             err = kim_options_create (&options);
         }
-	
+
 	if (!err) {
 	    err = kim_options_get_service_name (options, &service_name);
 	}
-        
+
         if (options != in_options) { kim_options_free (&options); }
     }
-    
+
     if (!err) {
 	err = krb5_error ((*io_credential)->context,
-                          krb5_cc_new_unique ((*io_credential)->context, 
-					      "MEMORY", NULL, 
+                          krb5_cc_new_unique ((*io_credential)->context,
+					      "MEMORY", NULL,
 					      &ccache));
     }
-    
+
     if (!err) {
 	err = krb5_error ((*io_credential)->context,
-                          krb5_cc_initialize ((*io_credential)->context, ccache, 
+                          krb5_cc_initialize ((*io_credential)->context, ccache,
 					      (*io_credential)->creds->client));
     }
-    
+
     if (!err) {
 	err = krb5_error ((*io_credential)->context,
-                          krb5_cc_store_cred ((*io_credential)->context, ccache, 
+                          krb5_cc_store_cred ((*io_credential)->context, ccache,
 					      (*io_credential)->creds));
     }
-    
+
     if (!err) {
 	krb5_creds creds;
 	krb5_creds *validated_creds = NULL;
 	kim_boolean free_creds = 0;
-	
+
         err = krb5_error ((*io_credential)->context,
-                          krb5_get_validated_creds ((*io_credential)->context, 
-						    &creds, 
-                                                    (*io_credential)->creds->client, 
-						    ccache, 
+                          krb5_get_validated_creds ((*io_credential)->context,
+						    &creds,
+                                                    (*io_credential)->creds->client,
+						    ccache,
                                                     (char *) service_name));
 	if (!err) { free_creds = 1; }
-	
+
 	if (!err) {
 	    err = krb5_error ((*io_credential)->context,
-                              krb5_copy_creds ((*io_credential)->context, 
+                              krb5_copy_creds ((*io_credential)->context,
                                                &creds, &validated_creds));
 	}
-	
+
 	if (!err) {
 	    /* replace the credentials */
-	    krb5_free_creds ((*io_credential)->context, (*io_credential)->creds);	    
+	    krb5_free_creds ((*io_credential)->context, (*io_credential)->creds);
 	    (*io_credential)->creds = validated_creds;
 	}
-	
+
 	if (free_creds) { krb5_free_cred_contents ((*io_credential)->context, &creds); }
     }
-    
+
     if (ccache) { krb5_cc_destroy ((*io_credential)->context, ccache); }
     kim_string_free (&service_name);
-    
+
     return check_error (err);
 }
 
diff --git a/src/kim/lib/kim_debug.c b/src/kim/lib/kim_debug.c
index 645a51f43..1fe658293 100644
--- a/src/kim/lib/kim_debug.c
+++ b/src/kim/lib/kim_debug.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -28,49 +28,49 @@
 
 /* ------------------------------------------------------------------------ */
 
-kim_error _check_error (kim_error  in_err, 
-                        kim_string in_function, 
-                        kim_string in_file, 
+kim_error _check_error (kim_error  in_err,
+                        kim_string in_function,
+                        kim_string in_file,
                         int        in_line)
 {
     if (in_err) {
-        kim_debug_printf ("%s(): got %d ('%s') at %s: %d", 
-                          in_function, in_err, kim_error_message (in_err), 
+        kim_debug_printf ("%s(): got %d ('%s') at %s: %d",
+                          in_function, in_err, kim_error_message (in_err),
                           in_file, in_line);
     }
-    
+
     return in_err;
 }
 
 /* ------------------------------------------------------------------------ */
 
-void __kim_debug_printf (kim_string in_function, 
-                         kim_string in_format, 
+void __kim_debug_printf (kim_string in_function,
+                         kim_string in_format,
                          ...)
 {
     kim_error err = KIM_NO_ERROR;
     kim_string format = NULL;
     kim_string string = NULL;
-    
+
     if (!err && !in_function) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_format  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_string_create_from_format (&format, "%s(): %s", 
+        err = kim_string_create_from_format (&format, "%s(): %s",
                                              in_function, in_format);
     }
-    
+
     if (!err) {
         va_list args;
         va_start (args, in_format);
         err = kim_string_create_from_format_va (&string, format, args);
         va_end (args);
     }
-    
+
     if (!err) {
         kim_os_debug_print (string);
     }
-    
+
     kim_string_free (&format);
     kim_string_free (&string);
 }
diff --git a/src/kim/lib/kim_debug_private.h b/src/kim/lib/kim_debug_private.h
index f9b67f0d9..451bf34d4 100644
--- a/src/kim/lib/kim_debug_private.h
+++ b/src/kim/lib/kim_debug_private.h
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -25,13 +25,13 @@
  */
 
 #define kim_debug_printf(format, ...) __kim_debug_printf(__FUNCTION__, format, ## __VA_ARGS__)
-void __kim_debug_printf (kim_string in_function, 
-                         kim_string in_format, 
+void __kim_debug_printf (kim_string in_function,
+                         kim_string in_format,
                          ...);
 
-kim_error _check_error (kim_error  in_err, 
-                        kim_string in_function, 
-                        kim_string in_file, 
+kim_error _check_error (kim_error  in_err,
+                        kim_string in_function,
+                        kim_string in_file,
                         int          in_line);
 #define check_error(err) _check_error(err, __FUNCTION__, __FILE__, __LINE__)
 
diff --git a/src/kim/lib/kim_error_message.c b/src/kim/lib/kim_error_message.c
index 6a891aa48..d07ad1933 100644
--- a/src/kim/lib/kim_error_message.c
+++ b/src/kim/lib/kim_error_message.c
@@ -48,13 +48,13 @@ static kim_error kim_error_set_message (kim_error  in_error,
 {
     int lock_err = 0;
     kim_error err = KIM_NO_ERROR;
-    kim_last_error last_error = NULL; 
-    
+    kim_last_error last_error = NULL;
+
     err = lock_err = k5_mutex_lock (&kim_error_lock);
-    
+
     if (!err) {
         last_error = k5_getspecific (K5_KEY_KIM_ERROR_MESSAGE);
-        
+
         if (!last_error) {
             last_error = malloc (sizeof (*last_error));
             if (!last_error) {
@@ -65,15 +65,15 @@ static kim_error kim_error_set_message (kim_error  in_error,
             }
         }
     }
-    
+
     if (!err) {
         strncpy (last_error->message, in_message, sizeof (last_error->message));
         last_error->message[sizeof (last_error->message)-1] = '\0';
         last_error->code = in_error;
     }
-    
+
     if (!lock_err) { k5_mutex_unlock (&kim_error_lock); }
-    
+
     return err;
 }
 
@@ -82,7 +82,7 @@ static kim_error kim_error_set_message (kim_error  in_error,
 static void kim_error_free_message (void *io_error)
 {
     kim_last_error error = io_error;
-    
+
     if (error) {
         if (error->message) {
             free (error->message);
@@ -110,14 +110,14 @@ static kim_error kim_error_remap (kim_error in_error)
     switch (in_error) {
         case KRB5KRB_AP_ERR_BAD_INTEGRITY:
             return KIM_BAD_PASSWORD_ERR;
-            
+
         case KRB5KDC_ERR_PREAUTH_FAILED:
             return KIM_PREAUTH_FAILED_ERR;
-            
+
         case KRB5KRB_AP_ERR_SKEW:
             return KIM_CLOCK_SKEW_ERR;
     }
-    
+
     return in_error;
 }
 
@@ -126,43 +126,43 @@ static kim_error kim_error_remap (kim_error in_error)
 kim_string kim_error_message (kim_error in_error)
 {
     int lock_err = 0;
-    kim_last_error last_error = NULL; 
+    kim_last_error last_error = NULL;
     kim_string message = NULL;
-    
+
     lock_err = k5_mutex_lock (&kim_error_lock);
-    
+
     if (!lock_err) {
         last_error = k5_getspecific (K5_KEY_KIM_ERROR_MESSAGE);
         if (last_error && last_error->code == in_error) {
             message = last_error->message;
          }
     }
-    
+
     if (!lock_err) { k5_mutex_unlock (&kim_error_lock); }
-    
-    return message ? message : error_message (kim_error_remap (in_error));    
+
+    return message ? message : error_message (kim_error_remap (in_error));
 }
 
 #pragma mark -- Generic Functions --
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_error_set_message_for_code (kim_error in_error, 
+kim_error kim_error_set_message_for_code (kim_error in_error,
                                           ...)
 {
     kim_error err = KIM_NO_ERROR;
     va_list args;
-    
+
     va_start (args, in_error);
     err = kim_error_set_message_for_code_va (in_error, args);
     va_end (args);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_error_set_message_for_code_va (kim_error in_code, 
+kim_error kim_error_set_message_for_code_va (kim_error in_code,
                                              va_list   in_args)
 {
     kim_error err = KIM_NO_ERROR;
@@ -170,44 +170,44 @@ kim_error kim_error_set_message_for_code_va (kim_error in_code,
 
     if (!kim_error_is_builtin (code)) {
         kim_string message = NULL;
-        
-        err = kim_string_create_from_format_va_retcode (&message, 
-                                                        error_message (code), 
+
+        err = kim_string_create_from_format_va_retcode (&message,
+                                                        error_message (code),
                                                         in_args);
-        
+
         if (!err) {
             err = kim_error_set_message (code, message);
         }
-        
+
         kim_string_free (&message);
     }
-    
+
     return err ? err : code;
 }
 
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_error_set_message_for_krb5_error (krb5_context    in_context, 
+kim_error kim_error_set_message_for_krb5_error (krb5_context    in_context,
                                                 krb5_error_code in_code)
 {
     kim_error err = KIM_NO_ERROR;
     krb5_error_code code = kim_error_remap (in_code);
-    
+
     if (code != in_code) {
         /* error was remapped to a KIM error */
         err = kim_error_set_message (code, error_message (code));
 
     } else if (!kim_error_is_builtin (code)) {
         const char *message = krb5_get_error_message (in_context, code);
-        
+
         if (message) {
             err = kim_error_set_message (code, message);
-            
+
             krb5_free_error_message (in_context, message);
         }
     }
-    
+
     return err ? err : code;
 }
 
@@ -218,16 +218,16 @@ kim_error kim_error_set_message_for_krb5_error (krb5_context    in_context,
 int kim_error_initialize (void)
 {
     int err = 0;
-    
+
     if (!err) {
 	err = k5_mutex_finish_init (&kim_error_lock);
     }
-    
+
     if (!err) {
-	err = k5_key_register (K5_KEY_KIM_ERROR_MESSAGE, 
+	err = k5_key_register (K5_KEY_KIM_ERROR_MESSAGE,
                                kim_error_free_message);
     }
-    
+
     return err;
 }
 
@@ -238,8 +238,7 @@ void kim_error_terminate (void)
     if (!INITIALIZER_RAN (kim_error_initialize) || PROGRAM_EXITING ()) {
 	return;
     }
-    
+
     k5_key_delete (K5_KEY_KIM_ERROR_MESSAGE);
     k5_mutex_destroy (&kim_error_lock);
 }
-
diff --git a/src/kim/lib/kim_error_private.h b/src/kim/lib/kim_error_private.h
index 72e409954..e4aa272eb 100644
--- a/src/kim/lib/kim_error_private.h
+++ b/src/kim/lib/kim_error_private.h
@@ -29,11 +29,11 @@
 
 #include <kim/kim.h>
 
-kim_error kim_error_set_message_for_code (kim_error in_code, 
+kim_error kim_error_set_message_for_code (kim_error in_code,
                                           ...);
-kim_error kim_error_set_message_for_code_va (kim_error in_code, 
+kim_error kim_error_set_message_for_code_va (kim_error in_code,
                                              va_list   in_args);
-kim_error kim_error_set_message_for_krb5_error (krb5_context    in_context, 
+kim_error kim_error_set_message_for_krb5_error (krb5_context    in_context,
                                                 krb5_error_code in_code);
 
 #define krb5_error(context,code) kim_error_set_message_for_krb5_error(context, code)
diff --git a/src/kim/lib/kim_identity.c b/src/kim/lib/kim_identity.c
index 2a1ad5e3f..60572639e 100644
--- a/src/kim/lib/kim_identity.c
+++ b/src/kim/lib/kim_identity.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -43,23 +43,23 @@ static inline kim_error kim_identity_allocate (kim_identity *out_identity)
 {
     kim_error err = kim_library_init ();
     kim_identity identity = NULL;
-    
+
     if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         identity = malloc (sizeof (*identity));
         if (!identity) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         *identity = kim_identity_initializer;
         *out_identity = identity;
         identity = NULL;
     }
-    
+
     kim_identity_free (&identity);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -69,60 +69,60 @@ kim_error kim_identity_create_from_string (kim_identity *out_identity,
 {
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = NULL;
-    
+
     if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_string   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_allocate (&identity);
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&identity->context));
     }
-    
+
     if (!err) {
         krb5_error_code code = krb5_parse_name (identity->context, in_string, &identity->principal);
         if (code == KRB5_PARSE_MALFORMED) {
-            err = kim_error_set_message_for_code (KIM_BAD_PRINCIPAL_STRING_ERR, 
+            err = kim_error_set_message_for_code (KIM_BAD_PRINCIPAL_STRING_ERR,
                                                   in_string);
         } else if (code) {
             err = krb5_error (identity->context, code);
         }
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
     }
-    
+
     if (identity) { kim_identity_free (&identity); }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 kim_error kim_identity_create_from_components (kim_identity *out_identity,
-                                               kim_string    in_realm, 
+                                               kim_string    in_realm,
                                                kim_string    in_1st_component,
                                                ...)
 {
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = NULL;
-    
+
     if (!err && !out_identity    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_realm        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_1st_component) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_allocate (&identity);
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&identity->context));
     }
-    
+
     if (!err) {
         va_list args;
 
@@ -135,15 +135,15 @@ kim_error kim_identity_create_from_components (kim_identity *out_identity,
                                                             in_1st_component,
                                                             args));
         va_end (args);
-    }   
+    }
 
     if (!err) {
         *out_identity = identity;
         identity = NULL;
     }
-    
+
     kim_identity_free (&identity);
-    
+
     return check_error (err);
 }
 
@@ -155,40 +155,40 @@ kim_error kim_identity_create_from_krb5_principal (kim_identity  *out_identity,
 {
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = NULL;
-    
+
     if (!err && !out_identity     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_krb5_principal) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* KLCreatePrincipalFromKerberos5Principal passes NULL in_krb5_context */
-    
+
     if (!err) {
         err = kim_identity_allocate (&identity);
     }
-    
+
     if (!err) {
         if (in_krb5_context) {
-            err = krb5_error (in_krb5_context, 
+            err = krb5_error (in_krb5_context,
                               krb5_copy_context (in_krb5_context,
                                                  &identity->context));
         } else {
-            err = krb5_error (NULL, 
+            err = krb5_error (NULL,
                               krb5_init_context (&identity->context));
         }
     }
-    
+
     if (!err) {
         err = krb5_error (identity->context,
-                          krb5_copy_principal (identity->context, 
-                                               in_krb5_principal, 
+                          krb5_copy_principal (identity->context,
+                                               in_krb5_principal,
                                                &identity->principal));
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
     }
-    
+
     kim_identity_free (&identity);
-    
+
     return check_error (err);
 }
 
@@ -199,33 +199,33 @@ kim_error kim_identity_copy (kim_identity *out_identity,
 {
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = KIM_IDENTITY_ANY;
-    
+
     if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && in_identity != KIM_IDENTITY_ANY) {
         err = kim_identity_allocate (&identity);
-        
+
         if (!err) {
-            err = krb5_error (in_identity->context, 
+            err = krb5_error (in_identity->context,
                               krb5_copy_context (in_identity->context,
                                                  &identity->context));
         }
-        
+
         if (!err) {
             err = krb5_error (identity->context,
-                              krb5_copy_principal (identity->context, 
-                                                   in_identity->principal, 
+                              krb5_copy_principal (identity->context,
+                                                   in_identity->principal,
                                                    &identity->principal));
         }
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
     }
-    
+
     kim_identity_free (&identity);
-    
+
     return check_error (err);
 }
 
@@ -236,35 +236,35 @@ kim_error kim_identity_compare (kim_identity    in_identity,
                                 kim_comparison *out_comparison)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_identity           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_compare_to_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_comparison        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        if (krb5_principal_compare (in_identity->context, 
-                                    in_identity->principal, 
+        if (krb5_principal_compare (in_identity->context,
+                                    in_identity->principal,
                                     in_compare_to_identity->principal)) {
             *out_comparison = 0;
         } else {
             kim_string string = NULL;
             kim_string compare_to_string = NULL;
-            
+
             err = kim_identity_get_string (in_identity, &string);
-            
+
             if (!err) {
                 err = kim_identity_get_string (in_compare_to_identity, &compare_to_string);
             }
-            
+
             if (!err) {
                 err = kim_string_compare (string, compare_to_string, out_comparison);
             }
-            
+
             kim_string_free (&string);
             kim_string_free (&compare_to_string);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -275,23 +275,23 @@ kim_error kim_identity_get_string (kim_identity   in_identity,
 {
     kim_error err = KIM_NO_ERROR;
     char *unparsed_name = NULL;
-    
+
     if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_string ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = krb5_error (in_identity->context,
-                          krb5_unparse_name (in_identity->context, 
-                                             in_identity->principal, 
+                          krb5_unparse_name (in_identity->context,
+                                             in_identity->principal,
                                              &unparsed_name));
     }
-    
+
     if (!err) {
         err = kim_string_copy (out_string, unparsed_name);
     }
-    
+
     if (unparsed_name) { krb5_free_unparsed_name (in_identity->context, unparsed_name); }
-    
+
     return check_error (err);
 }
 
@@ -302,22 +302,22 @@ kim_error kim_identity_get_display_string (kim_identity   in_identity,
 {
     kim_error err = KIM_NO_ERROR;
     kim_string string = NULL;
-    
+
     if (!err && !in_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_display_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_get_string (in_identity, &string);
     }
-    
+
     if (!err) {
         kim_count i, j;
         kim_count length = strlen (string) + 1; /* Copy the '\0' */
         char *display_string = (char *) string; /* so we can modify it */
-        
+
         /* In place copy, skipping escaped separators.
          * Note that we do not want to remove other escaped characters
-         * (tab, break, newline, NULL) because they are less readable 
+         * (tab, break, newline, NULL) because they are less readable
          * when unescaped (and NULL isn't a valid string character).  */
         for (i = 0, j = 0; i < length; i++) {
             if (string[i] == '\\') {
@@ -327,16 +327,16 @@ kim_error kim_identity_get_display_string (kim_identity   in_identity,
                         continue; /* skip the '\' */
                 }
             }
-            
+
             display_string[j++] = string[i]; /* Copy this char */
-        } 
-        
+        }
+
         *out_display_string = string;
         string = NULL;
     }
-    
+
     if (string) { kim_string_free (&string); }
-    
+
     return check_error (err);
 }
 
@@ -346,16 +346,16 @@ kim_error kim_identity_get_realm (kim_identity  in_identity,
                                   kim_string   *out_realm_string)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_identity     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_realm_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         krb5_data *realm = krb5_princ_realm (in_identity->context, in_identity->principal);
-        
+
         err = kim_string_create_from_buffer (out_realm_string, realm->data, realm->length);
     }
-    
+
     return check_error (err);
 }
 
@@ -365,14 +365,14 @@ kim_error kim_identity_get_number_of_components (kim_identity  in_identity,
                                                  kim_count    *out_number_of_components)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_identity             ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_number_of_components) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_number_of_components = krb5_princ_size (in_identity->context, in_identity->principal);
     }
-    
+
     return check_error (err);
 }
 
@@ -384,22 +384,22 @@ kim_error kim_identity_get_component_at_index (kim_identity  in_identity,
 {
     kim_error err = KIM_NO_ERROR;
     krb5_data *component = NULL;
-    
+
     if (!err && !in_identity         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_component_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         krb5_int32 i = in_index;
         component = krb5_princ_component (in_identity->context, in_identity->principal, i);
-        if (!component) { 
-            err = kim_error_set_message_for_code (KIM_BAD_COMPONENT_INDEX_ERR, i); 
+        if (!component) {
+            err = kim_error_set_message_for_code (KIM_BAD_COMPONENT_INDEX_ERR, i);
         }
     }
-    
+
     if (!err) {
         err = kim_string_create_from_buffer (out_component_string, component->data, component->length);
     }
-    
+
     return check_error (err);
 }
 
@@ -411,46 +411,46 @@ kim_error kim_identity_get_components_string (kim_identity  in_identity,
     kim_error err = KIM_NO_ERROR;
     kim_string components = NULL;
     kim_count count, i;
-    
+
     if (!err && !in_identity   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_components) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_get_number_of_components (in_identity, &count);
     }
-    
+
     if (!err) {
         err = kim_identity_get_component_at_index (in_identity, 0, &components);
     }
-    
+
     for (i = 1; !err && i < count; i++) {
         kim_string new_components = NULL;
         kim_string component = NULL;
-        
+
         err = kim_identity_get_component_at_index (in_identity, i, &component);
-        
+
         if (!err) {
             err = kim_string_create_from_format (&new_components, "%s/%s",
                                                  components, component);
         }
-        
+
         if (!err) {
             kim_string_free (&components);
             components = new_components;
             new_components = NULL;
         }
-        
+
         if (component     ) { kim_string_free (&component); }
         if (new_components) { kim_string_free (&new_components); }
     }
-    
+
     if (!err) {
         *out_components = components;
         components = NULL;
     }
-    
+
     if (components) { kim_string_free (&components); }
-    
+
     return check_error (err);
 }
 
@@ -461,18 +461,18 @@ kim_error kim_identity_get_krb5_principal (kim_identity    in_identity,
                                            krb5_principal *out_krb5_principal)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_krb5_context   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_krb5_principal) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = krb5_error (in_krb5_context,
-                          krb5_copy_principal (in_krb5_context, 
-                                               in_identity->principal, 
+                          krb5_copy_principal (in_krb5_context,
+                                               in_identity->principal,
                                                out_krb5_principal));
-    }    
-    
+    }
+
     return check_error (err);
 }
 
@@ -493,20 +493,20 @@ kim_error kim_identity_is_tgt_service (kim_identity  in_identity,
                                        kim_boolean  *out_is_tgt_service)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_is_tgt_service) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_count count = krb5_princ_size (in_identity->context, in_identity->principal);
         krb5_data *name = krb5_princ_name (in_identity->context, in_identity->principal);
-        
+
         /* krbtgt/<REALM1>@<REALM2> (usually REALM1 == REALM2, but not always) */
         *out_is_tgt_service = ((count == 2) &&
                                (strlen (KRB5_TGS_NAME) == name->length) &&
                                (strncmp (name->data, KRB5_TGS_NAME, name->length) == 0));
     }
-    
+
     return check_error (err);
 }
 
@@ -526,13 +526,13 @@ kim_error kim_identity_change_password_with_credential (kim_identity    in_ident
     int rejected_err = 0;
     krb5_data message_data;
     krb5_data description_data;
-    
+
     if (!err && !in_identity     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_credential   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_new_password ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_ui_context   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_rejected_err) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_credential_get_krb5_creds (in_credential,
                                              in_identity->context,
@@ -540,68 +540,68 @@ kim_error kim_identity_change_password_with_credential (kim_identity    in_ident
     }
 
     if (!err) {
-        if (krb5_principal_compare (in_identity->context, 
+        if (krb5_principal_compare (in_identity->context,
                                     in_identity->principal,
                                     creds->client)) {
             /* Same principal, change the password normally */
             err = krb5_error (in_identity->context,
-                              krb5_change_password (in_identity->context, 
-                                                    creds, 
-                                                    (char *) in_new_password, 
-                                                    &rejected_err, 
-                                                    &message_data, 
+                              krb5_change_password (in_identity->context,
+                                                    creds,
+                                                    (char *) in_new_password,
+                                                    &rejected_err,
+                                                    &message_data,
                                                     &description_data));
         } else {
             /* Different principal, use set change password protocol */
             err = krb5_error (in_identity->context,
-                              krb5_set_password (in_identity->context, 
-                                                 creds, 
-                                                 (char *) in_new_password, 
+                              krb5_set_password (in_identity->context,
+                                                 creds,
+                                                 (char *) in_new_password,
                                                  in_identity->principal,
-                                                 &rejected_err, 
-                                                 &message_data, 
+                                                 &rejected_err,
+                                                 &message_data,
                                                  &description_data));
         }
-        
+
     }
-    
+
     if (!err && rejected_err) {
         kim_string rejected_message = NULL;
         kim_string rejected_description = NULL;
-        
+
         if (message_data.data && message_data.length > 0) {
-            err = kim_string_create_from_buffer (&rejected_message, 
-                                                 message_data.data, 
+            err = kim_string_create_from_buffer (&rejected_message,
+                                                 message_data.data,
                                                  message_data.length);
         } else {
             err = kim_os_string_create_localized (&rejected_message,
                                                   "Kerberos Change Password Failed:");
         }
-        
+
         if (!err) {
             if (description_data.data && description_data.length > 0) {
                 err = kim_string_create_from_buffer (&rejected_description,
-                                                     description_data.data, 
+                                                     description_data.data,
                                                      description_data.length);
             } else {
                 err = kim_os_string_create_localized (&rejected_description,
                                                       "New password rejected.");
             }
         }
-        
+
         if (!err && in_ui_context->type != kim_ui_type_cli) {
             char *c;
-            
+
             // replace all \n and \r characters with spaces
             for (c = (char *) rejected_message; *c != '\0'; c++) {
                 if ((*c == '\n') || (*c == '\r')) { *c = ' '; }
             }
-            
+
             for (c = (char *) rejected_description; *c != '\0'; c++) {
                 if ((*c == '\n') || (*c == '\r')) { *c = ' '; }
             }
         }
-        
+
         if (!err) {
             if (out_rejected_message) {
                 *out_rejected_message = rejected_message;
@@ -612,21 +612,21 @@ kim_error kim_identity_change_password_with_credential (kim_identity    in_ident
                 rejected_description = NULL;
             }
         }
-        
+
         kim_string_free (&rejected_message);
         kim_string_free (&rejected_description);
-        
+
         krb5_free_data_contents (in_identity->context, &message_data);
         krb5_free_data_contents (in_identity->context, &description_data);
     }
-    
+
     if (!err) {
         /* do this after reporting errors so we don't double report rejection */
         *out_rejected_err = rejected_err;
     }
-    
+
     if (creds) { krb5_free_creds (in_identity->context, creds); }
-    
+
     return check_error (err);
 }
 
@@ -639,10 +639,10 @@ kim_error kim_identity_change_password_common (kim_identity    in_identity,
 {
     kim_error err = KIM_NO_ERROR;
     kim_boolean done = 0;
-    
+
     if (!err && !in_identity  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_ui_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     while (!err && !done) {
         char *old_password = NULL;
         char *new_password = NULL;
@@ -651,28 +651,28 @@ kim_error kim_identity_change_password_common (kim_identity    in_identity,
         kim_string rejected_message = NULL;
         kim_string rejected_description = NULL;
         kim_boolean was_prompted = 0;   /* ignore because we always prompt */
-        
+
         err = kim_ui_change_password (in_ui_context,
                                       in_identity,
                                       in_old_password_expired,
                                       &old_password,
                                       &new_password,
                                       &verify_password);
-        
+
         if (!err) {
             kim_comparison comparison;
-            
-            err = kim_string_compare (new_password, 
-                                      verify_password, 
+
+            err = kim_string_compare (new_password,
+                                      verify_password,
                                       &comparison);
             if (!err && !kim_comparison_is_equal_to (comparison)) {
                 err = check_error (KIM_PASSWORD_MISMATCH_ERR);
             }
         }
-        
+
         if (!err) {
             kim_credential credential = NULL;
-            
+
             if (in_ui_context->type == kim_ui_type_cli && in_ui_context->tcontext) {
                 /* command line has already gotten the credentials for us */
                 credential = (kim_credential) in_ui_context->tcontext;
@@ -683,74 +683,74 @@ kim_error kim_identity_change_password_common (kim_identity    in_identity,
                                                                  in_ui_context,
                                                                  &was_prompted);
             }
-            
+
             if (!err) {
                 err = kim_identity_change_password_with_credential (in_identity,
-                                                                    credential, 
+                                                                    credential,
                                                                     new_password,
                                                                     in_ui_context,
                                                                     &rejected_err,
                                                                     &rejected_message,
                                                                     &rejected_description);
-            }  
-            
+            }
+
             kim_credential_free (&credential);
-            if (in_ui_context->type == kim_ui_type_cli) { 
+            if (in_ui_context->type == kim_ui_type_cli) {
                 in_ui_context->tcontext = NULL; /* just freed our creds */
             }
         }
-        
+
         if (!err && rejected_err) {
             /* Password rejected, report it to the user */
             err = kim_ui_handle_error (in_ui_context, in_identity,
                                        rejected_err,
-                                       rejected_message, 
+                                       rejected_message,
                                        rejected_description);
-            
-        } else if (err && err != KIM_USER_CANCELED_ERR && 
+
+        } else if (err && err != KIM_USER_CANCELED_ERR &&
                           err != KIM_DUPLICATE_UI_REQUEST_ERR) {
             /* New creds failed, report error to user.
              * Overwrite error so we loop and let the user try again.
              * The user always gets prompted so we always loop. */
-            err = kim_ui_handle_kim_error (in_ui_context, in_identity, 
+            err = kim_ui_handle_kim_error (in_ui_context, in_identity,
                                            kim_ui_error_type_change_password,
                                            err);
-            
+
         } else {
             /* password change succeeded or the user gave up */
             done = 1;
-            
+
             if (!err && out_new_password) {
                 err = kim_string_copy (out_new_password, new_password);
             }
-            
+
             if (!err) {
                 kim_error terr = KIM_NO_ERROR;
                 kim_string saved_password = NULL;
-                
-                terr = kim_os_identity_get_saved_password (in_identity, 
+
+                terr = kim_os_identity_get_saved_password (in_identity,
                                                            &saved_password);
-                if (!terr) { 
+                if (!terr) {
                     /* We changed the password and the user had their
                      * old password saved.  Update it. */
                     terr = kim_os_identity_set_saved_password (in_identity,
                                                                new_password);
                 }
-                
+
                 kim_string_free (&saved_password);
             }
 
             if (err == KIM_DUPLICATE_UI_REQUEST_ERR) { err = KIM_NO_ERROR; }
         }
-        
+
         kim_string_free (&rejected_message);
         kim_string_free (&rejected_description);
-        
+
         kim_ui_free_string (in_ui_context, &old_password);
         kim_ui_free_string (in_ui_context, &new_password);
-        kim_ui_free_string (in_ui_context, &verify_password);         
+        kim_ui_free_string (in_ui_context, &verify_password);
     }
-    
+
     return check_error (err);
 }
 
@@ -763,22 +763,22 @@ kim_error kim_identity_change_password (kim_identity in_identity)
     kim_boolean ui_inited = 0;
 
     if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ui_init (&context);
         if (!err) { ui_inited = 1; }
     }
-    
+
     if (!err) {
-        err = kim_identity_change_password_common (in_identity, 0, 
+        err = kim_identity_change_password_common (in_identity, 0,
                                                    &context, NULL);
     }
-    
+
     if (ui_inited) {
         kim_error fini_err = kim_ui_fini (&context);
         if (!err) { err = check_error (fini_err); }
     }
-    
+
     return check_error (err);
 }
 
@@ -786,16 +786,16 @@ kim_error kim_identity_change_password (kim_identity in_identity)
 
 void kim_identity_free (kim_identity *io_identity)
 {
-    if (io_identity && *io_identity) { 
+    if (io_identity && *io_identity) {
         kim_identity identity = *io_identity;
-        
-        if (identity->context) { 
-            if (identity->principal) { 
-                krb5_free_principal (identity->context, identity->principal); 
+
+        if (identity->context) {
+            if (identity->principal) {
+                krb5_free_principal (identity->context, identity->principal);
             }
             krb5_free_context (identity->context);
         }
-        
+
         free (identity);
         *io_identity = NULL;
     }
diff --git a/src/kim/lib/kim_library.c b/src/kim/lib/kim_library.c
index 0272aa7fd..78996d8fa 100644
--- a/src/kim/lib/kim_library.c
+++ b/src/kim/lib/kim_library.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +47,7 @@ static int kim_error_init (void)
 {
     add_error_table (&et_KIM_error_table);
 #if KIM_TO_KLL_SHIM
-    add_error_table (&et_KLL_error_table);    
+    add_error_table (&et_KLL_error_table);
 #endif
     return 0;
 }
@@ -93,23 +93,23 @@ MAKE_FINI_FUNCTION(kim_thread_fini);
 static int kim_thread_init (void)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err) {
         err = k5_mutex_finish_init (&g_allow_home_directory_access_mutex);
     }
-    
+
     if (!err) {
         err = k5_mutex_finish_init (&g_allow_automatic_prompting_mutex);
     }
-    
+
     if (!err) {
         err = k5_mutex_finish_init (&g_ui_environment_mutex);
     }
-    
+
     if (!err) {
         err = k5_mutex_finish_init (&g_application_name_mutex);
     }
-    
+
     return err;
 }
 
@@ -120,7 +120,7 @@ static void kim_thread_fini (void)
     if (!INITIALIZER_RAN (kim_thread_init) || PROGRAM_EXITING ()) {
 	return;
     }
-    
+
     k5_mutex_destroy (&g_allow_home_directory_access_mutex);
     k5_mutex_destroy (&g_allow_automatic_prompting_mutex);
     k5_mutex_destroy (&g_ui_environment_mutex);
@@ -135,16 +135,16 @@ kim_error kim_library_set_allow_home_directory_access (kim_boolean in_allow_acce
 {
     kim_error err = CALL_INIT_FUNCTION (kim_thread_init);
     kim_error mutex_err = KIM_NO_ERROR;
-    
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_allow_home_directory_access_mutex);
         if (mutex_err) { err = mutex_err; }
     }
-    
+
     if (!err) {
         g_allow_home_directory_access = in_allow_access;
     }
-    
+
     if (!mutex_err) { k5_mutex_unlock (&g_allow_home_directory_access_mutex); }
     return check_error (err);
 }
@@ -155,18 +155,18 @@ static kim_error kim_library_get_allow_home_directory_access (kim_boolean *out_a
 {
     kim_error err = CALL_INIT_FUNCTION (kim_thread_init);
     kim_error mutex_err = KIM_NO_ERROR;
-    
+
     if (!err && !out_allow_access) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_allow_home_directory_access_mutex);;
         if (mutex_err) { err = mutex_err; }
     }
-    
+
     if (!err) {
         *out_allow_access = g_allow_home_directory_access;
     }
-    
+
     if (!mutex_err) { k5_mutex_unlock (&g_allow_home_directory_access_mutex); }
     return check_error (err);
 }
@@ -177,7 +177,7 @@ kim_boolean kim_library_allow_home_directory_access (void)
 {
     kim_boolean allow_access = FALSE;
     kim_error err = kim_library_get_allow_home_directory_access (&allow_access);
-    
+
     return !err ? allow_access : FALSE;
 }
 
@@ -191,16 +191,16 @@ kim_error kim_library_set_allow_automatic_prompting (kim_boolean in_allow_automa
 {
     kim_error err = CALL_INIT_FUNCTION (kim_thread_init);
     kim_error mutex_err = KIM_NO_ERROR;
-    
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_allow_automatic_prompting_mutex);
         if (mutex_err) { err = mutex_err; }
     }
-    
+
     if (!err) {
         g_allow_automatic_prompting = in_allow_automatic_prompting;
     }
-    
+
     if (!mutex_err) { k5_mutex_unlock (&g_allow_automatic_prompting_mutex); }
     return check_error (err);
 }
@@ -211,18 +211,18 @@ static kim_error kim_library_get_allow_automatic_prompting (kim_boolean *out_all
 {
     kim_error err = CALL_INIT_FUNCTION (kim_thread_init);
     kim_error mutex_err = KIM_NO_ERROR;
-    
+
     if (!err && !out_allow_automatic_prompting) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_allow_automatic_prompting_mutex);;
         if (mutex_err) { err = mutex_err; }
     }
-    
+
     if (!err) {
         *out_allow_automatic_prompting = g_allow_automatic_prompting;
     }
-    
+
     if (!mutex_err) { k5_mutex_unlock (&g_allow_automatic_prompting_mutex); }
     return check_error (err);
 }
@@ -234,45 +234,45 @@ kim_boolean kim_library_allow_automatic_prompting (void)
     kim_boolean allow_automatic_prompting = TRUE;
     kim_error err = kim_library_get_allow_automatic_prompting (&allow_automatic_prompting);
     if (err) { allow_automatic_prompting = TRUE; }
-    
+
     if (allow_automatic_prompting && getenv ("KERBEROSLOGIN_NEVER_PROMPT")) {
         kim_debug_printf ("KERBEROSLOGIN_NEVER_PROMPT is set.");
         allow_automatic_prompting = FALSE;
     }
-    
+
     if (allow_automatic_prompting && getenv ("KIM_NEVER_PROMPT")) {
         kim_debug_printf ("KIM_NEVER_PROMPT is set.");
         allow_automatic_prompting = FALSE;
     }
-    
+
     if (allow_automatic_prompting && !kim_os_library_caller_uses_gui ()) {
         kim_debug_printf ("Caller is not using gui.");
         allow_automatic_prompting = FALSE;
     }
 
     if (allow_automatic_prompting) {
-        /* Make sure there is at least 1 config file. We don't support DNS 
+        /* Make sure there is at least 1 config file. We don't support DNS
          * domain-realm lookup, so if there is no config, Kerberos won't work. */
-        
+
         kim_boolean kerberos_config_exists = FALSE;
         char **files = NULL;
         profile_t profile = NULL;
-        
+
         if (krb5_get_default_config_files (&files) == 0) {
             if (profile_init ((const_profile_filespec_t *) files, &profile) == 0) {
                 kerberos_config_exists = TRUE;
             }
         }
-        
+
         if (!kerberos_config_exists) {
             kim_debug_printf ("No valid config file.");
             allow_automatic_prompting = FALSE;
         }
-        
+
         if (profile) { profile_abandon (profile); }
-        if (files  ) { krb5_free_config_files (files); }        
+        if (files  ) { krb5_free_config_files (files); }
     }
-    
+
     return allow_automatic_prompting;
 }
 
@@ -284,16 +284,16 @@ kim_error kim_library_set_ui_environment (kim_ui_environment in_ui_environment)
 {
     kim_error err = CALL_INIT_FUNCTION (kim_thread_init);
     kim_error mutex_err = KIM_NO_ERROR;
-    
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_ui_environment_mutex);
         if (mutex_err) { err = mutex_err; }
     }
-    
+
     if (!err) {
         g_ui_environment = in_ui_environment;
     }
-    
+
     if (!mutex_err) { k5_mutex_unlock (&g_ui_environment_mutex); }
     return check_error (err);
 }
@@ -304,18 +304,18 @@ static kim_error kim_library_get_ui_environment (kim_ui_environment *out_ui_envi
 {
     kim_error err = CALL_INIT_FUNCTION (kim_thread_init);
     kim_error mutex_err = KIM_NO_ERROR;
-    
+
     if (!err && !out_ui_environment) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_ui_environment_mutex);;
         if (mutex_err) { err = mutex_err; }
     }
-    
+
     if (!err) {
         *out_ui_environment = g_ui_environment;
     }
-    
+
     if (!mutex_err) { k5_mutex_unlock (&g_ui_environment_mutex); }
     return check_error (err);
 }
@@ -326,13 +326,13 @@ kim_ui_environment kim_library_ui_environment (void)
 {
     kim_error err = KIM_NO_ERROR;
     kim_ui_environment ui_environment = KIM_UI_ENVIRONMENT_AUTO;
-    
+
     err = kim_library_get_ui_environment (&ui_environment);
-    
+
     if (!err && ui_environment == KIM_UI_ENVIRONMENT_AUTO) {
         ui_environment = kim_os_library_get_ui_environment ();
     }
-    
+
     return !err ? ui_environment : KIM_UI_ENVIRONMENT_NONE;
 }
 
@@ -344,15 +344,15 @@ kim_error kim_library_set_application_name (kim_string in_application_name)
 {
     kim_error err = CALL_INIT_FUNCTION (kim_thread_init);
     kim_error mutex_err = KIM_NO_ERROR;
-    
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_application_name_mutex);
         if (mutex_err) { err = mutex_err; }
     }
-    
+
     if (!err) {
         kim_string old_application_name = g_application_name;
-        
+
         if (in_application_name) {
             err = kim_string_copy (&g_application_name, in_application_name);
         } else {
@@ -361,7 +361,7 @@ kim_error kim_library_set_application_name (kim_string in_application_name)
 
         if (!err) { kim_string_free (&old_application_name); }
     }
-    
+
     if (!mutex_err) { k5_mutex_unlock (&g_application_name_mutex); }
     return check_error (err);
 }
@@ -373,31 +373,31 @@ kim_error kim_library_get_application_name (kim_string *out_application_name)
     kim_error err = CALL_INIT_FUNCTION (kim_thread_init);
     kim_error mutex_err = KIM_NO_ERROR;
     kim_string application_name = NULL;
-    
+
     if (!err && !out_application_name) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_application_name_mutex);
         if (mutex_err) { err = mutex_err; }
     }
-    
+
     if (!err && g_application_name) {
         err = kim_string_copy (&application_name, g_application_name);
     }
-    
+
     if (!mutex_err) { k5_mutex_unlock (&g_application_name_mutex); }
-    
+
     if (!err && !application_name) {
         err = kim_os_library_get_caller_name (&application_name);
     }
-    
+
     if (!err) {
         *out_application_name = application_name;
         application_name = NULL;
-        
+
     }
-    
+
     kim_string_free (&application_name);
-    
+
     return check_error (err);
 }
diff --git a/src/kim/lib/kim_library_private.h b/src/kim/lib/kim_library_private.h
index 146474b0e..75ea4fd3e 100644
--- a/src/kim/lib/kim_library_private.h
+++ b/src/kim/lib/kim_library_private.h
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/kim/lib/kim_options.c b/src/kim/lib/kim_options.c
index 5c45fb35a..989c163fa 100644
--- a/src/kim/lib/kim_options.c
+++ b/src/kim/lib/kim_options.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -41,10 +41,10 @@ struct kim_options_opaque {
     krb5_get_init_creds_opt *init_cred_options;
 };
 
-struct kim_options_opaque kim_options_initializer = { 
-0, 
-kim_default_lifetime, 
-kim_default_renewable, 
+struct kim_options_opaque kim_options_initializer = {
+0,
+kim_default_lifetime,
+kim_default_renewable,
 kim_default_renewal_lifetime,
 kim_default_forwardable,
 kim_default_proxiable,
@@ -59,23 +59,23 @@ static inline kim_error kim_options_allocate (kim_options *out_options)
 {
     kim_error err = kim_library_init ();
     kim_options options = NULL;
-    
+
     if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         options = malloc (sizeof (*options));
         if (!options) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         *options = kim_options_initializer;
         *out_options = options;
         options = NULL;
     }
-    
+
     kim_options_free (&options);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -92,29 +92,29 @@ kim_error kim_options_create (kim_options *out_options)
     kim_error err = KIM_NO_ERROR;
     kim_preferences preferences = NULL;
     kim_options options = KIM_OPTIONS_DEFAULT;
-    
+
     if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_preferences_create (&preferences);
     }
-    
+
     if (!err) {
         err = kim_preferences_get_options (preferences, &options);
     }
-    
+
     if (!err && !options) {
         err = kim_options_allocate (&options);
     }
-    
+
     if (!err) {
         *out_options = options;
         options = NULL; /* caller takes ownership */
     }
-    
+
     kim_options_free (&options);
     kim_preferences_free (&preferences);
-    
+
     return check_error (err);
 }
 
@@ -125,12 +125,12 @@ kim_error kim_options_copy (kim_options *out_options,
 {
     kim_error err = KIM_NO_ERROR;
     kim_options options = KIM_OPTIONS_DEFAULT;
-    
+
     if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && in_options != KIM_OPTIONS_DEFAULT) {
         err = kim_options_allocate (&options);
-        
+
         if (!err) {
             options->start_time = in_options->start_time;
             options->lifetime = in_options->lifetime;
@@ -139,21 +139,21 @@ kim_error kim_options_copy (kim_options *out_options,
             options->forwardable = in_options->forwardable;
             options->proxiable = in_options->proxiable;
             options->addressless = in_options->addressless;
-            
+
             if (in_options->service_name) {
-                err = kim_string_copy (&options->service_name, 
+                err = kim_string_copy (&options->service_name,
                                        in_options->service_name);
             }
         }
     }
-    
+
     if (!err) {
         *out_options = options;
         options = NULL;
     }
-    
+
     kim_options_free (&options);
-    
+
     return check_error (err);
 }
 
@@ -163,13 +163,13 @@ kim_error kim_options_set_start_time (kim_options io_options,
                                       kim_time    in_start_time)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_options->start_time = in_start_time;
     }
-    
+
     return check_error (err);
 }
 
@@ -179,14 +179,14 @@ kim_error kim_options_get_start_time (kim_options  in_options,
                                       kim_time    *out_start_time)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_start_time) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_start_time = in_options->start_time;
     }
-    
+
     return check_error (err);
 }
 
@@ -196,13 +196,13 @@ kim_error kim_options_set_lifetime (kim_options  io_options,
                                     kim_lifetime in_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_options->lifetime = in_lifetime;
     }
-    
+
     return check_error (err);
 }
 
@@ -212,14 +212,14 @@ kim_error kim_options_get_lifetime (kim_options   in_options,
                                     kim_lifetime *out_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_lifetime) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_lifetime = in_options->lifetime;
     }
-    
+
     return check_error (err);
 }
 
@@ -229,13 +229,13 @@ kim_error kim_options_set_renewable (kim_options io_options,
                                      kim_boolean in_renewable)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_options->renewable = in_renewable;
     }
-    
+
     return check_error (err);
 }
 
@@ -245,14 +245,14 @@ kim_error kim_options_get_renewable (kim_options  in_options,
                                      kim_boolean *out_renewable)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_renewable) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_renewable = in_options->renewable;
     }
-    
+
     return check_error (err);
 }
 
@@ -262,13 +262,13 @@ kim_error kim_options_set_renewal_lifetime (kim_options  io_options,
                                             kim_lifetime in_renewal_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_options->renewal_lifetime = in_renewal_lifetime;
     }
-    
+
     return check_error (err);
 }
 
@@ -278,14 +278,14 @@ kim_error kim_options_get_renewal_lifetime (kim_options   in_options,
                                             kim_lifetime *out_renewal_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options          ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_renewal_lifetime) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_renewal_lifetime = in_options->renewal_lifetime;
     }
-    
+
     return check_error (err);
 }
 
@@ -295,13 +295,13 @@ kim_error kim_options_set_forwardable (kim_options io_options,
                                        kim_boolean in_forwardable)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_options->forwardable = in_forwardable;
     }
-    
+
     return check_error (err);
 }
 
@@ -311,14 +311,14 @@ kim_error kim_options_get_forwardable (kim_options  in_options,
                                        kim_boolean *out_forwardable)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_forwardable) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_forwardable = in_options->forwardable;
     }
-    
+
     return check_error (err);
 }
 
@@ -328,13 +328,13 @@ kim_error kim_options_set_proxiable (kim_options io_options,
                                      kim_boolean in_proxiable)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_options->proxiable = in_proxiable;
     }
-    
+
     return check_error (err);
 }
 
@@ -344,14 +344,14 @@ kim_error kim_options_get_proxiable (kim_options  in_options,
                                      kim_boolean *out_proxiable)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_proxiable) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_proxiable = in_options->proxiable;
     }
-    
+
     return check_error (err);
 }
 
@@ -361,13 +361,13 @@ kim_error kim_options_set_addressless (kim_options io_options,
                                        kim_boolean in_addressless)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_options->addressless = in_addressless;
     }
-    
+
     return check_error (err);
 }
 
@@ -377,14 +377,14 @@ kim_error kim_options_get_addressless (kim_options  in_options,
                                        kim_boolean *out_addressless)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_addressless) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_addressless = in_options->addressless;
     }
-    
+
     return check_error (err);
 }
 
@@ -394,9 +394,9 @@ kim_error kim_options_set_service_name (kim_options  io_options,
                                         kim_string   in_service_name)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
 	kim_string_free (&io_options->service_name);
         if (in_service_name) {
@@ -405,7 +405,7 @@ kim_error kim_options_set_service_name (kim_options  io_options,
             io_options->service_name = kim_empty_string;
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -415,19 +415,19 @@ kim_error kim_options_get_service_name (kim_options  in_options,
                                         kim_string  *out_service_name)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_service_name) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        if (in_options->service_name && 
+        if (in_options->service_name &&
             in_options->service_name != kim_empty_string) {
             err = kim_string_copy (out_service_name, in_options->service_name);
         } else {
             *out_service_name = NULL;
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -465,64 +465,64 @@ krb5_get_init_creds_opt *kim_options_init_cred_options (kim_options in_options)
 {
     kim_error err = KIM_NO_ERROR;
     krb5_address **addresses = NULL;
-    
+
     if (!err && !in_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && !in_options->init_cred_context) {
         err = krb5_error (NULL,
                           krb5_init_context (&in_options->init_cred_context));
     }
-    
+
     if (!err && !in_options->addressless) {
-        err = krb5_error (in_options->init_cred_context, 
-                          krb5_os_localaddr (in_options->init_cred_context, 
+        err = krb5_error (in_options->init_cred_context,
+                          krb5_os_localaddr (in_options->init_cred_context,
                                              &addresses));
     }
-    
+
     if (!err && !in_options->init_cred_options) {
         err = krb5_error (in_options->init_cred_context,
-                          krb5_get_init_creds_opt_alloc (in_options->init_cred_context, 
+                          krb5_get_init_creds_opt_alloc (in_options->init_cred_context,
                                                          &in_options->init_cred_options));
     }
-    
+
     if (!err) {
-        krb5_get_init_creds_opt_set_tkt_life (in_options->init_cred_options, 
+        krb5_get_init_creds_opt_set_tkt_life (in_options->init_cred_options,
                                               in_options->lifetime);
-        krb5_get_init_creds_opt_set_renew_life (in_options->init_cred_options, 
+        krb5_get_init_creds_opt_set_renew_life (in_options->init_cred_options,
                                                 in_options->renewable ? in_options->renewal_lifetime : 0);
-        krb5_get_init_creds_opt_set_forwardable (in_options->init_cred_options, 
+        krb5_get_init_creds_opt_set_forwardable (in_options->init_cred_options,
                                                  in_options->forwardable);
-        krb5_get_init_creds_opt_set_proxiable (in_options->init_cred_options, 
+        krb5_get_init_creds_opt_set_proxiable (in_options->init_cred_options,
                                                in_options->proxiable);
-        krb5_get_init_creds_opt_set_address_list (in_options->init_cred_options, 
+        krb5_get_init_creds_opt_set_address_list (in_options->init_cred_options,
                                                   addresses);
         addresses = NULL;
     }
-    
-    if (addresses) { krb5_free_addresses (in_options->init_cred_context, 
+
+    if (addresses) { krb5_free_addresses (in_options->init_cred_context,
                                           addresses); }
-    
-    return !check_error (err) ? in_options->init_cred_options : NULL;    
+
+    return !check_error (err) ? in_options->init_cred_options : NULL;
 }
 
 /* ------------------------------------------------------------------------ */
 
 void kim_options_free (kim_options *io_options)
 {
-    if (io_options && *io_options) { 
-        kim_string_free (&(*io_options)->service_name); 
+    if (io_options && *io_options) {
+        kim_string_free (&(*io_options)->service_name);
         if ((*io_options)->init_cred_context) {
             if ((*io_options)->init_cred_options) {
                 if ((*io_options)->init_cred_options->address_list) {
-                    krb5_free_addresses ((*io_options)->init_cred_context, 
+                    krb5_free_addresses ((*io_options)->init_cred_context,
                                          (*io_options)->init_cred_options->address_list);
                 }
-                krb5_get_init_creds_opt_free ((*io_options)->init_cred_context, 
+                krb5_get_init_creds_opt_free ((*io_options)->init_cred_context,
                                               (*io_options)->init_cred_options);
             }
             krb5_free_context ((*io_options)->init_cred_context);
         }
-        
+
         free (*io_options);
         *io_options = NULL;
     }
@@ -539,47 +539,47 @@ kim_error kim_options_write_to_stream (kim_options   in_options,
     kim_options options = in_options;
 
     if (!err && !io_stream ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && !in_options) {
         err = kim_options_create (&options);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int64 (io_stream, options->start_time);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int64 (io_stream, options->lifetime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (io_stream, options->renewable);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_int64 (io_stream, 
+        err = krb5int_ipc_stream_write_int64 (io_stream,
                                          options->renewal_lifetime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (io_stream, options->forwardable);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (io_stream, options->proxiable);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (io_stream, options->addressless);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (io_stream,  options->service_name);
     }
-    
+
     if (options != in_options) { kim_options_free (&options); }
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -588,43 +588,43 @@ kim_error kim_options_read_from_stream (kim_options    io_options,
                                         k5_ipc_stream  io_stream)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_stream ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int64 (io_stream, &io_options->start_time);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int64 (io_stream, &io_options->lifetime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (io_stream, &io_options->renewable);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_read_int64 (io_stream, 
+        err = krb5int_ipc_stream_read_int64 (io_stream,
                                         &io_options->renewal_lifetime);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (io_stream, &io_options->forwardable);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (io_stream, &io_options->proxiable);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_int32 (io_stream, &io_options->addressless);
     }
-    
+
     if (!err) {
         char *service_name = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &service_name);
-        
+
         if (!err) {
             kim_string_free (&io_options->service_name);
             if (service_name[0]) {
@@ -633,21 +633,21 @@ kim_error kim_options_read_from_stream (kim_options    io_options,
                 io_options->service_name = kim_empty_string;
             }
         }
-        
+
         krb5int_ipc_stream_free_string (service_name);
     }
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 kim_error kim_options_create_from_stream (kim_options   *out_options,
-                                          k5_ipc_stream  io_stream) 
+                                          k5_ipc_stream  io_stream)
 {
     kim_error err = KIM_NO_ERROR;
     kim_options options = NULL;
-    
+
     if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_stream  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
 
@@ -658,13 +658,13 @@ kim_error kim_options_create_from_stream (kim_options   *out_options,
     if (!err) {
         kim_options_read_from_stream (options, io_stream);
     }
-    
+
     if (!err) {
         *out_options = options;
         options = NULL;
     }
-    
-    kim_options_free (&options); 
-    
+
+    kim_options_free (&options);
+
     return check_error (err);
 }
diff --git a/src/kim/lib/kim_preferences.c b/src/kim/lib/kim_preferences.c
index a9bd6ce55..19ee9030b 100644
--- a/src/kim/lib/kim_preferences.c
+++ b/src/kim/lib/kim_preferences.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -53,14 +53,14 @@ struct kim_preferences_opaque {
 
 const struct kim_favorites_opaque kim_default_favorites = { 0, NULL, NULL };
 
-struct kim_preferences_opaque kim_preferences_initializer = { 
-KIM_OPTIONS_DEFAULT, 
+struct kim_preferences_opaque kim_preferences_initializer = {
+KIM_OPTIONS_DEFAULT,
 FALSE,
-kim_default_remember_options, 
+kim_default_remember_options,
 FALSE,
-kim_default_client_identity, 
+kim_default_client_identity,
 FALSE,
-kim_default_remember_client_identity, 
+kim_default_remember_client_identity,
 FALSE,
 kim_default_minimum_lifetime,
 kim_default_maximum_lifetime,
@@ -79,13 +79,13 @@ static kim_error kim_favorites_resize (kim_favorites io_favorites,
                                        kim_count     in_new_count)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && io_favorites->count != in_new_count) {
         kim_identity *identities = NULL;
         kim_options *options = NULL;
-        
+
         if (in_new_count == 0) {
             if (io_favorites->identities) {
                 free (io_favorites->identities);
@@ -97,22 +97,22 @@ static kim_error kim_favorites_resize (kim_favorites io_favorites,
             if (!io_favorites->identities) {
                 identities = malloc (sizeof (*identities) * in_new_count);
             } else {
-                identities = realloc (io_favorites->identities, 
+                identities = realloc (io_favorites->identities,
                                       sizeof (*identities) * in_new_count);
             }
             if (!identities) { err = KIM_OUT_OF_MEMORY_ERR; }
-            
+
             if (!err) {
                 if (!io_favorites->options) {
                     options = malloc (sizeof (*options) * in_new_count);
                 } else {
-                    options = realloc (io_favorites->options, 
+                    options = realloc (io_favorites->options,
                                        sizeof (*options) * in_new_count);
                 }
                 if (!options) { err = KIM_OUT_OF_MEMORY_ERR; }
             }
         }
-        
+
         if (!err) {
             io_favorites->count = in_new_count;
             io_favorites->identities = identities;
@@ -120,12 +120,12 @@ static kim_error kim_favorites_resize (kim_favorites io_favorites,
             identities = NULL;
             options = NULL;
         }
-        
+
         if (identities) { free (identities); }
         if (options   ) { free (options); }
     }
-    
-    return check_error (err);        
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -134,28 +134,28 @@ static kim_error kim_favorites_copy (kim_favorites in_favorites,
                                      kim_favorites io_favorites)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_favorites_resize (io_favorites, in_favorites->count);
     }
-    
+
     if (!err) {
         kim_count i;
-        
+
         for (i = 0; !err && i < io_favorites->count; i++) {
-            err = kim_identity_copy (&io_favorites->identities[i], 
+            err = kim_identity_copy (&io_favorites->identities[i],
                                      in_favorites->identities[i]);
-            
+
             if (!err) {
-                err = kim_options_copy (&io_favorites->options[i], 
+                err = kim_options_copy (&io_favorites->options[i],
                                         in_favorites->options[i]);
             }
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -165,14 +165,14 @@ kim_error kim_favorites_get_number_of_identities (kim_favorites  in_favorites,
                                                   kim_count     *out_number_of_identities)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_favorites            ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_number_of_identities) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_number_of_identities = in_favorites->count;
     }
-    
+
     return check_error (err);
 }
 
@@ -186,39 +186,39 @@ kim_error kim_favorites_get_identity_at_index (kim_favorites  in_favorites,
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = NULL;
     kim_options options = KIM_OPTIONS_DEFAULT;
-    
+
     if (!err && !in_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* out_options may be NULL */
-    
+
     if (!err) {
         if (in_index >= in_favorites->count) {
-            err = kim_error_set_message_for_code (KIM_BAD_IDENTITY_INDEX_ERR, 
+            err = kim_error_set_message_for_code (KIM_BAD_IDENTITY_INDEX_ERR,
                                                   in_index);
         }
     }
-    
+
     if (!err) {
         err = kim_identity_copy (&identity, in_favorites->identities[in_index]);
     }
-    
+
     if (!err && in_favorites->options[in_index]) {
         err = kim_options_copy (&options, in_favorites->options[in_index]);
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
-        
+
         if (out_options) {
             *out_options = options;
             options = NULL;
         }
     }
-    
+
     kim_identity_free (&identity);
     kim_options_free (&options);
-    
+
     return check_error (err);
 }
 
@@ -232,78 +232,78 @@ kim_error kim_favorites_add_identity (kim_favorites io_favorites,
     kim_identity identity = NULL;
     kim_options options = KIM_OPTIONS_DEFAULT;
     kim_count insert_at = 0;
-    
+
     if (!err && !io_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* in_options may be KIM_OPTIONS_DEFAULT (NULL) */
-    
+
     if (!err) {
         err = kim_identity_copy (&identity, in_identity);
     }
-    
+
     if (!err) {
         err = kim_options_copy (&options, in_options);
     }
-    
+
     if (!err) {
         kim_count i;
-        
+
         for (i = 0; !err && i < io_favorites->count; i++) {
             kim_comparison comparison = 0;
-            
+
             err = kim_identity_compare (io_favorites->identities[i],
-                                        in_identity, 
+                                        in_identity,
                                         &comparison);
-            
+
             if (!err) {
                 if (kim_comparison_is_greater_than (comparison)) {
                     /* insert before the first entry that is greater than us */
-                    break; 
-                    
+                    break;
+
                 } else if (kim_comparison_is_equal_to (comparison)) {
                     /* already in list */
                     kim_string display_string = NULL;
-                    
-                    err = kim_identity_get_display_string (in_identity, 
+
+                    err = kim_identity_get_display_string (in_identity,
                                                            &display_string);
-                    
+
                     if (!err) {
-                        err = kim_error_set_message_for_code (KIM_IDENTITY_ALREADY_IN_LIST_ERR, 
+                        err = kim_error_set_message_for_code (KIM_IDENTITY_ALREADY_IN_LIST_ERR,
                                                               display_string);
                     }
-                    
+
                     kim_string_free (&display_string);
                 }
             }
         }
-        
+
         insert_at = i;  /* Remember where we are going to insert */
     }
-    
+
     if (!err) {
-        err = kim_favorites_resize (io_favorites, 
+        err = kim_favorites_resize (io_favorites,
                                     io_favorites->count + 1);
     }
-    
+
     if (!err) {
         kim_count move_count = io_favorites->count - 1 - insert_at;
-        
+
         memmove (&io_favorites->identities[insert_at + 1],
                  &io_favorites->identities[insert_at],
                  move_count * sizeof (*io_favorites->identities));
         io_favorites->identities[insert_at] = identity;
         identity = NULL;
-        
+
         memmove (&io_favorites->options[insert_at + 1],
                  &io_favorites->options[insert_at],
                  move_count * sizeof (*io_favorites->options));
         io_favorites->options[insert_at] = options;
         options = NULL;
     }
-    
+
     kim_options_free (&options);
     kim_identity_free (&identity);
-    
+
     return check_error (err);
 }
 
@@ -315,56 +315,56 @@ kim_error kim_favorites_remove_identity (kim_favorites io_favorites,
     kim_error err = KIM_NO_ERROR;
     kim_boolean found = 0;
     kim_count i;
-    
+
     if (!err && !io_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         for (i = 0; !err && !found && i < io_favorites->count; i++) {
             kim_identity identity = io_favorites->identities[i];
             kim_options options = io_favorites->options[i];
             kim_comparison comparison;
-            
+
             err = kim_identity_compare (in_identity, identity, &comparison);
-            
+
             if (!err && kim_comparison_is_equal_to (comparison)) {
                 kim_error terr = KIM_NO_ERROR;
                 kim_count new_count = io_favorites->count - 1;
-                
+
                 found = 1;
-                
-                memmove (&io_favorites->identities[i], 
+
+                memmove (&io_favorites->identities[i],
                          &io_favorites->identities[i + 1],
                          (new_count - i) * sizeof (*io_favorites->identities));
-                
-                memmove (&io_favorites->options[i], 
+
+                memmove (&io_favorites->options[i],
                          &io_favorites->options[i + 1],
                          (new_count - i) * sizeof (*io_favorites->options));
-                
+
                 terr = kim_favorites_resize (io_favorites, new_count);
                 if (terr) {
                     kim_debug_printf ("failed to resize list to %d.  Continuing.", new_count);
                 }
-                
+
                 kim_options_free (&options);
                 kim_identity_free (&identity);
             }
         }
     }
-    
+
     if (!err && !found) {
         kim_string display_string = NULL;
-        
+
         err = kim_identity_get_display_string (in_identity, &display_string);
-        
+
         if (!err) {
-            err = kim_error_set_message_for_code (KIM_IDENTITY_NOT_IN_LIST_ERR, 
+            err = kim_error_set_message_for_code (KIM_IDENTITY_NOT_IN_LIST_ERR,
                                                   display_string);
         }
-        
+
         kim_string_free (&display_string);
     }
-    
+
     return check_error (err);
 }
 
@@ -373,12 +373,12 @@ kim_error kim_favorites_remove_identity (kim_favorites io_favorites,
 kim_error kim_favorites_remove_all_identities (kim_favorites io_favorites)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_count i;
-        
+
         for (i = 0; i < io_favorites->count; i++) {
             kim_identity_free (&io_favorites->identities[i]);
             kim_options_free (&io_favorites->options[i]);
@@ -389,7 +389,7 @@ kim_error kim_favorites_remove_all_identities (kim_favorites io_favorites)
         io_favorites->identities = NULL;
         io_favorites->options = NULL;
     }
-    
+
     return check_error (err);
 }
 
@@ -398,7 +398,7 @@ kim_error kim_favorites_remove_all_identities (kim_favorites io_favorites)
 static void kim_favorites_free (kim_favorites io_favorites)
 {
     kim_count i;
-    
+
     for (i = 0; i < io_favorites->count; i++) {
         kim_identity_free (&io_favorites->identities[i]);
         kim_options_free (&io_favorites->options[i]);
@@ -414,91 +414,91 @@ static void kim_favorites_free (kim_favorites io_favorites)
 static kim_error kim_preferences_read (kim_preferences in_preferences)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_options options = NULL;
-        
+
         err = kim_os_preferences_get_options_for_key (kim_preference_key_options,
                                                       &options);
-        
+
         if (!err) {
             kim_options_free (&in_preferences->options);
             in_preferences->options = options;
         }
     }
-    
+
     if (!err) {
         err = kim_os_preferences_get_boolean_for_key (kim_preference_key_remember_options,
                                                       kim_default_remember_options,
                                                       &in_preferences->remember_options);
     }
-    
+
     if (!err) {
         kim_identity default_identity = kim_default_client_identity;
         kim_identity identity = NULL;
-        
+
         err = kim_os_identity_create_for_username (&default_identity);
-        
+
         if (!err) {
             err = kim_os_preferences_get_identity_for_key (kim_preference_key_client_identity,
                                                            default_identity,
                                                            &identity);
         }
-        
+
         if (!err) {
             kim_identity_free (&in_preferences->client_identity);
             in_preferences->client_identity = identity;
             identity = NULL;
         }
-        
+
         kim_identity_free (&default_identity);
         kim_identity_free (&identity);
     }
-    
+
     if (!err) {
         err = kim_os_preferences_get_boolean_for_key (kim_preference_key_remember_client_identity,
                                                       kim_default_remember_client_identity,
                                                       &in_preferences->remember_client_identity);
     }
-    
+
     if (!err) {
         struct kim_favorites_opaque favorites = kim_default_favorites;
-        
+
         err = kim_os_preferences_get_favorites_for_key (kim_preference_key_favorites,
                                                         &favorites);
-        
+
         if (!err) {
             kim_favorites_remove_all_identities (&in_preferences->favorites);
             in_preferences->favorites = favorites;
         }
     }
-    
+
     if (!err) {
         err = kim_os_preferences_get_lifetime_for_key (kim_preference_key_minimum_lifetime,
                                                        kim_default_minimum_lifetime,
                                                        &in_preferences->minimum_lifetime);
     }
-    
+
     if (!err) {
         err = kim_os_preferences_get_lifetime_for_key (kim_preference_key_maximum_lifetime,
                                                        kim_default_maximum_lifetime,
                                                        &in_preferences->maximum_lifetime);
     }
-    
+
     if (!err) {
         err = kim_os_preferences_get_lifetime_for_key (kim_preference_key_minimum_renewal_lifetime,
                                                        kim_default_minimum_renewal_lifetime,
                                                        &in_preferences->minimum_renewal_lifetime);
     }
-    
+
     if (!err) {
         err = kim_os_preferences_get_lifetime_for_key (kim_preference_key_maximum_renewal_lifetime,
                                                        kim_default_maximum_renewal_lifetime,
                                                        &in_preferences->maximum_renewal_lifetime);
     }
-    
+
     return check_error (err);
 }
 
@@ -507,60 +507,60 @@ static kim_error kim_preferences_read (kim_preferences in_preferences)
 static kim_error kim_preferences_write (kim_preferences in_preferences)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && in_preferences->options_changed) {
         err = kim_os_preferences_set_options_for_key (kim_preference_key_options,
-                                                      in_preferences->options);        
+                                                      in_preferences->options);
     }
-    
+
     if (!err && in_preferences->remember_options_changed) {
-        err = kim_os_preferences_set_boolean_for_key (kim_preference_key_remember_options, 
+        err = kim_os_preferences_set_boolean_for_key (kim_preference_key_remember_options,
                                                       in_preferences->remember_options);
     }
-    
+
     if (!err && in_preferences->client_identity_changed) {
         kim_identity default_identity = kim_default_client_identity;
-        
+
         err = kim_os_identity_create_for_username (&default_identity);
-        
+
         if (!err) {
-            err = kim_os_preferences_set_identity_for_key (kim_preference_key_client_identity, 
+            err = kim_os_preferences_set_identity_for_key (kim_preference_key_client_identity,
                                                            in_preferences->client_identity);
         }
-        
+
         kim_identity_free (&default_identity);
     }
-    
+
     if (!err && in_preferences->remember_client_identity_changed) {
-        err = kim_os_preferences_set_boolean_for_key (kim_preference_key_remember_client_identity, 
+        err = kim_os_preferences_set_boolean_for_key (kim_preference_key_remember_client_identity,
                                                       in_preferences->remember_client_identity);
     }
-    
+
     if (!err && in_preferences->favorites_changed) {
-        err = kim_os_preferences_set_favorites_for_key (kim_preference_key_favorites, 
+        err = kim_os_preferences_set_favorites_for_key (kim_preference_key_favorites,
                                                         &in_preferences->favorites);
     }
-    
+
     if (!err && in_preferences->lifetime_range_changed) {
-        err = kim_os_preferences_set_lifetime_for_key (kim_preference_key_minimum_lifetime, 
+        err = kim_os_preferences_set_lifetime_for_key (kim_preference_key_minimum_lifetime,
                                                        in_preferences->minimum_lifetime);
         if (!err) {
-            err = kim_os_preferences_set_lifetime_for_key (kim_preference_key_maximum_lifetime, 
+            err = kim_os_preferences_set_lifetime_for_key (kim_preference_key_maximum_lifetime,
                                                            in_preferences->maximum_lifetime);
         }
     }
-    
+
     if (!err && in_preferences->renewal_lifetime_range_changed) {
-        err = kim_os_preferences_set_lifetime_for_key (kim_preference_key_minimum_renewal_lifetime, 
+        err = kim_os_preferences_set_lifetime_for_key (kim_preference_key_minimum_renewal_lifetime,
                                                        in_preferences->minimum_renewal_lifetime);
         if (!err) {
-            err = kim_os_preferences_set_lifetime_for_key (kim_preference_key_maximum_renewal_lifetime, 
+            err = kim_os_preferences_set_lifetime_for_key (kim_preference_key_maximum_renewal_lifetime,
                                                            in_preferences->maximum_renewal_lifetime);
         }
     }
-    
+
     if (!err) {
         in_preferences->options_changed = 0;
         in_preferences->remember_options_changed = 0;
@@ -570,7 +570,7 @@ static kim_error kim_preferences_write (kim_preferences in_preferences)
         in_preferences->renewal_lifetime_range_changed = 0;
         in_preferences->favorites_changed = 0;
     }
-    
+
     return check_error (err);
 }
 
@@ -582,23 +582,23 @@ static inline kim_error kim_preferences_allocate (kim_preferences *out_preferenc
 {
     kim_error err = kim_library_init ();
     kim_preferences preferences = NULL;
-    
+
     if (!err && !out_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         preferences = malloc (sizeof (*preferences));
         if (!preferences) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         *preferences = kim_preferences_initializer;
         *out_preferences = preferences;
         preferences = NULL;
     }
-    
+
     kim_preferences_free (&preferences);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -607,25 +607,25 @@ kim_error kim_preferences_create (kim_preferences *out_preferences)
 {
     kim_error err = KIM_NO_ERROR;
     kim_preferences preferences = NULL;
-    
+
     if (!err && !out_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_preferences_allocate (&preferences);
     }
-    
+
     if (!err) {
         err = kim_preferences_read (preferences);
     }
-    
+
     if (!err) {
         *out_preferences = preferences;
         preferences = NULL;
     }
-    
+
     kim_preferences_free (&preferences);
-    
-    
+
+
     return check_error (err);
 }
 
@@ -636,37 +636,37 @@ kim_error kim_preferences_copy (kim_preferences *out_preferences,
 {
     kim_error err = KIM_NO_ERROR;
     kim_preferences preferences = NULL;
-    
+
     if (!err && !out_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_preferences ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_preferences_allocate (&preferences);
     }
-    
+
     if (!err) {
         preferences->remember_options = in_preferences->remember_options;
         err = kim_options_copy (&preferences->options, in_preferences->options);
     }
-    
+
     if (!err) {
         preferences->remember_client_identity = in_preferences->remember_client_identity;
         err = kim_identity_copy (&preferences->client_identity, in_preferences->client_identity);
     }
-    
+
     if (!err) {
-        err = kim_favorites_copy (&preferences->favorites, 
+        err = kim_favorites_copy (&preferences->favorites,
                                   &in_preferences->favorites);
     }
-    
+
     if (!err) {
         *out_preferences = preferences;
         preferences = NULL;
     }
-    
+
     kim_preferences_free (&preferences);
-    
-    
+
+
     return check_error (err);
 }
 
@@ -677,20 +677,20 @@ kim_error kim_preferences_set_options (kim_preferences io_preferences,
 {
     kim_error err = KIM_NO_ERROR;
     kim_options options = NULL;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_options    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_options_copy (&options, in_options);
     }
-    
+
     if (!err) {
         kim_options_free (&io_preferences->options);
         io_preferences->options = options;
         io_preferences->options_changed = TRUE;
     }
-    
+
     return check_error (err);
 }
 
@@ -700,14 +700,14 @@ kim_error kim_preferences_get_options (kim_preferences  in_preferences,
                                        kim_options     *out_options)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_options   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_options_copy (out_options, in_preferences->options);
     }
-    
+
     return check_error (err);
 }
 
@@ -717,14 +717,14 @@ kim_error kim_preferences_set_remember_options (kim_preferences io_preferences,
                                                 kim_boolean     in_remember_options)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_preferences->remember_options = in_remember_options;
         io_preferences->remember_options_changed = TRUE;
     }
-    
+
     return check_error (err);
 }
 
@@ -734,14 +734,14 @@ kim_error kim_preferences_get_remember_options (kim_preferences  in_preferences,
                                                 kim_boolean     *out_remember_options)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_remember_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_remember_options = in_preferences->remember_options;
     }
-    
+
     return check_error (err);
 }
 
@@ -752,20 +752,20 @@ kim_error kim_preferences_set_client_identity (kim_preferences io_preferences,
 {
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = KIM_IDENTITY_ANY;
-    
+
     if (!err && !io_preferences    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* in_client_identity may be KIM_IDENTITY_ANY */
-    
+
     if (!err && in_client_identity) {
         err = kim_identity_copy (&identity, in_client_identity);
     }
-    
+
     if (!err) {
         kim_identity_free (&io_preferences->client_identity);
         io_preferences->client_identity = identity;
         io_preferences->client_identity_changed = TRUE;
     }
-    
+
     return check_error (err);
 }
 
@@ -775,14 +775,14 @@ kim_error kim_preferences_get_client_identity (kim_preferences  in_preferences,
                                                kim_identity    *out_client_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_copy (out_client_identity, in_preferences->client_identity);
     }
-    
+
     return check_error (err);
 }
 
@@ -792,14 +792,14 @@ kim_error kim_preferences_set_remember_client_identity (kim_preferences io_prefe
                                                         kim_boolean     in_remember_client_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_preferences->remember_client_identity = in_remember_client_identity;
         io_preferences->remember_client_identity_changed = TRUE;
     }
-    
+
     return check_error (err);
 }
 
@@ -809,14 +809,14 @@ kim_error kim_preferences_get_remember_client_identity (kim_preferences  in_pref
                                                         kim_boolean     *out_remember_client_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences              ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_remember_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_remember_client_identity = in_preferences->remember_client_identity;
     }
-    
+
     return check_error (err);
 }
 
@@ -826,14 +826,14 @@ kim_error kim_preferences_set_minimum_lifetime (kim_preferences io_preferences,
                                                 kim_lifetime    in_minimum_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_preferences->minimum_lifetime = in_minimum_lifetime;
         io_preferences->lifetime_range_changed = TRUE;
     }
-    
+
     return check_error (err);
 }
 
@@ -843,14 +843,14 @@ kim_error kim_preferences_get_minimum_lifetime (kim_preferences  in_preferences,
                                                 kim_lifetime    *out_minimum_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_minimum_lifetime) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_minimum_lifetime = in_preferences->minimum_lifetime;
     }
-    
+
     return check_error (err);
 }
 
@@ -860,14 +860,14 @@ kim_error kim_preferences_set_maximum_lifetime (kim_preferences io_preferences,
                                                 kim_lifetime    in_maximum_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_preferences->maximum_lifetime = in_maximum_lifetime;
         io_preferences->lifetime_range_changed = TRUE;
     }
-    
+
     return check_error (err);
 }
 
@@ -877,14 +877,14 @@ kim_error kim_preferences_get_maximum_lifetime (kim_preferences  in_preferences,
                                                 kim_lifetime    *out_maximum_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_maximum_lifetime) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_maximum_lifetime = in_preferences->maximum_lifetime;
     }
-    
+
     return check_error (err);
 }
 
@@ -894,14 +894,14 @@ kim_error kim_preferences_set_minimum_renewal_lifetime (kim_preferences io_prefe
                                                         kim_lifetime    in_minimum_renewal_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_preferences->minimum_renewal_lifetime = in_minimum_renewal_lifetime;
         io_preferences->renewal_lifetime_range_changed = TRUE;
     }
-    
+
     return check_error (err);
 }
 
@@ -911,14 +911,14 @@ kim_error kim_preferences_get_minimum_renewal_lifetime (kim_preferences  in_pref
                                                         kim_lifetime    *out_minimum_renewal_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences              ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_minimum_renewal_lifetime) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_minimum_renewal_lifetime = in_preferences->minimum_renewal_lifetime;
     }
-    
+
     return check_error (err);
 }
 
@@ -928,14 +928,14 @@ kim_error kim_preferences_set_maximum_renewal_lifetime (kim_preferences io_prefe
                                                         kim_lifetime    in_maximum_renewal_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_preferences->maximum_renewal_lifetime = in_maximum_renewal_lifetime;
         io_preferences->renewal_lifetime_range_changed = TRUE;
     }
-    
+
     return check_error (err);
 }
 
@@ -945,14 +945,14 @@ kim_error kim_preferences_get_maximum_renewal_lifetime (kim_preferences  in_pref
                                                         kim_lifetime    *out_maximum_renewal_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences              ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_maximum_renewal_lifetime) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_maximum_renewal_lifetime = in_preferences->maximum_renewal_lifetime;
     }
-    
+
     return check_error (err);
 }
 
@@ -973,18 +973,18 @@ kim_error kim_preferences_get_favorite_identity_at_index (kim_preferences  in_pr
                                                           kim_options     *out_options)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* out_options may be NULL */
-    
+
     if (!err) {
         err = kim_favorites_get_identity_at_index (&in_preferences->favorites,
                                                    in_index,
                                                    out_identity,
                                                    out_options);
     }
-    
+
     return check_error (err);
 }
 
@@ -995,20 +995,20 @@ kim_error kim_preferences_add_favorite_identity (kim_preferences io_preferences,
                                                  kim_options     in_options)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* in_options may be KIM_OPTIONS_DEFAULT (NULL) */
-    
+
     if (!err) {
         err = kim_favorites_add_identity (&io_preferences->favorites,
                                           in_identity, in_options);
     }
-    
+
     if (!err) {
         io_preferences->favorites_changed = 1;
     }
-    
+
     return check_error (err);
 }
 
@@ -1018,19 +1018,19 @@ kim_error kim_preferences_remove_favorite_identity (kim_preferences io_preferenc
                                                     kim_identity    in_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_favorites_remove_identity (&io_preferences->favorites,
                                              in_identity);
     }
-    
+
     if (!err) {
         io_preferences->favorites_changed = 1;
     }
-    
+
     return check_error (err);
 }
 
@@ -1039,17 +1039,17 @@ kim_error kim_preferences_remove_favorite_identity (kim_preferences io_preferenc
 kim_error kim_preferences_remove_all_favorite_identities (kim_preferences io_preferences)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_favorites_remove_all_identities (&io_preferences->favorites);
     }
-    
+
     if (!err) {
         io_preferences->favorites_changed = 1;
     }
-    
+
     return check_error (err);
 }
 
@@ -1058,17 +1058,17 @@ kim_error kim_preferences_remove_all_favorite_identities (kim_preferences io_pre
 kim_error kim_preferences_synchronize (kim_preferences in_preferences)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_preferences_write (in_preferences);
     }
-    
+
     if (!err) {
         err = kim_preferences_read (in_preferences);
     }
-    
+
     return check_error (err);
 }
 
@@ -1085,4 +1085,3 @@ void kim_preferences_free (kim_preferences *io_preferences)
         *io_preferences = NULL;
     }
 }
-
diff --git a/src/kim/lib/kim_preferences_private.h b/src/kim/lib/kim_preferences_private.h
index 239098829..1b7e247d7 100644
--- a/src/kim/lib/kim_preferences_private.h
+++ b/src/kim/lib/kim_preferences_private.h
@@ -90,37 +90,37 @@ kim_error kim_favorites_remove_all_identities (kim_favorites io_favorites);
 
 /* OS-specific functions to be implemented per-platform */
 
-kim_error kim_os_preferences_get_options_for_key (kim_preference_key  in_key, 
+kim_error kim_os_preferences_get_options_for_key (kim_preference_key  in_key,
                                                    kim_options       *out_options);
 
-kim_error kim_os_preferences_set_options_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_options_for_key (kim_preference_key in_key,
                                                   kim_options        in_options);
 
-kim_error kim_os_preferences_get_identity_for_key (kim_preference_key  in_key, 
+kim_error kim_os_preferences_get_identity_for_key (kim_preference_key  in_key,
                                                    kim_identity        in_hardcoded_default,
                                                    kim_identity       *out_identity);
 
-kim_error kim_os_preferences_set_identity_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_identity_for_key (kim_preference_key in_key,
                                                    kim_identity       in_identity);
 
-kim_error kim_os_preferences_get_favorites_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_get_favorites_for_key (kim_preference_key in_key,
                                                     kim_favorites      io_favorites);
 
-kim_error kim_os_preferences_set_favorites_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_favorites_for_key (kim_preference_key in_key,
                                                     kim_favorites      in_favorites);
 
-kim_error kim_os_preferences_get_lifetime_for_key (kim_preference_key  in_key, 
+kim_error kim_os_preferences_get_lifetime_for_key (kim_preference_key  in_key,
                                                    kim_lifetime        in_hardcoded_default,
                                                    kim_lifetime       *out_lifetime);
 
-kim_error kim_os_preferences_set_lifetime_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_lifetime_for_key (kim_preference_key in_key,
                                                    kim_lifetime       in_lifetime);
 
-kim_error kim_os_preferences_get_boolean_for_key (kim_preference_key  in_key, 
+kim_error kim_os_preferences_get_boolean_for_key (kim_preference_key  in_key,
                                                   kim_boolean         in_hardcoded_default,
                                                   kim_boolean        *out_boolean);
 
-kim_error kim_os_preferences_set_boolean_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_boolean_for_key (kim_preference_key in_key,
                                                   kim_boolean        in_boolean);
 
 #endif /* KIM_PREFERENCES_PRIVATE_H */
diff --git a/src/kim/lib/kim_selection_hints.c b/src/kim/lib/kim_selection_hints.c
index 3704d87e9..6aba4420d 100644
--- a/src/kim/lib/kim_selection_hints.c
+++ b/src/kim/lib/kim_selection_hints.c
@@ -6,7 +6,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -40,7 +40,7 @@ struct kim_selection_hints_opaque {
     kim_string server;
 };
 
-struct kim_selection_hints_opaque kim_selection_hints_initializer = { 
+struct kim_selection_hints_opaque kim_selection_hints_initializer = {
     NULL,
     kim_empty_string,
     KIM_OPTIONS_DEFAULT,
@@ -60,23 +60,23 @@ static inline kim_error kim_selection_hints_allocate (kim_selection_hints *out_s
 {
     kim_error err = kim_library_init ();
     kim_selection_hints selection_hints = NULL;
-    
+
     if (!err && !out_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         selection_hints = malloc (sizeof (*selection_hints));
         if (!selection_hints) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         *selection_hints = kim_selection_hints_initializer;
         *out_selection_hints = selection_hints;
         selection_hints = NULL;
     }
-    
+
     kim_selection_hints_free (&selection_hints);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -86,27 +86,27 @@ kim_error kim_selection_hints_create (kim_selection_hints *out_selection_hints,
 {
     kim_error err = KIM_NO_ERROR;
     kim_selection_hints selection_hints = NULL;
-    
+
     if (!err && !out_selection_hints      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_application_identifier) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_selection_hints_allocate (&selection_hints);
     }
-    
+
     if (!err) {
-        err = kim_string_copy (&selection_hints->application_identifier, 
+        err = kim_string_copy (&selection_hints->application_identifier,
                                in_application_identifier);
     }
-    
+
     if (!err) {
         *out_selection_hints = selection_hints;
         selection_hints = NULL;
     }
-    
+
     kim_selection_hints_free (&selection_hints);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -116,70 +116,70 @@ kim_error kim_selection_hints_copy (kim_selection_hints *out_selection_hints,
 {
     kim_error err = KIM_NO_ERROR;
     kim_selection_hints selection_hints = NULL;
-    
+
     if (!err && !out_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_selection_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_selection_hints_allocate (&selection_hints);
     }
-    
+
     if (!err) {
-        err = kim_string_copy (&selection_hints->application_identifier, 
+        err = kim_string_copy (&selection_hints->application_identifier,
                                in_selection_hints->application_identifier);
     }
-    
+
     if (!err && in_selection_hints->explanation) {
-        err = kim_string_copy (&selection_hints->explanation, 
+        err = kim_string_copy (&selection_hints->explanation,
                                in_selection_hints->explanation);
     }
-    
+
     if (!err && in_selection_hints->options) {
-        err = kim_options_copy (&selection_hints->options, 
+        err = kim_options_copy (&selection_hints->options,
                                 in_selection_hints->options);
     }
-    
+
     if (!err && in_selection_hints->service_identity) {
-        err = kim_string_copy (&selection_hints->service_identity, 
+        err = kim_string_copy (&selection_hints->service_identity,
                                in_selection_hints->service_identity);
     }
-    
+
     if (!err && in_selection_hints->client_realm) {
-        err = kim_string_copy (&selection_hints->client_realm, 
+        err = kim_string_copy (&selection_hints->client_realm,
                                in_selection_hints->client_realm);
     }
-    
+
     if (!err && in_selection_hints->user) {
-        err = kim_string_copy (&selection_hints->user, 
+        err = kim_string_copy (&selection_hints->user,
                                in_selection_hints->user);
     }
-    
+
     if (!err && in_selection_hints->service_realm) {
-        err = kim_string_copy (&selection_hints->service_realm, 
+        err = kim_string_copy (&selection_hints->service_realm,
                                in_selection_hints->service_realm);
     }
-    
+
     if (!err && in_selection_hints->service) {
-        err = kim_string_copy (&selection_hints->service, 
+        err = kim_string_copy (&selection_hints->service,
                                in_selection_hints->service);
     }
-    
+
     if (!err && in_selection_hints->server) {
-        err = kim_string_copy (&selection_hints->server, 
+        err = kim_string_copy (&selection_hints->server,
                                in_selection_hints->server);
     }
-    
+
     if (!err) {
         selection_hints->allow_user_interaction = in_selection_hints->allow_user_interaction;
         selection_hints->use_cached_results = in_selection_hints->use_cached_results;
-        
+
         *out_selection_hints = selection_hints;
         selection_hints = NULL;
     }
-    
+
     kim_selection_hints_free (&selection_hints);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -189,48 +189,48 @@ kim_error kim_selection_hints_set_hint (kim_selection_hints io_selection_hints,
                                         kim_string          in_hint_string)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_hint_key       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_hint_string    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         if (!strcmp (in_hint_key, kim_hint_key_client_realm)) {
             kim_string_free (&io_selection_hints->client_realm);
-            err = kim_string_copy (&io_selection_hints->client_realm, 
+            err = kim_string_copy (&io_selection_hints->client_realm,
                                    in_hint_string);
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_user)) {
             kim_string_free (&io_selection_hints->user);
-            err = kim_string_copy (&io_selection_hints->user, 
+            err = kim_string_copy (&io_selection_hints->user,
                                    in_hint_string);
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_service_realm)) {
             kim_string_free (&io_selection_hints->service_realm);
-            err = kim_string_copy (&io_selection_hints->service_realm, 
+            err = kim_string_copy (&io_selection_hints->service_realm,
                                    in_hint_string);
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_service)) {
             kim_string_free (&io_selection_hints->service);
-            err = kim_string_copy (&io_selection_hints->service, 
+            err = kim_string_copy (&io_selection_hints->service,
                                    in_hint_string);
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_server)) {
             kim_string_free (&io_selection_hints->server);
-            err = kim_string_copy (&io_selection_hints->server, 
+            err = kim_string_copy (&io_selection_hints->server,
                                    in_hint_string);
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_service_identity)) {
             kim_string_free (&io_selection_hints->service_identity);
-            err = kim_string_copy (&io_selection_hints->service_identity, 
+            err = kim_string_copy (&io_selection_hints->service_identity,
                                    in_hint_string);
-            
+
         } else {
             err = kim_error_set_message_for_code (KIM_UNSUPPORTED_HINT_ERR,
                                                   in_hint_key);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -242,36 +242,36 @@ kim_error kim_selection_hints_get_hint (kim_selection_hints  in_selection_hints,
 {
     kim_error err = KIM_NO_ERROR;
     kim_string hint = NULL;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_hint_key       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_hint_string   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         if (!strcmp (in_hint_key, kim_hint_key_client_realm)) {
             hint = in_selection_hints->client_realm;
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_user)) {
             hint = in_selection_hints->user;
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_service_realm)) {
             hint = in_selection_hints->service_realm;
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_service)) {
             hint = in_selection_hints->service;
-           
+
         } else if (!strcmp (in_hint_key, kim_hint_key_server)) {
             hint = in_selection_hints->server;
-            
+
         } else if (!strcmp (in_hint_key, kim_hint_key_service_identity)) {
             hint = in_selection_hints->service_identity;
-            
+
         } else {
             err = kim_error_set_message_for_code (KIM_UNSUPPORTED_HINT_ERR,
                                                   in_hint_key);
         }
     }
-    
+
     if (!err) {
         if (hint && hint != kim_empty_string) {
             err = kim_string_copy (out_hint_string, hint);
@@ -279,7 +279,7 @@ kim_error kim_selection_hints_get_hint (kim_selection_hints  in_selection_hints,
             *out_hint_string = NULL;
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -289,14 +289,14 @@ kim_error kim_selection_hints_set_explanation (kim_selection_hints io_selection_
                                                kim_string          in_explanation)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_explanation    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_string_copy (&io_selection_hints->explanation, in_explanation);
     }
-    
+
     return check_error (err);
 }
 
@@ -306,19 +306,19 @@ kim_error kim_selection_hints_get_explanation (kim_selection_hints  in_selection
                                                kim_string          *out_explanation)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_explanation   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        if (in_selection_hints->explanation && 
+        if (in_selection_hints->explanation &&
             in_selection_hints->explanation != kim_empty_string) {
             err = kim_string_copy (out_explanation, in_selection_hints->explanation);
         } else {
             *out_explanation = NULL;
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -328,19 +328,19 @@ kim_error kim_selection_hints_get_application_id (kim_selection_hints  in_select
                                                   kim_string          *out_application_id)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_application_id) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         if (in_selection_hints->application_identifier) {
-            err = kim_string_copy (out_application_id, 
+            err = kim_string_copy (out_application_id,
                                    in_selection_hints->application_identifier);
         } else {
             *out_application_id = NULL;
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -350,14 +350,14 @@ kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hint
                                            kim_options         in_options)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_options        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_options_copy (&io_selection_hints->options, in_options);
     }
-    
+
     return check_error (err);
 }
 
@@ -367,14 +367,14 @@ kim_error kim_selection_hints_get_options (kim_selection_hints  in_selection_hin
                                            kim_options         *out_options)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_options       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_options_copy (out_options, in_selection_hints->options);
     }
-    
+
     return check_error (err);
 }
 
@@ -384,13 +384,13 @@ kim_error kim_selection_hints_set_allow_user_interaction (kim_selection_hints io
                                                           kim_boolean         in_allow_user_interaction)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_selection_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_selection_hints->allow_user_interaction = in_allow_user_interaction;
     }
-    
+
     return check_error (err);
 }
 
@@ -400,14 +400,14 @@ kim_error kim_selection_hints_get_allow_user_interaction (kim_selection_hints  i
                                                           kim_boolean         *out_allow_user_interaction)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_allow_user_interaction) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_allow_user_interaction = in_selection_hints->allow_user_interaction;
     }
-    
+
     return check_error (err);
 }
 
@@ -417,13 +417,13 @@ kim_error kim_selection_hints_set_remember_identity (kim_selection_hints io_sele
                                                      kim_boolean         in_use_cached_results)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_selection_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_selection_hints->use_cached_results = in_use_cached_results;
     }
-    
+
     return check_error (err);
 }
 
@@ -433,14 +433,14 @@ kim_error kim_selection_hints_get_remember_identity (kim_selection_hints  in_sel
                                                      kim_boolean         *out_use_cached_results)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_use_cached_results) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         *out_use_cached_results = in_selection_hints->use_cached_results;
     }
-    
+
     return check_error (err);
 }
 
@@ -452,56 +452,56 @@ kim_error kim_selection_hints_get_identity (kim_selection_hints  in_selection_hi
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = NULL;
     kim_ccache ccache = NULL;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && in_selection_hints->use_cached_results) {
         err = kim_os_selection_hints_lookup_identity (in_selection_hints, &identity);
     }
-    
+
     if (!err && !identity && in_selection_hints->allow_user_interaction) {
         kim_ui_context context;
-        
+
         err = kim_ui_init (&context);
-        
+
         while (!err && !identity) {
             kim_boolean user_wants_change_password = 0;
 
-            err = kim_ui_select_identity (&context, 
-                                          in_selection_hints, 
+            err = kim_ui_select_identity (&context,
+                                          in_selection_hints,
                                           &identity,
                                           &user_wants_change_password);
-            
+
             if (!err && user_wants_change_password) {
-                err = kim_identity_change_password_common (identity, 0, 
-                                                           &context, 
+                err = kim_identity_change_password_common (identity, 0,
+                                                           &context,
                                                            NULL);
-                
+
                 /* reenter select_identity so just forget this identity
                  * even if we got an error */
-                if (err == KIM_USER_CANCELED_ERR || 
+                if (err == KIM_USER_CANCELED_ERR ||
                     err == KIM_DUPLICATE_UI_REQUEST_ERR) { err = KIM_NO_ERROR; }
                 kim_identity_free (&identity);
             }
-                
+
         }
-        
+
         if (context.initialized) {
             kim_error terr = KIM_NO_ERROR;
             terr = kim_ui_fini (&context);
             err = (terr != KIM_NO_ERROR) ? terr : err;
         }
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
     }
-    
+
     kim_identity_free (&identity);
     kim_ccache_free (&ccache);
-    
+
     return check_error (err);
 }
 
@@ -511,15 +511,15 @@ kim_error kim_selection_hints_remember_identity (kim_selection_hints in_selectio
                                                  kim_identity        in_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_os_selection_hints_remember_identity (in_selection_hints, 
+        err = kim_os_selection_hints_remember_identity (in_selection_hints,
                                                         in_identity);
     }
-    
+
     return check_error (err);
 }
 
@@ -528,13 +528,13 @@ kim_error kim_selection_hints_remember_identity (kim_selection_hints in_selectio
 kim_error kim_selection_hints_forget_identity (kim_selection_hints in_selection_hints)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_os_selection_hints_forget_identity (in_selection_hints);
     }
-    
+
     return check_error (err);
 }
 
@@ -544,10 +544,10 @@ kim_error kim_selection_hints_get_preference_strings (kim_selection_hints
                                                       kim_selection_hints_preference_strings *io_preference_strings)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_preference_strings) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         io_preference_strings->application_identifier = in_selection_hints->application_identifier;
         io_preference_strings->service_identity       = in_selection_hints->service_identity;
@@ -557,7 +557,7 @@ kim_error kim_selection_hints_get_preference_strings (kim_selection_hints
         io_preference_strings->service                = in_selection_hints->service;
         io_preference_strings->server                 = in_selection_hints->server;
     }
-    
+
     return check_error (err);
 }
 
@@ -588,56 +588,56 @@ kim_error kim_selection_hints_write_to_stream (kim_selection_hints in_selection_
                                                k5_ipc_stream       io_stream)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_stream         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
 
     if (!err) {
-        err = krb5int_ipc_stream_write_string (io_stream, 
+        err = krb5int_ipc_stream_write_string (io_stream,
 					       in_selection_hints->application_identifier);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (io_stream, 
+        err = krb5int_ipc_stream_write_string (io_stream,
 					       in_selection_hints->explanation);
     }
-    
+
     if (!err) {
-        err = kim_options_write_to_stream (in_selection_hints->options, 
+        err = kim_options_write_to_stream (in_selection_hints->options,
                                            io_stream);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (io_stream, 
+        err = krb5int_ipc_stream_write_string (io_stream,
 					       in_selection_hints->service_identity);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (io_stream, 
+        err = krb5int_ipc_stream_write_string (io_stream,
 					       in_selection_hints->client_realm);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (io_stream, 
+        err = krb5int_ipc_stream_write_string (io_stream,
 					       in_selection_hints->user);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (io_stream, 
+        err = krb5int_ipc_stream_write_string (io_stream,
 					       in_selection_hints->service_realm);
     }
-    
+
     if (!err) {
-       err = krb5int_ipc_stream_write_string (io_stream, 
+       err = krb5int_ipc_stream_write_string (io_stream,
 					      in_selection_hints->service);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (io_stream, 
+        err = krb5int_ipc_stream_write_string (io_stream,
 					       in_selection_hints->server);
     }
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -646,114 +646,114 @@ kim_error kim_selection_hints_read_from_stream (kim_selection_hints io_selection
                                                 k5_ipc_stream       io_stream)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_stream         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         char *application_identifier = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &application_identifier);
-        
+
         if (!err) {
-            err = kim_string_copy (&io_selection_hints->application_identifier, 
+            err = kim_string_copy (&io_selection_hints->application_identifier,
                                    application_identifier);
         }
-        
+
         krb5int_ipc_stream_free_string (application_identifier);
     }
-    
+
     if (!err) {
         char *explanation = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &explanation);
-        
+
         if (!err) {
-            err = kim_string_copy (&io_selection_hints->explanation, 
+            err = kim_string_copy (&io_selection_hints->explanation,
                                    explanation);
         }
-        
+
         krb5int_ipc_stream_free_string (explanation);
     }
-    
+
     if (!err) {
         if (io_selection_hints->options) {
-            err = kim_options_read_from_stream (io_selection_hints->options, 
+            err = kim_options_read_from_stream (io_selection_hints->options,
                                                 io_stream);
         } else {
-            err = kim_options_create_from_stream (&io_selection_hints->options, 
+            err = kim_options_create_from_stream (&io_selection_hints->options,
                                                   io_stream);
         }
     }
-    
+
     if (!err) {
         char *service_identity = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &service_identity);
-        
+
         if (!err) {
-            err = kim_string_copy (&io_selection_hints->service_identity, 
+            err = kim_string_copy (&io_selection_hints->service_identity,
                                    service_identity);
         }
-        
+
         krb5int_ipc_stream_free_string (service_identity);
     }
-    
+
     if (!err) {
         char *client_realm = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &client_realm);
-        
+
         if (!err) {
-            err = kim_string_copy (&io_selection_hints->client_realm, 
+            err = kim_string_copy (&io_selection_hints->client_realm,
                                    client_realm);
         }
-        
+
         krb5int_ipc_stream_free_string (client_realm);
     }
-    
+
     if (!err) {
         char *user = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &user);
-        
+
         if (!err) {
             err = kim_string_copy (&io_selection_hints->user, user);
         }
-        
+
         krb5int_ipc_stream_free_string (user);
     }
-    
+
     if (!err) {
         char *service_realm = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &service_realm);
-        
+
         if (!err) {
-            err = kim_string_copy (&io_selection_hints->service_realm, 
+            err = kim_string_copy (&io_selection_hints->service_realm,
                                    service_realm);
         }
-        
+
         krb5int_ipc_stream_free_string (service_realm);
     }
-    
+
     if (!err) {
         char *service = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &service);
-        
+
         if (!err) {
             err = kim_string_copy (&io_selection_hints->service, service);
         }
-        
+
         krb5int_ipc_stream_free_string (service);
     }
-    
+
     if (!err) {
         char *server = NULL;
         err = krb5int_ipc_stream_read_string (io_stream, &server);
-        
+
         if (!err) {
             err = kim_string_copy (&io_selection_hints->server, server);
         }
-        
+
         krb5int_ipc_stream_free_string (server);
     }
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -763,25 +763,24 @@ kim_error kim_selection_hints_create_from_stream (kim_selection_hints *out_selec
 {
     kim_error err = KIM_NO_ERROR;
     kim_selection_hints selection_hints = NULL;
-    
+
     if (!err && !out_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_stream          ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_selection_hints_allocate (&selection_hints);
     }
-    
+
     if (!err) {
         err = kim_selection_hints_read_from_stream (selection_hints, io_stream);
     }
-    
+
     if (!err) {
         *out_selection_hints = selection_hints;
         selection_hints = NULL;
     }
-    
+
     kim_selection_hints_free (&selection_hints);
-    
-    return check_error (err);    
-}
 
+    return check_error (err);
+}
diff --git a/src/kim/lib/kim_string.c b/src/kim/lib/kim_string.c
index 8b9af7010..6cf18c46e 100644
--- a/src/kim/lib/kim_string.c
+++ b/src/kim/lib/kim_string.c
@@ -30,87 +30,87 @@ const char kim_empty_string[1] = "";
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_string_create_from_format (kim_string *out_string, 
+kim_error kim_string_create_from_format (kim_string *out_string,
                                          kim_string  in_format,
                                          ...)
 {
     kim_error err = kim_library_init ();
     va_list args;
-    
+
     va_start (args, in_format);
     err = kim_string_create_from_format_va (out_string, in_format, args);
     va_end (args);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_string_create_from_format_va_retcode (kim_string *out_string, 
+kim_error kim_string_create_from_format_va_retcode (kim_string *out_string,
                                                     kim_string  in_format,
                                                     va_list     in_args)
 {
     kim_error err = kim_library_init ();
-    
+
     int count = vasprintf ((char **) out_string, in_format, in_args);
     if (count < 0) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
-    
+
     return err;
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_string_create_from_format_va (kim_string *out_string, 
+kim_error kim_string_create_from_format_va (kim_string *out_string,
                                             kim_string  in_format,
                                             va_list     in_args)
 {
     kim_error err = kim_library_init ();
     kim_string string = NULL;
-    
+
     if (!err && !out_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_format ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_string_create_from_format_va_retcode (&string, 
-                                                        in_format, 
+        err = kim_string_create_from_format_va_retcode (&string,
+                                                        in_format,
                                                         in_args);
     }
-    
+
     if (!err) {
         *out_string = string;
         string = NULL;
     }
-    
+
     if (string) { kim_string_free (&string); }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_string_create_from_buffer (kim_string *out_string, 
-                                         const char *in_buffer, 
+kim_error kim_string_create_from_buffer (kim_string *out_string,
+                                         const char *in_buffer,
                                          kim_count   in_length)
 {
     kim_error err = kim_library_init ();
     kim_string string = NULL;
-    
+
     if (!err && !out_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_buffer ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         string = calloc (in_length + 1, sizeof (char *));
         if (!string) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
     }
-    
+
     if (!err) {
         memcpy ((char *) string, in_buffer, in_length * sizeof (char));
         *out_string = string;
         string = NULL;
     }
-    
+
     kim_string_free (&string);
-    
+
     return check_error (err);
 }
 
@@ -128,20 +128,20 @@ kim_error kim_string_create_for_last_error (kim_string *out_string,
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_string_copy (kim_string *out_string, 
+kim_error kim_string_copy (kim_string *out_string,
                            kim_string  in_string)
 {
     kim_error err = kim_library_init ();
     kim_string string = NULL;
-    
+
     if (!err && !out_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_string ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         if (in_string[0]) {
             string = calloc (strlen (in_string) + 1, sizeof (char *));
             if (!string) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
-            
+
             if (!err) {
                 strncpy ((char *) string, in_string, strlen (in_string) + 1);
             }
@@ -149,25 +149,25 @@ kim_error kim_string_copy (kim_string *out_string,
             string = kim_empty_string;
         }
     }
-    
+
     if (!err) {
         *out_string = string;
         string = NULL;
     }
-    
+
     kim_string_free (&string);
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_string_compare (kim_string      in_string, 
+kim_error kim_string_compare (kim_string      in_string,
                               kim_string      in_compare_to_string,
                               kim_comparison *out_comparison)
 {
-    return kim_os_string_compare (in_string, 
-                                  in_compare_to_string, 
+    return kim_os_string_compare (in_string,
+                                  in_compare_to_string,
                                   0, /* case sensitive */
                                   out_comparison);
 }
@@ -176,7 +176,7 @@ kim_error kim_string_compare (kim_string      in_string,
 
 void kim_string_free (kim_string *io_string)
 {
-    if (io_string && *io_string && *io_string != kim_empty_string) { 
+    if (io_string && *io_string && *io_string != kim_empty_string) {
         free ((char *) *io_string);
         *io_string = NULL;
     }
diff --git a/src/kim/lib/kim_string_private.h b/src/kim/lib/kim_string_private.h
index 6f4e0ad36..f6dba7975 100644
--- a/src/kim/lib/kim_string_private.h
+++ b/src/kim/lib/kim_string_private.h
@@ -40,20 +40,20 @@ static inline kim_count kim_string_buflen (kim_string in_string)
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_string_create_from_format (kim_string *out_string, 
+kim_error kim_string_create_from_format (kim_string *out_string,
                                          kim_string  in_format,
                                          ...);
 
-kim_error kim_string_create_from_format_va_retcode (kim_string *out_string, 
+kim_error kim_string_create_from_format_va_retcode (kim_string *out_string,
                                                     kim_string  in_format,
                                                     va_list     in_args);
 
-kim_error kim_string_create_from_format_va (kim_string *out_string, 
+kim_error kim_string_create_from_format_va (kim_string *out_string,
                                             kim_string  in_format,
                                             va_list     in_args);
 
-kim_error kim_string_create_from_buffer (kim_string *out_string, 
-                                         const char *in_buffer, 
+kim_error kim_string_create_from_buffer (kim_string *out_string,
+                                         const char *in_buffer,
                                          kim_count   in_length);
 
 /* OS-specific because it should use UTF8-safe sorting where possible */
diff --git a/src/kim/lib/kim_ui.c b/src/kim/lib/kim_ui.c
index 0bac3d819..b0e93f094 100644
--- a/src/kim/lib/kim_ui.c
+++ b/src/kim/lib/kim_ui.c
@@ -33,7 +33,7 @@ static kim_prompt_type kim_ui_ptype2ktype (krb5_prompt_type type)
 {
     if (type == KRB5_PROMPT_TYPE_PASSWORD) {
         return kim_prompt_type_password;
-        
+
     } else if (type == KRB5_PROMPT_TYPE_PREAUTH) {
         return kim_prompt_type_preauth;
     }
@@ -47,42 +47,42 @@ static kim_prompt_type kim_ui_ptype2ktype (krb5_prompt_type type)
 static kim_error kim_ui_init_lazy (kim_ui_context *io_context)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && !io_context->initialized) {
 #ifdef KIM_BUILTIN_UI
         kim_ui_environment environment = kim_library_ui_environment ();
-        
+
         if (environment == KIM_UI_ENVIRONMENT_GUI) {
 #endif /* KIM_BUILTIN_UI */
             io_context->type = kim_ui_type_gui_plugin;
-            
+
             err = kim_ui_plugin_init (io_context);
-#ifdef KIM_BUILTIN_UI        
-            if (err) { 
+#ifdef KIM_BUILTIN_UI
+            if (err) {
                 io_context->type = kim_ui_type_gui_builtin;
-                
+
                 err = kim_os_ui_gui_init (io_context);
             }
-            
+
         } else if (environment == KIM_UI_ENVIRONMENT_CLI) {
             io_context->type = kim_ui_type_cli;
-            
-            err = kim_ui_cli_init (io_context);  
-            
+
+            err = kim_ui_cli_init (io_context);
+
         } else {
             io_context->type = kim_ui_type_none;
-            
+
             err = check_error (KIM_NO_UI_ERR);
         }
 #endif /* KIM_BUILTIN_UI */
 
         if (!err) {
             io_context->initialized = 1;
-        }        
+        }
     }
-    
+
     return check_error (err);
 }
 
@@ -93,9 +93,9 @@ static kim_error kim_ui_init_lazy (kim_ui_context *io_context)
 kim_error kim_ui_init (kim_ui_context *io_context)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         /* Lazy initialization so we only actually initialize if a prompt
          * gets called.  This is important because krb5_get_init_creds_*
@@ -105,7 +105,7 @@ kim_error kim_ui_init (kim_ui_context *io_context)
         io_context->prompt_count = 0;
         io_context->password_to_save = NULL;
     }
-    
+
     return check_error (err);
 }
 
@@ -117,42 +117,42 @@ kim_error kim_ui_enter_identity (kim_ui_context      *in_context,
                                  kim_boolean         *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ui_init_lazy (in_context);
     }
-    
+
     if (!err) {
         if (in_context->type == kim_ui_type_gui_plugin) {
-            err = kim_ui_plugin_enter_identity (in_context, 
+            err = kim_ui_plugin_enter_identity (in_context,
                                                 io_options,
                                                 out_identity,
                                                 out_change_password);
-            
+
 #ifdef KIM_BUILTIN_UI
         } else if (in_context->type == kim_ui_type_gui_builtin) {
-            err = kim_os_ui_gui_enter_identity (in_context, 
+            err = kim_os_ui_gui_enter_identity (in_context,
                                                 io_options,
                                                 out_identity,
                                                 out_change_password);
-            
+
         } else if (in_context->type == kim_ui_type_cli) {
-            err = kim_ui_cli_enter_identity (in_context, 
+            err = kim_ui_cli_enter_identity (in_context,
                                              io_options,
                                              out_identity,
                                              out_change_password);
-            
+
 #endif /* KIM_BUILTIN_UI */
-            
+
         } else {
             err = check_error (KIM_NO_UI_ERR);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -164,43 +164,43 @@ kim_error kim_ui_select_identity (kim_ui_context      *in_context,
                                   kim_boolean         *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_hints           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ui_init_lazy (in_context);
     }
-    
+
     if (!err) {
         if (in_context->type == kim_ui_type_gui_plugin) {
-            err = kim_ui_plugin_select_identity (in_context, 
+            err = kim_ui_plugin_select_identity (in_context,
                                                  io_hints,
                                                  out_identity,
                                                  out_change_password);
-            
+
 #ifdef KIM_BUILTIN_UI
         } else if (in_context->type == kim_ui_type_gui_builtin) {
-            err = kim_os_ui_gui_select_identity (in_context, 
+            err = kim_os_ui_gui_select_identity (in_context,
                                                  io_hints,
                                                  out_identity,
                                                  out_change_password);
-            
+
         } else if (in_context->type == kim_ui_type_cli) {
-            err = kim_ui_cli_select_identity (in_context, 
+            err = kim_ui_cli_select_identity (in_context,
                                               io_hints,
                                               out_identity,
                                               out_change_password);
-            
+
 #endif /* KIM_BUILTIN_UI */
-            
+
         } else {
             err = check_error (KIM_NO_UI_ERR);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -218,42 +218,42 @@ krb5_error_code kim_ui_prompter (krb5_context  in_krb5_context,
     krb5_prompt_type *types = NULL;
     kim_ui_context *context = (kim_ui_context *) in_context;
     int i;
-    
+
     if (!err && !in_krb5_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_context     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_prompts     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         types = krb5_get_prompt_types (in_krb5_context);
         if (!types) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     }
-    
+
     for (i = 0; !err && i < in_num_prompts; i++) {
         char *reply = NULL;
         kim_prompt_type type = kim_ui_ptype2ktype (types[i]);
         kim_boolean got_saved_password = 0;
-                
+
         if (type == kim_prompt_type_password) {
             /* Check for saved password on OSes that support it */
             kim_error terr = KIM_NO_ERROR;
-            
-            terr = kim_os_identity_get_saved_password (context->identity, 
+
+            terr = kim_os_identity_get_saved_password (context->identity,
                                                        (kim_string *) &reply);
             if (!terr && reply) { got_saved_password = 1; }
         }
-        
+
         if (!got_saved_password) {
             kim_boolean save_reply = FALSE;
             kim_boolean allow_save_password = kim_os_identity_allow_save_password ();
-            
+
             context->prompt_count++;
 
             err = kim_ui_init_lazy (in_context);
 
             if (!err) {
                 if (context->type == kim_ui_type_gui_plugin) {
-                    err = kim_ui_plugin_auth_prompt (context, 
-                                                     context->identity, 
+                    err = kim_ui_plugin_auth_prompt (context,
+                                                     context->identity,
                                                      type,
                                                      allow_save_password,
                                                      in_prompts[i].hidden,
@@ -262,11 +262,11 @@ krb5_error_code kim_ui_prompter (krb5_context  in_krb5_context,
                                                      in_prompts[i].prompt,
                                                      &reply,
                                                      &save_reply);
-                    
+
 #ifdef KIM_BUILTIN_UI
                 } else if (context->type == kim_ui_type_gui_builtin) {
-                    err = kim_os_ui_gui_auth_prompt (context, 
-                                                     context->identity, 
+                    err = kim_os_ui_gui_auth_prompt (context,
+                                                     context->identity,
                                                      type,
                                                      allow_save_password,
                                                      in_prompts[i].hidden,
@@ -275,10 +275,10 @@ krb5_error_code kim_ui_prompter (krb5_context  in_krb5_context,
                                                      in_prompts[i].prompt,
                                                      &reply,
                                                      &save_reply);
-                    
+
                 } else if (context->type == kim_ui_type_cli) {
-                    err = kim_ui_cli_auth_prompt (context, 
-                                                  context->identity, 
+                    err = kim_ui_cli_auth_prompt (context,
+                                                  context->identity,
                                                   type,
                                                   allow_save_password,
                                                   in_prompts[i].hidden,
@@ -288,12 +288,12 @@ krb5_error_code kim_ui_prompter (krb5_context  in_krb5_context,
                                                   &reply,
                                                   &save_reply);
 #endif /* KIM_BUILTIN_UI */
-                    
+
                 } else {
                     err = check_error (KIM_NO_UI_ERR);
                 }
             }
-            
+
             if (!err && type == kim_prompt_type_password) {
                 kim_string_free (&context->password_to_save);
 
@@ -302,21 +302,21 @@ krb5_error_code kim_ui_prompter (krb5_context  in_krb5_context,
                 }
             }
         }
-        
+
         if (!err) {
             uint32_t reply_len = strlen (reply);
-            
+
             if ((reply_len + 1) > in_prompts[i].reply->length) {
                 kim_debug_printf ("%s(): reply %d is too long (is %d, should be %d)\n",
-                                  __FUNCTION__, i, 
+                                  __FUNCTION__, i,
                                   reply_len, in_prompts[i].reply->length);
                 reply_len = in_prompts[i].reply->length;
             }
-            
+
             memmove (in_prompts[i].reply->data, reply, reply_len + 1);
             in_prompts[i].reply->length = reply_len;
         }
-        
+
         /* Clean up reply buffer.  Saved passwords are allocated by KIM. */
         if (reply) {
            if (got_saved_password) {
@@ -327,7 +327,7 @@ krb5_error_code kim_ui_prompter (krb5_context  in_krb5_context,
             }
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -341,49 +341,49 @@ kim_error kim_ui_change_password (kim_ui_context  *in_context,
                                   char           **out_verify_password)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_old_password   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_new_password   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_verify_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ui_init_lazy (in_context);
     }
 
     if (!err) {
         if (in_context->type == kim_ui_type_gui_plugin) {
-            err = kim_ui_plugin_change_password (in_context, 
-                                                 in_identity, 
+            err = kim_ui_plugin_change_password (in_context,
+                                                 in_identity,
                                                  in_old_password_expired,
                                                  out_old_password,
                                                  out_new_password,
                                                  out_verify_password);
-            
+
 #ifdef KIM_BUILTIN_UI
         } else if (in_context->type == kim_ui_type_gui_builtin) {
-            err = kim_os_ui_gui_change_password (in_context, 
-                                                 in_identity, 
+            err = kim_os_ui_gui_change_password (in_context,
+                                                 in_identity,
                                                  in_old_password_expired,
                                                  out_old_password,
                                                  out_new_password,
                                                  out_verify_password);
-            
+
         } else if (in_context->type == kim_ui_type_cli) {
             err = kim_ui_cli_change_password (in_context,
-                                              in_identity, 
+                                              in_identity,
                                               in_old_password_expired,
                                               out_old_password,
                                               out_new_password,
                                               out_verify_password);
 #endif /* KIM_BUILTIN_UI */
-            
+
         } else {
             err = check_error (KIM_NO_UI_ERR);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -396,44 +396,44 @@ kim_error kim_ui_handle_error (kim_ui_context *in_context,
                                kim_string      in_error_description)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context          ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_error_message    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_error_description) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ui_init_lazy (in_context);
     }
-    
+
     if (!err) {
         if (in_context->type == kim_ui_type_gui_plugin) {
-            err = kim_ui_plugin_handle_error (in_context, 
-                                              in_identity, 
+            err = kim_ui_plugin_handle_error (in_context,
+                                              in_identity,
                                               in_error,
                                               in_error_message,
                                               in_error_description);
-            
+
 #ifdef KIM_BUILTIN_UI
         } else if (in_context->type == kim_ui_type_gui_builtin) {
-            err = kim_os_ui_gui_handle_error (in_context, 
-                                              in_identity, 
+            err = kim_os_ui_gui_handle_error (in_context,
+                                              in_identity,
                                               in_error,
                                               in_error_message,
                                               in_error_description);
-            
+
         } else if (in_context->type == kim_ui_type_cli) {
-            err = kim_ui_cli_handle_error (in_context, 
-                                           in_identity, 
+            err = kim_ui_cli_handle_error (in_context,
+                                           in_identity,
                                            in_error,
                                            in_error_message,
                                            in_error_description);
-#endif /* KIM_BUILTIN_UI */  
-            
+#endif /* KIM_BUILTIN_UI */
+
         } else {
             err = check_error (KIM_NO_UI_ERR);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -443,24 +443,24 @@ void kim_ui_free_string (kim_ui_context  *in_context,
                          char           **io_string)
 {
     kim_error err = kim_ui_init_lazy (in_context);
-    
+
     if (!err && in_context && io_string && *io_string) {
         /* most ui strings are auth information so zero before freeing */
         memset (*io_string, '\0', strlen (*io_string));
-        
+
         if (in_context->type == kim_ui_type_gui_plugin) {
-            kim_ui_plugin_free_string (in_context, 
+            kim_ui_plugin_free_string (in_context,
                                        io_string);
-            
+
 #ifdef KIM_BUILTIN_UI
         } else if (in_context->type == kim_ui_type_gui_builtin) {
-            kim_os_ui_gui_free_string (in_context, 
+            kim_os_ui_gui_free_string (in_context,
                                        io_string);
-            
+
         } else if (in_context->type == kim_ui_type_cli) {
-            kim_ui_cli_free_string (in_context, 
+            kim_ui_cli_free_string (in_context,
                                     io_string);
-#endif /* KIM_BUILTIN_UI */    
+#endif /* KIM_BUILTIN_UI */
         }
     }
 }
@@ -470,28 +470,28 @@ void kim_ui_free_string (kim_ui_context  *in_context,
 kim_error kim_ui_fini (kim_ui_context *io_context)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && io_context->initialized) {
         if (io_context->type == kim_ui_type_gui_plugin) {
             err = kim_ui_plugin_fini (io_context);
-            
+
 #ifdef KIM_BUILTIN_UI
         } else if (io_context->type == kim_ui_type_gui_builtin) {
             err = kim_os_ui_gui_fini (io_context);
-            
+
         } else if (io_context->type == kim_ui_type_cli) {
             err = kim_ui_cli_fini (io_context);
 #endif /* KIM_BUILTIN_UI */
-            
+
         } else {
             err = check_error (KIM_NO_UI_ERR);
         }
-        
+
          kim_string_free (&io_context->password_to_save);
     }
-    
+
     return check_error (err);
 }
 
@@ -508,43 +508,43 @@ kim_error kim_ui_handle_kim_error (kim_ui_context         *in_context,
     kim_error err = KIM_NO_ERROR;
     kim_string message = NULL;
     kim_string description = NULL;
-    
+
     if (!err) {
         /* Do this first so last error doesn't get overwritten */
         err = kim_string_create_for_last_error (&description, in_error);
     }
-    
+
     if (!err && !in_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_string key = NULL;
-        
+
         switch (in_type) {
             case kim_ui_error_type_authentication:
                 key = "Kerberos Login Failed:";
                 break;
-                
+
             case kim_ui_error_type_change_password:
                 key = "Kerberos Change Password Failed:";
                 break;
-                
+
             case kim_ui_error_type_selection:
             case kim_ui_error_type_generic:
             default:
                 key = "Kerberos Operation Failed:";
                 break;
         }
-        
+
         err = kim_os_string_create_localized (&message, key);
     }
-    
+
     if (!err) {
         err = kim_ui_handle_error (in_context, in_identity,
-                                   in_error, message, description);        
+                                   in_error, message, description);
     }
-    
+
     kim_string_free (&description);
     kim_string_free (&message);
-    
+
     return check_error (err);
 }
diff --git a/src/kim/lib/kim_ui_cli.c b/src/kim/lib/kim_ui_cli.c
index 0bb5eebbb..0b258c3b5 100644
--- a/src/kim/lib/kim_ui_cli.c
+++ b/src/kim/lib/kim_ui_cli.c
@@ -30,8 +30,8 @@
 
 // ---------------------------------------------------------------------------
 
-static kim_error kim_ui_cli_read_string (kim_string   *out_string, 
-                                         kim_boolean   in_hide_reply, 
+static kim_error kim_ui_cli_read_string (kim_string   *out_string,
+                                         kim_boolean   in_hide_reply,
                                          const char   *in_format, ...)
 {
     kim_error err = KIM_NO_ERROR;
@@ -40,30 +40,30 @@ static kim_error kim_ui_cli_read_string (kim_string   *out_string,
     char prompt_string [BUFSIZ];
     krb5_data reply_data;
     char reply_string [BUFSIZ];
-    
+
     if (!err && !out_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_format ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = krb5_init_context (&k5context);
     }
-    
+
     if (!err) {
         unsigned int count;
         va_list args;
-        
+
         va_start (args, in_format);
-        count = vsnprintf (prompt_string, sizeof (prompt_string), 
+        count = vsnprintf (prompt_string, sizeof (prompt_string),
                                   in_format, args);
         va_end (args);
-        
+
         if (count > sizeof (prompt_string)) {
-            kim_debug_printf ("%s(): WARNING! Prompt should be %d characters\n", 
+            kim_debug_printf ("%s(): WARNING! Prompt should be %d characters\n",
                               __FUNCTION__, count);
             prompt_string [sizeof (prompt_string) - 1] = '\0';
         }
     }
-    
+
     if (!err) {
         /* Build the prompt structures */
         prompts[0].prompt        = prompt_string;
@@ -71,21 +71,21 @@ static kim_error kim_ui_cli_read_string (kim_string   *out_string,
         prompts[0].reply         = &reply_data;
         prompts[0].reply->data   = reply_string;
         prompts[0].reply->length = sizeof (reply_string);
-        
+
         err = krb5_prompter_posix (k5context, NULL, NULL, NULL, 1, prompts);
-        if (err == KRB5_LIBOS_PWDINTR || err == KRB5_LIBOS_CANTREADPWD) { 
-            err = check_error (KIM_USER_CANCELED_ERR); 
+        if (err == KRB5_LIBOS_PWDINTR || err == KRB5_LIBOS_CANTREADPWD) {
+            err = check_error (KIM_USER_CANCELED_ERR);
         }
     }
-    
+
     if (!err) {
-        err = kim_string_create_from_buffer (out_string, 
-                                             prompts[0].reply->data, 
+        err = kim_string_create_from_buffer (out_string,
+                                             prompts[0].reply->data,
                                              prompts[0].reply->length);
     }
-    
+
     if (k5context) { krb5_free_context (k5context); }
-    
+
     return check_error (err);
 }
 
@@ -96,7 +96,7 @@ kim_error kim_ui_cli_init (kim_ui_context *io_context)
     if (io_context) {
         io_context->tcontext = NULL;
     }
-    
+
     return KIM_NO_ERROR;
 }
 
@@ -110,32 +110,32 @@ kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context,
     kim_error err = KIM_NO_ERROR;
     kim_string enter_identity_string = NULL;
     kim_string identity_string = NULL;
-    
+
     if (!err && !io_options         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_os_string_create_localized (&enter_identity_string, 
+        err = kim_os_string_create_localized (&enter_identity_string,
                                               "Please enter your Kerberos identity");
     }
-    
+
     if (!err) {
-        err = kim_ui_cli_read_string (&identity_string, 
+        err = kim_ui_cli_read_string (&identity_string,
                                       0, enter_identity_string);
     }
-    
+
     if (!err) {
         err = kim_identity_create_from_string (out_identity, identity_string);
     }
-    
+
     if (!err) {
         *out_change_password = 0;
     }
-    
+
     kim_string_free (&identity_string);
     kim_string_free (&enter_identity_string);
-    
+
     return check_error (err);
 }
 
@@ -148,27 +148,27 @@ kim_error kim_ui_cli_select_identity (kim_ui_context      *in_context,
 {
     kim_error err = KIM_NO_ERROR;
     kim_options options = NULL;
-    
+
     if (!err && !io_hints           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_selection_hints_get_options (io_hints, &options);
     }
-    
+
     if (!err) {
-        err = kim_ui_cli_enter_identity (in_context, options, 
+        err = kim_ui_cli_enter_identity (in_context, options,
                                          out_identity,
                                          out_change_password);
     }
-    
+
     if (!err) {
         err = kim_selection_hints_set_options (io_hints, options);
     }
-    
+
     kim_options_free (&options);
-    
+
     return check_error (err);
 }
 
@@ -177,8 +177,8 @@ kim_error kim_ui_cli_select_identity (kim_ui_context      *in_context,
 kim_error kim_ui_cli_auth_prompt (kim_ui_context      *in_context,
                                   kim_identity         in_identity,
                                   kim_prompt_type      in_type,
-                                  kim_boolean          in_allow_save_reply, 
-                                  kim_boolean          in_hide_reply, 
+                                  kim_boolean          in_allow_save_reply,
+                                  kim_boolean          in_hide_reply,
                                   kim_string           in_title,
                                   kim_string           in_message,
                                   kim_string           in_description,
@@ -186,33 +186,33 @@ kim_error kim_ui_cli_auth_prompt (kim_ui_context      *in_context,
                                   kim_boolean         *out_save_reply)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_reply  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* in_title, in_message or in_description may be NULL */
-    
+
     if (!err) {
         if (in_type == kim_prompt_type_password) {
             kim_string enter_password_format = NULL;
             kim_string identity_string = NULL;
-            
-            err = kim_os_string_create_localized (&enter_password_format, 
+
+            err = kim_os_string_create_localized (&enter_password_format,
                                                   "Please enter the password for %s");
-            
+
             if (!err) {
-                err = kim_identity_get_display_string (in_identity, 
+                err = kim_identity_get_display_string (in_identity,
                                                        &identity_string);
             }
-            
+
             if (!err) {
-                err = kim_ui_cli_read_string ((kim_string *) out_reply, 
-                                              1, enter_password_format, 
+                err = kim_ui_cli_read_string ((kim_string *) out_reply,
+                                              1, enter_password_format,
                                               identity_string);
-            }    
-            
+            }
+
             kim_string_free (&identity_string);
             kim_string_free (&enter_password_format);
-            
+
         } else {
             krb5_context k5context = NULL;
             krb5_prompt prompts[1];
@@ -228,28 +228,28 @@ kim_error kim_ui_cli_auth_prompt (kim_ui_context      *in_context,
             err = krb5_init_context (&k5context);
 
             if (!err) {
-                err = krb5_prompter_posix (k5context, in_context, in_title, 
+                err = krb5_prompter_posix (k5context, in_context, in_title,
                                            in_message, 1, prompts);
-                if (err == KRB5_LIBOS_PWDINTR || err == KRB5_LIBOS_CANTREADPWD) { 
-                    err = check_error (KIM_USER_CANCELED_ERR); 
+                if (err == KRB5_LIBOS_PWDINTR || err == KRB5_LIBOS_CANTREADPWD) {
+                    err = check_error (KIM_USER_CANCELED_ERR);
                 }
             }
-            
+
             if (!err) {
-                err = kim_string_create_from_buffer ((kim_string *) out_reply, 
-                                                     prompts[0].reply->data, 
+                err = kim_string_create_from_buffer ((kim_string *) out_reply,
+                                                     prompts[0].reply->data,
                                                      prompts[0].reply->length);
                 if (!err) {
                     /* always allow password saving */
-                    *out_save_reply = (in_allow_save_reply && 
+                    *out_save_reply = (in_allow_save_reply &&
                                        in_type == kim_prompt_type_password);
                 }
             }
-            
+
             if (k5context) { krb5_free_context (k5context); }
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -264,58 +264,58 @@ static kim_error kim_ui_cli_ask_change_password (kim_string in_identity_string)
     kim_string unknown_response = NULL;
     kim_boolean done = 0;
     kim_comparison no_comparison, yes_comparison;
-    
+
     if (!err) {
-        err = kim_os_string_create_localized (&ask_change_password, 
-                                              "Your password has expired, would you like to change it? (yes/no)");        
+        err = kim_os_string_create_localized (&ask_change_password,
+                                              "Your password has expired, would you like to change it? (yes/no)");
     }
-    
+
     if (!err) {
-        err = kim_os_string_create_localized (&yes, "yes");        
+        err = kim_os_string_create_localized (&yes, "yes");
     }
-    
+
     if (!err) {
-        err = kim_os_string_create_localized (&no, "no");        
+        err = kim_os_string_create_localized (&no, "no");
     }
-    
+
     if (!err) {
-        err = kim_os_string_create_localized (&unknown_response, 
-                                              "%s is not a response I understand.  Please try again.");        
+        err = kim_os_string_create_localized (&unknown_response,
+                                              "%s is not a response I understand.  Please try again.");
     }
-    
+
     while (!err && !done) {
         kim_string answer = NULL;
-        
+
         err = kim_ui_cli_read_string (&answer, 0, ask_change_password);
-    
+
         if (!err) {
-            err = kim_os_string_compare (answer, no, 
-                                         1 /* case insensitive */, 
+            err = kim_os_string_compare (answer, no,
+                                         1 /* case insensitive */,
                                          &no_comparison);
         }
-        
+
         if (!err && kim_comparison_is_equal_to (no_comparison)) {
             err = check_error (KIM_USER_CANCELED_ERR);
         }
 
         if (!err) {
-            err = kim_os_string_compare (answer, yes, 
-                                         1 /* case insensitive */, 
+            err = kim_os_string_compare (answer, yes,
+                                         1 /* case insensitive */,
                                          &yes_comparison);
         }
-        
+
         if (!err) {
             if (kim_comparison_is_equal_to (yes_comparison)) {
                 done = 1;
             } else {
                 fprintf (stdout, unknown_response, answer);
-                fprintf (stdout, "\n");                
+                fprintf (stdout, "\n");
             }
         }
-        
+
         kim_string_free (&answer);
     }
-    
+
     kim_string_free (&ask_change_password);
     kim_string_free (&yes);
     kim_string_free (&no);
@@ -342,7 +342,7 @@ kim_error kim_ui_cli_change_password (kim_ui_context  *in_context,
     kim_string new_password = NULL;
     kim_string verify_password = NULL;
     kim_boolean done = 0;
-    
+
     if (!err && !in_identity        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_old_password   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_new_password   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
@@ -355,36 +355,36 @@ kim_error kim_ui_cli_change_password (kim_ui_context  *in_context,
     if (!err && in_old_password_expired) {
         err = kim_ui_cli_ask_change_password (identity_string);
     }
-    
+
     if (!err) {
-        err = kim_os_string_create_localized (&enter_old_password_format, 
+        err = kim_os_string_create_localized (&enter_old_password_format,
                                               "Please enter the old password for %s");
     }
-    
+
     if (!err) {
-        err = kim_os_string_create_localized (&enter_new_password_format, 
+        err = kim_os_string_create_localized (&enter_new_password_format,
                                               "Please enter the new password for %s");
     }
-    
+
     if (!err) {
-        err = kim_os_string_create_localized (&enter_verify_password_format, 
+        err = kim_os_string_create_localized (&enter_verify_password_format,
                                               "Verifying, please re-enter the new password for %s again");
     }
-    
+
     while (!err && !done) {
         kim_boolean was_prompted = 0;  /* ignore because we always prompt */
-        
+
         kim_string_free (&old_password);
 
-        err = kim_ui_cli_read_string (&old_password, 
-                                      1, enter_old_password_format, 
+        err = kim_ui_cli_read_string (&old_password,
+                                      1, enter_old_password_format,
                                       identity_string);
-        
+
         if (!err && strlen (old_password) < 1) {
             /* Empty password: Synthesize bad password err */
-            err = KRB5KRB_AP_ERR_BAD_INTEGRITY; 
+            err = KRB5KRB_AP_ERR_BAD_INTEGRITY;
         }
-        
+
         if (!err) {
             err = kim_credential_create_for_change_password ((kim_credential *) &in_context->tcontext,
                                                              in_identity,
@@ -392,10 +392,10 @@ kim_error kim_ui_cli_change_password (kim_ui_context  *in_context,
                                                              in_context,
                                                              &was_prompted);
         }
-        
+
         if (err && err != KIM_USER_CANCELED_ERR) {
             /*  new creds failed, report error to user */
-            err = kim_ui_handle_kim_error (in_context, in_identity, 
+            err = kim_ui_handle_kim_error (in_context, in_identity,
                                            kim_ui_error_type_change_password,
                                            err);
 
@@ -403,19 +403,19 @@ kim_error kim_ui_cli_change_password (kim_ui_context  *in_context,
             done = 1;
        }
     }
-    
+
     if (!err) {
-        err = kim_ui_cli_read_string (&new_password, 
-                                      1, enter_new_password_format, 
+        err = kim_ui_cli_read_string (&new_password,
+                                      1, enter_new_password_format,
                                       identity_string);
-    }    
-    
+    }
+
     if (!err) {
-        err = kim_ui_cli_read_string (&verify_password, 
-                                      1, enter_verify_password_format, 
+        err = kim_ui_cli_read_string (&verify_password,
+                                      1, enter_verify_password_format,
                                       identity_string);
-    }    
-    
+    }
+
     if (!err) {
         *out_old_password = (char *) old_password;
         old_password = NULL;
@@ -424,7 +424,7 @@ kim_error kim_ui_cli_change_password (kim_ui_context  *in_context,
         *out_verify_password = (char *) verify_password;
         verify_password = NULL;
     }
-    
+
     kim_string_free (&old_password);
     kim_string_free (&new_password);
     kim_string_free (&verify_password);
@@ -432,7 +432,7 @@ kim_error kim_ui_cli_change_password (kim_ui_context  *in_context,
     kim_string_free (&enter_old_password_format);
     kim_string_free (&enter_new_password_format);
     kim_string_free (&enter_verify_password_format);
-    
+
     return check_error (err);
 }
 
@@ -445,14 +445,14 @@ kim_error kim_ui_cli_handle_error (kim_ui_context *in_context,
                                    kim_string      in_error_description)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_error_message    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_error_description) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         fprintf (stdout, "%s\n%s\n\n", in_error_message, in_error_description);
     }
-    
+
     return check_error (err);
 }
 
@@ -471,7 +471,7 @@ kim_error kim_ui_cli_fini (kim_ui_context *io_context)
     if (io_context) {
         kim_credential_free ((kim_credential *) &io_context->tcontext);
     }
-    
+
     return KIM_NO_ERROR;
 }
 
diff --git a/src/kim/lib/kim_ui_cli_private.h b/src/kim/lib/kim_ui_cli_private.h
index 26970cf79..b66527a9b 100644
--- a/src/kim/lib/kim_ui_cli_private.h
+++ b/src/kim/lib/kim_ui_cli_private.h
@@ -49,8 +49,8 @@ kim_error kim_ui_cli_select_identity (kim_ui_context      *in_context,
 kim_error kim_ui_cli_auth_prompt (kim_ui_context      *in_context,
                                   kim_identity         in_identity,
                                   kim_prompt_type      in_type,
-                                  kim_boolean          in_allow_save_reply, 
-                                  kim_boolean          in_hide_reply, 
+                                  kim_boolean          in_allow_save_reply,
+                                  kim_boolean          in_hide_reply,
                                   kim_string           in_title,
                                   kim_string           in_message,
                                   kim_string           in_description,
diff --git a/src/kim/lib/kim_ui_gui_private.h b/src/kim/lib/kim_ui_gui_private.h
index ecb324339..2f0bdbc4a 100644
--- a/src/kim/lib/kim_ui_gui_private.h
+++ b/src/kim/lib/kim_ui_gui_private.h
@@ -49,8 +49,8 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context      *in_context,
 kim_error kim_os_ui_gui_auth_prompt (kim_ui_context      *in_context,
                                      kim_identity         in_identity,
                                      kim_prompt_type      in_type,
-                                     kim_boolean          in_allow_save_reply, 
-                                     kim_boolean          in_hide_reply, 
+                                     kim_boolean          in_allow_save_reply,
+                                     kim_boolean          in_hide_reply,
                                      kim_string           in_title,
                                      kim_string           in_message,
                                      kim_string           in_description,
diff --git a/src/kim/lib/kim_ui_plugin.c b/src/kim/lib/kim_ui_plugin.c
index c307dd189..94a455c04 100644
--- a/src/kim/lib/kim_ui_plugin.c
+++ b/src/kim/lib/kim_ui_plugin.c
@@ -50,15 +50,15 @@ struct kim_ui_plugin_context {
 
 static void kim_ui_plugin_context_free (kim_ui_plugin_context *io_context)
 {
-    if (io_context && *io_context) { 
+    if (io_context && *io_context) {
         if ((*io_context)->ftables) {
             krb5int_free_plugin_dir_data ((*io_context)->ftables);
         }
-        if (PLUGIN_DIR_OPEN (&(*io_context)->plugins)) { 
-            krb5int_close_plugin_dirs (&(*io_context)->plugins); 
+        if (PLUGIN_DIR_OPEN (&(*io_context)->plugins)) {
+            krb5int_close_plugin_dirs (&(*io_context)->plugins);
         }
-        if ((*io_context)->kcontext) { 
-            krb5_free_context ((*io_context)->kcontext); 
+        if ((*io_context)->kcontext) {
+            krb5_free_context ((*io_context)->kcontext);
         }
         free (*io_context);
         *io_context = NULL;
@@ -71,31 +71,31 @@ static kim_error kim_ui_plugin_context_allocate (kim_ui_plugin_context *out_cont
 {
     kim_error err = KIM_NO_ERROR;
     kim_ui_plugin_context context = NULL;
-    
+
     if (!err && !out_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         context = malloc (sizeof (*context));
         if (!context) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         err = krb5_error (NULL, krb5_init_context (&context->kcontext));
     }
-    
+
     if (!err) {
         PLUGIN_DIR_INIT(&context->plugins);
         context->ftable = NULL;
         context->ftables = NULL;
         context->plugin_context = NULL;
-        
+
         *out_context = context;
         context = NULL;
     }
-    
+
     kim_ui_plugin_context_free (&context);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 #pragma mark -
@@ -106,60 +106,60 @@ kim_error kim_ui_plugin_init (kim_ui_context *io_context)
 {
     kim_error err = KIM_NO_ERROR;
     kim_ui_plugin_context context = NULL;
-    
+
     if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_ui_plugin_context_allocate (&context);
     }
-    
+
     if (!err) {
         PLUGIN_DIR_INIT(&context->plugins);
 
         err = krb5_error (context->kcontext,
-                          krb5int_open_plugin_dirs (kim_ui_plugin_dirs, 
-                                                    kim_ui_plugin_files, 
-                                                    &context->plugins, 
+                          krb5int_open_plugin_dirs (kim_ui_plugin_dirs,
+                                                    kim_ui_plugin_files,
+                                                    &context->plugins,
                                                     &context->kcontext->err));
     }
-    
+
     if (!err) {
         err = krb5_error (context->kcontext,
                           krb5int_get_plugin_dir_data (&context->plugins,
                                                        "kim_ui_0",
-                                                       &context->ftables, 
+                                                       &context->ftables,
                                                        &context->kcontext->err));
     }
-    
+
     if (!err && context->ftables) {
         int i;
-        
+
         for (i = 0; context->ftables[i]; i++) {
             struct kim_ui_plugin_ftable_v0 *ftable = context->ftables[i];
             context->plugin_context = NULL;
-            
+
             err = ftable->init (&context->plugin_context);
-            
+
             if (!err) {
                 context->ftable = ftable;
                 break; /* use first plugin that initializes correctly */
             }
-            
+
             err = KIM_NO_ERROR; /* ignore failed plugins */
         }
     }
-    
+
     if (!err && !context->ftable) {
         err = check_error (KRB5_PLUGIN_NO_HANDLE);
     }
-        
+
     if (!err) {
         io_context->tcontext = context;
         context = NULL;
     }
-    
+
     kim_ui_plugin_context_free (&context);
-    
+
     return check_error (err);
 }
 
@@ -171,12 +171,12 @@ kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context,
                                         kim_boolean    *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_options         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
 
@@ -185,7 +185,7 @@ kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context,
                                                out_identity,
                                                out_change_password);
     }
-    
+
     return check_error (err);
 }
 
@@ -197,21 +197,21 @@ kim_error kim_ui_plugin_select_identity (kim_ui_context      *in_context,
                                          kim_boolean         *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_hints           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
-        
+
         err = context->ftable->select_identity (context->plugin_context,
-                                                io_hints, 
+                                                io_hints,
                                                 out_identity,
                                                 out_change_password);
     }
-    
+
     return check_error (err);
 }
 
@@ -220,8 +220,8 @@ kim_error kim_ui_plugin_select_identity (kim_ui_context      *in_context,
 kim_error kim_ui_plugin_auth_prompt (kim_ui_context      *in_context,
                                      kim_identity         in_identity,
                                      kim_prompt_type      in_type,
-                                     kim_boolean          in_allow_save_reply, 
-                                     kim_boolean          in_hide_reply, 
+                                     kim_boolean          in_allow_save_reply,
+                                     kim_boolean          in_hide_reply,
                                      kim_string           in_title,
                                      kim_string           in_message,
                                      kim_string           in_description,
@@ -229,17 +229,17 @@ kim_error kim_ui_plugin_auth_prompt (kim_ui_context      *in_context,
                                      kim_boolean         *out_save_reply)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_reply  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* in_title, in_message or in_description may be NULL */
-    
+
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
-        
+
         err = context->ftable->auth_prompt (context->plugin_context,
-                                            in_identity, 
+                                            in_identity,
                                             in_type,
                                             in_allow_save_reply,
                                             in_hide_reply,
@@ -249,7 +249,7 @@ kim_error kim_ui_plugin_auth_prompt (kim_ui_context      *in_context,
                                             out_reply,
                                             out_save_reply);
     }
-    
+
     return check_error (err);
 }
 
@@ -263,24 +263,24 @@ kim_error kim_ui_plugin_change_password (kim_ui_context  *in_context,
                                          char           **out_verify_password)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_old_password   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_new_password   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_verify_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
-        
+
         err = context->ftable->change_password (context->plugin_context,
-                                                in_identity, 
+                                                in_identity,
                                                 in_old_password_expired,
                                                 out_old_password,
                                                 out_new_password,
                                                 out_verify_password);
     }
-    
+
     return check_error (err);
 }
 
@@ -293,21 +293,21 @@ kim_error kim_ui_plugin_handle_error (kim_ui_context *in_context,
                                       kim_string      in_error_description)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context          ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_error_message    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_error_description) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
-        
+
         err = context->ftable->handle_error (context->plugin_context,
-                                             in_identity, 
+                                             in_identity,
                                              in_error,
                                              in_error_message,
                                              in_error_description);
     }
-    
+
     return check_error (err);
 }
 
@@ -317,14 +317,14 @@ void kim_ui_plugin_free_string (kim_ui_context  *in_context,
                                 char           **io_string)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_string ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
-        
-        context->ftable->free_string (context->plugin_context, 
+
+        context->ftable->free_string (context->plugin_context,
                                       io_string);
     }
  }
@@ -334,12 +334,12 @@ void kim_ui_plugin_free_string (kim_ui_context  *in_context,
 kim_error kim_ui_plugin_fini (kim_ui_context *io_context)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) io_context->tcontext;
-        
+
         if (context) {
             err = context->ftable->fini (context->plugin_context);
         }
@@ -349,6 +349,6 @@ kim_error kim_ui_plugin_fini (kim_ui_context *io_context)
             io_context->tcontext = NULL;
         }
     }
-    
+
     return check_error (err);
 }
diff --git a/src/kim/lib/kim_ui_plugin_private.h b/src/kim/lib/kim_ui_plugin_private.h
index 397a7ad91..9248e08df 100644
--- a/src/kim/lib/kim_ui_plugin_private.h
+++ b/src/kim/lib/kim_ui_plugin_private.h
@@ -48,8 +48,8 @@ kim_error kim_ui_plugin_select_identity (kim_ui_context      *in_context,
 kim_error kim_ui_plugin_auth_prompt (kim_ui_context      *in_context,
                                      kim_identity         in_identity,
                                      kim_prompt_type      in_type,
-                                     kim_boolean          in_allow_save_reply, 
-                                     kim_boolean          in_hide_reply, 
+                                     kim_boolean          in_allow_save_reply,
+                                     kim_boolean          in_hide_reply,
                                      kim_string           in_title,
                                      kim_string           in_message,
                                      kim_string           in_description,
diff --git a/src/kim/lib/mac/KerberosLogin.c b/src/kim/lib/mac/KerberosLogin.c
index de05e57dd..73d9b8056 100644
--- a/src/kim/lib/mac/KerberosLogin.c
+++ b/src/kim/lib/mac/KerberosLogin.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -34,8 +34,8 @@
 #include "k5-thread.h"
 #include <time.h>
 
-/* 
- * Deprecated Error codes 
+/*
+ * Deprecated Error codes
  */
 enum {
     /* Carbon Dialog errors */
@@ -44,7 +44,7 @@ enum {
     klNotInForegroundErr,
     klNoAppearanceErr,
     klFatalDialogErr,
-    klCarbonUnavailableErr    
+    klCarbonUnavailableErr
 };
 
 krb5_get_init_creds_opt *__KLLoginOptionsGetKerberos5Options (KLLoginOptions ioOptions);
@@ -57,33 +57,33 @@ char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions);
 static KLStatus kl_check_error_ (kim_error inError, const char *function, const char *file, int line)
 {
     kim_error err = inError;
-    
+
     switch (err) {
         case ccNoError:
             err = klNoErr;
             break;
-            
+
         case ccErrBadName:
             err = klPrincipalDoesNotExistErr;
             break;
-            
+
         case ccErrCCacheNotFound:
             err = klCacheDoesNotExistErr;
             break;
-            
+
         case ccErrCredentialsNotFound:
             err = klNoCredentialsErr;
             break;
-            
+
         case KIM_OUT_OF_MEMORY_ERR:
         case ccErrNoMem:
             err = klMemFullErr;
             break;
-            
+
         case ccErrBadCredentialsVersion:
             err = klInvalidVersionErr;
             break;
-            
+
         case KIM_NULL_PARAMETER_ERR:
         case ccErrBadParam:
         case ccIteratorEnd:
@@ -103,19 +103,19 @@ static KLStatus kl_check_error_ (kim_error inError, const char *function, const
         case ccErrNeverDefault:
             err = klParameterErr;
             break;
-            
+
         case KIM_USER_CANCELED_ERR:
         case KRB5_LIBOS_PWDINTR:
             err = klUserCanceledErr;
             break;
     }
-    
+
     if (err) {
-        kim_debug_printf ("%s() remapped %d to %d ('%s') at %s: %d", 
-                          function, inError, err, kim_error_message (err), 
+        kim_debug_printf ("%s() remapped %d to %d ('%s') at %s: %d",
+                          function, inError, err, kim_error_message (err),
                           file, line);
     }
-    
+
     return err;
 }
 #define kl_check_error(err) kl_check_error_(err, __FUNCTION__, __FILE__, __LINE__)
@@ -126,9 +126,9 @@ KLStatus KLAcquireTickets (KLPrincipal   inPrincipal,
                            KLPrincipal  *outPrincipal,
                            char        **outCredCacheName)
 {
-    return kl_check_error (KLAcquireInitialTickets (inPrincipal, 
-                                                    NULL, 
-                                                    outPrincipal, 
+    return kl_check_error (KLAcquireInitialTickets (inPrincipal,
+                                                    NULL,
+                                                    outPrincipal,
                                                     outCredCacheName));
 }
 
@@ -138,9 +138,9 @@ KLStatus KLAcquireNewTickets (KLPrincipal  inPrincipal,
                               KLPrincipal  *outPrincipal,
                               char        **outCredCacheName)
 {
-    return kl_check_error (KLAcquireNewInitialTickets (inPrincipal, 
-                                                       NULL, 
-                                                       outPrincipal, 
+    return kl_check_error (KLAcquireNewInitialTickets (inPrincipal,
+                                                       NULL,
+                                                       outPrincipal,
                                                        outCredCacheName));
 }
 
@@ -151,9 +151,9 @@ KLStatus KLAcquireTicketsWithPassword (KLPrincipal      inPrincipal,
                                        const char      *inPassword,
                                        char           **outCredCacheName)
 {
-    return kl_check_error (KLAcquireInitialTicketsWithPassword (inPrincipal, 
-                                                                inLoginOptions, 
-                                                                inPassword, 
+    return kl_check_error (KLAcquireInitialTicketsWithPassword (inPrincipal,
+                                                                inLoginOptions,
+                                                                inPassword,
                                                                 outCredCacheName));
 }
 
@@ -164,9 +164,9 @@ KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal      inPrincipal,
                                           const char      *inPassword,
                                           char           **outCredCacheName)
 {
-    return kl_check_error (KLAcquireNewInitialTicketsWithPassword (inPrincipal, 
-                                                                   inLoginOptions, 
-                                                                   inPassword, 
+    return kl_check_error (KLAcquireNewInitialTicketsWithPassword (inPrincipal,
+                                                                   inLoginOptions,
+                                                                   inPassword,
                                                                    outCredCacheName));
 }
 
@@ -201,21 +201,21 @@ KLStatus KLAcquireInitialTickets (KLPrincipal      inPrincipal,
     kim_ccache ccache = NULL;
     kim_string name = NULL;
     kim_identity identity = NULL;
-    
+
     if (!err) {
-        err = kim_ccache_create_new_if_needed (&ccache, 
+        err = kim_ccache_create_new_if_needed (&ccache,
                                                inPrincipal,
                                                inLoginOptions);
     }
-    
+
     if (!err && outPrincipal) {
         err = kim_ccache_get_client_identity (ccache, &identity);
     }
-    
+
     if (!err && outCredCacheName) {
         err = kim_ccache_get_display_name (ccache, &name);
     }
-    
+
     if (!err) {
         if (outPrincipal) {
             *outPrincipal = identity;
@@ -226,11 +226,11 @@ KLStatus KLAcquireInitialTickets (KLPrincipal      inPrincipal,
             name = NULL;
         }
     }
-    
+
     kim_string_free (&name);
-    kim_identity_free (&identity);    
+    kim_identity_free (&identity);
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -245,17 +245,17 @@ KLStatus KLAcquireNewInitialTickets (KLPrincipal      inPrincipal,
     kim_ccache ccache = NULL;
     kim_string name = NULL;
     kim_identity identity = NULL;
-    
+
     err = kim_ccache_create_new (&ccache, inPrincipal, inLoginOptions);
-    
+
     if (!err && outPrincipal) {
         err = kim_ccache_get_client_identity (ccache, &identity);
     }
-    
+
     if (!err && outCredCacheName) {
         err = kim_ccache_get_display_name (ccache, &name);
     }
-    
+
     if (!err) {
         if (outPrincipal) {
             *outPrincipal = identity;
@@ -266,11 +266,11 @@ KLStatus KLAcquireNewInitialTickets (KLPrincipal      inPrincipal,
             name = NULL;
         }
     }
-    
+
     kim_string_free (&name);
-    kim_identity_free (&identity);    
+    kim_identity_free (&identity);
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -280,15 +280,15 @@ KLStatus KLDestroyTickets (KLPrincipal inPrincipal)
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
+
     if (!err) {
         err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
     }
-    
+
     if (!err) {
         err = kim_ccache_destroy (&ccache);
     }
-    
+
     return kl_check_error (err);
 }
 
@@ -308,21 +308,21 @@ KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal      inPrincipal,
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
+
     if (!err) {
-        err = kim_ccache_create_new_if_needed_with_password (&ccache, 
+        err = kim_ccache_create_new_if_needed_with_password (&ccache,
                                                              inPrincipal,
                                                              inLoginOptions,
                                                              inPassword);
     }
-    
+
     if (!err && outCredCacheName) {
-        err = kim_ccache_get_display_name (ccache, 
+        err = kim_ccache_get_display_name (ccache,
                                            (kim_string *) outCredCacheName);
-    }    
-    
+    }
+
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -335,19 +335,19 @@ KLStatus KLAcquireNewInitialTicketsWithPassword (KLPrincipal      inPrincipal,
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
-    err = kim_ccache_create_new_with_password (&ccache, 
-                                               inPrincipal, 
+
+    err = kim_ccache_create_new_with_password (&ccache,
+                                               inPrincipal,
                                                inLoginOptions,
                                                inPassword);
-    
+
     if (!err && outCredCacheName) {
-        err = kim_ccache_get_display_name (ccache, 
+        err = kim_ccache_get_display_name (ccache,
                                            (kim_string *) outCredCacheName);
-    }    
-    
+    }
+
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -365,20 +365,20 @@ KLStatus KLAcquireNewInitialTicketCredentialsWithPassword (KLPrincipal      inPr
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
     krb5_creds *creds = NULL;
-    
+
     if (!err) {
         err = kim_credential_create_new_with_password (&credential,
                                                        inPrincipal,
                                                        inLoginOptions,
                                                        inPassword);
     }
-    
+
     if (!err) {
-        err = kim_credential_get_krb5_creds (credential, 
+        err = kim_credential_get_krb5_creds (credential,
                                              inV5Context,
                                              &creds);
     }
-    
+
     if (!err) {
         *outGotV5Credentials = 1;
         *outGotV4Credentials = 0;
@@ -386,9 +386,9 @@ KLStatus KLAcquireNewInitialTicketCredentialsWithPassword (KLPrincipal      inPr
         free (creds); /* eeeew */
         creds = NULL;
     }
-    
+
     kim_credential_free (&credential);
-    
+
     return kl_check_error (err);
 }
 
@@ -403,23 +403,23 @@ KLStatus KLStoreNewInitialTicketCredentials (KLPrincipal     inPrincipal,
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
     kim_ccache ccache = NULL;
-    
+
     err = kim_credential_create_from_krb5_creds (&credential,
-                                                 inV5Context, 
+                                                 inV5Context,
                                                  inV5Credentials);
-    
+
     if (!err) {
         err = kim_credential_store (credential, inPrincipal, &ccache);
     }
-    
+
     if (!err && outCredCacheName) {
-        err = kim_ccache_get_display_name (ccache, 
+        err = kim_ccache_get_display_name (ccache,
                                            (kim_string *) outCredCacheName);
-    }    
-    
+    }
+
     kim_ccache_free (&ccache);
     kim_credential_free (&credential);
-    
+
     return kl_check_error (err);
 }
 
@@ -431,23 +431,23 @@ KLStatus KLVerifyInitialTickets (KLPrincipal   inPrincipal,
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
+
     err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
-    
+
     if (!err) {
-        err = kim_ccache_verify (ccache, 
-                                 KIM_IDENTITY_ANY, 
-                                 NULL, 
+        err = kim_ccache_verify (ccache,
+                                 KIM_IDENTITY_ANY,
+                                 NULL,
                                  inFailIfNoHostKey);
     }
-    
+
     if (!err && outCredCacheName) {
-        err = kim_ccache_get_display_name (ccache, 
+        err = kim_ccache_get_display_name (ccache,
                                            (kim_string *) outCredCacheName);
-    }    
-    
+    }
+
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -460,23 +460,23 @@ KLStatus KLVerifyInitialTicketCredentials (void        *inV4Credentials,
     kim_error err = KIM_NO_ERROR;
     kim_credential credential = NULL;
     krb5_context context = NULL;
-    
+
     err = krb5_error (NULL, krb5_init_context (&context));
-    
+
     if (!err) {
         err = kim_credential_create_from_krb5_creds (&credential,
-                                                     context, 
+                                                     context,
                                                      inV5Credentials);
     }
-    
+
     if (!err) {
-        err = kim_credential_verify (credential, KIM_IDENTITY_ANY, 
+        err = kim_credential_verify (credential, KIM_IDENTITY_ANY,
                                      NULL, inFailIfNoHostKey);
     }
-    
+
     if (context) { krb5_free_context (context); }
     kim_credential_free (&credential);
-    
+
     return kl_check_error (err);
 }
 
@@ -489,19 +489,19 @@ KLStatus KLAcquireNewInitialTicketsWithKeytab (KLPrincipal      inPrincipal,
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
-    err = kim_ccache_create_from_keytab (&ccache, 
-                                         inPrincipal, 
+
+    err = kim_ccache_create_from_keytab (&ccache,
+                                         inPrincipal,
                                          inLoginOptions,
                                          inKeytabName);
-    
+
     if (!err && outCredCacheName) {
-        err = kim_ccache_get_display_name (ccache, 
+        err = kim_ccache_get_display_name (ccache,
                                            (kim_string *) outCredCacheName);
-    }    
-    
+    }
+
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -516,21 +516,21 @@ KLStatus KLRenewInitialTickets (KLPrincipal      inPrincipal,
     kim_ccache ccache = NULL;
     kim_string name = NULL;
     kim_identity identity = NULL;
-    
+
     err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
-    
+
     if (!err) {
         err = kim_ccache_renew (ccache, inLoginOptions);
     }
-    
+
     if (!err && outPrincipal) {
         err = kim_ccache_get_client_identity (ccache, &identity);
     }
-    
+
     if (!err && outCredCacheName) {
         err = kim_ccache_get_display_name (ccache, &name);
     }
-    
+
     if (!err) {
         if (outPrincipal) {
             *outPrincipal = identity;
@@ -541,11 +541,11 @@ KLStatus KLRenewInitialTickets (KLPrincipal      inPrincipal,
             name = NULL;
         }
     }
-    
+
     kim_string_free (&name);
     kim_identity_free (&identity);
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -557,20 +557,20 @@ KLStatus KLValidateInitialTickets (KLPrincipal      inPrincipal,
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
+
     err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
-    
+
     if (!err) {
         err = kim_ccache_validate (ccache, inLoginOptions);
     }
-    
+
     if (!err && outCredCacheName) {
-        err = kim_ccache_get_display_name (ccache, 
+        err = kim_ccache_get_display_name (ccache,
                                            (kim_string *) outCredCacheName);
-    }    
-    
+    }
+
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -586,7 +586,7 @@ MAKE_FINI_FUNCTION(kim_change_time_fini);
 static int kim_change_time_init (void)
 {
     g_kl_change_time = time (NULL);
-    
+
     return k5_mutex_finish_init(&g_change_time_mutex);
 }
 
@@ -597,7 +597,7 @@ static void kim_change_time_fini (void)
     if (!INITIALIZER_RAN (kim_change_time_init) || PROGRAM_EXITING ()) {
 	return;
     }
-    
+
     k5_mutex_destroy(&g_change_time_mutex);
 }
 
@@ -609,9 +609,9 @@ KLStatus KLLastChangedTime (KLTime *outLastChangedTime)
     kim_error mutex_err = KIM_NO_ERROR;
     cc_context_t context = NULL;
     cc_time_t    ccChangeTime = 0;
-    
+
     if (!err && !outLastChangedTime) { err = kl_check_error (klParameterErr); }
-        
+
     if (!err) {
         mutex_err = k5_mutex_lock (&g_change_time_mutex);
         if (mutex_err) { err = mutex_err; }
@@ -620,11 +620,11 @@ KLStatus KLLastChangedTime (KLTime *outLastChangedTime)
     if (!err) {
         err = cc_initialize (&context, ccapi_version_4, NULL, NULL);
     }
-    
+
     if (!err) {
         err = cc_context_get_change_time (context, &ccChangeTime);
     }
-    
+
     if (!err) {
         /* cc_context_get_change_time returns 0 if there are no tickets
          * but KLLastChangedTime always returned the current time.  So
@@ -638,13 +638,13 @@ KLStatus KLLastChangedTime (KLTime *outLastChangedTime)
             }
             g_cc_change_time = ccChangeTime;
         }
-        
+
         *outLastChangedTime = g_kl_change_time;
     }
-    
+
     if (context   ) { cc_context_release (context); }
     if (!mutex_err) { k5_mutex_unlock (&g_change_time_mutex); }
-    
+
     return kl_check_error (err);
 }
 
@@ -661,29 +661,29 @@ KLStatus KLCacheHasValidTickets (KLPrincipal         inPrincipal,
     kim_credential_state state = kim_credentials_state_valid;
     kim_identity identity = NULL;
     kim_string name = NULL;
-    
+
     if (!outFoundValidTickets) { err = kl_check_error (klParameterErr); }
-    
+
     if (!err) {
         err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
     }
-    
+
     if (!err) {
         err = kim_ccache_get_state (ccache, &state);
     }
-    
+
     if (!err && outPrincipal) {
         err = kim_ccache_get_client_identity (ccache, &identity);
         if (err) {
             err = KIM_NO_ERROR;
             identity = NULL;
-        } 
+        }
     }
-    
+
     if (!err && outCredCacheName) {
         err = kim_ccache_get_display_name (ccache, &name);
     }
-    
+
     if (!err) {
         *outFoundValidTickets = (state == kim_credentials_state_valid);
         if (outPrincipal) {
@@ -695,11 +695,11 @@ KLStatus KLCacheHasValidTickets (KLPrincipal         inPrincipal,
             name = NULL;
         }
     }
-    
+
     kim_string_free (&name);
     kim_identity_free (&identity);
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -712,21 +712,21 @@ KLStatus KLTicketStartTime (KLPrincipal        inPrincipal,
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
     kim_time start_time = 0;
-    
+
     if (!err) {
         err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
     }
-    
+
     if (!err) {
         err = kim_ccache_get_start_time (ccache, &start_time);
     }
-    
+
     if (!err) {
         *outStartTime = start_time;
     }
-    
+
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -739,21 +739,21 @@ KLStatus KLTicketExpirationTime (KLPrincipal        inPrincipal,
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
     kim_time expiration_time = 0;
-    
+
     if (!err) {
         err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
     }
-    
+
     if (!err) {
         err = kim_ccache_get_expiration_time (ccache, &expiration_time);
     }
-    
+
     if (!err) {
         *outExpirationTime = expiration_time;
     }
-    
+
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -763,17 +763,17 @@ KLStatus KLSetSystemDefaultCache (KLPrincipal inPrincipal)
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
-    
+
     if (!err) {
         err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
     }
-    
+
     if (!err) {
         err = kim_ccache_set_default (ccache);
     }
-    
+
     kim_ccache_free (&ccache);
-    
+
     return kl_check_error (err);
 }
 
@@ -786,15 +786,15 @@ KLStatus KLHandleError (KLStatus           inError,
     kim_error err = KIM_NO_ERROR;
     kim_ui_context context;
     kim_boolean ui_inited = 0;
-    
+
     if (!err) {
         err = kim_ui_init (&context);
         if (!err) { ui_inited = 1; }
     }
-    
+
     if (!err) {
         int type = kim_ui_error_type_generic;
-        
+
         switch (inDialogIdentifier) {
             case loginLibrary_LoginDialog:
                 type = kim_ui_error_type_authentication;
@@ -806,16 +806,16 @@ KLStatus KLHandleError (KLStatus           inError,
                 type = kim_ui_error_type_generic;
                 break;
         }
-        
-        err = kim_ui_handle_kim_error (&context, 
+
+        err = kim_ui_handle_kim_error (&context,
                                        KIM_IDENTITY_ANY, type, inError);
     }
-    
+
     if (ui_inited) {
         kim_error fini_err = kim_ui_fini (&context);
         if (!err) { err = kl_check_error (fini_err); }
     }
-    
+
     return kl_check_error (err);
 }
 
@@ -853,36 +853,36 @@ KLStatus KLChangePasswordWithPasswords (KLPrincipal   inPrincipal,
     kim_error rejected_err = KIM_NO_ERROR;
     kim_string rejected_message = NULL;
     kim_string rejected_description = NULL;
-    
+
     if (!inOldPassword) { err = kl_check_error (klParameterErr); }
     if (!inNewPassword) { err = kl_check_error (klParameterErr); }
     if (!outRejected  ) { err = kl_check_error (klParameterErr); }
-    
+
     if (!err) {
         err = kim_ui_init (&context);
         if (!err) { ui_inited = 1; }
     }
-    
+
     if (!err) {
         kim_boolean was_prompted = 0;
-        
+
         err = kim_credential_create_for_change_password (&credential,
                                                          inPrincipal,
                                                          inOldPassword,
                                                          &context,
                                                          &was_prompted);
     }
-    
+
     if (!err) {
         err = kim_identity_change_password_with_credential (inPrincipal,
-                                                            credential, 
+                                                            credential,
                                                             inNewPassword,
                                                             &context,
                                                             &rejected_err,
                                                             &rejected_message,
                                                             &rejected_description);
-    }  
-    
+    }
+
     if (!err) {
         *outRejected = (rejected_err != 0);
         if (rejected_err) {
@@ -896,16 +896,16 @@ KLStatus KLChangePasswordWithPasswords (KLPrincipal   inPrincipal,
             }
         }
     }
-    
+
     if (ui_inited) {
         kim_error fini_err = kim_ui_fini (&context);
         if (!err) { err = kl_check_error (fini_err); }
     }
-    
+
     kim_string_free (&rejected_message);
     kim_string_free (&rejected_description);
     kim_credential_free (&credential);
-    
+
     return kl_check_error (err);
 }
 
@@ -949,23 +949,23 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption  inOption,
     kim_preferences prefs = NULL;
     KLSize targetSize = 0;
     KLBoolean returnSizeOnly = (ioBuffer == NULL);
-    
+
     if (!ioBufferSize) { err = kl_check_error (klParameterErr); }
-    
+
     if (!err) {
         err = kim_preferences_create (&prefs);
     }
-    
+
     if (!err && inOption == loginOption_LoginName) {
         kim_identity identity = NULL;
         kim_string string = "";
-        
+
         err = kim_preferences_get_client_identity (prefs, &identity);
-        
+
         if (!err && identity) {
             err = kim_identity_get_components_string (identity, &string);
         }
-        
+
         if (!err) {
             targetSize = strlen (string);
             if (!returnSizeOnly) {
@@ -976,12 +976,12 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption  inOption,
                 }
             }
         }
-        
+
         if (string && string[0]) { kim_string_free (&string); }
-        
+
     } else if (!err && inOption == loginOption_LoginInstance) {
         targetSize = 0; /* Deprecated */
-        
+
     } else if (!err && (inOption == loginOption_ShowOptions ||
                         inOption == loginOption_RememberShowOptions ||
                         inOption == loginOption_LongTicketLifetimeDisplay ||
@@ -989,25 +989,25 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption  inOption,
                         inOption == loginOption_RememberExtras ||
                         inOption == loginOption_RememberPassword)) {
         targetSize = sizeof(KLBoolean);
-        
+
         if (!returnSizeOnly) {
             kim_boolean boolean = 0;
-            
+
             if (inOption == loginOption_ShowOptions ||
                 inOption == loginOption_RememberShowOptions ||
                 inOption == loginOption_LongTicketLifetimeDisplay) {
                 boolean = 1; /* Deprecated */
-                
+
             } else if (inOption == loginOption_RememberPrincipal) {
                 err = kim_preferences_get_remember_client_identity (prefs, &boolean);
-                
+
             } else if (inOption == loginOption_RememberExtras) {
                 err = kim_preferences_get_remember_options (prefs, &boolean);
-                
+
             } else if (inOption == loginOption_RememberPassword) {
                 boolean = kim_os_identity_allow_save_password ();
             }
-            
+
             if (!err) {
                 if (*ioBufferSize < targetSize) {
                     err = kl_check_error (klBufferTooSmallErr);
@@ -1016,29 +1016,29 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption  inOption,
                 }
             }
         }
-        
+
     } else if (!err && (inOption == loginOption_MinimalTicketLifetime ||
                         inOption == loginOption_MaximalTicketLifetime ||
                         inOption == loginOption_MinimalRenewableLifetime ||
                         inOption == loginOption_MaximalRenewableLifetime)) {
         targetSize = sizeof(KLLifetime);
-        
+
         if (!returnSizeOnly) {
             kim_lifetime lifetime = 0;
-            
+
             if (inOption == loginOption_MinimalTicketLifetime) {
                 err = kim_preferences_get_minimum_lifetime (prefs, &lifetime);
-                
+
             } else if (inOption == loginOption_MaximalTicketLifetime) {
                 err = kim_preferences_get_maximum_lifetime (prefs, &lifetime);
-                
+
             } else if (inOption == loginOption_MinimalRenewableLifetime) {
                 err = kim_preferences_get_minimum_renewal_lifetime (prefs, &lifetime);
-                
+
             } else if (inOption == loginOption_MaximalRenewableLifetime) {
                 err = kim_preferences_get_maximum_renewal_lifetime (prefs, &lifetime);
-            }   
-            
+            }
+
             if (!err) {
                 if (*ioBufferSize < targetSize) {
                     err = kl_check_error (klBufferTooSmallErr);
@@ -1047,32 +1047,32 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption  inOption,
                 }
             }
         }
-        
+
     } else if (!err && (inOption == loginOption_DefaultRenewableTicket ||
                         inOption == loginOption_DefaultForwardableTicket ||
                         inOption == loginOption_DefaultProxiableTicket ||
                         inOption == loginOption_DefaultAddresslessTicket)) {
         targetSize = sizeof(KLBoolean);
-        
+
         if (!returnSizeOnly) {
             kim_options options = NULL;
             kim_boolean boolean = 0;
-            
+
             err = kim_preferences_get_options (prefs, &options);
-            
+
             if (!err && inOption == loginOption_DefaultRenewableTicket) {
                 err = kim_options_get_renewable (options, &boolean);
-                
+
             } else if (!err && inOption == loginOption_DefaultForwardableTicket) {
                 err = kim_options_get_forwardable (options, &boolean);
-                
+
             } else if (!err && inOption == loginOption_DefaultProxiableTicket) {
                 err = kim_options_get_proxiable (options, &boolean);
-                
+
             } else if (!err && inOption == loginOption_DefaultAddresslessTicket) {
                 err = kim_options_get_addressless (options, &boolean);
-            }   
-            
+            }
+
             if (!err) {
                 if (*ioBufferSize < targetSize) {
                     err = kl_check_error (klBufferTooSmallErr);
@@ -1080,28 +1080,28 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption  inOption,
                     *(KLBoolean *)ioBuffer = boolean;
                 }
             }
-            
+
             kim_options_free (&options);
         }
-        
-        
+
+
     } else if (!err && (inOption == loginOption_DefaultTicketLifetime ||
                         inOption == loginOption_DefaultRenewableLifetime)) {
         targetSize = sizeof(KLLifetime);
-        
+
         if (!returnSizeOnly) {
             kim_options options = NULL;
             kim_lifetime lifetime = 0;
-            
+
             err = kim_preferences_get_options (prefs, &options);
-            
+
             if (!err && inOption == loginOption_DefaultTicketLifetime) {
                 err = kim_options_get_lifetime (options, &lifetime);
-                
+
             } else if (!err && inOption == loginOption_DefaultRenewableLifetime) {
                 err = kim_options_get_renewal_lifetime (options, &lifetime);
-            }   
-            
+            }
+
             if (!err) {
                 if (*ioBufferSize < targetSize) {
                     err = kl_check_error (klBufferTooSmallErr);
@@ -1109,18 +1109,18 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption  inOption,
                     *(KLLifetime *)ioBuffer = lifetime;
                 }
             }
-            
+
             kim_options_free (&options);
         }
-        
-    } else { 
+
+    } else {
         err = kl_check_error (klInvalidOptionErr);
     }
-    
+
     if (!err) {
         *ioBufferSize = targetSize;
     }
-    
+
     return kl_check_error (err);
 }
 
@@ -1132,56 +1132,56 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption  inOption,
 {
     KLStatus err = klNoErr;
     kim_preferences prefs = NULL;
-    
+
     if (inBuffer == NULL) { err = kl_check_error (klParameterErr); }
     if (inBufferSize < 0) { err = kl_check_error (klParameterErr); }
-    
+
     if (!err) {
         err = kim_preferences_create (&prefs);
     }
-    
+
     if (!err && inOption == loginOption_LoginName) {
         kim_identity old_identity = NULL;
         kim_identity new_identity = NULL;
         kim_string new_identity_string = NULL;
         kim_string realm = NULL;
         kim_string components = NULL;
-        
+
         err = kim_string_create_from_buffer (&components, inBuffer, inBufferSize);
-        
+
         if (!err) {
             err = kim_preferences_get_client_identity (prefs, &old_identity);
-            
+
             if (!err && old_identity) {
                 err = kim_identity_get_realm (old_identity, &realm);
             }
         }
-        
+
         if (!err && realm) {
-            err = kim_string_create_from_format (&new_identity_string, 
+            err = kim_string_create_from_format (&new_identity_string,
                                                  "%s@%s", components, realm);
         }
-        
+
         if (!err) {
             err = kim_identity_create_from_string (&new_identity,
                                                    (new_identity_string ?
                                                     new_identity_string :
                                                     components));
         }
-        
+
         if (!err) {
             err = kim_preferences_set_client_identity (prefs, new_identity);
         }
-        
+
         kim_string_free (&components);
         kim_string_free (&realm);
         kim_string_free (&new_identity_string);
         kim_identity_free (&old_identity);
         kim_identity_free (&new_identity);
-        
+
     } else if (!err && inOption == loginOption_LoginInstance) {
         /* Ignored */
-        
+
     } else if (!err && (inOption == loginOption_ShowOptions ||
                         inOption == loginOption_RememberShowOptions ||
                         inOption == loginOption_LongTicketLifetimeDisplay ||
@@ -1193,14 +1193,14 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption  inOption,
         } else if (inBufferSize < sizeof (KLBoolean)) {
             err = kl_check_error (klBufferTooSmallErr);
         }
-        
+
         if (!err && inOption == loginOption_RememberPrincipal) {
             err = kim_preferences_set_remember_client_identity (prefs, *(KLBoolean *)inBuffer);
-            
+
         } else if (!err && inOption == loginOption_RememberExtras) {
             err = kim_preferences_set_remember_options (prefs, *(KLBoolean *)inBuffer);
         }
-        
+
     } else if (!err && (inOption == loginOption_MinimalTicketLifetime ||
                         inOption == loginOption_MaximalTicketLifetime ||
                         inOption == loginOption_MinimalRenewableLifetime ||
@@ -1210,92 +1210,92 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption  inOption,
         } else if (inBufferSize < sizeof (KLLifetime)) {
             err = kl_check_error (klBufferTooSmallErr);
         }
-        
+
         if (!err && inOption == loginOption_MinimalTicketLifetime) {
             err = kim_preferences_set_minimum_lifetime (prefs, *(KLLifetime *)inBuffer);
-            
+
         } else if (!err && inOption == loginOption_MaximalTicketLifetime) {
             err = kim_preferences_set_maximum_lifetime (prefs, *(KLLifetime *)inBuffer);
-            
+
         } else if (!err && inOption == loginOption_MinimalRenewableLifetime) {
             err = kim_preferences_set_minimum_renewal_lifetime (prefs, *(KLLifetime *)inBuffer);
-            
+
         } else if (!err && inOption == loginOption_MaximalRenewableLifetime) {
             err = kim_preferences_set_maximum_renewal_lifetime (prefs, *(KLLifetime *)inBuffer);
-        }   
-        
+        }
+
     } else if (!err && (inOption == loginOption_DefaultRenewableTicket ||
                         inOption == loginOption_DefaultForwardableTicket ||
                         inOption == loginOption_DefaultProxiableTicket ||
                         inOption == loginOption_DefaultAddresslessTicket)) {
         kim_options options = NULL;
-        
+
         if (inBufferSize > sizeof (KLBoolean)) {
             err = kl_check_error (klBufferTooLargeErr);
         } else if (inBufferSize < sizeof (KLBoolean)) {
             err = kl_check_error (klBufferTooSmallErr);
         }
-        
+
         if (!err) {
             err = kim_preferences_get_options (prefs, &options);
         }
-        
+
         if (!err && inOption == loginOption_DefaultRenewableTicket) {
             err = kim_options_set_renewable (options, *(KLBoolean *)inBuffer);
-            
+
         } else if (!err && inOption == loginOption_DefaultForwardableTicket) {
             err = kim_options_set_forwardable (options, *(KLBoolean *)inBuffer);
-            
+
         } else if (!err && inOption == loginOption_DefaultProxiableTicket) {
             err = kim_options_set_proxiable (options, *(KLBoolean *)inBuffer);
-            
+
         } else if (!err && inOption == loginOption_DefaultAddresslessTicket) {
             err = kim_options_set_addressless (options, *(KLBoolean *)inBuffer);
-        }   
-        
+        }
+
         if (!err) {
             err = kim_preferences_set_options (prefs, options);
         }
-        
+
         kim_options_free (&options);
-        
+
     } else if (!err && (inOption == loginOption_DefaultTicketLifetime ||
                         inOption == loginOption_DefaultRenewableLifetime)) {
         kim_options options = NULL;
-        
+
         if (inBufferSize > sizeof (KLLifetime)) {
             err = kl_check_error (klBufferTooLargeErr);
         } else if (inBufferSize < sizeof (KLLifetime)) {
             err = kl_check_error (klBufferTooSmallErr);
         }
-        
+
         if (!err) {
             err = kim_preferences_get_options (prefs, &options);
         }
-        
+
         if (!err && inOption == loginOption_DefaultTicketLifetime) {
             err = kim_options_set_lifetime (options, *(KLLifetime *)inBuffer);
-            
+
         } else if (!err && inOption == loginOption_DefaultRenewableLifetime) {
             err = kim_options_set_renewal_lifetime (options, *(KLLifetime *)inBuffer);
-        }   
-        
+        }
+
         if (!err) {
             err = kim_preferences_set_options (prefs, options);
         }
-        
+
         kim_options_free (&options);
-        
-    } else { 
+
+    } else {
         err = kl_check_error (klInvalidOptionErr);
     }
-    
+
     if (!err) {
         err = kim_preferences_synchronize (prefs);
-    }    
-    
+    }
+
     kim_preferences_free (&prefs);
-    
+
     return kl_check_error (err);
 }
 
@@ -1308,11 +1308,11 @@ KLStatus KLFindKerberosRealmByName (const char *inRealmName,
 {
     kim_error err = KIM_NO_ERROR;
     char *realm = NULL;
-    
+
     if (!err) {
         err = KLGetKerberosDefaultRealmByName (&realm);
     }
-    
+
     if (!err) {
         if (!strcmp (inRealmName, realm)) {
             *outIndex = 0;
@@ -1320,9 +1320,9 @@ KLStatus KLFindKerberosRealmByName (const char *inRealmName,
             err = kl_check_error (klRealmDoesNotExistErr);
         }
     }
-    
+
     kim_string_free ((kim_string *) &realm);
-    
+
     return kl_check_error (err);
 }
 
@@ -1332,14 +1332,14 @@ KLStatus KLGetKerberosRealm (KLIndex   inIndex,
                              char    **outRealmName)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!outRealmName) { err = kl_check_error (klParameterErr); }
     if (!err && inIndex != 0) { err = kl_check_error (klRealmDoesNotExistErr); }
-    
+
     if (!err) {
         err = KLGetKerberosDefaultRealmByName (outRealmName);
     }
-    
+
     return kl_check_error (err);
 }
 
@@ -1385,13 +1385,13 @@ KLSize KLCountKerberosRealms (void)
 KLStatus KLGetKerberosDefaultRealm(KLIndex *outIndex)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!outIndex) { err = kl_check_error (klParameterErr); }
-    
+
     if (!err) {
         *outIndex = 0;
     }
-    
+
     return kl_check_error (klNoErr);
 }
 
@@ -1402,24 +1402,24 @@ KLStatus KLGetKerberosDefaultRealmByName (char **outRealmName)
     kim_error err = KIM_NO_ERROR;
     krb5_context context = NULL;
     char *realm = NULL;
-    
+
     if (!outRealmName) { err = kl_check_error (klParameterErr); }
-    
+
     if (!err) {
         err = krb5_init_context (&context);
     }
-    
+
     if (!err) {
     	err = krb5_get_default_realm(context, &realm);
     }
-    
+
     if (!err) {
         err = kim_string_copy ((kim_string *) outRealmName, realm);
     }
-    
+
     if (realm  ) { krb5_free_default_realm (context, realm); }
     if (context) { krb5_free_context (context); }
-    
+
     return kl_check_error (err);
 }
 
@@ -1449,14 +1449,14 @@ KLStatus KLCreatePrincipalFromTriplet (const char  *inName,
     if (inInstance && strlen (inInstance) > 0) {
         return kl_check_error (kim_identity_create_from_components (outPrincipal,
                                                                     inRealm,
-                                                                    inName, 
+                                                                    inName,
                                                                     inInstance,
                                                                     NULL));
     } else {
         return kl_check_error (kim_identity_create_from_components (outPrincipal,
                                                                     inRealm,
-                                                                    inName, 
-                                                                    NULL));        
+                                                                    inName,
+                                                                    NULL));
     }
 }
 
@@ -1466,7 +1466,7 @@ KLStatus KLCreatePrincipalFromString (const char        *inFullPrincipal,
                                       KLKerberosVersion  inKerberosVersion,
                                       KLPrincipal       *outPrincipal)
 {
-    return kl_check_error (kim_identity_create_from_string (outPrincipal, 
+    return kl_check_error (kim_identity_create_from_string (outPrincipal,
                                                             inFullPrincipal));
 }
 
@@ -1475,7 +1475,7 @@ KLStatus KLCreatePrincipalFromString (const char        *inFullPrincipal,
 KLStatus KLCreatePrincipalFromKerberos5Principal (krb5_principal  inKerberos5Principal,
                                                   KLPrincipal    *outPrincipal)
 {
-    return kl_check_error (kim_identity_create_from_krb5_principal (outPrincipal, 
+    return kl_check_error (kim_identity_create_from_krb5_principal (outPrincipal,
                                                                     NULL, /* context */
                                                                     inKerberos5Principal));
 }
@@ -1500,29 +1500,29 @@ KLStatus KLGetTripletFromPrincipal (KLPrincipal   inPrincipal,
     kim_string instance = NULL;
     kim_string realm = NULL;
     kim_count count = 0;
-    
+
     if (!inPrincipal) { return kl_check_error (klBadPrincipalErr); }
     if (!outName    ) { return kl_check_error (klParameterErr); }
     if (!outInstance) { return kl_check_error (klParameterErr); }
     if (!outRealm   ) { return kl_check_error (klParameterErr); }
-    
+
     if (!err) {
         err = kim_identity_get_number_of_components (inPrincipal, &count);
         if (!err && count > 2) { err = kl_check_error (klBadPrincipalErr); }
     }
-    
+
     if (!err) {
         err = kim_identity_get_realm (inPrincipal, &realm);
     }
-    
+
     if (!err) {
         err = kim_identity_get_component_at_index (inPrincipal, 0, &name);
     }
-    
+
     if (!err && count > 1) {
         err = kim_identity_get_component_at_index (inPrincipal, 1, &instance);
     }
-    
+
     if (!err) {
         *outName = (char *) name;
         name = NULL;
@@ -1531,11 +1531,11 @@ KLStatus KLGetTripletFromPrincipal (KLPrincipal   inPrincipal,
         *outRealm = (char *) realm;
         realm = NULL;
     }
-    
+
     kim_string_free (&name);
     kim_string_free (&instance);
     kim_string_free (&realm);
-    
+
     return kl_check_error (err);
 }
 
@@ -1545,7 +1545,7 @@ KLStatus KLGetStringFromPrincipal (KLPrincipal         inPrincipal,
                                    KLKerberosVersion   inKerberosVersion,
                                    char              **outFullPrincipal)
 {
-    return kl_check_error (kim_identity_get_string (inPrincipal, 
+    return kl_check_error (kim_identity_get_string (inPrincipal,
                                                     (kim_string *) outFullPrincipal));
 }
 
@@ -1555,7 +1555,7 @@ KLStatus KLGetDisplayStringFromPrincipal (KLPrincipal         inPrincipal,
                                           KLKerberosVersion   inKerberosVersion,
                                           char              **outFullPrincipal)
 {
-    return kl_check_error (kim_identity_get_display_string (inPrincipal, 
+    return kl_check_error (kim_identity_get_display_string (inPrincipal,
                                                             (kim_string *) outFullPrincipal));
 }
 
@@ -1567,14 +1567,14 @@ KLStatus KLComparePrincipal (KLPrincipal  inFirstPrincipal,
 {
     kim_error err = KIM_NO_ERROR;
     kim_comparison comparison;
-    
-    err = kim_identity_compare (inFirstPrincipal, inSecondPrincipal, 
+
+    err = kim_identity_compare (inFirstPrincipal, inSecondPrincipal,
                                 &comparison);
-    
+
     if (!err) {
         *outAreEquivalent = kim_comparison_is_equal_to (comparison);
     }
-    
+
     return kl_check_error (err);
 }
 
@@ -1625,13 +1625,13 @@ KLStatus KLLoginOptionsSetRenewableLifetime (KLLoginOptions ioOptions,
                                              KLLifetime     inRenewableLifetime)
 {
     KLStatus err = klNoErr;
-    
+
     err = kim_options_set_renewable (ioOptions, inRenewableLifetime > 0);
-    
+
     if (!err && inRenewableLifetime > 0) {
         err = kim_options_set_renewal_lifetime (ioOptions, inRenewableLifetime);
-    } 
-    
+    }
+
     return kl_check_error (err);
 }
 
@@ -1733,7 +1733,7 @@ KLStatus __KLSetPromptMechanism (KLPromptMechanism inPromptMechanism)
 KLPromptMechanism __KLPromptMechanism (void)
 {
     kim_ui_environment environment = kim_library_ui_environment ();
-    
+
     if (environment == KIM_UI_ENVIRONMENT_GUI) {
         return klPromptMechanism_GUI;
     } else if (environment == KIM_UI_ENVIRONMENT_CLI) {
@@ -1759,7 +1759,7 @@ KLStatus __KLCreatePrincipalFromTriplet (const char  *inName,
 {
     return kl_check_error (kim_identity_create_from_components (outPrincipal,
                                                                 inRealm,
-                                                                inName, 
+                                                                inName,
                                                                 inInstance,
                                                                 NULL));
 }
@@ -1772,7 +1772,7 @@ KLStatus __KLGetTripletFromPrincipal (KLPrincipal         inPrincipal,
                                       char              **outInstance,
                                       char              **outRealm)
 {
-    return KLGetTripletFromPrincipal (inPrincipal, 
+    return KLGetTripletFromPrincipal (inPrincipal,
                                       outName, outInstance, outRealm);
 }
 
@@ -1782,17 +1782,17 @@ KLStatus __KLCreatePrincipalFromKerberos5Principal (krb5_principal inPrincipal,
                                                     KLPrincipal *outPrincipal)
 {
     return KLCreatePrincipalFromKerberos5Principal (inPrincipal, outPrincipal);
-    
+
 }
 
 /* ------------------------------------------------------------------------ */
 
-KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal     inPrincipal, 
-                                                 krb5_context    inContext, 
+KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal     inPrincipal,
+                                                 krb5_context    inContext,
                                                  krb5_principal *outKrb5Principal)
 {
-    return kl_check_error (kim_identity_get_krb5_principal (inPrincipal, 
-                                                            inContext, 
+    return kl_check_error (kim_identity_get_krb5_principal (inPrincipal,
+                                                            inContext,
                                                             outKrb5Principal));
 }
 
@@ -1802,8 +1802,8 @@ KLBoolean __KLPrincipalIsTicketGrantingService (KLPrincipal inPrincipal)
 {
     kim_boolean is_tgt = FALSE;
     kim_error err = kim_identity_is_tgt_service (inPrincipal, &is_tgt);
-    
-    return !err ? is_tgt : FALSE; 
+
+    return !err ? is_tgt : FALSE;
 }
 
 /* ------------------------------------------------------------------------ */
diff --git a/src/kim/lib/mac/KerberosLogin.h b/src/kim/lib/mac/KerberosLogin.h
index 8dc49e18d..6d98c1878 100644
--- a/src/kim/lib/mac/KerberosLogin.h
+++ b/src/kim/lib/mac/KerberosLogin.h
@@ -6,7 +6,7 @@
 * require a specific license from the United States Government.
 * It is the responsibility of any person or organization contemplating
 * export to obtain such a license before exporting.
-* 
+*
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
@@ -51,7 +51,7 @@ extern "C" {
 #    pragma pack(push,2)
 #endif
 
-/* 
+/*
  * Kerberos version constants
  */
 enum {
@@ -62,8 +62,8 @@ enum {
 };
 typedef int32_t KLEKerberosVersion;
 
-/* 
- * Dialog identifier constants 
+/*
+ * Dialog identifier constants
  */
 enum {
     loginLibrary_LoginDialog,
@@ -76,35 +76,35 @@ enum {
 typedef int32_t KLEDialogIdentifiers;
 
 
-/* 
- * Option identifier constants 
+/*
+ * Option identifier constants
  */
 enum {
     /* Initial values and ranges */
     loginOption_LoginName                  = 'name',
     loginOption_LoginInstance              = 'inst',
-    
+
     loginOption_RememberPrincipal          = 'prin',
     loginOption_RememberExtras             = 'extr',
-    
+
     loginOption_MinimalTicketLifetime      = '-lif',
     loginOption_MaximalTicketLifetime      = '+lif',
     loginOption_DefaultTicketLifetime      = '0lif',
-    
+
     loginOption_DefaultRenewableTicket     = '0rtx',
     loginOption_MinimalRenewableLifetime   = '-rlf',
     loginOption_MaximalRenewableLifetime   = '+rlf',
     loginOption_DefaultRenewableLifetime   = '0rlf',
-    
+
     loginOption_DefaultForwardableTicket   = '0fwd',
     loginOption_DefaultProxiableTicket     = '0prx',
-    loginOption_DefaultAddresslessTicket   = '0adr'    
+    loginOption_DefaultAddresslessTicket   = '0adr'
 };
 typedef int32_t KLEDefaultLoginOptions;
 
 
-/* 
- * Realm list constants 
+/*
+ * Realm list constants
  */
 enum {
     realmList_Start  = 0,
@@ -115,12 +115,12 @@ typedef int32_t KLERealmListIndexes;
 #define klFirstError 19276
 #define klLastError  19876
 
-/* 
- * Error codes 
+/*
+ * Error codes
  */
 enum {
     klNoErr                             = 0,
-    
+
     /* Parameter errors */
     klParameterErr                      = 19276,
     klBadPrincipalErr,
@@ -129,13 +129,13 @@ enum {
     klInvalidVersionErr,
     klCapsLockErr,
     klBadV5ContextErr,
-    
+
     /* Get/SetKerberosOption errors */
     klBufferTooSmallErr                 = 19376,
     klBufferTooLargeErr,
     klInvalidOptionErr,
     klBadOptionValueErr,
-    
+
     /* Runtime Login errors */
     klUserCanceledErr                   = 19476,
     klMemFullErr,
@@ -152,17 +152,17 @@ enum {
     klCacheDoesNotExistErr,
     klNoHostnameErr,
     klCredentialsNeedValidationErr,
-    
+
     /* Password changing errors */
     klPasswordMismatchErr               = 19576,
     klInsecurePasswordErr,
     klPasswordChangeFailedErr,
-    
+
     /* Login IPC errors */
     klCantContactServerErr              = 19776,
     klCantDisplayUIErr,
     klServerInsecureErr
-    
+
 };
 typedef int32_t KLEStatus;
 
@@ -203,30 +203,30 @@ typedef kim_options KLLoginOptions;
 
 KLStatus KLAcquireTickets (KLPrincipal   inPrincipal,
                            KLPrincipal  *outPrincipal,
-                           char        **outCredCacheName) 
+                           char        **outCredCacheName)
     KERBEROSLOGIN_DEPRECATED;
 
 KLStatus KLAcquireNewTickets (KLPrincipal  inPrincipal,
                               KLPrincipal  *outPrincipal,
-                              char        **outCredCacheName) 
+                              char        **outCredCacheName)
     KERBEROSLOGIN_DEPRECATED;
 
 KLStatus KLAcquireTicketsWithPassword (KLPrincipal      inPrincipal,
                                        KLLoginOptions   inLoginOptions,
                                        const char      *inPassword,
-                                       char           **outCredCacheName) 
+                                       char           **outCredCacheName)
     KERBEROSLOGIN_DEPRECATED;
 
 KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal      inPrincipal,
                                           KLLoginOptions   inLoginOptions,
                                           const char      *inPassword,
-                                          char           **outCredCacheName) 
+                                          char           **outCredCacheName)
     KERBEROSLOGIN_DEPRECATED;
 
-KLStatus KLSetApplicationOptions (const void *inAppOptions) 
+KLStatus KLSetApplicationOptions (const void *inAppOptions)
     KERBEROSLOGIN_DEPRECATED;
 
-KLStatus KLGetApplicationOptions (void *outAppOptions) 
+KLStatus KLGetApplicationOptions (void *outAppOptions)
     KERBEROSLOGIN_DEPRECATED;
 
 
diff --git a/src/kim/lib/mac/KerberosLoginPrivate.h b/src/kim/lib/mac/KerberosLoginPrivate.h
index 52e10fcd1..09048397f 100644
--- a/src/kim/lib/mac/KerberosLoginPrivate.h
+++ b/src/kim/lib/mac/KerberosLoginPrivate.h
@@ -6,7 +6,7 @@
 * require a specific license from the United States Government.
 * It is the responsibility of any person or organization contemplating
 * export to obtain such a license before exporting.
-* 
+*
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
@@ -62,7 +62,7 @@ typedef krb5_error_code (*KLPrompterProcPtr) (krb5_context  context,
 KLStatus __KLSetApplicationPrompter (KLPrompterProcPtr inPrompter);
 
 #endif /* KERBEROSLOGIN_DEPRECATED */
-    
+
 /*****************/
 /*** Functions ***/
 /*****************/
@@ -93,8 +93,8 @@ KLStatus __KLGetTripletFromPrincipal (KLPrincipal         inPrincipal,
 KLStatus __KLCreatePrincipalFromKerberos5Principal (krb5_principal  inPrincipal,
                                                     KLPrincipal    *outPrincipal);
 
-KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal     inPrincipal, 
-                                                 krb5_context    inContext, 
+KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal     inPrincipal,
+                                                 krb5_context    inContext,
                                                  krb5_principal *outKrb5Principal);
 
 KLStatus __KLGetRealmFromPrincipal (KLPrincipal inPrincipal, char **outRealm);
@@ -120,4 +120,3 @@ KLStatus __KLRemoveKeychainPasswordForPrincipal (KLPrincipal inPrincipal);
 #endif
 
 #endif /* __KERBEROSLOGINPRIVATE__ */
-
diff --git a/src/kim/lib/mac/kim_os_debug.c b/src/kim/lib/mac/kim_os_debug.c
index e4236872f..b4d0db21c 100644
--- a/src/kim/lib/mac/kim_os_debug.c
+++ b/src/kim/lib/mac/kim_os_debug.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/kim/lib/mac/kim_os_identity.c b/src/kim/lib/mac/kim_os_identity.c
index a9c92d73a..c0f97b4fe 100644
--- a/src/kim/lib/mac/kim_os_identity.c
+++ b/src/kim/lib/mac/kim_os_identity.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -36,38 +36,38 @@ kim_boolean kim_os_identity_allow_save_password (void)
 {
     kim_boolean disabled = 0;
     CFPropertyListRef disable_pref = NULL;
-    
-    disable_pref = CFPreferencesCopyValue (CFSTR ("SavePasswordDisabled"), 
+
+    disable_pref = CFPreferencesCopyValue (CFSTR ("SavePasswordDisabled"),
                                            KIM_PREFERENCES_FILE,
                                            kCFPreferencesAnyUser,
                                            kCFPreferencesAnyHost);
     if (!disable_pref) {
-        disable_pref = CFPreferencesCopyValue (CFSTR ("SavePasswordDisabled"), 
+        disable_pref = CFPreferencesCopyValue (CFSTR ("SavePasswordDisabled"),
                                                KIM_PREFERENCES_FILE,
                                                kCFPreferencesAnyUser,
-                                               kCFPreferencesCurrentHost);        
+                                               kCFPreferencesCurrentHost);
     }
-    
+
     if (!disable_pref) {
-        disable_pref = CFPreferencesCopyValue (CFSTR ("SavePasswordDisabled"), 
+        disable_pref = CFPreferencesCopyValue (CFSTR ("SavePasswordDisabled"),
                                                KA_PREFERENCES_FILE,
                                                kCFPreferencesAnyUser,
-                                               kCFPreferencesAnyHost);        
+                                               kCFPreferencesAnyHost);
     }
-    
+
     if (!disable_pref) {
-        disable_pref = CFPreferencesCopyValue (CFSTR ("SavePasswordDisabled"), 
+        disable_pref = CFPreferencesCopyValue (CFSTR ("SavePasswordDisabled"),
                                                KA_PREFERENCES_FILE,
                                                kCFPreferencesAnyUser,
-                                               kCFPreferencesCurrentHost);        
+                                               kCFPreferencesCurrentHost);
     }
 
-    disabled = (disable_pref && 
+    disabled = (disable_pref &&
                 CFGetTypeID (disable_pref) == CFBooleanGetTypeID () &&
                 CFBooleanGetValue (disable_pref));
-    
+
     if (disable_pref) { CFRelease (disable_pref); }
-    
+
     return !disabled;
 }
 
@@ -81,47 +81,47 @@ kim_error kim_os_identity_get_saved_password (kim_identity  in_identity,
     kim_string name = NULL;
     void *buffer = NULL;
     UInt32 length = 0;
-    
+
     if (!err && !in_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && !kim_library_allow_home_directory_access ()) {
         err = check_error (ENOENT); /* simulate no password found */
     }
-    
+
     if (!err && !kim_os_identity_allow_save_password ()) {
         err = kim_os_identity_remove_saved_password (in_identity);
         if (!err) {
             err = check_error (ENOENT); /* simulate no password found */
         }
     }
-    
+
     if (!err) {
         err = kim_identity_get_components_string (in_identity, &name);
     }
-    
+
     if (!err) {
         err = kim_identity_get_realm (in_identity, &realm);
     }
-    
+
     if (!err) {
-        err = SecKeychainFindGenericPassword (nil, 
+        err = SecKeychainFindGenericPassword (nil,
                                               strlen (realm), realm,
                                               strlen (name), name,
-                                              &length, &buffer, 
+                                              &length, &buffer,
                                               nil);
-        
+
         if (!err && !buffer) { err = check_error (ENOENT); }
     }
-    
+
     if (!err) {
         err = kim_string_create_from_buffer (out_password, buffer, length);
     }
-    
+
     kim_string_free (&name);
     kim_string_free (&realm);
     if (buffer) { SecKeychainItemFreeContent (NULL, buffer); }
-    
+
     return check_error (err);
 }
 
@@ -133,63 +133,63 @@ kim_error kim_os_identity_set_saved_password (kim_identity in_identity,
     kim_error err = KIM_NO_ERROR;
     kim_string realm = NULL;
     kim_string name = NULL;
-    
+
     if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && !kim_library_allow_home_directory_access ()) {
         return KIM_NO_ERROR; /* simulate no error */
     }
-    
+
     if (!err && !kim_os_identity_allow_save_password ()) {
         return kim_os_identity_remove_saved_password (in_identity);
     }
-    
+
     if (!err) {
         err = kim_identity_get_components_string (in_identity, &name);
     }
-    
+
     if (!err) {
         err = kim_identity_get_realm (in_identity, &realm);
     }
-    
+
     if (!err) {
         SecKeychainItemRef itemRef = NULL;
         UInt32 namelen = strlen (name);
         UInt32 realmlen = strlen (realm);
-        
+
         /* Add the password to the keychain */
-        err = SecKeychainAddGenericPassword (nil, 
+        err = SecKeychainAddGenericPassword (nil,
                                              realmlen, realm,
                                              namelen, name,
                                              strlen (in_password), in_password,
-                                             &itemRef); 
-        
+                                             &itemRef);
+
         if (err == errSecDuplicateItem) {
             /* We've already stored a password for this principal
              * but it might have changed so update it */
             void *buffer = NULL;
             UInt32 length = 0;
-            
-            err = SecKeychainFindGenericPassword (nil, 
+
+            err = SecKeychainFindGenericPassword (nil,
                                                   realmlen, realm,
                                                   namelen, name,
-                                                  &length, &buffer, 
+                                                  &length, &buffer,
                                                   &itemRef);
-            
+
             if (!err) {
                 SecKeychainAttribute attrs[] = {
                     { kSecAccountItemAttr, namelen,  (char *) name },
                     { kSecServiceItemAttr, realmlen, (char *) realm } };
                 UInt32 count = sizeof(attrs) / sizeof(attrs[0]);
                 const SecKeychainAttributeList attrList = { count, attrs };
-                
+
                 err = SecKeychainItemModifyAttributesAndData (itemRef,
                                                               &attrList,
-                                                              strlen (in_password), 
+                                                              strlen (in_password),
                                                               in_password);
             }
-            
+
         } else if (!err) {
             /* We added a new entry, add a descriptive label */
             SecKeychainAttributeList *copiedAttrs = NULL;
@@ -197,50 +197,50 @@ kim_error kim_os_identity_set_saved_password (kim_identity in_identity,
             UInt32 tag = 7;
             UInt32 format = CSSM_DB_ATTRIBUTE_FORMAT_STRING;
             kim_string label = NULL;
-            
+
             attrInfo.count = 1;
             attrInfo.tag = &tag;
             attrInfo.format = &format;
-            
-            err = SecKeychainItemCopyAttributesAndData (itemRef, &attrInfo, 
-                                                        NULL, &copiedAttrs, 
+
+            err = SecKeychainItemCopyAttributesAndData (itemRef, &attrInfo,
+                                                        NULL, &copiedAttrs,
                                                         0, NULL);
-            
+
             if (!err) {
                 /* Label format used by Apple patches */
-                err = kim_string_create_from_format (&label, "%s (%s)", 
+                err = kim_string_create_from_format (&label, "%s (%s)",
                                                      realm, name);
             }
-            
+
             if (!err) {
                 SecKeychainAttributeList attrList;
                 SecKeychainAttribute attr;
-                
+
                 /* Copy the tag they gave us and copy in our label */
                 attr.tag = copiedAttrs->attr->tag;
                 attr.length = strlen (label);
                 attr.data = (char *) label;
-                
+
                 attrList.count = 1;
                 attrList.attr = &attr;
-                
+
                 /* And modify. */
-                err = SecKeychainItemModifyAttributesAndData (itemRef, &attrList, 
+                err = SecKeychainItemModifyAttributesAndData (itemRef, &attrList,
                                                               0, NULL);
             }
-            
+
             if (label      ) { kim_string_free (&label); }
-            if (copiedAttrs) { SecKeychainItemFreeAttributesAndData (copiedAttrs, NULL); }            
+            if (copiedAttrs) { SecKeychainItemFreeAttributesAndData (copiedAttrs, NULL); }
         }
-        
+
         if (itemRef) { CFRelease (itemRef); }
     }
-    
+
     kim_string_free (&name);
     kim_string_free (&realm);
-    
+
     return check_error (err);
-}    
+}
 
 /* ------------------------------------------------------------------------ */
 
@@ -249,58 +249,58 @@ kim_error kim_os_identity_remove_saved_password (kim_identity in_identity)
     kim_error err = KIM_NO_ERROR;
     kim_string realm = NULL;
     kim_string name = NULL;
-    
+
     if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && !kim_library_allow_home_directory_access ()) {
         return KIM_NO_ERROR; /* simulate no error */
     }
-    
+
     if (!err) {
         err = kim_identity_get_components_string (in_identity, &name);
     }
-    
+
     if (!err) {
         err = kim_identity_get_realm (in_identity, &realm);
     }
-    
+
     if (!err) {
         SecKeychainItemRef itemRef = NULL;
         UInt32 namelen = strlen (name);
         UInt32 realmlen = strlen (realm);
         void *buffer = NULL;
         UInt32 length = 0;
-        
-        err = SecKeychainFindGenericPassword (nil, 
+
+        err = SecKeychainFindGenericPassword (nil,
                                               realmlen, realm,
                                               namelen, name,
-                                              &length, &buffer, 
+                                              &length, &buffer,
                                               &itemRef);
-        
+
         if (!err) {
             err = SecKeychainItemDelete (itemRef);
-            
+
         } else if (err == errSecItemNotFound) {
             err = KIM_NO_ERROR; /* No password not an error */
         }
-    
+
         if (itemRef) { CFRelease (itemRef); }
     }
-    
+
     kim_string_free (&name);
     kim_string_free (&realm);
-    
+
     return check_error (err);
-}    
+}
 
 /* ------------------------------------------------------------------------ */
 
 kim_error kim_os_identity_create_for_username (kim_identity *out_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         struct passwd *pw = getpwuid (getuid ());
         if (pw) {
@@ -310,5 +310,5 @@ kim_error kim_os_identity_create_for_username (kim_identity *out_identity)
         }
     }
 
-    return check_error (err);    
+    return check_error (err);
 }
diff --git a/src/kim/lib/mac/kim_os_library.c b/src/kim/lib/mac/kim_os_library.c
index f3b269084..edecf2be0 100644
--- a/src/kim/lib/mac/kim_os_library.c
+++ b/src/kim/lib/mac/kim_os_library.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -44,11 +44,11 @@ MAKE_FINI_FUNCTION(kim_os_library_thread_fini);
 static int kim_os_library_thread_init (void)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err) {
         err = k5_mutex_finish_init (&g_bundle_lookup_mutex);
     }
-    
+
     return err;
 }
 
@@ -69,11 +69,11 @@ static void kim_os_library_thread_fini (void)
 kim_error kim_os_library_lock_for_bundle_lookup (void)
 {
     kim_error err = CALL_INIT_FUNCTION (kim_os_library_thread_init);
-    
+
     if (!err) {
         err = k5_mutex_lock (&g_bundle_lookup_mutex);
     }
-    
+
     return err;
 }
 
@@ -82,11 +82,11 @@ kim_error kim_os_library_lock_for_bundle_lookup (void)
 kim_error kim_os_library_unlock_for_bundle_lookup (void)
 {
     kim_error err = CALL_INIT_FUNCTION (kim_os_library_thread_init);
-    
+
     if (!err) {
         err = k5_mutex_unlock (&g_bundle_lookup_mutex);
     }
-    
+
     return err;
 }
 
@@ -97,20 +97,20 @@ kim_error kim_os_library_unlock_for_bundle_lookup (void)
 kim_boolean kim_os_library_caller_uses_gui (void)
 {
     kim_boolean caller_uses_gui = 0;
-    
-    /* Check for the HIToolbox (Carbon) or AppKit (Cocoa).  
+
+    /* Check for the HIToolbox (Carbon) or AppKit (Cocoa).
      * If either is loaded, we are a GUI app! */
     CFBundleRef appKitBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.AppKit"));
     CFBundleRef hiToolBoxBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.HIToolbox"));
-    
+
     if (hiToolBoxBundle && CFBundleIsExecutableLoaded (hiToolBoxBundle)) {
         caller_uses_gui = 1; /* Using Carbon */
     }
-    
+
     if (appKitBundle && CFBundleIsExecutableLoaded (appKitBundle)) {
         caller_uses_gui = 1; /* Using Cocoa */
-    }    
-    
+    }
+
     return caller_uses_gui;
 }
 
@@ -120,33 +120,33 @@ kim_ui_environment kim_os_library_get_ui_environment (void)
 {
 #ifdef KIM_BUILTIN_UI
     kim_boolean has_gui_access = 0;
-    SessionAttributeBits sattrs = 0L;    
-    
-    has_gui_access = ((SessionGetInfo (callerSecuritySession, 
-                                       NULL, &sattrs) == noErr) && 
+    SessionAttributeBits sattrs = 0L;
+
+    has_gui_access = ((SessionGetInfo (callerSecuritySession,
+                                       NULL, &sattrs) == noErr) &&
                       (sattrs & sessionHasGraphicAccess));
-    
+
     if (has_gui_access && kim_os_library_caller_uses_gui ()) {
         return KIM_UI_ENVIRONMENT_GUI;
     }
-    
+
     {
         int fd_stdin = fileno (stdin);
         int fd_stdout = fileno (stdout);
         char *fd_stdin_name = ttyname (fd_stdin);
-        
+
         /* Session info isn't reliable for remote sessions.
          * Check manually for terminal access with file descriptors */
         if (isatty (fd_stdin) && isatty (fd_stdout) && fd_stdin_name) {
             return KIM_UI_ENVIRONMENT_CLI;
         }
     }
-    
+
     /* If we don't have a CLI but can talk to the GUI, use that */
     if (has_gui_access) {
         return KIM_UI_ENVIRONMENT_GUI;
     }
-    
+
     kim_debug_printf ("kim_os_library_get_ui_environment(): no way to talk to the user.");
 #endif
     return KIM_UI_ENVIRONMENT_NONE;
@@ -167,7 +167,7 @@ kim_boolean kim_os_library_caller_is_server (void)
             }
         }
     }
-    
+
     return FALSE;
 }
 
@@ -180,7 +180,7 @@ kim_error kim_os_library_get_application_path (kim_string *out_path)
     kim_error err = KIM_NO_ERROR;
     kim_string path = NULL;
     CFBundleRef bundle = CFBundleGetMainBundle ();
-    
+
     if (!err && !out_path) { err = check_error (KIM_NULL_PARAMETER_ERR); }
 
     /* Check if the caller is a bundle */
@@ -190,42 +190,42 @@ kim_error kim_os_library_get_application_path (kim_string *out_path)
         CFURLRef executable_url = CFBundleCopyExecutableURL (bundle);
         CFURLRef absolute_url = NULL;
         CFStringRef cfpath = NULL;
-        
+
         if (bundle_url && resources_url && !CFEqual (bundle_url, resources_url)) {
             absolute_url = CFURLCopyAbsoluteURL (bundle_url);
         } else if (executable_url) {
             absolute_url = CFURLCopyAbsoluteURL (executable_url);
         }
-        
+
         if (absolute_url) {
-            cfpath = CFURLCopyFileSystemPath (absolute_url, 
+            cfpath = CFURLCopyFileSystemPath (absolute_url,
                                               kCFURLPOSIXPathStyle);
             if (!cfpath) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
         }
-        
+
         if (!err && cfpath) {
             err = kim_os_string_create_from_cfstring (&path, cfpath);
         }
-        
-        if (cfpath        ) { CFRelease (cfpath); }        
+
+        if (cfpath        ) { CFRelease (cfpath); }
         if (absolute_url  ) { CFRelease (absolute_url); }
         if (bundle_url    ) { CFRelease (bundle_url); }
         if (resources_url ) { CFRelease (resources_url); }
         if (executable_url) { CFRelease (executable_url); }
     }
-    
+
     /* Caller is not a bundle, try _NSGetExecutablePath */
     /* Note: this does not work on CFM applications */
     if (!err && !path) {
         char *buffer = NULL;
         uint32_t len = 0;
-        
+
         /* Tiny stupid buffer to get the length of the path */
         if (!err) {
             buffer = malloc (1);
             if (!buffer) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
         }
-        
+
         /* Get the length of the path */
         if (!err) {
             if (_NSGetExecutablePath (buffer, &len) != 0) {
@@ -237,7 +237,7 @@ kim_error kim_os_library_get_application_path (kim_string *out_path)
                 }
             }
         }
-        
+
         /* Get the path */
         if (!err) {
             if (_NSGetExecutablePath (buffer, &len) != 0) {
@@ -246,18 +246,18 @@ kim_error kim_os_library_get_application_path (kim_string *out_path)
                 err = kim_string_copy (&path, buffer);
             }
         }
-        
+
         if (buffer) { free (buffer); }
     }
-    
+
     if (!err) {
         *out_path = path;
         path = NULL;
     }
-    
+
     kim_string_free (&path);
-    
-    return check_error (err);    
+
+    return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -268,65 +268,65 @@ kim_error kim_os_library_get_caller_name (kim_string *out_application_name)
     kim_string name = NULL;
     CFBundleRef bundle = CFBundleGetMainBundle ();
     CFStringRef cfname = NULL;
-    
+
     if (!err && !out_application_name) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err && bundle) {
-        cfname = CFBundleGetValueForInfoDictionaryKey (bundle, 
+        cfname = CFBundleGetValueForInfoDictionaryKey (bundle,
                                                        kCFBundleNameKey);
-        
+
         if (!cfname || CFGetTypeID (cfname) != CFStringGetTypeID ()) {
-            cfname = CFBundleGetValueForInfoDictionaryKey (bundle, 
+            cfname = CFBundleGetValueForInfoDictionaryKey (bundle,
                                                            kCFBundleExecutableKey);
         }
-        
+
         if (cfname) {
             cfname = CFStringCreateCopy (kCFAllocatorDefault, cfname);
         }
     }
-    
+
     if (!err && !cfname) {
         kim_string path = NULL;
         CFURLRef cfpath = NULL;
         CFURLRef cfpathnoext = NULL;
-        
+
         err = kim_os_library_get_application_path (&path);
-        
+
         if (!err) {
             cfpath = CFURLCreateFromFileSystemRepresentation (kCFAllocatorDefault,
                                                               (const UInt8 *) path,
                                                               strlen (path),
                                                               0);
-            
+
             if (cfpath) {
                 cfpathnoext = CFURLCreateCopyDeletingPathExtension (kCFAllocatorDefault,
                                                                     cfpath);
             }
-            
+
             if (cfpathnoext) {
                 cfname = CFURLCopyLastPathComponent (cfpathnoext);
             } else {
                 cfname = CFURLCopyLastPathComponent (cfpath);
             }
         }
-        
+
         if (cfpathnoext) { CFRelease (cfpathnoext); }
         if (cfpath     ) { CFRelease (cfpath); }
         kim_string_free (&path);
     }
-    
+
     if (!err && cfname) {
         err = kim_os_string_create_from_cfstring (&name, cfname);
     }
-    
+
     if (!err) {
         *out_application_name = name;
         name = NULL;
-        
+
     }
 
     if (cfname) { CFRelease (cfname); }
     kim_string_free (&name);
-    
+
     return check_error (err);
 }
diff --git a/src/kim/lib/mac/kim_os_preferences.c b/src/kim/lib/mac/kim_os_preferences.c
index 87700ef89..4cbac8b61 100644
--- a/src/kim/lib/mac/kim_os_preferences.c
+++ b/src/kim/lib/mac/kim_os_preferences.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -38,51 +38,51 @@ static CFStringRef kim_os_preferences_cfstring_for_key (kim_preference_key in_ke
 {
     if (in_key == kim_preference_key_options) {
         return CFSTR ("CredentialOptions");
-        
+
     } else if (in_key == kim_preference_key_lifetime) {
         return CFSTR ("CredentialLifetime");
-        
+
     } else if (in_key == kim_preference_key_renewable) {
         return CFSTR ("RenewableCredentials");
-        
+
     } else if (in_key == kim_preference_key_renewal_lifetime) {
         return CFSTR ("CredentialRenewalLifetime");
-        
+
     } else if (in_key == kim_preference_key_forwardable) {
         return CFSTR ("ForwardableCredentials");
-        
+
     } else if (in_key == kim_preference_key_proxiable) {
         return CFSTR ("ProxiableCredentials");
-        
+
     } else if (in_key == kim_preference_key_addressless) {
         return CFSTR ("AddresslessCredentials");
-        
+
     } else if (in_key == kim_preference_key_remember_options) {
         return CFSTR ("RememberCredentialAttributes");
-        
+
     } else if (in_key == kim_preference_key_client_identity) {
         return CFSTR ("ClientIdentity");
-        
+
     } else if (in_key == kim_preference_key_remember_client_identity) {
         return CFSTR ("RememberClientIdentity");
-        
+
     } else if (in_key == kim_preference_key_favorites) {
         return CFSTR ("FavoriteIdentities");
-        
+
     } else if (in_key == kim_preference_key_minimum_lifetime) {
         return CFSTR ("MinimumLifetime");
-        
+
     } else if (in_key == kim_preference_key_maximum_lifetime) {
         return CFSTR ("MaximumLifetime");
-        
+
     } else if (in_key == kim_preference_key_minimum_renewal_lifetime) {
         return CFSTR ("MinimumRenewalLifetime");
-        
+
     } else if (in_key == kim_preference_key_maximum_renewal_lifetime) {
         return CFSTR ("MaximumRenewalLifetime");
-        
+
     }
-    
+
     return NULL; /* ignore unsupported keys */
 }
 
@@ -92,95 +92,95 @@ static CFStringRef kim_os_preferences_compat_cfstring_for_key (kim_preference_ke
 {
     if (in_key == kim_preference_key_lifetime) {
         return CFSTR ("KLDefaultTicketLifetime");
-        
+
     } else if (in_key == kim_preference_key_renewable) {
         return CFSTR ("KLGetRenewableTickets");
-        
+
     } else if (in_key == kim_preference_key_renewal_lifetime) {
         return CFSTR ("KLDefaultRenewableLifetime");
-        
+
     } else if (in_key == kim_preference_key_forwardable) {
         return CFSTR ("KLDefaultForwardableTicket");
-        
+
     } else if (in_key == kim_preference_key_proxiable) {
         return CFSTR ("KLGetProxiableTickets");
-        
+
     } else if (in_key == kim_preference_key_addressless) {
         return CFSTR ("KLGetAddresslessTickets");
-        
+
     } else if (in_key == kim_preference_key_remember_options) {
         return CFSTR ("KLRememberExtras");
-        
+
     } else if (in_key == kim_preference_key_client_identity) {
         return CFSTR ("KLName");
-        
+
     } else if (in_key == kim_preference_key_remember_client_identity) {
         return CFSTR ("KLRememberPrincipal");
-        
+
     } else if (in_key == kim_preference_key_favorites) {
         return CFSTR ("KLFavoriteIdentities");
-        
+
     } else if (in_key == kim_preference_key_minimum_lifetime) {
         return CFSTR ("KLMinimumTicketLifetime");
-        
+
     } else if (in_key == kim_preference_key_maximum_lifetime) {
         return CFSTR ("KLMaximumTicketLifetime");
-        
+
     } else if (in_key == kim_preference_key_minimum_renewal_lifetime) {
         return CFSTR ("KLMinimumRenewableLifetime");
-        
+
     } else if (in_key == kim_preference_key_maximum_renewal_lifetime) {
         return CFSTR ("KLMaximumRenewableLifetime");
-        
+
     }
-    
+
     return NULL; /* ignore unsupported keys */
 }
 
 /* ------------------------------------------------------------------------ */
 
-static kim_error kim_os_preferences_copy_value_for_file (CFStringRef         in_key, 
-                                                         CFTypeID            in_type, 
+static kim_error kim_os_preferences_copy_value_for_file (CFStringRef         in_key,
+                                                         CFTypeID            in_type,
                                                          CFStringRef         in_file,
                                                          CFPropertyListRef  *out_value)
 {
-    
+
     kim_error err = KIM_NO_ERROR;
     CFPropertyListRef value = NULL;
     CFStringRef users[] = { kCFPreferencesCurrentUser, kCFPreferencesAnyUser, NULL };
     CFStringRef hosts[] = { kCFPreferencesCurrentHost, kCFPreferencesAnyHost, NULL };
-    
+
     if (!err && !in_key   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_file  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_value) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_count u, h;
-        
+
         if (!kim_library_allow_home_directory_access()) {
             users[0] = kCFPreferencesAnyUser;
             users[1] = NULL;
         }
-        
+
         for (u = 0; !value && users[u]; u++) {
             for (h = 0; !value && hosts[h]; h++) {
                 value = CFPreferencesCopyValue (in_key, in_file, users[u], hosts[h]);
             }
-        }        
-        
+        }
+
         if (value && CFGetTypeID (value) != in_type) {
             err = check_error (KIM_PREFERENCES_READ_ERR);
         }
     }
-    
-    
+
+
     if (!err) {
         *out_value = value;
         value = NULL;
     }
-    
+
     if (value) { CFRelease (value); }
-    
+
     return check_error (err);
 }
 
@@ -188,61 +188,61 @@ static kim_error kim_os_preferences_copy_value_for_file (CFStringRef         in_
 
 /* ------------------------------------------------------------------------ */
 
-static kim_error kim_os_preferences_copy_value (kim_preference_key  in_key, 
-                                                CFTypeID            in_type, 
+static kim_error kim_os_preferences_copy_value (kim_preference_key  in_key,
+                                                CFTypeID            in_type,
                                                 CFPropertyListRef  *out_value)
 {
     kim_error err = KIM_NO_ERROR;
     CFStringRef key = kim_os_preferences_cfstring_for_key (in_key);
-    
+
     err = kim_os_preferences_copy_value_for_file (key, in_type,
                                                   KIM_PREFERENCES_FILE,
                                                   out_value);
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-static kim_error kim_os_preferences_copy_value_compat (kim_preference_key  in_key, 
-                                                       CFTypeID            in_type, 
+static kim_error kim_os_preferences_copy_value_compat (kim_preference_key  in_key,
+                                                       CFTypeID            in_type,
                                                        CFPropertyListRef  *out_value)
 {
     kim_error err = KIM_NO_ERROR;
     CFStringRef key = kim_os_preferences_compat_cfstring_for_key (in_key);
-    
+
     err = kim_os_preferences_copy_value_for_file (key, in_type,
                                                   KLL_PREFERENCES_FILE,
                                                   out_value);
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-static kim_error kim_os_preferences_set_value (kim_preference_key in_key, 
+static kim_error kim_os_preferences_set_value (kim_preference_key in_key,
                                                CFPropertyListRef  in_value)
 {
     kim_error err = KIM_NO_ERROR;
     CFStringRef key = NULL;
-    
+
     /* in_value may be NULL if removing the key */
-    
+
     if (!err) {
         key = kim_os_preferences_cfstring_for_key (in_key);
     }
-    
+
     if (!err && key) {
         kim_boolean homedir_ok = kim_library_allow_home_directory_access();
         CFStringRef user = homedir_ok ? kCFPreferencesCurrentUser : kCFPreferencesAnyUser;
         CFStringRef host = homedir_ok ? kCFPreferencesAnyHost : kCFPreferencesCurrentHost;
-        
+
         CFPreferencesSetValue (key, in_value, KIM_PREFERENCES_FILE, user, host);
         if (!CFPreferencesSynchronize (KIM_PREFERENCES_FILE, user, host)) {
             err = check_error (KIM_PREFERENCES_WRITE_ERR);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -250,35 +250,35 @@ static kim_error kim_os_preferences_set_value (kim_preference_key in_key,
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_get_identity_for_key (kim_preference_key  in_key, 
+kim_error kim_os_preferences_get_identity_for_key (kim_preference_key  in_key,
                                                    kim_identity        in_hardcoded_default,
                                                    kim_identity       *out_identity)
 {
     kim_error err = KIM_NO_ERROR;
     kim_string string = NULL;
     CFStringRef value = NULL;
-    
+
     if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_os_preferences_copy_value (in_key, CFStringGetTypeID (), 
+        err = kim_os_preferences_copy_value (in_key, CFStringGetTypeID (),
                                              (CFPropertyListRef *) &value);
-        
+
     }
-    
+
     if (!err && !value) {
-        err = kim_os_preferences_copy_value_compat (in_key, CFStringGetTypeID (), 
+        err = kim_os_preferences_copy_value_compat (in_key, CFStringGetTypeID (),
                                                     (CFPropertyListRef *) &value);
     }
-    
+
     if (!err) {
         if (value) {
             err = kim_os_string_create_from_cfstring (&string, value);
-            
+
             if (!err) {
                 if (!strcmp (kim_os_preference_any_identity, string)) {
                     *out_identity = KIM_IDENTITY_ANY;
-                    
+
                 } else {
                     err = kim_identity_create_from_string (out_identity, string);
                 }
@@ -287,68 +287,68 @@ kim_error kim_os_preferences_get_identity_for_key (kim_preference_key  in_key,
             err = kim_identity_copy (out_identity, in_hardcoded_default);
         }
     }
-    
+
     kim_string_free (&string);
     if (value) { CFRelease (value); }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_set_identity_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_identity_for_key (kim_preference_key in_key,
                                                    kim_identity       in_identity)
 {
     kim_error err = KIM_NO_ERROR;
     CFStringRef value = NULL;
     kim_string string = NULL;
-    
+
     /* in_identity can be KIM_IDENTITY_ANY */
-    
+
     if (!err) {
         if (in_identity) {
             err = kim_identity_get_string (in_identity, &string);
-            
+
         } else {
             err = kim_string_copy (&string, kim_os_preference_any_identity);
         }
     }
-    
+
     if (!err) {
         err = kim_os_string_get_cfstring (string, &value);
     }
-    
+
     if (!err) {
         err = kim_os_preferences_set_value (in_key, value);
     }
-    
+
     if (value) { CFRelease (value); }
     kim_string_free (&string);
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_get_lifetime_for_key (kim_preference_key  in_key, 
+kim_error kim_os_preferences_get_lifetime_for_key (kim_preference_key  in_key,
                                                    kim_lifetime        in_hardcoded_default,
                                                    kim_lifetime       *out_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
     CFNumberRef value = NULL;
-    
+
     if (!err && !out_lifetime) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_os_preferences_copy_value (in_key, CFNumberGetTypeID (), 
+        err = kim_os_preferences_copy_value (in_key, CFNumberGetTypeID (),
                                              (CFPropertyListRef *) &value);
     }
-    
+
     if (!err && !value) {
-        err = kim_os_preferences_copy_value_compat (in_key, CFNumberGetTypeID (), 
+        err = kim_os_preferences_copy_value_compat (in_key, CFNumberGetTypeID (),
                                                     (CFPropertyListRef *) &value);
     }
-    
+
     if (!err) {
         if (value) {
             SInt32 number; // CFNumbers are signed so we need to cast
@@ -361,56 +361,56 @@ kim_error kim_os_preferences_get_lifetime_for_key (kim_preference_key  in_key,
             *out_lifetime = in_hardcoded_default;
         }
     }
-    
+
     if (value) { CFRelease (value); }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_set_lifetime_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_lifetime_for_key (kim_preference_key in_key,
                                                    kim_lifetime       in_lifetime)
 {
     kim_error err = KIM_NO_ERROR;
     CFNumberRef value = NULL;
     SInt32 number = (SInt32) in_lifetime;
-    
+
     if (!err) {
         value = CFNumberCreate (kCFAllocatorDefault, kCFNumberSInt32Type, &number);
         if (!value) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         err = kim_os_preferences_set_value (in_key, value);
     }
-    
+
     if (value) { CFRelease (value); }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_get_boolean_for_key (kim_preference_key  in_key, 
+kim_error kim_os_preferences_get_boolean_for_key (kim_preference_key  in_key,
                                                   kim_boolean         in_hardcoded_default,
                                                   kim_boolean        *out_boolean)
 {
     kim_error err = KIM_NO_ERROR;
     CFBooleanRef value = NULL;
-    
+
     if (!err && !out_boolean) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_os_preferences_copy_value (in_key, CFBooleanGetTypeID (), 
+        err = kim_os_preferences_copy_value (in_key, CFBooleanGetTypeID (),
                                              (CFPropertyListRef *) &value);
     }
-    
+
     if (!err && !value) {
-        err = kim_os_preferences_copy_value_compat (in_key, CFBooleanGetTypeID (), 
+        err = kim_os_preferences_copy_value_compat (in_key, CFBooleanGetTypeID (),
                                                     (CFPropertyListRef *) &value);
     }
-    
+
     if (!err) {
         if (value) {
             *out_boolean = CFBooleanGetValue (value);
@@ -418,24 +418,24 @@ kim_error kim_os_preferences_get_boolean_for_key (kim_preference_key  in_key,
             *out_boolean = in_hardcoded_default;
         }
     }
-    
+
     if (value) { CFRelease (value); }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_set_boolean_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_boolean_for_key (kim_preference_key in_key,
                                                   kim_boolean        in_boolean)
 {
     kim_error err = KIM_NO_ERROR;
     CFBooleanRef value = in_boolean ? kCFBooleanTrue : kCFBooleanFalse;
-    
+
     if (!err) {
         err = kim_os_preferences_set_value (in_key, value);
     }
-    
+
     return check_error (err);
 }
 
@@ -444,167 +444,167 @@ kim_error kim_os_preferences_set_boolean_for_key (kim_preference_key in_key,
 /* ------------------------------------------------------------------------ */
 
 static kim_error kim_os_preferences_copy_value_for_dict_key (CFDictionaryRef     in_dictionary,
-                                                             kim_preference_key  in_key, 
-                                                             CFTypeID            in_type, 
+                                                             kim_preference_key  in_key,
+                                                             CFTypeID            in_type,
                                                              CFPropertyListRef  *out_value)
 {
     kim_error err = KIM_NO_ERROR;
     CFPropertyListRef value = NULL;
-    
+
     if (!err && !in_dictionary) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_value    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         CFStringRef key = kim_os_preferences_cfstring_for_key (in_key);
-        
+
         value = CFDictionaryGetValue (in_dictionary, key);
         if (value && CFGetTypeID (value) != in_type) {
             err = check_error (KIM_PREFERENCES_READ_ERR);
         }
     }
-    
+
     if (!err) {
         *out_value = value;
     }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 static kim_error kim_os_preferences_set_value_for_dict_key (CFMutableDictionaryRef in_dictionary,
-                                                            kim_preference_key     in_key, 
+                                                            kim_preference_key     in_key,
                                                             CFPropertyListRef      in_value)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_dictionary) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_value     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         CFStringRef key = kim_os_preferences_cfstring_for_key (in_key);
-        
+
         CFDictionarySetValue (in_dictionary, key, in_value);
     }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-static kim_error kim_os_preferences_dictionary_to_options (CFDictionaryRef  in_dictionary, 
+static kim_error kim_os_preferences_dictionary_to_options (CFDictionaryRef  in_dictionary,
                                                            kim_options     *out_options)
 {
     kim_error err = KIM_NO_ERROR;
     kim_options options = KIM_OPTIONS_DEFAULT;
     kim_boolean found_options = 0;
-    
+
     if (!err && !in_dictionary) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_options  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_options_create_empty (&options);
     }
-    
+
     if (!err) {
         CFBooleanRef value = NULL;
-        
+
         err = kim_os_preferences_copy_value_for_dict_key (in_dictionary,
-                                                          kim_preference_key_renewable, 
-                                                          CFBooleanGetTypeID (), 
+                                                          kim_preference_key_renewable,
+                                                          CFBooleanGetTypeID (),
                                                           (CFPropertyListRef *) &value);
-        
+
         if (!err && value) {
             found_options = 1;
             err = kim_options_set_renewable (options, CFBooleanGetValue (value));
         }
     }
-    
+
     if (!err) {
         CFNumberRef value = NULL;
         SInt32 lifetime; // CFNumbers are signed so we need to cast
-        
+
         err = kim_os_preferences_copy_value_for_dict_key (in_dictionary,
-                                                          kim_preference_key_lifetime, 
-                                                          CFNumberGetTypeID (), 
+                                                          kim_preference_key_lifetime,
+                                                          CFNumberGetTypeID (),
                                                           (CFPropertyListRef *) &value);
-        
-        if (!err && value && CFNumberGetValue (value, kCFNumberSInt32Type, 
+
+        if (!err && value && CFNumberGetValue (value, kCFNumberSInt32Type,
                                                &lifetime)) {
             found_options = 1;
             err = kim_options_set_lifetime (options, lifetime);
         }
     }
-    
+
     if (!err) {
         CFNumberRef value = NULL;
         SInt32 lifetime; // CFNumbers are signed so we need to cast
-        
+
         err = kim_os_preferences_copy_value_for_dict_key (in_dictionary,
-                                                          kim_preference_key_renewal_lifetime, 
-                                                          CFNumberGetTypeID (), 
+                                                          kim_preference_key_renewal_lifetime,
+                                                          CFNumberGetTypeID (),
                                                           (CFPropertyListRef *) &value);
-        
-        if (!err && value && CFNumberGetValue (value, kCFNumberSInt32Type, 
+
+        if (!err && value && CFNumberGetValue (value, kCFNumberSInt32Type,
                                                &lifetime)) {
             found_options = 1;
             err = kim_options_set_renewal_lifetime (options, lifetime);
         }    }
-    
+
     if (!err) {
         CFBooleanRef value = NULL;
-        
+
         err = kim_os_preferences_copy_value_for_dict_key (in_dictionary,
-                                                          kim_preference_key_forwardable, 
-                                                          CFBooleanGetTypeID (), 
+                                                          kim_preference_key_forwardable,
+                                                          CFBooleanGetTypeID (),
                                                           (CFPropertyListRef *) &value);
-        
+
         if (!err && value) {
             found_options = 1;
             err = kim_options_set_forwardable (options, CFBooleanGetValue (value));
         }
     }
-    
+
     if (!err) {
         CFBooleanRef value = NULL;
-        
+
         err = kim_os_preferences_copy_value_for_dict_key (in_dictionary,
-                                                          kim_preference_key_proxiable, 
-                                                          CFBooleanGetTypeID (), 
+                                                          kim_preference_key_proxiable,
+                                                          CFBooleanGetTypeID (),
                                                           (CFPropertyListRef *) &value);
-        
+
         if (!err && value) {
             found_options = 1;
             err = kim_options_set_proxiable (options, CFBooleanGetValue (value));
         }
     }
-    
+
     if (!err) {
         CFBooleanRef value = NULL;
-        
+
         err = kim_os_preferences_copy_value_for_dict_key (in_dictionary,
-                                                          kim_preference_key_addressless, 
-                                                          CFBooleanGetTypeID (), 
+                                                          kim_preference_key_addressless,
+                                                          CFBooleanGetTypeID (),
                                                           (CFPropertyListRef *) &value);
-        
+
         if (!err && value) {
             found_options = 1;
             err = kim_options_set_addressless (options, CFBooleanGetValue (value));
         }
     }
-    
+
     if (!err && !found_options) {
         kim_options_free (&options);
         options = KIM_OPTIONS_DEFAULT;
     }
-    
+
     if (!err) {
         *out_options = options;
         options = NULL;
     }
-    
+
     kim_options_free (&options);
-    
+
     return check_error (err);
 }
 
@@ -614,112 +614,112 @@ static kim_error kim_os_preferences_options_to_dictionary (kim_options
                                                            CFMutableDictionaryRef io_dictionary)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_options   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !io_dictionary) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         CFNumberRef value = NULL;
         kim_lifetime lifetime;
-        
+
         err = kim_options_get_lifetime (in_options, &lifetime);
-        
+
         if (!err) {
             SInt32 number = (SInt32) lifetime;
-            
-            value = CFNumberCreate (kCFAllocatorDefault, 
+
+            value = CFNumberCreate (kCFAllocatorDefault,
                                     kCFNumberSInt32Type, &number);
             if (!value) { err = KIM_OUT_OF_MEMORY_ERR; }
         }
-        
+
         if (!err) {
-            err = kim_os_preferences_set_value_for_dict_key (io_dictionary, 
-                                                             kim_preference_key_lifetime, 
+            err = kim_os_preferences_set_value_for_dict_key (io_dictionary,
+                                                             kim_preference_key_lifetime,
                                                              value);
         }
-        
-        if (value) { CFRelease (value); }        
+
+        if (value) { CFRelease (value); }
     }
-    
+
     if (!err) {
         kim_boolean boolean;
-        
+
         err = kim_options_get_renewable (in_options, &boolean);
-        
+
         if (!err) {
             CFBooleanRef value = boolean ? kCFBooleanTrue : kCFBooleanFalse;
-            
-            err = kim_os_preferences_set_value_for_dict_key (io_dictionary, 
-                                                             kim_preference_key_renewable, 
+
+            err = kim_os_preferences_set_value_for_dict_key (io_dictionary,
+                                                             kim_preference_key_renewable,
                                                              value);
         }
-    }    
-    
+    }
+
     if (!err) {
         CFNumberRef value = NULL;
         kim_lifetime lifetime;
-        
+
         err = kim_options_get_renewal_lifetime (in_options, &lifetime);
-        
+
         if (!err) {
             SInt32 number = (SInt32) lifetime;
-            
-            value = CFNumberCreate (kCFAllocatorDefault, 
+
+            value = CFNumberCreate (kCFAllocatorDefault,
                                     kCFNumberSInt32Type, &number);
             if (!value) { err = KIM_OUT_OF_MEMORY_ERR; }
         }
-        
+
         if (!err) {
-            err = kim_os_preferences_set_value_for_dict_key (io_dictionary, 
-                                                             kim_preference_key_renewal_lifetime, 
+            err = kim_os_preferences_set_value_for_dict_key (io_dictionary,
+                                                             kim_preference_key_renewal_lifetime,
                                                              value);
         }
-        
-        if (value) { CFRelease (value); }        
+
+        if (value) { CFRelease (value); }
     }
-    
+
     if (!err) {
         kim_boolean boolean;
-        
+
         err = kim_options_get_forwardable (in_options, &boolean);
-        
+
         if (!err) {
             CFBooleanRef value = boolean ? kCFBooleanTrue : kCFBooleanFalse;
-            
-            err = kim_os_preferences_set_value_for_dict_key (io_dictionary, 
-                                                             kim_preference_key_forwardable, 
+
+            err = kim_os_preferences_set_value_for_dict_key (io_dictionary,
+                                                             kim_preference_key_forwardable,
                                                              value);
         }
-    }    
-    
+    }
+
     if (!err) {
         kim_boolean boolean;
-        
+
         err = kim_options_get_proxiable (in_options, &boolean);
-        
+
         if (!err) {
             CFBooleanRef value = boolean ? kCFBooleanTrue : kCFBooleanFalse;
-            
-            err = kim_os_preferences_set_value_for_dict_key (io_dictionary, 
-                                                             kim_preference_key_proxiable, 
+
+            err = kim_os_preferences_set_value_for_dict_key (io_dictionary,
+                                                             kim_preference_key_proxiable,
                                                              value);
         }
     }
-    
+
     if (!err) {
         kim_boolean boolean;
-        
+
         err = kim_options_get_addressless (in_options, &boolean);
-        
+
         if (!err) {
             CFBooleanRef value = boolean ? kCFBooleanTrue : kCFBooleanFalse;
-            
-            err = kim_os_preferences_set_value_for_dict_key (io_dictionary, 
-                                                             kim_preference_key_addressless, 
+
+            err = kim_os_preferences_set_value_for_dict_key (io_dictionary,
+                                                             kim_preference_key_addressless,
                                                              value);
         }
-    }    
-    
+    }
+
     return check_error (err);
 }
 
@@ -734,164 +734,164 @@ static kim_error kim_os_preferences_get_options_compat (kim_options *out_options
     kim_error err = KIM_NO_ERROR;
     kim_options options = KIM_OPTIONS_DEFAULT;
     kim_boolean found_options = 0;
-    
+
     if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_options_create_empty (&options);
     }
-    
-    if (!err) { 
+
+    if (!err) {
         CFNumberRef value = NULL;
         SInt32 lifetime; // CFNumbers are signed so we need to cast
-        
-        err = kim_os_preferences_copy_value_compat (kim_preference_key_lifetime, 
-                                                    CFNumberGetTypeID (), 
+
+        err = kim_os_preferences_copy_value_compat (kim_preference_key_lifetime,
+                                                    CFNumberGetTypeID (),
                                                     (CFPropertyListRef *) &value);
-        
-        if (!err && value && CFNumberGetValue (value, kCFNumberSInt32Type, 
+
+        if (!err && value && CFNumberGetValue (value, kCFNumberSInt32Type,
                                                &lifetime)) {
             found_options = 1;
             err = kim_options_set_lifetime (options, lifetime);
         }
-        
+
         if (value) { CFRelease (value); }
     }
-    
+
     if (!err) {
         CFBooleanRef value = NULL;
-        
-        err = kim_os_preferences_copy_value_compat (kim_preference_key_renewable, 
-                                                    CFBooleanGetTypeID (), 
+
+        err = kim_os_preferences_copy_value_compat (kim_preference_key_renewable,
+                                                    CFBooleanGetTypeID (),
                                                     (CFPropertyListRef *) &value);
-        
+
         if (!err && value) {
             found_options = 1;
             err = kim_options_set_renewable (options, CFBooleanGetValue (value));
         }
-        
+
         if (value) { CFRelease (value); }
     }
-    
+
     if (!err) {
         CFNumberRef value = NULL;
         SInt32 lifetime; // CFNumbers are signed so we need to cast
-        
-        err = kim_os_preferences_copy_value_compat (kim_preference_key_renewal_lifetime, 
-                                                    CFNumberGetTypeID (), 
+
+        err = kim_os_preferences_copy_value_compat (kim_preference_key_renewal_lifetime,
+                                                    CFNumberGetTypeID (),
                                                     (CFPropertyListRef *) &value);
-        
-        if (!err && value && CFNumberGetValue (value, kCFNumberSInt32Type, 
+
+        if (!err && value && CFNumberGetValue (value, kCFNumberSInt32Type,
                                                &lifetime)) {
             found_options = 1;
             err = kim_options_set_renewal_lifetime (options, lifetime);
         }
-        
+
         if (value) { CFRelease (value); }
     }
-    
+
     if (!err) {
         CFBooleanRef value = NULL;
-        
-        err = kim_os_preferences_copy_value_compat (kim_preference_key_forwardable, 
-                                                    CFBooleanGetTypeID (), 
+
+        err = kim_os_preferences_copy_value_compat (kim_preference_key_forwardable,
+                                                    CFBooleanGetTypeID (),
                                                     (CFPropertyListRef *) &value);
-        
+
         if (!err && value) {
             found_options = 1;
             err = kim_options_set_forwardable (options, CFBooleanGetValue (value));
         }
-        
+
         if (value) { CFRelease (value); }
     }
-    
+
     if (!err) {
         CFBooleanRef value = NULL;
-        
-        err = kim_os_preferences_copy_value_compat (kim_preference_key_proxiable, 
-                                                    CFBooleanGetTypeID (), 
+
+        err = kim_os_preferences_copy_value_compat (kim_preference_key_proxiable,
+                                                    CFBooleanGetTypeID (),
                                                     (CFPropertyListRef *) &value);
-        
+
         if (!err && value) {
             found_options = 1;
             err = kim_options_set_proxiable (options, CFBooleanGetValue (value));
         }
-        
+
         if (value) { CFRelease (value); }
     }
-    
+
     if (!err) {
         CFBooleanRef value = NULL;
-        
-        err = kim_os_preferences_copy_value_compat (kim_preference_key_addressless, 
-                                                    CFBooleanGetTypeID (), 
+
+        err = kim_os_preferences_copy_value_compat (kim_preference_key_addressless,
+                                                    CFBooleanGetTypeID (),
                                                     (CFPropertyListRef *) &value);
-        
+
         if (!err && value) {
             found_options = 1;
             err = kim_options_set_addressless (options, CFBooleanGetValue (value));
         }
-        
+
         if (value) { CFRelease (value); }
     }
-    
+
     if (!err && !found_options) {
         kim_options_free (&options);
         options = KIM_OPTIONS_DEFAULT;
     }
-    
+
     if (!err) {
         *out_options = options;
     }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_get_options_for_key (kim_preference_key  in_key, 
+kim_error kim_os_preferences_get_options_for_key (kim_preference_key  in_key,
                                                   kim_options        *out_options)
 {
     kim_error err = KIM_NO_ERROR;
     CFDictionaryRef dictionary = NULL;
     kim_options options = KIM_OPTIONS_DEFAULT;
-    
+
     if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_os_preferences_copy_value (in_key, CFDictionaryGetTypeID (), 
+        err = kim_os_preferences_copy_value (in_key, CFDictionaryGetTypeID (),
                                              (CFPropertyListRef *) &dictionary);
-        
+
         if (!err && dictionary) {
             err = kim_os_preferences_dictionary_to_options (dictionary, &options);
         }
     }
-    
+
     if (!err && !dictionary) {
         err = kim_os_preferences_get_options_compat (&options);
     }
-    
+
     if (!err) {
         *out_options = options;
     }
-    
+
     if (dictionary) { CFRelease (dictionary); }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_set_options_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_options_for_key (kim_preference_key in_key,
                                                   kim_options        in_options)
 {
     kim_error err = KIM_NO_ERROR;
     CFMutableDictionaryRef dictionary = NULL;
-    
+
     /* in_options may be KIM_OPTIONS_DEFAULT, in which case we empty the dict */
-    
+
     if (!err && in_options) {
-        dictionary = CFDictionaryCreateMutable (kCFAllocatorDefault, 0, 
+        dictionary = CFDictionaryCreateMutable (kCFAllocatorDefault, 0,
                                                 &kCFTypeDictionaryKeyCallBacks,
                                                 &kCFTypeDictionaryValueCallBacks);
         if (!dictionary) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
@@ -900,14 +900,14 @@ kim_error kim_os_preferences_set_options_for_key (kim_preference_key in_key,
             err = kim_os_preferences_options_to_dictionary (in_options, dictionary);
         }
     }
-    
+
     if (!err) {
         /* NULL dictioray will remove any entry for this key */
         err = kim_os_preferences_set_value (in_key, dictionary);
     }
-    
+
     if (dictionary) { CFRelease (dictionary); }
-    
+
     return check_error (err);
 }
 
@@ -915,145 +915,145 @@ kim_error kim_os_preferences_set_options_for_key (kim_preference_key in_key,
 
 /* ------------------------------------------------------------------------ */
 
-kim_error kim_os_preferences_get_favorites_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_get_favorites_for_key (kim_preference_key in_key,
                                                     kim_favorites      io_favorites)
 {
     kim_error err = KIM_NO_ERROR;
     CFArrayRef value = NULL;
-    
+
     if (!err && !io_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_os_preferences_copy_value (in_key, CFArrayGetTypeID (), 
+        err = kim_os_preferences_copy_value (in_key, CFArrayGetTypeID (),
                                              (CFPropertyListRef *) &value);
     }
-    
+
     if (!err && value) {
         if (!value || CFArrayGetCount (value) < 1) {
             err =  kim_favorites_remove_all_identities (io_favorites);
-            
+
         } else {
             CFIndex count = CFArrayGetCount (value);
             CFIndex i;
-            
+
             for (i = 0; !err && i < count; i++) {
                 CFDictionaryRef dictionary = NULL;
                 CFStringRef cfstring = NULL;
-                
+
                 dictionary = (CFDictionaryRef) CFArrayGetValueAtIndex (value, i);
                 if (!dictionary || CFGetTypeID (dictionary) != CFDictionaryGetTypeID ()) {
                     err = check_error (KIM_PREFERENCES_READ_ERR);
                 }
-                
+
                 if (!err) {
                     err = kim_os_preferences_copy_value_for_dict_key (dictionary,
                                                                       kim_preference_key_client_identity,
                                                                       CFStringGetTypeID (),
-                                                                      (CFPropertyListRef *) &cfstring);                    
+                                                                      (CFPropertyListRef *) &cfstring);
                 }
-                
+
                 if (!err && cfstring) {
                     kim_string string = NULL;
                     kim_identity identity = NULL;
                     kim_options options = KIM_OPTIONS_DEFAULT;
-                    
+
                     err = kim_os_string_create_from_cfstring (&string, cfstring);
-                    
+
                     if (!err) {
                         err = kim_identity_create_from_string (&identity, string);
                     }
-                    
+
                     if (!err && (CFDictionaryGetCount (dictionary) > 1)) {
-                        err = kim_os_preferences_dictionary_to_options (dictionary, 
+                        err = kim_os_preferences_dictionary_to_options (dictionary,
                                                                         &options);
                     }
-                    
+
                     if (!err) {
                         err = kim_favorites_add_identity (io_favorites, identity,
                                                           options);
                     }
-                    
+
                     kim_string_free (&string);
                     kim_options_free (&options);
                     kim_identity_free (&identity);
                 }
             }
-            
+
             if (err) {
                 kim_favorites_remove_all_identities (io_favorites);
             }
         }
     }
-    
+
     if (value) { CFRelease (value); }
-    
+
     return check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
-kim_error kim_os_preferences_set_favorites_for_key (kim_preference_key in_key, 
+kim_error kim_os_preferences_set_favorites_for_key (kim_preference_key in_key,
                                                     kim_favorites      in_favorites)
 {
     kim_error err = KIM_NO_ERROR;
     kim_count count = 0;
     CFMutableArrayRef array = NULL;
-    
+
     if (!err && !in_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_favorites_get_number_of_identities (in_favorites, &count);
     }
-    
+
     if (!err) {
-        array = CFArrayCreateMutable (kCFAllocatorDefault, count, 
+        array = CFArrayCreateMutable (kCFAllocatorDefault, count,
                                       &kCFTypeArrayCallBacks);
         if (!array) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         kim_count i;
-        
+
         for (i = 0; !err && i < count; i++) {
             kim_identity identity = NULL;
             kim_options options = NULL;
             kim_string string = NULL;
             CFStringRef cfstring = NULL;
             CFMutableDictionaryRef dictionary = NULL;
-            
-            err = kim_favorites_get_identity_at_index (in_favorites, i, 
+
+            err = kim_favorites_get_identity_at_index (in_favorites, i,
                                                        &identity,
                                                        &options);
-            
+
             if (!err) {
                 err = kim_identity_get_string (identity, &string);
             }
-            
+
             if (!err) {
                 err = kim_os_string_get_cfstring (string, &cfstring);
             }
-            
+
             if (!err) {
-                dictionary = CFDictionaryCreateMutable (kCFAllocatorDefault, 0, 
+                dictionary = CFDictionaryCreateMutable (kCFAllocatorDefault, 0,
                                                         &kCFTypeDictionaryKeyCallBacks,
                                                         &kCFTypeDictionaryValueCallBacks);
                 if (!dictionary) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
             }
-            
+
             if (!err) {
                 err = kim_os_preferences_set_value_for_dict_key (dictionary,
                                                                  kim_preference_key_client_identity,
-                                                                 cfstring);                    
+                                                                 cfstring);
             }
-            
+
             if (!err && options) {
-                err = kim_os_preferences_options_to_dictionary (options, 
+                err = kim_os_preferences_options_to_dictionary (options,
                                                                 dictionary);
             }
-            
+
             if (!err) {
                 CFArrayAppendValue (array, dictionary);
             }
-            
+
             if (dictionary) { CFRelease (dictionary); }
             if (cfstring  ) { CFRelease (cfstring); }
             kim_string_free (&string);
@@ -1061,13 +1061,12 @@ kim_error kim_os_preferences_set_favorites_for_key (kim_preference_key in_key,
             kim_identity_free (&identity);
         }
     }
-    
+
     if (!err) {
         err = kim_os_preferences_set_value (in_key, array);
     }
-    
+
     if (array) { CFRelease (array); }
-    
+
     return check_error (err);
 }
-
diff --git a/src/kim/lib/mac/kim_os_selection_hints.c b/src/kim/lib/mac/kim_os_selection_hints.c
index bc1a64868..27a62461d 100644
--- a/src/kim/lib/mac/kim_os_selection_hints.c
+++ b/src/kim/lib/mac/kim_os_selection_hints.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -51,37 +51,37 @@ static kim_error kim_os_selection_hints_get_selection_hints_array (CFArrayRef *o
     CFPropertyListRef value = NULL;
     CFStringRef users[] = { kCFPreferencesCurrentUser, kCFPreferencesAnyUser, NULL };
     CFStringRef hosts[] = { kCFPreferencesCurrentHost, kCFPreferencesAnyHost, NULL };
-    
+
     if (!err && !out_selection_hints_array) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_count u, h;
-        
+
         if (!kim_library_allow_home_directory_access()) {
             users[0] = kCFPreferencesAnyUser;
             users[1] = NULL;
         }
-        
+
         for (u = 0; !value && users[u]; u++) {
             for (h = 0; !value && hosts[h]; h++) {
-                value = CFPreferencesCopyValue (KIM_SELECTION_HINTS_ARRAY, 
-                                                KIM_SELECTION_HINTS_FILE, 
+                value = CFPreferencesCopyValue (KIM_SELECTION_HINTS_ARRAY,
+                                                KIM_SELECTION_HINTS_FILE,
                                                 users[u], hosts[h]);
             }
-        }        
-        
+        }
+
         if (value && CFGetTypeID (value) != CFArrayGetTypeID ()) {
             err = check_error (KIM_PREFERENCES_READ_ERR);
         }
     }
-    
+
     if (!err) {
         *out_selection_hints_array = value;
         value = NULL;
     }
-    
+
     if (value) { CFRelease (value); }
-    
+
     return check_error (err);
 }
 
@@ -90,21 +90,21 @@ static kim_error kim_os_selection_hints_get_selection_hints_array (CFArrayRef *o
 static kim_error kim_os_selection_hints_set_selection_hints_array (CFArrayRef in_selection_hints_array)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     if (!err && !in_selection_hints_array) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         kim_boolean homedir_ok = kim_library_allow_home_directory_access();
         CFStringRef user = homedir_ok ? kCFPreferencesCurrentUser : kCFPreferencesAnyUser;
         CFStringRef host = homedir_ok ? kCFPreferencesAnyHost : kCFPreferencesCurrentHost;
-        
-        CFPreferencesSetValue (KIM_SELECTION_HINTS_ARRAY, in_selection_hints_array, 
+
+        CFPreferencesSetValue (KIM_SELECTION_HINTS_ARRAY, in_selection_hints_array,
                                KIM_SELECTION_HINTS_FILE, user, host);
         if (!CFPreferencesSynchronize (KIM_SELECTION_HINTS_FILE, user, host)) {
             err = check_error (KIM_PREFERENCES_WRITE_ERR);
         }
     }
-    
+
     return check_error (err);
 }
 
@@ -122,71 +122,71 @@ static kim_error kim_os_selection_hints_create_dictionary (kim_selection_hints
     CFStringRef keys[KIM_MAX_HINTS] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL };
     CFStringRef values[KIM_MAX_HINTS] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL };
     CFIndex i = 0;
-    
+
     if (!err && !in_selection_hints  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_hints_dictionary) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_selection_hints_get_preference_strings (in_selection_hints, &preference_strings);
     }
-    
+
     if (!err) {
         err = kim_identity_get_string (in_identity, &identity_string);
     }
-    
+
     if (!err) {
         keys[i] = KIM_APPLICATION_ID_HINT;
         err = kim_os_string_get_cfstring (preference_strings.application_identifier, &values[i]);
     }
-    
+
     if (!err) {
         keys[++i] = KIM_IDENTITY_HINT;
         err = kim_os_string_get_cfstring (identity_string, &values[i]);
     }
-    
+
     if (!err && preference_strings.service_identity) {
         keys[++i] = KIM_SERVICE_IDENTITY_HINT;
         err = kim_os_string_get_cfstring (preference_strings.service_identity, &values[i]);
     }
-    
+
     if (!err && preference_strings.user) {
         keys[++i] = KIM_USER_HINT;
         err = kim_os_string_get_cfstring (preference_strings.user, &values[i]);
     }
-    
+
     if (!err && preference_strings.client_realm) {
         keys[++i] = KIM_CLIENT_REALM_HINT;
         err = kim_os_string_get_cfstring (preference_strings.client_realm, &values[i]);
     }
-    
+
     if (!err && preference_strings.service) {
         keys[++i] = KIM_SERVICE_HINT;
         err = kim_os_string_get_cfstring (preference_strings.service, &values[i]);
     }
-    
+
     if (!err && preference_strings.service_realm) {
         keys[++i] = KIM_SERVICE_REALM_HINT;
         err = kim_os_string_get_cfstring (preference_strings.service_realm, &values[i]);
     }
-    
+
     if (!err && preference_strings.server) {
         keys[++i] = KIM_SERVER_HINT;
         err = kim_os_string_get_cfstring (preference_strings.server, &values[i]);
     }
-    
+
     if (!err) {
-        *out_hints_dictionary = CFDictionaryCreate (kCFAllocatorDefault, 
-                                                    (const void **) keys, 
-                                                    (const void **) values, 
+        *out_hints_dictionary = CFDictionaryCreate (kCFAllocatorDefault,
+                                                    (const void **) keys,
+                                                    (const void **) values,
                                                     i+1, /* number of hints */
-                                                    &kCFTypeDictionaryKeyCallBacks, 
-                                                    &kCFTypeDictionaryValueCallBacks); 
+                                                    &kCFTypeDictionaryKeyCallBacks,
+                                                    &kCFTypeDictionaryValueCallBacks);
     }
-    
+
     for (i = 0; i < KIM_MAX_HINTS; i++) { if (values[i]) { CFRelease (values[i]); } }
     kim_string_free (&identity_string);
-    
+
     return check_error (err);
 }
 
@@ -196,17 +196,17 @@ static kim_boolean kim_os_selection_hints_compare_hint (kim_string  in_string,
                                                         CFStringRef in_value)
 {
     kim_boolean equal = 0;
-    
-    if (!in_string && !in_value) { 
-        equal = 1; 
-        
+
+    if (!in_string && !in_value) {
+        equal = 1;
+
     } else if (in_string && in_value) {
         if (CFGetTypeID (in_value) == CFStringGetTypeID ()) {
             kim_comparison comparison;
-            
-            kim_error err = kim_os_string_compare_to_cfstring (in_string, in_value, 
+
+            kim_error err = kim_os_string_compare_to_cfstring (in_string, in_value,
                                                                &comparison);
-            
+
             if (!err && kim_comparison_is_equal_to (comparison)) {
                 equal = 1;
             }
@@ -214,7 +214,7 @@ static kim_boolean kim_os_selection_hints_compare_hint (kim_string  in_string,
             kim_debug_printf ("%s: Malformed string in hints dictionary.", __FUNCTION__);
         }
     }
-    
+
     return equal;
 }
 
@@ -227,61 +227,61 @@ static kim_error kim_os_selection_hints_compare_to_dictionary (kim_selection_hin
     kim_error err = KIM_NO_ERROR;
     kim_selection_hints_preference_strings preference_strings = { NULL, NULL, NULL, NULL, NULL, NULL, NULL };
     kim_boolean hints_equal = 1;
-    
+
     if (!err && !in_selection_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_hints_dictionary) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_hints_equal    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_selection_hints_get_preference_strings (in_selection_hints, &preference_strings);
     }
-    
+
     if (!err && hints_equal) {
-        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.application_identifier, 
-                                                           CFDictionaryGetValue (in_hints_dictionary, 
+        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.application_identifier,
+                                                           CFDictionaryGetValue (in_hints_dictionary,
                                                                                  KIM_APPLICATION_ID_HINT));
     }
-    
+
     if (!err && hints_equal) {
-        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.service_identity, 
-                                                           CFDictionaryGetValue (in_hints_dictionary, 
+        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.service_identity,
+                                                           CFDictionaryGetValue (in_hints_dictionary,
                                                                                  KIM_SERVICE_IDENTITY_HINT));
     }
-    
+
     if (!err && hints_equal) {
-        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.user, 
-                                                           CFDictionaryGetValue (in_hints_dictionary, 
+        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.user,
+                                                           CFDictionaryGetValue (in_hints_dictionary,
                                                                                  KIM_USER_HINT));
     }
-    
+
     if (!err && hints_equal) {
-        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.client_realm, 
-                                                           CFDictionaryGetValue (in_hints_dictionary, 
+        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.client_realm,
+                                                           CFDictionaryGetValue (in_hints_dictionary,
                                                                                  KIM_CLIENT_REALM_HINT));
     }
-    
+
     if (!err && hints_equal) {
-        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.service, 
-                                                           CFDictionaryGetValue (in_hints_dictionary, 
+        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.service,
+                                                           CFDictionaryGetValue (in_hints_dictionary,
                                                                                  KIM_SERVICE_HINT));
     }
-    
+
     if (!err && hints_equal) {
-        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.service_realm, 
-                                                           CFDictionaryGetValue (in_hints_dictionary, 
+        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.service_realm,
+                                                           CFDictionaryGetValue (in_hints_dictionary,
                                                                                  KIM_SERVICE_REALM_HINT));
     }
-    
+
     if (!err && hints_equal) {
-        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.server, 
-                                                           CFDictionaryGetValue (in_hints_dictionary, 
+        hints_equal = kim_os_selection_hints_compare_hint (preference_strings.server,
+                                                           CFDictionaryGetValue (in_hints_dictionary,
                                                                                  KIM_SERVER_HINT));
     }
-    
+
     if (!err) {
         *out_hints_equal = hints_equal;
     }
-    
+
     return check_error (err);
 }
 
@@ -293,23 +293,23 @@ static kim_error kim_os_selection_hints_get_dictionary_identity (CFDictionaryRef
     kim_error err = KIM_NO_ERROR;
     CFStringRef identity_cfstr = NULL;
     kim_string identity_string = NULL;
-    
+
     identity_cfstr = CFDictionaryGetValue (in_dictionary, KIM_IDENTITY_HINT);
     if (!identity_cfstr || CFGetTypeID (identity_cfstr) != CFStringGetTypeID ()) {
         kim_debug_printf ("%s: Malformed hints dictionary (invalid identity).", __FUNCTION__);
         err = check_error (KIM_PREFERENCES_READ_ERR);
     }
-    
+
     if (!err) {
         err = kim_os_string_create_from_cfstring (&identity_string, identity_cfstr);
     }
-    
+
     if (!err) {
         err = kim_identity_create_from_string (out_identity, identity_string);
     }
-    
+
     kim_string_free (&identity_string);
-    
+
     return check_error (err);
 }
 
@@ -326,47 +326,47 @@ kim_error kim_os_selection_hints_lookup_identity (kim_selection_hints  in_select
     CFIndex count = 0;
     kim_boolean found = 0;
     CFDictionaryRef found_dictionary = NULL;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_os_selection_hints_get_selection_hints_array (&hints_array);
     }
-    
+
     if (!err && hints_array) {
         count = CFArrayGetCount (hints_array);
     }
-    
+
     for (i = 0; !err && !found && i < count; i++) {
         CFDictionaryRef dictionary = NULL;
-        
+
         dictionary = CFArrayGetValueAtIndex (hints_array, i);
         if (!dictionary) { err = KIM_OUT_OF_MEMORY_ERR; }
-        
+
         if (!err && CFGetTypeID (dictionary) != CFDictionaryGetTypeID ()) {
             kim_debug_printf ("%s: Malformed entry in hints array.", __FUNCTION__);
             continue; /* skip entries which aren't dictionaries */
         }
-        
+
         if (!err) {
-            err = kim_os_selection_hints_compare_to_dictionary (in_selection_hints, 
+            err = kim_os_selection_hints_compare_to_dictionary (in_selection_hints,
                                                                 dictionary,
                                                                 &found);
         }
-        
+
         if (!err && found) {
             found_dictionary = dictionary;
         }
     }
-    
+
     if (!err && found) {
         err = kim_os_selection_hints_get_dictionary_identity (found_dictionary,
                                                               out_identity);
     }
-    
+
     if (hints_array) { CFRelease (hints_array); }
-    
+
     return check_error (err);
 }
 
@@ -382,58 +382,58 @@ kim_error kim_os_selection_hints_remember_identity (kim_selection_hints in_selec
     CFIndex i = 0;
     kim_boolean hint_already_exists = 0;
     kim_boolean hints_array_changed = 0;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_os_selection_hints_get_selection_hints_array (&old_hints_array);
     }
-    
+
     if (!err) {
         if (old_hints_array) {
-            new_hints_array = CFArrayCreateMutableCopy (kCFAllocatorDefault, 0, 
+            new_hints_array = CFArrayCreateMutableCopy (kCFAllocatorDefault, 0,
                                                         old_hints_array);
         } else {
-            new_hints_array = CFArrayCreateMutable (kCFAllocatorDefault, 0, 
-                                                    &kCFTypeArrayCallBacks);            
+            new_hints_array = CFArrayCreateMutable (kCFAllocatorDefault, 0,
+                                                    &kCFTypeArrayCallBacks);
         }
         if (!new_hints_array) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         count = CFArrayGetCount (new_hints_array);
     }
-    
+
     for (i = 0; !err && i < count; i++) {
         CFDictionaryRef dictionary = NULL;
         kim_identity identity = NULL;
         kim_boolean hints_equal = 0;
-        
+
         dictionary = CFArrayGetValueAtIndex (new_hints_array, i);
         if (!dictionary) { err = KIM_OUT_OF_MEMORY_ERR; }
-        
+
         if (!err && CFGetTypeID (dictionary) != CFDictionaryGetTypeID ()) {
             kim_debug_printf ("%s: Malformed entry in hints array.", __FUNCTION__);
             continue; /* skip entries which aren't dictionaries */
         }
-        
+
         if (!err) {
-            err = kim_os_selection_hints_compare_to_dictionary (in_selection_hints, 
+            err = kim_os_selection_hints_compare_to_dictionary (in_selection_hints,
                                                                 dictionary,
                                                                 &hints_equal);
         }
-        
+
         if (!err && hints_equal) {
             kim_comparison comparison;
-            
+
             err = kim_os_selection_hints_get_dictionary_identity (dictionary,
                                                                   &identity);
-            
+
             if (!err) {
                 err = kim_identity_compare (in_identity, identity, &comparison);
             }
-            
+
             if (!err) {
                 if (kim_comparison_is_equal_to (comparison) && !hint_already_exists) {
                     hint_already_exists = 1;
@@ -444,33 +444,33 @@ kim_error kim_os_selection_hints_remember_identity (kim_selection_hints in_selec
                     hints_array_changed = 1;
                 }
             }
-            
+
             kim_identity_free (&identity);
         }
     }
-    
+
     if (!err && !hint_already_exists) {
         CFDictionaryRef new_hint_dictionary = NULL;
-        
-        err = kim_os_selection_hints_create_dictionary (in_selection_hints, 
+
+        err = kim_os_selection_hints_create_dictionary (in_selection_hints,
                                                         in_identity,
                                                         &new_hint_dictionary);
-        
+
         if (!err) {
             CFArrayInsertValueAtIndex (new_hints_array, 0, new_hint_dictionary);
             hints_array_changed = 1;
         }
-        
+
         if (new_hint_dictionary) { CFRelease (new_hint_dictionary); }
     }
-    
+
     if (!err && hints_array_changed) {
         err = kim_os_selection_hints_set_selection_hints_array (new_hints_array);
     }
-    
+
     if (new_hints_array ) { CFRelease (new_hints_array); }
     if (old_hints_array ) { CFRelease (old_hints_array); }
-    
+
     return check_error (err);
 }
 
@@ -483,54 +483,53 @@ kim_error kim_os_selection_hints_forget_identity (kim_selection_hints in_selecti
     CFMutableArrayRef new_hints_array = NULL;
     CFIndex count = 0;
     CFIndex i = 0;
-    
+
     if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_os_selection_hints_get_selection_hints_array (&old_hints_array);
     }
-    
+
     if (!err) {
-        new_hints_array = CFArrayCreateMutableCopy (kCFAllocatorDefault, 0, 
+        new_hints_array = CFArrayCreateMutableCopy (kCFAllocatorDefault, 0,
                                                     old_hints_array);
         if (!new_hints_array) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         count = CFArrayGetCount (new_hints_array);
     }
-    
+
     for (i = 0; !err && i < count; i++) {
         CFDictionaryRef dictionary = NULL;
         kim_boolean hints_equal = 0;
-        
+
         dictionary = CFArrayGetValueAtIndex (new_hints_array, i);
         if (!dictionary) { err = KIM_OUT_OF_MEMORY_ERR; }
-        
+
         if (!err && CFGetTypeID (dictionary) != CFDictionaryGetTypeID ()) {
             kim_debug_printf ("%s: Malformed entry in hints array.", __FUNCTION__);
             continue; /* skip entries which aren't dictionaries */
         }
-        
+
         if (!err) {
-            err = kim_os_selection_hints_compare_to_dictionary (in_selection_hints, 
+            err = kim_os_selection_hints_compare_to_dictionary (in_selection_hints,
                                                                 dictionary,
                                                                 &hints_equal);
         }
-        
+
         if (!err && hints_equal) {
             CFArrayRemoveValueAtIndex (new_hints_array, i);
             i--; /* back up one index so we don't skip */
             count = CFArrayGetCount (new_hints_array); /* count changed */
         }
     }
-    
+
     if (!err) {
         err = kim_os_selection_hints_set_selection_hints_array (new_hints_array);
     }
-    
+
     if (new_hints_array) { CFRelease (new_hints_array); }
-    
+
     return check_error (err);
 }
-
diff --git a/src/kim/lib/mac/kim_os_string.c b/src/kim/lib/mac/kim_os_string.c
index 96573eec9..944b8c995 100644
--- a/src/kim/lib/mac/kim_os_string.c
+++ b/src/kim/lib/mac/kim_os_string.c
@@ -8,7 +8,7 @@
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -37,14 +37,14 @@ kim_error kim_os_string_create_localized (kim_string *out_string,
     kim_error err = lock_err;
     kim_string string = NULL;
     CFStringRef cfkey = NULL;
-    
+
     if (!err && !out_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_string ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-   
+
     if (!err) {
         err = kim_os_string_get_cfstring (in_string, &cfkey);
     }
-    
+
     if (!err && kim_library_allow_home_directory_access ()) {
         CFStringRef cfstring = NULL;
         CFBundleRef framework = CFBundleGetBundleWithIdentifier (CFSTR ("edu.mit.Kerberos"));
@@ -56,35 +56,35 @@ kim_error kim_os_string_create_localized (kim_string *out_string,
                                                                framework,
                                                                "");
         }
-        
+
         if (main_bundle && !cfstring) {
             cfstring = CFCopyLocalizedStringFromTableInBundle (cfkey,
                                                                 CFSTR ("InfoPlist"),
                                                                main_bundle,
                                                                "");
-        }        
-        
+        }
+
         if (!err && cfstring) {
             err = kim_os_string_create_from_cfstring (&string, cfstring);
         }
-        
+
         if (cfstring) { CFRelease (cfstring); }
     }
-    
+
     if (!err && !string) {
         err = kim_string_copy (&string, in_string);
     }
-    
+
     if (!err) {
         *out_string = string;
         string = NULL;
     }
-    
+
     if (cfkey) { CFRelease (cfkey); }
     kim_string_free (&string);
-    
+
     if (!lock_err) { kim_os_library_unlock_for_bundle_lookup (); }
-    
+
     return check_error (err);
 }
 
@@ -96,47 +96,47 @@ kim_error kim_os_string_create_from_cfstring (kim_string  *out_string,
     kim_error err = KIM_NO_ERROR;
     kim_string string = NULL;
     CFIndex length = 0;
-    
+
     if (!err && !out_string ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_cfstring) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         char *ptr = NULL;
-        
-        /* check if in_cfstring is a C string internally so we can 
+
+        /* check if in_cfstring is a C string internally so we can
          * avoid using CFStringGetMaximumSizeForEncoding which is wasteful */
-        ptr = (char *) CFStringGetCStringPtr(in_cfstring, 
+        ptr = (char *) CFStringGetCStringPtr(in_cfstring,
                                              kCFStringEncodingUTF8);
         if (ptr) {
             string = strdup (ptr);
             if (!string) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
 
         } else {
-            length = CFStringGetMaximumSizeForEncoding (CFStringGetLength (in_cfstring), 
+            length = CFStringGetMaximumSizeForEncoding (CFStringGetLength (in_cfstring),
                                                         kCFStringEncodingUTF8) + 1;
-            
+
             string = (char *) calloc (length, sizeof (char));
             if (!string) { err = check_error (KIM_OUT_OF_MEMORY_ERR); }
-        
+
             if (!err) {
-                if (!CFStringGetCString (in_cfstring, 
-                                         (char *) string, 
-                                         length, 
+                if (!CFStringGetCString (in_cfstring,
+                                         (char *) string,
+                                         length,
                                          kCFStringEncodingUTF8)) {
                     err = KIM_OUT_OF_MEMORY_ERR;
-                }        
-            }        
+                }
+            }
         }
     }
-    
-    
+
+
     if (!err) {
         *out_string = string;
         string = NULL;
     }
-    
+
     kim_string_free (&string);
-    
+
     return check_error (err);
 }
 
@@ -147,24 +147,24 @@ kim_error kim_os_string_get_cfstring (kim_string   in_string,
 {
     kim_error err = KIM_NO_ERROR;
     CFStringRef cfstring = NULL;
-    
+
     if (!err && !in_string   ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_cfstring) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        cfstring = CFStringCreateWithCString (kCFAllocatorDefault, 
-                                              in_string, 
+        cfstring = CFStringCreateWithCString (kCFAllocatorDefault,
+                                              in_string,
                                               kCFStringEncodingUTF8);
         if (!cfstring) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         *out_cfstring = cfstring;
         cfstring = NULL;
     }
-    
+
     if (cfstring) { CFRelease (cfstring); }
-    
+
     return check_error (err);
 }
 
@@ -178,34 +178,34 @@ kim_error kim_os_string_compare (kim_string      in_string,
     kim_error err = KIM_NO_ERROR;
     CFStringRef cfstring = NULL;
     CFStringRef compare_to_cfstring = NULL;
-    
+
     if (!err && !in_string           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_compare_to_string) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_comparison      ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
-        err = kim_os_string_get_cfstring (in_string, 
+        err = kim_os_string_get_cfstring (in_string,
                                           &cfstring);
     }
-    
+
     if (!err) {
-        err = kim_os_string_get_cfstring (in_compare_to_string, 
+        err = kim_os_string_get_cfstring (in_compare_to_string,
                                           &compare_to_cfstring);
     }
-    
+
     if (!err) {
-        CFOptionFlags options = (in_case_insensitive ? 
+        CFOptionFlags options = (in_case_insensitive ?
                                  1 : kCFCompareCaseInsensitive);
-        
+
         /* Returned CFComparisonResult is compatible with kim_comparison_t */
-        *out_comparison = CFStringCompare (cfstring, 
-                                           compare_to_cfstring, 
-                                           options);            
+        *out_comparison = CFStringCompare (cfstring,
+                                           compare_to_cfstring,
+                                           options);
     }
-    
+
     if (cfstring           ) { CFRelease (cfstring); }
     if (compare_to_cfstring) { CFRelease (compare_to_cfstring); }
-    
+
     return check_error (err);
 }
 
@@ -217,21 +217,21 @@ kim_error kim_os_string_compare_to_cfstring (kim_string      in_string,
 {
     kim_error err = KIM_NO_ERROR;
     CFStringRef cfstring = NULL;
-    
+
     if (!err && !in_string             ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_compare_to_cfstring) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_comparison        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_os_string_get_cfstring (in_string, &cfstring);
     }
-    
+
     if (!err) {
         /* Returned CFComparisonResult is compatible with kim_comparison_t */
-        *out_comparison = CFStringCompare (cfstring, in_compare_to_cfstring, 0);            
+        *out_comparison = CFStringCompare (cfstring, in_compare_to_cfstring, 0);
     }
-    
+
     if (cfstring) { CFRelease (cfstring); }
-    
+
     return check_error (err);
 }
diff --git a/src/kim/lib/mac/kim_os_ui_gui.c b/src/kim/lib/mac/kim_os_ui_gui.c
index 1f9122570..5de8ef191 100644
--- a/src/kim/lib/mac/kim_os_ui_gui.c
+++ b/src/kim/lib/mac/kim_os_ui_gui.c
@@ -56,59 +56,59 @@ kim_error kim_os_ui_gui_init (kim_ui_context *io_context)
     kim_string path = NULL;
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
-    
+
     if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_library_get_application_name (&name);
     }
-    
+
     if (!err) {
         err = kim_os_library_get_application_path (&path);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, "init");
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (request, getpid());
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, name ? name : "");
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, path ? path : "");
     }
-    
+
     if (!err) {
         err = kim_os_ui_gui_send_request (1 /* launch server */,
                                           request,
                                           &reply);
     }
-    
+
     if (!err) {
         int32_t result = 0;
 
         err = krb5int_ipc_stream_read_int32 (reply, &result);
         if (!err) { err = check_error (result); }
     }
-    
+
     if (!err) {
         io_context->tcontext = NULL;
     }
-    
+
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
     kim_string_free (&name);
     kim_string_free (&path);
-    
+
     return check_error (err);
 }
 
@@ -125,15 +125,15 @@ kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
     char *identity_string = NULL;
     kim_identity identity = NULL;
     uint32_t change_password = 0;
-    
+
     if (!err && !io_options         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, "enter_identity");
     }
@@ -141,21 +141,21 @@ kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
     if (!err) {
         err = kim_options_write_to_stream (io_options, request);
     }
-    
+
     if (!err) {
         err = kim_os_ui_gui_send_request (0 /* don't launch server */,
                                           request,
                                           &reply);
         if (!reply) { err = check_error (KIM_NO_SERVER_ERR); }
     }
-    
+
     if (!err) {
         int32_t result = 0;
-        
+
         err = krb5int_ipc_stream_read_int32 (reply, &result);
         if (!err) { err = check_error (result); }
     }
-    
+
     if (!err) {
         err  = krb5int_ipc_stream_read_string (reply, &identity_string);
     }
@@ -163,21 +163,21 @@ kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
     if (!err) {
         err  = krb5int_ipc_stream_read_uint32 (reply, &change_password);
     }
-    
+
     if (!err) {
         err  = kim_options_read_from_stream (io_options, reply);
     }
-    
+
     if (!err) {
         err = kim_identity_create_from_string (&identity, identity_string);
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
         *out_change_password = change_password;
     }
-    
+
     kim_identity_free (&identity);
     krb5int_ipc_stream_free_string (identity_string);
     krb5int_ipc_stream_release (request);
@@ -200,45 +200,45 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context      *in_context,
     kim_options options = NULL;
     kim_identity identity = NULL;
     uint32_t change_password = 0;
-    
+
     if (!err && !io_hints           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, "select_identity");
     }
-    
+
     if (!err) {
         err = kim_selection_hints_write_to_stream (io_hints, request);
     }
-    
+
     if (!err) {
         err = kim_os_ui_gui_send_request (0 /* don't launch server */,
                                           request,
                                           &reply);
         if (!reply) { err = check_error (KIM_NO_SERVER_ERR); }
     }
-    
+
     if (!err) {
         int32_t result = 0;
-        
+
         err = krb5int_ipc_stream_read_int32 (reply, &result);
         if (!err) { err = check_error (result); }
     }
-    
+
     if (!err) {
         err  = krb5int_ipc_stream_read_string (reply, &identity_string);
     }
-    
+
     if (!err) {
         err = kim_identity_create_from_string (&identity, identity_string);
     }
-    
+
     if (!err) {
         err  = krb5int_ipc_stream_read_uint32 (reply, &change_password);
     }
@@ -246,23 +246,23 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context      *in_context,
     if (!err) {
         err = kim_options_create_from_stream (&options, reply);
     }
-    
+
     if (!err) {
         err = kim_selection_hints_set_options (io_hints, options);
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
         *out_change_password = change_password;
     }
-    
-    kim_identity_free (&identity);    
+
+    kim_identity_free (&identity);
     kim_options_free (&options);
-    krb5int_ipc_stream_free_string (identity_string);    
+    krb5int_ipc_stream_free_string (identity_string);
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
-    
+
     return check_error (err);
 }
 
@@ -271,8 +271,8 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context      *in_context,
 kim_error kim_os_ui_gui_auth_prompt (kim_ui_context      *in_context,
                                      kim_identity         in_identity,
                                      kim_prompt_type      in_type,
-                                     kim_boolean          in_allow_save_reply, 
-                                     kim_boolean          in_hide_reply, 
+                                     kim_boolean          in_allow_save_reply,
+                                     kim_boolean          in_hide_reply,
                                      kim_string           in_title,
                                      kim_string           in_message,
                                      kim_string           in_description,
@@ -283,76 +283,76 @@ kim_error kim_os_ui_gui_auth_prompt (kim_ui_context      *in_context,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     kim_string identity_string = NULL;
-    
+
     if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_reply  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     /* in_title, in_message or in_description may be NULL */
-    
+
     if (!err) {
         err = kim_identity_get_string (in_identity, &identity_string);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, "auth_prompt");
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, identity_string);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (request, in_type);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (request, in_allow_save_reply);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (request, in_hide_reply);
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (request, 
+        err = krb5int_ipc_stream_write_string (request,
                                           in_title ? in_title : "");
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (request, 
+        err = krb5int_ipc_stream_write_string (request,
                                           in_message ? in_message : "");
     }
-    
+
     if (!err) {
-        err = krb5int_ipc_stream_write_string (request, 
+        err = krb5int_ipc_stream_write_string (request,
                                           in_description ? in_description : "");
     }
-    
+
     if (!err) {
         err = kim_os_ui_gui_send_request (0 /* don't launch server */,
                                           request,
                                           &reply);
         if (!reply) { err = check_error (KIM_NO_SERVER_ERR); }
     }
-    
+
     if (!err) {
         int32_t result = 0;
-        
+
         err = krb5int_ipc_stream_read_int32 (reply, &result);
         if (!err) { err = check_error (result); }
     }
-    
+
     if (!err) {
         err  = krb5int_ipc_stream_read_string (reply, out_reply);
-    } 
-    
+    }
+
     if (!err) {
         err  = krb5int_ipc_stream_read_int32 (reply, out_save_reply);
-    } 
-    
+    }
+
     kim_string_free (&identity_string);
 
     krb5int_ipc_stream_release (request);
@@ -374,62 +374,62 @@ kim_error kim_os_ui_gui_change_password (kim_ui_context      *in_context,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     kim_string identity_string = NULL;
-    
+
     char *old_password = NULL;
     char *new_password = NULL;
     char *vfy_password = NULL;
-   
+
     if (!err && !in_identity     ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_old_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_new_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !out_vfy_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_get_string (in_identity, &identity_string);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, "change_password");
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, identity_string);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (request, in_old_password_expired);
     }
-    
+
     if (!err) {
         err = kim_os_ui_gui_send_request (0 /* don't launch server */,
                                           request,
                                           &reply);
         if (!reply) { err = check_error (KIM_NO_SERVER_ERR); }
     }
-    
+
     if (!err) {
         int32_t result = 0;
-        
+
         err = krb5int_ipc_stream_read_int32 (reply, &result);
         if (!err) { err = check_error (result); }
     }
-    
+
     if (!err) {
         err  = krb5int_ipc_stream_read_string (reply, &old_password);
-    }     
-    
+    }
+
     if (!err) {
         err  = krb5int_ipc_stream_read_string (reply, &new_password);
-    }     
-    
+    }
+
     if (!err) {
         err  = krb5int_ipc_stream_read_string (reply, &vfy_password);
-    }     
-    
+    }
+
     if (!err) {
         *out_old_password = (char *) old_password;
         old_password = NULL;
@@ -438,12 +438,12 @@ kim_error kim_os_ui_gui_change_password (kim_ui_context      *in_context,
         *out_vfy_password = (char *) vfy_password;
         vfy_password = NULL;
     }
-    
-    kim_string_free (&identity_string);    
-    krb5int_ipc_stream_free_string (old_password);    
-    krb5int_ipc_stream_free_string (new_password);    
-    krb5int_ipc_stream_free_string (vfy_password);    
-    
+
+    kim_string_free (&identity_string);
+    krb5int_ipc_stream_free_string (old_password);
+    krb5int_ipc_stream_free_string (new_password);
+    krb5int_ipc_stream_free_string (vfy_password);
+
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
 
@@ -462,26 +462,26 @@ kim_error kim_os_ui_gui_handle_error (kim_ui_context    *in_context,
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     kim_string identity_string = NULL;
-    
+
     if (!err && !in_error_message    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_error_description) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    
+
     if (!err) {
         err = kim_identity_get_string (in_identity, &identity_string);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, "handle_error");
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, identity_string);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_int32 (request, in_error);
     }
@@ -489,26 +489,26 @@ kim_error kim_os_ui_gui_handle_error (kim_ui_context    *in_context,
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, in_error_message);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, in_error_description);
     }
-    
+
     if (!err) {
         err = kim_os_ui_gui_send_request (0 /* don't launch server */,
                                           request,
                                           &reply);
         if (!reply) { err = check_error (KIM_NO_SERVER_ERR); }
     }
-    
+
     if (!err) {
         int32_t result = 0;
-        
+
         err = krb5int_ipc_stream_read_int32 (reply, &result);
         if (!err) { err = check_error (result); }
     }
-    
-    kim_string_free (&identity_string);    
+
+    kim_string_free (&identity_string);
 
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
@@ -531,29 +531,29 @@ kim_error kim_os_ui_gui_fini (kim_ui_context *io_context)
     kim_error err = KIM_NO_ERROR;
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write_string (request, "fini");
     }
-    
+
     if (!err) {
         err = kim_os_ui_gui_send_request (0 /* don't launch server */,
                                           request,
                                           &reply);
         if (!reply) { err = check_error (KIM_NO_SERVER_ERR); }
     }
-    
+
     if (!err) {
         int32_t result = 0;
-        
+
         err = krb5int_ipc_stream_read_int32 (reply, &result);
         if (!err) { err = check_error (result); }
-    }    
-    
+    }
+
     krb5int_ipc_stream_release (request);
     krb5int_ipc_stream_release (reply);
 
diff --git a/src/kim/test/main.c b/src/kim/test/main.c
index e3efbd7f6..8eb5a42b7 100644
--- a/src/kim/test/main.c
+++ b/src/kim/test/main.c
@@ -28,51 +28,51 @@
 #include "test_kim_preferences.h"
 #include "test_kim_selection_hints.h"
 
-int main (int argc, const char * argv[]) 
+int main (int argc, const char * argv[])
 {
     kim_test_state_t state = NULL;
-    
+
     if (test_init (&state)) {
         return 1;
     }
-    
+
     test_kim_identity_create_from_krb5_principal (state);
 
     test_kim_identity_create_from_string (state);
-    
+
     test_kim_identity_create_from_components (state);
-    
+
     test_kim_identity_copy (state);
-    
+
     test_kim_identity_compare (state);
-    
+
     test_kim_identity_get_display_string (state);
-    
+
     test_kim_identity_get_realm (state);
-    
+
     test_kim_identity_get_number_of_components (state);
-    
+
     test_kim_identity_get_component_at_index (state);
- 
+
     test_kim_identity_get_krb5_principal (state);
-    
+
     test_kim_preferences_create (state);
-    
+
     test_kim_preferences_copy (state);
-    
+
     test_kim_preferences_set_options (state);
-    
+
     test_kim_preferences_set_remember_options (state);
-    
+
     test_kim_preferences_set_client_identity (state);
-    
+
     test_kim_selection_hints_set_hint (state);
-    
+
     test_kim_selection_hints_remember_identity (state);
-    
+
     test_kim_preferences_add_favorite_identity (state);
-    
+
     test_kim_preferences_remove_favorite_identity(state);
-    
+
     return test_cleanup (state);
 }
diff --git a/src/kim/test/test_kim_common.c b/src/kim/test/test_kim_common.c
index 802d41564..e62a237a4 100644
--- a/src/kim/test/test_kim_common.c
+++ b/src/kim/test/test_kim_common.c
@@ -33,23 +33,23 @@ const char *k_no_test_name = "No test name set";
 int test_init (kim_test_state_t *out_state)
 {
     kim_test_state_t state = NULL;
-    
+
     printf ("Initializing tests... ");
 
     state = malloc (sizeof (*state));
-    if (!state) { 
+    if (!state) {
         printf ("out of memory.\n\n");
-        return 1; 
+        return 1;
     }
-    
+
     state->test_name = k_no_test_name;
     state->global_fail_count = 0;
     state->test_fail_count = 0;
-    
+
     *out_state = state;
-    
+
     printf ("done.\n\n");
-    
+
     return 0;
 }
 
@@ -58,7 +58,7 @@ int test_init (kim_test_state_t *out_state)
 int test_cleanup (kim_test_state_t io_state)
 {
     int global_fail_count = io_state->global_fail_count;
-   
+
     printf ("Exiting.  %d total failures.", global_fail_count);
     free (io_state);
 
@@ -72,7 +72,7 @@ void start_test (kim_test_state_t in_state,
 {
     in_state->test_name = in_test_name;
     in_state->test_fail_count = 0;
-    
+
     printf ("Testing %s...\n", in_state->test_name);
 }
 
@@ -80,58 +80,58 @@ void start_test (kim_test_state_t in_state,
 
 void end_test (kim_test_state_t in_state)
 {
-    printf ("Finished testing %s.  %d failures.\n\n", 
+    printf ("Finished testing %s.  %d failures.\n\n",
             in_state->test_name, in_state->test_fail_count);
-    
+
     in_state->test_name = k_no_test_name;
     in_state->global_fail_count += in_state->test_fail_count;
-    in_state->test_fail_count = 0;    
+    in_state->test_fail_count = 0;
 }
 
 /* ------------------------------------------------------------------------ */
 
-void fail_if_error (kim_test_state_t  in_state, 
+void fail_if_error (kim_test_state_t  in_state,
                     const char       *in_function,
-                    kim_error         in_err, 
+                    kim_error         in_err,
                     const char       *in_format,
                     ...)
 {
     if (in_err) {
         va_list args;
         kim_string message = NULL;
-        
+
         kim_error err = kim_string_create_for_last_error (&message, in_err);
-        
+
         printf ("\tFAILURE: ");
         printf ("%s() got %d (%s) ",
                 in_function, in_err, !err ? message : "Unknown");
-        
+
         va_start (args, in_format);
         vprintf (in_format, args);
         va_end (args);
-        
+
         printf ("\n");
-        
+
         in_state->test_fail_count++;
-        
+
         kim_string_free (&message);
     }
 }
 
 /* ------------------------------------------------------------------------ */
 
-void log_failure (kim_test_state_t  in_state, 
+void log_failure (kim_test_state_t  in_state,
                   const char       *in_format,
                   ...)
 {
     va_list args;
-    
+
     printf ("\tFAILURE: ");
-    
+
     va_start (args, in_format);
     vprintf (in_format, args);
     va_end (args);
-    
+
     printf ("\n");
 
     in_state->test_fail_count++;
diff --git a/src/kim/test/test_kim_common.h b/src/kim/test/test_kim_common.h
index e7ac3eb30..8364094b5 100644
--- a/src/kim/test/test_kim_common.h
+++ b/src/kim/test/test_kim_common.h
@@ -47,9 +47,9 @@ void start_test (kim_test_state_t  in_state,
 
 void end_test (kim_test_state_t in_state);
 
-void fail_if_error (kim_test_state_t  in_state, 
+void fail_if_error (kim_test_state_t  in_state,
                     const char       *in_function,
-                    kim_error       in_err, 
+                    kim_error       in_err,
                     const char       *in_format,
                     ...)
 #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
@@ -57,7 +57,7 @@ __attribute__ ((__format__ (__printf__, 4, 5)))
 #endif
 ;
 
-void log_failure (kim_test_state_t  in_state, 
+void log_failure (kim_test_state_t  in_state,
                   const char       *in_format,
                   ...)
 #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
diff --git a/src/kim/test/test_kim_identity.c b/src/kim/test/test_kim_identity.c
index 2f1ac089f..81be6b11d 100644
--- a/src/kim/test/test_kim_identity.c
+++ b/src/kim/test/test_kim_identity.c
@@ -51,8 +51,8 @@ test_identity test_identities[] = {
     {"user/i1/i2@EXAMPLE.COM",         "user/i1/i2@EXAMPLE.COM",         0, "EXAMPLE.COM", 3, { "user",           "i1",          "i2", NULL, NULL } },
     {"user/i1/i2/i3/i4@EXAMPLE.COM",   "user/i1/i2/i3/i4@EXAMPLE.COM",   0, "EXAMPLE.COM", 5, { "user",           "i1",          "i2", "i3", "i4" } },
     {"an insanely long principal for testing icky hex key principals/an insanely long instance for testing icky hex key principals@AN-INSANELY-LONG-REALM-NAME-FOR-TESTING-AUTOGENERATED-REALM-NAMES",
-     "an insanely long principal for testing icky hex key principals/an insanely long instance for testing icky hex key principals@AN-INSANELY-LONG-REALM-NAME-FOR-TESTING-AUTOGENERATED-REALM-NAMES", 
-     0, "AN-INSANELY-LONG-REALM-NAME-FOR-TESTING-AUTOGENERATED-REALM-NAMES", 
+     "an insanely long principal for testing icky hex key principals/an insanely long instance for testing icky hex key principals@AN-INSANELY-LONG-REALM-NAME-FOR-TESTING-AUTOGENERATED-REALM-NAMES",
+     0, "AN-INSANELY-LONG-REALM-NAME-FOR-TESTING-AUTOGENERATED-REALM-NAMES",
      2, { "an insanely long principal for testing icky hex key principals", "an insanely long instance for testing icky hex key principals", NULL, NULL, NULL } },
     { NULL, NULL, 0, NULL, 0, { NULL, NULL, NULL, NULL, NULL } },
 };
@@ -62,56 +62,56 @@ test_identity test_identities[] = {
 void test_kim_identity_create_from_krb5_principal (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_create_from_krb5_principal");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         krb5_context context = NULL;
         krb5_principal principal = NULL;
         kim_identity identity = NULL;
         kim_string string = NULL;
-        
+
         printf (".");
-        
+
         err = krb5_init_context (&context);
-        fail_if_error (state, "krb5_init_context", err, 
+        fail_if_error (state, "krb5_init_context", err,
                        "while initializing context");
-        
+
         if (!err) {
             err = krb5_parse_name (context, test_identities[i].string, &principal);
-            fail_if_error (state, "krb5_parse_name", err, 
-                           "while creating krb5_principal for %s", 
+            fail_if_error (state, "krb5_parse_name", err,
+                           "while creating krb5_principal for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_create_from_krb5_principal (&identity, context, principal);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_get_string (identity, &string);
-            fail_if_error (state, "kim_identity_get_string", err, 
-                           "while getting the string for %s", 
+            fail_if_error (state, "kim_identity_get_string", err,
+                           "while getting the string for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && strcmp (string, test_identities[i].string)) {
-            log_failure (state, "Unexpected string (got '%s', expected '%s')", 
+            log_failure (state, "Unexpected string (got '%s', expected '%s')",
                          string, test_identities[i].string);
         }
-        
+
         kim_string_free (&string);
         kim_identity_free (&identity);
         if (principal) { krb5_free_principal (context, principal); }
         if (context  ) { krb5_free_context (context); }
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -120,41 +120,41 @@ void test_kim_identity_create_from_krb5_principal (kim_test_state_t state)
 void test_kim_identity_create_from_string (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_create_from_string");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity identity = NULL;
         kim_string string = NULL;
-        
+
         printf (".");
-        
+
         if (!err) {
             err = kim_identity_create_from_string (&identity, test_identities[i].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_get_string (identity, &string);
-            fail_if_error (state, "kim_identity_get_string", err, 
-                           "while getting the string for %s", 
+            fail_if_error (state, "kim_identity_get_string", err,
+                           "while getting the string for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && strcmp (string, test_identities[i].string)) {
-            log_failure (state, "Unexpected string (got '%s', expected '%s')", 
+            log_failure (state, "Unexpected string (got '%s', expected '%s')",
                          string, test_identities[i].string);
         }
-        
+
         kim_string_free (&string);
         kim_identity_free (&identity);
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -164,48 +164,48 @@ void test_kim_identity_create_from_string (kim_test_state_t state)
 void test_kim_identity_create_from_components (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_create_from_components");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity identity = NULL;
         kim_string string = NULL;
-        
+
         printf (".");
-        
+
         if (!err) {
-            err = kim_identity_create_from_components (&identity, 
-                                                       test_identities[i].realm, 
-                                                       test_identities[i].components[0], 
-                                                       test_identities[i].components[1], 
-                                                       test_identities[i].components[2], 
-                                                       test_identities[i].components[3], 
+            err = kim_identity_create_from_components (&identity,
+                                                       test_identities[i].realm,
+                                                       test_identities[i].components[0],
+                                                       test_identities[i].components[1],
+                                                       test_identities[i].components[2],
+                                                       test_identities[i].components[3],
                                                        test_identities[i].components[4],
                                                        NULL);
-            fail_if_error (state, "kim_identity_create_from_components", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_components", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_get_string (identity, &string);
-            fail_if_error (state, "kim_identity_get_string", err, 
-                           "while getting the string for %s", 
+            fail_if_error (state, "kim_identity_get_string", err,
+                           "while getting the string for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && strcmp (string, test_identities[i].string)) {
-            log_failure (state, "Unexpected string (got '%s', expected '%s')", 
+            log_failure (state, "Unexpected string (got '%s', expected '%s')",
                          string, test_identities[i].string);
         }
-        
+
         kim_string_free (&string);
         kim_identity_free (&identity);
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -214,49 +214,49 @@ void test_kim_identity_create_from_components (kim_test_state_t state)
 void test_kim_identity_copy (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_copy");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity identity = NULL;
         kim_identity identity_copy = NULL;
         kim_string string = NULL;
-        
+
         printf (".");
-        
+
         if (!err) {
             err = kim_identity_create_from_string (&identity, test_identities[i].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_copy (&identity_copy, identity);
-            fail_if_error (state, "kim_identity_copy", err, 
+            fail_if_error (state, "kim_identity_copy", err,
                            "while copying %s", test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_get_string (identity_copy, &string);
-            fail_if_error (state, "kim_identity_get_string", err, 
-                           "while getting the string for the copy of %s", 
+            fail_if_error (state, "kim_identity_get_string", err,
+                           "while getting the string for the copy of %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && strcmp (string, test_identities[i].string)) {
-            log_failure (state, "Unexpected string (got '%s', expected '%s')", 
+            log_failure (state, "Unexpected string (got '%s', expected '%s')",
                          string, test_identities[i].string);
         }
-        
+
         kim_string_free (&string);
         kim_identity_free (&identity_copy);
         kim_identity_free (&identity);
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -265,55 +265,55 @@ void test_kim_identity_copy (kim_test_state_t state)
 void test_kim_identity_compare (kim_test_state_t state)
 {
     kim_count i, j = 0;
-    
+
     start_test (state, "kim_identity_create_from_string");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity identity = NULL;
-        
+
         printf (".");
-        
+
         err = kim_identity_create_from_string (&identity, test_identities[i].string);
-        fail_if_error (state, "kim_identity_create_from_string", err, 
-                       "while creating the identity for %s", 
+        fail_if_error (state, "kim_identity_create_from_string", err,
+                       "while creating the identity for %s",
                        test_identities[i].string);
-        
+
         for (j = 0; !err && test_identities[j].string; j++) {
             kim_identity compare_to_identity = NULL;
             kim_comparison comparison = 0;
-            
+
             err = kim_identity_create_from_string (&compare_to_identity, test_identities[j].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[j].string);
-            
+
             if (!err) {
                 err = kim_identity_compare (identity, compare_to_identity, &comparison);
-                fail_if_error (state, "kim_identity_compare", err, 
-                               "while comparing %s and %s", 
+                fail_if_error (state, "kim_identity_compare", err,
+                               "while comparing %s and %s",
                                test_identities[i].string, test_identities[j].string);
             }
-            
+
             if (!err) {
                 if (i == j && !kim_comparison_is_equal_to (comparison)) {
-                    log_failure (state, "Expected %s and %s to be equal but kim_identity_compare returned %d", 
+                    log_failure (state, "Expected %s and %s to be equal but kim_identity_compare returned %d",
                                  test_identities[i].string, test_identities[j].string, comparison);
-                    
+
                 } else if (i != j && kim_comparison_is_equal_to (comparison)) {
-                    log_failure (state, "Expected %s and %s to be NOT equal but kim_identity_compare returned %d", 
+                    log_failure (state, "Expected %s and %s to be NOT equal but kim_identity_compare returned %d",
                                  test_identities[i].string, test_identities[j].string, comparison);
                 }
             }
-            
+
             kim_identity_free (&compare_to_identity);
         }
-        
+
         kim_identity_free (&identity);
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -322,41 +322,41 @@ void test_kim_identity_compare (kim_test_state_t state)
 void test_kim_identity_get_display_string (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_get_display_string");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity identity = NULL;
         kim_string string = NULL;
-        
+
         printf (".");
-        
+
         if (!err) {
             err = kim_identity_create_from_string (&identity, test_identities[i].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_get_display_string (identity, &string);
-            fail_if_error (state, "kim_identity_get_display_string", err, 
-                           "while getting the display string for %s", 
+            fail_if_error (state, "kim_identity_get_display_string", err,
+                           "while getting the display string for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && strcmp (string, test_identities[i].display_string)) {
-            log_failure (state, "Unexpected display string for %s (got '%s', expected '%s')", 
+            log_failure (state, "Unexpected display string for %s (got '%s', expected '%s')",
                          test_identities[i].string, string, test_identities[i].display_string);
         }
-        
+
         kim_string_free (&string);
         kim_identity_free (&identity);
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -365,40 +365,40 @@ void test_kim_identity_get_display_string (kim_test_state_t state)
 void test_kim_identity_get_realm (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_get_realm");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity identity = NULL;
         kim_string realm = NULL;
-        
+
         printf (".");
-        
+
         if (!err) {
             err = kim_identity_create_from_string (&identity, test_identities[i].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_get_realm (identity, &realm);
-            fail_if_error (state, "kim_identity_get_realm", err, 
+            fail_if_error (state, "kim_identity_get_realm", err,
                            "while getting the realm for %s", test_identities[i].string);
         }
-        
+
         if (!err && strcmp (realm, test_identities[i].realm)) {
-            log_failure (state, "Unexpected realm string (got '%s', expected '%s')", 
+            log_failure (state, "Unexpected realm string (got '%s', expected '%s')",
                          realm, test_identities[i].realm);
         }
-        
+
         kim_string_free (&realm);
         kim_identity_free (&identity);
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -407,40 +407,40 @@ void test_kim_identity_get_realm (kim_test_state_t state)
 void test_kim_identity_get_number_of_components (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_get_number_of_components");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity identity = NULL;
         kim_count count = 0;
-        
+
         printf (".");
-        
+
         if (!err) {
             err = kim_identity_create_from_string (&identity, test_identities[i].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_get_number_of_components (identity, &count);
-            fail_if_error (state, "kim_identity_get_number_of_components", err, 
-                           "while getting number of components of %s", 
+            fail_if_error (state, "kim_identity_get_number_of_components", err,
+                           "while getting number of components of %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && (count != test_identities[i].component_count)) {
-            log_failure (state, "Unexpected component count of %s (got %d, expected %d)", 
+            log_failure (state, "Unexpected component count of %s (got %d, expected %d)",
                          test_identities[i].string, (int) count, (int) test_identities[i].component_count);
         }
-        
+
         kim_identity_free (&identity);
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -449,45 +449,45 @@ void test_kim_identity_get_number_of_components (kim_test_state_t state)
 void test_kim_identity_get_component_at_index (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_get_component_at_index");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity identity = NULL;
         kim_count c = 0;
-        
+
         printf (".");
-        
+
         if (!err) {
             err = kim_identity_create_from_string (&identity, test_identities[i].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         for (c = 0; !err && c < test_identities[i].component_count; c++) {
             kim_string component = NULL;
-            
+
             err = kim_identity_get_component_at_index (identity, c, &component);
-            fail_if_error (state, "kim_identity_get_component_at_index", err, 
+            fail_if_error (state, "kim_identity_get_component_at_index", err,
                            "while getting component %d of %s", (int) c,
                            test_identities[i].string);
-            
+
             if (!err && strcmp (component, test_identities[i].components[c])) {
-                log_failure (state, "Unexpected component %d of %s (got '%s', expected '%s')", 
-                             (int) c, test_identities[i].string, 
+                log_failure (state, "Unexpected component %d of %s (got '%s', expected '%s')",
+                             (int) c, test_identities[i].string,
                              component, test_identities[i].components[c]);
             }
-            
+
             kim_string_free (&component);
         }
-        
+
         kim_identity_free (&identity);
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -496,58 +496,58 @@ void test_kim_identity_get_component_at_index (kim_test_state_t state)
 void test_kim_identity_get_krb5_principal (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_get_krb5_principal");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         krb5_context context = NULL;
         krb5_principal principal = NULL;
         krb5_principal identity_principal = NULL;
         kim_identity identity = NULL;
-        
+
         printf (".");
-        
+
         err = krb5_init_context (&context);
-        fail_if_error (state, "krb5_init_context", err, 
+        fail_if_error (state, "krb5_init_context", err,
                        "while initializing context");
-        
+
         if (!err) {
             err = krb5_parse_name (context, test_identities[i].string, &principal);
-            fail_if_error (state, "krb5_parse_name", err, 
-                           "while creating krb5_principal for %s", 
+            fail_if_error (state, "krb5_parse_name", err,
+                           "while creating krb5_principal for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && !err) {
             err = kim_identity_create_from_string (&identity, test_identities[i].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && !err) {
             err = kim_identity_get_krb5_principal (identity, context, &identity_principal);
-            fail_if_error (state, "kim_identity_get_krb5_principal", err, 
-                           "while getting the krb5_principal for %s", 
+            fail_if_error (state, "kim_identity_get_krb5_principal", err,
+                           "while getting the krb5_principal for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err && !err) {
             if (!krb5_principal_compare (context, principal, identity_principal)) {
-                log_failure (state, "Principal and identity principal for %s do not match", 
+                log_failure (state, "Principal and identity principal for %s do not match",
                              test_identities[i].string);
             }
         }
-        
+
         kim_identity_free (&identity);
         if (identity_principal) { krb5_free_principal (context, identity_principal); }
         if (principal         ) { krb5_free_principal (context, principal); }
         if (context           ) { krb5_free_context (context); }
     }
-    
+
     printf ("\n");
-    
+
     end_test (state);
 }
 
@@ -556,38 +556,38 @@ void test_kim_identity_get_krb5_principal (kim_test_state_t state)
 void test_kim_identity_is_tgt_service (kim_test_state_t state)
 {
     kim_count i = 0;
-    
+
     start_test (state, "kim_identity_is_tgt_service");
-    
+
     for (i = 0; test_identities[i].string; i++) {
         kim_error err = KIM_NO_ERROR;
         kim_identity_t identity = NULL;
         kim_boolean_t is_tgt_service = 0;
-        
+
         printf (".");
-        
+
         if (!err) {
             err = kim_identity_create_from_string (&identity, test_identities[i].string);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            test_identities[i].string);
         }
-        
+
         if (!err) {
             err = kim_identity_is_tgt_service (identity, &is_tgt_service);
-            fail_if_error (state, "kim_identity_is_tgt_service", err, 
-                           "while determining if %s is a tgt service", 
+            fail_if_error (state, "kim_identity_is_tgt_service", err,
+                           "while determining if %s is a tgt service",
                            test_identities[i].string);
         }
-        
+
         if (!err && (is_tgt_service != test_identities[i].is_tgt_service)) {
-            log_failure (state, "Unexpected result from kim_identity_is_tgt_service for %s (got %d, expected %d)", 
+            log_failure (state, "Unexpected result from kim_identity_is_tgt_service for %s (got %d, expected %d)",
                          test_identities[i].string, is_tgt_service, test_identities[i].is_tgt_service);
         }
-        
+
         kim_identity_free (&identity);
     }
-    
+
      printf ("\n");
 
      end_test (state);
diff --git a/src/kim/test/test_kim_preferences.c b/src/kim/test/test_kim_preferences.c
index 2766ad4d1..967cbc057 100644
--- a/src/kim/test/test_kim_preferences.c
+++ b/src/kim/test/test_kim_preferences.c
@@ -39,39 +39,39 @@ void print_favorites(kim_test_state_t state)
     kim_preferences prefs = NULL;
     kim_count count, j;
     kim_string string;
-    
+
     err = kim_preferences_create (&prefs);
-    fail_if_error (state, "kim_preferences_create", err, 
+    fail_if_error (state, "kim_preferences_create", err,
                    "while creating preferences");
-    
+
     if (!err) {
         err = kim_preferences_get_number_of_favorite_identities (prefs, &count);
-        fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err, 
+        fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err,
                        "while getting number of favorite identities");
         printf("%qu favorites...\n", count);
     }
-    
-    
+
+
     for (j = 0; j < count; j++) {
         kim_identity compare_identity = NULL;
         kim_options compare_options = NULL;
-        err = kim_preferences_get_favorite_identity_at_index (prefs, j, 
-                                                              &compare_identity, 
+        err = kim_preferences_get_favorite_identity_at_index (prefs, j,
+                                                              &compare_identity,
                                                               &compare_options);
-        fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err, 
+        fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err,
                        "while getting favorite identity %d", (int) j);
-        
+
         if (!err)
         {
             kim_identity_get_display_string(compare_identity, &string);
             printf("  %2qu: %s\n", j, string);
         }
-        
+
         kim_identity_free (&compare_identity);
         kim_options_free (&compare_options);
     }
-    
-    kim_preferences_free (&prefs);    
+
+    kim_preferences_free (&prefs);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -82,50 +82,50 @@ kim_boolean favorites_contains_identity(kim_test_state_t state, kim_identity ide
     kim_preferences prefs = NULL;
     kim_count count, j;
     kim_boolean found = 0;
-    
+
     err = kim_preferences_create (&prefs);
-    fail_if_error (state, "kim_preferences_create", err, 
+    fail_if_error (state, "kim_preferences_create", err,
                    "while creating preferences");
-    
+
     if (!err) {
         err = kim_preferences_get_number_of_favorite_identities (prefs, &count);
-        fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err, 
+        fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err,
                        "while getting number of favorite identities");
     }
-    
+
     for (j = 0; j < count; j++) {
         kim_identity compare_identity = NULL;
         kim_options compare_options = NULL;
         kim_comparison comparison = 0;
-        
-        err = kim_preferences_get_favorite_identity_at_index (prefs, j, 
-                                                              &compare_identity, 
+
+        err = kim_preferences_get_favorite_identity_at_index (prefs, j,
+                                                              &compare_identity,
                                                               &compare_options);
-        fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err, 
+        fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err,
                        "while getting favorite identity %d", (int) j);
-        
+
         if (!err) {
             kim_string display_string = NULL;
-            err = kim_identity_compare (identity, compare_identity, 
+            err = kim_identity_compare (identity, compare_identity,
                                         &comparison);
             if (err) {
                 kim_identity_get_display_string(identity, &display_string);
-                fail_if_error (state, "kim_identity_compare", err, 
-                               "while comparing %s to favorite identity %d", 
+                fail_if_error (state, "kim_identity_compare", err,
+                               "while comparing %s to favorite identity %d",
                                display_string, (int) j);
             }
         }
-        
+
         if (!err && kim_comparison_is_equal_to (comparison)) {
             found = 1;
         }
-        
+
         kim_identity_free (&compare_identity);
         kim_options_free (&compare_options);
     }
-    
+
     kim_preferences_free (&prefs);
-    
+
     return found;
 }
 
@@ -133,7 +133,7 @@ kim_boolean favorites_contains_identity(kim_test_state_t state, kim_identity ide
 
 void test_kim_preferences_create (kim_test_state_t state)
 {
-    
+
     start_test (state, "kim_preferences_create");
 
     {
@@ -141,12 +141,12 @@ void test_kim_preferences_create (kim_test_state_t state)
         kim_preferences prefs = NULL;
 
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     end_test (state);
 }
 
@@ -154,28 +154,28 @@ void test_kim_preferences_create (kim_test_state_t state)
 
 void test_kim_preferences_copy (kim_test_state_t state)
 {
-    
+
     start_test (state, "test_kim_preferences_copy");
-    
+
     {
         kim_error err = KIM_NO_ERROR;
         kim_preferences prefs = NULL;
         kim_preferences prefs_copy = NULL;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
- 
+
         if (!err) {
             err = kim_preferences_copy (&prefs_copy, prefs);
-            fail_if_error (state, "kim_preferences_copy", err, 
-                           "while copying preferences");            
+            fail_if_error (state, "kim_preferences_copy", err,
+                           "while copying preferences");
         }
-        
+
         kim_preferences_free (&prefs_copy);
         kim_preferences_free (&prefs);
     }
-    
+
     end_test (state);
 }
 
@@ -184,76 +184,76 @@ void test_kim_preferences_copy (kim_test_state_t state)
 void test_kim_preferences_set_options (kim_test_state_t state)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     start_test (state, "kim_preferences_set_options");
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
         kim_options options = NULL;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_get_options (prefs, &options);
-            fail_if_error (state, "kim_preferences_get_options", err, 
+            fail_if_error (state, "kim_preferences_get_options", err,
                            "while getting old options");
         }
-        
+
         if (!err) {
             err = kim_options_set_lifetime (options, TEST_LIFETIME);
-            fail_if_error (state, "kim_options_set_lifetime", err, 
-                           "while setting the lifetime to %d", TEST_LIFETIME);            
+            fail_if_error (state, "kim_options_set_lifetime", err,
+                           "while setting the lifetime to %d", TEST_LIFETIME);
         }
-        
+
         if (!err) {
             err = kim_preferences_set_options (prefs, options);
-            fail_if_error (state, "kim_preferences_set_options", err, 
+            fail_if_error (state, "kim_preferences_set_options", err,
                            "while setting the new options");
         }
-        
+
         if (!err) {
             err = kim_preferences_synchronize (prefs);
-            fail_if_error (state, "kim_preferences_synchronize", err, 
+            fail_if_error (state, "kim_preferences_synchronize", err,
                            "while setting the identity to KIM_IDENTITY_ANY");
         }
-        
+
         kim_options_free (&options);
         kim_preferences_free (&prefs);
     }
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
         kim_options verify_options = NULL;
         kim_lifetime lifetime = 0;
-       
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
-        
+
+
         if (!err) {
             err = kim_preferences_get_options (prefs, &verify_options);
-            fail_if_error (state, "kim_preferences_get_options", err, 
+            fail_if_error (state, "kim_preferences_get_options", err,
                            "while getting options for verification");
         }
-        
+
         if (!err) {
             err = kim_options_get_lifetime (verify_options, &lifetime);
-            fail_if_error (state, "kim_options_get_data", err, 
-                           "while getting the custom data of the verify options");            
+            fail_if_error (state, "kim_options_get_data", err,
+                           "while getting the custom data of the verify options");
         }
-        
+
         if (!err && lifetime != TEST_LIFETIME) {
-            log_failure (state, "Unexpected lifetime in options (got %d, expected %d)", 
+            log_failure (state, "Unexpected lifetime in options (got %d, expected %d)",
                          (int) lifetime, TEST_LIFETIME);
         }
- 
+
         kim_options_free (&verify_options);
         kim_preferences_free (&prefs);
     }
-    
+
     end_test (state);
 }
 
@@ -261,99 +261,99 @@ void test_kim_preferences_set_options (kim_test_state_t state)
 
 void test_kim_preferences_set_remember_options (kim_test_state_t state)
 {
-    
+
     kim_error err = KIM_NO_ERROR;
-   
+
     start_test (state, "kim_preferences_set_remember_options");
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_set_remember_options (prefs, TRUE);
-            fail_if_error (state, "kim_preferences_set_remember_options", err, 
+            fail_if_error (state, "kim_preferences_set_remember_options", err,
                            "while setting the preference to remember options");
         }
-        
+
         if (!err) {
             err = kim_preferences_synchronize (prefs);
-            fail_if_error (state, "kim_preferences_synchronize", err, 
+            fail_if_error (state, "kim_preferences_synchronize", err,
                            "while setting the identity to KIM_IDENTITY_ANY");
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
         kim_boolean remember_options = TRUE;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_get_remember_options (prefs, &remember_options);
-            fail_if_error (state, "kim_preferences_get_remember_options", err, 
+            fail_if_error (state, "kim_preferences_get_remember_options", err,
                            "while getting the preference to remember options");
         }
-        
+
         if (!err && !remember_options) {
-            log_failure (state, "Unexpected remember options preference (got %d, expected TRUE)", 
+            log_failure (state, "Unexpected remember options preference (got %d, expected TRUE)",
                          remember_options);
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-                
+
         if (!err) {
             err = kim_preferences_set_remember_options (prefs, FALSE);
-            fail_if_error (state, "kim_preferences_set_remember_options", err, 
+            fail_if_error (state, "kim_preferences_set_remember_options", err,
                            "while setting the preference to remember options");
         }
-        
+
         if (!err) {
             err = kim_preferences_synchronize (prefs);
-            fail_if_error (state, "kim_preferences_synchronize", err, 
+            fail_if_error (state, "kim_preferences_synchronize", err,
                            "while setting the identity to KIM_IDENTITY_ANY");
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
         kim_boolean remember_options = FALSE;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_get_remember_options (prefs, &remember_options);
-            fail_if_error (state, "kim_preferences_get_remember_options", err, 
+            fail_if_error (state, "kim_preferences_get_remember_options", err,
                            "while getting the preference to remember options");
         }
-        
+
         if (!err && remember_options) {
-            log_failure (state, "Unexpected remember options preference (got %d, expected 0)", 
+            log_failure (state, "Unexpected remember options preference (got %d, expected 0)",
                          remember_options);
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     end_test (state);
 }
 
@@ -361,118 +361,118 @@ void test_kim_preferences_set_remember_options (kim_test_state_t state)
 
 void test_kim_preferences_set_client_identity (kim_test_state_t state)
 {
-    
+
     kim_error err = KIM_NO_ERROR;
     kim_string test_string = "user@EXAMPLE.COM";
     kim_identity test_identity = KIM_IDENTITY_ANY;
     kim_identity identity = KIM_IDENTITY_ANY;
     kim_comparison comparison = 0;
-    
+
     start_test (state, "kim_preferences_set_client_identity");
-    
-    
+
+
     if (!err) {
         err = kim_identity_create_from_string (&test_identity, test_string);
-        fail_if_error (state, "kim_identity_create_from_string", err, 
+        fail_if_error (state, "kim_identity_create_from_string", err,
                        "while creating the identity for %s", test_string);
     }
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
 
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_set_client_identity (prefs, KIM_IDENTITY_ANY);
-            fail_if_error (state, "kim_preferences_set_client_identity", err, 
+            fail_if_error (state, "kim_preferences_set_client_identity", err,
                            "while setting the identity to KIM_IDENTITY_ANY");
         }
-        
+
         if (!err) {
             err = kim_preferences_synchronize (prefs);
-            fail_if_error (state, "kim_preferences_synchronize", err, 
+            fail_if_error (state, "kim_preferences_synchronize", err,
                            "while setting the identity to KIM_IDENTITY_ANY");
         }
-    
+
         kim_preferences_free (&prefs);
     }
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
 
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_get_client_identity (prefs, &identity);
-            fail_if_error (state, "kim_preferences_get_client_identity", err, 
+            fail_if_error (state, "kim_preferences_get_client_identity", err,
                            "while getting the client identity preference");
         }
-        
+
         if (!err && identity != KIM_IDENTITY_ANY) {
-            log_failure (state, "Unexpected client identity preference (got %p, expected %p)", 
+            log_failure (state, "Unexpected client identity preference (got %p, expected %p)",
                          identity, KIM_IDENTITY_ANY);
             kim_identity_free (&identity);
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
 
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_set_client_identity (prefs, test_identity);
-            fail_if_error (state, "kim_preferences_set_client_identity", err, 
+            fail_if_error (state, "kim_preferences_set_client_identity", err,
                            "while setting the identity to %s", test_string);
         }
-        
+
         if (!err) {
             err = kim_preferences_synchronize (prefs);
-            fail_if_error (state, "kim_preferences_synchronize", err, 
+            fail_if_error (state, "kim_preferences_synchronize", err,
                            "while setting the identity to KIM_IDENTITY_ANY");
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
-    
+
+
     if (!err) {
         kim_preferences prefs = NULL;
         kim_string string = NULL;
 
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_get_client_identity (prefs, &identity);
-            fail_if_error (state, "kim_preferences_get_client_identity", err, 
+            fail_if_error (state, "kim_preferences_get_client_identity", err,
                            "while getting the client identity preference");
         }
-        
+
         if (!err && identity) {
             err = kim_identity_get_string (identity, &string);
-            fail_if_error (state, "kim_identity_get_string", err, 
+            fail_if_error (state, "kim_identity_get_string", err,
                            "while getting the string for client identity preference");
         }
-        
+
         if (!err) {
             err = kim_identity_compare (identity, test_identity, &comparison);
-            fail_if_error (state, "kim_identity_compare", err, 
-                       "while comparing %s to the identity preference %s", 
+            fail_if_error (state, "kim_identity_compare", err,
+                       "while comparing %s to the identity preference %s",
                            test_string, string ? string : "NULL");
         }
-    
+
         if (!err && !kim_comparison_is_equal_to (comparison)) {
-            log_failure (state, "Unexpected client identity preference (got %s, expected %s)", 
+            log_failure (state, "Unexpected client identity preference (got %s, expected %s)",
                          string ? string : "NULL", test_string);
             kim_identity_free (&identity);
         }
@@ -480,7 +480,7 @@ void test_kim_preferences_set_client_identity (kim_test_state_t state)
         kim_string_free (&string);
         kim_preferences_free (&prefs);
     }
-    
+
     kim_identity_free (&identity);
     kim_identity_free (&test_identity);
 
@@ -507,95 +507,95 @@ struct favorite_identity fids[] = {
 void test_kim_preferences_add_favorite_identity (kim_test_state_t state)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     start_test (state, "kim_preferences_add_favorite_identity");
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
         kim_options options = NULL;
         kim_count i;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_remove_all_favorite_identities (prefs);
-            fail_if_error (state, "kim_preferences_remove_all_favorite_identities", err, 
+            fail_if_error (state, "kim_preferences_remove_all_favorite_identities", err,
                            "while removing all favorite identities");
         }
-        
+
         if (!err) {
             err = kim_options_create (&options);
-            fail_if_error (state, "kim_options_create", err, 
+            fail_if_error (state, "kim_options_create", err,
                            "while creating options");
-        }        
-        
+        }
+
         for (i = 0; !err && fids[i].identity; i++) {
             kim_identity identity = NULL;
-            
+
             err = kim_identity_create_from_string (&identity, fids[i].identity);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            fids[i].identity);
-            
+
             if (!err) {
                 err = kim_options_set_lifetime (options, fids[i].lifetime);
-                fail_if_error (state, "kim_options_set_lifetime", err, 
-                               "while setting the lifetime to %d", 
-                               (int) fids[i].lifetime);            
+                fail_if_error (state, "kim_options_set_lifetime", err,
+                               "while setting the lifetime to %d",
+                               (int) fids[i].lifetime);
             }
- 
+
             if (!err) {
                 err = kim_options_set_renewal_lifetime (options, fids[i].renewal_lifetime);
-                fail_if_error (state, "kim_options_set_renewal_lifetime", err, 
-                               "while setting the renewal lifetime to %d", 
-                               (int) fids[i].renewal_lifetime);            
+                fail_if_error (state, "kim_options_set_renewal_lifetime", err,
+                               "while setting the renewal lifetime to %d",
+                               (int) fids[i].renewal_lifetime);
             }
-            
+
             if (!err) {
                 err = kim_preferences_add_favorite_identity (prefs, identity, options);
-                fail_if_error (state, "kim_preferences_add_favorite_identity", err, 
-                               "while adding %s to the favorite identities", 
-                               fids[i].identity);            
+                fail_if_error (state, "kim_preferences_add_favorite_identity", err,
+                               "while adding %s to the favorite identities",
+                               fids[i].identity);
             }
-            
+
             kim_identity_free (&identity);
         }
-        
+
         if (!err) {
             err = kim_preferences_synchronize (prefs);
-            fail_if_error (state, "kim_preferences_synchronize", err, 
+            fail_if_error (state, "kim_preferences_synchronize", err,
                            "while setting the favorite identities");
         }
-        
+
         kim_options_free (&options);
         kim_preferences_free (&prefs);
     }
-    
+
     if (!err) {
         kim_preferences prefs = NULL;
         kim_count count, i;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_get_number_of_favorite_identities (prefs, &count);
-            fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err, 
+            fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err,
                            "while getting number of favorite identities");
         }
-        
-        
+
+
         for (i = 0; !err && fids[i].identity; i++) {
             kim_identity identity = NULL;
             kim_count j;
             kim_boolean found = 0;
-            
+
             err = kim_identity_create_from_string (&identity, fids[i].identity);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            fids[i].identity);
 
             for (j = 0; j < count; j++) {
@@ -603,73 +603,73 @@ void test_kim_preferences_add_favorite_identity (kim_test_state_t state)
                 kim_options compare_options = NULL;
                 kim_comparison comparison;
 
-                err = kim_preferences_get_favorite_identity_at_index (prefs, j, 
-                                                                      &compare_identity, 
+                err = kim_preferences_get_favorite_identity_at_index (prefs, j,
+                                                                      &compare_identity,
                                                                       &compare_options);
-                fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err, 
+                fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err,
                                "while getting favorite identity %d", (int) j);
-            
+
                 if (!err) {
-                    err = kim_identity_compare (identity, compare_identity, 
+                    err = kim_identity_compare (identity, compare_identity,
                                                 &comparison);
-                    fail_if_error (state, "kim_identity_compare", err, 
-                                   "while comparing %s to favorite identity %d", 
+                    fail_if_error (state, "kim_identity_compare", err,
+                                   "while comparing %s to favorite identity %d",
                                    fids[i].identity, (int) i);
                 }
-                
+
                 if (!err && kim_comparison_is_equal_to (comparison)) {
                     kim_lifetime compare_lifetime;
                     kim_lifetime compare_renewal_lifetime;
-                   
+
                     found = 1;
-                    
+
                     err = kim_options_get_lifetime (compare_options, &compare_lifetime);
-                    fail_if_error (state, "kim_options_get_lifetime", err, 
-                                   "while getting the lifetime for %s", 
-                                   fids[i].identity);            
-                    
+                    fail_if_error (state, "kim_options_get_lifetime", err,
+                                   "while getting the lifetime for %s",
+                                   fids[i].identity);
+
                     if (!err && fids[i].lifetime != compare_lifetime) {
-                        log_failure (state, "Unexpected lifetime for %s (got %d, expected %d)", 
+                        log_failure (state, "Unexpected lifetime for %s (got %d, expected %d)",
                                      fids[i].identity, (int) compare_lifetime,
-                                     (int) fids[i].lifetime);                
+                                     (int) fids[i].lifetime);
                     }
-                    
+
                     if (!err) {
-                        err = kim_options_get_renewal_lifetime (compare_options, 
+                        err = kim_options_get_renewal_lifetime (compare_options,
                                                                 &compare_renewal_lifetime);
-                        fail_if_error (state, "kim_options_get_renewal_lifetime", err, 
-                                       "while getting the lifetime for %s", 
-                                       fids[i].identity);            
+                        fail_if_error (state, "kim_options_get_renewal_lifetime", err,
+                                       "while getting the lifetime for %s",
+                                       fids[i].identity);
                     }
-                    
+
                     if (!err && fids[i].renewal_lifetime != compare_renewal_lifetime) {
-                        log_failure (state, "Unexpected renewal lifetime for %s (got %d, expected %d)", 
-                                     fids[i].identity, 
+                        log_failure (state, "Unexpected renewal lifetime for %s (got %d, expected %d)",
+                                     fids[i].identity,
                                      (int) compare_renewal_lifetime,
-                                     (int) fids[i].renewal_lifetime);                
+                                     (int) fids[i].renewal_lifetime);
                     }
                 }
-                
+
                 kim_identity_free (&compare_identity);
                 kim_options_free (&compare_options);
             }
-                
+
             if (!err && !found) {
-                log_failure (state, "Favorite identity %s not found in favorite identities list", 
+                log_failure (state, "Favorite identity %s not found in favorite identities list",
                              fids[i].identity);
             }
-            
+
             kim_identity_free (&identity);
         }
-        
+
         if (!err && i != count) {
-            log_failure (state, "Unexpected number of favorite identities (got %d, expected %d)", 
+            log_failure (state, "Unexpected number of favorite identities (got %d, expected %d)",
                          (int) count, (int) i);
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     end_test (state);
 }
 
@@ -678,7 +678,7 @@ void test_kim_preferences_add_favorite_identity (kim_test_state_t state)
 void test_kim_preferences_remove_favorite_identity (kim_test_state_t state)
 {
     kim_error err = KIM_NO_ERROR;
-    
+
     start_test (state, "kim_preferences_remove_favorite_identity");
     /*
      * 1. Remove all favorites to start with a clean slate
@@ -686,233 +686,233 @@ void test_kim_preferences_remove_favorite_identity (kim_test_state_t state)
      * 3. Verify added favorites
      * 4. Remove those favorites one by one, checking each time to make sure they were removed
      */
-    
+
     // Remove old and add new
     if (!err) {
         kim_preferences prefs = NULL;
         kim_options options = NULL;
         kim_count i;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_remove_all_favorite_identities (prefs);
-            fail_if_error (state, "kim_preferences_remove_all_favorite_identities", err, 
+            fail_if_error (state, "kim_preferences_remove_all_favorite_identities", err,
                            "while removing all favorite identities");
         }
-        
+
         if (!err) {
             err = kim_preferences_get_number_of_favorite_identities (prefs, &i);
-            fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err, 
+            fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err,
                            "while getting number of favorite identities after clearing");
-        }        
-        
+        }
+
         if (!err) {
             err = kim_options_create (&options);
-            fail_if_error (state, "kim_options_create", err, 
+            fail_if_error (state, "kim_options_create", err,
                            "while creating options");
-        }        
-        
+        }
+
         for (i = 0; !err && fids[i].identity; i++) {
             kim_identity identity = NULL;
-            
+
             err = kim_identity_create_from_string (&identity, fids[i].identity);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            fids[i].identity);
-            
+
             if (!err) {
                 err = kim_options_set_lifetime (options, fids[i].lifetime);
-                fail_if_error (state, "kim_options_set_lifetime", err, 
-                               "while setting the lifetime to %d", 
-                               (int) fids[i].lifetime);            
+                fail_if_error (state, "kim_options_set_lifetime", err,
+                               "while setting the lifetime to %d",
+                               (int) fids[i].lifetime);
             }
-            
+
             if (!err) {
                 err = kim_options_set_renewal_lifetime (options, fids[i].renewal_lifetime);
-                fail_if_error (state, "kim_options_set_renewal_lifetime", err, 
-                               "while setting the renewal lifetime to %d", 
-                               (int) fids[i].renewal_lifetime);            
+                fail_if_error (state, "kim_options_set_renewal_lifetime", err,
+                               "while setting the renewal lifetime to %d",
+                               (int) fids[i].renewal_lifetime);
             }
-            
+
             if (!err) {
                 err = kim_preferences_add_favorite_identity (prefs, identity, options);
-                fail_if_error (state, "kim_preferences_add_favorite_identity", err, 
-                               "while adding %s to the favorite identities", 
-                               fids[i].identity);            
+                fail_if_error (state, "kim_preferences_add_favorite_identity", err,
+                               "while adding %s to the favorite identities",
+                               fids[i].identity);
             }
-            
+
             kim_identity_free (&identity);
         }
-        
+
         if (!err) {
             err = kim_preferences_synchronize (prefs);
-            fail_if_error (state, "kim_preferences_synchronize", err, 
+            fail_if_error (state, "kim_preferences_synchronize", err,
                            "while setting the favorite identities");
         }
-        
+
         kim_options_free (&options);
         kim_preferences_free (&prefs);
     }
-    
+
     // Verify add
     if (!err) {
         kim_preferences prefs = NULL;
         kim_count count, i;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_get_number_of_favorite_identities (prefs, &count);
-            fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err, 
+            fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err,
                            "while getting number of favorite identities");
         }
-        
-        
+
+
         for (i = 0; !err && fids[i].identity; i++) {
             kim_identity identity = NULL;
             kim_count j;
             kim_boolean found = 0;
-            
+
             err = kim_identity_create_from_string (&identity, fids[i].identity);
-            fail_if_error (state, "kim_identity_create_from_string", err, 
-                           "while creating the identity for %s", 
+            fail_if_error (state, "kim_identity_create_from_string", err,
+                           "while creating the identity for %s",
                            fids[i].identity);
-            
+
             for (j = 0; j < count; j++) {
                 kim_identity compare_identity = NULL;
                 kim_options compare_options = NULL;
                 kim_comparison comparison;
-                
-                err = kim_preferences_get_favorite_identity_at_index (prefs, j, 
-                                                                      &compare_identity, 
+
+                err = kim_preferences_get_favorite_identity_at_index (prefs, j,
+                                                                      &compare_identity,
                                                                       &compare_options);
-                fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err, 
+                fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err,
                                "while getting favorite identity %d", (int) j);
-                
+
                 if (!err) {
-                    err = kim_identity_compare (identity, compare_identity, 
+                    err = kim_identity_compare (identity, compare_identity,
                                                 &comparison);
-                    fail_if_error (state, "kim_identity_compare", err, 
-                                   "while comparing %s to favorite identity %d", 
+                    fail_if_error (state, "kim_identity_compare", err,
+                                   "while comparing %s to favorite identity %d",
                                    fids[i].identity, (int) i);
                 }
-                
+
                 if (!err && kim_comparison_is_equal_to (comparison)) {
                     kim_lifetime compare_lifetime;
                     kim_lifetime compare_renewal_lifetime;
-                    
+
                     found = 1;
-                    
+
                     err = kim_options_get_lifetime (compare_options, &compare_lifetime);
-                    fail_if_error (state, "kim_options_get_lifetime", err, 
-                                   "while getting the lifetime for %s", 
-                                   fids[i].identity);            
-                    
+                    fail_if_error (state, "kim_options_get_lifetime", err,
+                                   "while getting the lifetime for %s",
+                                   fids[i].identity);
+
                     if (!err && fids[i].lifetime != compare_lifetime) {
-                        log_failure (state, "Unexpected lifetime for %s (got %d, expected %d)", 
+                        log_failure (state, "Unexpected lifetime for %s (got %d, expected %d)",
                                      fids[i].identity, (int) compare_lifetime,
-                                     (int) fids[i].lifetime);                
+                                     (int) fids[i].lifetime);
                     }
-                    
+
                     if (!err) {
-                        err = kim_options_get_renewal_lifetime (compare_options, 
+                        err = kim_options_get_renewal_lifetime (compare_options,
                                                                 &compare_renewal_lifetime);
-                        fail_if_error (state, "kim_options_get_renewal_lifetime", err, 
-                                       "while getting the lifetime for %s", 
-                                       fids[i].identity);            
+                        fail_if_error (state, "kim_options_get_renewal_lifetime", err,
+                                       "while getting the lifetime for %s",
+                                       fids[i].identity);
                     }
-                    
+
                     if (!err && fids[i].renewal_lifetime != compare_renewal_lifetime) {
-                        log_failure (state, "Unexpected renewal lifetime for %s (got %d, expected %d)", 
-                                     fids[i].identity, 
+                        log_failure (state, "Unexpected renewal lifetime for %s (got %d, expected %d)",
+                                     fids[i].identity,
                                      (int) compare_renewal_lifetime,
-                                     (int) fids[i].renewal_lifetime);                
+                                     (int) fids[i].renewal_lifetime);
                     }
                 }
-                
+
                 kim_identity_free (&compare_identity);
                 kim_options_free (&compare_options);
             }
-            
+
             if (!err && !found) {
-                log_failure (state, "Favorite identity %s not found in favorite identities list", 
+                log_failure (state, "Favorite identity %s not found in favorite identities list",
                              fids[i].identity);
             }
-            
+
             kim_identity_free (&identity);
         }
-        
+
         if (!err && i != count) {
-            log_failure (state, "Unexpected number of favorite identities (got %d, expected %d)", 
+            log_failure (state, "Unexpected number of favorite identities (got %d, expected %d)",
                          (int) count, (int) i);
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     // Remove one by one
     if (!err) {
         kim_preferences prefs = NULL;
         kim_count count, j;
-        
+
         err = kim_preferences_create (&prefs);
-        fail_if_error (state, "kim_preferences_create", err, 
+        fail_if_error (state, "kim_preferences_create", err,
                        "while creating preferences");
-        
+
         if (!err) {
             err = kim_preferences_get_number_of_favorite_identities (prefs, &count);
-            fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err, 
+            fail_if_error (state, "kim_preferences_get_number_of_favorite_identities", err,
                            "while getting number of favorite identities");
         }
-        
+
         for (j = 0; j < count; j++) {
             kim_identity compare_identity = NULL;
             kim_options compare_options = NULL;
             kim_string string = NULL;
-            
-            err = kim_preferences_get_favorite_identity_at_index (prefs, 0, 
-                                                                  &compare_identity, 
+
+            err = kim_preferences_get_favorite_identity_at_index (prefs, 0,
+                                                                  &compare_identity,
                                                                   &compare_options);
-            fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err, 
+            fail_if_error (state, "kim_preferences_get_favorite_identity_at_index", err,
                            "while getting favorite identity %d", (int) j);
-            
+
             if (!err) {
                 err = kim_identity_get_display_string(compare_identity, &string);
-                fail_if_error (state, "kim_identity_get_display_string", err, 
+                fail_if_error (state, "kim_identity_get_display_string", err,
                                "while getting the display string for identity %d", (int) j);
             }
-            
+
             if (!err) {
                 err = kim_preferences_remove_favorite_identity(prefs, compare_identity);
-                fail_if_error (state, "kim_preferences_remove_favorite_identity", err, 
+                fail_if_error (state, "kim_preferences_remove_favorite_identity", err,
                                "while removing favorite identity %d \"%s\"", (int) j, string);
             }
 
             if (!err) {
                 err = kim_preferences_synchronize (prefs);
-                fail_if_error (state, "kim_preferences_synchronize", err, 
+                fail_if_error (state, "kim_preferences_synchronize", err,
                                "while removing favorite %qu: %s", j, string);
             }
-            
+
             if (!err && favorites_contains_identity(state, compare_identity)) {
                 kim_string display_string = NULL;
                 kim_identity_get_display_string(compare_identity, &display_string);
-                log_failure (state, "Favorite identities still contains %s after removal", 
+                log_failure (state, "Favorite identities still contains %s after removal",
                              display_string);
             }
-            
+
             kim_string_free (&string);
             kim_identity_free (&compare_identity);
             kim_options_free (&compare_options);
         }
-        
+
         kim_preferences_free (&prefs);
     }
-    
+
     end_test (state);
 }
diff --git a/src/kim/test/test_kim_selection_hints.c b/src/kim/test/test_kim_selection_hints.c
index 2a24a610e..655980e26 100644
--- a/src/kim/test/test_kim_selection_hints.c
+++ b/src/kim/test/test_kim_selection_hints.c
@@ -51,53 +51,53 @@ void test_kim_selection_hints_set_hint (kim_test_state_t state)
 {
     kim_error err = KIM_NO_ERROR;
     kim_count i = 0;
-    
+
     start_test (state, "test_kim_selection_hints_set_hint");
 
     for (i = 0; !err && test_hints[i].key; i++) {
         kim_selection_hints hints = NULL;
         kim_string string = NULL;
         kim_comparison comparison = 0;
-        
+
         printf (".");
 
         err = kim_selection_hints_create (&hints, KSH_TEST_ID);
-        fail_if_error (state, "kim_selection_hints_create", err, 
+        fail_if_error (state, "kim_selection_hints_create", err,
                        "while creating selection hints for %s", KSH_TEST_ID);
-        
+
         if (!err) {
             err = kim_selection_hints_set_hint (hints, test_hints[i].key, test_hints[i].hint);
-            fail_if_error (state, "kim_selection_hints_set_hint", 
-                           err, "while setting hint %s to %s", 
-                           test_hints[i].key, test_hints[i].hint); 
+            fail_if_error (state, "kim_selection_hints_set_hint",
+                           err, "while setting hint %s to %s",
+                           test_hints[i].key, test_hints[i].hint);
         }
-        
+
         if (!err) {
             err = kim_selection_hints_get_hint (hints, test_hints[i].key, &string);
-            fail_if_error (state, "kim_selection_hints_get_hint", 
+            fail_if_error (state, "kim_selection_hints_get_hint",
                            err, "while getting hint %s", test_hints[i].key);
         }
-        
+
         if (!err) {
             err = kim_string_compare (test_hints[i].hint, string, &comparison);
-            fail_if_error (state, "kim_identity_compare", err, 
-                           "while comparing %s to %s (hint %s)", 
-                           test_hints[i].hint, 
+            fail_if_error (state, "kim_identity_compare", err,
+                           "while comparing %s to %s (hint %s)",
+                           test_hints[i].hint,
                            string ? string : "NULL", test_hints[i].key);
         }
-        
+
         if (!err && !kim_comparison_is_equal_to (comparison)) {
-            log_failure (state, "Unexpected hint %s (got %s, expected %s)", 
-                         test_hints[i].key, 
-                         string ? string : "NULL", 
+            log_failure (state, "Unexpected hint %s (got %s, expected %s)",
+                         test_hints[i].key,
+                         string ? string : "NULL",
                          test_hints[i].hint);
         }
-        
+
         kim_string_free (&string);
         kim_selection_hints_free (&hints);
     }
-    
-    end_test (state);    
+
+    end_test (state);
 }
 
 
@@ -113,66 +113,66 @@ void test_kim_selection_hints_remember_identity (kim_test_state_t state)
     kim_string string = NULL;
     kim_identity identity = KIM_IDENTITY_ANY;
     kim_comparison comparison = 0;
-  
+
     start_test (state, "kim_selection_hints_remember_identity");
-    
+
     if (!err) {
         err = kim_selection_hints_create (&hints, KSH_TEST_ID);
-        fail_if_error (state, "kim_selection_hints_create", err, 
+        fail_if_error (state, "kim_selection_hints_create", err,
                        "while creating selection hints for %s", KSH_TEST_ID);
     }
-    
-    for (i = 0; !err && test_hints[i].key; i++) {        
+
+    for (i = 0; !err && test_hints[i].key; i++) {
         err = kim_selection_hints_set_hint (hints, test_hints[i].key, test_hints[i].hint);
-        fail_if_error (state, "kim_selection_hints_set_hint", 
-                       err, "while setting hint %s to %s", 
+        fail_if_error (state, "kim_selection_hints_set_hint",
+                       err, "while setting hint %s to %s",
                        test_hints[i].key, test_hints[i].hint);
     }
-    
+
     if (!err) {
-        err = kim_identity_create_from_string (&client_identity, 
+        err = kim_identity_create_from_string (&client_identity,
                                                KSH_IDENTITY);
-        fail_if_error (state, "kim_identity_create_from_string", err, 
-                       "while creating an identity for %s", 
+        fail_if_error (state, "kim_identity_create_from_string", err,
+                       "while creating an identity for %s",
                        KSH_IDENTITY);
     }
-    
+
     if (!err) {
         err = kim_selection_hints_remember_identity (hints, client_identity);
-        fail_if_error (state, "kim_selection_hints_remember_identity", 
-                       err, "while remembering identity %s", 
+        fail_if_error (state, "kim_selection_hints_remember_identity",
+                       err, "while remembering identity %s",
                        KSH_IDENTITY);
     }
-    
+
     if (!err) {
         err = kim_selection_hints_get_identity (hints, &identity);
-        fail_if_error (state, "kim_selection_hints_get_identity", 
-                       err, "while checking if identity is %s", 
+        fail_if_error (state, "kim_selection_hints_get_identity",
+                       err, "while checking if identity is %s",
                        KSH_IDENTITY);
     }
-    
+
     if (!err && identity) {
         err = kim_identity_get_string (identity, &string);
-        fail_if_error (state, "kim_identity_get_string", err, 
+        fail_if_error (state, "kim_identity_get_string", err,
                        "while getting the string for the client identity hint");
     }
-    
+
     if (!err) {
         err = kim_identity_compare (client_identity, identity, &comparison);
-        fail_if_error (state, "kim_identity_compare", err, 
-                       "while comparing %s to the identity hint %s", 
+        fail_if_error (state, "kim_identity_compare", err,
+                       "while comparing %s to the identity hint %s",
                        KSH_IDENTITY, string ? string : "NULL");
     }
-    
+
     if (!err && !kim_comparison_is_equal_to (comparison)) {
-        log_failure (state, "Unexpected client identity hint (got %s, expected %s)", 
+        log_failure (state, "Unexpected client identity hint (got %s, expected %s)",
                      string ? string : "NULL", KSH_IDENTITY);
     }
-    
+
     kim_string_free (&string);
     kim_identity_free (&identity);
     kim_identity_free (&client_identity);
     kim_selection_hints_free (&hints);
-    
+
     end_test (state);
 }
diff --git a/src/kim/test/test_kll.c b/src/kim/test/test_kll.c
index d1773ae30..e0261480c 100644
--- a/src/kim/test/test_kll.c
+++ b/src/kim/test/test_kll.c
@@ -21,10 +21,10 @@ int main(void)
     KLTime t;
     KLStatus err;
     KLPrincipal principal;
-    
+
     /* force use of UI */
-    fclose (stdin);    
-    
+    fclose (stdin);
+
     err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &principal);
     printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err);
     if (err == klNoErr) {
@@ -32,58 +32,58 @@ int main(void)
         printf ("KLChangePassword() (err = %d)\n", err);
         KLDisposePrincipal (principal);
     }
-    
+
     err = KLLastChangedTime(&t);
     printf ("KLLastChangedTime returned %d (err = %d)\n", t, err);
-    
+
     TestKLPrincipal ();
     TestLoginOptions ();
     TestApplicationOptions ();
     TestErrorHandling ();
     TestKerberosRealms ();
     TestHighLevelAPI ();
-    
+
     err = KLLastChangedTime(&t);
     printf ("KLLastChangedTime returned %d (err = %d)\n", t, err);
-    
-    return 0;	
+
+    return 0;
 }
 
 void TestErrorHandling (void)
 {
     long err;
     char*	errorString;
-    
+
     err = KLGetErrorString (KRB5KRB_AP_ERR_BAD_INTEGRITY, &errorString);
     printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
     if (!err) { KLDisposeString (errorString); }
-    
+
     err = KLGetErrorString (klCredentialsBadAddressErr, &errorString);
-    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);       
+    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
     if (!err) { KLDisposeString (errorString); }
-    
+
     err = KLGetErrorString (klCacheDoesNotExistErr, &errorString);
-    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);       
+    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
     if (!err) { KLDisposeString (errorString); }
-    
+
     err = KLGetErrorString (klPasswordMismatchErr, &errorString);
-    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);       
+    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
     if (!err) { KLDisposeString (errorString); }
-    
+
     err = KLGetErrorString (klInsecurePasswordErr, &errorString);
-    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);       
+    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
     if (!err) { KLDisposeString (errorString); }
-    
+
     err = KLGetErrorString (klPasswordChangeFailedErr, &errorString);
-    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);       
+    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
     if (!err) { KLDisposeString (errorString); }
-        
+
     err = KLGetErrorString (klCantContactServerErr, &errorString);
-    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);       
+    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
     if (!err) { KLDisposeString (errorString); }
-    
+
     err = KLGetErrorString (klCantDisplayUIErr, &errorString);
-    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);       
+    printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err);
     if (!err) { KLDisposeString (errorString); }
 }
 
@@ -96,7 +96,7 @@ void TestHighLevelAPI (void)
     char*	principalString;
     char	timeString[256];
     KLBoolean	valid;
-    
+
     err = KLCreatePrincipalFromTriplet ("grail", "", "TESTV5-KERBEROS-1.3.1", &inPrincipal);
     printf ("KLCreatePrincipalFromTriplet(grail@TESTV5-KERBEROS-1.3.1) (err = %d)\n", err);
     if (err == klNoErr) {
@@ -109,7 +109,7 @@ void TestHighLevelAPI (void)
         }
         KLDisposePrincipal (inPrincipal);
     }
-    
+
     err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
     printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err);
     if (err == klNoErr) {
@@ -122,7 +122,7 @@ void TestHighLevelAPI (void)
         }
         KLDisposePrincipal (inPrincipal);
     }
-    
+
     err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName);
     printf ("KLAcquireNewInitialTickets() (err = %d)\n", err);
     if (err == klNoErr) {
@@ -135,21 +135,21 @@ void TestHighLevelAPI (void)
         }
         KLDisposePrincipal (inPrincipal);
     }
-    
+
     err = KLSetDefaultLoginOption (loginOption_LoginName, "testname", 3);
     printf ("KLSetDefaultLoginOption(loginOption_LoginName) to testname (err = %d)\n", err);
     if (err == klNoErr) {
         err = KLSetDefaultLoginOption (loginOption_LoginInstance, "testinstance", 6);
         printf ("KLSetDefaultLoginOption(loginOption_LoginInstance) to testinstance (err = %d)\n", err);
     }
-    
+
     err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName);
     printf ("KLAcquireNewInitialTickets() (err = %d)\n", err);
     if (err == klNoErr) {
         KLDisposeString (outCredCacheName);
         KLDisposePrincipal (inPrincipal);
     }
-    
+
     // Principal == NULL
     while (KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName) == klNoErr) {
         err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime);
@@ -171,14 +171,14 @@ void TestHighLevelAPI (void)
         KLDisposeString (outCredCacheName);
         KLDisposePrincipal (outPrincipal);
     }
-    
+
     err = KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName);
     if (err == klNoErr) {
         KLDisposeString (outCredCacheName);
         KLDisposePrincipal (outPrincipal);
     }
-    
-    
+
+
     err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
     printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err);
     if (err == klNoErr) {
@@ -189,10 +189,10 @@ void TestHighLevelAPI (void)
             KLDisposePrincipal (outPrincipal);
         }
         err = KLDestroyTickets (inPrincipal);
-        
+
         KLDisposePrincipal (inPrincipal);
     }
-    
+
     err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
     printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err);
     if (err == klNoErr) {
@@ -202,7 +202,7 @@ void TestHighLevelAPI (void)
             KLDisposeString (outCredCacheName);
             KLDisposePrincipal (outPrincipal);
         }
-        
+
         err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
         if (err == klNoErr) {
             err = KLGetStringFromPrincipal (outPrincipal, kerberosVersion_V5, &principalString);
@@ -210,22 +210,22 @@ void TestHighLevelAPI (void)
                 err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime);
                 printf ("Tickets for principal '%s' expire on %s\n",
                         principalString, TimeToString(timeString, expirationTime));
-                
+
                 KLDisposeString (principalString);
             }
             KLDisposeString (outCredCacheName);
             KLDisposePrincipal (outPrincipal);
         }
-        
+
         err = KLChangePassword (inPrincipal);
         printf ("KLChangePassword() (err = %d)\n", err);
-        
+
         err = KLDestroyTickets (inPrincipal);
         printf ("KLDestroyTickets() (err = %d)\n", err);
-        
+
         KLDisposePrincipal (inPrincipal);
     }
-    
+
 }
 
 
@@ -241,22 +241,22 @@ void TestKLPrincipal (void)
     char *user = NULL;
     char *instance = NULL;
     char *realm = NULL;
-    
+
     printf ("Entering TestKLPrincipal()\n");
     printf ("----------------------------------------------------------------\n");
-    
+
     err = KLCreatePrincipalFromString ("thisprincipalnameislongerthanissupportedbyKerberos4@TEST-KERBEROS-1.3.1",
                                        kerberosVersion_V5, &extraLongPrincipal);
     printf ("KLCreatePrincipalFromString "
             "('thisprincipalnameislongerthanissupportedbyKerberos4@TEST-KERBEROS-1.3.1') "
             "(err = %s)\n", error_message(err));
-    
+
     printf ("----------------------------------------------------------------\n");
-    
+
     err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &principal);
     printf ("KLCreatePrincipalFromTriplet ('nobody' '' 'TEST-KERBEROS-1.3.1') (err = %s)\n",
             error_message(err));
-    
+
     if (err == klNoErr) {
         err = KLGetStringFromPrincipal (principal, kerberosVersion_V5, &principalString);
         if (err == klNoErr) {
@@ -265,7 +265,7 @@ void TestKLPrincipal (void)
         } else {
             printf ("KLGetStringFromPrincipal(nobody@TEST-KERBEROS-1.3.1, v5) returned (err = %s)\n", error_message(err));
         }
-        
+
         err = KLGetStringFromPrincipal (principal, kerberosVersion_V4, &principalString);
         if (err == klNoErr) {
             printf ("KLGetStringFromPrincipal (nobody@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString);
@@ -273,7 +273,7 @@ void TestKLPrincipal (void)
         } else {
             printf ("KLGetStringFromPrincipal(nobody@TEST-KERBEROS-1.3.1, v4) returned (err = %s)\n", error_message(err));
         }
-        
+
         err = KLGetTripletFromPrincipal (principal, &user, &instance, &realm);
         if (err == klNoErr) {
             printf ("KLGetTripletFromPrincipal (nobody@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n",
@@ -283,14 +283,14 @@ void TestKLPrincipal (void)
             KLDisposeString (realm);
         } else {
             printf ("KLGetTripletFromPrincipal(nobody@TEST-KERBEROS-1.3.1) returned (err = %s)\n", error_message(err));
-        }            
+        }
     }
-    
+
     printf ("----------------------------------------------------------------\n");
-    
+
     err = KLCreatePrincipalFromTriplet ("nobody", "admin", "TEST-KERBEROS-1.3.1", &adminPrincipal);
     printf ("KLCreatePrincipalFromTriplet ('nobody' 'admin' 'TEST-KERBEROS-1.3.1') (err = %d)\n", err);
-    
+
     if (err == klNoErr) {
         err = KLGetStringFromPrincipal (adminPrincipal, kerberosVersion_V5, &principalString);
         if (err == klNoErr) {
@@ -299,7 +299,7 @@ void TestKLPrincipal (void)
         } else {
             printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err);
         }
-        
+
         err = KLGetStringFromPrincipal (adminPrincipal, kerberosVersion_V4, &principalString);
         if (err == klNoErr) {
             printf ("KLGetStringFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString);
@@ -307,7 +307,7 @@ void TestKLPrincipal (void)
         } else {
             printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err);
         }
-        
+
         err = KLGetTripletFromPrincipal (adminPrincipal, &user, &instance, &realm);
         if (err == klNoErr) {
             printf ("KLGetTripletFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n",
@@ -319,9 +319,9 @@ void TestKLPrincipal (void)
             printf ("KLGetTripletFromPrincipal(lxs/admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err);
         }
     }
-    
+
     printf ("----------------------------------------------------------------\n");
-    
+
     err = KLCreatePrincipalFromString ("nobody/root@TEST-KERBEROS-1.3.1", kerberosVersion_V5, &adminPrincipalV5);
     printf ("KLCreatePrincipalFromString ('nobody/root@TEST-KERBEROS-1.3.1', v5) (err = %d)\n", err);
     if (err == klNoErr) {
@@ -332,7 +332,7 @@ void TestKLPrincipal (void)
         } else {
             printf ("KLGetStringFromPrincipal(nobody/root@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err);
         }
-        
+
         err = KLGetStringFromPrincipal (adminPrincipalV5, kerberosVersion_V4, &principalString);
         if (err == klNoErr) {
             printf ("KLGetStringFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString);
@@ -340,7 +340,7 @@ void TestKLPrincipal (void)
         } else {
             printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err);
         }
-        
+
         err = KLGetTripletFromPrincipal (adminPrincipalV5, &user, &instance, &realm);
         if (err == klNoErr) {
             printf ("KLGetTripletFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n",
@@ -352,9 +352,9 @@ void TestKLPrincipal (void)
             printf ("KLGetTripletFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err);
         }
     }
-    
+
     printf ("----------------------------------------------------------------\n");
-    
+
     err = KLCreatePrincipalFromString ("nobody.admin@TEST-KERBEROS-1.3.1", kerberosVersion_V4, &adminPrincipalV4);
     printf ("KLCreatePrincipalFromString ('nobody.admin@TEST-KERBEROS-1.3.1') (err = %d)\n", err);
     if (err == klNoErr) {
@@ -365,7 +365,7 @@ void TestKLPrincipal (void)
         } else {
             printf ("KLGetStringFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err);
         }
-        
+
         err = KLGetStringFromPrincipal (adminPrincipalV4, kerberosVersion_V4, &principalString);
         if (err == klNoErr) {
             printf ("KLGetStringFromPrincipal (nobody.admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString);
@@ -373,7 +373,7 @@ void TestKLPrincipal (void)
         } else {
             printf ("KLGetStringFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err);
         }
-        
+
         err = KLGetTripletFromPrincipal (adminPrincipalV4, &user, &instance, &realm);
         if (err == klNoErr) {
             printf ("KLGetTripletFromPrincipal (nobody.admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n",
@@ -385,12 +385,12 @@ void TestKLPrincipal (void)
             printf ("KLGetTripletFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err);
         }
     }
-    
+
     printf ("----------------------------------------------------------------\n");
-    
+
     if (adminPrincipalV4 != NULL && adminPrincipalV5 != NULL) {
         KLBoolean equivalent;
-        
+
         err = KLComparePrincipal (adminPrincipalV5, adminPrincipalV4, &equivalent);
         if (err == klNoErr) {
             printf ("KLComparePrincipal %s comparing nobody/admin@TEST-KERBEROS-1.3.1 and nobody.admin@TEST-KERBEROS-1.3.1\n",
@@ -399,10 +399,10 @@ void TestKLPrincipal (void)
             printf ("KLComparePrincipal returned (err = %d)\n", err);
         }
     }
-    
+
     if (principal != NULL && adminPrincipalV5 != NULL) {
         KLBoolean equivalent;
-        
+
         err = KLComparePrincipal (principal, adminPrincipalV4, &equivalent);
         if (err == klNoErr) {
             printf ("KLComparePrincipal %s comparing nobody@TEST-KERBEROS-1.3.1 and nobody.admin@TEST-KERBEROS-1.3.1\n",
@@ -411,10 +411,10 @@ void TestKLPrincipal (void)
             printf ("KLComparePrincipal returned (err = %d)\n", err);
         }
     }
-    
+
     if (principal != NULL && adminPrincipalV5 != NULL) {
         KLBoolean equivalent;
-        
+
         err = KLComparePrincipal (principal, adminPrincipalV5, &equivalent);
         if (err == klNoErr) {
             printf ("KLComparePrincipal %s comparing nobody@TEST-KERBEROS-1.3.1 and nobody/admin@TEST-KERBEROS-1.3.1\n",
@@ -423,10 +423,10 @@ void TestKLPrincipal (void)
             printf ("KLComparePrincipal returned (err = %d)\n", err);
         }
     }
-    
+
     if (adminPrincipal != NULL && adminPrincipalV5 != NULL) {
         KLBoolean equivalent;
-        
+
         err = KLComparePrincipal (adminPrincipalV5, principal, &equivalent);
         if (err == klNoErr) {
             printf ("KLComparePrincipal %s comparing nobody/admin@TEST-KERBEROS-1.3.1 and nobody@TEST-KERBEROS-1.3.1\n",
@@ -435,9 +435,9 @@ void TestKLPrincipal (void)
             printf ("KLComparePrincipal returned (err = %d)\n", err);
         }
     }
-    
+
     printf ("----------------------------------------------------------------\n\n");
-    
+
     if (extraLongPrincipal != NULL) KLDisposePrincipal (extraLongPrincipal);
     if (adminPrincipalV5   != NULL) KLDisposePrincipal (adminPrincipalV5);
     if (adminPrincipalV4   != NULL) KLDisposePrincipal (adminPrincipalV4);
@@ -456,24 +456,24 @@ void TestKerberosRealms (void)
     printf ("About to test Kerberos realms\n");
     KLRemoveAllKerberosRealms ();
     KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL);
-    
+
     KLInsertKerberosRealm (realmList_End, "FOO");
     KLInsertKerberosRealm (realmList_End, "BAR");
     KLInsertKerberosRealm (realmList_End, "BAZ");
     KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL);
-    
+
     KLInsertKerberosRealm (realmList_End, "FOO");
     KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL);
-    
+
     KLSetKerberosRealm (0, "QUUX");
     KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL);
-    
+
     KLRemoveKerberosRealm (0);
     KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL);
-    
+
     KLSetKerberosRealm (2, "TEST-KERBEROS-1.3.1");
     KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL);
-    
+
     KLRemoveAllKerberosRealms ();
     KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.3.1");
     KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.0.6");
@@ -485,7 +485,7 @@ void TestKerberosRealms (void)
     KLInsertKerberosRealm (realmList_End, "TEST-HEIMDAL-0.3D");
     KLInsertKerberosRealm (realmList_End, "TESTV5-HEIMDAL-0.3D");
     KLInsertKerberosRealm (realmList_End, "TEST-KTH-KRB-1.1");
-}	
+}
 
 
 void TestLoginOptions (void)
@@ -493,25 +493,25 @@ void TestLoginOptions (void)
     KLBoolean optionSetting;
     KLStatus err = klNoErr;
     KLLifetime lifetime;
-    
+
     lifetime = 10*60;
     KLSetDefaultLoginOption(loginOption_MinimalTicketLifetime, &lifetime, sizeof(KLLifetime));
-    
+
     lifetime = 8*60*60;
     KLSetDefaultLoginOption(loginOption_MaximalTicketLifetime, &lifetime, sizeof(KLLifetime));
-    
+
     lifetime = 8*60*60;
     KLSetDefaultLoginOption(loginOption_DefaultTicketLifetime, &lifetime, sizeof(KLLifetime));
-        
+
     optionSetting = FALSE;
     KLSetDefaultLoginOption(loginOption_DefaultForwardableTicket, &optionSetting, sizeof(optionSetting));
-    
+
     optionSetting = TRUE;
     KLSetDefaultLoginOption(loginOption_RememberPrincipal, &optionSetting, sizeof(optionSetting));
-    
+
     optionSetting = TRUE;
     err = KLSetDefaultLoginOption(loginOption_RememberExtras, &optionSetting, sizeof(optionSetting));
-    
+
     if (err == klNoErr) {
         KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL);
         optionSetting = TRUE;
@@ -532,9 +532,9 @@ char* TimeToString (char* timeString, long t)
     /* we come in in 1970 time */
     time_t timer = (time_t) t;
     struct tm tm;
-    
+
     tm = *localtime (&timer);
-    
+
     sprintf(timeString, "%.3s %.3s%3d %.2d:%.2d:%.2d %d",
             day_name[tm.tm_wday],
             month_name[tm.tm_mon],
@@ -543,7 +543,7 @@ char* TimeToString (char* timeString, long t)
             tm.tm_min,
             tm.tm_sec,
             tm.tm_year + 1900);
-    
+
     return timeString;
 }
 
@@ -553,4 +553,3 @@ void MyKerberosLoginIdleCallback (KLRefCon inAppData)
     syslog (LOG_ALERT, "App got callback while waiting for Mach IPC (appData == %d)\n", inAppData);
     //    KLCancelAllDialogs ();
 }
-
diff --git a/src/kim/test/test_kll_terminal.c b/src/kim/test/test_kll_terminal.c
index 9c22625bf..20a5e7898 100644
--- a/src/kim/test/test_kll_terminal.c
+++ b/src/kim/test/test_kll_terminal.c
@@ -2,13 +2,13 @@
 
 
 
-int main (void) 
+int main (void)
 {
     KLStatus		err;
     KLPrincipal		principal;
     char 			*principalName;
     char			*cacheName;
-    
+
     printf ("Testing KLAcquireNewTickets (nil)...\n");
 
     err = KLAcquireNewTickets (nil, &principal, &cacheName);
@@ -18,22 +18,22 @@ int main (void)
             printf ("Got tickets for '%s' in cache '%s'\n", principalName, cacheName);
             KLDisposeString (principalName);
         } else {
-            printf ("KLGetStringFromPrincipal() returned (err = %ld)\n", err); 
+            printf ("KLGetStringFromPrincipal() returned (err = %ld)\n", err);
         }
         KLDisposeString (cacheName);
-        
+
         printf ("Testing KLChangePassword (principal)...\n");
-        
+
         err = KLChangePassword (principal);
         if (err != klNoErr) {
             printf ("KLChangePassword() returned (err = %ld)\n", err);
         }
-        
+
         KLDisposePrincipal (principal);
     } else {
         printf ("KLAcquireNewTickets() returned (err = %ld)\n", err);
     }
-    
-    printf ("All done testing!\n");  
-    return 0;  
-}
\ No newline at end of file
+
+    printf ("All done testing!\n");
+    return 0;
+}
diff --git a/src/kim/test/test_ui_plugin.c b/src/kim/test/test_ui_plugin.c
index 9a6e3761d..a37fa7f83 100644
--- a/src/kim/test/test_ui_plugin.c
+++ b/src/kim/test/test_ui_plugin.c
@@ -43,18 +43,18 @@ const char *magic = "test_ui_context_magic";
 /* ------------------------------------------------------------------------ */
 
 static void test_ui_vlog (test_ui_context  in_context,
-                          const char      *in_format, 
+                          const char      *in_format,
                           va_list          in_args)
 {
     if (!in_context) {
         asl_log (NULL, NULL, ASL_LEVEL_ERR, "NULL context!");
-        
+
     } else if (strcmp (in_context->magic, magic)) {
-        asl_log (NULL, NULL, ASL_LEVEL_ERR, 
+        asl_log (NULL, NULL, ASL_LEVEL_ERR,
                  "Magic mismatch.  Context corrupted!");
-        
+
     } else {
-        asl_vlog (in_context->asl_context, NULL, ASL_LEVEL_NOTICE, 
+        asl_vlog (in_context->asl_context, NULL, ASL_LEVEL_NOTICE,
                   in_format, in_args);
     }
 }
@@ -62,19 +62,19 @@ static void test_ui_vlog (test_ui_context  in_context,
 /* ------------------------------------------------------------------------ */
 
 static void test_ui_log_ (void       *in_context,
-                          const char *in_function, 
+                          const char *in_function,
                           const char *in_format, ...)
 {
     test_ui_context context = in_context;
     char *format = NULL;
     va_list args;
-    
+
     asprintf (&format, "%s: %s", in_function, in_format);
-    
-    va_start (args, in_format);    
+
+    va_start (args, in_format);
     test_ui_vlog (context, format, args);
     va_end (args);
-              
+
     free (format);
 }
 
@@ -88,38 +88,38 @@ static kim_error test_ui_init (void **out_context)
 {
     kim_error err = KIM_NO_ERROR;
     test_ui_context context = NULL;
-    
+
     if (!err) {
         context = malloc (sizeof (*context));
         if (!context) { err = KIM_OUT_OF_MEMORY_ERR; }
-    } 
-    
+    }
+
     if (!err) {
         context->got_error = 0;
         context->magic = magic;
-        context->asl_context = asl_open (NULL, 
-                                         "com.apple.console", 
+        context->asl_context = asl_open (NULL,
+                                         "com.apple.console",
                                          ASL_OPT_NO_DELAY | ASL_OPT_STDERR);
         if (!context->asl_context) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         test_ui_log (context, "returning with no error.");
     } else {
         kim_string estring = NULL;
-        
+
         kim_string_create_for_last_error (&estring, err);
         test_ui_log (NULL, "returning %d: %s", err, estring);
         kim_string_free (&estring);
     }
-    
-    if (!err) {        
+
+    if (!err) {
         *out_context = context;
         context = NULL;
     }
-    
+
     free (context);
-    
+
     return err;
 }
 
@@ -132,9 +132,9 @@ static kim_error test_ui_enter_identity (void         *in_context,
 {
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = NULL;
-    
+
     test_ui_log (in_context, "entering...");
-    
+
     if (!err) {
         test_ui_context context = in_context;
         if (context->got_error > 1) {
@@ -143,39 +143,39 @@ static kim_error test_ui_enter_identity (void         *in_context,
             err = KIM_USER_CANCELED_ERR;
         }
     }
-    
+
     if (!err) {
         err = kim_options_set_lifetime (io_options, 1800);
     }
-    
+
     if (!err) {
         err = kim_options_set_renewal_lifetime (io_options, 3600);
     }
-    
+
     if (!err) {
         err = kim_identity_create_from_string (&identity,
                                                "nobody@TEST-KERBEROS-1.5");
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
         *out_change_password = 0;
     }
-    
+
     kim_identity_free (&identity);
-    
+
     if (!err) {
         test_ui_log (in_context, "returning with no error.");
     } else {
         kim_string estring = NULL;
-        
+
         kim_string_create_for_last_error (&estring, err);
         test_ui_log (in_context, "returning %d: %s", err, estring);
         kim_string_free (&estring);
     }
-    
-    return err;    
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -188,9 +188,9 @@ static kim_error test_ui_select_identity (void                *in_context,
     kim_error err = KIM_NO_ERROR;
     kim_identity identity = NULL;
     kim_options options = NULL;
-    
+
     test_ui_log (in_context, "entering...");
-    
+
     if (!err) {
         test_ui_context context = in_context;
         if (context->got_error > 1) {
@@ -199,61 +199,61 @@ static kim_error test_ui_select_identity (void                *in_context,
             err = KIM_USER_CANCELED_ERR;
         }
     }
-    
+
     if (!err) {
         err = kim_selection_hints_get_options (io_hints, &options);
     }
-    
+
     if (!err && !options) {
         err = kim_options_create (&options);
     }
-    
+
     if (!err) {
         err = kim_options_set_lifetime (options, 1800);
     }
-    
+
     if (!err) {
         err = kim_options_set_renewal_lifetime (options, 3600);
     }
-    
+
     if (!err) {
         err = kim_selection_hints_set_options (io_hints, options);
     }
-    
+
     if (!err) {
         err = kim_identity_create_from_string (&identity,
                                                "nobody@TEST-KERBEROS-1.5");
     }
-    
+
     if (!err) {
         *out_identity = identity;
         identity = NULL;
         *out_change_password = 0;
     }
-    
+
     kim_options_free (&options);
     kim_identity_free (&identity);
-    
+
     if (!err) {
         test_ui_log (in_context, "returning with no error.");
     } else {
         kim_string estring = NULL;
-        
+
         kim_string_create_for_last_error (&estring, err);
         test_ui_log (in_context, "returning %d: %s", err, estring);
         kim_string_free (&estring);
     }
-    
-    return err;    
-}    
+
+    return err;
+}
 
 /* ------------------------------------------------------------------------ */
 
 static kim_error test_ui_auth_prompt (void              *in_context,
                                       kim_identity       in_identity,
                                       kim_prompt_type    in_type,
-                                      kim_boolean        in_allow_save_reply, 
-                                      kim_boolean        in_hide_reply, 
+                                      kim_boolean        in_allow_save_reply,
+                                      kim_boolean        in_hide_reply,
                                       kim_string         in_title,
                                       kim_string         in_message,
                                       kim_string         in_description,
@@ -263,13 +263,13 @@ static kim_error test_ui_auth_prompt (void              *in_context,
     kim_error err = KIM_NO_ERROR;
     kim_string string = NULL;
     char *reply = NULL;
-    
+
     test_ui_log (in_context, "entering...");
-    
+
     if (!err) {
         err = kim_identity_get_display_string (in_identity, &string);
     }
-    
+
     if (!err) {
         test_ui_log (in_context, "\tidentity = %s",         string);
         test_ui_log (in_context, "\ttype = %d",             in_type);
@@ -278,11 +278,11 @@ static kim_error test_ui_auth_prompt (void              *in_context,
         test_ui_log (in_context, "\ttitle = %s",            in_title);
         test_ui_log (in_context, "\tmessage = %s",          in_message);
         test_ui_log (in_context, "\tdescription = %s",      in_description);
-        
+
         reply = strdup ("ydobon");
         if (!reply) { err = KIM_OUT_OF_MEMORY_ERR; }
     }
-    
+
     if (!err) {
         test_ui_context context = in_context;
         if (context->got_error > 1) {
@@ -291,26 +291,26 @@ static kim_error test_ui_auth_prompt (void              *in_context,
             err = KIM_USER_CANCELED_ERR;
         }
     }
-    
+
     if (!err) {
         *out_reply = reply;
         reply = NULL;
         *out_save_reply = 0;
     }
-    
+
     free (reply);
     kim_string_free (&string);
-    
+
     if (!err) {
         test_ui_log (in_context, "returning with no error.");
     } else {
         kim_string estring = NULL;
-        
+
         kim_string_create_for_last_error (&estring, err);
         test_ui_log (in_context, "returning %d: %s", err, estring);
         kim_string_free (&estring);
     }
-    
+
     return err;
 }
 
@@ -328,26 +328,26 @@ static kim_error test_ui_change_password (void          *in_context,
     char *old_password = NULL;
     char *new_password = NULL;
     char *vfy_password = NULL;
-    
+
     test_ui_log (in_context, "entering...");
-    
+
     if (!err) {
         err = kim_identity_get_display_string (in_identity, &string);
     }
-    
+
     if (!err) {
         test_ui_log (in_context, "\tidentity = %s", string);
-        test_ui_log (in_context, "\told_password_expired = %d", 
+        test_ui_log (in_context, "\told_password_expired = %d",
                      in_old_password_expired);
 
         old_password = strdup ("ydobon");
         new_password = strdup ("foo");
         vfy_password = strdup ("foo");
-        if (!old_password || !new_password || !vfy_password) { 
-            err = KIM_OUT_OF_MEMORY_ERR; 
+        if (!old_password || !new_password || !vfy_password) {
+            err = KIM_OUT_OF_MEMORY_ERR;
         }
     }
-    
+
     if (!err) {
         test_ui_context context = in_context;
         if (context->got_error > 1) {
@@ -365,22 +365,22 @@ static kim_error test_ui_change_password (void          *in_context,
         *out_verify_password = vfy_password;
         vfy_password = NULL;
     }
-    
+
     free (old_password);
     free (new_password);
     free (vfy_password);
     kim_string_free (&string);
-    
+
     if (!err) {
         test_ui_log (in_context, "returning with no error.");
     } else {
         kim_string estring = NULL;
-        
+
         kim_string_create_for_last_error (&estring, err);
         test_ui_log (in_context, "returning %d: %s", err, estring);
         kim_string_free (&estring);
     }
-    
+
     return err;
 }
 
@@ -394,13 +394,13 @@ static kim_error test_ui_handle_error (void         *in_context,
 {
     kim_error err = KIM_NO_ERROR;
     kim_string string = NULL;
-    
+
     test_ui_log (in_context, "entering...");
-    
+
     if (!err) {
         err = kim_identity_get_display_string (in_identity, &string);
     }
-    
+
     if (!err) {
         test_ui_context context = in_context;
 
@@ -408,22 +408,22 @@ static kim_error test_ui_handle_error (void         *in_context,
         test_ui_log (in_context, "\terror = %d",       in_error);
         test_ui_log (in_context, "\tmessage = %s",     in_error_message);
         test_ui_log (in_context, "\tdescription = %s", in_error_description);
-        
+
         context->got_error++;
     }
-    
+
     kim_string_free (&string);
-    
+
     if (!err) {
         test_ui_log (in_context, "returning with no error.");
     } else {
         kim_string estring = NULL;
-        
+
         kim_string_create_for_last_error (&estring, err);
         test_ui_log (in_context, "returning %d: %s", err, estring);
         kim_string_free (&estring);
     }
-    
+
     return err;
 }
 
@@ -446,14 +446,14 @@ static kim_error test_ui_fini (void *io_context)
     kim_error err = KIM_NO_ERROR;
 
     test_ui_log (io_context, "deallocating...");
-    
+
     if (io_context) {
         test_ui_context context = io_context;
-        
+
         asl_close (context->asl_context);
         free (context);
     }
-    
+
     return err;
 }
 
diff --git a/src/lib/apputils/daemon.c b/src/lib/apputils/daemon.c
index 00dde4882..42b2bbc22 100644
--- a/src/lib/apputils/daemon.c
+++ b/src/lib/apputils/daemon.c
@@ -62,7 +62,7 @@ daemon(nochdir, noclose)
 #else
 	{
 		int n;
-	    
+
 		/*
 		 * The open below may hang on pseudo ttys if the person
 		 * who starts named logs out before this point.  Thus,
diff --git a/src/lib/crypto/builtin/aes/aes.h b/src/lib/crypto/builtin/aes/aes.h
index ac1c1b89e..6009b986a 100644
--- a/src/lib/crypto/builtin/aes/aes.h
+++ b/src/lib/crypto/builtin/aes/aes.h
@@ -5,23 +5,23 @@
 
  LICENSE TERMS
 
- The free distribution and use of this software in both source and binary 
+ The free distribution and use of this software in both source and binary
  form is allowed (with or without changes) provided that:
 
-   1. distributions of this source code include the above copyright 
+   1. distributions of this source code include the above copyright
       notice, this list of conditions and the following disclaimer;
 
    2. distributions in binary form include the above copyright
       notice, this list of conditions and the following disclaimer
       in the documentation and/or other associated materials;
 
-   3. the copyright holder's name is not used to endorse products 
-      built using this software without specific written permission. 
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
 
  DISCLAIMER
 
  This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness 
+ in respect of any properties, including, but not limited to, correctness
  and fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 21/01/2002
@@ -34,9 +34,9 @@
 
 #include "uitypes.h"
 
-/*  BLOCK_SIZE is in BYTES: 16, 24, 32 or undefined for aes.c and 16, 20, 
-    24, 28, 32 or undefined for aespp.c.  When left undefined a slower 
-    version that provides variable block length is compiled.    
+/*  BLOCK_SIZE is in BYTES: 16, 24, 32 or undefined for aes.c and 16, 20,
+    24, 28, 32 or undefined for aespp.c.  When left undefined a slower
+    version that provides variable block length is compiled.
 */
 
 #define BLOCK_SIZE  16
diff --git a/src/lib/crypto/builtin/aes/aes_s2k.c b/src/lib/crypto/builtin/aes/aes_s2k.c
index 14c7726bb..0eccdd941 100644
--- a/src/lib/crypto/builtin/aes/aes_s2k.c
+++ b/src/lib/crypto/builtin/aes/aes_s2k.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5int_aes_string_to_key
  */
diff --git a/src/lib/crypto/builtin/aes/aescpp.h b/src/lib/crypto/builtin/aes/aescpp.h
index e685485e1..c81dfa6d1 100644
--- a/src/lib/crypto/builtin/aes/aescpp.h
+++ b/src/lib/crypto/builtin/aes/aescpp.h
@@ -1,4 +1,3 @@
-
 /*
  -------------------------------------------------------------------------
  Copyright (c) 2001, Dr Brian Gladman <brg@gladman.uk.net>, Worcester, UK.
@@ -6,21 +5,21 @@
 
  TERMS
 
- Redistribution and use in source and binary forms, with or without 
+ Redistribution and use in source and binary forms, with or without
  modification, are permitted subject to the following conditions:
 
-  1. Redistributions of source code must retain the above copyright 
-     notice, this list of conditions and the following disclaimer. 
+  1. Redistributions of source code must retain the above copyright
+     notice, this list of conditions and the following disclaimer.
 
   2. Redistributions in binary form must reproduce the above copyright
-     notice, this list of conditions and the following disclaimer in the 
-     documentation and/or other materials provided with the distribution. 
+     notice, this list of conditions and the following disclaimer in the
+     documentation and/or other materials provided with the distribution.
 
-  3. The copyright holder's name must not be used to endorse or promote 
-     any products derived from this software without his specific prior 
-     written permission. 
+  3. The copyright holder's name must not be used to endorse or promote
+     any products derived from this software without his specific prior
+     written permission.
 
- This software is provided 'as is' with no express or implied warranties 
+ This software is provided 'as is' with no express or implied warranties
  of correctness or fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 21/01/2002
diff --git a/src/lib/crypto/builtin/aes/aescrypp.c b/src/lib/crypto/builtin/aes/aescrypp.c
index 87b634179..c1608df2a 100644
--- a/src/lib/crypto/builtin/aes/aescrypp.c
+++ b/src/lib/crypto/builtin/aes/aescrypp.c
@@ -5,23 +5,23 @@
 
  LICENSE TERMS
 
- The free distribution and use of this software in both source and binary 
+ The free distribution and use of this software in both source and binary
  form is allowed (with or without changes) provided that:
 
-   1. distributions of this source code include the above copyright 
+   1. distributions of this source code include the above copyright
       notice, this list of conditions and the following disclaimer;
 
    2. distributions in binary form include the above copyright
       notice, this list of conditions and the following disclaimer
       in the documentation and/or other associated materials;
 
-   3. the copyright holder's name is not used to endorse products 
-      built using this software without specific written permission. 
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
 
  DISCLAIMER
 
  This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness 
+ in respect of any properties, including, but not limited to, correctness
  and fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 21/01/2002
@@ -44,7 +44,7 @@
 #define locals(y,x)     x[4],y[4]
 #else
 #define locals(y,x)     x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
- /* 
+ /*
    the following defines prevent the compiler requiring the declaration
    of generated but unused variables in the fwd_var and inv_var macros
  */
@@ -77,7 +77,7 @@
 #define b17 unused
 #endif
 #define l_copy(y, x)    s(y,0) = s(x,0); s(y,1) = s(x,1); \
-                        s(y,2) = s(x,2); s(y,3) = s(x,3); s(y,4) = s(x,4); 
+                        s(y,2) = s(x,2); s(y,3) = s(x,3); s(y,4) = s(x,4);
 #define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3); si(y,x,k,4)
 #define state_out(y,x)  so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3); so(y,x,4)
 #define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3); rm(y,x,k,4)
@@ -212,15 +212,15 @@ switch(nc) \
 #if defined(ENCRYPTION)
 
 /* I am grateful to Frank Yellin for the following construction
-   (and that for decryption) which, given the column (c) of the 
-   output state variable, gives the input state variables which 
+   (and that for decryption) which, given the column (c) of the
+   output state variable, gives the input state variables which
    are needed for each row (r) of the state.
 
-   For the fixed block size options, compilers should reduce these 
-   two expressions to fixed variable references. But for variable 
+   For the fixed block size options, compilers should reduce these
+   two expressions to fixed variable references. But for variable
    block size code conditional clauses will sometimes be returned.
 
-   y = output word, x = input word, r = row, c = column for r = 0, 
+   y = output word, x = input word, r = row, c = column for r = 0,
    1, 2 and 3 = column accessed for row r.
 */
 
@@ -291,7 +291,7 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
 
 #if (ENC_UNROLL == FULL)
 
-    state_in((cx->n_rnd & 1 ? b1 : b0), in_blk, kp); 
+    state_in((cx->n_rnd & 1 ? b1 : b0), in_blk, kp);
     kp += (cx->n_rnd - 9) * nc;
 
     switch(cx->n_rnd)
@@ -300,13 +300,13 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
     case 13:    round(fwd_rnd,  b0, b1, kp - 3 * nc);
     case 12:    round(fwd_rnd,  b1, b0, kp - 2 * nc);
     case 11:    round(fwd_rnd,  b0, b1, kp -     nc);
-    case 10:    round(fwd_rnd,  b1, b0, kp         );             
+    case 10:    round(fwd_rnd,  b1, b0, kp         );
                 round(fwd_rnd,  b0, b1, kp +     nc);
-                round(fwd_rnd,  b1, b0, kp + 2 * nc); 
+                round(fwd_rnd,  b1, b0, kp + 2 * nc);
                 round(fwd_rnd,  b0, b1, kp + 3 * nc);
-                round(fwd_rnd,  b1, b0, kp + 4 * nc); 
+                round(fwd_rnd,  b1, b0, kp + 4 * nc);
                 round(fwd_rnd,  b0, b1, kp + 5 * nc);
-                round(fwd_rnd,  b1, b0, kp + 6 * nc); 
+                round(fwd_rnd,  b1, b0, kp + 6 * nc);
                 round(fwd_rnd,  b0, b1, kp + 7 * nc);
                 round(fwd_rnd,  b1, b0, kp + 8 * nc);
                 round(fwd_lrnd, b0, b1, kp + 9 * nc);
@@ -314,33 +314,33 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
 #else
     {   uint32_t    rnd;
 
-        state_in(b0, in_blk, kp); 
+        state_in(b0, in_blk, kp);
 
 #if (ENC_UNROLL == PARTIAL)
 
         for(rnd = 0; rnd < (cx->n_rnd - 1) >> 1; ++rnd)
         {
             kp += nc;
-            round(fwd_rnd, b1, b0, kp); 
+            round(fwd_rnd, b1, b0, kp);
             kp += nc;
-            round(fwd_rnd, b0, b1, kp); 
+            round(fwd_rnd, b0, b1, kp);
         }
 
-        if(cx->n_rnd & 1) 
+        if(cx->n_rnd & 1)
         {
             l_copy(b1, b0);
         }
         else
         {
             kp += nc;
-            round(fwd_rnd,  b1, b0, kp); 
+            round(fwd_rnd,  b1, b0, kp);
         }
 #else
         for(rnd = 0; rnd < cx->n_rnd - 1; ++rnd)
         {
             kp += nc;
-            round(fwd_rnd, b1, b0, kp); 
-            l_copy(b0, b1); 
+            round(fwd_rnd, b1, b0, kp);
+            l_copy(b0, b1);
         }
 #endif
         kp += nc;
@@ -423,7 +423,7 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
 
 #if (DEC_UNROLL == FULL)
 
-    state_in((cx->n_rnd & 1 ? b1 : b0), in_blk, kp); 
+    state_in((cx->n_rnd & 1 ? b1 : b0), in_blk, kp);
     kp = cx->k_sch + 9 * nc;
 
     switch(cx->n_rnd)
@@ -432,13 +432,13 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
     case 13:    round(inv_rnd,  b0, b1, kp + 3 * nc);
     case 12:    round(inv_rnd,  b1, b0, kp + 2 * nc);
     case 11:    round(inv_rnd,  b0, b1, kp +     nc);
-    case 10:    round(inv_rnd,  b1, b0, kp         );             
+    case 10:    round(inv_rnd,  b1, b0, kp         );
                 round(inv_rnd,  b0, b1, kp -     nc);
-                round(inv_rnd,  b1, b0, kp - 2 * nc); 
+                round(inv_rnd,  b1, b0, kp - 2 * nc);
                 round(inv_rnd,  b0, b1, kp - 3 * nc);
-                round(inv_rnd,  b1, b0, kp - 4 * nc); 
+                round(inv_rnd,  b1, b0, kp - 4 * nc);
                 round(inv_rnd,  b0, b1, kp - 5 * nc);
-                round(inv_rnd,  b1, b0, kp - 6 * nc); 
+                round(inv_rnd,  b1, b0, kp - 6 * nc);
                 round(inv_rnd,  b0, b1, kp - 7 * nc);
                 round(inv_rnd,  b1, b0, kp - 8 * nc);
                 round(inv_lrnd, b0, b1, kp - 9 * nc);
@@ -446,33 +446,33 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
 #else
     {   uint32_t    rnd;
 
-        state_in(b0, in_blk, kp); 
+        state_in(b0, in_blk, kp);
 
 #if (DEC_UNROLL == PARTIAL)
 
         for(rnd = 0; rnd < (cx->n_rnd - 1) >> 1; ++rnd)
         {
             kp -= nc;
-            round(inv_rnd, b1, b0, kp); 
+            round(inv_rnd, b1, b0, kp);
             kp -= nc;
-            round(inv_rnd, b0, b1, kp); 
+            round(inv_rnd, b0, b1, kp);
         }
 
-        if(cx->n_rnd & 1) 
+        if(cx->n_rnd & 1)
         {
             l_copy(b1, b0);
         }
         else
-        {       
+        {
             kp -= nc;
-            round(inv_rnd,  b1, b0, kp); 
+            round(inv_rnd,  b1, b0, kp);
         }
 #else
         for(rnd = 0; rnd < cx->n_rnd - 1; ++rnd)
         {
             kp -= nc;
-            round(inv_rnd, b1, b0, kp); 
-            l_copy(b0, b1); 
+            round(inv_rnd, b1, b0, kp);
+            l_copy(b0, b1);
         }
 #endif
         kp -= nc;
diff --git a/src/lib/crypto/builtin/aes/aescrypt.c b/src/lib/crypto/builtin/aes/aescrypt.c
index 9db66e284..2704b89cd 100644
--- a/src/lib/crypto/builtin/aes/aescrypt.c
+++ b/src/lib/crypto/builtin/aes/aescrypt.c
@@ -5,29 +5,29 @@
 
  LICENSE TERMS
 
- The free distribution and use of this software in both source and binary 
+ The free distribution and use of this software in both source and binary
  form is allowed (with or without changes) provided that:
 
-   1. distributions of this source code include the above copyright 
+   1. distributions of this source code include the above copyright
       notice, this list of conditions and the following disclaimer;
 
    2. distributions in binary form include the above copyright
       notice, this list of conditions and the following disclaimer
       in the documentation and/or other associated materials;
 
-   3. the copyright holder's name is not used to endorse products 
-      built using this software without specific written permission. 
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
 
  DISCLAIMER
 
  This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness 
+ in respect of any properties, including, but not limited to, correctness
  and fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 21/01/2002
 
  This file contains the code for implementing encryption and decryption
- for AES (Rijndael) for block and key sizes of 16, 24 and 32 bytes. It  
+ for AES (Rijndael) for block and key sizes of 16, 24 and 32 bytes. It
  can optionally be replaced by code written in assembler using NASM.
 */
 
@@ -35,7 +35,7 @@
 
 #if defined(BLOCK_SIZE) && (BLOCK_SIZE & 7)
 #error An illegal block size has been specified.
-#endif  
+#endif
 
 #define unused  77  /* Sunset Strip */
 
@@ -48,7 +48,7 @@
 #define locals(y,x)     x[4],y[4]
 #else
 #define locals(y,x)     x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
- /* 
+ /*
    the following defines prevent the compiler requiring the declaration
    of generated but unused variables in the fwd_var and inv_var macros
  */
@@ -162,18 +162,18 @@ switch(nc) \
 #if defined(ENCRYPTION)
 
 /* I am grateful to Frank Yellin for the following construction
-   (and that for decryption) which, given the column (c) of the 
-   output state variable, gives the input state variables which 
+   (and that for decryption) which, given the column (c) of the
+   output state variable, gives the input state variables which
    are needed in its computation for each row (r) of the state.
 
-   For the fixed block size options, compilers should be able to 
-   reduce this complex expression (and the equivalent one for 
-   decryption) to a static variable reference at compile time. 
+   For the fixed block size options, compilers should be able to
+   reduce this complex expression (and the equivalent one for
+   decryption) to a static variable reference at compile time.
    But for variable block size code, there will be some limbs on
    which conditional clauses will be returned.
 */
 
-/* y = output word, x = input word, r = row, c = column for r = 0, 
+/* y = output word, x = input word, r = row, c = column for r = 0,
    1, 2 and 3 = column accessed for row r.
 */
 
@@ -242,7 +242,7 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
 
     if(!(cx->n_blk & 1)) return aes_bad;
 
-    state_in(b0, in_blk, kp); 
+    state_in(b0, in_blk, kp);
 
 #if (ENC_UNROLL == FULL)
 
@@ -250,31 +250,31 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
 
     switch(cx->n_rnd)
     {
-    case 14:    round(fwd_rnd,  b1, b0, kp - 4 * nc); 
+    case 14:    round(fwd_rnd,  b1, b0, kp - 4 * nc);
                 round(fwd_rnd,  b0, b1, kp - 3 * nc);
-    case 12:    round(fwd_rnd,  b1, b0, kp - 2 * nc); 
+    case 12:    round(fwd_rnd,  b1, b0, kp - 2 * nc);
                 round(fwd_rnd,  b0, b1, kp -     nc);
-    case 10:    round(fwd_rnd,  b1, b0, kp         );             
+    case 10:    round(fwd_rnd,  b1, b0, kp         );
                 round(fwd_rnd,  b0, b1, kp +     nc);
-                round(fwd_rnd,  b1, b0, kp + 2 * nc); 
+                round(fwd_rnd,  b1, b0, kp + 2 * nc);
                 round(fwd_rnd,  b0, b1, kp + 3 * nc);
-                round(fwd_rnd,  b1, b0, kp + 4 * nc); 
+                round(fwd_rnd,  b1, b0, kp + 4 * nc);
                 round(fwd_rnd,  b0, b1, kp + 5 * nc);
-                round(fwd_rnd,  b1, b0, kp + 6 * nc); 
+                round(fwd_rnd,  b1, b0, kp + 6 * nc);
                 round(fwd_rnd,  b0, b1, kp + 7 * nc);
                 round(fwd_rnd,  b1, b0, kp + 8 * nc);
                 round(fwd_lrnd, b0, b1, kp + 9 * nc);
     }
 #else
-    
+
 #if (ENC_UNROLL == PARTIAL)
     {   uint32_t    rnd;
         for(rnd = 0; rnd < (cx->n_rnd >> 1) - 1; ++rnd)
         {
             kp += nc;
-            round(fwd_rnd, b1, b0, kp); 
+            round(fwd_rnd, b1, b0, kp);
             kp += nc;
-            round(fwd_rnd, b0, b1, kp); 
+            round(fwd_rnd, b0, b1, kp);
         }
         kp += nc;
         round(fwd_rnd,  b1, b0, kp);
@@ -283,7 +283,7 @@ aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
         for(rnd = 0; rnd < cx->n_rnd - 1; ++rnd)
         {
             kp += nc;
-            round(fwd_rnd, p1, p0, kp); 
+            round(fwd_rnd, p1, p0, kp);
             pt = p0, p0 = p1, p1 = pt;
         }
 #endif
@@ -376,27 +376,27 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
                 round(inv_rnd,  b0, b1, kp + 3 * nc);
     case 12:    round(inv_rnd,  b1, b0, kp + 2 * nc);
                 round(inv_rnd,  b0, b1, kp + nc    );
-    case 10:    round(inv_rnd,  b1, b0, kp         );             
+    case 10:    round(inv_rnd,  b1, b0, kp         );
                 round(inv_rnd,  b0, b1, kp -     nc);
-                round(inv_rnd,  b1, b0, kp - 2 * nc); 
+                round(inv_rnd,  b1, b0, kp - 2 * nc);
                 round(inv_rnd,  b0, b1, kp - 3 * nc);
-                round(inv_rnd,  b1, b0, kp - 4 * nc); 
+                round(inv_rnd,  b1, b0, kp - 4 * nc);
                 round(inv_rnd,  b0, b1, kp - 5 * nc);
-                round(inv_rnd,  b1, b0, kp - 6 * nc); 
+                round(inv_rnd,  b1, b0, kp - 6 * nc);
                 round(inv_rnd,  b0, b1, kp - 7 * nc);
                 round(inv_rnd,  b1, b0, kp - 8 * nc);
                 round(inv_lrnd, b0, b1, kp - 9 * nc);
     }
 #else
-    
+
 #if (DEC_UNROLL == PARTIAL)
     {   uint32_t    rnd;
         for(rnd = 0; rnd < (cx->n_rnd >> 1) - 1; ++rnd)
         {
-            kp -= nc; 
-            round(inv_rnd, b1, b0, kp); 
-            kp -= nc; 
-            round(inv_rnd, b0, b1, kp); 
+            kp -= nc;
+            round(inv_rnd, b1, b0, kp);
+            kp -= nc;
+            round(inv_rnd, b0, b1, kp);
         }
         kp -= nc;
         round(inv_rnd, b1, b0, kp);
@@ -405,7 +405,7 @@ aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], cons
         for(rnd = 0; rnd < cx->n_rnd - 1; ++rnd)
         {
             kp -= nc;
-            round(inv_rnd, p1, p0, kp); 
+            round(inv_rnd, p1, p0, kp);
             pt = p0, p0 = p1, p1 = pt;
         }
 #endif
diff --git a/src/lib/crypto/builtin/aes/aeskey.c b/src/lib/crypto/builtin/aes/aeskey.c
index 60f766b8a..36b6404b1 100644
--- a/src/lib/crypto/builtin/aes/aeskey.c
+++ b/src/lib/crypto/builtin/aes/aeskey.c
@@ -5,28 +5,28 @@
 
  LICENSE TERMS
 
- The free distribution and use of this software in both source and binary 
+ The free distribution and use of this software in both source and binary
  form is allowed (with or without changes) provided that:
 
-   1. distributions of this source code include the above copyright 
+   1. distributions of this source code include the above copyright
       notice, this list of conditions and the following disclaimer;
 
    2. distributions in binary form include the above copyright
       notice, this list of conditions and the following disclaimer
       in the documentation and/or other associated materials;
 
-   3. the copyright holder's name is not used to endorse products 
-      built using this software without specific written permission. 
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
 
  DISCLAIMER
 
  This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness 
+ in respect of any properties, including, but not limited to, correctness
  and fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 21/01/2002
 
- This file contains the code for implementing the key schedule for AES 
+ This file contains the code for implementing the key schedule for AES
  (Rijndael) for block and key sizes of 16, 24, and 32 bytes.
 */
 
@@ -34,10 +34,10 @@
 
 #if defined(BLOCK_SIZE) && (BLOCK_SIZE & 7)
 #error An illegal block size has been specified.
-#endif  
+#endif
 
 /* Subroutine to set the block size (if variable) in bytes, legal
-   values being 16, 24 and 32. 
+   values being 16, 24 and 32.
 */
 
 #if !defined(BLOCK_SIZE) && defined(SET_BLOCK_LENGTH)
@@ -48,8 +48,8 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1])
     if(!tab_init) gen_tabs();
 #endif
 
-    if((blen & 7) || blen < 16 || blen > 32) 
-    {     
+    if((blen & 7) || blen < 16 || blen > 32)
+    {
         cx->n_blk = 0; return aes_bad;
     }
 
@@ -64,10 +64,10 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1])
    This corresponds to bit lengths of 128, 192 and 256 bits, and
    to Nk values of 4, 6 and 8 respectively.
 
-   The following macros implement a single cycle in the key 
-   schedule generation process. The number of cycles needed 
+   The following macros implement a single cycle in the key
+   schedule generation process. The number of cycles needed
    for each cx->n_col and nk value is:
- 
+
     nk =             4  5  6  7  8
     ------------------------------
     cx->n_col = 4   10  9  8  7  7
@@ -110,7 +110,7 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1])
 }
 
 aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1])
-{   uint32_t    ss[8]; 
+{   uint32_t    ss[8];
 
 #if !defined(FIXED_TABLES)
     if(!tab_init) gen_tabs();
@@ -121,7 +121,7 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
 #else
     cx->n_blk = BLOCK_SIZE;
 #endif
-    
+
     cx->n_blk = (cx->n_blk & ~3U) | 1;
 
     cx->k_sch[0] = ss[0] = word_in(in_key     );
@@ -133,29 +133,29 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
 
     switch(klen)
     {
-    case 16:    ke4(cx->k_sch, 0); ke4(cx->k_sch, 1); 
+    case 16:    ke4(cx->k_sch, 0); ke4(cx->k_sch, 1);
                 ke4(cx->k_sch, 2); ke4(cx->k_sch, 3);
-                ke4(cx->k_sch, 4); ke4(cx->k_sch, 5); 
+                ke4(cx->k_sch, 4); ke4(cx->k_sch, 5);
                 ke4(cx->k_sch, 6); ke4(cx->k_sch, 7);
-                ke4(cx->k_sch, 8); kel4(cx->k_sch, 9); 
+                ke4(cx->k_sch, 8); kel4(cx->k_sch, 9);
                 cx->n_rnd = 10; break;
     case 24:    cx->k_sch[4] = ss[4] = word_in(in_key + 16);
                 cx->k_sch[5] = ss[5] = word_in(in_key + 20);
-                ke6(cx->k_sch, 0); ke6(cx->k_sch, 1); 
+                ke6(cx->k_sch, 0); ke6(cx->k_sch, 1);
                 ke6(cx->k_sch, 2); ke6(cx->k_sch, 3);
-                ke6(cx->k_sch, 4); ke6(cx->k_sch, 5); 
-                ke6(cx->k_sch, 6); kel6(cx->k_sch, 7); 
+                ke6(cx->k_sch, 4); ke6(cx->k_sch, 5);
+                ke6(cx->k_sch, 6); kel6(cx->k_sch, 7);
                 cx->n_rnd = 12; break;
     case 32:    cx->k_sch[4] = ss[4] = word_in(in_key + 16);
                 cx->k_sch[5] = ss[5] = word_in(in_key + 20);
                 cx->k_sch[6] = ss[6] = word_in(in_key + 24);
                 cx->k_sch[7] = ss[7] = word_in(in_key + 28);
-                ke8(cx->k_sch, 0); ke8(cx->k_sch, 1); 
+                ke8(cx->k_sch, 0); ke8(cx->k_sch, 1);
                 ke8(cx->k_sch, 2); ke8(cx->k_sch, 3);
-                ke8(cx->k_sch, 4); ke8(cx->k_sch, 5); 
-                kel8(cx->k_sch, 6); 
+                ke8(cx->k_sch, 4); ke8(cx->k_sch, 5);
+                kel8(cx->k_sch, 6);
                 cx->n_rnd = 14; break;
-    default:    cx->n_rnd = 0; return aes_bad; 
+    default:    cx->n_rnd = 0; return aes_bad;
     }
 #else
     {   uint32_t i, l;
@@ -179,7 +179,7 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
                     for(i = 0; i < l; ++i)
                         ke8(cx->k_sch,  i);
                     break;
-        default:    cx->n_rnd = 0; return aes_bad; 
+        default:    cx->n_rnd = 0; return aes_bad;
         }
     }
 #endif
@@ -277,7 +277,7 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
 }
 
 aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1])
-{   uint32_t    ss[8]; 
+{   uint32_t    ss[8];
     d_vars
 
 #if !defined(FIXED_TABLES)
@@ -301,20 +301,20 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
 
     switch(klen)
     {
-    case 16:    kdf4(cx->k_sch, 0); kd4(cx->k_sch, 1); 
+    case 16:    kdf4(cx->k_sch, 0); kd4(cx->k_sch, 1);
                 kd4(cx->k_sch, 2); kd4(cx->k_sch, 3);
-                kd4(cx->k_sch, 4); kd4(cx->k_sch, 5); 
+                kd4(cx->k_sch, 4); kd4(cx->k_sch, 5);
                 kd4(cx->k_sch, 6); kd4(cx->k_sch, 7);
-                kd4(cx->k_sch, 8); kdl4(cx->k_sch, 9); 
+                kd4(cx->k_sch, 8); kdl4(cx->k_sch, 9);
                 cx->n_rnd = 10; break;
     case 24:    ss[4] = word_in(in_key + 16);
 		cx->k_sch[4] = ff(ss[4]);
 		ss[5] = word_in(in_key + 20);
                 cx->k_sch[5] = ff(ss[5]);
-                kdf6(cx->k_sch, 0); kd6(cx->k_sch, 1); 
+                kdf6(cx->k_sch, 0); kd6(cx->k_sch, 1);
                 kd6(cx->k_sch, 2); kd6(cx->k_sch, 3);
-                kd6(cx->k_sch, 4); kd6(cx->k_sch, 5); 
-                kd6(cx->k_sch, 6); kdl6(cx->k_sch, 7); 
+                kd6(cx->k_sch, 4); kd6(cx->k_sch, 5);
+                kd6(cx->k_sch, 6); kdl6(cx->k_sch, 7);
                 cx->n_rnd = 12; break;
     case 32:    ss[4] = word_in(in_key + 16);
 		cx->k_sch[4] = ff(ss[4]);
@@ -324,12 +324,12 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
                 cx->k_sch[6] = ff(ss[6]);
 		ss[7] = word_in(in_key + 28);
                 cx->k_sch[7] = ff(ss[7]);
-                kdf8(cx->k_sch, 0); kd8(cx->k_sch, 1); 
+                kdf8(cx->k_sch, 0); kd8(cx->k_sch, 1);
                 kd8(cx->k_sch, 2); kd8(cx->k_sch, 3);
-                kd8(cx->k_sch, 4); kd8(cx->k_sch, 5); 
-                kdl8(cx->k_sch, 6); 
+                kd8(cx->k_sch, 4); kd8(cx->k_sch, 5);
+                kdl8(cx->k_sch, 6);
                 cx->n_rnd = 14; break;
-    default:    cx->n_rnd = 0; return aes_bad; 
+    default:    cx->n_rnd = 0; return aes_bad;
     }
 #else
     {   uint32_t i, l;
@@ -338,7 +338,7 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
 
         switch(klen)
         {
-        case 16: 
+        case 16:
                     for(i = 0; i < l; ++i)
                         ke4(cx->k_sch, i);
                     break;
@@ -354,7 +354,7 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
                     for(i = 0; i < l; ++i)
                         ke8(cx->k_sch,  i);
                     break;
-        default:    cx->n_rnd = 0; return aes_bad; 
+        default:    cx->n_rnd = 0; return aes_bad;
         }
 #if (DEC_ROUND != NO_TABLES)
         for(i = nc; i < nc * cx->n_rnd; ++i)
diff --git a/src/lib/crypto/builtin/aes/aeskeypp.c b/src/lib/crypto/builtin/aes/aeskeypp.c
index 89fd9006d..589d7a392 100644
--- a/src/lib/crypto/builtin/aes/aeskeypp.c
+++ b/src/lib/crypto/builtin/aes/aeskeypp.c
@@ -5,41 +5,41 @@
 
  LICENSE TERMS
 
- The free distribution and use of this software in both source and binary 
+ The free distribution and use of this software in both source and binary
  form is allowed (with or without changes) provided that:
 
-   1. distributions of this source code include the above copyright 
+   1. distributions of this source code include the above copyright
       notice, this list of conditions and the following disclaimer;
 
    2. distributions in binary form include the above copyright
       notice, this list of conditions and the following disclaimer
       in the documentation and/or other associated materials;
 
-   3. the copyright holder's name is not used to endorse products 
-      built using this software without specific written permission. 
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
 
  DISCLAIMER
 
  This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness 
+ in respect of any properties, including, but not limited to, correctness
  and fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 21/01/2002
 
- This file contains the code for implementing the key schedule for AES 
+ This file contains the code for implementing the key schedule for AES
  (Rijndael) for block and key sizes of 16, 20, 24, 28 and 32 bytes.
 */
 
 #include "aesopt.h"
 
 /* Subroutine to set the block size (if variable) in bytes, legal
-   values being 16, 24 and 32. 
+   values being 16, 24 and 32.
 */
 
 #if !defined(BLOCK_SIZE) && defined(SET_BLOCK_LENGTH)
 
 /* Subroutine to set the block size (if variable) in bytes, legal
-   values being 16, 24 and 32. 
+   values being 16, 24 and 32.
 */
 
 aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1])
@@ -48,8 +48,8 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1])
     if(!tab_init) gen_tabs();
 #endif
 
-    if((blen & 3) || blen < 16 || blen > 32) 
-    {     
+    if((blen & 3) || blen < 16 || blen > 32)
+    {
         cx->n_blk = 0; return aes_bad;
     }
 
@@ -64,10 +64,10 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1])
    This corresponds to bit lengths of 128, 192 and 256 bits, and
    to Nk values of 4, 6 and 8 respectively.
 
-   The following macros implement a single cycle in the key 
-   schedule generation process. The number of cycles needed 
+   The following macros implement a single cycle in the key
+   schedule generation process. The number of cycles needed
    for each cx->n_blk and nk value is:
- 
+
     nk =             4  5  6  7  8
     ------------------------------
     cx->n_blk = 4   10  9  8  7  7
@@ -78,7 +78,7 @@ aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1])
 */
 
 /* Initialise the key schedule from the user supplied key. The key
-   length is now specified in bytes - 16, 20, 24, 28 or 32 as 
+   length is now specified in bytes - 16, 20, 24, 28 or 32 as
    appropriate. This corresponds to bit lengths of 128, 160, 192,
    224 and 256 bits, and to Nk values of 4, 5, 6, 7 & 8 respectively.
  */
@@ -133,10 +133,10 @@ switch(nc) \
 
 #endif
 
-/*  The following macros implement a single cycle in the key 
-    schedule generation process. The number of cycles needed 
+/*  The following macros implement a single cycle in the key
+    schedule generation process. The number of cycles needed
     for each cx->n_blk and nk value is:
- 
+
     nk =      4  5  6  7  8
     -----------------------
     cx->n_blk = 4   10  9  8  7  7
@@ -229,30 +229,30 @@ aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
     {
     case 4: ks4(0); ks4(1); ks4(2); ks4(3);
             ks4(4); ks4(5); ks4(6); ks4(7);
-            ks4(8); ks4(9); 
+            ks4(8); ks4(9);
             cx->n_rnd = 10; break;
     case 5: cx->k_sch[4] = t = word_in(in_key + 16);
             ks5(0); ks5(1); ks5(2); ks5(3);
-            ks5(4); ks5(5); ks5(6); ks5(7); 
-            ks5(8);  
+            ks5(4); ks5(5); ks5(6); ks5(7);
+            ks5(8);
             cx->n_rnd = 11; break;
     case 6: cx->k_sch[4] = t = word_in(in_key + 16);
             cx->k_sch[5] = u = word_in(in_key + 20);
             ks6(0); ks6(1); ks6(2); ks6(3);
-            ks6(4); ks6(5); ks6(6); ks6(7); 
+            ks6(4); ks6(5); ks6(6); ks6(7);
             cx->n_rnd = 12; break;
     case 7: cx->k_sch[4] = t = word_in(in_key + 16);
             cx->k_sch[5] = u = word_in(in_key + 20);
             cx->k_sch[6] = v = word_in(in_key + 24);
             ks7(0); ks7(1); ks7(2); ks7(3);
-            ks7(4); ks7(5); ks7(6); 
+            ks7(4); ks7(5); ks7(6);
             cx->n_rnd = 13; break;
     case 8: cx->k_sch[4] = t = word_in(in_key + 16);
             cx->k_sch[5] = u = word_in(in_key + 20);
             cx->k_sch[6] = v = word_in(in_key + 24);
             cx->k_sch[7] = w = word_in(in_key + 28);
             ks8(0); ks8(1); ks8(2); ks8(3);
-            ks8(4); ks8(5); ks8(6); 
+            ks8(4); ks8(5); ks8(6);
             cx->n_rnd = 14; break;
     default:cx->n_rnd = 0; return aes_bad;
     }
@@ -326,30 +326,30 @@ aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx
     {
     case 4: ks4(0); ks4(1); ks4(2); ks4(3);
             ks4(4); ks4(5); ks4(6); ks4(7);
-            ks4(8); ks4(9); 
+            ks4(8); ks4(9);
             cx->n_rnd = 10; break;
     case 5: cx->k_sch[4] = t = word_in(in_key + 16);
             ks5(0); ks5(1); ks5(2); ks5(3);
-            ks5(4); ks5(5); ks5(6); ks5(7); 
-            ks5(8);  
+            ks5(4); ks5(5); ks5(6); ks5(7);
+            ks5(8);
             cx->n_rnd = 11; break;
     case 6: cx->k_sch[4] = t = word_in(in_key + 16);
             cx->k_sch[5] = u = word_in(in_key + 20);
             ks6(0); ks6(1); ks6(2); ks6(3);
-            ks6(4); ks6(5); ks6(6); ks6(7); 
+            ks6(4); ks6(5); ks6(6); ks6(7);
             cx->n_rnd = 12; break;
     case 7: cx->k_sch[4] = t = word_in(in_key + 16);
             cx->k_sch[5] = u = word_in(in_key + 20);
             cx->k_sch[6] = v = word_in(in_key + 24);
             ks7(0); ks7(1); ks7(2); ks7(3);
-            ks7(4); ks7(5); ks7(6); 
+            ks7(4); ks7(5); ks7(6);
             cx->n_rnd = 13; break;
     case 8: cx->k_sch[4] = t = word_in(in_key + 16);
             cx->k_sch[5] = u = word_in(in_key + 20);
             cx->k_sch[6] = v = word_in(in_key + 24);
             cx->k_sch[7] = w = word_in(in_key + 28);
             ks8(0); ks8(1); ks8(2); ks8(3);
-            ks8(4); ks8(5); ks8(6); 
+            ks8(4); ks8(5); ks8(6);
             cx->n_rnd = 14; break;
     default:cx->n_rnd = 0; return aes_bad;
     }
diff --git a/src/lib/crypto/builtin/aes/aesopt.h b/src/lib/crypto/builtin/aes/aesopt.h
index 006fbb3eb..ede89f653 100644
--- a/src/lib/crypto/builtin/aes/aesopt.h
+++ b/src/lib/crypto/builtin/aes/aesopt.h
@@ -5,48 +5,48 @@
 
  LICENSE TERMS
 
- The free distribution and use of this software in both source and binary 
+ The free distribution and use of this software in both source and binary
  form is allowed (with or without changes) provided that:
 
-   1. distributions of this source code include the above copyright 
+   1. distributions of this source code include the above copyright
       notice, this list of conditions and the following disclaimer;
 
    2. distributions in binary form include the above copyright
       notice, this list of conditions and the following disclaimer
       in the documentation and/or other associated materials;
 
-   3. the copyright holder's name is not used to endorse products 
-      built using this software without specific written permission. 
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
 
  DISCLAIMER
 
  This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness 
+ in respect of any properties, including, but not limited to, correctness
  and fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 07/02/2002
 
- This file contains the compilation options for AES (Rijndael) and code 
+ This file contains the compilation options for AES (Rijndael) and code
  that is common across encryption, key scheduling and table generation.
 
 
     OPERATION
- 
+
     These source code files implement the AES algorithm Rijndael designed by
-    Joan Daemen and Vincent Rijmen. The version in aes.c is designed for 
-    block and key sizes of 128, 192 and 256 bits (16, 24 and 32 bytes) while 
-    that in aespp.c provides for block and keys sizes of 128, 160, 192, 224 
-    and 256 bits (16, 20, 24, 28 and 32 bytes).  This file is a common header 
-    file for these two implementations and for aesref.c, which is a reference 
+    Joan Daemen and Vincent Rijmen. The version in aes.c is designed for
+    block and key sizes of 128, 192 and 256 bits (16, 24 and 32 bytes) while
+    that in aespp.c provides for block and keys sizes of 128, 160, 192, 224
+    and 256 bits (16, 20, 24, 28 and 32 bytes).  This file is a common header
+    file for these two implementations and for aesref.c, which is a reference
     implementation.
-    
+
     This version is designed for flexibility and speed using operations on
-    32-bit words rather than operations on bytes.  It provides aes_both fixed 
-    and  dynamic block and key lengths and can also run with either big or 
-    little endian internal byte order (see aes.h).  It inputs block and key 
-    lengths in bytes with the legal values being  16, 24 and 32 for aes.c and 
+    32-bit words rather than operations on bytes.  It provides aes_both fixed
+    and  dynamic block and key lengths and can also run with either big or
+    little endian internal byte order (see aes.h).  It inputs block and key
+    lengths in bytes with the legal values being  16, 24 and 32 for aes.c and
     16, 20, 24, 28 and 32 for aespp.c
- 
+
     THE CIPHER INTERFACE
 
     uint8_t         (an unsigned  8-bit type)
@@ -68,8 +68,8 @@
       aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]);
       aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]);
 
-    IMPORTANT NOTE: If you are using this C interface and your compiler does 
-    not set the memory used for objects to zero before use, you will need to 
+    IMPORTANT NOTE: If you are using this C interface and your compiler does
+    not set the memory used for objects to zero before use, you will need to
     ensure that cx.s_flg is set to zero before using these subroutine calls.
 
     C++ aes class subroutines:
@@ -86,21 +86,21 @@
       aes_rval blk(const unsigned char in_blk[], unsigned char out_blk[]);
 
     The block length inputs to set_block and set_key are in numbers of
-    BYTES, not bits.  The calls to subroutines must be made in the above 
+    BYTES, not bits.  The calls to subroutines must be made in the above
     order but multiple calls can be made without repeating earlier calls
     if their parameters have not changed. If the cipher block length is
     variable but set_blk has not been called before cipher operations a
-    value of 16 is assumed (that is, the AES block size). In contrast to 
+    value of 16 is assumed (that is, the AES block size). In contrast to
     earlier versions the block and key length parameters are now checked
-    for correctness and the encryption and decryption routines check to 
+    for correctness and the encryption and decryption routines check to
     ensure that an appropriate key has been set before they are called.
 
-    COMPILATION 
+    COMPILATION
 
     The files used to provide AES (Rijndael) are
 
     a. aes.h for the definitions needed for use in C.
-    b. aescpp.h for the definitions needed for use in C++. 
+    b. aescpp.h for the definitions needed for use in C++.
     c. aesopt.h for setting compilation options (also includes common
        code).
     d. aescrypt.c for encryption and decrytpion, or
@@ -113,7 +113,7 @@
     block and key lengths of 16, 24 and 32 bytes (128, 192 and 256 bits).
     If aescrypp.c and aeskeypp.c are used instead of aescrypt.c and
     aeskey.c respectively, the block and key lengths can then be 16, 20,
-    24, 28 or 32 bytes. However this code has not been optimised to the 
+    24, 28 or 32 bytes. However this code has not been optimised to the
     same extent and is hence slower (esepcially for the AES block size
     of 16 bytes).
 
@@ -124,23 +124,23 @@
     exclude the AES_DLL define in aes.h
 
     To compile AES (Rijndael) in C as a Dynamic Link Library DLL) use
-    aes.h, include the AES_DLL define and compile the DLL.  If using 
+    aes.h, include the AES_DLL define and compile the DLL.  If using
     the test files to test the DLL, exclude aes.c from the test build
-    project and compile it with the same defines as used for the DLL 
+    project and compile it with the same defines as used for the DLL
     (ensure that the DLL path is correct)
 
     CONFIGURATION OPTIONS (here and in aes.h)
 
-    a. define BLOCK_SIZE in aes.h to set the cipher block size (16, 24 
-       or 32 for the standard code, or 16, 20, 24, 28 or 32 for the 
-       extended code) or leave this undefined for dynamically variable 
+    a. define BLOCK_SIZE in aes.h to set the cipher block size (16, 24
+       or 32 for the standard code, or 16, 20, 24, 28 or 32 for the
+       extended code) or leave this undefined for dynamically variable
        block size (this will result in much slower code).
     b. set AES_DLL in aes.h if AES (Rijndael) is to be compiled as a DLL
-    c. You may need to set PLATFORM_BYTE_ORDER to define the byte order. 
+    c. You may need to set PLATFORM_BYTE_ORDER to define the byte order.
     d. If you want the code to run in a specific internal byte order, then
        INTERNAL_BYTE_ORDER must be set accordingly.
     e. set other configuration options decribed below.
-*/ 
+*/
 
 #ifndef _AESOPT_H
 #define _AESOPT_H
@@ -148,7 +148,7 @@
 /*  START OF CONFIGURATION OPTIONS
 
     USE OF DEFINES
-  
+
     Later in this section there are a number of defines that control
     the operation of the code.  In each section, the purpose of each
     define is explained so that the relevant form can be included or
@@ -199,11 +199,11 @@
 
 /*  2. BYTE ORDER IN 32-BIT WORDS
 
-    To obtain the highest speed on processors with 32-bit words, this code 
+    To obtain the highest speed on processors with 32-bit words, this code
     needs to determine the order in which bytes are packed into such words.
-    The following block of code is an attempt to capture the most obvious 
-    ways in which various environemnts specify heir endian definitions. It 
-    may well fail, in which case the definitions will need to be set by 
+    The following block of code is an attempt to capture the most obvious
+    ways in which various environemnts specify heir endian definitions. It
+    may well fail, in which case the definitions will need to be set by
     editing at the points marked **** EDIT HERE IF NECESSARY **** below.
 */
 #define AES_LITTLE_ENDIAN   1234 /* byte 0 is least significant (i386) */
@@ -219,7 +219,7 @@
 #        define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
 #      endif
 #    endif
-#  elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) 
+#  elif defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN)
 #    define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
 #  elif !defined(LITTLE_ENDIAN) && defined(BIG_ENDIAN)
 #    define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
@@ -233,7 +233,7 @@
 #        define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
 #      endif
 #    endif
-#  elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN) 
+#  elif defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
 #    define PLATFORM_BYTE_ORDER AES_LITTLE_ENDIAN
 #  elif !defined(_LITTLE_ENDIAN) && defined(_BIG_ENDIAN)
 #    define PLATFORM_BYTE_ORDER AES_BIG_ENDIAN
@@ -249,8 +249,8 @@
 #endif
 
 /*  3. ASSEMBLER SUPPORT
-    
-    If the assembler code is used for encryption and decryption this file only 
+
+    If the assembler code is used for encryption and decryption this file only
     provides key scheduling so the following defines are used
 */
 #ifdef  AES_ASM
@@ -298,27 +298,27 @@
 
 /*  5. BYTE ORDER WITHIN 32 BIT WORDS
 
-    The fundamental data processing units in Rijndael are 8-bit bytes. The 
-    input, output and key input are all enumerated arrays of bytes in which 
-    bytes are numbered starting at zero and increasing to one less than the 
-    number of bytes in the array in question. This enumeration is only used 
-    for naming bytes and does not imply any adjacency or order relationship 
-    from one byte to another. When these inputs and outputs are considered 
-    as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to 
-    byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte. 
-    In this implementation bits are numbered from 0 to 7 starting at the 
+    The fundamental data processing units in Rijndael are 8-bit bytes. The
+    input, output and key input are all enumerated arrays of bytes in which
+    bytes are numbered starting at zero and increasing to one less than the
+    number of bytes in the array in question. This enumeration is only used
+    for naming bytes and does not imply any adjacency or order relationship
+    from one byte to another. When these inputs and outputs are considered
+    as bit sequences, bits 8*n to 8*n+7 of the bit sequence are mapped to
+    byte[n] with bit 8n+i in the sequence mapped to bit 7-i within the byte.
+    In this implementation bits are numbered from 0 to 7 starting at the
     numerically least significant end of each byte (bit n represents 2^n).
 
-    However, Rijndael can be implemented more efficiently using 32-bit 
+    However, Rijndael can be implemented more efficiently using 32-bit
     words by packing bytes into words so that bytes 4*n to 4*n+3 are placed
-    into word[n]. While in principle these bytes can be assembled into words 
-    in any positions, this implementation only supports the two formats in 
+    into word[n]. While in principle these bytes can be assembled into words
+    in any positions, this implementation only supports the two formats in
     which bytes in adjacent positions within words also have adjacent byte
-    numbers. This order is called big-endian if the lowest numbered bytes 
-    in words have the highest numeric significance and little-endian if the 
-    opposite applies. 
-    
-    This code can work in either order irrespective of the order used by the 
+    numbers. This order is called big-endian if the lowest numbered bytes
+    in words have the highest numeric significance and little-endian if the
+    opposite applies.
+
+    This code can work in either order irrespective of the order used by the
     machine on which it runs. Normally the internal byte order will be set
     to the order of the processor on which the code is to be run but this
     define can be used to reverse this in special situations
@@ -331,20 +331,20 @@
 #define INTERNAL_BYTE_ORDER AES_BIG_ENDIAN
 #endif
 
-/*  6. FAST INPUT/OUTPUT OPERATIONS.  
+/*  6. FAST INPUT/OUTPUT OPERATIONS.
 
-    On some machines it is possible to improve speed by transferring the 
-    bytes in the input and output arrays to and from the internal 32-bit 
-    variables by addressing these arrays as if they are arrays of 32-bit 
-    words.  On some machines this will always be possible but there may 
-    be a large performance penalty if the byte arrays are not aligned on 
-    the normal word boundaries. On other machines this technique will 
+    On some machines it is possible to improve speed by transferring the
+    bytes in the input and output arrays to and from the internal 32-bit
+    variables by addressing these arrays as if they are arrays of 32-bit
+    words.  On some machines this will always be possible but there may
+    be a large performance penalty if the byte arrays are not aligned on
+    the normal word boundaries. On other machines this technique will
     lead to memory access errors when such 32-bit word accesses are not
-    properly aligned. The option SAFE_IO avoids such problems but will 
-    often be slower on those machines that support misaligned access 
-    (especially so if care is taken to align the input  and output byte 
-    arrays on 32-bit word boundaries). If SAFE_IO is not defined it is 
-    assumed that access to byte arrays as if they are arrays of 32-bit 
+    properly aligned. The option SAFE_IO avoids such problems but will
+    often be slower on those machines that support misaligned access
+    (especially so if care is taken to align the input  and output byte
+    arrays on 32-bit word boundaries). If SAFE_IO is not defined it is
+    assumed that access to byte arrays as if they are arrays of 32-bit
     words will not cause problems when such accesses are misaligned.
 */
 #if 1
@@ -363,12 +363,12 @@
 /*  7. LOOP UNROLLING
 
     The code for encryption and decrytpion cycles through a number of rounds
-    that can be implemented either in a loop or by expanding the code into a 
+    that can be implemented either in a loop or by expanding the code into a
     long sequence of instructions, the latter producing a larger program but
     one that will often be much faster. The latter is called loop unrolling.
     There are also potential speed advantages in expanding two iterations in
     a loop with half the number of iterations, which is called partial loop
-    unrolling.  The following options allow partial or full loop unrolling 
+    unrolling.  The following options allow partial or full loop unrolling
     to be set independently for encryption and decryption
 */
 #if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)
@@ -389,8 +389,8 @@
 
 /*  8. FIXED OR DYNAMIC TABLES
 
-    When this section is included the tables used by the code are compiled 
-    statically into the binary file.  Otherwise they are computed once when 
+    When this section is included the tables used by the code are compiled
+    statically into the binary file.  Otherwise they are computed once when
     the code is first used.
 */
 #if 1
@@ -399,7 +399,7 @@
 
 /*  9. FAST FINITE FIELD OPERATIONS
 
-    If this section is included, tables are used to provide faster finite 
+    If this section is included, tables are used to provide faster finite
     field arithmetic (this has no effect if FIXED_TABLES is defined).
 */
 #if 1
@@ -408,8 +408,8 @@
 
 /*  10. INTERNAL STATE VARIABLE FORMAT
 
-    The internal state of Rijndael is stored in a number of local 32-bit 
-    word varaibles which can be defined either as an array or as individual 
+    The internal state of Rijndael is stored in a number of local 32-bit
+    word varaibles which can be defined either as an array or as individual
     names variables. Include this section if you want to store these local
     varaibles in arrays. Otherwise individual local variables will be used.
 */
@@ -419,10 +419,10 @@
 
 /* In this implementation the columns of the state array are each held in
    32-bit words. The state array can be held in various ways: in an array
-   of words, in a number of individual word variables or in a number of 
+   of words, in a number of individual word variables or in a number of
    processor registers. The following define maps a variable name x and
    a column number c to the way the state array variable is to be held.
-   The first define below maps the state into an array x[c] whereas the 
+   The first define below maps the state into an array x[c] whereas the
    second form maps the state into a number of individual variables x0,
    x1, etc.  Another form could map individual state colums to machine
    register names.
@@ -448,16 +448,16 @@
 
     This cipher proceeds by repeating in a number of cycles known as 'rounds'
     which are implemented by a round function which can optionally be speeded
-    up using tables.  The basic tables are each 256 32-bit words, with either 
+    up using tables.  The basic tables are each 256 32-bit words, with either
     one or four tables being required for each round function depending on
     how much speed is required. The encryption and decryption round functions
     are different and the last encryption and decrytpion round functions are
     different again making four different round functions in all.
 
     This means that:
-      1. Normal encryption and decryption rounds can each use either 0, 1 
+      1. Normal encryption and decryption rounds can each use either 0, 1
          or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
-      2. The last encryption and decryption rounds can also use either 0, 1 
+      2. The last encryption and decryption rounds can also use either 0, 1
          or 4 tables and table spaces of 0, 1024 or 4096 bytes each.
 
     Include or exclude the appropriate definitions below to set the number
@@ -497,7 +497,7 @@
 #endif
 
 /*  The decryption key schedule can be speeded up with tables in the same
-    way that the round functions can.  Include or exclude the following 
+    way that the round functions can.  Include or exclude the following
     defines to set this requirement.
 */
 #if !defined(CONFIG_SMALL) || defined(CONFIG_SMALL_NO_CRYPTO)
@@ -519,7 +519,7 @@
 
 #if defined(BLOCK_SIZE) && ((BLOCK_SIZE & 3) || BLOCK_SIZE < 16 || BLOCK_SIZE > 32)
 #error An illegal block size has been specified.
-#endif  
+#endif
 
 #if !defined(BLOCK_SIZE)
 #define RC_LENGTH    29
@@ -534,7 +534,7 @@
 #define LAST_ENC_ROUND  NO_TABLES
 #elif ENC_ROUND == ONE_TABLE && LAST_ENC_ROUND == FOUR_TABLES
 #undef  LAST_ENC_ROUND
-#define LAST_ENC_ROUND  ONE_TABLE 
+#define LAST_ENC_ROUND  ONE_TABLE
 #endif
 
 #if ENC_ROUND == NO_TABLES && ENC_UNROLL != NONE
@@ -547,7 +547,7 @@
 #define LAST_DEC_ROUND  NO_TABLES
 #elif DEC_ROUND == ONE_TABLE && LAST_DEC_ROUND == FOUR_TABLES
 #undef  LAST_DEC_ROUND
-#define LAST_DEC_ROUND  ONE_TABLE 
+#define LAST_DEC_ROUND  ONE_TABLE
 #endif
 
 #if DEC_ROUND == NO_TABLES && DEC_UNROLL != NONE
@@ -560,7 +560,7 @@
  /*
    upr(x,n):  rotates bytes within words by n positions, moving bytes to
               higher index positions with wrap around into low positions
-   ups(x,n):  moves bytes by n positions to higher index positions in 
+   ups(x,n):  moves bytes by n positions to higher index positions in
               words but without wrap around
    bval(x,n): extracts a byte from a word
  */
@@ -602,7 +602,7 @@
 #if !defined(_MSC_VER)
 #define _lrotl(x,n)     (((x) <<  n) | ((x) >> (32 - n)))
 #endif
-#define bswap_32(x)     ((_lrotl((x),8) & 0x00ff00ff) | (_lrotl((x),24) & 0xff00ff00)) 
+#define bswap_32(x)     ((_lrotl((x),8) & 0x00ff00ff) | (_lrotl((x),24) & 0xff00ff00))
 #endif
 
 #define word_in(x)      bswap_32(*(uint32_t*)(x))
@@ -625,9 +625,9 @@
    give improved performance if a fast 32-bit multiply is not available. Note
    that a temporary variable u needs to be defined where FFmulX is used.
 
-#define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6)) 
+#define FFmulX(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
 #define m4  (0x01010101 * BPOLY)
-#define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4) 
+#define FFmulX(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
 */
 
 /* Work out which tables are needed for the different options   */
diff --git a/src/lib/crypto/builtin/aes/aestab.c b/src/lib/crypto/builtin/aes/aestab.c
index 7a5d69f7d..790288746 100644
--- a/src/lib/crypto/builtin/aes/aestab.c
+++ b/src/lib/crypto/builtin/aes/aestab.c
@@ -5,23 +5,23 @@
 
  LICENSE TERMS
 
- The free distribution and use of this software in both source and binary 
+ The free distribution and use of this software in both source and binary
  form is allowed (with or without changes) provided that:
 
-   1. distributions of this source code include the above copyright 
+   1. distributions of this source code include the above copyright
       notice, this list of conditions and the following disclaimer;
 
    2. distributions in binary form include the above copyright
       notice, this list of conditions and the following disclaimer
       in the documentation and/or other associated materials;
 
-   3. the copyright holder's name is not used to endorse products 
-      built using this software without specific written permission. 
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
 
  DISCLAIMER
 
  This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness 
+ in respect of any properties, including, but not limited to, correctness
  and fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 07/02/2002
@@ -29,7 +29,7 @@
 
 #include "aesopt.h"
 
-#if defined(FIXED_TABLES) || !defined(FF_TABLES) 
+#if defined(FIXED_TABLES) || !defined(FF_TABLES)
 
 /*  finite field arithmetic operations */
 
@@ -151,7 +151,7 @@
 
 #define h0(x)   (x)
 
-/*  These defines are used to ensure tables are generated in the 
+/*  These defines are used to ensure tables are generated in the
     right format depending on the internal byte order required
 */
 
@@ -209,7 +209,7 @@ const uint8_t inv_s_box[256] = { isb_data(h0) };
 const uint32_t ft_tab[256] = { sb_data(u0) };
 #endif
 #ifdef  FT4_SET
-const uint32_t ft_tab[4][256] = 
+const uint32_t ft_tab[4][256] =
     { {  sb_data(u0) }, {  sb_data(u1) }, {  sb_data(u2) }, {  sb_data(u3) } };
 #endif
 
@@ -217,7 +217,7 @@ const uint32_t ft_tab[4][256] =
 const uint32_t fl_tab[256] = { sb_data(w0) };
 #endif
 #ifdef  FL4_SET
-const uint32_t fl_tab[4][256] = 
+const uint32_t fl_tab[4][256] =
     { {  sb_data(w0) }, {  sb_data(w1) }, {  sb_data(w2) }, {  sb_data(w3) } };
 #endif
 
@@ -233,7 +233,7 @@ const uint32_t it_tab[4][256] =
 const uint32_t il_tab[256] = { isb_data(w0) };
 #endif
 #ifdef  IL4_SET
-const uint32_t il_tab[4][256] = 
+const uint32_t il_tab[4][256] =
     { { isb_data(w0) }, { isb_data(w1) }, { isb_data(w2) }, { isb_data(w3) } };
 #endif
 
@@ -249,7 +249,7 @@ const uint32_t ls_tab[4][256] =
 const uint32_t im_tab[256] = { mm_data(v0) };
 #endif
 #ifdef  IM4_SET
-const uint32_t im_tab[4][256] = 
+const uint32_t im_tab[4][256] =
     { {  mm_data(v0) }, {  mm_data(v1) }, {  mm_data(v2) }, {  mm_data(v3) } };
 #endif
 
@@ -314,8 +314,8 @@ uint32_t im_tab[4][256];
 
 /*  Generate the tables for the dynamic table option
 
-    It will generally be sensible to use tables to compute finite 
-    field multiplies and inverses but where memory is scarse this 
+    It will generally be sensible to use tables to compute finite
+    field multiplies and inverses but where memory is scarse this
     code might sometimes be better. But it only has effect during
     initialisation so its pretty unimportant in overall terms.
 */
@@ -327,7 +327,7 @@ uint32_t im_tab[4][256];
 
 static uint8_t hibit(const uint32_t x)
 {   uint8_t r = (uint8_t)((x >> 1) | (x >> 2));
-    
+
     r |= (r >> 2);
     r |= (r >> 4);
     return (r + 1) >> 1;
@@ -345,14 +345,14 @@ static uint8_t fi(const uint8_t x)
         if(!n1) return v1;
 
         while(n2 >= n1)
-        {   
+        {
             n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
         }
-        
+
         if(!n2) return v2;
 
         while(n1 >= n2)
-        {   
+        {
             n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
         }
     }
@@ -392,9 +392,9 @@ void gen_tabs(void)
         root is 0x03, used here to generate the tables
     */
 
-    i = 0; w = 1; 
+    i = 0; w = 1;
     do
-    {   
+    {
         pow[i] = (uint8_t)w;
         pow[i + 255] = (uint8_t)w;
         log[w] = (uint8_t)i++;
diff --git a/src/lib/crypto/builtin/aes/uitypes.h b/src/lib/crypto/builtin/aes/uitypes.h
index 3a7292183..fe8f9bacf 100644
--- a/src/lib/crypto/builtin/aes/uitypes.h
+++ b/src/lib/crypto/builtin/aes/uitypes.h
@@ -5,28 +5,28 @@
 
  LICENSE TERMS
 
- The free distribution and use of this software in both source and binary 
+ The free distribution and use of this software in both source and binary
  form is allowed (with or without changes) provided that:
 
-   1. distributions of this source code include the above copyright 
+   1. distributions of this source code include the above copyright
       notice, this list of conditions and the following disclaimer;
 
    2. distributions in binary form include the above copyright
       notice, this list of conditions and the following disclaimer
       in the documentation and/or other associated materials;
 
-   3. the copyright holder's name is not used to endorse products 
-      built using this software without specific written permission. 
+   3. the copyright holder's name is not used to endorse products
+      built using this software without specific written permission.
 
  DISCLAIMER
 
  This software is provided 'as is' with no explcit or implied warranties
- in respect of any properties, including, but not limited to, correctness 
+ in respect of any properties, including, but not limited to, correctness
  and fitness for purpose.
  -------------------------------------------------------------------------
  Issue Date: 01/02/2002
 
- This file contains code to obtain or set the definitions for fixed length 
+ This file contains code to obtain or set the definitions for fixed length
  unsigned integer types.
 */
 
diff --git a/src/lib/crypto/builtin/arcfour/arcfour.c b/src/lib/crypto/builtin/arcfour/arcfour.c
index ff2f4378c..1f49812eb 100644
--- a/src/lib/crypto/builtin/arcfour/arcfour.c
+++ b/src/lib/crypto/builtin/arcfour/arcfour.c
@@ -337,4 +337,3 @@ krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc,
   free(plaintext.data);
   return (ret);
 }
-
diff --git a/src/lib/crypto/builtin/arcfour/arcfour_aead.c b/src/lib/crypto/builtin/arcfour/arcfour_aead.c
index c01fc001b..7ede21d57 100644
--- a/src/lib/crypto/builtin/arcfour/arcfour_aead.c
+++ b/src/lib/crypto/builtin/arcfour/arcfour_aead.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -106,7 +106,7 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
      * Caller must have provided space for the header, padding
      * and trailer; per RFC 4757 we will arrange it as:
      *
-     *	    Checksum | E(Confounder | Plaintext) 
+     *	    Checksum | E(Confounder | Plaintext)
      */
 
     header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
@@ -246,7 +246,7 @@ krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead,
     trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
     if (trailer != NULL && trailer->data.length != 0)
 	return KRB5_BAD_MSIZE;
-    
+
     ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock);
     if (ret != 0)
 	goto cleanup;
@@ -334,4 +334,3 @@ const struct krb5_aead_provider krb5int_aead_arcfour = {
     krb5int_arcfour_encrypt_iov,
     krb5int_arcfour_decrypt_iov
 };
-
diff --git a/src/lib/crypto/builtin/arcfour/arcfour_s2k.c b/src/lib/crypto/builtin/arcfour/arcfour_s2k.c
index 09c9b7689..1aaaa1cc4 100644
--- a/src/lib/crypto/builtin/arcfour/arcfour_s2k.c
+++ b/src/lib/crypto/builtin/arcfour/arcfour_s2k.c
@@ -19,7 +19,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
 
   if (params != NULL)
       return KRB5_ERR_BAD_S2K_PARAMS;
-  
+
   if (key->length != 16)
     return (KRB5_BAD_MSIZE);
 
@@ -40,7 +40,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
   krb5int_MD4Final(&md4_context);
   memcpy(key->contents, md4_context.digest, 16);
 
-#if 0  
+#if 0
   /* test the string_to_key function */
   printf("Hash=");
   {
diff --git a/src/lib/crypto/builtin/des/afsstring2key.c b/src/lib/crypto/builtin/des/afsstring2key.c
index eb6c37f33..4b61a2fd4 100644
--- a/src/lib/crypto/builtin/des/afsstring2key.c
+++ b/src/lib/crypto/builtin/des/afsstring2key.c
@@ -1,7 +1,7 @@
 /*
  * lib/crypto/des/string2key.c
  *
- * based on lib/crypto/des/string2key.c from MIT V5 
+ * based on lib/crypto/des/string2key.c from MIT V5
  * and on lib/des/afs_string_to_key.c from UMD.
  * constructed by Mark Eichin, Cygnus Support, 1995.
  * made thread-safe by Ken Raeburn, MIT, 2001.
@@ -15,7 +15,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -33,14 +33,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -51,7 +51,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -72,10 +72,10 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
 		       const krb5_data *salt)
 {
   /* totally different approach from MIT string2key. */
-  /* much of the work has already been done by the only caller 
-     which is mit_des_string_to_key; in particular, *keyblock is already 
+  /* much of the work has already been done by the only caller
+     which is mit_des_string_to_key; in particular, *keyblock is already
      set up. */
-  
+
     char *realm = salt->data;
     unsigned int i, j;
     krb5_octet *key = keyblock->contents;
@@ -129,7 +129,7 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
 	if (isupper(password[i]))
 	  password[i] = tolower(password[i]);
       }
-	
+
       memcpy (ikey, "kerberos", sizeof(ikey));
       memcpy (tkey, ikey, sizeof(tkey));
       mit_des_fixup_key_parity (tkey);
@@ -140,13 +140,13 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
       mit_des_fixup_key_parity (tkey);
       (void) mit_des_key_sched (tkey, key_sked);
       (void) mit_des_cbc_cksum (password, key, i, key_sked, ikey);
-	
+
       /* erase key_sked */
       memset(key_sked, 0,sizeof(key_sked));
 
       /* now fix up key parity again */
       mit_des_fixup_key_parity(key);
-      
+
       /* clean & free the input string */
       memset(password, 0, (size_t) pw_len);
       free(password);
@@ -162,7 +162,7 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
 /* Portions of this code:
    Copyright 1989 by the Massachusetts Institute of Technology
    */
- 
+
 /*
  * Copyright (c) 1990 Regents of The University of Michigan.
  * All Rights Reserved.
@@ -201,7 +201,7 @@ static const char	IP[] = {
 	61,53,45,37,29,21,13, 5,
 	63,55,47,39,31,23,15, 7,
 };
- 
+
 /*
  * Final permutation, FP = IP^(-1)
  */
@@ -215,7 +215,7 @@ static const char	FP[] = {
 	34, 2,42,10,50,18,58,26,
 	33, 1,41, 9,49,17,57,25,
 };
- 
+
 /*
  * Permuted-choice 1 from the key bits to yield C and D.
  * Note that bits 8,16... are left out: They are intended for a parity check.
@@ -226,21 +226,21 @@ static const char	PC1_C[] = {
 	10, 2,59,51,43,35,27,
 	19,11, 3,60,52,44,36,
 };
- 
+
 static const char	PC1_D[] = {
 	63,55,47,39,31,23,15,
 	 7,62,54,46,38,30,22,
 	14, 6,61,53,45,37,29,
 	21,13, 5,28,20,12, 4,
 };
- 
+
 /*
  * Sequence of shifts used for the key schedule.
  */
 static const char	shifts[] = {
 	1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
 };
- 
+
 /*
  * Permuted-choice 2, to pick out the bits from
  * the CD array that generate the key schedule.
@@ -251,14 +251,14 @@ static const char	PC2_C[] = {
 	23,19,12, 4,26, 8,
 	16, 7,27,20,13, 2,
 };
- 
+
 static const char	PC2_D[] = {
 	41,52,31,37,47,55,
 	30,40,51,45,33,48,
 	44,49,39,56,34,53,
 	46,42,50,36,29,32,
 };
- 
+
 /*
  * The E bit-selection table.
  */
@@ -272,7 +272,7 @@ static const char	e[] = {
 	24,25,26,27,28,29,
 	28,29,30,31,32, 1,
 };
- 
+
 /*
  * P is a permutation on the selected combination
  * of the current L and key.
@@ -287,7 +287,7 @@ static const char	P[] = {
 	19,13,30, 6,
 	22,11, 4,25,
 };
- 
+
 /*
  * The 8 selection functions.
  * For some reason, they give a 0-origin
@@ -298,44 +298,44 @@ static const char	S[8][64] = {
 	  0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
 	  4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
 	 15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13},
- 
+
 	{15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
 	  3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
 	  0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
 	 13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9},
- 
+
 	{10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
 	 13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
 	 13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
 	  1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12},
- 
+
 	{ 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
 	 13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
 	 10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
 	  3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14},
- 
+
 	{ 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
 	 14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
 	  4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
 	 11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3},
- 
+
 	{12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
 	 10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
 	  9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
 	  4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13},
- 
+
 	{ 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
 	 13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
 	  1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
 	  6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12},
- 
+
 	{13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
 	  1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
 	  7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
 	  2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11},
 };
- 
- 
+
+
 char *afs_crypt(const char *pw, const char *salt,
 		/* must be at least 16 bytes */
 		char *iobuf)
@@ -349,7 +349,7 @@ char *afs_crypt(const char *pw, const char *salt,
 	 * Generated from the key.
 	 */
 	char KS[16][48];
- 
+
 	for(i=0; i<66; i++)
 		block[i] = 0;
 	for(i=0; (c= *pw) && i<64; pw++){
@@ -357,7 +357,7 @@ char *afs_crypt(const char *pw, const char *salt,
 			block[i] = (c>>(6-j)) & 01;
 		i++;
 	}
-	
+
 	krb5_afs_crypt_setkey(block, E, KS);
 
 	for(i=0; i<66; i++)
@@ -377,10 +377,10 @@ char *afs_crypt(const char *pw, const char *salt,
 				}
 			}
 		}
-	
+
 	for(i=0; i<25; i++)
 		krb5_afs_encrypt(block,E,KS);
-	
+
 	for(i=0; i<11; i++){
 		c = 0;
 		for(j=0; j<6; j++){
@@ -401,7 +401,7 @@ char *afs_crypt(const char *pw, const char *salt,
 /*
  * Set up the key schedule from the key.
  */
- 
+
 static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48])
 {
 	register int i, j, k;
@@ -410,7 +410,7 @@ static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48])
 	 * The C and D arrays used to calculate the key schedule.
 	 */
 	char C[28], D[28];
- 
+
 	/*
 	 * First, generate C and D by permuting
 	 * the key.  The low order bit of each
@@ -448,7 +448,7 @@ static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48])
 			KS[i][j+24] = D[PC2_D[j]-28-1];
 		}
 	}
- 
+
 #if 0
 	for(i=0;i<48;i++) {
 		E[i] = e[i];
@@ -457,11 +457,11 @@ static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48])
 	memcpy(E, e, 48);
 #endif
 }
- 
+
 /*
  * The payoff: encrypt a block.
  */
- 
+
 static void krb5_afs_encrypt(char *block, char *E, char (*KS)[48])
 {
 	const long edflag = 0;
diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c
index 22452837e..3eb942256 100644
--- a/src/lib/crypto/builtin/des/d3_aead.c
+++ b/src/lib/crypto/builtin/des/d3_aead.c
@@ -7,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/builtin/des/d3_cbc.c b/src/lib/crypto/builtin/des/d3_cbc.c
index 077e78d2c..f90d8e5b5 100644
--- a/src/lib/crypto/builtin/des/d3_cbc.c
+++ b/src/lib/crypto/builtin/des/d3_cbc.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/builtin/des/d3_kysched.c b/src/lib/crypto/builtin/des/d3_kysched.c
index f18cc2419..2a9cc5a2d 100644
--- a/src/lib/crypto/builtin/des/d3_kysched.c
+++ b/src/lib/crypto/builtin/des/d3_kysched.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h
index fd2024a45..d6fa04aa5 100644
--- a/src/lib/crypto/builtin/des/des_int.h
+++ b/src/lib/crypto/builtin/des/des_int.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +22,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Private include file for the Data Encryption Standard library.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +47,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -112,7 +112,7 @@ KRB5INT_DES_DEPRECATED;
  * have an exact 32-bit int, and nothing should be looking inside a
  * des_key_schedule anyway.
  */
-typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16] 
+typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16]
 KRB5INT_DES_DEPRECATED;
 
 typedef des_cblock mit_des_cblock;
@@ -176,7 +176,7 @@ extern int mit_des_cbc_encrypt (const mit_des_cblock *in,
 				unsigned long length,
 				const mit_des_key_schedule schedule,
 				const mit_des_cblock ivec, int enc);
-    
+
 #define mit_des_zeroblock krb5int_c_mit_des_zeroblock
 extern const mit_des_cblock mit_des_zeroblock;
 
@@ -214,7 +214,7 @@ extern krb5_error_code mit_des_random_key
 
 /* string2key.c */
 extern krb5_error_code mit_des_string_to_key
-    ( const krb5_encrypt_block *, 
+    ( const krb5_encrypt_block *,
 	       krb5_keyblock *, const krb5_data *, const krb5_data *);
 extern krb5_error_code mit_des_string_to_key_int
 	(krb5_keyblock *, const krb5_data *, const krb5_data *);
diff --git a/src/lib/crypto/builtin/des/destest.c b/src/lib/crypto/builtin/des/destest.c
index ef8785838..287a4e93d 100644
--- a/src/lib/crypto/builtin/des/destest.c
+++ b/src/lib/crypto/builtin/des/destest.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Test a DES implementation against known inputs & outputs
  */
@@ -30,14 +30,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -48,7 +48,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -101,7 +101,7 @@ main(argc, argv)
 			    sched, zeroblock, 1);
 
 	if (memcmp((char *)output2, (char *)output, 8)) {
-	    fprintf(stderr, 
+	    fprintf(stderr,
 		    "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n",
 		    block1, block2, block3,
 		    output2[0],output2[1],output2[2],output2[3],
@@ -116,7 +116,7 @@ main(argc, argv)
 			    sched, zeroblock, 0);
 
 	if (memcmp((char *)output2, (char *)input, 8)) {
-	    fprintf(stderr, 
+	    fprintf(stderr,
 		    "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n",
 		    block1, block2, block3,
 		    output2[0],output2[1],output2[2],output2[3],
@@ -127,7 +127,7 @@ main(argc, argv)
 	num++;
     }
 
-    if (error) 
+    if (error)
 	printf("destest: failed to pass the test\n");
     else
 	printf("destest: %d tests passed successfully\n", num);
@@ -217,13 +217,13 @@ mit_des_check_key_parity(key)
      register mit_des_cblock key;
 {
     int i;
-    
+
     for (i=0; i<sizeof(mit_des_cblock); i++) {
 	if ((key[i] & 1) == parity_char(0xfe&key[i])) {
 	    printf("warning: bad parity key:");
-	    des_cblock_print_file(key, stdout); 
+	    des_cblock_print_file(key, stdout);
 	    putchar('\n');
-	      
+
 	    return 1;
 	}
     }
@@ -236,11 +236,11 @@ mit_des_fixup_key_parity(key)
      register mit_des_cblock key;
 {
     int i;
-    for (i=0; i<sizeof(mit_des_cblock); i++) 
+    for (i=0; i<sizeof(mit_des_cblock); i++)
       {
 	key[i] &= 0xfe;
 	key[i] |= 1^parity_char(key[i]);
       }
-  
+
     return;
 }
diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c
index 170482c93..328d20af4 100644
--- a/src/lib/crypto/builtin/des/f_aead.c
+++ b/src/lib/crypto/builtin/des/f_aead.c
@@ -7,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/builtin/des/f_parity.c b/src/lib/crypto/builtin/des/f_parity.c
index 426386303..846c8216d 100644
--- a/src/lib/crypto/builtin/des/f_parity.c
+++ b/src/lib/crypto/builtin/des/f_parity.c
@@ -24,12 +24,12 @@ void
 mit_des_fixup_key_parity(mit_des_cblock key)
 {
     unsigned int i;
-    for (i=0; i<sizeof(mit_des_cblock); i++) 
+    for (i=0; i<sizeof(mit_des_cblock); i++)
       {
 	key[i] &= 0xfe;
 	key[i] |= 1^parity_char(key[i]);
       }
-  
+
     return;
 }
 
@@ -42,10 +42,10 @@ int
 mit_des_check_key_parity(mit_des_cblock key)
 {
     unsigned int i;
-    
-    for (i=0; i<sizeof(mit_des_cblock); i++) 
+
+    for (i=0; i<sizeof(mit_des_cblock); i++)
       {
-	if((key[i] & 1) == parity_char(0xfe&key[i])) 
+	if((key[i] & 1) == parity_char(0xfe&key[i]))
 	  {
 	    return 0;
 	  }
@@ -53,4 +53,3 @@ mit_des_check_key_parity(mit_des_cblock key)
 
     return(1);
 }
-
diff --git a/src/lib/crypto/builtin/des/f_sched.c b/src/lib/crypto/builtin/des/f_sched.c
index ece48ef18..cb0a6bb96 100644
--- a/src/lib/crypto/builtin/des/f_sched.c
+++ b/src/lib/crypto/builtin/des/f_sched.c
@@ -343,7 +343,7 @@ mit_des_make_key_sched(mit_des_cblock key, mit_des_key_schedule schedule)
 			     | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)]
 			     | PC2_D[2][((d >>  7) & 0x3f)]
 			     | PC2_D[3][((d      ) & 0x3) | ((d >>  1) & 0x3c)];
-			
+
 			/*
 			 * Make up two words of the key schedule, with a
 			 * byte order which is convenient for the DES
diff --git a/src/lib/crypto/builtin/des/key_sched.c b/src/lib/crypto/builtin/des/key_sched.c
index 26449a94c..dc6f3490f 100644
--- a/src/lib/crypto/builtin/des/key_sched.c
+++ b/src/lib/crypto/builtin/des/key_sched.c
@@ -9,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -23,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * This routine computes the DES key schedule given a key.  The
  * permutations and shifts have been done at compile time, resulting
diff --git a/src/lib/crypto/builtin/des/string2key.c b/src/lib/crypto/builtin/des/string2key.c
index 0ce413685..c817806fa 100644
--- a/src/lib/crypto/builtin/des/string2key.c
+++ b/src/lib/crypto/builtin/des/string2key.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Compute encryption key from salt and pass phrase.
  */
diff --git a/src/lib/crypto/builtin/des/t_verify.c b/src/lib/crypto/builtin/des/t_verify.c
index a6ad07cb8..6c1f17b50 100644
--- a/src/lib/crypto/builtin/des/t_verify.c
+++ b/src/lib/crypto/builtin/des/t_verify.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Program to test the correctness of the DES library
  * implementation.
@@ -33,14 +33,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -51,7 +51,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -118,7 +118,7 @@ unsigned char mresult[8] = {
     0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96
 };
 
-    
+
 /*
  * Can also add :
  * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?)
@@ -237,7 +237,7 @@ main(argc,argv)
 	    printf("verify: error in ECB encryption\n");
 	    exit(-1);
 	}
-	else 
+	else
 	    printf("verify: ECB encryption is correct\n\n");
     }
 
@@ -261,7 +261,7 @@ main(argc,argv)
 	    printf("verify: error in ECB encryption\n");
 	    exit(-1);
 	}
-	else 
+	else
 	    printf("verify: ECB encryption is correct\n\n");
     }
 
@@ -277,7 +277,7 @@ main(argc,argv)
     in_length =  strlen((char *)input);
     if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input,
 				      (mit_des_cblock *) cipher_text,
-				      (size_t) in_length, 
+				      (size_t) in_length,
 				      sched,
 				      ivec,
 				      MIT_DES_ENCRYPT))) {
@@ -294,7 +294,7 @@ main(argc,argv)
     }
     if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text,
 				      (mit_des_cblock *) clear_text,
-				      (size_t) in_length, 
+				      (size_t) in_length,
 				      sched,
 				      ivec,
 				      MIT_DES_DECRYPT))) {
@@ -307,7 +307,7 @@ main(argc,argv)
 	printf("verify: error in CBC encryption\n");
 	exit(-1);
     }
-    else 
+    else
 	printf("verify: CBC encryption is correct\n\n");
 
     printf("EXAMPLE CBC checksum");
@@ -327,7 +327,7 @@ main(argc,argv)
 	printf("verify: error in CBC cheksum\n");
 	exit(-1);
     }
-    else 
+    else
 	printf("verify: CBC checksum is correct\n\n");
 
     exit(0);
diff --git a/src/lib/crypto/builtin/des/weak_key.c b/src/lib/crypto/builtin/des/weak_key.c
index 2eab9f543..7086789cf 100644
--- a/src/lib/crypto/builtin/des/weak_key.c
+++ b/src/lib/crypto/builtin/des/weak_key.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Under U.S. law, this software may not be exported outside the US
  * without license from the U.S. Commerce department.
diff --git a/src/lib/crypto/builtin/enc_provider/aes.c b/src/lib/crypto/builtin/enc_provider/aes.c
index 52fb2259d..b735cc98e 100644
--- a/src/lib/crypto/builtin/enc_provider/aes.c
+++ b/src/lib/crypto/builtin/enc_provider/aes.c
@@ -403,4 +403,3 @@ const struct krb5_enc_provider krb5int_enc_aes256 = {
     krb5int_aes_encrypt_iov,
     krb5int_aes_decrypt_iov
 };
-
diff --git a/src/lib/crypto/builtin/enc_provider/des.c b/src/lib/crypto/builtin/enc_provider/des.c
index d73a1d290..f531c061f 100644
--- a/src/lib/crypto/builtin/enc_provider/des.c
+++ b/src/lib/crypto/builtin/enc_provider/des.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c
index eae504b8c..c73163988 100644
--- a/src/lib/crypto/builtin/enc_provider/des3.c
+++ b/src/lib/crypto/builtin/enc_provider/des3.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -187,4 +187,3 @@ const struct krb5_enc_provider krb5int_enc_des3 = {
     k5_des3_encrypt_iov,
     k5_des3_decrypt_iov
 };
-
diff --git a/src/lib/crypto/builtin/enc_provider/enc_provider.h b/src/lib/crypto/builtin/enc_provider/enc_provider.h
index 92022b3c8..49ffaafea 100644
--- a/src/lib/crypto/builtin/enc_provider/enc_provider.h
+++ b/src/lib/crypto/builtin/enc_provider/enc_provider.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -33,4 +33,3 @@ extern const struct krb5_enc_provider krb5int_enc_aes128;
 extern const struct krb5_enc_provider krb5int_enc_aes256;
 extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
 extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
-
diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c
index 47c131da4..3c3e0f131 100644
--- a/src/lib/crypto/builtin/enc_provider/rc4.c
+++ b/src/lib/crypto/builtin/enc_provider/rc4.c
@@ -1,4 +1,4 @@
-/* arcfour.c 
+/* arcfour.c
  *
  * Copyright (c) 2000 by Computer Science Laboratory,
  *                       Rensselaer Polytechnic Institute
@@ -20,11 +20,11 @@ static unsigned int k5_arcfour_byte(ArcfourContext *);
 #endif /* gcc inlines*/
 
 /* Initializes the context and sets the key. */
-static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, 
+static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
 		  unsigned int keylen);
 
 /* Encrypts/decrypts data. */
-static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, 
+static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
 		     const unsigned char *src, unsigned int len);
 
 /* Interface layer to kerb5 crypto layer */
@@ -61,7 +61,7 @@ static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx)
   return state[(sx + sy) & 0xff];
 }
 
-static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, 
+static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
 		     const unsigned char *src, unsigned int len)
 {
   unsigned int i;
@@ -71,7 +71,7 @@ static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
 
 
 static krb5_error_code
-k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, 
+k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
 		  unsigned int key_len)
 {
   unsigned int t, u;
@@ -153,7 +153,7 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state,
     memset(arcfour_ctx, 0, sizeof (ArcfourContext));
     free(arcfour_ctx);
   }
-  
+
   return 0;
 }
 
@@ -234,7 +234,7 @@ k5_arcfour_init_state (const krb5_keyblock *key,
   return 0;
 }
 
-/* Since the arcfour cipher is identical going forwards and backwards, 
+/* Since the arcfour cipher is identical going forwards and backwards,
    we just call "docrypt" directly
 */
 const struct krb5_enc_provider krb5int_enc_arcfour = {
@@ -254,4 +254,3 @@ const struct krb5_enc_provider krb5int_enc_arcfour = {
     k5_arcfour_docrypt_iov,
     k5_arcfour_docrypt_iov
 };
-
diff --git a/src/lib/crypto/builtin/hash_provider/hash_crc32.c b/src/lib/crypto/builtin/hash_provider/hash_crc32.c
index 780e1589d..771a7d6f3 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_crc32.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_crc32.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -34,7 +34,7 @@ k5_crc32_hash(unsigned int icount, const krb5_data *input,
 {
     unsigned long c, cn;
     unsigned int i;
-    
+
     if (output->length != CRC32_CKSUM_LENGTH)
 	return(KRB5_CRYPTO_INTERNAL);
 
diff --git a/src/lib/crypto/builtin/hash_provider/hash_md4.c b/src/lib/crypto/builtin/hash_provider/hash_md4.c
index 3a4a4d530..916da0fa5 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_md4.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_md4.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/builtin/hash_provider/hash_md5.c b/src/lib/crypto/builtin/hash_provider/hash_md5.c
index 10840d0d9..e1e29f06e 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_md5.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_md5.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/builtin/hash_provider/hash_provider.h b/src/lib/crypto/builtin/hash_provider/hash_provider.h
index 4fa46097d..1023d1a45 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_provider.h
+++ b/src/lib/crypto/builtin/hash_provider/hash_provider.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/builtin/hash_provider/hash_sha1.c b/src/lib/crypto/builtin/hash_provider/hash_sha1.c
index 00ab72bda..1f1fc62bd 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_sha1.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_sha1.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/builtin/hmac.c b/src/lib/crypto/builtin/hmac.c
index d1be17e9c..3e58a5998 100644
--- a/src/lib/crypto/builtin/hmac.c
+++ b/src/lib/crypto/builtin/hmac.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -98,7 +98,7 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
 
     hashin[0].length = blocksize;
     hashin[0].data = (char *) xorkey;
-    for (i=0; i<icount; i++) 
+    for (i=0; i<icount; i++)
         hashin[i+1] = input[i];
 
     hashout.length = hashsize;
diff --git a/src/lib/crypto/builtin/md4/rsa-md4.h b/src/lib/crypto/builtin/md4/rsa-md4.h
index f4272d5ff..2f59220b9 100644
--- a/src/lib/crypto/builtin/md4/rsa-md4.h
+++ b/src/lib/crypto/builtin/md4/rsa-md4.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * RSA MD4 header file, with Kerberos/STDC additions.
  */
diff --git a/src/lib/crypto/builtin/md5/md5.c b/src/lib/crypto/builtin/md5/md5.c
index 8f04be426..76f8fa2f2 100644
--- a/src/lib/crypto/builtin/md5/md5.c
+++ b/src/lib/crypto/builtin/md5/md5.c
@@ -106,7 +106,7 @@ static const unsigned char PADDING[64] = {
 /* The routine krb5int_MD5Init initializes the message-digest context
    mdContext. All fields are set to zero.
  */
-void 
+void
 krb5int_MD5Init (krb5_MD5_CTX *mdContext)
 {
   mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
diff --git a/src/lib/crypto/builtin/pbkdf2.c b/src/lib/crypto/builtin/pbkdf2.c
index 96409ba28..7b45fe8b0 100644
--- a/src/lib/crypto/builtin/pbkdf2.c
+++ b/src/lib/crypto/builtin/pbkdf2.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Implementation of PBKDF2 from RFC 2898.
  */
diff --git a/src/lib/crypto/builtin/sha1/t_shs3.c b/src/lib/crypto/builtin/sha1/t_shs3.c
index 96b36a76e..cf9787eda 100644
--- a/src/lib/crypto/builtin/sha1/t_shs3.c
+++ b/src/lib/crypto/builtin/sha1/t_shs3.c
@@ -43,7 +43,7 @@ static void longReverse( SHS_LONG *buffer, int byteCount )
     byteCount /= sizeof( SHS_LONG );
     while( byteCount-- ) {
         value = *buffer;
-        value = ( ( value & 0xFF00FF00L ) >> 8  ) | 
+        value = ( ( value & 0xFF00FF00L ) >> 8  ) |
                 ( ( value & 0x00FF00FFL ) << 8 );
         *buffer++ = ( value << 16 ) | ( value >> 16 );
     }
diff --git a/src/lib/crypto/builtin/t_cf2.c b/src/lib/crypto/builtin/t_cf2.c
index 2e171c275..0c968ea84 100644
--- a/src/lib/crypto/builtin/t_cf2.c
+++ b/src/lib/crypto/builtin/t_cf2.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * This file contains tests for theKRB-FX-CF2 code in Kerberos, based
  *on the PRF regression tests.  It reads an input file, and writes an
  *output file.  It is assumed that the output file will be diffed
@@ -77,7 +77,7 @@ int main () {
 
     krb5_free_keyblock(0,out);
     out = NULL;
-	  
+
     krb5_free_keyblock(0, k1);
     k1 = NULL;
     krb5_free_keyblock(0, k2);
diff --git a/src/lib/crypto/crypto_tests/aes-test.c b/src/lib/crypto/crypto_tests/aes-test.c
index 8999bd757..3ccacd858 100644
--- a/src/lib/crypto/crypto_tests/aes-test.c
+++ b/src/lib/crypto/crypto_tests/aes-test.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Subset of NIST tests for AES; specifically, the variable-key and
  * variable-text tests for 128- and 256-bit keys.
diff --git a/src/lib/crypto/crypto_tests/t_crc.c b/src/lib/crypto/crypto_tests/t_crc.c
index e8a353a0b..cf837f8dd 100644
--- a/src/lib/crypto/crypto_tests/t_crc.c
+++ b/src/lib/crypto/crypto_tests/t_crc.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/crypto_tests/t_cts.c b/src/lib/crypto/crypto_tests/t_cts.c
index 596ca3b7d..d948532cb 100644
--- a/src/lib/crypto/crypto_tests/t_cts.c
+++ b/src/lib/crypto/crypto_tests/t_cts.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Test vectors for crypto code, matching data submitted for inclusion
  * with RFC1510bis.
diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c
index aac31fb21..5615bc8d7 100644
--- a/src/lib/crypto/crypto_tests/t_encrypt.c
+++ b/src/lib/crypto/crypto_tests/t_encrypt.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,11 +22,11 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * <<< Description >>>
  */
-/* 
+/*
  * Some black-box tests of crypto systems.  Make sure that we can decrypt things we encrypt, etc.
  */
 
@@ -125,7 +125,7 @@ main ()
 
     enc_out.ciphertext = out;
     enc_out2.ciphertext = out2;
-    /* We use an intermediate `len' because size_t may be different size 
+    /* We use an intermediate `len' because size_t may be different size
        than `int' */
     krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
     enc_out.ciphertext.length = len;
@@ -200,7 +200,7 @@ main ()
 	     krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
 	test("Comparing results",
 	     compare_results(&in, &iov[1].data));
-		       
+
 	/* Try again with opaque-key-using variants. */
 	test("iov encrypting (k)",
 	     krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
@@ -261,5 +261,3 @@ main ()
   free(check2.data);
   return 0;
 }
-
-	
diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c
index d09adb080..55b47b8eb 100644
--- a/src/lib/crypto/crypto_tests/t_hmac.c
+++ b/src/lib/crypto/crypto_tests/t_hmac.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Test vectors for HMAC-MD5 and HMAC-SHA1 (placeholder only).
  * Tests taken from RFC 2202.
@@ -91,7 +91,7 @@ struct hmac_test {
     const char *hexdigest;
 };
 
-static krb5_error_code hmac1(const struct krb5_hash_provider *h, 
+static krb5_error_code hmac1(const struct krb5_hash_provider *h,
 			     krb5_keyblock *key,
 			     krb5_data *in, krb5_data *out)
 {
@@ -223,7 +223,7 @@ static void test_hmac()
 		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
 		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
 	    },
-	    73, 
+	    73,
 	    "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
 	    "0x6f630fad67cda0ee1fb1f562db3aa53e"
 	},
diff --git a/src/lib/crypto/crypto_tests/t_kperf.c b/src/lib/crypto/crypto_tests/t_kperf.c
index f56aa3cd1..4c99d72aa 100644
--- a/src/lib/crypto/crypto_tests/t_kperf.c
+++ b/src/lib/crypto/crypto_tests/t_kperf.c
@@ -9,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/crypto_tests/t_mddriver.c b/src/lib/crypto/crypto_tests/t_mddriver.c
index 2c0210cac..3fab84721 100644
--- a/src/lib/crypto/crypto_tests/t_mddriver.c
+++ b/src/lib/crypto/crypto_tests/t_mddriver.c
@@ -117,7 +117,7 @@ struct md_test_entry md_test_suite[] = {
     { "abcdefghijklmnopqrstuvwxyz",
 	  {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
 	   0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b }},
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 
+    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
 	  {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
 	   0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f }},
     { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
@@ -125,7 +125,7 @@ struct md_test_entry md_test_suite[] = {
 	   0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a }},
     { 0, {0} }
 };
-	
+
 #endif
 
 /* Main driver.
@@ -185,7 +185,7 @@ static void MDTimeTrial ()
   time_t endTime, startTime;
   unsigned char block[TEST_BLOCK_LEN];
   unsigned int i;
-  
+
   printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD,
   TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
 
@@ -222,7 +222,7 @@ static void MDTestSuite ()
     MD_CTX context;
     struct md_test_entry *entry;
     int	i, num_tests = 0, num_failed = 0;
-    
+
     printf ("MD%d test suite:\n\n", MD);
     for (entry = md_test_suite; entry->string; entry++) {
 	unsigned int len = strlen (entry->string);
@@ -254,7 +254,7 @@ static void MDTestSuite ()
 	exit(0);
     }
 #else
-  
+
     printf ("MD%d test suite:\n", MD);
     MDString ("");
     MDString ("a");
diff --git a/src/lib/crypto/crypto_tests/t_nfold.c b/src/lib/crypto/crypto_tests/t_nfold.c
index 2b5b0e3f8..27a5760c4 100644
--- a/src/lib/crypto/crypto_tests/t_nfold.c
+++ b/src/lib/crypto/crypto_tests/t_nfold.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Program to test the correctness of nfold implementation.
  *
@@ -139,7 +139,7 @@ main(argc, argv)
 
     printf("N-fold\n");
     for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) {
-	printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]), 
+	printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
 	       nfold_in[i]);
 	printf("\t192-Fold:\t");
 	krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
diff --git a/src/lib/crypto/crypto_tests/t_pkcs5.c b/src/lib/crypto/crypto_tests/t_pkcs5.c
index fa1f43dea..2d58b5033 100644
--- a/src/lib/crypto/crypto_tests/t_pkcs5.c
+++ b/src/lib/crypto/crypto_tests/t_pkcs5.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Test vectors for PBKDF2 (from PKCS #5v2), based on RFC 3211.
  */
diff --git a/src/lib/crypto/crypto_tests/t_prf.c b/src/lib/crypto/crypto_tests/t_prf.c
index ac244eb9a..c8825d09b 100644
--- a/src/lib/crypto/crypto_tests/t_prf.c
+++ b/src/lib/crypto/crypto_tests/t_prf.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * This file contains tests for the PRF code in Kerberos.  IT reads an
  * input file, and writes an output file.  It is assumed that the
  * output file will be diffed against expected output to see whether
@@ -55,7 +55,7 @@ int main () {
       input.data = &s[0];
       input.length = strlen(s);
       assert(krb5_c_string_to_key (0, enctype, &input, &input, key) == 0);
-    
+
       if (scanf("%u", &in_length) == EOF)
 	  break;
 
@@ -71,7 +71,7 @@ int main () {
 	  assert (output.data = malloc(prfsz));
 	  output.length = prfsz;
 	  assert (krb5_c_prf(0, key, &input, &output) == 0);
-      
+
 	  free (input.data);
 	  input.data = NULL;
       }
diff --git a/src/lib/crypto/crypto_tests/t_prng.c b/src/lib/crypto/crypto_tests/t_prng.c
index 7df743bae..2555e895d 100644
--- a/src/lib/crypto/crypto_tests/t_prng.c
+++ b/src/lib/crypto/crypto_tests/t_prng.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * This file contains tests for the PRNG code in Kerberos.  It reads
  * an input file, and writes an output file.  It is assumed that the
  * output file will be diffed against expected output to see whether
diff --git a/src/lib/crypto/crypto_tests/vectors.c b/src/lib/crypto/crypto_tests/vectors.c
index 67235443c..a6301edf5 100644
--- a/src/lib/crypto/crypto_tests/vectors.c
+++ b/src/lib/crypto/crypto_tests/vectors.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Test vectors for crypto code, matching data submitted for inclusion
  * with RFC1510bis.
diff --git a/src/lib/crypto/crypto_tests/ytest.c b/src/lib/crypto/crypto_tests/ytest.c
index 93fb5f25a..82e2eba72 100644
--- a/src/lib/crypto/crypto_tests/ytest.c
+++ b/src/lib/crypto/crypto_tests/ytest.c
@@ -28,8 +28,8 @@ static void print_yarrow_status( Yarrow_CTX *y )
 	for ( sid = 0; sid < y->num_sources; sid++ )
 	{
 	    source = &y->source[ sid ];
-	    printf( "#%d=%d/%d, ", sid, source->entropy[pool], 
-		    pool == YARROW_SLOW_POOL ? 
+	    printf( "#%d=%d/%d, ", sid, source->entropy[pool],
+		    pool == YARROW_SLOW_POOL ?
 		    y->slow_thresh : y->fast_thresh );
 	}
     }
@@ -44,8 +44,8 @@ int Instrumented_krb5int_yarrow_input( Yarrow_CTX* y, int sid, void* sample,
 {
     int ret;
 
-    VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy, 
-		     y->source[sid].pool == 
+    VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy,
+		     y->source[sid].pool ==
 		     YARROW_SLOW_POOL ? "slow" : "fast" ); );
     ret = krb5int_yarrow_input( y, sid, sample, size, entropy );
 
@@ -95,15 +95,15 @@ int main( int argc, char* argv[] )
     int done_some_tests = 0;
     int i;
     int ret;
-    
+
     for ( argvp = argv+1, i = 1; i < argc; i++, argvp++ )
     {
 	arg = *argvp;
-	if ( arg[0] == '-' ) 
+	if ( arg[0] == '-' )
 	{
 	    switch ( arg[1] )
 	    {
-	    case 'v': yarrow_verbose = 1; continue; 
+	    case 'v': yarrow_verbose = 1; continue;
 	    default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
 		THROW( YARROW_FAIL );
 	    }
@@ -193,7 +193,7 @@ int test_3( void )
 
     VERBOSE( printf( "\nkrb5int_yarrow_stretch\n\n" ); );
     THROW( YARROW_NOT_IMPL );
-    
+
  CATCH:
     EXCEP_RET;
 }
@@ -232,18 +232,18 @@ int test_4( void )
     VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
 		     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
-  
+
     VERBOSE( printf( "Yarrow_Poll( #%d ) = [", user ); );
     ret = Yarrow_Poll( &yarrow, user );
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
 
     ret = krb5int_yarrow_new_source( &yarrow, &mouse );
-    VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", 
+    VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
 		     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
 
     ret = krb5int_yarrow_new_source( &yarrow, &keyboard );
-    VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n", 
+    VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
 		     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
 
@@ -255,22 +255,22 @@ int test_4( void )
     ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) );
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
 
-/*   do it twice so that we some slow samples 
+/*   do it twice so that we some slow samples
  *   (first sample goes to fast pool, and then samples alternate)
  */
 
     for ( i = 0; i < 2; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, 
+	TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
 					sizeof( mouse_sample ), 2 ) );
-	
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample, 
+
+	TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample,
 					sizeof( keyboard_sample ), 2 ) );
 
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, 
+	TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
 					sizeof( user_sample ), 2 ) );
     }
-	
+
 #if defined( YARROW_DEBUG )
     dump_yarrow_state( stdout, &yarrow );
 #endif
@@ -282,8 +282,8 @@ int test_4( void )
 
     for ( i = 0; i < 7; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample, 
-					sizeof( user_sample ), 
+	TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
+					sizeof( user_sample ),
 					sizeof( user_sample ) * 3 ) );
     }
 
@@ -295,8 +295,8 @@ int test_4( void )
 
     for ( i = 0; i < 40; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample, 
-					sizeof( mouse_sample ), 
+	TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
+					sizeof( mouse_sample ),
 					sizeof( mouse_sample )*2 ) );
     }
 
@@ -320,20 +320,20 @@ int test_4( void )
 
 	if ( i % 16 == 0 )
 	{
-	    TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk, 
-					    sizeof( junk ), 
+	    TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk,
+					    sizeof( junk ),
 					    sizeof( junk ) * 3 ) );
 	}
 	else
 	{
-	    TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk, 
-					    sizeof( junk ), 
+	    TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk,
+					    sizeof( junk ),
 					    sizeof( junk ) * 3 ) );
 	}
     }
 
     VERBOSE( printf( "\nPrint some random output\n\n" ); );
-    
+
     VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( random ) ); );
     ret = krb5int_yarrow_output( &yarrow, random, sizeof( random ) );
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
@@ -365,7 +365,7 @@ void hex_print( FILE* f, const char* var, void* data, size_t size )
     size_t i;
     char* p = (char*) data;
     char c, d;
-    
+
     fprintf( f, var );
     fprintf( f, " = " );
     for ( i = 0; i < size; i++ )
diff --git a/src/lib/crypto/krb/aead.c b/src/lib/crypto/krb/aead.c
index fd9a50e0b..f3ca11b6e 100644
--- a/src/lib/crypto/krb/aead.c
+++ b/src/lib/crypto/krb/aead.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -91,7 +91,7 @@ make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider,
     return ret;
 }
 
-krb5_error_code 
+krb5_error_code
 krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum_type,
 			    krb5_key key,
 			    krb5_keyusage usage,
@@ -382,7 +382,7 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
     iov[i].data.data = stream->data.data;
     iov[i].data.length = header_len;
     i++;
- 
+
     for (j = 0; j < num_data; j++) {
 	if (data[j].flags == KRB5_CRYPTO_TYPE_DATA) {
 	    if (got_data) {
@@ -570,4 +570,3 @@ krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead,
 
     *length = header_len + inputlen + padding_len + trailer_len;
 }
-
diff --git a/src/lib/crypto/krb/aead.h b/src/lib/crypto/krb/aead.h
index cc43875e2..f9e92bdc5 100644
--- a/src/lib/crypto/krb/aead.h
+++ b/src/lib/crypto/krb/aead.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/krb/block_size.c b/src/lib/crypto/krb/block_size.c
index 336dbc2a2..6f889458c 100644
--- a/src/lib/crypto/krb/block_size.c
+++ b/src/lib/crypto/krb/block_size.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/cf2.c b/src/lib/crypto/krb/cf2.c
index 1c6896c16..b5724a391 100644
--- a/src/lib/crypto/krb/cf2.c
+++ b/src/lib/crypto/krb/cf2.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +22,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  * Implement KRB_FX_CF2 function per
  *draft-ietf-krb-wg-preauth-framework-09.  Take two keys and two
@@ -37,7 +37,7 @@
 
 /*
  * Call the PRF function multiple times with the pepper prefixed with
- * a count byte  to get enough bits of output. 
+ * a count byte  to get enough bits of output.
  */
 static krb5_error_code
 prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
@@ -90,7 +90,7 @@ cleanup:
     return retval;
 }
 
-    
+
 krb5_error_code KRB5_CALLCONV
 krb5_c_fx_cf2_simple(krb5_context context,
 		     krb5_keyblock *k1, const char *pepper1,
diff --git a/src/lib/crypto/krb/checksum_length.c b/src/lib/crypto/krb/checksum_length.c
index aeb057cbb..bc1c9d34e 100644
--- a/src/lib/crypto/krb/checksum_length.c
+++ b/src/lib/crypto/krb/checksum_length.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -50,4 +50,3 @@ krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
 
     return 0;
 }
-	
diff --git a/src/lib/crypto/krb/cksumtype_to_string.c b/src/lib/crypto/krb/cksumtype_to_string.c
index d97476623..d5bb702df 100644
--- a/src/lib/crypto/krb/cksumtype_to_string.c
+++ b/src/lib/crypto/krb/cksumtype_to_string.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c
index e03c0adc8..2c1924ded 100644
--- a/src/lib/crypto/krb/cksumtypes.c
+++ b/src/lib/crypto/krb/cksumtypes.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -69,21 +69,21 @@ const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
       &krb5int_hash_sha1 },
     { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0,
       "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" },
-      "Microsoft HMAC MD5 (RC4 key)", 
+      "Microsoft HMAC MD5 (RC4 key)",
       ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
       NULL },
 
     { CKSUMTYPE_HMAC_SHA1_96_AES128, KRB5_CKSUMFLAG_DERIVE,
       "hmac-sha1-96-aes128", { 0 }, "HMAC-SHA1 AES128 key",
-      0, NULL, 
+      0, NULL,
       &krb5int_hash_sha1, 12 },
     { CKSUMTYPE_HMAC_SHA1_96_AES256, KRB5_CKSUMFLAG_DERIVE,
       "hmac-sha1-96-aes256", { 0 }, "HMAC-SHA1 AES256 key",
-      0, NULL, 
+      0, NULL,
       &krb5int_hash_sha1, 12 },
     { CKSUMTYPE_MD5_HMAC_ARCFOUR, 0,
       "md5-hmac-rc4", { 0 }, "Microsoft MD5 HMAC (RC4 key)",
-      ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_md5_hmac, 
+      ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_md5_hmac,
       NULL }
 };
 
diff --git a/src/lib/crypto/krb/cksumtypes.h b/src/lib/crypto/krb/cksumtypes.h
index 10d8ccd53..f3e1f57b6 100644
--- a/src/lib/crypto/krb/cksumtypes.h
+++ b/src/lib/crypto/krb/cksumtypes.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/coll_proof_cksum.c b/src/lib/crypto/krb/coll_proof_cksum.c
index 08b4ccb11..e5d7ed13c 100644
--- a/src/lib/crypto/krb/coll_proof_cksum.c
+++ b/src/lib/crypto/krb/coll_proof_cksum.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c
index 4f2692ab2..3aa24da5c 100644
--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -5,7 +5,7 @@
  * documentation is hereby granted, provided that both the copyright
  * notice and this permission notice appear in all copies of the software,
  * derivative works or modified versions, and any portions thereof.
- * 
+ *
  * NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND
  * DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER
  * RESULTING FROM THE USE OF THIS SOFTWARE.
@@ -276,4 +276,3 @@ cleanup:
     krb5_k_free_key(NULL, key);
     return ret;
 }
-
diff --git a/src/lib/crypto/krb/crc32/crc-32.h b/src/lib/crypto/krb/crc32/crc-32.h
index 0efc00625..5c8c5bcf8 100644
--- a/src/lib/crypto/krb/crc32/crc-32.h
+++ b/src/lib/crypto/krb/crc32/crc-32.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +22,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Definitions for the CRC-32 checksum
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +47,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/crc32/crc32.c b/src/lib/crypto/krb/crc32/crc32.c
index ef65476d9..ee7e53f1f 100644
--- a/src/lib/crypto/krb/crc32/crc32.c
+++ b/src/lib/crypto/krb/crc32/crc32.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * CRC-32/AUTODIN-II routines
  */
diff --git a/src/lib/crypto/krb/crypto_length.c b/src/lib/crypto/krb/crypto_length.c
index 23e8c1ca9..00de30c7c 100644
--- a/src/lib/crypto/krb/crypto_length.c
+++ b/src/lib/crypto/krb/crypto_length.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -142,4 +142,3 @@ krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
 
     return 0;
 }
-
diff --git a/src/lib/crypto/krb/decrypt.c b/src/lib/crypto/krb/decrypt.c
index 36c3bf0ab..9ad68adc7 100644
--- a/src/lib/crypto/krb/decrypt.c
+++ b/src/lib/crypto/krb/decrypt.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/decrypt_iov.c b/src/lib/crypto/krb/decrypt_iov.c
index fcc997377..1813af956 100644
--- a/src/lib/crypto/krb/decrypt_iov.c
+++ b/src/lib/crypto/krb/decrypt_iov.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/krb/default_state.c b/src/lib/crypto/krb/default_state.c
index 33a189f26..9995b2795 100644
--- a/src/lib/crypto/krb/default_state.c
+++ b/src/lib/crypto/krb/default_state.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -20,7 +20,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * Section 6 (Encryption) of the Kerberos revisions document defines
  * cipher states to be used to chain encryptions and decryptions
  * together.  Examples of cipher states include initialization vectors
@@ -58,6 +58,3 @@ krb5_error_code krb5int_default_free_state
   }
   return 0;
 }
-
-    
-  
diff --git a/src/lib/crypto/krb/dk/checksum.c b/src/lib/crypto/krb/dk/checksum.c
index e5087e742..538060dbd 100644
--- a/src/lib/crypto/krb/dk/checksum.c
+++ b/src/lib/crypto/krb/dk/checksum.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -54,7 +54,7 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
      */
 
     /* Derive the key. */
- 
+
     datain.data = (char *) constantdata;
     datain.length = K5CLENGTH;
 
@@ -102,7 +102,7 @@ krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
      */
 
     /* Derive the key. */
- 
+
     datain.data = (char *) constantdata;
     datain.length = K5CLENGTH;
 
diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c
index bcd111435..5019975f2 100644
--- a/src/lib/crypto/krb/dk/derive.c
+++ b/src/lib/crypto/krb/dk/derive.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/dk/dk.h b/src/lib/crypto/krb/dk/dk.h
index 288072abd..76937dac1 100644
--- a/src/lib/crypto/krb/dk/dk.h
+++ b/src/lib/crypto/krb/dk/dk.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/dk/dk_decrypt.c b/src/lib/crypto/krb/dk/dk_decrypt.c
index 9535a7554..b080d5f4f 100644
--- a/src/lib/crypto/krb/dk/dk_decrypt.c
+++ b/src/lib/crypto/krb/dk/dk_decrypt.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/dk/dk_encrypt.c b/src/lib/crypto/krb/dk/dk_encrypt.c
index b44671abe..e84a092b5 100644
--- a/src/lib/crypto/krb/dk/dk_encrypt.c
+++ b/src/lib/crypto/krb/dk/dk_encrypt.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -305,4 +305,3 @@ cleanup:
     zapfree(plaintext, plainlen);
     return ret;
 }
-
diff --git a/src/lib/crypto/krb/dk/stringtokey.c b/src/lib/crypto/krb/dk/stringtokey.c
index 7589b4b80..59404e489 100644
--- a/src/lib/crypto/krb/dk/stringtokey.c
+++ b/src/lib/crypto/krb/dk/stringtokey.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/enc_provider/aes.c b/src/lib/crypto/krb/enc_provider/aes.c
index 060d119c4..fac85b359 100644
--- a/src/lib/crypto/krb/enc_provider/aes.c
+++ b/src/lib/crypto/krb/enc_provider/aes.c
@@ -412,4 +412,3 @@ const struct krb5_enc_provider krb5int_enc_aes256 = {
     krb5int_aes_encrypt_iov,
     krb5int_aes_decrypt_iov
 };
-
diff --git a/src/lib/crypto/krb/enc_provider/des.c b/src/lib/crypto/krb/enc_provider/des.c
index 547f6b976..cd41471c1 100644
--- a/src/lib/crypto/krb/enc_provider/des.c
+++ b/src/lib/crypto/krb/enc_provider/des.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/enc_provider/des3.c b/src/lib/crypto/krb/enc_provider/des3.c
index 412c994a7..b0325fbdf 100644
--- a/src/lib/crypto/krb/enc_provider/des3.c
+++ b/src/lib/crypto/krb/enc_provider/des3.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -218,4 +218,3 @@ const struct krb5_enc_provider krb5int_enc_des3 = {
     k5_des3_encrypt_iov,
     k5_des3_decrypt_iov
 };
-
diff --git a/src/lib/crypto/krb/enc_provider/enc_provider.h b/src/lib/crypto/krb/enc_provider/enc_provider.h
index 92022b3c8..49ffaafea 100644
--- a/src/lib/crypto/krb/enc_provider/enc_provider.h
+++ b/src/lib/crypto/krb/enc_provider/enc_provider.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -33,4 +33,3 @@ extern const struct krb5_enc_provider krb5int_enc_aes128;
 extern const struct krb5_enc_provider krb5int_enc_aes256;
 extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
 extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
-
diff --git a/src/lib/crypto/krb/enc_provider/rc4.c b/src/lib/crypto/krb/enc_provider/rc4.c
index b950a605b..c718871b7 100644
--- a/src/lib/crypto/krb/enc_provider/rc4.c
+++ b/src/lib/crypto/krb/enc_provider/rc4.c
@@ -1,4 +1,4 @@
-/* arcfour.c 
+/* arcfour.c
  *
  * Copyright (c) 2000 by Computer Science Laboratory,
  *                       Rensselaer Polytechnic Institute
@@ -18,11 +18,11 @@ static unsigned int k5_arcfour_byte(ArcfourContext *);
 #endif /* gcc inlines*/
 
 /* Initializes the context and sets the key. */
-static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, 
+static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
 		  unsigned int keylen);
 
 /* Encrypts/decrypts data. */
-static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, 
+static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
 		     const unsigned char *src, unsigned int len);
 
 /* Interface layer to kerb5 crypto layer */
@@ -63,7 +63,7 @@ static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx)
   return state[(sx + sy) & 0xff];
 }
 
-static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest, 
+static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
 		     const unsigned char *src, unsigned int len)
 {
   unsigned int i;
@@ -73,7 +73,7 @@ static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
 
 
 static krb5_error_code
-k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key, 
+k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
 		  unsigned int key_len)
 {
   unsigned int t, u;
@@ -153,7 +153,7 @@ k5_arcfour_docrypt(const krb5_keyblock *key, const krb5_data *state,
     memset(arcfour_ctx, 0, sizeof (ArcfourContext));
     free(arcfour_ctx);
   }
-  
+
   return 0;
 }
 
@@ -248,7 +248,7 @@ k5_arcfour_init_state (const krb5_keyblock *key,
   return 0;
 }
 
-/* Since the arcfour cipher is identical going forwards and backwards, 
+/* Since the arcfour cipher is identical going forwards and backwards,
    we just call "docrypt" directly
 */
 const struct krb5_enc_provider krb5int_enc_arcfour = {
@@ -268,4 +268,3 @@ const struct krb5_enc_provider krb5int_enc_arcfour = {
     k5_arcfour_docrypt_iov,
     k5_arcfour_docrypt_iov
 };
-
diff --git a/src/lib/crypto/krb/encrypt.c b/src/lib/crypto/krb/encrypt.c
index 3c39838cf..ee9e0e265 100644
--- a/src/lib/crypto/krb/encrypt.c
+++ b/src/lib/crypto/krb/encrypt.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/encrypt_iov.c b/src/lib/crypto/krb/encrypt_iov.c
index b7b2f5814..64cb12653 100644
--- a/src/lib/crypto/krb/encrypt_iov.c
+++ b/src/lib/crypto/krb/encrypt_iov.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/krb/encrypt_length.c b/src/lib/crypto/krb/encrypt_length.c
index bb9a10212..f2aad024e 100644
--- a/src/lib/crypto/krb/encrypt_length.c
+++ b/src/lib/crypto/krb/encrypt_length.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/enctype_compare.c b/src/lib/crypto/krb/enctype_compare.c
index b724c3d29..6d47f9d4f 100644
--- a/src/lib/crypto/krb/enctype_compare.c
+++ b/src/lib/crypto/krb/enctype_compare.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/enctype_to_string.c b/src/lib/crypto/krb/enctype_to_string.c
index 427a30d7f..c40878257 100644
--- a/src/lib/crypto/krb/enctype_to_string.c
+++ b/src/lib/crypto/krb/enctype_to_string.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c
index 8552c0f16..a1acdc02d 100644
--- a/src/lib/crypto/krb/etypes.c
+++ b/src/lib/crypto/krb/etypes.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -116,7 +116,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       0,
       NULL,
       ETYPE_WEAK },
-    { ENCTYPE_ARCFOUR_HMAC, 
+    { ENCTYPE_ARCFOUR_HMAC,
       "arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" },
       "ArcFour with HMAC/md5",
       &krb5int_enc_arcfour,
@@ -128,7 +128,7 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       CKSUMTYPE_HMAC_MD5_ARCFOUR,
       &krb5int_aead_arcfour,
       0 /*flags*/ },
-    { ENCTYPE_ARCFOUR_HMAC_EXP, 
+    { ENCTYPE_ARCFOUR_HMAC_EXP,
       "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
       "Exportable ArcFour with HMAC/md5",
       &krb5int_enc_arcfour,
diff --git a/src/lib/crypto/krb/etypes.h b/src/lib/crypto/krb/etypes.h
index 16dbae9ce..68dcdd412 100644
--- a/src/lib/crypto/krb/etypes.h
+++ b/src/lib/crypto/krb/etypes.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/key.c b/src/lib/crypto/krb/key.c
index d6adcba74..43d9ce632 100644
--- a/src/lib/crypto/krb/key.c
+++ b/src/lib/crypto/krb/key.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -20,7 +20,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * Functions for manipulating krb5_key structures
  */
 
diff --git a/src/lib/crypto/krb/keyblocks.c b/src/lib/crypto/krb/keyblocks.c
index 51e31d301..d9db694e6 100644
--- a/src/lib/crypto/krb/keyblocks.c
+++ b/src/lib/crypto/krb/keyblocks.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,10 +22,10 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
  *
- * krb5_init_keyblock- a function to set up 
+ *
+ *
+ * krb5_init_keyblock- a function to set up
  *  an empty keyblock
  */
 
@@ -62,14 +62,14 @@ krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype,
     return 0;
 }
 
-void 
+void
 krb5int_c_free_keyblock(krb5_context context, register krb5_keyblock *val)
 {
     krb5int_c_free_keyblock_contents(context, val);
     free(val);
 }
 
-void 
+void
 krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
 {
     if (key && key->contents) {
diff --git a/src/lib/crypto/krb/keyed_checksum_types.c b/src/lib/crypto/krb/keyed_checksum_types.c
index 48743722a..4da6e2510 100644
--- a/src/lib/crypto/krb/keyed_checksum_types.c
+++ b/src/lib/crypto/krb/keyed_checksum_types.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/keyed_cksum.c b/src/lib/crypto/krb/keyed_cksum.c
index dcf72b533..97292769b 100644
--- a/src/lib/crypto/krb/keyed_cksum.c
+++ b/src/lib/crypto/krb/keyed_cksum.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/keyhash_provider/descbc.c b/src/lib/crypto/krb/keyhash_provider/descbc.c
index b08e30b7c..c54e27f93 100644
--- a/src/lib/crypto/krb/keyhash_provider/descbc.c
+++ b/src/lib/crypto/krb/keyhash_provider/descbc.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -52,10 +52,10 @@ k5_descbc_hash(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
 
     /* this has a return value, but it's useless to us */
 
-    mit_des_cbc_cksum((unsigned char *) input->data, 
+    mit_des_cbc_cksum((unsigned char *) input->data,
 		      (unsigned char *) output->data, input->length,
-		      schedule, 
-		      ivec? (const unsigned char *)ivec->data: 
+		      schedule,
+		      ivec? (const unsigned char *)ivec->data:
 		            (const unsigned char *)mit_des_zeroblock);
 
     memset(schedule, 0, sizeof(schedule));
diff --git a/src/lib/crypto/krb/keyhash_provider/hmac_md5.c b/src/lib/crypto/krb/keyhash_provider/hmac_md5.c
index 8318dc0e7..1aa7e3cbe 100644
--- a/src/lib/crypto/krb/keyhash_provider/hmac_md5.c
+++ b/src/lib/crypto/krb/keyhash_provider/hmac_md5.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Implementation of the Microsoft hmac-md5 checksum type.
  * Implemented based on draft-brezak-win2k-krb-rc4-hmac-03
@@ -47,7 +47,7 @@ k5_hmac_md5_hash (krb5_key key, krb5_keyusage usage,
   krb5_data ds, ks_constant, md5tmp;
   krb5_MD5_CTX ctx;
   char t[4];
-  
+
 
   ds.length = key->keyblock.length;
   ds.data = malloc(ds.length);
diff --git a/src/lib/crypto/krb/keyhash_provider/k5_md4des.c b/src/lib/crypto/krb/keyhash_provider/k5_md4des.c
index f3c6d62da..ef10a6898 100644
--- a/src/lib/crypto/krb/keyhash_provider/k5_md4des.c
+++ b/src/lib/crypto/krb/keyhash_provider/k5_md4des.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/keyhash_provider/k5_md5des.c b/src/lib/crypto/krb/keyhash_provider/k5_md5des.c
index 1a2089a02..eb189c26a 100644
--- a/src/lib/crypto/krb/keyhash_provider/k5_md5des.c
+++ b/src/lib/crypto/krb/keyhash_provider/k5_md5des.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -147,7 +147,7 @@ k5_md5des_verify(krb5_key key, krb5_keyusage usage, const krb5_data *ivec,
 	    (memcmp(plaintext+CONFLENGTH, ctx.digest, RSA_MD5_CKSUM_LENGTH)
 	     == 0);
     } else {
-	*valid = 
+	*valid =
 	    (memcmp(plaintext, ctx.digest, RSA_MD5_CKSUM_LENGTH) == 0);
     }
     memset(plaintext, 0, sizeof(plaintext));
diff --git a/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h b/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h
index 8ac91e19d..94424bd1b 100644
--- a/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h
+++ b/src/lib/crypto/krb/keyhash_provider/keyhash_provider.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/keyhash_provider/md5_hmac.c b/src/lib/crypto/krb/keyhash_provider/md5_hmac.c
index 50eb2ecfd..b384574d1 100644
--- a/src/lib/crypto/krb/keyhash_provider/md5_hmac.c
+++ b/src/lib/crypto/krb/keyhash_provider/md5_hmac.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * Implementation of Microsoft KERB_CHECKSUM_MD5_HMAC
  */
 
@@ -62,4 +62,3 @@ const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac = {
   k5_md5_hmac_hash,
   NULL /*checksum  again*/
 };
-
diff --git a/src/lib/crypto/krb/keylengths.c b/src/lib/crypto/krb/keylengths.c
index d28d595d4..f38a28c99 100644
--- a/src/lib/crypto/krb/keylengths.c
+++ b/src/lib/crypto/krb/keylengths.c
@@ -2,7 +2,7 @@
  * COPYRIGHT (c) 2006
  * The Regents of the University of Michigan
  * ALL RIGHTS RESERVED
- * 
+ *
  * Permission is granted to use, copy, create derivative works
  * and redistribute this software and such derivative works
  * for any purpose, so long as the name of The University of
@@ -13,7 +13,7 @@
  * University of Michigan is included in any copy of any
  * portion of this software, then the disclaimer below must
  * also be included.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
  * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
  * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
diff --git a/src/lib/crypto/krb/make_checksum.c b/src/lib/crypto/krb/make_checksum.c
index def88a18d..06a5247eb 100644
--- a/src/lib/crypto/krb/make_checksum.c
+++ b/src/lib/crypto/krb/make_checksum.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/make_checksum_iov.c b/src/lib/crypto/krb/make_checksum_iov.c
index e4e2c2d00..192f91091 100644
--- a/src/lib/crypto/krb/make_checksum_iov.c
+++ b/src/lib/crypto/krb/make_checksum_iov.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/krb/make_random_key.c b/src/lib/crypto/krb/make_random_key.c
index 0c3a26203..de2e6bb86 100644
--- a/src/lib/crypto/krb/make_random_key.c
+++ b/src/lib/crypto/krb/make_random_key.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/mandatory_sumtype.c b/src/lib/crypto/krb/mandatory_sumtype.c
index 45ea0b82b..e3e3707c1 100644
--- a/src/lib/crypto/krb/mandatory_sumtype.c
+++ b/src/lib/crypto/krb/mandatory_sumtype.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/krb/nfold.c b/src/lib/crypto/krb/nfold.c
index 01e897217..976e131af 100644
--- a/src/lib/crypto/krb/nfold.c
+++ b/src/lib/crypto/krb/nfold.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -127,4 +127,3 @@ krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits
 	}
     }
 }
-
diff --git a/src/lib/crypto/krb/old/des_stringtokey.c b/src/lib/crypto/krb/old/des_stringtokey.c
index 2bacb4ef9..6a5c669d7 100644
--- a/src/lib/crypto/krb/old/des_stringtokey.c
+++ b/src/lib/crypto/krb/old/des_stringtokey.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/old/old.h b/src/lib/crypto/krb/old/old.h
index a5f3f7889..953e61ee6 100644
--- a/src/lib/crypto/krb/old/old.h
+++ b/src/lib/crypto/krb/old/old.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/old/old_decrypt.c b/src/lib/crypto/krb/old/old_decrypt.c
index 42a755a4a..97fbe6df2 100644
--- a/src/lib/crypto/krb/old/old_decrypt.c
+++ b/src/lib/crypto/krb/old/old_decrypt.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/old/old_encrypt.c b/src/lib/crypto/krb/old/old_encrypt.c
index b3a1c5bea..137d6ed43 100644
--- a/src/lib/crypto/krb/old/old_encrypt.c
+++ b/src/lib/crypto/krb/old/old_encrypt.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/old_api_glue.c b/src/lib/crypto/krb/old_api_glue.c
index 0688d7fe3..73f4fd7b2 100644
--- a/src/lib/crypto/krb/old_api_glue.c
+++ b/src/lib/crypto/krb/old_api_glue.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -235,7 +235,7 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
     outcksum->length = cksum.length;
 
     free(cksum.contents);
-    
+
     return(0);
 }
 
diff --git a/src/lib/crypto/krb/prf.c b/src/lib/crypto/krb/prf.c
index 12ec22b65..141390f63 100644
--- a/src/lib/crypto/krb/prf.c
+++ b/src/lib/crypto/krb/prf.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +22,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  * This contains the implementation of krb5_c_prf, which  will find
  *the enctype-specific PRF and then generate pseudo-random data.  This
diff --git a/src/lib/crypto/krb/prf/des_prf.c b/src/lib/crypto/krb/prf/des_prf.c
index dd9907bda..47130864e 100644
--- a/src/lib/crypto/krb/prf/des_prf.c
+++ b/src/lib/crypto/krb/prf/des_prf.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +22,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  * This file contains an implementation of the RFC 3961 PRF for
  * des-cbc-crc, des-cbc-md4, and des-cbc-md5 enctypes.
diff --git a/src/lib/crypto/krb/prf/dk_prf.c b/src/lib/crypto/krb/prf/dk_prf.c
index 379cc1cbe..80f9d5075 100644
--- a/src/lib/crypto/krb/prf/dk_prf.c
+++ b/src/lib/crypto/krb/prf/dk_prf.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +22,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  * This file contains an implementation of the RFC 3961 PRF for
  *simplified profile enctypes.
@@ -41,7 +41,7 @@ krb5int_dk_prf (const struct krb5_enc_provider *enc,
   krb5_data prfconst;
   krb5_key kp = NULL;
   krb5_error_code ret = 0;
-  
+
   prfconst.data = (char *) "prf";
   prfconst.length = 3;
   tmp.length = hash->hashsize;
diff --git a/src/lib/crypto/krb/prf/prf_int.h b/src/lib/crypto/krb/prf/prf_int.h
index 97bbf049d..e21035fbc 100644
--- a/src/lib/crypto/krb/prf/prf_int.h
+++ b/src/lib/crypto/krb/prf/prf_int.h
@@ -29,7 +29,7 @@
 
 #include "k5-int.h"
 
-krb5_error_code 
+krb5_error_code
 krb5int_arcfour_prf(const struct krb5_enc_provider *enc,
                     const struct krb5_hash_provider *hash,
                     krb5_key key, const krb5_data *in, krb5_data *out);
@@ -45,5 +45,3 @@ krb5int_dk_prf(const struct krb5_enc_provider *enc,
                krb5_key key, const krb5_data *in, krb5_data *out);
 
 #endif  /*PRF_INTERNAL_DEFS*/
-
-
diff --git a/src/lib/crypto/krb/prf/rc4_prf.c b/src/lib/crypto/krb/prf/rc4_prf.c
index 8a79b553a..caeaa44ab 100644
--- a/src/lib/crypto/krb/prf/rc4_prf.c
+++ b/src/lib/crypto/krb/prf/rc4_prf.c
@@ -29,7 +29,7 @@
 #include "k5-int.h"
 #include <hash_provider/hash_provider.h>
 
-krb5_error_code 
+krb5_error_code
 krb5int_arcfour_prf(const struct krb5_enc_provider *enc,
                     const struct krb5_hash_provider *hash,
                     krb5_key key, const krb5_data *in, krb5_data *out)
@@ -37,5 +37,3 @@ krb5int_arcfour_prf(const struct krb5_enc_provider *enc,
     assert(out->length == 20);
     return krb5int_hmac(&krb5int_hash_sha1, key, 1, in, out);
 }
-
-
diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
index b52dabc26..00534ca0c 100644
--- a/src/lib/crypto/krb/prng.c
+++ b/src/lib/crypto/krb/prng.c
@@ -2,12 +2,12 @@
  * Copyright (C) 2001, 2002, 2004, 2007, 2008 by the Massachusetts Institute of Technology.
  * All rights reserved.
  *
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -190,7 +190,7 @@ read_entropy_from_device(krb5_context context, const char *device)
     return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
 				      &data) == 0);
 }
-    
+
 krb5_error_code KRB5_CALLCONV
 krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
 {
diff --git a/src/lib/crypto/krb/rand2key/aes_rand2key.c b/src/lib/crypto/krb/rand2key/aes_rand2key.c
index 25c72cff3..c5028e57b 100644
--- a/src/lib/crypto/krb/rand2key/aes_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/aes_rand2key.c
@@ -41,4 +41,3 @@ krb5int_aes_make_key(const krb5_data *randombits, krb5_keyblock *key)
 
     return(0);
 }
-
diff --git a/src/lib/crypto/krb/rand2key/des3_rand2key.c b/src/lib/crypto/krb/rand2key/des3_rand2key.c
index b505f1a45..fe84c3a14 100644
--- a/src/lib/crypto/krb/rand2key/des3_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/des3_rand2key.c
@@ -57,4 +57,3 @@ krb5int_des3_make_key(const krb5_data *randombits, krb5_keyblock *key)
     }
     return(0);
 }
-
diff --git a/src/lib/crypto/krb/rand2key/des_rand2key.c b/src/lib/crypto/krb/rand2key/des_rand2key.c
index 9af247702..1485965b6 100644
--- a/src/lib/crypto/krb/rand2key/des_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/des_rand2key.c
@@ -51,5 +51,3 @@ krb5int_des_make_key(const krb5_data *randombits, krb5_keyblock *key)
 
     return(0);
 }
-
-
diff --git a/src/lib/crypto/krb/rand2key/rand2key.h b/src/lib/crypto/krb/rand2key/rand2key.h
index d452940b3..01208f6a4 100644
--- a/src/lib/crypto/krb/rand2key/rand2key.h
+++ b/src/lib/crypto/krb/rand2key/rand2key.h
@@ -13,6 +13,3 @@ krb5int_des3_make_key(const krb5_data *randombits, krb5_keyblock *key);
 
 krb5_error_code
 krb5int_aes_make_key(const krb5_data *randombits, krb5_keyblock *key);
-
-
-
diff --git a/src/lib/crypto/krb/rand2key/rc4_rand2key.c b/src/lib/crypto/krb/rand2key/rc4_rand2key.c
index 0e66d887d..d498f0526 100644
--- a/src/lib/crypto/krb/rand2key/rc4_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/rc4_rand2key.c
@@ -42,4 +42,3 @@ krb5int_arcfour_make_key(const krb5_data *randombits, krb5_keyblock *key)
 
     return(0);
 }
-
diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c
index 18e4c6959..f94229a1e 100644
--- a/src/lib/crypto/krb/random_to_key.c
+++ b/src/lib/crypto/krb/random_to_key.c
@@ -2,7 +2,7 @@
  * COPYRIGHT (c) 2006
  * The Regents of the University of Michigan
  * ALL RIGHTS RESERVED
- * 
+ *
  * Permission is granted to use, copy, create derivative works
  * and redistribute this software and such derivative works
  * for any purpose, so long as the name of The University of
@@ -13,7 +13,7 @@
  * University of Michigan is included in any copy of any
  * portion of this software, then the disclaimer below must
  * also be included.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
  * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
  * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
diff --git a/src/lib/crypto/krb/raw/raw.h b/src/lib/crypto/krb/raw/raw.h
index 3c2618874..d5575e13a 100644
--- a/src/lib/crypto/krb/raw/raw.h
+++ b/src/lib/crypto/krb/raw/raw.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -46,4 +46,3 @@ krb5_error_code krb5int_raw_decrypt
 		krb5_data *arg_output);
 
 extern const struct krb5_aead_provider krb5int_aead_raw;
-
diff --git a/src/lib/crypto/krb/raw/raw_aead.c b/src/lib/crypto/krb/raw/raw_aead.c
index 68070d1da..f15e4868e 100644
--- a/src/lib/crypto/krb/raw/raw_aead.c
+++ b/src/lib/crypto/krb/raw/raw_aead.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/krb/raw/raw_decrypt.c b/src/lib/crypto/krb/raw/raw_decrypt.c
index 58ee6f82c..34598bbfb 100644
--- a/src/lib/crypto/krb/raw/raw_decrypt.c
+++ b/src/lib/crypto/krb/raw/raw_decrypt.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/raw/raw_encrypt.c b/src/lib/crypto/krb/raw/raw_encrypt.c
index b02258d4b..6e8516c4c 100644
--- a/src/lib/crypto/krb/raw/raw_encrypt.c
+++ b/src/lib/crypto/krb/raw/raw_encrypt.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/state.c b/src/lib/crypto/krb/state.c
index 152ebecf7..12638a43b 100644
--- a/src/lib/crypto/krb/state.c
+++ b/src/lib/crypto/krb/state.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +22,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
 
- * 
- * 
+ *
+ *
  *
  *  * Section 6 (Encryption) of the Kerberos revisions document defines
  * cipher states to be used to chain encryptions and decryptions
diff --git a/src/lib/crypto/krb/string_to_cksumtype.c b/src/lib/crypto/krb/string_to_cksumtype.c
index 796cc2a44..ae5da6de5 100644
--- a/src/lib/crypto/krb/string_to_cksumtype.c
+++ b/src/lib/crypto/krb/string_to_cksumtype.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/string_to_enctype.c b/src/lib/crypto/krb/string_to_enctype.c
index 4978ac785..159c36b13 100644
--- a/src/lib/crypto/krb/string_to_enctype.c
+++ b/src/lib/crypto/krb/string_to_enctype.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/string_to_key.c b/src/lib/crypto/krb/string_to_key.c
index bf8f8ce91..e81568b35 100644
--- a/src/lib/crypto/krb/string_to_key.c
+++ b/src/lib/crypto/krb/string_to_key.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/valid_cksumtype.c b/src/lib/crypto/krb/valid_cksumtype.c
index d32e8f589..69cc18667 100644
--- a/src/lib/crypto/krb/valid_cksumtype.c
+++ b/src/lib/crypto/krb/valid_cksumtype.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/valid_enctype.c b/src/lib/crypto/krb/valid_enctype.c
index 2657fd084..a6445111e 100644
--- a/src/lib/crypto/krb/valid_enctype.c
+++ b/src/lib/crypto/krb/valid_enctype.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/verify_checksum.c b/src/lib/crypto/krb/verify_checksum.c
index d8a9cc8b7..a4869eb41 100644
--- a/src/lib/crypto/krb/verify_checksum.c
+++ b/src/lib/crypto/krb/verify_checksum.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c
index f72ca652f..cbac1db47 100644
--- a/src/lib/crypto/krb/verify_checksum_iov.c
+++ b/src/lib/crypto/krb/verify_checksum_iov.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/crypto/krb/yarrow/yarrow.c b/src/lib/crypto/krb/yarrow/yarrow.c
index b1533daf4..4b1fcf1dc 100644
--- a/src/lib/crypto/krb/yarrow/yarrow.c
+++ b/src/lib/crypto/krb/yarrow/yarrow.c
@@ -14,7 +14,7 @@
  * permission.  Zero-Knowledge Systems, Inc. makes no representations
  * about the suitability of this software for any purpose.  It is
  * provided "as is" without express or implied warranty.
- * 
+ *
  * See the accompanying LICENSE file for more information.
  */
 
@@ -47,7 +47,7 @@
 extern int yarrow_verbose;
 #define TRACE( x ) do { if (yarrow_verbose) { x } } while (0)
 #else
-#define TRACE( x ) 
+#define TRACE( x )
 #endif
 
 #if defined(macintosh)
@@ -246,8 +246,8 @@ int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename)
 }
 
 static
-int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id, 
-				const void* sample, 
+int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
+				const void* sample,
 				size_t size, size_t entropy_bits,
 				int do_lock )
 {
@@ -257,7 +257,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
     Source* source;
     size_t new_entropy;
     size_t estimate;
-  
+
     if (do_lock) {
 	    TRY( LOCK() );
 	    locked = 1;
@@ -267,7 +267,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
     if (!y) { THROW( YARROW_BAD_ARG ); }
 
     if (source_id >= y->num_sources) { THROW( YARROW_BAD_SOURCE ); }
-  
+
     source = &y->source[source_id];
 
     if(source->pool != YARROW_FAST_POOL && source->pool != YARROW_SLOW_POOL)
@@ -278,10 +278,10 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
     /* hash in the sample */
 
     HASH_Update(&y->pool[source->pool], (const void*)sample, size);
-  
+
     /* only update entropy estimate if pool is not full */
 
-    if ( (source->pool == YARROW_FAST_POOL && 
+    if ( (source->pool == YARROW_FAST_POOL &&
 	  source->entropy[source->pool] < y->fast_thresh) ||
 	 (source->pool == YARROW_SLOW_POOL &&
 	  source->entropy[source->pool] < y->slow_thresh) )
@@ -311,7 +311,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
 	}
 	else
 	{
-	    if (!source->reached_slow_thresh && 
+	    if (!source->reached_slow_thresh &&
 		source->entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
 	    {
 		source->reached_slow_thresh = 1;
@@ -328,19 +328,19 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
 	    }
 	}
     }
-  
+
     /* put samples in alternate pools */
 
     source->pool = (source->pool + 1) % 2;
-  
+
  CATCH:
     if ( locked ) { TRY( UNLOCK() ); }
     EXCEP_RET;
 }
 
 YARROW_DLL
-int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id, 
-		  const void* sample, 
+int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
+		  const void* sample,
 		  size_t size, size_t entropy_bits )
 {
     return yarrow_input_maybe_locking(y, source_id, sample, size,
@@ -389,7 +389,7 @@ CATCH:
     EXCEP_RET;
 }
 
-int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id, 
+int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id,
                                      estimator_fn* fptr)
 {
     EXCEP_DECL;
@@ -401,7 +401,7 @@ int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id,
     source = &y->source[source_id];
 
     source->estimator = fptr;
-  
+
  CATCH:
     EXCEP_RET;
 }
@@ -428,15 +428,15 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out )
 	if ( y->gate_count >= y->gates_limit )
 	{
 	    y->gate_count = 0;
-	    
-	    /* not defined whether to do slow or fast reseed */ 
-	    
+
+	    /* not defined whether to do slow or fast reseed */
+
 	    TRACE( printf( "OUTPUT LIMIT REACHED," ); );
 
 	    TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) );
 	}
     }
-  
+
     /* C <- (C + 1) mod 2^n */
 
     block_increment( y->C, CIPHER_BLOCK_SIZE );
@@ -541,7 +541,7 @@ int yarrow_output_locked( Yarrow_CTX* y, void* out, size_t size )
 	outp += use;
     }
 
-    for ( ; 
+    for ( ;
 	  left >= CIPHER_BLOCK_SIZE;
 	  left -= CIPHER_BLOCK_SIZE, outp += CIPHER_BLOCK_SIZE)
     {
@@ -565,7 +565,7 @@ static int yarrow_gate_locked(Yarrow_CTX* y)
     byte new_K[CIPHER_KEY_SIZE];
 
     if (!y) { THROW( YARROW_BAD_ARG ); }
-  
+
     TRACE( printf( "GATE[" ); );
 
     /* K <- Next k bits of PRNG output */
@@ -589,7 +589,7 @@ int krb5int_yarrow_gate(Yarrow_CTX* y)
     byte new_K[CIPHER_KEY_SIZE];
 
     if (!y) { THROW( YARROW_BAD_ARG ); }
-  
+
     TRACE( printf( "GATE[" ); );
 
     /* K <- Next k bits of PRNG output */
@@ -612,7 +612,7 @@ static int Yarrow_Load_State( Yarrow_CTX *y )
 {
     EXCEP_DECL;
     Yarrow_STATE state;
-    
+
     if ( !y ) { THROW( YARROW_BAD_ARG ); }
 
     if ( y->entropyfile )
@@ -623,11 +623,11 @@ static int Yarrow_Load_State( Yarrow_CTX *y )
 #if defined( YARROW_DEBUG )
 	hex_print( stderr, "state.load", state.seed, sizeof(state.seed));
 #endif
-    
+
 	/* what to do here is not defined by the Yarrow paper */
 	/* this is a place holder until we get some clarification */
-    
-	HASH_Update( &y->pool[YARROW_FAST_POOL], 
+
+	HASH_Update( &y->pool[YARROW_FAST_POOL],
 		     state.seed, sizeof(state.seed) );
 
 	Yarrow_Make_Seeded( y );
@@ -643,10 +643,10 @@ static int Yarrow_Save_State( Yarrow_CTX *y )
 {
     EXCEP_DECL;
     Yarrow_STATE state;
-    
+
     if ( !y ) { THROW( YARROW_BAD_ARG ); }
 
-    if ( y->entropyfile && y->seeded ) 
+    if ( y->entropyfile && y->seeded )
     {
 	TRACE( printf( "SAVE STATE[" ); );
 	TRY( krb5int_yarrow_output( y, state.seed, sizeof(state.seed) ) );
@@ -685,8 +685,8 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
     {
 	THROW( YARROW_BAD_ARG );
     }
-  
-    TRACE( printf( "%s RESEED,", 
+
+    TRACE( printf( "%s RESEED,",
 		   pool == YARROW_SLOW_POOL ? "SLOW" : "FAST" ); );
 
     if (pool == YARROW_SLOW_POOL)
@@ -715,7 +715,7 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
     /* step 1. v_0 <- hash of all inputs into fast pool */
 
     HASH_Final(fast_pool, &v_0);
-    HASH_Init(fast_pool);    /* reinitialize fast pool */ 
+    HASH_Init(fast_pool);    /* reinitialize fast pool */
 
     /* v_i <- v_0 */
 
@@ -772,7 +772,7 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 #endif
 
     /* discard part output from previous key */
-  
+
     y->out_left = 0;
 
     /*   step 5. Reset all entropy estimate accumulators of the entropy
@@ -833,13 +833,13 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz
     unsigned int use;
     HASH_CTX hash, save;
     byte digest[HASH_DIGEST_SIZE];
-  
+
     if (m == NULL || size == 0 || out == NULL || out_size == 0)
     {
 	THROW( YARROW_BAD_ARG );
     }
-  
-    /* 
+
+    /*
      *   s_0 = m
      *   s_1 = h(s_0 | ... | s_{i-1})
      *
@@ -849,7 +849,7 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz
 
     outp = out;
     left = out_size;
-  
+
     use = min(out_size, size);
     mem_copy(outp, m, use);    /* get k bits or as many as available */
 
@@ -863,7 +863,7 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz
 	  left -= HASH_DIGEST_SIZE)
     {
 	HASH_Update(&hash, s_i, use);
-    
+
 	/* have to save hash state to one side as HASH_final changes state */
 
 	mem_copy(&save, &hash, sizeof(hash));
@@ -879,7 +879,7 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz
 	s_i = outp;            /* retain pointer to s_i */
 	outp += use;
     }
-  
+
  CATCH:
     mem_zero(&hash, sizeof(hash));
     mem_zero(digest, sizeof(digest));
@@ -891,7 +891,7 @@ static void block_increment(void* block, const int sz)
 {
     byte* b = block;
     int i;
-  
+
     for (i = sz-1; (++b[i]) == 0 && i > 0; i--)
     {
 	; /* nothing */
@@ -916,7 +916,7 @@ int krb5int_yarrow_final(Yarrow_CTX* y)
 #endif
 
  CATCH:
-    if ( y ) 
+    if ( y )
     {
 	krb5int_yarrow_cipher_final(&y->cipher);
 	mem_zero( y, sizeof(Yarrow_CTX) );
@@ -932,7 +932,7 @@ const char* krb5int_yarrow_str_error( int err )
     if ( err < 0 || err >= sizeof( yarrow_str_error ) / sizeof( char* ) )
     {
 	err = 1-YARROW_FAIL;
-    } 
+    }
     return yarrow_str_error[ err ];
 }
 
diff --git a/src/lib/crypto/krb/yarrow/yarrow.h b/src/lib/crypto/krb/yarrow/yarrow.h
index bb8c63ac0..081a06ba5 100644
--- a/src/lib/crypto/krb/yarrow/yarrow.h
+++ b/src/lib/crypto/krb/yarrow/yarrow.h
@@ -135,7 +135,7 @@ int krb5int_yarrow_init( Yarrow_CTX* y, const char *filename );
 
 YARROW_DLL
 int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
-		  const void* sample, 
+		  const void* sample,
 		  size_t size, size_t entropy_bits );
 
 YARROW_DLL
@@ -149,7 +149,7 @@ YARROW_DLL
 int krb5int_yarrow_new_source( Yarrow_CTX* y, unsigned* source_id );
 
 YARROW_DLL
-int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id, 
+int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id,
 				      estimator_fn* fptr );
 
 YARROW_DLL
diff --git a/src/lib/crypto/krb/yarrow/ycipher.c b/src/lib/crypto/krb/yarrow/ycipher.c
index 84cadd13f..8da7b711a 100644
--- a/src/lib/crypto/krb/yarrow/ycipher.c
+++ b/src/lib/crypto/krb/yarrow/ycipher.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +22,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  *  Routines  to implement krb5 cipher operations.
  */
diff --git a/src/lib/crypto/krb/yarrow/ycipher.h b/src/lib/crypto/krb/yarrow/ycipher.h
index ad0d307fc..554cf9aed 100644
--- a/src/lib/crypto/krb/yarrow/ycipher.h
+++ b/src/lib/crypto/krb/yarrow/ycipher.h
@@ -5,7 +5,7 @@
 
 /* block cipher interface */
 
-typedef struct 
+typedef struct
 {
     krb5_key key;
 } CIPHER_CTX;
diff --git a/src/lib/crypto/krb/yarrow/yexcep.h b/src/lib/crypto/krb/yarrow/yexcep.h
index d27de2d5e..b066c91d5 100644
--- a/src/lib/crypto/krb/yarrow/yexcep.h
+++ b/src/lib/crypto/krb/yarrow/yexcep.h
@@ -17,18 +17,18 @@
  *
  *   EXCEP_OK   - success return value (=1)
  *
- *   EXCEP_FAIL - failure return value (=0), other user exceptions are 
+ *   EXCEP_FAIL - failure return value (=0), other user exceptions are
  *                given negative values (<0)
  *
- *   TRY( x )   - if code returns value <= 0 TRY sets return value to 
- *                that value and goes to function cleanup section 
+ *   TRY( x )   - if code returns value <= 0 TRY sets return value to
+ *                that value and goes to function cleanup section
  *                (CATCH: block).  In the catch block, TRY does not goto
  *                the catch label to avoid loops, and instead
  *                falls through to the next statement.  The
  *                return value is set to the first non success value
  *                returned by a TRY, unless this is overridden by a THROW.
  *
- *   CATCH:     - start of catch block, also switches behavior of 
+ *   CATCH:     - start of catch block, also switches behavior of
  *                TRY and THROW to not goto CATCH: inside the catch
  *                block to avoid loops
  *
@@ -45,40 +45,40 @@
 /* example usage */
 
 /*
- * 
+ *
  * #define EXCEP_OK_COMMENT 2
  * #define EXCEP_NULL_PTR -1
  * #define EXCEP_OUT_OF_MEM -2
- * 
+ *
  * int bar( char *c )
  * {
  *     EXCEP_DECL;
- * 
+ *
  *     if ( !c ) { THROW( EXCEP_NULL_PTR ); }
  *     if ( *c == '\0' ) { THROW( EXCEP_FAIL ); );
  *     if ( *c == '#' ) { SET( EXCEP_COMMENT ); }
  *  CATCH:
  *     EXCEP_RET;
  * }
- * 
+ *
  * int foo( char *c )
  * {
  *     EXCEP_DECL;
  *     int *p = NULL;
- * 
+ *
  *     if ( !c ) { THROW( EXCEP_NULL_PTR ); }
  *     TRY( bar( c ) );
  *     if ( RETURN == EXCEP_COMMENT ) { print( "comment\n" ); }
  *     p = strdup( c );
  *     if ( !p ) { THROW( EXCEP_OUT_OF_MEM ); }
- * 
+ *
  *  CATCH:
  *     if ( p ) { TRY( bar( p ) ); free( p ); }
  *     THROW( EXCEP_BOOL );
  *     if ( EXCEPTION == EXCEP_OK ) { printf( "success\n" ); }
  *     EXCEP_RET;
  * }
- * 
+ *
  */
 
 #define EXCEP_FAIL 0
diff --git a/src/lib/crypto/krb/yarrow/ytypes.h b/src/lib/crypto/krb/yarrow/ytypes.h
index 9265e5a84..23c1bdf7e 100644
--- a/src/lib/crypto/krb/yarrow/ytypes.h
+++ b/src/lib/crypto/krb/yarrow/ytypes.h
@@ -10,7 +10,7 @@
 #include <sys/types.h>
 #endif
 
-#define byte unsigned char 
+#define byte unsigned char
 
 #define uint8 unsigned char
 #define int8 signed char
diff --git a/src/lib/crypto/openssl/aes/aes_s2k.c b/src/lib/crypto/openssl/aes/aes_s2k.c
index 348acade9..9dd1402bd 100644
--- a/src/lib/crypto/openssl/aes/aes_s2k.c
+++ b/src/lib/crypto/openssl/aes/aes_s2k.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5int_aes_string_to_key
  */
diff --git a/src/lib/crypto/openssl/arcfour/arcfour-int.h b/src/lib/crypto/openssl/arcfour/arcfour-int.h
index d9db0be8a..bb4cf4201 100644
--- a/src/lib/crypto/openssl/arcfour/arcfour-int.h
+++ b/src/lib/crypto/openssl/arcfour/arcfour-int.h
@@ -19,8 +19,8 @@ typedef struct
     EVP_CIPHER_CTX  evp_ctx;
     unsigned int x;
     unsigned int y;
-    unsigned char state[256]; 
-   
+    unsigned char state[256];
+
 } ArcfourContext;
 
 typedef struct {
diff --git a/src/lib/crypto/openssl/arcfour/arcfour.c b/src/lib/crypto/openssl/arcfour/arcfour.c
index 68feb4985..ac96c8605 100644
--- a/src/lib/crypto/openssl/arcfour/arcfour.c
+++ b/src/lib/crypto/openssl/arcfour/arcfour.c
@@ -61,7 +61,7 @@ case 7:				/* tgs-req authenticator */
 }
 }
 
-/* RFC 4757 */ 
+/* RFC 4757 */
 krb5_error_code
 krb5int_arcfour_encrypt(const struct krb5_enc_provider *enc,
 		     const struct krb5_hash_provider *hash,
@@ -338,4 +338,3 @@ krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc,
   free(plaintext.data);
   return (ret);
 }
-
diff --git a/src/lib/crypto/openssl/arcfour/arcfour_aead.c b/src/lib/crypto/openssl/arcfour/arcfour_aead.c
index da8261f02..66eb3576b 100644
--- a/src/lib/crypto/openssl/arcfour/arcfour_aead.c
+++ b/src/lib/crypto/openssl/arcfour/arcfour_aead.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -106,7 +106,7 @@ krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
      * Caller must have provided space for the header, padding
      * and trailer; per RFC 4757 we will arrange it as:
      *
-     *	    Checksum | E(Confounder | Plaintext) 
+     *	    Checksum | E(Confounder | Plaintext)
      */
 
     header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
@@ -246,7 +246,7 @@ krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead,
     trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
     if (trailer != NULL && trailer->data.length != 0)
 	return KRB5_BAD_MSIZE;
-    
+
     ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock);
     if (ret != 0)
 	goto cleanup;
@@ -334,4 +334,3 @@ const struct krb5_aead_provider krb5int_aead_arcfour = {
     krb5int_arcfour_encrypt_iov,
     krb5int_arcfour_decrypt_iov
 };
-
diff --git a/src/lib/crypto/openssl/arcfour/arcfour_s2k.c b/src/lib/crypto/openssl/arcfour/arcfour_s2k.c
index 09c9b7689..1aaaa1cc4 100644
--- a/src/lib/crypto/openssl/arcfour/arcfour_s2k.c
+++ b/src/lib/crypto/openssl/arcfour/arcfour_s2k.c
@@ -19,7 +19,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
 
   if (params != NULL)
       return KRB5_ERR_BAD_S2K_PARAMS;
-  
+
   if (key->length != 16)
     return (KRB5_BAD_MSIZE);
 
@@ -40,7 +40,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
   krb5int_MD4Final(&md4_context);
   memcpy(key->contents, md4_context.digest, 16);
 
-#if 0  
+#if 0
   /* test the string_to_key function */
   printf("Hash=");
   {
diff --git a/src/lib/crypto/openssl/des/des_int.h b/src/lib/crypto/openssl/des/des_int.h
index 67d776053..84d678c99 100644
--- a/src/lib/crypto/openssl/des/des_int.h
+++ b/src/lib/crypto/openssl/des/des_int.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +22,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Private include file for the Data Encryption Standard library.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +47,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -112,7 +112,7 @@ KRB5INT_DES_DEPRECATED;
  * have an exact 32-bit int, and nothing should be looking inside a
  * des_key_schedule anyway.
  */
-typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16] 
+typedef struct des_ks_struct {  DES_INT32 _[2]; } des_key_schedule[16]
 KRB5INT_DES_DEPRECATED;
 
 typedef des_cblock mit_des_cblock;
@@ -162,7 +162,7 @@ extern int mit_des_check_key_parity (mit_des_cblock );
 
 /* string2key.c */
 extern krb5_error_code mit_des_string_to_key
-    ( const krb5_encrypt_block *, 
+    ( const krb5_encrypt_block *,
 	       krb5_keyblock *, const krb5_data *, const krb5_data *);
 extern krb5_error_code mit_des_string_to_key_int
 	(krb5_keyblock *, const krb5_data *, const krb5_data *);
diff --git a/src/lib/crypto/openssl/des/des_oldapis.c b/src/lib/crypto/openssl/des/des_oldapis.c
index b08a6d004..c931efc3d 100644
--- a/src/lib/crypto/openssl/des/des_oldapis.c
+++ b/src/lib/crypto/openssl/des/des_oldapis.c
@@ -37,7 +37,7 @@ mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out,
 		  const krb5_octet *ivec)
 {
     /* Unsupported operation */
-    return KRB5_CRYPTO_INTERNAL; 
+    return KRB5_CRYPTO_INTERNAL;
 }
 
 krb5_error_code
@@ -53,4 +53,3 @@ mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule)
     /* Unsupported operation */
     return KRB5_CRYPTO_INTERNAL;
 }
-
diff --git a/src/lib/crypto/openssl/des/f_parity.c b/src/lib/crypto/openssl/des/f_parity.c
index ceb6a37c5..bc33eb80c 100644
--- a/src/lib/crypto/openssl/des/f_parity.c
+++ b/src/lib/crypto/openssl/des/f_parity.c
@@ -45,4 +45,3 @@ mit_des_check_key_parity(mit_des_cblock key)
                 return(0);
     return (1);
 }
-
diff --git a/src/lib/crypto/openssl/des/string2key.c b/src/lib/crypto/openssl/des/string2key.c
index 008449a0f..6034e86c7 100644
--- a/src/lib/crypto/openssl/des/string2key.c
+++ b/src/lib/crypto/openssl/des/string2key.c
@@ -37,7 +37,6 @@ mit_des_string_to_key_int (krb5_keyblock *key,
     if ( key->length <  sizeof(outkey))
         return KRB5_CRYPTO_INTERNAL;
     key->length = sizeof(outkey);
-    memcpy(key->contents, outkey, key->length); 
+    memcpy(key->contents, outkey, key->length);
     return 0;
 }
-
diff --git a/src/lib/crypto/openssl/des/weak_key.c b/src/lib/crypto/openssl/des/weak_key.c
index 7f9708392..4d7e99b8b 100644
--- a/src/lib/crypto/openssl/des/weak_key.c
+++ b/src/lib/crypto/openssl/des/weak_key.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Under U.S. law, this software may not be exported outside the US
  * without license from the U.S. Commerce department.
@@ -76,7 +76,7 @@ mit_des_is_weak_key(mit_des_cblock key)
     const mit_des_cblock *weak_p = weak;
 
     for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
-	if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))  
+	if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
 	    return 1;
     }
     if ( DES_is_weak_key(key) == 1) /* Also OpenSSL's check */
@@ -84,4 +84,3 @@ mit_des_is_weak_key(mit_des_cblock key)
 
     return 0;
 }
-
diff --git a/src/lib/crypto/openssl/enc_provider/aes.c b/src/lib/crypto/openssl/enc_provider/aes.c
index 21d71f8a3..51ba8afa6 100644
--- a/src/lib/crypto/openssl/enc_provider/aes.c
+++ b/src/lib/crypto/openssl/enc_provider/aes.c
@@ -88,7 +88,7 @@ cbc_enc(krb5_key key, const krb5_data *ivec,
                   NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
 
     if (ret == 1){
-        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); 
+        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
         ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len,
                            (unsigned char *)input->data, input->length);
         output->length = tmp_len;
@@ -130,7 +130,7 @@ cbc_decr(krb5_key key, const krb5_data *ivec,
     ret = EVP_DecryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
                   NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
     if (ret == 1) {
-        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0); 
+        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
         ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len,
                            (unsigned char *)input->data, input->length);
         output->length = tmp_len;
@@ -515,4 +515,3 @@ const struct krb5_enc_provider krb5int_enc_aes256 = {
     krb5int_aes_encrypt_iov,
     krb5int_aes_decrypt_iov
 };
-
diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c
index 208a0d16d..9c30ef172 100644
--- a/src/lib/crypto/openssl/enc_provider/des.c
+++ b/src/lib/crypto/openssl/enc_provider/des.c
@@ -354,4 +354,3 @@ const struct krb5_enc_provider krb5int_enc_des = {
     k5_des_encrypt_iov,
     k5_des_decrypt_iov
 };
-
diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c
index 4d08bc4b1..7228a46b2 100644
--- a/src/lib/crypto/openssl/enc_provider/des3.c
+++ b/src/lib/crypto/openssl/enc_provider/des3.c
@@ -365,4 +365,3 @@ const struct krb5_enc_provider krb5int_enc_des3 = {
     k5_des3_encrypt_iov,
     k5_des3_decrypt_iov
 };
-
diff --git a/src/lib/crypto/openssl/enc_provider/enc_provider.h b/src/lib/crypto/openssl/enc_provider/enc_provider.h
index d46e1b446..49ffaafea 100644
--- a/src/lib/crypto/openssl/enc_provider/enc_provider.h
+++ b/src/lib/crypto/openssl/enc_provider/enc_provider.h
@@ -33,4 +33,3 @@ extern const struct krb5_enc_provider krb5int_enc_aes128;
 extern const struct krb5_enc_provider krb5int_enc_aes256;
 extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
 extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
-
diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
index 42a3aea1c..a7c3020ea 100644
--- a/src/lib/crypto/openssl/enc_provider/rc4.c
+++ b/src/lib/crypto/openssl/enc_provider/rc4.c
@@ -40,7 +40,7 @@
 #include <openssl/evp.h>
 
 #define RC4_KEY_SIZE 16
-#define RC4_BLOCK_SIZE 1 
+#define RC4_BLOCK_SIZE 1
 
 /* Interface layer to kerb5 crypto layer */
 
@@ -48,7 +48,7 @@
 static krb5_error_code
 k5_arcfour_docrypt(krb5_key, const krb5_data *,
            const krb5_data *, krb5_data *);
-static krb5_error_code 
+static krb5_error_code
 k5_arcfour_free_state ( krb5_data *state);
 static krb5_error_code
 k5_arcfour_init_state (const krb5_keyblock *key,
@@ -160,7 +160,7 @@ k5_arcfour_init_state (const krb5_keyblock *key,
 
 }
 
-/* Since the arcfour cipher is identical going forwards and backwards, 
+/* Since the arcfour cipher is identical going forwards and backwards,
    we just call "docrypt" directly
 */
 const struct krb5_enc_provider krb5int_enc_arcfour = {
@@ -171,7 +171,7 @@ const struct krb5_enc_provider krb5int_enc_arcfour = {
        system, and to attempt to work with the MSFT system forces us
        to 16byte/128bit.  Since there is no parity in the key, the
        byte and length are the same.  */
-    RC4_KEY_SIZE, RC4_KEY_SIZE, 
+    RC4_KEY_SIZE, RC4_KEY_SIZE,
     k5_arcfour_docrypt,
     k5_arcfour_docrypt,
     krb5int_arcfour_make_key,
@@ -180,4 +180,3 @@ const struct krb5_enc_provider krb5int_enc_arcfour = {
     k5_arcfour_docrypt_iov,
     k5_arcfour_docrypt_iov
 };
-
diff --git a/src/lib/crypto/openssl/hash_provider/hash_crc32.c b/src/lib/crypto/openssl/hash_provider/hash_crc32.c
index a3d3028e8..771a7d6f3 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_crc32.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_crc32.c
@@ -34,7 +34,7 @@ k5_crc32_hash(unsigned int icount, const krb5_data *input,
 {
     unsigned long c, cn;
     unsigned int i;
-    
+
     if (output->length != CRC32_CKSUM_LENGTH)
 	return(KRB5_CRYPTO_INTERNAL);
 
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c
index 3a4a4d530..916da0fa5 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_md4.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_md4.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c
index 10840d0d9..e1e29f06e 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_md5.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_md5.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/openssl/hash_provider/hash_provider.h b/src/lib/crypto/openssl/hash_provider/hash_provider.h
index 4fa46097d..1023d1a45 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_provider.h
+++ b/src/lib/crypto/openssl/hash_provider/hash_provider.h
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c
index d217086e6..18ee830f6 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_sha1.c
@@ -1,14 +1,14 @@
 /* lib/crypto/openssl/hash/yhash.h
  *
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -19,7 +19,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -58,4 +58,3 @@ const struct krb5_hash_provider krb5int_hash_sha1 = {
     SHS_DATASIZE,
     k5_sha1_hash
 };
-
diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
index 0f374d80f..b1768e0e9 100644
--- a/src/lib/crypto/openssl/hmac.c
+++ b/src/lib/crypto/openssl/hmac.c
@@ -85,7 +85,7 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
 		      const krb5_keyblock *key, unsigned int icount,
 		      const krb5_data *input, krb5_data *output)
 {
-    unsigned int i = 0, md_len = 0; 
+    unsigned int i = 0, md_len = 0;
     unsigned char md[EVP_MAX_MD_SIZE];
     HMAC_CTX c;
     size_t hashsize, blocksize;
diff --git a/src/lib/crypto/openssl/md4/md4.c b/src/lib/crypto/openssl/md4/md4.c
index f38900fb5..cd7684d66 100644
--- a/src/lib/crypto/openssl/md4/md4.c
+++ b/src/lib/crypto/openssl/md4/md4.c
@@ -48,4 +48,3 @@ krb5int_MD4Final (krb5_MD4_CTX *mdContext)
     EVP_DigestFinal_ex(&mdContext->ossl_md4_ctx, mdContext->digest , NULL);
     EVP_MD_CTX_cleanup(&mdContext->ossl_md4_ctx );
 }
-
diff --git a/src/lib/crypto/openssl/md4/rsa-md4.h b/src/lib/crypto/openssl/md4/rsa-md4.h
index ec4e0458f..93737e68b 100644
--- a/src/lib/crypto/openssl/md4/rsa-md4.h
+++ b/src/lib/crypto/openssl/md4/rsa-md4.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * RSA MD4 header file, with Kerberos/STDC additions.
  */
diff --git a/src/lib/crypto/openssl/md5/md5.c b/src/lib/crypto/openssl/md5/md5.c
index 472acc34d..84c6d4919 100644
--- a/src/lib/crypto/openssl/md5/md5.c
+++ b/src/lib/crypto/openssl/md5/md5.c
@@ -31,7 +31,7 @@
 /* The routine krb5int_MD5Init initializes the message-digest context
    mdContext. All fields are set to zero.
  */
-void 
+void
 krb5int_MD5Init (krb5_MD5_CTX *mdContext)
 {
     EVP_MD_CTX_init(&mdContext->ossl_md5_ctx);
@@ -57,4 +57,3 @@ krb5int_MD5Final (krb5_MD5_CTX *mdContext)
     EVP_DigestFinal_ex(&mdContext->ossl_md5_ctx, mdContext->digest, NULL);
     EVP_MD_CTX_cleanup(&mdContext->ossl_md5_ctx);
 }
-
diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c
index b80f5015a..2681739a5 100644
--- a/src/lib/crypto/openssl/pbkdf2.c
+++ b/src/lib/crypto/openssl/pbkdf2.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Implementation of PBKDF2 from RFC 2898.
  * Not currently used; likely to be used when we get around to AES support.
@@ -42,12 +42,11 @@ krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
 			  const krb5_data *pass, const krb5_data *salt)
 {
 /*
- * This is an implementation of PKCS#5 v2.0 
+ * This is an implementation of PKCS#5 v2.0
  * Does not return an error
  */
    PKCS5_PBKDF2_HMAC_SHA1(pass->data, pass->length,
                            (unsigned char *)salt->data, salt->length, count,
                            out->length, (unsigned char *)out->data);
-    return 0; 
+    return 0;
 }
-
diff --git a/src/lib/crypto/openssl/sha1/shs.c b/src/lib/crypto/openssl/sha1/shs.c
index 5dcf4b9a0..98eeef39a 100644
--- a/src/lib/crypto/openssl/sha1/shs.c
+++ b/src/lib/crypto/openssl/sha1/shs.c
@@ -57,5 +57,3 @@ void shsFinal(SHS_INFO *shsInfo)
     EVP_DigestFinal_ex(&shsInfo->ossl_sha1_ctx ,(unsigned char *)shsInfo->digestBuf , &shsInfo->digestLen);
     EVP_MD_CTX_cleanup(&shsInfo->ossl_sha1_ctx );
 }
-
-
diff --git a/src/lib/crypto/openssl/yhash.h b/src/lib/crypto/openssl/yhash.h
index 94c557c64..95fee18c9 100644
--- a/src/lib/crypto/openssl/yhash.h
+++ b/src/lib/crypto/openssl/yhash.h
@@ -22,9 +22,8 @@
   HASH_CTX  *ctx = (x); \
   shsFinal(ctx); \
   memcpy(out2, ctx->digestBuf, ctx->digestLen); \
-  } while(0) 
+  } while(0)
 
 #define HASH_DIGEST_SIZE SHS_DIGESTSIZE
 
 #endif /* YHASH_H */
-
diff --git a/src/lib/glue4.c b/src/lib/glue4.c
index bf9bbd8a0..7b8095304 100644
--- a/src/lib/glue4.c
+++ b/src/lib/glue4.c
@@ -14,6 +14,6 @@ krb5_data string_list2[3] = {
 };
 
 krb5_data *princ2[] = {&string_list2[0], &string_list2[1], &string_list2[2], 0};
-				   
+
 krb5_last_req_entry lrentries[] = { {32000, 1}, {0, 3}, {10, 2} };
 krb5_last_req_entry *lrfoo1[] = {&lrentries[0], &lrentries[1], &lrentries[2], 0};
diff --git a/src/lib/gssapi/generic/gssapi_generic.c b/src/lib/gssapi/generic/gssapi_generic.c
index 14724619a..8b1e4def4 100644
--- a/src/lib/gssapi/generic/gssapi_generic.c
+++ b/src/lib/gssapi/generic/gssapi_generic.c
@@ -152,4 +152,3 @@ GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME         = oids+6;
 gss_OID gss_nt_exported_name                    = oids+6;
 
 GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY   = oids+7;
-
diff --git a/src/lib/gssapi/generic/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c
index 8390e7ba0..bda3a5ab5 100644
--- a/src/lib/gssapi/generic/oid_ops.c
+++ b/src/lib/gssapi/generic/oid_ops.c
@@ -444,7 +444,7 @@ generic_gss_oid_compose(
     i = -1;
     while (suffix) {
 	op[i] = (unsigned char)suffix & 0x7f;
-	if (i != -1) 
+	if (i != -1)
 	    op[i] |= 0x80;
 	i--;
 	suffix >>= 7;
@@ -566,4 +566,3 @@ done:
 
     return (major);
 }
-
diff --git a/src/lib/gssapi/generic/util_buffer_set.c b/src/lib/gssapi/generic/util_buffer_set.c
index edb61b80f..41875c9eb 100644
--- a/src/lib/gssapi/generic/util_buffer_set.c
+++ b/src/lib/gssapi/generic/util_buffer_set.c
@@ -123,4 +123,3 @@ OM_uint32 generic_gss_release_buffer_set
 
     return GSS_S_COMPLETE;
 }
-
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index ef80116ad..2c5ca9a66 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -766,4 +766,3 @@ gss_krb5int_set_cred_rcache(OM_uint32 *minor_status,
    *minor_status = 0;
    return GSS_S_COMPLETE;
 }
-
diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c
index eaf1c4d02..5cec4b927 100644
--- a/src/lib/gssapi/krb5/inq_context.c
+++ b/src/lib/gssapi/krb5/inq_context.c
@@ -300,4 +300,3 @@ gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *minor_status,
 
     return generic_gss_add_buffer_set_member(minor_status, &rep, data_set);
 }
-
diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c
index 034550122..f9bf03016 100644
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -416,4 +416,3 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
 
     return GSS_S_COMPLETE;
 }
-
diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c
index 14b9b006d..4e7247e42 100644
--- a/src/lib/gssapi/krb5/naming_exts.c
+++ b/src/lib/gssapi/krb5/naming_exts.c
@@ -719,4 +719,3 @@ krb5_gss_display_name_ext(OM_uint32 *minor_status,
 {
 }
 #endif
-
diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c
index cae45039c..866159f04 100644
--- a/src/lib/gssapi/krb5/s4u_gss_glue.c
+++ b/src/lib/gssapi/krb5/s4u_gss_glue.c
@@ -365,4 +365,3 @@ cleanup:
 
     return major_status;
 }
-
diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c
index d84e2eecf..7bdcb344b 100644
--- a/src/lib/gssapi/krb5/seal.c
+++ b/src/lib/gssapi/krb5/seal.c
@@ -79,4 +79,3 @@ krb5_gss_wrap_iov_length(OM_uint32 *minor_status,
                                       qop_req, conf_state, iov, iov_count);
     return major_status;
 }
-
diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c
index 5366effc1..4b612a241 100644
--- a/src/lib/gssapi/krb5/unseal.c
+++ b/src/lib/gssapi/krb5/unseal.c
@@ -64,4 +64,3 @@ krb5_gss_unwrap_iov(OM_uint32 *minor_status,
 
     return major_status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c
index dc4391593..b4b152551 100644
--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -144,9 +144,9 @@ gss_cred_id_t *		d_cred;
      * underlying mechanism context handle. Otherwise, cast the
      * value of *context_handle to the union context variable.
      */
-    
+
     if(*context_handle == GSS_C_NO_CONTEXT) {
-	
+
 	if (input_token_buffer == GSS_C_NO_BUFFER)
 	    return (GSS_S_CALL_INACCESSIBLE_READ);
 
@@ -177,20 +177,20 @@ gss_cred_id_t *		d_cred;
 	union_ctx_id = (gss_union_ctx_id_t)*context_handle;
 	token_mech_type = union_ctx_id->mech_type;
     }
-    
-    /* 
+
+    /*
      * get the appropriate cred handle from the union cred struct.
      * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will
      * use the default credential.
      */
     union_cred = (gss_union_cred_t) verifier_cred_handle;
     input_cred_handle = gssint_get_mechanism_cred(union_cred, token_mech_type);
-    
+
     /*
      * now select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     mech = gssint_get_mechanism (token_mech_type);
     if (mech && mech->gss_accept_sec_context) {
 
@@ -209,7 +209,7 @@ gss_cred_id_t *		d_cred;
 	    /* If there's more work to do, keep going... */
 	    if (status == GSS_S_CONTINUE_NEEDED)
 		return GSS_S_CONTINUE_NEEDED;
-	    
+
 	    /* if the call failed, return with failure */
 	    if (status != GSS_S_COMPLETE) {
 		map_error(minor_status, mech);
@@ -344,7 +344,7 @@ gss_cred_id_t *		d_cred;
 
 	status = GSS_S_BAD_MECH;
     }
-    
+
 error_out:
     if (union_ctx_id) {
 	if (union_ctx_id->mech_type) {
@@ -369,4 +369,3 @@ error_out:
     return (status);
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/gssapi/mechglue/g_buffer_set.c b/src/lib/gssapi/mechglue/g_buffer_set.c
index 1b2621c6b..38d744dc1 100644
--- a/src/lib/gssapi/mechglue/g_buffer_set.c
+++ b/src/lib/gssapi/mechglue/g_buffer_set.c
@@ -54,4 +54,3 @@ OM_uint32 KRB5_CALLCONV gss_release_buffer_set
 {
     return generic_gss_release_buffer_set(minor_status, buffer_set);
 }
-
diff --git a/src/lib/gssapi/mechglue/g_compare_name.c b/src/lib/gssapi/mechglue/g_compare_name.c
index 153e9b615..af2e76bbd 100644
--- a/src/lib/gssapi/mechglue/g_compare_name.c
+++ b/src/lib/gssapi/mechglue/g_compare_name.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -74,7 +74,7 @@ int *			name_equal;
     gss_union_name_t	union_name1, union_name2;
     gss_mechanism	mech = NULL;
     gss_name_t		internal_name;
-    
+
     major_status = val_comp_name_args(minor_status,
 				      name1, name2, name_equal);
     if (major_status != GSS_S_COMPLETE)
@@ -102,7 +102,7 @@ int *			name_equal;
 	if (!mech->gss_compare_name)
 			return (GSS_S_UNAVAILABLE);
     }
-	
+
     *name_equal = 0;		/* Default to *not* equal.... */
 
     /*
@@ -129,7 +129,7 @@ int *			name_equal;
 
     /*
      * Second case... both names are NOT mechanism specific.
-     * 
+     *
      * All we do here is make sure the two name_types are equal and then
      * that the external_names are equal. Note the we do not take care
      * of the case where two different external names map to the same
@@ -176,7 +176,7 @@ int *			name_equal;
 
     /*
      * Final case... one name is mechanism specific, the other isn't.
-     * 
+     *
      * We attempt to convert the general name to the mechanism type of
      * the mechanism-specific name, and then do the compare.  If we
      * can't import the general name, then we return that the name is
@@ -206,5 +206,5 @@ int *			name_equal;
     gssint_release_internal_name(&temp_minor, union_name1->mech_type,
 				&internal_name);
     return (major_status);
-    
+
 }
diff --git a/src/lib/gssapi/mechglue/g_context_time.c b/src/lib/gssapi/mechglue/g_context_time.c
index 4293b078e..2ff8d0996 100644
--- a/src/lib/gssapi/mechglue/g_context_time.c
+++ b/src/lib/gssapi/mechglue/g_context_time.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -56,10 +56,10 @@ OM_uint32 *		time_rec;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
-    
+
     if (mech) {
 
 	if (mech->gss_context_time) {
@@ -74,6 +74,6 @@ OM_uint32 *		time_rec;
 
 	return(status);
     }
-    
+
     return (GSS_S_BAD_MECH);
 }
diff --git a/src/lib/gssapi/mechglue/g_del_name_attr.c b/src/lib/gssapi/mechglue/g_del_name_attr.c
index 4c5064217..b72ee3b51 100644
--- a/src/lib/gssapi/mechglue/g_del_name_attr.c
+++ b/src/lib/gssapi/mechglue/g_del_name_attr.c
@@ -67,4 +67,3 @@ gss_delete_name_attribute(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c
index 2fcd3c2d1..4bf0dec5c 100644
--- a/src/lib/gssapi/mechglue/g_delete_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -61,7 +61,7 @@ val_del_sec_ctx_args(
 }
 
 
-OM_uint32 KRB5_CALLCONV 
+OM_uint32 KRB5_CALLCONV
 gss_delete_sec_context (minor_status,
                         context_handle,
                         output_token)
@@ -82,11 +82,11 @@ gss_buffer_t		output_token;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) *context_handle;
     if (GSSINT_CHK_LOOP(ctx))
 	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
-   
+
     status = gssint_delete_internal_sec_context(minor_status,
 						ctx->mech_type,
 						&ctx->internal_ctx_id,
diff --git a/src/lib/gssapi/mechglue/g_dsp_status.c b/src/lib/gssapi/mechglue/g_dsp_status.c
index 49b79e15d..435726609 100644
--- a/src/lib/gssapi/mechglue/g_dsp_status.c
+++ b/src/lib/gssapi/mechglue/g_dsp_status.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c
index f2ee5a5b7..03a6f2b7e 100644
--- a/src/lib/gssapi/mechglue/g_exp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -93,14 +93,14 @@ gss_buffer_t		interprocess_token;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) *context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
     if (!mech)
 	return GSS_S_BAD_MECH;
     if (!mech->gss_export_sec_context)
 	return (GSS_S_UNAVAILABLE);
-    
+
     status = mech->gss_export_sec_context(minor_status,
 					  &ctx->internal_ctx_id, &token);
     if (status != GSS_S_COMPLETE) {
@@ -133,7 +133,7 @@ gss_buffer_t		interprocess_token;
     free(ctx->mech_type);
     free(ctx);
     *context_handle = 0;
-    
+
     return(GSS_S_COMPLETE);
 }
 #endif /*LEAN_CLIENT */
diff --git a/src/lib/gssapi/mechglue/g_export_name.c b/src/lib/gssapi/mechglue/g_export_name.c
index d9545b798..c845f8caf 100644
--- a/src/lib/gssapi/mechglue/g_export_name.c
+++ b/src/lib/gssapi/mechglue/g_export_name.c
@@ -56,4 +56,3 @@ gss_buffer_t		exported_name;
 	return gssint_export_internal_name(minor_status, union_name->mech_type,
 					union_name->mech_name, exported_name);
 }
-
diff --git a/src/lib/gssapi/mechglue/g_export_name_comp.c b/src/lib/gssapi/mechglue/g_export_name_comp.c
index 24eaf247e..ab538a095 100644
--- a/src/lib/gssapi/mechglue/g_export_name_comp.c
+++ b/src/lib/gssapi/mechglue/g_export_name_comp.c
@@ -70,4 +70,3 @@ gss_export_name_composite(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_get_name_attr.c b/src/lib/gssapi/mechglue/g_get_name_attr.c
index 66238f0aa..fcd9558dd 100644
--- a/src/lib/gssapi/mechglue/g_get_name_attr.c
+++ b/src/lib/gssapi/mechglue/g_get_name_attr.c
@@ -86,4 +86,3 @@ gss_get_name_attribute(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c
index 711c58fd8..3de298cb5 100644
--- a/src/lib/gssapi/mechglue/g_glue.c
+++ b/src/lib/gssapi/mechglue/g_glue.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -190,7 +190,7 @@ OM_uint32 gssint_get_mech_type_oid(OID, token)
 {
     unsigned char * buffer_ptr;
     int length;
-    
+
     /*
      * This routine reads the prefix of "token" in order to determine
      * its mechanism type. It assumes the encoding suggested in
@@ -213,15 +213,15 @@ OM_uint32 gssint_get_mech_type_oid(OID, token)
      *
      * The routine fills in the OID value and returns an error as necessary.
      */
-    
+
 	if (OID == NULL)
 		return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
 	if ((token == NULL) || (token->value == NULL))
 	return (GSS_S_DEFECTIVE_TOKEN);
-    
+
     /* Skip past the APP/Sequnce byte and the token length */
-    
+
     buffer_ptr = (unsigned char *) token->value;
 
     if (*(buffer_ptr++) != 0x60)
@@ -237,10 +237,10 @@ OM_uint32 gssint_get_mech_type_oid(OID, token)
 	    return (GSS_S_DEFECTIVE_TOKEN);
 	buffer_ptr += length & 0x7f;
     }
-    
+
     if (*(buffer_ptr++) != 0x06)
 	return (GSS_S_DEFECTIVE_TOKEN);
-    
+
     OID->length = (OM_uint32) *(buffer_ptr++);
     OID->elements = (void *) buffer_ptr;
     return (GSS_S_COMPLETE);
@@ -329,7 +329,7 @@ import_internal_name_composite(OM_uint32 *minor_status,
 }
 #endif
 
-OM_uint32 gssint_import_internal_name (minor_status, mech_type, union_name, 
+OM_uint32 gssint_import_internal_name (minor_status, mech_type, union_name,
 				internal_name)
 OM_uint32	*minor_status;
 gss_OID		mech_type;
@@ -487,7 +487,7 @@ OM_uint32 gssint_export_internal_name(minor_status, mech_type,
     return (GSS_S_COMPLETE);
 } /*  gssint_export_internal_name */
 
-OM_uint32 gssint_display_internal_name (minor_status, mech_type, internal_name, 
+OM_uint32 gssint_display_internal_name (minor_status, mech_type, internal_name,
 				 external_name, name_type)
 OM_uint32	*minor_status;
 gss_OID		mech_type;
@@ -609,7 +609,7 @@ OM_uint32 gssint_convert_name_to_union_name(minor_status, mech,
 	    major_status = GSS_S_FAILURE;
 	    goto allocation_failure;
     }
-	
+
     major_status = mech->gss_display_name(minor_status,
 					  internal_name,
 					  union_name->external_name,
@@ -710,4 +710,3 @@ gssint_create_copy_buffer(srcBuf, destBuf, addNullChar)
 
     return (GSS_S_COMPLETE);
 } /* ****** gssint_create_copy_buffer  ****** */
-
diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c
index 6137b9825..e5179e7c9 100644
--- a/src/lib/gssapi/mechglue/g_imp_name.c
+++ b/src/lib/gssapi/mechglue/g_imp_name.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -364,4 +364,3 @@ importExportName(minor, unionName)
     }
     return major;
 } /* importExportName */
-
diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c
index 7aa1165b0..7679c92de 100644
--- a/src/lib/gssapi/mechglue/g_imp_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -132,7 +132,7 @@ gss_ctx_id_t *		context_handle;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     mech = gssint_get_mechanism (ctx->mech_type);
     if (!mech) {
 	status = GSS_S_BAD_MECH;
@@ -142,7 +142,7 @@ gss_ctx_id_t *		context_handle;
 	status = GSS_S_UNAVAILABLE;
 	goto error_out;
     }
-    
+
     status = mech->gss_import_sec_context(minor_status,
 					  &token, &ctx->internal_ctx_id);
 
@@ -152,7 +152,7 @@ gss_ctx_id_t *		context_handle;
 	return (GSS_S_COMPLETE);
     }
     map_error(minor_status, mech);
-    
+
 error_out:
     if (ctx) {
 	if (ctx->mech_type) {
diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
index 10c8bf971..21bc345e6 100644
--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -140,7 +140,7 @@ OM_uint32 *		time_rec;
 	mech_type = (gss_OID)req_mech_type;
 
     union_name = (gss_union_name_t)target_name;
-    
+
     /*
      * obtain the gss mechanism information for the requested
      * mechanism.  If mech_type is NULL, set it to the resultant
@@ -177,7 +177,7 @@ OM_uint32 *		time_rec;
      * underlying mechanism context handle. Otherwise, cast the
      * value of *context_handle to the union context variable.
      */
-    
+
     if(*context_handle == GSS_C_NO_CONTEXT) {
 	status = GSS_S_FAILURE;
 	union_ctx_id = (gss_union_ctx_id_t)
@@ -195,19 +195,19 @@ OM_uint32 *		time_rec;
 	union_ctx_id->internal_ctx_id = GSS_C_NO_CONTEXT;
     } else
 	union_ctx_id = *context_handle;
-    
-    /* 
+
+    /*
      * get the appropriate cred handle from the union cred struct.
      * defaults to GSS_C_NO_CREDENTIAL if there is no cred, which will
      * use the default credential.
      */
     union_cred = (gss_union_cred_t) claimant_cred_handle;
     input_cred_handle = gssint_get_mechanism_cred(union_cred, mech_type);
-    
+
     /*
-     * now call the approprate underlying mechanism routine 
+     * now call the approprate underlying mechanism routine
      */
-    
+
     status = mech->gss_init_sec_context(
 	minor_status,
 	input_cred_handle,
diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index 41aa6821b..3929f761b 100644
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -567,9 +567,9 @@ updateMechList(void)
 {
 	char *fileName;
 	struct stat fileInfo;
-  
+
 	fileName = MECH_CONF;
-  
+
 	/* check if mechList needs updating */
 	if (stat(fileName, &fileInfo) == 0 &&
 		(fileInfo.st_mtime > g_confFileModTime)) {
diff --git a/src/lib/gssapi/mechglue/g_inq_context.c b/src/lib/gssapi/mechglue/g_inq_context.c
index 013b1768b..fbb4127d8 100644
--- a/src/lib/gssapi/mechglue/g_inq_context.c
+++ b/src/lib/gssapi/mechglue/g_inq_context.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -101,10 +101,10 @@ gss_inquire_context(
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
-    
+
     if (!mech || !mech->gss_inquire_context || !mech->gss_display_name ||
 	!mech->gss_release_name) {
 	return (GSS_S_UNAVAILABLE);
@@ -157,4 +157,3 @@ gss_inquire_context(
 	*mech_type = &mech->mech_type;
     return(GSS_S_COMPLETE);
 }
-
diff --git a/src/lib/gssapi/mechglue/g_inq_context_oid.c b/src/lib/gssapi/mechglue/g_inq_context_oid.c
index 379ec419c..469aa7080 100644
--- a/src/lib/gssapi/mechglue/g_inq_context_oid.c
+++ b/src/lib/gssapi/mechglue/g_inq_context_oid.c
@@ -69,4 +69,3 @@ gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
 
     return GSS_S_BAD_MECH;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c
index a14424399..bce6e5b79 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -85,7 +85,7 @@ gss_OID_set *		mechanisms;
 
 	if (!mech->gss_inquire_cred)
 	    return (GSS_S_UNAVAILABLE);
-	
+
 	status = mech->gss_inquire_cred(minor_status,
 					GSS_C_NO_CREDENTIAL,
 					name ? &internal_name : NULL,
@@ -115,33 +115,33 @@ gss_OID_set *		mechanisms;
 	    }
 	}
 	return(GSS_S_COMPLETE);
-    } 
-	
+    }
+
     /* get the cred_handle cast as a union_credentials structure */
-	
+
     union_cred = (gss_union_cred_t) cred_handle;
-    
+
     /*
      * get the information out of the union_cred structure that was
      * placed there during gss_acquire_cred.
      */
-    
+
     if(cred_usage != NULL)
 	*cred_usage = union_cred->auxinfo.cred_usage;
-    
+
     if(lifetime != NULL) {
 	elapsed_time = time(0) - union_cred->auxinfo.creation_time;
 	*lifetime = union_cred->auxinfo.time_rec < elapsed_time ? 0 :
 	union_cred->auxinfo.time_rec - elapsed_time;
     }
-    
+
     /*
      * if name is non_null,
      * call gss_import_name(), giving it the printable name held within
      * union_cred in order to get an internal name to pass back to the
      * caller. If this call fails, return failure to our caller.
      */
-    
+
     if(name != NULL) {
 	if (union_cred->auxinfo.name.length == 0) {
 	    *name = GSS_C_NO_NAME;
@@ -161,7 +161,7 @@ gss_OID_set *		mechanisms;
      * copy the mechanism set in union_cred into an OID set and return in
      * the mechanisms parameter.
      */
-    
+
     if(mechanisms != NULL) {
 	status = GSS_S_FAILURE;
 	*mechanisms = (gss_OID_set) malloc(sizeof(gss_OID_set_desc));
@@ -189,7 +189,7 @@ gss_OID_set *		mechanisms;
 	    (*mechanisms)->count++;
 	}
     }
-    
+
     return(GSS_S_COMPLETE);
 
 error:
@@ -239,7 +239,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
 	return (GSS_S_BAD_MECH);
     if (!mech->gss_inquire_cred_by_mech)
 	return (GSS_S_BAD_BINDINGS);
-     
+
     union_cred = (gss_union_cred_t) cred_handle;
     mech_cred = gssint_get_mechanism_cred(union_cred, mech_type);
 
@@ -253,7 +253,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
 					    name ? &internal_name : NULL,
 					    initiator_lifetime,
 					    acceptor_lifetime, cred_usage);
-	
+
     if (status != GSS_S_COMPLETE) {
 	map_error(minor_status, mech);
 	return (status);
@@ -275,4 +275,3 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name,
 
     return (GSS_S_COMPLETE);
 }
-
diff --git a/src/lib/gssapi/mechglue/g_inq_cred_oid.c b/src/lib/gssapi/mechglue/g_inq_cred_oid.c
index c2cc27d33..288c08044 100644
--- a/src/lib/gssapi/mechglue/g_inq_cred_oid.c
+++ b/src/lib/gssapi/mechglue/g_inq_cred_oid.c
@@ -53,7 +53,7 @@ static OM_uint32 append_to_buffer_set(OM_uint32 *minor_status,
 
     status = GSS_S_COMPLETE;
 
-    for (i = 0; i < src->count; i++) { 
+    for (i = 0; i < src->count; i++) {
 	status = gss_add_buffer_set_member(minor_status,
 					   &src->elements[i],
 					   dst);
@@ -61,7 +61,7 @@ static OM_uint32 append_to_buffer_set(OM_uint32 *minor_status,
 	    break;
     }
 
-    return status; 
+    return status;
 }
 
 OM_uint32 KRB5_CALLCONV
@@ -121,7 +121,7 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status,
 	    break;
 	}
 
-	status = append_to_buffer_set(minor_status, &union_set, ret_set);	
+	status = append_to_buffer_set(minor_status, &union_set, ret_set);
 	gss_release_buffer_set(&minor, &ret_set);
 	if (status != GSS_S_COMPLETE)
 	    break;
@@ -134,4 +134,3 @@ gss_inquire_cred_by_oid(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_inq_name.c b/src/lib/gssapi/mechglue/g_inq_name.c
index 260ef20c6..b2681ead9 100644
--- a/src/lib/gssapi/mechglue/g_inq_name.c
+++ b/src/lib/gssapi/mechglue/g_inq_name.c
@@ -98,4 +98,3 @@ gss_inquire_name(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c
index 597ab9919..d70dc407b 100644
--- a/src/lib/gssapi/mechglue/g_inq_names.c
+++ b/src/lib/gssapi/mechglue/g_inq_names.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -62,9 +62,9 @@ gss_OID_set *	name_types;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     mech = gssint_get_mechanism (mechanism);
-    
+
     if (mech) {
 
 	if (mech->gss_inquire_names_for_mech) {
@@ -79,7 +79,7 @@ gss_OID_set *	name_types;
 
 	return(status);
     }
-    
+
     return (GSS_S_BAD_MECH);
 }
 
diff --git a/src/lib/gssapi/mechglue/g_map_name_to_any.c b/src/lib/gssapi/mechglue/g_map_name_to_any.c
index b0fa2be64..3ed19e3c4 100644
--- a/src/lib/gssapi/mechglue/g_map_name_to_any.c
+++ b/src/lib/gssapi/mechglue/g_map_name_to_any.c
@@ -77,4 +77,3 @@ gss_map_name_to_any(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_mech_invoke.c b/src/lib/gssapi/mechglue/g_mech_invoke.c
index d753347d1..0b8019f92 100644
--- a/src/lib/gssapi/mechglue/g_mech_invoke.c
+++ b/src/lib/gssapi/mechglue/g_mech_invoke.c
@@ -67,4 +67,3 @@ gssspi_mech_invoke (OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_mechname.c b/src/lib/gssapi/mechglue/g_mechname.c
index 9ade23456..cfb0a0d2a 100644
--- a/src/lib/gssapi/mechglue/g_mechname.c
+++ b/src/lib/gssapi/mechglue/g_mechname.c
@@ -84,7 +84,7 @@ gss_add_mech_name_type(minor_status, name_type, mech)
     }
     p->name_type = 0;
     p->mech = 0;
-    
+
     major_status = generic_gss_copy_oid(minor_status, name_type,
 					&p->name_type);
     if (major_status) {
@@ -103,7 +103,7 @@ gss_add_mech_name_type(minor_status, name_type, mech)
     name_list = p;
 
     return GSS_S_COMPLETE;
-    
+
 allocation_failure:
     if (p) {
 	if (p->mech)
@@ -114,4 +114,3 @@ allocation_failure:
     }
     return GSS_S_FAILURE;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_oid_ops.c b/src/lib/gssapi/mechglue/g_oid_ops.c
index bd195239c..a68aca9ed 100644
--- a/src/lib/gssapi/mechglue/g_oid_ops.c
+++ b/src/lib/gssapi/mechglue/g_oid_ops.c
@@ -108,4 +108,3 @@ gssint_copy_oid_set(
 {
     return generic_gss_copy_oid_set(minor_status, oidset, new_oidset);
 }
-
diff --git a/src/lib/gssapi/mechglue/g_process_context.c b/src/lib/gssapi/mechglue/g_process_context.c
index 9ed350c02..bc260aeb1 100644
--- a/src/lib/gssapi/mechglue/g_process_context.c
+++ b/src/lib/gssapi/mechglue/g_process_context.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -41,7 +41,7 @@ gss_buffer_t		token_buffer;
     OM_uint32		status;
     gss_union_ctx_id_t	ctx;
     gss_mechanism	mech;
-    
+
     if (minor_status == NULL)
 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
     *minor_status = 0;
@@ -59,7 +59,7 @@ gss_buffer_t		token_buffer;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
 
@@ -77,6 +77,6 @@ gss_buffer_t		token_buffer;
 
 	return(status);
     }
-    
+
     return (GSS_S_BAD_MECH);
 }
diff --git a/src/lib/gssapi/mechglue/g_rel_buffer.c b/src/lib/gssapi/mechglue/g_rel_buffer.c
index 6f8367a1d..c1104fd8a 100644
--- a/src/lib/gssapi/mechglue/g_rel_buffer.c
+++ b/src/lib/gssapi/mechglue/g_rel_buffer.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/lib/gssapi/mechglue/g_rel_cred.c b/src/lib/gssapi/mechglue/g_rel_cred.c
index df208a0df..2e9a0c75b 100644
--- a/src/lib/gssapi/mechglue/g_rel_cred.c
+++ b/src/lib/gssapi/mechglue/g_rel_cred.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -44,7 +44,7 @@ gss_cred_id_t *		cred_handle;
     int			j;
     gss_union_cred_t	union_cred;
     gss_mechanism	mech;
-    
+
     if (minor_status == NULL)
 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
@@ -52,13 +52,13 @@ gss_cred_id_t *		cred_handle;
 
     if (cred_handle == NULL)
 	return (GSS_S_NO_CRED | GSS_S_CALL_INACCESSIBLE_READ);
-    
+
     /*
-     * Loop through the union_cred struct, selecting the approprate 
+     * Loop through the union_cred struct, selecting the approprate
      * underlying mechanism routine and calling it. At the end,
      * release all of the storage taken by the union_cred struct.
      */
-    
+
     union_cred = (gss_union_cred_t) *cred_handle;
     if (union_cred == (gss_union_cred_t)GSS_C_NO_CREDENTIAL)
 	return (GSS_S_COMPLETE);
@@ -68,7 +68,7 @@ gss_cred_id_t *		cred_handle;
     *cred_handle = NULL;
 
     status = GSS_S_COMPLETE;
-    
+
     for(j=0; j < union_cred->count; j++) {
 
 	mech = gssint_get_mechanism (&union_cred->mechs_array[j]);
@@ -97,6 +97,6 @@ gss_cred_id_t *		cred_handle;
     free(union_cred->cred_array);
     free(union_cred->mechs_array);
     free(union_cred);
-    
+
     return(status);
 }
diff --git a/src/lib/gssapi/mechglue/g_rel_name.c b/src/lib/gssapi/mechglue/g_rel_name.c
index 84d1af839..e8ac6c34a 100644
--- a/src/lib/gssapi/mechglue/g_rel_name.c
+++ b/src/lib/gssapi/mechglue/g_rel_name.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -42,11 +42,11 @@ gss_name_t *		input_name;
 
 {
     gss_union_name_t	union_name;
-    
+
     if (minor_status == NULL)
 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
     *minor_status = 0;
-    
+
     /* if input_name is NULL, return error */
     if (input_name == NULL)
 	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
@@ -58,7 +58,7 @@ gss_name_t *		input_name;
      * free up the space for the external_name and then
      * free the union_name descriptor
      */
-    
+
     union_name = (gss_union_name_t) *input_name;
     if (GSSINT_CHK_LOOP(union_name))
 	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME);
diff --git a/src/lib/gssapi/mechglue/g_rel_name_mapping.c b/src/lib/gssapi/mechglue/g_rel_name_mapping.c
index b9159a115..9420ae80d 100644
--- a/src/lib/gssapi/mechglue/g_rel_name_mapping.c
+++ b/src/lib/gssapi/mechglue/g_rel_name_mapping.c
@@ -75,4 +75,3 @@ gss_release_any_name_mapping(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_rel_oid_set.c b/src/lib/gssapi/mechglue/g_rel_oid_set.c
index 84c6ce6c9..fa008d6bb 100644
--- a/src/lib/gssapi/mechglue/g_rel_oid_set.c
+++ b/src/lib/gssapi/mechglue/g_rel_oid_set.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/lib/gssapi/mechglue/g_seal.c b/src/lib/gssapi/mechglue/g_seal.c
index 9faa5ddb0..acb4c3651 100644
--- a/src/lib/gssapi/mechglue/g_seal.c
+++ b/src/lib/gssapi/mechglue/g_seal.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -100,10 +100,10 @@ gss_buffer_t		output_message_buffer;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
-    
+
     if (mech) {
 	if (mech->gss_wrap) {
 	    status = mech->gss_wrap(
@@ -133,7 +133,7 @@ gss_buffer_t		output_message_buffer;
 	return(status);
     }
  /* EXPORT DELETE END */
- 
+
     return (GSS_S_BAD_MECH);
 }
 
@@ -236,7 +236,7 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
     if (minor_status == NULL)
 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
     *minor_status = 0;
-    
+
     if (context_handle == GSS_C_NO_CONTEXT)
 	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
 
@@ -247,7 +247,7 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
 
diff --git a/src/lib/gssapi/mechglue/g_set_context_option.c b/src/lib/gssapi/mechglue/g_set_context_option.c
index 2f4ba36ae..6a666dcd5 100644
--- a/src/lib/gssapi/mechglue/g_set_context_option.c
+++ b/src/lib/gssapi/mechglue/g_set_context_option.c
@@ -108,4 +108,3 @@ gss_set_sec_context_option (OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_set_cred_option.c b/src/lib/gssapi/mechglue/g_set_cred_option.c
index bac8c5b50..fc8ed4c76 100644
--- a/src/lib/gssapi/mechglue/g_set_cred_option.c
+++ b/src/lib/gssapi/mechglue/g_set_cred_option.c
@@ -82,4 +82,3 @@ gssspi_set_cred_option(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_set_name_attr.c b/src/lib/gssapi/mechglue/g_set_name_attr.c
index 14df2319d..1ec72fc27 100644
--- a/src/lib/gssapi/mechglue/g_set_name_attr.c
+++ b/src/lib/gssapi/mechglue/g_set_name_attr.c
@@ -71,4 +71,3 @@ gss_set_name_attribute(OM_uint32 *minor_status,
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c
index eec0f49b4..86d641aa2 100644
--- a/src/lib/gssapi/mechglue/g_sign.c
+++ b/src/lib/gssapi/mechglue/g_sign.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -132,4 +132,3 @@ gss_buffer_t		msg_token;
 	return (gss_get_mic(minor_status, context_handle, (gss_qop_t) qop_req,
 			    message_buffer, msg_token));
 }
-
diff --git a/src/lib/gssapi/mechglue/g_unseal.c b/src/lib/gssapi/mechglue/g_unseal.c
index c6b33506b..3e8053c6e 100644
--- a/src/lib/gssapi/mechglue/g_unseal.c
+++ b/src/lib/gssapi/mechglue/g_unseal.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/lib/gssapi/mechglue/g_unwrap_aead.c b/src/lib/gssapi/mechglue/g_unwrap_aead.c
index 7dcc27701..8be6d6ab1 100644
--- a/src/lib/gssapi/mechglue/g_unwrap_aead.c
+++ b/src/lib/gssapi/mechglue/g_unwrap_aead.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -149,7 +149,7 @@ gssint_unwrap_aead (gss_mechanism mech,
     } else
 	status = GSS_S_UNAVAILABLE;
  /* EXPORT DELETE END */
-	
+
     return (status);
 }
 
@@ -187,7 +187,7 @@ gss_qop_t		*qop_state;
      */
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
-    
+
     if (!mech)
 	return (GSS_S_BAD_MECH);
 
@@ -195,4 +195,3 @@ gss_qop_t		*qop_state;
 			      input_message_buffer, input_assoc_buffer,
 			      output_payload_buffer, conf_state, qop_state);
 }
-
diff --git a/src/lib/gssapi/mechglue/g_unwrap_iov.c b/src/lib/gssapi/mechglue/g_unwrap_iov.c
index ebef1a70a..aad9c7695 100644
--- a/src/lib/gssapi/mechglue/g_unwrap_iov.c
+++ b/src/lib/gssapi/mechglue/g_unwrap_iov.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -87,10 +87,10 @@ int			iov_count;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
-    
+
     if (mech) {
 	if (mech->gss_unwrap_iov) {
 	    status = mech->gss_unwrap_iov(
@@ -104,11 +104,10 @@ int			iov_count;
 		map_error(minor_status, mech);
 	} else
 	    status = GSS_S_UNAVAILABLE;
-	
+
 	return(status);
     }
  /* EXPORT DELETE END */
- 
+
     return (GSS_S_BAD_MECH);
 }
-
diff --git a/src/lib/gssapi/mechglue/g_userok.c b/src/lib/gssapi/mechglue/g_userok.c
index 90fa90335..dbb0f02ec 100644
--- a/src/lib/gssapi/mechglue/g_userok.c
+++ b/src/lib/gssapi/mechglue/g_userok.c
@@ -111,4 +111,3 @@ gssint_userok(OM_uint32 *minor,
 
 	return (major);
 } /* gss_userok */
-
diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c
index da3279cc7..1578ae111 100644
--- a/src/lib/gssapi/mechglue/g_verify.c
+++ b/src/lib/gssapi/mechglue/g_verify.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c
index ff170e237..7c059b469 100644
--- a/src/lib/gssapi/mechglue/g_wrap_aead.c
+++ b/src/lib/gssapi/mechglue/g_wrap_aead.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -219,7 +219,7 @@ gssint_wrap_aead (gss_mechanism mech,
 
  /* EXPORT DELETE END */
 
-    return status; 
+    return status;
 }
 
 OM_uint32 KRB5_CALLCONV
@@ -264,4 +264,4 @@ gss_buffer_t		output_message_buffer;
 			    conf_req_flag, qop_req,
 			    input_assoc_buffer, input_payload_buffer,
 			    conf_state, output_message_buffer);
-} 
+}
diff --git a/src/lib/gssapi/mechglue/g_wrap_iov.c b/src/lib/gssapi/mechglue/g_wrap_iov.c
index 8d054b259..9586c587e 100644
--- a/src/lib/gssapi/mechglue/g_wrap_iov.c
+++ b/src/lib/gssapi/mechglue/g_wrap_iov.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -91,10 +91,10 @@ int			iov_count;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
-    
+
     if (mech) {
 	if (mech->gss_wrap_iov) {
 	    status = mech->gss_wrap_iov(
@@ -109,11 +109,11 @@ int			iov_count;
 		map_error(minor_status, mech);
 	} else
 	    status = GSS_S_UNAVAILABLE;
-	
+
 	return(status);
     }
  /* EXPORT DELETE END */
- 
+
     return (GSS_S_BAD_MECH);
 }
 
@@ -149,10 +149,10 @@ int			iov_count;
      * select the approprate underlying mechanism routine and
      * call it.
      */
-    
+
     ctx = (gss_union_ctx_id_t) context_handle;
     mech = gssint_get_mechanism (ctx->mech_type);
-    
+
     if (mech) {
 	if (mech->gss_wrap_iov_length) {
 	    status = mech->gss_wrap_iov_length(
@@ -167,11 +167,11 @@ int			iov_count;
 		map_error(minor_status, mech);
 	} else
 	    status = GSS_S_UNAVAILABLE;
-	
+
 	return(status);
     }
  /* EXPORT DELETE END */
- 
+
     return (GSS_S_BAD_MECH);
 }
 
@@ -204,4 +204,3 @@ int			iov_count;
 
     return status;
 }
-
diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
index c310f1630..8b8277f75 100644
--- a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
+++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -26,7 +26,7 @@
  *  glue routines that test the mech id either passed in to
  *  gss_init_sec_contex() or gss_accept_sec_context() or within the glue
  *  routine supported version of the security context and then call
- *  the appropriate underlying mechanism library procedure. 
+ *  the appropriate underlying mechanism library procedure.
  *
  */
 
@@ -64,4 +64,3 @@ uid_t * uid;
 
     return(status);
 }
-
diff --git a/src/lib/gssapi/mechglue/mechglue.h b/src/lib/gssapi/mechglue/mechglue.h
index 7f3334aec..85983694a 100644
--- a/src/lib/gssapi/mechglue/mechglue.h
+++ b/src/lib/gssapi/mechglue/mechglue.h
@@ -2,7 +2,7 @@
 
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -12,7 +12,7 @@
  * without specific, written prior permission. Sun Microsystems makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h
index 177db62cc..f35ac1447 100644
--- a/src/lib/gssapi/mechglue/mglueP.h
+++ b/src/lib/gssapi/mechglue/mglueP.h
@@ -114,9 +114,9 @@ OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token);
  *
  * This contants all of the functions defined in gssapi.h except for
  * gss_release_buffer() and gss_release_oid_set(), which I am
- * assuming, for now, to be equal across mechanisms.  
+ * assuming, for now, to be equal across mechanisms.
  */
- 
+
 typedef struct gss_config {
     gss_OID_desc    mech_type;
     void *	    context;
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 999a5e3e8..2aa8ad5dd 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -216,7 +216,7 @@ static struct gss_config spnego_mechanism =
 #ifndef LEAN_CLIENT
 	spnego_gss_accept_sec_context,
 #else
-	NULL,				
+	NULL,
 #endif  /* LEAN_CLIENT */
 	NULL,				/* gss_process_context_token */
 	spnego_gss_delete_sec_context,	/* gss_delete_sec_context */
@@ -2571,7 +2571,7 @@ get_available_mechs(OM_uint32 *minor_status,
 	 */
 	if (found > 0 && major_status == GSS_S_COMPLETE && creds != NULL) {
 		major_status = gss_acquire_cred(minor_status,
-						name, GSS_C_INDEFINITE, 
+						name, GSS_C_INDEFINITE,
 						*rmechs, usage, creds,
 						&goodmechs, NULL);
 
@@ -3704,9 +3704,9 @@ is_kerb_mech(gss_OID oid)
 	int answer = 0;
 	OM_uint32 minor;
 	extern const gss_OID_set_desc * const gss_mech_set_krb5_both;
-	
+
 	(void) gss_test_oid_set_member(&minor,
 		oid, (gss_OID_set)gss_mech_set_krb5_both, &answer);
-	
+
 	return (answer);
 }
diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
index 5105c5e45..4196a19e2 100644
--- a/src/lib/kadm5/admin.h
+++ b/src/lib/kadm5/admin.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kadm5/admin.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
@@ -42,18 +43,18 @@
 #ifndef __KADM5_ADMIN_H__
 #define __KADM5_ADMIN_H__
 
-#include	<sys/types.h>
-#include	<gssrpc/rpc.h>
-#include	<krb5.h>
-#include	<kdb.h>
-#include	<com_err.h>
-#include	<kadm5/kadm_err.h>
-#include	<kadm5/chpass_util_strings.h>
+#include        <sys/types.h>
+#include        <gssrpc/rpc.h>
+#include        <krb5.h>
+#include        <kdb.h>
+#include        <com_err.h>
+#include        <kadm5/kadm_err.h>
+#include        <kadm5/chpass_util_strings.h>
 
 #ifndef KADM5INT_BEGIN_DECLS
 #if defined(__cplusplus)
-#define KADM5INT_BEGIN_DECLS	extern "C" {
-#define KADM5INT_END_DECLS	}
+#define KADM5INT_BEGIN_DECLS    extern "C" {
+#define KADM5INT_END_DECLS      }
 #else
 #define KADM5INT_BEGIN_DECLS
 #define KADM5INT_END_DECLS
@@ -62,210 +63,210 @@
 
 KADM5INT_BEGIN_DECLS
 
-#define KADM5_ADMIN_SERVICE	"kadmin/admin"
-#define KADM5_CHANGEPW_SERVICE	"kadmin/changepw"
-#define KADM5_HIST_PRINCIPAL	"kadmin/history"
+#define KADM5_ADMIN_SERVICE     "kadmin/admin"
+#define KADM5_CHANGEPW_SERVICE  "kadmin/changepw"
+#define KADM5_HIST_PRINCIPAL    "kadmin/history"
 #define KADM5_KIPROP_HOST_SERVICE "kiprop"
 
-typedef krb5_principal	kadm5_princ_t;
-typedef	char		*kadm5_policy_t;
-typedef long		kadm5_ret_t;
+typedef krb5_principal  kadm5_princ_t;
+typedef char            *kadm5_policy_t;
+typedef long            kadm5_ret_t;
 
-#define KADM5_PW_FIRST_PROMPT \
-	(error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
-#define KADM5_PW_SECOND_PROMPT \
-	(error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
+#define KADM5_PW_FIRST_PROMPT                           \
+    (error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
+#define KADM5_PW_SECOND_PROMPT                                  \
+    (error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
 
 /*
  * Successful return code
  */
-#define KADM5_OK	0
+#define KADM5_OK        0
 
 /*
  * Field masks
  */
 
 /* kadm5_principal_ent_t */
-#define KADM5_PRINCIPAL		0x000001
-#define KADM5_PRINC_EXPIRE_TIME	0x000002
-#define KADM5_PW_EXPIRATION	0x000004
-#define KADM5_LAST_PWD_CHANGE	0x000008
-#define KADM5_ATTRIBUTES	0x000010
-#define KADM5_MAX_LIFE		0x000020
-#define KADM5_MOD_TIME		0x000040
-#define KADM5_MOD_NAME		0x000080
-#define KADM5_KVNO		0x000100
-#define KADM5_MKVNO		0x000200
-#define KADM5_AUX_ATTRIBUTES	0x000400
-#define KADM5_POLICY		0x000800
-#define KADM5_POLICY_CLR	0x001000
+#define KADM5_PRINCIPAL         0x000001
+#define KADM5_PRINC_EXPIRE_TIME 0x000002
+#define KADM5_PW_EXPIRATION     0x000004
+#define KADM5_LAST_PWD_CHANGE   0x000008
+#define KADM5_ATTRIBUTES        0x000010
+#define KADM5_MAX_LIFE          0x000020
+#define KADM5_MOD_TIME          0x000040
+#define KADM5_MOD_NAME          0x000080
+#define KADM5_KVNO              0x000100
+#define KADM5_MKVNO             0x000200
+#define KADM5_AUX_ATTRIBUTES    0x000400
+#define KADM5_POLICY            0x000800
+#define KADM5_POLICY_CLR        0x001000
 /* version 2 masks */
-#define KADM5_MAX_RLIFE		0x002000
-#define KADM5_LAST_SUCCESS	0x004000
-#define KADM5_LAST_FAILED	0x008000
-#define KADM5_FAIL_AUTH_COUNT	0x010000
-#define KADM5_KEY_DATA		0x020000
-#define KADM5_TL_DATA		0x040000
+#define KADM5_MAX_RLIFE         0x002000
+#define KADM5_LAST_SUCCESS      0x004000
+#define KADM5_LAST_FAILED       0x008000
+#define KADM5_FAIL_AUTH_COUNT   0x010000
+#define KADM5_KEY_DATA          0x020000
+#define KADM5_TL_DATA           0x040000
 #ifdef notyet /* Novell */
 #define KADM5_CPW_FUNCTION      0x080000
 #define KADM5_RANDKEY_USED      0x100000
 #endif
-#define KADM5_LOAD		0x200000
+#define KADM5_LOAD              0x200000
 
 /* all but KEY_DATA, TL_DATA, LOAD */
 #define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff
 
 
 /* kadm5_policy_ent_t */
-#define KADM5_PW_MAX_LIFE	0x004000
-#define KADM5_PW_MIN_LIFE	0x008000
-#define KADM5_PW_MIN_LENGTH	0x010000
-#define KADM5_PW_MIN_CLASSES	0x020000
-#define KADM5_PW_HISTORY_NUM	0x040000
-#define KADM5_REF_COUNT		0x080000
-#define KADM5_PW_MAX_FAILURE		0x100000
-#define KADM5_PW_FAILURE_COUNT_INTERVAL	0x200000
-#define KADM5_PW_LOCKOUT_DURATION	0x400000
+#define KADM5_PW_MAX_LIFE       0x004000
+#define KADM5_PW_MIN_LIFE       0x008000
+#define KADM5_PW_MIN_LENGTH     0x010000
+#define KADM5_PW_MIN_CLASSES    0x020000
+#define KADM5_PW_HISTORY_NUM    0x040000
+#define KADM5_REF_COUNT         0x080000
+#define KADM5_PW_MAX_FAILURE            0x100000
+#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x200000
+#define KADM5_PW_LOCKOUT_DURATION       0x400000
 
 /* kadm5_config_params */
-#define KADM5_CONFIG_REALM		0x00000001
-#define KADM5_CONFIG_DBNAME		0x00000002
-#define KADM5_CONFIG_MKEY_NAME		0x00000004
-#define KADM5_CONFIG_MAX_LIFE		0x00000008
-#define KADM5_CONFIG_MAX_RLIFE		0x00000010
-#define KADM5_CONFIG_EXPIRATION		0x00000020
-#define KADM5_CONFIG_FLAGS		0x00000040
-#define KADM5_CONFIG_ADMIN_KEYTAB	0x00000080
-#define KADM5_CONFIG_STASH_FILE		0x00000100
-#define KADM5_CONFIG_ENCTYPE		0x00000200
-#define KADM5_CONFIG_ADBNAME		0x00000400
-#define KADM5_CONFIG_ADB_LOCKFILE	0x00000800
-/*#define KADM5_CONFIG_PROFILE		0x00001000*/
-#define KADM5_CONFIG_ACL_FILE		0x00002000
-#define KADM5_CONFIG_KADMIND_PORT	0x00004000
-#define KADM5_CONFIG_ENCTYPES		0x00008000
-#define KADM5_CONFIG_ADMIN_SERVER	0x00010000
-#define KADM5_CONFIG_DICT_FILE		0x00020000
-#define KADM5_CONFIG_MKEY_FROM_KBD	0x00040000
-#define KADM5_CONFIG_KPASSWD_PORT	0x00080000
-#define KADM5_CONFIG_OLD_AUTH_GSSAPI	0x00100000
-#define KADM5_CONFIG_NO_AUTH		0x00200000
-#define KADM5_CONFIG_AUTH_NOFALLBACK	0x00400000
+#define KADM5_CONFIG_REALM              0x00000001
+#define KADM5_CONFIG_DBNAME             0x00000002
+#define KADM5_CONFIG_MKEY_NAME          0x00000004
+#define KADM5_CONFIG_MAX_LIFE           0x00000008
+#define KADM5_CONFIG_MAX_RLIFE          0x00000010
+#define KADM5_CONFIG_EXPIRATION         0x00000020
+#define KADM5_CONFIG_FLAGS              0x00000040
+#define KADM5_CONFIG_ADMIN_KEYTAB       0x00000080
+#define KADM5_CONFIG_STASH_FILE         0x00000100
+#define KADM5_CONFIG_ENCTYPE            0x00000200
+#define KADM5_CONFIG_ADBNAME            0x00000400
+#define KADM5_CONFIG_ADB_LOCKFILE       0x00000800
+/*#define KADM5_CONFIG_PROFILE          0x00001000*/
+#define KADM5_CONFIG_ACL_FILE           0x00002000
+#define KADM5_CONFIG_KADMIND_PORT       0x00004000
+#define KADM5_CONFIG_ENCTYPES           0x00008000
+#define KADM5_CONFIG_ADMIN_SERVER       0x00010000
+#define KADM5_CONFIG_DICT_FILE          0x00020000
+#define KADM5_CONFIG_MKEY_FROM_KBD      0x00040000
+#define KADM5_CONFIG_KPASSWD_PORT       0x00080000
+#define KADM5_CONFIG_OLD_AUTH_GSSAPI    0x00100000
+#define KADM5_CONFIG_NO_AUTH            0x00200000
+#define KADM5_CONFIG_AUTH_NOFALLBACK    0x00400000
 #ifdef notyet /* Novell */
 #define KADM5_CONFIG_KPASSWD_SERVER     0x00800000
 #endif
-#define KADM5_CONFIG_IPROP_ENABLED	0x01000000
-#define KADM5_CONFIG_ULOG_SIZE		0x02000000
-#define KADM5_CONFIG_POLL_TIME		0x04000000
-#define KADM5_CONFIG_IPROP_LOGFILE	0x08000000
-#define KADM5_CONFIG_IPROP_PORT		0x10000000
-#define KADM5_CONFIG_KVNO		0x20000000
+#define KADM5_CONFIG_IPROP_ENABLED      0x01000000
+#define KADM5_CONFIG_ULOG_SIZE          0x02000000
+#define KADM5_CONFIG_POLL_TIME          0x04000000
+#define KADM5_CONFIG_IPROP_LOGFILE      0x08000000
+#define KADM5_CONFIG_IPROP_PORT         0x10000000
+#define KADM5_CONFIG_KVNO               0x20000000
 /*
  * permission bits
  */
-#define KADM5_PRIV_GET		0x01
-#define KADM5_PRIV_ADD		0x02
-#define KADM5_PRIV_MODIFY	0x04
-#define KADM5_PRIV_DELETE	0x08
+#define KADM5_PRIV_GET          0x01
+#define KADM5_PRIV_ADD          0x02
+#define KADM5_PRIV_MODIFY       0x04
+#define KADM5_PRIV_DELETE       0x08
 
 /*
  * API versioning constants
  */
-#define KADM5_MASK_BITS		0xffffff00
+#define KADM5_MASK_BITS         0xffffff00
 
-#define KADM5_STRUCT_VERSION_MASK	0x12345600
-#define KADM5_STRUCT_VERSION_1	(KADM5_STRUCT_VERSION_MASK|0x01)
-#define KADM5_STRUCT_VERSION	KADM5_STRUCT_VERSION_1
+#define KADM5_STRUCT_VERSION_MASK       0x12345600
+#define KADM5_STRUCT_VERSION_1  (KADM5_STRUCT_VERSION_MASK|0x01)
+#define KADM5_STRUCT_VERSION    KADM5_STRUCT_VERSION_1
 
-#define KADM5_API_VERSION_MASK	0x12345700
-#define KADM5_API_VERSION_2	(KADM5_API_VERSION_MASK|0x02)
-#define KADM5_API_VERSION_3	(KADM5_API_VERSION_MASK|0x03)
+#define KADM5_API_VERSION_MASK  0x12345700
+#define KADM5_API_VERSION_2     (KADM5_API_VERSION_MASK|0x02)
+#define KADM5_API_VERSION_3     (KADM5_API_VERSION_MASK|0x03)
 
 typedef struct _kadm5_principal_ent_t {
-	krb5_principal	principal;
-	krb5_timestamp	princ_expire_time;
-	krb5_timestamp	last_pwd_change;
-	krb5_timestamp	pw_expiration;
-	krb5_deltat	max_life;
-	krb5_principal	mod_name;
-	krb5_timestamp	mod_date;
-	krb5_flags	attributes;
-	krb5_kvno	kvno;
-	krb5_kvno	mkvno;
-	char		*policy;
-	long		aux_attributes;
-
-	/* version 2 fields */
-	krb5_deltat max_renewable_life;
-        krb5_timestamp last_success;
-        krb5_timestamp last_failed;
-        krb5_kvno fail_auth_count;
-	krb5_int16 n_key_data;
-	krb5_int16 n_tl_data;
-        krb5_tl_data *tl_data;
-	krb5_key_data *key_data;
+    krb5_principal  principal;
+    krb5_timestamp  princ_expire_time;
+    krb5_timestamp  last_pwd_change;
+    krb5_timestamp  pw_expiration;
+    krb5_deltat     max_life;
+    krb5_principal  mod_name;
+    krb5_timestamp  mod_date;
+    krb5_flags      attributes;
+    krb5_kvno       kvno;
+    krb5_kvno       mkvno;
+    char            *policy;
+    long            aux_attributes;
+
+    /* version 2 fields */
+    krb5_deltat max_renewable_life;
+    krb5_timestamp last_success;
+    krb5_timestamp last_failed;
+    krb5_kvno fail_auth_count;
+    krb5_int16 n_key_data;
+    krb5_int16 n_tl_data;
+    krb5_tl_data *tl_data;
+    krb5_key_data *key_data;
 } kadm5_principal_ent_rec, *kadm5_principal_ent_t;
 
 typedef struct _kadm5_policy_ent_t {
-	char		*policy;
-	long		pw_min_life;
-	long		pw_max_life;
-	long		pw_min_length;
-	long		pw_min_classes;
-	long		pw_history_num;
-	long		policy_refcnt;
-
-	/* version 3 fields */
-	krb5_kvno	pw_max_fail;
-	krb5_deltat	pw_failcnt_interval;
-	krb5_deltat	pw_lockout_duration;
+    char            *policy;
+    long            pw_min_life;
+    long            pw_max_life;
+    long            pw_min_length;
+    long            pw_min_classes;
+    long            pw_history_num;
+    long            policy_refcnt;
+
+    /* version 3 fields */
+    krb5_kvno       pw_max_fail;
+    krb5_deltat     pw_failcnt_interval;
+    krb5_deltat     pw_lockout_duration;
 } kadm5_policy_ent_rec, *kadm5_policy_ent_t;
 
 /*
  * Data structure returned by kadm5_get_config_params()
  */
 typedef struct _kadm5_config_params {
-     long		mask;
-     char *		realm;
-     int		kadmind_port;
-     int		kpasswd_port;
+    long               mask;
+    char *             realm;
+    int                kadmind_port;
+    int                kpasswd_port;
 
-     char *		admin_server;
+    char *             admin_server;
 #ifdef notyet /* Novell */ /* ABI change? */
-     char *		kpasswd_server;
+    char *             kpasswd_server;
 #endif
 
-     /* Deprecated except for db2 backwards compatibility.  Don't add
-	new uses except as fallbacks for parameters that should be
-	specified in the database module section of the config
-	file.  */
-     char *		dbname;
-
-     /* dummy fields to preserve abi for now */
-     char *		admin_dbname_was_here;
-     char *		admin_lockfile_was_here;
-
-     char *		admin_keytab;
-     char *		acl_file;
-     char *		dict_file;
-
-     int		mkey_from_kbd;
-     char *		stash_file;
-     char *		mkey_name;
-     krb5_enctype	enctype;
-     krb5_deltat	max_life;
-     krb5_deltat	max_rlife;
-     krb5_timestamp	expiration;
-     krb5_flags		flags;
-     krb5_key_salt_tuple *keysalts;
-     krb5_int32		num_keysalts;
-     krb5_kvno          kvno;
-    bool_t		iprop_enabled;
-    uint32_t		iprop_ulogsize;
-    krb5_deltat		iprop_poll_time;
-    char *		iprop_logfile;
-/*    char *		iprop_server;*/
-    int			iprop_port;
+    /* Deprecated except for db2 backwards compatibility.  Don't add
+       new uses except as fallbacks for parameters that should be
+       specified in the database module section of the config
+       file.  */
+    char *             dbname;
+
+    /* dummy fields to preserve abi for now */
+    char *             admin_dbname_was_here;
+    char *             admin_lockfile_was_here;
+
+    char *             admin_keytab;
+    char *             acl_file;
+    char *             dict_file;
+
+    int                mkey_from_kbd;
+    char *             stash_file;
+    char *             mkey_name;
+    krb5_enctype       enctype;
+    krb5_deltat        max_life;
+    krb5_deltat        max_rlife;
+    krb5_timestamp     expiration;
+    krb5_flags         flags;
+    krb5_key_salt_tuple *keysalts;
+    krb5_int32         num_keysalts;
+    krb5_kvno          kvno;
+    bool_t              iprop_enabled;
+    uint32_t            iprop_ulogsize;
+    krb5_deltat         iprop_poll_time;
+    char *              iprop_logfile;
+/*    char *            iprop_server;*/
+    int                 iprop_port;
 } kadm5_config_params;
 
 /***********************************************************************
@@ -278,31 +279,31 @@ typedef struct _kadm5_config_params {
  * Data structure returned by krb5_read_realm_params()
  */
 typedef struct __krb5_realm_params {
-    char *		realm_profile;
-    char *		realm_dbname;
-    char *		realm_mkey_name;
-    char *		realm_stash_file;
-    char *		realm_kdc_ports;
-    char *		realm_kdc_tcp_ports;
-    char *		realm_acl_file;
+    char *              realm_profile;
+    char *              realm_dbname;
+    char *              realm_mkey_name;
+    char *              realm_stash_file;
+    char *              realm_kdc_ports;
+    char *              realm_kdc_tcp_ports;
+    char *              realm_acl_file;
     char *              realm_host_based_services;
     char *              realm_no_host_referral;
-    krb5_int32		realm_kadmind_port;
-    krb5_enctype	realm_enctype;
-    krb5_deltat		realm_max_life;
-    krb5_deltat		realm_max_rlife;
-    krb5_timestamp	realm_expiration;
-    krb5_flags		realm_flags;
-    krb5_key_salt_tuple	*realm_keysalts;
-    unsigned int	realm_reject_bad_transit:1;
-    unsigned int	realm_kadmind_port_valid:1;
-    unsigned int	realm_enctype_valid:1;
-    unsigned int	realm_max_life_valid:1;
-    unsigned int	realm_max_rlife_valid:1;
-    unsigned int	realm_expiration_valid:1;
-    unsigned int	realm_flags_valid:1;
-    unsigned int	realm_reject_bad_transit_valid:1;
-    krb5_int32		realm_num_keysalts;
+    krb5_int32          realm_kadmind_port;
+    krb5_enctype        realm_enctype;
+    krb5_deltat         realm_max_life;
+    krb5_deltat         realm_max_rlife;
+    krb5_timestamp      realm_expiration;
+    krb5_flags          realm_flags;
+    krb5_key_salt_tuple *realm_keysalts;
+    unsigned int        realm_reject_bad_transit:1;
+    unsigned int        realm_kadmind_port_valid:1;
+    unsigned int        realm_enctype_valid:1;
+    unsigned int        realm_max_life_valid:1;
+    unsigned int        realm_max_rlife_valid:1;
+    unsigned int        realm_expiration_valid:1;
+    unsigned int        realm_flags_valid:1;
+    unsigned int        realm_reject_bad_transit_valid:1;
+    krb5_int32          realm_num_keysalts;
 } krb5_realm_params;
 
 /*
@@ -310,18 +311,18 @@ typedef struct __krb5_realm_params {
  */
 
 krb5_error_code kadm5_get_config_params(krb5_context context,
-					int use_kdc_config,
-					kadm5_config_params *params_in,
-					kadm5_config_params *params_out);
+                                        int use_kdc_config,
+                                        kadm5_config_params *params_in,
+                                        kadm5_config_params *params_out);
 
-krb5_error_code kadm5_free_config_params(krb5_context context, 
-					 kadm5_config_params *params);
+krb5_error_code kadm5_free_config_params(krb5_context context,
+                                         kadm5_config_params *params);
 
 krb5_error_code kadm5_free_realm_params(krb5_context kcontext,
-					kadm5_config_params *params);
+                                        kadm5_config_params *params);
 
 krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
-					     char *, size_t);
+                                             char *, size_t);
 
 /*
  * For all initialization functions, the caller must first initialize
@@ -331,109 +332,109 @@ krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
  */
 
 kadm5_ret_t    kadm5_init(krb5_context context, char *client_name,
-			  char *pass, char *service_name,
-			  kadm5_config_params *params,
-			  krb5_ui_4 struct_version,
-			  krb5_ui_4 api_version,
-			  char **db_args,
-			  void **server_handle);
+                          char *pass, char *service_name,
+                          kadm5_config_params *params,
+                          krb5_ui_4 struct_version,
+                          krb5_ui_4 api_version,
+                          char **db_args,
+                          void **server_handle);
 kadm5_ret_t    kadm5_init_with_password(krb5_context context,
-					char *client_name,
-					char *pass, 
-					char *service_name,
-					kadm5_config_params *params,
-					krb5_ui_4 struct_version,
-					krb5_ui_4 api_version,
-					char **db_args,
-					void **server_handle);
+                                        char *client_name,
+                                        char *pass,
+                                        char *service_name,
+                                        kadm5_config_params *params,
+                                        krb5_ui_4 struct_version,
+                                        krb5_ui_4 api_version,
+                                        char **db_args,
+                                        void **server_handle);
 kadm5_ret_t    kadm5_init_with_skey(krb5_context context,
-				    char *client_name,
-				    char *keytab,
-				    char *service_name,
-				    kadm5_config_params *params,
-				    krb5_ui_4 struct_version,
-				    krb5_ui_4 api_version,
-				    char **db_args,
-				    void **server_handle);
+                                    char *client_name,
+                                    char *keytab,
+                                    char *service_name,
+                                    kadm5_config_params *params,
+                                    krb5_ui_4 struct_version,
+                                    krb5_ui_4 api_version,
+                                    char **db_args,
+                                    void **server_handle);
 kadm5_ret_t    kadm5_init_with_creds(krb5_context context,
-				     char *client_name,
-				     krb5_ccache cc,
-				     char *service_name,
-				     kadm5_config_params *params,
-				     krb5_ui_4 struct_version,
-				     krb5_ui_4 api_version,
-				     char **db_args,
-				     void **server_handle);
+                                     char *client_name,
+                                     krb5_ccache cc,
+                                     char *service_name,
+                                     kadm5_config_params *params,
+                                     krb5_ui_4 struct_version,
+                                     krb5_ui_4 api_version,
+                                     char **db_args,
+                                     void **server_handle);
 kadm5_ret_t    kadm5_lock(void *server_handle);
 kadm5_ret_t    kadm5_unlock(void *server_handle);
 kadm5_ret_t    kadm5_flush(void *server_handle);
 kadm5_ret_t    kadm5_destroy(void *server_handle);
 kadm5_ret_t    kadm5_create_principal(void *server_handle,
-				      kadm5_principal_ent_t ent,
-				      long mask, char *pass);
+                                      kadm5_principal_ent_t ent,
+                                      long mask, char *pass);
 kadm5_ret_t    kadm5_create_principal_3(void *server_handle,
-					kadm5_principal_ent_t ent,
-					long mask,
-					int n_ks_tuple,
-					krb5_key_salt_tuple *ks_tuple,
-					char *pass);
+                                        kadm5_principal_ent_t ent,
+                                        long mask,
+                                        int n_ks_tuple,
+                                        krb5_key_salt_tuple *ks_tuple,
+                                        char *pass);
 kadm5_ret_t    kadm5_delete_principal(void *server_handle,
-				      krb5_principal principal);
+                                      krb5_principal principal);
 kadm5_ret_t    kadm5_modify_principal(void *server_handle,
-				      kadm5_principal_ent_t ent,
-				      long mask);
+                                      kadm5_principal_ent_t ent,
+                                      long mask);
 kadm5_ret_t    kadm5_rename_principal(void *server_handle,
-				      krb5_principal,krb5_principal);
+                                      krb5_principal,krb5_principal);
 kadm5_ret_t    kadm5_get_principal(void *server_handle,
-				   krb5_principal principal,
-				   kadm5_principal_ent_t ent,
-				   long mask);
+                                   krb5_principal principal,
+                                   kadm5_principal_ent_t ent,
+                                   long mask);
 kadm5_ret_t    kadm5_chpass_principal(void *server_handle,
-				      krb5_principal principal,
-				      char *pass);
+                                      krb5_principal principal,
+                                      char *pass);
 kadm5_ret_t    kadm5_chpass_principal_3(void *server_handle,
-					krb5_principal principal,
-					krb5_boolean keepold,
-					int n_ks_tuple,
-					krb5_key_salt_tuple *ks_tuple,
-					char *pass);
+                                        krb5_principal principal,
+                                        krb5_boolean keepold,
+                                        int n_ks_tuple,
+                                        krb5_key_salt_tuple *ks_tuple,
+                                        char *pass);
 kadm5_ret_t    kadm5_randkey_principal(void *server_handle,
-				       krb5_principal principal,
-				       krb5_keyblock **keyblocks,
-				       int *n_keys);
+                                       krb5_principal principal,
+                                       krb5_keyblock **keyblocks,
+                                       int *n_keys);
 kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
-					 krb5_principal principal,
-					 krb5_boolean keepold,
-					 int n_ks_tuple,
-					 krb5_key_salt_tuple *ks_tuple,
-					 krb5_keyblock **keyblocks,
-					 int *n_keys);
+                                         krb5_principal principal,
+                                         krb5_boolean keepold,
+                                         int n_ks_tuple,
+                                         krb5_key_salt_tuple *ks_tuple,
+                                         krb5_keyblock **keyblocks,
+                                         int *n_keys);
 kadm5_ret_t    kadm5_setv4key_principal(void *server_handle,
-					krb5_principal principal,
-					krb5_keyblock *keyblock);
+                                        krb5_principal principal,
+                                        krb5_keyblock *keyblock);
 
 kadm5_ret_t    kadm5_setkey_principal(void *server_handle,
-				      krb5_principal principal,
-				      krb5_keyblock *keyblocks,
-				      int n_keys);
+                                      krb5_principal principal,
+                                      krb5_keyblock *keyblocks,
+                                      int n_keys);
 
 kadm5_ret_t    kadm5_setkey_principal_3(void *server_handle,
-					krb5_principal principal,
-					krb5_boolean keepold,
-					int n_ks_tuple,
-					krb5_key_salt_tuple *ks_tuple,
-					krb5_keyblock *keyblocks,
-					int n_keys);
+                                        krb5_principal principal,
+                                        krb5_boolean keepold,
+                                        int n_ks_tuple,
+                                        krb5_key_salt_tuple *ks_tuple,
+                                        krb5_keyblock *keyblocks,
+                                        int n_keys);
 
 kadm5_ret_t    kadm5_decrypt_key(void *server_handle,
-				 kadm5_principal_ent_t entry, krb5_int32
-				 ktype, krb5_int32 stype, krb5_int32
-				 kvno, krb5_keyblock *keyblock,
-				 krb5_keysalt *keysalt, int *kvnop);
+                                 kadm5_principal_ent_t entry, krb5_int32
+                                 ktype, krb5_int32 stype, krb5_int32
+                                 kvno, krb5_keyblock *keyblock,
+                                 krb5_keysalt *keysalt, int *kvnop);
 
 kadm5_ret_t    kadm5_create_policy(void *server_handle,
-				   kadm5_policy_ent_t ent,
-				   long mask);
+                                   kadm5_policy_ent_t ent,
+                                   long mask);
 /*
  * kadm5_create_policy_internal is not part of the supported,
  * exposed API.  It is available only in the server library, and you
@@ -441,13 +442,13 @@ kadm5_ret_t    kadm5_create_policy(void *server_handle,
  * different from kadm5_create_policy.
  */
 kadm5_ret_t    kadm5_create_policy_internal(void *server_handle,
-					    kadm5_policy_ent_t
-					    entry, long mask);
+                                            kadm5_policy_ent_t
+                                            entry, long mask);
 kadm5_ret_t    kadm5_delete_policy(void *server_handle,
-				   kadm5_policy_t policy);
+                                   kadm5_policy_t policy);
 kadm5_ret_t    kadm5_modify_policy(void *server_handle,
-				   kadm5_policy_ent_t ent,
-				   long mask);
+                                   kadm5_policy_ent_t ent,
+                                   long mask);
 /*
  * kadm5_modify_policy_internal is not part of the supported,
  * exposed API.  It is available only in the server library, and you
@@ -455,41 +456,41 @@ kadm5_ret_t    kadm5_modify_policy(void *server_handle,
  * different from kadm5_modify_policy.
  */
 kadm5_ret_t    kadm5_modify_policy_internal(void *server_handle,
-					    kadm5_policy_ent_t
-					    entry, long mask);
+                                            kadm5_policy_ent_t
+                                            entry, long mask);
 kadm5_ret_t    kadm5_get_policy(void *server_handle,
-				kadm5_policy_t policy,
-				kadm5_policy_ent_t ent);
+                                kadm5_policy_t policy,
+                                kadm5_policy_ent_t ent);
 kadm5_ret_t    kadm5_get_privs(void *server_handle,
-			       long *privs);
+                               long *privs);
 
 kadm5_ret_t    kadm5_chpass_principal_util(void *server_handle,
-					   krb5_principal princ,
-					   char *new_pw, 
-					   char **ret_pw,
-					   char *msg_ret,
-					   unsigned int msg_len);
+                                           krb5_principal princ,
+                                           char *new_pw,
+                                           char **ret_pw,
+                                           char *msg_ret,
+                                           unsigned int msg_len);
 
 kadm5_ret_t    kadm5_free_principal_ent(void *server_handle,
-					kadm5_principal_ent_t
-					ent);
+                                        kadm5_principal_ent_t
+                                        ent);
 kadm5_ret_t    kadm5_free_policy_ent(void *server_handle,
-				     kadm5_policy_ent_t ent);
+                                     kadm5_policy_ent_t ent);
 
 kadm5_ret_t    kadm5_get_principals(void *server_handle,
-				    char *exp, char ***princs,
-				    int *count);
+                                    char *exp, char ***princs,
+                                    int *count);
 
 kadm5_ret_t    kadm5_get_policies(void *server_handle,
-				  char *exp, char ***pols,
-				  int *count);
+                                  char *exp, char ***pols,
+                                  int *count);
 
 kadm5_ret_t    kadm5_free_key_data(void *server_handle,
-				   krb5_int16 *n_key_data,
-				   krb5_key_data *key_data);
+                                   krb5_int16 *n_key_data,
+                                   krb5_key_data *key_data);
 
-kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names, 
-				    int count);
+kadm5_ret_t    kadm5_free_name_list(void *server_handle, char **names,
+                                    int count);
 
 krb5_error_code kadm5_init_krb5_context (krb5_context *);
 
@@ -501,9 +502,9 @@ krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args);
  * to the network protocol.
  */
 kadm5_ret_t    kadm5_get_principal_keys(void *server_handle,
-					krb5_principal principal,
-					krb5_keyblock **keyblocks,
-					int *n_keys);
+                                        krb5_principal principal,
+                                        krb5_keyblock **keyblocks,
+                                        int *n_keys);
 
 KADM5INT_END_DECLS
 
diff --git a/src/lib/kadm5/admin_internal.h b/src/lib/kadm5/admin_internal.h
index f08325c8b..dc21a65b3 100644
--- a/src/lib/kadm5/admin_internal.h
+++ b/src/lib/kadm5/admin_internal.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -8,32 +9,32 @@
 
 #include <kadm5/admin.h>
 
-#define KADM5_SERVER_HANDLE_MAGIC	0x12345800
+#define KADM5_SERVER_HANDLE_MAGIC       0x12345800
 
-#define GENERIC_CHECK_HANDLE(handle, old_api_version, new_api_version) \
-{ \
-	kadm5_server_handle_t srvr = \
-	     (kadm5_server_handle_t) handle; \
- \
-	if (! srvr) \
-		return KADM5_BAD_SERVER_HANDLE; \
-	if (srvr->magic_number != KADM5_SERVER_HANDLE_MAGIC) \
-		return KADM5_BAD_SERVER_HANDLE; \
-	if ((srvr->struct_version & KADM5_MASK_BITS) != \
-	    KADM5_STRUCT_VERSION_MASK) \
-		return KADM5_BAD_STRUCT_VERSION; \
-	if (srvr->struct_version < KADM5_STRUCT_VERSION_1) \
-		return KADM5_OLD_STRUCT_VERSION; \
-	if (srvr->struct_version > KADM5_STRUCT_VERSION_1) \
-		return KADM5_NEW_STRUCT_VERSION; \
-	if ((srvr->api_version & KADM5_MASK_BITS) != \
-	    KADM5_API_VERSION_MASK) \
-		return KADM5_BAD_API_VERSION; \
-	if (srvr->api_version < KADM5_API_VERSION_2) \
-		return old_api_version; \
-	if (srvr->api_version > KADM5_API_VERSION_3) \
-		return new_api_version; \
-}
+#define GENERIC_CHECK_HANDLE(handle, old_api_version, new_api_version)  \
+    {                                                                   \
+        kadm5_server_handle_t srvr =                                    \
+            (kadm5_server_handle_t) handle;                             \
+                                                                        \
+        if (! srvr)                                                     \
+            return KADM5_BAD_SERVER_HANDLE;                             \
+        if (srvr->magic_number != KADM5_SERVER_HANDLE_MAGIC)            \
+            return KADM5_BAD_SERVER_HANDLE;                             \
+        if ((srvr->struct_version & KADM5_MASK_BITS) !=                 \
+            KADM5_STRUCT_VERSION_MASK)                                  \
+            return KADM5_BAD_STRUCT_VERSION;                            \
+        if (srvr->struct_version < KADM5_STRUCT_VERSION_1)              \
+            return KADM5_OLD_STRUCT_VERSION;                            \
+        if (srvr->struct_version > KADM5_STRUCT_VERSION_1)              \
+            return KADM5_NEW_STRUCT_VERSION;                            \
+        if ((srvr->api_version & KADM5_MASK_BITS) !=                    \
+            KADM5_API_VERSION_MASK)                                     \
+            return KADM5_BAD_API_VERSION;                               \
+        if (srvr->api_version < KADM5_API_VERSION_2)                    \
+            return old_api_version;                                     \
+        if (srvr->api_version > KADM5_API_VERSION_3)                    \
+            return new_api_version;                                     \
+    }
 
 /*
  * _KADM5_CHECK_HANDLE calls the function _kadm5_check_handle and
@@ -53,28 +54,28 @@
  *
  * Got that?
  */
-#define _KADM5_CHECK_HANDLE(handle) \
-{ int ecode; if ((ecode = _kadm5_check_handle((void *)handle))) return ecode;}
+#define _KADM5_CHECK_HANDLE(handle)                                     \
+    { int ecode; if ((ecode = _kadm5_check_handle((void *)handle))) return ecode;}
 
 int         _kadm5_check_handle(void *handle);
 kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
-					 void *lhandle,
-					 krb5_principal princ,
-					 char *new_pw, 
-					 char **ret_pw,
-					 char *msg_ret,
-					 unsigned int msg_len);
+                                         void *lhandle,
+                                         krb5_principal princ,
+                                         char *new_pw,
+                                         char **ret_pw,
+                                         char *msg_ret,
+                                         unsigned int msg_len);
 
 /* this is needed by the alt_prof code I stole.  The functions
    maybe shouldn't be named krb5_*, but they are. */
 
 krb5_error_code
 krb5_string_to_keysalts(char *string, const char *tupleseps,
-			const char *ksaltseps, krb5_boolean dups,
-			krb5_key_salt_tuple **ksaltp, krb5_int32 *nksaltp);
+                        const char *ksaltseps, krb5_boolean dups,
+                        krb5_key_salt_tuple **ksaltp, krb5_int32 *nksaltp);
 
 krb5_error_code
 krb5_string_to_flags(char* string, const char* positive, const char* negative,
-		     krb5_flags *flagsp);
+                     krb5_flags *flagsp);
 
 #endif /* __KADM5_ADMIN_INTERNAL_H__ */
diff --git a/src/lib/kadm5/admin_xdr.h b/src/lib/kadm5/admin_xdr.h
index 05d1a7ea6..cff22e733 100644
--- a/src/lib/kadm5/admin_xdr.h
+++ b/src/lib/kadm5/admin_xdr.h
@@ -2,7 +2,7 @@
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
  * $Header$
- * 
+ *
  */
 
 #include    <kadm5/admin.h>
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index 55a850d62..5b967a0ce 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kadm/alt_prof.c
  *
@@ -41,15 +42,15 @@
 
 krb5_boolean krb5_match_config_pattern(const char *, const char*);
 static krb5_key_salt_tuple *copy_key_salt_tuple(ksalt, len)
-krb5_key_salt_tuple *ksalt;
-krb5_int32 len;
+    krb5_key_salt_tuple *ksalt;
+    krb5_int32 len;
 {
-    krb5_key_salt_tuple *knew;    
+    krb5_key_salt_tuple *knew;
 
     if((knew = (krb5_key_salt_tuple *)
-                malloc((len ) * sizeof(krb5_key_salt_tuple)))) {
-         memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple));
-         return knew;
+        malloc((len ) * sizeof(krb5_key_salt_tuple)))) {
+        memcpy(knew, ksalt, len * sizeof(krb5_key_salt_tuple));
+        return knew;
     }
     return 0;
 }
@@ -275,8 +276,8 @@ krb5_aprof_get_string(acontext, hierarchy, uselast, stringp)
 }
 
 /*
- * krb5_aprof_get_string_all()  - When the attr identified by "hierarchy" is specified multiple times, 
- *                                collect all its string values from the alternate  profile. 
+ * krb5_aprof_get_string_all()  - When the attr identified by "hierarchy" is specified multiple times,
+ *                                collect all its string values from the alternate  profile.
  *
  * Parameters:
  *        acontext                 - opaque context for alternate profile.
@@ -297,16 +298,16 @@ krb5_aprof_get_string_all(acontext, hierarchy, stringp)
     char                **values;
     int                 lastidx = 0;
     char                *tmp = NULL ;
-    size_t              buf_size = 0; 
+    size_t              buf_size = 0;
     kret = krb5_aprof_getvals(acontext, hierarchy, &values);
     if (!kret) {
         for (lastidx=0; values[lastidx]; lastidx++);
         lastidx--;
-         
+
         buf_size = strlen(values[0])+3;
         for (lastidx=1; values[lastidx]; lastidx++){
             buf_size += strlen(values[lastidx]) + 3;
-         }
+        }
     }
     if (buf_size > 0) {
         *stringp = calloc(1,buf_size);
@@ -319,12 +320,12 @@ krb5_aprof_get_string_all(acontext, hierarchy, stringp)
         for (lastidx=1; values[lastidx]; lastidx++){
             tmp = strcat(tmp, " ");
             tmp = strcat(tmp, values[lastidx]);
-         }
+        }
         /* Free the string storage */
         profile_free_list(values);
     }
     return(kret);
-} 
+}
 
 
 /*
@@ -510,9 +511,9 @@ get_deltat_param(krb5_deltat *param_out, krb5_deltat param_in,
  */
 krb5_error_code kadm5_get_config_params(context, use_kdc_config,
                                         params_in, params_out)
-   krb5_context               context;
-   int                        use_kdc_config;
-   kadm5_config_params        *params_in, *params_out;
+    krb5_context               context;
+    int                        use_kdc_config;
+    kadm5_config_params        *params_in, *params_out;
 {
     char                *filename;
     char                *envname;
@@ -531,15 +532,15 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     if (params_in == NULL) params_in = &empty_params;
 
     if (params_in->mask & KADM5_CONFIG_REALM) {
-         lrealm = params.realm = strdup(params_in->realm);
-         if (params.realm)
-              params.mask |= KADM5_CONFIG_REALM;
+        lrealm = params.realm = strdup(params_in->realm);
+        if (params.realm)
+            params.mask |= KADM5_CONFIG_REALM;
     } else {
-         kret = krb5_get_default_realm(context, &lrealm);
-         if (kret)
-              goto cleanup;
-         params.realm = lrealm;
-         params.mask |= KADM5_CONFIG_REALM;
+        kret = krb5_get_default_realm(context, &lrealm);
+        if (kret)
+            goto cleanup;
+        params.realm = lrealm;
+        params.mask |= KADM5_CONFIG_REALM;
     }
 
     if (params_in->mask & KADM5_CONFIG_KVNO) {
@@ -563,16 +564,16 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
 
     kret = krb5_aprof_init(filename, envname, &aprofile);
     if (kret)
-            goto cleanup;
-    
+        goto cleanup;
+
     /* Initialize realm parameters */
     hierarchy[0] = KRB5_CONF_REALMS;
     hierarchy[1] = lrealm;
     hierarchy[3] = (char *) NULL;
 
-#define GET_STRING_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \
-    get_string_param(&params.FIELD, params_in->FIELD,  \
-                     &params.mask, params_in->mask, BIT, \
+#define GET_STRING_PARAM(FIELD, BIT, CONFTAG, DEFAULT)          \
+    get_string_param(&params.FIELD, params_in->FIELD,           \
+                     &params.mask, params_in->mask, BIT,        \
                      aprofile, hierarchy, CONFTAG, DEFAULT)
 
     /* Get the value for the admin server */
@@ -580,13 +581,13 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
                      NULL);
 
     if (params.mask & KADM5_CONFIG_ADMIN_SERVER) {
-         char *p;
-         p = strchr(params.admin_server, ':');
-         if (p) {
-              params.kadmind_port = atoi(p+1);
-              params.mask |= KADM5_CONFIG_KADMIND_PORT;
-              *p = '\0';
-         }
+        char *p;
+        p = strchr(params.admin_server, ':');
+        if (p) {
+            params.kadmind_port = atoi(p+1);
+            params.mask |= KADM5_CONFIG_KADMIND_PORT;
+            *p = '\0';
+        }
     }
 
     /* Get the value for the database */
@@ -607,7 +608,7 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
         if (params.admin_keytab)
             params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
     }
-    
+
     /* Get the name of the acl file */
     GET_STRING_PARAM(acl_file, KADM5_CONFIG_ACL_FILE, KRB5_CONF_ACL_FILE,
                      DEFAULT_KADM5_ACL_FILE);
@@ -615,9 +616,9 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     /* Get the name of the dict file */
     GET_STRING_PARAM(dict_file, KADM5_CONFIG_DICT_FILE, KRB5_CONF_DICT_FILE, NULL);
 
-#define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \
-    get_port_param(&params.FIELD, params_in->FIELD,  \
-                   &params.mask, params_in->mask, BIT, \
+#define GET_PORT_PARAM(FIELD, BIT, CONFTAG, DEFAULT)            \
+    get_port_param(&params.FIELD, params_in->FIELD,             \
+                   &params.mask, params_in->mask, BIT,          \
                    aprofile, hierarchy, CONFTAG, DEFAULT)
     /* Get the value for the kadmind port */
     GET_PORT_PARAM(kadmind_port, KADM5_CONFIG_KADMIND_PORT,
@@ -634,33 +635,33 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     /* Get the value for the master key type */
     hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
     if (params_in->mask & KADM5_CONFIG_ENCTYPE) {
-         params.mask |= KADM5_CONFIG_ENCTYPE;
-         params.enctype = params_in->enctype;
+        params.mask |= KADM5_CONFIG_ENCTYPE;
+        params.enctype = params_in->enctype;
     } else if (aprofile &&
                !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
-         if (!krb5_string_to_enctype(svalue, &params.enctype)) {
-              params.mask |= KADM5_CONFIG_ENCTYPE;
-              free(svalue);
-         }
+        if (!krb5_string_to_enctype(svalue, &params.enctype)) {
+            params.mask |= KADM5_CONFIG_ENCTYPE;
+            free(svalue);
+        }
     } else {
-         params.mask |= KADM5_CONFIG_ENCTYPE;
-         params.enctype = DEFAULT_KDC_ENCTYPE;
+        params.mask |= KADM5_CONFIG_ENCTYPE;
+        params.enctype = DEFAULT_KDC_ENCTYPE;
     }
-    
+
     /* Get the value for mkey_from_kbd */
     if (params_in->mask & KADM5_CONFIG_MKEY_FROM_KBD) {
-         params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
-         params.mkey_from_kbd = params_in->mkey_from_kbd;
+        params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        params.mkey_from_kbd = params_in->mkey_from_kbd;
     }
-    
+
     /* Get the value for the stashfile */
     GET_STRING_PARAM(stash_file, KADM5_CONFIG_STASH_FILE,
                      KRB5_CONF_KEY_STASH_FILE, NULL);
 
     /* Get the value for maximum ticket lifetime. */
-#define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT) \
-    get_deltat_param(&params.FIELD, params_in->FIELD,  \
-                     &params.mask, params_in->mask, BIT, \
+#define GET_DELTAT_PARAM(FIELD, BIT, CONFTAG, DEFAULT)          \
+    get_deltat_param(&params.FIELD, params_in->FIELD,           \
+                     &params.mask, params_in->mask, BIT,        \
                      aprofile, hierarchy, CONFTAG, DEFAULT)
 
     GET_DELTAT_PARAM(max_life, KADM5_CONFIG_MAX_LIFE, KRB5_CONF_MAX_LIFE,
@@ -673,159 +674,159 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
     /* Get the value for the default principal expiration */
     hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION;
     if (params_in->mask & KADM5_CONFIG_EXPIRATION) {
-         params.mask |= KADM5_CONFIG_EXPIRATION;
-         params.expiration = params_in->expiration;
+        params.mask |= KADM5_CONFIG_EXPIRATION;
+        params.expiration = params_in->expiration;
     } else if (aprofile &&
                !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
-         if (!krb5_string_to_timestamp(svalue, &params.expiration)) {
-              params.mask |= KADM5_CONFIG_EXPIRATION;
-              free(svalue);
-         }
+        if (!krb5_string_to_timestamp(svalue, &params.expiration)) {
+            params.mask |= KADM5_CONFIG_EXPIRATION;
+            free(svalue);
+        }
     } else {
-         params.mask |= KADM5_CONFIG_EXPIRATION;
-         params.expiration = 0;
+        params.mask |= KADM5_CONFIG_EXPIRATION;
+        params.expiration = 0;
     }
-    
+
     /* Get the value for the default principal flags */
     hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_FLAGS;
     if (params_in->mask & KADM5_CONFIG_FLAGS) {
-         params.mask |= KADM5_CONFIG_FLAGS;
-         params.flags = params_in->flags;
+        params.mask |= KADM5_CONFIG_FLAGS;
+        params.flags = params_in->flags;
     } else if (aprofile &&
                !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
-         char *sp, *ep, *tp;
-         
-         sp = svalue;
-         params.flags = 0;
-         while (sp) {
-              if ((ep = strchr(sp, (int) ',')) ||
-                  (ep = strchr(sp, (int) ' ')) ||
-                  (ep = strchr(sp, (int) '\t'))) {
-                   /* Fill in trailing whitespace of sp */
-                   tp = ep - 1;
-                   while (isspace((int) *tp) && (tp > sp)) {
-                        *tp = '\0';
-                        tp--;
-                   }
-                   *ep = '\0';
-                   ep++;
-                   /* Skip over trailing whitespace of ep */
-                   while (isspace((int) *ep) && (*ep)) ep++;
-              }
-              /* Convert this flag */
-              if (krb5_string_to_flags(sp,
-                                       "+",
-                                       "-",
-                                       &params.flags))
-                   break;
-              sp = ep;
-         }
-         if (!sp)
-              params.mask |= KADM5_CONFIG_FLAGS;
-         free(svalue);
+        char *sp, *ep, *tp;
+
+        sp = svalue;
+        params.flags = 0;
+        while (sp) {
+            if ((ep = strchr(sp, (int) ',')) ||
+                (ep = strchr(sp, (int) ' ')) ||
+                (ep = strchr(sp, (int) '\t'))) {
+                /* Fill in trailing whitespace of sp */
+                tp = ep - 1;
+                while (isspace((int) *tp) && (tp > sp)) {
+                    *tp = '\0';
+                    tp--;
+                }
+                *ep = '\0';
+                ep++;
+                /* Skip over trailing whitespace of ep */
+                while (isspace((int) *ep) && (*ep)) ep++;
+            }
+            /* Convert this flag */
+            if (krb5_string_to_flags(sp,
+                                     "+",
+                                     "-",
+                                     &params.flags))
+                break;
+            sp = ep;
+        }
+        if (!sp)
+            params.mask |= KADM5_CONFIG_FLAGS;
+        free(svalue);
     } else {
-         params.mask |= KADM5_CONFIG_FLAGS;
-         params.flags = KRB5_KDB_DEF_FLAGS;
+        params.mask |= KADM5_CONFIG_FLAGS;
+        params.flags = KRB5_KDB_DEF_FLAGS;
     }
 
     /* Get the value for the supported enctype/salttype matrix */
     hierarchy[2] = KRB5_CONF_SUPPORTED_ENCTYPES;
     if (params_in->mask & KADM5_CONFIG_ENCTYPES) {
-         /* The following scenario is when the input keysalts are !NULL */
-         if(params_in->keysalts) {
-               params.keysalts = copy_key_salt_tuple(params_in->keysalts, 
-                                                     params_in->num_keysalts);
-               if(params.keysalts) {
-                 params.mask |= KADM5_CONFIG_ENCTYPES;
-                 params.num_keysalts = params_in->num_keysalts;
-               }
-         } else {
-                 params.mask |= KADM5_CONFIG_ENCTYPES;
-                 params.keysalts = 0;
-                 params.num_keysalts = params_in->num_keysalts;
-         }
+        /* The following scenario is when the input keysalts are !NULL */
+        if(params_in->keysalts) {
+            params.keysalts = copy_key_salt_tuple(params_in->keysalts,
+                                                  params_in->num_keysalts);
+            if(params.keysalts) {
+                params.mask |= KADM5_CONFIG_ENCTYPES;
+                params.num_keysalts = params_in->num_keysalts;
+            }
+        } else {
+            params.mask |= KADM5_CONFIG_ENCTYPES;
+            params.keysalts = 0;
+            params.num_keysalts = params_in->num_keysalts;
+        }
     } else {
-         svalue = NULL;
-         if (aprofile)
-              krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
-         if (svalue == NULL)
-             svalue = strdup(KRB5_DEFAULT_SUPPORTED_ENCTYPES);
-
-         params.keysalts = NULL;
-         params.num_keysalts = 0;
-         krb5_string_to_keysalts(svalue,
-                                 ", \t",/* Tuple separators */
-                                 ":.-",        /* Key/salt separators */
-                                 0,        /* No duplicates */
-                                 &params.keysalts,
-                                 &params.num_keysalts);
-         if (params.num_keysalts)
-              params.mask |= KADM5_CONFIG_ENCTYPES;
-
-         free(svalue);
+        svalue = NULL;
+        if (aprofile)
+            krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue);
+        if (svalue == NULL)
+            svalue = strdup(KRB5_DEFAULT_SUPPORTED_ENCTYPES);
+
+        params.keysalts = NULL;
+        params.num_keysalts = 0;
+        krb5_string_to_keysalts(svalue,
+                                ", \t",/* Tuple separators */
+                                ":.-",        /* Key/salt separators */
+                                0,        /* No duplicates */
+                                &params.keysalts,
+                                &params.num_keysalts);
+        if (params.num_keysalts)
+            params.mask |= KADM5_CONFIG_ENCTYPES;
+
+        free(svalue);
     }
-    
-        hierarchy[2] = KRB5_CONF_IPROP_ENABLE;
 
-        params.iprop_enabled = FALSE;
-        params.mask |= KADM5_CONFIG_IPROP_ENABLED;
+    hierarchy[2] = KRB5_CONF_IPROP_ENABLE;
 
-        if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) {
-                params.mask |= KADM5_CONFIG_IPROP_ENABLED;
-                params.iprop_enabled = params_in->iprop_enabled;
-        } else {
-                krb5_boolean bvalue;
-                if (aprofile &&
-                    !krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
-                    params.iprop_enabled = bvalue;
-                    params.mask |= KADM5_CONFIG_IPROP_ENABLED;
-                }
+    params.iprop_enabled = FALSE;
+    params.mask |= KADM5_CONFIG_IPROP_ENABLED;
+
+    if (params_in->mask & KADM5_CONFIG_IPROP_ENABLED) {
+        params.mask |= KADM5_CONFIG_IPROP_ENABLED;
+        params.iprop_enabled = params_in->iprop_enabled;
+    } else {
+        krb5_boolean bvalue;
+        if (aprofile &&
+            !krb5_aprof_get_boolean(aprofile, hierarchy, TRUE, &bvalue)) {
+            params.iprop_enabled = bvalue;
+            params.mask |= KADM5_CONFIG_IPROP_ENABLED;
         }
+    }
 
-        if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE,
-                              KRB5_CONF_IPROP_LOGFILE, NULL)) {
-            if (params.mask & KADM5_CONFIG_DBNAME) {
-                if (asprintf(&params.iprop_logfile, "%s.ulog", params.dbname) >= 0) {
-                    params.mask |= KADM5_CONFIG_IPROP_LOGFILE;
-                }
+    if (!GET_STRING_PARAM(iprop_logfile, KADM5_CONFIG_IPROP_LOGFILE,
+                          KRB5_CONF_IPROP_LOGFILE, NULL)) {
+        if (params.mask & KADM5_CONFIG_DBNAME) {
+            if (asprintf(&params.iprop_logfile, "%s.ulog", params.dbname) >= 0) {
+                params.mask |= KADM5_CONFIG_IPROP_LOGFILE;
             }
         }
+    }
 
-        GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT,
-                       KRB5_CONF_IPROP_PORT, 0);
+    GET_PORT_PARAM(iprop_port, KADM5_CONFIG_IPROP_PORT,
+                   KRB5_CONF_IPROP_PORT, 0);
 
-        hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
+    hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
 
-        params.iprop_ulogsize = DEF_ULOGENTRIES;
-        params.mask |= KADM5_CONFIG_ULOG_SIZE;
+    params.iprop_ulogsize = DEF_ULOGENTRIES;
+    params.mask |= KADM5_CONFIG_ULOG_SIZE;
 
-        if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) {
-                params.mask |= KADM5_CONFIG_ULOG_SIZE;
-                params.iprop_ulogsize = params_in->iprop_ulogsize;
-        } else {
-                if (aprofile && !krb5_aprof_get_int32(aprofile, hierarchy,
-                    TRUE, &ivalue)) {
-                        if (ivalue > MAX_ULOGENTRIES)
-                                params.iprop_ulogsize = MAX_ULOGENTRIES;
-                        else if (ivalue <= 0)
-                                params.iprop_ulogsize = DEF_ULOGENTRIES;
-                        else
-                                params.iprop_ulogsize = ivalue;
-                        params.mask |= KADM5_CONFIG_ULOG_SIZE;
-                }
+    if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) {
+        params.mask |= KADM5_CONFIG_ULOG_SIZE;
+        params.iprop_ulogsize = params_in->iprop_ulogsize;
+    } else {
+        if (aprofile && !krb5_aprof_get_int32(aprofile, hierarchy,
+                                              TRUE, &ivalue)) {
+            if (ivalue > MAX_ULOGENTRIES)
+                params.iprop_ulogsize = MAX_ULOGENTRIES;
+            else if (ivalue <= 0)
+                params.iprop_ulogsize = DEF_ULOGENTRIES;
+            else
+                params.iprop_ulogsize = ivalue;
+            params.mask |= KADM5_CONFIG_ULOG_SIZE;
         }
+    }
 
-        GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
-                         KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */
+    GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
+                     KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */
 
     *params_out = params;
-    
+
 cleanup:
     if (aprofile)
         krb5_aprof_finish(aprofile);
     if (kret) {
-         kadm5_free_config_params(context, &params);
-         params_out->mask = 0;
+        kadm5_free_config_params(context, &params);
+        params_out->mask = 0;
     }
     return(kret);
 }
@@ -922,7 +923,7 @@ krb5_read_realm_params(kcontext, realm, rparamp)
     char                *kdcenv = 0;
     char                *no_refrls = 0;
     char                *host_based_srvcs = 0;
-         
+
 
 
     krb5_error_code        kret;
@@ -944,7 +945,7 @@ krb5_read_realm_params(kcontext, realm, rparamp)
     kret = krb5_aprof_init(filename, envname, &aprofile);
     if (kret)
         goto cleanup;
-    
+
     rparams = (krb5_realm_params *) malloc(sizeof(krb5_realm_params));
     if (rparams == 0) {
         kret = ENOMEM;
@@ -961,7 +962,7 @@ krb5_read_realm_params(kcontext, realm, rparamp)
     hierarchy[3] = (char *) NULL;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_dbname = svalue;
-        
+
     /* Get the value for the KDC port list */
     hierarchy[2] = KRB5_CONF_KDC_PORTS;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
@@ -974,19 +975,19 @@ krb5_read_realm_params(kcontext, realm, rparamp)
     hierarchy[2] = KRB5_CONF_ACL_FILE;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_acl_file = svalue;
-            
+
     /* Get the value for the kadmind port */
     hierarchy[2] = KRB5_CONF_KADMIND_PORT;
     if (!krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
         rparams->realm_kadmind_port = ivalue;
         rparams->realm_kadmind_port_valid = 1;
     }
-            
+
     /* Get the value for the master key name */
     hierarchy[2] = KRB5_CONF_MASTER_KEY_NAME;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_mkey_name = svalue;
-            
+
     /* Get the value for the master key type */
     hierarchy[2] = KRB5_CONF_MASTER_KEY_TYPE;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
@@ -994,26 +995,26 @@ krb5_read_realm_params(kcontext, realm, rparamp)
             rparams->realm_enctype_valid = 1;
         free(svalue);
     }
-            
+
     /* Get the value for the stashfile */
     hierarchy[2] = KRB5_CONF_KEY_STASH_FILE;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue))
         rparams->realm_stash_file = svalue;
-            
+
     /* Get the value for maximum ticket lifetime. */
     hierarchy[2] = KRB5_CONF_MAX_LIFE;
     if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
         rparams->realm_max_life = dtvalue;
         rparams->realm_max_life_valid = 1;
     }
-            
+
     /* Get the value for maximum renewable ticket lifetime. */
     hierarchy[2] = KRB5_CONF_MAX_RENEWABLE_LIFE;
     if (!krb5_aprof_get_deltat(aprofile, hierarchy, TRUE, &dtvalue)) {
         rparams->realm_max_rlife = dtvalue;
         rparams->realm_max_rlife_valid = 1;
     }
-            
+
     /* Get the value for the default principal expiration */
     hierarchy[2] = KRB5_CONF_DEFAULT_PRINCIPAL_EXPIRATION;
     if (!krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
@@ -1030,10 +1031,10 @@ krb5_read_realm_params(kcontext, realm, rparamp)
     }
 
     hierarchy[2] = KRB5_CONF_NO_HOST_REFERRAL;
-    if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls)) 
-       rparams->realm_no_host_referral = no_refrls;
-    else 
-            no_refrls = 0;
+    if (!krb5_aprof_get_string_all(aprofile, hierarchy, &no_refrls))
+        rparams->realm_no_host_referral = no_refrls;
+    else
+        no_refrls = 0;
 
     if (!no_refrls || krb5_match_config_pattern(no_refrls, KRB5_CONF_ASTERISK) == FALSE) {
         hierarchy[2] = KRB5_CONF_HOST_BASED_SERVICES;
@@ -1117,8 +1118,8 @@ krb5_free_realm_params(kcontext, rparams)
     }
     return(0);
 }
-/* 
- * match_config_pattern - 
+/*
+ * match_config_pattern -
  *       returns TRUE is the pattern is found in the attr's list of values.
  *       Otherwise - FALSE.
  *       In conf file the values are separates by commas or whitespaces.
@@ -1129,17 +1130,14 @@ krb5_match_config_pattern(const char *string, const char *pattern)
     const char *ptr;
     char next = '\0';
     int len = strlen(pattern);
- 
+
     for (ptr = strstr(string,pattern); ptr != 0; ptr = strstr(ptr+len,pattern)) {
-         if (ptr == string || isspace(*(ptr-1)) || *(ptr-1) ==',') {
-             next = *(ptr + len);
-             if (next == '\0' || isspace(next) || next ==',') {
-                  return TRUE;
-             }
-         }
+        if (ptr == string || isspace(*(ptr-1)) || *(ptr-1) ==',') {
+            next = *(ptr + len);
+            if (next == '\0' || isspace(next) || next ==',') {
+                return TRUE;
+            }
+        }
     }
     return FALSE;
 }
-
-
-
diff --git a/src/lib/kadm5/chpass_util.c b/src/lib/kadm5/chpass_util.c
index e1fbb5849..9e8111b3c 100644
--- a/src/lib/kadm5/chpass_util.c
+++ b/src/lib/kadm5/chpass_util.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
  */
@@ -25,234 +26,234 @@
  *
  * Arguments:
  *
- *      princ          (input) a krb5b_principal structure for the 
+ *      princ          (input) a krb5b_principal structure for the
  *                     principal whose password we should change.
  *
- *      new_password   (input) NULL or a null terminated string with the 
+ *      new_password   (input) NULL or a null terminated string with the
  *                     the principal's desired new password.  If new_password
  *                     is NULL then this routine will read a new password.
- *    
- *	pw_ret		(output) if non-NULL, points to a static buffer
- *			containing the new password (if password is prompted
- *			internally), or to the new_password argument (if
- *			that is non-NULL).  If the former, then the buffer
- *			is only valid until the next call to the function,
- *			and the caller should be sure to zero it when
- *			it is no longer needed.
+ *
+ *      pw_ret          (output) if non-NULL, points to a static buffer
+ *                      containing the new password (if password is prompted
+ *                      internally), or to the new_password argument (if
+ *                      that is non-NULL).  If the former, then the buffer
+ *                      is only valid until the next call to the function,
+ *                      and the caller should be sure to zero it when
+ *                      it is no longer needed.
  *
  *      msg_ret         (output) a useful message is copied here.
  *
- *      <return value>  exit status of 0 for success, else the com err code 
+ *      <return value>  exit status of 0 for success, else the com err code
  *                      for the last significant routine called.
- *      
+ *
  * Requires:
- *      
+ *
  *      A msg_ret should point to a buffer large enough for the messasge.
  *
  * Effects:
- *      
+ *
  * Modifies:
  *
  *
  */
 
 kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
-					 void *lhandle,
-					 krb5_principal princ,
-					 char *new_pw, 
-					 char **ret_pw,
-					 char *msg_ret,
-					 unsigned int msg_len)
+                                         void *lhandle,
+                                         krb5_principal princ,
+                                         char *new_pw,
+                                         char **ret_pw,
+                                         char *msg_ret,
+                                         unsigned int msg_len)
 {
-  int code, code2;
-  unsigned int pwsize;
-  static char buffer[255];
-  char *new_password;
-  kadm5_principal_ent_rec princ_ent;
-  kadm5_policy_ent_rec policy_ent;
-
-  _KADM5_CHECK_HANDLE(server_handle);
-
-  if (ret_pw)
-    *ret_pw = NULL;
-
-  if (new_pw != NULL) {
-    new_password = new_pw;
-  } else { /* read the password */
-    krb5_context context;
-
-    if ((code = (int) kadm5_init_krb5_context(&context)) == 0) {
-      pwsize = sizeof(buffer);
-      code = krb5_read_password(context, KADM5_PW_FIRST_PROMPT,
-				KADM5_PW_SECOND_PROMPT,
-				buffer, &pwsize);
-      krb5_free_context(context);
+    int code, code2;
+    unsigned int pwsize;
+    static char buffer[255];
+    char *new_password;
+    kadm5_principal_ent_rec princ_ent;
+    kadm5_policy_ent_rec policy_ent;
+
+    _KADM5_CHECK_HANDLE(server_handle);
+
+    if (ret_pw)
+        *ret_pw = NULL;
+
+    if (new_pw != NULL) {
+        new_password = new_pw;
+    } else { /* read the password */
+        krb5_context context;
+
+        if ((code = (int) kadm5_init_krb5_context(&context)) == 0) {
+            pwsize = sizeof(buffer);
+            code = krb5_read_password(context, KADM5_PW_FIRST_PROMPT,
+                                      KADM5_PW_SECOND_PROMPT,
+                                      buffer, &pwsize);
+            krb5_free_context(context);
+        }
+
+        if (code == 0)
+            new_password = buffer;
+        else {
+#ifdef ZEROPASSWD
+            memset(buffer, 0, sizeof(buffer));
+#endif
+            if (code == KRB5_LIBOS_BADPWDMATCH) {
+                strncpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH),
+                        msg_len - 1);
+                msg_ret[msg_len - 1] = '\0';
+                return(code);
+            } else {
+                strncpy(msg_ret, error_message(code), msg_len - 1);
+                strncat(msg_ret, " ", msg_len - 1);
+                strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_READING_PASSWORD),
+                        msg_len - 1);
+                strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+                        msg_len - 1);
+                msg_ret[msg_len - 1] = '\0';
+                return(code);
+            }
+        }
+        if (pwsize == 0) {
+#ifdef ZEROPASSWD
+            memset(buffer, 0, sizeof(buffer));
+#endif
+            strncpy(msg_ret, string_text(CHPASS_UTIL_NO_PASSWORD_READ), msg_len - 1);
+            msg_ret[msg_len - 1] = '\0';
+            return(KRB5_LIBOS_CANTREADPWD); /* could do better */
+        }
     }
 
-    if (code == 0) 
-      new_password = buffer;
-    else {
-#ifdef ZEROPASSWD    
-      memset(buffer, 0, sizeof(buffer));
-#endif      
-      if (code == KRB5_LIBOS_BADPWDMATCH) {
-	strncpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH),
-		msg_len - 1);
-	msg_ret[msg_len - 1] = '\0';
-	return(code);
-      } else {
-        strncpy(msg_ret, error_message(code), msg_len - 1);
-        strncat(msg_ret, " ", msg_len - 1);
-        strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_READING_PASSWORD),
-		msg_len - 1);
-        strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
-		msg_len - 1);
-	msg_ret[msg_len - 1] = '\0';
-	return(code);
-      }
+    if (ret_pw)
+        *ret_pw = new_password;
+
+    code = kadm5_chpass_principal(server_handle, princ, new_password);
+
+#ifdef ZEROPASSWD
+    if (!ret_pw)
+        memset(buffer, 0, sizeof(buffer)); /* in case we read a new password */
+#endif
+
+    if (code == KADM5_OK) {
+        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_CHANGED), msg_len - 1);
+        msg_ret[msg_len - 1] = '\0';
+        return(0);
+    }
+
+    if ((code != KADM5_PASS_Q_TOOSHORT) &&
+        (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) &&
+        (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) {
+        /* Can't get more info for other errors */
+        snprintf(buffer, sizeof(buffer), "%s %s", error_message(code),
+                 string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
+        snprintf(msg_ret, msg_len, "%s\n%s\n",
+                 string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+                 buffer);
+        return(code);
     }
-    if (pwsize == 0) {
-#ifdef ZEROPASSWD    
-      memset(buffer, 0, sizeof(buffer));
-#endif      
-      strncpy(msg_ret, string_text(CHPASS_UTIL_NO_PASSWORD_READ), msg_len - 1);
-      msg_ret[msg_len - 1] = '\0';
-      return(KRB5_LIBOS_CANTREADPWD); /* could do better */
+
+    /* Ok, we have a password quality error. Return a good message */
+
+    if (code == KADM5_PASS_REUSE) {
+        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_REUSE), msg_len - 1);
+        msg_ret[msg_len - 1] = '\0';
+        return(code);
     }
-  }
 
-  if (ret_pw)
-    *ret_pw = new_password;
+    if (code == KADM5_PASS_Q_DICT) {
+        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_IN_DICTIONARY),
+                msg_len - 1);
+        msg_ret[msg_len - 1] = '\0';
+        return(code);
+    }
 
-  code = kadm5_chpass_principal(server_handle, princ, new_password);
+    /* Look up policy for the remaining messages */
 
-#ifdef ZEROPASSWD
-  if (!ret_pw)
-    memset(buffer, 0, sizeof(buffer)); /* in case we read a new password */
-#endif    
-
-  if (code == KADM5_OK) {
-    strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_CHANGED), msg_len - 1);
-    msg_ret[msg_len - 1] = '\0';
-    return(0);
-  }
-
-  if ((code != KADM5_PASS_Q_TOOSHORT) && 
-      (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) && 
-      (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) {
-      /* Can't get more info for other errors */
-      snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), 
-	       string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
-      snprintf(msg_ret, msg_len, "%s\n%s\n",
-	       string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), 
-	       buffer);
-      return(code);
-  }
-
-  /* Ok, we have a password quality error. Return a good message */
-
-  if (code == KADM5_PASS_REUSE) {
-    strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_REUSE), msg_len - 1);
-    msg_ret[msg_len - 1] = '\0';
-    return(code);
-  }
+    code2 = kadm5_get_principal (lhandle, princ, &princ_ent,
+                                 KADM5_PRINCIPAL_NORMAL_MASK);
+    if (code2 != 0) {
+        strncpy(msg_ret, error_message(code2), msg_len - 1);
+        strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, string_text(CHPASS_UTIL_GET_PRINC_INFO), msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
+                msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+                msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret));
+        msg_ret[msg_len - 1] = '\0';
+        return(code);
+    }
 
-  if (code == KADM5_PASS_Q_DICT) {
-    strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_IN_DICTIONARY),
-	    msg_len - 1);
-    msg_ret[msg_len - 1] = '\0';
-    return(code);
-  }
-  
-  /* Look up policy for the remaining messages */
-
-  code2 = kadm5_get_principal (lhandle, princ, &princ_ent,
-			       KADM5_PRINCIPAL_NORMAL_MASK);
-  if (code2 != 0) {
-    strncpy(msg_ret, error_message(code2), msg_len - 1);
-    strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, string_text(CHPASS_UTIL_GET_PRINC_INFO), msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
-	    msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
-	    msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, "\n", msg_len - 1 - strlen(msg_ret));
-    msg_ret[msg_len - 1] = '\0';
-    return(code);
-  }
-  
-  if ((princ_ent.aux_attributes & KADM5_POLICY) == 0) {
-    strncpy(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
-    strncpy(msg_ret, string_text(CHPASS_UTIL_NO_POLICY_YET_Q_ERROR),
-	    msg_len - 1 - strlen(msg_ret));
-    strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret));
-    strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
-	    msg_len - 1 - strlen(msg_ret));
-    msg_ret[msg_len - 1] = '\0';
+    if ((princ_ent.aux_attributes & KADM5_POLICY) == 0) {
+        strncpy(msg_ret, error_message(code), msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, " ", msg_len - 1 - strlen(msg_ret));
+        strncpy(msg_ret, string_text(CHPASS_UTIL_NO_POLICY_YET_Q_ERROR),
+                msg_len - 1 - strlen(msg_ret));
+        strncat(msg_ret, "\n\n", msg_len - 1 - strlen(msg_ret));
+        strncpy(msg_ret, string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+                msg_len - 1 - strlen(msg_ret));
+        msg_ret[msg_len - 1] = '\0';
 
-    (void) kadm5_free_principal_ent(lhandle, &princ_ent);
-    return(code);
-  }
-
-  code2 = kadm5_get_policy(lhandle, princ_ent.policy,
-			   &policy_ent);
-  if (code2 != 0) {
-      snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n ", error_message(code2), 
-	       string_text(CHPASS_UTIL_GET_POLICY_INFO),
-	       error_message(code),
-	       string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
-	       string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
-      (void) kadm5_free_principal_ent(lhandle, &princ_ent);
-      return(code);
-  }
-  
-  if (code == KADM5_PASS_Q_TOOSHORT) {
-      snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), 
-	       policy_ent.pw_min_length);
-      (void) kadm5_free_principal_ent(lhandle, &princ_ent);
-      (void) kadm5_free_policy_ent(lhandle, &policy_ent);
-      return(code);
-  }
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        return(code);
+    }
+
+    code2 = kadm5_get_policy(lhandle, princ_ent.policy,
+                             &policy_ent);
+    if (code2 != 0) {
+        snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n ", error_message(code2),
+                 string_text(CHPASS_UTIL_GET_POLICY_INFO),
+                 error_message(code),
+                 string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
+                 string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        return(code);
+    }
+
+    if (code == KADM5_PASS_Q_TOOSHORT) {
+        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT),
+                 policy_ent.pw_min_length);
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+        return(code);
+    }
 
 /* Can't get more info for other errors */
 
-  if (code == KADM5_PASS_Q_CLASS) {
-      snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_TOO_FEW_CLASSES), 
-	       policy_ent.pw_min_classes);
-      (void) kadm5_free_principal_ent(lhandle, &princ_ent);
-      (void) kadm5_free_policy_ent(lhandle, &policy_ent);
-      return(code);
-  }
+    if (code == KADM5_PASS_Q_CLASS) {
+        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_TOO_FEW_CLASSES),
+                 policy_ent.pw_min_classes);
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+        return(code);
+    }
 
-  if (code == KADM5_PASS_TOOSOON) {
-    time_t until;
-    char *time_string, *ptr;
+    if (code == KADM5_PASS_TOOSOON) {
+        time_t until;
+        char *time_string, *ptr;
 
-    until = princ_ent.last_pwd_change + policy_ent.pw_min_life;
+        until = princ_ent.last_pwd_change + policy_ent.pw_min_life;
 
-    time_string = ctime(&until);
-    if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
-      *ptr = '\0';
+        time_string = ctime(&until);
+        if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
+            *ptr = '\0';
+
+        snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON),
+                 time_string);
+        (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+        (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+        return(code);
+    }
 
-    snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), 
-	     time_string);
+    /* We should never get here, but just in case ... */
+    snprintf(buffer, sizeof(buffer), "%s %s", error_message(code),
+             string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
+    snprintf(msg_ret, msg_len, "%s\n%s\n",
+             string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED),
+             buffer);
     (void) kadm5_free_principal_ent(lhandle, &princ_ent);
     (void) kadm5_free_policy_ent(lhandle, &policy_ent);
     return(code);
-  }
-
-  /* We should never get here, but just in case ... */
-  snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), 
-	   string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
-  snprintf(msg_ret, msg_len, "%s\n%s\n",
-	   string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), 
-	   buffer);
-  (void) kadm5_free_principal_ent(lhandle, &princ_ent);
-  (void) kadm5_free_policy_ent(lhandle, &policy_ent);
-  return(code);
 }
diff --git a/src/lib/kadm5/clnt/client_handle.c b/src/lib/kadm5/clnt/client_handle.c
index 895777a6e..48b76707e 100644
--- a/src/lib/kadm5/clnt/client_handle.c
+++ b/src/lib/kadm5/clnt/client_handle.c
@@ -1,9 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <krb5.h>
 #include <kadm5/admin.h>
 #include "client_internal.h"
 
 int _kadm5_check_handle(void *handle)
 {
-     CHECK_HANDLE(handle);
-     return 0;
+    CHECK_HANDLE(handle);
+    return 0;
 }
diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c
index 0b817b8bc..99e8e15ba 100644
--- a/src/lib/kadm5/clnt/client_init.c
+++ b/src/lib/kadm5/clnt/client_init.c
@@ -1,17 +1,18 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -56,349 +57,349 @@
 #include <gssapi/gssapi_krb5.h>
 #include <gssrpc/auth_gssapi.h>
 
-#define	ADM_CCACHE  "/tmp/ovsec_adm.XXXXXX"
+#define ADM_CCACHE  "/tmp/ovsec_adm.XXXXXX"
 
 enum init_type { INIT_PASS, INIT_SKEY, INIT_CREDS };
 
 static kadm5_ret_t _kadm5_init_any(krb5_context context,
-				   char *client_name,
-				   enum init_type init_type,
-				   char *pass,
-				   krb5_ccache ccache_in,
-				   char *service_name,
-				   kadm5_config_params *params,
-				   krb5_ui_4 struct_version,
-				   krb5_ui_4 api_version,
-				   char **db_args,
-				   void **server_handle);
+                                   char *client_name,
+                                   enum init_type init_type,
+                                   char *pass,
+                                   krb5_ccache ccache_in,
+                                   char *service_name,
+                                   kadm5_config_params *params,
+                                   krb5_ui_4 struct_version,
+                                   krb5_ui_4 api_version,
+                                   char **db_args,
+                                   void **server_handle);
 
 static kadm5_ret_t
 kadm5_get_init_creds(kadm5_server_handle_t handle,
-		     char *client_name, enum init_type init_type,
-		     char *pass, krb5_ccache ccache_in,
-		     char *svcname_in, char *realm,
-		     char *full_svcname, unsigned int full_svcname_len);
+                     char *client_name, enum init_type init_type,
+                     char *pass, krb5_ccache ccache_in,
+                     char *svcname_in, char *realm,
+                     char *full_svcname, unsigned int full_svcname_len);
 
 static kadm5_ret_t
 kadm5_gic_iter(kadm5_server_handle_t handle,
-	       enum init_type init_type,
-	       krb5_ccache ccache,
-	       krb5_principal client, char *pass,
-	       char *svcname, char *realm,
-	       char *full_svcname, unsigned int full_svcname_len);
+               enum init_type init_type,
+               krb5_ccache ccache,
+               krb5_principal client, char *pass,
+               char *svcname, char *realm,
+               char *full_svcname, unsigned int full_svcname_len);
 
 static kadm5_ret_t
 kadm5_setup_gss(kadm5_server_handle_t handle,
-		kadm5_config_params *params_in,
-		char *client_name, char *full_svcname);
+                kadm5_config_params *params_in,
+                char *client_name, char *full_svcname);
 
 static void
 kadm5_rpc_auth(kadm5_server_handle_t handle,
-	       kadm5_config_params *params_in,
-	       gss_cred_id_t gss_client_creds,
-	       gss_name_t gss_target);
+               kadm5_config_params *params_in,
+               gss_cred_id_t gss_client_creds,
+               gss_name_t gss_target);
 
 kadm5_ret_t kadm5_init_with_creds(krb5_context context,
-				  char *client_name,
-				  krb5_ccache ccache,
-				  char *service_name,
-				  kadm5_config_params *params,
-				  krb5_ui_4 struct_version,
-				  krb5_ui_4 api_version,
-				  char **db_args,
-				  void **server_handle)
+                                  char *client_name,
+                                  krb5_ccache ccache,
+                                  char *service_name,
+                                  kadm5_config_params *params,
+                                  krb5_ui_4 struct_version,
+                                  krb5_ui_4 api_version,
+                                  char **db_args,
+                                  void **server_handle)
 {
-     return _kadm5_init_any(context, client_name, INIT_CREDS, NULL, ccache,
-			    service_name, params,
-			    struct_version, api_version, db_args,
-			    server_handle);
+    return _kadm5_init_any(context, client_name, INIT_CREDS, NULL, ccache,
+                           service_name, params,
+                           struct_version, api_version, db_args,
+                           server_handle);
 }
 
 
 kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name,
-				     char *pass, char *service_name,
-				     kadm5_config_params *params,
-				     krb5_ui_4 struct_version,
-				     krb5_ui_4 api_version,
-				     char **db_args,
-				     void **server_handle)
+                                     char *pass, char *service_name,
+                                     kadm5_config_params *params,
+                                     krb5_ui_4 struct_version,
+                                     krb5_ui_4 api_version,
+                                     char **db_args,
+                                     void **server_handle)
 {
-     return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL,
-			    service_name, params, struct_version,
-			    api_version, db_args, server_handle);
+    return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL,
+                           service_name, params, struct_version,
+                           api_version, db_args, server_handle);
 }
 
 kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
-		       char *service_name, 
-		       kadm5_config_params *params,
-		       krb5_ui_4 struct_version,
-		       krb5_ui_4 api_version,
-		       char **db_args,
-		       void **server_handle)
+                       char *service_name,
+                       kadm5_config_params *params,
+                       krb5_ui_4 struct_version,
+                       krb5_ui_4 api_version,
+                       char **db_args,
+                       void **server_handle)
 {
-     return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL,
-			    service_name, params, struct_version,
-			    api_version, db_args, server_handle);
+    return _kadm5_init_any(context, client_name, INIT_PASS, pass, NULL,
+                           service_name, params, struct_version,
+                           api_version, db_args, server_handle);
 }
 
 kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name,
-				 char *keytab, char *service_name,
-				 kadm5_config_params *params,
-				 krb5_ui_4 struct_version,
-				 krb5_ui_4 api_version,
-				 char **db_args,
-				 void **server_handle)
+                                 char *keytab, char *service_name,
+                                 kadm5_config_params *params,
+                                 krb5_ui_4 struct_version,
+                                 krb5_ui_4 api_version,
+                                 char **db_args,
+                                 void **server_handle)
 {
-     return _kadm5_init_any(context, client_name, INIT_SKEY, keytab, NULL,
-			    service_name, params, struct_version,
-			    api_version, db_args, server_handle);
+    return _kadm5_init_any(context, client_name, INIT_SKEY, keytab, NULL,
+                           service_name, params, struct_version,
+                           api_version, db_args, server_handle);
 }
 
 static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name,
-				   enum init_type init_type,
-				   char *pass,
-				   krb5_ccache ccache_in,
-				   char *service_name,
-				   kadm5_config_params *params_in,
-				   krb5_ui_4 struct_version,
-				   krb5_ui_4 api_version,
-				   char **db_args,
-				   void **server_handle)
+                                   enum init_type init_type,
+                                   char *pass,
+                                   krb5_ccache ccache_in,
+                                   char *service_name,
+                                   kadm5_config_params *params_in,
+                                   krb5_ui_4 struct_version,
+                                   krb5_ui_4 api_version,
+                                   char **db_args,
+                                   void **server_handle)
 {
-     struct sockaddr_in addr;
-     struct hostent *hp;
-     int fd;
-
-     char *iprop_svc;
-     int iprop_enable = 0;
-     char full_svcname[BUFSIZ];
-     char *realm;
-     
-     kadm5_server_handle_t handle;
-     kadm5_config_params params_local;
-
-     int code = 0;
-     generic_ret *r;
-
-     initialize_ovk_error_table();
+    struct sockaddr_in addr;
+    struct hostent *hp;
+    int fd;
+
+    char *iprop_svc;
+    int iprop_enable = 0;
+    char full_svcname[BUFSIZ];
+    char *realm;
+
+    kadm5_server_handle_t handle;
+    kadm5_config_params params_local;
+
+    int code = 0;
+    generic_ret *r;
+
+    initialize_ovk_error_table();
 /*      initialize_adb_error_table(); */
-     initialize_ovku_error_table();
-     
-     if (! server_handle) {
-	 return EINVAL;
-     }
-
-     if (! (handle = malloc(sizeof(*handle)))) {
-	  return ENOMEM;
-     }
-     memset(handle, 0, sizeof(*handle));
-     if (! (handle->lhandle = malloc(sizeof(*handle)))) {
-	  free(handle);
-	  return ENOMEM;
-     }
-
-     handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
-     handle->struct_version = struct_version;
-     handle->api_version = api_version;
-     handle->clnt = 0;
-     handle->cache_name = 0;
-     handle->destroy_cache = 0;
-     handle->context = 0;
-     *handle->lhandle = *handle;
-     handle->lhandle->api_version = KADM5_API_VERSION_3;
-     handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
-     handle->lhandle->lhandle = handle->lhandle;
-
-     handle->context = context;
-
-     if(client_name == NULL) {
-	free(handle);
-	return EINVAL;
-     }
-
-     /*
-      * Verify the version numbers before proceeding; we can't use
-      * CHECK_HANDLE because not all fields are set yet.
-      */
-     GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION,
-			  KADM5_NEW_LIB_API_VERSION);
-     
-     /*
-      * Acquire relevant profile entries.  In version 2, merge values
-      * in params_in with values from profile, based on
-      * params_in->mask.
-      *
-      * In version 1, we've given a realm (which may be NULL) instead
-      * of params_in.  So use that realm, make params_in contain an
-      * empty mask, and behave like version 2.
-      */
-     memset(&params_local, 0, sizeof(params_local));
-     if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
-	  realm = params_in->realm;
-     else
-	  realm = NULL;
+    initialize_ovku_error_table();
+
+    if (! server_handle) {
+        return EINVAL;
+    }
+
+    if (! (handle = malloc(sizeof(*handle)))) {
+        return ENOMEM;
+    }
+    memset(handle, 0, sizeof(*handle));
+    if (! (handle->lhandle = malloc(sizeof(*handle)))) {
+        free(handle);
+        return ENOMEM;
+    }
+
+    handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
+    handle->struct_version = struct_version;
+    handle->api_version = api_version;
+    handle->clnt = 0;
+    handle->cache_name = 0;
+    handle->destroy_cache = 0;
+    handle->context = 0;
+    *handle->lhandle = *handle;
+    handle->lhandle->api_version = KADM5_API_VERSION_3;
+    handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
+    handle->lhandle->lhandle = handle->lhandle;
+
+    handle->context = context;
+
+    if(client_name == NULL) {
+        free(handle);
+        return EINVAL;
+    }
+
+    /*
+     * Verify the version numbers before proceeding; we can't use
+     * CHECK_HANDLE because not all fields are set yet.
+     */
+    GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION,
+                         KADM5_NEW_LIB_API_VERSION);
+
+    /*
+     * Acquire relevant profile entries.  In version 2, merge values
+     * in params_in with values from profile, based on
+     * params_in->mask.
+     *
+     * In version 1, we've given a realm (which may be NULL) instead
+     * of params_in.  So use that realm, make params_in contain an
+     * empty mask, and behave like version 2.
+     */
+    memset(&params_local, 0, sizeof(params_local));
+    if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
+        realm = params_in->realm;
+    else
+        realm = NULL;
 
 #if 0 /* Since KDC config params can now be put in krb5.conf, these
-	 could show up even when you're just using the remote kadmin
-	 client.  */
-#define ILLEGAL_PARAMS (KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME | \
-			KADM5_CONFIG_ADB_LOCKFILE | \
-			KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_DICT_FILE \
-			| KADM5_CONFIG_ADMIN_KEYTAB | \
-			KADM5_CONFIG_STASH_FILE | \
-			KADM5_CONFIG_MKEY_NAME | KADM5_CONFIG_ENCTYPE \
-			| KADM5_CONFIG_MAX_LIFE | \
-			KADM5_CONFIG_MAX_RLIFE | \
-			KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_FLAGS | \
-			KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD)
-
-     if (params_in && params_in->mask & ILLEGAL_PARAMS) {
-	  free(handle);
-	  return KADM5_BAD_CLIENT_PARAMS;
-     }
+         could show up even when you're just using the remote kadmin
+         client.  */
+#define ILLEGAL_PARAMS (KADM5_CONFIG_DBNAME | KADM5_CONFIG_ADBNAME |    \
+                        KADM5_CONFIG_ADB_LOCKFILE |                     \
+                        KADM5_CONFIG_ACL_FILE | KADM5_CONFIG_DICT_FILE  \
+                        | KADM5_CONFIG_ADMIN_KEYTAB |                   \
+                        KADM5_CONFIG_STASH_FILE |                       \
+                        KADM5_CONFIG_MKEY_NAME | KADM5_CONFIG_ENCTYPE   \
+                        | KADM5_CONFIG_MAX_LIFE |                       \
+                        KADM5_CONFIG_MAX_RLIFE |                        \
+                        KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_FLAGS |  \
+                        KADM5_CONFIG_ENCTYPES | KADM5_CONFIG_MKEY_FROM_KBD)
+
+    if (params_in && params_in->mask & ILLEGAL_PARAMS) {
+        free(handle);
+        return KADM5_BAD_CLIENT_PARAMS;
+    }
 #endif
 
-     if ((code = kadm5_get_config_params(handle->context, 0,
-					 params_in, &handle->params))) {
-	  free(handle);
-	  return(code);
-     }
-
-#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | \
-			 KADM5_CONFIG_ADMIN_SERVER | \
-			 KADM5_CONFIG_KADMIND_PORT) 
-
-     if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
-	  free(handle);
-	  return KADM5_MISSING_KRB5_CONF_PARAMS;
-     }
-
-     /*
-      * Get credentials.  Also does some fallbacks in case kadmin/fqdn
-      * principal doesn't exist.
-      */
-     code = kadm5_get_init_creds(handle, client_name, init_type, pass,
-				 ccache_in, service_name, realm,
-				 full_svcname, sizeof(full_svcname));
-     if (code)
-	  goto error;
-     /*
-      * We have ticket; open the RPC connection.
-      */
-
-     hp = gethostbyname(handle->params.admin_server);
-     if (hp == (struct hostent *) NULL) {
-	  code = KADM5_BAD_SERVER_NAME;
-	  goto cleanup;
-     }
-
-     /*
-      * If the service_name and client_name are iprop-centric,
-      * we need to clnttcp_create to the appropriate RPC prog.
-      */
-     iprop_svc = strdup(KIPROP_SVC_NAME);
-     if (iprop_svc == NULL)
-	 return ENOMEM;
-
-     if (service_name != NULL &&
-	 (strstr(service_name, iprop_svc) != NULL) &&
-	 (strstr(client_name, iprop_svc) != NULL))
-	 iprop_enable = 1;
-     else
-	 iprop_enable = 0;
-
-     memset(&addr, 0, sizeof(addr));
-     addr.sin_family = hp->h_addrtype;
-     (void) memcpy(&addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr));
-     if (iprop_enable)
-	 addr.sin_port = htons((u_short) handle->params.iprop_port);
-     else
-	 addr.sin_port = htons((u_short) handle->params.kadmind_port);
-     
-     fd = RPC_ANYSOCK;
-
-     if (iprop_enable) {
-	 handle->clnt = clnttcp_create(&addr, KRB5_IPROP_PROG, KRB5_IPROP_VERS,
-				       &fd, 0, 0);
-     } else
-	 handle->clnt = clnttcp_create(&addr, KADM, KADMVERS, &fd, 0, 0);
-     if (handle->clnt == NULL) {
-	  code = KADM5_RPC_ERROR;
+    if ((code = kadm5_get_config_params(handle->context, 0,
+                                        params_in, &handle->params))) {
+        free(handle);
+        return(code);
+    }
+
+#define REQUIRED_PARAMS (KADM5_CONFIG_REALM |           \
+                         KADM5_CONFIG_ADMIN_SERVER |    \
+                         KADM5_CONFIG_KADMIND_PORT)
+
+    if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+        free(handle);
+        return KADM5_MISSING_KRB5_CONF_PARAMS;
+    }
+
+    /*
+     * Get credentials.  Also does some fallbacks in case kadmin/fqdn
+     * principal doesn't exist.
+     */
+    code = kadm5_get_init_creds(handle, client_name, init_type, pass,
+                                ccache_in, service_name, realm,
+                                full_svcname, sizeof(full_svcname));
+    if (code)
+        goto error;
+    /*
+     * We have ticket; open the RPC connection.
+     */
+
+    hp = gethostbyname(handle->params.admin_server);
+    if (hp == (struct hostent *) NULL) {
+        code = KADM5_BAD_SERVER_NAME;
+        goto cleanup;
+    }
+
+    /*
+     * If the service_name and client_name are iprop-centric,
+     * we need to clnttcp_create to the appropriate RPC prog.
+     */
+    iprop_svc = strdup(KIPROP_SVC_NAME);
+    if (iprop_svc == NULL)
+        return ENOMEM;
+
+    if (service_name != NULL &&
+        (strstr(service_name, iprop_svc) != NULL) &&
+        (strstr(client_name, iprop_svc) != NULL))
+        iprop_enable = 1;
+    else
+        iprop_enable = 0;
+
+    memset(&addr, 0, sizeof(addr));
+    addr.sin_family = hp->h_addrtype;
+    (void) memcpy(&addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr));
+    if (iprop_enable)
+        addr.sin_port = htons((u_short) handle->params.iprop_port);
+    else
+        addr.sin_port = htons((u_short) handle->params.kadmind_port);
+
+    fd = RPC_ANYSOCK;
+
+    if (iprop_enable) {
+        handle->clnt = clnttcp_create(&addr, KRB5_IPROP_PROG, KRB5_IPROP_VERS,
+                                      &fd, 0, 0);
+    } else
+        handle->clnt = clnttcp_create(&addr, KADM, KADMVERS, &fd, 0, 0);
+    if (handle->clnt == NULL) {
+        code = KADM5_RPC_ERROR;
 #ifdef DEBUG
-	  clnt_pcreateerror("clnttcp_create");
+        clnt_pcreateerror("clnttcp_create");
 #endif
-	  goto error;
-     }
-     handle->lhandle->clnt = handle->clnt;
-
-     /* now that handle->clnt is set, we can check the handle */
-     if ((code = _kadm5_check_handle((void *) handle)))
-	  goto error;
-
-     /*
-      * The RPC connection is open; establish the GSS-API
-      * authentication context.
-      */
-     code = kadm5_setup_gss(handle, params_in, client_name, full_svcname);
-     if (code)
-	  goto error;
-
-     /*
-      * Bypass the remainder of the code and return straightaway
-      * if the gss service requested is kiprop
-      */
-     if (iprop_enable == 1) {
-	 code = 0;
-	 *server_handle = (void *) handle;
-	 goto cleanup;
-     }
-
-     r = init_2(&handle->api_version, handle->clnt);
-     if (r == NULL) {
-	  code = KADM5_RPC_ERROR;
+        goto error;
+    }
+    handle->lhandle->clnt = handle->clnt;
+
+    /* now that handle->clnt is set, we can check the handle */
+    if ((code = _kadm5_check_handle((void *) handle)))
+        goto error;
+
+    /*
+     * The RPC connection is open; establish the GSS-API
+     * authentication context.
+     */
+    code = kadm5_setup_gss(handle, params_in, client_name, full_svcname);
+    if (code)
+        goto error;
+
+    /*
+     * Bypass the remainder of the code and return straightaway
+     * if the gss service requested is kiprop
+     */
+    if (iprop_enable == 1) {
+        code = 0;
+        *server_handle = (void *) handle;
+        goto cleanup;
+    }
+
+    r = init_2(&handle->api_version, handle->clnt);
+    if (r == NULL) {
+        code = KADM5_RPC_ERROR;
 #ifdef DEBUG
-	  clnt_perror(handle->clnt, "init_2 null resp");
+        clnt_perror(handle->clnt, "init_2 null resp");
 #endif
-	  goto error;
-     }
-     /* Drop down to v2 wire protocol if server does not support v3 */
-     if (r->code == KADM5_NEW_SERVER_API_VERSION &&
-	 handle->api_version == KADM5_API_VERSION_3) {
-	 handle->api_version = KADM5_API_VERSION_2;
-	 r = init_2(&handle->api_version, handle->clnt);
-	 if (r == NULL) {
-	    code = KADM5_RPC_ERROR;
-	    goto error;
-	 }
-     }
-     if (r->code) {
-	  code = r->code;
-	  goto error;
-     }
-
-     *server_handle = (void *) handle;
-
-     goto cleanup;
+        goto error;
+    }
+    /* Drop down to v2 wire protocol if server does not support v3 */
+    if (r->code == KADM5_NEW_SERVER_API_VERSION &&
+        handle->api_version == KADM5_API_VERSION_3) {
+        handle->api_version = KADM5_API_VERSION_2;
+        r = init_2(&handle->api_version, handle->clnt);
+        if (r == NULL) {
+            code = KADM5_RPC_ERROR;
+            goto error;
+        }
+    }
+    if (r->code) {
+        code = r->code;
+        goto error;
+    }
+
+    *server_handle = (void *) handle;
+
+    goto cleanup;
 
 error:
-     /*
-      * Note that it is illegal for this code to execute if "handle"
-      * has not been allocated and initialized.  I.e., don't use "goto
-      * error" before the block of code at the top of the function
-      * that allocates and initializes "handle".
-      */
-     if (handle->cache_name)
-	 free(handle->cache_name);
-     if(handle->clnt && handle->clnt->cl_auth)
-	  AUTH_DESTROY(handle->clnt->cl_auth);
-     if(handle->clnt)
-	  clnt_destroy(handle->clnt);
+    /*
+     * Note that it is illegal for this code to execute if "handle"
+     * has not been allocated and initialized.  I.e., don't use "goto
+     * error" before the block of code at the top of the function
+     * that allocates and initializes "handle".
+     */
+    if (handle->cache_name)
+        free(handle->cache_name);
+    if(handle->clnt && handle->clnt->cl_auth)
+        AUTH_DESTROY(handle->clnt->cl_auth);
+    if(handle->clnt)
+        clnt_destroy(handle->clnt);
 
 cleanup:
-     if (code)
-	  free(handle);
+    if (code)
+        free(handle);
 
-     return code;
+    return code;
 }
 
 /*
@@ -409,91 +410,91 @@ cleanup:
  */
 static kadm5_ret_t
 kadm5_get_init_creds(kadm5_server_handle_t handle,
-		     char *client_name, enum init_type init_type,
-		     char *pass, krb5_ccache ccache_in,
-		     char *svcname_in, char *realm,
-		     char *full_svcname, unsigned int full_svcname_len)
+                     char *client_name, enum init_type init_type,
+                     char *pass, krb5_ccache ccache_in,
+                     char *svcname_in, char *realm,
+                     char *full_svcname, unsigned int full_svcname_len)
 {
-     kadm5_ret_t code;
-     krb5_principal client;
-     krb5_ccache ccache;
-     char svcname[BUFSIZ];
-
-     client = NULL;
-     ccache = NULL;
-     /* NULL svcname means use host-based. */
-     if (svcname_in == NULL) {
-	  code = kadm5_get_admin_service_name(handle->context,
-					      handle->params.realm,
-					      svcname, sizeof(svcname));
-	  if (code) {
-	       code = KADM5_MISSING_KRB5_CONF_PARAMS;
-	       goto error;
-	  }
-     } else {
-	  strncpy(svcname, svcname_in, sizeof(svcname));
-	  svcname[sizeof(svcname)-1] = '\0';
-     }
-     /*
-      * Acquire a service ticket for svcname@realm in the name of
-      * client_name, using password pass (which could be NULL), and
-      * create a ccache to store them in.  If INIT_CREDS, use the
-      * ccache we were provided instead.
-      */
-     code = krb5_parse_name(handle->context, client_name, &client);
-     if (code)
-	  goto error;
-
-     if (init_type == INIT_CREDS) {
-	  ccache = ccache_in;
-	  if (asprintf(&handle->cache_name, "%s:%s",
-		       krb5_cc_get_type(handle->context, ccache),
-		       krb5_cc_get_name(handle->context, ccache)) < 0) {
-	      handle->cache_name = NULL;
-	      code = ENOMEM;
-	      goto error;
-	  }
-     } else {
-	  static int counter = 0;
-
-	  if (asprintf(&handle->cache_name, "MEMORY:kadm5_%u", counter++) < 0) {
-	      handle->cache_name = NULL;
-	      code = ENOMEM;
-	      goto error;
-	  }
-	  code = krb5_cc_resolve(handle->context, handle->cache_name,
-				 &ccache);
-	  if (code) 
-	       goto error;
-
-	  code = krb5_cc_initialize (handle->context, ccache, client);
-	  if (code) 
-	       goto error;
-
-	  handle->destroy_cache = 1;
-     }
-     handle->lhandle->cache_name = handle->cache_name;
-
-     code = kadm5_gic_iter(handle, init_type, ccache,
-			   client, pass, svcname, realm,
-			   full_svcname, full_svcname_len);
-     if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
-	  || code == KRB5_CC_NOTFOUND) && svcname_in == NULL) {
-	  /* Retry with old host-independent service princpal. */
-	  code = kadm5_gic_iter(handle, init_type, ccache,
-				client, pass,
-				KADM5_ADMIN_SERVICE, realm,
-				full_svcname, full_svcname_len);
-     }
-     /* Improved error messages */
-     if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD;
-     if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
-	  code = KADM5_SECURE_PRINC_MISSING;
+    kadm5_ret_t code;
+    krb5_principal client;
+    krb5_ccache ccache;
+    char svcname[BUFSIZ];
+
+    client = NULL;
+    ccache = NULL;
+    /* NULL svcname means use host-based. */
+    if (svcname_in == NULL) {
+        code = kadm5_get_admin_service_name(handle->context,
+                                            handle->params.realm,
+                                            svcname, sizeof(svcname));
+        if (code) {
+            code = KADM5_MISSING_KRB5_CONF_PARAMS;
+            goto error;
+        }
+    } else {
+        strncpy(svcname, svcname_in, sizeof(svcname));
+        svcname[sizeof(svcname)-1] = '\0';
+    }
+    /*
+     * Acquire a service ticket for svcname@realm in the name of
+     * client_name, using password pass (which could be NULL), and
+     * create a ccache to store them in.  If INIT_CREDS, use the
+     * ccache we were provided instead.
+     */
+    code = krb5_parse_name(handle->context, client_name, &client);
+    if (code)
+        goto error;
+
+    if (init_type == INIT_CREDS) {
+        ccache = ccache_in;
+        if (asprintf(&handle->cache_name, "%s:%s",
+                     krb5_cc_get_type(handle->context, ccache),
+                     krb5_cc_get_name(handle->context, ccache)) < 0) {
+            handle->cache_name = NULL;
+            code = ENOMEM;
+            goto error;
+        }
+    } else {
+        static int counter = 0;
+
+        if (asprintf(&handle->cache_name, "MEMORY:kadm5_%u", counter++) < 0) {
+            handle->cache_name = NULL;
+            code = ENOMEM;
+            goto error;
+        }
+        code = krb5_cc_resolve(handle->context, handle->cache_name,
+                               &ccache);
+        if (code)
+            goto error;
+
+        code = krb5_cc_initialize (handle->context, ccache, client);
+        if (code)
+            goto error;
+
+        handle->destroy_cache = 1;
+    }
+    handle->lhandle->cache_name = handle->cache_name;
+
+    code = kadm5_gic_iter(handle, init_type, ccache,
+                          client, pass, svcname, realm,
+                          full_svcname, full_svcname_len);
+    if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
+         || code == KRB5_CC_NOTFOUND) && svcname_in == NULL) {
+        /* Retry with old host-independent service princpal. */
+        code = kadm5_gic_iter(handle, init_type, ccache,
+                              client, pass,
+                              KADM5_ADMIN_SERVICE, realm,
+                              full_svcname, full_svcname_len);
+    }
+    /* Improved error messages */
+    if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) code = KADM5_BAD_PASSWORD;
+    if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
+        code = KADM5_SECURE_PRINC_MISSING;
 
 error:
-     if (ccache != NULL && init_type != INIT_CREDS)
-	  krb5_cc_close(handle->context, ccache);
-     return code;
+    if (ccache != NULL && init_type != INIT_CREDS)
+        krb5_cc_close(handle->context, ccache);
+    return code;
 }
 
 /*
@@ -505,87 +506,87 @@ error:
  */
 static kadm5_ret_t
 kadm5_gic_iter(kadm5_server_handle_t handle,
-	       enum init_type init_type,
-	       krb5_ccache ccache,
-	       krb5_principal client, char *pass,
-	       char *svcname, char *realm,
-	       char *full_svcname, unsigned int full_svcname_len)
+               enum init_type init_type,
+               krb5_ccache ccache,
+               krb5_principal client, char *pass,
+               char *svcname, char *realm,
+               char *full_svcname, unsigned int full_svcname_len)
 {
-     kadm5_ret_t code;
-     krb5_context ctx;
-     krb5_keytab kt;
-     krb5_get_init_creds_opt opt;
-     krb5_creds mcreds, outcreds;
-     int n;
-
-     ctx = handle->context;
-     kt = NULL;
-     memset(full_svcname, 0, full_svcname_len);
-     memset(&opt, 0, sizeof(opt));
-     memset(&mcreds, 0, sizeof(mcreds));
-     memset(&outcreds, 0, sizeof(outcreds));
-
-     code = ENOMEM;
-     if (realm) {
-	 n = snprintf(full_svcname, full_svcname_len, "%s@%s",
-		      svcname, realm);
-	 if (n < 0 || n >= full_svcname_len)
-	     goto error;
-     } else {
-	 /* krb5_princ_realm(client) is not null terminated */
-	 n = snprintf(full_svcname, full_svcname_len, "%s@%.*s",
-		      svcname, krb5_princ_realm(ctx, client)->length,
-		      krb5_princ_realm(ctx, client)->data);
-	 if (n < 0 || n >= full_svcname_len)
-	     goto error;
-     }
-
-     /* Credentials for kadmin don't need to be forwardable or proxiable. */
-     if (init_type != INIT_CREDS) {
-	  krb5_get_init_creds_opt_init(&opt);
-	  krb5_get_init_creds_opt_set_forwardable(&opt, 0);
-	  krb5_get_init_creds_opt_set_proxiable(&opt, 0);
-     }
-
-     if (init_type == INIT_PASS) {
-	  code = krb5_get_init_creds_password(ctx, &outcreds, client, pass,
-					      krb5_prompter_posix,
-					      NULL, 0,
-					      full_svcname, &opt);
-	  if (code)
-	       goto error;
-     } else if (init_type == INIT_SKEY) {
-	  if (pass) {
-	       code = krb5_kt_resolve(ctx, pass, &kt);
-	       if (code)
-		   goto error;
-	  }
-	  code = krb5_get_init_creds_keytab(ctx, &outcreds, client, kt,
-					    0, full_svcname, &opt);
-	  if (pass)
-	       krb5_kt_close(ctx, kt);
-	  if (code)
-	       goto error;
-     } else if (init_type == INIT_CREDS) {
-	  mcreds.client = client;
-	  code = krb5_parse_name(ctx, full_svcname, &mcreds.server);
-	  if (code)
-	       goto error;
-	  code = krb5_cc_retrieve_cred(ctx, ccache, 0,
-				       &mcreds, &outcreds);
-	  krb5_free_principal(ctx, mcreds.server);
-	  if (code)
-	       goto error;
-     }
-     if (init_type != INIT_CREDS) {
-	  /* Caller has initialized ccache. */
-	  code = krb5_cc_store_cred(ctx, ccache, &outcreds);
-	  if (code)
-	       goto error;
-     }
+    kadm5_ret_t code;
+    krb5_context ctx;
+    krb5_keytab kt;
+    krb5_get_init_creds_opt opt;
+    krb5_creds mcreds, outcreds;
+    int n;
+
+    ctx = handle->context;
+    kt = NULL;
+    memset(full_svcname, 0, full_svcname_len);
+    memset(&opt, 0, sizeof(opt));
+    memset(&mcreds, 0, sizeof(mcreds));
+    memset(&outcreds, 0, sizeof(outcreds));
+
+    code = ENOMEM;
+    if (realm) {
+        n = snprintf(full_svcname, full_svcname_len, "%s@%s",
+                     svcname, realm);
+        if (n < 0 || n >= full_svcname_len)
+            goto error;
+    } else {
+        /* krb5_princ_realm(client) is not null terminated */
+        n = snprintf(full_svcname, full_svcname_len, "%s@%.*s",
+                     svcname, krb5_princ_realm(ctx, client)->length,
+                     krb5_princ_realm(ctx, client)->data);
+        if (n < 0 || n >= full_svcname_len)
+            goto error;
+    }
+
+    /* Credentials for kadmin don't need to be forwardable or proxiable. */
+    if (init_type != INIT_CREDS) {
+        krb5_get_init_creds_opt_init(&opt);
+        krb5_get_init_creds_opt_set_forwardable(&opt, 0);
+        krb5_get_init_creds_opt_set_proxiable(&opt, 0);
+    }
+
+    if (init_type == INIT_PASS) {
+        code = krb5_get_init_creds_password(ctx, &outcreds, client, pass,
+                                            krb5_prompter_posix,
+                                            NULL, 0,
+                                            full_svcname, &opt);
+        if (code)
+            goto error;
+    } else if (init_type == INIT_SKEY) {
+        if (pass) {
+            code = krb5_kt_resolve(ctx, pass, &kt);
+            if (code)
+                goto error;
+        }
+        code = krb5_get_init_creds_keytab(ctx, &outcreds, client, kt,
+                                          0, full_svcname, &opt);
+        if (pass)
+            krb5_kt_close(ctx, kt);
+        if (code)
+            goto error;
+    } else if (init_type == INIT_CREDS) {
+        mcreds.client = client;
+        code = krb5_parse_name(ctx, full_svcname, &mcreds.server);
+        if (code)
+            goto error;
+        code = krb5_cc_retrieve_cred(ctx, ccache, 0,
+                                     &mcreds, &outcreds);
+        krb5_free_principal(ctx, mcreds.server);
+        if (code)
+            goto error;
+    }
+    if (init_type != INIT_CREDS) {
+        /* Caller has initialized ccache. */
+        code = krb5_cc_store_cred(ctx, ccache, &outcreds);
+        if (code)
+            goto error;
+    }
 error:
-     krb5_free_cred_contents(ctx, &outcreds);
-     return code;
+    krb5_free_cred_contents(ctx, &outcreds);
+    return code;
 }
 
 /*
@@ -595,138 +596,138 @@ error:
  */
 static kadm5_ret_t
 kadm5_setup_gss(kadm5_server_handle_t handle,
-		kadm5_config_params *params_in,
-		char *client_name, char *full_svcname)
+                kadm5_config_params *params_in,
+                char *client_name, char *full_svcname)
 {
-     kadm5_ret_t code;
-     OM_uint32 gssstat, minor_stat;
-     gss_buffer_desc buf;
-     gss_name_t gss_client;
-     gss_name_t gss_target;
-     gss_cred_id_t gss_client_creds;
-     const char *c_ccname_orig;
-     char *ccname_orig;
-
-     code = KADM5_GSS_ERROR;
-     gss_client_creds = GSS_C_NO_CREDENTIAL;
-     ccname_orig = NULL;
-     gss_client = gss_target = GSS_C_NO_NAME;
-
-     /* Temporarily use the kadm5 cache. */
-     gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name,
-				    &c_ccname_orig);
-     if (gssstat != GSS_S_COMPLETE) {
-	  code = KADM5_GSS_ERROR;
-	  goto error;
-     }
-     if (c_ccname_orig)
-	  ccname_orig = strdup(c_ccname_orig);
-     else
-	  ccname_orig = 0;
-
-     buf.value = full_svcname;
-     buf.length = strlen((char *)buf.value) + 1;
-     gssstat = gss_import_name(&minor_stat, &buf,
-			       (gss_OID) gss_nt_krb5_name, &gss_target);
-     if (gssstat != GSS_S_COMPLETE) {
-	  code = KADM5_GSS_ERROR;
-	  goto error;
-     }
-
-     buf.value = client_name;
-     buf.length = strlen((char *)buf.value) + 1;
-     gssstat = gss_import_name(&minor_stat, &buf,
-			       (gss_OID) gss_nt_krb5_name, &gss_client);
-     if (gssstat != GSS_S_COMPLETE) {
-	  code = KADM5_GSS_ERROR;
-	  goto error;
-     }
-
-     gssstat = gss_acquire_cred(&minor_stat, gss_client, 0,
-				GSS_C_NULL_OID_SET, GSS_C_INITIATE,
-				&gss_client_creds, NULL, NULL);
-     if (gssstat != GSS_S_COMPLETE) {
-	  code = KADM5_GSS_ERROR;
+    kadm5_ret_t code;
+    OM_uint32 gssstat, minor_stat;
+    gss_buffer_desc buf;
+    gss_name_t gss_client;
+    gss_name_t gss_target;
+    gss_cred_id_t gss_client_creds;
+    const char *c_ccname_orig;
+    char *ccname_orig;
+
+    code = KADM5_GSS_ERROR;
+    gss_client_creds = GSS_C_NO_CREDENTIAL;
+    ccname_orig = NULL;
+    gss_client = gss_target = GSS_C_NO_NAME;
+
+    /* Temporarily use the kadm5 cache. */
+    gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name,
+                                   &c_ccname_orig);
+    if (gssstat != GSS_S_COMPLETE) {
+        code = KADM5_GSS_ERROR;
+        goto error;
+    }
+    if (c_ccname_orig)
+        ccname_orig = strdup(c_ccname_orig);
+    else
+        ccname_orig = 0;
+
+    buf.value = full_svcname;
+    buf.length = strlen((char *)buf.value) + 1;
+    gssstat = gss_import_name(&minor_stat, &buf,
+                              (gss_OID) gss_nt_krb5_name, &gss_target);
+    if (gssstat != GSS_S_COMPLETE) {
+        code = KADM5_GSS_ERROR;
+        goto error;
+    }
+
+    buf.value = client_name;
+    buf.length = strlen((char *)buf.value) + 1;
+    gssstat = gss_import_name(&minor_stat, &buf,
+                              (gss_OID) gss_nt_krb5_name, &gss_client);
+    if (gssstat != GSS_S_COMPLETE) {
+        code = KADM5_GSS_ERROR;
+        goto error;
+    }
+
+    gssstat = gss_acquire_cred(&minor_stat, gss_client, 0,
+                               GSS_C_NULL_OID_SET, GSS_C_INITIATE,
+                               &gss_client_creds, NULL, NULL);
+    if (gssstat != GSS_S_COMPLETE) {
+        code = KADM5_GSS_ERROR;
 #if 0 /* for debugging only */
-	  {
-	      OM_uint32 maj_status, min_status, message_context = 0;
-	      gss_buffer_desc status_string;
-	      do {
-		  maj_status = gss_display_status(&min_status,
-						  gssstat,
-						  GSS_C_GSS_CODE,
-						  GSS_C_NO_OID,
-						  &message_context,
-						  &status_string);
-		  if (maj_status == GSS_S_COMPLETE) {
-		      fprintf(stderr, "MAJ: %.*s\n",
-			      (int) status_string.length,
-			      (char *)status_string.value);
-		      gss_release_buffer(&min_status, &status_string);
-		  } else {
-		      fprintf(stderr,
-			      "MAJ? gss_display_status returns 0x%lx?!\n",
-			      (unsigned long) maj_status);
-		      message_context = 0;
-		  }
-	      } while (message_context != 0);
-	      do {
-		  maj_status = gss_display_status(&min_status,
-						  minor_stat,
-						  GSS_C_MECH_CODE,
-						  GSS_C_NO_OID,
-						  &message_context,
-						  &status_string);
-		  if (maj_status == GSS_S_COMPLETE) {
-		      fprintf(stderr, "MIN: %.*s\n",
-			      (int) status_string.length,
-			      (char *)status_string.value);
-		      gss_release_buffer(&min_status, &status_string);
-		  } else {
-		      fprintf(stderr,
-			      "MIN? gss_display_status returns 0x%lx?!\n",
-			      (unsigned long) maj_status);
-		      message_context = 0;
-		  }
-	      } while (message_context != 0);
-	  }
+        {
+            OM_uint32 maj_status, min_status, message_context = 0;
+            gss_buffer_desc status_string;
+            do {
+                maj_status = gss_display_status(&min_status,
+                                                gssstat,
+                                                GSS_C_GSS_CODE,
+                                                GSS_C_NO_OID,
+                                                &message_context,
+                                                &status_string);
+                if (maj_status == GSS_S_COMPLETE) {
+                    fprintf(stderr, "MAJ: %.*s\n",
+                            (int) status_string.length,
+                            (char *)status_string.value);
+                    gss_release_buffer(&min_status, &status_string);
+                } else {
+                    fprintf(stderr,
+                            "MAJ? gss_display_status returns 0x%lx?!\n",
+                            (unsigned long) maj_status);
+                    message_context = 0;
+                }
+            } while (message_context != 0);
+            do {
+                maj_status = gss_display_status(&min_status,
+                                                minor_stat,
+                                                GSS_C_MECH_CODE,
+                                                GSS_C_NO_OID,
+                                                &message_context,
+                                                &status_string);
+                if (maj_status == GSS_S_COMPLETE) {
+                    fprintf(stderr, "MIN: %.*s\n",
+                            (int) status_string.length,
+                            (char *)status_string.value);
+                    gss_release_buffer(&min_status, &status_string);
+                } else {
+                    fprintf(stderr,
+                            "MIN? gss_display_status returns 0x%lx?!\n",
+                            (unsigned long) maj_status);
+                    message_context = 0;
+                }
+            } while (message_context != 0);
+        }
 #endif
-	  goto error;
-     }
+        goto error;
+    }
 
-     /*
-      * Do actual creation of RPC auth handle.  Implements auth flavor
-      * fallback.
-      */
-     kadm5_rpc_auth(handle, params_in, gss_client_creds, gss_target);
+    /*
+     * Do actual creation of RPC auth handle.  Implements auth flavor
+     * fallback.
+     */
+    kadm5_rpc_auth(handle, params_in, gss_client_creds, gss_target);
 
 error:
-     if (gss_client_creds != GSS_C_NO_CREDENTIAL)
-	  (void) gss_release_cred(&minor_stat, &gss_client_creds);
-
-     if (gss_client)
-	  gss_release_name(&minor_stat, &gss_client);
-     if (gss_target)
-	  gss_release_name(&minor_stat, &gss_target);
-
-     /* Revert to prior gss_krb5 ccache. */
-     if (ccname_orig) {
-	 gssstat = gss_krb5_ccache_name(&minor_stat, ccname_orig, NULL);
-	 if (gssstat) {
-	     return KADM5_GSS_ERROR;
-	 }
-	 free(ccname_orig);
-     } else {
-	 gssstat = gss_krb5_ccache_name(&minor_stat, NULL, NULL);
-	 if (gssstat) {
-	     return KADM5_GSS_ERROR;
-	 }
-     }
-
-     if (handle->clnt->cl_auth == NULL) {
-	  return KADM5_GSS_ERROR;
-     }
-     return 0;
+    if (gss_client_creds != GSS_C_NO_CREDENTIAL)
+        (void) gss_release_cred(&minor_stat, &gss_client_creds);
+
+    if (gss_client)
+        gss_release_name(&minor_stat, &gss_client);
+    if (gss_target)
+        gss_release_name(&minor_stat, &gss_target);
+
+    /* Revert to prior gss_krb5 ccache. */
+    if (ccname_orig) {
+        gssstat = gss_krb5_ccache_name(&minor_stat, ccname_orig, NULL);
+        if (gssstat) {
+            return KADM5_GSS_ERROR;
+        }
+        free(ccname_orig);
+    } else {
+        gssstat = gss_krb5_ccache_name(&minor_stat, NULL, NULL);
+        if (gssstat) {
+            return KADM5_GSS_ERROR;
+        }
+    }
+
+    if (handle->clnt->cl_auth == NULL) {
+        return KADM5_GSS_ERROR;
+    }
+    return 0;
 }
 
 /*
@@ -736,77 +737,77 @@ error:
  */
 static void
 kadm5_rpc_auth(kadm5_server_handle_t handle,
-	       kadm5_config_params *params_in,
-	       gss_cred_id_t gss_client_creds,
-	       gss_name_t gss_target)
+               kadm5_config_params *params_in,
+               gss_cred_id_t gss_client_creds,
+               gss_name_t gss_target)
 {
-     OM_uint32 gssstat, minor_stat;
-     struct rpc_gss_sec sec;
-
-     /* Allow unauthenticated option for testing. */
-     if (params_in != NULL && (params_in->mask & KADM5_CONFIG_NO_AUTH))
-	  return;
-
-     /* Use RPCSEC_GSS by default. */
-     if (params_in == NULL ||
-	 !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) {
-	  sec.mech = gss_mech_krb5;
-	  sec.qop = GSS_C_QOP_DEFAULT;
-	  sec.svc = RPCSEC_GSS_SVC_PRIVACY;
-	  sec.cred = gss_client_creds;
-	  sec.req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
-
-	  handle->clnt->cl_auth = authgss_create(handle->clnt,
-						 gss_target, &sec);
-	  if (handle->clnt->cl_auth != NULL)
-	       return;
-     }
-
-     if (params_in != NULL && (params_in->mask & KADM5_CONFIG_AUTH_NOFALLBACK))
-	  return;
-
-     /* Fall back to old AUTH_GSSAPI. */
-     handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
-						&gssstat,
-						&minor_stat,
-						gss_client_creds,
-						gss_target,
-						(gss_OID) gss_mech_krb5,
-						GSS_C_MUTUAL_FLAG
-						| GSS_C_REPLAY_FLAG,
-						0, NULL, NULL, NULL);
+    OM_uint32 gssstat, minor_stat;
+    struct rpc_gss_sec sec;
+
+    /* Allow unauthenticated option for testing. */
+    if (params_in != NULL && (params_in->mask & KADM5_CONFIG_NO_AUTH))
+        return;
+
+    /* Use RPCSEC_GSS by default. */
+    if (params_in == NULL ||
+        !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) {
+        sec.mech = gss_mech_krb5;
+        sec.qop = GSS_C_QOP_DEFAULT;
+        sec.svc = RPCSEC_GSS_SVC_PRIVACY;
+        sec.cred = gss_client_creds;
+        sec.req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+
+        handle->clnt->cl_auth = authgss_create(handle->clnt,
+                                               gss_target, &sec);
+        if (handle->clnt->cl_auth != NULL)
+            return;
+    }
+
+    if (params_in != NULL && (params_in->mask & KADM5_CONFIG_AUTH_NOFALLBACK))
+        return;
+
+    /* Fall back to old AUTH_GSSAPI. */
+    handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
+                                               &gssstat,
+                                               &minor_stat,
+                                               gss_client_creds,
+                                               gss_target,
+                                               (gss_OID) gss_mech_krb5,
+                                               GSS_C_MUTUAL_FLAG
+                                               | GSS_C_REPLAY_FLAG,
+                                               0, NULL, NULL, NULL);
 }
 
 kadm5_ret_t
 kadm5_destroy(void *server_handle)
 {
-     krb5_ccache	    ccache = NULL;
-     int		    code = KADM5_OK;
-     kadm5_server_handle_t	handle =
-	  (kadm5_server_handle_t) server_handle;
-
-     CHECK_HANDLE(server_handle);
-
-     if (handle->destroy_cache && handle->cache_name) {
-	 if ((code = krb5_cc_resolve(handle->context,
-				     handle->cache_name, &ccache)) == 0) 
-	     code = krb5_cc_destroy (handle->context, ccache);
-     }
-     if (handle->cache_name)
-	 free(handle->cache_name);
-     if (handle->clnt && handle->clnt->cl_auth)
-	  AUTH_DESTROY(handle->clnt->cl_auth);
-     if (handle->clnt)
-	  clnt_destroy(handle->clnt);
-     if (handle->lhandle)
-          free (handle->lhandle);
-
-     kadm5_free_config_params(handle->context, &handle->params);
-
-     handle->magic_number = 0;
-     free(handle);
-
-     return code;
+    krb5_ccache            ccache = NULL;
+    int                    code = KADM5_OK;
+    kadm5_server_handle_t      handle =
+        (kadm5_server_handle_t) server_handle;
+
+    CHECK_HANDLE(server_handle);
+
+    if (handle->destroy_cache && handle->cache_name) {
+        if ((code = krb5_cc_resolve(handle->context,
+                                    handle->cache_name, &ccache)) == 0)
+            code = krb5_cc_destroy (handle->context, ccache);
+    }
+    if (handle->cache_name)
+        free(handle->cache_name);
+    if (handle->clnt && handle->clnt->cl_auth)
+        AUTH_DESTROY(handle->clnt->cl_auth);
+    if (handle->clnt)
+        clnt_destroy(handle->clnt);
+    if (handle->lhandle)
+        free (handle->lhandle);
+
+    kadm5_free_config_params(handle->context, &handle->params);
+
+    handle->magic_number = 0;
+    free(handle);
+
+    return code;
 }
 /* not supported on client */
 kadm5_ret_t kadm5_lock(void *server_handle)
@@ -822,13 +823,13 @@ kadm5_ret_t kadm5_unlock(void *server_handle)
 
 kadm5_ret_t kadm5_flush(void *server_handle)
 {
-     return KADM5_OK;
+    return KADM5_OK;
 }
 
 int _kadm5_check_handle(void *handle)
 {
-     CHECK_HANDLE(handle);
-     return 0;
+    CHECK_HANDLE(handle);
+    return 0;
 }
 
 krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
@@ -843,5 +844,5 @@ krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
 krb5_error_code
 kadm5_init_iprop(void *handle, char **db_args)
 {
-	return (0);
+    return (0);
 }
diff --git a/src/lib/kadm5/clnt/client_internal.h b/src/lib/kadm5/clnt/client_internal.h
index c5ebfec77..c3f8999a6 100644
--- a/src/lib/kadm5/clnt/client_internal.h
+++ b/src/lib/kadm5/clnt/client_internal.h
@@ -1,12 +1,13 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
  * $Header$
- * 
+ *
  * $Log$
  * Revision 1.1  1996/07/24 22:22:43  tlyu
- * 	* Makefile.in, configure.in: break out client lib into a
- * 		subdirectory
+ *      * Makefile.in, configure.in: break out client lib into a
+ *              subdirectory
  *
  * Revision 1.11  1996/07/22 20:35:46  marc
  * this commit includes all the changes on the OV_9510_INTEGRATION and
@@ -65,33 +66,33 @@
 #include "admin_internal.h"
 
 typedef struct _kadm5_server_handle_t {
-	krb5_ui_4	magic_number;
-	krb5_ui_4	struct_version;
-	krb5_ui_4	api_version;
-	char *		cache_name;
-	int		destroy_cache;
-	CLIENT *	clnt;
-	krb5_context	context;
-	kadm5_config_params params;
-	struct _kadm5_server_handle_t *lhandle;
+    krb5_ui_4       magic_number;
+    krb5_ui_4       struct_version;
+    krb5_ui_4       api_version;
+    char *          cache_name;
+    int             destroy_cache;
+    CLIENT *        clnt;
+    krb5_context    context;
+    kadm5_config_params params;
+    struct _kadm5_server_handle_t *lhandle;
 } kadm5_server_handle_rec, *kadm5_server_handle_t;
 
-#define CLIENT_CHECK_HANDLE(handle) \
-{ \
-	kadm5_server_handle_t srvr = \
-	     (kadm5_server_handle_t) handle; \
- \
-	if (! srvr->clnt) \
-	     return KADM5_BAD_SERVER_HANDLE; \
-	if (! srvr->cache_name) \
-	     return KADM5_BAD_SERVER_HANDLE; \
-	if (! srvr->lhandle) \
-	     return KADM5_BAD_SERVER_HANDLE; \
-}
+#define CLIENT_CHECK_HANDLE(handle)             \
+    {                                           \
+        kadm5_server_handle_t srvr =            \
+            (kadm5_server_handle_t) handle;     \
+                                                \
+        if (! srvr->clnt)                       \
+            return KADM5_BAD_SERVER_HANDLE;     \
+        if (! srvr->cache_name)                 \
+            return KADM5_BAD_SERVER_HANDLE;     \
+        if (! srvr->lhandle)                    \
+            return KADM5_BAD_SERVER_HANDLE;     \
+    }
 
-#define CHECK_HANDLE(handle) \
-     GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION, \
-			  KADM5_NEW_LIB_API_VERSION) \
-     CLIENT_CHECK_HANDLE(handle)
+#define CHECK_HANDLE(handle)                                    \
+    GENERIC_CHECK_HANDLE(handle, KADM5_OLD_LIB_API_VERSION,     \
+                         KADM5_NEW_LIB_API_VERSION)             \
+    CLIENT_CHECK_HANDLE(handle)
 
 #endif /* __KADM5_CLIENT_INTERNAL_H__ */
diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c
index 56ad51219..95d5c2dbd 100644
--- a/src/lib/kadm5/clnt/client_principal.c
+++ b/src/lib/kadm5/clnt/client_principal.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -26,11 +27,11 @@ static char *rcsid = "$Header$";
 
 kadm5_ret_t
 kadm5_create_principal(void *server_handle,
-			    kadm5_principal_ent_t princ, long mask,
-			    char *pw)
+                       kadm5_principal_ent_t princ, long mask,
+                       char *pw)
 {
-    generic_ret		*r;
-    cprinc_arg		arg;
+    generic_ret         *r;
+    cprinc_arg          arg;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -41,38 +42,38 @@ kadm5_create_principal(void *server_handle,
     arg.api_version = handle->api_version;
 
     if(princ == NULL)
-	return EINVAL;
+        return EINVAL;
 
     memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
     arg.rec.mod_name = NULL;
-    
+
     if(!(mask & KADM5_POLICY))
-	arg.rec.policy = NULL;
+        arg.rec.policy = NULL;
     if (! (mask & KADM5_KEY_DATA)) {
-	 arg.rec.n_key_data = 0;
-	 arg.rec.key_data = NULL;
+        arg.rec.n_key_data = 0;
+        arg.rec.key_data = NULL;
     }
     if (! (mask & KADM5_TL_DATA)) {
-	 arg.rec.n_tl_data = 0;
-	 arg.rec.tl_data = NULL;
+        arg.rec.n_tl_data = 0;
+        arg.rec.tl_data = NULL;
     }
-	 
+
     r = create_principal_2(&arg, handle->clnt);
 
     if(r == NULL)
-	eret();
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_create_principal_3(void *server_handle,
-			 kadm5_principal_ent_t princ, long mask,
-			 int n_ks_tuple,
-			 krb5_key_salt_tuple *ks_tuple,
-			 char *pw)
+                         kadm5_principal_ent_t princ, long mask,
+                         int n_ks_tuple,
+                         krb5_key_salt_tuple *ks_tuple,
+                         char *pw)
 {
-    generic_ret		*r;
-    cprinc3_arg		arg;
+    generic_ret         *r;
+    cprinc3_arg         arg;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -85,54 +86,54 @@ kadm5_create_principal_3(void *server_handle,
     arg.ks_tuple = ks_tuple;
 
     if(princ == NULL)
-	return EINVAL;
+        return EINVAL;
 
     memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
     arg.rec.mod_name = NULL;
-    
+
     if(!(mask & KADM5_POLICY))
-	arg.rec.policy = NULL;
+        arg.rec.policy = NULL;
     if (! (mask & KADM5_KEY_DATA)) {
-	 arg.rec.n_key_data = 0;
-	 arg.rec.key_data = NULL;
+        arg.rec.n_key_data = 0;
+        arg.rec.key_data = NULL;
     }
     if (! (mask & KADM5_TL_DATA)) {
-	 arg.rec.n_tl_data = 0;
-	 arg.rec.tl_data = NULL;
+        arg.rec.n_tl_data = 0;
+        arg.rec.tl_data = NULL;
     }
-	 
+
     r = create_principal3_2(&arg, handle->clnt);
 
     if(r == NULL)
-	eret();
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_delete_principal(void *server_handle, krb5_principal principal)
 {
-    dprinc_arg		arg;
-    generic_ret		*r;
+    dprinc_arg          arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
 
     if(principal == NULL)
-	return EINVAL;
+        return EINVAL;
     arg.princ = principal;
     arg.api_version = handle->api_version;
     r = delete_principal_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();    
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_modify_principal(void *server_handle,
-			    kadm5_principal_ent_t princ, long mask)
+                       kadm5_principal_ent_t princ, long mask)
 {
-    mprinc_arg		arg;
-    generic_ret		*r;
+    mprinc_arg          arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -141,87 +142,87 @@ kadm5_modify_principal(void *server_handle,
     arg.mask = mask;
     arg.api_version = handle->api_version;
     if(princ == NULL)
-	return EINVAL;
+        return EINVAL;
     memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
     if(!(mask & KADM5_POLICY))
-	arg.rec.policy = NULL;
+        arg.rec.policy = NULL;
     if (! (mask & KADM5_KEY_DATA)) {
-	 arg.rec.n_key_data = 0;
-	 arg.rec.key_data = NULL;
+        arg.rec.n_key_data = 0;
+        arg.rec.key_data = NULL;
     }
     if (! (mask & KADM5_TL_DATA)) {
-	 arg.rec.n_tl_data = 0;
-	 arg.rec.tl_data = NULL;
+        arg.rec.n_tl_data = 0;
+        arg.rec.tl_data = NULL;
     }
 
     arg.rec.mod_name = NULL;
-    
+
     r = modify_principal_2(&arg, handle->clnt);
 
     if(r == NULL)
-	eret();    
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_get_principal(void *server_handle,
-		    krb5_principal princ, kadm5_principal_ent_t ent,
-		    long mask)
+                    krb5_principal princ, kadm5_principal_ent_t ent,
+                    long mask)
 {
-    gprinc_arg	arg;
-    gprinc_ret	*r;
+    gprinc_arg  arg;
+    gprinc_ret  *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
 
     if(princ == NULL)
-	return EINVAL;
+        return EINVAL;
     arg.princ = princ;
     arg.mask = mask;
     arg.api_version = handle->api_version;
     r = get_principal_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();
+        eret();
     if (r->code == 0)
-	memcpy(ent, &r->rec, sizeof(r->rec));
-    
+        memcpy(ent, &r->rec, sizeof(r->rec));
+
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_get_principals(void *server_handle,
-			  char *exp, char ***princs, int *count)
+                     char *exp, char ***princs, int *count)
 {
-    gprincs_arg	arg;
-    gprincs_ret	*r;
+    gprincs_arg arg;
+    gprincs_ret *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
 
     if(princs == NULL || count == NULL)
-	return EINVAL;
+        return EINVAL;
     arg.exp = exp;
     arg.api_version = handle->api_version;
     r = get_princs_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();
+        eret();
     if(r->code == 0) {
-	 *count = r->count;
-	 *princs = r->princs;
+        *count = r->count;
+        *princs = r->princs;
     } else {
-	 *count = 0;
-	 *princs = NULL;
+        *count = 0;
+        *princs = NULL;
     }
-    
+
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_rename_principal(void *server_handle,
-			    krb5_principal source, krb5_principal dest)
+                       krb5_principal source, krb5_principal dest)
 {
-    rprinc_arg		arg;
-    generic_ret		*r;
+    rprinc_arg          arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -230,19 +231,19 @@ kadm5_rename_principal(void *server_handle,
     arg.dest = dest;
     arg.api_version = handle->api_version;
     if (source == NULL || dest == NULL)
-	return EINVAL;
+        return EINVAL;
     r = rename_principal_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();        
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_chpass_principal(void *server_handle,
-			    krb5_principal princ, char *password)
+                       krb5_principal princ, char *password)
 {
-    chpass_arg		arg;
-    generic_ret		*r;
+    chpass_arg          arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -252,21 +253,21 @@ kadm5_chpass_principal(void *server_handle,
     arg.api_version = handle->api_version;
 
     if(princ == NULL)
-	return EINVAL;
+        return EINVAL;
     r = chpass_principal_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();        
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_chpass_principal_3(void *server_handle,
-			 krb5_principal princ, krb5_boolean keepold,
-			 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
-			 char *password)
+                         krb5_principal princ, krb5_boolean keepold,
+                         int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                         char *password)
 {
-    chpass3_arg		arg;
-    generic_ret		*r;
+    chpass3_arg         arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -279,20 +280,20 @@ kadm5_chpass_principal_3(void *server_handle,
     arg.ks_tuple = ks_tuple;
 
     if(princ == NULL)
-	return EINVAL;
+        return EINVAL;
     r = chpass_principal3_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();        
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_setv4key_principal(void *server_handle,
-			 krb5_principal princ,
-			 krb5_keyblock *keyblock)
+                         krb5_principal princ,
+                         krb5_keyblock *keyblock)
 {
-    setv4key_arg	arg;
-    generic_ret		*r;
+    setv4key_arg        arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -302,21 +303,21 @@ kadm5_setv4key_principal(void *server_handle,
     arg.api_version = handle->api_version;
 
     if(princ == NULL || keyblock == NULL)
-	return EINVAL;
+        return EINVAL;
     r = setv4key_principal_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();        
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_setkey_principal(void *server_handle,
-		       krb5_principal princ,
-		       krb5_keyblock *keyblocks,
-		       int n_keys)
+                       krb5_principal princ,
+                       krb5_keyblock *keyblocks,
+                       int n_keys)
 {
-    setkey_arg		arg;
-    generic_ret		*r;
+    setkey_arg          arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -327,23 +328,23 @@ kadm5_setkey_principal(void *server_handle,
     arg.api_version = handle->api_version;
 
     if(princ == NULL || keyblocks == NULL)
-	return EINVAL;
+        return EINVAL;
     r = setkey_principal_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();        
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_setkey_principal_3(void *server_handle,
-			 krb5_principal princ,
-			 krb5_boolean keepold, int n_ks_tuple,
-			 krb5_key_salt_tuple *ks_tuple,
-			 krb5_keyblock *keyblocks,
-			 int n_keys)
+                         krb5_principal princ,
+                         krb5_boolean keepold, int n_ks_tuple,
+                         krb5_key_salt_tuple *ks_tuple,
+                         krb5_keyblock *keyblocks,
+                         int n_keys)
 {
-    setkey3_arg		arg;
-    generic_ret		*r;
+    setkey3_arg         arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -357,24 +358,24 @@ kadm5_setkey_principal_3(void *server_handle,
     arg.ks_tuple = ks_tuple;
 
     if(princ == NULL || keyblocks == NULL)
-	return EINVAL;
+        return EINVAL;
     r = setkey_principal3_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();        
+        eret();
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_randkey_principal_3(void *server_handle,
-			  krb5_principal princ,
-			  krb5_boolean keepold, int n_ks_tuple,
-			  krb5_key_salt_tuple *ks_tuple,
-			  krb5_keyblock **key, int *n_keys)
+                          krb5_principal princ,
+                          krb5_boolean keepold, int n_ks_tuple,
+                          krb5_key_salt_tuple *ks_tuple,
+                          krb5_keyblock **key, int *n_keys)
 {
-    chrand3_arg		arg;
-    chrand_ret		*r;
+    chrand3_arg         arg;
+    chrand_ret          *r;
     kadm5_server_handle_t handle = server_handle;
-    int			i, ret;
+    int                 i, ret;
 
     CHECK_HANDLE(server_handle);
 
@@ -385,27 +386,27 @@ kadm5_randkey_principal_3(void *server_handle,
     arg.ks_tuple = ks_tuple;
 
     if(princ == NULL)
-	return EINVAL;
+        return EINVAL;
     r = chrand_principal3_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();
+        eret();
     if (n_keys)
-	*n_keys = r->n_keys;
+        *n_keys = r->n_keys;
     if (key) {
-	if(r->n_keys) {
-	    *key = malloc(r->n_keys * sizeof(krb5_keyblock));
-	    if (*key == NULL)
-		return ENOMEM;
-	    for (i = 0; i < r->n_keys; i++) {
-		ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
-						  &(*key)[i]);
-		if (ret) {
-		    free(*key);
-		    return ENOMEM;
-		}
-	    }
-	} else
-	    *key = NULL;
+        if(r->n_keys) {
+            *key = malloc(r->n_keys * sizeof(krb5_keyblock));
+            if (*key == NULL)
+                return ENOMEM;
+            for (i = 0; i < r->n_keys; i++) {
+                ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
+                                                  &(*key)[i]);
+                if (ret) {
+                    free(*key);
+                    return ENOMEM;
+                }
+            }
+        } else
+            *key = NULL;
     }
 
     return r->code;
@@ -413,13 +414,13 @@ kadm5_randkey_principal_3(void *server_handle,
 
 kadm5_ret_t
 kadm5_randkey_principal(void *server_handle,
-			krb5_principal princ,
-			krb5_keyblock **key, int *n_keys)
+                        krb5_principal princ,
+                        krb5_keyblock **key, int *n_keys)
 {
-    chrand_arg		arg;
-    chrand_ret		*r;
+    chrand_arg          arg;
+    chrand_ret          *r;
     kadm5_server_handle_t handle = server_handle;
-    int			i, ret;
+    int                 i, ret;
 
     CHECK_HANDLE(server_handle);
 
@@ -427,27 +428,27 @@ kadm5_randkey_principal(void *server_handle,
     arg.api_version = handle->api_version;
 
     if(princ == NULL)
-	return EINVAL;
+        return EINVAL;
     r = chrand_principal_2(&arg, handle->clnt);
     if(r == NULL)
-	eret();
+        eret();
     if (n_keys)
-	*n_keys = r->n_keys;
+        *n_keys = r->n_keys;
     if (key) {
-	if(r->n_keys) {
-	    *key = malloc(r->n_keys * sizeof(krb5_keyblock));
-	    if (*key == NULL)
-		return ENOMEM;
-	    for (i = 0; i < r->n_keys; i++) {
-		ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
-						  &(*key)[i]);
-		if (ret) {
-		    free(*key);
-		    return ENOMEM;
-		}
-	    }
-	} else
-	    *key = NULL;
+        if(r->n_keys) {
+            *key = malloc(r->n_keys * sizeof(krb5_keyblock));
+            if (*key == NULL)
+                return ENOMEM;
+            for (i = 0; i < r->n_keys; i++) {
+                ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
+                                                  &(*key)[i]);
+                if (ret) {
+                    free(*key);
+                    return ENOMEM;
+                }
+            }
+        } else
+            *key = NULL;
     }
 
     return r->code;
@@ -455,10 +456,10 @@ kadm5_randkey_principal(void *server_handle,
 
 /* not supported on client side */
 kadm5_ret_t kadm5_decrypt_key(void *server_handle,
-			      kadm5_principal_ent_t entry, krb5_int32
-			      ktype, krb5_int32 stype, krb5_int32
-			      kvno, krb5_keyblock *keyblock,
-			      krb5_keysalt *keysalt, int *kvnop)
+                              kadm5_principal_ent_t entry, krb5_int32
+                              ktype, krb5_int32 stype, krb5_int32
+                              kvno, krb5_keyblock *keyblock,
+                              krb5_keysalt *keysalt, int *kvnop)
 {
-     return EINVAL;
+    return EINVAL;
 }
diff --git a/src/lib/kadm5/clnt/client_rpc.c b/src/lib/kadm5/clnt/client_rpc.c
index 19c8b4703..752206b17 100644
--- a/src/lib/kadm5/clnt/client_rpc.c
+++ b/src/lib/kadm5/clnt/client_rpc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <gssrpc/rpc.h>
 #include <kadm5/kadm_rpc.h>
 #include <krb5.h>
@@ -14,314 +15,314 @@ static struct timeval TIMEOUT = { 120, 0 };
 generic_ret *
 create_principal_2(cprinc_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, CREATE_PRINCIPAL,
-		      (xdrproc_t) xdr_cprinc_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, CREATE_PRINCIPAL,
+                  (xdrproc_t) xdr_cprinc_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 create_principal3_2(cprinc3_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, CREATE_PRINCIPAL3,
-		      (xdrproc_t) xdr_cprinc3_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, CREATE_PRINCIPAL3,
+                  (xdrproc_t) xdr_cprinc3_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 delete_principal_2(dprinc_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, DELETE_PRINCIPAL,
-		      (xdrproc_t) xdr_dprinc_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, DELETE_PRINCIPAL,
+                  (xdrproc_t) xdr_dprinc_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 modify_principal_2(mprinc_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, MODIFY_PRINCIPAL,
-		      (xdrproc_t) xdr_mprinc_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, MODIFY_PRINCIPAL,
+                  (xdrproc_t) xdr_mprinc_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 rename_principal_2(rprinc_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, RENAME_PRINCIPAL,
-		      (xdrproc_t) xdr_rprinc_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, RENAME_PRINCIPAL,
+                  (xdrproc_t) xdr_rprinc_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 gprinc_ret *
 get_principal_2(gprinc_arg *argp, CLIENT *clnt)
 {
-	static gprinc_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, GET_PRINCIPAL,
-		      (xdrproc_t) xdr_gprinc_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_gprinc_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static gprinc_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, GET_PRINCIPAL,
+                  (xdrproc_t) xdr_gprinc_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_gprinc_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 gprincs_ret *
 get_princs_2(gprincs_arg *argp, CLIENT *clnt)
 {
-	static gprincs_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, GET_PRINCS,
-		      (xdrproc_t) xdr_gprincs_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_gprincs_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) { 
-	     return (NULL);
-	}
-	return (&clnt_res);
+    static gprincs_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, GET_PRINCS,
+                  (xdrproc_t) xdr_gprincs_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_gprincs_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 chpass_principal_2(chpass_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, CHPASS_PRINCIPAL,
-		      (xdrproc_t) xdr_chpass_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, CHPASS_PRINCIPAL,
+                  (xdrproc_t) xdr_chpass_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 chpass_principal3_2(chpass3_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, CHPASS_PRINCIPAL3,
-		      (xdrproc_t) xdr_chpass3_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, CHPASS_PRINCIPAL3,
+                  (xdrproc_t) xdr_chpass3_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 setv4key_principal_2(setv4key_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, SETV4KEY_PRINCIPAL,
-		      (xdrproc_t) xdr_setv4key_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, SETV4KEY_PRINCIPAL,
+                  (xdrproc_t) xdr_setv4key_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 setkey_principal_2(setkey_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, SETKEY_PRINCIPAL,
-		      (xdrproc_t) xdr_setkey_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, SETKEY_PRINCIPAL,
+                  (xdrproc_t) xdr_setkey_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 setkey_principal3_2(setkey3_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, SETKEY_PRINCIPAL3,
-		      (xdrproc_t) xdr_setkey3_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, SETKEY_PRINCIPAL3,
+                  (xdrproc_t) xdr_setkey3_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 chrand_ret *
 chrand_principal_2(chrand_arg *argp, CLIENT *clnt)
 {
-	static chrand_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, CHRAND_PRINCIPAL,
-		      (xdrproc_t) xdr_chrand_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static chrand_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, CHRAND_PRINCIPAL,
+                  (xdrproc_t) xdr_chrand_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 chrand_ret *
 chrand_principal3_2(chrand3_arg *argp, CLIENT *clnt)
 {
-	static chrand_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, CHRAND_PRINCIPAL3,
-		      (xdrproc_t) xdr_chrand3_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static chrand_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, CHRAND_PRINCIPAL3,
+                  (xdrproc_t) xdr_chrand3_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_chrand_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 create_policy_2(cpol_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, CREATE_POLICY,
-		      (xdrproc_t) xdr_cpol_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, CREATE_POLICY,
+                  (xdrproc_t) xdr_cpol_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 delete_policy_2(dpol_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, DELETE_POLICY,
-		      (xdrproc_t) xdr_dpol_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, DELETE_POLICY,
+                  (xdrproc_t) xdr_dpol_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 modify_policy_2(mpol_arg *argp, CLIENT *clnt)
 {
-	static generic_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, MODIFY_POLICY,
-		      (xdrproc_t) xdr_mpol_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, MODIFY_POLICY,
+                  (xdrproc_t) xdr_mpol_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 gpol_ret *
 get_policy_2(gpol_arg *argp, CLIENT *clnt)
 {
-	static gpol_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, GET_POLICY,
-		      (xdrproc_t) xdr_gpol_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_gpol_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) {
-		return (NULL);
-	}
-	return (&clnt_res);
+    static gpol_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, GET_POLICY,
+                  (xdrproc_t) xdr_gpol_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_gpol_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 gpols_ret *
 get_pols_2(gpols_arg *argp, CLIENT *clnt)
 {
-	static gpols_ret clnt_res;
-
-	memset(&clnt_res, 0, sizeof(clnt_res));
-	if (clnt_call(clnt, GET_POLS,
-		      (xdrproc_t) xdr_gpols_arg, (caddr_t) argp,
-		      (xdrproc_t) xdr_gpols_ret, (caddr_t) &clnt_res,
-		      TIMEOUT) != RPC_SUCCESS) { 
-	     return (NULL);
-	}
-	return (&clnt_res);
+    static gpols_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, GET_POLS,
+                  (xdrproc_t) xdr_gpols_arg, (caddr_t) argp,
+                  (xdrproc_t) xdr_gpols_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 getprivs_ret *
 get_privs_2(void *argp, CLIENT *clnt)
 {
-     static getprivs_ret clnt_res;
-
-     memset(&clnt_res, 0, sizeof(clnt_res));
-     if (clnt_call(clnt, GET_PRIVS,
-		   (xdrproc_t) xdr_u_int32, (caddr_t) argp,
-		   (xdrproc_t) xdr_getprivs_ret, (caddr_t) &clnt_res,
-		   TIMEOUT) != RPC_SUCCESS) {
-	  return (NULL);
-     }
-     return (&clnt_res);
+    static getprivs_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, GET_PRIVS,
+                  (xdrproc_t) xdr_u_int32, (caddr_t) argp,
+                  (xdrproc_t) xdr_getprivs_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
 
 generic_ret *
 init_2(void *argp, CLIENT *clnt)
 {
-     static generic_ret clnt_res;
-
-     memset(&clnt_res, 0, sizeof(clnt_res));
-     if (clnt_call(clnt, INIT,
-		   (xdrproc_t) xdr_u_int32, (caddr_t) argp,
-		   (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
-		   TIMEOUT) != RPC_SUCCESS) {
-	  return (NULL);
-     }
-     return (&clnt_res);
+    static generic_ret clnt_res;
+
+    memset(&clnt_res, 0, sizeof(clnt_res));
+    if (clnt_call(clnt, INIT,
+                  (xdrproc_t) xdr_u_int32, (caddr_t) argp,
+                  (xdrproc_t) xdr_generic_ret, (caddr_t) &clnt_res,
+                  TIMEOUT) != RPC_SUCCESS) {
+        return (NULL);
+    }
+    return (&clnt_res);
 }
diff --git a/src/lib/kadm5/clnt/clnt_chpass_util.c b/src/lib/kadm5/clnt/clnt_chpass_util.c
index 71ab64937..618efda98 100644
--- a/src/lib/kadm5/clnt/clnt_chpass_util.c
+++ b/src/lib/kadm5/clnt/clnt_chpass_util.c
@@ -1,16 +1,17 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <kadm5/admin.h>
 #include "client_internal.h"
 
 kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
-					krb5_principal princ,
-					char *new_pw, 
-					char **ret_pw,
-					char *msg_ret,
-					unsigned int msg_len)
+                                        krb5_principal princ,
+                                        char *new_pw,
+                                        char **ret_pw,
+                                        char *msg_ret,
+                                        unsigned int msg_len)
 {
-  kadm5_server_handle_t handle = server_handle;
+    kadm5_server_handle_t handle = server_handle;
 
-  CHECK_HANDLE(server_handle);
-  return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
-				      new_pw, ret_pw, msg_ret, msg_len);
+    CHECK_HANDLE(server_handle);
+    return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
+                                        new_pw, ret_pw, msg_ret, msg_len);
 }
diff --git a/src/lib/kadm5/clnt/clnt_policy.c b/src/lib/kadm5/clnt/clnt_policy.c
index fc91245e8..0b6796f27 100644
--- a/src/lib/kadm5/clnt/clnt_policy.c
+++ b/src/lib/kadm5/clnt/clnt_policy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -12,29 +13,29 @@ static char *rcsid = "$Header$";
 #include    <kadm5/admin.h>
 #include    <kadm5/kadm_rpc.h>
 #include    "client_internal.h"
-#include	<stdlib.h>
-#include	<string.h>
-#include	<errno.h>
+#include        <stdlib.h>
+#include        <string.h>
+#include        <errno.h>
 
 kadm5_ret_t
 kadm5_create_policy(void *server_handle,
-			 kadm5_policy_ent_t policy, long mask)
+                    kadm5_policy_ent_t policy, long mask)
 {
-    cpol_arg		arg;
-    generic_ret		*r;
+    cpol_arg            arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
 
     if(policy == (kadm5_policy_ent_t) NULL)
-	return EINVAL;
+        return EINVAL;
 
     arg.mask = mask;
     arg.api_version = handle->api_version;
     memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec));
     r = create_policy_2(&arg, handle->clnt);
     if(r == NULL)
-	return KADM5_RPC_ERROR;    
+        return KADM5_RPC_ERROR;
 
     return r->code;
 }
@@ -42,45 +43,45 @@ kadm5_create_policy(void *server_handle,
 kadm5_ret_t
 kadm5_delete_policy(void *server_handle, char *name)
 {
-    dpol_arg		arg;
-    generic_ret		*r;
+    dpol_arg            arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
-	 
+
     CHECK_HANDLE(server_handle);
 
     if(name == NULL)
-	return EINVAL;
+        return EINVAL;
 
     arg.name = name;
     arg.api_version = handle->api_version;
 
     r = delete_policy_2(&arg, handle->clnt);
     if(r == NULL)
-	return KADM5_RPC_ERROR;    
+        return KADM5_RPC_ERROR;
 
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_modify_policy(void *server_handle,
-			 kadm5_policy_ent_t policy, long mask)
+                    kadm5_policy_ent_t policy, long mask)
 {
-    mpol_arg		arg;
-    generic_ret		*r;
+    mpol_arg            arg;
+    generic_ret         *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
 
     if(policy == (kadm5_policy_ent_t) NULL)
-	return EINVAL;
-	
+        return EINVAL;
+
     arg.mask = mask;
     arg.api_version = handle->api_version;
 
     memcpy(&arg.rec, policy, sizeof(kadm5_policy_ent_rec));
     r = modify_policy_2(&arg, handle->clnt);
     if(r == NULL)
-	return KADM5_RPC_ERROR;    
+        return KADM5_RPC_ERROR;
 
     return r->code;
 }
@@ -88,8 +89,8 @@ kadm5_modify_policy(void *server_handle,
 kadm5_ret_t
 kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent)
 {
-    gpol_arg	    arg;
-    gpol_ret	    *r;
+    gpol_arg        arg;
+    gpol_ret        *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -98,41 +99,41 @@ kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent)
     arg.api_version = handle->api_version;
 
     if(name == NULL)
-	return EINVAL;
-	
+        return EINVAL;
+
     r = get_policy_2(&arg, handle->clnt);
     if(r == NULL)
-	return KADM5_RPC_ERROR;
+        return KADM5_RPC_ERROR;
     if (r->code == 0)
-	memcpy(ent, &r->rec, sizeof(r->rec));
-	 
+        memcpy(ent, &r->rec, sizeof(r->rec));
+
     return r->code;
 }
 
 kadm5_ret_t
 kadm5_get_policies(void *server_handle,
-			  char *exp, char ***pols, int *count)
+                   char *exp, char ***pols, int *count)
 {
-    gpols_arg	arg;
-    gpols_ret	*r;
+    gpols_arg   arg;
+    gpols_ret   *r;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
 
     if(pols == NULL || count == NULL)
-	return EINVAL;
+        return EINVAL;
     arg.exp = exp;
     arg.api_version = handle->api_version;
     r = get_pols_2(&arg, handle->clnt);
     if(r == NULL)
-	return KADM5_RPC_ERROR;
+        return KADM5_RPC_ERROR;
     if(r->code == 0) {
-	 *count = r->count;
-	 *pols = r->pols;
+        *count = r->count;
+        *pols = r->pols;
     } else {
-	 *count = 0;
-	 *pols = NULL;
+        *count = 0;
+        *pols = NULL;
     }
-    
+
     return r->code;
 }
diff --git a/src/lib/kadm5/clnt/clnt_privs.c b/src/lib/kadm5/clnt/clnt_privs.c
index 5f7ed4370..15b16b1c9 100644
--- a/src/lib/kadm5/clnt/clnt_privs.c
+++ b/src/lib/kadm5/clnt/clnt_privs.c
@@ -1,9 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
  *
  * $Id$
  * $Source$
- * 
+ *
  */
 
 #if !defined(lint) && !defined(__CODECENTER__)
@@ -17,14 +18,14 @@ static char *rcsid = "$Header$";
 
 kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs)
 {
-     getprivs_ret *r;
-     kadm5_server_handle_t handle = server_handle;
+    getprivs_ret *r;
+    kadm5_server_handle_t handle = server_handle;
 
-     r = get_privs_2(&handle->api_version, handle->clnt);
-     if (r == NULL)
-	  return KADM5_RPC_ERROR;
-     else if (r->code == KADM5_OK)
-	  *privs = r->privs;
+    r = get_privs_2(&handle->api_version, handle->clnt);
+    if (r == NULL)
+        return KADM5_RPC_ERROR;
+    else if (r->code == KADM5_OK)
+        *privs = r->privs;
 
-     return r->code;
+    return r->code;
 }
diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index 8ddf33a24..41ab3f1f9 100644
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -64,7 +64,7 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
 	       }
 	  }
 	  return (xdr_opaque(xdrs, *objp, size));
-	  
+
      case XDR_ENCODE:
 	  if (size != 0)
 	       return (xdr_opaque(xdrs, *objp, size));
@@ -226,15 +226,15 @@ xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp)
 static bool_t xdr_krb5_boolean(XDR *xdrs, krb5_boolean *kbool)
 {
 	bool_t val;
-	
+
 	switch (xdrs->x_op) {
 	case XDR_DECODE:
 	     if (!xdr_bool(xdrs, &val))
 		     return FALSE;
-	     
+
 	     *kbool = (val == FALSE) ? FALSE : TRUE;
 	     return TRUE;
-	     
+
 	case XDR_ENCODE:
 	     val = *kbool ? TRUE : FALSE;
 	     return xdr_bool(xdrs, &val);
@@ -242,7 +242,7 @@ static bool_t xdr_krb5_boolean(XDR *xdrs, krb5_boolean *kbool)
 	case XDR_FREE:
 	     return TRUE;
 	}
-	
+
 	return FALSE;
 }
 
@@ -283,13 +283,13 @@ bool_t xdr_krb5_key_data_nocontents(XDR *xdrs, krb5_key_data *objp)
 	  if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
 			 &tmp, ~0))
 	       return FALSE;
-	  
+
 	  tmp = (unsigned int) objp->key_data_length[1];
 	  if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
 			 &tmp, ~0))
 	       return FALSE;
      }
-     
+
      return (TRUE);
 }
 
@@ -320,7 +320,7 @@ bool_t xdr_krb5_tl_data(XDR *xdrs, krb5_tl_data **tl_data_head)
 	       tl = tl2;
 	  }
 	  break;
-	  
+
      case XDR_ENCODE:
 	  tl = *tl_data_head;
 	  while (1) {
@@ -394,7 +394,7 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
 			     int v)
 {
 	unsigned int n;
-     
+
 	if (!xdr_krb5_principal(xdrs, &objp->principal)) {
 		return (FALSE);
 	}
@@ -625,7 +625,7 @@ xdr_gprincs_arg(XDR *xdrs, gprincs_arg *objp)
 }
 
 bool_t
-xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp)     
+xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp)
 {
      if (!xdr_ui_4(xdrs, &objp->api_version)) {
 	  return (FALSE);
@@ -810,7 +810,7 @@ xdr_gprinc_arg(XDR *xdrs, gprinc_arg *objp)
 	if (!xdr_long(xdrs, &objp->mask)) {
 	     return FALSE;
 	}
-	     
+
 	return (TRUE);
 }
 
@@ -920,7 +920,7 @@ xdr_gpols_arg(XDR *xdrs, gpols_arg *objp)
 }
 
 bool_t
-xdr_gpols_ret(XDR *xdrs, gpols_ret *objp)     
+xdr_gpols_ret(XDR *xdrs, gpols_ret *objp)
 {
      if (!xdr_ui_4(xdrs, &objp->api_version)) {
 	  return (FALSE);
@@ -972,7 +972,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_principal *objp)
     switch(xdrs->x_op) {
     case XDR_ENCODE:
 	if (*objp) {
-	     if((ret = krb5_unparse_name(context, *objp, &p)) != 0) 
+	     if((ret = krb5_unparse_name(context, *objp, &p)) != 0)
 		  return FALSE;
 	}
 	if(!xdr_nullstring(xdrs, &p))
@@ -984,7 +984,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_principal *objp)
 	    return FALSE;
 	if (p) {
 	     ret = krb5_parse_name(context, p, &pr);
-	     if(ret != 0) 
+	     if(ret != 0)
 		  return FALSE;
 	     *objp = pr;
 	     free(p);
@@ -992,7 +992,7 @@ xdr_krb5_principal(XDR *xdrs, krb5_principal *objp)
 	     *objp = NULL;
 	break;
     case XDR_FREE:
-	if(*objp != NULL) 
+	if(*objp != NULL)
 	    krb5_free_principal(context, *objp);
 	break;
     }
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index efff81872..b8da20955 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kadm/logger.c
  *
@@ -29,117 +30,117 @@
 #define VERBOSE_LOGS
 
 /*
- * logger.c	- Handle logging functions for those who want it.
+ * logger.c     - Handle logging functions for those who want it.
  */
 #include "k5-int.h"
 #include "adm_proto.h"
 #include "com_err.h"
 #include <stdio.h>
 #include <ctype.h>
-#ifdef	HAVE_SYSLOG_H
+#ifdef  HAVE_SYSLOG_H
 #include <syslog.h>
-#endif	/* HAVE_SYSLOG_H */
+#endif  /* HAVE_SYSLOG_H */
 #include <stdarg.h>
 
-#define	KRB5_KLOG_MAX_ERRMSG_SIZE	2048
-#ifndef	MAXHOSTNAMELEN
-#define	MAXHOSTNAMELEN	256
-#endif	/* MAXHOSTNAMELEN */
+#define KRB5_KLOG_MAX_ERRMSG_SIZE       2048
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN  256
+#endif  /* MAXHOSTNAMELEN */
 
 /* This is to assure that we have at least one match in the syslog stuff */
-#ifndef	LOG_AUTH
-#define	LOG_AUTH	0
-#endif	/* LOG_AUTH */
-#ifndef	LOG_ERR
-#define	LOG_ERR		0
-#endif	/* LOG_ERR */
-
-#define lspec_parse_err_1	"%s: cannot parse <%s>\n"
-#define lspec_parse_err_2	"%s: warning - logging entry syntax error\n"
-#define log_file_err		"%s: error writing to %s\n"
-#define log_device_err		"%s: error writing to %s device\n"
-#define log_ufo_string		"?\?\?" /* nb: avoid trigraphs */
-#define log_emerg_string	"EMERGENCY"
-#define log_alert_string	"ALERT"
-#define log_crit_string		"CRITICAL"
-#define log_err_string		"Error"
-#define log_warning_string	"Warning"
-#define log_notice_string	"Notice"
-#define log_info_string		"info"
-#define log_debug_string	"debug"
+#ifndef LOG_AUTH
+#define LOG_AUTH        0
+#endif  /* LOG_AUTH */
+#ifndef LOG_ERR
+#define LOG_ERR         0
+#endif  /* LOG_ERR */
+
+#define lspec_parse_err_1       "%s: cannot parse <%s>\n"
+#define lspec_parse_err_2       "%s: warning - logging entry syntax error\n"
+#define log_file_err            "%s: error writing to %s\n"
+#define log_device_err          "%s: error writing to %s device\n"
+#define log_ufo_string          "?\?\?" /* nb: avoid trigraphs */
+#define log_emerg_string        "EMERGENCY"
+#define log_alert_string        "ALERT"
+#define log_crit_string         "CRITICAL"
+#define log_err_string          "Error"
+#define log_warning_string      "Warning"
+#define log_notice_string       "Notice"
+#define log_info_string         "info"
+#define log_debug_string        "debug"
 
 /*
  * Output logging.
  *
  * Output logging is now controlled by the configuration file.  We can specify
  * the following syntaxes under the [logging]->entity specification.
- *	FILE<opentype><pathname>
- *	SYSLOG[=<severity>[:<facility>]]
- *	STDERR
- *	CONSOLE
- *	DEVICE=<device-spec>
+ *      FILE<opentype><pathname>
+ *      SYSLOG[=<severity>[:<facility>]]
+ *      STDERR
+ *      CONSOLE
+ *      DEVICE=<device-spec>
  *
  * Where:
- *	<opentype> is ":" for open/append, "=" for open/create.
- *	<pathname> is a valid path name.
- *	<severity> is one of: (default = ERR)
- *		EMERG
- *		ALERT
- *		CRIT
- *		ERR
- *		WARNING
- *		NOTICE
- *		INFO
- *		DEBUG
- *	<facility> is one of: (default = AUTH)
- *		KERN
- *		USER
- *		MAIL
- *		DAEMON
- *		AUTH
- *		LPR
- *		NEWS
- *		UUCP
- *		CRON
- *		LOCAL0..LOCAL7
- *	<device-spec> is a valid device specification.
+ *      <opentype> is ":" for open/append, "=" for open/create.
+ *      <pathname> is a valid path name.
+ *      <severity> is one of: (default = ERR)
+ *              EMERG
+ *              ALERT
+ *              CRIT
+ *              ERR
+ *              WARNING
+ *              NOTICE
+ *              INFO
+ *              DEBUG
+ *      <facility> is one of: (default = AUTH)
+ *              KERN
+ *              USER
+ *              MAIL
+ *              DAEMON
+ *              AUTH
+ *              LPR
+ *              NEWS
+ *              UUCP
+ *              CRON
+ *              LOCAL0..LOCAL7
+ *      <device-spec> is a valid device specification.
  */
 struct log_entry {
     enum log_type { K_LOG_FILE,
-			K_LOG_SYSLOG,
-			K_LOG_STDERR,
-			K_LOG_CONSOLE,
-			K_LOG_DEVICE,
-			K_LOG_NONE } log_type;
+                    K_LOG_SYSLOG,
+                    K_LOG_STDERR,
+                    K_LOG_CONSOLE,
+                    K_LOG_DEVICE,
+                    K_LOG_NONE } log_type;
     krb5_pointer log_2free;
     union log_union {
-	struct log_file {
-	    FILE	*lf_filep;
-	    char	*lf_fname;
-	} log_file;
-	struct log_syslog {
-	    int		ls_facility;
-	    int		ls_severity;
-	} log_syslog;
-	struct log_device {
-	    FILE	*ld_filep;
-	    char	*ld_devname;
-	} log_device;
+        struct log_file {
+            FILE        *lf_filep;
+            char        *lf_fname;
+        } log_file;
+        struct log_syslog {
+            int         ls_facility;
+            int         ls_severity;
+        } log_syslog;
+        struct log_device {
+            FILE        *ld_filep;
+            char        *ld_devname;
+        } log_device;
     } log_union;
 };
-#define	lfu_filep	log_union.log_file.lf_filep
-#define	lfu_fname	log_union.log_file.lf_fname
-#define	lsu_facility	log_union.log_syslog.ls_facility
-#define	lsu_severity	log_union.log_syslog.ls_severity
-#define	ldu_filep	log_union.log_device.ld_filep
-#define	ldu_devname	log_union.log_device.ld_devname
+#define lfu_filep       log_union.log_file.lf_filep
+#define lfu_fname       log_union.log_file.lf_fname
+#define lsu_facility    log_union.log_syslog.ls_facility
+#define lsu_severity    log_union.log_syslog.ls_severity
+#define ldu_filep       log_union.log_device.ld_filep
+#define ldu_devname     log_union.log_device.ld_devname
 
 struct log_control {
-    struct log_entry	*log_entries;
-    int			log_nentries;
-    char		*log_whoami;
-    char		*log_hostname;
-    krb5_boolean	log_opened;
+    struct log_entry    *log_entries;
+    int                 log_nentries;
+    char                *log_whoami;
+    char                *log_hostname;
+    krb5_boolean        log_opened;
 };
 
 static struct log_control log_control = {
@@ -149,23 +150,23 @@ static struct log_control log_control = {
     (char *) NULL,
     0
 };
-static struct log_entry	def_log_entry;
+static struct log_entry def_log_entry;
 
 /*
  * These macros define any special processing that needs to happen for
  * devices.  For unix, of course, this is hardly anything.
  */
-#define	DEVICE_OPEN(d, m)	fopen(d, m)
-#define	CONSOLE_OPEN(m)		fopen("/dev/console", m)
-#define	DEVICE_PRINT(f, m)	((fprintf(f, "%s\r\n", m) >= 0) ? 	\
-				 (fflush(f), 0) :			\
-				 -1)
-#define	DEVICE_CLOSE(d)		fclose(d)
+#define DEVICE_OPEN(d, m)       fopen(d, m)
+#define CONSOLE_OPEN(m)         fopen("/dev/console", m)
+#define DEVICE_PRINT(f, m)      ((fprintf(f, "%s\r\n", m) >= 0) ?       \
+                                 (fflush(f), 0) :                       \
+                                 -1)
+#define DEVICE_CLOSE(d)         fclose(d)
 
 
 /*
- * klog_com_err_proc()	- Handle com_err(3) messages as specified by the
- *			  profile.
+ * klog_com_err_proc()  - Handle com_err(3) messages as specified by the
+ *                        profile.
  */
 static krb5_context err_context;
 
@@ -179,14 +180,14 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
 static void
 klog_com_err_proc(const char *whoami, long int code, const char *format, va_list ap)
 {
-    char	outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE];
-    int		lindex;
-    const char	*actual_format;
-#ifdef	HAVE_SYSLOG
-    int		log_pri = -1;
-#endif	/* HAVE_SYSLOG */
-    char	*cp;
-    char	*syslogp;
+    char        outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE];
+    int         lindex;
+    const char  *actual_format;
+#ifdef  HAVE_SYSLOG
+    int         log_pri = -1;
+#endif  /* HAVE_SYSLOG */
+    char        *cp;
+    char        *syslogp;
 
     /* Make the header */
     snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
@@ -201,15 +202,15 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
         char *emsg;
         outbuf[sizeof(outbuf) - 1] = '\0';
 
-	emsg = krb5_get_error_message (err_context, code);
-	strncat(outbuf, emsg, sizeof(outbuf) - 1 - strlen(outbuf));
-	strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf));
-	krb5_free_error_message(err_context, emsg);
+        emsg = krb5_get_error_message (err_context, code);
+        strncat(outbuf, emsg, sizeof(outbuf) - 1 - strlen(outbuf));
+        strncat(outbuf, " - ", sizeof(outbuf) - 1 - strlen(outbuf));
+        krb5_free_error_message(err_context, emsg);
     }
     cp = &outbuf[strlen(outbuf)];
-    
+
     actual_format = format;
-#ifdef	HAVE_SYSLOG
+#ifdef  HAVE_SYSLOG
     /*
      * This is an unpleasant hack.  If the first character is less than
      * 8, then we assume that it is a priority.
@@ -219,50 +220,50 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
      * intermediate representation.
      */
     if ((((unsigned char) *format) > 0) && (((unsigned char) *format) <= 8)) {
-	actual_format = (format + 1);
-	switch ((unsigned char) *format) {
-#ifdef	LOG_EMERG
-	case 1:
-	    log_pri = LOG_EMERG;
-	    break;
+        actual_format = (format + 1);
+        switch ((unsigned char) *format) {
+#ifdef  LOG_EMERG
+        case 1:
+            log_pri = LOG_EMERG;
+            break;
 #endif /* LOG_EMERG */
-#ifdef	LOG_ALERT
-	case 2:
-	    log_pri = LOG_ALERT;
-	    break;
+#ifdef  LOG_ALERT
+        case 2:
+            log_pri = LOG_ALERT;
+            break;
 #endif /* LOG_ALERT */
-#ifdef	LOG_CRIT
-	case 3:
-	    log_pri = LOG_CRIT;
-	    break;
+#ifdef  LOG_CRIT
+        case 3:
+            log_pri = LOG_CRIT;
+            break;
 #endif /* LOG_CRIT */
-	default:
-	case 4:
-	    log_pri = LOG_ERR;
-	    break;
-#ifdef	LOG_WARNING
-	case 5:
-	    log_pri = LOG_WARNING;
-	    break;
+        default:
+        case 4:
+            log_pri = LOG_ERR;
+            break;
+#ifdef  LOG_WARNING
+        case 5:
+            log_pri = LOG_WARNING;
+            break;
 #endif /* LOG_WARNING */
-#ifdef	LOG_NOTICE
-	case 6:
-	    log_pri = LOG_NOTICE;
-	    break;
+#ifdef  LOG_NOTICE
+        case 6:
+            log_pri = LOG_NOTICE;
+            break;
 #endif /* LOG_NOTICE */
-#ifdef	LOG_INFO
-	case 7:
-	    log_pri = LOG_INFO;
-	    break;
+#ifdef  LOG_INFO
+        case 7:
+            log_pri = LOG_INFO;
+            break;
 #endif /* LOG_INFO */
-#ifdef	LOG_DEBUG
-	case 8:
-	    log_pri = LOG_DEBUG;
-	    break;
+#ifdef  LOG_DEBUG
+        case 8:
+            log_pri = LOG_DEBUG;
+            break;
 #endif /* LOG_DEBUG */
-	}
-    } 
-#endif	/* HAVE_SYSLOG */
+        }
+    }
+#endif  /* HAVE_SYSLOG */
 
     /* Now format the actual message */
     vsnprintf(cp, sizeof(outbuf) - (cp - outbuf), actual_format, ap);
@@ -272,92 +273,92 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
      * logging specification.
      */
     for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
-	switch (log_control.log_entries[lindex].log_type) {
-	case K_LOG_FILE:
-	case K_LOG_STDERR:
-	    /*
-	     * Files/standard error.
-	     */
-	    if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n",
-			outbuf) < 0) {
-		/* Attempt to report error */
-		fprintf(stderr, log_file_err, whoami,
-			log_control.log_entries[lindex].lfu_fname);
-	    }
-	    else {
-		fflush(log_control.log_entries[lindex].lfu_filep);
-	    }
-	    break;
-	case K_LOG_CONSOLE:
-	case K_LOG_DEVICE:
-	    /*
-	     * Devices (may need special handling)
-	     */
-	    if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep,
-			     outbuf) < 0) {
-		/* Attempt to report error */
-		fprintf(stderr, log_device_err, whoami,
-			log_control.log_entries[lindex].ldu_devname);
-	    }
-	    break;
-#ifdef	HAVE_SYSLOG
-	case K_LOG_SYSLOG:
-	    /*
-	     * System log.
-	     */
-	    /*
-	     * If we have specified a priority through our hackery, then
-	     * use it, otherwise use the default.
-	     */
-	    if (log_pri >= 0)
-		log_pri |= log_control.log_entries[lindex].lsu_facility;
-	    else
-		log_pri = log_control.log_entries[lindex].lsu_facility |
-		    log_control.log_entries[lindex].lsu_severity;
-					       
-	    /* Log the message with our header trimmed off */
-	    syslog(log_pri, "%s", syslogp);
-	    break;
+        switch (log_control.log_entries[lindex].log_type) {
+        case K_LOG_FILE:
+        case K_LOG_STDERR:
+            /*
+             * Files/standard error.
+             */
+            if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n",
+                        outbuf) < 0) {
+                /* Attempt to report error */
+                fprintf(stderr, log_file_err, whoami,
+                        log_control.log_entries[lindex].lfu_fname);
+            }
+            else {
+                fflush(log_control.log_entries[lindex].lfu_filep);
+            }
+            break;
+        case K_LOG_CONSOLE:
+        case K_LOG_DEVICE:
+            /*
+             * Devices (may need special handling)
+             */
+            if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep,
+                             outbuf) < 0) {
+                /* Attempt to report error */
+                fprintf(stderr, log_device_err, whoami,
+                        log_control.log_entries[lindex].ldu_devname);
+            }
+            break;
+#ifdef  HAVE_SYSLOG
+        case K_LOG_SYSLOG:
+            /*
+             * System log.
+             */
+            /*
+             * If we have specified a priority through our hackery, then
+             * use it, otherwise use the default.
+             */
+            if (log_pri >= 0)
+                log_pri |= log_control.log_entries[lindex].lsu_facility;
+            else
+                log_pri = log_control.log_entries[lindex].lsu_facility |
+                    log_control.log_entries[lindex].lsu_severity;
+
+            /* Log the message with our header trimmed off */
+            syslog(log_pri, "%s", syslogp);
+            break;
 #endif /* HAVE_SYSLOG */
-	default:
-	    break;
-	}
+        default:
+            break;
+        }
     }
 }
 
 /*
- * krb5_klog_init()	- Initialize logging.
+ * krb5_klog_init()     - Initialize logging.
  *
  * This routine parses the syntax described above to specify destinations for
  * com_err(3) or krb5_klog_syslog() messages generated by the caller.
  *
  * Parameters:
- *	kcontext	- Kerberos context.
- *	ename		- Entity name as it is to appear in the profile.
- *	whoami		- Entity name as it is to appear in error output.
- *	do_com_err	- Take over com_err(3) processing.
+ *      kcontext        - Kerberos context.
+ *      ename           - Entity name as it is to appear in the profile.
+ *      whoami          - Entity name as it is to appear in error output.
+ *      do_com_err      - Take over com_err(3) processing.
  *
  * Implicit inputs:
- *	stderr		- This is where STDERR output goes.
+ *      stderr          - This is where STDERR output goes.
  *
  * Implicit outputs:
- *	log_nentries	- Number of log entries, both valid and invalid.
- *	log_control	- List of entries (log_nentries long) which contains
- *			  data for klog_com_err_proc() to use to determine
- *			  where/how to send output.
+ *      log_nentries    - Number of log entries, both valid and invalid.
+ *      log_control     - List of entries (log_nentries long) which contains
+ *                        data for klog_com_err_proc() to use to determine
+ *                        where/how to send output.
  */
 krb5_error_code
 krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do_com_err)
 {
-    const char	*logging_profent[3];
-    const char	*logging_defent[3];
-    char	**logging_specs;
-    int		i, ngood;
-    char	*cp, *cp2;
-    char	savec = '\0';
-    int		error;
-    int		do_openlog, log_facility;
-    FILE	*f;
+    const char  *logging_profent[3];
+    const char  *logging_defent[3];
+    char        **logging_specs;
+    int         i, ngood;
+    char        *cp, *cp2;
+    char        savec = '\0';
+    int         error;
+    int         do_openlog, log_facility;
+    FILE        *f;
 
     /* Initialize */
     do_openlog = 0;
@@ -379,311 +380,311 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
     ngood = 0;
     log_control.log_nentries = 0;
     if (!profile_get_values(kcontext->profile,
-			    logging_profent,
-			    &logging_specs) ||
-	!profile_get_values(kcontext->profile,
-			    logging_defent,
-			    &logging_specs)) {
-	/*
-	 * We have a match, so we first count the number of elements
-	 */
-	for (log_control.log_nentries = 0;
-	     logging_specs[log_control.log_nentries];
-	     log_control.log_nentries++);
-
-	/*
-	 * Now allocate our structure.
-	 */
-	log_control.log_entries = (struct log_entry *)
-	    malloc(log_control.log_nentries * sizeof(struct log_entry));
-	if (log_control.log_entries) {
-	    /*
-	     * Scan through the list.
-	     */
-	    for (i=0; i<log_control.log_nentries; i++) {
-		log_control.log_entries[i].log_type = K_LOG_NONE;
-		log_control.log_entries[i].log_2free = logging_specs[i];
-		/*
-		 * The format is:
-		 *	<whitespace><data><whitespace>
-		 * so, trim off the leading and trailing whitespace here.
-		 */
-		for (cp = logging_specs[i]; isspace((int) *cp); cp++);
-		for (cp2 = &logging_specs[i][strlen(logging_specs[i])-1];
-		     isspace((int) *cp2); cp2--);
-		cp2++;
-		*cp2 = '\0';
-		/*
-		 * Is this a file?
-		 */
-		if (!strncasecmp(cp, "FILE", 4)) {
-		    /*
-		     * Check for append/overwrite, then open the file.
-		     */
-		    if (cp[4] == ':' || cp[4] == '=') {
-			f = fopen(&cp[5], (cp[4] == ':') ? "a" : "w");
-			if (f) {
-			    set_cloexec_file(f);
-			    log_control.log_entries[i].lfu_filep = f;
-			    log_control.log_entries[i].log_type = K_LOG_FILE;
-			    log_control.log_entries[i].lfu_fname = &cp[5];
-			} else {
-			    fprintf(stderr,"Couldn't open log file %s: %s\n",
-				    &cp[5], error_message(errno));
-			    continue;
-			}
-		    }
-		}
-#ifdef	HAVE_SYSLOG
-		/*
-		 * Is this a syslog?
-		 */
-		else if (!strncasecmp(cp, "SYSLOG", 6)) {
-		    error = 0;
-		    log_control.log_entries[i].lsu_facility = LOG_AUTH;
-		    log_control.log_entries[i].lsu_severity = LOG_ERR;
-		    /*
-		     * Is there a severify specified?
-		     */
-		    if (cp[6] == ':') {
-			/*
-			 * Find the end of the severity.
-			 */
-			cp2 = strchr(&cp[7], ':');
-			if (cp2) {
-			    savec = *cp2;
-			    *cp2 = '\0';
-			    cp2++;
-			}
-
-			/*
-			 * Match a severity.
-			 */
-			if (!strcasecmp(&cp[7], "ERR")) {
-			    log_control.log_entries[i].lsu_severity = LOG_ERR;
-			}
-#ifdef	LOG_EMERG
-			else if (!strcasecmp(&cp[7], "EMERG")) {
-			    log_control.log_entries[i].lsu_severity =
-				LOG_EMERG;
-			}
-#endif	/* LOG_EMERG */
-#ifdef	LOG_ALERT
-			else if (!strcasecmp(&cp[7], "ALERT")) {
-			    log_control.log_entries[i].lsu_severity =
-				LOG_ALERT;
-			}
-#endif	/* LOG_ALERT */
-#ifdef	LOG_CRIT
-			else if (!strcasecmp(&cp[7], "CRIT")) {
-			    log_control.log_entries[i].lsu_severity = LOG_CRIT;
-			}
-#endif	/* LOG_CRIT */
-#ifdef	LOG_WARNING
-			else if (!strcasecmp(&cp[7], "WARNING")) {
-			    log_control.log_entries[i].lsu_severity =
-				LOG_WARNING;
-			}
-#endif	/* LOG_WARNING */
-#ifdef	LOG_NOTICE
-			else if (!strcasecmp(&cp[7], "NOTICE")) {
-			    log_control.log_entries[i].lsu_severity =
-				LOG_NOTICE;
-			}
-#endif	/* LOG_NOTICE */
-#ifdef	LOG_INFO
-			else if (!strcasecmp(&cp[7], "INFO")) {
-			    log_control.log_entries[i].lsu_severity = LOG_INFO;
-			}
-#endif	/* LOG_INFO */
-#ifdef	LOG_DEBUG
-			else if (!strcasecmp(&cp[7], "DEBUG")) {
-			    log_control.log_entries[i].lsu_severity =
-				LOG_DEBUG;
-			}
-#endif	/* LOG_DEBUG */
-			else
-			    error = 1;
-
-			/*
-			 * If there is a facility present, then parse that.
-			 */
-			if (cp2) {
-			    static const struct {
-				const char *name;
-				int value;
-			    } facilities[] = {
-				{ "AUTH",	LOG_AUTH	},
-#ifdef	LOG_AUTHPRIV
-				{ "AUTHPRIV",	LOG_AUTHPRIV	},
-#endif	/* LOG_AUTHPRIV */
-#ifdef	LOG_KERN
-				{ "KERN",	LOG_KERN	},
-#endif	/* LOG_KERN */
-#ifdef	LOG_USER
-				{ "USER",	LOG_USER	},
-#endif	/* LOG_USER */
-#ifdef	LOG_MAIL
-				{ "MAIL",	LOG_MAIL	},
-#endif	/* LOG_MAIL */
-#ifdef	LOG_DAEMON
-				{ "DAEMON",	LOG_DAEMON	},
-#endif	/* LOG_DAEMON */
-#ifdef	LOG_FTP
-				{ "FTP",	LOG_FTP		},
-#endif	/* LOG_FTP */
-#ifdef	LOG_LPR
-				{ "LPR",	LOG_LPR		},
-#endif	/* LOG_LPR */
-#ifdef	LOG_NEWS
-				{ "NEWS",	LOG_NEWS	},
-#endif	/* LOG_NEWS */
-#ifdef	LOG_UUCP
-				{ "UUCP",	LOG_UUCP	},
-#endif	/* LOG_UUCP */
-#ifdef	LOG_CRON
-				{ "CRON",	LOG_CRON	},
-#endif	/* LOG_CRON */
-#ifdef	LOG_LOCAL0
-				{ "LOCAL0",	LOG_LOCAL0	},
-#endif	/* LOG_LOCAL0 */
-#ifdef	LOG_LOCAL1
-				{ "LOCAL1",	LOG_LOCAL1	},
-#endif	/* LOG_LOCAL1 */
-#ifdef	LOG_LOCAL2
-				{ "LOCAL2",	LOG_LOCAL2	},
-#endif	/* LOG_LOCAL2 */
-#ifdef	LOG_LOCAL3
-				{ "LOCAL3",	LOG_LOCAL3	},
-#endif	/* LOG_LOCAL3 */
-#ifdef	LOG_LOCAL4
-				{ "LOCAL4",	LOG_LOCAL4	},
-#endif	/* LOG_LOCAL4 */
-#ifdef	LOG_LOCAL5
-				{ "LOCAL5",	LOG_LOCAL5	},
-#endif	/* LOG_LOCAL5 */
-#ifdef	LOG_LOCAL6
-				{ "LOCAL6",	LOG_LOCAL6	},
-#endif	/* LOG_LOCAL6 */
-#ifdef	LOG_LOCAL7
-				{ "LOCAL7",	LOG_LOCAL7	},
-#endif	/* LOG_LOCAL7 */
-			    };
-			    unsigned int j;
-
-			    for (j = 0; j < sizeof(facilities)/sizeof(facilities[0]); j++)
-				if (!strcasecmp(cp2, facilities[j].name)) {
-				    log_control.log_entries[i].lsu_facility = facilities[j].value;
-				    break;
-				}
-			    cp2--;
-			    *cp2 = savec;
-			}
-		    }
-		    if (!error) {
-			log_control.log_entries[i].log_type = K_LOG_SYSLOG;
-			do_openlog = 1;
-			log_facility = log_control.log_entries[i].lsu_facility;
-		    }
-		}
-#endif	/* HAVE_SYSLOG */
-		/*
-		 * Is this a standard error specification?
-		 */
-		else if (!strcasecmp(cp, "STDERR")) {
-		    log_control.log_entries[i].lfu_filep =
-			fdopen(fileno(stderr), "a+");
-		    if (log_control.log_entries[i].lfu_filep) {
-			log_control.log_entries[i].log_type = K_LOG_STDERR;
-			log_control.log_entries[i].lfu_fname =
-			    "standard error";
-		    }
-		}
-		/*
-		 * Is this a specification of the console?
-		 */
-		else if (!strcasecmp(cp, "CONSOLE")) {
-		    log_control.log_entries[i].ldu_filep =
-			CONSOLE_OPEN("a+");
-		    if (log_control.log_entries[i].ldu_filep) {
-			set_cloexec_file(log_control.log_entries[i].ldu_filep);
-			log_control.log_entries[i].log_type = K_LOG_CONSOLE;
-			log_control.log_entries[i].ldu_devname = "console";
-		    }
-		}
-		/*
-		 * Is this a specification of a device?
-		 */
-		else if (!strncasecmp(cp, "DEVICE", 6)) {
-		    /*
-		     * We handle devices very similarly to files.
-		     */
-		    if (cp[6] == '=') {
-			log_control.log_entries[i].ldu_filep = 
-			    DEVICE_OPEN(&cp[7], "w");
-			if (log_control.log_entries[i].ldu_filep) {
-			    set_cloexec_file(log_control.log_entries[i].ldu_filep);
-			    log_control.log_entries[i].log_type = K_LOG_DEVICE;
-			    log_control.log_entries[i].ldu_devname = &cp[7];
-			}
-		    }
-		}
-		/*
-		 * See if we successfully parsed this specification.
-		 */
-		if (log_control.log_entries[i].log_type == K_LOG_NONE) {
-		    fprintf(stderr, lspec_parse_err_1, whoami, cp);
-		    fprintf(stderr, lspec_parse_err_2, whoami);
-		}
-		else
-		    ngood++;
-	    }
-	}
-	/*
-	 * If we didn't find anything, then free our lists.
-	 */
-	if (ngood == 0) {
-	    for (i=0; i<log_control.log_nentries; i++)
-		free(logging_specs[i]);
-	}
-	free(logging_specs);
+                            logging_profent,
+                            &logging_specs) ||
+        !profile_get_values(kcontext->profile,
+                            logging_defent,
+                            &logging_specs)) {
+        /*
+         * We have a match, so we first count the number of elements
+         */
+        for (log_control.log_nentries = 0;
+             logging_specs[log_control.log_nentries];
+             log_control.log_nentries++);
+
+        /*
+         * Now allocate our structure.
+         */
+        log_control.log_entries = (struct log_entry *)
+            malloc(log_control.log_nentries * sizeof(struct log_entry));
+        if (log_control.log_entries) {
+            /*
+             * Scan through the list.
+             */
+            for (i=0; i<log_control.log_nentries; i++) {
+                log_control.log_entries[i].log_type = K_LOG_NONE;
+                log_control.log_entries[i].log_2free = logging_specs[i];
+                /*
+                 * The format is:
+                 *      <whitespace><data><whitespace>
+                 * so, trim off the leading and trailing whitespace here.
+                 */
+                for (cp = logging_specs[i]; isspace((int) *cp); cp++);
+                for (cp2 = &logging_specs[i][strlen(logging_specs[i])-1];
+                     isspace((int) *cp2); cp2--);
+                cp2++;
+                *cp2 = '\0';
+                /*
+                 * Is this a file?
+                 */
+                if (!strncasecmp(cp, "FILE", 4)) {
+                    /*
+                     * Check for append/overwrite, then open the file.
+                     */
+                    if (cp[4] == ':' || cp[4] == '=') {
+                        f = fopen(&cp[5], (cp[4] == ':') ? "a" : "w");
+                        if (f) {
+                            set_cloexec_file(f);
+                            log_control.log_entries[i].lfu_filep = f;
+                            log_control.log_entries[i].log_type = K_LOG_FILE;
+                            log_control.log_entries[i].lfu_fname = &cp[5];
+                        } else {
+                            fprintf(stderr,"Couldn't open log file %s: %s\n",
+                                    &cp[5], error_message(errno));
+                            continue;
+                        }
+                    }
+                }
+#ifdef  HAVE_SYSLOG
+                /*
+                 * Is this a syslog?
+                 */
+                else if (!strncasecmp(cp, "SYSLOG", 6)) {
+                    error = 0;
+                    log_control.log_entries[i].lsu_facility = LOG_AUTH;
+                    log_control.log_entries[i].lsu_severity = LOG_ERR;
+                    /*
+                     * Is there a severify specified?
+                     */
+                    if (cp[6] == ':') {
+                        /*
+                         * Find the end of the severity.
+                         */
+                        cp2 = strchr(&cp[7], ':');
+                        if (cp2) {
+                            savec = *cp2;
+                            *cp2 = '\0';
+                            cp2++;
+                        }
+
+                        /*
+                         * Match a severity.
+                         */
+                        if (!strcasecmp(&cp[7], "ERR")) {
+                            log_control.log_entries[i].lsu_severity = LOG_ERR;
+                        }
+#ifdef  LOG_EMERG
+                        else if (!strcasecmp(&cp[7], "EMERG")) {
+                            log_control.log_entries[i].lsu_severity =
+                                LOG_EMERG;
+                        }
+#endif  /* LOG_EMERG */
+#ifdef  LOG_ALERT
+                        else if (!strcasecmp(&cp[7], "ALERT")) {
+                            log_control.log_entries[i].lsu_severity =
+                                LOG_ALERT;
+                        }
+#endif  /* LOG_ALERT */
+#ifdef  LOG_CRIT
+                        else if (!strcasecmp(&cp[7], "CRIT")) {
+                            log_control.log_entries[i].lsu_severity = LOG_CRIT;
+                        }
+#endif  /* LOG_CRIT */
+#ifdef  LOG_WARNING
+                        else if (!strcasecmp(&cp[7], "WARNING")) {
+                            log_control.log_entries[i].lsu_severity =
+                                LOG_WARNING;
+                        }
+#endif  /* LOG_WARNING */
+#ifdef  LOG_NOTICE
+                        else if (!strcasecmp(&cp[7], "NOTICE")) {
+                            log_control.log_entries[i].lsu_severity =
+                                LOG_NOTICE;
+                        }
+#endif  /* LOG_NOTICE */
+#ifdef  LOG_INFO
+                        else if (!strcasecmp(&cp[7], "INFO")) {
+                            log_control.log_entries[i].lsu_severity = LOG_INFO;
+                        }
+#endif  /* LOG_INFO */
+#ifdef  LOG_DEBUG
+                        else if (!strcasecmp(&cp[7], "DEBUG")) {
+                            log_control.log_entries[i].lsu_severity =
+                                LOG_DEBUG;
+                        }
+#endif  /* LOG_DEBUG */
+                        else
+                            error = 1;
+
+                        /*
+                         * If there is a facility present, then parse that.
+                         */
+                        if (cp2) {
+                            static const struct {
+                                const char *name;
+                                int value;
+                            } facilities[] = {
+                                { "AUTH",       LOG_AUTH        },
+#ifdef  LOG_AUTHPRIV
+                                { "AUTHPRIV",   LOG_AUTHPRIV    },
+#endif  /* LOG_AUTHPRIV */
+#ifdef  LOG_KERN
+                                { "KERN",       LOG_KERN        },
+#endif  /* LOG_KERN */
+#ifdef  LOG_USER
+                                { "USER",       LOG_USER        },
+#endif  /* LOG_USER */
+#ifdef  LOG_MAIL
+                                { "MAIL",       LOG_MAIL        },
+#endif  /* LOG_MAIL */
+#ifdef  LOG_DAEMON
+                                { "DAEMON",     LOG_DAEMON      },
+#endif  /* LOG_DAEMON */
+#ifdef  LOG_FTP
+                                { "FTP",        LOG_FTP         },
+#endif  /* LOG_FTP */
+#ifdef  LOG_LPR
+                                { "LPR",        LOG_LPR         },
+#endif  /* LOG_LPR */
+#ifdef  LOG_NEWS
+                                { "NEWS",       LOG_NEWS        },
+#endif  /* LOG_NEWS */
+#ifdef  LOG_UUCP
+                                { "UUCP",       LOG_UUCP        },
+#endif  /* LOG_UUCP */
+#ifdef  LOG_CRON
+                                { "CRON",       LOG_CRON        },
+#endif  /* LOG_CRON */
+#ifdef  LOG_LOCAL0
+                                { "LOCAL0",     LOG_LOCAL0      },
+#endif  /* LOG_LOCAL0 */
+#ifdef  LOG_LOCAL1
+                                { "LOCAL1",     LOG_LOCAL1      },
+#endif  /* LOG_LOCAL1 */
+#ifdef  LOG_LOCAL2
+                                { "LOCAL2",     LOG_LOCAL2      },
+#endif  /* LOG_LOCAL2 */
+#ifdef  LOG_LOCAL3
+                                { "LOCAL3",     LOG_LOCAL3      },
+#endif  /* LOG_LOCAL3 */
+#ifdef  LOG_LOCAL4
+                                { "LOCAL4",     LOG_LOCAL4      },
+#endif  /* LOG_LOCAL4 */
+#ifdef  LOG_LOCAL5
+                                { "LOCAL5",     LOG_LOCAL5      },
+#endif  /* LOG_LOCAL5 */
+#ifdef  LOG_LOCAL6
+                                { "LOCAL6",     LOG_LOCAL6      },
+#endif  /* LOG_LOCAL6 */
+#ifdef  LOG_LOCAL7
+                                { "LOCAL7",     LOG_LOCAL7      },
+#endif  /* LOG_LOCAL7 */
+                            };
+                            unsigned int j;
+
+                            for (j = 0; j < sizeof(facilities)/sizeof(facilities[0]); j++)
+                                if (!strcasecmp(cp2, facilities[j].name)) {
+                                    log_control.log_entries[i].lsu_facility = facilities[j].value;
+                                    break;
+                                }
+                            cp2--;
+                            *cp2 = savec;
+                        }
+                    }
+                    if (!error) {
+                        log_control.log_entries[i].log_type = K_LOG_SYSLOG;
+                        do_openlog = 1;
+                        log_facility = log_control.log_entries[i].lsu_facility;
+                    }
+                }
+#endif  /* HAVE_SYSLOG */
+                /*
+                 * Is this a standard error specification?
+                 */
+                else if (!strcasecmp(cp, "STDERR")) {
+                    log_control.log_entries[i].lfu_filep =
+                        fdopen(fileno(stderr), "a+");
+                    if (log_control.log_entries[i].lfu_filep) {
+                        log_control.log_entries[i].log_type = K_LOG_STDERR;
+                        log_control.log_entries[i].lfu_fname =
+                            "standard error";
+                    }
+                }
+                /*
+                 * Is this a specification of the console?
+                 */
+                else if (!strcasecmp(cp, "CONSOLE")) {
+                    log_control.log_entries[i].ldu_filep =
+                        CONSOLE_OPEN("a+");
+                    if (log_control.log_entries[i].ldu_filep) {
+                        set_cloexec_file(log_control.log_entries[i].ldu_filep);
+                        log_control.log_entries[i].log_type = K_LOG_CONSOLE;
+                        log_control.log_entries[i].ldu_devname = "console";
+                    }
+                }
+                /*
+                 * Is this a specification of a device?
+                 */
+                else if (!strncasecmp(cp, "DEVICE", 6)) {
+                    /*
+                     * We handle devices very similarly to files.
+                     */
+                    if (cp[6] == '=') {
+                        log_control.log_entries[i].ldu_filep =
+                            DEVICE_OPEN(&cp[7], "w");
+                        if (log_control.log_entries[i].ldu_filep) {
+                            set_cloexec_file(log_control.log_entries[i].ldu_filep);
+                            log_control.log_entries[i].log_type = K_LOG_DEVICE;
+                            log_control.log_entries[i].ldu_devname = &cp[7];
+                        }
+                    }
+                }
+                /*
+                 * See if we successfully parsed this specification.
+                 */
+                if (log_control.log_entries[i].log_type == K_LOG_NONE) {
+                    fprintf(stderr, lspec_parse_err_1, whoami, cp);
+                    fprintf(stderr, lspec_parse_err_2, whoami);
+                }
+                else
+                    ngood++;
+            }
+        }
+        /*
+         * If we didn't find anything, then free our lists.
+         */
+        if (ngood == 0) {
+            for (i=0; i<log_control.log_nentries; i++)
+                free(logging_specs[i]);
+        }
+        free(logging_specs);
     }
     /*
      * If we didn't find anything, go for the default which is to log to
      * the system log.
      */
     if (ngood == 0) {
-	if (log_control.log_entries)
-	    free(log_control.log_entries);
-	log_control.log_entries = &def_log_entry;
-	log_control.log_entries->log_type = K_LOG_SYSLOG;
-	log_control.log_entries->log_2free = (krb5_pointer) NULL;
-	log_facility = log_control.log_entries->lsu_facility = LOG_AUTH;
-	log_control.log_entries->lsu_severity = LOG_ERR;
-	do_openlog = 1;
-	log_control.log_nentries = 1;
+        if (log_control.log_entries)
+            free(log_control.log_entries);
+        log_control.log_entries = &def_log_entry;
+        log_control.log_entries->log_type = K_LOG_SYSLOG;
+        log_control.log_entries->log_2free = (krb5_pointer) NULL;
+        log_facility = log_control.log_entries->lsu_facility = LOG_AUTH;
+        log_control.log_entries->lsu_severity = LOG_ERR;
+        do_openlog = 1;
+        log_control.log_nentries = 1;
     }
     if (log_control.log_nentries) {
-	log_control.log_whoami = strdup(whoami);
-	log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN + 1);
-	if (log_control.log_hostname) {
-	    gethostname(log_control.log_hostname, MAXHOSTNAMELEN);
-	    log_control.log_hostname[MAXHOSTNAMELEN] = '\0';
-	}
-#ifdef	HAVE_OPENLOG
-	if (do_openlog) {
-	    openlog(whoami, LOG_NDELAY|LOG_PID, log_facility);
-	    log_control.log_opened = 1;
-	}
+        log_control.log_whoami = strdup(whoami);
+        log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN + 1);
+        if (log_control.log_hostname) {
+            gethostname(log_control.log_hostname, MAXHOSTNAMELEN);
+            log_control.log_hostname[MAXHOSTNAMELEN] = '\0';
+        }
+#ifdef  HAVE_OPENLOG
+        if (do_openlog) {
+            openlog(whoami, LOG_NDELAY|LOG_PID, log_facility);
+            log_control.log_opened = 1;
+        }
 #endif /* HAVE_OPENLOG */
-	if (do_com_err)
-	    (void) set_com_err_hook(klog_com_err_proc);
+        if (do_com_err)
+            (void) set_com_err_hook(klog_com_err_proc);
     }
     return((log_control.log_nentries) ? 0 : ENOENT);
 }
 
 /*
- * krb5_klog_close()	- Close the logging context and free all data.
+ * krb5_klog_close()    - Close the logging context and free all data.
  */
 void
 krb5_klog_close(krb5_context kcontext)
@@ -691,52 +692,52 @@ krb5_klog_close(krb5_context kcontext)
     int lindex;
     (void) reset_com_err_hook();
     for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
-	switch (log_control.log_entries[lindex].log_type) {
-	case K_LOG_FILE:
-	case K_LOG_STDERR:
-	    /*
-	     * Files/standard error.
-	     */
-	    fclose(log_control.log_entries[lindex].lfu_filep);
-	    break;
-	case K_LOG_CONSOLE:
-	case K_LOG_DEVICE:
-	    /*
-	     * Devices (may need special handling)
-	     */
-	    DEVICE_CLOSE(log_control.log_entries[lindex].ldu_filep);
-	    break;
-#ifdef	HAVE_SYSLOG
-	case K_LOG_SYSLOG:
-	    /*
-	     * System log.
-	     */
-	    break;
-#endif	/* HAVE_SYSLOG */
-	default:
-	    break;
-	}
-	if (log_control.log_entries[lindex].log_2free)
-	    free(log_control.log_entries[lindex].log_2free);
+        switch (log_control.log_entries[lindex].log_type) {
+        case K_LOG_FILE:
+        case K_LOG_STDERR:
+            /*
+             * Files/standard error.
+             */
+            fclose(log_control.log_entries[lindex].lfu_filep);
+            break;
+        case K_LOG_CONSOLE:
+        case K_LOG_DEVICE:
+            /*
+             * Devices (may need special handling)
+             */
+            DEVICE_CLOSE(log_control.log_entries[lindex].ldu_filep);
+            break;
+#ifdef  HAVE_SYSLOG
+        case K_LOG_SYSLOG:
+            /*
+             * System log.
+             */
+            break;
+#endif  /* HAVE_SYSLOG */
+        default:
+            break;
+        }
+        if (log_control.log_entries[lindex].log_2free)
+            free(log_control.log_entries[lindex].log_2free);
     }
     if (log_control.log_entries != &def_log_entry)
-	free(log_control.log_entries);
+        free(log_control.log_entries);
     log_control.log_entries = (struct log_entry *) NULL;
     log_control.log_nentries = 0;
     if (log_control.log_whoami)
-	free(log_control.log_whoami);
+        free(log_control.log_whoami);
     log_control.log_whoami = (char *) NULL;
     if (log_control.log_hostname)
-	free(log_control.log_hostname);
+        free(log_control.log_hostname);
     log_control.log_hostname = (char *) NULL;
-#ifdef	HAVE_CLOSELOG
+#ifdef  HAVE_CLOSELOG
     if (log_control.log_opened)
-	closelog();
-#endif	/* HAVE_CLOSELOG */
+        closelog();
+#endif  /* HAVE_CLOSELOG */
 }
 
 /*
- * severity2string()	- Convert a severity to a string.
+ * severity2string()    - Convert a severity to a string.
  */
 static const char *
 severity2string(int severity)
@@ -747,52 +748,52 @@ severity2string(int severity)
     s = severity & LOG_PRIMASK;
     ss = log_ufo_string;
     switch (s) {
-#ifdef	LOG_EMERG
+#ifdef  LOG_EMERG
     case LOG_EMERG:
-	ss = log_emerg_string;
-	break;
-#endif	/* LOG_EMERG */
-#ifdef	LOG_ALERT
+        ss = log_emerg_string;
+        break;
+#endif  /* LOG_EMERG */
+#ifdef  LOG_ALERT
     case LOG_ALERT:
-	ss = log_alert_string;
-	break;
-#endif	/* LOG_ALERT */
-#ifdef	LOG_CRIT
+        ss = log_alert_string;
+        break;
+#endif  /* LOG_ALERT */
+#ifdef  LOG_CRIT
     case LOG_CRIT:
-	ss = log_crit_string;
-	break;
-#endif	/* LOG_CRIT */
+        ss = log_crit_string;
+        break;
+#endif  /* LOG_CRIT */
     case LOG_ERR:
-	ss = log_err_string;
-	break;
-#ifdef	LOG_WARNING
+        ss = log_err_string;
+        break;
+#ifdef  LOG_WARNING
     case LOG_WARNING:
-	ss = log_warning_string;
-	break;
-#endif	/* LOG_WARNING */
-#ifdef	LOG_NOTICE
+        ss = log_warning_string;
+        break;
+#endif  /* LOG_WARNING */
+#ifdef  LOG_NOTICE
     case LOG_NOTICE:
-	ss = log_notice_string;
-	break;
-#endif	/* LOG_NOTICE */
-#ifdef	LOG_INFO
+        ss = log_notice_string;
+        break;
+#endif  /* LOG_NOTICE */
+#ifdef  LOG_INFO
     case LOG_INFO:
-	ss = log_info_string;
-	break;
-#endif	/* LOG_INFO */
-#ifdef	LOG_DEBUG
+        ss = log_info_string;
+        break;
+#endif  /* LOG_INFO */
+#ifdef  LOG_DEBUG
     case LOG_DEBUG:
-	ss = log_debug_string;
-	break;
-#endif	/* LOG_DEBUG */
+        ss = log_debug_string;
+        break;
+#endif  /* LOG_DEBUG */
     }
     return(ss);
 }
 
 /*
- * krb5_klog_syslog()	- Simulate the calling sequence of syslog(3), while
- *			  also performing the logging redirection as specified
- *			  by krb5_klog_init().
+ * krb5_klog_syslog()   - Simulate the calling sequence of syslog(3), while
+ *                        also performing the logging redirection as specified
+ *                        by krb5_klog_init().
  */
 static int
 klog_vsyslog(int priority, const char *format, va_list arglist)
@@ -804,51 +805,51 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
 static int
 klog_vsyslog(int priority, const char *format, va_list arglist)
 {
-    char	outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE];
-    int		lindex;
-    char	*syslogp;
-    char	*cp;
-    time_t	now;
-#ifdef	HAVE_STRFTIME
-    size_t	soff;
-#endif	/* HAVE_STRFTIME */
+    char        outbuf[KRB5_KLOG_MAX_ERRMSG_SIZE];
+    int         lindex;
+    char        *syslogp;
+    char        *cp;
+    time_t      now;
+#ifdef  HAVE_STRFTIME
+    size_t      soff;
+#endif  /* HAVE_STRFTIME */
 
     /*
      * Format a syslog-esque message of the format:
      *
      * (verbose form)
-     * 		<date> <hostname> <id>[<pid>](<priority>): <message>
+     *          <date> <hostname> <id>[<pid>](<priority>): <message>
      *
      * (short form)
-     *		<date> <message>
+     *          <date> <message>
      */
     cp = outbuf;
     (void) time(&now);
-#ifdef	HAVE_STRFTIME
+#ifdef  HAVE_STRFTIME
     /*
      * Format the date: mon dd hh:mm:ss
      */
     soff = strftime(outbuf, sizeof(outbuf), "%b %d %H:%M:%S", localtime(&now));
     if (soff > 0)
-	cp += soff;
+        cp += soff;
     else
-	return(-1);
-#else	/* HAVE_STRFTIME */
+        return(-1);
+#else   /* HAVE_STRFTIME */
     /*
      * Format the date:
      * We ASSUME here that the output of ctime is of the format:
-     *	dow mon dd hh:mm:ss tzs yyyy\n
+     *  dow mon dd hh:mm:ss tzs yyyy\n
      *  012345678901234567890123456789
      */
     strncpy(outbuf, ctime(&now) + 4, 15);
     cp += 15;
-#endif	/* HAVE_STRFTIME */
+#endif  /* HAVE_STRFTIME */
 #ifdef VERBOSE_LOGS
     snprintf(cp, sizeof(outbuf) - (cp-outbuf), " %s %s[%ld](%s): ",
-	     log_control.log_hostname ? log_control.log_hostname : "", 
-	     log_control.log_whoami ? log_control.log_whoami : "", 
-	     (long) getpid(),
-	     severity2string(priority));
+             log_control.log_hostname ? log_control.log_hostname : "",
+             log_control.log_whoami ? log_control.log_whoami : "",
+             (long) getpid(),
+             severity2string(priority));
 #else
     snprintf(cp, sizeof(outbuf) - (cp-outbuf), " ");
 #endif
@@ -863,8 +864,8 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
      */
 #ifdef HAVE_SYSLOG
     if (log_control.log_nentries == 0) {
-	/* Log the message with our header trimmed off */
-	syslog(priority, "%s", syslogp);
+        /* Log the message with our header trimmed off */
+        syslog(priority, "%s", syslogp);
     }
 #endif
 
@@ -873,47 +874,47 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
      * logging specification.
      */
     for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
-	switch (log_control.log_entries[lindex].log_type) {
-	case K_LOG_FILE:
-	case K_LOG_STDERR:
-	    /*
-	     * Files/standard error.
-	     */
-	    if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n",
-			outbuf) < 0) {
-		/* Attempt to report error */
-		fprintf(stderr, log_file_err, log_control.log_whoami,
-			log_control.log_entries[lindex].lfu_fname);
-	    }
-	    else {
-		fflush(log_control.log_entries[lindex].lfu_filep);
-	    }
-	    break;
-	case K_LOG_CONSOLE:
-	case K_LOG_DEVICE:
-	    /*
-	     * Devices (may need special handling)
-	     */
-	    if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep,
-			     outbuf) < 0) {
-		/* Attempt to report error */
-		fprintf(stderr, log_device_err, log_control.log_whoami,
-			log_control.log_entries[lindex].ldu_devname);
-	    }
-	    break;
-#ifdef	HAVE_SYSLOG
-	case K_LOG_SYSLOG:
-	    /*
-	     * System log.
-	     */
-					       
-	    /* Log the message with our header trimmed off */
-	    syslog(priority, "%s", syslogp);
-	    break;
+        switch (log_control.log_entries[lindex].log_type) {
+        case K_LOG_FILE:
+        case K_LOG_STDERR:
+            /*
+             * Files/standard error.
+             */
+            if (fprintf(log_control.log_entries[lindex].lfu_filep, "%s\n",
+                        outbuf) < 0) {
+                /* Attempt to report error */
+                fprintf(stderr, log_file_err, log_control.log_whoami,
+                        log_control.log_entries[lindex].lfu_fname);
+            }
+            else {
+                fflush(log_control.log_entries[lindex].lfu_filep);
+            }
+            break;
+        case K_LOG_CONSOLE:
+        case K_LOG_DEVICE:
+            /*
+             * Devices (may need special handling)
+             */
+            if (DEVICE_PRINT(log_control.log_entries[lindex].ldu_filep,
+                             outbuf) < 0) {
+                /* Attempt to report error */
+                fprintf(stderr, log_device_err, log_control.log_whoami,
+                        log_control.log_entries[lindex].ldu_devname);
+            }
+            break;
+#ifdef  HAVE_SYSLOG
+        case K_LOG_SYSLOG:
+            /*
+             * System log.
+             */
+
+            /* Log the message with our header trimmed off */
+            syslog(priority, "%s", syslogp);
+            break;
 #endif /* HAVE_SYSLOG */
-	default:
-	    break;
-	}
+        default:
+            break;
+        }
     }
     return(0);
 }
@@ -921,8 +922,8 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
 int
 krb5_klog_syslog(int priority, const char *format, ...)
 {
-    int		retval;
-    va_list	pvar;
+    int         retval;
+    va_list     pvar;
 
     va_start(pvar, format);
     retval = klog_vsyslog(priority, format, pvar);
@@ -948,21 +949,21 @@ krb5_klog_reopen(krb5_context kcontext)
      * and reopened in response to a SIGHUP
      */
     for (lindex = 0; lindex < log_control.log_nentries; lindex++) {
-	if (log_control.log_entries[lindex].log_type == K_LOG_FILE) {
-	    fclose(log_control.log_entries[lindex].lfu_filep);
-	    /*
-	     * In case the old logfile did not get moved out of the
-	     * way, open for append to prevent squashing the old logs.
-	     */
-	    f = fopen(log_control.log_entries[lindex].lfu_fname, "a+");
-	    if (f) {
-		set_cloexec_file(f);
-		log_control.log_entries[lindex].lfu_filep = f;
-	    } else {
-		fprintf(stderr, "Couldn't open log file %s: %s\n",
-			log_control.log_entries[lindex].lfu_fname,
-			error_message(errno));
-	    }
-	}
+        if (log_control.log_entries[lindex].log_type == K_LOG_FILE) {
+            fclose(log_control.log_entries[lindex].lfu_filep);
+            /*
+             * In case the old logfile did not get moved out of the
+             * way, open for append to prevent squashing the old logs.
+             */
+            f = fopen(log_control.log_entries[lindex].lfu_fname, "a+");
+            if (f) {
+                set_cloexec_file(f);
+                log_control.log_entries[lindex].lfu_filep = f;
+            } else {
+                fprintf(stderr, "Couldn't open log file %s: %s\n",
+                        log_control.log_entries[lindex].lfu_fname,
+                        error_message(errno));
+            }
+        }
     }
 }
diff --git a/src/lib/kadm5/misc_free.c b/src/lib/kadm5/misc_free.c
index b0e3d24ee..17c8cccac 100644
--- a/src/lib/kadm5/misc_free.c
+++ b/src/lib/kadm5/misc_free.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -7,9 +8,9 @@
 #if !defined(lint) && !defined(__CODECENTER__)
 static char *rcsid = "$Header$";
 #endif
-#include	<kadm5/admin.h>
-#include	<stdlib.h>
-#include	"server_internal.h"
+#include        <kadm5/admin.h>
+#include        <stdlib.h>
+#include        "server_internal.h"
 
 kadm5_ret_t
 kadm5_free_policy_ent(void *server_handle, kadm5_policy_ent_t val)
@@ -17,54 +18,54 @@ kadm5_free_policy_ent(void *server_handle, kadm5_policy_ent_t val)
     _KADM5_CHECK_HANDLE(server_handle);
 
     if (val)
-	free(val->policy);
+        free(val->policy);
     return KADM5_OK;
 }
 
 kadm5_ret_t
-     kadm5_free_name_list(void *server_handle, char **names, int count)
+kadm5_free_name_list(void *server_handle, char **names, int count)
 {
     _KADM5_CHECK_HANDLE(server_handle);
-	  
+
     while (count--)
-	  free(names[count]);
-     free(names);
+        free(names[count]);
+    free(names);
     return KADM5_OK;
 }
 
 /* XXX this ought to be in libkrb5.a, but isn't */
 kadm5_ret_t krb5_free_key_data_contents(context, key)
-   krb5_context context;
-   krb5_key_data *key;
+    krb5_context context;
+    krb5_key_data *key;
 {
-     int i, idx;
-     
-     idx = (key->key_data_ver == 1 ? 1 : 2);
-     for (i = 0; i < idx; i++) {
-	  if (key->key_data_contents[i]) {
-	       memset(key->key_data_contents[i], 0, key->key_data_length[i]);
-	       free(key->key_data_contents[i]);
-	  }
-     }
-     return KADM5_OK;
+    int i, idx;
+
+    idx = (key->key_data_ver == 1 ? 1 : 2);
+    for (i = 0; i < idx; i++) {
+        if (key->key_data_contents[i]) {
+            memset(key->key_data_contents[i], 0, key->key_data_length[i]);
+            free(key->key_data_contents[i]);
+        }
+    }
+    return KADM5_OK;
 }
 
 kadm5_ret_t kadm5_free_key_data(void *server_handle,
-				krb5_int16 *n_key_data,
-				krb5_key_data *key_data)
+                                krb5_int16 *n_key_data,
+                                krb5_key_data *key_data)
 {
-     kadm5_server_handle_t	handle = server_handle;
-     int i, nkeys = (int) *n_key_data;
-
-     _KADM5_CHECK_HANDLE(server_handle);
-
-     if (key_data == NULL)
-	  return KADM5_OK;
-     
-     for (i = 0; i < nkeys; i++)
-	  krb5_free_key_data_contents(handle->context, &key_data[i]);
-     free(key_data);
-     return KADM5_OK;
+    kadm5_server_handle_t      handle = server_handle;
+    int i, nkeys = (int) *n_key_data;
+
+    _KADM5_CHECK_HANDLE(server_handle);
+
+    if (key_data == NULL)
+        return KADM5_OK;
+
+    for (i = 0; i < nkeys; i++)
+        krb5_free_key_data_contents(handle->context, &key_data[i]);
+    free(key_data);
+    return KADM5_OK;
 }
 
 kadm5_ret_t
@@ -77,22 +78,22 @@ kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t val)
     _KADM5_CHECK_HANDLE(server_handle);
 
     if (!val)
-	return KADM5_OK;
+        return KADM5_OK;
 
     krb5_free_principal(handle->context, val->principal);
     krb5_free_principal(handle->context, val->mod_name);
     free(val->policy);
     if (val->n_key_data) {
-	for (i = 0; i < val->n_key_data; i++)
-	    krb5_free_key_data_contents(handle->context, &val->key_data[i]);
-	free(val->key_data);
+        for (i = 0; i < val->n_key_data; i++)
+            krb5_free_key_data_contents(handle->context, &val->key_data[i]);
+        free(val->key_data);
     }
 
     while (val->tl_data) {
-	tl = val->tl_data->tl_data_next;
-	free(val->tl_data->tl_data_contents);
-	free(val->tl_data);
-	val->tl_data = tl;
+        tl = val->tl_data->tl_data_next;
+        free(val->tl_data->tl_data_contents);
+        free(val->tl_data);
+        val->tl_data = tl;
     }
     return KADM5_OK;
 }
diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h
index c9bb073d3..7f5875031 100644
--- a/src/lib/kadm5/server_internal.h
+++ b/src/lib/kadm5/server_internal.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -24,116 +25,116 @@
 #include    "admin_internal.h"
 
 typedef struct _kadm5_server_handle_t {
-	krb5_ui_4	magic_number;
-	krb5_ui_4	struct_version;
-	krb5_ui_4	api_version;
-	krb5_context	context;
-	krb5_principal	current_caller;
-	kadm5_config_params  params;
-	struct _kadm5_server_handle_t *lhandle;
-        char **db_args;
+    krb5_ui_4       magic_number;
+    krb5_ui_4       struct_version;
+    krb5_ui_4       api_version;
+    krb5_context    context;
+    krb5_principal  current_caller;
+    kadm5_config_params  params;
+    struct _kadm5_server_handle_t *lhandle;
+    char **db_args;
 } kadm5_server_handle_rec, *kadm5_server_handle_t;
 
 #define OSA_ADB_PRINC_VERSION_1  0x12345C01
 
 typedef struct _osa_pw_hist_t {
-  int n_key_data;
-  krb5_key_data *key_data;
+    int n_key_data;
+    krb5_key_data *key_data;
 } osa_pw_hist_ent, *osa_pw_hist_t;
 
 typedef struct _osa_princ_ent_t {
-  int                         version;
-  char                        *policy;
-  long                        aux_attributes;
-  unsigned int                old_key_len;
-  unsigned int                old_key_next;
-  krb5_kvno                   admin_history_kvno;
-  osa_pw_hist_ent             *old_keys;
+    int                         version;
+    char                        *policy;
+    long                        aux_attributes;
+    unsigned int                old_key_len;
+    unsigned int                old_key_next;
+    krb5_kvno                   admin_history_kvno;
+    osa_pw_hist_ent             *old_keys;
 } osa_princ_ent_rec, *osa_princ_ent_t;
 
 
 kadm5_ret_t    adb_policy_init(kadm5_server_handle_t handle);
 kadm5_ret_t    adb_policy_close(kadm5_server_handle_t handle);
 kadm5_ret_t    passwd_check(kadm5_server_handle_t handle,
-			    char *pass, int use_policy,
-			    kadm5_policy_ent_t policy,
-			    krb5_principal principal);
+                            char *pass, int use_policy,
+                            kadm5_policy_ent_t policy,
+                            krb5_principal principal);
 kadm5_ret_t    principal_exists(krb5_principal principal);
-krb5_error_code	    kdb_init_master(kadm5_server_handle_t handle,
-				    char *r, int from_keyboard);
-krb5_error_code	    kdb_init_hist(kadm5_server_handle_t handle,
-				  char *r);
+krb5_error_code     kdb_init_master(kadm5_server_handle_t handle,
+                                    char *r, int from_keyboard);
+krb5_error_code     kdb_init_hist(kadm5_server_handle_t handle,
+                                  char *r);
 krb5_error_code     kdb_get_entry(kadm5_server_handle_t handle,
-				  krb5_principal principal, krb5_db_entry *kdb,
-				  osa_princ_ent_rec *adb);
+                                  krb5_principal principal, krb5_db_entry *kdb,
+                                  osa_princ_ent_rec *adb);
 krb5_error_code     kdb_free_entry(kadm5_server_handle_t handle,
-				   krb5_db_entry *kdb, osa_princ_ent_rec *adb);
+                                   krb5_db_entry *kdb, osa_princ_ent_rec *adb);
 krb5_error_code     kdb_put_entry(kadm5_server_handle_t handle,
-				  krb5_db_entry *kdb, osa_princ_ent_rec *adb);
+                                  krb5_db_entry *kdb, osa_princ_ent_rec *adb);
 krb5_error_code     kdb_delete_entry(kadm5_server_handle_t handle,
-				     krb5_principal name);
+                                     krb5_principal name);
 krb5_error_code     kdb_iter_entry(kadm5_server_handle_t handle,
-				   char *match_entry,
-				   void (*iter_fct)(void *, krb5_principal), 
-				   void *data);
+                                   char *match_entry,
+                                   void (*iter_fct)(void *, krb5_principal),
+                                   void *data);
 
-int		    init_dict(kadm5_config_params *);
-int		    find_word(const char *word);
-void		    destroy_dict(void);
+int                 init_dict(kadm5_config_params *);
+int                 find_word(const char *word);
+void                destroy_dict(void);
 
 /* XXX this ought to be in libkrb5.a, but isn't */
 kadm5_ret_t krb5_copy_key_data_contents(krb5_context context,
-					krb5_key_data *from, 
-					krb5_key_data *to);
-kadm5_ret_t krb5_free_key_data_contents(krb5_context context, 
-					krb5_key_data *key);
+                                        krb5_key_data *from,
+                                        krb5_key_data *to);
+kadm5_ret_t krb5_free_key_data_contents(krb5_context context,
+                                        krb5_key_data *key);
 
 /*
- * *Warning* 
- * *Warning*	    This is going to break if we     
- * *Warning*	    ever go multi-threaded	     
- * *Warning* 
+ * *Warning*
+ * *Warning*        This is going to break if we
+ * *Warning*        ever go multi-threaded
+ * *Warning*
  */
-extern	krb5_principal	current_caller;
+extern  krb5_principal  current_caller;
 
 /*
  * Why is this (or something similar) not defined *anywhere* in krb5?
  */
-#define KSUCCESS	0
-#define WORD_NOT_FOUND	1
+#define KSUCCESS        0
+#define WORD_NOT_FOUND  1
 
 /*
  * all the various mask bits or'd together
  */
 
-#define	ALL_PRINC_MASK \
- (KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION | \
-  KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | \
-  KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO | \
-  KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY | \
-  KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT )
-
-#define ALL_POLICY_MASK \
- (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \
-  KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \
-  KADM5_REF_COUNT | KADM5_PW_MAX_FAILURE | KADM5_PW_FAILURE_COUNT_INTERVAL | \
-  KADM5_PW_LOCKOUT_DURATION )
-
-#define SERVER_CHECK_HANDLE(handle) \
-{ \
-	kadm5_server_handle_t srvr = \
-	     (kadm5_server_handle_t) handle; \
- \
-	if (! srvr->current_caller) \
-		return KADM5_BAD_SERVER_HANDLE; \
-	if (! srvr->lhandle) \
-	        return KADM5_BAD_SERVER_HANDLE; \
-}
-
-#define CHECK_HANDLE(handle) \
-     GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, \
-			  KADM5_NEW_SERVER_API_VERSION) \
-     SERVER_CHECK_HANDLE(handle)
+#define ALL_PRINC_MASK                                                  \
+    (KADM5_PRINCIPAL | KADM5_PRINC_EXPIRE_TIME | KADM5_PW_EXPIRATION |  \
+     KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE |        \
+     KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO |       \
+     KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY |           \
+     KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT )
+
+#define ALL_POLICY_MASK                                                 \
+    (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE |             \
+     KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \
+     KADM5_REF_COUNT | KADM5_PW_MAX_FAILURE | KADM5_PW_FAILURE_COUNT_INTERVAL | \
+     KADM5_PW_LOCKOUT_DURATION )
+
+#define SERVER_CHECK_HANDLE(handle)             \
+    {                                           \
+        kadm5_server_handle_t srvr =            \
+            (kadm5_server_handle_t) handle;     \
+                                                \
+        if (! srvr->current_caller)             \
+            return KADM5_BAD_SERVER_HANDLE;     \
+        if (! srvr->lhandle)                    \
+            return KADM5_BAD_SERVER_HANDLE;     \
+    }
+
+#define CHECK_HANDLE(handle)                                    \
+    GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION,  \
+                         KADM5_NEW_SERVER_API_VERSION)          \
+    SERVER_CHECK_HANDLE(handle)
 
 bool_t          xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp);
 
diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c
index d5d17062a..87ed27a43 100644
--- a/src/lib/kadm5/srv/adb_xdr.c
+++ b/src/lib/kadm5/srv/adb_xdr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -11,7 +12,7 @@ static char *rcsid = "$Header$";
 #include <sys/types.h>
 #include <krb5.h>
 #include <gssrpc/rpc.h>
-#include	"server_internal.h"
+#include        "server_internal.h"
 #include "admin_xdr.h"
 #ifdef HAVE_MEMORY_H
 #include <memory.h>
@@ -23,27 +24,27 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
     unsigned int tmp;
 
     if (!xdr_krb5_int16(xdrs, &objp->key_data_ver))
-	return(FALSE);
+        return(FALSE);
     if (!xdr_krb5_int16(xdrs, &objp->key_data_kvno))
-	return(FALSE);
+        return(FALSE);
     if (!xdr_krb5_int16(xdrs, &objp->key_data_type[0]))
-	return(FALSE);
+        return(FALSE);
     if (!xdr_krb5_int16(xdrs, &objp->key_data_type[1]))
-	return(FALSE);
+        return(FALSE);
     if (!xdr_krb5_ui_2(xdrs, &objp->key_data_length[0]))
-	return(FALSE);
+        return(FALSE);
     if (!xdr_krb5_ui_2(xdrs, &objp->key_data_length[1]))
-	return(FALSE);
+        return(FALSE);
 
     tmp = (unsigned int) objp->key_data_length[0];
     if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
-		   &tmp, ~0))
-	return FALSE;
+                   &tmp, ~0))
+        return FALSE;
 
     tmp = (unsigned int) objp->key_data_length[1];
     if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
-		   &tmp, ~0))
-	return FALSE;
+                   &tmp, ~0))
+        return FALSE;
 
     /* don't need to copy tmp out, since key_data_length will be set
        by the above encoding. */
@@ -55,10 +56,10 @@ bool_t
 xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp)
 {
     if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
-		   (u_int *) &objp->n_key_data, ~0,
-		   sizeof(krb5_key_data),
-		   xdr_krb5_key_data))
-	return (FALSE);
+                   (u_int *) &objp->n_key_data, ~0,
+                   sizeof(krb5_key_data),
+                   xdr_krb5_key_data))
+        return (FALSE);
     return (TRUE);
 }
 
@@ -67,33 +68,33 @@ xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp)
 {
     switch (xdrs->x_op) {
     case XDR_ENCODE:
-	 objp->version = OSA_ADB_PRINC_VERSION_1;
-	 /* fall through */
+        objp->version = OSA_ADB_PRINC_VERSION_1;
+        /* fall through */
     case XDR_FREE:
-	 if (!xdr_int(xdrs, &objp->version))
-	      return FALSE;
-	 break;
+        if (!xdr_int(xdrs, &objp->version))
+            return FALSE;
+        break;
     case XDR_DECODE:
-	 if (!xdr_int(xdrs, &objp->version))
-	      return FALSE;
-	 if (objp->version != OSA_ADB_PRINC_VERSION_1)
-	      return FALSE;
-	 break;
+        if (!xdr_int(xdrs, &objp->version))
+            return FALSE;
+        if (objp->version != OSA_ADB_PRINC_VERSION_1)
+            return FALSE;
+        break;
     }
-    
+
     if (!xdr_nullstring(xdrs, &objp->policy))
-	return (FALSE);
+        return (FALSE);
     if (!xdr_long(xdrs, &objp->aux_attributes))
-	return (FALSE);
+        return (FALSE);
     if (!xdr_u_int(xdrs, &objp->old_key_next))
-	return (FALSE);
+        return (FALSE);
     if (!xdr_krb5_kvno(xdrs, &objp->admin_history_kvno))
-	return (FALSE);
+        return (FALSE);
     if (!xdr_array(xdrs, (caddr_t *) &objp->old_keys,
-		   (unsigned int *) &objp->old_key_len, ~0,
-		   sizeof(osa_pw_hist_ent),
-		   xdr_osa_pw_hist_ent))
-	return (FALSE);
+                   (unsigned int *) &objp->old_key_len, ~0,
+                   sizeof(osa_pw_hist_ent),
+                   xdr_osa_pw_hist_ent))
+        return (FALSE);
     return (TRUE);
 }
 
@@ -101,10 +102,9 @@ void
 osa_free_princ_ent(osa_princ_ent_t val)
 {
     XDR xdrs;
-                                                                                                                            
+
     xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
-                                                                                                                            
+
     xdr_osa_princ_ent_rec(&xdrs, val);
     free(val);
 }
-                                                                                                                            
diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c
index 45f3879b8..b8abe8afd 100644
--- a/src/lib/kadm5/srv/server_acl.c
+++ b/src/lib/kadm5/srv/server_acl.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kadm5/srv/server_acl.c
  *
@@ -40,46 +41,46 @@
 #include <ctype.h>
 
 typedef struct _acl_op_table {
-    char	ao_op;
-    krb5_int32	ao_mask;
+    char        ao_op;
+    krb5_int32  ao_mask;
 } aop_t;
 
 typedef struct _acl_entry {
-    struct _acl_entry	*ae_next;
-    char		*ae_name;
-    krb5_boolean	ae_name_bad;
-    krb5_principal	ae_principal;
-    krb5_int32		ae_op_allowed;
-    char		*ae_target;
-    krb5_boolean	ae_target_bad;
-    krb5_principal	ae_target_princ;
-    char		*ae_restriction_string;
-			/* eg: "-maxlife 3h -service +proxiable" */
-    krb5_boolean	ae_restriction_bad;
-    restriction_t	*ae_restrictions;
+    struct _acl_entry   *ae_next;
+    char                *ae_name;
+    krb5_boolean        ae_name_bad;
+    krb5_principal      ae_principal;
+    krb5_int32          ae_op_allowed;
+    char                *ae_target;
+    krb5_boolean        ae_target_bad;
+    krb5_principal      ae_target_princ;
+    char                *ae_restriction_string;
+    /* eg: "-maxlife 3h -service +proxiable" */
+    krb5_boolean        ae_restriction_bad;
+    restriction_t       *ae_restrictions;
 } aent_t;
 
 static const aop_t acl_op_table[] = {
-    { 'a',	ACL_ADD },
-    { 'd',	ACL_DELETE },
-    { 'm',	ACL_MODIFY },
-    { 'c',	ACL_CHANGEPW },
-    { 'i',	ACL_INQUIRE },
-    { 'l',	ACL_LIST },
-    { 'p',	ACL_IPROP },
-    { 's',	ACL_SETKEY },
-    { 'x',	ACL_ALL_MASK },
-    { '*',	ACL_ALL_MASK },
-    { '\0',	0 }
+    { 'a',      ACL_ADD },
+    { 'd',      ACL_DELETE },
+    { 'm',      ACL_MODIFY },
+    { 'c',      ACL_CHANGEPW },
+    { 'i',      ACL_INQUIRE },
+    { 'l',      ACL_LIST },
+    { 'p',      ACL_IPROP },
+    { 's',      ACL_SETKEY },
+    { 'x',      ACL_ALL_MASK },
+    { '*',      ACL_ALL_MASK },
+    { '\0',     0 }
 };
 
 typedef struct _wildstate {
-    int		nwild;
-    krb5_data	*backref[9];
+    int         nwild;
+    krb5_data   *backref[9];
 } wildstate_t;
 
-static aent_t	*acl_list_head = (aent_t *) NULL;
-static aent_t	*acl_list_tail = (aent_t *) NULL;
+static aent_t   *acl_list_head = (aent_t *) NULL;
+static aent_t   *acl_list_tail = (aent_t *) NULL;
 
 static const char *acl_acl_file = (char *) NULL;
 static int acl_inited = 0;
@@ -99,65 +100,65 @@ static const char *acl_cantopen_msg = "%s while opening ACL file %s";
 
 /*
  * kadm5int_acl_get_line() - Get a line from the ACL file.
- *			Lines ending with \ are continued on the next line
+ *                      Lines ending with \ are continued on the next line
  */
 static char *
 kadm5int_acl_get_line(fp, lnp)
-    FILE	*fp;
-    int		*lnp;		/* caller should set to 1 before first call */
+    FILE        *fp;
+    int         *lnp;           /* caller should set to 1 before first call */
 {
-    int		i, domore;
-    static int	line_incr = 0;
+    int         i, domore;
+    static int  line_incr = 0;
     static char acl_buf[BUFSIZ];
 
     *lnp += line_incr;
     line_incr = 0;
     for (domore = 1; domore && !feof(fp); ) {
-	/* Copy in the line, with continuations */
-	for (i=0; ((i < sizeof acl_buf) && !feof(fp)); i++ ) {
-	    int byte;
-	    byte = fgetc(fp);
-	    acl_buf[i] = byte;
-	    if (byte == (char)EOF) {
-		if (i > 0 && acl_buf[i-1] == '\\')
-		    i--;
-		break;		/* it gets nulled-out below */
-	    }
-	    else if (acl_buf[i] == '\n') {
-		if (i == 0 || acl_buf[i-1] != '\\')
-		    break;	/* empty line or normal end of line */
-		else {
-		    i -= 2;	/* back up over "\\\n" and continue */
-		    line_incr++;
-		}
-	    }
-	}
-	/* Check if we exceeded our buffer size */
-	if (i == sizeof acl_buf && (i--, !feof(fp))) {
-	    int	c1 = acl_buf[i], c2;
-
-	    krb5_klog_syslog(LOG_ERR, acl_line2long_msg, acl_acl_file, *lnp);
-	    while ((c2 = fgetc(fp)) != EOF) {
-		if (c2 == '\n') {
-		    if (c1 != '\\')
-			break;
-		    line_incr++;
-		}
-		c1 = c2;
-	    }
-	}
-	acl_buf[i] = '\0';
-	if (acl_buf[0] == (char) EOF)	/* ptooey */
-	    acl_buf[0] = '\0';
-	else
-	    line_incr++;
-	if ((acl_buf[0] != '#') && (acl_buf[0] != '\0'))
-	    domore = 0;
+        /* Copy in the line, with continuations */
+        for (i=0; ((i < sizeof acl_buf) && !feof(fp)); i++ ) {
+            int byte;
+            byte = fgetc(fp);
+            acl_buf[i] = byte;
+            if (byte == (char)EOF) {
+                if (i > 0 && acl_buf[i-1] == '\\')
+                    i--;
+                break;          /* it gets nulled-out below */
+            }
+            else if (acl_buf[i] == '\n') {
+                if (i == 0 || acl_buf[i-1] != '\\')
+                    break;      /* empty line or normal end of line */
+                else {
+                    i -= 2;     /* back up over "\\\n" and continue */
+                    line_incr++;
+                }
+            }
+        }
+        /* Check if we exceeded our buffer size */
+        if (i == sizeof acl_buf && (i--, !feof(fp))) {
+            int c1 = acl_buf[i], c2;
+
+            krb5_klog_syslog(LOG_ERR, acl_line2long_msg, acl_acl_file, *lnp);
+            while ((c2 = fgetc(fp)) != EOF) {
+                if (c2 == '\n') {
+                    if (c1 != '\\')
+                        break;
+                    line_incr++;
+                }
+                c1 = c2;
+            }
+        }
+        acl_buf[i] = '\0';
+        if (acl_buf[0] == (char) EOF)   /* ptooey */
+            acl_buf[0] = '\0';
+        else
+            line_incr++;
+        if ((acl_buf[0] != '#') && (acl_buf[0] != '\0'))
+            domore = 0;
     }
     if (domore || (strlen(acl_buf) == 0))
-	return((char *) NULL);
+        return((char *) NULL);
     else
-	return(acl_buf);
+        return(acl_buf);
 }
 
 /*
@@ -171,95 +172,95 @@ kadm5int_acl_parse_line(lp)
     static char acle_ops[BUFSIZ];
     static char acle_object[BUFSIZ];
     static char acle_restrictions[BUFSIZ];
-    aent_t	*acle;
-    char	*op;
-    int		t, found, opok, nmatch;
+    aent_t      *acle;
+    char        *op;
+    int         t, found, opok, nmatch;
 
     DPRINT(DEBUG_CALLS, acl_debug_level,
-	   ("* kadm5int_acl_parse_line(line=%20s)\n", lp));
+           ("* kadm5int_acl_parse_line(line=%20s)\n", lp));
     /*
      * Format is still simple:
      *  entry ::= [<whitespace>] <principal> <whitespace> <opstring>
-     *		  [<whitespace> <target> [<whitespace> <restrictions>
-     *					  [<whitespace>]]]
+     *            [<whitespace> <target> [<whitespace> <restrictions>
+     *                                    [<whitespace>]]]
      */
     acle = (aent_t *) NULL;
     acle_object[0] = '\0';
     nmatch = sscanf(lp, "%s %s %s %[^\n]", acle_principal, acle_ops,
-		    acle_object, acle_restrictions);
+                    acle_object, acle_restrictions);
     if (nmatch >= 2) {
-	acle = (aent_t *) malloc(sizeof(aent_t));
-	if (acle) {
-	    acle->ae_next = (aent_t *) NULL;
-	    acle->ae_op_allowed = (krb5_int32) 0;
-	    acle->ae_target =
-		(nmatch >= 3) ? strdup(acle_object) : (char *) NULL;
-	    acle->ae_target_bad = 0;
-	    acle->ae_target_princ = (krb5_principal) NULL;
-	    opok = 1;
-	    for (op=acle_ops; *op; op++) {
-		char rop;
-
-		rop = (isupper((unsigned char) *op)) ? tolower((unsigned char) *op) : *op;
-		found = 0;
-		for (t=0; acl_op_table[t].ao_op; t++) {
-		    if (rop == acl_op_table[t].ao_op) {
-			found = 1;
-			if (rop == *op)
-			    acle->ae_op_allowed |= acl_op_table[t].ao_mask;
-			else
-			    acle->ae_op_allowed &= ~acl_op_table[t].ao_mask;
-		    }
-		}
-		if (!found) {
-		    krb5_klog_syslog(LOG_ERR, acl_op_bad_msg, *op, lp);
-		    opok = 0;
-		}
-	    }
-	    if (opok) {
-		acle->ae_name = strdup(acle_principal);
-		if (acle->ae_name) {
-		    acle->ae_principal = (krb5_principal) NULL;
-		    acle->ae_name_bad = 0;
-		    DPRINT(DEBUG_ACL, acl_debug_level,
-			   ("A ACL entry %s -> opmask %x\n",
-			    acle->ae_name, acle->ae_op_allowed));
-		}
-		else {
-		    if (acle->ae_target)
-			free(acle->ae_target);
-		    free(acle);
-		    acle = (aent_t *) NULL;
-		}
-	    }
-	    else {
-		if (acle->ae_target)
-		    free(acle->ae_target);
-		free(acle);
-		acle = (aent_t *) NULL;
-	    }
-
-	    if (acle) {
-		    if ( nmatch >= 4 ) {
-			    char	*trailing;
-			    
-			    trailing = &acle_restrictions[strlen(acle_restrictions)-1];
-			    while ( isspace((int) *trailing) )
-				    trailing--;
-			    trailing[1] = '\0';
-			    acle->ae_restriction_string = 
-				    strdup(acle_restrictions);
-		    }
-		    else {
-			    acle->ae_restriction_string = (char *) NULL;
-		    }
-		    acle->ae_restriction_bad = 0;
-		    acle->ae_restrictions = (restriction_t *) NULL;
-	    }
-	}
+        acle = (aent_t *) malloc(sizeof(aent_t));
+        if (acle) {
+            acle->ae_next = (aent_t *) NULL;
+            acle->ae_op_allowed = (krb5_int32) 0;
+            acle->ae_target =
+                (nmatch >= 3) ? strdup(acle_object) : (char *) NULL;
+            acle->ae_target_bad = 0;
+            acle->ae_target_princ = (krb5_principal) NULL;
+            opok = 1;
+            for (op=acle_ops; *op; op++) {
+                char rop;
+
+                rop = (isupper((unsigned char) *op)) ? tolower((unsigned char) *op) : *op;
+                found = 0;
+                for (t=0; acl_op_table[t].ao_op; t++) {
+                    if (rop == acl_op_table[t].ao_op) {
+                        found = 1;
+                        if (rop == *op)
+                            acle->ae_op_allowed |= acl_op_table[t].ao_mask;
+                        else
+                            acle->ae_op_allowed &= ~acl_op_table[t].ao_mask;
+                    }
+                }
+                if (!found) {
+                    krb5_klog_syslog(LOG_ERR, acl_op_bad_msg, *op, lp);
+                    opok = 0;
+                }
+            }
+            if (opok) {
+                acle->ae_name = strdup(acle_principal);
+                if (acle->ae_name) {
+                    acle->ae_principal = (krb5_principal) NULL;
+                    acle->ae_name_bad = 0;
+                    DPRINT(DEBUG_ACL, acl_debug_level,
+                           ("A ACL entry %s -> opmask %x\n",
+                            acle->ae_name, acle->ae_op_allowed));
+                }
+                else {
+                    if (acle->ae_target)
+                        free(acle->ae_target);
+                    free(acle);
+                    acle = (aent_t *) NULL;
+                }
+            }
+            else {
+                if (acle->ae_target)
+                    free(acle->ae_target);
+                free(acle);
+                acle = (aent_t *) NULL;
+            }
+
+            if (acle) {
+                if ( nmatch >= 4 ) {
+                    char        *trailing;
+
+                    trailing = &acle_restrictions[strlen(acle_restrictions)-1];
+                    while ( isspace((int) *trailing) )
+                        trailing--;
+                    trailing[1] = '\0';
+                    acle->ae_restriction_string =
+                        strdup(acle_restrictions);
+                }
+                else {
+                    acle->ae_restriction_string = (char *) NULL;
+                }
+                acle->ae_restriction_bad = 0;
+                acle->ae_restrictions = (restriction_t *) NULL;
+            }
+        }
     }
     DPRINT(DEBUG_CALLS, acl_debug_level,
-	   ("X kadm5int_acl_parse_line() = %x\n", (long) acle));
+           ("X kadm5int_acl_parse_line() = %x\n", (long) acle));
     return(acle);
 }
 
@@ -267,177 +268,177 @@ kadm5int_acl_parse_line(lp)
  * kadm5int_acl_parse_restrictions() - Parse optional restrictions field
  *
  * Allowed restrictions are:
- *	[+-]flagname		(recognized by krb5_string_to_flags)
- *				flag is forced to indicated value
- *	-clearpolicy		policy is forced clear
- *	-policy pol		policy is forced to be "pol"
- *	-{expire,pwexpire,maxlife,maxrenewlife} deltat
- *				associated value will be forced to
- *				MIN(deltat, requested value)
+ *      [+-]flagname            (recognized by krb5_string_to_flags)
+ *                              flag is forced to indicated value
+ *      -clearpolicy            policy is forced clear
+ *      -policy pol             policy is forced to be "pol"
+ *      -{expire,pwexpire,maxlife,maxrenewlife} deltat
+ *                              associated value will be forced to
+ *                              MIN(deltat, requested value)
  *
  * Returns: 0 on success, or system errors
  */
 static krb5_error_code
 kadm5int_acl_parse_restrictions(s, rpp)
-    char		*s;
-    restriction_t	**rpp;
+    char                *s;
+    restriction_t       **rpp;
 {
-    char		*sp = NULL, *tp, *ap, *save;
-    static const char	*delims = "\t\n\f\v\r ,";
-    krb5_deltat		dt;
-    krb5_flags		flag;
-    krb5_error_code	code;
+    char                *sp = NULL, *tp, *ap, *save;
+    static const char   *delims = "\t\n\f\v\r ,";
+    krb5_deltat         dt;
+    krb5_flags          flag;
+    krb5_error_code     code;
 
-   DPRINT(DEBUG_CALLS, acl_debug_level,
-	   ("* kadm5int_acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp));
+    DPRINT(DEBUG_CALLS, acl_debug_level,
+           ("* kadm5int_acl_parse_restrictions(s=%20s, rpp=0x%08x)\n", s, (long)rpp));
 
     *rpp = (restriction_t *) NULL;
     code = 0;
     if (s) {
-	if (!(sp = strdup(s))	/* Don't munge the original */
-	    || !(*rpp = (restriction_t *) malloc(sizeof(restriction_t)))) {
-	    code = ENOMEM;
-	} else {
-	    memset(*rpp, 0, sizeof(**rpp));
-	    for (tp = strtok_r(sp, delims, &save); tp;
-		 tp = strtok_r(NULL, delims, &save)) {
-		flag = 0;
-		if (!krb5_string_to_flags(tp, "+", "-", &flag)) {
-		    /* OK, but was it in the positive or negative sense? */
-		    if (flag) {
-			(*rpp)->require_attrs |= flag;
-		    } else {
-			flag = ~0;
-			(void) krb5_string_to_flags(tp, "+", "-", &flag);
-			(*rpp)->forbid_attrs |= ~flag;
-		    }
-		    (*rpp)->mask |= KADM5_ATTRIBUTES;
-		} else if (!strcmp(tp, "-clearpolicy")) {
-		    (*rpp)->mask |= KADM5_POLICY_CLR;
-		} else {
-		    /* everything else needs an argument ... */
-		    if (!(ap = strtok_r(NULL, delims, &save))) {
-			code = EINVAL;
-			break;
-		    }
-		    if (!strcmp(tp, "-policy")) {
-			if (!((*rpp)->policy = strdup(ap))) {
-			    code = ENOMEM;
-			    break;
-			}
-			(*rpp)->mask |= KADM5_POLICY;
-		    } else {
-			/* all other arguments must be a deltat ... */
-			if (krb5_string_to_deltat(ap, &dt)) {
-			    code = EINVAL;
-			    break;
-			}
-			if (!strcmp(tp, "-expire")) {
-			    (*rpp)->princ_lifetime = dt;
-			    (*rpp)->mask |= KADM5_PRINC_EXPIRE_TIME;
-			} else if (!strcmp(tp, "-pwexpire")) {
-			    (*rpp)->pw_lifetime = dt;
-			    (*rpp)->mask |= KADM5_PW_EXPIRATION;
-			} else if (!strcmp(tp, "-maxlife")) {
-			    (*rpp)->max_life = dt;
-			    (*rpp)->mask |= KADM5_MAX_LIFE;
-			} else if (!strcmp(tp, "-maxrenewlife")) {
-			    (*rpp)->max_renewable_life = dt;
-			    (*rpp)->mask |= KADM5_MAX_RLIFE;
-			} else {
-			    code = EINVAL;
-			    break;
-			}
-		    }
-		}
-	    }
-	}
+        if (!(sp = strdup(s))   /* Don't munge the original */
+            || !(*rpp = (restriction_t *) malloc(sizeof(restriction_t)))) {
+            code = ENOMEM;
+        } else {
+            memset(*rpp, 0, sizeof(**rpp));
+            for (tp = strtok_r(sp, delims, &save); tp;
+                 tp = strtok_r(NULL, delims, &save)) {
+                flag = 0;
+                if (!krb5_string_to_flags(tp, "+", "-", &flag)) {
+                    /* OK, but was it in the positive or negative sense? */
+                    if (flag) {
+                        (*rpp)->require_attrs |= flag;
+                    } else {
+                        flag = ~0;
+                        (void) krb5_string_to_flags(tp, "+", "-", &flag);
+                        (*rpp)->forbid_attrs |= ~flag;
+                    }
+                    (*rpp)->mask |= KADM5_ATTRIBUTES;
+                } else if (!strcmp(tp, "-clearpolicy")) {
+                    (*rpp)->mask |= KADM5_POLICY_CLR;
+                } else {
+                    /* everything else needs an argument ... */
+                    if (!(ap = strtok_r(NULL, delims, &save))) {
+                        code = EINVAL;
+                        break;
+                    }
+                    if (!strcmp(tp, "-policy")) {
+                        if (!((*rpp)->policy = strdup(ap))) {
+                            code = ENOMEM;
+                            break;
+                        }
+                        (*rpp)->mask |= KADM5_POLICY;
+                    } else {
+                        /* all other arguments must be a deltat ... */
+                        if (krb5_string_to_deltat(ap, &dt)) {
+                            code = EINVAL;
+                            break;
+                        }
+                        if (!strcmp(tp, "-expire")) {
+                            (*rpp)->princ_lifetime = dt;
+                            (*rpp)->mask |= KADM5_PRINC_EXPIRE_TIME;
+                        } else if (!strcmp(tp, "-pwexpire")) {
+                            (*rpp)->pw_lifetime = dt;
+                            (*rpp)->mask |= KADM5_PW_EXPIRATION;
+                        } else if (!strcmp(tp, "-maxlife")) {
+                            (*rpp)->max_life = dt;
+                            (*rpp)->mask |= KADM5_MAX_LIFE;
+                        } else if (!strcmp(tp, "-maxrenewlife")) {
+                            (*rpp)->max_renewable_life = dt;
+                            (*rpp)->mask |= KADM5_MAX_RLIFE;
+                        } else {
+                            code = EINVAL;
+                            break;
+                        }
+                    }
+                }
+            }
+        }
     }
     if (sp)
-	free(sp);
+        free(sp);
     if (*rpp && code) {
-	if ((*rpp)->policy)
-	    free((*rpp)->policy);
-	free(*rpp);
-	*rpp = (restriction_t *) NULL;
+        if ((*rpp)->policy)
+            free((*rpp)->policy);
+        free(*rpp);
+        *rpp = (restriction_t *) NULL;
     }
     DPRINT(DEBUG_CALLS, acl_debug_level,
-	   ("X kadm5int_acl_parse_restrictions() = %d, mask=0x%08x\n",
-	    code, (*rpp) ? (*rpp)->mask : 0));
+           ("X kadm5int_acl_parse_restrictions() = %d, mask=0x%08x\n",
+            code, (*rpp) ? (*rpp)->mask : 0));
     return code;
 }
 
 /*
- * kadm5int_acl_impose_restrictions()	- impose restrictions, modifying *recp, *maskp
+ * kadm5int_acl_impose_restrictions()   - impose restrictions, modifying *recp, *maskp
  *
  * Returns: 0 on success;
- *	    malloc or timeofday errors
+ *          malloc or timeofday errors
  */
 krb5_error_code
 kadm5int_acl_impose_restrictions(kcontext, recp, maskp, rp)
-     krb5_context		kcontext;
-     kadm5_principal_ent_rec	*recp;
-     long			*maskp;
-     restriction_t		*rp;
+    krb5_context               kcontext;
+    kadm5_principal_ent_rec    *recp;
+    long                       *maskp;
+    restriction_t              *rp;
 {
-    krb5_error_code	code;
-    krb5_int32		now;
+    krb5_error_code     code;
+    krb5_int32          now;
 
     DPRINT(DEBUG_CALLS, acl_debug_level,
-	   ("* kadm5int_acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n",
-	    *maskp, (long)rp));
+           ("* kadm5int_acl_impose_restrictions(..., *maskp=0x%08x, rp=0x%08x)\n",
+            *maskp, (long)rp));
     if (!rp)
-	return 0;
+        return 0;
     if (rp->mask & (KADM5_PRINC_EXPIRE_TIME|KADM5_PW_EXPIRATION))
-	if ((code = krb5_timeofday(kcontext, &now)))
-	    return code;
+        if ((code = krb5_timeofday(kcontext, &now)))
+            return code;
 
     if (rp->mask & KADM5_ATTRIBUTES) {
-	recp->attributes |= rp->require_attrs;
-	recp->attributes &= ~(rp->forbid_attrs);
-	*maskp |= KADM5_ATTRIBUTES;
+        recp->attributes |= rp->require_attrs;
+        recp->attributes &= ~(rp->forbid_attrs);
+        *maskp |= KADM5_ATTRIBUTES;
     }
     if (rp->mask & KADM5_POLICY_CLR) {
-	*maskp &= ~KADM5_POLICY;
-	*maskp |= KADM5_POLICY_CLR;
+        *maskp &= ~KADM5_POLICY;
+        *maskp |= KADM5_POLICY_CLR;
     } else if (rp->mask & KADM5_POLICY) {
-	if (recp->policy && strcmp(recp->policy, rp->policy)) {
-		free(recp->policy);
-		recp->policy = (char *) NULL;
-	}
-	if (!recp->policy) {
-	    recp->policy = strdup(rp->policy);  /* XDR will free it */
-	    if (!recp->policy)
-		return ENOMEM;
-	}
-	*maskp |= KADM5_POLICY;
+        if (recp->policy && strcmp(recp->policy, rp->policy)) {
+            free(recp->policy);
+            recp->policy = (char *) NULL;
+        }
+        if (!recp->policy) {
+            recp->policy = strdup(rp->policy);  /* XDR will free it */
+            if (!recp->policy)
+                return ENOMEM;
+        }
+        *maskp |= KADM5_POLICY;
     }
     if (rp->mask & KADM5_PRINC_EXPIRE_TIME) {
-	if (!(*maskp & KADM5_PRINC_EXPIRE_TIME)
-	    || (recp->princ_expire_time > (now + rp->princ_lifetime)))
-	    recp->princ_expire_time = now + rp->princ_lifetime;
-	*maskp |= KADM5_PRINC_EXPIRE_TIME;
+        if (!(*maskp & KADM5_PRINC_EXPIRE_TIME)
+            || (recp->princ_expire_time > (now + rp->princ_lifetime)))
+            recp->princ_expire_time = now + rp->princ_lifetime;
+        *maskp |= KADM5_PRINC_EXPIRE_TIME;
     }
     if (rp->mask & KADM5_PW_EXPIRATION) {
-	if (!(*maskp & KADM5_PW_EXPIRATION)
-	    || (recp->pw_expiration > (now + rp->pw_lifetime)))
-	    recp->pw_expiration = now + rp->pw_lifetime;
-	*maskp |= KADM5_PW_EXPIRATION;
+        if (!(*maskp & KADM5_PW_EXPIRATION)
+            || (recp->pw_expiration > (now + rp->pw_lifetime)))
+            recp->pw_expiration = now + rp->pw_lifetime;
+        *maskp |= KADM5_PW_EXPIRATION;
     }
     if (rp->mask & KADM5_MAX_LIFE) {
-	if (!(*maskp & KADM5_MAX_LIFE)
-	    || (recp->max_life > rp->max_life))
-	    recp->max_life = rp->max_life;
-	*maskp |= KADM5_MAX_LIFE;
+        if (!(*maskp & KADM5_MAX_LIFE)
+            || (recp->max_life > rp->max_life))
+            recp->max_life = rp->max_life;
+        *maskp |= KADM5_MAX_LIFE;
     }
     if (rp->mask & KADM5_MAX_RLIFE) {
-	if (!(*maskp & KADM5_MAX_RLIFE)
-	    || (recp->max_renewable_life > rp->max_renewable_life))
-	    recp->max_renewable_life = rp->max_renewable_life;
-	*maskp |= KADM5_MAX_RLIFE;
+        if (!(*maskp & KADM5_MAX_RLIFE)
+            || (recp->max_renewable_life > rp->max_renewable_life))
+            recp->max_renewable_life = rp->max_renewable_life;
+        *maskp |= KADM5_MAX_RLIFE;
     }
     DPRINT(DEBUG_CALLS, acl_debug_level,
-	   ("X kadm5int_acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp));
+           ("X kadm5int_acl_impose_restrictions() = 0, *maskp=0x%08x\n", *maskp));
     return 0;
 }
 
@@ -447,28 +448,28 @@ kadm5int_acl_impose_restrictions(kcontext, recp, maskp, rp)
 static void
 kadm5int_acl_free_entries()
 {
-    aent_t	*ap;
-    aent_t	*np;
+    aent_t      *ap;
+    aent_t      *np;
 
     DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_free_entries()\n"));
     for (ap=acl_list_head; ap; ap = np) {
-	if (ap->ae_name)
-	    free(ap->ae_name);
-	if (ap->ae_principal)
-	    krb5_free_principal((krb5_context) NULL, ap->ae_principal);
-	if (ap->ae_target)
-	    free(ap->ae_target);
-	if (ap->ae_target_princ)
-	    krb5_free_principal((krb5_context) NULL, ap->ae_target_princ);
-	if (ap->ae_restriction_string)
-	    free(ap->ae_restriction_string);
-	if (ap->ae_restrictions) {
-	    if (ap->ae_restrictions->policy)
-		free(ap->ae_restrictions->policy);
-	    free(ap->ae_restrictions);
-	}
-	np = ap->ae_next;
-	free(ap);
+        if (ap->ae_name)
+            free(ap->ae_name);
+        if (ap->ae_principal)
+            krb5_free_principal((krb5_context) NULL, ap->ae_principal);
+        if (ap->ae_target)
+            free(ap->ae_target);
+        if (ap->ae_target_princ)
+            krb5_free_principal((krb5_context) NULL, ap->ae_target_princ);
+        if (ap->ae_restriction_string)
+            free(ap->ae_restriction_string);
+        if (ap->ae_restrictions) {
+            if (ap->ae_restrictions->policy)
+                free(ap->ae_restrictions->policy);
+            free(ap->ae_restrictions);
+        }
+        np = ap->ae_next;
+        free(ap);
     }
     acl_list_head = acl_list_tail = (aent_t *) NULL;
     acl_inited = 0;
@@ -476,250 +477,250 @@ kadm5int_acl_free_entries()
 }
 
 /*
- * kadm5int_acl_load_acl_file()	- Open and parse the ACL file.
+ * kadm5int_acl_load_acl_file() - Open and parse the ACL file.
  */
 static int
 kadm5int_acl_load_acl_file()
 {
-    FILE 	*afp;
-    char 	*alinep;
-    aent_t	**aentpp;
-    int		alineno;
-    int		retval = 1;
+    FILE        *afp;
+    char        *alinep;
+    aent_t      **aentpp;
+    int         alineno;
+    int         retval = 1;
 
     DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_load_acl_file()\n"));
     /* Open the ACL file for read */
     afp = fopen(acl_acl_file, "r");
     if (afp) {
-	set_cloexec_file(afp);
-	alineno = 1;
-	aentpp = &acl_list_head;
-
-	/* Get a non-comment line */
-	while ((alinep = kadm5int_acl_get_line(afp, &alineno))) {
-	    /* Parse it */
-	    *aentpp = kadm5int_acl_parse_line(alinep);
-	    /* If syntax error, then fall out */
-	    if (!*aentpp) {
-		krb5_klog_syslog(LOG_ERR, acl_syn_err_msg,
-			acl_acl_file, alineno, alinep);
-		retval = 0;
-		break;
-	    }
-	    acl_list_tail = *aentpp;
-	    aentpp = &(*aentpp)->ae_next;
-	}
-
-	fclose(afp);
-
-	if (acl_catchall_entry) {
-	     *aentpp = kadm5int_acl_parse_line(acl_catchall_entry);
-	     if (*aentpp) {
-		  acl_list_tail = *aentpp;
-	     }
-	     else {
-		  retval = 0;
-		  DPRINT(DEBUG_OPERATION, acl_debug_level,
-			 ("> catchall acl entry (%s) load failed\n",
-			  acl_catchall_entry));
-	     }
-	}
+        set_cloexec_file(afp);
+        alineno = 1;
+        aentpp = &acl_list_head;
+
+        /* Get a non-comment line */
+        while ((alinep = kadm5int_acl_get_line(afp, &alineno))) {
+            /* Parse it */
+            *aentpp = kadm5int_acl_parse_line(alinep);
+            /* If syntax error, then fall out */
+            if (!*aentpp) {
+                krb5_klog_syslog(LOG_ERR, acl_syn_err_msg,
+                                 acl_acl_file, alineno, alinep);
+                retval = 0;
+                break;
+            }
+            acl_list_tail = *aentpp;
+            aentpp = &(*aentpp)->ae_next;
+        }
+
+        fclose(afp);
+
+        if (acl_catchall_entry) {
+            *aentpp = kadm5int_acl_parse_line(acl_catchall_entry);
+            if (*aentpp) {
+                acl_list_tail = *aentpp;
+            }
+            else {
+                retval = 0;
+                DPRINT(DEBUG_OPERATION, acl_debug_level,
+                       ("> catchall acl entry (%s) load failed\n",
+                        acl_catchall_entry));
+            }
+        }
     }
     else {
-	krb5_klog_syslog(LOG_ERR, acl_cantopen_msg,
-			 error_message(errno), acl_acl_file);
-	if (acl_catchall_entry &&
-	    (acl_list_head = kadm5int_acl_parse_line(acl_catchall_entry))) {
-	    acl_list_tail = acl_list_head;
-	}
-	else {
-	    retval = 0;
-	    DPRINT(DEBUG_OPERATION, acl_debug_level,
-		   ("> catchall acl entry (%s) load failed\n",
-		    acl_catchall_entry));
-	}
+        krb5_klog_syslog(LOG_ERR, acl_cantopen_msg,
+                         error_message(errno), acl_acl_file);
+        if (acl_catchall_entry &&
+            (acl_list_head = kadm5int_acl_parse_line(acl_catchall_entry))) {
+            acl_list_tail = acl_list_head;
+        }
+        else {
+            retval = 0;
+            DPRINT(DEBUG_OPERATION, acl_debug_level,
+                   ("> catchall acl entry (%s) load failed\n",
+                    acl_catchall_entry));
+        }
     }
 
     if (!retval) {
-	kadm5int_acl_free_entries();
+        kadm5int_acl_free_entries();
     }
     DPRINT(DEBUG_CALLS, acl_debug_level,
-	   ("X kadm5int_acl_load_acl_file() = %d\n", retval));
+           ("X kadm5int_acl_load_acl_file() = %d\n", retval));
     return(retval);
 }
 
 /*
- * kadm5int_acl_match_data()	- See if two data entries match.
+ * kadm5int_acl_match_data()    - See if two data entries match.
  *
  * Wildcarding is only supported for a whole component.
  */
 static krb5_boolean
 kadm5int_acl_match_data(e1, e2, targetflag, ws)
-    krb5_data	*e1, *e2;
-    int		targetflag;
-    wildstate_t	*ws;
+    krb5_data   *e1, *e2;
+    int         targetflag;
+    wildstate_t *ws;
 {
-    krb5_boolean	retval;
+    krb5_boolean        retval;
 
-    DPRINT(DEBUG_CALLS, acl_debug_level, 
-	   ("* acl_match_entry(%s, %s)\n", e1->data, e2->data));
+    DPRINT(DEBUG_CALLS, acl_debug_level,
+           ("* acl_match_entry(%s, %s)\n", e1->data, e2->data));
     retval = 0;
     if (!strncmp(e1->data, "*", e1->length)) {
-	retval = 1;
-	if (ws && !targetflag) {
-	    if (ws->nwild >= 9) {
-		DPRINT(DEBUG_ACL, acl_debug_level,
-		    ("Too many wildcards in ACL entry %s\n", entry->ae_name));
-	    }
-	    else
-		ws->backref[ws->nwild++] = e2;
-	}
+        retval = 1;
+        if (ws && !targetflag) {
+            if (ws->nwild >= 9) {
+                DPRINT(DEBUG_ACL, acl_debug_level,
+                       ("Too many wildcards in ACL entry %s\n", entry->ae_name));
+            }
+            else
+                ws->backref[ws->nwild++] = e2;
+        }
     }
     else if (ws && targetflag && (e1->length == 2) && (e1->data[0] == '*') &&
-	     (e1->data[1] >= '1') && (e1->data[1] <= '9')) {
-	int	n = e1->data[1] - '1';
-	if (n >= ws->nwild) {
-	    DPRINT(DEBUG_ACL, acl_debug_level,
-		   ("Too many backrefs in ACL entry %s\n", entry->ae_name));
-	}
-	else if ((ws->backref[n]->length == e2->length) &&
-		 (!strncmp(ws->backref[n]->data, e2->data, e2->length)))
-	    retval = 1;
-	
+             (e1->data[1] >= '1') && (e1->data[1] <= '9')) {
+        int     n = e1->data[1] - '1';
+        if (n >= ws->nwild) {
+            DPRINT(DEBUG_ACL, acl_debug_level,
+                   ("Too many backrefs in ACL entry %s\n", entry->ae_name));
+        }
+        else if ((ws->backref[n]->length == e2->length) &&
+                 (!strncmp(ws->backref[n]->data, e2->data, e2->length)))
+            retval = 1;
+
     }
     else {
-	if ((e1->length == e2->length) &&
-	    (!strncmp(e1->data, e2->data, e1->length)))
-	    retval = 1;
+        if ((e1->length == e2->length) &&
+            (!strncmp(e1->data, e2->data, e1->length)))
+            retval = 1;
     }
     DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_match_entry()=%d\n",retval));
     return(retval);
 }
 
 /*
- * kadm5int_acl_find_entry()	- Find a matching entry.
+ * kadm5int_acl_find_entry()    - Find a matching entry.
  */
 static aent_t *
 kadm5int_acl_find_entry(kcontext, principal, dest_princ)
-    krb5_context	kcontext;
-    krb5_principal	principal;
-    krb5_principal	dest_princ;
+    krb5_context        kcontext;
+    krb5_principal      principal;
+    krb5_principal      dest_princ;
 {
-    aent_t		*entry;
-    krb5_error_code	kret;
-    int			i;
-    int			matchgood;
-    wildstate_t		state;
+    aent_t              *entry;
+    krb5_error_code     kret;
+    int                 i;
+    int                 matchgood;
+    wildstate_t         state;
 
     DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_find_entry()\n"));
     memset(&state, 0, sizeof state);
     for (entry=acl_list_head; entry; entry = entry->ae_next) {
-	if (entry->ae_name_bad)
-	    continue;
-	if (!strcmp(entry->ae_name, "*")) {
-	    DPRINT(DEBUG_ACL, acl_debug_level, ("A wildcard ACL match\n"));
-	    matchgood = 1;
-	}
-	else {
-	    if (!entry->ae_principal && !entry->ae_name_bad) {
-		kret = krb5_parse_name(kcontext,
-				       entry->ae_name,
-				       &entry->ae_principal);
-		if (kret)
-		    entry->ae_name_bad = 1;
-	    }
-	    if (entry->ae_name_bad) {
-		DPRINT(DEBUG_ACL, acl_debug_level,
-		       ("Bad ACL entry %s\n", entry->ae_name));
-		continue;
-	    }
-	    matchgood = 0;
-	    if (kadm5int_acl_match_data(&entry->ae_principal->realm,
-			       &principal->realm, 0, (wildstate_t *)0) &&
-		(entry->ae_principal->length == principal->length)) {
-		matchgood = 1;
-		for (i=0; i<principal->length; i++) {
-		    if (!kadm5int_acl_match_data(&entry->ae_principal->data[i],
-					&principal->data[i], 0, &state)) {
-			matchgood = 0;
-			break;
-		    }
-		}
-	    }
-	}
-	if (!matchgood)
-	    continue;
-
-	/* We've matched the principal.  If we have a target, then try it */
-	if (entry->ae_target && strcmp(entry->ae_target, "*")) {
-	    if (!entry->ae_target_princ && !entry->ae_target_bad) {
-		kret = krb5_parse_name(kcontext, entry->ae_target,
-				       &entry->ae_target_princ);
-		if (kret)
-		    entry->ae_target_bad = 1;
-	    }
-	    if (entry->ae_target_bad) {
-	        DPRINT(DEBUG_ACL, acl_debug_level,
-		       ("Bad target in ACL entry for %s\n", entry->ae_name));
-	        entry->ae_name_bad = 1;
-	        continue;
-	    }
-	    if (!dest_princ)
-	        matchgood = 0;
-	    else if (entry->ae_target_princ && dest_princ) {
-	        if (kadm5int_acl_match_data(&entry->ae_target_princ->realm,
-			           &dest_princ->realm, 1, (wildstate_t *)0) &&
-		    (entry->ae_target_princ->length == dest_princ->length)) {
-		    for (i=0; i<dest_princ->length; i++) {
-		        if (!kadm5int_acl_match_data(&entry->ae_target_princ->data[i],
-			  		    &dest_princ->data[i], 1, &state)) {
-			    matchgood = 0;
-			    break;
-		        }
-		    }
-	        }
-	        else
-		    matchgood = 0;
-	    }
+        if (entry->ae_name_bad)
+            continue;
+        if (!strcmp(entry->ae_name, "*")) {
+            DPRINT(DEBUG_ACL, acl_debug_level, ("A wildcard ACL match\n"));
+            matchgood = 1;
         }
-	if (!matchgood)
-	    continue;
-
-	if (entry->ae_restriction_string
-	    && !entry->ae_restriction_bad
-	    && !entry->ae_restrictions
-	    && kadm5int_acl_parse_restrictions(entry->ae_restriction_string,
-				      &entry->ae_restrictions)) {
-	    DPRINT(DEBUG_ACL, acl_debug_level,
-		   ("Bad restrictions in ACL entry for %s\n", entry->ae_name));
-	    entry->ae_restriction_bad = 1;
-	}
-	if (entry->ae_restriction_bad) {
-	    entry->ae_name_bad = 1;
-	    continue;
-	}
-	break;
+        else {
+            if (!entry->ae_principal && !entry->ae_name_bad) {
+                kret = krb5_parse_name(kcontext,
+                                       entry->ae_name,
+                                       &entry->ae_principal);
+                if (kret)
+                    entry->ae_name_bad = 1;
+            }
+            if (entry->ae_name_bad) {
+                DPRINT(DEBUG_ACL, acl_debug_level,
+                       ("Bad ACL entry %s\n", entry->ae_name));
+                continue;
+            }
+            matchgood = 0;
+            if (kadm5int_acl_match_data(&entry->ae_principal->realm,
+                                        &principal->realm, 0, (wildstate_t *)0) &&
+                (entry->ae_principal->length == principal->length)) {
+                matchgood = 1;
+                for (i=0; i<principal->length; i++) {
+                    if (!kadm5int_acl_match_data(&entry->ae_principal->data[i],
+                                                 &principal->data[i], 0, &state)) {
+                        matchgood = 0;
+                        break;
+                    }
+                }
+            }
+        }
+        if (!matchgood)
+            continue;
+
+        /* We've matched the principal.  If we have a target, then try it */
+        if (entry->ae_target && strcmp(entry->ae_target, "*")) {
+            if (!entry->ae_target_princ && !entry->ae_target_bad) {
+                kret = krb5_parse_name(kcontext, entry->ae_target,
+                                       &entry->ae_target_princ);
+                if (kret)
+                    entry->ae_target_bad = 1;
+            }
+            if (entry->ae_target_bad) {
+                DPRINT(DEBUG_ACL, acl_debug_level,
+                       ("Bad target in ACL entry for %s\n", entry->ae_name));
+                entry->ae_name_bad = 1;
+                continue;
+            }
+            if (!dest_princ)
+                matchgood = 0;
+            else if (entry->ae_target_princ && dest_princ) {
+                if (kadm5int_acl_match_data(&entry->ae_target_princ->realm,
+                                            &dest_princ->realm, 1, (wildstate_t *)0) &&
+                    (entry->ae_target_princ->length == dest_princ->length)) {
+                    for (i=0; i<dest_princ->length; i++) {
+                        if (!kadm5int_acl_match_data(&entry->ae_target_princ->data[i],
+                                                     &dest_princ->data[i], 1, &state)) {
+                            matchgood = 0;
+                            break;
+                        }
+                    }
+                }
+                else
+                    matchgood = 0;
+            }
+        }
+        if (!matchgood)
+            continue;
+
+        if (entry->ae_restriction_string
+            && !entry->ae_restriction_bad
+            && !entry->ae_restrictions
+            && kadm5int_acl_parse_restrictions(entry->ae_restriction_string,
+                                               &entry->ae_restrictions)) {
+            DPRINT(DEBUG_ACL, acl_debug_level,
+                   ("Bad restrictions in ACL entry for %s\n", entry->ae_name));
+            entry->ae_restriction_bad = 1;
+        }
+        if (entry->ae_restriction_bad) {
+            entry->ae_name_bad = 1;
+            continue;
+        }
+        break;
     }
     DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_find_entry()=%x\n",entry));
     return(entry);
 }
 
 /*
- * kadm5int_acl_init()	- Initialize ACL context.
+ * kadm5int_acl_init()  - Initialize ACL context.
  */
 krb5_error_code
 kadm5int_acl_init(kcontext, debug_level, acl_file)
-    krb5_context	kcontext;
-    int			debug_level;
-    char		*acl_file;
+    krb5_context        kcontext;
+    int                 debug_level;
+    char                *acl_file;
 {
-    krb5_error_code	kret;
+    krb5_error_code     kret;
 
     kret = 0;
     acl_debug_level = debug_level;
     DPRINT(DEBUG_CALLS, acl_debug_level,
-	   ("* kadm5int_acl_init(afile=%s)\n",
-	    ((acl_file) ? acl_file : "(null)")));
+           ("* kadm5int_acl_init(afile=%s)\n",
+            ((acl_file) ? acl_file : "(null)")));
     acl_acl_file = (acl_file) ? acl_file : (char *) KRB5_DEFAULT_ADMIN_ACL;
     acl_inited = kadm5int_acl_load_acl_file();
 
@@ -728,12 +729,12 @@ kadm5int_acl_init(kcontext, debug_level, acl_file)
 }
 
 /*
- * kadm5int_acl_finish	- Terminate ACL context.
+ * kadm5int_acl_finish  - Terminate ACL context.
  */
 void
 kadm5int_acl_finish(kcontext, debug_level)
-    krb5_context	kcontext;
-    int			debug_level;
+    krb5_context        kcontext;
+    int                 debug_level;
 {
     DPRINT(DEBUG_CALLS, acl_debug_level, ("* kadm5int_acl_finish()\n"));
     kadm5int_acl_free_entries();
@@ -741,18 +742,18 @@ kadm5int_acl_finish(kcontext, debug_level)
 }
 
 /*
- * kadm5int_acl_check_krb()	- Is this operation permitted for this principal?
+ * kadm5int_acl_check_krb()     - Is this operation permitted for this principal?
  */
 krb5_boolean
 kadm5int_acl_check_krb(kcontext, caller_princ, opmask, principal, restrictions)
-    krb5_context	 kcontext;
+    krb5_context         kcontext;
     krb5_const_principal caller_princ;
-    krb5_int32		 opmask;
+    krb5_int32           opmask;
     krb5_const_principal principal;
-    restriction_t	 **restrictions;
+    restriction_t        **restrictions;
 {
-    krb5_boolean	retval;
-    aent_t		*aentry;
+    krb5_boolean        retval;
+    aent_t              *aentry;
 
     DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_op_permitted()\n"));
 
@@ -760,59 +761,59 @@ kadm5int_acl_check_krb(kcontext, caller_princ, opmask, principal, restrictions)
 
     aentry = kadm5int_acl_find_entry(kcontext, caller_princ, principal);
     if (aentry) {
-	if ((aentry->ae_op_allowed & opmask) == opmask) {
-	    retval = TRUE;
-	    if (restrictions) {
-		*restrictions =
-		    (aentry->ae_restrictions && aentry->ae_restrictions->mask)
-		    ? aentry->ae_restrictions
-		    : (restriction_t *) NULL;
-	    }
-	}
+        if ((aentry->ae_op_allowed & opmask) == opmask) {
+            retval = TRUE;
+            if (restrictions) {
+                *restrictions =
+                    (aentry->ae_restrictions && aentry->ae_restrictions->mask)
+                    ? aentry->ae_restrictions
+                    : (restriction_t *) NULL;
+            }
+        }
     }
 
     DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_op_permitted()=%d\n",
-					  retval));
+                                          retval));
     return retval;
 }
 
 /*
- * kadm5int_acl_check()	- Is this operation permitted for this principal?
- *			this code used not to be based on gssapi.  In order
- *			to minimize porting hassles, I've put all the
- *			gssapi hair in this function.  This might not be
- *			the best medium-term solution.  (The best long-term
- *			solution is, of course, a real authorization service.)
+ * kadm5int_acl_check() - Is this operation permitted for this principal?
+ *                      this code used not to be based on gssapi.  In order
+ *                      to minimize porting hassles, I've put all the
+ *                      gssapi hair in this function.  This might not be
+ *                      the best medium-term solution.  (The best long-term
+ *                      solution is, of course, a real authorization service.)
  */
 krb5_boolean
 kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions)
-    krb5_context	kcontext;
-    gss_name_t		caller;
-    krb5_int32		opmask;
-    krb5_principal	principal;
-    restriction_t	**restrictions;
+    krb5_context        kcontext;
+    gss_name_t          caller;
+    krb5_int32          opmask;
+    krb5_principal      principal;
+    restriction_t       **restrictions;
 {
-    krb5_boolean	retval;
-    gss_buffer_desc	caller_buf;
-    gss_OID		caller_oid;
-    OM_uint32		emaj, emin;
-    krb5_error_code	code;
-    krb5_principal	caller_princ;
+    krb5_boolean        retval;
+    gss_buffer_desc     caller_buf;
+    gss_OID             caller_oid;
+    OM_uint32           emaj, emin;
+    krb5_error_code     code;
+    krb5_principal      caller_princ;
 
     if (GSS_ERROR(emaj = gss_display_name(&emin, caller, &caller_buf,
-					  &caller_oid)))
-       return FALSE;
+                                          &caller_oid)))
+        return FALSE;
 
     code = krb5_parse_name(kcontext, (char *) caller_buf.value,
-			   &caller_princ);
+                           &caller_princ);
 
     gss_release_buffer(&emin, &caller_buf);
 
     if (code != 0)
-       return FALSE;
+        return FALSE;
 
     retval = kadm5int_acl_check_krb(kcontext, caller_princ,
-				    opmask, principal, restrictions);
+                                    opmask, principal, restrictions);
 
     krb5_free_principal(kcontext, caller_princ);
 
@@ -822,13 +823,13 @@ kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions)
 kadm5_ret_t
 kadm5_get_privs(void *server_handle, long *privs)
 {
-     CHECK_HANDLE(server_handle);
+    CHECK_HANDLE(server_handle);
 
-     /* this is impossible to do with the current interface.  For now,
-	return all privs, which will confuse some clients, but not
-	deny any access to users of "smart" clients which try to cache */
+    /* this is impossible to do with the current interface.  For now,
+       return all privs, which will confuse some clients, but not
+       deny any access to users of "smart" clients which try to cache */
 
-     *privs = ~0;
+    *privs = ~0;
 
-     return KADM5_OK;
+    return KADM5_OK;
 }
diff --git a/src/lib/kadm5/srv/server_acl.h b/src/lib/kadm5/srv/server_acl.h
index c4c478993..b76fbb52a 100644
--- a/src/lib/kadm5/srv/server_acl.h
+++ b/src/lib/kadm5/srv/server_acl.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kadm5/srv/server_acl.h
  *
@@ -25,85 +26,85 @@
  *
  */
 
-#ifndef	SERVER_ACL_H__
-#define	SERVER_ACL_H__
+#ifndef SERVER_ACL_H__
+#define SERVER_ACL_H__
 
 /*
  * Debug definitions.
  */
-#define	DEBUG_SPROC	1
-#define	DEBUG_OPERATION	2
-#define	DEBUG_HOST	4
-#define	DEBUG_REALM	8
-#define	DEBUG_REQUESTS	16
-#define	DEBUG_ACL	32
-#define	DEBUG_PROTO	64
-#define	DEBUG_CALLS	128
-#define	DEBUG_NOSLAVES	256
-#ifdef	DEBUG
-#define	DPRINT(l1, cl, al)	if ((cl & l1) != 0) xprintf al
-#else	/* DEBUG */
-#define	DPRINT(l1, cl, al)
-#endif	/* DEBUG */
+#define DEBUG_SPROC     1
+#define DEBUG_OPERATION 2
+#define DEBUG_HOST      4
+#define DEBUG_REALM     8
+#define DEBUG_REQUESTS  16
+#define DEBUG_ACL       32
+#define DEBUG_PROTO     64
+#define DEBUG_CALLS     128
+#define DEBUG_NOSLAVES  256
+#ifdef  DEBUG
+#define DPRINT(l1, cl, al)      if ((cl & l1) != 0) xprintf al
+#else   /* DEBUG */
+#define DPRINT(l1, cl, al)
+#endif  /* DEBUG */
 
 /*
  * Access control bits.
  */
-#define	ACL_ADD			1
-#define	ACL_DELETE		2
-#define	ACL_MODIFY		4
-#define	ACL_CHANGEPW		8
-/* #define ACL_CHANGE_OWN_PW	16 */
-#define	ACL_INQUIRE		32
-/* #define ACL_EXTRACT		64 */
-#define	ACL_LIST		128
-#define ACL_SETKEY		256
-#define ACL_IPROP		512
-#define	ACL_RENAME		(ACL_ADD+ACL_DELETE)
+#define ACL_ADD                 1
+#define ACL_DELETE              2
+#define ACL_MODIFY              4
+#define ACL_CHANGEPW            8
+/* #define ACL_CHANGE_OWN_PW    16 */
+#define ACL_INQUIRE             32
+/* #define ACL_EXTRACT          64 */
+#define ACL_LIST                128
+#define ACL_SETKEY              256
+#define ACL_IPROP               512
+#define ACL_RENAME              (ACL_ADD+ACL_DELETE)
 
-#define	ACL_ALL_MASK		(ACL_ADD	| \
-				 ACL_DELETE	| \
-				 ACL_MODIFY	| \
-				 ACL_CHANGEPW	| \
-				 ACL_INQUIRE	| \
-				 ACL_LIST	| \
-				 ACL_IPROP	| \
-				 ACL_SETKEY)
+#define ACL_ALL_MASK            (ACL_ADD        |       \
+                                 ACL_DELETE     |       \
+                                 ACL_MODIFY     |       \
+                                 ACL_CHANGEPW   |       \
+                                 ACL_INQUIRE    |       \
+                                 ACL_LIST       |       \
+                                 ACL_IPROP      |       \
+                                 ACL_SETKEY)
 
 typedef struct _restriction {
-    long		mask;
-    krb5_flags		require_attrs;
-    krb5_flags		forbid_attrs;
-    krb5_deltat		princ_lifetime;
-    krb5_deltat		pw_lifetime;
-    krb5_deltat		max_life;
-    krb5_deltat		max_renewable_life;
-    long		aux_attributes;
-    char		*policy;
+    long                mask;
+    krb5_flags          require_attrs;
+    krb5_flags          forbid_attrs;
+    krb5_deltat         princ_lifetime;
+    krb5_deltat         pw_lifetime;
+    krb5_deltat         max_life;
+    krb5_deltat         max_renewable_life;
+    long                aux_attributes;
+    char                *policy;
 } restriction_t;
 
 krb5_error_code kadm5int_acl_init
-	(krb5_context,
-		   int,
-		   char *);
+(krb5_context,
+ int,
+ char *);
 void kadm5int_acl_finish
-	(krb5_context,
-		   int);
+(krb5_context,
+ int);
 krb5_boolean kadm5int_acl_check
-	(krb5_context,
-		   gss_name_t,
-		   krb5_int32,
-		   krb5_principal,
-		   restriction_t **);
+(krb5_context,
+ gss_name_t,
+ krb5_int32,
+ krb5_principal,
+ restriction_t **);
 krb5_boolean kadm5int_acl_check_krb
-	(krb5_context,
-		   krb5_const_principal,
-		   krb5_int32,
-		   krb5_const_principal,
-		   restriction_t **);
+(krb5_context,
+ krb5_const_principal,
+ krb5_int32,
+ krb5_const_principal,
+ restriction_t **);
 krb5_error_code kadm5int_acl_impose_restrictions
-	(krb5_context,
-		   kadm5_principal_ent_rec *,
-		   long *,
-		   restriction_t *);
-#endif	/* SERVER_ACL_H__ */
+(krb5_context,
+ kadm5_principal_ent_rec *,
+ long *,
+ restriction_t *);
+#endif  /* SERVER_ACL_H__ */
diff --git a/src/lib/kadm5/srv/server_dict.c b/src/lib/kadm5/srv/server_dict.c
index 8129994f3..81cc5f997 100644
--- a/src/lib/kadm5/srv/server_dict.c
+++ b/src/lib/kadm5/srv/server_dict.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -26,24 +27,24 @@ static char *rcsid = "$Header$";
 #include    "server_internal.h"
 #include    "k5-platform.h"
 
-static char	    **word_list = NULL;	    /* list of word pointers */
-static char	    *word_block = NULL;	    /* actual word data */
-static unsigned int word_count = 0;	    /* number of words */
+static char         **word_list = NULL;     /* list of word pointers */
+static char         *word_block = NULL;     /* actual word data */
+static unsigned int word_count = 0;         /* number of words */
 
 
 /*
  * Function: word_compare
- * 
+ *
  * Purpose: compare two words in the dictionary.
  *
  * Arguments:
- *	w1		(input)	pointer to first word
- *	w2		(input) pointer to second word
- *	<return value>	result of strcmp
+ *      w1              (input) pointer to first word
+ *      w2              (input) pointer to second word
+ *      <return value>  result of strcmp
  *
  * Requires:
- *	w1 and w2 to point to valid memory
- * 
+ *      w1 and w2 to point to valid memory
+ *
  */
 
 static int
@@ -54,81 +55,81 @@ word_compare(const void *s1, const void *s2)
 
 /*
  * Function: init-dict
- * 
+ *
  * Purpose: Initialize in memory word dictionary
  *
  * Arguments:
- *	    none
- *	    <return value> KADM5_OK on success errno on failure;
- * 			   (but success on ENOENT)
+ *          none
+ *          <return value> KADM5_OK on success errno on failure;
+ *                         (but success on ENOENT)
  *
  * Requires:
- *	If WORDFILE exists, it must contain a list of words,
- *	one word per-line.
- * 
+ *      If WORDFILE exists, it must contain a list of words,
+ *      one word per-line.
+ *
  * Effects:
- *	If WORDFILE exists, it is read into memory sorted for future
+ *      If WORDFILE exists, it is read into memory sorted for future
  * use.  If it does not exist, it syslogs an error message and returns
  * success.
  *
  * Modifies:
- *	word_list to point to a chunck of allocated memory containing
- *	pointers to words
- *	word_block to contain the dictionary.
- * 
+ *      word_list to point to a chunck of allocated memory containing
+ *      pointers to words
+ *      word_block to contain the dictionary.
+ *
  */
 
 int init_dict(kadm5_config_params *params)
 {
-    int		    fd,
-		    len,
-		    i;
-    char	    *p,
-		    *t;
+    int             fd,
+        len,
+        i;
+    char            *p,
+        *t;
     struct  stat    sb;
-    
+
     if(word_list != NULL && word_block != NULL)
-	return KADM5_OK;
+        return KADM5_OK;
     if (! (params->mask & KADM5_CONFIG_DICT_FILE)) {
-	 krb5_klog_syslog(LOG_INFO, "No dictionary file specified, continuing "
-		"without one.");
-	 return KADM5_OK;
+        krb5_klog_syslog(LOG_INFO, "No dictionary file specified, continuing "
+                         "without one.");
+        return KADM5_OK;
     }
     if ((fd = open(params->dict_file, O_RDONLY)) == -1) {
-	 if (errno == ENOENT) {
-	      krb5_klog_syslog(LOG_ERR, 
-			       "WARNING!  Cannot find dictionary file %s, "
-			       "continuing without one.", params->dict_file);
-	      return KADM5_OK;
-	 } else
-	      return errno;
+        if (errno == ENOENT) {
+            krb5_klog_syslog(LOG_ERR,
+                             "WARNING!  Cannot find dictionary file %s, "
+                             "continuing without one.", params->dict_file);
+            return KADM5_OK;
+        } else
+            return errno;
     }
     set_cloexec_fd(fd);
     if (fstat(fd, &sb) == -1) {
-	close(fd);
-	return errno;
+        close(fd);
+        return errno;
     }
     if ((word_block = (char *) malloc(sb.st_size + 1)) == NULL)
-	return ENOMEM;
+        return ENOMEM;
     if (read(fd, word_block, sb.st_size) != sb.st_size)
-	return errno;
+        return errno;
     (void) close(fd);
     word_block[sb.st_size] = '\0';
 
     p = word_block;
     len = sb.st_size;
     while(len > 0 && (t = memchr(p, '\n', len)) != NULL) {
-	*t = '\0';
-	len -= t - p + 1;	
-	p = t + 1;
-	word_count++;
+        *t = '\0';
+        len -= t - p + 1;
+        p = t + 1;
+        word_count++;
     }
     if ((word_list = (char **) malloc(word_count * sizeof(char *))) == NULL)
-	return ENOMEM;
+        return ENOMEM;
     p = word_block;
     for (i = 0; i < word_count; i++) {
-	word_list[i] = p;
-	p += strlen(p) + 1;
+        word_list[i] = p;
+        p += strlen(p) + 1;
     }
     qsort(word_list, word_count, sizeof(char *), word_compare);
     return KADM5_OK;
@@ -136,25 +137,25 @@ int init_dict(kadm5_config_params *params)
 
 /*
  * Function: find_word
- * 
+ *
  * Purpose: See if the specified word exists in the in-core dictionary
  *
  * Arguments:
- *	word		(input) word to search for.
- * 	<return value>	WORD_NOT_FOUND if not in dictionary,
- *			KADM5_OK if if found word
- *			errno if init needs to be called and returns an
- *			error
+ *      word            (input) word to search for.
+ *      <return value>  WORD_NOT_FOUND if not in dictionary,
+ *                      KADM5_OK if if found word
+ *                      errno if init needs to be called and returns an
+ *                      error
  *
  * Requires:
- *	word to be a null terminated string.
- *	That word_list and word_block besetup
- * 
+ *      word to be a null terminated string.
+ *      That word_list and word_block besetup
+ *
  * Effects:
- *	finds word in dictionary.
+ *      finds word in dictionary.
  * Modifies:
- *	nothing.
- * 
+ *      nothing.
+ *
  */
 
 int
@@ -162,46 +163,46 @@ find_word(const char *word)
 {
     char    **value;
 
-    if(word_list == NULL || word_block == NULL) 
-	    return WORD_NOT_FOUND;
+    if(word_list == NULL || word_block == NULL)
+        return WORD_NOT_FOUND;
     if ((value = (char **) bsearch(&word, word_list, word_count, sizeof(char *),
-				   word_compare)) == NULL)
-	return WORD_NOT_FOUND;
+                                   word_compare)) == NULL)
+        return WORD_NOT_FOUND;
     else
-	return KADM5_OK;
+        return KADM5_OK;
 }
 
 /*
  * Function: destroy_dict
- * 
+ *
  * Purpose: destroy in-core copy of dictionary.
  *
  * Arguments:
- *	    none
- *	    <return value>  none
+ *          none
+ *          <return value>  none
  * Requires:
- *	    nothing
+ *          nothing
  * Effects:
- *	frees up memory occupied by word_list and word_block
- *	sets count back to 0, and resets the pointers to NULL
+ *      frees up memory occupied by word_list and word_block
+ *      sets count back to 0, and resets the pointers to NULL
  *
  * Modifies:
- *	word_list, word_block, and word_count.
- * 
+ *      word_list, word_block, and word_count.
+ *
  */
 
 void
 destroy_dict(void)
 {
     if(word_list) {
-	free(word_list);
-	word_list = NULL;
+        free(word_list);
+        word_list = NULL;
     }
     if(word_block) {
-	free(word_block);
-	word_block = NULL;
+        free(word_block);
+        word_block = NULL;
     }
     if(word_count)
-	word_count = 0;
+        word_count = 0;
     return;
 }
diff --git a/src/lib/kadm5/srv/server_handle.c b/src/lib/kadm5/srv/server_handle.c
index 53abe94dd..37425c8ba 100644
--- a/src/lib/kadm5/srv/server_handle.c
+++ b/src/lib/kadm5/srv/server_handle.c
@@ -1,9 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <krb5.h>
 #include <kadm5/admin.h>
 #include "server_internal.h"
 
 int _kadm5_check_handle(void *handle)
 {
-     CHECK_HANDLE(handle);
-     return 0;
+    CHECK_HANDLE(handle);
+    return 0;
 }
diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c
index d5426f810..ed71cbf96 100644
--- a/src/lib/kadm5/srv/server_init.c
+++ b/src/lib/kadm5/srv/server_init.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
  *
@@ -17,7 +18,7 @@ static char *rcsid = "$Header$";
 #include <stdlib.h>
 #include <errno.h>
 #include <com_err.h>
-#include "k5-int.h"		/* needed for gssapiP_krb5.h */
+#include "k5-int.h"             /* needed for gssapiP_krb5.h */
 #include <kadm5/admin.h>
 #include <krb5.h>
 #include <kdb_log.h>
@@ -33,13 +34,13 @@ static char *rcsid = "$Header$";
  *
  * Arguments:
  *
- * 	handle		The server handle.
+ *      handle          The server handle.
  */
 
 static int check_handle(void *handle)
 {
-     CHECK_HANDLE(handle);
-     return 0;
+    CHECK_HANDLE(handle);
+    return 0;
 }
 
 static int dup_db_args(kadm5_server_handle_t handle, char **db_args)
@@ -49,30 +50,30 @@ static int dup_db_args(kadm5_server_handle_t handle, char **db_args)
 
     for (count=0; db_args && db_args[count]; count++);
     if (count == 0) {
-	handle->db_args = NULL;
-	goto clean_n_exit;
+        handle->db_args = NULL;
+        goto clean_n_exit;
     }
 
     handle->db_args = calloc(sizeof(char*), count+1);
     if (handle->db_args == NULL) {
-	ret=ENOMEM;
-	goto clean_n_exit;
+        ret=ENOMEM;
+        goto clean_n_exit;
     }
 
     for (count=0; db_args[count]; count++) {
-	handle->db_args[count] = strdup(db_args[count]);
-	if (handle->db_args[count] == NULL) {
-	    ret = ENOMEM;
-	    goto clean_n_exit;
-	}
+        handle->db_args[count] = strdup(db_args[count]);
+        if (handle->db_args[count] == NULL) {
+            ret = ENOMEM;
+            goto clean_n_exit;
+        }
     }
 
- clean_n_exit:
+clean_n_exit:
     if (ret && handle->db_args) {
-	for (count=0; handle->db_args[count]; count++)
-	    free(handle->db_args[count]);
+        for (count=0; handle->db_args[count]; count++)
+            free(handle->db_args[count]);
 
-	free(handle->db_args), handle->db_args = NULL;
+        free(handle->db_args), handle->db_args = NULL;
     }
 
     return ret;
@@ -83,97 +84,97 @@ static void free_db_args(kadm5_server_handle_t handle)
     int count;
 
     if (handle->db_args) {
-	for (count=0; handle->db_args[count]; count++)
-	    free(handle->db_args[count]);
+        for (count=0; handle->db_args[count]; count++)
+            free(handle->db_args[count]);
 
-	free(handle->db_args), handle->db_args = NULL;
+        free(handle->db_args), handle->db_args = NULL;
     }
 }
 
 kadm5_ret_t kadm5_init_with_password(krb5_context context, char *client_name,
-				     char *pass, char *service_name,
-				     kadm5_config_params *params,
-				     krb5_ui_4 struct_version,
-				     krb5_ui_4 api_version,
-				     char **db_args,
-				     void **server_handle)
+                                     char *pass, char *service_name,
+                                     kadm5_config_params *params,
+                                     krb5_ui_4 struct_version,
+                                     krb5_ui_4 api_version,
+                                     char **db_args,
+                                     void **server_handle)
 {
     return kadm5_init(context, client_name, pass, service_name, params,
-		       struct_version, api_version, db_args,
-		       server_handle);
+                      struct_version, api_version, db_args,
+                      server_handle);
 }
 
 kadm5_ret_t kadm5_init_with_creds(krb5_context context,
-				  char *client_name,
-				  krb5_ccache ccache,
-				  char *service_name,
-				  kadm5_config_params *params,
-				  krb5_ui_4 struct_version,
-				  krb5_ui_4 api_version,
-				  char **db_args,
-				  void **server_handle)
+                                  char *client_name,
+                                  krb5_ccache ccache,
+                                  char *service_name,
+                                  kadm5_config_params *params,
+                                  krb5_ui_4 struct_version,
+                                  krb5_ui_4 api_version,
+                                  char **db_args,
+                                  void **server_handle)
 {
-     /*
-      * A program calling init_with_creds *never* expects to prompt
-      * the user.  If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
-      * non-zero, return an error.
-      */
-     if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
-	 params->mkey_from_kbd)
-	  return KADM5_BAD_SERVER_PARAMS;
-     return kadm5_init(context, client_name, NULL, service_name, params,
-		       struct_version, api_version, db_args,
-		       server_handle);
+    /*
+     * A program calling init_with_creds *never* expects to prompt
+     * the user.  If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+     * non-zero, return an error.
+     */
+    if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+        params->mkey_from_kbd)
+        return KADM5_BAD_SERVER_PARAMS;
+    return kadm5_init(context, client_name, NULL, service_name, params,
+                      struct_version, api_version, db_args,
+                      server_handle);
 }
 
 
 kadm5_ret_t kadm5_init_with_skey(krb5_context context, char *client_name,
-				 char *keytab, char *service_name,
-				 kadm5_config_params *params,
-				 krb5_ui_4 struct_version,
-				 krb5_ui_4 api_version,
-				 char **db_args,
-				 void **server_handle)
+                                 char *keytab, char *service_name,
+                                 kadm5_config_params *params,
+                                 krb5_ui_4 struct_version,
+                                 krb5_ui_4 api_version,
+                                 char **db_args,
+                                 void **server_handle)
 {
-     /*
-      * A program calling init_with_skey *never* expects to prompt the
-      * user.  If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
-      * non-zero, return an error.
-      */
-     if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
-	 params->mkey_from_kbd)
-	  return KADM5_BAD_SERVER_PARAMS;
-     return kadm5_init(context, client_name, NULL, service_name, params,
-		       struct_version, api_version, db_args,
-		       server_handle);
+    /*
+     * A program calling init_with_skey *never* expects to prompt the
+     * user.  If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+     * non-zero, return an error.
+     */
+    if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+        params->mkey_from_kbd)
+        return KADM5_BAD_SERVER_PARAMS;
+    return kadm5_init(context, client_name, NULL, service_name, params,
+                      struct_version, api_version, db_args,
+                      server_handle);
 }
 
 kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
-		       char *service_name,
-		       kadm5_config_params *params_in,
-		       krb5_ui_4 struct_version,
-		       krb5_ui_4 api_version,
-		       char **db_args,
-		       void **server_handle)
+                       char *service_name,
+                       kadm5_config_params *params_in,
+                       krb5_ui_4 struct_version,
+                       krb5_ui_4 api_version,
+                       char **db_args,
+                       void **server_handle)
 {
-     int ret;
-     kadm5_server_handle_t handle;
-     kadm5_config_params params_local; /* for v1 compat */
+    int ret;
+    kadm5_server_handle_t handle;
+    kadm5_config_params params_local; /* for v1 compat */
 
     if (! server_handle)
-	 return EINVAL;
+        return EINVAL;
 
     if (! client_name)
-	 return EINVAL;
+        return EINVAL;
 
     if (! (handle = (kadm5_server_handle_t) malloc(sizeof *handle)))
-	 return ENOMEM;
+        return ENOMEM;
     memset(handle, 0, sizeof(*handle));
 
     ret = dup_db_args(handle, db_args);
     if (ret) {
-	free(handle);
-	return ret;
+        free(handle);
+        return ret;
     }
 
     handle->context = context;
@@ -186,91 +187,91 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
     handle->struct_version = struct_version;
     handle->api_version = api_version;
 
-     /*
-      * Verify the version numbers before proceeding; we can't use
-      * CHECK_HANDLE because not all fields are set yet.
-      */
-     GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION,
-			  KADM5_NEW_SERVER_API_VERSION);
+    /*
+     * Verify the version numbers before proceeding; we can't use
+     * CHECK_HANDLE because not all fields are set yet.
+     */
+    GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION,
+                         KADM5_NEW_SERVER_API_VERSION);
 
-     /*
-      * Acquire relevant profile entries.  Merge values
-      * in params_in with values from profile, based on
-      * params_in->mask.
-      */
-     memset(&params_local, 0, sizeof(params_local));
+    /*
+     * Acquire relevant profile entries.  Merge values
+     * in params_in with values from profile, based on
+     * params_in->mask.
+     */
+    memset(&params_local, 0, sizeof(params_local));
 
 #if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can
-	 expect to see admin_server being set sometimes.  */
+         expect to see admin_server being set sometimes.  */
 #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER)
-     if (params_in && (params_in->mask & ILLEGAL_PARAMS)) {
-	  free_db_args(handle);
-	  free(handle);
-	  return KADM5_BAD_SERVER_PARAMS;
-     }
+    if (params_in && (params_in->mask & ILLEGAL_PARAMS)) {
+        free_db_args(handle);
+        free(handle);
+        return KADM5_BAD_SERVER_PARAMS;
+    }
 #endif
 
-     ret = kadm5_get_config_params(handle->context, 1, params_in,
-				       &handle->params);
-     if (ret) {
-	  free_db_args(handle);
-	  free(handle);
-	  return(ret);
-     }
-
-#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME | \
-			 KADM5_CONFIG_ENCTYPE | \
-			 KADM5_CONFIG_FLAGS | \
-			 KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \
-			 KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES)
-
-#define IPROP_REQUIRED_PARAMS \
-			(KADM5_CONFIG_IPROP_ENABLED | \
-			 KADM5_CONFIG_IPROP_LOGFILE | \
-			 KADM5_CONFIG_IPROP_PORT)
-
-     if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
-	  free_db_args(handle);
-	  free(handle);
-	  return KADM5_MISSING_CONF_PARAMS;
-     }
-     if ((handle->params.mask & KADM5_CONFIG_IPROP_ENABLED) == KADM5_CONFIG_IPROP_ENABLED
-	 && handle->params.iprop_enabled) {
-	 if ((handle->params.mask & IPROP_REQUIRED_PARAMS) != IPROP_REQUIRED_PARAMS) {
-	     free_db_args(handle);
-	     free(handle);
-	     return KADM5_MISSING_CONF_PARAMS;
-	 }
-     }
-
-     ret = krb5_set_default_realm(handle->context, handle->params.realm);
-     if (ret) {
-	  free_db_args(handle);
-	  free(handle);
-	  return ret;
-     }
+    ret = kadm5_get_config_params(handle->context, 1, params_in,
+                                  &handle->params);
+    if (ret) {
+        free_db_args(handle);
+        free(handle);
+        return(ret);
+    }
+
+#define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME |     \
+                         KADM5_CONFIG_ENCTYPE |                         \
+                         KADM5_CONFIG_FLAGS |                           \
+                         KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \
+                         KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES)
+
+#define IPROP_REQUIRED_PARAMS                   \
+    (KADM5_CONFIG_IPROP_ENABLED |               \
+     KADM5_CONFIG_IPROP_LOGFILE |               \
+     KADM5_CONFIG_IPROP_PORT)
+
+    if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
+        free_db_args(handle);
+        free(handle);
+        return KADM5_MISSING_CONF_PARAMS;
+    }
+    if ((handle->params.mask & KADM5_CONFIG_IPROP_ENABLED) == KADM5_CONFIG_IPROP_ENABLED
+        && handle->params.iprop_enabled) {
+        if ((handle->params.mask & IPROP_REQUIRED_PARAMS) != IPROP_REQUIRED_PARAMS) {
+            free_db_args(handle);
+            free(handle);
+            return KADM5_MISSING_CONF_PARAMS;
+        }
+    }
+
+    ret = krb5_set_default_realm(handle->context, handle->params.realm);
+    if (ret) {
+        free_db_args(handle);
+        free(handle);
+        return ret;
+    }
 
     ret = krb5_db_open(handle->context, db_args,
-		       KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
+                       KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
     if (ret) {
-	 free_db_args(handle);
-	 free(handle);
-	 return(ret);
+        free_db_args(handle);
+        free(handle);
+        return(ret);
     }
 
     if ((ret = krb5_parse_name(handle->context, client_name,
-			       &handle->current_caller))) {
-	 krb5_db_fini(handle->context);
-	 free_db_args(handle);
-	 free(handle);
-	 return ret;
+                               &handle->current_caller))) {
+        krb5_db_fini(handle->context);
+        free_db_args(handle);
+        free(handle);
+        return ret;
     }
 
     if (! (handle->lhandle = malloc(sizeof(*handle)))) {
-	 krb5_db_fini(handle->context);
-	 free_db_args(handle);
-	 free(handle);
-	 return ENOMEM;
+        krb5_db_fini(handle->context);
+        free_db_args(handle);
+        free(handle);
+        return ENOMEM;
     }
     *handle->lhandle = *handle;
     handle->lhandle->api_version = KADM5_API_VERSION_3;
@@ -280,36 +281,36 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
     /* can't check the handle until current_caller is set */
     ret = check_handle((void *) handle);
     if (ret) {
-	free_db_args(handle);
-	free(handle);
-	return ret;
+        free_db_args(handle);
+        free(handle);
+        return ret;
     }
 
     ret = kdb_init_master(handle, handle->params.realm,
-			  (handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
-			  && handle->params.mkey_from_kbd);
+                          (handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
+                          && handle->params.mkey_from_kbd);
     if (ret) {
-	krb5_db_fini(handle->context);
-	free_db_args(handle);
-	free(handle);
-	return ret;
+        krb5_db_fini(handle->context);
+        free_db_args(handle);
+        free(handle);
+        return ret;
     }
 
     ret = kdb_init_hist(handle, handle->params.realm);
     if (ret) {
-	 krb5_db_fini(handle->context);
-	 free_db_args(handle);
-	 free(handle);
-	 return ret;
+        krb5_db_fini(handle->context);
+        free_db_args(handle);
+        free(handle);
+        return ret;
     }
 
     ret = init_dict(&handle->params);
     if (ret) {
-	 krb5_db_fini(handle->context);
-	 krb5_free_principal(handle->context, handle->current_caller);
-	 free_db_args(handle);
-	 free(handle);
-	 return ret;
+        krb5_db_fini(handle->context);
+        krb5_free_principal(handle->context, handle->current_caller);
+        free_db_args(handle);
+        free(handle);
+        return ret;
     }
 
     *server_handle = (void *) handle;
@@ -345,7 +346,7 @@ kadm5_ret_t kadm5_lock(void *server_handle)
     CHECK_HANDLE(server_handle);
     ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE);
     if (ret)
-	return ret;
+        return ret;
 
     return KADM5_OK;
 }
@@ -358,33 +359,33 @@ kadm5_ret_t kadm5_unlock(void *server_handle)
     CHECK_HANDLE(server_handle);
     ret = krb5_db_unlock(handle->context);
     if (ret)
-	return ret;
+        return ret;
 
     return KADM5_OK;
 }
 
 kadm5_ret_t kadm5_flush(void *server_handle)
 {
-     kadm5_server_handle_t handle = server_handle;
-     kadm5_ret_t ret;
-
-     CHECK_HANDLE(server_handle);
-
-     if ((ret = krb5_db_fini(handle->context)) ||
-	 (ret = krb5_db_open(handle->context, handle->db_args,
-			     KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) ||
-	 (ret = adb_policy_close(handle)) ||
-	 (ret = adb_policy_init(handle))) {
-	  (void) kadm5_destroy(server_handle);
-	  return ret;
-     }
-     return KADM5_OK;
+    kadm5_server_handle_t handle = server_handle;
+    kadm5_ret_t ret;
+
+    CHECK_HANDLE(server_handle);
+
+    if ((ret = krb5_db_fini(handle->context)) ||
+        (ret = krb5_db_open(handle->context, handle->db_args,
+                            KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) ||
+        (ret = adb_policy_close(handle)) ||
+        (ret = adb_policy_init(handle))) {
+        (void) kadm5_destroy(server_handle);
+        return ret;
+    }
+    return KADM5_OK;
 }
 
 int _kadm5_check_handle(void *handle)
 {
-     CHECK_HANDLE(handle);
-     return 0;
+    CHECK_HANDLE(handle);
+    return 0;
 }
 
 #include "gssapiP_krb5.h"
@@ -392,11 +393,11 @@ krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
 {
     static int first_time = 1;
     if (first_time) {
-	krb5_error_code err;
-	err = krb5_gss_use_kdc_context();
-	if (err)
-	    return err;
-	first_time = 0;
+        krb5_error_code err;
+        err = krb5_gss_use_kdc_context();
+        if (err)
+            return err;
+        first_time = 0;
     }
     return krb5int_init_context_kdc(ctx);
 }
@@ -404,17 +405,17 @@ krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
 krb5_error_code
 kadm5_init_iprop(void *handle, char **db_args)
 {
-	kadm5_server_handle_t iprop_h;
-	krb5_error_code retval;
-
-	iprop_h = handle;
-	if (iprop_h->params.iprop_enabled) {
-		ulog_set_role(iprop_h->context, IPROP_MASTER);
-		if ((retval = ulog_map(iprop_h->context,
-				       iprop_h->params.iprop_logfile,
-				       iprop_h->params.iprop_ulogsize,
-				       FKCOMMAND, db_args)) != 0)
-			return (retval);
-	}
-	return (0);
+    kadm5_server_handle_t iprop_h;
+    krb5_error_code retval;
+
+    iprop_h = handle;
+    if (iprop_h->params.iprop_enabled) {
+        ulog_set_role(iprop_h->context, IPROP_MASTER);
+        if ((retval = ulog_map(iprop_h->context,
+                               iprop_h->params.iprop_logfile,
+                               iprop_h->params.iprop_ulogsize,
+                               FKCOMMAND, db_args)) != 0)
+            return (retval);
+    }
+    return (0);
 }
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index fe2020db1..4b1d05dbb 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -19,88 +20,88 @@ static char *rcsid = "$Header$";
 #include <kadm5/admin.h>
 #include "server_internal.h"
 
-krb5_principal	    master_princ;
-krb5_keyblock	    master_keyblock; /* local mkey */
+krb5_principal      master_princ;
+krb5_keyblock       master_keyblock; /* local mkey */
 krb5_keylist_node  *master_keylist = NULL;
 krb5_actkvno_node   *active_mkey_list = NULL;
-krb5_db_entry	    master_db;
+krb5_db_entry       master_db;
 
-krb5_principal	    hist_princ;
-krb5_keyblock	    hist_key;
-krb5_db_entry	    hist_db;
-krb5_kvno	    hist_kvno;
+krb5_principal      hist_princ;
+krb5_keyblock       hist_key;
+krb5_db_entry       hist_db;
+krb5_kvno           hist_kvno;
 
 /* much of this code is stolen from the kdc.  there should be some
    library code to deal with this. */
 
 krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
-				char *r, int from_keyboard)
+                                char *r, int from_keyboard)
 {
-    int		   ret = 0;
-    char	   *realm;
+    int            ret = 0;
+    char           *realm;
     krb5_boolean   from_kbd = FALSE;
     krb5_kvno       mkvno = IGNORE_VNO;
 
     if (from_keyboard)
-      from_kbd = TRUE;
+        from_kbd = TRUE;
 
     if (r == NULL)  {
-	if ((ret = krb5_get_default_realm(handle->context, &realm)))
-	    return ret;
+        if ((ret = krb5_get_default_realm(handle->context, &realm)))
+            return ret;
     } else {
-	realm = r;
+        realm = r;
     }
 
     if ((ret = krb5_db_setup_mkey_name(handle->context,
-				       handle->params.mkey_name,
-				       realm, NULL, &master_princ)))
-	goto done;
+                                       handle->params.mkey_name,
+                                       realm, NULL, &master_princ)))
+        goto done;
 
     master_keyblock.enctype = handle->params.enctype;
 
-    /* 
+    /*
      * Fetch the local mkey, may not be the latest but that's okay because we
      * really want the list of all mkeys and those can be retrieved with any
      * valid mkey.
      */
     ret = krb5_db_fetch_mkey(handle->context, master_princ,
-			     master_keyblock.enctype, from_kbd,
-			     FALSE /* only prompt once */,
-			     handle->params.stash_file,
-			     &mkvno  /* get the kvno of the returned mkey */,
-			     NULL /* I'm not sure about this,
-				     but it's what the kdc does --marc */,
-			     &master_keyblock);
+                             master_keyblock.enctype, from_kbd,
+                             FALSE /* only prompt once */,
+                             handle->params.stash_file,
+                             &mkvno  /* get the kvno of the returned mkey */,
+                             NULL /* I'm not sure about this,
+                                     but it's what the kdc does --marc */,
+                             &master_keyblock);
     if (ret)
-	goto done;
-				 
+        goto done;
+
 #if 0 /************** Begin IFDEF'ed OUT *******************************/
     /*
      * krb5_db_fetch_mkey_list will verify mkey so don't call
      * krb5_db_verify_master_key()
      */
     if ((ret = krb5_db_verify_master_key(handle->context, master_princ,
-					 IGNORE_VNO, &master_keyblock))) {
-	  krb5_db_fini(handle->context);
-	  return ret;
+                                         IGNORE_VNO, &master_keyblock))) {
+        krb5_db_fini(handle->context);
+        return ret;
     }
 #endif /**************** END IFDEF'ed OUT *******************************/
 
     if ((ret = krb5_db_fetch_mkey_list(handle->context, master_princ,
-				       &master_keyblock, mkvno, &master_keylist))) {
-	krb5_db_fini(handle->context);
-	return (ret);
+                                       &master_keyblock, mkvno, &master_keylist))) {
+        krb5_db_fini(handle->context);
+        return (ret);
     }
 
     if ((ret = krb5_dbe_fetch_act_key_list(handle->context, master_princ,
-				           &active_mkey_list))) {
-	krb5_db_fini(handle->context);
-	return (ret);
+                                           &active_mkey_list))) {
+        krb5_db_fini(handle->context);
+        return (ret);
     }
 
 done:
     if (r == NULL)
-	free(realm);
+        free(realm);
 
     return(ret);
 }
@@ -112,17 +113,17 @@ done:
  *
  * Arguments:
  *
- *	handle		(r) kadm5 api server handle
- *	r		(r) realm of history principal to use, or NULL
+ *      handle          (r) kadm5 api server handle
+ *      r               (r) realm of history principal to use, or NULL
  *
  * Effects: This function sets the value of the following global
  * variables:
  *
- *	hist_princ	krb5_principal holding the history principal
- *	hist_db		krb5_db_entry of the history principal
- *	hist_key	krb5_keyblock holding the history principal's key
- *	hist_encblock	krb5_encrypt_block holding the procssed hist_key
- *	hist_kvno	the version number of the history key
+ *      hist_princ      krb5_principal holding the history principal
+ *      hist_db         krb5_db_entry of the history principal
+ *      hist_key        krb5_keyblock holding the history principal's key
+ *      hist_encblock   krb5_encrypt_block holding the procssed hist_key
+ *      hist_kvno       the version number of the history key
  *
  * If the history principal does not already exist, this function
  * attempts to create it with kadm5_create_principal.  WARNING!
@@ -133,98 +134,98 @@ done:
  */
 krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
 {
-    int	    ret = 0;
+    int     ret = 0;
     char    *realm, *hist_name;
     krb5_key_data *key_data;
     krb5_key_salt_tuple ks[1];
     krb5_keyblock *tmp_mkey;
 
     if (r == NULL)  {
-	if ((ret = krb5_get_default_realm(handle->context, &realm)))
-	    return ret;
+        if ((ret = krb5_get_default_realm(handle->context, &realm)))
+            return ret;
     } else {
-	realm = r;
+        realm = r;
     }
 
     if (asprintf(&hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm) < 0) {
-	hist_name = NULL;
-	goto done;
+        hist_name = NULL;
+        goto done;
     }
 
     if ((ret = krb5_parse_name(handle->context, hist_name, &hist_princ)))
-	goto done;
+        goto done;
 
     if ((ret = kdb_get_entry(handle, hist_princ, &hist_db, NULL))) {
-	kadm5_principal_ent_rec ent;
+        kadm5_principal_ent_rec ent;
 
-	if (ret != KADM5_UNK_PRINC)
-	    goto done;
+        if (ret != KADM5_UNK_PRINC)
+            goto done;
 
-	/* try to create the principal */
+        /* try to create the principal */
 
-	memset(&ent, 0, sizeof(ent));
+        memset(&ent, 0, sizeof(ent));
 
-	ent.principal = hist_princ;
-	ent.max_life = KRB5_KDB_DISALLOW_ALL_TIX;
-	ent.attributes = 0;
+        ent.principal = hist_princ;
+        ent.max_life = KRB5_KDB_DISALLOW_ALL_TIX;
+        ent.attributes = 0;
 
-	/* this uses hist_kvno.  So we set it to 2, which will be the
-	   correct value once the principal is created and randomized.
-	   Of course, it doesn't make sense to keep a history for the
-	   history principal, anyway. */
+        /* this uses hist_kvno.  So we set it to 2, which will be the
+           correct value once the principal is created and randomized.
+           Of course, it doesn't make sense to keep a history for the
+           history principal, anyway. */
 
-	hist_kvno = 2;
-	ks[0].ks_enctype = handle->params.enctype;
-	ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
-	ret = kadm5_create_principal_3(handle, &ent,
-				       (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
-					KADM5_ATTRIBUTES),
-				       1, ks,
-				       "to-be-random");
-	if (ret)
-	    goto done;
+        hist_kvno = 2;
+        ks[0].ks_enctype = handle->params.enctype;
+        ks[0].ks_salttype = KRB5_KDB_SALTTYPE_NORMAL;
+        ret = kadm5_create_principal_3(handle, &ent,
+                                       (KADM5_PRINCIPAL | KADM5_MAX_LIFE |
+                                        KADM5_ATTRIBUTES),
+                                       1, ks,
+                                       "to-be-random");
+        if (ret)
+            goto done;
 
-	/* this won't let us randomize the hist_princ.  So we cheat. */
+        /* this won't let us randomize the hist_princ.  So we cheat. */
 
-	hist_princ = NULL;
+        hist_princ = NULL;
 
-	ret = kadm5_randkey_principal_3(handle, ent.principal, 0, 1, ks,
-					NULL, NULL);
+        ret = kadm5_randkey_principal_3(handle, ent.principal, 0, 1, ks,
+                                        NULL, NULL);
 
-	hist_princ = ent.principal;
+        hist_princ = ent.principal;
 
-	if (ret)
-	    goto done;
+        if (ret)
+            goto done;
 
-	/* now read the newly-created kdb record out of the
-	   database. */
+        /* now read the newly-created kdb record out of the
+           database. */
 
-	if ((ret = kdb_get_entry(handle, hist_princ, &hist_db, NULL)))
-	    goto done;
+        if ((ret = kdb_get_entry(handle, hist_princ, &hist_db, NULL)))
+            goto done;
 
     }
 
     ret = krb5_dbe_find_enctype(handle->context, &hist_db,
-				handle->params.enctype, -1, -1, &key_data);
+                                handle->params.enctype, -1, -1, &key_data);
     if (ret)
-	goto done;
+        goto done;
 
     ret = krb5_dbe_find_mkey(handle->context, master_keylist, &hist_db,
                              &tmp_mkey);
     if (ret)
-	goto done;
+        goto done;
 
     ret = krb5_dbekd_decrypt_key_data(handle->context, tmp_mkey,
-				  key_data, &hist_key, NULL);
+                                      key_data, &hist_key, NULL);
     if (ret)
-	goto done;
+        goto done;
 
     hist_kvno = key_data->key_data_kvno;
 
 done:
     free(hist_name);
     if (r == NULL)
-	free(realm);
+        free(realm);
     return ret;
 }
 
@@ -236,10 +237,10 @@ done:
  *
  * Arguments:
  *
- *		handle		(r) the server_handle
- * 		principal	(r) the principal to get
- * 		kdb		(w) krb5_db_entry to fill in
- * 		adb		(w) osa_princ_ent_rec to fill in
+ *              handle          (r) the server_handle
+ *              principal       (r) the principal to get
+ *              kdb             (w) krb5_db_entry to fill in
+ *              adb             (w) osa_princ_ent_rec to fill in
  *
  * when the caller is done with kdb and adb, kdb_free_entry must be
  * called to release them.  The adb record is filled in with the
@@ -248,8 +249,8 @@ done:
  */
 krb5_error_code
 kdb_get_entry(kadm5_server_handle_t handle,
-	      krb5_principal principal, krb5_db_entry *kdb,
-	      osa_princ_ent_rec *adb)
+              krb5_principal principal, krb5_db_entry *kdb,
+              osa_princ_ent_rec *adb)
 {
     krb5_error_code ret;
     int nprincs;
@@ -258,49 +259,49 @@ kdb_get_entry(kadm5_server_handle_t handle,
     XDR xdrs;
 
     ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs,
-				&more);
+                                &more);
     if (ret)
-	return(ret);
+        return(ret);
 
     if (more) {
-	krb5_db_free_principal(handle->context, kdb, nprincs);
-	return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
+        krb5_db_free_principal(handle->context, kdb, nprincs);
+        return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
     } else if (nprincs != 1) {
-	krb5_db_free_principal(handle->context, kdb, nprincs);
-	return(KADM5_UNK_PRINC);
+        krb5_db_free_principal(handle->context, kdb, nprincs);
+        return(KADM5_UNK_PRINC);
     }
 
     if (adb) {
-	memset(adb, 0, sizeof(*adb));
-
-	tl_data.tl_data_type = KRB5_TL_KADM_DATA;
-	/*
-	 * XXX Currently, lookup_tl_data always returns zero; it sets
-	 * tl_data->tl_data_length to zero if the type isn't found.
-	 * This should be fixed...
-	 */
-	if ((ret = krb5_dbe_lookup_tl_data(handle->context, kdb, &tl_data))
-	    || (tl_data.tl_data_length == 0)) {
-	    /* there's no admin data.  this can happen, if the admin
-	       server is put into production after some principals
-	       are created.  In this case, return valid admin
-	       data (which is all zeros with the hist_kvno filled
-	       in), and when the entry is written, the admin
-	       data will get stored correctly. */
-
-	    adb->admin_history_kvno = hist_kvno;
-
-	    return(ret);
-	}
-
-	xdrmem_create(&xdrs, tl_data.tl_data_contents,
-		      tl_data.tl_data_length, XDR_DECODE);
-	if (! xdr_osa_princ_ent_rec(&xdrs, adb)) {
-	   xdr_destroy(&xdrs);
-	   krb5_db_free_principal(handle->context, kdb, 1);
-	   return(KADM5_XDR_FAILURE);
-	}
-	xdr_destroy(&xdrs);
+        memset(adb, 0, sizeof(*adb));
+
+        tl_data.tl_data_type = KRB5_TL_KADM_DATA;
+        /*
+         * XXX Currently, lookup_tl_data always returns zero; it sets
+         * tl_data->tl_data_length to zero if the type isn't found.
+         * This should be fixed...
+         */
+        if ((ret = krb5_dbe_lookup_tl_data(handle->context, kdb, &tl_data))
+            || (tl_data.tl_data_length == 0)) {
+            /* there's no admin data.  this can happen, if the admin
+               server is put into production after some principals
+               are created.  In this case, return valid admin
+               data (which is all zeros with the hist_kvno filled
+               in), and when the entry is written, the admin
+               data will get stored correctly. */
+
+            adb->admin_history_kvno = hist_kvno;
+
+            return(ret);
+        }
+
+        xdrmem_create(&xdrs, tl_data.tl_data_contents,
+                      tl_data.tl_data_length, XDR_DECODE);
+        if (! xdr_osa_princ_ent_rec(&xdrs, adb)) {
+            xdr_destroy(&xdrs);
+            krb5_db_free_principal(handle->context, kdb, 1);
+            return(KADM5_XDR_FAILURE);
+        }
+        xdr_destroy(&xdrs);
     }
 
     return(0);
@@ -313,9 +314,9 @@ kdb_get_entry(kadm5_server_handle_t handle,
  *
  * Arguments:
  *
- *		handle		(r) the server_handle
- * 		kdb		(w) krb5_db_entry to fill in
- * 		adb		(w) osa_princ_ent_rec to fill in
+ *              handle          (r) the server_handle
+ *              kdb             (w) krb5_db_entry to fill in
+ *              adb             (w) osa_princ_ent_rec to fill in
  *
  * when the caller is done with kdb and adb, kdb_free_entry must be
  * called to release them.
@@ -323,18 +324,18 @@ kdb_get_entry(kadm5_server_handle_t handle,
 
 krb5_error_code
 kdb_free_entry(kadm5_server_handle_t handle,
-	       krb5_db_entry *kdb, osa_princ_ent_rec *adb)
+               krb5_db_entry *kdb, osa_princ_ent_rec *adb)
 {
     XDR xdrs;
 
 
     if (kdb)
-	krb5_db_free_principal(handle->context, kdb, 1);
+        krb5_db_free_principal(handle->context, kdb, 1);
 
     if (adb) {
-	xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
-	xdr_osa_princ_ent_rec(&xdrs, adb);
-	xdr_destroy(&xdrs);
+        xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+        xdr_osa_princ_ent_rec(&xdrs, adb);
+        xdr_destroy(&xdrs);
     }
 
     return(0);
@@ -348,9 +349,9 @@ kdb_free_entry(kadm5_server_handle_t handle,
  *
  * Arguments:
  *
- *		handle	(r) the server_handle
- * 		kdb	(r/w) the krb5_db_entry to store
- * 		adb	(r) the osa_princ_db_ent to store
+ *              handle  (r) the server_handle
+ *              kdb     (r/w) the krb5_db_entry to store
+ *              adb     (r) the osa_princ_db_ent to store
  *
  * Effects:
  *
@@ -360,7 +361,7 @@ kdb_free_entry(kadm5_server_handle_t handle,
  */
 krb5_error_code
 kdb_put_entry(kadm5_server_handle_t handle,
-	      krb5_db_entry *kdb, osa_princ_ent_rec *adb)
+              krb5_db_entry *kdb, osa_princ_ent_rec *adb)
 {
     krb5_error_code ret;
     krb5_int32 now;
@@ -370,17 +371,17 @@ kdb_put_entry(kadm5_server_handle_t handle,
 
     ret = krb5_timeofday(handle->context, &now);
     if (ret)
-	return(ret);
+        return(ret);
 
     ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now,
-					 handle->current_caller);
+                                         handle->current_caller);
     if (ret)
-	return(ret);
-    
-    xdralloc_create(&xdrs, XDR_ENCODE); 
+        return(ret);
+
+    xdralloc_create(&xdrs, XDR_ENCODE);
     if(! xdr_osa_princ_ent_rec(&xdrs, adb)) {
-	xdr_destroy(&xdrs);
-	return(KADM5_XDR_FAILURE);
+        xdr_destroy(&xdrs);
+        return(KADM5_XDR_FAILURE);
     }
     tl_data.tl_data_type = KRB5_TL_KADM_DATA;
     tl_data.tl_data_length = xdr_getpos(&xdrs);
@@ -391,7 +392,7 @@ kdb_put_entry(kadm5_server_handle_t handle,
     xdr_destroy(&xdrs);
 
     if (ret)
-	return(ret);
+        return(ret);
 
     one = 1;
 
@@ -400,7 +401,7 @@ kdb_put_entry(kadm5_server_handle_t handle,
 
     ret = krb5_db_put_principal(handle->context, kdb, &one);
     if (ret)
-	return(ret);
+        return(ret);
 
     return(0);
 }
@@ -410,7 +411,7 @@ kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name)
 {
     int one = 1;
     krb5_error_code ret;
-    
+
     ret = krb5_db_delete_principal(handle->context, name, &one);
 
     return ret;
@@ -433,7 +434,7 @@ kdb_iter_func(krb5_pointer data, krb5_db_entry *kdb)
 
 krb5_error_code
 kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry,
-	       void (*iter_fct)(void *, krb5_principal), void *data)
+               void (*iter_fct)(void *, krb5_principal), void *data)
 {
     iter_data id;
     krb5_error_code ret;
@@ -443,8 +444,7 @@ kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry,
 
     ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id);
     if (ret)
-	return(ret);
+        return(ret);
 
     return(0);
 }
-
diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c
index cd65371c9..1faeb86b1 100644
--- a/src/lib/kadm5/srv/server_misc.c
+++ b/src/lib/kadm5/srv/server_misc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -23,10 +24,10 @@ adb_policy_init(kadm5_server_handle_t handle)
 {
     /* now policy is initialized as part of database. No seperate call needed */
     if( krb5_db_inited( handle->context ) )
-	return KADM5_OK;
+        return KADM5_OK;
 
-    return krb5_db_open( handle->context, NULL, 
-			 KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN );
+    return krb5_db_open( handle->context, NULL,
+                         KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN );
 }
 
 kadm5_ret_t
@@ -40,144 +41,143 @@ adb_policy_close(kadm5_server_handle_t handle)
 /* stolen from v4sever/kadm_funcs.c */
 static char *
 reverse(str)
-	char	*str;
+    char    *str;
 {
-	static char newstr[80];
-	char	*p, *q;
-	int	i;
-
-	i = strlen(str);
-	if (i >= sizeof(newstr))
-		i = sizeof(newstr)-1;
-	p = str+i-1;
-	q = newstr;
-	q[i]='\0';
-	for(; i > 0; i--) 
-		*q++ = *p--;
-	
-	return(newstr);
+    static char newstr[80];
+    char    *p, *q;
+    int     i;
+
+    i = strlen(str);
+    if (i >= sizeof(newstr))
+        i = sizeof(newstr)-1;
+    p = str+i-1;
+    q = newstr;
+    q[i]='\0';
+    for(; i > 0; i--)
+        *q++ = *p--;
+
+    return(newstr);
 }
 #endif /* HESIOD */
 
 #if 0
 static int
 lower(str)
-	char	*str;
+    char    *str;
 {
-	register char	*cp;
-	int	effect=0;
-
-	for (cp = str; *cp; cp++) {
-		if (isupper(*cp)) {
-			*cp = tolower(*cp);
-			effect++;
-		}
-	}
-	return(effect);
+    register char   *cp;
+    int     effect=0;
+
+    for (cp = str; *cp; cp++) {
+        if (isupper(*cp)) {
+            *cp = tolower(*cp);
+            effect++;
+        }
+    }
+    return(effect);
 }
 #endif
 
 #ifdef HESIOD
 static int
 str_check_gecos(gecos, pwstr)
-	char	*gecos;
-	char	*pwstr;
+    char    *gecos;
+    char    *pwstr;
 {
-	char		*cp, *ncp, *tcp;
-	
-	for (cp = gecos; *cp; ) {
-		/* Skip past punctuation */
-		for (; *cp; cp++)
-			if (isalnum(*cp))
-				break;
-		/* Skip to the end of the word */
-		for (ncp = cp; *ncp; ncp++)
-			if (!isalnum(*ncp) && *ncp != '\'')
-				break;
-		/* Delimit end of word */
-		if (*ncp)
-			*ncp++ = '\0';
-		/* Check word to see if it's the password */
-		if (*cp) {
-			if (!strcasecmp(pwstr, cp))
-				return 1;
-			tcp = reverse(cp);
-			if (!strcasecmp(pwstr, tcp))
-				return 1;
-			cp = ncp;				
-		} else
-			break;
-	}
-	return 0;
+    char            *cp, *ncp, *tcp;
+
+    for (cp = gecos; *cp; ) {
+        /* Skip past punctuation */
+        for (; *cp; cp++)
+            if (isalnum(*cp))
+                break;
+        /* Skip to the end of the word */
+        for (ncp = cp; *ncp; ncp++)
+            if (!isalnum(*ncp) && *ncp != '\'')
+                break;
+        /* Delimit end of word */
+        if (*ncp)
+            *ncp++ = '\0';
+        /* Check word to see if it's the password */
+        if (*cp) {
+            if (!strcasecmp(pwstr, cp))
+                return 1;
+            tcp = reverse(cp);
+            if (!strcasecmp(pwstr, tcp))
+                return 1;
+            cp = ncp;
+        } else
+            break;
+    }
+    return 0;
 }
 #endif /* HESIOD */
 
 /* some of this is stolen from gatekeeper ... */
 kadm5_ret_t
 passwd_check(kadm5_server_handle_t handle,
-	     char *password, int use_policy, kadm5_policy_ent_t pol,
-	     krb5_principal principal)
+             char *password, int use_policy, kadm5_policy_ent_t pol,
+             krb5_principal principal)
 {
-    int	    nupper = 0,
-	    nlower = 0,
-	    ndigit = 0, 
-	    npunct = 0,
-	    nspec = 0;
+    int     nupper = 0,
+        nlower = 0,
+        ndigit = 0,
+        npunct = 0,
+        nspec = 0;
     char    c, *s, *cp;
 #ifdef HESIOD
     extern  struct passwd *hes_getpwnam();
     struct  passwd *ent;
 #endif
-    
+
     if(use_policy) {
-	if(strlen(password) < pol->pw_min_length)
-	    return KADM5_PASS_Q_TOOSHORT;
-	s = password;
-	while ((c = *s++)) {
-	    if (islower((unsigned char) c)) {
-		nlower = 1;
-		continue;
-	    }
-	    else if (isupper((unsigned char) c)) {
-		nupper = 1;
-		continue;
-	    } else if (isdigit((unsigned char) c)) {
-		ndigit = 1;
-		continue;
-	    } else if (ispunct((unsigned char) c)) {
-		npunct = 1;
-		continue;
-	    } else {
-		nspec = 1;
-		continue;
-	    }
-	}
-	if ((nupper + nlower + ndigit + npunct + nspec) < pol->pw_min_classes) 
-	    return KADM5_PASS_Q_CLASS;
-	if((find_word(password) == KADM5_OK))
-	    return KADM5_PASS_Q_DICT;
-	else { 
-	    int	i, n = krb5_princ_size(handle->context, principal);
-	    cp = krb5_princ_realm(handle->context, principal)->data;
-	    if (strcasecmp(cp, password) == 0)
-		return KADM5_PASS_Q_DICT;
-	    for (i = 0; i < n ; i++) {
-		cp = krb5_princ_component(handle->context, principal, i)->data;
-		if (strcasecmp(cp, password) == 0)
-		    return KADM5_PASS_Q_DICT;
+        if(strlen(password) < pol->pw_min_length)
+            return KADM5_PASS_Q_TOOSHORT;
+        s = password;
+        while ((c = *s++)) {
+            if (islower((unsigned char) c)) {
+                nlower = 1;
+                continue;
+            }
+            else if (isupper((unsigned char) c)) {
+                nupper = 1;
+                continue;
+            } else if (isdigit((unsigned char) c)) {
+                ndigit = 1;
+                continue;
+            } else if (ispunct((unsigned char) c)) {
+                npunct = 1;
+                continue;
+            } else {
+                nspec = 1;
+                continue;
+            }
+        }
+        if ((nupper + nlower + ndigit + npunct + nspec) < pol->pw_min_classes)
+            return KADM5_PASS_Q_CLASS;
+        if((find_word(password) == KADM5_OK))
+            return KADM5_PASS_Q_DICT;
+        else {
+            int i, n = krb5_princ_size(handle->context, principal);
+            cp = krb5_princ_realm(handle->context, principal)->data;
+            if (strcasecmp(cp, password) == 0)
+                return KADM5_PASS_Q_DICT;
+            for (i = 0; i < n ; i++) {
+                cp = krb5_princ_component(handle->context, principal, i)->data;
+                if (strcasecmp(cp, password) == 0)
+                    return KADM5_PASS_Q_DICT;
 #ifdef HESIOD
-		ent = hes_getpwnam(cp);
-		if (ent && ent->pw_gecos)
-		    if (str_check_gecos(ent->pw_gecos, password))
-			return KADM5_PASS_Q_DICT; /* XXX new error code? */
+                ent = hes_getpwnam(cp);
+                if (ent && ent->pw_gecos)
+                    if (str_check_gecos(ent->pw_gecos, password))
+                        return KADM5_PASS_Q_DICT; /* XXX new error code? */
 #endif
-	    }
-	    return KADM5_OK;
-	}
+            }
+            return KADM5_OK;
+        }
     } else {
-	if (strlen(password) < 1)
-	    return KADM5_PASS_Q_TOOSHORT;
+        if (strlen(password) < 1)
+            return KADM5_PASS_Q_TOOSHORT;
     }
-    return KADM5_OK;    
+    return KADM5_OK;
 }
-
diff --git a/src/lib/kadm5/srv/svr_chpass_util.c b/src/lib/kadm5/srv/svr_chpass_util.c
index c8b63100a..bfb66466a 100644
--- a/src/lib/kadm5/srv/svr_chpass_util.c
+++ b/src/lib/kadm5/srv/svr_chpass_util.c
@@ -1,16 +1,17 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <kadm5/admin.h>
 #include "server_internal.h"
 
 kadm5_ret_t kadm5_chpass_principal_util(void *server_handle,
-					krb5_principal princ,
-					char *new_pw, 
-					char **ret_pw,
-					char *msg_ret,
-					unsigned int msg_len)
+                                        krb5_principal princ,
+                                        char *new_pw,
+                                        char **ret_pw,
+                                        char *msg_ret,
+                                        unsigned int msg_len)
 {
-  kadm5_server_handle_t handle = server_handle;
+    kadm5_server_handle_t handle = server_handle;
 
-  CHECK_HANDLE(server_handle);
-  return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
-				      new_pw, ret_pw, msg_ret, msg_len);
+    CHECK_HANDLE(server_handle);
+    return _kadm5_chpass_principal_util(handle, handle->lhandle, princ,
+                                        new_pw, ret_pw, msg_ret, msg_len);
 }
diff --git a/src/lib/kadm5/srv/svr_iters.c b/src/lib/kadm5/srv/svr_iters.c
index 757d3ab0e..77ef05aea 100644
--- a/src/lib/kadm5/srv/svr_iters.c
+++ b/src/lib/kadm5/srv/svr_iters.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -19,30 +20,30 @@ static char *rcsid = "$Header$";
 #error I cannot find any regexp functions
 #endif
 
-#include	<sys/types.h>
-#include	<string.h>
-#include	<kadm5/admin.h>
+#include        <sys/types.h>
+#include        <string.h>
+#include        <kadm5/admin.h>
 #ifdef SOLARIS_REGEXPS
-#include	<regexpr.h>
+#include        <regexpr.h>
 #endif
 #ifdef POSIX_REGEXPS
-#include	<regex.h>
+#include        <regex.h>
 #endif
 #include <stdlib.h>
 
-#include	"server_internal.h"
+#include        "server_internal.h"
 
 struct iter_data {
-     krb5_context context;
-     char **names;
-     int n_names, sz_names;
-     unsigned int malloc_failed;
-     char *exp;
+    krb5_context context;
+    char **names;
+    int n_names, sz_names;
+    unsigned int malloc_failed;
+    char *exp;
 #ifdef SOLARIS_REGEXPS
-     char *expbuf;
+    char *expbuf;
 #endif
 #ifdef POSIX_REGEXPS
-     regex_t preg;
+    regex_t preg;
 #endif
 };
 
@@ -52,9 +53,9 @@ struct iter_data {
  *
  * Arguments:
  *
- *	glob	(r) the shell-style glob (?*[]) to convert
- *	realm	(r) the default realm to append, or NULL
- *	regexp	(w) the ed-style regexp created from glob
+ *      glob    (r) the shell-style glob (?*[]) to convert
+ *      realm   (r) the default realm to append, or NULL
+ *      regexp  (w) the ed-style regexp created from glob
  *
  * Effects:
  *
@@ -65,210 +66,209 @@ struct iter_data {
  *
  * Conversion algorithm:
  *
- *	quoted characters are copied quoted
- *	? is converted to .
- *	* is converted to .*
- * 	active characters are quoted: ^, $, .
- *	[ and ] are active but supported and have the same meaning, so
- *		they are copied
- *	other characters are copied
- *	regexp is anchored with ^ and $
+ *      quoted characters are copied quoted
+ *      ? is converted to .
+ *      * is converted to .*
+ *      active characters are quoted: ^, $, .
+ *      [ and ] are active but supported and have the same meaning, so
+ *              they are copied
+ *      other characters are copied
+ *      regexp is anchored with ^ and $
  */
 static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp)
 {
-     int append_realm;
-     char *p;
+    int append_realm;
+    char *p;
 
-     /* validate the glob */
-     if (glob[strlen(glob)-1] == '\\')
-	  return EINVAL;
+    /* validate the glob */
+    if (glob[strlen(glob)-1] == '\\')
+        return EINVAL;
 
-     /* A character of glob can turn into two in regexp, plus ^ and $ */
-     /* and trailing null.  If glob has no @, also allocate space for */
-     /* the realm. */
-     append_realm = (realm != NULL) && (strchr(glob, '@') == NULL);
-     p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0));
-     if (p == NULL)
-	  return ENOMEM;
-     *regexp = p;
+    /* A character of glob can turn into two in regexp, plus ^ and $ */
+    /* and trailing null.  If glob has no @, also allocate space for */
+    /* the realm. */
+    append_realm = (realm != NULL) && (strchr(glob, '@') == NULL);
+    p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0));
+    if (p == NULL)
+        return ENOMEM;
+    *regexp = p;
 
-     *p++ = '^';
-     while (*glob) {
-	  switch (*glob) {
-	  case '?':
-	       *p++ = '.';
-	       break;
-	  case '*':
-	       *p++ = '.';
-	       *p++ = '*';
-	       break;
-	  case '.':
-	  case '^':
-	  case '$':
-	       *p++ = '\\';
-	       *p++ = *glob;
-	       break;
-	  case '\\':
-	       *p++ = '\\';
-	       *p++ = *++glob;
-	       break;
-	  default:
-	       *p++ = *glob;
-	       break;
-	  }
-	  glob++;
-     }
+    *p++ = '^';
+    while (*glob) {
+        switch (*glob) {
+        case '?':
+            *p++ = '.';
+            break;
+        case '*':
+            *p++ = '.';
+            *p++ = '*';
+            break;
+        case '.':
+        case '^':
+        case '$':
+            *p++ = '\\';
+        *p++ = *glob;
+        break;
+        case '\\':
+            *p++ = '\\';
+            *p++ = *++glob;
+            break;
+        default:
+            *p++ = *glob;
+            break;
+        }
+        glob++;
+    }
 
-     if (append_realm) {
-	  *p++ = '@';
-	  *p++ = '.';
-	  *p++ = '*';
-     }
+    if (append_realm) {
+        *p++ = '@';
+        *p++ = '.';
+        *p++ = '*';
+    }
 
-     *p++ = '$';
-     *p++ = '\0';
-     return KADM5_OK;
+    *p++ = '$';
+    *p++ = '\0';
+    return KADM5_OK;
 }
 
 static void get_either_iter(struct iter_data *data, char *name)
 {
-     int match;
+    int match;
 #ifdef SOLARIS_REGEXPS
-     match = (step(name, data->expbuf) != 0);
+    match = (step(name, data->expbuf) != 0);
 #endif
 #ifdef POSIX_REGEXPS
-     match = (regexec(&data->preg, name, 0, NULL, 0) == 0);
+    match = (regexec(&data->preg, name, 0, NULL, 0) == 0);
 #endif
 #ifdef BSD_REGEXPS
-     match = (re_exec(name) != 0);
+    match = (re_exec(name) != 0);
 #endif
-     if (match) {
-	  if (data->n_names == data->sz_names) {
-	       int new_sz = data->sz_names * 2;
-	       char **new_names = realloc(data->names,
-					  new_sz * sizeof(char *));
-	       if (new_names) {
-		    data->names = new_names;
-		    data->sz_names = new_sz;
-	       } else {
-		    data->malloc_failed = 1;
-		    free(name);
-		    return;
-	       }
-	  }
-	  data->names[data->n_names++] = name;
-     } else
-	  free(name);
+    if (match) {
+        if (data->n_names == data->sz_names) {
+            int new_sz = data->sz_names * 2;
+            char **new_names = realloc(data->names,
+                                       new_sz * sizeof(char *));
+            if (new_names) {
+                data->names = new_names;
+                data->sz_names = new_sz;
+            } else {
+                data->malloc_failed = 1;
+                free(name);
+                return;
+            }
+        }
+        data->names[data->n_names++] = name;
+    } else
+        free(name);
 }
 
 static void get_pols_iter(void *data, osa_policy_ent_t entry)
 {
-     char *name;
+    char *name;
 
-     if ((name = strdup(entry->name)) == NULL)
-	  return;
-     get_either_iter(data, name);
+    if ((name = strdup(entry->name)) == NULL)
+        return;
+    get_either_iter(data, name);
 }
 
 static void get_princs_iter(void *data, krb5_principal princ)
 {
-     struct iter_data *id = (struct iter_data *) data;
-     char *name;
-     
-     if (krb5_unparse_name(id->context, princ, &name) != 0)
-	  return;
-     get_either_iter(data, name);
+    struct iter_data *id = (struct iter_data *) data;
+    char *name;
+
+    if (krb5_unparse_name(id->context, princ, &name) != 0)
+        return;
+    get_either_iter(data, name);
 }
 
 static kadm5_ret_t kadm5_get_either(int princ,
-				       void *server_handle,
-				       char *exp,
-				       char ***princs,
-				       int *count)
+                                    void *server_handle,
+                                    char *exp,
+                                    char ***princs,
+                                    int *count)
 {
-     struct iter_data data;
+    struct iter_data data;
 #ifdef BSD_REGEXPS
-     char *msg;
+    char *msg;
 #endif
-     char *regexp;
-     int i, ret;
-     kadm5_server_handle_t handle = server_handle;
+    char *regexp;
+    int i, ret;
+    kadm5_server_handle_t handle = server_handle;
 
-     *princs = NULL;
-     *count = 0;
-     if (exp == NULL)
-	  exp = "*";
+    *princs = NULL;
+    *count = 0;
+    if (exp == NULL)
+        exp = "*";
 
-     CHECK_HANDLE(server_handle);
+    CHECK_HANDLE(server_handle);
 
-     if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL,
-			       &regexp)) != KADM5_OK)
-	  return ret;
+    if ((ret = glob_to_regexp(exp, princ ? handle->params.realm : NULL,
+                              &regexp)) != KADM5_OK)
+        return ret;
 
-     if (
+    if (
 #ifdef SOLARIS_REGEXPS
-	 ((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
+        ((data.expbuf = compile(regexp, NULL, NULL)) == NULL)
 #endif
 #ifdef POSIX_REGEXPS
-	 ((regcomp(&data.preg, regexp, REG_NOSUB)) != 0)
+        ((regcomp(&data.preg, regexp, REG_NOSUB)) != 0)
 #endif
 #ifdef BSD_REGEXPS
-	 ((msg = (char *) re_comp(regexp)) != NULL)
+        ((msg = (char *) re_comp(regexp)) != NULL)
 #endif
-	 )
-     {
-	  /* XXX syslog msg or regerr(regerrno) */
-	  free(regexp);
-	  return EINVAL;
-     }
+    )
+    {
+        /* XXX syslog msg or regerr(regerrno) */
+        free(regexp);
+        return EINVAL;
+    }
+
+    data.n_names = 0;
+    data.sz_names = 10;
+    data.malloc_failed = 0;
+    data.names = malloc(sizeof(char *) * data.sz_names);
+    if (data.names == NULL) {
+        free(regexp);
+        return ENOMEM;
+    }
 
-     data.n_names = 0;
-     data.sz_names = 10;
-     data.malloc_failed = 0;
-     data.names = malloc(sizeof(char *) * data.sz_names);
-     if (data.names == NULL) {
-	  free(regexp);
-	  return ENOMEM;
-     }
+    if (princ) {
+        data.context = handle->context;
+        ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data);
+    } else {
+        ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data);
+    }
 
-     if (princ) {
-	  data.context = handle->context;
-	  ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data);
-     } else {
-	  ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data);
-     }
-     
-     free(regexp);
+    free(regexp);
 #ifdef POSIX_REGEXPS
-     regfree(&data.preg);
+    regfree(&data.preg);
 #endif
-     if ( !ret && data.malloc_failed)
-	  ret = ENOMEM;
-     if ( ret ) {
-	  for (i = 0; i < data.n_names; i++)
-	       free(data.names[i]);
-	  free(data.names);
-	  return ret;
-     }
+    if ( !ret && data.malloc_failed)
+        ret = ENOMEM;
+    if ( ret ) {
+        for (i = 0; i < data.n_names; i++)
+            free(data.names[i]);
+        free(data.names);
+        return ret;
+    }
 
-     *princs = data.names;
-     *count = data.n_names;
-     return KADM5_OK;
+    *princs = data.names;
+    *count = data.n_names;
+    return KADM5_OK;
 }
 
 kadm5_ret_t kadm5_get_principals(void *server_handle,
-					   char *exp,
-					   char ***princs,
-					   int *count)
+                                 char *exp,
+                                 char ***princs,
+                                 int *count)
 {
-     return kadm5_get_either(1, server_handle, exp, princs, count);
+    return kadm5_get_either(1, server_handle, exp, princs, count);
 }
 
 kadm5_ret_t kadm5_get_policies(void *server_handle,
-					   char *exp,
-					   char ***pols,
-					   int *count)
+                               char *exp,
+                               char ***pols,
+                               int *count)
 {
-     return kadm5_get_either(0, server_handle, exp, pols, count);
+    return kadm5_get_either(0, server_handle, exp, pols, count);
 }
-
diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index 0d8c5ced6..1d3ccbc66 100644
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -8,170 +9,170 @@
 static char *rcsid = "$Header$";
 #endif
 
-#include	<sys/types.h>
-#include	<kadm5/admin.h>
-#include	"server_internal.h"
-#include	<stdlib.h>
-#include	<string.h>
-#include	<errno.h>
+#include        <sys/types.h>
+#include        <kadm5/admin.h>
+#include        "server_internal.h"
+#include        <stdlib.h>
+#include        <string.h>
+#include        <errno.h>
 
-#define MIN_PW_HISTORY	1
-#define	MIN_PW_CLASSES	1
-#define MAX_PW_CLASSES	5
-#define	MIN_PW_LENGTH	1
+#define MIN_PW_HISTORY  1
+#define MIN_PW_CLASSES  1
+#define MAX_PW_CLASSES  5
+#define MIN_PW_LENGTH   1
 
 /*
  * Function: kadm5_create_policy
- * 
+ *
  * Purpose: Create Policies in the policy DB.
  *
  * Arguments:
- *	entry	(input) The policy entry to be written out to the DB.
- *	mask	(input)	Specifies which fields in entry are to ge written out
- *			and which get default values.
- *	<return value> 0 if successful otherwise an error code is returned.
+ *      entry   (input) The policy entry to be written out to the DB.
+ *      mask    (input) Specifies which fields in entry are to ge written out
+ *                      and which get default values.
+ *      <return value> 0 if successful otherwise an error code is returned.
  *
  * Requires:
- *	Entry must be a valid principal entry, and mask have a valid value.
- * 
+ *      Entry must be a valid principal entry, and mask have a valid value.
+ *
  * Effects:
- *	Verifies that mask does not specify that the refcount should
- *	be set as part of the creation, and calls
- *	kadm5_create_policy_internal.  If the refcount *is*
- *	specified, returns KADM5_BAD_MASK.
+ *      Verifies that mask does not specify that the refcount should
+ *      be set as part of the creation, and calls
+ *      kadm5_create_policy_internal.  If the refcount *is*
+ *      specified, returns KADM5_BAD_MASK.
  */
 
 kadm5_ret_t
 kadm5_create_policy(void *server_handle,
-			 kadm5_policy_ent_t entry, long mask)
+                    kadm5_policy_ent_t entry, long mask)
 {
     CHECK_HANDLE(server_handle);
 
     krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
 
     if (mask & KADM5_REF_COUNT)
-	return KADM5_BAD_MASK;
+        return KADM5_BAD_MASK;
     else
-	return kadm5_create_policy_internal(server_handle, entry, mask);
+        return kadm5_create_policy_internal(server_handle, entry, mask);
 }
 
 /*
  * Function: kadm5_create_policy_internal
- * 
+ *
  * Purpose: Create Policies in the policy DB.
  *
  * Arguments:
- *	entry	(input) The policy entry to be written out to the DB.
- *	mask	(input)	Specifies which fields in entry are to ge written out
- *			and which get default values.
- *	<return value> 0 if successful otherwise an error code is returned.
+ *      entry   (input) The policy entry to be written out to the DB.
+ *      mask    (input) Specifies which fields in entry are to ge written out
+ *                      and which get default values.
+ *      <return value> 0 if successful otherwise an error code is returned.
  *
  * Requires:
- *	Entry must be a valid principal entry, and mask have a valid value.
- * 
+ *      Entry must be a valid principal entry, and mask have a valid value.
+ *
  * Effects:
- *	Writes the data to the database, and does a database sync if
- *	successful.
+ *      Writes the data to the database, and does a database sync if
+ *      successful.
  *
  */
 
 kadm5_ret_t
 kadm5_create_policy_internal(void *server_handle,
-				  kadm5_policy_ent_t entry, long mask)
+                             kadm5_policy_ent_t entry, long mask)
 {
     kadm5_server_handle_t handle = server_handle;
-    osa_policy_ent_rec	pent;
-    int			ret;
-    char		*p;
+    osa_policy_ent_rec  pent;
+    int                 ret;
+    char                *p;
 
     CHECK_HANDLE(server_handle);
 
     if ((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
-	return EINVAL;
+        return EINVAL;
     if(strlen(entry->policy) == 0)
-	return KADM5_BAD_POLICY;
+        return KADM5_BAD_POLICY;
     if (!(mask & KADM5_POLICY))
-	return KADM5_BAD_MASK;
-	
+        return KADM5_BAD_MASK;
+
     pent.name = entry->policy;
     p = entry->policy;
     while(*p != '\0') {
-	if(*p < ' ' || *p > '~')
-	    return KADM5_BAD_POLICY;
-	else
-	    p++;
+        if(*p < ' ' || *p > '~')
+            return KADM5_BAD_POLICY;
+        else
+            p++;
     }
     if (!(mask & KADM5_PW_MAX_LIFE))
-	pent.pw_max_life = 0;
+        pent.pw_max_life = 0;
     else
-	pent.pw_max_life = entry->pw_max_life;
+        pent.pw_max_life = entry->pw_max_life;
     if (!(mask & KADM5_PW_MIN_LIFE))
-	pent.pw_min_life = 0;
+        pent.pw_min_life = 0;
     else {
-	if((mask & KADM5_PW_MAX_LIFE)) {
-	    if(entry->pw_min_life > entry->pw_max_life && entry->pw_max_life != 0)
-		return KADM5_BAD_MIN_PASS_LIFE;
-	}
-	pent.pw_min_life = entry->pw_min_life;
+        if((mask & KADM5_PW_MAX_LIFE)) {
+            if(entry->pw_min_life > entry->pw_max_life && entry->pw_max_life != 0)
+                return KADM5_BAD_MIN_PASS_LIFE;
+        }
+        pent.pw_min_life = entry->pw_min_life;
     }
     if (!(mask & KADM5_PW_MIN_LENGTH))
-	pent.pw_min_length = MIN_PW_LENGTH;
+        pent.pw_min_length = MIN_PW_LENGTH;
     else {
-	if(entry->pw_min_length < MIN_PW_LENGTH)
-	    return KADM5_BAD_LENGTH;
-	pent.pw_min_length = entry->pw_min_length;
+        if(entry->pw_min_length < MIN_PW_LENGTH)
+            return KADM5_BAD_LENGTH;
+        pent.pw_min_length = entry->pw_min_length;
     }
     if (!(mask & KADM5_PW_MIN_CLASSES))
-	pent.pw_min_classes = MIN_PW_CLASSES;
+        pent.pw_min_classes = MIN_PW_CLASSES;
     else {
-	if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES)
-	    return KADM5_BAD_CLASS;
-	pent.pw_min_classes = entry->pw_min_classes;
+        if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES)
+            return KADM5_BAD_CLASS;
+        pent.pw_min_classes = entry->pw_min_classes;
     }
     if (!(mask & KADM5_PW_HISTORY_NUM))
-	pent.pw_history_num = MIN_PW_HISTORY;
+        pent.pw_history_num = MIN_PW_HISTORY;
     else {
-	if(entry->pw_history_num < MIN_PW_HISTORY)
-	    return KADM5_BAD_HISTORY;
-	else
-	    pent.pw_history_num = entry->pw_history_num;
+        if(entry->pw_history_num < MIN_PW_HISTORY)
+            return KADM5_BAD_HISTORY;
+        else
+            pent.pw_history_num = entry->pw_history_num;
     }
     if (!(mask & KADM5_REF_COUNT))
-	pent.policy_refcnt = 0;
+        pent.policy_refcnt = 0;
     else
-	pent.policy_refcnt = entry->policy_refcnt;
+        pent.policy_refcnt = entry->policy_refcnt;
 
     if (handle->api_version == KADM5_API_VERSION_3) {
-	if (!(mask & KADM5_PW_MAX_FAILURE))
-	    pent.pw_max_fail = 0;
-	else
-	    pent.pw_max_fail = entry->pw_max_fail;
-	if (!(mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
-	    pent.pw_failcnt_interval = 0;
-	else
-	    pent.pw_failcnt_interval = entry->pw_failcnt_interval;
-	if (!(mask & KADM5_PW_LOCKOUT_DURATION))
-	    pent.pw_lockout_duration = 0;
-	else
-	    pent.pw_lockout_duration = entry->pw_lockout_duration;
+        if (!(mask & KADM5_PW_MAX_FAILURE))
+            pent.pw_max_fail = 0;
+        else
+            pent.pw_max_fail = entry->pw_max_fail;
+        if (!(mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
+            pent.pw_failcnt_interval = 0;
+        else
+            pent.pw_failcnt_interval = entry->pw_failcnt_interval;
+        if (!(mask & KADM5_PW_LOCKOUT_DURATION))
+            pent.pw_lockout_duration = 0;
+        else
+            pent.pw_lockout_duration = entry->pw_lockout_duration;
     } else {
-	pent.pw_max_fail = 0;
-	pent.pw_failcnt_interval = 0;
-	pent.pw_lockout_duration = 0;
+        pent.pw_max_fail = 0;
+        pent.pw_failcnt_interval = 0;
+        pent.pw_lockout_duration = 0;
     }
 
     if ((ret = krb5_db_create_policy(handle->context, &pent)))
-	return ret;
+        return ret;
     else
-	return KADM5_OK;
+        return KADM5_OK;
 }
-	  
+
 kadm5_ret_t
 kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
 {
     kadm5_server_handle_t handle = server_handle;
-    osa_policy_ent_t		entry;
-    int				ret;
+    osa_policy_ent_t            entry;
+    int                         ret;
     int                         cnt=1;
 
     CHECK_HANDLE(server_handle);
@@ -179,102 +180,102 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
     krb5_clear_error_message(handle->context);
 
     if(name == (kadm5_policy_t) NULL)
-	return EINVAL;
+        return EINVAL;
     if(strlen(name) == 0)
-	return KADM5_BAD_POLICY;
+        return KADM5_BAD_POLICY;
     if((ret = krb5_db_get_policy(handle->context, name, &entry,&cnt)))
-	return ret;
+        return ret;
     if( cnt != 1 )
-	return KADM5_UNK_POLICY;
+        return KADM5_UNK_POLICY;
 
     if(entry->policy_refcnt != 0) {
-	krb5_db_free_policy(handle->context, entry);
-	return KADM5_POLICY_REF;
+        krb5_db_free_policy(handle->context, entry);
+        return KADM5_POLICY_REF;
     }
     krb5_db_free_policy(handle->context, entry);
     if ((ret = krb5_db_delete_policy(handle->context, name)))
-	return ret;
+        return ret;
     else
-	return KADM5_OK;
+        return KADM5_OK;
 }
 
 kadm5_ret_t
 kadm5_modify_policy(void *server_handle,
-			 kadm5_policy_ent_t entry, long mask)
+                    kadm5_policy_ent_t entry, long mask)
 {
     CHECK_HANDLE(server_handle);
 
     krb5_clear_error_message(((kadm5_server_handle_t)server_handle)->context);
 
     if (mask & KADM5_REF_COUNT)
-	return KADM5_BAD_MASK;
+        return KADM5_BAD_MASK;
     else
-	return kadm5_modify_policy_internal(server_handle, entry, mask);
+        return kadm5_modify_policy_internal(server_handle, entry, mask);
 }
 
 kadm5_ret_t
 kadm5_modify_policy_internal(void *server_handle,
-				  kadm5_policy_ent_t entry, long mask)
+                             kadm5_policy_ent_t entry, long mask)
 {
     kadm5_server_handle_t handle = server_handle;
-    osa_policy_ent_t	p;
-    int			ret;
+    osa_policy_ent_t    p;
+    int                 ret;
     int                 cnt=1;
 
     CHECK_HANDLE(server_handle);
 
     if((entry == (kadm5_policy_ent_t) NULL) || (entry->policy == NULL))
-	return EINVAL;
+        return EINVAL;
     if(strlen(entry->policy) == 0)
-	return KADM5_BAD_POLICY;
+        return KADM5_BAD_POLICY;
     if((mask & KADM5_POLICY))
-	return KADM5_BAD_MASK;
-		
+        return KADM5_BAD_MASK;
+
     if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
-	return ret;
+        return ret;
     if (cnt != 1)
-	return KADM5_UNK_POLICY;
+        return KADM5_UNK_POLICY;
 
     if ((mask & KADM5_PW_MAX_LIFE))
-	p->pw_max_life = entry->pw_max_life;
+        p->pw_max_life = entry->pw_max_life;
     if ((mask & KADM5_PW_MIN_LIFE)) {
-	if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0)	{
-	     krb5_db_free_policy(handle->context, p);
-	     return KADM5_BAD_MIN_PASS_LIFE;
-	}
-	p->pw_min_life = entry->pw_min_life;
+        if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0)  {
+            krb5_db_free_policy(handle->context, p);
+            return KADM5_BAD_MIN_PASS_LIFE;
+        }
+        p->pw_min_life = entry->pw_min_life;
     }
     if ((mask & KADM5_PW_MIN_LENGTH)) {
-	if(entry->pw_min_length < MIN_PW_LENGTH) {
-	      krb5_db_free_policy(handle->context, p);
-	      return KADM5_BAD_LENGTH;
-	 }
-	p->pw_min_length = entry->pw_min_length;
+        if(entry->pw_min_length < MIN_PW_LENGTH) {
+            krb5_db_free_policy(handle->context, p);
+            return KADM5_BAD_LENGTH;
+        }
+        p->pw_min_length = entry->pw_min_length;
     }
     if ((mask & KADM5_PW_MIN_CLASSES)) {
-	if(entry->pw_min_classes > MAX_PW_CLASSES ||
-	   entry->pw_min_classes < MIN_PW_CLASSES) {
-	     krb5_db_free_policy(handle->context, p);
-	     return KADM5_BAD_CLASS;
-	}
-	p->pw_min_classes = entry->pw_min_classes;
+        if(entry->pw_min_classes > MAX_PW_CLASSES ||
+           entry->pw_min_classes < MIN_PW_CLASSES) {
+            krb5_db_free_policy(handle->context, p);
+            return KADM5_BAD_CLASS;
+        }
+        p->pw_min_classes = entry->pw_min_classes;
     }
     if ((mask & KADM5_PW_HISTORY_NUM)) {
-	if(entry->pw_history_num < MIN_PW_HISTORY) {
-	     krb5_db_free_policy(handle->context, p);
-	     return KADM5_BAD_HISTORY;
-	}
-	p->pw_history_num = entry->pw_history_num;
+        if(entry->pw_history_num < MIN_PW_HISTORY) {
+            krb5_db_free_policy(handle->context, p);
+            return KADM5_BAD_HISTORY;
+        }
+        p->pw_history_num = entry->pw_history_num;
     }
     if ((mask & KADM5_REF_COUNT))
-	p->policy_refcnt = entry->policy_refcnt;
+        p->policy_refcnt = entry->policy_refcnt;
     if (handle->api_version == KADM5_API_VERSION_3) {
-	if ((mask & KADM5_PW_MAX_FAILURE))
-	    p->pw_max_fail = entry->pw_max_fail;
-	if ((mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
-	    p->pw_failcnt_interval = entry->pw_failcnt_interval;
-	if ((mask & KADM5_PW_LOCKOUT_DURATION))
-	    p->pw_lockout_duration = entry->pw_lockout_duration;
+        if ((mask & KADM5_PW_MAX_FAILURE))
+            p->pw_max_fail = entry->pw_max_fail;
+        if ((mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
+            p->pw_failcnt_interval = entry->pw_failcnt_interval;
+        if ((mask & KADM5_PW_LOCKOUT_DURATION))
+            p->pw_lockout_duration = entry->pw_lockout_duration;
     }
     ret = krb5_db_put_policy(handle->context, p);
     krb5_db_free_policy(handle->context, p);
@@ -283,10 +284,10 @@ kadm5_modify_policy_internal(void *server_handle,
 
 kadm5_ret_t
 kadm5_get_policy(void *server_handle, kadm5_policy_t name,
-		 kadm5_policy_ent_t entry) 
+                 kadm5_policy_ent_t entry)
 {
-    osa_policy_ent_t		t;
-    int				ret;
+    osa_policy_ent_t            t;
+    int                         ret;
     kadm5_server_handle_t handle = server_handle;
     int                         cnt=1;
 
@@ -295,18 +296,18 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
     krb5_clear_error_message(handle->context);
 
     if (name == (kadm5_policy_t) NULL)
-	return EINVAL;
+        return EINVAL;
     if(strlen(name) == 0)
-	return KADM5_BAD_POLICY;
+        return KADM5_BAD_POLICY;
     if((ret = krb5_db_get_policy(handle->context, name, &t, &cnt)))
-	return ret;
+        return ret;
 
     if( cnt != 1 )
-	return KADM5_UNK_POLICY;
+        return KADM5_UNK_POLICY;
 
     if ((entry->policy = strdup(t->name)) == NULL) {
-	 krb5_db_free_policy(handle->context, t);
-	 return ENOMEM;
+        krb5_db_free_policy(handle->context, t);
+        return ENOMEM;
     }
     entry->pw_min_life = t->pw_min_life;
     entry->pw_max_life = t->pw_max_life;
@@ -315,9 +316,9 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
     entry->pw_history_num = t->pw_history_num;
     entry->policy_refcnt = t->policy_refcnt;
     if (handle->api_version == KADM5_API_VERSION_3) {
-	entry->pw_max_fail = t->pw_max_fail;
-	entry->pw_failcnt_interval = t->pw_failcnt_interval;
-	entry->pw_lockout_duration = t->pw_lockout_duration;
+        entry->pw_max_fail = t->pw_max_fail;
+        entry->pw_failcnt_interval = t->pw_failcnt_interval;
+        entry->pw_lockout_duration = t->pw_lockout_duration;
     }
     krb5_db_free_policy(handle->context, t);
 
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 40eea875b..a58c798ac 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -8,19 +9,19 @@
 static char *rcsid = "$Header$";
 #endif
 
-#include	<sys/types.h>
-#include	<sys/time.h>
-#include	<errno.h>
-#include	<kadm5/admin.h>
-#include	<kdb.h>
-#include	<stdio.h>
-#include	<string.h>
-#include	"server_internal.h"
-#include	<stdarg.h>
-#include	<stdlib.h>
+#include        <sys/types.h>
+#include        <sys/time.h>
+#include        <errno.h>
+#include        <kadm5/admin.h>
+#include        <kdb.h>
+#include        <stdio.h>
+#include        <string.h>
+#include        "server_internal.h"
+#include        <stdarg.h>
+#include        <stdlib.h>
 #ifdef USE_PASSWORD_SERVER
-#include	<sys/wait.h>
-#include	<signal.h>
+#include        <sys/wait.h>
+#include        <signal.h>
 
 #endif
 
@@ -30,19 +31,19 @@ static char *rcsid = "$Header$";
 #define VALGRIND_CHECK_DEFINED(LVALUE) ((void)0)
 #endif
 
-extern	krb5_principal	    master_princ;
-extern	krb5_principal	    hist_princ;
-extern  krb5_keyblock	    master_keyblock;
+extern  krb5_principal      master_princ;
+extern  krb5_principal      hist_princ;
+extern  krb5_keyblock       master_keyblock;
 extern  krb5_keylist_node  *master_keylist;
 extern  krb5_actkvno_node  *active_mkey_list;
-extern	krb5_keyblock	    hist_key;
-extern	krb5_db_entry	    master_db;
-extern	krb5_db_entry	    hist_db;
-extern  krb5_kvno	    hist_kvno;
+extern  krb5_keyblock       hist_key;
+extern  krb5_db_entry       master_db;
+extern  krb5_db_entry       hist_db;
+extern  krb5_kvno           hist_kvno;
 
 static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey,
-			    int n_key_data, krb5_key_data *key_data,
-			    krb5_keyblock **keyblocks, int *n_keys);
+                            int n_key_data, krb5_key_data *key_data,
+                            krb5_keyblock **keyblocks, int *n_keys);
 
 static krb5_error_code
 kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)
@@ -61,7 +62,7 @@ kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pr
     nelems = (int) krb5_princ_size(context, inprinc);
     tempprinc->data = krb5_db_alloc(context, NULL, nelems * sizeof(krb5_data));
     if (tempprinc->data == 0) {
-	krb5_db_free(context, (char *)tempprinc);
+        krb5_db_free(context, (char *)tempprinc);
         return ENOMEM;
     }
 
@@ -79,17 +80,17 @@ kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pr
         if (len)
             memcpy(krb5_princ_component(context, tempprinc, i)->data,
                    krb5_princ_component(context, inprinc, i)->data, len);
-	krb5_princ_component(context, tempprinc, i)->magic = KV5M_DATA;
+        krb5_princ_component(context, tempprinc, i)->magic = KV5M_DATA;
     }
 
     tempprinc->realm.data =
-	krb5_db_alloc(context, NULL, tempprinc->realm.length = inprinc->realm.length);
+        krb5_db_alloc(context, NULL, tempprinc->realm.length = inprinc->realm.length);
     if (!tempprinc->realm.data && tempprinc->realm.length) {
-            for (i = 0; i < nelems; i++)
-		krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data);
-            krb5_db_free(context, tempprinc->data);
-            krb5_db_free(context, tempprinc);
-            return ENOMEM;
+        for (i = 0; i < nelems; i++)
+            krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data);
+        krb5_db_free(context, tempprinc->data);
+        krb5_db_free(context, tempprinc);
+        return ENOMEM;
     }
     if (tempprinc->realm.length)
         memcpy(tempprinc->realm.data, inprinc->realm.data,
@@ -122,90 +123,90 @@ kadm5_free_principal(krb5_context context, krb5_principal val)
  * XXX Functions that ought to be in libkrb5.a, but aren't.
  */
 kadm5_ret_t krb5_copy_key_data_contents(context, from, to)
-   krb5_context context;
-   krb5_key_data *from, *to;
+    krb5_context context;
+    krb5_key_data *from, *to;
 {
-     int i, idx;
-
-     *to = *from;
-
-     idx = (from->key_data_ver == 1 ? 1 : 2);
-
-     for (i = 0; i < idx; i++) {
-       if ( from->key_data_length[i] ) {
-	 to->key_data_contents[i] = malloc(from->key_data_length[i]);
-	 if (to->key_data_contents[i] == NULL) {
-	   for (i = 0; i < idx; i++) {
-	     if (to->key_data_contents[i]) {
-	       memset(to->key_data_contents[i], 0,
-		      to->key_data_length[i]);
-	       free(to->key_data_contents[i]);
-	     }
-	   }
-	   return ENOMEM;
-	 }
-	 memcpy(to->key_data_contents[i], from->key_data_contents[i],
-		from->key_data_length[i]);
-       }
-     }
-     return 0;
+    int i, idx;
+
+    *to = *from;
+
+    idx = (from->key_data_ver == 1 ? 1 : 2);
+
+    for (i = 0; i < idx; i++) {
+        if ( from->key_data_length[i] ) {
+            to->key_data_contents[i] = malloc(from->key_data_length[i]);
+            if (to->key_data_contents[i] == NULL) {
+                for (i = 0; i < idx; i++) {
+                    if (to->key_data_contents[i]) {
+                        memset(to->key_data_contents[i], 0,
+                               to->key_data_length[i]);
+                        free(to->key_data_contents[i]);
+                    }
+                }
+                return ENOMEM;
+            }
+            memcpy(to->key_data_contents[i], from->key_data_contents[i],
+                   from->key_data_length[i]);
+        }
+    }
+    return 0;
 }
 
 static krb5_tl_data *dup_tl_data(krb5_tl_data *tl)
 {
-     krb5_tl_data *n;
-
-     n = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
-     if (n == NULL)
-	  return NULL;
-     n->tl_data_contents = malloc(tl->tl_data_length);
-     if (n->tl_data_contents == NULL) {
-	  free(n);
-	  return NULL;
-     }
-     memcpy(n->tl_data_contents, tl->tl_data_contents, tl->tl_data_length);
-     n->tl_data_type = tl->tl_data_type;
-     n->tl_data_length = tl->tl_data_length;
-     n->tl_data_next = NULL;
-     return n;
+    krb5_tl_data *n;
+
+    n = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
+    if (n == NULL)
+        return NULL;
+    n->tl_data_contents = malloc(tl->tl_data_length);
+    if (n->tl_data_contents == NULL) {
+        free(n);
+        return NULL;
+    }
+    memcpy(n->tl_data_contents, tl->tl_data_contents, tl->tl_data_length);
+    n->tl_data_type = tl->tl_data_type;
+    n->tl_data_length = tl->tl_data_length;
+    n->tl_data_next = NULL;
+    return n;
 }
 
 /* This is in lib/kdb/kdb_cpw.c, but is static */
 static void cleanup_key_data(context, count, data)
-   krb5_context	  context;
-   int			  count;
-   krb5_key_data	* data;
+    krb5_context   context;
+    int                    count;
+    krb5_key_data        * data;
 {
-     int i, j;
+    int i, j;
 
-     for (i = 0; i < count; i++)
-	  for (j = 0; j < data[i].key_data_ver; j++)
-	       if (data[i].key_data_length[j])
-		   krb5_db_free(context, data[i].key_data_contents[j]);
-     krb5_db_free(context, data);
+    for (i = 0; i < count; i++)
+        for (j = 0; j < data[i].key_data_ver; j++)
+            if (data[i].key_data_length[j])
+                krb5_db_free(context, data[i].key_data_contents[j]);
+    krb5_db_free(context, data);
 }
 
 kadm5_ret_t
 kadm5_create_principal(void *server_handle,
-			    kadm5_principal_ent_t entry, long mask,
-			    char *password)
+                       kadm5_principal_ent_t entry, long mask,
+                       char *password)
 {
     return
-	kadm5_create_principal_3(server_handle, entry, mask,
-				 0, NULL, password);
+        kadm5_create_principal_3(server_handle, entry, mask,
+                                 0, NULL, password);
 }
 kadm5_ret_t
 kadm5_create_principal_3(void *server_handle,
-			 kadm5_principal_ent_t entry, long mask,
-			 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
-			 char *password)
+                         kadm5_principal_ent_t entry, long mask,
+                         int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                         char *password)
 {
-    krb5_db_entry		kdb;
-    osa_princ_ent_rec		adb;
-    kadm5_policy_ent_rec	polent;
-    krb5_int32			now;
-    krb5_tl_data		*tl_data_orig, *tl_data_tail;
-    unsigned int		ret;
+    krb5_db_entry               kdb;
+    osa_princ_ent_rec           adb;
+    kadm5_policy_ent_rec        polent;
+    krb5_int32                  now;
+    krb5_tl_data                *tl_data_orig, *tl_data_tail;
+    unsigned int                ret;
     kadm5_server_handle_t handle = server_handle;
     krb5_keyblock               *act_mkey;
     krb5_kvno                   act_kvno;
@@ -223,11 +224,11 @@ kadm5_create_principal_3(void *server_handle,
        (mask & KADM5_AUX_ATTRIBUTES) || (mask & KADM5_KEY_DATA) ||
        (mask & KADM5_LAST_SUCCESS) || (mask & KADM5_LAST_FAILED) ||
        (mask & KADM5_FAIL_AUTH_COUNT))
-	return KADM5_BAD_MASK;
+        return KADM5_BAD_MASK;
     if((mask & ~ALL_PRINC_MASK))
-	return KADM5_BAD_MASK;
+        return KADM5_BAD_MASK;
     if (entry == NULL)
-	return EINVAL;
+        return EINVAL;
 
     /*
      * Check to see if the principal exists
@@ -236,12 +237,12 @@ kadm5_create_principal_3(void *server_handle,
 
     switch(ret) {
     case KADM5_UNK_PRINC:
-	break;
+        break;
     case 0:
-	kdb_free_entry(handle, &kdb, &adb);
-	return KADM5_DUP;
+        kdb_free_entry(handle, &kdb, &adb);
+        return KADM5_DUP;
     default:
-	return ret;
+        return ret;
     }
 
     memset(&kdb, 0, sizeof(krb5_db_entry));
@@ -252,22 +253,22 @@ kadm5_create_principal_3(void *server_handle,
      * If we can not find the one specified return an error
      */
     if ((mask & KADM5_POLICY)) {
-	 if ((ret = kadm5_get_policy(handle->lhandle, entry->policy,
-				     &polent)) != KADM5_OK) {
-	    if(ret == EINVAL)
-		return KADM5_BAD_POLICY;
-	    else
-		return ret;
-	}
+        if ((ret = kadm5_get_policy(handle->lhandle, entry->policy,
+                                    &polent)) != KADM5_OK) {
+            if(ret == EINVAL)
+                return KADM5_BAD_POLICY;
+            else
+                return ret;
+        }
     }
     if (password) {
-	ret = passwd_check(handle, password, (mask & KADM5_POLICY),
-			   &polent, entry->principal);
-	if (ret) {
-	    if (mask & KADM5_POLICY)
-		(void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	    return ret;
-	}
+        ret = passwd_check(handle, password, (mask & KADM5_POLICY),
+                           &polent, entry->principal);
+        if (ret) {
+            if (mask & KADM5_POLICY)
+                (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+            return ret;
+        }
     }
     /*
      * Start populating the various DB fields, using the
@@ -275,43 +276,43 @@ kadm5_create_principal_3(void *server_handle,
      * mask.
      */
     if ((ret = krb5_timeofday(handle->context, &now))) {
-	 if (mask & KADM5_POLICY)
-	      (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	 return ret;
+        if (mask & KADM5_POLICY)
+            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+        return ret;
     }
 
     kdb.magic = KRB5_KDB_MAGIC_NUMBER;
     kdb.len = KRB5_KDB_V1_BASE_LENGTH; /* gag me with a chainsaw */
 
     if ((mask & KADM5_ATTRIBUTES))
-	kdb.attributes = entry->attributes;
+        kdb.attributes = entry->attributes;
     else
-       kdb.attributes = handle->params.flags;
+        kdb.attributes = handle->params.flags;
 
     if ((mask & KADM5_MAX_LIFE))
-	kdb.max_life = entry->max_life;
+        kdb.max_life = entry->max_life;
     else
-	kdb.max_life = handle->params.max_life;
+        kdb.max_life = handle->params.max_life;
 
     if (mask & KADM5_MAX_RLIFE)
-	 kdb.max_renewable_life = entry->max_renewable_life;
+        kdb.max_renewable_life = entry->max_renewable_life;
     else
-	 kdb.max_renewable_life = handle->params.max_rlife;
+        kdb.max_renewable_life = handle->params.max_rlife;
 
     if ((mask & KADM5_PRINC_EXPIRE_TIME))
-	kdb.expiration = entry->princ_expire_time;
+        kdb.expiration = entry->princ_expire_time;
     else
-	kdb.expiration = handle->params.expiration;
+        kdb.expiration = handle->params.expiration;
 
     kdb.pw_expiration = 0;
     if ((mask & KADM5_POLICY)) {
-	if(polent.pw_max_life)
-	    kdb.pw_expiration = now + polent.pw_max_life;
-	else
-	    kdb.pw_expiration = 0;
+        if(polent.pw_max_life)
+            kdb.pw_expiration = now + polent.pw_max_life;
+        else
+            kdb.pw_expiration = 0;
     }
     if ((mask & KADM5_PW_EXPIRATION))
-	 kdb.pw_expiration = entry->pw_expiration;
+        kdb.pw_expiration = entry->pw_expiration;
 
     kdb.last_success = 0;
     kdb.last_failed = 0;
@@ -322,40 +323,40 @@ kadm5_create_principal_3(void *server_handle,
        principal. */
 
     if ((ret = kadm5_copy_principal(handle->context,
-				    entry->principal, &(kdb.princ)))) {
-	if (mask & KADM5_POLICY)
-	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	return(ret);
+                                    entry->principal, &(kdb.princ)))) {
+        if (mask & KADM5_POLICY)
+            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+        return(ret);
     }
 
     if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) {
-         krb5_db_free_principal(handle->context, &kdb, 1);
-	 if (mask & KADM5_POLICY)
-	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	 return(ret);
+        krb5_db_free_principal(handle->context, &kdb, 1);
+        if (mask & KADM5_POLICY)
+            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+        return(ret);
     }
 
     if (mask & KADM5_TL_DATA) {
-	/* splice entry->tl_data onto the front of kdb.tl_data */
-	tl_data_orig = kdb.tl_data;
-	for (tl_data_tail = entry->tl_data; tl_data_tail;
-	     tl_data_tail = tl_data_tail->tl_data_next)
-	{
-	    ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail);
-	    if( ret )
-	    {
-		krb5_db_free_principal(handle->context, &kdb, 1);
-		if (mask & KADM5_POLICY)
-		    (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-		return ret;
-	    }
-	}
+        /* splice entry->tl_data onto the front of kdb.tl_data */
+        tl_data_orig = kdb.tl_data;
+        for (tl_data_tail = entry->tl_data; tl_data_tail;
+             tl_data_tail = tl_data_tail->tl_data_next)
+        {
+            ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail);
+            if( ret )
+            {
+                krb5_db_free_principal(handle->context, &kdb, 1);
+                if (mask & KADM5_POLICY)
+                    (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+                return ret;
+            }
+        }
     }
 
     /* initialize the keys */
 
     ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
-				 active_mkey_list, &act_kvno, &act_mkey);
+                                 active_mkey_list, &act_kvno, &act_mkey);
     if (ret) {
         krb5_db_free_principal(handle->context, &kdb, 1);
         if (mask & KADM5_POLICY)
@@ -364,33 +365,33 @@ kadm5_create_principal_3(void *server_handle,
     }
 
     if (password) {
-	ret = krb5_dbe_cpw(handle->context, act_mkey,
-			   n_ks_tuple?ks_tuple:handle->params.keysalts,
-			   n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
-			   password, (mask & KADM5_KVNO)?entry->kvno:1,
-			   FALSE, &kdb);
+        ret = krb5_dbe_cpw(handle->context, act_mkey,
+                           n_ks_tuple?ks_tuple:handle->params.keysalts,
+                           n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+                           password, (mask & KADM5_KVNO)?entry->kvno:1,
+                           FALSE, &kdb);
     } else {
-	/* Null password means create with random key (new in 1.8). */
-	ret = krb5_dbe_crk(handle->context, &master_keyblock,
-			   n_ks_tuple?ks_tuple:handle->params.keysalts,
-			   n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
-			   FALSE, &kdb);
+        /* Null password means create with random key (new in 1.8). */
+        ret = krb5_dbe_crk(handle->context, &master_keyblock,
+                           n_ks_tuple?ks_tuple:handle->params.keysalts,
+                           n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+                           FALSE, &kdb);
     }
     if (ret) {
-	krb5_db_free_principal(handle->context, &kdb, 1);
-	if (mask & KADM5_POLICY)
-	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	return(ret);
+        krb5_db_free_principal(handle->context, &kdb, 1);
+        if (mask & KADM5_POLICY)
+            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+        return(ret);
     }
 
     /* Record the master key VNO used to encrypt this entry's keys */
     ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno);
     if (ret)
     {
-	krb5_db_free_principal(handle->context, &kdb, 1);
-	if (mask & KADM5_POLICY)
-	    (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	return ret;
+        krb5_db_free_principal(handle->context, &kdb, 1);
+        if (mask & KADM5_POLICY)
+            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+        return ret;
     }
 
     /* populate the admin-server-specific fields.  In the OV server,
@@ -401,26 +402,26 @@ kadm5_create_principal_3(void *server_handle,
 
     adb.admin_history_kvno = hist_kvno;
     if ((mask & KADM5_POLICY)) {
-	adb.aux_attributes = KADM5_POLICY;
+        adb.aux_attributes = KADM5_POLICY;
 
-	/* this does *not* need to be strdup'ed, because adb is xdr */
-	/* encoded in osa_adb_create_princ, and not ever freed */
+        /* this does *not* need to be strdup'ed, because adb is xdr */
+        /* encoded in osa_adb_create_princ, and not ever freed */
 
-	adb.policy = entry->policy;
+        adb.policy = entry->policy;
     }
 
     /* increment the policy ref count, if any */
 
     if ((mask & KADM5_POLICY)) {
-	polent.policy_refcnt++;
-	if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
-						    KADM5_REF_COUNT))
-	    != KADM5_OK) {
-	    krb5_db_free_principal(handle->context, &kdb, 1);
-	    if (mask & KADM5_POLICY)
-		 (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	    return(ret);
-	}
+        polent.policy_refcnt++;
+        if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
+                                                KADM5_REF_COUNT))
+            != KADM5_OK) {
+            krb5_db_free_principal(handle->context, &kdb, 1);
+            if (mask & KADM5_POLICY)
+                (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+            return(ret);
+        }
     }
 
     /* In all cases key and the principal data is set, let the database provider know */
@@ -432,25 +433,25 @@ kadm5_create_principal_3(void *server_handle,
     krb5_db_free_principal(handle->context, &kdb, 1);
 
     if (ret) {
-	if ((mask & KADM5_POLICY)) {
-	    /* decrement the policy ref count */
-
-	    polent.policy_refcnt--;
-	    /*
-	     * if this fails, there's nothing we can do anyway.  the
-	     * policy refcount wil be too high.
-	     */
-	    (void) kadm5_modify_policy_internal(handle->lhandle, &polent,
-						     KADM5_REF_COUNT);
-	}
-
-	if (mask & KADM5_POLICY)
-	     (void) kadm5_free_policy_ent(handle->lhandle, &polent);
-	return(ret);
+        if ((mask & KADM5_POLICY)) {
+            /* decrement the policy ref count */
+
+            polent.policy_refcnt--;
+            /*
+             * if this fails, there's nothing we can do anyway.  the
+             * policy refcount wil be too high.
+             */
+            (void) kadm5_modify_policy_internal(handle->lhandle, &polent,
+                                                KADM5_REF_COUNT);
+        }
+
+        if (mask & KADM5_POLICY)
+            (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+        return(ret);
     }
 
     if (mask & KADM5_POLICY)
-	 (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+        (void) kadm5_free_policy_ent(handle->lhandle, &polent);
 
     return KADM5_OK;
 }
@@ -459,10 +460,10 @@ kadm5_create_principal_3(void *server_handle,
 kadm5_ret_t
 kadm5_delete_principal(void *server_handle, krb5_principal principal)
 {
-    unsigned int		ret;
-    kadm5_policy_ent_rec	polent;
-    krb5_db_entry		kdb;
-    osa_princ_ent_rec		adb;
+    unsigned int                ret;
+    kadm5_policy_ent_rec        polent;
+    krb5_db_entry               kdb;
+    osa_princ_ent_rec           adb;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -470,28 +471,28 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
     krb5_clear_error_message(handle->context);
 
     if (principal == NULL)
-	return EINVAL;
+        return EINVAL;
 
     if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-	return(ret);
+        return(ret);
 
     if ((adb.aux_attributes & KADM5_POLICY)) {
-	if ((ret = kadm5_get_policy(handle->lhandle,
-				    adb.policy, &polent))
-	    == KADM5_OK) {
-	    polent.policy_refcnt--;
-	    if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
-							 KADM5_REF_COUNT))
-		!= KADM5_OK) {
-		(void) kadm5_free_policy_ent(handle->lhandle, &polent);
-		kdb_free_entry(handle, &kdb, &adb);
-		return(ret);
-	    }
-	}
-	if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) {
-	     kdb_free_entry(handle, &kdb, &adb);
-	     return ret;
-	}
+        if ((ret = kadm5_get_policy(handle->lhandle,
+                                    adb.policy, &polent))
+            == KADM5_OK) {
+            polent.policy_refcnt--;
+            if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
+                                                    KADM5_REF_COUNT))
+                != KADM5_OK) {
+                (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+                kdb_free_entry(handle, &kdb, &adb);
+                return(ret);
+            }
+        }
+        if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) {
+            kdb_free_entry(handle, &kdb, &adb);
+            return ret;
+        }
     }
 
     ret = kdb_delete_entry(handle, principal);
@@ -503,14 +504,14 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
 
 kadm5_ret_t
 kadm5_modify_principal(void *server_handle,
-			    kadm5_principal_ent_t entry, long mask)
+                       kadm5_principal_ent_t entry, long mask)
 {
-    int			    ret, ret2, i;
+    int                     ret, ret2, i;
     kadm5_policy_ent_rec    npol, opol;
-    int			    have_npol = 0, have_opol = 0;
-    krb5_db_entry	    kdb;
-    krb5_tl_data	    *tl_data_orig;
-    osa_princ_ent_rec	    adb;
+    int                     have_npol = 0, have_opol = 0;
+    krb5_db_entry           kdb;
+    krb5_tl_data            *tl_data_orig;
+    osa_princ_ent_rec       adb;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -522,154 +523,154 @@ kadm5_modify_principal(void *server_handle,
        (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
        (mask & KADM5_KEY_DATA) || (mask & KADM5_LAST_SUCCESS) ||
        (mask & KADM5_LAST_FAILED))
-	return KADM5_BAD_MASK;
+        return KADM5_BAD_MASK;
     if((mask & ~ALL_PRINC_MASK))
-	return KADM5_BAD_MASK;
+        return KADM5_BAD_MASK;
     if((mask & KADM5_POLICY) && (mask & KADM5_POLICY_CLR))
-	return KADM5_BAD_MASK;
+        return KADM5_BAD_MASK;
     if(entry == (kadm5_principal_ent_t) NULL)
-	return EINVAL;
+        return EINVAL;
     if (mask & KADM5_TL_DATA) {
-	 tl_data_orig = entry->tl_data;
-	 while (tl_data_orig) {
-	      if (tl_data_orig->tl_data_type < 256)
-		   return KADM5_BAD_TL_TYPE;
-	      tl_data_orig = tl_data_orig->tl_data_next;
-	 }
+        tl_data_orig = entry->tl_data;
+        while (tl_data_orig) {
+            if (tl_data_orig->tl_data_type < 256)
+                return KADM5_BAD_TL_TYPE;
+            tl_data_orig = tl_data_orig->tl_data_next;
+        }
     }
 
     ret = kdb_get_entry(handle, entry->principal, &kdb, &adb);
     if (ret)
-	return(ret);
+        return(ret);
 
     /*
      * This is pretty much the same as create ...
      */
 
     if ((mask & KADM5_POLICY)) {
-	 /* get the new policy */
-	 ret = kadm5_get_policy(handle->lhandle, entry->policy, &npol);
-	 if (ret) {
-	      switch (ret) {
-	      case EINVAL:
-		   ret = KADM5_BAD_POLICY;
-		   break;
-	      case KADM5_UNK_POLICY:
-	      case KADM5_BAD_POLICY:
-		   ret =  KADM5_UNK_POLICY;
-		   break;
-	      }
-	      goto done;
-	 }
-	 have_npol = 1;
-
-	 /* if we already have a policy, get it to decrement the refcnt */
-	 if(adb.aux_attributes & KADM5_POLICY) {
-	      /* ... but not if the old and new are the same */
-	      if(strcmp(adb.policy, entry->policy)) {
-		   ret = kadm5_get_policy(handle->lhandle,
-					  adb.policy, &opol);
-		   switch(ret) {
-		   case EINVAL:
-		   case KADM5_BAD_POLICY:
-		   case KADM5_UNK_POLICY:
-			break;
-		   case KADM5_OK:
-			have_opol = 1;
-			opol.policy_refcnt--;
-			break;
-		   default:
-			goto done;
-			break;
-		   }
-		   npol.policy_refcnt++;
-	      }
-	 } else npol.policy_refcnt++;
-
-	 /* set us up to use the new policy */
-	 adb.aux_attributes |= KADM5_POLICY;
-	 if (adb.policy)
-	      free(adb.policy);
-	 adb.policy = strdup(entry->policy);
-
-	 /* set pw_max_life based on new policy */
-	 if (npol.pw_max_life) {
-	     ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
-						   &(kdb.pw_expiration));
-	     if (ret)
-		 goto done;
-	     kdb.pw_expiration += npol.pw_max_life;
-	 } else {
-	     kdb.pw_expiration = 0;
-	 }
+        /* get the new policy */
+        ret = kadm5_get_policy(handle->lhandle, entry->policy, &npol);
+        if (ret) {
+            switch (ret) {
+            case EINVAL:
+                ret = KADM5_BAD_POLICY;
+                break;
+            case KADM5_UNK_POLICY:
+            case KADM5_BAD_POLICY:
+                ret =  KADM5_UNK_POLICY;
+                break;
+            }
+            goto done;
+        }
+        have_npol = 1;
+
+        /* if we already have a policy, get it to decrement the refcnt */
+        if(adb.aux_attributes & KADM5_POLICY) {
+            /* ... but not if the old and new are the same */
+            if(strcmp(adb.policy, entry->policy)) {
+                ret = kadm5_get_policy(handle->lhandle,
+                                       adb.policy, &opol);
+                switch(ret) {
+                case EINVAL:
+                case KADM5_BAD_POLICY:
+                case KADM5_UNK_POLICY:
+                    break;
+                case KADM5_OK:
+                    have_opol = 1;
+                    opol.policy_refcnt--;
+                    break;
+                default:
+                    goto done;
+                    break;
+                }
+                npol.policy_refcnt++;
+            }
+        } else npol.policy_refcnt++;
+
+        /* set us up to use the new policy */
+        adb.aux_attributes |= KADM5_POLICY;
+        if (adb.policy)
+            free(adb.policy);
+        adb.policy = strdup(entry->policy);
+
+        /* set pw_max_life based on new policy */
+        if (npol.pw_max_life) {
+            ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
+                                                  &(kdb.pw_expiration));
+            if (ret)
+                goto done;
+            kdb.pw_expiration += npol.pw_max_life;
+        } else {
+            kdb.pw_expiration = 0;
+        }
     }
 
     if ((mask & KADM5_POLICY_CLR) &&
-	(adb.aux_attributes & KADM5_POLICY)) {
-	 ret = kadm5_get_policy(handle->lhandle, adb.policy, &opol);
-	 switch(ret) {
-	 case EINVAL:
-	 case KADM5_BAD_POLICY:
-	 case KADM5_UNK_POLICY:
-	      ret = KADM5_BAD_DB;
-	      goto done;
-	      break;
-	 case KADM5_OK:
-	      have_opol = 1;
-	      if (adb.policy)
-		   free(adb.policy);
-	      adb.policy = NULL;
-	      adb.aux_attributes &= ~KADM5_POLICY;
-	      kdb.pw_expiration = 0;
-	      opol.policy_refcnt--;
-	      break;
-	 default:
-	      goto done;
-	      break;
-	 }
+        (adb.aux_attributes & KADM5_POLICY)) {
+        ret = kadm5_get_policy(handle->lhandle, adb.policy, &opol);
+        switch(ret) {
+        case EINVAL:
+        case KADM5_BAD_POLICY:
+        case KADM5_UNK_POLICY:
+            ret = KADM5_BAD_DB;
+            goto done;
+            break;
+        case KADM5_OK:
+            have_opol = 1;
+            if (adb.policy)
+                free(adb.policy);
+            adb.policy = NULL;
+            adb.aux_attributes &= ~KADM5_POLICY;
+            kdb.pw_expiration = 0;
+            opol.policy_refcnt--;
+            break;
+        default:
+            goto done;
+            break;
+        }
     }
 
     if (((mask & KADM5_POLICY) || (mask & KADM5_POLICY_CLR)) &&
-	(((have_opol) &&
-	  (ret =
-	   kadm5_modify_policy_internal(handle->lhandle, &opol,
-					     KADM5_REF_COUNT))) ||
-	 ((have_npol) &&
-	  (ret =
-	   kadm5_modify_policy_internal(handle->lhandle, &npol,
-					     KADM5_REF_COUNT)))))
-	goto done;
+        (((have_opol) &&
+          (ret =
+           kadm5_modify_policy_internal(handle->lhandle, &opol,
+                                        KADM5_REF_COUNT))) ||
+         ((have_npol) &&
+          (ret =
+           kadm5_modify_policy_internal(handle->lhandle, &npol,
+                                        KADM5_REF_COUNT)))))
+        goto done;
 
     if ((mask & KADM5_ATTRIBUTES))
-	kdb.attributes = entry->attributes;
+        kdb.attributes = entry->attributes;
     if ((mask & KADM5_MAX_LIFE))
-	kdb.max_life = entry->max_life;
+        kdb.max_life = entry->max_life;
     if ((mask & KADM5_PRINC_EXPIRE_TIME))
-	kdb.expiration = entry->princ_expire_time;
+        kdb.expiration = entry->princ_expire_time;
     if (mask & KADM5_PW_EXPIRATION)
-	 kdb.pw_expiration = entry->pw_expiration;
+        kdb.pw_expiration = entry->pw_expiration;
     if (mask & KADM5_MAX_RLIFE)
-	 kdb.max_renewable_life = entry->max_renewable_life;
+        kdb.max_renewable_life = entry->max_renewable_life;
 
     if((mask & KADM5_KVNO)) {
-	 for (i = 0; i < kdb.n_key_data; i++)
-	      kdb.key_data[i].key_data_kvno = entry->kvno;
+        for (i = 0; i < kdb.n_key_data; i++)
+            kdb.key_data[i].key_data_kvno = entry->kvno;
     }
 
     if (mask & KADM5_TL_DATA) {
-	 krb5_tl_data *tl;
-
-	 /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */
-
-	 for (tl = entry->tl_data; tl;
-	      tl = tl->tl_data_next)
-	 {
-	     ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl);
-	     if( ret )
-	     {
-		 goto done;
-	     }
-	 }
+        krb5_tl_data *tl;
+
+        /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */
+
+        for (tl = entry->tl_data; tl;
+             tl = tl->tl_data_next)
+        {
+            ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl);
+            if( ret )
+            {
+                goto done;
+            }
+        }
     }
 
     /*
@@ -678,12 +679,12 @@ kadm5_modify_principal(void *server_handle,
      * value using kadmin.
      */
     if (mask & KADM5_FAIL_AUTH_COUNT) {
-	if (entry->fail_auth_count != 0) {
-	    ret = KADM5_BAD_SERVER_PARAMS;
-	    goto done;
-	}
+        if (entry->fail_auth_count != 0) {
+            ret = KADM5_BAD_SERVER_PARAMS;
+            goto done;
+        }
 
-	kdb.fail_auth_count = 0;
+        kdb.fail_auth_count = 0;
     }
 
     /* let the mask propagate to the database provider */
@@ -695,12 +696,12 @@ kadm5_modify_principal(void *server_handle,
     ret = KADM5_OK;
 done:
     if (have_opol) {
-	 ret2 = kadm5_free_policy_ent(handle->lhandle, &opol);
-	 ret = ret ? ret : ret2;
+        ret2 = kadm5_free_policy_ent(handle->lhandle, &opol);
+        ret = ret ? ret : ret2;
     }
     if (have_npol) {
-	 ret2 = kadm5_free_policy_ent(handle->lhandle, &npol);
-	 ret = ret ? ret : ret2;
+        ret2 = kadm5_free_policy_ent(handle->lhandle, &npol);
+        ret = ret ? ret : ret2;
     }
     kdb_free_entry(handle, &kdb, &adb);
     return ret;
@@ -708,11 +709,11 @@ done:
 
 kadm5_ret_t
 kadm5_rename_principal(void *server_handle,
-			    krb5_principal source, krb5_principal target)
+                       krb5_principal source, krb5_principal target)
 {
-    krb5_db_entry	kdb;
-    osa_princ_ent_rec	adb;
-    int			ret, i;
+    krb5_db_entry       kdb;
+    osa_princ_ent_rec   adb;
+    int                 ret, i;
     kadm5_server_handle_t handle = server_handle;
 
     CHECK_HANDLE(server_handle);
@@ -720,35 +721,35 @@ kadm5_rename_principal(void *server_handle,
     krb5_clear_error_message(handle->context);
 
     if (source == NULL || target == NULL)
-	return EINVAL;
+        return EINVAL;
 
     if ((ret = kdb_get_entry(handle, target, &kdb, &adb)) == 0) {
-	kdb_free_entry(handle, &kdb, &adb);
-	return(KADM5_DUP);
+        kdb_free_entry(handle, &kdb, &adb);
+        return(KADM5_DUP);
     }
 
     if ((ret = kdb_get_entry(handle, source, &kdb, &adb)))
-	return ret;
+        return ret;
 
     /* this is kinda gross, but unavoidable */
 
     for (i=0; i<kdb.n_key_data; i++) {
-	if ((kdb.key_data[i].key_data_ver == 1) ||
-	    (kdb.key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) {
-	    ret = KADM5_NO_RENAME_SALT;
-	    goto done;
-	}
+        if ((kdb.key_data[i].key_data_ver == 1) ||
+            (kdb.key_data[i].key_data_type[1] == KRB5_KDB_SALTTYPE_NORMAL)) {
+            ret = KADM5_NO_RENAME_SALT;
+            goto done;
+        }
     }
 
     kadm5_free_principal(handle->context, kdb.princ);
     ret = kadm5_copy_principal(handle->context, target, &kdb.princ);
     if (ret) {
-	kdb.princ = NULL; /* so freeing the dbe doesn't lose */
-	goto done;
+        kdb.princ = NULL; /* so freeing the dbe doesn't lose */
+        goto done;
     }
 
     if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-	goto done;
+        goto done;
 
     ret = kdb_delete_entry(handle, source);
 
@@ -759,13 +760,13 @@ done:
 
 kadm5_ret_t
 kadm5_get_principal(void *server_handle, krb5_principal principal,
-		    kadm5_principal_ent_t entry,
-		    long in_mask)
+                    kadm5_principal_ent_t entry,
+                    long in_mask)
 {
-    krb5_db_entry		kdb;
-    osa_princ_ent_rec		adb;
-    krb5_error_code		ret = 0;
-    long			mask;
+    krb5_db_entry               kdb;
+    osa_princ_ent_rec           adb;
+    krb5_error_code             ret = 0;
+    long                        mask;
     int i;
     kadm5_server_handle_t handle = server_handle;
 
@@ -783,125 +784,125 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
     memset(entry, 0, sizeof(*entry));
 
     if (principal == NULL)
-	return EINVAL;
+        return EINVAL;
 
     if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-	return ret;
+        return ret;
 
     if ((mask & KADM5_POLICY) &&
-	adb.policy && (adb.aux_attributes & KADM5_POLICY)) {
-	if ((entry->policy = strdup(adb.policy)) == NULL) {
-	    ret = ENOMEM;
-	    goto done;
-	}
+        adb.policy && (adb.aux_attributes & KADM5_POLICY)) {
+        if ((entry->policy = strdup(adb.policy)) == NULL) {
+            ret = ENOMEM;
+            goto done;
+        }
     }
 
     if (mask & KADM5_AUX_ATTRIBUTES)
-	 entry->aux_attributes = adb.aux_attributes;
+        entry->aux_attributes = adb.aux_attributes;
 
     if ((mask & KADM5_PRINCIPAL) &&
-	(ret = krb5_copy_principal(handle->context, kdb.princ,
-				   &entry->principal))) {
-	goto done;
+        (ret = krb5_copy_principal(handle->context, kdb.princ,
+                                   &entry->principal))) {
+        goto done;
     }
 
     if (mask & KADM5_PRINC_EXPIRE_TIME)
-	 entry->princ_expire_time = kdb.expiration;
+        entry->princ_expire_time = kdb.expiration;
 
     if ((mask & KADM5_LAST_PWD_CHANGE) &&
-	(ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
-					       &(entry->last_pwd_change)))) {
-	goto done;
+        (ret = krb5_dbe_lookup_last_pwd_change(handle->context, &kdb,
+                                               &(entry->last_pwd_change)))) {
+        goto done;
     }
 
     if (mask & KADM5_PW_EXPIRATION)
-	 entry->pw_expiration = kdb.pw_expiration;
+        entry->pw_expiration = kdb.pw_expiration;
     if (mask & KADM5_MAX_LIFE)
-	 entry->max_life = kdb.max_life;
+        entry->max_life = kdb.max_life;
 
     /* this is a little non-sensical because the function returns two */
     /* values that must be checked separately against the mask */
     if ((mask & KADM5_MOD_NAME) || (mask & KADM5_MOD_TIME)) {
-	ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb,
-					     &(entry->mod_date),
-					     &(entry->mod_name));
-	if (ret) {
-	    goto done;
-	}
-
-	if (! (mask & KADM5_MOD_TIME))
-	    entry->mod_date = 0;
-	if (! (mask & KADM5_MOD_NAME)) {
-	    krb5_free_principal(handle->context, entry->principal);
-	    entry->principal = NULL;
-	}
+        ret = krb5_dbe_lookup_mod_princ_data(handle->context, &kdb,
+                                             &(entry->mod_date),
+                                             &(entry->mod_name));
+        if (ret) {
+            goto done;
+        }
+
+        if (! (mask & KADM5_MOD_TIME))
+            entry->mod_date = 0;
+        if (! (mask & KADM5_MOD_NAME)) {
+            krb5_free_principal(handle->context, entry->principal);
+            entry->principal = NULL;
+        }
     }
 
     if (mask & KADM5_ATTRIBUTES)
-	 entry->attributes = kdb.attributes;
+        entry->attributes = kdb.attributes;
 
     if (mask & KADM5_KVNO)
-	 for (entry->kvno = 0, i=0; i<kdb.n_key_data; i++)
-	      if (kdb.key_data[i].key_data_kvno > entry->kvno)
-		   entry->kvno = kdb.key_data[i].key_data_kvno;
+        for (entry->kvno = 0, i=0; i<kdb.n_key_data; i++)
+            if (kdb.key_data[i].key_data_kvno > entry->kvno)
+                entry->kvno = kdb.key_data[i].key_data_kvno;
 
     ret = krb5_dbe_lookup_mkvno(handle->context, &kdb, &entry->mkvno);
     if (ret)
-	goto done;
+        goto done;
 
     if (mask & KADM5_MAX_RLIFE)
-	entry->max_renewable_life = kdb.max_renewable_life;
+        entry->max_renewable_life = kdb.max_renewable_life;
     if (mask & KADM5_LAST_SUCCESS)
-	entry->last_success = kdb.last_success;
+        entry->last_success = kdb.last_success;
     if (mask & KADM5_LAST_FAILED)
-	entry->last_failed = kdb.last_failed;
+        entry->last_failed = kdb.last_failed;
     if (mask & KADM5_FAIL_AUTH_COUNT)
-	entry->fail_auth_count = kdb.fail_auth_count;
+        entry->fail_auth_count = kdb.fail_auth_count;
     if (mask & KADM5_TL_DATA) {
-	krb5_tl_data *tl, *tl2;
-
-	entry->tl_data = NULL;
-
-	tl = kdb.tl_data;
-	while (tl) {
-	    if (tl->tl_data_type > 255) {
-		if ((tl2 = dup_tl_data(tl)) == NULL) {
-		    ret = ENOMEM;
-		    goto done;
-		}
-		tl2->tl_data_next = entry->tl_data;
-		entry->tl_data = tl2;
-		entry->n_tl_data++;
-	    }
-
-	    tl = tl->tl_data_next;
-	}
+        krb5_tl_data *tl, *tl2;
+
+        entry->tl_data = NULL;
+
+        tl = kdb.tl_data;
+        while (tl) {
+            if (tl->tl_data_type > 255) {
+                if ((tl2 = dup_tl_data(tl)) == NULL) {
+                    ret = ENOMEM;
+                    goto done;
+                }
+                tl2->tl_data_next = entry->tl_data;
+                entry->tl_data = tl2;
+                entry->n_tl_data++;
+            }
+
+            tl = tl->tl_data_next;
+        }
     }
     if (mask & KADM5_KEY_DATA) {
-	entry->n_key_data = kdb.n_key_data;
-	if(entry->n_key_data) {
-	    entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data));
-	    if (entry->key_data == NULL) {
-		ret = ENOMEM;
-		goto done;
-	    }
-	} else
-	    entry->key_data = NULL;
-
-	for (i = 0; i < entry->n_key_data; i++)
-	    ret = krb5_copy_key_data_contents(handle->context,
-					      &kdb.key_data[i],
-					      &entry->key_data[i]);
-	if (ret)
-	    goto done;
+        entry->n_key_data = kdb.n_key_data;
+        if(entry->n_key_data) {
+            entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data));
+            if (entry->key_data == NULL) {
+                ret = ENOMEM;
+                goto done;
+            }
+        } else
+            entry->key_data = NULL;
+
+        for (i = 0; i < entry->n_key_data; i++)
+            ret = krb5_copy_key_data_contents(handle->context,
+                                              &kdb.key_data[i],
+                                              &entry->key_data[i]);
+        if (ret)
+            goto done;
     }
 
     ret = KADM5_OK;
 
 done:
     if (ret && entry->principal) {
-	 krb5_free_principal(handle->context, entry->principal);
-	 entry->principal = NULL;
+        krb5_free_principal(handle->context, entry->principal);
+        entry->principal = NULL;
     }
     kdb_free_entry(handle, &kdb, &adb);
 
@@ -916,66 +917,66 @@ done:
  *
  * Arguments:
  *
- *	context			(r) the krb5 context
- *	hist_keyblock		(r) the key that hist_key_data is
- *				encrypted in
- *	n_new_key_data		(r) length of new_key_data
- *	new_key_data		(r) keys to check against
- *				pw_hist_data, encrypted in hist_keyblock
- *	n_pw_hist_data		(r) length of pw_hist_data
- *	pw_hist_data		(r) passwords to check new_key_data against
+ *      context                 (r) the krb5 context
+ *      hist_keyblock           (r) the key that hist_key_data is
+ *                              encrypted in
+ *      n_new_key_data          (r) length of new_key_data
+ *      new_key_data            (r) keys to check against
+ *                              pw_hist_data, encrypted in hist_keyblock
+ *      n_pw_hist_data          (r) length of pw_hist_data
+ *      pw_hist_data            (r) passwords to check new_key_data against
  *
  * Effects:
  * For each new_key in new_key_data:
- * 	decrypt new_key with the master_keyblock
- * 	for each password in pw_hist_data:
- *		for each hist_key in password:
- *			decrypt hist_key with hist_keyblock
- *			compare the new_key and hist_key
+ *      decrypt new_key with the master_keyblock
+ *      for each password in pw_hist_data:
+ *              for each hist_key in password:
+ *                      decrypt hist_key with hist_keyblock
+ *                      compare the new_key and hist_key
  *
  * Returns krb5 errors, KADM5_PASS_RESUSE if a key in
  * new_key_data is the same as a key in pw_hist_data, or 0.
  */
 static kadm5_ret_t
 check_pw_reuse(krb5_context context,
-	       krb5_keyblock *mkey,
-	       krb5_keyblock *hist_keyblock,
-	       int n_new_key_data, krb5_key_data *new_key_data,
-	       unsigned int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data)
+               krb5_keyblock *mkey,
+               krb5_keyblock *hist_keyblock,
+               int n_new_key_data, krb5_key_data *new_key_data,
+               unsigned int n_pw_hist_data, osa_pw_hist_ent *pw_hist_data)
 {
     int x, y, z;
     krb5_keyblock newkey, histkey;
     krb5_error_code ret;
 
     for (x = 0; x < n_new_key_data; x++) {
-	ret = krb5_dbekd_decrypt_key_data(context,
-					  mkey,
-					  &(new_key_data[x]),
-					  &newkey, NULL);
-	if (ret)
-	    return(ret);
-	for (y = 0; y < n_pw_hist_data; y++) {
-	     for (z = 0; z < pw_hist_data[y].n_key_data; z++) {
-		 ret = krb5_dbekd_decrypt_key_data(context,
-						   hist_keyblock,
-						   &pw_hist_data[y].key_data[z],
-						   &histkey, NULL);
-		 if (ret)
-		     return(ret);
-
-		 if ((newkey.length == histkey.length) &&
-		     (newkey.enctype == histkey.enctype) &&
-		     (memcmp(newkey.contents, histkey.contents,
-			     histkey.length) == 0)) {
-		     krb5_free_keyblock_contents(context, &histkey);
-		     krb5_free_keyblock_contents(context, &newkey);
-
-		     return(KADM5_PASS_REUSE);
-		 }
-		 krb5_free_keyblock_contents(context, &histkey);
-	     }
-	}
-	krb5_free_keyblock_contents(context, &newkey);
+        ret = krb5_dbekd_decrypt_key_data(context,
+                                          mkey,
+                                          &(new_key_data[x]),
+                                          &newkey, NULL);
+        if (ret)
+            return(ret);
+        for (y = 0; y < n_pw_hist_data; y++) {
+            for (z = 0; z < pw_hist_data[y].n_key_data; z++) {
+                ret = krb5_dbekd_decrypt_key_data(context,
+                                                  hist_keyblock,
+                                                  &pw_hist_data[y].key_data[z],
+                                                  &histkey, NULL);
+                if (ret)
+                    return(ret);
+
+                if ((newkey.length == histkey.length) &&
+                    (newkey.enctype == histkey.enctype) &&
+                    (memcmp(newkey.contents, histkey.contents,
+                            histkey.length) == 0)) {
+                    krb5_free_keyblock_contents(context, &histkey);
+                    krb5_free_keyblock_contents(context, &newkey);
+
+                    return(KADM5_PASS_REUSE);
+                }
+                krb5_free_keyblock_contents(context, &histkey);
+            }
+        }
+        krb5_free_keyblock_contents(context, &newkey);
     }
 
     return(0);
@@ -989,10 +990,10 @@ check_pw_reuse(krb5_context context,
  *
  * Arguments:
  *
- *	context		(r) krb5_context to use
- *	n_key_data	(r) number of elements in key_data
- *	key_data	(r) keys to add to the history entry
- *	hist		(w) history entry to fill in
+ *      context         (r) krb5_context to use
+ *      n_key_data      (r) number of elements in key_data
+ *      key_data        (r) keys to add to the history entry
+ *      hist            (w) history entry to fill in
  *
  * Effects:
  *
@@ -1003,48 +1004,48 @@ check_pw_reuse(krb5_context context,
  */
 static
 int create_history_entry(krb5_context context, krb5_keyblock *mkey, int n_key_data,
-			 krb5_key_data *key_data, osa_pw_hist_ent *hist)
+                         krb5_key_data *key_data, osa_pw_hist_ent *hist)
 {
-     int i, ret;
-     krb5_keyblock key;
-     krb5_keysalt salt;
-
-     hist->key_data = (krb5_key_data*)malloc(n_key_data*sizeof(krb5_key_data));
-     if (hist->key_data == NULL)
-	  return ENOMEM;
-     memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data));
-
-     for (i = 0; i < n_key_data; i++) {
-	 ret = krb5_dbekd_decrypt_key_data(context,
-					   mkey,
-					   &key_data[i],
-					   &key, &salt);
-	 if (ret)
-	     return ret;
-
-	 ret = krb5_dbekd_encrypt_key_data(context, &hist_key,
-					   &key, &salt,
-					   key_data[i].key_data_kvno,
-					   &hist->key_data[i]);
-	 if (ret)
-	     return ret;
-
-	 krb5_free_keyblock_contents(context, &key);
-	 /* krb5_free_keysalt(context, &salt); */
-     }
-
-     hist->n_key_data = n_key_data;
-     return 0;
+    int i, ret;
+    krb5_keyblock key;
+    krb5_keysalt salt;
+
+    hist->key_data = (krb5_key_data*)malloc(n_key_data*sizeof(krb5_key_data));
+    if (hist->key_data == NULL)
+        return ENOMEM;
+    memset(hist->key_data, 0, n_key_data*sizeof(krb5_key_data));
+
+    for (i = 0; i < n_key_data; i++) {
+        ret = krb5_dbekd_decrypt_key_data(context,
+                                          mkey,
+                                          &key_data[i],
+                                          &key, &salt);
+        if (ret)
+            return ret;
+
+        ret = krb5_dbekd_encrypt_key_data(context, &hist_key,
+                                          &key, &salt,
+                                          key_data[i].key_data_kvno,
+                                          &hist->key_data[i]);
+        if (ret)
+            return ret;
+
+        krb5_free_keyblock_contents(context, &key);
+        /* krb5_free_keysalt(context, &salt); */
+    }
+
+    hist->n_key_data = n_key_data;
+    return 0;
 }
 
 static
 void free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
 {
-     int i;
+    int i;
 
-     for (i = 0; i < hist->n_key_data; i++)
-	  krb5_free_key_data_contents(context, &hist->key_data[i]);
-     free(hist->key_data);
+    for (i = 0; i < hist->n_key_data; i++)
+        krb5_free_key_data_contents(context, &hist->key_data[i]);
+    free(hist->key_data);
 }
 
 /*
@@ -1054,10 +1055,10 @@ void free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
  *
  * Arguments:
  *
- *	context		(r) krb5_context to use
- *	adb		(r/w) admin principal entry to add keys to
- *	pol		(r) adb's policy
- *	pw		(r) keys for the password to add to adb's key history
+ *      context         (r) krb5_context to use
+ *      adb             (r/w) admin principal entry to add keys to
+ *      pol             (r) adb's policy
+ *      pw              (r) keys for the password to add to adb's key history
  *
  * Effects:
  *
@@ -1074,111 +1075,111 @@ void free_history_entry(krb5_context context, osa_pw_hist_ent *hist)
  * adb->old_key_len).
  */
 static kadm5_ret_t add_to_history(krb5_context context,
-				  osa_princ_ent_t adb,
-				  kadm5_policy_ent_t pol,
-				  osa_pw_hist_ent *pw)
+                                  osa_princ_ent_t adb,
+                                  kadm5_policy_ent_t pol,
+                                  osa_pw_hist_ent *pw)
 {
-     osa_pw_hist_ent *histp;
-     uint32_t nhist;
-     unsigned int i, knext, nkeys;
-
-     nhist = pol->pw_history_num;
-     /* A history of 1 means just check the current password */
-     if (nhist <= 1)
-	  return 0;
-
-     nkeys = adb->old_key_len;
-     knext = adb->old_key_next;
-     /* resize the adb->old_keys array if necessary */
-     if (nkeys + 1 < nhist) {
-	  if (adb->old_keys == NULL) {
-	       adb->old_keys = (osa_pw_hist_ent *)
-		    malloc((nkeys + 1) * sizeof (osa_pw_hist_ent));
-	  } else {
-	       adb->old_keys = (osa_pw_hist_ent *)
-		    realloc(adb->old_keys,
-			    (nkeys + 1) * sizeof (osa_pw_hist_ent));
-	  }
-	  if (adb->old_keys == NULL)
-	       return(ENOMEM);
-
-	  memset(&adb->old_keys[nkeys], 0, sizeof(osa_pw_hist_ent));
-     	  nkeys = ++adb->old_key_len;
-	  /*
-	   * To avoid losing old keys, shift forward each entry after
-	   * knext.
-	   */
-	  for (i = nkeys - 1; i > knext; i--) {
-	      adb->old_keys[i] = adb->old_keys[i - 1];
-	  }
-	  memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent));
-     } else if (nkeys + 1 > nhist) {
-	 /*
-	  * The policy must have changed!  Shrink the array.
-	  * Can't simply realloc() down, since it might be wrapped.
-	  * To understand the arithmetic below, note that we are
-	  * copying into new positions 0 .. N-1 from old positions
-	  * old_key_next-N .. old_key_next-1, modulo old_key_len,
-	  * where N = pw_history_num - 1 is the length of the
-	  * shortened list.        Matt Crawford, FNAL
-	  */
-	 /*
-	  * M = adb->old_key_len, N = pol->pw_history_num - 1
-	  *
-	  * tmp[0] .. tmp[N-1] = old[(knext-N)%M] .. old[(knext-1)%M]
-	  */
-	 int j;
-	 osa_pw_hist_t tmp;
-
-	 tmp = (osa_pw_hist_ent *)
-	     malloc((nhist - 1) * sizeof (osa_pw_hist_ent));
-	 if (tmp == NULL)
-	     return ENOMEM;
-	 for (i = 0; i < nhist - 1; i++) {
-	     /*
-	      * Add nkeys once before taking remainder to avoid
-	      * negative values.
-	      */
-	     j = (i + nkeys + knext - (nhist - 1)) % nkeys;
-	     tmp[i] = adb->old_keys[j];
-	 }
-	 /* Now free the ones we don't keep (the oldest ones) */
-	 for (i = 0; i < nkeys - (nhist - 1); i++) {
-	     j = (i + nkeys + knext) % nkeys;
-	     histp = &adb->old_keys[j];
-	     for (j = 0; j < histp->n_key_data; j++) {
-		 krb5_free_key_data_contents(context, &histp->key_data[j]);
-	     }
-	     free(histp->key_data);
-	 }
-	 free(adb->old_keys);
-	 adb->old_keys = tmp;
-	 nkeys = adb->old_key_len = nhist - 1;
-	 knext = adb->old_key_next = 0;
-     }
-
-     /*
-      * If nhist decreased since the last password change, and nkeys+1
-      * is less than the previous nhist, it is possible for knext to
-      * index into unallocated space.  This condition would not be
-      * caught by the resizing code above.
-      */
-     if (knext + 1 > nkeys)
-	 knext = adb->old_key_next = 0;
-     /* free the old pw history entry if it contains data */
-     histp = &adb->old_keys[knext];
-     for (i = 0; i < histp->n_key_data; i++)
-	  krb5_free_key_data_contents(context, &histp->key_data[i]);
-     free(histp->key_data);
-
-     /* store the new entry */
-     adb->old_keys[knext] = *pw;
-
-     /* update the next pointer */
-     if (++adb->old_key_next == nhist - 1)
-	 adb->old_key_next = 0;
-
-     return(0);
+    osa_pw_hist_ent *histp;
+    uint32_t nhist;
+    unsigned int i, knext, nkeys;
+
+    nhist = pol->pw_history_num;
+    /* A history of 1 means just check the current password */
+    if (nhist <= 1)
+        return 0;
+
+    nkeys = adb->old_key_len;
+    knext = adb->old_key_next;
+    /* resize the adb->old_keys array if necessary */
+    if (nkeys + 1 < nhist) {
+        if (adb->old_keys == NULL) {
+            adb->old_keys = (osa_pw_hist_ent *)
+                malloc((nkeys + 1) * sizeof (osa_pw_hist_ent));
+        } else {
+            adb->old_keys = (osa_pw_hist_ent *)
+                realloc(adb->old_keys,
+                        (nkeys + 1) * sizeof (osa_pw_hist_ent));
+        }
+        if (adb->old_keys == NULL)
+            return(ENOMEM);
+
+        memset(&adb->old_keys[nkeys], 0, sizeof(osa_pw_hist_ent));
+        nkeys = ++adb->old_key_len;
+        /*
+         * To avoid losing old keys, shift forward each entry after
+         * knext.
+         */
+        for (i = nkeys - 1; i > knext; i--) {
+            adb->old_keys[i] = adb->old_keys[i - 1];
+        }
+        memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent));
+    } else if (nkeys + 1 > nhist) {
+        /*
+         * The policy must have changed!  Shrink the array.
+         * Can't simply realloc() down, since it might be wrapped.
+         * To understand the arithmetic below, note that we are
+         * copying into new positions 0 .. N-1 from old positions
+         * old_key_next-N .. old_key_next-1, modulo old_key_len,
+         * where N = pw_history_num - 1 is the length of the
+         * shortened list.        Matt Crawford, FNAL
+         */
+        /*
+         * M = adb->old_key_len, N = pol->pw_history_num - 1
+         *
+         * tmp[0] .. tmp[N-1] = old[(knext-N)%M] .. old[(knext-1)%M]
+         */
+        int j;
+        osa_pw_hist_t tmp;
+
+        tmp = (osa_pw_hist_ent *)
+            malloc((nhist - 1) * sizeof (osa_pw_hist_ent));
+        if (tmp == NULL)
+            return ENOMEM;
+        for (i = 0; i < nhist - 1; i++) {
+            /*
+             * Add nkeys once before taking remainder to avoid
+             * negative values.
+             */
+            j = (i + nkeys + knext - (nhist - 1)) % nkeys;
+            tmp[i] = adb->old_keys[j];
+        }
+        /* Now free the ones we don't keep (the oldest ones) */
+        for (i = 0; i < nkeys - (nhist - 1); i++) {
+            j = (i + nkeys + knext) % nkeys;
+            histp = &adb->old_keys[j];
+            for (j = 0; j < histp->n_key_data; j++) {
+                krb5_free_key_data_contents(context, &histp->key_data[j]);
+            }
+            free(histp->key_data);
+        }
+        free(adb->old_keys);
+        adb->old_keys = tmp;
+        nkeys = adb->old_key_len = nhist - 1;
+        knext = adb->old_key_next = 0;
+    }
+
+    /*
+     * If nhist decreased since the last password change, and nkeys+1
+     * is less than the previous nhist, it is possible for knext to
+     * index into unallocated space.  This condition would not be
+     * caught by the resizing code above.
+     */
+    if (knext + 1 > nkeys)
+        knext = adb->old_key_next = 0;
+    /* free the old pw history entry if it contains data */
+    histp = &adb->old_keys[knext];
+    for (i = 0; i < histp->n_key_data; i++)
+        krb5_free_key_data_contents(context, &histp->key_data[i]);
+    free(histp->key_data);
+
+    /* store the new entry */
+    adb->old_keys[knext] = *pw;
+
+    /* update the next pointer */
+    if (++adb->old_key_next == nhist - 1)
+        adb->old_key_next = 0;
+
+    return(0);
 }
 
 /* FIXME: don't use global variable for this */
@@ -1221,22 +1222,22 @@ kadm5_launch_task (krb5_context context,
 
     ret = pipe (data_pipe);
     if (ret)
-	ret = errno;
+        ret = errno;
 
     if (!ret) {
         pid_t pid = fork ();
         if (pid == -1) {
             ret = errno;
-	    close (data_pipe[0]);
-	    close (data_pipe[1]);
+            close (data_pipe[0]);
+            close (data_pipe[1]);
         } else if (pid == 0) {
             /* The child: */
 
             if (dup2 (data_pipe[0], STDIN_FILENO) == -1)
-		_exit (1);
+                _exit (1);
 
-	    close (data_pipe[0]);
-	    close (data_pipe[1]);
+            close (data_pipe[0]);
+            close (data_pipe[1]);
 
             execv (task_path, task_argv);
 
@@ -1245,21 +1246,21 @@ kadm5_launch_task (krb5_context context,
             /* The parent: */
             int status;
 
-	    ret = 0;
+            ret = 0;
 
-	    close (data_pipe[0]);
+            close (data_pipe[0]);
 
-	    /* Write out the buffer to the child, add \n */
-	    if (buffer) {
-		if (krb5_net_write (context, data_pipe[1], buffer, strlen (buffer)) < 0
-		    || krb5_net_write (context, data_pipe[1], "\n", 1) < 0)
-		{
-		    /* kill the child to make sure waitpid() won't hang later */
-		    ret = errno;
-		    kill (pid, SIGKILL);
-		}
-	    }
-	    close (data_pipe[1]);
+            /* Write out the buffer to the child, add \n */
+            if (buffer) {
+                if (krb5_net_write (context, data_pipe[1], buffer, strlen (buffer)) < 0
+                    || krb5_net_write (context, data_pipe[1], "\n", 1) < 0)
+                {
+                    /* kill the child to make sure waitpid() won't hang later */
+                    ret = errno;
+                    kill (pid, SIGKILL);
+                }
+            }
+            close (data_pipe[1]);
 
             waitpid (pid, &status, 0);
 
@@ -1267,7 +1268,7 @@ kadm5_launch_task (krb5_context context,
                 if (WIFEXITED (status)) {
                     /* child read password and exited.  Check the return value. */
                     if ((WEXITSTATUS (status) != 0) && (WEXITSTATUS (status) != 252)) {
-                       ret = KRB5KDC_ERR_POLICY; /* password change rejected */
+                        ret = KRB5KDC_ERR_POLICY; /* password change rejected */
                     }
                 } else {
                     /* child read password but crashed or was killed */
@@ -1284,27 +1285,27 @@ kadm5_launch_task (krb5_context context,
 
 kadm5_ret_t
 kadm5_chpass_principal(void *server_handle,
-			    krb5_principal principal, char *password)
+                       krb5_principal principal, char *password)
 {
     return
-	kadm5_chpass_principal_3(server_handle, principal, FALSE,
-				 0, NULL, password);
+        kadm5_chpass_principal_3(server_handle, principal, FALSE,
+                                 0, NULL, password);
 }
 
 kadm5_ret_t
 kadm5_chpass_principal_3(void *server_handle,
-			 krb5_principal principal, krb5_boolean keepold,
-			 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
-			 char *password)
+                         krb5_principal principal, krb5_boolean keepold,
+                         int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                         char *password)
 {
-    krb5_int32			now;
-    kadm5_policy_ent_rec	pol;
-    osa_princ_ent_rec		adb;
-    krb5_db_entry		kdb, kdb_save;
-    int				ret, ret2, last_pwd, hist_added;
-    int				have_pol = 0;
-    kadm5_server_handle_t	handle = server_handle;
-    osa_pw_hist_ent		hist;
+    krb5_int32                  now;
+    kadm5_policy_ent_rec        pol;
+    osa_princ_ent_rec           adb;
+    krb5_db_entry               kdb, kdb_save;
+    int                         ret, ret2, last_pwd, hist_added;
+    int                         have_pol = 0;
+    kadm5_server_handle_t       handle = server_handle;
+    osa_pw_hist_ent             hist;
     krb5_keyblock               *act_mkey;
     krb5_kvno                   act_kvno;
 
@@ -1316,112 +1317,112 @@ kadm5_chpass_principal_3(void *server_handle,
     memset(&hist, 0, sizeof(hist));
 
     if (principal == NULL || password == NULL)
-	return EINVAL;
+        return EINVAL;
     if ((krb5_principal_compare(handle->context,
-				principal, hist_princ)) == TRUE)
-	return KADM5_PROTECT_PRINCIPAL;
+                                principal, hist_princ)) == TRUE)
+        return KADM5_PROTECT_PRINCIPAL;
 
     if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-       return(ret);
+        return(ret);
 
     /* we are going to need the current keys after the new keys are set */
     if ((ret = kdb_get_entry(handle, principal, &kdb_save, NULL))) {
-	 kdb_free_entry(handle, &kdb, &adb);
-	 return(ret);
+        kdb_free_entry(handle, &kdb, &adb);
+        return(ret);
     }
 
     if ((adb.aux_attributes & KADM5_POLICY)) {
-	if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol)))
-	     goto done;
-	have_pol = 1;
+        if ((ret = kadm5_get_policy(handle->lhandle, adb.policy, &pol)))
+            goto done;
+        have_pol = 1;
     }
 
     if ((ret = passwd_check(handle, password, adb.aux_attributes &
-			    KADM5_POLICY, &pol, principal)))
-	 goto done;
+                            KADM5_POLICY, &pol, principal)))
+        goto done;
 
     ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
-				 active_mkey_list, &act_kvno, &act_mkey);
+                                 active_mkey_list, &act_kvno, &act_mkey);
     if (ret)
-	goto done;
+        goto done;
 
     ret = krb5_dbe_cpw(handle->context, act_mkey,
-		       n_ks_tuple?ks_tuple:handle->params.keysalts,
-		       n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
-		       password, 0 /* increment kvno */,
-		       keepold, &kdb);
+                       n_ks_tuple?ks_tuple:handle->params.keysalts,
+                       n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+                       password, 0 /* increment kvno */,
+                       keepold, &kdb);
     if (ret)
-	goto done;
+        goto done;
 
     ret = krb5_dbe_update_mkvno(handle->context, &kdb, act_kvno);
     if (ret)
-	 goto done;
+        goto done;
 
     kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
 
     ret = krb5_timeofday(handle->context, &now);
     if (ret)
-	 goto done;
+        goto done;
 
     if ((adb.aux_attributes & KADM5_POLICY)) {
-       /* the policy was loaded before */
+        /* the policy was loaded before */
 
-	ret = krb5_dbe_lookup_last_pwd_change(handle->context,
-					      &kdb, &last_pwd);
-	if (ret)
-	    goto done;
+        ret = krb5_dbe_lookup_last_pwd_change(handle->context,
+                                              &kdb, &last_pwd);
+        if (ret)
+            goto done;
 
 #if 0
-	 /*
-	  * The spec says this check is overridden if the caller has
-	  * modify privilege.  The admin server therefore makes this
-	  * check itself (in chpass_principal_wrapper, misc.c). A
-	  * local caller implicitly has all authorization bits.
-	  */
-	if ((now - last_pwd) < pol.pw_min_life &&
-	    !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
-	     ret = KADM5_PASS_TOOSOON;
-	     goto done;
-	}
+        /*
+         * The spec says this check is overridden if the caller has
+         * modify privilege.  The admin server therefore makes this
+         * check itself (in chpass_principal_wrapper, misc.c). A
+         * local caller implicitly has all authorization bits.
+         */
+        if ((now - last_pwd) < pol.pw_min_life &&
+            !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+            ret = KADM5_PASS_TOOSOON;
+            goto done;
+        }
 #endif
 
-	ret = create_history_entry(handle->context,
-				   act_mkey,
-				   kdb_save.n_key_data,
-				   kdb_save.key_data, &hist);
-	if (ret)
-	    goto done;
-
-	ret = check_pw_reuse(handle->context, act_mkey, &hist_key,
-			     kdb.n_key_data, kdb.key_data,
-			     1, &hist);
-	if (ret)
-	    goto done;
-
-	if (pol.pw_history_num > 1) {
-	    if (adb.admin_history_kvno != hist_kvno) {
-		ret = KADM5_BAD_HIST_KEY;
-		goto done;
-	    }
-
-	    ret = check_pw_reuse(handle->context, act_mkey, &hist_key,
-				 kdb.n_key_data, kdb.key_data,
-				 adb.old_key_len, adb.old_keys);
-	    if (ret)
-		goto done;
-
-	    ret = add_to_history(handle->context, &adb, &pol, &hist);
-	    if (ret)
-		goto done;
-	    hist_added = 1;
-       }
-
-	if (pol.pw_max_life)
-	   kdb.pw_expiration = now + pol.pw_max_life;
-	else
-	   kdb.pw_expiration = 0;
+        ret = create_history_entry(handle->context,
+                                   act_mkey,
+                                   kdb_save.n_key_data,
+                                   kdb_save.key_data, &hist);
+        if (ret)
+            goto done;
+
+        ret = check_pw_reuse(handle->context, act_mkey, &hist_key,
+                             kdb.n_key_data, kdb.key_data,
+                             1, &hist);
+        if (ret)
+            goto done;
+
+        if (pol.pw_history_num > 1) {
+            if (adb.admin_history_kvno != hist_kvno) {
+                ret = KADM5_BAD_HIST_KEY;
+                goto done;
+            }
+
+            ret = check_pw_reuse(handle->context, act_mkey, &hist_key,
+                                 kdb.n_key_data, kdb.key_data,
+                                 adb.old_key_len, adb.old_keys);
+            if (ret)
+                goto done;
+
+            ret = add_to_history(handle->context, &adb, &pol, &hist);
+            if (ret)
+                goto done;
+            hist_added = 1;
+        }
+
+        if (pol.pw_max_life)
+            kdb.pw_expiration = now + pol.pw_max_life;
+        else
+            kdb.pw_expiration = 0;
     } else {
-	kdb.pw_expiration = 0;
+        kdb.pw_expiration = 0;
     }
 
 #ifdef USE_PASSWORD_SERVER
@@ -1455,169 +1456,169 @@ kadm5_chpass_principal_3(void *server_handle,
 
     ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
     if (ret)
-	goto done;
+        goto done;
 
     /* unlock principal on this KDC */
     kdb.fail_auth_count = 0;
 
     /* key data and attributes changed, let the database provider know */
     kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES |
-	       KADM5_FAIL_AUTH_COUNT;
-	       /* | KADM5_CPW_FUNCTION */
+        KADM5_FAIL_AUTH_COUNT;
+    /* | KADM5_CPW_FUNCTION */
 
     if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-	goto done;
+        goto done;
 
     ret = KADM5_OK;
 done:
     if (!hist_added && hist.key_data)
-	 free_history_entry(handle->context, &hist);
+        free_history_entry(handle->context, &hist);
     kdb_free_entry(handle, &kdb, &adb);
     kdb_free_entry(handle, &kdb_save, NULL);
     krb5_db_free_principal(handle->context, &kdb, 1);
 
     if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol))
-	&& !ret)
-	 ret = ret2;
+        && !ret)
+        ret = ret2;
 
     return ret;
 }
 
 kadm5_ret_t
 kadm5_randkey_principal(void *server_handle,
-			krb5_principal principal,
-			krb5_keyblock **keyblocks,
-			int *n_keys)
+                        krb5_principal principal,
+                        krb5_keyblock **keyblocks,
+                        int *n_keys)
 {
     return
-	kadm5_randkey_principal_3(server_handle, principal,
-				  FALSE, 0, NULL,
-				  keyblocks, n_keys);
+        kadm5_randkey_principal_3(server_handle, principal,
+                                  FALSE, 0, NULL,
+                                  keyblocks, n_keys);
 }
 kadm5_ret_t
 kadm5_randkey_principal_3(void *server_handle,
-			krb5_principal principal,
-			krb5_boolean keepold,
-			int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
-			krb5_keyblock **keyblocks,
-			int *n_keys)
+                          krb5_principal principal,
+                          krb5_boolean keepold,
+                          int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                          krb5_keyblock **keyblocks,
+                          int *n_keys)
 {
-    krb5_db_entry		kdb;
-    osa_princ_ent_rec		adb;
-    krb5_int32			now;
-    kadm5_policy_ent_rec	pol;
-    int				ret, last_pwd, have_pol = 0;
-    kadm5_server_handle_t	handle = server_handle;
+    krb5_db_entry               kdb;
+    osa_princ_ent_rec           adb;
+    krb5_int32                  now;
+    kadm5_policy_ent_rec        pol;
+    int                         ret, last_pwd, have_pol = 0;
+    kadm5_server_handle_t       handle = server_handle;
     krb5_keyblock               *act_mkey;
 
     if (keyblocks)
-	 *keyblocks = NULL;
+        *keyblocks = NULL;
 
     CHECK_HANDLE(server_handle);
 
     krb5_clear_error_message(handle->context);
 
     if (principal == NULL)
-	return EINVAL;
+        return EINVAL;
     if (hist_princ && /* this will be NULL when initializing the databse */
-	((krb5_principal_compare(handle->context,
-				 principal, hist_princ)) == TRUE))
-	return KADM5_PROTECT_PRINCIPAL;
+        ((krb5_principal_compare(handle->context,
+                                 principal, hist_princ)) == TRUE))
+        return KADM5_PROTECT_PRINCIPAL;
 
     if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-       return(ret);
+        return(ret);
 
     ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
-				 active_mkey_list, NULL, &act_mkey);
+                                 active_mkey_list, NULL, &act_mkey);
     if (ret)
-	goto done;
+        goto done;
 
     ret = krb5_dbe_crk(handle->context, act_mkey,
-		       n_ks_tuple?ks_tuple:handle->params.keysalts,
-		       n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
-		       keepold,
-		       &kdb);
+                       n_ks_tuple?ks_tuple:handle->params.keysalts,
+                       n_ks_tuple?n_ks_tuple:handle->params.num_keysalts,
+                       keepold,
+                       &kdb);
     if (ret)
-	goto done;
+        goto done;
 
     kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
 
     ret = krb5_timeofday(handle->context, &now);
     if (ret)
-	goto done;
+        goto done;
 
     if ((adb.aux_attributes & KADM5_POLICY)) {
-	if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
-				    &pol)) != KADM5_OK)
-	   goto done;
-	have_pol = 1;
+        if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
+                                    &pol)) != KADM5_OK)
+            goto done;
+        have_pol = 1;
 
-	ret = krb5_dbe_lookup_last_pwd_change(handle->context,
-					      &kdb, &last_pwd);
-	if (ret)
-	     goto done;
+        ret = krb5_dbe_lookup_last_pwd_change(handle->context,
+                                              &kdb, &last_pwd);
+        if (ret)
+            goto done;
 
 #if 0
-	 /*
-	  * The spec says this check is overridden if the caller has
-	  * modify privilege.  The admin server therefore makes this
-	  * check itself (in chpass_principal_wrapper, misc.c).  A
-	  * local caller implicitly has all authorization bits.
-	  */
-	if((now - last_pwd) < pol.pw_min_life &&
-	   !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
-	     ret = KADM5_PASS_TOOSOON;
-	     goto done;
-	}
+        /*
+         * The spec says this check is overridden if the caller has
+         * modify privilege.  The admin server therefore makes this
+         * check itself (in chpass_principal_wrapper, misc.c).  A
+         * local caller implicitly has all authorization bits.
+         */
+        if((now - last_pwd) < pol.pw_min_life &&
+           !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+            ret = KADM5_PASS_TOOSOON;
+            goto done;
+        }
 #endif
 
-	if(pol.pw_history_num > 1) {
-	    if(adb.admin_history_kvno != hist_kvno) {
-		ret = KADM5_BAD_HIST_KEY;
-		goto done;
-	    }
-
-	    ret = check_pw_reuse(handle->context, act_mkey, &hist_key,
-				 kdb.n_key_data, kdb.key_data,
-				 adb.old_key_len, adb.old_keys);
-	    if (ret)
-		goto done;
-	}
-	if (pol.pw_max_life)
-	   kdb.pw_expiration = now + pol.pw_max_life;
-	else
-	   kdb.pw_expiration = 0;
+        if(pol.pw_history_num > 1) {
+            if(adb.admin_history_kvno != hist_kvno) {
+                ret = KADM5_BAD_HIST_KEY;
+                goto done;
+            }
+
+            ret = check_pw_reuse(handle->context, act_mkey, &hist_key,
+                                 kdb.n_key_data, kdb.key_data,
+                                 adb.old_key_len, adb.old_keys);
+            if (ret)
+                goto done;
+        }
+        if (pol.pw_max_life)
+            kdb.pw_expiration = now + pol.pw_max_life;
+        else
+            kdb.pw_expiration = 0;
     } else {
-	kdb.pw_expiration = 0;
+        kdb.pw_expiration = 0;
     }
 
     ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
     if (ret)
-	 goto done;
+        goto done;
 
     /* unlock principal on this KDC */
     kdb.fail_auth_count = 0;
 
-   if (keyblocks) {
-	ret = decrypt_key_data(handle->context, act_mkey,
-			       kdb.n_key_data, kdb.key_data,
-			       keyblocks, n_keys);
-	if (ret)
-	    goto done;
+    if (keyblocks) {
+        ret = decrypt_key_data(handle->context, act_mkey,
+                               kdb.n_key_data, kdb.key_data,
+                               keyblocks, n_keys);
+        if (ret)
+            goto done;
     }
 
     /* key data changed, let the database provider know */
     kdb.mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
-	       /* | KADM5_RANDKEY_USED */;
+    /* | KADM5_RANDKEY_USED */;
 
     if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-	goto done;
+        goto done;
 
     ret = KADM5_OK;
 done:
     kdb_free_entry(handle, &kdb, &adb);
     if (have_pol)
-	 kadm5_free_policy_ent(handle->lhandle, &pol);
+        kadm5_free_policy_ent(handle->lhandle, &pol);
 
     return ret;
 }
@@ -1631,19 +1632,19 @@ done:
  */
 kadm5_ret_t
 kadm5_setv4key_principal(void *server_handle,
-		       krb5_principal principal,
-		       krb5_keyblock *keyblock)
+                         krb5_principal principal,
+                         krb5_keyblock *keyblock)
 {
-    krb5_db_entry		kdb;
-    osa_princ_ent_rec		adb;
-    krb5_int32			now;
-    kadm5_policy_ent_rec	pol;
-    krb5_keysalt		keysalt;
-    int				i, k, kvno, ret, have_pol = 0;
+    krb5_db_entry               kdb;
+    osa_princ_ent_rec           adb;
+    krb5_int32                  now;
+    kadm5_policy_ent_rec        pol;
+    krb5_keysalt                keysalt;
+    int                         i, k, kvno, ret, have_pol = 0;
 #if 0
     int                         last_pwd;
 #endif
-    kadm5_server_handle_t	handle = server_handle;
+    kadm5_server_handle_t       handle = server_handle;
     krb5_key_data               tmp_key_data;
     krb5_keyblock               *act_mkey;
 
@@ -1654,28 +1655,28 @@ kadm5_setv4key_principal(void *server_handle,
     krb5_clear_error_message(handle->context);
 
     if (principal == NULL || keyblock == NULL)
-	return EINVAL;
+        return EINVAL;
     if (hist_princ && /* this will be NULL when initializing the databse */
-	((krb5_principal_compare(handle->context,
-				 principal, hist_princ)) == TRUE))
-	return KADM5_PROTECT_PRINCIPAL;
+        ((krb5_principal_compare(handle->context,
+                                 principal, hist_princ)) == TRUE))
+        return KADM5_PROTECT_PRINCIPAL;
 
     if (keyblock->enctype != ENCTYPE_DES_CBC_CRC)
-	return KADM5_SETV4KEY_INVAL_ENCTYPE;
+        return KADM5_SETV4KEY_INVAL_ENCTYPE;
 
     if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-       return(ret);
+        return(ret);
 
     for (kvno = 0, i=0; i<kdb.n_key_data; i++)
-	 if (kdb.key_data[i].key_data_kvno > kvno)
-	      kvno = kdb.key_data[i].key_data_kvno;
+        if (kdb.key_data[i].key_data_kvno > kvno)
+            kvno = kdb.key_data[i].key_data_kvno;
 
     if (kdb.key_data != NULL)
-	 cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
+        cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
 
     kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data));
     if (kdb.key_data == NULL)
-	 return ENOMEM;
+        return ENOMEM;
     memset(kdb.key_data, 0, sizeof(krb5_key_data));
     kdb.n_key_data = 1;
     keysalt.type = KRB5_KDB_SALTTYPE_V4;
@@ -1684,36 +1685,36 @@ kadm5_setv4key_principal(void *server_handle,
     keysalt.data.data = NULL;
 
     ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
-				 active_mkey_list, NULL, &act_mkey);
+                                 active_mkey_list, NULL, &act_mkey);
     if (ret)
-	goto done;
+        goto done;
 
     /* use tmp_key_data as temporary location and reallocate later */
     ret = krb5_dbekd_encrypt_key_data(handle->context, act_mkey,
-				      keyblock, &keysalt, kvno + 1,
-				      &tmp_key_data);
+                                      keyblock, &keysalt, kvno + 1,
+                                      &tmp_key_data);
     if (ret) {
-	goto done;
+        goto done;
     }
 
     for (k = 0; k < tmp_key_data.key_data_ver; k++) {
-	kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k];
-	kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k];
-	if (tmp_key_data.key_data_contents[k]) {
-	    kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
-	    if (kdb.key_data->key_data_contents[k] == NULL) {
-		cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
-		kdb.key_data = NULL;
-		kdb.n_key_data = 0;
-		ret = ENOMEM;
-		goto done;
-	    }
-	    memcpy (kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
-
-	    memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
-	    free (tmp_key_data.key_data_contents[k]);
-	    tmp_key_data.key_data_contents[k] = NULL;
-	}
+        kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k];
+        kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k];
+        if (tmp_key_data.key_data_contents[k]) {
+            kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
+            if (kdb.key_data->key_data_contents[k] == NULL) {
+                cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
+                kdb.key_data = NULL;
+                kdb.n_key_data = 0;
+                ret = ENOMEM;
+                goto done;
+            }
+            memcpy (kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+
+            memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
+            free (tmp_key_data.key_data_contents[k]);
+            tmp_key_data.key_data_contents[k] = NULL;
+        }
     }
 
 
@@ -1722,115 +1723,115 @@ kadm5_setv4key_principal(void *server_handle,
 
     ret = krb5_timeofday(handle->context, &now);
     if (ret)
-	goto done;
+        goto done;
 
     if ((adb.aux_attributes & KADM5_POLICY)) {
-	if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
-				    &pol)) != KADM5_OK)
-	   goto done;
-	have_pol = 1;
+        if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
+                                    &pol)) != KADM5_OK)
+            goto done;
+        have_pol = 1;
 
 #if 0
-	/*
-	  * The spec says this check is overridden if the caller has
-	  * modify privilege.  The admin server therefore makes this
-	  * check itself (in chpass_principal_wrapper, misc.c).  A
-	  * local caller implicitly has all authorization bits.
-	  */
-	if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
-						  &kdb, &last_pwd))
-	     goto done;
-	if((now - last_pwd) < pol.pw_min_life &&
-	   !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
-	     ret = KADM5_PASS_TOOSOON;
-	     goto done;
-	}
+        /*
+         * The spec says this check is overridden if the caller has
+         * modify privilege.  The admin server therefore makes this
+         * check itself (in chpass_principal_wrapper, misc.c).  A
+         * local caller implicitly has all authorization bits.
+         */
+        if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
+                                                  &kdb, &last_pwd))
+            goto done;
+        if((now - last_pwd) < pol.pw_min_life &&
+           !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+            ret = KADM5_PASS_TOOSOON;
+            goto done;
+        }
 #endif
 #if 0
-	/*
-	 * Should we be checking/updating pw history here?
-	 */
-	if(pol.pw_history_num > 1) {
-	    if(adb.admin_history_kvno != hist_kvno) {
-		ret = KADM5_BAD_HIST_KEY;
-		goto done;
-	    }
-
-	    if (ret = check_pw_reuse(handle->context,
-				     &hist_key,
-				     kdb.n_key_data, kdb.key_data,
-				     adb.old_key_len, adb.old_keys))
-		goto done;
-	}
+        /*
+         * Should we be checking/updating pw history here?
+         */
+        if(pol.pw_history_num > 1) {
+            if(adb.admin_history_kvno != hist_kvno) {
+                ret = KADM5_BAD_HIST_KEY;
+                goto done;
+            }
+
+            if (ret = check_pw_reuse(handle->context,
+                                     &hist_key,
+                                     kdb.n_key_data, kdb.key_data,
+                                     adb.old_key_len, adb.old_keys))
+                goto done;
+        }
 #endif
 
-	if (pol.pw_max_life)
-	   kdb.pw_expiration = now + pol.pw_max_life;
-	else
-	   kdb.pw_expiration = 0;
+        if (pol.pw_max_life)
+            kdb.pw_expiration = now + pol.pw_max_life;
+        else
+            kdb.pw_expiration = 0;
     } else {
-	kdb.pw_expiration = 0;
+        kdb.pw_expiration = 0;
     }
 
     ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now);
     if (ret)
-	 goto done;
+        goto done;
 
     /* unlock principal on this KDC */
     kdb.fail_auth_count = 0;
 
     if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-	goto done;
+        goto done;
 
     ret = KADM5_OK;
 done:
     for (i = 0; i < tmp_key_data.key_data_ver; i++) {
-	if (tmp_key_data.key_data_contents[i]) {
-	    memset (tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
-	    free (tmp_key_data.key_data_contents[i]);
-	}
+        if (tmp_key_data.key_data_contents[i]) {
+            memset (tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
+            free (tmp_key_data.key_data_contents[i]);
+        }
     }
 
     kdb_free_entry(handle, &kdb, &adb);
     if (have_pol)
-	 kadm5_free_policy_ent(handle->lhandle, &pol);
+        kadm5_free_policy_ent(handle->lhandle, &pol);
 
     return ret;
 }
 
 kadm5_ret_t
 kadm5_setkey_principal(void *server_handle,
-		       krb5_principal principal,
-		       krb5_keyblock *keyblocks,
-		       int n_keys)
+                       krb5_principal principal,
+                       krb5_keyblock *keyblocks,
+                       int n_keys)
 {
     return
-	kadm5_setkey_principal_3(server_handle, principal,
-				 FALSE, 0, NULL,
-				 keyblocks, n_keys);
+        kadm5_setkey_principal_3(server_handle, principal,
+                                 FALSE, 0, NULL,
+                                 keyblocks, n_keys);
 }
 
 kadm5_ret_t
 kadm5_setkey_principal_3(void *server_handle,
-			 krb5_principal principal,
-			 krb5_boolean keepold,
-			 int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
-			 krb5_keyblock *keyblocks,
-			 int n_keys)
+                         krb5_principal principal,
+                         krb5_boolean keepold,
+                         int n_ks_tuple, krb5_key_salt_tuple *ks_tuple,
+                         krb5_keyblock *keyblocks,
+                         int n_keys)
 {
-    krb5_db_entry		kdb;
-    osa_princ_ent_rec		adb;
-    krb5_int32			now;
-    kadm5_policy_ent_rec	pol;
-    krb5_key_data		*old_key_data;
-    int				n_old_keys;
-    int				i, j, k, kvno, ret, have_pol = 0;
+    krb5_db_entry               kdb;
+    osa_princ_ent_rec           adb;
+    krb5_int32                  now;
+    kadm5_policy_ent_rec        pol;
+    krb5_key_data               *old_key_data;
+    int                         n_old_keys;
+    int                         i, j, k, kvno, ret, have_pol = 0;
 #if 0
     int                         last_pwd;
 #endif
-    kadm5_server_handle_t	handle = server_handle;
-    krb5_boolean		similar;
-    krb5_keysalt		keysalt;
+    kadm5_server_handle_t       handle = server_handle;
+    krb5_boolean                similar;
+    krb5_keysalt                keysalt;
     krb5_key_data         tmp_key_data;
     krb5_key_data        *tptr;
     krb5_keyblock               *act_mkey;
@@ -1840,177 +1841,177 @@ kadm5_setkey_principal_3(void *server_handle,
     krb5_clear_error_message(handle->context);
 
     if (principal == NULL || keyblocks == NULL)
-	return EINVAL;
+        return EINVAL;
     if (hist_princ && /* this will be NULL when initializing the databse */
-	((krb5_principal_compare(handle->context,
-				 principal, hist_princ)) == TRUE))
-	return KADM5_PROTECT_PRINCIPAL;
+        ((krb5_principal_compare(handle->context,
+                                 principal, hist_princ)) == TRUE))
+        return KADM5_PROTECT_PRINCIPAL;
 
     for (i = 0; i < n_keys; i++) {
-	for (j = i+1; j < n_keys; j++) {
-	    if ((ret = krb5_c_enctype_compare(handle->context,
-					      keyblocks[i].enctype,
-					      keyblocks[j].enctype,
-					      &similar)))
-		return(ret);
-	    if (similar) {
-		if (n_ks_tuple) {
-		    if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype)
-			return KADM5_SETKEY_DUP_ENCTYPES;
-		} else
-		    return KADM5_SETKEY_DUP_ENCTYPES;
-	    }
-	}
+        for (j = i+1; j < n_keys; j++) {
+            if ((ret = krb5_c_enctype_compare(handle->context,
+                                              keyblocks[i].enctype,
+                                              keyblocks[j].enctype,
+                                              &similar)))
+                return(ret);
+            if (similar) {
+                if (n_ks_tuple) {
+                    if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype)
+                        return KADM5_SETKEY_DUP_ENCTYPES;
+                } else
+                    return KADM5_SETKEY_DUP_ENCTYPES;
+            }
+        }
     }
 
     if (n_ks_tuple && n_ks_tuple != n_keys)
-	return KADM5_SETKEY3_ETYPE_MISMATCH;
+        return KADM5_SETKEY3_ETYPE_MISMATCH;
 
     if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-       return(ret);
+        return(ret);
 
     for (kvno = 0, i=0; i<kdb.n_key_data; i++)
-	 if (kdb.key_data[i].key_data_kvno > kvno)
-	      kvno = kdb.key_data[i].key_data_kvno;
+        if (kdb.key_data[i].key_data_kvno > kvno)
+            kvno = kdb.key_data[i].key_data_kvno;
 
     if (keepold) {
-	old_key_data = kdb.key_data;
-	n_old_keys = kdb.n_key_data;
+        old_key_data = kdb.key_data;
+        n_old_keys = kdb.n_key_data;
     } else {
-	if (kdb.key_data != NULL)
-	    cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
-	n_old_keys = 0;
-	old_key_data = NULL;
+        if (kdb.key_data != NULL)
+            cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
+        n_old_keys = 0;
+        old_key_data = NULL;
     }
 
     kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys)
-						 *sizeof(krb5_key_data));
+                                                 *sizeof(krb5_key_data));
     if (kdb.key_data == NULL) {
-	ret = ENOMEM;
-	goto done;
+        ret = ENOMEM;
+        goto done;
     }
 
     memset(kdb.key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data));
     kdb.n_key_data = 0;
 
     for (i = 0; i < n_keys; i++) {
-	if (n_ks_tuple) {
-	    keysalt.type = ks_tuple[i].ks_salttype;
-	    keysalt.data.length = 0;
-	    keysalt.data.data = NULL;
-	    if (ks_tuple[i].ks_enctype != keyblocks[i].enctype) {
-		ret = KADM5_SETKEY3_ETYPE_MISMATCH;
-		goto done;
-	    }
-	}
-	memset (&tmp_key_data, 0, sizeof(tmp_key_data));
-
-	ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
-	                             active_mkey_list, NULL, &act_mkey);
-	if (ret)
-	    goto done;
-
-	ret = krb5_dbekd_encrypt_key_data(handle->context,
-					  act_mkey,
-					  &keyblocks[i],
-					  n_ks_tuple ? &keysalt : NULL,
-					  kvno + 1,
-					  &tmp_key_data);
-	if (ret)
-	    goto done;
-
-	tptr = &kdb.key_data[i];
-	tptr->key_data_ver = tmp_key_data.key_data_ver;
-	tptr->key_data_kvno = tmp_key_data.key_data_kvno;
-	for (k = 0; k < tmp_key_data.key_data_ver; k++) {
-	    tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
-	    tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
-	    if (tmp_key_data.key_data_contents[k]) {
-		tptr->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
-		if (tptr->key_data_contents[k] == NULL) {
-		    int i1;
-		    for (i1 = k; i1 < tmp_key_data.key_data_ver; i1++) {
-			if (tmp_key_data.key_data_contents[i1]) {
-			    memset (tmp_key_data.key_data_contents[i1], 0, tmp_key_data.key_data_length[i1]);
-			    free (tmp_key_data.key_data_contents[i1]);
-			}
-		    }
-
-		    ret =  ENOMEM;
-		    goto done;
-		}
-		memcpy (tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
-
-		memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
-		free (tmp_key_data.key_data_contents[k]);
-		tmp_key_data.key_data_contents[k] = NULL;
-	    }
-	}
-	kdb.n_key_data++;
+        if (n_ks_tuple) {
+            keysalt.type = ks_tuple[i].ks_salttype;
+            keysalt.data.length = 0;
+            keysalt.data.data = NULL;
+            if (ks_tuple[i].ks_enctype != keyblocks[i].enctype) {
+                ret = KADM5_SETKEY3_ETYPE_MISMATCH;
+                goto done;
+            }
+        }
+        memset (&tmp_key_data, 0, sizeof(tmp_key_data));
+
+        ret = krb5_dbe_find_act_mkey(handle->context, master_keylist,
+                                     active_mkey_list, NULL, &act_mkey);
+        if (ret)
+            goto done;
+
+        ret = krb5_dbekd_encrypt_key_data(handle->context,
+                                          act_mkey,
+                                          &keyblocks[i],
+                                          n_ks_tuple ? &keysalt : NULL,
+                                          kvno + 1,
+                                          &tmp_key_data);
+        if (ret)
+            goto done;
+
+        tptr = &kdb.key_data[i];
+        tptr->key_data_ver = tmp_key_data.key_data_ver;
+        tptr->key_data_kvno = tmp_key_data.key_data_kvno;
+        for (k = 0; k < tmp_key_data.key_data_ver; k++) {
+            tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
+            tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
+            if (tmp_key_data.key_data_contents[k]) {
+                tptr->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
+                if (tptr->key_data_contents[k] == NULL) {
+                    int i1;
+                    for (i1 = k; i1 < tmp_key_data.key_data_ver; i1++) {
+                        if (tmp_key_data.key_data_contents[i1]) {
+                            memset (tmp_key_data.key_data_contents[i1], 0, tmp_key_data.key_data_length[i1]);
+                            free (tmp_key_data.key_data_contents[i1]);
+                        }
+                    }
+
+                    ret =  ENOMEM;
+                    goto done;
+                }
+                memcpy (tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+
+                memset (tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
+                free (tmp_key_data.key_data_contents[k]);
+                tmp_key_data.key_data_contents[k] = NULL;
+            }
+        }
+        kdb.n_key_data++;
     }
 
     /* copy old key data if necessary */
     for (i = 0; i < n_old_keys; i++) {
-	kdb.key_data[i+n_keys] = old_key_data[i];
-	memset(&old_key_data[i], 0, sizeof (krb5_key_data));
-	kdb.n_key_data++;
+        kdb.key_data[i+n_keys] = old_key_data[i];
+        memset(&old_key_data[i], 0, sizeof (krb5_key_data));
+        kdb.n_key_data++;
     }
 
     if (old_key_data)
-	krb5_db_free(handle->context, old_key_data);
+        krb5_db_free(handle->context, old_key_data);
 
     /* assert(kdb.n_key_data == n_keys + n_old_keys) */
     kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
 
     if ((ret = krb5_timeofday(handle->context, &now)))
-	goto done;
+        goto done;
 
     if ((adb.aux_attributes & KADM5_POLICY)) {
-	if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
-				    &pol)) != KADM5_OK)
-	   goto done;
-	have_pol = 1;
+        if ((ret = kadm5_get_policy(handle->lhandle, adb.policy,
+                                    &pol)) != KADM5_OK)
+            goto done;
+        have_pol = 1;
 
 #if 0
-	/*
-	  * The spec says this check is overridden if the caller has
-	  * modify privilege.  The admin server therefore makes this
-	  * check itself (in chpass_principal_wrapper, misc.c).  A
-	  * local caller implicitly has all authorization bits.
-	  */
-	if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
-						  &kdb, &last_pwd))
-	     goto done;
-	if((now - last_pwd) < pol.pw_min_life &&
-	   !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
-	     ret = KADM5_PASS_TOOSOON;
-	     goto done;
-	}
+        /*
+         * The spec says this check is overridden if the caller has
+         * modify privilege.  The admin server therefore makes this
+         * check itself (in chpass_principal_wrapper, misc.c).  A
+         * local caller implicitly has all authorization bits.
+         */
+        if (ret = krb5_dbe_lookup_last_pwd_change(handle->context,
+                                                  &kdb, &last_pwd))
+            goto done;
+        if((now - last_pwd) < pol.pw_min_life &&
+           !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
+            ret = KADM5_PASS_TOOSOON;
+            goto done;
+        }
 #endif
 #if 0
-	/*
-	 * Should we be checking/updating pw history here?
-	 */
-	if (pol.pw_history_num > 1) {
-	    if(adb.admin_history_kvno != hist_kvno) {
-		ret = KADM5_BAD_HIST_KEY;
-		goto done;
-	    }
-
-	    if (ret = check_pw_reuse(handle->context,
-				     &hist_key,
-				     kdb.n_key_data, kdb.key_data,
-				     adb.old_key_len, adb.old_keys))
-		goto done;
-	}
+        /*
+         * Should we be checking/updating pw history here?
+         */
+        if (pol.pw_history_num > 1) {
+            if(adb.admin_history_kvno != hist_kvno) {
+                ret = KADM5_BAD_HIST_KEY;
+                goto done;
+            }
+
+            if (ret = check_pw_reuse(handle->context,
+                                     &hist_key,
+                                     kdb.n_key_data, kdb.key_data,
+                                     adb.old_key_len, adb.old_keys))
+                goto done;
+        }
 #endif
 
-	if (pol.pw_max_life)
-	   kdb.pw_expiration = now + pol.pw_max_life;
-	else
-	   kdb.pw_expiration = 0;
+        if (pol.pw_max_life)
+            kdb.pw_expiration = now + pol.pw_max_life;
+        else
+            kdb.pw_expiration = 0;
     } else {
-	kdb.pw_expiration = 0;
+        kdb.pw_expiration = 0;
     }
 
     if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)))
@@ -2020,13 +2021,13 @@ kadm5_setkey_principal_3(void *server_handle,
     kdb.fail_auth_count = 0;
 
     if ((ret = kdb_put_entry(handle, &kdb, &adb)))
-	goto done;
+        goto done;
 
     ret = KADM5_OK;
 done:
     kdb_free_entry(handle, &kdb, &adb);
     if (have_pol)
-	 kadm5_free_policy_ent(handle->lhandle, &pol);
+        kadm5_free_policy_ent(handle->lhandle, &pol);
 
     return ret;
 }
@@ -2048,7 +2049,7 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
     krb5_keyblock               *mkey_ptr;
 
     if (keyblocks)
-         *keyblocks = NULL;
+        *keyblocks = NULL;
 
     CHECK_HANDLE(server_handle);
 
@@ -2056,10 +2057,10 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
         return EINVAL;
 
     if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-       return(ret);
+        return(ret);
 
     if (keyblocks) {
-	if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, &kdb,
+        if ((ret = krb5_dbe_find_mkey(handle->context, master_keylist, &kdb,
                                       &mkey_ptr))) {
             krb5_keylist_node *tmp_mkey_list;
             /* try refreshing master key list */
@@ -2078,11 +2079,11 @@ kadm5_get_principal_keys(void *server_handle /* IN */,
             }
         }
 
-	ret = decrypt_key_data(handle->context, mkey_ptr,
-			       kdb.n_key_data, kdb.key_data,
-			       keyblocks, n_keys);
-	if (ret)
-	    goto done;
+        ret = decrypt_key_data(handle->context, mkey_ptr,
+                               kdb.n_key_data, kdb.key_data,
+                               keyblocks, n_keys);
+        if (ret)
+            goto done;
     }
 
     ret = KADM5_OK;
@@ -2100,40 +2101,40 @@ done:
  * number of keys decrypted.
  */
 static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey,
-			    int n_key_data, krb5_key_data *key_data,
-			    krb5_keyblock **keyblocks, int *n_keys)
+                            int n_key_data, krb5_key_data *key_data,
+                            krb5_keyblock **keyblocks, int *n_keys)
 {
-     krb5_keyblock *keys;
-     int ret, i;
-
-     keys = (krb5_keyblock *) malloc(n_key_data*sizeof(krb5_keyblock));
-     if (keys == NULL)
-	  return ENOMEM;
-     memset(keys, 0, n_key_data*sizeof(krb5_keyblock));
-
-     for (i = 0; i < n_key_data; i++) {
-          ret = krb5_dbekd_decrypt_key_data(context, mkey,
-					    &key_data[i],
-					    &keys[i], NULL);
-	  if (ret) {
-	       for (; i >= 0; i--) {
-		   if (keys[i].contents) {
-		       memset (keys[i].contents, 0, keys[i].length);
-		       free( keys[i].contents );
-		   }
-	       }
-
-	       memset(keys, 0, n_key_data*sizeof(krb5_keyblock));
-	       free(keys);
-	       return ret;
-	  }
-     }
-
-     *keyblocks = keys;
-     if (n_keys)
-	  *n_keys = n_key_data;
-
-     return 0;
+    krb5_keyblock *keys;
+    int ret, i;
+
+    keys = (krb5_keyblock *) malloc(n_key_data*sizeof(krb5_keyblock));
+    if (keys == NULL)
+        return ENOMEM;
+    memset(keys, 0, n_key_data*sizeof(krb5_keyblock));
+
+    for (i = 0; i < n_key_data; i++) {
+        ret = krb5_dbekd_decrypt_key_data(context, mkey,
+                                          &key_data[i],
+                                          &keys[i], NULL);
+        if (ret) {
+            for (; i >= 0; i--) {
+                if (keys[i].contents) {
+                    memset (keys[i].contents, 0, keys[i].length);
+                    free( keys[i].contents );
+                }
+            }
+
+            memset(keys, 0, n_key_data*sizeof(krb5_keyblock));
+            free(keys);
+            return ret;
+        }
+    }
+
+    *keyblocks = keys;
+    if (n_keys)
+        *n_keys = n_key_data;
+
+    return 0;
 }
 
 /*
@@ -2143,15 +2144,15 @@ static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey,
  *
  * Arguments:
  *
- *	server_handle	(r) kadm5 handle
- *	entry		(r) principal retrieved with kadm5_get_principal
- *	ktype		(r) enctype to search for, or -1 to ignore
- *	stype		(r) salt type to search for, or -1 to ignore
- *	kvno		(r) kvno to search for, -1 for max, 0 for max
- *			only if it also matches ktype and stype
- *	keyblock	(w) keyblock to fill in
- *	keysalt		(w) keysalt to fill in, or NULL
- *	kvnop		(w) kvno to fill in, or NULL
+ *      server_handle   (r) kadm5 handle
+ *      entry           (r) principal retrieved with kadm5_get_principal
+ *      ktype           (r) enctype to search for, or -1 to ignore
+ *      stype           (r) salt type to search for, or -1 to ignore
+ *      kvno            (r) kvno to search for, -1 for max, 0 for max
+ *                      only if it also matches ktype and stype
+ *      keyblock        (w) keyblock to fill in
+ *      keysalt         (w) keysalt to fill in, or NULL
+ *      kvnop           (w) kvno to fill in, or NULL
  *
  * Effects: Searches the key_data array of entry, which must have been
  * retrived with kadm5_get_principal with the KADM5_KEY_DATA mask, to
@@ -2167,10 +2168,10 @@ static int decrypt_key_data(krb5_context context, krb5_keyblock *mkey,
  * returned.
  */
 kadm5_ret_t kadm5_decrypt_key(void *server_handle,
-			      kadm5_principal_ent_t entry, krb5_int32
-			      ktype, krb5_int32 stype, krb5_int32
-			      kvno, krb5_keyblock *keyblock,
-			      krb5_keysalt *keysalt, int *kvnop)
+                              kadm5_principal_ent_t entry, krb5_int32
+                              ktype, krb5_int32 stype, krb5_int32
+                              kvno, krb5_keyblock *keyblock,
+                              krb5_keysalt *keysalt, int *kvnop)
 {
     kadm5_server_handle_t handle = server_handle;
     krb5_db_entry dbent;
@@ -2181,14 +2182,14 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
     CHECK_HANDLE(server_handle);
 
     if (entry->n_key_data == 0 || entry->key_data == NULL)
-	 return EINVAL;
+        return EINVAL;
 
     /* find_enctype only uses these two fields */
     dbent.n_key_data = entry->n_key_data;
     dbent.key_data = entry->key_data;
     if ((ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype,
-				    stype, kvno, &key_data)))
-	 return ret;
+                                     stype, kvno, &key_data)))
+        return ret;
 
     /* find_mkey only uses this field */
     dbent.tl_data = entry->tl_data;
@@ -2211,9 +2212,9 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
     }
 
     if ((ret = krb5_dbekd_decrypt_key_data(handle->context,
-					   mkey_ptr, key_data,
-					   keyblock, keysalt)))
-	 return ret;
+                                           mkey_ptr, key_data,
+                                           keyblock, keysalt)))
+        return ret;
 
     /*
      * Coerce the enctype of the output keyblock in case we got an
@@ -2224,7 +2225,7 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
         keyblock->enctype = ktype;
 
     if (kvnop)
-	 *kvnop = key_data->key_data_kvno;
+        *kvnop = key_data->key_data_kvno;
 
     return KADM5_OK;
 }
diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c
index 51637f7de..c6fd435f7 100644
--- a/src/lib/kadm5/str_conv.c
+++ b/src/lib/kadm5/str_conv.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kadm/str_conv.c
  *
@@ -34,11 +35,11 @@
  *
  * String decoding:
  * ----------------
- * krb5_string_to_flags()	- Convert string to krb5_flags.
+ * krb5_string_to_flags()       - Convert string to krb5_flags.
  *
  * String encoding:
  * ----------------
- * krb5_flags_to_string()	- Convert krb5_flags to string.
+ * krb5_flags_to_string()       - Convert krb5_flags to string.
  */
 
 #include "k5-int.h"
@@ -49,10 +50,10 @@
  * Local data structures.
  */
 struct flags_lookup_entry {
-    krb5_flags		fl_flags;		/* Flag			*/
-    krb5_boolean	fl_sense;		/* Sense of the flag	*/
-    const char *	fl_specifier;		/* How to recognize it	*/
-    const char *	fl_output;		/* How to spit it out	*/
+    krb5_flags          fl_flags;               /* Flag                 */
+    krb5_boolean        fl_sense;               /* Sense of the flag    */
+    const char *        fl_specifier;           /* How to recognize it  */
+    const char *        fl_output;              /* How to spit it out   */
 };
 
 /*
@@ -64,82 +65,82 @@ static const char default_ksaltseps[]   = ":.";
 
 /* Keytype strings */
 /* Flags strings */
-static const char flags_pdate_in[]	= "postdateable";
-static const char flags_fwd_in[]	= "forwardable";
-static const char flags_tgtbased_in[]	= "tgt-based";
-static const char flags_renew_in[]	= "renewable";
-static const char flags_proxy_in[]	= "proxiable";
-static const char flags_dup_skey_in[]	= "dup-skey";
-static const char flags_tickets_in[]	= "allow-tickets";
-static const char flags_preauth_in[]	= "preauth";
-static const char flags_hwauth_in[]	= "hwauth";
-static const char flags_ok_as_delegate_in[]	= "ok-as-delegate";
-static const char flags_pwchange_in[]	= "pwchange";
-static const char flags_service_in[]	= "service";
-static const char flags_pwsvc_in[]	= "pwservice";
-static const char flags_md5_in[]	= "md5";
+static const char flags_pdate_in[]      = "postdateable";
+static const char flags_fwd_in[]        = "forwardable";
+static const char flags_tgtbased_in[]   = "tgt-based";
+static const char flags_renew_in[]      = "renewable";
+static const char flags_proxy_in[]      = "proxiable";
+static const char flags_dup_skey_in[]   = "dup-skey";
+static const char flags_tickets_in[]    = "allow-tickets";
+static const char flags_preauth_in[]    = "preauth";
+static const char flags_hwauth_in[]     = "hwauth";
+static const char flags_ok_as_delegate_in[]     = "ok-as-delegate";
+static const char flags_pwchange_in[]   = "pwchange";
+static const char flags_service_in[]    = "service";
+static const char flags_pwsvc_in[]      = "pwservice";
+static const char flags_md5_in[]        = "md5";
 static const char flags_ok_to_auth_as_delegate_in[] = "ok-to-auth-as-delegate";
 static const char flags_no_auth_data_required_in[] = "no-auth-data-required";
-static const char flags_pdate_out[]	= "Not Postdateable";
-static const char flags_fwd_out[]	= "Not Forwardable";
-static const char flags_tgtbased_out[]	= "No TGT-based requests";
-static const char flags_renew_out[]	= "Not renewable";
-static const char flags_proxy_out[]	= "Not proxiable";
-static const char flags_dup_skey_out[]	= "No DUP_SKEY requests";
-static const char flags_tickets_out[]	= "All Tickets Disallowed";
-static const char flags_preauth_out[]	= "Preauthentication required";
-static const char flags_hwauth_out[]	= "HW authentication required";
-static const char flags_ok_as_delegate_out[]	= "OK as Delegate";
-static const char flags_pwchange_out[]	= "Password Change required";
-static const char flags_service_out[]	= "Service Disabled";
-static const char flags_pwsvc_out[]	= "Password Changing Service";
-static const char flags_md5_out[]	= "RSA-MD5 supported";
+static const char flags_pdate_out[]     = "Not Postdateable";
+static const char flags_fwd_out[]       = "Not Forwardable";
+static const char flags_tgtbased_out[]  = "No TGT-based requests";
+static const char flags_renew_out[]     = "Not renewable";
+static const char flags_proxy_out[]     = "Not proxiable";
+static const char flags_dup_skey_out[]  = "No DUP_SKEY requests";
+static const char flags_tickets_out[]   = "All Tickets Disallowed";
+static const char flags_preauth_out[]   = "Preauthentication required";
+static const char flags_hwauth_out[]    = "HW authentication required";
+static const char flags_ok_as_delegate_out[]    = "OK as Delegate";
+static const char flags_pwchange_out[]  = "Password Change required";
+static const char flags_service_out[]   = "Service Disabled";
+static const char flags_pwsvc_out[]     = "Password Changing Service";
+static const char flags_md5_out[]       = "RSA-MD5 supported";
 static const char flags_ok_to_auth_as_delegate_out[] = "Protocol transition with delegation allowed";
 static const char flags_no_auth_data_required_out[] = "No authorization data required";
-static const char flags_default_neg[]	= "-";
-static const char flags_default_sep[]	= " ";
+static const char flags_default_neg[]   = "-";
+static const char flags_default_sep[]   = " ";
 
 /*
  * Lookup tables.
  */
 
 static const struct flags_lookup_entry flags_table[] = {
-/* flag				sense	input specifier	   output string     */
-/*----------------------------- -------	------------------ ------------------*/
-{ KRB5_KDB_DISALLOW_POSTDATED,	0,	flags_pdate_in,	   flags_pdate_out   },
-{ KRB5_KDB_DISALLOW_FORWARDABLE,0,	flags_fwd_in,	   flags_fwd_out     },
-{ KRB5_KDB_DISALLOW_TGT_BASED,	0,	flags_tgtbased_in, flags_tgtbased_out},
-{ KRB5_KDB_DISALLOW_RENEWABLE,	0,	flags_renew_in,	   flags_renew_out   },
-{ KRB5_KDB_DISALLOW_PROXIABLE,	0,	flags_proxy_in,	   flags_proxy_out   },
-{ KRB5_KDB_DISALLOW_DUP_SKEY,	0,	flags_dup_skey_in, flags_dup_skey_out},
-{ KRB5_KDB_DISALLOW_ALL_TIX,	0,	flags_tickets_in,  flags_tickets_out },
-{ KRB5_KDB_REQUIRES_PRE_AUTH,	1,	flags_preauth_in,  flags_preauth_out },
-{ KRB5_KDB_REQUIRES_HW_AUTH,	1,	flags_hwauth_in,   flags_hwauth_out  },
-{ KRB5_KDB_OK_AS_DELEGATE,	1,	flags_ok_as_delegate_in, flags_ok_as_delegate_out },
-{ KRB5_KDB_REQUIRES_PWCHANGE,	1,	flags_pwchange_in, flags_pwchange_out},
-{ KRB5_KDB_DISALLOW_SVR,	0,	flags_service_in,  flags_service_out },
-{ KRB5_KDB_PWCHANGE_SERVICE,	1,	flags_pwsvc_in,	   flags_pwsvc_out   },
-{ KRB5_KDB_SUPPORT_DESMD5,	1,	flags_md5_in,	   flags_md5_out     },
-{ KRB5_KDB_OK_TO_AUTH_AS_DELEGATE,  1,	flags_ok_to_auth_as_delegate_in, flags_ok_to_auth_as_delegate_out },
-{ KRB5_KDB_NO_AUTH_DATA_REQUIRED,   1,	flags_no_auth_data_required_in,	flags_no_auth_data_required_out }
+/* flag                         sense   input specifier    output string     */
+/*----------------------------- ------- ------------------ ------------------*/
+    { KRB5_KDB_DISALLOW_POSTDATED,  0,      flags_pdate_in,    flags_pdate_out   },
+    { KRB5_KDB_DISALLOW_FORWARDABLE,0,      flags_fwd_in,      flags_fwd_out     },
+    { KRB5_KDB_DISALLOW_TGT_BASED,  0,      flags_tgtbased_in, flags_tgtbased_out},
+    { KRB5_KDB_DISALLOW_RENEWABLE,  0,      flags_renew_in,    flags_renew_out   },
+    { KRB5_KDB_DISALLOW_PROXIABLE,  0,      flags_proxy_in,    flags_proxy_out   },
+    { KRB5_KDB_DISALLOW_DUP_SKEY,   0,      flags_dup_skey_in, flags_dup_skey_out},
+    { KRB5_KDB_DISALLOW_ALL_TIX,    0,      flags_tickets_in,  flags_tickets_out },
+    { KRB5_KDB_REQUIRES_PRE_AUTH,   1,      flags_preauth_in,  flags_preauth_out },
+    { KRB5_KDB_REQUIRES_HW_AUTH,    1,      flags_hwauth_in,   flags_hwauth_out  },
+    { KRB5_KDB_OK_AS_DELEGATE,      1,      flags_ok_as_delegate_in, flags_ok_as_delegate_out },
+    { KRB5_KDB_REQUIRES_PWCHANGE,   1,      flags_pwchange_in, flags_pwchange_out},
+    { KRB5_KDB_DISALLOW_SVR,        0,      flags_service_in,  flags_service_out },
+    { KRB5_KDB_PWCHANGE_SERVICE,    1,      flags_pwsvc_in,    flags_pwsvc_out   },
+    { KRB5_KDB_SUPPORT_DESMD5,      1,      flags_md5_in,      flags_md5_out     },
+    { KRB5_KDB_OK_TO_AUTH_AS_DELEGATE,  1,  flags_ok_to_auth_as_delegate_in, flags_ok_to_auth_as_delegate_out },
+    { KRB5_KDB_NO_AUTH_DATA_REQUIRED,   1,  flags_no_auth_data_required_in, flags_no_auth_data_required_out }
 };
 static const int flags_table_nents = sizeof(flags_table)/
-				     sizeof(flags_table[0]);
+    sizeof(flags_table[0]);
 
 
 krb5_error_code
 krb5_string_to_flags(string, positive, negative, flagsp)
-    char	* string;
-    const char	* positive;
-    const char	* negative;
-    krb5_flags	* flagsp;
+    char        * string;
+    const char  * positive;
+    const char  * negative;
+    krb5_flags  * flagsp;
 {
-    int 	i;
-    int 	found;
-    const char	*neg;
-    size_t	nsize, psize;
-    int		cpos;
-    int		sense;
+    int         i;
+    int         found;
+    const char  *neg;
+    size_t      nsize, psize;
+    int         cpos;
+    int         sense;
 
     found = 0;
     /* We need to have a way to negate it. */
@@ -151,260 +152,260 @@ krb5_string_to_flags(string, positive, negative, flagsp)
     sense = 1;
     /* First check for positive or negative sense */
     if (!strncasecmp(neg, string, nsize)) {
-	sense = 0;
-	cpos += (int) nsize;
+        sense = 0;
+        cpos += (int) nsize;
     }
     else if (psize && !strncasecmp(positive, string, psize)) {
-	cpos += (int) psize;
+        cpos += (int) psize;
     }
 
     for (i=0; i<flags_table_nents; i++) {
-	if (!strcasecmp(&string[cpos], flags_table[i].fl_specifier)) {
-	    found = 1;
-	    if (sense == (int) flags_table[i].fl_sense)
-		*flagsp |= flags_table[i].fl_flags;
-	    else
-		*flagsp &= ~flags_table[i].fl_flags;
-
-	    break;
-	}
+        if (!strcasecmp(&string[cpos], flags_table[i].fl_specifier)) {
+            found = 1;
+            if (sense == (int) flags_table[i].fl_sense)
+                *flagsp |= flags_table[i].fl_flags;
+            else
+                *flagsp &= ~flags_table[i].fl_flags;
+
+            break;
+        }
     }
     return((found) ? 0 : EINVAL);
 }
 
 krb5_error_code
 krb5_flags_to_string(flags, sep, buffer, buflen)
-    krb5_flags	flags;
-    const char	* sep;
-    char	* buffer;
-    size_t	buflen;
+    krb5_flags  flags;
+    const char  * sep;
+    char        * buffer;
+    size_t      buflen;
 {
-    int			i;
-    krb5_flags		pflags;
-    const char		*sepstring;
-    struct k5buf	buf;
+    int                 i;
+    krb5_flags          pflags;
+    const char          *sepstring;
+    struct k5buf        buf;
 
     pflags = 0;
     sepstring = (sep) ? sep : flags_default_sep;
     krb5int_buf_init_fixed(&buf, buffer, buflen);
     /* Blast through the table matching all we can */
     for (i=0; i<flags_table_nents; i++) {
-	if (flags & flags_table[i].fl_flags) {
-	    if (krb5int_buf_len(&buf) > 0)
-		krb5int_buf_add(&buf, sepstring);
-	    krb5int_buf_add(&buf, flags_table[i].fl_output);
-	    /* Keep track of what we matched */
-	    pflags |= flags_table[i].fl_flags;
-	}
+        if (flags & flags_table[i].fl_flags) {
+            if (krb5int_buf_len(&buf) > 0)
+                krb5int_buf_add(&buf, sepstring);
+            krb5int_buf_add(&buf, flags_table[i].fl_output);
+            /* Keep track of what we matched */
+            pflags |= flags_table[i].fl_flags;
+        }
     }
     if (krb5int_buf_data(&buf) == NULL)
-	return(ENOMEM);
+        return(ENOMEM);
 
     /* See if there's any leftovers */
     if (flags & ~pflags)
-	return(EINVAL);
+        return(EINVAL);
 
     return(0);
 }
 
 krb5_error_code
 krb5_input_flag_to_string(flag, buffer, buflen)
-    int		flag;
-    char	* buffer;
-    size_t	buflen;
+    int         flag;
+    char        * buffer;
+    size_t      buflen;
 {
     if(flag < 0 || flag >= flags_table_nents) return ENOENT; /* End of list */
     if(strlcpy(buffer, flags_table[flag].fl_specifier, buflen) >= buflen)
-	return ENOMEM;
+        return ENOMEM;
     return  0;
 }
 
 /*
- * krb5_keysalt_is_present()	- Determine if a key/salt pair is present
- *				  in a list of key/salt tuples.
+ * krb5_keysalt_is_present()    - Determine if a key/salt pair is present
+ *                                in a list of key/salt tuples.
  *
- *	Salttype may be negative to indicate a search for only a enctype.
+ *      Salttype may be negative to indicate a search for only a enctype.
  */
 krb5_boolean
 krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype)
-    krb5_key_salt_tuple	*ksaltlist;
-    krb5_int32		nksalts;
-    krb5_enctype	enctype;
-    krb5_int32		salttype;
+    krb5_key_salt_tuple *ksaltlist;
+    krb5_int32          nksalts;
+    krb5_enctype        enctype;
+    krb5_int32          salttype;
 {
-    krb5_boolean	foundit;
-    int			i;
+    krb5_boolean        foundit;
+    int                 i;
 
     foundit = 0;
     if (ksaltlist) {
-	for (i=0; i<nksalts; i++) {
-	    if ((ksaltlist[i].ks_enctype == enctype) &&
-		((ksaltlist[i].ks_salttype == salttype) ||
-		 (salttype < 0))) {
-		foundit = 1;
-		break;
-	    }
-	}
+        for (i=0; i<nksalts; i++) {
+            if ((ksaltlist[i].ks_enctype == enctype) &&
+                ((ksaltlist[i].ks_salttype == salttype) ||
+                 (salttype < 0))) {
+                foundit = 1;
+                break;
+            }
+        }
     }
     return(foundit);
 }
 
 /*
- * krb5_string_to_keysalts()	- Convert a string representation to a list
- *				  of key/salt tuples.
+ * krb5_string_to_keysalts()    - Convert a string representation to a list
+ *                                of key/salt tuples.
  */
 krb5_error_code
 krb5_string_to_keysalts(string, tupleseps, ksaltseps, dups, ksaltp, nksaltp)
-    char		*string;
-    const char		*tupleseps;
-    const char		*ksaltseps;
-    krb5_boolean	dups;
-    krb5_key_salt_tuple	**ksaltp;
-    krb5_int32		*nksaltp;
+    char                *string;
+    const char          *tupleseps;
+    const char          *ksaltseps;
+    krb5_boolean        dups;
+    krb5_key_salt_tuple **ksaltp;
+    krb5_int32          *nksaltp;
 {
-    krb5_error_code	kret;
-    char 		*kp, *sp, *ep;
-    char		sepchar, trailchar;
-    krb5_enctype	ktype;
-    krb5_int32		stype;
-    krb5_key_salt_tuple	*savep;
-    const char		*tseplist;
-    const char		*ksseplist;
-    const char		*septmp;
-    size_t		len;
-    
+    krb5_error_code     kret;
+    char                *kp, *sp, *ep;
+    char                sepchar, trailchar;
+    krb5_enctype        ktype;
+    krb5_int32          stype;
+    krb5_key_salt_tuple *savep;
+    const char          *tseplist;
+    const char          *ksseplist;
+    const char          *septmp;
+    size_t              len;
+
     kret = 0;
     kp = string;
     tseplist = (tupleseps) ? tupleseps : default_tupleseps;
     ksseplist = (ksaltseps) ? ksaltseps : default_ksaltseps;
     while (kp) {
-	/* Attempt to find a separator */
-	ep = (char *) NULL;
-	if (*tseplist) {
-	    septmp = tseplist;
-	    for (ep = strchr(kp, (int) *septmp);
-		 *(++septmp) && !ep;
-		 ep = strchr(kp, (int) *septmp));
-	}
-
-	if (ep) {
-	    trailchar = *ep;
-	    *ep = '\0';
-	    ep++;
-	}
-	/*
-	 * kp points to something (hopefully) of the form:
-	 *	<enctype><ksseplist><salttype>
-	 *	or
-	 *	<enctype>
-	 */
-	sp = (char *) NULL;
-	/* Attempt to find a separator */
-	septmp = ksseplist;
-	for (sp = strchr(kp, (int) *septmp);
-	     *(++septmp) && !sp;
-	     sp = strchr(kp, (int) *septmp));
-
-	if (sp) {
-	    /* Separate enctype from salttype */
-	    sepchar = *sp;
-	    *sp = '\0';
-	    sp++;
-	}
-	else
-	    stype = -1;
-
-	/*
-	 * Attempt to parse enctype and salttype.  If we parse well
-	 * then make sure that it specifies a unique key/salt combo
-	 */
-	if (!(kret = krb5_string_to_enctype(kp, &ktype)) &&
-	    (!sp || !(kret = krb5_string_to_salttype(sp, &stype))) &&
-	    (dups ||
-	     !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) {
-
-	    /* Squirrel away old keysalt array */
-	    savep = *ksaltp;
-	    len = (size_t) *nksaltp;
-
-	    /* Get new keysalt array */
-	    *ksaltp = (krb5_key_salt_tuple *) 
-		malloc((len + 1) * sizeof(krb5_key_salt_tuple));
-	    if (*ksaltp) {
-
-		/* Copy old keysalt if appropriate */
-		if (savep) {
-		    memcpy(*ksaltp, savep,
-			   len * sizeof(krb5_key_salt_tuple));
-		    free(savep);
-		}
-
-		/* Save our values */
-		(*ksaltp)[(*nksaltp)].ks_enctype = ktype;
-		(*ksaltp)[(*nksaltp)].ks_salttype = stype;
-		(*nksaltp)++;
-	    }
-	    else {
-		*ksaltp = savep;
-		break;
-	    }
-	}
-	if (kret)
-	     return kret;
-	if (sp)
-	    sp[-1] = sepchar;
-	if (ep)
-	    ep[-1] = trailchar;
-	kp = ep;
-
-	/* Skip over extra separators - like spaces */
-	if (kp && *tseplist) {
-	  septmp = tseplist;
-	  while(*septmp && *kp) {
-	    if(*septmp == *kp) {
-	      /* Increment string - reset separator list */
-	      kp++;
-	      septmp = tseplist;
-	    } else {
-	      septmp++;
-	    }
-	  }
-	  if (!*kp) kp = NULL;
-	}
+        /* Attempt to find a separator */
+        ep = (char *) NULL;
+        if (*tseplist) {
+            septmp = tseplist;
+            for (ep = strchr(kp, (int) *septmp);
+                 *(++septmp) && !ep;
+                 ep = strchr(kp, (int) *septmp));
+        }
+
+        if (ep) {
+            trailchar = *ep;
+            *ep = '\0';
+            ep++;
+        }
+        /*
+         * kp points to something (hopefully) of the form:
+         *      <enctype><ksseplist><salttype>
+         *      or
+         *      <enctype>
+         */
+        sp = (char *) NULL;
+        /* Attempt to find a separator */
+        septmp = ksseplist;
+        for (sp = strchr(kp, (int) *septmp);
+             *(++septmp) && !sp;
+             sp = strchr(kp, (int) *septmp));
+
+        if (sp) {
+            /* Separate enctype from salttype */
+            sepchar = *sp;
+            *sp = '\0';
+            sp++;
+        }
+        else
+            stype = -1;
+
+        /*
+         * Attempt to parse enctype and salttype.  If we parse well
+         * then make sure that it specifies a unique key/salt combo
+         */
+        if (!(kret = krb5_string_to_enctype(kp, &ktype)) &&
+            (!sp || !(kret = krb5_string_to_salttype(sp, &stype))) &&
+            (dups ||
+             !krb5_keysalt_is_present(*ksaltp, *nksaltp, ktype, stype))) {
+
+            /* Squirrel away old keysalt array */
+            savep = *ksaltp;
+            len = (size_t) *nksaltp;
+
+            /* Get new keysalt array */
+            *ksaltp = (krb5_key_salt_tuple *)
+                malloc((len + 1) * sizeof(krb5_key_salt_tuple));
+            if (*ksaltp) {
+
+                /* Copy old keysalt if appropriate */
+                if (savep) {
+                    memcpy(*ksaltp, savep,
+                           len * sizeof(krb5_key_salt_tuple));
+                    free(savep);
+                }
+
+                /* Save our values */
+                (*ksaltp)[(*nksaltp)].ks_enctype = ktype;
+                (*ksaltp)[(*nksaltp)].ks_salttype = stype;
+                (*nksaltp)++;
+            }
+            else {
+                *ksaltp = savep;
+                break;
+            }
+        }
+        if (kret)
+            return kret;
+        if (sp)
+            sp[-1] = sepchar;
+        if (ep)
+            ep[-1] = trailchar;
+        kp = ep;
+
+        /* Skip over extra separators - like spaces */
+        if (kp && *tseplist) {
+            septmp = tseplist;
+            while(*septmp && *kp) {
+                if(*septmp == *kp) {
+                    /* Increment string - reset separator list */
+                    kp++;
+                    septmp = tseplist;
+                } else {
+                    septmp++;
+                }
+            }
+            if (!*kp) kp = NULL;
+        }
     } /* while kp */
     return(kret);
 }
 
 /*
- * krb5_keysalt_iterate()	- Do something for each unique key/salt
- *				  combination.
+ * krb5_keysalt_iterate()       - Do something for each unique key/salt
+ *                                combination.
  *
  * If ignoresalt set, then salttype is ignored.
  */
 krb5_error_code
 krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg)
-    krb5_key_salt_tuple	*ksaltlist;
-    krb5_int32		nksalt;
-    krb5_boolean	ignoresalt;
-    krb5_error_code	(*iterator) (krb5_key_salt_tuple *, krb5_pointer);
-    krb5_pointer	arg;
+    krb5_key_salt_tuple *ksaltlist;
+    krb5_int32          nksalt;
+    krb5_boolean        ignoresalt;
+    krb5_error_code     (*iterator) (krb5_key_salt_tuple *, krb5_pointer);
+    krb5_pointer        arg;
 {
-    int			i;
-    krb5_error_code	kret;
-    krb5_key_salt_tuple	scratch;
+    int                 i;
+    krb5_error_code     kret;
+    krb5_key_salt_tuple scratch;
 
     kret = 0;
     for (i=0; i<nksalt; i++) {
-	scratch.ks_enctype = ksaltlist[i].ks_enctype;
-	scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype;
-	if (!krb5_keysalt_is_present(ksaltlist,
-				     i,
-				     scratch.ks_enctype,
-				     scratch.ks_salttype)) {
-	    kret = (*iterator)(&scratch, arg);
-	    if (kret)
-		break;
-	}
+        scratch.ks_enctype = ksaltlist[i].ks_enctype;
+        scratch.ks_salttype = (ignoresalt) ? -1 : ksaltlist[i].ks_salttype;
+        if (!krb5_keysalt_is_present(ksaltlist,
+                                     i,
+                                     scratch.ks_enctype,
+                                     scratch.ks_salttype)) {
+            kret = (*iterator)(&scratch, arg);
+            if (kret)
+                break;
+        }
     }
     return(kret);
 }
diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c
index 9aabb1a86..b12d42fa6 100644
--- a/src/lib/kadm5/unit-test/destroy-test.c
+++ b/src/lib/kadm5/unit-test/destroy-test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <kadm5/admin.h>
 #include <com_err.h>
 #include <stdio.h>
@@ -9,39 +10,38 @@
 #include <kadm5/client_internal.h>
 #include <string.h>
 
-#define	TEST_NUM    25
+#define TEST_NUM    25
 
 int main()
 {
-     kadm5_ret_t ret;
-     char   *cp;
-     int    x;
-     void *server_handle;
-     kadm5_server_handle_t handle;
-     krb5_context context;
+    kadm5_ret_t ret;
+    char   *cp;
+    int    x;
+    void *server_handle;
+    kadm5_server_handle_t handle;
+    krb5_context context;
 
-     ret = kadm5_init_krb5_context(&context);
-     if (ret != 0) {
-	 com_err("test", ret, "context init");
-	 exit(2);
-     }
-     for(x = 0; x < TEST_NUM; x++) {
-	ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0,
-			 KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
-			 &server_handle);
-	if(ret != KADM5_OK) {
-	    com_err("test", ret, "init");
-	    exit(2);
-	}
-	handle = (kadm5_server_handle_t) server_handle;
-	cp = strdup(strchr(handle->cache_name, ':') + 1);
-	kadm5_destroy(server_handle);
-	if(access(cp, F_OK) == 0) {
-	    puts("ticket cache not destroyed");
-	    exit(2);
-	}
-	free(cp);
-     }
-     exit(0);
+    ret = kadm5_init_krb5_context(&context);
+    if (ret != 0) {
+        com_err("test", ret, "context init");
+        exit(2);
+    }
+    for(x = 0; x < TEST_NUM; x++) {
+        ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0,
+                         KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
+                         &server_handle);
+        if(ret != KADM5_OK) {
+            com_err("test", ret, "init");
+            exit(2);
+        }
+        handle = (kadm5_server_handle_t) server_handle;
+        cp = strdup(strchr(handle->cache_name, ':') + 1);
+        kadm5_destroy(server_handle);
+        if(access(cp, F_OK) == 0) {
+            puts("ticket cache not destroyed");
+            exit(2);
+        }
+        free(cp);
+    }
+    exit(0);
 }
-
diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c
index 6c26e5f0d..56eac844a 100644
--- a/src/lib/kadm5/unit-test/handle-test.c
+++ b/src/lib/kadm5/unit-test/handle-test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <kadm5/admin.h>
 #include <com_err.h>
 #include <stdio.h>
@@ -11,120 +12,120 @@
 
 int main(int argc, char *argv[])
 {
-     kadm5_ret_t ret;
-     void *server_handle;
-     kadm5_server_handle_t handle;
-     kadm5_server_handle_rec orig_handle;
-     kadm5_policy_ent_rec	pol;
-     kadm5_principal_ent_t	princ;
-     krb5_keyblock	*key;
-     krb5_principal	tprinc;
-     krb5_context	context;
+    kadm5_ret_t ret;
+    void *server_handle;
+    kadm5_server_handle_t handle;
+    kadm5_server_handle_rec orig_handle;
+    kadm5_policy_ent_rec       pol;
+    kadm5_principal_ent_t      princ;
+    krb5_keyblock      *key;
+    krb5_principal     tprinc;
+    krb5_context       context;
 
 
     kadm5_init_krb5_context(&context);
-     
+
     ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
-		     KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
-		     &server_handle);
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
+                     &server_handle);
     if(ret != KADM5_OK) {
-	com_err("test", ret, "init");
-	exit(2);
+        com_err("test", ret, "init");
+        exit(2);
     }
     handle = (kadm5_server_handle_t) server_handle;
     orig_handle = *handle;
     handle->magic_number = KADM5_STRUCT_VERSION;
     krb5_parse_name(context, "testuser", &tprinc);
     ret = kadm5_get_principal(server_handle, tprinc, &princ,
-			      KADM5_PRINCIPAL_NORMAL_MASK);
+                              KADM5_PRINCIPAL_NORMAL_MASK);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "get-principal",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "get-principal",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_get_policy(server_handle, "pol1", &pol);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "get-policy",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "get-policy",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_create_principal(server_handle, princ, KADM5_PRINCIPAL, "pass");
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "create-principal",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "create-principal",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_create_policy(server_handle, &pol, KADM5_POLICY);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "create-policy",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "create-policy",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_modify_principal(server_handle, princ, KADM5_PW_EXPIRATION);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "modify-principal",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "modify-principal",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_modify_policy(server_handle, &pol, KADM5_PW_MAX_LIFE);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "modify-policy",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "modify-policy",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_delete_principal(server_handle, tprinc);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "delete-principal",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "delete-principal",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_delete_policy(server_handle, "pol1");
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "delete-policy",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "delete-policy",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_chpass_principal(server_handle, tprinc, "FooBar");
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "chpass",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "chpass",
+                error_message(ret));
+        exit(1);
     }
     ret = kadm5_randkey_principal(server_handle, tprinc, &key, NULL);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "randkey",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "randkey",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_rename_principal(server_handle, tprinc, tprinc);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "rename",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "rename",
+                error_message(ret));
+        exit(1);
     }
-    
+
     ret = kadm5_destroy(server_handle);
     if(ret != KADM5_BAD_SERVER_HANDLE) {
-	fprintf(stderr, "%s -- returned -- %s\n", "destroy",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "%s -- returned -- %s\n", "destroy",
+                error_message(ret));
+        exit(1);
     }
 
     *handle = orig_handle;
     ret = kadm5_destroy(server_handle);
     if (ret != KADM5_OK) {
-	fprintf(stderr, "valid %s -- returned -- %s\n", "destroy",
-		error_message(ret));
-	exit(1);
+        fprintf(stderr, "valid %s -- returned -- %s\n", "destroy",
+                error_message(ret));
+        exit(1);
     }
 
     exit(0);
diff --git a/src/lib/kadm5/unit-test/init-test.c b/src/lib/kadm5/unit-test/init-test.c
index cfa79374b..a7f065db5 100644
--- a/src/lib/kadm5/unit-test/init-test.c
+++ b/src/lib/kadm5/unit-test/init-test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <kadm5/admin.h>
 #include <com_err.h>
 #include <stdio.h>
@@ -7,29 +8,29 @@
 
 int main()
 {
-     kadm5_ret_t ret;
-     void *server_handle;
-     kadm5_config_params params;
-     krb5_context context;
+    kadm5_ret_t ret;
+    void *server_handle;
+    kadm5_config_params params;
+    krb5_context context;
 
-     memset(&params, 0, sizeof(params));
-     params.mask |= KADM5_CONFIG_NO_AUTH;
-     ret = kadm5_init_krb5_context(&context);
-     if (ret != 0) {
-	 com_err("init-test", ret, "while initializing krb5 context");
-	 exit(1);
-     }
-     ret = kadm5_init(context, "admin", "admin", NULL, &params,
-		      KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
-		      &server_handle);
-     if (ret == KADM5_RPC_ERROR)
-	  exit(0);
-     else if (ret != 0) {
-	  com_err("init-test", ret, "while initializing without auth");
-	  exit(1);
-     } else {
-	 fprintf(stderr, "Unexpected success while initializing without auth!\n");
-	 (void) kadm5_destroy(server_handle);
-	 exit(1);
-     }
+    memset(&params, 0, sizeof(params));
+    params.mask |= KADM5_CONFIG_NO_AUTH;
+    ret = kadm5_init_krb5_context(&context);
+    if (ret != 0) {
+        com_err("init-test", ret, "while initializing krb5 context");
+        exit(1);
+    }
+    ret = kadm5_init(context, "admin", "admin", NULL, &params,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
+                     &server_handle);
+    if (ret == KADM5_RPC_ERROR)
+        exit(0);
+    else if (ret != 0) {
+        com_err("init-test", ret, "while initializing without auth");
+        exit(1);
+    } else {
+        fprintf(stderr, "Unexpected success while initializing without auth!\n");
+        (void) kadm5_destroy(server_handle);
+        exit(1);
+    }
 }
diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c
index be1540735..bc7cfdcfa 100644
--- a/src/lib/kadm5/unit-test/iter-test.c
+++ b/src/lib/kadm5/unit-test/iter-test.c
@@ -1,51 +1,51 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <kadm5/admin.h>
 #include <string.h>
 
 int main(int argc, char **argv)
 {
-     kadm5_ret_t ret;
-     void *server_handle;
-     char **names;
-     int count, princ, i;
-     krb5_context context;
-
-     if (argc != 3) {
-	  fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]);
-	  exit(1);
-     }
-     princ = (strcmp(argv[1], "-princ") == 0);
-
-     ret = kadm5_init_krb5_context(&context);
-     if (ret != KADM5_OK) {
-	 com_err("iter-test", ret, "while initializing context");
-	 exit(1);
-     }
-     ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
-		      KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
-		      &server_handle);
-     if (ret != KADM5_OK) {
-	  com_err("iter-test", ret, "while initializing");
-	  exit(1);
-     }
-
-     if (princ)
-	  ret = kadm5_get_principals(server_handle, argv[2], &names, &count);
-     else
-	  ret = kadm5_get_policies(server_handle, argv[2], &names, &count);
-
-     if (ret != KADM5_OK) {
-	  com_err("iter-test", ret, "while retrieving list");
-	  exit(1);
-     }
-
-     for (i = 0; i < count; i++)
-	  printf("%d: %s\n", i, names[i]);
-
-     kadm5_free_name_list(server_handle, names, count);
-
-     (void) kadm5_destroy(server_handle);
-
-     return 0;
+    kadm5_ret_t ret;
+    void *server_handle;
+    char **names;
+    int count, princ, i;
+    krb5_context context;
+
+    if (argc != 3) {
+        fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]);
+        exit(1);
+    }
+    princ = (strcmp(argv[1], "-princ") == 0);
+
+    ret = kadm5_init_krb5_context(&context);
+    if (ret != KADM5_OK) {
+        com_err("iter-test", ret, "while initializing context");
+        exit(1);
+    }
+    ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
+                     &server_handle);
+    if (ret != KADM5_OK) {
+        com_err("iter-test", ret, "while initializing");
+        exit(1);
+    }
+
+    if (princ)
+        ret = kadm5_get_principals(server_handle, argv[2], &names, &count);
+    else
+        ret = kadm5_get_policies(server_handle, argv[2], &names, &count);
+
+    if (ret != KADM5_OK) {
+        com_err("iter-test", ret, "while retrieving list");
+        exit(1);
+    }
+
+    for (i = 0; i < count; i++)
+        printf("%d: %s\n", i, names[i]);
+
+    kadm5_free_name_list(server_handle, names, count);
+
+    (void) kadm5_destroy(server_handle);
+
+    return 0;
 }
-
diff --git a/src/lib/kadm5/unit-test/lock-test.c b/src/lib/kadm5/unit-test/lock-test.c
index 85049a7e7..5a0501b27 100644
--- a/src/lib/kadm5/unit-test/lock-test.c
+++ b/src/lib/kadm5/unit-test/lock-test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <krb5.h>
 #include <kadm5/admin.h>
@@ -8,99 +9,99 @@ char *whoami;
 
 static void usage()
 {
-     fprintf(stderr,
-	     "Usage: %s {shared|exclusive|permanent|release|"
-	     "get name|wait} ...\n", whoami);
-     exit(1);
+    fprintf(stderr,
+            "Usage: %s {shared|exclusive|permanent|release|"
+            "get name|wait} ...\n", whoami);
+    exit(1);
 }
 
 int main(int argc, char **argv)
 {
-     krb5_error_code ret;
-     osa_policy_ent_t entry;
-     krb5_context context;
-     kadm5_config_params params;
-     krb5_error_code kret;
+    krb5_error_code ret;
+    osa_policy_ent_t entry;
+    krb5_context context;
+    kadm5_config_params params;
+    krb5_error_code kret;
 
-     whoami = argv[0];
+    whoami = argv[0];
 
-     kret = kadm5_init_krb5_context(&context);
-     if (kret) {
-	 com_err(whoami, kret, "while initializing krb5");
-	 exit(1);
-     }
+    kret = kadm5_init_krb5_context(&context);
+    if (kret) {
+        com_err(whoami, kret, "while initializing krb5");
+        exit(1);
+    }
 
-     params.mask = 0;
-     ret = kadm5_get_config_params(context, 1, &params, &params);
-     if (ret) {
-	  com_err(whoami, ret, "while retrieving configuration parameters");
-	  exit(1);
-     }
-     if (! (params.mask & KADM5_CONFIG_ADBNAME)) {
-	  com_err(whoami, KADM5_BAD_SERVER_PARAMS,
-		  "while retrieving configuration parameters");
-	  exit(1);
-     }
+    params.mask = 0;
+    ret = kadm5_get_config_params(context, 1, &params, &params);
+    if (ret) {
+        com_err(whoami, ret, "while retrieving configuration parameters");
+        exit(1);
+    }
+    if (! (params.mask & KADM5_CONFIG_ADBNAME)) {
+        com_err(whoami, KADM5_BAD_SERVER_PARAMS,
+                "while retrieving configuration parameters");
+        exit(1);
+    }
 
-     ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW);
-     if (ret) {
-	  com_err(whoami, ret, "while opening database");
-	  exit(1);
-     }
+    ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW);
+    if (ret) {
+        com_err(whoami, ret, "while opening database");
+        exit(1);
+    }
 
-     argc--; argv++;
-     while (argc) {
-	  if (strcmp(*argv, "shared") == 0) {
-	       ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED);
-	       if (ret)
-		    com_err(whoami, ret, "while getting shared lock");
-	       else
-		    printf("shared\n");
-	  } else if (strcmp(*argv, "exclusive") == 0) {
-	       ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE );
-	       if (ret)
-		    com_err(whoami, ret, "while getting exclusive lock");
-	       else
-		    printf("exclusive\n");
-	  } else if (strcmp(*argv, "permanent") == 0) {
-	       ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE );
-	       if (ret)
-		    com_err(whoami, ret, "while getting permanent lock");
-	       else
-		    printf("permanent\n");
-	  } else if (strcmp(*argv, "release") == 0) {
-	       ret = krb5_db_unlock(context);
-	       if (ret)
-		    com_err(whoami, ret, "while releasing lock");
-	       else
-		    printf("released\n");
-	  } else if (strcmp(*argv, "get") == 0) {
-	       int cnt = 1;
-	       argc--; argv++;
-	       if (!argc) usage();
-	       if ((ret = krb5_db_get_policy(context, *argv,
-					     &entry, &cnt)) ) {
-		    com_err(whoami, ret, "while getting policy");
-	       } else {
-		    printf("retrieved\n");
-		    krb5_db_free_policy(context, entry);
-	       }
-	  } else if (strcmp(*argv, "wait") == 0) {
-	       getchar();
-	  } else {
-	       fprintf(stderr, "%s: Invalid argument \"%s\"\n",
-		       whoami, *argv);
-	       usage();
-	  }
+    argc--; argv++;
+    while (argc) {
+        if (strcmp(*argv, "shared") == 0) {
+            ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED);
+            if (ret)
+                com_err(whoami, ret, "while getting shared lock");
+            else
+                printf("shared\n");
+        } else if (strcmp(*argv, "exclusive") == 0) {
+            ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE );
+            if (ret)
+                com_err(whoami, ret, "while getting exclusive lock");
+            else
+                printf("exclusive\n");
+        } else if (strcmp(*argv, "permanent") == 0) {
+            ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE );
+            if (ret)
+                com_err(whoami, ret, "while getting permanent lock");
+            else
+                printf("permanent\n");
+        } else if (strcmp(*argv, "release") == 0) {
+            ret = krb5_db_unlock(context);
+            if (ret)
+                com_err(whoami, ret, "while releasing lock");
+            else
+                printf("released\n");
+        } else if (strcmp(*argv, "get") == 0) {
+            int cnt = 1;
+            argc--; argv++;
+            if (!argc) usage();
+            if ((ret = krb5_db_get_policy(context, *argv,
+                                          &entry, &cnt)) ) {
+                com_err(whoami, ret, "while getting policy");
+            } else {
+                printf("retrieved\n");
+                krb5_db_free_policy(context, entry);
+            }
+        } else if (strcmp(*argv, "wait") == 0) {
+            getchar();
+        } else {
+            fprintf(stderr, "%s: Invalid argument \"%s\"\n",
+                    whoami, *argv);
+            usage();
+        }
 
-	  argc--; argv++;
-     }
+        argc--; argv++;
+    }
 
-     ret = krb5_db_fini(context);
-     if (ret) {
-	  com_err(whoami, ret, "while closing database");
-	  exit(1);
-     }
+    ret = krb5_db_fini(context);
+    if (ret) {
+        com_err(whoami, ret, "while closing database");
+        exit(1);
+    }
 
-     return 0;
+    return 0;
 }
diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c
index 4e6787a1b..7cf4ee8ac 100644
--- a/src/lib/kadm5/unit-test/randkey-test.c
+++ b/src/lib/kadm5/unit-test/randkey-test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <kadm5/admin.h>
 #include <com_err.h>
 #include <stdio.h>
@@ -6,37 +7,36 @@
 #include <netinet/in.h>
 #include <string.h>
 
-#define	TEST_NUM    1000
+#define TEST_NUM    1000
 
 int main()
 {
-     kadm5_ret_t ret;
-     krb5_keyblock  *keys[TEST_NUM];
-     krb5_principal tprinc;
-     krb5_keyblock  *newkey;
-     krb5_context context;
-     void *server_handle;
+    kadm5_ret_t ret;
+    krb5_keyblock  *keys[TEST_NUM];
+    krb5_principal tprinc;
+    krb5_keyblock  *newkey;
+    krb5_context context;
+    void *server_handle;
 
-     int    x, i;
+    int    x, i;
 
-     kadm5_init_krb5_context(&context);
+    kadm5_init_krb5_context(&context);
 
-     krb5_parse_name(context, "testuser", &tprinc);
-     ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
-		      KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
-		      &server_handle);
-     if(ret != KADM5_OK) {
-	com_err("test", ret, "init");
-	exit(2);
-     }
-     for(x = 0; x < TEST_NUM; x++) {
-	kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL);
-	for(i = 0; i < x; i++) {
-	    if (!memcmp(newkey->contents, keys[i]->contents, newkey->length))
-		puts("match found");
-	}
-     }
-     kadm5_destroy(server_handle);
-     exit(0);
+    krb5_parse_name(context, "testuser", &tprinc);
+    ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
+                     &server_handle);
+    if(ret != KADM5_OK) {
+        com_err("test", ret, "init");
+        exit(2);
+    }
+    for(x = 0; x < TEST_NUM; x++) {
+        kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL);
+        for(i = 0; i < x; i++) {
+            if (!memcmp(newkey->contents, keys[i]->contents, newkey->length))
+                puts("match found");
+        }
+    }
+    kadm5_destroy(server_handle);
+    exit(0);
 }
-
diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c
index 1dadfc72a..53056e434 100644
--- a/src/lib/kadm5/unit-test/setkey-test.c
+++ b/src/lib/kadm5/unit-test/setkey-test.c
@@ -1,46 +1,47 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <k5-int.h>
 #include <kadm5/admin.h>
 
-#if	HAVE_SRAND48
-#define	RAND()		lrand48()
-#define	SRAND(a)	srand48(a)
-#define	RAND_TYPE	long
-#elif	HAVE_SRAND
-#define	RAND()		rand()
-#define	SRAND(a)	srand(a)
-#define	RAND_TYPE	int
-#elif	HAVE_SRANDOM
-#define	RAND()		random()
-#define	SRAND(a)	srandom(a)
-#define	RAND_TYPE	long
-#else	/* no random */
+#if     HAVE_SRAND48
+#define RAND()          lrand48()
+#define SRAND(a)        srand48(a)
+#define RAND_TYPE       long
+#elif   HAVE_SRAND
+#define RAND()          rand()
+#define SRAND(a)        srand(a)
+#define RAND_TYPE       int
+#elif   HAVE_SRANDOM
+#define RAND()          random()
+#define SRAND(a)        srandom(a)
+#define RAND_TYPE       long
+#else   /* no random */
 need a random number generator
-#endif	/* no random */
+#endif  /* no random */
 
 krb5_keyblock test1[] = {
     {0, ENCTYPE_DES_CBC_CRC, 0, 0},
     {-1},
 };
 krb5_keyblock test2[] = {
-     {0, ENCTYPE_DES_CBC_RAW, 0, 0},
-     {-1},
+    {0, ENCTYPE_DES_CBC_RAW, 0, 0},
+    {-1},
 };
 krb5_keyblock test3[] = {
-     {0, ENCTYPE_DES_CBC_MD5, 0, 0},
-     {-1},
+    {0, ENCTYPE_DES_CBC_MD5, 0, 0},
+    {-1},
 };
 
-krb5_keyblock *tests[] = { 
-  test1, test2, test3, NULL
+krb5_keyblock *tests[] = {
+    test1, test2, test3, NULL
 };
 
 #if 0
 int keyblocks_equal(krb5_keyblock *kb1, krb5_keyblock *kb2)
 {
-  return (kb1->enctype == kb2->enctype &&
-	  kb1->length == kb2->length &&
-	  memcmp(kb1->contents, kb2->contents, kb1->length) == 0);
+    return (kb1->enctype == kb2->enctype &&
+            kb1->length == kb2->length &&
+            memcmp(kb1->contents, kb2->contents, kb1->length) == 0);
 }
 #endif
 
@@ -57,177 +58,171 @@ extern krb5_kt_ops krb5_ktf_writable_ops;
 int
 main(int argc, char **argv)
 {
-  krb5_context context;
-  krb5_keytab kt;
-  krb5_keytab_entry ktent;
-  krb5_encrypt_block eblock;
-  krb5_creds my_creds;
-  kadm5_principal_ent_rec princ_ent;
-  krb5_principal princ, server;
-  char pw[16];
-  char *whoami, *principal, *authprinc;
-  krb5_data pwdata;
-  void *handle;
-  int ret, i, test, encnum;
-
-  whoami = argv[0];
-
-  if (argc != 2 && argc != 3) {
-    fprintf(stderr, "Usage: %s principal [authuser]\n", whoami);
-    exit(1);
-  }
-  principal = argv[1];
-  authprinc = argv[2] ? argv[2] : argv[0];
-
-  /*
-   * Setup.  Initialize data structures, open keytab, open connection
-   * to kadm5 server.
-   */
-
-  memset(&context, 0, sizeof(context));
-  kadm5_init_krb5_context(&context);
-
-  ret = krb5_parse_name(context, principal, &princ);
-  if (ret) {
-    com_err(whoami, ret, "while parsing principal name %s", principal);
-    exit(1);
-  }
-    
-  if((ret = krb5_build_principal_ext(context, &server,
-				     krb5_princ_realm(kcontext, princ)->length,
-				     krb5_princ_realm(kcontext, princ)->data,
-				     tgtname.length, tgtname.data,
-				     krb5_princ_realm(kcontext, princ)->length,
-				     krb5_princ_realm(kcontext, princ)->data,
-				     0))) {
-       com_err(whoami, ret, "while building server name");
-       exit(1);
-  }
-
-  /* register the WRFILE keytab type  */
-  ret = krb5_kt_register(context, &krb5_ktf_writable_ops);
-  if (ret) {
-       com_err(whoami, ret,
-	       "while registering writable key table functions");
-       exit(1);
-  }
-
-  ret = krb5_kt_default(context, &kt);
-  if (ret) {
-       com_err(whoami, ret, "while opening keytab");
-       exit(1);
-  }
-
-  ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
-		   KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
-		   &handle);
-  if (ret) {
-    com_err(whoami, ret, "while initializing connection");
-    exit(1);
-  }
-
-  /* these pw's don't need to be secure, just different every time */
-  SRAND((RAND_TYPE)time((void *) NULL));
-  pwdata.data = pw;
-  pwdata.length = sizeof(pw);
-  
-  /*
-   * For each test:
-   *
-   * For each enctype in the test, construct a random password/key.
-   * Assign all keys to principal with kadm5_setkey_principal.  Add
-   * each key to the keytab, and acquire an initial ticket with the
-   * keytab (XXX can I specify the enctype & kvno explicitly?).  If
-   * krb5_get_in_tkt_with_keytab succeeds, then the keys were set
-   * successfully.
-   */
-  for (test = 0; tests[test] != NULL; test++) {
-       krb5_keyblock *testp = tests[test];
-       printf("+ Test %d:\n", test);
-
-       for (encnum = 0; testp[encnum].magic != -1; encnum++) {
-	    for (i = 0; i < sizeof(pw); i++)
-		 pw[i] = (RAND() % 26) + '0'; /* XXX */
-
-	    krb5_use_enctype(context, &eblock, testp[encnum].enctype);
-	    ret = krb5_string_to_key(context, &eblock, &testp[encnum],
-				     &pwdata, NULL);
-	    if (ret) {
-		 com_err(whoami, ret, "while converting string to key");
-		 exit(1);
-	    }
-       }
-       
-       /* now, encnum == # of keyblocks in testp */
-       ret = kadm5_setkey_principal(handle, princ, testp, encnum);
-       if (ret) {
-	    com_err(whoami, ret, "while setting keys");
-	    exit(1);
-       }
-
-       ret = kadm5_get_principal(handle, princ, &princ_ent, KADM5_KVNO);
-       if (ret) {
-	    com_err(whoami, ret, "while retrieving principal");
-	    exit(1);
-       }
-
-       for (encnum = 0; testp[encnum].magic != -1; encnum++) {
-	    printf("+   enctype %d\n", testp[encnum].enctype);
-		   
-	    memset(&ktent, 0, sizeof(ktent));
-	    ktent.principal = princ;
-	    ktent.key = testp[encnum];
-	    ktent.vno = princ_ent.kvno;
-
-	    ret = krb5_kt_add_entry(context, kt, &ktent);
-	    if (ret) {
-		 com_err(whoami, ret, "while adding keytab entry");
-		 exit(1);
-	    }
-
-	    memset(&my_creds, 0, sizeof(my_creds));
-	    my_creds.client = princ;
-	    my_creds.server = server;
-	    
-	    ktypes[0] = testp[encnum].enctype;
-	    ret = krb5_get_in_tkt_with_keytab(context,
-					      0 /* options */,
-					      NULL /* addrs */,
-					      ktypes,
-					      NULL /* preauth */,
-					      kt, 0,
-					      &my_creds, 0);
-	    if (ret) {
-		 com_err(whoami, ret, "while acquiring initial ticket");
-		 exit(1);
-	    }
-
-	    /* since I can't specify enctype explicitly ... */
-	    ret = krb5_kt_remove_entry(context, kt, &ktent);
-	    if (ret) {
-		 com_err(whoami, ret, "while removing keytab entry");
-		 exit(1);
-	    }
-       }
-  }
-  
-  ret = krb5_kt_close(context, kt);
-  if (ret) {
-       com_err(whoami, ret, "while closing keytab");
-       exit(1);
-  }
-
-  ret = kadm5_destroy(handle);
-  if (ret) {
-       com_err(whoami, ret, "while closing kadmin connection");
-       exit(1);
-  }
-
-  return 0;
+    krb5_context context;
+    krb5_keytab kt;
+    krb5_keytab_entry ktent;
+    krb5_encrypt_block eblock;
+    krb5_creds my_creds;
+    kadm5_principal_ent_rec princ_ent;
+    krb5_principal princ, server;
+    char pw[16];
+    char *whoami, *principal, *authprinc;
+    krb5_data pwdata;
+    void *handle;
+    int ret, i, test, encnum;
+
+    whoami = argv[0];
+
+    if (argc != 2 && argc != 3) {
+        fprintf(stderr, "Usage: %s principal [authuser]\n", whoami);
+        exit(1);
+    }
+    principal = argv[1];
+    authprinc = argv[2] ? argv[2] : argv[0];
+
+    /*
+     * Setup.  Initialize data structures, open keytab, open connection
+     * to kadm5 server.
+     */
+
+    memset(&context, 0, sizeof(context));
+    kadm5_init_krb5_context(&context);
+
+    ret = krb5_parse_name(context, principal, &princ);
+    if (ret) {
+        com_err(whoami, ret, "while parsing principal name %s", principal);
+        exit(1);
+    }
+
+    if((ret = krb5_build_principal_ext(context, &server,
+                                       krb5_princ_realm(kcontext, princ)->length,
+                                       krb5_princ_realm(kcontext, princ)->data,
+                                       tgtname.length, tgtname.data,
+                                       krb5_princ_realm(kcontext, princ)->length,
+                                       krb5_princ_realm(kcontext, princ)->data,
+                                       0))) {
+        com_err(whoami, ret, "while building server name");
+        exit(1);
+    }
+
+    /* register the WRFILE keytab type  */
+    ret = krb5_kt_register(context, &krb5_ktf_writable_ops);
+    if (ret) {
+        com_err(whoami, ret,
+                "while registering writable key table functions");
+        exit(1);
+    }
+
+    ret = krb5_kt_default(context, &kt);
+    if (ret) {
+        com_err(whoami, ret, "while opening keytab");
+        exit(1);
+    }
+
+    ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
+                     &handle);
+    if (ret) {
+        com_err(whoami, ret, "while initializing connection");
+        exit(1);
+    }
+
+    /* these pw's don't need to be secure, just different every time */
+    SRAND((RAND_TYPE)time((void *) NULL));
+    pwdata.data = pw;
+    pwdata.length = sizeof(pw);
+
+    /*
+     * For each test:
+     *
+     * For each enctype in the test, construct a random password/key.
+     * Assign all keys to principal with kadm5_setkey_principal.  Add
+     * each key to the keytab, and acquire an initial ticket with the
+     * keytab (XXX can I specify the enctype & kvno explicitly?).  If
+     * krb5_get_in_tkt_with_keytab succeeds, then the keys were set
+     * successfully.
+     */
+    for (test = 0; tests[test] != NULL; test++) {
+        krb5_keyblock *testp = tests[test];
+        printf("+ Test %d:\n", test);
+
+        for (encnum = 0; testp[encnum].magic != -1; encnum++) {
+            for (i = 0; i < sizeof(pw); i++)
+                pw[i] = (RAND() % 26) + '0'; /* XXX */
+
+            krb5_use_enctype(context, &eblock, testp[encnum].enctype);
+            ret = krb5_string_to_key(context, &eblock, &testp[encnum],
+                                     &pwdata, NULL);
+            if (ret) {
+                com_err(whoami, ret, "while converting string to key");
+                exit(1);
+            }
+        }
+
+        /* now, encnum == # of keyblocks in testp */
+        ret = kadm5_setkey_principal(handle, princ, testp, encnum);
+        if (ret) {
+            com_err(whoami, ret, "while setting keys");
+            exit(1);
+        }
+
+        ret = kadm5_get_principal(handle, princ, &princ_ent, KADM5_KVNO);
+        if (ret) {
+            com_err(whoami, ret, "while retrieving principal");
+            exit(1);
+        }
+
+        for (encnum = 0; testp[encnum].magic != -1; encnum++) {
+            printf("+   enctype %d\n", testp[encnum].enctype);
+
+            memset(&ktent, 0, sizeof(ktent));
+            ktent.principal = princ;
+            ktent.key = testp[encnum];
+            ktent.vno = princ_ent.kvno;
+
+            ret = krb5_kt_add_entry(context, kt, &ktent);
+            if (ret) {
+                com_err(whoami, ret, "while adding keytab entry");
+                exit(1);
+            }
+
+            memset(&my_creds, 0, sizeof(my_creds));
+            my_creds.client = princ;
+            my_creds.server = server;
+
+            ktypes[0] = testp[encnum].enctype;
+            ret = krb5_get_in_tkt_with_keytab(context,
+                                              0 /* options */,
+                                              NULL /* addrs */,
+                                              ktypes,
+                                              NULL /* preauth */,
+                                              kt, 0,
+                                              &my_creds, 0);
+            if (ret) {
+                com_err(whoami, ret, "while acquiring initial ticket");
+                exit(1);
+            }
+
+            /* since I can't specify enctype explicitly ... */
+            ret = krb5_kt_remove_entry(context, kt, &ktent);
+            if (ret) {
+                com_err(whoami, ret, "while removing keytab entry");
+                exit(1);
+            }
+        }
+    }
+
+    ret = krb5_kt_close(context, kt);
+    if (ret) {
+        com_err(whoami, ret, "while closing keytab");
+        exit(1);
+    }
+
+    ret = kadm5_destroy(handle);
+    if (ret) {
+        com_err(whoami, ret, "while closing kadmin connection");
+        exit(1);
+    }
+
+    return 0;
 }
-
-  
-  
-    
-    
-  
diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c
index a564c37b0..8006cf3fa 100644
--- a/src/lib/kdb/decrypt_key.c
+++ b/src/lib/kdb/decrypt_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/decrypt_key.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +23,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +48,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -63,76 +64,76 @@
  */
 
 krb5_error_code
-krb5_dbekd_def_decrypt_key_data( krb5_context 	  context,
-				 const krb5_keyblock	* mkey,
-				 const krb5_key_data	* key_data,
-				 krb5_keyblock 	* dbkey,
-				 krb5_keysalt 	* keysalt)
+krb5_dbekd_def_decrypt_key_data( krb5_context     context,
+                                 const krb5_keyblock    * mkey,
+                                 const krb5_key_data    * key_data,
+                                 krb5_keyblock  * dbkey,
+                                 krb5_keysalt   * keysalt)
 {
-    krb5_error_code 	  retval = 0;
-    krb5_int16		  tmplen;
-    krb5_octet		* ptr;
-    krb5_enc_data	  cipher;
-    krb5_data		  plain;
+    krb5_error_code       retval = 0;
+    krb5_int16            tmplen;
+    krb5_octet          * ptr;
+    krb5_enc_data         cipher;
+    krb5_data             plain;
 
     ptr = key_data->key_data_contents[0];
 
     if (ptr) {
-	krb5_kdb_decode_int16(ptr, tmplen);
-	ptr += 2;
+        krb5_kdb_decode_int16(ptr, tmplen);
+        ptr += 2;
 
-	cipher.enctype = ENCTYPE_UNKNOWN;
-	cipher.ciphertext.length = key_data->key_data_length[0]-2;
-	cipher.ciphertext.data = ptr;
-	plain.length = key_data->key_data_length[0]-2;
-	if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL)
-	    return(ENOMEM);
+        cipher.enctype = ENCTYPE_UNKNOWN;
+        cipher.ciphertext.length = key_data->key_data_length[0]-2;
+        cipher.ciphertext.data = ptr;
+        plain.length = key_data->key_data_length[0]-2;
+        if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL)
+            return(ENOMEM);
 
-	if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0,
-				     &cipher, &plain))) {
-	    free(plain.data);
-	    return retval;
-	}
+        if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0,
+                                     &cipher, &plain))) {
+            free(plain.data);
+            return retval;
+        }
 
-	/* tmplen is the true length of the key.  plain.data is the
-	   plaintext data length, but it may be padded, since the
-	   old-style etypes didn't store the real length.  I can check
-	   to make sure that there are enough bytes, but I can't do
-	   any better than that. */
+        /* tmplen is the true length of the key.  plain.data is the
+           plaintext data length, but it may be padded, since the
+           old-style etypes didn't store the real length.  I can check
+           to make sure that there are enough bytes, but I can't do
+           any better than that. */
 
-	if (tmplen > plain.length) {
-	    free(plain.data);
-	    return(KRB5_CRYPTO_INTERNAL);
-	}
+        if (tmplen > plain.length) {
+            free(plain.data);
+            return(KRB5_CRYPTO_INTERNAL);
+        }
 
-	dbkey->magic = KV5M_KEYBLOCK;
-	dbkey->enctype = key_data->key_data_type[0];
-	dbkey->length = tmplen;
-	dbkey->contents = plain.data;
+        dbkey->magic = KV5M_KEYBLOCK;
+        dbkey->enctype = key_data->key_data_type[0];
+        dbkey->length = tmplen;
+        dbkey->contents = plain.data;
     }
 
     /* Decode salt data */
     if (keysalt) {
-	if (key_data->key_data_ver == 2) {
-	    keysalt->type = key_data->key_data_type[1];
-	    if ((keysalt->data.length = key_data->key_data_length[1])) {
-		if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){
-		    if (key_data->key_data_contents[0]) {
-			free(dbkey->contents);
-			dbkey->contents = 0;
-			dbkey->length = 0;
-		    }
-		    return ENOMEM;
-		}
-		memcpy(keysalt->data.data, key_data->key_data_contents[1],
-		       (size_t) keysalt->data.length);
-	    } else
-		keysalt->data.data = (char *) NULL;
-	} else {
-	    keysalt->type = KRB5_KDB_SALTTYPE_NORMAL;
-	    keysalt->data.data = (char *) NULL;
-	    keysalt->data.length = 0;
-	}
+        if (key_data->key_data_ver == 2) {
+            keysalt->type = key_data->key_data_type[1];
+            if ((keysalt->data.length = key_data->key_data_length[1])) {
+                if (!(keysalt->data.data=(char *)malloc(keysalt->data.length))){
+                    if (key_data->key_data_contents[0]) {
+                        free(dbkey->contents);
+                        dbkey->contents = 0;
+                        dbkey->length = 0;
+                    }
+                    return ENOMEM;
+                }
+                memcpy(keysalt->data.data, key_data->key_data_contents[1],
+                       (size_t) keysalt->data.length);
+            } else
+                keysalt->data.data = (char *) NULL;
+        } else {
+            keysalt->type = KRB5_KDB_SALTTYPE_NORMAL;
+            keysalt->data.data = (char *) NULL;
+            keysalt->data.length = 0;
+        }
     }
 
     return retval;
diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c
index 0db1a029a..bbf520bf8 100644
--- a/src/lib/kdb/encrypt_key.c
+++ b/src/lib/kdb/encrypt_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/encrypt_key.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,21 +23,21 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_kdb_encrypt_key(), krb5_kdb_decrypt_key functions
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +48,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -63,37 +64,37 @@
  */
 
 krb5_error_code
-krb5_dbekd_def_encrypt_key_data( krb5_context 		  context,
-				 const krb5_keyblock	* mkey,
-				 const krb5_keyblock 	* dbkey,
-				 const krb5_keysalt	* keysalt,
-				 int			  keyver,
-				 krb5_key_data	        * key_data)
+krb5_dbekd_def_encrypt_key_data( krb5_context             context,
+                                 const krb5_keyblock    * mkey,
+                                 const krb5_keyblock    * dbkey,
+                                 const krb5_keysalt     * keysalt,
+                                 int                      keyver,
+                                 krb5_key_data          * key_data)
 {
-    krb5_error_code 		  retval;
-    krb5_octet			* ptr;
-    size_t			  len;
-    int				  i;
-    krb5_data			  plain;
-    krb5_enc_data		  cipher;
+    krb5_error_code               retval;
+    krb5_octet                  * ptr;
+    size_t                        len;
+    int                           i;
+    krb5_data                     plain;
+    krb5_enc_data                 cipher;
 
     for (i = 0; i < key_data->key_data_ver; i++)
-	if (key_data->key_data_contents[i])
-	    free(key_data->key_data_contents[i]);
+        if (key_data->key_data_contents[i])
+            free(key_data->key_data_contents[i]);
 
     key_data->key_data_ver = 1;
     key_data->key_data_kvno = keyver;
 
-    /* 
-     * The First element of the type/length/contents 
+    /*
+     * The First element of the type/length/contents
      * fields is the key type/length/contents
      */
     if ((retval = krb5_c_encrypt_length(context, mkey->enctype, dbkey->length,
-					&len)))
-	return(retval);
+                                        &len)))
+        return(retval);
 
     if ((ptr = (krb5_octet *) malloc(2 + len)) == NULL)
-	return(ENOMEM);
+        return(ENOMEM);
 
     key_data->key_data_type[0] = dbkey->enctype;
     key_data->key_data_length[0] = 2 + len;
@@ -109,27 +110,27 @@ krb5_dbekd_def_encrypt_key_data( krb5_context 		  context,
     cipher.ciphertext.data = ptr;
 
     if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0,
-				 &plain, &cipher))) {
-	free(key_data->key_data_contents[0]);
-	return retval;
+                                 &plain, &cipher))) {
+        free(key_data->key_data_contents[0]);
+        return retval;
     }
 
     /* After key comes the salt in necessary */
     if (keysalt) {
-	if (keysalt->type > 0) {
-	    key_data->key_data_ver++;
-	    key_data->key_data_type[1] = keysalt->type;
-	    if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
-		key_data->key_data_contents[1] =
-		    (krb5_octet *)malloc(keysalt->data.length);
-		if (key_data->key_data_contents[1] == NULL) {
-		    free(key_data->key_data_contents[0]);
-		    return ENOMEM;
-		}
-		memcpy(key_data->key_data_contents[1], keysalt->data.data,
-		       (size_t) keysalt->data.length);
-	    }
-	}
+        if (keysalt->type > 0) {
+            key_data->key_data_ver++;
+            key_data->key_data_type[1] = keysalt->type;
+            if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
+                key_data->key_data_contents[1] =
+                    (krb5_octet *)malloc(keysalt->data.length);
+                if (key_data->key_data_contents[1] == NULL) {
+                    free(key_data->key_data_contents[0]);
+                    return ENOMEM;
+                }
+                memcpy(key_data->key_data_contents[1], keysalt->data.data,
+                       (size_t) keysalt->data.length);
+            }
+        }
     }
 
     return retval;
diff --git a/src/lib/kdb/iprop_xdr.c b/src/lib/kdb/iprop_xdr.c
index a8b7685ff..093c05676 100644
--- a/src/lib/kdb/iprop_xdr.c
+++ b/src/lib/kdb/iprop_xdr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Please do not edit this file.
  * It was generated using rpcgen.
@@ -9,343 +10,343 @@
 bool_t
 xdr_int16_t (XDR *xdrs, int16_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_short (xdrs, objp))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_short (xdrs, objp))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_uint16_t (XDR *xdrs, uint16_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_u_short (xdrs, objp))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_u_short (xdrs, objp))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_int32_t (XDR *xdrs, int32_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_int (xdrs, objp))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_int (xdrs, objp))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_uint32_t (XDR *xdrs, uint32_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_u_int (xdrs, objp))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_u_int (xdrs, objp))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_utf8str_t (XDR *xdrs, utf8str_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_bytes (xdrs, (char **)&objp->utf8str_t_val, (u_int *) &objp->utf8str_t_len, ~0))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_bytes (xdrs, (char **)&objp->utf8str_t_val, (u_int *) &objp->utf8str_t_len, ~0))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdb_sno_t (XDR *xdrs, kdb_sno_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_uint32_t (xdrs, objp))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_uint32_t (xdrs, objp))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_time_t (XDR *xdrs, kdbe_time_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_uint32_t (xdrs, &objp->seconds))
-		 return FALSE;
-	 if (!xdr_uint32_t (xdrs, &objp->useconds))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_uint32_t (xdrs, &objp->seconds))
+        return FALSE;
+    if (!xdr_uint32_t (xdrs, &objp->useconds))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_key_t (XDR *xdrs, kdbe_key_t *objp)
 {
-	register int32_t *buf;
-
-	 if (!xdr_int32_t (xdrs, &objp->k_ver))
-		 return FALSE;
-	 if (!xdr_int32_t (xdrs, &objp->k_kvno))
-		 return FALSE;
-	 if (!xdr_array (xdrs, (char **)&objp->k_enctype.k_enctype_val, (u_int *) &objp->k_enctype.k_enctype_len, ~0,
-		sizeof (int32_t), (xdrproc_t) xdr_int32_t))
-		 return FALSE;
-	 if (!xdr_array (xdrs, (char **)&objp->k_contents.k_contents_val, (u_int *) &objp->k_contents.k_contents_len, ~0,
-		sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t))
-		 return FALSE;
-	return TRUE;
+    register int32_t *buf;
+
+    if (!xdr_int32_t (xdrs, &objp->k_ver))
+        return FALSE;
+    if (!xdr_int32_t (xdrs, &objp->k_kvno))
+        return FALSE;
+    if (!xdr_array (xdrs, (char **)&objp->k_enctype.k_enctype_val, (u_int *) &objp->k_enctype.k_enctype_len, ~0,
+                    sizeof (int32_t), (xdrproc_t) xdr_int32_t))
+        return FALSE;
+    if (!xdr_array (xdrs, (char **)&objp->k_contents.k_contents_val, (u_int *) &objp->k_contents.k_contents_len, ~0,
+                    sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_data_t (XDR *xdrs, kdbe_data_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_int32_t (xdrs, &objp->k_magic))
-		 return FALSE;
-	 if (!xdr_utf8str_t (xdrs, &objp->k_data))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_int32_t (xdrs, &objp->k_magic))
+        return FALSE;
+    if (!xdr_utf8str_t (xdrs, &objp->k_data))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_princ_t (XDR *xdrs, kdbe_princ_t *objp)
 {
-	register int32_t *buf;
-
-	 if (!xdr_utf8str_t (xdrs, &objp->k_realm))
-		 return FALSE;
-	 if (!xdr_array (xdrs, (char **)&objp->k_components.k_components_val, (u_int *) &objp->k_components.k_components_len, ~0,
-		sizeof (kdbe_data_t), (xdrproc_t) xdr_kdbe_data_t))
-		 return FALSE;
-	 if (!xdr_int32_t (xdrs, &objp->k_nametype))
-		 return FALSE;
-	return TRUE;
+    register int32_t *buf;
+
+    if (!xdr_utf8str_t (xdrs, &objp->k_realm))
+        return FALSE;
+    if (!xdr_array (xdrs, (char **)&objp->k_components.k_components_val, (u_int *) &objp->k_components.k_components_len, ~0,
+                    sizeof (kdbe_data_t), (xdrproc_t) xdr_kdbe_data_t))
+        return FALSE;
+    if (!xdr_int32_t (xdrs, &objp->k_nametype))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_tl_t (XDR *xdrs, kdbe_tl_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_int16_t (xdrs, &objp->tl_type))
-		 return FALSE;
-	 if (!xdr_bytes (xdrs, (char **)&objp->tl_data.tl_data_val, (u_int *) &objp->tl_data.tl_data_len, ~0))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_int16_t (xdrs, &objp->tl_type))
+        return FALSE;
+    if (!xdr_bytes (xdrs, (char **)&objp->tl_data.tl_data_val, (u_int *) &objp->tl_data.tl_data_len, ~0))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_pw_hist_t (XDR *xdrs, kdbe_pw_hist_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_array (xdrs, (char **)&objp->kdbe_pw_hist_t_val, (u_int *) &objp->kdbe_pw_hist_t_len, ~0,
-		sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_array (xdrs, (char **)&objp->kdbe_pw_hist_t_val, (u_int *) &objp->kdbe_pw_hist_t_len, ~0,
+                    sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_attr_type_t (XDR *xdrs, kdbe_attr_type_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_enum (xdrs, (enum_t *) objp))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_enum (xdrs, (enum_t *) objp))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_val_t (XDR *xdrs, kdbe_val_t *objp)
 {
-	register int32_t *buf;
-
-	 if (!xdr_kdbe_attr_type_t (xdrs, &objp->av_type))
-		 return FALSE;
-	switch (objp->av_type) {
-	case AT_ATTRFLAGS:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_attrflags))
-			 return FALSE;
-		break;
-	case AT_MAX_LIFE:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_life))
-			 return FALSE;
-		break;
-	case AT_MAX_RENEW_LIFE:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_renew_life))
-			 return FALSE;
-		break;
-	case AT_EXP:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_exp))
-			 return FALSE;
-		break;
-	case AT_PW_EXP:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_exp))
-			 return FALSE;
-		break;
-	case AT_LAST_SUCCESS:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_success))
-			 return FALSE;
-		break;
-	case AT_LAST_FAILED:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_failed))
-			 return FALSE;
-		break;
-	case AT_FAIL_AUTH_COUNT:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_fail_auth_count))
-			 return FALSE;
-		break;
-	case AT_PRINC:
-		 if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_princ))
-			 return FALSE;
-		break;
-	case AT_KEYDATA:
-		 if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_keydata.av_keydata_val, (u_int *) &objp->kdbe_val_t_u.av_keydata.av_keydata_len, ~0,
-			sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t))
-			 return FALSE;
-		break;
-	case AT_TL_DATA:
-		 if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_tldata.av_tldata_val, (u_int *) &objp->kdbe_val_t_u.av_tldata.av_tldata_len, ~0,
-			sizeof (kdbe_tl_t), (xdrproc_t) xdr_kdbe_tl_t))
-			 return FALSE;
-		break;
-	case AT_LEN:
-		 if (!xdr_int16_t (xdrs, &objp->kdbe_val_t_u.av_len))
-			 return FALSE;
-		break;
-	case AT_PW_LAST_CHANGE:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_last_change))
-			 return FALSE;
-		break;
-	case AT_MOD_PRINC:
-		 if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_mod_princ))
-			 return FALSE;
-		break;
-	case AT_MOD_TIME:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_mod_time))
-			 return FALSE;
-		break;
-	case AT_MOD_WHERE:
-		 if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_mod_where))
-			 return FALSE;
-		break;
-	case AT_PW_POLICY:
-		 if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_pw_policy))
-			 return FALSE;
-		break;
-	case AT_PW_POLICY_SWITCH:
-		 if (!xdr_bool (xdrs, &objp->kdbe_val_t_u.av_pw_policy_switch))
-			 return FALSE;
-		break;
-	case AT_PW_HIST_KVNO:
-		 if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_hist_kvno))
-			 return FALSE;
-		break;
-	case AT_PW_HIST:
-		 if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_val, (u_int *) &objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_len, ~0,
-			sizeof (kdbe_pw_hist_t), (xdrproc_t) xdr_kdbe_pw_hist_t))
-			 return FALSE;
-		break;
-	default:
-		 if (!xdr_bytes (xdrs, (char **)&objp->kdbe_val_t_u.av_extension.av_extension_val, (u_int *) &objp->kdbe_val_t_u.av_extension.av_extension_len, ~0))
-			 return FALSE;
-		break;
-	}
-	return TRUE;
+    register int32_t *buf;
+
+    if (!xdr_kdbe_attr_type_t (xdrs, &objp->av_type))
+        return FALSE;
+    switch (objp->av_type) {
+    case AT_ATTRFLAGS:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_attrflags))
+            return FALSE;
+        break;
+    case AT_MAX_LIFE:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_life))
+            return FALSE;
+        break;
+    case AT_MAX_RENEW_LIFE:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_max_renew_life))
+            return FALSE;
+        break;
+    case AT_EXP:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_exp))
+            return FALSE;
+        break;
+    case AT_PW_EXP:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_exp))
+            return FALSE;
+        break;
+    case AT_LAST_SUCCESS:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_success))
+            return FALSE;
+        break;
+    case AT_LAST_FAILED:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_last_failed))
+            return FALSE;
+        break;
+    case AT_FAIL_AUTH_COUNT:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_fail_auth_count))
+            return FALSE;
+        break;
+    case AT_PRINC:
+        if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_princ))
+            return FALSE;
+        break;
+    case AT_KEYDATA:
+        if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_keydata.av_keydata_val, (u_int *) &objp->kdbe_val_t_u.av_keydata.av_keydata_len, ~0,
+                        sizeof (kdbe_key_t), (xdrproc_t) xdr_kdbe_key_t))
+            return FALSE;
+        break;
+    case AT_TL_DATA:
+        if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_tldata.av_tldata_val, (u_int *) &objp->kdbe_val_t_u.av_tldata.av_tldata_len, ~0,
+                        sizeof (kdbe_tl_t), (xdrproc_t) xdr_kdbe_tl_t))
+            return FALSE;
+        break;
+    case AT_LEN:
+        if (!xdr_int16_t (xdrs, &objp->kdbe_val_t_u.av_len))
+            return FALSE;
+        break;
+    case AT_PW_LAST_CHANGE:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_last_change))
+            return FALSE;
+        break;
+    case AT_MOD_PRINC:
+        if (!xdr_kdbe_princ_t (xdrs, &objp->kdbe_val_t_u.av_mod_princ))
+            return FALSE;
+        break;
+    case AT_MOD_TIME:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_mod_time))
+            return FALSE;
+        break;
+    case AT_MOD_WHERE:
+        if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_mod_where))
+            return FALSE;
+        break;
+    case AT_PW_POLICY:
+        if (!xdr_utf8str_t (xdrs, &objp->kdbe_val_t_u.av_pw_policy))
+            return FALSE;
+        break;
+    case AT_PW_POLICY_SWITCH:
+        if (!xdr_bool (xdrs, &objp->kdbe_val_t_u.av_pw_policy_switch))
+            return FALSE;
+        break;
+    case AT_PW_HIST_KVNO:
+        if (!xdr_uint32_t (xdrs, &objp->kdbe_val_t_u.av_pw_hist_kvno))
+            return FALSE;
+        break;
+    case AT_PW_HIST:
+        if (!xdr_array (xdrs, (char **)&objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_val, (u_int *) &objp->kdbe_val_t_u.av_pw_hist.av_pw_hist_len, ~0,
+                        sizeof (kdbe_pw_hist_t), (xdrproc_t) xdr_kdbe_pw_hist_t))
+            return FALSE;
+        break;
+    default:
+        if (!xdr_bytes (xdrs, (char **)&objp->kdbe_val_t_u.av_extension.av_extension_val, (u_int *) &objp->kdbe_val_t_u.av_extension.av_extension_len, ~0))
+            return FALSE;
+        break;
+    }
+    return TRUE;
 }
 
 bool_t
 xdr_kdbe_t (XDR *xdrs, kdbe_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_array (xdrs, (char **)&objp->kdbe_t_val, (u_int *) &objp->kdbe_t_len, ~0,
-		sizeof (kdbe_val_t), (xdrproc_t) xdr_kdbe_val_t))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_array (xdrs, (char **)&objp->kdbe_t_val, (u_int *) &objp->kdbe_t_len, ~0,
+                    sizeof (kdbe_val_t), (xdrproc_t) xdr_kdbe_val_t))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdb_incr_update_t (XDR *xdrs, kdb_incr_update_t *objp)
 {
-	register int32_t *buf;
-
-	 if (!xdr_utf8str_t (xdrs, &objp->kdb_princ_name))
-		 return FALSE;
-	 if (!xdr_kdb_sno_t (xdrs, &objp->kdb_entry_sno))
-		 return FALSE;
-	 if (!xdr_kdbe_time_t (xdrs, &objp->kdb_time))
-		 return FALSE;
-	 if (!xdr_kdbe_t (xdrs, &objp->kdb_update))
-		 return FALSE;
-	 if (!xdr_bool (xdrs, &objp->kdb_deleted))
-		 return FALSE;
-	 if (!xdr_bool (xdrs, &objp->kdb_commit))
-		 return FALSE;
-	 if (!xdr_array (xdrs, (char **)&objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val, (u_int *) &objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len, ~0,
-		sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t))
-		 return FALSE;
-	 if (!xdr_bytes (xdrs, (char **)&objp->kdb_futures.kdb_futures_val, (u_int *) &objp->kdb_futures.kdb_futures_len, ~0))
-		 return FALSE;
-	return TRUE;
+    register int32_t *buf;
+
+    if (!xdr_utf8str_t (xdrs, &objp->kdb_princ_name))
+        return FALSE;
+    if (!xdr_kdb_sno_t (xdrs, &objp->kdb_entry_sno))
+        return FALSE;
+    if (!xdr_kdbe_time_t (xdrs, &objp->kdb_time))
+        return FALSE;
+    if (!xdr_kdbe_t (xdrs, &objp->kdb_update))
+        return FALSE;
+    if (!xdr_bool (xdrs, &objp->kdb_deleted))
+        return FALSE;
+    if (!xdr_bool (xdrs, &objp->kdb_commit))
+        return FALSE;
+    if (!xdr_array (xdrs, (char **)&objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val, (u_int *) &objp->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len, ~0,
+                    sizeof (utf8str_t), (xdrproc_t) xdr_utf8str_t))
+        return FALSE;
+    if (!xdr_bytes (xdrs, (char **)&objp->kdb_futures.kdb_futures_val, (u_int *) &objp->kdb_futures.kdb_futures_len, ~0))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdb_ulog_t (XDR *xdrs, kdb_ulog_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_array (xdrs, (char **)&objp->kdb_ulog_t_val, (u_int *) &objp->kdb_ulog_t_len, ~0,
-		sizeof (kdb_incr_update_t), (xdrproc_t) xdr_kdb_incr_update_t))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_array (xdrs, (char **)&objp->kdb_ulog_t_val, (u_int *) &objp->kdb_ulog_t_len, ~0,
+                    sizeof (kdb_incr_update_t), (xdrproc_t) xdr_kdb_incr_update_t))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_update_status_t (XDR *xdrs, update_status_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_enum (xdrs, (enum_t *) objp))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_enum (xdrs, (enum_t *) objp))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdb_last_t (XDR *xdrs, kdb_last_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_kdb_sno_t (xdrs, &objp->last_sno))
-		 return FALSE;
-	 if (!xdr_kdbe_time_t (xdrs, &objp->last_time))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_kdb_sno_t (xdrs, &objp->last_sno))
+        return FALSE;
+    if (!xdr_kdbe_time_t (xdrs, &objp->last_time))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdb_incr_result_t (XDR *xdrs, kdb_incr_result_t *objp)
 {
-	register int32_t *buf;
-
-	 if (!xdr_kdb_last_t (xdrs, &objp->lastentry))
-		 return FALSE;
-	 if (!xdr_kdb_ulog_t (xdrs, &objp->updates))
-		 return FALSE;
-	 if (!xdr_update_status_t (xdrs, &objp->ret))
-		 return FALSE;
-	return TRUE;
+    register int32_t *buf;
+
+    if (!xdr_kdb_last_t (xdrs, &objp->lastentry))
+        return FALSE;
+    if (!xdr_kdb_ulog_t (xdrs, &objp->updates))
+        return FALSE;
+    if (!xdr_update_status_t (xdrs, &objp->ret))
+        return FALSE;
+    return TRUE;
 }
 
 bool_t
 xdr_kdb_fullresync_result_t (XDR *xdrs, kdb_fullresync_result_t *objp)
 {
-	register int32_t *buf;
+    register int32_t *buf;
 
-	 if (!xdr_kdb_last_t (xdrs, &objp->lastentry))
-		 return FALSE;
-	 if (!xdr_update_status_t (xdrs, &objp->ret))
-		 return FALSE;
-	return TRUE;
+    if (!xdr_kdb_last_t (xdrs, &objp->lastentry))
+        return FALSE;
+    if (!xdr_update_status_t (xdrs, &objp->ret))
+        return FALSE;
+    return TRUE;
 }
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index 8aef88aaf..cd9f71697 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2006, 2009 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -6,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -32,7 +33,7 @@
  * distribution under the MIT license.
  */
 
-/* 
+/*
  * Include files
  */
 
@@ -81,7 +82,7 @@ kdb_lock_list()
     int err;
     err = CALL_INIT_FUNCTION (kdb_init_lock_list);
     if (err)
-	return err;
+        return err;
     return k5_mutex_lock(&db_lock);
 }
 
@@ -89,7 +90,7 @@ void
 kdb_fini_lock_list(void)
 {
     if (INITIALIZER_RAN(kdb_init_lock_list))
-	k5_mutex_destroy(&db_lock);
+        k5_mutex_destroy(&db_lock);
 }
 
 static int
@@ -177,27 +178,27 @@ kdb_get_conf_section(krb5_context kcontext)
     char   *value = NULL;
 
     if (kcontext->default_realm == NULL)
-	return NULL;
+        return NULL;
     /* The profile has to have been initialized.  If the profile was
        not initialized, expect nothing less than a crash.  */
     status = profile_get_string(kcontext->profile,
-				/* realms */
-				KDB_REALM_SECTION,
-				kcontext->default_realm,
-				/* under the realm name, database_module */
-				KDB_MODULE_POINTER,
-				/* default value is the realm name itself */
-				kcontext->default_realm,
-				&value);
+                                /* realms */
+                                KDB_REALM_SECTION,
+                                kcontext->default_realm,
+                                /* under the realm name, database_module */
+                                KDB_MODULE_POINTER,
+                                /* default value is the realm name itself */
+                                kcontext->default_realm,
+                                &value);
 
     if (status) {
-	/* some problem */
-	result = strdup(kcontext->default_realm);
-	/* let NULL be handled by the caller */
+        /* some problem */
+        result = strdup(kcontext->default_realm);
+        /* let NULL be handled by the caller */
     } else {
-	result = strdup(value);
-	/* free profile string */
-	profile_release_string(value);
+        result = strdup(value);
+        /* free profile string */
+        profile_release_string(value);
     }
 
     return result;
@@ -212,27 +213,27 @@ kdb_get_library_name(krb5_context kcontext)
     char   *lib = NULL;
 
     status = profile_get_string(kcontext->profile,
-				/* realms */
-				KDB_REALM_SECTION,
-				kcontext->default_realm,
-				/* under the realm name, database_module */
-				KDB_MODULE_POINTER,
-				/* default value is the realm name itself */
-				kcontext->default_realm,
-				&value);
+                                /* realms */
+                                KDB_REALM_SECTION,
+                                kcontext->default_realm,
+                                /* under the realm name, database_module */
+                                KDB_MODULE_POINTER,
+                                /* default value is the realm name itself */
+                                kcontext->default_realm,
+                                &value);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
 
 #define DB2_NAME "db2"
     /* we got the module section. Get the library name from the module */
     status = profile_get_string(kcontext->profile, KDB_MODULE_SECTION, value,
-				KDB_LIB_POINTER,
-				/* default to db2 */
-				DB2_NAME,
-				&lib);
+                                KDB_LIB_POINTER,
+                                /* default to db2 */
+                                DB2_NAME,
+                                &lib);
 
     if (status) {
-	goto clean_n_exit;
+        goto clean_n_exit;
     }
 
     result = strdup(lib);
@@ -246,33 +247,33 @@ static void
 kdb_setup_opt_functions(db_library lib)
 {
     if (lib->vftabl.set_master_key == NULL)
-	lib->vftabl.set_master_key = kdb_def_set_mkey;
+        lib->vftabl.set_master_key = kdb_def_set_mkey;
     if (lib->vftabl.set_master_key_list == NULL)
-	lib->vftabl.set_master_key_list = kdb_def_set_mkey_list;
+        lib->vftabl.set_master_key_list = kdb_def_set_mkey_list;
     if (lib->vftabl.get_master_key == NULL)
-	lib->vftabl.get_master_key = kdb_def_get_mkey;
+        lib->vftabl.get_master_key = kdb_def_get_mkey;
     if (lib->vftabl.get_master_key_list == NULL)
-	lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
+        lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
     if (lib->vftabl.fetch_master_key == NULL)
-	lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
+        lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
     if (lib->vftabl.verify_master_key == NULL)
-	lib->vftabl.verify_master_key = krb5_def_verify_master_key;
+        lib->vftabl.verify_master_key = krb5_def_verify_master_key;
     if (lib->vftabl.fetch_master_key_list == NULL)
-	lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list;
+        lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list;
     if (lib->vftabl.store_master_key_list == NULL)
-	lib->vftabl.store_master_key_list = krb5_def_store_mkey_list;
+        lib->vftabl.store_master_key_list = krb5_def_store_mkey_list;
     if (lib->vftabl.dbe_search_enctype == NULL)
-	lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
+        lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
     if (lib->vftabl.db_change_pwd == NULL)
-	lib->vftabl.db_change_pwd = krb5_dbe_def_cpw;
+        lib->vftabl.db_change_pwd = krb5_dbe_def_cpw;
     if (lib->vftabl.store_master_key == NULL)
-	lib->vftabl.store_master_key = krb5_def_store_mkey;
+        lib->vftabl.store_master_key = krb5_def_store_mkey;
     if (lib->vftabl.promote_db == NULL)
-	lib->vftabl.promote_db = krb5_def_promote_db;
+        lib->vftabl.promote_db = krb5_def_promote_db;
     if (lib->vftabl.dbekd_decrypt_key_data == NULL)
-	lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data;
+        lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data;
     if (lib->vftabl.dbekd_encrypt_key_data == NULL)
-	lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data;
+        lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data;
 }
 
 #ifdef STATIC_PLUGINS
@@ -290,21 +291,21 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr)
     kdb_vftabl *vftabl_addr = NULL;
 
     if (strcmp(lib_name, "db2") == 0)
-	vftabl_addr = &krb5_db2_kdb_function_table;
+        vftabl_addr = &krb5_db2_kdb_function_table;
 #ifdef ENABLE_LDAP
     if (strcmp(lib_name, "ldap") == 0)
-	vftabl_addr = &krb5_ldap_kdb_function_table;
+        vftabl_addr = &krb5_ldap_kdb_function_table;
 #endif
     if (!vftabl_addr) {
-	krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND,
-			       "Unable to find requested database type: %s",
-			       lib_name);
-	return KRB5_KDB_DBTYPE_NOSUP;
+        krb5_set_error_message(kcontext, KRB5_KDB_DBTYPE_NOTFOUND,
+                               "Unable to find requested database type: %s",
+                               lib_name);
+        return KRB5_KDB_DBTYPE_NOSUP;
     }
 
     lib = calloc(1, sizeof(*lib));
     if (lib == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     strlcpy(lib->name, lib_name, sizeof(lib->name));
     memcpy(&lib->vftabl, vftabl_addr, sizeof(kdb_vftabl));
@@ -312,7 +313,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library *libptr)
 
     status = lib->vftabl.init_library();
     if (status)
-	goto cleanup;
+        goto cleanup;
 
     *libptr = lib;
     return 0;
@@ -339,7 +340,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
        When it's static, it goes into ".picdata", which is
        read-write.  */
     static const char *const dbpath_names[] = {
-	KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL,
+        KDB_MODULE_SECTION, KRB5_CONF_DB_MODULE_DIR, NULL,
     };
     const char *filebases[2];
     char **profpath = NULL;
@@ -350,7 +351,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
 
     *lib = calloc((size_t) 1, sizeof(**lib));
     if (*lib == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     strlcpy((*lib)->name, lib_name, sizeof((*lib)->name));
 
@@ -358,31 +359,31 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
        file(s) first.  */
     status = profile_get_values(kcontext->profile, dbpath_names, &profpath);
     if (status != 0 && status != PROF_NO_RELATION)
-	goto clean_n_exit;
+        goto clean_n_exit;
     ndx = 0;
     if (profpath)
-	while (profpath[ndx] != NULL)
-	    ndx++;
+        while (profpath[ndx] != NULL)
+            ndx++;
 
     path = calloc(ndx + db_dl_n_locations, sizeof (char *));
     if (path == NULL) {
-	status = ENOMEM;
-	goto clean_n_exit;
+        status = ENOMEM;
+        goto clean_n_exit;
     }
     if (ndx)
-	memcpy(path, profpath, ndx * sizeof(profpath[0]));
+        memcpy(path, profpath, ndx * sizeof(profpath[0]));
     memcpy(path + ndx, db_dl_location, db_dl_n_locations * sizeof(char *));
     status = 0;
-    
-    if ((status = krb5int_open_plugin_dirs ((const char **) path, 
-                                            filebases, 
+
+    if ((status = krb5int_open_plugin_dirs ((const char **) path,
+                                            filebases,
                                             &(*lib)->dl_dir_handle, &kcontext->err))) {
-	const char *err_str = krb5_get_error_message(kcontext, status);
-	status = KRB5_KDB_DBTYPE_NOTFOUND;
-	krb5_set_error_message (kcontext, status,
-				"Unable to find requested database type: %s", err_str);
-	krb5_free_error_message (kcontext, err_str);
-	goto clean_n_exit;
+        const char *err_str = krb5_get_error_message(kcontext, status);
+        status = KRB5_KDB_DBTYPE_NOTFOUND;
+        krb5_set_error_message (kcontext, status,
+                                "Unable to find requested database type: %s", err_str);
+        krb5_free_error_message (kcontext, err_str);
+        goto clean_n_exit;
     }
 
     if ((status = krb5int_get_plugin_dir_data (&(*lib)->dl_dir_handle, "kdb_function_table",
@@ -392,34 +393,34 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
         krb5_set_error_message (kcontext, status,
                                 "plugin symbol 'kdb_function_table' lookup failed: %s", err_str);
         krb5_free_error_message (kcontext, err_str);
-	goto clean_n_exit;
+        goto clean_n_exit;
     }
 
     if (vftabl_addrs[0] == NULL) {
-	/* No plugins! */
-	status = KRB5_KDB_DBTYPE_NOTFOUND;
-	krb5_set_error_message (kcontext, status,
-				_("Unable to load requested database module '%s': plugin symbol 'kdb_function_table' not found"),
-				lib_name);
-	goto clean_n_exit;
+        /* No plugins! */
+        status = KRB5_KDB_DBTYPE_NOTFOUND;
+        krb5_set_error_message (kcontext, status,
+                                _("Unable to load requested database module '%s': plugin symbol 'kdb_function_table' not found"),
+                                lib_name);
+        goto clean_n_exit;
     }
 
     memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl));
     kdb_setup_opt_functions(*lib);
-    
+
     if ((status = (*lib)->vftabl.init_library()))
         goto clean_n_exit;
-    
+
 clean_n_exit:
     krb5int_free_plugin_dir_data(vftabl_addrs);
     /* Both of these DTRT with NULL.  */
     profile_free_list(profpath);
     free(path);
     if (status && *lib) {
-	if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle)))
-	    krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle);
-	free(*lib);
-	*lib = NULL;
+        if (PLUGIN_DIR_OPEN((&(*lib)->dl_dir_handle)))
+            krb5int_close_plugin_dirs (&(*lib)->dl_dir_handle);
+        free(*lib);
+        *lib = NULL;
     }
     return status;
 }
@@ -436,43 +437,43 @@ kdb_find_library(krb5_context kcontext, char *lib_name, db_library * lib)
     static int kdb_db2_pol_err_loaded = 0;
 
     if (!strcmp(DB2_NAME, lib_name) && (kdb_db2_pol_err_loaded == 0)) {
-	initialize_adb_error_table();
-	kdb_db2_pol_err_loaded = 1;
+        initialize_adb_error_table();
+        kdb_db2_pol_err_loaded = 1;
     }
 
     if ((status = kdb_lock_list()) != 0)
-	goto clean_n_exit;
+        goto clean_n_exit;
     locked = 1;
 
     curr_elt = lib_list;
     while (curr_elt != NULL) {
-	if (strcmp(lib_name, curr_elt->name) == 0) {
-	    *lib = curr_elt;
-	    goto clean_n_exit;
-	}
-	prev_elt = curr_elt;
-	curr_elt = curr_elt->next;
+        if (strcmp(lib_name, curr_elt->name) == 0) {
+            *lib = curr_elt;
+            goto clean_n_exit;
+        }
+        prev_elt = curr_elt;
+        curr_elt = curr_elt->next;
     }
 
     /* module not found. create and add to list */
     status = kdb_load_library(kcontext, lib_name, lib);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
 
     if (prev_elt) {
-	/* prev_elt points to the last element in the list */
-	prev_elt->next = *lib;
-	(*lib)->prev = prev_elt;
+        /* prev_elt points to the last element in the list */
+        prev_elt->next = *lib;
+        (*lib)->prev = prev_elt;
     } else {
-	lib_list = *lib;
+        lib_list = *lib;
     }
 
 clean_n_exit:
     if (*lib)
-	(*lib)->reference_cnt++;
+        (*lib)->reference_cnt++;
 
     if (locked)
-	kdb_unlock_list();
+        kdb_unlock_list();
 
     return status;
 }
@@ -484,33 +485,33 @@ kdb_free_library(db_library lib)
     int     locked = 0;
 
     if ((status = kdb_lock_list()) != 0)
-	goto clean_n_exit;
+        goto clean_n_exit;
     locked = 1;
 
     lib->reference_cnt--;
 
     if (lib->reference_cnt == 0) {
-	status = lib->vftabl.fini_library();
-	if (status)
-	    goto clean_n_exit;
+        status = lib->vftabl.fini_library();
+        if (status)
+            goto clean_n_exit;
 
-	/* close the library */
+        /* close the library */
         if (PLUGIN_DIR_OPEN((&lib->dl_dir_handle)))
             krb5int_close_plugin_dirs (&lib->dl_dir_handle);
-        
-	if (lib->prev == NULL)
-	    lib_list = lib->next;  /* first element in the list */
-	else
-	    lib->prev->next = lib->next;
-
-	if (lib->next)
-	    lib->next->prev = lib->prev;
-	free(lib);
+
+        if (lib->prev == NULL)
+            lib_list = lib->next;  /* first element in the list */
+        else
+            lib->prev->next = lib->next;
+
+        if (lib->next)
+            lib->next->prev = lib->prev;
+        free(lib);
     }
 
 clean_n_exit:
     if (locked)
-	kdb_unlock_list();
+        kdb_unlock_list();
 
     return status;
 }
@@ -525,19 +526,19 @@ krb5_db_setup_lib_handle(krb5_context kcontext)
 
     dal_handle = calloc((size_t) 1, sizeof(kdb5_dal_handle));
     if (dal_handle == NULL) {
-	status = ENOMEM;
-	goto clean_n_exit;
+        status = ENOMEM;
+        goto clean_n_exit;
     }
 
     library = kdb_get_library_name(kcontext);
     if (library == NULL) {
-	status = KRB5_KDB_DBTYPE_NOTFOUND;
-	goto clean_n_exit;
+        status = KRB5_KDB_DBTYPE_NOTFOUND;
+        goto clean_n_exit;
     }
 
     status = kdb_find_library(kcontext, library, &lib);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
 
     dal_handle->lib_handle = lib;
     kcontext->dal_handle = dal_handle;
@@ -546,9 +547,9 @@ clean_n_exit:
     free(library);
 
     if (status) {
-	free(dal_handle);
-	if (lib)
-	    kdb_free_library(lib);
+        free(dal_handle);
+        if (lib)
+            kdb_free_library(lib);
     }
 
     return status;
@@ -561,7 +562,7 @@ kdb_free_lib_handle(krb5_context kcontext)
 
     status = kdb_free_library(kcontext->dal_handle->lib_handle);
     if (status)
-	return status;
+        return status;
 
     free(kcontext->dal_handle);
     kcontext->dal_handle = NULL;
@@ -575,16 +576,16 @@ get_errmsg(krb5_context kcontext, krb5_error_code err_code)
     const char *e;
 
     if (err_code == 0)
-	return;
+        return;
     assert(kcontext != NULL && kcontext->dal_handle != NULL);
     v = &kcontext->dal_handle->lib_handle->vftabl;
     if (v->errcode_2_string == NULL)
-	return;
+        return;
     e = v->errcode_2_string(kcontext, err_code);
     assert (e != NULL);
     krb5_set_error_message(kcontext, err_code, "%s", e);
     if (v->release_errcode_string)
-	v->release_errcode_string(kcontext, e);
+        v->release_errcode_string(kcontext, e);
 }
 
 static krb5_error_code
@@ -594,9 +595,9 @@ get_vftabl(krb5_context kcontext, kdb_vftabl **vftabl_ptr)
 
     *vftabl_ptr = NULL;
     if (kcontext->dal_handle == NULL) {
-	status = krb5_db_setup_lib_handle(kcontext);
-	if (status)
-	    return status;
+        status = krb5_db_setup_lib_handle(kcontext);
+        if (status)
+            return status;
     }
     *vftabl_ptr = &kcontext->dal_handle->lib_handle->vftabl;
     return 0;
@@ -614,23 +615,23 @@ krb5_db_open(krb5_context kcontext, char **db_args, int mode)
 
     section = kdb_get_conf_section(kcontext);
     if (section == NULL) {
-	status = KRB5_KDB_SERVER_INTERNAL_ERR;
-	krb5_set_error_message (kcontext, status,
-		"unable to determine configuration section for realm %s\n",
-		kcontext->default_realm ? kcontext->default_realm : "[UNSET]");
-	goto clean_n_exit;
+        status = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message (kcontext, status,
+                                "unable to determine configuration section for realm %s\n",
+                                kcontext->default_realm ? kcontext->default_realm : "[UNSET]");
+        goto clean_n_exit;
     }
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
     assert(v->init_module != NULL);
     status = v->init_module(kcontext, section, db_args, mode);
     get_errmsg(kcontext, status);
 
 clean_n_exit:
     if (section)
-	free(section);
+        free(section);
     return status;
 }
 
@@ -638,7 +639,7 @@ krb5_error_code
 krb5_db_inited(krb5_context kcontext)
 {
     return !(kcontext && kcontext->dal_handle &&
-	     kcontext->dal_handle->db_context);
+             kcontext->dal_handle->db_context);
 }
 
 krb5_error_code
@@ -650,26 +651,26 @@ krb5_db_create(krb5_context kcontext, char **db_args)
 
     section = kdb_get_conf_section(kcontext);
     if (section == NULL) {
-	status = KRB5_KDB_SERVER_INTERNAL_ERR;
-	krb5_set_error_message (kcontext, status,
-		"unable to determine configuration section for realm %s\n",
-		kcontext->default_realm);
-	goto clean_n_exit;
+        status = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message (kcontext, status,
+                                "unable to determine configuration section for realm %s\n",
+                                kcontext->default_realm);
+        goto clean_n_exit;
     }
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
     if (v->db_create == NULL) {
-	status = KRB5_KDB_DBTYPE_NOSUP;
-	goto clean_n_exit;
+        status = KRB5_KDB_DBTYPE_NOSUP;
+        goto clean_n_exit;
     }
     status = v->db_create(kcontext, section, db_args);
     get_errmsg(kcontext, status);
 
 clean_n_exit:
     if (section)
-	free(section);
+        free(section);
     return status;
 }
 
@@ -681,7 +682,7 @@ krb5_db_fini(krb5_context kcontext)
 
     /* Do nothing if module was never loaded. */
     if (kcontext->dal_handle == NULL)
-	return 0;
+        return 0;
 
     v = &kcontext->dal_handle->lib_handle->vftabl;
     assert(v->fini_module != NULL);
@@ -689,7 +690,7 @@ krb5_db_fini(krb5_context kcontext)
     get_errmsg(kcontext, status);
 
     if (status)
-	return status;
+        return status;
 
     return kdb_free_lib_handle(kcontext);
 }
@@ -703,26 +704,26 @@ krb5_db_destroy(krb5_context kcontext, char **db_args)
 
     section = kdb_get_conf_section(kcontext);
     if (section == NULL) {
-	status = KRB5_KDB_SERVER_INTERNAL_ERR;
-	krb5_set_error_message (kcontext, status,
-		"unable to determine configuration section for realm %s\n",
-		kcontext->default_realm);
-	goto clean_n_exit;
+        status = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message (kcontext, status,
+                                "unable to determine configuration section for realm %s\n",
+                                kcontext->default_realm);
+        goto clean_n_exit;
     }
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
     if (v->db_destroy == NULL) {
-	status = KRB5_KDB_DBTYPE_NOSUP;
-	goto clean_n_exit;
+        status = KRB5_KDB_DBTYPE_NOSUP;
+        goto clean_n_exit;
     }
     status = v->db_destroy(kcontext, section, db_args);
     get_errmsg(kcontext, status);
 
 clean_n_exit:
     if (section)
-	free(section);
+        free(section);
     return status;
 }
 
@@ -734,9 +735,9 @@ krb5_db_get_age(krb5_context kcontext, char *db_name, time_t * t)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_get_age == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_get_age(kcontext, db_name, t);
     get_errmsg(kcontext, status);
     return status;
@@ -750,9 +751,9 @@ krb5_db_set_option(krb5_context kcontext, int option, void *value)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_set_option == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_set_option(kcontext, option, value);
     get_errmsg(kcontext, status);
     return status;
@@ -766,9 +767,9 @@ krb5_db_lock(krb5_context kcontext, int lock_mode)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_lock == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_lock(kcontext, lock_mode);
     get_errmsg(kcontext, status);
     return status;
@@ -782,9 +783,9 @@ krb5_db_unlock(krb5_context kcontext)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_unlock == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_unlock(kcontext);
     get_errmsg(kcontext, status);
     return status;
@@ -792,41 +793,41 @@ krb5_db_unlock(krb5_context kcontext)
 
 krb5_error_code
 krb5_db_get_principal(krb5_context kcontext,
-		      krb5_const_principal search_for,
-		      krb5_db_entry * entries,
-		      int *nentries, krb5_boolean * more)
+                      krb5_const_principal search_for,
+                      krb5_db_entry * entries,
+                      int *nentries, krb5_boolean * more)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_get_principal == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_get_principal(kcontext, search_for, 0, entries, nentries,
-				 more);
+                                 more);
     get_errmsg(kcontext, status);
     return status;
 }
 
 krb5_error_code
 krb5_db_get_principal_ext(krb5_context kcontext,
-			  krb5_const_principal search_for,
-			  unsigned int flags,
-			  krb5_db_entry * entries,
-			  int *nentries, krb5_boolean * more)
+                          krb5_const_principal search_for,
+                          unsigned int flags,
+                          krb5_db_entry * entries,
+                          int *nentries, krb5_boolean * more)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_get_principal == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_get_principal(kcontext, search_for,
-				 flags, entries, nentries, more);
+                                 flags, entries, nentries, more);
     get_errmsg(kcontext, status);
     return status;
 }
@@ -839,9 +840,9 @@ krb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_free_principal == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_free_principal(kcontext, entry, count);
     get_errmsg(kcontext, status);
     return status;
@@ -852,18 +853,18 @@ free_db_args(krb5_context kcontext, char **db_args)
 {
     int i;
     if (db_args) {
-	/* XXX Is this right?  Or are we borrowing storage from
-	   the caller?  */
-	for (i = 0; db_args[i]; i++)
-	    krb5_db_free(kcontext, db_args[i]);
-	free(db_args);
+        /* XXX Is this right?  Or are we borrowing storage from
+           the caller?  */
+        for (i = 0; db_args[i]; i++)
+            krb5_db_free(kcontext, db_args[i]);
+        free(db_args);
     }
 }
 
 static krb5_error_code
 extract_db_args_from_tl_data(krb5_context kcontext,
-			     krb5_tl_data **start, krb5_int16 *count,
-			     char ***db_argsp)
+                             krb5_tl_data **start, krb5_int16 *count,
+                             char ***db_argsp)
 {
     char **db_args = NULL;
     int db_args_size = 0;
@@ -877,51 +878,51 @@ extract_db_args_from_tl_data(krb5_context kcontext,
        difficult for kadmin remote to pass arguments to server.  */
     prev = NULL, curr = *start;
     while (curr) {
-	if (curr->tl_data_type == KRB5_TL_DB_ARGS) {
-	    char  **t;
-	    /* Since this is expected to be NULL terminated string and
-	       this could come from any client, do a check before
-	       passing it to db.  */
-	    if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] !=
-		'\0') {
-		/* Not null terminated. Dangerous input.  */
-		status = EINVAL;
-		goto clean_n_exit;
-	    }
-
-	    db_args_size++;
-	    t = realloc(db_args, sizeof(char *) * (db_args_size + 1));	/* 1 for NULL */
-	    if (t == NULL) {
-		status = ENOMEM;
-		goto clean_n_exit;
-	    }
-
-	    db_args = t;
-	    db_args[db_args_size - 1] = (char *) curr->tl_data_contents;
-	    db_args[db_args_size] = NULL;
-
-	    next = curr->tl_data_next;
-	    if (prev == NULL) {
-		/* current node is the first in the linked list. remove it */
-		*start = curr->tl_data_next;
-	    } else {
-		prev->tl_data_next = curr->tl_data_next;
-	    }
-	    (*count)--;
-	    krb5_db_free(kcontext, curr);
-
-	    /* previous does not change */
-	    curr = next;
-	} else {
-	    prev = curr;
-	    curr = curr->tl_data_next;
-	}
+        if (curr->tl_data_type == KRB5_TL_DB_ARGS) {
+            char  **t;
+            /* Since this is expected to be NULL terminated string and
+               this could come from any client, do a check before
+               passing it to db.  */
+            if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] !=
+                '\0') {
+                /* Not null terminated. Dangerous input.  */
+                status = EINVAL;
+                goto clean_n_exit;
+            }
+
+            db_args_size++;
+            t = realloc(db_args, sizeof(char *) * (db_args_size + 1));  /* 1 for NULL */
+            if (t == NULL) {
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+
+            db_args = t;
+            db_args[db_args_size - 1] = (char *) curr->tl_data_contents;
+            db_args[db_args_size] = NULL;
+
+            next = curr->tl_data_next;
+            if (prev == NULL) {
+                /* current node is the first in the linked list. remove it */
+                *start = curr->tl_data_next;
+            } else {
+                prev->tl_data_next = curr->tl_data_next;
+            }
+            (*count)--;
+            krb5_db_free(kcontext, curr);
+
+            /* previous does not change */
+            curr = next;
+        } else {
+            prev = curr;
+            curr = curr->tl_data_next;
+        }
     }
     status = 0;
 clean_n_exit:
     if (status != 0) {
-	free_db_args(kcontext, db_args);
-	db_args = NULL;
+        free_db_args(kcontext, db_args);
+        db_args = NULL;
     }
     *db_argsp = db_args;
     return status;
@@ -929,7 +930,7 @@ clean_n_exit:
 
 krb5_error_code
 krb5int_put_principal_no_log(krb5_context kcontext,
-			     krb5_db_entry *entries, int *nentries)
+                             krb5_db_entry *entries, int *nentries)
 {
     kdb_vftabl *v;
     krb5_error_code status;
@@ -937,14 +938,14 @@ krb5int_put_principal_no_log(krb5_context kcontext,
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_put_principal == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = extract_db_args_from_tl_data(kcontext, &entries->tl_data,
-					  &entries->n_tl_data,
-					  &db_args);
+                                          &entries->n_tl_data,
+                                          &db_args);
     if (status)
-	return status;
+        return status;
     status = v->db_put_principal(kcontext, entries, nentries, db_args);
     get_errmsg(kcontext, status);
     free_db_args(kcontext, db_args);
@@ -953,7 +954,7 @@ krb5int_put_principal_no_log(krb5_context kcontext,
 
 krb5_error_code
 krb5_db_put_principal(krb5_context kcontext,
-		      krb5_db_entry * entries, int *nentries)
+                      krb5_db_entry * entries, int *nentries)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
@@ -968,88 +969,88 @@ krb5_db_put_principal(krb5_context kcontext,
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
 
     status = extract_db_args_from_tl_data(kcontext, &entries->tl_data,
-					  &entries->n_tl_data,
-					  &db_args);
+                                          &entries->n_tl_data,
+                                          &db_args);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
 
     if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) {
-	if (!(upd = (kdb_incr_update_t *)
-	  malloc(sizeof (kdb_incr_update_t)* *nentries))) {
-	    status = errno;
-	    goto err_lock;
-	}
-	fupd = upd;
+        if (!(upd = (kdb_incr_update_t *)
+              malloc(sizeof (kdb_incr_update_t)* *nentries))) {
+            status = errno;
+            goto err_lock;
+        }
+        fupd = upd;
 
-	(void) memset(upd, 0, sizeof(kdb_incr_update_t)* *nentries);
+        (void) memset(upd, 0, sizeof(kdb_incr_update_t)* *nentries);
 
         if ((status = ulog_conv_2logentry(kcontext, entries, upd, *nentries)))
-	    goto err_lock;
+            goto err_lock;
     }
 
     status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
     if (status != 0)
-	goto err_lock;
+        goto err_lock;
     ulog_locked = 1;
 
     for (i = 0; i < *nentries; i++) {
         if (fupd) {
-		if ((status = krb5_unparse_name(kcontext, entries->princ,
-		    &princ_name)))
-			goto err_lock;
+            if ((status = krb5_unparse_name(kcontext, entries->princ,
+                                            &princ_name)))
+                goto err_lock;
 
-		upd->kdb_princ_name.utf8str_t_val = princ_name;
-		upd->kdb_princ_name.utf8str_t_len = strlen(princ_name);
+            upd->kdb_princ_name.utf8str_t_val = princ_name;
+            upd->kdb_princ_name.utf8str_t_len = strlen(princ_name);
 
-                if ((status = ulog_add_update(kcontext, upd)) != 0)
-			goto err_lock;
-		upd++;
+            if ((status = ulog_add_update(kcontext, upd)) != 0)
+                goto err_lock;
+            upd++;
         }
     }
 
     if (v->db_put_principal == NULL) {
-	status = KRB5_KDB_DBTYPE_NOSUP;
-	goto err_lock;
+        status = KRB5_KDB_DBTYPE_NOSUP;
+        goto err_lock;
     }
 
     status = v->db_put_principal(kcontext, entries, nentries, db_args);
     get_errmsg(kcontext, status);
     if (status == 0 && fupd) {
-	upd = fupd;
-	for (i = 0; i < *nentries; i++) {
-	    (void) ulog_finish_update(kcontext, upd);
-	    upd++;
-	}
+        upd = fupd;
+        for (i = 0; i < *nentries; i++) {
+            (void) ulog_finish_update(kcontext, upd);
+            upd++;
+        }
     }
 err_lock:
     if (ulog_locked)
-	ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
+        ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
 
 clean_n_exit:
     free_db_args(kcontext, db_args);
 
     if (log_ctx && (log_ctx->iproprole == IPROP_MASTER))
-	ulog_free_entries(fupd, *nentries);
+        ulog_free_entries(fupd, *nentries);
 
     return status;
 }
 
 krb5_error_code
 krb5int_delete_principal_no_log(krb5_context kcontext,
-				krb5_principal search_for,
-				int *nentries)
+                                krb5_principal search_for,
+                                int *nentries)
 {
     kdb_vftabl *v;
     krb5_error_code status;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_delete_principal == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_delete_principal(kcontext, search_for, nentries);
     get_errmsg(kcontext, status);
     return status;
@@ -1057,7 +1058,7 @@ krb5int_delete_principal_no_log(krb5_context kcontext,
 
 krb5_error_code
 krb5_db_delete_principal(krb5_context kcontext,
-			 krb5_principal search_for, int *nentries)
+                         krb5_principal search_for, int *nentries)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
@@ -1069,36 +1070,36 @@ krb5_db_delete_principal(krb5_context kcontext,
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     status = ulog_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
     if (status)
-	return status;
+        return status;
 
     /*
      * We'll be sharing the same locks as db for logging
      */
     if (log_ctx && (log_ctx->iproprole == IPROP_MASTER)) {
-	if ((status = krb5_unparse_name(kcontext, search_for, &princ_name))) {
-	    ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
-	    return status;
-	}
+        if ((status = krb5_unparse_name(kcontext, search_for, &princ_name))) {
+            ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
+            return status;
+        }
 
-	(void) memset(&upd, 0, sizeof (kdb_incr_update_t));
+        (void) memset(&upd, 0, sizeof (kdb_incr_update_t));
 
-	upd.kdb_princ_name.utf8str_t_val = princ_name;
-	upd.kdb_princ_name.utf8str_t_len = strlen(princ_name);
+        upd.kdb_princ_name.utf8str_t_val = princ_name;
+        upd.kdb_princ_name.utf8str_t_len = strlen(princ_name);
 
-	if ((status = ulog_delete_update(kcontext, &upd)) != 0) {
-		ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
-		free(princ_name);
-		return status;
-	}
+        if ((status = ulog_delete_update(kcontext, &upd)) != 0) {
+            ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
+            free(princ_name);
+            return status;
+        }
 
-	free(princ_name);
+        free(princ_name);
     }
 
     if (v->db_delete_principal == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
 
     status = v->db_delete_principal(kcontext, search_for, nentries);
     get_errmsg(kcontext, status);
@@ -1107,8 +1108,8 @@ krb5_db_delete_principal(krb5_context kcontext,
      * We need to commit our update upon success
      */
     if (!status)
-	if (log_ctx && (log_ctx->iproprole == IPROP_MASTER))
-		(void) ulog_finish_update(kcontext, &upd);
+        if (log_ctx && (log_ctx->iproprole == IPROP_MASTER))
+            (void) ulog_finish_update(kcontext, &upd);
 
     ulog_lock(kcontext, KRB5_LOCKMODE_UNLOCK);
 
@@ -1117,18 +1118,18 @@ krb5_db_delete_principal(krb5_context kcontext,
 
 krb5_error_code
 krb5_db_iterate(krb5_context kcontext,
-		char *match_entry,
-		int (*func) (krb5_pointer, krb5_db_entry *),
-		krb5_pointer func_arg)
+                char *match_entry,
+                int (*func) (krb5_pointer, krb5_db_entry *),
+                krb5_pointer func_arg)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_iterate == NULL)
-	return 0;
+        return 0;
     status = v->db_iterate(kcontext, match_entry, func, func_arg);
     get_errmsg(kcontext, status);
     return status;
@@ -1142,9 +1143,9 @@ krb5_supported_realms(krb5_context kcontext, char **realms)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_supported_realms == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_supported_realms(kcontext, realms);
     get_errmsg(kcontext, status);
     return status;
@@ -1158,9 +1159,9 @@ krb5_free_supported_realms(krb5_context kcontext, char **realms)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_free_supported_realms == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_free_supported_realms(kcontext, realms);
     get_errmsg(kcontext, status);
     return status;
@@ -1168,14 +1169,14 @@ krb5_free_supported_realms(krb5_context kcontext, char **realms)
 
 krb5_error_code
 krb5_db_set_master_key_ext(krb5_context kcontext,
-			   char *pwd, krb5_keyblock * key)
+                           char *pwd, krb5_keyblock * key)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     status = v->set_master_key(kcontext, pwd, key);
     get_errmsg(kcontext, status);
     return status;
@@ -1196,7 +1197,7 @@ krb5_db_set_mkey_list(krb5_context kcontext,
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     status = v->set_master_key_list(kcontext, keylist);
     get_errmsg(kcontext, status);
     return status;
@@ -1210,7 +1211,7 @@ krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     status = v->get_master_key(kcontext, key);
     get_errmsg(kcontext, status);
     return status;
@@ -1224,9 +1225,9 @@ krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->get_master_key_list == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->get_master_key_list(kcontext, keylist);
     get_errmsg(kcontext, status);
     return status;
@@ -1234,17 +1235,17 @@ krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist)
 
 krb5_error_code
 krb5_db_fetch_mkey_list(krb5_context     context,
-                   krb5_principal        mname,
-                   const krb5_keyblock * mkey,
-                   krb5_kvno             mkvno,
-                   krb5_keylist_node  **mkey_list)
+                        krb5_principal        mname,
+                        const krb5_keyblock * mkey,
+                        krb5_kvno             mkvno,
+                        krb5_keylist_node  **mkey_list)
 {
     kdb_vftabl *v;
     krb5_error_code status = 0;
 
     status = get_vftabl(context, &v);
     if (status)
-	return status;
+        return status;
     status = v->fetch_master_key_list(context, mname, mkey, mkvno, mkey_list);
     get_errmsg(context, status);
     return status;
@@ -1268,42 +1269,42 @@ krb5_db_free_mkey_list(krb5_context    context,
 
 krb5_error_code
 krb5_db_store_master_key(krb5_context kcontext,
-			 char *keyfile,
-			 krb5_principal mname,
-			 krb5_kvno kvno,
-			 krb5_keyblock * key, char *master_pwd)
+                         char *keyfile,
+                         krb5_principal mname,
+                         krb5_kvno kvno,
+                         krb5_keyblock * key, char *master_pwd)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->store_master_key == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->store_master_key(kcontext, keyfile, mname, kvno, key,
-				 master_pwd);
+                                 master_pwd);
     get_errmsg(kcontext, status);
     return status;
 }
 
 krb5_error_code
 krb5_db_store_master_key_list(krb5_context kcontext,
-			      char *keyfile,
-			      krb5_principal mname,
-			      krb5_keylist_node *keylist,
-			      char *master_pwd)
+                              char *keyfile,
+                              krb5_principal mname,
+                              krb5_keylist_node *keylist,
+                              char *master_pwd)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->store_master_key_list == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->store_master_key_list(kcontext, keyfile, mname, keylist,
-				      master_pwd);
+                                      master_pwd);
     get_errmsg(kcontext, status);
     return status;
 }
@@ -1331,24 +1332,24 @@ krb5_db_fetch_mkey(krb5_context    context,
     memset(&tmp_key, 0, sizeof(tmp_key));
 
     if (fromkeyboard) {
-	krb5_data scratch;
-
-	if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1,
-					 twice ? krb5_mkey_pwd_prompt2 : 0,
-					 password, &size))) {
-	    goto clean_n_exit;
-	}
-
-	pwd.data = password;
-	pwd.length = size;
-	if (!salt) {
-	    retval = krb5_principal2salt(context, mname, &scratch);
-	    if (retval)
-		goto clean_n_exit;
-	}
-	retval =
-	    krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch,
-				 key);
+        krb5_data scratch;
+
+        if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1,
+                                         twice ? krb5_mkey_pwd_prompt2 : 0,
+                                         password, &size))) {
+            goto clean_n_exit;
+        }
+
+        pwd.data = password;
+        pwd.length = size;
+        if (!salt) {
+            retval = krb5_principal2salt(context, mname, &scratch);
+            if (retval)
+                goto clean_n_exit;
+        }
+        retval =
+            krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch,
+                                 key);
         /*
          * If a kvno pointer was passed in and it dereferences the IGNORE_VNO
          * value then it should be assigned the value of the kvno associated
@@ -1363,9 +1364,9 @@ krb5_db_fetch_mkey(krb5_context    context,
             krb5_db_entry master_entry;
 
             rc = krb5_db_get_principal(context, mname,
-                &master_entry, &nentries, &more);
+                                       &master_entry, &nentries, &more);
 
-            if (rc == 0 && nentries == 1 && more == FALSE) 
+            if (rc == 0 && nentries == 1 && more == FALSE)
                 *kvno = (krb5_kvno) master_entry.key_data->key_data_kvno;
             else
                 *kvno = 1;
@@ -1374,45 +1375,45 @@ krb5_db_fetch_mkey(krb5_context    context,
                 krb5_db_free_principal(context, &master_entry, nentries);
         }
 
-	if (!salt)
-	    free(scratch.data);
-	zap(password, sizeof(password));	/* erase it */
+        if (!salt)
+            free(scratch.data);
+        zap(password, sizeof(password));        /* erase it */
 
     } else {
-	kdb_vftabl *v;
+        kdb_vftabl *v;
 
-	if (context->dal_handle == NULL) {
-	    retval = krb5_db_setup_lib_handle(context);
-	    if (retval)
-		goto clean_n_exit;
-	}
+        if (context->dal_handle == NULL) {
+            retval = krb5_db_setup_lib_handle(context);
+            if (retval)
+                goto clean_n_exit;
+        }
 
         /* get the enctype from the stash */
-	tmp_key.enctype = ENCTYPE_UNKNOWN;
+        tmp_key.enctype = ENCTYPE_UNKNOWN;
 
-	v = &context->dal_handle->lib_handle->vftabl;
-	retval = v->fetch_master_key(context, mname, &tmp_key, kvno, db_args);
-	get_errmsg(context, retval);
+        v = &context->dal_handle->lib_handle->vftabl;
+        retval = v->fetch_master_key(context, mname, &tmp_key, kvno, db_args);
+        get_errmsg(context, retval);
 
-	if (retval)
-	    goto clean_n_exit;
+        if (retval)
+            goto clean_n_exit;
 
-	key->contents = malloc(tmp_key.length);
-	if (key->contents == NULL) {
-	    retval = ENOMEM;
-	    goto clean_n_exit;
-	}
+        key->contents = malloc(tmp_key.length);
+        if (key->contents == NULL) {
+            retval = ENOMEM;
+            goto clean_n_exit;
+        }
 
-	key->magic = tmp_key.magic;
-	key->enctype = tmp_key.enctype;
-	key->length = tmp_key.length;
-	memcpy(key->contents, tmp_key.contents, tmp_key.length);
+        key->magic = tmp_key.magic;
+        key->enctype = tmp_key.enctype;
+        key->length = tmp_key.length;
+        memcpy(key->contents, tmp_key.contents, tmp_key.length);
     }
 
 clean_n_exit:
     if (tmp_key.contents) {
-	zap(tmp_key.contents, tmp_key.length);
-	krb5_db_free(context, tmp_key.contents);
+        zap(tmp_key.contents, tmp_key.length);
+        krb5_db_free(context, tmp_key.contents);
     }
     return retval;
 }
@@ -1428,9 +1429,9 @@ krb5_db_verify_master_key(krb5_context     kcontext,
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->verify_master_key == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->verify_master_key(kcontext, mprinc, kvno, mkey);
     get_errmsg(kcontext, status);
     return status;
@@ -1506,13 +1507,13 @@ krb5_dbe_find_act_mkey(krb5_context         context,
     krb5_error_code retval;
     krb5_keylist_node *cur_keyblock = mkey_list;
     krb5_actkvno_node   *prev_actkvno, *cur_actkvno;
-    krb5_timestamp	now;
-    krb5_boolean	found = FALSE;
+    krb5_timestamp      now;
+    krb5_boolean        found = FALSE;
 
     if (act_mkey_list == NULL) {
-	*act_kvno = 0;
-	*act_mkey = NULL;
-	return 0;
+        *act_kvno = 0;
+        *act_mkey = NULL;
+        return 0;
     }
 
     if ((retval = krb5_timeofday(context, &now)))
@@ -1613,7 +1614,7 @@ krb5_db_alloc(krb5_context kcontext, void *ptr, size_t size)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return NULL;
+        return NULL;
     return v->db_alloc(kcontext, ptr, size);
 }
 
@@ -1625,7 +1626,7 @@ krb5_db_free(krb5_context kcontext, void *ptr)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return;
+        return;
     v->db_free(kcontext, ptr);
 }
 
@@ -1633,59 +1634,59 @@ krb5_db_free(krb5_context kcontext, void *ptr)
 
 krb5_error_code
 krb5_dbe_find_enctype(krb5_context kcontext,
-		      krb5_db_entry * dbentp,
-		      krb5_int32 ktype,
-		      krb5_int32 stype,
-		      krb5_int32 kvno, krb5_key_data ** kdatap)
+                      krb5_db_entry * dbentp,
+                      krb5_int32 ktype,
+                      krb5_int32 stype,
+                      krb5_int32 kvno, krb5_key_data ** kdatap)
 {
     krb5_int32 start = 0;
     return krb5_dbe_search_enctype(kcontext, dbentp, &start, ktype, stype,
-				   kvno, kdatap);
+                                   kvno, kdatap);
 }
 
 krb5_error_code
 krb5_dbe_search_enctype(krb5_context kcontext,
-			krb5_db_entry * dbentp,
-			krb5_int32 * start,
-			krb5_int32 ktype,
-			krb5_int32 stype,
-			krb5_int32 kvno, krb5_key_data ** kdatap)
+                        krb5_db_entry * dbentp,
+                        krb5_int32 * start,
+                        krb5_int32 ktype,
+                        krb5_int32 stype,
+                        krb5_int32 kvno, krb5_key_data ** kdatap)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     status = v->dbe_search_enctype(kcontext, dbentp, start, ktype, stype,
-				   kvno, kdatap);
+                                   kvno, kdatap);
     get_errmsg(kcontext, status);
     return status;
 }
 
-#define	REALM_SEP_STRING	"@"
+#define REALM_SEP_STRING        "@"
 
 krb5_error_code
 krb5_db_setup_mkey_name(krb5_context context,
-			const char *keyname,
-			const char *realm,
-			char **fullname, krb5_principal * principal)
+                        const char *keyname,
+                        const char *realm,
+                        char **fullname, krb5_principal * principal)
 {
     krb5_error_code retval;
     char   *fname;
 
     if (!keyname)
-	keyname = KRB5_KDB_M_NAME;	/* XXX external? */
+        keyname = KRB5_KDB_M_NAME;      /* XXX external? */
 
     if (asprintf(&fname, "%s%s%s", keyname, REALM_SEP_STRING, realm) < 0)
-	return ENOMEM;
+        return ENOMEM;
 
     if ((retval = krb5_parse_name(context, fname, principal)))
-	return retval;
+        return retval;
     if (fullname)
-	*fullname = fname;
+        *fullname = fname;
     else
-	free(fname);
+        free(fname);
     return 0;
 }
 
@@ -1702,11 +1703,11 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
     tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
-	return (code);
+        return (code);
 
     if (tl_data.tl_data_length != 4) {
-	*stamp = 0;
-	return (0);
+        *stamp = 0;
+        return (0);
     }
 
     krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp);
@@ -1725,10 +1726,10 @@ krb5_dbe_lookup_tl_data(context, entry, ret_tl_data)
     krb5_tl_data *tl_data;
 
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
-	if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
-	    *ret_tl_data = *tl_data;
-	    return (0);
-	}
+        if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
+            *ret_tl_data = *tl_data;
+            return (0);
+        }
     }
 
     /*
@@ -1748,10 +1749,10 @@ krb5_dbe_create_key_data(context, entry)
     krb5_db_entry *entry;
 {
     if ((entry->key_data =
-	 (krb5_key_data *) krb5_db_alloc(context, entry->key_data,
-					 (sizeof(krb5_key_data) *
-					  (entry->n_key_data + 1)))) == NULL)
-	return (ENOMEM);
+         (krb5_key_data *) krb5_db_alloc(context, entry->key_data,
+                                         (sizeof(krb5_key_data) *
+                                          (entry->n_key_data + 1)))) == NULL)
+        return (ENOMEM);
 
     memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data));
     entry->n_key_data++;
@@ -1774,14 +1775,14 @@ krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
     unsigned int unparse_mod_princ_size;
 
     if ((retval = krb5_unparse_name(context, mod_princ, &unparse_mod_princ)))
-	return (retval);
+        return (retval);
 
     unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
 
     if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
-	== NULL) {
-	free(unparse_mod_princ);
-	return (ENOMEM);
+        == NULL) {
+        free(unparse_mod_princ);
+        return (ENOMEM);
     }
 
     tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
@@ -1818,28 +1819,28 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
     tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
-	return (code);
+        return (code);
 
     if ((tl_data.tl_data_length < 5) ||
-	(tl_data.tl_data_contents[tl_data.tl_data_length - 1] != '\0'))
-	return (KRB5_KDB_TRUNCATED_RECORD);
+        (tl_data.tl_data_contents[tl_data.tl_data_length - 1] != '\0'))
+        return (KRB5_KDB_TRUNCATED_RECORD);
 
     /* Mod Date */
     krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time);
 
     /* Mod Princ */
     if ((code = krb5_parse_name(context,
-				(const char *) (tl_data.tl_data_contents + 4),
-				mod_princ)))
-	return (code);
+                                (const char *) (tl_data.tl_data_contents + 4),
+                                mod_princ)))
+        return (code);
 
     return (0);
 }
 
 krb5_error_code
-krb5_dbe_lookup_mkvno(krb5_context	context,
-		      krb5_db_entry	*entry,
-		      krb5_kvno		*mkvno)
+krb5_dbe_lookup_mkvno(krb5_context      context,
+                      krb5_db_entry     *entry,
+                      krb5_kvno         *mkvno)
 {
     krb5_tl_data tl_data;
     krb5_error_code code;
@@ -1848,13 +1849,13 @@ krb5_dbe_lookup_mkvno(krb5_context	context,
     tl_data.tl_data_type = KRB5_TL_MKVNO;
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
-	return (code);
+        return (code);
 
     if (tl_data.tl_data_length == 0) {
-	*mkvno = 1; /* default for princs that lack the KRB5_TL_MKVNO data */
-	return (0);
+        *mkvno = 1; /* default for princs that lack the KRB5_TL_MKVNO data */
+        return (0);
     } else if (tl_data.tl_data_length != 2) {
-	return (KRB5_KDB_TRUNCATED_RECORD);
+        return (KRB5_KDB_TRUNCATED_RECORD);
     }
 
     krb5_kdb_decode_int16(tl_data.tl_data_contents, tmp);
@@ -1887,7 +1888,7 @@ krb5_dbe_lookup_mkey_aux(krb5_context          context,
     krb5_tl_data tl_data;
     krb5_int16 version;
     krb5_mkey_aux_node *head_data = NULL, *new_data = NULL,
-                       *prev_data = NULL;
+        *prev_data = NULL;
     krb5_octet *curloc; /* current location pointer */
     krb5_error_code code;
 
@@ -2079,7 +2080,7 @@ krb5_dbe_lookup_actkvno(krb5_context context,
              * field.
              */
             num_actkvno = (tl_data.tl_data_length - sizeof(version)) /
-                          ACTKVNO_TUPLE_SIZE;
+                ACTKVNO_TUPLE_SIZE;
             prev_data = NULL;
             /* next_tuple points to first tuple entry in the tl_data_contents */
             next_tuple = tl_data.tl_data_contents + sizeof(version);
@@ -2105,8 +2106,8 @@ krb5_dbe_lookup_actkvno(krb5_context context,
             }
         } else {
             krb5_set_error_message (context, KRB5_KDB_BAD_VERSION,
-                "Illegal version number for KRB5_TL_ACTKVNO %d\n",
-                version);
+                                    "Illegal version number for KRB5_TL_ACTKVNO %d\n",
+                                    version);
             return (KRB5_KDB_BAD_VERSION);
         }
     }
@@ -2183,7 +2184,7 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp)
     krb5_timestamp stamp;
 {
     krb5_tl_data tl_data;
-    krb5_octet buf[4];		/* this is the encoded size of an int32 */
+    krb5_octet buf[4];          /* this is the encoded size of an int32 */
 
     tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
     tl_data.tl_data_length = sizeof(buf);
@@ -2196,7 +2197,7 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp)
 krb5_error_code
 krb5_dbe_delete_tl_data(krb5_context context,
                         krb5_db_entry *entry,
-                        krb5_int16 tl_data_type) 
+                        krb5_int16 tl_data_type)
 {
     krb5_tl_data *tl_data, *prev_tl_data, *free_tl_data;
 
@@ -2245,40 +2246,40 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data)
      * fails.
      */
     if ((tmp =
-	 (krb5_octet *) krb5_db_alloc(context, NULL,
-				      new_tl_data->tl_data_length)) == NULL)
-	return (ENOMEM);
+         (krb5_octet *) krb5_db_alloc(context, NULL,
+                                      new_tl_data->tl_data_length)) == NULL)
+        return (ENOMEM);
 
     /*
      * Find an existing entry of the specified type and point at
      * it, or NULL if not found.
      */
 
-    if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) {	/* db_args can be multiple */
-	for (tl_data = entry->tl_data; tl_data;
-	     tl_data = tl_data->tl_data_next)
-	    if (tl_data->tl_data_type == new_tl_data->tl_data_type)
-		break;
+    if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */
+        for (tl_data = entry->tl_data; tl_data;
+             tl_data = tl_data->tl_data_next)
+            if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+                break;
     }
 
     /* If necessary, chain a new record in the beginning and point at it.  */
 
     if (!tl_data) {
-	tl_data = krb5_db_alloc(context, NULL, sizeof(krb5_tl_data));
-	if (tl_data == NULL) {
-	    free(tmp);
-	    return (ENOMEM);
-	}
-	memset(tl_data, 0, sizeof(krb5_tl_data));
-	tl_data->tl_data_next = entry->tl_data;
-	entry->tl_data = tl_data;
-	entry->n_tl_data++;
+        tl_data = krb5_db_alloc(context, NULL, sizeof(krb5_tl_data));
+        if (tl_data == NULL) {
+            free(tmp);
+            return (ENOMEM);
+        }
+        memset(tl_data, 0, sizeof(krb5_tl_data));
+        tl_data->tl_data_next = entry->tl_data;
+        entry->tl_data = tl_data;
+        entry->n_tl_data++;
     }
 
     /* fill in the record */
 
     if (tl_data->tl_data_contents)
-	krb5_db_free(context, tl_data->tl_data_contents);
+        krb5_db_free(context, tl_data->tl_data_contents);
 
     tl_data->tl_data_type = new_tl_data->tl_data_type;
     tl_data->tl_data_length = new_tl_data->tl_data_length;
@@ -2291,20 +2292,20 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data)
 /* change password functions */
 krb5_error_code
 krb5_dbe_cpw(krb5_context kcontext,
-	     krb5_keyblock * master_key,
-	     krb5_key_salt_tuple * ks_tuple,
-	     int ks_tuple_count,
-	     char *passwd,
-	     int new_kvno, krb5_boolean keepold, krb5_db_entry * db_entry)
+             krb5_keyblock * master_key,
+             krb5_key_salt_tuple * ks_tuple,
+             int ks_tuple_count,
+             char *passwd,
+             int new_kvno, krb5_boolean keepold, krb5_db_entry * db_entry)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     status = v->db_change_pwd(kcontext, master_key, ks_tuple, ks_tuple_count,
-			      passwd, new_kvno, keepold, db_entry);
+                              passwd, new_kvno, keepold, db_entry);
     get_errmsg(kcontext, status);
     return status;
 }
@@ -2318,9 +2319,9 @@ krb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_create_policy == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_create_policy(kcontext, policy);
     get_errmsg(kcontext, status);
     return status;
@@ -2328,16 +2329,16 @@ krb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
 krb5_error_code
 krb5_db_get_policy(krb5_context kcontext, char *name,
-		   osa_policy_ent_t * policy, int *cnt)
+                   osa_policy_ent_t * policy, int *cnt)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_get_policy == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_get_policy(kcontext, name, policy, cnt);
     get_errmsg(kcontext, status);
     return status;
@@ -2351,9 +2352,9 @@ krb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_put_policy == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_put_policy(kcontext, policy);
     get_errmsg(kcontext, status);
     return status;
@@ -2361,16 +2362,16 @@ krb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
 krb5_error_code
 krb5_db_iter_policy(krb5_context kcontext, char *match_entry,
-		    osa_adb_iter_policy_func func, void *data)
+                    osa_adb_iter_policy_func func, void *data)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_iter_policy == NULL)
-	return 0;
+        return 0;
     status = v->db_iter_policy(kcontext, match_entry, func, data);
     get_errmsg(kcontext, status);
     return status;
@@ -2384,9 +2385,9 @@ krb5_db_delete_policy(krb5_context kcontext, char *policy)
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_delete_policy == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     status = v->db_delete_policy(kcontext, policy);
     get_errmsg(kcontext, status);
     return status;
@@ -2400,7 +2401,7 @@ krb5_db_free_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
     status = get_vftabl(kcontext, &v);
     if (status || v->db_free_policy == NULL)
-	return;
+        return;
     v->db_free_policy(kcontext, policy);
     get_errmsg(kcontext, status);
 }
@@ -2414,16 +2415,16 @@ krb5_db_promote(krb5_context kcontext, char **db_args)
 
     section = kdb_get_conf_section(kcontext);
     if (section == NULL) {
-	status = KRB5_KDB_SERVER_INTERNAL_ERR;
-	krb5_set_error_message (kcontext, status,
-		"unable to determine configuration section for realm %s\n",
-		kcontext->default_realm);
-	goto clean_n_exit;
+        status = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message (kcontext, status,
+                                "unable to determine configuration section for realm %s\n",
+                                kcontext->default_realm);
+        goto clean_n_exit;
     }
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
     status = v->promote_db(kcontext, section, db_args);
     get_errmsg(kcontext, status);
 
@@ -2433,37 +2434,37 @@ clean_n_exit:
 }
 
 krb5_error_code
-krb5_dbekd_decrypt_key_data( krb5_context 	  kcontext,
-			     const krb5_keyblock	* mkey,
-			     const krb5_key_data	* key_data,
-			     krb5_keyblock 	* dbkey,
-			     krb5_keysalt 	* keysalt)
+krb5_dbekd_decrypt_key_data( krb5_context         kcontext,
+                             const krb5_keyblock        * mkey,
+                             const krb5_key_data        * key_data,
+                             krb5_keyblock      * dbkey,
+                             krb5_keysalt       * keysalt)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     return v->dbekd_decrypt_key_data(kcontext, mkey, key_data, dbkey, keysalt);
 }
 
 krb5_error_code
-krb5_dbekd_encrypt_key_data( krb5_context 		  kcontext,
-			     const krb5_keyblock	* mkey,
-			     const krb5_keyblock 	* dbkey,
-			     const krb5_keysalt		* keysalt,
-			     int			  keyver,
-			     krb5_key_data	        * key_data)
+krb5_dbekd_encrypt_key_data( krb5_context                 kcontext,
+                             const krb5_keyblock        * mkey,
+                             const krb5_keyblock        * dbkey,
+                             const krb5_keysalt         * keysalt,
+                             int                          keyver,
+                             krb5_key_data              * key_data)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     return v->dbekd_encrypt_key_data(kcontext, mkey, dbkey, keysalt, keyver,
-				     key_data);
+                                     key_data);
 }
 
 krb5_error_code
@@ -2471,7 +2472,7 @@ krb5_db_get_context(krb5_context context, void **db_context)
 {
     *db_context = KRB5_DB_GET_DB_CONTEXT(context);
     if (*db_context == NULL)
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
     return 0;
 }
 
@@ -2485,17 +2486,17 @@ krb5_db_set_context(krb5_context context, void *db_context)
 
 krb5_error_code
 krb5_db_invoke(krb5_context kcontext,
-	       unsigned int method,
-	       const krb5_data *req,
-	       krb5_data *rep)
+               unsigned int method,
+               const krb5_data *req,
+               krb5_data *rep)
 {
     krb5_error_code status = 0;
     kdb_vftabl *v;
 
     status = get_vftabl(kcontext, &v);
     if (status)
-	return status;
+        return status;
     if (v->db_invoke == NULL)
-	return KRB5_KDB_DBTYPE_NOSUP;
+        return KRB5_KDB_DBTYPE_NOSUP;
     return v->db_invoke(kcontext, method, req, rep);
 }
diff --git a/src/lib/kdb/kdb5.h b/src/lib/kdb/kdb5.h
index e3a1f2633..eb9e15ce2 100644
--- a/src/lib/kdb/kdb5.h
+++ b/src/lib/kdb/kdb5.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _KRB5_KDB5_H_
 #define _KRB5_KDB5_H_
 
diff --git a/src/lib/kdb/kdb5int.h b/src/lib/kdb/kdb5int.h
index 40f38ad21..994f1f931 100644
--- a/src/lib/kdb/kdb5int.h
+++ b/src/lib/kdb/kdb5int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb5/kdb5int.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Private header file for the kdb5 library for internal functions
  */
@@ -34,11 +35,11 @@
 
 krb5_error_code
 krb5int_put_principal_no_log(krb5_context kcontext,
-			     krb5_db_entry *entries, int *nentries);
+                             krb5_db_entry *entries, int *nentries);
 
 krb5_error_code
 krb5int_delete_principal_no_log(krb5_context kcontext,
-				krb5_principal search_for,
-				int *nentries);
+                                krb5_principal search_for,
+                                int *nentries);
 
 #endif /* __KDB5INT_H__ */
diff --git a/src/lib/kdb/kdb_convert.c b/src/lib/kdb/kdb_convert.c
index 9eacac3ea..df3019d6d 100644
--- a/src/lib/kdb/kdb_convert.c
+++ b/src/lib/kdb/kdb_convert.c
@@ -1,9 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-/* #pragma ident	"@(#)kdb_convert.c	1.3	05/01/05 SMI" */
+/* #pragma ident        "@(#)kdb_convert.c      1.3     05/01/05 SMI" */
 
 /*
  * This file contains api's for conversion of the kdb_incr_update_t
@@ -20,15 +21,15 @@
 #include <kdb_log.h>
 
 /* BEGIN CSTYLED */
-#define	ULOG_ENTRY_TYPE(upd, i)	((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i]
+#define ULOG_ENTRY_TYPE(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i]
 
-#define	ULOG_ENTRY(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u
+#define ULOG_ENTRY(upd, i) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u
 
-#define	ULOG_ENTRY_KEYVAL(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_keydata.av_keydata_val[j]
+#define ULOG_ENTRY_KEYVAL(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_keydata.av_keydata_val[j]
 
-#define	ULOG_ENTRY_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_princ.k_components.k_components_val[j]
+#define ULOG_ENTRY_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_princ.k_components.k_components_val[j]
 
-#define	ULOG_ENTRY_MOD_PRINC(upd, i, j)	((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_mod_princ.k_components.k_components_val[j]
+#define ULOG_ENTRY_MOD_PRINC(upd, i, j) ((kdb_incr_update_t *)upd)->kdb_update.kdbe_t_val[i].kdbe_val_t_u.av_mod_princ.k_components.k_components_val[j]
 /* END CSTYLED */
 
 typedef enum {
@@ -44,99 +45,99 @@ typedef enum {
  */
 static void
 find_changed_attrs(krb5_db_entry *current, krb5_db_entry *new,
-		   krb5_boolean exclude_nra,
-		   kdbe_attr_type_t *attrs, int *nattrs)
+                   krb5_boolean exclude_nra,
+                   kdbe_attr_type_t *attrs, int *nattrs)
 {
     int i = 0, j = 0;
 
     krb5_tl_data *first, *second;
 
     if (current->attributes != new->attributes)
-	attrs[i++] = AT_ATTRFLAGS;
+        attrs[i++] = AT_ATTRFLAGS;
 
     if (current->max_life != new->max_life)
-	attrs[i++] = AT_MAX_LIFE;
+        attrs[i++] = AT_MAX_LIFE;
 
     if (current->max_renewable_life != new->max_renewable_life)
-	attrs[i++] = AT_MAX_RENEW_LIFE;
+        attrs[i++] = AT_MAX_RENEW_LIFE;
 
     if (current->expiration != new->expiration)
-	attrs[i++] = AT_EXP;
+        attrs[i++] = AT_EXP;
 
     if (current->pw_expiration != new->pw_expiration)
-	attrs[i++] = AT_PW_EXP;
+        attrs[i++] = AT_PW_EXP;
 
     if (!exclude_nra) {
-	if (current->last_success != new->last_success)
-	    attrs[i++] = AT_LAST_SUCCESS;
+        if (current->last_success != new->last_success)
+            attrs[i++] = AT_LAST_SUCCESS;
 
-	if (current->last_failed != new->last_failed)
-	    attrs[i++] = AT_LAST_FAILED;
+        if (current->last_failed != new->last_failed)
+            attrs[i++] = AT_LAST_FAILED;
 
-	if (current->fail_auth_count != new->fail_auth_count)
-	    attrs[i++] = AT_FAIL_AUTH_COUNT;
+        if (current->fail_auth_count != new->fail_auth_count)
+            attrs[i++] = AT_FAIL_AUTH_COUNT;
     }
 
     if ((current->princ->type == new->princ->type) &&
-	(current->princ->length == new->princ->length)) {
-	if ((current->princ->realm.length ==
-	     new->princ->realm.length) &&
-	    strncmp(current->princ->realm.data,
-		    new->princ->realm.data,
-		    current->princ->realm.length)) {
-	    for (j = 0; j < current->princ->length; j++) {
-		if ((current->princ->data[j].data != NULL) &&
-		    (strncmp(current->princ->data[j].data,
-			     new->princ->data[j].data,
-			     current->princ->data[j].length))) {
-		    attrs[i++] = AT_PRINC;
-		    break;
-		}
-	    }
-	} else {
-	    attrs[i++] = AT_PRINC;
-	}
+        (current->princ->length == new->princ->length)) {
+        if ((current->princ->realm.length ==
+             new->princ->realm.length) &&
+            strncmp(current->princ->realm.data,
+                    new->princ->realm.data,
+                    current->princ->realm.length)) {
+            for (j = 0; j < current->princ->length; j++) {
+                if ((current->princ->data[j].data != NULL) &&
+                    (strncmp(current->princ->data[j].data,
+                             new->princ->data[j].data,
+                             current->princ->data[j].length))) {
+                    attrs[i++] = AT_PRINC;
+                    break;
+                }
+            }
+        } else {
+            attrs[i++] = AT_PRINC;
+        }
     } else {
-	attrs[i++] = AT_PRINC;
+        attrs[i++] = AT_PRINC;
     }
 
     if (current->n_key_data == new->n_key_data) {
-	/* Assuming key ordering is the same in new & current */
-	for (j = 0; j < new->n_key_data; j++) {
-	    if (current->key_data[j].key_data_kvno !=
-		new->key_data[j].key_data_kvno) {
-		attrs[i++] = AT_KEYDATA;
-		break;
-	    }
-	}
+        /* Assuming key ordering is the same in new & current */
+        for (j = 0; j < new->n_key_data; j++) {
+            if (current->key_data[j].key_data_kvno !=
+                new->key_data[j].key_data_kvno) {
+                attrs[i++] = AT_KEYDATA;
+                break;
+            }
+        }
     } else {
-	attrs[i++] = AT_KEYDATA;
+        attrs[i++] = AT_KEYDATA;
     }
 
     if (current->n_tl_data == new->n_tl_data) {
-	/* Assuming we preserve the TL_DATA ordering between updates */
-	for (first = current->tl_data, second = new->tl_data;
-	     first; first = first->tl_data_next,
-		 second = second->tl_data_next) {
-	    if ((first->tl_data_length == second->tl_data_length) &&
-		(first->tl_data_type == second->tl_data_type)) {
-		if ((memcmp((char *)first->tl_data_contents,
-			    (char *)second->tl_data_contents,
-			    first->tl_data_length)) != 0) {
-		    attrs[i++] = AT_TL_DATA;
-		    break;
-		}
-	    } else {
-		attrs[i++] = AT_TL_DATA;
-		break;
-	    }
-	}
+        /* Assuming we preserve the TL_DATA ordering between updates */
+        for (first = current->tl_data, second = new->tl_data;
+             first; first = first->tl_data_next,
+                 second = second->tl_data_next) {
+            if ((first->tl_data_length == second->tl_data_length) &&
+                (first->tl_data_type == second->tl_data_type)) {
+                if ((memcmp((char *)first->tl_data_contents,
+                            (char *)second->tl_data_contents,
+                            first->tl_data_length)) != 0) {
+                    attrs[i++] = AT_TL_DATA;
+                    break;
+                }
+            } else {
+                attrs[i++] = AT_TL_DATA;
+                break;
+            }
+        }
     } else {
-	attrs[i++] = AT_TL_DATA;
+        attrs[i++] = AT_TL_DATA;
     }
 
     if (current->len != new->len)
-	attrs[i++] = AT_LEN;
+        attrs[i++] = AT_LEN;
     /*
      * Store the no. of (possibly :)) changed attributes
      */
@@ -151,12 +152,12 @@ data_to_utf8str(utf8str_t *u, krb5_data d)
 {
     u->utf8str_t_len = d.length;
     if (d.data) {
-	u->utf8str_t_val = malloc(d.length);
-	if (u->utf8str_t_val == NULL)
-	    return -1;
-	memcpy(u->utf8str_t_val, d.data, d.length);
+        u->utf8str_t_val = malloc(d.length);
+        if (u->utf8str_t_val == NULL)
+            return -1;
+        memcpy(u->utf8str_t_val, d.data, d.length);
     } else
-	u->utf8str_t_val = NULL;
+        u->utf8str_t_val = NULL;
     return 0;
 }
 
@@ -165,57 +166,57 @@ data_to_utf8str(utf8str_t *u, krb5_data d)
  */
 static krb5_error_code
 conv_princ_2ulog(krb5_principal princ, kdb_incr_update_t *upd,
-		 int cnt, princ_type tp)
+                 int cnt, princ_type tp)
 {
     int i = 0;
     kdbe_princ_t *p;
     kdbe_data_t *components;
 
     if ((upd == NULL) || !princ)
-	return (KRB5KRB_ERR_GENERIC);
+        return (KRB5KRB_ERR_GENERIC);
 
     switch (tp) {
     case REG_PRINC:
     case MOD_PRINC:
-	p = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */
-	p->k_nametype = (int32_t)princ->type;
-
-	if (data_to_utf8str(&p->k_realm, princ->realm) < 0) {
-	    return ENOMEM;
-	}
-
-	p->k_components.k_components_len = princ->length;
-
-	p->k_components.k_components_val = components
-	    = malloc(princ->length * sizeof (kdbe_data_t));
-	if (p->k_components.k_components_val == NULL) {
-	    free(p->k_realm.utf8str_t_val);
-	    p->k_realm.utf8str_t_val = NULL;
-	    return (ENOMEM);
-	}
-
-	memset(components, 0, princ->length * sizeof(kdbe_data_t));
-	for (i = 0; i < princ->length; i++)
-	    components[i].k_data.utf8str_t_val = NULL;
-	for (i = 0; i < princ->length; i++) {
-	    components[i].k_magic = princ->data[i].magic;
-	    if (data_to_utf8str(&components[i].k_data, princ->data[i]) < 0) {
-		int j;
-		for (j = 0; j < i; j++) {
-		    free(components[j].k_data.utf8str_t_val);
-		    components[j].k_data.utf8str_t_val = NULL;
-		}
-		free(components);
-		p->k_components.k_components_val = NULL;
-		free(p->k_realm.utf8str_t_val);
-		p->k_realm.utf8str_t_val = NULL;
-		return ENOMEM;
-	    }
-	}
-	break;
+        p = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */
+        p->k_nametype = (int32_t)princ->type;
+
+        if (data_to_utf8str(&p->k_realm, princ->realm) < 0) {
+            return ENOMEM;
+        }
+
+        p->k_components.k_components_len = princ->length;
+
+        p->k_components.k_components_val = components
+            = malloc(princ->length * sizeof (kdbe_data_t));
+        if (p->k_components.k_components_val == NULL) {
+            free(p->k_realm.utf8str_t_val);
+            p->k_realm.utf8str_t_val = NULL;
+            return (ENOMEM);
+        }
+
+        memset(components, 0, princ->length * sizeof(kdbe_data_t));
+        for (i = 0; i < princ->length; i++)
+            components[i].k_data.utf8str_t_val = NULL;
+        for (i = 0; i < princ->length; i++) {
+            components[i].k_magic = princ->data[i].magic;
+            if (data_to_utf8str(&components[i].k_data, princ->data[i]) < 0) {
+                int j;
+                for (j = 0; j < i; j++) {
+                    free(components[j].k_data.utf8str_t_val);
+                    components[j].k_data.utf8str_t_val = NULL;
+                }
+                free(components);
+                p->k_components.k_components_val = NULL;
+                free(p->k_realm.utf8str_t_val);
+                p->k_realm.utf8str_t_val = NULL;
+                return ENOMEM;
+            }
+        }
+        break;
 
     default:
-	break;
+        break;
     }
     return (0);
 }
@@ -230,15 +231,15 @@ static void
 set_from_utf8str(krb5_data *d, utf8str_t u)
 {
     if (u.utf8str_t_len > INT_MAX-1 || u.utf8str_t_len >= SIZE_MAX-1) {
-	d->data = NULL;
-	return;
+        d->data = NULL;
+        return;
     }
     d->length = u.utf8str_t_len;
     d->data = malloc(d->length + 1);
     if (d->data == NULL)
-	return;
-    if (d->length)	/* Pointer may be null if length = 0.  */
-	strncpy(d->data, u.utf8str_t_val, d->length);
+        return;
+    if (d->length)      /* Pointer may be null if length = 0.  */
+        strncpy(d->data, u.utf8str_t_val, d->length);
     d->data[d->length] = 0;
 }
 
@@ -254,7 +255,7 @@ conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ)
 
     princ = calloc(1, sizeof (krb5_principal_data));
     if (princ == NULL) {
-	return NULL;
+        return NULL;
     }
     princ->length = 0;
     princ->data = NULL;
@@ -265,21 +266,21 @@ conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ)
     princ->realm.data = NULL;
     set_from_utf8str(&princ->realm, kdbe_princ->k_realm);
     if (princ->realm.data == NULL)
-	goto error;
+        goto error;
 
     princ->data = calloc(kdbe_princ->k_components.k_components_len,
-			 sizeof (krb5_data));
+                         sizeof (krb5_data));
     if (princ->data == NULL)
-	goto error;
+        goto error;
     for (i = 0; i < kdbe_princ->k_components.k_components_len; i++)
-	princ->data[i].data = NULL;
+        princ->data[i].data = NULL;
     princ->length = (krb5_int32)kdbe_princ->k_components.k_components_len;
 
     for (i = 0; i < princ->length; i++) {
-	princ->data[i].magic = components[i].k_magic;
-	set_from_utf8str(&princ->data[i], components[i].k_data);
-	if (princ->data[i].data == NULL)
-	    goto error;
+        princ->data[i].magic = components[i].k_magic;
+        set_from_utf8str(&princ->data[i], components[i].k_data);
+        if (princ->data[i].data == NULL)
+            goto error;
     }
 
     return princ;
@@ -296,8 +297,8 @@ error:
  */
 krb5_error_code
 ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries,
-		    kdb_incr_update_t *updates,
-		    int nentries)
+                    kdb_incr_update_t *updates,
+                    int nentries)
 {
     int i, j, k, cnt, final, nattrs, tmpint, nprincs;
     unsigned int more;
@@ -313,294 +314,294 @@ ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries,
     krb5_boolean exclude_nra = TRUE;
 
     if ((updates == NULL) || (entries == NULL))
-	return (KRB5KRB_ERR_GENERIC);
+        return (KRB5KRB_ERR_GENERIC);
 
     upd = updates;
     ent = entries;
 
     for (k = 0; k < nentries; k++) {
-	nprincs = nattrs = tmpint = 0;
-	final = -1;
-	kadm_data_yes = 0;
-	attr_types = NULL;
-
-	/*
-	 * XXX we rely on the good behaviour of the database not to
-	 * exceed this limit.
-	 */
-	if ((upd->kdb_update.kdbe_t_val = (kdbe_val_t *)
-	     malloc(MAXENTRY_SIZE)) == NULL) {
-	    return (ENOMEM);
-	}
-
-	/*
-	 * Find out which attrs have been modified
-	 */
-	if ((attr_types = (kdbe_attr_type_t *)malloc(
-		 sizeof (kdbe_attr_type_t) * MAXATTRS_SIZE))
-	    == NULL) {
-	    return (ENOMEM);
-	}
-
-	if ((ret = krb5_db_get_principal(context, ent->princ, &curr,
-					 &nprincs, &more))) {
-	    free(attr_types);
-	    return (ret);
-	}
-
-	if (nprincs == 0) {
-	    /*
-	     * This is a new entry to the database, hence will
-	     * include all the attribute-value pairs
-	     *
-	     * We leave out the TL_DATA types which we model as
-	     * attrs in kdbe_attr_type_t, since listing AT_TL_DATA
-	     * encompasses these other types-turned-attributes
-	     *
-	     * So, we do *NOT* consider AT_MOD_PRINC, AT_MOD_TIME,
-	     * AT_MOD_WHERE, AT_PW_LAST_CHANGE, AT_PW_POLICY,
-	     * AT_PW_POLICY_SWITCH, AT_PW_HIST_KVNO and AT_PW_HIST,
-	     * totalling 8 attrs.
-	     */
-	    while (nattrs < MAXATTRS_SIZE - 8) {
-		attr_types[nattrs] = nattrs;
-		nattrs++;
-	    }
-	} else {
-	    find_changed_attrs(&curr, ent, exclude_nra, attr_types, &nattrs);
-
-	    krb5_db_free_principal(context, &curr, nprincs);
-	}
-
-	for (i = 0; i < nattrs; i++) {
-	    switch (attr_types[i]) {
-	    case AT_ATTRFLAGS:
-		if (ent->attributes >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_ATTRFLAGS;
-		    ULOG_ENTRY(upd, final).av_attrflags =
-			(uint32_t)ent->attributes;
-		}
-		break;
-
-	    case AT_MAX_LIFE:
-		if (ent->max_life >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_MAX_LIFE;
-		    ULOG_ENTRY(upd, final).av_max_life =
-			(uint32_t)ent->max_life;
-		}
-		break;
-
-	    case AT_MAX_RENEW_LIFE:
-		if (ent->max_renewable_life >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_MAX_RENEW_LIFE;
-		    ULOG_ENTRY(upd,
-			       final).av_max_renew_life =
-			(uint32_t)ent->max_renewable_life;
-		}
-		break;
-
-	    case AT_EXP:
-		if (ent->expiration >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_EXP;
-		    ULOG_ENTRY(upd, final).av_exp =
-			(uint32_t)ent->expiration;
-		}
-		break;
-
-	    case AT_PW_EXP:
-		if (ent->pw_expiration >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_PW_EXP;
-		    ULOG_ENTRY(upd, final).av_pw_exp =
-			(uint32_t)ent->pw_expiration;
-		}
-		break;
-
-	    case AT_LAST_SUCCESS:
-		if (!exclude_nra && ent->last_success >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_LAST_SUCCESS;
-		    ULOG_ENTRY(upd,
-			       final).av_last_success =
-			(uint32_t)ent->last_success;
-		}
-		break;
-
-	    case AT_LAST_FAILED:
-		if (!exclude_nra && ent->last_failed >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_LAST_FAILED;
-		    ULOG_ENTRY(upd,
-			       final).av_last_failed =
-			(uint32_t)ent->last_failed;
-		}
-		break;
-
-	    case AT_FAIL_AUTH_COUNT:
-		if (!exclude_nra && ent->fail_auth_count >= (krb5_kvno)0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_FAIL_AUTH_COUNT;
-		    ULOG_ENTRY(upd,
-			       final).av_fail_auth_count =
-			(uint32_t)ent->fail_auth_count;
-		}
-		break;
-
-	    case AT_PRINC:
-		if (ent->princ->length > 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_PRINC;
-		    if ((ret = conv_princ_2ulog(ent->princ,
-						upd, final, REG_PRINC))) {
-			free(attr_types);
-			return (ret);
-		    }
-		}
-		break;
-
-	    case AT_KEYDATA:
+        nprincs = nattrs = tmpint = 0;
+        final = -1;
+        kadm_data_yes = 0;
+        attr_types = NULL;
+
+        /*
+         * XXX we rely on the good behaviour of the database not to
+         * exceed this limit.
+         */
+        if ((upd->kdb_update.kdbe_t_val = (kdbe_val_t *)
+             malloc(MAXENTRY_SIZE)) == NULL) {
+            return (ENOMEM);
+        }
+
+        /*
+         * Find out which attrs have been modified
+         */
+        if ((attr_types = (kdbe_attr_type_t *)malloc(
+                 sizeof (kdbe_attr_type_t) * MAXATTRS_SIZE))
+            == NULL) {
+            return (ENOMEM);
+        }
+
+        if ((ret = krb5_db_get_principal(context, ent->princ, &curr,
+                                         &nprincs, &more))) {
+            free(attr_types);
+            return (ret);
+        }
+
+        if (nprincs == 0) {
+            /*
+             * This is a new entry to the database, hence will
+             * include all the attribute-value pairs
+             *
+             * We leave out the TL_DATA types which we model as
+             * attrs in kdbe_attr_type_t, since listing AT_TL_DATA
+             * encompasses these other types-turned-attributes
+             *
+             * So, we do *NOT* consider AT_MOD_PRINC, AT_MOD_TIME,
+             * AT_MOD_WHERE, AT_PW_LAST_CHANGE, AT_PW_POLICY,
+             * AT_PW_POLICY_SWITCH, AT_PW_HIST_KVNO and AT_PW_HIST,
+             * totalling 8 attrs.
+             */
+            while (nattrs < MAXATTRS_SIZE - 8) {
+                attr_types[nattrs] = nattrs;
+                nattrs++;
+            }
+        } else {
+            find_changed_attrs(&curr, ent, exclude_nra, attr_types, &nattrs);
+
+            krb5_db_free_principal(context, &curr, nprincs);
+        }
+
+        for (i = 0; i < nattrs; i++) {
+            switch (attr_types[i]) {
+            case AT_ATTRFLAGS:
+                if (ent->attributes >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_ATTRFLAGS;
+                    ULOG_ENTRY(upd, final).av_attrflags =
+                        (uint32_t)ent->attributes;
+                }
+                break;
+
+            case AT_MAX_LIFE:
+                if (ent->max_life >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_MAX_LIFE;
+                    ULOG_ENTRY(upd, final).av_max_life =
+                        (uint32_t)ent->max_life;
+                }
+                break;
+
+            case AT_MAX_RENEW_LIFE:
+                if (ent->max_renewable_life >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_MAX_RENEW_LIFE;
+                    ULOG_ENTRY(upd,
+                               final).av_max_renew_life =
+                        (uint32_t)ent->max_renewable_life;
+                }
+                break;
+
+            case AT_EXP:
+                if (ent->expiration >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_EXP;
+                    ULOG_ENTRY(upd, final).av_exp =
+                        (uint32_t)ent->expiration;
+                }
+                break;
+
+            case AT_PW_EXP:
+                if (ent->pw_expiration >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_PW_EXP;
+                    ULOG_ENTRY(upd, final).av_pw_exp =
+                        (uint32_t)ent->pw_expiration;
+                }
+                break;
+
+            case AT_LAST_SUCCESS:
+                if (!exclude_nra && ent->last_success >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_LAST_SUCCESS;
+                    ULOG_ENTRY(upd,
+                               final).av_last_success =
+                        (uint32_t)ent->last_success;
+                }
+                break;
+
+            case AT_LAST_FAILED:
+                if (!exclude_nra && ent->last_failed >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_LAST_FAILED;
+                    ULOG_ENTRY(upd,
+                               final).av_last_failed =
+                        (uint32_t)ent->last_failed;
+                }
+                break;
+
+            case AT_FAIL_AUTH_COUNT:
+                if (!exclude_nra && ent->fail_auth_count >= (krb5_kvno)0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_FAIL_AUTH_COUNT;
+                    ULOG_ENTRY(upd,
+                               final).av_fail_auth_count =
+                        (uint32_t)ent->fail_auth_count;
+                }
+                break;
+
+            case AT_PRINC:
+                if (ent->princ->length > 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_PRINC;
+                    if ((ret = conv_princ_2ulog(ent->princ,
+                                                upd, final, REG_PRINC))) {
+                        free(attr_types);
+                        return (ret);
+                    }
+                }
+                break;
+
+            case AT_KEYDATA:
 /* BEGIN CSTYLED */
-		if (ent->n_key_data >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_KEYDATA;
-		    ULOG_ENTRY(upd, final).av_keydata.av_keydata_len = ent->n_key_data;
-
-		    ULOG_ENTRY(upd, final).av_keydata.av_keydata_val = malloc(ent->n_key_data * sizeof (kdbe_key_t));
-		    if (ULOG_ENTRY(upd, final).av_keydata.av_keydata_val == NULL) {
-			free(attr_types);
-			return (ENOMEM);
-		    }
-
-		    for (j = 0; j < ent->n_key_data; j++) {
-			ULOG_ENTRY_KEYVAL(upd, final, j).k_ver = ent->key_data[j].key_data_ver;
-			ULOG_ENTRY_KEYVAL(upd, final, j).k_kvno = ent->key_data[j].key_data_kvno;
-			ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_len = ent->key_data[j].key_data_ver;
-			ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_len = ent->key_data[j].key_data_ver;
-
-			ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val = malloc(ent->key_data[j].key_data_ver * sizeof(int32_t));
-			if (ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val == NULL) {
-			    free(attr_types);
-			    return (ENOMEM);
-			}
-
-			ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val = malloc(ent->key_data[j].key_data_ver * sizeof(utf8str_t));
-			if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val == NULL) {
-			    free(attr_types);
-			    return (ENOMEM);
-			}
-
-			for (cnt = 0; cnt < ent->key_data[j].key_data_ver; cnt++) {
-			    ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val[cnt] = ent->key_data[j].key_data_type[cnt];
-			    ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_len = ent->key_data[j].key_data_length[cnt];
-			    ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val = malloc(ent->key_data[j].key_data_length[cnt] * sizeof (char));
-			    if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val == NULL) {
-				free(attr_types);
-				return (ENOMEM);
-			    }
-			    (void) memcpy(ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, ent->key_data[j].key_data_contents[cnt], ent->key_data[j].key_data_length[cnt]);
-			}
-		    }
-		}
-		break;
-
-	    case AT_TL_DATA:
-		ret = krb5_dbe_lookup_last_pwd_change(context,
-						      ent, &tmpint);
-		if (ret == 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_PW_LAST_CHANGE;
-		    ULOG_ENTRY(upd, final).av_pw_last_change = tmpint;
-		}
-		tmpint = 0;
-
-		if(!(ret = krb5_dbe_lookup_mod_princ_data(
-			 context, ent, &tmpint, &tmpprinc))) {
-
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_MOD_PRINC;
-
-		    ret = conv_princ_2ulog(tmpprinc,
-					   upd, final, MOD_PRINC);
-		    krb5_free_principal(context, tmpprinc);
-		    if (ret) {
-			free(attr_types);
-			return (ret);
-		    }
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_MOD_TIME;
-		    ULOG_ENTRY(upd, final).av_mod_time =
-			tmpint;
-		}
-
-		newtl = ent->tl_data;
-		while (newtl) {
-		    switch (newtl->tl_data_type) {
-		    case KRB5_TL_LAST_PWD_CHANGE:
-		    case KRB5_TL_MOD_PRINC:
-			break;
-
-		    case KRB5_TL_KADM_DATA:
-		    default:
-			if (kadm_data_yes == 0) {
-			    ULOG_ENTRY_TYPE(upd, ++final).av_type = AT_TL_DATA;
-			    ULOG_ENTRY(upd, final).av_tldata.av_tldata_len = 0;
-			    ULOG_ENTRY(upd, final).av_tldata.av_tldata_val = malloc(ent->n_tl_data * sizeof(kdbe_tl_t));
-
-			    if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val == NULL) {
-				free(attr_types);
-				return (ENOMEM);
-			    }
-			    kadm_data_yes = 1;
-			}
-
-			tmpint = ULOG_ENTRY(upd, final).av_tldata.av_tldata_len;
-			ULOG_ENTRY(upd, final).av_tldata.av_tldata_len++;
-			ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_type = newtl->tl_data_type;
-			ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_len = newtl->tl_data_length;
-			ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val = malloc(newtl->tl_data_length * sizeof (char));
-			if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val == NULL) {
-			    free(attr_types);
-			    return (ENOMEM);
-			}
-			(void) memcpy(ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length);
-			break;
-		    }
-		    newtl = newtl->tl_data_next;
-		}
-		break;
+                if (ent->n_key_data >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_KEYDATA;
+                    ULOG_ENTRY(upd, final).av_keydata.av_keydata_len = ent->n_key_data;
+
+                    ULOG_ENTRY(upd, final).av_keydata.av_keydata_val = malloc(ent->n_key_data * sizeof (kdbe_key_t));
+                    if (ULOG_ENTRY(upd, final).av_keydata.av_keydata_val == NULL) {
+                        free(attr_types);
+                        return (ENOMEM);
+                    }
+
+                    for (j = 0; j < ent->n_key_data; j++) {
+                        ULOG_ENTRY_KEYVAL(upd, final, j).k_ver = ent->key_data[j].key_data_ver;
+                        ULOG_ENTRY_KEYVAL(upd, final, j).k_kvno = ent->key_data[j].key_data_kvno;
+                        ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_len = ent->key_data[j].key_data_ver;
+                        ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_len = ent->key_data[j].key_data_ver;
+
+                        ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val = malloc(ent->key_data[j].key_data_ver * sizeof(int32_t));
+                        if (ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val == NULL) {
+                            free(attr_types);
+                            return (ENOMEM);
+                        }
+
+                        ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val = malloc(ent->key_data[j].key_data_ver * sizeof(utf8str_t));
+                        if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val == NULL) {
+                            free(attr_types);
+                            return (ENOMEM);
+                        }
+
+                        for (cnt = 0; cnt < ent->key_data[j].key_data_ver; cnt++) {
+                            ULOG_ENTRY_KEYVAL(upd, final, j).k_enctype.k_enctype_val[cnt] = ent->key_data[j].key_data_type[cnt];
+                            ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_len = ent->key_data[j].key_data_length[cnt];
+                            ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val = malloc(ent->key_data[j].key_data_length[cnt] * sizeof (char));
+                            if (ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val == NULL) {
+                                free(attr_types);
+                                return (ENOMEM);
+                            }
+                            (void) memcpy(ULOG_ENTRY_KEYVAL(upd, final, j).k_contents.k_contents_val[cnt].utf8str_t_val, ent->key_data[j].key_data_contents[cnt], ent->key_data[j].key_data_length[cnt]);
+                        }
+                    }
+                }
+                break;
+
+            case AT_TL_DATA:
+                ret = krb5_dbe_lookup_last_pwd_change(context,
+                                                      ent, &tmpint);
+                if (ret == 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_PW_LAST_CHANGE;
+                    ULOG_ENTRY(upd, final).av_pw_last_change = tmpint;
+                }
+                tmpint = 0;
+
+                if(!(ret = krb5_dbe_lookup_mod_princ_data(
+                         context, ent, &tmpint, &tmpprinc))) {
+
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_MOD_PRINC;
+
+                    ret = conv_princ_2ulog(tmpprinc,
+                                           upd, final, MOD_PRINC);
+                    krb5_free_principal(context, tmpprinc);
+                    if (ret) {
+                        free(attr_types);
+                        return (ret);
+                    }
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_MOD_TIME;
+                    ULOG_ENTRY(upd, final).av_mod_time =
+                        tmpint;
+                }
+
+                newtl = ent->tl_data;
+                while (newtl) {
+                    switch (newtl->tl_data_type) {
+                    case KRB5_TL_LAST_PWD_CHANGE:
+                    case KRB5_TL_MOD_PRINC:
+                        break;
+
+                    case KRB5_TL_KADM_DATA:
+                    default:
+                        if (kadm_data_yes == 0) {
+                            ULOG_ENTRY_TYPE(upd, ++final).av_type = AT_TL_DATA;
+                            ULOG_ENTRY(upd, final).av_tldata.av_tldata_len = 0;
+                            ULOG_ENTRY(upd, final).av_tldata.av_tldata_val = malloc(ent->n_tl_data * sizeof(kdbe_tl_t));
+
+                            if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val == NULL) {
+                                free(attr_types);
+                                return (ENOMEM);
+                            }
+                            kadm_data_yes = 1;
+                        }
+
+                        tmpint = ULOG_ENTRY(upd, final).av_tldata.av_tldata_len;
+                        ULOG_ENTRY(upd, final).av_tldata.av_tldata_len++;
+                        ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_type = newtl->tl_data_type;
+                        ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_len = newtl->tl_data_length;
+                        ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val = malloc(newtl->tl_data_length * sizeof (char));
+                        if (ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val == NULL) {
+                            free(attr_types);
+                            return (ENOMEM);
+                        }
+                        (void) memcpy(ULOG_ENTRY(upd, final).av_tldata.av_tldata_val[tmpint].tl_data.tl_data_val, newtl->tl_data_contents, newtl->tl_data_length);
+                        break;
+                    }
+                    newtl = newtl->tl_data_next;
+                }
+                break;
 /* END CSTYLED */
 
-	    case AT_LEN:
-		if (ent->len >= 0) {
-		    ULOG_ENTRY_TYPE(upd, ++final).av_type =
-			AT_LEN;
-		    ULOG_ENTRY(upd, final).av_len =
-			(int16_t)ent->len;
-		}
-		break;
-
-	    default:
-		break;
-	    }
-
-	}
-
-	free(attr_types);
-
-	/*
-	 * Update len field in kdb_update
-	 */
-	upd->kdb_update.kdbe_t_len = ++final;
-
-	/*
-	 * Bump up to next struct
-	 */
-	upd++;
-	ent++;
+            case AT_LEN:
+                if (ent->len >= 0) {
+                    ULOG_ENTRY_TYPE(upd, ++final).av_type =
+                        AT_LEN;
+                    ULOG_ENTRY(upd, final).av_len =
+                        (int16_t)ent->len;
+                }
+                break;
+
+            default:
+                break;
+            }
+
+        }
+
+        free(attr_types);
+
+        /*
+         * Update len field in kdb_update
+         */
+        upd->kdb_update.kdbe_t_len = ++final;
+
+        /*
+         * Bump up to next struct
+         */
+        upd++;
+        ent++;
     }
     return (0);
 }
@@ -613,8 +614,8 @@ ulog_conv_2logentry(krb5_context context, krb5_db_entry *entries,
  */
 krb5_error_code
 ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries,
-		   kdb_incr_update_t *updates,
-		   int nentries)
+                   kdb_incr_update_t *updates,
+                   int nentries)
 {
     int k;
     krb5_db_entry *ent;
@@ -622,248 +623,248 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries,
     int slave;
 
     if ((updates == NULL) || (entries == NULL))
-	return (KRB5KRB_ERR_GENERIC);
+        return (KRB5KRB_ERR_GENERIC);
 
     ent = entries;
     upd = updates;
 
     slave = (context->kdblog_context != NULL) &&
-	    (context->kdblog_context->iproprole == IPROP_SLAVE);
+        (context->kdblog_context->iproprole == IPROP_SLAVE);
 
     for (k = 0; k < nentries; k++) {
-	krb5_principal mod_princ = NULL;
-	int i, j, cnt = 0, mod_time = 0, nattrs, nprincs = 0;
-	krb5_principal dbprinc;
-	char *dbprincstr = NULL;
-
-	krb5_tl_data *newtl = NULL;
-	krb5_error_code ret;
-	unsigned int more;
-	unsigned int prev_n_keys = 0;
-
-	/*
-	 * If the ulog entry represents a DELETE update,
-	 * just skip to the next entry.
-	 */
-	if (upd->kdb_deleted == TRUE)
-	    goto next;
-
-	/*
-	 * Store the no. of changed attributes in nattrs
-	 */
-	nattrs = upd->kdb_update.kdbe_t_len;
-
-	dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len + 1)
-			    * sizeof (char));
-	if (dbprincstr == NULL)
-	    return (ENOMEM);
-	strncpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val,
-		upd->kdb_princ_name.utf8str_t_len);
-	dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0;
-
-	ret = krb5_parse_name(context, dbprincstr, &dbprinc);
-	free(dbprincstr);
-	if (ret)
-	    return (ret);
-
-	ret = krb5_db_get_principal(context, dbprinc, ent, &nprincs,
-				    &more);
-	krb5_free_principal(context, dbprinc);
-	if (ret)
-	    return (ret);
-
-	/*
-	 * Set ent->n_tl_data = 0 initially, if this is an ADD update
-	 */
-	if (nprincs == 0)
-	    ent->n_tl_data = 0;
-
-	for (i = 0; i < nattrs; i++) {
-	    krb5_principal tmpprinc = NULL;
+        krb5_principal mod_princ = NULL;
+        int i, j, cnt = 0, mod_time = 0, nattrs, nprincs = 0;
+        krb5_principal dbprinc;
+        char *dbprincstr = NULL;
+
+        krb5_tl_data *newtl = NULL;
+        krb5_error_code ret;
+        unsigned int more;
+        unsigned int prev_n_keys = 0;
+
+        /*
+         * If the ulog entry represents a DELETE update,
+         * just skip to the next entry.
+         */
+        if (upd->kdb_deleted == TRUE)
+            goto next;
+
+        /*
+         * Store the no. of changed attributes in nattrs
+         */
+        nattrs = upd->kdb_update.kdbe_t_len;
+
+        dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len + 1)
+                            * sizeof (char));
+        if (dbprincstr == NULL)
+            return (ENOMEM);
+        strncpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val,
+                upd->kdb_princ_name.utf8str_t_len);
+        dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0;
+
+        ret = krb5_parse_name(context, dbprincstr, &dbprinc);
+        free(dbprincstr);
+        if (ret)
+            return (ret);
+
+        ret = krb5_db_get_principal(context, dbprinc, ent, &nprincs,
+                                    &more);
+        krb5_free_principal(context, dbprinc);
+        if (ret)
+            return (ret);
+
+        /*
+         * Set ent->n_tl_data = 0 initially, if this is an ADD update
+         */
+        if (nprincs == 0)
+            ent->n_tl_data = 0;
+
+        for (i = 0; i < nattrs; i++) {
+            krb5_principal tmpprinc = NULL;
 
 #define u (ULOG_ENTRY(upd, i))
-	    switch (ULOG_ENTRY_TYPE(upd, i).av_type) {
-	    case AT_ATTRFLAGS:
-		ent->attributes = (krb5_flags) u.av_attrflags;
-		break;
-
-	    case AT_MAX_LIFE:
-		ent->max_life = (krb5_deltat) u.av_max_life;
-		break;
-
-	    case AT_MAX_RENEW_LIFE:
-		ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life;
-		break;
-
-	    case AT_EXP:
-		ent->expiration = (krb5_timestamp) u.av_exp;
-		break;
-
-	    case AT_PW_EXP:
-		ent->pw_expiration = (krb5_timestamp) u.av_pw_exp;
-		break;
-
-	    case AT_LAST_SUCCESS:
-		if (!slave)
-		    ent->last_success = (krb5_timestamp) u.av_last_success;
-		break;
-
-	    case AT_LAST_FAILED:
-		if (!slave)
-		    ent->last_failed = (krb5_timestamp) u.av_last_failed;
-		break;
-
-	    case AT_FAIL_AUTH_COUNT:
-		if (!slave)
-		    ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count;
-		break;
-
-	    case AT_PRINC:
-		tmpprinc = conv_princ_2db(context, &u.av_princ);
-		if (tmpprinc == NULL)
-		    return ENOMEM;
-		if (nprincs)
-		    krb5_free_principal(context, ent->princ);
-		ent->princ = tmpprinc;
-		break;
-
-	    case AT_KEYDATA:
-		if (nprincs != 0)
-		    prev_n_keys = ent->n_key_data;
-		else
-		    prev_n_keys = 0;
-		ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len;
-		if (nprincs == 0)
-		    ent->key_data = NULL;
-
-		ent->key_data = (krb5_key_data *)realloc(ent->key_data,
-							 (ent->n_key_data *
-							  sizeof (krb5_key_data)));
-		/* XXX Memory leak: Old key data in
-		   records eliminated by resizing to
-		   smaller size.  */
-		if (ent->key_data == NULL)
-		    /* XXX Memory leak: old storage.  */
-		    return (ENOMEM);
+            switch (ULOG_ENTRY_TYPE(upd, i).av_type) {
+            case AT_ATTRFLAGS:
+                ent->attributes = (krb5_flags) u.av_attrflags;
+                break;
+
+            case AT_MAX_LIFE:
+                ent->max_life = (krb5_deltat) u.av_max_life;
+                break;
+
+            case AT_MAX_RENEW_LIFE:
+                ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life;
+                break;
+
+            case AT_EXP:
+                ent->expiration = (krb5_timestamp) u.av_exp;
+                break;
+
+            case AT_PW_EXP:
+                ent->pw_expiration = (krb5_timestamp) u.av_pw_exp;
+                break;
+
+            case AT_LAST_SUCCESS:
+                if (!slave)
+                    ent->last_success = (krb5_timestamp) u.av_last_success;
+                break;
+
+            case AT_LAST_FAILED:
+                if (!slave)
+                    ent->last_failed = (krb5_timestamp) u.av_last_failed;
+                break;
+
+            case AT_FAIL_AUTH_COUNT:
+                if (!slave)
+                    ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count;
+                break;
+
+            case AT_PRINC:
+                tmpprinc = conv_princ_2db(context, &u.av_princ);
+                if (tmpprinc == NULL)
+                    return ENOMEM;
+                if (nprincs)
+                    krb5_free_principal(context, ent->princ);
+                ent->princ = tmpprinc;
+                break;
+
+            case AT_KEYDATA:
+                if (nprincs != 0)
+                    prev_n_keys = ent->n_key_data;
+                else
+                    prev_n_keys = 0;
+                ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len;
+                if (nprincs == 0)
+                    ent->key_data = NULL;
+
+                ent->key_data = (krb5_key_data *)realloc(ent->key_data,
+                                                         (ent->n_key_data *
+                                                          sizeof (krb5_key_data)));
+                /* XXX Memory leak: Old key data in
+                   records eliminated by resizing to
+                   smaller size.  */
+                if (ent->key_data == NULL)
+                    /* XXX Memory leak: old storage.  */
+                    return (ENOMEM);
 
 /* BEGIN CSTYLED */
-		for (j = prev_n_keys; j < ent->n_key_data; j++) {
-		    for (cnt = 0; cnt < 2; cnt++) {
-			ent->key_data[j].key_data_contents[cnt] = NULL;
-		    }
-		}
-		for (j = 0; j < ent->n_key_data; j++) {
-		    krb5_key_data *kp = &ent->key_data[j];
-		    kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(upd, i, j);
-		    kp->key_data_ver = (krb5_int16)kv->k_ver;
-		    kp->key_data_kvno = (krb5_int16)kv->k_kvno;
-		    if (kp->key_data_ver > 2) {
-			return EINVAL; /* XXX ? */
-		    }
-
-		    for (cnt = 0; cnt < kp->key_data_ver; cnt++) {
-			void *newptr;
-			kp->key_data_type[cnt] =  (krb5_int16)kv->k_enctype.k_enctype_val[cnt];
-			kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len;
-			newptr = realloc(kp->key_data_contents[cnt],
-					 kp->key_data_length[cnt]);
-			if (newptr == NULL)
-			    return ENOMEM;
-			kp->key_data_contents[cnt] = newptr;
-
-			(void) memset(kp->key_data_contents[cnt], 0,
-				      kp->key_data_length[cnt]);
-			(void) memcpy(kp->key_data_contents[cnt],
-				      kv->k_contents.k_contents_val[cnt].utf8str_t_val,
-				      kp->key_data_length[cnt]);
-		    }
-		}
-		break;
-
-	    case AT_TL_DATA: {
-		int t;
-
-		cnt = u.av_tldata.av_tldata_len;
-		newtl = calloc(cnt, sizeof (krb5_tl_data));
-		if (newtl == NULL)
-		    return (ENOMEM);
-
-		for (j = 0, t = 0; j < cnt; j++) {
-		    newtl[t].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type;
-		    newtl[t].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len;
-		    newtl[t].tl_data_contents = malloc(newtl[t].tl_data_length * sizeof (krb5_octet));
-		    if (newtl[t].tl_data_contents == NULL)
-			/* XXX Memory leak: newtl
-			   and previously
-			   allocated elements.  */
-			return (ENOMEM);
-
-		    (void) memcpy(newtl[t].tl_data_contents, u.av_tldata.av_tldata_val[t].tl_data.tl_data_val, newtl[t].tl_data_length);
-		    newtl[t].tl_data_next = NULL;
-		    if (t > 0)
-			newtl[t - 1].tl_data_next = &newtl[t];
-		    t++;
-		}
-
-		if ((ret = krb5_dbe_update_tl_data(context, ent, newtl)))
-		    return (ret);
-		for (j = 0; j < t; j++)
-		    if (newtl[j].tl_data_contents) {
-			free(newtl[j].tl_data_contents);
-			newtl[j].tl_data_contents = NULL;
-		    }
-		if (newtl) {
-		    free(newtl);
-		    newtl = NULL;
-		}
-		break;
+                for (j = prev_n_keys; j < ent->n_key_data; j++) {
+                    for (cnt = 0; cnt < 2; cnt++) {
+                        ent->key_data[j].key_data_contents[cnt] = NULL;
+                    }
+                }
+                for (j = 0; j < ent->n_key_data; j++) {
+                    krb5_key_data *kp = &ent->key_data[j];
+                    kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(upd, i, j);
+                    kp->key_data_ver = (krb5_int16)kv->k_ver;
+                    kp->key_data_kvno = (krb5_int16)kv->k_kvno;
+                    if (kp->key_data_ver > 2) {
+                        return EINVAL; /* XXX ? */
+                    }
+
+                    for (cnt = 0; cnt < kp->key_data_ver; cnt++) {
+                        void *newptr;
+                        kp->key_data_type[cnt] =  (krb5_int16)kv->k_enctype.k_enctype_val[cnt];
+                        kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len;
+                        newptr = realloc(kp->key_data_contents[cnt],
+                                         kp->key_data_length[cnt]);
+                        if (newptr == NULL)
+                            return ENOMEM;
+                        kp->key_data_contents[cnt] = newptr;
+
+                        (void) memset(kp->key_data_contents[cnt], 0,
+                                      kp->key_data_length[cnt]);
+                        (void) memcpy(kp->key_data_contents[cnt],
+                                      kv->k_contents.k_contents_val[cnt].utf8str_t_val,
+                                      kp->key_data_length[cnt]);
+                    }
+                }
+                break;
+
+            case AT_TL_DATA: {
+                int t;
+
+                cnt = u.av_tldata.av_tldata_len;
+                newtl = calloc(cnt, sizeof (krb5_tl_data));
+                if (newtl == NULL)
+                    return (ENOMEM);
+
+                for (j = 0, t = 0; j < cnt; j++) {
+                    newtl[t].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type;
+                    newtl[t].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len;
+                    newtl[t].tl_data_contents = malloc(newtl[t].tl_data_length * sizeof (krb5_octet));
+                    if (newtl[t].tl_data_contents == NULL)
+                        /* XXX Memory leak: newtl
+                           and previously
+                           allocated elements.  */
+                        return (ENOMEM);
+
+                    (void) memcpy(newtl[t].tl_data_contents, u.av_tldata.av_tldata_val[t].tl_data.tl_data_val, newtl[t].tl_data_length);
+                    newtl[t].tl_data_next = NULL;
+                    if (t > 0)
+                        newtl[t - 1].tl_data_next = &newtl[t];
+                    t++;
+                }
+
+                if ((ret = krb5_dbe_update_tl_data(context, ent, newtl)))
+                    return (ret);
+                for (j = 0; j < t; j++)
+                    if (newtl[j].tl_data_contents) {
+                        free(newtl[j].tl_data_contents);
+                        newtl[j].tl_data_contents = NULL;
+                    }
+                if (newtl) {
+                    free(newtl);
+                    newtl = NULL;
+                }
+                break;
 /* END CSTYLED */
-	    }
-	    case AT_PW_LAST_CHANGE:
-		if ((ret = krb5_dbe_update_last_pwd_change(context, ent,
-							   u.av_pw_last_change)))
-		    return (ret);
-		break;
-
-	    case AT_MOD_PRINC:
-		tmpprinc = conv_princ_2db(context, &u.av_mod_princ);
-		if (tmpprinc == NULL)
-		    return ENOMEM;
-		mod_princ = tmpprinc;
-		break;
-
-	    case AT_MOD_TIME:
-		mod_time = u.av_mod_time;
-		break;
-
-	    case AT_LEN:
-		ent->len = (krb5_int16) u.av_len;
-		break;
-
-	    default:
-		break;
-	    }
+            }
+            case AT_PW_LAST_CHANGE:
+                if ((ret = krb5_dbe_update_last_pwd_change(context, ent,
+                                                           u.av_pw_last_change)))
+                    return (ret);
+                break;
+
+            case AT_MOD_PRINC:
+                tmpprinc = conv_princ_2db(context, &u.av_mod_princ);
+                if (tmpprinc == NULL)
+                    return ENOMEM;
+                mod_princ = tmpprinc;
+                break;
+
+            case AT_MOD_TIME:
+                mod_time = u.av_mod_time;
+                break;
+
+            case AT_LEN:
+                ent->len = (krb5_int16) u.av_len;
+                break;
+
+            default:
+                break;
+            }
 #undef u
-	}
-
-	/*
-	 * process mod_princ_data request
-	 */
-	if (mod_time && mod_princ) {
-	    ret = krb5_dbe_update_mod_princ_data(context, ent,
-						 mod_time, mod_princ);
-	    krb5_free_principal(context, mod_princ);
-	    mod_princ = NULL;
-	    if (ret)
-		return (ret);
-	}
+        }
+
+        /*
+         * process mod_princ_data request
+         */
+        if (mod_time && mod_princ) {
+            ret = krb5_dbe_update_mod_princ_data(context, ent,
+                                                 mod_time, mod_princ);
+            krb5_free_principal(context, mod_princ);
+            mod_princ = NULL;
+            if (ret)
+                return (ret);
+        }
 
     next:
-	/*
-	 * Bump up to next struct
-	 */
-	upd++;
-	ent++;
+        /*
+         * Bump up to next struct
+         */
+        upd++;
+        ent++;
     }
     return (0);
 }
@@ -881,7 +882,7 @@ ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates)
     int i, j, k, cnt;
 
     if (updates == NULL)
-	return;
+        return;
 
     upd = updates;
 
@@ -890,127 +891,127 @@ ulog_free_entries(kdb_incr_update_t *updates, int no_of_updates)
      */
     for (cnt = 0; cnt < no_of_updates; cnt++) {
 
-	/*
-	 * ulog entry - kdb_princ_name
-	 */
-	free(upd->kdb_princ_name.utf8str_t_val);
+        /*
+         * ulog entry - kdb_princ_name
+         */
+        free(upd->kdb_princ_name.utf8str_t_val);
 
 /* BEGIN CSTYLED */
 
-	/*
-	 * ulog entry - kdb_kdcs_seen_by
-	 */
-	if (upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val) {
-	    for (i = 0; i < upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len; i++)
-		free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val[i].utf8str_t_val);
-	    free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val);
-	}
-
-	/*
-	 * ulog entry - kdb_futures
-	 */
-	free(upd->kdb_futures.kdb_futures_val);
-
-	/*
-	 * ulog entry - kdb_update
-	 */
-	if (upd->kdb_update.kdbe_t_val) {
-	    /*
-	     * Loop thru all the attributes and free up stuff
-	     */
-	    for (i = 0; i < upd->kdb_update.kdbe_t_len; i++) {
-
-		/*
-		 * Free av_key_data
-		 */
-		if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_KEYDATA) && ULOG_ENTRY(upd, i).av_keydata.av_keydata_val) {
-
-		    for (j = 0; j < ULOG_ENTRY(upd, i).av_keydata.av_keydata_len; j++) {
-			free(ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val);
-			if (ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val) {
-			    for (k = 0; k < ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; k++) {
-				free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[k].utf8str_t_val);
-			    }
-			    free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val);
-			}
-		    }
-		    free(ULOG_ENTRY(upd, i).av_keydata.av_keydata_val);
-		}
-
-
-		/*
-		 * Free av_tl_data
-		 */
-		if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_TL_DATA) && ULOG_ENTRY(upd, i).av_tldata.av_tldata_val) {
-		    for (j = 0; j < ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; j++) {
-			free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val);
-		    }
-		    free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val);
-		}
-
-		/*
-		 * Free av_princ
-		 */
-		if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_PRINC) {
-		    free(ULOG_ENTRY(upd, i).av_princ.k_realm.utf8str_t_val);
-		    if (ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val) {
-			for (j = 0; j < ULOG_ENTRY(upd, i).av_princ.k_components.k_components_len; j++) {
-			    free(ULOG_ENTRY_PRINC(upd, i, j).k_data.utf8str_t_val);
-			}
-			free(ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val);
-		    }
-		}
-
-		/*
-		 * Free av_mod_princ
-		 */
-		if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_PRINC) {
-		    free(ULOG_ENTRY(upd, i).av_mod_princ.k_realm.utf8str_t_val);
-		    if (ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val) {
-			for (j = 0; j < ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_len; j++) {
-			    free(ULOG_ENTRY_MOD_PRINC(upd, i, j).k_data.utf8str_t_val);
-			}
-			free(ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val);
-		    }
-		}
-
-		/*
-		 * Free av_mod_where
-		 */
-		if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_WHERE) && ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val)
-		    free(ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val);
-
-		/*
-		 * Free av_pw_policy
-		 */
-		if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_POLICY) && ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val)
-		    free(ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val);
-
-		/* 
-		 * XXX: Free av_pw_hist
-		 *
-		 * For now, we just free the pointer
-		 * to av_pw_hist_val, since we aren't
-		 * populating this union member in
-		 * the conv api function(s) anyways.
-		 */
-		if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_HIST) && ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val)
-		    free(ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val);
-
-	    }
-
-	    /*
-	     * Free up the pointer to kdbe_t_val
-	     */
-	    free(upd->kdb_update.kdbe_t_val);
-	}
+        /*
+         * ulog entry - kdb_kdcs_seen_by
+         */
+        if (upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val) {
+            for (i = 0; i < upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_len; i++)
+                free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val[i].utf8str_t_val);
+            free(upd->kdb_kdcs_seen_by.kdb_kdcs_seen_by_val);
+        }
+
+        /*
+         * ulog entry - kdb_futures
+         */
+        free(upd->kdb_futures.kdb_futures_val);
+
+        /*
+         * ulog entry - kdb_update
+         */
+        if (upd->kdb_update.kdbe_t_val) {
+            /*
+             * Loop thru all the attributes and free up stuff
+             */
+            for (i = 0; i < upd->kdb_update.kdbe_t_len; i++) {
+
+                /*
+                 * Free av_key_data
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_KEYDATA) && ULOG_ENTRY(upd, i).av_keydata.av_keydata_val) {
+
+                    for (j = 0; j < ULOG_ENTRY(upd, i).av_keydata.av_keydata_len; j++) {
+                        free(ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val);
+                        if (ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val) {
+                            for (k = 0; k < ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; k++) {
+                                free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[k].utf8str_t_val);
+                            }
+                            free(ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val);
+                        }
+                    }
+                    free(ULOG_ENTRY(upd, i).av_keydata.av_keydata_val);
+                }
+
+
+                /*
+                 * Free av_tl_data
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_TL_DATA) && ULOG_ENTRY(upd, i).av_tldata.av_tldata_val) {
+                    for (j = 0; j < ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; j++) {
+                        free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val);
+                    }
+                    free(ULOG_ENTRY(upd, i).av_tldata.av_tldata_val);
+                }
+
+                /*
+                 * Free av_princ
+                 */
+                if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_PRINC) {
+                    free(ULOG_ENTRY(upd, i).av_princ.k_realm.utf8str_t_val);
+                    if (ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val) {
+                        for (j = 0; j < ULOG_ENTRY(upd, i).av_princ.k_components.k_components_len; j++) {
+                            free(ULOG_ENTRY_PRINC(upd, i, j).k_data.utf8str_t_val);
+                        }
+                        free(ULOG_ENTRY(upd, i).av_princ.k_components.k_components_val);
+                    }
+                }
+
+                /*
+                 * Free av_mod_princ
+                 */
+                if (ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_PRINC) {
+                    free(ULOG_ENTRY(upd, i).av_mod_princ.k_realm.utf8str_t_val);
+                    if (ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val) {
+                        for (j = 0; j < ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_len; j++) {
+                            free(ULOG_ENTRY_MOD_PRINC(upd, i, j).k_data.utf8str_t_val);
+                        }
+                        free(ULOG_ENTRY(upd, i).av_mod_princ.k_components.k_components_val);
+                    }
+                }
+
+                /*
+                 * Free av_mod_where
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_MOD_WHERE) && ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val)
+                    free(ULOG_ENTRY(upd, i).av_mod_where.utf8str_t_val);
+
+                /*
+                 * Free av_pw_policy
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_POLICY) && ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val)
+                    free(ULOG_ENTRY(upd, i).av_pw_policy.utf8str_t_val);
+
+                /*
+                 * XXX: Free av_pw_hist
+                 *
+                 * For now, we just free the pointer
+                 * to av_pw_hist_val, since we aren't
+                 * populating this union member in
+                 * the conv api function(s) anyways.
+                 */
+                if ((ULOG_ENTRY_TYPE(upd, i).av_type == AT_PW_HIST) && ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val)
+                    free(ULOG_ENTRY(upd, i).av_pw_hist.av_pw_hist_val);
+
+            }
+
+            /*
+             * Free up the pointer to kdbe_t_val
+             */
+            free(upd->kdb_update.kdbe_t_val);
+        }
 
 /* END CSTYLED */
 
-	/*
-	 * Bump up to next struct
-	 */
-	upd++;
+        /*
+         * Bump up to next struct
+         */
+        upd++;
     }
 
 
diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index 55e8199d2..723d98eaf 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -1,14 +1,15 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_cpw.c
  *
- * Copyright 1995, 2009 by the Massachusetts Institute of Technology. 
+ * Copyright 1995, 2009 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,19 +23,19 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -45,7 +46,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -58,25 +59,25 @@
 
 int
 krb5_db_get_key_data_kvno(context, count, data)
-    krb5_context	  context;
-    int			  count;
-    krb5_key_data	* data;
+    krb5_context          context;
+    int                   count;
+    krb5_key_data       * data;
 {
     int i, kvno;
     /* Find last key version number */
     for (kvno = i = 0; i < count; i++) {
-	if (kvno < data[i].key_data_kvno) {
-	    kvno = data[i].key_data_kvno;
-	}
+        if (kvno < data[i].key_data_kvno) {
+            kvno = data[i].key_data_kvno;
+        }
     }
     return(kvno);
 }
 
 static void
 cleanup_key_data(context, count, data)
-    krb5_context	  context;
-    int			  count;
-    krb5_key_data	* data;
+    krb5_context          context;
+    int                   count;
+    krb5_key_data       * data;
 {
     int i, j;
 
@@ -84,30 +85,30 @@ cleanup_key_data(context, count, data)
     if (data == NULL) return;
 
     for (i = 0; i < count; i++) {
-	for (j = 0; j < data[i].key_data_ver; j++) {
-	    if (data[i].key_data_length[j]) {
-	    	krb5_db_free(context, data[i].key_data_contents[j]);
-	    }
-	}
+        for (j = 0; j < data[i].key_data_ver; j++) {
+            if (data[i].key_data_length[j]) {
+                krb5_db_free(context, data[i].key_data_contents[j]);
+            }
+        }
     }
     krb5_db_free(context, data);
 }
 
 static krb5_error_code
 add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno)
-    krb5_context	  context;
+    krb5_context          context;
     krb5_keyblock       * master_key;
-    krb5_key_salt_tuple	* ks_tuple;
-    int			  ks_tuple_count;
-    krb5_db_entry	* db_entry;
-    int			  kvno;
+    krb5_key_salt_tuple * ks_tuple;
+    int                   ks_tuple_count;
+    krb5_db_entry       * db_entry;
+    int                   kvno;
 {
-    krb5_principal	  krbtgt_princ;
-    krb5_keyblock	  key;
-    krb5_db_entry	  krbtgt_entry;
-    krb5_boolean	  more;
-    int			  max_kvno, one, i, j, k;
-    krb5_error_code	  retval;
+    krb5_principal        krbtgt_princ;
+    krb5_keyblock         key;
+    krb5_db_entry         krbtgt_entry;
+    krb5_boolean          more;
+    int                   max_kvno, one, i, j, k;
+    krb5_error_code       retval;
     krb5_key_data         tmp_key_data;
     krb5_key_data        *tptr;
 
@@ -115,111 +116,111 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno)
 
 
     retval = krb5_build_principal_ext(context, &krbtgt_princ,
-				      db_entry->princ->realm.length,
-				      db_entry->princ->realm.data,
-				      KRB5_TGS_NAME_SIZE,
-				      KRB5_TGS_NAME,
-				      db_entry->princ->realm.length,
-				      db_entry->princ->realm.data,
-				      0);
+                                      db_entry->princ->realm.length,
+                                      db_entry->princ->realm.data,
+                                      KRB5_TGS_NAME_SIZE,
+                                      KRB5_TGS_NAME,
+                                      db_entry->princ->realm.length,
+                                      db_entry->princ->realm.data,
+                                      0);
     if (retval)
-	return retval;
+        return retval;
 
     /* Get tgt from database */
     retval = krb5_db_get_principal(context, krbtgt_princ, &krbtgt_entry,
-				   &one, &more);
+                                   &one, &more);
     krb5_free_principal(context, krbtgt_princ); /* don't need it anymore */
     if (retval)
-	return(retval);
+        return(retval);
     if ((one > 1) || (more)) {
-	krb5_db_free_principal(context, &krbtgt_entry, one);
-	return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
+        krb5_db_free_principal(context, &krbtgt_entry, one);
+        return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE;
     }
-    if (!one) 
-	return KRB5_KDB_NOENTRY;
+    if (!one)
+        return KRB5_KDB_NOENTRY;
 
     /* Get max kvno */
     for (max_kvno = j = 0; j < krbtgt_entry.n_key_data; j++) {
-	 if (max_kvno < krbtgt_entry.key_data[j].key_data_kvno) {
-	     max_kvno = krbtgt_entry.key_data[j].key_data_kvno;
-	}
+        if (max_kvno < krbtgt_entry.key_data[j].key_data_kvno) {
+            max_kvno = krbtgt_entry.key_data[j].key_data_kvno;
+        }
     }
 
     for (i = 0; i < ks_tuple_count; i++) {
-	krb5_boolean similar;
-
-	similar = 0;
-
-	/*
-	 * We could use krb5_keysalt_iterate to replace this loop, or use
-	 * krb5_keysalt_is_present for the loop below, but we want to avoid
-	 * circular library dependencies.
-	 */
-	for (j = 0; j < i; j++) {
-	    if ((retval = krb5_c_enctype_compare(context,
-						 ks_tuple[i].ks_enctype,
-						 ks_tuple[j].ks_enctype,
-						 &similar)))
-		return(retval);
-
-	    if (similar)
-		break;
-	}
-
-	if (similar)
-	    continue;
-
-        if ((retval = krb5_dbe_create_key_data(context, db_entry))) 
-	    goto add_key_rnd_err;
-
-	/* there used to be code here to extract the old key, and derive
-	   a new key from it.  Now that there's a unified prng, that isn't
-	   necessary. */
-
-	/* make new key */
-	if ((retval = krb5_c_make_random_key(context, ks_tuple[i].ks_enctype,
-					     &key)))
-	    goto add_key_rnd_err;
-
-
-	/* db library will free this. Since, its a so, it could actually be using different memory management
-	   function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used
-	   here which will later be copied to the db_entry */
-    	retval = krb5_dbekd_encrypt_key_data(context, master_key, 
-					     &key, NULL, kvno, 
-					     &tmp_key_data); 
-
-	krb5_free_keyblock_contents(context, &key);
-	if( retval )
-	    goto add_key_rnd_err;
-
-	tptr = &db_entry->key_data[db_entry->n_key_data-1];
-
-	tptr->key_data_ver = tmp_key_data.key_data_ver;
-	tptr->key_data_kvno = tmp_key_data.key_data_kvno;
-
-	for( k = 0; k < tmp_key_data.key_data_ver; k++ )
-	{
-	    tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
-	    tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
-	    if( tmp_key_data.key_data_contents[k] )
-	    {
-		tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]);
-		if( tptr->key_data_contents[k] == NULL )
-		{
-		    cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
-		    db_entry->key_data = NULL;
-		    db_entry->n_key_data = 0;
-		    retval = ENOMEM;
-		    goto add_key_rnd_err;
-		}
-		memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
-
-		memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
-		free( tmp_key_data.key_data_contents[k] );
-		tmp_key_data.key_data_contents[k] = NULL;
-	    }
-	}
+        krb5_boolean similar;
+
+        similar = 0;
+
+        /*
+         * We could use krb5_keysalt_iterate to replace this loop, or use
+         * krb5_keysalt_is_present for the loop below, but we want to avoid
+         * circular library dependencies.
+         */
+        for (j = 0; j < i; j++) {
+            if ((retval = krb5_c_enctype_compare(context,
+                                                 ks_tuple[i].ks_enctype,
+                                                 ks_tuple[j].ks_enctype,
+                                                 &similar)))
+                return(retval);
+
+            if (similar)
+                break;
+        }
+
+        if (similar)
+            continue;
+
+        if ((retval = krb5_dbe_create_key_data(context, db_entry)))
+            goto add_key_rnd_err;
+
+        /* there used to be code here to extract the old key, and derive
+           a new key from it.  Now that there's a unified prng, that isn't
+           necessary. */
+
+        /* make new key */
+        if ((retval = krb5_c_make_random_key(context, ks_tuple[i].ks_enctype,
+                                             &key)))
+            goto add_key_rnd_err;
+
+
+        /* db library will free this. Since, its a so, it could actually be using different memory management
+           function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used
+           here which will later be copied to the db_entry */
+        retval = krb5_dbekd_encrypt_key_data(context, master_key,
+                                             &key, NULL, kvno,
+                                             &tmp_key_data);
+
+        krb5_free_keyblock_contents(context, &key);
+        if( retval )
+            goto add_key_rnd_err;
+
+        tptr = &db_entry->key_data[db_entry->n_key_data-1];
+
+        tptr->key_data_ver = tmp_key_data.key_data_ver;
+        tptr->key_data_kvno = tmp_key_data.key_data_kvno;
+
+        for( k = 0; k < tmp_key_data.key_data_ver; k++ )
+        {
+            tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
+            tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
+            if( tmp_key_data.key_data_contents[k] )
+            {
+                tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]);
+                if( tptr->key_data_contents[k] == NULL )
+                {
+                    cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+                    db_entry->key_data = NULL;
+                    db_entry->n_key_data = 0;
+                    retval = ENOMEM;
+                    goto add_key_rnd_err;
+                }
+                memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+
+                memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
+                free( tmp_key_data.key_data_contents[k] );
+                tmp_key_data.key_data_contents[k] = NULL;
+            }
+        }
 
     }
 
@@ -228,40 +229,40 @@ add_key_rnd_err:
 
     for( i = 0; i < tmp_key_data.key_data_ver; i++ )
     {
-	if( tmp_key_data.key_data_contents[i] )
-	{
-	    memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
-	    free( tmp_key_data.key_data_contents[i] );
-	}
+        if( tmp_key_data.key_data_contents[i] )
+        {
+            memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
+            free( tmp_key_data.key_data_contents[i] );
+        }
     }
     return(retval);
 }
 
 /*
- * Change random key for a krb5_db_entry 
+ * Change random key for a krb5_db_entry
  * Assumes the max kvno
  *
  * As a side effect all old keys are nuked if keepold is false.
  */
 krb5_error_code
 krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry)
-    krb5_context	  context;
+    krb5_context          context;
     krb5_keyblock       * master_key;
-    krb5_key_salt_tuple	* ks_tuple;
-    int			  ks_tuple_count;
-    krb5_boolean	  keepold;
-    krb5_db_entry	* db_entry;
+    krb5_key_salt_tuple * ks_tuple;
+    int                   ks_tuple_count;
+    krb5_boolean          keepold;
+    krb5_db_entry       * db_entry;
 {
-    int 		  key_data_count;
-    int			  n_new_key_data;
-    krb5_key_data 	* key_data;
-    krb5_error_code	  retval;
-    int			  kvno;
-    int			  i;
+    int                   key_data_count;
+    int                   n_new_key_data;
+    krb5_key_data       * key_data;
+    krb5_error_code       retval;
+    int                   kvno;
+    int                   i;
 
     /* First save the old keydata */
     kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data,
-				     db_entry->key_data);
+                                     db_entry->key_data);
     key_data_count = db_entry->n_key_data;
     key_data = db_entry->key_data;
     db_entry->key_data = NULL;
@@ -271,53 +272,53 @@ krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry)
     kvno++;
 
     retval = add_key_rnd(context, master_key, ks_tuple,
-			 ks_tuple_count, db_entry, kvno);
+                         ks_tuple_count, db_entry, kvno);
     if (retval) {
-	cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
-	db_entry->n_key_data = key_data_count;
-	db_entry->key_data = key_data;
+        cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+        db_entry->n_key_data = key_data_count;
+        db_entry->key_data = key_data;
     } else if (keepold) {
-	n_new_key_data = db_entry->n_key_data;
-	for (i = 0; i < key_data_count; i++) {
-	    retval = krb5_dbe_create_key_data(context, db_entry);
-	    if (retval) {
-		cleanup_key_data(context, db_entry->n_key_data,
-				 db_entry->key_data);
-		break;
-	    }
-	    db_entry->key_data[i+n_new_key_data] = key_data[i];
-	    memset(&key_data[i], 0, sizeof(krb5_key_data));
-	}
-	krb5_db_free(context, key_data); /* we moved the cotents to new memory. But, the original block which contained the data */
+        n_new_key_data = db_entry->n_key_data;
+        for (i = 0; i < key_data_count; i++) {
+            retval = krb5_dbe_create_key_data(context, db_entry);
+            if (retval) {
+                cleanup_key_data(context, db_entry->n_key_data,
+                                 db_entry->key_data);
+                break;
+            }
+            db_entry->key_data[i+n_new_key_data] = key_data[i];
+            memset(&key_data[i], 0, sizeof(krb5_key_data));
+        }
+        krb5_db_free(context, key_data); /* we moved the cotents to new memory. But, the original block which contained the data */
     } else {
-	cleanup_key_data(context, key_data_count, key_data);
+        cleanup_key_data(context, key_data_count, key_data);
     }
     return(retval);
 }
 
 /*
- * Add random key for a krb5_db_entry 
+ * Add random key for a krb5_db_entry
  * Assumes the max kvno
  *
  * As a side effect all old keys older than the max kvno are nuked.
  */
 krb5_error_code
 krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry)
-    krb5_context	  context;
+    krb5_context          context;
     krb5_keyblock       * master_key;
-    krb5_key_salt_tuple	* ks_tuple;
-    int			  ks_tuple_count;
-    krb5_db_entry	* db_entry;
+    krb5_key_salt_tuple * ks_tuple;
+    int                   ks_tuple_count;
+    krb5_db_entry       * db_entry;
 {
-    int 		  key_data_count;
-    krb5_key_data 	* key_data;
-    krb5_error_code	  retval;
-    int			  kvno;
-    int			  i;
+    int                   key_data_count;
+    krb5_key_data       * key_data;
+    krb5_error_code       retval;
+    int                   kvno;
+    int                   i;
 
     /* First save the old keydata */
     kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data,
-				     db_entry->key_data);
+                                     db_entry->key_data);
     key_data_count = db_entry->n_key_data;
     key_data = db_entry->key_data;
     db_entry->key_data = NULL;
@@ -326,50 +327,50 @@ krb5_dbe_ark(context, master_key, ks_tuple, ks_tuple_count, db_entry)
     /* increment the kvno */
     kvno++;
 
-    if ((retval = add_key_rnd(context, master_key, ks_tuple, 
-			     ks_tuple_count, db_entry, kvno))) {
-	cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
-	db_entry->n_key_data = key_data_count;
-	db_entry->key_data = key_data;
+    if ((retval = add_key_rnd(context, master_key, ks_tuple,
+                              ks_tuple_count, db_entry, kvno))) {
+        cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+        db_entry->n_key_data = key_data_count;
+        db_entry->key_data = key_data;
     } else {
-	/* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */
-	for (i = 0; i < key_data_count; i++) {
-	    if (key_data[i].key_data_kvno == (kvno - 1)) {
-		if ((retval = krb5_dbe_create_key_data(context, db_entry))) {
-		    cleanup_key_data(context, db_entry->n_key_data,
-				     db_entry->key_data);
-		    break;
-		}
-		/* We should decrypt/re-encrypt the data to use the same mkvno*/
-		db_entry->key_data[db_entry->n_key_data - 1] = key_data[i];
-		memset(&key_data[i], 0, sizeof(krb5_key_data));
-	    }
-	}
-	cleanup_key_data(context, key_data_count, key_data);
+        /* Copy keys with key_data_kvno == kvno - 1 ( = old kvno ) */
+        for (i = 0; i < key_data_count; i++) {
+            if (key_data[i].key_data_kvno == (kvno - 1)) {
+                if ((retval = krb5_dbe_create_key_data(context, db_entry))) {
+                    cleanup_key_data(context, db_entry->n_key_data,
+                                     db_entry->key_data);
+                    break;
+                }
+                /* We should decrypt/re-encrypt the data to use the same mkvno*/
+                db_entry->key_data[db_entry->n_key_data - 1] = key_data[i];
+                memset(&key_data[i], 0, sizeof(krb5_key_data));
+            }
+        }
+        cleanup_key_data(context, key_data_count, key_data);
     }
     return(retval);
 }
 
 /*
- * Add key_data for a krb5_db_entry 
+ * Add key_data for a krb5_db_entry
  * If passwd is NULL the assumes that the caller wants a random password.
  */
 static krb5_error_code
-add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, 
-	    db_entry, kvno)
-    krb5_context	  context;
+add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
+            db_entry, kvno)
+    krb5_context          context;
     krb5_keyblock       * master_key;
-    krb5_key_salt_tuple	* ks_tuple;
-    int			  ks_tuple_count;
-    char 		* passwd;
-    krb5_db_entry	* db_entry;
-    int			  kvno;
+    krb5_key_salt_tuple * ks_tuple;
+    int                   ks_tuple_count;
+    char                * passwd;
+    krb5_db_entry       * db_entry;
+    int                   kvno;
 {
-    krb5_error_code	  retval;
-    krb5_keysalt	  key_salt;
-    krb5_keyblock	  key;
-    krb5_data	  	  pwd;
-    int			  i, j, k;
+    krb5_error_code       retval;
+    krb5_keysalt          key_salt;
+    krb5_keyblock         key;
+    krb5_data             pwd;
+    int                   i, j, k;
     krb5_key_data         tmp_key_data;
     krb5_key_data        *tptr;
 
@@ -378,229 +379,229 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
     retval = 0;
 
     for (i = 0; i < ks_tuple_count; i++) {
-	krb5_boolean similar;
-
-	similar = 0;
-
-	/*
-	 * We could use krb5_keysalt_iterate to replace this loop, or use
-	 * krb5_keysalt_is_present for the loop below, but we want to avoid
-	 * circular library dependencies.
-	 */
-	for (j = 0; j < i; j++) {
-	    if ((retval = krb5_c_enctype_compare(context,
-						 ks_tuple[i].ks_enctype,
-						 ks_tuple[j].ks_enctype,
-						 &similar)))
-		return(retval);
-
-	    if (similar &&
-		(ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype))
-		break;
-	}
-
-	if (j < i)
-	    continue;
-
-	if ((retval = krb5_dbe_create_key_data(context, db_entry))) 
-	    return(retval);
-
-	/* Convert password string to key using appropriate salt */
-	switch (key_salt.type = ks_tuple[i].ks_salttype) {
-    	case KRB5_KDB_SALTTYPE_ONLYREALM: {
+        krb5_boolean similar;
+
+        similar = 0;
+
+        /*
+         * We could use krb5_keysalt_iterate to replace this loop, or use
+         * krb5_keysalt_is_present for the loop below, but we want to avoid
+         * circular library dependencies.
+         */
+        for (j = 0; j < i; j++) {
+            if ((retval = krb5_c_enctype_compare(context,
+                                                 ks_tuple[i].ks_enctype,
+                                                 ks_tuple[j].ks_enctype,
+                                                 &similar)))
+                return(retval);
+
+            if (similar &&
+                (ks_tuple[j].ks_salttype == ks_tuple[i].ks_salttype))
+                break;
+        }
+
+        if (j < i)
+            continue;
+
+        if ((retval = krb5_dbe_create_key_data(context, db_entry)))
+            return(retval);
+
+        /* Convert password string to key using appropriate salt */
+        switch (key_salt.type = ks_tuple[i].ks_salttype) {
+        case KRB5_KDB_SALTTYPE_ONLYREALM: {
             krb5_data * saltdata;
             if ((retval = krb5_copy_data(context, krb5_princ_realm(context,
-					      db_entry->princ), &saltdata)))
-	 	return(retval);
-
-	    key_salt.data = *saltdata;
-	    free(saltdata);
-	}
-		break;
-    	case KRB5_KDB_SALTTYPE_NOREALM:
+                                                                   db_entry->princ), &saltdata)))
+                return(retval);
+
+            key_salt.data = *saltdata;
+            free(saltdata);
+        }
+            break;
+        case KRB5_KDB_SALTTYPE_NOREALM:
             if ((retval=krb5_principal2salt_norealm(context, db_entry->princ,
-						    &key_salt.data))) 
-		return(retval);
+                                                    &key_salt.data)))
+                return(retval);
             break;
-	case KRB5_KDB_SALTTYPE_NORMAL:
+        case KRB5_KDB_SALTTYPE_NORMAL:
             if ((retval = krb5_principal2salt(context, db_entry->princ,
-					      &key_salt.data))) 
-		return(retval);
+                                              &key_salt.data)))
+                return(retval);
             break;
-    	case KRB5_KDB_SALTTYPE_V4:
+        case KRB5_KDB_SALTTYPE_V4:
             key_salt.data.length = 0;
             key_salt.data.data = 0;
             break;
-    	case KRB5_KDB_SALTTYPE_AFS3:
-	    /* The afs_mit_string_to_key needs to use strlen, and the
-	       realm field is not (necessarily) NULL terminated.  */
-	    retval = krb5int_copy_data_contents_add0(context,
-						     krb5_princ_realm(context,
-								      db_entry->princ),
-						     &key_salt.data);
-	    if (retval)
-		return retval;
-	    key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/
-	    break;
-	default:
-	    return(KRB5_KDB_BAD_SALTTYPE);
-	}
-
-    	pwd.data = passwd;
-    	pwd.length = strlen(passwd);
-
-	/* AFS string to key will happen here */
-	if ((retval = krb5_c_string_to_key(context, ks_tuple[i].ks_enctype,
-					   &pwd, &key_salt.data, &key))) {
-	     if (key_salt.data.data)
-		  free(key_salt.data.data);
-	     return(retval);
-	}
-
-	if (key_salt.data.length == SALT_TYPE_AFS_LENGTH)
-	    key_salt.data.length = 
-	      krb5_princ_realm(context, db_entry->princ)->length;
-
-	/* memory allocation to be done by db. So, use temporary block and later copy
-	   it to the memory allocated by db */
-	retval = krb5_dbekd_encrypt_key_data(context, master_key, &key,
-					     (const krb5_keysalt *)&key_salt,
-					     kvno, &tmp_key_data);
-	if (key_salt.data.data)
-	    free(key_salt.data.data);
-	free(key.contents);
-
-	if( retval )
-	    return retval;
-
-	tptr = &db_entry->key_data[db_entry->n_key_data-1];
-
-	tptr->key_data_ver = tmp_key_data.key_data_ver;
-	tptr->key_data_kvno = tmp_key_data.key_data_kvno;
-
-	for( k = 0; k < tmp_key_data.key_data_ver; k++ )
-	{
-	    tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
-	    tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
-	    if( tmp_key_data.key_data_contents[k] )
-	    {
-		tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]);
-		if( tptr->key_data_contents[k] == NULL )
-		{
-		    cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
-		    db_entry->key_data = NULL;
-		    db_entry->n_key_data = 0;
-		    retval = ENOMEM;
-		    goto add_key_pwd_err;
-		}
-		memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
-
-		memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
-		free( tmp_key_data.key_data_contents[k] );
-		tmp_key_data.key_data_contents[k] = NULL;
-	    }
-	}
+        case KRB5_KDB_SALTTYPE_AFS3:
+            /* The afs_mit_string_to_key needs to use strlen, and the
+               realm field is not (necessarily) NULL terminated.  */
+            retval = krb5int_copy_data_contents_add0(context,
+                                                     krb5_princ_realm(context,
+                                                                      db_entry->princ),
+                                                     &key_salt.data);
+            if (retval)
+                return retval;
+            key_salt.data.length = SALT_TYPE_AFS_LENGTH; /*length actually used below...*/
+            break;
+        default:
+            return(KRB5_KDB_BAD_SALTTYPE);
+        }
+
+        pwd.data = passwd;
+        pwd.length = strlen(passwd);
+
+        /* AFS string to key will happen here */
+        if ((retval = krb5_c_string_to_key(context, ks_tuple[i].ks_enctype,
+                                           &pwd, &key_salt.data, &key))) {
+            if (key_salt.data.data)
+                free(key_salt.data.data);
+            return(retval);
+        }
+
+        if (key_salt.data.length == SALT_TYPE_AFS_LENGTH)
+            key_salt.data.length =
+                krb5_princ_realm(context, db_entry->princ)->length;
+
+        /* memory allocation to be done by db. So, use temporary block and later copy
+           it to the memory allocated by db */
+        retval = krb5_dbekd_encrypt_key_data(context, master_key, &key,
+                                             (const krb5_keysalt *)&key_salt,
+                                             kvno, &tmp_key_data);
+        if (key_salt.data.data)
+            free(key_salt.data.data);
+        free(key.contents);
+
+        if( retval )
+            return retval;
+
+        tptr = &db_entry->key_data[db_entry->n_key_data-1];
+
+        tptr->key_data_ver = tmp_key_data.key_data_ver;
+        tptr->key_data_kvno = tmp_key_data.key_data_kvno;
+
+        for( k = 0; k < tmp_key_data.key_data_ver; k++ )
+        {
+            tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
+            tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
+            if( tmp_key_data.key_data_contents[k] )
+            {
+                tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]);
+                if( tptr->key_data_contents[k] == NULL )
+                {
+                    cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+                    db_entry->key_data = NULL;
+                    db_entry->n_key_data = 0;
+                    retval = ENOMEM;
+                    goto add_key_pwd_err;
+                }
+                memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+
+                memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
+                free( tmp_key_data.key_data_contents[k] );
+                tmp_key_data.key_data_contents[k] = NULL;
+            }
+        }
     }
- add_key_pwd_err:
+add_key_pwd_err:
     for( i = 0; i < tmp_key_data.key_data_ver; i++ )
     {
-	if( tmp_key_data.key_data_contents[i] )
-	{
-	    memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
-	    free( tmp_key_data.key_data_contents[i] );
-	}
+        if( tmp_key_data.key_data_contents[i] )
+        {
+            memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
+            free( tmp_key_data.key_data_contents[i] );
+        }
     }
 
     return(retval);
 }
 
 /*
- * Change password for a krb5_db_entry 
+ * Change password for a krb5_db_entry
  * Assumes the max kvno
  *
  * As a side effect all old keys are nuked if keepold is false.
  */
 krb5_error_code
 krb5_dbe_def_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd,
-	     new_kvno, keepold, db_entry)
-    krb5_context	  context;
+                 new_kvno, keepold, db_entry)
+    krb5_context          context;
     krb5_keyblock       * master_key;
-    krb5_key_salt_tuple	* ks_tuple;
-    int			  ks_tuple_count;
-    char 		* passwd;
-    int			  new_kvno;
-    krb5_boolean	  keepold;
-    krb5_db_entry	* db_entry;
+    krb5_key_salt_tuple * ks_tuple;
+    int                   ks_tuple_count;
+    char                * passwd;
+    int                   new_kvno;
+    krb5_boolean          keepold;
+    krb5_db_entry       * db_entry;
 {
-    int 		  key_data_count;
-    int			  n_new_key_data;
-    krb5_key_data 	* key_data;
-    krb5_error_code	  retval;
-    int			  old_kvno;
-    int			  i;
+    int                   key_data_count;
+    int                   n_new_key_data;
+    krb5_key_data       * key_data;
+    krb5_error_code       retval;
+    int                   old_kvno;
+    int                   i;
 
     /* First save the old keydata */
     old_kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data,
-					 db_entry->key_data);
+                                         db_entry->key_data);
     key_data_count = db_entry->n_key_data;
     key_data = db_entry->key_data;
     db_entry->key_data = NULL;
     db_entry->n_key_data = 0;
 
-    /* increment the kvno.  if the requested kvno is too small, 
+    /* increment the kvno.  if the requested kvno is too small,
        increment the old kvno */
     if (new_kvno < old_kvno+1)
-       new_kvno = old_kvno+1;
+        new_kvno = old_kvno+1;
 
     retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count,
-			 passwd, db_entry, new_kvno);
+                         passwd, db_entry, new_kvno);
     if (retval) {
-	cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
-	db_entry->n_key_data = key_data_count;
-	db_entry->key_data = key_data;
+        cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+        db_entry->n_key_data = key_data_count;
+        db_entry->key_data = key_data;
     } else if (keepold) {
-	n_new_key_data = db_entry->n_key_data;
-	for (i = 0; i < key_data_count; i++) {
-	    retval = krb5_dbe_create_key_data(context, db_entry);
-	    if (retval) {
-		cleanup_key_data(context, db_entry->n_key_data,
-				 db_entry->key_data);
-		break;
-	    }
-	    db_entry->key_data[i+n_new_key_data] = key_data[i];
-	    memset(&key_data[i], 0, sizeof(krb5_key_data));
-	}
-	krb5_db_free( context, key_data );
+        n_new_key_data = db_entry->n_key_data;
+        for (i = 0; i < key_data_count; i++) {
+            retval = krb5_dbe_create_key_data(context, db_entry);
+            if (retval) {
+                cleanup_key_data(context, db_entry->n_key_data,
+                                 db_entry->key_data);
+                break;
+            }
+            db_entry->key_data[i+n_new_key_data] = key_data[i];
+            memset(&key_data[i], 0, sizeof(krb5_key_data));
+        }
+        krb5_db_free( context, key_data );
     } else {
-	cleanup_key_data(context, key_data_count, key_data);
+        cleanup_key_data(context, key_data_count, key_data);
     }
     return(retval);
 }
 
 /*
- * Add password for a krb5_db_entry 
+ * Add password for a krb5_db_entry
  * Assumes the max kvno
  *
  * As a side effect all old keys older than the max kvno are nuked.
  */
 krb5_error_code
 krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry)
-    krb5_context	  context;
+    krb5_context          context;
     krb5_keyblock       * master_key;
-    krb5_key_salt_tuple	* ks_tuple;
-    int			  ks_tuple_count;
-    char 		* passwd;
-    krb5_db_entry	* db_entry;
+    krb5_key_salt_tuple * ks_tuple;
+    int                   ks_tuple_count;
+    char                * passwd;
+    krb5_db_entry       * db_entry;
 {
-    int 		  key_data_count;
-    krb5_key_data 	* key_data;
-    krb5_error_code	  retval;
-    int			  old_kvno, new_kvno;
-    int			  i;
+    int                   key_data_count;
+    krb5_key_data       * key_data;
+    krb5_error_code       retval;
+    int                   old_kvno, new_kvno;
+    int                   i;
 
     /* First save the old keydata */
     old_kvno = krb5_db_get_key_data_kvno(context, db_entry->n_key_data,
-					 db_entry->key_data);
+                                         db_entry->key_data);
     key_data_count = db_entry->n_key_data;
     key_data = db_entry->key_data;
     db_entry->key_data = NULL;
@@ -610,27 +611,25 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry)
     new_kvno = old_kvno+1;
 
     if ((retval = add_key_pwd(context, master_key, ks_tuple, ks_tuple_count,
-			     passwd, db_entry, new_kvno))) {
-	cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
-	db_entry->n_key_data = key_data_count;
-	db_entry->key_data = key_data;
+                              passwd, db_entry, new_kvno))) {
+        cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+        db_entry->n_key_data = key_data_count;
+        db_entry->key_data = key_data;
     } else {
-	/* Copy keys with key_data_kvno == old_kvno */
-	for (i = 0; i < key_data_count; i++) {
-	    if (key_data[i].key_data_kvno == old_kvno) {
-		if ((retval = krb5_dbe_create_key_data(context, db_entry))) {
-		    cleanup_key_data(context, db_entry->n_key_data,
-				     db_entry->key_data);
-		    break;
-		}
-		/* We should decrypt/re-encrypt the data to use the same mkvno*/
-		db_entry->key_data[db_entry->n_key_data - 1] = key_data[i];
-		memset(&key_data[i], 0, sizeof(krb5_key_data));
-	    }
-	}
-	cleanup_key_data(context, key_data_count, key_data);
+        /* Copy keys with key_data_kvno == old_kvno */
+        for (i = 0; i < key_data_count; i++) {
+            if (key_data[i].key_data_kvno == old_kvno) {
+                if ((retval = krb5_dbe_create_key_data(context, db_entry))) {
+                    cleanup_key_data(context, db_entry->n_key_data,
+                                     db_entry->key_data);
+                    break;
+                }
+                /* We should decrypt/re-encrypt the data to use the same mkvno*/
+                db_entry->key_data[db_entry->n_key_data - 1] = key_data[i];
+                memset(&key_data[i], 0, sizeof(krb5_key_data));
+            }
+        }
+        cleanup_key_data(context, key_data_count, key_data);
     }
     return(retval);
 }
-
-
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index 69cc52b8e..81c70f36c 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -1,14 +1,15 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_helper.c
  *
- * Copyright 1995, 2009 by the Massachusetts Institute of Technology. 
+ * Copyright 1995, 2009 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 /*
@@ -48,30 +49,30 @@
  */
 krb5_error_code
 krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
-    krb5_context	kcontext;
-    krb5_db_entry	*dbentp;
-    krb5_int32		*start;
-    krb5_int32		ktype;
-    krb5_int32		stype;
-    krb5_int32		kvno;
-    krb5_key_data	**kdatap;
+    krb5_context        kcontext;
+    krb5_db_entry       *dbentp;
+    krb5_int32          *start;
+    krb5_int32          ktype;
+    krb5_int32          stype;
+    krb5_int32          kvno;
+    krb5_key_data       **kdatap;
 {
-    int			i, idx;
-    int			maxkvno;
-    krb5_key_data	*datap;
-    krb5_error_code	ret;
+    int                 i, idx;
+    int                 maxkvno;
+    krb5_key_data       *datap;
+    krb5_error_code     ret;
 
     ret = 0;
     if (kvno == -1 && stype == -1 && ktype == -1)
-	kvno = 0;
-
-    if (kvno == 0) { 
-	/* Get the max key version */
-	for (i = 0; i < dbentp->n_key_data; i++) {
-	    if (kvno < dbentp->key_data[i].key_data_kvno) { 
-		kvno = dbentp->key_data[i].key_data_kvno;
-	    }
-	}
+        kvno = 0;
+
+    if (kvno == 0) {
+        /* Get the max key version */
+        for (i = 0; i < dbentp->n_key_data; i++) {
+            if (kvno < dbentp->key_data[i].key_data_kvno) {
+                kvno = dbentp->key_data[i].key_data_kvno;
+            }
+        }
     }
 
     maxkvno = -1;
@@ -80,56 +81,56 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
         krb5_boolean    similar;
         krb5_int32      db_stype;
 
-	ret = 0;
-	if (dbentp->key_data[i].key_data_ver > 1) {
-	    db_stype = dbentp->key_data[i].key_data_type[1];
-	} else {
-	    db_stype = KRB5_KDB_SALTTYPE_NORMAL;
-	}
-
-	/*
-	 * Filter out non-permitted enctypes.
-	 */
-	if (!krb5_is_permitted_enctype(kcontext,
-				       dbentp->key_data[i].key_data_type[0])) {
-	    ret = KRB5_KDB_NO_PERMITTED_KEY;
-	    continue;
-	}
-	
-
-	if (ktype > 0) {
-	    if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
-					      dbentp->key_data[i].key_data_type[0],
-					      &similar)))
-
-		return(ret);
-	}
-
-	if (((ktype <= 0) || similar) &&
-	    ((db_stype == stype) || (stype < 0))) {
-	    if (kvno >= 0) {
-		if (kvno == dbentp->key_data[i].key_data_kvno) {
-		    datap = &dbentp->key_data[i];
-		    idx = i;
-		    maxkvno = kvno;
-		    break;
-		}
-	    } else {
-		if (dbentp->key_data[i].key_data_kvno > maxkvno) {
-		    maxkvno = dbentp->key_data[i].key_data_kvno;
-		    datap = &dbentp->key_data[i];
-		    idx = i;
-		}
-	    }
-	}
+        ret = 0;
+        if (dbentp->key_data[i].key_data_ver > 1) {
+            db_stype = dbentp->key_data[i].key_data_type[1];
+        } else {
+            db_stype = KRB5_KDB_SALTTYPE_NORMAL;
+        }
+
+        /*
+         * Filter out non-permitted enctypes.
+         */
+        if (!krb5_is_permitted_enctype(kcontext,
+                                       dbentp->key_data[i].key_data_type[0])) {
+            ret = KRB5_KDB_NO_PERMITTED_KEY;
+            continue;
+        }
+
+
+        if (ktype > 0) {
+            if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
+                                              dbentp->key_data[i].key_data_type[0],
+                                              &similar)))
+
+                return(ret);
+        }
+
+        if (((ktype <= 0) || similar) &&
+            ((db_stype == stype) || (stype < 0))) {
+            if (kvno >= 0) {
+                if (kvno == dbentp->key_data[i].key_data_kvno) {
+                    datap = &dbentp->key_data[i];
+                    idx = i;
+                    maxkvno = kvno;
+                    break;
+                }
+            } else {
+                if (dbentp->key_data[i].key_data_kvno > maxkvno) {
+                    maxkvno = dbentp->key_data[i].key_data_kvno;
+                    datap = &dbentp->key_data[i];
+                    idx = i;
+                }
+            }
+        }
     }
     if (maxkvno < 0)
-	return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
+        return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
     *kdatap = datap;
     *start = idx+1;
     return 0;
 }
-    
+
 /*
  *  kdb default functions. Ideally, some other file should have this functions. For now, TBD.
  */
@@ -139,10 +140,10 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
 
 krb5_error_code
 krb5_def_store_mkey_list(krb5_context       context,
-			 char               *keyfile,
-			 krb5_principal     mname,
-			 krb5_keylist_node  *keylist,
-			 char               *master_pwd)
+                         char               *keyfile,
+                         krb5_principal     mname,
+                         krb5_keylist_node  *keylist,
+                         char               *master_pwd)
 {
     krb5_error_code retval = 0;
     char defkeyfile[MAXPATHLEN+1];
@@ -168,8 +169,8 @@ krb5_def_store_mkey_list(krb5_context       context,
         if (!S_ISREG(stb.st_mode)) {
             retval = EINVAL;
             krb5_set_error_message (context, retval,
-                "keyfile (%s) is not a regular file: %s",
-                keyfile, error_message(retval));
+                                    "keyfile (%s) is not a regular file: %s",
+                                    keyfile, error_message(retval));
             goto out;
         }
     }
@@ -179,7 +180,7 @@ krb5_def_store_mkey_list(krb5_context       context,
     /* create temp file template for use by mktemp() */
     if ((retval = asprintf(&tmp_ktname, "WRFILE:%s_XXXXXX", keyfile)) < 0) {
         krb5_set_error_message (context, retval,
-            "Could not create temp keytab file name.");
+                                "Could not create temp keytab file name.");
         goto out;
     }
 
@@ -193,8 +194,8 @@ krb5_def_store_mkey_list(krb5_context       context,
     if (mktemp(tmp_ktpath) == NULL) {
         retval = errno;
         krb5_set_error_message (context, retval,
-            "Could not create temp stash file: %s",
-            error_message(errno));
+                                "Could not create temp stash file: %s",
+                                error_message(errno));
         goto out;
     }
 
@@ -223,8 +224,8 @@ krb5_def_store_mkey_list(krb5_context       context,
         if (rename(tmp_ktpath, keyfile) < 0) {
             retval = errno;
             krb5_set_error_message (context, retval,
-                "rename of temporary keyfile (%s) to (%s) failed: %s",
-                tmp_ktpath, keyfile, error_message(errno));
+                                    "rename of temporary keyfile (%s) to (%s) failed: %s",
+                                    tmp_ktpath, keyfile, error_message(errno));
         }
     }
 
@@ -249,14 +250,14 @@ krb5_def_store_mkey(krb5_context   context,
     list.keyblock = *key;
     list.next = NULL;
     return krb5_def_store_mkey_list(context, keyfile, mname, &list,
-				    master_pwd);
+                                    master_pwd);
 }
 
 static krb5_error_code
 krb5_db_def_fetch_mkey_stash(krb5_context   context,
-			     const char *keyfile,
-			     krb5_keyblock *key,
-			     krb5_kvno     *kvno)
+                             const char *keyfile,
+                             krb5_keyblock *key,
+                             krb5_kvno     *kvno)
 {
     krb5_error_code retval = 0;
     krb5_ui_2 enctype;
@@ -266,14 +267,14 @@ krb5_db_def_fetch_mkey_stash(krb5_context   context,
 #ifdef ANSI_STDIO
     if (!(kf = fopen(keyfile, "rb")))
 #else
-    if (!(kf = fopen(keyfile, "r")))
+        if (!(kf = fopen(keyfile, "r")))
 #endif
-	return KRB5_KDB_CANTREAD_STORED;
+            return KRB5_KDB_CANTREAD_STORED;
     set_cloexec_file(kf);
 
     if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {
-	retval = KRB5_KDB_CANTREAD_STORED;
-	goto errout;
+        retval = KRB5_KDB_CANTREAD_STORED;
+        goto errout;
     }
 
 #if BIG_ENDIAN_MASTER_KEY
@@ -281,16 +282,16 @@ krb5_db_def_fetch_mkey_stash(krb5_context   context,
 #endif
 
     if (key->enctype == ENCTYPE_UNKNOWN)
-	key->enctype = enctype;
+        key->enctype = enctype;
     else if (enctype != key->enctype) {
-	retval = KRB5_KDB_BADSTORED_MKEY;
-	goto errout;
+        retval = KRB5_KDB_BADSTORED_MKEY;
+        goto errout;
     }
 
     if (fread((krb5_pointer) &keylength,
-	      sizeof(keylength), 1, kf) != 1) {
-	retval = KRB5_KDB_CANTREAD_STORED;
-	goto errout;
+              sizeof(keylength), 1, kf) != 1) {
+        retval = KRB5_KDB_CANTREAD_STORED;
+        goto errout;
     }
 
 #if BIG_ENDIAN_MASTER_KEY
@@ -300,23 +301,23 @@ krb5_db_def_fetch_mkey_stash(krb5_context   context,
 #endif
 
     if (!key->length || ((int) key->length) < 0) {
-	retval = KRB5_KDB_BADSTORED_MKEY;
-	goto errout;
+        retval = KRB5_KDB_BADSTORED_MKEY;
+        goto errout;
     }
-	
+
     if (!(key->contents = (krb5_octet *)malloc(key->length))) {
-	retval = ENOMEM;
-	goto errout;
+        retval = ENOMEM;
+        goto errout;
     }
 
     if (fread((krb5_pointer) key->contents, sizeof(key->contents[0]),
-					    key->length, kf) != key->length) {
-	retval = KRB5_KDB_CANTREAD_STORED;
-	zap(key->contents, key->length);
-	free(key->contents);
-	key->contents = 0;
+              key->length, kf) != key->length) {
+        retval = KRB5_KDB_CANTREAD_STORED;
+        zap(key->contents, key->length);
+        free(key->contents);
+        key->contents = 0;
     } else
-	retval = 0;
+        retval = 0;
 
     /*
      * Note, the old stash format did not store the kvno and at this point it
@@ -325,9 +326,9 @@ krb5_db_def_fetch_mkey_stash(krb5_context   context,
      * verifcation trouble if the mkey princ is using a kvno other than 1.
      */
     if (kvno && *kvno == IGNORE_VNO)
-	*kvno = 1;
+        *kvno = 1;
 
- errout:
+errout:
     (void) fclose(kf);
     return retval;
 }
@@ -391,7 +392,7 @@ krb5_db_def_fetch_mkey_keytab(krb5_context   context,
 
 errout:
     if (kt)
-	krb5_kt_close(context, kt);
+        krb5_kt_close(context, kt);
 
     return retval;
 }
@@ -428,12 +429,12 @@ krb5_db_def_fetch_mkey(krb5_context   context,
      * key, but set a message indicating the actual error.
      */
     if (retval != 0) {
-	krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED,
-			       "Can not fetch master key (error: %s).",
-			       error_message(retval));
-	return KRB5_KDB_CANTREAD_STORED;
+        krb5_set_error_message(context, KRB5_KDB_CANTREAD_STORED,
+                               "Can not fetch master key (error: %s).",
+                               error_message(retval));
+        return KRB5_KDB_CANTREAD_STORED;
     } else
-	return 0;
+        return 0;
 }
 
 /*
@@ -453,52 +454,52 @@ krb5_def_verify_master_key(krb5_context    context,
 
     nprinc = 1;
     if ((retval = krb5_db_get_principal(context, mprinc,
-					&master_entry, &nprinc, &more)))
-	return(retval);
-	
+                                        &master_entry, &nprinc, &more)))
+        return(retval);
+
     if (nprinc != 1) {
-	if (nprinc)
-	    krb5_db_free_principal(context, &master_entry, nprinc);
-	return(KRB5_KDB_NOMASTERKEY);
+        if (nprinc)
+            krb5_db_free_principal(context, &master_entry, nprinc);
+        return(KRB5_KDB_NOMASTERKEY);
     } else if (more) {
-	krb5_db_free_principal(context, &master_entry, nprinc);
-	return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
-    }	
-
-    if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, 
-					      &master_entry.key_data[0],
-					      &tempkey, NULL))) {
-	krb5_db_free_principal(context, &master_entry, nprinc);
-	return retval;
+        krb5_db_free_principal(context, &master_entry, nprinc);
+        return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
+    }
+
+    if ((retval = krb5_dbekd_decrypt_key_data(context, mkey,
+                                              &master_entry.key_data[0],
+                                              &tempkey, NULL))) {
+        krb5_db_free_principal(context, &master_entry, nprinc);
+        return retval;
     }
 
     if (mkey->length != tempkey.length ||
-	memcmp((char *)mkey->contents,
-	       (char *)tempkey.contents,mkey->length)) {
-	retval = KRB5_KDB_BADMASTERKEY;
+        memcmp((char *)mkey->contents,
+               (char *)tempkey.contents,mkey->length)) {
+        retval = KRB5_KDB_BADMASTERKEY;
     }
 
     if (kvno != IGNORE_VNO &&
         kvno != (krb5_kvno) master_entry.key_data->key_data_kvno) {
         retval = KRB5_KDB_BADMASTERKEY;
         krb5_set_error_message (context, retval,
-            "User specified mkeyVNO (%u) does not match master key princ's KVNO (%u)",
-            kvno, master_entry.key_data->key_data_kvno);
+                                "User specified mkeyVNO (%u) does not match master key princ's KVNO (%u)",
+                                kvno, master_entry.key_data->key_data_kvno);
     }
 
     zap((char *)tempkey.contents, tempkey.length);
     free(tempkey.contents);
     krb5_db_free_principal(context, &master_entry, nprinc);
-    
+
     return retval;
 }
 
 krb5_error_code
 krb5_def_fetch_mkey_list(krb5_context        context,
-                       krb5_principal        mprinc,
-                       const krb5_keyblock  *mkey,
-                       krb5_kvno             mkvno,
-                       krb5_keylist_node  **mkeys_list)
+                         krb5_principal        mprinc,
+                         const krb5_keyblock  *mkey,
+                         krb5_kvno             mkvno,
+                         krb5_keylist_node  **mkeys_list)
 {
     krb5_error_code retval;
     krb5_db_entry master_entry;
@@ -507,7 +508,7 @@ krb5_def_fetch_mkey_list(krb5_context        context,
     krb5_keyblock cur_mkey;
     krb5_keylist_node *mkey_list_head = NULL, **mkey_list_node;
     krb5_key_data *key_data;
-    krb5_mkey_aux_node	*mkey_aux_data_list = NULL, *aux_data_entry;
+    krb5_mkey_aux_node  *mkey_aux_data_list = NULL, *aux_data_entry;
     int i;
 
     if (mkeys_list == NULL)
@@ -583,7 +584,7 @@ krb5_def_fetch_mkey_list(krb5_context        context,
             }
             if (found_key != TRUE) {
                 krb5_set_error_message (context, KRB5_KDB_BADMASTERKEY,
-                    "Unable to decrypt latest master key with the provided master key\n");
+                                        "Unable to decrypt latest master key with the provided master key\n");
                 retval = KRB5_KDB_BADMASTERKEY;
                 goto clean_n_exit;
             }
@@ -592,7 +593,7 @@ krb5_def_fetch_mkey_list(krb5_context        context,
 
     /*
      * Extract all the mkeys from master_entry using the most current mkey and
-     * create a mkey list for the mkeys field in kdc_realm_t. 
+     * create a mkey list for the mkeys field in kdc_realm_t.
      */
 
     mkey_list_head = (krb5_keylist_node *) malloc(sizeof(krb5_keylist_node));
@@ -644,36 +645,36 @@ clean_n_exit:
 }
 
 krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
-				   char *pwd,
-				   krb5_keyblock *key )
+                                   char *pwd,
+                                   krb5_keyblock *key )
 {
     /* printf("default set master key\n"); */
     return 0;
 }
 
 krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
-				   krb5_keyblock **key )
+                                   krb5_keyblock **key )
 {
     /* printf("default get master key\n"); */
     return 0;
 }
 
 krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
-				        krb5_keylist_node *keylist )
+                                        krb5_keylist_node *keylist )
 {
     /* printf("default set master key\n"); */
     return 0;
 }
 
 krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
-				        krb5_keylist_node **keylist )
+                                        krb5_keylist_node **keylist )
 {
     /* printf("default get master key\n"); */
     return 0;
 }
 
 krb5_error_code krb5_def_promote_db (krb5_context kcontext,
-				     char *s, char **args)
+                                     char *s, char **args)
 {
     /* printf("default promote_db\n"); */
     return KRB5_PLUGIN_OP_NOTSUPP;
diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c
index 3652935a1..fe128535c 100644
--- a/src/lib/kdb/kdb_log.c
+++ b/src/lib/kdb/kdb_log.c
@@ -1,9 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-/* #pragma ident	"@(#)kdb_log.c	1.3	04/02/23 SMI" */
+/* #pragma ident        "@(#)kdb_log.c  1.3     04/02/23 SMI" */
 
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -23,15 +24,15 @@
  * modify the Kerberos principal update and header logs.
  */
 
-#define	getpagesize()	sysconf(_SC_PAGESIZE)
+#define getpagesize()   sysconf(_SC_PAGESIZE)
 
-static int		pagesize = 0;
+static int              pagesize = 0;
 
-#define	INIT_ULOG(ctx)				\
-	log_ctx = ctx->kdblog_context;		\
-	assert(log_ctx != NULL);		\
-	ulog = log_ctx->ulog;			\
-	assert(ulog != NULL)
+#define INIT_ULOG(ctx)                          \
+    log_ctx = ctx->kdblog_context;              \
+    assert(log_ctx != NULL);                    \
+    ulog = log_ctx->ulog;                       \
+    assert(ulog != NULL)
 
 /* XXX */
 typedef unsigned long ulong_t;
@@ -46,9 +47,9 @@ ulog_lock(krb5_context ctx, int mode)
     kdb_hlog_t *ulog = NULL;
 
     if (ctx == NULL)
-	return KRB5_LOG_ERROR;
+        return KRB5_LOG_ERROR;
     if (ctx->kdblog_context == NULL || ctx->kdblog_context->iproprole == IPROP_NULL)
-	return 0;
+        return 0;
     INIT_ULOG(ctx);
     return krb5_lock_file(ctx, log_ctx->ulogfd, mode);
 }
@@ -59,23 +60,23 @@ ulog_lock(krb5_context ctx, int mode)
 static krb5_error_code
 ulog_sync_update(kdb_hlog_t *ulog, kdb_ent_header_t *upd)
 {
-    ulong_t		start, end, size;
-    krb5_error_code	retval;
+    ulong_t             start, end, size;
+    krb5_error_code     retval;
 
     if (ulog == NULL)
-	return (KRB5_LOG_ERROR);
+        return (KRB5_LOG_ERROR);
 
     if (!pagesize)
-	pagesize = getpagesize();
+        pagesize = getpagesize();
 
     start = ((ulong_t)upd) & (~(pagesize-1));
 
     end = (((ulong_t)upd) + ulog->kdb_block +
-	   (pagesize-1)) & (~(pagesize-1));
+           (pagesize-1)) & (~(pagesize-1));
 
     size = end - start;
     if ((retval = msync((caddr_t)start, size, MS_SYNC))) {
-	return (retval);
+        return (retval);
     }
 
     return (0);
@@ -89,14 +90,14 @@ ulog_sync_header(kdb_hlog_t *ulog)
 {
 
     if (!pagesize)
-	pagesize = getpagesize();
+        pagesize = getpagesize();
 
     if (msync((caddr_t)ulog, pagesize, MS_SYNC)) {
-	/*
-	 * Couldn't sync to disk, let's panic
-	 */
-	syslog(LOG_ERR, "ulog_sync_header: could not sync to disk");
-	abort();
+        /*
+         * Couldn't sync to disk, let's panic
+         */
+        syslog(LOG_ERR, "ulog_sync_header: could not sync to disk");
+        abort();
     }
 }
 
@@ -109,10 +110,10 @@ ulog_sync_header(kdb_hlog_t *ulog)
 static krb5_error_code
 ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize)
 {
-    uint_t		new_block, new_size;
+    uint_t              new_block, new_size;
 
     if (ulog == NULL)
-	return (KRB5_LOG_ERROR);
+        return (KRB5_LOG_ERROR);
 
     new_size = sizeof (kdb_hlog_t);
 
@@ -122,28 +123,28 @@ ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize)
     new_size += ulogentries * new_block;
 
     if (new_size <= MAXLOGLEN) {
-	/*
-	 * Reinit log with new block size
-	 */
-	(void) memset(ulog, 0, sizeof (kdb_hlog_t));
-
-	ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
-	ulog->db_version_num = KDB_VERSION;
-	ulog->kdb_state = KDB_STABLE;
-	ulog->kdb_block = new_block;
-
-	ulog_sync_header(ulog);
-
-	/*
-	 * Time to expand log considering new block size
-	 */
-	if (extend_file_to(ulogfd, new_size) < 0)
-	    return errno;
+        /*
+         * Reinit log with new block size
+         */
+        (void) memset(ulog, 0, sizeof (kdb_hlog_t));
+
+        ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
+        ulog->db_version_num = KDB_VERSION;
+        ulog->kdb_state = KDB_STABLE;
+        ulog->kdb_block = new_block;
+
+        ulog_sync_header(ulog);
+
+        /*
+         * Time to expand log considering new block size
+         */
+        if (extend_file_to(ulogfd, new_size) < 0)
+            return errno;
     } else {
-	/*
-	 * Can't map into file larger than MAXLOGLEN
-	 */
-	return (KRB5_LOG_ERROR);
+        /*
+         * Can't map into file larger than MAXLOGLEN
+         */
+        return (KRB5_LOG_ERROR);
     }
 
     return (0);
@@ -158,25 +159,25 @@ ulog_resize(kdb_hlog_t *ulog, uint32_t ulogentries, int ulogfd, uint_t recsize)
 krb5_error_code
 ulog_add_update(krb5_context context, kdb_incr_update_t *upd)
 {
-    XDR		xdrs;
-    kdbe_time_t	ktime;
-    struct timeval	timestamp;
+    XDR         xdrs;
+    kdbe_time_t ktime;
+    struct timeval      timestamp;
     kdb_ent_header_t *indx_log;
-    uint_t		i, recsize;
-    ulong_t		upd_size;
-    krb5_error_code	retval;
-    kdb_sno_t	cur_sno;
-    kdb_log_context	*log_ctx;
-    kdb_hlog_t	*ulog = NULL;
-    uint32_t	ulogentries;
-    int		ulogfd;
+    uint_t              i, recsize;
+    ulong_t             upd_size;
+    krb5_error_code     retval;
+    kdb_sno_t   cur_sno;
+    kdb_log_context     *log_ctx;
+    kdb_hlog_t  *ulog = NULL;
+    uint32_t    ulogentries;
+    int         ulogfd;
 
     INIT_ULOG(context);
     ulogentries = log_ctx->ulogentries;
     ulogfd = log_ctx->ulogfd;
 
     if (upd == NULL)
-	return (KRB5_LOG_ERROR);
+        return (KRB5_LOG_ERROR);
 
     (void) gettimeofday(&timestamp, NULL);
     ktime.seconds = timestamp.tv_sec;
@@ -187,10 +188,10 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd)
     recsize = sizeof (kdb_ent_header_t) + upd_size;
 
     if (recsize > ulog->kdb_block) {
-	    if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) {
-		    /* Resize element array failed */
-		    return (retval);
-	    }
+        if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) {
+            /* Resize element array failed */
+            return (retval);
+        }
     }
 
     cur_sno = ulog->kdb_last_sno;
@@ -200,9 +201,9 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd)
      * resyncs once they see their sno > than the masters.
      */
     if (cur_sno == ULONG_MAX)
-	cur_sno = 1;
+        cur_sno = 1;
     else
-	cur_sno++;
+        cur_sno++;
 
     /*
      * We squirrel this away for finish_update() to index
@@ -224,15 +225,15 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd)
     ulog->kdb_state = KDB_UNSTABLE;
 
     xdrmem_create(&xdrs, (char *)indx_log->entry_data,
-		  indx_log->kdb_entry_size, XDR_ENCODE);
+                  indx_log->kdb_entry_size, XDR_ENCODE);
     if (!xdr_kdb_incr_update_t(&xdrs, upd))
-	return (KRB5_LOG_CONV);
+        return (KRB5_LOG_CONV);
 
     if ((retval = ulog_sync_update(ulog, indx_log)))
-	return (retval);
+        return (retval);
 
     if (ulog->kdb_num < ulogentries)
-	ulog->kdb_num++;
+        ulog->kdb_num++;
 
     ulog->kdb_last_sno = cur_sno;
     ulog->kdb_last_time = ktime;
@@ -242,13 +243,13 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd)
      * always kdb_entry_sno + 1.
      */
     if (cur_sno > ulogentries) {
-	i = upd->kdb_entry_sno % ulogentries;
-	indx_log = (kdb_ent_header_t *)INDEX(ulog, i);
-	ulog->kdb_first_sno = indx_log->kdb_entry_sno;
-	ulog->kdb_first_time = indx_log->kdb_time;
+        i = upd->kdb_entry_sno % ulogentries;
+        indx_log = (kdb_ent_header_t *)INDEX(ulog, i);
+        ulog->kdb_first_sno = indx_log->kdb_entry_sno;
+        ulog->kdb_first_time = indx_log->kdb_time;
     } else if (cur_sno == 1) {
-	ulog->kdb_first_sno = 1;
-	ulog->kdb_first_time = indx_log->kdb_time;
+        ulog->kdb_first_sno = 1;
+        ulog->kdb_first_time = indx_log->kdb_time;
     }
 
     ulog_sync_header(ulog);
@@ -263,12 +264,12 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd)
 krb5_error_code
 ulog_finish_update(krb5_context context, kdb_incr_update_t *upd)
 {
-    krb5_error_code	retval;
-    kdb_ent_header_t	*indx_log;
-    uint_t		i;
-    kdb_log_context	*log_ctx;
-    kdb_hlog_t		*ulog = NULL;
-    uint32_t		ulogentries;
+    krb5_error_code     retval;
+    kdb_ent_header_t    *indx_log;
+    uint_t              i;
+    kdb_log_context     *log_ctx;
+    kdb_hlog_t          *ulog = NULL;
+    uint32_t            ulogentries;
 
     INIT_ULOG(context);
     ulogentries = log_ctx->ulogentries;
@@ -282,7 +283,7 @@ ulog_finish_update(krb5_context context, kdb_incr_update_t *upd)
     ulog->kdb_state = KDB_STABLE;
 
     if ((retval = ulog_sync_update(ulog, indx_log)))
-	return (retval);
+        return (retval);
 
     ulog_sync_header(ulog);
 
@@ -323,15 +324,15 @@ ulog_delete_update(krb5_context context, kdb_incr_update_t *upd)
 krb5_error_code
 ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args)
 {
-    krb5_db_entry	*entry = NULL;
-    kdb_incr_update_t	*upd = NULL, *fupd;
-    int			i, no_of_updates;
-    krb5_error_code	retval;
-    krb5_principal	dbprinc = NULL;
-    kdb_last_t		errlast;
-    char		*dbprincstr = NULL;
-    kdb_log_context	*log_ctx;
-    kdb_hlog_t		*ulog = NULL;
+    krb5_db_entry       *entry = NULL;
+    kdb_incr_update_t   *upd = NULL, *fupd;
+    int                 i, no_of_updates;
+    krb5_error_code     retval;
+    krb5_principal      dbprinc = NULL;
+    kdb_last_t          errlast;
+    char                *dbprincstr = NULL;
+    kdb_log_context     *log_ctx;
+    kdb_hlog_t          *ulog = NULL;
 
     INIT_ULOG(context);
 
@@ -348,84 +349,84 @@ ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args)
     errlast.last_time.useconds = (unsigned int)0;
 
     if ((retval = krb5_db_open(context, db_args,
-			       KRB5_KDB_OPEN_RW|KRB5_KDB_SRV_TYPE_ADMIN)))
-	goto cleanup;
+                               KRB5_KDB_OPEN_RW|KRB5_KDB_SRV_TYPE_ADMIN)))
+        goto cleanup;
 
     for (i = 0; i < no_of_updates; i++) {
-	int nentry = 1;
+        int nentry = 1;
 
-	if (!upd->kdb_commit)
-	    continue;
+        if (!upd->kdb_commit)
+            continue;
 
-	if (upd->kdb_deleted) {
-	    dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len
-				 + 1) * sizeof (char));
+        if (upd->kdb_deleted) {
+            dbprincstr = malloc((upd->kdb_princ_name.utf8str_t_len
+                                 + 1) * sizeof (char));
 
-	    if (dbprincstr == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
+            if (dbprincstr == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
 
-	    (void) strncpy(dbprincstr,
-			   (char *)upd->kdb_princ_name.utf8str_t_val,
-			   (upd->kdb_princ_name.utf8str_t_len + 1));
-	    dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0;
+            (void) strncpy(dbprincstr,
+                           (char *)upd->kdb_princ_name.utf8str_t_val,
+                           (upd->kdb_princ_name.utf8str_t_len + 1));
+            dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0;
 
-	    if ((retval = krb5_parse_name(context, dbprincstr,
-					  &dbprinc))) {
-		goto cleanup;
-	    }
+            if ((retval = krb5_parse_name(context, dbprincstr,
+                                          &dbprinc))) {
+                goto cleanup;
+            }
 
-	    free(dbprincstr);
+            free(dbprincstr);
 
-	    retval = krb5int_delete_principal_no_log(context,
-						     dbprinc,
-						     &nentry);
+            retval = krb5int_delete_principal_no_log(context,
+                                                     dbprinc,
+                                                     &nentry);
 
-	    if (dbprinc) {
-		krb5_free_principal(context, dbprinc);
-		dbprinc = NULL;
-	    }
+            if (dbprinc) {
+                krb5_free_principal(context, dbprinc);
+                dbprinc = NULL;
+            }
 
-	    if (retval)
-		goto cleanup;
-	} else {
-	    entry = (krb5_db_entry *)malloc(sizeof (krb5_db_entry));
+            if (retval)
+                goto cleanup;
+        } else {
+            entry = (krb5_db_entry *)malloc(sizeof (krb5_db_entry));
 
-	    if (!entry) {
-		retval = errno;
-		goto cleanup;
-	    }
+            if (!entry) {
+                retval = errno;
+                goto cleanup;
+            }
 
-	    (void) memset(entry, 0, sizeof (krb5_db_entry));
+            (void) memset(entry, 0, sizeof (krb5_db_entry));
 
-	    if ((retval = ulog_conv_2dbentry(context, entry, upd, 1)))
-		goto cleanup;
+            if ((retval = ulog_conv_2dbentry(context, entry, upd, 1)))
+                goto cleanup;
 
-	    retval = krb5int_put_principal_no_log(context, entry,
-						  &nentry);
+            retval = krb5int_put_principal_no_log(context, entry,
+                                                  &nentry);
 
-	    if (entry) {
-		krb5_db_free_principal(context, entry, nentry);
-		free(entry);
-		entry = NULL;
-	    }
-	    if (retval)
-		goto cleanup;
-	}
+            if (entry) {
+                krb5_db_free_principal(context, entry, nentry);
+                free(entry);
+                entry = NULL;
+            }
+            if (retval)
+                goto cleanup;
+        }
 
-	upd++;
+        upd++;
     }
 
 cleanup:
     if (fupd)
-	ulog_free_entries(fupd, no_of_updates);
+        ulog_free_entries(fupd, no_of_updates);
 
     if (log_ctx && (log_ctx->iproprole == IPROP_SLAVE)) {
-	if (retval)
-	    ulog_finish_update_slave(ulog, errlast);
-	else
-	    ulog_finish_update_slave(ulog, incr_ret->lastentry);
+        if (retval)
+            ulog_finish_update_slave(ulog, errlast);
+        else
+            ulog_finish_update_slave(ulog, incr_ret->lastentry);
     }
 
     return (retval);
@@ -440,95 +441,95 @@ cleanup:
 static krb5_error_code
 ulog_check(krb5_context context, kdb_hlog_t *ulog, char **db_args)
 {
-    XDR			xdrs;
-    krb5_error_code	retval = 0;
-    unsigned int	i;
-    kdb_ent_header_t	*indx_log;
-    kdb_incr_update_t	*upd = NULL;
-    kdb_incr_result_t	*incr_ret = NULL;
+    XDR                 xdrs;
+    krb5_error_code     retval = 0;
+    unsigned int        i;
+    kdb_ent_header_t    *indx_log;
+    kdb_incr_update_t   *upd = NULL;
+    kdb_incr_result_t   *incr_ret = NULL;
 
     ulog->kdb_state = KDB_STABLE;
 
     for (i = 0; i < ulog->kdb_num; i++) {
-	indx_log = (kdb_ent_header_t *)INDEX(ulog, i);
-
-	if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) {
-	    /*
-	     * Update entry corrupted we should scream and die
-	     */
-	    ulog->kdb_state = KDB_CORRUPT;
-	    retval = KRB5_LOG_CORRUPT;
-	    break;
-	}
-
-	if (indx_log->kdb_commit == FALSE) {
-	    ulog->kdb_state = KDB_UNSTABLE;
-
-	    incr_ret = (kdb_incr_result_t *)
-		malloc(sizeof (kdb_incr_result_t));
-	    if (incr_ret == NULL) {
-		retval = errno;
-		goto error;
-	    }
-
-	    upd = (kdb_incr_update_t *)
-		malloc(sizeof (kdb_incr_update_t));
-	    if (upd == NULL) {
-		retval = errno;
-		goto error;
-	    }
-
-	    (void) memset(upd, 0, sizeof (kdb_incr_update_t));
-	    xdrmem_create(&xdrs, (char *)indx_log->entry_data,
-			  indx_log->kdb_entry_size, XDR_DECODE);
-	    if (!xdr_kdb_incr_update_t(&xdrs, upd)) {
-		retval = KRB5_LOG_CONV;
-		goto error;
-	    }
-
-	    incr_ret->updates.kdb_ulog_t_len = 1;
-	    incr_ret->updates.kdb_ulog_t_val = upd;
-
-	    upd->kdb_commit = TRUE;
-
-	    /*
-	     * We don't want to readd this update and just use the
-	     * existing update to be propagated later on
-	     */
-	    ulog_set_role(context, IPROP_NULL);
-	    retval = ulog_replay(context, incr_ret, db_args);
-
-	    /*
-	     * upd was freed by ulog_replay, we NULL
-	     * the pointer in case we subsequently break from loop.
-	     */
-	    upd = NULL;
-	    if (incr_ret) {
-		free(incr_ret);
-		incr_ret = NULL;
-	    }
-	    ulog_set_role(context, IPROP_MASTER);
-
-	    if (retval)
-		goto error;
-
-	    /*
-	     * We flag this as committed since this was
-	     * the last entry before kadmind crashed, ergo
-	     * the slaves have not seen this update before
-	     */
-	    indx_log->kdb_commit = TRUE;
-	    retval = ulog_sync_update(ulog, indx_log);
-	    if (retval)
-		goto error;
-
-	    ulog->kdb_state = KDB_STABLE;
-	}
+        indx_log = (kdb_ent_header_t *)INDEX(ulog, i);
+
+        if (indx_log->kdb_umagic != KDB_ULOG_MAGIC) {
+            /*
+             * Update entry corrupted we should scream and die
+             */
+            ulog->kdb_state = KDB_CORRUPT;
+            retval = KRB5_LOG_CORRUPT;
+            break;
+        }
+
+        if (indx_log->kdb_commit == FALSE) {
+            ulog->kdb_state = KDB_UNSTABLE;
+
+            incr_ret = (kdb_incr_result_t *)
+                malloc(sizeof (kdb_incr_result_t));
+            if (incr_ret == NULL) {
+                retval = errno;
+                goto error;
+            }
+
+            upd = (kdb_incr_update_t *)
+                malloc(sizeof (kdb_incr_update_t));
+            if (upd == NULL) {
+                retval = errno;
+                goto error;
+            }
+
+            (void) memset(upd, 0, sizeof (kdb_incr_update_t));
+            xdrmem_create(&xdrs, (char *)indx_log->entry_data,
+                          indx_log->kdb_entry_size, XDR_DECODE);
+            if (!xdr_kdb_incr_update_t(&xdrs, upd)) {
+                retval = KRB5_LOG_CONV;
+                goto error;
+            }
+
+            incr_ret->updates.kdb_ulog_t_len = 1;
+            incr_ret->updates.kdb_ulog_t_val = upd;
+
+            upd->kdb_commit = TRUE;
+
+            /*
+             * We don't want to readd this update and just use the
+             * existing update to be propagated later on
+             */
+            ulog_set_role(context, IPROP_NULL);
+            retval = ulog_replay(context, incr_ret, db_args);
+
+            /*
+             * upd was freed by ulog_replay, we NULL
+             * the pointer in case we subsequently break from loop.
+             */
+            upd = NULL;
+            if (incr_ret) {
+                free(incr_ret);
+                incr_ret = NULL;
+            }
+            ulog_set_role(context, IPROP_MASTER);
+
+            if (retval)
+                goto error;
+
+            /*
+             * We flag this as committed since this was
+             * the last entry before kadmind crashed, ergo
+             * the slaves have not seen this update before
+             */
+            indx_log->kdb_commit = TRUE;
+            retval = ulog_sync_update(ulog, indx_log);
+            if (retval)
+                goto error;
+
+            ulog->kdb_state = KDB_STABLE;
+        }
     }
 
 error:
     if (upd)
-	ulog_free_entries(upd, 1);
+        ulog_free_entries(upd, 1);
 
     free(incr_ret);
 
@@ -547,134 +548,134 @@ error:
  */
 krb5_error_code
 ulog_map(krb5_context context, const char *logname, uint32_t ulogentries,
-	 int caller, char **db_args)
+         int caller, char **db_args)
 {
-    struct stat	st;
-    krb5_error_code	retval;
-    uint32_t	ulog_filesize;
-    kdb_log_context	*log_ctx;
-    kdb_hlog_t	*ulog = NULL;
-    int		ulogfd = -1;
+    struct stat st;
+    krb5_error_code     retval;
+    uint32_t    ulog_filesize;
+    kdb_log_context     *log_ctx;
+    kdb_hlog_t  *ulog = NULL;
+    int         ulogfd = -1;
 
     ulog_filesize = sizeof (kdb_hlog_t);
 
     if (stat(logname, &st) == -1) {
 
-	if (caller == FKPROPLOG) {
-	    /*
-	     * File doesn't exist so we exit with kproplog
-	     */
-	    return (errno);
-	}
+        if (caller == FKPROPLOG) {
+            /*
+             * File doesn't exist so we exit with kproplog
+             */
+            return (errno);
+        }
 
-	if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) {
-	    return (errno);
-	}
+        if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) {
+            return (errno);
+        }
 
-	if (lseek(ulogfd, 0L, SEEK_CUR) == -1) {
-	    return (errno);
-	}
+        if (lseek(ulogfd, 0L, SEEK_CUR) == -1) {
+            return (errno);
+        }
 
-	if ((caller == FKADMIND) || (caller == FKCOMMAND))
-	    ulog_filesize += ulogentries * ULOG_BLOCK;
+        if ((caller == FKADMIND) || (caller == FKCOMMAND))
+            ulog_filesize += ulogentries * ULOG_BLOCK;
 
-	if (extend_file_to(ulogfd, ulog_filesize) < 0)
-	    return errno;
+        if (extend_file_to(ulogfd, ulog_filesize) < 0)
+            return errno;
     } else {
 
-	ulogfd = open(logname, O_RDWR, 0600);
-	if (ulogfd == -1)
-	    /*
-	     * Can't open existing log file
-	     */
-	    return errno;
+        ulogfd = open(logname, O_RDWR, 0600);
+        if (ulogfd == -1)
+            /*
+             * Can't open existing log file
+             */
+            return errno;
     }
 
     if (caller == FKPROPLOG) {
-	if (fstat(ulogfd, &st) < 0) {
-	    close(ulogfd);
-	    return errno;
-	}
-	ulog_filesize = st.st_size;
-
-	ulog = (kdb_hlog_t *)mmap(0, ulog_filesize,
-				  PROT_READ+PROT_WRITE, MAP_PRIVATE, ulogfd, 0);
+        if (fstat(ulogfd, &st) < 0) {
+            close(ulogfd);
+            return errno;
+        }
+        ulog_filesize = st.st_size;
+
+        ulog = (kdb_hlog_t *)mmap(0, ulog_filesize,
+                                  PROT_READ+PROT_WRITE, MAP_PRIVATE, ulogfd, 0);
     } else {
-	/*
-	 * else kadmind, kpropd, & kcommands should udpate stores
-	 */
-	ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN,
-				  PROT_READ+PROT_WRITE, MAP_SHARED, ulogfd, 0);
+        /*
+         * else kadmind, kpropd, & kcommands should udpate stores
+         */
+        ulog = (kdb_hlog_t *)mmap(0, MAXLOGLEN,
+                                  PROT_READ+PROT_WRITE, MAP_SHARED, ulogfd, 0);
     }
 
     if ((int)(ulog) == -1) {
-	/*
-	 * Can't map update log file to memory
-	 */
-	close(ulogfd);
-	return (errno);
+        /*
+         * Can't map update log file to memory
+         */
+        close(ulogfd);
+        return (errno);
     }
 
     if (!context->kdblog_context) {
-	if (!(log_ctx = malloc(sizeof (kdb_log_context))))
-	    return (errno);
-	memset(log_ctx, 0, sizeof(*log_ctx));
-	context->kdblog_context = log_ctx;
+        if (!(log_ctx = malloc(sizeof (kdb_log_context))))
+            return (errno);
+        memset(log_ctx, 0, sizeof(*log_ctx));
+        context->kdblog_context = log_ctx;
     } else
-	log_ctx = context->kdblog_context;
+        log_ctx = context->kdblog_context;
     log_ctx->ulog = ulog;
     log_ctx->ulogentries = ulogentries;
     log_ctx->ulogfd = ulogfd;
 
     if (ulog->kdb_hmagic != KDB_ULOG_HDR_MAGIC) {
-	if (ulog->kdb_hmagic == 0) {
-	    /*
-	     * New update log
-	     */
-	    (void) memset(ulog, 0, sizeof (kdb_hlog_t));
-
-	    ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
-	    ulog->db_version_num = KDB_VERSION;
-	    ulog->kdb_state = KDB_STABLE;
-	    ulog->kdb_block = ULOG_BLOCK;
-	    if (!(caller == FKPROPLOG))
-		ulog_sync_header(ulog);
-	} else {
-	    return (KRB5_LOG_CORRUPT);
-	}
+        if (ulog->kdb_hmagic == 0) {
+            /*
+             * New update log
+             */
+            (void) memset(ulog, 0, sizeof (kdb_hlog_t));
+
+            ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
+            ulog->db_version_num = KDB_VERSION;
+            ulog->kdb_state = KDB_STABLE;
+            ulog->kdb_block = ULOG_BLOCK;
+            if (!(caller == FKPROPLOG))
+                ulog_sync_header(ulog);
+        } else {
+            return (KRB5_LOG_CORRUPT);
+        }
     }
 
     if (caller == FKADMIND) {
-	retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE);
-	if (retval)
-	    return retval;
-	switch (ulog->kdb_state) {
-	case KDB_STABLE:
-	case KDB_UNSTABLE:
-	    /*
-	     * Log is currently un/stable, check anyway
-	     */
-	    retval = ulog_check(context, ulog, db_args);
-	    ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	    if (retval == KRB5_LOG_CORRUPT) {
-		return (retval);
-	    }
-	    break;
-	case KDB_CORRUPT:
-	    ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	    return (KRB5_LOG_CORRUPT);
-	default:
-	    /*
-	     * Invalid db state
-	     */
-	    ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	    return (KRB5_LOG_ERROR);
-	}
+        retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE);
+        if (retval)
+            return retval;
+        switch (ulog->kdb_state) {
+        case KDB_STABLE:
+        case KDB_UNSTABLE:
+            /*
+             * Log is currently un/stable, check anyway
+             */
+            retval = ulog_check(context, ulog, db_args);
+            ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+            if (retval == KRB5_LOG_CORRUPT) {
+                return (retval);
+            }
+            break;
+        case KDB_CORRUPT:
+            ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+            return (KRB5_LOG_CORRUPT);
+        default:
+            /*
+             * Invalid db state
+             */
+            ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+            return (KRB5_LOG_ERROR);
+        }
     } else if ((caller == FKPROPLOG) || (caller == FKPROPD)) {
-	/*
-	 * kproplog and kpropd don't need to do anything else
-	 */
-	return (0);
+        /*
+         * kproplog and kpropd don't need to do anything else
+         */
+        return (0);
     }
 
     /*
@@ -683,33 +684,33 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries,
      */
     retval = ulog_lock(context, KRB5_LOCKMODE_EXCLUSIVE);
     if (retval)
-	return retval;
+        return retval;
     if (ulog->kdb_num != ulogentries) {
-	if ((ulog->kdb_num != 0) &&
-	    ((ulog->kdb_last_sno > ulog->kdb_num) ||
-	     (ulog->kdb_num > ulogentries))) {
-	    
-	    (void) memset(ulog, 0, sizeof (kdb_hlog_t));
-
-	    ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
-	    ulog->db_version_num = KDB_VERSION;
-	    ulog->kdb_state = KDB_STABLE;
-	    ulog->kdb_block = ULOG_BLOCK;
-
-	    ulog_sync_header(ulog);
-	}
-
-	/*
-	 * Expand ulog if we have specified a greater size
-	 */
-	if (ulog->kdb_num < ulogentries) {
-	    ulog_filesize += ulogentries * ulog->kdb_block;
-
-	    if (extend_file_to(ulogfd, ulog_filesize) < 0) {
-		ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-		return errno;
-	    }
-	}
+        if ((ulog->kdb_num != 0) &&
+            ((ulog->kdb_last_sno > ulog->kdb_num) ||
+             (ulog->kdb_num > ulogentries))) {
+
+            (void) memset(ulog, 0, sizeof (kdb_hlog_t));
+
+            ulog->kdb_hmagic = KDB_ULOG_HDR_MAGIC;
+            ulog->db_version_num = KDB_VERSION;
+            ulog->kdb_state = KDB_STABLE;
+            ulog->kdb_block = ULOG_BLOCK;
+
+            ulog_sync_header(ulog);
+        }
+
+        /*
+         * Expand ulog if we have specified a greater size
+         */
+        if (ulog->kdb_num < ulogentries) {
+            ulog_filesize += ulogentries * ulog->kdb_block;
+
+            if (extend_file_to(ulogfd, ulog_filesize) < 0) {
+                ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+                return errno;
+            }
+        }
     }
     ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
 
@@ -720,44 +721,44 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries,
  * Get the last set of updates seen, (last+1) to n is returned.
  */
 krb5_error_code
-ulog_get_entries(krb5_context context,		/* input - krb5 lib config */
-		 kdb_last_t last,		/* input - slave's last sno */
-		 kdb_incr_result_t *ulog_handle) /* output - incr result for slave */
+ulog_get_entries(krb5_context context,          /* input - krb5 lib config */
+                 kdb_last_t last,               /* input - slave's last sno */
+                 kdb_incr_result_t *ulog_handle) /* output - incr result for slave */
 {
-    XDR			xdrs;
-    kdb_ent_header_t	*indx_log;
-    kdb_incr_update_t	*upd;
-    uint_t		indx, count, tdiff;
-    uint32_t		sno;
-    krb5_error_code	retval;
-    struct timeval	timestamp;
-    kdb_log_context	*log_ctx;
-    kdb_hlog_t		*ulog = NULL;
-    uint32_t		ulogentries;
+    XDR                 xdrs;
+    kdb_ent_header_t    *indx_log;
+    kdb_incr_update_t   *upd;
+    uint_t              indx, count, tdiff;
+    uint32_t            sno;
+    krb5_error_code     retval;
+    struct timeval      timestamp;
+    kdb_log_context     *log_ctx;
+    kdb_hlog_t          *ulog = NULL;
+    uint32_t            ulogentries;
 
     INIT_ULOG(context);
     ulogentries = log_ctx->ulogentries;
 
     retval = ulog_lock(context, KRB5_LOCKMODE_SHARED);
     if (retval)
-	return retval;
+        return retval;
 
     /*
      * Check to make sure we don't have a corrupt ulog first.
      */
     if (ulog->kdb_state == KDB_CORRUPT) {
-	ulog_handle->ret = UPDATE_ERROR;
-	(void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	return (KRB5_LOG_CORRUPT);
+        ulog_handle->ret = UPDATE_ERROR;
+        (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+        return (KRB5_LOG_CORRUPT);
     }
 
     gettimeofday(&timestamp, NULL);
 
     tdiff = timestamp.tv_sec - ulog->kdb_last_time.seconds;
     if (tdiff <= ULOG_IDLE_TIME) {
-	ulog_handle->ret = UPDATE_BUSY;
-	(void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	return (0);
+        ulog_handle->ret = UPDATE_BUSY;
+        (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+        return (0);
     }
 
     /*
@@ -767,8 +768,8 @@ ulog_get_entries(krb5_context context,		/* input - krb5 lib config */
      */
     retval = krb5_db_lock(context, KRB5_LOCKMODE_SHARED);
     if (retval) {
-	(void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	return (retval);
+        (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+        return (retval);
     }
 
     /*
@@ -776,103 +777,103 @@ ulog_get_entries(krb5_context context,		/* input - krb5 lib config */
      * the client's ulog has just been created.
      */
     if ((last.last_sno > ulog->kdb_last_sno) ||
-	(last.last_sno < ulog->kdb_first_sno) ||
-	(last.last_sno == 0)) {
-	ulog_handle->lastentry.last_sno = ulog->kdb_last_sno;
-	(void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	(void) krb5_db_unlock(context);
-	ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED;
-	return (0);
+        (last.last_sno < ulog->kdb_first_sno) ||
+        (last.last_sno == 0)) {
+        ulog_handle->lastentry.last_sno = ulog->kdb_last_sno;
+        (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+        (void) krb5_db_unlock(context);
+        ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED;
+        return (0);
     } else if (last.last_sno <= ulog->kdb_last_sno) {
-	sno = last.last_sno;
-
-	indx = (sno - 1) % ulogentries;
-
-	indx_log = (kdb_ent_header_t *)INDEX(ulog, indx);
-
-	/*
-	 * Validate the time stamp just to make sure it was the same sno
-	 */
-	if ((indx_log->kdb_time.seconds == last.last_time.seconds) &&
-	    (indx_log->kdb_time.useconds == last.last_time.useconds)) {
-
-	    /*
-	     * If we have the same sno we return success
-	     */
-	    if (last.last_sno == ulog->kdb_last_sno) {
-		(void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-		(void) krb5_db_unlock(context);
-		ulog_handle->ret = UPDATE_NIL;
-		return (0);
-	    }
-
-	    count = ulog->kdb_last_sno - sno;
-
-	    ulog_handle->updates.kdb_ulog_t_val =
-		(kdb_incr_update_t *)malloc(
-		    sizeof (kdb_incr_update_t) * count);
-
-	    upd = ulog_handle->updates.kdb_ulog_t_val;
-
-	    if (upd == NULL) {
-		(void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-		(void) krb5_db_unlock(context);
-		ulog_handle->ret = UPDATE_ERROR;
-		return (errno);
-	    }
-
-	    while (sno < ulog->kdb_last_sno) {
-		indx = sno % ulogentries;
-
-		indx_log = (kdb_ent_header_t *)
-		    INDEX(ulog, indx);
-
-		(void) memset(upd, 0,
-			      sizeof (kdb_incr_update_t));
-		xdrmem_create(&xdrs,
-			      (char *)indx_log->entry_data,
-			      indx_log->kdb_entry_size, XDR_DECODE);
-		if (!xdr_kdb_incr_update_t(&xdrs, upd)) {
-		    (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-		    (void) krb5_db_unlock(context);
-		    ulog_handle->ret = UPDATE_ERROR;
-		    return (KRB5_LOG_CONV);
-		}
-		/*
-		 * Mark commitment since we didn't
-		 * want to decode and encode the
-		 * incr update record the first time.
-		 */
-		upd->kdb_commit = indx_log->kdb_commit;
-
-		upd++;
-		sno++;
-	    } /* while */
-
-	    ulog_handle->updates.kdb_ulog_t_len = count;
-
-	    ulog_handle->lastentry.last_sno = ulog->kdb_last_sno;
-	    ulog_handle->lastentry.last_time.seconds =
-		ulog->kdb_last_time.seconds;
-	    ulog_handle->lastentry.last_time.useconds =
-		ulog->kdb_last_time.useconds;
-	    ulog_handle->ret = UPDATE_OK;
-
-	    (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	    (void) krb5_db_unlock(context);
-
-	    return (0);
-	} else {
-	    /*
-	     * We have time stamp mismatch or we no longer have
-	     * the slave's last sno, so we brute force it
-	     */
-	    (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
-	    (void) krb5_db_unlock(context);
-	    ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED;
-
-	    return (0);
-	}
+        sno = last.last_sno;
+
+        indx = (sno - 1) % ulogentries;
+
+        indx_log = (kdb_ent_header_t *)INDEX(ulog, indx);
+
+        /*
+         * Validate the time stamp just to make sure it was the same sno
+         */
+        if ((indx_log->kdb_time.seconds == last.last_time.seconds) &&
+            (indx_log->kdb_time.useconds == last.last_time.useconds)) {
+
+            /*
+             * If we have the same sno we return success
+             */
+            if (last.last_sno == ulog->kdb_last_sno) {
+                (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+                (void) krb5_db_unlock(context);
+                ulog_handle->ret = UPDATE_NIL;
+                return (0);
+            }
+
+            count = ulog->kdb_last_sno - sno;
+
+            ulog_handle->updates.kdb_ulog_t_val =
+                (kdb_incr_update_t *)malloc(
+                    sizeof (kdb_incr_update_t) * count);
+
+            upd = ulog_handle->updates.kdb_ulog_t_val;
+
+            if (upd == NULL) {
+                (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+                (void) krb5_db_unlock(context);
+                ulog_handle->ret = UPDATE_ERROR;
+                return (errno);
+            }
+
+            while (sno < ulog->kdb_last_sno) {
+                indx = sno % ulogentries;
+
+                indx_log = (kdb_ent_header_t *)
+                    INDEX(ulog, indx);
+
+                (void) memset(upd, 0,
+                              sizeof (kdb_incr_update_t));
+                xdrmem_create(&xdrs,
+                              (char *)indx_log->entry_data,
+                              indx_log->kdb_entry_size, XDR_DECODE);
+                if (!xdr_kdb_incr_update_t(&xdrs, upd)) {
+                    (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+                    (void) krb5_db_unlock(context);
+                    ulog_handle->ret = UPDATE_ERROR;
+                    return (KRB5_LOG_CONV);
+                }
+                /*
+                 * Mark commitment since we didn't
+                 * want to decode and encode the
+                 * incr update record the first time.
+                 */
+                upd->kdb_commit = indx_log->kdb_commit;
+
+                upd++;
+                sno++;
+            } /* while */
+
+            ulog_handle->updates.kdb_ulog_t_len = count;
+
+            ulog_handle->lastentry.last_sno = ulog->kdb_last_sno;
+            ulog_handle->lastentry.last_time.seconds =
+                ulog->kdb_last_time.seconds;
+            ulog_handle->lastentry.last_time.useconds =
+                ulog->kdb_last_time.useconds;
+            ulog_handle->ret = UPDATE_OK;
+
+            (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+            (void) krb5_db_unlock(context);
+
+            return (0);
+        } else {
+            /*
+             * We have time stamp mismatch or we no longer have
+             * the slave's last sno, so we brute force it
+             */
+            (void) ulog_lock(context, KRB5_LOCKMODE_UNLOCK);
+            (void) krb5_db_unlock(context);
+            ulog_handle->ret = UPDATE_FULL_RESYNC_NEEDED;
+
+            return (0);
+        }
     }
 
     /*
@@ -886,15 +887,15 @@ ulog_get_entries(krb5_context context,		/* input - krb5 lib config */
 krb5_error_code
 ulog_set_role(krb5_context ctx, iprop_role role)
 {
-    kdb_log_context	*log_ctx;
+    kdb_log_context     *log_ctx;
 
     if (!ctx->kdblog_context) {
-	if (!(log_ctx = malloc(sizeof (kdb_log_context))))
-	    return (errno);
-	memset(log_ctx, 0, sizeof(*log_ctx));
-	ctx->kdblog_context = log_ctx;
+        if (!(log_ctx = malloc(sizeof (kdb_log_context))))
+            return (errno);
+        memset(log_ctx, 0, sizeof(*log_ctx));
+        ctx->kdblog_context = log_ctx;
     } else
-	log_ctx = ctx->kdblog_context;
+        log_ctx = ctx->kdblog_context;
 
     log_ctx->iproprole = role;
 
@@ -911,25 +912,25 @@ static int extend_file_to(int fd, uint_t new_size)
 
     current_offset = lseek(fd, 0, SEEK_END);
     if (current_offset < 0)
-	return -1;
+        return -1;
     if (new_size > INT_MAX) {
-	errno = EINVAL;
-	return -1;
+        errno = EINVAL;
+        return -1;
     }
     while (current_offset < new_size) {
-	int write_size, wrote_size;
-	write_size = new_size - current_offset;
-	if (write_size > 512)
-	    write_size = 512;
-	wrote_size = write(fd, zero, write_size);
-	if (wrote_size < 0)
-	    return -1;
-	if (wrote_size == 0) {
-	    errno = EINVAL;	/* XXX ?? */
-	    return -1;
-	}
-	current_offset += wrote_size;
-	write_size = new_size - current_offset;
+        int write_size, wrote_size;
+        write_size = new_size - current_offset;
+        if (write_size > 512)
+            write_size = 512;
+        wrote_size = write(fd, zero, write_size);
+        if (wrote_size < 0)
+            return -1;
+        if (wrote_size == 0) {
+            errno = EINVAL;     /* XXX ?? */
+            return -1;
+        }
+        current_offset += wrote_size;
+        write_size = new_size - current_offset;
     }
     return 0;
 }
diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c
index 47626f152..03cc897c3 100644
--- a/src/lib/kdb/keytab.c
+++ b/src/lib/kdb/keytab.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/v5server/keytab.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 #include <string.h>
 
@@ -35,30 +36,30 @@ is_xrealm_tgt(krb5_context, krb5_const_principal);
 krb5_error_code krb5_ktkdb_close (krb5_context, krb5_keytab);
 
 krb5_error_code krb5_ktkdb_get_entry (krb5_context, krb5_keytab, krb5_const_principal,
-		   krb5_kvno, krb5_enctype, krb5_keytab_entry *);
+                                      krb5_kvno, krb5_enctype, krb5_keytab_entry *);
 
 static krb5_error_code
 krb5_ktkdb_get_name(krb5_context context, krb5_keytab keytab,
-		    char *name, unsigned int namelen)
+                    char *name, unsigned int namelen)
 {
     if (strlcpy(name, "KDB:", namelen) >= namelen);
-	return KRB5_KT_NAME_TOOLONG;
+    return KRB5_KT_NAME_TOOLONG;
     return 0;
 }
 
 krb5_kt_ops krb5_kt_kdb_ops = {
     0,
-    "KDB", 	/* Prefix -- this string should not appear anywhere else! */
-    krb5_ktkdb_resolve,		/* resolve */
-    krb5_ktkdb_get_name,	/* get_name */
-    krb5_ktkdb_close,		/* close */
-    krb5_ktkdb_get_entry,	/* get */
-    NULL,			/* start_seq_get */
-    NULL,			/* get_next */
-    NULL,			/* end_get */
-    NULL,			/* add (extended) */
-    NULL,			/* remove (extended) */
-    NULL, 		/* (void *) &krb5_ktfile_ser_entry */
+    "KDB",      /* Prefix -- this string should not appear anywhere else! */
+    krb5_ktkdb_resolve,         /* resolve */
+    krb5_ktkdb_get_name,        /* get_name */
+    krb5_ktkdb_close,           /* close */
+    krb5_ktkdb_get_entry,       /* get */
+    NULL,                       /* start_seq_get */
+    NULL,                       /* get_next */
+    NULL,                       /* end_get */
+    NULL,                       /* add (extended) */
+    NULL,                       /* remove (extended) */
+    NULL,               /* (void *) &krb5_ktfile_ser_entry */
 };
 
 typedef struct krb5_ktkdb_data {
@@ -67,9 +68,9 @@ typedef struct krb5_ktkdb_data {
 
 krb5_error_code
 krb5_ktkdb_resolve(context, name, id)
-    krb5_context  	  context;
-    const char		* name;
-    krb5_keytab		* id;
+    krb5_context          context;
+    const char          * name;
+    krb5_keytab         * id;
 {
     if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL)
         return(ENOMEM);
@@ -80,21 +81,21 @@ krb5_ktkdb_resolve(context, name, id)
 
 krb5_error_code
 krb5_ktkdb_close(context, kt)
-     krb5_context context;
-     krb5_keytab kt;
+    krb5_context context;
+    krb5_keytab kt;
 {
-  /*
-   * This routine is responsible for freeing all memory allocated 
-   * for this keytab.  There are no system resources that need
-   * to be freed nor are there any open files.
-   *
-   * This routine should undo anything done by krb5_ktkdb_resolve().
-   */
-
-  kt->ops = NULL;
-  free(kt);
-
-  return 0;
+    /*
+     * This routine is responsible for freeing all memory allocated
+     * for this keytab.  There are no system resources that need
+     * to be freed nor are there any open files.
+     *
+     * This routine should undo anything done by krb5_ktkdb_resolve().
+     */
+
+    kt->ops = NULL;
+    free(kt);
+
+    return 0;
 }
 
 static krb5_context ktkdb_ctx = NULL;
@@ -115,28 +116,28 @@ krb5_ktkdb_set_context(krb5_context ctx)
 
 krb5_error_code
 krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
-    krb5_context 	  in_context;
-    krb5_keytab 	  id;
+    krb5_context          in_context;
+    krb5_keytab           id;
     krb5_const_principal  principal;
-    krb5_kvno 	 	  kvno;
-    krb5_enctype 	  enctype;
-    krb5_keytab_entry 	* entry;
+    krb5_kvno             kvno;
+    krb5_enctype          enctype;
+    krb5_keytab_entry   * entry;
 {
-    krb5_context	  context;
+    krb5_context          context;
     krb5_keylist_node  * master_keylist;
     krb5_keyblock       * master_key;
-    krb5_error_code 	  kerror = 0;
-    krb5_key_data 	* key_data;
-    krb5_db_entry 	  db_entry;
-    krb5_boolean 	  more = 0;
-    int 	 	  n = 0;
+    krb5_error_code       kerror = 0;
+    krb5_key_data       * key_data;
+    krb5_db_entry         db_entry;
+    krb5_boolean          more = 0;
+    int                   n = 0;
     int xrealm_tgt;
     krb5_boolean similar;
 
     if (ktkdb_ctx)
-	context = ktkdb_ctx;
+        context = ktkdb_ctx;
     else
-	context = in_context;
+        context = in_context;
 
     xrealm_tgt = is_xrealm_tgt(context, principal);
 
@@ -146,59 +147,59 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
 
     /* get_principal */
     kerror = krb5_db_get_principal(context, principal, &
-				       db_entry, &n, &more);
+                                   db_entry, &n, &more);
     if (kerror) {
-      /*        krb5_db_close_database(context); */
+        /*        krb5_db_close_database(context); */
         return(kerror);
     }
     if (n != 1) {
-      /* krb5_db_close_database(context); */
-	return KRB5_KT_NOTFOUND;
+        /* krb5_db_close_database(context); */
+        return KRB5_KT_NOTFOUND;
     }
 
     if (db_entry.attributes & KRB5_KDB_DISALLOW_SVR
-	|| db_entry.attributes & KRB5_KDB_DISALLOW_ALL_TIX) {
-	kerror = KRB5_KT_NOTFOUND;
-	goto error;
+        || db_entry.attributes & KRB5_KDB_DISALLOW_ALL_TIX) {
+        kerror = KRB5_KT_NOTFOUND;
+        goto error;
     }
 
     /* match key */
     kerror = krb5_db_get_mkey_list(context, &master_keylist);
     if (kerror)
-	goto error;
+        goto error;
 
     kerror = krb5_dbe_find_mkey(context, master_keylist, &db_entry, &master_key);
     if (kerror)
-	goto error;
+        goto error;
 
     /* For cross realm tgts, we match whatever enctype is provided;
      * for other principals, we only match the first enctype that is
      * found.  Since the TGS and AS code do the same thing, then we
      * will only successfully decrypt  tickets we have issued.*/
     kerror = krb5_dbe_find_enctype(context, &db_entry,
-				   xrealm_tgt?enctype:-1,
-				   -1, kvno, &key_data);
+                                   xrealm_tgt?enctype:-1,
+                                   -1, kvno, &key_data);
     if (kerror == KRB5_KDB_NO_MATCHING_KEY)
-	kerror = KRB5_KT_KVNONOTFOUND;
+        kerror = KRB5_KT_KVNONOTFOUND;
     if (kerror)
-	goto error;
+        goto error;
 
 
     kerror = krb5_dbekd_decrypt_key_data(context, master_key,
-					 key_data, &entry->key, NULL);
+                                         key_data, &entry->key, NULL);
     if (kerror)
-	goto error;
-
-    if (enctype > 0) {	
-	kerror = krb5_c_enctype_compare(context, enctype,
-					entry->key.enctype, &similar);
-	if (kerror)
-	    goto error;
-
-	if (!similar) {
-	    kerror = KRB5_KDB_NO_PERMITTED_KEY;
-	    goto error;
-	}
+        goto error;
+
+    if (enctype > 0) {
+        kerror = krb5_c_enctype_compare(context, enctype,
+                                        entry->key.enctype, &similar);
+        if (kerror)
+            goto error;
+
+        if (!similar) {
+            kerror = KRB5_KDB_NO_PERMITTED_KEY;
+            goto error;
+        }
     }
     /*
      * Coerce the enctype of the output keyblock in case we got an
@@ -208,10 +209,10 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
 
     kerror = krb5_copy_principal(context, principal, &entry->principal);
     if (kerror)
-	goto error;
+        goto error;
 
     /* Close database */
-  error:
+error:
     krb5_db_free_principal(context, &db_entry, 1);
     /*    krb5_db_close_database(context); */
     return(kerror);
@@ -227,16 +228,15 @@ is_xrealm_tgt(krb5_context context, krb5_const_principal princ)
 {
     krb5_data *dat;
     if (krb5_princ_size(context, princ) != 2)
-	return 0;
+        return 0;
     dat = krb5_princ_component(context, princ, 0);
     if (strncmp("krbtgt", dat->data, dat->length) != 0)
-	return 0;
+        return 0;
     dat = krb5_princ_component(context, princ, 1);
     if (dat->length != princ->realm.length)
-	return 1;
+        return 1;
     if (strncmp(dat->data, princ->realm.data, dat->length) == 0)
-	return 0;
+        return 0;
     return 1;
 
 }
-
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c
index 1a4689448..e6682b541 100644
--- a/src/lib/krb5/asn.1/asn1_k_decode.c
+++ b/src/lib/krb5/asn.1/asn1_k_decode.c
@@ -1774,7 +1774,7 @@ error_out:
 
 asn1_error_code
 asn1_decode_external_principal_identifier_ptr
-	(asn1buf *buf,
+        (asn1buf *buf,
          krb5_external_principal_identifier **valptr)
 {
     decode_ptr(krb5_external_principal_identifier *,
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h
index f0d99dcc0..4cf7e080f 100644
--- a/src/lib/krb5/asn.1/asn1_k_decode.h
+++ b/src/lib/krb5/asn.1/asn1_k_decode.h
@@ -109,7 +109,7 @@ asn1_error_code asn1_decode_checksum_ptr
 asn1_error_code asn1_decode_encryption_key
         (asn1buf *buf, krb5_keyblock *val);
 asn1_error_code asn1_decode_encryption_key_ptr
-	(asn1buf *buf, krb5_keyblock **valptr);
+        (asn1buf *buf, krb5_keyblock **valptr);
 asn1_error_code asn1_decode_encrypted_data
         (asn1buf *buf, krb5_enc_data *val);
 asn1_error_code asn1_decode_ticket_flags
@@ -127,7 +127,7 @@ asn1_error_code asn1_decode_kdc_options
 asn1_error_code asn1_decode_ticket
         (asn1buf *buf, krb5_ticket *val);
 asn1_error_code asn1_decode_ticket_ptr
-	(asn1buf *buf, krb5_ticket **valptr);
+        (asn1buf *buf, krb5_ticket **valptr);
 asn1_error_code asn1_decode_kdc_req
         (asn1buf *buf, krb5_kdc_req *val);
 asn1_error_code asn1_decode_kdc_req_body
@@ -137,7 +137,7 @@ asn1_error_code asn1_decode_krb_safe_body
 asn1_error_code asn1_decode_host_address
         (asn1buf *buf, krb5_address *val);
 asn1_error_code asn1_decode_host_address_ptr
-	(asn1buf *buf, krb5_address **valptr);
+        (asn1buf *buf, krb5_address **valptr);
 asn1_error_code asn1_decode_kdc_rep
         (asn1buf *buf, krb5_kdc_rep *val);
 asn1_error_code asn1_decode_last_req_entry
@@ -155,7 +155,7 @@ asn1_error_code asn1_decode_krb_cred_info_ptr
 asn1_error_code asn1_decode_pa_data
         (asn1buf *buf, krb5_pa_data *val);
 asn1_error_code asn1_decode_pa_data_ptr
-	(asn1buf *buf, krb5_pa_data **valptr);
+        (asn1buf *buf, krb5_pa_data **valptr);
 asn1_error_code asn1_decode_passwdsequence
         (asn1buf *buf, passwd_phrase_element *val);
 asn1_error_code asn1_decode_passwdsequence_ptr
diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c
index 215608d33..fa835feba 100644
--- a/src/lib/krb5/asn.1/krb5_decode.c
+++ b/src/lib/krb5/asn.1/krb5_decode.c
@@ -1191,7 +1191,7 @@ krb5_error_code decode_krb5_ad_kdcissued
 
     cleanup(free);
 }
-  
+
 #ifndef DISABLE_PKINIT
 krb5_error_code
 decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **repptr)
diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c
index 5834e8ae8..144b726b6 100644
--- a/src/lib/krb5/asn.1/krb5_encode.c
+++ b/src/lib/krb5/asn.1/krb5_encode.c
@@ -171,4 +171,3 @@ krb5_error_code encode_krb5_typed_data(const krb5_typed_data **rep, krb5_data **
     sum += length;
     krb5_cleanup();
 }
-
diff --git a/src/lib/krb5/ccache/cc-int.h b/src/lib/krb5/ccache/cc-int.h
index 84b100286..685426546 100644
--- a/src/lib/krb5/ccache/cc-int.h
+++ b/src/lib/krb5/ccache/cc-int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/file/cc-int.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * This file contains constant and function declarations used in the
  * file-based credential cache routines.
@@ -71,8 +72,8 @@ typedef struct _k5_cc_mutex {
     krb5_int32 refcount;
 } k5_cc_mutex;
 
-#define K5_CC_MUTEX_PARTIAL_INITIALIZER \
-	{ K5_MUTEX_PARTIAL_INITIALIZER, NULL, 0 }
+#define K5_CC_MUTEX_PARTIAL_INITIALIZER         \
+    { K5_MUTEX_PARTIAL_INITIALIZER, NULL, 0 }
 
 krb5_error_code
 k5_cc_mutex_init(k5_cc_mutex *m);
@@ -80,8 +81,8 @@ k5_cc_mutex_init(k5_cc_mutex *m);
 krb5_error_code
 k5_cc_mutex_finish_init(k5_cc_mutex *m);
 
-#define k5_cc_mutex_destroy(M) \
-k5_mutex_destroy(&(M)->lock);
+#define k5_cc_mutex_destroy(M)                  \
+    k5_mutex_destroy(&(M)->lock);
 
 void
 k5_cc_mutex_assert_locked(krb5_context context, k5_cc_mutex *m);
@@ -101,7 +102,7 @@ extern k5_cc_mutex krb5int_cc_file_mutex;
 
 #ifdef USE_CCAPI_V3
 extern krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock
-(krb5_context context); 
+(krb5_context context);
 
 extern krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
 (krb5_context context);
diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index 32564a04e..d1499bc75 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/cc_file.c
  *
@@ -10,7 +11,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -24,46 +25,46 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * implementation of file-based credentials cache
  */
 
 /*
-If OPENCLOSE is defined, each of the functions opens and closes the
-file whenever it needs to access it.  Otherwise, the file is opened
-once in initialize and closed once is close.
-
-This library depends on UNIX-like file descriptors, and UNIX-like
-behavior from the functions: open, close, read, write, lseek.
-
-The quasi-BNF grammar for a credentials cache:
-
-file ::= 
-        principal list-of-credentials
-
-credential ::=
-	client (principal)
-	server (principal)
-	keyblock (keyblock)
-	times (ticket_times)
-	is_skey (boolean)
-	ticket_flags (flags)
-	ticket (data)
-	second_ticket (data)
-
-principal ::= 
-	number of components (int32)
-	component 1 (data)
-	component 2 (data)
-	...
-	
-data ::=
-	length (int32)
-	string of length bytes
-
-etc.
- */
+  If OPENCLOSE is defined, each of the functions opens and closes the
+  file whenever it needs to access it.  Otherwise, the file is opened
+  once in initialize and closed once is close.
+
+  This library depends on UNIX-like file descriptors, and UNIX-like
+  behavior from the functions: open, close, read, write, lseek.
+
+  The quasi-BNF grammar for a credentials cache:
+
+  file ::=
+  principal list-of-credentials
+
+  credential ::=
+  client (principal)
+  server (principal)
+  keyblock (keyblock)
+  times (ticket_times)
+  is_skey (boolean)
+  ticket_flags (flags)
+  ticket (data)
+  second_ticket (data)
+
+  principal ::=
+  number of components (int32)
+  component 1 (data)
+  component 2 (data)
+  ...
+
+  data ::=
+  length (int32)
+  string of length bytes
+
+  etc.
+*/
 /* todo:
    Make sure that each time a function returns KRB5_NOMEM, everything
    allocated earlier in the function and stack tree is freed.
@@ -74,7 +75,7 @@ etc.
    simultaneously.  (That may require reader/writer locks.)
 
    fcc_nseq.c and fcc_read don't check return values a lot.
- */
+*/
 #include "k5-int.h"
 #include "cc-int.h"
 
@@ -96,93 +97,93 @@ etc.
 #endif
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_close
-        (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_destroy
-        (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_end_seq_get
-        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_generate_new
-        (krb5_context, krb5_ccache *id);
+(krb5_context, krb5_ccache *id);
 
 static const char * KRB5_CALLCONV krb5_fcc_get_name
-        (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_get_principal
-        (krb5_context, krb5_ccache id, krb5_principal *princ);
+(krb5_context, krb5_ccache id, krb5_principal *princ);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_initialize
-        (krb5_context, krb5_ccache id, krb5_principal princ);
+(krb5_context, krb5_ccache id, krb5_principal princ);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_next_cred
-        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor,
-	 krb5_creds *creds);
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor,
+ krb5_creds *creds);
 
 static krb5_error_code krb5_fcc_read
-        (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len);
+(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len);
 static krb5_error_code krb5_fcc_read_principal
-        (krb5_context, krb5_ccache id, krb5_principal *princ);
+(krb5_context, krb5_ccache id, krb5_principal *princ);
 static krb5_error_code krb5_fcc_read_keyblock
-        (krb5_context, krb5_ccache id, krb5_keyblock *keyblock);
+(krb5_context, krb5_ccache id, krb5_keyblock *keyblock);
 static krb5_error_code krb5_fcc_read_data
-        (krb5_context, krb5_ccache id, krb5_data *data);
+(krb5_context, krb5_ccache id, krb5_data *data);
 static krb5_error_code krb5_fcc_read_int32
-        (krb5_context, krb5_ccache id, krb5_int32 *i);
+(krb5_context, krb5_ccache id, krb5_int32 *i);
 static krb5_error_code krb5_fcc_read_ui_2
-        (krb5_context, krb5_ccache id, krb5_ui_2 *i);
+(krb5_context, krb5_ccache id, krb5_ui_2 *i);
 static krb5_error_code krb5_fcc_read_octet
-        (krb5_context, krb5_ccache id, krb5_octet *i);
+(krb5_context, krb5_ccache id, krb5_octet *i);
 static krb5_error_code krb5_fcc_read_times
-        (krb5_context, krb5_ccache id, krb5_ticket_times *t);
+(krb5_context, krb5_ccache id, krb5_ticket_times *t);
 static krb5_error_code krb5_fcc_read_addrs
-        (krb5_context, krb5_ccache, krb5_address ***);
+(krb5_context, krb5_ccache, krb5_address ***);
 static krb5_error_code krb5_fcc_read_addr
-        (krb5_context, krb5_ccache, krb5_address *);
+(krb5_context, krb5_ccache, krb5_address *);
 static krb5_error_code krb5_fcc_read_authdata
-        (krb5_context, krb5_ccache, krb5_authdata ***);
+(krb5_context, krb5_ccache, krb5_authdata ***);
 static krb5_error_code krb5_fcc_read_authdatum
-        (krb5_context, krb5_ccache, krb5_authdata *);
+(krb5_context, krb5_ccache, krb5_authdata *);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_resolve
-        (krb5_context, krb5_ccache *id, const char *residual);
+(krb5_context, krb5_ccache *id, const char *residual);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_retrieve
-        (krb5_context, krb5_ccache id, krb5_flags whichfields,
-	 krb5_creds *mcreds, krb5_creds *creds);
+(krb5_context, krb5_ccache id, krb5_flags whichfields,
+ krb5_creds *mcreds, krb5_creds *creds);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_start_seq_get
-        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_store
-        (krb5_context, krb5_ccache id, krb5_creds *creds);
+(krb5_context, krb5_ccache id, krb5_creds *creds);
 
 static krb5_error_code krb5_fcc_skip_header
-        (krb5_context, krb5_ccache);
+(krb5_context, krb5_ccache);
 static krb5_error_code krb5_fcc_skip_principal
-        (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_set_flags
-        (krb5_context, krb5_ccache id, krb5_flags flags);
+(krb5_context, krb5_ccache id, krb5_flags flags);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_new
-        (krb5_context context, krb5_cc_ptcursor *cursor);
+(krb5_context context, krb5_cc_ptcursor *cursor);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_next
-        (krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache);
+(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_ptcursor_free
-        (krb5_context context, krb5_cc_ptcursor *cursor);
+(krb5_context context, krb5_cc_ptcursor *cursor);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_last_change_time
-        (krb5_context context, krb5_ccache id, krb5_timestamp *change_time);
+(krb5_context context, krb5_ccache id, krb5_timestamp *change_time);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_lock
-        (krb5_context context, krb5_ccache id);
+(krb5_context context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_unlock
-        (krb5_context context, krb5_ccache id);
+(krb5_context context, krb5_ccache id);
 
 
 extern const krb5_cc_ops krb5_cc_file_ops;
@@ -190,43 +191,43 @@ extern const krb5_cc_ops krb5_cc_file_ops;
 krb5_error_code krb5_change_cache (void);
 
 static krb5_error_code krb5_fcc_write
-        (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len);
+(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len);
 static krb5_error_code krb5_fcc_store_principal
-        (krb5_context, krb5_ccache id, krb5_principal princ);
+(krb5_context, krb5_ccache id, krb5_principal princ);
 static krb5_error_code krb5_fcc_store_keyblock
-        (krb5_context, krb5_ccache id, krb5_keyblock *keyblock);
+(krb5_context, krb5_ccache id, krb5_keyblock *keyblock);
 static krb5_error_code krb5_fcc_store_data
-        (krb5_context, krb5_ccache id, krb5_data *data);
+(krb5_context, krb5_ccache id, krb5_data *data);
 static krb5_error_code krb5_fcc_store_int32
-        (krb5_context, krb5_ccache id, krb5_int32 i);
+(krb5_context, krb5_ccache id, krb5_int32 i);
 static krb5_error_code krb5_fcc_store_ui_4
-        (krb5_context, krb5_ccache id, krb5_ui_4 i);
+(krb5_context, krb5_ccache id, krb5_ui_4 i);
 static krb5_error_code krb5_fcc_store_ui_2
-        (krb5_context, krb5_ccache id, krb5_int32 i);
+(krb5_context, krb5_ccache id, krb5_int32 i);
 static krb5_error_code krb5_fcc_store_octet
-        (krb5_context, krb5_ccache id, krb5_int32 i);
+(krb5_context, krb5_ccache id, krb5_int32 i);
 static krb5_error_code krb5_fcc_store_times
-        (krb5_context, krb5_ccache id, krb5_ticket_times *t);
+(krb5_context, krb5_ccache id, krb5_ticket_times *t);
 static krb5_error_code krb5_fcc_store_addrs
-        (krb5_context, krb5_ccache, krb5_address **);
+(krb5_context, krb5_ccache, krb5_address **);
 static krb5_error_code krb5_fcc_store_addr
-        (krb5_context, krb5_ccache, krb5_address *);
+(krb5_context, krb5_ccache, krb5_address *);
 static krb5_error_code krb5_fcc_store_authdata
-        (krb5_context, krb5_ccache, krb5_authdata **);
+(krb5_context, krb5_ccache, krb5_authdata **);
 static krb5_error_code krb5_fcc_store_authdatum
-        (krb5_context, krb5_ccache, krb5_authdata *);
+(krb5_context, krb5_ccache, krb5_authdata *);
 
 static krb5_error_code krb5_fcc_interpret
-        (krb5_context, int);
+(krb5_context, int);
 
 struct _krb5_fcc_data;
 static krb5_error_code krb5_fcc_close_file
-        (krb5_context, struct _krb5_fcc_data *data);
+(krb5_context, struct _krb5_fcc_data *data);
 static krb5_error_code krb5_fcc_open_file
-        (krb5_context, krb5_ccache, int);
+(krb5_context, krb5_ccache, int);
 static krb5_error_code krb5_fcc_data_last_change_time
-        (krb5_context context, struct _krb5_fcc_data *data, 
-        krb5_timestamp *change_time);
+(krb5_context context, struct _krb5_fcc_data *data,
+ krb5_timestamp *change_time);
 
 
 #define KRB5_OK 0
@@ -236,11 +237,11 @@ static krb5_error_code krb5_fcc_data_last_change_time
 /*
  * FCC version 2 contains type information for principals.  FCC
  * version 1 does not.
- *  
+ *
  * FCC version 3 contains keyblock encryption type information, and is
  * architecture independent.  Previous versions are not.
  *
- * The code will accept version 1, 2, and 3 ccaches, and depending 
+ * The code will accept version 1, 2, and 3 ccaches, and depending
  * what KRB5_FCC_DEFAULT_FVNO is set to, it will create version 1, 2,
  * or 3 FCC caches.
  *
@@ -248,24 +249,24 @@ static krb5_error_code krb5_fcc_data_last_change_time
  * init_ctx.c).
  */
 
-#define KRB5_FCC_FVNO_1 0x0501		/* krb v5, fcc v1 */
-#define KRB5_FCC_FVNO_2 0x0502		/* krb v5, fcc v2 */
-#define KRB5_FCC_FVNO_3 0x0503		/* krb v5, fcc v3 */
-#define KRB5_FCC_FVNO_4 0x0504		/* krb v5, fcc v4 */
+#define KRB5_FCC_FVNO_1 0x0501          /* krb v5, fcc v1 */
+#define KRB5_FCC_FVNO_2 0x0502          /* krb v5, fcc v2 */
+#define KRB5_FCC_FVNO_3 0x0503          /* krb v5, fcc v3 */
+#define KRB5_FCC_FVNO_4 0x0504          /* krb v5, fcc v4 */
 
-#define	FCC_OPEN_AND_ERASE	1
-#define	FCC_OPEN_RDWR		2
-#define	FCC_OPEN_RDONLY		3
+#define FCC_OPEN_AND_ERASE      1
+#define FCC_OPEN_RDWR           2
+#define FCC_OPEN_RDONLY         3
 
 /* Credential file header tags.
  * The header tags are constructed as:
- *	krb5_ui_2	tag
- *	krb5_ui_2	len
- *	krb5_octet	data[len]
+ *      krb5_ui_2       tag
+ *      krb5_ui_2       len
+ *      krb5_octet      data[len]
  * This format allows for older versions of the fcc processing code to skip
  * past unrecognized tag formats.
  */
-#define FCC_TAG_DELTATIME	1
+#define FCC_TAG_DELTATIME       1
 
 #ifndef TKT_ROOT
 #ifdef MSDOS_FILESYSTEM
@@ -286,8 +287,8 @@ typedef struct _krb5_fcc_data {
     k5_cc_mutex lock;
     int file;
     krb5_flags flags;
-    int mode;				/* needed for locking code */
-    int version;	      		/* version number of the file */
+    int mode;                           /* needed for locking code */
+    int version;                        /* version number of the file */
 
     /* Buffer data on reading, for performance.
        We used to have a stdio option, but we get more precise control
@@ -308,10 +309,10 @@ static off_t fcc_lseek(krb5_fcc_data *data, off_t offset, int whence)
     /* If we read some extra data in advance, and then want to know or
        use our "current" position, we need to back up a little.  */
     if (whence == SEEK_CUR && data->valid_bytes) {
-	assert(data->valid_bytes > 0);
-	assert(data->cur_offset > 0);
-	assert(data->cur_offset <= data->valid_bytes);
-	offset -= (data->valid_bytes - data->cur_offset);
+        assert(data->valid_bytes > 0);
+        assert(data->cur_offset > 0);
+        assert(data->cur_offset <= data->valid_bytes);
+        offset -= (data->valid_bytes - data->cur_offset);
     }
     invalidate_cache(data);
     return lseek(data->file, offset, whence);
@@ -336,31 +337,31 @@ typedef struct _krb5_fcc_cursor {
     off_t pos;
 } krb5_fcc_cursor;
 
-#define MAYBE_OPEN(CONTEXT, ID, MODE)					\
-{									\
-    k5_cc_mutex_assert_locked(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock);		\
-    if (OPENCLOSE (ID)) {						\
-	krb5_error_code maybe_open_ret;					\
-	maybe_open_ret = krb5_fcc_open_file (CONTEXT,ID,MODE);		\
-	if (maybe_open_ret) {						\
-	    k5_cc_mutex_unlock(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock);	\
-	    return maybe_open_ret;					\
-	}								\
-    }									\
-}
+#define MAYBE_OPEN(CONTEXT, ID, MODE)                                   \
+    {                                                                   \
+        k5_cc_mutex_assert_locked(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \
+        if (OPENCLOSE (ID)) {                                           \
+            krb5_error_code maybe_open_ret;                             \
+            maybe_open_ret = krb5_fcc_open_file (CONTEXT,ID,MODE);      \
+            if (maybe_open_ret) {                                       \
+                k5_cc_mutex_unlock(CONTEXT, &((krb5_fcc_data *)(ID)->data)->lock); \
+                return maybe_open_ret;                                  \
+            }                                                           \
+        }                                                               \
+    }
 
-#define MAYBE_CLOSE(CONTEXT, ID, RET)					\
-{									\
-    if (OPENCLOSE (ID)) {						\
-	krb5_error_code maybe_close_ret;				\
-        maybe_close_ret = krb5_fcc_close_file (CONTEXT,			\
-					       (krb5_fcc_data *)(ID)->data); \
-	if (!(RET)) RET = maybe_close_ret; } }
+#define MAYBE_CLOSE(CONTEXT, ID, RET)                                   \
+    {                                                                   \
+        if (OPENCLOSE (ID)) {                                           \
+            krb5_error_code maybe_close_ret;                            \
+            maybe_close_ret = krb5_fcc_close_file (CONTEXT,             \
+                                                   (krb5_fcc_data *)(ID)->data); \
+            if (!(RET)) RET = maybe_close_ret; } }
 
-#define MAYBE_CLOSE_IGNORE(CONTEXT, ID) \
-{                                                                       \
-    if (OPENCLOSE (ID)) {                                               \
-        (void) krb5_fcc_close_file (CONTEXT,(krb5_fcc_data *)(ID)->data); } }
+#define MAYBE_CLOSE_IGNORE(CONTEXT, ID)                                 \
+    {                                                                   \
+        if (OPENCLOSE (ID)) {                                           \
+            (void) krb5_fcc_close_file (CONTEXT,(krb5_fcc_data *)(ID)->data); } }
 
 #define CHECK(ret) if (ret != KRB5_OK) goto errout;
 
@@ -381,56 +382,56 @@ static krb5_error_code
 krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len)
 {
 #if 0
-     int ret;
+    int ret;
 
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
-     ret = read(((krb5_fcc_data *) id->data)->file, (char *) buf, len);
-     if (ret == -1)
-	  return krb5_fcc_interpret(context, errno);
-     if (ret != len)
-	  return KRB5_CC_END;
-     else
-	  return KRB5_OK;
+    ret = read(((krb5_fcc_data *) id->data)->file, (char *) buf, len);
+    if (ret == -1)
+        return krb5_fcc_interpret(context, errno);
+    if (ret != len)
+        return KRB5_CC_END;
+    else
+        return KRB5_OK;
 #else
-     krb5_fcc_data *data = (krb5_fcc_data *) id->data;
-
-     k5_cc_mutex_assert_locked(context, &data->lock);
-
-     while (len > 0) {
-	 int nread, e;
-	 size_t ncopied;
-
-	 assert (data->valid_bytes >= 0);
-	 if (data->valid_bytes > 0)
-	     assert(data->cur_offset <= data->valid_bytes);
-	 if (data->valid_bytes == 0
-	     || data->cur_offset == data->valid_bytes) {
-	     /* Fill buffer from current file position.  */
-	     nread = read(data->file, data->buf, sizeof(data->buf));
-	     e = errno;
-	     if (nread < 0)
-		 return krb5_fcc_interpret(context, e);
-	     if (nread == 0)
-		 /* EOF */
-		 return KRB5_CC_END;
-	     data->valid_bytes = nread;
-	     data->cur_offset = 0;
-	 }
-	 assert(data->cur_offset < data->valid_bytes);
-	 ncopied = len;
-	 assert(ncopied == len);
-	 if (data->valid_bytes - data->cur_offset < ncopied)
-	     ncopied = data->valid_bytes - data->cur_offset;
-	 memcpy(buf, data->buf + data->cur_offset, ncopied);
-	 data->cur_offset += ncopied;
-	 assert(data->cur_offset > 0);
-	 assert(data->cur_offset <= data->valid_bytes);
-	 len -= ncopied;
-	 /* Don't do arithmetic on void pointers.  */
-	 buf = (char*)buf + ncopied;
-     }
-     return 0;
+    krb5_fcc_data *data = (krb5_fcc_data *) id->data;
+
+    k5_cc_mutex_assert_locked(context, &data->lock);
+
+    while (len > 0) {
+        int nread, e;
+        size_t ncopied;
+
+        assert (data->valid_bytes >= 0);
+        if (data->valid_bytes > 0)
+            assert(data->cur_offset <= data->valid_bytes);
+        if (data->valid_bytes == 0
+            || data->cur_offset == data->valid_bytes) {
+            /* Fill buffer from current file position.  */
+            nread = read(data->file, data->buf, sizeof(data->buf));
+            e = errno;
+            if (nread < 0)
+                return krb5_fcc_interpret(context, e);
+            if (nread == 0)
+                /* EOF */
+                return KRB5_CC_END;
+            data->valid_bytes = nread;
+            data->cur_offset = 0;
+        }
+        assert(data->cur_offset < data->valid_bytes);
+        ncopied = len;
+        assert(ncopied == len);
+        if (data->valid_bytes - data->cur_offset < ncopied)
+            ncopied = data->valid_bytes - data->cur_offset;
+        memcpy(buf, data->buf + data->cur_offset, ncopied);
+        data->cur_offset += ncopied;
+        assert(data->cur_offset > 0);
+        assert(data->cur_offset <= data->valid_bytes);
+        len -= ncopied;
+        /* Don't do arithmetic on void pointers.  */
+        buf = (char*)buf + ncopied;
+    }
+    return 0;
 #endif
 }
 
@@ -453,9 +454,9 @@ krb5_fcc_read(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned i
  * KRB5_CC_NOMEM
  */
 
-#define ALLOC(NUM,TYPE) \
-    (((NUM) <= (((size_t)0-1)/ sizeof(TYPE)))		\
-     ? (TYPE *) calloc((NUM), sizeof(TYPE))		\
+#define ALLOC(NUM,TYPE)                         \
+    (((NUM) <= (((size_t)0-1)/ sizeof(TYPE)))   \
+     ? (TYPE *) calloc((NUM), sizeof(TYPE))     \
      : (errno = ENOMEM,(TYPE *) 0))
 
 static krb5_error_code
@@ -472,44 +473,44 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr
     *princ = NULL;
 
     if (data->version == KRB5_FCC_FVNO_1) {
-	type = KRB5_NT_UNKNOWN;
+        type = KRB5_NT_UNKNOWN;
     } else {
         /* Read principal type */
         kret = krb5_fcc_read_int32(context, id, &type);
         if (kret != KRB5_OK)
-	    return kret;
+            return kret;
     }
 
     /* Read the number of components */
     kret = krb5_fcc_read_int32(context, id, &length);
     if (kret != KRB5_OK)
-	return kret;
+        return kret;
 
     /*
      * DCE includes the principal's realm in the count; the new format
      * does not.
      */
     if (data->version == KRB5_FCC_FVNO_1)
-	length--;
+        length--;
     if (length < 0)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data));
     if (tmpprinc == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
     if (length) {
-	size_t msize = length;
-	if (msize != length) {
-	    free(tmpprinc);
-	    return KRB5_CC_NOMEM;
-	}
-	tmpprinc->data = ALLOC (msize, krb5_data);
-	if (tmpprinc->data == 0) {
-	    free(tmpprinc);
-	    return KRB5_CC_NOMEM;
-	}
+        size_t msize = length;
+        if (msize != length) {
+            free(tmpprinc);
+            return KRB5_CC_NOMEM;
+        }
+        tmpprinc->data = ALLOC (msize, krb5_data);
+        if (tmpprinc->data == 0) {
+            free(tmpprinc);
+            return KRB5_CC_NOMEM;
+        }
     } else
-	tmpprinc->data = 0;
+        tmpprinc->data = 0;
     tmpprinc->magic = KV5M_PRINCIPAL;
     tmpprinc->length = length;
     tmpprinc->type = type;
@@ -520,15 +521,15 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr
     CHECK(kret);
 
     for (i=0; i < length; i++) {
-	kret = krb5_fcc_read_data(context, id, krb5_princ_component(context, tmpprinc, i));
-	CHECK(kret);
+        kret = krb5_fcc_read_data(context, id, krb5_princ_component(context, tmpprinc, i));
+        CHECK(kret);
     }
     *princ = tmpprinc;
     return KRB5_OK;
 
- errout:
+errout:
     while(--i >= 0)
-	free(krb5_princ_component(context, tmpprinc, i)->data);
+        free(krb5_princ_component(context, tmpprinc, i)->data);
     free(krb5_princ_realm(context, tmpprinc)->data);
     free(tmpprinc->data);
     free(tmpprinc);
@@ -538,185 +539,185 @@ krb5_fcc_read_principal(krb5_context context, krb5_ccache id, krb5_principal *pr
 static krb5_error_code
 krb5_fcc_read_addrs(krb5_context context, krb5_ccache id, krb5_address ***addrs)
 {
-     krb5_error_code kret;
-     krb5_int32 length;
-     size_t msize;
-     int i;
-
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-
-     *addrs = 0;
-
-     /* Read the number of components */
-     kret = krb5_fcc_read_int32(context, id, &length);
-     CHECK(kret);
-
-     /* Make *addrs able to hold length pointers to krb5_address structs
-      * Add one extra for a null-terminated list
-      */
-     msize = length;
-     msize += 1;
-     if (msize == 0 || msize - 1 != length || length < 0)
-	 return KRB5_CC_NOMEM;
-     *addrs = ALLOC (msize, krb5_address *);
-     if (*addrs == NULL)
-	  return KRB5_CC_NOMEM;
-
-     for (i=0; i < length; i++) {
-	  (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address));
-	  if ((*addrs)[i] == NULL) {
-	      krb5_free_addresses(context, *addrs);
-	      *addrs = 0;
-	      return KRB5_CC_NOMEM;
-	  }
-	  (*addrs)[i]->contents = NULL;
-	  kret = krb5_fcc_read_addr(context, id, (*addrs)[i]);
-	  CHECK(kret);
-     }
-
-     return KRB5_OK;
- errout:
-     if (*addrs) {
-	 krb5_free_addresses(context, *addrs);
-	 *addrs = NULL;
-     }
-     return kret;
+    krb5_error_code kret;
+    krb5_int32 length;
+    size_t msize;
+    int i;
+
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+
+    *addrs = 0;
+
+    /* Read the number of components */
+    kret = krb5_fcc_read_int32(context, id, &length);
+    CHECK(kret);
+
+    /* Make *addrs able to hold length pointers to krb5_address structs
+     * Add one extra for a null-terminated list
+     */
+    msize = length;
+    msize += 1;
+    if (msize == 0 || msize - 1 != length || length < 0)
+        return KRB5_CC_NOMEM;
+    *addrs = ALLOC (msize, krb5_address *);
+    if (*addrs == NULL)
+        return KRB5_CC_NOMEM;
+
+    for (i=0; i < length; i++) {
+        (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address));
+        if ((*addrs)[i] == NULL) {
+            krb5_free_addresses(context, *addrs);
+            *addrs = 0;
+            return KRB5_CC_NOMEM;
+        }
+        (*addrs)[i]->contents = NULL;
+        kret = krb5_fcc_read_addr(context, id, (*addrs)[i]);
+        CHECK(kret);
+    }
+
+    return KRB5_OK;
+errout:
+    if (*addrs) {
+        krb5_free_addresses(context, *addrs);
+        *addrs = NULL;
+    }
+    return kret;
 }
 
 static krb5_error_code
 krb5_fcc_read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock)
 {
-     krb5_fcc_data *data = (krb5_fcc_data *)id->data;
-     krb5_error_code kret;
-     krb5_ui_2 ui2;
-     krb5_int32 int32;
-
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-
-     keyblock->magic = KV5M_KEYBLOCK;
-     keyblock->contents = 0;
-
-     kret = krb5_fcc_read_ui_2(context, id, &ui2);
-     keyblock->enctype = ui2;
-     CHECK(kret);
-     if (data->version == KRB5_FCC_FVNO_3) {
-	 /* This works because the old etype is the same as the new enctype. */
-	     kret = krb5_fcc_read_ui_2(context, id, &ui2);
-	     /* keyblock->enctype = ui2; */
-	     CHECK(kret);
-     }
-
-     kret = krb5_fcc_read_int32(context, id, &int32);
-     CHECK(kret);
-     if (int32 < 0)
-	  return KRB5_CC_NOMEM;
-     keyblock->length = int32;
-     /* Overflow check.  */
-     if (keyblock->length != int32)
-	 return KRB5_CC_NOMEM;
-     if ( keyblock->length == 0 )
-	 return KRB5_OK;
-     keyblock->contents = ALLOC (keyblock->length, krb5_octet);
-     if (keyblock->contents == NULL)
-	 return KRB5_CC_NOMEM;
-     
-     kret = krb5_fcc_read(context, id, keyblock->contents, keyblock->length);
-     if (kret)
-	 goto errout;
-
-     return KRB5_OK;
- errout:
-     if (keyblock->contents) {
-	 free(keyblock->contents);
-	 keyblock->contents = NULL;
-     }
-     return kret;
+    krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+    krb5_error_code kret;
+    krb5_ui_2 ui2;
+    krb5_int32 int32;
+
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+
+    keyblock->magic = KV5M_KEYBLOCK;
+    keyblock->contents = 0;
+
+    kret = krb5_fcc_read_ui_2(context, id, &ui2);
+    keyblock->enctype = ui2;
+    CHECK(kret);
+    if (data->version == KRB5_FCC_FVNO_3) {
+        /* This works because the old etype is the same as the new enctype. */
+        kret = krb5_fcc_read_ui_2(context, id, &ui2);
+        /* keyblock->enctype = ui2; */
+        CHECK(kret);
+    }
+
+    kret = krb5_fcc_read_int32(context, id, &int32);
+    CHECK(kret);
+    if (int32 < 0)
+        return KRB5_CC_NOMEM;
+    keyblock->length = int32;
+    /* Overflow check.  */
+    if (keyblock->length != int32)
+        return KRB5_CC_NOMEM;
+    if ( keyblock->length == 0 )
+        return KRB5_OK;
+    keyblock->contents = ALLOC (keyblock->length, krb5_octet);
+    if (keyblock->contents == NULL)
+        return KRB5_CC_NOMEM;
+
+    kret = krb5_fcc_read(context, id, keyblock->contents, keyblock->length);
+    if (kret)
+        goto errout;
+
+    return KRB5_OK;
+errout:
+    if (keyblock->contents) {
+        free(keyblock->contents);
+        keyblock->contents = NULL;
+    }
+    return kret;
 }
 
 static krb5_error_code
 krb5_fcc_read_data(krb5_context context, krb5_ccache id, krb5_data *data)
 {
-     krb5_error_code kret;
-     krb5_int32 len;
+    krb5_error_code kret;
+    krb5_int32 len;
 
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
-     data->magic = KV5M_DATA;
-     data->data = 0;
+    data->magic = KV5M_DATA;
+    data->data = 0;
 
-     kret = krb5_fcc_read_int32(context, id, &len);
-     CHECK(kret);
-     if (len < 0)
+    kret = krb5_fcc_read_int32(context, id, &len);
+    CHECK(kret);
+    if (len < 0)
         return KRB5_CC_NOMEM;
-     data->length = len;
-     if (data->length != len || data->length + 1 == 0)
-	 return KRB5_CC_NOMEM;
-
-     if (data->length == 0) {
-	data->data = 0;
-	return KRB5_OK;
-     }
-
-     data->data = (char *) malloc(data->length+1);
-     if (data->data == NULL)
-	  return KRB5_CC_NOMEM;
-
-     kret = krb5_fcc_read(context, id, data->data, (unsigned) data->length);
-     CHECK(kret);
-     
-     data->data[data->length] = 0; /* Null terminate, just in case.... */
-     return KRB5_OK;
- errout:
-     if (data->data) {
-	 free(data->data);
-	 data->data = NULL;
-     }
-     return kret;
+    data->length = len;
+    if (data->length != len || data->length + 1 == 0)
+        return KRB5_CC_NOMEM;
+
+    if (data->length == 0) {
+        data->data = 0;
+        return KRB5_OK;
+    }
+
+    data->data = (char *) malloc(data->length+1);
+    if (data->data == NULL)
+        return KRB5_CC_NOMEM;
+
+    kret = krb5_fcc_read(context, id, data->data, (unsigned) data->length);
+    CHECK(kret);
+
+    data->data[data->length] = 0; /* Null terminate, just in case.... */
+    return KRB5_OK;
+errout:
+    if (data->data) {
+        free(data->data);
+        data->data = NULL;
+    }
+    return kret;
 }
 
 static krb5_error_code
 krb5_fcc_read_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
 {
-     krb5_error_code kret;
-     krb5_ui_2 ui2;
-     krb5_int32 int32;
-
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-
-     addr->magic = KV5M_ADDRESS;
-     addr->contents = 0;
-
-     kret = krb5_fcc_read_ui_2(context, id, &ui2);
-     CHECK(kret);
-     addr->addrtype = ui2;
-     
-     kret = krb5_fcc_read_int32(context, id, &int32);
-     CHECK(kret);
-     if ((int32 & VALID_INT_BITS) != int32)     /* Overflow int??? */
-	  return KRB5_CC_NOMEM;
-     addr->length = int32;
-     /* Length field is "unsigned int", which may be smaller than 32
-        bits.  */
-     if (addr->length != int32)
-	 return KRB5_CC_NOMEM;	/* XXX */
-
-     if (addr->length == 0)
-	     return KRB5_OK;
-
-     addr->contents = (krb5_octet *) malloc(addr->length);
-     if (addr->contents == NULL)
-	  return KRB5_CC_NOMEM;
-
-     kret = krb5_fcc_read(context, id, addr->contents, addr->length);
-     CHECK(kret);
-
-     return KRB5_OK;
- errout:
-     if (addr->contents) {
-	 free(addr->contents);
-	 addr->contents = NULL;
-     }
-     return kret;
+    krb5_error_code kret;
+    krb5_ui_2 ui2;
+    krb5_int32 int32;
+
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+
+    addr->magic = KV5M_ADDRESS;
+    addr->contents = 0;
+
+    kret = krb5_fcc_read_ui_2(context, id, &ui2);
+    CHECK(kret);
+    addr->addrtype = ui2;
+
+    kret = krb5_fcc_read_int32(context, id, &int32);
+    CHECK(kret);
+    if ((int32 & VALID_INT_BITS) != int32)     /* Overflow int??? */
+        return KRB5_CC_NOMEM;
+    addr->length = int32;
+    /* Length field is "unsigned int", which may be smaller than 32
+       bits.  */
+    if (addr->length != int32)
+        return KRB5_CC_NOMEM;  /* XXX */
+
+    if (addr->length == 0)
+        return KRB5_OK;
+
+    addr->contents = (krb5_octet *) malloc(addr->length);
+    if (addr->contents == NULL)
+        return KRB5_CC_NOMEM;
+
+    kret = krb5_fcc_read(context, id, addr->contents, addr->length);
+    CHECK(kret);
+
+    return KRB5_OK;
+errout:
+    if (addr->contents) {
+        free(addr->contents);
+        addr->contents = NULL;
+    }
+    return kret;
 }
 
 static krb5_error_code
@@ -729,14 +730,14 @@ krb5_fcc_read_int32(krb5_context context, krb5_ccache id, krb5_int32 *i)
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
     if ((data->version == KRB5_FCC_FVNO_1) ||
-	(data->version == KRB5_FCC_FVNO_2)) 
-	return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_int32));
+        (data->version == KRB5_FCC_FVNO_2))
+        return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_int32));
     else {
-	retval = krb5_fcc_read(context, id, buf, 4);
-	if (retval)
-	    return retval;
+        retval = krb5_fcc_read(context, id, buf, 4);
+        if (retval)
+            return retval;
         *i = load_32_be (buf);
-	return 0;
+        return 0;
     }
 }
 
@@ -746,27 +747,27 @@ krb5_fcc_read_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 *i)
     krb5_fcc_data *data = (krb5_fcc_data *)id->data;
     krb5_error_code retval;
     unsigned char buf[2];
-    
+
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
     if ((data->version == KRB5_FCC_FVNO_1) ||
-	(data->version == KRB5_FCC_FVNO_2))
-	return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_ui_2));
+        (data->version == KRB5_FCC_FVNO_2))
+        return krb5_fcc_read(context, id, (krb5_pointer) i, sizeof(krb5_ui_2));
     else {
-	retval = krb5_fcc_read(context, id, buf, 2);
-	if (retval)
-	    return retval;
-	*i = load_16_be (buf);
-	return 0;
+        retval = krb5_fcc_read(context, id, buf, 2);
+        if (retval)
+            return retval;
+        *i = load_16_be (buf);
+        return 0;
     }
-}    
+}
 
 static krb5_error_code
 krb5_fcc_read_octet(krb5_context context, krb5_ccache id, krb5_octet *i)
 {
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
     return krb5_fcc_read(context, id, (krb5_pointer) i, 1);
-}    
+}
 
 
 static krb5_error_code
@@ -775,28 +776,28 @@ krb5_fcc_read_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
     krb5_fcc_data *data = (krb5_fcc_data *)id->data;
     krb5_error_code retval;
     krb5_int32 i;
-    
+
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
     if ((data->version == KRB5_FCC_FVNO_1) ||
-	(data->version == KRB5_FCC_FVNO_2))
-	return krb5_fcc_read(context, id, (krb5_pointer) t, sizeof(krb5_ticket_times));
+        (data->version == KRB5_FCC_FVNO_2))
+        return krb5_fcc_read(context, id, (krb5_pointer) t, sizeof(krb5_ticket_times));
     else {
-	retval = krb5_fcc_read_int32(context, id, &i);
-	CHECK(retval);
-	t->authtime = i;
-	
-	retval = krb5_fcc_read_int32(context, id, &i);
-	CHECK(retval);
-	t->starttime = i;
-
-	retval = krb5_fcc_read_int32(context, id, &i);
-	CHECK(retval);
-	t->endtime = i;
-
-	retval = krb5_fcc_read_int32(context, id, &i);
-	CHECK(retval);
-	t->renew_till = i;
+        retval = krb5_fcc_read_int32(context, id, &i);
+        CHECK(retval);
+        t->authtime = i;
+
+        retval = krb5_fcc_read_int32(context, id, &i);
+        CHECK(retval);
+        t->starttime = i;
+
+        retval = krb5_fcc_read_int32(context, id, &i);
+        CHECK(retval);
+        t->endtime = i;
+
+        retval = krb5_fcc_read_int32(context, id, &i);
+        CHECK(retval);
+        t->renew_till = i;
     }
     return 0;
 errout:
@@ -806,52 +807,52 @@ errout:
 static krb5_error_code
 krb5_fcc_read_authdata(krb5_context context, krb5_ccache id, krb5_authdata ***a)
 {
-     krb5_error_code kret;
-     krb5_int32 length;
-     size_t msize;
-     int i;
-
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-
-     *a = 0;
-
-     /* Read the number of components */
-     kret = krb5_fcc_read_int32(context, id, &length);
-     CHECK(kret);
-
-     if (length == 0)
-	 return KRB5_OK;
-
-     /* Make *a able to hold length pointers to krb5_authdata structs
-      * Add one extra for a null-terminated list
-      */
-     msize = length;
-     msize += 1;
-     if (msize == 0 || msize - 1 != length || length < 0)
-	 return KRB5_CC_NOMEM;
-     *a = ALLOC (msize, krb5_authdata *);
-     if (*a == NULL)
-	  return KRB5_CC_NOMEM;
-
-     for (i=0; i < length; i++) {
-	  (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
-	  if ((*a)[i] == NULL) {
-	      krb5_free_authdata(context, *a);
-	      *a = NULL;
-	      return KRB5_CC_NOMEM;
-	  }
-	  (*a)[i]->contents = NULL;
-	  kret = krb5_fcc_read_authdatum(context, id, (*a)[i]);
-	  CHECK(kret);
-     }
-
-     return KRB5_OK;
- errout:
-     if (*a) {
-	 krb5_free_authdata(context, *a);
-	 *a = NULL;
-     }
-     return kret;
+    krb5_error_code kret;
+    krb5_int32 length;
+    size_t msize;
+    int i;
+
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+
+    *a = 0;
+
+    /* Read the number of components */
+    kret = krb5_fcc_read_int32(context, id, &length);
+    CHECK(kret);
+
+    if (length == 0)
+        return KRB5_OK;
+
+    /* Make *a able to hold length pointers to krb5_authdata structs
+     * Add one extra for a null-terminated list
+     */
+    msize = length;
+    msize += 1;
+    if (msize == 0 || msize - 1 != length || length < 0)
+        return KRB5_CC_NOMEM;
+    *a = ALLOC (msize, krb5_authdata *);
+    if (*a == NULL)
+        return KRB5_CC_NOMEM;
+
+    for (i=0; i < length; i++) {
+        (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
+        if ((*a)[i] == NULL) {
+            krb5_free_authdata(context, *a);
+            *a = NULL;
+            return KRB5_CC_NOMEM;
+        }
+        (*a)[i]->contents = NULL;
+        kret = krb5_fcc_read_authdatum(context, id, (*a)[i]);
+        CHECK(kret);
+    }
+
+    return KRB5_OK;
+errout:
+    if (*a) {
+        krb5_free_authdata(context, *a);
+        *a = NULL;
+    }
+    return kret;
 }
 
 static krb5_error_code
@@ -860,7 +861,7 @@ krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a)
     krb5_error_code kret;
     krb5_int32 int32;
     krb5_int16 ui2; /* negative authorization data types are allowed */
-    
+
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
     a->magic = KV5M_AUTHDATA;
@@ -872,31 +873,31 @@ krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a)
     kret = krb5_fcc_read_int32(context, id, &int32);
     CHECK(kret);
     if ((int32 & VALID_INT_BITS) != int32)     /* Overflow int??? */
-          return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
     a->length = int32;
     /* Value could have gotten truncated if int is smaller than 32
        bits.  */
     if (a->length != int32)
-	return KRB5_CC_NOMEM;	/* XXX */
-    
+        return KRB5_CC_NOMEM;   /* XXX */
+
     if (a->length == 0 )
-	    return KRB5_OK;
+        return KRB5_OK;
 
     a->contents = (krb5_octet *) malloc(a->length);
     if (a->contents == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     kret = krb5_fcc_read(context, id, a->contents, a->length);
     CHECK(kret);
-    
-     return KRB5_OK;
- errout:
-     if (a->contents) {
-	 free(a->contents);
-	 a->contents = NULL;
-     }
-     return kret;
-    
+
+    return KRB5_OK;
+errout:
+    if (a->contents) {
+        free(a->contents);
+        a->contents = NULL;
+    }
+    return kret;
+
 }
 #undef CHECK
 
@@ -915,27 +916,27 @@ krb5_fcc_read_authdatum(krb5_context context, krb5_ccache id, krb5_authdata *a)
 static krb5_error_code
 krb5_fcc_write(krb5_context context, krb5_ccache id, krb5_pointer buf, unsigned int len)
 {
-     int ret;
+    int ret;
 
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-     invalidate_cache((krb5_fcc_data *) id->data);
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+    invalidate_cache((krb5_fcc_data *) id->data);
 
-     ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len);
-     if (ret < 0)
-	  return krb5_fcc_interpret(context, errno);
-     if (ret != len)
-         return KRB5_CC_WRITE;
-     return KRB5_OK;
+    ret = write(((krb5_fcc_data *)id->data)->file, (char *) buf, len);
+    if (ret < 0)
+        return krb5_fcc_interpret(context, errno);
+    if (ret != len)
+        return KRB5_CC_WRITE;
+    return KRB5_OK;
 }
 
 /*
  * FOR ALL OF THE FOLLOWING FUNCTIONS:
- * 
+ *
  * Requires:
  * ((krb5_fcc_data *) id->data)->file is open and at the right position.
  *
  * mutex is locked
- * 
+ *
  * Effects:
  * Stores an encoded version of the second argument in the
  * cache file.
@@ -957,17 +958,17 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr
     tmp = length = krb5_princ_size(context, princ);
 
     if (data->version == KRB5_FCC_FVNO_1) {
-	/*
-	 * DCE-compatible format means that the length count
-	 * includes the realm.  (It also doesn't include the
-	 * principal type information.)
-	 */
-	tmp++;
+        /*
+         * DCE-compatible format means that the length count
+         * includes the realm.  (It also doesn't include the
+         * principal type information.)
+         */
+        tmp++;
     } else {
-	ret = krb5_fcc_store_int32(context, id, type);
-	CHECK(ret);
+        ret = krb5_fcc_store_int32(context, id, type);
+        CHECK(ret);
     }
-    
+
     ret = krb5_fcc_store_int32(context, id, tmp);
     CHECK(ret);
 
@@ -975,8 +976,8 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr
     CHECK(ret);
 
     for (i=0; i < length; i++) {
-	ret = krb5_fcc_store_data(context, id, krb5_princ_component(context, princ, i));
-	CHECK(ret);
+        ret = krb5_fcc_store_data(context, id, krb5_princ_component(context, princ, i));
+        CHECK(ret);
     }
 
     return KRB5_OK;
@@ -985,73 +986,73 @@ krb5_fcc_store_principal(krb5_context context, krb5_ccache id, krb5_principal pr
 static krb5_error_code
 krb5_fcc_store_addrs(krb5_context context, krb5_ccache id, krb5_address **addrs)
 {
-     krb5_error_code ret;
-     krb5_address **temp;
-     krb5_int32 i, length = 0;
-
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-
-     /* Count the number of components */
-     if (addrs) {
-	     temp = addrs;
-	     while (*temp++)
-		     length += 1;
-     }
-
-     ret = krb5_fcc_store_int32(context, id, length);
-     CHECK(ret);
-     for (i=0; i < length; i++) {
-	  ret = krb5_fcc_store_addr(context, id, addrs[i]);
-	  CHECK(ret);
-     }
-
-     return KRB5_OK;
+    krb5_error_code ret;
+    krb5_address **temp;
+    krb5_int32 i, length = 0;
+
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+
+    /* Count the number of components */
+    if (addrs) {
+        temp = addrs;
+        while (*temp++)
+            length += 1;
+    }
+
+    ret = krb5_fcc_store_int32(context, id, length);
+    CHECK(ret);
+    for (i=0; i < length; i++) {
+        ret = krb5_fcc_store_addr(context, id, addrs[i]);
+        CHECK(ret);
+    }
+
+    return KRB5_OK;
 }
 
 static krb5_error_code
 krb5_fcc_store_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyblock)
 {
-     krb5_fcc_data *data = (krb5_fcc_data *)id->data;
-     krb5_error_code ret;
-
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-
-     ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype);
-     CHECK(ret);
-     if (data->version == KRB5_FCC_FVNO_3) {
-	 ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype);
-	 CHECK(ret);
-     }
-     ret = krb5_fcc_store_ui_4(context, id, keyblock->length);
-     CHECK(ret);
-     return krb5_fcc_write(context, id, (char *) keyblock->contents, keyblock->length);
+    krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+    krb5_error_code ret;
+
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+
+    ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype);
+    CHECK(ret);
+    if (data->version == KRB5_FCC_FVNO_3) {
+        ret = krb5_fcc_store_ui_2(context, id, keyblock->enctype);
+        CHECK(ret);
+    }
+    ret = krb5_fcc_store_ui_4(context, id, keyblock->length);
+    CHECK(ret);
+    return krb5_fcc_write(context, id, (char *) keyblock->contents, keyblock->length);
 }
 
 static krb5_error_code
 krb5_fcc_store_addr(krb5_context context, krb5_ccache id, krb5_address *addr)
 {
-     krb5_error_code ret;
+    krb5_error_code ret;
 
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
-     ret = krb5_fcc_store_ui_2(context, id, addr->addrtype);
-     CHECK(ret);
-     ret = krb5_fcc_store_ui_4(context, id, addr->length);
-     CHECK(ret);
-     return krb5_fcc_write(context, id, (char *) addr->contents, addr->length);
+    ret = krb5_fcc_store_ui_2(context, id, addr->addrtype);
+    CHECK(ret);
+    ret = krb5_fcc_store_ui_4(context, id, addr->length);
+    CHECK(ret);
+    return krb5_fcc_write(context, id, (char *) addr->contents, addr->length);
 }
 
 
 static krb5_error_code
 krb5_fcc_store_data(krb5_context context, krb5_ccache id, krb5_data *data)
 {
-     krb5_error_code ret;
+    krb5_error_code ret;
 
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
-     ret = krb5_fcc_store_ui_4(context, id, data->length);
-     CHECK(ret);
-     return krb5_fcc_write(context, id, data->data, data->length);
+    ret = krb5_fcc_store_ui_4(context, id, data->length);
+    CHECK(ret);
+    return krb5_fcc_write(context, id, data->data, data->length);
 }
 
 static krb5_error_code
@@ -1069,11 +1070,11 @@ krb5_fcc_store_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i)
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
     if ((data->version == KRB5_FCC_FVNO_1) ||
-	(data->version == KRB5_FCC_FVNO_2)) 
-	return krb5_fcc_write(context, id, (char *) &i, sizeof(krb5_int32));
+        (data->version == KRB5_FCC_FVNO_2))
+        return krb5_fcc_write(context, id, (char *) &i, sizeof(krb5_int32));
     else {
-	store_32_be (i, buf);
-	return krb5_fcc_write(context, id, buf, 4);
+        store_32_be (i, buf);
+        return krb5_fcc_write(context, id, buf, 4);
     }
 }
 
@@ -1083,19 +1084,19 @@ krb5_fcc_store_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i)
     krb5_fcc_data *data = (krb5_fcc_data *)id->data;
     krb5_ui_2 ibuf;
     unsigned char buf[2];
-    
+
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
     if ((data->version == KRB5_FCC_FVNO_1) ||
-	(data->version == KRB5_FCC_FVNO_2)) {
+        (data->version == KRB5_FCC_FVNO_2)) {
         ibuf = (krb5_ui_2) i;
-	return krb5_fcc_write(context, id, (char *) &ibuf, sizeof(krb5_ui_2));
+        return krb5_fcc_write(context, id, (char *) &ibuf, sizeof(krb5_ui_2));
     } else {
-	store_16_be (i, buf);
-	return krb5_fcc_write(context, id, buf, 2);
+        store_16_be (i, buf);
+        return krb5_fcc_write(context, id, buf, 2);
     }
 }
-   
+
 static krb5_error_code
 krb5_fcc_store_octet(krb5_context context, krb5_ccache id, krb5_int32 i)
 {
@@ -1106,7 +1107,7 @@ krb5_fcc_store_octet(krb5_context context, krb5_ccache id, krb5_int32 i)
     ibuf = (krb5_octet) i;
     return krb5_fcc_write(context, id, (char *) &ibuf, 1);
 }
-   
+
 static krb5_error_code
 krb5_fcc_store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
 {
@@ -1116,21 +1117,21 @@ krb5_fcc_store_times(krb5_context context, krb5_ccache id, krb5_ticket_times *t)
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
     if ((data->version == KRB5_FCC_FVNO_1) ||
-	(data->version == KRB5_FCC_FVNO_2))
-	return krb5_fcc_write(context, id, (char *) t, sizeof(krb5_ticket_times));
+        (data->version == KRB5_FCC_FVNO_2))
+        return krb5_fcc_write(context, id, (char *) t, sizeof(krb5_ticket_times));
     else {
-	retval = krb5_fcc_store_int32(context, id, t->authtime);
-	CHECK(retval);
-	retval = krb5_fcc_store_int32(context, id, t->starttime);
-	CHECK(retval);
-	retval = krb5_fcc_store_int32(context, id, t->endtime);
-	CHECK(retval);
-	retval = krb5_fcc_store_int32(context, id, t->renew_till);
-	CHECK(retval);
-	return 0;
+        retval = krb5_fcc_store_int32(context, id, t->authtime);
+        CHECK(retval);
+        retval = krb5_fcc_store_int32(context, id, t->starttime);
+        CHECK(retval);
+        retval = krb5_fcc_store_int32(context, id, t->endtime);
+        CHECK(retval);
+        retval = krb5_fcc_store_int32(context, id, t->renew_till);
+        CHECK(retval);
+        return 0;
     }
 }
-   
+
 static krb5_error_code
 krb5_fcc_store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a)
 {
@@ -1141,15 +1142,15 @@ krb5_fcc_store_authdata(krb5_context context, krb5_ccache id, krb5_authdata **a)
     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
     if (a != NULL) {
-	for (temp=a; *temp; temp++)
-	    length++;
+        for (temp=a; *temp; temp++)
+            length++;
     }
 
     ret = krb5_fcc_store_int32(context, id, length);
     CHECK(ret);
     for (i=0; i<length; i++) {
-	ret = krb5_fcc_store_authdatum (context, id, a[i]);
-	CHECK(ret);
+        ret = krb5_fcc_store_authdatum (context, id, a[i]);
+        CHECK(ret);
     }
     return KRB5_OK;
 }
@@ -1172,21 +1173,21 @@ krb5_fcc_store_authdatum (krb5_context context, krb5_ccache id, krb5_authdata *a
 static krb5_error_code
 krb5_fcc_close_file (krb5_context context, krb5_fcc_data *data)
 {
-     int ret;
-     krb5_error_code retval;
+    int ret;
+    krb5_error_code retval;
 
-     k5_cc_mutex_assert_locked(context, &data->lock);
+    k5_cc_mutex_assert_locked(context, &data->lock);
 
-     if (data->file == NO_FILE)
-	 return KRB5_FCC_INTERNAL;
+    if (data->file == NO_FILE)
+        return KRB5_FCC_INTERNAL;
 
-     retval = krb5_unlock_file(context, data->file);
-     ret = close (data->file);
-     data->file = NO_FILE;
-     if (retval)
-	 return retval;
+    retval = krb5_unlock_file(context, data->file);
+    ret = close (data->file);
+    data->file = NO_FILE;
+    if (retval)
+        return retval;
 
-     return ret ? krb5_fcc_interpret (context, errno) : 0;
+    return ret ? krb5_fcc_interpret (context, errno) : 0;
 }
 
 #if defined(ANSI_STDIO) || defined(_WIN32)
@@ -1197,8 +1198,8 @@ krb5_fcc_close_file (krb5_context context, krb5_fcc_data *data)
 
 #ifndef HAVE_SETVBUF
 #undef setvbuf
-#define setvbuf(FILE,BUF,MODE,SIZE) \
-  ((SIZE) < BUFSIZE ? (abort(),0) : setbuf(FILE, BUF))
+#define setvbuf(FILE,BUF,MODE,SIZE)                             \
+    ((SIZE) < BUFSIZE ? (abort(),0) : setbuf(FILE, BUF))
 #endif
 
 static krb5_error_code
@@ -1218,211 +1219,211 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode)
     invalidate_cache(data);
 
     if (data->file != NO_FILE) {
-	/* Don't know what state it's in; shut down and start anew.  */
-	(void) krb5_unlock_file(context, data->file);
-	(void) close (data->file);
-	data->file = NO_FILE;
+        /* Don't know what state it's in; shut down and start anew.  */
+        (void) krb5_unlock_file(context, data->file);
+        (void) close (data->file);
+        data->file = NO_FILE;
     }
 
     switch(mode) {
     case FCC_OPEN_AND_ERASE:
-	unlink(data->filename);
-	open_flag = O_CREAT|O_EXCL|O_TRUNC|O_RDWR;
-	break;
+        unlink(data->filename);
+        open_flag = O_CREAT|O_EXCL|O_TRUNC|O_RDWR;
+        break;
     case FCC_OPEN_RDWR:
-	open_flag = O_RDWR;
-	break;
+        open_flag = O_RDWR;
+        break;
     case FCC_OPEN_RDONLY:
     default:
-	open_flag = O_RDONLY;
-	break;
+        open_flag = O_RDONLY;
+        break;
     }
 
     f = THREEPARAMOPEN (data->filename, open_flag | O_BINARY, 0600);
     if (f == NO_FILE) {
-	switch (errno) {
-	case ENOENT:
-	    retval = KRB5_FCC_NOFILE;
-	    krb5_set_error_message(context, retval,
-				   "Credentials cache file '%s' not found",
-				   data->filename);
-	    return retval;
-	default:
-	    return krb5_fcc_interpret (context, errno);
-	}
+        switch (errno) {
+        case ENOENT:
+            retval = KRB5_FCC_NOFILE;
+            krb5_set_error_message(context, retval,
+                                   "Credentials cache file '%s' not found",
+                                   data->filename);
+            return retval;
+        default:
+            return krb5_fcc_interpret (context, errno);
+        }
     }
     set_cloexec_fd(f);
 
     data->mode = mode;
 
     if (data->mode == FCC_OPEN_RDONLY)
-	lock_flag = KRB5_LOCKMODE_SHARED;
-    else 
-	lock_flag = KRB5_LOCKMODE_EXCLUSIVE;
+        lock_flag = KRB5_LOCKMODE_SHARED;
+    else
+        lock_flag = KRB5_LOCKMODE_EXCLUSIVE;
     if ((retval = krb5_lock_file(context, f, lock_flag))) {
-	(void) close(f);
-	return retval;
+        (void) close(f);
+        return retval;
     }
 
     if (mode == FCC_OPEN_AND_ERASE) {
-	 /* write the version number */
-         int cnt;
-
-         fcc_fvno = htons(context->fcc_default_format);
-         data->version = context->fcc_default_format;
-         if ((cnt = write(f, (char *)&fcc_fvno, sizeof(fcc_fvno))) !=
-             sizeof(fcc_fvno)) {
-             retval = ((cnt == -1) ? krb5_fcc_interpret(context, errno) :
-                       KRB5_CC_IO);
-             goto done;
-         }
-         data->file = f;
-
-	 if (data->version == KRB5_FCC_FVNO_4) {
-             /* V4 of the credentials cache format allows for header tags */
-	     fcc_flen = 0;
-
-	     if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)
-		 fcc_flen += (2*sizeof(krb5_ui_2) + 2*sizeof(krb5_int32));
-
-	     /* Write header length */
-	     retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_flen);
-	     if (retval) goto done;
-
-	     if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
-		 /* Write time offset tag */
-		 fcc_tag = FCC_TAG_DELTATIME;
-		 fcc_taglen = 2*sizeof(krb5_int32);
-		 
-		 retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_tag);
-		 if (retval) goto done;
-		 retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_taglen);
-		 if (retval) goto done;
-		 retval = krb5_fcc_store_int32(context,id,os_ctx->time_offset);
-		 if (retval) goto done;
-		 retval = krb5_fcc_store_int32(context,id,os_ctx->usec_offset);
-		 if (retval) goto done;
-	     }
-	 }
-	 invalidate_cache(data);
-	 goto done;
-     }
-
-     /* verify a valid version number is there */
+        /* write the version number */
+        int cnt;
+
+        fcc_fvno = htons(context->fcc_default_format);
+        data->version = context->fcc_default_format;
+        if ((cnt = write(f, (char *)&fcc_fvno, sizeof(fcc_fvno))) !=
+            sizeof(fcc_fvno)) {
+            retval = ((cnt == -1) ? krb5_fcc_interpret(context, errno) :
+                      KRB5_CC_IO);
+            goto done;
+        }
+        data->file = f;
+
+        if (data->version == KRB5_FCC_FVNO_4) {
+            /* V4 of the credentials cache format allows for header tags */
+            fcc_flen = 0;
+
+            if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)
+                fcc_flen += (2*sizeof(krb5_ui_2) + 2*sizeof(krb5_int32));
+
+            /* Write header length */
+            retval = krb5_fcc_store_ui_2(context, id, (krb5_int32)fcc_flen);
+            if (retval) goto done;
+
+            if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
+                /* Write time offset tag */
+                fcc_tag = FCC_TAG_DELTATIME;
+                fcc_taglen = 2*sizeof(krb5_int32);
+
+                retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_tag);
+                if (retval) goto done;
+                retval = krb5_fcc_store_ui_2(context,id,(krb5_int32)fcc_taglen);
+                if (retval) goto done;
+                retval = krb5_fcc_store_int32(context,id,os_ctx->time_offset);
+                if (retval) goto done;
+                retval = krb5_fcc_store_int32(context,id,os_ctx->usec_offset);
+                if (retval) goto done;
+            }
+        }
+        invalidate_cache(data);
+        goto done;
+    }
+
+    /* verify a valid version number is there */
     invalidate_cache(data);
-     if (read(f, (char *)&fcc_fvno, sizeof(fcc_fvno)) != sizeof(fcc_fvno)) {
-	 retval = KRB5_CC_FORMAT;
-	 goto done;
-     }
-     data->version = ntohs(fcc_fvno);
+    if (read(f, (char *)&fcc_fvno, sizeof(fcc_fvno)) != sizeof(fcc_fvno)) {
+        retval = KRB5_CC_FORMAT;
+        goto done;
+    }
+    data->version = ntohs(fcc_fvno);
     if ((data->version != KRB5_FCC_FVNO_4) &&
-	(data->version != KRB5_FCC_FVNO_3) &&
-	(data->version != KRB5_FCC_FVNO_2) &&
-	(data->version != KRB5_FCC_FVNO_1)) {
-	retval = KRB5_CCACHE_BADVNO;
-	goto done;
+        (data->version != KRB5_FCC_FVNO_3) &&
+        (data->version != KRB5_FCC_FVNO_2) &&
+        (data->version != KRB5_FCC_FVNO_1)) {
+        retval = KRB5_CCACHE_BADVNO;
+        goto done;
     }
 
     data->file = f;
 
-     if (data->version == KRB5_FCC_FVNO_4) {
-	 char buf[1024];
-
-	 if (krb5_fcc_read_ui_2(context, id, &fcc_flen) ||
-	     (fcc_flen > sizeof(buf)))
-	 {
-	     retval = KRB5_CC_FORMAT;
-	     goto done;
-	 }
-
-	 while (fcc_flen) {
-	     if ((fcc_flen < (2 * sizeof(krb5_ui_2))) ||
-		 krb5_fcc_read_ui_2(context, id, &fcc_tag) ||
-		 krb5_fcc_read_ui_2(context, id, &fcc_taglen) ||
-		 (fcc_taglen > (fcc_flen - 2*sizeof(krb5_ui_2))))
-	     {
-		 retval = KRB5_CC_FORMAT;
-		 goto done;
-	     }
-
-	     switch (fcc_tag) {
-	     case FCC_TAG_DELTATIME:
-		 if (fcc_taglen != 2*sizeof(krb5_int32)) {
-		     retval = KRB5_CC_FORMAT;
-		     goto done;
-		 }
-		 if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) ||
-		     (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID))
-		 {
-		     if (krb5_fcc_read(context, id, buf, fcc_taglen)) {
-			 retval = KRB5_CC_FORMAT;
-			 goto done;
-		     }
-		     break;
-		 }
-		 if (krb5_fcc_read_int32(context, id, &os_ctx->time_offset) ||
-		     krb5_fcc_read_int32(context, id, &os_ctx->usec_offset))
-		 {
-		     retval = KRB5_CC_FORMAT;
-		     goto done;
-		 }
-		 os_ctx->os_flags =
-		     ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
-		      KRB5_OS_TOFFSET_VALID);
-		 break;
-	     default:
-		 if (fcc_taglen && krb5_fcc_read(context,id,buf,fcc_taglen)) {
-		     retval = KRB5_CC_FORMAT;
-		     goto done;
-		 }
-		 break;
-	     }
-	     fcc_flen -= (2*sizeof(krb5_ui_2) + fcc_taglen);
-	 }
-     }
+    if (data->version == KRB5_FCC_FVNO_4) {
+        char buf[1024];
+
+        if (krb5_fcc_read_ui_2(context, id, &fcc_flen) ||
+            (fcc_flen > sizeof(buf)))
+        {
+            retval = KRB5_CC_FORMAT;
+            goto done;
+        }
+
+        while (fcc_flen) {
+            if ((fcc_flen < (2 * sizeof(krb5_ui_2))) ||
+                krb5_fcc_read_ui_2(context, id, &fcc_tag) ||
+                krb5_fcc_read_ui_2(context, id, &fcc_taglen) ||
+                (fcc_taglen > (fcc_flen - 2*sizeof(krb5_ui_2))))
+            {
+                retval = KRB5_CC_FORMAT;
+                goto done;
+            }
+
+            switch (fcc_tag) {
+            case FCC_TAG_DELTATIME:
+                if (fcc_taglen != 2*sizeof(krb5_int32)) {
+                    retval = KRB5_CC_FORMAT;
+                    goto done;
+                }
+                if (!(context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) ||
+                    (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID))
+                {
+                    if (krb5_fcc_read(context, id, buf, fcc_taglen)) {
+                        retval = KRB5_CC_FORMAT;
+                        goto done;
+                    }
+                    break;
+                }
+                if (krb5_fcc_read_int32(context, id, &os_ctx->time_offset) ||
+                    krb5_fcc_read_int32(context, id, &os_ctx->usec_offset))
+                {
+                    retval = KRB5_CC_FORMAT;
+                    goto done;
+                }
+                os_ctx->os_flags =
+                    ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+                     KRB5_OS_TOFFSET_VALID);
+                break;
+            default:
+                if (fcc_taglen && krb5_fcc_read(context,id,buf,fcc_taglen)) {
+                    retval = KRB5_CC_FORMAT;
+                    goto done;
+                }
+                break;
+            }
+            fcc_flen -= (2*sizeof(krb5_ui_2) + fcc_taglen);
+        }
+    }
 
 done:
-     if (retval) {
-         data->file = -1;
-         (void) krb5_unlock_file(context, f);
-         (void) close(f);
-     }
-     return retval;
+    if (retval) {
+        data->file = -1;
+        (void) krb5_unlock_file(context, f);
+        (void) close(f);
+    }
+    return retval;
 }
 
 static krb5_error_code
 krb5_fcc_skip_header(krb5_context context, krb5_ccache id)
 {
-     krb5_fcc_data *data = (krb5_fcc_data *)id->data;
-     krb5_error_code kret;
-     krb5_ui_2 fcc_flen;
-
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
-
-     fcc_lseek(data, (off_t) sizeof(krb5_ui_2), SEEK_SET);
-     if (data->version == KRB5_FCC_FVNO_4) {
-	 kret = krb5_fcc_read_ui_2(context, id, &fcc_flen);
-	 if (kret) return kret;
-         if(fcc_lseek(data, (off_t) fcc_flen, SEEK_CUR) < 0)
-		return errno;
-     }
-     return KRB5_OK;
+    krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+    krb5_error_code kret;
+    krb5_ui_2 fcc_flen;
+
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+
+    fcc_lseek(data, (off_t) sizeof(krb5_ui_2), SEEK_SET);
+    if (data->version == KRB5_FCC_FVNO_4) {
+        kret = krb5_fcc_read_ui_2(context, id, &fcc_flen);
+        if (kret) return kret;
+        if(fcc_lseek(data, (off_t) fcc_flen, SEEK_CUR) < 0)
+            return errno;
+    }
+    return KRB5_OK;
 }
 
 static krb5_error_code
 krb5_fcc_skip_principal(krb5_context context, krb5_ccache id)
 {
-     krb5_error_code kret;
-     krb5_principal princ;
+    krb5_error_code kret;
+    krb5_principal princ;
 
-     k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
+    k5_cc_mutex_assert_locked(context, &((krb5_fcc_data *) id->data)->lock);
 
-     kret = krb5_fcc_read_principal(context, id, &princ);
-     if (kret != KRB5_OK)
-	  return kret;
+    kret = krb5_fcc_read_principal(context, id, &princ);
+    if (kret != KRB5_OK)
+        return kret;
 
-     krb5_free_principal(context, princ);
-     return KRB5_OK;
+    krb5_free_principal(context, princ);
+    return KRB5_OK;
 }
 
 
@@ -1441,36 +1442,36 @@ krb5_fcc_skip_principal(krb5_context context, krb5_ccache id)
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
 {
-     krb5_error_code kret = 0;
-     int reti = 0;
+    krb5_error_code kret = 0;
+    int reti = 0;
 
-     kret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
-     if (kret)
-	 return kret;
+    kret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
+    if (kret)
+        return kret;
 
-     MAYBE_OPEN(context, id, FCC_OPEN_AND_ERASE);
+    MAYBE_OPEN(context, id, FCC_OPEN_AND_ERASE);
 
 #if defined(HAVE_FCHMOD) || defined(HAVE_CHMOD)
-     {
+    {
 #ifdef HAVE_FCHMOD
-         reti = fchmod(((krb5_fcc_data *) id->data)->file, S_IREAD | S_IWRITE);
+        reti = fchmod(((krb5_fcc_data *) id->data)->file, S_IREAD | S_IWRITE);
 #else
-         reti = chmod(((krb5_fcc_data *) id->data)->filename, S_IREAD | S_IWRITE);
+        reti = chmod(((krb5_fcc_data *) id->data)->filename, S_IREAD | S_IWRITE);
 #endif
-         if (reti == -1) {
-             kret = krb5_fcc_interpret(context, errno);
-             MAYBE_CLOSE(context, id, kret);
-	     k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
-             return kret;
-         }
-     }
+        if (reti == -1) {
+            kret = krb5_fcc_interpret(context, errno);
+            MAYBE_CLOSE(context, id, kret);
+            k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
+            return kret;
+        }
+    }
 #endif
-     kret = krb5_fcc_store_principal(context, id, princ);
+    kret = krb5_fcc_store_principal(context, id, princ);
 
-     MAYBE_CLOSE(context, id, kret);
-     k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
-     krb5_change_cache ();
-     return kret;
+    MAYBE_CLOSE(context, id, kret);
+    k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
+    krb5_change_cache ();
+    return kret;
 }
 
 /*
@@ -1484,34 +1485,34 @@ static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data)
 
     kerr = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
     if (kerr)
-	return kerr;
+        return kerr;
     for (fccsp = &fccs; *fccsp != NULL; fccsp = &(*fccsp)->next)
-	if ((*fccsp)->data == data)
-	    break;
+        if ((*fccsp)->data == data)
+            break;
     assert(*fccsp != NULL);
     assert((*fccsp)->data == data);
     (*fccsp)->refcount--;
     if ((*fccsp)->refcount == 0) {
         struct fcc_set *temp;
-	data = (*fccsp)->data;
-	temp = *fccsp;
-	*fccsp = (*fccsp)->next;
-	free(temp);
-	k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	k5_cc_mutex_assert_unlocked(context, &data->lock);
-	free(data->filename);
-	zap(data->buf, sizeof(data->buf));
-	if (data->file >= 0) {
-	    kerr = k5_cc_mutex_lock(context, &data->lock);
-	    if (kerr)
-		return kerr;
-	    krb5_fcc_close_file(context, data);
-	    k5_cc_mutex_unlock(context, &data->lock);
-	}
-	k5_cc_mutex_destroy(&data->lock);
-	free(data);
+        data = (*fccsp)->data;
+        temp = *fccsp;
+        *fccsp = (*fccsp)->next;
+        free(temp);
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        k5_cc_mutex_assert_unlocked(context, &data->lock);
+        free(data->filename);
+        zap(data->buf, sizeof(data->buf));
+        if (data->file >= 0) {
+            kerr = k5_cc_mutex_lock(context, &data->lock);
+            if (kerr)
+                return kerr;
+            krb5_fcc_close_file(context, data);
+            k5_cc_mutex_unlock(context, &data->lock);
+        }
+        k5_cc_mutex_destroy(&data->lock);
+        free(data);
     } else
-	k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
     return 0;
 }
 
@@ -1526,9 +1527,9 @@ static krb5_error_code dereference(krb5_context context, krb5_fcc_data *data)
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_close(krb5_context context, krb5_ccache id)
 {
-     dereference(context, (krb5_fcc_data *) id->data);
-     free(id);
-     return KRB5_OK;
+    dereference(context, (krb5_fcc_data *) id->data);
+    free(id);
+    return KRB5_OK;
 }
 
 /*
@@ -1541,32 +1542,32 @@ krb5_fcc_close(krb5_context context, krb5_ccache id)
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_destroy(krb5_context context, krb5_ccache id)
 {
-     krb5_error_code kret = 0;
-     krb5_fcc_data *data = (krb5_fcc_data *) id->data;
-     register int ret;
-
-     struct stat buf;
-     unsigned long i, size;
-     unsigned int wlen;
-     char zeros[BUFSIZ];
-
-     kret = k5_cc_mutex_lock(context, &data->lock);
-     if (kret)
-	 return kret;
-
-     if (OPENCLOSE(id)) {
-	 invalidate_cache(data);
-	  ret = THREEPARAMOPEN(data->filename,
-			       O_RDWR | O_BINARY, 0);
-	  if (ret < 0) {
-	      kret = krb5_fcc_interpret(context, errno);
-	      goto cleanup;
-	  }
-	  set_cloexec_fd(ret);
-	  data->file = ret;
-     }
-     else
-	  fcc_lseek(data, (off_t) 0, SEEK_SET);
+    krb5_error_code kret = 0;
+    krb5_fcc_data *data = (krb5_fcc_data *) id->data;
+    register int ret;
+
+    struct stat buf;
+    unsigned long i, size;
+    unsigned int wlen;
+    char zeros[BUFSIZ];
+
+    kret = k5_cc_mutex_lock(context, &data->lock);
+    if (kret)
+        return kret;
+
+    if (OPENCLOSE(id)) {
+        invalidate_cache(data);
+        ret = THREEPARAMOPEN(data->filename,
+                             O_RDWR | O_BINARY, 0);
+        if (ret < 0) {
+            kret = krb5_fcc_interpret(context, errno);
+            goto cleanup;
+        }
+        set_cloexec_fd(ret);
+        data->file = ret;
+    }
+    else
+        fcc_lseek(data, (off_t) 0, SEEK_SET);
 
 #ifdef MSDOS_FILESYSTEM
 /* "disgusting bit of UNIX trivia" - that's how the writers of NFS describe
@@ -1607,65 +1608,65 @@ krb5_fcc_destroy(krb5_context context, krb5_ccache id)
 
 #else /* MSDOS_FILESYSTEM */
 
-     ret = unlink(data->filename);
-     if (ret < 0) {
-	 kret = krb5_fcc_interpret(context, errno);
-	 if (OPENCLOSE(id)) {
-	     (void) close(((krb5_fcc_data *)id->data)->file);
-	     data->file = -1;
-             kret = ret;
-	 }
-	 goto cleanup;
-     }
-     
-     ret = fstat(data->file, &buf);
-     if (ret < 0) {
-	 kret = krb5_fcc_interpret(context, errno);
-	 if (OPENCLOSE(id)) {
-	     (void) close(((krb5_fcc_data *)id->data)->file);
-	     data->file = -1;
-	 }
-	 goto cleanup;
-     }
-
-     /* XXX This may not be legal XXX */
-     size = (unsigned long) buf.st_size;
-     memset(zeros, 0, BUFSIZ);
-     for (i=0; i < size / BUFSIZ; i++)
-	  if (write(data->file, zeros, BUFSIZ) < 0) {
-	      kret = krb5_fcc_interpret(context, errno);
-	      if (OPENCLOSE(id)) {
-		  (void) close(((krb5_fcc_data *)id->data)->file);
-		  data->file = -1;
-	      }
-	      goto cleanup;
-	  }
-
-     wlen = (unsigned int) (size % BUFSIZ);
-     if (write(data->file, zeros, wlen) < 0) {
-	 kret = krb5_fcc_interpret(context, errno);
-	 if (OPENCLOSE(id)) {
-	     (void) close(((krb5_fcc_data *)id->data)->file);
-	     data->file = -1;
-	 }
-	 goto cleanup;
-     }
-
-     ret = close(data->file);
-     data->file = -1;
-
-     if (ret)
-	 kret = krb5_fcc_interpret(context, errno);
+    ret = unlink(data->filename);
+    if (ret < 0) {
+        kret = krb5_fcc_interpret(context, errno);
+        if (OPENCLOSE(id)) {
+            (void) close(((krb5_fcc_data *)id->data)->file);
+            data->file = -1;
+            kret = ret;
+        }
+        goto cleanup;
+    }
+
+    ret = fstat(data->file, &buf);
+    if (ret < 0) {
+        kret = krb5_fcc_interpret(context, errno);
+        if (OPENCLOSE(id)) {
+            (void) close(((krb5_fcc_data *)id->data)->file);
+            data->file = -1;
+        }
+        goto cleanup;
+    }
+
+    /* XXX This may not be legal XXX */
+    size = (unsigned long) buf.st_size;
+    memset(zeros, 0, BUFSIZ);
+    for (i=0; i < size / BUFSIZ; i++)
+        if (write(data->file, zeros, BUFSIZ) < 0) {
+            kret = krb5_fcc_interpret(context, errno);
+            if (OPENCLOSE(id)) {
+                (void) close(((krb5_fcc_data *)id->data)->file);
+                data->file = -1;
+            }
+            goto cleanup;
+        }
+
+    wlen = (unsigned int) (size % BUFSIZ);
+    if (write(data->file, zeros, wlen) < 0) {
+        kret = krb5_fcc_interpret(context, errno);
+        if (OPENCLOSE(id)) {
+            (void) close(((krb5_fcc_data *)id->data)->file);
+            data->file = -1;
+        }
+        goto cleanup;
+    }
+
+    ret = close(data->file);
+    data->file = -1;
+
+    if (ret)
+        kret = krb5_fcc_interpret(context, errno);
 
 #endif /* MSDOS_FILESYSTEM */
 
-  cleanup:
-     k5_cc_mutex_unlock(context, &data->lock);
-     dereference(context, data);
-     free(id);
+cleanup:
+    k5_cc_mutex_unlock(context, &data->lock);
+    dereference(context, data);
+    free(id);
 
-     krb5_change_cache ();
-     return kret;
+    krb5_change_cache ();
+    return kret;
 }
 
 extern const krb5_cc_ops krb5_fcc_ops;
@@ -1676,109 +1677,109 @@ extern const krb5_cc_ops krb5_fcc_ops;
  *
  * Modifies:
  * id
- * 
+ *
  * Effects:
  * creates a file-based cred cache that will reside in the file
  * residual.  The cache is not opened, but the filename is reserved.
- * 
+ *
  * Returns:
  * A filled in krb5_ccache structure "id".
  *
  * Errors:
  * KRB5_CC_NOMEM - there was insufficient memory to allocate the
- * 		krb5_ccache.  id is undefined.
+ *              krb5_ccache.  id is undefined.
  * permission errors
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
 {
-     krb5_ccache lid;
-     krb5_error_code kret;
-     krb5_fcc_data *data;
-     struct fcc_set *setptr;
-
-     kret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
-     if (kret)
-	 return kret;
-     for (setptr = fccs; setptr; setptr = setptr->next) {
-	 if (!strcmp(setptr->data->filename, residual))
-	     break;
-     }
-     if (setptr) {
-	 data = setptr->data;
-	 assert(setptr->refcount != 0);
-	 setptr->refcount++;
-	 assert(setptr->refcount != 0);
-	 kret = k5_cc_mutex_lock(context, &data->lock);
-	 if (kret) {
-	     k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	     return kret;
-	 }
-	 k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-     } else {
-	 data = malloc(sizeof(krb5_fcc_data));
-	 if (data == NULL) {
-	     k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	     return KRB5_CC_NOMEM;
-	 }
-	 data->filename = strdup(residual);
-	 if (data->filename == NULL) {
-	     k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	     free(data);
-	     return KRB5_CC_NOMEM;
-	 }
-	 kret = k5_cc_mutex_init(&data->lock);
-	 if (kret) {
-	     k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	     free(data->filename);
-	     free(data);
-	     return kret;
-	 }
-	 kret = k5_cc_mutex_lock(context, &data->lock);
-	 if (kret) {
-	     k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	     k5_cc_mutex_destroy(&data->lock);
-	     free(data->filename);
-	     free(data);
-	     return kret;
-	 }
-	 /* data->version,mode filled in for real later */
-	 data->version = data->mode = 0;
-	 data->flags = KRB5_TC_OPENCLOSE;
-	 data->file = -1;
-	 data->valid_bytes = 0;
-	 setptr = malloc(sizeof(struct fcc_set));
-	 if (setptr == NULL) {
-	     k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
- 	     k5_cc_mutex_unlock(context, &data->lock);
-	     k5_cc_mutex_destroy(&data->lock);
-	     free(data->filename);
-	     free(data);
-	     return KRB5_CC_NOMEM;
-	 }
-	 setptr->refcount = 1;
-	 setptr->data = data;
-	 setptr->next = fccs;
-	 fccs = setptr;
-	 k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-     }
-
-     k5_cc_mutex_assert_locked(context, &data->lock);
-     k5_cc_mutex_unlock(context, &data->lock);
-     lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
-     if (lid == NULL) {
-	 dereference(context, data);
-	 return KRB5_CC_NOMEM;
-     }
-
-     lid->ops = &krb5_fcc_ops;
-     lid->data = data;
-     lid->magic = KV5M_CCACHE;
-
-     /* other routines will get errors on open, and callers must expect them,
-	if cache is non-existent/unusable */
-     *id = lid;
-     return KRB5_OK;
+    krb5_ccache lid;
+    krb5_error_code kret;
+    krb5_fcc_data *data;
+    struct fcc_set *setptr;
+
+    kret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
+    if (kret)
+        return kret;
+    for (setptr = fccs; setptr; setptr = setptr->next) {
+        if (!strcmp(setptr->data->filename, residual))
+            break;
+    }
+    if (setptr) {
+        data = setptr->data;
+        assert(setptr->refcount != 0);
+        setptr->refcount++;
+        assert(setptr->refcount != 0);
+        kret = k5_cc_mutex_lock(context, &data->lock);
+        if (kret) {
+            k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+            return kret;
+        }
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+    } else {
+        data = malloc(sizeof(krb5_fcc_data));
+        if (data == NULL) {
+            k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+            return KRB5_CC_NOMEM;
+        }
+        data->filename = strdup(residual);
+        if (data->filename == NULL) {
+            k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+            free(data);
+            return KRB5_CC_NOMEM;
+        }
+        kret = k5_cc_mutex_init(&data->lock);
+        if (kret) {
+            k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+            free(data->filename);
+            free(data);
+            return kret;
+        }
+        kret = k5_cc_mutex_lock(context, &data->lock);
+        if (kret) {
+            k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+            k5_cc_mutex_destroy(&data->lock);
+            free(data->filename);
+            free(data);
+            return kret;
+        }
+        /* data->version,mode filled in for real later */
+        data->version = data->mode = 0;
+        data->flags = KRB5_TC_OPENCLOSE;
+        data->file = -1;
+        data->valid_bytes = 0;
+        setptr = malloc(sizeof(struct fcc_set));
+        if (setptr == NULL) {
+            k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+            k5_cc_mutex_unlock(context, &data->lock);
+            k5_cc_mutex_destroy(&data->lock);
+            free(data->filename);
+            free(data);
+            return KRB5_CC_NOMEM;
+        }
+        setptr->refcount = 1;
+        setptr->data = data;
+        setptr->next = fccs;
+        fccs = setptr;
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+    }
+
+    k5_cc_mutex_assert_locked(context, &data->lock);
+    k5_cc_mutex_unlock(context, &data->lock);
+    lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+    if (lid == NULL) {
+        dereference(context, data);
+        return KRB5_CC_NOMEM;
+    }
+
+    lid->ops = &krb5_fcc_ops;
+    lid->data = data;
+    lid->magic = KV5M_CCACHE;
+
+    /* other routines will get errors on open, and callers must expect them,
+       if cache is non-existent/unusable */
+    *id = lid;
+    return KRB5_OK;
 }
 
 /*
@@ -1796,49 +1797,49 @@ krb5_fcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_start_seq_get(krb5_context context, krb5_ccache id,
-		       krb5_cc_cursor *cursor)
+                       krb5_cc_cursor *cursor)
 {
-     krb5_fcc_cursor *fcursor;
-     krb5_error_code kret = KRB5_OK;
-     krb5_fcc_data *data = (krb5_fcc_data *)id->data;
-
-     kret = k5_cc_mutex_lock(context, &data->lock);
-     if (kret)
-	 return kret;
-
-     fcursor = (krb5_fcc_cursor *) malloc(sizeof(krb5_fcc_cursor));
-     if (fcursor == NULL) {
-	 k5_cc_mutex_unlock(context, &data->lock);
-	 return KRB5_CC_NOMEM;
-     }
-     if (OPENCLOSE(id)) {
-          kret = krb5_fcc_open_file(context, id, FCC_OPEN_RDONLY);
-          if (kret) {
-              free(fcursor);
-	      k5_cc_mutex_unlock(context, &data->lock);
-              return kret;
-          }
-     }
-
-     /* Make sure we start reading right after the primary principal */
-     kret = krb5_fcc_skip_header(context, id);
-     if (kret) {
-         free(fcursor);
-	 goto done;
-     }
-     kret = krb5_fcc_skip_principal(context, id);
-     if (kret) {
-         free(fcursor);
-	 goto done;
-     }
-
-     fcursor->pos = fcc_lseek(data, (off_t) 0, SEEK_CUR);
-     *cursor = (krb5_cc_cursor) fcursor;
+    krb5_fcc_cursor *fcursor;
+    krb5_error_code kret = KRB5_OK;
+    krb5_fcc_data *data = (krb5_fcc_data *)id->data;
+
+    kret = k5_cc_mutex_lock(context, &data->lock);
+    if (kret)
+        return kret;
+
+    fcursor = (krb5_fcc_cursor *) malloc(sizeof(krb5_fcc_cursor));
+    if (fcursor == NULL) {
+        k5_cc_mutex_unlock(context, &data->lock);
+        return KRB5_CC_NOMEM;
+    }
+    if (OPENCLOSE(id)) {
+        kret = krb5_fcc_open_file(context, id, FCC_OPEN_RDONLY);
+        if (kret) {
+            free(fcursor);
+            k5_cc_mutex_unlock(context, &data->lock);
+            return kret;
+        }
+    }
+
+    /* Make sure we start reading right after the primary principal */
+    kret = krb5_fcc_skip_header(context, id);
+    if (kret) {
+        free(fcursor);
+        goto done;
+    }
+    kret = krb5_fcc_skip_principal(context, id);
+    if (kret) {
+        free(fcursor);
+        goto done;
+    }
+
+    fcursor->pos = fcc_lseek(data, (off_t) 0, SEEK_CUR);
+    *cursor = (krb5_cc_cursor) fcursor;
 
 done:
-     MAYBE_CLOSE(context, id, kret);
-     k5_cc_mutex_unlock(context, &data->lock);
-     return kret;
+    MAYBE_CLOSE(context, id, kret);
+    k5_cc_mutex_unlock(context, &data->lock);
+    return kret;
 }
 
 
@@ -1849,7 +1850,7 @@ done:
  *
  * Modifes:
  * cursor, creds
- * 
+ *
  * Effects:
  * Fills in creds with the "next" credentals structure from the cache
  * id.  The actual order the creds are returned in is arbitrary.
@@ -1864,62 +1865,62 @@ done:
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
-		   krb5_creds *creds)
+                   krb5_creds *creds)
 {
 #define TCHECK(ret) if (ret != KRB5_OK) goto lose;
-     krb5_error_code kret;
-     krb5_fcc_cursor *fcursor;
-     krb5_int32 int32;
-     krb5_octet octet;
-     krb5_fcc_data *d = (krb5_fcc_data *) id->data;
-
-     kret = k5_cc_mutex_lock(context, &d->lock);
-     if (kret)
-	 return kret;
-
-     memset(creds, 0, sizeof(*creds));
-     MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
-     fcursor = (krb5_fcc_cursor *) *cursor;
-
-     kret = (fcc_lseek(d, fcursor->pos, SEEK_SET) == (off_t) -1);
-     if (kret) {
-	 kret = krb5_fcc_interpret(context, errno);
-	 MAYBE_CLOSE(context, id, kret);
-	 k5_cc_mutex_unlock(context, &d->lock);
-	 return kret;
-     }
-
-     kret = krb5_fcc_read_principal(context, id, &creds->client);
-     TCHECK(kret);
-     kret = krb5_fcc_read_principal(context, id, &creds->server);
-     TCHECK(kret);
-     kret = krb5_fcc_read_keyblock(context, id, &creds->keyblock);
-     TCHECK(kret);
-     kret = krb5_fcc_read_times(context, id, &creds->times);
-     TCHECK(kret);
-     kret = krb5_fcc_read_octet(context, id, &octet);
-     TCHECK(kret);
-     creds->is_skey = octet;
-     kret = krb5_fcc_read_int32(context, id, &int32);
-     TCHECK(kret);
-     creds->ticket_flags = int32;
-     kret = krb5_fcc_read_addrs(context, id, &creds->addresses);
-     TCHECK(kret);
-     kret = krb5_fcc_read_authdata(context, id, &creds->authdata);
-     TCHECK(kret);
-     kret = krb5_fcc_read_data(context, id, &creds->ticket);
-     TCHECK(kret);
-     kret = krb5_fcc_read_data(context, id, &creds->second_ticket);
-     TCHECK(kret);
-     
-     fcursor->pos = fcc_lseek(d, (off_t) 0, SEEK_CUR);
+    krb5_error_code kret;
+    krb5_fcc_cursor *fcursor;
+    krb5_int32 int32;
+    krb5_octet octet;
+    krb5_fcc_data *d = (krb5_fcc_data *) id->data;
+
+    kret = k5_cc_mutex_lock(context, &d->lock);
+    if (kret)
+        return kret;
+
+    memset(creds, 0, sizeof(*creds));
+    MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
+    fcursor = (krb5_fcc_cursor *) *cursor;
+
+    kret = (fcc_lseek(d, fcursor->pos, SEEK_SET) == (off_t) -1);
+    if (kret) {
+        kret = krb5_fcc_interpret(context, errno);
+        MAYBE_CLOSE(context, id, kret);
+        k5_cc_mutex_unlock(context, &d->lock);
+        return kret;
+    }
+
+    kret = krb5_fcc_read_principal(context, id, &creds->client);
+    TCHECK(kret);
+    kret = krb5_fcc_read_principal(context, id, &creds->server);
+    TCHECK(kret);
+    kret = krb5_fcc_read_keyblock(context, id, &creds->keyblock);
+    TCHECK(kret);
+    kret = krb5_fcc_read_times(context, id, &creds->times);
+    TCHECK(kret);
+    kret = krb5_fcc_read_octet(context, id, &octet);
+    TCHECK(kret);
+    creds->is_skey = octet;
+    kret = krb5_fcc_read_int32(context, id, &int32);
+    TCHECK(kret);
+    creds->ticket_flags = int32;
+    kret = krb5_fcc_read_addrs(context, id, &creds->addresses);
+    TCHECK(kret);
+    kret = krb5_fcc_read_authdata(context, id, &creds->authdata);
+    TCHECK(kret);
+    kret = krb5_fcc_read_data(context, id, &creds->ticket);
+    TCHECK(kret);
+    kret = krb5_fcc_read_data(context, id, &creds->second_ticket);
+    TCHECK(kret);
+
+    fcursor->pos = fcc_lseek(d, (off_t) 0, SEEK_CUR);
 
 lose:
-     MAYBE_CLOSE (context, id, kret);
-     k5_cc_mutex_unlock(context, &d->lock);
-     if (kret != KRB5_OK)
-	 krb5_free_cred_contents(context, creds);
-     return kret;
+    MAYBE_CLOSE (context, id, kret);
+    k5_cc_mutex_unlock(context, &d->lock);
+    if (kret != KRB5_OK)
+        krb5_free_cred_contents(context, creds);
+    return kret;
 }
 
 /*
@@ -1938,15 +1939,15 @@ lose:
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
 {
-     /* We don't do anything with the file cache itself, so
-	no need to lock anything.  */
-
-     /* don't close; it may be left open by the caller,
-        and if not, fcc_start_seq_get and/or fcc_next_cred will do the
-        MAYBE_CLOSE.
-     MAYBE_CLOSE(context, id, kret); */
-     free((krb5_fcc_cursor *) *cursor);
-     return 0;
+    /* We don't do anything with the file cache itself, so
+       no need to lock anything.  */
+
+    /* don't close; it may be left open by the caller,
+       and if not, fcc_start_seq_get and/or fcc_next_cred will do the
+       MAYBE_CLOSE.
+       MAYBE_CLOSE(context, id, kret); */
+    free((krb5_fcc_cursor *) *cursor);
+    return 0;
 }
 
 
@@ -1955,184 +1956,184 @@ krb5_fcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso
  * Creates a new file cred cache whose name is guaranteed to be
  * unique.  The name begins with the string TKT_ROOT (from fcc.h).
  * The cache is not opened, but the new filename is reserved.
- *  
+ *
  * Returns:
  * The filled in krb5_ccache id.
  *
  * Errors:
  * KRB5_CC_NOMEM - there was insufficient memory to allocate the
- * 		krb5_ccache.  id is undefined.
+ *              krb5_ccache.  id is undefined.
  * system errors (from open)
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_generate_new (krb5_context context, krb5_ccache *id)
 {
-     krb5_ccache lid;
-     int ret;
-     krb5_error_code    kret = 0;
-     char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for
-					    NUL */
-     krb5_fcc_data *data;
-     krb5_int16 fcc_fvno = htons(context->fcc_default_format);
-     krb5_int16 fcc_flen = 0;
-     int errsave, cnt;
-     struct fcc_set *setptr;
-     
-     /* Set master lock */
-     kret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
-     if (kret)
-	 return kret;
-
-     (void) snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT);
-     ret = mkstemp(scratch);
-     if (ret == -1) {
-         k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	 return krb5_fcc_interpret(context, errno);
-     }
-     set_cloexec_fd(ret);
-
-     /* Allocate memory */
-     data = (krb5_pointer) malloc(sizeof(krb5_fcc_data));
-     if (data == NULL) {
-	  k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	  close(ret);
-	  unlink(scratch);
-	  return KRB5_CC_NOMEM;
-     }
-
-     data->filename = strdup(scratch);
-     if (data->filename == NULL) {
-	  k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	  free(data);
-	  close(ret);
-	  unlink(scratch);
-	  return KRB5_CC_NOMEM;
-     }
-
-     kret = k5_cc_mutex_init(&data->lock);
-     if (kret) {
-       k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-       free(data->filename);
-       free(data);
-       close(ret);
-       unlink(scratch);
-       return kret;
-     }
-     kret = k5_cc_mutex_lock(context, &data->lock);
-     if (kret) {
-       k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-       k5_cc_mutex_destroy(&data->lock);
-       free(data->filename);
-       free(data);
-       close(ret);
-       unlink(scratch);
-       return kret;
-     }
-
-     /*
-      * The file is initially closed at the end of this call...
-      */
-     data->flags = 0;
-     data->file = -1;
-     data->valid_bytes = 0;
-     /* data->version,mode filled in for real later */
-     data->version = data->mode = 0;
-
-
-     /* Ignore user's umask, set mode = 0600 */
+    krb5_ccache lid;
+    int ret;
+    krb5_error_code    kret = 0;
+    char scratch[sizeof(TKT_ROOT)+6+1]; /* +6 for the scratch part, +1 for
+                                           NUL */
+    krb5_fcc_data *data;
+    krb5_int16 fcc_fvno = htons(context->fcc_default_format);
+    krb5_int16 fcc_flen = 0;
+    int errsave, cnt;
+    struct fcc_set *setptr;
+
+    /* Set master lock */
+    kret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
+    if (kret)
+        return kret;
+
+    (void) snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT);
+    ret = mkstemp(scratch);
+    if (ret == -1) {
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        return krb5_fcc_interpret(context, errno);
+    }
+    set_cloexec_fd(ret);
+
+    /* Allocate memory */
+    data = (krb5_pointer) malloc(sizeof(krb5_fcc_data));
+    if (data == NULL) {
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        close(ret);
+        unlink(scratch);
+        return KRB5_CC_NOMEM;
+    }
+
+    data->filename = strdup(scratch);
+    if (data->filename == NULL) {
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        free(data);
+        close(ret);
+        unlink(scratch);
+        return KRB5_CC_NOMEM;
+    }
+
+    kret = k5_cc_mutex_init(&data->lock);
+    if (kret) {
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        free(data->filename);
+        free(data);
+        close(ret);
+        unlink(scratch);
+        return kret;
+    }
+    kret = k5_cc_mutex_lock(context, &data->lock);
+    if (kret) {
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        k5_cc_mutex_destroy(&data->lock);
+        free(data->filename);
+        free(data);
+        close(ret);
+        unlink(scratch);
+        return kret;
+    }
+
+    /*
+     * The file is initially closed at the end of this call...
+     */
+    data->flags = 0;
+    data->file = -1;
+    data->valid_bytes = 0;
+    /* data->version,mode filled in for real later */
+    data->version = data->mode = 0;
+
+
+    /* Ignore user's umask, set mode = 0600 */
 #ifndef HAVE_FCHMOD
 #ifdef HAVE_CHMOD
-     chmod(data->filename, S_IRUSR | S_IWUSR);
+    chmod(data->filename, S_IRUSR | S_IWUSR);
 #endif
 #else
-     fchmod(ret, S_IRUSR | S_IWUSR);
+    fchmod(ret, S_IRUSR | S_IWUSR);
 #endif
-     if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno)))
-	 != sizeof(fcc_fvno)) {
-	  errsave = errno;
-	  (void) close(ret);
-	  (void) unlink(data->filename);
-	  kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
-	  goto err_out;
-     }
-     /* For version 4 we save a length for the rest of the header */
-     if (context->fcc_default_format == KRB5_FCC_FVNO_4) {
-	  if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen)))
-	      != sizeof(fcc_flen)) {
-	       errsave = errno;
-	       (void) close(ret);
-	       (void) unlink(data->filename);
-	       kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
-	       goto err_out;
-	  }
-     }
-     if (close(ret) == -1) {
-	  errsave = errno;
-	  (void) unlink(data->filename);
-	  kret = krb5_fcc_interpret(context, errsave);
-	  goto err_out;
-     }
-
-
-     setptr = malloc(sizeof(struct fcc_set));
-     if (setptr == NULL) {
-       k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-       k5_cc_mutex_unlock(context, &data->lock);
-       k5_cc_mutex_destroy(&data->lock);
-       free(data->filename);
-       free(data);
-       (void) close(ret);
-       (void) unlink(scratch);
-       return KRB5_CC_NOMEM;
-     }
-     setptr->refcount = 1;
-     setptr->data = data;
-     setptr->next = fccs;
-     fccs = setptr;
-     k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-
-     k5_cc_mutex_assert_locked(context, &data->lock);
-     k5_cc_mutex_unlock(context, &data->lock);
-     lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
-     if (lid == NULL) {
-	 dereference(context, data);
-	 return KRB5_CC_NOMEM;
-     }
-
-     lid->ops = &krb5_fcc_ops;
-     lid->data = data;
-     lid->magic = KV5M_CCACHE;
-
-     /* default to open/close on every trn - otherwise destroy 
-	will get as to state confused */
-     ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE;
-
-     *id = lid;
-
-       
-     krb5_change_cache ();
-     return KRB5_OK;
+    if ((cnt = write(ret, (char *)&fcc_fvno, sizeof(fcc_fvno)))
+        != sizeof(fcc_fvno)) {
+        errsave = errno;
+        (void) close(ret);
+        (void) unlink(data->filename);
+        kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
+        goto err_out;
+    }
+    /* For version 4 we save a length for the rest of the header */
+    if (context->fcc_default_format == KRB5_FCC_FVNO_4) {
+        if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen)))
+            != sizeof(fcc_flen)) {
+            errsave = errno;
+            (void) close(ret);
+            (void) unlink(data->filename);
+            kret = (cnt == -1) ? krb5_fcc_interpret(context, errsave) : KRB5_CC_IO;
+            goto err_out;
+        }
+    }
+    if (close(ret) == -1) {
+        errsave = errno;
+        (void) unlink(data->filename);
+        kret = krb5_fcc_interpret(context, errsave);
+        goto err_out;
+    }
+
+
+    setptr = malloc(sizeof(struct fcc_set));
+    if (setptr == NULL) {
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        k5_cc_mutex_unlock(context, &data->lock);
+        k5_cc_mutex_destroy(&data->lock);
+        free(data->filename);
+        free(data);
+        (void) close(ret);
+        (void) unlink(scratch);
+        return KRB5_CC_NOMEM;
+    }
+    setptr->refcount = 1;
+    setptr->data = data;
+    setptr->next = fccs;
+    fccs = setptr;
+    k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+
+    k5_cc_mutex_assert_locked(context, &data->lock);
+    k5_cc_mutex_unlock(context, &data->lock);
+    lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
+    if (lid == NULL) {
+        dereference(context, data);
+        return KRB5_CC_NOMEM;
+    }
+
+    lid->ops = &krb5_fcc_ops;
+    lid->data = data;
+    lid->magic = KV5M_CCACHE;
+
+    /* default to open/close on every trn - otherwise destroy
+       will get as to state confused */
+    ((krb5_fcc_data *) lid->data)->flags = KRB5_TC_OPENCLOSE;
+
+    *id = lid;
+
+
+    krb5_change_cache ();
+    return KRB5_OK;
 
 err_out:
-     k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-     k5_cc_mutex_unlock(context, &data->lock);
-     k5_cc_mutex_destroy(&data->lock);
-     free(data->filename);
-     free(data);
-     return kret;
+    k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+    k5_cc_mutex_unlock(context, &data->lock);
+    k5_cc_mutex_destroy(&data->lock);
+    free(data->filename);
+    free(data);
+    return kret;
 }
 
 /*
  * Requires:
  * id is a file credential cache
- * 
+ *
  * Returns:
  * The name of the file cred cache id.
  */
 static const char * KRB5_CALLCONV
 krb5_fcc_get_name (krb5_context context, krb5_ccache id)
 {
-     return (char *) ((krb5_fcc_data *) id->data)->filename;
+    return (char *) ((krb5_fcc_data *) id->data)->filename;
 }
 
 /*
@@ -2151,31 +2152,31 @@ krb5_fcc_get_name (krb5_context context, krb5_ccache id)
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
 {
-     krb5_error_code kret = KRB5_OK;
+    krb5_error_code kret = KRB5_OK;
+
+    kret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
+    if (kret)
+        return kret;
 
-     kret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
-     if (kret)
-	 return kret;
+    MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
 
-     MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
-     
-     /* make sure we're beyond the header */
-     kret = krb5_fcc_skip_header(context, id);
-     if (kret) goto done;
-     kret = krb5_fcc_read_principal(context, id, princ);
+    /* make sure we're beyond the header */
+    kret = krb5_fcc_skip_header(context, id);
+    if (kret) goto done;
+    kret = krb5_fcc_read_principal(context, id, princ);
 
 done:
-     MAYBE_CLOSE(context, id, kret);
-     k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
-     return kret;
+    MAYBE_CLOSE(context, id, kret);
+    k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
+    return kret;
 }
 
-     
+
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds)
 {
     return krb5_cc_retrieve_cred_default (context, id, whichfields,
-					  mcreds, creds);
+                                          mcreds, creds);
 }
 
 
@@ -2194,55 +2195,55 @@ static krb5_error_code KRB5_CALLCONV
 krb5_fcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
 {
 #define TCHECK(ret) if (ret != KRB5_OK) goto lose;
-     krb5_error_code ret;
-
-     ret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
-     if (ret)
-	 return ret;
-
-     /* Make sure we are writing to the end of the file */
-     MAYBE_OPEN(context, id, FCC_OPEN_RDWR);
-
-     /* Make sure we are writing to the end of the file */
-     ret = fcc_lseek((krb5_fcc_data *) id->data, (off_t) 0, SEEK_END);
-     if (ret < 0) {
-          MAYBE_CLOSE_IGNORE(context, id);
-	  k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
-	  return krb5_fcc_interpret(context, errno);
-     }
-
-     ret = krb5_fcc_store_principal(context, id, creds->client);
-     TCHECK(ret);
-     ret = krb5_fcc_store_principal(context, id, creds->server);
-     TCHECK(ret);
-     ret = krb5_fcc_store_keyblock(context, id, &creds->keyblock);
-     TCHECK(ret);
-     ret = krb5_fcc_store_times(context, id, &creds->times);
-     TCHECK(ret);
-     ret = krb5_fcc_store_octet(context, id, (krb5_int32) creds->is_skey);
-     TCHECK(ret);
-     ret = krb5_fcc_store_int32(context, id, creds->ticket_flags);
-     TCHECK(ret);
-     ret = krb5_fcc_store_addrs(context, id, creds->addresses);
-     TCHECK(ret);
-     ret = krb5_fcc_store_authdata(context, id, creds->authdata);
-     TCHECK(ret);
-     ret = krb5_fcc_store_data(context, id, &creds->ticket);
-     TCHECK(ret);
-     ret = krb5_fcc_store_data(context, id, &creds->second_ticket);
-     TCHECK(ret);
+    krb5_error_code ret;
+
+    ret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
+    if (ret)
+        return ret;
+
+    /* Make sure we are writing to the end of the file */
+    MAYBE_OPEN(context, id, FCC_OPEN_RDWR);
+
+    /* Make sure we are writing to the end of the file */
+    ret = fcc_lseek((krb5_fcc_data *) id->data, (off_t) 0, SEEK_END);
+    if (ret < 0) {
+        MAYBE_CLOSE_IGNORE(context, id);
+        k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
+        return krb5_fcc_interpret(context, errno);
+    }
+
+    ret = krb5_fcc_store_principal(context, id, creds->client);
+    TCHECK(ret);
+    ret = krb5_fcc_store_principal(context, id, creds->server);
+    TCHECK(ret);
+    ret = krb5_fcc_store_keyblock(context, id, &creds->keyblock);
+    TCHECK(ret);
+    ret = krb5_fcc_store_times(context, id, &creds->times);
+    TCHECK(ret);
+    ret = krb5_fcc_store_octet(context, id, (krb5_int32) creds->is_skey);
+    TCHECK(ret);
+    ret = krb5_fcc_store_int32(context, id, creds->ticket_flags);
+    TCHECK(ret);
+    ret = krb5_fcc_store_addrs(context, id, creds->addresses);
+    TCHECK(ret);
+    ret = krb5_fcc_store_authdata(context, id, creds->authdata);
+    TCHECK(ret);
+    ret = krb5_fcc_store_data(context, id, &creds->ticket);
+    TCHECK(ret);
+    ret = krb5_fcc_store_data(context, id, &creds->second_ticket);
+    TCHECK(ret);
 
 lose:
-     MAYBE_CLOSE(context, id, ret);
-     k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
-     krb5_change_cache ();
-     return ret;
+    MAYBE_CLOSE(context, id, ret);
+    k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
+    krb5_change_cache ();
+    return ret;
 #undef TCHECK
 }
 
-/* 
+/*
  * Non-functional stub implementation for krb5_fcc_remove
- * 
+ *
  * Errors:
  *    KRB5_CC_NOSUPP - not implemented
  */
@@ -2260,7 +2261,7 @@ krb5_fcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
  *
  * Modifies:
  * id
- * 
+ *
  * Effects:
  * Sets the operational flags of id to flags.
  */
@@ -2271,18 +2272,18 @@ krb5_fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
 
     ret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
     if (ret)
-	return ret;
+        return ret;
 
     /* XXX This should check for illegal combinations, if any.. */
     if (flags & KRB5_TC_OPENCLOSE) {
-	/* asking to turn on OPENCLOSE mode */
-	if (!OPENCLOSE(id)
-	    /* XXX Is this test necessary? */
-	    && ((krb5_fcc_data *) id->data)->file != NO_FILE)
+        /* asking to turn on OPENCLOSE mode */
+        if (!OPENCLOSE(id)
+            /* XXX Is this test necessary? */
+            && ((krb5_fcc_data *) id->data)->file != NO_FILE)
             (void) krb5_fcc_close_file (context, ((krb5_fcc_data *) id->data));
     } else {
-	/* asking to turn off OPENCLOSE mode, meaning it must be
-	   left open.  We open if it's not yet open */
+        /* asking to turn off OPENCLOSE mode, meaning it must be
+           left open.  We open if it's not yet open */
         MAYBE_OPEN(context, id, FCC_OPEN_RDONLY);
     }
 
@@ -2298,7 +2299,7 @@ krb5_fcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
  *
  * Modifies:
  * id (mutex only; temporary)
- * 
+ *
  * Effects:
  * Returns the operational flags of id.
  */
@@ -2309,7 +2310,7 @@ krb5_fcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
 
     ret = k5_cc_mutex_lock(context, &((krb5_fcc_data *) id->data)->lock);
     if (ret)
-	return ret;
+        return ret;
     *flags = ((krb5_fcc_data *) id->data)->flags;
     k5_cc_mutex_unlock(context, &((krb5_fcc_data *) id->data)->lock);
     return ret;
@@ -2321,9 +2322,9 @@ krb5_fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor)
     krb5_error_code ret = 0;
     krb5_cc_ptcursor n = NULL;
     struct krb5_fcc_ptcursor_data *cdata = NULL;
-    
+
     *cursor = NULL;
-    
+
     n = malloc(sizeof(*n));
     if (n == NULL)
         return ENOMEM;
@@ -2341,11 +2342,11 @@ krb5_fcc_ptcursor_new(krb5_context context, krb5_cc_ptcursor *cursor)
     ret = k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
     if (ret)
         goto errout;
-        
+
 errout:
-        if (ret) {
-            krb5_fcc_ptcursor_free(context, &n);
-        }
+    if (ret) {
+        krb5_fcc_ptcursor_free(context, &n);
+    }
     *cursor = n;
     return ret;
 }
@@ -2358,39 +2359,39 @@ krb5_fcc_ptcursor_next(krb5_context context,
     krb5_error_code ret = 0;
     struct krb5_fcc_ptcursor_data *cdata = NULL;
     krb5_ccache n;
-    
+
     *ccache = NULL;
     n = malloc(sizeof(*n));
     if (n == NULL)
         return ENOMEM;
-    
+
     cdata = cursor->data;
 
     ret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
     if (ret)
         goto errout;
-    
+
     if (cdata->cur == NULL) {
         k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
         free(n);
         n = NULL;
         goto errout;
     }
-        
+
     n->ops = &krb5_fcc_ops;
     n->data = cdata->cur->data;
     cdata->cur->refcount++;
-    
+
     cdata->cur = cdata->cur->next;
-    
+
     ret = k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
     if (ret)
         goto errout;
 errout:
-        if (ret && n != NULL) {
-            free(n);
-            n = NULL;
-        }
+    if (ret && n != NULL) {
+        free(n);
+        n = NULL;
+    }
     *ccache = n;
     return ret;
 }
@@ -2411,14 +2412,14 @@ krb5_fcc_ptcursor_free(krb5_context context,
 /*
  * Modifies:
  * change_time
- * 
+ *
  * Effects:
  * Returns the timestamp of id's file modification date.
  * If an error occurs, change_time is set to 0.
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_fcc_last_change_time(krb5_context context, krb5_ccache id,
-            krb5_timestamp *change_time)
+                          krb5_timestamp *change_time)
 {
     krb5_error_code kret = KRB5_OK;
     krb5_fcc_data *data = (krb5_fcc_data *) id->data;
@@ -2429,7 +2430,7 @@ krb5_fcc_last_change_time(krb5_context context, krb5_ccache id,
 }
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_lock(krb5_context context,
-            krb5_ccache id)
+                                                   krb5_ccache id)
 {
     krb5_error_code ret = 0;
     krb5_fcc_data *data = (krb5_fcc_data *) id->data;
@@ -2438,7 +2439,7 @@ static krb5_error_code KRB5_CALLCONV krb5_fcc_lock(krb5_context context,
 }
 
 static krb5_error_code KRB5_CALLCONV krb5_fcc_unlock(krb5_context context,
-            krb5_ccache id)
+                                                     krb5_ccache id)
 {
     krb5_error_code ret = 0;
     krb5_fcc_data *data = (krb5_fcc_data *) id->data;
@@ -2448,7 +2449,7 @@ static krb5_error_code KRB5_CALLCONV krb5_fcc_unlock(krb5_context context,
 
 static krb5_error_code
 krb5_fcc_data_last_change_time(krb5_context context, krb5_fcc_data *data,
-            krb5_timestamp *change_time)
+                               krb5_timestamp *change_time)
 {
     krb5_error_code kret = KRB5_OK;
     register int ret;
@@ -2480,8 +2481,8 @@ krb5_fcc_interpret(krb5_context context, int errnum)
     register krb5_error_code retval;
     switch (errnum) {
     case ENOENT:
-	retval = KRB5_FCC_NOFILE;
-	break;
+        retval = KRB5_FCC_NOFILE;
+        break;
     case EPERM:
     case EACCES:
 #ifdef EISDIR
@@ -2496,10 +2497,10 @@ krb5_fcc_interpret(krb5_context context, int errnum)
 #endif
     case EBUSY:
     case EROFS:
-	retval = KRB5_FCC_PERM;
-	break;
+        retval = KRB5_FCC_PERM;
+        break;
     case EINVAL:
-    case EEXIST:			/* XXX */
+    case EEXIST:                        /* XXX */
     case EFAULT:
     case EBADF:
 #ifdef ENAMETOOLONG
@@ -2508,8 +2509,8 @@ krb5_fcc_interpret(krb5_context context, int errnum)
 #ifdef EWOULDBLOCK
     case EWOULDBLOCK:
 #endif
-	retval = KRB5_FCC_INTERNAL;
-	break;
+        retval = KRB5_FCC_INTERNAL;
+        break;
 #ifdef EDQUOT
     case EDQUOT:
 #endif
@@ -2519,40 +2520,40 @@ krb5_fcc_interpret(krb5_context context, int errnum)
     case EMFILE:
     case ENXIO:
     default:
-	retval = KRB5_CC_IO;		/* XXX */
-	krb5_set_error_message(context, retval,
-			       "Credentials cache I/O operation failed (%s)",
-			       strerror(errnum));
+        retval = KRB5_CC_IO;            /* XXX */
+        krb5_set_error_message(context, retval,
+                               "Credentials cache I/O operation failed (%s)",
+                               strerror(errnum));
     }
     return retval;
 }
 
 const krb5_cc_ops krb5_fcc_ops = {
-     0,
-     "FILE",
-     krb5_fcc_get_name,
-     krb5_fcc_resolve,
-     krb5_fcc_generate_new,
-     krb5_fcc_initialize,
-     krb5_fcc_destroy,
-     krb5_fcc_close,
-     krb5_fcc_store,
-     krb5_fcc_retrieve,
-     krb5_fcc_get_principal,
-     krb5_fcc_start_seq_get,
-     krb5_fcc_next_cred,
-     krb5_fcc_end_seq_get,
-     krb5_fcc_remove_cred,
-     krb5_fcc_set_flags,
-     krb5_fcc_get_flags,
-     krb5_fcc_ptcursor_new,
-     krb5_fcc_ptcursor_next,
-     krb5_fcc_ptcursor_free,
-     NULL, /* move */
-     krb5_fcc_last_change_time,
-     NULL, /* wasdefault */
-     krb5_fcc_lock,
-     krb5_fcc_unlock,
+    0,
+    "FILE",
+    krb5_fcc_get_name,
+    krb5_fcc_resolve,
+    krb5_fcc_generate_new,
+    krb5_fcc_initialize,
+    krb5_fcc_destroy,
+    krb5_fcc_close,
+    krb5_fcc_store,
+    krb5_fcc_retrieve,
+    krb5_fcc_get_principal,
+    krb5_fcc_start_seq_get,
+    krb5_fcc_next_cred,
+    krb5_fcc_end_seq_get,
+    krb5_fcc_remove_cred,
+    krb5_fcc_set_flags,
+    krb5_fcc_get_flags,
+    krb5_fcc_ptcursor_new,
+    krb5_fcc_ptcursor_next,
+    krb5_fcc_ptcursor_free,
+    NULL, /* move */
+    krb5_fcc_last_change_time,
+    NULL, /* wasdefault */
+    krb5_fcc_lock,
+    krb5_fcc_unlock,
 };
 
 #if defined(_WIN32)
@@ -2561,10 +2562,10 @@ const krb5_cc_ops krb5_fcc_ops = {
  * A notification message is is posted out to all top level
  * windows so that they may recheck the cache based on the
  * changes made.  We register a unique message type with which
- * we'll communicate to all other processes. 
+ * we'll communicate to all other processes.
  */
 
-krb5_error_code 
+krb5_error_code
 krb5_change_cache (void) {
 
     PostMessage(HWND_BROADCAST, krb5_get_notification_message(), 0, 0);
@@ -2597,29 +2598,29 @@ krb5_get_notification_message (void)
 #endif /* _WIN32 */
 
 const krb5_cc_ops krb5_cc_file_ops = {
-     0,
-     "FILE",
-     krb5_fcc_get_name,
-     krb5_fcc_resolve,
-     krb5_fcc_generate_new,
-     krb5_fcc_initialize,
-     krb5_fcc_destroy,
-     krb5_fcc_close,
-     krb5_fcc_store,
-     krb5_fcc_retrieve,
-     krb5_fcc_get_principal,
-     krb5_fcc_start_seq_get,
-     krb5_fcc_next_cred,
-     krb5_fcc_end_seq_get,
-     krb5_fcc_remove_cred,
-     krb5_fcc_set_flags,
-     krb5_fcc_get_flags,
-     krb5_fcc_ptcursor_new,
-     krb5_fcc_ptcursor_next,
-     krb5_fcc_ptcursor_free,
-     NULL, /* move */
-     krb5_fcc_last_change_time,
-     NULL, /* wasdefault */
-     krb5_fcc_lock,
-     krb5_fcc_unlock,
+    0,
+    "FILE",
+    krb5_fcc_get_name,
+    krb5_fcc_resolve,
+    krb5_fcc_generate_new,
+    krb5_fcc_initialize,
+    krb5_fcc_destroy,
+    krb5_fcc_close,
+    krb5_fcc_store,
+    krb5_fcc_retrieve,
+    krb5_fcc_get_principal,
+    krb5_fcc_start_seq_get,
+    krb5_fcc_next_cred,
+    krb5_fcc_end_seq_get,
+    krb5_fcc_remove_cred,
+    krb5_fcc_set_flags,
+    krb5_fcc_get_flags,
+    krb5_fcc_ptcursor_new,
+    krb5_fcc_ptcursor_next,
+    krb5_fcc_ptcursor_free,
+    NULL, /* move */
+    krb5_fcc_last_change_time,
+    NULL, /* wasdefault */
+    krb5_fcc_lock,
+    krb5_fcc_unlock,
 };
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index 9353fd497..9841ed5fc 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/cc_keyring.c
  *
@@ -40,7 +41,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -61,13 +62,13 @@
  *
  * Some assumptions:
  *
- *	- A credentials cache "file" == a keyring with separate keys
- *	  for the information in the ccache (see below)
- *	- A credentials cache keyring will contain only keys,
- *	  not other keyrings
- *	- Each Kerberos ticket will have its own key within the ccache keyring
- *	- The principal information for the ccache is stored in a
- *	  special key, which is not counted in the 'numkeys' count
+ *      - A credentials cache "file" == a keyring with separate keys
+ *        for the information in the ccache (see below)
+ *      - A credentials cache keyring will contain only keys,
+ *        not other keyrings
+ *      - Each Kerberos ticket will have its own key within the ccache keyring
+ *      - The principal information for the ccache is stored in a
+ *        special key, which is not counted in the 'numkeys' count
  */
 
 #include "cc-int.h"
@@ -78,24 +79,24 @@
 #include <keyutils.h>
 
 #ifdef DEBUG
-#define KRCC_DEBUG	    1
+#define KRCC_DEBUG          1
 #endif
 
 #if KRCC_DEBUG
-void debug_print(char *fmt, ...);	/* prototype to silence warning */
+void debug_print(char *fmt, ...);       /* prototype to silence warning */
 #include <syslog.h>
 #define DEBUG_PRINT(x) debug_print x
 void
 debug_print(char *fmt, ...)
 {
-	va_list ap;
-	va_start(ap, fmt);
+    va_list ap;
+    va_start(ap, fmt);
 #ifdef DEBUG_STDERR
-	vfprintf(stderr, fmt, ap);
+    vfprintf(stderr, fmt, ap);
 #else
-	vsyslog(LOG_ERR, fmt, ap);
+    vsyslog(LOG_ERR, fmt, ap);
 #endif
-	va_end(ap);
+    va_end(ap);
 }
 #else
 #define DEBUG_PRINT(x)
@@ -145,9 +146,9 @@ debug_print(char *fmt, ...)
 /* Hopefully big enough to hold a serialized credential */
 #define GUESS_CRED_SIZE 4096
 
-#define ALLOC(NUM,TYPE) \
-    (((NUM) <= (((size_t)0-1)/ sizeof(TYPE)))           \
-     ? (TYPE *) calloc((NUM), sizeof(TYPE))             \
+#define ALLOC(NUM,TYPE)                         \
+    (((NUM) <= (((size_t)0-1)/ sizeof(TYPE)))   \
+     ? (TYPE *) calloc((NUM), sizeof(TYPE))     \
      : (errno = ENOMEM,(TYPE *) 0))
 
 #define CHECK_N_GO(ret, errdest) if (ret != KRB5_OK) goto errdest
@@ -155,9 +156,9 @@ debug_print(char *fmt, ...)
 #define CHECK_OUT(ret) if (ret != KRB5_OK) return ret
 
 typedef struct krb5_krcc_ring_ids {
-    key_serial_t	session;
-    key_serial_t	process;
-    key_serial_t	thread;
+    key_serial_t        session;
+    key_serial_t        process;
+    key_serial_t        thread;
 } krb5_krcc_ring_ids_t;
 
 typedef struct _krb5_krcc_cursor
@@ -176,13 +177,13 @@ typedef struct _krb5_krcc_cursor
  */
 typedef struct _krb5_krcc_data
 {
-    char   *name;		/* Name for this credentials cache */
-    k5_cc_mutex lock;		/* synchronization */
-    key_serial_t parent_id;	/* parent keyring of this ccache keyring */
-    key_serial_t ring_id;	/* keyring representing ccache */
-    key_serial_t princ_id;	/* key holding principal info */
-    int     numkeys;		/* # of keys in this ring
-				 * (does NOT include principal info) */
+    char   *name;               /* Name for this credentials cache */
+    k5_cc_mutex lock;           /* synchronization */
+    key_serial_t parent_id;     /* parent keyring of this ccache keyring */
+    key_serial_t ring_id;       /* keyring representing ccache */
+    key_serial_t princ_id;      /* key holding principal info */
+    int     numkeys;            /* # of keys in this ring
+                                 * (does NOT include principal info) */
     krb5_timestamp changetime;
 } krb5_krcc_data;
 
@@ -203,154 +204,154 @@ k5_cc_mutex krb5int_krcc_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER;
 extern const krb5_cc_ops krb5_krcc_ops;
 
 static const char *KRB5_CALLCONV krb5_krcc_get_name
-    (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_resolve
-    (krb5_context, krb5_ccache * id, const char *residual);
+(krb5_context, krb5_ccache * id, const char *residual);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_generate_new
-    (krb5_context, krb5_ccache * id);
+(krb5_context, krb5_ccache * id);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_initialize
-    (krb5_context, krb5_ccache id, krb5_principal princ);
+(krb5_context, krb5_ccache id, krb5_principal princ);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_destroy
-    (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_close
-    (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_store
-    (krb5_context, krb5_ccache id, krb5_creds * creds);
+(krb5_context, krb5_ccache id, krb5_creds * creds);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_retrieve
-    (krb5_context, krb5_ccache id, krb5_flags whichfields,
-     krb5_creds * mcreds, krb5_creds * creds);
+(krb5_context, krb5_ccache id, krb5_flags whichfields,
+ krb5_creds * mcreds, krb5_creds * creds);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_get_principal
-    (krb5_context, krb5_ccache id, krb5_principal * princ);
+(krb5_context, krb5_ccache id, krb5_principal * princ);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_start_seq_get
-    (krb5_context, krb5_ccache id, krb5_cc_cursor * cursor);
+(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_next_cred
-    (krb5_context, krb5_ccache id, krb5_cc_cursor * cursor,
-     krb5_creds * creds);
+(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor,
+ krb5_creds * creds);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_end_seq_get
-    (krb5_context, krb5_ccache id, krb5_cc_cursor * cursor);
+(krb5_context, krb5_ccache id, krb5_cc_cursor * cursor);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_remove_cred
-    (krb5_context context, krb5_ccache cache, krb5_flags flags,
-     krb5_creds * creds);
+(krb5_context context, krb5_ccache cache, krb5_flags flags,
+ krb5_creds * creds);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_set_flags
-    (krb5_context, krb5_ccache id, krb5_flags flags);
+(krb5_context, krb5_ccache id, krb5_flags flags);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_get_flags
-    (krb5_context context, krb5_ccache id, krb5_flags * flags);
+(krb5_context context, krb5_ccache id, krb5_flags * flags);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_last_change_time
-    (krb5_context, krb5_ccache, krb5_timestamp *);
+(krb5_context, krb5_ccache, krb5_timestamp *);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_lock
-    (krb5_context context, krb5_ccache id);
+(krb5_context context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_krcc_unlock
-    (krb5_context context, krb5_ccache id);
+(krb5_context context, krb5_ccache id);
 
 /*
  * Internal utility functions
  */
 
 static krb5_error_code krb5_krcc_clearcache
-    (krb5_context context, krb5_ccache id);
+(krb5_context context, krb5_ccache id);
 
 static krb5_error_code krb5_krcc_new_data
-    (const char *, key_serial_t ring, key_serial_t parent_ring,
-     krb5_krcc_data **);
+(const char *, key_serial_t ring, key_serial_t parent_ring,
+ krb5_krcc_data **);
 
 static krb5_error_code krb5_krcc_save_principal
-    (krb5_context context, krb5_ccache id, krb5_principal princ);
+(krb5_context context, krb5_ccache id, krb5_principal princ);
 
 static krb5_error_code krb5_krcc_retrieve_principal
-    (krb5_context context, krb5_ccache id, krb5_principal * princ);
+(krb5_context context, krb5_ccache id, krb5_principal * princ);
 
 static int krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p);
 
 /* Routines to parse a key from a keyring into a cred structure */
 static krb5_error_code krb5_krcc_parse
-    (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len,
-     krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_cred
-    (krb5_context context, krb5_ccache id, krb5_creds * creds,
-     char *payload, int psize);
+(krb5_context context, krb5_ccache id, krb5_creds * creds,
+ char *payload, int psize);
 static krb5_error_code krb5_krcc_parse_principal
-    (krb5_context context, krb5_ccache id, krb5_principal * princ,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_principal * princ,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_keyblock
-    (krb5_context context, krb5_ccache id, krb5_keyblock * keyblock,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_keyblock * keyblock,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_times
-    (krb5_context context, krb5_ccache id, krb5_ticket_times * t,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_ticket_times * t,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_krb5data
-    (krb5_context context, krb5_ccache id, krb5_data * data,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_data * data,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_int32
-    (krb5_context context, krb5_ccache id, krb5_int32 * i, krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_int32 * i, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_octet
-    (krb5_context context, krb5_ccache id, krb5_octet * octet,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_octet * octet,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_addrs
-    (krb5_context context, krb5_ccache id, krb5_address *** a,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_address *** a,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_addr
-    (krb5_context context, krb5_ccache id, krb5_address * a,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_address * a,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_authdata
-    (krb5_context context, krb5_ccache id, krb5_authdata *** ad,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_authdata *** ad,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_authdatum
-    (krb5_context context, krb5_ccache id, krb5_authdata * ad,
-     krb5_krcc_bc * bc);
+(krb5_context context, krb5_ccache id, krb5_authdata * ad,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_parse_ui_2
-    (krb5_context, krb5_ccache id, krb5_ui_2 * i, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_ui_2 * i, krb5_krcc_bc * bc);
 
 /* Routines to unparse a cred structure into keyring key */
 static krb5_error_code krb5_krcc_unparse
-    (krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len,
-     krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_pointer buf, unsigned int len,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_cred
-    (krb5_context context, krb5_ccache id, krb5_creds * creds,
-     char **datapp, unsigned int *lenptr);
+(krb5_context context, krb5_ccache id, krb5_creds * creds,
+ char **datapp, unsigned int *lenptr);
 static krb5_error_code krb5_krcc_unparse_principal
-    (krb5_context, krb5_ccache id, krb5_principal princ, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_principal princ, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_keyblock
-    (krb5_context, krb5_ccache id, krb5_keyblock * keyblock,
-     krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_keyblock * keyblock,
+ krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_times
-    (krb5_context, krb5_ccache id, krb5_ticket_times * t, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_ticket_times * t, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_krb5data
-    (krb5_context, krb5_ccache id, krb5_data * data, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_data * data, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_int32
-    (krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_octet
-    (krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_addrs
-    (krb5_context, krb5_ccache, krb5_address ** a, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache, krb5_address ** a, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_addr
-    (krb5_context, krb5_ccache, krb5_address * a, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache, krb5_address * a, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_authdata
-    (krb5_context, krb5_ccache, krb5_authdata ** ad, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache, krb5_authdata ** ad, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_authdatum
-    (krb5_context, krb5_ccache, krb5_authdata * ad, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache, krb5_authdata * ad, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_ui_4
-    (krb5_context, krb5_ccache id, krb5_ui_4 i, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_ui_4 i, krb5_krcc_bc * bc);
 static krb5_error_code krb5_krcc_unparse_ui_2
-    (krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc);
+(krb5_context, krb5_ccache id, krb5_int32 i, krb5_krcc_bc * bc);
 static void krb5_krcc_update_change_time
-    (krb5_krcc_data *);
+(krb5_krcc_data *);
 
 /* Note the following is a stub function for Linux */
 extern krb5_error_code krb5_change_cache(void);
@@ -363,12 +364,12 @@ static int KRB5_CALLCONV
 krb5_krcc_getkeycount(key_serial_t cred_ring)
 {
     int res, nkeys;
-    
+
     res = keyctl_read(cred_ring, NULL, 0);
     if (res > 0)
-	nkeys = (res / sizeof(key_serial_t)) - 1;
+        nkeys = (res / sizeof(key_serial_t)) - 1;
     else
-	nkeys = 0;
+        nkeys = 0;
     return(nkeys);
 }
 
@@ -387,7 +388,7 @@ krb5_krcc_getkeycount(key_serial_t cred_ring)
 
 static krb5_error_code KRB5_CALLCONV
 krb5_krcc_initialize(krb5_context context, krb5_ccache id,
-		     krb5_principal princ)
+                     krb5_principal princ)
 {
     krb5_error_code kret;
 
@@ -395,15 +396,15 @@ krb5_krcc_initialize(krb5_context context, krb5_ccache id,
 
     kret = k5_cc_mutex_lock(context, &((krb5_krcc_data *) id->data)->lock);
     if (kret)
-	return kret;
+        return kret;
 
     kret = krb5_krcc_clearcache(context, id);
     if (kret != KRB5_OK)
-	goto out;
+        goto out;
 
     kret = krb5_krcc_save_principal(context, id, princ);
     if (kret == KRB5_OK)
-	krb5_change_cache();
+        krb5_change_cache();
 
 out:
     k5_cc_mutex_unlock(context, &((krb5_krcc_data *) id->data)->lock);
@@ -462,11 +463,11 @@ krb5_krcc_clearcache(krb5_context context, krb5_ccache id)
     d = (krb5_krcc_data *) id->data;
 
     DEBUG_PRINT(("krb5_krcc_clearcache: ring_id %d, princ_id %d, "
-		 "numkeys is %d\n", d->ring_id, d->princ_id, d->numkeys));
+                 "numkeys is %d\n", d->ring_id, d->princ_id, d->numkeys));
 
     res = keyctl_clear(d->ring_id);
     if (res != 0) {
-	return errno;
+        return errno;
     }
     d->numkeys = 0;
     d->princ_id = 0;
@@ -495,16 +496,16 @@ krb5_krcc_destroy(krb5_context context, krb5_ccache id)
 
     kret = k5_cc_mutex_lock(context, &d->lock);
     if (kret)
-	return kret;
+        return kret;
 
     krb5_krcc_clearcache(context, id);
     free(d->name);
     res = keyctl_unlink(d->ring_id, d->parent_id);
     if (res < 0) {
-	kret = errno;
-	DEBUG_PRINT(("krb5_krcc_destroy: unlinking key %d from ring %d: %s",
-		     d->ring_id, d->parent_id, error_message(errno)));
-	goto cleanup;
+        kret = errno;
+        DEBUG_PRINT(("krb5_krcc_destroy: unlinking key %d from ring %d: %s",
+                     d->ring_id, d->parent_id, error_message(errno)));
+        goto cleanup;
     }
 cleanup:
     k5_cc_mutex_unlock(context, &d->lock);
@@ -553,28 +554,28 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache * id, const char *full_resid
     const char *residual;
 
     DEBUG_PRINT(("krb5_krcc_resolve: entered with name '%s'\n",
-		 full_residual));
+                 full_residual));
 
     res = krb5_krcc_get_ring_ids(&ids);
     if (res) {
-	kret = EINVAL;
-	DEBUG_PRINT(("krb5_krcc_resolve: Error getting ring id values!\n"));
-	return kret;
+        kret = EINVAL;
+        DEBUG_PRINT(("krb5_krcc_resolve: Error getting ring id values!\n"));
+        return kret;
     }
 
     if (strncmp(full_residual, "thread:", 7) == 0) {
-	residual = full_residual + 7;
-	ring_id = ids.thread;
+        residual = full_residual + 7;
+        ring_id = ids.thread;
     } else if (strncmp(full_residual, "process:", 8) == 0) {
-	residual = full_residual + 8;
-	ring_id = ids.process;
+        residual = full_residual + 8;
+        ring_id = ids.process;
     } else {
-	residual = full_residual;
-	ring_id = ids.session;
+        residual = full_residual;
+        ring_id = ids.session;
     }
 
     DEBUG_PRINT(("krb5_krcc_resolve: searching ring %d for residual '%s'\n",
-    		ring_id, residual));
+                 ring_id, residual));
 
     /*
      * Use keyctl_search instead of request_key. If we're supposed
@@ -587,46 +588,46 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache * id, const char *full_resid
      */
     key = keyctl_search(ring_id, KRCC_KEY_TYPE_KEYRING, residual, 0);
     if (key < 0) {
-	key = add_key(KRCC_KEY_TYPE_KEYRING, residual, NULL, 0, ring_id);
-	if (key < 0) {
-	    kret = errno;
-	    DEBUG_PRINT(("krb5_krcc_resolve: Error adding new "
-			 "keyring '%s': %s\n", residual, strerror(errno)));
-	    return kret;
-	}
-	DEBUG_PRINT(("krb5_krcc_resolve: new keyring '%s', "
-			"key %d, added to keyring %d\n",
-			residual, key, ring_id));
+        key = add_key(KRCC_KEY_TYPE_KEYRING, residual, NULL, 0, ring_id);
+        if (key < 0) {
+            kret = errno;
+            DEBUG_PRINT(("krb5_krcc_resolve: Error adding new "
+                         "keyring '%s': %s\n", residual, strerror(errno)));
+            return kret;
+        }
+        DEBUG_PRINT(("krb5_krcc_resolve: new keyring '%s', "
+                     "key %d, added to keyring %d\n",
+                     residual, key, ring_id));
     } else {
-	DEBUG_PRINT(("krb5_krcc_resolve: found existing "
-			"key %d, with name '%s' in keyring %d\n",
-			key, residual, ring_id));
-	/* Determine key containing principal information */
-	pkey = keyctl_search(key, KRCC_KEY_TYPE_USER,
-			     KRCC_SPEC_PRINC_KEYNAME, 0);
-	if (pkey < 0) {
-	    DEBUG_PRINT(("krb5_krcc_resolve: Error locating principal "
-			 "info for existing ccache in ring %d: %s\n",
-			 key, strerror(errno)));
-	    pkey = 0;
-	}
-	/* Determine how many keys exist */
-	nkeys = krb5_krcc_getkeycount(key);
+        DEBUG_PRINT(("krb5_krcc_resolve: found existing "
+                     "key %d, with name '%s' in keyring %d\n",
+                     key, residual, ring_id));
+        /* Determine key containing principal information */
+        pkey = keyctl_search(key, KRCC_KEY_TYPE_USER,
+                             KRCC_SPEC_PRINC_KEYNAME, 0);
+        if (pkey < 0) {
+            DEBUG_PRINT(("krb5_krcc_resolve: Error locating principal "
+                         "info for existing ccache in ring %d: %s\n",
+                         key, strerror(errno)));
+            pkey = 0;
+        }
+        /* Determine how many keys exist */
+        nkeys = krb5_krcc_getkeycount(key);
     }
 
     lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
     if (lid == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
 
     kret = krb5_krcc_new_data(residual, key, ring_id, &d);
     if (kret) {
-	free(lid);
-	return kret;
+        free(lid);
+        return kret;
     }
 
     DEBUG_PRINT(("krb5_krcc_resolve: ring_id %d, princ_id %d, "
-		 "nkeys %d\n", key, pkey, nkeys));
+                 "nkeys %d\n", key, pkey, nkeys));
     d->princ_id = pkey;
     d->numkeys = nkeys;
     lid->ops = &krb5_krcc_ops;
@@ -651,7 +652,7 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache * id, const char *full_resid
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id,
-			krb5_cc_cursor * cursor)
+                        krb5_cc_cursor * cursor)
 {
     krb5_krcc_cursor krcursor;
     krb5_error_code kret;
@@ -664,7 +665,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id,
     d = id->data;
     kret = k5_cc_mutex_lock(context, &d->lock);
     if (kret)
-	return kret;
+        return kret;
 
     /*
      * Determine how many keys currently exist and update numkeys.
@@ -677,19 +678,19 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id,
 
     krcursor = (krb5_krcc_cursor) malloc(size);
     if (krcursor == NULL) {
-	k5_cc_mutex_unlock(context, &d->lock);
-	return KRB5_CC_NOMEM;
+        k5_cc_mutex_unlock(context, &d->lock);
+        return KRB5_CC_NOMEM;
     }
 
     krcursor->keys = (key_serial_t *) ((char *) krcursor + sizeof(*krcursor));
     res = keyctl_read(d->ring_id, (char *) krcursor->keys,
-		      ((d->numkeys + 1) * sizeof(key_serial_t)));
+                      ((d->numkeys + 1) * sizeof(key_serial_t)));
     if (res < 0 || res > ((d->numkeys + 1) * sizeof(key_serial_t))) {
-	DEBUG_PRINT(("Read %d bytes from keyring, numkeys %d: %s\n",
-		     res, d->numkeys, strerror(errno)));
-	free(krcursor);
-	k5_cc_mutex_unlock(context, &d->lock);
-	return KRB5_CC_IO;
+        DEBUG_PRINT(("Read %d bytes from keyring, numkeys %d: %s\n",
+                     res, d->numkeys, strerror(errno)));
+        free(krcursor);
+        k5_cc_mutex_unlock(context, &d->lock);
+        return KRB5_CC_IO;
     }
 
     krcursor->numkeys = d->numkeys;
@@ -723,7 +724,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id,
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_krcc_next_cred(krb5_context context, krb5_ccache id,
-		    krb5_cc_cursor * cursor, krb5_creds * creds)
+                    krb5_cc_cursor * cursor, krb5_creds * creds)
 {
     krb5_krcc_cursor krcursor;
     krb5_error_code kret;
@@ -738,35 +739,35 @@ krb5_krcc_next_cred(krb5_context context, krb5_ccache id,
      */
     krcursor = (krb5_krcc_cursor) * cursor;
     if (krcursor == NULL)
-	return KRB5_CC_END;
+        return KRB5_CC_END;
     memset(creds, 0, sizeof(krb5_creds));
 
     /* If we're pointing past the end of the keys array, there are no more */
     if (krcursor->currkey > krcursor->numkeys)
-	return KRB5_CC_END;
+        return KRB5_CC_END;
 
     /* If we're pointing at the entry with the principal, skip it */
     if (krcursor->keys[krcursor->currkey] == krcursor->princ_id) {
-	krcursor->currkey++;
-	/* Check if we have now reached the end */
-	if (krcursor->currkey > krcursor->numkeys)
-	  return KRB5_CC_END;
+        krcursor->currkey++;
+        /* Check if we have now reached the end */
+        if (krcursor->currkey > krcursor->numkeys)
+            return KRB5_CC_END;
     }
 
     /* Read the key, the right size buffer will ba allocated and returned */
     psize = keyctl_read_alloc(krcursor->keys[krcursor->currkey], &payload);
     if (psize == -1) {
-	DEBUG_PRINT(("Error reading key %d: %s\n",
-		     krcursor->keys[krcursor->currkey],
-		     strerror(errno)));
-	kret = KRB5_FCC_NOFILE;
-	goto freepayload;
+        DEBUG_PRINT(("Error reading key %d: %s\n",
+                     krcursor->keys[krcursor->currkey],
+                     strerror(errno)));
+        kret = KRB5_FCC_NOFILE;
+        goto freepayload;
     }
     krcursor->currkey++;
 
     kret = krb5_krcc_parse_cred(context, id, creds, payload, psize);
 
-  freepayload:
+freepayload:
     if (payload) free(payload);
     return kret;
 }
@@ -786,7 +787,7 @@ krb5_krcc_next_cred(krb5_context context, krb5_ccache id,
 /* ARGSUSED */
 static krb5_error_code KRB5_CALLCONV
 krb5_krcc_end_seq_get(krb5_context context, krb5_ccache id,
-		      krb5_cc_cursor * cursor)
+                      krb5_cc_cursor * cursor)
 {
     DEBUG_PRINT(("krb5_krcc_end_seq_get: entered\n"));
 
@@ -800,26 +801,26 @@ krb5_krcc_end_seq_get(krb5_context context, krb5_ccache id,
    Call with the global list lock held.  */
 static  krb5_error_code
 krb5_krcc_new_data(const char *name, key_serial_t ring,
-		   key_serial_t parent_ring, krb5_krcc_data ** datapp)
+                   key_serial_t parent_ring, krb5_krcc_data ** datapp)
 {
     krb5_error_code kret;
     krb5_krcc_data *d;
 
     d = malloc(sizeof(krb5_krcc_data));
     if (d == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     kret = k5_cc_mutex_init(&d->lock);
     if (kret) {
-	free(d);
-	return kret;
+        free(d);
+        return kret;
     }
 
     d->name = strdup(name);
     if (d->name == NULL) {
-	k5_cc_mutex_destroy(&d->lock);
-	free(d);
-	return KRB5_CC_NOMEM;
+        k5_cc_mutex_destroy(&d->lock);
+        free(d);
+        return KRB5_CC_NOMEM;
     }
     d->princ_id = 0;
     d->ring_id = ring;
@@ -859,14 +860,14 @@ krb5_krcc_generate_new(krb5_context context, krb5_ccache * id)
     /* Allocate memory */
     lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
     if (lid == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     lid->ops = &krb5_krcc_ops;
 
     kret = k5_cc_mutex_lock(context, &krb5int_krcc_mutex);
     if (kret) {
-	free(lid);
-	return kret;
+        free(lid);
+        return kret;
     }
 
 /* XXX These values are platform-specific and should not be here! */
@@ -889,36 +890,36 @@ krb5_krcc_generate_new(krb5_context context, krb5_ccache * id)
      * a unique name, or we get an error.
      */
     while (1) {
-	kret = krb5int_random_string(context, uniquename, sizeof(uniquename));
+        kret = krb5int_random_string(context, uniquename, sizeof(uniquename));
         if (kret) {
             k5_cc_mutex_unlock(context, &krb5int_krcc_mutex);
             free(lid);
             return kret;
-	}
-
-	DEBUG_PRINT(("krb5_krcc_generate_new: searching for name '%s'\n",
-		     uniquename));
-	key = keyctl_search(ring_id, KRCC_KEY_TYPE_KEYRING, uniquename, 0);
-/*XXX*/ DEBUG_PRINT(("krb5_krcc_generate_new: after searching for '%s', key = %d, errno = %d\n", uniquename, key, errno));
-	if (key < 0 && errno == ENOKEY) {
-	    /* name does not already exist, create it to reserve the name */
-	    key = add_key(KRCC_KEY_TYPE_KEYRING, uniquename, NULL, 0, ring_id);
-	    if (key < 0) {
-		kret = errno;
-		DEBUG_PRINT(("krb5_krcc_generate_new: '%s' trying to "
-			     "create '%s'\n", strerror(errno), uniquename));
-		k5_cc_mutex_unlock(context, &krb5int_krcc_mutex);
-		return kret;
-	    }
-	    break;
-	}
+        }
+
+        DEBUG_PRINT(("krb5_krcc_generate_new: searching for name '%s'\n",
+                     uniquename));
+        key = keyctl_search(ring_id, KRCC_KEY_TYPE_KEYRING, uniquename, 0);
+        /*XXX*/ DEBUG_PRINT(("krb5_krcc_generate_new: after searching for '%s', key = %d, errno = %d\n", uniquename, key, errno));
+        if (key < 0 && errno == ENOKEY) {
+            /* name does not already exist, create it to reserve the name */
+            key = add_key(KRCC_KEY_TYPE_KEYRING, uniquename, NULL, 0, ring_id);
+            if (key < 0) {
+                kret = errno;
+                DEBUG_PRINT(("krb5_krcc_generate_new: '%s' trying to "
+                             "create '%s'\n", strerror(errno), uniquename));
+                k5_cc_mutex_unlock(context, &krb5int_krcc_mutex);
+                return kret;
+            }
+            break;
+        }
     }
-	    
+
     kret = krb5_krcc_new_data(uniquename, key, ring_id, &d);
     k5_cc_mutex_unlock(context, &krb5int_krcc_mutex);
     if (kret) {
-	free(lid);
-	return kret;
+        free(lid);
+        return kret;
     }
     lid->data = d;
     *id = lid;
@@ -955,7 +956,7 @@ krb5_krcc_get_name(krb5_context context, krb5_ccache id)
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_krcc_get_principal(krb5_context context, krb5_ccache id,
-			krb5_principal * princ)
+                        krb5_principal * princ)
 {
     DEBUG_PRINT(("krb5_krcc_get_principal: entered\n"));
 
@@ -964,13 +965,13 @@ krb5_krcc_get_principal(krb5_context context, krb5_ccache id,
 
 static krb5_error_code KRB5_CALLCONV
 krb5_krcc_retrieve(krb5_context context, krb5_ccache id,
-		   krb5_flags whichfields, krb5_creds * mcreds,
-		   krb5_creds * creds)
+                   krb5_flags whichfields, krb5_creds * mcreds,
+                   krb5_creds * creds)
 {
     DEBUG_PRINT(("krb5_krcc_retrieve: entered\n"));
 
     return krb5_cc_retrieve_cred_default(context, id, whichfields,
-					 mcreds, creds);
+                                         mcreds, creds);
 }
 
 /*
@@ -981,7 +982,7 @@ krb5_krcc_retrieve(krb5_context context, krb5_ccache id,
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_krcc_remove_cred(krb5_context context, krb5_ccache cache,
-		      krb5_flags flags, krb5_creds * creds)
+                      krb5_flags flags, krb5_creds * creds)
 {
     DEBUG_PRINT(("krb5_krcc_remove_cred: entered (returning KRB5_CC_NOSUPP)\n"));
 
@@ -1031,54 +1032,54 @@ krb5_krcc_store(krb5_context context, krb5_ccache id, krb5_creds * creds)
 
     kret = k5_cc_mutex_lock(context, &d->lock);
     if (kret)
-	return kret;
+        return kret;
 
     /* Get the service principal name and use it as the key name */
     kret = krb5_unparse_name(context, creds->server, &keyname);
     if (kret) {
-	DEBUG_PRINT(("Error unparsing service principal name!\n"));
-	goto errout;
+        DEBUG_PRINT(("Error unparsing service principal name!\n"));
+        goto errout;
     }
 
     /* Serialize credential into memory */
     kret = krb5_krcc_unparse_cred(context, id, creds, &payload, &payloadlen);
     if (kret != KRB5_OK)
-	goto errout;
+        goto errout;
 
     /* Add new key (credentials) into keyring */
     DEBUG_PRINT(("krb5_krcc_store: adding new key '%s' to keyring %d\n",
-			keyname, d->ring_id));
+                 keyname, d->ring_id));
     newkey = add_key(KRCC_KEY_TYPE_USER, keyname, payload,
-		     payloadlen, d->ring_id);
+                     payloadlen, d->ring_id);
     if (newkey < 0) {
-	kret = errno;
-	DEBUG_PRINT(("Error adding user key '%s': %s\n",
-		     keyname, strerror(kret)));
+        kret = errno;
+        DEBUG_PRINT(("Error adding user key '%s': %s\n",
+                     keyname, strerror(kret)));
     } else {
-	d->numkeys++;
-	kret = KRB5_OK;
-	krb5_krcc_update_change_time(d);
+        d->numkeys++;
+        kret = KRB5_OK;
+        krb5_krcc_update_change_time(d);
     }
 
-  errout:
+errout:
     if (keyname)
-	krb5_free_unparsed_name(context, keyname);
+        krb5_free_unparsed_name(context, keyname);
     if (payload)
-	free(payload);
+        free(payload);
 
     k5_cc_mutex_unlock(context, &d->lock);
     return kret;
 }
 
-static krb5_error_code KRB5_CALLCONV 
-krb5_krcc_last_change_time(krb5_context context, krb5_ccache id, 
-			   krb5_timestamp *change_time)
+static krb5_error_code KRB5_CALLCONV
+krb5_krcc_last_change_time(krb5_context context, krb5_ccache id,
+                           krb5_timestamp *change_time)
 {
     krb5_error_code ret = 0;
     krb5_krcc_data *data = (krb5_krcc_data *) id->data;
-    
+
     *change_time = 0;
-    
+
     ret = k5_cc_mutex_lock(context, &data->lock);
     if (!ret) {
         *change_time = data->changetime;
@@ -1088,7 +1089,7 @@ krb5_krcc_last_change_time(krb5_context context, krb5_ccache id,
     return ret;
 }
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_krcc_lock(krb5_context context, krb5_ccache id)
 {
     krb5_error_code ret = 0;
@@ -1097,7 +1098,7 @@ krb5_krcc_lock(krb5_context context, krb5_ccache id)
     return ret;
 }
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_krcc_unlock(krb5_context context, krb5_ccache id)
 {
     krb5_error_code ret = 0;
@@ -1109,7 +1110,7 @@ krb5_krcc_unlock(krb5_context context, krb5_ccache id)
 
 static  krb5_error_code
 krb5_krcc_save_principal(krb5_context context, krb5_ccache id,
-			 krb5_principal princ)
+                         krb5_principal princ)
 {
     krb5_krcc_data *d;
     krb5_error_code kret;
@@ -1124,7 +1125,7 @@ krb5_krcc_save_principal(krb5_context context, krb5_ccache id,
 
     payload = malloc(GUESS_CRED_SIZE);
     if (payload == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     bc.bpp = payload;
     bc.endp = payload + GUESS_CRED_SIZE;
@@ -1136,36 +1137,36 @@ krb5_krcc_save_principal(krb5_context context, krb5_ccache id,
     payloadsize = bc.bpp - payload;
 #ifdef KRCC_DEBUG
     {
-	krb5_error_code rc;
-	char *princname = NULL;
-	rc = krb5_unparse_name(context, princ, &princname);
-	DEBUG_PRINT(("krb5_krcc_save_principal: adding new key '%s' "
-		     "to keyring %d for principal '%s'\n",
-		     KRCC_SPEC_PRINC_KEYNAME, d->ring_id,
-		     rc ? "<unknown>" : princname));
-	if (rc == 0)
-	    krb5_free_unparsed_name(context, princname);
+        krb5_error_code rc;
+        char *princname = NULL;
+        rc = krb5_unparse_name(context, princ, &princname);
+        DEBUG_PRINT(("krb5_krcc_save_principal: adding new key '%s' "
+                     "to keyring %d for principal '%s'\n",
+                     KRCC_SPEC_PRINC_KEYNAME, d->ring_id,
+                     rc ? "<unknown>" : princname));
+        if (rc == 0)
+            krb5_free_unparsed_name(context, princname);
     }
 #endif
     newkey = add_key(KRCC_KEY_TYPE_USER, KRCC_SPEC_PRINC_KEYNAME, payload,
-    		     payloadsize, d->ring_id);
+                     payloadsize, d->ring_id);
     if (newkey < 0) {
-	kret = errno;
-	DEBUG_PRINT(("Error adding principal key: %s\n", strerror(kret)));
+        kret = errno;
+        DEBUG_PRINT(("Error adding principal key: %s\n", strerror(kret)));
     } else {
-	d->princ_id = newkey;
-	kret = KRB5_OK;
-	krb5_krcc_update_change_time(d);
+        d->princ_id = newkey;
+        kret = KRB5_OK;
+        krb5_krcc_update_change_time(d);
     }
 
-  errout:
+errout:
     free(payload);
     return kret;
 }
 
 static  krb5_error_code
 krb5_krcc_retrieve_principal(krb5_context context, krb5_ccache id,
-			     krb5_principal * princ)
+                             krb5_principal * princ)
 {
     krb5_krcc_data *d = (krb5_krcc_data *) id->data;
     krb5_error_code kret;
@@ -1175,28 +1176,28 @@ krb5_krcc_retrieve_principal(krb5_context context, krb5_ccache id,
 
     kret = k5_cc_mutex_lock(context, &d->lock);
     if (kret)
-	return kret;
+        return kret;
 
     if (!d->princ_id) {
-	princ = 0L;
-	kret = KRB5_FCC_NOFILE;
-	goto errout;
+        princ = 0L;
+        kret = KRB5_FCC_NOFILE;
+        goto errout;
     }
 
     psize = keyctl_read_alloc(d->princ_id, &payload);
     if (psize == -1) {
-	DEBUG_PRINT(("Reading principal key %d: %s\n",
-		     d->princ_id, strerror(errno)));
-	kret = KRB5_CC_IO;
-	goto errout;
+        DEBUG_PRINT(("Reading principal key %d: %s\n",
+                     d->princ_id, strerror(errno)));
+        kret = KRB5_CC_IO;
+        goto errout;
     }
     bc.bpp = payload;
     bc.endp = (char *)payload + psize;
     kret = krb5_krcc_parse_principal(context, id, princ, &bc);
 
-  errout:
+errout:
     if (payload)
-	free(payload);
+        free(payload);
     k5_cc_mutex_unlock(context, &d->lock);
     return kret;
 }
@@ -1212,7 +1213,7 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p)
     DEBUG_PRINT(("krb5_krcc_get_ring_ids: entered\n"));
 
     if (!p)
-	return EINVAL;
+        return EINVAL;
 
     /* Use the defaults in case we find no ids key */
     p->session = KEY_SPEC_SESSION_KEYRING;
@@ -1226,29 +1227,29 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p)
      */
     ids_key = request_key(KRCC_KEY_TYPE_USER, KRCC_SPEC_IDS_KEYNAME, NULL, 0);
     if (ids_key < 0)
-	goto out;
+        goto out;
 
     DEBUG_PRINT(("krb5_krcc_get_ring_ids: processing '%s' key %d\n",
-		KRCC_SPEC_IDS_KEYNAME, ids_key));
+                 KRCC_SPEC_IDS_KEYNAME, ids_key));
     /*
      * Read and parse the ids file
      */
     memset(ids_buf, '\0', sizeof(ids_buf));
     val = keyctl_read(ids_key, ids_buf, sizeof(ids_buf));
     if (val > sizeof(ids_buf))
-	goto out;
+        goto out;
 
     val = sscanf(ids_buf, "%d:%d:%d", &session, &process, &thread);
     if (val != 3)
-	goto out;
+        goto out;
 
     p->session = session;
     p->process = process;
     p->thread = thread;
 
-  out:
+out:
     DEBUG_PRINT(("krb5_krcc_get_ring_ids: returning %d:%d:%d\n",
-		p->session, p->process, p->thread));
+                 p->session, p->process, p->thread));
     return 0;
 }
 
@@ -1273,12 +1274,12 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p)
  */
 static  krb5_error_code
 krb5_krcc_parse(krb5_context context, krb5_ccache id, krb5_pointer buf,
-		unsigned int len, krb5_krcc_bc * bc)
+                unsigned int len, krb5_krcc_bc * bc)
 {
     DEBUG_PRINT(("krb5_krcc_parse: entered\n"));
 
     if ((bc->endp == bc->bpp) || (bc->endp - bc->bpp) < len)
-	return KRB5_CC_END;
+        return KRB5_CC_END;
 
     memcpy(buf, bc->bpp, len);
     bc->bpp += len;
@@ -1292,7 +1293,7 @@ krb5_krcc_parse(krb5_context context, krb5_ccache id, krb5_pointer buf,
  */
 static  krb5_error_code
 krb5_krcc_parse_cred(krb5_context context, krb5_ccache id, krb5_creds * creds,
-		     char *payload, int psize)
+                     char *payload, int psize)
 {
     krb5_error_code kret;
     krb5_octet octet;
@@ -1337,27 +1338,27 @@ krb5_krcc_parse_cred(krb5_context context, krb5_ccache id, krb5_creds * creds,
     kret = KRB5_OK;
     goto out;
 
-  cleanticket:
+cleanticket:
     memset(creds->ticket.data, 0, (unsigned) creds->ticket.length);
     free(creds->ticket.data);
-  cleanauthdata:
+cleanauthdata:
     krb5_free_authdata(context, creds->authdata);
-  cleanaddrs:
+cleanaddrs:
     krb5_free_addresses(context, creds->addresses);
-  cleanblock:
+cleanblock:
     free(creds->keyblock.contents);
-  cleanserver:
+cleanserver:
     krb5_free_principal(context, creds->server);
-  cleanclient:
+cleanclient:
     krb5_free_principal(context, creds->client);
 
-  out:
+out:
     return kret;
 }
 
 static  krb5_error_code
 krb5_krcc_parse_principal(krb5_context context, krb5_ccache id,
-			  krb5_principal * princ, krb5_krcc_bc * bc)
+                          krb5_principal * princ, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     register krb5_principal tmpprinc;
@@ -1367,53 +1368,53 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id,
     /* Read principal type */
     kret = krb5_krcc_parse_int32(context, id, &type, bc);
     if (kret != KRB5_OK)
-	return kret;
+        return kret;
 
     /* Read the number of components */
     kret = krb5_krcc_parse_int32(context, id, &length, bc);
     if (kret != KRB5_OK)
-	return kret;
+        return kret;
 
     if (length < 0)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     tmpprinc = (krb5_principal) malloc(sizeof(krb5_principal_data));
     if (tmpprinc == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
     if (length) {
-	size_t  msize = length;
-	if (msize != length) {
-	    free(tmpprinc);
-	    return KRB5_CC_NOMEM;
-	}
-	tmpprinc->data = ALLOC(msize, krb5_data);
-	if (tmpprinc->data == 0) {
-	    free(tmpprinc);
-	    return KRB5_CC_NOMEM;
-	}
+        size_t  msize = length;
+        if (msize != length) {
+            free(tmpprinc);
+            return KRB5_CC_NOMEM;
+        }
+        tmpprinc->data = ALLOC(msize, krb5_data);
+        if (tmpprinc->data == 0) {
+            free(tmpprinc);
+            return KRB5_CC_NOMEM;
+        }
     } else
-	tmpprinc->data = 0;
+        tmpprinc->data = 0;
     tmpprinc->magic = KV5M_PRINCIPAL;
     tmpprinc->length = length;
     tmpprinc->type = type;
 
     kret = krb5_krcc_parse_krb5data(context, id,
-				    krb5_princ_realm(context, tmpprinc), bc);
+                                    krb5_princ_realm(context, tmpprinc), bc);
     i = 0;
     CHECK(kret);
 
     for (i = 0; i < length; i++) {
-	kret = krb5_krcc_parse_krb5data(context, id,
-					krb5_princ_component(context, tmpprinc,
-							     i), bc);
-	CHECK(kret);
+        kret = krb5_krcc_parse_krb5data(context, id,
+                                        krb5_princ_component(context, tmpprinc,
+                                                             i), bc);
+        CHECK(kret);
     }
     *princ = tmpprinc;
     return KRB5_OK;
 
-  errout:
+errout:
     while (--i >= 0)
-	free(krb5_princ_component(context, tmpprinc, i)->data);
+        free(krb5_princ_component(context, tmpprinc, i)->data);
     free(krb5_princ_realm(context, tmpprinc)->data);
     free(tmpprinc->data);
     free(tmpprinc);
@@ -1422,7 +1423,7 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id,
 
 static  krb5_error_code
 krb5_krcc_parse_keyblock(krb5_context context, krb5_ccache id,
-			 krb5_keyblock * keyblock, krb5_krcc_bc * bc)
+                         krb5_keyblock * keyblock, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_ui_2 ui2;
@@ -1438,31 +1439,31 @@ krb5_krcc_parse_keyblock(krb5_context context, krb5_ccache id,
     kret = krb5_krcc_parse_int32(context, id, &int32, bc);
     CHECK(kret);
     if (int32 < 0)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
     keyblock->length = int32;
     /* Overflow check.  */
     if (keyblock->length != int32)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
     if (keyblock->length == 0)
-	return KRB5_OK;
+        return KRB5_OK;
     keyblock->contents = ALLOC(keyblock->length, krb5_octet);
     if (keyblock->contents == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     kret = krb5_krcc_parse(context, id, keyblock->contents,
-			   keyblock->length, bc);
+                           keyblock->length, bc);
     CHECK(kret);
 
     return KRB5_OK;
-  errout:
+errout:
     if (keyblock->contents)
-	free(keyblock->contents);
+        free(keyblock->contents);
     return kret;
 }
 
 static  krb5_error_code
 krb5_krcc_parse_times(krb5_context context, krb5_ccache id,
-		      krb5_ticket_times * t, krb5_krcc_bc * bc)
+                      krb5_ticket_times * t, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_int32 i;
@@ -1484,13 +1485,13 @@ krb5_krcc_parse_times(krb5_context context, krb5_ccache id,
     t->renew_till = i;
 
     return 0;
-  errout:
+errout:
     return kret;
 }
 
 static  krb5_error_code
 krb5_krcc_parse_krb5data(krb5_context context, krb5_ccache id,
-			 krb5_data * data, krb5_krcc_bc * bc)
+                         krb5_data * data, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_int32 len;
@@ -1501,56 +1502,56 @@ krb5_krcc_parse_krb5data(krb5_context context, krb5_ccache id,
     kret = krb5_krcc_parse_int32(context, id, &len, bc);
     CHECK(kret);
     if (len < 0)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
     data->length = len;
     if (data->length != len || data->length + 1 == 0)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     if (data->length == 0) {
-	data->data = 0;
-	return KRB5_OK;
+        data->data = 0;
+        return KRB5_OK;
     }
 
     data->data = (char *) malloc(data->length + 1);
     if (data->data == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     kret = krb5_krcc_parse(context, id, data->data, (unsigned) data->length,
-			   bc);
+                           bc);
     CHECK(kret);
 
-    data->data[data->length] = 0;	/* Null terminate, just in case.... */
+    data->data[data->length] = 0;       /* Null terminate, just in case.... */
     return KRB5_OK;
-  errout:
+errout:
     if (data->data)
-	free(data->data);
+        free(data->data);
     return kret;
 }
 
 static  krb5_error_code
 krb5_krcc_parse_int32(krb5_context context, krb5_ccache id, krb5_int32 * i,
-		      krb5_krcc_bc * bc)
+                      krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     unsigned char buf[4];
 
     kret = krb5_krcc_parse(context, id, buf, 4, bc);
     if (kret)
-	return kret;
+        return kret;
     *i = load_32_be(buf);
     return 0;
 }
 
 static  krb5_error_code
 krb5_krcc_parse_octet(krb5_context context, krb5_ccache id, krb5_octet * i,
-		      krb5_krcc_bc * bc)
+                      krb5_krcc_bc * bc)
 {
     return krb5_krcc_parse(context, id, (krb5_pointer) i, 1, bc);
 }
 
 static  krb5_error_code
 krb5_krcc_parse_addrs(krb5_context context, krb5_ccache id,
-		      krb5_address *** addrs, krb5_krcc_bc * bc)
+                      krb5_address *** addrs, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_int32 length;
@@ -1570,31 +1571,31 @@ krb5_krcc_parse_addrs(krb5_context context, krb5_ccache id,
     msize = length;
     msize += 1;
     if (msize == 0 || msize - 1 != length || length < 0)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
     *addrs = ALLOC(msize, krb5_address *);
     if (*addrs == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     for (i = 0; i < length; i++) {
-	(*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address));
-	if ((*addrs)[i] == NULL) {
-	    krb5_free_addresses(context, *addrs);
-	    return KRB5_CC_NOMEM;
-	}
-	kret = krb5_krcc_parse_addr(context, id, (*addrs)[i], bc);
-	CHECK(kret);
+        (*addrs)[i] = (krb5_address *) malloc(sizeof(krb5_address));
+        if ((*addrs)[i] == NULL) {
+            krb5_free_addresses(context, *addrs);
+            return KRB5_CC_NOMEM;
+        }
+        kret = krb5_krcc_parse_addr(context, id, (*addrs)[i], bc);
+        CHECK(kret);
     }
 
     return KRB5_OK;
-  errout:
+errout:
     if (*addrs)
-	krb5_free_addresses(context, *addrs);
+        krb5_free_addresses(context, *addrs);
     return kret;
 }
 
 static  krb5_error_code
 krb5_krcc_parse_addr(krb5_context context, krb5_ccache id, krb5_address * addr,
-		     krb5_krcc_bc * bc)
+                     krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_ui_2 ui2;
@@ -1609,36 +1610,36 @@ krb5_krcc_parse_addr(krb5_context context, krb5_ccache id, krb5_address * addr,
 
     kret = krb5_krcc_parse_int32(context, id, &int32, bc);
     CHECK(kret);
-    if ((int32 & VALID_INT_BITS) != int32)	/* Overflow int??? */
-	return KRB5_CC_NOMEM;
+    if ((int32 & VALID_INT_BITS) != int32)      /* Overflow int??? */
+        return KRB5_CC_NOMEM;
     addr->length = int32;
     /*
      * Length field is "unsigned int", which may be smaller
      * than 32 bits.
      */
     if (addr->length != int32)
-	return KRB5_CC_NOMEM;	/* XXX */
+        return KRB5_CC_NOMEM;   /* XXX */
 
     if (addr->length == 0)
-	return KRB5_OK;
+        return KRB5_OK;
 
     addr->contents = (krb5_octet *) malloc(addr->length);
     if (addr->contents == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     kret = krb5_krcc_parse(context, id, addr->contents, addr->length, bc);
     CHECK(kret);
 
     return KRB5_OK;
-  errout:
+errout:
     if (addr->contents)
-	free(addr->contents);
+        free(addr->contents);
     return kret;
 }
 
 static  krb5_error_code
 krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id,
-			 krb5_authdata *** a, krb5_krcc_bc * bc)
+                         krb5_authdata *** a, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_int32 length;
@@ -1652,7 +1653,7 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id,
     CHECK(kret);
 
     if (length == 0)
-	return KRB5_OK;
+        return KRB5_OK;
 
     /*
      * Make *a able to hold length pointers to krb5_authdata structs
@@ -1661,34 +1662,34 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id,
     msize = length;
     msize += 1;
     if (msize == 0 || msize - 1 != length || length < 0)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
     *a = ALLOC(msize, krb5_authdata *);
     if (*a == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     for (i = 0; i < length; i++) {
-	(*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
-	if ((*a)[i] == NULL) {
-	    krb5_free_authdata(context, *a);
-	    *a = NULL;
-	    return KRB5_CC_NOMEM;
-	}
-	kret = krb5_krcc_parse_authdatum(context, id, (*a)[i], bc);
-	CHECK(kret);
+        (*a)[i] = (krb5_authdata *) malloc(sizeof(krb5_authdata));
+        if ((*a)[i] == NULL) {
+            krb5_free_authdata(context, *a);
+            *a = NULL;
+            return KRB5_CC_NOMEM;
+        }
+        kret = krb5_krcc_parse_authdatum(context, id, (*a)[i], bc);
+        CHECK(kret);
     }
 
     return KRB5_OK;
-  errout:
+errout:
     if (*a) {
-	krb5_free_authdata(context, *a);
-	*a = NULL;
+        krb5_free_authdata(context, *a);
+        *a = NULL;
     }
     return kret;
 }
 
 static  krb5_error_code
 krb5_krcc_parse_authdatum(krb5_context context, krb5_ccache id,
-			  krb5_authdata * a, krb5_krcc_bc * bc)
+                          krb5_authdata * a, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_int32 int32;
@@ -1702,44 +1703,44 @@ krb5_krcc_parse_authdatum(krb5_context context, krb5_ccache id,
     a->ad_type = (krb5_authdatatype) ui2;
     kret = krb5_krcc_parse_int32(context, id, &int32, bc);
     CHECK(kret);
-    if ((int32 & VALID_INT_BITS) != int32)	/* Overflow int??? */
-	return KRB5_CC_NOMEM;
+    if ((int32 & VALID_INT_BITS) != int32)      /* Overflow int??? */
+        return KRB5_CC_NOMEM;
     a->length = int32;
     /*
      * Value could have gotten truncated if int is
      * smaller than 32 bits.
      */
     if (a->length != int32)
-	return KRB5_CC_NOMEM;	/* XXX */
+        return KRB5_CC_NOMEM;   /* XXX */
 
     if (a->length == 0)
-	return KRB5_OK;
+        return KRB5_OK;
 
     a->contents = (krb5_octet *) malloc(a->length);
     if (a->contents == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     kret = krb5_krcc_parse(context, id, a->contents, a->length, bc);
     CHECK(kret);
 
     return KRB5_OK;
-  errout:
+errout:
     if (a->contents)
-	free(a->contents);
+        free(a->contents);
     return kret;
 
 }
 
 static  krb5_error_code
 krb5_krcc_parse_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 * i,
-		     krb5_krcc_bc * bc)
+                     krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     unsigned char buf[2];
 
     kret = krb5_krcc_parse(context, id, buf, 2, bc);
     if (kret)
-	return kret;
+        return kret;
     *i = load_16_be(buf);
     return 0;
 }
@@ -1758,10 +1759,10 @@ krb5_krcc_parse_ui_2(krb5_context context, krb5_ccache id, krb5_ui_2 * i,
  */
 static  krb5_error_code
 krb5_krcc_unparse(krb5_context context, krb5_ccache id, krb5_pointer buf,
-		  unsigned int len, krb5_krcc_bc * bc)
+                  unsigned int len, krb5_krcc_bc * bc)
 {
     if (bc->bpp + len > bc->endp)
-	return KRB5_CC_WRITE;
+        return KRB5_CC_WRITE;
 
     memcpy(bc->bpp, buf, len);
     bc->bpp += len;
@@ -1771,7 +1772,7 @@ krb5_krcc_unparse(krb5_context context, krb5_ccache id, krb5_pointer buf,
 
 static  krb5_error_code
 krb5_krcc_unparse_principal(krb5_context context, krb5_ccache id,
-			    krb5_principal princ, krb5_krcc_bc * bc)
+                            krb5_principal princ, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_int32 i, length, tmp, type;
@@ -1786,14 +1787,14 @@ krb5_krcc_unparse_principal(krb5_context context, krb5_ccache id,
     CHECK_OUT(kret);
 
     kret = krb5_krcc_unparse_krb5data(context, id,
-				      krb5_princ_realm(context, princ), bc);
+                                      krb5_princ_realm(context, princ), bc);
     CHECK_OUT(kret);
 
     for (i = 0; i < length; i++) {
-	kret = krb5_krcc_unparse_krb5data(context, id,
-					  krb5_princ_component(context, princ,
-							       i), bc);
-	CHECK_OUT(kret);
+        kret = krb5_krcc_unparse_krb5data(context, id,
+                                          krb5_princ_component(context, princ,
+                                                               i), bc);
+        CHECK_OUT(kret);
     }
 
     return KRB5_OK;
@@ -1801,7 +1802,7 @@ krb5_krcc_unparse_principal(krb5_context context, krb5_ccache id,
 
 static  krb5_error_code
 krb5_krcc_unparse_keyblock(krb5_context context, krb5_ccache id,
-			   krb5_keyblock * keyblock, krb5_krcc_bc * bc)
+                           krb5_keyblock * keyblock, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
 
@@ -1810,12 +1811,12 @@ krb5_krcc_unparse_keyblock(krb5_context context, krb5_ccache id,
     kret = krb5_krcc_unparse_ui_4(context, id, keyblock->length, bc);
     CHECK_OUT(kret);
     return krb5_krcc_unparse(context, id, (char *) keyblock->contents,
-			     keyblock->length, bc);
+                             keyblock->length, bc);
 }
 
 static  krb5_error_code
 krb5_krcc_unparse_times(krb5_context context, krb5_ccache id,
-			krb5_ticket_times * t, krb5_krcc_bc * bc)
+                        krb5_ticket_times * t, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
 
@@ -1832,7 +1833,7 @@ krb5_krcc_unparse_times(krb5_context context, krb5_ccache id,
 
 static  krb5_error_code
 krb5_krcc_unparse_krb5data(krb5_context context, krb5_ccache id,
-			   krb5_data * data, krb5_krcc_bc * bc)
+                           krb5_data * data, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
 
@@ -1843,14 +1844,14 @@ krb5_krcc_unparse_krb5data(krb5_context context, krb5_ccache id,
 
 static  krb5_error_code
 krb5_krcc_unparse_int32(krb5_context context, krb5_ccache id, krb5_int32 i,
-			krb5_krcc_bc * bc)
+                        krb5_krcc_bc * bc)
 {
     return krb5_krcc_unparse_ui_4(context, id, (krb5_ui_4) i, bc);
 }
 
 static  krb5_error_code
 krb5_krcc_unparse_octet(krb5_context context, krb5_ccache id, krb5_int32 i,
-			krb5_krcc_bc * bc)
+                        krb5_krcc_bc * bc)
 {
     krb5_octet ibuf;
 
@@ -1860,7 +1861,7 @@ krb5_krcc_unparse_octet(krb5_context context, krb5_ccache id, krb5_int32 i,
 
 static  krb5_error_code
 krb5_krcc_unparse_addrs(krb5_context context, krb5_ccache id,
-			krb5_address ** addrs, krb5_krcc_bc * bc)
+                        krb5_address ** addrs, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_address **temp;
@@ -1868,16 +1869,16 @@ krb5_krcc_unparse_addrs(krb5_context context, krb5_ccache id,
 
     /* Count the number of components */
     if (addrs) {
-	temp = addrs;
-	while (*temp++)
-	    length += 1;
+        temp = addrs;
+        while (*temp++)
+            length += 1;
     }
 
     kret = krb5_krcc_unparse_int32(context, id, length, bc);
     CHECK_OUT(kret);
     for (i = 0; i < length; i++) {
-	kret = krb5_krcc_unparse_addr(context, id, addrs[i], bc);
-	CHECK_OUT(kret);
+        kret = krb5_krcc_unparse_addr(context, id, addrs[i], bc);
+        CHECK_OUT(kret);
     }
 
     return KRB5_OK;
@@ -1885,7 +1886,7 @@ krb5_krcc_unparse_addrs(krb5_context context, krb5_ccache id,
 
 static  krb5_error_code
 krb5_krcc_unparse_addr(krb5_context context, krb5_ccache id,
-		       krb5_address * addr, krb5_krcc_bc * bc)
+                       krb5_address * addr, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
 
@@ -1894,34 +1895,34 @@ krb5_krcc_unparse_addr(krb5_context context, krb5_ccache id,
     kret = krb5_krcc_unparse_ui_4(context, id, addr->length, bc);
     CHECK_OUT(kret);
     return krb5_krcc_unparse(context, id, (char *) addr->contents,
-			     addr->length, bc);
+                             addr->length, bc);
 }
 
 static  krb5_error_code
 krb5_krcc_unparse_authdata(krb5_context context, krb5_ccache id,
-			   krb5_authdata ** a, krb5_krcc_bc * bc)
+                           krb5_authdata ** a, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
     krb5_authdata **temp;
     krb5_int32 i, length = 0;
 
     if (a != NULL) {
-	for (temp = a; *temp; temp++)
-	    length++;
+        for (temp = a; *temp; temp++)
+            length++;
     }
 
     kret = krb5_krcc_unparse_int32(context, id, length, bc);
     CHECK_OUT(kret);
     for (i = 0; i < length; i++) {
-	kret = krb5_krcc_unparse_authdatum(context, id, a[i], bc);
-	CHECK_OUT(kret);
+        kret = krb5_krcc_unparse_authdatum(context, id, a[i], bc);
+        CHECK_OUT(kret);
     }
     return KRB5_OK;
 }
 
 static  krb5_error_code
 krb5_krcc_unparse_authdatum(krb5_context context, krb5_ccache id,
-			    krb5_authdata * a, krb5_krcc_bc * bc)
+                            krb5_authdata * a, krb5_krcc_bc * bc)
 {
     krb5_error_code kret;
 
@@ -1930,12 +1931,12 @@ krb5_krcc_unparse_authdatum(krb5_context context, krb5_ccache id,
     kret = krb5_krcc_unparse_ui_4(context, id, a->length, bc);
     CHECK_OUT(kret);
     return krb5_krcc_unparse(context, id, (krb5_pointer) a->contents,
-			     a->length, bc);
+                             a->length, bc);
 }
 
 static  krb5_error_code
 krb5_krcc_unparse_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i,
-		       krb5_krcc_bc * bc)
+                       krb5_krcc_bc * bc)
 {
     unsigned char buf[4];
 
@@ -1945,7 +1946,7 @@ krb5_krcc_unparse_ui_4(krb5_context context, krb5_ccache id, krb5_ui_4 i,
 
 static  krb5_error_code
 krb5_krcc_unparse_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i,
-		       krb5_krcc_bc * bc)
+                       krb5_krcc_bc * bc)
 {
     unsigned char buf[2];
 
@@ -1967,21 +1968,21 @@ krb5_krcc_unparse_ui_2(krb5_context context, krb5_ccache id, krb5_int32 i,
  */
 static  krb5_error_code
 krb5_krcc_unparse_cred(krb5_context context, krb5_ccache id,
-		       krb5_creds * creds, char **datapp, unsigned int *lenptr)
+                       krb5_creds * creds, char **datapp, unsigned int *lenptr)
 {
     krb5_error_code kret;
     char   *buf;
     krb5_krcc_bc bc;
 
     if (!creds || !datapp || !lenptr)
-	return EINVAL;
+        return EINVAL;
 
     *datapp = NULL;
     *lenptr = 0;
 
     buf = malloc(GUESS_CRED_SIZE);
     if (buf == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     bc.bpp = buf;
     bc.endp = buf + GUESS_CRED_SIZE;
@@ -1999,7 +2000,7 @@ krb5_krcc_unparse_cred(krb5_context context, krb5_ccache id,
     CHECK_N_GO(kret, errout);
 
     kret = krb5_krcc_unparse_octet(context, id, (krb5_int32) creds->is_skey,
-				   &bc);
+                                   &bc);
     CHECK_N_GO(kret, errout);
 
     kret = krb5_krcc_unparse_int32(context, id, creds->ticket_flags, &bc);
@@ -2022,23 +2023,23 @@ krb5_krcc_unparse_cred(krb5_context context, krb5_ccache id,
     *lenptr = bc.bpp - buf;
     kret = KRB5_OK;
 
-  errout:
+errout:
     return kret;
 }
 
 /*
- * Utility routine: called by krb5_krcc_* functions to keep 
+ * Utility routine: called by krb5_krcc_* functions to keep
  * result of krb5_krcc_last_change_time up to date.
- * Value monotonically increases -- based on but not guaranteed to be actual 
+ * Value monotonically increases -- based on but not guaranteed to be actual
  * system time.
  */
 
 static void
 krb5_krcc_update_change_time(krb5_krcc_data *d)
 {
-	krb5_timestamp now_time = time(NULL);
-	d->changetime = (d->changetime >= now_time) ? 
-	d->changetime + 1 : now_time;
+    krb5_timestamp now_time = time(NULL);
+    d->changetime = (d->changetime >= now_time) ?
+        d->changetime + 1 : now_time;
 }
 
 
@@ -2065,7 +2066,7 @@ const krb5_cc_ops krb5_krcc_ops = {
     krb5_krcc_end_seq_get,
     krb5_krcc_remove_cred,
     krb5_krcc_set_flags,
-    krb5_krcc_get_flags,	/* added after 1.4 release */
+    krb5_krcc_get_flags,        /* added after 1.4 release */
     NULL,
     NULL,
     NULL,
@@ -2098,7 +2099,7 @@ const krb5_cc_ops krb5_krcc_ops = {
     NULL,
     NULL,
     NULL,
-    NULL,			/* added after 1.4 release */
+    NULL,                       /* added after 1.4 release */
     NULL,
     NULL,
     NULL,
@@ -2108,4 +2109,4 @@ const krb5_cc_ops krb5_krcc_ops = {
     NULL,
     NULL,
 };
-#endif	/* USE_KEYRING_CCACHE */
+#endif  /* USE_KEYRING_CCACHE */
diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c
index 076f7ebd0..578b5ddc5 100644
--- a/src/lib/krb5/ccache/cc_memory.c
+++ b/src/lib/krb5/ccache/cc_memory.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/cc_memory.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * implementation of memory-based credentials cache
  */
@@ -30,68 +31,68 @@
 #include <errno.h>
 
 static krb5_error_code KRB5_CALLCONV krb5_mcc_close
-	(krb5_context, krb5_ccache id );
+(krb5_context, krb5_ccache id );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_destroy 
-	(krb5_context, krb5_ccache id );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_destroy
+(krb5_context, krb5_ccache id );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_end_seq_get 
-	(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_end_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_generate_new 
-	(krb5_context, krb5_ccache *id );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_generate_new
+(krb5_context, krb5_ccache *id );
 
-static const char * KRB5_CALLCONV krb5_mcc_get_name 
-	(krb5_context, krb5_ccache id );
+static const char * KRB5_CALLCONV krb5_mcc_get_name
+(krb5_context, krb5_ccache id );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal 
-	(krb5_context, krb5_ccache id , krb5_principal *princ );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_get_principal
+(krb5_context, krb5_ccache id , krb5_principal *princ );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_initialize 
-	(krb5_context, krb5_ccache id , krb5_principal princ );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_initialize
+(krb5_context, krb5_ccache id , krb5_principal princ );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_next_cred 
-	(krb5_context, 
-		   krb5_ccache id , 
-		   krb5_cc_cursor *cursor , 
-		   krb5_creds *creds );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_next_cred
+(krb5_context,
+ krb5_ccache id ,
+ krb5_cc_cursor *cursor ,
+ krb5_creds *creds );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_resolve 
-	(krb5_context, krb5_ccache *id , const char *residual );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_resolve
+(krb5_context, krb5_ccache *id , const char *residual );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_retrieve 
-	(krb5_context, 
-		   krb5_ccache id , 
-		   krb5_flags whichfields , 
-		   krb5_creds *mcreds , 
-		   krb5_creds *creds );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_retrieve
+(krb5_context,
+ krb5_ccache id ,
+ krb5_flags whichfields ,
+ krb5_creds *mcreds ,
+ krb5_creds *creds );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_start_seq_get 
-	(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_start_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_store 
-	(krb5_context, krb5_ccache id , krb5_creds *creds );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_store
+(krb5_context, krb5_ccache id , krb5_creds *creds );
 
-static krb5_error_code KRB5_CALLCONV krb5_mcc_set_flags 
-	(krb5_context, krb5_ccache id , krb5_flags flags );
+static krb5_error_code KRB5_CALLCONV krb5_mcc_set_flags
+(krb5_context, krb5_ccache id , krb5_flags flags );
 
 static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_new
-	(krb5_context, krb5_cc_ptcursor *);
+(krb5_context, krb5_cc_ptcursor *);
 
 static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_next
-	(krb5_context, krb5_cc_ptcursor, krb5_ccache *);
+(krb5_context, krb5_cc_ptcursor, krb5_ccache *);
 
 static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_free
-	(krb5_context, krb5_cc_ptcursor *);
+(krb5_context, krb5_cc_ptcursor *);
 
 static krb5_error_code KRB5_CALLCONV krb5_mcc_last_change_time
-	(krb5_context, krb5_ccache, krb5_timestamp *);
+(krb5_context, krb5_ccache, krb5_timestamp *);
 
 static krb5_error_code KRB5_CALLCONV krb5_mcc_lock
-	(krb5_context context, krb5_ccache id);
+(krb5_context context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_mcc_unlock
-	(krb5_context context, krb5_ccache id);
+(krb5_context context, krb5_ccache id);
 
 
 extern const krb5_cc_ops krb5_mcc_ops;
@@ -146,7 +147,7 @@ static void krb5_mcc_free (krb5_context context, krb5_ccache id);
 krb5_error_code KRB5_CALLCONV
 krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
 {
-    krb5_error_code ret; 
+    krb5_error_code ret;
     krb5_mcc_data *d;
 
     d = (krb5_mcc_data *)id->data;
@@ -155,10 +156,10 @@ krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
         return ret;
 
     krb5_mcc_free(context, id);
-	
+
     d = (krb5_mcc_data *)id->data;
     ret = krb5_copy_principal(context, princ,
-			      &d->prin);
+                              &d->prin);
     update_mcc_change_time(d);
 
     k5_cc_mutex_unlock(context, &d->lock);
@@ -178,8 +179,8 @@ krb5_mcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
 krb5_error_code KRB5_CALLCONV
 krb5_mcc_close(krb5_context context, krb5_ccache id)
 {
-     free(id);
-     return KRB5_OK;
+    free(id);
+    return KRB5_OK;
 }
 
 static void
@@ -190,10 +191,10 @@ krb5_mcc_free(krb5_context context, krb5_ccache id)
 
     d = (krb5_mcc_data *) id->data;
     for (curr = d->link; curr;) {
-	krb5_free_creds(context, curr->creds);
-	next = curr->next;
-	free(curr);
-	curr = next;
+        krb5_free_creds(context, curr->creds);
+        next = curr->next;
+        free(curr);
+        curr = next;
     }
     d->link = NULL;
     krb5_free_principal(context, d->prin);
@@ -215,16 +216,16 @@ krb5_mcc_destroy(krb5_context context, krb5_ccache id)
 
     err = k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
     if (err)
-	return err;
+        return err;
 
     d = (krb5_mcc_data *)id->data;
     for (curr = &mcc_head; *curr; curr = &(*curr)->next) {
-	if ((*curr)->cache == d) {
-	    node = *curr;
-	    *curr = node->next;
-	    free(node);
-	    break;
-	}
+        if ((*curr)->cache == d) {
+            node = *curr;
+            *curr = node->next;
+            free(node);
+            break;
+        }
     }
     k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
 
@@ -236,7 +237,7 @@ krb5_mcc_destroy(krb5_context context, krb5_ccache id)
     free(d->name);
     k5_cc_mutex_unlock(context, &d->lock);
     k5_cc_mutex_destroy(&d->lock);
-    free(d); 
+    free(d);
     free(id);
 
     krb5_change_cache ();
@@ -249,11 +250,11 @@ krb5_mcc_destroy(krb5_context context, krb5_ccache id)
  *
  * Modifies:
  * id
- * 
+ *
  * Effects:
- * creates or accesses a memory-based cred cache that is referenced by 
- * residual.  
- * 
+ * creates or accesses a memory-based cred cache that is referenced by
+ * residual.
+ *
  * Returns:
  * A filled in krb5_ccache structure "id".
  *
@@ -274,28 +275,28 @@ krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
 
     err = k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
     if (err)
-	return err;
+        return err;
     for (ptr = mcc_head; ptr; ptr=ptr->next)
-	if (!strcmp(ptr->cache->name, residual))
-	    break;
+        if (!strcmp(ptr->cache->name, residual))
+            break;
     if (ptr)
-	d = ptr->cache;
+        d = ptr->cache;
     else {
-	err = new_mcc_data(residual, &d);
-	if (err) {
-	    k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
-	    return err;
-	}
+        err = new_mcc_data(residual, &d);
+        if (err) {
+            k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+            return err;
+        }
     }
     k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
 
     lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
     if (lid == NULL)
-	return KRB5_CC_NOMEM;
-    
+        return KRB5_CC_NOMEM;
+
     lid->ops = &krb5_mcc_ops;
     lid->data = d;
-    *id = lid; 
+    *id = lid;
     return KRB5_OK;
 }
 
@@ -314,20 +315,20 @@ krb5_mcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
  */
 krb5_error_code KRB5_CALLCONV
 krb5_mcc_start_seq_get(krb5_context context, krb5_ccache id,
-		       krb5_cc_cursor *cursor)
+                       krb5_cc_cursor *cursor)
 {
-     krb5_mcc_cursor mcursor;
-     krb5_error_code err;
-     krb5_mcc_data *d;
-
-     d = id->data;
-     err = k5_cc_mutex_lock(context, &d->lock);
-     if (err)
-	 return err;
-     mcursor = d->link;
-     k5_cc_mutex_unlock(context, &d->lock);
-     *cursor = (krb5_cc_cursor) mcursor;
-     return KRB5_OK;
+    krb5_mcc_cursor mcursor;
+    krb5_error_code err;
+    krb5_mcc_data *d;
+
+    d = id->data;
+    err = k5_cc_mutex_lock(context, &d->lock);
+    if (err)
+        return err;
+    mcursor = d->link;
+    k5_cc_mutex_unlock(context, &d->lock);
+    *cursor = (krb5_cc_cursor) mcursor;
+    return KRB5_OK;
 }
 
 /*
@@ -337,7 +338,7 @@ krb5_mcc_start_seq_get(krb5_context context, krb5_ccache id,
  *
  * Modifes:
  * cursor, creds
- * 
+ *
  * Effects:
  * Fills in creds with the "next" credentals structure from the cache
  * id.  The actual order the creds are returned in is arbitrary.
@@ -352,25 +353,25 @@ krb5_mcc_start_seq_get(krb5_context context, krb5_ccache id,
  */
 krb5_error_code KRB5_CALLCONV
 krb5_mcc_next_cred(krb5_context context, krb5_ccache id,
-		   krb5_cc_cursor *cursor, krb5_creds *creds)
+                   krb5_cc_cursor *cursor, krb5_creds *creds)
 {
-     krb5_mcc_cursor mcursor;
-     krb5_error_code retval;
-
-     /* Once the node in the linked list is created, it's never
-	modified, so we don't need to worry about locking here.  (Note
-	that we don't support _remove_cred.)  */
-     mcursor = (krb5_mcc_cursor) *cursor;
-     if (mcursor == NULL)
-	return KRB5_CC_END;
-     memset(creds, 0, sizeof(krb5_creds));     
-     if (mcursor->creds) {
-	 retval = krb5int_copy_creds_contents(context, mcursor->creds, creds);
-	 if (retval)
-	     return retval;
-     }
-     *cursor = (krb5_cc_cursor)mcursor->next;
-     return KRB5_OK;
+    krb5_mcc_cursor mcursor;
+    krb5_error_code retval;
+
+    /* Once the node in the linked list is created, it's never
+       modified, so we don't need to worry about locking here.  (Note
+       that we don't support _remove_cred.)  */
+    mcursor = (krb5_mcc_cursor) *cursor;
+    if (mcursor == NULL)
+        return KRB5_CC_END;
+    memset(creds, 0, sizeof(krb5_creds));
+    if (mcursor->creds) {
+        retval = krb5int_copy_creds_contents(context, mcursor->creds, creds);
+        if (retval)
+            return retval;
+    }
+    *cursor = (krb5_cc_cursor)mcursor->next;
+    return KRB5_OK;
 }
 
 /*
@@ -389,8 +390,8 @@ krb5_mcc_next_cred(krb5_context context, krb5_ccache id,
 krb5_error_code KRB5_CALLCONV
 krb5_mcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
 {
-     *cursor = 0L;
-     return KRB5_OK;
+    *cursor = 0L;
+    return KRB5_OK;
 }
 
 /* Utility routine: Creates the back-end data for a memory cache, and
@@ -406,19 +407,19 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr)
 
     d = malloc(sizeof(krb5_mcc_data));
     if (d == NULL)
-	return KRB5_CC_NOMEM;
-        
+        return KRB5_CC_NOMEM;
+
     err = k5_cc_mutex_init(&d->lock);
     if (err) {
-	free(d);
-	return err;
+        free(d);
+        return err;
     }
 
     d->name = strdup(name);
     if (d->name == NULL) {
-	k5_cc_mutex_destroy(&d->lock);
-	free(d);
-	return KRB5_CC_NOMEM;
+        k5_cc_mutex_destroy(&d->lock);
+        free(d);
+        return KRB5_CC_NOMEM;
     }
     d->link = NULL;
     d->prin = NULL;
@@ -427,10 +428,10 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr)
 
     n = malloc(sizeof(krb5_mcc_list_node));
     if (n == NULL) {
-	free(d->name);
-	k5_cc_mutex_destroy(&d->lock);
-	free(d);
-	return KRB5_CC_NOMEM;
+        free(d->name);
+        k5_cc_mutex_destroy(&d->lock);
+        free(d);
+        return KRB5_CC_NOMEM;
     }
 
     n->cache = d;
@@ -445,7 +446,7 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr)
  * Effects:
  * Creates a new memory cred cache whose name is guaranteed to be
  * unique.  The name begins with the string TKT_ROOT (from mcc.h).
- *  
+ *
  * Returns:
  * The filled in krb5_ccache id.
  *
@@ -466,41 +467,41 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id)
     /* Allocate memory */
     lid = (krb5_ccache) malloc(sizeof(struct _krb5_ccache));
     if (lid == NULL)
-	return KRB5_CC_NOMEM;
+        return KRB5_CC_NOMEM;
 
     lid->ops = &krb5_mcc_ops;
-    
+
     err = k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
     if (err) {
-	free(lid);
-	return err;
+        free(lid);
+        return err;
     }
-    
+
     /* Check for uniqueness with mutex locked to avoid race conditions */
     while (1) {
         krb5_mcc_list_node *ptr;
 
         err = krb5int_random_string (context, uniquename, sizeof (uniquename));
         if (err) {
-	    k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
-	    free(lid);
-	    return err;
+            k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+            free(lid);
+            return err;
         }
-        
-	for (ptr = mcc_head; ptr; ptr=ptr->next) {
+
+        for (ptr = mcc_head; ptr; ptr=ptr->next) {
             if (!strcmp(ptr->cache->name, uniquename)) {
-		break;  /* got a match, loop again */
+                break;  /* got a match, loop again */
             }
-	}
+        }
         if (!ptr) break; /* got to the end without finding a match */
     }
-    
+
     err = new_mcc_data(uniquename, &d);
 
     k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
     if (err) {
-	free(lid);
-	return err;
+        free(lid);
+        return err;
     }
     lid->data = d;
     *id = lid;
@@ -508,8 +509,8 @@ krb5_mcc_generate_new (krb5_context context, krb5_ccache *id)
     return KRB5_OK;
 }
 
-/* Utility routine: Creates a random memory ccache name. 
- * This algorithm was selected because it creates readable 
+/* Utility routine: Creates a random memory ccache name.
+ * This algorithm was selected because it creates readable
  * random ccache names in a fixed size buffer.  */
 
 krb5_error_code
@@ -520,19 +521,19 @@ krb5int_random_string (krb5_context context, char *string, unsigned int length)
     krb5_error_code err = 0;
     unsigned char *bytes = NULL;
     unsigned int bytecount = length - 1;
-    
+
     if (!err) {
         bytes = malloc (bytecount);
         if (bytes == NULL) { err = ENOMEM; }
     }
-    
+
     if (!err) {
         krb5_data data;
         data.length = bytecount;
         data.data = (char *) bytes;
         err = krb5_c_random_make_octets (context, &data);
     }
-    
+
     if (!err) {
         unsigned int i;
         for (i = 0; i < bytecount; i++) {
@@ -540,23 +541,23 @@ krb5int_random_string (krb5_context context, char *string, unsigned int length)
         }
         string[length - 1] = '\0';
     }
-    
+
     if (bytes != NULL) { free (bytes); }
-    
+
     return err;
 }
 
 /*
  * Requires:
  * id is a file credential cache
- * 
+ *
  * Returns:
  * A pointer to the name of the file cred cache id.
  */
 const char * KRB5_CALLCONV
 krb5_mcc_get_name (krb5_context context, krb5_ccache id)
 {
-     return (char *) ((krb5_mcc_data *) id->data)->name;
+    return (char *) ((krb5_mcc_data *) id->data)->name;
 }
 
 /*
@@ -575,25 +576,25 @@ krb5_mcc_get_name (krb5_context context, krb5_ccache id)
 krb5_error_code KRB5_CALLCONV
 krb5_mcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
 {
-     krb5_mcc_data *ptr = (krb5_mcc_data *)id->data;
-     if (!ptr->prin) {
+    krb5_mcc_data *ptr = (krb5_mcc_data *)id->data;
+    if (!ptr->prin) {
         *princ = 0L;
         return KRB5_FCC_NOFILE;
-     }
-     return krb5_copy_principal(context, ptr->prin, princ);
+    }
+    return krb5_copy_principal(context, ptr->prin, princ);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_mcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
-		  krb5_creds *mcreds, krb5_creds *creds)
+                  krb5_creds *mcreds, krb5_creds *creds)
 {
     return krb5_cc_retrieve_cred_default (context, id, whichfields,
-					  mcreds, creds);
+                                          mcreds, creds);
 }
 
-/* 
+/*
  * Non-functional stub implementation for krb5_mcc_remove
- * 
+ *
  * Errors:
  *    KRB5_CC_NOSUPP - not implemented
  */
@@ -612,7 +613,7 @@ krb5_mcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
  *
  * Modifies:
  * id
- * 
+ *
  * Effects:
  * Sets the operational flags of id to flags.
  */
@@ -649,13 +650,13 @@ krb5_mcc_store(krb5_context ctx, krb5_ccache id, krb5_creds *creds)
 
     new_node = malloc(sizeof(krb5_mcc_link));
     if (new_node == NULL)
-	return ENOMEM;
+        return ENOMEM;
     err = krb5_copy_creds(ctx, creds, &new_node->creds);
     if (err)
-	goto cleanup;
+        goto cleanup;
     err = k5_cc_mutex_lock(ctx, &mptr->lock);
     if (err)
-	goto cleanup;
+        goto cleanup;
     new_node->next = mptr->link;
     mptr->link = new_node;
     update_mcc_change_time(mptr);
@@ -679,25 +680,25 @@ krb5_mcc_ptcursor_new(
 
     n = malloc(sizeof(*n));
     if (n == NULL)
-	return ENOMEM;
+        return ENOMEM;
     n->ops = &krb5_mcc_ops;
     cdata = malloc(sizeof(struct krb5_mcc_ptcursor_data));
     if (cdata == NULL) {
-	ret = ENOMEM;
-	goto errout;
+        ret = ENOMEM;
+        goto errout;
     }
     n->data = cdata;
     ret = k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
     if (ret)
-	goto errout;
+        goto errout;
     cdata->cur = mcc_head;
     ret = k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
     if (ret)
-	goto errout;
+        goto errout;
 
 errout:
     if (ret) {
-	krb5_mcc_ptcursor_free(context, &n);
+        krb5_mcc_ptcursor_free(context, &n);
     }
     *cursor = n;
     return ret;
@@ -715,25 +716,25 @@ krb5_mcc_ptcursor_next(
     *ccache = NULL;
     cdata = cursor->data;
     if (cdata->cur == NULL)
-	return 0;
+        return 0;
 
     *ccache = malloc(sizeof(**ccache));
     if (*ccache == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     (*ccache)->ops = &krb5_mcc_ops;
     (*ccache)->data = cdata->cur->cache;
     ret = k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
     if (ret)
-	goto errout;
+        goto errout;
     cdata->cur = cdata->cur->next;
     ret = k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
     if (ret)
-	goto errout;
+        goto errout;
 errout:
     if (ret && *ccache != NULL) {
-	free(*ccache);
-	*ccache = NULL;
+        free(*ccache);
+        *ccache = NULL;
     }
     return ret;
 }
@@ -744,25 +745,25 @@ krb5_mcc_ptcursor_free(
     krb5_cc_ptcursor *cursor)
 {
     if (*cursor == NULL)
-	return 0;
+        return 0;
     if ((*cursor)->data != NULL)
-	free((*cursor)->data);
+        free((*cursor)->data);
     free(*cursor);
     *cursor = NULL;
     return 0;
 }
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_mcc_last_change_time(
     krb5_context context,
-    krb5_ccache id, 
+    krb5_ccache id,
     krb5_timestamp *change_time)
 {
     krb5_error_code ret = 0;
     krb5_mcc_data *data = (krb5_mcc_data *) id->data;
-    
+
     *change_time = 0;
-    
+
     ret = k5_cc_mutex_lock(context, &data->lock);
     if (!ret) {
         *change_time = data->changetime;
@@ -773,19 +774,19 @@ krb5_mcc_last_change_time(
 }
 
 /*
- Utility routine: called by krb5_mcc_* functions to keep 
- result of krb5_mcc_last_change_time up to date
- */
+  Utility routine: called by krb5_mcc_* functions to keep
+  result of krb5_mcc_last_change_time up to date
+*/
 
 static void
 update_mcc_change_time(krb5_mcc_data *d)
 {
     krb5_timestamp now_time = time(NULL);
-    d->changetime = (d->changetime >= now_time) ? 
-	d->changetime + 1 : now_time;
+    d->changetime = (d->changetime >= now_time) ?
+        d->changetime + 1 : now_time;
 }
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_mcc_lock(krb5_context context, krb5_ccache id)
 {
     krb5_error_code ret = 0;
@@ -794,7 +795,7 @@ krb5_mcc_lock(krb5_context context, krb5_ccache id)
     return ret;
 }
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_mcc_unlock(krb5_context context, krb5_ccache id)
 {
     krb5_error_code ret = 0;
@@ -804,29 +805,29 @@ krb5_mcc_unlock(krb5_context context, krb5_ccache id)
 }
 
 const krb5_cc_ops krb5_mcc_ops = {
-     0,
-     "MEMORY",
-     krb5_mcc_get_name,
-     krb5_mcc_resolve,
-     krb5_mcc_generate_new,
-     krb5_mcc_initialize,
-     krb5_mcc_destroy,
-     krb5_mcc_close,
-     krb5_mcc_store,
-     krb5_mcc_retrieve,
-     krb5_mcc_get_principal,
-     krb5_mcc_start_seq_get,
-     krb5_mcc_next_cred,
-     krb5_mcc_end_seq_get,
-     krb5_mcc_remove_cred,
-     krb5_mcc_set_flags,
-     krb5_mcc_get_flags,
-     krb5_mcc_ptcursor_new,
-     krb5_mcc_ptcursor_next,
-     krb5_mcc_ptcursor_free,
-     NULL, /* move */
-     krb5_mcc_last_change_time,
-     NULL, /* wasdefault */
-     krb5_mcc_lock,
-     krb5_mcc_unlock,
+    0,
+    "MEMORY",
+    krb5_mcc_get_name,
+    krb5_mcc_resolve,
+    krb5_mcc_generate_new,
+    krb5_mcc_initialize,
+    krb5_mcc_destroy,
+    krb5_mcc_close,
+    krb5_mcc_store,
+    krb5_mcc_retrieve,
+    krb5_mcc_get_principal,
+    krb5_mcc_start_seq_get,
+    krb5_mcc_next_cred,
+    krb5_mcc_end_seq_get,
+    krb5_mcc_remove_cred,
+    krb5_mcc_set_flags,
+    krb5_mcc_get_flags,
+    krb5_mcc_ptcursor_new,
+    krb5_mcc_ptcursor_next,
+    krb5_mcc_ptcursor_free,
+    NULL, /* move */
+    krb5_mcc_last_change_time,
+    NULL, /* wasdefault */
+    krb5_mcc_lock,
+    krb5_mcc_unlock,
 };
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index db74828f3..826794f89 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/cc_mslsa.c
  *
@@ -10,7 +11,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -24,11 +25,11 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * Copyright 2000 by Carnegie Mellon University
  *
  * All Rights Reserved
- * 
+ *
  * Permission to use, copy, modify, and distribute this software and its
  * documentation for any purpose and without fee is hereby granted,
  * provided that the above copyright notice appear in all copies and that
@@ -37,7 +38,7 @@
  * University not be used in advertising or publicity pertaining to
  * distribution of the software without specific, written prior
  * permission.
- * 
+ *
  * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
  * FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR
@@ -88,63 +89,63 @@
 #define MAX_MSG_SIZE 256
 #define MAX_MSPRINC_SIZE 1024
 
-/* THREAD SAFETY 
- * The functions is_windows_2000(), is_windows_xp(), 
- * does_retrieve_ticket_cache_ticket() and does_query_ticket_cache_ex2() 
- * contain static variables to cache the responses of the tests being 
- * performed.  There is no harm in the test being performed more than 
+/* THREAD SAFETY
+ * The functions is_windows_2000(), is_windows_xp(),
+ * does_retrieve_ticket_cache_ticket() and does_query_ticket_cache_ex2()
+ * contain static variables to cache the responses of the tests being
+ * performed.  There is no harm in the test being performed more than
  * once since the result will always be the same.
  */
 
-static BOOL 
+static BOOL
 is_windows_2000 (void)
 {
-   static BOOL fChecked = FALSE;
-   static BOOL fIsWin2K = FALSE;
+    static BOOL fChecked = FALSE;
+    static BOOL fIsWin2K = FALSE;
 
-   if (!fChecked)
-   {
-       OSVERSIONINFO Version;
+    if (!fChecked)
+    {
+        OSVERSIONINFO Version;
 
-       memset (&Version, 0x00, sizeof(Version));
-       Version.dwOSVersionInfoSize = sizeof(Version);
+        memset (&Version, 0x00, sizeof(Version));
+        Version.dwOSVersionInfoSize = sizeof(Version);
 
-       if (GetVersionEx (&Version))
-       {
-           if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+        if (GetVersionEx (&Version))
+        {
+            if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
                 Version.dwMajorVersion >= 5)
-               fIsWin2K = TRUE;
-       }
-       fChecked = TRUE;
-   }
+                fIsWin2K = TRUE;
+        }
+        fChecked = TRUE;
+    }
 
-   return fIsWin2K;
+    return fIsWin2K;
 }
 
-static BOOL 
+static BOOL
 is_windows_xp (void)
 {
-   static BOOL fChecked = FALSE;
-   static BOOL fIsWinXP = FALSE;
+    static BOOL fChecked = FALSE;
+    static BOOL fIsWinXP = FALSE;
 
-   if (!fChecked)
-   {
-       OSVERSIONINFO Version;
+    if (!fChecked)
+    {
+        OSVERSIONINFO Version;
 
-       memset (&Version, 0x00, sizeof(Version));
-       Version.dwOSVersionInfoSize = sizeof(Version);
+        memset (&Version, 0x00, sizeof(Version));
+        Version.dwOSVersionInfoSize = sizeof(Version);
 
-       if (GetVersionEx (&Version))
-       {
-           if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+        if (GetVersionEx (&Version))
+        {
+            if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
                 (Version.dwMajorVersion > 5 ||
                  Version.dwMajorVersion == 5 && Version.dwMinorVersion >= 1) )
-               fIsWinXP = TRUE;
-       }
-       fChecked = TRUE;
-   }
+                fIsWinXP = TRUE;
+        }
+        fChecked = TRUE;
+    }
 
-   return fIsWinXP;
+    return fIsWinXP;
 }
 
 static BOOL
@@ -155,17 +156,17 @@ is_windows_vista (void)
 
     if (!fChecked)
     {
-	OSVERSIONINFO Version;
+        OSVERSIONINFO Version;
 
-	memset (&Version, 0x00, sizeof(Version));
-	Version.dwOSVersionInfoSize = sizeof(Version);
+        memset (&Version, 0x00, sizeof(Version));
+        Version.dwOSVersionInfoSize = sizeof(Version);
 
-	if (GetVersionEx (&Version))
-	{
-	    if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && Version.dwMajorVersion >= 6)
-		fIsVista = TRUE;
-	}
-	fChecked = TRUE;
+        if (GetVersionEx (&Version))
+        {
+            if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && Version.dwMajorVersion >= 6)
+                fIsVista = TRUE;
+        }
+        fChecked = TRUE;
     }
 
     return fIsVista;
@@ -179,24 +180,24 @@ is_process_uac_limited (void)
 
     if (!fChecked)
     {
-	NTSTATUS Status = 0;
-	HANDLE  TokenHandle;
-	DWORD   ElevationLevel;
-	DWORD   ReqLen;
-	BOOL    Success;
-
-	if (is_windows_vista()) {
-	    Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle );
-	    if ( Success ) {
-		Success = GetTokenInformation( TokenHandle, 
-					       TokenOrigin+1 /* ElevationLevel */,
-					       &ElevationLevel, sizeof(DWORD), &ReqLen );
-		CloseHandle( TokenHandle );
-		if ( Success && ElevationLevel == 3 /* Limited */ )
-		    fIsUAC = TRUE;
-	    }
-	}
-	fChecked = TRUE;
+        NTSTATUS Status = 0;
+        HANDLE  TokenHandle;
+        DWORD   ElevationLevel;
+        DWORD   ReqLen;
+        BOOL    Success;
+
+        if (is_windows_vista()) {
+            Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle );
+            if ( Success ) {
+                Success = GetTokenInformation( TokenHandle,
+                                               TokenOrigin+1 /* ElevationLevel */,
+                                               &ElevationLevel, sizeof(DWORD), &ReqLen );
+                CloseHandle( TokenHandle );
+                if ( Success && ElevationLevel == 3 /* Limited */ )
+                    fIsUAC = TRUE;
+            }
+        }
+        fChecked = TRUE;
     }
     return fIsUAC;
 
@@ -212,31 +213,31 @@ is_broken_wow64(void)
 
     if (!fChecked)
     {
-	BOOL isWow64 = FALSE;
-	OSVERSIONINFO Version;
-	HANDLE h1 = NULL;
-	LPFN_ISWOW64PROCESS fnIsWow64Process = NULL;
-		
-	h1 = GetModuleHandle(L"kernel32.dll");
-	fnIsWow64Process = 
-	    (LPFN_ISWOW64PROCESS)GetProcAddress(h1, "IsWow64Process");
-
-	/* If we don't find the fnIsWow64Process function then we 
-	 * are not running in a broken Wow64 
-	 */
-	if (fnIsWow64Process) {
-	    memset (&Version, 0x00, sizeof(Version));
-	    Version.dwOSVersionInfoSize = sizeof(Version);
-
-	    if (fnIsWow64Process(GetCurrentProcess(), &isWow64) && 
-		GetVersionEx (&Version)) {
-		if (isWow64 && 
-		    Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
-		    Version.dwMajorVersion < 6)
-		    fIsBrokenWow64 = TRUE;
-	    } 
-	}
-	fChecked = TRUE;
+        BOOL isWow64 = FALSE;
+        OSVERSIONINFO Version;
+        HANDLE h1 = NULL;
+        LPFN_ISWOW64PROCESS fnIsWow64Process = NULL;
+
+        h1 = GetModuleHandle(L"kernel32.dll");
+        fnIsWow64Process =
+            (LPFN_ISWOW64PROCESS)GetProcAddress(h1, "IsWow64Process");
+
+        /* If we don't find the fnIsWow64Process function then we
+         * are not running in a broken Wow64
+         */
+        if (fnIsWow64Process) {
+            memset (&Version, 0x00, sizeof(Version));
+            Version.dwOSVersionInfoSize = sizeof(Version);
+
+            if (fnIsWow64Process(GetCurrentProcess(), &isWow64) &&
+                GetVersionEx (&Version)) {
+                if (isWow64 &&
+                    Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                    Version.dwMajorVersion < 6)
+                    fIsBrokenWow64 = TRUE;
+            }
+        }
+        fChecked = TRUE;
     }
 
     return fIsBrokenWow64;
@@ -244,7 +245,7 @@ is_broken_wow64(void)
 
 /* This flag is only supported by versions of Windows which have obtained
  * a code change from Microsoft.   When the code change is installed,
- * setting this flag will cause all retrieved credentials to be stored 
+ * setting this flag will cause all retrieved credentials to be stored
  * in the LSA cache.
  */
 #ifndef KERB_RETRIEVE_TICKET_CACHE_TICKET
@@ -308,27 +309,27 @@ UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen)
         // Only supporting non-Unicode strings
         int reqLen = WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1,
                                          NULL, 0, NULL, NULL);
-        if ( reqLen > nOutStringLen) 
+        if ( reqLen > nOutStringLen)
         {
             return FALSE;
         } else {
-            if (WideCharToMultiByte(CP_ACP, 
-				    /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK, 
-				    (LPCWSTR) lpInputString, -1,
-				    lpszOutputString, 
-				    nOutStringLen, NULL, NULL) == 0)
-		return FALSE;
+            if (WideCharToMultiByte(CP_ACP,
+                                    /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK,
+                                    (LPCWSTR) lpInputString, -1,
+                                    lpszOutputString,
+                                    nOutStringLen, NULL, NULL) == 0)
+                return FALSE;
         }
-    } 
+    }
     else
     {
         // Looks like unicode, better translate it
-        if (WideCharToMultiByte(CP_ACP, 
-				/* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK, 
-				(LPCWSTR) lpInputString, -1,
-				lpszOutputString, 
-				nOutStringLen, NULL, NULL) == 0)
-	    return FALSE;
+        if (WideCharToMultiByte(CP_ACP,
+                                /* WC_NO_BEST_FIT_CHARS | */ WC_COMPOSITECHECK,
+                                (LPCWSTR) lpInputString, -1,
+                                lpszOutputString,
+                                nOutStringLen, NULL, NULL) == 0)
+            return FALSE;
     }
 
     return TRUE;
@@ -365,14 +366,14 @@ MITPrincToMSPrinc(krb5_context context, krb5_principal principal, UNICODE_STRING
         msprinc->Length = strlen(aname) * sizeof(WCHAR);
         if ( msprinc->Length <= msprinc->MaximumLength )
             ANSIToUnicode(aname, msprinc->Buffer, msprinc->MaximumLength);
-        else 
+        else
             msprinc->Length = 0;
         krb5_free_unparsed_name(context,aname);
     }
 }
 
 static BOOL
-UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context context, 
+UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context context,
                         krb5_principal *principal)
 {
     WCHAR princbuf[512];
@@ -385,14 +386,14 @@ UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context cont
     wcscat(princbuf, realm);
     if (UnicodeToANSI(princbuf, aname, sizeof(aname))) {
         if (krb5_parse_name(context, aname, principal) == 0)
-	    return TRUE;
+            return TRUE;
     }
     return FALSE;
 }
 
 
 static BOOL
-KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context, 
+KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context,
                            krb5_principal *principal)
 {
     WCHAR princbuf[512],tmpbuf[128];
@@ -411,7 +412,7 @@ KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_conte
     wcscat(princbuf, realm);
     if (UnicodeToANSI(princbuf, aname, sizeof(aname))) {
         if (krb5_parse_name(context, aname, principal) == 0)
-	    return TRUE;
+            return TRUE;
     }
     return FALSE;
 }
@@ -451,16 +452,16 @@ static BOOL
 IsMSSessionKeyNull(KERB_CRYPTO_KEY *mskey)
 {
     DWORD i;
-    
+
     if (is_process_uac_limited())
-	return TRUE;
+        return TRUE;
 
     if (mskey->KeyType == KERB_ETYPE_NULL)
-	return TRUE;
+        return TRUE;
 
     for ( i=0; i<mskey->Length; i++ ) {
-	if (mskey->Value[i])
-	    return FALSE;
+        if (mskey->Value[i])
+            return FALSE;
     }
 
     return TRUE;
@@ -482,12 +483,12 @@ MSTicketToMITTicket(KERB_EXTERNAL_TICKET *msticket, krb5_context context, krb5_d
     tmpdata.length=msticket->EncodedTicketSize;
     tmpdata.data=msticket->EncodedTicket;
 
-    // this is ugly and will break krb5_free_data() 
+    // this is ugly and will break krb5_free_data()
     // now that this is being done within the library it won't break krb5_free_data()
     rc = krb5_copy_data(context, &tmpdata, &newdata);
     if (rc)
         return FALSE;
-    
+
     memcpy(ticket, newdata, sizeof(krb5_data));
     free(newdata);
     return TRUE;
@@ -496,7 +497,7 @@ MSTicketToMITTicket(KERB_EXTERNAL_TICKET *msticket, krb5_context context, krb5_d
 /*
  * PreserveInitialTicketIdentity()
  *
- * This will find the "PreserveInitialTicketIdentity" key in the registry.  
+ * This will find the "PreserveInitialTicketIdentity" key in the registry.
  * Returns 1 to preserve and 0 to not.
  */
 
@@ -520,7 +521,7 @@ PreserveInitialTicketIdentity(void)
     RegCloseKey(hKey);
     goto done;
 
-  syskey:
+syskey:
     if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, key_path, 0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS)
         goto done;
     if (RegQueryValueExA(hKey, value_name, 0, &type, (LPBYTE)&retval, &size) != ERROR_SUCCESS)
@@ -530,13 +531,13 @@ PreserveInitialTicketIdentity(void)
     }
     RegCloseKey(hKey);
 
-  done:
+done:
     return retval;
 }
 
 
 static BOOL
-MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, 
+MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm,
                 krb5_context context, krb5_creds *creds)
 {
     WCHAR wrealm[128];
@@ -555,7 +556,7 @@ MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm,
     wrealm[msticket->DomainName.Length/sizeof(WCHAR)]=0;
     if (!KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server))
         return FALSE;
-    MSSessionKeyToMITKeyblock(&msticket->SessionKey, context, 
+    MSSessionKeyToMITKeyblock(&msticket->SessionKey, context,
                               &creds->keyblock);
     MSFlagsToMITFlags(msticket->TicketFlags, &creds->ticket_flags);
     creds->times.starttime=FileTimeToUnixTime(&msticket->StartTime);
@@ -581,14 +582,14 @@ CacheInfoEx2ToMITCred(KERB_TICKET_CACHE_INFO_EX2 *info,
     wcsncpy(wrealm, info->ClientRealm.Buffer, info->ClientRealm.Length/sizeof(WCHAR));
     wrealm[info->ClientRealm.Length/sizeof(WCHAR)]=0;
     if (!UnicodeStringToMITPrinc(&info->ClientName, wrealm, context, &creds->client))
-	return FALSE;
+        return FALSE;
 
     // construct Service Principal
     wcsncpy(wrealm, info->ServerRealm.Buffer,
             info->ServerRealm.Length/sizeof(WCHAR));
     wrealm[info->ServerRealm.Length/sizeof(WCHAR)]=0;
     if (!UnicodeStringToMITPrinc(&info->ServerName, wrealm, context, &creds->server))
-	return FALSE;
+        return FALSE;
 
     creds->keyblock.magic = KV5M_KEYBLOCK;
     creds->keyblock.enctype = info->SessionKeyType;
@@ -616,7 +617,7 @@ PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId)
 
     Status = LsaConnectUntrusted(
         pLogonHandle
-        );
+    );
 
     if (FAILED(Status))
     {
@@ -632,7 +633,7 @@ PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId)
         *pLogonHandle,
         &Name,
         pPackageId
-        );
+    );
 
     if (FAILED(Status))
     {
@@ -644,123 +645,123 @@ PackageConnectLookup(HANDLE *pLogonHandle, ULONG *pPackageId)
 
 }
 
-static BOOL 
+static BOOL
 does_retrieve_ticket_cache_ticket (void)
 {
-   static BOOL fChecked = FALSE;
-   static BOOL fCachesTicket = FALSE;
-
-   if (!fChecked)
-   {
-       NTSTATUS Status = 0;
-       NTSTATUS SubStatus = 0;
-       HANDLE LogonHandle;
-       ULONG  PackageId;
-       ULONG RequestSize;
-       PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
-       PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
-       ULONG ResponseSize;
-
-       RequestSize = sizeof(*pTicketRequest) + 1;
-
-       if (!PackageConnectLookup(&LogonHandle, &PackageId))
-           return FALSE;
-
-       pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
-       if (!pTicketRequest) {
-           CloseHandle(LogonHandle);
-           return FALSE;
-       }
-
-       pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
-       pTicketRequest->LogonId.LowPart = 0;
-       pTicketRequest->LogonId.HighPart = 0;
-       pTicketRequest->TargetName.Length = 0;
-       pTicketRequest->TargetName.MaximumLength = 0;
-       pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
-       pTicketRequest->CacheOptions = 
-           KERB_RETRIEVE_TICKET_DONT_USE_CACHE | KERB_RETRIEVE_TICKET_CACHE_TICKET;
-       pTicketRequest->EncryptionType = 0;
-       pTicketRequest->TicketFlags = 0;
-
-       Status = LsaCallAuthenticationPackage( LogonHandle,
-                                              PackageId,
-                                              pTicketRequest,
-                                              RequestSize,
-                                              &pTicketResponse,
-                                              &ResponseSize,
-                                              &SubStatus
-                                              );                                             
-
-       LocalFree(pTicketRequest);
-       CloseHandle(LogonHandle);
-
-       if (FAILED(Status) || FAILED(SubStatus)) {
-           if ( SubStatus == STATUS_NOT_SUPPORTED )
-               /* The combination of the two CacheOption flags 
-                * is not supported; therefore, the new flag is supported 
-                */
-               fCachesTicket = TRUE;
-       }
-       fChecked = TRUE;
-   }
-
-   return fCachesTicket;
+    static BOOL fChecked = FALSE;
+    static BOOL fCachesTicket = FALSE;
+
+    if (!fChecked)
+    {
+        NTSTATUS Status = 0;
+        NTSTATUS SubStatus = 0;
+        HANDLE LogonHandle;
+        ULONG  PackageId;
+        ULONG RequestSize;
+        PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
+        PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+        ULONG ResponseSize;
+
+        RequestSize = sizeof(*pTicketRequest) + 1;
+
+        if (!PackageConnectLookup(&LogonHandle, &PackageId))
+            return FALSE;
+
+        pTicketRequest = (PKERB_RETRIEVE_TKT_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+        if (!pTicketRequest) {
+            CloseHandle(LogonHandle);
+            return FALSE;
+        }
+
+        pTicketRequest->MessageType = KerbRetrieveEncodedTicketMessage;
+        pTicketRequest->LogonId.LowPart = 0;
+        pTicketRequest->LogonId.HighPart = 0;
+        pTicketRequest->TargetName.Length = 0;
+        pTicketRequest->TargetName.MaximumLength = 0;
+        pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
+        pTicketRequest->CacheOptions =
+            KERB_RETRIEVE_TICKET_DONT_USE_CACHE | KERB_RETRIEVE_TICKET_CACHE_TICKET;
+        pTicketRequest->EncryptionType = 0;
+        pTicketRequest->TicketFlags = 0;
+
+        Status = LsaCallAuthenticationPackage( LogonHandle,
+                                               PackageId,
+                                               pTicketRequest,
+                                               RequestSize,
+                                               &pTicketResponse,
+                                               &ResponseSize,
+                                               &SubStatus
+        );
+
+        LocalFree(pTicketRequest);
+        CloseHandle(LogonHandle);
+
+        if (FAILED(Status) || FAILED(SubStatus)) {
+            if ( SubStatus == STATUS_NOT_SUPPORTED )
+                /* The combination of the two CacheOption flags
+                 * is not supported; therefore, the new flag is supported
+                 */
+                fCachesTicket = TRUE;
+        }
+        fChecked = TRUE;
+    }
+
+    return fCachesTicket;
 }
 
 #ifdef HAVE_CACHE_INFO_EX2
-static BOOL 
+static BOOL
 does_query_ticket_cache_ex2 (void)
 {
-   static BOOL fChecked = FALSE;
-   static BOOL fEx2Response = FALSE;
-
-   if (!fChecked)
-   {
-       NTSTATUS Status = 0;
-       NTSTATUS SubStatus = 0;
-       HANDLE LogonHandle;
-       ULONG  PackageId;
-       ULONG RequestSize;
-       PKERB_QUERY_TKT_CACHE_REQUEST pCacheRequest = NULL;
-       PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pCacheResponse = NULL;
-       ULONG ResponseSize;
-
-       RequestSize = sizeof(*pCacheRequest) + 1;
-
-       if (!PackageConnectLookup(&LogonHandle, &PackageId))
-           return FALSE;
-
-       pCacheRequest = (PKERB_QUERY_TKT_CACHE_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
-       if (!pCacheRequest) {
-           CloseHandle(LogonHandle);
-           return FALSE;
-       }
-
-       pCacheRequest->MessageType = KerbQueryTicketCacheEx2Message;
-       pCacheRequest->LogonId.LowPart = 0;
-       pCacheRequest->LogonId.HighPart = 0;
-
-       Status = LsaCallAuthenticationPackage( LogonHandle,
-                                              PackageId,
-                                              pCacheRequest,
-                                              RequestSize,
-                                              &pCacheResponse,
-                                              &ResponseSize,
-                                              &SubStatus
-                                              );                                             
-
-       LocalFree(pCacheRequest);
-       CloseHandle(LogonHandle);
-
-       if (!(FAILED(Status) || FAILED(SubStatus))) {
-           LsaFreeReturnBuffer(pCacheResponse);
-           fEx2Response = TRUE;
-       }
-       fChecked = TRUE;
-   }
-
-   return fEx2Response;
+    static BOOL fChecked = FALSE;
+    static BOOL fEx2Response = FALSE;
+
+    if (!fChecked)
+    {
+        NTSTATUS Status = 0;
+        NTSTATUS SubStatus = 0;
+        HANDLE LogonHandle;
+        ULONG  PackageId;
+        ULONG RequestSize;
+        PKERB_QUERY_TKT_CACHE_REQUEST pCacheRequest = NULL;
+        PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pCacheResponse = NULL;
+        ULONG ResponseSize;
+
+        RequestSize = sizeof(*pCacheRequest) + 1;
+
+        if (!PackageConnectLookup(&LogonHandle, &PackageId))
+            return FALSE;
+
+        pCacheRequest = (PKERB_QUERY_TKT_CACHE_REQUEST) LocalAlloc(LMEM_ZEROINIT, RequestSize);
+        if (!pCacheRequest) {
+            CloseHandle(LogonHandle);
+            return FALSE;
+        }
+
+        pCacheRequest->MessageType = KerbQueryTicketCacheEx2Message;
+        pCacheRequest->LogonId.LowPart = 0;
+        pCacheRequest->LogonId.HighPart = 0;
+
+        Status = LsaCallAuthenticationPackage( LogonHandle,
+                                               PackageId,
+                                               pCacheRequest,
+                                               RequestSize,
+                                               &pCacheResponse,
+                                               &ResponseSize,
+                                               &SubStatus
+        );
+
+        LocalFree(pCacheRequest);
+        CloseHandle(LogonHandle);
+
+        if (!(FAILED(Status) || FAILED(SubStatus))) {
+            LsaFreeReturnBuffer(pCacheResponse);
+            fEx2Response = TRUE;
+        }
+        fChecked = TRUE;
+    }
+
+    return fEx2Response;
 }
 #endif /* HAVE_CACHE_INFO_EX2 */
 
@@ -794,8 +795,8 @@ get_STRING_from_registry(HKEY hBaseKey, char * key, char * value, char * outbuf,
     DWORD dwCount;
     LONG rc;
 
-	if (!outbuf || outlen == 0)
-		return FALSE;
+    if (!outbuf || outlen == 0)
+        return FALSE;
 
     rc = RegOpenKeyExA(hBaseKey, key, 0, KEY_QUERY_VALUE, &hKey);
     if (rc)
@@ -838,11 +839,11 @@ GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData)
 }
 
 //
-// IsKerberosLogon() does not validate whether or not there are valid tickets in the 
-// cache.  It validates whether or not it is reasonable to assume that if we 
-// attempted to retrieve valid tickets we could do so.  Microsoft does not 
+// IsKerberosLogon() does not validate whether or not there are valid tickets in the
+// cache.  It validates whether or not it is reasonable to assume that if we
+// attempted to retrieve valid tickets we could do so.  Microsoft does not
 // automatically renew expired tickets.  Therefore, the cache could contain
-// expired or invalid tickets.  Microsoft also caches the user's password 
+// expired or invalid tickets.  Microsoft also caches the user's password
 // and will use it to retrieve new TGTs if the cache is empty and tickets
 // are requested.
 
@@ -896,7 +897,7 @@ ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * o
     TargetPrefix.MaximumLength = TargetPrefix.Length;
 
     //
-    // We will need to concatenate the "krbtgt/" prefix and the 
+    // We will need to concatenate the "krbtgt/" prefix and the
     // Logon Session's DnsDomainName into our request's target name.
     //
     // Therefore, first compute the necessary buffer size for that.
@@ -930,8 +931,8 @@ ConstructTicketRequest(UNICODE_STRING DomainName, PKERB_RETRIEVE_TKT_REQUEST * o
     pTicketRequest->TargetName.MaximumLength = TargetSize;
     pTicketRequest->TargetName.Buffer = (PWSTR) (pTicketRequest + 1);
     Error = ConcatenateUnicodeStrings(&(pTicketRequest->TargetName),
-                                        TargetPrefix,
-                                        DomainName);
+                                      TargetPrefix,
+                                      DomainName);
     *outRequest = pTicketRequest;
     *outSize    = RequestSize;
     return Error;
@@ -954,20 +955,20 @@ PurgeAllTickets(HANDLE LogonHandle, ULONG  PackageId)
     PurgeRequest.RealmName.Length = 0;
     PurgeRequest.RealmName.MaximumLength = 0;
     Status = LsaCallAuthenticationPackage(LogonHandle,
-                                           PackageId,
-                                           &PurgeRequest,
-                                           sizeof(PurgeRequest),
-                                           NULL,
-                                           NULL,
-                                           &SubStatus
-                                           );
+                                          PackageId,
+                                          &PurgeRequest,
+                                          sizeof(PurgeRequest),
+                                          NULL,
+                                          NULL,
+                                          &SubStatus
+    );
     if (FAILED(Status) || FAILED(SubStatus))
         return FALSE;
     return TRUE;
 }
 
 static BOOL
-PurgeTicket2000( HANDLE LogonHandle, ULONG  PackageId, 
+PurgeTicket2000( HANDLE LogonHandle, ULONG  PackageId,
                  krb5_context context, krb5_creds *cred )
 {
     NTSTATUS Status = 0;
@@ -1009,7 +1010,7 @@ PurgeTicket2000( HANDLE LogonHandle, ULONG  PackageId,
                                            NULL,
                                            NULL,
                                            &SubStatus
-                                           );
+    );
     free(pPurgeRequest);
     krb5_free_unparsed_name(context, sname);
 
@@ -1021,7 +1022,7 @@ PurgeTicket2000( HANDLE LogonHandle, ULONG  PackageId,
 
 
 static BOOL
-PurgeTicketXP( HANDLE LogonHandle, ULONG  PackageId, 
+PurgeTicketXP( HANDLE LogonHandle, ULONG  PackageId,
                krb5_context context, krb5_flags flags, krb5_creds *cred)
 {
     NTSTATUS Status = 0;
@@ -1033,7 +1034,7 @@ PurgeTicketXP( HANDLE LogonHandle, ULONG  PackageId,
 
     if (krb5_unparse_name(context, cred->client, &cname))
         return FALSE;
-    
+
     if (krb5_unparse_name(context, cred->server, &sname)) {
         krb5_free_unparsed_name(context, cname);
         return FALSE;
@@ -1093,7 +1094,7 @@ PurgeTicketXP( HANDLE LogonHandle, ULONG  PackageId,
                                            NULL,
                                            NULL,
                                            &SubStatus
-                                           );
+    );
     free(pPurgeRequest);
     krb5_free_unparsed_name(context,cname);
     krb5_free_unparsed_name(context,sname);
@@ -1105,7 +1106,7 @@ PurgeTicketXP( HANDLE LogonHandle, ULONG  PackageId,
 
 #ifdef KERB_SUBMIT_TICKET
 static BOOL
-KerbSubmitTicket( HANDLE LogonHandle, ULONG  PackageId, 
+KerbSubmitTicket( HANDLE LogonHandle, ULONG  PackageId,
                   krb5_context context, krb5_creds *cred)
 {
     NTSTATUS Status = 0;
@@ -1126,14 +1127,14 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG  PackageId,
                                KRB5_AUTH_CONTEXT_RET_TIME)) {
         return FALSE;
     }
-    
+
     krb5_auth_con_getsendsubkey(context, auth_context, &keyblock);
     if (keyblock == NULL)
         krb5_auth_con_getkey(context, auth_context, &keyblock);
 
-    /* make up a key, any key, that can be used to generate the 
-    * encrypted KRB_CRED pdu.  The Vista release LSA requires 
-    * that an enctype other than NULL be used. */
+    /* make up a key, any key, that can be used to generate the
+     * encrypted KRB_CRED pdu.  The Vista release LSA requires
+     * that an enctype other than NULL be used. */
     if (keyblock == NULL) {
         keyblock = (krb5_keyblock *)malloc(sizeof(krb5_keyblock));
         keyblock->enctype = ENCTYPE_ARCFOUR_HMAC;
@@ -1176,7 +1177,7 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG  PackageId,
     pSubmitRequest->LogonId.LowPart = 0;
     pSubmitRequest->LogonId.HighPart = 0;
     pSubmitRequest->Flags = 0;
-    
+
     if (keyblock) {
         pSubmitRequest->Key.KeyType = keyblock->enctype;
         pSubmitRequest->Key.Length = keyblock->length;
@@ -1192,7 +1193,7 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG  PackageId,
            krb_cred->data, krb_cred->length);
     if (keyblock)
         memcpy(((CHAR *)pSubmitRequest)+sizeof(KERB_SUBMIT_TKT_REQUEST)+krb_cred->length,
-                keyblock->contents, keyblock->length);
+               keyblock->contents, keyblock->length);
     krb5_free_data(context, krb_cred);
 
     Status = LsaCallAuthenticationPackage( LogonHandle,
@@ -1202,20 +1203,20 @@ KerbSubmitTicket( HANDLE LogonHandle, ULONG  PackageId,
                                            NULL,
                                            NULL,
                                            &SubStatus
-                                           );
+    );
     free(pSubmitRequest);
     if (keyblock)
         krb5_free_keyblock(context, keyblock);
     krb5_auth_con_free(context, auth_context);
 
     if (FAILED(Status) || FAILED(SubStatus)) {
-        return FALSE;                         
+        return FALSE;
     }
     return TRUE;
 }
 #endif /* KERB_SUBMIT_TICKET */
 
-/* 
+/*
  * A simple function to determine if there is an exact match between two tickets
  * We rely on the fact that the external tickets contain the raw Kerberos ticket.
  * If the EncodedTicket fields match, the KERB_EXTERNAL_TICKETs must be the same.
@@ -1227,7 +1228,7 @@ KerbExternalTicketMatch( PKERB_EXTERNAL_TICKET one, PKERB_EXTERNAL_TICKET two )
         return FALSE;
 
     if ( memcmp(one->EncodedTicket, two->EncodedTicket, one->EncodedTicketSize) )
-         return FALSE;
+        return FALSE;
 
     return TRUE;
 }
@@ -1240,12 +1241,12 @@ krb5_is_permitted_tgs_enctype(krb5_context context, krb5_const_principal princ,
 
     if (krb5_get_tgs_ktypes(context, princ, &list))
         return(0);
-    
+
     ret = 0;
 
     for (ptr = list; *ptr; ptr++)
-	if (*ptr == etype)
-	    ret = 1;
+        if (*ptr == etype)
+            ret = 1;
 
     krb5_free_ktypes (context, list);
 
@@ -1256,7 +1257,7 @@ krb5_is_permitted_tgs_enctype(krb5_context context, krb5_const_principal princ,
 // to allow the purging of expired tickets from LSA cache.  This is necessary
 // to force the retrieval of new TGTs.  Microsoft does not appear to retrieve
 // new tickets when they expire.  Instead they continue to accept the expired
-// tickets.  This is safe to do because the LSA purges its cache when it 
+// tickets.  This is safe to do because the LSA purges its cache when it
 // retrieves a new TGT (ms calls this renew) but not when it renews the TGT
 // (ms calls this refresh).
 
@@ -1287,7 +1288,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
     krb5_enctype *etype_list = NULL, *ptr = NULL, etype = 0;
 
     if (is_process_uac_limited()) {
-	Status = STATUS_ACCESS_DENIED;
+        Status = STATUS_ACCESS_DENIED;
         goto cleanup;
     }
 
@@ -1304,12 +1305,12 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
         &pTicketResponse,
         &ResponseSize,
         &SubStatus
-        );
+    );
 
     if (FAILED(Status))
     {
         // if the call to LsaCallAuthenticationPackage failed we cannot
-        // perform any queries most likely because the Kerberos package 
+        // perform any queries most likely because the Kerberos package
         // is not available or we do not have access
         bIsLsaError = TRUE;
         goto cleanup;
@@ -1330,7 +1331,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
 
         verinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
         GetVersionEx((OSVERSIONINFO *)&verinfo);
-        supported = (verinfo.dwMajorVersion > 5) || 
+        supported = (verinfo.dwMajorVersion > 5) ||
             (verinfo.dwMajorVersion == 5 && verinfo.dwMinorVersion >= 1);
 
         // If we could not get a TGT from the cache we won't know what the
@@ -1340,7 +1341,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
         if ( supported && GetSecurityLogonSessionData(&pSessionData) ) {
             if ( pSessionData->DnsDomainName.Buffer ) {
                 Error = ConstructTicketRequest(pSessionData->DnsDomainName,
-                                                &pTicketRequest, &RequestSize);
+                                               &pTicketRequest, &RequestSize);
                 LsaFreeReturnBuffer(pSessionData);
                 if ( Error )
                     goto cleanup;
@@ -1354,11 +1355,11 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
             WCHAR UnicodeUserDnsDomain[256];
             UNICODE_STRING wrapper;
             if ( !get_STRING_from_registry(HKEY_CURRENT_USER,
-                                          "Volatile Environment",
-                                          "USERDNSDOMAIN",
+                                           "Volatile Environment",
+                                           "USERDNSDOMAIN",
                                            UserDnsDomain,
                                            sizeof(UserDnsDomain)
-                                           ) )
+                 ) )
             {
                 goto cleanup;
             }
@@ -1369,16 +1370,16 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
             wrapper.MaximumLength = 256;
 
             Error = ConstructTicketRequest(wrapper,
-                                             &pTicketRequest, &RequestSize);
+                                           &pTicketRequest, &RequestSize);
             if ( Error )
                 goto cleanup;
         }
     } else {
-        /* We have succeeded in obtaining a credential from the cache. 
+        /* We have succeeded in obtaining a credential from the cache.
          * Assuming the enctype is one that we support and the ticket
          * has not expired and is not marked invalid we will use it.
          * Otherwise, we must create a new ticket request and obtain
-         * a credential we can use. 
+         * a credential we can use.
          */
 
 #ifdef PURGE_ALL
@@ -1386,7 +1387,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
 #else
         /* Check Supported Enctypes */
         if ( !enforce_tgs_enctypes ||
-	     IsMSSessionKeyNull(&pTicketResponse->Ticket.SessionKey) ||
+             IsMSSessionKeyNull(&pTicketResponse->Ticket.SessionKey) ||
              krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType) ) {
             FILETIME Now, MinLife, EndTime, LocalEndTime;
             __int64  temp;
@@ -1421,7 +1422,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
 #endif /* PURGE_ALL */
 
         Error = ConstructTicketRequest(pTicketResponse->Ticket.TargetDomainName,
-                                        &pTicketRequest, &RequestSize);
+                                       &pTicketRequest, &RequestSize);
         if ( Error ) {
             goto cleanup;
         }
@@ -1439,7 +1440,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
 #ifdef ENABLE_PURGING
         if ( purge_cache ) {
             //
-            // Purge the existing tickets which we cannot use so new ones can 
+            // Purge the existing tickets which we cannot use so new ones can
             // be requested.  It is not possible to purge just the TGT.  All
             // service tickets must be purged.
             //
@@ -1447,7 +1448,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
         }
 #endif /* ENABLE_PURGING */
     }
-    
+
     //
     // Intialize the request of the request.
     //
@@ -1457,8 +1458,8 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
     pTicketRequest->LogonId.HighPart = 0;
     // Note: pTicketRequest->TargetName set up above
 #ifdef ENABLE_PURGING
-    pTicketRequest->CacheOptions = ((ignore_cache || !purge_cache) ? 
-                                     KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L);
+    pTicketRequest->CacheOptions = ((ignore_cache || !purge_cache) ?
+                                    KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L);
 #else
     pTicketRequest->CacheOptions = (ignore_cache ? KERB_RETRIEVE_TICKET_DONT_USE_CACHE : 0L);
 #endif /* ENABLE_PURGING */
@@ -1472,7 +1473,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
                                            &pTicketResponse,
                                            &ResponseSize,
                                            &SubStatus
-                                           );
+    );
 
     if (FAILED(Status) || FAILED(SubStatus))
     {
@@ -1520,7 +1521,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
                                                &pTicketResponse,
                                                &ResponseSize,
                                                &SubStatus
-                                               );
+        );
 
         if (FAILED(Status) || FAILED(SubStatus))
         {
@@ -1528,9 +1529,9 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
             goto cleanup;
         }
 
-        if ( pTicketResponse->Ticket.SessionKey.KeyType == etype && 
+        if ( pTicketResponse->Ticket.SessionKey.KeyType == etype &&
              (!enforce_tgs_enctypes ||
-             krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType)) ) {
+              krb5_is_permitted_tgs_enctype(context, NULL, pTicketResponse->Ticket.SessionKey.KeyType)) ) {
             goto cleanup;       // we have a valid ticket, all done
         }
 
@@ -1541,7 +1542,7 @@ GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId, KERB_EXTERNA
         }
     }
 
-  cleanup:
+cleanup:
     if ( etype_list )
         krb5_free_ktypes(context, etype_list);
 
@@ -1585,7 +1586,7 @@ GetQueryTktCacheResponseW2K( HANDLE LogonHandle, ULONG PackageId,
     KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
     PKERB_QUERY_TKT_CACHE_RESPONSE pQueryResponse = NULL;
     ULONG ResponseSize;
-    
+
     CacheRequest.MessageType = KerbQueryTicketCacheMessage;
     CacheRequest.LogonId.LowPart = 0;
     CacheRequest.LogonId.HighPart = 0;
@@ -1598,7 +1599,7 @@ GetQueryTktCacheResponseW2K( HANDLE LogonHandle, ULONG PackageId,
         &pQueryResponse,
         &ResponseSize,
         &SubStatus
-        );
+    );
 
     if ( !(FAILED(Status) || FAILED(SubStatus)) ) {
         *ppResponse = pQueryResponse;
@@ -1618,7 +1619,7 @@ GetQueryTktCacheResponseXP( HANDLE LogonHandle, ULONG PackageId,
     KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
     PKERB_QUERY_TKT_CACHE_EX_RESPONSE pQueryResponse = NULL;
     ULONG ResponseSize;
-    
+
     CacheRequest.MessageType = KerbQueryTicketCacheExMessage;
     CacheRequest.LogonId.LowPart = 0;
     CacheRequest.LogonId.HighPart = 0;
@@ -1631,7 +1632,7 @@ GetQueryTktCacheResponseXP( HANDLE LogonHandle, ULONG PackageId,
         &pQueryResponse,
         &ResponseSize,
         &SubStatus
-        );
+    );
 
     if ( !(FAILED(Status) || FAILED(SubStatus)) ) {
         *ppResponse = pQueryResponse;
@@ -1652,7 +1653,7 @@ GetQueryTktCacheResponseEX2( HANDLE LogonHandle, ULONG PackageId,
     KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
     PKERB_QUERY_TKT_CACHE_EX2_RESPONSE pQueryResponse = NULL;
     ULONG ResponseSize;
-    
+
     CacheRequest.MessageType = KerbQueryTicketCacheEx2Message;
     CacheRequest.LogonId.LowPart = 0;
     CacheRequest.LogonId.HighPart = 0;
@@ -1665,7 +1666,7 @@ GetQueryTktCacheResponseEX2( HANDLE LogonHandle, ULONG PackageId,
         &pQueryResponse,
         &ResponseSize,
         &SubStatus
-        );
+    );
 
     if ( !(FAILED(Status) || FAILED(SubStatus)) ) {
         *ppResponse = pQueryResponse;
@@ -1678,7 +1679,7 @@ GetQueryTktCacheResponseEX2( HANDLE LogonHandle, ULONG PackageId,
 
 static BOOL
 GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId,
-                             krb5_context context, krb5_creds *creds, 
+                             krb5_context context, krb5_creds *creds,
                              PKERB_EXTERNAL_TICKET *ticket)
 {
     NTSTATUS Status = 0;
@@ -1715,7 +1716,7 @@ GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId,
                                            &pTicketResponse,
                                            &ResponseSize,
                                            &SubStatus
-                                           );
+    );
 
     LocalFree(pTicketRequest);
 
@@ -1729,7 +1730,7 @@ GetMSCacheTicketFromMITCred( HANDLE LogonHandle, ULONG PackageId,
 
 static BOOL
 GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId,
-                  PKERB_TICKET_CACHE_INFO tktinfo, PKERB_EXTERNAL_TICKET *ticket)
+                                  PKERB_TICKET_CACHE_INFO tktinfo, PKERB_EXTERNAL_TICKET *ticket)
 {
     NTSTATUS Status = 0;
     NTSTATUS SubStatus = 0;
@@ -1773,13 +1774,13 @@ GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId,
         &pTicketResponse,
         &ResponseSize,
         &SubStatus
-        );
+    );
 
     LocalFree(pTicketRequest);
 
     if (FAILED(Status) || FAILED(SubStatus))
         return(FALSE);
-    
+
     /* otherwise return ticket */
     *ticket = &(pTicketResponse->Ticket);
 
@@ -1795,7 +1796,7 @@ GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId,
 
 static BOOL
 GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId,
-                  PKERB_TICKET_CACHE_INFO_EX tktinfo, PKERB_EXTERNAL_TICKET *ticket)
+                                 PKERB_TICKET_CACHE_INFO_EX tktinfo, PKERB_EXTERNAL_TICKET *ticket)
 {
     NTSTATUS Status = 0;
     NTSTATUS SubStatus = 0;
@@ -1837,16 +1838,16 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId,
         &pTicketResponse,
         &ResponseSize,
         &SubStatus
-        );
+    );
 
     LocalFree(pTicketRequest);
 
     if (FAILED(Status) || FAILED(SubStatus))
         return(FALSE);
-    
+
     /* otherwise return ticket */
     *ticket = &(pTicketResponse->Ticket);
-    
+
     /* set the initial flag if we were attempting to retrieve one
      * because Windows won't necessarily return the initial ticket
      * to us.
@@ -1860,7 +1861,7 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId,
 #ifdef HAVE_CACHE_INFO_EX2
 static BOOL
 GetMSCacheTicketFromCacheInfoEX2( HANDLE LogonHandle, ULONG PackageId,
-                  PKERB_TICKET_CACHE_INFO_EX2 tktinfo, PKERB_EXTERNAL_TICKET *ticket)
+                                  PKERB_TICKET_CACHE_INFO_EX2 tktinfo, PKERB_EXTERNAL_TICKET *ticket)
 {
     NTSTATUS Status = 0;
     NTSTATUS SubStatus = 0;
@@ -1902,71 +1903,71 @@ GetMSCacheTicketFromCacheInfoEX2( HANDLE LogonHandle, ULONG PackageId,
         &pTicketResponse,
         &ResponseSize,
         &SubStatus
-        );
+    );
 
     LocalFree(pTicketRequest);
 
     if (FAILED(Status) || FAILED(SubStatus))
         return(FALSE);
-    
+
     /* otherwise return ticket */
     *ticket = &(pTicketResponse->Ticket);
 
-    
+
     /* set the initial flag if we were attempting to retrieve one
-    * because Windows won't necessarily return the initial ticket
-    * to us.
-    */
-   if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial )
-       (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial;
+     * because Windows won't necessarily return the initial ticket
+     * to us.
+     */
+    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial )
+        (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial;
 
     return(TRUE);
 }
 #endif /* HAVE_CACHE_INFO_EX2 */
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_close
-        (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_destroy
-        (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_end_seq_get
-        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_generate_new
-        (krb5_context, krb5_ccache *id);
+(krb5_context, krb5_ccache *id);
 
 static const char * KRB5_CALLCONV krb5_lcc_get_name
-        (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_get_principal
-        (krb5_context, krb5_ccache id, krb5_principal *princ);
+(krb5_context, krb5_ccache id, krb5_principal *princ);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_initialize
-        (krb5_context, krb5_ccache id, krb5_principal princ);
+(krb5_context, krb5_ccache id, krb5_principal princ);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_next_cred
-        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor,
-	 krb5_creds *creds);
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor,
+ krb5_creds *creds);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_resolve
-        (krb5_context, krb5_ccache *id, const char *residual);
+(krb5_context, krb5_ccache *id, const char *residual);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_retrieve
-        (krb5_context, krb5_ccache id, krb5_flags whichfields,
-	 krb5_creds *mcreds, krb5_creds *creds);
+(krb5_context, krb5_ccache id, krb5_flags whichfields,
+ krb5_creds *mcreds, krb5_creds *creds);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_start_seq_get
-        (krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
+(krb5_context, krb5_ccache id, krb5_cc_cursor *cursor);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_store
-        (krb5_context, krb5_ccache id, krb5_creds *creds);
+(krb5_context, krb5_ccache id, krb5_creds *creds);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_set_flags
-        (krb5_context, krb5_ccache id, krb5_flags flags);
+(krb5_context, krb5_ccache id, krb5_flags flags);
 
 static krb5_error_code KRB5_CALLCONV krb5_lcc_get_flags
-        (krb5_context, krb5_ccache id, krb5_flags *flags);
+(krb5_context, krb5_ccache id, krb5_flags *flags);
 
 extern const krb5_cc_ops krb5_lcc_ops;
 
@@ -2004,18 +2005,18 @@ typedef struct _krb5_lcc_cursor {
  *
  * Modifies:
  * id
- * 
+ *
  * Effects:
  * Acccess the MS Kerberos LSA cache in the current logon session
  * Ignore the residual.
- * 
+ *
  * Returns:
  * A filled in krb5_ccache structure "id".
  *
  * Errors:
  * KRB5_CC_NOMEM - there was insufficient memory to allocate the
- * 
- * 		krb5_ccache.  id is undefined.
+ *
+ *              krb5_ccache.  id is undefined.
  * permission errors
  */
 static krb5_error_code KRB5_CALLCONV
@@ -2032,7 +2033,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
         return KRB5_FCC_NOFILE;
 
 #ifdef COMMENT
-    /* In at least one case on Win2003 it appears that it is possible 
+    /* In at least one case on Win2003 it appears that it is possible
      * for the logon session to be authenticated via NTLM and yet for
      * there to be Kerberos credentials obtained by the LSA on behalf
      * of the logged in user.  Therefore, we are removing this test
@@ -2062,7 +2063,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
     }
 
     lid->magic = KV5M_CCACHE;
-    data = (krb5_lcc_data *)lid->data;    
+    data = (krb5_lcc_data *)lid->data;
     data->LogonHandle = LogonHandle;
     data->PackageId = PackageId;
     data->princ = 0;
@@ -2099,16 +2100,16 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
 
     /*
      * other routines will get errors on open, and callers must expect them,
-     * if cache is non-existent/unusable 
+     * if cache is non-existent/unusable
      */
     *id = lid;
     return retval;
 }
 
 /*
-*  return success although we do not do anything
-*  We should delete all tickets belonging to the specified principal
-*/
+ *  return success although we do not do anything
+ *  We should delete all tickets belonging to the specified principal
+ */
 
 static krb5_error_code KRB5_CALLCONV
 krb5_lcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags flags,
@@ -2160,7 +2161,7 @@ krb5_lcc_close(krb5_context context, krb5_ccache id)
 {
     register int closeval = KRB5_OK;
     register krb5_lcc_data *data;
-    
+
     if (!is_windows_2000())
         return KRB5_FCC_NOFILE;
 
@@ -2187,15 +2188,15 @@ static krb5_error_code KRB5_CALLCONV
 krb5_lcc_destroy(krb5_context context, krb5_ccache id)
 {
     register krb5_lcc_data *data;
-    
+
     if (!is_windows_2000())
         return KRB5_FCC_NOFILE;
 
-    if (id) { 
+    if (id) {
         data = (krb5_lcc_data *) id->data;
 
         return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL;
-    }   
+    }
     return KRB5_FCC_INTERNAL;
 }
 
@@ -2244,23 +2245,23 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur
             *cursor = 0;
             return KRB5_FCC_INTERNAL;
         }
-    } else 
+    } else
 #endif /* HAVE_CACHE_INFO_EX2 */
-    if ( is_windows_xp() ) {
-        if ( !GetQueryTktCacheResponseXP(data->LogonHandle, data->PackageId, &lcursor->response.xp) ) {
-            LsaFreeReturnBuffer(lcursor->mstgt);
-            free(lcursor);
-            *cursor = 0;
-            return KRB5_FCC_INTERNAL;
-        }
-    } else {
-        if ( !GetQueryTktCacheResponseW2K(data->LogonHandle, data->PackageId, &lcursor->response.w2k) ) {
-            LsaFreeReturnBuffer(lcursor->mstgt);
-            free(lcursor);
-            *cursor = 0;
-            return KRB5_FCC_INTERNAL;
+        if ( is_windows_xp() ) {
+            if ( !GetQueryTktCacheResponseXP(data->LogonHandle, data->PackageId, &lcursor->response.xp) ) {
+                LsaFreeReturnBuffer(lcursor->mstgt);
+                free(lcursor);
+                *cursor = 0;
+                return KRB5_FCC_INTERNAL;
+            }
+        } else {
+            if ( !GetQueryTktCacheResponseW2K(data->LogonHandle, data->PackageId, &lcursor->response.w2k) ) {
+                LsaFreeReturnBuffer(lcursor->mstgt);
+                free(lcursor);
+                *cursor = 0;
+                return KRB5_FCC_INTERNAL;
+            }
         }
-    }
     lcursor->index = 0;
     *cursor = (krb5_cc_cursor) lcursor;
     return KRB5_OK;
@@ -2274,7 +2275,7 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur
  *
  * Modifes:
  * cursor
- * 
+ *
  * Effects:
  * Fills in creds with the TGT obtained from the MS LSA
  *
@@ -2297,7 +2298,7 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
 
     data = (krb5_lcc_data *)id->data;
 
-  next_cred:
+next_cred:
 #ifdef HAVE_CACHE_INFO_EX2
     if ( does_query_ticket_cache_ex2() ) {
         if ( lcursor->index >= lcursor->response.ex2->CountOfTickets ) {
@@ -2313,58 +2314,58 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
         }
 
         if ( data->flags & KRB5_TC_NOTICKET ) {
-	    if (!CacheInfoEx2ToMITCred( &lcursor->response.ex2->Tickets[lcursor->index++], 
-					context, creds)) {
+            if (!CacheInfoEx2ToMITCred( &lcursor->response.ex2->Tickets[lcursor->index++],
+                                        context, creds)) {
                 retval = KRB5_FCC_INTERNAL;
                 goto next_cred;
-	    }
+            }
             return KRB5_OK;
         } else {
             if (!GetMSCacheTicketFromCacheInfoEX2(data->LogonHandle, data->PackageId,
-                                                      &lcursor->response.ex2->Tickets[lcursor->index++],&msticket)) {
+                                                  &lcursor->response.ex2->Tickets[lcursor->index++],&msticket)) {
                 retval = KRB5_FCC_INTERNAL;
                 goto next_cred;
             }
         }
-    } else 
+    } else
 #endif /* HAVE_CACHE_INFO_EX2 */
-    if ( is_windows_xp() ) {
-        if ( lcursor->index >= lcursor->response.xp->CountOfTickets ) {
-            if (retval == KRB5_OK)
-                return KRB5_CC_END;
-            else {
-                LsaFreeReturnBuffer(lcursor->mstgt);
-                LsaFreeReturnBuffer(lcursor->response.xp);
-                free(*cursor);
-                *cursor = 0;
-                return retval;
+        if ( is_windows_xp() ) {
+            if ( lcursor->index >= lcursor->response.xp->CountOfTickets ) {
+                if (retval == KRB5_OK)
+                    return KRB5_CC_END;
+                else {
+                    LsaFreeReturnBuffer(lcursor->mstgt);
+                    LsaFreeReturnBuffer(lcursor->response.xp);
+                    free(*cursor);
+                    *cursor = 0;
+                    return retval;
+                }
             }
-        }
 
-        if (!GetMSCacheTicketFromCacheInfoXP(data->LogonHandle, data->PackageId,
-                                            &lcursor->response.xp->Tickets[lcursor->index++],&msticket)) {
-            retval = KRB5_FCC_INTERNAL;
-            goto next_cred;
-        }
-    } else {
-        if ( lcursor->index >= lcursor->response.w2k->CountOfTickets ) {
-            if (retval == KRB5_OK)
-                return KRB5_CC_END;
-            else {
-                LsaFreeReturnBuffer(lcursor->mstgt);
-                LsaFreeReturnBuffer(lcursor->response.w2k);
-                free(*cursor);
-                *cursor = 0;
-                return retval;
+            if (!GetMSCacheTicketFromCacheInfoXP(data->LogonHandle, data->PackageId,
+                                                 &lcursor->response.xp->Tickets[lcursor->index++],&msticket)) {
+                retval = KRB5_FCC_INTERNAL;
+                goto next_cred;
+            }
+        } else {
+            if ( lcursor->index >= lcursor->response.w2k->CountOfTickets ) {
+                if (retval == KRB5_OK)
+                    return KRB5_CC_END;
+                else {
+                    LsaFreeReturnBuffer(lcursor->mstgt);
+                    LsaFreeReturnBuffer(lcursor->response.w2k);
+                    free(*cursor);
+                    *cursor = 0;
+                    return retval;
+                }
             }
-        }
 
-        if (!GetMSCacheTicketFromCacheInfoW2K(data->LogonHandle, data->PackageId,
-                                            &lcursor->response.w2k->Tickets[lcursor->index++],&msticket)) {
-            retval = KRB5_FCC_INTERNAL;
-            goto next_cred;
+            if (!GetMSCacheTicketFromCacheInfoW2K(data->LogonHandle, data->PackageId,
+                                                  &lcursor->response.w2k->Tickets[lcursor->index++],&msticket)) {
+                retval = KRB5_FCC_INTERNAL;
+                goto next_cred;
+            }
         }
-    }
 
     /* Don't return tickets with NULL Session Keys */
     if ( IsMSSessionKeyNull(&msticket->SessionKey) ) {
@@ -2377,15 +2378,15 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
     if ( does_query_ticket_cache_ex2() ) {
         if (!MSCredToMITCred(msticket, lcursor->response.ex2->Tickets[lcursor->index-1].ClientRealm, context, creds))
             retval = KRB5_FCC_INTERNAL;
-    } else 
+    } else
 #endif /* HAVE_CACHE_INFO_EX2 */
-    if ( is_windows_xp() ) {
-        if (!MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds))
-            retval = KRB5_FCC_INTERNAL;
-    } else {
-        if (!MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds))
-            retval = KRB5_FCC_INTERNAL;
-    }
+        if ( is_windows_xp() ) {
+            if (!MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds))
+                retval = KRB5_FCC_INTERNAL;
+        } else {
+            if (!MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds))
+                retval = KRB5_FCC_INTERNAL;
+        }
     LsaFreeReturnBuffer(msticket);
     return retval;
 }
@@ -2416,12 +2417,12 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso
 #ifdef HAVE_CACHE_INFO_EX2
         if ( does_query_ticket_cache_ex2() )
             LsaFreeReturnBuffer(lcursor->response.ex2);
-        else 
-#endif /* HAVE_CACHE_INFO_EX2 */
-        if ( is_windows_xp() )
-            LsaFreeReturnBuffer(lcursor->response.xp);
         else
-            LsaFreeReturnBuffer(lcursor->response.w2k);
+#endif /* HAVE_CACHE_INFO_EX2 */
+            if ( is_windows_xp() )
+                LsaFreeReturnBuffer(lcursor->response.xp);
+            else
+                LsaFreeReturnBuffer(lcursor->response.w2k);
         free(*cursor);
     }
     *cursor = 0;
@@ -2446,7 +2447,7 @@ krb5_lcc_generate_new (krb5_context context, krb5_ccache *id)
 /*
  * Requires:
  * id is a ms lsa credential cache
- * 
+ *
  * Returns:
  *   The ccname specified during the krb5_lcc_resolve call
  */
@@ -2505,14 +2506,14 @@ krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *pri
             krb5_copy_principal(context, creds.client, &data->princ);
             krb5_free_cred_contents(context,&creds);
             return krb5_copy_principal(context, data->princ, princ);
-        }    
+        }
     }
     return KRB5_CC_NOTFOUND;
 }
 
-     
+
 static krb5_error_code KRB5_CALLCONV
-krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, 
+krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
                   krb5_creds *mcreds, krb5_creds *creds)
 {
     krb5_error_code kret = KRB5_OK;
@@ -2530,7 +2531,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
     kret = krb5_cc_retrieve_cred_default (context, id, whichfields, mcreds, creds);
     if ( !kret )
         return KRB5_OK;
-    
+
     /* if not, we must try to get a ticket without specifying any flags or etypes */
     kret = krb5_copy_creds(context, mcreds, &mcreds_noflags);
     if (kret)
@@ -2585,7 +2586,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
 
         for ( i=0; i<pResponse->CountOfTickets; i++ ) {
             if (!GetMSCacheTicketFromCacheInfoXP(data->LogonHandle, data->PackageId,
-                                                  &pResponse->Tickets[i],&mstmp)) {
+                                                 &pResponse->Tickets[i],&mstmp)) {
                 continue;
             }
 
@@ -2616,7 +2617,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
         kret = KRB5_CC_NOTFOUND;
     }
 
-  cleanup:
+cleanup:
     if ( mstmp )
         LsaFreeReturnBuffer(mstmp);
     if ( mstgt )
@@ -2678,12 +2679,12 @@ krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
     return KRB5_CC_READONLY;
 }
 
-/* 
+/*
  * Individual credentials can be implemented differently depending
  * on the operating system version.  (undocumented.)
- * 
+ *
  * Errors:
- *    KRB5_CC_READONLY: 
+ *    KRB5_CC_READONLY:
  */
 static krb5_error_code KRB5_CALLCONV
 krb5_lcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags flags,
@@ -2735,28 +2736,28 @@ krb5_lcc_get_flags(krb5_context context, krb5_ccache id, krb5_flags *flags)
 }
 
 const krb5_cc_ops krb5_lcc_ops = {
-     0,
-     "MSLSA",
-     krb5_lcc_get_name,
-     krb5_lcc_resolve,
-     krb5_lcc_generate_new,
-     krb5_lcc_initialize,
-     krb5_lcc_destroy,
-     krb5_lcc_close,
-     krb5_lcc_store,
-     krb5_lcc_retrieve,
-     krb5_lcc_get_principal,
-     krb5_lcc_start_seq_get,
-     krb5_lcc_next_cred,
-     krb5_lcc_end_seq_get,
-     krb5_lcc_remove_cred,
-     krb5_lcc_set_flags,
-     krb5_lcc_get_flags,
-     NULL,
-     NULL,
-     NULL,
-     NULL,
-     NULL,
-     NULL,
+    0,
+    "MSLSA",
+    krb5_lcc_get_name,
+    krb5_lcc_resolve,
+    krb5_lcc_generate_new,
+    krb5_lcc_initialize,
+    krb5_lcc_destroy,
+    krb5_lcc_close,
+    krb5_lcc_store,
+    krb5_lcc_retrieve,
+    krb5_lcc_get_principal,
+    krb5_lcc_start_seq_get,
+    krb5_lcc_next_cred,
+    krb5_lcc_end_seq_get,
+    krb5_lcc_remove_cred,
+    krb5_lcc_set_flags,
+    krb5_lcc_get_flags,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
 };
 #endif /* _WIN32 */
diff --git a/src/lib/krb5/ccache/cc_retr.c b/src/lib/krb5/ccache/cc_retr.c
index 8d3398b18..1c4b575ba 100644
--- a/src/lib/krb5/ccache/cc_retr.c
+++ b/src/lib/krb5/ccache/cc_retr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/cc_retr.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  */
 
@@ -38,21 +39,21 @@ static int
 times_match_exact(const krb5_ticket_times *t1, const krb5_ticket_times *t2)
 {
     return (t1->authtime == t2->authtime &&
-	    t1->starttime == t2->starttime &&
-	    t1->endtime == t2->endtime &&
-	    t1->renew_till == t2->renew_till);
+            t1->starttime == t2->starttime &&
+            t1->endtime == t2->endtime &&
+            t1->renew_till == t2->renew_till);
 }
 
 static krb5_boolean
 times_match(const krb5_ticket_times *t1, const krb5_ticket_times *t2)
 {
     if (t1->renew_till) {
-	if (t1->renew_till > t2->renew_till)
-	    return FALSE;		/* this one expires too late */
+        if (t1->renew_till > t2->renew_till)
+            return FALSE;               /* this one expires too late */
     }
     if (t1->endtime) {
-	if (t1->endtime > t2->endtime)
-	    return FALSE;		/* this one expires too late */
+        if (t1->endtime > t2->endtime)
+            return FALSE;               /* this one expires too late */
     }
     /* only care about expiration on a times_match */
     return TRUE;
@@ -61,8 +62,8 @@ times_match(const krb5_ticket_times *t1, const krb5_ticket_times *t2)
 static krb5_boolean
 standard_fields_match(krb5_context context, const krb5_creds *mcreds, const krb5_creds *creds)
 {
-  return (krb5_principal_compare(context, mcreds->client,creds->client)
-	  && krb5_principal_compare(context, mcreds->server,creds->server));
+    return (krb5_principal_compare(context, mcreds->client,creds->client)
+            && krb5_principal_compare(context, mcreds->server,creds->server));
 }
 
 /* only match the server name portion, not the server realm portion */
@@ -72,10 +73,10 @@ srvname_match(krb5_context context, const krb5_creds *mcreds, const krb5_creds *
 {
     krb5_boolean retval;
     krb5_principal_data p1, p2;
-    
+
     retval = krb5_principal_compare(context, mcreds->client,creds->client);
     if (retval != TRUE)
-	return retval;
+        return retval;
     /*
      * Hack to ignore the server realm for the purposes of the compare.
      */
@@ -91,22 +92,22 @@ authdata_match(krb5_authdata *const *mdata, krb5_authdata *const *data)
     const krb5_authdata *mdatap, *datap;
 
     if (mdata == data)
-      return TRUE;
+        return TRUE;
 
     if (mdata == NULL)
-	return *data == NULL;
-	
+        return *data == NULL;
+
     if (data == NULL)
-	return *mdata == NULL;
-    
+        return *mdata == NULL;
+
     while ((mdatap = *mdata) && (datap = *data)) {
-      if ((mdatap->ad_type != datap->ad_type) ||
-          (mdatap->length != datap->length) ||
-          (memcmp ((char *)mdatap->contents,
-		 (char *)datap->contents, (unsigned) mdatap->length) != 0))
-          return FALSE;
-      mdata++;
-      data++;
+        if ((mdatap->ad_type != datap->ad_type) ||
+            (mdatap->length != datap->length) ||
+            (memcmp ((char *)mdatap->contents,
+                     (char *)datap->contents, (unsigned) mdatap->length) != 0))
+            return FALSE;
+        mdata++;
+        data++;
     }
     return (*mdata == NULL) && (*data == NULL);
 }
@@ -115,10 +116,10 @@ static krb5_boolean
 data_match(const krb5_data *data1, const krb5_data *data2)
 {
     if (!data1) {
-	if (!data2)
-	    return TRUE;
-	else
-	    return FALSE;
+        if (!data2)
+            return TRUE;
+        else
+            return FALSE;
     }
     if (!data2) return FALSE;
 
@@ -128,11 +129,11 @@ data_match(const krb5_data *data1, const krb5_data *data2)
 static int
 pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes)
 {
-  int i;
-  for (i = 0; i < nktypes; i++)
-    if (my_ktype == ktypes[i])
-      return i;
-  return -1;
+    int i;
+    for (i = 0; i < nktypes; i++)
+        if (my_ktype == ktypes[i])
+            return i;
+    return -1;
 }
 
 /*
@@ -141,7 +142,7 @@ pref (krb5_enctype my_ktype, int nktypes, krb5_enctype *ktypes)
  * with the fields specified by whichfields.  If one if found, it is
  * returned in creds, which should be freed by the caller with
  * krb5_free_credentials().
- * 
+ *
  * The fields are interpreted in the following way (all constants are
  * preceded by KRB5_TC_).  MATCH_IS_SKEY requires the is_skey field to
  * match exactly.  MATCH_TIMES requires the requested lifetime to be
@@ -166,105 +167,105 @@ krb5_boolean
 krb5int_cc_creds_match_request(krb5_context context, krb5_flags whichfields, krb5_creds *mcreds, krb5_creds *creds)
 {
     if (((set(KRB5_TC_MATCH_SRV_NAMEONLY) &&
-		   srvname_match(context, mcreds, creds)) ||
-	       standard_fields_match(context, mcreds, creds))
-	      &&
-	      (! set(KRB5_TC_MATCH_IS_SKEY) ||
-	       mcreds->is_skey == creds->is_skey)
-	      &&
-	      (! set(KRB5_TC_MATCH_FLAGS_EXACT) ||
-	       mcreds->ticket_flags == creds->ticket_flags)
-	      &&
-	      (! set(KRB5_TC_MATCH_FLAGS) ||
-	       flags_match(mcreds->ticket_flags, creds->ticket_flags))
-	      &&
-	      (! set(KRB5_TC_MATCH_TIMES_EXACT) ||
-	       times_match_exact(&mcreds->times, &creds->times))
-	      &&
-	      (! set(KRB5_TC_MATCH_TIMES) ||
-	       times_match(&mcreds->times, &creds->times))
-	      &&
-	      ( ! set(KRB5_TC_MATCH_AUTHDATA) ||
-	       authdata_match(mcreds->authdata, creds->authdata))
-	      &&
-	      (! set(KRB5_TC_MATCH_2ND_TKT) ||
-	       data_match (&mcreds->second_ticket, &creds->second_ticket))
-	      &&
-	     ((! set(KRB5_TC_MATCH_KTYPE))||
-		(mcreds->keyblock.enctype == creds->keyblock.enctype)))
+          srvname_match(context, mcreds, creds)) ||
+         standard_fields_match(context, mcreds, creds))
+        &&
+        (! set(KRB5_TC_MATCH_IS_SKEY) ||
+         mcreds->is_skey == creds->is_skey)
+        &&
+        (! set(KRB5_TC_MATCH_FLAGS_EXACT) ||
+         mcreds->ticket_flags == creds->ticket_flags)
+        &&
+        (! set(KRB5_TC_MATCH_FLAGS) ||
+         flags_match(mcreds->ticket_flags, creds->ticket_flags))
+        &&
+        (! set(KRB5_TC_MATCH_TIMES_EXACT) ||
+         times_match_exact(&mcreds->times, &creds->times))
+        &&
+        (! set(KRB5_TC_MATCH_TIMES) ||
+         times_match(&mcreds->times, &creds->times))
+        &&
+        ( ! set(KRB5_TC_MATCH_AUTHDATA) ||
+          authdata_match(mcreds->authdata, creds->authdata))
+        &&
+        (! set(KRB5_TC_MATCH_2ND_TKT) ||
+         data_match (&mcreds->second_ticket, &creds->second_ticket))
+        &&
+        ((! set(KRB5_TC_MATCH_KTYPE))||
+         (mcreds->keyblock.enctype == creds->keyblock.enctype)))
         return TRUE;
     return FALSE;
 }
 
 static krb5_error_code
 krb5_cc_retrieve_cred_seq (krb5_context context, krb5_ccache id,
-			   krb5_flags whichfields, krb5_creds *mcreds,
-			   krb5_creds *creds, int nktypes, krb5_enctype *ktypes)
+                           krb5_flags whichfields, krb5_creds *mcreds,
+                           krb5_creds *creds, int nktypes, krb5_enctype *ktypes)
 {
-     /* This function could be considerably faster if it kept indexing */
-     /* information.. sounds like a "next version" idea to me. :-) */
-
-     krb5_cc_cursor cursor;
-     krb5_error_code kret;
-     krb5_error_code nomatch_err = KRB5_CC_NOTFOUND;
-     struct {
-       krb5_creds creds;
-       int pref;
-     } fetched, best;
-     int have_creds = 0;
-     krb5_flags oflags = 0;
+    /* This function could be considerably faster if it kept indexing */
+    /* information.. sounds like a "next version" idea to me. :-) */
+
+    krb5_cc_cursor cursor;
+    krb5_error_code kret;
+    krb5_error_code nomatch_err = KRB5_CC_NOTFOUND;
+    struct {
+        krb5_creds creds;
+        int pref;
+    } fetched, best;
+    int have_creds = 0;
+    krb5_flags oflags = 0;
 #define fetchcreds (fetched.creds)
 
-     kret = krb5_cc_get_flags(context, id, &oflags);
-     if (kret != KRB5_OK)
-	  return kret;
-     if (oflags & KRB5_TC_OPENCLOSE)
-	 (void) krb5_cc_set_flags(context, id, oflags & ~KRB5_TC_OPENCLOSE);
-     kret = krb5_cc_start_seq_get(context, id, &cursor);
-     if (kret != KRB5_OK) {
-	  if (oflags & KRB5_TC_OPENCLOSE)
-	       krb5_cc_set_flags(context, id, oflags);
-	  return kret;
-     }
-
-     while (krb5_cc_next_cred(context, id, &cursor, &fetchcreds) == KRB5_OK) {
-      if (krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds))
-      {
-	      if (ktypes) {
-		  fetched.pref = pref (fetchcreds.keyblock.enctype,
-				       nktypes, ktypes);
-		  if (fetched.pref < 0)
-		      nomatch_err = KRB5_CC_NOT_KTYPE;
-		  else if (!have_creds || fetched.pref < best.pref) {
-		      if (have_creds)
-			  krb5_free_cred_contents (context, &best.creds);
-		      else
-			  have_creds = 1;
-		      best = fetched;
-		      continue;
-		  }
-	      } else {
-		  krb5_cc_end_seq_get(context, id, &cursor);
-		  *creds = fetchcreds;
-		  if (oflags & KRB5_TC_OPENCLOSE)
-		      krb5_cc_set_flags(context, id, oflags);
-		  return KRB5_OK;
-	      }
-	  }
-
-	  /* This one doesn't match */
-	  krb5_free_cred_contents(context, &fetchcreds);
-     }
-
-     /* If we get here, a match wasn't found */
-     krb5_cc_end_seq_get(context, id, &cursor);
-     if (oflags & KRB5_TC_OPENCLOSE)
-	 krb5_cc_set_flags(context, id, oflags);
-     if (have_creds) {
-	 *creds = best.creds;
-	 return KRB5_OK;
-     } else
-	 return nomatch_err;
+    kret = krb5_cc_get_flags(context, id, &oflags);
+    if (kret != KRB5_OK)
+        return kret;
+    if (oflags & KRB5_TC_OPENCLOSE)
+        (void) krb5_cc_set_flags(context, id, oflags & ~KRB5_TC_OPENCLOSE);
+    kret = krb5_cc_start_seq_get(context, id, &cursor);
+    if (kret != KRB5_OK) {
+        if (oflags & KRB5_TC_OPENCLOSE)
+            krb5_cc_set_flags(context, id, oflags);
+        return kret;
+    }
+
+    while (krb5_cc_next_cred(context, id, &cursor, &fetchcreds) == KRB5_OK) {
+        if (krb5int_cc_creds_match_request(context, whichfields, mcreds, &fetchcreds))
+        {
+            if (ktypes) {
+                fetched.pref = pref (fetchcreds.keyblock.enctype,
+                                     nktypes, ktypes);
+                if (fetched.pref < 0)
+                    nomatch_err = KRB5_CC_NOT_KTYPE;
+                else if (!have_creds || fetched.pref < best.pref) {
+                    if (have_creds)
+                        krb5_free_cred_contents (context, &best.creds);
+                    else
+                        have_creds = 1;
+                    best = fetched;
+                    continue;
+                }
+            } else {
+                krb5_cc_end_seq_get(context, id, &cursor);
+                *creds = fetchcreds;
+                if (oflags & KRB5_TC_OPENCLOSE)
+                    krb5_cc_set_flags(context, id, oflags);
+                return KRB5_OK;
+            }
+        }
+
+        /* This one doesn't match */
+        krb5_free_cred_contents(context, &fetchcreds);
+    }
+
+    /* If we get here, a match wasn't found */
+    krb5_cc_end_seq_get(context, id, &cursor);
+    if (oflags & KRB5_TC_OPENCLOSE)
+        krb5_cc_set_flags(context, id, oflags);
+    if (have_creds) {
+        *creds = best.creds;
+        return KRB5_OK;
+    } else
+        return nomatch_err;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -275,20 +276,20 @@ krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags
     krb5_error_code ret;
 
     if (flags & KRB5_TC_SUPPORTED_KTYPES) {
-	ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes);
-	if (ret)
-	    return ret;
-	nktypes = 0;
-	while (ktypes[nktypes])
-	    nktypes++;
-
-	ret = krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds,
-					 nktypes, ktypes);
-	free (ktypes);
-	return ret;
+        ret = krb5_get_tgs_ktypes (context, mcreds->server, &ktypes);
+        if (ret)
+            return ret;
+        nktypes = 0;
+        while (ktypes[nktypes])
+            nktypes++;
+
+        ret = krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds,
+                                         nktypes, ktypes);
+        free (ktypes);
+        return ret;
     } else {
-	return krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds,
-					  0, 0);
+        return krb5_cc_retrieve_cred_seq (context, id, flags, mcreds, creds,
+                                          0, 0);
     }
 }
 
@@ -298,24 +299,24 @@ krb5_cc_retrieve_cred_default (krb5_context context, krb5_ccache id, krb5_flags
 /* returned by the CCAPI is the same creds as the caller passed in.      */
 /* Unlike the code above it requires that all structures be identical.   */
 
-krb5_boolean KRB5_CALLCONV 
+krb5_boolean KRB5_CALLCONV
 krb5_creds_compare (krb5_context in_context,
                     krb5_creds *in_creds,
                     krb5_creds *in_compare_creds)
 {
     /* Set to 0 when we hit the first mismatch and then fall through */
     int equal = 1;
-    
+
     if (equal) {
-        equal = krb5_principal_compare (in_context, in_creds->client, 
+        equal = krb5_principal_compare (in_context, in_creds->client,
                                         in_compare_creds->client);
     }
-    
+
     if (equal) {
-        equal = krb5_principal_compare (in_context, in_creds->server, 
+        equal = krb5_principal_compare (in_context, in_creds->server,
                                         in_compare_creds->server);
     }
-    
+
     if (equal) {
         equal = (in_creds->keyblock.enctype == in_compare_creds->keyblock.enctype &&
                  in_creds->keyblock.length  == in_compare_creds->keyblock.length &&
@@ -323,27 +324,27 @@ krb5_creds_compare (krb5_context in_context,
                   !memcmp (in_creds->keyblock.contents, in_compare_creds->keyblock.contents,
                            in_creds->keyblock.length)));
     }
-    
-    if (equal) {   
+
+    if (equal) {
         equal = (in_creds->times.authtime   == in_compare_creds->times.authtime &&
                  in_creds->times.starttime  == in_compare_creds->times.starttime &&
                  in_creds->times.endtime    == in_compare_creds->times.endtime &&
                  in_creds->times.renew_till == in_compare_creds->times.renew_till);
     }
-    
+
     if (equal) {
         equal = (in_creds->is_skey == in_compare_creds->is_skey);
-    } 
-    
+    }
+
     if (equal) {
         equal = (in_creds->ticket_flags == in_compare_creds->ticket_flags);
     }
-    
+
     if (equal) {
         krb5_address **addresses = in_creds->addresses;
         krb5_address **compare_addresses = in_compare_creds->addresses;
         unsigned int i;
-        
+
         if (addresses && compare_addresses) {
             for (i = 0; (equal && addresses[i] && compare_addresses[i]); i++) {
                 equal = krb5_address_compare (in_context, addresses[i],
@@ -354,29 +355,29 @@ krb5_creds_compare (krb5_context in_context,
             if (equal) { equal = (!addresses && !compare_addresses); }
         }
     }
-    
+
     if (equal) {
-	equal = data_eq(in_creds->ticket, in_compare_creds->ticket);
+        equal = data_eq(in_creds->ticket, in_compare_creds->ticket);
     }
-    
+
     if (equal) {
-	equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket);
+        equal = data_eq(in_creds->second_ticket, in_compare_creds->second_ticket);
     }
-    
+
     if (equal) {
         krb5_authdata **authdata = in_creds->authdata;
         krb5_authdata **compare_authdata = in_compare_creds->authdata;
         unsigned int i;
-        
-        if (authdata && compare_authdata) { 
+
+        if (authdata && compare_authdata) {
             for (i = 0; (equal && authdata[i] && compare_authdata[i]); i++) {
-		equal = authdata_eq(*authdata[i], *compare_authdata[i]);
+                equal = authdata_eq(*authdata[i], *compare_authdata[i]);
             }
             if (equal) { equal = (!authdata[i] && !compare_authdata[i]); }
         } else {
             if (equal) { equal = (!authdata && !compare_authdata); }
         }
     }
-    
+
     return equal;
 }
diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c
index 14569fb59..33fb97c76 100644
--- a/src/lib/krb5/ccache/ccapi/stdcc.c
+++ b/src/lib/krb5/ccache/ccapi/stdcc.c
@@ -1,7 +1,8 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * stdcc.c - additions to the Kerberos 5 library to support the memory
- *	 credentical cache API
- *	
+ *       credentical cache API
+ *
  * Written by Frank Dabek July 1998
  * Updated by Jeffrey Altman June 2006
  *
@@ -12,7 +13,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -26,7 +27,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #if defined(_WIN32) || defined(USE_CCAPI)
@@ -38,7 +39,7 @@
 #include <stdio.h>
 
 #if defined(_WIN32)
-#include "winccld.h"	
+#include "winccld.h"
 #endif
 
 #ifndef CC_API_VER2
@@ -50,8 +51,8 @@
 #include <io.h>
 #define SHOW_DEBUG(buf)   MessageBox((HWND)NULL, (buf), "ccapi debug", MB_OK)
 #endif
-	/* XXX need macintosh debugging statement if we want to debug */
-	/* on the mac */
+/* XXX need macintosh debugging statement if we want to debug */
+/* on the mac */
 #else
 #define SHOW_DEBUG(buf)
 #endif
@@ -69,54 +70,54 @@ apiCB *gCntrlBlock = NULL;
  */
 
 krb5_cc_ops krb5_cc_stdcc_ops = {
-      0,
-      "API",
+    0,
+    "API",
 #ifdef USE_CCAPI_V3
-      krb5_stdccv3_get_name,
-      krb5_stdccv3_resolve,
-      krb5_stdccv3_generate_new,
-      krb5_stdccv3_initialize,
-      krb5_stdccv3_destroy,
-      krb5_stdccv3_close,
-      krb5_stdccv3_store,
-      krb5_stdccv3_retrieve,
-      krb5_stdccv3_get_principal,
-      krb5_stdccv3_start_seq_get,
-      krb5_stdccv3_next_cred,
-      krb5_stdccv3_end_seq_get,
-      krb5_stdccv3_remove, 
-      krb5_stdccv3_set_flags,
-      krb5_stdccv3_get_flags,
-      krb5_stdccv3_ptcursor_new,
-      krb5_stdccv3_ptcursor_next,
-      krb5_stdccv3_ptcursor_free,
-      NULL, /* move */
-      krb5_stdccv3_last_change_time, /* lastchange */
-      NULL, /* wasdefault */
-      krb5_stdccv3_lock,
-      krb5_stdccv3_unlock,
+    krb5_stdccv3_get_name,
+    krb5_stdccv3_resolve,
+    krb5_stdccv3_generate_new,
+    krb5_stdccv3_initialize,
+    krb5_stdccv3_destroy,
+    krb5_stdccv3_close,
+    krb5_stdccv3_store,
+    krb5_stdccv3_retrieve,
+    krb5_stdccv3_get_principal,
+    krb5_stdccv3_start_seq_get,
+    krb5_stdccv3_next_cred,
+    krb5_stdccv3_end_seq_get,
+    krb5_stdccv3_remove,
+    krb5_stdccv3_set_flags,
+    krb5_stdccv3_get_flags,
+    krb5_stdccv3_ptcursor_new,
+    krb5_stdccv3_ptcursor_next,
+    krb5_stdccv3_ptcursor_free,
+    NULL, /* move */
+    krb5_stdccv3_last_change_time, /* lastchange */
+    NULL, /* wasdefault */
+    krb5_stdccv3_lock,
+    krb5_stdccv3_unlock,
 #else
-      krb5_stdcc_get_name,
-      krb5_stdcc_resolve,
-      krb5_stdcc_generate_new,
-      krb5_stdcc_initialize,
-      krb5_stdcc_destroy,
-      krb5_stdcc_close,
-      krb5_stdcc_store,
-      krb5_stdcc_retrieve,
-      krb5_stdcc_get_principal,
-      krb5_stdcc_start_seq_get,
-      krb5_stdcc_next_cred,
-      krb5_stdcc_end_seq_get,
-      krb5_stdcc_remove, 
-      krb5_stdcc_set_flags,
-      krb5_stdcc_get_flags,
-      NULL,
-      NULL,
-      NULL,
-      NULL,
-      NULL,
-      NULL,
+    krb5_stdcc_get_name,
+    krb5_stdcc_resolve,
+    krb5_stdcc_generate_new,
+    krb5_stdcc_initialize,
+    krb5_stdcc_destroy,
+    krb5_stdcc_close,
+    krb5_stdcc_store,
+    krb5_stdcc_retrieve,
+    krb5_stdcc_get_principal,
+    krb5_stdcc_start_seq_get,
+    krb5_stdcc_next_cred,
+    krb5_stdcc_end_seq_get,
+    krb5_stdcc_remove,
+    krb5_stdcc_set_flags,
+    krb5_stdcc_get_flags,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
 #endif
 };
 
@@ -126,89 +127,89 @@ krb5_cc_ops krb5_cc_stdcc_ops = {
  * A notification message is is posted out to all top level
  * windows so that they may recheck the cache based on the
  * changes made.  We register a unique message type with which
- * we'll communicate to all other processes. 
+ * we'll communicate to all other processes.
  */
 static void cache_changed()
 {
-	static unsigned int message = 0;
-	
-	if (message == 0)
-		message = RegisterWindowMessage(WM_KERBEROS5_CHANGED);
+    static unsigned int message = 0;
 
-	PostMessage(HWND_BROADCAST, message, 0, 0);
+    if (message == 0)
+        message = RegisterWindowMessage(WM_KERBEROS5_CHANGED);
+
+    PostMessage(HWND_BROADCAST, message, 0, 0);
 }
 #else /* _WIN32 */
 
 static void cache_changed()
 {
-	return;
+    return;
 }
 #endif /* _WIN32 */
 
 struct err_xlate
 {
-	int	cc_err;
-	krb5_error_code	krb5_err;
+    int     cc_err;
+    krb5_error_code krb5_err;
 };
 
 static const struct err_xlate err_xlate_table[] =
 {
 #ifdef USE_CCAPI_V3
-        { ccIteratorEnd,			KRB5_CC_END },
-        { ccErrBadParam,			KRB5_FCC_INTERNAL },
-        { ccErrNoMem, 				KRB5_CC_NOMEM },
-        { ccErrInvalidContext, 			KRB5_FCC_NOFILE },
-        { ccErrInvalidCCache,			KRB5_FCC_NOFILE },
-        { ccErrInvalidString,			KRB5_FCC_INTERNAL },
-        { ccErrInvalidCredentials,		KRB5_FCC_INTERNAL },
-        { ccErrInvalidCCacheIterator,		KRB5_FCC_INTERNAL },
-        { ccErrInvalidCredentialsIterator,	KRB5_FCC_INTERNAL },
-        { ccErrInvalidLock,			KRB5_FCC_INTERNAL },
-        { ccErrBadName,				KRB5_CC_BADNAME },
-        { ccErrBadCredentialsVersion,		KRB5_FCC_INTERNAL },
-        { ccErrBadAPIVersion,			KRB5_FCC_INTERNAL },
-        { ccErrContextLocked,			KRB5_FCC_INTERNAL },
-        { ccErrContextUnlocked,			KRB5_FCC_INTERNAL },
-        { ccErrCCacheLocked,			KRB5_FCC_INTERNAL },
-        { ccErrCCacheUnlocked,			KRB5_FCC_INTERNAL },
-        { ccErrBadLockType,			KRB5_FCC_INTERNAL },
-        { ccErrNeverDefault,			KRB5_FCC_INTERNAL },
-        { ccErrCredentialsNotFound,		KRB5_CC_NOTFOUND },
-        { ccErrCCacheNotFound,			KRB5_FCC_NOFILE },
-        { ccErrContextNotFound,			KRB5_FCC_NOFILE },
-        { ccErrServerUnavailable,		KRB5_CC_IO },
-        { ccErrServerInsecure,			KRB5_CC_IO },
-        { ccErrServerCantBecomeUID,		KRB5_CC_IO },
-        { ccErrTimeOffsetNotSet,		KRB5_FCC_INTERNAL },
-        { ccErrBadInternalMessage,		KRB5_FCC_INTERNAL },
-        { ccErrNotImplemented,			KRB5_FCC_INTERNAL },
+    { ccIteratorEnd,                        KRB5_CC_END },
+    { ccErrBadParam,                        KRB5_FCC_INTERNAL },
+    { ccErrNoMem,                           KRB5_CC_NOMEM },
+    { ccErrInvalidContext,                  KRB5_FCC_NOFILE },
+    { ccErrInvalidCCache,                   KRB5_FCC_NOFILE },
+    { ccErrInvalidString,                   KRB5_FCC_INTERNAL },
+    { ccErrInvalidCredentials,              KRB5_FCC_INTERNAL },
+    { ccErrInvalidCCacheIterator,           KRB5_FCC_INTERNAL },
+    { ccErrInvalidCredentialsIterator,      KRB5_FCC_INTERNAL },
+    { ccErrInvalidLock,                     KRB5_FCC_INTERNAL },
+    { ccErrBadName,                         KRB5_CC_BADNAME },
+    { ccErrBadCredentialsVersion,           KRB5_FCC_INTERNAL },
+    { ccErrBadAPIVersion,                   KRB5_FCC_INTERNAL },
+    { ccErrContextLocked,                   KRB5_FCC_INTERNAL },
+    { ccErrContextUnlocked,                 KRB5_FCC_INTERNAL },
+    { ccErrCCacheLocked,                    KRB5_FCC_INTERNAL },
+    { ccErrCCacheUnlocked,                  KRB5_FCC_INTERNAL },
+    { ccErrBadLockType,                     KRB5_FCC_INTERNAL },
+    { ccErrNeverDefault,                    KRB5_FCC_INTERNAL },
+    { ccErrCredentialsNotFound,             KRB5_CC_NOTFOUND },
+    { ccErrCCacheNotFound,                  KRB5_FCC_NOFILE },
+    { ccErrContextNotFound,                 KRB5_FCC_NOFILE },
+    { ccErrServerUnavailable,               KRB5_CC_IO },
+    { ccErrServerInsecure,                  KRB5_CC_IO },
+    { ccErrServerCantBecomeUID,             KRB5_CC_IO },
+    { ccErrTimeOffsetNotSet,                KRB5_FCC_INTERNAL },
+    { ccErrBadInternalMessage,              KRB5_FCC_INTERNAL },
+    { ccErrNotImplemented,                  KRB5_FCC_INTERNAL },
 #else
-	{ CC_BADNAME,				KRB5_CC_BADNAME },
-	{ CC_NOTFOUND,				KRB5_CC_NOTFOUND },
-	{ CC_END,				KRB5_CC_END },
-	{ CC_IO,				KRB5_CC_IO },
-	{ CC_WRITE,				KRB5_CC_WRITE },
-	{ CC_NOMEM,				KRB5_CC_NOMEM },
-	{ CC_FORMAT,				KRB5_CC_FORMAT },
-	{ CC_WRITE,				KRB5_CC_WRITE },
-	{ CC_LOCKED,				KRB5_FCC_INTERNAL /* XXX */ },
-	{ CC_BAD_API_VERSION,			KRB5_FCC_INTERNAL /* XXX */ },
-	{ CC_NO_EXIST,				KRB5_FCC_NOFILE },
-	{ CC_NOT_SUPP,				KRB5_FCC_INTERNAL /* XXX */ },
-	{ CC_BAD_PARM,				KRB5_FCC_INTERNAL /* XXX */ },
-	{ CC_ERR_CACHE_ATTACH,			KRB5_FCC_INTERNAL /* XXX */ },
-	{ CC_ERR_CACHE_RELEASE,			KRB5_FCC_INTERNAL /* XXX */ },
-	{ CC_ERR_CACHE_FULL,			KRB5_FCC_INTERNAL /* XXX */ },
-	{ CC_ERR_CRED_VERSION,			KRB5_FCC_INTERNAL /* XXX */ },
+    { CC_BADNAME,                           KRB5_CC_BADNAME },
+    { CC_NOTFOUND,                          KRB5_CC_NOTFOUND },
+    { CC_END,                               KRB5_CC_END },
+    { CC_IO,                                KRB5_CC_IO },
+    { CC_WRITE,                             KRB5_CC_WRITE },
+    { CC_NOMEM,                             KRB5_CC_NOMEM },
+    { CC_FORMAT,                            KRB5_CC_FORMAT },
+    { CC_WRITE,                             KRB5_CC_WRITE },
+    { CC_LOCKED,                            KRB5_FCC_INTERNAL /* XXX */ },
+    { CC_BAD_API_VERSION,                   KRB5_FCC_INTERNAL /* XXX */ },
+    { CC_NO_EXIST,                          KRB5_FCC_NOFILE },
+    { CC_NOT_SUPP,                          KRB5_FCC_INTERNAL /* XXX */ },
+    { CC_BAD_PARM,                          KRB5_FCC_INTERNAL /* XXX */ },
+    { CC_ERR_CACHE_ATTACH,                  KRB5_FCC_INTERNAL /* XXX */ },
+    { CC_ERR_CACHE_RELEASE,                 KRB5_FCC_INTERNAL /* XXX */ },
+    { CC_ERR_CACHE_FULL,                    KRB5_FCC_INTERNAL /* XXX */ },
+    { CC_ERR_CRED_VERSION,                  KRB5_FCC_INTERNAL /* XXX */ },
 #endif
-	{ 0,					0 }
+    { 0,                                    0 }
 };
 
 /* Note: cc_err_xlate is NOT idempotent.  Don't call it multiple times.  */
 static krb5_error_code cc_err_xlate(int err)
 {
     const struct err_xlate *p;
-    
+
 #ifdef USE_CCAPI_V3
     if (err == ccNoError)
         return 0;
@@ -216,12 +217,12 @@ static krb5_error_code cc_err_xlate(int err)
     if (err == CC_NOERROR)
         return 0;
 #endif
-    
+
     for (p = err_xlate_table; p->cc_err; p++) {
         if (err == p->cc_err)
             return p->krb5_err;
     }
-    
+
     return KRB5_FCC_INTERNAL;
 }
 
@@ -232,26 +233,26 @@ static krb5_error_code stdccv3_get_timeoffset (krb5_context in_context,
                                                cc_ccache_t  in_ccache)
 {
     krb5_error_code err = 0;
-    
+
     if (gCCVersion >= ccapi_version_5) {
         krb5_os_context os_ctx = (krb5_os_context) &in_context->os_context;
         cc_time_t time_offset = 0;
-    
+
         err = cc_ccache_get_kdc_time_offset (in_ccache, cc_credentials_v5,
                                              &time_offset);
-    
+
         if (!err) {
             os_ctx->time_offset = time_offset;
             os_ctx->usec_offset = 0;
             os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
                                 KRB5_OS_TOFFSET_VALID);
         }
-        
+
         if (err == ccErrTimeOffsetNotSet) {
             err = 0;  /* okay if there is no time offset */
         }
     }
-    
+
     return err; /* Don't translate.  Callers will translate for us */
 }
 
@@ -259,17 +260,17 @@ static krb5_error_code stdccv3_set_timeoffset (krb5_context in_context,
                                                cc_ccache_t  in_ccache)
 {
     krb5_error_code err = 0;
-    
+
     if (gCCVersion >= ccapi_version_5) {
         krb5_os_context os_ctx = (krb5_os_context) &in_context->os_context;
-        
+
         if (!err && os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
-            err = cc_ccache_set_kdc_time_offset (in_ccache, 
+            err = cc_ccache_set_kdc_time_offset (in_ccache,
                                                  cc_credentials_v5,
                                                  os_ctx->time_offset);
         }
     }
-    
+
     return err; /* Don't translate.  Callers will translate for us */
 }
 
@@ -277,21 +278,21 @@ static krb5_error_code stdccv3_setup (krb5_context context,
                                       stdccCacheDataPtr ccapi_data)
 {
     krb5_error_code err = 0;
-    
+
     if (!err && !gCntrlBlock) {
         err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL);
     }
-    
+
     if (!err && ccapi_data && !ccapi_data->NamedCache) {
-        /* ccache has not been opened yet.  open it. */  
+        /* ccache has not been opened yet.  open it. */
         err = cc_context_open_ccache (gCntrlBlock, ccapi_data->cache_name,
                                       &ccapi_data->NamedCache);
     }
-    
+
     if (!err && ccapi_data && ccapi_data->NamedCache) {
         err = stdccv3_get_timeoffset (context, ccapi_data->NamedCache);
     }
-    
+
     return err; /* Don't translate.  Callers will translate for us */
 }
 
@@ -305,12 +306,12 @@ void krb5_stdcc_shutdown()
 
 /*
  * -- generate_new --------------------------------
- * 
+ *
  * create a new cache with a unique name, corresponds to creating a
  * named cache initialize the API here if we have to.
  */
-krb5_error_code KRB5_CALLCONV  
-krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id ) 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id )
 {
     krb5_error_code err = 0;
     krb5_ccache newCache = NULL;
@@ -318,98 +319,98 @@ krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id )
     cc_ccache_t ccache = NULL;
     cc_string_t ccstring = NULL;
     char *name = NULL;
-    
+
     if (!err) {
         err = stdccv3_setup(context, NULL);
     }
-    
+
     if (!err) {
         newCache = (krb5_ccache) malloc (sizeof (*newCache));
         if (!newCache) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
         if (!ccapi_data) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "",
                                             &ccache);
     }
-    
+
     if (!err) {
         err = stdccv3_set_timeoffset (context, ccache);
     }
-    
+
     if (!err) {
         err = cc_ccache_get_name (ccache, &ccstring);
     }
-    
+
     if (!err) {
         name = strdup (ccstring->data);
         if (!name) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         ccapi_data->cache_name = name;
         name = NULL; /* take ownership */
-        
+
         ccapi_data->NamedCache = ccache;
         ccache = NULL; /* take ownership */
-        
+
         newCache->ops = &krb5_cc_stdcc_ops;
         newCache->data = ccapi_data;
         ccapi_data = NULL; /* take ownership */
-        
+
         /* return a pointer to the new cache */
         *id = newCache;
         newCache = NULL;
     }
-    
+
     if (ccstring)   { cc_string_release (ccstring); }
     if (name)       { free (name); }
     if (ccache)     { cc_ccache_release (ccache); }
     if (ccapi_data) { free (ccapi_data); }
     if (newCache)   { free (newCache); }
-    
+
     return cc_err_xlate (err);
 }
-  
+
 /*
  * resolve
  *
  * create a new cache with the name stored in residual
  */
-krb5_error_code KRB5_CALLCONV  
-krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residual ) 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residual )
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = NULL;
     krb5_ccache ccache = NULL;
     char *name = NULL;
-    
+
     if (id == NULL) { err = KRB5_CC_NOMEM; }
-    
+
     if (!err) {
         err = stdccv3_setup (context, NULL);
     }
-    
+
     if (!err) {
         ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
         if (!ccapi_data) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         ccache = (krb5_ccache ) malloc (sizeof (*ccache));
         if (!ccache) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         name = strdup (residual);
         if (!name) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         err = cc_context_open_ccache (gCntrlBlock, residual,
                                       &ccapi_data->NamedCache);
@@ -420,24 +421,24 @@ krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residu
     }
 
     if (!err) {
-	ccapi_data->cache_name = name;
+        ccapi_data->cache_name = name;
         name = NULL; /* take ownership */
 
-  	ccache->ops = &krb5_cc_stdcc_ops;
-	ccache->data = ccapi_data;
+        ccache->ops = &krb5_cc_stdcc_ops;
+        ccache->data = ccapi_data;
         ccapi_data = NULL; /* take ownership */
-        
+
         *id = ccache;
         ccache = NULL; /* take ownership */
     }
-    
+
     if (ccache)     { free (ccache); }
     if (ccapi_data) { free (ccapi_data); }
     if (name)       { free (name); }
-    
+
     return cc_err_xlate (err);
 }
-  
+
 /*
  * initialize
  *
@@ -445,36 +446,36 @@ krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residu
  * principal if not set our principal to this principal. This
  * searching enables ticket sharing
  */
-krb5_error_code KRB5_CALLCONV  
-krb5_stdccv3_initialize (krb5_context context, 
-                         krb5_ccache id,  
-                         krb5_principal princ) 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_initialize (krb5_context context,
+                         krb5_ccache id,
+                         krb5_principal princ)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
     char *name = NULL;
     cc_ccache_t ccache = NULL;
-    
+
     if (id == NULL) { err = KRB5_CC_NOMEM; }
-    
+
     if (!err) {
         err = stdccv3_setup (context, NULL);
     }
-    
+
     if (!err) {
         err = krb5_unparse_name(context, princ, &name);
     }
-    
+
     if (!err) {
-        err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name, 
+        err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name,
                                         cc_credentials_v5, name,
                                         &ccache);
     }
-    
+
     if (!err) {
         err = stdccv3_set_timeoffset (context, ccache);
     }
-    
+
     if (!err) {
         if (ccapi_data->NamedCache) {
             err = cc_ccache_release (ccapi_data->NamedCache);
@@ -483,10 +484,10 @@ krb5_stdccv3_initialize (krb5_context context,
         ccache = NULL; /* take ownership */
         cache_changed ();
     }
-    
+
     if (ccache) { cc_ccache_release (ccache); }
     if (name  ) { krb5_free_unparsed_name(context, name); }
-    
+
     return cc_err_xlate(err);
 }
 
@@ -495,32 +496,32 @@ krb5_stdccv3_initialize (krb5_context context,
  *
  * store some credentials in our cache
  */
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_stdccv3_store (krb5_context context, krb5_ccache id, krb5_creds *creds )
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
     cc_credentials_union *cred_union = NULL;
-    
+
     if (!err) {
         err = stdccv3_setup (context, ccapi_data);
     }
-    
+
     if (!err) {
         /* copy the fields from the almost identical structures */
         err = copy_krb5_creds_to_cc_cred_union (context, creds, &cred_union);
     }
-    
+
     if (!err) {
         err = cc_ccache_store_credentials (ccapi_data->NamedCache, cred_union);
     }
-    
+
     if (!err) {
         cache_changed();
     }
-    
+
     if (cred_union) { cred_union_release (cred_union); }
-    
+
     return cc_err_xlate (err);
 }
 
@@ -529,54 +530,54 @@ krb5_stdccv3_store (krb5_context context, krb5_ccache id, krb5_creds *creds )
  *
  * begin an iterator call to get all of the credentials in the cache
  */
-krb5_error_code KRB5_CALLCONV 
-krb5_stdccv3_start_seq_get (krb5_context context, 
-                            krb5_ccache id, 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_start_seq_get (krb5_context context,
+                            krb5_ccache id,
                             krb5_cc_cursor *cursor )
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
     cc_credentials_iterator_t iterator = NULL;
-    
+
     if (!err) {
         err = stdccv3_setup (context, ccapi_data);
     }
-    
+
     if (!err) {
         err = cc_ccache_new_credentials_iterator(ccapi_data->NamedCache,
                                                  &iterator);
     }
-    
+
     if (!err) {
         *cursor = iterator;
     }
-    
+
     return cc_err_xlate (err);
 }
 
 /*
  * next cred
- * 
+ *
  * - get the next credential in the cache as part of an iterator call
  * - this maps to call to cc_seq_fetch_creds
  */
-krb5_error_code KRB5_CALLCONV 
-krb5_stdccv3_next_cred (krb5_context context, 
-                        krb5_ccache id, 
-                        krb5_cc_cursor *cursor, 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_next_cred (krb5_context context,
+                        krb5_ccache id,
+                        krb5_cc_cursor *cursor,
                         krb5_creds *creds)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
     cc_credentials_t credentials = NULL;
     cc_credentials_iterator_t iterator = *cursor;
-    
+
     if (!iterator) { err = KRB5_CC_END; }
-    
+
     if (!err) {
         err = stdccv3_setup (context, ccapi_data);
     }
-    
+
     /* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */
     while (!err) {
         err = cc_credentials_iterator_next (iterator, &credentials);
@@ -586,13 +587,13 @@ krb5_stdccv3_next_cred (krb5_context context,
             break;
         }
     }
-    
+
     if (credentials) { cc_credentials_release (credentials); }
     if (err == ccIteratorEnd) {
         cc_credentials_iterator_release (iterator);
         *cursor = 0;
-    }    
-    
+    }
+
     return cc_err_xlate (err);
 }
 
@@ -603,14 +604,14 @@ krb5_stdccv3_next_cred (krb5_context context,
  * - try to find a matching credential in the cache
  */
 krb5_error_code KRB5_CALLCONV
-krb5_stdccv3_retrieve (krb5_context context, 
-                       krb5_ccache id, 
-                       krb5_flags whichfields, 
-                       krb5_creds *mcreds, 
+krb5_stdccv3_retrieve (krb5_context context,
+                       krb5_ccache id,
+                       krb5_flags whichfields,
+                       krb5_creds *mcreds,
                        krb5_creds *creds)
 {
     return krb5_cc_retrieve_cred_default (context, id, whichfields,
-					  mcreds, creds);
+                                          mcreds, creds);
 }
 
 /*
@@ -618,58 +619,58 @@ krb5_stdccv3_retrieve (krb5_context context,
  *
  * just free up the storage assoicated with the cursor (if we can)
  */
-krb5_error_code KRB5_CALLCONV 
-krb5_stdccv3_end_seq_get (krb5_context context, 
-                          krb5_ccache id, 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_end_seq_get (krb5_context context,
+                          krb5_ccache id,
                           krb5_cc_cursor *cursor)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
     cc_credentials_iterator_t iterator = *cursor;
-    
+
     if (!iterator) { return 0; }
-    
+
     if (!err) {
         err = stdccv3_setup (context, ccapi_data);
     }
-    
+
     if (!err) {
         err = cc_credentials_iterator_release(iterator);
     }
-    
+
     return cc_err_xlate(err);
 }
-     
+
 /*
  * close
  *
  * - free our pointers to the NC
  */
-krb5_error_code KRB5_CALLCONV 
-krb5_stdccv3_close(krb5_context context, 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_close(krb5_context context,
                    krb5_ccache id)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
-    
+
     if (!err) {
         err = stdccv3_setup (context, NULL);
     }
-    
+
     if (!err) {
-	if (ccapi_data) {
-            if (ccapi_data->cache_name) { 
-                free (ccapi_data->cache_name); 
+        if (ccapi_data) {
+            if (ccapi_data->cache_name) {
+                free (ccapi_data->cache_name);
             }
-            if (ccapi_data->NamedCache) { 
-                err = cc_ccache_release (ccapi_data->NamedCache); 
+            if (ccapi_data->NamedCache) {
+                err = cc_ccache_release (ccapi_data->NamedCache);
             }
             free (ccapi_data);
             id->data = NULL;
-	}
-	free (id);        
+        }
+        free (id);
     }
-    
+
     return cc_err_xlate(err);
 }
 
@@ -679,35 +680,35 @@ krb5_stdccv3_close(krb5_context context,
  * - free our storage and the cache
  */
 krb5_error_code KRB5_CALLCONV
-krb5_stdccv3_destroy (krb5_context context, 
+krb5_stdccv3_destroy (krb5_context context,
                       krb5_ccache id)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
-   
+
     if (!err) {
         err = stdccv3_setup(context, ccapi_data);
     }
-    
+
     if (!err) {
-	if (ccapi_data) {
-            if (ccapi_data->cache_name) { 
-                free(ccapi_data->cache_name); 
+        if (ccapi_data) {
+            if (ccapi_data->cache_name) {
+                free(ccapi_data->cache_name);
             }
             if (ccapi_data->NamedCache) {
                 /* destroy the named cache */
                 err = cc_ccache_destroy(ccapi_data->NamedCache);
-                if (err == ccErrCCacheNotFound) { 
+                if (err == ccErrCCacheNotFound) {
                     err = 0; /* ccache maybe already destroyed */
                 }
                 cache_changed();
             }
             free(ccapi_data);
             id->data = NULL;
-	}
-	free(id);        
+        }
+        free(id);
     }
-    
+
     return cc_err_xlate(err);
 }
 
@@ -716,12 +717,12 @@ krb5_stdccv3_destroy (krb5_context context,
  *
  * - return the name of the named cache
  */
-const char * KRB5_CALLCONV 
-krb5_stdccv3_get_name (krb5_context context, 
+const char * KRB5_CALLCONV
+krb5_stdccv3_get_name (krb5_context context,
                        krb5_ccache id )
 {
     stdccCacheDataPtr ccapi_data = id->data;
-    
+
     if (!ccapi_data) {
         return NULL;
     } else {
@@ -734,29 +735,29 @@ krb5_stdccv3_get_name (krb5_context context,
  *
  * - return the principal associated with the named cache
  */
-krb5_error_code KRB5_CALLCONV 
-krb5_stdccv3_get_principal (krb5_context context, 
-                            krb5_ccache id , 
-                            krb5_principal *princ) 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_get_principal (krb5_context context,
+                            krb5_ccache id ,
+                            krb5_principal *princ)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
     cc_string_t name = NULL;
-    
+
     if (!err) {
         err = stdccv3_setup(context, ccapi_data);
     }
-    
+
     if (!err) {
         err = cc_ccache_get_principal (ccapi_data->NamedCache, cc_credentials_v5, &name);
     }
-    
+
     if (!err) {
         err = krb5_parse_name (context, name->data, princ);
     }
-    
+
     if (name) { cc_string_release (name); }
-    
+
     return cc_err_xlate (err);
 }
 
@@ -765,16 +766,16 @@ krb5_stdccv3_get_principal (krb5_context context,
  *
  * - currently a NOP since we don't store any flags in the NC
  */
-krb5_error_code KRB5_CALLCONV 
-krb5_stdccv3_set_flags (krb5_context context, 
-                        krb5_ccache id, 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_set_flags (krb5_context context,
+                        krb5_ccache id,
                         krb5_flags flags)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
-    
+
     err = stdccv3_setup (context, ccapi_data);
-    
+
     return cc_err_xlate (err);
 }
 
@@ -783,16 +784,16 @@ krb5_stdccv3_set_flags (krb5_context context,
  *
  * - currently a NOP since we don't store any flags in the NC
  */
-krb5_error_code KRB5_CALLCONV 
-krb5_stdccv3_get_flags (krb5_context context, 
-                        krb5_ccache id, 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_get_flags (krb5_context context,
+                        krb5_ccache id,
                         krb5_flags *flags)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
-    
+
     err = stdccv3_setup (context, ccapi_data);
-    
+
     return cc_err_xlate (err);
 }
 
@@ -801,22 +802,22 @@ krb5_stdccv3_get_flags (krb5_context context,
  *
  * - remove the specified credentials from the NC
  */
-krb5_error_code KRB5_CALLCONV 
-krb5_stdccv3_remove (krb5_context context, 
+krb5_error_code KRB5_CALLCONV
+krb5_stdccv3_remove (krb5_context context,
                      krb5_ccache id,
-                     krb5_flags flags, 
+                     krb5_flags flags,
                      krb5_creds *in_creds)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
     cc_credentials_iterator_t iterator = NULL;
     int found = 0;
-    
+
     if (!err) {
         err = stdccv3_setup(context, ccapi_data);
     }
-    
-    
+
+
     if (!err) {
         err = cc_ccache_new_credentials_iterator(ccapi_data->NamedCache,
                                                  &iterator);
@@ -825,28 +826,28 @@ krb5_stdccv3_remove (krb5_context context,
     /* Note: CCAPI v3 ccaches can contain both v4 and v5 creds */
     while (!err && !found) {
         cc_credentials_t credentials = NULL;
-        
+
         err = cc_credentials_iterator_next (iterator, &credentials);
-        
+
         if (!err && (credentials->data->version == cc_credentials_v5)) {
             krb5_creds creds;
-            
-            err = copy_cc_cred_union_to_krb5_creds(context, 
+
+            err = copy_cc_cred_union_to_krb5_creds(context,
                                                    credentials->data, &creds);
 
             if (!err) {
                 found = krb5_creds_compare (context, in_creds, &creds);
                 krb5_free_cred_contents (context, &creds);
             }
-            
+
             if (!err && found) {
                 err = cc_ccache_remove_credentials (ccapi_data->NamedCache, credentials);
             }
         }
-        
+
         if (credentials) { cc_credentials_release (credentials); }
     }
-    if (err == ccIteratorEnd) { err = ccErrCredentialsNotFound; }    
+    if (err == ccIteratorEnd) { err = ccErrCredentialsNotFound; }
 
     if (iterator) {
         err = cc_credentials_iterator_release(iterator);
@@ -855,7 +856,7 @@ krb5_stdccv3_remove (krb5_context context,
     if (!err) {
         cache_changed ();
     }
-    
+
     return cc_err_xlate (err);
 }
 
@@ -863,38 +864,38 @@ krb5_error_code KRB5_CALLCONV
 krb5_stdccv3_ptcursor_new(krb5_context context,
                           krb5_cc_ptcursor *cursor)
 {
-	krb5_error_code err = 0;
-	krb5_cc_ptcursor ptcursor = NULL;
-	cc_ccache_iterator_t iterator = NULL;
-	
-	ptcursor = malloc(sizeof(*ptcursor));
-	if (ptcursor == NULL) {
-		err = ENOMEM;
-	}
-	else {
-		memset(ptcursor, 0, sizeof(*ptcursor));
-	}
-	
-	if (!err) {
-		err = stdccv3_setup(context, NULL);
-	}
-	if (!err) {
-		ptcursor->ops = &krb5_cc_stdcc_ops;
-		err = cc_context_new_ccache_iterator(gCntrlBlock, &iterator);
-	}
-	
-	if (!err) {
-		ptcursor->data = iterator;
-	}
-	
-	if (err) {
-		if (ptcursor) { krb5_stdccv3_ptcursor_free(context, &ptcursor); }
-		// krb5_stdccv3_ptcursor_free sets ptcursor to NULL for us
-	}
-	
-	*cursor = ptcursor;
-	
-	return err;
+    krb5_error_code err = 0;
+    krb5_cc_ptcursor ptcursor = NULL;
+    cc_ccache_iterator_t iterator = NULL;
+
+    ptcursor = malloc(sizeof(*ptcursor));
+    if (ptcursor == NULL) {
+        err = ENOMEM;
+    }
+    else {
+        memset(ptcursor, 0, sizeof(*ptcursor));
+    }
+
+    if (!err) {
+        err = stdccv3_setup(context, NULL);
+    }
+    if (!err) {
+        ptcursor->ops = &krb5_cc_stdcc_ops;
+        err = cc_context_new_ccache_iterator(gCntrlBlock, &iterator);
+    }
+
+    if (!err) {
+        ptcursor->data = iterator;
+    }
+
+    if (err) {
+        if (ptcursor) { krb5_stdccv3_ptcursor_free(context, &ptcursor); }
+        // krb5_stdccv3_ptcursor_free sets ptcursor to NULL for us
+    }
+
+    *cursor = ptcursor;
+
+    return err;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -903,72 +904,72 @@ krb5_stdccv3_ptcursor_next(
     krb5_cc_ptcursor cursor,
     krb5_ccache *ccache)
 {
-	krb5_error_code err = 0;
-	cc_ccache_iterator_t iterator = NULL;
-	
-	krb5_ccache newCache = NULL;
-	stdccCacheDataPtr ccapi_data = NULL;
-	cc_ccache_t ccCache = NULL;
-	cc_string_t ccstring = NULL;
-	char *name = NULL;
-	
-	if (!cursor || !cursor->data) {
-		err = ccErrInvalidContext;
-	}
-	
-	*ccache = NULL;
-	
-	if (!err) {
-	    newCache = (krb5_ccache) malloc (sizeof (*newCache));
-	    if (!newCache) { err = KRB5_CC_NOMEM; }
-	}
-
-	if (!err) {
-	    ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
-	    if (!ccapi_data) { err = KRB5_CC_NOMEM; }
-	}
-	
-	if (!err) {
-		iterator = cursor->data;
-		err = cc_ccache_iterator_next(iterator, &ccCache);
-	}
-	
-	if (!err) {
-	    err = cc_ccache_get_name (ccCache, &ccstring);
-	}
-
-	if (!err) {
-	    name = strdup (ccstring->data);
-	    if (!name) { err = KRB5_CC_NOMEM; }
-	}
-	
-	if (!err) {
-	    ccapi_data->cache_name = name;
-	    name = NULL; /* take ownership */
-    
-	    ccapi_data->NamedCache = ccCache;
-	    ccCache = NULL; /* take ownership */
-    
-	    newCache->ops = &krb5_cc_stdcc_ops;
-	    newCache->data = ccapi_data;
-	    ccapi_data = NULL; /* take ownership */
-    
-	    /* return a pointer to the new cache */
-	    *ccache = newCache;
-	    newCache = NULL;
-	}
- 
-	if (name)       { free (name); }
-	if (ccstring)   { cc_string_release (ccstring); }
-	if (ccCache)    { cc_ccache_release (ccCache); }
-	if (ccapi_data) { free (ccapi_data); }
-	if (newCache)   { free (newCache); }
-	
-	if (err == ccIteratorEnd) {
-		err = ccNoError;
-	}
-	
-	return err;
+    krb5_error_code err = 0;
+    cc_ccache_iterator_t iterator = NULL;
+
+    krb5_ccache newCache = NULL;
+    stdccCacheDataPtr ccapi_data = NULL;
+    cc_ccache_t ccCache = NULL;
+    cc_string_t ccstring = NULL;
+    char *name = NULL;
+
+    if (!cursor || !cursor->data) {
+        err = ccErrInvalidContext;
+    }
+
+    *ccache = NULL;
+
+    if (!err) {
+        newCache = (krb5_ccache) malloc (sizeof (*newCache));
+        if (!newCache) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        ccapi_data = (stdccCacheDataPtr) malloc (sizeof (*ccapi_data));
+        if (!ccapi_data) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        iterator = cursor->data;
+        err = cc_ccache_iterator_next(iterator, &ccCache);
+    }
+
+    if (!err) {
+        err = cc_ccache_get_name (ccCache, &ccstring);
+    }
+
+    if (!err) {
+        name = strdup (ccstring->data);
+        if (!name) { err = KRB5_CC_NOMEM; }
+    }
+
+    if (!err) {
+        ccapi_data->cache_name = name;
+        name = NULL; /* take ownership */
+
+        ccapi_data->NamedCache = ccCache;
+        ccCache = NULL; /* take ownership */
+
+        newCache->ops = &krb5_cc_stdcc_ops;
+        newCache->data = ccapi_data;
+        ccapi_data = NULL; /* take ownership */
+
+        /* return a pointer to the new cache */
+        *ccache = newCache;
+        newCache = NULL;
+    }
+
+    if (name)       { free (name); }
+    if (ccstring)   { cc_string_release (ccstring); }
+    if (ccCache)    { cc_ccache_release (ccCache); }
+    if (ccapi_data) { free (ccapi_data); }
+    if (newCache)   { free (newCache); }
+
+    if (err == ccIteratorEnd) {
+        err = ccNoError;
+    }
+
+    return err;
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -977,25 +978,25 @@ krb5_stdccv3_ptcursor_free(
     krb5_cc_ptcursor *cursor)
 {
     if (*cursor != NULL) {
-		if ((*cursor)->data != NULL) {
-			cc_ccache_iterator_release((cc_ccache_iterator_t)((*cursor)->data));
-		}
-	    free(*cursor);
-	    *cursor = NULL;
-	}
+        if ((*cursor)->data != NULL) {
+            cc_ccache_iterator_release((cc_ccache_iterator_t)((*cursor)->data));
+        }
+        free(*cursor);
+        *cursor = NULL;
+    }
     return 0;
 }
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time
-		(krb5_context context, krb5_ccache id,
-           krb5_timestamp *change_time)
+(krb5_context context, krb5_ccache id,
+ krb5_timestamp *change_time)
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
     cc_time_t ccapi_change_time = 0;
 
     *change_time = 0;
-    
+
     if (!err) {
         err = stdccv3_setup(context, ccapi_data);
     }
@@ -1005,7 +1006,7 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time
     if (!err) {
         *change_time = ccapi_change_time;
     }
-    
+
     return cc_err_xlate (err);
 }
 
@@ -1014,14 +1015,14 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
-    
+
     if (!err) {
         err = stdccv3_setup(context, ccapi_data);
     }
     if (!err) {
         err = cc_ccache_lock(ccapi_data->NamedCache, cc_lock_write, cc_lock_block);
     }
-    return cc_err_xlate(err);    
+    return cc_err_xlate(err);
 }
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock
@@ -1029,14 +1030,14 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock
 {
     krb5_error_code err = 0;
     stdccCacheDataPtr ccapi_data = id->data;
-    
+
     if (!err) {
         err = stdccv3_setup(context, ccapi_data);
     }
     if (!err) {
         err = cc_ccache_unlock(ccapi_data->NamedCache);
     }
-    return cc_err_xlate(err);    
+    return cc_err_xlate(err);
 }
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock
@@ -1050,7 +1051,7 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock
     if (!err) {
         err = cc_context_lock(gCntrlBlock, cc_lock_write, cc_lock_block);
     }
-    return cc_err_xlate(err);    
+    return cc_err_xlate(err);
 }
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
@@ -1064,173 +1065,173 @@ krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
     if (!err) {
         err = cc_context_unlock(gCntrlBlock);
     }
-    return cc_err_xlate(err);    
+    return cc_err_xlate(err);
 }
 
 #else /* !USE_CCAPI_V3 */
 
 static krb5_error_code stdcc_setup(krb5_context context,
-				   stdccCacheDataPtr ccapi_data)
+                                   stdccCacheDataPtr ccapi_data)
 {
-	int	err;
+    int     err;
 
-  	/* make sure the API has been intialized */
-  	if (gCntrlBlock == NULL) {
+    /* make sure the API has been intialized */
+    if (gCntrlBlock == NULL) {
 #ifdef CC_API_VER2
-		err = cc_initialize(&gCntrlBlock, CC_API_VER_2, NULL, NULL);
+        err = cc_initialize(&gCntrlBlock, CC_API_VER_2, NULL, NULL);
 #else
-		err = cc_initialize(&gCntrlBlock, CC_API_VER_1, NULL, NULL);
+        err = cc_initialize(&gCntrlBlock, CC_API_VER_1, NULL, NULL);
 #endif
-		if (err != CC_NOERROR)
-			return cc_err_xlate(err);
-	}
-
-	/*
-	 * No ccapi_data structure, so we don't need to make sure the
-	 * ccache exists.
-	 */
-	if (!ccapi_data)
-		return 0;
-
-	/*
-	 * The ccache already exists
-	 */
-	if (ccapi_data->NamedCache)
-		return 0;
-
-	err = cc_open(gCntrlBlock, ccapi_data->cache_name,
-		      CC_CRED_V5, 0L, &ccapi_data->NamedCache);
-	if (err == CC_NOTFOUND)
-	  err = CC_NO_EXIST;
-	if (err == CC_NOERROR)
-		return 0;
-
-	ccapi_data->NamedCache = NULL;
-	return cc_err_xlate(err);
+        if (err != CC_NOERROR)
+            return cc_err_xlate(err);
+    }
+
+    /*
+     * No ccapi_data structure, so we don't need to make sure the
+     * ccache exists.
+     */
+    if (!ccapi_data)
+        return 0;
+
+    /*
+     * The ccache already exists
+     */
+    if (ccapi_data->NamedCache)
+        return 0;
+
+    err = cc_open(gCntrlBlock, ccapi_data->cache_name,
+                  CC_CRED_V5, 0L, &ccapi_data->NamedCache);
+    if (err == CC_NOTFOUND)
+        err = CC_NO_EXIST;
+    if (err == CC_NOERROR)
+        return 0;
+
+    ccapi_data->NamedCache = NULL;
+    return cc_err_xlate(err);
 }
 
 void krb5_stdcc_shutdown()
 {
-	if (gCntrlBlock)
-		cc_shutdown(&gCntrlBlock);
-	gCntrlBlock = NULL;
+    if (gCntrlBlock)
+        cc_shutdown(&gCntrlBlock);
+    gCntrlBlock = NULL;
 }
 
 /*
  * -- generate_new --------------------------------
- * 
+ *
  * create a new cache with a unique name, corresponds to creating a
  * named cache iniitialize the API here if we have to.
  */
-krb5_error_code KRB5_CALLCONV  krb5_stdcc_generate_new 
-	(krb5_context context, krb5_ccache *id ) 
+krb5_error_code KRB5_CALLCONV  krb5_stdcc_generate_new
+(krb5_context context, krb5_ccache *id )
 {
-  	krb5_ccache 		newCache = NULL;
-	krb5_error_code		retval;
-	stdccCacheDataPtr	ccapi_data = NULL;
-	char 			*name = NULL;
-	cc_time_t 		change_time;
-	int 			err;
-
-	if ((retval = stdcc_setup(context, NULL)))
-		return retval;
-	
-	retval = KRB5_CC_NOMEM;
-	if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache))))
-		goto errout;
-  	if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData))))
-		goto errout;
-	if (!(name = malloc(256)))
-		goto errout;
-	
-  	/* create a unique name */
-  	cc_get_change_time(gCntrlBlock, &change_time);
-  	snprintf(name, 256, "gen_new_cache%d", change_time);
-  	
-  	/* create the new cache */
-  	err = cc_create(gCntrlBlock, name, name, CC_CRED_V5, 0L,
-			&ccapi_data->NamedCache);
-	if (err != CC_NOERROR) {
-		retval = cc_err_xlate(err);
-		goto errout;
-	}
-
-  	/* setup some fields */
-  	newCache->ops = &krb5_cc_stdcc_ops;
-  	newCache->data = ccapi_data;
-	ccapi_data->cache_name = name;
-  	
-  	/* return a pointer to the new cache */
-	*id = newCache;
-	  	
-	return 0;
+    krb5_ccache             newCache = NULL;
+    krb5_error_code         retval;
+    stdccCacheDataPtr       ccapi_data = NULL;
+    char                    *name = NULL;
+    cc_time_t               change_time;
+    int                     err;
+
+    if ((retval = stdcc_setup(context, NULL)))
+        return retval;
+
+    retval = KRB5_CC_NOMEM;
+    if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache))))
+        goto errout;
+    if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData))))
+        goto errout;
+    if (!(name = malloc(256)))
+        goto errout;
+
+    /* create a unique name */
+    cc_get_change_time(gCntrlBlock, &change_time);
+    snprintf(name, 256, "gen_new_cache%d", change_time);
+
+    /* create the new cache */
+    err = cc_create(gCntrlBlock, name, name, CC_CRED_V5, 0L,
+                    &ccapi_data->NamedCache);
+    if (err != CC_NOERROR) {
+        retval = cc_err_xlate(err);
+        goto errout;
+    }
+
+    /* setup some fields */
+    newCache->ops = &krb5_cc_stdcc_ops;
+    newCache->data = ccapi_data;
+    ccapi_data->cache_name = name;
+
+    /* return a pointer to the new cache */
+    *id = newCache;
+
+    return 0;
 
 errout:
-	if (newCache)
-		free(newCache);
-	if (ccapi_data)
-		free(ccapi_data);
-	if (name)
-		free(name);
-	return retval;
+    if (newCache)
+        free(newCache);
+    if (ccapi_data)
+        free(ccapi_data);
+    if (name)
+        free(name);
+    return retval;
 }
-  
+
 /*
  * resolve
  *
  * create a new cache with the name stored in residual
  */
-krb5_error_code KRB5_CALLCONV  krb5_stdcc_resolve 
-        (krb5_context context, krb5_ccache *id , const char *residual ) 
+krb5_error_code KRB5_CALLCONV  krb5_stdcc_resolve
+(krb5_context context, krb5_ccache *id , const char *residual )
 {
-	krb5_ccache 		newCache = NULL;
-	stdccCacheDataPtr	ccapi_data = NULL;
-	int 			err;
-	krb5_error_code		retval;
-	char 			*cName = NULL;
-	
-	if ((retval = stdcc_setup(context, NULL)))
-		return retval;
-	
-	retval = KRB5_CC_NOMEM;
-	if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache))))
-		goto errout;
-  	
-  	if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData))))
-		goto errout;
-
-	if (!(cName = strdup(residual)))
-		goto errout;
-	
-  	newCache->ops = &krb5_cc_stdcc_ops;
-	newCache->data = ccapi_data;
-	ccapi_data->cache_name = cName;
-
- 	err = cc_open(gCntrlBlock, cName, CC_CRED_V5, 0L,
-		      &ccapi_data->NamedCache);
-        if (err != CC_NOERROR) {
-	        ccapi_data->NamedCache = NULL;
-	        if (err != CC_NO_EXIST) {
-	                retval = cc_err_xlate(err);
-	                goto errout;
-		}
+    krb5_ccache             newCache = NULL;
+    stdccCacheDataPtr       ccapi_data = NULL;
+    int                     err;
+    krb5_error_code         retval;
+    char                    *cName = NULL;
+
+    if ((retval = stdcc_setup(context, NULL)))
+        return retval;
+
+    retval = KRB5_CC_NOMEM;
+    if (!(newCache = (krb5_ccache) malloc(sizeof(struct _krb5_ccache))))
+        goto errout;
+
+    if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData))))
+        goto errout;
+
+    if (!(cName = strdup(residual)))
+        goto errout;
+
+    newCache->ops = &krb5_cc_stdcc_ops;
+    newCache->data = ccapi_data;
+    ccapi_data->cache_name = cName;
+
+    err = cc_open(gCntrlBlock, cName, CC_CRED_V5, 0L,
+                  &ccapi_data->NamedCache);
+    if (err != CC_NOERROR) {
+        ccapi_data->NamedCache = NULL;
+        if (err != CC_NO_EXIST) {
+            retval = cc_err_xlate(err);
+            goto errout;
         }
-        
-  	/* return new cache structure */
-	*id = newCache;
-	
-  	return 0;
-	
+    }
+
+    /* return new cache structure */
+    *id = newCache;
+
+    return 0;
+
 errout:
-	if (newCache)
-		free(newCache);
-	if (ccapi_data)
-		free(ccapi_data);
-	if (cName)
-		free(cName);
-	return retval;
+    if (newCache)
+        free(newCache);
+    if (ccapi_data)
+        free(ccapi_data);
+    if (cName)
+        free(cName);
+    return retval;
 }
-  
+
 /*
  * initialize
  *
@@ -1238,48 +1239,48 @@ errout:
  * principal if not set our principal to this principal. This
  * searching enables ticket sharing
  */
-krb5_error_code KRB5_CALLCONV  krb5_stdcc_initialize 
-       (krb5_context context, krb5_ccache id,  krb5_principal princ) 
+krb5_error_code KRB5_CALLCONV  krb5_stdcc_initialize
+(krb5_context context, krb5_ccache id,  krb5_principal princ)
 {
-	stdccCacheDataPtr	ccapi_data = NULL;
-  	int 			err;
-  	char 			*cName = NULL;
-	krb5_error_code		retval;
-  	
-	if ((retval = stdcc_setup(context, NULL)))
-		return retval;
-	
-  	/* test id for null */
-  	if (id == NULL) return KRB5_CC_NOMEM;
-  	
-	if ((retval = krb5_unparse_name(context, princ, &cName)))
-		return retval;
-
-	ccapi_data = id->data;
-
-
-	if (ccapi_data->NamedCache)
-		cc_close(gCntrlBlock, &ccapi_data->NamedCache);
-
-	err = cc_create(gCntrlBlock, ccapi_data->cache_name, cName,
-			CC_CRED_V5, 0L, &ccapi_data->NamedCache);
-	if (err != CC_NOERROR) {
-		krb5_free_unparsed_name(context, cName);
-		return cc_err_xlate(err);
-	}
+    stdccCacheDataPtr       ccapi_data = NULL;
+    int                     err;
+    char                    *cName = NULL;
+    krb5_error_code         retval;
+
+    if ((retval = stdcc_setup(context, NULL)))
+        return retval;
+
+    /* test id for null */
+    if (id == NULL) return KRB5_CC_NOMEM;
+
+    if ((retval = krb5_unparse_name(context, princ, &cName)))
+        return retval;
+
+    ccapi_data = id->data;
+
+
+    if (ccapi_data->NamedCache)
+        cc_close(gCntrlBlock, &ccapi_data->NamedCache);
+
+    err = cc_create(gCntrlBlock, ccapi_data->cache_name, cName,
+                    CC_CRED_V5, 0L, &ccapi_data->NamedCache);
+    if (err != CC_NOERROR) {
+        krb5_free_unparsed_name(context, cName);
+        return cc_err_xlate(err);
+    }
 
 #if 0
-	/*
-	 * Some implementations don't set the principal name
-	 * correctly, so we force set it to the correct value.
-	 */
-	err = cc_set_principal(gCntrlBlock, ccapi_data->NamedCache,
-			       CC_CRED_V5, cName);
+    /*
+     * Some implementations don't set the principal name
+     * correctly, so we force set it to the correct value.
+     */
+    err = cc_set_principal(gCntrlBlock, ccapi_data->NamedCache,
+                           CC_CRED_V5, cName);
 #endif
-	krb5_free_unparsed_name(context, cName);
-	cache_changed();
-	
-	return cc_err_xlate(err);
+    krb5_free_unparsed_name(context, cName);
+    cache_changed();
+
+    return cc_err_xlate(err);
 }
 
 /*
@@ -1287,35 +1288,35 @@ krb5_error_code KRB5_CALLCONV  krb5_stdcc_initialize
  *
  * store some credentials in our cache
  */
-krb5_error_code KRB5_CALLCONV krb5_stdcc_store 
-        (krb5_context context, krb5_ccache id, krb5_creds *creds )
+krb5_error_code KRB5_CALLCONV krb5_stdcc_store
+(krb5_context context, krb5_ccache id, krb5_creds *creds )
 {
-	krb5_error_code	retval;
-	stdccCacheDataPtr	ccapi_data = id->data;
-	cred_union *cu = NULL;
-	int err;
-
-	if ((retval = stdcc_setup(context, ccapi_data)))
-		return retval;
-	
-	/* copy the fields from the almost identical structures */
-	dupK5toCC(context, creds, &cu);
-			
-	/*
-	 * finally store the credential
-	 * store will copy (that is duplicate) everything
-	 */
-	err = cc_store(gCntrlBlock,
-		       ((stdccCacheDataPtr)(id->data))->NamedCache, *cu);
-	if (err != CC_NOERROR)
-		return cc_err_xlate(err);
-		
-	/* free the cred union using our local version of cc_free_creds()
-	   since we allocated it locally */
-	err = krb5int_free_cc_cred_union(&cu);
-		 
-	cache_changed();
-	return err;
+    krb5_error_code retval;
+    stdccCacheDataPtr       ccapi_data = id->data;
+    cred_union *cu = NULL;
+    int err;
+
+    if ((retval = stdcc_setup(context, ccapi_data)))
+        return retval;
+
+    /* copy the fields from the almost identical structures */
+    dupK5toCC(context, creds, &cu);
+
+    /*
+     * finally store the credential
+     * store will copy (that is duplicate) everything
+     */
+    err = cc_store(gCntrlBlock,
+                   ((stdccCacheDataPtr)(id->data))->NamedCache, *cu);
+    if (err != CC_NOERROR)
+        return cc_err_xlate(err);
+
+    /* free the cred union using our local version of cc_free_creds()
+       since we allocated it locally */
+    err = krb5int_free_cc_cred_union(&cu);
+
+    cache_changed();
+    return err;
 }
 
 /*
@@ -1323,75 +1324,75 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_store
  *
  * begin an iterator call to get all of the credentials in the cache
  */
-krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get 
+krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get
 (krb5_context context, krb5_ccache id , krb5_cc_cursor *cursor )
 {
-	stdccCacheDataPtr	ccapi_data = id->data;
-	krb5_error_code	retval;
-	int	err;
-	ccache_cit	*iterator;
+    stdccCacheDataPtr       ccapi_data = id->data;
+    krb5_error_code retval;
+    int     err;
+    ccache_cit      *iterator;
 
-	if ((retval = stdcc_setup(context, ccapi_data)))
-		return retval;
+    if ((retval = stdcc_setup(context, ccapi_data)))
+        return retval;
 
 #ifdef CC_API_VER2
-	err = cc_seq_fetch_creds_begin(gCntrlBlock, ccapi_data->NamedCache,
-				       &iterator);
-	if (err != CC_NOERROR)
-		return cc_err_xlate(err);
-	*cursor = iterator;
+    err = cc_seq_fetch_creds_begin(gCntrlBlock, ccapi_data->NamedCache,
+                                   &iterator);
+    if (err != CC_NOERROR)
+        return cc_err_xlate(err);
+    *cursor = iterator;
 #else
-	/* all we have to do is initialize the cursor */
-	*cursor = NULL;
+    /* all we have to do is initialize the cursor */
+    *cursor = NULL;
 #endif
-	return 0;
+    return 0;
 }
 
 /*
  * next cred
- * 
+ *
  * - get the next credential in the cache as part of an iterator call
  * - this maps to call to cc_seq_fetch_creds
  */
-krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred 
-        (krb5_context context, krb5_ccache id,  krb5_cc_cursor *cursor, 
-	 krb5_creds *creds)
+krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred
+(krb5_context context, krb5_ccache id,  krb5_cc_cursor *cursor,
+ krb5_creds *creds)
 {
-	krb5_error_code	retval;
-	stdccCacheDataPtr	ccapi_data = id->data;
-	int err;
-	cred_union *credU = NULL;
-	ccache_cit	*iterator;
-	
-	if ((retval = stdcc_setup(context, ccapi_data)))
-		return retval;
-	
+    krb5_error_code retval;
+    stdccCacheDataPtr       ccapi_data = id->data;
+    int err;
+    cred_union *credU = NULL;
+    ccache_cit      *iterator;
+
+    if ((retval = stdcc_setup(context, ccapi_data)))
+        return retval;
+
 #ifdef CC_API_VER2
-	iterator = *cursor;
-	if (iterator == 0)
-		return KRB5_CC_END;
-	err = cc_seq_fetch_creds_next(gCntrlBlock, &credU, iterator);
-
-	if (err == CC_END) {
-		cc_seq_fetch_creds_end(gCntrlBlock, &iterator);
-		*cursor = 0;
-	}
+    iterator = *cursor;
+    if (iterator == 0)
+        return KRB5_CC_END;
+    err = cc_seq_fetch_creds_next(gCntrlBlock, &credU, iterator);
+
+    if (err == CC_END) {
+        cc_seq_fetch_creds_end(gCntrlBlock, &iterator);
+        *cursor = 0;
+    }
 #else
-	err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache,
-				 &credU, (ccache_cit **)cursor); 
+    err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache,
+                             &credU, (ccache_cit **)cursor);
 #endif
 
-	if (err != CC_NOERROR)
-		return cc_err_xlate(err);
-	
-	/* copy data	(with translation) */
-	dupCCtoK5(context, credU->cred.pV5Cred, creds);
-	
-	/* free our version of the cred - okay to use cc_free_creds() here
-	   because we got it from the CCache library */
-	cc_free_creds(gCntrlBlock, &credU);
-	
-	return 0;
+    if (err != CC_NOERROR)
+        return cc_err_xlate(err);
+
+    /* copy data    (with translation) */
+    dupCCtoK5(context, credU->cred.pV5Cred, creds);
+
+    /* free our version of the cred - okay to use cc_free_creds() here
+       because we got it from the CCache library */
+    cc_free_creds(gCntrlBlock, &credU);
+
+    return 0;
 }
 
 
@@ -1401,63 +1402,63 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred
  * - try to find a matching credential in the cache
  */
 #if 0
-krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve 
-       		(krb5_context context, 
-		   krb5_ccache id, 
-		   krb5_flags whichfields, 
-		   krb5_creds *mcreds, 
-		   krb5_creds *creds )
+krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve
+(krb5_context context,
+ krb5_ccache id,
+ krb5_flags whichfields,
+ krb5_creds *mcreds,
+ krb5_creds *creds )
 {
-	krb5_error_code	retval;
-	krb5_cc_cursor curs = NULL;
-	krb5_creds *fetchcreds;
-		
-	if ((retval = stdcc_setup(context, NULL)))
-		return retval;
-	
-	fetchcreds = (krb5_creds *)malloc(sizeof(krb5_creds));
-  	if (fetchcreds == NULL) return KRB5_CC_NOMEM;
-	
-	/* we're going to use the iterators */
-	krb5_stdcc_start_seq_get(context, id, &curs);
-	
-	while (!krb5_stdcc_next_cred(context, id, &curs, fetchcreds)) {
-		/*
-		 * look at each credential for a match
-		 * use this match routine since it takes the
-		 * whichfields and the API doesn't
-		 */
-		if (stdccCredsMatch(context, fetchcreds,
-				    mcreds, whichfields)) {
-			/* we found it, copy and exit */
-			*creds = *fetchcreds;
-			krb5_stdcc_end_seq_get(context, id, &curs);
-			return 0;
-		}
-		/* free copy allocated by next_cred */
-		krb5_free_cred_contents(context, fetchcreds);
-	}
-		
-	/* no luck, end get and exit */
-	krb5_stdcc_end_seq_get(context, id, &curs);
-	
-	/* we're not using this anymore so we should get rid of it! */
-	free(fetchcreds);
-	
-	return KRB5_CC_NOTFOUND;
+    krb5_error_code retval;
+    krb5_cc_cursor curs = NULL;
+    krb5_creds *fetchcreds;
+
+    if ((retval = stdcc_setup(context, NULL)))
+        return retval;
+
+    fetchcreds = (krb5_creds *)malloc(sizeof(krb5_creds));
+    if (fetchcreds == NULL) return KRB5_CC_NOMEM;
+
+    /* we're going to use the iterators */
+    krb5_stdcc_start_seq_get(context, id, &curs);
+
+    while (!krb5_stdcc_next_cred(context, id, &curs, fetchcreds)) {
+        /*
+         * look at each credential for a match
+         * use this match routine since it takes the
+         * whichfields and the API doesn't
+         */
+        if (stdccCredsMatch(context, fetchcreds,
+                            mcreds, whichfields)) {
+            /* we found it, copy and exit */
+            *creds = *fetchcreds;
+            krb5_stdcc_end_seq_get(context, id, &curs);
+            return 0;
+        }
+        /* free copy allocated by next_cred */
+        krb5_free_cred_contents(context, fetchcreds);
+    }
+
+    /* no luck, end get and exit */
+    krb5_stdcc_end_seq_get(context, id, &curs);
+
+    /* we're not using this anymore so we should get rid of it! */
+    free(fetchcreds);
+
+    return KRB5_CC_NOTFOUND;
 }
 #else
 
 krb5_error_code KRB5_CALLCONV
 krb5_stdcc_retrieve(context, id, whichfields, mcreds, creds)
-   krb5_context context;
-   krb5_ccache id;
-   krb5_flags whichfields;
-   krb5_creds *mcreds;
-   krb5_creds *creds;
+    krb5_context context;
+    krb5_ccache id;
+    krb5_flags whichfields;
+    krb5_creds *mcreds;
+    krb5_creds *creds;
 {
     return krb5_cc_retrieve_cred_default (context, id, whichfields,
-					  mcreds, creds);
+                                          mcreds, creds);
 }
 
 #endif
@@ -1467,73 +1468,73 @@ krb5_stdcc_retrieve(context, id, whichfields, mcreds, creds)
  *
  * just free up the storage assoicated with the cursor (if we could)
  */
-krb5_error_code KRB5_CALLCONV krb5_stdcc_end_seq_get 
-        (krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
+krb5_error_code KRB5_CALLCONV krb5_stdcc_end_seq_get
+(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor)
 {
-	krb5_error_code		retval;
-	stdccCacheDataPtr	ccapi_data = NULL;
-	int			err;
+    krb5_error_code         retval;
+    stdccCacheDataPtr       ccapi_data = NULL;
+    int                     err;
 #ifndef CC_API_VER2
-	cred_union 		*credU = NULL;
+    cred_union              *credU = NULL;
 #endif
 
-	ccapi_data = id->data;
-	
-	if ((retval = stdcc_setup(context, ccapi_data)))
-		return retval;
+    ccapi_data = id->data;
 
-	if (*cursor == NULL)
-		return 0;
+    if ((retval = stdcc_setup(context, ccapi_data)))
+        return retval;
+
+    if (*cursor == NULL)
+        return 0;
 
 #ifdef CC_API_VER2
-	err = cc_seq_fetch_creds_end(gCntrlBlock, (ccache_cit **)cursor);
-	if (err != CC_NOERROR)
-		return cc_err_xlate(err);
-#else	
-	/*
-	 * Finish calling cc_seq_fetch_creds to clear out the cursor
-	 */
-	while (*cursor) {
-		err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache,
-				 &credU, (ccache_cit **)cursor);
-		if (err)
-			break;
-		
-		/* okay to call cc_free_creds() here because we got credU from CCache lib */
-		cc_free_creds(gCntrlBlock, &credU);
-	}
+    err = cc_seq_fetch_creds_end(gCntrlBlock, (ccache_cit **)cursor);
+    if (err != CC_NOERROR)
+        return cc_err_xlate(err);
+#else
+    /*
+     * Finish calling cc_seq_fetch_creds to clear out the cursor
+     */
+    while (*cursor) {
+        err = cc_seq_fetch_creds(gCntrlBlock, ccapi_data->NamedCache,
+                                 &credU, (ccache_cit **)cursor);
+        if (err)
+            break;
+
+        /* okay to call cc_free_creds() here because we got credU from CCache lib */
+        cc_free_creds(gCntrlBlock, &credU);
+    }
 #endif
-	
-	return(0);
+
+    return(0);
 }
-     
+
 /*
  * close
  *
  * - free our pointers to the NC
  */
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_stdcc_close(krb5_context context, krb5_ccache id)
 {
-	krb5_error_code	retval;
-	stdccCacheDataPtr	ccapi_data = id->data;
-
-	if ((retval = stdcc_setup(context, NULL)))
-		return retval;
-	
-	/* free it */
-	
-	if (ccapi_data) {
-		if (ccapi_data->cache_name)
-			free(ccapi_data->cache_name);
-		if (ccapi_data->NamedCache)
-			cc_close(gCntrlBlock, &ccapi_data->NamedCache);
-		free(ccapi_data);
-		id->data = NULL;
-	}
-	free(id);
-	
-	return 0;
+    krb5_error_code retval;
+    stdccCacheDataPtr       ccapi_data = id->data;
+
+    if ((retval = stdcc_setup(context, NULL)))
+        return retval;
+
+    /* free it */
+
+    if (ccapi_data) {
+        if (ccapi_data->cache_name)
+            free(ccapi_data->cache_name);
+        if (ccapi_data->NamedCache)
+            cc_close(gCntrlBlock, &ccapi_data->NamedCache);
+        free(ccapi_data);
+        id->data = NULL;
+    }
+    free(id);
+
+    return 0;
 }
 
 /*
@@ -1544,35 +1545,35 @@ krb5_stdcc_close(krb5_context context, krb5_ccache id)
 krb5_error_code KRB5_CALLCONV
 krb5_stdcc_destroy (krb5_context context, krb5_ccache id)
 {
-	int err;
-	krb5_error_code	retval;
-	stdccCacheDataPtr	ccapi_data = id->data;
-
-	if ((retval = stdcc_setup(context, ccapi_data))) {
-		return retval;
-	}
-
-	/* free memory associated with the krb5_ccache */
-	if (ccapi_data) {
-		if (ccapi_data->cache_name)
-			free(ccapi_data->cache_name);
-		if (ccapi_data->NamedCache) {
-			/* destroy the named cache */
-			err = cc_destroy(gCntrlBlock, &ccapi_data->NamedCache);
-			retval = cc_err_xlate(err);
-			cache_changed();
-		}
-		free(ccapi_data);
-		id->data = NULL;
-	}
-	free(id);
-
-	/* If the cache does not exist when we tried to destroy it,
-	   that's fine.  That means someone else destryoed it since
-	   we resolved it. */
-	if (retval == KRB5_FCC_NOFILE)
-		return 0;
-	return retval;
+    int err;
+    krb5_error_code retval;
+    stdccCacheDataPtr       ccapi_data = id->data;
+
+    if ((retval = stdcc_setup(context, ccapi_data))) {
+        return retval;
+    }
+
+    /* free memory associated with the krb5_ccache */
+    if (ccapi_data) {
+        if (ccapi_data->cache_name)
+            free(ccapi_data->cache_name);
+        if (ccapi_data->NamedCache) {
+            /* destroy the named cache */
+            err = cc_destroy(gCntrlBlock, &ccapi_data->NamedCache);
+            retval = cc_err_xlate(err);
+            cache_changed();
+        }
+        free(ccapi_data);
+        id->data = NULL;
+    }
+    free(id);
+
+    /* If the cache does not exist when we tried to destroy it,
+       that's fine.  That means someone else destryoed it since
+       we resolved it. */
+    if (retval == KRB5_FCC_NOFILE)
+        return 0;
+    return retval;
 }
 
 /*
@@ -1580,15 +1581,15 @@ krb5_stdcc_destroy (krb5_context context, krb5_ccache id)
  *
  * - return the name of the named cache
  */
-const char * KRB5_CALLCONV krb5_stdcc_get_name 
-        (krb5_context context, krb5_ccache id )
+const char * KRB5_CALLCONV krb5_stdcc_get_name
+(krb5_context context, krb5_ccache id )
 {
-	stdccCacheDataPtr	ccapi_data = id->data;
+    stdccCacheDataPtr       ccapi_data = id->data;
 
-	if (!ccapi_data)
-		return 0;
+    if (!ccapi_data)
+        return 0;
 
-	return (ccapi_data->cache_name);
+    return (ccapi_data->cache_name);
 }
 
 
@@ -1597,29 +1598,29 @@ const char * KRB5_CALLCONV krb5_stdcc_get_name
  * - return the principal associated with the named cache
  */
 krb5_error_code KRB5_CALLCONV krb5_stdcc_get_principal
-	(krb5_context context, krb5_ccache id , krb5_principal *princ) 
+(krb5_context context, krb5_ccache id , krb5_principal *princ)
 {
-	int 			err;
-	char 	  		*name = NULL;
-	stdccCacheDataPtr	ccapi_data = id->data;
-	krb5_error_code		retval;
-	
-	if ((retval = stdcc_setup(context, ccapi_data)))
-		return retval;
-
-	/* another wrapper */
-	err = cc_get_principal(gCntrlBlock, ccapi_data->NamedCache,
-			       &name);
-
-	if (err != CC_NOERROR) 
-		return cc_err_xlate(err);
-		
-	/* turn it into a krb principal */
-	err = krb5_parse_name(context, name, princ);
-
-	cc_free_principal(gCntrlBlock, &name);
-	
-	return err;	
+    int                     err;
+    char                    *name = NULL;
+    stdccCacheDataPtr       ccapi_data = id->data;
+    krb5_error_code         retval;
+
+    if ((retval = stdcc_setup(context, ccapi_data)))
+        return retval;
+
+    /* another wrapper */
+    err = cc_get_principal(gCntrlBlock, ccapi_data->NamedCache,
+                           &name);
+
+    if (err != CC_NOERROR)
+        return cc_err_xlate(err);
+
+    /* turn it into a krb principal */
+    err = krb5_parse_name(context, name, princ);
+
+    cc_free_principal(gCntrlBlock, &name);
+
+    return err;
 }
 
 /*
@@ -1627,16 +1628,16 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_get_principal
  *
  * - currently a NOP since we don't store any flags in the NC
  */
-krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags 
-        (krb5_context context, krb5_ccache id , krb5_flags flags)
+krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags
+(krb5_context context, krb5_ccache id , krb5_flags flags)
 {
-	stdccCacheDataPtr	ccapi_data = id->data;
-	krb5_error_code		retval;
-	
-	if ((retval = stdcc_setup(context, ccapi_data)))
-		return retval;
+    stdccCacheDataPtr       ccapi_data = id->data;
+    krb5_error_code         retval;
+
+    if ((retval = stdcc_setup(context, ccapi_data)))
+        return retval;
 
-	return 0;
+    return 0;
 }
 
 /*
@@ -1644,16 +1645,16 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags
  *
  * - currently a NOP since we don't store any flags in the NC
  */
-krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags 
-        (krb5_context context, krb5_ccache id , krb5_flags *flags)
+krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags
+(krb5_context context, krb5_ccache id , krb5_flags *flags)
 {
-	stdccCacheDataPtr	ccapi_data = id->data;
-	krb5_error_code		retval;
-	
-	if ((retval = stdcc_setup(context, ccapi_data)))
-		return retval;
+    stdccCacheDataPtr       ccapi_data = id->data;
+    krb5_error_code         retval;
+
+    if ((retval = stdcc_setup(context, ccapi_data)))
+        return retval;
 
-	return 0;
+    return 0;
 }
 
 /*
@@ -1661,39 +1662,38 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags
  *
  * - remove the specified credentials from the NC
  */
-krb5_error_code KRB5_CALLCONV krb5_stdcc_remove 
-        (krb5_context context, krb5_ccache id,
-	 krb5_flags flags, krb5_creds *creds)
+krb5_error_code KRB5_CALLCONV krb5_stdcc_remove
+(krb5_context context, krb5_ccache id,
+ krb5_flags flags, krb5_creds *creds)
 {
-    	cred_union *cu = NULL;
-    	int err;
-	stdccCacheDataPtr	ccapi_data = id->data;
-	krb5_error_code		retval;
-        
-	if ((retval = stdcc_setup(context, ccapi_data))) {
-		if (retval == KRB5_FCC_NOFILE)
-			return 0;
-		return retval;
-	}
-    	
-    	/* convert to a cred union */
-    	dupK5toCC(context, creds, &cu);
-    	
-    	/* remove it */
-    	err = cc_remove_cred(gCntrlBlock, ccapi_data->NamedCache, *cu);
-    	if (err != CC_NOERROR)
-		return cc_err_xlate(err);
-    	
-    	/* free the cred union using our local version of cc_free_creds()
-	       since we allocated it locally */
-    	err = krb5int_free_cc_cred_union(&cu);
-	cache_changed();
-    	if (err != CC_NOERROR)
-		return cc_err_xlate(err);
+    cred_union *cu = NULL;
+    int err;
+    stdccCacheDataPtr       ccapi_data = id->data;
+    krb5_error_code         retval;
+
+    if ((retval = stdcc_setup(context, ccapi_data))) {
+        if (retval == KRB5_FCC_NOFILE)
+            return 0;
+        return retval;
+    }
 
-        return 0;
+    /* convert to a cred union */
+    dupK5toCC(context, creds, &cu);
+
+    /* remove it */
+    err = cc_remove_cred(gCntrlBlock, ccapi_data->NamedCache, *cu);
+    if (err != CC_NOERROR)
+        return cc_err_xlate(err);
+
+    /* free the cred union using our local version of cc_free_creds()
+       since we allocated it locally */
+    err = krb5int_free_cc_cred_union(&cu);
+    cache_changed();
+    if (err != CC_NOERROR)
+        return cc_err_xlate(err);
+
+    return 0;
 }
 #endif /* !USE_CCAPI_V3 */
 
 #endif /* defined(_WIN32) || defined(USE_CCAPI) */
-
diff --git a/src/lib/krb5/ccache/ccapi/stdcc.h b/src/lib/krb5/ccache/ccapi/stdcc.h
index e9ec085eb..6550efcb4 100644
--- a/src/lib/krb5/ccache/ccapi/stdcc.h
+++ b/src/lib/krb5/ccache/ccapi/stdcc.h
@@ -1,9 +1,10 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef __KRB5_STDCC_H__
 #define __KRB5_STDCC_H__
 
 #if defined(_WIN32) || defined(USE_CCAPI)
 
-#include "k5-int.h"	/* loads krb5.h */
+#include "k5-int.h"     /* loads krb5.h */
 
 #ifdef USE_CCAPI_V3
 #include <CredentialsCache.h>
@@ -24,11 +25,11 @@ extern krb5_cc_ops krb5_cc_stdcc_ops;
  * structure to stash in the cache's data field
  */
 typedef struct _stdccCacheData {
-     	char *cache_name;
+    char *cache_name;
 #ifdef USE_CCAPI_V3
-        cc_ccache_t NamedCache;
+    cc_ccache_t NamedCache;
 #else
-	ccache_p *NamedCache;
+    ccache_p *NamedCache;
 #endif
 } stdccCacheData, *stdccCacheDataPtr;
 
@@ -40,135 +41,135 @@ void krb5_stdcc_shutdown(void);
 #ifdef USE_CCAPI_V3
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_close
-        (krb5_context, krb5_ccache id );
+(krb5_context, krb5_ccache id );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_destroy 
-        (krb5_context, krb5_ccache id );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_destroy
+(krb5_context, krb5_ccache id );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_end_seq_get 
-        (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_end_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_generate_new 
-        (krb5_context, krb5_ccache *id );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_generate_new
+(krb5_context, krb5_ccache *id );
 
-const char * KRB5_CALLCONV krb5_stdccv3_get_name 
-        (krb5_context, krb5_ccache id );
+const char * KRB5_CALLCONV krb5_stdccv3_get_name
+(krb5_context, krb5_ccache id );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_principal 
-        (krb5_context, krb5_ccache id , krb5_principal *princ );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_principal
+(krb5_context, krb5_ccache id , krb5_principal *princ );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_initialize 
-        (krb5_context, krb5_ccache id , krb5_principal princ );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_initialize
+(krb5_context, krb5_ccache id , krb5_principal princ );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_next_cred 
-        (krb5_context, 
-		   krb5_ccache id , 
-		   krb5_cc_cursor *cursor , 
-		   krb5_creds *creds );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_next_cred
+(krb5_context,
+ krb5_ccache id ,
+ krb5_cc_cursor *cursor ,
+ krb5_creds *creds );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_resolve 
-        (krb5_context, krb5_ccache *id , const char *residual );
-     
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_retrieve 
-        (krb5_context, 
-		   krb5_ccache id , 
-		   krb5_flags whichfields , 
-		   krb5_creds *mcreds , 
-		   krb5_creds *creds );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_resolve
+(krb5_context, krb5_ccache *id , const char *residual );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_start_seq_get 
-        (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_retrieve
+(krb5_context,
+ krb5_ccache id ,
+ krb5_flags whichfields ,
+ krb5_creds *mcreds ,
+ krb5_creds *creds );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_store 
-        (krb5_context, krb5_ccache id , krb5_creds *creds );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_start_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_set_flags 
-        (krb5_context, krb5_ccache id , krb5_flags flags );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_store
+(krb5_context, krb5_ccache id , krb5_creds *creds );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_flags 
-        (krb5_context, krb5_ccache id , krb5_flags *flags );
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_set_flags
+(krb5_context, krb5_ccache id , krb5_flags flags );
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_remove 
-        (krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds);
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_get_flags
+(krb5_context, krb5_ccache id , krb5_flags *flags );
+
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_remove
+(krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds);
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_new
-		(krb5_context context, krb5_cc_ptcursor *cursor);
+(krb5_context context, krb5_cc_ptcursor *cursor);
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_next
-		(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache);
+(krb5_context context, krb5_cc_ptcursor cursor, krb5_ccache *ccache);
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_free
-		(krb5_context context, krb5_cc_ptcursor *cursor);
+(krb5_context context, krb5_cc_ptcursor *cursor);
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time
-		(krb5_context context, krb5_ccache id,
-           krb5_timestamp *change_time);
+(krb5_context context, krb5_ccache id,
+ krb5_timestamp *change_time);
 
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock 
-        (krb5_context, krb5_ccache id);
+krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock
+(krb5_context, krb5_ccache id);
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_unlock
-        (krb5_context, krb5_ccache id);
+(krb5_context, krb5_ccache id);
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_lock
-        (krb5_context context); 
+(krb5_context context);
 
 krb5_error_code KRB5_CALLCONV krb5_stdccv3_context_unlock
-        (krb5_context context);
+(krb5_context context);
 
 #else
 
 krb5_error_code KRB5_CALLCONV krb5_stdcc_close
-        (krb5_context, krb5_ccache id );
+(krb5_context, krb5_ccache id );
+
+krb5_error_code KRB5_CALLCONV krb5_stdcc_destroy
+(krb5_context, krb5_ccache id );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_destroy 
-        (krb5_context, krb5_ccache id );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_end_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_end_seq_get 
-        (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_generate_new
+(krb5_context, krb5_ccache *id );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_generate_new 
-        (krb5_context, krb5_ccache *id );
+const char * KRB5_CALLCONV krb5_stdcc_get_name
+(krb5_context, krb5_ccache id );
 
-const char * KRB5_CALLCONV krb5_stdcc_get_name 
-        (krb5_context, krb5_ccache id );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_get_principal
+(krb5_context, krb5_ccache id , krb5_principal *princ );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_get_principal 
-        (krb5_context, krb5_ccache id , krb5_principal *princ );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_initialize
+(krb5_context, krb5_ccache id , krb5_principal princ );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_initialize 
-        (krb5_context, krb5_ccache id , krb5_principal princ );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred
+(krb5_context,
+ krb5_ccache id ,
+ krb5_cc_cursor *cursor ,
+ krb5_creds *creds );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_next_cred 
-        (krb5_context, 
-		   krb5_ccache id , 
-		   krb5_cc_cursor *cursor , 
-		   krb5_creds *creds );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_resolve
+(krb5_context, krb5_ccache *id , const char *residual );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_resolve 
-        (krb5_context, krb5_ccache *id , const char *residual );
-     
-krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve 
-        (krb5_context, 
-		   krb5_ccache id , 
-		   krb5_flags whichfields , 
-		   krb5_creds *mcreds , 
-		   krb5_creds *creds );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_retrieve
+(krb5_context,
+ krb5_ccache id ,
+ krb5_flags whichfields ,
+ krb5_creds *mcreds ,
+ krb5_creds *creds );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get 
-        (krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_start_seq_get
+(krb5_context, krb5_ccache id , krb5_cc_cursor *cursor );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_store 
-        (krb5_context, krb5_ccache id , krb5_creds *creds );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_store
+(krb5_context, krb5_ccache id , krb5_creds *creds );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags 
-        (krb5_context, krb5_ccache id , krb5_flags flags );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_set_flags
+(krb5_context, krb5_ccache id , krb5_flags flags );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags 
-        (krb5_context, krb5_ccache id , krb5_flags *flags );
+krb5_error_code KRB5_CALLCONV krb5_stdcc_get_flags
+(krb5_context, krb5_ccache id , krb5_flags *flags );
 
-krb5_error_code KRB5_CALLCONV krb5_stdcc_remove 
-        (krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds);
+krb5_error_code KRB5_CALLCONV krb5_stdcc_remove
+(krb5_context, krb5_ccache id , krb5_flags flags, krb5_creds *creds);
 #endif
 
 #endif /* defined(_WIN32) || defined(USE_CCAPI) */
diff --git a/src/lib/krb5/ccache/ccapi/stdcc_util.c b/src/lib/krb5/ccache/ccapi/stdcc_util.c
index 114e79ed9..9f44af3d0 100644
--- a/src/lib/krb5/ccache/ccapi/stdcc_util.c
+++ b/src/lib/krb5/ccache/ccapi/stdcc_util.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * stdcc_util.c
  * utility functions used in implementing the ccache api for krb5
@@ -17,7 +18,7 @@
 
 #include "stdcc_util.h"
 #include "krb5.h"
-#ifdef _WIN32			/* it's part of krb5.h everywhere else */
+#ifdef _WIN32                   /* it's part of krb5.h everywhere else */
 #include "kv5m_err.h"
 #endif
 
@@ -26,30 +27,30 @@
 #ifdef USE_CCAPI_V3
 
 
-static void 
+static void
 free_cc_array (cc_data **io_cc_array)
 {
     if (io_cc_array) {
         unsigned int i;
-        
+
         for (i = 0; io_cc_array[i]; i++) {
             if (io_cc_array[i]->data) { free (io_cc_array[i]->data); }
             free (io_cc_array[i]);
         }
         free (io_cc_array);
-    }    
+    }
 }
 
-static krb5_error_code 
-copy_cc_array_to_addresses (krb5_context in_context, 
-                            cc_data **in_cc_array, 
+static krb5_error_code
+copy_cc_array_to_addresses (krb5_context in_context,
+                            cc_data **in_cc_array,
                             krb5_address ***out_addresses)
 {
     krb5_error_code err = 0;
-    
+
     if (in_cc_array == NULL) {
         *out_addresses = NULL;
-        
+
     } else {
         unsigned int count, i;
         krb5_address **addresses = NULL;
@@ -58,26 +59,26 @@ copy_cc_array_to_addresses (krb5_context in_context,
         for (count = 0; in_cc_array[count]; count++);
         addresses = (krb5_address **) malloc (sizeof (*addresses) * (count + 1));
         if (!addresses) { err = KRB5_CC_NOMEM; }
-        
-        for (i = 0; !err && i < count; i++) { 
+
+        for (i = 0; !err && i < count; i++) {
             addresses[i] = (krb5_address *) malloc (sizeof (krb5_address));
             if (!addresses[i]) { err = KRB5_CC_NOMEM; }
-            
+
             if (!err) {
-                addresses[i]->contents = (krb5_octet *) malloc (sizeof (krb5_octet) * 
-                                                            in_cc_array[i]->length);
+                addresses[i]->contents = (krb5_octet *) malloc (sizeof (krb5_octet) *
+                                                                in_cc_array[i]->length);
                 if (!addresses[i]->contents) { err = KRB5_CC_NOMEM; }
             }
-            
+
             if (!err) {
                 addresses[i]->magic = KV5M_ADDRESS;
                 addresses[i]->addrtype = in_cc_array[i]->type;
                 addresses[i]->length = in_cc_array[i]->length;
-                memcpy (addresses[i]->contents, 
+                memcpy (addresses[i]->contents,
                         in_cc_array[i]->data, in_cc_array[i]->length);
             }
         }
-        
+
         if (!err) {
             addresses[i] = NULL; /* terminator */
             *out_addresses = addresses;
@@ -86,70 +87,70 @@ copy_cc_array_to_addresses (krb5_context in_context,
 
         if (addresses) { krb5_free_addresses (in_context, addresses); }
     }
-    
+
     return err;
 }
 
-static krb5_error_code 
-copy_cc_array_to_authdata (krb5_context in_context, 
-                           cc_data **in_cc_array, 
+static krb5_error_code
+copy_cc_array_to_authdata (krb5_context in_context,
+                           cc_data **in_cc_array,
                            krb5_authdata ***out_authdata)
 {
     krb5_error_code err = 0;
-    
+
     if (in_cc_array == NULL) {
         *out_authdata = NULL;
-        
+
     } else {
         unsigned int count, i;
         krb5_authdata **authdata = NULL;
-        
+
         /* get length of array */
         for (count = 0; in_cc_array[count]; count++);
         authdata = (krb5_authdata **) malloc (sizeof (*authdata) * (count + 1));
         if (!authdata) { err = KRB5_CC_NOMEM; }
-        
-        for (i = 0; !err && i < count; i++) { 
+
+        for (i = 0; !err && i < count; i++) {
             authdata[i] = (krb5_authdata *) malloc (sizeof (krb5_authdata));
             if (!authdata[i]) { err = KRB5_CC_NOMEM; }
-            
+
             if (!err) {
-                authdata[i]->contents = (krb5_octet *) malloc (sizeof (krb5_octet) * 
-                                                           in_cc_array[i]->length);
+                authdata[i]->contents = (krb5_octet *) malloc (sizeof (krb5_octet) *
+                                                               in_cc_array[i]->length);
                 if (!authdata[i]->contents) { err = KRB5_CC_NOMEM; }
             }
-            
+
             if (!err) {
                 authdata[i]->magic = KV5M_AUTHDATA;
                 authdata[i]->ad_type = in_cc_array[i]->type;
                 authdata[i]->length = in_cc_array[i]->length;
-                memcpy (authdata[i]->contents, 
+                memcpy (authdata[i]->contents,
                         in_cc_array[i]->data, in_cc_array[i]->length);
             }
         }
-        
+
         if (!err) {
             authdata[i] = NULL; /* terminator */
             *out_authdata = authdata;
             authdata = NULL;
         }
-        
+
         if (authdata) { krb5_free_authdata (in_context, authdata); }
     }
-    
+
     return err;
 }
 
-static krb5_error_code 
-copy_addresses_to_cc_array (krb5_context in_context, 
-                            krb5_address **in_addresses, 
+static krb5_error_code
+copy_addresses_to_cc_array (krb5_context in_context,
+                            krb5_address **in_addresses,
                             cc_data ***out_cc_array)
 {
     krb5_error_code err = 0;
-    
+
     if (in_addresses == NULL) {
         *out_cc_array = NULL;
-        
+
     } else {
         unsigned int count, i;
         cc_data **cc_array = NULL;
@@ -158,23 +159,23 @@ copy_addresses_to_cc_array (krb5_context in_context,
         for (count = 0; in_addresses[count]; count++);
         cc_array = (cc_data **) malloc (sizeof (*cc_array) * (count + 1));
         if (!cc_array) { err = KRB5_CC_NOMEM; }
-    
-        for (i = 0; !err && i < count; i++) { 
+
+        for (i = 0; !err && i < count; i++) {
             cc_array[i] = (cc_data *) malloc (sizeof (cc_data));
             if (!cc_array[i]) { err = KRB5_CC_NOMEM; }
-            
+
             if (!err) {
                 cc_array[i]->data = malloc (in_addresses[i]->length);
                 if (!cc_array[i]->data) { err = KRB5_CC_NOMEM; }
             }
-            
+
             if (!err) {
                 cc_array[i]->type = in_addresses[i]->addrtype;
                 cc_array[i]->length = in_addresses[i]->length;
                 memcpy (cc_array[i]->data, in_addresses[i]->contents, in_addresses[i]->length);
             }
         }
-        
+
         if (!err) {
             cc_array[i] = NULL; /* terminator */
             *out_cc_array = cc_array;
@@ -183,18 +184,18 @@ copy_addresses_to_cc_array (krb5_context in_context,
 
         if (cc_array) { free_cc_array (cc_array); }
     }
-    
-    
+
+
     return err;
 }
 
-static krb5_error_code 
-copy_authdata_to_cc_array (krb5_context in_context, 
-                           krb5_authdata **in_authdata, 
+static krb5_error_code
+copy_authdata_to_cc_array (krb5_context in_context,
+                           krb5_authdata **in_authdata,
                            cc_data ***out_cc_array)
 {
     krb5_error_code err = 0;
-    
+
     if (in_authdata == NULL) {
         *out_cc_array = NULL;
 
@@ -206,23 +207,23 @@ copy_authdata_to_cc_array (krb5_context in_context,
         for (count = 0; in_authdata[count]; count++);
         cc_array = (cc_data **) malloc (sizeof (*cc_array) * (count + 1));
         if (!cc_array) { err = KRB5_CC_NOMEM; }
-    
-        for (i = 0; !err && i < count; i++) { 
+
+        for (i = 0; !err && i < count; i++) {
             cc_array[i] = (cc_data *) malloc (sizeof (cc_data));
             if (!cc_array[i]) { err = KRB5_CC_NOMEM; }
-            
+
             if (!err) {
                 cc_array[i]->data = malloc (in_authdata[i]->length);
                 if (!cc_array[i]->data) { err = KRB5_CC_NOMEM; }
             }
-            
+
             if (!err) {
                 cc_array[i]->type = in_authdata[i]->ad_type;
                 cc_array[i]->length = in_authdata[i]->length;
                 memcpy (cc_array[i]->data, in_authdata[i]->contents, in_authdata[i]->length);
             }
         }
-        
+
         if (!err) {
             cc_array[i] = NULL; /* terminator */
             *out_cc_array = cc_array;
@@ -231,8 +232,8 @@ copy_authdata_to_cc_array (krb5_context in_context,
 
         if (cc_array) { free_cc_array (cc_array); }
     }
-    
-    
+
+
     return err;
 }
 
@@ -242,9 +243,9 @@ copy_authdata_to_cc_array (krb5_context in_context,
  * - allocate an empty k5 style ticket and copy info from the cc_creds ticket
  */
 
-krb5_error_code 
-copy_cc_cred_union_to_krb5_creds (krb5_context in_context, 
-                                  const cc_credentials_union *in_cred_union, 
+krb5_error_code
+copy_cc_cred_union_to_krb5_creds (krb5_context in_context,
+                                  const cc_credentials_union *in_cred_union,
                                   krb5_creds *out_creds)
 {
     krb5_error_code err = 0;
@@ -257,59 +258,59 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context,
     unsigned char *keyblock_contents = NULL;
     krb5_address **addresses = NULL;
     krb5_authdata **authdata = NULL;
-    
-    if (in_cred_union->version != cc_credentials_v5) { 
-	err = KRB5_CC_NOT_KTYPE;
+
+    if (in_cred_union->version != cc_credentials_v5) {
+        err = KRB5_CC_NOT_KTYPE;
     } else {
         cv5 = in_cred_union->credentials.credentials_v5;
     }
-    
+
 #if TARGET_OS_MAC
     if (!err) {
         err = krb5_get_time_offsets (in_context, &offset_seconds, &offset_microseconds);
     }
 #endif
-    
+
     if (!err) {
         err = krb5_parse_name (in_context, cv5->client, &client);
     }
-    
+
     if (!err) {
         err = krb5_parse_name (in_context, cv5->server, &server);
     }
-    
+
     if (!err && cv5->keyblock.data) {
         keyblock_contents = (unsigned char *) malloc (cv5->keyblock.length);
         if (!keyblock_contents) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err && cv5->ticket.data) {
         ticket_data = (char *) malloc (cv5->ticket.length);
         if (!ticket_data) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err && cv5->second_ticket.data) {
         second_ticket_data = (char *) malloc (cv5->second_ticket.length);
         if (!second_ticket_data) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         /* addresses */
         err = copy_cc_array_to_addresses (in_context, cv5->addresses, &addresses);
     }
- 
+
     if (!err) {
         /* authdata */
         err = copy_cc_array_to_authdata (in_context, cv5->authdata, &authdata);
     }
-    
+
     if (!err) {
         /* principals */
         out_creds->client = client;
         client = NULL;
         out_creds->server = server;
         server = NULL;
-        
+
         /* copy keyblock */
         if (cv5->keyblock.data) {
             memcpy (keyblock_contents, cv5->keyblock.data, cv5->keyblock.length);
@@ -334,7 +335,7 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context,
         out_creds->ticket.length = cv5->ticket.length;
         out_creds->ticket.data = ticket_data;
         ticket_data = NULL;
-        
+
         /* second ticket */
         if (cv5->second_ticket.data) {
             memcpy(second_ticket_data, cv5->second_ticket.data, cv5->second_ticket.length);
@@ -342,17 +343,17 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context,
         out_creds->second_ticket.length = cv5->second_ticket.length;
         out_creds->second_ticket.data = second_ticket_data;
         second_ticket_data = NULL;
-        
+
         out_creds->addresses = addresses;
         addresses = NULL;
 
         out_creds->authdata = authdata;
         authdata = NULL;
-        
+
         /* zero out magic number */
         out_creds->magic = 0;
     }
-    
+
     if (addresses)          { krb5_free_addresses (in_context, addresses); }
     if (authdata)           { krb5_free_authdata (in_context, authdata); }
     if (keyblock_contents)  { free (keyblock_contents); }
@@ -360,7 +361,7 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context,
     if (second_ticket_data) { free (second_ticket_data); }
     if (client)             { krb5_free_principal (in_context, client); }
     if (server)             { krb5_free_principal (in_context, server); }
-    
+
     return err;
 }
 
@@ -369,8 +370,8 @@ copy_cc_cred_union_to_krb5_creds (krb5_context in_context,
  * - analagous to above but in the reverse direction
  */
 krb5_error_code
-copy_krb5_creds_to_cc_cred_union (krb5_context in_context, 
-                                  krb5_creds *in_creds, 
+copy_krb5_creds_to_cc_cred_union (krb5_context in_context,
+                                  krb5_creds *in_creds,
                                   cc_credentials_union **out_cred_union)
 {
     krb5_error_code err = 0;
@@ -384,56 +385,56 @@ copy_krb5_creds_to_cc_cred_union (krb5_context in_context,
     krb5_int32 offset_seconds = 0, offset_microseconds = 0;
     cc_data **cc_address_array = NULL;
     cc_data **cc_authdata_array = NULL;
-    
+
     if (out_cred_union == NULL) { err = KRB5_CC_NOMEM; }
-    
+
 #if TARGET_OS_MAC
     if (!err) {
         err = krb5_get_time_offsets (in_context, &offset_seconds, &offset_microseconds);
     }
 #endif
-    
+
     if (!err) {
         cred_union = (cc_credentials_union *) malloc (sizeof (*cred_union));
         if (!cred_union) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         cv5 = (cc_credentials_v5_t *) malloc (sizeof (*cv5));
         if (!cv5) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         err = krb5_unparse_name (in_context, in_creds->client, &client);
     }
-    
+
     if (!err) {
         err = krb5_unparse_name (in_context, in_creds->server, &server);
     }
-    
+
     if (!err && in_creds->keyblock.contents) {
         keyblock_data = (unsigned char *) malloc (in_creds->keyblock.length);
         if (!keyblock_data) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err && in_creds->ticket.data) {
         ticket_data = (unsigned char *) malloc (in_creds->ticket.length);
         if (!ticket_data) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err && in_creds->second_ticket.data) {
         second_ticket_data = (unsigned char *) malloc (in_creds->second_ticket.length);
         if (!second_ticket_data) { err = KRB5_CC_NOMEM; }
     }
-    
+
     if (!err) {
         err = copy_addresses_to_cc_array (in_context, in_creds->addresses, &cc_address_array);
     }
-    
+
     if (!err) {
         err = copy_authdata_to_cc_array (in_context, in_creds->authdata, &cc_authdata_array);
     }
-        
+
     if (!err) {
         /* principals */
         cv5->client = client;
@@ -449,7 +450,7 @@ copy_krb5_creds_to_cc_cred_union (krb5_context in_context,
         cv5->keyblock.length = in_creds->keyblock.length;
         cv5->keyblock.data = keyblock_data;
         keyblock_data = NULL;
-        
+
         cv5->authtime     = in_creds->times.authtime   - offset_seconds;
         cv5->starttime    = in_creds->times.starttime  - offset_seconds;
         cv5->endtime      = in_creds->times.endtime    - offset_seconds;
@@ -463,29 +464,29 @@ copy_krb5_creds_to_cc_cred_union (krb5_context in_context,
         cv5->ticket.length = in_creds->ticket.length;
         cv5->ticket.data = ticket_data;
         ticket_data = NULL;
-        
+
         if (in_creds->second_ticket.data) {
             memcpy (second_ticket_data, in_creds->second_ticket.data, in_creds->second_ticket.length);
         }
         cv5->second_ticket.length = in_creds->second_ticket.length;
         cv5->second_ticket.data = second_ticket_data;
         second_ticket_data = NULL;
-        
+
         cv5->addresses = cc_address_array;
         cc_address_array = NULL;
-        
+
         cv5->authdata = cc_authdata_array;
-        cc_authdata_array = NULL;       
-        
+        cc_authdata_array = NULL;
+
         /* Set up the structures to return to the caller */
         cred_union->version = cc_credentials_v5;
         cred_union->credentials.credentials_v5 = cv5;
         cv5 = NULL;
-        
+
         *out_cred_union = cred_union;
         cred_union = NULL;
     }
-    
+
     if (cc_address_array)   { free_cc_array (cc_address_array); }
     if (cc_authdata_array)  { free_cc_array (cc_authdata_array); }
     if (keyblock_data)      { free (keyblock_data); }
@@ -495,38 +496,38 @@ copy_krb5_creds_to_cc_cred_union (krb5_context in_context,
     if (server)             { krb5_free_unparsed_name (in_context, server); }
     if (cv5)                { free (cv5); }
     if (cred_union)         { free (cred_union); }
-    
+
     return err;
 }
 
-krb5_error_code 
-cred_union_release (cc_credentials_union *in_cred_union) 
+krb5_error_code
+cred_union_release (cc_credentials_union *in_cred_union)
 {
     if (in_cred_union) {
         if (in_cred_union->version == cc_credentials_v5 &&
             in_cred_union->credentials.credentials_v5) {
             cc_credentials_v5_t *cv5 = in_cred_union->credentials.credentials_v5;
-            
+
             /* should use krb5_free_unparsed_name but we have no context */
             if (cv5->client) { free (cv5->client); }
             if (cv5->server) { free (cv5->server); }
-            
+
             if (cv5->keyblock.data)      { free (cv5->keyblock.data); }
             if (cv5->ticket.data)        { free (cv5->ticket.data); }
             if (cv5->second_ticket.data) { free (cv5->second_ticket.data); }
-            
+
             free_cc_array (cv5->addresses);
             free_cc_array (cv5->authdata);
-            
+
             free (cv5);
-            
+
         } else if (in_cred_union->version == cc_credentials_v4 &&
                    in_cred_union->credentials.credentials_v4) {
             free (in_cred_union->credentials.credentials_v4);
         }
         free ((cc_credentials_union *) in_cred_union);
     }
-    
+
     return 0;
 }
 
@@ -534,85 +535,85 @@ cred_union_release (cc_credentials_union *in_cred_union)
 /*
  * CopyCCDataArrayToK5
  * - copy and translate the null terminated arrays of data records
- * 	 used in k5 tickets
+ *       used in k5 tickets
  */
 int copyCCDataArrayToK5(cc_creds *ccCreds, krb5_creds *v5Creds, char whichArray) {
 
     if (whichArray == kAddressArray) {
-	if (ccCreds->addresses == NULL) {
-	    v5Creds->addresses = NULL;
-	} else {
-
-	    krb5_address 	**addrPtr, *addr;
-	    cc_data			**dataPtr, *data;
-	    unsigned int		numRecords = 0;
-
-	    /* Allocate the array of pointers: */
-	    for (dataPtr = ccCreds->addresses; *dataPtr != NULL; numRecords++, dataPtr++) {}
-
-	    v5Creds->addresses = (krb5_address **) malloc (sizeof(krb5_address *) * (numRecords + 1));
-	    if (v5Creds->addresses == NULL)
-		return ENOMEM;
-
-	    /* Fill in the array, allocating the address structures: */
-	    for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *dataPtr != NULL; addrPtr++, dataPtr++) {
-
-		*addrPtr = (krb5_address *) malloc (sizeof(krb5_address));
-		if (*addrPtr == NULL)
-		    return ENOMEM;
-		data = *dataPtr;
-		addr = *addrPtr;
-
-		addr->addrtype = data->type;
-		addr->magic    = KV5M_ADDRESS;
-		addr->length   = data->length;
-		addr->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * addr->length);
-		if (addr->contents == NULL)
-		    return ENOMEM;
-		memmove(addr->contents, data->data, addr->length); /* copy contents */
-	    }
-
-	    /* Write terminator: */
-	    *addrPtr = NULL;
-	}
+        if (ccCreds->addresses == NULL) {
+            v5Creds->addresses = NULL;
+        } else {
+
+            krb5_address        **addrPtr, *addr;
+            cc_data                     **dataPtr, *data;
+            unsigned int                numRecords = 0;
+
+            /* Allocate the array of pointers: */
+            for (dataPtr = ccCreds->addresses; *dataPtr != NULL; numRecords++, dataPtr++) {}
+
+            v5Creds->addresses = (krb5_address **) malloc (sizeof(krb5_address *) * (numRecords + 1));
+            if (v5Creds->addresses == NULL)
+                return ENOMEM;
+
+            /* Fill in the array, allocating the address structures: */
+            for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *dataPtr != NULL; addrPtr++, dataPtr++) {
+
+                *addrPtr = (krb5_address *) malloc (sizeof(krb5_address));
+                if (*addrPtr == NULL)
+                    return ENOMEM;
+                data = *dataPtr;
+                addr = *addrPtr;
+
+                addr->addrtype = data->type;
+                addr->magic    = KV5M_ADDRESS;
+                addr->length   = data->length;
+                addr->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * addr->length);
+                if (addr->contents == NULL)
+                    return ENOMEM;
+                memmove(addr->contents, data->data, addr->length); /* copy contents */
+            }
+
+            /* Write terminator: */
+            *addrPtr = NULL;
+        }
     }
 
     if (whichArray == kAuthDataArray) {
-	if (ccCreds->authdata == NULL) {
-	    v5Creds->authdata = NULL;
-	} else {
-	    krb5_authdata 	**authPtr, *auth;
-	    cc_data			**dataPtr, *data;
-	    unsigned int		numRecords = 0;
-
-	    /* Allocate the array of pointers: */
-	    for (dataPtr = ccCreds->authdata; *dataPtr != NULL; numRecords++, dataPtr++) {}
-
-	    v5Creds->authdata = (krb5_authdata **) malloc (sizeof(krb5_authdata *) * (numRecords + 1));
-	    if (v5Creds->authdata == NULL)
-		return ENOMEM;
-
-	    /* Fill in the array, allocating the address structures: */
-	    for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *dataPtr != NULL; authPtr++, dataPtr++) {
-
-		*authPtr = (krb5_authdata *) malloc (sizeof(krb5_authdata));
-		if (*authPtr == NULL)
-		    return ENOMEM;
-		data = *dataPtr;
-		auth = *authPtr;
-
-		auth->ad_type  = data->type;
-		auth->magic    = KV5M_AUTHDATA;
-		auth->length   = data->length;
-		auth->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * auth->length);
-		if (auth->contents == NULL)
-		    return ENOMEM;
-		memmove(auth->contents, data->data, auth->length); /* copy contents */
-	    }
-
-	    /* Write terminator: */
-	    *authPtr = NULL;
-	}
+        if (ccCreds->authdata == NULL) {
+            v5Creds->authdata = NULL;
+        } else {
+            krb5_authdata       **authPtr, *auth;
+            cc_data                     **dataPtr, *data;
+            unsigned int                numRecords = 0;
+
+            /* Allocate the array of pointers: */
+            for (dataPtr = ccCreds->authdata; *dataPtr != NULL; numRecords++, dataPtr++) {}
+
+            v5Creds->authdata = (krb5_authdata **) malloc (sizeof(krb5_authdata *) * (numRecords + 1));
+            if (v5Creds->authdata == NULL)
+                return ENOMEM;
+
+            /* Fill in the array, allocating the address structures: */
+            for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *dataPtr != NULL; authPtr++, dataPtr++) {
+
+                *authPtr = (krb5_authdata *) malloc (sizeof(krb5_authdata));
+                if (*authPtr == NULL)
+                    return ENOMEM;
+                data = *dataPtr;
+                auth = *authPtr;
+
+                auth->ad_type  = data->type;
+                auth->magic    = KV5M_AUTHDATA;
+                auth->length   = data->length;
+                auth->contents = (krb5_octet *) malloc (sizeof(krb5_octet) * auth->length);
+                if (auth->contents == NULL)
+                    return ENOMEM;
+                memmove(auth->contents, data->data, auth->length); /* copy contents */
+            }
+
+            /* Write terminator: */
+            *authPtr = NULL;
+        }
     }
 
     return 0;
@@ -625,78 +626,78 @@ int copyCCDataArrayToK5(cc_creds *ccCreds, krb5_creds *v5Creds, char whichArray)
 int copyK5DataArrayToCC(krb5_creds *v5Creds, cc_creds *ccCreds, char whichArray)
 {
     if (whichArray == kAddressArray) {
-	if (v5Creds->addresses == NULL) {
-	    ccCreds->addresses = NULL;
-	} else {
-
-	    krb5_address 	**addrPtr, *addr;
-	    cc_data			**dataPtr, *data;
-	    unsigned int			numRecords = 0;
-
-	    /* Allocate the array of pointers: */
-	    for (addrPtr = v5Creds->addresses; *addrPtr != NULL; numRecords++, addrPtr++) {}
-
-	    ccCreds->addresses = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1));
-	    if (ccCreds->addresses == NULL)
-		return ENOMEM;
-
-	    /* Fill in the array, allocating the address structures: */
-	    for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *addrPtr != NULL; addrPtr++, dataPtr++) {
-
-		*dataPtr = (cc_data *) malloc (sizeof(cc_data));
-		if (*dataPtr == NULL)
-		    return ENOMEM;
-		data = *dataPtr;
-		addr = *addrPtr;
-
-		data->type   = addr->addrtype;
-		data->length = addr->length;
-		data->data   = malloc (sizeof(char) * data->length);
-		if (data->data == NULL)
-		    return ENOMEM;
-		memmove(data->data, addr->contents, data->length); /* copy contents */
-	    }
-
-	    /* Write terminator: */
-	    *dataPtr = NULL;
-	}
+        if (v5Creds->addresses == NULL) {
+            ccCreds->addresses = NULL;
+        } else {
+
+            krb5_address        **addrPtr, *addr;
+            cc_data                     **dataPtr, *data;
+            unsigned int                        numRecords = 0;
+
+            /* Allocate the array of pointers: */
+            for (addrPtr = v5Creds->addresses; *addrPtr != NULL; numRecords++, addrPtr++) {}
+
+            ccCreds->addresses = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1));
+            if (ccCreds->addresses == NULL)
+                return ENOMEM;
+
+            /* Fill in the array, allocating the address structures: */
+            for (dataPtr = ccCreds->addresses, addrPtr = v5Creds->addresses; *addrPtr != NULL; addrPtr++, dataPtr++) {
+
+                *dataPtr = (cc_data *) malloc (sizeof(cc_data));
+                if (*dataPtr == NULL)
+                    return ENOMEM;
+                data = *dataPtr;
+                addr = *addrPtr;
+
+                data->type   = addr->addrtype;
+                data->length = addr->length;
+                data->data   = malloc (sizeof(char) * data->length);
+                if (data->data == NULL)
+                    return ENOMEM;
+                memmove(data->data, addr->contents, data->length); /* copy contents */
+            }
+
+            /* Write terminator: */
+            *dataPtr = NULL;
+        }
     }
 
     if (whichArray == kAuthDataArray) {
-	if (v5Creds->authdata == NULL) {
-	    ccCreds->authdata = NULL;
-	} else {
-	    krb5_authdata 	**authPtr, *auth;
-	    cc_data			**dataPtr, *data;
-	    unsigned int			numRecords = 0;
-
-	    /* Allocate the array of pointers: */
-	    for (authPtr = v5Creds->authdata; *authPtr != NULL; numRecords++, authPtr++) {}
-
-	    ccCreds->authdata = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1));
-	    if (ccCreds->authdata == NULL)
-		return ENOMEM;
-
-	    /* Fill in the array, allocating the address structures: */
-	    for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *authPtr != NULL; authPtr++, dataPtr++) {
-
-		*dataPtr = (cc_data *) malloc (sizeof(cc_data));
-		if (*dataPtr == NULL)
-		    return ENOMEM;
-		data = *dataPtr;
-		auth = *authPtr;
-
-		data->type   = auth->ad_type;
-		data->length = auth->length;
-		data->data   = malloc (sizeof(char) * data->length);
-		if (data->data == NULL)
-		    return ENOMEM;
-		memmove(data->data, auth->contents, data->length); /* copy contents */
-	    }
-
-	    /* Write terminator: */
-	    *dataPtr = NULL;
-	}
+        if (v5Creds->authdata == NULL) {
+            ccCreds->authdata = NULL;
+        } else {
+            krb5_authdata       **authPtr, *auth;
+            cc_data                     **dataPtr, *data;
+            unsigned int                        numRecords = 0;
+
+            /* Allocate the array of pointers: */
+            for (authPtr = v5Creds->authdata; *authPtr != NULL; numRecords++, authPtr++) {}
+
+            ccCreds->authdata = (cc_data **) malloc (sizeof(cc_data *) * (numRecords + 1));
+            if (ccCreds->authdata == NULL)
+                return ENOMEM;
+
+            /* Fill in the array, allocating the address structures: */
+            for (dataPtr = ccCreds->authdata, authPtr = v5Creds->authdata; *authPtr != NULL; authPtr++, dataPtr++) {
+
+                *dataPtr = (cc_data *) malloc (sizeof(cc_data));
+                if (*dataPtr == NULL)
+                    return ENOMEM;
+                data = *dataPtr;
+                auth = *authPtr;
+
+                data->type   = auth->ad_type;
+                data->length = auth->length;
+                data->data   = malloc (sizeof(char) * data->length);
+                if (data->data == NULL)
+                    return ENOMEM;
+                memmove(data->data, auth->contents, data->length); /* copy contents */
+            }
+
+            /* Write terminator: */
+            *dataPtr = NULL;
+        }
     }
 
     return 0;
@@ -774,7 +775,7 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu)
     /* allocate the cred_union */
     *cu = (cred_union *)malloc(sizeof(cred_union));
     if ((*cu) == NULL)
-	return;
+        return;
 
     (*cu)->cred_type = CC_CRED_V5;
 
@@ -793,10 +794,10 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu)
     c->keyblock.length = creds->keyblock.length;
 
     if (creds->keyblock.contents != NULL) {
-	c->keyblock.data = (unsigned char *)malloc(creds->keyblock.length);
-	memcpy(c->keyblock.data, creds->keyblock.contents, creds->keyblock.length);
+        c->keyblock.data = (unsigned char *)malloc(creds->keyblock.length);
+        memcpy(c->keyblock.data, creds->keyblock.contents, creds->keyblock.length);
     } else {
-	c->keyblock.data = NULL;
+        c->keyblock.data = NULL;
     }
 
 #if TARGET_OS_MAC
@@ -815,18 +816,18 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu)
 
     c->ticket.length = creds->ticket.length;
     if (creds->ticket.data != NULL) {
-	c->ticket.data = (unsigned char *)malloc(creds->ticket.length);
-	memcpy(c->ticket.data, creds->ticket.data, creds->ticket.length);
+        c->ticket.data = (unsigned char *)malloc(creds->ticket.length);
+        memcpy(c->ticket.data, creds->ticket.data, creds->ticket.length);
     } else {
-	c->ticket.data = NULL;
+        c->ticket.data = NULL;
     }
 
     c->second_ticket.length = creds->second_ticket.length;
     if (creds->second_ticket.data != NULL) {
-	c->second_ticket.data = (unsigned char *)malloc(creds->second_ticket.length);
-	memcpy(c->second_ticket.data, creds->second_ticket.data, creds->second_ticket.length);
+        c->second_ticket.data = (unsigned char *)malloc(creds->second_ticket.length);
+        memcpy(c->second_ticket.data, creds->second_ticket.data, creds->second_ticket.length);
     } else {
-	c->second_ticket.data = NULL;
+        c->second_ticket.data = NULL;
     }
 
     err = copyK5DataArrayToCC(creds, c, kAuthDataArray);
@@ -851,7 +852,7 @@ void dupK5toCC(krb5_context context, krb5_creds *creds, cred_union **cu)
 static void deep_free_cc_data (cc_data data)
 {
     if (data.data != NULL)
-	free (data.data);
+        free (data.data);
 }
 
 static void deep_free_cc_data_array (cc_data** data) {
@@ -859,11 +860,11 @@ static void deep_free_cc_data_array (cc_data** data) {
     unsigned int i;
 
     if (data == NULL)
-	return;
+        return;
 
     for (i = 0; data [i] != NULL; i++) {
-	deep_free_cc_data (*(data [i]));
-	free (data [i]);
+        deep_free_cc_data (*(data [i]));
+        free (data [i]);
     }
 
     free (data);
@@ -872,12 +873,12 @@ static void deep_free_cc_data_array (cc_data** data) {
 static void deep_free_cc_v5_creds (cc_creds* creds)
 {
     if (creds == NULL)
-	return;
+        return;
 
     if (creds -> client != NULL)
-	free (creds -> client);
+        free (creds -> client);
     if (creds -> server != NULL)
-	free (creds -> server);
+        free (creds -> server);
 
     deep_free_cc_data (creds -> keyblock);
     deep_free_cc_data (creds -> ticket);
@@ -892,10 +893,10 @@ static void deep_free_cc_v5_creds (cc_creds* creds)
 static void deep_free_cc_creds (cred_union creds)
 {
     if (creds.cred_type == CC_CRED_V4) {
-	/* we shouldn't get this, of course */
-	free (creds.cred.pV4Cred);
+        /* we shouldn't get this, of course */
+        free (creds.cred.pV4Cred);
     } else if (creds.cred_type == CC_CRED_V5) {
-	deep_free_cc_v5_creds (creds.cred.pV5Cred);
+        deep_free_cc_v5_creds (creds.cred.pV5Cred);
     }
 }
 
@@ -903,12 +904,12 @@ static void deep_free_cc_creds (cred_union creds)
 cc_int32 krb5int_free_cc_cred_union (cred_union** creds)
 {
     if (creds == NULL)
-	return CC_BAD_PARM;
+        return CC_BAD_PARM;
 
     if (*creds != NULL) {
-	deep_free_cc_creds (**creds);
-	free (*creds);
-	*creds = NULL;
+        deep_free_cc_creds (**creds);
+        free (*creds);
+        *creds = NULL;
     }
 
     return CC_NOERROR;
@@ -921,15 +922,15 @@ cc_int32 krb5int_free_cc_cred_union (cred_union** creds)
 static krb5_boolean
 times_match(t1, t2)
     register const krb5_ticket_times *t1;
-register const krb5_ticket_times *t2;
+    register const krb5_ticket_times *t2;
 {
     if (t1->renew_till) {
-	if (t1->renew_till > t2->renew_till)
-	    return FALSE;		/* this one expires too late */
+        if (t1->renew_till > t2->renew_till)
+            return FALSE;               /* this one expires too late */
     }
     if (t1->endtime) {
-	if (t1->endtime > t2->endtime)
-	    return FALSE;		/* this one expires too late */
+        if (t1->endtime > t2->endtime)
+            return FALSE;               /* this one expires too late */
     }
     /* only care about expiration on a times_match */
     return TRUE;
@@ -940,18 +941,18 @@ times_match_exact (t1, t2)
     register const krb5_ticket_times *t1, *t2;
 {
     return (t1->authtime == t2->authtime
-	    && t1->starttime == t2->starttime
-	    && t1->endtime == t2->endtime
-	    && t1->renew_till == t2->renew_till);
+            && t1->starttime == t2->starttime
+            && t1->endtime == t2->endtime
+            && t1->renew_till == t2->renew_till);
 }
 
 static krb5_boolean
 standard_fields_match(context, mcreds, creds)
     krb5_context context;
-register const krb5_creds *mcreds, *creds;
+    register const krb5_creds *mcreds, *creds;
 {
     return (krb5_principal_compare(context, mcreds->client,creds->client) &&
-	    krb5_principal_compare(context, mcreds->server,creds->server));
+            krb5_principal_compare(context, mcreds->server,creds->server));
 }
 
 /* only match the server name portion, not the server realm portion */
@@ -959,14 +960,14 @@ register const krb5_creds *mcreds, *creds;
 static krb5_boolean
 srvname_match(context, mcreds, creds)
     krb5_context context;
-register const krb5_creds *mcreds, *creds;
+    register const krb5_creds *mcreds, *creds;
 {
     krb5_boolean retval;
     krb5_principal_data p1, p2;
 
     retval = krb5_principal_compare(context, mcreds->client,creds->client);
     if (retval != TRUE)
-	return retval;
+        return retval;
     /*
      * Hack to ignore the server realm for the purposes of the compare.
      */
@@ -984,22 +985,22 @@ authdata_match(mdata, data)
     const krb5_authdata *mdatap, *datap;
 
     if (mdata == data)
-	return TRUE;
+        return TRUE;
 
     if (mdata == NULL)
-	return *data == NULL;
+        return *data == NULL;
 
     if (data == NULL)
-	return *mdata == NULL;
+        return *mdata == NULL;
 
     while ((mdatap = *mdata)
-	   && (datap = *data)
-	   && mdatap->ad_type == datap->ad_type
-	   && mdatap->length == datap->length
-	   && !memcmp ((char *) mdatap->contents, (char *) datap->contents,
-		       datap->length)) {
-	mdata++;
-	data++;
+           && (datap = *data)
+           && mdatap->ad_type == datap->ad_type
+           && mdatap->length == datap->length
+           && !memcmp ((char *) mdatap->contents, (char *) datap->contents,
+                       datap->length)) {
+        mdata++;
+        data++;
     }
 
     return !*mdata && !*data;
@@ -1010,17 +1011,17 @@ data_match(data1, data2)
     register const krb5_data *data1, *data2;
 {
     if (!data1) {
-	if (!data2)
-	    return TRUE;
-	else
-	    return FALSE;
+        if (!data2)
+            return TRUE;
+        else
+            return FALSE;
     }
     if (!data2) return FALSE;
 
     if (data1->length != data2->length)
-	return FALSE;
+        return FALSE;
     else
-	return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE;
+        return memcmp(data1->data, data2->data, data1->length) ? FALSE : TRUE;
 }
 
 #define MATCH_SET(bits) (whichfields & bits)
@@ -1029,41 +1030,41 @@ data_match(data1, data2)
 /*  stdccCredsMatch
  *  - check to see if the creds match based on the whichFields variable
  *  NOTE: if whichfields is zero we are now comparing 'standard fields.'
- * 		 This is the bug that was killing fetch for a
- * 		 week. The behaviour is what krb5 expects, however.
+ *               This is the bug that was killing fetch for a
+ *               week. The behaviour is what krb5 expects, however.
  */
 int stdccCredsMatch(krb5_context context, krb5_creds *base,
-		    krb5_creds *match, int whichfields)
+                    krb5_creds *match, int whichfields)
 {
     if (((MATCH_SET(KRB5_TC_MATCH_SRV_NAMEONLY) &&
-	  srvname_match(context, match, base)) ||
-	 standard_fields_match(context, match, base))
+          srvname_match(context, match, base)) ||
+         standard_fields_match(context, match, base))
+        &&
+        (! MATCH_SET(KRB5_TC_MATCH_IS_SKEY) ||
+         match->is_skey == base->is_skey)
+        &&
+        (! MATCH_SET(KRB5_TC_MATCH_FLAGS_EXACT) ||
+         match->ticket_flags == base->ticket_flags)
+        &&
+        (! MATCH_SET(KRB5_TC_MATCH_FLAGS) ||
+         flags_match(match->ticket_flags, base->ticket_flags))
+        &&
+        (! MATCH_SET(KRB5_TC_MATCH_TIMES_EXACT) ||
+         times_match_exact(&match->times, &base->times))
+        &&
+        (! MATCH_SET(KRB5_TC_MATCH_TIMES) ||
+         times_match(&match->times, &base->times))
+        &&
+        (! MATCH_SET(KRB5_TC_MATCH_AUTHDATA) ||
+         authdata_match (match->authdata, base->authdata))
+        &&
+        (! MATCH_SET(KRB5_TC_MATCH_2ND_TKT) ||
+         data_match (&match->second_ticket, &base->second_ticket))
         &&
-	(! MATCH_SET(KRB5_TC_MATCH_IS_SKEY) ||
-	 match->is_skey == base->is_skey)
-	&&
-	(! MATCH_SET(KRB5_TC_MATCH_FLAGS_EXACT) ||
-	 match->ticket_flags == base->ticket_flags)
-	&&
-	(! MATCH_SET(KRB5_TC_MATCH_FLAGS) ||
-	 flags_match(match->ticket_flags, base->ticket_flags))
-	&&
-	(! MATCH_SET(KRB5_TC_MATCH_TIMES_EXACT) ||
-	 times_match_exact(&match->times, &base->times))
-	&&
-	(! MATCH_SET(KRB5_TC_MATCH_TIMES) ||
-	 times_match(&match->times, &base->times))
-	&&
-	(! MATCH_SET(KRB5_TC_MATCH_AUTHDATA) ||
-	 authdata_match (match->authdata, base->authdata))
-	&&
-	(! MATCH_SET(KRB5_TC_MATCH_2ND_TKT) ||
-	 data_match (&match->second_ticket, &base->second_ticket))
-	&&
-	((! MATCH_SET(KRB5_TC_MATCH_KTYPE))||
-	 (match->keyblock.enctype == base->keyblock.enctype))
-	)
-	return TRUE;
+        ((! MATCH_SET(KRB5_TC_MATCH_KTYPE))||
+         (match->keyblock.enctype == base->keyblock.enctype))
+    )
+        return TRUE;
     return FALSE;
 }
 
diff --git a/src/lib/krb5/ccache/ccapi/stdcc_util.h b/src/lib/krb5/ccache/ccapi/stdcc_util.h
index 2b724eb78..2e5eecc2b 100644
--- a/src/lib/krb5/ccache/ccapi/stdcc_util.h
+++ b/src/lib/krb5/ccache/ccapi/stdcc_util.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* stdcc_util.h
  *
  * Frank Dabek, July 1998
@@ -21,16 +22,16 @@
 
 /* protoypes for private functions declared in stdcc_util.c */
 #ifdef USE_CCAPI_V3
-krb5_error_code 
-copy_cc_cred_union_to_krb5_creds (krb5_context in_context, 
-                                  const cc_credentials_union *in_cred_union, 
+krb5_error_code
+copy_cc_cred_union_to_krb5_creds (krb5_context in_context,
+                                  const cc_credentials_union *in_cred_union,
                                   krb5_creds *out_creds);
 krb5_error_code
-copy_krb5_creds_to_cc_cred_union (krb5_context in_context, 
-                                  krb5_creds *in_creds, 
+copy_krb5_creds_to_cc_cred_union (krb5_context in_context,
+                                  krb5_creds *in_creds,
                                   cc_credentials_union **out_cred_union);
 
-krb5_error_code 
+krb5_error_code
 cred_union_release (cc_credentials_union *in_cred_union);
 #else
 int copyCCDataArrayToK5(cc_creds *cc, krb5_creds *kc, char whichArray);
@@ -42,7 +43,7 @@ cc_int32 krb5int_free_cc_cred_union (cred_union** creds);
 int stdccCredsMatch(krb5_context context, krb5_creds *base, krb5_creds *match, int whichfields);
 int bitTst(int var, int mask);
 
-#define kAddressArray 4 
+#define kAddressArray 4
 #define kAuthDataArray 5
 
 #endif /* defined(_WIN32) || defined(USE_CCAPI) */
diff --git a/src/lib/krb5/ccache/ccapi/winccld.c b/src/lib/krb5/ccache/ccapi/winccld.c
index 22646e1ee..8b2e90c42 100644
--- a/src/lib/krb5/ccache/ccapi/winccld.c
+++ b/src/lib/krb5/ccache/ccapi/winccld.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #if defined(_WIN32)
 /*
  * winccld.c --- routine for dynamically loading the ccache DLL if
@@ -23,9 +24,9 @@ extern int krb5_is_ccdll_loaded();
 /*
  * return codes
  */
-#define LF_OK		0
-#define LF_NODLL	1
-#define LF_NOFUNC	2
+#define LF_OK           0
+#define LF_NODLL        1
+#define LF_NOFUNC       2
 
 #ifdef _WIN64
 #define KRBCC_DLL      "krbcc64.dll"
@@ -34,10 +35,10 @@ extern int krb5_is_ccdll_loaded();
 #endif
 
 static int LoadFuncs(const char* dll_name, FUNC_INFO fi[],
-		     HINSTANCE* ph, int debug);
+                     HINSTANCE* ph, int debug);
 
 static int LoadFuncs(const char* dll_name, FUNC_INFO fi[],
-		     HINSTANCE* ph, int debug)
+                     HINSTANCE* ph, int debug)
 {
     HINSTANCE h;
     int i, n;
@@ -46,55 +47,55 @@ static int LoadFuncs(const char* dll_name, FUNC_INFO fi[],
     if (ph) *ph = 0;
 
     for (n = 0; fi[n].func_ptr_var; n++) {
-	*(fi[n].func_ptr_var) = 0;
+        *(fi[n].func_ptr_var) = 0;
     }
 
     if (!(h = LoadLibrary(dll_name))) {
-	/* Get error for source debugging purposes. */
-	error = (int)GetLastError();
-	return LF_NODLL;
+        /* Get error for source debugging purposes. */
+        error = (int)GetLastError();
+        return LF_NODLL;
     }
 
     if (debug)
-	printf("Loaded %s\n", dll_name);
+        printf("Loaded %s\n", dll_name);
     for (i = 0; !error && (i < n); i++) {
-	void* p = (void*)GetProcAddress(h, fi[i].func_name);
-	if (!p) {
-	    if (debug)
-		printf("Could not get function: %s\n", fi[i].func_name);
-	    error = 1;
-	} else {
-	    *(fi[i].func_ptr_var) = p;
-	    if (debug)
-		printf("Loaded function %s at 0x%08X\n", fi[i].func_name, p);
-	}
+        void* p = (void*)GetProcAddress(h, fi[i].func_name);
+        if (!p) {
+            if (debug)
+                printf("Could not get function: %s\n", fi[i].func_name);
+            error = 1;
+        } else {
+            *(fi[i].func_ptr_var) = p;
+            if (debug)
+                printf("Loaded function %s at 0x%08X\n", fi[i].func_name, p);
+        }
     }
     if (error) {
-	for (i = 0; i < n; i++) {
-	    *(fi[i].func_ptr_var) = 0;
-	}
-	FreeLibrary(h);
-	return LF_NOFUNC;
+        for (i = 0; i < n; i++) {
+            *(fi[i].func_ptr_var) = 0;
+        }
+        FreeLibrary(h);
+        return LF_NOFUNC;
     }
     if (ph) *ph = h;
     return LF_OK;
 }
 
 void krb5_win_ccdll_load(context)
-	krb5_context	context;
+    krb5_context    context;
 {
-	krb5_cc_register(context, &krb5_fcc_ops, 0);
-	if (krb5_win_ccdll_loaded)
-		return;
-	if (LoadFuncs(KRBCC_DLL, krbcc_fi, 0, 0))
-		return;		/* Error, give up */
-	krb5_win_ccdll_loaded = 1;
-	krb5_cc_dfl_ops = &krb5_cc_stdcc_ops; /* Use stdcc! */
+    krb5_cc_register(context, &krb5_fcc_ops, 0);
+    if (krb5_win_ccdll_loaded)
+        return;
+    if (LoadFuncs(KRBCC_DLL, krbcc_fi, 0, 0))
+        return;         /* Error, give up */
+    krb5_win_ccdll_loaded = 1;
+    krb5_cc_dfl_ops = &krb5_cc_stdcc_ops; /* Use stdcc! */
 }
 
 int krb5_is_ccdll_loaded()
 {
-	return krb5_win_ccdll_loaded;
+    return krb5_win_ccdll_loaded;
 }
 
-#endif	/* Windows */
+#endif  /* Windows */
diff --git a/src/lib/krb5/ccache/ccapi/winccld.h b/src/lib/krb5/ccache/ccapi/winccld.h
index 245ae245e..85017abbd 100644
--- a/src/lib/krb5/ccache/ccapi/winccld.h
+++ b/src/lib/krb5/ccache/ccapi/winccld.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * winccld.h -- the dynamic loaded version of the ccache DLL
  */
@@ -19,19 +20,19 @@
 
 #ifdef USE_CCAPI_V3
 typedef CCACHE_API cc_int32 (*FP_cc_initialize) (
-        cc_context_t*           outContext,
-        cc_int32                inVersion,
-        cc_int32*               outSupportedVersion,
-        char const**            outVendor);
+    cc_context_t*           outContext,
+    cc_int32                inVersion,
+    cc_int32*               outSupportedVersion,
+    char const**            outVendor);
 #else
-typedef cc_int32 (*FP_cc_initialize)(apiCB**, const cc_int32, 
-			cc_int32*, const char**);     
-typedef cc_int32 (*FP_cc_shutdown)(apiCB**);            
-typedef cc_int32 (*FP_cc_get_change_time)(apiCB*, cc_time_t*);    
+typedef cc_int32 (*FP_cc_initialize)(apiCB**, const cc_int32,
+                                     cc_int32*, const char**);
+typedef cc_int32 (*FP_cc_shutdown)(apiCB**);
+typedef cc_int32 (*FP_cc_get_change_time)(apiCB*, cc_time_t*);
 typedef cc_int32 (*FP_cc_create)(apiCB*, const char*, const char*,
-			const enum cc_cred_vers, const cc_int32, ccache_p**);
+                                 const enum cc_cred_vers, const cc_int32, ccache_p**);
 typedef cc_int32 (*FP_cc_open)(apiCB*, const char*, const enum cc_cred_vers,
-			const cc_int32, ccache_p**);
+                               const cc_int32, ccache_p**);
 typedef cc_int32 (*FP_cc_close)(apiCB*, ccache_p**);
 typedef cc_int32 (*FP_cc_destroy)(apiCB*, ccache_p**);
 typedef cc_int32 (*FP_cc_seq_fetch_NCs)(apiCB*, ccache_p**, ccache_cit**);
@@ -42,21 +43,21 @@ typedef cc_int32 (*FP_cc_get_NC_info)(apiCB*, struct _infoNC***);
 typedef cc_int32 (*FP_cc_free_NC_info)(apiCB*, struct _infoNC***);
 typedef cc_int32 (*FP_cc_get_name)(apiCB*, const ccache_p*, char**);
 typedef cc_int32 (*FP_cc_set_principal)(apiCB*, const ccache_p*,
-			const enum cc_cred_vers, const char*);
+                                        const enum cc_cred_vers, const char*);
 typedef cc_int32 (*FP_cc_get_principal)(apiCB*, ccache_p*, char**);
 typedef cc_int32 (*FP_cc_get_cred_version)(apiCB*, const ccache_p*,
-			enum cc_cred_vers*);
+                                           enum cc_cred_vers*);
 typedef cc_int32 (*FP_cc_lock_request)(apiCB*, const ccache_p*,
-			const cc_int32);
+                                       const cc_int32);
 typedef cc_int32 (*FP_cc_store)(apiCB*, const ccache_p*, const cred_union);
 typedef cc_int32 (*FP_cc_remove_cred)(apiCB*, const ccache_p*,
-			const cred_union);
-typedef cc_int32 (*FP_cc_seq_fetch_creds)(apiCB*, const ccache_p*, 
-			cred_union**, ccache_cit**);
-typedef cc_int32 (*FP_cc_seq_fetch_creds_begin)(apiCB*, const ccache_p*, 
-			ccache_cit**);
-typedef cc_int32 (*FP_cc_seq_fetch_creds_next)(apiCB*, cred_union**, 
-			ccache_cit*);
+                                      const cred_union);
+typedef cc_int32 (*FP_cc_seq_fetch_creds)(apiCB*, const ccache_p*,
+                                          cred_union**, ccache_cit**);
+typedef cc_int32 (*FP_cc_seq_fetch_creds_begin)(apiCB*, const ccache_p*,
+                                                ccache_cit**);
+typedef cc_int32 (*FP_cc_seq_fetch_creds_next)(apiCB*, cred_union**,
+                                               ccache_cit*);
 typedef cc_int32 (*FP_cc_seq_fetch_creds_end)(apiCB*, ccache_cit**);
 typedef cc_int32 (*FP_cc_free_principal)(apiCB*, char**);
 typedef cc_int32 (*FP_cc_free_name)(apiCB*, char** name);
diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c
index f54486f7d..fb3d7ec9d 100644
--- a/src/lib/krb5/ccache/ccbase.c
+++ b/src/lib/krb5/ccache/ccbase.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/ccbase.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Registration functions for ccache.
  */
@@ -96,22 +97,22 @@ krb5int_cc_initialize(void)
 
     err = k5_cc_mutex_finish_init(&cccol_lock);
     if (err)
-	return err;
+        return err;
     err = k5_cc_mutex_finish_init(&krb5int_mcc_mutex);
     if (err)
-	return err;
+        return err;
     err = k5_mutex_finish_init(&cc_typelist_lock);
     if (err)
-	return err;
+        return err;
 #ifndef NO_FILE_CCACHE
     err = k5_cc_mutex_finish_init(&krb5int_cc_file_mutex);
     if (err)
-	return err;
+        return err;
 #endif
 #ifdef USE_KEYRING_CCACHE
     err = k5_cc_mutex_finish_init(&krb5int_krcc_mutex);
     if (err)
-	return err;
+        return err;
 #endif
     return 0;
 }
@@ -131,8 +132,8 @@ krb5int_cc_finalize(void)
     k5_cc_mutex_destroy(&krb5int_krcc_mutex);
 #endif
     for (t = cc_typehead; t != INITIAL_TYPEHEAD; t = t_next) {
-	t_next = t->next;
-	free(t);
+        t_next = t->next;
+        free(t);
     }
 }
 
@@ -143,30 +144,30 @@ krb5int_cc_finalize(void)
  */
 
 krb5_error_code KRB5_CALLCONV
-krb5_cc_register(krb5_context context, const krb5_cc_ops *ops, 
-		 krb5_boolean override)
+krb5_cc_register(krb5_context context, const krb5_cc_ops *ops,
+                 krb5_boolean override)
 {
     struct krb5_cc_typelist *t;
     krb5_error_code err;
 
     err = k5_mutex_lock(&cc_typelist_lock);
     if (err)
-	return err;
+        return err;
     for (t = cc_typehead;t && strcmp(t->ops->prefix,ops->prefix);t = t->next)
-	;
+        ;
     if (t) {
-	if (override) {
-	    t->ops = ops;
-	    k5_mutex_unlock(&cc_typelist_lock);
-	    return 0;
-	} else {
-	    k5_mutex_unlock(&cc_typelist_lock);
-	    return KRB5_CC_TYPE_EXISTS;
-	}
+        if (override) {
+            t->ops = ops;
+            k5_mutex_unlock(&cc_typelist_lock);
+            return 0;
+        } else {
+            k5_mutex_unlock(&cc_typelist_lock);
+            return KRB5_CC_TYPE_EXISTS;
+        }
     }
     if (!(t = (struct krb5_cc_typelist *) malloc(sizeof(*t)))) {
-	k5_mutex_unlock(&cc_typelist_lock);
-	return ENOMEM;
+        k5_mutex_unlock(&cc_typelist_lock);
+        return ENOMEM;
     }
     t->next = cc_typehead;
     t->ops = ops;
@@ -196,14 +197,14 @@ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache)
     const krb5_cc_ops *ops;
 
     if (name == NULL)
-	return KRB5_CC_BADNAME;
+        return KRB5_CC_BADNAME;
     pfx = NULL;
     cp = strchr (name, ':');
     if (!cp) {
-	if (krb5_cc_dfl_ops)
-	    return (*krb5_cc_dfl_ops->resolve)(context, cache, name);
-	else
-	    return KRB5_CC_BADNAME;
+        if (krb5_cc_dfl_ops)
+            return (*krb5_cc_dfl_ops->resolve)(context, cache, name);
+        else
+            return KRB5_CC_BADNAME;
     }
 
     pfxlen = cp - name;
@@ -230,9 +231,9 @@ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache)
 
     err = krb5int_cc_getops(context, pfx, &ops);
     if (pfx != NULL)
-	free(pfx);
+        free(pfx);
     if (err)
-	return err;
+        return err;
 
     return ops->resolve(context, cache, resid);
 }
@@ -254,19 +255,19 @@ krb5int_cc_getops(
 
     err = k5_mutex_lock(&cc_typelist_lock);
     if (err)
-	return err;
+        return err;
 
     for (tlist = cc_typehead; tlist; tlist = tlist->next) {
-	if (strcmp (tlist->ops->prefix, pfx) == 0) {
-	    *ops = tlist->ops;
-	    k5_mutex_unlock(&cc_typelist_lock);
-	    return 0;
-	}
+        if (strcmp (tlist->ops->prefix, pfx) == 0) {
+            *ops = tlist->ops;
+            k5_mutex_unlock(&cc_typelist_lock);
+            return 0;
+        }
     }
     k5_mutex_unlock(&cc_typelist_lock);
     if (krb5_cc_dfl_ops && !strcmp (pfx, krb5_cc_dfl_ops->prefix)) {
-	*ops = krb5_cc_dfl_ops;
-	return 0;
+        *ops = krb5_cc_dfl_ops;
+        return 0;
     }
     return KRB5_CC_UNKNOWN_TYPE;
 }
@@ -291,7 +292,7 @@ krb5_cc_new_unique(
 
     err = krb5int_cc_getops(context, type, &ops);
     if (err)
-	return err;
+        return err;
 
     return ops->gen_new(context, id);
 }
@@ -312,20 +313,20 @@ krb5int_cc_typecursor_new(krb5_context context, krb5_cc_typecursor *t)
     *t = NULL;
     n = malloc(sizeof(*n));
     if (n == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     err = k5_mutex_lock(&cc_typelist_lock);
     if (err)
-	goto errout;
+        goto errout;
     n->tptr = cc_typehead;
     err = k5_mutex_unlock(&cc_typelist_lock);
     if (err)
-	goto errout;
+        goto errout;
 
     *t = n;
 errout:
     if (err)
-	free(n);
+        free(n);
     return err;
 }
 
@@ -339,16 +340,16 @@ krb5int_cc_typecursor_next(
 
     *ops = NULL;
     if (t->tptr == NULL)
-	return 0;
+        return 0;
 
     err = k5_mutex_lock(&cc_typelist_lock);
     if (err)
-	goto errout;
+        goto errout;
     *ops = t->tptr->ops;
     t->tptr = t->tptr->next;
     err = k5_mutex_unlock(&cc_typelist_lock);
     if (err)
-	goto errout;
+        goto errout;
 
 errout:
     return err;
@@ -367,40 +368,40 @@ krb5_cc_move (krb5_context context, krb5_ccache src, krb5_ccache dst)
 {
     krb5_error_code ret = 0;
     krb5_principal princ = NULL;
-    
+
     ret = krb5_cccol_lock(context);
     if (ret) {
-		return ret;
+        return ret;
     }
-    
+
     ret = krb5_cc_lock(context, src);
     if (ret) {
-		krb5_cccol_unlock(context);
-		return ret;
+        krb5_cccol_unlock(context);
+        return ret;
     }
-    
+
     ret = krb5_cc_get_principal(context, src, &princ);
     if (!ret) {
-		ret = krb5_cc_initialize(context, dst, princ);
+        ret = krb5_cc_initialize(context, dst, princ);
     }
     if (!ret) {
-		ret = krb5_cc_lock(context, dst);
+        ret = krb5_cc_lock(context, dst);
     }
     if (!ret) {
-		ret = krb5_cc_copy_creds(context, src, dst);
-		krb5_cc_unlock(context, dst);
+        ret = krb5_cc_copy_creds(context, src, dst);
+        krb5_cc_unlock(context, dst);
     }
-    
+
     krb5_cc_unlock(context, src);
     if (!ret) {
-		ret = krb5_cc_destroy(context, src);
+        ret = krb5_cc_destroy(context, src);
     }
     krb5_cccol_unlock(context);
     if (princ) {
-		krb5_free_principal(context, princ);
-		princ = NULL;
-    }        
-    
+        krb5_free_principal(context, princ);
+        princ = NULL;
+    }
+
     return ret;
 }
 
@@ -408,12 +409,12 @@ krb5_error_code
 k5_cc_mutex_init(k5_cc_mutex *m)
 {
     krb5_error_code ret = 0;
-    
+
     ret = k5_mutex_init(&m->lock);
     if (ret) return ret;
     m->owner = NULL;
     m->refcount = 0;
-    
+
     return ret;
 }
 
@@ -421,12 +422,12 @@ krb5_error_code
 k5_cc_mutex_finish_init(k5_cc_mutex *m)
 {
     krb5_error_code ret = 0;
-    
+
     ret = k5_mutex_finish_init(&m->lock);
     if (ret) return ret;
     m->owner = NULL;
     m->refcount = 0;
-    
+
     return ret;
 }
 
@@ -447,42 +448,42 @@ k5_cc_mutex_assert_unlocked(krb5_context context, k5_cc_mutex *m)
     assert(m->refcount == 0);
     assert(m->owner == NULL);
 #endif
-    k5_assert_unlocked(&m->lock);    
+    k5_assert_unlocked(&m->lock);
 }
 
 krb5_error_code
 k5_cc_mutex_lock(krb5_context context, k5_cc_mutex *m)
 {
     krb5_error_code ret = 0;
-    
+
     // not locked or already locked by another context
     if (m->owner != context) {
-	// acquire lock, blocking until available
-	ret = k5_mutex_lock(&m->lock);
-	m->owner = context;
-	m->refcount = 1;
+        // acquire lock, blocking until available
+        ret = k5_mutex_lock(&m->lock);
+        m->owner = context;
+        m->refcount = 1;
     }
     // already locked by this context, just increase refcount
     else {
-	m->refcount++;
+        m->refcount++;
     }
-    return ret;    
+    return ret;
 }
 
 krb5_error_code
 k5_cc_mutex_unlock(krb5_context context, k5_cc_mutex *m)
 {
     krb5_error_code ret = 0;
-    
+
     /* verify owner and sanity check refcount */
     if ((m->owner != context) || (m->refcount < 1)) {
-	return ret;
+        return ret;
     }
     /* decrement & unlock when count reaches zero */
     m->refcount--;
     if (m->refcount == 0) {
-	m->owner = NULL;
-	k5_mutex_unlock(&m->lock);
+        m->owner = NULL;
+        k5_mutex_unlock(&m->lock);
     }
     return ret;
 }
@@ -492,13 +493,13 @@ krb5_error_code
 k5_cc_mutex_force_unlock(k5_cc_mutex *m)
 {
     krb5_error_code ret = 0;
-    
+
     m->refcount = 0;
     m->owner = NULL;
     if (m->refcount > 0) {
-	k5_mutex_unlock(&m->lock);
+        k5_mutex_unlock(&m->lock);
     }
-    return ret;    
+    return ret;
 }
 
 /*
@@ -509,28 +510,28 @@ krb5_error_code KRB5_CALLCONV
 krb5_cccol_lock(krb5_context context)
 {
     krb5_error_code ret = 0;
-    
+
     ret = k5_cc_mutex_lock(context, &cccol_lock);
     if (ret) {
-	return ret;
-    }    
+        return ret;
+    }
     ret = k5_mutex_lock(&cc_typelist_lock);
     if (ret) {
-	k5_cc_mutex_unlock(context, &cccol_lock);
-	return ret;
+        k5_cc_mutex_unlock(context, &cccol_lock);
+        return ret;
     }
     ret = k5_cc_mutex_lock(context, &krb5int_cc_file_mutex);
     if (ret) {
-	k5_mutex_unlock(&cc_typelist_lock);
-	k5_cc_mutex_unlock(context, &cccol_lock);
-	return ret;
+        k5_mutex_unlock(&cc_typelist_lock);
+        k5_cc_mutex_unlock(context, &cccol_lock);
+        return ret;
     }
     ret = k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
     if (ret) {
-	k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	k5_mutex_unlock(&cc_typelist_lock);
-	k5_cc_mutex_unlock(context, &cccol_lock);
-	return ret;
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        k5_mutex_unlock(&cc_typelist_lock);
+        k5_cc_mutex_unlock(context, &cccol_lock);
+        return ret;
     }
 #ifdef USE_CCAPI_V3
     ret = krb5_stdccv3_context_lock(context);
@@ -539,11 +540,11 @@ krb5_cccol_lock(krb5_context context)
     ret = k5_cc_mutex_lock(context, &krb5int_krcc_mutex);
 #endif
     if (ret) {
-	k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
-	k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
-	k5_mutex_unlock(&cc_typelist_lock);
-	k5_cc_mutex_unlock(context, &cccol_lock);
-	return ret;
+        k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
+        k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex);
+        k5_mutex_unlock(&cc_typelist_lock);
+        k5_cc_mutex_unlock(context, &cccol_lock);
+        return ret;
     }
     k5_mutex_unlock(&cc_typelist_lock);
     return ret;
@@ -553,15 +554,15 @@ krb5_error_code KRB5_CALLCONV
 krb5_cccol_unlock(krb5_context context)
 {
     krb5_error_code ret = 0;
-    
+
     /* sanity check */
     k5_cc_mutex_assert_locked(context, &cccol_lock);
-    
+
     ret = k5_mutex_lock(&cc_typelist_lock);
     if (ret) {
-	k5_cc_mutex_unlock(context, &cccol_lock);
-	return ret;
-    }    
+        k5_cc_mutex_unlock(context, &cccol_lock);
+        return ret;
+    }
 
     // unlock each type in the opposite order
 #ifdef USE_KEYRING_CCACHE
@@ -588,20 +589,20 @@ krb5_error_code
 k5_cccol_force_unlock()
 {
     krb5_error_code ret = 0;
-    
+
     /* sanity check */
     if ((&cccol_lock)->refcount == 0) {
-	return 0;
+        return 0;
     }
-    
+
     ret = k5_mutex_lock(&cc_typelist_lock);
     if (ret) {
-	(&cccol_lock)->refcount = 0;
-	(&cccol_lock)->owner = NULL;
-	k5_mutex_unlock(&(&cccol_lock)->lock);
-	return ret;
-    }    
-    
+        (&cccol_lock)->refcount = 0;
+        (&cccol_lock)->owner = NULL;
+        k5_mutex_unlock(&(&cccol_lock)->lock);
+        return ret;
+    }
+
     // unlock each type in the opposite order
 #ifdef USE_KEYRING_CCACHE
     k5_cc_mutex_force_unlock(&krb5int_krcc_mutex);
@@ -611,9 +612,9 @@ k5_cccol_force_unlock()
 #endif
     k5_cc_mutex_force_unlock(&krb5int_mcc_mutex);
     k5_cc_mutex_force_unlock(&krb5int_cc_file_mutex);
-    
+
     k5_mutex_unlock(&cc_typelist_lock);
     k5_cc_mutex_force_unlock(&cccol_lock);
-    
+
     return ret;
 }
diff --git a/src/lib/krb5/ccache/cccopy.c b/src/lib/krb5/ccache/cccopy.c
index a9a45b501..36b3f4270 100644
--- a/src/lib/krb5/ccache/cccopy.c
+++ b/src/lib/krb5/ccache/cccopy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 
 krb5_error_code KRB5_CALLCONV
@@ -8,29 +9,29 @@ krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc)
     krb5_cc_cursor cur = 0;
     krb5_creds creds;
 
-    flags = 0;				/* turns off OPENCLOSE mode */
+    flags = 0;                          /* turns off OPENCLOSE mode */
     if ((code = krb5_cc_set_flags(context, incc, flags)))
-	return(code);
+        return(code);
     /* the code for this will open the file for reading only, which
        is not what I had in mind.  So I won't turn off OPENCLOSE
        for the output ccache */
 #if 0
     if ((code = krb5_cc_set_flags(context, outcc, flags)))
-	return(code);
+        return(code);
 #endif
 
     if ((code = krb5_cc_start_seq_get(context, incc, &cur)))
-	goto cleanup;
+        goto cleanup;
 
     while (!(code = krb5_cc_next_cred(context, incc, &cur, &creds))) {
-	code = krb5_cc_store_cred(context, outcc, &creds);
-	krb5_free_cred_contents(context, &creds);
-	if (code)
-	    goto cleanup;
+        code = krb5_cc_store_cred(context, outcc, &creds);
+        krb5_free_cred_contents(context, &creds);
+        if (code)
+            goto cleanup;
     }
 
     if (code != KRB5_CC_END)
-	goto cleanup;
+        goto cleanup;
 
     code = krb5_cc_end_seq_get(context, incc, &cur);
     cur = 0;
@@ -43,19 +44,19 @@ cleanup:
     flags = KRB5_TC_OPENCLOSE;
 
     /* If set then we are in an error pathway */
-    if (cur) 
-      krb5_cc_end_seq_get(context, incc, &cur);
+    if (cur)
+        krb5_cc_end_seq_get(context, incc, &cur);
 
     if (code)
-	krb5_cc_set_flags(context, incc, flags);
+        krb5_cc_set_flags(context, incc, flags);
     else
-	code = krb5_cc_set_flags(context, incc, flags);
+        code = krb5_cc_set_flags(context, incc, flags);
 
 #if 0
     if (code)
-	krb5_cc_set_flags(context, outcc, flags);
+        krb5_cc_set_flags(context, outcc, flags);
     else
-	code = krb5_cc_set_flags(context, outcc, flags);
+        code = krb5_cc_set_flags(context, outcc, flags);
 #endif
 
     return(code);
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
index 5a062d443..852eff847 100644
--- a/src/lib/krb5/ccache/cccursor.c
+++ b/src/lib/krb5/ccache/cccursor.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/cccursor.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -75,7 +76,7 @@ krb5_cccol_cursor_new(
     *cursor = NULL;
     n = malloc(sizeof(*n));
     if (n == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     n->pos = CCCURSOR_CONTEXT;
     n->typecursor = NULL;
@@ -83,27 +84,27 @@ krb5_cccol_cursor_new(
     n->ops = NULL;
 
     for (i = 0; i < NFULLNAMES; i++) {
-	n->fullnames[i].pfx = n->fullnames[i].res = NULL;
+        n->fullnames[i].pfx = n->fullnames[i].res = NULL;
     }
     n->cur_fullname = 0;
     ret = krb5int_cc_typecursor_new(context, &n->typecursor);
     if (ret)
-	goto errout;
+        goto errout;
 
     do {
-	/* Find first backend with ptcursor functionality. */
-	ret = krb5int_cc_typecursor_next(context, n->typecursor, &n->ops);
-	if (ret || n->ops == NULL)
-	    goto errout;
+        /* Find first backend with ptcursor functionality. */
+        ret = krb5int_cc_typecursor_next(context, n->typecursor, &n->ops);
+        if (ret || n->ops == NULL)
+            goto errout;
     } while (n->ops->ptcursor_new == NULL);
 
     ret = n->ops->ptcursor_new(context, &n->ptcursor);
     if (ret)
-	goto errout;
+        goto errout;
 
 errout:
     if (ret) {
-	krb5_cccol_cursor_free(context, &n);
+        krb5_cccol_cursor_free(context, &n);
     }
     *cursor = n;
     return ret;
@@ -124,48 +125,48 @@ krb5_cccol_cursor_next(
 
     switch (cursor->pos) {
     case CCCURSOR_CONTEXT:
-	name = os_ctx->default_ccname;
-	if (name != NULL) {
-	    cursor->pos = CCCURSOR_ENV;
-	    ret = cccol_do_resolve(context, cursor, name, ccache);
-	    if (ret)
-		goto errout;
-	    if (*ccache != NULL)
-		break;
-	}
-	/* fall through */
+        name = os_ctx->default_ccname;
+        if (name != NULL) {
+            cursor->pos = CCCURSOR_ENV;
+            ret = cccol_do_resolve(context, cursor, name, ccache);
+            if (ret)
+                goto errout;
+            if (*ccache != NULL)
+                break;
+        }
+        /* fall through */
     case CCCURSOR_ENV:
-	name = getenv(KRB5_ENV_CCNAME);
-	if (name != NULL) {
-	    cursor->pos = CCCURSOR_OS;
-	    ret = cccol_do_resolve(context, cursor, name, ccache);
-	    if (ret)
-		goto errout;
-	    if (*ccache != NULL)
-		break;
-	}
-	/* fall through */
+        name = getenv(KRB5_ENV_CCNAME);
+        if (name != NULL) {
+            cursor->pos = CCCURSOR_OS;
+            ret = cccol_do_resolve(context, cursor, name, ccache);
+            if (ret)
+                goto errout;
+            if (*ccache != NULL)
+                break;
+        }
+        /* fall through */
     case CCCURSOR_OS:
-	ret = krb5int_cc_os_default_name(context, &name);
-	if (ret) goto errout;
-	if (name != NULL) {
-	    cursor->pos = CCCURSOR_PERTYPE;
-	    ret = cccol_do_resolve(context, cursor, name, ccache);
-	    free(name);
-	    if (ret)
-		goto errout;
-	    if (*ccache != NULL)
-		break;
-	}
-	/* fall through */
+        ret = krb5int_cc_os_default_name(context, &name);
+        if (ret) goto errout;
+        if (name != NULL) {
+            cursor->pos = CCCURSOR_PERTYPE;
+            ret = cccol_do_resolve(context, cursor, name, ccache);
+            free(name);
+            if (ret)
+                goto errout;
+            if (*ccache != NULL)
+                break;
+        }
+        /* fall through */
     case CCCURSOR_PERTYPE:
-	cursor->pos = CCCURSOR_PERTYPE;
-	do {
-	    ret = cccol_pertype_next(context, cursor, ccache);
-	    if (ret)
-		goto errout;
-	} while (cccol_already(context, cursor, ccache));
-	break;
+        cursor->pos = CCCURSOR_PERTYPE;
+        do {
+            ret = cccol_pertype_next(context, cursor, ccache);
+            if (ret)
+                goto errout;
+        } while (cccol_already(context, cursor, ccache));
+        break;
     }
 errout:
     return ret;
@@ -180,18 +181,18 @@ krb5_cccol_cursor_free(
     int i;
 
     if (c == NULL)
-	return 0;
+        return 0;
 
     for (i = 0; i < NFULLNAMES; i++) {
-	if (c->fullnames[i].pfx != NULL)
-	    free(c->fullnames[i].pfx);
-	if (c->fullnames[i].res != NULL)
-	    free(c->fullnames[i].res);
+        if (c->fullnames[i].pfx != NULL)
+            free(c->fullnames[i].pfx);
+        if (c->fullnames[i].res != NULL)
+            free(c->fullnames[i].res);
     }
     if (c->ptcursor != NULL)
-	c->ops->ptcursor_free(context, &c->ptcursor);
+        c->ops->ptcursor_free(context, &c->ptcursor);
     if (c->typecursor != NULL)
-	krb5int_cc_typecursor_free(context, &c->typecursor);
+        krb5int_cc_typecursor_free(context, &c->typecursor);
     free(c);
 
     *cursor = NULL;
@@ -200,7 +201,7 @@ krb5_cccol_cursor_free(
 
 krb5_error_code KRB5_CALLCONV
 krb5_cccol_last_change_time(
-    krb5_context context, 
+    krb5_context context,
     krb5_timestamp *change_time)
 {
     krb5_error_code ret = 0;
@@ -208,11 +209,11 @@ krb5_cccol_last_change_time(
     krb5_ccache ccache = NULL;
     krb5_timestamp last_time = 0;
     krb5_timestamp max_change_time = 0;
-    
+
     *change_time = 0;
-    
+
     ret = krb5_cccol_cursor_new(context, &c);
-    
+
     while (!ret) {
         ret = krb5_cccol_cursor_next(context, c, &ccache);
         if (ccache) {
@@ -248,19 +249,19 @@ cccol_already(
     int i;
 
     if (*ccache == NULL)
-	return 0;
+        return 0;
     name = krb5_cc_get_name(context, *ccache);
     if (name == NULL)
-	return 0;
+        return 0;
     prefix = krb5_cc_get_type(context, *ccache);
 
     assert(c->cur_fullname < NFULLNAMES);
     for (i = 0; i < c->cur_fullname; i++) {
-	if (cccol_cmpname(prefix, name, &c->fullnames[i])) {
-	    krb5_cc_close(context, *ccache);
-	    *ccache = NULL;
-	    return 1;
-	}
+        if (cccol_cmpname(prefix, name, &c->fullnames[i])) {
+            krb5_cc_close(context, *ccache);
+            *ccache = NULL;
+            return 1;
+        }
     }
     return 0;
 }
@@ -275,11 +276,11 @@ cccol_cmpname(
     struct cc_fullname *fullname)
 {
     if (fullname->pfx == NULL || fullname->res == NULL)
-	return 0;
+        return 0;
     if (strcmp(prefix, fullname->pfx))
-	return 0;
+        return 0;
     if (strcmp(name, fullname->res))
-	return 0;
+        return 0;
 
     return 1;
 }
@@ -303,10 +304,10 @@ cccol_do_resolve(
     assert(cursor->cur_fullname < NFULLNAMES);
     ret = krb5_cc_resolve(context, name, ccache);
     if (ret)
-	return ret;
+        return ret;
 
     if (cccol_already(context, cursor, ccache))
-	return 0;
+        return 0;
 
     fullname = &cursor->fullnames[cursor->cur_fullname];
     fullname->pfx = strdup(krb5_cc_get_type(context, *ccache));
@@ -331,35 +332,35 @@ cccol_pertype_next(
 
     /* Are we out of backends? */
     if (cursor->ops == NULL)
-	return 0;
+        return 0;
     /*
      * Loop in case there are multiple backends with empty ccache
      * lists.
      */
     while (*ccache == NULL) {
-	ret = cursor->ops->ptcursor_next(context, cursor->ptcursor, ccache);
-	if (ret)
-	    goto errout;
-	if (*ccache != NULL)
-	    return 0;
-
-	ret = cursor->ops->ptcursor_free(context, &cursor->ptcursor);
-	if (ret)
-	    goto errout;
-
-	do {
-	    /* Find first backend with ptcursor functionality. */
-	    ret = krb5int_cc_typecursor_next(context, cursor->typecursor,
-					     &cursor->ops);
-	    if (ret)
-		goto errout;
-	    if (cursor->ops == NULL)
-		return 0;
-	} while (cursor->ops->ptcursor_new == NULL);
-
-	ret = cursor->ops->ptcursor_new(context, &cursor->ptcursor);
-	if (ret)
-	    goto errout;
+        ret = cursor->ops->ptcursor_next(context, cursor->ptcursor, ccache);
+        if (ret)
+            goto errout;
+        if (*ccache != NULL)
+            return 0;
+
+        ret = cursor->ops->ptcursor_free(context, &cursor->ptcursor);
+        if (ret)
+            goto errout;
+
+        do {
+            /* Find first backend with ptcursor functionality. */
+            ret = krb5int_cc_typecursor_next(context, cursor->typecursor,
+                                             &cursor->ops);
+            if (ret)
+                goto errout;
+            if (cursor->ops == NULL)
+                return 0;
+        } while (cursor->ops->ptcursor_new == NULL);
+
+        ret = cursor->ops->ptcursor_new(context, &cursor->ptcursor);
+        if (ret)
+            goto errout;
     }
 errout:
     return ret;
diff --git a/src/lib/krb5/ccache/ccdefault.c b/src/lib/krb5/ccache/ccdefault.c
index c4f9f292e..a4498d069 100644
--- a/src/lib/krb5/ccache/ccdefault.c
+++ b/src/lib/krb5/ccache/ccdefault.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/ccdefault.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Find default credential cache
  */
@@ -46,20 +47,20 @@ static HANDLE hLeashDLL = INVALID_HANDLE_VALUE;
 krb5_error_code KRB5_CALLCONV
 krb5_cc_default(krb5_context context, krb5_ccache *ccache)
 {
-	const char *default_name;
-
-	if (!context || context->magic != KV5M_CONTEXT)
-		return KV5M_CONTEXT;
-
-	default_name = krb5_cc_default_name(context);
-	if (default_name == NULL) {
-	    /* Could be a bogus context, or an allocation failure, or
-	       other things.  Unfortunately the API doesn't allow us
-	       to find out any specifics.  */
-	    return KRB5_FCC_INTERNAL;
-	}
-	
-	return krb5_cc_resolve(context, default_name, ccache);
+    const char *default_name;
+
+    if (!context || context->magic != KV5M_CONTEXT)
+        return KV5M_CONTEXT;
+
+    default_name = krb5_cc_default_name(context);
+    if (default_name == NULL) {
+        /* Could be a bogus context, or an allocation failure, or
+           other things.  Unfortunately the API doesn't allow us
+           to find out any specifics.  */
+        return KRB5_FCC_INTERNAL;
+    }
+
+    return krb5_cc_resolve(context, default_name, ccache);
 }
 
 /* This is the internal function which opens the default ccache.  On
@@ -85,35 +86,35 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache)
         kim_identity identity = KIM_IDENTITY_ANY;
         kim_credential_state state;
         kim_string name = NULL;
-        
-        err = kim_ccache_create_from_display_name (&kimccache, 
+
+        err = kim_ccache_create_from_display_name (&kimccache,
                                                    krb5_cc_default_name (context));
-        
+
         if (!err) {
             err = kim_ccache_get_client_identity (kimccache, &identity);
         }
-        
+
         if (!err) {
             err = kim_ccache_get_state (kimccache, &state);
         }
-                        
+
         if (err || state != kim_credentials_state_valid) {
             /* Either the ccache is does not exist or is invalid.  Get new
              * tickets.  Use the identity in the ccache if there was one. */
             kim_ccache_free (&kimccache);
-            err = kim_ccache_create_new (&kimccache, 
+            err = kim_ccache_create_new (&kimccache,
                                          identity, KIM_OPTIONS_DEFAULT);
         }
-        
+
         if (!err) {
             err = kim_ccache_get_display_name (kimccache, &name);
         }
-        
+
         if (!err) {
-             krb5_cc_set_default_name (context, name);
+            krb5_cc_set_default_name (context, name);
         }
 
-        kim_identity_free (&identity); 
+        kim_identity_free (&identity);
         kim_string_free (&name);
         kim_ccache_free (&kimccache);
     }
@@ -123,19 +124,19 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache)
         hLeashDLL = LoadLibrary(LEASH_DLL);
         if ( hLeashDLL != INVALID_HANDLE_VALUE ) {
             (FARPROC) pLeash_AcquireInitialTicketsIfNeeded =
-            GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded");
+                GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded");
         }
     }
-    
+
     if ( pLeash_AcquireInitialTicketsIfNeeded ) {
-	char ccname[256]="";
+        char ccname[256]="";
         pLeash_AcquireInitialTicketsIfNeeded(context, NULL, ccname, sizeof(ccname));
-	if (ccname[0]) {
+        if (ccname[0]) {
             char * ccdefname = krb5_cc_default_name (context);
             if (!ccdefname || strcmp (ccdefname, ccname) != 0) {
                 krb5_cc_set_default_name (context, ccname);
             }
-	}
+        }
     }
 #endif
 #endif
diff --git a/src/lib/krb5/ccache/ccdefops.c b/src/lib/krb5/ccache/ccdefops.c
index 949758bdf..e517a2543 100644
--- a/src/lib/krb5/ccache/ccdefops.c
+++ b/src/lib/krb5/ccache/ccdefops.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/ccdefops.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Default credentials cache determination.  This is a separate file
  * so that the user can more easily override it.
@@ -35,7 +36,7 @@
 /*
  * Macs use the shared, memory based credentials cache
  * Windows may also use the ccapi cache, but only if the Krbcc32.dll
- * can be found; otherwise it falls back to using the old 
+ * can be found; otherwise it falls back to using the old
  * file-based ccache.
  */
 #include "stdcc.h" /* from ccapi subdir */
diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c
index abfc037be..e12dd563f 100644
--- a/src/lib/krb5/ccache/ccfns.c
+++ b/src/lib/krb5/ccache/ccfns.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/ccfns.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -44,7 +45,7 @@ krb5_cc_gen_new (krb5_context context, krb5_ccache *cache)
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_initialize(krb5_context context, krb5_ccache cache,
-		   krb5_principal principal)
+                   krb5_principal principal)
 {
     return cache->ops->init(context, cache, principal);
 }
@@ -63,7 +64,7 @@ krb5_cc_close (krb5_context context, krb5_ccache cache)
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
-		    krb5_creds *creds)
+                    krb5_creds *creds)
 {
     krb5_error_code ret;
     krb5_ticket *tkt;
@@ -97,17 +98,17 @@ krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
-		       krb5_flags flags, krb5_creds *mcreds,
-		       krb5_creds *creds)
+                       krb5_flags flags, krb5_creds *mcreds,
+                       krb5_creds *creds)
 {
     krb5_error_code ret;
     krb5_data tmprealm;
 
     ret = cache->ops->retrieve(context, cache, flags, mcreds, creds);
     if (ret != KRB5_CC_NOTFOUND)
-	return ret;
+        return ret;
     if (!krb5_is_referral_realm(&mcreds->server->realm))
-	return ret;
+        return ret;
 
     /*
      * Retry using client's realm if service has referral realm.
@@ -121,35 +122,35 @@ krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache,
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_get_principal (krb5_context context, krb5_ccache cache,
-		       krb5_principal *principal)
+                       krb5_principal *principal)
 {
     return cache->ops->get_princ(context, cache, principal);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache,
-		       krb5_cc_cursor *cursor)
+                       krb5_cc_cursor *cursor)
 {
     return cache->ops->get_first(context, cache, cursor);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_next_cred (krb5_context context, krb5_ccache cache,
-		   krb5_cc_cursor *cursor, krb5_creds *creds)
+                   krb5_cc_cursor *cursor, krb5_creds *creds)
 {
     return cache->ops->get_next(context, cache, cursor, creds);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache,
-		     krb5_cc_cursor *cursor)
+                     krb5_cc_cursor *cursor)
 {
     return cache->ops->end_get(context, cache, cursor);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags,
-		     krb5_creds *creds)
+                     krb5_creds *creds)
 {
     return cache->ops->remove_cred(context, cache, flags, creds);
 }
@@ -173,8 +174,8 @@ krb5_cc_get_type (krb5_context context, krb5_ccache cache)
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_cc_last_change_time (krb5_context context, krb5_ccache ccache, 
-            krb5_timestamp *change_time)
+krb5_cc_last_change_time (krb5_context context, krb5_ccache ccache,
+                          krb5_timestamp *change_time)
 {
     return ccache->ops->lastchange(context, ccache, change_time);
 }
@@ -190,4 +191,3 @@ krb5_cc_unlock (krb5_context context, krb5_ccache ccache)
 {
     return ccache->ops->unlock(context, ccache);
 }
-
diff --git a/src/lib/krb5/ccache/fcc.h b/src/lib/krb5/ccache/fcc.h
index f349da998..7ca60da8b 100644
--- a/src/lib/krb5/ccache/fcc.h
+++ b/src/lib/krb5/ccache/fcc.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/file/fcc.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * This file contains constant and function declarations used in the
  * file-based credential cache routines.
diff --git a/src/lib/krb5/ccache/scc.h b/src/lib/krb5/ccache/scc.h
index 98acbc25c..c6b5254ba 100644
--- a/src/lib/krb5/ccache/scc.h
+++ b/src/lib/krb5/ccache/scc.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/stdio/scc.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * This file contains constant and function declarations used in the
  * file-based credential cache routines.
@@ -46,14 +47,14 @@
  *
  */
 
-#define KRB5_SCC_FVNO_1   0x0501	/* krb v5, scc v1 */
-#define KRB5_SCC_FVNO_2   0x0502	/* krb v5, scc v2 */
-#define KRB5_SCC_FVNO_3   0x0503	/* krb v5, scc v3 */
-#define KRB5_SCC_FVNO_4   0x0504	/* krb v5, scc v4 */
+#define KRB5_SCC_FVNO_1   0x0501        /* krb v5, scc v1 */
+#define KRB5_SCC_FVNO_2   0x0502        /* krb v5, scc v2 */
+#define KRB5_SCC_FVNO_3   0x0503        /* krb v5, scc v3 */
+#define KRB5_SCC_FVNO_4   0x0504        /* krb v5, scc v4 */
 
-#define	SCC_OPEN_AND_ERASE	1
-#define	SCC_OPEN_RDWR		2
-#define	SCC_OPEN_RDONLY		3
+#define SCC_OPEN_AND_ERASE      1
+#define SCC_OPEN_RDWR           2
+#define SCC_OPEN_RDONLY         3
 
 /* Credential file header tags.
  * The header tags are constructed as:
@@ -63,7 +64,7 @@
  * This format allows for older versions of the fcc processing code to skip
  * past unrecognized tag formats.
  */
-#define SCC_TAG_DELTATIME	1
+#define SCC_TAG_DELTATIME       1
 
 #ifndef TKT_ROOT
 #define TKT_ROOT "/tmp/tkt"
@@ -73,11 +74,11 @@
 #define OPENCLOSE(id) (((krb5_scc_data *)id->data)->flags & KRB5_TC_OPENCLOSE)
 
 typedef struct _krb5_scc_data {
-     char *filename;
-     FILE *file;
-     krb5_flags flags;
-     char stdio_buffer[BUFSIZ];
-     int version;
+    char *filename;
+    FILE *file;
+    krb5_flags flags;
+    char stdio_buffer[BUFSIZ];
+    int version;
 } krb5_scc_data;
 
 /* An off_t can be arbitrarily complex */
@@ -85,17 +86,17 @@ typedef struct _krb5_scc_cursor {
     long pos;
 } krb5_scc_cursor;
 
-#define MAYBE_OPEN(context, ID, MODE) \
-{									\
-    if (OPENCLOSE (ID)) {						\
-	krb5_error_code maybe_open_ret = krb5_scc_open_file (context, ID,MODE);	\
-	if (maybe_open_ret) return maybe_open_ret; } }
+#define MAYBE_OPEN(context, ID, MODE)                                   \
+    {                                                                   \
+        if (OPENCLOSE (ID)) {                                           \
+            krb5_error_code maybe_open_ret = krb5_scc_open_file (context, ID,MODE); \
+            if (maybe_open_ret) return maybe_open_ret; } }
 
-#define MAYBE_CLOSE(context, ID, RET) \
-{									\
-    if (OPENCLOSE (ID)) {						\
-	krb5_error_code maybe_close_ret = krb5_scc_close_file (context, ID);	\
-	if (!(RET)) RET = maybe_close_ret; } }
+#define MAYBE_CLOSE(context, ID, RET)                                   \
+    {                                                                   \
+        if (OPENCLOSE (ID)) {                                           \
+            krb5_error_code maybe_close_ret = krb5_scc_close_file (context, ID); \
+            if (!(RET)) RET = maybe_close_ret; } }
 
 /* DO NOT ADD ANYTHING AFTER THIS #endif */
 #endif /* __KRB5_FILE_CCACHE__ */
diff --git a/src/lib/krb5/ccache/ser_cc.c b/src/lib/krb5/ccache/ser_cc.c
index 882dbf714..dfe5e6040 100644
--- a/src/lib/krb5/ccache/ser_cc.c
+++ b/src/lib/krb5/ccache/ser_cc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/ser_rc.c
  *
@@ -32,129 +33,129 @@
 
 /*
  * Routines to deal with externalizing krb5_ccache.
- *	krb5_ccache_size();
- *	krb5_ccache_externalize();
- *	krb5_ccache_internalize();
+ *      krb5_ccache_size();
+ *      krb5_ccache_externalize();
+ *      krb5_ccache_internalize();
  */
 static krb5_error_code krb5_ccache_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_ccache_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_ccache_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /*
  * Serialization entry for this type.
  */
 static const krb5_ser_entry krb5_ccache_ser_entry = {
-    KV5M_CCACHE,			/* Type			*/
-    krb5_ccache_size,			/* Sizer routine	*/
-    krb5_ccache_externalize,		/* Externalize routine	*/
-    krb5_ccache_internalize		/* Internalize routine	*/
+    KV5M_CCACHE,                        /* Type                 */
+    krb5_ccache_size,                   /* Sizer routine        */
+    krb5_ccache_externalize,            /* Externalize routine  */
+    krb5_ccache_internalize             /* Internalize routine  */
 };
 
 /*
- * krb5_ccache_size()	- Determine the size required to externalize
- *				  this krb5_ccache variant.
+ * krb5_ccache_size()   - Determine the size required to externalize
+ *                                this krb5_ccache variant.
  */
 static krb5_error_code
 krb5_ccache_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_ccache		ccache;
-    size_t		required;
+    krb5_error_code     kret;
+    krb5_ccache         ccache;
+    size_t              required;
 
     kret = EINVAL;
     if ((ccache = (krb5_ccache) arg)) {
-	/*
-	 * Saving FILE: variants of krb5_ccache requires at minimum:
-	 *	krb5_int32	for KV5M_CCACHE
-	 *	krb5_int32	for length of ccache name.
-	 *	krb5_int32	for KV5M_CCACHE
-	 */
-	required = sizeof(krb5_int32) * 3;
-	if (ccache->ops->prefix)
-	    required += (strlen(ccache->ops->prefix)+1);
-
-	/*
-	 * The ccache name is formed as follows:
-	 *	<prefix>:<name>
-	 */
-	required += strlen(krb5_cc_get_name(kcontext, ccache));
-
-	kret = 0;
-	*sizep += required;
+        /*
+         * Saving FILE: variants of krb5_ccache requires at minimum:
+         *      krb5_int32      for KV5M_CCACHE
+         *      krb5_int32      for length of ccache name.
+         *      krb5_int32      for KV5M_CCACHE
+         */
+        required = sizeof(krb5_int32) * 3;
+        if (ccache->ops->prefix)
+            required += (strlen(ccache->ops->prefix)+1);
+
+        /*
+         * The ccache name is formed as follows:
+         *      <prefix>:<name>
+         */
+        required += strlen(krb5_cc_get_name(kcontext, ccache));
+
+        kret = 0;
+        *sizep += required;
     }
     return(kret);
 }
 
 /*
- * krb5_ccache_externalize()	- Externalize the krb5_ccache.
+ * krb5_ccache_externalize()    - Externalize the krb5_ccache.
  */
 static krb5_error_code
 krb5_ccache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_ccache		ccache;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
-    char		*ccname;
-    const char		*fnamep;
+    krb5_error_code     kret;
+    krb5_ccache         ccache;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+    char                *ccname;
+    const char          *fnamep;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((ccache = (krb5_ccache) arg)) {
-	kret = ENOMEM;
-	if (!krb5_ccache_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    /* Our identifier */
-	    (void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain);
-
-	    fnamep = krb5_cc_get_name(kcontext, ccache);
-
-	    if (ccache->ops->prefix) {
-		if (asprintf(&ccname, "%s:%s", ccache->ops->prefix, fnamep) < 0)
-		    ccname = NULL;
-	    } else
-		ccname = strdup(fnamep);
-
-	    if (ccname) {
-		/* Put the length of the file name */
-		(void) krb5_ser_pack_int32((krb5_int32) strlen(ccname),
-					   &bp, &remain);
-		
-		/* Put the name */
-		(void) krb5_ser_pack_bytes((krb5_octet *) ccname,
-					   strlen(ccname),
-					   &bp, &remain);
-
-		/* Put the trailer */
-		(void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain);
-		kret = 0;
-		*buffer = bp;
-		*lenremain = remain;
-		free(ccname);
-	    }
-	}
+        kret = ENOMEM;
+        if (!krb5_ccache_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain);
+
+            fnamep = krb5_cc_get_name(kcontext, ccache);
+
+            if (ccache->ops->prefix) {
+                if (asprintf(&ccname, "%s:%s", ccache->ops->prefix, fnamep) < 0)
+                    ccname = NULL;
+            } else
+                ccname = strdup(fnamep);
+
+            if (ccname) {
+                /* Put the length of the file name */
+                (void) krb5_ser_pack_int32((krb5_int32) strlen(ccname),
+                                           &bp, &remain);
+
+                /* Put the name */
+                (void) krb5_ser_pack_bytes((krb5_octet *) ccname,
+                                           strlen(ccname),
+                                           &bp, &remain);
+
+                /* Put the trailer */
+                (void) krb5_ser_pack_int32(KV5M_CCACHE, &bp, &remain);
+                kret = 0;
+                *buffer = bp;
+                *lenremain = remain;
+                free(ccname);
+            }
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_ccache_internalize()	- Internalize the krb5_ccache.
+ * krb5_ccache_internalize()    - Internalize the krb5_ccache.
  */
 static krb5_error_code
 krb5_ccache_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_ccache		ccache;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
-    char		*ccname = NULL;
+    krb5_error_code     kret;
+    krb5_ccache         ccache;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    char                *ccname = NULL;
 
     *argp = NULL;
 
@@ -164,40 +165,40 @@ krb5_ccache_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **
     /* Read our magic number. */
     kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (kret)
-	return kret;
+        return kret;
     if (ibuf != KV5M_CCACHE)
-	return EINVAL;
+        return EINVAL;
 
     /* Unpack and validate the length of the ccache name. */
     kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (kret)
-	return kret;
+        return kret;
     if (ibuf < 0 || ibuf > remain)
-	return EINVAL;
+        return EINVAL;
 
     /* Allocate and unpack the name. */
     ccname = malloc(ibuf + 1);
     if (!ccname)
-	return ENOMEM;
+        return ENOMEM;
     kret = krb5_ser_unpack_bytes((krb5_octet *) ccname, (size_t) ibuf,
-				 &bp, &remain);
+                                 &bp, &remain);
     if (kret)
-	goto cleanup;
+        goto cleanup;
     ccname[ibuf] = '\0';
 
     /* Read the second magic number. */
     kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (kret)
-	goto cleanup;
+        goto cleanup;
     if (ibuf != KV5M_CCACHE) {
-	kret = EINVAL;
-	goto cleanup;
+        kret = EINVAL;
+        goto cleanup;
     }
 
     /* Resolve the named credential cache. */
     kret = krb5_cc_resolve(kcontext, ccname, &ccache);
     if (kret)
-	goto cleanup;
+        goto cleanup;
 
     *buffer = bp;
     *lenremain = remain;
diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c
index c243809a6..466fa232f 100644
--- a/src/lib/krb5/ccache/t_cc.c
+++ b/src/lib/krb5/ccache/t_cc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/scc_test.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  */
 
@@ -44,273 +45,273 @@ int debug=0;
 
 static void init_structs(void)
 {
-  static int add=0x12345;
-
-  static krb5_address addr;
-
-  static krb5_address *addrs[] = {
-    &addr,
-    0,
-  };
-
-  addr.magic = KV5M_ADDRESS;
-  addr.addrtype = ADDRTYPE_INET;
-  addr.length = 4;
-  addr.contents = (krb5_octet *) &add;
-
-  test_creds.magic = KV5M_CREDS;
-  test_creds.client = NULL;
-  test_creds.server = NULL;
-
-  test_creds.keyblock.magic = KV5M_KEYBLOCK;
-  test_creds.keyblock.contents = 0;
-  test_creds.keyblock.enctype = 1;
-  test_creds.keyblock.length = 1;
-  test_creds.keyblock.contents = (unsigned char *) "1";
-  test_creds.times.authtime = 1111;
-  test_creds.times.starttime = 2222;
-  test_creds.times.endtime = 3333;
-  test_creds.times.renew_till = 4444;
-  test_creds.is_skey = 1;
-  test_creds.ticket_flags = 5555;
-  test_creds.addresses = addrs;
-  
+    static int add=0x12345;
+
+    static krb5_address addr;
+
+    static krb5_address *addrs[] = {
+        &addr,
+        0,
+    };
+
+    addr.magic = KV5M_ADDRESS;
+    addr.addrtype = ADDRTYPE_INET;
+    addr.length = 4;
+    addr.contents = (krb5_octet *) &add;
+
+    test_creds.magic = KV5M_CREDS;
+    test_creds.client = NULL;
+    test_creds.server = NULL;
+
+    test_creds.keyblock.magic = KV5M_KEYBLOCK;
+    test_creds.keyblock.contents = 0;
+    test_creds.keyblock.enctype = 1;
+    test_creds.keyblock.length = 1;
+    test_creds.keyblock.contents = (unsigned char *) "1";
+    test_creds.times.authtime = 1111;
+    test_creds.times.starttime = 2222;
+    test_creds.times.endtime = 3333;
+    test_creds.times.renew_till = 4444;
+    test_creds.is_skey = 1;
+    test_creds.ticket_flags = 5555;
+    test_creds.addresses = addrs;
+
 #define SET_TICKET(ent, str) {ent.magic = KV5M_DATA; ent.length = sizeof(str); ent.data = str;}
-  SET_TICKET(test_creds.ticket, "This is ticket 1");
-  SET_TICKET(test_creds.second_ticket, "This is ticket 2");
-  test_creds.authdata = NULL;
+    SET_TICKET(test_creds.ticket, "This is ticket 1");
+    SET_TICKET(test_creds.second_ticket, "This is ticket 2");
+    test_creds.authdata = NULL;
 }
 
 static krb5_error_code init_test_cred(krb5_context context)
 {
-  krb5_error_code kret;
-  unsigned int i;
-  krb5_authdata *a;
+    krb5_error_code kret;
+    unsigned int i;
+    krb5_authdata *a;
 #define REALM "REALM"
-  kret = krb5_build_principal(context, &test_creds.client, sizeof(REALM), REALM,
-			      "client-comp1", "client-comp2", NULL);
-  if(kret)
-	  return kret;
-
-  kret = krb5_build_principal(context, &test_creds.server, sizeof(REALM), REALM,
-			      "server-comp1", "server-comp2", NULL);
-  if(kret) {
-	  krb5_free_principal(context, test_creds.client);
-	  test_creds.client = 0;
-	  goto cleanup;
-  }
-  
-  test_creds.authdata = malloc (3 * sizeof(krb5_authdata *));
-  if (!test_creds.authdata) { 
-	  kret = ENOMEM;
-	  goto cleanup;
-  }
-  
-  for (i = 0 ; i <= 2 ; i++) {
-	  test_creds.authdata[i] = 0;
-  }
-  a = (krb5_authdata *) malloc(sizeof(krb5_authdata));
-  if(!a) {
-	  kret = ENOMEM;
-	  goto cleanup;
-  }
-  a->magic = KV5M_AUTHDATA;
-  a->ad_type = KRB5_AUTHDATA_IF_RELEVANT;
-  a->contents = (krb5_octet * ) malloc(1);
-  if(!a->contents) {
-	  free(a);
-	  kret = ENOMEM;
-	  goto cleanup;
-  }
-  a->contents[0]=5;
-  a->length = 1;
-  test_creds.authdata[0] = a;
-  
-  a = (krb5_authdata *) malloc(sizeof(krb5_authdata));
-  if(!a) {
-	  kret = ENOMEM;
-	  goto cleanup;
-  }
-  a->magic = KV5M_AUTHDATA;
-  a->ad_type = KRB5_AUTHDATA_KDC_ISSUED;
-  a->contents = (krb5_octet * ) malloc(2);
-  if(!a->contents) {
-	  free(a);
-	  kret = ENOMEM;
-	  goto cleanup;
-  }
-  a->contents[0]=4;
-  a->contents[1]=6;
-  a->length = 2;
-  test_creds.authdata[1] = a;
-  
+    kret = krb5_build_principal(context, &test_creds.client, sizeof(REALM), REALM,
+                                "client-comp1", "client-comp2", NULL);
+    if(kret)
+        return kret;
+
+    kret = krb5_build_principal(context, &test_creds.server, sizeof(REALM), REALM,
+                                "server-comp1", "server-comp2", NULL);
+    if(kret) {
+        krb5_free_principal(context, test_creds.client);
+        test_creds.client = 0;
+        goto cleanup;
+    }
+
+    test_creds.authdata = malloc (3 * sizeof(krb5_authdata *));
+    if (!test_creds.authdata) {
+        kret = ENOMEM;
+        goto cleanup;
+    }
+
+    for (i = 0 ; i <= 2 ; i++) {
+        test_creds.authdata[i] = 0;
+    }
+    a = (krb5_authdata *) malloc(sizeof(krb5_authdata));
+    if(!a) {
+        kret = ENOMEM;
+        goto cleanup;
+    }
+    a->magic = KV5M_AUTHDATA;
+    a->ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+    a->contents = (krb5_octet * ) malloc(1);
+    if(!a->contents) {
+        free(a);
+        kret = ENOMEM;
+        goto cleanup;
+    }
+    a->contents[0]=5;
+    a->length = 1;
+    test_creds.authdata[0] = a;
+
+    a = (krb5_authdata *) malloc(sizeof(krb5_authdata));
+    if(!a) {
+        kret = ENOMEM;
+        goto cleanup;
+    }
+    a->magic = KV5M_AUTHDATA;
+    a->ad_type = KRB5_AUTHDATA_KDC_ISSUED;
+    a->contents = (krb5_octet * ) malloc(2);
+    if(!a->contents) {
+        free(a);
+        kret = ENOMEM;
+        goto cleanup;
+    }
+    a->contents[0]=4;
+    a->contents[1]=6;
+    a->length = 2;
+    test_creds.authdata[1] = a;
+
 cleanup:
-  if(kret) {
-	  if (test_creds.client) {
-		  krb5_free_principal(context, test_creds.client);
-		  test_creds.client = 0;
-	  }
-	  if (test_creds.server) {
-		  krb5_free_principal(context, test_creds.server);
-		  test_creds.server = 0;
-		  
-	  }
-	  if (test_creds.authdata) { 
-		  krb5_free_authdata(context, test_creds.authdata);
-		  test_creds.authdata = 0;
-	  }
-  }
-  
-  return kret;
+    if(kret) {
+        if (test_creds.client) {
+            krb5_free_principal(context, test_creds.client);
+            test_creds.client = 0;
+        }
+        if (test_creds.server) {
+            krb5_free_principal(context, test_creds.server);
+            test_creds.server = 0;
+
+        }
+        if (test_creds.authdata) {
+            krb5_free_authdata(context, test_creds.authdata);
+            test_creds.authdata = 0;
+        }
+    }
+
+    return kret;
 }
 
 static void free_test_cred(krb5_context context)
 {
-  krb5_free_principal(context, test_creds.client);
-
-  krb5_free_principal(context, test_creds.server);
-  
-  if(test_creds.authdata) {
-    krb5_free_authdata(context, test_creds.authdata);
-    test_creds.authdata = 0;
-  }
+    krb5_free_principal(context, test_creds.client);
+
+    krb5_free_principal(context, test_creds.server);
+
+    if(test_creds.authdata) {
+        krb5_free_authdata(context, test_creds.authdata);
+        test_creds.authdata = 0;
+    }
 }
 
-#define CHECK(kret,msg) \
-     if (kret != KRB5_OK) {\
-	  com_err(msg, kret, ""); \
-          fflush(stderr);\
-          exit(1);\
-     } else if(debug) printf("%s went ok\n", msg);
+#define CHECK(kret,msg)                                 \
+    if (kret != KRB5_OK) {                              \
+        com_err(msg, kret, "");                         \
+        fflush(stderr);                                 \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
 
-#define CHECK_STR(str,msg) \
-     if (str == 0) {\
-	  com_err(msg, kret, "");\
-          exit(1);\
-     } else if(debug) printf("%s went ok\n", msg);
+#define CHECK_STR(str,msg)                              \
+    if (str == 0) {                                     \
+        com_err(msg, kret, "");                         \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
 
-#define CHECK_BOOL(expr,errstr,msg) \
-     if (expr) {\
-          fprintf(stderr, "%s %s\n", msg, errstr);	\
-          exit(1); \
-     } else if(debug) printf("%s went ok\n", msg);
+#define CHECK_BOOL(expr,errstr,msg)                     \
+    if (expr) {                                         \
+        fprintf(stderr, "%s %s\n", msg, errstr);        \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
 
-#define CHECK_FAIL(experr, kret, msg) \
-     if (experr != kret) { CHECK(kret, msg);}
+#define CHECK_FAIL(experr, kret, msg)           \
+    if (experr != kret) { CHECK(kret, msg);}
 
 static void cc_test(krb5_context context, const char *name, krb5_flags flags)
 {
-     krb5_ccache id, id2;
-     krb5_creds creds;
-     krb5_error_code kret;
-     krb5_cc_cursor cursor;
-     krb5_principal tmp;
-
-     const char *c_name;
-     char newcache[300];
-     char *save_type;
-
-     kret = init_test_cred(context);
-     CHECK(kret, "init_creds");
-
-     kret = krb5_cc_resolve(context, name, &id);
-     CHECK(kret, "resolve");
-     kret = krb5_cc_initialize(context, id, test_creds.client);
-     CHECK(kret, "initialize");
-     
-     c_name = krb5_cc_get_name(context, id);
-     CHECK_STR(c_name, "get_name");
-
-     c_name = krb5_cc_get_type(context, id);
-     CHECK_STR(c_name, "get_type");
-     save_type=strdup(c_name);
-     CHECK_STR(save_type, "copying type");
-
-     kret = krb5_cc_store_cred(context, id, &test_creds);
-     CHECK(kret, "store");
-
-     kret = krb5_cc_get_principal(context, id, &tmp);
-     CHECK(kret, "get_principal");
-
-     CHECK_BOOL(krb5_realm_compare(context, tmp, test_creds.client) != TRUE,
-		"realms do not match", "realm_compare");
-
-
-     CHECK_BOOL(krb5_principal_compare(context, tmp, test_creds.client) != TRUE,
-		"principals do not match", "principal_compare");
-
-     krb5_free_principal(context, tmp);
-
-     kret = krb5_cc_set_flags (context, id, flags);
-     CHECK(kret, "set_flags");
-
-     kret = krb5_cc_start_seq_get(context, id, &cursor);
-     CHECK(kret, "start_seq_get");
-     kret = 0;
-     while (kret != KRB5_CC_END) {
-	  if(debug) printf("Calling next_cred\n");
-	  kret = krb5_cc_next_cred(context, id, &cursor, &creds);
-	  if(kret == KRB5_CC_END) {
-	    if(debug) printf("next_cred: ok at end\n");
-	  }
-	  else {
-	    CHECK(kret, "next_cred");
-	    krb5_free_cred_contents(context, &creds);
-	  }
-
-     }
-     kret = krb5_cc_end_seq_get(context, id, &cursor);
-     CHECK(kret, "end_seq_get");
-
-     kret = krb5_cc_close(context, id);
-     CHECK(kret, "close");
-
-
-     /* ------------------------------------------------- */
-     kret = krb5_cc_resolve(context, name, &id);
-     CHECK(kret, "resolve2");
-
-     {
-       /* Copy the cache test*/
-       snprintf(newcache, sizeof(newcache), "%s.new", name);
-       kret = krb5_cc_resolve(context, newcache, &id2);
-       CHECK(kret, "resolve of new cache");
-       
-       /* This should fail as the new creds are not initialized */
-       kret = krb5_cc_copy_creds(context, id, id2);
-       CHECK_FAIL(KRB5_FCC_NOFILE, kret, "copy_creds");
-       
-       kret = krb5_cc_initialize(context, id2, test_creds.client);
-       CHECK(kret, "initialize of id2");
-
-       kret = krb5_cc_copy_creds(context, id, id2);
-       CHECK(kret, "copy_creds");
-
-       kret = krb5_cc_destroy(context, id2);
-       CHECK(kret, "destroy new cache");
-     }
-
-     /* Destroy the first cache */
-     kret = krb5_cc_destroy(context, id);
-     CHECK(kret, "destroy");
-
-     /* ----------------------------------------------------- */
-     /* Tests the generate new code */
-     kret = krb5_cc_new_unique(context, save_type,
-			       NULL, &id2);
-     CHECK(kret, "new_unique");
-			       
-     kret = krb5_cc_initialize(context, id2, test_creds.client);
-     CHECK(kret, "initialize");
-
-     kret = krb5_cc_store_cred(context, id2, &test_creds);
-     CHECK(kret, "store");
-
-     kret = krb5_cc_destroy(context, id2);
-     CHECK(kret, "destroy id2");
-
-     free(save_type);
-     free_test_cred(context);
+    krb5_ccache id, id2;
+    krb5_creds creds;
+    krb5_error_code kret;
+    krb5_cc_cursor cursor;
+    krb5_principal tmp;
+
+    const char *c_name;
+    char newcache[300];
+    char *save_type;
+
+    kret = init_test_cred(context);
+    CHECK(kret, "init_creds");
+
+    kret = krb5_cc_resolve(context, name, &id);
+    CHECK(kret, "resolve");
+    kret = krb5_cc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize");
+
+    c_name = krb5_cc_get_name(context, id);
+    CHECK_STR(c_name, "get_name");
+
+    c_name = krb5_cc_get_type(context, id);
+    CHECK_STR(c_name, "get_type");
+    save_type=strdup(c_name);
+    CHECK_STR(save_type, "copying type");
+
+    kret = krb5_cc_store_cred(context, id, &test_creds);
+    CHECK(kret, "store");
+
+    kret = krb5_cc_get_principal(context, id, &tmp);
+    CHECK(kret, "get_principal");
+
+    CHECK_BOOL(krb5_realm_compare(context, tmp, test_creds.client) != TRUE,
+               "realms do not match", "realm_compare");
+
+
+    CHECK_BOOL(krb5_principal_compare(context, tmp, test_creds.client) != TRUE,
+               "principals do not match", "principal_compare");
+
+    krb5_free_principal(context, tmp);
+
+    kret = krb5_cc_set_flags (context, id, flags);
+    CHECK(kret, "set_flags");
+
+    kret = krb5_cc_start_seq_get(context, id, &cursor);
+    CHECK(kret, "start_seq_get");
+    kret = 0;
+    while (kret != KRB5_CC_END) {
+        if(debug) printf("Calling next_cred\n");
+        kret = krb5_cc_next_cred(context, id, &cursor, &creds);
+        if(kret == KRB5_CC_END) {
+            if(debug) printf("next_cred: ok at end\n");
+        }
+        else {
+            CHECK(kret, "next_cred");
+            krb5_free_cred_contents(context, &creds);
+        }
+
+    }
+    kret = krb5_cc_end_seq_get(context, id, &cursor);
+    CHECK(kret, "end_seq_get");
+
+    kret = krb5_cc_close(context, id);
+    CHECK(kret, "close");
+
+
+    /* ------------------------------------------------- */
+    kret = krb5_cc_resolve(context, name, &id);
+    CHECK(kret, "resolve2");
+
+    {
+        /* Copy the cache test*/
+        snprintf(newcache, sizeof(newcache), "%s.new", name);
+        kret = krb5_cc_resolve(context, newcache, &id2);
+        CHECK(kret, "resolve of new cache");
+
+        /* This should fail as the new creds are not initialized */
+        kret = krb5_cc_copy_creds(context, id, id2);
+        CHECK_FAIL(KRB5_FCC_NOFILE, kret, "copy_creds");
+
+        kret = krb5_cc_initialize(context, id2, test_creds.client);
+        CHECK(kret, "initialize of id2");
+
+        kret = krb5_cc_copy_creds(context, id, id2);
+        CHECK(kret, "copy_creds");
+
+        kret = krb5_cc_destroy(context, id2);
+        CHECK(kret, "destroy new cache");
+    }
+
+    /* Destroy the first cache */
+    kret = krb5_cc_destroy(context, id);
+    CHECK(kret, "destroy");
+
+    /* ----------------------------------------------------- */
+    /* Tests the generate new code */
+    kret = krb5_cc_new_unique(context, save_type,
+                              NULL, &id2);
+    CHECK(kret, "new_unique");
+
+    kret = krb5_cc_initialize(context, id2, test_creds.client);
+    CHECK(kret, "initialize");
+
+    kret = krb5_cc_store_cred(context, id2, &test_creds);
+    CHECK(kret, "store");
+
+    kret = krb5_cc_destroy(context, id2);
+    CHECK(kret, "destroy id2");
+
+    free(save_type);
+    free_test_cred(context);
 
 }
 
@@ -319,66 +320,66 @@ static void cc_test(krb5_context context, const char *name, krb5_flags flags)
  */
 static int check_registered(krb5_context context, const char *prefix)
 {
-  char name[300];
-  krb5_error_code kret;
-  krb5_ccache id;
-
-  snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid());
-
-  kret = krb5_cc_resolve(context, name, &id);
-  if(kret != KRB5_OK) {
-    if(kret == KRB5_CC_UNKNOWN_TYPE)
-      return 0;
-    com_err("Checking on credential type", kret,prefix);
-    fflush(stderr);
-    return 0;
-  }
+    char name[300];
+    krb5_error_code kret;
+    krb5_ccache id;
+
+    snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid());
+
+    kret = krb5_cc_resolve(context, name, &id);
+    if(kret != KRB5_OK) {
+        if(kret == KRB5_CC_UNKNOWN_TYPE)
+            return 0;
+        com_err("Checking on credential type", kret,prefix);
+        fflush(stderr);
+        return 0;
+    }
 
-  kret = krb5_cc_close(context, id);
-  if(kret != KRB5_OK) {
-    com_err("Checking on credential type - closing", kret,prefix);
-    fflush(stderr);
-  }
+    kret = krb5_cc_close(context, id);
+    if(kret != KRB5_OK) {
+        com_err("Checking on credential type - closing", kret,prefix);
+        fflush(stderr);
+    }
 
-  return 1;
+    return 1;
 }
 
 
 static void do_test(krb5_context context, const char *prefix)
 {
-  char name[300];
+    char name[300];
 
-  snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid());
-  printf("Starting test on %s\n", name);
-  cc_test (context, name, 0);
-  cc_test (context, name, !0);
-  printf("Test on %s passed\n", name);
+    snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid());
+    printf("Starting test on %s\n", name);
+    cc_test (context, name, 0);
+    cc_test (context, name, !0);
+    printf("Test on %s passed\n", name);
 }
 
 static void test_misc(krb5_context context)
 {
-  /* Tests for certain error returns */
-  krb5_error_code	kret;
-  krb5_ccache id;
-  const krb5_cc_ops *ops_save;
+    /* Tests for certain error returns */
+    krb5_error_code       kret;
+    krb5_ccache id;
+    const krb5_cc_ops *ops_save;
 
-  fprintf(stderr, "Testing miscellaneous error conditions\n");
+    fprintf(stderr, "Testing miscellaneous error conditions\n");
 
-  kret = krb5_cc_resolve(context, "unknown_method_ep:/tmp/name", &id);
-  if (kret != KRB5_CC_UNKNOWN_TYPE) {
-    CHECK(kret, "resolve unknown type");
-  }
+    kret = krb5_cc_resolve(context, "unknown_method_ep:/tmp/name", &id);
+    if (kret != KRB5_CC_UNKNOWN_TYPE) {
+        CHECK(kret, "resolve unknown type");
+    }
 
-  /* Test for not specifiying a cache type with no defaults */
-  ops_save = krb5_cc_dfl_ops;
-  krb5_cc_dfl_ops = 0;
+    /* Test for not specifiying a cache type with no defaults */
+    ops_save = krb5_cc_dfl_ops;
+    krb5_cc_dfl_ops = 0;
 
-  kret = krb5_cc_resolve(context, "/tmp/e", &id);
-  if (kret != KRB5_CC_BADNAME) {
-    CHECK(kret, "resolve no builtin type");
-  }
+    kret = krb5_cc_resolve(context, "/tmp/e", &id);
+    if (kret != KRB5_CC_BADNAME) {
+        CHECK(kret, "resolve no builtin type");
+    }
 
-  krb5_cc_dfl_ops = ops_save;
+    krb5_cc_dfl_ops = ops_save;
 
 }
 extern const krb5_cc_ops krb5_mcc_ops;
@@ -387,28 +388,28 @@ extern const krb5_cc_ops krb5_fcc_ops;
 int main (void)
 {
     krb5_context context;
-    krb5_error_code	kret;
+    krb5_error_code     kret;
 
     if ((kret = krb5_init_context(&context))) {
-	    printf("Couldn't initialize krb5 library: %s\n",
-		   error_message(kret));
-	    exit(1);
+        printf("Couldn't initialize krb5 library: %s\n",
+               error_message(kret));
+        exit(1);
     }
 
     kret = krb5_cc_register(context, &krb5_mcc_ops,0);
     if(kret && kret != KRB5_CC_TYPE_EXISTS) {
-      CHECK(kret, "register_mem");
+        CHECK(kret, "register_mem");
     }
 
     kret = krb5_cc_register(context, &krb5_fcc_ops,0);
     if(kret && kret != KRB5_CC_TYPE_EXISTS) {
-      CHECK(kret, "register_mem");
+        CHECK(kret, "register_mem");
     }
 
     /* Registering a second time tests for error return */
     kret = krb5_cc_register(context, &krb5_fcc_ops,0);
     if(kret != KRB5_CC_TYPE_EXISTS) {
-      CHECK(kret, "register_mem");
+        CHECK(kret, "register_mem");
     }
 
     /* Registering with override should work */
@@ -421,9 +422,9 @@ int main (void)
     do_test(context, "");
 
     if(check_registered(context, "KEYRING:"))
-      do_test(context, "KEYRING:");
-    else 
-      printf("Skiping KEYRING: test - unregistered type\n");
+        do_test(context, "KEYRING:");
+    else
+        printf("Skiping KEYRING: test - unregistered type\n");
 
     do_test(context, "MEMORY:");
     do_test(context, "FILE:");
diff --git a/src/lib/krb5/ccache/t_cccursor.c b/src/lib/krb5/ccache/t_cccursor.c
index e65beadd0..1e4f4b9e5 100644
--- a/src/lib/krb5/ccache/t_cccursor.c
+++ b/src/lib/krb5/ccache/t_cccursor.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/t_cccursor.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -101,22 +102,22 @@ cr_cache(krb5_context context, const char *ccname, const char *pname)
 
     ret = krb5_cc_resolve(context, ccname, &ccache);
     if (ret)
-	goto errout;
+        goto errout;
     if (pname != NULL) {
-	ret = krb5_parse_name(context, pname, &princ);
-	if (ret)
-	    return ret;
-	ret = krb5_cc_initialize(context, ccache, princ);
-	if (ret)
-	    goto errout;
-	printf("created cache %s with principal %s\n", ccname, pname);
+        ret = krb5_parse_name(context, pname, &princ);
+        if (ret)
+            return ret;
+        ret = krb5_cc_initialize(context, ccache, princ);
+        if (ret)
+            goto errout;
+        printf("created cache %s with principal %s\n", ccname, pname);
     } else
-	printf("created cache %s (uninitialized)\n", ccname);
+        printf("created cache %s (uninitialized)\n", ccname);
 errout:
     if (princ != NULL)
-	krb5_free_principal(context, princ);
+        krb5_free_principal(context, princ);
     if (ccache != NULL)
-	krb5_cc_close(context, ccache);
+        krb5_cc_close(context, ccache);
     return ret;
 }
 
@@ -128,15 +129,15 @@ dest_cache(krb5_context context, const char *ccname, const char *pname)
 
     ret = krb5_cc_resolve(context, ccname, &ccache);
     if (ret)
-	goto errout;
+        goto errout;
     if (pname != NULL) {
-	ret = krb5_cc_destroy(context, ccache);
-	if (ret)
-	    return ret;
-	printf("Destroyed cache %s\n", ccname);
+        ret = krb5_cc_destroy(context, ccache);
+        if (ret)
+            return ret;
+        printf("Destroyed cache %s\n", ccname);
     } else {
-	printf("Closed cache %s (uninitialized)\n", ccname);
-	ret = krb5_cc_close(context, ccache);
+        printf("Closed cache %s (uninitialized)\n", ccname);
+        ret = krb5_cc_close(context, ccache);
     }
 errout:
     return ret;
@@ -147,11 +148,11 @@ do_chk_one(const char *prefix, const char *name, struct chklist *chk)
 {
 
     if (chk->pfx == NULL)
-	return 0;
+        return 0;
     if (strcmp(chk->pfx, prefix) || strcmp(chk->res, name)) {
-	fprintf(stderr, "MATCH FAILED: expected %s:%s\n",
-		chk->pfx, chk->res);
-	return 1;
+        fprintf(stderr, "MATCH FAILED: expected %s:%s\n",
+                chk->pfx, chk->res);
+        return 1;
     }
     return 0;
 }
@@ -175,33 +176,33 @@ do_chk(
     i = 0;
     printf(">>>\n");
     for (i = 0; ; i++) {
-	ret = krb5_cccol_cursor_next(context, cursor, &ccache);
-	if (ret) goto errout;
-	if (ccache == NULL) {
-	    printf("<<< end of list\n");
-	    break;
-	}
-	prefix = krb5_cc_get_type(context, ccache);
-	name = krb5_cc_get_name(context, ccache);
-	printf("cursor: %s:%s\n", prefix, name);
-
-	if (i < nmax) {
-	    if (do_chk_one(prefix, name, &chklist[i])) {
-		*good = 0;
-	    }
-	}
-	ret = krb5_cc_close(context, ccache);
-	if (ret) goto errout;
+        ret = krb5_cccol_cursor_next(context, cursor, &ccache);
+        if (ret) goto errout;
+        if (ccache == NULL) {
+            printf("<<< end of list\n");
+            break;
+        }
+        prefix = krb5_cc_get_type(context, ccache);
+        name = krb5_cc_get_name(context, ccache);
+        printf("cursor: %s:%s\n", prefix, name);
+
+        if (i < nmax) {
+            if (do_chk_one(prefix, name, &chklist[i])) {
+                *good = 0;
+            }
+        }
+        ret = krb5_cc_close(context, ccache);
+        if (ret) goto errout;
     }
 
     if (i != nmax) {
-	fprintf(stderr, "total ccaches %d != expected ccaches %d\n", i, nmax);
-	*good = 0;
+        fprintf(stderr, "total ccaches %d != expected ccaches %d\n", i, nmax);
+        *good = 0;
     }
 
 errout:
     if (cursor != NULL)
-	krb5_cccol_cursor_free(context, &cursor);
+        krb5_cccol_cursor_free(context, &cursor);
     return ret;
 }
 
@@ -216,8 +217,8 @@ main(int argc, char *argv[])
     if (ret) exit(1);
 
     for (i = 0; i < NCRLIST; i++) {
-	ret = cr_cache(context, crlist[i].ccname, crlist[i].pname);
-	if (ret) goto errout;
+        ret = cr_cache(context, crlist[i].ccname, crlist[i].pname);
+        if (ret) goto errout;
     }
 
 #ifdef HAVE_SETENV
@@ -228,7 +229,7 @@ main(int argc, char *argv[])
     printf("KRB5CCNAME=foo\n");
     ret = do_chk(context, chklist0, NCHKLIST0, &good);
     if (ret)
-	goto errout;
+        goto errout;
 
 #ifdef HAVE_SETENV
     setenv("KRB5CCNAME", "MEMORY:env", 1);
@@ -238,28 +239,28 @@ main(int argc, char *argv[])
     printf("KRB5CCNAME=MEMORY:env\n");
     ret = do_chk(context, chklist1, NCHKLIST1, &good);
     if (ret)
-	goto errout;
+        goto errout;
 
     ret = krb5_cc_set_default_name(context, "MEMORY:env");
     if (ret)
-	goto errout;
+        goto errout;
 
     printf("KRB5CCNAME=MEMORY:env, ccdefname=MEMORY:env\n");
     ret = do_chk(context, chklist2, NCHKLIST2, &good);
     if (ret)
-	goto errout;
+        goto errout;
 
     for (i = 0; i < NCRLIST; i++) {
-	ret = dest_cache(context, crlist[i].ccname, crlist[i].pname);
-	if (ret) goto errout;
+        ret = dest_cache(context, crlist[i].ccname, crlist[i].pname);
+        if (ret) goto errout;
     }
 
 errout:
     krb5_free_context(context);
     if (ret) {
-	com_err("main", ret, "");
-	exit(1);
+        com_err("main", ret, "");
+        exit(1);
     } else {
-	exit(!good);
+        exit(!good);
     }
 }
diff --git a/src/lib/krb5/ccache/t_memory.c b/src/lib/krb5/ccache/t_memory.c
index b117aed33..5650280eb 100644
--- a/src/lib/krb5/ccache/t_memory.c
+++ b/src/lib/krb5/ccache/t_memory.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/file/mcc_test.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  */
 
@@ -31,110 +32,109 @@
 
 krb5_data client1 = {
 #define DATA "client1-comp1"
-     sizeof(DATA),
-     DATA,
+    sizeof(DATA),
+    DATA,
 #undef DATA
 };
 
 krb5_data client2 = {
 #define DATA "client1-comp2"
-     sizeof(DATA),
-     DATA,
+    sizeof(DATA),
+    DATA,
 #undef DATA
 };
 
 krb5_data server1 = {
 #define DATA "server1-comp1"
-     sizeof(DATA),
-     DATA,
+    sizeof(DATA),
+    DATA,
 #undef DATA
 };
 
 krb5_data server2 = {
 #define DATA "server1-comp2"
-     sizeof(DATA),
-     DATA,
+    sizeof(DATA),
+    DATA,
 #undef DATA
 };
 
 krb5_creds test_creds = {
-     NULL,
-     NULL,
-     {
-	  1,
-	  1,
-	  (unsigned char *) "1"
-     },
-     {
-	  1111,
-	  2222,
-	  3333,
-	  4444
-     },
-     1,
-     5555,
-     {
+    NULL,
+    NULL,
+    {
+        1,
+        1,
+        (unsigned char *) "1"
+    },
+    {
+        1111,
+        2222,
+        3333,
+        4444
+    },
+    1,
+    5555,
+    {
 #define TICKET "This is ticket 1"
-     sizeof(TICKET),
-     TICKET,
+        sizeof(TICKET),
+        TICKET,
 #undef TICKET
-     },
-     {
+    },
+    {
 #define TICKET "This is ticket 2"
-     sizeof(TICKET),
-     TICKET,
+        sizeof(TICKET),
+        TICKET,
 #undef TICKET
-     },
+    },
 };
 
 void init_test_cred()
 {
-     test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3);
-     test_creds.client[0] = &client1;
-     test_creds.client[1] = &client2;
-     test_creds.client[2] = NULL;
+    test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3);
+    test_creds.client[0] = &client1;
+    test_creds.client[1] = &client2;
+    test_creds.client[2] = NULL;
 
-     test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3);
-     test_creds.server[0] = &server1;
-     test_creds.server[1] = &server2;
-     test_creds.server[2] = NULL;
+    test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3);
+    test_creds.server[0] = &server1;
+    test_creds.server[1] = &server2;
+    test_creds.server[2] = NULL;
 }
 
-#define CHECK(kret,msg) \
-     if (kret != KRB5_OK) {\
-	  printf("%s returned %d\n", msg, kret);\
-     };
-						   
+#define CHECK(kret,msg)                         \
+    if (kret != KRB5_OK) {                      \
+        printf("%s returned %d\n", msg, kret);  \
+    };
+
 void mcc_test()
 {
-     krb5_ccache id;
-     krb5_creds creds;
-     krb5_error_code kret;
-     krb5_cc_cursor cursor;
+    krb5_ccache id;
+    krb5_creds creds;
+    krb5_error_code kret;
+    krb5_cc_cursor cursor;
 
-     init_test_cred();
+    init_test_cred();
 
-     kret = krb5_mcc_resolve(context, &id, "/tmp/tkt_test");
-     CHECK(kret, "resolve");
-     kret = krb5_mcc_initialize(context, id, test_creds.client);
-     CHECK(kret, "initialize");
-     kret = krb5_mcc_store(context, id, &test_creds);
-     CHECK(kret, "store");
+    kret = krb5_mcc_resolve(context, &id, "/tmp/tkt_test");
+    CHECK(kret, "resolve");
+    kret = krb5_mcc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize");
+    kret = krb5_mcc_store(context, id, &test_creds);
+    CHECK(kret, "store");
 
-     kret = krb5_mcc_start_seq_get(context, id, &cursor);
-     CHECK(kret, "start_seq_get");
-     kret = 0;
-     while (kret != KRB5_CC_END) {
-	  printf("Calling next_cred\n");
-	  kret = krb5_mcc_next_cred(context, id, &cursor, &creds);
-	  CHECK(kret, "next_cred");
-     }
-     kret = krb5_mcc_end_seq_get(context, id, &cursor);
-     CHECK(kret, "end_seq_get");
+    kret = krb5_mcc_start_seq_get(context, id, &cursor);
+    CHECK(kret, "start_seq_get");
+    kret = 0;
+    while (kret != KRB5_CC_END) {
+        printf("Calling next_cred\n");
+        kret = krb5_mcc_next_cred(context, id, &cursor, &creds);
+        CHECK(kret, "next_cred");
+    }
+    kret = krb5_mcc_end_seq_get(context, id, &cursor);
+    CHECK(kret, "end_seq_get");
 
-     kret = krb5_mcc_destroy(context, id);
-     CHECK(kret, "destroy");
-     kret = krb5_mcc_close(context, id);
-     CHECK(kret, "close");
+    kret = krb5_mcc_destroy(context, id);
+    CHECK(kret, "destroy");
+    kret = krb5_mcc_close(context, id);
+    CHECK(kret, "close");
 }
-
diff --git a/src/lib/krb5/ccache/t_stdio.c b/src/lib/krb5/ccache/t_stdio.c
index a76d1fcd7..f17d50647 100644
--- a/src/lib/krb5/ccache/t_stdio.c
+++ b/src/lib/krb5/ccache/t_stdio.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/ccache/stdio/scc_test.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  */
 
@@ -31,29 +32,29 @@
 
 krb5_data client1 = {
 #define DATA "client1-comp1"
-     sizeof(DATA),
-     DATA,
+    sizeof(DATA),
+    DATA,
 #undef DATA
 };
 
 krb5_data client2 = {
 #define DATA "client1-comp2"
-     sizeof(DATA),
-     DATA,
+    sizeof(DATA),
+    DATA,
 #undef DATA
 };
 
 krb5_data server1 = {
 #define DATA "server1-comp1"
-     sizeof(DATA),
-     DATA,
+    sizeof(DATA),
+    DATA,
 #undef DATA
 };
 
 krb5_data server2 = {
 #define DATA "server1-comp2"
-     sizeof(DATA),
-     DATA,
+    sizeof(DATA),
+    DATA,
 #undef DATA
 };
 
@@ -70,92 +71,92 @@ krb5_address *addrs[] = {
 };
 
 krb5_creds test_creds = {
-     NULL,
-     NULL,
-     {
-	  1,
-	  1,
-	  (unsigned char *) "1"
-     },
-     {
-	  1111,
-	  2222,
-	  3333,
-	  4444,
-     },
-     1,
-     5555,
-     addrs,
-     {
+    NULL,
+    NULL,
+    {
+        1,
+        1,
+        (unsigned char *) "1"
+    },
+    {
+        1111,
+        2222,
+        3333,
+        4444,
+    },
+    1,
+    5555,
+    addrs,
+    {
 #define TICKET "This is ticket 1"
-     sizeof(TICKET),
-     TICKET,
+        sizeof(TICKET),
+        TICKET,
 #undef TICKET
-     },
-     {
+    },
+    {
 #define TICKET "This is ticket 2"
-     sizeof(TICKET),
-     TICKET,
+        sizeof(TICKET),
+        TICKET,
 #undef TICKET
-     },
+    },
 };
 
 void init_test_cred()
 {
-     test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3);
-     test_creds.client[0] = &client1;
-     test_creds.client[1] = &client2;
-     test_creds.client[2] = NULL;
-
-     test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3);
-     test_creds.server[0] = &server1;
-     test_creds.server[1] = &server2;
-     test_creds.server[2] = NULL;
+    test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3);
+    test_creds.client[0] = &client1;
+    test_creds.client[1] = &client2;
+    test_creds.client[2] = NULL;
+
+    test_creds.server = (krb5_principal) malloc(sizeof(krb5_data *)*3);
+    test_creds.server[0] = &server1;
+    test_creds.server[1] = &server2;
+    test_creds.server[2] = NULL;
 }
 
-#define CHECK(kret,msg) \
-     if (kret != KRB5_OK) {\
-	  com_err(msg, kret, "");\
-     } else printf("%s went ok\n", msg);
-						   
+#define CHECK(kret,msg)                         \
+    if (kret != KRB5_OK) {                      \
+        com_err(msg, kret, "");                 \
+    } else printf("%s went ok\n", msg);
+
 int flags = 0;
 void scc_test()
 {
-     krb5_ccache id;
-     krb5_creds creds;
-     krb5_error_code kret;
-     krb5_cc_cursor cursor;
-
-     init_test_cred();
-
-     kret = krb5_scc_resolve(context, &id, "/tmp/tkt_test");
-     CHECK(kret, "resolve");
-     kret = krb5_scc_initialize(context, id, test_creds.client);
-     CHECK(kret, "initialize");
-     kret = krb5_scc_store(id, &test_creds);
-     CHECK(kret, "store");
-
-     kret = krb5_scc_set_flags (id, flags);
-     CHECK(kret, "set_flags");
-     kret = krb5_scc_start_seq_get(id, &cursor);
-     CHECK(kret, "start_seq_get");
-     kret = 0;
-     while (kret != KRB5_CC_END) {
-	  printf("Calling next_cred\n");
-	  kret = krb5_scc_next_cred(id, &cursor, &creds);
-	  CHECK(kret, "next_cred");
-     }
-     kret = krb5_scc_end_seq_get(id, &cursor);
-     CHECK(kret, "end_seq_get");
-
-     kret = krb5_scc_close(id);
-     CHECK(kret, "close");
-
-
-     kret = krb5_scc_resolve(&id, "/tmp/tkt_test");
-     CHECK(kret, "resolve");
-     kret = krb5_scc_destroy(id);
-     CHECK(kret, "destroy");
+    krb5_ccache id;
+    krb5_creds creds;
+    krb5_error_code kret;
+    krb5_cc_cursor cursor;
+
+    init_test_cred();
+
+    kret = krb5_scc_resolve(context, &id, "/tmp/tkt_test");
+    CHECK(kret, "resolve");
+    kret = krb5_scc_initialize(context, id, test_creds.client);
+    CHECK(kret, "initialize");
+    kret = krb5_scc_store(id, &test_creds);
+    CHECK(kret, "store");
+
+    kret = krb5_scc_set_flags (id, flags);
+    CHECK(kret, "set_flags");
+    kret = krb5_scc_start_seq_get(id, &cursor);
+    CHECK(kret, "start_seq_get");
+    kret = 0;
+    while (kret != KRB5_CC_END) {
+        printf("Calling next_cred\n");
+        kret = krb5_scc_next_cred(id, &cursor, &creds);
+        CHECK(kret, "next_cred");
+    }
+    kret = krb5_scc_end_seq_get(id, &cursor);
+    CHECK(kret, "end_seq_get");
+
+    kret = krb5_scc_close(id);
+    CHECK(kret, "close");
+
+
+    kret = krb5_scc_resolve(&id, "/tmp/tkt_test");
+    CHECK(kret, "resolve");
+    kret = krb5_scc_destroy(id);
+    CHECK(kret, "destroy");
 }
 
 int remove (s) char*s; { return unlink(s); }
diff --git a/src/lib/krb5/error_tables/init_ets.c b/src/lib/krb5/error_tables/init_ets.c
index 56a750e75..f682c8512 100644
--- a/src/lib/krb5/error_tables/init_ets.c
+++ b/src/lib/krb5/error_tables/init_ets.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/error_tables/init_ets.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Initialize Kerberos library error tables.
  */
@@ -35,12 +36,12 @@ krb5_init_ets (krb5_context context)
     static int inited = 0;
 
     if (inited == 0) {
-	    initialize_krb5_error_table();
-	    initialize_kv5m_error_table();
-	    initialize_kdb5_error_table();
-	    initialize_asn1_error_table();
-	    initialize_k524_error_table();
-	    inited++;
+        initialize_krb5_error_table();
+        initialize_kv5m_error_table();
+        initialize_kdb5_error_table();
+        initialize_asn1_error_table();
+        initialize_k524_error_table();
+        inited++;
     }
 }
 
diff --git a/src/lib/krb5/keytab/kt-int.h b/src/lib/krb5/keytab/kt-int.h
index e62b2d3f1..383d346f7 100644
--- a/src/lib/krb5/keytab/kt-int.h
+++ b/src/lib/krb5/keytab/kt-int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/kt-int.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * This file contains constant and function declarations used in the
  * file-based credential cache routines.
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
index 4c90b8b47..c27829ca0 100644
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/kt_file.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #ifndef LEAN_CLIENT
@@ -40,22 +41,22 @@
  * Constants
  */
 
-#define KRB5_KT_VNO_1	0x0501	/* krb v5, keytab version 1 (DCE compat) */
-#define KRB5_KT_VNO	0x0502	/* krb v5, keytab version 2 (standard)  */
+#define KRB5_KT_VNO_1   0x0501  /* krb v5, keytab version 1 (DCE compat) */
+#define KRB5_KT_VNO     0x0502  /* krb v5, keytab version 2 (standard)  */
 
 #define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO
 
-/* 
+/*
  * Types
  */
 typedef struct _krb5_ktfile_data {
-    char *name;			/* Name of the file */
-    FILE *openf;		/* open file, if any. */
-    char iobuf[BUFSIZ];		/* so we can zap it later */
-    int	version;		/* Version number of keytab */
-    unsigned int iter_count;	/* Number of active iterators */
-    long start_offset;		/* Starting offset after version */
-    k5_mutex_t lock;		/* Protect openf, version */
+    char *name;                 /* Name of the file */
+    FILE *openf;                /* open file, if any. */
+    char iobuf[BUFSIZ];         /* so we can zap it later */
+    int version;                /* Version number of keytab */
+    unsigned int iter_count;    /* Number of active iterators */
+    long start_offset;          /* Starting offset after version */
+    k5_mutex_t lock;            /* Protect openf, version */
 } krb5_ktfile_data;
 
 /*
@@ -93,114 +94,114 @@ typedef struct _krb5_ktfile_data {
 extern const struct _krb5_kt_ops krb5_ktf_ops;
 extern const struct _krb5_kt_ops krb5_ktf_writable_ops;
 
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve 
-	(krb5_context,
-		   const char *,
-		   krb5_keytab *);
-
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_wresolve 
-	(krb5_context,
-		   const char *,
-		   krb5_keytab *);
-
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name 
-	(krb5_context,
-		   krb5_keytab,
-		   char *,
-		   unsigned int);
-
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_close 
-	(krb5_context,
-		   krb5_keytab);
-
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_const_principal,
-		   krb5_kvno,
-		   krb5_enctype,
-		   krb5_keytab_entry *);
-
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_start_seq_get 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_kt_cursor *);
-
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *,
-		   krb5_kt_cursor *);
-
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_kt_cursor *);
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_resolve
+(krb5_context,
+ const char *,
+ krb5_keytab *);
+
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_wresolve
+(krb5_context,
+ const char *,
+ krb5_keytab *);
+
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_name
+(krb5_context,
+ krb5_keytab,
+ char *,
+ unsigned int);
+
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_close
+(krb5_context,
+ krb5_keytab);
+
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_entry
+(krb5_context,
+ krb5_keytab,
+ krb5_const_principal,
+ krb5_kvno,
+ krb5_enctype,
+ krb5_keytab_entry *);
+
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_start_seq_get
+(krb5_context,
+ krb5_keytab,
+ krb5_kt_cursor *);
+
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_get_next
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *,
+ krb5_kt_cursor *);
+
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_end_get
+(krb5_context,
+ krb5_keytab,
+ krb5_kt_cursor *);
 
 /* routines to be included on extended version (write routines) */
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_add 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *);
-
-static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *);
-
-static krb5_error_code krb5_ktfileint_openr 
-	(krb5_context,
-		   krb5_keytab);
-
-static krb5_error_code krb5_ktfileint_openw 
-	(krb5_context,
-		   krb5_keytab);
-
-static krb5_error_code krb5_ktfileint_close 
-	(krb5_context,
-		   krb5_keytab);
-
-static krb5_error_code krb5_ktfileint_read_entry 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *);
-
-static krb5_error_code krb5_ktfileint_write_entry 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *);
-
-static krb5_error_code krb5_ktfileint_delete_entry 
-	(krb5_context,
-		   krb5_keytab,
-                   krb5_int32);
-
-static krb5_error_code krb5_ktfileint_internal_read_entry 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *,
-                   krb5_int32 *);
-
-static krb5_error_code krb5_ktfileint_size_entry 
-	(krb5_context,
-		   krb5_keytab_entry *,
-                   krb5_int32 *);
-
-static krb5_error_code krb5_ktfileint_find_slot 
-	(krb5_context,
-		   krb5_keytab,
-                   krb5_int32 *,
-                   krb5_int32 *);
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_add
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
+
+static krb5_error_code KRB5_CALLCONV krb5_ktfile_remove
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
+
+static krb5_error_code krb5_ktfileint_openr
+(krb5_context,
+ krb5_keytab);
+
+static krb5_error_code krb5_ktfileint_openw
+(krb5_context,
+ krb5_keytab);
+
+static krb5_error_code krb5_ktfileint_close
+(krb5_context,
+ krb5_keytab);
+
+static krb5_error_code krb5_ktfileint_read_entry
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
+
+static krb5_error_code krb5_ktfileint_write_entry
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
+
+static krb5_error_code krb5_ktfileint_delete_entry
+(krb5_context,
+ krb5_keytab,
+ krb5_int32);
+
+static krb5_error_code krb5_ktfileint_internal_read_entry
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *,
+ krb5_int32 *);
+
+static krb5_error_code krb5_ktfileint_size_entry
+(krb5_context,
+ krb5_keytab_entry *,
+ krb5_int32 *);
+
+static krb5_error_code krb5_ktfileint_find_slot
+(krb5_context,
+ krb5_keytab,
+ krb5_int32 *,
+ krb5_int32 *);
 
 
 /*
- * This is an implementation specific resolver.  It returns a keytab id 
+ * This is an implementation specific resolver.  It returns a keytab id
  * initialized with file keytab routines.
  */
 
 static krb5_error_code
 ktfile_common_resolve(krb5_context context, const char *name,
-		      krb5_keytab *idptr, const struct _krb5_kt_ops *ops)
+                      krb5_keytab *idptr, const struct _krb5_kt_ops *ops)
 {
     krb5_ktfile_data *data = NULL;
     krb5_error_code err = ENOMEM;
@@ -210,20 +211,20 @@ ktfile_common_resolve(krb5_context context, const char *name,
 
     id = calloc(1, sizeof(*id));
     if (id == NULL)
-	return ENOMEM;
-    
+        return ENOMEM;
+
     id->ops = ops;
     data = calloc(1, sizeof(krb5_ktfile_data));
     if (data == NULL)
-	goto cleanup;
+        goto cleanup;
 
     data->name = strdup(name);
     if (data->name == NULL)
-	goto cleanup;
+        goto cleanup;
 
     err = k5_mutex_init(&data->lock);
     if (err)
-	goto cleanup;
+        goto cleanup;
 
     data->openf = 0;
     data->version = 0;
@@ -235,13 +236,13 @@ ktfile_common_resolve(krb5_context context, const char *name,
     return 0;
 cleanup:
     if (data)
-	free(data->name);
+        free(data->name);
     free(data);
     free(id);
     return err;
 }
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id)
 {
     return ktfile_common_resolve(context, name, id, &krb5_ktf_writable_ops);
@@ -253,15 +254,15 @@ krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id)
  * free memory hidden in the structures.
  */
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_close(krb5_context context, krb5_keytab id)
-  /*
-   * This routine is responsible for freeing all memory allocated 
-   * for this keytab.  There are no system resources that need
-   * to be freed nor are there any open files.
-   *
-   * This routine should undo anything done by krb5_ktfile_resolve().
-   */
+/*
+ * This routine is responsible for freeing all memory allocated
+ * for this keytab.  There are no system resources that need
+ * to be freed nor are there any open files.
+ *
+ * This routine should undo anything done by krb5_ktfile_resolve().
+ */
 {
     free(KTFILENAME(id));
     zap(KTFILEBUFP(id), BUFSIZ);
@@ -280,8 +281,8 @@ krb5_ktfile_close(krb5_context context, krb5_keytab id)
 
 static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_get_entry(krb5_context context, krb5_keytab id,
-		      krb5_const_principal principal, krb5_kvno kvno,
-		      krb5_enctype enctype, krb5_keytab_entry *entry)
+                      krb5_const_principal principal, krb5_kvno kvno,
+                      krb5_enctype enctype, krb5_keytab_entry *entry)
 {
     krb5_keytab_entry cur_entry, new_entry;
     krb5_error_code kerror = 0;
@@ -292,27 +293,27 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id,
 
     kerror = KTLOCK(id);
     if (kerror)
-	return kerror;
+        return kerror;
 
     if (KTFILEP(id) != NULL) {
-	was_open = 1;
+        was_open = 1;
 
-	if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) {
-	    KTUNLOCK(id);
-	    return errno;
-	}
+        if (fseek(KTFILEP(id), KTSTARTOFF(id), SEEK_SET) == -1) {
+            KTUNLOCK(id);
+            return errno;
+        }
     } else {
-	was_open = 0;
+        was_open = 0;
 
-	/* Open the keyfile for reading */
-	if ((kerror = krb5_ktfileint_openr(context, id))) {
-	    KTUNLOCK(id);
-	    return(kerror);
-	}
+        /* Open the keyfile for reading */
+        if ((kerror = krb5_ktfileint_openr(context, id))) {
+            KTUNLOCK(id);
+            return(kerror);
+        }
     }
-    
-    /* 
-     * For efficiency and simplicity, we'll use a while true that 
+
+    /*
+     * For efficiency and simplicity, we'll use a while true that
      * is exited with a break statement.
      */
     cur_entry.principal = 0;
@@ -320,111 +321,111 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id,
     cur_entry.key.contents = 0;
 
     while (TRUE) {
-	if ((kerror = krb5_ktfileint_read_entry(context, id, &new_entry)))
-	    break;
-
-	/* by the time this loop exits, it must either free cur_entry,
-	   and copy new_entry there, or free new_entry.  Otherwise, it
-	   leaks. */
-
-	/* if the principal isn't the one requested, free new_entry
-	   and continue to the next. */
-
-	if (!krb5_principal_compare(context, principal, new_entry.principal)) {
-	    krb5_kt_free_entry(context, &new_entry);
-	    continue;
-	}
-
-	/* if the enctype is not ignored and doesn't match, free new_entry
-	   and continue to the next */
-
-	if (enctype != IGNORE_ENCTYPE) {
-	    if ((kerror = krb5_c_enctype_compare(context, enctype, 
-						 new_entry.key.enctype,
-						 &similar))) {
-		krb5_kt_free_entry(context, &new_entry);
-		break;
-	    }
-
-	    if (!similar) {
-		krb5_kt_free_entry(context, &new_entry);
-		continue;
-	    }
-	    /*
-	     * Coerce the enctype of the output keyblock in case we
-	     * got an inexact match on the enctype.
-	     */
-	    new_entry.key.enctype = enctype;
-
-	}
-
-	if (kvno == IGNORE_VNO) {
-	    /* if this is the first match, or if the new vno is
-	       bigger, free the current and keep the new.  Otherwise,
-	       free the new. */
-	    /* A 1.2.x keytab contains only the low 8 bits of the key
-	       version number.  Since it can be much bigger, and thus
-	       the 8-bit value can wrap, we need some heuristics to
-	       figure out the "highest" numbered key if some numbers
-	       close to 255 and some near 0 are used.
-
-	       The heuristic here:
-
-	       If we have any keys with versions over 240, then assume
-	       that all version numbers 0-127 refer to 256+N instead.
-	       Not perfect, but maybe good enough?  */
+        if ((kerror = krb5_ktfileint_read_entry(context, id, &new_entry)))
+            break;
+
+        /* by the time this loop exits, it must either free cur_entry,
+           and copy new_entry there, or free new_entry.  Otherwise, it
+           leaks. */
+
+        /* if the principal isn't the one requested, free new_entry
+           and continue to the next. */
+
+        if (!krb5_principal_compare(context, principal, new_entry.principal)) {
+            krb5_kt_free_entry(context, &new_entry);
+            continue;
+        }
+
+        /* if the enctype is not ignored and doesn't match, free new_entry
+           and continue to the next */
+
+        if (enctype != IGNORE_ENCTYPE) {
+            if ((kerror = krb5_c_enctype_compare(context, enctype,
+                                                 new_entry.key.enctype,
+                                                 &similar))) {
+                krb5_kt_free_entry(context, &new_entry);
+                break;
+            }
+
+            if (!similar) {
+                krb5_kt_free_entry(context, &new_entry);
+                continue;
+            }
+            /*
+             * Coerce the enctype of the output keyblock in case we
+             * got an inexact match on the enctype.
+             */
+            new_entry.key.enctype = enctype;
+
+        }
+
+        if (kvno == IGNORE_VNO) {
+            /* if this is the first match, or if the new vno is
+               bigger, free the current and keep the new.  Otherwise,
+               free the new. */
+            /* A 1.2.x keytab contains only the low 8 bits of the key
+               version number.  Since it can be much bigger, and thus
+               the 8-bit value can wrap, we need some heuristics to
+               figure out the "highest" numbered key if some numbers
+               close to 255 and some near 0 are used.
+
+               The heuristic here:
+
+               If we have any keys with versions over 240, then assume
+               that all version numbers 0-127 refer to 256+N instead.
+               Not perfect, but maybe good enough?  */
 
 #define M(VNO) (((VNO) - kvno_offset + 256) % 256)
 
-	    if (new_entry.vno > 240)
-		kvno_offset = 128;
-	    if (! cur_entry.principal ||
-		M(new_entry.vno) > M(cur_entry.vno)) {
-		krb5_kt_free_entry(context, &cur_entry);
-		cur_entry = new_entry;
-	    } else {
-		krb5_kt_free_entry(context, &new_entry);
-	    }
-	} else {
-	    /* if this kvno matches, free the current (will there ever
-	       be one?), keep the new, and break out.  Otherwise, remember
-	       that we were here so we can return the right error, and
-	       free the new */
-	    /* Yuck.  The krb5-1.2.x keytab format only stores one byte
-	       for the kvno, so we're toast if the kvno requested is
-	       higher than that.  Short-term workaround: only compare
-	       the low 8 bits.  */
-
-	    if (new_entry.vno == (kvno & 0xff)) {
-		krb5_kt_free_entry(context, &cur_entry);
-		cur_entry = new_entry;
-		break;
-	    } else {
-		found_wrong_kvno++;
-		krb5_kt_free_entry(context, &new_entry);
-	    }
-	}
+            if (new_entry.vno > 240)
+                kvno_offset = 128;
+            if (! cur_entry.principal ||
+                M(new_entry.vno) > M(cur_entry.vno)) {
+                krb5_kt_free_entry(context, &cur_entry);
+                cur_entry = new_entry;
+            } else {
+                krb5_kt_free_entry(context, &new_entry);
+            }
+        } else {
+            /* if this kvno matches, free the current (will there ever
+               be one?), keep the new, and break out.  Otherwise, remember
+               that we were here so we can return the right error, and
+               free the new */
+            /* Yuck.  The krb5-1.2.x keytab format only stores one byte
+               for the kvno, so we're toast if the kvno requested is
+               higher than that.  Short-term workaround: only compare
+               the low 8 bits.  */
+
+            if (new_entry.vno == (kvno & 0xff)) {
+                krb5_kt_free_entry(context, &cur_entry);
+                cur_entry = new_entry;
+                break;
+            } else {
+                found_wrong_kvno++;
+                krb5_kt_free_entry(context, &new_entry);
+            }
+        }
     }
 
     if (kerror == KRB5_KT_END) {
-	 if (cur_entry.principal)
-	      kerror = 0;
-	 else if (found_wrong_kvno)
-	      kerror = KRB5_KT_KVNONOTFOUND;
-	 else
-	      kerror = KRB5_KT_NOTFOUND;
+        if (cur_entry.principal)
+            kerror = 0;
+        else if (found_wrong_kvno)
+            kerror = KRB5_KT_KVNONOTFOUND;
+        else
+            kerror = KRB5_KT_NOTFOUND;
     }
     if (kerror) {
-	if (was_open == 0)
-	    (void) krb5_ktfileint_close(context, id);
-	KTUNLOCK(id);
-	krb5_kt_free_entry(context, &cur_entry);
-	return kerror;
+        if (was_open == 0)
+            (void) krb5_ktfileint_close(context, id);
+        KTUNLOCK(id);
+        krb5_kt_free_entry(context, &cur_entry);
+        return kerror;
     }
     if (was_open == 0 && (kerror = krb5_ktfileint_close(context, id)) != 0) {
-	KTUNLOCK(id);
-	krb5_kt_free_entry(context, &cur_entry);
-	return kerror;
+        KTUNLOCK(id);
+        krb5_kt_free_entry(context, &cur_entry);
+        return kerror;
     }
     KTUNLOCK(id);
     *entry = cur_entry;
@@ -437,19 +438,19 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id,
 
 static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len)
-  /* 
-   * This routine returns the name of the name of the file associated with
-   * this file-based keytab.  name is zeroed and the filename is truncated
-   * to fit in name if necessary.  The name is prefixed with PREFIX:, so that
-   * trt will happen if the name is passed back to resolve.
-   */
+/*
+ * This routine returns the name of the name of the file associated with
+ * this file-based keytab.  name is zeroed and the filename is truncated
+ * to fit in name if necessary.  The name is prefixed with PREFIX:, so that
+ * trt will happen if the name is passed back to resolve.
+ */
 {
     int result;
 
     memset(name, 0, len);
     result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id));
     if (SNPRINTF_OVERFLOW(result, len))
-	return(KRB5_KT_NAME_TOOLONG);
+        return(KRB5_KT_NAME_TOOLONG);
     return(0);
 }
 
@@ -465,31 +466,31 @@ krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *
 
     retval = KTLOCK(id);
     if (retval)
-	return retval;
+        return retval;
 
     if (KTITERS(id) == 0) {
-	if ((retval = krb5_ktfileint_openr(context, id))) {
-	    KTUNLOCK(id);
-	    return retval;
-	}
+        if ((retval = krb5_ktfileint_openr(context, id))) {
+            KTUNLOCK(id);
+            return retval;
+        }
     }
 
     if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) {
-	if (KTITERS(id) == 0)
-	    krb5_ktfileint_close(context, id);
-	KTUNLOCK(id);
-	return ENOMEM;
+        if (KTITERS(id) == 0)
+            krb5_ktfileint_close(context, id);
+        KTUNLOCK(id);
+        return ENOMEM;
     }
     *fileoff = KTSTARTOFF(id);
     *cursorp = (krb5_kt_cursor)fileoff;
     KTITERS(id)++;
     if (KTITERS(id) == 0) {
-	/* Wrapped?!  */
-	KTITERS(id)--;
-	KTUNLOCK(id);
-	krb5_set_error_message(context, KRB5_KT_IOERR,
-			       "Too many keytab iterators active");
-	return KRB5_KT_IOERR;	/* XXX */
+        /* Wrapped?!  */
+        KTITERS(id)--;
+        KTUNLOCK(id);
+        krb5_set_error_message(context, KRB5_KT_IOERR,
+                               "Too many keytab iterators active");
+        return KRB5_KT_IOERR;   /* XXX */
     }
     KTUNLOCK(id);
 
@@ -500,7 +501,7 @@ krb5_ktfile_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *
  * krb5_ktfile_get_next()
  */
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
 {
     long *fileoff = (long *)*cursor;
@@ -509,18 +510,18 @@ krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *en
 
     kerror = KTLOCK(id);
     if (kerror)
-	return kerror;
+        return kerror;
     if (KTFILEP(id) == NULL) {
-	KTUNLOCK(id);
-	return KRB5_KT_IOERR;
+        KTUNLOCK(id);
+        return KRB5_KT_IOERR;
     }
     if (fseek(KTFILEP(id), *fileoff, 0) == -1) {
-	KTUNLOCK(id);
-	return KRB5_KT_END;
+        KTUNLOCK(id);
+        return KRB5_KT_END;
     }
     if ((kerror = krb5_ktfileint_read_entry(context, id, &cur_entry))) {
-	KTUNLOCK(id);
-	return kerror;
+        KTUNLOCK(id);
+        return kerror;
     }
     *fileoff = ftell(KTFILEP(id));
     *entry = cur_entry;
@@ -532,7 +533,7 @@ krb5_ktfile_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *en
  * krb5_ktfile_end_get()
  */
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
 {
     krb5_error_code kerror;
@@ -540,12 +541,12 @@ krb5_ktfile_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor
     free(*cursor);
     kerror = KTLOCK(id);
     if (kerror)
-	return kerror;
+        return kerror;
     KTITERS(id)--;
     if (KTFILEP(id) != NULL && KTITERS(id) == 0)
-	kerror = krb5_ktfileint_close(context, id);
+        kerror = krb5_ktfileint_close(context, id);
     else
-	kerror = 0;
+        kerror = 0;
     KTUNLOCK(id);
     return kerror;
 }
@@ -558,183 +559,183 @@ static const char ktfile_def_name[] = ".";
 
 /*
  * Routines to deal with externalizing krb5_keytab for [WR]FILE: variants.
- *	krb5_ktf_keytab_size();
- *	krb5_ktf_keytab_externalize();
- *	krb5_ktf_keytab_internalize();
+ *      krb5_ktf_keytab_size();
+ *      krb5_ktf_keytab_externalize();
+ *      krb5_ktf_keytab_internalize();
  */
 static krb5_error_code krb5_ktf_keytab_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_ktf_keytab_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_ktf_keytab_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /*
  * Serialization entry for this type.
  */
 const krb5_ser_entry krb5_ktfile_ser_entry = {
-    KV5M_KEYTAB,			/* Type			*/
-    krb5_ktf_keytab_size,		/* Sizer routine	*/
-    krb5_ktf_keytab_externalize,	/* Externalize routine	*/
-    krb5_ktf_keytab_internalize		/* Internalize routine	*/
+    KV5M_KEYTAB,                        /* Type                 */
+    krb5_ktf_keytab_size,               /* Sizer routine        */
+    krb5_ktf_keytab_externalize,        /* Externalize routine  */
+    krb5_ktf_keytab_internalize         /* Internalize routine  */
 };
 
 /*
- * krb5_ktf_keytab_size()	- Determine the size required to externalize
- *				  this krb5_keytab variant.
+ * krb5_ktf_keytab_size()       - Determine the size required to externalize
+ *                                this krb5_keytab variant.
  */
 static krb5_error_code
 krb5_ktf_keytab_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_keytab		keytab;
-    size_t		required;
-    krb5_ktfile_data	*ktdata;
+    krb5_error_code     kret;
+    krb5_keytab         keytab;
+    size_t              required;
+    krb5_ktfile_data    *ktdata;
 
     kret = EINVAL;
     if ((keytab = (krb5_keytab) arg)) {
-	/*
-	 * Saving FILE: variants of krb5_keytab requires at minimum:
-	 *	krb5_int32	for KV5M_KEYTAB
-	 *	krb5_int32	for length of keytab name.
-	 *	krb5_int32	for file status.
-	 *	krb5_int32	for file position.
-	 *	krb5_int32	for file position.
-	 *	krb5_int32	for version.
-	 *	krb5_int32	for KV5M_KEYTAB
-	 */
-	required = sizeof(krb5_int32) * 7;
-	if (keytab->ops && keytab->ops->prefix)
-	    required += (strlen(keytab->ops->prefix)+1);
-
-	/*
-	 * The keytab name is formed as follows:
-	 *	<prefix>:<name>
-	 * If there's no name, we use a default name so that we have something
-	 * to call krb5_keytab_resolve with.
-	 */
-	ktdata = (krb5_ktfile_data *) keytab->data;
-	required += strlen((ktdata && ktdata->name) ?
-			   ktdata->name : ktfile_def_name);
-	kret = 0;
-
-	if (!kret)
-	    *sizep += required;
+        /*
+         * Saving FILE: variants of krb5_keytab requires at minimum:
+         *      krb5_int32      for KV5M_KEYTAB
+         *      krb5_int32      for length of keytab name.
+         *      krb5_int32      for file status.
+         *      krb5_int32      for file position.
+         *      krb5_int32      for file position.
+         *      krb5_int32      for version.
+         *      krb5_int32      for KV5M_KEYTAB
+         */
+        required = sizeof(krb5_int32) * 7;
+        if (keytab->ops && keytab->ops->prefix)
+            required += (strlen(keytab->ops->prefix)+1);
+
+        /*
+         * The keytab name is formed as follows:
+         *      <prefix>:<name>
+         * If there's no name, we use a default name so that we have something
+         * to call krb5_keytab_resolve with.
+         */
+        ktdata = (krb5_ktfile_data *) keytab->data;
+        required += strlen((ktdata && ktdata->name) ?
+                           ktdata->name : ktfile_def_name);
+        kret = 0;
+
+        if (!kret)
+            *sizep += required;
     }
     return(kret);
 }
 
 /*
- * krb5_ktf_keytab_externalize()	- Externalize the krb5_keytab.
+ * krb5_ktf_keytab_externalize()        - Externalize the krb5_keytab.
  */
 static krb5_error_code
 krb5_ktf_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_keytab		keytab;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
-    krb5_ktfile_data	*ktdata;
-    krb5_int32		file_is_open;
-    krb5_int64		file_pos;
-    char		*ktname;
-    const char		*fnamep;
+    krb5_error_code     kret;
+    krb5_keytab         keytab;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+    krb5_ktfile_data    *ktdata;
+    krb5_int32          file_is_open;
+    krb5_int64          file_pos;
+    char                *ktname;
+    const char          *fnamep;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((keytab = (krb5_keytab) arg)) {
-	kret = ENOMEM;
-	if (!krb5_ktf_keytab_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    /* Our identifier */
-	    (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain);
-
-	    ktdata = (krb5_ktfile_data *) keytab->data;
-	    file_is_open = 0;
-	    file_pos = 0;
-
-	    /* Calculate the length of the name */
-	    if (ktdata && ktdata->name)
-		fnamep = ktdata->name;
-	    else
-		fnamep = ktfile_def_name;
-
-	    if (keytab->ops && keytab->ops->prefix) {
-		if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0)
-		    ktname = NULL;
-	    } else
-		ktname = strdup(fnamep);
-
-	    if (ktname) {
-		/* Fill in the file-specific keytab information. */
-		if (ktdata) {
-		    if (ktdata->openf) {
-			long	fpos;
-			int	fflags = 0;
-
-			file_is_open = 1;
+        kret = ENOMEM;
+        if (!krb5_ktf_keytab_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain);
+
+            ktdata = (krb5_ktfile_data *) keytab->data;
+            file_is_open = 0;
+            file_pos = 0;
+
+            /* Calculate the length of the name */
+            if (ktdata && ktdata->name)
+                fnamep = ktdata->name;
+            else
+                fnamep = ktfile_def_name;
+
+            if (keytab->ops && keytab->ops->prefix) {
+                if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0)
+                    ktname = NULL;
+            } else
+                ktname = strdup(fnamep);
+
+            if (ktname) {
+                /* Fill in the file-specific keytab information. */
+                if (ktdata) {
+                    if (ktdata->openf) {
+                        long    fpos;
+                        int     fflags = 0;
+
+                        file_is_open = 1;
 #if !defined(_WIN32)
-			fflags = fcntl(fileno(ktdata->openf), F_GETFL, 0);
-			if (fflags > 0)
-			    file_is_open |= ((fflags & O_ACCMODE) << 1);
+                        fflags = fcntl(fileno(ktdata->openf), F_GETFL, 0);
+                        if (fflags > 0)
+                            file_is_open |= ((fflags & O_ACCMODE) << 1);
 #else
-			file_is_open = 0;
+                        file_is_open = 0;
 #endif
-			fpos = ftell(ktdata->openf);
-			file_pos = fpos; /* XX range check? */
-		    }
-		}
-
-		/* Put the length of the file name */
-		(void) krb5_ser_pack_int32((krb5_int32) strlen(ktname),
-					   &bp, &remain);
-		
-		/* Put the name */
-		(void) krb5_ser_pack_bytes((krb5_octet *) ktname,
-					   strlen(ktname),
-					   &bp, &remain);
-
-		/* Put the file open flag */
-		(void) krb5_ser_pack_int32(file_is_open, &bp, &remain);
-
-		/* Put the file position */
-		(void) krb5_ser_pack_int64(file_pos, &bp, &remain);
-
-		/* Put the version */
-		(void) krb5_ser_pack_int32((krb5_int32) ((ktdata) ?
-							 ktdata->version : 0),
-					   &bp, &remain);
-
-		/* Put the trailer */
-		(void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain);
-		kret = 0;
-		*buffer = bp;
-		*lenremain = remain;
-		free(ktname);
-	    }
-	}
+                        fpos = ftell(ktdata->openf);
+                        file_pos = fpos; /* XX range check? */
+                    }
+                }
+
+                /* Put the length of the file name */
+                (void) krb5_ser_pack_int32((krb5_int32) strlen(ktname),
+                                           &bp, &remain);
+
+                /* Put the name */
+                (void) krb5_ser_pack_bytes((krb5_octet *) ktname,
+                                           strlen(ktname),
+                                           &bp, &remain);
+
+                /* Put the file open flag */
+                (void) krb5_ser_pack_int32(file_is_open, &bp, &remain);
+
+                /* Put the file position */
+                (void) krb5_ser_pack_int64(file_pos, &bp, &remain);
+
+                /* Put the version */
+                (void) krb5_ser_pack_int32((krb5_int32) ((ktdata) ?
+                                                         ktdata->version : 0),
+                                           &bp, &remain);
+
+                /* Put the trailer */
+                (void) krb5_ser_pack_int32(KV5M_KEYTAB, &bp, &remain);
+                kret = 0;
+                *buffer = bp;
+                *lenremain = remain;
+                free(ktname);
+            }
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_ktf_keytab_internalize()	- Internalize the krb5_ktf_keytab.
+ * krb5_ktf_keytab_internalize()        - Internalize the krb5_ktf_keytab.
  */
 static krb5_error_code
 krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_keytab		keytab = NULL;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
-    char		*ktname = NULL;
-    krb5_ktfile_data	*ktdata;
-    krb5_int32		file_is_open;
-    krb5_int64		foff;
+    krb5_error_code     kret;
+    krb5_keytab         keytab = NULL;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    char                *ktname = NULL;
+    krb5_ktfile_data    *ktdata;
+    krb5_int32          file_is_open;
+    krb5_int64          foff;
 
     *argp = NULL;
     bp = *buffer;
@@ -742,36 +743,36 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe
 
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_KEYTAB)
-	return EINVAL;
+        return EINVAL;
 
     /* Read the keytab name */
     kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (kret)
-	return kret;
+        return kret;
     ktname = malloc(ibuf + 1);
     if (!ktname)
-	return ENOMEM;
+        return ENOMEM;
     kret = krb5_ser_unpack_bytes((krb5_octet *) ktname, (size_t) ibuf,
-				 &bp, &remain);
+                                 &bp, &remain);
     if (kret)
-	goto cleanup;
+        goto cleanup;
     ktname[ibuf] = '\0';
 
     /* Resolve the keytab. */
     kret = krb5_kt_resolve(kcontext, ktname, &keytab);
     if (kret)
-	goto cleanup;
+        goto cleanup;
 
     if (keytab->ops != &krb5_ktf_writable_ops
-	&& keytab->ops != &krb5_ktf_ops) {
-	kret = EINVAL;
-	goto cleanup;
+        && keytab->ops != &krb5_ktf_ops) {
+        kret = EINVAL;
+        goto cleanup;
     }
     ktdata = (krb5_ktfile_data *) keytab->data;
 
     if (remain < (sizeof(krb5_int32)*5)) {
-	kret = EINVAL;
-	goto cleanup;
+        kret = EINVAL;
+        goto cleanup;
     }
     (void) krb5_ser_unpack_int32(&file_is_open, &bp, &remain);
     (void) krb5_ser_unpack_int64(&foff, &bp, &remain);
@@ -779,30 +780,30 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe
     ktdata->version = (int) ibuf;
     (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (ibuf != KV5M_KEYTAB) {
-	kret = EINVAL;
-	goto cleanup;
+        kret = EINVAL;
+        goto cleanup;
     }
 
     if (file_is_open) {
-	int 	fmode;
-	long	fpos;
+        int     fmode;
+        long    fpos;
 
 #if !defined(_WIN32)
-	fmode = (file_is_open >> 1) & O_ACCMODE;
+        fmode = (file_is_open >> 1) & O_ACCMODE;
 #else
-	fmode = 0;
+        fmode = 0;
 #endif
-	if (fmode)
-	    kret = krb5_ktfileint_openw(kcontext, keytab);
-	else
-	    kret = krb5_ktfileint_openr(kcontext, keytab);
-	if (kret)
-	    goto cleanup;
-	fpos = foff; /* XX range check? */
-	if (fseek(KTFILEP(keytab), fpos, SEEK_SET) == -1) {
-	    kret = errno;
-	    goto cleanup;
-	}
+        if (fmode)
+            kret = krb5_ktfileint_openw(kcontext, keytab);
+        else
+            kret = krb5_ktfileint_openr(kcontext, keytab);
+        if (kret)
+            goto cleanup;
+        fpos = foff; /* XX range check? */
+        if (fseek(KTFILEP(keytab), fpos, SEEK_SET) == -1) {
+            kret = errno;
+            goto cleanup;
+        }
     }
 
     *buffer = bp;
@@ -810,13 +811,13 @@ krb5_ktf_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octe
     *argp = (krb5_pointer) keytab;
 cleanup:
     if (kret != 0 && keytab)
-	krb5_kt_close(kcontext, keytab);
+        krb5_kt_close(kcontext, keytab);
     free(ktname);
     return kret;
 }
 
 /*
- * This is an implementation specific resolver.  It returns a keytab id 
+ * This is an implementation specific resolver.  It returns a keytab id
  * initialized with file keytab routines.
  */
 
@@ -831,28 +832,28 @@ krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id)
  * krb5_ktfile_add()
  */
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 {
     krb5_error_code retval;
 
     retval = KTLOCK(id);
     if (retval)
-	return retval;
+        return retval;
     if (KTFILEP(id)) {
-	/* Iterator(s) active -- no changes.  */
-	KTUNLOCK(id);
-	krb5_set_error_message(context, KRB5_KT_IOERR,
-			       "Cannot change keytab with keytab iterators active");
-	return KRB5_KT_IOERR;	/* XXX */
+        /* Iterator(s) active -- no changes.  */
+        KTUNLOCK(id);
+        krb5_set_error_message(context, KRB5_KT_IOERR,
+                               "Cannot change keytab with keytab iterators active");
+        return KRB5_KT_IOERR;   /* XXX */
     }
     if ((retval = krb5_ktfileint_openw(context, id))) {
-	KTUNLOCK(id);
-	return retval;
+        KTUNLOCK(id);
+        return retval;
     }
     if (fseek(KTFILEP(id), 0, 2) == -1) {
-	KTUNLOCK(id);
-	return KRB5_KT_END;
+        KTUNLOCK(id);
+        return KRB5_KT_END;
     }
     retval = krb5_ktfileint_write_entry(context, id, entry);
     krb5_ktfileint_close(context, id);
@@ -864,7 +865,7 @@ krb5_ktfile_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
  * krb5_ktfile_remove()
  */
 
-static krb5_error_code KRB5_CALLCONV 
+static krb5_error_code KRB5_CALLCONV
 krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 {
     krb5_keytab_entry   cur_entry;
@@ -873,53 +874,53 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr
 
     kerror = KTLOCK(id);
     if (kerror)
-	return kerror;
+        return kerror;
     if (KTFILEP(id)) {
-	/* Iterator(s) active -- no changes.  */
-	KTUNLOCK(id);
-	krb5_set_error_message(context, KRB5_KT_IOERR,
-			       "Cannot change keytab with keytab iterators active");
-	return KRB5_KT_IOERR;	/* XXX */
+        /* Iterator(s) active -- no changes.  */
+        KTUNLOCK(id);
+        krb5_set_error_message(context, KRB5_KT_IOERR,
+                               "Cannot change keytab with keytab iterators active");
+        return KRB5_KT_IOERR;   /* XXX */
     }
 
     if ((kerror = krb5_ktfileint_openw(context, id))) {
-	KTUNLOCK(id);
-	return kerror;
+        KTUNLOCK(id);
+        return kerror;
     }
 
-    /* 
-     * For efficiency and simplicity, we'll use a while true that 
+    /*
+     * For efficiency and simplicity, we'll use a while true that
      * is exited with a break statement.
      */
     while (TRUE) {
-	if ((kerror = krb5_ktfileint_internal_read_entry(context, id,
-							 &cur_entry,
-							 &delete_point)))
-  	    break;
+        if ((kerror = krb5_ktfileint_internal_read_entry(context, id,
+                                                         &cur_entry,
+                                                         &delete_point)))
+            break;
 
-	if ((entry->vno == cur_entry.vno) &&
+        if ((entry->vno == cur_entry.vno) &&
             (entry->key.enctype == cur_entry.key.enctype) &&
-	    krb5_principal_compare(context, entry->principal, cur_entry.principal)) {
-	    /* found a match */
+            krb5_principal_compare(context, entry->principal, cur_entry.principal)) {
+            /* found a match */
             krb5_kt_free_entry(context, &cur_entry);
-	    break;
-	}
-	krb5_kt_free_entry(context, &cur_entry);
+            break;
+        }
+        krb5_kt_free_entry(context, &cur_entry);
     }
 
     if (kerror == KRB5_KT_END)
-	kerror = KRB5_KT_NOTFOUND;
+        kerror = KRB5_KT_NOTFOUND;
 
     if (kerror) {
-	(void) krb5_ktfileint_close(context, id);
-	KTUNLOCK(id);
-	return kerror;
+        (void) krb5_ktfileint_close(context, id);
+        KTUNLOCK(id);
+        return kerror;
     }
 
     kerror = krb5_ktfileint_delete_entry(context, id, delete_point);
 
     if (kerror) {
-	(void) krb5_ktfileint_close(context, id);
+        (void) krb5_ktfileint_close(context, id);
     } else {
         kerror = krb5_ktfileint_close(context, id);
     }
@@ -933,9 +934,9 @@ krb5_ktfile_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entr
 
 const struct _krb5_kt_ops krb5_ktf_ops = {
     0,
-    "FILE", 	/* Prefix -- this string should not appear anywhere else! */
+    "FILE",     /* Prefix -- this string should not appear anywhere else! */
     krb5_ktfile_resolve,
-    krb5_ktfile_get_name, 
+    krb5_ktfile_get_name,
     krb5_ktfile_close,
     krb5_ktfile_get_entry,
     krb5_ktfile_start_seq_get,
@@ -952,9 +953,9 @@ const struct _krb5_kt_ops krb5_ktf_ops = {
 
 const struct _krb5_kt_ops krb5_ktf_writable_ops = {
     0,
-    "WRFILE", 	/* Prefix -- this string should not appear anywhere else! */
+    "WRFILE",   /* Prefix -- this string should not appear anywhere else! */
     krb5_ktfile_wresolve,
-    krb5_ktfile_get_name, 
+    krb5_ktfile_get_name,
     krb5_ktfile_close,
     krb5_ktfile_get_entry,
     krb5_ktfile_start_seq_get,
@@ -971,9 +972,9 @@ const struct _krb5_kt_ops krb5_ktf_writable_ops = {
 
 const krb5_kt_ops krb5_kt_dfl_ops = {
     0,
-    "FILE", 	/* Prefix -- this string should not appear anywhere else! */
+    "FILE",     /* Prefix -- this string should not appear anywhere else! */
     krb5_ktfile_resolve,
-    krb5_ktfile_get_name, 
+    krb5_ktfile_get_name,
     krb5_ktfile_close,
     krb5_ktfile_get_entry,
     krb5_ktfile_start_seq_get,
@@ -998,7 +999,7 @@ const krb5_kt_ops krb5_kt_dfl_ops = {
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -1012,16 +1013,16 @@ const krb5_kt_ops krb5_kt_dfl_ops = {
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
  *
- * This function contains utilities for the file based implementation of 
+ *
+ * This function contains utilities for the file based implementation of
  * the keytab.  There are no public functions in this file.
  *
  * This file is the only one that has knowledge of the format of a
  * keytab file.
  *
  * The format is as follows:
- * 
+ *
  * <file format vno>
  * <record length>
  * principal timestamp vno key
@@ -1031,21 +1032,21 @@ const krb5_kt_ops krb5_kt_dfl_ops = {
  *
  * A length field (sizeof(krb5_int32)) exists between entries.  When this
  * length is positive it indicates an active entry, when negative a hole.
- * The length indicates the size of the block in the file (this may be 
+ * The length indicates the size of the block in the file (this may be
  * larger than the size of the next record, since we are using a first
  * fit algorithm for re-using holes and the first fit may be larger than
  * the entry we are writing).  Another (compatible) implementation could
- * break up holes when allocating them to smaller entries to minimize 
+ * break up holes when allocating them to smaller entries to minimize
  * wasted space.  (Such an implementation should also coalesce adjacent
  * holes to reduce fragmentation).  This implementation does neither.
  *
- * There are no separators between fields of an entry.  
+ * There are no separators between fields of an entry.
  * A principal is a length-encoded array of length-encoded strings.  The
- * length is a krb5_int16 in each case.  The specific format, then, is 
- * multiple entries concatinated with no separators.  An entry has this 
+ * length is a krb5_int16 in each case.  The specific format, then, is
+ * multiple entries concatinated with no separators.  An entry has this
  * exact format:
  *
- * sizeof(krb5_int16) bytes for number of components in the principal; 
+ * sizeof(krb5_int16) bytes for number of components in the principal;
  * then, each component listed in ordser.
  * For each component, sizeof(krb5_int16) bytes for the number of bytes
  * in the component, followed by the component.
@@ -1083,73 +1084,73 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode)
     KTCHECKLOCK(id);
     errno = 0;
     KTFILEP(id) = fopen(KTFILENAME(id),
-			(mode == KRB5_LOCKMODE_EXCLUSIVE) ?
-			  fopen_mode_rbplus : fopen_mode_rb);
+                        (mode == KRB5_LOCKMODE_EXCLUSIVE) ?
+                        fopen_mode_rbplus : fopen_mode_rb);
     if (!KTFILEP(id)) {
-	if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) {
-	    /* try making it first time around */
+        if ((mode == KRB5_LOCKMODE_EXCLUSIVE) && (errno == ENOENT)) {
+            /* try making it first time around */
             krb5_create_secure_file(context, KTFILENAME(id));
-	    errno = 0;
-	    KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus);
-	    if (!KTFILEP(id))
-		goto report_errno;
-	    writevno = 1;
-	} else {
-	report_errno:
-	    switch (errno) {
-	    case 0:
-		/* XXX */
-		return EMFILE;
-	    case ENOENT:
-		krb5_set_error_message(context, ENOENT,
-				       "Key table file '%s' not found",
-				       KTFILENAME(id));
-		return ENOENT;
-	    default:
-		return errno;
-	    }
-	}
+            errno = 0;
+            KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus);
+            if (!KTFILEP(id))
+                goto report_errno;
+            writevno = 1;
+        } else {
+        report_errno:
+            switch (errno) {
+            case 0:
+                /* XXX */
+                return EMFILE;
+            case ENOENT:
+                krb5_set_error_message(context, ENOENT,
+                                       "Key table file '%s' not found",
+                                       KTFILENAME(id));
+                return ENOENT;
+            default:
+                return errno;
+            }
+        }
     }
     set_cloexec_file(KTFILEP(id));
     if ((kerror = krb5_lock_file(context, fileno(KTFILEP(id)), mode))) {
-	(void) fclose(KTFILEP(id));
-	KTFILEP(id) = 0;
-	return kerror;
+        (void) fclose(KTFILEP(id));
+        KTFILEP(id) = 0;
+        return kerror;
     }
     /* assume ANSI or BSD-style stdio */
     setbuf(KTFILEP(id), KTFILEBUFP(id));
 
     /* get the vno and verify it */
     if (writevno) {
-	kt_vno = htons(krb5_kt_default_vno);
-	KTVERSION(id) = krb5_kt_default_vno;
-	if (!fwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
-	    kerror = errno;
-	    (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
-	    (void) fclose(KTFILEP(id));
-	    KTFILEP(id) = 0;
-	    return kerror;
-	}
+        kt_vno = htons(krb5_kt_default_vno);
+        KTVERSION(id) = krb5_kt_default_vno;
+        if (!fwrite(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
+            kerror = errno;
+            (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
+            (void) fclose(KTFILEP(id));
+            KTFILEP(id) = 0;
+            return kerror;
+        }
     } else {
-	/* gotta verify it instead... */
-	if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
-	    if (feof(KTFILEP(id)))
-		kerror = KRB5_KEYTAB_BADVNO;
-	    else
-		kerror = errno;
-	    (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
-	    (void) fclose(KTFILEP(id));
-	    KTFILEP(id) = 0;
-	    return kerror;
-	}
-	kt_vno = KTVERSION(id) = ntohs(kt_vno);
-	if ((kt_vno != KRB5_KT_VNO) &&
-	    (kt_vno != KRB5_KT_VNO_1)) {
-	    (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
-	    (void) fclose(KTFILEP(id));
-	    KTFILEP(id) = 0;
-	    return KRB5_KEYTAB_BADVNO;
-	}
+        /* gotta verify it instead... */
+        if (!fread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
+            if (feof(KTFILEP(id)))
+                kerror = KRB5_KEYTAB_BADVNO;
+            else
+                kerror = errno;
+            (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
+            (void) fclose(KTFILEP(id));
+            KTFILEP(id) = 0;
+            return kerror;
+        }
+        kt_vno = KTVERSION(id) = ntohs(kt_vno);
+        if ((kt_vno != KRB5_KT_VNO) &&
+            (kt_vno != KRB5_KT_VNO_1)) {
+            (void) krb5_unlock_file(context, fileno(KTFILEP(id)));
+            (void) fclose(KTFILEP(id));
+            KTFILEP(id) = 0;
+            return KRB5_KEYTAB_BADVNO;
+        }
     }
     KTSTARTOFF(id) = ftell(KTFILEP(id));
     return 0;
@@ -1174,7 +1175,7 @@ krb5_ktfileint_close(krb5_context context, krb5_keytab id)
 
     KTCHECKLOCK(id);
     if (!KTFILEP(id))
-	return 0;
+        return 0;
     kerror = krb5_unlock_file(context, fileno(KTFILEP(id)));
     (void) fclose(KTFILEP(id));
     KTFILEP(id) = 0;
@@ -1196,12 +1197,12 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del
         return KRB5_KT_END;
     }
     if (KTVERSION(id) != KRB5_KT_VNO_1)
-	size = ntohl(size);
+        size = ntohl(size);
 
     if (size > 0) {
         krb5_int32 minus_size = -size;
-	if (KTVERSION(id) != KRB5_KT_VNO_1)
-	    minus_size = htonl(minus_size);
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            minus_size = htonl(minus_size);
 
         if (fseek(KTFILEP(id), delete_point, SEEK_SET)) {
             return errno;
@@ -1220,8 +1221,8 @@ krb5_ktfileint_delete_entry(krb5_context context, krb5_keytab id, krb5_int32 del
         memset(iobuf, 0, (size_t) len);
         while (size > 0) {
             if (!fwrite(iobuf, 1, (size_t) len, KTFILEP(id))) {
-		return KRB5_KT_IOERR;
-	    }
+                return KRB5_KT_IOERR;
+            }
             size -= len;
             if (size < len) {
                 len = size;
@@ -1246,8 +1247,8 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke
     krb5_int32 size;
     krb5_int32 start_pos;
     krb5_error_code error;
-    char	*tmpdata;
-    krb5_data	*princ;
+    char        *tmpdata;
+    krb5_data   *princ;
 
     KTCHECKLOCK(id);
     memset(ret_entry, 0, sizeof(krb5_keytab_entry));
@@ -1265,8 +1266,8 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke
         if (!fread(&size, sizeof(size), 1, KTFILEP(id))) {
             return KRB5_KT_END;
         }
-	if (KTVERSION(id) != KRB5_KT_VNO_1)
-		size = ntohl(size);
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            size = ntohl(size);
 
         if (size < 0) {
             if (fseek(KTFILEP(id), -size, SEEK_CUR)) {
@@ -1285,163 +1286,163 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke
 
     /* first, int16 with #princ components */
     if (!fread(&count, sizeof(count), 1, KTFILEP(id)))
-	return KRB5_KT_END;
+        return KRB5_KT_END;
     if (KTVERSION(id) == KRB5_KT_VNO_1) {
-	    count -= 1;		/* V1 includes the realm in the count */
+        count -= 1;         /* V1 includes the realm in the count */
     } else {
-	    count = ntohs(count);
+        count = ntohs(count);
     }
     if (!count || (count < 0))
-	return KRB5_KT_END;
+        return KRB5_KT_END;
     ret_entry->principal = (krb5_principal)malloc(sizeof(krb5_principal_data));
     if (!ret_entry->principal)
         return ENOMEM;
-    
+
     u_count = count;
     ret_entry->principal->magic = KV5M_PRINCIPAL;
     ret_entry->principal->length = u_count;
-    ret_entry->principal->data = (krb5_data *) 
-                                 calloc(u_count, sizeof(krb5_data));
+    ret_entry->principal->data = (krb5_data *)
+        calloc(u_count, sizeof(krb5_data));
     if (!ret_entry->principal->data) {
-	free(ret_entry->principal);
-	ret_entry->principal = 0;
-	return ENOMEM;
+        free(ret_entry->principal);
+        ret_entry->principal = 0;
+        return ENOMEM;
     }
 
     /* Now, get the realm data */
     if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) {
-	    error = KRB5_KT_END;
-	    goto fail;
+        error = KRB5_KT_END;
+        goto fail;
     }
     if (KTVERSION(id) != KRB5_KT_VNO_1)
-	    princ_size = ntohs(princ_size);
+        princ_size = ntohs(princ_size);
     if (!princ_size || (princ_size < 0)) {
-	    error = KRB5_KT_END;
-	    goto fail;
+        error = KRB5_KT_END;
+        goto fail;
     }
     u_princ_size = princ_size;
 
     krb5_princ_set_realm_length(context, ret_entry->principal, u_princ_size);
     tmpdata = malloc(u_princ_size+1);
     if (!tmpdata) {
-	    error = ENOMEM;
-	    goto fail;
+        error = ENOMEM;
+        goto fail;
     }
     if (fread(tmpdata, 1, u_princ_size, KTFILEP(id)) != (size_t) princ_size) {
-	    free(tmpdata);
-	    error = KRB5_KT_END;
-	    goto fail;
+        free(tmpdata);
+        error = KRB5_KT_END;
+        goto fail;
     }
-    tmpdata[princ_size] = 0;	/* Some things might be expecting null */
-				/* termination...  ``Be conservative in */
-				/* what you send out'' */
+    tmpdata[princ_size] = 0;    /* Some things might be expecting null */
+                                /* termination...  ``Be conservative in */
+                                /* what you send out'' */
     krb5_princ_set_realm_data(context, ret_entry->principal, tmpdata);
-    
+
     for (i = 0; i < count; i++) {
-	princ = krb5_princ_component(context, ret_entry->principal, i);
-	if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) {
-	    error = KRB5_KT_END;
-	    goto fail;
+        princ = krb5_princ_component(context, ret_entry->principal, i);
+        if (!fread(&princ_size, sizeof(princ_size), 1, KTFILEP(id))) {
+            error = KRB5_KT_END;
+            goto fail;
         }
-	if (KTVERSION(id) != KRB5_KT_VNO_1)
-	    princ_size = ntohs(princ_size);
-	if (!princ_size || (princ_size < 0)) {
-	    error = KRB5_KT_END;
-	    goto fail;
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            princ_size = ntohs(princ_size);
+        if (!princ_size || (princ_size < 0)) {
+            error = KRB5_KT_END;
+            goto fail;
         }
 
-	u_princ_size = princ_size; 
-	princ->length = u_princ_size;
-	princ->data = malloc(u_princ_size+1);
-	if (!princ->data) {
-	    error = ENOMEM;
-	    goto fail;
+        u_princ_size = princ_size;
+        princ->length = u_princ_size;
+        princ->data = malloc(u_princ_size+1);
+        if (!princ->data) {
+            error = ENOMEM;
+            goto fail;
         }
-	if (!fread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) {
-	    error = KRB5_KT_END;
-	    goto fail;
+        if (!fread(princ->data, sizeof(char), u_princ_size, KTFILEP(id))) {
+            error = KRB5_KT_END;
+            goto fail;
         }
-	princ->data[princ_size] = 0; /* Null terminate */
+        princ->data[princ_size] = 0; /* Null terminate */
     }
 
     /* read in the principal type, if we can get it */
     if (KTVERSION(id) != KRB5_KT_VNO_1) {
-	    if (!fread(&ret_entry->principal->type,
-			sizeof(ret_entry->principal->type), 1, KTFILEP(id))) {
-		    error = KRB5_KT_END;
-		    goto fail;
-	    }
-	    ret_entry->principal->type = ntohl(ret_entry->principal->type);
-    }
-    
+        if (!fread(&ret_entry->principal->type,
+                   sizeof(ret_entry->principal->type), 1, KTFILEP(id))) {
+            error = KRB5_KT_END;
+            goto fail;
+        }
+        ret_entry->principal->type = ntohl(ret_entry->principal->type);
+    }
+
     /* read in the timestamp */
     if (!fread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) {
-	error = KRB5_KT_END;
-	goto fail;
+        error = KRB5_KT_END;
+        goto fail;
     }
     if (KTVERSION(id) != KRB5_KT_VNO_1)
-	ret_entry->timestamp = ntohl(ret_entry->timestamp);
-    
+        ret_entry->timestamp = ntohl(ret_entry->timestamp);
+
     /* read in the version number */
     if (!fread(&vno, sizeof(vno), 1, KTFILEP(id))) {
-	error = KRB5_KT_END;
-	goto fail;
+        error = KRB5_KT_END;
+        goto fail;
     }
     ret_entry->vno = (krb5_kvno)vno;
-    
+
     /* key type */
     if (!fread(&enctype, sizeof(enctype), 1, KTFILEP(id))) {
-	error = KRB5_KT_END;
-	goto fail;
+        error = KRB5_KT_END;
+        goto fail;
     }
     ret_entry->key.enctype = (krb5_enctype)enctype;
 
     if (KTVERSION(id) != KRB5_KT_VNO_1)
-	ret_entry->key.enctype = ntohs(ret_entry->key.enctype);
-    
+        ret_entry->key.enctype = ntohs(ret_entry->key.enctype);
+
     /* key contents */
     ret_entry->key.magic = KV5M_KEYBLOCK;
-    
+
     if (!fread(&count, sizeof(count), 1, KTFILEP(id))) {
-	error = KRB5_KT_END;
-	goto fail;
+        error = KRB5_KT_END;
+        goto fail;
     }
     if (KTVERSION(id) != KRB5_KT_VNO_1)
-	count = ntohs(count);
+        count = ntohs(count);
     if (!count || (count < 0)) {
-	error = KRB5_KT_END;
-	goto fail;
+        error = KRB5_KT_END;
+        goto fail;
     }
 
     u_count = count;
     ret_entry->key.length = u_count;
-    
+
     ret_entry->key.contents = (krb5_octet *)malloc(u_count);
     if (!ret_entry->key.contents) {
-	error = ENOMEM;
-	goto fail;
-    }		
+        error = ENOMEM;
+        goto fail;
+    }
     if (!fread(ret_entry->key.contents, sizeof(krb5_octet), count,
-		KTFILEP(id))) {
-	error = KRB5_KT_END;
-	goto fail;
+               KTFILEP(id))) {
+        error = KRB5_KT_END;
+        goto fail;
     }
 
     /*
      * Reposition file pointer to the next inter-record length field.
      */
     if (fseek(KTFILEP(id), start_pos + size, SEEK_SET) == -1) {
-	error = errno;
-	goto fail;
+        error = errno;
+        goto fail;
     }
 
     return 0;
 fail:
-    
+
     for (i = 0; i < krb5_princ_size(context, ret_entry->principal); i++) {
-	    princ = krb5_princ_component(context, ret_entry->principal, i);
-	    if (princ->data)
-		    free(princ->data);
+        princ = krb5_princ_component(context, ret_entry->principal, i);
+        if (princ->data)
+            free(princ->data);
     }
     free(ret_entry->principal->data);
     ret_entry->principal->data = 0;
@@ -1466,10 +1467,10 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
     krb5_int16 count, size, enctype;
     krb5_error_code retval = 0;
     krb5_timestamp timestamp;
-    krb5_int32	princ_type;
+    krb5_int32  princ_type;
     krb5_int32  size_needed;
     krb5_int32  commit_point = -1;
-    int		i;
+    int         i;
 
     KTCHECKLOCK(id);
     retval = krb5_ktfileint_size_entry(context, entry, &size_needed);
@@ -1487,50 +1488,50 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
     }
 
     if (KTVERSION(id) == KRB5_KT_VNO_1) {
-	    count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1;
+        count = (krb5_int16) krb5_princ_size(context, entry->principal) + 1;
     } else {
-	    count = htons((u_short) krb5_princ_size(context, entry->principal));
+        count = htons((u_short) krb5_princ_size(context, entry->principal));
     }
-    
+
     if (!fwrite(&count, sizeof(count), 1, KTFILEP(id))) {
     abend:
-	return KRB5_KT_IOERR;
+        return KRB5_KT_IOERR;
     }
     size = krb5_princ_realm(context, entry->principal)->length;
     if (KTVERSION(id) != KRB5_KT_VNO_1)
-	    size = htons(size);
+        size = htons(size);
     if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) {
-	    goto abend;
+        goto abend;
     }
     if (!fwrite(krb5_princ_realm(context, entry->principal)->data, sizeof(char),
-		 krb5_princ_realm(context, entry->principal)->length, KTFILEP(id))) {
-	    goto abend;
+                krb5_princ_realm(context, entry->principal)->length, KTFILEP(id))) {
+        goto abend;
     }
 
     count = (krb5_int16) krb5_princ_size(context, entry->principal);
     for (i = 0; i < count; i++) {
-	princ = krb5_princ_component(context, entry->principal, i);
-	size = princ->length;
-	if (KTVERSION(id) != KRB5_KT_VNO_1)
-		size = htons(size);
-	if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) {
-	    goto abend;
-	}
-	if (!fwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) {
-	    goto abend;
-	}
+        princ = krb5_princ_component(context, entry->principal, i);
+        size = princ->length;
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            size = htons(size);
+        if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) {
+            goto abend;
+        }
+        if (!fwrite(princ->data, sizeof(char), princ->length, KTFILEP(id))) {
+            goto abend;
+        }
     }
 
     /*
      * Write out the principal type
      */
     if (KTVERSION(id) != KRB5_KT_VNO_1) {
-	    princ_type = htonl(krb5_princ_type(context, entry->principal));
-	    if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) {
-		    goto abend;
-	    }
+        princ_type = htonl(krb5_princ_type(context, entry->principal));
+        if (!fwrite(&princ_type, sizeof(princ_type), 1, KTFILEP(id))) {
+            goto abend;
+        }
     }
-    
+
     /*
      * Fill in the time of day the entry was written to the keytab.
      */
@@ -1538,41 +1539,41 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
         entry->timestamp = 0;
     }
     if (KTVERSION(id) == KRB5_KT_VNO_1)
-	    timestamp = entry->timestamp;
+        timestamp = entry->timestamp;
     else
-	    timestamp = htonl(entry->timestamp);
+        timestamp = htonl(entry->timestamp);
     if (!fwrite(&timestamp, sizeof(timestamp), 1, KTFILEP(id))) {
-	goto abend;
+        goto abend;
     }
-    
+
     /* key version number */
     vno = (krb5_octet)entry->vno;
     if (!fwrite(&vno, sizeof(vno), 1, KTFILEP(id))) {
-	goto abend;
+        goto abend;
     }
     /* key type */
     if (KTVERSION(id) == KRB5_KT_VNO_1)
-	    enctype = entry->key.enctype;
+        enctype = entry->key.enctype;
     else
-	    enctype = htons(entry->key.enctype);
+        enctype = htons(entry->key.enctype);
     if (!fwrite(&enctype, sizeof(enctype), 1, KTFILEP(id))) {
-	goto abend;
+        goto abend;
     }
     /* key length */
     if (KTVERSION(id) == KRB5_KT_VNO_1)
-	    size = entry->key.length;
+        size = entry->key.length;
     else
-	    size = htons(entry->key.length);
+        size = htons(entry->key.length);
     if (!fwrite(&size, sizeof(size), 1, KTFILEP(id))) {
-	goto abend;
+        goto abend;
     }
     if (!fwrite(entry->key.contents, sizeof(krb5_octet),
-		 entry->key.length, KTFILEP(id))) {
-	goto abend;
-    }	
+                entry->key.length, KTFILEP(id))) {
+        goto abend;
+    }
 
     if (fflush(KTFILEP(id)))
-	goto abend;
+        goto abend;
 
     retval = krb5_sync_disk_file(context, KTFILEP(id));
 
@@ -1584,12 +1585,12 @@ krb5_ktfileint_write_entry(krb5_context context, krb5_keytab id, krb5_keytab_ent
         return errno;
     }
     if (KTVERSION(id) != KRB5_KT_VNO_1)
-	    size_needed = htonl(size_needed);
+        size_needed = htonl(size_needed);
     if (!fwrite(&size_needed, sizeof(size_needed), 1, KTFILEP(id))) {
         goto abend;
     }
     if (fflush(KTFILEP(id)))
-	goto abend;
+        goto abend;
     retval = krb5_sync_disk_file(context, KTFILEP(id));
 
     return retval;
@@ -1607,13 +1608,13 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i
     krb5_error_code retval = 0;
 
     count = (krb5_int16) krb5_princ_size(context, entry->principal);
-        
+
     total_size = sizeof(count);
     total_size += krb5_princ_realm(context, entry->principal)->length + (sizeof(krb5_int16));
-    
+
     for (i = 0; i < count; i++) {
-	    total_size += krb5_princ_component(context, entry->principal,i)->length
-		    + (sizeof(krb5_int16));
+        total_size += krb5_princ_component(context, entry->principal,i)->length
+            + (sizeof(krb5_int16));
     }
 
     total_size += sizeof(entry->principal->type);
@@ -1636,7 +1637,7 @@ krb5_ktfileint_size_entry(krb5_context context, krb5_keytab_entry *entry, krb5_i
  * The size_needed argument may be adjusted if we find a hole that is
  * larger than the size needed.  (Recall that size_needed will be used
  * to commit the write, but that this field must indicate the size of the
- * block in the file rather than the size of the actual entry)  
+ * block in the file rather than the size of the actual entry)
  */
 static krb5_error_code
 krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_needed, krb5_int32 *commit_point_ptr)
@@ -1655,56 +1656,55 @@ krb5_ktfileint_find_slot(krb5_context context, krb5_keytab id, krb5_int32 *size_
 
     for (;;) {
         commit_point = ftell(fp);
-	if (commit_point == -1)
-	    return errno;
+        if (commit_point == -1)
+            return errno;
         if (!fread(&size, sizeof(size), 1, fp)) {
             /* Hit the end of file, reserve this slot. */
             /* Necessary to avoid a later fseek failing on Solaris 10. */
-	    if (fseek(fp, 0, SEEK_CUR))
-		return errno;
-	    /* htonl(0) is 0, so no need to worry about byte order */
+            if (fseek(fp, 0, SEEK_CUR))
+                return errno;
+            /* htonl(0) is 0, so no need to worry about byte order */
             size = 0;
             if (!fwrite(&size, sizeof(size), 1, fp))
                 return errno;
             break;
         }
 
-	if (KTVERSION(id) != KRB5_KT_VNO_1)
-	    size = ntohl(size);
+        if (KTVERSION(id) != KRB5_KT_VNO_1)
+            size = ntohl(size);
 
         if (size > 0) {
-	    /* Non-empty record; seek past it. */
+            /* Non-empty record; seek past it. */
             if (fseek(fp, size, SEEK_CUR))
                 return errno;
-	} else if (size < 0) {
-	    /* Empty record; use if it's big enough, seek past otherwise. */
-	    size = -size;
+        } else if (size < 0) {
+            /* Empty record; use if it's big enough, seek past otherwise. */
+            size = -size;
             if (size >= *size_needed) {
                 *size_needed = size;
-		break;
-	    } else {
+                break;
+            } else {
                 if (fseek(fp, size, SEEK_CUR))
                     return errno;
-	    }
-	} else {
-	    /* Empty record at end of file; use it. */
-	    /* Ensure the new record will be followed by another 0. */
-	    zero_point = ftell(fp);
-	    if (zero_point == -1)
-		return errno;
-	    if (fseek(fp, *size_needed, SEEK_CUR))
-		return errno;
-	    /* htonl(0) is 0, so no need to worry about byte order */
+            }
+        } else {
+            /* Empty record at end of file; use it. */
+            /* Ensure the new record will be followed by another 0. */
+            zero_point = ftell(fp);
+            if (zero_point == -1)
+                return errno;
+            if (fseek(fp, *size_needed, SEEK_CUR))
+                return errno;
+            /* htonl(0) is 0, so no need to worry about byte order */
             if (!fwrite(&size, sizeof(size), 1, fp))
                 return errno;
-	    if (fseek(fp, zero_point, SEEK_SET))
-		return errno;
-	    break;
-	}
+            if (fseek(fp, zero_point, SEEK_SET))
+                return errno;
+            break;
+        }
     }
 
     *commit_point_ptr = commit_point;
     return 0;
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c
index b78e7064c..d58ffee5c 100644
--- a/src/lib/krb5/keytab/kt_memory.c
+++ b/src/lib/krb5/keytab/kt_memory.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/kt_memory.c
  *
@@ -42,15 +43,15 @@
  * Constants
  */
 
-/* 
+/*
  * Types
  */
-/* From krb5.h: 
+/* From krb5.h:
  * typedef struct krb5_keytab_entry_st {
  *    krb5_magic magic;
  *    krb5_principal principal;    principal of this key
- *    krb5_timestamp timestamp;    time entry written to keytable 
- *    krb5_kvno vno;               key version number 
+ *    krb5_timestamp timestamp;    time entry written to keytable
+ *    krb5_kvno vno;               key version number
  *    krb5_keyblock key;           the secret key
  *} krb5_keytab_entry;
  */
@@ -63,10 +64,10 @@ typedef struct _krb5_mkt_link {
 
 /* Per-keytab data header */
 typedef struct _krb5_mkt_data {
-    char 	       *name;		/* Name of the keytab */
-    k5_mutex_t 		lock;		/* Thread-safety - all but link */
-    krb5_int32		refcount;	
-    krb5_mkt_cursor	link;
+    char               *name;           /* Name of the keytab */
+    k5_mutex_t          lock;           /* Thread-safety - all but link */
+    krb5_int32          refcount;
+    krb5_mkt_cursor     link;
 } krb5_mkt_data;
 
 /* List of memory key tables */
@@ -80,8 +81,8 @@ typedef struct _krb5_mkt_ptcursor_data {
     struct _krb5_mkt_list_node *cur;
 } krb5_mkt_ptcursor_data;
 
-/* 
- * Globals 
+/*
+ * Globals
  */
 static krb5_mkt_list_node * krb5int_mkt_list = NULL;
 static k5_mutex_t krb5int_mkt_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
@@ -103,55 +104,55 @@ static k5_mutex_t krb5int_mkt_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
 
 extern const struct _krb5_kt_ops krb5_mkt_ops;
 
-krb5_error_code KRB5_CALLCONV krb5_mkt_resolve 
-	(krb5_context,
-		   const char *,
-		   krb5_keytab *);
-
-krb5_error_code KRB5_CALLCONV krb5_mkt_get_name 
-	(krb5_context,
-		   krb5_keytab,
-		   char *,
-		   unsigned int);
-
-krb5_error_code KRB5_CALLCONV krb5_mkt_close 
-	(krb5_context,
-		   krb5_keytab);
-
-krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_const_principal,
-		   krb5_kvno,
-		   krb5_enctype,
-		   krb5_keytab_entry *);
-
-krb5_error_code KRB5_CALLCONV krb5_mkt_start_seq_get 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_kt_cursor *);
-
-krb5_error_code KRB5_CALLCONV krb5_mkt_get_next 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *,
-		   krb5_kt_cursor *);
-
-krb5_error_code KRB5_CALLCONV krb5_mkt_end_get 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_kt_cursor *);
+krb5_error_code KRB5_CALLCONV krb5_mkt_resolve
+(krb5_context,
+ const char *,
+ krb5_keytab *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_get_name
+(krb5_context,
+ krb5_keytab,
+ char *,
+ unsigned int);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_close
+(krb5_context,
+ krb5_keytab);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry
+(krb5_context,
+ krb5_keytab,
+ krb5_const_principal,
+ krb5_kvno,
+ krb5_enctype,
+ krb5_keytab_entry *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_start_seq_get
+(krb5_context,
+ krb5_keytab,
+ krb5_kt_cursor *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_get_next
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *,
+ krb5_kt_cursor *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_end_get
+(krb5_context,
+ krb5_keytab,
+ krb5_kt_cursor *);
 
 /* routines to be included on extended version (write routines) */
-krb5_error_code KRB5_CALLCONV krb5_mkt_add 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *);
+krb5_error_code KRB5_CALLCONV krb5_mkt_add
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
 
-krb5_error_code KRB5_CALLCONV krb5_mkt_remove 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *);
+krb5_error_code KRB5_CALLCONV krb5_mkt_remove
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
 
 int krb5int_mkt_initialize(void) {
     return k5_mutex_finish_init(&krb5int_mkt_mutex);
@@ -164,33 +165,33 @@ void krb5int_mkt_finalize(void) {
     k5_mutex_destroy(&krb5int_mkt_mutex);
 
     for (node = krb5int_mkt_list; node; node = next_node) {
-	next_node = node->next;
+        next_node = node->next;
 
-	/* destroy the contents of node->keytab */
-	free(KTNAME(node->keytab));
+        /* destroy the contents of node->keytab */
+        free(KTNAME(node->keytab));
 
-	/* free the keytab entries */
-	for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) {
-	    next_cursor = cursor->next;
-	    /* the call to krb5_kt_free_entry uses a NULL in place of the
- 	     * krb5_context since we know that the context isn't used by
-	     * krb5_kt_free_entry or krb5_free_principal. */
-	    krb5_kt_free_entry(NULL, cursor->entry);
-	    free(cursor->entry);
-	    free(cursor);
-	}
+        /* free the keytab entries */
+        for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) {
+            next_cursor = cursor->next;
+            /* the call to krb5_kt_free_entry uses a NULL in place of the
+             * krb5_context since we know that the context isn't used by
+             * krb5_kt_free_entry or krb5_free_principal. */
+            krb5_kt_free_entry(NULL, cursor->entry);
+            free(cursor->entry);
+            free(cursor);
+        }
 
-	/* destroy the lock */
-	k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock));
+        /* destroy the lock */
+        k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock));
 
-	/* free the private data */
-	free(node->keytab->data);
+        /* free the private data */
+        free(node->keytab->data);
 
-	/* and the keytab */
-	free(node->keytab);
+        /* and the keytab */
+        free(node->keytab);
 
-	/* and finally the node */
-	free(node);
+        /* and finally the node */
+        free(node);
     }
 }
 
@@ -205,34 +206,34 @@ create_list_node(const char *name, krb5_mkt_list_node **listp)
 
     list = calloc(1, sizeof(krb5_mkt_list_node));
     if (list == NULL) {
-	err = ENOMEM;
-	goto cleanup;
+        err = ENOMEM;
+        goto cleanup;
     }
 
     list->keytab = calloc(1, sizeof(struct _krb5_kt));
     if (list->keytab == NULL) {
-	err = ENOMEM;
-	goto cleanup;
+        err = ENOMEM;
+        goto cleanup;
     }
     list->keytab->ops = &krb5_mkt_ops;
 
     data = calloc(1, sizeof(krb5_mkt_data));
     if (data == NULL) {
-	err = ENOMEM;
-	goto cleanup;
+        err = ENOMEM;
+        goto cleanup;
     }
     data->link = NULL;
     data->refcount = 0;
 
     data->name = strdup(name);
     if (data->name == NULL) {
-	err = ENOMEM;
-	goto cleanup;
+        err = ENOMEM;
+        goto cleanup;
     }
 
     err = k5_mutex_init(&data->lock);
     if (err)
-	goto cleanup;
+        goto cleanup;
 
     list->keytab->data = data;
     list->keytab->magic = KV5M_KEYTAB;
@@ -243,20 +244,20 @@ create_list_node(const char *name, krb5_mkt_list_node **listp)
 cleanup:
     /* data->lock was initialized last, so no need to destroy. */
     if (data)
-	free(data->name);
+        free(data->name);
     free(data);
     if (list)
-	free(list->keytab);
+        free(list->keytab);
     free(list);
     return err;
 }
 
 /*
- * This is an implementation specific resolver.  It returns a keytab 
+ * This is an implementation specific resolver.  It returns a keytab
  * initialized with memory keytab routines.
  */
 
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id)
 {
     krb5_mkt_list_node *list;
@@ -267,29 +268,29 @@ krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id)
     /* First determine if a memory keytab of this name already exists */
     err = KTGLOCK;
     if (err)
-	return err;
+        return err;
 
     for (list = krb5int_mkt_list; list; list = list->next) {
-	if (strcmp(name,KTNAME(list->keytab)) == 0)
-	    break;
+        if (strcmp(name,KTNAME(list->keytab)) == 0)
+            break;
     }
 
     if (!list) {
-	/* We will now create the new key table with the specified name.
-	 * We do not drop the global lock, therefore the name will indeed
-	 * be unique when we add it.
-	 */
-	err = create_list_node(name, &list);
-	if (err)
-	    goto done;
-	list->next = krb5int_mkt_list;
-	krb5int_mkt_list = list;
+        /* We will now create the new key table with the specified name.
+         * We do not drop the global lock, therefore the name will indeed
+         * be unique when we add it.
+         */
+        err = create_list_node(name, &list);
+        if (err)
+            goto done;
+        list->next = krb5int_mkt_list;
+        krb5int_mkt_list = list;
     }
 
     /* Increment the reference count on the keytab we found or created. */
     err = KTLOCK(list->keytab);
     if (err)
-	goto done;
+        goto done;
     KTREFCNT(list->keytab)++;
     KTUNLOCK(list->keytab);
     *id = list->keytab;
@@ -306,7 +307,7 @@ done:
  * a memory keytab shouldn't either.
  */
 
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_mkt_close(krb5_context context, krb5_keytab id)
 {
     krb5_mkt_list_node **listp;
@@ -319,71 +320,71 @@ krb5_mkt_close(krb5_context context, krb5_keytab id)
     /* First determine if a memory keytab of this name already exists */
     err = KTGLOCK;
     if (err)
-	return(err);
-    
+        return(err);
+
     for (listp = &krb5int_mkt_list; *listp; listp = &((*listp)->next))
     {
-    	if (id == (*listp)->keytab) {
-	    /* Found */
-	    break;
-	}
+        if (id == (*listp)->keytab) {
+            /* Found */
+            break;
+        }
     }
 
     if (*listp == NULL) {
-	/* The specified keytab could not be found */
-	err = KRB5_KT_NOTFOUND;
-	goto done;
+        /* The specified keytab could not be found */
+        err = KRB5_KT_NOTFOUND;
+        goto done;
     }
 
     /* reduce the refcount and return */
     err = KTLOCK(id);
     if (err)
-	goto done;
+        goto done;
 
     KTREFCNT(id)--;
     KTUNLOCK(id);
 
 #ifdef HEIMDAL_COMPATIBLE
-    /* In Heimdal if the refcount hits 0, the MEMORY keytab is 
+    /* In Heimdal if the refcount hits 0, the MEMORY keytab is
      * destroyed since there is no krb5_kt_destroy function.
-     * There is no need to lock the entry while performing 
+     * There is no need to lock the entry while performing
      * these operations as the refcount will be 0 and we are
      * holding the global lock.
      */
     data = (krb5_mkt_data *)id->data;
     if (data->refcount == 0) {
-	krb5_mkt_cursor cursor, next_cursor;
+        krb5_mkt_cursor cursor, next_cursor;
 
-	node = *listp;
-	*listp = node->next;
+        node = *listp;
+        *listp = node->next;
 
-	/* destroy the contents of node->keytab (aka id) */
-	free(data->name);
+        /* destroy the contents of node->keytab (aka id) */
+        free(data->name);
 
-	/* free the keytab entries */
-	for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) {
-	    next_cursor = cursor->next;
+        /* free the keytab entries */
+        for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) {
+            next_cursor = cursor->next;
 
-	    krb5_kt_free_entry(context, cursor->entry);
-	    free(cursor->entry);
-	    free(cursor);
-	}
+            krb5_kt_free_entry(context, cursor->entry);
+            free(cursor->entry);
+            free(cursor);
+        }
 
-	/* destroy the lock */
-	k5_mutex_destroy(&(data->lock));
+        /* destroy the lock */
+        k5_mutex_destroy(&(data->lock));
 
-	/* free the private data */
-	free(data);
+        /* free the private data */
+        free(data);
 
-	/* and the keytab */
-	free(node->keytab);
+        /* and the keytab */
+        free(node->keytab);
 
-	/* and finally the node */
-	free(node);
+        /* and finally the node */
+        free(node);
     }
 #endif /* HEIMDAL_COMPATIBLE */
 
-  done:
+done:
     KTGUNLOCK;
     return(err);
 }
@@ -395,8 +396,8 @@ krb5_mkt_close(krb5_context context, krb5_keytab id)
 
 krb5_error_code KRB5_CALLCONV
 krb5_mkt_get_entry(krb5_context context, krb5_keytab id,
-		      krb5_const_principal principal, krb5_kvno kvno,
-		      krb5_enctype enctype, krb5_keytab_entry *out_entry)
+                   krb5_const_principal principal, krb5_kvno kvno,
+                   krb5_enctype enctype, krb5_keytab_entry *out_entry)
 {
     krb5_mkt_cursor   cursor;
     krb5_keytab_entry *entry, *match = NULL;
@@ -406,67 +407,67 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id,
 
     err = KTLOCK(id);
     if (err)
-	return err;
+        return err;
 
     for (cursor = KTLINK(id); cursor && cursor->entry; cursor = cursor->next) {
-	entry = cursor->entry;
-
-	/* if the principal isn't the one requested, continue to the next. */
-
-	if (!krb5_principal_compare(context, principal, entry->principal))
-	    continue;
-
-	/* if the enctype is not ignored and doesn't match, 
-	   and continue to the next */
-	if (enctype != IGNORE_ENCTYPE) {
-	    if ((err = krb5_c_enctype_compare(context, enctype, 
-					      entry->key.enctype,
-					       &similar))) {
-		/* we can't determine the enctype of the entry */
-		continue;
-	    }
-
-	    if (!similar)
-		continue;
-	}
-
-	if (kvno == IGNORE_VNO) {
-	    if (match == NULL)
-		match = entry;
-	    else if (entry->vno > match->vno)
-		match = entry;
-	} else {
-	    if (entry->vno == kvno) {
-		match = entry;
-		break;
-	    } else {
-		found_wrong_kvno++;
-	    }
-	}
+        entry = cursor->entry;
+
+        /* if the principal isn't the one requested, continue to the next. */
+
+        if (!krb5_principal_compare(context, principal, entry->principal))
+            continue;
+
+        /* if the enctype is not ignored and doesn't match,
+           and continue to the next */
+        if (enctype != IGNORE_ENCTYPE) {
+            if ((err = krb5_c_enctype_compare(context, enctype,
+                                              entry->key.enctype,
+                                              &similar))) {
+                /* we can't determine the enctype of the entry */
+                continue;
+            }
+
+            if (!similar)
+                continue;
+        }
+
+        if (kvno == IGNORE_VNO) {
+            if (match == NULL)
+                match = entry;
+            else if (entry->vno > match->vno)
+                match = entry;
+        } else {
+            if (entry->vno == kvno) {
+                match = entry;
+                break;
+            } else {
+                found_wrong_kvno++;
+            }
+        }
     }
 
     /* if we found an entry that matches, ... */
-    if (match) { 
-	out_entry->magic = match->magic;
-	out_entry->timestamp = match->timestamp;
-	out_entry->vno = match->vno;
-	out_entry->key = match->key; 
-	err = krb5_copy_keyblock_contents(context, &(match->key),
-					  &(out_entry->key));
-	/*
-	 * Coerce the enctype of the output keyblock in case we
-	 * got an inexact match on the enctype.
-	 */
-	if(enctype != IGNORE_ENCTYPE)
-		out_entry->key.enctype = enctype;
-	if(!err) {
-		err = krb5_copy_principal(context, 
-					  match->principal, 
-					  &(out_entry->principal));
-	}
+    if (match) {
+        out_entry->magic = match->magic;
+        out_entry->timestamp = match->timestamp;
+        out_entry->vno = match->vno;
+        out_entry->key = match->key;
+        err = krb5_copy_keyblock_contents(context, &(match->key),
+                                          &(out_entry->key));
+        /*
+         * Coerce the enctype of the output keyblock in case we
+         * got an inexact match on the enctype.
+         */
+        if(enctype != IGNORE_ENCTYPE)
+            out_entry->key.enctype = enctype;
+        if(!err) {
+            err = krb5_copy_principal(context,
+                                      match->principal,
+                                      &(out_entry->principal));
+        }
     } else {
-	if (!err)
-	    err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND;
+        if (!err)
+            err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND;
     }
 
     KTUNLOCK(id);
@@ -485,7 +486,7 @@ krb5_mkt_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int
     memset(name, 0, len);
     result = snprintf(name, len, "%s:%s", id->ops->prefix, KTNAME(id));
     if (SNPRINTF_OVERFLOW(result, len))
-	return(KRB5_KT_NAME_TOOLONG);
+        return(KRB5_KT_NAME_TOOLONG);
     return(0);
 }
 
@@ -500,7 +501,7 @@ krb5_mkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cur
 
     err = KTLOCK(id);
     if (err)
-	return(err);
+        return(err);
 
     *cursorp = (krb5_kt_cursor)KTLINK(id);
     KTUNLOCK(id);
@@ -512,7 +513,7 @@ krb5_mkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cur
  * krb5_mkt_get_next()
  */
 
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
 {
     krb5_mkt_cursor mkt_cursor = (krb5_mkt_cursor)*cursor;
@@ -520,24 +521,24 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry
 
     err = KTLOCK(id);
     if (err)
-	return err;
+        return err;
 
     if (mkt_cursor == NULL) {
-	KTUNLOCK(id);
-	return KRB5_KT_END;
+        KTUNLOCK(id);
+        return KRB5_KT_END;
     }
 
     entry->magic = mkt_cursor->entry->magic;
     entry->timestamp = mkt_cursor->entry->timestamp;
     entry->vno = mkt_cursor->entry->vno;
-    entry->key = mkt_cursor->entry->key; 
-    err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key), 
-				      &(entry->key));
-    if (!err) 
-	    err = krb5_copy_principal(context, mkt_cursor->entry->principal,
-				      &(entry->principal));
+    entry->key = mkt_cursor->entry->key;
+    err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key),
+                                      &(entry->key));
+    if (!err)
+        err = krb5_copy_principal(context, mkt_cursor->entry->principal,
+                                  &(entry->principal));
     if (!err)
-	*cursor = (krb5_kt_cursor *)mkt_cursor->next;
+        *cursor = (krb5_kt_cursor *)mkt_cursor->next;
     KTUNLOCK(id);
     return(err);
 }
@@ -546,7 +547,7 @@ krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry
  * krb5_mkt_end_get()
  */
 
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_mkt_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
 {
     *cursor = NULL;
@@ -558,7 +559,7 @@ krb5_mkt_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
  * krb5_mkt_add()
  */
 
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 {
     krb5_error_code err = 0;
@@ -566,47 +567,47 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 
     err = KTLOCK(id);
     if (err)
-	return err;
+        return err;
 
     cursor = (krb5_mkt_cursor)malloc(sizeof(krb5_mkt_link));
     if (cursor == NULL) {
-	err = ENOMEM;
-	goto done;
+        err = ENOMEM;
+        goto done;
     }
     cursor->entry = (krb5_keytab_entry *)malloc(sizeof(krb5_keytab_entry));
     if (cursor->entry == NULL) {
-	free(cursor);
-	err = ENOMEM;
-	goto done;
+        free(cursor);
+        err = ENOMEM;
+        goto done;
     }
     cursor->entry->magic = entry->magic;
     cursor->entry->timestamp = entry->timestamp;
     cursor->entry->vno = entry->vno;
-    err = krb5_copy_keyblock_contents(context, &(entry->key), 
-				      &(cursor->entry->key));
+    err = krb5_copy_keyblock_contents(context, &(entry->key),
+                                      &(cursor->entry->key));
     if (err) {
-	free(cursor->entry);
-	free(cursor);
-	goto done;
+        free(cursor->entry);
+        free(cursor);
+        goto done;
     }
 
     err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal));
     if (err) {
-	krb5_free_keyblock_contents(context, &(cursor->entry->key));
-	free(cursor->entry);
-	free(cursor);
-	goto done;
+        krb5_free_keyblock_contents(context, &(cursor->entry->key));
+        free(cursor->entry);
+        free(cursor);
+        goto done;
     }
 
     if (KTLINK(id) == NULL) {
-	cursor->next = NULL;
-	KTLINK(id) = cursor;
+        cursor->next = NULL;
+        KTLINK(id) = cursor;
     } else {
-	cursor->next = KTLINK(id);
-	KTLINK(id) = cursor;
+        cursor->next = KTLINK(id);
+        KTLINK(id) = cursor;
     }
 
-  done:
+done:
     KTUNLOCK(id);
     return err;
 }
@@ -615,7 +616,7 @@ krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
  * krb5_mkt_remove()
  */
 
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 {
     krb5_mkt_cursor *pcursor, next;
@@ -623,23 +624,23 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 
     err = KTLOCK(id);
     if (err)
-	return err;
+        return err;
 
     if ( KTLINK(id) == NULL ) {
-	err = KRB5_KT_NOTFOUND;
-	goto done;
+        err = KRB5_KT_NOTFOUND;
+        goto done;
     }
-	
+
     for ( pcursor = &KTLINK(id); *pcursor; pcursor = &(*pcursor)->next ) {
-	if ( (*pcursor)->entry->vno == entry->vno &&
-	     (*pcursor)->entry->key.enctype == entry->key.enctype &&
-	     krb5_principal_compare(context, (*pcursor)->entry->principal, entry->principal))
-	     break;
+        if ( (*pcursor)->entry->vno == entry->vno &&
+             (*pcursor)->entry->key.enctype == entry->key.enctype &&
+             krb5_principal_compare(context, (*pcursor)->entry->principal, entry->principal))
+            break;
     }
 
     if (!*pcursor) {
-	err = KRB5_KT_NOTFOUND;
-	goto done;
+        err = KRB5_KT_NOTFOUND;
+        goto done;
     }
 
     krb5_kt_free_entry(context, (*pcursor)->entry);
@@ -648,7 +649,7 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
     free(*pcursor);
     (*pcursor) = next;
 
-  done:
+done:
     KTUNLOCK(id);
     return err;
 }
@@ -660,9 +661,9 @@ krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 
 const struct _krb5_kt_ops krb5_mkt_ops = {
     0,
-    "MEMORY", 	/* Prefix -- this string should not appear anywhere else! */
+    "MEMORY",   /* Prefix -- this string should not appear anywhere else! */
     krb5_mkt_resolve,
-    krb5_mkt_get_name, 
+    krb5_mkt_get_name,
     krb5_mkt_close,
     krb5_mkt_get_entry,
     krb5_mkt_start_seq_get,
@@ -674,4 +675,3 @@ const struct _krb5_kt_ops krb5_mkt_ops = {
 };
 
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c
index 20ea3d755..a2e13040b 100644
--- a/src/lib/krb5/keytab/kt_srvtab.c
+++ b/src/lib/krb5/keytab/kt_srvtab.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/srvtab/kts_resolv.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -27,23 +28,23 @@
 #include "k5-int.h"
 #include <stdio.h>
 
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
 
 /*
  * Constants
  */
 
-#define KRB5_KT_VNO_1	0x0501	/* krb v5, keytab version 1 (DCE compat) */
-#define KRB5_KT_VNO	0x0502	/* krb v5, keytab version 2 (standard)  */
+#define KRB5_KT_VNO_1   0x0501  /* krb v5, keytab version 1 (DCE compat) */
+#define KRB5_KT_VNO     0x0502  /* krb v5, keytab version 2 (standard)  */
 
 #define KRB5_KT_DEFAULT_VNO KRB5_KT_VNO
 
-/* 
+/*
  * Types
  */
 typedef struct _krb5_ktsrvtab_data {
-    char *name;			/* Name of the file */
-    FILE *openf;		/* open file, if any. */
+    char *name;                 /* Name of the file */
+    FILE *openf;                /* open file, if any. */
 } krb5_ktsrvtab_data;
 
 /*
@@ -56,59 +57,59 @@ typedef struct _krb5_ktsrvtab_data {
 extern const struct _krb5_kt_ops krb5_kts_ops;
 
 static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_resolve
-	(krb5_context,
-		   const char *,
-		   krb5_keytab *);
+(krb5_context,
+ const char *,
+ krb5_keytab *);
 
 static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_name
-	(krb5_context,
-		   krb5_keytab,
-		   char *,
-		   unsigned int);
+(krb5_context,
+ krb5_keytab,
+ char *,
+ unsigned int);
 
 static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_close
-	(krb5_context,
-		   krb5_keytab);
+(krb5_context,
+ krb5_keytab);
 
 static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_entry
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_const_principal,
-		   krb5_kvno,
-		   krb5_enctype,
-		   krb5_keytab_entry *);
+(krb5_context,
+ krb5_keytab,
+ krb5_const_principal,
+ krb5_kvno,
+ krb5_enctype,
+ krb5_keytab_entry *);
 
 static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_start_seq_get
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_kt_cursor *);
+(krb5_context,
+ krb5_keytab,
+ krb5_kt_cursor *);
 
 static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_get_next
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *,
-		   krb5_kt_cursor *);
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *,
+ krb5_kt_cursor *);
 
 static krb5_error_code KRB5_CALLCONV krb5_ktsrvtab_end_get
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_kt_cursor *);
+(krb5_context,
+ krb5_keytab,
+ krb5_kt_cursor *);
 
 static krb5_error_code krb5_ktsrvint_open
-	(krb5_context,
-		   krb5_keytab);
+(krb5_context,
+ krb5_keytab);
 
 static krb5_error_code krb5_ktsrvint_close
-	(krb5_context,
-		   krb5_keytab);
+(krb5_context,
+ krb5_keytab);
 
-static krb5_error_code krb5_ktsrvint_read_entry 
-	(krb5_context,
-		   krb5_keytab,
-		   krb5_keytab_entry *);
+static krb5_error_code krb5_ktsrvint_read_entry
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
 
 /*
- * This is an implementation specific resolver.  It returns a keytab id 
+ * This is an implementation specific resolver.  It returns a keytab id
  * initialized with srvtab keytab routines.
  */
 
@@ -118,20 +119,20 @@ krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id)
     krb5_ktsrvtab_data *data;
 
     if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL)
-	return(ENOMEM);
-    
+        return(ENOMEM);
+
     (*id)->ops = &krb5_kts_ops;
     data = (krb5_ktsrvtab_data *)malloc(sizeof(krb5_ktsrvtab_data));
     if (data == NULL) {
-	free(*id);
-	return(ENOMEM);
+        free(*id);
+        return(ENOMEM);
     }
 
     data->name = strdup(name);
     if (data->name == NULL) {
-	free(data);
-	free(*id);
-	return(ENOMEM);
+        free(data);
+        free(*id);
+        return(ENOMEM);
     }
 
     data->openf = 0;
@@ -148,13 +149,13 @@ krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id)
 
 krb5_error_code KRB5_CALLCONV
 krb5_ktsrvtab_close(krb5_context context, krb5_keytab id)
-  /*
-   * This routine is responsible for freeing all memory allocated 
-   * for this keytab.  There are no system resources that need
-   * to be freed nor are there any open files.
-   *
-   * This routine should undo anything done by krb5_ktsrvtab_resolve().
-   */
+/*
+ * This routine is responsible for freeing all memory allocated
+ * for this keytab.  There are no system resources that need
+ * to be freed nor are there any open files.
+ *
+ * This routine should undo anything done by krb5_ktsrvtab_resolve().
+ */
 {
     free(KTFILENAME(id));
     free(id->data);
@@ -178,7 +179,7 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip
 
     /* Open the srvtab. */
     if ((kerror = krb5_ktsrvint_open(context, id)))
-	return(kerror);
+        return(kerror);
 
     /* srvtab files only have DES_CBC_CRC keys. */
     switch (enctype) {
@@ -187,50 +188,50 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip
     case ENCTYPE_DES_CBC_MD4:
     case ENCTYPE_DES_CBC_RAW:
     case IGNORE_ENCTYPE:
-	break;
+        break;
     default:
-	return KRB5_KT_NOTFOUND;
+        return KRB5_KT_NOTFOUND;
     }
 
     best_entry.principal = 0;
     best_entry.vno = 0;
     best_entry.key.contents = 0;
     while ((kerror = krb5_ktsrvint_read_entry(context, id, &ent)) == 0) {
-	ent.key.enctype = enctype;
-	if (krb5_principal_compare(context, principal, ent.principal)) {
-	    if (kvno == IGNORE_VNO) {
-		if (!best_entry.principal || (best_entry.vno < ent.vno)) {
-		    krb5_kt_free_entry(context, &best_entry);
-		    best_entry = ent;
-		}
-	    } else {
-		if (ent.vno == kvno) {
-		    best_entry = ent;
-		    break;
-		} else {
-		    found_wrong_kvno = 1;
-		}
-	    }
-	} else {
-	    krb5_kt_free_entry(context, &ent);
-	}
+        ent.key.enctype = enctype;
+        if (krb5_principal_compare(context, principal, ent.principal)) {
+            if (kvno == IGNORE_VNO) {
+                if (!best_entry.principal || (best_entry.vno < ent.vno)) {
+                    krb5_kt_free_entry(context, &best_entry);
+                    best_entry = ent;
+                }
+            } else {
+                if (ent.vno == kvno) {
+                    best_entry = ent;
+                    break;
+                } else {
+                    found_wrong_kvno = 1;
+                }
+            }
+        } else {
+            krb5_kt_free_entry(context, &ent);
+        }
     }
     if (kerror == KRB5_KT_END) {
-	 if (best_entry.principal)
-	      kerror = 0;
-	 else if (found_wrong_kvno)
-	      kerror = KRB5_KT_KVNONOTFOUND;
-	 else
-	      kerror = KRB5_KT_NOTFOUND;
+        if (best_entry.principal)
+            kerror = 0;
+        else if (found_wrong_kvno)
+            kerror = KRB5_KT_KVNONOTFOUND;
+        else
+            kerror = KRB5_KT_NOTFOUND;
     }
     if (kerror) {
-	(void) krb5_ktsrvint_close(context, id);
-	krb5_kt_free_entry(context, &best_entry);
-	return kerror;
+        (void) krb5_ktsrvint_close(context, id);
+        krb5_kt_free_entry(context, &best_entry);
+        return kerror;
     }
     if ((kerror = krb5_ktsrvint_close(context, id)) != 0) {
-	krb5_kt_free_entry(context, &best_entry);
-	return kerror;
+        krb5_kt_free_entry(context, &best_entry);
+        return kerror;
     }
     *entry = best_entry;
     return 0;
@@ -242,18 +243,18 @@ krb5_ktsrvtab_get_entry(krb5_context context, krb5_keytab id, krb5_const_princip
 
 krb5_error_code KRB5_CALLCONV
 krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len)
-  /* 
-   * This routine returns the name of the name of the file associated with
-   * this srvtab-based keytab.  The name is prefixed with PREFIX:, so that
-   * trt will happen if the name is passed back to resolve.
-   */
+/*
+ * This routine returns the name of the name of the file associated with
+ * this srvtab-based keytab.  The name is prefixed with PREFIX:, so that
+ * trt will happen if the name is passed back to resolve.
+ */
 {
     int result;
 
     memset(name, 0, len);
     result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id));
     if (SNPRINTF_OVERFLOW(result, len))
-	return(KRB5_KT_NAME_TOOLONG);
+        return(KRB5_KT_NAME_TOOLONG);
     return(0);
 }
 
@@ -268,11 +269,11 @@ krb5_ktsrvtab_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor
     long *fileoff;
 
     if ((retval = krb5_ktsrvint_open(context, id)))
-	return retval;
+        return retval;
 
     if (!(fileoff = (long *)malloc(sizeof(*fileoff)))) {
-	krb5_ktsrvint_close(context, id);
-	return ENOMEM;
+        krb5_ktsrvint_close(context, id);
+        return ENOMEM;
     }
     *fileoff = ftell(KTFILEP(id));
     *cursorp = (krb5_kt_cursor)fileoff;
@@ -292,9 +293,9 @@ krb5_ktsrvtab_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *
     krb5_error_code kerror;
 
     if (fseek(KTFILEP(id), *fileoff, 0) == -1)
-	return KRB5_KT_END;
+        return KRB5_KT_END;
     if ((kerror = krb5_ktsrvint_read_entry(context, id, &cur_entry)))
-	return kerror;
+        return kerror;
     *fileoff = ftell(KTFILEP(id));
     *entry = cur_entry;
     return 0;
@@ -317,9 +318,9 @@ krb5_ktsrvtab_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *curs
 
 const struct _krb5_kt_ops krb5_kts_ops = {
     0,
-    "SRVTAB", 	/* Prefix -- this string should not appear anywhere else! */
+    "SRVTAB",   /* Prefix -- this string should not appear anywhere else! */
     krb5_ktsrvtab_resolve,
-    krb5_ktsrvtab_get_name, 
+    krb5_ktsrvtab_get_name,
     krb5_ktsrvtab_close,
     krb5_ktsrvtab_get_entry,
     krb5_ktsrvtab_start_seq_get,
@@ -344,7 +345,7 @@ const struct _krb5_kt_ops krb5_kts_ops = {
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -358,7 +359,7 @@ const struct _krb5_kt_ops krb5_kts_ops = {
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * This function contains utilities for the srvtab based implementation
  * of the keytab.  There are no public functions in this file.
@@ -367,17 +368,17 @@ const struct _krb5_kt_ops krb5_kts_ops = {
 #include <stdio.h>
 
 #ifdef ANSI_STDIO
-#define		READ_MODE	"rb"
+#define         READ_MODE       "rb"
 #else
-#define		READ_MODE	"r"
+#define         READ_MODE       "r"
 #endif
 
 /* The maximum sizes for V4 aname, realm, sname, and instance +1 */
 /* Taken from krb.h */
-#define 	ANAME_SZ	40
-#define		REALM_SZ	40
-#define		SNAME_SZ	40
-#define		INST_SZ		40
+#define         ANAME_SZ        40
+#define         REALM_SZ        40
+#define         SNAME_SZ        40
+#define         INST_SZ         40
 
 static krb5_error_code
 read_field(FILE *fp, char *s, int len)
@@ -385,11 +386,11 @@ read_field(FILE *fp, char *s, int len)
     int c;
 
     while ((c = getc(fp)) != 0) {
-	if (c == EOF || len <= 1)
-	    return KRB5_KT_END;
-	*s = c;
-	s++;
-	len--;
+        if (c == EOF || len <= 1)
+            return KRB5_KT_END;
+        *s = c;
+        s++;
+        len--;
     }
     *s = 0;
     return 0;
@@ -400,7 +401,7 @@ krb5_ktsrvint_open(krb5_context context, krb5_keytab id)
 {
     KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE);
     if (!KTFILEP(id))
-	return errno;
+        return errno;
     set_cloexec_file(KTFILEP(id));
     return 0;
 }
@@ -409,7 +410,7 @@ krb5_error_code
 krb5_ktsrvint_close(krb5_context context, krb5_keytab id)
 {
     if (!KTFILEP(id))
-	return 0;
+        return 0;
     (void) fclose(KTFILEP(id));
     KTFILEP(id) = 0;
     return 0;
@@ -428,18 +429,18 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry
     fp = KTFILEP(id);
     kerror = read_field(fp, name, sizeof(name));
     if (kerror != 0)
-	return kerror;
+        return kerror;
     kerror = read_field(fp, instance, sizeof(instance));
     if (kerror != 0)
-	return kerror;
+        return kerror;
     kerror = read_field(fp, realm, sizeof(realm));
     if (kerror != 0)
-	return kerror;
+        return kerror;
     vno = getc(fp);
     if (vno == EOF)
-	return KRB5_KT_END;
+        return KRB5_KT_END;
     if (fread(key, 1, sizeof(key), fp) != sizeof(key))
-	return KRB5_KT_END;
+        return KRB5_KT_END;
 
     /* Fill in ret_entry with the data we read.  Everything maps well
      * except for the timestamp, which we don't have a value for.  For
@@ -447,9 +448,9 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry
     memset(ret_entry, 0, sizeof(*ret_entry));
     ret_entry->magic = KV5M_KEYTAB_ENTRY;
     kerror = krb5_425_conv_principal(context, name, instance, realm,
-				     &ret_entry->principal);
+                                     &ret_entry->principal);
     if (kerror != 0)
-	return kerror;
+        return kerror;
     ret_entry->vno = vno;
     ret_entry->timestamp = 0;
     ret_entry->key.enctype = ENCTYPE_DES_CBC_CRC;
@@ -457,12 +458,11 @@ krb5_ktsrvint_read_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry
     ret_entry->key.length = sizeof(key);
     ret_entry->key.contents = malloc(sizeof(key));
     if (!ret_entry->key.contents) {
-	krb5_free_principal(context, ret_entry->principal);
-	return ENOMEM;
+        krb5_free_principal(context, ret_entry->principal);
+        return ENOMEM;
     }
     memcpy(ret_entry->key.contents, key, sizeof(key));
 
     return 0;
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/ktadd.c b/src/lib/krb5/keytab/ktadd.c
index 360dd64cd..10bb24649 100644
--- a/src/lib/krb5/keytab/ktadd.c
+++ b/src/lib/krb5/keytab/ktadd.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/ktadd.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_kt_add_entry()
  */
@@ -35,9 +36,8 @@ krb5_error_code KRB5_CALLCONV
 krb5_kt_add_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 {
     if (id->ops->add)
-	return (*id->ops->add)(context, id, entry);
+        return (*id->ops->add)(context, id, entry);
     else
-	return KRB5_KT_NOWRITE;
+        return KRB5_KT_NOWRITE;
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c
index b99bee403..b88380e27 100644
--- a/src/lib/krb5/keytab/ktbase.c
+++ b/src/lib/krb5/keytab/ktbase.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/ktbase.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Copyright 2007 by Secure Endpoints Inc.
  *
@@ -91,12 +92,12 @@ int krb5int_kt_initialize(void)
 
     err = k5_mutex_finish_init(&kt_typehead_lock);
     if (err)
-	goto done;
+        goto done;
     err = krb5int_mkt_initialize();
     if (err)
-	goto done;
+        goto done;
 
-  done:
+done:
     return(err);
 }
 
@@ -107,8 +108,8 @@ krb5int_kt_finalize(void)
 
     k5_mutex_destroy(&kt_typehead_lock);
     for (t = kt_typehead; t != &krb5_kt_typelist_file; t = t_next) {
-	t_next = t->next;
-	free((struct krb5_kt_typelist *)t);
+        t_next = t->next;
+        free((struct krb5_kt_typelist *)t);
     }
 
     krb5int_mkt_finalize();
@@ -129,16 +130,16 @@ krb5_kt_register(krb5_context context, const krb5_kt_ops *ops)
 
     err = k5_mutex_lock(&kt_typehead_lock);
     if (err)
-	return err;
+        return err;
     for (t = kt_typehead; t && strcmp(t->ops->prefix,ops->prefix);t = t->next)
-	;
+        ;
     if (t) {
-	k5_mutex_unlock(&kt_typehead_lock);
-	return KRB5_KT_TYPE_EXISTS;
+        k5_mutex_unlock(&kt_typehead_lock);
+        return KRB5_KT_TYPE_EXISTS;
     }
     if (!(newt = (struct krb5_kt_typelist *) malloc(sizeof(*t)))) {
-	k5_mutex_unlock(&kt_typehead_lock);
-	return ENOMEM;
+        k5_mutex_unlock(&kt_typehead_lock);
+        return ENOMEM;
     }
     newt->next = kt_typehead;
     newt->ops = ops;
@@ -172,7 +173,7 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid)
 
     cp = strchr (name, ':');
     if (!cp)
-	return (*krb5_kt_dfl_ops.resolve)(context, name, ktid);
+        return (*krb5_kt_dfl_ops.resolve)(context, name, ktid);
 
     pfxlen = cp - name;
 
@@ -184,13 +185,13 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid)
 
         resid = name;
     } else if (name[0] == '/') {
-	pfx = strdup("FILE");
-	if (!pfx)
-	    return ENOMEM;
-	resid = name;
+        pfx = strdup("FILE");
+        if (!pfx)
+            return ENOMEM;
+        resid = name;
     } else {
         resid = name + pfxlen + 1;
-	
+
         pfx = malloc (pfxlen+1);
         if (!pfx)
             return ENOMEM;
@@ -203,19 +204,19 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid)
 
     err = k5_mutex_lock(&kt_typehead_lock);
     if (err)
-	goto cleanup;
+        goto cleanup;
     tlist = kt_typehead;
     /* Don't need to hold the lock, since entries are never modified
        or removed once they're in the list.  Just need to protect
        access to the list head variable itself.  */
     k5_mutex_unlock(&kt_typehead_lock);
     for (; tlist; tlist = tlist->next) {
-	if (strcmp (tlist->ops->prefix, pfx) == 0) {
-	    err = (*tlist->ops->resolve)(context, resid, &id);
-	    if (!err)
-		*ktid = id;
-	    goto cleanup;
-	}
+        if (strcmp (tlist->ops->prefix, pfx) == 0) {
+            err = (*tlist->ops->resolve)(context, resid, &id);
+            if (!err)
+                *ktid = id;
+            goto cleanup;
+        }
     }
     err = KRB5_KT_UNKNOWN_TYPE;
 
@@ -226,69 +227,69 @@ cleanup:
 
 /*
  * Routines to deal with externalizingt krb5_keytab.
- *	krb5_keytab_size();
- *	krb5_keytab_externalize();
- *	krb5_keytab_internalize();
+ *      krb5_keytab_size();
+ *      krb5_keytab_externalize();
+ *      krb5_keytab_internalize();
  */
 static krb5_error_code krb5_keytab_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_keytab_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_keytab_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /*
  * Serialization entry for this type.
  */
 static const krb5_ser_entry krb5_keytab_ser_entry = {
-    KV5M_KEYTAB,			/* Type			*/
-    krb5_keytab_size,			/* Sizer routine	*/
-    krb5_keytab_externalize,		/* Externalize routine	*/
-    krb5_keytab_internalize		/* Internalize routine	*/
+    KV5M_KEYTAB,                        /* Type                 */
+    krb5_keytab_size,                   /* Sizer routine        */
+    krb5_keytab_externalize,            /* Externalize routine  */
+    krb5_keytab_internalize             /* Internalize routine  */
 };
 
 static krb5_error_code
 krb5_keytab_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_keytab		keytab;
-    krb5_ser_handle	shandle;
+    krb5_error_code     kret;
+    krb5_keytab         keytab;
+    krb5_ser_handle     shandle;
 
     kret = EINVAL;
     if ((keytab = (krb5_keytab) arg) &&
-	keytab->ops &&
-	(shandle = (krb5_ser_handle) keytab->ops->serializer) &&
-	shandle->sizer)
-	kret = (*shandle->sizer)(kcontext, arg, sizep);
+        keytab->ops &&
+        (shandle = (krb5_ser_handle) keytab->ops->serializer) &&
+        shandle->sizer)
+        kret = (*shandle->sizer)(kcontext, arg, sizep);
     return(kret);
 }
 
 static krb5_error_code
 krb5_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_keytab		keytab;
-    krb5_ser_handle	shandle;
+    krb5_error_code     kret;
+    krb5_keytab         keytab;
+    krb5_ser_handle     shandle;
 
     kret = EINVAL;
     if ((keytab = (krb5_keytab) arg) &&
-	keytab->ops &&
-	(shandle = (krb5_ser_handle) keytab->ops->serializer) &&
-	shandle->externalizer)
-	kret = (*shandle->externalizer)(kcontext, arg, buffer, lenremain);
+        keytab->ops &&
+        (shandle = (krb5_ser_handle) keytab->ops->serializer) &&
+        shandle->externalizer)
+        kret = (*shandle->externalizer)(kcontext, arg, buffer, lenremain);
     return(kret);
 }
 
 static krb5_error_code
 krb5_keytab_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_ser_handle	shandle;
+    krb5_error_code     kret;
+    krb5_ser_handle     shandle;
 
     kret = EINVAL;
     if ((shandle = (krb5_ser_handle) krb5_kt_dfl_ops.serializer) &&
-	shandle->internalizer)
-	kret = (*shandle->internalizer)(kcontext, argp, buffer, lenremain);
+        shandle->internalizer)
+        kret = (*shandle->internalizer)(kcontext, argp, buffer, lenremain);
     return(kret);
 }
 
@@ -298,4 +299,3 @@ krb5_ser_keytab_init(krb5_context kcontext)
     return(krb5_register_serializer(kcontext, &krb5_keytab_ser_entry));
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/ktdefault.c b/src/lib/krb5/keytab/ktdefault.c
index 3d7ee0946..7a4d68f1b 100644
--- a/src/lib/krb5/keytab/ktdefault.c
+++ b/src/lib/krb5/keytab/ktdefault.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/ktdefault.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Get a default keytab.
  */
@@ -38,9 +39,8 @@ krb5_kt_default(krb5_context context, krb5_keytab *id)
     krb5_error_code retval;
 
     if ((retval = krb5_kt_default_name(context, defname, sizeof(defname))))
-	return retval;
+        return retval;
     return krb5_kt_resolve(context, defname, id);
 }
 
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c
index 9239f3d16..3496c0964 100644
--- a/src/lib/krb5/keytab/ktfns.c
+++ b/src/lib/krb5/keytab/ktfns.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/ktfns.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -28,7 +29,7 @@
  * Dispatch methods for keytab code.
  */
 
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
 
 #include "k5-int.h"
 
@@ -40,7 +41,7 @@ krb5_kt_get_type (krb5_context context, krb5_keytab keytab)
 
 krb5_error_code KRB5_CALLCONV
 krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name,
-		 unsigned int namelen)
+                 unsigned int namelen)
 {
     return krb5_x((keytab)->ops->get_name,(context, keytab,name,namelen));
 }
@@ -53,48 +54,47 @@ krb5_kt_close(krb5_context context, krb5_keytab keytab)
 
 krb5_error_code KRB5_CALLCONV
 krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
-		  krb5_const_principal principal, krb5_kvno vno,
-		  krb5_enctype enctype, krb5_keytab_entry *entry)
+                  krb5_const_principal principal, krb5_kvno vno,
+                  krb5_enctype enctype, krb5_keytab_entry *entry)
 {
     krb5_error_code err;
     krb5_principal_data princ_data;
 
     if (krb5_is_referral_realm(&principal->realm)) {
-	char *realm;
-	princ_data = *principal;
-	principal = &princ_data;
-	err = krb5_get_default_realm(context, &realm);
-	if (err)
-	    return err;
-	princ_data.realm.data = realm;
-	princ_data.realm.length = strlen(realm);
+        char *realm;
+        princ_data = *principal;
+        principal = &princ_data;
+        err = krb5_get_default_realm(context, &realm);
+        if (err)
+            return err;
+        princ_data.realm.data = realm;
+        princ_data.realm.length = strlen(realm);
     }
     err = krb5_x((keytab)->ops->get,(context, keytab, principal, vno, enctype,
-				     entry));
+                                     entry));
     if (principal == &princ_data)
-	krb5_free_default_realm(context, princ_data.realm.data);
+        krb5_free_default_realm(context, princ_data.realm.data);
     return err;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
-		      krb5_kt_cursor *cursor)
+                      krb5_kt_cursor *cursor)
 {
     return krb5_x((keytab)->ops->start_seq_get,(context, keytab, cursor));
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
-		   krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
+                   krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
 {
     return krb5_x((keytab)->ops->get_next,(context, keytab, entry, cursor));
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
-		    krb5_kt_cursor *cursor)
+                    krb5_kt_cursor *cursor)
 {
     return krb5_x((keytab)->ops->end_get,(context, keytab, cursor));
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/ktfr_entry.c b/src/lib/krb5/keytab/ktfr_entry.c
index 9587efc63..8fdbda2fc 100644
--- a/src/lib/krb5/keytab/ktfr_entry.c
+++ b/src/lib/krb5/keytab/ktfr_entry.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/ktfr_entry.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,11 +23,11 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_kt_free_entry()
  */
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
 
 #include "k5-int.h"
 
@@ -34,12 +35,12 @@ krb5_error_code KRB5_CALLCONV
 krb5_free_keytab_entry_contents (krb5_context context, krb5_keytab_entry *entry)
 {
     if (!entry)
-	return 0;
-    
+        return 0;
+
     krb5_free_principal(context, entry->principal);
     if (entry->key.contents) {
-	zap((char *)entry->key.contents, entry->key.length);
-	free(entry->key.contents);
+        zap((char *)entry->key.contents, entry->key.length);
+        free(entry->key.contents);
     }
     return 0;
 }
@@ -50,4 +51,3 @@ krb5_kt_free_entry (krb5_context context, krb5_keytab_entry *entry)
     return krb5_free_keytab_entry_contents (context, entry);
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/ktremove.c b/src/lib/krb5/keytab/ktremove.c
index 4ba6063f7..1ccefd842 100644
--- a/src/lib/krb5/keytab/ktremove.c
+++ b/src/lib/krb5/keytab/ktremove.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/ktremove.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,11 +23,11 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_kt_remove_entry()
  */
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
 
 #include "k5-int.h"
 
@@ -34,9 +35,8 @@ krb5_error_code KRB5_CALLCONV
 krb5_kt_remove_entry (krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
 {
     if (id->ops->remove)
-	return (*id->ops->remove)(context, id, entry);
+        return (*id->ops->remove)(context, id, entry);
     else
-	return KRB5_KT_NOWRITE;
+        return KRB5_KT_NOWRITE;
 }
 #endif /* LEAN_CLIENT  */
-
diff --git a/src/lib/krb5/keytab/read_servi.c b/src/lib/krb5/keytab/read_servi.c
index 6638a5a92..0172edbb0 100644
--- a/src/lib/krb5/keytab/read_servi.c
+++ b/src/lib/krb5/keytab/read_servi.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/read_servi.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,25 +23,25 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
  *
- * This routine is designed to be passed to krb5_rd_req.  
+ *
+ * This routine is designed to be passed to krb5_rd_req.
  * It is a convenience function that reads a key out of a keytab.
- * It handles all of the opening and closing of the keytab 
- * internally. 
+ * It handles all of the opening and closing of the keytab
+ * internally.
  */
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
 
 #include "k5-int.h"
 
 #define KSUCCESS 0
 
 /*
- * effects: If keyprocarg is not NULL, it is taken to be the name of a 
- *	keytab.  Otherwise, the default keytab will be used.  This 
- *	routine opens the keytab and finds the principal associated with
- *	principal, vno, and enctype and returns the resulting key in *key 
- *	or returning an error code if it is not	found. 
+ * effects: If keyprocarg is not NULL, it is taken to be the name of a
+ *      keytab.  Otherwise, the default keytab will be used.  This
+ *      routine opens the keytab and finds the principal associated with
+ *      principal, vno, and enctype and returns the resulting key in *key
+ *      or returning an error code if it is not found.
  * returns: Either KSUCCESS or error code.
  * errors: error code if not found or keyprocarg is invalid.
  */
@@ -51,28 +52,28 @@ krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_pri
     char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */
     krb5_keytab id;
     krb5_keytab_entry entry;
-        
+
     /*
-     * Get the name of the file that we should use. 
+     * Get the name of the file that we should use.
      */
     if (!keyprocarg) {
-	if ((kerror = krb5_kt_default_name(context, (char *)keytabname, 
-					   sizeof(keytabname) - 1))!= KSUCCESS)
-	    return (kerror);
+        if ((kerror = krb5_kt_default_name(context, (char *)keytabname,
+                                           sizeof(keytabname) - 1))!= KSUCCESS)
+            return (kerror);
     } else {
-	memset(keytabname, 0, sizeof(keytabname));
-	(void) strncpy(keytabname, (char *)keyprocarg, 
-		       sizeof(keytabname) - 1);
+        memset(keytabname, 0, sizeof(keytabname));
+        (void) strncpy(keytabname, (char *)keyprocarg,
+                       sizeof(keytabname) - 1);
     }
 
     if ((kerror = krb5_kt_resolve(context, (char *)keytabname, &id)))
-	return (kerror);
+        return (kerror);
 
     kerror = krb5_kt_get_entry(context, id, principal, vno, enctype, &entry);
     krb5_kt_close(context, id);
 
     if (kerror)
-	return(kerror);
+        return(kerror);
 
     krb5_copy_keyblock(context, &entry.key, key);
 
@@ -81,4 +82,3 @@ krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_pri
     return (KSUCCESS);
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/keytab/t_keytab.c b/src/lib/krb5/keytab/t_keytab.c
index d23502226..607ce9ffb 100644
--- a/src/lib/krb5/keytab/t_keytab.c
+++ b/src/lib/krb5/keytab/t_keytab.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/t_keytab.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +23,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  * A set of tests for the keytab interface
  */
@@ -45,410 +46,410 @@ extern const krb5_kt_ops krb5_ktf_writable_ops;
 
 #define KRB5_OK 0
 
-#define CHECK(kret,msg) \
-     if (kret != KRB5_OK) {\
-	  com_err(msg, kret, ""); \
-          fflush(stderr);\
-          exit(1);\
-     } else if(debug) printf("%s went ok\n", msg);
+#define CHECK(kret,msg)                                 \
+    if (kret != KRB5_OK) {                              \
+        com_err(msg, kret, "");                         \
+        fflush(stderr);                                 \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
 
 
-#define CHECK_STR(str,msg) \
-     if (str == 0) {\
-	  com_err(msg, kret, "");\
-          exit(1);\
-     } else if(debug) printf("%s went ok\n", msg);
+#define CHECK_STR(str,msg)                              \
+    if (str == 0) {                                     \
+        com_err(msg, kret, "");                         \
+        exit(1);                                        \
+    } else if(debug) printf("%s went ok\n", msg);
 
 static void test_misc(krb5_context context)
 {
-  /* Tests for certain error returns */
-  krb5_error_code	kret;
-  krb5_keytab ktid;
-  char defname[BUFSIZ];
-  char *name;
-
-  fprintf(stderr, "Testing miscellaneous error conditions\n");
-
-  kret = krb5_kt_resolve(context, "unknown_method_ep:/tmp/name", &ktid);
-  if (kret != KRB5_KT_UNKNOWN_TYPE) {
-    CHECK(kret, "resolve unknown type");
-  }
-
-  /* Test length limits on krb5_kt_default_name */
-  kret = krb5_kt_default_name(context, defname, sizeof(defname));
-  CHECK(kret, "krb5_kt_default_name error");
-
-  /* Now allocate space - without the null... */
-  name = malloc(strlen(defname));
-  if(!name) {
-	  fprintf(stderr, "Out of memory in testing\n");
-	  exit(1);
-  }
-  kret = krb5_kt_default_name(context, name, strlen(defname));
-  free(name);
-  if (kret != KRB5_CONFIG_NOTENUFSPACE) {
-	  CHECK(kret, "krb5_kt_default_name limited");
-  }
+    /* Tests for certain error returns */
+    krb5_error_code       kret;
+    krb5_keytab ktid;
+    char defname[BUFSIZ];
+    char *name;
+
+    fprintf(stderr, "Testing miscellaneous error conditions\n");
+
+    kret = krb5_kt_resolve(context, "unknown_method_ep:/tmp/name", &ktid);
+    if (kret != KRB5_KT_UNKNOWN_TYPE) {
+        CHECK(kret, "resolve unknown type");
+    }
+
+    /* Test length limits on krb5_kt_default_name */
+    kret = krb5_kt_default_name(context, defname, sizeof(defname));
+    CHECK(kret, "krb5_kt_default_name error");
+
+    /* Now allocate space - without the null... */
+    name = malloc(strlen(defname));
+    if(!name) {
+        fprintf(stderr, "Out of memory in testing\n");
+        exit(1);
+    }
+    kret = krb5_kt_default_name(context, name, strlen(defname));
+    free(name);
+    if (kret != KRB5_CONFIG_NOTENUFSPACE) {
+        CHECK(kret, "krb5_kt_default_name limited");
+    }
 }
 
 static void kt_test(krb5_context context, const char *name)
 {
-     krb5_error_code kret;
-     krb5_keytab kt;
-     const char *type;
-     char buf[BUFSIZ];
-     char *p;
-     krb5_keytab_entry kent, kent2;
-     krb5_principal princ;
-     krb5_kt_cursor cursor, cursor2;
-     int cnt;
-
-     kret = krb5_kt_resolve(context, name, &kt);
-     CHECK(kret, "resolve");
-
-     type = krb5_kt_get_type(context, kt);
-     CHECK_STR(type, "getting kt type");
-     printf("  Type is: %s\n", type);
-
-     kret = krb5_kt_get_name(context, kt, buf, sizeof(buf));
-     CHECK(kret, "get_name");
-     printf("  Name is: %s\n", buf);
-
-     /* Check that length checks fail */
-     /* The buffer is allocated too small - to allow for valgrind test of
-	overflows
+    krb5_error_code kret;
+    krb5_keytab kt;
+    const char *type;
+    char buf[BUFSIZ];
+    char *p;
+    krb5_keytab_entry kent, kent2;
+    krb5_principal princ;
+    krb5_kt_cursor cursor, cursor2;
+    int cnt;
+
+    kret = krb5_kt_resolve(context, name, &kt);
+    CHECK(kret, "resolve");
+
+    type = krb5_kt_get_type(context, kt);
+    CHECK_STR(type, "getting kt type");
+    printf("  Type is: %s\n", type);
+
+    kret = krb5_kt_get_name(context, kt, buf, sizeof(buf));
+    CHECK(kret, "get_name");
+    printf("  Name is: %s\n", buf);
+
+    /* Check that length checks fail */
+    /* The buffer is allocated too small - to allow for valgrind test of
+       overflows
+    */
+    p = malloc(strlen(buf));
+    kret = krb5_kt_get_name(context, kt, p, 1);
+    if(kret != KRB5_KT_NAME_TOOLONG) {
+        CHECK(kret, "get_name - size 1");
+    }
+
+
+    kret = krb5_kt_get_name(context, kt, p, strlen(buf));
+    if(kret != KRB5_KT_NAME_TOOLONG) {
+        CHECK(kret, "get_name");
+    }
+    free(p);
+
+    /* Try to lookup unknown principal - when keytab does not exist*/
+    kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
+    CHECK(kret, "parsing principal");
+
+
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
+    if((kret != KRB5_KT_NOTFOUND) && (kret != ENOENT)) {
+        CHECK(kret, "Getting non-existant entry");
+    }
+
+
+    /* ===================   Add entries to keytab ================= */
+    /*
+     * Add the following for this principal
+     * enctype 1, kvno 1, key = "1"
+     * enctype 2, kvno 1, key = "1"
+     * enctype 1, kvno 2, key = "2"
      */
-     p = malloc(strlen(buf));
-     kret = krb5_kt_get_name(context, kt, p, 1);
-     if(kret != KRB5_KT_NAME_TOOLONG) {
-	     CHECK(kret, "get_name - size 1");
-     }
-
-
-     kret = krb5_kt_get_name(context, kt, p, strlen(buf));
-     if(kret != KRB5_KT_NAME_TOOLONG) {
-	     CHECK(kret, "get_name");
-     }
-     free(p);
-
-     /* Try to lookup unknown principal - when keytab does not exist*/
-     kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
-     CHECK(kret, "parsing principal");
-
-     
-     kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
-     if((kret != KRB5_KT_NOTFOUND) && (kret != ENOENT)) {
-	     CHECK(kret, "Getting non-existant entry");
-     }
-
-
-     /* ===================   Add entries to keytab ================= */
-     /*
-      * Add the following for this principal
-      * enctype 1, kvno 1, key = "1"
-      * enctype 2, kvno 1, key = "1"
-      * enctype 1, kvno 2, key = "2"
-      */
-     memset(&kent, 0, sizeof(kent));
-     kent.magic = KV5M_KEYTAB_ENTRY;
-     kent.principal = princ;
-     kent.timestamp = 327689;
-     kent.vno = 1;
-     kent.key.magic = KV5M_KEYBLOCK;
-     kent.key.enctype = 1;
-     kent.key.length = 1;
-     kent.key.contents = (krb5_octet *) "1";
-
-
-     kret = krb5_kt_add_entry(context, kt, &kent);
-     CHECK(kret, "Adding initial entry");
-
-     kent.key.enctype = 2;
-     kret = krb5_kt_add_entry(context, kt, &kent);
-     CHECK(kret, "Adding second entry");
-
-     kent.key.enctype = 1;
-     kent.vno = 2;
-     kent.key.contents = (krb5_octet *) "2";
-     kret = krb5_kt_add_entry(context, kt, &kent);
-     CHECK(kret, "Adding third entry");
-     
-     /* Free memory */
-     krb5_free_principal(context, princ);
-
-     /* ==============   Test iterating over contents of keytab ========= */
-
-     kret = krb5_kt_start_seq_get(context, kt, &cursor);
-     CHECK(kret, "Start sequence get");
-
-
-     memset(&kent, 0, sizeof(kent));
-     cnt = 0;
-     while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) {
-	     if(((kent.vno != 1) && (kent.vno != 2)) || 
-		((kent.key.enctype != 1) && (kent.key.enctype != 2)) || 
-		(kent.key.length != 1) ||
-		(kent.key.contents[0] != kent.vno +'0')) {
-		     fprintf(stderr, "Error in read contents\n");
-		     exit(1);
-	     }
+    memset(&kent, 0, sizeof(kent));
+    kent.magic = KV5M_KEYTAB_ENTRY;
+    kent.principal = princ;
+    kent.timestamp = 327689;
+    kent.vno = 1;
+    kent.key.magic = KV5M_KEYBLOCK;
+    kent.key.enctype = 1;
+    kent.key.length = 1;
+    kent.key.contents = (krb5_octet *) "1";
+
+
+    kret = krb5_kt_add_entry(context, kt, &kent);
+    CHECK(kret, "Adding initial entry");
+
+    kent.key.enctype = 2;
+    kret = krb5_kt_add_entry(context, kt, &kent);
+    CHECK(kret, "Adding second entry");
+
+    kent.key.enctype = 1;
+    kent.vno = 2;
+    kent.key.contents = (krb5_octet *) "2";
+    kret = krb5_kt_add_entry(context, kt, &kent);
+    CHECK(kret, "Adding third entry");
+
+    /* Free memory */
+    krb5_free_principal(context, princ);
+
+    /* ==============   Test iterating over contents of keytab ========= */
+
+    kret = krb5_kt_start_seq_get(context, kt, &cursor);
+    CHECK(kret, "Start sequence get");
+
+
+    memset(&kent, 0, sizeof(kent));
+    cnt = 0;
+    while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) {
+        if(((kent.vno != 1) && (kent.vno != 2)) ||
+           ((kent.key.enctype != 1) && (kent.key.enctype != 2)) ||
+           (kent.key.length != 1) ||
+           (kent.key.contents[0] != kent.vno +'0')) {
+            fprintf(stderr, "Error in read contents\n");
+            exit(1);
+        }
+
+        if((kent.magic != KV5M_KEYTAB_ENTRY) ||
+           (kent.key.magic != KV5M_KEYBLOCK)) {
+            fprintf(stderr, "Magic number in sequence not proper\n");
+            exit(1);
+        }
+
+        cnt++;
+        krb5_free_keytab_entry_contents(context, &kent);
+    }
+    if (kret != KRB5_KT_END) {
+        CHECK(kret, "getting next entry");
+    }
+
+    if(cnt != 3) {
+        fprintf(stderr, "Mismatch in number of entries in keytab");
+    }
+
+    kret = krb5_kt_end_seq_get(context, kt, &cursor);
+    CHECK(kret, "End sequence get");
+
+
+    /* ==========================   get_entry tests ============== */
+
+    /* Try to lookup unknown principal  - now that keytab exists*/
+    kret = krb5_parse_name(context, "test3/test2@TEST.MIT.EDU", &princ);
+    CHECK(kret, "parsing principal");
+
+
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
+    if((kret != KRB5_KT_NOTFOUND)) {
+        CHECK(kret, "Getting non-existant entry");
+    }
+
+    krb5_free_principal(context, princ);
+
+    /* Try to lookup known principal */
+    kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
+    CHECK(kret, "parsing principal");
+
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
+    CHECK(kret, "looking up principal");
+
+    /* Ensure a valid answer  - we did not specify an enctype or kvno */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        ((kent.vno != 1) && (kent.vno != 2)) ||
+        ((kent.key.enctype != 1) && (kent.key.enctype != 2)) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
+        exit(1);
+    }
+
+    krb5_free_keytab_entry_contents(context, &kent);
+
+    /* Try to lookup a specific enctype - but unspecified kvno - should give
+     * max kvno
+     */
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
+    CHECK(kret, "looking up principal");
+
+    /* Ensure a valid answer  - we did specified an enctype */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 2) || (kent.key.enctype != 1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
+
+        exit(1);
+
+    }
+
+    krb5_free_keytab_entry_contents(context, &kent);
+
+    /* Try to lookup unspecified enctype, but a specified kvno */
+
+    kret = krb5_kt_get_entry(context, kt, princ, 2, 0, &kent);
+    CHECK(kret, "looking up principal");
+
+    /* Ensure a valid answer  - we did not specify a kvno */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 2) || (kent.key.enctype != 1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
+
+        exit(1);
+
+    }
 
-	     if((kent.magic != KV5M_KEYTAB_ENTRY) || 
-		(kent.key.magic != KV5M_KEYBLOCK)) {
-		     fprintf(stderr, "Magic number in sequence not proper\n");
-		     exit(1);
-	     }
+    krb5_free_keytab_entry_contents(context, &kent);
 
-	     cnt++;
-	     krb5_free_keytab_entry_contents(context, &kent);
-     }
-     if (kret != KRB5_KT_END) {
-	     CHECK(kret, "getting next entry");
-     }
 
-     if(cnt != 3) {
-	     fprintf(stderr, "Mismatch in number of entries in keytab");
-     }
 
-     kret = krb5_kt_end_seq_get(context, kt, &cursor);
-     CHECK(kret, "End sequence get");
+    /* Try to lookup specified enctype and kvno */
 
+    kret = krb5_kt_get_entry(context, kt, princ, 1, 1, &kent);
+    CHECK(kret, "looking up principal");
 
-     /* ==========================   get_entry tests ============== */
-
-     /* Try to lookup unknown principal  - now that keytab exists*/
-     kret = krb5_parse_name(context, "test3/test2@TEST.MIT.EDU", &princ);
-     CHECK(kret, "parsing principal");
-
-     
-     kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
-     if((kret != KRB5_KT_NOTFOUND)) {
-	     CHECK(kret, "Getting non-existant entry");
-     }
-
-     krb5_free_principal(context, princ);
-
-     /* Try to lookup known principal */
-     kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
-     CHECK(kret, "parsing principal");
-
-     kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent);
-     CHECK(kret, "looking up principal");
-
-     /* Ensure a valid answer  - we did not specify an enctype or kvno */
-     if (!krb5_principal_compare(context, princ, kent.principal) ||
-	 ((kent.vno != 1) && (kent.vno != 2)) ||
-	 ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || 
-	 (kent.key.length != 1) ||
-	 (kent.key.contents[0] != kent.vno +'0')) {
-	     fprintf(stderr, "Retrieved principal does not check\n");
-	     exit(1);
-     }
-
-     krb5_free_keytab_entry_contents(context, &kent);
-
-     /* Try to lookup a specific enctype - but unspecified kvno - should give
-      * max kvno 
-      */
-     kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
-     CHECK(kret, "looking up principal");
-
-     /* Ensure a valid answer  - we did specified an enctype */
-     if (!krb5_principal_compare(context, princ, kent.principal) ||
-	 (kent.vno != 2) || (kent.key.enctype != 1) ||
-	 (kent.key.length != 1) ||
-	 (kent.key.contents[0] != kent.vno +'0')) {
-	     fprintf(stderr, "Retrieved principal does not check\n");
-
-	     exit(1);
-
-     }
-
-     krb5_free_keytab_entry_contents(context, &kent);
-
-     /* Try to lookup unspecified enctype, but a specified kvno */
-
-     kret = krb5_kt_get_entry(context, kt, princ, 2, 0, &kent);
-     CHECK(kret, "looking up principal");
-
-     /* Ensure a valid answer  - we did not specify a kvno */
-     if (!krb5_principal_compare(context, princ, kent.principal) ||
-	 (kent.vno != 2) || (kent.key.enctype != 1) ||
-	 (kent.key.length != 1) ||
-	 (kent.key.contents[0] != kent.vno +'0')) {
-	     fprintf(stderr, "Retrieved principal does not check\n");
-
-	     exit(1);
-
-     }
-
-     krb5_free_keytab_entry_contents(context, &kent);
-
-
-
-     /* Try to lookup specified enctype and kvno */
-
-     kret = krb5_kt_get_entry(context, kt, princ, 1, 1, &kent);
-     CHECK(kret, "looking up principal");
-
-     if (!krb5_principal_compare(context, princ, kent.principal) ||
-	 (kent.vno != 1) || (kent.key.enctype != 1) ||
-	 (kent.key.length != 1) ||
-	 (kent.key.contents[0] != kent.vno +'0')) {
-	     fprintf(stderr, "Retrieved principal does not check\n");
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 1) || (kent.key.enctype != 1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
 
-	     exit(1);
+        exit(1);
 
-     }
+    }
 
-     krb5_free_keytab_entry_contents(context, &kent);
+    krb5_free_keytab_entry_contents(context, &kent);
 
 
-     /* Try lookup with active iterators.  */
-     kret = krb5_kt_start_seq_get(context, kt, &cursor);
-     CHECK(kret, "Start sequence get(2)");
-     kret = krb5_kt_start_seq_get(context, kt, &cursor2);
-     CHECK(kret, "Start sequence get(3)");
-     kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
-     CHECK(kret, "getting next entry(2)");
-     krb5_free_keytab_entry_contents(context, &kent);
-     kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
-     CHECK(kret, "getting next entry(3)");
-     kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
-     CHECK(kret, "getting next entry(4)");
-     krb5_free_keytab_entry_contents(context, &kent2);
-     kret = krb5_kt_get_entry(context, kt, kent.principal, 0, 0, &kent2);
-     CHECK(kret, "looking up principal(2)");
-     krb5_free_keytab_entry_contents(context, &kent2);
-     kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
-     CHECK(kret, "getting next entry(5)");
-     if (!krb5_principal_compare(context, kent.principal, kent2.principal)) {
-	 fprintf(stderr, "iterators not in sync\n");
-	 exit(1);
-     }
-     krb5_free_keytab_entry_contents(context, &kent);
-     krb5_free_keytab_entry_contents(context, &kent2);
-     kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
-     CHECK(kret, "getting next entry(6)");
-     kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
-     CHECK(kret, "getting next entry(7)");
-     krb5_free_keytab_entry_contents(context, &kent);
-     krb5_free_keytab_entry_contents(context, &kent2);
-     kret = krb5_kt_end_seq_get(context, kt, &cursor);
-     CHECK(kret, "ending sequence get(1)");
-     kret = krb5_kt_end_seq_get(context, kt, &cursor2);
-     CHECK(kret, "ending sequence get(2)");
+    /* Try lookup with active iterators.  */
+    kret = krb5_kt_start_seq_get(context, kt, &cursor);
+    CHECK(kret, "Start sequence get(2)");
+    kret = krb5_kt_start_seq_get(context, kt, &cursor2);
+    CHECK(kret, "Start sequence get(3)");
+    kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
+    CHECK(kret, "getting next entry(2)");
+    krb5_free_keytab_entry_contents(context, &kent);
+    kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
+    CHECK(kret, "getting next entry(3)");
+    kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
+    CHECK(kret, "getting next entry(4)");
+    krb5_free_keytab_entry_contents(context, &kent2);
+    kret = krb5_kt_get_entry(context, kt, kent.principal, 0, 0, &kent2);
+    CHECK(kret, "looking up principal(2)");
+    krb5_free_keytab_entry_contents(context, &kent2);
+    kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
+    CHECK(kret, "getting next entry(5)");
+    if (!krb5_principal_compare(context, kent.principal, kent2.principal)) {
+        fprintf(stderr, "iterators not in sync\n");
+        exit(1);
+    }
+    krb5_free_keytab_entry_contents(context, &kent);
+    krb5_free_keytab_entry_contents(context, &kent2);
+    kret = krb5_kt_next_entry(context, kt, &kent, &cursor);
+    CHECK(kret, "getting next entry(6)");
+    kret = krb5_kt_next_entry(context, kt, &kent2, &cursor2);
+    CHECK(kret, "getting next entry(7)");
+    krb5_free_keytab_entry_contents(context, &kent);
+    krb5_free_keytab_entry_contents(context, &kent2);
+    kret = krb5_kt_end_seq_get(context, kt, &cursor);
+    CHECK(kret, "ending sequence get(1)");
+    kret = krb5_kt_end_seq_get(context, kt, &cursor2);
+    CHECK(kret, "ending sequence get(2)");
 
-     /* Try to lookup specified enctype and kvno  - that does not exist*/
+    /* Try to lookup specified enctype and kvno  - that does not exist*/
 
-     kret = krb5_kt_get_entry(context, kt, princ, 3, 1, &kent);
-     if(kret != KRB5_KT_KVNONOTFOUND) {
-	     CHECK(kret, "looking up specific principal, kvno, enctype");
-     }
+    kret = krb5_kt_get_entry(context, kt, princ, 3, 1, &kent);
+    if(kret != KRB5_KT_KVNONOTFOUND) {
+        CHECK(kret, "looking up specific principal, kvno, enctype");
+    }
 
-     krb5_free_principal(context, princ);
+    krb5_free_principal(context, princ);
 
 
-     /* =========================   krb5_kt_remove_entry =========== */
-     /* Lookup the keytab entry w/ 2 kvno - and delete version 2 - 
-	ensure gone */
-     kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
-     CHECK(kret, "parsing principal");
+    /* =========================   krb5_kt_remove_entry =========== */
+    /* Lookup the keytab entry w/ 2 kvno - and delete version 2 -
+       ensure gone */
+    kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ);
+    CHECK(kret, "parsing principal");
 
-     kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
-     CHECK(kret, "looking up principal");
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
+    CHECK(kret, "looking up principal");
 
-     /* Ensure a valid answer  - we are looking for max(kvno) and enc=1 */
-     if (!krb5_principal_compare(context, princ, kent.principal) ||
-	 (kent.vno != 2) || (kent.key.enctype != 1) ||
-	 (kent.key.length != 1) ||
-	 (kent.key.contents[0] != kent.vno +'0')) {
-	     fprintf(stderr, "Retrieved principal does not check\n");
+    /* Ensure a valid answer  - we are looking for max(kvno) and enc=1 */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 2) || (kent.key.enctype != 1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Retrieved principal does not check\n");
 
-	     exit(1);
+        exit(1);
 
-     }
+    }
 
-     /* Delete it */
-     kret = krb5_kt_remove_entry(context, kt, &kent);
-     CHECK(kret, "Removing entry");
+    /* Delete it */
+    kret = krb5_kt_remove_entry(context, kt, &kent);
+    CHECK(kret, "Removing entry");
 
-     krb5_free_keytab_entry_contents(context, &kent);
-     /* And ensure gone */
+    krb5_free_keytab_entry_contents(context, &kent);
+    /* And ensure gone */
 
-     kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
-     CHECK(kret, "looking up principal");
+    kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent);
+    CHECK(kret, "looking up principal");
 
-     /* Ensure a valid answer - kvno should now be 1 - we deleted 2 */
-     if (!krb5_principal_compare(context, princ, kent.principal) ||
-	 (kent.vno != 1) || (kent.key.enctype != 1) ||
-	 (kent.key.length != 1) ||
-	 (kent.key.contents[0] != kent.vno +'0')) {
-	     fprintf(stderr, "Delete principal check failed\n");
-
-	     exit(1);
-
-     }
-     krb5_free_keytab_entry_contents(context, &kent);
-
-     krb5_free_principal(context, princ);
-     
-     /* =======================  Finally close =======================  */
-
-     kret = krb5_kt_close(context, kt);
-     CHECK(kret, "close");
+    /* Ensure a valid answer - kvno should now be 1 - we deleted 2 */
+    if (!krb5_principal_compare(context, princ, kent.principal) ||
+        (kent.vno != 1) || (kent.key.enctype != 1) ||
+        (kent.key.length != 1) ||
+        (kent.key.contents[0] != kent.vno +'0')) {
+        fprintf(stderr, "Delete principal check failed\n");
+
+        exit(1);
+
+    }
+    krb5_free_keytab_entry_contents(context, &kent);
+
+    krb5_free_principal(context, princ);
+
+    /* =======================  Finally close =======================  */
+
+    kret = krb5_kt_close(context, kt);
+    CHECK(kret, "close");
 
 }
 
-static void do_test(krb5_context context, const char *prefix, 
-		    krb5_boolean delete)
+static void do_test(krb5_context context, const char *prefix,
+                    krb5_boolean delete)
 {
-  char *name, *filename;
-
-  if (asprintf(&filename, "/tmp/kttest.%ld", (long) getpid()) < 0) {
-      perror("asprintf");
-      exit(1);
-  }
-  if (asprintf(&name, "%s%s", prefix, filename) < 0) {
-      perror("asprintf");
-      exit(1);
-  }
-  printf("Starting test on %s\n", name);
-  kt_test(context, name);
-  printf("Test on %s passed\n", name);
-  if(delete)
-	  unlink(filename);
-  free(filename);
-  free(name);
+    char *name, *filename;
+
+    if (asprintf(&filename, "/tmp/kttest.%ld", (long) getpid()) < 0) {
+        perror("asprintf");
+        exit(1);
+    }
+    if (asprintf(&name, "%s%s", prefix, filename) < 0) {
+        perror("asprintf");
+        exit(1);
+    }
+    printf("Starting test on %s\n", name);
+    kt_test(context, name);
+    printf("Test on %s passed\n", name);
+    if(delete)
+        unlink(filename);
+    free(filename);
+    free(name);
 
 }
 
-int 
+int
 main (void)
 {
-	krb5_context context;
-	krb5_error_code	kret;
+    krb5_context context;
+    krb5_error_code kret;
 
 
-	if ((kret = krb5_init_context(&context))) {
-		printf("Couldn't initialize krb5 library: %s\n",
-		       error_message(kret));
-		exit(1);
-	}
+    if ((kret = krb5_init_context(&context))) {
+        printf("Couldn't initialize krb5 library: %s\n",
+               error_message(kret));
+        exit(1);
+    }
 
-	/* All keytab types are registered by default -- test for 
-	   redundant error */
-	kret = krb5_kt_register(context, &krb5_ktf_writable_ops);
-	if(kret && kret != KRB5_KT_TYPE_EXISTS) {
-		CHECK(kret, "register ktf_writable");
-	}
+    /* All keytab types are registered by default -- test for
+       redundant error */
+    kret = krb5_kt_register(context, &krb5_ktf_writable_ops);
+    if(kret && kret != KRB5_KT_TYPE_EXISTS) {
+        CHECK(kret, "register ktf_writable");
+    }
 
-	test_misc(context);
-	do_test(context, "WRFILE:", FALSE);
-	do_test(context, "MEMORY:", TRUE);
+    test_misc(context);
+    do_test(context, "WRFILE:", FALSE);
+    do_test(context, "MEMORY:", TRUE);
 
-	krb5_free_context(context);
-	return 0;
+    krb5_free_context(context);
+    return 0;
 
 }
 
@@ -457,9 +458,9 @@ main (void)
 /* remove and add are functions, so that they can return NOWRITE
    if not a writable keytab */
 krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry
-	(krb5_context,
-		krb5_keytab,
-		krb5_keytab_entry * );
+(krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry * );
 
 
 
diff --git a/src/lib/krb5/krb/addr_comp.c b/src/lib/krb5/krb/addr_comp.c
index 16ab03bbf..194fc2bb6 100644
--- a/src/lib/krb5/krb/addr_comp.c
+++ b/src/lib/krb5/krb/addr_comp.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/addr_comp.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_address_compare()
  */
@@ -36,13 +37,13 @@ krb5_boolean KRB5_CALLCONV
 krb5_address_compare(krb5_context context, const krb5_address *addr1, const krb5_address *addr2)
 {
     if (addr1->addrtype != addr2->addrtype)
-	return(FALSE);
+        return(FALSE);
 
     if (addr1->length != addr2->length)
-	return(FALSE);
+        return(FALSE);
     if (memcmp((char *)addr1->contents, (char *)addr2->contents,
-	       addr1->length))
-	return FALSE;
+               addr1->length))
+        return FALSE;
     else
-	return TRUE;
+        return TRUE;
 }
diff --git a/src/lib/krb5/krb/addr_order.c b/src/lib/krb5/krb/addr_order.c
index 2f01e1fbc..b742d01ec 100644
--- a/src/lib/krb5/krb/addr_order.c
+++ b/src/lib/krb5/krb/addr_order.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/addr_order.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_address_order()
  */
@@ -45,18 +46,18 @@ krb5_address_order(krb5_context context, const krb5_address *addr1, const krb5_a
     const int minlen = min(addr1->length, addr2->length);
 
     if (addr1->addrtype != addr2->addrtype)
-	return(FALSE);
+        return(FALSE);
 
     dir = addr1->length - addr2->length;
 
-    
+
     for (i = 0; i < minlen; i++) {
-	if ((unsigned char) addr1->contents[i] <
-	    (unsigned char) addr2->contents[i])
-	    return -1;
-	else if ((unsigned char) addr1->contents[i] >
-		 (unsigned char) addr2->contents[i])
-	    return 1;
+        if ((unsigned char) addr1->contents[i] <
+            (unsigned char) addr2->contents[i])
+            return -1;
+        else if ((unsigned char) addr1->contents[i] >
+                 (unsigned char) addr2->contents[i])
+            return 1;
     }
     /* compared equal so far...which is longer? */
     return dir;
diff --git a/src/lib/krb5/krb/addr_srch.c b/src/lib/krb5/krb/addr_srch.c
index 11a3ce0bb..7a6030490 100644
--- a/src/lib/krb5/krb/addr_srch.c
+++ b/src/lib/krb5/krb/addr_srch.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/addr_srch.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_address_search()
  */
@@ -35,10 +36,10 @@ address_count(krb5_address *const *addrlist)
     unsigned int i;
 
     if (addrlist == NULL)
-	return 0;
+        return 0;
 
     for (i = 0; addrlist[i]; i++)
-	;
+        ;
 
     return i;
 }
@@ -57,12 +58,12 @@ krb5_address_search(krb5_context context, const krb5_address *addr, krb5_address
      */
     if (address_count(addrlist) == 1 &&
         addrlist[0]->addrtype == ADDRTYPE_NETBIOS)
-	return TRUE;
+        return TRUE;
     if (!addrlist)
-	return TRUE;
+        return TRUE;
     for (; *addrlist; addrlist++) {
-	if (krb5_address_compare(context, addr, *addrlist))
-	    return TRUE;
+        if (krb5_address_compare(context, addr, *addrlist))
+            return TRUE;
     }
     return FALSE;
 }
diff --git a/src/lib/krb5/krb/appdefault.c b/src/lib/krb5/krb/appdefault.c
index 94788899b..6fa8cd365 100644
--- a/src/lib/krb5/krb/appdefault.c
+++ b/src/lib/krb5/krb/appdefault.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appdefault - routines designed to be called from applications to
- *		 handle the [appdefaults] profile section
+ *               handle the [appdefaults] profile section
  */
 
 #include <stdio.h>
@@ -9,158 +10,158 @@
 
 
 
- /*xxx Duplicating this is annoying; try to work on a better way.*/
+/*xxx Duplicating this is annoying; try to work on a better way.*/
 static const char *const conf_yes[] = {
-	"y", "yes", "true", "t", "1", "on",
-	0,
+    "y", "yes", "true", "t", "1", "on",
+    0,
 };
 
 static const char *const conf_no[] = {
-	"n", "no", "false", "nil", "0", "off",
-	0,
+    "n", "no", "false", "nil", "0", "off",
+    0,
 };
 
 static int conf_boolean(char *s)
 {
-	const char * const *p;
-	for(p=conf_yes; *p; p++) {
-		if (!strcasecmp(*p,s))
-			return 1;
-	}
-	for(p=conf_no; *p; p++) {
-		if (!strcasecmp(*p,s))
-		return 0;
-	}
-	/* Default to "no" */
-	return 0;
+    const char * const *p;
+    for(p=conf_yes; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 1;
+    }
+    for(p=conf_no; *p; p++) {
+        if (!strcasecmp(*p,s))
+            return 0;
+    }
+    /* Default to "no" */
+    return 0;
 }
 
 static krb5_error_code appdefault_get(krb5_context context, const char *appname, const krb5_data *realm, const char *option, char **ret_value)
 {
-        profile_t profile;
-        const char *names[5];
-	char **nameval = NULL;
-	krb5_error_code retval;
-	const char * realmstr =  realm?realm->data:NULL;
-
-	    if (!context || (context->magic != KV5M_CONTEXT)) 
-	    return KV5M_CONTEXT;
-
-	    profile = context->profile;
-	    
-	/*
-	 * Try number one:
-	 *
-	 * [appdefaults]
-	 *	app = {
-	 *		SOME.REALM = {
-	 *			option = <boolean>
-	 *		}
-	 *	}
-	 */
-
-	names[0] = "appdefaults";
-	names[1] = appname;
-
-	if (realmstr) {
-		names[2] = realmstr;
-		names[3] = option;
-		names[4] = 0;
-		retval = profile_get_values(profile, names, &nameval);
-		if (retval == 0 && nameval && nameval[0]) {
-			*ret_value = strdup(nameval[0]);
-			goto goodbye;
-		}
-	}
-
-	/*
-	 * Try number two:
-	 *
-	 * [appdefaults]
-	 *	app = {
-	 *		option = <boolean>
-	 *      }
-	 */
-
-	names[2] = option;
-	names[3] = 0;
-	retval = profile_get_values(profile, names, &nameval);
-	if (retval == 0 && nameval && nameval[0]) {
-		*ret_value = strdup(nameval[0]);
-		goto goodbye;
-	}
-
-	/*
-	 * Try number three:
-	 *
-	 * [appdefaults]
-	 *	realm = {
-	 *		option = <boolean>
-	 */
-	
-	if (realmstr) {
-		names[1] = realmstr;
-		names[2] = option;
-		names[3] = 0;
-		retval = profile_get_values(profile, names, &nameval);
-		if (retval == 0 && nameval && nameval[0]) {
-			*ret_value = strdup(nameval[0]);
-			goto goodbye;
-		}
-	}
-
-	/*
-	 * Try number four:
-	 *
-	 * [appdefaults]
-	 *	option = <boolean>
-	 */
-
-	names[1] = option;
-	names[2] = 0;
-	retval = profile_get_values(profile, names, &nameval);
-	if (retval == 0 && nameval && nameval[0]) {
-		*ret_value = strdup(nameval[0]);
-	} else {
-		return retval;
-	}
+    profile_t profile;
+    const char *names[5];
+    char **nameval = NULL;
+    krb5_error_code retval;
+    const char * realmstr =  realm?realm->data:NULL;
+
+    if (!context || (context->magic != KV5M_CONTEXT))
+        return KV5M_CONTEXT;
+
+    profile = context->profile;
+
+    /*
+     * Try number one:
+     *
+     * [appdefaults]
+     *      app = {
+     *              SOME.REALM = {
+     *                      option = <boolean>
+     *              }
+     *      }
+     */
+
+    names[0] = "appdefaults";
+    names[1] = appname;
+
+    if (realmstr) {
+        names[2] = realmstr;
+        names[3] = option;
+        names[4] = 0;
+        retval = profile_get_values(profile, names, &nameval);
+        if (retval == 0 && nameval && nameval[0]) {
+            *ret_value = strdup(nameval[0]);
+            goto goodbye;
+        }
+    }
+
+    /*
+     * Try number two:
+     *
+     * [appdefaults]
+     *      app = {
+     *              option = <boolean>
+     *      }
+     */
+
+    names[2] = option;
+    names[3] = 0;
+    retval = profile_get_values(profile, names, &nameval);
+    if (retval == 0 && nameval && nameval[0]) {
+        *ret_value = strdup(nameval[0]);
+        goto goodbye;
+    }
+
+    /*
+     * Try number three:
+     *
+     * [appdefaults]
+     *      realm = {
+     *              option = <boolean>
+     */
+
+    if (realmstr) {
+        names[1] = realmstr;
+        names[2] = option;
+        names[3] = 0;
+        retval = profile_get_values(profile, names, &nameval);
+        if (retval == 0 && nameval && nameval[0]) {
+            *ret_value = strdup(nameval[0]);
+            goto goodbye;
+        }
+    }
+
+    /*
+     * Try number four:
+     *
+     * [appdefaults]
+     *      option = <boolean>
+     */
+
+    names[1] = option;
+    names[2] = 0;
+    retval = profile_get_values(profile, names, &nameval);
+    if (retval == 0 && nameval && nameval[0]) {
+        *ret_value = strdup(nameval[0]);
+    } else {
+        return retval;
+    }
 
 goodbye:
-	if (nameval) {
-		char **cpp;
-		for (cpp = nameval; *cpp; cpp++)
-			free(*cpp);
-		free(nameval);
-	}
-	return 0;
+    if (nameval) {
+        char **cpp;
+        for (cpp = nameval; *cpp; cpp++)
+            free(*cpp);
+        free(nameval);
+    }
+    return 0;
 }
 
-void KRB5_CALLCONV 
+void KRB5_CALLCONV
 krb5_appdefault_boolean(krb5_context context, const char *appname, const krb5_data *realm, const char *option, int default_value, int *ret_value)
 {
-	char *string = NULL;
-	krb5_error_code retval;
+    char *string = NULL;
+    krb5_error_code retval;
 
-	retval = appdefault_get(context, appname, realm, option, &string);
+    retval = appdefault_get(context, appname, realm, option, &string);
 
-	if (! retval && string) {
-		*ret_value = conf_boolean(string);
-		free(string);
-	} else
-		*ret_value = default_value;
+    if (! retval && string) {
+        *ret_value = conf_boolean(string);
+        free(string);
+    } else
+        *ret_value = default_value;
 }
 
-void KRB5_CALLCONV 
+void KRB5_CALLCONV
 krb5_appdefault_string(krb5_context context, const char *appname, const krb5_data *realm, const char *option, const char *default_value, char **ret_value)
 {
-	krb5_error_code retval;
-	char *string;
+    krb5_error_code retval;
+    char *string;
 
-	retval = appdefault_get(context, appname, realm, option, &string);
+    retval = appdefault_get(context, appname, realm, option, &string);
 
-	if (! retval && string) {
-		*ret_value = string;
-	} else {
-		*ret_value = strdup(default_value);
-	}
+    if (! retval && string) {
+        *ret_value = string;
+    } else {
+        *ret_value = strdup(default_value);
+    }
 }
diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c
index ee31fb82b..e6bbac15a 100644
--- a/src/lib/krb5/krb/auth_con.c
+++ b/src/lib/krb5/krb/auth_con.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include "auth_con.h"
 
@@ -9,11 +10,11 @@ actx_copy_addr(krb5_context context, const krb5_address *inad, krb5_address **ou
     krb5_address *tmpad;
 
     if (!(tmpad = (krb5_address *)malloc(sizeof(*tmpad))))
-	return ENOMEM;
+        return ENOMEM;
     *tmpad = *inad;
     if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) {
-	free(tmpad);
-	return ENOMEM;
+        free(tmpad);
+        return ENOMEM;
     }
     memcpy(tmpad->contents, inad->contents, inad->length);
     *outad = tmpad;
@@ -24,13 +25,13 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context)
 {
     *auth_context =
-	(krb5_auth_context)calloc(1, sizeof(struct _krb5_auth_context));
+        (krb5_auth_context)calloc(1, sizeof(struct _krb5_auth_context));
     if (!*auth_context)
-	return ENOMEM;
+        return ENOMEM;
 
     /* Default flags, do time not seq */
-    (*auth_context)->auth_context_flags = 
-	    KRB5_AUTH_CONTEXT_DO_TIME |  KRB5_AUTH_CONN_INITIALIZED;
+    (*auth_context)->auth_context_flags =
+        KRB5_AUTH_CONTEXT_DO_TIME |  KRB5_AUTH_CONN_INITIALIZED;
 
     (*auth_context)->req_cksumtype = context->default_ap_req_sumtype;
     (*auth_context)->safe_cksumtype = context->default_safe_sumtype;
@@ -45,29 +46,29 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context)
 {
     if (auth_context == NULL)
-	return 0;
-    if (auth_context->local_addr) 
-	krb5_free_address(context, auth_context->local_addr);
-    if (auth_context->remote_addr) 
-	krb5_free_address(context, auth_context->remote_addr);
-    if (auth_context->local_port) 
-	krb5_free_address(context, auth_context->local_port);
-    if (auth_context->remote_port) 
-	krb5_free_address(context, auth_context->remote_port);
-    if (auth_context->authentp) 
-	krb5_free_authenticator(context, auth_context->authentp);
+        return 0;
+    if (auth_context->local_addr)
+        krb5_free_address(context, auth_context->local_addr);
+    if (auth_context->remote_addr)
+        krb5_free_address(context, auth_context->remote_addr);
+    if (auth_context->local_port)
+        krb5_free_address(context, auth_context->local_port);
+    if (auth_context->remote_port)
+        krb5_free_address(context, auth_context->remote_port);
+    if (auth_context->authentp)
+        krb5_free_authenticator(context, auth_context->authentp);
     if (auth_context->key)
-	krb5_k_free_key(context, auth_context->key);
-    if (auth_context->send_subkey) 
-	krb5_k_free_key(context, auth_context->send_subkey);
-    if (auth_context->recv_subkey) 
-	krb5_k_free_key(context, auth_context->recv_subkey);
+        krb5_k_free_key(context, auth_context->key);
+    if (auth_context->send_subkey)
+        krb5_k_free_key(context, auth_context->send_subkey);
+    if (auth_context->recv_subkey)
+        krb5_k_free_key(context, auth_context->recv_subkey);
     if (auth_context->rcache)
-	krb5_rc_close(context, auth_context->rcache);
+        krb5_rc_close(context, auth_context->rcache);
     if (auth_context->permitted_etypes)
-	free(auth_context->permitted_etypes);
+        free(auth_context->permitted_etypes);
     if (auth_context->ad_context)
-	krb5_authdata_context_free(context, auth_context->ad_context);
+        krb5_authdata_context_free(context, auth_context->ad_context);
     free(auth_context);
     return 0;
 }
@@ -75,28 +76,28 @@ krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context)
 krb5_error_code
 krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, krb5_address *remote_addr)
 {
-    krb5_error_code	retval;
+    krb5_error_code     retval;
 
     /* Free old addresses */
     if (auth_context->local_addr)
-	(void) krb5_free_address(context, auth_context->local_addr);
+        (void) krb5_free_address(context, auth_context->local_addr);
     if (auth_context->remote_addr)
-	(void) krb5_free_address(context, auth_context->remote_addr);
+        (void) krb5_free_address(context, auth_context->remote_addr);
 
     retval = 0;
     if (local_addr)
-	retval = actx_copy_addr(context,
-				local_addr,
-				&auth_context->local_addr);
+        retval = actx_copy_addr(context,
+                                local_addr,
+                                &auth_context->local_addr);
     else
-	auth_context->local_addr = NULL;
+        auth_context->local_addr = NULL;
 
     if (!retval && remote_addr)
-	retval = actx_copy_addr(context,
-				remote_addr,
-				&auth_context->remote_addr);
+        retval = actx_copy_addr(context,
+                                remote_addr,
+                                &auth_context->remote_addr);
     else
-	auth_context->remote_addr = NULL;
+        auth_context->remote_addr = NULL;
 
     return retval;
 }
@@ -104,18 +105,18 @@ krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, krb5_address **remote_addr)
 {
-    krb5_error_code	retval;
+    krb5_error_code     retval;
 
     retval = 0;
     if (local_addr && auth_context->local_addr) {
-	retval = actx_copy_addr(context,
-				auth_context->local_addr,
-				local_addr);
+        retval = actx_copy_addr(context,
+                                auth_context->local_addr,
+                                local_addr);
     }
     if (!retval && (remote_addr) && auth_context->remote_addr) {
-	retval = actx_copy_addr(context,
-				auth_context->remote_addr,
-				remote_addr);
+        retval = actx_copy_addr(context,
+                                auth_context->remote_addr,
+                                remote_addr);
     }
     return retval;
 }
@@ -123,28 +124,28 @@ krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address *local_port, krb5_address *remote_port)
 {
-    krb5_error_code	retval;
+    krb5_error_code     retval;
 
     /* Free old addresses */
     if (auth_context->local_port)
-	(void) krb5_free_address(context, auth_context->local_port);
+        (void) krb5_free_address(context, auth_context->local_port);
     if (auth_context->remote_port)
-	(void) krb5_free_address(context, auth_context->remote_port);
+        (void) krb5_free_address(context, auth_context->remote_port);
 
     retval = 0;
     if (local_port)
-	retval = actx_copy_addr(context,
-				local_port,
-				&auth_context->local_port);
+        retval = actx_copy_addr(context,
+                                local_port,
+                                &auth_context->local_port);
     else
-	auth_context->local_port = NULL;
+        auth_context->local_port = NULL;
 
     if (!retval && remote_port)
-	retval = actx_copy_addr(context,
-				remote_port,
-				&auth_context->remote_port);
+        retval = actx_copy_addr(context,
+                                remote_port,
+                                &auth_context->remote_port);
     else
-	auth_context->remote_port = NULL;
+        auth_context->remote_port = NULL;
 
     return retval;
 }
@@ -161,7 +162,7 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock)
 {
     if (auth_context->key)
-	krb5_k_free_key(context, auth_context->key);
+        krb5_k_free_key(context, auth_context->key);
     return(krb5_k_create_key(context, keyblock, &(auth_context->key)));
 }
 
@@ -169,7 +170,7 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
 {
     if (auth_context->key)
-    	return krb5_k_key_keyblock(context, auth_context->key, keyblock);
+        return krb5_k_key_keyblock(context, auth_context->key, keyblock);
     *keyblock = NULL;
     return 0;
 }
@@ -190,31 +191,31 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
 {
     if (ac->send_subkey != NULL)
-	krb5_k_free_key(ctx, ac->send_subkey);
+        krb5_k_free_key(ctx, ac->send_subkey);
     ac->send_subkey = NULL;
     if (keyblock !=NULL)
-	return krb5_k_create_key(ctx, keyblock, &ac->send_subkey);
+        return krb5_k_create_key(ctx, keyblock, &ac->send_subkey);
     else
-	return 0;
+        return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)
 {
     if (ac->recv_subkey != NULL)
-	krb5_k_free_key(ctx, ac->recv_subkey);
+        krb5_k_free_key(ctx, ac->recv_subkey);
     ac->recv_subkey = NULL;
     if (keyblock != NULL)
-	return krb5_k_create_key(ctx, keyblock, &ac->recv_subkey);
+        return krb5_k_create_key(ctx, keyblock, &ac->recv_subkey);
     else
-	return 0;
+        return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
 {
     if (ac->send_subkey != NULL)
-	return krb5_k_key_keyblock(ctx, ac->send_subkey, keyblock);
+        return krb5_k_key_keyblock(ctx, ac->send_subkey, keyblock);
     *keyblock = NULL;
     return 0;
 }
@@ -223,7 +224,7 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
 {
     if (ac->recv_subkey != NULL)
-	return krb5_k_key_keyblock(ctx, ac->recv_subkey, keyblock);
+        return krb5_k_key_keyblock(ctx, ac->recv_subkey, keyblock);
     *keyblock = NULL;
     return 0;
 }
@@ -253,7 +254,7 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator **authenticator)
 {
     return (krb5_copy_authenticator(context, auth_context->authentp,
-				    authenticator));
+                                    authenticator));
 }
 #endif
 
@@ -271,15 +272,15 @@ krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context)
     krb5_enctype enctype;
 
     if (auth_context->key) {
-	size_t blocksize;
-
-	enctype = krb5_k_key_enctype(context, auth_context->key);
-	if ((ret = krb5_c_block_size(context, enctype, &blocksize)))
-	    return(ret);
-	if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) {
-	    return 0;
-	}
-	return ENOMEM;
+        size_t blocksize;
+
+        enctype = krb5_k_key_enctype(context, auth_context->key);
+        if ((ret = krb5_c_block_size(context, enctype, &blocksize)))
+            return(ret);
+        if ((auth_context->i_vector = (krb5_pointer)calloc(1,blocksize))) {
+            return 0;
+        }
+        return ENOMEM;
     }
     return EINVAL; /* XXX need an error for no keyblock */
 }
@@ -318,30 +319,30 @@ krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, kr
     auth_context->rcache = rcache;
     return 0;
 }
-    
+
 krb5_error_code
 krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache *rcache)
 {
     *rcache = auth_context->rcache;
     return 0;
 }
-    
+
 krb5_error_code
 krb5_auth_con_setpermetypes(krb5_context context, krb5_auth_context auth_context, const krb5_enctype *permetypes)
 {
-    krb5_enctype	* newpe;
+    krb5_enctype        * newpe;
     int i;
 
     for (i=0; permetypes[i]; i++)
-	;
+        ;
     i++; /* include the zero */
 
     if ((newpe = (krb5_enctype *) malloc(i*sizeof(krb5_enctype)))
-	== NULL)
-	return(ENOMEM);
+        == NULL)
+        return(ENOMEM);
 
     if (auth_context->permitted_etypes)
-	free(auth_context->permitted_etypes);
+        free(auth_context->permitted_etypes);
 
     auth_context->permitted_etypes = newpe;
 
@@ -353,21 +354,21 @@ krb5_auth_con_setpermetypes(krb5_context context, krb5_auth_context auth_context
 krb5_error_code
 krb5_auth_con_getpermetypes(krb5_context context, krb5_auth_context auth_context, krb5_enctype **permetypes)
 {
-    krb5_enctype	* newpe;
+    krb5_enctype        * newpe;
     int i;
 
     if (! auth_context->permitted_etypes) {
-	*permetypes = NULL;
-	return(0);
+        *permetypes = NULL;
+        return(0);
     }
 
     for (i=0; auth_context->permitted_etypes[i]; i++)
-	;
+        ;
     i++; /* include the zero */
 
     if ((newpe = (krb5_enctype *) malloc(i*sizeof(krb5_enctype)))
-	== NULL)
-	return(ENOMEM);
+        == NULL)
+        return(ENOMEM);
 
     *permetypes = newpe;
 
@@ -378,24 +379,24 @@ krb5_auth_con_getpermetypes(krb5_context context, krb5_auth_context auth_context
 
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_set_checksum_func( krb5_context context,
-				 krb5_auth_context  auth_context,
-				 krb5_mk_req_checksum_func func,
-				 void *data)
+                                 krb5_auth_context  auth_context,
+                                 krb5_mk_req_checksum_func func,
+                                 void *data)
 {
-  auth_context->checksum_func = func;
-  auth_context->checksum_func_data = data;
-  return 0;
+    auth_context->checksum_func = func;
+    auth_context->checksum_func_data = data;
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_get_checksum_func( krb5_context context,
-				 krb5_auth_context auth_context,
-				 krb5_mk_req_checksum_func *func,
-				 void **data)
+                                 krb5_auth_context auth_context,
+                                 krb5_mk_req_checksum_func *func,
+                                 void **data)
 {
-  *func = auth_context->checksum_func;
-  *data = auth_context->checksum_func_data;
-  return 0;
+    *func = auth_context->checksum_func;
+    *data = auth_context->checksum_func_data;
+    return 0;
 }
 
 /*
@@ -425,16 +426,16 @@ krb5_auth_con_get_checksum_func( krb5_context context,
  * compatibility with our older implementations.  This also means that
  * encodings emitted by Heimdal are ambiguous.
  *
- * Heimdal counter value	received uint32 value
+ * Heimdal counter value        received uint32 value
  *
- * 0x00000080			0xFFFFFF80
- * 0x000000FF			0xFFFFFFFF
- * 0x00008000			0xFFFF8000
- * 0x0000FFFF			0xFFFFFFFF
- * 0x00800000			0xFF800000
- * 0x00FFFFFF			0xFFFFFFFF
- * 0xFF800000			0xFF800000
- * 0xFFFFFFFF			0xFFFFFFFF
+ * 0x00000080                   0xFFFFFF80
+ * 0x000000FF                   0xFFFFFFFF
+ * 0x00008000                   0xFFFF8000
+ * 0x0000FFFF                   0xFFFFFFFF
+ * 0x00800000                   0xFF800000
+ * 0x00FFFFFF                   0xFFFFFFFF
+ * 0xFF800000                   0xFF800000
+ * 0xFFFFFFFF                   0xFFFFFFFF
  *
  * We use two auth_context flags, SANE_SEQ and HEIMDAL_SEQ, which are
  * only set after we can unambiguously determine the sanity of the
@@ -474,38 +475,38 @@ krb5int_auth_con_chkseqnum(
      * If sender is known to be sane, accept _only_ exact matches.
      */
     if (ac->auth_context_flags & KRB5_AUTH_CONN_SANE_SEQ)
-	return in_seq == exp_seq;
+        return in_seq == exp_seq;
 
     /*
      * If sender is not known to be sane, first check the ambiguous
      * range of received values, 0xFF800000..0xFFFFFFFF.
      */
     if ((in_seq & 0xFF800000) == 0xFF800000) {
-	/*
-	 * If expected sequence number is in the range
-	 * 0xFF800000..0xFFFFFFFF, then we can't make any
-	 * determinations about the sanity of the sending
-	 * implementation.
-	 */
-	if ((exp_seq & 0xFF800000) == 0xFF800000 && in_seq == exp_seq)
-	    return 1;
-	/*
-	 * If sender is not known for certain to be a broken Heimdal
-	 * implementation, check for exact match.
-	 */
-	if (!(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)
-	    && in_seq == exp_seq)
-	    return 1;
-	/*
-	 * Now apply hairy algorithm for matching sequence numbers
-	 * sent by broken Heimdal implementations.  If it matches, we
-	 * know for certain it's a broken Heimdal sender.
-	 */
-	if (chk_heimdal_seqnum(exp_seq, in_seq)) {
-	    ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
-	    return 1;
-	}
-	return 0;
+        /*
+         * If expected sequence number is in the range
+         * 0xFF800000..0xFFFFFFFF, then we can't make any
+         * determinations about the sanity of the sending
+         * implementation.
+         */
+        if ((exp_seq & 0xFF800000) == 0xFF800000 && in_seq == exp_seq)
+            return 1;
+        /*
+         * If sender is not known for certain to be a broken Heimdal
+         * implementation, check for exact match.
+         */
+        if (!(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)
+            && in_seq == exp_seq)
+            return 1;
+        /*
+         * Now apply hairy algorithm for matching sequence numbers
+         * sent by broken Heimdal implementations.  If it matches, we
+         * know for certain it's a broken Heimdal sender.
+         */
+        if (chk_heimdal_seqnum(exp_seq, in_seq)) {
+            ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
+            return 1;
+        }
+        return 0;
     }
 
     /*
@@ -514,11 +515,11 @@ krb5int_auth_con_chkseqnum(
      * it matches the received value, sender is known to be sane.
      */
     if (in_seq == exp_seq) {
-	if ((   exp_seq & 0xFFFFFF80) == 0x00000080
-	    || (exp_seq & 0xFFFF8000) == 0x00008000
-	    || (exp_seq & 0xFF800000) == 0x00800000)
-	    ac->auth_context_flags |= KRB5_AUTH_CONN_SANE_SEQ;
-	return 1;
+        if ((   exp_seq & 0xFFFFFF80) == 0x00000080
+            || (exp_seq & 0xFFFF8000) == 0x00008000
+            || (exp_seq & 0xFF800000) == 0x00800000)
+            ac->auth_context_flags |= KRB5_AUTH_CONN_SANE_SEQ;
+        return 1;
     }
 
     /*
@@ -528,17 +529,17 @@ krb5int_auth_con_chkseqnum(
      * and mark the sender as being a broken Heimdal implementation.
      */
     if (exp_seq == 0
-	&& !(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)) {
-	switch (in_seq) {
-	case 0x100:
-	case 0x10000:
-	case 0x1000000:
-	    ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
-	    exp_seq = in_seq;
-	    return 1;
-	default:
-	    return 0;
-	}
+        && !(ac->auth_context_flags & KRB5_AUTH_CONN_HEIMDAL_SEQ)) {
+        switch (in_seq) {
+        case 0x100:
+        case 0x10000:
+        case 0x1000000:
+            ac->auth_context_flags |= KRB5_AUTH_CONN_HEIMDAL_SEQ;
+            exp_seq = in_seq;
+            return 1;
+        default:
+            return 0;
+        }
     }
     return 0;
 }
@@ -547,25 +548,25 @@ static krb5_boolean
 chk_heimdal_seqnum(krb5_ui_4 exp_seq, krb5_ui_4 in_seq)
 {
     if (( exp_seq & 0xFF800000) == 0x00800000
-	&& (in_seq & 0xFF800000) == 0xFF800000
-	&& (in_seq & 0x00FFFFFF) == exp_seq)
-	return 1;
+        && (in_seq & 0xFF800000) == 0xFF800000
+        && (in_seq & 0x00FFFFFF) == exp_seq)
+        return 1;
     else if ((  exp_seq & 0xFFFF8000) == 0x00008000
-	     && (in_seq & 0xFFFF8000) == 0xFFFF8000
-	     && (in_seq & 0x0000FFFF) == exp_seq)
-	return 1;
+             && (in_seq & 0xFFFF8000) == 0xFFFF8000
+             && (in_seq & 0x0000FFFF) == exp_seq)
+        return 1;
     else if ((  exp_seq & 0xFFFFFF80) == 0x00000080
-	     && (in_seq & 0xFFFFFF80) == 0xFFFFFF80
-	     && (in_seq & 0x000000FF) == exp_seq)
-	return 1;
+             && (in_seq & 0xFFFFFF80) == 0xFFFFFF80
+             && (in_seq & 0x000000FF) == exp_seq)
+        return 1;
     else
-	return 0;
+        return 0;
 }
 
 krb5_error_code
 krb5_auth_con_get_subkey_enctype(krb5_context context,
-				 krb5_auth_context auth_context,
-				 krb5_enctype *etype)
+                                 krb5_auth_context auth_context,
+                                 krb5_enctype *etype)
 {
     *etype = auth_context->negotiated_etype;
     return 0;
@@ -573,8 +574,8 @@ krb5_auth_con_get_subkey_enctype(krb5_context context,
 
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_get_authdata_context(krb5_context context,
-				   krb5_auth_context auth_context,
-				   krb5_authdata_context *ad_context)
+                                   krb5_auth_context auth_context,
+                                   krb5_authdata_context *ad_context)
 {
     *ad_context = auth_context->ad_context;
     return 0;
@@ -582,10 +583,9 @@ krb5_auth_con_get_authdata_context(krb5_context context,
 
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_set_authdata_context(krb5_context context,
-				   krb5_auth_context auth_context,
-				   krb5_authdata_context ad_context)
+                                   krb5_auth_context auth_context,
+                                   krb5_authdata_context ad_context)
 {
     auth_context->ad_context = ad_context;
     return 0;
 }
-
diff --git a/src/lib/krb5/krb/auth_con.h b/src/lib/krb5/krb/auth_con.h
index 684eb4e40..94d2c51a2 100644
--- a/src/lib/krb5/krb/auth_con.h
+++ b/src/lib/krb5/krb/auth_con.h
@@ -1,38 +1,39 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef KRB5_AUTH_CONTEXT
 #define KRB5_AUTH_CONTEXT
 
 struct _krb5_auth_context {
-    krb5_magic		magic;
-    krb5_address      *	remote_addr;
-    krb5_address      *	remote_port;
-    krb5_address      *	local_addr;
-    krb5_address      *	local_port;
+    krb5_magic          magic;
+    krb5_address      * remote_addr;
+    krb5_address      * remote_port;
+    krb5_address      * local_addr;
+    krb5_address      * local_port;
     krb5_key            key;
     krb5_key            send_subkey;
     krb5_key            recv_subkey;
 
-    krb5_int32		auth_context_flags;
-    krb5_ui_4		remote_seq_number;
-    krb5_ui_4		local_seq_number;
-    krb5_authenticator *authentp;		/* mk_req, rd_req, mk_rep, ...*/
-    krb5_cksumtype	req_cksumtype;		/* mk_safe, ... */
-    krb5_cksumtype	safe_cksumtype;		/* mk_safe, ... */
-    krb5_pointer	i_vector;		/* mk_priv, rd_priv only */
-    krb5_rcache		rcache;
-    krb5_enctype      * permitted_etypes;	/* rd_req */
+    krb5_int32          auth_context_flags;
+    krb5_ui_4           remote_seq_number;
+    krb5_ui_4           local_seq_number;
+    krb5_authenticator *authentp;               /* mk_req, rd_req, mk_rep, ...*/
+    krb5_cksumtype      req_cksumtype;          /* mk_safe, ... */
+    krb5_cksumtype      safe_cksumtype;         /* mk_safe, ... */
+    krb5_pointer        i_vector;               /* mk_priv, rd_priv only */
+    krb5_rcache         rcache;
+    krb5_enctype      * permitted_etypes;       /* rd_req */
     krb5_mk_req_checksum_func checksum_func;
     void *checksum_func_data;
-    krb5_enctype	negotiated_etype;
+    krb5_enctype        negotiated_etype;
     krb5_authdata_context   ad_context;
 };
 
 
 /* Internal auth_context_flags */
-#define KRB5_AUTH_CONN_INITIALIZED	0x00010000
-#define KRB5_AUTH_CONN_USED_W_MK_REQ	0x00020000
-#define KRB5_AUTH_CONN_USED_W_RD_REQ	0x00040000
-#define KRB5_AUTH_CONN_SANE_SEQ		0x00080000
-#define KRB5_AUTH_CONN_HEIMDAL_SEQ	0x00100000
+#define KRB5_AUTH_CONN_INITIALIZED      0x00010000
+#define KRB5_AUTH_CONN_USED_W_MK_REQ    0x00020000
+#define KRB5_AUTH_CONN_USED_W_RD_REQ    0x00040000
+#define KRB5_AUTH_CONN_SANE_SEQ         0x00080000
+#define KRB5_AUTH_CONN_HEIMDAL_SEQ      0x00100000
 
 #endif
diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c
index c5992aded..5430127eb 100644
--- a/src/lib/krb5/krb/authdata.c
+++ b/src/lib/krb5/krb/authdata.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2009 by the Massachusetts Institute of Technology.  All
  * Rights Reserved.
@@ -39,7 +39,7 @@ static const char *objdirs[] = {
 #endif
     LIBDIR "/krb5/plugins/authdata",
     NULL
- }; /* should be a list */
+}; /* should be a list */
 
 /* Internal authdata systems */
 static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = {
@@ -648,10 +648,10 @@ krb5int_authdata_verify(krb5_context kcontext,
 
         if (authdata == NULL) {
             code = krb5int_find_authdata(kcontext,
-                                        ticket_authdata,
-                                        authen_authdata,
-                                        module->ad_type,
-                                        &authdata);
+                                         ticket_authdata,
+                                         authen_authdata,
+                                         module->ad_type,
+                                         &authdata);
             if (code != 0)
                 break;
         }
@@ -1244,4 +1244,3 @@ krb5_ser_authdata_context_init(krb5_context kcontext)
     return krb5_register_serializer(kcontext,
                                     &krb5_authdata_context_ser_entry);
 }
-
diff --git a/src/lib/krb5/krb/authdata.h b/src/lib/krb5/krb/authdata.h
index 9e4dcceb0..39d80d662 100644
--- a/src/lib/krb5/krb/authdata.h
+++ b/src/lib/krb5/krb/authdata.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/authdata.h
  *
@@ -35,14 +36,13 @@
 /* authdata.c */
 krb5_error_code
 krb5int_authdata_verify(krb5_context context,
-			krb5_authdata_context,
-			krb5_flags usage,
-			const krb5_auth_context *auth_context,
-			const krb5_keyblock *key,
-			const krb5_ap_req *ap_req);
+                        krb5_authdata_context,
+                        krb5_flags usage,
+                        const krb5_auth_context *auth_context,
+                        const krb5_keyblock *key,
+                        const krb5_ap_req *ap_req);
 
 /* pac.c */
 extern krb5plugin_authdata_client_ftable_v0 krb5int_mspac_authdata_client_ftable;
 
 #endif /* !KRB_AUTHDATA_H */
-
diff --git a/src/lib/krb5/krb/bld_pr_ext.c b/src/lib/krb5/krb/bld_pr_ext.c
index 1a288c896..899b9ee3b 100644
--- a/src/lib/krb5/krb/bld_pr_ext.c
+++ b/src/lib/krb5/krb/bld_pr_ext.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/bld_pr_ext.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Build a principal from a list of lengths and strings
  */
@@ -33,7 +34,7 @@
 
 krb5_error_code KRB5_CALLCONV_C
 krb5_build_principal_ext(krb5_context context,  krb5_principal * princ,
-			 unsigned int rlen, const char * realm, ...)
+                         unsigned int rlen, const char * realm, ...)
 {
     va_list ap;
     int i, count = 0;
@@ -44,8 +45,8 @@ krb5_build_principal_ext(krb5_context context,  krb5_principal * princ,
     va_start(ap, realm);
     /* count up */
     while (va_arg(ap, int) != 0) {
-	(void)va_arg(ap, char *);		/* pass one up */
-	count++;
+        (void)va_arg(ap, char *);               /* pass one up */
+        count++;
     }
     va_end(ap);
 
@@ -54,30 +55,30 @@ krb5_build_principal_ext(krb5_context context,  krb5_principal * princ,
     /* get space for array */
     princ_data = (krb5_data *) malloc(sizeof(krb5_data) * count);
     if (!princ_data)
-	return ENOMEM;
+        return ENOMEM;
     princ_ret = (krb5_principal) malloc(sizeof(krb5_principal_data));
     if (!princ_ret) {
-	free(princ_data);
-	return ENOMEM;
+        free(princ_data);
+        return ENOMEM;
     }
     princ_ret->data = princ_data;
     princ_ret->length = count;
     tmpdata.length = rlen;
     tmpdata.data = (char *) realm;
     if (krb5int_copy_data_contents_add0(context, &tmpdata, &princ_ret->realm) != 0) {
-	free(princ_data);
-	free(princ_ret);
-	return ENOMEM;
-    }	
+        free(princ_data);
+        free(princ_ret);
+        return ENOMEM;
+    }
 
     /* process rest of components */
     va_start(ap, realm);
     for (i = 0; i < count; i++) {
-	tmpdata.length = va_arg(ap, unsigned int);
-	tmpdata.data = va_arg(ap, char *);
-	if (krb5int_copy_data_contents_add0(context, &tmpdata,
-					    &princ_data[i]) != 0)
-	    goto free_out;
+        tmpdata.length = va_arg(ap, unsigned int);
+        tmpdata.data = va_arg(ap, char *);
+        if (krb5int_copy_data_contents_add0(context, &tmpdata,
+                                            &princ_data[i]) != 0)
+            goto free_out;
     }
     va_end(ap);
     *princ = princ_ret;
@@ -86,7 +87,7 @@ krb5_build_principal_ext(krb5_context context,  krb5_principal * princ,
 
 free_out:
     while (--i >= 0)
-	free(princ_data[i].data);
+        free(princ_data[i].data);
     free(princ_data);
     free(princ_ret->realm.data);
     free(princ_ret);
diff --git a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c
index d3e0d294b..ac2c92a9e 100644
--- a/src/lib/krb5/krb/bld_princ.c
+++ b/src/lib/krb5/krb/bld_princ.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/bld_princ.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Build a principal from a list of strings
  */
@@ -30,13 +31,13 @@
 #include <stdarg.h>
 #include "k5-int.h"
 
-/* Takes first component as argument for KIM API, 
+/* Takes first component as argument for KIM API,
  * which does not allow realms with zero components */
 static krb5_error_code
-krb5int_build_principal_va(krb5_context context, 
-                           krb5_principal princ, 
-                           unsigned int rlen, 
-                           const char *realm, 
+krb5int_build_principal_va(krb5_context context,
+                           krb5_principal princ,
+                           unsigned int rlen,
+                           const char *realm,
                            const char *first,
                            va_list ap)
 {
@@ -46,26 +47,26 @@ krb5int_build_principal_va(krb5_context context,
     krb5_int32 count = 0;
     krb5_int32 size = 2;  /* initial guess at needed space */
     char *component = NULL;
-    
+
     data = malloc(size * sizeof(krb5_data));
     if (!data) { retval = ENOMEM; }
-    
+
     if (!retval) {
         r = strdup(realm);
         if (!r) { retval = ENOMEM; }
     }
-    
+
     if (!retval && first) {
         data[0].length = strlen(first);
         data[0].data = strdup(first);
         if (!data[0].data) { retval = ENOMEM; }
         count++;
-        
+
         /* ap is only valid if first is non-NULL */
         while (!retval && (component = va_arg(ap, char *))) {
             if (count == size) {
                 krb5_data *new_data = NULL;
-                
+
                 size *= 2;
                 new_data = realloc ((char *) data, sizeof(krb5_data) * size);
                 if (new_data) {
@@ -74,16 +75,16 @@ krb5int_build_principal_va(krb5_context context,
                     retval = ENOMEM;
                 }
             }
-            
+
             if (!retval) {
                 data[count].length = strlen(component);
-                data[count].data = strdup(component);  
+                data[count].data = strdup(component);
                 if (!data[count].data) { retval = ENOMEM; }
                 count++;
             }
         }
     }
-    
+
     if (!retval) {
         princ->type = KRB5_NT_UNKNOWN;
         princ->magic = KV5M_PRINCIPAL;
@@ -94,7 +95,7 @@ krb5int_build_principal_va(krb5_context context,
         r = NULL;    /* take ownership */
         data = NULL; /* take ownership */
     }
-    
+
     if (data) {
         while (--count >= 0) {
             free(data[count].data);
@@ -102,68 +103,68 @@ krb5int_build_principal_va(krb5_context context,
         free(data);
     }
     free(r);
-    
+
     return retval;
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_build_principal_va(krb5_context context, 
-                        krb5_principal princ, 
-                        unsigned int rlen, 
-                        const char *realm, 
+krb5_build_principal_va(krb5_context context,
+                        krb5_principal princ,
+                        unsigned int rlen,
+                        const char *realm,
                         va_list ap)
 {
     char *first = va_arg(ap, char *);
-    
+
     return krb5int_build_principal_va(context, princ, rlen, realm, first, ap);
 }
 
-/* Takes first component as argument for KIM API, 
+/* Takes first component as argument for KIM API,
  * which does not allow realms with zero components */
 krb5_error_code KRB5_CALLCONV
-krb5int_build_principal_alloc_va(krb5_context context, 
-                                 krb5_principal *princ, 
-                                 unsigned int rlen, 
-                                 const char *realm, 
+krb5int_build_principal_alloc_va(krb5_context context,
+                                 krb5_principal *princ,
+                                 unsigned int rlen,
+                                 const char *realm,
                                  const char *first,
                                  va_list ap)
 {
     krb5_error_code retval = 0;
-    
+
     krb5_principal p = malloc(sizeof(krb5_principal_data));
     if (!p) { retval = ENOMEM; }
-    
+
     if (!retval) {
         retval = krb5int_build_principal_va(context, p, rlen, realm, first, ap);
     }
-    
+
     if (!retval) {
-	*princ = p;
+        *princ = p;
     } else {
         free(p);
     }
-    
-    return retval;    
+
+    return retval;
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_build_principal_alloc_va(krb5_context context, 
-                              krb5_principal *princ, 
-                              unsigned int rlen, 
-                              const char *realm, 
+krb5_build_principal_alloc_va(krb5_context context,
+                              krb5_principal *princ,
+                              unsigned int rlen,
+                              const char *realm,
                               va_list ap)
 {
     krb5_error_code retval = 0;
-    
+
     krb5_principal p = malloc(sizeof(krb5_principal_data));
     if (!p) { retval = ENOMEM; }
-   
+
     if (!retval) {
         retval = krb5_build_principal_va(context, p, rlen, realm, ap);
     }
-    
+
     if (!retval) {
-	*princ = p;
+        *princ = p;
     } else {
         free(p);
     }
@@ -172,17 +173,17 @@ krb5_build_principal_alloc_va(krb5_context context,
 }
 
 krb5_error_code KRB5_CALLCONV_C
-krb5_build_principal(krb5_context context, 
-                     krb5_principal * princ, 
-		     unsigned int rlen,
-		     const char * realm, ...)
+krb5_build_principal(krb5_context context,
+                     krb5_principal * princ,
+                     unsigned int rlen,
+                     const char * realm, ...)
 {
     krb5_error_code retval = 0;
     va_list ap;
-    
+
     va_start(ap, realm);
     retval = krb5_build_principal_alloc_va(context, princ, rlen, realm, ap);
     va_end(ap);
-    
+
     return retval;
 }
diff --git a/src/lib/krb5/krb/brand.c b/src/lib/krb5/krb/brand.c
index 7e4e0dbd0..fc098ddb5 100644
--- a/src/lib/krb5/krb/brand.c
+++ b/src/lib/krb5/krb/brand.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/brand.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/lib/krb5/krb/chk_trans.c b/src/lib/krb5/krb/chk_trans.c
index 9af063ce3..3c014817c 100644
--- a/src/lib/krb5/krb/chk_trans.c
+++ b/src/lib/krb5/krb/chk_trans.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/chk_trans.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_check_transited_list()
  */
@@ -46,12 +47,12 @@ static int verbose = 0;
 
 static krb5_error_code
 process_intermediates (krb5_error_code (*fn)(krb5_data *, void *), void *data,
-		       const krb5_data *n1, const krb5_data *n2) {
+                       const krb5_data *n1, const krb5_data *n2) {
     unsigned int len1, len2, i;
     char *p1, *p2;
 
     Tprintf (("process_intermediates(%.*s,%.*s)\n",
-	      (int) n1->length, n1->data, (int) n2->length, n2->data));
+              (int) n1->length, n1->data, (int) n2->length, n2->data));
 
     len1 = n1->length;
     len2 = n2->length;
@@ -59,78 +60,78 @@ process_intermediates (krb5_error_code (*fn)(krb5_data *, void *), void *data,
     Tprintf (("(walking intermediates now)\n"));
     /* Simplify...  */
     if (len1 > len2) {
-	const krb5_data *p;
-	int tmp = len1;
-	len1 = len2;
-	len2 = tmp;
-	p = n1;
-	n1 = n2;
-	n2 = p;
+        const krb5_data *p;
+        int tmp = len1;
+        len1 = len2;
+        len2 = tmp;
+        p = n1;
+        n1 = n2;
+        n2 = p;
     }
     /* Okay, now len1 is always shorter or equal.  */
     if (len1 == len2) {
-	if (memcmp (n1->data, n2->data, len1)) {
-	    Tprintf (("equal length but different strings in path: '%.*s' '%.*s'\n",
-		      (int) n1->length, n1->data, (int) n2->length, n2->data));
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-	Tprintf (("(end intermediates)\n"));
-	return 0;
+        if (memcmp (n1->data, n2->data, len1)) {
+            Tprintf (("equal length but different strings in path: '%.*s' '%.*s'\n",
+                      (int) n1->length, n1->data, (int) n2->length, n2->data));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        Tprintf (("(end intermediates)\n"));
+        return 0;
     }
     /* Now len1 is always shorter.  */
     if (len1 == 0)
-	/* Shouldn't be possible.  Internal error?  */
-	return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        /* Shouldn't be possible.  Internal error?  */
+        return KRB5KRB_AP_ERR_ILL_CR_TKT;
     p1 = n1->data;
     p2 = n2->data;
     if (p1[0] == '/') {
-	/* X.500 style names, with common prefix.  */
-	if (p2[0] != '/') {
-	    Tprintf (("mixed name formats in path: x500='%.*s' domain='%.*s'\n",
-		      (int) len1, p1, (int) len2, p2));
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-	if (memcmp (p1, p2, len1)) {
-	    Tprintf (("x500 names with different prefixes '%.*s' '%.*s'\n",
-		      (int) len1, p1, (int) len2, p2));
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-	for (i = len1 + 1; i < len2; i++)
-	    if (p2[i] == '/') {
-		krb5_data d;
-		krb5_error_code r;
-
-		d.data = p2;
-		d.length = i;
-		r = (*fn) (&d, data);
-		if (r)
-		    return r;
-	    }
+        /* X.500 style names, with common prefix.  */
+        if (p2[0] != '/') {
+            Tprintf (("mixed name formats in path: x500='%.*s' domain='%.*s'\n",
+                      (int) len1, p1, (int) len2, p2));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        if (memcmp (p1, p2, len1)) {
+            Tprintf (("x500 names with different prefixes '%.*s' '%.*s'\n",
+                      (int) len1, p1, (int) len2, p2));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        for (i = len1 + 1; i < len2; i++)
+            if (p2[i] == '/') {
+                krb5_data d;
+                krb5_error_code r;
+
+                d.data = p2;
+                d.length = i;
+                r = (*fn) (&d, data);
+                if (r)
+                    return r;
+            }
     } else {
-	/* Domain style names, with common suffix.  */
-	if (p2[0] == '/') {
-	    Tprintf (("mixed name formats in path: domain='%.*s' x500='%.*s'\n",
-		      (int) len1, p1, (int) len2, p2));
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-	if (memcmp (p1, p2 + (len2 - len1), len1)) {
-	    Tprintf (("domain names with different suffixes '%.*s' '%.*s'\n",
-		      (int) len1, p1, (int) len2, p2));
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-	for (i = len2 - len1 - 1; i > 0; i--) {
-	    Tprintf (("looking at '%.*s'\n", (int) (len2 - i), p2+i));
-	    if (p2[i-1] == '.') {
-		krb5_data d;
-		krb5_error_code r;
-
-		d.data = p2+i;
-		d.length = len2 - i;
-		r = (*fn) (&d, data);
-		if (r)
-		    return r;
-	    }
-	}
+        /* Domain style names, with common suffix.  */
+        if (p2[0] == '/') {
+            Tprintf (("mixed name formats in path: domain='%.*s' x500='%.*s'\n",
+                      (int) len1, p1, (int) len2, p2));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        if (memcmp (p1, p2 + (len2 - len1), len1)) {
+            Tprintf (("domain names with different suffixes '%.*s' '%.*s'\n",
+                      (int) len1, p1, (int) len2, p2));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        for (i = len2 - len1 - 1; i > 0; i--) {
+            Tprintf (("looking at '%.*s'\n", (int) (len2 - i), p2+i));
+            if (p2[i-1] == '.') {
+                krb5_data d;
+                krb5_error_code r;
+
+                d.data = p2+i;
+                d.length = len2 - i;
+                r = (*fn) (&d, data);
+                if (r)
+                    return r;
+            }
+        }
     }
     Tprintf (("(end intermediates)\n"));
     return 0;
@@ -140,25 +141,25 @@ static krb5_error_code
 maybe_join (krb5_data *last, krb5_data *buf, unsigned int bufsiz)
 {
     if (buf->length == 0)
-	return 0;
+        return 0;
     if (buf->data[0] == '/') {
-	if (last->length + buf->length > bufsiz) {
-	    Tprintf (("too big: last=%d cur=%d max=%d\n", last->length, buf->length, bufsiz));
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-	memmove (buf->data+last->length, buf->data, buf->length);
-	memcpy (buf->data, last->data, last->length);
-	buf->length += last->length;
+        if (last->length + buf->length > bufsiz) {
+            Tprintf (("too big: last=%d cur=%d max=%d\n", last->length, buf->length, bufsiz));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        memmove (buf->data+last->length, buf->data, buf->length);
+        memcpy (buf->data, last->data, last->length);
+        buf->length += last->length;
     } else if (buf->data[buf->length-1] == '.') {
-	/* We can ignore the case where the previous component was
-	   empty; the strcat will be a no-op.  It should probably
-	   be an error case, but let's be flexible.  */
-	if (last->length+buf->length > bufsiz) {
-	    Tprintf (("too big\n"));
-	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
-	memcpy (buf->data + buf->length, last->data, last->length);
-	buf->length += last->length;
+        /* We can ignore the case where the previous component was
+           empty; the strcat will be a no-op.  It should probably
+           be an error case, but let's be flexible.  */
+        if (last->length+buf->length > bufsiz) {
+            Tprintf (("too big\n"));
+            return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        memcpy (buf->data + buf->length, last->data, last->length);
+        buf->length += last->length;
     }
     /* Otherwise, do nothing.  */
     return 0;
@@ -170,8 +171,8 @@ maybe_join (krb5_data *last, krb5_data *buf, unsigned int bufsiz)
    of C strings.  */
 static krb5_error_code
 foreach_realm (krb5_error_code (*fn)(krb5_data *comp,void *data), void *data,
-	       const krb5_data *crealm, const krb5_data *srealm,
-	       const krb5_data *transit)
+               const krb5_data *crealm, const krb5_data *srealm,
+               const krb5_data *transit)
 {
     char buf[MAXLEN], last[MAXLEN];
     char *p, *bufp;
@@ -201,88 +202,88 @@ foreach_realm (krb5_error_code (*fn)(krb5_data *comp,void *data), void *data,
     print_data ("transit enc.: %.*s\n", transit);
 
     if (transit->length == 0) {
-	Tprintf (("no other realms transited\n"));
-	return 0;
+        Tprintf (("no other realms transited\n"));
+        return 0;
     }
 
     bufp = buf;
     for (p = transit->data, l = transit->length; l; p++, l--) {
-	if (next_lit) {
-	    *bufp++ = *p;
-	    if (bufp == buf+sizeof(buf))
-		return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	    next_lit = 0;
-	} else if (*p == '\\') {
-	    next_lit = 1;
-	} else if (*p == ',') {
-	    if (bufp != buf) {
-		this_component.length = bufp - buf;
-		r = maybe_join (&last_component, &this_component, sizeof(buf));
-		if (r)
-		    return r;
-		r = (*fn) (&this_component, data);
-		if (r)
-		    return r;
-		if (intermediates) {
-		    if (p == transit->data)
-			r = process_intermediates (fn, data,
-						   &this_component, crealm);
-		    else {
-			r = process_intermediates (fn, data, &this_component,
-						   &last_component);
-		    }
-		    if (r)
-			return r;
-		}
-		intermediates = 0;
-		memcpy (last, buf, sizeof (buf));
-		last_component.length = this_component.length;
-		memset (buf, 0, sizeof (buf));
-		bufp = buf;
-	    } else {
-		intermediates = 1;
-		if (p == transit->data) {
-		    if (crealm->length >= MAXLEN)
-			return KRB5KRB_AP_ERR_ILL_CR_TKT;
-		    memcpy (last, crealm->data, crealm->length);
-		    last[crealm->length] = '\0';
-		    last_component.length = crealm->length;
-		}
-	    }
-	} else if (*p == ' ' && bufp == buf) {
-	    /* This next component stands alone, even if it has a
-	       trailing dot or leading slash.  */
-	    memset (last, 0, sizeof (last));
-	    last_component.length = 0;
-	} else {
-	    /* Not a special character; literal.  */
-	    *bufp++ = *p;
-	    if (bufp == buf+sizeof(buf))
-		return KRB5KRB_AP_ERR_ILL_CR_TKT;
-	}
+        if (next_lit) {
+            *bufp++ = *p;
+            if (bufp == buf+sizeof(buf))
+                return KRB5KRB_AP_ERR_ILL_CR_TKT;
+            next_lit = 0;
+        } else if (*p == '\\') {
+            next_lit = 1;
+        } else if (*p == ',') {
+            if (bufp != buf) {
+                this_component.length = bufp - buf;
+                r = maybe_join (&last_component, &this_component, sizeof(buf));
+                if (r)
+                    return r;
+                r = (*fn) (&this_component, data);
+                if (r)
+                    return r;
+                if (intermediates) {
+                    if (p == transit->data)
+                        r = process_intermediates (fn, data,
+                                                   &this_component, crealm);
+                    else {
+                        r = process_intermediates (fn, data, &this_component,
+                                                   &last_component);
+                    }
+                    if (r)
+                        return r;
+                }
+                intermediates = 0;
+                memcpy (last, buf, sizeof (buf));
+                last_component.length = this_component.length;
+                memset (buf, 0, sizeof (buf));
+                bufp = buf;
+            } else {
+                intermediates = 1;
+                if (p == transit->data) {
+                    if (crealm->length >= MAXLEN)
+                        return KRB5KRB_AP_ERR_ILL_CR_TKT;
+                    memcpy (last, crealm->data, crealm->length);
+                    last[crealm->length] = '\0';
+                    last_component.length = crealm->length;
+                }
+            }
+        } else if (*p == ' ' && bufp == buf) {
+            /* This next component stands alone, even if it has a
+               trailing dot or leading slash.  */
+            memset (last, 0, sizeof (last));
+            last_component.length = 0;
+        } else {
+            /* Not a special character; literal.  */
+            *bufp++ = *p;
+            if (bufp == buf+sizeof(buf))
+                return KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
     }
     /* At end.  Must be normal state.  */
     if (next_lit)
-	Tprintf (("ending in next-char-literal state\n"));
+        Tprintf (("ending in next-char-literal state\n"));
     /* Process trailing element or comma.  */
     if (bufp == buf) {
-	/* Trailing comma.  */
-	r = process_intermediates (fn, data, &last_component, srealm);
+        /* Trailing comma.  */
+        r = process_intermediates (fn, data, &last_component, srealm);
     } else {
-	/* Trailing component.  */
-	this_component.length = bufp - buf;
-	r = maybe_join (&last_component, &this_component, sizeof(buf));
-	if (r)
-	    return r;
-	r = (*fn) (&this_component, data);
-	if (r)
-	    return r;
-	if (intermediates)
-	    r = process_intermediates (fn, data, &this_component,
-				       &last_component);
+        /* Trailing component.  */
+        this_component.length = bufp - buf;
+        r = maybe_join (&last_component, &this_component, sizeof(buf));
+        if (r)
+            return r;
+        r = (*fn) (&this_component, data);
+        if (r)
+            return r;
+        if (intermediates)
+            r = process_intermediates (fn, data, &this_component,
+                                       &last_component);
     }
     if (r != 0)
-	return r;
+        return r;
     return 0;
 }
 
@@ -300,8 +301,8 @@ check_realm_in_list (krb5_data *realm, void *data)
 
     Tprintf ((".. checking '%.*s'\n", (int) realm->length, realm->data));
     for (i = 0; cdata->tgs[i]; i++) {
-	if (data_eq (*krb5_princ_realm (cdata->ctx, cdata->tgs[i]), *realm))
-	    return 0;
+        if (data_eq (*krb5_princ_realm (cdata->ctx, cdata->tgs[i]), *realm))
+            return 0;
     }
     Tprintf (("BAD!\n"));
     return KRB5KRB_AP_ERR_ILL_CR_TKT;
@@ -309,7 +310,7 @@ check_realm_in_list (krb5_data *realm, void *data)
 
 krb5_error_code
 krb5_check_transited_list (krb5_context ctx, const krb5_data *trans_in,
-			   const krb5_data *crealm, const krb5_data *srealm)
+                           const krb5_data *crealm, const krb5_data *srealm)
 {
     krb5_data trans;
     struct check_data cdata;
@@ -318,31 +319,31 @@ krb5_check_transited_list (krb5_context ctx, const krb5_data *trans_in,
     trans.length = trans_in->length;
     trans.data = (char *) trans_in->data;
     if (trans.length && (trans.data[trans.length-1] == '\0'))
-	trans.length--;
+        trans.length--;
 
     Tprintf (("krb5_check_transited_list(trans=\"%.*s\", crealm=\"%.*s\", srealm=\"%.*s\")\n",
-	      (int) trans.length, trans.data,
-	      (int) crealm->length, crealm->data,
-	      (int) srealm->length, srealm->data));
+              (int) trans.length, trans.data,
+              (int) crealm->length, crealm->data,
+              (int) srealm->length, srealm->data));
     if (trans.length == 0)
-	return 0;
+        return 0;
     r = krb5_walk_realm_tree (ctx, crealm, srealm, &cdata.tgs,
-			      KRB5_REALM_BRANCH_CHAR);
+                              KRB5_REALM_BRANCH_CHAR);
     if (r) {
-	Tprintf (("error %ld\n", (long) r));
-	return r;
+        Tprintf (("error %ld\n", (long) r));
+        return r;
     }
 #ifdef DEBUG /* avoid compiler warning about 'd' unused */
     {
-	int i;
-	Tprintf (("tgs list = {\n"));
-	for (i = 0; cdata.tgs[i]; i++) {
-	    char *name;
-	    r = krb5_unparse_name (ctx, cdata.tgs[i], &name);
-	    Tprintf (("\t'%s'\n", name));
-	    free (name);
-	}
-	Tprintf (("}\n"));
+        int i;
+        Tprintf (("tgs list = {\n"));
+        for (i = 0; cdata.tgs[i]; i++) {
+            char *name;
+            r = krb5_unparse_name (ctx, cdata.tgs[i], &name);
+            Tprintf (("\t'%s'\n", name));
+            free (name);
+        }
+        Tprintf (("}\n"));
     }
 #endif
     cdata.ctx = ctx;
@@ -370,19 +371,19 @@ int main (int argc, char *argv[]) {
     me = me ? me+1 : argv[0];
 
     while (argc > 3 && argv[1][0] == '-') {
-	if (!strcmp ("-v", argv[1]))
-	    verbose++, argc--, argv++;
-	else if (!strcmp ("-x", argv[1]))
-	    expand_only++, argc--, argv++;
-	else
-	    goto usage;
+        if (!strcmp ("-v", argv[1]))
+            verbose++, argc--, argv++;
+        else if (!strcmp ("-x", argv[1]))
+            expand_only++, argc--, argv++;
+        else
+            goto usage;
     }
 
     if (argc != 4) {
     usage:
-	printf ("usage: %s [-v] [-x] clientRealm serverRealm transitEncoding\n",
-		me);
-	return 1;
+        printf ("usage: %s [-v] [-x] clientRealm serverRealm transitEncoding\n",
+                me);
+        return 1;
     }
 
     crealm.data = argv[1];
@@ -394,40 +395,40 @@ int main (int argc, char *argv[]) {
 
     if (expand_only) {
 
-	printf ("client realm: %s\n", argv[1]);
-	printf ("server realm: %s\n", argv[2]);
-	printf ("transit enc.: %s\n", argv[3]);
+        printf ("client realm: %s\n", argv[1]);
+        printf ("server realm: %s\n", argv[2]);
+        printf ("transit enc.: %s\n", argv[3]);
 
-	if (argv[3][0] == 0) {
-	    printf ("no other realms transited\n");
-	    return 0;
-	}
+        if (argv[3][0] == 0) {
+            printf ("no other realms transited\n");
+            return 0;
+        }
 
-	r = foreach_realm (print_a_realm, NULL, &crealm, &srealm, &transit);
-	if (r)
-	    printf ("--> returned error %ld\n", (long) r);
-	return r != 0;
+        r = foreach_realm (print_a_realm, NULL, &crealm, &srealm, &transit);
+        if (r)
+            printf ("--> returned error %ld\n", (long) r);
+        return r != 0;
 
     } else {
 
-	/* Actually check the values against the supplied krb5.conf file.  */
-	krb5_context ctx;
-	r = krb5_init_context (&ctx);
-	if (r) {
-	    com_err (me, r, "initializing krb5 context");
-	    return 1;
-	}
-	r = krb5_check_transited_list (ctx, &transit, &crealm, &srealm);
-	if (r == KRB5KRB_AP_ERR_ILL_CR_TKT) {
-	    printf ("NO\n");
-	} else if (r == 0) {
-	    printf ("YES\n");
-	} else {
-	    printf ("kablooey!\n");
-	    com_err (me, r, "checking transited-realm list");
-	    return 1;
-	}
-	return 0;
+        /* Actually check the values against the supplied krb5.conf file.  */
+        krb5_context ctx;
+        r = krb5_init_context (&ctx);
+        if (r) {
+            com_err (me, r, "initializing krb5 context");
+            return 1;
+        }
+        r = krb5_check_transited_list (ctx, &transit, &crealm, &srealm);
+        if (r == KRB5KRB_AP_ERR_ILL_CR_TKT) {
+            printf ("NO\n");
+        } else if (r == 0) {
+            printf ("YES\n");
+        } else {
+            printf ("kablooey!\n");
+            com_err (me, r, "checking transited-realm list");
+            return 1;
+        }
+        return 0;
     }
 }
 
diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c
index d38a7ef39..1488f627e 100644
--- a/src/lib/krb5/krb/chpw.c
+++ b/src/lib/krb5/krb/chpw.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
 ** set password functions added by Paul W. Nelson, Thursby Software Systems, Inc.
 */
@@ -7,12 +8,12 @@
 #include "auth_con.h"
 
 
-krb5_error_code 
-krb5int_mk_chpw_req(krb5_context context, 
-		    krb5_auth_context auth_context, 
-		    krb5_data *ap_req,
-		    char *passwd, 
-		    krb5_data *packet)
+krb5_error_code
+krb5int_mk_chpw_req(krb5_context context,
+                    krb5_auth_context auth_context,
+                    krb5_data *ap_req,
+                    char *passwd,
+                    krb5_data *packet)
 {
     krb5_error_code ret = 0;
     krb5_data clearpw;
@@ -23,21 +24,21 @@ krb5int_mk_chpw_req(krb5_context context,
     cipherpw.data = NULL;
 
     if ((ret = krb5_auth_con_setflags(context, auth_context,
-				      KRB5_AUTH_CONTEXT_DO_SEQUENCE)))
-	goto cleanup;
+                                      KRB5_AUTH_CONTEXT_DO_SEQUENCE)))
+        goto cleanup;
 
     clearpw.length = strlen(passwd);
     clearpw.data = passwd;
 
     if ((ret = krb5_mk_priv(context, auth_context,
-			    &clearpw, &cipherpw, &replay)))
-	goto cleanup;
+                            &clearpw, &cipherpw, &replay)))
+        goto cleanup;
 
     packet->length = 6 + ap_req->length + cipherpw.length;
     packet->data = (char *) malloc(packet->length);
     if (packet->data == NULL) {
-	ret = ENOMEM;
-	goto cleanup;
+        ret = ENOMEM;
+        goto cleanup;
     }
     ptr = packet->data;
 
@@ -67,14 +68,14 @@ krb5int_mk_chpw_req(krb5_context context,
 
 cleanup:
     if (cipherpw.data != NULL)  /* allocated by krb5_mk_priv */
-	free(cipherpw.data);
-      
+        free(cipherpw.data);
+
     return(ret);
 }
 
-krb5_error_code 
+krb5_error_code
 krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
-		    krb5_data *packet, int *result_code, krb5_data *result_data)
+                    krb5_data *packet, int *result_code, krb5_data *result_data)
 {
     char *ptr;
     int plen, vno;
@@ -88,9 +89,9 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
     krb5_keyblock *tmp;
 
     if (packet->length < 4)
-	/* either this, or the server is printing bad messages,
-	   or the caller passed in garbage */
-	return(KRB5KRB_AP_ERR_MODIFIED);
+        /* either this, or the server is printing bad messages,
+           or the caller passed in garbage */
+        return(KRB5KRB_AP_ERR_MODIFIED);
 
     ptr = packet->data;
 
@@ -100,27 +101,27 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
     plen = (plen<<8) | (*ptr++ & 0xff);
 
     if (plen != packet->length) {
-	/*
-	 * MS KDCs *may* send back a KRB_ERROR.  Although
-	 * not 100% correct via RFC3244, it's something
-	 * we can workaround here.
-	 */
-	if (krb5_is_krb_error(packet)) {
-
-	    if ((ret = krb5_rd_error(context, packet, &krberror)))
-		return(ret);
-
-	    if (krberror->e_data.data  == NULL)
-		ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error;
-	    else
-		ret = KRB5KRB_AP_ERR_MODIFIED;
-	    krb5_free_error(context, krberror);
-	    return(ret);
-	} else {
-	    return(KRB5KRB_AP_ERR_MODIFIED);
-	}
+        /*
+         * MS KDCs *may* send back a KRB_ERROR.  Although
+         * not 100% correct via RFC3244, it's something
+         * we can workaround here.
+         */
+        if (krb5_is_krb_error(packet)) {
+
+            if ((ret = krb5_rd_error(context, packet, &krberror)))
+                return(ret);
+
+            if (krberror->e_data.data  == NULL)
+                ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error;
+            else
+                ret = KRB5KRB_AP_ERR_MODIFIED;
+            krb5_free_error(context, krberror);
+            return(ret);
+        } else {
+            return(KRB5KRB_AP_ERR_MODIFIED);
+        }
     }
-	
+
 
     /* verify version number */
 
@@ -128,7 +129,7 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
     vno = (vno<<8) | (*ptr++ & 0xff);
 
     if (vno != 1)
-	return(KRB5KDC_ERR_BAD_PVNO);
+        return(KRB5KDC_ERR_BAD_PVNO);
 
     /* read, check ap-rep length */
 
@@ -136,59 +137,59 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
     ap_rep.length = (ap_rep.length<<8) | (*ptr++ & 0xff);
 
     if (ptr + ap_rep.length >= packet->data + packet->length)
-	return(KRB5KRB_AP_ERR_MODIFIED);
+        return(KRB5KRB_AP_ERR_MODIFIED);
 
     if (ap_rep.length) {
-	/* verify ap_rep */
-	ap_rep.data = ptr;
-	ptr += ap_rep.length;
-
-	/*
-	 * Save send_subkey to later smash recv_subkey.
-	 */
-	ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmp);
-	if (ret)
-	    return ret;
-
-	ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
-	if (ret) {
-	    krb5_free_keyblock(context, tmp);
-	    return(ret);
-	}
-
-	krb5_free_ap_rep_enc_part(context, ap_rep_enc);
-
-	/* extract and decrypt the result */
-
-	cipherresult.data = ptr;
-	cipherresult.length = (packet->data + packet->length) - ptr;
-
-	/*
-	 * Smash recv_subkey to be send_subkey, per spec.
-	 */
-	ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmp);
-	krb5_free_keyblock(context, tmp);
-	if (ret)
-	    return ret;
-
-	ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
-			   &replay);
-
-	if (ret)
-	    return(ret);
+        /* verify ap_rep */
+        ap_rep.data = ptr;
+        ptr += ap_rep.length;
+
+        /*
+         * Save send_subkey to later smash recv_subkey.
+         */
+        ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmp);
+        if (ret)
+            return ret;
+
+        ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
+        if (ret) {
+            krb5_free_keyblock(context, tmp);
+            return(ret);
+        }
+
+        krb5_free_ap_rep_enc_part(context, ap_rep_enc);
+
+        /* extract and decrypt the result */
+
+        cipherresult.data = ptr;
+        cipherresult.length = (packet->data + packet->length) - ptr;
+
+        /*
+         * Smash recv_subkey to be send_subkey, per spec.
+         */
+        ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmp);
+        krb5_free_keyblock(context, tmp);
+        if (ret)
+            return ret;
+
+        ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
+                           &replay);
+
+        if (ret)
+            return(ret);
     } else {
-	cipherresult.data = ptr;
-	cipherresult.length = (packet->data + packet->length) - ptr;
+        cipherresult.data = ptr;
+        cipherresult.length = (packet->data + packet->length) - ptr;
 
-	if ((ret = krb5_rd_error(context, &cipherresult, &krberror)))
-	    return(ret);
+        if ((ret = krb5_rd_error(context, &cipherresult, &krberror)))
+            return(ret);
 
-	clearresult = krberror->e_data;
+        clearresult = krberror->e_data;
     }
 
     if (clearresult.length < 2) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
     }
 
     ptr = clearresult.data;
@@ -197,38 +198,38 @@ krb5int_rd_chpw_rep(krb5_context context, krb5_auth_context auth_context,
     *result_code = (*result_code<<8) | (*ptr++ & 0xff);
 
     if ((*result_code < KRB5_KPASSWD_SUCCESS) ||
-	(*result_code > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto cleanup;
+        (*result_code > KRB5_KPASSWD_INITIAL_FLAG_NEEDED)) {
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
     }
 
     /* all success replies should be authenticated/encrypted */
 
     if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS)) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
     }
 
     result_data->length = (clearresult.data + clearresult.length) - ptr;
 
     if (result_data->length) {
-	result_data->data = (char *) malloc(result_data->length);
-	if (result_data->data == NULL) {
-	    ret = ENOMEM;
-	    goto cleanup;
-	}
-	memcpy(result_data->data, ptr, result_data->length);
+        result_data->data = (char *) malloc(result_data->length);
+        if (result_data->data == NULL) {
+            ret = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(result_data->data, ptr, result_data->length);
     } else {
-	result_data->data = NULL;
+        result_data->data = NULL;
     }
 
     ret = 0;
 
 cleanup:
     if (ap_rep.length) {
-	free(clearresult.data);
+        free(clearresult.data);
     } else {
-	krb5_free_error(context, krberror);
+        krb5_free_error(context, krberror);
     }
 
     return(ret);
@@ -236,71 +237,71 @@ cleanup:
 
 krb5_error_code KRB5_CALLCONV
 krb5_chpw_result_code_string(krb5_context context, int result_code,
-			     char **code_string)
+                             char **code_string)
 {
     switch (result_code) {
     case KRB5_KPASSWD_MALFORMED:
-	*code_string = "Malformed request error";
-	break;
+        *code_string = "Malformed request error";
+        break;
     case KRB5_KPASSWD_HARDERROR:
-	*code_string = "Server error";
-	break;
+        *code_string = "Server error";
+        break;
     case KRB5_KPASSWD_AUTHERROR:
-	*code_string = "Authentication error";
-	break;
+        *code_string = "Authentication error";
+        break;
     case KRB5_KPASSWD_SOFTERROR:
-	*code_string = "Password change rejected";
-	break;
+        *code_string = "Password change rejected";
+        break;
     default:
-	*code_string = "Password change failed";
-	break;
+        *code_string = "Password change failed";
+        break;
     }
 
     return(0);
 }
 
-krb5_error_code 
+krb5_error_code
 krb5int_mk_setpw_req(krb5_context context,
-		     krb5_auth_context auth_context,
-		     krb5_data *ap_req,
-		     krb5_principal targprinc,
-		     char *passwd,
-		     krb5_data *packet)
+                     krb5_auth_context auth_context,
+                     krb5_data *ap_req,
+                     krb5_principal targprinc,
+                     char *passwd,
+                     krb5_data *packet)
 {
     krb5_error_code ret;
-    krb5_data	cipherpw;
-    krb5_data	*encoded_setpw;
+    krb5_data   cipherpw;
+    krb5_data   *encoded_setpw;
     struct krb5_setpw_req req;
 
     char *ptr;
 
     cipherpw.data = NULL;
     cipherpw.length = 0;
-     
+
     if ((ret = krb5_auth_con_setflags(context, auth_context,
-				      KRB5_AUTH_CONTEXT_DO_SEQUENCE)))
-	return(ret);
+                                      KRB5_AUTH_CONTEXT_DO_SEQUENCE)))
+        return(ret);
 
     req.target = targprinc;
     req.password.data = passwd;
     req.password.length = strlen(passwd);
     ret = encode_krb5_setpw_req(&req, &encoded_setpw);
     if (ret) {
-	return ret;
+        return ret;
     }
 
     if ((ret = krb5_mk_priv(context, auth_context, encoded_setpw, &cipherpw, NULL)) != 0) {
-	krb5_free_data(context, encoded_setpw);
-	return(ret);
+        krb5_free_data(context, encoded_setpw);
+        return(ret);
     }
     krb5_free_data(context, encoded_setpw);
-    
+
 
     packet->length = 6 + ap_req->length + cipherpw.length;
     packet->data = (char *) malloc(packet->length);
     if (packet->data  == NULL) {
-	ret = ENOMEM;
-	goto cleanup;
+        ret = ENOMEM;
+        goto cleanup;
     }
     ptr = packet->data;
     /*
@@ -325,18 +326,18 @@ krb5int_mk_setpw_req(krb5_context context,
     ret = 0;
 cleanup:
     if (cipherpw.data)
-	krb5_free_data_contents(context, &cipherpw);
+        krb5_free_data_contents(context, &cipherpw);
     if ((ret != 0) && packet->data) {
-	free(packet->data);
-	packet->data = NULL;
+        free(packet->data);
+        packet->data = NULL;
     }
     return ret;
 }
 
-krb5_error_code 
+krb5_error_code
 krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context,
-		     krb5_data *packet,
-		     int *result_code, krb5_data *result_data)
+                     krb5_data *packet,
+                     int *result_code, krb5_data *result_data)
 {
     char *ptr;
     unsigned int message_length, version_number;
@@ -350,7 +351,7 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context,
     ** validate the packet length -
     */
     if (packet->length < 4)
-	return(KRB5KRB_AP_ERR_MODIFIED);
+        return(KRB5KRB_AP_ERR_MODIFIED);
 
     ptr = packet->data;
 
@@ -358,109 +359,109 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context,
     ** see if it is an error
     */
     if (krb5_is_krb_error(packet)) {
-	krb5_error *krberror;
-	if ((ret = krb5_rd_error(context, packet, &krberror)))
-	    return(ret);
-	if (krberror->e_data.data  == NULL) {
-	    ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error;
-	    krb5_free_error(context, krberror);
-	    return (ret);
-	}
-	clearresult = krberror->e_data;
-	krberror->e_data.data  = NULL; /*So we can free it later*/
-	krberror->e_data.length = 0;
-	krb5_free_error(context, krberror);
-	ap_rep.length = 0;
+        krb5_error *krberror;
+        if ((ret = krb5_rd_error(context, packet, &krberror)))
+            return(ret);
+        if (krberror->e_data.data  == NULL) {
+            ret = ERROR_TABLE_BASE_krb5 + (krb5_error_code) krberror->error;
+            krb5_free_error(context, krberror);
+            return (ret);
+        }
+        clearresult = krberror->e_data;
+        krberror->e_data.data  = NULL; /*So we can free it later*/
+        krberror->e_data.length = 0;
+        krb5_free_error(context, krberror);
+        ap_rep.length = 0;
 
     } else { /* Not an error*/
 
-	/*
-	** validate the message length -
-	** length is big endian 
-	*/
-	message_length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
-	ptr += 2;
-	/*
-	** make sure the message length and packet length agree -
-	*/
-	if (message_length != packet->length)
-	    return(KRB5KRB_AP_ERR_MODIFIED);
-	/*
-	** get the version number -
-	*/
-	version_number = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
-	ptr += 2;
-	/*
-	** make sure we support the version returned -
-	*/
-	/*
-	** set password version is 0xff80, change password version is 1
-	*/
-	if (version_number != 1 && version_number != 0xff80)
-	    return(KRB5KDC_ERR_BAD_PVNO);
-	/*
-	** now fill in ap_rep with the reply -
-	*/
-	/*
-	** get the reply length -
-	*/
-	ap_rep.length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
-	ptr += 2;
-	/*
-	** validate ap_rep length agrees with the packet length -
-	*/
-	if (ptr + ap_rep.length >= packet->data + packet->length)
-	    return(KRB5KRB_AP_ERR_MODIFIED);
-	/*
-	** if data was returned, set the ap_rep ptr -
-	*/
-	if (ap_rep.length) {
-	    ap_rep.data = ptr;
-	    ptr += ap_rep.length;
-
-	    /*
-	     * Save send_subkey to later smash recv_subkey.
-	     */
-	    ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmpkey);
-	    if (ret)
-		return ret;
-
-	    ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
-	    if (ret) {
-		krb5_free_keyblock(context, tmpkey);
-		return(ret);
-	    }
-
-	    krb5_free_ap_rep_enc_part(context, ap_rep_enc);
-	    /*
-	    ** now decrypt the result -
-	    */
-	    cipherresult.data = ptr;
-	    cipherresult.length = (packet->data + packet->length) - ptr;
-
-	    /*
-	     * Smash recv_subkey to be send_subkey, per spec.
-	     */
-	    ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmpkey);
-	    krb5_free_keyblock(context, tmpkey);
-	    if (ret)
-		return ret;
-
-	    ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
-			       NULL);
-	    if (ret)
-		return(ret);
-	} /*We got an ap_rep*/
-	else
-	    return (KRB5KRB_AP_ERR_MODIFIED);
+        /*
+        ** validate the message length -
+        ** length is big endian
+        */
+        message_length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+        ptr += 2;
+        /*
+        ** make sure the message length and packet length agree -
+        */
+        if (message_length != packet->length)
+            return(KRB5KRB_AP_ERR_MODIFIED);
+        /*
+        ** get the version number -
+        */
+        version_number = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+        ptr += 2;
+        /*
+        ** make sure we support the version returned -
+        */
+        /*
+        ** set password version is 0xff80, change password version is 1
+        */
+        if (version_number != 1 && version_number != 0xff80)
+            return(KRB5KDC_ERR_BAD_PVNO);
+        /*
+        ** now fill in ap_rep with the reply -
+        */
+        /*
+        ** get the reply length -
+        */
+        ap_rep.length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff));
+        ptr += 2;
+        /*
+        ** validate ap_rep length agrees with the packet length -
+        */
+        if (ptr + ap_rep.length >= packet->data + packet->length)
+            return(KRB5KRB_AP_ERR_MODIFIED);
+        /*
+        ** if data was returned, set the ap_rep ptr -
+        */
+        if (ap_rep.length) {
+            ap_rep.data = ptr;
+            ptr += ap_rep.length;
+
+            /*
+             * Save send_subkey to later smash recv_subkey.
+             */
+            ret = krb5_auth_con_getsendsubkey(context, auth_context, &tmpkey);
+            if (ret)
+                return ret;
+
+            ret = krb5_rd_rep(context, auth_context, &ap_rep, &ap_rep_enc);
+            if (ret) {
+                krb5_free_keyblock(context, tmpkey);
+                return(ret);
+            }
+
+            krb5_free_ap_rep_enc_part(context, ap_rep_enc);
+            /*
+            ** now decrypt the result -
+            */
+            cipherresult.data = ptr;
+            cipherresult.length = (packet->data + packet->length) - ptr;
+
+            /*
+             * Smash recv_subkey to be send_subkey, per spec.
+             */
+            ret = krb5_auth_con_setrecvsubkey(context, auth_context, tmpkey);
+            krb5_free_keyblock(context, tmpkey);
+            if (ret)
+                return ret;
+
+            ret = krb5_rd_priv(context, auth_context, &cipherresult, &clearresult,
+                               NULL);
+            if (ret)
+                return(ret);
+        } /*We got an ap_rep*/
+        else
+            return (KRB5KRB_AP_ERR_MODIFIED);
     } /*Response instead of error*/
 
     /*
-    ** validate the cleartext length 
+    ** validate the cleartext length
     */
     if (clearresult.length < 2) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
     }
     /*
     ** now decode the result -
@@ -474,68 +475,67 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context,
     ** result code 5 is access denied
     */
     if ((*result_code < KRB5_KPASSWD_SUCCESS) || (*result_code > 5)) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
     }
     /*
     ** all success replies should be authenticated/encrypted
     */
     if ((ap_rep.length == 0) && (*result_code == KRB5_KPASSWD_SUCCESS)) {
-	ret = KRB5KRB_AP_ERR_MODIFIED;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_MODIFIED;
+        goto cleanup;
     }
 
     if (result_data) {
-	result_data->length = (clearresult.data + clearresult.length) - ptr;
-
-	if (result_data->length) {
-	    result_data->data = (char *) malloc(result_data->length);
-	    if (result_data->data)
-		memcpy(result_data->data, ptr, result_data->length);
-	} else
-	    result_data->data = NULL;
+        result_data->length = (clearresult.data + clearresult.length) - ptr;
+
+        if (result_data->length) {
+            result_data->data = (char *) malloc(result_data->length);
+            if (result_data->data)
+                memcpy(result_data->data, ptr, result_data->length);
+        } else
+            result_data->data = NULL;
     }
     ret = 0;
 
- cleanup:
+cleanup:
     krb5_free_data_contents(context, &clearresult);
     return(ret);
 }
 
-krb5_error_code 
+krb5_error_code
 krb5int_setpw_result_code_string(krb5_context context, int result_code,
-				 const char **code_string)
+                                 const char **code_string)
 {
     switch (result_code) {
     case KRB5_KPASSWD_MALFORMED:
-	*code_string = "Malformed request error";
-	break;
+        *code_string = "Malformed request error";
+        break;
     case KRB5_KPASSWD_HARDERROR:
-	*code_string = "Server error";
-	break;
+        *code_string = "Server error";
+        break;
     case KRB5_KPASSWD_AUTHERROR:
-	*code_string = "Authentication error";
-	break;
+        *code_string = "Authentication error";
+        break;
     case KRB5_KPASSWD_SOFTERROR:
-	*code_string = "Password change rejected";
-	break;
+        *code_string = "Password change rejected";
+        break;
     case 5: /* access denied */
-	*code_string = "Access denied";
-	break;
-    case 6:	/* bad version */
-	*code_string = "Wrong protocol version";
-	break;
+        *code_string = "Access denied";
+        break;
+    case 6:     /* bad version */
+        *code_string = "Wrong protocol version";
+        break;
     case 7: /* initial flag is needed */
-	*code_string = "Initial password required";
-	break;
+        *code_string = "Initial password required";
+        break;
     case 0:
-	*code_string = "Success";
-	break;
+        *code_string = "Success";
+        break;
     default:
-	*code_string = "Password change failed";
-	break;
+        *code_string = "Password change failed";
+        break;
     }
 
     return(0);
 }
-
diff --git a/src/lib/krb5/krb/cleanup.h b/src/lib/krb5/krb/cleanup.h
index 94b39f757..3a018330a 100644
--- a/src/lib/krb5/krb/cleanup.h
+++ b/src/lib/krb5/krb/cleanup.h
@@ -1,29 +1,30 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef KRB5_CLEANUP
 #define KRB5_CLEANUP
 
 struct cleanup {
-    void 		* arg;
-    void		(*func)(void *);
+    void                * arg;
+    void                (*func)(void *);
 };
 
-#define CLEANUP_INIT(x)							\
-    struct cleanup cleanup_data[x];					\
-    int cleanup_count = 0;		
+#define CLEANUP_INIT(x)                         \
+    struct cleanup cleanup_data[x];             \
+    int cleanup_count = 0;
 
-#define CLEANUP_PUSH(x, y)						\
-    cleanup_data[cleanup_count].arg = x;				\
-    cleanup_data[cleanup_count].func = y;				\
+#define CLEANUP_PUSH(x, y)                      \
+    cleanup_data[cleanup_count].arg = x;        \
+    cleanup_data[cleanup_count].func = y;       \
     cleanup_count++;
 
-#define CLEANUP_POP(x)							\
-    if ((--cleanup_count) && x && (cleanup_data[cleanup_count].func)) 	\
-	cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg); 
-	
-#define CLEANUP_DONE()							\
-    while(cleanup_count--) 						\
-	if (cleanup_data[cleanup_count].func)  				\
-	    cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg); 
-    
+#define CLEANUP_POP(x)                                                  \
+    if ((--cleanup_count) && x && (cleanup_data[cleanup_count].func))   \
+        cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg);
+
+#define CLEANUP_DONE()                                                  \
+    while(cleanup_count--)                                              \
+        if (cleanup_data[cleanup_count].func)                           \
+            cleanup_data[cleanup_count].func(cleanup_data[cleanup_count].arg);
+
 
 #endif
diff --git a/src/lib/krb5/krb/conv_creds.c b/src/lib/krb5/krb/conv_creds.c
index b6c610842..6f4608817 100644
--- a/src/lib/krb5/krb/conv_creds.c
+++ b/src/lib/krb5/krb/conv_creds.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +11,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -29,7 +30,7 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
-		       struct credentials *v4creds)
+                       struct credentials *v4creds)
 {
     return KRB524_KRB4_DISABLED;
 }
@@ -45,11 +46,11 @@ krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds,
 void KRB5_CALLCONV krb524_init_ets (void);
 krb5_error_code KRB5_CALLCONV
 krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
-			 struct credentials *v4creds);
+                         struct credentials *v4creds);
 
 krb5_error_code KRB5_CALLCONV
 krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds,
-			 struct credentials *v4creds)
+                         struct credentials *v4creds)
 {
     return KRB524_KRB4_DISABLED;
 }
diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c
index 43c588f0f..5f63f465a 100644
--- a/src/lib/krb5/krb/conv_princ.c
+++ b/src/lib/krb5/krb/conv_princ.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/conv_princ.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,10 +23,10 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * Build a principal from a V4 specification, or separate a V5
  * principal into name, instance, and realm.
- * 
+ *
  * NOTE: This is highly site specific, and is only really necessary
  * for sites who need to convert from V4 to V5.  It is used by both
  * the KDC and the kdb5_convert program.  Since its use is highly
@@ -39,16 +40,16 @@
 
 /* The maximum sizes for V4 aname, realm, sname, and instance +1 */
 /* Taken from krb.h */
-#define 	ANAME_SZ	40
-#define		REALM_SZ	40
-#define		SNAME_SZ	40
-#define		INST_SZ		40
+#define         ANAME_SZ        40
+#define         REALM_SZ        40
+#define         SNAME_SZ        40
+#define         INST_SZ         40
 
 struct krb_convert {
-    char		*v4_str;
-    char		*v5_str;
-    unsigned int	flags : 8;
-    unsigned int	len : 8;
+    char                *v4_str;
+    char                *v5_str;
+    unsigned int        flags : 8;
+    unsigned int        len : 8;
 };
 
 #define DO_REALM_CONVERSION 0x00000001
@@ -71,9 +72,9 @@ static const struct krb_convert sconv_list[] = {
     /* Realm conversion, Change service name */
 #define RC(V5NAME,V4NAME) { V5NAME, V4NAME, DO_REALM_CONVERSION, sizeof(V5NAME)-1 }
     /* Realm conversion */
-#define R(NAME)		{ NAME, NAME, DO_REALM_CONVERSION, sizeof(NAME)-1 }
+#define R(NAME)         { NAME, NAME, DO_REALM_CONVERSION, sizeof(NAME)-1 }
     /* No Realm conversion */
-#define NR(NAME)	{ NAME, NAME, 0, sizeof(NAME)-1 }
+#define NR(NAME)        { NAME, NAME, 0, sizeof(NAME)-1 }
 
     NR("kadmin"),
     RC("rcmd", "host"),
@@ -128,18 +129,18 @@ static const struct krb_convert sconv_list[] = {
  * This falls in the "should have been in the ANSI C library"
  * category. :-)
  */
-static char *strnchr(register char *s, register int c, 
-		     register unsigned int n)
+static char *strnchr(register char *s, register int c,
+                     register unsigned int n)
 {
-     if (n < 1) 
-	  return 0;
-     
-     while (n-- && *s) {
-	  if (*s == c)
-	       return s;
-	  s++;
-     }
-     return 0;
+    if (n < 1)
+        return 0;
+
+    while (n-- && *s) {
+        if (*s == c)
+            return s;
+        s++;
+    }
+    return 0;
 }
 
 
@@ -148,207 +149,207 @@ static char *strnchr(register char *s, register int c,
 
 krb5_error_code KRB5_CALLCONV
 krb5_524_conv_principal(krb5_context context, krb5_const_principal princ,
-			char *name, char *inst, char *realm)
+                        char *name, char *inst, char *realm)
 {
-     const struct krb_convert *p;
-     const krb5_data *compo;
-     char *c, *tmp_realm, *tmp_prealm;
-     unsigned int tmp_realm_len;
-     int retval; 
+    const struct krb_convert *p;
+    const krb5_data *compo;
+    char *c, *tmp_realm, *tmp_prealm;
+    unsigned int tmp_realm_len;
+    int retval;
 
-     if (context->profile == 0)
-	  return KRB5_CONFIG_CANTOPEN;
+    if (context->profile == 0)
+        return KRB5_CONFIG_CANTOPEN;
 
-     *name = *inst = '\0';
-     switch (krb5_princ_size(context, princ)) {
-     case 2:
-	  /* Check if this principal is listed in the table */
-	  compo = krb5_princ_component(context, princ, 0);
-	  p = sconv_list;
-	  while (p->v4_str) {
-	       if (p->len == compo->length
-		   && memcmp(p->v5_str, compo->data, compo->length) == 0) {
-		   /*
-		    * It is, so set the new name now, and chop off
-		    * instance's domain name if requested.
-		    */
-		   if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ)
-		       return KRB5_INVALID_PRINCIPAL;
-		   if (p->flags & DO_REALM_CONVERSION) {
-		       compo = krb5_princ_component(context, princ, 1);
-		       c = strnchr(compo->data, '.', compo->length);
-		       if (!c || (c - compo->data) >= INST_SZ - 1)
-			   return KRB5_INVALID_PRINCIPAL;
-		       memcpy(inst, compo->data, (size_t) (c - compo->data));
-		       inst[c - compo->data] = '\0';
-		   }
-		   break;
-	       }
-	       p++;
-	  }
-	  /* If inst isn't set, the service isn't listed in the table, */
-	  /* so just copy it. */
-	  if (*inst == '\0') {
-	       compo = krb5_princ_component(context, princ, 1);
-	       if (compo->length >= INST_SZ - 1)
-		    return KRB5_INVALID_PRINCIPAL;
-	       memcpy(inst, compo->data, compo->length);
-	       inst[compo->length] = '\0';
-	  }
-	  /* fall through */
-     case 1:
-	  /* name may have been set above; otherwise, just copy it */
-	  if (*name == '\0') {
-	       compo = krb5_princ_component(context, princ, 0);
-	       if (compo->length >= ANAME_SZ)
-		    return KRB5_INVALID_PRINCIPAL;
-	       memcpy(name, compo->data, compo->length);
-	       name[compo->length] = '\0';
-	  }
-	  break;
-     default:
-	  return KRB5_INVALID_PRINCIPAL;
-     }
+    *name = *inst = '\0';
+    switch (krb5_princ_size(context, princ)) {
+    case 2:
+        /* Check if this principal is listed in the table */
+        compo = krb5_princ_component(context, princ, 0);
+        p = sconv_list;
+        while (p->v4_str) {
+            if (p->len == compo->length
+                && memcmp(p->v5_str, compo->data, compo->length) == 0) {
+                /*
+                 * It is, so set the new name now, and chop off
+                 * instance's domain name if requested.
+                 */
+                if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ)
+                    return KRB5_INVALID_PRINCIPAL;
+                if (p->flags & DO_REALM_CONVERSION) {
+                    compo = krb5_princ_component(context, princ, 1);
+                    c = strnchr(compo->data, '.', compo->length);
+                    if (!c || (c - compo->data) >= INST_SZ - 1)
+                        return KRB5_INVALID_PRINCIPAL;
+                    memcpy(inst, compo->data, (size_t) (c - compo->data));
+                    inst[c - compo->data] = '\0';
+                }
+                break;
+            }
+            p++;
+        }
+        /* If inst isn't set, the service isn't listed in the table, */
+        /* so just copy it. */
+        if (*inst == '\0') {
+            compo = krb5_princ_component(context, princ, 1);
+            if (compo->length >= INST_SZ - 1)
+                return KRB5_INVALID_PRINCIPAL;
+            memcpy(inst, compo->data, compo->length);
+            inst[compo->length] = '\0';
+        }
+        /* fall through */
+    case 1:
+        /* name may have been set above; otherwise, just copy it */
+        if (*name == '\0') {
+            compo = krb5_princ_component(context, princ, 0);
+            if (compo->length >= ANAME_SZ)
+                return KRB5_INVALID_PRINCIPAL;
+            memcpy(name, compo->data, compo->length);
+            name[compo->length] = '\0';
+        }
+        break;
+    default:
+        return KRB5_INVALID_PRINCIPAL;
+    }
 
-     compo = krb5_princ_realm(context, princ);
+    compo = krb5_princ_realm(context, princ);
 
-     tmp_prealm = malloc(compo->length + 1);
-     if (tmp_prealm == NULL)
-	 return ENOMEM;
-     strncpy(tmp_prealm, compo->data, compo->length);
-     tmp_prealm[compo->length] = '\0';
+    tmp_prealm = malloc(compo->length + 1);
+    if (tmp_prealm == NULL)
+        return ENOMEM;
+    strncpy(tmp_prealm, compo->data, compo->length);
+    tmp_prealm[compo->length] = '\0';
 
-     /* Ask for v4_realm corresponding to 
-	krb5 principal realm from krb5.conf realms stanza */
+    /* Ask for v4_realm corresponding to
+       krb5 principal realm from krb5.conf realms stanza */
 
-     retval = profile_get_string(context->profile, KRB5_CONF_REALMS,
-				 tmp_prealm, KRB5_CONF_V4_REALM, 0,
-				 &tmp_realm);
-     free(tmp_prealm);
-     if (retval) { 
-	 return retval;
-     } else {
-	 if (tmp_realm == 0) {
-	     if (compo->length > REALM_SZ - 1)
-		 return KRB5_INVALID_PRINCIPAL;
-	     strncpy(realm, compo->data, compo->length);
-	     realm[compo->length] = '\0';
-	 } else {
-	     tmp_realm_len =  strlen(tmp_realm);
-	     if (tmp_realm_len > REALM_SZ - 1)
-		 return KRB5_INVALID_PRINCIPAL;
-	     strncpy(realm, tmp_realm, tmp_realm_len);
-	     realm[tmp_realm_len] = '\0';
-	     profile_release_string(tmp_realm);
-	 }
-     }
-     return 0;
+    retval = profile_get_string(context->profile, KRB5_CONF_REALMS,
+                                tmp_prealm, KRB5_CONF_V4_REALM, 0,
+                                &tmp_realm);
+    free(tmp_prealm);
+    if (retval) {
+        return retval;
+    } else {
+        if (tmp_realm == 0) {
+            if (compo->length > REALM_SZ - 1)
+                return KRB5_INVALID_PRINCIPAL;
+            strncpy(realm, compo->data, compo->length);
+            realm[compo->length] = '\0';
+        } else {
+            tmp_realm_len =  strlen(tmp_realm);
+            if (tmp_realm_len > REALM_SZ - 1)
+                return KRB5_INVALID_PRINCIPAL;
+            strncpy(realm, tmp_realm, tmp_realm_len);
+            realm[tmp_realm_len] = '\0';
+            profile_release_string(tmp_realm);
+        }
+    }
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_425_conv_principal(krb5_context context, const char *name,
-			const char *instance, const char *realm,
-			krb5_principal *princ)
+                        const char *instance, const char *realm,
+                        krb5_principal *princ)
 {
-     const struct krb_convert *p;
-     char buf[256];		/* V4 instances are limited to 40 characters */
-     krb5_error_code retval;
-     char *domain, *cp;
-     char **full_name = 0;
-     const char *names[5], *names2[2];
-     void*	iterator = NULL;
-     char** v4realms = NULL;
-     char* realm_name = NULL;
-     char* dummy_value = NULL;
-     
-     /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm
-        To do that, iterate over all the realms in the config file, looking for a matching 
-        v4_realm line */
-     names2 [0] = KRB5_CONF_REALMS;
-     names2 [1] = NULL;
-     retval = profile_iterator_create (context -> profile, names2, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator);
-     while (retval == 0) {
-     	retval = profile_iterator (&iterator, &realm_name, &dummy_value);
-     	if ((retval == 0) && (realm_name != NULL)) {
-     		names [0] = KRB5_CONF_REALMS;
-     		names [1] = realm_name;
-     		names [2] = KRB5_CONF_V4_REALM;
-     		names [3] = NULL;
+    const struct krb_convert *p;
+    char buf[256];             /* V4 instances are limited to 40 characters */
+    krb5_error_code retval;
+    char *domain, *cp;
+    char **full_name = 0;
+    const char *names[5], *names2[2];
+    void*      iterator = NULL;
+    char** v4realms = NULL;
+    char* realm_name = NULL;
+    char* dummy_value = NULL;
+
+    /* First, convert the realm, since the v4 realm is not necessarily the same as the v5 realm
+       To do that, iterate over all the realms in the config file, looking for a matching
+       v4_realm line */
+    names2 [0] = KRB5_CONF_REALMS;
+    names2 [1] = NULL;
+    retval = profile_iterator_create (context -> profile, names2, PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY, &iterator);
+    while (retval == 0) {
+        retval = profile_iterator (&iterator, &realm_name, &dummy_value);
+        if ((retval == 0) && (realm_name != NULL)) {
+            names [0] = KRB5_CONF_REALMS;
+            names [1] = realm_name;
+            names [2] = KRB5_CONF_V4_REALM;
+            names [3] = NULL;
+
+            retval = profile_get_values (context -> profile, names, &v4realms);
+            if ((retval == 0) && (v4realms != NULL) && (v4realms [0] != NULL) && (strcmp (v4realms [0], realm) == 0)) {
+                realm = realm_name;
+                break;
+            } else if (retval == PROF_NO_RELATION) {
+                /* If it's not found, just keep going */
+                retval = 0;
+            }
+        } else if ((retval == 0) && (realm_name == NULL)) {
+            break;
+        }
+        if (v4realms != NULL) {
+            profile_free_list(v4realms);
+            v4realms = NULL;
+        }
+        if (realm_name != NULL) {
+            profile_release_string (realm_name);
+            realm_name = NULL;
+        }
+        if (dummy_value != NULL) {
+            profile_release_string (dummy_value);
+            dummy_value = NULL;
+        }
+    }
+
+    if (instance) {
+        if (instance[0] == '\0') {
+            instance = 0;
+            goto not_service;
+        }
+        p = sconv_list;
+        while (1) {
+            if (!p->v4_str)
+                goto not_service;
+            if (!strcmp(p->v4_str, name))
+                break;
+            p++;
+        }
+        name = p->v5_str;
+        if ((p->flags & DO_REALM_CONVERSION) && !strchr(instance, '.')) {
+            names[0] = KRB5_CONF_REALMS;
+            names[1] = realm;
+            names[2] = KRB5_CONF_V4_INSTANCE_CONVERT;
+            names[3] = instance;
+            names[4] = 0;
+            retval = profile_get_values(context->profile, names, &full_name);
+            if (retval == 0 && full_name && full_name[0]) {
+                instance = full_name[0];
+            } else {
+                strncpy(buf, instance, sizeof(buf));
+                buf[sizeof(buf) - 1] = '\0';
+                retval = krb5_get_realm_domain(context, realm, &domain);
+                if (retval)
+                    return retval;
+                if (domain) {
+                    for (cp = domain; *cp; cp++)
+                        if (isupper((unsigned char) (*cp)))
+                            *cp = tolower((unsigned char) *cp);
+                    strncat(buf, ".", sizeof(buf) - 1 - strlen(buf));
+                    strncat(buf, domain, sizeof(buf) - 1 - strlen(buf));
+                    free(domain);
+                }
+                instance = buf;
+            }
+        }
+    }
 
-     		retval = profile_get_values (context -> profile, names, &v4realms);
-     		if ((retval == 0) && (v4realms != NULL) && (v4realms [0] != NULL) && (strcmp (v4realms [0], realm) == 0)) {
-     			realm = realm_name;
-     			break;
-     		} else if (retval == PROF_NO_RELATION) {
-     			/* If it's not found, just keep going */
-     			retval = 0;
-     		}
-     	} else if ((retval == 0) && (realm_name == NULL)) {
-     		break;
-     	}
-	if (v4realms != NULL) {
-	        profile_free_list(v4realms);
-		v4realms = NULL;
-	}
-     	if (realm_name != NULL) {
-     		profile_release_string (realm_name);
-     		realm_name = NULL;
-     	}
-     	if (dummy_value != NULL) {
-     		profile_release_string (dummy_value);
-     		dummy_value = NULL;
-     	}
-     }
-     
-     if (instance) {
-	  if (instance[0] == '\0') {
-	       instance = 0;
-	       goto not_service;
-	  }
-	  p = sconv_list;
-	  while (1) {
-	       if (!p->v4_str)
-		    goto not_service;
-	       if (!strcmp(p->v4_str, name))
-		    break;
-	       p++;
-	  }
-	  name = p->v5_str;
-	  if ((p->flags & DO_REALM_CONVERSION) && !strchr(instance, '.')) {
-	      names[0] = KRB5_CONF_REALMS;
-	      names[1] = realm;
-	      names[2] = KRB5_CONF_V4_INSTANCE_CONVERT;
-	      names[3] = instance;
-	      names[4] = 0;
-	      retval = profile_get_values(context->profile, names, &full_name);
-	      if (retval == 0 && full_name && full_name[0]) {
-		  instance = full_name[0];
-	      } else {
-		  strncpy(buf, instance, sizeof(buf));
-		  buf[sizeof(buf) - 1] = '\0';
-		  retval = krb5_get_realm_domain(context, realm, &domain);
-		  if (retval)
-		      return retval;
-		  if (domain) {
-		      for (cp = domain; *cp; cp++)
-			  if (isupper((unsigned char) (*cp)))
-			      *cp = tolower((unsigned char) *cp);
-		      strncat(buf, ".", sizeof(buf) - 1 - strlen(buf));
-		      strncat(buf, domain, sizeof(buf) - 1 - strlen(buf));
-		      free(domain);
-		  }
-		  instance = buf;
-	      }
-	  }
-     }
-     
 not_service:
-     retval = krb5_build_principal(context, princ, strlen(realm), realm, name,
-				   instance, NULL);
-     if (iterator) profile_iterator_free (&iterator);
-     if (full_name) profile_free_list(full_name);
-     if (v4realms) profile_free_list(v4realms);
-     if (realm_name) profile_release_string (realm_name);
-     if (dummy_value) profile_release_string (dummy_value);
-     return retval;
+    retval = krb5_build_principal(context, princ, strlen(realm), realm, name,
+                                  instance, NULL);
+    if (iterator) profile_iterator_free (&iterator);
+    if (full_name) profile_free_list(full_name);
+    if (v4realms) profile_free_list(v4realms);
+    if (realm_name) profile_release_string (realm_name);
+    if (dummy_value) profile_release_string (dummy_value);
+    return retval;
 }
diff --git a/src/lib/krb5/krb/copy_addrs.c b/src/lib/krb5/krb/copy_addrs.c
index c3dcd57d0..7207c4c27 100644
--- a/src/lib/krb5/krb/copy_addrs.c
+++ b/src/lib/krb5/krb/copy_addrs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_addrs.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_addresses()
  */
@@ -35,11 +36,11 @@ krb5_copy_addr(krb5_context context, const krb5_address *inad, krb5_address **ou
     krb5_address *tmpad;
 
     if (!(tmpad = (krb5_address *)malloc(sizeof(*tmpad))))
-	return ENOMEM;
+        return ENOMEM;
     *tmpad = *inad;
     if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) {
-	free(tmpad);
-	return ENOMEM;
+        free(tmpad);
+        return ENOMEM;
     }
     memcpy(tmpad->contents, inad->contents, inad->length);
     *outad = tmpad;
@@ -57,22 +58,22 @@ krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_addr
     register unsigned int nelems = 0;
 
     if (!inaddr) {
-	    *outaddr = 0;
-	    return 0;
+        *outaddr = 0;
+        return 0;
     }
-    
+
     while (inaddr[nelems]) nelems++;
 
     /* one more for a null terminated list */
     if (!(tempaddr = (krb5_address **) calloc(nelems+1, sizeof(*tempaddr))))
-	return ENOMEM;
+        return ENOMEM;
 
     for (nelems = 0; inaddr[nelems]; nelems++) {
-	retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]);
+        retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]);
         if (retval) {
-	    krb5_free_addresses(context, tempaddr);
-	    return retval;
-	}
+            krb5_free_addresses(context, tempaddr);
+            return retval;
+        }
     }
 
     *outaddr = tempaddr;
@@ -88,8 +89,8 @@ krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_addr
 krb5_error_code
 krb5_append_addresses(context, inaddr, outaddr)
     krb5_context context;
-	krb5_address * const * inaddr;
-	krb5_address ***outaddr;
+    krb5_address * const * inaddr;
+    krb5_address ***outaddr;
 {
     krb5_error_code retval;
     krb5_address ** tempaddr;
@@ -98,7 +99,7 @@ krb5_append_addresses(context, inaddr, outaddr)
     register int norigelems = 0;
 
     if (!inaddr)
-	return 0;
+        return 0;
 
     tempaddr2 = *outaddr;
 
@@ -106,34 +107,33 @@ krb5_append_addresses(context, inaddr, outaddr)
     while (tempaddr2[norigelems]) norigelems++;
 
     tempaddr = (krb5_address **) realloc((char *)*outaddr,
-		       (nelems + norigelems + 1) * sizeof(*tempaddr));
+                                         (nelems + norigelems + 1) * sizeof(*tempaddr));
     if (!tempaddr)
-	return ENOMEM;
+        return ENOMEM;
 
     /* The old storage has been freed.  */
     *outaddr = tempaddr;
 
 
     for (nelems = 0; inaddr[nelems]; nelems++) {
-	retval = krb5_copy_addr(context, inaddr[nelems],
-				&tempaddr[norigelems + nelems]);
-	if (retval)
-	    goto cleanup;
+        retval = krb5_copy_addr(context, inaddr[nelems],
+                                &tempaddr[norigelems + nelems]);
+        if (retval)
+            goto cleanup;
     }
 
     tempaddr[norigelems + nelems] = 0;
     return 0;
 
-  cleanup:
+cleanup:
     while (--nelems >= 0)
-	krb5_free_address(context, tempaddr[norigelems + nelems]);
+        krb5_free_address(context, tempaddr[norigelems + nelems]);
 
     /* Try to allocate a smaller amount of memory for *outaddr.  */
     tempaddr = (krb5_address **) realloc((char *)tempaddr,
-					 (norigelems + 1) * sizeof(*tempaddr));
+                                         (norigelems + 1) * sizeof(*tempaddr));
     if (tempaddr)
-	*outaddr = tempaddr;
+        *outaddr = tempaddr;
     return retval;
 }
 #endif
-
diff --git a/src/lib/krb5/krb/copy_athctr.c b/src/lib/krb5/krb/copy_athctr.c
index c356fbf78..3345486e4 100644
--- a/src/lib/krb5/krb/copy_athctr.c
+++ b/src/lib/krb5/krb/copy_athctr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_athctr.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_authenticator()
  */
@@ -36,48 +37,47 @@ krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom
     krb5_authenticator *tempto;
 
     if (!(tempto = (krb5_authenticator *)malloc(sizeof(*tempto))))
-	return ENOMEM;
+        return ENOMEM;
     *tempto = *authfrom;
 
     retval = krb5_copy_principal(context, authfrom->client, &tempto->client);
     if (retval) {
-	free(tempto);
-	return retval;
+        free(tempto);
+        return retval;
     }
-    
+
     if (authfrom->checksum &&
-	(retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) {
-	    krb5_free_principal(context, tempto->client);    
-	    free(tempto);
-	    return retval;
+        (retval = krb5_copy_checksum(context, authfrom->checksum, &tempto->checksum))) {
+        krb5_free_principal(context, tempto->client);
+        free(tempto);
+        return retval;
     }
-    
+
     if (authfrom->subkey) {
-	    retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey);
-	    if (retval) {
-		    free(tempto->subkey);
-		    krb5_free_checksum(context, tempto->checksum);
-		    krb5_free_principal(context, tempto->client);    
-		    free(tempto);
-		    return retval;
-	    }
+        retval = krb5_copy_keyblock(context, authfrom->subkey, &tempto->subkey);
+        if (retval) {
+            free(tempto->subkey);
+            krb5_free_checksum(context, tempto->checksum);
+            krb5_free_principal(context, tempto->client);
+            free(tempto);
+            return retval;
+        }
     }
-    
+
     if (authfrom->authorization_data) {
-		retval = krb5_copy_authdata(context, authfrom->authorization_data,
-				    &tempto->authorization_data);
-		if (retval) {
-		    free(tempto->subkey);
-		    krb5_free_checksum(context, tempto->checksum);
-		    krb5_free_principal(context, tempto->client);    
-		    krb5_free_authdata(context, tempto->authorization_data);
-		    free(tempto);
-		    return retval;
-		}
+        retval = krb5_copy_authdata(context, authfrom->authorization_data,
+                                    &tempto->authorization_data);
+        if (retval) {
+            free(tempto->subkey);
+            krb5_free_checksum(context, tempto->checksum);
+            krb5_free_principal(context, tempto->client);
+            krb5_free_authdata(context, tempto->authorization_data);
+            free(tempto);
+            return retval;
+        }
     }
 
     *authto = tempto;
     return 0;
 }
 #endif
-
diff --git a/src/lib/krb5/krb/copy_auth.c b/src/lib/krb5/krb/copy_auth.c
index 6f36b2698..303badd2f 100644
--- a/src/lib/krb5/krb/copy_auth.c
+++ b/src/lib/krb5/krb/copy_auth.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_auth.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_authdata()
  */
@@ -62,11 +63,11 @@ krb5_copy_authdatum(krb5_context context, const krb5_authdata *inad, krb5_authda
     krb5_authdata *tmpad;
 
     if (!(tmpad = (krb5_authdata *)malloc(sizeof(*tmpad))))
-	return ENOMEM;
+        return ENOMEM;
     *tmpad = *inad;
     if (!(tmpad->contents = (krb5_octet *)malloc(inad->length))) {
-	free(tmpad);
-	return ENOMEM;
+        free(tmpad);
+        return ENOMEM;
     }
     memcpy(tmpad->contents, inad->contents, inad->length);
     *outad = tmpad;
@@ -78,7 +79,7 @@ krb5_copy_authdatum(krb5_context context, const krb5_authdata *inad, krb5_authda
  */
 krb5_error_code KRB5_CALLCONV
 krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5_authdata * const *inauthdat2,
-		    krb5_authdata ***outauthdat)
+                    krb5_authdata ***outauthdat)
 {
     krb5_error_code retval;
     krb5_authdata ** tempauthdat;
@@ -86,40 +87,40 @@ krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5
 
     *outauthdat = NULL;
     if (!inauthdat1 && !inauthdat2) {
-	    *outauthdat = 0;
-	    return 0;
+        *outauthdat = 0;
+        return 0;
     }
 
-    if (inauthdat1) 
-	while (inauthdat1[nelems]) nelems++;
-    if (inauthdat2) 
-	while (inauthdat2[nelems2]) nelems2++;
+    if (inauthdat1)
+        while (inauthdat1[nelems]) nelems++;
+    if (inauthdat2)
+        while (inauthdat2[nelems2]) nelems2++;
 
     /* one more for a null terminated list */
     if (!(tempauthdat = (krb5_authdata **) calloc(nelems+nelems2+1,
-						  sizeof(*tempauthdat))))
-	return ENOMEM;
+                                                  sizeof(*tempauthdat))))
+        return ENOMEM;
 
     if (inauthdat1) {
-	for (nelems = 0; inauthdat1[nelems]; nelems++) {
-	    retval = krb5_copy_authdatum(context, inauthdat1[nelems],
-					 &tempauthdat[nelems]);
-	    if (retval) {
-		krb5_free_authdata(context, tempauthdat);
-		return retval;
-	    }
-	}
+        for (nelems = 0; inauthdat1[nelems]; nelems++) {
+            retval = krb5_copy_authdatum(context, inauthdat1[nelems],
+                                         &tempauthdat[nelems]);
+            if (retval) {
+                krb5_free_authdata(context, tempauthdat);
+                return retval;
+            }
+        }
     }
 
     if (inauthdat2) {
-	for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) {
-	    retval = krb5_copy_authdatum(context, inauthdat2[nelems2],
-					 &tempauthdat[nelems++]);
-	    if (retval) {
-		krb5_free_authdata(context, tempauthdat);
-		return retval;
-	    }
-	}
+        for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) {
+            retval = krb5_copy_authdatum(context, inauthdat2[nelems2],
+                                         &tempauthdat[nelems++]);
+            if (retval) {
+                krb5_free_authdata(context, tempauthdat);
+                return retval;
+            }
+        }
     }
 
     *outauthdat = tempauthdat;
@@ -128,16 +129,16 @@ krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5
 
 krb5_error_code KRB5_CALLCONV
 krb5_copy_authdata(krb5_context context,
-		   krb5_authdata *const *in_authdat, krb5_authdata ***out)
+                   krb5_authdata *const *in_authdat, krb5_authdata ***out)
 {
     return krb5_merge_authdata(context, in_authdat, NULL, out);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_decode_authdata_container(krb5_context context,
-			       krb5_authdatatype type,
-			       const krb5_authdata *container,
-			       krb5_authdata ***authdata)
+                               krb5_authdatatype type,
+                               const krb5_authdata *container,
+                               krb5_authdata ***authdata)
 {
     krb5_error_code code;
     krb5_data data;
@@ -145,23 +146,23 @@ krb5_decode_authdata_container(krb5_context context,
     *authdata = NULL;
 
     if ((container->ad_type & AD_TYPE_FIELD_TYPE_MASK) != type)
-	return EINVAL;
+        return EINVAL;
 
     data.length = container->length;
     data.data = (char *)container->contents;
 
     code = decode_krb5_authdata(&data, authdata);
     if (code)
-	return code;
+        return code;
 
     return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_encode_authdata_container(krb5_context context,
-			       krb5_authdatatype type,
-			       krb5_authdata *const*authdata,
-			       krb5_authdata ***container)
+                               krb5_authdatatype type,
+                               krb5_authdata *const*authdata,
+                               krb5_authdata ***container)
 {
     krb5_error_code code;
     krb5_data *data;
@@ -172,7 +173,7 @@ krb5_encode_authdata_container(krb5_context context,
 
     code = encode_krb5_authdata((krb5_authdata * const *)authdata, &data);
     if (code)
-	return code;
+        return code;
 
     ad_datum.ad_type = type & AD_TYPE_FIELD_TYPE_MASK;
     ad_datum.length = data->length;
@@ -189,67 +190,67 @@ krb5_encode_authdata_container(krb5_context context,
 }
 
 struct find_authdata_context {
-  krb5_authdata **out;
-  size_t space;
-  size_t length;
+    krb5_authdata **out;
+    size_t space;
+    size_t length;
 };
 
 static krb5_error_code grow_find_authdata
 (krb5_context context, struct find_authdata_context *fctx,
  krb5_authdata *elem)
 {
-  krb5_error_code retval = 0;
-  if (fctx->length == fctx->space) {
-    krb5_authdata **new;
-    if (fctx->space >= 256) {
-      krb5_set_error_message(context, ERANGE, "More than 256 authdata matched a query");
-      return ERANGE;
+    krb5_error_code retval = 0;
+    if (fctx->length == fctx->space) {
+        krb5_authdata **new;
+        if (fctx->space >= 256) {
+            krb5_set_error_message(context, ERANGE, "More than 256 authdata matched a query");
+            return ERANGE;
+        }
+        new       = realloc(fctx->out,
+                            sizeof (krb5_authdata *)*(2*fctx->space+1));
+        if (new == NULL)
+            return ENOMEM;
+        fctx->out = new;
+        fctx->space *=2;
     }
-    new       = realloc(fctx->out,
-			sizeof (krb5_authdata *)*(2*fctx->space+1));
-    if (new == NULL)
-      return ENOMEM;
-    fctx->out = new;
-    fctx->space *=2;
-  }
-  fctx->out[fctx->length+1] = NULL;
-  retval = krb5_copy_authdatum(context, elem,
-			       &fctx->out[fctx->length]);
-  if (retval == 0)
-    fctx->length++;
-  return retval;
+    fctx->out[fctx->length+1] = NULL;
+    retval = krb5_copy_authdatum(context, elem,
+                                 &fctx->out[fctx->length]);
+    if (retval == 0)
+        fctx->length++;
+    return retval;
 }
 
-  
-  
+
+
 
 static krb5_error_code find_authdata_1
 (krb5_context context, krb5_authdata *const *in_authdat, krb5_authdatatype ad_type,
  struct find_authdata_context *fctx)
 {
-  int i = 0;
-  krb5_error_code retval=0;
-  
-  for (i = 0; in_authdat[i]; i++) {
-    krb5_authdata *ad = in_authdat[i];
-    if (ad->ad_type == ad_type && retval ==0)
-      retval = grow_find_authdata(context, fctx, ad);
-    else switch (ad->ad_type) {
-      krb5_authdata **decoded_container;
-    case KRB5_AUTHDATA_IF_RELEVANT:
-      if (retval == 0)
-	retval = krb5_decode_authdata_container( context, ad->ad_type, ad, &decoded_container);
-      if (retval == 0) {
-	retval = find_authdata_1(context,
-				 decoded_container, ad_type, fctx);
-	krb5_free_authdata(context, decoded_container);
-      }
-      break;
-    default:
-      break;
+    int i = 0;
+    krb5_error_code retval=0;
+
+    for (i = 0; in_authdat[i]; i++) {
+        krb5_authdata *ad = in_authdat[i];
+        if (ad->ad_type == ad_type && retval ==0)
+            retval = grow_find_authdata(context, fctx, ad);
+        else switch (ad->ad_type) {
+                krb5_authdata **decoded_container;
+            case KRB5_AUTHDATA_IF_RELEVANT:
+                if (retval == 0)
+                    retval = krb5_decode_authdata_container( context, ad->ad_type, ad, &decoded_container);
+                if (retval == 0) {
+                    retval = find_authdata_1(context,
+                                             decoded_container, ad_type, fctx);
+                    krb5_free_authdata(context, decoded_container);
+                }
+                break;
+            default:
+                break;
+            }
     }
-  }
-  return retval;
+    return retval;
 }
 
 
@@ -259,30 +260,30 @@ krb5_error_code krb5int_find_authdata
  krb5_authdatatype ad_type,
  krb5_authdata ***results)
 {
-  krb5_error_code retval = 0;
-  struct find_authdata_context fctx;
-  fctx.length = 0;
-  fctx.space = 2;
-  fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *));
-  *results = NULL;
-  if (fctx.out == NULL)
-    return ENOMEM;
-  if (ticket_authdata)
-      retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx);
-  if ((retval==0) && ap_req_authdata)
-    retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx);
-  if ((retval== 0) && fctx.length)
-    *results = fctx.out;
-  else krb5_free_authdata(context, fctx.out);
-  return retval;
+    krb5_error_code retval = 0;
+    struct find_authdata_context fctx;
+    fctx.length = 0;
+    fctx.space = 2;
+    fctx.out = calloc(fctx.space+1, sizeof (krb5_authdata *));
+    *results = NULL;
+    if (fctx.out == NULL)
+        return ENOMEM;
+    if (ticket_authdata)
+        retval = find_authdata_1( context, ticket_authdata, ad_type, &fctx);
+    if ((retval==0) && ap_req_authdata)
+        retval = find_authdata_1( context, ap_req_authdata, ad_type, &fctx);
+    if ((retval== 0) && fctx.length)
+        *results = fctx.out;
+    else krb5_free_authdata(context, fctx.out);
+    return retval;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_make_authdata_kdc_issued(krb5_context context,
-    const krb5_keyblock *key,
-    krb5_const_principal issuer,
-    krb5_authdata *const *authdata,
-    krb5_authdata ***ad_kdcissued)
+                              const krb5_keyblock *key,
+                              krb5_const_principal issuer,
+                              krb5_authdata *const *authdata,
+                              krb5_authdata ***ad_kdcissued)
 {
     krb5_error_code code;
     krb5_ad_kdcissued ad_kdci;
@@ -337,10 +338,10 @@ krb5_make_authdata_kdc_issued(krb5_context context,
 
 krb5_error_code KRB5_CALLCONV
 krb5_verify_authdata_kdc_issued(krb5_context context,
-    const krb5_keyblock *key,
-    const krb5_authdata *ad_kdcissued,
-    krb5_principal *issuer,
-    krb5_authdata ***authdata)
+                                const krb5_keyblock *key,
+                                const krb5_authdata *ad_kdcissued,
+                                krb5_principal *issuer,
+                                krb5_authdata ***authdata)
 {
     krb5_error_code code;
     krb5_ad_kdcissued *ad_kdci;
@@ -348,8 +349,8 @@ krb5_verify_authdata_kdc_issued(krb5_context context,
     krb5_boolean valid = FALSE;
 
     if ((ad_kdcissued->ad_type & AD_TYPE_FIELD_TYPE_MASK) !=
-	KRB5_AUTHDATA_KDC_ISSUED)
-	return EINVAL;
+        KRB5_AUTHDATA_KDC_ISSUED)
+        return EINVAL;
 
     if (issuer != NULL)
         *issuer = NULL;
@@ -399,4 +400,3 @@ krb5_verify_authdata_kdc_issued(krb5_context context,
 
     return 0;
 }
-
diff --git a/src/lib/krb5/krb/copy_cksum.c b/src/lib/krb5/krb/copy_cksum.c
index c7c1b161c..68822d213 100644
--- a/src/lib/krb5/krb/copy_cksum.c
+++ b/src/lib/krb5/krb/copy_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_cksum.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_checksum()
  */
@@ -35,12 +36,12 @@ krb5_copy_checksum(krb5_context context, const krb5_checksum *ckfrom, krb5_check
     krb5_checksum *tempto;
 
     if (!(tempto = (krb5_checksum *)malloc(sizeof(*tempto))))
-	return ENOMEM;
+        return ENOMEM;
     *tempto = *ckfrom;
 
     if (!(tempto->contents = (krb5_octet *)malloc(tempto->length))) {
-	free(tempto);
-	return ENOMEM;
+        free(tempto);
+        return ENOMEM;
     }
     memcpy(tempto->contents, ckfrom->contents, ckfrom->length);
 
diff --git a/src/lib/krb5/krb/copy_creds.c b/src/lib/krb5/krb/copy_creds.c
index e6fece383..0e1a814cc 100644
--- a/src/lib/krb5/krb/copy_creds.c
+++ b/src/lib/krb5/krb/copy_creds.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_creds.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_cred()
  */
@@ -40,13 +41,13 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out
     krb5_error_code retval;
 
     if (!(tempcred = (krb5_creds *)malloc(sizeof(*tempcred))))
-	return ENOMEM;
+        return ENOMEM;
 
     retval = krb5int_copy_creds_contents(context, incred, tempcred);
     if (retval)
-	free(tempcred);
+        free(tempcred);
     else
-	*outcred = tempcred;
+        *outcred = tempcred;
     return retval;
 }
 
@@ -58,7 +59,7 @@ krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **out
  */
 krb5_error_code
 krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred,
-			    krb5_creds *tempcred)
+                            krb5_creds *tempcred)
 {
     krb5_error_code retval;
     krb5_data *scratch;
@@ -66,25 +67,25 @@ krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred,
     *tempcred = *incred;
     retval = krb5_copy_principal(context, incred->client, &tempcred->client);
     if (retval)
-	goto cleanlast;
+        goto cleanlast;
     retval = krb5_copy_principal(context, incred->server, &tempcred->server);
     if (retval)
-	goto cleanclient;
+        goto cleanclient;
     retval = krb5_copy_keyblock_contents(context, &incred->keyblock,
-					 &tempcred->keyblock);
+                                         &tempcred->keyblock);
     if (retval)
-	goto cleanserver;
+        goto cleanserver;
     retval = krb5_copy_addresses(context, incred->addresses, &tempcred->addresses);
     if (retval)
-	goto cleanblock;
+        goto cleanblock;
     retval = krb5_copy_data(context, &incred->ticket, &scratch);
     if (retval)
-	goto cleanaddrs;
+        goto cleanaddrs;
     tempcred->ticket = *scratch;
     free(scratch);
     retval = krb5_copy_data(context, &incred->second_ticket, &scratch);
     if (retval)
-	goto clearticket;
+        goto clearticket;
 
     tempcred->second_ticket = *scratch;
     free(scratch);
@@ -95,22 +96,22 @@ krb5int_copy_creds_contents(krb5_context context, const krb5_creds *incred,
 
     return 0;
 
- clearsecondticket:    
+clearsecondticket:
     memset(tempcred->second_ticket.data,0,tempcred->second_ticket.length);
     free(tempcred->second_ticket.data);
- clearticket:    
+clearticket:
     memset(tempcred->ticket.data,0,tempcred->ticket.length);
     free(tempcred->ticket.data);
- cleanaddrs:
+cleanaddrs:
     krb5_free_addresses(context, tempcred->addresses);
- cleanblock:
+cleanblock:
     free(tempcred->keyblock.contents);
- cleanserver:
+cleanserver:
     krb5_free_principal(context, tempcred->server);
- cleanclient:
+cleanclient:
     krb5_free_principal(context, tempcred->client);
- cleanlast:
-    /* Do not free tempcred - we did not allocate it - its contents are 
+cleanlast:
+    /* Do not free tempcred - we did not allocate it - its contents are
        garbage - but we should not free it */
     return retval;
 }
diff --git a/src/lib/krb5/krb/copy_data.c b/src/lib/krb5/krb/copy_data.c
index 4896e8804..fa4b6ed7c 100644
--- a/src/lib/krb5/krb/copy_data.c
+++ b/src/lib/krb5/krb/copy_data.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_data.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_data()
  */
@@ -39,38 +40,38 @@ krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdat
     krb5_error_code retval;
 
     if (!indata) {
-	*outdata = 0;
-	return 0;
+        *outdata = 0;
+        return 0;
     }
-    
+
     if (!(tempdata = (krb5_data *)malloc(sizeof(*tempdata))))
-	return ENOMEM;
+        return ENOMEM;
 
     retval = krb5int_copy_data_contents(context, indata, tempdata);
     if (retval) {
-	free(tempdata);
-	return retval;
+        free(tempdata);
+        return retval;
     }
 
     *outdata = tempdata;
     return 0;
 }
 
-krb5_error_code 
+krb5_error_code
 krb5int_copy_data_contents(krb5_context context, const krb5_data *indata, krb5_data *outdata)
 {
     if (!indata) {
-	return EINVAL;
+        return EINVAL;
     }
 
     outdata->length = indata->length;
     if (outdata->length) {
-	if (!(outdata->data = malloc(outdata->length))) {
-	    return ENOMEM;
-	}
-	memcpy(outdata->data, indata->data, outdata->length);
+        if (!(outdata->data = malloc(outdata->length))) {
+            return ENOMEM;
+        }
+        memcpy(outdata->data, indata->data, outdata->length);
     } else
-	outdata->data = 0;
+        outdata->data = 0;
     outdata->magic = KV5M_DATA;
 
     return 0;
@@ -79,16 +80,16 @@ krb5int_copy_data_contents(krb5_context context, const krb5_data *indata, krb5_d
 /* As above, but add an (uncounted) extra byte at the end to
    null-terminate the data so it can be used as a standard C
    string.  */
-krb5_error_code 
+krb5_error_code
 krb5int_copy_data_contents_add0(krb5_context context, const krb5_data *indata, krb5_data *outdata)
 {
     if (!indata)
-	return EINVAL;
+        return EINVAL;
     outdata->length = indata->length;
     if (!(outdata->data = malloc(outdata->length + 1)))
-	return ENOMEM;
+        return ENOMEM;
     if (outdata->length)
-	memcpy(outdata->data, indata->data, outdata->length);
+        memcpy(outdata->data, indata->data, outdata->length);
     outdata->data[outdata->length] = 0;
     outdata->magic = KV5M_DATA;
 
diff --git a/src/lib/krb5/krb/copy_key.c b/src/lib/krb5/krb/copy_key.c
index 4772c58c1..532cced46 100644
--- a/src/lib/krb5/krb/copy_key.c
+++ b/src/lib/krb5/krb/copy_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_key.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_keyblock()
  */
diff --git a/src/lib/krb5/krb/copy_princ.c b/src/lib/krb5/krb/copy_princ.c
index 4e168b002..b7badefa2 100644
--- a/src/lib/krb5/krb/copy_princ.c
+++ b/src/lib/krb5/krb/copy_princ.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_princ.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_principal()
  */
@@ -41,7 +42,7 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri
     tempprinc = (krb5_principal)malloc(sizeof(krb5_principal_data));
 
     if (tempprinc == 0)
-	return ENOMEM;
+        return ENOMEM;
 
     *tempprinc = *inprinc;
 
@@ -49,29 +50,29 @@ krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_pri
     tempprinc->data = malloc(nelems * sizeof(krb5_data));
 
     if (tempprinc->data == 0) {
-	free(tempprinc);
-	return ENOMEM;
+        free(tempprinc);
+        return ENOMEM;
     }
 
     for (i = 0; i < nelems; i++) {
-	if (krb5int_copy_data_contents(context,
-				       krb5_princ_component(context, inprinc, i),
-				       krb5_princ_component(context, tempprinc, i)) != 0) {
-	    while (--i >= 0)
-		free(krb5_princ_component(context, tempprinc, i)->data);
-	    free (tempprinc->data);
-	    free (tempprinc);
-	    return ENOMEM;
+        if (krb5int_copy_data_contents(context,
+                                       krb5_princ_component(context, inprinc, i),
+                                       krb5_princ_component(context, tempprinc, i)) != 0) {
+            while (--i >= 0)
+                free(krb5_princ_component(context, tempprinc, i)->data);
+            free (tempprinc->data);
+            free (tempprinc);
+            return ENOMEM;
         }
     }
 
     if (krb5int_copy_data_contents_add0(context, &inprinc->realm,
-					&tempprinc->realm) != 0) {
+                                        &tempprinc->realm) != 0) {
         for (i = 0; i < nelems; i++)
-	    free(krb5_princ_component(context, tempprinc, i)->data);
-	free(tempprinc->data);
-	free(tempprinc);
-	return ENOMEM;
+            free(krb5_princ_component(context, tempprinc, i)->data);
+        free(tempprinc->data);
+        free(tempprinc);
+        return ENOMEM;
     }
 
     *outprinc = tempprinc;
diff --git a/src/lib/krb5/krb/copy_tick.c b/src/lib/krb5/krb/copy_tick.c
index 1dc3362d0..1fd3e681c 100644
--- a/src/lib/krb5/krb/copy_tick.c
+++ b/src/lib/krb5/krb/copy_tick.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/copy_tick.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_ticket()
  */
@@ -36,56 +37,56 @@ krb5_copy_enc_tkt_part(krb5_context context, const krb5_enc_tkt_part *partfrom,
     krb5_enc_tkt_part *tempto;
 
     if (!(tempto = (krb5_enc_tkt_part *)malloc(sizeof(*tempto))))
-	return ENOMEM;
+        return ENOMEM;
     *tempto = *partfrom;
     retval = krb5_copy_keyblock(context, partfrom->session,
-				&tempto->session);
+                                &tempto->session);
     if (retval) {
-	free(tempto);
-	return retval;
+        free(tempto);
+        return retval;
     }
     retval = krb5_copy_principal(context, partfrom->client, &tempto->client);
     if (retval) {
-	krb5_free_keyblock(context, tempto->session);
-	free(tempto);
-	return retval;
+        krb5_free_keyblock(context, tempto->session);
+        free(tempto);
+        return retval;
     }
     tempto->transited = partfrom->transited;
     if (tempto->transited.tr_contents.length == 0) {
-	tempto->transited.tr_contents.data = 0;
+        tempto->transited.tr_contents.data = 0;
     } else {
-	tempto->transited.tr_contents.data =
-	  malloc(partfrom->transited.tr_contents.length);
-	if (!tempto->transited.tr_contents.data) {
-	    krb5_free_principal(context, tempto->client);
-	    krb5_free_keyblock(context, tempto->session);
-	    free(tempto);
-	    return ENOMEM;
-	}
-	memcpy(tempto->transited.tr_contents.data,
-	       (char *)partfrom->transited.tr_contents.data,
-	       partfrom->transited.tr_contents.length);
+        tempto->transited.tr_contents.data =
+            malloc(partfrom->transited.tr_contents.length);
+        if (!tempto->transited.tr_contents.data) {
+            krb5_free_principal(context, tempto->client);
+            krb5_free_keyblock(context, tempto->session);
+            free(tempto);
+            return ENOMEM;
+        }
+        memcpy(tempto->transited.tr_contents.data,
+               (char *)partfrom->transited.tr_contents.data,
+               partfrom->transited.tr_contents.length);
     }
 
     retval = krb5_copy_addresses(context, partfrom->caddrs, &tempto->caddrs);
     if (retval) {
-	free(tempto->transited.tr_contents.data);
-	krb5_free_principal(context, tempto->client);
-	krb5_free_keyblock(context, tempto->session);
-	free(tempto);
-	return retval;
+        free(tempto->transited.tr_contents.data);
+        krb5_free_principal(context, tempto->client);
+        krb5_free_keyblock(context, tempto->session);
+        free(tempto);
+        return retval;
     }
     if (partfrom->authorization_data) {
-	retval = krb5_copy_authdata(context, partfrom->authorization_data,
-				    &tempto->authorization_data);
-	if (retval) {
-	    krb5_free_addresses(context, tempto->caddrs);
-	    free(tempto->transited.tr_contents.data);
-	    krb5_free_principal(context, tempto->client);
-	    krb5_free_keyblock(context, tempto->session);
-	    free(tempto);
-	    return retval;
-	}
+        retval = krb5_copy_authdata(context, partfrom->authorization_data,
+                                    &tempto->authorization_data);
+        if (retval) {
+            krb5_free_addresses(context, tempto->caddrs);
+            free(tempto->transited.tr_contents.data);
+            krb5_free_principal(context, tempto->client);
+            krb5_free_keyblock(context, tempto->session);
+            free(tempto);
+            return retval;
+        }
     }
     *partto = tempto;
     return 0;
@@ -99,28 +100,28 @@ krb5_copy_ticket(krb5_context context, const krb5_ticket *from, krb5_ticket **pt
     krb5_data *scratch;
 
     if (!(tempto = (krb5_ticket *)malloc(sizeof(*tempto))))
-	return ENOMEM;
+        return ENOMEM;
     *tempto = *from;
     retval = krb5_copy_principal(context, from->server, &tempto->server);
     if (retval) {
-	free(tempto);
-	return retval;
+        free(tempto);
+        return retval;
     }
     retval = krb5_copy_data(context, &from->enc_part.ciphertext, &scratch);
     if (retval) {
-	krb5_free_principal(context, tempto->server);
-	free(tempto);
-	return retval;
+        krb5_free_principal(context, tempto->server);
+        free(tempto);
+        return retval;
     }
     tempto->enc_part.ciphertext = *scratch;
     free(scratch);
     retval = krb5_copy_enc_tkt_part(context, from->enc_part2, &tempto->enc_part2);
     if (retval) {
-	free(tempto->enc_part.ciphertext.data);
-	krb5_free_principal(context, tempto->server);
-	free(tempto);
-	return retval;
-    }	
+        free(tempto->enc_part.ciphertext.data);
+        krb5_free_principal(context, tempto->server);
+        free(tempto);
+        return retval;
+    }
     *pto = tempto;
     return 0;
 }
diff --git a/src/lib/krb5/krb/cp_key_cnt.c b/src/lib/krb5/krb/cp_key_cnt.c
index 74efb5ef1..2f97dbd0c 100644
--- a/src/lib/krb5/krb/cp_key_cnt.c
+++ b/src/lib/krb5/krb/cp_key_cnt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/cp_key_cnt.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_copy_keyblock()
  */
diff --git a/src/lib/krb5/krb/decode_kdc.c b/src/lib/krb5/krb/decode_kdc.c
index 689e2a241..19451eea4 100644
--- a/src/lib/krb5/krb/decode_kdc.c
+++ b/src/lib/krb5/krb/decode_kdc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/decode_kdc.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_decode_kdc_rep() function.
  */
@@ -30,41 +31,40 @@
 #include "k5-int.h"
 
 /*
- Takes a KDC_REP message and decrypts encrypted part using etype and
- *key, putting result in *rep.
- dec_rep->client,ticket,session,last_req,server,caddrs
- are all set to allocated storage which should be freed by the caller
- when finished with the response.
+  Takes a KDC_REP message and decrypts encrypted part using etype and
+  *key, putting result in *rep.
+  dec_rep->client,ticket,session,last_req,server,caddrs
+  are all set to allocated storage which should be freed by the caller
+  when finished with the response.
 
- If the response isn't a KDC_REP (tgs or as), it returns an error from
- the decoding routines.
+  If the response isn't a KDC_REP (tgs or as), it returns an error from
+  the decoding routines.
 
- returns errors from encryption routines, system errors
- */
+  returns errors from encryption routines, system errors
+*/
 
 krb5_error_code
 krb5int_decode_tgs_rep(krb5_context context, krb5_data *enc_rep, const krb5_keyblock *key,
-		       krb5_keyusage usage, krb5_kdc_rep **dec_rep)
+                       krb5_keyusage usage, krb5_kdc_rep **dec_rep)
 {
     krb5_error_code retval;
     krb5_kdc_rep *local_dec_rep;
 
     if (krb5_is_as_rep(enc_rep)) {
-	retval = decode_krb5_as_rep(enc_rep, &local_dec_rep);
+        retval = decode_krb5_as_rep(enc_rep, &local_dec_rep);
     } else if (krb5_is_tgs_rep(enc_rep)) {
-	retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep);
+        retval = decode_krb5_tgs_rep(enc_rep, &local_dec_rep);
     } else {
-	return KRB5KRB_AP_ERR_MSG_TYPE;
+        return KRB5KRB_AP_ERR_MSG_TYPE;
     }
 
     if (retval)
-	return retval;
+        return retval;
 
     if ((retval = krb5_kdc_rep_decrypt_proc(context, key, &usage,
-					    local_dec_rep))) 
-	krb5_free_kdc_rep(context, local_dec_rep);
+                                            local_dec_rep)))
+        krb5_free_kdc_rep(context, local_dec_rep);
     else
-    	*dec_rep = local_dec_rep;
+        *dec_rep = local_dec_rep;
     return(retval);
 }
-
diff --git a/src/lib/krb5/krb/decrypt_tk.c b/src/lib/krb5/krb/decrypt_tk.c
index 36ecbb45b..c06353b9e 100644
--- a/src/lib/krb5/krb/decrypt_tk.c
+++ b/src/lib/krb5/krb/decrypt_tk.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/decrypt_tk.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_decrypt_tkt_part() function.
  */
@@ -30,11 +31,11 @@
 #include "k5-int.h"
 
 /*
- Decrypts dec_ticket->enc_part
- using *srv_key, and places result in dec_ticket->enc_part2.
- The storage of dec_ticket->enc_part2 will be allocated before return.
+  Decrypts dec_ticket->enc_part
+  using *srv_key, and places result in dec_ticket->enc_part2.
+  The storage of dec_ticket->enc_part2 will be allocated before return.
 
- returns errors from encryption routines, system errors
+  returns errors from encryption routines, system errors
 
 */
 
@@ -46,27 +47,27 @@ krb5_decrypt_tkt_part(krb5_context context, const krb5_keyblock *srv_key, regist
     krb5_error_code retval;
 
     if (!krb5_c_valid_enctype(ticket->enc_part.enctype))
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return KRB5_PROG_ETYPE_NOSUPP;
 
     scratch.length = ticket->enc_part.ciphertext.length;
     if (!(scratch.data = malloc(ticket->enc_part.ciphertext.length)))
-	return(ENOMEM);
+        return(ENOMEM);
 
     /* call the encryption routine */
     if ((retval = krb5_c_decrypt(context, srv_key,
-				KRB5_KEYUSAGE_KDC_REP_TICKET, 0,
-				&ticket->enc_part, &scratch))) {
-	free(scratch.data);
-	return retval;
+                                 KRB5_KEYUSAGE_KDC_REP_TICKET, 0,
+                                 &ticket->enc_part, &scratch))) {
+        free(scratch.data);
+        return retval;
     }
 
-#define clean_scratch() {memset(scratch.data, 0, scratch.length); \
-free(scratch.data);}
+#define clean_scratch() {memset(scratch.data, 0, scratch.length);       \
+        free(scratch.data);}
 
     /*  now decode the decrypted stuff */
     retval = decode_krb5_enc_tkt_part(&scratch, &dec_tkt_part);
     if (!retval) {
-	ticket->enc_part2 = dec_tkt_part;
+        ticket->enc_part2 = dec_tkt_part;
     }
     clean_scratch();
     return retval;
diff --git a/src/lib/krb5/krb/deltat.c b/src/lib/krb5/krb/deltat.c
index 2541591f8..36c0d0e95 100644
--- a/src/lib/krb5/krb/deltat.c
+++ b/src/lib/krb5/krb/deltat.c
@@ -95,14 +95,14 @@ struct param {
 #define MAX_MIN (MAX_TIME / 60)
 #define MIN_MIN (MIN_TIME / 60)
 
-/* An explanation of the tests being performed. 
-   We do not want to overflow a 32 bit integer with out manipulations, 
+/* An explanation of the tests being performed.
+   We do not want to overflow a 32 bit integer with out manipulations,
    even for testing for overflow. Therefore we rely on the following:
 
    The lex parser will not return a number > MAX_TIME (which is out 32
    bit limit).
 
-   Therefore, seconds (s) will require 
+   Therefore, seconds (s) will require
        MIN_TIME < s < MAX_TIME
 
    For subsequent tests, the logic is as follows:
@@ -110,7 +110,7 @@ struct param {
       If A < MAX_TIME and  B < MAX_TIME
 
       If we want to test if A+B < MAX_TIME, there are two cases
-        if (A > 0) 
+        if (A > 0)
          then A + B < MAX_TIME if B < MAX_TIME - A
 	else A + B < MAX_TIME  always.
 
@@ -131,7 +131,7 @@ struct param {
                           res = (a) + (b)
 
 
-#define OUT_D ((struct param *)tmv)->delta 
+#define OUT_D ((struct param *)tmv)->delta
 #define DO(D,H,M,S) \
  { \
      /* Overflow testing - this does not handle negative values well.. */ \
@@ -1420,10 +1420,10 @@ mylex (krb5_int32 *intp, char **pp)
 	/* XXX assumes ASCII */
 	num = c - '0';
 	while (isdigit ((int) *P)) {
-	  if (num > MAX_TIME / 10) 
+	  if (num > MAX_TIME / 10)
 	    return OVERFLOW;
 	    num *= 10;
-	    if (num > MAX_TIME - (*P - '0')) 
+	    if (num > MAX_TIME - (*P - '0'))
 	      return OVERFLOW;
 	    num += *P++ - '0';
 	}
@@ -1451,5 +1451,3 @@ krb5_string_to_deltat(char *string, krb5_deltat *deltatp)
     *deltatp = p.delta;
     return 0;
 }
-
-
diff --git a/src/lib/krb5/krb/enc_helper.c b/src/lib/krb5/krb/enc_helper.c
index 01324d014..41d2f00f7 100644
--- a/src/lib/krb5/krb/enc_helper.c
+++ b/src/lib/krb5/krb/enc_helper.c
@@ -1,13 +1,14 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +19,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -33,24 +34,24 @@ krb5_encrypt_helper(krb5_context context, const krb5_keyblock *key, krb5_keyusag
     size_t enclen;
 
     if ((ret = krb5_c_encrypt_length(context, key->enctype, plain->length,
-				     &enclen)))
-	return(ret);
+                                     &enclen)))
+        return(ret);
 
     cipher->ciphertext.length = enclen;
     if ((cipher->ciphertext.data = (char *) malloc(enclen)) == NULL)
-	return(ENOMEM);
+        return(ENOMEM);
     ret = krb5_c_encrypt(context, key, usage, 0, plain, cipher);
     if (ret) {
-	free(cipher->ciphertext.data);
-	cipher->ciphertext.data = NULL;
+        free(cipher->ciphertext.data);
+        cipher->ciphertext.data = NULL;
     }
 
     return(ret);
 }
-	
+
 krb5_error_code
 krb5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage,
-		       const krb5_data *plain, krb5_enc_data *cipher)
+                       const krb5_data *plain, krb5_enc_data *cipher)
 {
     krb5_enctype enctype;
     krb5_error_code ret;
@@ -59,16 +60,16 @@ krb5_encrypt_keyhelper(krb5_context context, krb5_key key, krb5_keyusage usage,
     enctype = krb5_k_key_enctype(context, key);
     ret = krb5_c_encrypt_length(context, enctype, plain->length, &enclen);
     if (ret != 0)
-	return ret;
+        return ret;
 
     cipher->ciphertext.length = enclen;
     cipher->ciphertext.data = malloc(enclen);
     if (cipher->ciphertext.data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     ret = krb5_k_encrypt(context, key, usage, 0, plain, cipher);
     if (ret) {
-	free(cipher->ciphertext.data);
-	cipher->ciphertext.data = NULL;
+        free(cipher->ciphertext.data);
+        cipher->ciphertext.data = NULL;
     }
 
     return ret;
diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c
index 8b879c015..c86bd4cd5 100644
--- a/src/lib/krb5/krb/encode_kdc.c
+++ b/src/lib/krb5/krb/encode_kdc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/encode_kdc.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_encode_kdc_rep() function.
  */
@@ -30,24 +31,24 @@
 #include "k5-int.h"
 
 /*
- Takes KDC rep parts in *rep and *encpart, and formats it into *enc_rep,
- using message type type and encryption key client_key and encryption type
- etype.
+  Takes KDC rep parts in *rep and *encpart, and formats it into *enc_rep,
+  using message type type and encryption key client_key and encryption type
+  etype.
 
- The string *enc_rep will be allocated before formatting; the caller should
- free when finished.
+  The string *enc_rep will be allocated before formatting; the caller should
+  free when finished.
 
- returns system errors
+  returns system errors
 
- dec_rep->enc_part.ciphertext is allocated and filled in.
+  dec_rep->enc_part.ciphertext is allocated and filled in.
 */
 /* due to argument promotion rules, we need to use the DECLARG/OLDDECLARG
    stuff... */
 krb5_error_code
 krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type,
-		    const krb5_enc_kdc_rep_part *encpart,
-		    int using_subkey, const krb5_keyblock *client_key,
-		    krb5_kdc_rep *dec_rep, krb5_data **enc_rep)
+                    const krb5_enc_kdc_rep_part *encpart,
+                    int using_subkey, const krb5_keyblock *client_key,
+                    krb5_kdc_rep *dec_rep, krb5_data **enc_rep)
 {
     krb5_data *scratch;
     krb5_error_code retval;
@@ -55,27 +56,27 @@ krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type,
     krb5_keyusage usage;
 
     if (!krb5_c_valid_enctype(dec_rep->enc_part.enctype))
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return KRB5_PROG_ETYPE_NOSUPP;
 
     switch (type) {
     case KRB5_AS_REP:
-	usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
-	break;
+        usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
+        break;
     case KRB5_TGS_REP:
-	if (using_subkey)
-	    usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY;
-	else
-	    usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY;
-	break;
+        if (using_subkey)
+            usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY;
+        else
+            usage = KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY;
+        break;
     default:
-	return KRB5_BADMSGTYPE;
+        return KRB5_BADMSGTYPE;
     }
 
     /*
      * We don't want to modify encpart, but we need to be able to pass
      * in the message type to the encoder, so it can set the ASN.1
      * type correct.
-     * 
+     *
      * Although note that it may be doing nothing with the message
      * type, to be compatible with old versions of Kerberos that always
      * encode this as a TGS_REP regardly of what it really should be;
@@ -88,41 +89,41 @@ krb5_encode_kdc_rep(krb5_context context, krb5_msgtype type,
     tmp_encpart.msg_type = type;
     retval = encode_krb5_enc_kdc_rep_part(&tmp_encpart, &scratch);
     if (retval) {
-	return retval;
+        return retval;
     }
     memset(&tmp_encpart, 0, sizeof(tmp_encpart));
 
 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
-krb5_free_data(context, scratch); }
+        krb5_free_data(context, scratch); }
 
     retval = krb5_encrypt_helper(context, client_key, usage, scratch,
-				 &dec_rep->enc_part);
+                                 &dec_rep->enc_part);
 
-#define cleanup_encpart() { \
-(void) memset(dec_rep->enc_part.ciphertext.data, 0, \
-	     dec_rep->enc_part.ciphertext.length); \
-free(dec_rep->enc_part.ciphertext.data); \
-dec_rep->enc_part.ciphertext.length = 0; \
-dec_rep->enc_part.ciphertext.data = 0;}
+#define cleanup_encpart() {                                     \
+        (void) memset(dec_rep->enc_part.ciphertext.data, 0,     \
+                      dec_rep->enc_part.ciphertext.length);     \
+        free(dec_rep->enc_part.ciphertext.data);                \
+        dec_rep->enc_part.ciphertext.length = 0;                \
+        dec_rep->enc_part.ciphertext.data = 0;}
 
     cleanup_scratch();
 
     if (retval)
-	return(retval);
+        return(retval);
 
     /* now it's ready to be encoded for the wire! */
 
     switch (type) {
     case KRB5_AS_REP:
-	retval = encode_krb5_as_rep(dec_rep, enc_rep);
-	break;
+        retval = encode_krb5_as_rep(dec_rep, enc_rep);
+        break;
     case KRB5_TGS_REP:
-	retval = encode_krb5_tgs_rep(dec_rep, enc_rep);
-	break;
+        retval = encode_krb5_tgs_rep(dec_rep, enc_rep);
+        break;
     }
 
     if (retval)
-	cleanup_encpart();
+        cleanup_encpart();
 
     return retval;
 }
diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c
index ed2b8c1b8..acf9c6fa4 100644
--- a/src/lib/krb5/krb/encrypt_tk.c
+++ b/src/lib/krb5/krb/encrypt_tk.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/encrypt_tk.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_encrypt_tkt_part() routine.
  */
@@ -30,15 +31,15 @@
 #include "k5-int.h"
 
 /*
- Takes unencrypted dec_ticket & dec_tkt_part, encrypts with
- dec_ticket->enc_part.etype
- using *srv_key, and places result in dec_ticket->enc_part.
- The string dec_ticket->enc_part.ciphertext will be allocated before
- formatting.
+  Takes unencrypted dec_ticket & dec_tkt_part, encrypts with
+  dec_ticket->enc_part.etype
+  using *srv_key, and places result in dec_ticket->enc_part.
+  The string dec_ticket->enc_part.ciphertext will be allocated before
+  formatting.
 
- returns errors from encryption routines, system errors
+  returns errors from encryption routines, system errors
 
- enc_part->ciphertext.data allocated & filled in with encrypted stuff
+  enc_part->ciphertext.data allocated & filled in with encrypted stuff
 */
 
 krb5_error_code
@@ -50,16 +51,16 @@ krb5_encrypt_tkt_part(krb5_context context, const krb5_keyblock *srv_key, regist
 
     /*  start by encoding the to-be-encrypted part. */
     if ((retval = encode_krb5_enc_tkt_part(dec_tkt_part, &scratch))) {
-	return retval;
+        return retval;
     }
 
 #define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); \
-krb5_free_data(context, scratch); }
+        krb5_free_data(context, scratch); }
 
     /* call the encryption routine */
     retval = krb5_encrypt_helper(context, srv_key,
-				 KRB5_KEYUSAGE_KDC_REP_TICKET, scratch,
-				 &dec_ticket->enc_part);
+                                 KRB5_KEYUSAGE_KDC_REP_TICKET, scratch,
+                                 &dec_ticket->enc_part);
 
     cleanup_scratch();
 
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index 381173d5c..ae5602cde 100644
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/fast.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +23,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  */
 
@@ -66,65 +67,65 @@ static krb5_error_code fast_armor_ap_request
     memset(&creds, 0, sizeof(creds));
     retval = krb5_tgtname(context, target_realm, target_realm, &creds.server);
     if (retval ==0)
-	retval = krb5_cc_get_principal(context, ccache, &creds.client);
+        retval = krb5_cc_get_principal(context, ccache, &creds.client);
     if (retval == 0)
-	retval = krb5_get_credentials(context, 0, ccache,  &creds, &out_creds);
+        retval = krb5_get_credentials(context, 0, ccache,  &creds, &out_creds);
     if (retval == 0)
-	retval = krb5_mk_req_extended(context, &authcontext, AP_OPTS_USE_SUBKEY, NULL /*data*/,
-				      out_creds, &encoded_authenticator);
+        retval = krb5_mk_req_extended(context, &authcontext, AP_OPTS_USE_SUBKEY, NULL /*data*/,
+                                      out_creds, &encoded_authenticator);
     if (retval == 0)
-	retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey);
+        retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey);
     if (retval == 0)
-	retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor",
-				      &out_creds->keyblock, "ticketarmor", &armor_key);
+        retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor",
+                                      &out_creds->keyblock, "ticketarmor", &armor_key);
     if (retval == 0) {
-	armor = calloc(1, sizeof(krb5_fast_armor));
-	if (armor == NULL)
-	    retval = ENOMEM;
+        armor = calloc(1, sizeof(krb5_fast_armor));
+        if (armor == NULL)
+            retval = ENOMEM;
     }
     if (retval == 0) {
-	armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST;
-	armor->armor_value = encoded_authenticator;
-	encoded_authenticator.data = NULL;
-	encoded_authenticator.length = 0;
-	state->armor = armor;
-	armor = NULL;
-	state->armor_key = armor_key;
-	armor_key = NULL;
+        armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST;
+        armor->armor_value = encoded_authenticator;
+        encoded_authenticator.data = NULL;
+        encoded_authenticator.length = 0;
+        state->armor = armor;
+        armor = NULL;
+        state->armor_key = armor_key;
+        armor_key = NULL;
     }
     krb5_free_keyblock(context, armor_key);
     krb5_free_keyblock(context, subkey);
     if (out_creds)
-	krb5_free_creds(context, out_creds);
+        krb5_free_creds(context, out_creds);
     krb5_free_cred_contents(context, &creds);
     if (encoded_authenticator.data)
-	krb5_free_data_contents(context, &encoded_authenticator);
+        krb5_free_data_contents(context, &encoded_authenticator);
     krb5_auth_con_free(context, authcontext);
     return retval;
 }
 
 krb5_error_code
 krb5int_fast_prep_req_body(krb5_context context, struct krb5int_fast_request_state *state,
-			   krb5_kdc_req *request, krb5_data **encoded_request_body)
+                           krb5_kdc_req *request, krb5_data **encoded_request_body)
 {
     krb5_error_code retval = 0;
     krb5_data *local_encoded_request_body = NULL;
     assert(state != NULL);
     *encoded_request_body = NULL;
     if (state->armor_key == NULL) {
-	return   encode_krb5_kdc_req_body(request, encoded_request_body);
+        return   encode_krb5_kdc_req_body(request, encoded_request_body);
     }
     state->fast_outer_request = *request;
     state->fast_outer_request.padata = NULL;
     if (retval == 0)
-	retval = encode_krb5_kdc_req_body(&state->fast_outer_request,
-					  &local_encoded_request_body);
+        retval = encode_krb5_kdc_req_body(&state->fast_outer_request,
+                                          &local_encoded_request_body);
     if (retval == 0) {
-	*encoded_request_body = local_encoded_request_body;
-	local_encoded_request_body = NULL;
+        *encoded_request_body = local_encoded_request_body;
+        local_encoded_request_body = NULL;
     }
     if (local_encoded_request_body != NULL)
-	krb5_free_data(context, local_encoded_request_body);
+        krb5_free_data(context, local_encoded_request_body);
     return retval;
 }
 
@@ -137,31 +138,31 @@ krb5_error_code krb5int_fast_as_armor
     krb5_ccache ccache = NULL;
     krb5_clear_error_message(context);
     if (opte->opt_private->fast_ccache_name) {
-	retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name,
-				 &ccache);
-	if (retval==0)
-		retval = fast_armor_ap_request(context, state, ccache,
-					       krb5_princ_realm(context, request->server));
-	if (retval != 0) {
-	    const char * errmsg;
-	    errmsg = krb5_get_error_message(context, retval);
-	    if (errmsg) {
-		krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg);
-		krb5_free_error_message(context, errmsg);
-	    }
-	}
+        retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name,
+                                 &ccache);
+        if (retval==0)
+            retval = fast_armor_ap_request(context, state, ccache,
+                                           krb5_princ_realm(context, request->server));
+        if (retval != 0) {
+            const char * errmsg;
+            errmsg = krb5_get_error_message(context, retval);
+            if (errmsg) {
+                krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg);
+                krb5_free_error_message(context, errmsg);
+            }
+        }
     }
     if (ccache)
-	krb5_cc_close(context, ccache);
+        krb5_cc_close(context, ccache);
     return retval;
 }
 
 
-krb5_error_code 
+krb5_error_code
 krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *state,
-		        krb5_kdc_req *request,
-		       const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder,
-		       krb5_data **encoded_request)
+                       krb5_kdc_req *request,
+                       const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder,
+                       krb5_data **encoded_request)
 {
     krb5_error_code retval = 0;
     krb5_pa_data *pa_array[2];
@@ -180,68 +181,68 @@ krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *
     assert(state->fast_outer_request.padata == NULL);
     memset(pa_array, 0, sizeof pa_array);
     if (state->armor_key == NULL) {
-	return encoder(request, encoded_request);
+        return encoder(request, encoded_request);
     }
 /* Fill in a fresh random nonce for each inner request*/
-    	random_data.length = 4;
-	random_data.data = (char *)random_buf;
-	retval = krb5_c_random_make_octets(context, &random_data);
-	if (retval == 0) {
-	    	    request->nonce = 0x7fffffff & load_32_n(random_buf);
-		    state->nonce = request->nonce;
-	}
+    random_data.length = 4;
+    random_data.data = (char *)random_buf;
+    retval = krb5_c_random_make_octets(context, &random_data);
+    if (retval == 0) {
+        request->nonce = 0x7fffffff & load_32_n(random_buf);
+        state->nonce = request->nonce;
+    }
     fast_req.req_body =  request;
     if (fast_req.req_body->padata == NULL) {
-	fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *));
-	if (fast_req.req_body->padata == NULL)
-	    retval = ENOMEM;
+        fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *));
+        if (fast_req.req_body->padata == NULL)
+            retval = ENOMEM;
     }
     fast_req.fast_options = state->fast_options;
     if (retval == 0)
-	retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req);
+        retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req);
     if (retval == 0) {
-	armored_req = calloc(1, sizeof(krb5_fast_armored_req));
-	if (armored_req == NULL)
-	    retval = ENOMEM;
+        armored_req = calloc(1, sizeof(krb5_fast_armored_req));
+        if (armored_req == NULL)
+            retval = ENOMEM;
     }
     if (retval == 0)
-	armored_req->armor = state->armor;
+        armored_req->armor = state->armor;
     if (retval == 0)
-	retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype,
-					       &cksumtype);
+        retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype,
+                                               &cksumtype);
     if (retval ==0)
-	retval = krb5_c_make_checksum(context, cksumtype, state->armor_key,
-				      KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed,
-				      &armored_req->req_checksum);
+        retval = krb5_c_make_checksum(context, cksumtype, state->armor_key,
+                                      KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed,
+                                      &armored_req->req_checksum);
     if (retval == 0)
-	retval = krb5_encrypt_helper(context, state->armor_key,
-				     KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req,
-				     &armored_req->enc_part);
+        retval = krb5_encrypt_helper(context, state->armor_key,
+                                     KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req,
+                                     &armored_req->enc_part);
     if (retval == 0)
-	retval = encode_krb5_pa_fx_fast_request(armored_req, &encoded_armored_req);
+        retval = encode_krb5_pa_fx_fast_request(armored_req, &encoded_armored_req);
     if (retval==0) {
-	pa[0].pa_type = KRB5_PADATA_FX_FAST;
-	pa[0].contents = (unsigned char *) encoded_armored_req->data;
-	pa[0].length = encoded_armored_req->length;
-	pa_array[0] = &pa[0];
+        pa[0].pa_type = KRB5_PADATA_FX_FAST;
+        pa[0].contents = (unsigned char *) encoded_armored_req->data;
+        pa[0].length = encoded_armored_req->length;
+        pa_array[0] = &pa[0];
     }
     state->fast_outer_request.padata = pa_array;
     if(retval == 0)
-	retval = encoder(&state->fast_outer_request, &local_encoded_result);
+        retval = encoder(&state->fast_outer_request, &local_encoded_result);
     if (retval == 0) {
-	*encoded_request = local_encoded_result;
-	local_encoded_result = NULL;
+        *encoded_request = local_encoded_result;
+        local_encoded_result = NULL;
     }
     if (encoded_armored_req)
-	krb5_free_data(context, encoded_armored_req);
+        krb5_free_data(context, encoded_armored_req);
     if (armored_req) {
-	armored_req->armor = NULL; /*owned by state*/
-	krb5_free_fast_armored_req(context, armored_req);
+        armored_req->armor = NULL; /*owned by state*/
+        krb5_free_fast_armored_req(context, armored_req);
     }
     if (encoded_fast_req)
-	krb5_free_data(context, encoded_fast_req);
+        krb5_free_data(context, encoded_fast_req);
     if (local_encoded_result)
-	krb5_free_data(context, local_encoded_result);
+        krb5_free_data(context, local_encoded_result);
     state->fast_outer_request.padata = NULL;
     return retval;
 }
@@ -258,49 +259,49 @@ static krb5_error_code decrypt_fast_reply
     krb5_fast_response *local_resp = NULL;
     assert(state != NULL);
     assert(state->armor_key);
-        fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST);
+    fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST);
     if (fx_reply == NULL)
-	retval = KRB5_ERR_FAST_REQUIRED;
+        retval = KRB5_ERR_FAST_REQUIRED;
     if (retval == 0) {
-	scratch.data = (char *) fx_reply->contents;
-	scratch.length = fx_reply->length;
-	retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response);
+        scratch.data = (char *) fx_reply->contents;
+        scratch.length = fx_reply->length;
+        retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response);
     }
     scratch.data = NULL;
     if (retval == 0) {
-	scratch.data = malloc(encrypted_response->ciphertext.length);
-	if (scratch.data == NULL)
-	    retval = ENOMEM;
-	scratch.length = encrypted_response->ciphertext.length;
+        scratch.data = malloc(encrypted_response->ciphertext.length);
+        if (scratch.data == NULL)
+            retval = ENOMEM;
+        scratch.length = encrypted_response->ciphertext.length;
     }
     if (retval == 0)
-	retval = krb5_c_decrypt(context, state->armor_key,
-				KRB5_KEYUSAGE_FAST_REP, NULL,
-				encrypted_response, &scratch);
+        retval = krb5_c_decrypt(context, state->armor_key,
+                                KRB5_KEYUSAGE_FAST_REP, NULL,
+                                encrypted_response, &scratch);
     if (retval != 0) {
-	const char * errmsg;
-	errmsg = krb5_get_error_message(context, retval);
-	krb5_set_error_message(context, retval, "%s while decrypting FAST reply", errmsg);
-	krb5_free_error_message(context, errmsg);
+        const char * errmsg;
+        errmsg = krb5_get_error_message(context, retval);
+        krb5_set_error_message(context, retval, "%s while decrypting FAST reply", errmsg);
+        krb5_free_error_message(context, errmsg);
     }
     if (retval == 0)
-	retval = decode_krb5_fast_response(&scratch, &local_resp);
+        retval = decode_krb5_fast_response(&scratch, &local_resp);
     if (retval == 0) {
-	if (local_resp->nonce != state->nonce) {
-	    retval = KRB5_KDCREP_MODIFIED;
-	    krb5_set_error_message(context, retval, "nonce modified in FAST response: KDC response modified");
-	}
+        if (local_resp->nonce != state->nonce) {
+            retval = KRB5_KDCREP_MODIFIED;
+            krb5_set_error_message(context, retval, "nonce modified in FAST response: KDC response modified");
+        }
     }
     if (retval == 0) {
-	*response = local_resp;
-	local_resp = NULL;
+        *response = local_resp;
+        local_resp = NULL;
     }
     if (scratch.data)
-	free(scratch.data);
+        free(scratch.data);
     if (encrypted_response)
-	krb5_free_enc_data(context, encrypted_response);
+        krb5_free_enc_data(context, encrypted_response);
     if (local_resp)
-	krb5_free_fast_response(context, local_resp);
+        krb5_free_fast_response(context, local_resp);
     return retval;
 }
 
@@ -319,91 +320,91 @@ static krb5_error_code decrypt_fast_reply
  */
 krb5_error_code
 krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_state *state,
-			   krb5_error **err_replyptr			   , krb5_pa_data ***out_padata,
-			   krb5_boolean *retry)
+                           krb5_error **err_replyptr                       , krb5_pa_data ***out_padata,
+                           krb5_boolean *retry)
 {
     krb5_error_code retval = 0;
     krb5_error *err_reply = *err_replyptr;
     *out_padata = NULL;
     *retry = 0;
     if (state->armor_key) {
-	krb5_pa_data *fx_error_pa;
-	krb5_pa_data **result = NULL;
-	krb5_data scratch, *encoded_td = NULL;
-	krb5_error *fx_error = NULL;
-	krb5_fast_response *fast_response = NULL;
-	retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
-	if (retval == 0)
-	    retval = decrypt_fast_reply(context, state, result, &fast_response);
-	if (retval) {
-	    /*This can happen if the KDC does not understand FAST. We
-	     * don't expect that, but treating it as the fatal error
-	     * indicated by the KDC seems reasonable.
-	     */
-	    *retry = 0;
-	    krb5_free_pa_data(context, result);
-	    return 0;
-	}
-	krb5_free_pa_data(context, result);
-	result = NULL;
-	if (retval == 0) {	
-	    fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR);
-	    if (fx_error_pa == NULL) {
-		krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, "Expecting FX_ERROR pa-data inside FAST container");
-		retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	    }
-	}
-	if (retval == 0) {
-	    scratch.data = (char *) fx_error_pa->contents;
-	    scratch.length = fx_error_pa->length;
-	    retval = decode_krb5_error(&scratch, &fx_error);
-	}
-	/*
-	 * krb5_pa_data and krb5_typed_data are safe to cast between:
-	 * they have the same type fields in the same order.
-	 * (krb5_preauthtype is a krb5_int32).  If krb5_typed_data is
-	 * ever changed then this will need to be a copy not a cast.
-	 */
-	if (retval == 0) 
-	    retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata,
-					     &encoded_td);
-	if (retval == 0) {
-	    fx_error->e_data = *encoded_td;
-	    free(encoded_td); /*contents owned by fx_error*/
-	    encoded_td = NULL;
-	    krb5_free_error(context, err_reply);
-	    *err_replyptr = fx_error;
-	    fx_error = NULL;
-	    *out_padata = fast_response->padata;
-	    fast_response->padata = NULL;
-	    /*
-	     * If there is more than the fx_error padata, then we want
-	     * to retry the error if a cookie is present
-	     */
-	    *retry = (*out_padata)[1] != NULL;
-	    if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL)
-		*retry = 0;
-	}
-	if (fx_error)
-	    krb5_free_error(context, fx_error);
-	krb5_free_fast_response(context, fast_response);
+        krb5_pa_data *fx_error_pa;
+        krb5_pa_data **result = NULL;
+        krb5_data scratch, *encoded_td = NULL;
+        krb5_error *fx_error = NULL;
+        krb5_fast_response *fast_response = NULL;
+        retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
+        if (retval == 0)
+            retval = decrypt_fast_reply(context, state, result, &fast_response);
+        if (retval) {
+            /*This can happen if the KDC does not understand FAST. We
+             * don't expect that, but treating it as the fatal error
+             * indicated by the KDC seems reasonable.
+             */
+            *retry = 0;
+            krb5_free_pa_data(context, result);
+            return 0;
+        }
+        krb5_free_pa_data(context, result);
+        result = NULL;
+        if (retval == 0) {
+            fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR);
+            if (fx_error_pa == NULL) {
+                krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, "Expecting FX_ERROR pa-data inside FAST container");
+                retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            }
+        }
+        if (retval == 0) {
+            scratch.data = (char *) fx_error_pa->contents;
+            scratch.length = fx_error_pa->length;
+            retval = decode_krb5_error(&scratch, &fx_error);
+        }
+        /*
+         * krb5_pa_data and krb5_typed_data are safe to cast between:
+         * they have the same type fields in the same order.
+         * (krb5_preauthtype is a krb5_int32).  If krb5_typed_data is
+         * ever changed then this will need to be a copy not a cast.
+         */
+        if (retval == 0)
+            retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata,
+                                             &encoded_td);
+        if (retval == 0) {
+            fx_error->e_data = *encoded_td;
+            free(encoded_td); /*contents owned by fx_error*/
+            encoded_td = NULL;
+            krb5_free_error(context, err_reply);
+            *err_replyptr = fx_error;
+            fx_error = NULL;
+            *out_padata = fast_response->padata;
+            fast_response->padata = NULL;
+            /*
+             * If there is more than the fx_error padata, then we want
+             * to retry the error if a cookie is present
+             */
+            *retry = (*out_padata)[1] != NULL;
+            if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL)
+                *retry = 0;
+        }
+        if (fx_error)
+            krb5_free_error(context, fx_error);
+        krb5_free_fast_response(context, fast_response);
     } else { /*not FAST*/
-	*retry = (err_reply->e_data.length > 0);
-	if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED
-	     ||err_reply->error == KDC_ERR_PREAUTH_FAILED) && err_reply->e_data.length) {
-	    krb5_pa_data **result = NULL;
-	    retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
-	    if (retval == 0)
-		if (retval == 0) {
-		    *out_padata = result;
+        *retry = (err_reply->e_data.length > 0);
+        if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED
+             ||err_reply->error == KDC_ERR_PREAUTH_FAILED) && err_reply->e_data.length) {
+            krb5_pa_data **result = NULL;
+            retval = decode_krb5_padata_sequence(&err_reply->e_data, &result);
+            if (retval == 0)
+                if (retval == 0) {
+                    *out_padata = result;
 
-		    return 0;
-		}
-	    krb5_free_pa_data(context, result);
-	    krb5_set_error_message(context, retval,
-				   "Error decoding padata in error reply");
-	    return retval;
-	}
+                    return 0;
+                }
+            krb5_free_pa_data(context, result);
+            krb5_set_error_message(context, retval,
+                                   "Error decoding padata in error reply");
+            return retval;
+        }
     }
     return retval;
 }
@@ -421,61 +422,61 @@ krb5_error_code krb5int_fast_process_response
     krb5_clear_error_message(context);
     *strengthen_key = NULL;
     if (state->armor_key == 0)
-	return 0;
-        retval = decrypt_fast_reply(context, state, resp->padata,
-				&fast_response);
+        return 0;
+    retval = decrypt_fast_reply(context, state, resp->padata,
+                                &fast_response);
     if (retval == 0) {
-	if (fast_response->finished == 0) {
-	    retval = KRB5_KDCREP_MODIFIED;
-	    krb5_set_error_message(context, retval, "FAST response missing finish message in KDC reply");
-	}
+        if (fast_response->finished == 0) {
+            retval = KRB5_KDCREP_MODIFIED;
+            krb5_set_error_message(context, retval, "FAST response missing finish message in KDC reply");
+        }
     }
     if (retval == 0)
-	retval = encode_krb5_ticket(resp->ticket, &encoded_ticket);
+        retval = encode_krb5_ticket(resp->ticket, &encoded_ticket);
     if (retval == 0)
-	retval = krb5_c_verify_checksum(context, state->armor_key,
-					KRB5_KEYUSAGE_FAST_FINISHED,
-					encoded_ticket,
-					&fast_response->finished->ticket_checksum,
-					&cksum_valid);
+        retval = krb5_c_verify_checksum(context, state->armor_key,
+                                        KRB5_KEYUSAGE_FAST_FINISHED,
+                                        encoded_ticket,
+                                        &fast_response->finished->ticket_checksum,
+                                        &cksum_valid);
     if (retval == 0 && cksum_valid == 0) {
-	retval = KRB5_KDCREP_MODIFIED;
-	krb5_set_error_message(context, retval, "ticket modified in KDC reply");
+        retval = KRB5_KDCREP_MODIFIED;
+        krb5_set_error_message(context, retval, "ticket modified in KDC reply");
     }
     if (retval == 0) {
-	krb5_free_principal(context, resp->client);
-	resp->client = fast_response->finished->client;
-	fast_response->finished->client = NULL;
-	*strengthen_key = fast_response->strengthen_key;
-	fast_response->strengthen_key = NULL;
-	krb5_free_pa_data(context, resp->padata);
-	resp->padata = fast_response->padata;
-	fast_response->padata = NULL;
+        krb5_free_principal(context, resp->client);
+        resp->client = fast_response->finished->client;
+        fast_response->finished->client = NULL;
+        *strengthen_key = fast_response->strengthen_key;
+        fast_response->strengthen_key = NULL;
+        krb5_free_pa_data(context, resp->padata);
+        resp->padata = fast_response->padata;
+        fast_response->padata = NULL;
     }
     if (fast_response)
-	krb5_free_fast_response(context, fast_response);
+        krb5_free_fast_response(context, fast_response);
     if (encoded_ticket)
-	krb5_free_data(context, encoded_ticket);
+        krb5_free_data(context, encoded_ticket);
     return retval;
 }
 
 krb5_error_code krb5int_fast_reply_key(krb5_context context,
-				       krb5_keyblock *strengthen_key,
-				       krb5_keyblock *existing_key,
-				       krb5_keyblock *out_key)
+                                       krb5_keyblock *strengthen_key,
+                                       krb5_keyblock *existing_key,
+                                       krb5_keyblock *out_key)
 {
     krb5_keyblock *key = NULL;
     krb5_error_code retval = 0;
     krb5_free_keyblock_contents(context, out_key);
     if (strengthen_key) {
-	retval = krb5_c_fx_cf2_simple(context, strengthen_key,
-				      "strengthenkey", existing_key, "replykey", &key);
-	if (retval == 0) {
-	    *out_key = *key;
-	    free(key);
-	}
+        retval = krb5_c_fx_cf2_simple(context, strengthen_key,
+                                      "strengthenkey", existing_key, "replykey", &key);
+        if (retval == 0) {
+            *out_key = *key;
+            free(key);
+        }
     } else {
-	retval = krb5_copy_keyblock_contents(context, existing_key, out_key);
+        retval = krb5_copy_keyblock_contents(context, existing_key, out_key);
     }
     return retval;
 }
@@ -487,7 +488,7 @@ krb5int_fast_make_state( krb5_context context, struct krb5int_fast_request_state
     struct krb5int_fast_request_state *local_state ;
     local_state = malloc(sizeof *local_state);
     if (local_state == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset(local_state, 0, sizeof(*local_state));
     *state = local_state;
     return 0;
@@ -505,16 +506,15 @@ krb5int_fast_free_state( krb5_context context, struct krb5int_fast_request_state
 krb5_pa_data * krb5int_find_pa_data
 (krb5_context context, krb5_pa_data *const *padata, krb5_preauthtype pa_type)
 {
-        krb5_pa_data * const *tmppa;
+    krb5_pa_data * const *tmppa;
 
     if (padata == NULL)
-	return NULL;
+        return NULL;
 
     for (tmppa = padata; *tmppa != NULL; tmppa++) {
-	if ((*tmppa)->pa_type == pa_type)
-	    break;
+        if ((*tmppa)->pa_type == pa_type)
+            break;
     }
 
     return *tmppa;
 }
-
diff --git a/src/lib/krb5/krb/fast.h b/src/lib/krb5/krb/fast.h
index 4cc142335..443f3e196 100644
--- a/src/lib/krb5/krb/fast.h
+++ b/src/lib/krb5/krb/fast.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/fast.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * <<< Description >>>
  */
@@ -34,7 +35,7 @@
 
 struct krb5int_fast_request_state {
     krb5_kdc_req fast_outer_request;
-        krb5_keyblock *armor_key; /*non-null means fast is in use*/
+    krb5_keyblock *armor_key; /*non-null means fast is in use*/
     krb5_fast_armor *armor;
     krb5_ui_4 fast_state_flags;
     krb5_ui_4 fast_options;
@@ -43,19 +44,19 @@ struct krb5int_fast_request_state {
 
 krb5_error_code
 krb5int_fast_prep_req_body(krb5_context context, struct krb5int_fast_request_state *state,
-			   krb5_kdc_req *request, krb5_data **encoded_req_body);
+                           krb5_kdc_req *request, krb5_data **encoded_req_body);
 
 typedef krb5_error_code(*kdc_req_encoder_proc) (const krb5_kdc_req *, krb5_data **);
 
-krb5_error_code 
+krb5_error_code
 krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *state,
-		       krb5_kdc_req *request,
-		       const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder,
-		       krb5_data **encoded_request);
+                       krb5_kdc_req *request,
+                       const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder,
+                       krb5_data **encoded_request);
 krb5_error_code
 krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_state *state,
-			   krb5_error **err_replyptr			   , krb5_pa_data ***out_padata,
-			   krb5_boolean *retry);
+                           krb5_error **err_replyptr                       , krb5_pa_data ***out_padata,
+                           krb5_boolean *retry);
 
 krb5_error_code krb5int_fast_process_response
 (krb5_context context, struct krb5int_fast_request_state *state,
@@ -73,10 +74,10 @@ krb5_error_code krb5int_fast_as_armor
  krb5_kdc_req *request);
 
 krb5_error_code krb5int_fast_reply_key(krb5_context context,
-				       krb5_keyblock *strengthen_key,
-				       krb5_keyblock *existing_key,
-				       krb5_keyblock *output_key);
+                                       krb5_keyblock *strengthen_key,
+                                       krb5_keyblock *existing_key,
+                                       krb5_keyblock *output_key);
+
 
-				       
 
 #endif
diff --git a/src/lib/krb5/krb/free_rtree.c b/src/lib/krb5/krb/free_rtree.c
index 90c9dd3c8..951d55dd3 100644
--- a/src/lib/krb5/krb/free_rtree.c
+++ b/src/lib/krb5/krb/free_rtree.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/free_rtree.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_free_realm_tree()
  */
@@ -34,10 +35,10 @@ krb5_free_realm_tree(krb5_context context, krb5_principal *realms)
 {
     register krb5_principal *nrealms = realms;
     if (realms == NULL)
-	return;
+        return;
     while (*nrealms) {
-	krb5_free_principal(context, *nrealms);
-	nrealms++;
+        krb5_free_principal(context, *nrealms);
+        nrealms++;
     }
     free(realms);
 }
diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index 08646da6e..5725e4931 100644
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/get_in_tkt.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -35,14 +36,14 @@
 /* Get a TGT for use at the remote host */
 krb5_error_code KRB5_CALLCONV
 krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *rhost, krb5_principal client, krb5_principal server, krb5_ccache cc, int forwardable, krb5_data *outbuf)
-                         
-                                   
-                
-                          
-                          
-                   
-                          /* Should forwarded TGT also be forwardable? */
-                      
+
+
+
+
+
+
+/* Should forwarded TGT also be forwardable? */
+
 {
     krb5_replay_data replaydata;
     krb5_data * scratch = 0;
@@ -61,136 +62,136 @@ krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, char *r
     memset(&tgt, 0, sizeof(creds));
 
     if (cc == 0) {
-      if ((retval = krb5int_cc_default(context, &cc)))
-	goto errout;
-      close_cc = 1;
+        if ((retval = krb5int_cc_default(context, &cc)))
+            goto errout;
+        close_cc = 1;
     }
     retval = krb5_auth_con_getkey (context, auth_context, &session_key);
     if (retval)
-      goto errout;
+        goto errout;
     if (session_key) {
-	enctype = session_key->enctype;
-	krb5_free_keyblock (context, session_key);
-	session_key = NULL;
+        enctype = session_key->enctype;
+        krb5_free_keyblock (context, session_key);
+        session_key = NULL;
     } else if (server) { /* must server be non-NULL when rhost is given? */
-	/* Try getting credentials to see what the remote side supports.
-	   Not bulletproof, just a heuristic.  */
-	krb5_creds in, *out = 0;
-	memset (&in, 0, sizeof(in));
-
-	retval = krb5_copy_principal (context, server, &in.server);
-	if (retval)
-	    goto punt;
-	retval = krb5_copy_principal (context, client, &in.client);
-	if (retval)
-	    goto punt;
-	retval = krb5_get_credentials (context, 0, cc, &in, &out);
-	if (retval)
-	    goto punt;
-	/* Got the credentials.  Okay, now record the enctype and
-	   throw them away.  */
-	enctype = out->keyblock.enctype;
-	krb5_free_creds (context, out);
+        /* Try getting credentials to see what the remote side supports.
+           Not bulletproof, just a heuristic.  */
+        krb5_creds in, *out = 0;
+        memset (&in, 0, sizeof(in));
+
+        retval = krb5_copy_principal (context, server, &in.server);
+        if (retval)
+            goto punt;
+        retval = krb5_copy_principal (context, client, &in.client);
+        if (retval)
+            goto punt;
+        retval = krb5_get_credentials (context, 0, cc, &in, &out);
+        if (retval)
+            goto punt;
+        /* Got the credentials.  Okay, now record the enctype and
+           throw them away.  */
+        enctype = out->keyblock.enctype;
+        krb5_free_creds (context, out);
     punt:
-	krb5_free_cred_contents (context, &in);
+        krb5_free_cred_contents (context, &in);
     }
 
     if ((retval = krb5_copy_principal(context, client, &creds.client)))
-	goto errout;
-    
+        goto errout;
+
     if ((retval = krb5_build_principal_ext(context, &creds.server,
-					   client->realm.length,
-					   client->realm.data,
-					   KRB5_TGS_NAME_SIZE,
-					   KRB5_TGS_NAME,
-					   client->realm.length,
-					   client->realm.data,
-					   0)))
-	goto errout;
-	
+                                           client->realm.length,
+                                           client->realm.data,
+                                           KRB5_TGS_NAME_SIZE,
+                                           KRB5_TGS_NAME,
+                                           client->realm.length,
+                                           client->realm.data,
+                                           0)))
+        goto errout;
+
     /* fetch tgt directly from cache */
     context->use_conf_ktypes = 1;
     retval = krb5_cc_retrieve_cred (context, cc, KRB5_TC_SUPPORTED_KTYPES,
-				    &creds, &tgt);
+                                    &creds, &tgt);
     context->use_conf_ktypes = old_use_conf_ktypes;
     if (retval)
-	goto errout;
+        goto errout;
 
     /* tgt->client must be equal to creds.client */
     if (!krb5_principal_compare(context, tgt.client, creds.client)) {
-	retval = KRB5_PRINC_NOMATCH;
-	goto errout;
+        retval = KRB5_PRINC_NOMATCH;
+        goto errout;
     }
 
     if (!tgt.ticket.length) {
-	retval = KRB5_NO_TKT_SUPPLIED;
-	goto errout;
+        retval = KRB5_NO_TKT_SUPPLIED;
+        goto errout;
     }
-    
+
     if (tgt.addresses && *tgt.addresses) {
-      if (rhost == NULL) {
-	if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) {
-retval = KRB5_FWD_BAD_PRINCIPAL;
- goto errout;
-	}
-
-	if (krb5_princ_size(context, server) < 2){
-	  retval = KRB5_CC_BADNAME;
-	  goto errout;
-	}
-	
-	rhost = malloc(server->data[1].length+1);
-	if (!rhost) {
-	  retval = ENOMEM;
-	  goto errout;
-	}
-	free_rhost = 1;
-	memcpy(rhost, server->data[1].data, server->data[1].length);
-	rhost[server->data[1].length] = '\0';
-      }
-
-	retval = krb5_os_hostaddr(context, rhost, &addrs);
-	if (retval)
-	    goto errout;
+        if (rhost == NULL) {
+            if (krb5_princ_type(context, server) != KRB5_NT_SRV_HST) {
+                retval = KRB5_FWD_BAD_PRINCIPAL;
+                goto errout;
+            }
+
+            if (krb5_princ_size(context, server) < 2){
+                retval = KRB5_CC_BADNAME;
+                goto errout;
+            }
+
+            rhost = malloc(server->data[1].length+1);
+            if (!rhost) {
+                retval = ENOMEM;
+                goto errout;
+            }
+            free_rhost = 1;
+            memcpy(rhost, server->data[1].data, server->data[1].length);
+            rhost[server->data[1].length] = '\0';
+        }
+
+        retval = krb5_os_hostaddr(context, rhost, &addrs);
+        if (retval)
+            goto errout;
     }
-    
+
     creds.keyblock.enctype = enctype;
     creds.times = tgt.times;
     creds.times.starttime = 0;
     kdcoptions = flags2options(tgt.ticket_flags)|KDC_OPT_FORWARDED;
 
     if (!forwardable) /* Reset KDC_OPT_FORWARDABLE */
-      kdcoptions &= ~(KDC_OPT_FORWARDABLE);
+        kdcoptions &= ~(KDC_OPT_FORWARDABLE);
 
     if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
-					addrs, &creds, &pcreds))) {
-	if (enctype) {
-	    creds.keyblock.enctype = 0;
-	    if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
-						addrs, &creds, &pcreds))) 
-		goto errout;
-	}
-	else goto errout;
+                                        addrs, &creds, &pcreds))) {
+        if (enctype) {
+            creds.keyblock.enctype = 0;
+            if ((retval = krb5_get_cred_via_tkt(context, &tgt, kdcoptions,
+                                                addrs, &creds, &pcreds)))
+                goto errout;
+        }
+        else goto errout;
     }
     retval = krb5_mk_1cred(context, auth_context, pcreds,
                            &scratch, &replaydata);
     krb5_free_creds(context, pcreds);
 
     if (retval) {
-	if (scratch)
-	    krb5_free_data(context, scratch);
+        if (scratch)
+            krb5_free_data(context, scratch);
     } else {
-	*outbuf = *scratch;
-	free(scratch);
+        *outbuf = *scratch;
+        free(scratch);
     }
-        
+
 errout:
     if (addrs)
-	krb5_free_addresses(context, addrs);
+        krb5_free_addresses(context, addrs);
     if (close_cc)
-	krb5_cc_close(context, cc);
+        krb5_cc_close(context, cc);
     if (free_rhost)
-	free(rhost);
+        free(rhost);
     krb5_free_cred_contents(context, &creds);
     krb5_free_cred_contents(context, &tgt);
     return retval;
diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c
index 4102dd728..581d89d4d 100644
--- a/src/lib/krb5/krb/gc_frm_kdc.c
+++ b/src/lib/krb5/krb/gc_frm_kdc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 1994,2003,2005,2007 by the Massachusetts Institute of Technology.
  * Copyright (c) 1994 CyberSAFE Corporation
@@ -9,7 +10,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -20,11 +21,11 @@
  * permission.  Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
  * fashion that it might be confused with the original M.I.T. software.
- * Neither M.I.T., the Open Computing Security Group, nor 
+ * Neither M.I.T., the Open Computing Security Group, nor
  * CyberSAFE Corporation make any representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * krb5_get_cred_from_kdc() and related functions:
  *
  * Get credentials from some KDC somewhere, possibly accumulating TGTs
@@ -50,13 +51,13 @@ struct cc_tgts {
 };
 
 /* NOTE: This only checks if NXT_TGT is CUR_CC_TGT. */
-#define NXT_TGT_IS_CACHED(ts)			\
-	((ts)->nxt_tgt == (ts)->cur_cc_tgt)
+#define NXT_TGT_IS_CACHED(ts)                   \
+    ((ts)->nxt_tgt == (ts)->cur_cc_tgt)
 
-#define MARK_CUR_CC_TGT_CLEAN(ts)			\
-do {							\
-	(ts)->cc_tgts.dirty[(ts)->cc_tgts.cur] = 0;	\
-} while (0)
+#define MARK_CUR_CC_TGT_CLEAN(ts)                       \
+    do {                                                \
+        (ts)->cc_tgts.dirty[(ts)->cc_tgts.cur] = 0;     \
+    } while (0)
 
 static void init_cc_tgts(struct tr_state *);
 static void shift_cc_tgts(struct tr_state *);
@@ -137,8 +138,8 @@ static void tr_dbg_rtree(struct tr_state *, const char *, krb5_principal);
  * Certain krb5_cc_retrieve_cred() errors are soft errors when looking
  * for a cross-realm TGT.
  */
-#define HARD_CC_ERR(r) ((r) && (r) != KRB5_CC_NOTFOUND &&	\
-	(r) != KRB5_CC_NOT_KTYPE)
+#define HARD_CC_ERR(r) ((r) && (r) != KRB5_CC_NOTFOUND &&       \
+                        (r) != KRB5_CC_NOT_KTYPE)
 
 /*
  * Flags for ccache lookups of cross-realm TGTs.
@@ -152,24 +153,24 @@ static void tr_dbg_rtree(struct tr_state *, const char *, krb5_principal);
  * Prototypes of helper functions
  */
 static krb5_error_code tgt_mcred(krb5_context, krb5_principal,
-    krb5_principal, krb5_principal, krb5_creds *);
+                                 krb5_principal, krb5_principal, krb5_creds *);
 static krb5_error_code retr_local_tgt(struct tr_state *, krb5_principal);
 static krb5_error_code try_ccache(struct tr_state *, krb5_creds *);
 static krb5_error_code find_nxt_kdc(struct tr_state *);
 static krb5_error_code try_kdc(struct tr_state *, krb5_creds *);
 static krb5_error_code kdc_mcred(struct tr_state *, krb5_principal,
-    krb5_creds *mcreds);
+                                 krb5_creds *mcreds);
 static krb5_error_code next_closest_tgt(struct tr_state *, krb5_principal);
 static krb5_error_code init_rtree(struct tr_state *,
-    krb5_principal, krb5_principal);
+                                  krb5_principal, krb5_principal);
 static krb5_error_code do_traversal(krb5_context ctx, krb5_ccache,
-    krb5_principal client, krb5_principal server,
-    krb5_creds *out_cc_tgt, krb5_creds **out_tgt,
-    krb5_creds ***out_kdc_tgts, int *tgtptr_isoffpath);
+                                    krb5_principal client, krb5_principal server,
+                                    krb5_creds *out_cc_tgt, krb5_creds **out_tgt,
+                                    krb5_creds ***out_kdc_tgts, int *tgtptr_isoffpath);
 static krb5_error_code chase_offpath(struct tr_state *, krb5_principal,
-    krb5_principal);
+                                     krb5_principal);
 static krb5_error_code offpath_loopchk(struct tr_state *ts,
-    krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount);
+                                       krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount);
 
 /*
  * init_cc_tgts()
@@ -210,8 +211,8 @@ shift_cc_tgts(struct tr_state *ts)
     rb->nxt = i;
     ts->nxt_cc_tgt = &rb->cred[i];
     if (rb->dirty[i]) {
-	krb5_free_cred_contents(ts->ctx, &rb->cred[i]);
-	rb->dirty[i] = 0;
+        krb5_free_cred_contents(ts->ctx, &rb->cred[i]);
+        rb->dirty[i] = 0;
     }
 }
 
@@ -228,10 +229,10 @@ clean_cc_tgts(struct tr_state *ts)
 
     rb = &ts->cc_tgts;
     for (i = 0; i < NCC_TGTS; i++) {
-	if (rb->dirty[i]) {
-	    krb5_free_cred_contents(ts->ctx, &rb->cred[i]);
-	    rb->dirty[i] = 0;
-	}
+        if (rb->dirty[i]) {
+            krb5_free_cred_contents(ts->ctx, &rb->cred[i]);
+            rb->dirty[i] = 0;
+        }
     }
 }
 
@@ -257,18 +258,18 @@ tr_dbg(struct tr_state *ts, const char *prog)
     fprintf(stderr, "%s: nxt_kdc %s\n", prog, nxt_kdc_str);
 cleanup:
     if (cur_tgt_str)
-	krb5_free_unparsed_name(ts->ctx, cur_tgt_str);
+        krb5_free_unparsed_name(ts->ctx, cur_tgt_str);
     if (cur_kdc_str)
-	krb5_free_unparsed_name(ts->ctx, cur_kdc_str);
+        krb5_free_unparsed_name(ts->ctx, cur_kdc_str);
     if (nxt_kdc_str)
-	krb5_free_unparsed_name(ts->ctx, nxt_kdc_str);
+        krb5_free_unparsed_name(ts->ctx, nxt_kdc_str);
 }
 
 static void
 tr_dbg_ret(struct tr_state *ts, const char *prog, krb5_error_code ret)
 {
     fprintf(stderr, "%s: return %d (%s)\n", prog, (int)ret,
-	    error_message(ret));
+            error_message(ret));
 }
 
 static void
@@ -277,7 +278,7 @@ tr_dbg_rtree(struct tr_state *ts, const char *prog, krb5_principal princ)
     char *str;
 
     if (krb5_unparse_name(ts->ctx, princ, &str))
-	return;
+        return;
     fprintf(stderr, "%s: %s\n", prog, str);
     krb5_free_unparsed_name(ts->ctx, str);
 }
@@ -296,8 +297,8 @@ tr_dbg_rtree(struct tr_state *ts, const char *prog, krb5_principal princ)
  */
 static krb5_error_code
 tgt_mcred(krb5_context ctx, krb5_principal client,
-	  krb5_principal dst, krb5_principal src,
-	  krb5_creds *mcreds)
+          krb5_principal dst, krb5_principal src,
+          krb5_creds *mcreds)
 {
     krb5_error_code retval;
 
@@ -306,16 +307,16 @@ tgt_mcred(krb5_context ctx, krb5_principal client,
 
     retval = krb5_copy_principal(ctx, client, &mcreds->client);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = krb5_tgtname(ctx, krb5_princ_realm(ctx, dst),
-			  krb5_princ_realm(ctx, src), &mcreds->server);
+                          krb5_princ_realm(ctx, src), &mcreds->server);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
 cleanup:
     if (retval)
-	krb5_free_cred_contents(ctx, mcreds);
+        krb5_free_cred_contents(ctx, mcreds);
 
     return retval;
 }
@@ -327,27 +328,27 @@ cleanup:
  */
 static krb5_error_code
 init_rtree(struct tr_state *ts,
-	   krb5_principal client, krb5_principal server)
+           krb5_principal client, krb5_principal server)
 {
     krb5_error_code retval;
 
     ts->kdc_list = NULL;
     retval = krb5_walk_realm_tree(ts->ctx, krb5_princ_realm(ts->ctx, client),
-				  krb5_princ_realm(ts->ctx, server),
-				  &ts->kdc_list, KRB5_REALM_BRANCH_CHAR);
+                                  krb5_princ_realm(ts->ctx, server),
+                                  &ts->kdc_list, KRB5_REALM_BRANCH_CHAR);
     if (retval)
-	return retval;
+        return retval;
 
     for (ts->nkdcs = 0; ts->kdc_list[ts->nkdcs]; ts->nkdcs++) {
-	assert(krb5_princ_size(ts->ctx, ts->kdc_list[ts->nkdcs]) == 2);
-	TR_DBG_RTREE(ts, "init_rtree", ts->kdc_list[ts->nkdcs]);
+        assert(krb5_princ_size(ts->ctx, ts->kdc_list[ts->nkdcs]) == 2);
+        TR_DBG_RTREE(ts, "init_rtree", ts->kdc_list[ts->nkdcs]);
     }
     assert(ts->nkdcs > 1);
     ts->lst_kdc = ts->kdc_list + ts->nkdcs - 1;
 
     ts->kdc_tgts = calloc(ts->nkdcs + 1, sizeof(krb5_creds));
     if (ts->kdc_tgts == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     return 0;
 }
@@ -366,16 +367,16 @@ retr_local_tgt(struct tr_state *ts, krb5_principal client)
     memset(&tgtq, 0, sizeof(tgtq));
     retval = tgt_mcred(ts->ctx, client, client, client, &tgtq);
     if (retval)
-	return retval;
+        return retval;
 
     /* Match realm, unlike other ccache retrievals here. */
     retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache,
-				   KRB5_TC_SUPPORTED_KTYPES,
-				   &tgtq, ts->nxt_cc_tgt);
+                                   KRB5_TC_SUPPORTED_KTYPES,
+                                   &tgtq, ts->nxt_cc_tgt);
     krb5_free_cred_contents(ts->ctx, &tgtq);
     if (!retval) {
-	shift_cc_tgts(ts);
-	ts->nxt_tgt = ts->cur_tgt = ts->cur_cc_tgt;
+        shift_cc_tgts(ts);
+        ts->nxt_tgt = ts->cur_tgt = ts->cur_cc_tgt;
     }
     return retval;
 }
@@ -393,10 +394,10 @@ try_ccache(struct tr_state *ts, krb5_creds *tgtq)
 
     TR_DBG(ts, "try_ccache");
     retval = krb5_cc_retrieve_cred(ts->ctx, ts->ccache, RETR_FLAGS,
-				   tgtq, ts->nxt_cc_tgt);
+                                   tgtq, ts->nxt_cc_tgt);
     if (!retval) {
-	shift_cc_tgts(ts);
-	ts->nxt_tgt = ts->cur_cc_tgt;
+        shift_cc_tgts(ts);
+        ts->nxt_tgt = ts->cur_cc_tgt;
     }
     TR_DBG_RET(ts, "try_ccache", retval);
     return retval;
@@ -436,31 +437,31 @@ find_nxt_kdc(struct tr_state *ts)
     assert(ts->ntgts > 0);
     assert(ts->nxt_tgt == ts->kdc_tgts[ts->ntgts-1]);
     if (krb5_princ_size(ts->ctx, ts->nxt_tgt->server) != 2)
-	return KRB5_KDCREP_MODIFIED;
+        return KRB5_KDCREP_MODIFIED;
 
     r1 = krb5_princ_component(ts->ctx, ts->nxt_tgt->server, 1);
 
     for (kdcptr = ts->cur_kdc + 1; *kdcptr != NULL; kdcptr++) {
 
-	r2 = krb5_princ_component(ts->ctx, *kdcptr, 1);
+        r2 = krb5_princ_component(ts->ctx, *kdcptr, 1);
 
-	if (r1 != NULL && r2 != NULL && data_eq(*r1, *r2)) {
-	    break;
-	}
+        if (r1 != NULL && r2 != NULL && data_eq(*r1, *r2)) {
+            break;
+        }
     }
     if (*kdcptr != NULL) {
-	ts->nxt_kdc = kdcptr;
-	TR_DBG_RET(ts, "find_nxt_kdc", 0);
-	return 0;
+        ts->nxt_kdc = kdcptr;
+        TR_DBG_RET(ts, "find_nxt_kdc", 0);
+        return 0;
     }
 
     r2 = krb5_princ_component(ts->ctx, ts->kdc_list[0], 1);
     if (r1 != NULL && r2 != NULL &&
-	r1->length == r2->length &&
-	!memcmp(r1->data, r2->data, r1->length)) {
-	TR_DBG_RET(ts, "find_nxt_kdc: looped back to local",
-		   KRB5_KDCREP_MODIFIED);
-	return KRB5_KDCREP_MODIFIED;
+        r1->length == r2->length &&
+        !memcmp(r1->data, r2->data, r1->length)) {
+        TR_DBG_RET(ts, "find_nxt_kdc: looped back to local",
+                   KRB5_KDCREP_MODIFIED);
+        return KRB5_KDCREP_MODIFIED;
     }
 
     /*
@@ -469,11 +470,11 @@ find_nxt_kdc(struct tr_state *ts)
      */
     ts->offpath_tgt = ts->nxt_tgt;
     if (ts->cur_kdc == ts->kdc_list) {
-	/*
-	 * Local KDC referred us off path; trust it for caching
-	 * purposes.
-	 */
-	return 0;
+        /*
+         * Local KDC referred us off path; trust it for caching
+         * purposes.
+         */
+        return 0;
     }
     /*
      * Unlink the off-path TGT from KDC_TGTS but don't free it,
@@ -500,20 +501,20 @@ try_kdc(struct tr_state *ts, krb5_creds *tgtq)
     TR_DBG(ts, "try_kdc");
     /* This check should probably be in gc_via_tkt. */
     if (!krb5_c_valid_enctype(ts->cur_tgt->keyblock.enctype))
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return KRB5_PROG_ETYPE_NOSUPP;
 
     ltgtq = *tgtq;
     ltgtq.is_skey = FALSE;
     ltgtq.ticket_flags = ts->cur_tgt->ticket_flags;
     retval = krb5_get_cred_via_tkt(ts->ctx, ts->cur_tgt,
-				   FLAGS2OPTS(ltgtq.ticket_flags),
-				   ts->cur_tgt->addresses,
-				   &ltgtq, &ts->kdc_tgts[ts->ntgts++]);
+                                   FLAGS2OPTS(ltgtq.ticket_flags),
+                                   ts->cur_tgt->addresses,
+                                   &ltgtq, &ts->kdc_tgts[ts->ntgts++]);
     if (retval) {
-	ts->ntgts--;
-	ts->nxt_tgt = ts->cur_tgt;
-	TR_DBG_RET(ts, "try_kdc", retval);
-	return retval;
+        ts->ntgts--;
+        ts->nxt_tgt = ts->cur_tgt;
+        TR_DBG_RET(ts, "try_kdc", retval);
+        return retval;
     }
     ts->nxt_tgt = ts->kdc_tgts[ts->ntgts-1];
     retval = find_nxt_kdc(ts);
@@ -544,15 +545,15 @@ kdc_mcred(struct tr_state *ts, krb5_principal client, krb5_creds *mcreds)
     rsrc = krb5_princ_component(ts->ctx, *ts->cur_kdc, 1);
     retval = krb5_copy_principal(ts->ctx, client, &mcreds->client);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = krb5_tgtname(ts->ctx, rdst, rsrc, &mcreds->server);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
 cleanup:
     if (retval)
-	krb5_free_cred_contents(ts->ctx, mcreds);
+        krb5_free_cred_contents(ts->ctx, mcreds);
 
     return retval;
 }
@@ -574,30 +575,30 @@ next_closest_tgt(struct tr_state *ts, krb5_principal client)
     memset(&tgtq, 0, sizeof(tgtq));
 
     for (ts->nxt_kdc = ts->lst_kdc;
-	 ts->nxt_kdc > ts->cur_kdc;
-	 ts->nxt_kdc--) {
-
-	krb5_free_cred_contents(ts->ctx, &tgtq);
-	retval = kdc_mcred(ts, client, &tgtq);
-	if (retval)
-	    goto cleanup;
-	/* Don't waste time retrying ccache for direct path. */
-	if (ts->cur_kdc != ts->kdc_list || ts->nxt_kdc != ts->lst_kdc) {
-	    retval = try_ccache(ts, &tgtq);
-	    if (!retval)
-		break;
-	    if (HARD_CC_ERR(retval))
-		goto cleanup;
-	}
-	/* Not in the ccache, so talk to a KDC. */
-	retval = try_kdc(ts, &tgtq);
-	if (!retval) {
-	    break;
-	}
-	/*
-	 * In case of errors in try_kdc() or find_nxt_kdc(), continue
-	 * looping through the KDC list.
-	 */
+         ts->nxt_kdc > ts->cur_kdc;
+         ts->nxt_kdc--) {
+
+        krb5_free_cred_contents(ts->ctx, &tgtq);
+        retval = kdc_mcred(ts, client, &tgtq);
+        if (retval)
+            goto cleanup;
+        /* Don't waste time retrying ccache for direct path. */
+        if (ts->cur_kdc != ts->kdc_list || ts->nxt_kdc != ts->lst_kdc) {
+            retval = try_ccache(ts, &tgtq);
+            if (!retval)
+                break;
+            if (HARD_CC_ERR(retval))
+                goto cleanup;
+        }
+        /* Not in the ccache, so talk to a KDC. */
+        retval = try_kdc(ts, &tgtq);
+        if (!retval) {
+            break;
+        }
+        /*
+         * In case of errors in try_kdc() or find_nxt_kdc(), continue
+         * looping through the KDC list.
+         */
     }
     /*
      * If we have a non-zero retval, we either have a hard error or we
@@ -700,13 +701,13 @@ cleanup:
  */
 static krb5_error_code
 do_traversal(krb5_context ctx,
-	     krb5_ccache ccache,
-	     krb5_principal client,
-	     krb5_principal server,
-	     krb5_creds *out_cc_tgt,
-	     krb5_creds **out_tgt,
-	     krb5_creds ***out_kdc_tgts,
-	     int *tgtptr_isoffpath)
+             krb5_ccache ccache,
+             krb5_principal client,
+             krb5_principal server,
+             krb5_creds *out_cc_tgt,
+             krb5_creds **out_tgt,
+             krb5_creds ***out_kdc_tgts,
+             int *tgtptr_isoffpath)
 {
     krb5_error_code retval;
     struct tr_state state, *ts;
@@ -721,51 +722,51 @@ do_traversal(krb5_context ctx,
 
     retval = init_rtree(ts, client, server);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = retr_local_tgt(ts, client);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     for (ts->cur_kdc = ts->kdc_list, ts->nxt_kdc = NULL;
-	 ts->cur_kdc != NULL && ts->cur_kdc < ts->lst_kdc;
-	 ts->cur_kdc = ts->nxt_kdc, ts->cur_tgt = ts->nxt_tgt) {
-
-	retval = next_closest_tgt(ts, client);
-	if (retval)
-	    goto cleanup;
-
-	if (ts->offpath_tgt != NULL) {
-	    retval = chase_offpath(ts, client, server);
-	    if (retval)
-		goto cleanup;
-	    break;
-	}
-	assert(ts->cur_kdc != ts->nxt_kdc);
+         ts->cur_kdc != NULL && ts->cur_kdc < ts->lst_kdc;
+         ts->cur_kdc = ts->nxt_kdc, ts->cur_tgt = ts->nxt_tgt) {
+
+        retval = next_closest_tgt(ts, client);
+        if (retval)
+            goto cleanup;
+
+        if (ts->offpath_tgt != NULL) {
+            retval = chase_offpath(ts, client, server);
+            if (retval)
+                goto cleanup;
+            break;
+        }
+        assert(ts->cur_kdc != ts->nxt_kdc);
     }
 
     if (NXT_TGT_IS_CACHED(ts)) {
-	assert(ts->offpath_tgt == NULL);
-	*out_cc_tgt = *ts->cur_cc_tgt;
-	*out_tgt = out_cc_tgt;
-	MARK_CUR_CC_TGT_CLEAN(ts);
+        assert(ts->offpath_tgt == NULL);
+        *out_cc_tgt = *ts->cur_cc_tgt;
+        *out_tgt = out_cc_tgt;
+        MARK_CUR_CC_TGT_CLEAN(ts);
     } else if (ts->offpath_tgt != NULL){
-	*out_tgt = ts->offpath_tgt;
+        *out_tgt = ts->offpath_tgt;
     } else {
-	/* CUR_TGT is somewhere in KDC_TGTS; no need to copy. */
-	*out_tgt = ts->nxt_tgt;
+        /* CUR_TGT is somewhere in KDC_TGTS; no need to copy. */
+        *out_tgt = ts->nxt_tgt;
     }
 
 cleanup:
     clean_cc_tgts(ts);
     if (ts->kdc_list != NULL)
-	krb5_free_realm_tree(ctx, ts->kdc_list);
+        krb5_free_realm_tree(ctx, ts->kdc_list);
     if (ts->ntgts == 0) {
-	*out_kdc_tgts = NULL;
-	if (ts->kdc_tgts != NULL)
-	    free(ts->kdc_tgts);
+        *out_kdc_tgts = NULL;
+        if (ts->kdc_tgts != NULL)
+            free(ts->kdc_tgts);
     } else
-	*out_kdc_tgts = ts->kdc_tgts;
+        *out_kdc_tgts = ts->kdc_tgts;
     *tgtptr_isoffpath = (ts->offpath_tgt != NULL);
     return retval;
 }
@@ -785,7 +786,7 @@ cleanup:
  */
 static krb5_error_code
 chase_offpath(struct tr_state *ts,
-	      krb5_principal client, krb5_principal server)
+              krb5_principal client, krb5_principal server)
 {
     krb5_error_code retval;
     krb5_creds mcred;
@@ -797,61 +798,61 @@ chase_offpath(struct tr_state *ts,
     cur_tgt = ts->offpath_tgt;
 
     for (rcount = 0; rcount < KRB5_REFERRAL_MAXHOPS; rcount++) {
-	nxt_tgt = NULL;
-	memset(&mcred, 0, sizeof(mcred));
-	rsrc = krb5_princ_component(ts->ctx, cur_tgt->server, 1);
-	retval = krb5_tgtname(ts->ctx, rdst, rsrc, &mcred.server);
-	if (retval)
-	    goto cleanup;
-	mcred.client = client;
+        nxt_tgt = NULL;
+        memset(&mcred, 0, sizeof(mcred));
+        rsrc = krb5_princ_component(ts->ctx, cur_tgt->server, 1);
+        retval = krb5_tgtname(ts->ctx, rdst, rsrc, &mcred.server);
+        if (retval)
+            goto cleanup;
+        mcred.client = client;
         retval = krb5_get_cred_via_tkt(ts->ctx, cur_tgt,
-				       FLAGS2OPTS(cur_tgt->ticket_flags),
-				       cur_tgt->addresses, &mcred, &nxt_tgt);
-	mcred.client = NULL;
-	krb5_free_principal(ts->ctx, mcred.server);
-	mcred.server = NULL;
-	if (retval)
-	    goto cleanup;
-	if (!IS_TGS_PRINC(ts->ctx, nxt_tgt->server)) {
-	    retval = KRB5_KDCREP_MODIFIED;
-	    goto cleanup;
-	}
-	r1 = krb5_princ_component(ts->ctx, nxt_tgt->server, 1);
-	if (rdst->length == r1->length &&
-	    !memcmp(rdst->data, r1->data, rdst->length)) {
-	    retval = 0;
-	    goto cleanup;
-	}
-	retval = offpath_loopchk(ts, nxt_tgt, reftgts, rcount);
-	if (retval)
-	    goto cleanup;
-	reftgts[rcount] = nxt_tgt;
-	cur_tgt = nxt_tgt;
-	nxt_tgt = NULL;
+                                       FLAGS2OPTS(cur_tgt->ticket_flags),
+                                       cur_tgt->addresses, &mcred, &nxt_tgt);
+        mcred.client = NULL;
+        krb5_free_principal(ts->ctx, mcred.server);
+        mcred.server = NULL;
+        if (retval)
+            goto cleanup;
+        if (!IS_TGS_PRINC(ts->ctx, nxt_tgt->server)) {
+            retval = KRB5_KDCREP_MODIFIED;
+            goto cleanup;
+        }
+        r1 = krb5_princ_component(ts->ctx, nxt_tgt->server, 1);
+        if (rdst->length == r1->length &&
+            !memcmp(rdst->data, r1->data, rdst->length)) {
+            retval = 0;
+            goto cleanup;
+        }
+        retval = offpath_loopchk(ts, nxt_tgt, reftgts, rcount);
+        if (retval)
+            goto cleanup;
+        reftgts[rcount] = nxt_tgt;
+        cur_tgt = nxt_tgt;
+        nxt_tgt = NULL;
     }
     /* Max hop count exceeded. */
     retval = KRB5_KDCREP_MODIFIED;
 
 cleanup:
     if (mcred.server != NULL) {
-	krb5_free_principal(ts->ctx, mcred.server);
+        krb5_free_principal(ts->ctx, mcred.server);
     }
     /*
      * Don't free TS->OFFPATH_TGT if it's in the list of cacheable
      * TGTs to be returned by do_traversal().
      */
     if (ts->offpath_tgt != ts->nxt_tgt) {
-	krb5_free_creds(ts->ctx, ts->offpath_tgt);
+        krb5_free_creds(ts->ctx, ts->offpath_tgt);
     }
     ts->offpath_tgt = NULL;
     if (nxt_tgt != NULL) {
-	if (retval)
-	    krb5_free_creds(ts->ctx, nxt_tgt);
-	else
-	    ts->offpath_tgt = nxt_tgt;
+        if (retval)
+            krb5_free_creds(ts->ctx, nxt_tgt);
+        else
+            ts->offpath_tgt = nxt_tgt;
     }
     for (i = 0; i < rcount; i++) {
-	krb5_free_creds(ts->ctx, reftgts[i]);
+        krb5_free_creds(ts->ctx, reftgts[i]);
     }
     return retval;
 }
@@ -864,23 +865,23 @@ cleanup:
  */
 static krb5_error_code
 offpath_loopchk(struct tr_state *ts,
-		krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount)
+                krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount)
 {
     krb5_data *r1, *r2;
     unsigned int i;
 
     r1 = krb5_princ_component(ts->ctx, tgt->server, 1);
     for (i = 0; i < rcount; i++) {
-	r2 = krb5_princ_component(ts->ctx, reftgts[i]->server, 1);
-	if (r1->length == r2->length &&
-	    !memcmp(r1->data, r2->data, r1->length))
-	    return KRB5_KDCREP_MODIFIED;
+        r2 = krb5_princ_component(ts->ctx, reftgts[i]->server, 1);
+        if (r1->length == r2->length &&
+            !memcmp(r1->data, r2->data, r1->length))
+            return KRB5_KDCREP_MODIFIED;
     }
     for (i = 0; i < ts->ntgts; i++) {
-	r2 = krb5_princ_component(ts->ctx, ts->kdc_tgts[i]->server, 1);
-	if (r1->length == r2->length &&
-	    !memcmp(r1->data, r2->data, r1->length))
-	    return KRB5_KDCREP_MODIFIED;
+        r2 = krb5_princ_component(ts->ctx, ts->kdc_tgts[i]->server, 1);
+        if (r1->length == r2->length &&
+            !memcmp(r1->data, r2->data, r1->length))
+            return KRB5_KDCREP_MODIFIED;
     }
     return 0;
 }
@@ -923,8 +924,8 @@ offpath_loopchk(struct tr_state *ts,
 
 krb5_error_code
 krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
-			   krb5_creds *in_cred, krb5_creds **out_cred,
-			   krb5_creds ***tgts, int kdcopt)
+                           krb5_creds *in_cred, krb5_creds **out_cred,
+                           krb5_creds ***tgts, int kdcopt)
 {
     krb5_error_code retval, subretval;
     krb5_principal client, server, supplied_server, out_supplied_server;
@@ -936,7 +937,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
     unsigned int referral_count, i;
     krb5_authdata **supplied_authdata, **out_supplied_authdata = NULL;
 
-    /* 
+    /*
      * Set up client and server pointers.  Make a fresh and modifyable
      * copy of the in_cred server and save the supplied version.
      */
@@ -945,17 +946,17 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
         return retval;
     /* We need a second copy for the output creds. */
     if ((retval = krb5_copy_principal(context, server,
-				      &out_supplied_server)) != 0 ) {
-	krb5_free_principal(context, server);
-	return retval;
+                                      &out_supplied_server)) != 0 ) {
+        krb5_free_principal(context, server);
+        return retval;
     }
     if (in_cred->authdata != NULL) {
-	if ((retval = krb5_copy_authdata(context, in_cred->authdata,
-					 &out_supplied_authdata)) != 0) {
-	    krb5_free_principal(context, out_supplied_server);
-	    krb5_free_principal(context, server);
-	    return retval;
-	}
+        if ((retval = krb5_copy_authdata(context, in_cred->authdata,
+                                         &out_supplied_authdata)) != 0) {
+            krb5_free_principal(context, out_supplied_server);
+            krb5_free_principal(context, server);
+            return retval;
+        }
     }
 
     supplied_server = in_cred->server;
@@ -977,16 +978,16 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
     if (krb5_is_referral_realm(&server->realm)) {
         /* Use the client realm. */
         DPRINTF(("gc_from_kdc: no server realm supplied, "
-		 "using client realm.\n"));
-	krb5_free_data_contents(context, &server->realm);
-	server->realm.data = malloc(client->realm.length + 1);
-	if (server->realm.data == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	memcpy(server->realm.data, client->realm.data, client->realm.length);
-	server->realm.length = client->realm.length;
-	server->realm.data[server->realm.length] = 0;
+                 "using client realm.\n"));
+        krb5_free_data_contents(context, &server->realm);
+        server->realm.data = malloc(client->realm.length + 1);
+        if (server->realm.data == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(server->realm.data, client->realm.data, client->realm.length);
+        server->realm.length = client->realm.length;
+        server->realm.data[server->realm.length] = 0;
     }
     /*
      * Retreive initial TGT to match the specified server, either for the
@@ -995,21 +996,21 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
      */
     retval = tgt_mcred(context, client, server, client, &tgtq);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     /* Fast path: Is it in the ccache? */
     context->use_conf_ktypes = 1;
     retval = krb5_cc_retrieve_cred(context, ccache, RETR_FLAGS,
-				   &tgtq, &cc_tgt);
+                                   &tgtq, &cc_tgt);
     if (!retval) {
-	tgtptr = &cc_tgt;
+        tgtptr = &cc_tgt;
     } else if (!HARD_CC_ERR(retval)) {
         DPRINTF(("gc_from_kdc: starting do_traversal to find "
-		 "initial TGT for referral\n"));
-	tgtptr_isoffpath = 0;
-	otgtptr = NULL;
-	retval = do_traversal(context, ccache, client, server,
-			      &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath);
+                 "initial TGT for referral\n"));
+        tgtptr_isoffpath = 0;
+        otgtptr = NULL;
+        retval = do_traversal(context, ccache, client, server,
+                              &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath);
     }
     if (retval) {
         DPRINTF(("gc_from_kdc: failed to find initial TGT for referral\n"));
@@ -1019,8 +1020,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
     DUMP_PRINC("gc_from_kdc: server as requested", supplied_server);
 
     if (in_cred->second_ticket.length != 0 &&
-	(kdcopt & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) {
-	kdcopt |= KDC_OPT_ENC_TKT_IN_SKEY;
+        (kdcopt & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) {
+        kdcopt |= KDC_OPT_ENC_TKT_IN_SKEY;
     }
 
     /*
@@ -1035,152 +1036,152 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
      */
     otgtptr = tgtptr;
     for (referral_count = 0;
-	 referral_count < KRB5_REFERRAL_MAXHOPS;
-	 referral_count++) {
+         referral_count < KRB5_REFERRAL_MAXHOPS;
+         referral_count++) {
 #if 0
         DUMP_PRINC("gc_from_kdc: referral loop: tgt in use", tgtptr->server);
         DUMP_PRINC("gc_from_kdc: referral loop: request is for", server);
 #endif
         retval = krb5_get_cred_via_tkt(context, tgtptr,
-				       KDC_OPT_CANONICALIZE | 
-				       FLAGS2OPTS(tgtptr->ticket_flags) |  
-				       kdcopt,
-				       tgtptr->addresses, in_cred, out_cred);
-	if (retval) {
-	    DPRINTF(("gc_from_kdc: referral TGS-REQ request failed: <%s>\n",
-		     error_message(retval)));
-	    /* If we haven't gone anywhere yet, fail through to the
-	       non-referral case. */
-	    if (referral_count==0) {
-	        DPRINTF(("gc_from_kdc: initial referral failed; "
-			 "punting to fallback.\n"));
-	        break;
-	    }
-	    /* Otherwise, try the same query without canonicalization
-	       set, and fail hard if that doesn't work. */
-	    DPRINTF(("gc_from_kdc: referral #%d failed; "
-		     "retrying without option.\n", referral_count + 1));
-	    retval = krb5_get_cred_via_tkt(context, tgtptr,
-					   FLAGS2OPTS(tgtptr->ticket_flags) |  
-					   kdcopt,
-					   tgtptr->addresses,
-					   in_cred, out_cred);
-	    /* Whether or not that succeeded, we're done. */
-	    goto cleanup;
-	}
-	/* Referral request succeeded; let's see what it is. */
-	if (krb5_principal_compare(context, in_cred->server,
-				   (*out_cred)->server)) {
-	    DPRINTF(("gc_from_kdc: request generated ticket "
-		     "for requested server principal\n"));
-	    DUMP_PRINC("gc_from_kdc final referred reply",
-		       in_cred->server);
-
-	    /*
-	     * Check if the return enctype is one that we requested if
-	     * needed.
-	     */
-	    if (old_use_conf_ktypes || !context->tgs_etypes)
-		goto cleanup;
-	    for (i = 0; context->tgs_etypes[i]; i++) {
-		if ((*out_cred)->keyblock.enctype == context->tgs_etypes[i]) {
-		    /* Found an allowable etype, so we're done */
-		    goto cleanup;
-		}
-	    }
-	    /*
-	     *  We need to try again, but this time use the
-	     *  tgs_ktypes in the context. At this point we should
-	     *  have all the tgts to succeed.
-	     */
-
-	    /* Free "wrong" credential */
-	    krb5_free_creds(context, *out_cred);
-	    *out_cred = NULL;
-	    /* Re-establish tgs etypes */
-	    context->use_conf_ktypes = old_use_conf_ktypes;
-	    retval = krb5_get_cred_via_tkt(context, tgtptr,
-					   KDC_OPT_CANONICALIZE | 
-					   FLAGS2OPTS(tgtptr->ticket_flags) |  
-					   kdcopt,
-					   tgtptr->addresses,
-					   in_cred, out_cred);
-	    goto cleanup;
-	}
-	else if (IS_TGS_PRINC(context, (*out_cred)->server)) {
-	    krb5_data *r1, *r2;
-
-	    DPRINTF(("gc_from_kdc: request generated referral tgt\n"));
-	    DUMP_PRINC("gc_from_kdc credential received",
-		       (*out_cred)->server);
-
-	    if (referral_count == 0)
-		r1 = &tgtptr->server->data[1];
-	    else
-		r1 = &referral_tgts[referral_count-1]->server->data[1];
-
-	    r2 = &(*out_cred)->server->data[1];
-	    if (data_eq(*r1, *r2)) {
-		DPRINTF(("gc_from_kdc: referred back to "
-			 "previous realm; fall back\n"));
-		krb5_free_creds(context, *out_cred);
-		*out_cred = NULL;
-		break;
-	    }
-	    /* Check for referral routing loop. */
-	    for (i=0;i<referral_count;i++) {
+                                       KDC_OPT_CANONICALIZE |
+                                       FLAGS2OPTS(tgtptr->ticket_flags) |
+                                       kdcopt,
+                                       tgtptr->addresses, in_cred, out_cred);
+        if (retval) {
+            DPRINTF(("gc_from_kdc: referral TGS-REQ request failed: <%s>\n",
+                     error_message(retval)));
+            /* If we haven't gone anywhere yet, fail through to the
+               non-referral case. */
+            if (referral_count==0) {
+                DPRINTF(("gc_from_kdc: initial referral failed; "
+                         "punting to fallback.\n"));
+                break;
+            }
+            /* Otherwise, try the same query without canonicalization
+               set, and fail hard if that doesn't work. */
+            DPRINTF(("gc_from_kdc: referral #%d failed; "
+                     "retrying without option.\n", referral_count + 1));
+            retval = krb5_get_cred_via_tkt(context, tgtptr,
+                                           FLAGS2OPTS(tgtptr->ticket_flags) |
+                                           kdcopt,
+                                           tgtptr->addresses,
+                                           in_cred, out_cred);
+            /* Whether or not that succeeded, we're done. */
+            goto cleanup;
+        }
+        /* Referral request succeeded; let's see what it is. */
+        if (krb5_principal_compare(context, in_cred->server,
+                                   (*out_cred)->server)) {
+            DPRINTF(("gc_from_kdc: request generated ticket "
+                     "for requested server principal\n"));
+            DUMP_PRINC("gc_from_kdc final referred reply",
+                       in_cred->server);
+
+            /*
+             * Check if the return enctype is one that we requested if
+             * needed.
+             */
+            if (old_use_conf_ktypes || !context->tgs_etypes)
+                goto cleanup;
+            for (i = 0; context->tgs_etypes[i]; i++) {
+                if ((*out_cred)->keyblock.enctype == context->tgs_etypes[i]) {
+                    /* Found an allowable etype, so we're done */
+                    goto cleanup;
+                }
+            }
+            /*
+             *  We need to try again, but this time use the
+             *  tgs_ktypes in the context. At this point we should
+             *  have all the tgts to succeed.
+             */
+
+            /* Free "wrong" credential */
+            krb5_free_creds(context, *out_cred);
+            *out_cred = NULL;
+            /* Re-establish tgs etypes */
+            context->use_conf_ktypes = old_use_conf_ktypes;
+            retval = krb5_get_cred_via_tkt(context, tgtptr,
+                                           KDC_OPT_CANONICALIZE |
+                                           FLAGS2OPTS(tgtptr->ticket_flags) |
+                                           kdcopt,
+                                           tgtptr->addresses,
+                                           in_cred, out_cred);
+            goto cleanup;
+        }
+        else if (IS_TGS_PRINC(context, (*out_cred)->server)) {
+            krb5_data *r1, *r2;
+
+            DPRINTF(("gc_from_kdc: request generated referral tgt\n"));
+            DUMP_PRINC("gc_from_kdc credential received",
+                       (*out_cred)->server);
+
+            if (referral_count == 0)
+                r1 = &tgtptr->server->data[1];
+            else
+                r1 = &referral_tgts[referral_count-1]->server->data[1];
+
+            r2 = &(*out_cred)->server->data[1];
+            if (data_eq(*r1, *r2)) {
+                DPRINTF(("gc_from_kdc: referred back to "
+                         "previous realm; fall back\n"));
+                krb5_free_creds(context, *out_cred);
+                *out_cred = NULL;
+                break;
+            }
+            /* Check for referral routing loop. */
+            for (i=0;i<referral_count;i++) {
 #if 0
-		DUMP_PRINC("gc_from_kdc: loop compare #1",
-			   (*out_cred)->server);
-		DUMP_PRINC("gc_from_kdc: loop compare #2",
-			   referral_tgts[i]->server);
+                DUMP_PRINC("gc_from_kdc: loop compare #1",
+                           (*out_cred)->server);
+                DUMP_PRINC("gc_from_kdc: loop compare #2",
+                           referral_tgts[i]->server);
 #endif
-		if (krb5_principal_compare(context,
-					   (*out_cred)->server,
-					   referral_tgts[i]->server)) {
-		    DFPRINTF((stderr,
-			      "krb5_get_cred_from_kdc_opt: "
-			      "referral routing loop - "
-			      "got referral back to hop #%d\n", i));
-		    retval=KRB5_KDC_UNREACH;
-		    goto cleanup;
-		}
-	    }
-	    /* Point current tgt pointer at newly-received TGT. */
-	    if (tgtptr == &cc_tgt)
-		krb5_free_cred_contents(context, tgtptr);
-	    tgtptr=*out_cred;
-	    /* Save requested auth data with TGT in case it ends up stored */
-	    if (supplied_authdata != NULL) {
-		/* Ensure we note TGT contains authorization data */
-		retval = krb5_copy_authdata(context,
-					    supplied_authdata,
-					    &(*out_cred)->authdata);
-		if (retval)
-		    goto cleanup;
-	    }
-	    /* Save pointer to tgt in referral_tgts. */
-	    referral_tgts[referral_count]=*out_cred;
-	    *out_cred = NULL;
-	    /* Copy krbtgt realm to server principal. */
-	    krb5_free_data_contents(context, &server->realm);
-	    retval = krb5int_copy_data_contents(context,
-						&tgtptr->server->data[1],
-						&server->realm);
-	    if (retval)
-		goto cleanup;
-	    /* Don't ask for KDC to add auth data multiple times */
-	    in_cred->authdata = NULL;
-	    /*
-	     * Future work: rewrite server principal per any
-	     * supplied padata.
-	     */
-	} else {
-	    /* Not a TGT; punt to fallback. */
-	    krb5_free_creds(context, *out_cred);
-	    *out_cred = NULL;
-	    break;
-	}
+                if (krb5_principal_compare(context,
+                                           (*out_cred)->server,
+                                           referral_tgts[i]->server)) {
+                    DFPRINTF((stderr,
+                              "krb5_get_cred_from_kdc_opt: "
+                              "referral routing loop - "
+                              "got referral back to hop #%d\n", i));
+                    retval=KRB5_KDC_UNREACH;
+                    goto cleanup;
+                }
+            }
+            /* Point current tgt pointer at newly-received TGT. */
+            if (tgtptr == &cc_tgt)
+                krb5_free_cred_contents(context, tgtptr);
+            tgtptr=*out_cred;
+            /* Save requested auth data with TGT in case it ends up stored */
+            if (supplied_authdata != NULL) {
+                /* Ensure we note TGT contains authorization data */
+                retval = krb5_copy_authdata(context,
+                                            supplied_authdata,
+                                            &(*out_cred)->authdata);
+                if (retval)
+                    goto cleanup;
+            }
+            /* Save pointer to tgt in referral_tgts. */
+            referral_tgts[referral_count]=*out_cred;
+            *out_cred = NULL;
+            /* Copy krbtgt realm to server principal. */
+            krb5_free_data_contents(context, &server->realm);
+            retval = krb5int_copy_data_contents(context,
+                                                &tgtptr->server->data[1],
+                                                &server->realm);
+            if (retval)
+                goto cleanup;
+            /* Don't ask for KDC to add auth data multiple times */
+            in_cred->authdata = NULL;
+            /*
+             * Future work: rewrite server principal per any
+             * supplied padata.
+             */
+        } else {
+            /* Not a TGT; punt to fallback. */
+            krb5_free_creds(context, *out_cred);
+            *out_cred = NULL;
+            break;
+        }
     }
 
     DUMP_PRINC("gc_from_kdc client at fallback", client);
@@ -1198,33 +1199,33 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
      */
     if (krb5_is_referral_realm(&supplied_server->realm)) {
         if (server->length >= 2) {
-	    retval=krb5_get_fallback_host_realm(context, &server->data[1],
-						&hrealms);
-	    if (retval) goto cleanup;
+            retval=krb5_get_fallback_host_realm(context, &server->data[1],
+                                                &hrealms);
+            if (retval) goto cleanup;
 #if 0
-	    DPRINTF(("gc_from_kdc: using fallback realm of %s\n",
-		     hrealms[0]));
+            DPRINTF(("gc_from_kdc: using fallback realm of %s\n",
+                     hrealms[0]));
 #endif
-	    krb5_free_data_contents(context,&in_cred->server->realm);
-	    server->realm.data=hrealms[0];
-	    server->realm.length=strlen(hrealms[0]);
-	    free(hrealms);
-	}
-	else {
-	    /*
-	     * Problem case: Realm tagged for referral but apparently not
-	     * in a <type>/<host> format that
-	     * krb5_get_fallback_host_realm can deal with.
-	     */
-	    DPRINTF(("gc_from_kdc: referral specified "
-		     "but no fallback realm avaiable!\n"));
-	    retval = KRB5_ERR_HOST_REALM_UNKNOWN;
-	    goto cleanup;
-	}
+            krb5_free_data_contents(context,&in_cred->server->realm);
+            server->realm.data=hrealms[0];
+            server->realm.length=strlen(hrealms[0]);
+            free(hrealms);
+        }
+        else {
+            /*
+             * Problem case: Realm tagged for referral but apparently not
+             * in a <type>/<host> format that
+             * krb5_get_fallback_host_realm can deal with.
+             */
+            DPRINTF(("gc_from_kdc: referral specified "
+                     "but no fallback realm avaiable!\n"));
+            retval = KRB5_ERR_HOST_REALM_UNKNOWN;
+            goto cleanup;
+        }
     }
 
     DUMP_PRINC("gc_from_kdc server at fallback after fallback rewrite",
-	       server);
+               server);
 
     /*
      * Get a TGT for the target realm.
@@ -1233,37 +1234,37 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
     krb5_free_cred_contents(context, &tgtq);
     retval = tgt_mcred(context, client, server, client, &tgtq);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     /* Fast path: Is it in the ccache? */
     /* Free tgtptr data if reused from above. */
     if (tgtptr == &cc_tgt)
-	krb5_free_cred_contents(context, tgtptr);
+        krb5_free_cred_contents(context, tgtptr);
     tgtptr = NULL;
     /* Free saved TGT in OTGTPTR if it was off-path. */
     if (tgtptr_isoffpath)
-	krb5_free_creds(context, otgtptr);
+        krb5_free_creds(context, otgtptr);
     otgtptr = NULL;
     /* Free TGTS if previously filled by do_traversal() */
     if (*tgts != NULL) {
-	for (i = 0; (*tgts)[i] != NULL; i++) {
-	    krb5_free_creds(context, (*tgts)[i]);
-	}
-	free(*tgts);
-	*tgts = NULL;
+        for (i = 0; (*tgts)[i] != NULL; i++) {
+            krb5_free_creds(context, (*tgts)[i]);
+        }
+        free(*tgts);
+        *tgts = NULL;
     }
     context->use_conf_ktypes = 1;
     retval = krb5_cc_retrieve_cred(context, ccache, RETR_FLAGS,
-				   &tgtq, &cc_tgt);
+                                   &tgtq, &cc_tgt);
     if (!retval) {
-	tgtptr = &cc_tgt;
+        tgtptr = &cc_tgt;
     } else if (!HARD_CC_ERR(retval)) {
-	tgtptr_isoffpath = 0;
-	retval = do_traversal(context, ccache, client, server,
-			      &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath);
+        tgtptr_isoffpath = 0;
+        retval = do_traversal(context, ccache, client, server,
+                              &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath);
     }
     if (retval)
-	goto cleanup;
+        goto cleanup;
     otgtptr = tgtptr;
 
     /*
@@ -1271,44 +1272,44 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
      */
 
     if (!krb5_c_valid_enctype(tgtptr->keyblock.enctype)) {
-	retval = KRB5_PROG_ETYPE_NOSUPP;
-	goto cleanup;
+        retval = KRB5_PROG_ETYPE_NOSUPP;
+        goto cleanup;
     }
     context->use_conf_ktypes = old_use_conf_ktypes;
     retval = krb5_get_cred_via_tkt(context, tgtptr,
-				   FLAGS2OPTS(tgtptr->ticket_flags) |
-				   kdcopt,
-				   tgtptr->addresses, in_cred, out_cred);
+                                   FLAGS2OPTS(tgtptr->ticket_flags) |
+                                   kdcopt,
+                                   tgtptr->addresses, in_cred, out_cred);
 
 cleanup:
     krb5_free_cred_contents(context, &tgtq);
     if (tgtptr == &cc_tgt)
-	krb5_free_cred_contents(context, tgtptr);
+        krb5_free_cred_contents(context, tgtptr);
     if (tgtptr_isoffpath)
-	krb5_free_creds(context, otgtptr);
+        krb5_free_creds(context, otgtptr);
     context->use_conf_ktypes = old_use_conf_ktypes;
     /* Drop the original principal back into in_cred so that it's cached
        in the expected format. */
     DUMP_PRINC("gc_from_kdc: final hacked server principal at cleanup",
-	       server);
+               server);
     krb5_free_principal(context, server);
     in_cred->server = supplied_server;
     in_cred->authdata = supplied_authdata;
     if (*out_cred && !retval) {
         /* Success: free server, swap supplied server back in. */
         krb5_free_principal (context, (*out_cred)->server);
-	(*out_cred)->server = out_supplied_server;
-	assert((*out_cred)->authdata == NULL);
-	(*out_cred)->authdata = out_supplied_authdata;
+        (*out_cred)->server = out_supplied_server;
+        assert((*out_cred)->authdata == NULL);
+        (*out_cred)->authdata = out_supplied_authdata;
     }
     else {
-        /* 
-	 * Failure: free out_supplied_server.  Don't free out_cred here
-	 * since it's either null or a referral TGT that we free below,
-	 * and we may need it to return.
-	 */
+        /*
+         * Failure: free out_supplied_server.  Don't free out_cred here
+         * since it's either null or a referral TGT that we free below,
+         * and we may need it to return.
+         */
         krb5_free_principal(context, out_supplied_server);
-	krb5_free_authdata(context, out_supplied_authdata);
+        krb5_free_authdata(context, out_supplied_authdata);
     }
     DUMP_PRINC("gc_from_kdc: final server after reversion", in_cred->server);
     /*
@@ -1323,74 +1324,74 @@ cleanup:
     if (*tgts == NULL) {
         if (referral_tgts[0]) {
 #if 0
-  	    /*
-	     * This should possibly be a check on the candidate return
-	     * credential against the cache, in the circumstance where we
-	     * don't want to clutter the cache with near-duplicate
-	     * credentials on subsequent iterations.  For now, it is
-	     * disabled.
-	     */
-	    subretval=...?;
-	    if (subretval) {
+            /*
+             * This should possibly be a check on the candidate return
+             * credential against the cache, in the circumstance where we
+             * don't want to clutter the cache with near-duplicate
+             * credentials on subsequent iterations.  For now, it is
+             * disabled.
+             */
+            subretval=...?;
+            if (subretval) {
 #endif
-	        /* Allocate returnable TGT list. */
-	        *tgts = calloc(2, sizeof (krb5_creds *));
-		if (*tgts == NULL && retval == 0)
-		    retval = ENOMEM;
-		if (*tgts) {
-		    subretval = krb5_copy_creds(context, referral_tgts[0],
-						&((*tgts)[0]));
-		    if (subretval) {
-			if (retval == 0)
-			    retval = subretval;
-			free(*tgts);
-			*tgts = NULL;
-		    } else {
-			(*tgts)[1] = NULL;
-			DUMP_PRINC("gc_from_kdc: referral TGT for ccache",
-				   (*tgts)[0]->server);
-		    }
-		}
+                /* Allocate returnable TGT list. */
+                *tgts = calloc(2, sizeof (krb5_creds *));
+                if (*tgts == NULL && retval == 0)
+                    retval = ENOMEM;
+                if (*tgts) {
+                    subretval = krb5_copy_creds(context, referral_tgts[0],
+                                                &((*tgts)[0]));
+                    if (subretval) {
+                        if (retval == 0)
+                            retval = subretval;
+                        free(*tgts);
+                        *tgts = NULL;
+                    } else {
+                        (*tgts)[1] = NULL;
+                        DUMP_PRINC("gc_from_kdc: referral TGT for ccache",
+                                   (*tgts)[0]->server);
+                    }
+                }
 #if 0
-	    }
+            }
 #endif
-	}
+        }
     }
 
     /* Free referral TGTs list. */
     for (i=0;i<KRB5_REFERRAL_MAXHOPS;i++) {
         if(referral_tgts[i]) {
-	    krb5_free_creds(context, referral_tgts[i]);
-	}
+            krb5_free_creds(context, referral_tgts[i]);
+        }
     }
     DPRINTF(("gc_from_kdc finishing with %s\n",
-	     retval ? error_message(retval) : "no error"));
+             retval ? error_message(retval) : "no error"));
     return retval;
 }
 
 krb5_error_code
 krb5_get_cred_from_kdc(krb5_context context, krb5_ccache ccache,
-		       krb5_creds *in_cred, krb5_creds **out_cred,
-		       krb5_creds ***tgts)
+                       krb5_creds *in_cred, krb5_creds **out_cred,
+                       krb5_creds ***tgts)
 {
     return krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts,
-				      0);
+                                      0);
 }
 
 krb5_error_code
 krb5_get_cred_from_kdc_validate(krb5_context context, krb5_ccache ccache,
-				krb5_creds *in_cred, krb5_creds **out_cred,
-				krb5_creds ***tgts)
+                                krb5_creds *in_cred, krb5_creds **out_cred,
+                                krb5_creds ***tgts)
 {
     return krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts,
-				      KDC_OPT_VALIDATE);
+                                      KDC_OPT_VALIDATE);
 }
 
 krb5_error_code
 krb5_get_cred_from_kdc_renew(krb5_context context, krb5_ccache ccache,
-			     krb5_creds *in_cred, krb5_creds **out_cred,
-			     krb5_creds ***tgts)
+                             krb5_creds *in_cred, krb5_creds **out_cred,
+                             krb5_creds ***tgts)
 {
     return krb5_get_cred_from_kdc_opt(context, ccache, in_cred, out_cred, tgts,
-				      KDC_OPT_RENEW);
+                                      KDC_OPT_RENEW);
 }
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
index 273655ab5..bea435bc9 100644
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/gc_via_tgt.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Given a tkt, and a target cred, get it.
  * Assumes that the kdc_rep has been decrypted.
@@ -34,28 +35,28 @@
 static krb5_error_code
 krb5_kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep, krb5_address *const *address, krb5_data *psectkt, krb5_creds **ppcreds)
 {
-    krb5_error_code retval;  
+    krb5_error_code retval;
     krb5_data *pdata;
-  
+
     if ((*ppcreds = (krb5_creds *)calloc(1,sizeof(krb5_creds))) == NULL) {
         return ENOMEM;
     }
 
     if ((retval = krb5_copy_principal(context, pkdcrep->client,
-                                     &(*ppcreds)->client)))
+                                      &(*ppcreds)->client)))
         goto cleanup;
 
     if ((retval = krb5_copy_principal(context, pkdcrep->enc_part2->server,
-				      &(*ppcreds)->server)))
+                                      &(*ppcreds)->server)))
         goto cleanup;
 
-    if ((retval = krb5_copy_keyblock_contents(context, 
-					      pkdcrep->enc_part2->session,
-					      &(*ppcreds)->keyblock)))
+    if ((retval = krb5_copy_keyblock_contents(context,
+                                              pkdcrep->enc_part2->session,
+                                              &(*ppcreds)->keyblock)))
         goto cleanup;
 
     if ((retval = krb5_copy_data(context, psectkt, &pdata)))
-	goto cleanup_keyblock;
+        goto cleanup_keyblock;
     (*ppcreds)->second_ticket = *pdata;
     free(pdata);
 
@@ -63,22 +64,22 @@ krb5_kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep, krb5_address *con
     (*ppcreds)->times = pkdcrep->enc_part2->times;
     (*ppcreds)->magic = KV5M_CREDS;
 
-    (*ppcreds)->authdata = NULL;   			/* not used */
+    (*ppcreds)->authdata = NULL;                        /* not used */
     (*ppcreds)->is_skey = psectkt->length != 0;
 
     if (pkdcrep->enc_part2->caddrs) {
-	if ((retval = krb5_copy_addresses(context, pkdcrep->enc_part2->caddrs,
-					  &(*ppcreds)->addresses)))
-	    goto cleanup_keyblock;
+        if ((retval = krb5_copy_addresses(context, pkdcrep->enc_part2->caddrs,
+                                          &(*ppcreds)->addresses)))
+            goto cleanup_keyblock;
     } else {
-	/* no addresses in the list means we got what we had */
-	if ((retval = krb5_copy_addresses(context, address,
-					  &(*ppcreds)->addresses)))
-	    goto cleanup_keyblock;
+        /* no addresses in the list means we got what we had */
+        if ((retval = krb5_copy_addresses(context, address,
+                                          &(*ppcreds)->addresses)))
+            goto cleanup_keyblock;
     }
 
     if ((retval = encode_krb5_ticket(pkdcrep->ticket, &pdata)))
-	goto cleanup_keyblock;
+        goto cleanup_keyblock;
 
     (*ppcreds)->ticket = *pdata;
     free(pdata);
@@ -92,43 +93,43 @@ cleanup:
     *ppcreds = NULL;
     return retval;
 }
- 
+
 static krb5_error_code
 check_reply_server(krb5_context context, krb5_flags kdcoptions,
-		   krb5_creds *in_cred, krb5_kdc_rep *dec_rep)
+                   krb5_creds *in_cred, krb5_kdc_rep *dec_rep)
 {
 
     if (!krb5_principal_compare(context, dec_rep->ticket->server,
-				dec_rep->enc_part2->server))
-	return KRB5_KDCREP_MODIFIED;
+                                dec_rep->enc_part2->server))
+        return KRB5_KDCREP_MODIFIED;
 
     /* Reply is self-consistent. */
 
     if (krb5_principal_compare(context, dec_rep->ticket->server,
-			       in_cred->server))
-	return 0;
+                               in_cred->server))
+        return 0;
 
     /* Server in reply differs from what we requested. */
 
     if (kdcoptions & KDC_OPT_CANONICALIZE) {
-	/* in_cred server differs from ticket returned, but ticket
-	   returned is consistent and we requested canonicalization. */
+        /* in_cred server differs from ticket returned, but ticket
+           returned is consistent and we requested canonicalization. */
 #if 0
 #ifdef DEBUG_REFERRALS
-	printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n");
-	krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server);
-	krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server);
+        printf("gc_via_tkt: in_cred and encoding don't match but referrals requested\n");
+        krb5int_dbgref_dump_principal("gc_via_tkt: in_cred",in_cred->server);
+        krb5int_dbgref_dump_principal("gc_via_tkt: encoded server",dec_rep->enc_part2->server);
 #endif
 #endif
-	return 0;
+        return 0;
     }
 
     /* We didn't request canonicalization. */
 
     if (!IS_TGS_PRINC(context, in_cred->server) ||
-	!IS_TGS_PRINC(context, dec_rep->ticket->server)) {
-	/* Canonicalization not requested, and not a TGS referral. */
-	return KRB5_KDCREP_MODIFIED;
+        !IS_TGS_PRINC(context, dec_rep->ticket->server)) {
+        /* Canonicalization not requested, and not a TGS referral. */
+        return KRB5_KDCREP_MODIFIED;
     }
 #if 0
     /*
@@ -136,288 +137,288 @@ check_reply_server(krb5_context context, krb5_flags kdcoptions,
      * effectively checks this.
      */
     if (krb5_realm_compare(context, in_cred->client, in_cred->server) &&
-	data_eq(*in_cred->server->data[1], *in_cred->client->realm) {
-	/* Attempted to rewrite local TGS. */
-	return KRB5_KDCREP_MODIFIED;
-    }
+        data_eq(*in_cred->server->data[1], *in_cred->client->realm) {
+            /* Attempted to rewrite local TGS. */
+            return KRB5_KDCREP_MODIFIED;
+        }
 #endif
-    return 0;
-}
+        return 0;
+        }
 
 /* Return true if a TGS credential is for the client's local realm. */
-static inline int
-tgt_is_local_realm(krb5_creds *tgt)
-{
-    return (tgt->server->length == 2
-	    && data_eq_string(tgt->server->data[0], KRB5_TGS_NAME)
-	    && data_eq(tgt->server->data[1], tgt->client->realm)
-	    && data_eq(tgt->server->realm, tgt->client->realm));
-}
+    static inline int
+        tgt_is_local_realm(krb5_creds *tgt)
+    {
+        return (tgt->server->length == 2
+                && data_eq_string(tgt->server->data[0], KRB5_TGS_NAME)
+                && data_eq(tgt->server->data[1], tgt->client->realm)
+                && data_eq(tgt->server->realm, tgt->client->realm));
+    }
 
-krb5_error_code
-krb5_get_cred_via_tkt (krb5_context context, krb5_creds *tkt,
-		       krb5_flags kdcoptions, krb5_address *const *address,
-		       krb5_creds *in_cred, krb5_creds **out_cred)
-{
-    return krb5_get_cred_via_tkt_ext (context, tkt,
-				      kdcoptions, address,
-				      NULL, in_cred, NULL, NULL,
-				      NULL, NULL, out_cred, NULL);
-}
+    krb5_error_code
+        krb5_get_cred_via_tkt (krb5_context context, krb5_creds *tkt,
+                               krb5_flags kdcoptions, krb5_address *const *address,
+                               krb5_creds *in_cred, krb5_creds **out_cred)
+    {
+        return krb5_get_cred_via_tkt_ext (context, tkt,
+                                          kdcoptions, address,
+                                          NULL, in_cred, NULL, NULL,
+                                          NULL, NULL, out_cred, NULL);
+    }
 
-krb5_error_code
-krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
-			   krb5_flags kdcoptions, krb5_address *const *address,
-			   krb5_pa_data **in_padata,
-			   krb5_creds *in_cred,
-			   krb5_error_code (*pacb_fct)(krb5_context,
-						       krb5_keyblock *,
-						       krb5_kdc_req *,
-						       void *),
-			   void *pacb_data,
-			   krb5_pa_data ***out_padata,
-			   krb5_pa_data ***out_enc_padata,
-			   krb5_creds **out_cred,
-			   krb5_keyblock **out_subkey)
-{
-    krb5_error_code retval;
-    krb5_kdc_rep *dec_rep;
-    krb5_error *err_reply;
-    krb5_response tgsrep;
-    krb5_enctype *enctypes = 0;
-    krb5_keyblock *subkey = NULL;
-    krb5_boolean s4u2self = FALSE, second_tkt;
+    krb5_error_code
+        krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
+                                   krb5_flags kdcoptions, krb5_address *const *address,
+                                   krb5_pa_data **in_padata,
+                                   krb5_creds *in_cred,
+                                   krb5_error_code (*pacb_fct)(krb5_context,
+                                                               krb5_keyblock *,
+                                                               krb5_kdc_req *,
+                                                               void *),
+                                   void *pacb_data,
+                                   krb5_pa_data ***out_padata,
+                                   krb5_pa_data ***out_enc_padata,
+                                   krb5_creds **out_cred,
+                                   krb5_keyblock **out_subkey)
+    {
+        krb5_error_code retval;
+        krb5_kdc_rep *dec_rep;
+        krb5_error *err_reply;
+        krb5_response tgsrep;
+        krb5_enctype *enctypes = 0;
+        krb5_keyblock *subkey = NULL;
+        krb5_boolean s4u2self = FALSE, second_tkt;
 
 #ifdef DEBUG_REFERRALS
-    printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off");
-    krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
-    krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
+        printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off");
+        krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
+        krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
 #endif
 
-    /* tkt->client must be equal to in_cred->client */
-    if (!krb5_principal_compare(context, tkt->client, in_cred->client))
-	return KRB5_PRINC_NOMATCH;
+        /* tkt->client must be equal to in_cred->client */
+        if (!krb5_principal_compare(context, tkt->client, in_cred->client))
+            return KRB5_PRINC_NOMATCH;
 
-    if (!tkt->ticket.length)
-	return KRB5_NO_TKT_SUPPLIED;
+        if (!tkt->ticket.length)
+            return KRB5_NO_TKT_SUPPLIED;
 
-    second_tkt = ((kdcoptions & (KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) != 0);
+        second_tkt = ((kdcoptions & (KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) != 0);
 
-    if (second_tkt && !in_cred->second_ticket.length)
-        return(KRB5_NO_2ND_TKT);
+        if (second_tkt && !in_cred->second_ticket.length)
+            return(KRB5_NO_2ND_TKT);
 
-    s4u2self = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_S4U_X509_USER) ||
-	       krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FOR_USER);
+        s4u2self = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_S4U_X509_USER) ||
+            krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FOR_USER);
 
-    /* check if we have the right TGT                    */
-    /* tkt->server must be equal to                      */
-    /* krbtgt/realmof(cred->server)@realmof(tgt->server) */
+        /* check if we have the right TGT                    */
+        /* tkt->server must be equal to                      */
+        /* krbtgt/realmof(cred->server)@realmof(tgt->server) */
 /*
-    {
-    krb5_principal tempprinc;
-        if (retval = krb5_tgtname(context, 
-		     krb5_princ_realm(context, in_cred->server),
-		     krb5_princ_realm(context, tkt->server), &tempprinc))
-    	    return(retval);
-
-        if (!krb5_principal_compare(context, tempprinc, tkt->server)) {
-            krb5_free_principal(context, tempprinc);
-	    return (KRB5_PRINC_NOMATCH);
-        }
-    krb5_free_principal(context, tempprinc);
-    }
+  {
+  krb5_principal tempprinc;
+  if (retval = krb5_tgtname(context,
+  krb5_princ_realm(context, in_cred->server),
+  krb5_princ_realm(context, tkt->server), &tempprinc))
+  return(retval);
+
+  if (!krb5_principal_compare(context, tempprinc, tkt->server)) {
+  krb5_free_principal(context, tempprinc);
+  return (KRB5_PRINC_NOMATCH);
+  }
+  krb5_free_principal(context, tempprinc);
+  }
 */
 
-    if (in_cred->keyblock.enctype) {
-	enctypes = (krb5_enctype *) malloc(sizeof(krb5_enctype)*2);
-	if (!enctypes)
-	    return ENOMEM;
-	enctypes[0] = in_cred->keyblock.enctype;
-	enctypes[1] = 0;
-    }
+        if (in_cred->keyblock.enctype) {
+            enctypes = (krb5_enctype *) malloc(sizeof(krb5_enctype)*2);
+            if (!enctypes)
+                return ENOMEM;
+            enctypes[0] = in_cred->keyblock.enctype;
+            enctypes[1] = 0;
+        }
 
-    retval = krb5int_send_tgs(context, kdcoptions, &in_cred->times, enctypes, 
-			   in_cred->server, address, in_cred->authdata,
-			   in_padata,
-			   second_tkt ? &in_cred->second_ticket : NULL,
-			   tkt, pacb_fct, pacb_data, &tgsrep, &subkey);
-    if (enctypes)
-	free(enctypes);
-    if (retval) {
+        retval = krb5int_send_tgs(context, kdcoptions, &in_cred->times, enctypes,
+                                  in_cred->server, address, in_cred->authdata,
+                                  in_padata,
+                                  second_tkt ? &in_cred->second_ticket : NULL,
+                                  tkt, pacb_fct, pacb_data, &tgsrep, &subkey);
+        if (enctypes)
+            free(enctypes);
+        if (retval) {
 #ifdef DEBUG_REFERRALS
-        printf("krb5_get_cred_via_tkt ending early after send_tgs with: %s\n",
-	       error_message(retval));
+            printf("krb5_get_cred_via_tkt ending early after send_tgs with: %s\n",
+                   error_message(retval));
 #endif
-	return retval;
-    }
+            return retval;
+        }
 
-    switch (tgsrep.message_type) {
-    case KRB5_TGS_REP:
-	break;
-    case KRB5_ERROR:
-    default:
-	if (krb5_is_krb_error(&tgsrep.response))
-	    retval = decode_krb5_error(&tgsrep.response, &err_reply);
-	else
-	    retval = KRB5KRB_AP_ERR_MSG_TYPE;
-
-	if (retval)			/* neither proper reply nor error! */
-	    goto error_4;
-
-	retval = (krb5_error_code) err_reply->error + ERROR_TABLE_BASE_krb5;
-	if (err_reply->text.length > 0) {
+        switch (tgsrep.message_type) {
+        case KRB5_TGS_REP:
+            break;
+        case KRB5_ERROR:
+        default:
+            if (krb5_is_krb_error(&tgsrep.response))
+                retval = decode_krb5_error(&tgsrep.response, &err_reply);
+            else
+                retval = KRB5KRB_AP_ERR_MSG_TYPE;
+
+            if (retval)                     /* neither proper reply nor error! */
+                goto error_4;
+
+            retval = (krb5_error_code) err_reply->error + ERROR_TABLE_BASE_krb5;
+            if (err_reply->text.length > 0) {
 #if 0
-	    const char *m;
+                const char *m;
 #endif
-	    switch (err_reply->error) {
-	    case KRB_ERR_GENERIC:
-		krb5_set_error_message(context, retval,
-				       "KDC returned error string: %.*s",
-				       err_reply->text.length,
-				       err_reply->text.data);
-		break;
-	    case KDC_ERR_S_PRINCIPAL_UNKNOWN:
-	        {
-		    char *s_name;
-		    if (krb5_unparse_name(context, in_cred->server, &s_name) == 0) {
-			krb5_set_error_message(context, retval,
-					       "Server %s not found in Kerberos database",
-					       s_name);
-			krb5_free_unparsed_name(context, s_name);
-		    } else
-			/* In case there's a stale S_PRINCIPAL_UNKNOWN
-			   report already noted.  */
-			krb5_clear_error_message(context);
-		}
-		break;
-	    default:
+                switch (err_reply->error) {
+                case KRB_ERR_GENERIC:
+                    krb5_set_error_message(context, retval,
+                                           "KDC returned error string: %.*s",
+                                           err_reply->text.length,
+                                           err_reply->text.data);
+                    break;
+                case KDC_ERR_S_PRINCIPAL_UNKNOWN:
+                {
+                    char *s_name;
+                    if (krb5_unparse_name(context, in_cred->server, &s_name) == 0) {
+                        krb5_set_error_message(context, retval,
+                                               "Server %s not found in Kerberos database",
+                                               s_name);
+                        krb5_free_unparsed_name(context, s_name);
+                    } else
+                        /* In case there's a stale S_PRINCIPAL_UNKNOWN
+                           report already noted.  */
+                        krb5_clear_error_message(context);
+                }
+                break;
+                default:
 #if 0 /* We should stop the KDC from sending back this text, because
-	 if the local language doesn't match the KDC's language, we'd
-	 just wind up printing out the error message in two languages.
-	 Well, when we get some localization.  Which is already
-	 happening in KfM.  */
-		m = error_message(retval);
-		/* Special case: MIT KDC may return this same string
-		   in the e-text field.  */
-		if (strlen (m) == err_reply->text.length-1
-		    && !strcmp(m, err_reply->text.data))
-		    break;
-		krb5_set_error_message(context, retval,
-				       "%s (KDC supplied additional data: %s)",
-				       m, err_reply->text.data);
+         if the local language doesn't match the KDC's language, we'd
+         just wind up printing out the error message in two languages.
+         Well, when we get some localization.  Which is already
+         happening in KfM.  */
+                    m = error_message(retval);
+                    /* Special case: MIT KDC may return this same string
+                       in the e-text field.  */
+                    if (strlen (m) == err_reply->text.length-1
+                        && !strcmp(m, err_reply->text.data))
+                        break;
+                    krb5_set_error_message(context, retval,
+                                           "%s (KDC supplied additional data: %s)",
+                                           m, err_reply->text.data);
 #endif
-		break;
-	    }
-	}
+                    break;
+                }
+            }
 
-	krb5_free_error(context, err_reply);
-	goto error_4;
-    }
+            krb5_free_error(context, err_reply);
+            goto error_4;
+        }
 
-    /* Unfortunately, Heimdal at least up through 1.2  encrypts using
-       the session key not the subsession key.  So we try both. */
-    if ((retval = krb5int_decode_tgs_rep(context, &tgsrep.response,
-				      subkey,
-					 KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY, &dec_rep))) {
-	    if ((krb5int_decode_tgs_rep(context, &tgsrep.response,
-				      &tkt->keyblock,
-					KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY, &dec_rep)) == 0)
-		retval = 0;
-	    else goto error_4;
-    }
+        /* Unfortunately, Heimdal at least up through 1.2  encrypts using
+           the session key not the subsession key.  So we try both. */
+        if ((retval = krb5int_decode_tgs_rep(context, &tgsrep.response,
+                                             subkey,
+                                             KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY, &dec_rep))) {
+            if ((krb5int_decode_tgs_rep(context, &tgsrep.response,
+                                        &tkt->keyblock,
+                                        KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY, &dec_rep)) == 0)
+                retval = 0;
+            else goto error_4;
+        }
 
-    if (dec_rep->msg_type != KRB5_TGS_REP) {
-	retval = KRB5KRB_AP_ERR_MSG_TYPE;
-	goto error_3;
-    }
-   
-    /*
-     * Don't trust the ok-as-delegate flag from foreign KDCs unless the
-     * cross-realm TGT also had the ok-as-delegate flag set.
-     */
-    if (!tgt_is_local_realm(tkt)
-	&& !(tkt->ticket_flags & TKT_FLG_OK_AS_DELEGATE))
-	dec_rep->enc_part2->flags &= ~TKT_FLG_OK_AS_DELEGATE;
-
-    /* make sure the response hasn't been tampered with..... */
-    retval = 0;
-
-    if (s4u2self && !IS_TGS_PRINC(context, dec_rep->ticket->server)) {
-	/* Final hop, check whether KDC supports S4U2Self */
-	if (krb5_principal_compare(context, dec_rep->client, in_cred->server))
-	    retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
-    } else if ((kdcoptions & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) {
-	/* XXX for constrained delegation this check must be performed by caller
-	 * as we don't have access to the key to decrypt the evidence ticket.
-	 */
-	if (!krb5_principal_compare(context, dec_rep->client, tkt->client))
-	    retval = KRB5_KDCREP_MODIFIED;
-    }
+        if (dec_rep->msg_type != KRB5_TGS_REP) {
+            retval = KRB5KRB_AP_ERR_MSG_TYPE;
+            goto error_3;
+        }
 
-    if (retval == 0)
-	retval = check_reply_server(context, kdcoptions, in_cred, dec_rep);
+        /*
+         * Don't trust the ok-as-delegate flag from foreign KDCs unless the
+         * cross-realm TGT also had the ok-as-delegate flag set.
+         */
+        if (!tgt_is_local_realm(tkt)
+            && !(tkt->ticket_flags & TKT_FLG_OK_AS_DELEGATE))
+            dec_rep->enc_part2->flags &= ~TKT_FLG_OK_AS_DELEGATE;
+
+        /* make sure the response hasn't been tampered with..... */
+        retval = 0;
+
+        if (s4u2self && !IS_TGS_PRINC(context, dec_rep->ticket->server)) {
+            /* Final hop, check whether KDC supports S4U2Self */
+            if (krb5_principal_compare(context, dec_rep->client, in_cred->server))
+                retval = KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+        } else if ((kdcoptions & KDC_OPT_CNAME_IN_ADDL_TKT) == 0) {
+            /* XXX for constrained delegation this check must be performed by caller
+             * as we don't have access to the key to decrypt the evidence ticket.
+             */
+            if (!krb5_principal_compare(context, dec_rep->client, tkt->client))
+                retval = KRB5_KDCREP_MODIFIED;
+        }
 
-    if (dec_rep->enc_part2->nonce != tgsrep.expected_nonce)
-	retval = KRB5_KDCREP_MODIFIED;
+        if (retval == 0)
+            retval = check_reply_server(context, kdcoptions, in_cred, dec_rep);
 
-    if ((kdcoptions & KDC_OPT_POSTDATED) &&
-	(in_cred->times.starttime != 0) &&
-    	(in_cred->times.starttime != dec_rep->enc_part2->times.starttime))
-	retval = KRB5_KDCREP_MODIFIED;
+        if (dec_rep->enc_part2->nonce != tgsrep.expected_nonce)
+            retval = KRB5_KDCREP_MODIFIED;
 
-    if ((in_cred->times.endtime != 0) &&
-	(dec_rep->enc_part2->times.endtime > in_cred->times.endtime))
-	retval = KRB5_KDCREP_MODIFIED;
+        if ((kdcoptions & KDC_OPT_POSTDATED) &&
+            (in_cred->times.starttime != 0) &&
+            (in_cred->times.starttime != dec_rep->enc_part2->times.starttime))
+            retval = KRB5_KDCREP_MODIFIED;
 
-    if ((kdcoptions & KDC_OPT_RENEWABLE) &&
-	(in_cred->times.renew_till != 0) &&
-	(dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till))
-	retval = KRB5_KDCREP_MODIFIED;
+        if ((in_cred->times.endtime != 0) &&
+            (dec_rep->enc_part2->times.endtime > in_cred->times.endtime))
+            retval = KRB5_KDCREP_MODIFIED;
 
-    if ((kdcoptions & KDC_OPT_RENEWABLE_OK) &&
-	(dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
-	(in_cred->times.endtime != 0) &&
-	(dec_rep->enc_part2->times.renew_till > in_cred->times.endtime))
- 	retval = KRB5_KDCREP_MODIFIED;
+        if ((kdcoptions & KDC_OPT_RENEWABLE) &&
+            (in_cred->times.renew_till != 0) &&
+            (dec_rep->enc_part2->times.renew_till > in_cred->times.renew_till))
+            retval = KRB5_KDCREP_MODIFIED;
 
-    if (retval != 0)
-    	goto error_3;
+        if ((kdcoptions & KDC_OPT_RENEWABLE_OK) &&
+            (dec_rep->enc_part2->flags & KDC_OPT_RENEWABLE) &&
+            (in_cred->times.endtime != 0) &&
+            (dec_rep->enc_part2->times.renew_till > in_cred->times.endtime))
+            retval = KRB5_KDCREP_MODIFIED;
 
-    if (!in_cred->times.starttime &&
-	!in_clock_skew(dec_rep->enc_part2->times.starttime,
-		       tgsrep.request_time)) {
-	retval = KRB5_KDCREP_SKEW;
-	goto error_3;
-    }
+        if (retval != 0)
+            goto error_3;
 
-    if (out_padata != NULL) {
-	*out_padata = dec_rep->padata;
-	dec_rep->padata = NULL;
-    }
-    if (out_enc_padata != NULL) {
-	*out_enc_padata = dec_rep->enc_part2->enc_padata;
-	dec_rep->enc_part2->enc_padata = NULL;
-    }
-    
-    retval = krb5_kdcrep2creds(context, dec_rep, address, 
-			       &in_cred->second_ticket,  out_cred);
-
-error_3:;
-    if (subkey != NULL) {
-      if (retval == 0 && out_subkey != NULL)
-	  *out_subkey = subkey;
-      else
-	  krb5_free_keyblock(context, subkey);
-    }
-    
-    memset(dec_rep->enc_part2->session->contents, 0,
-	   dec_rep->enc_part2->session->length);
-    krb5_free_kdc_rep(context, dec_rep);
+        if (!in_cred->times.starttime &&
+            !in_clock_skew(dec_rep->enc_part2->times.starttime,
+                           tgsrep.request_time)) {
+            retval = KRB5_KDCREP_SKEW;
+            goto error_3;
+        }
+
+        if (out_padata != NULL) {
+            *out_padata = dec_rep->padata;
+            dec_rep->padata = NULL;
+        }
+        if (out_enc_padata != NULL) {
+            *out_enc_padata = dec_rep->enc_part2->enc_padata;
+            dec_rep->enc_part2->enc_padata = NULL;
+        }
+
+        retval = krb5_kdcrep2creds(context, dec_rep, address,
+                                   &in_cred->second_ticket,  out_cred);
 
-error_4:;
-    free(tgsrep.response.data);
+    error_3:;
+        if (subkey != NULL) {
+            if (retval == 0 && out_subkey != NULL)
+                *out_subkey = subkey;
+            else
+                krb5_free_keyblock(context, subkey);
+        }
+
+        memset(dec_rep->enc_part2->session->contents, 0,
+               dec_rep->enc_part2->session->length);
+        krb5_free_kdc_rep(context, dec_rep);
+
+    error_4:;
+        free(tgsrep.response.data);
 #ifdef DEBUG_REFERRALS
-    printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error");
+        printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error");
 #endif
-    return retval;
-}
+        return retval;
+    }
diff --git a/src/lib/krb5/krb/gen_seqnum.c b/src/lib/krb5/krb/gen_seqnum.c
index 06564ee4a..8703457be 100644
--- a/src/lib/krb5/krb/gen_seqnum.c
+++ b/src/lib/krb5/krb/gen_seqnum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/gen_seqnum.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Routine to automatically generate a starting sequence number.
  * We do this by getting a random key and encrypting something with it,
@@ -53,13 +54,13 @@ krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui
 
     seed = key2data(*key);
     if ((retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed)))
-	return(retval);
+        return(retval);
 
     seed.length = sizeof(*seqno);
     seed.data = (char *) seqno;
     retval = krb5_c_random_make_octets(context, &seed);
     if (retval)
-	return retval;
+        return retval;
     /*
      * Work around implementation incompatibilities by not generating
      * initial sequence numbers greater than 2^30.  Previous MIT
@@ -71,6 +72,6 @@ krb5_generate_seq_number(krb5_context context, const krb5_keyblock *key, krb5_ui
      */
     *seqno &= 0x3fffffff;
     if (*seqno == 0)
-	*seqno = 1;
+        *seqno = 1;
     return 0;
 }
diff --git a/src/lib/krb5/krb/gen_subkey.c b/src/lib/krb5/krb/gen_subkey.c
index 501428b1d..7739f04ef 100644
--- a/src/lib/krb5/krb/gen_subkey.c
+++ b/src/lib/krb5/krb/gen_subkey.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/gen_subkey.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Routine to automatically generate a subsession key based on an input key.
  */
@@ -41,9 +42,9 @@ key2data (krb5_keyblock k)
 
 krb5_error_code
 krb5_generate_subkey_extended(krb5_context context,
-			      const krb5_keyblock *key,
-			      krb5_enctype enctype,
-			      krb5_keyblock **subkey)
+                              const krb5_keyblock *key,
+                              krb5_enctype enctype,
+                              krb5_keyblock **subkey)
 {
     krb5_error_code retval;
     krb5_data seed;
@@ -53,18 +54,18 @@ krb5_generate_subkey_extended(krb5_context context,
 
     seed = key2data(*key);
     retval = krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TRUSTEDPARTY,
-				       &seed);
+                                       &seed);
     if (retval)
-	return retval;
+        return retval;
 
     keyblock = malloc(sizeof(krb5_keyblock));
     if (!keyblock)
-	return ENOMEM;
+        return ENOMEM;
 
     retval = krb5_c_make_random_key(context, enctype, keyblock);
     if (retval) {
-	free(*subkey);
-	return retval;
+        free(*subkey);
+        return retval;
     }
 
     *subkey = keyblock;
diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c
index 88148d772..491f86452 100644
--- a/src/lib/krb5/krb/get_creds.c
+++ b/src/lib/krb5/krb/get_creds.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/get_creds.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_get_credentials()
  */
@@ -30,18 +31,18 @@
 
 
 /*
- Attempts to use the credentials cache or TGS exchange to get an additional
- ticket for the
- client identified by in_creds->client, the server identified by
- in_creds->server, with options options, expiration date specified in
- in_creds->times.endtime (0 means as long as possible), session key type
- specified in in_creds->keyblock.enctype (if non-zero)
+  Attempts to use the credentials cache or TGS exchange to get an additional
+  ticket for the
+  client identified by in_creds->client, the server identified by
+  in_creds->server, with options options, expiration date specified in
+  in_creds->times.endtime (0 means as long as possible), session key type
+  specified in in_creds->keyblock.enctype (if non-zero)
 
- Any returned ticket and intermediate ticket-granting tickets are
- stored in ccache.
+  Any returned ticket and intermediate ticket-granting tickets are
+  stored in ccache.
 
- returns errors from encryption routines, system errors
- */
+  returns errors from encryption routines, system errors
+*/
 
 #include "k5-int.h"
 #include "int-proto.h"
@@ -54,8 +55,8 @@
  */
 krb5_error_code
 krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
-				 krb5_creds *in_creds, krb5_creds *mcreds,
-				 krb5_flags *fields)
+                                 krb5_creds *in_creds, krb5_creds *mcreds,
+                                 krb5_flags *fields)
 {
     if (!in_creds || !in_creds->server || !in_creds->client)
         return EINVAL;
@@ -63,47 +64,47 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
     memset(mcreds, 0, sizeof(krb5_creds));
     mcreds->magic = KV5M_CREDS;
     if (in_creds->times.endtime != 0) {
-	mcreds->times.endtime = in_creds->times.endtime;
+        mcreds->times.endtime = in_creds->times.endtime;
     } else {
-	krb5_error_code retval;
-	retval = krb5_timeofday(context, &mcreds->times.endtime);
-	if (retval != 0) return retval;
+        krb5_error_code retval;
+        retval = krb5_timeofday(context, &mcreds->times.endtime);
+        if (retval != 0) return retval;
     }
     mcreds->keyblock = in_creds->keyblock;
     mcreds->authdata = in_creds->authdata;
     mcreds->server = in_creds->server;
     mcreds->client = in_creds->client;
-    
+
     *fields = KRB5_TC_MATCH_TIMES /*XXX |KRB5_TC_MATCH_SKEY_TYPE */
-	| KRB5_TC_MATCH_AUTHDATA
-	| KRB5_TC_SUPPORTED_KTYPES;
+        | KRB5_TC_MATCH_AUTHDATA
+        | KRB5_TC_SUPPORTED_KTYPES;
     if (mcreds->keyblock.enctype) {
-	krb5_enctype *ktypes;
-	krb5_error_code ret;
-	int i;
-
-	*fields |= KRB5_TC_MATCH_KTYPE;
-	ret = krb5_get_tgs_ktypes(context, mcreds->server, &ktypes);
-	for (i = 0; ktypes[i]; i++)
-	    if (ktypes[i] == mcreds->keyblock.enctype)
-		break;
-	if (ktypes[i] == 0)
-	    ret = KRB5_CC_NOT_KTYPE;
-	free (ktypes);
-	if (ret)
-	    return ret;
+        krb5_enctype *ktypes;
+        krb5_error_code ret;
+        int i;
+
+        *fields |= KRB5_TC_MATCH_KTYPE;
+        ret = krb5_get_tgs_ktypes(context, mcreds->server, &ktypes);
+        for (i = 0; ktypes[i]; i++)
+            if (ktypes[i] == mcreds->keyblock.enctype)
+                break;
+        if (ktypes[i] == 0)
+            ret = KRB5_CC_NOT_KTYPE;
+        free (ktypes);
+        if (ret)
+            return ret;
     }
     if (options & (KRB5_GC_USER_USER | KRB5_GC_CONSTRAINED_DELEGATION)) {
-	/* also match on identical 2nd tkt and tkt encrypted in a
-	   session key */
-	*fields |= KRB5_TC_MATCH_2ND_TKT;
-	if (options & KRB5_GC_USER_USER) {
-	    *fields |= KRB5_TC_MATCH_IS_SKEY;
-	    mcreds->is_skey = TRUE;
-	}
-	mcreds->second_ticket = in_creds->second_ticket;
-	if (!in_creds->second_ticket.length)
-	    return KRB5_NO_2ND_TKT;
+        /* also match on identical 2nd tkt and tkt encrypted in a
+           session key */
+        *fields |= KRB5_TC_MATCH_2ND_TKT;
+        if (options & KRB5_GC_USER_USER) {
+            *fields |= KRB5_TC_MATCH_IS_SKEY;
+            mcreds->is_skey = TRUE;
+        }
+        mcreds->second_ticket = in_creds->second_ticket;
+        if (!in_creds->second_ticket.length)
+            return KRB5_NO_2ND_TKT;
     }
 
     return 0;
@@ -111,8 +112,8 @@ krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_credentials(krb5_context context, krb5_flags options,
-		     krb5_ccache ccache, krb5_creds *in_creds,
-		     krb5_creds **out_creds)
+                     krb5_ccache ccache, krb5_creds *in_creds,
+                     krb5_creds **out_creds)
 {
     krb5_error_code retval;
     krb5_creds mcreds, *ncreds, **tgts, **tgts_iter;
@@ -128,53 +129,53 @@ krb5_get_credentials(krb5_context context, krb5_flags options,
      * second_ticket, which we can't do.
      */
     if ((options & KRB5_GC_CONSTRAINED_DELEGATION) == 0) {
-	retval = krb5int_construct_matching_creds(context, options, in_creds,
-						  &mcreds, &fields);
-
-	if (retval)
-	    return retval;
-
-	ncreds = malloc(sizeof(krb5_creds));
-	if (!ncreds)
-	    return ENOMEM;
-
-	memset(ncreds, 0, sizeof(krb5_creds));
-	ncreds->magic = KV5M_CREDS;
-
-	retval = krb5_cc_retrieve_cred(context, ccache, fields, &mcreds,
-				       ncreds);
-	if (retval == 0) {
-	    *out_creds = ncreds;
-	    return 0;
-	}
-	free(ncreds);
-	ncreds = NULL;
-	if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE)
-	    || options & KRB5_GC_CACHED)
-	    return retval;
-	not_ktype = (retval == KRB5_CC_NOT_KTYPE);
+        retval = krb5int_construct_matching_creds(context, options, in_creds,
+                                                  &mcreds, &fields);
+
+        if (retval)
+            return retval;
+
+        ncreds = malloc(sizeof(krb5_creds));
+        if (!ncreds)
+            return ENOMEM;
+
+        memset(ncreds, 0, sizeof(krb5_creds));
+        ncreds->magic = KV5M_CREDS;
+
+        retval = krb5_cc_retrieve_cred(context, ccache, fields, &mcreds,
+                                       ncreds);
+        if (retval == 0) {
+            *out_creds = ncreds;
+            return 0;
+        }
+        free(ncreds);
+        ncreds = NULL;
+        if ((retval != KRB5_CC_NOTFOUND && retval != KRB5_CC_NOT_KTYPE)
+            || options & KRB5_GC_CACHED)
+            return retval;
+        not_ktype = (retval == KRB5_CC_NOT_KTYPE);
     } else if (options & KRB5_GC_CACHED)
-	return KRB5_CC_NOTFOUND;
+        return KRB5_CC_NOTFOUND;
 
     if (options & KRB5_GC_CANONICALIZE)
-	kdcopt |= KDC_OPT_CANONICALIZE;
+        kdcopt |= KDC_OPT_CANONICALIZE;
     if (options & KRB5_GC_FORWARDABLE)
-	kdcopt |= KDC_OPT_FORWARDABLE;
+        kdcopt |= KDC_OPT_FORWARDABLE;
     if (options & KRB5_GC_NO_TRANSIT_CHECK)
-	kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK;
+        kdcopt |= KDC_OPT_DISABLE_TRANSITED_CHECK;
     if (options & KRB5_GC_CONSTRAINED_DELEGATION) {
-	if (options & KRB5_GC_USER_USER)
-	    return EINVAL;
-	kdcopt |= KDC_OPT_FORWARDABLE | KDC_OPT_CNAME_IN_ADDL_TKT;
+        if (options & KRB5_GC_USER_USER)
+            return EINVAL;
+        kdcopt |= KDC_OPT_FORWARDABLE | KDC_OPT_CNAME_IN_ADDL_TKT;
     }
 
     retval = krb5_get_cred_from_kdc_opt(context, ccache, in_creds,
-					&ncreds, &tgts, kdcopt);
+                                        &ncreds, &tgts, kdcopt);
     if (tgts) {
-	/* Attempt to cache intermediate ticket-granting tickets. */
-	for (tgts_iter = tgts; *tgts_iter; tgts_iter++)
-	    (void) krb5_cc_store_cred(context, ccache, *tgts_iter);
-	krb5_free_tgt_creds(context, tgts);
+        /* Attempt to cache intermediate ticket-granting tickets. */
+        for (tgts_iter = tgts; *tgts_iter; tgts_iter++)
+            (void) krb5_cc_store_cred(context, ccache, *tgts_iter);
+        krb5_free_tgt_creds(context, tgts);
     }
 
     /*
@@ -189,21 +190,21 @@ krb5_get_credentials(krb5_context context, krb5_flags options,
      * enctype rather than the missing TGT.
      */
     if ((retval == KRB5_CC_NOTFOUND || retval == KRB5_CC_NOT_KTYPE)
-	&& not_ktype)
-	return KRB5_CC_NOT_KTYPE;
+        && not_ktype)
+        return KRB5_CC_NOT_KTYPE;
     else if (retval)
-	return retval;
+        return retval;
 
     if ((options & KRB5_GC_CONSTRAINED_DELEGATION)
-	&& (ncreds->ticket_flags & TKT_FLG_FORWARDABLE) == 0) {
-	/* This ticket won't work for constrained delegation. */
-	krb5_free_creds(context, ncreds);
-	return KRB5_TKT_NOT_FORWARDABLE;
+        && (ncreds->ticket_flags & TKT_FLG_FORWARDABLE) == 0) {
+        /* This ticket won't work for constrained delegation. */
+        krb5_free_creds(context, ncreds);
+        return KRB5_TKT_NOT_FORWARDABLE;
     }
 
     /* Attempt to cache the returned ticket. */
     if (!(options & KRB5_GC_NO_STORE))
-	(void) krb5_cc_store_cred(context, ccache, ncreds);
+        (void) krb5_cc_store_cred(context, ccache, ncreds);
 
     *out_creds = ncreds;
     return 0;
@@ -212,10 +213,10 @@ krb5_get_credentials(krb5_context context, krb5_flags options,
 #define INT_GC_VALIDATE 1
 #define INT_GC_RENEW 2
 
-static krb5_error_code 
+static krb5_error_code
 krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options,
-				    krb5_ccache ccache, krb5_creds *in_creds,
-				    krb5_creds **out_creds, int which)
+                                    krb5_ccache ccache, krb5_creds *in_creds,
+                                    krb5_creds **out_creds, int which)
 {
     krb5_error_code retval;
     krb5_principal tmp;
@@ -223,17 +224,17 @@ krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options,
 
     switch(which) {
     case INT_GC_VALIDATE:
-	    retval = krb5_get_cred_from_kdc_validate(context, ccache, 
-					     in_creds, out_creds, &tgts);
-	    break;
+        retval = krb5_get_cred_from_kdc_validate(context, ccache,
+                                                 in_creds, out_creds, &tgts);
+        break;
     case INT_GC_RENEW:
-	    retval = krb5_get_cred_from_kdc_renew(context, ccache, 
-					     in_creds, out_creds, &tgts);
-	    break;
+        retval = krb5_get_cred_from_kdc_renew(context, ccache,
+                                              in_creds, out_creds, &tgts);
+        break;
     default:
-	    /* Should never happen */
-	    retval = 255;
-	    break;
+        /* Should never happen */
+        retval = 255;
+        break;
     }
     /*
      * Callers to krb5_get_cred_blah... must free up tgts even in
@@ -244,39 +245,39 @@ krb5_get_credentials_val_renew_core(krb5_context context, krb5_flags options,
 
     retval = krb5_cc_get_principal(context, ccache, &tmp);
     if (retval) return retval;
-    
+
     retval = krb5_cc_initialize(context, ccache, tmp);
     if (retval) return retval;
-    
+
     retval = krb5_cc_store_cred(context, ccache, *out_creds);
     return retval;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_credentials_validate(krb5_context context, krb5_flags options,
-			      krb5_ccache ccache, krb5_creds *in_creds,
-			      krb5_creds **out_creds)
+                              krb5_ccache ccache, krb5_creds *in_creds,
+                              krb5_creds **out_creds)
 {
-    return(krb5_get_credentials_val_renew_core(context, options, ccache, 
-					       in_creds, out_creds, 
-					       INT_GC_VALIDATE));
+    return(krb5_get_credentials_val_renew_core(context, options, ccache,
+                                               in_creds, out_creds,
+                                               INT_GC_VALIDATE));
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_credentials_renew(krb5_context context, krb5_flags options,
-			   krb5_ccache ccache, krb5_creds *in_creds,
-			   krb5_creds **out_creds)
+                           krb5_ccache ccache, krb5_creds *in_creds,
+                           krb5_creds **out_creds)
 {
 
-    return(krb5_get_credentials_val_renew_core(context, options, ccache, 
-					       in_creds, out_creds, 
-					       INT_GC_RENEW));
+    return(krb5_get_credentials_val_renew_core(context, options, ccache,
+                                               in_creds, out_creds,
+                                               INT_GC_RENEW));
 }
 
 static krb5_error_code
 krb5_validate_or_renew_creds(krb5_context context, krb5_creds *creds,
-			     krb5_principal client, krb5_ccache ccache,
-			     char *in_tkt_service, int validate)
+                             krb5_principal client, krb5_ccache ccache,
+                             char *in_tkt_service, int validate)
 {
     krb5_error_code ret;
     krb5_creds in_creds; /* only client and server need to be filled in */
@@ -291,57 +292,57 @@ krb5_validate_or_renew_creds(krb5_context context, krb5_creds *creds,
     in_creds.client = client;
 
     if (in_tkt_service) {
-	/* this is ugly, because so are the data structures involved.  I'm
-	   in the library, so I'm going to manipulate the data structures
-	   directly, otherwise, it will be worse. */
+        /* this is ugly, because so are the data structures involved.  I'm
+           in the library, so I'm going to manipulate the data structures
+           directly, otherwise, it will be worse. */
 
         if ((ret = krb5_parse_name(context, in_tkt_service, &in_creds.server)))
-	    goto cleanup;
-
-	/* stuff the client realm into the server principal.
-	   realloc if necessary */
-	if (in_creds.server->realm.length < in_creds.client->realm.length)
-	    if ((in_creds.server->realm.data =
-		 (char *) realloc(in_creds.server->realm.data,
-				  in_creds.client->realm.length)) == NULL) {
-		ret = ENOMEM;
-		goto cleanup;
-	    }
-
-	in_creds.server->realm.length = in_creds.client->realm.length;
-	memcpy(in_creds.server->realm.data, in_creds.client->realm.data,
-	       in_creds.client->realm.length);
+            goto cleanup;
+
+        /* stuff the client realm into the server principal.
+           realloc if necessary */
+        if (in_creds.server->realm.length < in_creds.client->realm.length)
+            if ((in_creds.server->realm.data =
+                 (char *) realloc(in_creds.server->realm.data,
+                                  in_creds.client->realm.length)) == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+
+        in_creds.server->realm.length = in_creds.client->realm.length;
+        memcpy(in_creds.server->realm.data, in_creds.client->realm.data,
+               in_creds.client->realm.length);
     } else {
-	if ((ret = krb5_build_principal_ext(context, &in_creds.server,
-					   in_creds.client->realm.length,
-					   in_creds.client->realm.data,
-					   KRB5_TGS_NAME_SIZE,
-					   KRB5_TGS_NAME,
-					   in_creds.client->realm.length,
-					   in_creds.client->realm.data,
-					    0)))
-	    goto cleanup;
+        if ((ret = krb5_build_principal_ext(context, &in_creds.server,
+                                            in_creds.client->realm.length,
+                                            in_creds.client->realm.data,
+                                            KRB5_TGS_NAME_SIZE,
+                                            KRB5_TGS_NAME,
+                                            in_creds.client->realm.length,
+                                            in_creds.client->realm.data,
+                                            0)))
+            goto cleanup;
     }
 
     if (validate)
-	ret = krb5_get_cred_from_kdc_validate(context, ccache, 
-					      &in_creds, &out_creds, &tgts);
+        ret = krb5_get_cred_from_kdc_validate(context, ccache,
+                                              &in_creds, &out_creds, &tgts);
     else
-	ret = krb5_get_cred_from_kdc_renew(context, ccache, 
-					   &in_creds, &out_creds, &tgts);
-   
+        ret = krb5_get_cred_from_kdc_renew(context, ccache,
+                                           &in_creds, &out_creds, &tgts);
+
     /* ick.  copy the struct contents, free the container */
     if (out_creds) {
-	*creds = *out_creds;
-	free(out_creds);
+        *creds = *out_creds;
+        free(out_creds);
     }
 
 cleanup:
 
     if (in_creds.server)
-	krb5_free_principal(context, in_creds.server);
+        krb5_free_principal(context, in_creds.server);
     if (tgts)
-	krb5_free_tgt_creds(context, tgts);
+        krb5_free_tgt_creds(context, tgts);
 
     return(ret);
 }
@@ -350,13 +351,12 @@ krb5_error_code KRB5_CALLCONV
 krb5_get_validated_creds(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service)
 {
     return(krb5_validate_or_renew_creds(context, creds, client, ccache,
-					in_tkt_service, 1));
+                                        in_tkt_service, 1));
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service)
 {
     return(krb5_validate_or_renew_creds(context, creds, client, ccache,
-					in_tkt_service, 0));
+                                        in_tkt_service, 0));
 }
-
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index a381c5c7e..40afea56d 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/get_in_tkt.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_get_in_tkt()
  */
@@ -36,7 +37,7 @@
 
 #if APPLE_PKINIT
 #define     IN_TKT_DEBUG    0
-#if	    IN_TKT_DEBUG
+#if         IN_TKT_DEBUG
 #define     inTktDebug(args...)       printf(args)
 #else
 #define     inTktDebug(args...)
@@ -44,53 +45,53 @@
 #endif /* APPLE_PKINIT */
 
 /*
- All-purpose initial ticket routine, usually called via
- krb5_get_in_tkt_with_password or krb5_get_in_tkt_with_skey.
+  All-purpose initial ticket routine, usually called via
+  krb5_get_in_tkt_with_password or krb5_get_in_tkt_with_skey.
 
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime,
- creds->times.renew_till as from, till, and rtime.  
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
+  Attempts to get an initial ticket for creds->client to use server
+  creds->server, (realm is taken from creds->client), with options
+  options, and using creds->times.starttime, creds->times.endtime,
+  creds->times.renew_till as from, till, and rtime.
+  creds->times.renew_till is ignored unless the RENEWABLE option is requested.
 
- key_proc is called to fill in the key to be used for decryption.
- keyseed is passed on to key_proc.
+  key_proc is called to fill in the key to be used for decryption.
+  keyseed is passed on to key_proc.
 
- decrypt_proc is called to perform the decryption of the response (the
- encrypted part is in dec_rep->enc_part; the decrypted part should be
- allocated and filled into dec_rep->enc_part2
- arg is passed on to decrypt_proc.
+  decrypt_proc is called to perform the decryption of the response (the
+  encrypted part is in dec_rep->enc_part; the decrypted part should be
+  allocated and filled into dec_rep->enc_part2
+  arg is passed on to decrypt_proc.
 
- If addrs is non-NULL, it is used for the addresses requested.  If it is
- null, the system standard addresses are used.
+  If addrs is non-NULL, it is used for the addresses requested.  If it is
+  null, the system standard addresses are used.
 
- A succesful call will place the ticket in the credentials cache ccache
- and fill in creds with the ticket information used/returned..
+  A succesful call will place the ticket in the credentials cache ccache
+  and fill in creds with the ticket information used/returned..
 
- returns system errors, encryption errors
+  returns system errors, encryption errors
 
- */
+*/
 
 
 /* some typedef's for the function args to make things look a bit cleaner */
 
 typedef krb5_error_code (*git_key_proc) (krb5_context,
-						   krb5_enctype,
-						   krb5_data *,
-						   krb5_const_pointer,
-						   krb5_keyblock **);
+                                         krb5_enctype,
+                                         krb5_data *,
+                                         krb5_const_pointer,
+                                         krb5_keyblock **);
 
 typedef krb5_error_code (*git_decrypt_proc) (krb5_context,
-						       const krb5_keyblock *,
-						       krb5_const_pointer,
-						       krb5_kdc_rep * );
+                                             const krb5_keyblock *,
+                                             krb5_const_pointer,
+                                             krb5_kdc_rep * );
 
-static krb5_error_code make_preauth_list (krb5_context, 
-						    krb5_preauthtype *,
-						    int, krb5_pa_data ***);
+static krb5_error_code make_preauth_list (krb5_context,
+                                          krb5_preauthtype *,
+                                          int, krb5_pa_data ***);
 static krb5_error_code sort_krb5_padata_sequence(krb5_context context,
-						 krb5_data *realm,
-						 krb5_pa_data **padata);
+                                                 krb5_data *realm,
+                                                 krb5_pa_data **padata);
 
 /*
  * This function performs 32 bit bounded addition so we can generate
@@ -105,7 +106,7 @@ static krb5_int32 krb5int_addint32 (krb5_int32 x, krb5_int32 y)
         /* sum will be less than KRB5_INT32_MIN */
         return KRB5_INT32_MIN;
     }
-    
+
     return x + y;
 }
 
@@ -115,14 +116,14 @@ static krb5_int32 krb5int_addint32 (krb5_int32 x, krb5_int32 y)
  * just uses krb5_timeofday(); it should use a PRNG. Even more unfortunately this
  * value is used interchangeably with an explicit now_time throughout this module...
  */
-static krb5_error_code  
+static krb5_error_code
 gen_nonce(krb5_context  context,
           krb5_int32    *nonce)
 {
     krb5_int32 time_now;
     krb5_error_code retval = krb5_timeofday(context, &time_now);
     if(retval) {
-	return retval;
+        return retval;
     }
     *nonce = time_now;
     return 0;
@@ -136,16 +137,16 @@ gen_nonce(krb5_context  context,
  * unexpected response, an error is returned.
  */
 static krb5_error_code
-send_as_request(krb5_context 		context,
-		krb5_data *packet, const krb5_data *realm,
-		krb5_error ** 		ret_err_reply,
-		krb5_kdc_rep ** 	ret_as_reply,
-		int 			    *use_master)
+send_as_request(krb5_context            context,
+                krb5_data *packet, const krb5_data *realm,
+                krb5_error **           ret_err_reply,
+                krb5_kdc_rep **         ret_as_reply,
+                int                         *use_master)
 {
     krb5_kdc_rep *as_reply = 0;
     krb5_error_code retval;
     krb5_data reply;
-    char k4_version;		/* same type as *(krb5_data::data) */
+    char k4_version;            /* same type as *(krb5_data::data) */
     int tcp_only = 0;
 
     reply.data = 0;
@@ -154,37 +155,37 @@ send_as_request(krb5_context 		context,
 
     k4_version = packet->data[0];
 send_again:
-    retval = krb5_sendto_kdc(context, packet, 
-			     realm,
-			     &reply, use_master, tcp_only);
+    retval = krb5_sendto_kdc(context, packet,
+                             realm,
+                             &reply, use_master, tcp_only);
 #if APPLE_PKINIT
     inTktDebug("krb5_sendto_kdc returned %d\n", (int)retval);
 #endif /* APPLE_PKINIT */
 
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     /* now decode the reply...could be error or as_rep */
     if (krb5_is_krb_error(&reply)) {
-	krb5_error *err_reply;
-
-	if ((retval = decode_krb5_error(&reply, &err_reply)))
-	    /* some other error code--??? */	    
-	    goto cleanup;
-    
-	if (ret_err_reply) {
-	    if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG
-		&& tcp_only == 0) {
-		tcp_only = 1;
-		krb5_free_error(context, err_reply);
-		free(reply.data);
-		reply.data = 0;
-		goto send_again;
-	    }
-	    *ret_err_reply = err_reply;
-	} else
-	    krb5_free_error(context, err_reply);
-	goto cleanup;
+        krb5_error *err_reply;
+
+        if ((retval = decode_krb5_error(&reply, &err_reply)))
+            /* some other error code--??? */
+            goto cleanup;
+
+        if (ret_err_reply) {
+            if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG
+                && tcp_only == 0) {
+                tcp_only = 1;
+                krb5_free_error(context, err_reply);
+                free(reply.data);
+                reply.data = 0;
+                goto send_again;
+            }
+            *ret_err_reply = err_reply;
+        } else
+            krb5_free_error(context, err_reply);
+        goto cleanup;
     }
 
     /*
@@ -192,108 +193,108 @@ send_again:
      */
     if (!krb5_is_as_rep(&reply)) {
 /* these are in <kerberosIV/prot.h> as well but it isn't worth including. */
-#define V4_KRB_PROT_VERSION	4
-#define V4_AUTH_MSG_ERR_REPLY	(5<<1)
-	/* check here for V4 reply */
-	unsigned int t_switch;
-
-	/* From v4 g_in_tkt.c: This used to be
-	   switch (pkt_msg_type(rpkt) & ~1) {
-	   but SCO 3.2v4 cc compiled that incorrectly.  */
-	t_switch = reply.data[1];
-	t_switch &= ~1;
-
-	if (t_switch == V4_AUTH_MSG_ERR_REPLY
-	    && (reply.data[0] == V4_KRB_PROT_VERSION
-		|| reply.data[0] == k4_version)) {
-	    retval = KRB5KRB_AP_ERR_V4_REPLY;
-	} else {
-	    retval = KRB5KRB_AP_ERR_MSG_TYPE;
-	}
-	goto cleanup;
+#define V4_KRB_PROT_VERSION     4
+#define V4_AUTH_MSG_ERR_REPLY   (5<<1)
+        /* check here for V4 reply */
+        unsigned int t_switch;
+
+        /* From v4 g_in_tkt.c: This used to be
+           switch (pkt_msg_type(rpkt) & ~1) {
+           but SCO 3.2v4 cc compiled that incorrectly.  */
+        t_switch = reply.data[1];
+        t_switch &= ~1;
+
+        if (t_switch == V4_AUTH_MSG_ERR_REPLY
+            && (reply.data[0] == V4_KRB_PROT_VERSION
+                || reply.data[0] == k4_version)) {
+            retval = KRB5KRB_AP_ERR_V4_REPLY;
+        } else {
+            retval = KRB5KRB_AP_ERR_MSG_TYPE;
+        }
+        goto cleanup;
     }
 
     /* It must be a KRB_AS_REP message, or an bad returned packet */
     if ((retval = decode_krb5_as_rep(&reply, &as_reply)))
-	/* some other error code ??? */
-	goto cleanup;
+        /* some other error code ??? */
+        goto cleanup;
 
     if (as_reply->msg_type != KRB5_AS_REP) {
-	retval = KRB5KRB_AP_ERR_MSG_TYPE;
-	krb5_free_kdc_rep(context, as_reply);
-	goto cleanup;
+        retval = KRB5KRB_AP_ERR_MSG_TYPE;
+        krb5_free_kdc_rep(context, as_reply);
+        goto cleanup;
     }
 
     if (ret_as_reply)
-	*ret_as_reply = as_reply;
+        *ret_as_reply = as_reply;
     else
-	krb5_free_kdc_rep(context, as_reply);
+        krb5_free_kdc_rep(context, as_reply);
 
 cleanup:
     if (reply.data)
-	free(reply.data);
+        free(reply.data);
     return retval;
 }
 
 static krb5_error_code
-decrypt_as_reply(krb5_context 		context,
-		 krb5_kdc_req		*request,
-		 krb5_kdc_rep		*as_reply,
-		 git_key_proc 		key_proc,
-		 krb5_const_pointer 	keyseed,
-		 krb5_keyblock *	key,
-		 git_decrypt_proc 	decrypt_proc,
-		 krb5_const_pointer 	decryptarg)
+decrypt_as_reply(krb5_context           context,
+                 krb5_kdc_req           *request,
+                 krb5_kdc_rep           *as_reply,
+                 git_key_proc           key_proc,
+                 krb5_const_pointer     keyseed,
+                 krb5_keyblock *        key,
+                 git_decrypt_proc       decrypt_proc,
+                 krb5_const_pointer     decryptarg)
 {
-    krb5_error_code		retval;
-    krb5_keyblock *		decrypt_key = 0;
-    krb5_data 			salt;
-    
+    krb5_error_code             retval;
+    krb5_keyblock *             decrypt_key = 0;
+    krb5_data                   salt;
+
     if (as_reply->enc_part2)
-	return 0;
+        return 0;
 
     if (key)
-	    decrypt_key = key;
+        decrypt_key = key;
     else {
-	/*
-	 * Use salt corresponding to the client principal supplied by
-	 * the KDC, which may differ from the requested principal if
-	 * canonicalization is in effect.  We will check
-	 * as_reply->client later in verify_as_reply.
-	 */
-	if ((retval = krb5_principal2salt(context, as_reply->client, &salt)))
-	    return(retval);
-    
-	retval = (*key_proc)(context, as_reply->enc_part.enctype,
-			     &salt, keyseed, &decrypt_key);
-	free(salt.data);
-	if (retval)
-	    goto cleanup;
+        /*
+         * Use salt corresponding to the client principal supplied by
+         * the KDC, which may differ from the requested principal if
+         * canonicalization is in effect.  We will check
+         * as_reply->client later in verify_as_reply.
+         */
+        if ((retval = krb5_principal2salt(context, as_reply->client, &salt)))
+            return(retval);
+
+        retval = (*key_proc)(context, as_reply->enc_part.enctype,
+                             &salt, keyseed, &decrypt_key);
+        free(salt.data);
+        if (retval)
+            goto cleanup;
     }
-    
+
     if ((retval = (*decrypt_proc)(context, decrypt_key, decryptarg, as_reply)))
-	goto cleanup;
+        goto cleanup;
 
 cleanup:
     if (!key && decrypt_key)
-	krb5_free_keyblock(context, decrypt_key);
+        krb5_free_keyblock(context, decrypt_key);
     return (retval);
 }
 
 static krb5_error_code
-verify_as_reply(krb5_context 		context,
-		krb5_timestamp 		time_now,
-		krb5_kdc_req		*request,
-		krb5_kdc_rep		*as_reply)
+verify_as_reply(krb5_context            context,
+                krb5_timestamp          time_now,
+                krb5_kdc_req            *request,
+                krb5_kdc_rep            *as_reply)
 {
-    krb5_error_code		retval;
-    int				canon_req;
-    int				canon_ok;
+    krb5_error_code             retval;
+    int                         canon_req;
+    int                         canon_ok;
 
     /* check the contents for sanity: */
     if (!as_reply->enc_part2->times.starttime)
-	as_reply->enc_part2->times.starttime =
-	    as_reply->enc_part2->times.authtime;
+        as_reply->enc_part2->times.starttime =
+            as_reply->enc_part2->times.authtime;
 
     /*
      * We only allow the AS-REP server name to be changed if the
@@ -301,184 +302,184 @@ verify_as_reply(krb5_context 		context,
      * principal) and we requested (and received) a TGT.
      */
     canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) ||
-	(krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL);
+        (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL);
     if (canon_req) {
-	canon_ok = IS_TGS_PRINC(context, request->server) &&
-		   IS_TGS_PRINC(context, as_reply->enc_part2->server);
+        canon_ok = IS_TGS_PRINC(context, request->server) &&
+            IS_TGS_PRINC(context, as_reply->enc_part2->server);
     } else
-	canon_ok = 0;
- 
+        canon_ok = 0;
+
     if ((!canon_ok &&
-	 (!krb5_principal_compare(context, as_reply->client, request->client) ||
-	  !krb5_principal_compare(context, as_reply->enc_part2->server, request->server)))
-	|| !krb5_principal_compare(context, as_reply->enc_part2->server, as_reply->ticket->server)
-	|| (request->nonce != as_reply->enc_part2->nonce)
-	/* XXX check for extraneous flags */
-	/* XXX || (!krb5_addresses_compare(context, addrs, as_reply->enc_part2->caddrs)) */
-	|| ((request->kdc_options & KDC_OPT_POSTDATED) &&
-	    (request->from != 0) &&
-	    (request->from != as_reply->enc_part2->times.starttime))
-	|| ((request->till != 0) &&
-	    (as_reply->enc_part2->times.endtime > request->till))
-	|| ((request->kdc_options & KDC_OPT_RENEWABLE) &&
-	    (request->rtime != 0) &&
-	    (as_reply->enc_part2->times.renew_till > request->rtime))
-	|| ((request->kdc_options & KDC_OPT_RENEWABLE_OK) &&
-	    !(request->kdc_options & KDC_OPT_RENEWABLE) &&
-	    (as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) &&
-	    (request->till != 0) &&
-	    (as_reply->enc_part2->times.renew_till > request->till))
-	) {
+         (!krb5_principal_compare(context, as_reply->client, request->client) ||
+          !krb5_principal_compare(context, as_reply->enc_part2->server, request->server)))
+        || !krb5_principal_compare(context, as_reply->enc_part2->server, as_reply->ticket->server)
+        || (request->nonce != as_reply->enc_part2->nonce)
+        /* XXX check for extraneous flags */
+        /* XXX || (!krb5_addresses_compare(context, addrs, as_reply->enc_part2->caddrs)) */
+        || ((request->kdc_options & KDC_OPT_POSTDATED) &&
+            (request->from != 0) &&
+            (request->from != as_reply->enc_part2->times.starttime))
+        || ((request->till != 0) &&
+            (as_reply->enc_part2->times.endtime > request->till))
+        || ((request->kdc_options & KDC_OPT_RENEWABLE) &&
+            (request->rtime != 0) &&
+            (as_reply->enc_part2->times.renew_till > request->rtime))
+        || ((request->kdc_options & KDC_OPT_RENEWABLE_OK) &&
+            !(request->kdc_options & KDC_OPT_RENEWABLE) &&
+            (as_reply->enc_part2->flags & KDC_OPT_RENEWABLE) &&
+            (request->till != 0) &&
+            (as_reply->enc_part2->times.renew_till > request->till))
+    ) {
 #if APPLE_PKINIT
-	inTktDebug("verify_as_reply: KDCREP_MODIFIED\n");
-	#if IN_TKT_DEBUG
-	if(request->client->realm.length && request->client->data->length)
-	    inTktDebug("request: name %s realm %s\n", 
-		request->client->realm.data, request->client->data->data);
-	if(as_reply->client->realm.length && as_reply->client->data->length)
-	    inTktDebug("reply  : name %s realm %s\n", 
-		as_reply->client->realm.data, as_reply->client->data->data);
-	#endif
+        inTktDebug("verify_as_reply: KDCREP_MODIFIED\n");
+#if IN_TKT_DEBUG
+        if(request->client->realm.length && request->client->data->length)
+            inTktDebug("request: name %s realm %s\n",
+                       request->client->realm.data, request->client->data->data);
+        if(as_reply->client->realm.length && as_reply->client->data->length)
+            inTktDebug("reply  : name %s realm %s\n",
+                       as_reply->client->realm.data, as_reply->client->data->data);
+#endif
 #endif /* APPLE_PKINIT */
-	return KRB5_KDCREP_MODIFIED;
+        return KRB5_KDCREP_MODIFIED;
     }
 
     if (context->library_options & KRB5_LIBOPT_SYNC_KDCTIME) {
-	retval = krb5_set_real_time(context,
-				    as_reply->enc_part2->times.authtime, -1);
-	if (retval)
-	    return retval;
+        retval = krb5_set_real_time(context,
+                                    as_reply->enc_part2->times.authtime, -1);
+        if (retval)
+            return retval;
     } else {
-	if ((request->from == 0) &&
-	    (labs(as_reply->enc_part2->times.starttime - time_now)
-	     > context->clockskew))
-	    return (KRB5_KDCREP_SKEW);
+        if ((request->from == 0) &&
+            (labs(as_reply->enc_part2->times.starttime - time_now)
+             > context->clockskew))
+            return (KRB5_KDCREP_SKEW);
     }
     return 0;
 }
 
 static krb5_error_code
-stash_as_reply(krb5_context 		context,
-	       krb5_timestamp 		time_now,
-	       krb5_kdc_req		*request,
-	       krb5_kdc_rep		*as_reply,
-	       krb5_creds * 		creds,
-	       krb5_ccache 		ccache)
+stash_as_reply(krb5_context             context,
+               krb5_timestamp           time_now,
+               krb5_kdc_req             *request,
+               krb5_kdc_rep             *as_reply,
+               krb5_creds *             creds,
+               krb5_ccache              ccache)
 {
-    krb5_error_code 		retval;
-    krb5_data *			packet;
-    krb5_principal		client;
-    krb5_principal		server;
+    krb5_error_code             retval;
+    krb5_data *                 packet;
+    krb5_principal              client;
+    krb5_principal              server;
 
     client = NULL;
     server = NULL;
 
     if (!creds->client)
         if ((retval = krb5_copy_principal(context, as_reply->client, &client)))
-	    goto cleanup;
+            goto cleanup;
 
     if (!creds->server)
-	if ((retval = krb5_copy_principal(context, as_reply->enc_part2->server,
-					  &server)))
-	    goto cleanup;
+        if ((retval = krb5_copy_principal(context, as_reply->enc_part2->server,
+                                          &server)))
+            goto cleanup;
 
     /* fill in the credentials */
-    if ((retval = krb5_copy_keyblock_contents(context, 
-					      as_reply->enc_part2->session,
-					      &creds->keyblock)))
-	goto cleanup;
+    if ((retval = krb5_copy_keyblock_contents(context,
+                                              as_reply->enc_part2->session,
+                                              &creds->keyblock)))
+        goto cleanup;
 
     creds->times = as_reply->enc_part2->times;
-    creds->is_skey = FALSE;		/* this is an AS_REQ, so cannot
-					   be encrypted in skey */
+    creds->is_skey = FALSE;             /* this is an AS_REQ, so cannot
+                                           be encrypted in skey */
     creds->ticket_flags = as_reply->enc_part2->flags;
     if ((retval = krb5_copy_addresses(context, as_reply->enc_part2->caddrs,
-				      &creds->addresses)))
-	goto cleanup;
+                                      &creds->addresses)))
+        goto cleanup;
 
     creds->second_ticket.length = 0;
     creds->second_ticket.data = 0;
 
     if ((retval = encode_krb5_ticket(as_reply->ticket, &packet)))
-	goto cleanup;
+        goto cleanup;
 
     creds->ticket = *packet;
     free(packet);
 
     /* store it in the ccache! */
     if (ccache)
-	if ((retval = krb5_cc_store_cred(context, ccache, creds)))
-	    goto cleanup;
+        if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+            goto cleanup;
 
     if (!creds->client)
-	creds->client = client;
+        creds->client = client;
     if (!creds->server)
-	creds->server = server;
+        creds->server = server;
 
 cleanup:
     if (retval) {
-	if (client)
-	    krb5_free_principal(context, client);
-	if (server)
-	    krb5_free_principal(context, server);
-	if (creds->keyblock.contents) {
-	    memset(creds->keyblock.contents, 0,
-		   creds->keyblock.length);
-	    free(creds->keyblock.contents);
-	    creds->keyblock.contents = 0;
-	    creds->keyblock.length = 0;
-	}
-	if (creds->ticket.data) {
-	    free(creds->ticket.data);
-	    creds->ticket.data = 0;
-	}
-	if (creds->addresses) {
-	    krb5_free_addresses(context, creds->addresses);
-	    creds->addresses = 0;
-	}
+        if (client)
+            krb5_free_principal(context, client);
+        if (server)
+            krb5_free_principal(context, server);
+        if (creds->keyblock.contents) {
+            memset(creds->keyblock.contents, 0,
+                   creds->keyblock.length);
+            free(creds->keyblock.contents);
+            creds->keyblock.contents = 0;
+            creds->keyblock.length = 0;
+        }
+        if (creds->ticket.data) {
+            free(creds->ticket.data);
+            creds->ticket.data = 0;
+        }
+        if (creds->addresses) {
+            krb5_free_addresses(context, creds->addresses);
+            creds->addresses = 0;
+        }
     }
     return (retval);
 }
 
 static krb5_error_code
-make_preauth_list(krb5_context	context,
-		  krb5_preauthtype *	ptypes,
-		  int			nptypes,
-		  krb5_pa_data ***	ret_list)
+make_preauth_list(krb5_context  context,
+                  krb5_preauthtype *    ptypes,
+                  int                   nptypes,
+                  krb5_pa_data ***      ret_list)
 {
-    krb5_preauthtype *		ptypep;
-    krb5_pa_data **		preauthp;
-    int				i;
+    krb5_preauthtype *          ptypep;
+    krb5_pa_data **             preauthp;
+    int                         i;
 
     if (nptypes < 0) {
- 	for (nptypes=0, ptypep = ptypes; *ptypep; ptypep++, nptypes++)
- 	    ;
+        for (nptypes=0, ptypep = ptypes; *ptypep; ptypep++, nptypes++)
+            ;
     }
- 
+
     /* allocate space for a NULL to terminate the list */
- 
+
     if ((preauthp =
- 	 (krb5_pa_data **) malloc((nptypes+1)*sizeof(krb5_pa_data *))) == NULL)
- 	return(ENOMEM);
- 
+         (krb5_pa_data **) malloc((nptypes+1)*sizeof(krb5_pa_data *))) == NULL)
+        return(ENOMEM);
+
     for (i=0; i<nptypes; i++) {
- 	if ((preauthp[i] =
- 	     (krb5_pa_data *) malloc(sizeof(krb5_pa_data))) == NULL) {
- 	    for (; i>=0; i--)
- 		free(preauthp[i]);
- 	    free(preauthp);
-	    return (ENOMEM);
-	}
- 	preauthp[i]->magic = KV5M_PA_DATA;
- 	preauthp[i]->pa_type = ptypes[i];
- 	preauthp[i]->length = 0;
- 	preauthp[i]->contents = 0;
+        if ((preauthp[i] =
+             (krb5_pa_data *) malloc(sizeof(krb5_pa_data))) == NULL) {
+            for (; i>=0; i--)
+                free(preauthp[i]);
+            free(preauthp);
+            return (ENOMEM);
+        }
+        preauthp[i]->magic = KV5M_PA_DATA;
+        preauthp[i]->pa_type = ptypes[i];
+        preauthp[i]->length = 0;
+        preauthp[i]->contents = 0;
     }
-     
+
     /* fill in the terminating NULL */
- 
+
     preauthp[nptypes] = NULL;
- 
+
     *ret_list = preauthp;
     return 0;
 }
@@ -495,10 +496,10 @@ static const krb5_enctype get_in_tkt_enctypes[] = {
 
 static krb5_error_code
 rewrite_server_realm(krb5_context context,
-		     krb5_const_principal old_server,
-		     const krb5_data *realm,
-		     krb5_boolean tgs,
-		     krb5_principal *server)
+                     krb5_const_principal old_server,
+                     const krb5_data *realm,
+                     krb5_boolean tgs,
+                     krb5_principal *server)
 {
     krb5_error_code retval;
 
@@ -506,28 +507,28 @@ rewrite_server_realm(krb5_context context,
 
     retval = krb5_copy_principal(context, old_server, server);
     if (retval)
-	return retval;
+        return retval;
 
     krb5_free_data_contents(context, &(*server)->realm);
     (*server)->realm.data = NULL;
 
     retval = krb5int_copy_data_contents(context, realm, &(*server)->realm);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     if (tgs) {
-	krb5_free_data_contents(context, &(*server)->data[1]);
-	(*server)->data[1].data = NULL;
+        krb5_free_data_contents(context, &(*server)->data[1]);
+        (*server)->data[1].data = NULL;
 
-	retval = krb5int_copy_data_contents(context, realm, &(*server)->data[1]);
-	if (retval)
-	    goto cleanup;
+        retval = krb5int_copy_data_contents(context, realm, &(*server)->data[1]);
+        if (retval)
+            goto cleanup;
     }
 
 cleanup:
     if (retval) {
-	krb5_free_principal(context, *server);
-	*server = NULL;
+        krb5_free_principal(context, *server);
+        *server = NULL;
     }
 
     return retval;
@@ -544,44 +545,44 @@ tgt_is_local_realm(krb5_creds *tgt)
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_in_tkt(krb5_context context,
-		krb5_flags options,
-		krb5_address * const * addrs,
-		krb5_enctype * ktypes,
-		krb5_preauthtype * ptypes,
-		git_key_proc key_proc,
-		krb5_const_pointer keyseed,
-		git_decrypt_proc decrypt_proc,
-		krb5_const_pointer decryptarg,
-		krb5_creds * creds,
-		krb5_ccache ccache,
-		krb5_kdc_rep ** ret_as_reply)
+                krb5_flags options,
+                krb5_address * const * addrs,
+                krb5_enctype * ktypes,
+                krb5_preauthtype * ptypes,
+                git_key_proc key_proc,
+                krb5_const_pointer keyseed,
+                git_decrypt_proc decrypt_proc,
+                krb5_const_pointer decryptarg,
+                krb5_creds * creds,
+                krb5_ccache ccache,
+                krb5_kdc_rep ** ret_as_reply)
 {
-    krb5_error_code	retval;
-    krb5_timestamp	time_now;
-    krb5_keyblock *	decrypt_key = 0;
-    krb5_kdc_req	request;
+    krb5_error_code     retval;
+    krb5_timestamp      time_now;
+    krb5_keyblock *     decrypt_key = 0;
+    krb5_kdc_req        request;
     krb5_data *encoded_request;
-    krb5_error *	err_reply;
-    krb5_kdc_rep *	as_reply = 0;
-    krb5_pa_data  **	preauth_to_use = 0;
-    int			loopcount = 0;
-    krb5_int32		do_more = 0;
-    int			canon_flag;
+    krb5_error *        err_reply;
+    krb5_kdc_rep *      as_reply = 0;
+    krb5_pa_data  **    preauth_to_use = 0;
+    int                 loopcount = 0;
+    krb5_int32          do_more = 0;
+    int                 canon_flag;
     int             use_master = 0;
-    int			referral_count = 0;
-    krb5_principal_data	referred_client;
-    krb5_principal	referred_server = NULL;
-    krb5_boolean	is_tgt_req;
+    int                 referral_count = 0;
+    krb5_principal_data referred_client;
+    krb5_principal      referred_server = NULL;
+    krb5_boolean        is_tgt_req;
 
 #if APPLE_PKINIT
     inTktDebug("krb5_get_in_tkt top\n");
 #endif /* APPLE_PKINIT */
 
     if (! krb5_realm_compare(context, creds->client, creds->server))
-	return KRB5_IN_TKT_REALM_MISMATCH;
+        return KRB5_IN_TKT_REALM_MISMATCH;
 
     if (ret_as_reply)
-	*ret_as_reply = 0;
+        *ret_as_reply = 0;
 
     referred_client = *(creds->client);
     referred_client.realm.data = NULL;
@@ -589,8 +590,8 @@ krb5_get_in_tkt(krb5_context context,
 
     /* per referrals draft, enterprise principals imply canonicalization */
     canon_flag = ((options & KDC_OPT_CANONICALIZE) != 0) ||
-	creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL;
- 
+        creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL;
+
     /*
      * Set up the basic request structure
      */
@@ -600,10 +601,10 @@ krb5_get_in_tkt(krb5_context context,
     request.ktype = 0;
     request.padata = 0;
     if (addrs)
-	request.addresses = (krb5_address **) addrs;
+        request.addresses = (krb5_address **) addrs;
     else
-	if ((retval = krb5_os_localaddr(context, &request.addresses)))
-	    goto cleanup;
+        if ((retval = krb5_os_localaddr(context, &request.addresses)))
+            goto cleanup;
     request.kdc_options = options;
     request.client = creds->client;
     request.server = creds->server;
@@ -614,43 +615,43 @@ krb5_get_in_tkt(krb5_context context,
 #if APPLE_PKINIT
     retval = gen_nonce(context, (krb5_int32 *)&time_now);
     if(retval) {
-	goto cleanup;
+        goto cleanup;
     }
     request.nonce = time_now;
 #endif /* APPLE_PKINIT */
 
     request.ktype = malloc (sizeof(get_in_tkt_enctypes));
     if (request.ktype == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memcpy(request.ktype, get_in_tkt_enctypes, sizeof(get_in_tkt_enctypes));
     for (request.nktypes = 0;request.ktype[request.nktypes];request.nktypes++);
     if (ktypes) {
-	int i, req, next = 0;
-	for (req = 0; ktypes[req]; req++) {
-	    if (ktypes[req] == request.ktype[next]) {
-		next++;
-		continue;
-	    }
-	    for (i = next + 1; i < request.nktypes; i++)
-		if (ktypes[req] == request.ktype[i]) {
-		    /* Found the enctype we want, but not in the
-		       position we want.  Move it, but keep the old
-		       one from the desired slot around in case it's
-		       later in our requested-ktypes list.  */
-		    krb5_enctype t;
-		    t = request.ktype[next];
-		    request.ktype[next] = request.ktype[i];
-		    request.ktype[i] = t;
-		    next++;
-		    break;
-		}
-	    /* If we didn't find it, don't do anything special, just
-	       drop it.  */
-	}
-	request.ktype[next] = 0;
-	request.nktypes = next;
+        int i, req, next = 0;
+        for (req = 0; ktypes[req]; req++) {
+            if (ktypes[req] == request.ktype[next]) {
+                next++;
+                continue;
+            }
+            for (i = next + 1; i < request.nktypes; i++)
+                if (ktypes[req] == request.ktype[i]) {
+                    /* Found the enctype we want, but not in the
+                       position we want.  Move it, but keep the old
+                       one from the desired slot around in case it's
+                       later in our requested-ktypes list.  */
+                    krb5_enctype t;
+                    t = request.ktype[next];
+                    request.ktype[next] = request.ktype[i];
+                    request.ktype[i] = t;
+                    next++;
+                    break;
+                }
+            /* If we didn't find it, don't do anything special, just
+               drop it.  */
+        }
+        request.ktype[next] = 0;
+        request.nktypes = next;
     }
     request.authorization_data.ciphertext.length = 0;
     request.authorization_data.ciphertext.data = 0;
@@ -662,153 +663,153 @@ krb5_get_in_tkt(krb5_context context,
      * preauth_to_use list.
      */
     if (ptypes) {
-	retval = make_preauth_list(context, ptypes, -1, &preauth_to_use);
-	if (retval)
-	    goto cleanup;
+        retval = make_preauth_list(context, ptypes, -1, &preauth_to_use);
+        if (retval)
+            goto cleanup;
     }
-	    
+
     is_tgt_req = tgt_is_local_realm(creds);
 
     while (1) {
-	if (loopcount++ > MAX_IN_TKT_LOOPS) {
-	    retval = KRB5_GET_IN_TKT_LOOP;
-	    goto cleanup;
-	}
+        if (loopcount++ > MAX_IN_TKT_LOOPS) {
+            retval = KRB5_GET_IN_TKT_LOOP;
+            goto cleanup;
+        }
 
 #if APPLE_PKINIT
-	inTktDebug("krb5_get_in_tkt calling krb5_obtain_padata\n");
+        inTktDebug("krb5_get_in_tkt calling krb5_obtain_padata\n");
 #endif /* APPLE_PKINIT */
-	if ((retval = krb5_obtain_padata(context, preauth_to_use, key_proc,
-					 keyseed, creds, &request)) != 0)
-	    goto cleanup;
-	if (preauth_to_use)
-	    krb5_free_pa_data(context, preauth_to_use);
-	preauth_to_use = 0;
-	
-	err_reply = 0;
-	as_reply = 0;
+        if ((retval = krb5_obtain_padata(context, preauth_to_use, key_proc,
+                                         keyseed, creds, &request)) != 0)
+            goto cleanup;
+        if (preauth_to_use)
+            krb5_free_pa_data(context, preauth_to_use);
+        preauth_to_use = 0;
+
+        err_reply = 0;
+        as_reply = 0;
 
         if ((retval = krb5_timeofday(context, &time_now)))
-	    goto cleanup;
+            goto cleanup;
 
         /*
          * XXX we know they are the same size... and we should do
          * something better than just the current time
          */
-	request.nonce = (krb5_int32) time_now;
-
-	if ((retval = encode_krb5_as_req(&request, &encoded_request)) != 0)
-	    goto cleanup;
-	retval = send_as_request(context, encoded_request,
-				 krb5_princ_realm(context, request.client), &err_reply,
-				 &as_reply, &use_master);
-	krb5_free_data(context, encoded_request);
-	if (retval != 0)
-	    goto cleanup;
-
-	if (err_reply) {
-	    if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED &&
-		err_reply->e_data.length > 0) {
-		retval = decode_krb5_padata_sequence(&err_reply->e_data,
-						     &preauth_to_use);
-		krb5_free_error(context, err_reply);
-		if (retval)
-		    goto cleanup;
+        request.nonce = (krb5_int32) time_now;
+
+        if ((retval = encode_krb5_as_req(&request, &encoded_request)) != 0)
+            goto cleanup;
+        retval = send_as_request(context, encoded_request,
+                                 krb5_princ_realm(context, request.client), &err_reply,
+                                 &as_reply, &use_master);
+        krb5_free_data(context, encoded_request);
+        if (retval != 0)
+            goto cleanup;
+
+        if (err_reply) {
+            if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED &&
+                err_reply->e_data.length > 0) {
+                retval = decode_krb5_padata_sequence(&err_reply->e_data,
+                                                     &preauth_to_use);
+                krb5_free_error(context, err_reply);
+                if (retval)
+                    goto cleanup;
                 retval = sort_krb5_padata_sequence(context,
-						   &request.server->realm,
-						   preauth_to_use);
-		if (retval)
-		    goto cleanup;
-		continue;
-	    } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) {
-		if (++referral_count > KRB5_REFERRAL_MAXHOPS ||
-		    err_reply->client == NULL ||
-		    err_reply->client->realm.length == 0) {
-		    retval = KRB5KDC_ERR_WRONG_REALM;
-		    krb5_free_error(context, err_reply);
-		    goto cleanup;
-		}
-		/* Rewrite request.client with realm from error reply */
-		if (referred_client.realm.data) {
-		    krb5_free_data_contents(context, &referred_client.realm);
-		    referred_client.realm.data = NULL;
-		}
-		retval = krb5int_copy_data_contents(context,
-						    &err_reply->client->realm,
-						    &referred_client.realm);
-		krb5_free_error(context, err_reply);		
-		if (retval)
-		    goto cleanup;
-		request.client = &referred_client;
-
-		if (referred_server != NULL) {
-		    krb5_free_principal(context, referred_server);
-		    referred_server = NULL;
-		}
-
-		retval = rewrite_server_realm(context,
-					      creds->server,
-					      &referred_client.realm,
-					      is_tgt_req,
-					      &referred_server);
-		if (retval)
-		    goto cleanup;
-		request.server = referred_server;
-
-		continue;
-	    } else {
-		retval = (krb5_error_code) err_reply->error 
-		    + ERROR_TABLE_BASE_krb5;
-		krb5_free_error(context, err_reply);
-		goto cleanup;
-	    }
-	} else if (!as_reply) {
-	    retval = KRB5KRB_AP_ERR_MSG_TYPE;
-	    goto cleanup;
-	}
-	if ((retval = krb5_process_padata(context, &request, as_reply,
-					  key_proc, keyseed, decrypt_proc, 
-					  &decrypt_key, creds,
-					  &do_more)) != 0)
-	    goto cleanup;
-
-	if (!do_more)
-	    break;
+                                                   &request.server->realm,
+                                                   preauth_to_use);
+                if (retval)
+                    goto cleanup;
+                continue;
+            } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) {
+                if (++referral_count > KRB5_REFERRAL_MAXHOPS ||
+                    err_reply->client == NULL ||
+                    err_reply->client->realm.length == 0) {
+                    retval = KRB5KDC_ERR_WRONG_REALM;
+                    krb5_free_error(context, err_reply);
+                    goto cleanup;
+                }
+                /* Rewrite request.client with realm from error reply */
+                if (referred_client.realm.data) {
+                    krb5_free_data_contents(context, &referred_client.realm);
+                    referred_client.realm.data = NULL;
+                }
+                retval = krb5int_copy_data_contents(context,
+                                                    &err_reply->client->realm,
+                                                    &referred_client.realm);
+                krb5_free_error(context, err_reply);
+                if (retval)
+                    goto cleanup;
+                request.client = &referred_client;
+
+                if (referred_server != NULL) {
+                    krb5_free_principal(context, referred_server);
+                    referred_server = NULL;
+                }
+
+                retval = rewrite_server_realm(context,
+                                              creds->server,
+                                              &referred_client.realm,
+                                              is_tgt_req,
+                                              &referred_server);
+                if (retval)
+                    goto cleanup;
+                request.server = referred_server;
+
+                continue;
+            } else {
+                retval = (krb5_error_code) err_reply->error
+                    + ERROR_TABLE_BASE_krb5;
+                krb5_free_error(context, err_reply);
+                goto cleanup;
+            }
+        } else if (!as_reply) {
+            retval = KRB5KRB_AP_ERR_MSG_TYPE;
+            goto cleanup;
+        }
+        if ((retval = krb5_process_padata(context, &request, as_reply,
+                                          key_proc, keyseed, decrypt_proc,
+                                          &decrypt_key, creds,
+                                          &do_more)) != 0)
+            goto cleanup;
+
+        if (!do_more)
+            break;
     }
-    
+
     if ((retval = decrypt_as_reply(context, &request, as_reply, key_proc,
-				   keyseed, decrypt_key, decrypt_proc,
-				   decryptarg)))
-	goto cleanup;
+                                   keyseed, decrypt_key, decrypt_proc,
+                                   decryptarg)))
+        goto cleanup;
 
     if ((retval = verify_as_reply(context, time_now, &request, as_reply)))
-	goto cleanup;
+        goto cleanup;
 
     if ((retval = stash_as_reply(context, time_now, &request, as_reply,
-				 creds, ccache)))
-	goto cleanup;
+                                 creds, ccache)))
+        goto cleanup;
 
 cleanup:
     if (request.ktype)
-	free(request.ktype);
+        free(request.ktype);
     if (!addrs && request.addresses)
-	krb5_free_addresses(context, request.addresses);
+        krb5_free_addresses(context, request.addresses);
     if (request.padata)
-	krb5_free_pa_data(context, request.padata);
+        krb5_free_pa_data(context, request.padata);
     if (preauth_to_use)
-	krb5_free_pa_data(context, preauth_to_use);
+        krb5_free_pa_data(context, preauth_to_use);
     if (decrypt_key)
-    	krb5_free_keyblock(context, decrypt_key);
+        krb5_free_keyblock(context, decrypt_key);
     if (as_reply) {
-	if (ret_as_reply)
-	    *ret_as_reply = as_reply;
-	else
-	    krb5_free_kdc_rep(context, as_reply);
+        if (ret_as_reply)
+            *ret_as_reply = as_reply;
+        else
+            krb5_free_kdc_rep(context, as_reply);
     }
     if (referred_client.realm.data)
-	krb5_free_data_contents(context, &referred_client.realm);
+        krb5_free_data_contents(context, &referred_client.realm);
     if (referred_server)
-	krb5_free_principal(context, referred_server);
+        krb5_free_principal(context, referred_server);
     return (retval);
 }
 
@@ -833,13 +834,13 @@ _krb5_conf_boolean(const char *s)
     const char *const *p;
 
     for(p=conf_yes; *p; p++) {
-	if (!strcasecmp(*p,s))
-	    return 1;
+        if (!strcasecmp(*p,s))
+            return 1;
     }
 
     for(p=conf_no; *p; p++) {
-	if (!strcasecmp(*p,s))
-	    return 0;
+        if (!strcasecmp(*p,s))
+            return 0;
     }
 
     /* Default to "no" */
@@ -848,7 +849,7 @@ _krb5_conf_boolean(const char *s)
 
 static krb5_error_code
 krb5_libdefault_string(krb5_context context, const krb5_data *realm,
-		       const char *option, char **ret_value)
+                       const char *option, char **ret_value)
 {
     profile_t profile;
     const char *names[5];
@@ -857,25 +858,25 @@ krb5_libdefault_string(krb5_context context, const krb5_data *realm,
     char realmstr[1024];
 
     if (realm->length > sizeof(realmstr)-1)
-	return(EINVAL);
+        return(EINVAL);
 
     strncpy(realmstr, realm->data, realm->length);
     realmstr[realm->length] = '\0';
 
-    if (!context || (context->magic != KV5M_CONTEXT)) 
-	return KV5M_CONTEXT;
+    if (!context || (context->magic != KV5M_CONTEXT))
+        return KV5M_CONTEXT;
 
     profile = context->profile;
-	    
+
     names[0] = KRB5_CONF_LIBDEFAULTS;
 
     /*
      * Try number one:
      *
      * [libdefaults]
-     *		REALM = {
-     *			option = <boolean>
-     *		}
+     *          REALM = {
+     *                  option = <boolean>
+     *          }
      */
 
     names[1] = realmstr;
@@ -883,24 +884,24 @@ krb5_libdefault_string(krb5_context context, const krb5_data *realm,
     names[3] = 0;
     retval = profile_get_values(profile, names, &nameval);
     if (retval == 0 && nameval && nameval[0])
-	goto goodbye;
+        goto goodbye;
 
     /*
      * Try number two:
      *
      * [libdefaults]
-     *		option = <boolean>
+     *          option = <boolean>
      */
-    
+
     names[1] = option;
     names[2] = 0;
     retval = profile_get_values(profile, names, &nameval);
     if (retval == 0 && nameval && nameval[0])
-	goto goodbye;
+        goto goodbye;
 
 goodbye:
-    if (!nameval) 
-	return(ENOENT);
+    if (!nameval)
+        return(ENOENT);
 
     if (!nameval[0]) {
         retval = ENOENT;
@@ -920,7 +921,7 @@ goodbye:
 
 krb5_error_code
 krb5_libdefault_boolean(krb5_context context, const krb5_data *realm,
-			const char *option, int *ret_value)
+                        const char *option, int *ret_value)
 {
     char *string = NULL;
     krb5_error_code retval;
@@ -928,7 +929,7 @@ krb5_libdefault_boolean(krb5_context context, const krb5_data *realm,
     retval = krb5_libdefault_string(context, realm, option, &string);
 
     if (retval)
-	return(retval);
+        return(retval);
 
     *ret_value = _krb5_conf_boolean(string);
     free(string);
@@ -940,7 +941,7 @@ krb5_libdefault_boolean(krb5_context context, const krb5_data *realm,
  * libdefaults entry are listed before any others. */
 static krb5_error_code
 sort_krb5_padata_sequence(krb5_context context, krb5_data *realm,
-			  krb5_pa_data **padata)
+                          krb5_pa_data **padata)
 {
     int i, j, base;
     krb5_error_code ret;
@@ -951,58 +952,58 @@ sort_krb5_padata_sequence(krb5_context context, krb5_data *realm,
     int need_free_string = 1;
 
     if ((padata == NULL) || (padata[0] == NULL)) {
-	return 0;
+        return 0;
     }
 
     ret = krb5_libdefault_string(context, realm, KRB5_CONF_PREFERRED_PREAUTH_TYPES,
-				 &preauth_types);
+                                 &preauth_types);
     if ((ret != 0) || (preauth_types == NULL)) {
-	/* Try to use PKINIT first. */
-	preauth_types = "17, 16, 15, 14";
-	need_free_string = 0;
+        /* Try to use PKINIT first. */
+        preauth_types = "17, 16, 15, 14";
+        need_free_string = 0;
     }
 
 #ifdef DEBUG
     fprintf (stderr, "preauth data types before sorting:");
     for (i = 0; padata[i]; i++) {
-	fprintf (stderr, " %d", padata[i]->pa_type);
+        fprintf (stderr, " %d", padata[i]->pa_type);
     }
     fprintf (stderr, "\n");
 #endif
 
     base = 0;
     for (p = preauth_types; *p != '\0';) {
-	/* skip whitespace to find an entry */
-	p += strspn(p, ", ");
-	if (*p != '\0') {
-	    /* see if we can extract a number */
-	    l = strtol(p, &q, 10);
-	    if ((q != NULL) && (q > p)) {
-		/* got a valid number; search for a matchin entry */
-		for (i = base; padata[i] != NULL; i++) {
-		    /* bubble the matching entry to the front of the list */
-		    if (padata[i]->pa_type == l) {
-			tmp = padata[i];
-			for (j = i; j > base; j--)
-			    padata[j] = padata[j - 1];
-			padata[base] = tmp;
-			base++;
-			break;
-		    }
-		}
-		p = q;
-	    } else {
-		break;
-	    }
-	}
+        /* skip whitespace to find an entry */
+        p += strspn(p, ", ");
+        if (*p != '\0') {
+            /* see if we can extract a number */
+            l = strtol(p, &q, 10);
+            if ((q != NULL) && (q > p)) {
+                /* got a valid number; search for a matchin entry */
+                for (i = base; padata[i] != NULL; i++) {
+                    /* bubble the matching entry to the front of the list */
+                    if (padata[i]->pa_type == l) {
+                        tmp = padata[i];
+                        for (j = i; j > base; j--)
+                            padata[j] = padata[j - 1];
+                        padata[base] = tmp;
+                        base++;
+                        break;
+                    }
+                }
+                p = q;
+            } else {
+                break;
+            }
+        }
     }
     if (need_free_string)
-	free(preauth_types);
+        free(preauth_types);
 
 #ifdef DEBUG
     fprintf (stderr, "preauth data types after sorting:");
     for (i = 0; padata[i]; i++)
-	fprintf (stderr, " %d", padata[i]->pa_type);
+        fprintf (stderr, " %d", padata[i]->pa_type);
     fprintf (stderr, "\n");
 #endif
 
@@ -1011,46 +1012,46 @@ sort_krb5_padata_sequence(krb5_context context, krb5_data *realm,
 
 static krb5_error_code
 build_in_tkt_name(krb5_context context,
-		  char *in_tkt_service,
-		  krb5_const_principal client,
-		  krb5_principal *server)
+                  char *in_tkt_service,
+                  krb5_const_principal client,
+                  krb5_principal *server)
 {
     krb5_error_code ret;
 
     *server = NULL;
 
     if (in_tkt_service) {
-	/* this is ugly, because so are the data structures involved.  I'm
-	   in the library, so I'm going to manipulate the data structures
-	   directly, otherwise, it will be worse. */
+        /* this is ugly, because so are the data structures involved.  I'm
+           in the library, so I'm going to manipulate the data structures
+           directly, otherwise, it will be worse. */
 
         if ((ret = krb5_parse_name(context, in_tkt_service, server)))
-	    return ret;
-
-	/* stuff the client realm into the server principal.
-	   realloc if necessary */
-	if ((*server)->realm.length < client->realm.length) {
-	    char *p = realloc((*server)->realm.data,
-			      client->realm.length);
-	    if (p == NULL) {
-		krb5_free_principal(context, *server);
-		*server = NULL;
-		return ENOMEM;
-	    }
-	    (*server)->realm.data = p;
-	}
-
-	(*server)->realm.length = client->realm.length;
-	memcpy((*server)->realm.data, client->realm.data, client->realm.length);
+            return ret;
+
+        /* stuff the client realm into the server principal.
+           realloc if necessary */
+        if ((*server)->realm.length < client->realm.length) {
+            char *p = realloc((*server)->realm.data,
+                              client->realm.length);
+            if (p == NULL) {
+                krb5_free_principal(context, *server);
+                *server = NULL;
+                return ENOMEM;
+            }
+            (*server)->realm.data = p;
+        }
+
+        (*server)->realm.length = client->realm.length;
+        memcpy((*server)->realm.data, client->realm.data, client->realm.length);
     } else {
-	ret = krb5_build_principal_ext(context, server,
-				       client->realm.length,
-				       client->realm.data,
-				       KRB5_TGS_NAME_SIZE,
-				       KRB5_TGS_NAME,
-				       client->realm.length,
-				       client->realm.data,
-				       0);
+        ret = krb5_build_principal_ext(context, server,
+                                       client->realm.length,
+                                       client->realm.data,
+                                       KRB5_TGS_NAME_SIZE,
+                                       KRB5_TGS_NAME,
+                                       client->realm.length,
+                                       client->realm.data,
+                                       0);
     }
     return ret;
 }
@@ -1067,22 +1068,22 @@ should_continue_preauth(krb5_ui_4 error, int loopcount)
      * currently it does not do so for built-in mechanisms.
      */
     return (error == KDC_ERR_PREAUTH_REQUIRED ||
-	    (error == KDC_ERR_PREAUTH_FAILED && loopcount == 0));
+            (error == KDC_ERR_PREAUTH_FAILED && loopcount == 0));
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds(krb5_context context,
-		    krb5_creds *creds,
-		    krb5_principal client,
-		    krb5_prompter_fct prompter,
-		    void *prompter_data,
-		    krb5_deltat start_time,
-		    char *in_tkt_service,
-		    krb5_gic_opt_ext *options,
-		    krb5_gic_get_as_key_fct gak_fct,
-		    void *gak_data,
-		    int  *use_master,
-		    krb5_kdc_rep **as_reply)
+                    krb5_creds *creds,
+                    krb5_principal client,
+                    krb5_prompter_fct prompter,
+                    void *prompter_data,
+                    krb5_deltat start_time,
+                    char *in_tkt_service,
+                    krb5_gic_opt_ext *options,
+                    krb5_gic_get_as_key_fct gak_fct,
+                    void *gak_data,
+                    int  *use_master,
+                    krb5_kdc_rep **as_reply)
 {
     krb5_error_code ret;
     krb5_kdc_req request;
@@ -1107,7 +1108,7 @@ krb5_get_init_creds(krb5_context context,
     krb5_boolean retry = 0;
     struct krb5int_fast_request_state *fast_state = NULL;
     krb5_pa_data **out_padata = NULL;
-    
+
 
     /* initialize everything which will be freed at cleanup */
 
@@ -1124,14 +1125,14 @@ krb5_get_init_creds(krb5_context context,
     as_key.length = 0;
     encrypting_key.length = 0;
     encrypting_key.contents = NULL;
-        salt.length = 0;
+    salt.length = 0;
     salt.data = NULL;
 
-	local_as_reply = 0;
+    local_as_reply = 0;
 #if APPLE_PKINIT
     inTktDebug("krb5_get_init_creds top\n");
 #endif /* APPLE_PKINIT */
-    
+
     err_reply = NULL;
 
     /* referred_client is used to rewrite the client realm for referrals */
@@ -1140,7 +1141,7 @@ krb5_get_init_creds(krb5_context context,
     referred_client.realm.length = 0;
     ret = krb5int_fast_make_state(context, &fast_state);
     if (ret)
-	    goto cleanup;
+        goto cleanup;
 
     /*
      * Set up the basic request structure
@@ -1158,137 +1159,137 @@ krb5_get_init_creds(krb5_context context,
     /* forwardable */
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE))
-	tempint = options->forwardable;
+        tempint = options->forwardable;
     else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-					    KRB5_CONF_FORWARDABLE, &tempint)) == 0)
-	    ;
+                                            KRB5_CONF_FORWARDABLE, &tempint)) == 0)
+        ;
     else
-	tempint = 0;
+        tempint = 0;
     if (tempint)
-	request.kdc_options |= KDC_OPT_FORWARDABLE;
+        request.kdc_options |= KDC_OPT_FORWARDABLE;
 
     /* proxiable */
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE))
-	tempint = options->proxiable;
+        tempint = options->proxiable;
     else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-					    KRB5_CONF_PROXIABLE, &tempint)) == 0)
-	    ;
+                                            KRB5_CONF_PROXIABLE, &tempint)) == 0)
+        ;
     else
-	tempint = 0;
+        tempint = 0;
     if (tempint)
-	request.kdc_options |= KDC_OPT_PROXIABLE;
+        request.kdc_options |= KDC_OPT_PROXIABLE;
 
     /* canonicalize */
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE))
-	tempint = 1;
+        tempint = 1;
     else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-					    KRB5_CONF_CANONICALIZE, &tempint)) == 0)
-	;
+                                            KRB5_CONF_CANONICALIZE, &tempint)) == 0)
+        ;
     else
-	tempint = 0;
+        tempint = 0;
     if (tempint)
-	request.kdc_options |= KDC_OPT_CANONICALIZE;
+        request.kdc_options |= KDC_OPT_CANONICALIZE;
 
     /* allow_postdate */
-    
+
     if (start_time > 0)
-	request.kdc_options |= (KDC_OPT_ALLOW_POSTDATE|KDC_OPT_POSTDATED);
-    
+        request.kdc_options |= (KDC_OPT_ALLOW_POSTDATE|KDC_OPT_POSTDATED);
+
     /* ticket lifetime */
-    
+
     if ((ret = krb5_timeofday(context, &request.from)))
-	goto cleanup;
+        goto cleanup;
     request.from = krb5int_addint32(request.from, start_time);
-    
+
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)) {
         tkt_life = options->tkt_life;
     } else if ((ret = krb5_libdefault_string(context, &client->realm,
-					     KRB5_CONF_TICKET_LIFETIME, &tempstr))
-	       == 0) {
-	ret = krb5_string_to_deltat(tempstr, &tkt_life);
-	free(tempstr);
-	if (ret) {
-	    goto cleanup;
-	}
+                                             KRB5_CONF_TICKET_LIFETIME, &tempstr))
+               == 0) {
+        ret = krb5_string_to_deltat(tempstr, &tkt_life);
+        free(tempstr);
+        if (ret) {
+            goto cleanup;
+        }
     } else {
-	/* this used to be hardcoded in kinit.c */
-	tkt_life = 24*60*60;
+        /* this used to be hardcoded in kinit.c */
+        tkt_life = 24*60*60;
     }
     request.till = krb5int_addint32(request.from, tkt_life);
-    
+
     /* renewable lifetime */
-    
+
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) {
-	renew_life = options->renew_life;
+        renew_life = options->renew_life;
     } else if ((ret = krb5_libdefault_string(context, &client->realm,
-					     KRB5_CONF_RENEW_LIFETIME, &tempstr))
-	       == 0) {
-	ret = krb5_string_to_deltat(tempstr, &renew_life);
-	free(tempstr);
-	if (ret) {
-	    goto cleanup;
-	}
+                                             KRB5_CONF_RENEW_LIFETIME, &tempstr))
+               == 0) {
+        ret = krb5_string_to_deltat(tempstr, &renew_life);
+        free(tempstr);
+        if (ret) {
+            goto cleanup;
+        }
     } else {
-	renew_life = 0;
+        renew_life = 0;
     }
     if (renew_life > 0)
-	request.kdc_options |= KDC_OPT_RENEWABLE;
-    
+        request.kdc_options |= KDC_OPT_RENEWABLE;
+
     if (renew_life > 0) {
-	request.rtime = krb5int_addint32(request.from, renew_life);
+        request.rtime = krb5int_addint32(request.from, renew_life);
         if (request.rtime < request.till) {
             /* don't ask for a smaller renewable time than the lifetime */
             request.rtime = request.till;
         }
         /* we are already asking for renewable tickets so strip this option */
-	request.kdc_options &= ~(KDC_OPT_RENEWABLE_OK);
+        request.kdc_options &= ~(KDC_OPT_RENEWABLE_OK);
     } else {
-	request.rtime = 0;
+        request.rtime = 0;
     }
-    
+
     /* client */
 
     request.client = client;
 
     /* per referrals draft, enterprise principals imply canonicalization */
     canon_flag = ((request.kdc_options & KDC_OPT_CANONICALIZE) != 0) ||
-	client->type == KRB5_NT_ENTERPRISE_PRINCIPAL;
+        client->type == KRB5_NT_ENTERPRISE_PRINCIPAL;
 
     /* service */
     if ((ret = build_in_tkt_name(context, in_tkt_service,
-				 request.client, &request.server)))
-	goto cleanup;
+                                 request.client, &request.server)))
+        goto cleanup;
 
     krb5_preauth_request_context_init(context);
 
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST)) {
-	request.ktype = options->etype_list;
-	request.nktypes = options->etype_list_length;
+        request.ktype = options->etype_list;
+        request.nktypes = options->etype_list_length;
     } else if ((ret = krb5_get_default_in_tkt_ktypes(context,
-						     &request.ktype)) == 0) {
-	for (request.nktypes = 0;
-	     request.ktype[request.nktypes];
-	     request.nktypes++)
-	    ;
+                                                     &request.ktype)) == 0) {
+        for (request.nktypes = 0;
+             request.ktype[request.nktypes];
+             request.nktypes++)
+            ;
     } else {
-	/* there isn't any useful default here.  ret is set from above */
-	goto cleanup;
+        /* there isn't any useful default here.  ret is set from above */
+        goto cleanup;
     }
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST)) {
-	request.addresses = options->address_list;
+        request.addresses = options->address_list;
     }
     /* it would be nice if this parsed out an address list, but
        that would be work. */
     else if (((ret = krb5_libdefault_boolean(context, &client->realm,
-					    KRB5_CONF_NOADDRESSES, &tempint)) != 0)
-	     || (tempint == 1)) {
-	    ;
+                                             KRB5_CONF_NOADDRESSES, &tempint)) != 0)
+             || (tempint == 1)) {
+        ;
     } else {
-	if ((ret = krb5_os_localaddr(context, &request.addresses)))
-	    goto cleanup;
+        if ((ret = krb5_os_localaddr(context, &request.addresses)))
+            goto cleanup;
     }
 
     request.authorization_data.ciphertext.length = 0;
@@ -1299,228 +1300,228 @@ krb5_get_init_creds(krb5_context context,
     /* set up the other state.  */
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)) {
-	if ((ret = make_preauth_list(context, options->preauth_list,
-				     options->preauth_list_length,
-				     &preauth_to_use)))
-	    goto cleanup;
+        if ((ret = make_preauth_list(context, options->preauth_list,
+                                     options->preauth_list_length,
+                                     &preauth_to_use)))
+            goto cleanup;
     }
 
     /* the salt is allocated from somewhere, unless it is from the caller,
        then it is a reference */
 
     if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)) {
-	salt = *options->salt;
+        salt = *options->salt;
     } else {
-	salt.length = SALT_TYPE_AFS_LENGTH;
-	salt.data = NULL;
+        salt.length = SALT_TYPE_AFS_LENGTH;
+        salt.data = NULL;
     }
 
 
     /* set the request nonce */
     if ((ret = krb5_timeofday(context, &time_now)))
-	goto cleanup;
+        goto cleanup;
     /*
      * XXX we know they are the same size... and we should do
      * something better than just the current time
      */
     {
-	unsigned char random_buf[4];
-	krb5_data random_data;
-
-	random_data.length = 4;
-	random_data.data = (char *)random_buf;
-	if (krb5_c_random_make_octets(context, &random_data) == 0)
-	    /* See RT ticket 3196 at MIT.  If we set the high bit, we
-	       may have compatibility problems with Heimdal, because
-	       we (incorrectly) encode this value as signed.  */
-	    request.nonce = 0x7fffffff & load_32_n(random_buf);
-	else
-	    /* XXX  Yuck.  Old version.  */
-	    request.nonce = (krb5_int32) time_now;
+        unsigned char random_buf[4];
+        krb5_data random_data;
+
+        random_data.length = 4;
+        random_data.data = (char *)random_buf;
+        if (krb5_c_random_make_octets(context, &random_data) == 0)
+            /* See RT ticket 3196 at MIT.  If we set the high bit, we
+               may have compatibility problems with Heimdal, because
+               we (incorrectly) encode this value as signed.  */
+            request.nonce = 0x7fffffff & load_32_n(random_buf);
+        else
+            /* XXX  Yuck.  Old version.  */
+            request.nonce = (krb5_int32) time_now;
     }
     ret = krb5int_fast_as_armor(context, fast_state, options, &request);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
     /* give the preauth plugins a chance to prep the request body */
     krb5_preauth_prepare_request(context, options, &request);
     ret = krb5int_fast_prep_req_body(context, fast_state,
-				     &request, &encoded_request_body);
+                                     &request, &encoded_request_body);
     if (ret)
         goto cleanup;
 
     get_data_rock.magic = CLIENT_ROCK_MAGIC;
     get_data_rock.etype = &etype;
     get_data_rock.fast_state = fast_state;
-    
+
     /* now, loop processing preauth data and talking to the kdc */
     for (loopcount = 0; loopcount < MAX_IN_TKT_LOOPS; loopcount++) {
-	if (request.padata) {
-	    krb5_free_pa_data(context, request.padata);
-	    request.padata = NULL;
-	}
-	if (!err_reply) {
+        if (request.padata) {
+            krb5_free_pa_data(context, request.padata);
+            request.padata = NULL;
+        }
+        if (!err_reply) {
             /* either our first attempt, or retrying after PREAUTH_NEEDED */
-	    if ((ret = krb5_do_preauth(context,
-				       &request,
-				       encoded_request_body,
-				       encoded_previous_request,
-				       preauth_to_use, &request.padata,
-				       &salt, &s2kparams, &etype, &as_key,
-				       prompter, prompter_data,
-				       gak_fct, gak_data,
-				       &get_data_rock, options)))
-	        goto cleanup;
-	    if (out_padata) {
-	      krb5_free_pa_data(context, out_padata);
-	      out_padata = NULL;
-	    }
-	} else {
-	    if (preauth_to_use != NULL) {
-		/*
-		 * Retry after an error other than PREAUTH_NEEDED,
-		 * using e-data to figure out what to change.
-		 */
-		ret = krb5_do_preauth_tryagain(context,
-					       &request,
-					       encoded_request_body,
-					       encoded_previous_request,
-					       preauth_to_use, &request.padata,
-					       err_reply,
-					       &salt, &s2kparams, &etype,
-					       &as_key,
-					       prompter, prompter_data,
-					       gak_fct, gak_data,
-					       &get_data_rock, options);
-	    } else {
-		/* No preauth supplied, so can't query the plug-ins. */
-		ret = KRB5KRB_ERR_GENERIC;
-	    }
-	    if (ret) {
-		/* couldn't come up with anything better */
-		ret = err_reply->error + ERROR_TABLE_BASE_krb5;
-	    }
-	    krb5_free_error(context, err_reply);
-	    err_reply = NULL;
-	    if (ret)
-		goto cleanup;
-	}
+            if ((ret = krb5_do_preauth(context,
+                                       &request,
+                                       encoded_request_body,
+                                       encoded_previous_request,
+                                       preauth_to_use, &request.padata,
+                                       &salt, &s2kparams, &etype, &as_key,
+                                       prompter, prompter_data,
+                                       gak_fct, gak_data,
+                                       &get_data_rock, options)))
+                goto cleanup;
+            if (out_padata) {
+                krb5_free_pa_data(context, out_padata);
+                out_padata = NULL;
+            }
+        } else {
+            if (preauth_to_use != NULL) {
+                /*
+                 * Retry after an error other than PREAUTH_NEEDED,
+                 * using e-data to figure out what to change.
+                 */
+                ret = krb5_do_preauth_tryagain(context,
+                                               &request,
+                                               encoded_request_body,
+                                               encoded_previous_request,
+                                               preauth_to_use, &request.padata,
+                                               err_reply,
+                                               &salt, &s2kparams, &etype,
+                                               &as_key,
+                                               prompter, prompter_data,
+                                               gak_fct, gak_data,
+                                               &get_data_rock, options);
+            } else {
+                /* No preauth supplied, so can't query the plug-ins. */
+                ret = KRB5KRB_ERR_GENERIC;
+            }
+            if (ret) {
+                /* couldn't come up with anything better */
+                ret = err_reply->error + ERROR_TABLE_BASE_krb5;
+            }
+            krb5_free_error(context, err_reply);
+            err_reply = NULL;
+            if (ret)
+                goto cleanup;
+        }
 
         if (encoded_previous_request != NULL) {
-	    krb5_free_data(context, encoded_previous_request);
-	    encoded_previous_request = NULL;
+            krb5_free_data(context, encoded_previous_request);
+            encoded_previous_request = NULL;
+        }
+        ret = krb5int_fast_prep_req(context, fast_state,
+                                    &request, encoded_request_body,
+                                    encode_krb5_as_req, &encoded_previous_request);
+        if (ret)
+            goto cleanup;
+
+        err_reply = 0;
+        local_as_reply = 0;
+        if ((ret = send_as_request(context, encoded_previous_request,
+                                   krb5_princ_realm(context, request.client), &err_reply,
+                                   &local_as_reply, use_master)))
+            goto cleanup;
+
+        if (err_reply) {
+            ret = krb5int_fast_process_error(context, fast_state, &err_reply,
+                                             &out_padata, &retry);
+            if (ret !=0)
+                goto cleanup;
+            if (should_continue_preauth(err_reply->error, loopcount) && retry) {
+                /* reset the list of preauth types to try */
+                if (preauth_to_use) {
+                    krb5_free_pa_data(context, preauth_to_use);
+                    preauth_to_use = NULL;
+                }
+                preauth_to_use = out_padata;
+                out_padata = NULL;
+                krb5_free_error(context, err_reply);
+                err_reply = NULL;
+                ret = sort_krb5_padata_sequence(context,
+                                                &request.server->realm,
+                                                preauth_to_use);
+                if (ret)
+                    goto cleanup;
+                /* continue to next iteration */
+            } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) {
+                if (err_reply->client == NULL ||
+                    err_reply->client->realm.length == 0) {
+                    ret = KRB5KDC_ERR_WRONG_REALM;
+                    krb5_free_error(context, err_reply);
+                    goto cleanup;
+                }
+                /* Rewrite request.client with realm from error reply */
+                if (referred_client.realm.data) {
+                    krb5_free_data_contents(context, &referred_client.realm);
+                    referred_client.realm.data = NULL;
+                }
+                ret = krb5int_copy_data_contents(context,
+                                                 &err_reply->client->realm,
+                                                 &referred_client.realm);
+                krb5_free_error(context, err_reply);
+                err_reply = NULL;
+                if (ret)
+                    goto cleanup;
+                request.client = &referred_client;
+
+                krb5_free_principal(context, request.server);
+                request.server = NULL;
+
+                ret = build_in_tkt_name(context, in_tkt_service,
+                                        request.client, &request.server);
+                if (ret)
+                    goto cleanup;
+            } else {
+                if (retry)  {
+                    /* continue to next iteration */
+                } else {
+                    /* error + no hints = give up */
+                    ret = (krb5_error_code) err_reply->error
+                        + ERROR_TABLE_BASE_krb5;
+                    krb5_free_error(context, err_reply);
+                    goto cleanup;
+                }
+            }
+        } else if (local_as_reply) {
+            break;
+        } else {
+            ret = KRB5KRB_AP_ERR_MSG_TYPE;
+            goto cleanup;
         }
-	ret = krb5int_fast_prep_req(context, fast_state,
-				    &request, encoded_request_body,
-				    encode_krb5_as_req, &encoded_previous_request);
-	if (ret)
-	    goto cleanup;
-
-	err_reply = 0;
-	local_as_reply = 0;
-	if ((ret = send_as_request(context, encoded_previous_request,
-				   krb5_princ_realm(context, request.client), &err_reply,
-				   &local_as_reply, use_master)))
-	    goto cleanup;
-
-	if (err_reply) {
-	  ret = krb5int_fast_process_error(context, fast_state, &err_reply,
-					   &out_padata, &retry);
-	  if (ret !=0)
-	    goto cleanup;
-	  if (should_continue_preauth(err_reply->error, loopcount) && retry) {
-		/* reset the list of preauth types to try */
-		if (preauth_to_use) {
-		    krb5_free_pa_data(context, preauth_to_use);
-		    preauth_to_use = NULL;
-		}
-		preauth_to_use = out_padata;
-		out_padata = NULL;
-		krb5_free_error(context, err_reply);
-		err_reply = NULL;
-		ret = sort_krb5_padata_sequence(context,
-						&request.server->realm,
-						preauth_to_use);
-		if (ret)
-		    goto cleanup;
-		/* continue to next iteration */
-	    } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) {
-		if (err_reply->client == NULL ||
-		    err_reply->client->realm.length == 0) {
-		    ret = KRB5KDC_ERR_WRONG_REALM;
-		    krb5_free_error(context, err_reply);
-		    goto cleanup;
-		}
-		/* Rewrite request.client with realm from error reply */
-		if (referred_client.realm.data) {
-		    krb5_free_data_contents(context, &referred_client.realm);
-		    referred_client.realm.data = NULL;
-		}
-		ret = krb5int_copy_data_contents(context,
-						 &err_reply->client->realm,
-						 &referred_client.realm);
-		krb5_free_error(context, err_reply);
-		err_reply = NULL;
-		if (ret)
-		    goto cleanup;
-		request.client = &referred_client;
-
-		krb5_free_principal(context, request.server);
-		request.server = NULL;
-
-		ret = build_in_tkt_name(context, in_tkt_service,
-					request.client, &request.server);
-		if (ret)
-		    goto cleanup;
-	    } else {
-		if (retry)  {
-		    /* continue to next iteration */
-		} else {
-		    /* error + no hints = give up */
-		    ret = (krb5_error_code) err_reply->error
-		          + ERROR_TABLE_BASE_krb5;
-		    krb5_free_error(context, err_reply);
-		    goto cleanup;
-		}
-	    }
-	} else if (local_as_reply) {
-	    break;
-	} else {
-	    ret = KRB5KRB_AP_ERR_MSG_TYPE;
-	    goto cleanup;
-	}
     }
 
 #if APPLE_PKINIT
     inTktDebug("krb5_get_init_creds done with send_as_request loop lc %d\n",
-	(int)loopcount);
+               (int)loopcount);
 #endif /* APPLE_PKINIT */
     if (loopcount == MAX_IN_TKT_LOOPS) {
-	ret = KRB5_GET_IN_TKT_LOOP;
-	goto cleanup;
+        ret = KRB5_GET_IN_TKT_LOOP;
+        goto cleanup;
     }
 
     /* process any preauth data in the as_reply */
     krb5_clear_preauth_context_use_counts(context);
     ret = krb5int_fast_process_response(context, fast_state,
-				       local_as_reply, &strengthen_key);
+                                        local_as_reply, &strengthen_key);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     if ((ret = sort_krb5_padata_sequence(context, &request.server->realm,
-					 local_as_reply->padata)))
-	goto cleanup;
+                                         local_as_reply->padata)))
+        goto cleanup;
     etype = local_as_reply->enc_part.enctype;
     if ((ret = krb5_do_preauth(context,
-			       &request,
-			       encoded_request_body, encoded_previous_request,
-			       local_as_reply->padata, &kdc_padata,
-			       &salt, &s2kparams, &etype, &as_key, prompter,
-			       prompter_data, gak_fct, gak_data,
-			       &get_data_rock, options))) {
+                               &request,
+                               encoded_request_body, encoded_previous_request,
+                               local_as_reply->padata, &kdc_padata,
+                               &salt, &s2kparams, &etype, &as_key, prompter,
+                               prompter_data, gak_fct, gak_data,
+                               &get_data_rock, options))) {
 #if APPLE_PKINIT
         inTktDebug("krb5_get_init_creds krb5_do_preauth returned %d\n", (int)ret);
 #endif /* APPLE_PKINIT */
-	goto cleanup;
-	}
+        goto cleanup;
+    }
 
     /*
      * If we haven't gotten a salt from another source yet, set up one
@@ -1533,9 +1534,9 @@ krb5_get_init_creds(krb5_context context,
      * verify_as_reply.
      */
     if (salt.length == SALT_TYPE_AFS_LENGTH && salt.data == NULL) {
-	ret = krb5_principal2salt(context, local_as_reply->client, &salt);
-	if (ret)
-	    goto cleanup;
+        ret = krb5_principal2salt(context, local_as_reply->client, &salt);
+        if (ret)
+            goto cleanup;
     }
 
     /* XXX For 1.1.1 and prior KDC's, when SAM is used w/ USE_SAD_AS_KEY,
@@ -1543,7 +1544,7 @@ krb5_get_init_creds(krb5_context context,
        instead of in the SAD. If there was a SAM preauth, there
        will be an as_key here which will be the SAD. If that fails,
        use the gak_fct to get the password, and try again. */
-      
+
     /* XXX because etypes are handled poorly (particularly wrt SAM,
        where the etype is fixed by the kdc), we may want to try
        decrypt_as_reply twice.  If there's an as_key available, try
@@ -1551,37 +1552,37 @@ krb5_get_init_creds(krb5_context context,
        as_key at all yet, then use the gak_fct to get one, and try
        again.  */
     if (as_key.length) {
-      ret = krb5int_fast_reply_key(context, strengthen_key, &as_key,
-				   &encrypting_key);
-      if (ret)
-	goto cleanup;
-      	ret = decrypt_as_reply(context, NULL, local_as_reply, NULL,
-			       NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc,
-			       NULL);
+        ret = krb5int_fast_reply_key(context, strengthen_key, &as_key,
+                                     &encrypting_key);
+        if (ret)
+            goto cleanup;
+        ret = decrypt_as_reply(context, NULL, local_as_reply, NULL,
+                               NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc,
+                               NULL);
     } else
-	ret = -1;
-	   
+        ret = -1;
+
     if (ret) {
-	/* if we haven't get gotten a key, get it now */
-
-	if ((ret = ((*gak_fct)(context, request.client,
-			       local_as_reply->enc_part.enctype,
-			       prompter, prompter_data, &salt, &s2kparams,
-			       &as_key, gak_data))))
-	    goto cleanup;
-
-	ret = krb5int_fast_reply_key(context, strengthen_key, &as_key,
-				     &encrypting_key);
-	if (ret)
-	  goto cleanup;
-	if ((ret = decrypt_as_reply(context, NULL, local_as_reply, NULL,
-				    NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc,
-				    NULL)))
-	    goto cleanup;
+        /* if we haven't get gotten a key, get it now */
+
+        if ((ret = ((*gak_fct)(context, request.client,
+                               local_as_reply->enc_part.enctype,
+                               prompter, prompter_data, &salt, &s2kparams,
+                               &as_key, gak_data))))
+            goto cleanup;
+
+        ret = krb5int_fast_reply_key(context, strengthen_key, &as_key,
+                                     &encrypting_key);
+        if (ret)
+            goto cleanup;
+        if ((ret = decrypt_as_reply(context, NULL, local_as_reply, NULL,
+                                    NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc,
+                                    NULL)))
+            goto cleanup;
     }
 
     if ((ret = verify_as_reply(context, time_now, &request, local_as_reply)))
-	goto cleanup;
+        goto cleanup;
 
     /* XXX this should be inside stash_as_reply, but as long as
        get_in_tkt is still around using that arg as an in/out, I can't
@@ -1589,8 +1590,8 @@ krb5_get_init_creds(krb5_context context,
     memset(creds, 0, sizeof(*creds));
 
     if ((ret = stash_as_reply(context, time_now, &request, local_as_reply,
-			      creds, NULL)))
-	goto cleanup;
+                              creds, NULL)))
+        goto cleanup;
 
     /* success */
 
@@ -1598,65 +1599,65 @@ krb5_get_init_creds(krb5_context context,
 
 cleanup:
     if (ret != 0) {
-	char *client_name;
-	/* See if we can produce a more detailed error message.  */
-	switch (ret) {
-	case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
-	    client_name = NULL;
-	    if (krb5_unparse_name(context, client, &client_name) == 0) {
-		krb5_set_error_message(context, ret,
-				       "Client '%s' not found in Kerberos database",
-				       client_name);
-		free(client_name);
-	    }
-	    break;
-	default:
-	    break;
-	}
+        char *client_name;
+        /* See if we can produce a more detailed error message.  */
+        switch (ret) {
+        case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
+            client_name = NULL;
+            if (krb5_unparse_name(context, client, &client_name) == 0) {
+                krb5_set_error_message(context, ret,
+                                       "Client '%s' not found in Kerberos database",
+                                       client_name);
+                free(client_name);
+            }
+            break;
+        default:
+            break;
+        }
     }
     krb5_preauth_request_context_fini(context);
-	krb5_free_keyblock(context, strengthen_key);
-	if (encrypting_key.contents)
-	  krb5_free_keyblock_contents(context, &encrypting_key);
-	    if (fast_state)
-	krb5int_fast_free_state(context, fast_state);
+    krb5_free_keyblock(context, strengthen_key);
+    if (encrypting_key.contents)
+        krb5_free_keyblock_contents(context, &encrypting_key);
+    if (fast_state)
+        krb5int_fast_free_state(context, fast_state);
     if (out_padata)
-	krb5_free_pa_data(context, out_padata);
+        krb5_free_pa_data(context, out_padata);
     if (encoded_previous_request != NULL) {
-	krb5_free_data(context, encoded_previous_request);
-	encoded_previous_request = NULL;
+        krb5_free_data(context, encoded_previous_request);
+        encoded_previous_request = NULL;
     }
     if (encoded_request_body != NULL) {
-	krb5_free_data(context, encoded_request_body);
-	encoded_request_body = NULL;
+        krb5_free_data(context, encoded_request_body);
+        encoded_request_body = NULL;
     }
     if (request.server)
-	krb5_free_principal(context, request.server);
+        krb5_free_principal(context, request.server);
     if (request.ktype &&
-	(!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST))))
-	free(request.ktype);
+        (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST))))
+        free(request.ktype);
     if (request.addresses &&
-	(!(options &&
-	   (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST))))
-	krb5_free_addresses(context, request.addresses);
+        (!(options &&
+           (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST))))
+        krb5_free_addresses(context, request.addresses);
     if (preauth_to_use)
-	krb5_free_pa_data(context, preauth_to_use);
+        krb5_free_pa_data(context, preauth_to_use);
     if (kdc_padata)
-	krb5_free_pa_data(context, kdc_padata);
+        krb5_free_pa_data(context, kdc_padata);
     if (request.padata)
-	krb5_free_pa_data(context, request.padata);
+        krb5_free_pa_data(context, request.padata);
     if (as_key.length)
-	krb5_free_keyblock_contents(context, &as_key);
+        krb5_free_keyblock_contents(context, &as_key);
     if (salt.data &&
-	(!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT))))
-	free(salt.data);
+        (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT))))
+        free(salt.data);
     krb5_free_data_contents(context, &s2kparams);
     if (as_reply)
-	*as_reply = local_as_reply;
+        *as_reply = local_as_reply;
     else if (local_as_reply)
-	krb5_free_kdc_rep(context, local_as_reply);
+        krb5_free_kdc_rep(context, local_as_reply);
     if (referred_client.realm.data)
-	krb5_free_data_contents(context, &referred_client.realm);
+        krb5_free_data_contents(context, &referred_client.realm);
 
     return(ret);
 }
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index 33db55278..ab064ebcd 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/gic_keytab.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -23,7 +24,7 @@
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
  */
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
 
 #include "k5-int.h"
 
@@ -49,20 +50,20 @@ krb5_get_as_key_keytab(
        a new one. */
 
     if (as_key->length) {
-	if (as_key->enctype == etype)
-	    return(0);
+        if (as_key->enctype == etype)
+            return(0);
 
-	krb5_free_keyblock_contents(context, as_key);
-	as_key->length = 0;
+        krb5_free_keyblock_contents(context, as_key);
+        as_key->length = 0;
     }
 
     if (!krb5_c_valid_enctype(etype))
-	return(KRB5_PROG_ETYPE_NOSUPP);
+        return(KRB5_PROG_ETYPE_NOSUPP);
 
     if ((ret = krb5_kt_get_entry(context, keytab, client,
-				 0, /* don't have vno available */
-				 etype, &kt_ent)))
-	return(ret);
+                                 0, /* don't have vno available */
+                                 etype, &kt_ent)))
+        return(ret);
 
     ret = krb5_copy_keyblock(context, &kt_ent.key, &kt_key);
 
@@ -78,93 +79,93 @@ krb5_get_as_key_keytab(
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_keytab(krb5_context context,
-			   krb5_creds *creds,
-			   krb5_principal client,
-			   krb5_keytab arg_keytab,
-			   krb5_deltat start_time,
-			   char *in_tkt_service,
-			   krb5_get_init_creds_opt *options)
+                           krb5_creds *creds,
+                           krb5_principal client,
+                           krb5_keytab arg_keytab,
+                           krb5_deltat start_time,
+                           char *in_tkt_service,
+                           krb5_get_init_creds_opt *options)
 {
-   krb5_error_code ret, ret2;
-   int use_master;
-   krb5_keytab keytab;
-   krb5_gic_opt_ext *opte = NULL;
+    krb5_error_code ret, ret2;
+    int use_master;
+    krb5_keytab keytab;
+    krb5_gic_opt_ext *opte = NULL;
+
+    if (arg_keytab == NULL) {
+        if ((ret = krb5_kt_default(context, &keytab)))
+            return ret;
+    } else {
+        keytab = arg_keytab;
+    }
 
-   if (arg_keytab == NULL) {
-       if ((ret = krb5_kt_default(context, &keytab)))
-	    return ret;
-   } else {
-       keytab = arg_keytab;
-   }
+    ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
+                                  "krb5_get_init_creds_keytab");
+    if (ret)
+        return ret;
 
-   ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
-				 "krb5_get_init_creds_keytab");
-   if (ret)
-      return ret;
+    use_master = 0;
 
-   use_master = 0;
+    /* first try: get the requested tkt from any kdc */
 
-   /* first try: get the requested tkt from any kdc */
+    ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
+                              start_time, in_tkt_service, opte,
+                              krb5_get_as_key_keytab, (void *) keytab,
+                              &use_master,NULL);
 
-   ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
-			     start_time, in_tkt_service, opte,
-			     krb5_get_as_key_keytab, (void *) keytab,
-			     &use_master,NULL);
+    /* check for success */
 
-   /* check for success */
+    if (ret == 0)
+        goto cleanup;
 
-   if (ret == 0)
-      goto cleanup;
+    /* If all the kdc's are unavailable fail */
 
-   /* If all the kdc's are unavailable fail */
+    if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
+        goto cleanup;
 
-   if ((ret == KRB5_KDC_UNREACH) || (ret == KRB5_REALM_CANT_RESOLVE))
-      goto cleanup;
+    /* if the reply did not come from the master kdc, try again with
+       the master kdc */
 
-   /* if the reply did not come from the master kdc, try again with
-      the master kdc */
+    if (!use_master) {
+        use_master = 1;
 
-   if (!use_master) {
-      use_master = 1;
+        ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
+                                   start_time, in_tkt_service, opte,
+                                   krb5_get_as_key_keytab, (void *) keytab,
+                                   &use_master, NULL);
 
-      ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
-				 start_time, in_tkt_service, opte,
-				 krb5_get_as_key_keytab, (void *) keytab,
-				 &use_master, NULL);
-      
-      if (ret2 == 0) {
-	 ret = 0;
-	 goto cleanup;
-      }
+        if (ret2 == 0) {
+            ret = 0;
+            goto cleanup;
+        }
 
-      /* if the master is unreachable, return the error from the
-	 slave we were able to contact */
+        /* if the master is unreachable, return the error from the
+           slave we were able to contact */
 
-      if ((ret2 == KRB5_KDC_UNREACH) ||
-	  (ret2 == KRB5_REALM_CANT_RESOLVE) ||
-	  (ret2 == KRB5_REALM_UNKNOWN))
-	 goto cleanup;
+        if ((ret2 == KRB5_KDC_UNREACH) ||
+            (ret2 == KRB5_REALM_CANT_RESOLVE) ||
+            (ret2 == KRB5_REALM_UNKNOWN))
+            goto cleanup;
 
-      ret = ret2;
-   }
+        ret = ret2;
+    }
 
-   /* at this point, we have a response from the master.  Since we don't
-      do any prompting or changing for keytabs, that's it. */
+    /* at this point, we have a response from the master.  Since we don't
+       do any prompting or changing for keytabs, that's it. */
 
 cleanup:
-   if (opte && krb5_gic_opt_is_shadowed(opte))
-       krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
-   if (arg_keytab == NULL)
-       krb5_kt_close(context, keytab);
+    if (opte && krb5_gic_opt_is_shadowed(opte))
+        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+    if (arg_keytab == NULL)
+        krb5_kt_close(context, keytab);
 
-   return(ret);
+    return(ret);
 }
 krb5_error_code KRB5_CALLCONV
 krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
-			      krb5_address *const *addrs, krb5_enctype *ktypes,
-			      krb5_preauthtype *pre_auth_types,
-			      krb5_keytab arg_keytab, krb5_ccache ccache,
-			      krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+                            krb5_address *const *addrs, krb5_enctype *ktypes,
+                            krb5_preauthtype *pre_auth_types,
+                            krb5_keytab arg_keytab, krb5_ccache ccache,
+                            krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
 {
     krb5_error_code retval;
     krb5_gic_opt_ext *opte;
@@ -172,49 +173,48 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
     krb5_keytab keytab;
     krb5_principal client_princ, server_princ;
     int use_master = 0;
-    
+
     retval = krb5int_populate_gic_opt(context, &opte,
-				      options, addrs, ktypes,
-				      pre_auth_types, creds);
+                                      options, addrs, ktypes,
+                                      pre_auth_types, creds);
     if (retval)
-	return retval;
+        return retval;
 
     if (arg_keytab == NULL) {
-	retval = krb5_kt_default(context, &keytab);
-	if (retval)
-	    return retval;
+        retval = krb5_kt_default(context, &keytab);
+        if (retval)
+            return retval;
     }
     else keytab = arg_keytab;
-    
+
     retval = krb5_unparse_name( context, creds->server, &server);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     server_princ = creds->server;
     client_princ = creds->client;
     retval = krb5_get_init_creds (context,
-				  creds, creds->client,  
-				  krb5_prompter_posix,  NULL,
-				  0, server, opte,
-				  krb5_get_as_key_keytab, (void *)keytab,
-				  &use_master, ret_as_reply);
+                                  creds, creds->client,
+                                  krb5_prompter_posix,  NULL,
+                                  0, server, opte,
+                                  krb5_get_as_key_keytab, (void *)keytab,
+                                  &use_master, ret_as_reply);
     krb5_free_unparsed_name( context, server);
     krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
     if (retval) {
-	goto cleanup;
+        goto cleanup;
     }
     krb5_free_principal(context, creds->server);
     krb5_free_principal(context, creds->client);
-	creds->client = client_princ;
-	creds->server = server_princ;
-	
+    creds->client = client_princ;
+    creds->server = server_princ;
+
     /* store it in the ccache! */
     if (ccache)
-	if ((retval = krb5_cc_store_cred(context, ccache, creds)))
-	    goto cleanup;
- cleanup:    if (arg_keytab == NULL)
-     krb5_kt_close(context, keytab);
+        if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+            goto cleanup;
+cleanup:    if (arg_keytab == NULL)
+        krb5_kt_close(context, keytab);
     return retval;
 }
 
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c
index 72203f0e7..bff45392f 100644
--- a/src/lib/krb5/krb/gic_opt.c
+++ b/src/lib/krb5/krb/gic_opt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include "int-proto.h"
 
@@ -17,77 +18,77 @@ krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt)
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, krb5_deltat tkt_life)
 {
-   opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
-   opt->tkt_life = tkt_life;
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_TKT_LIFE;
+    opt->tkt_life = tkt_life;
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, krb5_deltat renew_life)
 {
-   opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
-   opt->renew_life = renew_life;
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE;
+    opt->renew_life = renew_life;
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, int forwardable)
 {
-   opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
-   opt->forwardable = forwardable;
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_FORWARDABLE;
+    opt->forwardable = forwardable;
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, int proxiable)
 {
-   opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
-   opt->proxiable = proxiable;
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PROXIABLE;
+    opt->proxiable = proxiable;
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opt, int canonicalize)
 {
     if (canonicalize)
-	opt->flags |= KRB5_GET_INIT_CREDS_OPT_CANONICALIZE;
+        opt->flags |= KRB5_GET_INIT_CREDS_OPT_CANONICALIZE;
     else
-	opt->flags &= ~(KRB5_GET_INIT_CREDS_OPT_CANONICALIZE);
+        opt->flags &= ~(KRB5_GET_INIT_CREDS_OPT_CANONICALIZE);
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length)
 {
-   opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
-   opt->etype_list = etype_list;
-   opt->etype_list_length = etype_list_length;
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST;
+    opt->etype_list = etype_list;
+    opt->etype_list_length = etype_list_length;
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, krb5_address **addresses)
 {
-   opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
-   opt->address_list = addresses;
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST;
+    opt->address_list = addresses;
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length)
 {
-   opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
-   opt->preauth_list = preauth_list;
-   opt->preauth_list_length = preauth_list_length;
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST;
+    opt->preauth_list = preauth_list;
+    opt->preauth_list_length = preauth_list_length;
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt)
 {
-   opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
-   opt->salt = salt;
+    opt->flags |= KRB5_GET_INIT_CREDS_OPT_SALT;
+    opt->salt = salt;
 }
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt, int prompt)
 {
-   if (prompt)
-     opt->flags |= KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
-   else
-     opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
+    if (prompt)
+        opt->flags |= KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
+    else
+        opt->flags &= ~KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT;
 }
 
 /*
@@ -109,7 +110,7 @@ krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt,
  * with the new krb5_get_init_creds_opt_alloc() function.
  * KRB5_GET_INIT_CREDS_OPT_SHADOWED is set to indicate that the extended
  * structure is a shadow copy of an original krb5_get_init_creds_opt
- * structure.  
+ * structure.
  * If KRB5_GET_INIT_CREDS_OPT_SHADOWED is set after a call to
  * krb5int_gic_opt_to_opte(), the resulting extended structure should be
  * freed (using krb5_get_init_creds_free).  Otherwise, the original
@@ -119,17 +120,17 @@ krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt,
 /* Forward prototype */
 static void
 free_gic_opt_ext_preauth_data(krb5_context context,
-			      krb5_gic_opt_ext *opte);
+                              krb5_gic_opt_ext *opte);
 
 static krb5_error_code
 krb5int_gic_opte_private_alloc(krb5_context context, krb5_gic_opt_ext *opte)
 {
     if (NULL == opte || !krb5_gic_opt_is_extended(opte))
-	return EINVAL;
+        return EINVAL;
 
     opte->opt_private = calloc(1, sizeof(*opte->opt_private));
     if (NULL == opte->opt_private) {
-	return ENOMEM;
+        return ENOMEM;
     }
     /* Allocate any private stuff */
     opte->opt_private->num_preauth_data = 0;
@@ -141,13 +142,13 @@ static krb5_error_code
 krb5int_gic_opte_private_free(krb5_context context, krb5_gic_opt_ext *opte)
 {
     if (NULL == opte || !krb5_gic_opt_is_extended(opte))
-	return EINVAL;
-	
+        return EINVAL;
+
     /* Free up any private stuff */
     if (opte->opt_private->preauth_data != NULL)
-	free_gic_opt_ext_preauth_data(context, opte);
+        free_gic_opt_ext_preauth_data(context, opte);
     if (opte->opt_private->fast_ccache_name)
-	free(opte->opt_private->fast_ccache_name);
+        free(opte->opt_private->fast_ccache_name);
     free(opte->opt_private);
     opte->opt_private = NULL;
     return 0;
@@ -161,27 +162,27 @@ krb5int_gic_opte_alloc(krb5_context context)
 
     opte = calloc(1, sizeof(*opte));
     if (NULL == opte)
-	return NULL;
+        return NULL;
     opte->flags = KRB5_GET_INIT_CREDS_OPT_EXTENDED;
 
     code = krb5int_gic_opte_private_alloc(context, opte);
     if (code) {
-	krb5int_set_error(&context->err, code,
-		"krb5int_gic_opte_alloc: krb5int_gic_opte_private_alloc failed");
-	free(opte);
-	return NULL;
+        krb5int_set_error(&context->err, code,
+                          "krb5int_gic_opte_alloc: krb5int_gic_opte_private_alloc failed");
+        free(opte);
+        return NULL;
     }
     return(opte);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_opt_alloc(krb5_context context,
-			      krb5_get_init_creds_opt **opt)
+                              krb5_get_init_creds_opt **opt)
 {
     krb5_gic_opt_ext *opte;
 
     if (NULL == opt)
-	return EINVAL;
+        return EINVAL;
     *opt = NULL;
 
     /*
@@ -189,7 +190,7 @@ krb5_get_init_creds_opt_alloc(krb5_context context,
      */
     opte = krb5int_gic_opte_alloc(context);
     if (NULL == opte)
-	return ENOMEM;
+        return ENOMEM;
 
     *opt = (krb5_get_init_creds_opt *) opte;
     init_common(*opt);
@@ -198,47 +199,47 @@ krb5_get_init_creds_opt_alloc(krb5_context context,
 
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_free(krb5_context context,
-			     krb5_get_init_creds_opt *opt)
+                             krb5_get_init_creds_opt *opt)
 {
     krb5_gic_opt_ext *opte;
 
     if (NULL == opt)
-	return;
+        return;
 
     /* Don't touch it if we didn't allocate it */
     if (!krb5_gic_opt_is_extended(opt))
-	return;
-    
+        return;
+
     opte = (krb5_gic_opt_ext *)opt;
     if (opte->opt_private)
-	krb5int_gic_opte_private_free(context, opte);
+        krb5int_gic_opte_private_free(context, opte);
 
     free(opte);
 }
 
 static krb5_error_code
 krb5int_gic_opte_copy(krb5_context context,
-		      krb5_get_init_creds_opt *opt,
-		      krb5_gic_opt_ext **opte)
+                      krb5_get_init_creds_opt *opt,
+                      krb5_gic_opt_ext **opte)
 {
     krb5_gic_opt_ext *oe;
 
     oe = krb5int_gic_opte_alloc(context);
     if (NULL == oe)
-	return ENOMEM;
+        return ENOMEM;
 
     if (opt) {
-	oe->flags               = opt->flags;
-	oe->tkt_life            = opt->tkt_life;
-	oe->renew_life          = opt->renew_life;
-	oe->forwardable         = opt->forwardable;
-	oe->proxiable           = opt->proxiable;
-	oe->etype_list          = opt->etype_list;
-	oe->etype_list_length   = opt->etype_list_length;
-	oe->address_list        = opt->address_list;
-	oe->preauth_list        = opt->preauth_list;
-	oe->preauth_list_length = opt->preauth_list_length;
-	oe->salt                = opt->salt;
+        oe->flags               = opt->flags;
+        oe->tkt_life            = opt->tkt_life;
+        oe->renew_life          = opt->renew_life;
+        oe->forwardable         = opt->forwardable;
+        oe->proxiable           = opt->proxiable;
+        oe->etype_list          = opt->etype_list;
+        oe->etype_list_length   = opt->etype_list_length;
+        oe->address_list        = opt->address_list;
+        oe->preauth_list        = opt->preauth_list;
+        oe->preauth_list_length = opt->preauth_list_length;
+        oe->salt                = opt->salt;
     }
 
     /*
@@ -250,7 +251,7 @@ krb5int_gic_opte_copy(krb5_context context,
      * application is unaware of its existence.
      */
     oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
-		   KRB5_GET_INIT_CREDS_OPT_SHADOWED);
+                   KRB5_GET_INIT_CREDS_OPT_SHADOWED);
 
     *opte = oe;
     return 0;
@@ -268,20 +269,20 @@ krb5int_gic_opte_copy(krb5_context context,
  */
 krb5_error_code
 krb5int_gic_opt_to_opte(krb5_context context,
-			krb5_get_init_creds_opt *opt,
-			krb5_gic_opt_ext **opte,
-			unsigned int force,
-			const char *where)
+                        krb5_get_init_creds_opt *opt,
+                        krb5_gic_opt_ext **opte,
+                        unsigned int force,
+                        const char *where)
 {
     if (!krb5_gic_opt_is_extended(opt)) {
-	if (force) {
-	    return krb5int_gic_opte_copy(context, opt, opte);
-	} else {
-	    krb5int_set_error(&context->err, EINVAL,
-		    "%s: attempt to convert non-extended krb5_get_init_creds_opt",
-		    where);
-	    return EINVAL;
-	}
+        if (force) {
+            return krb5int_gic_opte_copy(context, opt, opte);
+        } else {
+            krb5int_set_error(&context->err, EINVAL,
+                              "%s: attempt to convert non-extended krb5_get_init_creds_opt",
+                              where);
+            return EINVAL;
+        }
     }
     /* If it is already extended, just return it */
     *opte = (krb5_gic_opt_ext *)opt;
@@ -290,20 +291,20 @@ krb5int_gic_opt_to_opte(krb5_context context,
 
 static void
 free_gic_opt_ext_preauth_data(krb5_context context,
-			      krb5_gic_opt_ext *opte)
+                              krb5_gic_opt_ext *opte)
 {
     int i;
 
     if (NULL == opte || !krb5_gic_opt_is_extended(opte))
-	return;
+        return;
     if (NULL == opte->opt_private || NULL == opte->opt_private->preauth_data)
-	return;
+        return;
 
     for (i = 0; i < opte->opt_private->num_preauth_data; i++) {
-	if (opte->opt_private->preauth_data[i].attr != NULL)
-	    free(opte->opt_private->preauth_data[i].attr);
-	if (opte->opt_private->preauth_data[i].value != NULL)
-	    free(opte->opt_private->preauth_data[i].value);
+        if (opte->opt_private->preauth_data[i].attr != NULL)
+            free(opte->opt_private->preauth_data[i].attr);
+        if (opte->opt_private->preauth_data[i].value != NULL)
+            free(opte->opt_private->preauth_data[i].value);
     }
     free(opte->opt_private->preauth_data);
     opte->opt_private->preauth_data = NULL;
@@ -312,9 +313,9 @@ free_gic_opt_ext_preauth_data(krb5_context context,
 
 static krb5_error_code
 add_gic_opt_ext_preauth_data(krb5_context context,
-			     krb5_gic_opt_ext *opte,
-			     const char *attr,
-			     const char *value)
+                             krb5_gic_opt_ext *opte,
+                             const char *attr,
+                             const char *value)
 {
     size_t newsize;
     int i;
@@ -323,21 +324,21 @@ add_gic_opt_ext_preauth_data(krb5_context context,
     newsize = opte->opt_private->num_preauth_data + 1;
     newsize = newsize * sizeof(*opte->opt_private->preauth_data);
     if (opte->opt_private->preauth_data == NULL)
-	newpad = malloc(newsize);
+        newpad = malloc(newsize);
     else
-	newpad = realloc(opte->opt_private->preauth_data, newsize);
+        newpad = realloc(opte->opt_private->preauth_data, newsize);
     if (newpad == NULL)
-	return ENOMEM;
+        return ENOMEM;
     opte->opt_private->preauth_data = newpad;
 
     i = opte->opt_private->num_preauth_data;
     newpad[i].attr = strdup(attr);
     if (newpad[i].attr == NULL)
-	return ENOMEM;
+        return ENOMEM;
     newpad[i].value = strdup(value);
     if (newpad[i].value == NULL) {
-	free(newpad[i].attr);
-	return ENOMEM;
+        free(newpad[i].attr);
+        return ENOMEM;
     }
     opte->opt_private->num_preauth_data += 1;
     return 0;
@@ -353,24 +354,24 @@ add_gic_opt_ext_preauth_data(krb5_context context,
  */
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_opt_set_pa(krb5_context context,
-			       krb5_get_init_creds_opt *opt,
-			       const char *attr,
-			       const char *value)
+                               krb5_get_init_creds_opt *opt,
+                               const char *attr,
+                               const char *value)
 {
     krb5_error_code retval;
     krb5_gic_opt_ext *opte;
 
     retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
-				     "krb5_get_init_creds_opt_set_pa");
+                                     "krb5_get_init_creds_opt_set_pa");
     if (retval)
-	return retval;
+        return retval;
 
     /*
      * Copy the option into the extended get_init_creds_opt structure
      */
     retval = add_gic_opt_ext_preauth_data(context, opte, attr, value);
     if (retval)
-	return retval;
+        return retval;
 
     /*
      * Give the plugins a chance to look at the option now.
@@ -389,9 +390,9 @@ krb5_get_init_creds_opt_set_pa(krb5_context context,
  */
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_opt_get_pa(krb5_context context,
-			       krb5_get_init_creds_opt *opt,
-			       int *num_preauth_data,
-			       krb5_gic_opt_pa_data **preauth_data)
+                               krb5_get_init_creds_opt *opt,
+                               int *num_preauth_data,
+                               krb5_gic_opt_pa_data **preauth_data)
 {
     krb5_error_code retval;
     krb5_gic_opt_ext *opte;
@@ -400,70 +401,70 @@ krb5_get_init_creds_opt_get_pa(krb5_context context,
     size_t allocsize;
 
     retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
-				     "krb5_get_init_creds_opt_get_pa");
+                                     "krb5_get_init_creds_opt_get_pa");
     if (retval)
-	return retval;
+        return retval;
 
     if (num_preauth_data == NULL || preauth_data == NULL)
-	return EINVAL;
+        return EINVAL;
 
     *num_preauth_data = 0;
     *preauth_data = NULL;
 
     if (opte->opt_private->num_preauth_data == 0)
-	return 0;
+        return 0;
 
     allocsize =
-	    opte->opt_private->num_preauth_data * sizeof(krb5_gic_opt_pa_data);
+        opte->opt_private->num_preauth_data * sizeof(krb5_gic_opt_pa_data);
     p = malloc(allocsize);
     if (p == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     /* Init these to make cleanup easier */
     for (i = 0; i < opte->opt_private->num_preauth_data; i++) {
-	p[i].attr = NULL;
-	p[i].value = NULL;
+        p[i].attr = NULL;
+        p[i].value = NULL;
     }
 
     for (i = 0; i < opte->opt_private->num_preauth_data; i++) {
-	p[i].attr = strdup(opte->opt_private->preauth_data[i].attr);
-	p[i].value = strdup(opte->opt_private->preauth_data[i].value);
-	if (p[i].attr == NULL || p[i].value == NULL)
-	    goto cleanup;
+        p[i].attr = strdup(opte->opt_private->preauth_data[i].attr);
+        p[i].value = strdup(opte->opt_private->preauth_data[i].value);
+        if (p[i].attr == NULL || p[i].value == NULL)
+            goto cleanup;
     }
     *num_preauth_data = i;
     *preauth_data = p;
     return 0;
 cleanup:
     for (i = 0; i < opte->opt_private->num_preauth_data; i++) {
-	if (p[i].attr != NULL)
-	    free(p[i].attr);
-	if (p[i].value != NULL)
-	    free(p[i].value);
+        if (p[i].attr != NULL)
+            free(p[i].attr);
+        if (p[i].value != NULL)
+            free(p[i].value);
     }
     free(p);
     return ENOMEM;
 }
 
 /*
- * This function frees the preauth_data that was returned by 
+ * This function frees the preauth_data that was returned by
  * krb5_get_init_creds_opt_get_pa().
  */
 void KRB5_CALLCONV
 krb5_get_init_creds_opt_free_pa(krb5_context context,
-				int num_preauth_data,
-				krb5_gic_opt_pa_data *preauth_data)
+                                int num_preauth_data,
+                                krb5_gic_opt_pa_data *preauth_data)
 {
     int i;
 
     if (num_preauth_data <= 0 || preauth_data == NULL)
-	return;
+        return;
 
     for (i = 0; i < num_preauth_data; i++) {
-	if (preauth_data[i].attr != NULL)
-	    free(preauth_data[i].attr);
-	if (preauth_data[i].value != NULL)
-	    free(preauth_data[i].value);
+        if (preauth_data[i].attr != NULL)
+            free(preauth_data[i].attr);
+        if (preauth_data[i].value != NULL)
+            free(preauth_data[i].value);
     }
     free(preauth_data);
 }
@@ -474,14 +475,14 @@ krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_fast_ccache_name
     krb5_gic_opt_ext *opte;
 
     retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
-				     "krb5_get_init_creds_opt_set_fast_ccache_name");
+                                     "krb5_get_init_creds_opt_set_fast_ccache_name");
     if (retval)
-	return retval;
+        return retval;
     if (opte->opt_private->fast_ccache_name) {
-	free(opte->opt_private->fast_ccache_name);
+        free(opte->opt_private->fast_ccache_name);
     }
     opte->opt_private->fast_ccache_name = strdup(ccache_name);
     if (opte->opt_private->fast_ccache_name == NULL)
-	retval = ENOMEM;
+        retval = ENOMEM;
     return retval;
 }
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 0109104df..fa0c1739a 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include "com_err.h"
 
@@ -32,168 +33,168 @@ krb5_get_as_key_password(
        cases?  */
 
     if (as_key->length) {
-	if (as_key->enctype != etype) {
-	    krb5_free_keyblock_contents (context, as_key);
-	    as_key->length = 0;
-	}
+        if (as_key->enctype != etype) {
+            krb5_free_keyblock_contents (context, as_key);
+            as_key->length = 0;
+        }
     }
 
     if (password->data[0] == '\0') {
-	if (prompter == NULL)
-	    return(EIO);
-
-	if ((ret = krb5_unparse_name(context, client, &clientstr)))
-	  return(ret);
-
-	snprintf(promptstr, sizeof(promptstr), "Password for %s", clientstr);
-	free(clientstr);
-
-	prompt.prompt = promptstr;
-	prompt.hidden = 1;
-	prompt.reply = password;
-	prompt_type = KRB5_PROMPT_TYPE_PASSWORD;
-
-	/* PROMPTER_INVOCATION */
-	krb5int_set_prompt_types(context, &prompt_type);
-	if ((ret = (((*prompter)(context, prompter_data, NULL, NULL,
-				1, &prompt))))) {
-	    krb5int_set_prompt_types(context, 0);
-	    return(ret);
-	}
-	krb5int_set_prompt_types(context, 0);
+        if (prompter == NULL)
+            return(EIO);
+
+        if ((ret = krb5_unparse_name(context, client, &clientstr)))
+            return(ret);
+
+        snprintf(promptstr, sizeof(promptstr), "Password for %s", clientstr);
+        free(clientstr);
+
+        prompt.prompt = promptstr;
+        prompt.hidden = 1;
+        prompt.reply = password;
+        prompt_type = KRB5_PROMPT_TYPE_PASSWORD;
+
+        /* PROMPTER_INVOCATION */
+        krb5int_set_prompt_types(context, &prompt_type);
+        if ((ret = (((*prompter)(context, prompter_data, NULL, NULL,
+                                 1, &prompt))))) {
+            krb5int_set_prompt_types(context, 0);
+            return(ret);
+        }
+        krb5int_set_prompt_types(context, 0);
     }
 
     if ((salt->length == -1 || salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) {
-	if ((ret = krb5_principal2salt(context, client, &defsalt)))
-	    return(ret);
+        if ((ret = krb5_principal2salt(context, client, &defsalt)))
+            return(ret);
 
-	salt = &defsalt;
+        salt = &defsalt;
     } else {
-	defsalt.length = 0;
+        defsalt.length = 0;
     }
 
     ret = krb5_c_string_to_key_with_params(context, etype, password, salt,
-					   params->data?params:NULL, as_key);
+                                           params->data?params:NULL, as_key);
 
     if (defsalt.length)
-	free(defsalt.data);
+        free(defsalt.data);
 
     return(ret);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_password(krb5_context context,
-			     krb5_creds *creds,
-			     krb5_principal client,
-			     char *password,
-			     krb5_prompter_fct prompter,
-			     void *data,
-			     krb5_deltat start_time,
-			     char *in_tkt_service,
-			     krb5_get_init_creds_opt *options)
+                             krb5_creds *creds,
+                             krb5_principal client,
+                             char *password,
+                             krb5_prompter_fct prompter,
+                             void *data,
+                             krb5_deltat start_time,
+                             char *in_tkt_service,
+                             krb5_get_init_creds_opt *options)
 {
-   krb5_error_code ret, ret2;
-   int use_master;
-   krb5_kdc_rep *as_reply;
-   int tries;
-   krb5_creds chpw_creds;
-   krb5_get_init_creds_opt *chpw_opts = NULL;
-   krb5_data pw0, pw1;
-   char banner[1024], pw0array[1024], pw1array[1024];
-   krb5_prompt prompt[2];
-   krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
-   krb5_gic_opt_ext *opte = NULL;
-   krb5_gic_opt_ext *chpw_opte = NULL;
-
-   use_master = 0;
-   as_reply = NULL;
-   memset(&chpw_creds, 0, sizeof(chpw_creds));
-
-   pw0.data = pw0array;
-
-   if (password && password[0]) {
-      if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array)) {
-	  ret = EINVAL;
-	  goto cleanup;
-      }
-      pw0.length = strlen(password);
-   } else {
-      pw0.data[0] = '\0';
-      pw0.length = sizeof(pw0array);
-   }
-
-   pw1.data = pw1array;
-   pw1.data[0] = '\0';
-   pw1.length = sizeof(pw1array);
-
-   ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
-				 "krb5_get_init_creds_password");
-   if (ret)
-      goto cleanup;
-
-   /* first try: get the requested tkt from any kdc */
-
-   ret = krb5_get_init_creds(context, creds, client, prompter, data,
-			     start_time, in_tkt_service, opte,
-			     krb5_get_as_key_password, (void *) &pw0,
-			     &use_master, &as_reply);
-
-   /* check for success */
-
-   if (ret == 0)
-      goto cleanup;
-
-   /* If all the kdc's are unavailable, or if the error was due to a
-      user interrupt, fail */
-
-   if ((ret == KRB5_KDC_UNREACH) ||
-       (ret == KRB5_LIBOS_PWDINTR) ||
-	   (ret == KRB5_REALM_CANT_RESOLVE))
-      goto cleanup;
-
-   /* if the reply did not come from the master kdc, try again with
-      the master kdc */
-
-   if (!use_master) {
-      use_master = 1;
-
-      if (as_reply) {
-	  krb5_free_kdc_rep( context, as_reply);
-	  as_reply = NULL;
-      }
-      ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
-				 start_time, in_tkt_service, opte,
-				 krb5_get_as_key_password, (void *) &pw0,
-				 &use_master, &as_reply);
-      
-      if (ret2 == 0) {
-	 ret = 0;
-	 goto cleanup;
-      }
-
-      /* if the master is unreachable, return the error from the
-	 slave we were able to contact or reset the use_master flag */
-
-       if ((ret2 != KRB5_KDC_UNREACH) &&
-	    (ret2 != KRB5_REALM_CANT_RESOLVE) &&
-	    (ret2 != KRB5_REALM_UNKNOWN))
-	   ret = ret2;
-       else
-	   use_master = 0;
-   }
+    krb5_error_code ret, ret2;
+    int use_master;
+    krb5_kdc_rep *as_reply;
+    int tries;
+    krb5_creds chpw_creds;
+    krb5_get_init_creds_opt *chpw_opts = NULL;
+    krb5_data pw0, pw1;
+    char banner[1024], pw0array[1024], pw1array[1024];
+    krb5_prompt prompt[2];
+    krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
+    krb5_gic_opt_ext *opte = NULL;
+    krb5_gic_opt_ext *chpw_opte = NULL;
+
+    use_master = 0;
+    as_reply = NULL;
+    memset(&chpw_creds, 0, sizeof(chpw_creds));
+
+    pw0.data = pw0array;
+
+    if (password && password[0]) {
+        if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array)) {
+            ret = EINVAL;
+            goto cleanup;
+        }
+        pw0.length = strlen(password);
+    } else {
+        pw0.data[0] = '\0';
+        pw0.length = sizeof(pw0array);
+    }
+
+    pw1.data = pw1array;
+    pw1.data[0] = '\0';
+    pw1.length = sizeof(pw1array);
+
+    ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
+                                  "krb5_get_init_creds_password");
+    if (ret)
+        goto cleanup;
+
+    /* first try: get the requested tkt from any kdc */
+
+    ret = krb5_get_init_creds(context, creds, client, prompter, data,
+                              start_time, in_tkt_service, opte,
+                              krb5_get_as_key_password, (void *) &pw0,
+                              &use_master, &as_reply);
+
+    /* check for success */
+
+    if (ret == 0)
+        goto cleanup;
+
+    /* If all the kdc's are unavailable, or if the error was due to a
+       user interrupt, fail */
+
+    if ((ret == KRB5_KDC_UNREACH) ||
+        (ret == KRB5_LIBOS_PWDINTR) ||
+        (ret == KRB5_REALM_CANT_RESOLVE))
+        goto cleanup;
+
+    /* if the reply did not come from the master kdc, try again with
+       the master kdc */
+
+    if (!use_master) {
+        use_master = 1;
+
+        if (as_reply) {
+            krb5_free_kdc_rep( context, as_reply);
+            as_reply = NULL;
+        }
+        ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
+                                   start_time, in_tkt_service, opte,
+                                   krb5_get_as_key_password, (void *) &pw0,
+                                   &use_master, &as_reply);
+
+        if (ret2 == 0) {
+            ret = 0;
+            goto cleanup;
+        }
+
+        /* if the master is unreachable, return the error from the
+           slave we were able to contact or reset the use_master flag */
+
+        if ((ret2 != KRB5_KDC_UNREACH) &&
+            (ret2 != KRB5_REALM_CANT_RESOLVE) &&
+            (ret2 != KRB5_REALM_UNKNOWN))
+            ret = ret2;
+        else
+            use_master = 0;
+    }
 
 #ifdef USE_KIM
-	if (ret == KRB5KDC_ERR_KEY_EXP)
-		goto cleanup;	/* Login library will deal appropriately with this error */
+    if (ret == KRB5KDC_ERR_KEY_EXP)
+        goto cleanup;   /* Login library will deal appropriately with this error */
 #endif
 
-   /* at this point, we have an error from the master.  if the error
-      is not password expired, or if it is but there's no prompter,
-      return this error */
+    /* at this point, we have an error from the master.  if the error
+       is not password expired, or if it is but there's no prompter,
+       return this error */
 
-   if ((ret != KRB5KDC_ERR_KEY_EXP) ||
-       (prompter == NULL))
-      goto cleanup;
+    if ((ret != KRB5KDC_ERR_KEY_EXP) ||
+        (prompter == NULL))
+        goto cleanup;
 
     /* historically the default has been to prompt for password change.
      * if the change password prompt option has not been set, we continue
@@ -201,253 +202,253 @@ krb5_get_init_creds_password(krb5_context context,
      * and the value has been set to false.
      */
     if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
-	goto cleanup;
+        goto cleanup;
 
     /* ok, we have an expired password.  Give the user a few chances
-      to change it */
-
-   /* use a minimal set of options */
-
-   ret = krb5_get_init_creds_opt_alloc(context, &chpw_opts);
-   if (ret)
-      goto cleanup;
-   krb5_get_init_creds_opt_set_tkt_life(chpw_opts, 5*60);
-   krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0);
-   krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0);
-   krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0);
-   ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0,
-			"krb5_get_init_creds_password (changing password)");
-   if (ret)
-      goto cleanup;
-
-   if ((ret = krb5_get_init_creds(context, &chpw_creds, client,
-				  prompter, data,
-				  start_time, "kadmin/changepw", chpw_opte,
-				  krb5_get_as_key_password, (void *) &pw0,
-				  &use_master, NULL)))
-      goto cleanup;
-
-   prompt[0].prompt = "Enter new password";
-   prompt[0].hidden = 1;
-   prompt[0].reply = &pw0;
-   prompt_types[0] = KRB5_PROMPT_TYPE_NEW_PASSWORD;
-
-   prompt[1].prompt = "Enter it again";
-   prompt[1].hidden = 1;
-   prompt[1].reply = &pw1;
-   prompt_types[1] = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
-
-   strlcpy(banner, "Password expired.  You must change it now.",
-	   sizeof(banner));
-
-   for (tries = 3; tries; tries--) {
-      pw0.length = sizeof(pw0array);
-      pw1.length = sizeof(pw1array);
-
-      /* PROMPTER_INVOCATION */
-      krb5int_set_prompt_types(context, prompt_types);
-      if ((ret = ((*prompter)(context, data, 0, banner,
-			      sizeof(prompt)/sizeof(prompt[0]), prompt))))
-	 goto cleanup;
-      krb5int_set_prompt_types(context, 0);
-
-
-      if (strcmp(pw0.data, pw1.data) != 0) {
-	 ret = KRB5_LIBOS_BADPWDMATCH;
-	 snprintf(banner, sizeof(banner),
-		  "%s.  Please try again.", error_message(ret));
-      } else if (pw0.length == 0) {
-	 ret = KRB5_CHPW_PWDNULL;
-	 snprintf(banner, sizeof(banner),
-		  "%s.  Please try again.", error_message(ret));
-      } else {
-	 int result_code;
-	 krb5_data code_string;
-	 krb5_data result_string;
-
-	 if ((ret = krb5_change_password(context, &chpw_creds, pw0array,
-					 &result_code, &code_string,
-					 &result_string)))
-	    goto cleanup;
-
-	 /* the change succeeded.  go on */
-
-	 if (result_code == 0) {
-	    free(result_string.data);
-	    break;
-	 }
-
-	 /* set this in case the retry loop falls through */
-
-	 ret = KRB5_CHPW_FAIL;
-
-	 if (result_code != KRB5_KPASSWD_SOFTERROR) {
-	    free(result_string.data);
-	    goto cleanup;
-	 }
-
-	 /* the error was soft, so try again */
-
-	 /* 100 is I happen to know that no code_string will be longer
-	    than 100 chars */
-
-	 if (result_string.length > (sizeof(banner)-100))
-	    result_string.length = sizeof(banner)-100;
-
-	 snprintf(banner, sizeof(banner), "%.*s%s%.*s.  Please try again.\n",
-		  (int) code_string.length, code_string.data,
-		  result_string.length ? ": " : "",
-		  (int) result_string.length,
-		  result_string.data ? result_string.data : "");
-
-	 free(code_string.data);
-	 free(result_string.data);
-      }
-   }
-
-   if (ret)
-      goto cleanup;
-
-   /* the password change was successful.  Get an initial ticket
-      from the master.  this is the last try.  the return from this
-      is final.  */
-
-   ret = krb5_get_init_creds(context, creds, client, prompter, data,
-			     start_time, in_tkt_service, opte,
-			     krb5_get_as_key_password, (void *) &pw0,
-			     &use_master, &as_reply);
+       to change it */
+
+    /* use a minimal set of options */
+
+    ret = krb5_get_init_creds_opt_alloc(context, &chpw_opts);
+    if (ret)
+        goto cleanup;
+    krb5_get_init_creds_opt_set_tkt_life(chpw_opts, 5*60);
+    krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0);
+    krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0);
+    krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0);
+    ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0,
+                                  "krb5_get_init_creds_password (changing password)");
+    if (ret)
+        goto cleanup;
+
+    if ((ret = krb5_get_init_creds(context, &chpw_creds, client,
+                                   prompter, data,
+                                   start_time, "kadmin/changepw", chpw_opte,
+                                   krb5_get_as_key_password, (void *) &pw0,
+                                   &use_master, NULL)))
+        goto cleanup;
+
+    prompt[0].prompt = "Enter new password";
+    prompt[0].hidden = 1;
+    prompt[0].reply = &pw0;
+    prompt_types[0] = KRB5_PROMPT_TYPE_NEW_PASSWORD;
+
+    prompt[1].prompt = "Enter it again";
+    prompt[1].hidden = 1;
+    prompt[1].reply = &pw1;
+    prompt_types[1] = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN;
+
+    strlcpy(banner, "Password expired.  You must change it now.",
+            sizeof(banner));
+
+    for (tries = 3; tries; tries--) {
+        pw0.length = sizeof(pw0array);
+        pw1.length = sizeof(pw1array);
+
+        /* PROMPTER_INVOCATION */
+        krb5int_set_prompt_types(context, prompt_types);
+        if ((ret = ((*prompter)(context, data, 0, banner,
+                                sizeof(prompt)/sizeof(prompt[0]), prompt))))
+            goto cleanup;
+        krb5int_set_prompt_types(context, 0);
+
+
+        if (strcmp(pw0.data, pw1.data) != 0) {
+            ret = KRB5_LIBOS_BADPWDMATCH;
+            snprintf(banner, sizeof(banner),
+                     "%s.  Please try again.", error_message(ret));
+        } else if (pw0.length == 0) {
+            ret = KRB5_CHPW_PWDNULL;
+            snprintf(banner, sizeof(banner),
+                     "%s.  Please try again.", error_message(ret));
+        } else {
+            int result_code;
+            krb5_data code_string;
+            krb5_data result_string;
+
+            if ((ret = krb5_change_password(context, &chpw_creds, pw0array,
+                                            &result_code, &code_string,
+                                            &result_string)))
+                goto cleanup;
+
+            /* the change succeeded.  go on */
+
+            if (result_code == 0) {
+                free(result_string.data);
+                break;
+            }
+
+            /* set this in case the retry loop falls through */
+
+            ret = KRB5_CHPW_FAIL;
+
+            if (result_code != KRB5_KPASSWD_SOFTERROR) {
+                free(result_string.data);
+                goto cleanup;
+            }
+
+            /* the error was soft, so try again */
+
+            /* 100 is I happen to know that no code_string will be longer
+               than 100 chars */
+
+            if (result_string.length > (sizeof(banner)-100))
+                result_string.length = sizeof(banner)-100;
+
+            snprintf(banner, sizeof(banner), "%.*s%s%.*s.  Please try again.\n",
+                     (int) code_string.length, code_string.data,
+                     result_string.length ? ": " : "",
+                     (int) result_string.length,
+                     result_string.data ? result_string.data : "");
+
+            free(code_string.data);
+            free(result_string.data);
+        }
+    }
+
+    if (ret)
+        goto cleanup;
+
+    /* the password change was successful.  Get an initial ticket
+       from the master.  this is the last try.  the return from this
+       is final.  */
+
+    ret = krb5_get_init_creds(context, creds, client, prompter, data,
+                              start_time, in_tkt_service, opte,
+                              krb5_get_as_key_password, (void *) &pw0,
+                              &use_master, &as_reply);
 
 cleanup:
-   krb5int_set_prompt_types(context, 0);
-   /* if getting the password was successful, then check to see if the
-      password is about to expire, and warn if so */
-
-   if (ret == 0) {
-      krb5_timestamp now;
-      krb5_last_req_entry **last_req;
-      int hours;
-
-      /* XXX 7 days should be configurable.  This is all pretty ad hoc,
-	 and could probably be improved if I was willing to screw around
-	 with timezones, etc. */
-
-      if (prompter &&
-	  (!in_tkt_service ||
-	   (strcmp(in_tkt_service, "kadmin/changepw") != 0)) &&
-	  ((ret = krb5_timeofday(context, &now)) == 0) &&
-	  as_reply->enc_part2->key_exp &&
-	  ((hours = ((as_reply->enc_part2->key_exp-now)/(60*60))) <= 7*24) &&
-	  (hours >= 0)) {
-	 if (hours < 1)
-	     snprintf(banner, sizeof(banner),
-		      "Warning: Your password will expire in less than one hour.");
-	 else if (hours <= 48)
-	     snprintf(banner, sizeof(banner),
-		      "Warning: Your password will expire in %d hour%s.",
-		      hours, (hours == 1)?"":"s");
-	 else
-	     snprintf(banner, sizeof(banner),
-		      "Warning: Your password will expire in %d days.",
-		      hours/24);
-
-	 /* ignore an error here */
-         /* PROMPTER_INVOCATION */
-	 (*prompter)(context, data, 0, banner, 0, 0);
-      } else if (prompter &&
-		 (!in_tkt_service ||
-		  (strcmp(in_tkt_service, "kadmin/changepw") != 0)) &&
-		 as_reply->enc_part2 && as_reply->enc_part2->last_req) {
-	 /*
-	  * Check the last_req fields
-	  */
-
-	 for (last_req = as_reply->enc_part2->last_req; *last_req; last_req++)
-	    if ((*last_req)->lr_type == KRB5_LRQ_ALL_PW_EXPTIME ||
-		(*last_req)->lr_type == KRB5_LRQ_ONE_PW_EXPTIME) {
-	       krb5_deltat delta;
-	       char ts[256];
-
-	       if ((ret = krb5_timeofday(context, &now)))
-		  break;
-
-	       if ((ret = krb5_timestamp_to_string((*last_req)->value,
-						   ts, sizeof(ts))))
-		  break;
-
-	       delta = (*last_req)->value - now;
-	       if (delta < 3600)
-		   snprintf(banner, sizeof(banner),
-			    "Warning: Your password will expire in less than one hour on %s",
-			    ts);
-	       else if (delta < 86400*2)
-		   snprintf(banner, sizeof(banner),
-			    "Warning: Your password will expire in %d hour%s on %s",
-			    delta / 3600, delta < 7200 ? "" : "s", ts);
-	       else
-		   snprintf(banner, sizeof(banner),
-			    "Warning: Your password will expire in %d days on %s",
-			    delta / 86400, ts);
-	       /* ignore an error here */
-	       /* PROMPTER_INVOCATION */
-	       (*prompter)(context, data, 0, banner, 0, 0);
-	    }
-      }
-   }
-
-   if (chpw_opts)
-      krb5_get_init_creds_opt_free(context, chpw_opts);
-   if (opte && krb5_gic_opt_is_shadowed(opte))
-      krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
-   memset(pw0array, 0, sizeof(pw0array));
-   memset(pw1array, 0, sizeof(pw1array));
-   krb5_free_cred_contents(context, &chpw_creds);
-   if (as_reply)
-      krb5_free_kdc_rep(context, as_reply);
-
-   return(ret);
+    krb5int_set_prompt_types(context, 0);
+    /* if getting the password was successful, then check to see if the
+       password is about to expire, and warn if so */
+
+    if (ret == 0) {
+        krb5_timestamp now;
+        krb5_last_req_entry **last_req;
+        int hours;
+
+        /* XXX 7 days should be configurable.  This is all pretty ad hoc,
+           and could probably be improved if I was willing to screw around
+           with timezones, etc. */
+
+        if (prompter &&
+            (!in_tkt_service ||
+             (strcmp(in_tkt_service, "kadmin/changepw") != 0)) &&
+            ((ret = krb5_timeofday(context, &now)) == 0) &&
+            as_reply->enc_part2->key_exp &&
+            ((hours = ((as_reply->enc_part2->key_exp-now)/(60*60))) <= 7*24) &&
+            (hours >= 0)) {
+            if (hours < 1)
+                snprintf(banner, sizeof(banner),
+                         "Warning: Your password will expire in less than one hour.");
+            else if (hours <= 48)
+                snprintf(banner, sizeof(banner),
+                         "Warning: Your password will expire in %d hour%s.",
+                         hours, (hours == 1)?"":"s");
+            else
+                snprintf(banner, sizeof(banner),
+                         "Warning: Your password will expire in %d days.",
+                         hours/24);
+
+            /* ignore an error here */
+            /* PROMPTER_INVOCATION */
+            (*prompter)(context, data, 0, banner, 0, 0);
+        } else if (prompter &&
+                   (!in_tkt_service ||
+                    (strcmp(in_tkt_service, "kadmin/changepw") != 0)) &&
+                   as_reply->enc_part2 && as_reply->enc_part2->last_req) {
+            /*
+             * Check the last_req fields
+             */
+
+            for (last_req = as_reply->enc_part2->last_req; *last_req; last_req++)
+                if ((*last_req)->lr_type == KRB5_LRQ_ALL_PW_EXPTIME ||
+                    (*last_req)->lr_type == KRB5_LRQ_ONE_PW_EXPTIME) {
+                    krb5_deltat delta;
+                    char ts[256];
+
+                    if ((ret = krb5_timeofday(context, &now)))
+                        break;
+
+                    if ((ret = krb5_timestamp_to_string((*last_req)->value,
+                                                        ts, sizeof(ts))))
+                        break;
+
+                    delta = (*last_req)->value - now;
+                    if (delta < 3600)
+                        snprintf(banner, sizeof(banner),
+                                 "Warning: Your password will expire in less than one hour on %s",
+                                 ts);
+                    else if (delta < 86400*2)
+                        snprintf(banner, sizeof(banner),
+                                 "Warning: Your password will expire in %d hour%s on %s",
+                                 delta / 3600, delta < 7200 ? "" : "s", ts);
+                    else
+                        snprintf(banner, sizeof(banner),
+                                 "Warning: Your password will expire in %d days on %s",
+                                 delta / 86400, ts);
+                    /* ignore an error here */
+                    /* PROMPTER_INVOCATION */
+                    (*prompter)(context, data, 0, banner, 0, 0);
+                }
+        }
+    }
+
+    if (chpw_opts)
+        krb5_get_init_creds_opt_free(context, chpw_opts);
+    if (opte && krb5_gic_opt_is_shadowed(opte))
+        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+    memset(pw0array, 0, sizeof(pw0array));
+    memset(pw1array, 0, sizeof(pw1array));
+    krb5_free_cred_contents(context, &chpw_creds);
+    if (as_reply)
+        krb5_free_kdc_rep(context, as_reply);
+
+    return(ret);
 }
 krb5_error_code krb5int_populate_gic_opt (
     krb5_context context, krb5_gic_opt_ext **opte,
     krb5_flags options, krb5_address * const *addrs, krb5_enctype *ktypes,
     krb5_preauthtype *pre_auth_types, krb5_creds *creds)
 {
-  int i;
-  krb5_int32 starttime;
-  krb5_get_init_creds_opt *opt;
-  krb5_error_code retval;
+    int i;
+    krb5_int32 starttime;
+    krb5_get_init_creds_opt *opt;
+    krb5_error_code retval;
 
     *opte = NULL;
     retval = krb5_get_init_creds_opt_alloc(context, &opt);
     if (retval)
-	return(retval);
+        return(retval);
 
     if (addrs)
-      krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
+        krb5_get_init_creds_opt_set_address_list(opt, (krb5_address **) addrs);
     if (ktypes) {
-	for (i=0; ktypes[i]; i++);
-	if (i)
-	    krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
+        for (i=0; ktypes[i]; i++);
+        if (i)
+            krb5_get_init_creds_opt_set_etype_list(opt, ktypes, i);
     }
     if (pre_auth_types) {
-	for (i=0; pre_auth_types[i]; i++);
-	if (i)
-	    krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
+        for (i=0; pre_auth_types[i]; i++);
+        if (i)
+            krb5_get_init_creds_opt_set_preauth_list(opt, pre_auth_types, i);
     }
     if (options&KDC_OPT_FORWARDABLE)
-	krb5_get_init_creds_opt_set_forwardable(opt, 1);
+        krb5_get_init_creds_opt_set_forwardable(opt, 1);
     else krb5_get_init_creds_opt_set_forwardable(opt, 0);
     if (options&KDC_OPT_PROXIABLE)
-	krb5_get_init_creds_opt_set_proxiable(opt, 1);
+        krb5_get_init_creds_opt_set_proxiable(opt, 1);
     else krb5_get_init_creds_opt_set_proxiable(opt, 0);
     if (creds && creds->times.endtime) {
-	retval = krb5_timeofday(context, &starttime);
-	if (retval)
-	    goto cleanup;
+        retval = krb5_timeofday(context, &starttime);
+        if (retval)
+            goto cleanup;
         if (creds->times.starttime) starttime = creds->times.starttime;
         krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
     }
     return krb5int_gic_opt_to_opte(context, opt, opte, 0,
-				   "krb5int_populate_gic_opt");
+                                   "krb5int_populate_gic_opt");
 cleanup:
     krb5_get_init_creds_opt_free(context, opt);
     return retval;
@@ -455,30 +456,30 @@ cleanup:
 
 /*
   Rewrites get_in_tkt in terms of newer get_init_creds API.
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime,
- creds->times.renew_till as from, till, and rtime.  
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
+  Attempts to get an initial ticket for creds->client to use server
+  creds->server, (realm is taken from creds->client), with options
+  options, and using creds->times.starttime, creds->times.endtime,
+  creds->times.renew_till as from, till, and rtime.
+  creds->times.renew_till is ignored unless the RENEWABLE option is requested.
 
- If addrs is non-NULL, it is used for the addresses requested.  If it is
- null, the system standard addresses are used.
+  If addrs is non-NULL, it is used for the addresses requested.  If it is
+  null, the system standard addresses are used.
 
- If password is non-NULL, it is converted using the cryptosystem entry
- point for a string conversion routine, seeded with the client's name.
- If password is passed as NULL, the password is read from the terminal,
- and then converted into a key.
+  If password is non-NULL, it is converted using the cryptosystem entry
+  point for a string conversion routine, seeded with the client's name.
+  If password is passed as NULL, the password is read from the terminal,
+  and then converted into a key.
 
- A succesful call will place the ticket in the credentials cache ccache.
+  A succesful call will place the ticket in the credentials cache ccache.
 
- returns system errors, encryption errors
- */
+  returns system errors, encryption errors
+*/
 krb5_error_code KRB5_CALLCONV
 krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
-			      krb5_address *const *addrs, krb5_enctype *ktypes,
-			      krb5_preauthtype *pre_auth_types,
-			      const char *password, krb5_ccache ccache,
-			      krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+                              krb5_address *const *addrs, krb5_enctype *ktypes,
+                              krb5_preauthtype *pre_auth_types,
+                              const char *password, krb5_ccache ccache,
+                              krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
 {
     krb5_error_code retval;
     krb5_data pw0;
@@ -490,44 +491,43 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
 
     pw0.data = pw0array;
     if (password && password[0]) {
-	if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array))
-	    return EINVAL;
-	pw0.length = strlen(password);
+        if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array))
+            return EINVAL;
+        pw0.length = strlen(password);
     } else {
-	pw0.data[0] = '\0';
-	pw0.length = sizeof(pw0array);
+        pw0.data[0] = '\0';
+        pw0.length = sizeof(pw0array);
     }
     retval = krb5int_populate_gic_opt(context, &opte,
-				      options, addrs, ktypes,
-				      pre_auth_types, creds);
+                                      options, addrs, ktypes,
+                                      pre_auth_types, creds);
     if (retval)
-      return (retval);
+        return (retval);
     retval = krb5_unparse_name( context, creds->server, &server);
     if (retval) {
-      krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
-      return (retval);
+        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+        return (retval);
     }
     server_princ = creds->server;
     client_princ = creds->client;
-        retval = krb5_get_init_creds (context,
-					   creds, creds->client,  
-					   krb5_prompter_posix,  NULL,
-					   0, server, opte,
-				      krb5_get_as_key_password, &pw0,
-				      &use_master, ret_as_reply);
-	  krb5_free_unparsed_name( context, server);
-	  krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
-	if (retval) {
-	  return (retval);
-	}
-	krb5_free_principal( context, creds->server);
-	krb5_free_principal( context, creds->client);
-	creds->client = client_princ;
-	creds->server = server_princ;
-	/* store it in the ccache! */
-	if (ccache)
-	  if ((retval = krb5_cc_store_cred(context, ccache, creds)))
-	    return (retval);
-	return retval;
-  }
-
+    retval = krb5_get_init_creds (context,
+                                  creds, creds->client,
+                                  krb5_prompter_posix,  NULL,
+                                  0, server, opte,
+                                  krb5_get_as_key_password, &pw0,
+                                  &use_master, ret_as_reply);
+    krb5_free_unparsed_name( context, server);
+    krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+    if (retval) {
+        return (retval);
+    }
+    krb5_free_principal( context, creds->server);
+    krb5_free_principal( context, creds->client);
+    creds->client = client_princ;
+    creds->server = server_princ;
+    /* store it in the ccache! */
+    if (ccache)
+        if ((retval = krb5_cc_store_cred(context, ccache, creds)))
+            return (retval);
+    return retval;
+}
diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c
index d98411fd7..01c8905f8 100644
--- a/src/lib/krb5/krb/in_tkt_sky.c
+++ b/src/lib/krb5/krb/in_tkt_sky.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/in_tkt_sky.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,17 +23,17 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_get_in_tkt_with_skey()
- *	
+ *
  */
 
 #include "k5-int.h"
 
 struct skey_keyproc_arg {
     const krb5_keyblock *key;
-    krb5_principal client;		/* it's a pointer, really! */
+    krb5_principal client;              /* it's a pointer, really! */
 };
 
 /*
@@ -42,7 +43,7 @@ struct skey_keyproc_arg {
  */
 static krb5_error_code
 skey_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt,
-	     krb5_const_pointer keyseed, krb5_keyblock **key)
+             krb5_const_pointer keyseed, krb5_keyblock **key)
 {
     krb5_keyblock *realkey;
     krb5_error_code retval;
@@ -51,57 +52,57 @@ skey_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt,
     keyblock = (const krb5_keyblock *)keyseed;
 
     if (!krb5_c_valid_enctype(type))
-	return KRB5_PROG_ETYPE_NOSUPP;
+        return KRB5_PROG_ETYPE_NOSUPP;
 
     if ((retval = krb5_copy_keyblock(context, keyblock, &realkey)))
-	return retval;
-	
+        return retval;
+
     if (realkey->enctype != type) {
-	krb5_free_keyblock(context, realkey);
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }	
+        krb5_free_keyblock(context, realkey);
+        return KRB5_PROG_ETYPE_NOSUPP;
+    }
 
     *key = realkey;
     return 0;
 }
 
 /*
- Similar to krb5_get_in_tkt_with_password.
+  Similar to krb5_get_in_tkt_with_password.
 
- Attempts to get an initial ticket for creds->client to use server
- creds->server, (realm is taken from creds->client), with options
- options, and using creds->times.starttime, creds->times.endtime,
- creds->times.renew_till as from, till, and rtime.  
- creds->times.renew_till is ignored unless the RENEWABLE option is requested.
+  Attempts to get an initial ticket for creds->client to use server
+  creds->server, (realm is taken from creds->client), with options
+  options, and using creds->times.starttime, creds->times.endtime,
+  creds->times.renew_till as from, till, and rtime.
+  creds->times.renew_till is ignored unless the RENEWABLE option is requested.
 
- If addrs is non-NULL, it is used for the addresses requested.  If it is
- null, the system standard addresses are used.
+  If addrs is non-NULL, it is used for the addresses requested.  If it is
+  null, the system standard addresses are used.
 
- If keyblock is NULL, an appropriate key for creds->client is retrieved
- from the system key store (e.g. /etc/srvtab).  If keyblock is non-NULL,
- it is used as the decryption key.
+  If keyblock is NULL, an appropriate key for creds->client is retrieved
+  from the system key store (e.g. /etc/srvtab).  If keyblock is non-NULL,
+  it is used as the decryption key.
 
- A succesful call will place the ticket in the credentials cache ccache.
+  A succesful call will place the ticket in the credentials cache ccache.
 
- returns system errors, encryption errors
+  returns system errors, encryption errors
 
- */
+*/
 krb5_error_code KRB5_CALLCONV
 krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options,
-			  krb5_address *const *addrs, krb5_enctype *ktypes,
-			  krb5_preauthtype *pre_auth_types,
-			  const krb5_keyblock *key, krb5_ccache ccache,
-			  krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
+                          krb5_address *const *addrs, krb5_enctype *ktypes,
+                          krb5_preauthtype *pre_auth_types,
+                          const krb5_keyblock *key, krb5_ccache ccache,
+                          krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
 {
-    if (key) 
-    	return krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types, 
-			       skey_keyproc, (krb5_const_pointer)key,
-			       krb5_kdc_rep_decrypt_proc, 0, creds,
-			       ccache, ret_as_reply);
-#ifndef LEAN_CLIENT 
-    else 
-	return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes,
-					   pre_auth_types, NULL, ccache,
-					   creds, ret_as_reply);
+    if (key)
+        return krb5_get_in_tkt(context, options, addrs, ktypes, pre_auth_types,
+                               skey_keyproc, (krb5_const_pointer)key,
+                               krb5_kdc_rep_decrypt_proc, 0, creds,
+                               ccache, ret_as_reply);
+#ifndef LEAN_CLIENT
+    else
+        return krb5_get_in_tkt_with_keytab(context, options, addrs, ktypes,
+                                           pre_auth_types, NULL, ccache,
+                                           creds, ret_as_reply);
 #endif /* LEAN_CLIENT */
 }
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index ea78e0da7..8667897b9 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/init_ctx.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -28,14 +29,14 @@
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -46,7 +47,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -86,16 +87,16 @@ krb5_error_code KRB5_CALLCONV
 krb5_init_context(krb5_context *context)
 {
 
-	return init_common (context, FALSE, FALSE);
+    return init_common (context, FALSE, FALSE);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_init_secure_context(krb5_context *context)
 {
 
-        /* This is to make gcc -Wall happy */
-        if(0) krb5_brand[0] = krb5_brand[0];
-	return init_common (context, TRUE, FALSE);
+    /* This is to make gcc -Wall happy */
+    if(0) krb5_brand[0] = krb5_brand[0];
+    return init_common (context, TRUE, FALSE);
 }
 
 krb5_error_code
@@ -107,179 +108,179 @@ krb5int_init_context_kdc(krb5_context *context)
 static krb5_error_code
 init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc)
 {
-	krb5_context ctx = 0;
-	krb5_error_code retval;
-	struct {
-	    krb5_int32 now, now_usec;
-	    long pid;
-	} seed_data;
-	krb5_data seed;
-	int tmp;
-
-	/* Verify some assumptions.  If the assumptions hold and the
-	   compiler is optimizing, this should result in no code being
-	   executed.  If we're guessing "unsigned long long" instead
-	   of using uint64_t, the possibility does exist that we're
-	   wrong.  */
-	{
-	    krb5_ui_8 i64;
-	    assert(sizeof(i64) == 8);
-	    i64 = 0, i64--, i64 >>= 62;
-	    assert(i64 == 3);
-	    i64 = 1, i64 <<= 31, i64 <<= 31, i64 <<= 1;
-	    assert(i64 != 0);
-	    i64 <<= 1;
-	    assert(i64 == 0);
-	}
-
-	retval = krb5int_initialize_library();
-	if (retval)
-	    return retval;
+    krb5_context ctx = 0;
+    krb5_error_code retval;
+    struct {
+        krb5_int32 now, now_usec;
+        long pid;
+    } seed_data;
+    krb5_data seed;
+    int tmp;
+
+    /* Verify some assumptions.  If the assumptions hold and the
+       compiler is optimizing, this should result in no code being
+       executed.  If we're guessing "unsigned long long" instead
+       of using uint64_t, the possibility does exist that we're
+       wrong.  */
+    {
+        krb5_ui_8 i64;
+        assert(sizeof(i64) == 8);
+        i64 = 0, i64--, i64 >>= 62;
+        assert(i64 == 3);
+        i64 = 1, i64 <<= 31, i64 <<= 31, i64 <<= 1;
+        assert(i64 != 0);
+        i64 <<= 1;
+        assert(i64 == 0);
+    }
+
+    retval = krb5int_initialize_library();
+    if (retval)
+        return retval;
 
 #if (defined(_WIN32))
-	/* 
-	 * Load the krbcc32.dll if necessary.  We do this here so that
-	 * we know to use API: later on during initialization.
-	 * The context being NULL is ok.
-	 */
-	krb5_win_ccdll_load(ctx);
-
-	/*
-	 * krb5_vercheck() is defined in win_glue.c, and this is
-	 * where we handle the timebomb and version server checks.
-	 */
-	retval = krb5_vercheck();
-	if (retval)
-		return retval;
+    /*
+     * Load the krbcc32.dll if necessary.  We do this here so that
+     * we know to use API: later on during initialization.
+     * The context being NULL is ok.
+     */
+    krb5_win_ccdll_load(ctx);
+
+    /*
+     * krb5_vercheck() is defined in win_glue.c, and this is
+     * where we handle the timebomb and version server checks.
+     */
+    retval = krb5_vercheck();
+    if (retval)
+        return retval;
 #endif
 
-	*context = 0;
+    *context = 0;
 
-	ctx = calloc(1, sizeof(struct _krb5_context));
-	if (!ctx)
-		return ENOMEM;
-	ctx->magic = KV5M_CONTEXT;
+    ctx = calloc(1, sizeof(struct _krb5_context));
+    if (!ctx)
+        return ENOMEM;
+    ctx->magic = KV5M_CONTEXT;
 
-	ctx->profile_secure = secure;
+    ctx->profile_secure = secure;
 
-	/* Set the default encryption types, possible defined in krb5/conf */
-	if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL)))
-		goto cleanup;
+    /* Set the default encryption types, possible defined in krb5/conf */
+    if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL)))
+        goto cleanup;
 
-	if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
-		goto cleanup;
+    if ((retval = krb5_set_default_tgs_ktypes(ctx, NULL)))
+        goto cleanup;
 
-	if ((retval = krb5_os_init_context(ctx, kdc)))
-		goto cleanup;
+    if ((retval = krb5_os_init_context(ctx, kdc)))
+        goto cleanup;
 
-	retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
-				     KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp);
-	if (retval)
-		goto cleanup;
-	ctx->allow_weak_crypto = tmp;
+    retval = profile_get_boolean(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                                 KRB5_CONF_ALLOW_WEAK_CRYPTO, NULL, 1, &tmp);
+    if (retval)
+        goto cleanup;
+    ctx->allow_weak_crypto = tmp;
 
-	/* initialize the prng (not well, but passable) */
-	if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0)
-	  goto cleanup;
-	if ((retval = krb5_crypto_us_timeofday(&seed_data.now, &seed_data.now_usec)))
-		goto cleanup;
-	seed_data.pid = getpid ();
-	seed.length = sizeof(seed_data);
-	seed.data = (char *) &seed_data;
-	if ((retval = krb5_c_random_add_entropy(ctx, KRB5_C_RANDSOURCE_TIMING, &seed)))
-		goto cleanup;
+    /* initialize the prng (not well, but passable) */
+    if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0)
+        goto cleanup;
+    if ((retval = krb5_crypto_us_timeofday(&seed_data.now, &seed_data.now_usec)))
+        goto cleanup;
+    seed_data.pid = getpid ();
+    seed.length = sizeof(seed_data);
+    seed.data = (char *) &seed_data;
+    if ((retval = krb5_c_random_add_entropy(ctx, KRB5_C_RANDSOURCE_TIMING, &seed)))
+        goto cleanup;
 
-	ctx->default_realm = 0;
-	profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CLOCKSKEW,
-			    0, 5 * 60, &tmp);
-	ctx->clockskew = tmp;
+    ctx->default_realm = 0;
+    profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CLOCKSKEW,
+                        0, 5 * 60, &tmp);
+    ctx->clockskew = tmp;
 
 #if 0
-	/* Default ticket lifetime is currently not supported */
-	profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, "tkt_lifetime",
-			    0, 10 * 60 * 60, &tmp);
-	ctx->tkt_lifetime = tmp;
+    /* Default ticket lifetime is currently not supported */
+    profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, "tkt_lifetime",
+                        0, 10 * 60 * 60, &tmp);
+    ctx->tkt_lifetime = tmp;
 #endif
 
-	/* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2)  */
-	/* DCE add kdc_req_checksum_type = 2 to krb5.conf */
-	profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
-			    KRB5_CONF_KDC_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5, 
-			    &tmp);
-	ctx->kdc_req_sumtype = tmp;
-
-	profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
-			    KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, 0,
-			    &tmp);
-	ctx->default_ap_req_sumtype = tmp;
-
-	profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
-			    KRB5_CONF_SAFE_CHECKSUM_TYPE, 0,
-			    CKSUMTYPE_RSA_MD5_DES, &tmp);
-	ctx->default_safe_sumtype = tmp;
-
-	profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
-			    KRB5_CONF_KDC_DEFAULT_OPTIONS, 0,
-			    KDC_OPT_RENEWABLE_OK, &tmp);
-	ctx->kdc_default_options = tmp;
+    /* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2)  */
+    /* DCE add kdc_req_checksum_type = 2 to krb5.conf */
+    profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                        KRB5_CONF_KDC_REQ_CHECKSUM_TYPE, 0, CKSUMTYPE_RSA_MD5,
+                        &tmp);
+    ctx->kdc_req_sumtype = tmp;
+
+    profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                        KRB5_CONF_AP_REQ_CHECKSUM_TYPE, 0, 0,
+                        &tmp);
+    ctx->default_ap_req_sumtype = tmp;
+
+    profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                        KRB5_CONF_SAFE_CHECKSUM_TYPE, 0,
+                        CKSUMTYPE_RSA_MD5_DES, &tmp);
+    ctx->default_safe_sumtype = tmp;
+
+    profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                        KRB5_CONF_KDC_DEFAULT_OPTIONS, 0,
+                        KDC_OPT_RENEWABLE_OK, &tmp);
+    ctx->kdc_default_options = tmp;
 #define DEFAULT_KDC_TIMESYNC 1
-	profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
-			    KRB5_CONF_KDC_TIMESYNC, 0, DEFAULT_KDC_TIMESYNC,
-			    &tmp);
-	ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
-
-	/*
-	 * We use a default file credentials cache of 3.  See
-	 * lib/krb5/krb/ccache/file/fcc.h for a description of the
-	 * credentials cache types.
-	 *
-	 * Note: DCE 1.0.3a only supports a cache type of 1
-	 * 	DCE 1.1 supports a cache type of 2.
-	 */
+    profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS,
+                        KRB5_CONF_KDC_TIMESYNC, 0, DEFAULT_KDC_TIMESYNC,
+                        &tmp);
+    ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
+
+    /*
+     * We use a default file credentials cache of 3.  See
+     * lib/krb5/krb/ccache/file/fcc.h for a description of the
+     * credentials cache types.
+     *
+     * Note: DCE 1.0.3a only supports a cache type of 1
+     *      DCE 1.1 supports a cache type of 2.
+     */
 #define DEFAULT_CCACHE_TYPE 4
-	profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CCACHE_TYPE,
-			    0, DEFAULT_CCACHE_TYPE, &tmp);
-	ctx->fcc_default_format = tmp + 0x0500;
-	ctx->prompt_types = 0;
-	ctx->use_conf_ktypes = 0;
-
-	ctx->udp_pref_limit = -1;
-	*context = ctx;
-	return 0;
+    profile_get_integer(ctx->profile, KRB5_CONF_LIBDEFAULTS, KRB5_CONF_CCACHE_TYPE,
+                        0, DEFAULT_CCACHE_TYPE, &tmp);
+    ctx->fcc_default_format = tmp + 0x0500;
+    ctx->prompt_types = 0;
+    ctx->use_conf_ktypes = 0;
+
+    ctx->udp_pref_limit = -1;
+    *context = ctx;
+    return 0;
 
 cleanup:
-	krb5_free_context(ctx);
-	return retval;
+    krb5_free_context(ctx);
+    return retval;
 }
 
 void KRB5_CALLCONV
 krb5_free_context(krb5_context ctx)
 {
-     if (ctx == NULL)
-	 return;
-     krb5_os_free_context(ctx);
-
-     free(ctx->in_tkt_etypes);
-     ctx->in_tkt_etypes = NULL;
-     free(ctx->tgs_etypes);
-     ctx->tgs_etypes = NULL;
-     free(ctx->default_realm);
-     ctx->default_realm = 0;
-     if (ctx->ser_ctx_count && ctx->ser_ctx) {
-	  free(ctx->ser_ctx);
-	  ctx->ser_ctx = 0;
-     }
-
-     krb5_clear_error_message(ctx);
-
-     ctx->magic = 0;
-     free(ctx);
+    if (ctx == NULL)
+        return;
+    krb5_os_free_context(ctx);
+
+    free(ctx->in_tkt_etypes);
+    ctx->in_tkt_etypes = NULL;
+    free(ctx->tgs_etypes);
+    ctx->tgs_etypes = NULL;
+    free(ctx->default_realm);
+    ctx->default_realm = 0;
+    if (ctx->ser_ctx_count && ctx->ser_ctx) {
+        free(ctx->ser_ctx);
+        ctx->ser_ctx = 0;
+    }
+
+    krb5_clear_error_message(ctx);
+
+    ctx->magic = 0;
+    free(ctx);
 }
 
 /* Copy the zero-terminated enctype list old_list into *new_list. */
 static krb5_error_code
 copy_enctypes(krb5_context context, const krb5_enctype *old_list,
-	      krb5_enctype **new_list)
+              krb5_enctype **new_list)
 {
     unsigned int count;
     krb5_enctype *list;
@@ -288,7 +289,7 @@ copy_enctypes(krb5_context context, const krb5_enctype *old_list,
     for (count = 0; old_list[count]; count++);
     list = malloc(sizeof(krb5_enctype) * (count + 1));
     if (list == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memcpy(list, old_list, sizeof(krb5_enctype) * (count + 1));
     *new_list = list;
     return 0;
@@ -299,25 +300,25 @@ copy_enctypes(krb5_context context, const krb5_enctype *old_list,
  */
 static krb5_error_code
 set_default_etype_var(krb5_context context, const krb5_enctype *etypes,
-		      krb5_enctype **var)
+                      krb5_enctype **var)
 {
     krb5_error_code code;
     krb5_enctype *list;
     int i;
 
     if (etypes) {
-	for (i = 0; etypes[i]; i++) {
-	    if (!krb5_c_valid_enctype(etypes[i]))
-		return KRB5_PROG_ETYPE_NOSUPP;
-	    if (!context->allow_weak_crypto && krb5int_c_weak_enctype(etypes[i]))
-		return KRB5_PROG_ETYPE_NOSUPP;
-	}
-
-	code = copy_enctypes(context, etypes, &list);
-	if (code)
-	    return code;
+        for (i = 0; etypes[i]; i++) {
+            if (!krb5_c_valid_enctype(etypes[i]))
+                return KRB5_PROG_ETYPE_NOSUPP;
+            if (!context->allow_weak_crypto && krb5int_c_weak_enctype(etypes[i]))
+                return KRB5_PROG_ETYPE_NOSUPP;
+        }
+
+        code = copy_enctypes(context, etypes, &list);
+        if (code)
+            return code;
     } else {
-	list = NULL;
+        list = NULL;
     }
 
     free(*var);
@@ -327,7 +328,7 @@ set_default_etype_var(krb5_context context, const krb5_enctype *etypes,
 
 krb5_error_code
 krb5_set_default_in_tkt_ktypes(krb5_context context,
-			       const krb5_enctype *etypes)
+                               const krb5_enctype *etypes)
 {
     return set_default_etype_var(context, etypes, &context->in_tkt_etypes);
 }
@@ -352,26 +353,26 @@ krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes)
  */
 static void
 mod_list(krb5_enctype etype, krb5_boolean add, krb5_boolean allow_weak,
-	 krb5_enctype *list, unsigned int *count)
+         krb5_enctype *list, unsigned int *count)
 {
     unsigned int i;
 
     assert(etype > 0 && etype <= MAX_ENCTYPE);
     if (!allow_weak && krb5int_c_weak_enctype(etype))
-	return;
+        return;
     for (i = 0; i < *count; i++) {
-	if (list[i] == etype) {
-	    if (!add) {
-		for (; i < *count - 1; i++)
-		    list[i] = list[i + 1];
-		(*count)--;
-	    }
-	    return;
-	}
+        if (list[i] == etype) {
+            if (!add) {
+                for (; i < *count - 1; i++)
+                    list[i] = list[i + 1];
+                (*count)--;
+            }
+            return;
+        }
     }
     if (add) {
-	assert(*count < MAX_ENCTYPE);
-	list[(*count)++] = etype;
+        assert(*count < MAX_ENCTYPE);
+        list[(*count)++] = etype;
     }
 }
 
@@ -381,7 +382,7 @@ mod_list(krb5_enctype etype, krb5_boolean add, krb5_boolean allow_weak,
  */
 krb5_error_code
 krb5int_parse_enctype_list(krb5_context context, char *profstr,
-			   krb5_enctype *default_list, krb5_enctype **result)
+                           krb5_enctype *default_list, krb5_enctype **result)
 {
     char *token, *delim = " \t\r\n,", *save = NULL;
     krb5_boolean sel, weak = context->allow_weak_crypto;
@@ -392,31 +393,31 @@ krb5int_parse_enctype_list(krb5_context context, char *profstr,
 
     /* Walk through the words in profstr. */
     for (token = strtok_r(profstr, delim, &save); token;
-	 token = strtok_r(NULL, delim, &save)) {
-	/* Determine if we are adding or removing enctypes. */
-	sel = TRUE;
-	if (*token == '+' || *token == '-')
-	    sel = (*token++ == '+');
-
-	if (strcasecmp(token, "DEFAULT") == 0) {
-	    /* Set all enctypes in the default list. */
-	    for (i = 0; default_list[i]; i++)
-		mod_list(default_list[i], sel, weak, list, &count);
-	} else if (strcasecmp(token, "des") == 0) {
-	    mod_list(ENCTYPE_DES_CBC_CRC, sel, weak, list, &count);
-	    mod_list(ENCTYPE_DES_CBC_MD5, sel, weak, list, &count);
-	    mod_list(ENCTYPE_DES_CBC_MD4, sel, weak, list, &count);
-	} else if (strcasecmp(token, "des3") == 0) {
-	    mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, list, &count);
-	} else if (strcasecmp(token, "aes") == 0) {
-	    mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, list, &count);
-	    mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, list, &count);
-	} else if (strcasecmp(token, "rc4") == 0) {
-	    mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, list, &count);
-	} else if (krb5_string_to_enctype(token, &etype) == 0) {
-	    /* Set a specific enctype. */
-	    mod_list(etype, sel, weak, list, &count);
-	}
+         token = strtok_r(NULL, delim, &save)) {
+        /* Determine if we are adding or removing enctypes. */
+        sel = TRUE;
+        if (*token == '+' || *token == '-')
+            sel = (*token++ == '+');
+
+        if (strcasecmp(token, "DEFAULT") == 0) {
+            /* Set all enctypes in the default list. */
+            for (i = 0; default_list[i]; i++)
+                mod_list(default_list[i], sel, weak, list, &count);
+        } else if (strcasecmp(token, "des") == 0) {
+            mod_list(ENCTYPE_DES_CBC_CRC, sel, weak, list, &count);
+            mod_list(ENCTYPE_DES_CBC_MD5, sel, weak, list, &count);
+            mod_list(ENCTYPE_DES_CBC_MD4, sel, weak, list, &count);
+        } else if (strcasecmp(token, "des3") == 0) {
+            mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, list, &count);
+        } else if (strcasecmp(token, "aes") == 0) {
+            mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, list, &count);
+            mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, list, &count);
+        } else if (strcasecmp(token, "rc4") == 0) {
+            mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, list, &count);
+        } else if (krb5_string_to_enctype(token, &etype) == 0) {
+            /* Set a specific enctype. */
+            mod_list(etype, sel, weak, list, &count);
+        }
     }
 
     list[count] = 0;
@@ -433,8 +434,8 @@ krb5int_parse_enctype_list(krb5_context context, char *profstr,
  */
 static krb5_error_code
 get_profile_etype_list(krb5_context context, krb5_enctype **etypes_ptr,
-		       char *profkey, krb5_enctype *ctx_list,
-		       krb5_enctype *default_list)
+                       char *profkey, krb5_enctype *ctx_list,
+                       krb5_enctype *default_list)
 {
     krb5_enctype *etypes;
     krb5_error_code code;
@@ -443,26 +444,26 @@ get_profile_etype_list(krb5_context context, krb5_enctype **etypes_ptr,
     *etypes_ptr = NULL;
 
     if (ctx_list) {
-	/* Use application defaults. */
-	code = copy_enctypes(context, ctx_list, &etypes);
-	if (code)
-	    return code;
+        /* Use application defaults. */
+        code = copy_enctypes(context, ctx_list, &etypes);
+        if (code)
+            return code;
     } else {
-	/* Parse profile setting, or "DEFAULT" if not specified. */
-	code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
-				  profkey, NULL, "DEFAULT", &profstr);
-	if (code)
-	    return code;
-	code = krb5int_parse_enctype_list(context, profstr, default_list,
-					  &etypes);
-	profile_release_string(profstr);
-	if (code)
-	    return code;
+        /* Parse profile setting, or "DEFAULT" if not specified. */
+        code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                  profkey, NULL, "DEFAULT", &profstr);
+        if (code)
+            return code;
+        code = krb5int_parse_enctype_list(context, profstr, default_list,
+                                          &etypes);
+        profile_release_string(profstr);
+        if (code)
+            return code;
     }
 
     if (etypes[0] == 0) {
-	free(etypes);
-	return KRB5_CONFIG_ETYPE_NOSUPP;
+        free(etypes);
+        return KRB5_CONFIG_ETYPE_NOSUPP;
     }
 
     *etypes_ptr = etypes;
@@ -473,9 +474,9 @@ krb5_error_code
 krb5_get_default_in_tkt_ktypes(krb5_context context, krb5_enctype **ktypes)
 {
     return get_profile_etype_list(context, ktypes,
-				  KRB5_CONF_DEFAULT_TKT_ENCTYPES,
-				  context->in_tkt_etypes,
-				  default_enctype_list);
+                                  KRB5_CONF_DEFAULT_TKT_ENCTYPES,
+                                  context->in_tkt_etypes,
+                                  default_enctype_list);
 }
 
 void
@@ -490,24 +491,24 @@ KRB5_CALLCONV
 krb5_get_tgs_ktypes(krb5_context context, krb5_const_principal princ, krb5_enctype **ktypes)
 {
     if (context->use_conf_ktypes)
-	/* This one is set *only* by reading the config file; it's not
-	   set by the application.  */
-	return get_profile_etype_list(context, ktypes,
-				      KRB5_CONF_DEFAULT_TKT_ENCTYPES, NULL,
-				      default_enctype_list);
+        /* This one is set *only* by reading the config file; it's not
+           set by the application.  */
+        return get_profile_etype_list(context, ktypes,
+                                      KRB5_CONF_DEFAULT_TKT_ENCTYPES, NULL,
+                                      default_enctype_list);
     else
-	return get_profile_etype_list(context, ktypes,
-				      KRB5_CONF_DEFAULT_TGS_ENCTYPES,
-				      context->tgs_etypes,
-				      default_enctype_list);
+        return get_profile_etype_list(context, ktypes,
+                                      KRB5_CONF_DEFAULT_TGS_ENCTYPES,
+                                      context->tgs_etypes,
+                                      default_enctype_list);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes)
 {
     return get_profile_etype_list(context, ktypes,
-				  KRB5_CONF_PERMITTED_ENCTYPES,
-				  context->tgs_etypes, default_enctype_list);
+                                  KRB5_CONF_PERMITTED_ENCTYPES,
+                                  context->tgs_etypes, default_enctype_list);
 }
 
 krb5_boolean
@@ -517,14 +518,14 @@ krb5_is_permitted_enctype(krb5_context context, krb5_enctype etype)
     krb5_boolean ret;
 
     if (krb5_get_permitted_enctypes(context, &list))
-	return(0);
+        return(0);
+
 
-    
     ret = 0;
 
     for (ptr = list; *ptr; ptr++)
-	if (*ptr == etype)
-	    ret = 1;
+        if (*ptr == etype)
+            ret = 1;
 
     krb5_free_ktypes (context, list);
 
@@ -571,11 +572,11 @@ krb5_copy_context(krb5_context ctx, krb5_context *nctx_out)
 
     *nctx_out = NULL;
     if (ctx == NULL)
-	return EINVAL;		/* XXX */
+        return EINVAL;          /* XXX */
 
     nctx = malloc(sizeof(*nctx));
     if (nctx == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     *nctx = *ctx;
 
@@ -600,28 +601,28 @@ krb5_copy_context(krb5_context ctx, krb5_context *nctx_out)
 
     ret = copy_enctypes(nctx, ctx->in_tkt_etypes, &nctx->in_tkt_etypes);
     if (ret)
-	goto errout;
+        goto errout;
     ret = copy_enctypes(nctx, ctx->tgs_etypes, &nctx->tgs_etypes);
     if (ret)
-	goto errout;
+        goto errout;
 
     if (ctx->os_context.default_ccname != NULL) {
-	nctx->os_context.default_ccname =
-	    strdup(ctx->os_context.default_ccname);
-	if (nctx->os_context.default_ccname == NULL) {
-	    ret = ENOMEM;
-	    goto errout;
-	}
+        nctx->os_context.default_ccname =
+            strdup(ctx->os_context.default_ccname);
+        if (nctx->os_context.default_ccname == NULL) {
+            ret = ENOMEM;
+            goto errout;
+        }
     }
     ret = krb5_get_profile(ctx, &nctx->profile);
     if (ret)
-	goto errout;
+        goto errout;
 
 errout:
     if (ret) {
-	krb5_free_context(nctx);
+        krb5_free_context(nctx);
     } else {
-	*nctx_out = nctx;
+        *nctx_out = nctx;
     }
     return ret;
 }
diff --git a/src/lib/krb5/krb/init_keyblock.c b/src/lib/krb5/krb/init_keyblock.c
index 3be842ac8..baf7dabec 100644
--- a/src/lib/krb5/krb/init_keyblock.c
+++ b/src/lib/krb5/krb/init_keyblock.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/init_keyblock.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,10 +23,10 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
  *
- * krb5_init_keyblock- a function to set up 
+ *
+ *
+ * krb5_init_keyblock- a function to set up
  *  an empty keyblock
  */
 
@@ -34,8 +35,8 @@
 #include <assert.h>
 
 krb5_error_code KRB5_CALLCONV  krb5_init_keyblock
-	(krb5_context context, krb5_enctype enctype,
-	 size_t length, krb5_keyblock **out)
+(krb5_context context, krb5_enctype enctype,
+ size_t length, krb5_keyblock **out)
 {
-  return krb5int_c_init_keyblock (context, enctype, length, out);
+    return krb5int_c_init_keyblock (context, enctype, length, out);
 }
diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h
index 724e18bf8..081a8a34b 100644
--- a/src/lib/krb5/krb/int-proto.h
+++ b/src/lib/krb5/krb/int-proto.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/int-proto.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Function prototypes for Kerberos V5 library internal functions.
  */
@@ -32,14 +33,14 @@
 #define KRB5_INT_FUNC_PROTO__
 
 krb5_error_code krb5_tgtname
-    	(krb5_context context,
-	           const krb5_data *,
-	           const krb5_data *,
-	           krb5_principal *);
+(krb5_context context,
+ const krb5_data *,
+ const krb5_data *,
+ krb5_principal *);
 
 krb5_error_code krb5_libdefault_boolean
-        (krb5_context, const krb5_data *, const char *,
-			int *);
+(krb5_context, const krb5_data *, const char *,
+ int *);
 
 krb5_error_code krb5_ser_authdata_init (krb5_context);
 krb5_error_code krb5_ser_address_init (krb5_context);
@@ -51,40 +52,39 @@ krb5_error_code krb5_ser_authdata_context_init (krb5_context);
 
 krb5_error_code
 krb5_preauth_supply_preauth_data(krb5_context context,
-				 krb5_gic_opt_ext *opte,
-				 const char *attr,
-				 const char *value);
+                                 krb5_gic_opt_ext *opte,
+                                 const char *attr,
+                                 const char *value);
 
 krb5_error_code
 krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
-			   krb5_creds *in_cred, krb5_creds **out_cred,
-			   krb5_creds ***tgts, int kdcopt);
+                           krb5_creds *in_cred, krb5_creds **out_cred,
+                           krb5_creds ***tgts, int kdcopt);
 
 krb5_error_code
 krb5int_construct_matching_creds(krb5_context context, krb5_flags options,
-				 krb5_creds *in_creds, krb5_creds *mcreds,
-				 krb5_flags *fields);
+                                 krb5_creds *in_creds, krb5_creds *mcreds,
+                                 krb5_flags *fields);
 
 #define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew)
 
-#define IS_TGS_PRINC(c, p)						\
-    (krb5_princ_size((c), (p)) == 2 &&					\
+#define IS_TGS_PRINC(c, p)                                              \
+    (krb5_princ_size((c), (p)) == 2 &&                                  \
      data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME))
 
 krb5_error_code
 krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
-			   krb5_flags kdcoptions, krb5_address *const *address,
-			   krb5_pa_data **in_padata,
-			   krb5_creds *in_cred,
-			   krb5_error_code (*gcvt_fct)(krb5_context,
-						       krb5_keyblock *,
-						       krb5_kdc_req *,
-						       void *),
-			   void *gcvt_data,
-			   krb5_pa_data ***out_padata,
-			   krb5_pa_data ***enc_padata,
-			   krb5_creds **out_cred,
-			   krb5_keyblock **out_subkey);
+                           krb5_flags kdcoptions, krb5_address *const *address,
+                           krb5_pa_data **in_padata,
+                           krb5_creds *in_cred,
+                           krb5_error_code (*gcvt_fct)(krb5_context,
+                                                       krb5_keyblock *,
+                                                       krb5_kdc_req *,
+                                                       void *),
+                           void *gcvt_data,
+                           krb5_pa_data ***out_padata,
+                           krb5_pa_data ***enc_padata,
+                           krb5_creds **out_cred,
+                           krb5_keyblock **out_subkey);
 
 #endif /* KRB5_INT_FUNC_PROTO__ */
-
diff --git a/src/lib/krb5/krb/kdc_rep_dc.c b/src/lib/krb5/krb/kdc_rep_dc.c
index 42559b2f1..dfd3ba29f 100644
--- a/src/lib/krb5/krb/kdc_rep_dc.c
+++ b/src/lib/krb5/krb/kdc_rep_dc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/kdc_rep_dc.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_kdc_rep_decrypt_proc()
  */
@@ -45,34 +46,34 @@ krb5_kdc_rep_decrypt_proc(krb5_context context, const krb5_keyblock *key, krb5_c
     krb5_keyusage usage;
 
     if (decryptarg) {
-	usage = *(const krb5_keyusage *) decryptarg;
+        usage = *(const krb5_keyusage *) decryptarg;
     } else {
-	usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
+        usage = KRB5_KEYUSAGE_AS_REP_ENCPART;
     }
 
     /* set up scratch decrypt/decode area */
 
     scratch.length = dec_rep->enc_part.ciphertext.length;
     if (!(scratch.data = malloc(dec_rep->enc_part.ciphertext.length))) {
-	return(ENOMEM);
+        return(ENOMEM);
     }
 
     /*dec_rep->enc_part.enctype;*/
 
     if ((retval = krb5_c_decrypt(context, key, usage, 0, &dec_rep->enc_part,
-				 &scratch))) {
-	free(scratch.data);
-	return(retval);
+                                 &scratch))) {
+        free(scratch.data);
+        return(retval);
     }
 
-#define clean_scratch() {memset(scratch.data, 0, scratch.length); \
-free(scratch.data);}
+#define clean_scratch() {memset(scratch.data, 0, scratch.length);       \
+        free(scratch.data);}
 
     /* and do the decode */
     retval = decode_krb5_enc_kdc_rep_part(&scratch, &local_encpart);
     clean_scratch();
     if (retval)
-	return retval;
+        return retval;
 
     dec_rep->enc_part2 = local_encpart;
 
diff --git a/src/lib/krb5/krb/kerrs.c b/src/lib/krb5/krb/kerrs.c
index 51f1eca97..7525e29a1 100644
--- a/src/lib/krb5/krb/kerrs.c
+++ b/src/lib/krb5/krb/kerrs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/kerrs.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -38,63 +39,63 @@ static int error_message_debug = 0;
 #undef krb5_set_error_message
 void KRB5_CALLCONV_C
 krb5_set_error_message (krb5_context ctx, krb5_error_code code,
-			const char *fmt, ...)
+                        const char *fmt, ...)
 {
     va_list args;
     if (ctx == NULL)
-	return;
+        return;
     va_start (args, fmt);
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr,
-		"krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n",
-		ctx, &ctx->err, (long) code);
+        fprintf(stderr,
+                "krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n",
+                ctx, &ctx->err, (long) code);
 #endif
     krb5int_vset_error (&ctx->err, code, fmt, args);
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr, "->%s\n", ctx->err.msg);
+        fprintf(stderr, "->%s\n", ctx->err.msg);
 #endif
     va_end (args);
 }
 
 void KRB5_CALLCONV_C
 krb5_set_error_message_fl (krb5_context ctx, krb5_error_code code,
-			   const char *file, int line, const char *fmt, ...)
+                           const char *file, int line, const char *fmt, ...)
 {
     va_list args;
     if (ctx == NULL)
-	return;
+        return;
     va_start (args, fmt);
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr,
-		"krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n",
-		ctx, &ctx->err, (long) code);
+        fprintf(stderr,
+                "krb5_set_error_message(ctx=%p/err=%p, code=%ld, ...)\n",
+                ctx, &ctx->err, (long) code);
 #endif
     krb5int_vset_error_fl (&ctx->err, code, file, line, fmt, args);
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr, "->%s\n", ctx->err.msg);
+        fprintf(stderr, "->%s\n", ctx->err.msg);
 #endif
     va_end (args);
 }
 
 void KRB5_CALLCONV
 krb5_vset_error_message (krb5_context ctx, krb5_error_code code,
-			 const char *fmt, va_list args)
+                         const char *fmt, va_list args)
 {
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr, "krb5_vset_error_message(ctx=%p, code=%ld, ...)\n",
-		ctx, (long) code);
+        fprintf(stderr, "krb5_vset_error_message(ctx=%p, code=%ld, ...)\n",
+                ctx, (long) code);
 #endif
     if (ctx == NULL)
-	return;
+        return;
     krb5int_vset_error (&ctx->err, code, fmt, args);
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr, "->%s\n", ctx->err.msg);
+        fprintf(stderr, "->%s\n", ctx->err.msg);
 #endif
 }
 
@@ -103,12 +104,12 @@ void KRB5_CALLCONV
 krb5_copy_error_message (krb5_context dest_ctx, krb5_context src_ctx)
 {
     if (dest_ctx == src_ctx)
-	return;
+        return;
     if (src_ctx->err.msg) {
-	krb5int_set_error(&dest_ctx->err, src_ctx->err.code, "%s",
-			  src_ctx->err.msg);
+        krb5int_set_error(&dest_ctx->err, src_ctx->err.code, "%s",
+                          src_ctx->err.msg);
     } else {
-	krb5int_clear_error(&dest_ctx->err);
+        krb5int_clear_error(&dest_ctx->err);
     }
 }
 
@@ -117,10 +118,10 @@ krb5_get_error_message (krb5_context ctx, krb5_error_code code)
 {
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr, "krb5_get_error_message(%p, %ld)\n", ctx, (long) code);
+        fprintf(stderr, "krb5_get_error_message(%p, %ld)\n", ctx, (long) code);
 #endif
     if (ctx == NULL)
-	return error_message(code);
+        return error_message(code);
     return krb5int_get_error (&ctx->err, code);
 }
 
@@ -129,10 +130,10 @@ krb5_free_error_message (krb5_context ctx, const char *msg)
 {
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr, "krb5_free_error_message(%p, %p)\n", ctx, msg);
+        fprintf(stderr, "krb5_free_error_message(%p, %p)\n", ctx, msg);
 #endif
     if (ctx == NULL)
-	return;
+        return;
     krb5int_free_error (&ctx->err, msg);
 }
 
@@ -141,9 +142,9 @@ krb5_clear_error_message (krb5_context ctx)
 {
 #ifdef DEBUG
     if (ERROR_MESSAGE_DEBUG())
-	fprintf(stderr, "krb5_clear_error_message(%p)\n", ctx);
+        fprintf(stderr, "krb5_clear_error_message(%p)\n", ctx);
 #endif
     if (ctx == NULL)
-	return;
+        return;
     krb5int_clear_error (&ctx->err);
 }
diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c
index 801eed0da..c372e70b6 100644
--- a/src/lib/krb5/krb/kfree.c
+++ b/src/lib/krb5/krb/kfree.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/free/f_addr.c
  *
@@ -7,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_free_address()
  */
@@ -60,7 +61,7 @@ void KRB5_CALLCONV
 krb5_free_address(krb5_context context, krb5_address *val)
 {
     if (val == NULL)
-	return;
+        return;
     free(val->contents);
     free(val);
 }
@@ -71,10 +72,10 @@ krb5_free_addresses(krb5_context context, krb5_address **val)
     register krb5_address **temp;
 
     if (val == NULL)
-	return;
+        return;
     for (temp = val; *temp; temp++) {
-	free((*temp)->contents);
-	free(*temp);
+        free((*temp)->contents);
+        free(*temp);
     }
     free(val);
 }
@@ -82,18 +83,18 @@ krb5_free_addresses(krb5_context context, krb5_address **val)
 
 void KRB5_CALLCONV
 krb5_free_alt_method(krb5_context context,
-		     krb5_alt_method *alt)
+                     krb5_alt_method *alt)
 {
     if (alt) {
-	free(alt->data);
-	free(alt);
+        free(alt->data);
+        free(alt);
     }
 }
 void KRB5_CALLCONV
 krb5_free_ap_rep(krb5_context context, register krb5_ap_rep *val)
 {
     if (val == NULL)
-	return;
+        return;
     free(val->enc_part.ciphertext.data);
     free(val);
 }
@@ -102,7 +103,7 @@ void KRB5_CALLCONV
 krb5_free_ap_req(krb5_context context, register krb5_ap_req *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_ticket(context, val->ticket);
     free(val->authenticator.ciphertext.data);
     free(val);
@@ -112,7 +113,7 @@ void KRB5_CALLCONV
 krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_keyblock(context, val->subkey);
     free(val);
 }
@@ -121,7 +122,7 @@ void KRB5_CALLCONV
 krb5_free_authenticator_contents(krb5_context context, krb5_authenticator *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_checksum(context, val->checksum);
     val->checksum = 0;
     krb5_free_principal(context, val->client);
@@ -138,10 +139,10 @@ krb5_free_authdata(krb5_context context, krb5_authdata **val)
     register krb5_authdata **temp;
 
     if (val == NULL)
-	return;
+        return;
     for (temp = val; *temp; temp++) {
-	free((*temp)->contents);
-	free(*temp);
+        free((*temp)->contents);
+        free(*temp);
     }
     free(val);
 }
@@ -150,7 +151,7 @@ void KRB5_CALLCONV
 krb5_free_authenticator(krb5_context context, krb5_authenticator *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_authenticator_contents(context, val);
     free(val);
 }
@@ -159,7 +160,7 @@ void KRB5_CALLCONV
 krb5_free_checksum(krb5_context context, register krb5_checksum *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_checksum_contents(context, val);
     free(val);
 }
@@ -168,7 +169,7 @@ void KRB5_CALLCONV
 krb5_free_checksum_contents(krb5_context context, register krb5_checksum *val)
 {
     if (val == NULL)
-	return;
+        return;
     free(val->contents);
     val->contents = NULL;
 }
@@ -177,7 +178,7 @@ void KRB5_CALLCONV
 krb5_free_cred(krb5_context context, register krb5_cred *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_tickets(context, val->tickets);
     free(val->enc_part.ciphertext.data);
     free(val);
@@ -185,14 +186,14 @@ krb5_free_cred(krb5_context context, register krb5_cred *val)
 
 /*
  * krb5_free_cred_contents zeros out the session key, and then frees
- * the credentials structures 
+ * the credentials structures
  */
 
 void KRB5_CALLCONV
 krb5_free_cred_contents(krb5_context context, krb5_creds *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_principal(context, val->client);
     val->client = 0;
     krb5_free_principal(context, val->server);
@@ -208,28 +209,28 @@ krb5_free_cred_contents(krb5_context context, krb5_creds *val)
     val->authdata = 0;
 }
 
-void KRB5_CALLCONV 
+void KRB5_CALLCONV
 krb5_free_cred_enc_part(krb5_context context, register krb5_cred_enc_part *val)
 {
     register krb5_cred_info **temp;
-    
+
     if (val == NULL)
-	return;
+        return;
     krb5_free_address(context, val->r_address);
     val->r_address = 0;
     krb5_free_address(context, val->s_address);
     val->s_address = 0;
 
     if (val->ticket_info) {
-	for (temp = val->ticket_info; *temp; temp++) {
-	    krb5_free_keyblock(context, (*temp)->session);
-	    krb5_free_principal(context, (*temp)->client);
-	    krb5_free_principal(context, (*temp)->server);
-	    krb5_free_addresses(context, (*temp)->caddrs);
-	    free(*temp);
-	}
-	free(val->ticket_info);
-	val->ticket_info = 0;
+        for (temp = val->ticket_info; *temp; temp++) {
+            krb5_free_keyblock(context, (*temp)->session);
+            krb5_free_principal(context, (*temp)->client);
+            krb5_free_principal(context, (*temp)->server);
+            krb5_free_addresses(context, (*temp)->caddrs);
+            free(*temp);
+        }
+        free(val->ticket_info);
+        val->ticket_info = 0;
     }
 }
 
@@ -238,7 +239,7 @@ void KRB5_CALLCONV
 krb5_free_creds(krb5_context context, krb5_creds *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_cred_contents(context, val);
     free(val);
 }
@@ -248,7 +249,7 @@ void KRB5_CALLCONV
 krb5_free_data(krb5_context context, krb5_data *val)
 {
     if (val == NULL)
-	return;
+        return;
     free(val->data);
     free(val);
 }
@@ -257,10 +258,10 @@ void KRB5_CALLCONV
 krb5_free_data_contents(krb5_context context, krb5_data *val)
 {
     if (val == NULL)
-	return;
+        return;
     if (val->data) {
-	free(val->data);
-	val->data = 0;
+        free(val->data);
+        val->data = 0;
     }
 }
 
@@ -268,7 +269,7 @@ void KRB5_CALLCONV
 krb5_free_enc_data(krb5_context context, krb5_enc_data *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_data_contents(context, &val->ciphertext);
     free(val);
 }
@@ -278,21 +279,21 @@ void krb5_free_etype_info(krb5_context context, krb5_etype_info info)
     int i;
 
     if (info == NULL)
-	return;
+        return;
     for (i=0; info[i] != NULL; i++) {
-	free(info[i]->salt);
-	krb5_free_data_contents(context, &info[i]->s2kparams);
-	free(info[i]);
+        free(info[i]->salt);
+        krb5_free_data_contents(context, &info[i]->s2kparams);
+        free(info[i]);
     }
     free(info);
 }
-    
+
 
 void KRB5_CALLCONV
 krb5_free_enc_kdc_rep_part(krb5_context context, register krb5_enc_kdc_rep_part *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_keyblock(context, val->session);
     krb5_free_last_req(context, val->last_req);
     krb5_free_principal(context, val->server);
@@ -305,7 +306,7 @@ void KRB5_CALLCONV
 krb5_free_enc_tkt_part(krb5_context context, krb5_enc_tkt_part *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_keyblock(context, val->session);
     krb5_free_principal(context, val->client);
     free(val->transited.tr_contents.data);
@@ -319,7 +320,7 @@ void KRB5_CALLCONV
 krb5_free_error(krb5_context context, register krb5_error *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_principal(context, val->client);
     krb5_free_principal(context, val->server);
     free(val->text.data);
@@ -331,7 +332,7 @@ void KRB5_CALLCONV
 krb5_free_kdc_rep(krb5_context context, krb5_kdc_rep *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_pa_data(context, val->padata);
     krb5_free_principal(context, val->client);
     krb5_free_ticket(context, val->ticket);
@@ -345,7 +346,7 @@ void KRB5_CALLCONV
 krb5_free_kdc_req(krb5_context context, krb5_kdc_req *val)
 {
     if (val == NULL)
-	return;
+        return;
     assert( val->kdc_state == NULL);
     krb5_free_pa_data(context, val->padata);
     krb5_free_principal(context, val->client);
@@ -378,9 +379,9 @@ krb5_free_last_req(krb5_context context, krb5_last_req_entry **val)
     register krb5_last_req_entry **temp;
 
     if (val == NULL)
-	return;
+        return;
     for (temp = val; *temp; temp++)
-	free(*temp);
+        free(*temp);
     free(val);
 }
 
@@ -390,10 +391,10 @@ krb5_free_pa_data(krb5_context context, krb5_pa_data **val)
     register krb5_pa_data **temp;
 
     if (val == NULL)
-	return;
+        return;
     for (temp = val; *temp; temp++) {
-	free((*temp)->contents);
-	free(*temp);
+        free((*temp)->contents);
+        free(*temp);
     }
     free(val);
 }
@@ -404,13 +405,13 @@ krb5_free_principal(krb5_context context, krb5_principal val)
     register krb5_int32 i;
 
     if (!val)
-	return;
-    
+        return;
+
     if (val->data) {
-	i = krb5_princ_size(context, val);
-	while(--i >= 0)
-	    free(krb5_princ_component(context, val, i)->data);
-	free(val->data);
+        i = krb5_princ_size(context, val);
+        while(--i >= 0)
+            free(krb5_princ_component(context, val, i)->data);
+        free(val->data);
     }
     free(val->realm.data);
     free(val);
@@ -420,7 +421,7 @@ void KRB5_CALLCONV
 krb5_free_priv(krb5_context context, register krb5_priv *val)
 {
     if (val == NULL)
-	return;
+        return;
     free(val->enc_part.ciphertext.data);
     free(val);
 }
@@ -429,7 +430,7 @@ void KRB5_CALLCONV
 krb5_free_priv_enc_part(krb5_context context, register krb5_priv_enc_part *val)
 {
     if (val == NULL)
-	return;
+        return;
     free(val->user_data.data);
     krb5_free_address(context, val->r_address);
     krb5_free_address(context, val->s_address);
@@ -440,7 +441,7 @@ void KRB5_CALLCONV
 krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_pwd_sequences(context, val->element);
     free(val);
 }
@@ -448,10 +449,10 @@ krb5_free_pwd_data(krb5_context context, krb5_pwd_data *val)
 
 void KRB5_CALLCONV
 krb5_free_passwd_phrase_element(krb5_context context,
-				passwd_phrase_element *val)
+                                passwd_phrase_element *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_data(context, val->passwd);
     val->passwd = NULL;
     krb5_free_data(context, val->phrase);
@@ -466,9 +467,9 @@ krb5_free_pwd_sequences(krb5_context context, passwd_phrase_element **val)
     register passwd_phrase_element **temp;
 
     if (val == NULL)
-	return;
+        return;
     for (temp = val; *temp; temp++)
-	krb5_free_passwd_phrase_element(context, *temp);
+        krb5_free_passwd_phrase_element(context, *temp);
     free(val);
 }
 
@@ -477,7 +478,7 @@ void KRB5_CALLCONV
 krb5_free_safe(krb5_context context, register krb5_safe *val)
 {
     if (val == NULL)
-	return;
+        return;
     free(val->user_data.data);
     krb5_free_address(context, val->r_address);
     krb5_free_address(context, val->s_address);
@@ -490,7 +491,7 @@ void KRB5_CALLCONV
 krb5_free_ticket(krb5_context context, krb5_ticket *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_principal(context, val->server);
     free(val->enc_part.ciphertext.data);
     krb5_free_enc_tkt_part(context, val->enc_part2);
@@ -503,7 +504,7 @@ krb5_free_tickets(krb5_context context, krb5_ticket **val)
     register krb5_ticket **temp;
 
     if (val == NULL)
-	return;
+        return;
     for (temp = val; *temp; temp++)
         krb5_free_ticket(context, *temp);
     free(val);
@@ -515,9 +516,9 @@ krb5_free_tgt_creds(krb5_context context, krb5_creds **tgts)
 {
     register krb5_creds **tgtpp;
     if (tgts == NULL)
-	return;
+        return;
     for (tgtpp = tgts; *tgtpp; tgtpp++)
-	krb5_free_creds(context, *tgtpp);
+        krb5_free_creds(context, *tgtpp);
     free(tgts);
 }
 
@@ -525,7 +526,7 @@ void KRB5_CALLCONV
 krb5_free_tkt_authent(krb5_context context, krb5_tkt_authent *val)
 {
     if (val == NULL)
-	return;
+        return;
     krb5_free_ticket(context, val->ticket);
     krb5_free_authenticator(context, val->authenticator);
     free(val);
@@ -535,14 +536,14 @@ void KRB5_CALLCONV
 krb5_free_unparsed_name(krb5_context context, char *val)
 {
     if (val != NULL)
-	free(val);
+        free(val);
 }
 
 void KRB5_CALLCONV
 krb5_free_sam_challenge(krb5_context ctx, krb5_sam_challenge *sc)
 {
     if (!sc)
-	return;
+        return;
     krb5_free_sam_challenge_contents(ctx, sc);
     free(sc);
 }
@@ -551,7 +552,7 @@ void KRB5_CALLCONV
 krb5_free_sam_challenge_2(krb5_context ctx, krb5_sam_challenge_2 *sc2)
 {
     if (!sc2)
-	return;
+        return;
     krb5_free_sam_challenge_2_contents(ctx, sc2);
     free(sc2);
 }
@@ -560,79 +561,79 @@ void KRB5_CALLCONV
 krb5_free_sam_challenge_contents(krb5_context ctx, krb5_sam_challenge *sc)
 {
     if (!sc)
-	return;
+        return;
     if (sc->sam_type_name.data)
-	krb5_free_data_contents(ctx, &sc->sam_type_name);
+        krb5_free_data_contents(ctx, &sc->sam_type_name);
     if (sc->sam_track_id.data)
-	krb5_free_data_contents(ctx, &sc->sam_track_id);
+        krb5_free_data_contents(ctx, &sc->sam_track_id);
     if (sc->sam_challenge_label.data)
-	krb5_free_data_contents(ctx, &sc->sam_challenge_label);
+        krb5_free_data_contents(ctx, &sc->sam_challenge_label);
     if (sc->sam_challenge.data)
-	krb5_free_data_contents(ctx, &sc->sam_challenge);
+        krb5_free_data_contents(ctx, &sc->sam_challenge);
     if (sc->sam_response_prompt.data)
-	krb5_free_data_contents(ctx, &sc->sam_response_prompt);
+        krb5_free_data_contents(ctx, &sc->sam_response_prompt);
     if (sc->sam_pk_for_sad.data)
-	krb5_free_data_contents(ctx, &sc->sam_pk_for_sad);
+        krb5_free_data_contents(ctx, &sc->sam_pk_for_sad);
     free(sc->sam_cksum.contents);
     sc->sam_cksum.contents = 0;
 }
 
 void KRB5_CALLCONV
 krb5_free_sam_challenge_2_contents(krb5_context ctx,
-				   krb5_sam_challenge_2 *sc2)
+                                   krb5_sam_challenge_2 *sc2)
 {
     krb5_checksum **cksump;
 
     if (!sc2)
-	return;
+        return;
     if (sc2->sam_challenge_2_body.data)
-	krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body);
+        krb5_free_data_contents(ctx, &sc2->sam_challenge_2_body);
     if (sc2->sam_cksum) {
-	cksump = sc2->sam_cksum;
-	while (*cksump) {
-	    krb5_free_checksum(ctx, *cksump);
-	    cksump++;
-	}
-	free(sc2->sam_cksum);
-	sc2->sam_cksum = 0;
+        cksump = sc2->sam_cksum;
+        while (*cksump) {
+            krb5_free_checksum(ctx, *cksump);
+            cksump++;
+        }
+        free(sc2->sam_cksum);
+        sc2->sam_cksum = 0;
     }
 }
 
 void KRB5_CALLCONV
 krb5_free_sam_challenge_2_body(krb5_context ctx,
-			       krb5_sam_challenge_2_body *sc2)
+                               krb5_sam_challenge_2_body *sc2)
 {
     if (!sc2)
-	return;
+        return;
     krb5_free_sam_challenge_2_body_contents(ctx, sc2);
     free(sc2);
 }
 
 void KRB5_CALLCONV
 krb5_free_sam_challenge_2_body_contents(krb5_context ctx,
-					krb5_sam_challenge_2_body *sc2)
+                                        krb5_sam_challenge_2_body *sc2)
 {
     if (!sc2)
-	return;
-    if (sc2->sam_type_name.data) 
-	krb5_free_data_contents(ctx, &sc2->sam_type_name);
+        return;
+    if (sc2->sam_type_name.data)
+        krb5_free_data_contents(ctx, &sc2->sam_type_name);
     if (sc2->sam_track_id.data)
-	krb5_free_data_contents(ctx, &sc2->sam_track_id);
+        krb5_free_data_contents(ctx, &sc2->sam_track_id);
     if (sc2->sam_challenge_label.data)
-	krb5_free_data_contents(ctx, &sc2->sam_challenge_label);
+        krb5_free_data_contents(ctx, &sc2->sam_challenge_label);
     if (sc2->sam_challenge.data)
-	krb5_free_data_contents(ctx, &sc2->sam_challenge);
+        krb5_free_data_contents(ctx, &sc2->sam_challenge);
     if (sc2->sam_response_prompt.data)
-	krb5_free_data_contents(ctx, &sc2->sam_response_prompt);
+        krb5_free_data_contents(ctx, &sc2->sam_response_prompt);
     if (sc2->sam_pk_for_sad.data)
-	krb5_free_data_contents(ctx, &sc2->sam_pk_for_sad);
+        krb5_free_data_contents(ctx, &sc2->sam_pk_for_sad);
 }
 
 void KRB5_CALLCONV
 krb5_free_sam_response(krb5_context ctx, krb5_sam_response *sr)
 {
     if (!sr)
-	return;
+        return;
     krb5_free_sam_response_contents(ctx, sr);
     free(sr);
 }
@@ -641,7 +642,7 @@ void KRB5_CALLCONV
 krb5_free_sam_response_2(krb5_context ctx, krb5_sam_response_2 *sr2)
 {
     if (!sr2)
-	return;
+        return;
     krb5_free_sam_response_2_contents(ctx, sr2);
     free(sr2);
 }
@@ -650,95 +651,95 @@ void KRB5_CALLCONV
 krb5_free_sam_response_contents(krb5_context ctx, krb5_sam_response *sr)
 {
     if (!sr)
-	return;
+        return;
     if (sr->sam_track_id.data)
-	krb5_free_data_contents(ctx, &sr->sam_track_id);
+        krb5_free_data_contents(ctx, &sr->sam_track_id);
     if (sr->sam_enc_key.ciphertext.data)
-	krb5_free_data_contents(ctx, &sr->sam_enc_key.ciphertext);
+        krb5_free_data_contents(ctx, &sr->sam_enc_key.ciphertext);
     if (sr->sam_enc_nonce_or_ts.ciphertext.data)
-	krb5_free_data_contents(ctx, &sr->sam_enc_nonce_or_ts.ciphertext);
+        krb5_free_data_contents(ctx, &sr->sam_enc_nonce_or_ts.ciphertext);
 }
 
 void KRB5_CALLCONV
 krb5_free_sam_response_2_contents(krb5_context ctx, krb5_sam_response_2 *sr2)
 {
     if (!sr2)
-	return;
+        return;
     if (sr2->sam_track_id.data)
-	krb5_free_data_contents(ctx, &sr2->sam_track_id);
+        krb5_free_data_contents(ctx, &sr2->sam_track_id);
     if (sr2->sam_enc_nonce_or_sad.ciphertext.data)
-	krb5_free_data_contents(ctx, &sr2->sam_enc_nonce_or_sad.ciphertext);
+        krb5_free_data_contents(ctx, &sr2->sam_enc_nonce_or_sad.ciphertext);
 }
 
 void KRB5_CALLCONV
 krb5_free_predicted_sam_response(krb5_context ctx,
-				 krb5_predicted_sam_response *psr)
+                                 krb5_predicted_sam_response *psr)
 {
     if (!psr)
-	return;
+        return;
     krb5_free_predicted_sam_response_contents(ctx, psr);
     free(psr);
 }
 
 void KRB5_CALLCONV
 krb5_free_predicted_sam_response_contents(krb5_context ctx,
-				 krb5_predicted_sam_response *psr)
+                                          krb5_predicted_sam_response *psr)
 {
     if (!psr)
-	return;
+        return;
     if (psr->sam_key.contents)
-	krb5_free_keyblock_contents(ctx, &psr->sam_key);
+        krb5_free_keyblock_contents(ctx, &psr->sam_key);
     krb5_free_principal(ctx, psr->client);
     psr->client = 0;
     if (psr->msd.data)
-	krb5_free_data_contents(ctx, &psr->msd);
+        krb5_free_data_contents(ctx, &psr->msd);
 }
 
 void KRB5_CALLCONV
 krb5_free_enc_sam_response_enc(krb5_context ctx,
-			       krb5_enc_sam_response_enc *esre)
+                               krb5_enc_sam_response_enc *esre)
 {
     if (!esre)
-	return;
+        return;
     krb5_free_enc_sam_response_enc_contents(ctx, esre);
     free(esre);
 }
 
-void KRB5_CALLCONV 
+void KRB5_CALLCONV
 krb5_free_enc_sam_response_enc_2(krb5_context ctx,
-				 krb5_enc_sam_response_enc_2 *esre2)
+                                 krb5_enc_sam_response_enc_2 *esre2)
 {
     if (!esre2)
-	return;
+        return;
     krb5_free_enc_sam_response_enc_2_contents(ctx, esre2);
     free(esre2);
 }
 
 void KRB5_CALLCONV
 krb5_free_enc_sam_response_enc_contents(krb5_context ctx,
-			       krb5_enc_sam_response_enc *esre)
+                                        krb5_enc_sam_response_enc *esre)
 {
     if (!esre)
-	return;
+        return;
     if (esre->sam_sad.data)
-	krb5_free_data_contents(ctx, &esre->sam_sad);
+        krb5_free_data_contents(ctx, &esre->sam_sad);
 }
 
 void KRB5_CALLCONV
 krb5_free_enc_sam_response_enc_2_contents(krb5_context ctx,
-					  krb5_enc_sam_response_enc_2 *esre2)
+                                          krb5_enc_sam_response_enc_2 *esre2)
 {
     if (!esre2)
-	return;
+        return;
     if (esre2->sam_sad.data)
-	krb5_free_data_contents(ctx, &esre2->sam_sad);
+        krb5_free_data_contents(ctx, &esre2->sam_sad);
 }
 
 void KRB5_CALLCONV
 krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts *pa_enc_ts)
 {
     if (!pa_enc_ts)
-	return;
+        return;
     free(pa_enc_ts);
 }
 
@@ -746,7 +747,7 @@ void KRB5_CALLCONV
 krb5_free_pa_for_user(krb5_context context, krb5_pa_for_user *req)
 {
     if (req == NULL)
-	return;
+        return;
     krb5_free_principal(context, req->user);
     req->user = NULL;
     krb5_free_checksum_contents(context, &req->cksum);
@@ -758,7 +759,7 @@ void KRB5_CALLCONV
 krb5_free_s4u_userid_contents(krb5_context context, krb5_s4u_userid *user_id)
 {
     if (user_id == NULL)
-	return;
+        return;
     user_id->nonce = 0;
     krb5_free_principal(context, user_id->user);
     user_id->user = NULL;
@@ -772,7 +773,7 @@ void KRB5_CALLCONV
 krb5_free_pa_s4u_x509_user(krb5_context context, krb5_pa_s4u_x509_user *req)
 {
     if (req == NULL)
-	return;
+        return;
     krb5_free_s4u_userid_contents(context, &req->user_id);
     krb5_free_checksum_contents(context, &req->cksum);
     free(req);
@@ -780,26 +781,26 @@ krb5_free_pa_s4u_x509_user(krb5_context context, krb5_pa_s4u_x509_user *req)
 
 void KRB5_CALLCONV
 krb5_free_pa_server_referral_data(krb5_context context,
-				  krb5_pa_server_referral_data *ref)
+                                  krb5_pa_server_referral_data *ref)
 {
     if (ref == NULL)
-	return;
+        return;
     krb5_free_data(context, ref->referred_realm);
     ref->referred_realm = NULL;
     krb5_free_principal(context, ref->true_principal_name);
     ref->true_principal_name = NULL;
     krb5_free_principal(context, ref->requested_principal_name);
     ref->requested_principal_name = NULL;
-    krb5_free_checksum_contents(context, &ref->rep_cksum); 
+    krb5_free_checksum_contents(context, &ref->rep_cksum);
     free(ref);
 }
 
 void KRB5_CALLCONV
 krb5_free_pa_svr_referral_data(krb5_context context,
-			       krb5_pa_svr_referral_data *ref)
+                               krb5_pa_svr_referral_data *ref)
 {
     if (ref == NULL)
-	return;
+        return;
     krb5_free_principal(context, ref->principal);
     ref->principal = NULL;
     free(ref);
@@ -807,79 +808,79 @@ krb5_free_pa_svr_referral_data(krb5_context context,
 
 void KRB5_CALLCONV
 krb5_free_pa_pac_req(krb5_context context,
-		     krb5_pa_pac_req *req)
+                     krb5_pa_pac_req *req)
 {
     free(req);
 }
 
 void KRB5_CALLCONV
 krb5_free_etype_list(krb5_context context,
-		     krb5_etype_list *etypes)
+                     krb5_etype_list *etypes)
 {
     if (etypes != NULL) {
-	free(etypes->etypes);
-	free(etypes);
+        free(etypes->etypes);
+        free(etypes);
     }
 }
 void krb5_free_fast_req(krb5_context context, krb5_fast_req *val)
 {
-  if (val == NULL)
-    return;
-  krb5_free_kdc_req(context, val->req_body);
-  free(val);
+    if (val == NULL)
+        return;
+    krb5_free_kdc_req(context, val->req_body);
+    free(val);
 }
 
 void krb5_free_fast_armor(krb5_context context, krb5_fast_armor *val)
 {
-  if (val == NULL)
-    return;
-  krb5_free_data_contents(context, &val->armor_value);
-  free(val);
+    if (val == NULL)
+        return;
+    krb5_free_data_contents(context, &val->armor_value);
+    free(val);
 }
 
 void krb5_free_fast_response(krb5_context context, krb5_fast_response *val)
 {
-  if (!val)
-    return;
-  krb5_free_pa_data(context, val->padata);
-  krb5_free_fast_finished(context, val->finished);
-  krb5_free_keyblock(context, val->strengthen_key);
-  free(val);
+    if (!val)
+        return;
+    krb5_free_pa_data(context, val->padata);
+    krb5_free_fast_finished(context, val->finished);
+    krb5_free_keyblock(context, val->strengthen_key);
+    free(val);
 }
 
 void krb5_free_fast_finished
 (krb5_context context, krb5_fast_finished *val)
 {
-  if (!val)
-    return;
-  krb5_free_principal(context, val->client);
-  krb5_free_checksum_contents(context, &val->ticket_checksum);
-  free(val);
+    if (!val)
+        return;
+    krb5_free_principal(context, val->client);
+    krb5_free_checksum_contents(context, &val->ticket_checksum);
+    free(val);
 }
 
 void krb5_free_typed_data(krb5_context context, krb5_typed_data **in)
 {
-  int i = 0;
-  if (in == NULL) return;
-  while (in[i] != NULL) {
-    if (in[i]->data != NULL)
-      free(in[i]->data);
-    free(in[i]);
-    i++;
-  }
-  free(in);
+    int i = 0;
+    if (in == NULL) return;
+    while (in[i] != NULL) {
+        if (in[i]->data != NULL)
+            free(in[i]->data);
+        free(in[i]);
+        i++;
+    }
+    free(in);
 }
 
 void krb5_free_fast_armored_req(krb5_context context,
-				krb5_fast_armored_req *val)
+                                krb5_fast_armored_req *val)
 {
     if (val == NULL)
-	return;
+        return;
     if (val->armor)
-	krb5_free_fast_armor(context, val->armor);
+        krb5_free_fast_armor(context, val->armor);
     krb5_free_data_contents(context, &val->enc_part.ciphertext);
     if (val->req_checksum.contents)
-      krb5_free_checksum_contents(context, &val->req_checksum);
+        krb5_free_checksum_contents(context, &val->req_checksum);
     free(val);
 }
 
@@ -908,4 +909,3 @@ krb5_free_ad_kdcissued(krb5_context context, krb5_ad_kdcissued *val)
     krb5_free_authdata(context, val->elements);
     free(val);
 }
-
diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c
index 6ce0e354e..4c95accd0 100644
--- a/src/lib/krb5/krb/mk_cred.c
+++ b/src/lib/krb5/krb/mk_cred.c
@@ -1,7 +1,8 @@
-/* 
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
  * NAME
  *    cred.c
- * 
+ *
  * DESCRIPTION
  *    Provide an interface to assemble and disassemble krb5_cred
  *    structures.
@@ -20,41 +21,41 @@
 /*
  * encrypt the enc_part of krb5_cred
  */
-static krb5_error_code 
+static krb5_error_code
 encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart,
-		    krb5_key pkey, krb5_enc_data *pencdata)
+                    krb5_key pkey, krb5_enc_data *pencdata)
 {
-    krb5_error_code 	  retval;
-    krb5_data 		* scratch;
+    krb5_error_code       retval;
+    krb5_data           * scratch;
 
     /* start by encoding to-be-encrypted part of the message */
     if ((retval = encode_krb5_enc_cred_part(pcredpart, &scratch)))
-    	return retval;
+        return retval;
 
     /*
      * If the keyblock is NULL, just copy the data from the encoded
      * data to the ciphertext area.
      */
     if (pkey == NULL) {
-	    pencdata->ciphertext.data = scratch->data;
-	    pencdata->ciphertext.length = scratch->length;
-	    free(scratch);
-	    return 0;
+        pencdata->ciphertext.data = scratch->data;
+        pencdata->ciphertext.length = scratch->length;
+        free(scratch);
+        return 0;
     }
 
     /* call the encryption routine */
     retval = krb5_encrypt_keyhelper(context, pkey,
-				    KRB5_KEYUSAGE_KRB_CRED_ENCPART,
-				    scratch, pencdata);
+                                    KRB5_KEYUSAGE_KRB_CRED_ENCPART,
+                                    scratch, pencdata);
 
     if (retval) {
-    	memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length);
+        memset(pencdata->ciphertext.data, 0, pencdata->ciphertext.length);
         free(pencdata->ciphertext.data);
         pencdata->ciphertext.length = 0;
         pencdata->ciphertext.data = 0;
     }
 
-    memset(scratch->data, 0, scratch->length); 
+    memset(scratch->data, 0, scratch->length);
     krb5_free_data(context, scratch);
 
     return retval;
@@ -64,15 +65,15 @@ encrypt_credencpart(krb5_context context, krb5_cred_enc_part *pcredpart,
 
 static krb5_error_code
 krb5_mk_ncred_basic(krb5_context context,
-		    krb5_creds **ppcreds, krb5_int32 nppcreds,
-		    krb5_key key, krb5_replay_data *replaydata,
-		    krb5_address *local_addr, krb5_address *remote_addr,
-		    krb5_cred *pcred)
+                    krb5_creds **ppcreds, krb5_int32 nppcreds,
+                    krb5_key key, krb5_replay_data *replaydata,
+                    krb5_address *local_addr, krb5_address *remote_addr,
+                    krb5_cred *pcred)
 {
-    krb5_cred_enc_part 	  credenc;
-    krb5_error_code	  retval;
-    size_t		  size;
-    int			  i;
+    krb5_cred_enc_part    credenc;
+    krb5_error_code       retval;
+    size_t                size;
+    int                   i;
 
     credenc.magic = KV5M_CRED_ENC_PART;
 
@@ -89,42 +90,42 @@ krb5_mk_ncred_basic(krb5_context context,
     size = sizeof(krb5_cred_info *) * (nppcreds + 1);
     credenc.ticket_info = (krb5_cred_info **) calloc(1, size);
     if (credenc.ticket_info == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     /*
      * For each credential in the list, initialize a cred info
      * structure and copy the ticket into the ticket list.
      */
     for (i = 0; i < nppcreds; i++) {
-    	credenc.ticket_info[i] = malloc(sizeof(krb5_cred_info));
-	if (credenc.ticket_info[i] == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	credenc.ticket_info[i+1] = NULL;
-	
+        credenc.ticket_info[i] = malloc(sizeof(krb5_cred_info));
+        if (credenc.ticket_info[i] == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        credenc.ticket_info[i+1] = NULL;
+
         credenc.ticket_info[i]->magic = KV5M_CRED_INFO;
         credenc.ticket_info[i]->times = ppcreds[i]->times;
         credenc.ticket_info[i]->flags = ppcreds[i]->ticket_flags;
 
-    	if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket, 
-					 &pcred->tickets[i])))
-	    goto cleanup;
+        if ((retval = decode_krb5_ticket(&ppcreds[i]->ticket,
+                                         &pcred->tickets[i])))
+            goto cleanup;
 
-	if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock,
-					 &credenc.ticket_info[i]->session)))
+        if ((retval = krb5_copy_keyblock(context, &ppcreds[i]->keyblock,
+                                         &credenc.ticket_info[i]->session)))
             goto cleanup;
 
         if ((retval = krb5_copy_principal(context, ppcreds[i]->client,
-					  &credenc.ticket_info[i]->client)))
+                                          &credenc.ticket_info[i]->client)))
             goto cleanup;
 
-      	if ((retval = krb5_copy_principal(context, ppcreds[i]->server,
-					  &credenc.ticket_info[i]->server)))
+        if ((retval = krb5_copy_principal(context, ppcreds[i]->server,
+                                          &credenc.ticket_info[i]->server)))
             goto cleanup;
 
-      	if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses,
-					  &credenc.ticket_info[i]->caddrs)))
+        if ((retval = krb5_copy_addresses(context, ppcreds[i]->addresses,
+                                          &credenc.ticket_info[i]->caddrs)))
             goto cleanup;
     }
 
@@ -149,18 +150,18 @@ cleanup:
  */
 krb5_error_code KRB5_CALLCONV
 krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context,
-	      krb5_creds **ppcreds, krb5_data **ppdata,
-	      krb5_replay_data *outdata)
+              krb5_creds **ppcreds, krb5_data **ppdata,
+              krb5_replay_data *outdata)
 {
     krb5_address * premote_fulladdr = NULL;
     krb5_address * plocal_fulladdr = NULL;
     krb5_address remote_fulladdr;
     krb5_address local_fulladdr;
-    krb5_error_code 	retval;
-    krb5_key		key;
+    krb5_error_code     retval;
+    krb5_key            key;
     krb5_replay_data    replaydata;
-    krb5_cred 		 * pcred;
-    krb5_int32		ncred;
+    krb5_cred            * pcred;
+    krb5_int32          ncred;
     krb5_boolean increased_sequence = FALSE;
 
     local_fulladdr.contents = 0;
@@ -168,94 +169,94 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context,
     memset(&replaydata, 0, sizeof(krb5_replay_data));
 
     if (ppcreds == NULL)
-    	return KRB5KRB_AP_ERR_BADADDR;
+        return KRB5KRB_AP_ERR_BADADDR;
 
     /*
      * Allocate memory for a NULL terminated list of tickets.
      */
     for (ncred = 0; ppcreds[ncred]; ncred++)
-	;
+        ;
 
-    if ((pcred = (krb5_cred *)calloc(1, sizeof(krb5_cred))) == NULL) 
+    if ((pcred = (krb5_cred *)calloc(1, sizeof(krb5_cred))) == NULL)
         return ENOMEM;
 
-    if ((pcred->tickets 
-	 = (krb5_ticket **)calloc((size_t)ncred+1,
-				  sizeof(krb5_ticket *))) == NULL) {
-	retval = ENOMEM;
-	goto error;
+    if ((pcred->tickets
+         = (krb5_ticket **)calloc((size_t)ncred+1,
+                                  sizeof(krb5_ticket *))) == NULL) {
+        retval = ENOMEM;
+        goto error;
     }
 
     /* Get keyblock */
     if ((key = auth_context->send_subkey) == NULL)
-	key = auth_context->key;
+        key = auth_context->key;
 
     /* Get replay info */
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
-	(auth_context->rcache == NULL)) {
-	retval = KRB5_RC_REQUIRED;
-	goto error;
+        (auth_context->rcache == NULL)) {
+        retval = KRB5_RC_REQUIRED;
+        goto error;
     }
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-	 (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
-	&& (outdata == NULL)) {
+         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
+        && (outdata == NULL)) {
         /* Need a better error */
-	retval = KRB5_RC_REQUIRED;
-	goto error;
+        retval = KRB5_RC_REQUIRED;
+        goto error;
     }
 
     if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
-				    &replaydata.usec)))
-	goto error;
+                                    &replaydata.usec)))
+        goto error;
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) {
-	outdata->timestamp = replaydata.timestamp;
-	outdata->usec = replaydata.usec;
+        outdata->timestamp = replaydata.timestamp;
+        outdata->usec = replaydata.usec;
     }
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
         replaydata.seq = auth_context->local_seq_number++;
-	increased_sequence = TRUE;
+        increased_sequence = TRUE;
         if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
             outdata->seq = replaydata.seq;
     }
 
     if (auth_context->local_addr) {
-    	if (auth_context->local_port) {
+        if (auth_context->local_port) {
             if ((retval = krb5_make_fulladdr(context, auth_context->local_addr,
-					     auth_context->local_port, 
-					     &local_fulladdr)))
-		goto error;
-	    plocal_fulladdr = &local_fulladdr;
-	} else {
+                                             auth_context->local_port,
+                                             &local_fulladdr)))
+                goto error;
+            plocal_fulladdr = &local_fulladdr;
+        } else {
             plocal_fulladdr = auth_context->local_addr;
         }
     }
 
     if (auth_context->remote_addr) {
-    	if (auth_context->remote_port) {
+        if (auth_context->remote_port) {
             if ((retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-                                 	      auth_context->remote_port, 
-					      &remote_fulladdr)))
-		goto error;
-	    premote_fulladdr = &remote_fulladdr;
-	} else {
+                                             auth_context->remote_port,
+                                             &remote_fulladdr)))
+                goto error;
+            premote_fulladdr = &remote_fulladdr;
+        } else {
             premote_fulladdr = auth_context->remote_addr;
         }
     }
 
     /* Setup creds structure */
     if ((retval = krb5_mk_ncred_basic(context, ppcreds, ncred, key,
-				      &replaydata, plocal_fulladdr, 
-				      premote_fulladdr, pcred))) {
-	goto error;
+                                      &replaydata, plocal_fulladdr,
+                                      premote_fulladdr, pcred))) {
+        goto error;
     }
 
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
         krb5_donot_replay replay;
 
         if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
-					   "_forw", &replay.client)))
+                                           "_forw", &replay.client)))
             goto error;
 
         replay.server = "";             /* XXX */
@@ -279,7 +280,7 @@ error:
     krb5_free_cred(context, pcred);
 
     if (retval) {
-	if (increased_sequence)
+        if (increased_sequence)
             auth_context->local_seq_number--;
     }
     return retval;
@@ -292,23 +293,22 @@ error:
  */
 krb5_error_code KRB5_CALLCONV
 krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context,
-	      krb5_creds *pcreds, krb5_data **ppdata,
-	      krb5_replay_data *outdata)
+              krb5_creds *pcreds, krb5_data **ppdata,
+              krb5_replay_data *outdata)
 {
     krb5_error_code retval;
     krb5_creds **ppcreds;
 
     if ((ppcreds = (krb5_creds **)malloc(sizeof(*ppcreds) * 2)) == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     ppcreds[0] = pcreds;
     ppcreds[1] = NULL;
 
     retval = krb5_mk_ncred(context, auth_context, ppcreds,
-			   ppdata, outdata);
-    
+                           ppdata, outdata);
+
     free(ppcreds);
     return retval;
 }
-
diff --git a/src/lib/krb5/krb/mk_error.c b/src/lib/krb5/krb/mk_error.c
index 75cdc9b5b..44fd3b4c2 100644
--- a/src/lib/krb5/krb/mk_error.c
+++ b/src/lib/krb5/krb/mk_error.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/mk_error.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_mk_error() routine.
  */
@@ -30,22 +31,22 @@
 #include "k5-int.h"
 
 /*
- formats the error structure *dec_err into an error buffer *enc_err.
+  formats the error structure *dec_err into an error buffer *enc_err.
 
- The error buffer storage is allocated, and should be freed by the
- caller when finished.
+  The error buffer storage is allocated, and should be freed by the
+  caller when finished.
 
- returns system errors
- */
+  returns system errors
+*/
 krb5_error_code KRB5_CALLCONV
 krb5_mk_error(krb5_context context, const krb5_error *dec_err,
-	      krb5_data *enc_err)
+              krb5_data *enc_err)
 {
     krb5_error_code retval;
     krb5_data *new_enc_err;
 
     if ((retval = encode_krb5_error(dec_err, &new_enc_err)))
-	return(retval);
+        return(retval);
     *enc_err = *new_enc_err;
     free(new_enc_err);
     return 0;
diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
index 824bfd507..b3cb29722 100644
--- a/src/lib/krb5/krb/mk_priv.c
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/mk_priv.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_mk_priv()
  */
@@ -33,18 +34,18 @@
 
 static krb5_error_code
 krb5_mk_priv_basic(krb5_context context, const krb5_data *userdata,
-		   krb5_key key, krb5_replay_data *replaydata,
-		   krb5_address *local_addr, krb5_address *remote_addr,
-		   krb5_pointer i_vector, krb5_data *outbuf)
+                   krb5_key key, krb5_replay_data *replaydata,
+                   krb5_address *local_addr, krb5_address *remote_addr,
+                   krb5_pointer i_vector, krb5_data *outbuf)
 {
-    krb5_enctype	enctype = krb5_k_key_enctype(context, key);
-    krb5_error_code 	retval;
-    krb5_priv 		privmsg;
-    krb5_priv_enc_part 	privmsg_enc_part;
-    krb5_data 		*scratch1, *scratch2, ivdata;
-    size_t		blocksize, enclen;
-
-    privmsg.enc_part.kvno = 0;	/* XXX allow user-set? */
+    krb5_enctype        enctype = krb5_k_key_enctype(context, key);
+    krb5_error_code     retval;
+    krb5_priv           privmsg;
+    krb5_priv_enc_part  privmsg_enc_part;
+    krb5_data           *scratch1, *scratch2, ivdata;
+    size_t              blocksize, enclen;
+
+    privmsg.enc_part.kvno = 0;  /* XXX allow user-set? */
     privmsg.enc_part.enctype = enctype;
 
     privmsg_enc_part.user_data = *userdata;
@@ -53,39 +54,39 @@ krb5_mk_priv_basic(krb5_context context, const krb5_data *userdata,
 
     /* We should check too make sure one exists. */
     privmsg_enc_part.timestamp  = replaydata->timestamp;
-    privmsg_enc_part.usec 	= replaydata->usec;
+    privmsg_enc_part.usec       = replaydata->usec;
     privmsg_enc_part.seq_number = replaydata->seq;
 
     /* start by encoding to-be-encrypted part of the message */
     if ((retval = encode_krb5_enc_priv_part(&privmsg_enc_part, &scratch1)))
-	return retval;
+        return retval;
 
     /* put together an eblock for this encryption */
     if ((retval = krb5_c_encrypt_length(context, enctype,
-					scratch1->length, &enclen)))
-	goto clean_scratch;
+                                        scratch1->length, &enclen)))
+        goto clean_scratch;
 
     privmsg.enc_part.ciphertext.length = enclen;
     if (!(privmsg.enc_part.ciphertext.data =
-	  malloc(privmsg.enc_part.ciphertext.length))) {
+          malloc(privmsg.enc_part.ciphertext.length))) {
         retval = ENOMEM;
         goto clean_scratch;
     }
 
     /* call the encryption routine */
     if (i_vector) {
-	if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
-	    goto clean_encpart;
+        if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
+            goto clean_encpart;
 
-	ivdata.length = blocksize;
-	ivdata.data = i_vector;
+        ivdata.length = blocksize;
+        ivdata.data = i_vector;
     }
 
     if ((retval = krb5_k_encrypt(context, key,
-				 KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
-				 i_vector?&ivdata:0,
-				 scratch1, &privmsg.enc_part)))
-	goto clean_encpart;
+                                 KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
+                                 i_vector?&ivdata:0,
+                                 scratch1, &privmsg.enc_part)))
+        goto clean_encpart;
 
     if ((retval = encode_krb5_priv(&privmsg, &scratch2)))
         goto clean_encpart;
@@ -95,15 +96,15 @@ krb5_mk_priv_basic(krb5_context context, const krb5_data *userdata,
     retval = 0;
 
 clean_encpart:
-    memset(privmsg.enc_part.ciphertext.data, 0, 
-	   privmsg.enc_part.ciphertext.length); 
-    free(privmsg.enc_part.ciphertext.data); 
+    memset(privmsg.enc_part.ciphertext.data, 0,
+           privmsg.enc_part.ciphertext.length);
+    free(privmsg.enc_part.ciphertext.data);
     privmsg.enc_part.ciphertext.length = 0;
     privmsg.enc_part.ciphertext.data = 0;
 
 clean_scratch:
     memset(scratch1->data, 0, scratch1->length);
-    krb5_free_data(context, scratch1); 
+    krb5_free_data(context, scratch1);
 
     return retval;
 }
@@ -111,10 +112,10 @@ clean_scratch:
 
 krb5_error_code KRB5_CALLCONV
 krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
-	     const krb5_data *userdata, krb5_data *outbuf,
-	     krb5_replay_data *outdata)
+             const krb5_data *userdata, krb5_data *outbuf,
+             krb5_replay_data *outdata)
 {
-    krb5_error_code 	  retval;
+    krb5_error_code       retval;
     krb5_key              key;
     krb5_replay_data      replaydata;
 
@@ -123,113 +124,112 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context,
 
     /* Get keyblock */
     if ((key = auth_context->send_subkey) == NULL)
-	key = auth_context->key;
+        key = auth_context->key;
 
     /* Get replay info */
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
-      (auth_context->rcache == NULL))
-	return KRB5_RC_REQUIRED;
+        (auth_context->rcache == NULL))
+        return KRB5_RC_REQUIRED;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-      (outdata == NULL))
-	/* Need a better error */
-	return KRB5_RC_REQUIRED;
+         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+        (outdata == NULL))
+        /* Need a better error */
+        return KRB5_RC_REQUIRED;
 
     if (!auth_context->local_addr)
-	return KRB5_LOCAL_ADDR_REQUIRED;
+        return KRB5_LOCAL_ADDR_REQUIRED;
 
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
-	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
-	if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
-					&replaydata.usec)))
-	    return retval;
-	if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) {
-    	    outdata->timestamp = replaydata.timestamp;
-    	    outdata->usec = replaydata.usec;
-	}
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
+        if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
+                                        &replaydata.usec)))
+            return retval;
+        if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) {
+            outdata->timestamp = replaydata.timestamp;
+            outdata->usec = replaydata.usec;
+        }
     }
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
-	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
-	replaydata.seq = auth_context->local_seq_number++;
-	if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
-    	    outdata->seq = replaydata.seq;
-    }
-
-{
-    krb5_address * premote_fulladdr = NULL;
-    krb5_address * plocal_fulladdr;
-    krb5_address remote_fulladdr;
-    krb5_address local_fulladdr;
-    CLEANUP_INIT(2);
-
-    if (auth_context->local_port) {
-	if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-					  auth_context->local_port, 
-					  &local_fulladdr))) {
-	    CLEANUP_PUSH(local_fulladdr.contents, free);
-	    plocal_fulladdr = &local_fulladdr;
-	} else {
-	    goto error;
-	}
-    } else {
-	plocal_fulladdr = auth_context->local_addr;
-    }
-
-    if (auth_context->remote_addr) {
-    	if (auth_context->remote_port) {
-	    if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-				 	      auth_context->remote_port, 
-					      &remote_fulladdr))){
-	    	CLEANUP_PUSH(remote_fulladdr.contents, free);
-	    	premote_fulladdr = &remote_fulladdr;
- 	    } else {
-	        CLEANUP_DONE();
-	        goto error;
-	    }
-	} else {
-	    premote_fulladdr = auth_context->remote_addr;
-	}
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
+        replaydata.seq = auth_context->local_seq_number++;
+        if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
+            outdata->seq = replaydata.seq;
     }
 
-    if ((retval = krb5_mk_priv_basic(context, userdata, key, &replaydata,
-				     plocal_fulladdr, premote_fulladdr,
-				     auth_context->i_vector, outbuf))) {
-	CLEANUP_DONE();
-	goto error;
+    {
+        krb5_address * premote_fulladdr = NULL;
+        krb5_address * plocal_fulladdr;
+        krb5_address remote_fulladdr;
+        krb5_address local_fulladdr;
+        CLEANUP_INIT(2);
+
+        if (auth_context->local_port) {
+            if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+                                              auth_context->local_port,
+                                              &local_fulladdr))) {
+                CLEANUP_PUSH(local_fulladdr.contents, free);
+                plocal_fulladdr = &local_fulladdr;
+            } else {
+                goto error;
+            }
+        } else {
+            plocal_fulladdr = auth_context->local_addr;
+        }
+
+        if (auth_context->remote_addr) {
+            if (auth_context->remote_port) {
+                if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+                                                  auth_context->remote_port,
+                                                  &remote_fulladdr))){
+                    CLEANUP_PUSH(remote_fulladdr.contents, free);
+                    premote_fulladdr = &remote_fulladdr;
+                } else {
+                    CLEANUP_DONE();
+                    goto error;
+                }
+            } else {
+                premote_fulladdr = auth_context->remote_addr;
+            }
+        }
+
+        if ((retval = krb5_mk_priv_basic(context, userdata, key, &replaydata,
+                                         plocal_fulladdr, premote_fulladdr,
+                                         auth_context->i_vector, outbuf))) {
+            CLEANUP_DONE();
+            goto error;
+        }
+
+        CLEANUP_DONE();
     }
 
-    CLEANUP_DONE();
-}
-
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_donot_replay replay;
-
-	if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, 
-					   "_priv", &replay.client))) {
-    	    free(outbuf);
-	    goto error;
-	}
-
-	replay.server = "";		/* XXX */
-	replay.msghash = NULL;
-	replay.cusec = replaydata.usec;
-	replay.ctime = replaydata.timestamp;
-	if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
-	    /* should we really error out here? XXX */
-    	    free(replay.client);
-	    goto error;
-	}
-	free(replay.client);
+        krb5_donot_replay replay;
+
+        if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
+                                           "_priv", &replay.client))) {
+            free(outbuf);
+            goto error;
+        }
+
+        replay.server = "";             /* XXX */
+        replay.msghash = NULL;
+        replay.cusec = replaydata.usec;
+        replay.ctime = replaydata.timestamp;
+        if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
+            /* should we really error out here? XXX */
+            free(replay.client);
+            goto error;
+        }
+        free(replay.client);
     }
 
     return 0;
 
 error:
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
-	auth_context->local_seq_number--;
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
+        auth_context->local_seq_number--;
 
     return retval;
 }
-
diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c
index a4dbc467f..b50c05765 100644
--- a/src/lib/krb5/krb/mk_rep.c
+++ b/src/lib/krb5/krb/mk_rep.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/mk_rep.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_mk_rep()
  */
@@ -58,81 +59,81 @@
 #include "auth_con.h"
 
 /*
- Formats a KRB_AP_REP message into outbuf.
+  Formats a KRB_AP_REP message into outbuf.
 
- The outbuf buffer storage is allocated, and should be freed by the
- caller when finished.
+  The outbuf buffer storage is allocated, and should be freed by the
+  caller when finished.
 
- returns system errors
+  returns system errors
 */
 
 static krb5_error_code
 k5_mk_rep(krb5_context context, krb5_auth_context auth_context,
-	  krb5_data *outbuf, int dce_style)
+          krb5_data *outbuf, int dce_style)
 {
-    krb5_error_code 	  retval;
+    krb5_error_code       retval;
     krb5_ap_rep_enc_part  repl;
-    krb5_ap_rep 	  reply;
-    krb5_data 		* scratch;
-    krb5_data 		* toutbuf;
+    krb5_ap_rep           reply;
+    krb5_data           * scratch;
+    krb5_data           * toutbuf;
 
     /* Make the reply */
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
-	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-	(auth_context->local_seq_number == 0)) {
-	if ((retval = krb5_generate_seq_number(context,
-					       &auth_context->key->keyblock,
-					       &auth_context->local_seq_number)))
+         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+        (auth_context->local_seq_number == 0)) {
+        if ((retval = krb5_generate_seq_number(context,
+                                               &auth_context->key->keyblock,
+                                               &auth_context->local_seq_number)))
             return(retval);
     }
 
     if (dce_style) {
-	krb5_us_timeofday(context, &repl.ctime, &repl.cusec);
+        krb5_us_timeofday(context, &repl.ctime, &repl.cusec);
     } else {
-	repl.ctime = auth_context->authentp->ctime;    
-	repl.cusec = auth_context->authentp->cusec;    
+        repl.ctime = auth_context->authentp->ctime;
+        repl.cusec = auth_context->authentp->cusec;
     }
 
     if (dce_style)
-	repl.subkey = NULL;
+        repl.subkey = NULL;
     else if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) {
-	assert(auth_context->negotiated_etype != ENCTYPE_NULL);
-
-	retval = krb5int_generate_and_save_subkey (context, auth_context,
-						   &auth_context->key->keyblock,
-						   auth_context->negotiated_etype);
-	if (retval)
-	    return retval;
-	repl.subkey = &auth_context->send_subkey->keyblock;
+        assert(auth_context->negotiated_etype != ENCTYPE_NULL);
+
+        retval = krb5int_generate_and_save_subkey (context, auth_context,
+                                                   &auth_context->key->keyblock,
+                                                   auth_context->negotiated_etype);
+        if (retval)
+            return retval;
+        repl.subkey = &auth_context->send_subkey->keyblock;
     } else
-	repl.subkey = auth_context->authentp->subkey;
+        repl.subkey = auth_context->authentp->subkey;
 
     if (dce_style)
-	repl.seq_number = auth_context->remote_seq_number;
+        repl.seq_number = auth_context->remote_seq_number;
     else
-	repl.seq_number = auth_context->local_seq_number;
+        repl.seq_number = auth_context->local_seq_number;
 
     /* encode it before encrypting */
     if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch)))
-	return retval;
+        return retval;
 
     if ((retval = krb5_encrypt_keyhelper(context, auth_context->key,
-					 KRB5_KEYUSAGE_AP_REP_ENCPART,
-					 scratch, &reply.enc_part)))
-	goto cleanup_scratch;
+                                         KRB5_KEYUSAGE_AP_REP_ENCPART,
+                                         scratch, &reply.enc_part)))
+        goto cleanup_scratch;
 
     if (!(retval = encode_krb5_ap_rep(&reply, &toutbuf))) {
-	*outbuf = *toutbuf;
-	free(toutbuf);
+        *outbuf = *toutbuf;
+        free(toutbuf);
     }
 
     memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
-    free(reply.enc_part.ciphertext.data); 
-    reply.enc_part.ciphertext.length = 0; 
+    free(reply.enc_part.ciphertext.data);
+    reply.enc_part.ciphertext.length = 0;
     reply.enc_part.ciphertext.data = 0;
 
 cleanup_scratch:
-    memset(scratch->data, 0, scratch->length); 
+    memset(scratch->data, 0, scratch->length);
     krb5_free_data(context, scratch);
 
     return retval;
diff --git a/src/lib/krb5/krb/mk_req.c b/src/lib/krb5/krb/mk_req.c
index 0fc1e7213..ceb60cbf4 100644
--- a/src/lib/krb5/krb/mk_req.c
+++ b/src/lib/krb5/krb/mk_req.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/mk_req.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_mk_req() routine.
  */
@@ -31,53 +32,53 @@
 #include "auth_con.h"
 
 /*
- Formats a KRB_AP_REQ message into outbuf.
+  Formats a KRB_AP_REQ message into outbuf.
 
- server specifies the principal of the server to receive the message; if
- credentials are not present in the credentials cache for this server, the
- TGS request with default parameters is used in an attempt to obtain
- such credentials, and they are stored in ccache.
+  server specifies the principal of the server to receive the message; if
+  credentials are not present in the credentials cache for this server, the
+  TGS request with default parameters is used in an attempt to obtain
+  such credentials, and they are stored in ccache.
 
- kdc_options specifies the options requested for the 
- ap_req_options specifies the KRB_AP_REQ options desired.
+  kdc_options specifies the options requested for the
+  ap_req_options specifies the KRB_AP_REQ options desired.
 
- checksum specifies the checksum to be used in the authenticator.
+  checksum specifies the checksum to be used in the authenticator.
 
- The outbuf buffer storage is allocated, and should be freed by the
- caller when finished.
+  The outbuf buffer storage is allocated, and should be freed by the
+  caller when finished.
 
- returns system errors
+  returns system errors
 */
 
 krb5_error_code KRB5_CALLCONV
 krb5_mk_req(krb5_context context, krb5_auth_context *auth_context,
-	    krb5_flags ap_req_options, char *service, char *hostname,
-	    krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf)
+            krb5_flags ap_req_options, char *service, char *hostname,
+            krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf)
 {
-    krb5_error_code 	  retval;
-    krb5_principal	  server;
-    krb5_creds 		* credsp;
-    krb5_creds 		  creds;
+    krb5_error_code       retval;
+    krb5_principal        server;
+    krb5_creds          * credsp;
+    krb5_creds            creds;
 
-    retval = krb5_sname_to_principal(context, hostname, service, 
-				     KRB5_NT_SRV_HST, &server);
+    retval = krb5_sname_to_principal(context, hostname, service,
+                                     KRB5_NT_SRV_HST, &server);
     if (retval)
-      return retval;
+        return retval;
 
     /* obtain ticket & session key */
     memset(&creds, 0, sizeof(creds));
     if ((retval = krb5_copy_principal(context, server, &creds.server)))
-	goto cleanup_princ;
+        goto cleanup_princ;
 
     if ((retval = krb5_cc_get_principal(context, ccache, &creds.client)))
-	goto cleanup_creds;
+        goto cleanup_creds;
 
     if ((retval = krb5_get_credentials(context, 0,
-				       ccache, &creds, &credsp)))
-	goto cleanup_creds;
+                                       ccache, &creds, &credsp)))
+        goto cleanup_creds;
 
-    retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 
-				  in_data, credsp, outbuf);
+    retval = krb5_mk_req_extended(context, auth_context, ap_req_options,
+                                  in_data, credsp, outbuf);
 
     krb5_free_creds(context, credsp);
 
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 4277f1eec..95f04e9a4 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/mk_req_ext.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_mk_req_extended()
  */
@@ -32,90 +33,90 @@
 #include "auth_con.h"
 
 /*
- Formats a KRB_AP_REQ message into outbuf, with more complete options than
- krb_mk_req.
+  Formats a KRB_AP_REQ message into outbuf, with more complete options than
+  krb_mk_req.
 
- outbuf, ap_req_options, checksum, and ccache are used in the
- same fashion as for krb5_mk_req.
+  outbuf, ap_req_options, checksum, and ccache are used in the
+  same fashion as for krb5_mk_req.
 
- creds is used to supply the credentials (ticket and session key) needed
- to form the request.
+  creds is used to supply the credentials (ticket and session key) needed
+  to form the request.
 
- if creds->ticket has no data (length == 0), then a ticket is obtained
- from either the cache or the TGS, passing creds to krb5_get_credentials().
- kdc_options specifies the options requested for the ticket to be used.
- If a ticket with appropriate flags is not found in the cache, then these
- options are passed on in a request to an appropriate KDC.
+  if creds->ticket has no data (length == 0), then a ticket is obtained
+  from either the cache or the TGS, passing creds to krb5_get_credentials().
+  kdc_options specifies the options requested for the ticket to be used.
+  If a ticket with appropriate flags is not found in the cache, then these
+  options are passed on in a request to an appropriate KDC.
 
- ap_req_options specifies the KRB_AP_REQ options desired.
+  ap_req_options specifies the KRB_AP_REQ options desired.
 
- if ap_req_options specifies AP_OPTS_USE_SESSION_KEY, then creds->ticket
- must contain the appropriate ENC-TKT-IN-SKEY ticket.
+  if ap_req_options specifies AP_OPTS_USE_SESSION_KEY, then creds->ticket
+  must contain the appropriate ENC-TKT-IN-SKEY ticket.
 
- checksum specifies the checksum to be used in the authenticator.
+  checksum specifies the checksum to be used in the authenticator.
 
- The outbuf buffer storage is allocated, and should be freed by the
- caller when finished.
+  The outbuf buffer storage is allocated, and should be freed by the
+  caller when finished.
 
- On an error return, the credentials pointed to by creds might have been
- augmented with additional fields from the obtained credentials; the entire
- credentials should be released by calling krb5_free_creds().
+  On an error return, the credentials pointed to by creds might have been
+  augmented with additional fields from the obtained credentials; the entire
+  credentials should be released by calling krb5_free_creds().
 
- returns system errors
+  returns system errors
 */
 
 static krb5_error_code
 make_etype_list(krb5_context context,
-		krb5_enctype *desired_etypes,
-		krb5_enctype tkt_enctype,
-		krb5_authdata ***authdata);
+                krb5_enctype *desired_etypes,
+                krb5_enctype tkt_enctype,
+                krb5_authdata ***authdata);
 
-static krb5_error_code 
+static krb5_error_code
 krb5_generate_authenticator (krb5_context,
-				       krb5_authenticator *, krb5_principal,
-				       krb5_checksum *, krb5_key,
-				       krb5_ui_4, krb5_authdata **,
-				       krb5_authdata_context ad_context,
-				       krb5_enctype *desired_etypes,
-				       krb5_enctype tkt_enctype);
+                             krb5_authenticator *, krb5_principal,
+                             krb5_checksum *, krb5_key,
+                             krb5_ui_4, krb5_authdata **,
+                             krb5_authdata_context ad_context,
+                             krb5_enctype *desired_etypes,
+                             krb5_enctype tkt_enctype);
 
 krb5_error_code
 krb5int_generate_and_save_subkey (krb5_context context,
-				  krb5_auth_context auth_context,
-				  krb5_keyblock *keyblock,
-				  krb5_enctype enctype)
+                                  krb5_auth_context auth_context,
+                                  krb5_keyblock *keyblock,
+                                  krb5_enctype enctype)
 {
     /* Provide some more fodder for random number code.
        This isn't strong cryptographically; the point here is not
        to guarantee randomness, but to make it less likely that multiple
        sessions could pick the same subkey.  */
     struct {
-	krb5_int32 sec, usec;
+        krb5_int32 sec, usec;
     } rnd_data;
     krb5_data d;
     krb5_error_code retval;
     krb5_keyblock *kb = NULL;
 
     if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) {
-	d.length = sizeof(rnd_data);
-	d.data = (char *) &rnd_data;
-	krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d);
+        d.length = sizeof(rnd_data);
+        d.data = (char *) &rnd_data;
+        krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d);
     }
 
     retval = krb5_generate_subkey_extended(context, keyblock, enctype, &kb);
     if (retval)
-	return retval;
+        return retval;
     retval = krb5_auth_con_setsendsubkey(context, auth_context, kb);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     retval = krb5_auth_con_setrecvsubkey(context, auth_context, kb);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
 cleanup:
     if (retval) {
-	(void) krb5_auth_con_setsendsubkey(context, auth_context, NULL);
-	(void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
+        (void) krb5_auth_con_setsendsubkey(context, auth_context, NULL);
+        (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
     }
     krb5_free_keyblock(context, kb);
     return retval;
@@ -123,14 +124,14 @@ cleanup:
 
 krb5_error_code KRB5_CALLCONV
 krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
-		     krb5_flags ap_req_options, krb5_data *in_data,
-		     krb5_creds *in_creds, krb5_data *outbuf)
+                     krb5_flags ap_req_options, krb5_data *in_data,
+                     krb5_creds *in_creds, krb5_data *outbuf)
 {
-    krb5_error_code 	  retval;
-    krb5_checksum	  checksum;
-    krb5_checksum	  *checksump = 0;
-    krb5_auth_context	  new_auth_context;
-    krb5_enctype	  *desired_etypes = NULL;
+    krb5_error_code       retval;
+    krb5_checksum         checksum;
+    krb5_checksum         *checksump = 0;
+    krb5_auth_context     new_auth_context;
+    krb5_enctype          *desired_etypes = NULL;
 
     krb5_ap_req request;
     krb5_data *scratch = 0;
@@ -139,134 +140,134 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
     request.ap_options = ap_req_options & AP_OPTS_WIRE_MASK;
     request.authenticator.ciphertext.data = NULL;
     request.ticket = 0;
-    
-    if (!in_creds->ticket.length) 
-	return(KRB5_NO_TKT_SUPPLIED);
+
+    if (!in_creds->ticket.length)
+        return(KRB5_NO_TKT_SUPPLIED);
 
     if ((ap_req_options & AP_OPTS_ETYPE_NEGOTIATION) &&
-	!(ap_req_options & AP_OPTS_MUTUAL_REQUIRED))
-	return(EINVAL);
+        !(ap_req_options & AP_OPTS_MUTUAL_REQUIRED))
+        return(EINVAL);
 
     /* we need a native ticket */
     if ((retval = decode_krb5_ticket(&(in_creds)->ticket, &request.ticket)))
-	return(retval);
-    
+        return(retval);
+
     /* verify that the ticket is not expired */
     if ((retval = krb5_validate_times(context, &in_creds->times)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* generate auth_context if needed */
     if (*auth_context == NULL) {
-	if ((retval = krb5_auth_con_init(context, &new_auth_context)))
-	    goto cleanup;
-	*auth_context = new_auth_context;
+        if ((retval = krb5_auth_con_init(context, &new_auth_context)))
+            goto cleanup;
+        *auth_context = new_auth_context;
     }
 
     if ((*auth_context)->key != NULL) {
-	krb5_k_free_key(context, (*auth_context)->key);
-	(*auth_context)->key = NULL;
+        krb5_k_free_key(context, (*auth_context)->key);
+        (*auth_context)->key = NULL;
     }
 
     /* set auth context keyblock */
     if ((retval = krb5_k_create_key(context, &in_creds->keyblock,
-				    &((*auth_context)->key))))
-	goto cleanup;
+                                    &((*auth_context)->key))))
+        goto cleanup;
 
     /* generate seq number if needed */
     if ((((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
-     || ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
-      && ((*auth_context)->local_seq_number == 0)) 
-	if ((retval = krb5_generate_seq_number(context, &in_creds->keyblock,
-				     &(*auth_context)->local_seq_number)))
-	    goto cleanup;
-	
+         || ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
+        && ((*auth_context)->local_seq_number == 0))
+        if ((retval = krb5_generate_seq_number(context, &in_creds->keyblock,
+                                               &(*auth_context)->local_seq_number)))
+            goto cleanup;
+
 
     /* generate subkey if needed */
     if (!in_data &&(*auth_context)->checksum_func) {
-	retval = (*auth_context)->checksum_func( context,
-						 *auth_context,
-						 (*auth_context)->checksum_func_data,
-						 &in_data);
-	if (retval)
-	    goto cleanup;
+        retval = (*auth_context)->checksum_func( context,
+                                                 *auth_context,
+                                                 (*auth_context)->checksum_func_data,
+                                                 &in_data);
+        if (retval)
+            goto cleanup;
     }
 
     if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) {
-	retval = krb5int_generate_and_save_subkey (context, *auth_context,
-						   &in_creds->keyblock,
-						   in_creds->keyblock.enctype);
-	if (retval)
-	    goto cleanup;
+        retval = krb5int_generate_and_save_subkey (context, *auth_context,
+                                                   &in_creds->keyblock,
+                                                   in_creds->keyblock.enctype);
+        if (retval)
+            goto cleanup;
     }
 
 
     if (in_data) {
 
-      if ((*auth_context)->req_cksumtype == 0x8003) {
-	    /* XXX Special hack for GSSAPI */
-	    checksum.checksum_type = 0x8003;
-	    checksum.length = in_data->length;
-	    checksum.contents = (krb5_octet *) in_data->data;
-	} else {
-	    krb5_enctype enctype = krb5_k_key_enctype(context,
-						      (*auth_context)->key);
-	    krb5_cksumtype cksumtype;
-	    retval = krb5int_c_mandatory_cksumtype(context, enctype,
-						   &cksumtype);
-	    if (retval)
-		goto cleanup_cksum;
-	    if ((*auth_context)->req_cksumtype)
-		cksumtype = (*auth_context)->req_cksumtype;
-	    if ((retval = krb5_k_make_checksum(context,
-					       cksumtype,
-					       (*auth_context)->key,
-					       KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
-					       in_data, &checksum)))
-		goto cleanup_cksum;
-	}
-	checksump = &checksum;
+        if ((*auth_context)->req_cksumtype == 0x8003) {
+            /* XXX Special hack for GSSAPI */
+            checksum.checksum_type = 0x8003;
+            checksum.length = in_data->length;
+            checksum.contents = (krb5_octet *) in_data->data;
+        } else {
+            krb5_enctype enctype = krb5_k_key_enctype(context,
+                                                      (*auth_context)->key);
+            krb5_cksumtype cksumtype;
+            retval = krb5int_c_mandatory_cksumtype(context, enctype,
+                                                   &cksumtype);
+            if (retval)
+                goto cleanup_cksum;
+            if ((*auth_context)->req_cksumtype)
+                cksumtype = (*auth_context)->req_cksumtype;
+            if ((retval = krb5_k_make_checksum(context,
+                                               cksumtype,
+                                               (*auth_context)->key,
+                                               KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+                                               in_data, &checksum)))
+                goto cleanup_cksum;
+        }
+        checksump = &checksum;
     }
 
     /* Generate authenticator */
     if (((*auth_context)->authentp = (krb5_authenticator *)malloc(sizeof(
-					krb5_authenticator))) == NULL) {
-	retval = ENOMEM;
-	goto cleanup_cksum;
+                                                                      krb5_authenticator))) == NULL) {
+        retval = ENOMEM;
+        goto cleanup_cksum;
     }
 
     if (ap_req_options & AP_OPTS_ETYPE_NEGOTIATION) {
-	if ((*auth_context)->permitted_etypes == NULL) {
-	    retval = krb5_get_tgs_ktypes(context, in_creds->server, &desired_etypes);
-	    if (retval)
-		goto cleanup_cksum;
-	} else
-	    desired_etypes = (*auth_context)->permitted_etypes;
+        if ((*auth_context)->permitted_etypes == NULL) {
+            retval = krb5_get_tgs_ktypes(context, in_creds->server, &desired_etypes);
+            if (retval)
+                goto cleanup_cksum;
+        } else
+            desired_etypes = (*auth_context)->permitted_etypes;
     }
 
     if ((retval = krb5_generate_authenticator(context,
-					      (*auth_context)->authentp,
-					      in_creds->client, checksump,
-					      (*auth_context)->send_subkey,
-					      (*auth_context)->local_seq_number,
-					      in_creds->authdata,
-					      (*auth_context)->ad_context,
-					      desired_etypes,
-					      in_creds->keyblock.enctype)))
-	goto cleanup_cksum;
-	
+                                              (*auth_context)->authentp,
+                                              in_creds->client, checksump,
+                                              (*auth_context)->send_subkey,
+                                              (*auth_context)->local_seq_number,
+                                              in_creds->authdata,
+                                              (*auth_context)->ad_context,
+                                              desired_etypes,
+                                              in_creds->keyblock.enctype)))
+        goto cleanup_cksum;
+
     /* encode the authenticator */
     if ((retval = encode_krb5_authenticator((*auth_context)->authentp,
-					    &scratch)))
-	goto cleanup_cksum;
-    
+                                            &scratch)))
+        goto cleanup_cksum;
+
     /* call the encryption routine */
     if ((retval = krb5_encrypt_helper(context, &in_creds->keyblock,
-				      KRB5_KEYUSAGE_AP_REQ_AUTH,
-				      scratch, &request.authenticator)))
-	goto cleanup_cksum;
+                                      KRB5_KEYUSAGE_AP_REQ_AUTH,
+                                      scratch, &request.authenticator)))
+        goto cleanup_cksum;
 
     if ((retval = encode_krb5_ap_req(&request, &toutbuf)))
-	goto cleanup_cksum;
+        goto cleanup_cksum;
     *outbuf = *toutbuf;
 
     free(toutbuf);
@@ -276,39 +277,39 @@ cleanup_cksum:
      * they were supplied by the caller
      */
     if ((*auth_context)->authentp != NULL) {
-	(*auth_context)->authentp->client = NULL;
-	(*auth_context)->authentp->checksum = NULL;
+        (*auth_context)->authentp->client = NULL;
+        (*auth_context)->authentp->checksum = NULL;
     }
     if (checksump && checksump->checksum_type != 0x8003)
-      free(checksump->contents);
+        free(checksump->contents);
 
 cleanup:
     if (desired_etypes &&
-	desired_etypes != (*auth_context)->permitted_etypes)
-	free(desired_etypes);
+        desired_etypes != (*auth_context)->permitted_etypes)
+        free(desired_etypes);
     if (request.ticket)
-	krb5_free_ticket(context, request.ticket);
+        krb5_free_ticket(context, request.ticket);
     if (request.authenticator.ciphertext.data) {
-    	(void) memset(request.authenticator.ciphertext.data, 0,
-		      request.authenticator.ciphertext.length);
-	free(request.authenticator.ciphertext.data);
+        (void) memset(request.authenticator.ciphertext.data, 0,
+                      request.authenticator.ciphertext.length);
+        free(request.authenticator.ciphertext.data);
     }
     if (scratch) {
-	memset(scratch->data, 0, scratch->length);
+        memset(scratch->data, 0, scratch->length);
         free(scratch->data);
-	free(scratch);
+        free(scratch);
     }
     return retval;
 }
 
 static krb5_error_code
 krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent,
-			    krb5_principal client, krb5_checksum *cksum,
-			    krb5_key key, krb5_ui_4 seq_number,
-			    krb5_authdata **authorization,
-			    krb5_authdata_context ad_context,
-			    krb5_enctype *desired_etypes,
-			    krb5_enctype tkt_enctype)
+                            krb5_principal client, krb5_checksum *cksum,
+                            krb5_key key, krb5_ui_4 seq_number,
+                            krb5_authdata **authorization,
+                            krb5_authdata_context ad_context,
+                            krb5_enctype *desired_etypes,
+                            krb5_enctype tkt_enctype)
 {
     krb5_error_code retval;
     krb5_authdata **ext_authdata = NULL;
@@ -316,41 +317,41 @@ krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent,
     authent->client = client;
     authent->checksum = cksum;
     if (key) {
-	retval = krb5_k_key_keyblock(context, key, &authent->subkey);
-	if (retval)
-	    return retval;
+        retval = krb5_k_key_keyblock(context, key, &authent->subkey);
+        if (retval)
+            return retval;
     } else
-	authent->subkey = 0;
+        authent->subkey = 0;
     authent->seq_number = seq_number;
     authent->authorization_data = NULL;
 
     if (ad_context != NULL) {
-	retval = krb5_authdata_export_authdata(context,
-					       ad_context,
-					       AD_USAGE_AP_REQ,
-					       &ext_authdata);
-	if (retval)
-	    return retval;
+        retval = krb5_authdata_export_authdata(context,
+                                               ad_context,
+                                               AD_USAGE_AP_REQ,
+                                               &ext_authdata);
+        if (retval)
+            return retval;
     }
 
     if (authorization != NULL || ext_authdata != NULL) {
-	retval = krb5_merge_authdata(context,
-				     authorization,
-				     ext_authdata,
-				     &authent->authorization_data);
-	if (retval) {
-	    krb5_free_authdata(context, ext_authdata);
-	    return retval;
-	}
-	krb5_free_authdata(context, ext_authdata);
+        retval = krb5_merge_authdata(context,
+                                     authorization,
+                                     ext_authdata,
+                                     &authent->authorization_data);
+        if (retval) {
+            krb5_free_authdata(context, ext_authdata);
+            return retval;
+        }
+        krb5_free_authdata(context, ext_authdata);
     }
 
-    /* Only send EtypeList if we prefer another enctype to tkt_enctype */ 
+    /* Only send EtypeList if we prefer another enctype to tkt_enctype */
     if (desired_etypes != NULL && desired_etypes[0] != tkt_enctype) {
-	retval = make_etype_list(context, desired_etypes, tkt_enctype,
-				 &authent->authorization_data);
-	if (retval)
-	    return retval;
+        retval = make_etype_list(context, desired_etypes, tkt_enctype,
+                                 &authent->authorization_data);
+        if (retval)
+            return retval;
     }
 
     return(krb5_us_timeofday(context, &authent->ctime, &authent->cusec));
@@ -359,9 +360,9 @@ krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent,
 /* RFC 4537 */
 static krb5_error_code
 make_etype_list(krb5_context context,
-		krb5_enctype *desired_etypes,
-		krb5_enctype tkt_enctype,
-		krb5_authdata ***authdata)
+                krb5_enctype *desired_etypes,
+                krb5_enctype tkt_enctype,
+                krb5_authdata ***authdata)
 {
     krb5_error_code code;
     krb5_etype_list etypes;
@@ -373,22 +374,22 @@ make_etype_list(krb5_context context,
     etypes.etypes = desired_etypes;
 
     for (etypes.length = 0;
-	 etypes.etypes[etypes.length] != ENCTYPE_NULL;
-	 etypes.length++)
+         etypes.etypes[etypes.length] != ENCTYPE_NULL;
+         etypes.length++)
     {
-	/*
-	 * RFC 4537:
-	 *
-	 *   If the enctype of the ticket session key is included in the enctype
-	 *   list sent by the client, it SHOULD be the last on the list;
-	 */
-	if (etypes.length && etypes.etypes[etypes.length - 1] == tkt_enctype)
-	    break;
+        /*
+         * RFC 4537:
+         *
+         *   If the enctype of the ticket session key is included in the enctype
+         *   list sent by the client, it SHOULD be the last on the list;
+         */
+        if (etypes.length && etypes.etypes[etypes.length - 1] == tkt_enctype)
+            break;
     }
 
     code = encode_krb5_etype_list(&etypes, &enc_etype_list);
     if (code) {
-	return code;
+        return code;
     }
 
     etype_adatum.magic = KV5M_AUTHDATA;
@@ -402,33 +403,33 @@ make_etype_list(krb5_context context,
     /* Wrap in AD-IF-RELEVANT container */
     code = encode_krb5_authdata(etype_adata, &ad_if_relevant);
     if (code) {
-	krb5_free_data(context, enc_etype_list);
-	return code;
+        krb5_free_data(context, enc_etype_list);
+        return code;
     }
 
     krb5_free_data(context, enc_etype_list);
 
     adata = *authdata;
     if (adata == NULL) {
-	adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *));
-	i = 0;
+        adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *));
+        i = 0;
     } else {
-	for (i = 0; adata[i] != NULL; i++)
-	    ;
+        for (i = 0; adata[i] != NULL; i++)
+            ;
 
-	adata = (krb5_authdata **)realloc(*authdata,
-					  (i + 2) * sizeof(krb5_authdata *));
+        adata = (krb5_authdata **)realloc(*authdata,
+                                          (i + 2) * sizeof(krb5_authdata *));
     }
     if (adata == NULL) {
-	krb5_free_data(context, ad_if_relevant);
-	return ENOMEM;
+        krb5_free_data(context, ad_if_relevant);
+        return ENOMEM;
     }
     *authdata = adata;
 
     adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata));
     if (adata[i] == NULL) {
-	krb5_free_data(context, ad_if_relevant);
-	return ENOMEM;
+        krb5_free_data(context, ad_if_relevant);
+        return ENOMEM;
     }
     adata[i]->magic = KV5M_AUTHDATA;
     adata[i]->ad_type = KRB5_AUTHDATA_IF_RELEVANT;
@@ -440,4 +441,3 @@ make_etype_list(krb5_context context,
 
     return 0;
 }
-
diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c
index f3bfde390..eaa3add82 100644
--- a/src/lib/krb5/krb/mk_safe.c
+++ b/src/lib/krb5/krb/mk_safe.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/mk_safe.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_mk_safe()
  */
@@ -32,25 +33,25 @@
 #include "auth_con.h"
 
 /*
- Formats a KRB_SAFE message into outbuf.
+  Formats a KRB_SAFE message into outbuf.
 
- userdata is formatted as the user data in the message.
- sumtype specifies the encryption type; key specifies the key which
- might be used to seed the checksum; sender_addr and recv_addr specify
- the full addresses (host and port) of the sender and receiver.
- The host portion of sender_addr is used to form the addresses used in the
- KRB_SAFE message.
+  userdata is formatted as the user data in the message.
+  sumtype specifies the encryption type; key specifies the key which
+  might be used to seed the checksum; sender_addr and recv_addr specify
+  the full addresses (host and port) of the sender and receiver.
+  The host portion of sender_addr is used to form the addresses used in the
+  KRB_SAFE message.
 
- The outbuf buffer storage is allocated, and should be freed by the
- caller when finished.
+  The outbuf buffer storage is allocated, and should be freed by the
+  caller when finished.
 
- returns system errors
+  returns system errors
 */
 static krb5_error_code
 krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata,
-		   krb5_key key, krb5_replay_data *replaydata,
-		   krb5_address *local_addr, krb5_address *remote_addr,
-		   krb5_cksumtype sumtype, krb5_data *outbuf)
+                   krb5_key key, krb5_replay_data *replaydata,
+                   krb5_address *local_addr, krb5_address *remote_addr,
+                   krb5_cksumtype sumtype, krb5_data *outbuf)
 {
     krb5_error_code retval;
     krb5_safe safemsg;
@@ -59,10 +60,10 @@ krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata,
     krb5_data *scratch1, *scratch2;
 
     if (!krb5_c_valid_cksumtype(sumtype))
-	return KRB5_PROG_SUMTYPE_NOSUPP;
+        return KRB5_PROG_SUMTYPE_NOSUPP;
     if (!krb5_c_is_coll_proof_cksum(sumtype)
-	|| !krb5_c_is_keyed_cksum(sumtype))
-	return KRB5KRB_AP_ERR_INAPP_CKSUM;
+        || !krb5_c_is_keyed_cksum(sumtype))
+        return KRB5KRB_AP_ERR_INAPP_CKSUM;
 
     safemsg.user_data = *userdata;
     safemsg.s_address = (krb5_address *) local_addr;
@@ -73,10 +74,10 @@ krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata,
     safemsg.usec       = replaydata->usec;
     safemsg.seq_number = replaydata->seq;
 
-    /* 
+    /*
      * To do the checksum stuff, we need to encode the message with a
      * zero-length zero-type checksum, then checksum the encoding, then
-     * re-encode with the checksum. 
+     * re-encode with the checksum.
      */
 
     safe_checksum.length = 0;
@@ -86,16 +87,16 @@ krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata,
     safemsg.checksum = &safe_checksum;
 
     if ((retval = encode_krb5_safe(&safemsg, &scratch1)))
-	return retval;
+        return retval;
 
     if ((retval = krb5_k_make_checksum(context, sumtype, key,
-				       KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
-				       scratch1, &safe_checksum)))
-	goto cleanup_checksum;
+                                       KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
+                                       scratch1, &safe_checksum)))
+        goto cleanup_checksum;
 
     safemsg.checksum = &safe_checksum;
     if ((retval = encode_krb5_safe(&safemsg, &scratch2))) {
-	goto cleanup_checksum;
+        goto cleanup_checksum;
     }
     *outbuf = *scratch2;
     free(scratch2);
@@ -104,17 +105,17 @@ krb5_mk_safe_basic(krb5_context context, const krb5_data *userdata,
 cleanup_checksum:
     free(safe_checksum.contents);
 
-    memset(scratch1->data, 0, scratch1->length); 
+    memset(scratch1->data, 0, scratch1->length);
     krb5_free_data(context, scratch1);
     return retval;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
-	     const krb5_data *userdata, krb5_data *outbuf,
-	     krb5_replay_data *outdata)
+             const krb5_data *userdata, krb5_data *outbuf,
+             krb5_replay_data *outdata)
 {
-    krb5_error_code 	  retval;
+    krb5_error_code       retval;
     krb5_key              key;
     krb5_replay_data      replaydata;
 
@@ -123,140 +124,139 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context,
 
     /* Get key */
     if ((key = auth_context->send_subkey) == NULL)
-	key = auth_context->key;
+        key = auth_context->key;
 
     /* Get replay info */
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
-      (auth_context->rcache == NULL))
-	return KRB5_RC_REQUIRED;
+        (auth_context->rcache == NULL))
+        return KRB5_RC_REQUIRED;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-      (outdata == NULL))
-	/* Need a better error */
-	return KRB5_RC_REQUIRED;
+         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+        (outdata == NULL))
+        /* Need a better error */
+        return KRB5_RC_REQUIRED;
 
     if (!auth_context->local_addr)
-	return KRB5_LOCAL_ADDR_REQUIRED;
+        return KRB5_LOCAL_ADDR_REQUIRED;
 
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) ||
-	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
-	if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
-					&replaydata.usec)))
-	    return retval;
-	if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) {
-    	    outdata->timestamp = replaydata.timestamp;
-    	    outdata->usec = replaydata.usec;
-	}
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME)) {
+        if ((retval = krb5_us_timeofday(context, &replaydata.timestamp,
+                                        &replaydata.usec)))
+            return retval;
+        if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) {
+            outdata->timestamp = replaydata.timestamp;
+            outdata->usec = replaydata.usec;
+        }
     }
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
-	(auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
-	replaydata.seq = auth_context->local_seq_number++;
-	if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
-    	    outdata->seq = replaydata.seq;
-    } 
-
-{
-    krb5_address * premote_fulladdr = NULL;
-    krb5_address * plocal_fulladdr;
-    krb5_address remote_fulladdr;
-    krb5_address local_fulladdr;
-    krb5_cksumtype sumtype;
-
-    CLEANUP_INIT(2);
-
-    if (auth_context->local_port) {
-	if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-					  auth_context->local_port, 
-					  &local_fulladdr))){
-	    CLEANUP_PUSH(local_fulladdr.contents, free);
-	    plocal_fulladdr = &local_fulladdr;
-	} else {
-	    goto error;
-	}
-    } else {
-	plocal_fulladdr = auth_context->local_addr;
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
+        replaydata.seq = auth_context->local_seq_number++;
+        if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
+            outdata->seq = replaydata.seq;
     }
 
-    if (auth_context->remote_addr) {
-    	if (auth_context->remote_port) {
-            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-                                 	      auth_context->remote_port, 
-					      &remote_fulladdr))){
-            	CLEANUP_PUSH(remote_fulladdr.contents, free);
-	    	premote_fulladdr = &remote_fulladdr;
+    {
+        krb5_address * premote_fulladdr = NULL;
+        krb5_address * plocal_fulladdr;
+        krb5_address remote_fulladdr;
+        krb5_address local_fulladdr;
+        krb5_cksumtype sumtype;
+
+        CLEANUP_INIT(2);
+
+        if (auth_context->local_port) {
+            if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+                                              auth_context->local_port,
+                                              &local_fulladdr))){
+                CLEANUP_PUSH(local_fulladdr.contents, free);
+                plocal_fulladdr = &local_fulladdr;
             } else {
-                CLEANUP_DONE();
                 goto error;
             }
-	} else {
-            premote_fulladdr = auth_context->remote_addr;
+        } else {
+            plocal_fulladdr = auth_context->local_addr;
         }
-    }
 
-    {
-	krb5_enctype enctype = krb5_k_key_enctype(context, key);
-	unsigned int nsumtypes;
-	unsigned int i;
-	krb5_cksumtype *sumtypes;
-	retval = krb5_c_keyed_checksum_types (context, enctype,
-					      &nsumtypes, &sumtypes);
-	if (retval) {
-	    CLEANUP_DONE ();
-	    goto error;
-	}
-	if (nsumtypes == 0) {
-		retval = KRB5_BAD_ENCTYPE;
-		krb5_free_cksumtypes (context, sumtypes);
-		CLEANUP_DONE ();
-		goto error;
-	}
-	for (i = 0; i < nsumtypes; i++)
-		if (auth_context->safe_cksumtype == sumtypes[i])
-			break;
-	if (i == nsumtypes)
-		i = 0;
-	sumtype = sumtypes[i];
-	krb5_free_cksumtypes (context, sumtypes);
-    }
-    if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
-				     plocal_fulladdr, premote_fulladdr,
-				     sumtype, outbuf))) {
-	CLEANUP_DONE();
-	goto error;
-    }
+        if (auth_context->remote_addr) {
+            if (auth_context->remote_port) {
+                if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+                                                  auth_context->remote_port,
+                                                  &remote_fulladdr))){
+                    CLEANUP_PUSH(remote_fulladdr.contents, free);
+                    premote_fulladdr = &remote_fulladdr;
+                } else {
+                    CLEANUP_DONE();
+                    goto error;
+                }
+            } else {
+                premote_fulladdr = auth_context->remote_addr;
+            }
+        }
 
-    CLEANUP_DONE();
-}
+        {
+            krb5_enctype enctype = krb5_k_key_enctype(context, key);
+            unsigned int nsumtypes;
+            unsigned int i;
+            krb5_cksumtype *sumtypes;
+            retval = krb5_c_keyed_checksum_types (context, enctype,
+                                                  &nsumtypes, &sumtypes);
+            if (retval) {
+                CLEANUP_DONE ();
+                goto error;
+            }
+            if (nsumtypes == 0) {
+                retval = KRB5_BAD_ENCTYPE;
+                krb5_free_cksumtypes (context, sumtypes);
+                CLEANUP_DONE ();
+                goto error;
+            }
+            for (i = 0; i < nsumtypes; i++)
+                if (auth_context->safe_cksumtype == sumtypes[i])
+                    break;
+            if (i == nsumtypes)
+                i = 0;
+            sumtype = sumtypes[i];
+            krb5_free_cksumtypes (context, sumtypes);
+        }
+        if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata,
+                                         plocal_fulladdr, premote_fulladdr,
+                                         sumtype, outbuf))) {
+            CLEANUP_DONE();
+            goto error;
+        }
+
+        CLEANUP_DONE();
+    }
 
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_donot_replay replay;
-
-	if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, 
-					   "_safe", &replay.client))) {
-    	    free(outbuf);
-	    goto error;
-	}
-
-	replay.server = "";		/* XXX */
-	replay.msghash = NULL;
-	replay.cusec = replaydata.usec;
-	replay.ctime = replaydata.timestamp;
-	if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
-	    /* should we really error out here? XXX */
-    	    free(outbuf);
-	    goto error;
-	}
-	free(replay.client);
+        krb5_donot_replay replay;
+
+        if ((retval = krb5_gen_replay_name(context, auth_context->local_addr,
+                                           "_safe", &replay.client))) {
+            free(outbuf);
+            goto error;
+        }
+
+        replay.server = "";             /* XXX */
+        replay.msghash = NULL;
+        replay.cusec = replaydata.usec;
+        replay.ctime = replaydata.timestamp;
+        if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
+            /* should we really error out here? XXX */
+            free(outbuf);
+            goto error;
+        }
+        free(replay.client);
     }
 
     return 0;
 
 error:
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) 
-	auth_context->local_seq_number--;
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE))
+        auth_context->local_seq_number--;
 
     return retval;
 }
-
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 3fcdaea1c..cda09b255 100644
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/pac.c
  *
@@ -43,16 +44,16 @@ typedef struct _PAC_INFO_BUFFER {
     krb5_ui_8 Offset;
 } PAC_INFO_BUFFER;
 
-#define PAC_INFO_BUFFER_LENGTH	16
+#define PAC_INFO_BUFFER_LENGTH  16
 
 /* ulType */
-#define PAC_LOGON_INFO		1
-#define PAC_CREDENTIALS_INFO	2
-#define PAC_SERVER_CHECKSUM	6
-#define PAC_PRIVSVR_CHECKSUM	7
-#define PAC_CLIENT_INFO		10
-#define PAC_DELEGATION_INFO	11
-#define PAC_UPN_DNS_INFO	12
+#define PAC_LOGON_INFO          1
+#define PAC_CREDENTIALS_INFO    2
+#define PAC_SERVER_CHECKSUM     6
+#define PAC_PRIVSVR_CHECKSUM    7
+#define PAC_CLIENT_INFO         10
+#define PAC_DELEGATION_INFO     11
+#define PAC_UPN_DNS_INFO        12
 
 typedef struct _PACTYPE {
     krb5_ui_4 cBuffers;
@@ -60,35 +61,35 @@ typedef struct _PACTYPE {
     PAC_INFO_BUFFER Buffers[1];
 } PACTYPE;
 
-#define PAC_ALIGNMENT		    8
-#define PACTYPE_LENGTH		    8U
+#define PAC_ALIGNMENT               8
+#define PACTYPE_LENGTH              8U
 #define PAC_SIGNATURE_DATA_LENGTH   4U
-#define PAC_CLIENT_INFO_LENGTH	    10U
+#define PAC_CLIENT_INFO_LENGTH      10U
 
-#define NT_TIME_EPOCH		    11644473600LL
+#define NT_TIME_EPOCH               11644473600LL
 
 struct krb5_pac_data {
-    PACTYPE *pac;	/* PAC header + info buffer array */
-    krb5_data data;	/* PAC data (including uninitialised header) */
+    PACTYPE *pac;       /* PAC header + info buffer array */
+    krb5_data data;     /* PAC data (including uninitialised header) */
     krb5_boolean verified;
 };
 
 static krb5_error_code
 k5_pac_locate_buffer(krb5_context context,
-		     const krb5_pac pac,
-		     krb5_ui_4 type,
-		     krb5_data *data);
+                     const krb5_pac pac,
+                     krb5_ui_4 type,
+                     krb5_data *data);
 
 /*
  * Add a buffer to the provided PAC and update header.
  */
 static krb5_error_code
 k5_pac_add_buffer(krb5_context context,
-		  krb5_pac pac,
-		  krb5_ui_4 type,
-		  const krb5_data *data,
-		  krb5_boolean zerofill,
-		  krb5_data *out_data)
+                  krb5_pac pac,
+                  krb5_ui_4 type,
+                  const krb5_data *data,
+                  krb5_boolean zerofill,
+                  krb5_data *out_data)
 {
     PACTYPE *header;
     size_t header_len, i, pad = 0;
@@ -98,37 +99,37 @@ k5_pac_add_buffer(krb5_context context,
 
     /* Check there isn't already a buffer of this type */
     if (k5_pac_locate_buffer(context, pac, type, NULL) == 0) {
-	return EEXIST;
+        return EEXIST;
     }
 
     header = (PACTYPE *)realloc(pac->pac,
-				sizeof(PACTYPE) +
-				(pac->pac->cBuffers * sizeof(PAC_INFO_BUFFER)));
+                                sizeof(PACTYPE) +
+                                (pac->pac->cBuffers * sizeof(PAC_INFO_BUFFER)));
     if (header == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
     pac->pac = header;
 
     header_len = PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH);
 
     if (data->length % PAC_ALIGNMENT)
-	pad = PAC_ALIGNMENT - (data->length % PAC_ALIGNMENT);
+        pad = PAC_ALIGNMENT - (data->length % PAC_ALIGNMENT);
 
     pac_data = realloc(pac->data.data,
-		       pac->data.length + PAC_INFO_BUFFER_LENGTH + data->length + pad);
+                       pac->data.length + PAC_INFO_BUFFER_LENGTH + data->length + pad);
     if (pac_data == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
     pac->data.data = pac_data;
 
     /* Update offsets of existing buffers */
     for (i = 0; i < pac->pac->cBuffers; i++)
-	pac->pac->Buffers[i].Offset += PAC_INFO_BUFFER_LENGTH;
+        pac->pac->Buffers[i].Offset += PAC_INFO_BUFFER_LENGTH;
 
     /* Make room for new PAC_INFO_BUFFER */
     memmove(pac->data.data + header_len + PAC_INFO_BUFFER_LENGTH,
-	    pac->data.data + header_len,
-	    pac->data.length - header_len);
+            pac->data.data + header_len,
+            pac->data.length - header_len);
     memset(pac->data.data + header_len, 0, PAC_INFO_BUFFER_LENGTH);
 
     /* Initialise new PAC_INFO_BUFFER */
@@ -139,9 +140,9 @@ k5_pac_add_buffer(krb5_context context,
 
     /* Copy in new PAC data and zero padding bytes */
     if (zerofill)
-	memset(pac->data.data + pac->pac->Buffers[i].Offset, 0, data->length);
+        memset(pac->data.data + pac->pac->Buffers[i].Offset, 0, data->length);
     else
-	memcpy(pac->data.data + pac->pac->Buffers[i].Offset, data->data, data->length);
+        memcpy(pac->data.data + pac->pac->Buffers[i].Offset, data->data, data->length);
 
     memset(pac->data.data + pac->pac->Buffers[i].Offset + data->length, 0, pad);
 
@@ -149,8 +150,8 @@ k5_pac_add_buffer(krb5_context context,
     pac->data.length += PAC_INFO_BUFFER_LENGTH + data->length + pad;
 
     if (out_data != NULL) {
-	out_data->data = pac->data.data + pac->pac->Buffers[i].Offset;
-	out_data->length = data->length;
+        out_data->data = pac->data.data + pac->pac->Buffers[i].Offset;
+        out_data->length = data->length;
     }
 
     pac->verified = FALSE;
@@ -160,9 +161,9 @@ k5_pac_add_buffer(krb5_context context,
 
 krb5_error_code KRB5_CALLCONV
 krb5_pac_add_buffer(krb5_context context,
-		    krb5_pac pac,
-		    krb5_ui_4 type,
-		    const krb5_data *data)
+                    krb5_pac pac,
+                    krb5_ui_4 type,
+                    const krb5_data *data)
 {
     return k5_pac_add_buffer(context, pac, type, data, FALSE, NULL);
 }
@@ -172,49 +173,49 @@ krb5_pac_add_buffer(krb5_context context,
  */
 void KRB5_CALLCONV
 krb5_pac_free(krb5_context context,
-	      krb5_pac pac)
+              krb5_pac pac)
 {
     if (pac != NULL) {
-	if (pac->data.data != NULL) {
-	    memset(pac->data.data, 0, pac->data.length);
-	    free(pac->data.data);
-	}
-	if (pac->pac != NULL)
-	    free(pac->pac);
-	memset(pac, 0, sizeof(*pac));
-	free(pac);
+        if (pac->data.data != NULL) {
+            memset(pac->data.data, 0, pac->data.length);
+            free(pac->data.data);
+        }
+        if (pac->pac != NULL)
+            free(pac->pac);
+        memset(pac, 0, sizeof(*pac));
+        free(pac);
     }
 }
 
 static krb5_error_code
 k5_pac_locate_buffer(krb5_context context,
-		     const krb5_pac pac,
-		     krb5_ui_4 type,
-		     krb5_data *data)
+                     const krb5_pac pac,
+                     krb5_ui_4 type,
+                     krb5_data *data)
 {
     PAC_INFO_BUFFER *buffer = NULL;
     size_t i;
 
     if (pac == NULL)
-	return EINVAL;
+        return EINVAL;
 
     for (i = 0; i < pac->pac->cBuffers; i++) {
-	if (pac->pac->Buffers[i].ulType == type) {
-	    if (buffer == NULL)
-		buffer = &pac->pac->Buffers[i];
-	    else
-		return EINVAL;
-	}
+        if (pac->pac->Buffers[i].ulType == type) {
+            if (buffer == NULL)
+                buffer = &pac->pac->Buffers[i];
+            else
+                return EINVAL;
+        }
     }
 
     if (buffer == NULL)
-	return ENOENT;
+        return ENOENT;
 
     assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length);
 
     if (data != NULL) {
-	data->length = buffer->cbBufferSize;
-	data->data = pac->data.data + buffer->Offset;
+        data->length = buffer->cbBufferSize;
+        data->data = pac->data.data + buffer->Offset;
     }
 
     return 0;
@@ -225,20 +226,20 @@ k5_pac_locate_buffer(krb5_context context,
  */
 krb5_error_code KRB5_CALLCONV
 krb5_pac_get_buffer(krb5_context context,
-		    krb5_pac pac,
-		    krb5_ui_4 type,
-		    krb5_data *data)
+                    krb5_pac pac,
+                    krb5_ui_4 type,
+                    krb5_data *data)
 {
     krb5_data d;
     krb5_error_code ret;
 
     ret = k5_pac_locate_buffer(context, pac, type, &d);
     if (ret != 0)
-	return ret;
+        return ret;
 
     data->data = malloc(d.length);
     if (data->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     data->length = d.length;
     memcpy(data->data, d.data, d.length);
@@ -251,20 +252,20 @@ krb5_pac_get_buffer(krb5_context context,
  */
 krb5_error_code KRB5_CALLCONV
 krb5_pac_get_types(krb5_context context,
-		   krb5_pac pac,
-		   size_t *len,
-		   krb5_ui_4 **types)
+                   krb5_pac pac,
+                   size_t *len,
+                   krb5_ui_4 **types)
 {
     size_t i;
 
     *types = (krb5_ui_4 *)malloc(pac->pac->cBuffers * sizeof(krb5_ui_4));
     if (*types == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     *len = pac->pac->cBuffers;
 
     for (i = 0; i < pac->pac->cBuffers; i++)
-	(*types)[i] = pac->pac->Buffers[i].ulType;
+        (*types)[i] = pac->pac->Buffers[i].ulType;
 
     return 0;
 }
@@ -274,18 +275,18 @@ krb5_pac_get_types(krb5_context context,
  */
 krb5_error_code KRB5_CALLCONV
 krb5_pac_init(krb5_context context,
-	      krb5_pac *ppac)
+              krb5_pac *ppac)
 {
     krb5_pac pac;
 
     pac = (krb5_pac)malloc(sizeof(*pac));
     if (pac == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     pac->pac = (PACTYPE *)malloc(sizeof(PACTYPE));
     if (pac->pac == NULL) {
-	free(pac);
-	return ENOMEM;
+        free(pac);
+        return ENOMEM;
     }
 
     pac->pac->cBuffers = 0;
@@ -294,8 +295,8 @@ krb5_pac_init(krb5_context context,
     pac->data.length = PACTYPE_LENGTH;
     pac->data.data = calloc(1, pac->data.length);
     if (pac->data.data == NULL) {
-	krb5_pac_free(context, pac);
-	return ENOMEM;
+        krb5_pac_free(context, pac);
+        return ENOMEM;
     }
 
     pac->verified = FALSE;
@@ -307,8 +308,8 @@ krb5_pac_init(krb5_context context,
 
 static krb5_error_code
 k5_pac_copy(krb5_context context,
-	    krb5_pac src,
-	    krb5_pac *dst)
+            krb5_pac src,
+            krb5_pac *dst)
 {
     size_t header_len;
     krb5_ui_4 cbuffers;
@@ -317,27 +318,27 @@ k5_pac_copy(krb5_context context,
 
     cbuffers = src->pac->cBuffers;
     if (cbuffers != 0)
-	cbuffers--;
+        cbuffers--;
 
     header_len = sizeof(PACTYPE) + cbuffers * sizeof(PAC_INFO_BUFFER);
 
     pac = (krb5_pac)malloc(sizeof(*pac));
     if (pac == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     pac->pac = (PACTYPE *)malloc(header_len);
     if (pac->pac == NULL) {
-	free(pac);
-	return ENOMEM;
+        free(pac);
+        return ENOMEM;
     }
 
     memcpy(pac->pac, src->pac, header_len);
 
     code = krb5int_copy_data_contents(context, &src->data, &pac->data);
     if (code != 0) {
-	free(pac->pac);
-	free(pac);
-	return ENOMEM;
+        free(pac->pac);
+        free(pac);
+        return ENOMEM;
     }
 
     pac->verified = src->verified;
@@ -351,9 +352,9 @@ k5_pac_copy(krb5_context context,
  */
 krb5_error_code KRB5_CALLCONV
 krb5_pac_parse(krb5_context context,
-	       const void *ptr,
-	       size_t len,
-	       krb5_pac *ppac)
+               const void *ptr,
+               size_t len,
+               krb5_pac *ppac)
 {
     krb5_error_code ret;
     size_t i;
@@ -365,7 +366,7 @@ krb5_pac_parse(krb5_context context,
     *ppac = NULL;
 
     if (len < PACTYPE_LENGTH)
-	return ERANGE;
+        return ERANGE;
 
     cbuffers = load_32_le(p);
     p += 4;
@@ -373,51 +374,51 @@ krb5_pac_parse(krb5_context context,
     p += 4;
 
     if (version != 0)
-	return EINVAL;
+        return EINVAL;
 
     header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH);
     if (len < header_len)
-	return ERANGE;
+        return ERANGE;
 
     ret = krb5_pac_init(context, &pac);
     if (ret != 0)
-	return ret;
+        return ret;
 
     pac->pac = (PACTYPE *)realloc(pac->pac,
-	sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER)));
+                                  sizeof(PACTYPE) + ((cbuffers - 1) * sizeof(PAC_INFO_BUFFER)));
     if (pac->pac == NULL) {
-	krb5_pac_free(context, pac);
-	return ENOMEM;
+        krb5_pac_free(context, pac);
+        return ENOMEM;
     }
 
     pac->pac->cBuffers = cbuffers;
     pac->pac->Version = version;
 
     for (i = 0; i < pac->pac->cBuffers; i++) {
-	PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
-
-	buffer->ulType = load_32_le(p);
-	p += 4;
-	buffer->cbBufferSize = load_32_le(p);
-	p += 4;
-	buffer->Offset = load_64_le(p);
-	p += 8;
-
-	if (buffer->Offset % PAC_ALIGNMENT) {
-	    krb5_pac_free(context, pac);
-	    return EINVAL;
-	}
-	if (buffer->Offset < header_len ||
-	    buffer->Offset + buffer->cbBufferSize > len) {
-	    krb5_pac_free(context, pac);
-	    return ERANGE;
-	}
+        PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
+
+        buffer->ulType = load_32_le(p);
+        p += 4;
+        buffer->cbBufferSize = load_32_le(p);
+        p += 4;
+        buffer->Offset = load_64_le(p);
+        p += 8;
+
+        if (buffer->Offset % PAC_ALIGNMENT) {
+            krb5_pac_free(context, pac);
+            return EINVAL;
+        }
+        if (buffer->Offset < header_len ||
+            buffer->Offset + buffer->cbBufferSize > len) {
+            krb5_pac_free(context, pac);
+            return ERANGE;
+        }
     }
 
     pac->data.data = realloc(pac->data.data, len);
     if (pac->data.data == NULL) {
-	krb5_pac_free(context, pac);
-	return ENOMEM;
+        krb5_pac_free(context, pac);
+        return ENOMEM;
     }
     memcpy(pac->data.data, ptr, len);
 
@@ -430,7 +431,7 @@ krb5_pac_parse(krb5_context context,
 
 static krb5_error_code
 k5_time_to_seconds_since_1970(krb5_int64 ntTime,
-			      krb5_timestamp *elapsedSeconds)
+                              krb5_timestamp *elapsedSeconds)
 {
     krb5_ui_8 abstime;
 
@@ -439,7 +440,7 @@ k5_time_to_seconds_since_1970(krb5_int64 ntTime,
     abstime = ntTime > 0 ? ntTime - NT_TIME_EPOCH : -ntTime;
 
     if (abstime > KRB5_INT32_MAX)
-	return ERANGE;
+        return ERANGE;
 
     *elapsedSeconds = abstime;
 
@@ -448,12 +449,12 @@ k5_time_to_seconds_since_1970(krb5_int64 ntTime,
 
 static krb5_error_code
 k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds,
-			      krb5_ui_8 *ntTime)
+                              krb5_ui_8 *ntTime)
 {
     *ntTime = elapsedSeconds;
 
     if (elapsedSeconds > 0)
-	*ntTime += NT_TIME_EPOCH;
+        *ntTime += NT_TIME_EPOCH;
 
     *ntTime *= 10000000;
 
@@ -462,9 +463,9 @@ k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds,
 
 static krb5_error_code
 k5_pac_validate_client(krb5_context context,
-		       const krb5_pac pac,
-		       krb5_timestamp authtime,
-		       krb5_const_principal principal)
+                       const krb5_pac pac,
+                       krb5_timestamp authtime,
+                       krb5_const_principal principal)
 {
     krb5_error_code ret;
     krb5_data client_info;
@@ -477,10 +478,10 @@ k5_pac_validate_client(krb5_context context,
 
     ret = k5_pac_locate_buffer(context, pac, PAC_CLIENT_INFO, &client_info);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (client_info.length < PAC_CLIENT_INFO_LENGTH)
-	return ERANGE;
+        return ERANGE;
 
     p = (unsigned char *)client_info.data;
     pac_nt_authtime = load_64_le(p);
@@ -490,31 +491,31 @@ k5_pac_validate_client(krb5_context context,
 
     ret = k5_time_to_seconds_since_1970(pac_nt_authtime, &pac_authtime);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (client_info.length < PAC_CLIENT_INFO_LENGTH + pac_princname_length ||
-	pac_princname_length % 2)
-	return ERANGE;
+        pac_princname_length % 2)
+        return ERANGE;
 
     ret = krb5int_ucs2lecs_to_utf8s(p, (size_t)pac_princname_length / 2,
-				    &pac_princname, NULL);
+                                    &pac_princname, NULL);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = krb5_parse_name_flags(context, pac_princname, 0, &pac_principal);
     if (ret != 0) {
-	free(pac_princname);
-	return ret;
+        free(pac_princname);
+        return ret;
     }
 
     free(pac_princname);
 
     if (pac_authtime != authtime ||
-	!krb5_principal_compare_flags(context,
-				      pac_principal,
-				      principal,
-				      KRB5_PRINCIPAL_COMPARE_IGNORE_REALM))
-	ret = KRB5KRB_AP_WRONG_PRINC;
+        !krb5_principal_compare_flags(context,
+                                      pac_principal,
+                                      principal,
+                                      KRB5_PRINCIPAL_COMPARE_IGNORE_REALM))
+        ret = KRB5KRB_AP_WRONG_PRINC;
 
     krb5_free_principal(context, pac_principal);
 
@@ -523,9 +524,9 @@ k5_pac_validate_client(krb5_context context,
 
 static krb5_error_code
 k5_pac_zero_signature(krb5_context context,
-		      const krb5_pac pac,
-		      krb5_ui_4 type,
-		      krb5_data *data)
+                      const krb5_pac pac,
+                      krb5_ui_4 type,
+                      krb5_data *data)
 {
     PAC_INFO_BUFFER *buffer = NULL;
     size_t i;
@@ -534,33 +535,33 @@ k5_pac_zero_signature(krb5_context context,
     assert(data->length >= pac->data.length);
 
     for (i = 0; i < pac->pac->cBuffers; i++) {
-	if (pac->pac->Buffers[i].ulType == type) {
-	    buffer = &pac->pac->Buffers[i];
-	    break;
-	}
+        if (pac->pac->Buffers[i].ulType == type) {
+            buffer = &pac->pac->Buffers[i];
+            break;
+        }
     }
 
     if (buffer == NULL)
-	return ENOENT;
+        return ENOENT;
 
     if (buffer->Offset + buffer->cbBufferSize > pac->data.length)
-	return ERANGE;
+        return ERANGE;
 
     if (buffer->cbBufferSize < PAC_SIGNATURE_DATA_LENGTH)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     /* Zero out the data portion of the checksum only */
     memset(data->data + buffer->Offset + PAC_SIGNATURE_DATA_LENGTH,
-	   0,
-	   buffer->cbBufferSize - PAC_SIGNATURE_DATA_LENGTH);
+           0,
+           buffer->cbBufferSize - PAC_SIGNATURE_DATA_LENGTH);
 
     return 0;
 }
 
 static krb5_error_code
 k5_pac_verify_server_checksum(krb5_context context,
-			      const krb5_pac pac,
-			      const krb5_keyblock *server)
+                              const krb5_pac pac,
+                              const krb5_keyblock *server)
 {
     krb5_error_code ret;
     krb5_data pac_data; /* PAC with zeroed checksums */
@@ -570,12 +571,12 @@ k5_pac_verify_server_checksum(krb5_context context,
     krb5_octet *p;
 
     ret = k5_pac_locate_buffer(context, pac,
-			       PAC_SERVER_CHECKSUM, &checksum_data);
+                               PAC_SERVER_CHECKSUM, &checksum_data);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (checksum_data.length < PAC_SIGNATURE_DATA_LENGTH)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     p = (krb5_octet *)checksum_data.data;
     checksum.checksum_type = load_32_le(p);
@@ -585,45 +586,45 @@ k5_pac_verify_server_checksum(krb5_context context,
     pac_data.length = pac->data.length;
     pac_data.data = malloc(pac->data.length);
     if (pac_data.data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     memcpy(pac_data.data, pac->data.data, pac->data.length);
 
     /* Zero out both checksum buffers */
     ret = k5_pac_zero_signature(context, pac,
-				PAC_SERVER_CHECKSUM, &pac_data);
+                                PAC_SERVER_CHECKSUM, &pac_data);
     if (ret != 0) {
-	free(pac_data.data);
-	return ret;
+        free(pac_data.data);
+        return ret;
     }
 
     ret = k5_pac_zero_signature(context, pac,
-				PAC_PRIVSVR_CHECKSUM, &pac_data);
+                                PAC_PRIVSVR_CHECKSUM, &pac_data);
     if (ret != 0) {
-	free(pac_data.data);
-	return ret;
+        free(pac_data.data);
+        return ret;
     }
 
     ret = krb5_c_verify_checksum(context, server,
-				 KRB5_KEYUSAGE_APP_DATA_CKSUM,
-				 &pac_data, &checksum, &valid);
+                                 KRB5_KEYUSAGE_APP_DATA_CKSUM,
+                                 &pac_data, &checksum, &valid);
 
     free(pac_data.data);
 
     if (ret != 0) {
-	return ret;
+        return ret;
     }
 
     if (valid == FALSE)
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
 
     return ret;
 }
 
 static krb5_error_code
 k5_pac_verify_kdc_checksum(krb5_context context,
-			   const krb5_pac pac,
-			   const krb5_keyblock *privsvr)
+                           const krb5_pac pac,
+                           const krb5_keyblock *privsvr)
 {
     krb5_error_code ret;
     krb5_data server_checksum, privsvr_checksum;
@@ -632,20 +633,20 @@ k5_pac_verify_kdc_checksum(krb5_context context,
     krb5_octet *p;
 
     ret = k5_pac_locate_buffer(context, pac,
-			       PAC_PRIVSVR_CHECKSUM, &privsvr_checksum);
+                               PAC_PRIVSVR_CHECKSUM, &privsvr_checksum);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (privsvr_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     ret = k5_pac_locate_buffer(context, pac,
-			       PAC_SERVER_CHECKSUM, &server_checksum);
+                               PAC_SERVER_CHECKSUM, &server_checksum);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     p = (krb5_octet *)privsvr_checksum.data;
     checksum.checksum_type = load_32_le(p);
@@ -656,44 +657,44 @@ k5_pac_verify_kdc_checksum(krb5_context context,
     server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH;
 
     ret = krb5_c_verify_checksum(context, privsvr,
-				 KRB5_KEYUSAGE_APP_DATA_CKSUM,
-				 &server_checksum, &checksum, &valid);
+                                 KRB5_KEYUSAGE_APP_DATA_CKSUM,
+                                 &server_checksum, &checksum, &valid);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (valid == FALSE)
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
 
     return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_pac_verify(krb5_context context,
-		const krb5_pac pac,
-		krb5_timestamp authtime,
-		krb5_const_principal principal,
-		const krb5_keyblock *server,
-		const krb5_keyblock *privsvr)
+                const krb5_pac pac,
+                krb5_timestamp authtime,
+                krb5_const_principal principal,
+                const krb5_keyblock *server,
+                const krb5_keyblock *privsvr)
 {
     krb5_error_code ret;
 
     if (server == NULL)
-	return EINVAL;
+        return EINVAL;
 
     ret = k5_pac_verify_server_checksum(context, pac, server);
     if (ret != 0)
-	return ret;
+        return ret;
 
     if (privsvr != NULL) {
-	ret = k5_pac_verify_kdc_checksum(context, pac, privsvr);
-	if (ret != 0)
-	    return ret;
+        ret = k5_pac_verify_kdc_checksum(context, pac, privsvr);
+        if (ret != 0)
+            return ret;
     }
 
     if (principal != NULL) {
-	ret = k5_pac_validate_client(context, pac, authtime, principal);
-	if (ret != 0)
-	    return ret;
+        ret = k5_pac_validate_client(context, pac, authtime, principal);
+        if (ret != 0)
+            return ret;
     }
 
     pac->verified = TRUE;
@@ -703,9 +704,9 @@ krb5_pac_verify(krb5_context context,
 
 static krb5_error_code
 k5_insert_client_info(krb5_context context,
-		      krb5_pac pac,
-		      krb5_timestamp authtime,
-		      krb5_const_principal principal)
+                      krb5_pac pac,
+                      krb5_timestamp authtime,
+                      krb5_const_principal principal)
 {
     krb5_error_code ret;
     krb5_data client_info;
@@ -716,29 +717,29 @@ k5_insert_client_info(krb5_context context,
 
     /* If we already have a CLIENT_INFO buffer, then just validate it */
     if (k5_pac_locate_buffer(context, pac,
-			     PAC_CLIENT_INFO, &client_info) == 0) {
-	return k5_pac_validate_client(context, pac, authtime, principal);
+                             PAC_CLIENT_INFO, &client_info) == 0) {
+        return k5_pac_validate_client(context, pac, authtime, principal);
     }
 
     ret = krb5_unparse_name_flags(context, principal,
-				  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  &princ_name_utf8);
+                                  KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                  &princ_name_utf8);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5int_utf8s_to_ucs2les(princ_name_utf8,
-				   &princ_name_ucs2,
-				   &princ_name_ucs2_len);
+                                   &princ_name_ucs2,
+                                   &princ_name_ucs2_len);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     client_info.length = PAC_CLIENT_INFO_LENGTH + princ_name_ucs2_len;
     client_info.data = NULL;
 
     ret = k5_pac_add_buffer(context, pac, PAC_CLIENT_INFO,
-			    &client_info, TRUE, &client_info);
+                            &client_info, TRUE, &client_info);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     p = (unsigned char *)client_info.data;
 
@@ -756,7 +757,7 @@ k5_insert_client_info(krb5_context context,
 
 cleanup:
     if (princ_name_ucs2 != NULL)
-	free(princ_name_ucs2);
+        free(princ_name_ucs2);
     krb5_free_unparsed_name(context, princ_name_utf8);
 
     return ret;
@@ -764,10 +765,10 @@ cleanup:
 
 static krb5_error_code
 k5_insert_checksum(krb5_context context,
-		   krb5_pac pac,
-		   krb5_ui_4 type,
-		   const krb5_keyblock *key,
-		   krb5_cksumtype *cksumtype)
+                   krb5_pac pac,
+                   krb5_ui_4 type,
+                   const krb5_keyblock *key,
+                   krb5_cksumtype *cksumtype)
 {
     krb5_error_code ret;
     size_t len;
@@ -775,32 +776,32 @@ k5_insert_checksum(krb5_context context,
 
     ret = krb5int_c_mandatory_cksumtype(context, key->enctype, cksumtype);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = krb5_c_checksum_length(context, *cksumtype, &len);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = k5_pac_locate_buffer(context, pac, type, &cksumdata);
     if (ret == 0) {
-	/*
-	 * If we're resigning PAC, make sure we can fit checksum
-	 * into existing buffer
-	 */
-	if (cksumdata.length != PAC_SIGNATURE_DATA_LENGTH + len)
-	    return ERANGE;
-
-	memset(cksumdata.data, 0, cksumdata.length);
+        /*
+         * If we're resigning PAC, make sure we can fit checksum
+         * into existing buffer
+         */
+        if (cksumdata.length != PAC_SIGNATURE_DATA_LENGTH + len)
+            return ERANGE;
+
+        memset(cksumdata.data, 0, cksumdata.length);
     } else {
-	/* Add a zero filled buffer */
-	cksumdata.length = PAC_SIGNATURE_DATA_LENGTH + len;
-	cksumdata.data = NULL;
-
-	ret = k5_pac_add_buffer(context, pac,
-				type, &cksumdata,
-				TRUE, &cksumdata);
-	if (ret != 0)
-	    return ret;
+        /* Add a zero filled buffer */
+        cksumdata.length = PAC_SIGNATURE_DATA_LENGTH + len;
+        cksumdata.data = NULL;
+
+        ret = k5_pac_add_buffer(context, pac,
+                                type, &cksumdata,
+                                TRUE, &cksumdata);
+        if (ret != 0)
+            return ret;
     }
 
     /* Encode checksum type into buffer */
@@ -818,7 +819,7 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
     size_t header_len;
 
     header_len = PACTYPE_LENGTH +
-	(pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH);
+        (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH);
     assert(pac->data.length >= header_len);
 
     p = (unsigned char *)pac->data.data;
@@ -829,23 +830,23 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
     p += 4;
 
     for (i = 0; i < pac->pac->cBuffers; i++) {
-	PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
-
-	store_32_le(buffer->ulType, p);
-	p += 4;
-	store_32_le(buffer->cbBufferSize, p);
-	p += 4;
-	store_64_le(buffer->Offset, p);
-	p += 8;
-
-	assert((buffer->Offset % PAC_ALIGNMENT) == 0);
-	assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length);
-	assert(buffer->Offset >= header_len);
-
-	if (buffer->Offset % PAC_ALIGNMENT ||
-	    buffer->Offset + buffer->cbBufferSize > pac->data.length ||
-	    buffer->Offset < header_len)
-	    return ERANGE;
+        PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i];
+
+        store_32_le(buffer->ulType, p);
+        p += 4;
+        store_32_le(buffer->cbBufferSize, p);
+        p += 4;
+        store_64_le(buffer->Offset, p);
+        p += 8;
+
+        assert((buffer->Offset % PAC_ALIGNMENT) == 0);
+        assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length);
+        assert(buffer->Offset >= header_len);
+
+        if (buffer->Offset % PAC_ALIGNMENT ||
+            buffer->Offset + buffer->cbBufferSize > pac->data.length ||
+            buffer->Offset < header_len)
+            return ERANGE;
     }
 
     return 0;
@@ -853,12 +854,12 @@ k5_pac_encode_header(krb5_context context, krb5_pac pac)
 
 krb5_error_code KRB5_CALLCONV
 krb5int_pac_sign(krb5_context context,
-		 krb5_pac pac,
-		 krb5_timestamp authtime,
-		 krb5_const_principal principal,
-		 const krb5_keyblock *server_key,
-		 const krb5_keyblock *privsvr_key,
-		 krb5_data *data)
+                 krb5_pac pac,
+                 krb5_timestamp authtime,
+                 krb5_const_principal principal,
+                 const krb5_keyblock *server_key,
+                 const krb5_keyblock *privsvr_key,
+                 krb5_data *data)
 {
     krb5_error_code ret;
     krb5_data server_cksum, privsvr_cksum;
@@ -869,32 +870,32 @@ krb5int_pac_sign(krb5_context context,
     data->data = NULL;
 
     if (principal != NULL) {
-	ret = k5_insert_client_info(context, pac, authtime, principal);
-	if (ret != 0)
-	    return ret;
+        ret = k5_insert_client_info(context, pac, authtime, principal);
+        if (ret != 0)
+            return ret;
     }
 
     /* Create zeroed buffers for both checksums */
     ret = k5_insert_checksum(context, pac, PAC_SERVER_CHECKSUM,
-			     server_key, &server_cksumtype);
+                             server_key, &server_cksumtype);
     if (ret != 0)
-	return ret;
+        return ret;
 
     ret = k5_insert_checksum(context, pac, PAC_PRIVSVR_CHECKSUM,
-			     privsvr_key, &privsvr_cksumtype);
+                             privsvr_key, &privsvr_cksumtype);
     if (ret != 0)
-	return ret;
+        return ret;
 
     /* Now, encode the PAC header so that the checksums will include it */
     ret = k5_pac_encode_header(context, pac);
     if (ret != 0)
-	return ret;
+        return ret;
 
     /* Generate the server checksum over the entire PAC */
     ret = k5_pac_locate_buffer(context, pac,
-			       PAC_SERVER_CHECKSUM, &server_cksum);
+                               PAC_SERVER_CHECKSUM, &server_cksum);
     if (ret != 0)
-	return ret;
+        return ret;
 
     assert(server_cksum.length > PAC_SIGNATURE_DATA_LENGTH);
 
@@ -906,16 +907,16 @@ krb5int_pac_sign(krb5_context context,
     iov[1].data.length = server_cksum.length - PAC_SIGNATURE_DATA_LENGTH;
 
     ret = krb5_c_make_checksum_iov(context, server_cksumtype,
-				   server_key, KRB5_KEYUSAGE_APP_DATA_CKSUM,
-				   iov, sizeof(iov)/sizeof(iov[0]));
+                                   server_key, KRB5_KEYUSAGE_APP_DATA_CKSUM,
+                                   iov, sizeof(iov)/sizeof(iov[0]));
     if (ret != 0)
-	return ret;
+        return ret;
 
     /* Generate the privsvr checksum over the server checksum buffer */
     ret = k5_pac_locate_buffer(context, pac,
-			       PAC_PRIVSVR_CHECKSUM, &privsvr_cksum);
+                               PAC_PRIVSVR_CHECKSUM, &privsvr_cksum);
     if (ret != 0)
-	return ret;
+        return ret;
 
     assert(privsvr_cksum.length > PAC_SIGNATURE_DATA_LENGTH);
 
@@ -928,20 +929,20 @@ krb5int_pac_sign(krb5_context context,
     iov[1].data.length = privsvr_cksum.length - PAC_SIGNATURE_DATA_LENGTH;
 
     ret = krb5_c_make_checksum_iov(context, privsvr_cksumtype,
-				   privsvr_key, KRB5_KEYUSAGE_APP_DATA_CKSUM,
-				   iov, sizeof(iov)/sizeof(iov[0]));
+                                   privsvr_key, KRB5_KEYUSAGE_APP_DATA_CKSUM,
+                                   iov, sizeof(iov)/sizeof(iov[0]));
     if (ret != 0)
-	return ret;
+        return ret;
 
     data->data = malloc(pac->data.length);
     if (data->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     data->length = pac->data.length;
 
     memcpy(data->data, pac->data.data, pac->data.length);
     memset(pac->data.data, 0,
-	   PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH));
+           PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH));
 
     return 0;
 }
@@ -962,9 +963,9 @@ mspac_init(krb5_context kcontext, void **plugin_context)
 
 static void
 mspac_flags(krb5_context kcontext,
-	    void *plugin_context,
-	    krb5_authdatatype ad_type,
-	    krb5_flags *flags)
+            void *plugin_context,
+            krb5_authdatatype ad_type,
+            krb5_flags *flags)
 {
     *flags = AD_USAGE_KDC_ISSUED;
 }
@@ -977,15 +978,15 @@ mspac_fini(krb5_context kcontext, void *plugin_context)
 
 static krb5_error_code
 mspac_request_init(krb5_context kcontext,
-		   krb5_authdata_context context,
-		   void *plugin_context,
-		   void **request_context)
+                   krb5_authdata_context context,
+                   void *plugin_context,
+                   void **request_context)
 {
     struct mspac_context *pacctx;
 
     pacctx = (struct mspac_context *)malloc(sizeof(*pacctx));
     if (pacctx == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     pacctx->pac = NULL;
 
@@ -996,41 +997,41 @@ mspac_request_init(krb5_context kcontext,
 
 static krb5_error_code
 mspac_import_authdata(krb5_context kcontext,
-		      krb5_authdata_context context,
-		      void *plugin_context,
-		      void *request_context,
-		      krb5_authdata **authdata,
-		      krb5_boolean kdc_issued,
-		      krb5_const_principal kdc_issuer)
+                      krb5_authdata_context context,
+                      void *plugin_context,
+                      void *request_context,
+                      krb5_authdata **authdata,
+                      krb5_boolean kdc_issued,
+                      krb5_const_principal kdc_issuer)
 {
     krb5_error_code code;
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
 
     if (kdc_issued)
-	return EINVAL;
+        return EINVAL;
 
     if (pacctx->pac != NULL) {
-	krb5_pac_free(kcontext, pacctx->pac);
-	pacctx->pac = NULL;
+        krb5_pac_free(kcontext, pacctx->pac);
+        pacctx->pac = NULL;
     }
 
     assert(authdata[0] != NULL);
     assert((authdata[0]->ad_type & AD_TYPE_FIELD_TYPE_MASK) ==
-	KRB5_AUTHDATA_WIN2K_PAC);
+           KRB5_AUTHDATA_WIN2K_PAC);
 
     code = krb5_pac_parse(kcontext, authdata[0]->contents,
-			  authdata[0]->length, &pacctx->pac);
+                          authdata[0]->length, &pacctx->pac);
 
     return code;
 }
 
 static krb5_error_code
 mspac_export_authdata(krb5_context kcontext,
-		      krb5_authdata_context context,
-		      void *plugin_context,
-		      void *request_context,
-		      krb5_flags usage,
-		      krb5_authdata ***out_authdata)
+                      krb5_authdata_context context,
+                      void *plugin_context,
+                      void *request_context,
+                      krb5_flags usage,
+                      krb5_authdata ***out_authdata)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
     krb5_error_code code;
@@ -1038,23 +1039,23 @@ mspac_export_authdata(krb5_context kcontext,
     krb5_data data;
 
     if (pacctx->pac == NULL)
-	return 0;
+        return 0;
 
     authdata = calloc(2, sizeof(krb5_authdata *));
     if (authdata == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     authdata[0] = calloc(1, sizeof(krb5_authdata));
     if (authdata[0] == NULL) {
-	free(authdata);
-	return ENOMEM;
+        free(authdata);
+        return ENOMEM;
     }
     authdata[1] = NULL;
 
     code = krb5int_copy_data_contents(kcontext, &pacctx->pac->data, &data);
     if (code != 0) {
-	krb5_free_authdata(kcontext, authdata);
-	return code;
+        krb5_free_authdata(kcontext, authdata);
+        return code;
     }
 
     authdata[0]->magic = KV5M_AUTHDATA;
@@ -1071,25 +1072,25 @@ mspac_export_authdata(krb5_context kcontext,
 
 static krb5_error_code
 mspac_verify(krb5_context kcontext,
-	     krb5_authdata_context context,
-	     void *plugin_context,
-	     void *request_context,
-	     const krb5_auth_context *auth_context,
-	     const krb5_keyblock *key,
-	     const krb5_ap_req *req)
+             krb5_authdata_context context,
+             void *plugin_context,
+             void *request_context,
+             const krb5_auth_context *auth_context,
+             const krb5_keyblock *key,
+             const krb5_ap_req *req)
 {
     krb5_error_code code;
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
 
     if (pacctx->pac == NULL)
-	return EINVAL;
+        return EINVAL;
 
     code = krb5_pac_verify(kcontext,
-			   pacctx->pac,
-			   req->ticket->enc_part2->times.authtime,
-			   req->ticket->enc_part2->client,
-			   key,
-			   NULL);
+                           pacctx->pac,
+                           req->ticket->enc_part2->times.authtime,
+                           req->ticket->enc_part2->client,
+                           key,
+                           NULL);
 
 #if 0
     /*
@@ -1097,8 +1098,8 @@ mspac_verify(krb5_context kcontext,
      * Thoughts?
      */
     if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
-	assert(pacctx->pac->verified == FALSE);
-	code = 0;
+        assert(pacctx->pac->verified == FALSE);
+        code = 0;
     }
 #endif
 
@@ -1107,17 +1108,17 @@ mspac_verify(krb5_context kcontext,
 
 static void
 mspac_request_fini(krb5_context kcontext,
-		   krb5_authdata_context context,
-		   void *plugin_context,
-		   void *request_context)
+                   krb5_authdata_context context,
+                   void *plugin_context,
+                   void *request_context)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
 
     if (pacctx != NULL) {
-	if (pacctx->pac != NULL)
-	    krb5_pac_free(kcontext, pacctx->pac);
+        if (pacctx->pac != NULL)
+            krb5_pac_free(kcontext, pacctx->pac);
 
-	free(pacctx);
+        free(pacctx);
     }
 }
 
@@ -1127,17 +1128,17 @@ static struct {
     krb5_ui_4 type;
     krb5_data attribute;
 } mspac_attribute_types[] = {
-    { (krb5_ui_4)-1,		{ KV5M_DATA, STRLENOF("urn:mspac:"), "urn:mspac:" } },
-    { PAC_LOGON_INFO,		{ KV5M_DATA, STRLENOF("urn:mspac:logon-info"), "urn:mspac:logon-info" } },
-    { PAC_CREDENTIALS_INFO,	{ KV5M_DATA, STRLENOF("urn:mspac:credentials-info"), "urn:mspac:credentials-info" } },
-    { PAC_SERVER_CHECKSUM,	{ KV5M_DATA, STRLENOF("urn:mspac:server-checksum"), "urn:mspac:server-checksum" } },
-    { PAC_PRIVSVR_CHECKSUM,	{ KV5M_DATA, STRLENOF("urn:mspac:privsvr-checksum"), "urn:mspac:privsvr-checksum" } },
-    { PAC_CLIENT_INFO,		{ KV5M_DATA, STRLENOF("urn:mspac:client-info"), "urn:mspac:client-info" } },
-    { PAC_DELEGATION_INFO,	{ KV5M_DATA, STRLENOF("urn:mspac:delegation-info"), "urn:mspac:delegation-info" } },
-    { PAC_UPN_DNS_INFO,		{ KV5M_DATA, STRLENOF("urn:mspac:upn-dns-info"), "urn:mspac:upn-dns-info" } },
+    { (krb5_ui_4)-1,            { KV5M_DATA, STRLENOF("urn:mspac:"), "urn:mspac:" } },
+    { PAC_LOGON_INFO,           { KV5M_DATA, STRLENOF("urn:mspac:logon-info"), "urn:mspac:logon-info" } },
+    { PAC_CREDENTIALS_INFO,     { KV5M_DATA, STRLENOF("urn:mspac:credentials-info"), "urn:mspac:credentials-info" } },
+    { PAC_SERVER_CHECKSUM,      { KV5M_DATA, STRLENOF("urn:mspac:server-checksum"), "urn:mspac:server-checksum" } },
+    { PAC_PRIVSVR_CHECKSUM,     { KV5M_DATA, STRLENOF("urn:mspac:privsvr-checksum"), "urn:mspac:privsvr-checksum" } },
+    { PAC_CLIENT_INFO,          { KV5M_DATA, STRLENOF("urn:mspac:client-info"), "urn:mspac:client-info" } },
+    { PAC_DELEGATION_INFO,      { KV5M_DATA, STRLENOF("urn:mspac:delegation-info"), "urn:mspac:delegation-info" } },
+    { PAC_UPN_DNS_INFO,         { KV5M_DATA, STRLENOF("urn:mspac:upn-dns-info"), "urn:mspac:upn-dns-info" } },
 };
 
-#define MSPAC_ATTRIBUTE_COUNT	(sizeof(mspac_attribute_types)/sizeof(mspac_attribute_types[0]))
+#define MSPAC_ATTRIBUTE_COUNT   (sizeof(mspac_attribute_types)/sizeof(mspac_attribute_types[0]))
 
 static krb5_error_code
 mspac_type2attr(krb5_ui_4 type, krb5_data *attr)
@@ -1145,10 +1146,10 @@ mspac_type2attr(krb5_ui_4 type, krb5_data *attr)
     unsigned int i;
 
     for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) {
-	if (mspac_attribute_types[i].type == type) {
-	    *attr = mspac_attribute_types[i].attribute;
-	    return 0;
-	}
+        if (mspac_attribute_types[i].type == type) {
+            *attr = mspac_attribute_types[i].attribute;
+            return 0;
+        }
     }
 
     return ENOENT;
@@ -1160,22 +1161,22 @@ mspac_attr2type(const krb5_data *attr, krb5_ui_4 *type)
     unsigned int i;
 
     for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) {
-	if (attr->length == mspac_attribute_types[i].attribute.length &&
-	    strncasecmp(attr->data, mspac_attribute_types[i].attribute.data, attr->length) == 0) {
-	    *type = mspac_attribute_types[i].type;
-	    return 0;
-	}
+        if (attr->length == mspac_attribute_types[i].attribute.length &&
+            strncasecmp(attr->data, mspac_attribute_types[i].attribute.data, attr->length) == 0) {
+            *type = mspac_attribute_types[i].type;
+            return 0;
+        }
     }
 
     if (attr->length > STRLENOF("urn:mspac:") &&
-	strncasecmp(attr->data, "urn:mspac:", STRLENOF("urn:mspac:")) == 0)
+        strncasecmp(attr->data, "urn:mspac:", STRLENOF("urn:mspac:")) == 0)
     {
-	char *p = &attr->data[STRLENOF("urn:mspac:")];
-	char *endptr;
+        char *p = &attr->data[STRLENOF("urn:mspac:")];
+        char *endptr;
 
-	*type = strtoul(p, &endptr, 10);
-	if (*type != 0 && *endptr == '\0')
-	    return 0;
+        *type = strtoul(p, &endptr, 10);
+        if (*type != 0 && *endptr == '\0')
+            return 0;
     }
 
     return ENOENT;
@@ -1183,10 +1184,10 @@ mspac_attr2type(const krb5_data *attr, krb5_ui_4 *type)
 
 static krb5_error_code
 mspac_get_attribute_types(krb5_context kcontext,
-			  krb5_authdata_context context,
-			  void *plugin_context,
-			  void *request_context,
-			  krb5_data **out_attrs)
+                          krb5_authdata_context context,
+                          void *plugin_context,
+                          void *request_context,
+                          krb5_data **out_attrs)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
     unsigned int i, j;
@@ -1194,45 +1195,45 @@ mspac_get_attribute_types(krb5_context kcontext,
     krb5_error_code code;
 
     if (pacctx->pac == NULL)
-	return ENOENT;
+        return ENOENT;
 
     attrs = calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data));
     if (attrs == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     j = 0;
 
     /* The entire PAC */
     code = krb5int_copy_data_contents(kcontext,
-				      &mspac_attribute_types[0].attribute,
-				      &attrs[j++]);
+                                      &mspac_attribute_types[0].attribute,
+                                      &attrs[j++]);
     if (code != 0) {
-	free(attrs);
-	return code;
+        free(attrs);
+        return code;
     }
 
     /* PAC buffers */
     for (i = 0; i < pacctx->pac->pac->cBuffers; i++) {
-	krb5_data attr;
-
-	code = mspac_type2attr(pacctx->pac->pac->Buffers[i].ulType, &attr);
-	if (code == 0) {
-	    code = krb5int_copy_data_contents(kcontext, &attr, &attrs[j++]);
-	    if (code != 0) {
-		krb5int_free_data_list(kcontext, attrs);
-		return code;
-	    }
-	} else {
-	    int length;
-
-	    length = asprintf(&attrs[j].data, "urn:mspac:%d",
-			      pacctx->pac->pac->Buffers[i].ulType);
-	    if (length < 0) {
-		krb5int_free_data_list(kcontext, attrs);
-		return ENOMEM;
-	    }
-	    attrs[j++].length = length;
-	}
+        krb5_data attr;
+
+        code = mspac_type2attr(pacctx->pac->pac->Buffers[i].ulType, &attr);
+        if (code == 0) {
+            code = krb5int_copy_data_contents(kcontext, &attr, &attrs[j++]);
+            if (code != 0) {
+                krb5int_free_data_list(kcontext, attrs);
+                return code;
+            }
+        } else {
+            int length;
+
+            length = asprintf(&attrs[j].data, "urn:mspac:%d",
+                              pacctx->pac->pac->Buffers[i].ulType);
+            if (length < 0) {
+                krb5int_free_data_list(kcontext, attrs);
+                return ENOMEM;
+            }
+            attrs[j++].length = length;
+        }
     }
     attrs[j].data = NULL;
     attrs[j].length = 0;
@@ -1244,49 +1245,49 @@ mspac_get_attribute_types(krb5_context kcontext,
 
 static krb5_error_code
 mspac_get_attribute(krb5_context kcontext,
-		    krb5_authdata_context context,
-		    void *plugin_context,
-		    void *request_context,
-		    const krb5_data *attribute,
-		    krb5_boolean *authenticated,
-		    krb5_boolean *complete,
-		    krb5_data *value,
-		    krb5_data *display_value,
-		    int *more)
+                    krb5_authdata_context context,
+                    void *plugin_context,
+                    void *request_context,
+                    const krb5_data *attribute,
+                    krb5_boolean *authenticated,
+                    krb5_boolean *complete,
+                    krb5_data *value,
+                    krb5_data *display_value,
+                    int *more)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
     krb5_error_code code;
     krb5_ui_4 type;
 
     if (display_value != NULL) {
-	display_value->data = NULL;
-	display_value->length = 0;
+        display_value->data = NULL;
+        display_value->length = 0;
     }
 
     if (*more != -1 || pacctx->pac == NULL)
-	return ENOENT;
+        return ENOENT;
 
     code = mspac_attr2type(attribute, &type);
     if (code != 0)
-	return code;
+        return code;
 
     /* -1 is a magic type that refers to the entire PAC */
     if (type == (krb5_ui_4)-1) {
-	if (value != NULL)
-	    code = krb5int_copy_data_contents(kcontext,
-					      &pacctx->pac->data,
-					      value);
-	else
-	    code = 0;
+        if (value != NULL)
+            code = krb5int_copy_data_contents(kcontext,
+                                              &pacctx->pac->data,
+                                              value);
+        else
+            code = 0;
     } else {
-	if (value != NULL)
-	    code = krb5_pac_get_buffer(kcontext, pacctx->pac, type, value);
-	else
-	    code = k5_pac_locate_buffer(kcontext, pacctx->pac, type, NULL);
+        if (value != NULL)
+            code = krb5_pac_get_buffer(kcontext, pacctx->pac, type, value);
+        else
+            code = k5_pac_locate_buffer(kcontext, pacctx->pac, type, NULL);
     }
     if (code == 0) {
-	*authenticated = pacctx->pac->verified;
-	*complete = TRUE;
+        *authenticated = pacctx->pac->verified;
+        *complete = TRUE;
     }
 
     *more = 0;
@@ -1296,36 +1297,36 @@ mspac_get_attribute(krb5_context kcontext,
 
 static krb5_error_code
 mspac_set_attribute(krb5_context kcontext,
-		    krb5_authdata_context context,
-		    void *plugin_context,
-		    void *request_context,
-		    krb5_boolean complete,
-		    const krb5_data *attribute,
-		    const krb5_data *value)
+                    krb5_authdata_context context,
+                    void *plugin_context,
+                    void *request_context,
+                    krb5_boolean complete,
+                    const krb5_data *attribute,
+                    const krb5_data *value)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
     krb5_error_code code;
     krb5_ui_4 type;
 
     if (pacctx->pac == NULL)
-	return ENOENT;
+        return ENOENT;
 
     code = mspac_attr2type(attribute, &type);
     if (code != 0)
-	return code;
+        return code;
 
     /* -1 is a magic type that refers to the entire PAC */
     if (type == (krb5_ui_4)-1) {
-	krb5_pac newpac;
+        krb5_pac newpac;
 
-	code = krb5_pac_parse(kcontext, value->data, value->length, &newpac);
-	if (code != 0)
-	    return code;
+        code = krb5_pac_parse(kcontext, value->data, value->length, &newpac);
+        if (code != 0)
+            return code;
 
-	krb5_pac_free(kcontext, pacctx->pac);
-	pacctx->pac = newpac;
+        krb5_pac_free(kcontext, pacctx->pac);
+        pacctx->pac = newpac;
     } else {
-	code = krb5_pac_add_buffer(kcontext, pacctx->pac, type, value);
+        code = krb5_pac_add_buffer(kcontext, pacctx->pac, type, value);
     }
 
     return code;
@@ -1333,11 +1334,11 @@ mspac_set_attribute(krb5_context kcontext,
 
 static krb5_error_code
 mspac_export_internal(krb5_context kcontext,
-		      krb5_authdata_context context,
-		      void *plugin_context,
-		      void *request_context,
-		      krb5_boolean restrict_authenticated,
-		      void **ptr)
+                      krb5_authdata_context context,
+                      void *plugin_context,
+                      void *request_context,
+                      krb5_boolean restrict_authenticated,
+                      void **ptr)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
     krb5_error_code code;
@@ -1346,16 +1347,16 @@ mspac_export_internal(krb5_context kcontext,
     *ptr = NULL;
 
     if (pacctx->pac == NULL)
-	return 0;
+        return 0;
 
     if (restrict_authenticated && (pacctx->pac->verified) == FALSE)
-	return 0;
+        return 0;
 
     code = krb5_pac_parse(kcontext, pacctx->pac->data.data,
-			  pacctx->pac->data.length, &pac);
+                          pacctx->pac->data.length, &pac);
     if (code == 0) {
-	pac->verified = pacctx->pac->verified;
-	*ptr = pac;
+        pac->verified = pacctx->pac->verified;
+        *ptr = pac;
     }
 
     return code;
@@ -1363,30 +1364,30 @@ mspac_export_internal(krb5_context kcontext,
 
 static void
 mspac_free_internal(krb5_context kcontext,
-		    krb5_authdata_context context,
-		    void *plugin_context,
-		    void *request_context,
-		    void *ptr)
+                    krb5_authdata_context context,
+                    void *plugin_context,
+                    void *request_context,
+                    void *ptr)
 {
     if (ptr != NULL)
-	krb5_pac_free(kcontext, (krb5_pac)ptr);
+        krb5_pac_free(kcontext, (krb5_pac)ptr);
 
     return;
 }
 
 static krb5_error_code
 mspac_size(krb5_context kcontext,
-	   krb5_authdata_context context,
-	   void *plugin_context,
-	   void *request_context,
-	   size_t *sizep)
+           krb5_authdata_context context,
+           void *plugin_context,
+           void *request_context,
+           size_t *sizep)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
 
     *sizep += sizeof(krb5_int32);
 
     if (pacctx->pac != NULL)
-	*sizep += pacctx->pac->data.length;
+        *sizep += pacctx->pac->data.length;
 
     *sizep += sizeof(krb5_int32);
 
@@ -1395,11 +1396,11 @@ mspac_size(krb5_context kcontext,
 
 static krb5_error_code
 mspac_externalize(krb5_context kcontext,
-		  krb5_authdata_context context,
-		  void *plugin_context,
-		  void *request_context,
-		  krb5_octet **buffer,
-		  size_t *lenremain)
+                  krb5_authdata_context context,
+                  void *plugin_context,
+                  void *request_context,
+                  krb5_octet **buffer,
+                  size_t *lenremain)
 {
     krb5_error_code code = 0;
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
@@ -1411,23 +1412,23 @@ mspac_externalize(krb5_context kcontext,
     remain = *lenremain;
 
     if (pacctx->pac != NULL) {
-	mspac_size(kcontext, context, plugin_context,
-		   request_context, &required);
-
-	if (required <= remain) {
-	    krb5_ser_pack_int32((krb5_int32)pacctx->pac->data.length,
-				&bp, &remain);
-	    krb5_ser_pack_bytes((krb5_octet *)pacctx->pac->data.data,
-				(size_t)pacctx->pac->data.length,
-				&bp, &remain);
-	    krb5_ser_pack_int32((krb5_int32)pacctx->pac->verified,
-				&bp, &remain);
-	} else {
-	    code = ENOMEM;
-	}
+        mspac_size(kcontext, context, plugin_context,
+                   request_context, &required);
+
+        if (required <= remain) {
+            krb5_ser_pack_int32((krb5_int32)pacctx->pac->data.length,
+                                &bp, &remain);
+            krb5_ser_pack_bytes((krb5_octet *)pacctx->pac->data.data,
+                                (size_t)pacctx->pac->data.length,
+                                &bp, &remain);
+            krb5_ser_pack_int32((krb5_int32)pacctx->pac->verified,
+                                &bp, &remain);
+        } else {
+            code = ENOMEM;
+        }
     } else {
-	krb5_ser_pack_int32(0, &bp, &remain); /* length */
-	krb5_ser_pack_int32(0, &bp, &remain); /* verified */
+        krb5_ser_pack_int32(0, &bp, &remain); /* length */
+        krb5_ser_pack_int32(0, &bp, &remain); /* verified */
     }
 
     *buffer = bp;
@@ -1438,11 +1439,11 @@ mspac_externalize(krb5_context kcontext,
 
 static krb5_error_code
 mspac_internalize(krb5_context kcontext,
-		  krb5_authdata_context context,
-		  void *plugin_context,
-		  void *request_context,
-		  krb5_octet **buffer,
-		  size_t *lenremain)
+                  krb5_authdata_context context,
+                  void *plugin_context,
+                  void *request_context,
+                  krb5_octet **buffer,
+                  size_t *lenremain)
 {
     struct mspac_context *pacctx = (struct mspac_context *)request_context;
     krb5_error_code code;
@@ -1457,30 +1458,30 @@ mspac_internalize(krb5_context kcontext,
     /* length */
     code = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (code != 0)
-	return code;
+        return code;
 
     if (ibuf != 0) {
-	code = krb5_pac_parse(kcontext, bp, ibuf, &pac);
-	if (code != 0)
-	    return code;
+        code = krb5_pac_parse(kcontext, bp, ibuf, &pac);
+        if (code != 0)
+            return code;
 
-	bp += ibuf;
-	remain -= ibuf;
+        bp += ibuf;
+        remain -= ibuf;
     }
 
     /* verified */
     code = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (code != 0) {
-	krb5_pac_free(kcontext, pac);
-	return code;
+        krb5_pac_free(kcontext, pac);
+        return code;
     }
 
     if (pac != NULL) {
-	pac->verified = (ibuf != 0);
+        pac->verified = (ibuf != 0);
     }
 
     if (pacctx->pac != NULL) {
-	krb5_pac_free(kcontext, pacctx->pac);
+        krb5_pac_free(kcontext, pacctx->pac);
     }
 
     pacctx->pac = pac;
@@ -1493,11 +1494,11 @@ mspac_internalize(krb5_context kcontext,
 
 static krb5_error_code
 mspac_copy(krb5_context kcontext,
-	   krb5_authdata_context context,
-	   void *plugin_context,
-	   void *request_context,
-	   void *dst_plugin_context,
-	   void *dst_request_context)
+           krb5_authdata_context context,
+           void *plugin_context,
+           void *request_context,
+           void *dst_plugin_context,
+           void *dst_request_context)
 {
     struct mspac_context *srcctx = (struct mspac_context *)request_context;
     struct mspac_context *dstctx = (struct mspac_context *)dst_request_context;
@@ -1507,7 +1508,7 @@ mspac_copy(krb5_context kcontext,
     assert(dstctx->pac == NULL);
 
     if (srcctx->pac != NULL)
-	code = k5_pac_copy(kcontext, srcctx->pac, &dstctx->pac);
+        code = k5_pac_copy(kcontext, srcctx->pac, &dstctx->pac);
 
     return code;
 }
@@ -1536,4 +1537,3 @@ krb5plugin_authdata_client_ftable_v0 krb5int_mspac_authdata_client_ftable = {
     mspac_internalize,
     mspac_copy
 };
-
diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c
index 5dd29fb43..b78cc4311 100644
--- a/src/lib/krb5/krb/parse.c
+++ b/src/lib/krb5/krb/parse.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/parse.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_parse_name() routine.
  *
@@ -37,27 +38,27 @@
  * converts a single-string representation of the name to the
  * multi-part principal format used in the protocols.
  *
- * principal will point to allocated storage which should be freed by 
+ * principal will point to allocated storage which should be freed by
  * the caller (using krb5_free_principal) after use.
- * 
+ *
  * Conventions:  / is used to separate components.  If @ is present in the
  * string, then the rest of the string after it represents the realm name.
  * Otherwise the local realm name is used.
- * 
+ *
  * error return:
- *	KRB5_PARSE_MALFORMED	badly formatted string
+ *      KRB5_PARSE_MALFORMED    badly formatted string
  *
  * also returns system errors:
- *	ENOMEM	malloc failed/out of memory
+ *      ENOMEM  malloc failed/out of memory
  *
  * get_default_realm() is called; it may return other errors.
  */
 
-#define REALM_SEP	'@'
-#define	COMPONENT_SEP	'/'
-#define QUOTECHAR	'\\'
+#define REALM_SEP       '@'
+#define COMPONENT_SEP   '/'
+#define QUOTECHAR       '\\'
 
-#define FCOMPNUM	10
+#define FCOMPNUM        10
 
 /*
  * May the fleas of a thousand camels infest the ISO, they who think
@@ -65,276 +66,276 @@
  */
 static krb5_error_code
 k5_parse_name(krb5_context context, const char *name,
-	      int flags, krb5_principal *nprincipal)
+              int flags, krb5_principal *nprincipal)
 {
-	register const char	*cp;
-	register char	*q;
-	register int	i,c,size;
-	int		components = 0;
-	const char	*parsed_realm = NULL;
-	int		fcompsize[FCOMPNUM];
-	unsigned int	realmsize = 0;
-	char		*default_realm = NULL;
-	int		default_realm_size = 0;
-	char		*tmpdata;
-	krb5_principal	principal;
-	krb5_error_code retval;
-	unsigned int	enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
-	int		first_at;
+    register const char     *cp;
+    register char   *q;
+    register int    i,c,size;
+    int             components = 0;
+    const char      *parsed_realm = NULL;
+    int             fcompsize[FCOMPNUM];
+    unsigned int    realmsize = 0;
+    char            *default_realm = NULL;
+    int             default_realm_size = 0;
+    char            *tmpdata;
+    krb5_principal  principal;
+    krb5_error_code retval;
+    unsigned int    enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE);
+    int             first_at;
 
-	*nprincipal = NULL;
+    *nprincipal = NULL;
 
-	/*
-	 * Pass 1.  Find out how many components there are to the name,
-	 * and get string sizes for the first FCOMPNUM components. For
-	 * enterprise principal names (UPNs), there is only a single
-	 * component.
-	 */
-	size = 0;
-	for (i=0,cp = name, first_at = 1; (c = *cp); cp++) {
-		if (c == QUOTECHAR) {
-			cp++;
-			if (!(c = *cp))
-				/*
-			 	 * QUOTECHAR can't be at the last
-			 	 * character of the name!
-			 	 */
-				return(KRB5_PARSE_MALFORMED);
-			size++;
-			continue;
-		} else if (c == COMPONENT_SEP && !enterprise) {
-			if (parsed_realm)
-				/*
-				 * Shouldn't see a component separator
-				 * after we've parsed out the realm name!
-				 */
-				return(KRB5_PARSE_MALFORMED);
-			if (i < FCOMPNUM) {
-				fcompsize[i] = size;
-			}
-			size = 0;
-			i++;
-		} else if (c == REALM_SEP && (!enterprise || !first_at)) {
-			if (parsed_realm)
-				/*
-				 * Multiple realm separaters
-				 * not allowed; zero-length realms are.
-				 */
-				return(KRB5_PARSE_MALFORMED);
-			parsed_realm = cp + 1;
-			if (i < FCOMPNUM) {
-				fcompsize[i] = size;
-			}
-			size = 0;
-		} else {
-			if (c == REALM_SEP && enterprise && first_at)
-				first_at = 0;
+    /*
+     * Pass 1.  Find out how many components there are to the name,
+     * and get string sizes for the first FCOMPNUM components. For
+     * enterprise principal names (UPNs), there is only a single
+     * component.
+     */
+    size = 0;
+    for (i=0,cp = name, first_at = 1; (c = *cp); cp++) {
+        if (c == QUOTECHAR) {
+            cp++;
+            if (!(c = *cp))
+                /*
+                 * QUOTECHAR can't be at the last
+                 * character of the name!
+                 */
+                return(KRB5_PARSE_MALFORMED);
+            size++;
+            continue;
+        } else if (c == COMPONENT_SEP && !enterprise) {
+            if (parsed_realm)
+                /*
+                 * Shouldn't see a component separator
+                 * after we've parsed out the realm name!
+                 */
+                return(KRB5_PARSE_MALFORMED);
+            if (i < FCOMPNUM) {
+                fcompsize[i] = size;
+            }
+            size = 0;
+            i++;
+        } else if (c == REALM_SEP && (!enterprise || !first_at)) {
+            if (parsed_realm)
+                /*
+                 * Multiple realm separaters
+                 * not allowed; zero-length realms are.
+                 */
+                return(KRB5_PARSE_MALFORMED);
+            parsed_realm = cp + 1;
+            if (i < FCOMPNUM) {
+                fcompsize[i] = size;
+            }
+            size = 0;
+        } else {
+            if (c == REALM_SEP && enterprise && first_at)
+                first_at = 0;
 
-			size++;
-		}
-	}
-	if (parsed_realm != NULL)
-		realmsize = size;
-	else if (i < FCOMPNUM) 
-		fcompsize[i] = size;
-	components = i + 1;
-	/*
-	 * Now, we allocate the principal structure and all of its
-	 * component pieces
-	 */
-	principal = (krb5_principal)malloc(sizeof(krb5_principal_data));
-	if (principal == NULL) {
-	    return(ENOMEM);
-	}
-	principal->data = (krb5_data *) malloc(sizeof(krb5_data) * components);
-	if (principal->data == NULL) {
-	    free(principal);
-	    return ENOMEM;
-	}
-	principal->length = components;
+            size++;
+        }
+    }
+    if (parsed_realm != NULL)
+        realmsize = size;
+    else if (i < FCOMPNUM)
+        fcompsize[i] = size;
+    components = i + 1;
+    /*
+     * Now, we allocate the principal structure and all of its
+     * component pieces
+     */
+    principal = (krb5_principal)malloc(sizeof(krb5_principal_data));
+    if (principal == NULL) {
+        return(ENOMEM);
+    }
+    principal->data = (krb5_data *) malloc(sizeof(krb5_data) * components);
+    if (principal->data == NULL) {
+        free(principal);
+        return ENOMEM;
+    }
+    principal->length = components;
 
-	/*
-	 * If a realm was not found, then use the default realm, unless
-	 * KRB5_PRINCIPAL_PARSE_NO_REALM was specified in which case the
-	 * realm will be empty.
-	 */
-	if (!parsed_realm) {
-	    if (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM) {
-		krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
-				       "Principal %s is missing required realm", name);
-		free(principal->data);
-		free(principal);
-		return KRB5_PARSE_MALFORMED;
-	    }
-	    if (!default_realm && (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) == 0) {
-		retval = krb5_get_default_realm(context, &default_realm);
-		if (retval) {
-		    free(principal->data);
-		    free(principal);
-		    return(retval);
-		}
-		default_realm_size = strlen(default_realm);
-	    }
-	    realmsize = default_realm_size;
-	} else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
-	    krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
-				  "Principal %s has realm present", name);
-	    free(principal->data);
-	    free(principal);
-	    return KRB5_PARSE_MALFORMED;
-	}
+    /*
+     * If a realm was not found, then use the default realm, unless
+     * KRB5_PRINCIPAL_PARSE_NO_REALM was specified in which case the
+     * realm will be empty.
+     */
+    if (!parsed_realm) {
+        if (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM) {
+            krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
+                                   "Principal %s is missing required realm", name);
+            free(principal->data);
+            free(principal);
+            return KRB5_PARSE_MALFORMED;
+        }
+        if (!default_realm && (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) == 0) {
+            retval = krb5_get_default_realm(context, &default_realm);
+            if (retval) {
+                free(principal->data);
+                free(principal);
+                return(retval);
+            }
+            default_realm_size = strlen(default_realm);
+        }
+        realmsize = default_realm_size;
+    } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) {
+        krb5_set_error_message(context, KRB5_PARSE_MALFORMED,
+                               "Principal %s has realm present", name);
+        free(principal->data);
+        free(principal);
+        return KRB5_PARSE_MALFORMED;
+    }
 
-	/*
-	 * Pass 2.  Happens only if there were more than FCOMPNUM
-	 * component; if this happens, someone should be shot
-	 * immediately.  Nevertheless, we will attempt to handle said
-	 * case..... <martyred sigh>
-	 */
-	if (components >= FCOMPNUM) {
-		size = 0;
-		parsed_realm = NULL;
-		for (i=0,cp = name; (c = *cp); cp++) {
-			if (c == QUOTECHAR) {
-				cp++;
-				size++;
-			} else if (c == COMPONENT_SEP) {
-				if (krb5_princ_size(context, principal) > i)
-					krb5_princ_component(context, principal, i)->length = size;
-				size = 0;
-				i++;
-			} else if (c == REALM_SEP) {
-				if (krb5_princ_size(context, principal) > i)
-					krb5_princ_component(context, principal, i)->length = size;
-				size = 0;
-				parsed_realm = cp+1;
-			} else
-				size++;
-		}
-		if (parsed_realm)
-			krb5_princ_realm(context, principal)->length = size;
-		else
-			if (krb5_princ_size(context, principal) > i)
-				krb5_princ_component(context, principal, i)->length = size;
-		if (i + 1 != components) {
+    /*
+     * Pass 2.  Happens only if there were more than FCOMPNUM
+     * component; if this happens, someone should be shot
+     * immediately.  Nevertheless, we will attempt to handle said
+     * case..... <martyred sigh>
+     */
+    if (components >= FCOMPNUM) {
+        size = 0;
+        parsed_realm = NULL;
+        for (i=0,cp = name; (c = *cp); cp++) {
+            if (c == QUOTECHAR) {
+                cp++;
+                size++;
+            } else if (c == COMPONENT_SEP) {
+                if (krb5_princ_size(context, principal) > i)
+                    krb5_princ_component(context, principal, i)->length = size;
+                size = 0;
+                i++;
+            } else if (c == REALM_SEP) {
+                if (krb5_princ_size(context, principal) > i)
+                    krb5_princ_component(context, principal, i)->length = size;
+                size = 0;
+                parsed_realm = cp+1;
+            } else
+                size++;
+        }
+        if (parsed_realm)
+            krb5_princ_realm(context, principal)->length = size;
+        else
+            if (krb5_princ_size(context, principal) > i)
+                krb5_princ_component(context, principal, i)->length = size;
+        if (i + 1 != components) {
 #if !defined(_WIN32)
-		    fprintf(stderr,
-			    "Programming error in krb5_parse_name!");
+            fprintf(stderr,
+                    "Programming error in krb5_parse_name!");
 #endif
-		    assert(i + 1 == components);
-		    abort();
-		}
-	} else {
-		/*
-		 * If there were fewer than FCOMPSIZE components (the
-		 * usual case), then just copy the sizes to the
-		 * principal structure
-		 */
-		for (i=0; i < components; i++)
-			krb5_princ_component(context, principal, i)->length = fcompsize[i];
-	}
-	/*	
-	 * Now, we need to allocate the space for the strings themselves.....
-	 */
-	tmpdata = malloc(realmsize + 1);
-	if (tmpdata == 0) {
-		free(principal->data);
-		free(principal);
-		free(default_realm);
-		return ENOMEM;
-	}
-	krb5_princ_set_realm_length(context, principal, realmsize);
-	krb5_princ_set_realm_data(context, principal, tmpdata);
-	for (i=0; i < components; i++) {
-		char *tmpdata2 =
-		  malloc(krb5_princ_component(context, principal, i)->length + 1);
-		if (tmpdata2 == NULL) {
-			for (i--; i >= 0; i--)
-				free(krb5_princ_component(context, principal, i)->data);
-			free(krb5_princ_realm(context, principal)->data);
-			free(principal->data);
-			free(principal);
-			free(default_realm);
-			return(ENOMEM);
-		}
-		krb5_princ_component(context, principal, i)->data = tmpdata2;
-		krb5_princ_component(context, principal, i)->magic = KV5M_DATA;
-	}
-	
-	/*
-	 * Pass 3.  Now we go through the string a *third* time, this
-	 * time filling in the krb5_principal structure which we just
-	 * allocated.
-	 */
-	q = krb5_princ_component(context, principal, 0)->data;
-	for (i=0,cp = name, first_at = 1; (c = *cp); cp++) {
-		if (c == QUOTECHAR) {
-			cp++;
-			switch (c = *cp) {
-			case 'n':
-				*q++ = '\n';
-				break;
-			case 't':
-				*q++ = '\t';
-				break;
-			case 'b':
-				*q++ = '\b';
-				break;
-			case '0':
-				*q++ = '\0';
-				break;
-			default:
-				*q++ = c;
-				break;
-			}
-		} else if (c == COMPONENT_SEP && !enterprise) {
-			i++;
-			*q++ = '\0';
-			q = krb5_princ_component(context, principal, i)->data;
-		} else if (c == REALM_SEP && (!enterprise || !first_at)) {
-			i++;
-			*q++ = '\0';
-			q = krb5_princ_realm(context, principal)->data;
-		} else {
-			if (c == REALM_SEP && enterprise && first_at)
-				first_at = 0;
+            assert(i + 1 == components);
+            abort();
+        }
+    } else {
+        /*
+         * If there were fewer than FCOMPSIZE components (the
+         * usual case), then just copy the sizes to the
+         * principal structure
+         */
+        for (i=0; i < components; i++)
+            krb5_princ_component(context, principal, i)->length = fcompsize[i];
+    }
+    /*
+     * Now, we need to allocate the space for the strings themselves.....
+     */
+    tmpdata = malloc(realmsize + 1);
+    if (tmpdata == 0) {
+        free(principal->data);
+        free(principal);
+        free(default_realm);
+        return ENOMEM;
+    }
+    krb5_princ_set_realm_length(context, principal, realmsize);
+    krb5_princ_set_realm_data(context, principal, tmpdata);
+    for (i=0; i < components; i++) {
+        char *tmpdata2 =
+            malloc(krb5_princ_component(context, principal, i)->length + 1);
+        if (tmpdata2 == NULL) {
+            for (i--; i >= 0; i--)
+                free(krb5_princ_component(context, principal, i)->data);
+            free(krb5_princ_realm(context, principal)->data);
+            free(principal->data);
+            free(principal);
+            free(default_realm);
+            return(ENOMEM);
+        }
+        krb5_princ_component(context, principal, i)->data = tmpdata2;
+        krb5_princ_component(context, principal, i)->magic = KV5M_DATA;
+    }
+
+    /*
+     * Pass 3.  Now we go through the string a *third* time, this
+     * time filling in the krb5_principal structure which we just
+     * allocated.
+     */
+    q = krb5_princ_component(context, principal, 0)->data;
+    for (i=0,cp = name, first_at = 1; (c = *cp); cp++) {
+        if (c == QUOTECHAR) {
+            cp++;
+            switch (c = *cp) {
+            case 'n':
+                *q++ = '\n';
+                break;
+            case 't':
+                *q++ = '\t';
+                break;
+            case 'b':
+                *q++ = '\b';
+                break;
+            case '0':
+                *q++ = '\0';
+                break;
+            default:
+                *q++ = c;
+                break;
+            }
+        } else if (c == COMPONENT_SEP && !enterprise) {
+            i++;
+            *q++ = '\0';
+            q = krb5_princ_component(context, principal, i)->data;
+        } else if (c == REALM_SEP && (!enterprise || !first_at)) {
+            i++;
+            *q++ = '\0';
+            q = krb5_princ_realm(context, principal)->data;
+        } else {
+            if (c == REALM_SEP && enterprise && first_at)
+                first_at = 0;
 
-			*q++ = c;
-		}
-	}
-	*q++ = '\0';
-	if (!parsed_realm) {
-		if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM)
-			(krb5_princ_realm(context, principal)->data)[0] = '\0';
-		else
-			strlcpy(krb5_princ_realm(context, principal)->data, default_realm, realmsize+1);
-	}
-	/*
-	 * Alright, we're done.  Now stuff a pointer to this monstrosity
-	 * into the return variable, and let's get out of here.
-	 */
-	if (enterprise)
-		krb5_princ_type(context, principal) = KRB5_NT_ENTERPRISE_PRINCIPAL;
-	else
-		krb5_princ_type(context, principal) = KRB5_NT_PRINCIPAL;
-	principal->magic = KV5M_PRINCIPAL;
-	principal->realm.magic = KV5M_DATA;
-	*nprincipal = principal;
+            *q++ = c;
+        }
+    }
+    *q++ = '\0';
+    if (!parsed_realm) {
+        if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM)
+            (krb5_princ_realm(context, principal)->data)[0] = '\0';
+        else
+            strlcpy(krb5_princ_realm(context, principal)->data, default_realm, realmsize+1);
+    }
+    /*
+     * Alright, we're done.  Now stuff a pointer to this monstrosity
+     * into the return variable, and let's get out of here.
+     */
+    if (enterprise)
+        krb5_princ_type(context, principal) = KRB5_NT_ENTERPRISE_PRINCIPAL;
+    else
+        krb5_princ_type(context, principal) = KRB5_NT_PRINCIPAL;
+    principal->magic = KV5M_PRINCIPAL;
+    principal->realm.magic = KV5M_DATA;
+    *nprincipal = principal;
 
-	if (default_realm != NULL)
-		free(default_realm);
+    if (default_realm != NULL)
+        free(default_realm);
 
-	return(0);
+    return(0);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincipal)
 {
-	 return k5_parse_name(context, name, 0, nprincipal);
+    return k5_parse_name(context, name, 0, nprincipal);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_parse_name_flags(krb5_context context, const char *name,
-		      int flags, krb5_principal *nprincipal)
+                      int flags, krb5_principal *nprincipal)
 {
-	 return k5_parse_name(context, name, flags, nprincipal);
+    return k5_parse_name(context, name, flags, nprincipal);
 }
diff --git a/src/lib/krb5/krb/pkinit_apple_asn1.c b/src/lib/krb5/krb/pkinit_apple_asn1.c
index 9082a314b..12b5215be 100644
--- a/src/lib/krb5/krb/pkinit_apple_asn1.c
+++ b/src/lib/krb5/krb/pkinit_apple_asn1.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2004-2008 Apple Inc.  All Rights Reserved.
  *
@@ -60,32 +61,32 @@ static void **pkiNssNullArray(
 
 #pragma mark ----- pkAuthenticator -----
 
-/* 
+/*
  * There is a unique error code for "missing paChecksum", so we mark it here
- * as optional so the decoder can process a pkAuthenticator without the 
+ * as optional so the decoder can process a pkAuthenticator without the
  * checksum; caller must verify that paChecksum.Data != NULL.
  */
 typedef struct {
-    CSSM_DATA       cusec;			/* INTEGER, microseconds */
-    CSSM_DATA       kctime;			/* UTC time (with trailing 'Z') */
-    CSSM_DATA       nonce;			/* INTEGER */
-    CSSM_DATA	    paChecksum;			/* OCTET STRING */
+    CSSM_DATA       cusec;                      /* INTEGER, microseconds */
+    CSSM_DATA       kctime;                     /* UTC time (with trailing 'Z') */
+    CSSM_DATA       nonce;                      /* INTEGER */
+    CSSM_DATA       paChecksum;                 /* OCTET STRING */
 } KRB5_PKAuthenticator;
 
 static const SecAsn1Template KRB5_PKAuthenticatorTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_PKAuthenticator) },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0,
-      offsetof(KRB5_PKAuthenticator,cusec), 
+      offsetof(KRB5_PKAuthenticator,cusec),
       kSecAsn1IntegerTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 1,
-      offsetof(KRB5_PKAuthenticator,kctime), 
+      offsetof(KRB5_PKAuthenticator,kctime),
       kSecAsn1GeneralizedTimeTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 2,
-      offsetof(KRB5_PKAuthenticator,nonce), 
+      offsetof(KRB5_PKAuthenticator,nonce),
       kSecAsn1IntegerTemplate },
-    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 
-	    SEC_ASN1_OPTIONAL | 3,
-      offsetof(KRB5_PKAuthenticator,paChecksum), 
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+      SEC_ASN1_OPTIONAL | 3,
+      offsetof(KRB5_PKAuthenticator,paChecksum),
       &kSecAsn1OctetStringTemplate },
     { 0 }
 };
@@ -93,25 +94,25 @@ static const SecAsn1Template KRB5_PKAuthenticatorTemplate[] = {
 #pragma mark ----- AuthPack -----
 
 typedef struct {
-    KRB5_PKAuthenticator		pkAuth;
-    CSSM_X509_SUBJECT_PUBLIC_KEY_INFO   *pubKeyInfo;	    /* OPTIONAL */
-    CSSM_X509_ALGORITHM_IDENTIFIER	**supportedCMSTypes;/* OPTIONAL */
-    CSSM_DATA				*clientDHNonce;	    /* OPTIONAL */
+    KRB5_PKAuthenticator                pkAuth;
+    CSSM_X509_SUBJECT_PUBLIC_KEY_INFO   *pubKeyInfo;        /* OPTIONAL */
+    CSSM_X509_ALGORITHM_IDENTIFIER      **supportedCMSTypes;/* OPTIONAL */
+    CSSM_DATA                           *clientDHNonce;     /* OPTIONAL */
 } KRB5_AuthPack;
 
-/* 
+/*
  * These are copied from keyTemplates.c in the libsecurity_asn1 project;
  * they aren't public API.
  */
- 
+
 /* AlgorithmIdentifier : CSSM_X509_ALGORITHM_IDENTIFIER */
 static const SecAsn1Template AlgorithmIDTemplate[] = {
     { SEC_ASN1_SEQUENCE,
-	  0, NULL, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER) },
+      0, NULL, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER) },
     { SEC_ASN1_OBJECT_ID,
-	  offsetof(CSSM_X509_ALGORITHM_IDENTIFIER,algorithm), },
+      offsetof(CSSM_X509_ALGORITHM_IDENTIFIER,algorithm), },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
-	  offsetof(CSSM_X509_ALGORITHM_IDENTIFIER,parameters), },
+      offsetof(CSSM_X509_ALGORITHM_IDENTIFIER,parameters), },
     { 0, }
 };
 
@@ -119,12 +120,12 @@ static const SecAsn1Template AlgorithmIDTemplate[] = {
 /* SubjectPublicKeyInfo : CSSM_X509_SUBJECT_PUBLIC_KEY_INFO */
 static const SecAsn1Template SubjectPublicKeyInfoTemplate[] = {
     { SEC_ASN1_SEQUENCE,
-	  0, NULL, sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO) },
+      0, NULL, sizeof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO) },
     { SEC_ASN1_INLINE,
-	  offsetof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO,algorithm),
-	  AlgorithmIDTemplate },
+      offsetof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO,algorithm),
+      AlgorithmIDTemplate },
     { SEC_ASN1_BIT_STRING,
-	  offsetof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO,subjectPublicKey), },
+      offsetof(CSSM_X509_SUBJECT_PUBLIC_KEY_INFO,subjectPublicKey), },
     { 0, }
 };
 
@@ -137,34 +138,34 @@ static const SecAsn1Template kSecAsn1SequenceOfAlgIdTemplate[] = {
 static const SecAsn1Template KRB5_AuthPackTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_AuthPack) },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0,
-      offsetof(KRB5_AuthPack,pkAuth), 
+      offsetof(KRB5_AuthPack,pkAuth),
       KRB5_PKAuthenticatorTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
-	SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 1,
-      offsetof(KRB5_AuthPack,pubKeyInfo), 
+      SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 1,
+      offsetof(KRB5_AuthPack,pubKeyInfo),
       SubjectPublicKeyInfoTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
-	SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 2,
-      offsetof(KRB5_AuthPack,supportedCMSTypes), 
+      SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 2,
+      offsetof(KRB5_AuthPack,supportedCMSTypes),
       kSecAsn1SequenceOfAlgIdTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
-	SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 3,
-      offsetof(KRB5_AuthPack,clientDHNonce), 
+      SEC_ASN1_EXPLICIT | SEC_ASN1_POINTER | 3,
+      offsetof(KRB5_AuthPack,clientDHNonce),
       kSecAsn1OctetStringTemplate },
     { 0 }
 };
 
-/* 
+/*
  * Encode AuthPack, public key version (no Diffie-Hellman components).
  */
 krb5_error_code krb5int_pkinit_auth_pack_encode(
-    krb5_timestamp		kctime,      
-    krb5_int32			cusec,		    /* microseconds */
-    krb5_ui_4			nonce,
-    const krb5_checksum		*pa_checksum,
-    const krb5int_algorithm_id	*cms_types,	    /* optional */
-    krb5_ui_4			num_cms_types,
-    krb5_data			*auth_pack) /* mallocd and RETURNED */
+    krb5_timestamp              kctime,
+    krb5_int32                  cusec,              /* microseconds */
+    krb5_ui_4                   nonce,
+    const krb5_checksum         *pa_checksum,
+    const krb5int_algorithm_id  *cms_types,         /* optional */
+    krb5_ui_4                   num_cms_types,
+    krb5_data                   *auth_pack) /* mallocd and RETURNED */
 {
     KRB5_AuthPack localAuthPack;
     SecAsn1CoderRef coder;
@@ -173,65 +174,65 @@ krb5_error_code krb5int_pkinit_auth_pack_encode(
     CSSM_DATA ber = {0, NULL};
     OSStatus ortn;
     char *timeStr = NULL;
-    
+
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     memset(&localAuthPack, 0, sizeof(localAuthPack));
     if(pkiKrbTimestampToStr(kctime, &timeStr)) {
-	ourRtn = -1;
-	goto errOut;
+        ourRtn = -1;
+        goto errOut;
     }
     localAuthPack.pkAuth.kctime.Data = (uint8 *)timeStr;
     localAuthPack.pkAuth.kctime.Length = strlen(timeStr);
     if(pkiIntToData(cusec, &localAuthPack.pkAuth.cusec, coder)) {
-	ourRtn = ENOMEM;
-	goto errOut;
+        ourRtn = ENOMEM;
+        goto errOut;
     }
     if(pkiIntToData(nonce, &localAuthPack.pkAuth.nonce, coder)) {
-	ourRtn = ENOMEM;
-	goto errOut;
+        ourRtn = ENOMEM;
+        goto errOut;
     }
     cksum->Data = (uint8 *)pa_checksum->contents;
     cksum->Length = pa_checksum->length;
-    
+
     if((cms_types != NULL) && (num_cms_types != 0)) {
-	unsigned dex;
-	CSSM_X509_ALGORITHM_IDENTIFIER **algIds;
-	
-	/* build a NULL_terminated array of CSSM_X509_ALGORITHM_IDENTIFIERs */
-	localAuthPack.supportedCMSTypes = (CSSM_X509_ALGORITHM_IDENTIFIER **)
-	    SecAsn1Malloc(coder,
-		(num_cms_types + 1) * sizeof(CSSM_X509_ALGORITHM_IDENTIFIER *));
-	algIds = localAuthPack.supportedCMSTypes;
-	for(dex=0; dex<num_cms_types; dex++) {
-	    algIds[dex] = (CSSM_X509_ALGORITHM_IDENTIFIER *)
-		SecAsn1Malloc(coder, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER));
-	    pkiKrb5DataToCssm(&cms_types[dex].algorithm, 
-		&algIds[dex]->algorithm, coder);
-	    if(cms_types[dex].parameters.data != NULL) {
-		pkiKrb5DataToCssm(&cms_types[dex].parameters, 
-		    &algIds[dex]->parameters, coder);
-	    }
-	    else {
-		algIds[dex]->parameters.Data = NULL;
-		algIds[dex]->parameters.Length = 0;
-	    }
-	}
-	algIds[num_cms_types] = NULL;
+        unsigned dex;
+        CSSM_X509_ALGORITHM_IDENTIFIER **algIds;
+
+        /* build a NULL_terminated array of CSSM_X509_ALGORITHM_IDENTIFIERs */
+        localAuthPack.supportedCMSTypes = (CSSM_X509_ALGORITHM_IDENTIFIER **)
+            SecAsn1Malloc(coder,
+                          (num_cms_types + 1) * sizeof(CSSM_X509_ALGORITHM_IDENTIFIER *));
+        algIds = localAuthPack.supportedCMSTypes;
+        for(dex=0; dex<num_cms_types; dex++) {
+            algIds[dex] = (CSSM_X509_ALGORITHM_IDENTIFIER *)
+                SecAsn1Malloc(coder, sizeof(CSSM_X509_ALGORITHM_IDENTIFIER));
+            pkiKrb5DataToCssm(&cms_types[dex].algorithm,
+                              &algIds[dex]->algorithm, coder);
+            if(cms_types[dex].parameters.data != NULL) {
+                pkiKrb5DataToCssm(&cms_types[dex].parameters,
+                                  &algIds[dex]->parameters, coder);
+            }
+            else {
+                algIds[dex]->parameters.Data = NULL;
+                algIds[dex]->parameters.Length = 0;
+            }
+        }
+        algIds[num_cms_types] = NULL;
     }
     ortn = SecAsn1EncodeItem(coder, &localAuthPack, KRB5_AuthPackTemplate, &ber);
     if(ortn) {
-	ourRtn = ENOMEM;
-	goto errOut;
+        ourRtn = ENOMEM;
+        goto errOut;
     }
-    
+
     if(pkiCssmDataToKrb5Data(&ber, auth_pack)) {
-	ourRtn = ENOMEM;
+        ourRtn = ENOMEM;
     }
     else {
-	auth_pack->magic = KV5M_AUTHENTICATOR;
-	ourRtn = 0;
+        auth_pack->magic = KV5M_AUTHENTICATOR;
+        ourRtn = 0;
     }
 errOut:
     SecAsn1CoderRelease(coder);
@@ -242,102 +243,102 @@ errOut:
  * Decode AuthPack, public key version (no Diffie-Hellman components).
  */
 krb5_error_code krb5int_pkinit_auth_pack_decode(
-    const krb5_data	*auth_pack,     /* DER encoded */
-    krb5_timestamp      *kctime,	/* RETURNED */
-    krb5_ui_4		*cusec,		/* microseconds, RETURNED */
-    krb5_ui_4		*nonce,		/* RETURNED */
-    krb5_checksum       *pa_checksum,	/* contents mallocd and RETURNED */
-    krb5int_algorithm_id **cms_types,	/* optionally mallocd and RETURNED */
-    krb5_ui_4		*num_cms_types)	/* optionally RETURNED */
+    const krb5_data     *auth_pack,     /* DER encoded */
+    krb5_timestamp      *kctime,        /* RETURNED */
+    krb5_ui_4           *cusec,         /* microseconds, RETURNED */
+    krb5_ui_4           *nonce,         /* RETURNED */
+    krb5_checksum       *pa_checksum,   /* contents mallocd and RETURNED */
+    krb5int_algorithm_id **cms_types,   /* optionally mallocd and RETURNED */
+    krb5_ui_4           *num_cms_types) /* optionally RETURNED */
 {
     KRB5_AuthPack localAuthPack;
     SecAsn1CoderRef coder;
     CSSM_DATA der = {0, NULL};
     krb5_error_code ourRtn = 0;
     CSSM_DATA *cksum = &localAuthPack.pkAuth.paChecksum;
-    
+
     /* Decode --> localAuthPack */
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     PKI_KRB_TO_CSSM_DATA(auth_pack, &der);
     memset(&localAuthPack, 0, sizeof(localAuthPack));
     if(SecAsn1DecodeData(coder, &der, KRB5_AuthPackTemplate, &localAuthPack)) {
-	ourRtn = ASN1_BAD_FORMAT;
-	goto errOut;
+        ourRtn = ASN1_BAD_FORMAT;
+        goto errOut;
     }
-    
+
     /* optionally Convert KRB5_AuthPack to caller's params */
     if(kctime) {
-	if((ourRtn = pkiTimeStrToKrbTimestamp((char *)localAuthPack.pkAuth.kctime.Data,
-		localAuthPack.pkAuth.kctime.Length, kctime))) {
-	    goto errOut;
-	}
+        if((ourRtn = pkiTimeStrToKrbTimestamp((char *)localAuthPack.pkAuth.kctime.Data,
+                                              localAuthPack.pkAuth.kctime.Length, kctime))) {
+            goto errOut;
+        }
     }
     if(cusec) {
-	if((ourRtn = pkiDataToInt(&localAuthPack.pkAuth.cusec, (krb5_int32 *)cusec))) {
-	    goto errOut;
-	}
+        if((ourRtn = pkiDataToInt(&localAuthPack.pkAuth.cusec, (krb5_int32 *)cusec))) {
+            goto errOut;
+        }
     }
     if(nonce) {
-	if((ourRtn = pkiDataToInt(&localAuthPack.pkAuth.nonce, (krb5_int32 *)nonce))) {
-	    goto errOut;
-	}
+        if((ourRtn = pkiDataToInt(&localAuthPack.pkAuth.nonce, (krb5_int32 *)nonce))) {
+            goto errOut;
+        }
     }
     if(pa_checksum) {
-	if(cksum->Length == 0) {
-	    /* This is the unique error for "no paChecksum" */
-	    ourRtn = KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
-	    goto errOut;
-	}
-	else {
-	    pa_checksum->contents = (krb5_octet *)malloc(cksum->Length);
-	    if(pa_checksum->contents == NULL) {
-		ourRtn = ENOMEM;
-		goto errOut;
-	    }
-	    pa_checksum->length = cksum->Length;
-	    memmove(pa_checksum->contents, cksum->Data, pa_checksum->length);
-	    pa_checksum->magic = KV5M_CHECKSUM;
-	    /* This used to be encoded with the checksum but no more... */
-	    pa_checksum->checksum_type = CKSUMTYPE_NIST_SHA;
-	}
+        if(cksum->Length == 0) {
+            /* This is the unique error for "no paChecksum" */
+            ourRtn = KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
+            goto errOut;
+        }
+        else {
+            pa_checksum->contents = (krb5_octet *)malloc(cksum->Length);
+            if(pa_checksum->contents == NULL) {
+                ourRtn = ENOMEM;
+                goto errOut;
+            }
+            pa_checksum->length = cksum->Length;
+            memmove(pa_checksum->contents, cksum->Data, pa_checksum->length);
+            pa_checksum->magic = KV5M_CHECKSUM;
+            /* This used to be encoded with the checksum but no more... */
+            pa_checksum->checksum_type = CKSUMTYPE_NIST_SHA;
+        }
     }
     if(cms_types) {
-	if(localAuthPack.supportedCMSTypes == NULL) {
-	    *cms_types = NULL;
-	    *num_cms_types = 0;
-	}
-	else {
-	    /*
-	     * Convert NULL-terminated array of CSSM-style algIds to
-	     * krb5int_algorithm_ids.
-	     */
-	    unsigned dex;
-	    unsigned num_types = 0;
-	    CSSM_X509_ALGORITHM_IDENTIFIER **alg_ids;
-	    krb5int_algorithm_id *kalg_ids;
-	     
-	    for(alg_ids=localAuthPack.supportedCMSTypes;
-	        *alg_ids;
-		alg_ids++) {
-		num_types++;
-	    }
-	    *cms_types = kalg_ids = (krb5int_algorithm_id *)calloc(num_types,
-		sizeof(krb5int_algorithm_id));
-	    *num_cms_types = num_types;
-	    alg_ids = localAuthPack.supportedCMSTypes;
-	    for(dex=0; dex<num_types; dex++) {
-		if(alg_ids[dex]->algorithm.Data) {
-		    pkiCssmDataToKrb5Data(&alg_ids[dex]->algorithm, 
-			&kalg_ids[dex].algorithm);
-		}
-		if(alg_ids[dex]->parameters.Data) {
-		    pkiCssmDataToKrb5Data(&alg_ids[dex]->parameters, 
-			&kalg_ids[dex].parameters);
-		}
-	    }
-	}
+        if(localAuthPack.supportedCMSTypes == NULL) {
+            *cms_types = NULL;
+            *num_cms_types = 0;
+        }
+        else {
+            /*
+             * Convert NULL-terminated array of CSSM-style algIds to
+             * krb5int_algorithm_ids.
+             */
+            unsigned dex;
+            unsigned num_types = 0;
+            CSSM_X509_ALGORITHM_IDENTIFIER **alg_ids;
+            krb5int_algorithm_id *kalg_ids;
+
+            for(alg_ids=localAuthPack.supportedCMSTypes;
+                *alg_ids;
+                alg_ids++) {
+                num_types++;
+            }
+            *cms_types = kalg_ids = (krb5int_algorithm_id *)calloc(num_types,
+                                                                   sizeof(krb5int_algorithm_id));
+            *num_cms_types = num_types;
+            alg_ids = localAuthPack.supportedCMSTypes;
+            for(dex=0; dex<num_types; dex++) {
+                if(alg_ids[dex]->algorithm.Data) {
+                    pkiCssmDataToKrb5Data(&alg_ids[dex]->algorithm,
+                                          &kalg_ids[dex].algorithm);
+                }
+                if(alg_ids[dex]->parameters.Data) {
+                    pkiCssmDataToKrb5Data(&alg_ids[dex]->parameters,
+                                          &kalg_ids[dex].parameters);
+                }
+            }
+        }
     }
     ourRtn = 0;
 errOut:
@@ -352,8 +353,8 @@ errOut:
  * CL in DER-encoded state.
  */
 typedef struct {
-    CSSM_DATA		    derIssuer;
-    CSSM_DATA		    serialNumber;
+    CSSM_DATA               derIssuer;
+    CSSM_DATA               serialNumber;
 } KRB5_IssuerAndSerial;
 
 static const SecAsn1Template KRB5_IssuerAndSerialTemplate[] = {
@@ -364,11 +365,11 @@ static const SecAsn1Template KRB5_IssuerAndSerialTemplate[] = {
 };
 
 /*
- * Given DER-encoded issuer and serial number, create an encoded 
+ * Given DER-encoded issuer and serial number, create an encoded
  * IssuerAndSerialNumber.
  */
 krb5_error_code krb5int_pkinit_issuer_serial_encode(
-    const krb5_data *issuer,		    /* DER encoded */
+    const krb5_data *issuer,                /* DER encoded */
     const krb5_data *serial_num,
     krb5_data       *issuer_and_serial)     /* content mallocd and RETURNED */
 {
@@ -378,14 +379,14 @@ krb5_error_code krb5int_pkinit_issuer_serial_encode(
     OSStatus ortn;
 
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     PKI_KRB_TO_CSSM_DATA(issuer, &issuerSerial.derIssuer);
     PKI_KRB_TO_CSSM_DATA(serial_num, &issuerSerial.serialNumber);
     ortn = SecAsn1EncodeItem(coder, &issuerSerial, KRB5_IssuerAndSerialTemplate, &ber);
     if(ortn) {
-	ortn = ENOMEM;
-	goto errOut;
+        ortn = ENOMEM;
+        goto errOut;
     }
     ortn = pkiCssmDataToKrb5Data(&ber, issuer_and_serial);
 errOut:
@@ -398,31 +399,31 @@ errOut:
  */
 krb5_error_code krb5int_pkinit_issuer_serial_decode(
     const krb5_data *issuer_and_serial,     /* DER encoded */
-    krb5_data       *issuer,		    /* DER encoded, RETURNED */
-    krb5_data       *serial_num)	    /* RETURNED */
+    krb5_data       *issuer,                /* DER encoded, RETURNED */
+    krb5_data       *serial_num)            /* RETURNED */
 {
     KRB5_IssuerAndSerial issuerSerial;
     SecAsn1CoderRef coder;
     CSSM_DATA der = {issuer_and_serial->length, (uint8 *)issuer_and_serial->data};
     krb5_error_code ourRtn = 0;
-    
+
     /* Decode --> issuerSerial */
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     memset(&issuerSerial, 0, sizeof(issuerSerial));
     if(SecAsn1DecodeData(coder, &der, KRB5_IssuerAndSerialTemplate, &issuerSerial)) {
-	ourRtn = ASN1_BAD_FORMAT;
-	goto errOut;
+        ourRtn = ASN1_BAD_FORMAT;
+        goto errOut;
     }
-    
+
     /* Convert KRB5_IssuerAndSerial to caller's params */
     if((ourRtn = pkiCssmDataToKrb5Data(&issuerSerial.derIssuer, issuer))) {
-	goto errOut;
+        goto errOut;
     }
     if((ourRtn = pkiCssmDataToKrb5Data(&issuerSerial.serialNumber, serial_num))) {
-	ourRtn = ENOMEM;
-	goto errOut;
+        ourRtn = ENOMEM;
+        goto errOut;
     }
 
 errOut:
@@ -432,29 +433,29 @@ errOut:
 
 #pragma mark ----- ExternalPrincipalIdentifier -----
 
-/* 
- * Shown here for completeness; this module only implements the 
- * issuerAndSerialNumber option. 
+/*
+ * Shown here for completeness; this module only implements the
+ * issuerAndSerialNumber option.
  */
 typedef struct {
-    CSSM_DATA	    subjectName;	    /* [0] IMPLICIT OCTET STRING OPTIONAL */
-					    /* contents = encoded Name */
-    CSSM_DATA	    issuerAndSerialNumber;  /* [1] IMPLICIT OCTET STRING OPTIONAL */
-					    /* contents = encoded Issuer&Serial */
-    CSSM_DATA	    subjectKeyIdentifier;   /* [2] IMPLICIT OCTET STRING OPTIONAL */
-					    /* contents = encoded subjectKeyIdentifier extension */
+    CSSM_DATA       subjectName;            /* [0] IMPLICIT OCTET STRING OPTIONAL */
+                                            /* contents = encoded Name */
+    CSSM_DATA       issuerAndSerialNumber;  /* [1] IMPLICIT OCTET STRING OPTIONAL */
+                                            /* contents = encoded Issuer&Serial */
+    CSSM_DATA       subjectKeyIdentifier;   /* [2] IMPLICIT OCTET STRING OPTIONAL */
+                                            /* contents = encoded subjectKeyIdentifier extension */
 } KRB5_ExternalPrincipalIdentifier;
 
 static const SecAsn1Template KRB5_ExternalPrincipalIdentifierTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_ExternalPrincipalIdentifier) },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 0,
-      offsetof(KRB5_ExternalPrincipalIdentifier, subjectName), 
+      offsetof(KRB5_ExternalPrincipalIdentifier, subjectName),
       kSecAsn1OctetStringTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 1,
-      offsetof(KRB5_ExternalPrincipalIdentifier, issuerAndSerialNumber), 
+      offsetof(KRB5_ExternalPrincipalIdentifier, issuerAndSerialNumber),
       kSecAsn1OctetStringTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | 2,
-      offsetof(KRB5_ExternalPrincipalIdentifier, subjectKeyIdentifier), 
+      offsetof(KRB5_ExternalPrincipalIdentifier, subjectKeyIdentifier),
       kSecAsn1OctetStringTemplate },
     { 0 }
 };
@@ -466,30 +467,30 @@ static const SecAsn1Template KRB5_SequenceOfExternalPrincipalIdentifierTemplate[
 #pragma mark ----- PA-PK-AS-REQ -----
 
 /*
- * Top-level PA-PK-AS-REQ. All fields except for trusted_CAs are pre-encoded 
- * before we encode this and are still DER-encoded after we decode. 
+ * Top-level PA-PK-AS-REQ. All fields except for trusted_CAs are pre-encoded
+ * before we encode this and are still DER-encoded after we decode.
  * The signedAuthPack and kdcPkId fields are wrapped in OCTET STRINGs
- * during encode; we strip off the OCTET STRING wrappers during decode. 
+ * during encode; we strip off the OCTET STRING wrappers during decode.
  */
 typedef struct {
-    CSSM_DATA		    signedAuthPack;	    /* ContentInfo, SignedData */
-						    /* Content is KRB5_AuthPack */
+    CSSM_DATA               signedAuthPack;         /* ContentInfo, SignedData */
+                                                    /* Content is KRB5_AuthPack */
     KRB5_ExternalPrincipalIdentifier
-			    **trusted_CAs;	    /* optional */
-    CSSM_DATA		    kdcPkId;		    /* optional */
+    **trusted_CAs;          /* optional */
+    CSSM_DATA               kdcPkId;                /* optional */
 } KRB5_PA_PK_AS_REQ;
 
 static const SecAsn1Template KRB5_PA_PK_AS_REQTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_PA_PK_AS_REQ) },
     { SEC_ASN1_CONTEXT_SPECIFIC | 0,
-      offsetof(KRB5_PA_PK_AS_REQ, signedAuthPack), 
+      offsetof(KRB5_PA_PK_AS_REQ, signedAuthPack),
       kSecAsn1OctetStringTemplate },
-    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
       SEC_ASN1_EXPLICIT | 1,
-      offsetof(KRB5_PA_PK_AS_REQ, trusted_CAs), 
+      offsetof(KRB5_PA_PK_AS_REQ, trusted_CAs),
       KRB5_SequenceOfExternalPrincipalIdentifierTemplate },
     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2,
-      offsetof(KRB5_PA_PK_AS_REQ, kdcPkId), 
+      offsetof(KRB5_PA_PK_AS_REQ, kdcPkId),
       kSecAsn1AnyTemplate },
     { 0 }
 };
@@ -499,58 +500,58 @@ static const SecAsn1Template KRB5_PA_PK_AS_REQTemplate[] = {
  */
 krb5_error_code krb5int_pkinit_pa_pk_as_req_encode(
     const krb5_data *signed_auth_pack,      /* DER encoded ContentInfo */
-    const krb5_data *trusted_CAs,	    /* optional: trustedCertifiers. Contents are
-					     * DER-encoded issuer/serialNumbers. */
-    krb5_ui_4	    num_trusted_CAs,
-    const krb5_data *kdc_cert,		    /* optional kdcPkId, DER encoded issuer/serial */
-    krb5_data	    *pa_pk_as_req)	    /* mallocd and RETURNED */
+    const krb5_data *trusted_CAs,           /* optional: trustedCertifiers. Contents are
+                                             * DER-encoded issuer/serialNumbers. */
+    krb5_ui_4       num_trusted_CAs,
+    const krb5_data *kdc_cert,              /* optional kdcPkId, DER encoded issuer/serial */
+    krb5_data       *pa_pk_as_req)          /* mallocd and RETURNED */
 {
     KRB5_PA_PK_AS_REQ req;
     SecAsn1CoderRef coder;
     CSSM_DATA ber = {0, NULL};
     OSStatus ortn;
     unsigned dex;
-    
+
     assert(signed_auth_pack != NULL);
     assert(pa_pk_as_req != NULL);
 
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
-    
+
     /* krb5_data ==> CSSM format */
-    
+
     memset(&req, 0, sizeof(req));
     PKI_KRB_TO_CSSM_DATA(signed_auth_pack, &req.signedAuthPack);
     if(num_trusted_CAs) {
-	/* 
-	 * Set up a NULL-terminated array of KRB5_ExternalPrincipalIdentifier
-	 * pointers. We malloc the actual KRB5_ExternalPrincipalIdentifiers as 
-	 * a contiguous array; it's in temp SecAsn1CoderRef memory. The referents 
-	 * are just dropped in from the caller's krb5_datas. 
-	 */
-	KRB5_ExternalPrincipalIdentifier *cas = 
-	    (KRB5_ExternalPrincipalIdentifier *)SecAsn1Malloc(coder, 
-		num_trusted_CAs * sizeof(KRB5_ExternalPrincipalIdentifier));
-	req.trusted_CAs = 
-	    (KRB5_ExternalPrincipalIdentifier **)
-		pkiNssNullArray(num_trusted_CAs, coder);
-	for(dex=0; dex<num_trusted_CAs; dex++) {
-	    req.trusted_CAs[dex] = &cas[dex];
-	    memset(&cas[dex], 0, sizeof(KRB5_ExternalPrincipalIdentifier));
-	    PKI_KRB_TO_CSSM_DATA(&trusted_CAs[dex], 
-		&cas[dex].issuerAndSerialNumber);
-	}
+        /*
+         * Set up a NULL-terminated array of KRB5_ExternalPrincipalIdentifier
+         * pointers. We malloc the actual KRB5_ExternalPrincipalIdentifiers as
+         * a contiguous array; it's in temp SecAsn1CoderRef memory. The referents
+         * are just dropped in from the caller's krb5_datas.
+         */
+        KRB5_ExternalPrincipalIdentifier *cas =
+            (KRB5_ExternalPrincipalIdentifier *)SecAsn1Malloc(coder,
+                                                              num_trusted_CAs * sizeof(KRB5_ExternalPrincipalIdentifier));
+        req.trusted_CAs =
+            (KRB5_ExternalPrincipalIdentifier **)
+            pkiNssNullArray(num_trusted_CAs, coder);
+        for(dex=0; dex<num_trusted_CAs; dex++) {
+            req.trusted_CAs[dex] = &cas[dex];
+            memset(&cas[dex], 0, sizeof(KRB5_ExternalPrincipalIdentifier));
+            PKI_KRB_TO_CSSM_DATA(&trusted_CAs[dex],
+                                 &cas[dex].issuerAndSerialNumber);
+        }
     }
     if(kdc_cert) {
-	PKI_KRB_TO_CSSM_DATA(kdc_cert, &req.kdcPkId);
+        PKI_KRB_TO_CSSM_DATA(kdc_cert, &req.kdcPkId);
     }
-    
+
     /* encode */
     ortn = SecAsn1EncodeItem(coder, &req, KRB5_PA_PK_AS_REQTemplate, &ber);
     if(ortn) {
-	ortn = ENOMEM;
-	goto errOut;
+        ortn = ENOMEM;
+        goto errOut;
     }
     ortn = pkiCssmDataToKrb5Data(&ber, pa_pk_as_req);
 
@@ -558,102 +559,102 @@ errOut:
     SecAsn1CoderRelease(coder);
     return ortn;
 }
-    
+
 /*
  * Top-level decode for PA-PK-AS-REQ.
  */
 krb5_error_code krb5int_pkinit_pa_pk_as_req_decode(
     const krb5_data *pa_pk_as_req,
-    krb5_data *signed_auth_pack,	    /* DER encoded ContentInfo, RETURNED */
-    /* 
-     * Remainder are optionally RETURNED (specify NULL for pointers to 
+    krb5_data *signed_auth_pack,            /* DER encoded ContentInfo, RETURNED */
+    /*
+     * Remainder are optionally RETURNED (specify NULL for pointers to
      * items you're not interested in).
      */
     krb5_ui_4 *num_trusted_CAs,     /* sizeof trusted_CAs */
-    krb5_data **trusted_CAs,	    /* mallocd array of DER-encoded TrustedCAs issuer/serial */
-    krb5_data *kdc_cert)	    /* DER encoded issuer/serial */
+    krb5_data **trusted_CAs,        /* mallocd array of DER-encoded TrustedCAs issuer/serial */
+    krb5_data *kdc_cert)            /* DER encoded issuer/serial */
 {
     KRB5_PA_PK_AS_REQ asReq;
     SecAsn1CoderRef coder;
     CSSM_DATA der;
     krb5_error_code ourRtn = 0;
-    
+
     assert(pa_pk_as_req != NULL);
-    
+
     /* Decode --> KRB5_PA_PK_AS_REQ */
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     PKI_KRB_TO_CSSM_DATA(pa_pk_as_req, &der);
     memset(&asReq, 0, sizeof(asReq));
     if(SecAsn1DecodeData(coder, &der, KRB5_PA_PK_AS_REQTemplate, &asReq)) {
-	ourRtn = ASN1_BAD_FORMAT;
-	goto errOut;
+        ourRtn = ASN1_BAD_FORMAT;
+        goto errOut;
     }
 
     /* Convert decoded results to caller's args; each is optional */
     if(signed_auth_pack != NULL) {
-	if((ourRtn = pkiCssmDataToKrb5Data(&asReq.signedAuthPack, signed_auth_pack))) {
-	    goto errOut;
-	}
+        if((ourRtn = pkiCssmDataToKrb5Data(&asReq.signedAuthPack, signed_auth_pack))) {
+            goto errOut;
+        }
     }
     if(asReq.trusted_CAs && (trusted_CAs != NULL)) {
-	/* NULL-terminated array of CSSM_DATA ptrs */
-	unsigned numCas = pkiNssArraySize((const void **)asReq.trusted_CAs);
-	unsigned dex;
-	krb5_data *kdcCas;
-	
-	kdcCas = (krb5_data *)malloc(sizeof(krb5_data) * numCas);
-	if(kdcCas == NULL) {
-	    ourRtn = ENOMEM;
-	    goto errOut;
-	}
-	for(dex=0; dex<numCas; dex++) {
-	    KRB5_ExternalPrincipalIdentifier *epi = asReq.trusted_CAs[dex];
-	    if(epi->issuerAndSerialNumber.Data) {
-		/* the only variant we support */
-		pkiCssmDataToKrb5Data(&epi->issuerAndSerialNumber, &kdcCas[dex]);
-	    }
-	}
-	*trusted_CAs = kdcCas;
-	*num_trusted_CAs = numCas;
+        /* NULL-terminated array of CSSM_DATA ptrs */
+        unsigned numCas = pkiNssArraySize((const void **)asReq.trusted_CAs);
+        unsigned dex;
+        krb5_data *kdcCas;
+
+        kdcCas = (krb5_data *)malloc(sizeof(krb5_data) * numCas);
+        if(kdcCas == NULL) {
+            ourRtn = ENOMEM;
+            goto errOut;
+        }
+        for(dex=0; dex<numCas; dex++) {
+            KRB5_ExternalPrincipalIdentifier *epi = asReq.trusted_CAs[dex];
+            if(epi->issuerAndSerialNumber.Data) {
+                /* the only variant we support */
+                pkiCssmDataToKrb5Data(&epi->issuerAndSerialNumber, &kdcCas[dex]);
+            }
+        }
+        *trusted_CAs = kdcCas;
+        *num_trusted_CAs = numCas;
     }
     if(asReq.kdcPkId.Data && kdc_cert) {
-	if((ourRtn = pkiCssmDataToKrb5Data(&asReq.kdcPkId, kdc_cert))) {
-	    goto errOut;
-	}
+        if((ourRtn = pkiCssmDataToKrb5Data(&asReq.kdcPkId, kdc_cert))) {
+            goto errOut;
+        }
     }
 errOut:
     SecAsn1CoderRelease(coder);
-    return ourRtn;   
+    return ourRtn;
 }
 
 #pragma mark ====== begin PA-PK-AS-REP components ======
 
 typedef struct {
     CSSM_DATA       subjectPublicKey;       /* BIT STRING */
-    CSSM_DATA       nonce;		    /* from KRB5_PKAuthenticator.nonce */
-    CSSM_DATA       *expiration;	    /* optional UTC time */
+    CSSM_DATA       nonce;                  /* from KRB5_PKAuthenticator.nonce */
+    CSSM_DATA       *expiration;            /* optional UTC time */
 } KRB5_KDC_DHKeyInfo;
 
 typedef struct {
-    CSSM_DATA		keyType;
-    CSSM_DATA		keyValue;
+    CSSM_DATA           keyType;
+    CSSM_DATA           keyValue;
 } KRB5_EncryptionKey;
 
 static const SecAsn1Template KRB5_EncryptionKeyTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_EncryptionKey) },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0,
-      offsetof(KRB5_EncryptionKey, keyType), 
+      offsetof(KRB5_EncryptionKey, keyType),
       kSecAsn1IntegerTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 1,
-      offsetof(KRB5_EncryptionKey, keyValue), 
+      offsetof(KRB5_EncryptionKey, keyValue),
       kSecAsn1OctetStringTemplate },
     { 0 }
 };
 
 #pragma mark ----- Checksum -----
- 
+
 typedef struct {
     CSSM_DATA   checksumType;
     CSSM_DATA   checksum;
@@ -662,37 +663,37 @@ typedef struct {
 static const SecAsn1Template KRB5_ChecksumTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_Checksum) },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0,
-      offsetof(KRB5_Checksum,checksumType), 
+      offsetof(KRB5_Checksum,checksumType),
       kSecAsn1IntegerTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 1,
-      offsetof(KRB5_Checksum,checksum), 
+      offsetof(KRB5_Checksum,checksum),
       kSecAsn1OctetStringTemplate },
     { 0 }
 };
 
 typedef struct {
     KRB5_EncryptionKey  encryptionKey;
-    KRB5_Checksum	asChecksum;
+    KRB5_Checksum       asChecksum;
 } KRB5_ReplyKeyPack;
 
 static const SecAsn1Template KRB5_ReplyKeyPackTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_ReplyKeyPack) },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 0,
-      offsetof(KRB5_ReplyKeyPack, encryptionKey), 
+      offsetof(KRB5_ReplyKeyPack, encryptionKey),
       KRB5_EncryptionKeyTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | 1,
-      offsetof(KRB5_ReplyKeyPack,asChecksum), 
+      offsetof(KRB5_ReplyKeyPack,asChecksum),
       KRB5_ChecksumTemplate },
     { 0 }
 };
 
-/* 
+/*
  * Encode a ReplyKeyPack. The result is used as the Content of a SignedData.
  */
 krb5_error_code krb5int_pkinit_reply_key_pack_encode(
     const krb5_keyblock *key_block,
     const krb5_checksum *checksum,
-    krb5_data		*reply_key_pack)      /* mallocd and RETURNED */
+    krb5_data           *reply_key_pack)      /* mallocd and RETURNED */
 {
     KRB5_ReplyKeyPack repKeyPack;
     SecAsn1CoderRef coder;
@@ -701,28 +702,28 @@ krb5_error_code krb5int_pkinit_reply_key_pack_encode(
     OSStatus ortn;
     KRB5_EncryptionKey *encryptKey = &repKeyPack.encryptionKey;
     KRB5_Checksum *cksum = &repKeyPack.asChecksum;
-    
+
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     memset(&repKeyPack, 0, sizeof(repKeyPack));
-    
+
     if((ourRtn = pkiIntToData(key_block->enctype, &encryptKey->keyType, coder))) {
-	goto errOut;
+        goto errOut;
     }
     encryptKey->keyValue.Length = key_block->length,
-    encryptKey->keyValue.Data = (uint8 *)key_block->contents;
-    
+        encryptKey->keyValue.Data = (uint8 *)key_block->contents;
+
     if((ourRtn = pkiIntToData(checksum->checksum_type, &cksum->checksumType, coder))) {
-	goto errOut;
+        goto errOut;
     }
     cksum->checksum.Data = (uint8 *)checksum->contents;
     cksum->checksum.Length = checksum->length;
 
     ortn = SecAsn1EncodeItem(coder, &repKeyPack, KRB5_ReplyKeyPackTemplate, &der);
     if(ortn) {
-	ourRtn = ENOMEM;
-	goto errOut;
+        ourRtn = ENOMEM;
+        goto errOut;
     }
     ourRtn = pkiCssmDataToKrb5Data(&der, reply_key_pack);
 errOut:
@@ -730,13 +731,13 @@ errOut:
     return ourRtn;
 }
 
-/* 
+/*
  * Decode a ReplyKeyPack.
  */
 krb5_error_code krb5int_pkinit_reply_key_pack_decode(
-    const krb5_data	*reply_key_pack,
+    const krb5_data     *reply_key_pack,
     krb5_keyblock       *key_block,     /* RETURNED */
-    krb5_checksum	*checksum)	/* contents mallocd and RETURNED */
+    krb5_checksum       *checksum)      /* contents mallocd and RETURNED */
 {
     KRB5_ReplyKeyPack repKeyPack;
     SecAsn1CoderRef coder;
@@ -745,33 +746,33 @@ krb5_error_code krb5int_pkinit_reply_key_pack_decode(
     CSSM_DATA der = {reply_key_pack->length, (uint8 *)reply_key_pack->data};
     krb5_data tmpData;
     KRB5_Checksum *cksum = &repKeyPack.asChecksum;
-    
+
     /* Decode --> KRB5_ReplyKeyPack */
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     memset(&repKeyPack, 0, sizeof(repKeyPack));
     if(SecAsn1DecodeData(coder, &der, KRB5_ReplyKeyPackTemplate, &repKeyPack)) {
-	ourRtn = ASN1_BAD_FORMAT;
-	goto errOut;
+        ourRtn = ASN1_BAD_FORMAT;
+        goto errOut;
     }
-    
+
     if((ourRtn = pkiDataToInt(&encryptKey->keyType, (krb5_int32 *)&key_block->enctype))) {
-	goto errOut;
+        goto errOut;
     }
     if((ourRtn = pkiCssmDataToKrb5Data(&encryptKey->keyValue, &tmpData))) {
-	goto errOut;
+        goto errOut;
     }
     key_block->contents = (krb5_octet *)tmpData.data;
     key_block->length = tmpData.length;
-    
+
     if((ourRtn = pkiDataToInt(&cksum->checksumType, &checksum->checksum_type))) {
-	goto errOut;
+        goto errOut;
     }
     checksum->contents = (krb5_octet *)malloc(cksum->checksum.Length);
     if(checksum->contents == NULL) {
-	ourRtn = ENOMEM;
-	goto errOut;
+        ourRtn = ENOMEM;
+        goto errOut;
     }
     checksum->length = cksum->checksum.Length;
     memmove(checksum->contents, cksum->checksum.Data, checksum->length);
@@ -788,58 +789,58 @@ errOut:
  * Top-level PA-PK-AS-REP. Exactly one of the optional fields must be present.
  */
 typedef struct {
-    CSSM_DATA	*dhSignedData;      /* ContentInfo, SignedData */
-				    /* Content is KRB5_KDC_DHKeyInfo */
-    CSSM_DATA	*encKeyPack;	    /* ContentInfo, SignedData */
-				    /* Content is ReplyKeyPack */
+    CSSM_DATA   *dhSignedData;      /* ContentInfo, SignedData */
+                                    /* Content is KRB5_KDC_DHKeyInfo */
+    CSSM_DATA   *encKeyPack;        /* ContentInfo, SignedData */
+                                    /* Content is ReplyKeyPack */
 } KRB5_PA_PK_AS_REP;
-    
+
 static const SecAsn1Template KRB5_PA_PK_AS_REPTemplate[] = {
     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(KRB5_PA_PK_AS_REP) },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
       SEC_ASN1_EXPLICIT | 0,
-      offsetof(KRB5_PA_PK_AS_REP, dhSignedData), 
+      offsetof(KRB5_PA_PK_AS_REP, dhSignedData),
       kSecAsn1PointerToAnyTemplate },
     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
       SEC_ASN1_EXPLICIT | 1,
-      offsetof(KRB5_PA_PK_AS_REP, encKeyPack), 
+      offsetof(KRB5_PA_PK_AS_REP, encKeyPack),
       kSecAsn1PointerToAnyTemplate },
     { 0 }
 };
 
-/* 
+/*
  * Encode a KRB5_PA_PK_AS_REP.
  */
 krb5_error_code krb5int_pkinit_pa_pk_as_rep_encode(
-    const krb5_data *dh_signed_data, 
-    const krb5_data *enc_key_pack, 
+    const krb5_data *dh_signed_data,
+    const krb5_data *enc_key_pack,
     krb5_data       *pa_pk_as_rep)      /* mallocd and RETURNED */
 {
     KRB5_PA_PK_AS_REP asRep;
     SecAsn1CoderRef coder;
     krb5_error_code ourRtn = 0;
-    CSSM_DATA	    der = {0, NULL};
-    OSStatus	    ortn;
-    CSSM_DATA	    dhSignedData;
-    CSSM_DATA	    encKeyPack;
-    
+    CSSM_DATA       der = {0, NULL};
+    OSStatus        ortn;
+    CSSM_DATA       dhSignedData;
+    CSSM_DATA       encKeyPack;
+
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     memset(&asRep, 0, sizeof(asRep));
     if(dh_signed_data) {
-	PKI_KRB_TO_CSSM_DATA(dh_signed_data, &dhSignedData);
-	asRep.dhSignedData = &dhSignedData;
+        PKI_KRB_TO_CSSM_DATA(dh_signed_data, &dhSignedData);
+        asRep.dhSignedData = &dhSignedData;
     }
     if(enc_key_pack) {
-	PKI_KRB_TO_CSSM_DATA(enc_key_pack, &encKeyPack);
-	asRep.encKeyPack = &encKeyPack;
+        PKI_KRB_TO_CSSM_DATA(enc_key_pack, &encKeyPack);
+        asRep.encKeyPack = &encKeyPack;
     }
 
     ortn = SecAsn1EncodeItem(coder, &asRep, KRB5_PA_PK_AS_REPTemplate, &der);
     if(ortn) {
-	ourRtn = ENOMEM;
-	goto errOut;
+        ourRtn = ENOMEM;
+        goto errOut;
     }
     ourRtn = pkiCssmDataToKrb5Data(&der, pa_pk_as_rep);
 
@@ -848,38 +849,38 @@ errOut:
     return ourRtn;
 }
 
-/* 
+/*
  * Decode a KRB5_PA_PK_AS_REP.
  */
 krb5_error_code krb5int_pkinit_pa_pk_as_rep_decode(
     const krb5_data *pa_pk_as_rep,
-    krb5_data *dh_signed_data, 
+    krb5_data *dh_signed_data,
     krb5_data *enc_key_pack)
 {
     KRB5_PA_PK_AS_REP asRep;
     SecAsn1CoderRef coder;
     CSSM_DATA der = {pa_pk_as_rep->length, (uint8 *)pa_pk_as_rep->data};
     krb5_error_code ourRtn = 0;
-    
+
     /* Decode --> KRB5_PA_PK_AS_REP */
     if(SecAsn1CoderCreate(&coder)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     memset(&asRep, 0, sizeof(asRep));
     if(SecAsn1DecodeData(coder, &der, KRB5_PA_PK_AS_REPTemplate, &asRep)) {
-	ourRtn = ASN1_BAD_FORMAT;
-	goto errOut;
+        ourRtn = ASN1_BAD_FORMAT;
+        goto errOut;
     }
-    
+
     if(asRep.dhSignedData) {
-	if((ourRtn = pkiCssmDataToKrb5Data(asRep.dhSignedData, dh_signed_data))) {
-	    goto errOut;
-	}
+        if((ourRtn = pkiCssmDataToKrb5Data(asRep.dhSignedData, dh_signed_data))) {
+            goto errOut;
+        }
     }
     if(asRep.encKeyPack) {
-	ourRtn = pkiCssmDataToKrb5Data(asRep.encKeyPack, enc_key_pack);
+        ourRtn = pkiCssmDataToKrb5Data(asRep.encKeyPack, enc_key_pack);
     }
-    
+
 errOut:
     SecAsn1CoderRelease(coder);
     return ourRtn;
@@ -904,51 +905,51 @@ krb5_error_code krb5int_pkinit_get_issuer_serial(
     krb5_data krb_issuer;
     uint32 numFields;
     krb5_error_code ourRtn = 0;
-    
+
     CSSM_CL_HANDLE clHand = pkiClStartup();
     if(clHand == 0) {
-	return CSSMERR_CSSM_ADDIN_LOAD_FAILED;
+        return CSSMERR_CSSM_ADDIN_LOAD_FAILED;
     }
     /* subsequent errors to errOut: */
-    
+
     crtn = CSSM_CL_CertCache(clHand, &certData, &cacheHand);
     if(crtn) {
-	pkiCssmErr("CSSM_CL_CertCache", crtn);
-	ourRtn = ASN1_PARSE_ERROR;
-	goto errOut;
+        pkiCssmErr("CSSM_CL_CertCache", crtn);
+        ourRtn = ASN1_PARSE_ERROR;
+        goto errOut;
     }
-    
+
     /* obtain the two fields; issuer is DER encoded */
     crtn = CSSM_CL_CertGetFirstCachedFieldValue(clHand, cacheHand,
-	&CSSMOID_X509V1IssuerNameStd, &resultHand, &numFields, &derIssuer);
+                                                &CSSMOID_X509V1IssuerNameStd, &resultHand, &numFields, &derIssuer);
     if(crtn) {
-	pkiCssmErr("CSSM_CL_CertGetFirstCachedFieldValue(issuer)", crtn);
-	ourRtn = ASN1_PARSE_ERROR;
-	goto errOut;
+        pkiCssmErr("CSSM_CL_CertGetFirstCachedFieldValue(issuer)", crtn);
+        ourRtn = ASN1_PARSE_ERROR;
+        goto errOut;
     }
     crtn = CSSM_CL_CertGetFirstCachedFieldValue(clHand, cacheHand,
-	&CSSMOID_X509V1SerialNumber, &resultHand, &numFields, &serial);
+                                                &CSSMOID_X509V1SerialNumber, &resultHand, &numFields, &serial);
     if(crtn) {
-	pkiCssmErr("CSSM_CL_CertGetFirstCachedFieldValue(serial)", crtn);
-	ourRtn = ASN1_PARSE_ERROR;
-	goto errOut;
+        pkiCssmErr("CSSM_CL_CertGetFirstCachedFieldValue(serial)", crtn);
+        ourRtn = ASN1_PARSE_ERROR;
+        goto errOut;
     }
     PKI_CSSM_TO_KRB_DATA(derIssuer, &krb_issuer);
     PKI_CSSM_TO_KRB_DATA(serial, &krb_serial);
     ourRtn = krb5int_pkinit_issuer_serial_encode(&krb_issuer, &krb_serial, issuer_and_serial);
-    
+
 errOut:
     if(derIssuer) {
-	CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1IssuerNameStd, derIssuer);
+        CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1IssuerNameStd, derIssuer);
     }
     if(serial) {
-	CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SerialNumber, serial);
+        CSSM_CL_FreeFieldValue(clHand, &CSSMOID_X509V1SerialNumber, serial);
     }
     if(cacheHand) {
-	CSSM_CL_CertAbortCache(clHand, cacheHand);
+        CSSM_CL_CertAbortCache(clHand, cacheHand);
     }
     if(clHand) {
-	pkiClDetachUnload(clHand);
+        pkiClDetachUnload(clHand);
     }
     return ourRtn;
 }
diff --git a/src/lib/krb5/krb/pkinit_apple_cert_store.c b/src/lib/krb5/krb/pkinit_apple_cert_store.c
index 449f1cc99..2bcbd4458 100644
--- a/src/lib/krb5/krb/pkinit_apple_cert_store.c
+++ b/src/lib/krb5/krb/pkinit_apple_cert_store.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2004-2008 Apple Inc.  All Rights Reserved.
  *
@@ -24,12 +25,12 @@
  */
 
 /*
- * pkinit_apple_cert_store.c - PKINIT certificate storage/retrieval utilities, 
- *			       MAC OS X version
+ * pkinit_apple_cert_store.c - PKINIT certificate storage/retrieval utilities,
+ *                             MAC OS X version
  *
  * Created 26 May 2004 by Doug Mitchell at Apple.
  */
- 
+
 #if APPLE_PKINIT
 
 #include "pkinit_cert_store.h"
@@ -49,24 +50,24 @@
  * key      = kPkinitClientCertKey
  * appID    = kPkinitClientCertApp
  * username = kCFPreferencesCurrentUser
- * hostname = kCFPreferencesAnyHost   
+ * hostname = kCFPreferencesAnyHost
  *
  * The stored property list is a CFDictionary. Keys in the dictionary are
- * principal names (e.g. foobar@REALM.LOCAL). 
+ * principal names (e.g. foobar@REALM.LOCAL).
  *
  * Values in the dictionary are raw data containing the DER-encoded issuer and
- * serial number of the certificate. 
+ * serial number of the certificate.
  *
  * When obtaining a PKINIT cert, if an entry in the CFDictionary for the specified
  * principal is not found, the entry for the default will be used if it's there.
  */
 
-/* 
- * NOTE: ANSI C code requires an Apple-Custom -fconstant-cfstrings CFLAGS to 
- * use CFSTR in a const declaration so we just declare the C strings here. 
+/*
+ * NOTE: ANSI C code requires an Apple-Custom -fconstant-cfstrings CFLAGS to
+ * use CFSTR in a const declaration so we just declare the C strings here.
  */
-#define kPkinitClientCertKey		"KRBClientCert"
-#define kPkinitClientCertApp		"edu.mit.Kerberos.pkinit"
+#define kPkinitClientCertKey            "KRBClientCert"
+#define kPkinitClientCertApp            "edu.mit.Kerberos.pkinit"
 
 /*
  * KDC cert stored in this keychain. It's linked to systemkeychain so that if
@@ -74,43 +75,43 @@
  */
 #define KDC_KEYCHAIN    "/var/db/krb5kdc/kdc.keychain"
 
-/* 
+/*
  * Given a certificate, obtain the DER-encoded issuer and serial number. Result
- * is mallocd and must be freed by caller. 
+ * is mallocd and must be freed by caller.
  */
 static OSStatus pkinit_get_cert_issuer_sn(
-    SecCertificateRef certRef, 
-    CSSM_DATA *issuerSerial)		/* mallocd and RETURNED */
+    SecCertificateRef certRef,
+    CSSM_DATA *issuerSerial)            /* mallocd and RETURNED */
 {
     OSStatus ortn;
     CSSM_DATA certData;
     krb5_data INIT_KDATA(issuerSerialKrb);
     krb5_data certDataKrb;
     krb5_error_code krtn;
-    
+
     assert(certRef != NULL);
     assert(issuerSerial != NULL);
-    
+
     ortn = SecCertificateGetData(certRef, &certData);
     if(ortn) {
-	pkiCssmErr("SecCertificateGetData", ortn);
-	return ortn;
+        pkiCssmErr("SecCertificateGetData", ortn);
+        return ortn;
     }
     PKI_CSSM_TO_KRB_DATA(&certData, &certDataKrb);
     krtn = krb5int_pkinit_get_issuer_serial(&certDataKrb, &issuerSerialKrb);
     if(krtn) {
-	return CSSMERR_CL_INVALID_DATA;
+        return CSSMERR_CL_INVALID_DATA;
     }
     PKI_KRB_TO_CSSM_DATA(&issuerSerialKrb, issuerSerial);
     return noErr;
 }
 
-/* 
+/*
  * Determine if specified identity's cert's issuer and serial number match the
  * provided issuer and serial number. Returns nonzero on match, else returns zero.
  */
 static int pkinit_issuer_sn_match(
-    SecIdentityRef idRef, 
+    SecIdentityRef idRef,
     const CSSM_DATA *matchIssuerSerial)
 {
     OSStatus ortn;
@@ -120,87 +121,87 @@ static int pkinit_issuer_sn_match(
 
     assert(idRef != NULL);
     assert(matchIssuerSerial != NULL);
-    
+
     /* Get this cert's issuer/serial number */
     ortn = SecIdentityCopyCertificate(idRef, &certRef);
     if(ortn) {
-	pkiCssmErr("SecIdentityCopyCertificate", ortn);
-	return 0;
+        pkiCssmErr("SecIdentityCopyCertificate", ortn);
+        return 0;
     }
     /* subsequent errors to errOut: */
     ortn = pkinit_get_cert_issuer_sn(certRef, &certIssuerSerial);
     if(ortn) {
-	pkiCssmErr("SecIdentityCopyCertificate", ortn);
-	goto errOut;
+        pkiCssmErr("SecIdentityCopyCertificate", ortn);
+        goto errOut;
     }
     ourRtn = pkiCompareCssmData(matchIssuerSerial, &certIssuerSerial) ? 1 : 0;
 errOut:
     if(certRef != NULL) {
-	CFRelease(certRef);
+        CFRelease(certRef);
     }
     if(certIssuerSerial.Data != NULL) {
-	free(certIssuerSerial.Data);
+        free(certIssuerSerial.Data);
     }
     return ourRtn;
 }
 
 /*
  * Search specified keychain/array/NULL (NULL meaning the default search list) for
- * an Identity matching specified key usage and optional Issuer/Serial number. 
+ * an Identity matching specified key usage and optional Issuer/Serial number.
  * If issuer/serial is specified and no identities match, or if no identities found
  * matching specified Key usage, errSecItemNotFound is returned.
  *
- * Caller must CFRelease a non-NULL returned idRef. 
+ * Caller must CFRelease a non-NULL returned idRef.
  */
 static OSStatus pkinit_search_ident(
-    CFTypeRef		keychainOrArray,
-    CSSM_KEYUSE		keyUsage,
+    CFTypeRef           keychainOrArray,
+    CSSM_KEYUSE         keyUsage,
     const CSSM_DATA     *issuerSerial,  /* optional */
-    SecIdentityRef      *foundId)	/* RETURNED */
+    SecIdentityRef      *foundId)       /* RETURNED */
 {
     OSStatus ortn;
     SecIdentityRef idRef = NULL;
     SecIdentitySearchRef srchRef = NULL;
-    
+
     ortn = SecIdentitySearchCreate(keychainOrArray, keyUsage, &srchRef);
     if(ortn) {
-	pkiCssmErr("SecIdentitySearchCreate", ortn);
-	return ortn;
+        pkiCssmErr("SecIdentitySearchCreate", ortn);
+        return ortn;
     }
     do {
-	ortn = SecIdentitySearchCopyNext(srchRef, &idRef);
-	if(ortn != noErr) {
-	    break;
-	}
-	if(issuerSerial == NULL) {
-	    /* no match needed, we're done - this is the KDC cert case */
-	    break;
-	}
-	else if(pkinit_issuer_sn_match(idRef, issuerSerial)) {
-	    /* match, we're done */
-	    break;
-	}
-	/* finished with this one */
-	CFRelease(idRef);
-	idRef = NULL;
+        ortn = SecIdentitySearchCopyNext(srchRef, &idRef);
+        if(ortn != noErr) {
+            break;
+        }
+        if(issuerSerial == NULL) {
+            /* no match needed, we're done - this is the KDC cert case */
+            break;
+        }
+        else if(pkinit_issuer_sn_match(idRef, issuerSerial)) {
+            /* match, we're done */
+            break;
+        }
+        /* finished with this one */
+        CFRelease(idRef);
+        idRef = NULL;
     } while(ortn == noErr);
-    
+
     CFRelease(srchRef);
     if(idRef == NULL) {
-	return errSecItemNotFound;
+        return errSecItemNotFound;
     }
     else {
-	*foundId = idRef;
-	return noErr;
+        *foundId = idRef;
+        return noErr;
     }
 }
 
 /*
- * In Mac OS terms, get the keychain on which a given identity resides. 
+ * In Mac OS terms, get the keychain on which a given identity resides.
  */
 static krb5_error_code pkinit_cert_to_db(
     krb5_pkinit_signing_cert_t   idRef,
-    krb5_pkinit_cert_db_t	 *dbRef)
+    krb5_pkinit_cert_db_t        *dbRef)
 {
     SecKeychainRef kcRef = NULL;
     SecKeyRef keyRef = NULL;
@@ -209,38 +210,38 @@ static krb5_error_code pkinit_cert_to_db(
     /* that's an identity - get the associated key's keychain */
     ortn = SecIdentityCopyPrivateKey((SecIdentityRef)idRef, &keyRef);
     if(ortn) {
-	pkiCssmErr("SecIdentityCopyPrivateKey", ortn);
-	return ortn;
+        pkiCssmErr("SecIdentityCopyPrivateKey", ortn);
+        return ortn;
     }
     ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef);
     if(ortn) {
-	pkiCssmErr("SecKeychainItemCopyKeychain", ortn);
+        pkiCssmErr("SecKeychainItemCopyKeychain", ortn);
     }
     else {
-	*dbRef = (krb5_pkinit_cert_db_t)kcRef;
+        *dbRef = (krb5_pkinit_cert_db_t)kcRef;
     }
     CFRelease(keyRef);
     return ortn;
 }
 
-/* 
- * Obtain the CFDictionary representing this user's PKINIT client cert prefs, if it 
- * exists. Returns noErr or errSecItemNotFound as appropriate. 
+/*
+ * Obtain the CFDictionary representing this user's PKINIT client cert prefs, if it
+ * exists. Returns noErr or errSecItemNotFound as appropriate.
  */
 static OSStatus pkinit_get_pref_dict(
     CFDictionaryRef *dict)
 {
     CFDictionaryRef theDict;
     theDict = (CFDictionaryRef)CFPreferencesCopyValue(CFSTR(kPkinitClientCertKey),
-	CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, kCFPreferencesAnyHost);
+                                                      CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, kCFPreferencesAnyHost);
     if(theDict == NULL) {
-	pkiDebug("pkinit_get_pref_dict: no kPkinitClientCertKey\n");
-	return errSecItemNotFound;
+        pkiDebug("pkinit_get_pref_dict: no kPkinitClientCertKey\n");
+        return errSecItemNotFound;
     }
     if(CFGetTypeID(theDict) != CFDictionaryGetTypeID()) {
-	pkiDebug("pkinit_get_pref_dict: bad kPkinitClientCertKey pref\n");
-	CFRelease(theDict);
-	return errSecItemNotFound;
+        pkiDebug("pkinit_get_pref_dict: bad kPkinitClientCertKey pref\n");
+        CFRelease(theDict);
+        return errSecItemNotFound;
     }
     *dict = theDict;
     return noErr;
@@ -249,12 +250,12 @@ static OSStatus pkinit_get_pref_dict(
 #pragma mark --- Public client side functions ---
 
 /*
- * Obtain signing cert for specified principal. On successful return, 
+ * Obtain signing cert for specified principal. On successful return,
  * caller must eventually release the cert with krb5_pkinit_release_cert().
  */
 krb5_error_code krb5_pkinit_get_client_cert(
-    const char			*principal,     /* full principal string */
-    krb5_pkinit_signing_cert_t	*client_cert)
+    const char                  *principal,     /* full principal string */
+    krb5_pkinit_signing_cert_t  *client_cert)
 {
     CFDataRef issuerSerial = NULL;
     CSSM_DATA issuerSerialData;
@@ -263,74 +264,74 @@ krb5_error_code krb5_pkinit_get_client_cert(
     CFDictionaryRef theDict = NULL;
     CFStringRef cfPrinc = NULL;
     krb5_error_code ourRtn = 0;
-    
+
     if(principal == NULL) {
-	return KRB5_PRINC_NOMATCH;
+        return KRB5_PRINC_NOMATCH;
     }
-    
+
     /* Is there a stored preference for PKINIT certs for this user? */
     ortn = pkinit_get_pref_dict(&theDict);
     if(ortn) {
-	return KRB5_PRINC_NOMATCH;
+        return KRB5_PRINC_NOMATCH;
     }
-    
+
     /* Entry in the dictionary for specified principal? */
-    cfPrinc = CFStringCreateWithCString(NULL, principal, 
+    cfPrinc = CFStringCreateWithCString(NULL, principal,
                                         kCFStringEncodingASCII);
     issuerSerial = (CFDataRef)CFDictionaryGetValue(theDict, cfPrinc);
     CFRelease(cfPrinc);
     if(issuerSerial == NULL) {
-	pkiDebug("krb5_pkinit_get_client_cert: no identity found\n");
-	ourRtn = KRB5_PRINC_NOMATCH;
-	goto errOut;
+        pkiDebug("krb5_pkinit_get_client_cert: no identity found\n");
+        ourRtn = KRB5_PRINC_NOMATCH;
+        goto errOut;
     }
     if(CFGetTypeID(issuerSerial) != CFDataGetTypeID()) {
-	pkiDebug("krb5_pkinit_get_client_cert: bad kPkinitClientCertKey value\n");
-	ourRtn = KRB5_PRINC_NOMATCH;
-	goto errOut;
+        pkiDebug("krb5_pkinit_get_client_cert: bad kPkinitClientCertKey value\n");
+        ourRtn = KRB5_PRINC_NOMATCH;
+        goto errOut;
     }
-    
+
     issuerSerialData.Data = (uint8 *)CFDataGetBytePtr(issuerSerial);
     issuerSerialData.Length = CFDataGetLength(issuerSerial);
-    
+
     /* find a cert with that issuer/serial number in default search list */
-    ortn = pkinit_search_ident(NULL, CSSM_KEYUSE_SIGN | CSSM_KEYUSE_ENCRYPT, 
-	&issuerSerialData, &idRef);
+    ortn = pkinit_search_ident(NULL, CSSM_KEYUSE_SIGN | CSSM_KEYUSE_ENCRYPT,
+                               &issuerSerialData, &idRef);
     if(ortn) {
-	pkiDebug("krb5_pkinit_get_client_cert: no identity found!\n");
-	pkiCssmErr("pkinit_search_ident", ortn);
-	ourRtn = KRB5_PRINC_NOMATCH;
+        pkiDebug("krb5_pkinit_get_client_cert: no identity found!\n");
+        pkiCssmErr("pkinit_search_ident", ortn);
+        ourRtn = KRB5_PRINC_NOMATCH;
     }
     else {
-	*client_cert = (krb5_pkinit_signing_cert_t)idRef;
+        *client_cert = (krb5_pkinit_signing_cert_t)idRef;
     }
 errOut:
     if(theDict) {
-	CFRelease(theDict);
+        CFRelease(theDict);
     }
     return ourRtn;
 }
 
-/* 
+/*
  * Determine if the specified client has a signing cert. Returns TRUE
  * if so, else returns FALSE.
  */
 krb5_boolean krb5_pkinit_have_client_cert(
-    const char			*principal)	/* full principal string */
+    const char                  *principal)     /* full principal string */
 {
     krb5_pkinit_signing_cert_t signing_cert = NULL;
     krb5_error_code krtn;
-    
+
     krtn = krb5_pkinit_get_client_cert(principal, &signing_cert);
     if(krtn) {
-	return FALSE;
+        return FALSE;
     }
     if(signing_cert != NULL) {
-	krb5_pkinit_release_cert(signing_cert);
-	return TRUE;
+        krb5_pkinit_release_cert(signing_cert);
+        return TRUE;
     }
     else {
-	return FALSE;
+        return FALSE;
     }
 }
 
@@ -341,8 +342,8 @@ krb5_boolean krb5_pkinit_have_client_cert(
  * in the cert storage.
  */
 krb5_error_code krb5_pkinit_set_client_cert_from_signing_cert(
-    const char			*principal,     /* full principal string */
-    krb5_pkinit_signing_cert_t	client_cert)
+    const char                  *principal,     /* full principal string */
+    krb5_pkinit_signing_cert_t  client_cert)
 {
     SecIdentityRef idRef = (SecIdentityRef)client_cert;
     SecCertificateRef certRef = NULL;
@@ -350,22 +351,22 @@ krb5_error_code krb5_pkinit_set_client_cert_from_signing_cert(
     krb5_error_code ourRtn = 0;
 
     if (NULL != idRef) {
-	if (CFGetTypeID(idRef) != SecIdentityGetTypeID()) {
-	    ourRtn = KRB5KRB_ERR_GENERIC;
-	    goto fin;
-	}
-	/* Get the cert */
-	ortn = SecIdentityCopyCertificate(idRef, &certRef);
-	if (ortn) {
-	    pkiCssmErr("SecIdentityCopyCertificate", ortn);
-	    ourRtn = KRB5KRB_ERR_GENERIC;
-	    goto fin;
-	}
+        if (CFGetTypeID(idRef) != SecIdentityGetTypeID()) {
+            ourRtn = KRB5KRB_ERR_GENERIC;
+            goto fin;
+        }
+        /* Get the cert */
+        ortn = SecIdentityCopyCertificate(idRef, &certRef);
+        if (ortn) {
+            pkiCssmErr("SecIdentityCopyCertificate", ortn);
+            ourRtn = KRB5KRB_ERR_GENERIC;
+            goto fin;
+        }
     }
     ourRtn = krb5_pkinit_set_client_cert(principal, (krb5_pkinit_cert_t)certRef);
 fin:
     if (certRef)
-	CFRelease(certRef);
+        CFRelease(certRef);
     return ourRtn;
 }
 
@@ -377,8 +378,8 @@ fin:
  * in the cert storage.
  */
 krb5_error_code krb5_pkinit_set_client_cert(
-    const char			*principal,     /* full principal string */
-    krb5_pkinit_cert_t		client_cert)
+    const char                  *principal,     /* full principal string */
+    krb5_pkinit_cert_t          client_cert)
 {
     SecCertificateRef certRef = (SecCertificateRef)client_cert;
     OSStatus ortn;
@@ -388,108 +389,108 @@ krb5_error_code krb5_pkinit_set_client_cert(
     CFMutableDictionaryRef newDict = NULL;
     CFStringRef keyStr = NULL;
     krb5_error_code ourRtn = 0;
-    
+
     if(certRef != NULL) {
-	if(CFGetTypeID(certRef) != SecCertificateGetTypeID()) {
-	    return KRB5KRB_ERR_GENERIC;
-	}
-    
-	/* Cook up DER-encoded issuer/serial number */
-	ortn = pkinit_get_cert_issuer_sn(certRef, &issuerSerial);
-	if(ortn) {
-	    ourRtn = KRB5KRB_ERR_GENERIC;
-	    goto errOut;
-	}
-    }
-    
-    /* 
+        if(CFGetTypeID(certRef) != SecCertificateGetTypeID()) {
+            return KRB5KRB_ERR_GENERIC;
+        }
+
+        /* Cook up DER-encoded issuer/serial number */
+        ortn = pkinit_get_cert_issuer_sn(certRef, &issuerSerial);
+        if(ortn) {
+            ourRtn = KRB5KRB_ERR_GENERIC;
+            goto errOut;
+        }
+    }
+
+    /*
      * Obtain the existing pref for kPkinitClientCertKey as a CFDictionary, or
-     * cook up a new one. 
+     * cook up a new one.
      */
     ortn = pkinit_get_pref_dict(&existDict);
     if(ortn == noErr) {
-	/* dup to a mutable dictionary */
-	newDict = CFDictionaryCreateMutableCopy(NULL, 0, existDict);
+        /* dup to a mutable dictionary */
+        newDict = CFDictionaryCreateMutableCopy(NULL, 0, existDict);
     }
     else {
-	if(certRef == NULL) {
-	    /* no existing entry, nothing to delete, we're done */
-	    return 0;
-	}
-	newDict = CFDictionaryCreateMutable(NULL, 0,
-	    &kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+        if(certRef == NULL) {
+            /* no existing entry, nothing to delete, we're done */
+            return 0;
+        }
+        newDict = CFDictionaryCreateMutable(NULL, 0,
+                                            &kCFCopyStringDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
     }
     if(newDict == NULL) {
-	ourRtn = ENOMEM;
-	goto errOut;
+        ourRtn = ENOMEM;
+        goto errOut;
     }
 
     /* issuer / serial number ==> that dictionary */
     keyStr = CFStringCreateWithCString(NULL, principal, kCFStringEncodingASCII);
     if(certRef == NULL) {
-	CFDictionaryRemoveValue(newDict, keyStr);
+        CFDictionaryRemoveValue(newDict, keyStr);
     }
     else {
-	cfIssuerSerial = CFDataCreate(NULL, issuerSerial.Data, issuerSerial.Length);
-	CFDictionarySetValue(newDict, keyStr, cfIssuerSerial);
+        cfIssuerSerial = CFDataCreate(NULL, issuerSerial.Data, issuerSerial.Length);
+        CFDictionarySetValue(newDict, keyStr, cfIssuerSerial);
     }
-    
+
     /* dictionary ==> prefs */
-    CFPreferencesSetValue(CFSTR(kPkinitClientCertKey), newDict, 
-	CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, kCFPreferencesAnyHost);
-    if(CFPreferencesSynchronize(CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, 
-	    kCFPreferencesAnyHost)) {
-	ourRtn = 0;
+    CFPreferencesSetValue(CFSTR(kPkinitClientCertKey), newDict,
+                          CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser, kCFPreferencesAnyHost);
+    if(CFPreferencesSynchronize(CFSTR(kPkinitClientCertApp), kCFPreferencesCurrentUser,
+                                kCFPreferencesAnyHost)) {
+        ourRtn = 0;
     }
     else {
-	ourRtn = EACCES;   /* any better ideas? */
+        ourRtn = EACCES;   /* any better ideas? */
     }
 errOut:
     if(cfIssuerSerial) {
-	CFRelease(cfIssuerSerial);
+        CFRelease(cfIssuerSerial);
     }
     if(issuerSerial.Data) {
-	free(issuerSerial.Data);
+        free(issuerSerial.Data);
     }
     if(existDict) {
-	CFRelease(existDict);
+        CFRelease(existDict);
     }
     if(newDict) {
-	CFRelease(newDict);
+        CFRelease(newDict);
     }
     if(keyStr) {
-	CFRelease(keyStr);
+        CFRelease(keyStr);
     }
     return ourRtn;
 }
 
-/* 
+/*
  * Obtain a reference to the client's cert database. Specify either principal
  * name or client_cert as obtained from krb5_pkinit_get_client_cert().
  */
 krb5_error_code krb5_pkinit_get_client_cert_db(
-    const char			*principal,     /* full principal string */
-    krb5_pkinit_signing_cert_t	client_cert,    /* optional, from krb5_pkinit_get_client_cert() */
-    krb5_pkinit_cert_db_t	*client_cert_db)/* RETURNED */
+    const char                  *principal,     /* full principal string */
+    krb5_pkinit_signing_cert_t  client_cert,    /* optional, from krb5_pkinit_get_client_cert() */
+    krb5_pkinit_cert_db_t       *client_cert_db)/* RETURNED */
 {
     krb5_error_code krtn;
     krb5_pkinit_signing_cert_t local_cert;
-    
+
     assert((client_cert != NULL) || (principal != NULL));
     if(client_cert == NULL) {
-	/* caller didn't provide, look it up */
-	krtn = krb5_pkinit_get_client_cert(principal, &local_cert);
-	if(krtn) {
-	    return krtn;
-	}
+        /* caller didn't provide, look it up */
+        krtn = krb5_pkinit_get_client_cert(principal, &local_cert);
+        if(krtn) {
+            return krtn;
+        }
     }
     else {
-	/* easy case */
-	local_cert = client_cert;
+        /* easy case */
+        local_cert = client_cert;
     }
     krtn = pkinit_cert_to_db(local_cert, client_cert_db);
     if(client_cert == NULL) {
-	krb5_pkinit_release_cert(local_cert);
+        krb5_pkinit_release_cert(local_cert);
     }
     return krtn;
 }
@@ -503,28 +504,28 @@ krb5_error_code krb5_pkinit_get_client_cert_db(
  * The client_spec argument is typically provided by the client as kdcPkId.
  */
 krb5_error_code krb5_pkinit_get_kdc_cert(
-    krb5_ui_4			num_trusted_CAs,    /* sizeof *trusted_CAs */
-    krb5_data			*trusted_CAs,	    /* optional */
-    krb5_data			*client_spec,	    /* optional */
+    krb5_ui_4                   num_trusted_CAs,    /* sizeof *trusted_CAs */
+    krb5_data                   *trusted_CAs,       /* optional */
+    krb5_data                   *client_spec,       /* optional */
     krb5_pkinit_signing_cert_t *kdc_cert)
 {
     SecIdentityRef idRef = NULL;
     OSStatus ortn;
     krb5_error_code ourRtn = 0;
-    
+
     /* OS X: trusted_CAs and client_spec ignored */
-    
+
     ortn = SecIdentityCopySystemIdentity(kSecIdentityDomainKerberosKDC,
-	&idRef, NULL);
+                                         &idRef, NULL);
     if(ortn) {
-	pkiCssmErr("SecIdentityCopySystemIdentity", ortn);
-	return KRB5_PRINC_NOMATCH;
+        pkiCssmErr("SecIdentityCopySystemIdentity", ortn);
+        return KRB5_PRINC_NOMATCH;
     }
     *kdc_cert = (krb5_pkinit_signing_cert_t)idRef;
     return ourRtn;
 }
 
-/* 
+/*
  * Obtain a reference to the KDC's cert database.
  */
 krb5_error_code krb5_pkinit_get_kdc_cert_db(
@@ -532,10 +533,10 @@ krb5_error_code krb5_pkinit_get_kdc_cert_db(
 {
     krb5_pkinit_signing_cert_t kdcCert = NULL;
     krb5_error_code krtn;
-    
+
     krtn = krb5_pkinit_get_kdc_cert(0, NULL, NULL, &kdcCert);
     if(krtn) {
-	return krtn;
+        return krtn;
     }
     krtn = pkinit_cert_to_db(kdcCert, kdc_cert_db);
     krb5_pkinit_release_cert(kdcCert);
@@ -550,7 +551,7 @@ void krb5_pkinit_release_cert(
     krb5_pkinit_signing_cert_t   cert)
 {
     if(cert == NULL) {
-	return;
+        return;
     }
     CFRelease((CFTypeRef)cert);
 }
@@ -560,18 +561,18 @@ void krb5_pkinit_release_cert(
  * krb5_pkinit_get_kdc_cert_db().
  */
 extern void krb5_pkinit_release_cert_db(
-    krb5_pkinit_cert_db_t	    cert_db)
+    krb5_pkinit_cert_db_t           cert_db)
 {
     if(cert_db == NULL) {
-	return;
+        return;
     }
     CFRelease((CFTypeRef)cert_db);
 }
 
 
-/* 
- * Obtain a mallocd C-string representation of a certificate's SHA1 digest. 
- * Only error is a NULL return indicating memory failure. 
+/*
+ * Obtain a mallocd C-string representation of a certificate's SHA1 digest.
+ * Only error is a NULL return indicating memory failure.
  * Caller must free the returned string.
  */
 char *krb5_pkinit_cert_hash_str(
@@ -582,37 +583,37 @@ char *krb5_pkinit_cert_hash_str(
     char *cpOut;
     unsigned char digest[CC_SHA1_DIGEST_LENGTH];
     unsigned dex;
-    
+
     assert(cert != NULL);
     CC_SHA1_Init(&ctx);
     CC_SHA1_Update(&ctx, cert->data, cert->length);
     CC_SHA1_Final(digest, &ctx);
-    
+
     outstr = (char *)malloc((2 * CC_SHA1_DIGEST_LENGTH) + 1);
     if(outstr == NULL) {
-	return NULL;
+        return NULL;
     }
     cpOut = outstr;
     for(dex=0; dex<CC_SHA1_DIGEST_LENGTH; dex++) {
-	snprintf(cpOut, 3, "%02X", (unsigned)(digest[dex]));
-	cpOut += 2;
+        snprintf(cpOut, 3, "%02X", (unsigned)(digest[dex]));
+        cpOut += 2;
     }
     *cpOut = '\0';
     return outstr;
 }
 
-/* 
+/*
  * Obtain a client's optional list of trusted KDC CA certs (trustedCertifiers)
- * and/or trusted KDC cert (kdcPkId) for a given client and server. 
- * All returned values are mallocd and must be freed by caller; the contents 
- * of the krb5_datas are DER-encoded certificates. 
+ * and/or trusted KDC cert (kdcPkId) for a given client and server.
+ * All returned values are mallocd and must be freed by caller; the contents
+ * of the krb5_datas are DER-encoded certificates.
  */
 krb5_error_code krb5_pkinit_get_server_certs(
     const char *client_principal,
     const char *server_principal,
-    krb5_data **trusted_CAs,	    /* RETURNED, though return value may be NULL */
-    krb5_ui_4 *num_trusted_CAs,	    /* RETURNED */
-    krb5_data *kdc_cert)	    /* RETURNED, though may be 0/NULL */
+    krb5_data **trusted_CAs,        /* RETURNED, though return value may be NULL */
+    krb5_ui_4 *num_trusted_CAs,     /* RETURNED */
+    krb5_data *kdc_cert)            /* RETURNED, though may be 0/NULL */
 {
     /* nothing for now */
     *trusted_CAs = NULL;
diff --git a/src/lib/krb5/krb/pkinit_apple_client.c b/src/lib/krb5/krb/pkinit_apple_client.c
index d98fc76c0..b2b6cb990 100644
--- a/src/lib/krb5/krb/pkinit_apple_client.c
+++ b/src/lib/krb5/krb/pkinit_apple_client.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2004-2008 Apple Inc.  All Rights Reserved.
  *
@@ -45,131 +46,131 @@
  * Create a PA-PK-AS-REQ message.
  */
 krb5_error_code krb5int_pkinit_as_req_create(
-    krb5_context		context,
-    krb5_timestamp		kctime,      
-    krb5_int32			cusec,		/* microseconds */
-    krb5_ui_4			nonce,
-    const krb5_checksum		*cksum,
-    krb5_pkinit_signing_cert_t   client_cert,	/* required */
-    const krb5_data		*trusted_CAs,	/* optional list of CA certs */
-    krb5_ui_4			num_trusted_CAs,
-    const krb5_data		*kdc_cert,	/* optional KDC cert */
-    krb5_data			*as_req)	/* mallocd and RETURNED */
+    krb5_context                context,
+    krb5_timestamp              kctime,
+    krb5_int32                  cusec,          /* microseconds */
+    krb5_ui_4                   nonce,
+    const krb5_checksum         *cksum,
+    krb5_pkinit_signing_cert_t   client_cert,   /* required */
+    const krb5_data             *trusted_CAs,   /* optional list of CA certs */
+    krb5_ui_4                   num_trusted_CAs,
+    const krb5_data             *kdc_cert,      /* optional KDC cert */
+    krb5_data                   *as_req)        /* mallocd and RETURNED */
 {
     krb5_data auth_pack = {0};
     krb5_error_code krtn;
     krb5_data content_info = {0};
     krb5int_algorithm_id *cms_types = NULL;
     krb5_ui_4 num_cms_types = 0;
-    
+
     /* issuer/serial numbers for trusted_CAs and kdc_cert, if we have them */
-    krb5_data *ca_issuer_sn = NULL;	    /* issuer/serial_num for trusted_CAs */
-    krb5_data kdc_issuer_sn = {0};	    /* issuer/serial_num for kdc_cert */
+    krb5_data *ca_issuer_sn = NULL;         /* issuer/serial_num for trusted_CAs */
+    krb5_data kdc_issuer_sn = {0};          /* issuer/serial_num for kdc_cert */
     krb5_data *kdc_issuer_sn_p = NULL;
-    
+
     /* optional platform-dependent CMS algorithm preference */
     krtn = krb5int_pkinit_get_cms_types(&cms_types, &num_cms_types);
     if(krtn) {
-	return krtn;
+        return krtn;
     }
-    
+
     /* encode the core authPack */
-    krtn = krb5int_pkinit_auth_pack_encode(kctime, cusec, nonce, cksum, 
-	cms_types, num_cms_types,
-	&auth_pack);
+    krtn = krb5int_pkinit_auth_pack_encode(kctime, cusec, nonce, cksum,
+                                           cms_types, num_cms_types,
+                                           &auth_pack);
     if(krtn) {
-	goto errOut;
+        goto errOut;
     }
 
     /* package the AuthPack up in a SignedData inside a ContentInfo */
-    krtn = krb5int_pkinit_create_cms_msg(&auth_pack, 
-	client_cert,
-	NULL,		/* recip_cert */
-	ECT_PkAuthData,
-	0, NULL,	/* cms_types */
-	&content_info);
+    krtn = krb5int_pkinit_create_cms_msg(&auth_pack,
+                                         client_cert,
+                                         NULL,           /* recip_cert */
+                                         ECT_PkAuthData,
+                                         0, NULL,        /* cms_types */
+                                         &content_info);
     if(krtn) {
-	goto errOut;
+        goto errOut;
     }
-    
+
     /* if we have trusted_CAs, get issuer/serials */
     if(trusted_CAs) {
-	unsigned dex;
-	ca_issuer_sn = (krb5_data *)malloc(num_trusted_CAs * sizeof(krb5_data));
-	if(ca_issuer_sn == NULL) {
-	    krtn = ENOMEM;
-	    goto errOut;
-	}
-	for(dex=0; dex<num_trusted_CAs; dex++) {
-	    krtn = krb5int_pkinit_get_issuer_serial(&trusted_CAs[dex], 
-		&ca_issuer_sn[dex]);
-	    if(krtn) {
-		goto errOut;
-	    }
-	}
+        unsigned dex;
+        ca_issuer_sn = (krb5_data *)malloc(num_trusted_CAs * sizeof(krb5_data));
+        if(ca_issuer_sn == NULL) {
+            krtn = ENOMEM;
+            goto errOut;
+        }
+        for(dex=0; dex<num_trusted_CAs; dex++) {
+            krtn = krb5int_pkinit_get_issuer_serial(&trusted_CAs[dex],
+                                                    &ca_issuer_sn[dex]);
+            if(krtn) {
+                goto errOut;
+            }
+        }
     }
-    
+
     /* If we have a KDC cert, get its issuer/serial */
     if(kdc_cert) {
-	krtn = krb5int_pkinit_get_issuer_serial(kdc_cert, &kdc_issuer_sn);
-	if(krtn) {
-	    goto errOut;
-	}
-	kdc_issuer_sn_p = &kdc_issuer_sn;
+        krtn = krb5int_pkinit_get_issuer_serial(kdc_cert, &kdc_issuer_sn);
+        if(krtn) {
+            goto errOut;
+        }
+        kdc_issuer_sn_p = &kdc_issuer_sn;
     }
-    
+
     /* cook up PA-PK-AS-REQ */
-    krtn = krb5int_pkinit_pa_pk_as_req_encode(&content_info, 
-	ca_issuer_sn, num_trusted_CAs,	
-	kdc_issuer_sn_p,
-	as_req);
-    
+    krtn = krb5int_pkinit_pa_pk_as_req_encode(&content_info,
+                                              ca_issuer_sn, num_trusted_CAs,
+                                              kdc_issuer_sn_p,
+                                              as_req);
+
 errOut:
     if(cms_types) {
-       krb5int_pkinit_free_cms_types(cms_types, num_cms_types); 
+        krb5int_pkinit_free_cms_types(cms_types, num_cms_types);
     }
     if(auth_pack.data) {
-	free(auth_pack.data);
+        free(auth_pack.data);
     }
     if(content_info.data) {
-	free(content_info.data);
+        free(content_info.data);
     }
     if(trusted_CAs) {
-	unsigned dex;
-	for(dex=0; dex<num_trusted_CAs; dex++) {
-	    free(ca_issuer_sn[dex].data);
-	}
-	free(ca_issuer_sn);
+        unsigned dex;
+        for(dex=0; dex<num_trusted_CAs; dex++) {
+            free(ca_issuer_sn[dex].data);
+        }
+        free(ca_issuer_sn);
     }
     if(kdc_cert) {
-	free(kdc_issuer_sn.data);
+        free(kdc_issuer_sn.data);
     }
     return krtn;
 }
 
 /*
- * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain. 
- * Optionally returns various components. 
+ * Parse PA-PK-AS-REP message. Optionally evaluates the message's certificate chain.
+ * Optionally returns various components.
  */
 krb5_error_code krb5int_pkinit_as_rep_parse(
-    krb5_context		context,
-    const krb5_data		*as_rep,
-    krb5_pkinit_signing_cert_t   client_cert,	/* required */
-    krb5_keyblock		*key_block,     /* RETURNED */
-    krb5_checksum		*checksum,	/* checksum of corresponding AS-REQ */
-						/*   contents mallocd and RETURNED */
-    krb5int_cert_sig_status	*cert_status,   /* RETURNED */
+    krb5_context                context,
+    const krb5_data             *as_rep,
+    krb5_pkinit_signing_cert_t   client_cert,   /* required */
+    krb5_keyblock               *key_block,     /* RETURNED */
+    krb5_checksum               *checksum,      /* checksum of corresponding AS-REQ */
+                                                /*   contents mallocd and RETURNED */
+    krb5int_cert_sig_status     *cert_status,   /* RETURNED */
 
     /*
      * Cert fields, all optionally RETURNED.
      *
      * signer_cert is the full X.509 leaf cert from the incoming SignedData.
      * all_certs is an array of all of the certs in the incoming SignedData,
-     *    in full X.509 form. 
+     *    in full X.509 form.
      */
-    krb5_data		    *signer_cert,   /* content mallocd */
-    unsigned		    *num_all_certs, /* sizeof *all_certs */
-    krb5_data		    **all_certs)    /* krb5_data's and their content mallocd */
+    krb5_data               *signer_cert,   /* content mallocd */
+    unsigned                *num_all_certs, /* sizeof *all_certs */
+    krb5_data               **all_certs)    /* krb5_data's and their content mallocd */
 {
     krb5_data reply_key_pack = {0, 0, NULL};
     krb5_error_code krtn;
@@ -179,83 +180,83 @@ krb5_error_code krb5int_pkinit_as_rep_parse(
     krb5_pkinit_cert_db_t cert_db = NULL;
     krb5_boolean is_signed;
     krb5_boolean is_encrypted;
-    
-    assert((as_rep != NULL) && (checksum != NULL) && 
+
+    assert((as_rep != NULL) && (checksum != NULL) &&
            (key_block != NULL) && (cert_status != NULL));
-    
-    /* 
+
+    /*
      * Decode the top-level PA-PK-AS-REP
      */
     krtn = krb5int_pkinit_pa_pk_as_rep_decode(as_rep, &dh_signed_data, &enc_key_pack);
     if(krtn) {
-	pkiCssmErr("krb5int_pkinit_pa_pk_as_rep_decode", krtn);
-	return krtn;
+        pkiCssmErr("krb5int_pkinit_pa_pk_as_rep_decode", krtn);
+        return krtn;
     }
     if(dh_signed_data.data) {
-	/* not for this implementation... */
-	pkiDebug("krb5int_pkinit_as_rep_parse: unexpected dh_signed_data\n");
-	krtn = ASN1_BAD_FORMAT;
-	goto err_out;
+        /* not for this implementation... */
+        pkiDebug("krb5int_pkinit_as_rep_parse: unexpected dh_signed_data\n");
+        krtn = ASN1_BAD_FORMAT;
+        goto err_out;
     }
     if(enc_key_pack.data == NULL) {
-	/* REQUIRED for this implementation... */
-	pkiDebug("krb5int_pkinit_as_rep_parse: no enc_key_pack\n");
-	krtn = ASN1_BAD_FORMAT;
-	goto err_out;
+        /* REQUIRED for this implementation... */
+        pkiDebug("krb5int_pkinit_as_rep_parse: no enc_key_pack\n");
+        krtn = ASN1_BAD_FORMAT;
+        goto err_out;
     }
-   
+
     krtn = krb5_pkinit_get_client_cert_db(NULL, client_cert, &cert_db);
     if(krtn) {
-	pkiDebug("krb5int_pkinit_as_rep_parse: error in krb5_pkinit_get_client_cert_db\n");
-	goto err_out;
+        pkiDebug("krb5int_pkinit_as_rep_parse: error in krb5_pkinit_get_client_cert_db\n");
+        goto err_out;
     }
 
     /*
-     * enc_key_pack is an EnvelopedData(SignedData(keyPack), encrypted 
-     * with our cert (which krb5int_pkinit_parse_content_info() finds 
+     * enc_key_pack is an EnvelopedData(SignedData(keyPack), encrypted
+     * with our cert (which krb5int_pkinit_parse_content_info() finds
      * implicitly).
      */
     krtn = krb5int_pkinit_parse_cms_msg(&enc_key_pack, cert_db, FALSE,
-	&is_signed, &is_encrypted,
-	&reply_key_pack, &content_type,
-	signer_cert, cert_status, num_all_certs, all_certs);
+                                        &is_signed, &is_encrypted,
+                                        &reply_key_pack, &content_type,
+                                        signer_cert, cert_status, num_all_certs, all_certs);
     if(krtn) {
-	pkiDebug("krb5int_pkinit_as_rep_parse: error decoding EnvelopedData\n");
-	goto err_out;
+        pkiDebug("krb5int_pkinit_as_rep_parse: error decoding EnvelopedData\n");
+        goto err_out;
     }
     if(!is_encrypted || !is_signed) {
-	pkiDebug("krb5int_pkinit_as_rep_parse: not signed and encrypted!\n");
-	krtn = KRB5_PARSE_MALFORMED;
-	goto err_out;
+        pkiDebug("krb5int_pkinit_as_rep_parse: not signed and encrypted!\n");
+        krtn = KRB5_PARSE_MALFORMED;
+        goto err_out;
     }
     if(content_type != ECT_PkReplyKeyKata) {
-	pkiDebug("replyKeyPack eContentType %d!\n", (int)content_type);
-	krtn = KRB5_PARSE_MALFORMED;
-	goto err_out;
+        pkiDebug("replyKeyPack eContentType %d!\n", (int)content_type);
+        krtn = KRB5_PARSE_MALFORMED;
+        goto err_out;
     }
-     
-    /* 
+
+    /*
      * Finally, decode that inner content as the ReplyKeyPack which contains
      * the actual key and nonce
      */
     krtn = krb5int_pkinit_reply_key_pack_decode(&reply_key_pack, key_block, checksum);
     if(krtn) {
-	pkiDebug("krb5int_pkinit_as_rep_parse: error decoding ReplyKeyPack\n");
+        pkiDebug("krb5int_pkinit_as_rep_parse: error decoding ReplyKeyPack\n");
     }
-    
+
 err_out:
     /* free temp mallocd data that we didn't pass back to caller */
     if(reply_key_pack.data) {
-	free(reply_key_pack.data);
+        free(reply_key_pack.data);
     }
     if(enc_key_pack.data) {
-	free(enc_key_pack.data);
+        free(enc_key_pack.data);
     }
     if(dh_signed_data.data) {
-	free(dh_signed_data.data);
+        free(dh_signed_data.data);
     }
     if(cert_db) {
-	krb5_pkinit_release_cert_db(cert_db);
+        krb5_pkinit_release_cert_db(cert_db);
     }
     return krtn;
 }
diff --git a/src/lib/krb5/krb/pkinit_apple_cms.c b/src/lib/krb5/krb/pkinit_apple_cms.c
index 353bcab40..f11b4ee64 100644
--- a/src/lib/krb5/krb/pkinit_apple_cms.c
+++ b/src/lib/krb5/krb/pkinit_apple_cms.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2004-2008 Apple Inc.  All Rights Reserved.
  *
@@ -42,20 +43,20 @@
 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacTypes.h>
 
-/* 
- * Custom OIDS to specify as eContentType 
+/*
+ * Custom OIDS to specify as eContentType
  */
-#define OID_PKINIT	0x2B, 6, 1, 5, 2, 3
-#define OID_PKINIT_LEN	6
+#define OID_PKINIT      0x2B, 6, 1, 5, 2, 3
+#define OID_PKINIT_LEN  6
 
-static const uint8	OID_PKINIT_AUTH_DATA[]	    = {OID_PKINIT, 1};
-static const uint8	OID_PKINIT_RKEY_DATA[]	    = {OID_PKINIT, 3};
+static const uint8      OID_PKINIT_AUTH_DATA[]      = {OID_PKINIT, 1};
+static const uint8      OID_PKINIT_RKEY_DATA[]      = {OID_PKINIT, 3};
 
 /* these may go public so keep these symbols private */
-static const CSSM_OID	_CSSMOID_PKINIT_AUTH_DATA = 
-	{OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_AUTH_DATA};
-static const CSSM_OID	_CSSMOID_PKINIT_RKEY_DATA = 
-	{OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_RKEY_DATA};
+static const CSSM_OID   _CSSMOID_PKINIT_AUTH_DATA =
+{OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_AUTH_DATA};
+static const CSSM_OID   _CSSMOID_PKINIT_RKEY_DATA =
+{OID_PKINIT_LEN+1, (uint8 *)OID_PKINIT_RKEY_DATA};
 
 
 #pragma mark ----- CMS utilities ----
@@ -69,26 +70,26 @@ static krb5int_cert_sig_status pkiCertSigStatus(
     OSStatus certStatus)
 {
     switch(certStatus) {
-	case CSSM_OK:
-	    return pki_cs_good;
-	case CSSMERR_CSP_VERIFY_FAILED:
-	    return pki_cs_sig_verify_fail;
-	case CSSMERR_TP_NOT_TRUSTED:
-	    return pki_cs_no_root;
-	case CSSMERR_TP_INVALID_ANCHOR_CERT:
-	    return pki_cs_unknown_root;
-	case CSSMERR_TP_CERT_EXPIRED:
-	    return pki_cs_expired;
-	case CSSMERR_TP_CERT_NOT_VALID_YET:
-	    return pki_cs_not_valid_yet;
-	case CSSMERR_TP_CERT_REVOKED:
-	    return pki_cs_revoked;
-	case KRB5_KDB_UNAUTH:
-	    return pki_cs_untrusted;
-	case CSSMERR_TP_INVALID_CERTIFICATE:
-	    return pki_cs_bad_leaf;
-	default:
-	    return pki_cs_other_err;
+    case CSSM_OK:
+        return pki_cs_good;
+    case CSSMERR_CSP_VERIFY_FAILED:
+        return pki_cs_sig_verify_fail;
+    case CSSMERR_TP_NOT_TRUSTED:
+        return pki_cs_no_root;
+    case CSSMERR_TP_INVALID_ANCHOR_CERT:
+        return pki_cs_unknown_root;
+    case CSSMERR_TP_CERT_EXPIRED:
+        return pki_cs_expired;
+    case CSSMERR_TP_CERT_NOT_VALID_YET:
+        return pki_cs_not_valid_yet;
+    case CSSMERR_TP_CERT_REVOKED:
+        return pki_cs_revoked;
+    case KRB5_KDB_UNAUTH:
+        return pki_cs_untrusted;
+    case CSSMERR_TP_INVALID_CERTIFICATE:
+        return pki_cs_bad_leaf;
+    default:
+        return pki_cs_other_err;
     }
 }
 
@@ -99,24 +100,24 @@ static krb5int_cert_sig_status pkiCertSigStatus(
  */
 static krb5int_cert_sig_status pkiInferSigStatus(
     CMSSignerStatus cms_status,
-    OSStatus	    tp_status)
+    OSStatus        tp_status)
 {
     switch(cms_status) {
-	case kCMSSignerUnsigned:
-	    return pki_not_signed;
-	case kCMSSignerValid:
-	    return pki_cs_good;
-	case kCMSSignerNeedsDetachedContent:
-	    return pki_bad_cms;
-	case kCMSSignerInvalidSignature:
-	    return pki_cs_sig_verify_fail;
-	case kCMSSignerInvalidCert:
-	    /* proceed with TP status */
-	    break;
-	default:
-	    return pki_cs_other_err;
+    case kCMSSignerUnsigned:
+        return pki_not_signed;
+    case kCMSSignerValid:
+        return pki_cs_good;
+    case kCMSSignerNeedsDetachedContent:
+        return pki_bad_cms;
+    case kCMSSignerInvalidSignature:
+        return pki_cs_sig_verify_fail;
+    case kCMSSignerInvalidCert:
+        /* proceed with TP status */
+        break;
+    default:
+        return pki_cs_other_err;
     }
-    
+
     /* signature good, infer end status from TP verify */
     return pkiCertSigStatus(tp_status);
 }
@@ -130,15 +131,15 @@ static OSStatus pkiKrb5DataToSecCert(
 {
     CSSM_DATA certData;
     OSStatus ortn;
-    
+
     assert((rawCert != NULL) && (secCert != NULL));
-    
+
     certData.Data = (uint8 *)rawCert->data;
     certData.Length = rawCert->length;
-    ortn = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3, 
-	CSSM_CERT_ENCODING_DER, secCert);
+    ortn = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3,
+                                        CSSM_CERT_ENCODING_DER, secCert);
     if(ortn) {
-	pkiCssmErr("SecCertificateCreateFromData", ortn);
+        pkiCssmErr("SecCertificateCreateFromData", ortn);
     }
     return ortn;
 }
@@ -148,52 +149,52 @@ static OSStatus pkiKrb5DataToSecCert(
  */
 static krb5_error_code pkiCertArrayToKrb5Data(
     CFArrayRef  cf_certs,
-    unsigned	*num_all_certs,
-    krb5_data   **all_certs)	
+    unsigned    *num_all_certs,
+    krb5_data   **all_certs)
 {
     CFIndex num_certs;
     krb5_data *allCerts = NULL;
     krb5_error_code krtn = 0;
     CFIndex dex;
-    
+
     if(cf_certs == NULL) {
-	*all_certs = NULL;
-	return 0;
+        *all_certs = NULL;
+        return 0;
     }
     num_certs = CFArrayGetCount(cf_certs);
     *num_all_certs = (unsigned)num_certs;
     if(num_certs == 0) {
-	*all_certs = NULL;
-	return 0;
+        *all_certs = NULL;
+        return 0;
     }
     allCerts = (krb5_data *)malloc(sizeof(krb5_data) * num_certs);
     if(allCerts == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
-    for(dex=0; dex<num_certs; dex++) {	
-	CSSM_DATA cert_data;
-	OSStatus ortn;
-	SecCertificateRef sec_cert;
-	
-	sec_cert = (SecCertificateRef)CFArrayGetValueAtIndex(cf_certs, dex);
-	ortn = SecCertificateGetData(sec_cert, &cert_data);
-	if(ortn) {
-	    pkiCssmErr("SecCertificateGetData", ortn);
-	    krtn = KRB5_PARSE_MALFORMED;
-	    break;
-	}
-	krtn = pkiCssmDataToKrb5Data(&cert_data, &allCerts[dex]);
-	if(krtn) {
-	    break;
-	}
+    for(dex=0; dex<num_certs; dex++) {
+        CSSM_DATA cert_data;
+        OSStatus ortn;
+        SecCertificateRef sec_cert;
+
+        sec_cert = (SecCertificateRef)CFArrayGetValueAtIndex(cf_certs, dex);
+        ortn = SecCertificateGetData(sec_cert, &cert_data);
+        if(ortn) {
+            pkiCssmErr("SecCertificateGetData", ortn);
+            krtn = KRB5_PARSE_MALFORMED;
+            break;
+        }
+        krtn = pkiCssmDataToKrb5Data(&cert_data, &allCerts[dex]);
+        if(krtn) {
+            break;
+        }
     }
     if(krtn) {
-	if(allCerts) {
-	    free(allCerts);
-	}
+        if(allCerts) {
+            free(allCerts);
+        }
     }
     else {
-	*all_certs = allCerts;
+        *all_certs = allCerts;
     }
     return krtn;
 }
@@ -201,78 +202,78 @@ static krb5_error_code pkiCertArrayToKrb5Data(
 #pragma mark ----- Create CMS message -----
 
 /*
- * Create a CMS message: either encrypted (EnvelopedData), signed 
+ * Create a CMS message: either encrypted (EnvelopedData), signed
  * (SignedData), or both (EnvelopedData(SignedData(content)).
  *
  * The message is signed iff signing_cert is non-NULL.
  * The message is encrypted iff recip_cert is non-NULL.
  *
  * The content_type argument specifies to the eContentType
- * for a SignedData's EncapsulatedContentInfo. 
+ * for a SignedData's EncapsulatedContentInfo.
  */
 krb5_error_code krb5int_pkinit_create_cms_msg(
-    const krb5_data		*content,	/* Content */
-    krb5_pkinit_signing_cert_t	signing_cert,	/* optional: signed by this cert */
-    const krb5_data		*recip_cert,	/* optional: encrypted with this cert */
-    krb5int_cms_content_type	content_type,   /* OID for EncapsulatedData */
-    krb5_ui_4			num_cms_types,	/* optional, unused here */
-    const krb5int_algorithm_id	*cms_types,	/* optional, unused here */
-    krb5_data			*content_info)  /* contents mallocd and RETURNED */
+    const krb5_data             *content,       /* Content */
+    krb5_pkinit_signing_cert_t  signing_cert,   /* optional: signed by this cert */
+    const krb5_data             *recip_cert,    /* optional: encrypted with this cert */
+    krb5int_cms_content_type    content_type,   /* OID for EncapsulatedData */
+    krb5_ui_4                   num_cms_types,  /* optional, unused here */
+    const krb5int_algorithm_id  *cms_types,     /* optional, unused here */
+    krb5_data                   *content_info)  /* contents mallocd and RETURNED */
 {
     krb5_error_code krtn;
     OSStatus ortn;
     SecCertificateRef sec_recip = NULL;
     CFDataRef cf_content = NULL;
     const CSSM_OID *eContentOid = NULL;
-    
+
     if((signing_cert == NULL) && (recip_cert == NULL)) {
-	/* must have one or the other */
-	pkiDebug("krb5int_pkinit_create_cms_msg: no signer or recipient\n");
-	return KRB5_CRYPTO_INTERNAL;
+        /* must have one or the other */
+        pkiDebug("krb5int_pkinit_create_cms_msg: no signer or recipient\n");
+        return KRB5_CRYPTO_INTERNAL;
     }
-    
-    /* 
-     * Optional signer cert. Note signing_cert, if present, is 
-     * a SecIdentityRef. 
+
+    /*
+     * Optional signer cert. Note signing_cert, if present, is
+     * a SecIdentityRef.
      */
     if(recip_cert) {
-	if(pkiKrb5DataToSecCert(recip_cert, &sec_recip)) {
-	    krtn = ASN1_BAD_FORMAT;
-	    goto errOut;
-	}
+        if(pkiKrb5DataToSecCert(recip_cert, &sec_recip)) {
+            krtn = ASN1_BAD_FORMAT;
+            goto errOut;
+        }
     }
-    
+
     /* optional eContentType */
     if(signing_cert) {
-	switch(content_type) {
-	    case ECT_PkAuthData:
-		eContentOid = &_CSSMOID_PKINIT_AUTH_DATA;
-		break;
-	    case ECT_PkReplyKeyKata:
-		eContentOid = &_CSSMOID_PKINIT_RKEY_DATA;
-		break;
-	    case ECT_Data:
-		/* the only standard/default case we allow */
-		break;
-	    default:
-		/* others: no can do */
-		pkiDebug("krb5int_pkinit_create_cms_msg: bad contentType\n");
-		krtn = KRB5_CRYPTO_INTERNAL;
-		goto errOut;
-	}
+        switch(content_type) {
+        case ECT_PkAuthData:
+            eContentOid = &_CSSMOID_PKINIT_AUTH_DATA;
+            break;
+        case ECT_PkReplyKeyKata:
+            eContentOid = &_CSSMOID_PKINIT_RKEY_DATA;
+            break;
+        case ECT_Data:
+            /* the only standard/default case we allow */
+            break;
+        default:
+            /* others: no can do */
+            pkiDebug("krb5int_pkinit_create_cms_msg: bad contentType\n");
+            krtn = KRB5_CRYPTO_INTERNAL;
+            goto errOut;
+        }
     }
-    
+
     /* GO */
     ortn = CMSEncode((SecIdentityRef)signing_cert, sec_recip,
-	eContentOid, 
-	FALSE,		/* detachedContent */
-	kCMSAttrNone,	/* no signed attributes that I know of */
-	content->data, content->length,
-	&cf_content);
+                     eContentOid,
+                     FALSE,          /* detachedContent */
+                     kCMSAttrNone,   /* no signed attributes that I know of */
+                     content->data, content->length,
+                     &cf_content);
     if(ortn) {
-	pkiCssmErr("CMSEncode", ortn);
-	krtn = KRB5_CRYPTO_INTERNAL;
-	goto errOut;
+        pkiCssmErr("CMSEncode", ortn);
+        krtn = KRB5_CRYPTO_INTERNAL;
+        goto errOut;
     }
     krtn = pkiCfDataToKrb5Data(cf_content, content_info);
 errOut:
@@ -285,22 +286,22 @@ errOut:
 
 /*
  * Parse a ContentInfo as best we can. All return fields are optional.
- * If signer_cert_status is NULL on entry, NO signature or cert evaluation 
- * will be performed. 
+ * If signer_cert_status is NULL on entry, NO signature or cert evaluation
+ * will be performed.
  */
 krb5_error_code krb5int_pkinit_parse_cms_msg(
-    const krb5_data	    *content_info,
-    krb5_pkinit_cert_db_t   cert_db,		/* may be required for SignedData */
-    krb5_boolean	    is_client_msg,	/* TRUE : msg is from client */
-    krb5_boolean	    *is_signed,		/* RETURNED */
-    krb5_boolean	    *is_encrypted,	/* RETURNED */
-    krb5_data		    *raw_data,		/* RETURNED */
+    const krb5_data         *content_info,
+    krb5_pkinit_cert_db_t   cert_db,            /* may be required for SignedData */
+    krb5_boolean            is_client_msg,      /* TRUE : msg is from client */
+    krb5_boolean            *is_signed,         /* RETURNED */
+    krb5_boolean            *is_encrypted,      /* RETURNED */
+    krb5_data               *raw_data,          /* RETURNED */
     krb5int_cms_content_type *inner_content_type,/* Returned, ContentType of */
-						/*    EncapsulatedData */
-    krb5_data		    *signer_cert,	/* RETURNED */
+    /*    EncapsulatedData */
+    krb5_data               *signer_cert,       /* RETURNED */
     krb5int_cert_sig_status *signer_cert_status,/* RETURNED */
-    unsigned		    *num_all_certs,	/* size of *all_certs RETURNED */
-    krb5_data		    **all_certs)	/* entire cert chain RETURNED */
+    unsigned                *num_all_certs,     /* size of *all_certs RETURNED */
+    krb5_data               **all_certs)        /* entire cert chain RETURNED */
 {
     SecPolicySearchRef policy_search = NULL;
     SecPolicyRef policy = NULL;
@@ -312,219 +313,219 @@ krb5_error_code krb5int_pkinit_parse_cms_msg(
     OSStatus cert_verify_status;
     CFArrayRef cf_all_certs = NULL;
     int msg_is_signed = 0;
-    
+
     if(content_info == NULL) {
-	pkiDebug("krb5int_pkinit_parse_cms_msg: no ContentInfo\n");
-	return KRB5_CRYPTO_INTERNAL;
+        pkiDebug("krb5int_pkinit_parse_cms_msg: no ContentInfo\n");
+        return KRB5_CRYPTO_INTERNAL;
     }
-    
+
     ortn = CMSDecoderCreate(&decoder);
     if(ortn) {
-	return ENOMEM;
+        return ENOMEM;
     }
     ortn = CMSDecoderUpdateMessage(decoder, content_info->data, content_info->length);
     if(ortn) {
-	/* no verify yet, must be bad message */
-	krtn = KRB5_PARSE_MALFORMED;
-	goto errOut;
+        /* no verify yet, must be bad message */
+        krtn = KRB5_PARSE_MALFORMED;
+        goto errOut;
     }
     ortn = CMSDecoderFinalizeMessage(decoder);
     if(ortn) {
-	pkiCssmErr("CMSDecoderFinalizeMessage", ortn);
-	krtn = KRB5_PARSE_MALFORMED;
-	goto errOut;
+        pkiCssmErr("CMSDecoderFinalizeMessage", ortn);
+        krtn = KRB5_PARSE_MALFORMED;
+        goto errOut;
     }
 
     /* expect zero or one signers */
     ortn = CMSDecoderGetNumSigners(decoder, &num_signers);
     switch(num_signers) {
-	case 0:
-	    msg_is_signed = 0;
-	    break;
-	case 1:
-	    msg_is_signed = 1;
-	    break;
-	default:
-	    krtn = KRB5_PARSE_MALFORMED;
-	    goto errOut;
+    case 0:
+        msg_is_signed = 0;
+        break;
+    case 1:
+        msg_is_signed = 1;
+        break;
+    default:
+        krtn = KRB5_PARSE_MALFORMED;
+        goto errOut;
     }
 
     /*
-     * We need a cert verify policy even if we're not actually evaluating 
+     * We need a cert verify policy even if we're not actually evaluating
      * the cert due to requirements in libsecurity_smime.
      */
     ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3,
-	is_client_msg ? &CSSMOID_APPLE_TP_PKINIT_CLIENT : &CSSMOID_APPLE_TP_PKINIT_SERVER, 
-	NULL, &policy_search);
+                                 is_client_msg ? &CSSMOID_APPLE_TP_PKINIT_CLIENT : &CSSMOID_APPLE_TP_PKINIT_SERVER,
+                                 NULL, &policy_search);
     if(ortn) {
-	pkiCssmErr("SecPolicySearchCreate", ortn);
-	krtn = KRB5_CRYPTO_INTERNAL;
-	goto errOut;
+        pkiCssmErr("SecPolicySearchCreate", ortn);
+        krtn = KRB5_CRYPTO_INTERNAL;
+        goto errOut;
     }
     ortn = SecPolicySearchCopyNext(policy_search, &policy);
     if(ortn) {
-	pkiCssmErr("SecPolicySearchCopyNext", ortn);
-	krtn = KRB5_CRYPTO_INTERNAL;
-	goto errOut;
+        pkiCssmErr("SecPolicySearchCopyNext", ortn);
+        krtn = KRB5_CRYPTO_INTERNAL;
+        goto errOut;
     }
-    
+
     /* get some basic status that doesn't need heavyweight evaluation */
     if(msg_is_signed) {
-	if(is_signed) {
-	    *is_signed = TRUE;
-	}
-	if(inner_content_type) {
-	    CSSM_OID ec_oid = {0, NULL};
-	    CFDataRef ec_data = NULL;
-	    
-	    krb5int_cms_content_type ctype;
-	    
-	    ortn = CMSDecoderCopyEncapsulatedContentType(decoder, &ec_data);
-	    if(ortn || (ec_data == NULL)) {
-		pkiCssmErr("CMSDecoderCopyEncapsulatedContentType", ortn);
-		krtn = KRB5_CRYPTO_INTERNAL;
-		goto errOut;
-	    }
-	    ec_oid.Data = (uint8 *)CFDataGetBytePtr(ec_data);
-	    ec_oid.Length = CFDataGetLength(ec_data);
-	    if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_Data)) {
-		ctype = ECT_Data;
-	    }
-	    else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_SignedData)) {
-		ctype = ECT_SignedData;
-	    }
-	    else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_EnvelopedData)) {
-		ctype = ECT_EnvelopedData;
-	    }
-	    else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_EncryptedData)) {
-		ctype = ECT_EncryptedData;
-	    }
-	    else if(pkiCompareCssmData(&ec_oid, &_CSSMOID_PKINIT_AUTH_DATA)) {
-		ctype = ECT_PkAuthData;
-	    }
-	    else if(pkiCompareCssmData(&ec_oid, &_CSSMOID_PKINIT_RKEY_DATA)) {
-		ctype = ECT_PkReplyKeyKata;
-	    }
-	    else {
-		ctype = ECT_Other;
-	    }
-	    *inner_content_type = ctype;
-	    CFRelease(ec_data);
-	}
-	
-	/* 
-	 * Get SignedData's certs if the caller wants them
-	 */
-	if(all_certs) {	    
-	    ortn = CMSDecoderCopyAllCerts(decoder, &cf_all_certs);
-	    if(ortn) {
-		pkiCssmErr("CMSDecoderCopyAllCerts", ortn);
-		krtn = KRB5_CRYPTO_INTERNAL;
-		goto errOut;
-	    }
-	    krtn = pkiCertArrayToKrb5Data(cf_all_certs, num_all_certs, all_certs);
-	    if(krtn) {
-		goto errOut;
-	    }
-	}
-	
-	/* optional signer cert */
-	if(signer_cert) {
-	    SecCertificateRef sec_signer_cert = NULL;
-	    CSSM_DATA cert_data;
-
-	    ortn = CMSDecoderCopySignerCert(decoder, 0, &sec_signer_cert);
-	    if(ortn) {
-		/* should never happen if it's signed */
-		pkiCssmErr("CMSDecoderCopySignerStatus", ortn);
-		krtn = KRB5_CRYPTO_INTERNAL;
-		goto errOut;
-	    }
-	    ortn = SecCertificateGetData(sec_signer_cert, &cert_data);
-	    if(ortn) {
-		pkiCssmErr("SecCertificateGetData", ortn);
-		CFRelease(sec_signer_cert);
-		krtn = KRB5_CRYPTO_INTERNAL;
-		goto errOut;
-	    }
-	    krtn = pkiDataToKrb5Data(cert_data.Data, cert_data.Length, signer_cert);
-	    CFRelease(sec_signer_cert);
-	    if(krtn) {
-		goto errOut;
-	    }
-	}
+        if(is_signed) {
+            *is_signed = TRUE;
+        }
+        if(inner_content_type) {
+            CSSM_OID ec_oid = {0, NULL};
+            CFDataRef ec_data = NULL;
+
+            krb5int_cms_content_type ctype;
+
+            ortn = CMSDecoderCopyEncapsulatedContentType(decoder, &ec_data);
+            if(ortn || (ec_data == NULL)) {
+                pkiCssmErr("CMSDecoderCopyEncapsulatedContentType", ortn);
+                krtn = KRB5_CRYPTO_INTERNAL;
+                goto errOut;
+            }
+            ec_oid.Data = (uint8 *)CFDataGetBytePtr(ec_data);
+            ec_oid.Length = CFDataGetLength(ec_data);
+            if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_Data)) {
+                ctype = ECT_Data;
+            }
+            else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_SignedData)) {
+                ctype = ECT_SignedData;
+            }
+            else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_EnvelopedData)) {
+                ctype = ECT_EnvelopedData;
+            }
+            else if(pkiCompareCssmData(&ec_oid, &CSSMOID_PKCS7_EncryptedData)) {
+                ctype = ECT_EncryptedData;
+            }
+            else if(pkiCompareCssmData(&ec_oid, &_CSSMOID_PKINIT_AUTH_DATA)) {
+                ctype = ECT_PkAuthData;
+            }
+            else if(pkiCompareCssmData(&ec_oid, &_CSSMOID_PKINIT_RKEY_DATA)) {
+                ctype = ECT_PkReplyKeyKata;
+            }
+            else {
+                ctype = ECT_Other;
+            }
+            *inner_content_type = ctype;
+            CFRelease(ec_data);
+        }
+
+        /*
+         * Get SignedData's certs if the caller wants them
+         */
+        if(all_certs) {
+            ortn = CMSDecoderCopyAllCerts(decoder, &cf_all_certs);
+            if(ortn) {
+                pkiCssmErr("CMSDecoderCopyAllCerts", ortn);
+                krtn = KRB5_CRYPTO_INTERNAL;
+                goto errOut;
+            }
+            krtn = pkiCertArrayToKrb5Data(cf_all_certs, num_all_certs, all_certs);
+            if(krtn) {
+                goto errOut;
+            }
+        }
+
+        /* optional signer cert */
+        if(signer_cert) {
+            SecCertificateRef sec_signer_cert = NULL;
+            CSSM_DATA cert_data;
+
+            ortn = CMSDecoderCopySignerCert(decoder, 0, &sec_signer_cert);
+            if(ortn) {
+                /* should never happen if it's signed */
+                pkiCssmErr("CMSDecoderCopySignerStatus", ortn);
+                krtn = KRB5_CRYPTO_INTERNAL;
+                goto errOut;
+            }
+            ortn = SecCertificateGetData(sec_signer_cert, &cert_data);
+            if(ortn) {
+                pkiCssmErr("SecCertificateGetData", ortn);
+                CFRelease(sec_signer_cert);
+                krtn = KRB5_CRYPTO_INTERNAL;
+                goto errOut;
+            }
+            krtn = pkiDataToKrb5Data(cert_data.Data, cert_data.Length, signer_cert);
+            CFRelease(sec_signer_cert);
+            if(krtn) {
+                goto errOut;
+            }
+        }
     }
     else {
-	/* not signed */
-	if(is_signed) {
-	    *is_signed = FALSE;
-	}
-	if(inner_content_type) {
-	    *inner_content_type = ECT_Other;
-	}
-	if(signer_cert) {
-	    signer_cert->data = NULL;
-	    signer_cert->length = 0;
-	}
-	if(signer_cert_status) {
-	    *signer_cert_status = pki_not_signed;
-	}
-	if(num_all_certs) {
-	    *num_all_certs = 0;
-	}
-	if(all_certs) {
-	    *all_certs = NULL;
-	}
+        /* not signed */
+        if(is_signed) {
+            *is_signed = FALSE;
+        }
+        if(inner_content_type) {
+            *inner_content_type = ECT_Other;
+        }
+        if(signer_cert) {
+            signer_cert->data = NULL;
+            signer_cert->length = 0;
+        }
+        if(signer_cert_status) {
+            *signer_cert_status = pki_not_signed;
+        }
+        if(num_all_certs) {
+            *num_all_certs = 0;
+        }
+        if(all_certs) {
+            *all_certs = NULL;
+        }
     }
     if(is_encrypted) {
-	Boolean bencr;
-	ortn = CMSDecoderIsContentEncrypted(decoder, &bencr);
-	if(ortn) {
-	    pkiCssmErr("CMSDecoderCopySignerStatus", ortn);
-	    krtn = KRB5_CRYPTO_INTERNAL;
-	    goto errOut;
-	}
-	*is_encrypted = bencr ? TRUE : FALSE;
+        Boolean bencr;
+        ortn = CMSDecoderIsContentEncrypted(decoder, &bencr);
+        if(ortn) {
+            pkiCssmErr("CMSDecoderCopySignerStatus", ortn);
+            krtn = KRB5_CRYPTO_INTERNAL;
+            goto errOut;
+        }
+        *is_encrypted = bencr ? TRUE : FALSE;
     }
-    
-    /* 
+
+    /*
      * Verify signature and cert. The actual verify operation is optional,
      * per our signer_cert_status argument, but we do this anyway if we need
      * to get the signer cert.
      */
     if((signer_cert_status != NULL) || (signer_cert != NULL)) {
-	
-	ortn = CMSDecoderCopySignerStatus(decoder, 
-	    0,					    /* signerIndex */
-	    policy,
-	    signer_cert_status ? TRUE : FALSE,	    /* evaluateSecTrust */
-	    &signer_status,
-	    NULL,				    /* secTrust - not needed */
-	    &cert_verify_status);
-	if(ortn) {
-	    /* gross error - subsequent processing impossible */
-	    pkiCssmErr("CMSDecoderCopySignerStatus", ortn);
-	    krtn = KRB5_PARSE_MALFORMED;
-	    goto errOut;
-	}
+
+        ortn = CMSDecoderCopySignerStatus(decoder,
+                                          0,                                      /* signerIndex */
+                                          policy,
+                                          signer_cert_status ? TRUE : FALSE,      /* evaluateSecTrust */
+                                          &signer_status,
+                                          NULL,                                   /* secTrust - not needed */
+                                          &cert_verify_status);
+        if(ortn) {
+            /* gross error - subsequent processing impossible */
+            pkiCssmErr("CMSDecoderCopySignerStatus", ortn);
+            krtn = KRB5_PARSE_MALFORMED;
+            goto errOut;
+        }
     }
     /* obtain & return status */
     if(signer_cert_status) {
-	*signer_cert_status = pkiInferSigStatus(signer_status, cert_verify_status);
+        *signer_cert_status = pkiInferSigStatus(signer_status, cert_verify_status);
     }
-    
+
     /* finally, the payload */
     if(raw_data) {
-	CFDataRef cf_content = NULL;
-	
-	ortn = CMSDecoderCopyContent(decoder, &cf_content);
-	if(ortn) {
-	    pkiCssmErr("CMSDecoderCopyContent", ortn);
-	    krtn = KRB5_PARSE_MALFORMED;
-	    goto errOut;
-	}
-	krtn = pkiCfDataToKrb5Data(cf_content, raw_data);
-	CFRELEASE(cf_content);
+        CFDataRef cf_content = NULL;
+
+        ortn = CMSDecoderCopyContent(decoder, &cf_content);
+        if(ortn) {
+            pkiCssmErr("CMSDecoderCopyContent", ortn);
+            krtn = KRB5_PARSE_MALFORMED;
+            goto errOut;
+        }
+        krtn = pkiCfDataToKrb5Data(cf_content, raw_data);
+        CFRELEASE(cf_content);
     }
 errOut:
     CFRELEASE(policy_search);
@@ -535,8 +536,8 @@ errOut:
 }
 
 krb5_error_code krb5int_pkinit_get_cms_types(
-    krb5int_algorithm_id    **supported_cms_types,	/* RETURNED */
-    krb5_ui_4		    *num_supported_cms_types)	/* RETURNED */
+    krb5int_algorithm_id    **supported_cms_types,      /* RETURNED */
+    krb5_ui_4               *num_supported_cms_types)   /* RETURNED */
 {
     /* no preference */
     *supported_cms_types = NULL;
@@ -546,12 +547,12 @@ krb5_error_code krb5int_pkinit_get_cms_types(
 
 krb5_error_code krb5int_pkinit_free_cms_types(
     krb5int_algorithm_id    *supported_cms_types,
-    krb5_ui_4		    num_supported_cms_types)
+    krb5_ui_4               num_supported_cms_types)
 {
-    /* 
+    /*
      * We don't return anything from krb5int_pkinit_get_cms_types(), and
      * if we did, it would be a pointer to a statically declared array,
-     * so this is a nop. 
+     * so this is a nop.
      */
     return 0;
 }
diff --git a/src/lib/krb5/krb/pkinit_apple_utils.c b/src/lib/krb5/krb/pkinit_apple_utils.c
index f539693fd..83b592218 100644
--- a/src/lib/krb5/krb/pkinit_apple_utils.c
+++ b/src/lib/krb5/krb/pkinit_apple_utils.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2004-2008 Apple Inc.  All Rights Reserved.
  *
@@ -28,7 +29,7 @@
  *
  * Created 19 May 2004 by Doug Mitchell at Apple.
  */
- 
+
 #if APPLE_PKINIT
 
 #include "pkinit_apple_utils.h"
@@ -41,7 +42,7 @@
 #include <ctype.h>
 #include <Security/Security.h>
 
-/* 
+/*
  * Cruft needed to attach to a module
  */
 static CSSM_VERSION vers = {2, 0};
@@ -51,28 +52,28 @@ static const CSSM_GUID testGuid = { 0xFADE, 0, 0, { 1,2,3,4,5,6,7,0 }};
  * Standard app-level memory functions required by CDSA.
  */
 static void * cuAppMalloc (CSSM_SIZE size, void *allocRef) {
-	return( malloc(size) );
+    return( malloc(size) );
 }
 
 static void cuAppFree (void *mem_ptr, void *allocRef) {
-	free(mem_ptr);
- 	return;
+    free(mem_ptr);
+    return;
 }
 
 static void * cuAppRealloc (void *ptr, CSSM_SIZE size, void *allocRef) {
-	return( realloc( ptr, size ) );
+    return( realloc( ptr, size ) );
 }
 
 static void * cuAppCalloc (uint32 num, CSSM_SIZE size, void *allocRef) {
-	return( calloc( num, size ) );
+    return( calloc( num, size ) );
 }
 
 static CSSM_API_MEMORY_FUNCS memFuncs = {
-	cuAppMalloc,
-	cuAppFree,
-	cuAppRealloc,
- 	cuAppCalloc,
- 	NULL
+    cuAppMalloc,
+    cuAppFree,
+    cuAppRealloc,
+    cuAppCalloc,
+    NULL
 };
 
 /*
@@ -84,23 +85,23 @@ static CSSM_BOOL cuCssmStartup()
 {
     CSSM_RETURN  crtn;
     CSSM_PVC_MODE pvcPolicy = CSSM_PVC_NONE;
-    
+
     if(cssmInitd) {
-	return CSSM_TRUE;
-    }  
-    crtn = CSSM_Init (&vers, 
-	CSSM_PRIVILEGE_SCOPE_NONE,
-	&testGuid,
-	CSSM_KEY_HIERARCHY_NONE,
-	&pvcPolicy,
-	NULL /* reserved */);
-    if(crtn != CSSM_OK) 
+        return CSSM_TRUE;
+    }
+    crtn = CSSM_Init (&vers,
+                      CSSM_PRIVILEGE_SCOPE_NONE,
+                      &testGuid,
+                      CSSM_KEY_HIERARCHY_NONE,
+                      &pvcPolicy,
+                      NULL /* reserved */);
+    if(crtn != CSSM_OK)
     {
-	return CSSM_FALSE;
+        return CSSM_FALSE;
     }
     else {
-	cssmInitd = CSSM_TRUE;
-	return CSSM_TRUE;
+        cssmInitd = CSSM_TRUE;
+        return CSSM_TRUE;
     }
 }
 
@@ -108,42 +109,42 @@ CSSM_CL_HANDLE pkiClStartup(void)
 {
     CSSM_CL_HANDLE clHand;
     CSSM_RETURN crtn;
-    
+
     if(cuCssmStartup() == CSSM_FALSE) {
-	return 0;
+        return 0;
     }
     crtn = CSSM_ModuleLoad(&gGuidAppleX509CL,
-	CSSM_KEY_HIERARCHY_NONE,
-	NULL,			/* eventHandler */
-	NULL);			/* AppNotifyCallbackCtx */
+                           CSSM_KEY_HIERARCHY_NONE,
+                           NULL,                   /* eventHandler */
+                           NULL);                  /* AppNotifyCallbackCtx */
     if(crtn) {
-	return 0;
+        return 0;
     }
     crtn = CSSM_ModuleAttach (&gGuidAppleX509CL,
-	&vers,
-	&memFuncs,		    /* memFuncs */
-	0,			    /* SubserviceID */
-	CSSM_SERVICE_CL,	    /* SubserviceFlags - Where is this used? */
-	0,			    /* AttachFlags */
-	CSSM_KEY_HIERARCHY_NONE,
-	NULL,			    /* FunctionTable */
-	0,			    /* NumFuncTable */
-	NULL,			    /* reserved */
-	&clHand);
+                              &vers,
+                              &memFuncs,                  /* memFuncs */
+                              0,                          /* SubserviceID */
+                              CSSM_SERVICE_CL,            /* SubserviceFlags - Where is this used? */
+                              0,                          /* AttachFlags */
+                              CSSM_KEY_HIERARCHY_NONE,
+                              NULL,                       /* FunctionTable */
+                              0,                          /* NumFuncTable */
+                              NULL,                       /* reserved */
+                              &clHand);
     if(crtn) {
-	return 0;
+        return 0;
     }
     else {
-	return clHand;
+        return clHand;
     }
 }
 
 CSSM_RETURN pkiClDetachUnload(
-	CSSM_CL_HANDLE  clHand)
+    CSSM_CL_HANDLE  clHand)
 {
     CSSM_RETURN crtn = CSSM_ModuleDetach(clHand);
     if(crtn) {
-	return crtn;
+        return crtn;
     }
     return CSSM_ModuleUnload(&gGuidAppleX509CL, NULL, NULL);
 }
@@ -152,33 +153,33 @@ CSSM_RETURN pkiClDetachUnload(
  * CSSM_DATA <--> krb5_ui_4
  */
 krb5_error_code pkiDataToInt(
-    const CSSM_DATA *cdata, 
-    krb5_int32       *i)	/* RETURNED */
+    const CSSM_DATA *cdata,
+    krb5_int32       *i)        /* RETURNED */
 {
     krb5_ui_4 len;
     krb5_int32 rtn = 0;
     krb5_ui_4 dex;
     uint8 *cp = NULL;
-    
+
     if((cdata->Length == 0) || (cdata->Data == NULL)) {
-	*i = 0;
-	return 0;
+        *i = 0;
+        return 0;
     }
     len = cdata->Length;
     if(len > sizeof(krb5_int32)) {
-	return ASN1_BAD_LENGTH;
+        return ASN1_BAD_LENGTH;
     }
-    
+
     cp = cdata->Data;
     for(dex=0; dex<len; dex++) {
-	rtn = (rtn << 8) | *cp++;
+        rtn = (rtn << 8) | *cp++;
     }
     *i = rtn;
     return 0;
 }
 
 krb5_error_code pkiIntToData(
-    krb5_int32	    num,
+    krb5_int32      num,
     CSSM_DATA       *cdata,
     SecAsn1CoderRef coder)
 {
@@ -186,26 +187,26 @@ krb5_error_code pkiIntToData(
     uint32 len = 0;
     uint8 *cp = NULL;
     unsigned i;
-    
+
     if(unum < 0x100) {
-	len = 1;
+        len = 1;
     }
     else if(unum < 0x10000) {
-	len = 2;
+        len = 2;
     }
     else if(unum < 0x1000000) {
-	len = 3;
+        len = 3;
     }
     else {
-	len = 4;
+        len = 4;
     }
     if(SecAsn1AllocItem(coder, cdata, len)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     cp = &cdata->Data[len - 1];
     for(i=0; i<len; i++) {
-	*cp-- = unum & 0xff;
-	unum >>= 8;
+        *cp-- = unum & 0xff;
+        unum >>= 8;
     }
     return 0;
 }
@@ -222,14 +223,14 @@ krb5_error_code pkiDataToKrb5Data(
     assert(kd != NULL);
     kd->data = (char *)malloc(dataLen);
     if(kd->data == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
     kd->length = dataLen;
     memmove(kd->data, data, dataLen);
     return 0;
 }
 
-/* 
+/*
  * CSSM_DATA <--> krb5_data
  *
  * CSSM_DATA data is managed by a SecAsn1CoderRef; krb5_data data is mallocd.
@@ -237,7 +238,7 @@ krb5_error_code pkiDataToKrb5Data(
  * Both return nonzero on error.
  */
 krb5_error_code pkiCssmDataToKrb5Data(
-    const CSSM_DATA *cd, 
+    const CSSM_DATA *cd,
     krb5_data *kd)
 {
     assert(cd != NULL);
@@ -251,20 +252,20 @@ krb5_error_code pkiKrb5DataToCssm(
 {
     assert((cd != NULL) && (kd != NULL));
     if(SecAsn1AllocCopy(coder, kd->data, kd->length, cd)) {
-	return ENOMEM;
+        return ENOMEM;
     }
     return 0;
 }
 
-/* 
+/*
  * CFDataRef --> krb5_data, mallocing the destination contents.
  */
 krb5_error_code pkiCfDataToKrb5Data(
-    CFDataRef	    cfData,
-    krb5_data	    *kd)	/* content mallocd and RETURNED */
+    CFDataRef       cfData,
+    krb5_data       *kd)        /* content mallocd and RETURNED */
 {
     return pkiDataToKrb5Data(CFDataGetBytePtr(cfData),
-	CFDataGetLength(cfData), kd);
+                             CFDataGetLength(cfData), kd);
 }
 
 krb5_boolean pkiCompareCssmData(
@@ -272,79 +273,79 @@ krb5_boolean pkiCompareCssmData(
     const CSSM_DATA *d2)
 {
     if((d1 == NULL) || (d2 == NULL)) {
-	return FALSE;
+        return FALSE;
     }
     if(d1->Length != d2->Length) {
-	return FALSE;
+        return FALSE;
     }
     if(memcmp(d1->Data, d2->Data, d1->Length)) {
-	return FALSE;
+        return FALSE;
     }
     else {
-	return TRUE;
+        return TRUE;
     }
 }
 
-/* 
+/*
  * krb5_timestamp --> a mallocd string in generalized format
  */
 krb5_error_code pkiKrbTimestampToStr(
     krb5_timestamp kts,
-    char **str)		    /* mallocd and RETURNED */
+    char **str)             /* mallocd and RETURNED */
 {
     char *outStr = NULL;
     time_t gmt_time = kts;
     struct tm *utc = gmtime(&gmt_time);
     if (utc == NULL ||
-	utc->tm_year > 8099 || utc->tm_mon > 11 ||
-	utc->tm_mday > 31 || utc->tm_hour > 23 ||
-	utc->tm_min > 59 || utc->tm_sec > 59) {
-	return ASN1_BAD_GMTIME;
+        utc->tm_year > 8099 || utc->tm_mon > 11 ||
+        utc->tm_mday > 31 || utc->tm_hour > 23 ||
+        utc->tm_min > 59 || utc->tm_sec > 59) {
+        return ASN1_BAD_GMTIME;
     }
     if (asprintf(&outStr, "%04d%02d%02d%02d%02d%02dZ",
-		 utc->tm_year + 1900, utc->tm_mon + 1,
-		 utc->tm_mday, utc->tm_hour, utc->tm_min, utc->tm_sec) < 0) {
-	return ENOMEM;
+                 utc->tm_year + 1900, utc->tm_mon + 1,
+                 utc->tm_mday, utc->tm_hour, utc->tm_min, utc->tm_sec) < 0) {
+        return ENOMEM;
     }
     *str = outStr;
     return 0;
 }
 
 krb5_error_code pkiTimeStrToKrbTimestamp(
-    const char		*str,
-    unsigned		len,
+    const char          *str,
+    unsigned            len,
     krb5_timestamp      *kts)       /* RETURNED */
 {
-    char 	szTemp[5];
-    unsigned 	x;
-    unsigned 	i;
-    char 	*cp;
-    struct tm	tmp;
+    char        szTemp[5];
+    unsigned    x;
+    unsigned    i;
+    char        *cp;
+    struct tm   tmp;
     time_t      t;
-    
+
     if(len != 15) {
-	return ASN1_BAD_LENGTH;
+        return ASN1_BAD_LENGTH;
     }
 
     if((str == NULL) || (kts == NULL)) {
-    	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     }
-  	
+
     cp = (char *)str;
     memset(&tmp, 0, sizeof(tmp));
-    
+
     /* check that all characters except last are digits */
     for(i=0; i<(len - 1); i++) {
-	if ( !(isdigit(cp[i])) ) {
-	    return ASN1_BAD_TIMEFORMAT;
-	}
+        if ( !(isdigit(cp[i])) ) {
+            return ASN1_BAD_TIMEFORMAT;
+        }
     }
 
     /* check last character is a 'Z' */
-    if(cp[len - 1] != 'Z' )	{
-	return ASN1_BAD_TIMEFORMAT;
+    if(cp[len - 1] != 'Z' )     {
+        return ASN1_BAD_TIMEFORMAT;
     }
-    
+
     /* YEAR */
     szTemp[0] = *cp++;
     szTemp[1] = *cp++;
@@ -362,7 +363,7 @@ krb5_error_code pkiTimeStrToKrbTimestamp(
     x = atoi( szTemp );
     /* in the string, months are from 1 to 12 */
     if((x > 12) || (x <= 0)) {
-	return ASN1_BAD_TIMEFORMAT;
+        return ASN1_BAD_TIMEFORMAT;
     }
     /* in a tm, 0 to 11 */
     tmp.tm_mon = x - 1;
@@ -374,7 +375,7 @@ krb5_error_code pkiTimeStrToKrbTimestamp(
     x = atoi( szTemp );
     /* 1..31 */
     if((x > 31) || (x <= 0)) {
-	return ASN1_BAD_TIMEFORMAT;
+        return ASN1_BAD_TIMEFORMAT;
     }
     tmp.tm_mday = x;
 
@@ -384,7 +385,7 @@ krb5_error_code pkiTimeStrToKrbTimestamp(
     szTemp[2] = '\0';
     x = atoi( szTemp );
     if((x > 23) || (x < 0)) {
-	return ASN1_BAD_TIMEFORMAT;
+        return ASN1_BAD_TIMEFORMAT;
     }
     tmp.tm_hour = x;
 
@@ -394,7 +395,7 @@ krb5_error_code pkiTimeStrToKrbTimestamp(
     szTemp[2] = '\0';
     x = atoi( szTemp );
     if((x > 59) || (x < 0)) {
-	return ASN1_BAD_TIMEFORMAT;
+        return ASN1_BAD_TIMEFORMAT;
     }
     tmp.tm_min = x;
 
@@ -404,12 +405,12 @@ krb5_error_code pkiTimeStrToKrbTimestamp(
     szTemp[2] = '\0';
     x = atoi( szTemp );
     if((x > 59) || (x < 0)) {
-	return ASN1_BAD_TIMEFORMAT;
+        return ASN1_BAD_TIMEFORMAT;
     }
     tmp.tm_sec = x;
     t = timegm(&tmp);
     if(t == -1) {
-	return ASN1_BAD_TIMEFORMAT;
+        return ASN1_BAD_TIMEFORMAT;
     }
     *kts = t;
     return 0;
@@ -423,9 +424,9 @@ unsigned pkiNssArraySize(
 {
     unsigned count = 0;
     if (array) {
-	while (*array++) {
-	    count++;
-	}
+        while (*array++) {
+            count++;
+        }
     }
     return count;
 }
diff --git a/src/lib/krb5/krb/pr_to_salt.c b/src/lib/krb5/krb/pr_to_salt.c
index 545d86fb1..5d57bc599 100644
--- a/src/lib/krb5/krb/pr_to_salt.c
+++ b/src/lib/krb5/krb/pr_to_salt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/pr_to_salt.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_principal2salt()
  */
@@ -30,7 +31,7 @@
 #include "k5-int.h"
 
 static krb5_error_code krb5_principal2salt_internal
-    (krb5_context, krb5_const_principal, krb5_data *ret, int);
+(krb5_context, krb5_const_principal, krb5_data *ret, int);
 
 /*
  * Convert a krb5_principal into the default salt for that principal.
@@ -43,32 +44,32 @@ krb5_principal2salt_internal(krb5_context context, register krb5_const_principal
     register int i;
 
     if (pr == 0) {
-	ret->length = 0;
-	ret->data = 0;
-	return 0;
+        ret->length = 0;
+        ret->data = 0;
+        return 0;
     }
 
     nelem = krb5_princ_size(context, pr);
 
     if (use_realm)
-	    size += krb5_princ_realm(context, pr)->length;
+        size += krb5_princ_realm(context, pr)->length;
 
     for (i = 0; i < (int) nelem; i++)
-	size += krb5_princ_component(context, pr, i)->length;
+        size += krb5_princ_component(context, pr, i)->length;
 
     ret->length = size;
     if (!(ret->data = malloc (size)))
-	return ENOMEM;
+        return ENOMEM;
 
     if (use_realm) {
-	    offset = krb5_princ_realm(context, pr)->length;
-	    memcpy(ret->data, krb5_princ_realm(context, pr)->data, offset);
+        offset = krb5_princ_realm(context, pr)->length;
+        memcpy(ret->data, krb5_princ_realm(context, pr)->data, offset);
     }
 
     for (i = 0; i < (int) nelem; i++) {
-	memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data,
-	       krb5_princ_component(context, pr, i)->length);
-	offset += krb5_princ_component(context, pr, i)->length;
+        memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data,
+               krb5_princ_component(context, pr, i)->length);
+        offset += krb5_princ_component(context, pr, i)->length;
     }
     return 0;
 }
@@ -76,11 +77,11 @@ krb5_principal2salt_internal(krb5_context context, register krb5_const_principal
 krb5_error_code
 krb5_principal2salt(krb5_context context, register krb5_const_principal pr, krb5_data *ret)
 {
-	return krb5_principal2salt_internal(context, pr, ret, 1);
+    return krb5_principal2salt_internal(context, pr, ret, 1);
 }
 
 krb5_error_code
 krb5_principal2salt_norealm(krb5_context context, register krb5_const_principal pr, krb5_data *ret)
 {
-	return krb5_principal2salt_internal(context, pr, ret, 0);
+    return krb5_principal2salt_internal(context, pr, ret, 0);
 }
diff --git a/src/lib/krb5/krb/preauth.c b/src/lib/krb5/krb/preauth.c
index 06b2f50b8..9061aa9b6 100644
--- a/src/lib/krb5/krb/preauth.c
+++ b/src/lib/krb5/krb/preauth.c
@@ -25,7 +25,7 @@
 
 /*
  * This file contains routines for establishing, verifying, and any other
- * necessary functions, for utilizing the pre-authentication field of the 
+ * necessary functions, for utilizing the pre-authentication field of the
  * kerberos kdc request, with various hardware/software verification devices.
  */
 
@@ -72,7 +72,7 @@ static krb5_error_code obtain_sam_padata
 	(krb5_context,
 	 krb5_pa_data *,
 	 krb5_etype_info,
-	 krb5_keyblock *, 
+	 krb5_keyblock *,
 	 krb5_error_code ( * )(krb5_context,
 			       const krb5_enctype,
 			       krb5_data *,
@@ -179,24 +179,24 @@ krb5_error_code krb5_obtain_padata(krb5_context context, krb5_pa_data **preauth_
     if (etype_info) {
 	enctype = etype_info[0]->etype;
 	salt.data = (char *) etype_info[0]->salt;
-	if(etype_info[0]->length == KRB5_ETYPE_NO_SALT) 
+	if(etype_info[0]->length == KRB5_ETYPE_NO_SALT)
 	  salt.length = SALT_TYPE_NO_LENGTH; /* XXX */
-	else 
+	else
 	  salt.length = etype_info[0]->length;
     }
     if (salt.length == SALT_TYPE_NO_LENGTH) {
         /*
-	 * This will set the salt length 
+	 * This will set the salt length
 	 */
 	if ((retval = krb5_principal2salt(context, request->client, &salt)))
 	    goto cleanup;
 	f_salt = 1;
     }
-    
+
     if ((retval = (*key_proc)(context, enctype, &salt, key_seed,
 			      &def_enc_key)))
 	goto cleanup;
-    
+
 
     for (pa = preauth_to_use; *pa; pa++) {
 	if (find_pa_system((*pa)->pa_type, &ops))
@@ -204,7 +204,7 @@ krb5_error_code krb5_obtain_padata(krb5_context context, krb5_pa_data **preauth_
 
 	if (ops->obtain == 0)
 	    continue;
-	
+
 	retval = ((ops)->obtain)(context, *pa, etype_info, def_enc_key,
 				 key_proc, key_seed, creds,
 				 request, send_pa);
@@ -233,7 +233,7 @@ cleanup:
     if (def_enc_key)
 	krb5_free_keyblock(context, def_enc_key);
     return retval;
-    
+
 }
 
 krb5_error_code
@@ -243,7 +243,7 @@ krb5_process_padata(krb5_context context, krb5_kdc_req *request, krb5_kdc_rep *a
     const krb5_preauth_ops * 	ops;
     krb5_pa_data **		pa;
     krb5_int32			done = 0;
-    
+
     *do_more = 0;		/* By default, we don't need to repeat... */
     if (as_reply->padata == 0)
 	return 0;
@@ -254,7 +254,7 @@ krb5_process_padata(krb5_context context, krb5_kdc_req *request, krb5_kdc_rep *a
 
 	if (ops->process == 0)
 	    continue;
-	
+
 	retval = ((ops)->process)(context, *pa, request, as_reply,
 				  key_proc, keyseed, decrypt_proc,
 				  decrypt_key, creds, do_more, &done);
@@ -298,7 +298,7 @@ obtain_enc_ts_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_i
 
     krb5_free_data(context, scratch);
     scratch = 0;
-    
+
     if ((retval = encode_krb5_enc_data(&enc_data, &scratch)) != 0)
 	goto cleanup;
 
@@ -318,7 +318,7 @@ obtain_enc_ts_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_i
     scratch = 0;
 
     retval = 0;
-    
+
 cleanup:
     if (scratch)
 	krb5_free_data(context, scratch);
@@ -332,14 +332,14 @@ process_pw_salt(krb5_context context, krb5_pa_data *padata, krb5_kdc_req *reques
 {
     krb5_error_code	retval;
     krb5_data		salt;
-    
+
     if (*decrypt_key != 0)
 	return 0;
 
     salt.data = (char *) padata->contents;
-    salt.length = 
+    salt.length =
       (padata->pa_type == KRB5_PADATA_AFS3_SALT)?(SALT_TYPE_AFS_LENGTH):(padata->length);
-    
+
     if ((retval = (*key_proc)(context, as_reply->enc_part.enctype,
 			      &salt, keyseed, decrypt_key))) {
 	*decrypt_key = 0;
@@ -348,19 +348,19 @@ process_pw_salt(krb5_context context, krb5_pa_data *padata, krb5_kdc_req *reques
 
     return 0;
 }
-    
+
 static krb5_error_code
 find_pa_system(krb5_preauthtype type, const krb5_preauth_ops **preauth)
 {
     const krb5_preauth_ops *ap = preauth_systems;
-    
+
     while ((ap->type != -1) && (ap->type != type))
 	ap++;
     if (ap->type == -1)
 	return(KRB5_PREAUTH_BAD_TYPE);
     *preauth = ap;
     return 0;
-} 
+}
 
 
 extern const char *krb5_default_pwd_prompt1;
@@ -381,14 +381,14 @@ sam_get_pass_from_user(krb5_context context, krb5_etype_info etype_info, git_key
       krb5_data newpw;
       newpw.data = 0; newpw.length = 0;
       /* we don't keep the new password, just the key... */
-      retval = (*key_proc)(context, enctype, 0, 
+      retval = (*key_proc)(context, enctype, 0,
 			   (krb5_const_pointer)&newpw, new_enc_key);
       free(newpw.data);
     }
     krb5_default_pwd_prompt1 = oldprompt;
     return retval;
 }
-static 
+static
 char *handle_sam_labels(krb5_sam_challenge *sc)
 {
     char *label = sc->sam_challenge_label.data;
@@ -433,7 +433,7 @@ char *handle_sam_labels(krb5_sam_challenge *sc)
 
     /* example:
        Challenge for Digital Pathways mechanism: [134591]
-       Passcode: 
+       Passcode:
      */
     krb5int_buf_init_dynamic(&buf);
     if (challenge_len) {
@@ -511,7 +511,7 @@ obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info
 	retval = ENOMEM;
 	goto cleanup;
       }
-      retval = sam_get_pass_from_user(context, etype_info, key_proc, 
+      retval = sam_get_pass_from_user(context, etype_info, key_proc,
 				      key_seed, request, &sam_use_key,
 				      prompt);
       if (retval)
@@ -524,15 +524,15 @@ obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info
     }
 
     /* so at this point, either sam_use_key is generated from the passcode
-     * or enc_sam_response_enc.sam_sad is set to it, and we use 
+     * or enc_sam_response_enc.sam_sad is set to it, and we use
      * def_enc_key instead. */
     /* encode the encoded part of the response */
     if ((retval = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc,
 						   &scratch)) != 0)
       goto cleanup;
 
-    if ((retval = krb5_encrypt_data(context, 
-				    sam_use_key?sam_use_key:def_enc_key, 
+    if ((retval = krb5_encrypt_data(context,
+				    sam_use_key?sam_use_key:def_enc_key,
 				    0, scratch,
 				    &sam_response.sam_enc_nonce_or_ts)))
       goto cleanup;
@@ -552,7 +552,7 @@ obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info
 
     if ((retval = encode_krb5_sam_response(&sam_response, &scratch)) != 0)
 	goto cleanup;
-    
+
     if ((pa = malloc(sizeof(krb5_pa_data))) == NULL) {
 	retval = ENOMEM;
 	goto cleanup;
@@ -567,7 +567,7 @@ obtain_sam_padata(krb5_context context, krb5_pa_data *in_padata, krb5_etype_info
     *out_padata = pa;
 
     retval = 0;
-    
+
 cleanup:
     krb5_free_data(context, scratch);
     krb5_free_sam_challenge(context, sam_challenge);
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index 996cbfd36..7ee086037 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1995, 2003, 2008 by the Massachusetts Institute of Technology.  All
  * Rights Reserved.
@@ -25,7 +26,7 @@
 
 /*
  * This file contains routines for establishing, verifying, and any other
- * necessary functions, for utilizing the pre-authentication field of the 
+ * necessary functions, for utilizing the pre-authentication field of the
  * kerberos kdc request, with various hardware/software verification devices.
  */
 
@@ -50,17 +51,17 @@ static const char *objdirs[] = { LIBDIR "/krb5/plugins/preauth", NULL };
 #endif
 
 typedef krb5_error_code (*pa_function)(krb5_context,
-				       krb5_kdc_req *request,
-				       krb5_pa_data *in_padata,
-				       krb5_pa_data **out_padata,
-				       krb5_data *salt, krb5_data *s2kparams,
-				       krb5_enctype *etype,
-				       krb5_keyblock *as_key,
-				       krb5_prompter_fct prompter_fct,
-				       void *prompter_data,
-				       krb5_gic_get_as_key_fct gak_fct,
-				       void *gak_data);
-				 
+                                       krb5_kdc_req *request,
+                                       krb5_pa_data *in_padata,
+                                       krb5_pa_data **out_padata,
+                                       krb5_data *salt, krb5_data *s2kparams,
+                                       krb5_enctype *etype,
+                                       krb5_keyblock *as_key,
+                                       krb5_prompter_fct prompter_fct,
+                                       void *prompter_data,
+                                       krb5_gic_get_as_key_fct gak_fct,
+                                       void *gak_data);
+
 typedef struct _pa_types_t {
     krb5_preauthtype type;
     pa_function fct;
@@ -85,27 +86,27 @@ krb5_init_preauth_context(krb5_context kcontext)
 
     /* Only do this once for each krb5_context */
     if (kcontext->preauth_context != NULL)
-	return;
+        return;
 
     /* load the plugins for the current context */
     if (PLUGIN_DIR_OPEN(&kcontext->preauth_plugins) == 0) {
-	if (krb5int_open_plugin_dirs(objdirs, NULL,
-				     &kcontext->preauth_plugins,
-				     &kcontext->err) != 0) {
-		return;
-	}
+        if (krb5int_open_plugin_dirs(objdirs, NULL,
+                                     &kcontext->preauth_plugins,
+                                     &kcontext->err) != 0) {
+            return;
+        }
     }
 
     /* pull out the module function tables for all of the modules */
     tables = NULL;
     if (krb5int_get_plugin_dir_data(&kcontext->preauth_plugins,
-				    "preauthentication_client_1",
-				    &tables,
-				    &kcontext->err) != 0) {
-	return;
+                                    "preauthentication_client_1",
+                                    &tables,
+                                    &kcontext->err) != 0) {
+        return;
     }
     if (tables == NULL) {
-	return;
+        return;
     }
 
     /* count how many modules we ended up loading, and how many preauth
@@ -114,23 +115,23 @@ krb5_init_preauth_context(krb5_context kcontext)
     for (n_tables = 0;
          (tables != NULL) && (tables[n_tables] != NULL);
          n_tables++) {
-	table = tables[n_tables];
-	if ((table->pa_type_list != NULL) && (table->process != NULL)) {
-	    for (j = 0; table->pa_type_list[j] > 0; j++) {
-		n_modules++;
-	    }
-	}
+        table = tables[n_tables];
+        if ((table->pa_type_list != NULL) && (table->process != NULL)) {
+            for (j = 0; table->pa_type_list[j] > 0; j++) {
+                n_modules++;
+            }
+        }
     }
 
     /* allocate the space we need */
     context = malloc(sizeof(*context));
     if (context == NULL) {
-	krb5int_free_plugin_dir_data(tables);
+        krb5int_free_plugin_dir_data(tables);
         return;
     }
     context->modules = calloc(n_modules, sizeof(context->modules[0]));
     if (context->modules == NULL) {
-	krb5int_free_plugin_dir_data(tables);
+        krb5int_free_plugin_dir_data(tables);
         free(context);
         return;
     }
@@ -141,64 +142,64 @@ krb5_init_preauth_context(krb5_context kcontext)
     for (i = 0; i < n_tables; i++) {
         table = tables[i];
         if ((table->pa_type_list != NULL) && (table->process != NULL)) {
-	    plugin_context = NULL;
-	    if ((table->init != NULL) &&
-		((*table->init)(kcontext, &plugin_context) != 0)) {
+            plugin_context = NULL;
+            if ((table->init != NULL) &&
+                ((*table->init)(kcontext, &plugin_context) != 0)) {
 #ifdef DEBUG
-		    fprintf (stderr, "init err, skipping module \"%s\"\n",
-			     table->name);
+                fprintf (stderr, "init err, skipping module \"%s\"\n",
+                         table->name);
 #endif
-		    continue;
-	    }
-
-	    rcpp = NULL;
-	    for (j = 0; table->pa_type_list[j] > 0; j++) {
-		pa_type = table->pa_type_list[j];
-		context->modules[k].pa_type = pa_type;
-		context->modules[k].enctypes = table->enctype_list;
-		context->modules[k].plugin_context = plugin_context;
-		/* Only call client_fini once per plugin */
-		if (j == 0)
-		    context->modules[k].client_fini = table->fini;
-		else
-		    context->modules[k].client_fini = NULL;
-		context->modules[k].ftable = table;
-		context->modules[k].name = table->name;
-		context->modules[k].flags = (*table->flags)(kcontext, pa_type);
-		context->modules[k].use_count = 0;
-		context->modules[k].client_process = table->process;
-		context->modules[k].client_tryagain = table->tryagain;
-		if (j == 0)
-		    context->modules[k].client_supply_gic_opts = table->gic_opts;
-		else
-		    context->modules[k].client_supply_gic_opts = NULL;
-		context->modules[k].request_context = NULL;
-		/*
-		 * Only call request_init and request_fini once per plugin.
-		 * Only the first module within each plugin will ever
-		 * have request_context filled in.  Every module within
-		 * the plugin will have its request_context_pp pointing
-		 * to that entry's request_context.  That way all the
-		 * modules within the plugin share the same request_context
-		 */
-		if (j == 0) {
-		    context->modules[k].client_req_init = table->request_init;
-		    context->modules[k].client_req_fini = table->request_fini;
-		    rcpp = &context->modules[k].request_context;
-		} else {
-		    context->modules[k].client_req_init = NULL;
-		    context->modules[k].client_req_fini = NULL;
-		}
-		context->modules[k].request_context_pp = rcpp;
+                continue;
+            }
+
+            rcpp = NULL;
+            for (j = 0; table->pa_type_list[j] > 0; j++) {
+                pa_type = table->pa_type_list[j];
+                context->modules[k].pa_type = pa_type;
+                context->modules[k].enctypes = table->enctype_list;
+                context->modules[k].plugin_context = plugin_context;
+                /* Only call client_fini once per plugin */
+                if (j == 0)
+                    context->modules[k].client_fini = table->fini;
+                else
+                    context->modules[k].client_fini = NULL;
+                context->modules[k].ftable = table;
+                context->modules[k].name = table->name;
+                context->modules[k].flags = (*table->flags)(kcontext, pa_type);
+                context->modules[k].use_count = 0;
+                context->modules[k].client_process = table->process;
+                context->modules[k].client_tryagain = table->tryagain;
+                if (j == 0)
+                    context->modules[k].client_supply_gic_opts = table->gic_opts;
+                else
+                    context->modules[k].client_supply_gic_opts = NULL;
+                context->modules[k].request_context = NULL;
+                /*
+                 * Only call request_init and request_fini once per plugin.
+                 * Only the first module within each plugin will ever
+                 * have request_context filled in.  Every module within
+                 * the plugin will have its request_context_pp pointing
+                 * to that entry's request_context.  That way all the
+                 * modules within the plugin share the same request_context
+                 */
+                if (j == 0) {
+                    context->modules[k].client_req_init = table->request_init;
+                    context->modules[k].client_req_fini = table->request_fini;
+                    rcpp = &context->modules[k].request_context;
+                } else {
+                    context->modules[k].client_req_init = NULL;
+                    context->modules[k].client_req_fini = NULL;
+                }
+                context->modules[k].request_context_pp = rcpp;
 #ifdef DEBUG
-		fprintf (stderr, "init module \"%s\", pa_type %d, flag %d\n",
-			 context->modules[k].name,
-			 context->modules[k].pa_type,
-			 context->modules[k].flags);
+                fprintf (stderr, "init module \"%s\", pa_type %d, flag %d\n",
+                         context->modules[k].name,
+                         context->modules[k].pa_type,
+                         context->modules[k].flags);
 #endif
-		k++;
-	    }
-	}
+                k++;
+            }
+        }
     }
     krb5int_free_plugin_dir_data(tables);
 
@@ -214,9 +215,9 @@ krb5_clear_preauth_context_use_counts(krb5_context context)
 {
     int i;
     if (context->preauth_context != NULL) {
-	for (i = 0; i < context->preauth_context->n_modules; i++) {
-	    context->preauth_context->modules[i].use_count = 0;
-	}
+        for (i = 0; i < context->preauth_context->n_modules; i++) {
+            context->preauth_context->modules[i].use_count = 0;
+        }
     }
 }
 
@@ -226,9 +227,9 @@ krb5_clear_preauth_context_use_counts(krb5_context context)
  */
 krb5_error_code
 krb5_preauth_supply_preauth_data(krb5_context context,
-				 krb5_gic_opt_ext *opte,
-				 const char *attr,
-				 const char *value)
+                                 krb5_gic_opt_ext *opte,
+                                 const char *attr,
+                                 const char *value)
 {
     krb5_error_code retval = 0;
     int i;
@@ -236,13 +237,13 @@ krb5_preauth_supply_preauth_data(krb5_context context,
     const char *emsg = NULL;
 
     if (context->preauth_context == NULL)
-	krb5_init_preauth_context(context);
+        krb5_init_preauth_context(context);
     if (context->preauth_context == NULL) {
-	retval = EINVAL;
-	krb5int_set_error(&context->err, retval,
-		"krb5_preauth_supply_preauth_data: "
-		"Unable to initialize preauth context");
-	return retval;
+        retval = EINVAL;
+        krb5int_set_error(&context->err, retval,
+                          "krb5_preauth_supply_preauth_data: "
+                          "Unable to initialize preauth context");
+        return retval;
     }
 
     /*
@@ -250,19 +251,19 @@ krb5_preauth_supply_preauth_data(krb5_context context,
      * attribute/value pair.
      */
     for (i = 0; i < context->preauth_context->n_modules; i++) {
-	if (context->preauth_context->modules[i].client_supply_gic_opts == NULL)
-	    continue;
-	pctx = context->preauth_context->modules[i].plugin_context;
-	retval = (*context->preauth_context->modules[i].client_supply_gic_opts)
-				(context, pctx,
-				 (krb5_get_init_creds_opt *)opte, attr, value); 
-	if (retval) {
-	    emsg = krb5_get_error_message(context, retval);
-	    krb5int_set_error(&context->err, retval, "Preauth plugin %s: %s",
-			      context->preauth_context->modules[i].name, emsg);
-	    krb5_free_error_message(context, emsg);
-	    break;
-	}
+        if (context->preauth_context->modules[i].client_supply_gic_opts == NULL)
+            continue;
+        pctx = context->preauth_context->modules[i].plugin_context;
+        retval = (*context->preauth_context->modules[i].client_supply_gic_opts)
+            (context, pctx,
+             (krb5_get_init_creds_opt *)opte, attr, value);
+        if (retval) {
+            emsg = krb5_get_error_message(context, retval);
+            krb5int_set_error(&context->err, retval, "Preauth plugin %s: %s",
+                              context->preauth_context->modules[i].name, emsg);
+            krb5_free_error_message(context, emsg);
+            break;
+        }
     }
     return retval;
 }
@@ -276,20 +277,20 @@ krb5_free_preauth_context(krb5_context context)
     int i;
     void *pctx;
     if (context && context->preauth_context != NULL) {
-	for (i = 0; i < context->preauth_context->n_modules; i++) {
-	    pctx = context->preauth_context->modules[i].plugin_context;
-	    if (context->preauth_context->modules[i].client_fini != NULL) {
-	        (*context->preauth_context->modules[i].client_fini)(context, pctx);
-	    }
-	    memset(&context->preauth_context->modules[i], 0,
-	           sizeof(context->preauth_context->modules[i]));
-	}
-	if (context->preauth_context->modules != NULL) {
-	    free(context->preauth_context->modules);
-	    context->preauth_context->modules = NULL;
-	}
-	free(context->preauth_context);
-	context->preauth_context = NULL;
+        for (i = 0; i < context->preauth_context->n_modules; i++) {
+            pctx = context->preauth_context->modules[i].plugin_context;
+            if (context->preauth_context->modules[i].client_fini != NULL) {
+                (*context->preauth_context->modules[i].client_fini)(context, pctx);
+            }
+            memset(&context->preauth_context->modules[i], 0,
+                   sizeof(context->preauth_context->modules[i]));
+        }
+        if (context->preauth_context->modules != NULL) {
+            free(context->preauth_context->modules);
+            context->preauth_context->modules = NULL;
+        }
+        free(context->preauth_context);
+        context->preauth_context = NULL;
     }
 }
 
@@ -303,15 +304,15 @@ krb5_preauth_request_context_init(krb5_context context)
 
     /* Limit this to only one attempt per context? */
     if (context->preauth_context == NULL)
-	krb5_init_preauth_context(context);
+        krb5_init_preauth_context(context);
     if (context->preauth_context != NULL) {
-	for (i = 0; i < context->preauth_context->n_modules; i++) {
-	    pctx = context->preauth_context->modules[i].plugin_context;
-	    if (context->preauth_context->modules[i].client_req_init != NULL) {
-		rctx = context->preauth_context->modules[i].request_context_pp;
-		(*context->preauth_context->modules[i].client_req_init) (context, pctx, rctx);
-	    }
-	}
+        for (i = 0; i < context->preauth_context->n_modules; i++) {
+            pctx = context->preauth_context->modules[i].plugin_context;
+            if (context->preauth_context->modules[i].client_req_init != NULL) {
+                rctx = context->preauth_context->modules[i].request_context_pp;
+                (*context->preauth_context->modules[i].client_req_init) (context, pctx, rctx);
+            }
+        }
     }
 }
 
@@ -323,16 +324,16 @@ krb5_preauth_request_context_fini(krb5_context context)
     int i;
     void *rctx, *pctx;
     if (context->preauth_context != NULL) {
-	for (i = 0; i < context->preauth_context->n_modules; i++) {
-	    pctx = context->preauth_context->modules[i].plugin_context;
-	    rctx = context->preauth_context->modules[i].request_context;
-	    if (rctx != NULL) {
-		if (context->preauth_context->modules[i].client_req_fini != NULL) {
-		    (*context->preauth_context->modules[i].client_req_fini)(context, pctx, rctx);
-		}
-		context->preauth_context->modules[i].request_context = NULL;
-	    }
-	}
+        for (i = 0; i < context->preauth_context->n_modules; i++) {
+            pctx = context->preauth_context->modules[i].plugin_context;
+            rctx = context->preauth_context->modules[i].request_context;
+            if (rctx != NULL) {
+                if (context->preauth_context->modules[i].client_req_fini != NULL) {
+                    (*context->preauth_context->modules[i].client_req_fini)(context, pctx, rctx);
+                }
+                context->preauth_context->modules[i].request_context = NULL;
+            }
+        }
     }
 }
 
@@ -343,18 +344,18 @@ grow_ktypes(krb5_enctype **out_ktypes, int *out_nktypes, krb5_enctype ktype)
     int i;
     krb5_enctype *ktypes;
     for (i = 0; i < *out_nktypes; i++) {
-	if ((*out_ktypes)[i] == ktype)
-	    return;
+        if ((*out_ktypes)[i] == ktype)
+            return;
     }
     ktypes = malloc((*out_nktypes + 2) * sizeof(ktype));
     if (ktypes) {
-	for (i = 0; i < *out_nktypes; i++)
-	    ktypes[i] = (*out_ktypes)[i];
-	ktypes[i++] = ktype;
-	ktypes[i] = 0;
-	free(*out_ktypes);
-	*out_ktypes = ktypes;
-	*out_nktypes = i;
+        for (i = 0; i < *out_nktypes; i++)
+            ktypes[i] = (*out_ktypes)[i];
+        ktypes[i++] = ktype;
+        ktypes[i] = 0;
+        free(*out_ktypes);
+        *out_ktypes = ktypes;
+        *out_nktypes = i;
     }
 }
 
@@ -364,42 +365,42 @@ grow_ktypes(krb5_enctype **out_ktypes, int *out_nktypes, krb5_enctype ktype)
  */
 static int
 grow_pa_list(krb5_pa_data ***out_pa_list, int *out_pa_list_size,
-	     krb5_pa_data **addition, int num_addition)
+             krb5_pa_data **addition, int num_addition)
 {
     krb5_pa_data **pa_list;
     int i, j;
 
     if (out_pa_list == NULL || addition == NULL) {
-	return EINVAL;
+        return EINVAL;
     }
 
     if (*out_pa_list == NULL) {
-	/* Allocate room for the new additions and a NULL terminator. */
-	pa_list = malloc((num_addition + 1) * sizeof(krb5_pa_data *));
-	if (pa_list == NULL)
-	    return ENOMEM;
-	for (i = 0; i < num_addition; i++)
-	    pa_list[i] = addition[i];
-	pa_list[i] = NULL;
-	*out_pa_list = pa_list;
-	*out_pa_list_size = num_addition;
+        /* Allocate room for the new additions and a NULL terminator. */
+        pa_list = malloc((num_addition + 1) * sizeof(krb5_pa_data *));
+        if (pa_list == NULL)
+            return ENOMEM;
+        for (i = 0; i < num_addition; i++)
+            pa_list[i] = addition[i];
+        pa_list[i] = NULL;
+        *out_pa_list = pa_list;
+        *out_pa_list_size = num_addition;
     } else {
-	/*
-	 * Allocate room for the existing entries plus
-	 * the new additions and a NULL terminator.
-	 */
-	pa_list = malloc((*out_pa_list_size + num_addition + 1)
-						* sizeof(krb5_pa_data *));
-	if (pa_list == NULL)
-	    return ENOMEM;
-	for (i = 0; i < *out_pa_list_size; i++)
-	    pa_list[i] = (*out_pa_list)[i];
-	for (j = 0; j < num_addition;)
-	    pa_list[i++] = addition[j++];
-	pa_list[i] = NULL;
-	free(*out_pa_list);
-	*out_pa_list = pa_list;
-	*out_pa_list_size = i;
+        /*
+         * Allocate room for the existing entries plus
+         * the new additions and a NULL terminator.
+         */
+        pa_list = malloc((*out_pa_list_size + num_addition + 1)
+                         * sizeof(krb5_pa_data *));
+        if (pa_list == NULL)
+            return ENOMEM;
+        for (i = 0; i < *out_pa_list_size; i++)
+            pa_list[i] = (*out_pa_list)[i];
+        for (j = 0; j < num_addition;)
+            pa_list[i++] = addition[j++];
+        pa_list[i] = NULL;
+        free(*out_pa_list);
+        *out_pa_list = pa_list;
+        *out_pa_list_size = i;
     }
     return 0;
 }
@@ -416,81 +417,81 @@ grow_pa_list(krb5_pa_data ***out_pa_list, int *out_pa_list_size,
 
 static krb5_error_code
 client_data_proc(krb5_context kcontext,
-		 krb5_preauth_client_rock *rock,
-		 krb5_int32 request_type,
-		 krb5_data **retdata)
+                 krb5_preauth_client_rock *rock,
+                 krb5_int32 request_type,
+                 krb5_data **retdata)
 {
     krb5_data *ret;
     krb5_error_code retval;
     char *data;
 
     if (rock->magic != CLIENT_ROCK_MAGIC)
-	return EINVAL;
+        return EINVAL;
     if (retdata == NULL)
-	return EINVAL;
+        return EINVAL;
 
     switch (request_type) {
     case krb5plugin_preauth_client_get_etype:
-	{
-	    krb5_enctype *eptr;
-	    ret = malloc(sizeof(krb5_data));
-	    if (ret == NULL)
-		return ENOMEM;
-	    data = malloc(sizeof(krb5_enctype));
-	    if (data == NULL) {
-		free(ret);
-		return ENOMEM;
-	    }
-	    ret->data = data;
-	    ret->length = sizeof(krb5_enctype);
-	    eptr = (krb5_enctype *)data;
-	    *eptr = *rock->etype;
-	    *retdata = ret;
-	    return 0;
-	}
-	break;
+    {
+        krb5_enctype *eptr;
+        ret = malloc(sizeof(krb5_data));
+        if (ret == NULL)
+            return ENOMEM;
+        data = malloc(sizeof(krb5_enctype));
+        if (data == NULL) {
+            free(ret);
+            return ENOMEM;
+        }
+        ret->data = data;
+        ret->length = sizeof(krb5_enctype);
+        eptr = (krb5_enctype *)data;
+        *eptr = *rock->etype;
+        *retdata = ret;
+        return 0;
+    }
+    break;
     case krb5plugin_preauth_client_free_etype:
-	ret = *retdata;
-	if (ret == NULL)
-	    return 0;
-	if (ret->data)
-	    free(ret->data);
-	free(ret);
-	return 0;
-	break;
+        ret = *retdata;
+        if (ret == NULL)
+            return 0;
+        if (ret->data)
+            free(ret->data);
+        free(ret);
+        return 0;
+        break;
     case krb5plugin_preauth_client_fast_armor: {
-	krb5_keyblock *key = NULL;
-	ret = calloc(1, sizeof(krb5_data));
-	if (ret == NULL)
-	    return ENOMEM;
-	retval = 0;
-	if (rock->fast_state->armor_key)
-	    retval = krb5_copy_keyblock(kcontext, rock->fast_state->armor_key,
-					&key);
-	if (retval == 0) {
-	    ret->data = (char *) key;
-	    ret->length = key?sizeof(krb5_keyblock):0;
-	    key = NULL;
-	}
-	if (retval == 0) {
-	    *retdata = ret;
-	    ret = NULL;
-	}
-	if (ret)
-	    free(ret);
-	return retval;
+        krb5_keyblock *key = NULL;
+        ret = calloc(1, sizeof(krb5_data));
+        if (ret == NULL)
+            return ENOMEM;
+        retval = 0;
+        if (rock->fast_state->armor_key)
+            retval = krb5_copy_keyblock(kcontext, rock->fast_state->armor_key,
+                                        &key);
+        if (retval == 0) {
+            ret->data = (char *) key;
+            ret->length = key?sizeof(krb5_keyblock):0;
+            key = NULL;
+        }
+        if (retval == 0) {
+            *retdata = ret;
+            ret = NULL;
+        }
+        if (ret)
+            free(ret);
+        return retval;
     }
     case krb5plugin_preauth_client_free_fast_armor:
-	ret = *retdata;
-	if (ret) {
-	    if (ret->data)
-		krb5_free_keyblock(kcontext, (krb5_keyblock *) ret->data);
-	    free(ret);
-	    *retdata = NULL;
-	}
-	return 0;
-		default:
-	return EINVAL;
+        ret = *retdata;
+        if (ret) {
+            if (ret->data)
+                krb5_free_keyblock(kcontext, (krb5_keyblock *) ret->data);
+            free(ret);
+            *retdata = NULL;
+        }
+        return 0;
+    default:
+        return EINVAL;
     }
 }
 
@@ -499,25 +500,25 @@ client_data_proc(krb5_context kcontext,
  * involved things. */
 void KRB5_CALLCONV
 krb5_preauth_prepare_request(krb5_context kcontext,
-			     krb5_gic_opt_ext *opte,
-			     krb5_kdc_req *request)
+                             krb5_gic_opt_ext *opte,
+                             krb5_kdc_req *request)
 {
     int i, j;
 
     if (kcontext->preauth_context == NULL) {
-	return;
+        return;
     }
     /* Add the module-specific enctype list to the request, but only if
      * it's something we can safely modify. */
     if (!(opte && (opte->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST))) {
-	for (i = 0; i < kcontext->preauth_context->n_modules; i++) {
-	    if (kcontext->preauth_context->modules[i].enctypes == NULL)
-		continue;
-	    for (j = 0; kcontext->preauth_context->modules[i].enctypes[j] != 0; j++) {
-		grow_ktypes(&request->ktype, &request->nktypes,
-			    kcontext->preauth_context->modules[i].enctypes[j]);
-	    }
-	}
+        for (i = 0; i < kcontext->preauth_context->n_modules; i++) {
+            if (kcontext->preauth_context->modules[i].enctypes == NULL)
+                continue;
+            for (j = 0; kcontext->preauth_context->modules[i].enctypes[j] != 0; j++) {
+                grow_ktypes(&request->ktype, &request->nktypes,
+                            kcontext->preauth_context->modules[i].enctypes[j]);
+            }
+        }
     }
 }
 
@@ -526,24 +527,24 @@ krb5_preauth_prepare_request(krb5_context kcontext,
  * they don't generate preauth data), and run it. */
 static krb5_error_code
 krb5_run_preauth_plugins(krb5_context kcontext,
-			 int module_required_flags,
-			 krb5_kdc_req *request,
-			 krb5_data *encoded_request_body,
-			 krb5_data *encoded_previous_request,
-			 krb5_pa_data *in_padata,
-			 krb5_prompter_fct prompter,
-			 void *prompter_data,
-			 preauth_get_as_key_proc gak_fct,
-			 krb5_data *salt,
-			 krb5_data *s2kparams,
-			 void *gak_data,
-			 krb5_preauth_client_rock *get_data_rock,
-			 krb5_keyblock *as_key,
-			 krb5_pa_data ***out_pa_list,
-			 int *out_pa_list_size,
-			 int *module_ret,
-			 int *module_flags,
-			 krb5_gic_opt_ext *opte)
+                         int module_required_flags,
+                         krb5_kdc_req *request,
+                         krb5_data *encoded_request_body,
+                         krb5_data *encoded_previous_request,
+                         krb5_pa_data *in_padata,
+                         krb5_prompter_fct prompter,
+                         void *prompter_data,
+                         preauth_get_as_key_proc gak_fct,
+                         krb5_data *salt,
+                         krb5_data *s2kparams,
+                         void *gak_data,
+                         krb5_preauth_client_rock *get_data_rock,
+                         krb5_keyblock *as_key,
+                         krb5_pa_data ***out_pa_list,
+                         int *out_pa_list_size,
+                         int *module_ret,
+                         int *module_flags,
+                         krb5_gic_opt_ext *opte)
 {
     int i;
     krb5_pa_data **out_pa_data;
@@ -551,64 +552,64 @@ krb5_run_preauth_plugins(krb5_context kcontext,
     struct _krb5_preauth_context_module *module;
 
     if (kcontext->preauth_context == NULL) {
-	return ENOENT;
+        return ENOENT;
     }
     /* iterate over all loaded modules */
     for (i = 0; i < kcontext->preauth_context->n_modules; i++) {
-	module = &kcontext->preauth_context->modules[i];
-	/* skip over those which don't match the preauth type */
-	if (module->pa_type != in_padata->pa_type)
-	    continue;
-	/* skip over those which don't match the flags (INFO vs REAL, mainly) */
-	if ((module->flags & module_required_flags) == 0)
-	    continue;
-	/* if it's a REAL module, try to call it only once per library call */
-	if (module_required_flags & PA_REAL) {
-	    if (module->use_count > 0) {
+        module = &kcontext->preauth_context->modules[i];
+        /* skip over those which don't match the preauth type */
+        if (module->pa_type != in_padata->pa_type)
+            continue;
+        /* skip over those which don't match the flags (INFO vs REAL, mainly) */
+        if ((module->flags & module_required_flags) == 0)
+            continue;
+        /* if it's a REAL module, try to call it only once per library call */
+        if (module_required_flags & PA_REAL) {
+            if (module->use_count > 0) {
 #ifdef DEBUG
-		fprintf(stderr, "skipping already-used module \"%s\"(%d)\n",
-			module->name, module->pa_type);
+                fprintf(stderr, "skipping already-used module \"%s\"(%d)\n",
+                        module->name, module->pa_type);
 #endif
-		continue;
-	    }
-	    module->use_count++;
-	}
-	/* run the module's callback function */
-	out_pa_data = NULL;
+                continue;
+            }
+            module->use_count++;
+        }
+        /* run the module's callback function */
+        out_pa_data = NULL;
 #ifdef DEBUG
-	fprintf(stderr, "using module \"%s\" (%d), flags = %d\n",
-		module->name, module->pa_type, module->flags);
+        fprintf(stderr, "using module \"%s\" (%d), flags = %d\n",
+                module->name, module->pa_type, module->flags);
 #endif
-	ret = module->client_process(kcontext,
-				     module->plugin_context,
-				     *module->request_context_pp,
-				     (krb5_get_init_creds_opt *)opte,
-				     client_data_proc,
-				     get_data_rock,
-				     request,
-				     encoded_request_body,
-				     encoded_previous_request,
-				     in_padata,
-				     prompter, prompter_data,
-				     gak_fct, gak_data, salt, s2kparams,
-				     as_key,
-				     &out_pa_data);
-	/* Make note of the module's flags and status. */
-	*module_flags = module->flags;
-	*module_ret = ret;
-	/* Save the new preauth data item. */
-	if (out_pa_data != NULL) {
-	    int j;
-	    for (j = 0; out_pa_data[j] != NULL; j++);
-	    ret = grow_pa_list(out_pa_list, out_pa_list_size, out_pa_data, j);
-	    free(out_pa_data);
-	    if (ret != 0)
-		return ret;
-	}
-	break;
+        ret = module->client_process(kcontext,
+                                     module->plugin_context,
+                                     *module->request_context_pp,
+                                     (krb5_get_init_creds_opt *)opte,
+                                     client_data_proc,
+                                     get_data_rock,
+                                     request,
+                                     encoded_request_body,
+                                     encoded_previous_request,
+                                     in_padata,
+                                     prompter, prompter_data,
+                                     gak_fct, gak_data, salt, s2kparams,
+                                     as_key,
+                                     &out_pa_data);
+        /* Make note of the module's flags and status. */
+        *module_flags = module->flags;
+        *module_ret = ret;
+        /* Save the new preauth data item. */
+        if (out_pa_data != NULL) {
+            int j;
+            for (j = 0; out_pa_data[j] != NULL; j++);
+            ret = grow_pa_list(out_pa_list, out_pa_list_size, out_pa_data, j);
+            free(out_pa_data);
+            if (ret != 0)
+                return ret;
+        }
+        break;
     }
     if (i >= kcontext->preauth_context->n_modules) {
-	return ENOENT;
+        return ENOENT;
     }
     return 0;
 }
@@ -625,14 +626,14 @@ padata2data(krb5_pa_data p)
 
 static
 krb5_error_code pa_salt(krb5_context context,
-			krb5_kdc_req *request,
-			krb5_pa_data *in_padata,
-			krb5_pa_data **out_padata,
-			krb5_data *salt, krb5_data *s2kparams,
-			krb5_enctype *etype,
-			krb5_keyblock *as_key,
-			krb5_prompter_fct prompter, void *prompter_data,
-			krb5_gic_get_as_key_fct gak_fct, void *gak_data)
+                        krb5_kdc_req *request,
+                        krb5_pa_data *in_padata,
+                        krb5_pa_data **out_padata,
+                        krb5_data *salt, krb5_data *s2kparams,
+                        krb5_enctype *etype,
+                        krb5_keyblock *as_key,
+                        krb5_prompter_fct prompter, void *prompter_data,
+                        krb5_gic_get_as_key_fct gak_fct, void *gak_data)
 {
     krb5_data tmp;
     krb5_error_code retval;
@@ -641,36 +642,36 @@ krb5_error_code pa_salt(krb5_context context,
     krb5_free_data_contents(context, salt);
     retval = krb5int_copy_data_contents(context, &tmp, salt);
     if (retval)
-	return retval;
+        return retval;
 
     if (in_padata->pa_type == KRB5_PADATA_AFS3_SALT)
-	salt->length = SALT_TYPE_AFS_LENGTH;
+        salt->length = SALT_TYPE_AFS_LENGTH;
 
     return(0);
 }
 
 static
 krb5_error_code pa_fx_cookie(krb5_context context,
-				 krb5_kdc_req *request,
-				 krb5_pa_data *in_padata,
-				 krb5_pa_data **out_padata,
-				 krb5_data *salt,
-				 krb5_data *s2kparams,
-				 krb5_enctype *etype,
-				 krb5_keyblock *as_key,
-				 krb5_prompter_fct prompter,
-				 void *prompter_data,
-				 krb5_gic_get_as_key_fct gak_fct,
-				 void *gak_data)
+                             krb5_kdc_req *request,
+                             krb5_pa_data *in_padata,
+                             krb5_pa_data **out_padata,
+                             krb5_data *salt,
+                             krb5_data *s2kparams,
+                             krb5_enctype *etype,
+                             krb5_keyblock *as_key,
+                             krb5_prompter_fct prompter,
+                             void *prompter_data,
+                             krb5_gic_get_as_key_fct gak_fct,
+                             void *gak_data)
 {
     krb5_pa_data *pa = calloc(1, sizeof(krb5_pa_data));
     krb5_octet *contents;
     if (pa == NULL)
-	return ENOMEM;
+        return ENOMEM;
     contents = malloc(in_padata->length);
     if (contents == NULL) {
-	free(pa);
-	return ENOMEM;
+        free(pa);
+        return ENOMEM;
     }
     *pa = *in_padata;
     pa->contents = contents;
@@ -681,68 +682,68 @@ krb5_error_code pa_fx_cookie(krb5_context context,
 
 static
 krb5_error_code pa_enc_timestamp(krb5_context context,
-				 krb5_kdc_req *request,
-				 krb5_pa_data *in_padata,
-				 krb5_pa_data **out_padata,
-				 krb5_data *salt,
-				 krb5_data *s2kparams,
-				 krb5_enctype *etype,
-				 krb5_keyblock *as_key,
-				 krb5_prompter_fct prompter,
-				 void *prompter_data,
-				 krb5_gic_get_as_key_fct gak_fct,
-				 void *gak_data)
+                                 krb5_kdc_req *request,
+                                 krb5_pa_data *in_padata,
+                                 krb5_pa_data **out_padata,
+                                 krb5_data *salt,
+                                 krb5_data *s2kparams,
+                                 krb5_enctype *etype,
+                                 krb5_keyblock *as_key,
+                                 krb5_prompter_fct prompter,
+                                 void *prompter_data,
+                                 krb5_gic_get_as_key_fct gak_fct,
+                                 void *gak_data)
 {
     krb5_error_code ret;
     krb5_pa_enc_ts pa_enc;
     krb5_data *tmp;
     krb5_enc_data enc_data;
     krb5_pa_data *pa;
-   
+
     if (as_key->length == 0) {
 #ifdef DEBUG
-	fprintf (stderr, "%s:%d: salt len=%d", __FILE__, __LINE__,
-		 salt->length);
-	if ((int) salt->length > 0)
-	    fprintf (stderr, " '%.*s'", salt->length, salt->data);
-	fprintf (stderr, "; *etype=%d request->ktype[0]=%d\n",
-		 *etype, request->ktype[0]);
+        fprintf (stderr, "%s:%d: salt len=%d", __FILE__, __LINE__,
+                 salt->length);
+        if ((int) salt->length > 0)
+            fprintf (stderr, " '%.*s'", salt->length, salt->data);
+        fprintf (stderr, "; *etype=%d request->ktype[0]=%d\n",
+                 *etype, request->ktype[0]);
 #endif
-       if ((ret = ((*gak_fct)(context, request->client,
-			      *etype ? *etype : request->ktype[0],
-			      prompter, prompter_data,
-			      salt, s2kparams, as_key, gak_data))))
-           return(ret);
+        if ((ret = ((*gak_fct)(context, request->client,
+                               *etype ? *etype : request->ktype[0],
+                               prompter, prompter_data,
+                               salt, s2kparams, as_key, gak_data))))
+            return(ret);
     }
 
     /* now get the time of day, and encrypt it accordingly */
 
     if ((ret = krb5_us_timeofday(context, &pa_enc.patimestamp, &pa_enc.pausec)))
-	return(ret);
+        return(ret);
 
     if ((ret = encode_krb5_pa_enc_ts(&pa_enc, &tmp)))
-	return(ret);
+        return(ret);
 
 #ifdef DEBUG
     fprintf (stderr, "key type %d bytes %02x %02x ...\n",
-	     as_key->enctype,
-	     as_key->contents[0], as_key->contents[1]);
+             as_key->enctype,
+             as_key->contents[0], as_key->contents[1]);
 #endif
     ret = krb5_encrypt_helper(context, as_key,
-			      KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS,
-			      tmp, &enc_data);
+                              KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS,
+                              tmp, &enc_data);
 #ifdef DEBUG
     fprintf (stderr, "enc data { type=%d kvno=%d data=%02x %02x ... }\n",
-	     enc_data.enctype, enc_data.kvno,
-	     0xff & enc_data.ciphertext.data[0],
-	     0xff & enc_data.ciphertext.data[1]);
+             enc_data.enctype, enc_data.kvno,
+             0xff & enc_data.ciphertext.data[0],
+             0xff & enc_data.ciphertext.data[1]);
 #endif
 
     krb5_free_data(context, tmp);
 
     if (ret) {
-	free(enc_data.ciphertext.data);
-	return(ret);
+        free(enc_data.ciphertext.data);
+        return(ret);
     }
 
     ret = encode_krb5_enc_data(&enc_data, &tmp);
@@ -750,11 +751,11 @@ krb5_error_code pa_enc_timestamp(krb5_context context,
     free(enc_data.ciphertext.data);
 
     if (ret)
-	return(ret);
+        return(ret);
 
     if ((pa = (krb5_pa_data *) malloc(sizeof(krb5_pa_data))) == NULL) {
-	krb5_free_data(context, tmp);
-	return(ENOMEM);
+        krb5_free_data(context, tmp);
+        return(ENOMEM);
     }
 
     pa->magic = KV5M_PA_DATA;
@@ -769,38 +770,38 @@ krb5_error_code pa_enc_timestamp(krb5_context context,
     return(0);
 }
 
-static 
+static
 char *sam_challenge_banner(krb5_int32 sam_type)
 {
     char *label;
 
     switch (sam_type) {
-    case PA_SAM_TYPE_ENIGMA:	/* Enigma Logic */
-	label = "Challenge for Enigma Logic mechanism";
-	break;
+    case PA_SAM_TYPE_ENIGMA:    /* Enigma Logic */
+        label = "Challenge for Enigma Logic mechanism";
+        break;
     case PA_SAM_TYPE_DIGI_PATH: /*  Digital Pathways */
     case PA_SAM_TYPE_DIGI_PATH_HEX: /*  Digital Pathways */
-	label = "Challenge for Digital Pathways mechanism";
-	break;
+        label = "Challenge for Digital Pathways mechanism";
+        break;
     case PA_SAM_TYPE_ACTIVCARD_DEC: /*  Digital Pathways */
     case PA_SAM_TYPE_ACTIVCARD_HEX: /*  Digital Pathways */
-	label = "Challenge for Activcard mechanism";
-	break;
-    case PA_SAM_TYPE_SKEY_K0:	/*  S/key where  KDC has key 0 */
-	label = "Challenge for Enhanced S/Key mechanism";
-	break;
-    case PA_SAM_TYPE_SKEY:	/*  Traditional S/Key */
-	label = "Challenge for Traditional S/Key mechanism";
-	break;
-    case PA_SAM_TYPE_SECURID:	/*  Security Dynamics */
-	label = "Challenge for Security Dynamics mechanism";
-	break;
-    case PA_SAM_TYPE_SECURID_PREDICT:	/* predictive Security Dynamics */
-	label = "Challenge for Security Dynamics mechanism";
-	break;
+        label = "Challenge for Activcard mechanism";
+        break;
+    case PA_SAM_TYPE_SKEY_K0:   /*  S/key where  KDC has key 0 */
+        label = "Challenge for Enhanced S/Key mechanism";
+        break;
+    case PA_SAM_TYPE_SKEY:      /*  Traditional S/Key */
+        label = "Challenge for Traditional S/Key mechanism";
+        break;
+    case PA_SAM_TYPE_SECURID:   /*  Security Dynamics */
+        label = "Challenge for Security Dynamics mechanism";
+        break;
+    case PA_SAM_TYPE_SECURID_PREDICT:   /* predictive Security Dynamics */
+        label = "Challenge for Security Dynamics mechanism";
+        break;
     default:
-	label = "Challenge from authentication server";
-	break;
+        label = "Challenge from authentication server";
+        break;
     }
 
     return(label);
@@ -808,12 +809,12 @@ char *sam_challenge_banner(krb5_int32 sam_type)
 
 /* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */
 
-#define SAMDATA(kdata, str, maxsize) \
-	(int)((kdata.length)? \
-	      ((((kdata.length)<=(maxsize))?(kdata.length):strlen(str))): \
-	      strlen(str)), \
-	(kdata.length)? \
-	((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str)
+#define SAMDATA(kdata, str, maxsize)                                    \
+    (int)((kdata.length)?                                               \
+          ((((kdata.length)<=(maxsize))?(kdata.length):strlen(str))):   \
+          strlen(str)),                                                 \
+        (kdata.length)?                                                 \
+        ((((kdata.length)<=(maxsize))?(kdata.data):(str))):(str)
 
 /* XXX Danger! This code is not in sync with the kerberos-password-02
    draft.  This draft cannot be implemented as written.  This code is
@@ -821,82 +822,82 @@ char *sam_challenge_banner(krb5_int32 sam_type)
 
 static
 krb5_error_code pa_sam(krb5_context context,
-		       krb5_kdc_req *request,
-		       krb5_pa_data *in_padata,
-		       krb5_pa_data **out_padata,
-		       krb5_data *salt,
-		       krb5_data *s2kparams,
-		       krb5_enctype *etype,
-		       krb5_keyblock *as_key,
-		       krb5_prompter_fct prompter,
-		       void *prompter_data,
-		       krb5_gic_get_as_key_fct gak_fct,
-		       void *gak_data)
+                       krb5_kdc_req *request,
+                       krb5_pa_data *in_padata,
+                       krb5_pa_data **out_padata,
+                       krb5_data *salt,
+                       krb5_data *s2kparams,
+                       krb5_enctype *etype,
+                       krb5_keyblock *as_key,
+                       krb5_prompter_fct prompter,
+                       void *prompter_data,
+                       krb5_gic_get_as_key_fct gak_fct,
+                       void *gak_data)
 {
-    krb5_error_code		ret;
-    krb5_data			tmpsam;
-    char			name[100], banner[100];
-    char			prompt[100], response[100];
-    krb5_data			response_data;
-    krb5_prompt			kprompt;
-    krb5_prompt_type		prompt_type;
-    krb5_data			defsalt;
-    krb5_sam_challenge		*sam_challenge = 0;
-    krb5_sam_response		sam_response;
+    krb5_error_code             ret;
+    krb5_data                   tmpsam;
+    char                        name[100], banner[100];
+    char                        prompt[100], response[100];
+    krb5_data                   response_data;
+    krb5_prompt                 kprompt;
+    krb5_prompt_type            prompt_type;
+    krb5_data                   defsalt;
+    krb5_sam_challenge          *sam_challenge = 0;
+    krb5_sam_response           sam_response;
     /* these two get encrypted and stuffed in to sam_response */
-    krb5_enc_sam_response_enc	enc_sam_response_enc;
-    krb5_data *			scratch;
-    krb5_pa_data *		pa;
+    krb5_enc_sam_response_enc   enc_sam_response_enc;
+    krb5_data *                 scratch;
+    krb5_pa_data *              pa;
 
     if (prompter == NULL)
-	return EIO;
+        return EIO;
 
     tmpsam.length = in_padata->length;
     tmpsam.data = (char *) in_padata->contents;
     if ((ret = decode_krb5_sam_challenge(&tmpsam, &sam_challenge)))
-	return(ret);
+        return(ret);
 
     if (sam_challenge->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) {
-	krb5_free_sam_challenge(context, sam_challenge);
-	return(KRB5_SAM_UNSUPPORTED);
+        krb5_free_sam_challenge(context, sam_challenge);
+        return(KRB5_SAM_UNSUPPORTED);
     }
 
-    /* If we need the password from the user (USE_SAD_AS_KEY not set),	*/
-    /* then get it here.  Exception for "old" KDCs with CryptoCard 	*/
-    /* support which uses the USE_SAD_AS_KEY flag, but still needs pwd	*/ 
+    /* If we need the password from the user (USE_SAD_AS_KEY not set),  */
+    /* then get it here.  Exception for "old" KDCs with CryptoCard      */
+    /* support which uses the USE_SAD_AS_KEY flag, but still needs pwd  */
 
     if (!(sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) ||
-	(sam_challenge->sam_type == PA_SAM_TYPE_CRYPTOCARD)) {
+        (sam_challenge->sam_type == PA_SAM_TYPE_CRYPTOCARD)) {
 
-	/* etype has either been set by caller or by KRB5_PADATA_ETYPE_INFO */
-	/* message from the KDC.  If it is not set, pick an enctype that we */
-	/* think the KDC will have for us.				    */
+        /* etype has either been set by caller or by KRB5_PADATA_ETYPE_INFO */
+        /* message from the KDC.  If it is not set, pick an enctype that we */
+        /* think the KDC will have for us.                                  */
 
-	if (*etype == 0)
-	   *etype = ENCTYPE_DES_CBC_CRC;
+        if (*etype == 0)
+            *etype = ENCTYPE_DES_CBC_CRC;
 
-	if ((ret = (gak_fct)(context, request->client, *etype, prompter,
-			     prompter_data, salt, s2kparams, as_key,
-			     gak_data))) {
-	    krb5_free_sam_challenge(context, sam_challenge);
-	    return(ret);
-	}
+        if ((ret = (gak_fct)(context, request->client, *etype, prompter,
+                             prompter_data, salt, s2kparams, as_key,
+                             gak_data))) {
+            krb5_free_sam_challenge(context, sam_challenge);
+            return(ret);
+        }
     }
     snprintf(name, sizeof(name), "%.*s",
-	     SAMDATA(sam_challenge->sam_type_name, "SAM Authentication",
-		     sizeof(name) - 1));
+             SAMDATA(sam_challenge->sam_type_name, "SAM Authentication",
+                     sizeof(name) - 1));
 
     snprintf(banner, sizeof(banner), "%.*s",
-	     SAMDATA(sam_challenge->sam_challenge_label,
-		     sam_challenge_banner(sam_challenge->sam_type),
-		     sizeof(banner)-1));
+             SAMDATA(sam_challenge->sam_challenge_label,
+                     sam_challenge_banner(sam_challenge->sam_type),
+                     sizeof(banner)-1));
 
     /* sprintf(prompt, "Challenge is [%s], %s: ", challenge, prompt); */
     snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s",
-	     sam_challenge->sam_challenge.length?"Challenge is [":"",
-	     SAMDATA(sam_challenge->sam_challenge, "", 20),
-	     sam_challenge->sam_challenge.length?"], ":"",
-	     SAMDATA(sam_challenge->sam_response_prompt, "passcode", 55));
+             sam_challenge->sam_challenge.length?"Challenge is [":"",
+             SAMDATA(sam_challenge->sam_challenge, "", 20),
+             sam_challenge->sam_challenge.length?"], ":"",
+             SAMDATA(sam_challenge->sam_response_prompt, "passcode", 55));
 
     response_data.data = response;
     response_data.length = sizeof(response);
@@ -909,115 +910,115 @@ krb5_error_code pa_sam(krb5_context context,
     /* PROMPTER_INVOCATION */
     krb5int_set_prompt_types(context, &prompt_type);
     if ((ret = ((*prompter)(context, prompter_data, name,
-			   banner, 1, &kprompt)))) {
-	krb5_free_sam_challenge(context, sam_challenge);
-	krb5int_set_prompt_types(context, 0);
-	return(ret);
+                            banner, 1, &kprompt)))) {
+        krb5_free_sam_challenge(context, sam_challenge);
+        krb5int_set_prompt_types(context, 0);
+        return(ret);
     }
     krb5int_set_prompt_types(context, 0);
 
     enc_sam_response_enc.sam_nonce = sam_challenge->sam_nonce;
     if (sam_challenge->sam_nonce == 0) {
-	if ((ret = krb5_us_timeofday(context, 
-				&enc_sam_response_enc.sam_timestamp,
-				&enc_sam_response_enc.sam_usec))) {
-	    krb5_free_sam_challenge(context,sam_challenge);
-	    return(ret);
-	}
+        if ((ret = krb5_us_timeofday(context,
+                                     &enc_sam_response_enc.sam_timestamp,
+                                     &enc_sam_response_enc.sam_usec))) {
+            krb5_free_sam_challenge(context,sam_challenge);
+            return(ret);
+        }
 
-	sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp;
+        sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp;
     }
 
     /* XXX What if more than one flag is set?  */
     if (sam_challenge->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
 
-	/* Most of this should be taken care of before we get here.  We	*/
-	/* will need the user's password and as_key to encrypt the SAD	*/
-	/* and we want to preserve ordering of user prompts (first	*/
-	/* password, then SAM data) so that user's won't be confused.	*/
+        /* Most of this should be taken care of before we get here.  We */
+        /* will need the user's password and as_key to encrypt the SAD  */
+        /* and we want to preserve ordering of user prompts (first      */
+        /* password, then SAM data) so that user's won't be confused.   */
 
-	if (as_key->length) {
-	    krb5_free_keyblock_contents(context, as_key);
-	    as_key->length = 0;
-	}
+        if (as_key->length) {
+            krb5_free_keyblock_contents(context, as_key);
+            as_key->length = 0;
+        }
 
-	/* generate a salt using the requested principal */
+        /* generate a salt using the requested principal */
 
-	if ((salt->length == -1 || salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) {
-	    if ((ret = krb5_principal2salt(context, request->client,
-					  &defsalt))) {
-		krb5_free_sam_challenge(context, sam_challenge);
-		return(ret);
-	    }
+        if ((salt->length == -1 || salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) {
+            if ((ret = krb5_principal2salt(context, request->client,
+                                           &defsalt))) {
+                krb5_free_sam_challenge(context, sam_challenge);
+                return(ret);
+            }
 
-	    salt = &defsalt;
-	} else {
-	    defsalt.length = 0;
-	}
+            salt = &defsalt;
+        } else {
+            defsalt.length = 0;
+        }
 
-	/* generate a key using the supplied password */
+        /* generate a key using the supplied password */
 
-	ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
-				   (krb5_data *)gak_data, salt, as_key);
+        ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
+                                   (krb5_data *)gak_data, salt, as_key);
 
-	if (defsalt.length)
-	    free(defsalt.data);
+        if (defsalt.length)
+            free(defsalt.data);
 
-	if (ret) {
-	    krb5_free_sam_challenge(context, sam_challenge);
-	    return(ret);
-	}
+        if (ret) {
+            krb5_free_sam_challenge(context, sam_challenge);
+            return(ret);
+        }
 
-	/* encrypt the passcode with the key from above */
+        /* encrypt the passcode with the key from above */
 
-	enc_sam_response_enc.sam_sad = response_data;
+        enc_sam_response_enc.sam_sad = response_data;
     } else if (sam_challenge->sam_flags & KRB5_SAM_USE_SAD_AS_KEY) {
 
-	/* process the key as password */
+        /* process the key as password */
 
-	if (as_key->length) {
-	    krb5_free_keyblock_contents(context, as_key);
-	    as_key->length = 0;
-	}
+        if (as_key->length) {
+            krb5_free_keyblock_contents(context, as_key);
+            as_key->length = 0;
+        }
 
 #if 0
-	if ((salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) {
-	    if (ret = krb5_principal2salt(context, request->client,
-					  &defsalt)) {
-		krb5_free_sam_challenge(context, sam_challenge);
-		return(ret);
-	    }
-
-	    salt = &defsalt;
-	} else {
-	    defsalt.length = 0;
-	}
+        if ((salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) {
+            if (ret = krb5_principal2salt(context, request->client,
+                                          &defsalt)) {
+                krb5_free_sam_challenge(context, sam_challenge);
+                return(ret);
+            }
+
+            salt = &defsalt;
+        } else {
+            defsalt.length = 0;
+        }
 #else
-	defsalt.length = 0;
-	salt = NULL;
+        defsalt.length = 0;
+        salt = NULL;
 #endif
-	    
-	/* XXX As of the passwords-04 draft, no enctype is specified,
-	   the server uses ENCTYPE_DES_CBC_MD5. In the future the
-	   server should send a PA-SAM-ETYPE-INFO containing the enctype. */
 
-	ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
-				   &response_data, salt, as_key);
+        /* XXX As of the passwords-04 draft, no enctype is specified,
+           the server uses ENCTYPE_DES_CBC_MD5. In the future the
+           server should send a PA-SAM-ETYPE-INFO containing the enctype. */
+
+        ret = krb5_c_string_to_key(context, ENCTYPE_DES_CBC_MD5,
+                                   &response_data, salt, as_key);
 
-	if (defsalt.length)
-	    free(defsalt.data);
+        if (defsalt.length)
+            free(defsalt.data);
 
-	if (ret) {
-	    krb5_free_sam_challenge(context, sam_challenge);
-	    return(ret);
-	}
+        if (ret) {
+            krb5_free_sam_challenge(context, sam_challenge);
+            return(ret);
+        }
 
-	enc_sam_response_enc.sam_sad.length = 0;
+        enc_sam_response_enc.sam_sad.length = 0;
     } else {
-	/* Eventually, combine SAD with long-term key to get
-	   encryption key.  */
-	krb5_free_sam_challenge(context, sam_challenge);
-	return KRB5_PREAUTH_BAD_TYPE;
+        /* Eventually, combine SAD with long-term key to get
+           encryption key.  */
+        krb5_free_sam_challenge(context, sam_challenge);
+        return KRB5_PREAUTH_BAD_TYPE;
     }
 
     /* copy things from the challenge */
@@ -1031,26 +1032,26 @@ krb5_error_code pa_sam(krb5_context context,
 
     /* encode the encoded part of the response */
     if ((ret = encode_krb5_enc_sam_response_enc(&enc_sam_response_enc,
-						&scratch)))
-	return(ret);
+                                                &scratch)))
+        return(ret);
 
     ret = krb5_encrypt_data(context, as_key, 0, scratch,
-			    &sam_response.sam_enc_nonce_or_ts);
+                            &sam_response.sam_enc_nonce_or_ts);
 
     krb5_free_data(context, scratch);
 
     if (ret)
-	return(ret);
+        return(ret);
 
     /* sam_enc_key is reserved for future use */
     sam_response.sam_enc_key.ciphertext.length = 0;
 
     if ((pa = malloc(sizeof(krb5_pa_data))) == NULL)
-	return(ENOMEM);
+        return(ENOMEM);
 
     if ((ret = encode_krb5_sam_response(&sam_response, &scratch))) {
-	free(pa);
-	return(ret);
+        free(pa);
+        return(ret);
     }
 
     pa->magic = KV5M_PA_DATA;
@@ -1066,7 +1067,7 @@ krb5_error_code pa_sam(krb5_context context,
 }
 
 #if APPLE_PKINIT
-/* 
+/*
  * PKINIT. One function to generate AS-REQ, one to parse AS-REP
  */
 #define  PKINIT_DEBUG    0
@@ -1081,32 +1082,32 @@ static krb5_error_code pa_pkinit_gen_req(
     krb5_kdc_req *request,
     krb5_pa_data *in_padata,
     krb5_pa_data **out_padata,
-    krb5_data *salt, 
+    krb5_data *salt,
     krb5_data *s2kparams,
     krb5_enctype *etype,
     krb5_keyblock *as_key,
-    krb5_prompter_fct prompter, 
+    krb5_prompter_fct prompter,
     void *prompter_data,
-    krb5_gic_get_as_key_fct gak_fct, 
+    krb5_gic_get_as_key_fct gak_fct,
     void *gak_data)
 {
-    krb5_error_code		krtn;
-    krb5_data			out_data = {0, 0, NULL};
-    krb5_timestamp		kctime = 0;
-    krb5_int32			cusec = 0;
-    krb5_ui_4			nonce = 0;
-    krb5_checksum		cksum;
-    krb5_pkinit_signing_cert_t	client_cert;
-    krb5_data			*der_req = NULL;
-    char			*client_principal = NULL;
-    char			*server_principal = NULL;
-    unsigned char		nonce_bytes[4];
-    krb5_data			nonce_data = {0, 4, (char *)nonce_bytes};
-    int				dex;
-
-    /* 
+    krb5_error_code             krtn;
+    krb5_data                   out_data = {0, 0, NULL};
+    krb5_timestamp              kctime = 0;
+    krb5_int32                  cusec = 0;
+    krb5_ui_4                   nonce = 0;
+    krb5_checksum               cksum;
+    krb5_pkinit_signing_cert_t  client_cert;
+    krb5_data                   *der_req = NULL;
+    char                        *client_principal = NULL;
+    char                        *server_principal = NULL;
+    unsigned char               nonce_bytes[4];
+    krb5_data                   nonce_data = {0, 4, (char *)nonce_bytes};
+    int                         dex;
+
+    /*
      * Trusted CA list and specific KC cert optionally obtained via
-     * krb5_pkinit_get_server_certs(). All are DER-encoded certs. 
+     * krb5_pkinit_get_server_certs(). All are DER-encoded certs.
      */
     krb5_data *trusted_CAs = NULL;
     krb5_ui_4 num_trusted_CAs;
@@ -1116,72 +1117,72 @@ static krb5_error_code pa_pkinit_gen_req(
 
     /* If we don't have a client cert, we're done */
     if(request->client == NULL) {
-	kdcPkinitDebug("No request->client; aborting PKINIT\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        kdcPkinitDebug("No request->client; aborting PKINIT\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     krtn = krb5_unparse_name(context, request->client, &client_principal);
     if(krtn) {
-	return krtn;
+        return krtn;
     }
     krtn = krb5_pkinit_get_client_cert(client_principal, &client_cert);
     free(client_principal);
     if(krtn) {
-	kdcPkinitDebug("No client cert; aborting PKINIT\n");
-	return krtn;
+        kdcPkinitDebug("No client cert; aborting PKINIT\n");
+        return krtn;
     }
-	
+
     /* optional platform-dependent CA list and KDC cert */
     krtn = krb5_unparse_name(context, request->server, &server_principal);
     if(krtn) {
-	goto cleanup;
+        goto cleanup;
     }
     krtn = krb5_pkinit_get_server_certs(client_principal, server_principal,
-	&trusted_CAs, &num_trusted_CAs, &kdc_cert);
+                                        &trusted_CAs, &num_trusted_CAs, &kdc_cert);
     if(krtn) {
-	goto cleanup;
+        goto cleanup;
     }
-    
+
     /* checksum of the encoded KDC-REQ-BODY */
     krtn = encode_krb5_kdc_req_body(request, &der_req);
     if(krtn) {
-	kdcPkinitDebug("encode_krb5_kdc_req_body returned %d\n", (int)krtn);
-	goto cleanup;
+        kdcPkinitDebug("encode_krb5_kdc_req_body returned %d\n", (int)krtn);
+        goto cleanup;
     }
     krtn = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL, 0, der_req, &cksum);
     if(krtn) {
-	goto cleanup;
+        goto cleanup;
     }
 
     krtn = krb5_us_timeofday(context, &kctime, &cusec);
     if(krtn) {
-	goto cleanup;
+        goto cleanup;
     }
-    
+
     /* cook up a random 4-byte nonce */
     krtn = krb5_c_random_make_octets(context, &nonce_data);
     if(krtn) {
-	goto cleanup;
+        goto cleanup;
     }
     for(dex=0; dex<4; dex++) {
-	nonce <<= 8;
-	nonce |= nonce_bytes[dex];
+        nonce <<= 8;
+        nonce |= nonce_bytes[dex];
     }
 
-    krtn = krb5int_pkinit_as_req_create(context, 
-	kctime, cusec, nonce, &cksum,
-	client_cert, 
-	trusted_CAs, num_trusted_CAs, 
-	(kdc_cert.data ? &kdc_cert : NULL),
-	&out_data);
+    krtn = krb5int_pkinit_as_req_create(context,
+                                        kctime, cusec, nonce, &cksum,
+                                        client_cert,
+                                        trusted_CAs, num_trusted_CAs,
+                                        (kdc_cert.data ? &kdc_cert : NULL),
+                                        &out_data);
     if(krtn) {
-	kdcPkinitDebug("error %d on pkinit_as_req_create; aborting PKINIT\n", (int)krtn);
-	goto cleanup;
+        kdcPkinitDebug("error %d on pkinit_as_req_create; aborting PKINIT\n", (int)krtn);
+        goto cleanup;
     }
     *out_padata = (krb5_pa_data *)malloc(sizeof(krb5_pa_data));
     if(*out_padata == NULL) {
-	krtn = ENOMEM;
-	free(out_data.data);
-	goto cleanup;
+        krtn = ENOMEM;
+        free(out_data.data);
+        goto cleanup;
     }
     (*out_padata)->magic = KV5M_PA_DATA;
     (*out_padata)->pa_type = KRB5_PADATA_PK_AS_REQ;
@@ -1190,27 +1191,27 @@ static krb5_error_code pa_pkinit_gen_req(
     krtn = 0;
 cleanup:
     if(client_cert) {
-	krb5_pkinit_release_cert(client_cert);
+        krb5_pkinit_release_cert(client_cert);
     }
     if(cksum.contents) {
-	free(cksum.contents);
+        free(cksum.contents);
     }
     if (der_req) {
-	krb5_free_data(context, der_req);
+        krb5_free_data(context, der_req);
     }
     if(server_principal) {
-	free(server_principal);
+        free(server_principal);
     }
     /* free data mallocd by krb5_pkinit_get_server_certs() */
     if(trusted_CAs) {
-	unsigned udex;
-	for(udex=0; udex<num_trusted_CAs; udex++) {
-	    free(trusted_CAs[udex].data);
-	}
-	free(trusted_CAs);
+        unsigned udex;
+        for(udex=0; udex<num_trusted_CAs; udex++) {
+            free(trusted_CAs[udex].data);
+        }
+        free(trusted_CAs);
     }
     if(kdc_cert.data) {
-	free(kdc_cert.data);
+        free(kdc_cert.data);
     }
     return krtn;
 
@@ -1234,17 +1235,17 @@ static krb5_boolean local_kdc_cert_match(
 
     if (client->realm.length <= sizeof(lkdcprefix) ||
         0 != memcmp(lkdcprefix, client->realm.data, sizeof(lkdcprefix)-1))
-	return match;
+        return match;
     realm_hash = &client->realm.data[sizeof(lkdcprefix)-1];
     realm_hash_len = client->realm.length - sizeof(lkdcprefix) + 1;
     kdcPkinitDebug("checking realm versus certificate hash\n");
     if (NULL != (cert_hash = krb5_pkinit_cert_hash_str(signer_cert))) {
-	kdcPkinitDebug("hash = %s\n", cert_hash);
-	cert_hash_len = strlen(cert_hash);
-	if (cert_hash_len == realm_hash_len &&
-	    0 == memcmp(cert_hash, realm_hash, cert_hash_len))
-	    match = TRUE;
-	free(cert_hash);
+        kdcPkinitDebug("hash = %s\n", cert_hash);
+        cert_hash_len = strlen(cert_hash);
+        if (cert_hash_len == realm_hash_len &&
+            0 == memcmp(cert_hash, realm_hash, cert_hash_len))
+            match = TRUE;
+        free(cert_hash);
     }
     kdcPkinitDebug("result: %s\n", match ? "matches" : "does not match");
     return match;
@@ -1255,125 +1256,125 @@ static krb5_error_code pa_pkinit_parse_rep(
     krb5_kdc_req *request,
     krb5_pa_data *in_padata,
     krb5_pa_data **out_padata,
-    krb5_data *salt, 
+    krb5_data *salt,
     krb5_data *s2kparams,
     krb5_enctype *etype,
     krb5_keyblock *as_key,
-    krb5_prompter_fct prompter, 
+    krb5_prompter_fct prompter,
     void *prompter_data,
-    krb5_gic_get_as_key_fct gak_fct, 
+    krb5_gic_get_as_key_fct gak_fct,
     void *gak_data)
 {
-    krb5int_cert_sig_status	sig_status = (krb5int_cert_sig_status)-999;
-    krb5_error_code		krtn;
-    krb5_data			asRep;
-    krb5_keyblock		local_key = {0};
-    krb5_pkinit_signing_cert_t	client_cert;
-    char			*princ_name = NULL;
-    krb5_checksum		as_req_checksum_rcd = {0};  /* received checksum */
-    krb5_checksum		as_req_checksum_gen = {0};  /* calculated checksum */
-    krb5_data			*encoded_as_req = NULL;
-    krb5_data			signer_cert = {0};
+    krb5int_cert_sig_status     sig_status = (krb5int_cert_sig_status)-999;
+    krb5_error_code             krtn;
+    krb5_data                   asRep;
+    krb5_keyblock               local_key = {0};
+    krb5_pkinit_signing_cert_t  client_cert;
+    char                        *princ_name = NULL;
+    krb5_checksum               as_req_checksum_rcd = {0};  /* received checksum */
+    krb5_checksum               as_req_checksum_gen = {0};  /* calculated checksum */
+    krb5_data                   *encoded_as_req = NULL;
+    krb5_data                   signer_cert = {0};
 
     *out_padata = NULL;
     kdcPkinitDebug("pa_pkinit_parse_rep\n");
     if((in_padata == NULL) || (in_padata->length== 0)) {
-	kdcPkinitDebug("pa_pkinit_parse_rep: no in_padata\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        kdcPkinitDebug("pa_pkinit_parse_rep: no in_padata\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     /* If we don't have a client cert, we're done */
     if(request->client == NULL) {
-	kdcPkinitDebug("No request->client; aborting PKINIT\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        kdcPkinitDebug("No request->client; aborting PKINIT\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     krtn = krb5_unparse_name(context, request->client, &princ_name);
     if(krtn) {
-	return krtn;
+        return krtn;
     }
     krtn = krb5_pkinit_get_client_cert(princ_name, &client_cert);
     free(princ_name);
     if(krtn) {
-	kdcPkinitDebug("No client cert; aborting PKINIT\n");
-	return krtn;
+        kdcPkinitDebug("No client cert; aborting PKINIT\n");
+        return krtn;
     }
-    
+
     memset(&local_key, 0, sizeof(local_key));
     asRep.data = (char *)in_padata->contents;
     asRep.length = in_padata->length;
-    krtn = krb5int_pkinit_as_rep_parse(context, &asRep, client_cert, 
-	&local_key, &as_req_checksum_rcd, &sig_status,
-	&signer_cert, NULL, NULL);
+    krtn = krb5int_pkinit_as_rep_parse(context, &asRep, client_cert,
+                                       &local_key, &as_req_checksum_rcd, &sig_status,
+                                       &signer_cert, NULL, NULL);
     if(krtn) {
-	kdcPkinitDebug("pkinit_as_rep_parse returned %d\n", (int)krtn);
-	return krtn;
+        kdcPkinitDebug("pkinit_as_rep_parse returned %d\n", (int)krtn);
+        return krtn;
     }
     switch(sig_status) {
-	case pki_cs_good:
-	    break;
-	case pki_cs_unknown_root:
-	    if (local_kdc_cert_match(context, &signer_cert, request->client))
-		break;
-	    /* FALLTHROUGH */
-	default:
-	    kdcPkinitDebug("pa_pkinit_parse_rep: bad cert/sig status %d\n", 
-		(int)sig_status);
-	    krtn = KRB5KDC_ERR_PREAUTH_FAILED;
-	    goto error_out;
-    }
-    
-    /* calculate checksum of incoming AS-REQ using the decryption key 
+    case pki_cs_good:
+        break;
+    case pki_cs_unknown_root:
+        if (local_kdc_cert_match(context, &signer_cert, request->client))
+            break;
+        /* FALLTHROUGH */
+    default:
+        kdcPkinitDebug("pa_pkinit_parse_rep: bad cert/sig status %d\n",
+                       (int)sig_status);
+        krtn = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto error_out;
+    }
+
+    /* calculate checksum of incoming AS-REQ using the decryption key
      * we just got from the ReplyKeyPack */
     krtn = encode_krb5_as_req(request, &encoded_as_req);
     if(krtn) {
-	goto error_out;
+        goto error_out;
     }
-    krtn = krb5_c_make_checksum(context, context->kdc_req_sumtype, 
-	&local_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, 
-	encoded_as_req, &as_req_checksum_gen);
+    krtn = krb5_c_make_checksum(context, context->kdc_req_sumtype,
+                                &local_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                encoded_as_req, &as_req_checksum_gen);
     if(krtn) {
-	goto error_out;
+        goto error_out;
     }
     if((as_req_checksum_gen.length != as_req_checksum_rcd.length) ||
        memcmp(as_req_checksum_gen.contents,
-	      as_req_checksum_rcd.contents,
-	      as_req_checksum_gen.length)) {
-	kdcPkinitDebug("pa_pkinit_parse_rep: checksum miscompare\n");
-	krtn = KRB5KDC_ERR_PREAUTH_FAILED;
-	goto error_out;
+              as_req_checksum_rcd.contents,
+              as_req_checksum_gen.length)) {
+        kdcPkinitDebug("pa_pkinit_parse_rep: checksum miscompare\n");
+        krtn = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto error_out;
     }
-    
+
     /* We have the key; transfer to caller */
     if (as_key->length) {
-	krb5_free_keyblock_contents(context, as_key);
+        krb5_free_keyblock_contents(context, as_key);
     }
     *as_key = local_key;
-    
-    #if PKINIT_DEBUG
+
+#if PKINIT_DEBUG
     fprintf(stderr, "pa_pkinit_parse_rep: SUCCESS\n");
     fprintf(stderr, "enctype %d keylen %d keydata %02x %02x %02x %02x...\n",
-	(int)as_key->enctype, (int)as_key->length,
-	as_key->contents[0], as_key->contents[1], 
-	as_key->contents[2], as_key->contents[3]);
-    #endif
-    
+            (int)as_key->enctype, (int)as_key->length,
+            as_key->contents[0], as_key->contents[1],
+            as_key->contents[2], as_key->contents[3]);
+#endif
+
     krtn = 0;
-    
+
 error_out:
     if (signer_cert.data) {
-	    free(signer_cert.data);
+        free(signer_cert.data);
     }
     if(as_req_checksum_rcd.contents) {
-	free(as_req_checksum_rcd.contents);
+        free(as_req_checksum_rcd.contents);
     }
     if(as_req_checksum_gen.contents) {
-	free(as_req_checksum_gen.contents);
+        free(as_req_checksum_gen.contents);
     }
     if(encoded_as_req) {
-	krb5_free_data(context, encoded_as_req);
+        krb5_free_data(context, encoded_as_req);
     }
     if(krtn && (local_key.contents != NULL)) {
-	krb5_free_keyblock_contents(context, &local_key);
+        krb5_free_keyblock_contents(context, &local_key);
     }
     return krtn;
 }
@@ -1381,329 +1382,329 @@ error_out:
 
 static
 krb5_error_code pa_sam_2(krb5_context context,
-				krb5_kdc_req *request,
-				krb5_pa_data *in_padata,
-				krb5_pa_data **out_padata,
-				krb5_data *salt,
-			 krb5_data *s2kparams,
-				krb5_enctype *etype,
-				krb5_keyblock *as_key,
-				krb5_prompter_fct prompter,
-				void *prompter_data,
-				krb5_gic_get_as_key_fct gak_fct,
-				void *gak_data) {
-
-   krb5_error_code retval;
-   krb5_sam_challenge_2 *sc2 = NULL;
-   krb5_sam_challenge_2_body *sc2b = NULL;
-   krb5_data tmp_data;
-   krb5_data response_data;
-   char name[100], banner[100], prompt[100], response[100];
-   krb5_prompt kprompt;
-   krb5_prompt_type prompt_type;
-   krb5_data defsalt;
-   krb5_checksum **cksum;
-   krb5_data *scratch = NULL;
-   krb5_boolean valid_cksum = 0;
-   krb5_enc_sam_response_enc_2 enc_sam_response_enc_2;
-   krb5_sam_response_2 sr2;
-   size_t ciph_len;
-   krb5_pa_data *sam_padata;
-
-   if (prompter == NULL)
-	return KRB5_LIBOS_CANTREADPWD;
-
-   tmp_data.length = in_padata->length;
-   tmp_data.data = (char *)in_padata->contents;
-
-   if ((retval = decode_krb5_sam_challenge_2(&tmp_data, &sc2)))
-	return(retval);
-
-   retval = decode_krb5_sam_challenge_2_body(&sc2->sam_challenge_2_body, &sc2b);
-
-   if (retval) {
-	krb5_free_sam_challenge_2(context, sc2);
-	return(retval);
-   }
-
-   if (!sc2->sam_cksum || ! *sc2->sam_cksum) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	return(KRB5_SAM_NO_CHECKSUM);
-   }
-
-   if (sc2b->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	return(KRB5_SAM_UNSUPPORTED);
-   }
-
-   if (!krb5_c_valid_enctype(sc2b->sam_etype)) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	return(KRB5_SAM_INVALID_ETYPE);
-   }
-
-   /* All of the above error checks are KDC-specific, that is, they	*/
-   /* assume a failure in the KDC reply.  By returning anything other	*/
-   /* than KRB5_KDC_UNREACH, KRB5_PREAUTH_FAILED,		*/
-   /* KRB5_LIBOS_PWDINTR, or KRB5_REALM_CANT_RESOLVE, the client will	*/
-   /* most likely go on to try the AS_REQ against master KDC		*/
-
-   if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
-	/* We will need the password to obtain the key used for	*/
-	/* the checksum, and encryption of the sam_response.	*/
-	/* Go ahead and get it now, preserving the ordering of	*/
-	/* prompts for the user.				*/
-
-	retval = (gak_fct)(context, request->client,
-			sc2b->sam_etype, prompter,
-			prompter_data, salt, s2kparams, as_key, gak_data);
-	if (retval) {
-	   krb5_free_sam_challenge_2(context, sc2);
-	   krb5_free_sam_challenge_2_body(context, sc2b);
-	   return(retval);
-	}
-   }
-
-   snprintf(name, sizeof(name), "%.*s",
-	SAMDATA(sc2b->sam_type_name, "SAM Authentication",
-	sizeof(name) - 1));
-
-   snprintf(banner, sizeof(banner), "%.*s",
-	    SAMDATA(sc2b->sam_challenge_label,
-		    sam_challenge_banner(sc2b->sam_type),
-		    sizeof(banner)-1));
-
-   snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s",
-	    sc2b->sam_challenge.length?"Challenge is [":"",
-	    SAMDATA(sc2b->sam_challenge, "", 20),
-	    sc2b->sam_challenge.length?"], ":"",
-	    SAMDATA(sc2b->sam_response_prompt, "passcode", 55));
-
-   response_data.data = response;
-   response_data.length = sizeof(response);
-   kprompt.prompt = prompt;
-   kprompt.hidden = 1;
-   kprompt.reply = &response_data;
-
-   prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
-   krb5int_set_prompt_types(context, &prompt_type);
-
-   if ((retval = ((*prompter)(context, prompter_data, name,
-				banner, 1, &kprompt)))) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	krb5int_set_prompt_types(context, 0);
-	return(retval);
-   }
-
-   krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL);
-
-   /* Generate salt used by string_to_key() */
-   if ((salt->length == -1) && (salt->data == NULL)) {
-	if ((retval = 
-	     krb5_principal2salt(context, request->client, &defsalt))) {
-	   krb5_free_sam_challenge_2(context, sc2);
-	   krb5_free_sam_challenge_2_body(context, sc2b);
-	   return(retval);
-	}
-	salt = &defsalt;
-   } else {
-	defsalt.length = 0;
-   }
-
-   /* Get encryption key to be used for checksum and sam_response */
-   if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
-	/* as_key = string_to_key(password) */
-
-	if (as_key->length) {
-	   krb5_free_keyblock_contents(context, as_key);
-	   as_key->length = 0;
-	}
-
-	/* generate a key using the supplied password */
-	retval = krb5_c_string_to_key(context, sc2b->sam_etype,
-                                   (krb5_data *)gak_data, salt, as_key);
+                         krb5_kdc_req *request,
+                         krb5_pa_data *in_padata,
+                         krb5_pa_data **out_padata,
+                         krb5_data *salt,
+                         krb5_data *s2kparams,
+                         krb5_enctype *etype,
+                         krb5_keyblock *as_key,
+                         krb5_prompter_fct prompter,
+                         void *prompter_data,
+                         krb5_gic_get_as_key_fct gak_fct,
+                         void *gak_data) {
 
-	if (retval) {
-	   krb5_free_sam_challenge_2(context, sc2);
-	   krb5_free_sam_challenge_2_body(context, sc2b);
-	   if (defsalt.length) free(defsalt.data);
-	   return(retval);
-	}
-
-	if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
-	   /* as_key = combine_key (as_key, string_to_key(SAD)) */
-	   krb5_keyblock tmp_kb;
-
-	   retval = krb5_c_string_to_key(context, sc2b->sam_etype,
-				&response_data, salt, &tmp_kb);
-
-	   if (retval) {
-		krb5_free_sam_challenge_2(context, sc2);
-	        krb5_free_sam_challenge_2_body(context, sc2b);
-		if (defsalt.length) free(defsalt.data);
-		return(retval);
-	   }
-
-	   /* This should be a call to the crypto library some day */
-	   /* key types should already match the sam_etype */
-	   retval = krb5int_c_combine_keys(context, as_key, &tmp_kb, as_key);
-
-	   if (retval) {
-		krb5_free_sam_challenge_2(context, sc2);
-	        krb5_free_sam_challenge_2_body(context, sc2b);
-		if (defsalt.length) free(defsalt.data);
-		return(retval);
-	   }
-	   krb5_free_keyblock_contents(context, &tmp_kb);
-	}
-
-	if (defsalt.length)
-	   free(defsalt.data);
-
-   } else {
-	/* as_key = string_to_key(SAD) */
-
-	if (as_key->length) {
-	   krb5_free_keyblock_contents(context, as_key);
-	   as_key->length = 0;
-	}
-
-	/* generate a key using the supplied password */
-	retval = krb5_c_string_to_key(context, sc2b->sam_etype,
-				&response_data, salt, as_key);
-
-	if (defsalt.length)
-	   free(defsalt.data);
-
-	if (retval) {
-	   krb5_free_sam_challenge_2(context, sc2);
-	   krb5_free_sam_challenge_2_body(context, sc2b);
-	   return(retval);
-	}
-   }
-
-   /* Now we have a key, verify the checksum on the sam_challenge */
-
-   cksum = sc2->sam_cksum;
-   
-   while (*cksum) {
-	/* Check this cksum */
-	retval = krb5_c_verify_checksum(context, as_key,
-			KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
-			&sc2->sam_challenge_2_body,
-			*cksum, &valid_cksum);
-	if (retval) {
-	   krb5_free_data(context, scratch);
-	   krb5_free_sam_challenge_2(context, sc2);
-	   krb5_free_sam_challenge_2_body(context, sc2b);
-	   return(retval);
-	}
-	if (valid_cksum)
-	   break;
-	cksum++;
-   }
-
-   if (!valid_cksum) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	/*
-	 * Note: We return AP_ERR_BAD_INTEGRITY so upper-level applications
-	 * can interpret that as "password incorrect", which is probably
-	 * the best error we can return in this situation.
-	 */
-	return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
-   }
- 
-   /* fill in enc_sam_response_enc_2 */
-   enc_sam_response_enc_2.magic = KV5M_ENC_SAM_RESPONSE_ENC_2;
-   enc_sam_response_enc_2.sam_nonce = sc2b->sam_nonce;
-   if (sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
-	enc_sam_response_enc_2.sam_sad = response_data;
-   } else {
-	enc_sam_response_enc_2.sam_sad.data = NULL;
-	enc_sam_response_enc_2.sam_sad.length = 0;
-   }
-
-   /* encode and encrypt enc_sam_response_enc_2 with as_key */
-   retval = encode_krb5_enc_sam_response_enc_2(&enc_sam_response_enc_2,
-		&scratch);
-   if (retval) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	return(retval);
-   }
-
-   /* Fill in sam_response_2 */
-   memset(&sr2, 0, sizeof(sr2));
-   sr2.sam_type = sc2b->sam_type;
-   sr2.sam_flags = sc2b->sam_flags;
-   sr2.sam_track_id = sc2b->sam_track_id;
-   sr2.sam_nonce = sc2b->sam_nonce;
-
-   /* Now take care of sr2.sam_enc_nonce_or_sad by encrypting encoded	*/
-   /* enc_sam_response_enc_2 from above */
-
-   retval = krb5_c_encrypt_length(context, as_key->enctype, scratch->length,
-				  &ciph_len);
-   if (retval) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	krb5_free_data(context, scratch);
-	return(retval);
-   }
-   sr2.sam_enc_nonce_or_sad.ciphertext.length = ciph_len;
-
-   sr2.sam_enc_nonce_or_sad.ciphertext.data =
-	(char *)malloc(sr2.sam_enc_nonce_or_sad.ciphertext.length);
-
-   if (!sr2.sam_enc_nonce_or_sad.ciphertext.data) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	krb5_free_data(context, scratch);
-	return(ENOMEM);
-   }
-
-   retval = krb5_c_encrypt(context, as_key, KRB5_KEYUSAGE_PA_SAM_RESPONSE,
-		NULL, scratch, &sr2.sam_enc_nonce_or_sad);
-   if (retval) {
-	krb5_free_sam_challenge_2(context, sc2);
-	krb5_free_sam_challenge_2_body(context, sc2b);
-	krb5_free_data(context, scratch);
-	krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext);
-	return(retval);
-   }
-   krb5_free_data(context, scratch);
-   scratch = NULL;
-
-   /* Encode the sam_response_2 */
-   retval = encode_krb5_sam_response_2(&sr2, &scratch);
-   krb5_free_sam_challenge_2(context, sc2);
-   krb5_free_sam_challenge_2_body(context, sc2b);
-   krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext);
-
-   if (retval) {
-	return (retval);
-   }
-
-   /* Almost there, just need to make padata !  */
-   sam_padata = malloc(sizeof(krb5_pa_data));
-   if (sam_padata == NULL) {
-	krb5_free_data(context, scratch);
-	return(ENOMEM);
-   }
-
-   sam_padata->magic = KV5M_PA_DATA;
-   sam_padata->pa_type = KRB5_PADATA_SAM_RESPONSE_2;
-   sam_padata->length = scratch->length;
-   sam_padata->contents = (krb5_octet *) scratch->data;
-   free(scratch);
-
-   *out_padata = sam_padata;
-
-   return(0);
+    krb5_error_code retval;
+    krb5_sam_challenge_2 *sc2 = NULL;
+    krb5_sam_challenge_2_body *sc2b = NULL;
+    krb5_data tmp_data;
+    krb5_data response_data;
+    char name[100], banner[100], prompt[100], response[100];
+    krb5_prompt kprompt;
+    krb5_prompt_type prompt_type;
+    krb5_data defsalt;
+    krb5_checksum **cksum;
+    krb5_data *scratch = NULL;
+    krb5_boolean valid_cksum = 0;
+    krb5_enc_sam_response_enc_2 enc_sam_response_enc_2;
+    krb5_sam_response_2 sr2;
+    size_t ciph_len;
+    krb5_pa_data *sam_padata;
+
+    if (prompter == NULL)
+        return KRB5_LIBOS_CANTREADPWD;
+
+    tmp_data.length = in_padata->length;
+    tmp_data.data = (char *)in_padata->contents;
+
+    if ((retval = decode_krb5_sam_challenge_2(&tmp_data, &sc2)))
+        return(retval);
+
+    retval = decode_krb5_sam_challenge_2_body(&sc2->sam_challenge_2_body, &sc2b);
+
+    if (retval) {
+        krb5_free_sam_challenge_2(context, sc2);
+        return(retval);
+    }
+
+    if (!sc2->sam_cksum || ! *sc2->sam_cksum) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        return(KRB5_SAM_NO_CHECKSUM);
+    }
+
+    if (sc2b->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        return(KRB5_SAM_UNSUPPORTED);
+    }
+
+    if (!krb5_c_valid_enctype(sc2b->sam_etype)) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        return(KRB5_SAM_INVALID_ETYPE);
+    }
+
+    /* All of the above error checks are KDC-specific, that is, they     */
+    /* assume a failure in the KDC reply.  By returning anything other   */
+    /* than KRB5_KDC_UNREACH, KRB5_PREAUTH_FAILED,               */
+    /* KRB5_LIBOS_PWDINTR, or KRB5_REALM_CANT_RESOLVE, the client will   */
+    /* most likely go on to try the AS_REQ against master KDC            */
+
+    if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
+        /* We will need the password to obtain the key used for */
+        /* the checksum, and encryption of the sam_response.    */
+        /* Go ahead and get it now, preserving the ordering of  */
+        /* prompts for the user.                                */
+
+        retval = (gak_fct)(context, request->client,
+                           sc2b->sam_etype, prompter,
+                           prompter_data, salt, s2kparams, as_key, gak_data);
+        if (retval) {
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(retval);
+        }
+    }
+
+    snprintf(name, sizeof(name), "%.*s",
+             SAMDATA(sc2b->sam_type_name, "SAM Authentication",
+                     sizeof(name) - 1));
+
+    snprintf(banner, sizeof(banner), "%.*s",
+             SAMDATA(sc2b->sam_challenge_label,
+                     sam_challenge_banner(sc2b->sam_type),
+                     sizeof(banner)-1));
+
+    snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s",
+             sc2b->sam_challenge.length?"Challenge is [":"",
+             SAMDATA(sc2b->sam_challenge, "", 20),
+             sc2b->sam_challenge.length?"], ":"",
+             SAMDATA(sc2b->sam_response_prompt, "passcode", 55));
+
+    response_data.data = response;
+    response_data.length = sizeof(response);
+    kprompt.prompt = prompt;
+    kprompt.hidden = 1;
+    kprompt.reply = &response_data;
+
+    prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+    krb5int_set_prompt_types(context, &prompt_type);
+
+    if ((retval = ((*prompter)(context, prompter_data, name,
+                               banner, 1, &kprompt)))) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        krb5int_set_prompt_types(context, 0);
+        return(retval);
+    }
+
+    krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL);
+
+    /* Generate salt used by string_to_key() */
+    if ((salt->length == -1) && (salt->data == NULL)) {
+        if ((retval =
+             krb5_principal2salt(context, request->client, &defsalt))) {
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(retval);
+        }
+        salt = &defsalt;
+    } else {
+        defsalt.length = 0;
+    }
+
+    /* Get encryption key to be used for checksum and sam_response */
+    if (!(sc2b->sam_flags & KRB5_SAM_USE_SAD_AS_KEY)) {
+        /* as_key = string_to_key(password) */
+
+        if (as_key->length) {
+            krb5_free_keyblock_contents(context, as_key);
+            as_key->length = 0;
+        }
+
+        /* generate a key using the supplied password */
+        retval = krb5_c_string_to_key(context, sc2b->sam_etype,
+                                      (krb5_data *)gak_data, salt, as_key);
+
+        if (retval) {
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            if (defsalt.length) free(defsalt.data);
+            return(retval);
+        }
+
+        if (!(sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD)) {
+            /* as_key = combine_key (as_key, string_to_key(SAD)) */
+            krb5_keyblock tmp_kb;
+
+            retval = krb5_c_string_to_key(context, sc2b->sam_etype,
+                                          &response_data, salt, &tmp_kb);
+
+            if (retval) {
+                krb5_free_sam_challenge_2(context, sc2);
+                krb5_free_sam_challenge_2_body(context, sc2b);
+                if (defsalt.length) free(defsalt.data);
+                return(retval);
+            }
+
+            /* This should be a call to the crypto library some day */
+            /* key types should already match the sam_etype */
+            retval = krb5int_c_combine_keys(context, as_key, &tmp_kb, as_key);
+
+            if (retval) {
+                krb5_free_sam_challenge_2(context, sc2);
+                krb5_free_sam_challenge_2_body(context, sc2b);
+                if (defsalt.length) free(defsalt.data);
+                return(retval);
+            }
+            krb5_free_keyblock_contents(context, &tmp_kb);
+        }
+
+        if (defsalt.length)
+            free(defsalt.data);
+
+    } else {
+        /* as_key = string_to_key(SAD) */
+
+        if (as_key->length) {
+            krb5_free_keyblock_contents(context, as_key);
+            as_key->length = 0;
+        }
+
+        /* generate a key using the supplied password */
+        retval = krb5_c_string_to_key(context, sc2b->sam_etype,
+                                      &response_data, salt, as_key);
+
+        if (defsalt.length)
+            free(defsalt.data);
+
+        if (retval) {
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(retval);
+        }
+    }
+
+    /* Now we have a key, verify the checksum on the sam_challenge */
+
+    cksum = sc2->sam_cksum;
+
+    while (*cksum) {
+        /* Check this cksum */
+        retval = krb5_c_verify_checksum(context, as_key,
+                                        KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM,
+                                        &sc2->sam_challenge_2_body,
+                                        *cksum, &valid_cksum);
+        if (retval) {
+            krb5_free_data(context, scratch);
+            krb5_free_sam_challenge_2(context, sc2);
+            krb5_free_sam_challenge_2_body(context, sc2b);
+            return(retval);
+        }
+        if (valid_cksum)
+            break;
+        cksum++;
+    }
+
+    if (!valid_cksum) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        /*
+         * Note: We return AP_ERR_BAD_INTEGRITY so upper-level applications
+         * can interpret that as "password incorrect", which is probably
+         * the best error we can return in this situation.
+         */
+        return(KRB5KRB_AP_ERR_BAD_INTEGRITY);
+    }
+
+    /* fill in enc_sam_response_enc_2 */
+    enc_sam_response_enc_2.magic = KV5M_ENC_SAM_RESPONSE_ENC_2;
+    enc_sam_response_enc_2.sam_nonce = sc2b->sam_nonce;
+    if (sc2b->sam_flags & KRB5_SAM_SEND_ENCRYPTED_SAD) {
+        enc_sam_response_enc_2.sam_sad = response_data;
+    } else {
+        enc_sam_response_enc_2.sam_sad.data = NULL;
+        enc_sam_response_enc_2.sam_sad.length = 0;
+    }
+
+    /* encode and encrypt enc_sam_response_enc_2 with as_key */
+    retval = encode_krb5_enc_sam_response_enc_2(&enc_sam_response_enc_2,
+                                                &scratch);
+    if (retval) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        return(retval);
+    }
+
+    /* Fill in sam_response_2 */
+    memset(&sr2, 0, sizeof(sr2));
+    sr2.sam_type = sc2b->sam_type;
+    sr2.sam_flags = sc2b->sam_flags;
+    sr2.sam_track_id = sc2b->sam_track_id;
+    sr2.sam_nonce = sc2b->sam_nonce;
+
+    /* Now take care of sr2.sam_enc_nonce_or_sad by encrypting encoded   */
+    /* enc_sam_response_enc_2 from above */
+
+    retval = krb5_c_encrypt_length(context, as_key->enctype, scratch->length,
+                                   &ciph_len);
+    if (retval) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        krb5_free_data(context, scratch);
+        return(retval);
+    }
+    sr2.sam_enc_nonce_or_sad.ciphertext.length = ciph_len;
+
+    sr2.sam_enc_nonce_or_sad.ciphertext.data =
+        (char *)malloc(sr2.sam_enc_nonce_or_sad.ciphertext.length);
+
+    if (!sr2.sam_enc_nonce_or_sad.ciphertext.data) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        krb5_free_data(context, scratch);
+        return(ENOMEM);
+    }
+
+    retval = krb5_c_encrypt(context, as_key, KRB5_KEYUSAGE_PA_SAM_RESPONSE,
+                            NULL, scratch, &sr2.sam_enc_nonce_or_sad);
+    if (retval) {
+        krb5_free_sam_challenge_2(context, sc2);
+        krb5_free_sam_challenge_2_body(context, sc2b);
+        krb5_free_data(context, scratch);
+        krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext);
+        return(retval);
+    }
+    krb5_free_data(context, scratch);
+    scratch = NULL;
+
+    /* Encode the sam_response_2 */
+    retval = encode_krb5_sam_response_2(&sr2, &scratch);
+    krb5_free_sam_challenge_2(context, sc2);
+    krb5_free_sam_challenge_2_body(context, sc2b);
+    krb5_free_data_contents(context, &sr2.sam_enc_nonce_or_sad.ciphertext);
+
+    if (retval) {
+        return (retval);
+    }
+
+    /* Almost there, just need to make padata !  */
+    sam_padata = malloc(sizeof(krb5_pa_data));
+    if (sam_padata == NULL) {
+        krb5_free_data(context, scratch);
+        return(ENOMEM);
+    }
+
+    sam_padata->magic = KV5M_PA_DATA;
+    sam_padata->pa_type = KRB5_PADATA_SAM_RESPONSE_2;
+    sam_padata->length = scratch->length;
+    sam_padata->contents = (krb5_octet *) scratch->data;
+    free(scratch);
+
+    *out_padata = sam_padata;
+
+    return(0);
 }
 
 static krb5_error_code pa_s4u_x509_user(
@@ -1728,32 +1729,32 @@ static krb5_error_code pa_s4u_x509_user(
     *out_padata = NULL;
 
     if (userid == NULL)
-	return EINVAL;
+        return EINVAL;
 
     code = krb5_copy_principal(context, request->client, &client);
     if (code != 0)
-	return code;
+        return code;
 
     if (userid->user != NULL)
-	krb5_free_principal(context, userid->user);
+        krb5_free_principal(context, userid->user);
     userid->user = client;
 
     if (userid->subject_cert.length != 0) {
-	s4u_padata = malloc(sizeof(*s4u_padata));
-	if (s4u_padata == NULL)
-	    return ENOMEM;
+        s4u_padata = malloc(sizeof(*s4u_padata));
+        if (s4u_padata == NULL)
+            return ENOMEM;
 
-	s4u_padata->magic = KV5M_PA_DATA;
-	s4u_padata->pa_type = KRB5_PADATA_S4U_X509_USER;
-	s4u_padata->contents = malloc(userid->subject_cert.length);
-	if (s4u_padata->contents == NULL) {
-	    free(s4u_padata);
-	    return ENOMEM;
-	}
-	memcpy(s4u_padata->contents, userid->subject_cert.data, userid->subject_cert.length);
-	s4u_padata->length = userid->subject_cert.length;
+        s4u_padata->magic = KV5M_PA_DATA;
+        s4u_padata->pa_type = KRB5_PADATA_S4U_X509_USER;
+        s4u_padata->contents = malloc(userid->subject_cert.length);
+        if (s4u_padata->contents == NULL) {
+            free(s4u_padata);
+            return ENOMEM;
+        }
+        memcpy(s4u_padata->contents, userid->subject_cert.data, userid->subject_cert.length);
+        s4u_padata->length = userid->subject_cert.length;
 
-	*out_padata = s4u_padata;
+        *out_padata = s4u_padata;
     }
 
     return 0;
@@ -1762,56 +1763,56 @@ static krb5_error_code pa_s4u_x509_user(
 /* FIXME - order significant? */
 static const pa_types_t pa_types[] = {
     {
-	KRB5_PADATA_PW_SALT,
-	pa_salt,
-	PA_INFO,
+        KRB5_PADATA_PW_SALT,
+        pa_salt,
+        PA_INFO,
     },
     {
-	KRB5_PADATA_AFS3_SALT,
-	pa_salt,
-	PA_INFO,
+        KRB5_PADATA_AFS3_SALT,
+        pa_salt,
+        PA_INFO,
     },
 #if APPLE_PKINIT
     {
-	KRB5_PADATA_PK_AS_REQ,
-	pa_pkinit_gen_req,
-	PA_INFO,
+        KRB5_PADATA_PK_AS_REQ,
+        pa_pkinit_gen_req,
+        PA_INFO,
     },
     {
-	KRB5_PADATA_PK_AS_REP,
-	pa_pkinit_parse_rep,
-	PA_REAL,
+        KRB5_PADATA_PK_AS_REP,
+        pa_pkinit_parse_rep,
+        PA_REAL,
     },
 #endif /* APPLE_PKINIT */
     {
-	KRB5_PADATA_ENC_TIMESTAMP,
-	pa_enc_timestamp,
-	PA_REAL,
+        KRB5_PADATA_ENC_TIMESTAMP,
+        pa_enc_timestamp,
+        PA_REAL,
     },
     {
-	KRB5_PADATA_SAM_CHALLENGE_2,
-	pa_sam_2,
-	PA_REAL,
+        KRB5_PADATA_SAM_CHALLENGE_2,
+        pa_sam_2,
+        PA_REAL,
     },
     {
-	KRB5_PADATA_SAM_CHALLENGE,
-	pa_sam,
-	PA_REAL,
+        KRB5_PADATA_SAM_CHALLENGE,
+        pa_sam,
+        PA_REAL,
     },
     {
-	KRB5_PADATA_FX_COOKIE,
-	pa_fx_cookie,
-	PA_INFO,
+        KRB5_PADATA_FX_COOKIE,
+        pa_fx_cookie,
+        PA_INFO,
     },
     {
-	KRB5_PADATA_S4U_X509_USER,
-	pa_s4u_x509_user,
-	PA_INFO,
+        KRB5_PADATA_S4U_X509_USER,
+        pa_s4u_x509_user,
+        PA_INFO,
     },
     {
-	-1,
-	NULL,
-	0,
+        -1,
+        NULL,
+        0,
     },
 };
 
@@ -1822,19 +1823,19 @@ static const pa_types_t pa_types[] = {
  */
 krb5_error_code KRB5_CALLCONV
 krb5_do_preauth_tryagain(krb5_context kcontext,
-			 krb5_kdc_req *request,
-			 krb5_data *encoded_request_body,
-			 krb5_data *encoded_previous_request,
-			 krb5_pa_data **padata,
-			 krb5_pa_data ***return_padata,
-			 krb5_error *err_reply,
-			 krb5_data *salt, krb5_data *s2kparams,
-			 krb5_enctype *etype,
-			 krb5_keyblock *as_key,
-			 krb5_prompter_fct prompter, void *prompter_data,
-			 krb5_gic_get_as_key_fct gak_fct, void *gak_data,
-			 krb5_preauth_client_rock *get_data_rock,
-			 krb5_gic_opt_ext *opte)
+                         krb5_kdc_req *request,
+                         krb5_data *encoded_request_body,
+                         krb5_data *encoded_previous_request,
+                         krb5_pa_data **padata,
+                         krb5_pa_data ***return_padata,
+                         krb5_error *err_reply,
+                         krb5_data *salt, krb5_data *s2kparams,
+                         krb5_enctype *etype,
+                         krb5_keyblock *as_key,
+                         krb5_prompter_fct prompter, void *prompter_data,
+                         krb5_gic_get_as_key_fct gak_fct, void *gak_data,
+                         krb5_preauth_client_rock *get_data_rock,
+                         krb5_gic_opt_ext *opte)
 {
     krb5_error_code ret;
     krb5_pa_data **out_padata;
@@ -1845,65 +1846,65 @@ krb5_do_preauth_tryagain(krb5_context kcontext,
 
     ret = KRB5KRB_ERR_GENERIC;
     if (kcontext->preauth_context == NULL) {
-       return KRB5KRB_ERR_GENERIC;
+        return KRB5KRB_ERR_GENERIC;
     }
     context = kcontext->preauth_context;
     if (context == NULL) {
-       return KRB5KRB_ERR_GENERIC;
+        return KRB5KRB_ERR_GENERIC;
     }
 
     for (i = 0; padata[i] != NULL && padata[i]->pa_type != 0; i++) {
-	out_padata = NULL;
-	for (j = 0; j < context->n_modules; j++) {
-	    module = &context->modules[j];
-	    if (module->pa_type != padata[i]->pa_type) {
-		continue;
-	    }
-	    if (module->client_tryagain == NULL) {
-		continue;
-	    }
-	    if ((*module->client_tryagain)(kcontext,
-					   module->plugin_context,
-					   *module->request_context_pp,
-					   (krb5_get_init_creds_opt *)opte,
-					   client_data_proc,
-					   get_data_rock,
-					   request,
-					   encoded_request_body,
-					   encoded_previous_request,
-					   padata[i],
-					   err_reply,
-					   prompter, prompter_data,
-					   gak_fct, gak_data, salt, s2kparams,
-					   as_key,
-					   &out_padata) == 0) {
-		if (out_padata != NULL) {
-		    int k;
-		    for (k = 0; out_padata[k] != NULL; k++);
-		    grow_pa_list(return_padata, &out_pa_list_size,
-				 out_padata, k);
-		    free(out_padata);
-		    return 0;
-		}
-	    }
-	}
+        out_padata = NULL;
+        for (j = 0; j < context->n_modules; j++) {
+            module = &context->modules[j];
+            if (module->pa_type != padata[i]->pa_type) {
+                continue;
+            }
+            if (module->client_tryagain == NULL) {
+                continue;
+            }
+            if ((*module->client_tryagain)(kcontext,
+                                           module->plugin_context,
+                                           *module->request_context_pp,
+                                           (krb5_get_init_creds_opt *)opte,
+                                           client_data_proc,
+                                           get_data_rock,
+                                           request,
+                                           encoded_request_body,
+                                           encoded_previous_request,
+                                           padata[i],
+                                           err_reply,
+                                           prompter, prompter_data,
+                                           gak_fct, gak_data, salt, s2kparams,
+                                           as_key,
+                                           &out_padata) == 0) {
+                if (out_padata != NULL) {
+                    int k;
+                    for (k = 0; out_padata[k] != NULL; k++);
+                    grow_pa_list(return_padata, &out_pa_list_size,
+                                 out_padata, k);
+                    free(out_padata);
+                    return 0;
+                }
+            }
+        }
     }
     return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_do_preauth(krb5_context context,
-		krb5_kdc_req *request,
-		krb5_data *encoded_request_body,
-		krb5_data *encoded_previous_request,
-		krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
-		krb5_data *salt, krb5_data *s2kparams,
-		krb5_enctype *etype,
-		krb5_keyblock *as_key,
-		krb5_prompter_fct prompter, void *prompter_data,
-		krb5_gic_get_as_key_fct gak_fct, void *gak_data,
-		krb5_preauth_client_rock *get_data_rock,
-		krb5_gic_opt_ext *opte)
+                krb5_kdc_req *request,
+                krb5_data *encoded_request_body,
+                krb5_data *encoded_previous_request,
+                krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
+                krb5_data *salt, krb5_data *s2kparams,
+                krb5_enctype *etype,
+                krb5_keyblock *as_key,
+                krb5_prompter_fct prompter, void *prompter_data,
+                krb5_gic_get_as_key_fct gak_fct, void *gak_data,
+                krb5_preauth_client_rock *get_data_rock,
+                krb5_gic_opt_ext *opte)
 {
     unsigned int h;
     int i, j, out_pa_list_size;
@@ -1916,17 +1917,17 @@ krb5_do_preauth(krb5_context context,
     int realdone;
 
     if (in_padata == NULL) {
-	*out_padata = NULL;
-	return(0);
+        *out_padata = NULL;
+        return(0);
     }
 
 #ifdef DEBUG
     fprintf (stderr, "salt len=%d", (int) salt->length);
     if ((int) salt->length > 0)
-	fprintf (stderr, " '%.*s'", salt->length, salt->data);
+        fprintf (stderr, " '%.*s'", salt->length, salt->data);
     fprintf (stderr, "; preauth data types:");
     for (i = 0; in_padata[i]; i++) {
-	fprintf (stderr, " %d", in_padata[i]->pa_type);
+        fprintf (stderr, " %d", in_padata[i]->pa_type);
     }
     fprintf (stderr, "\n");
 #endif
@@ -1937,202 +1938,202 @@ krb5_do_preauth(krb5_context context,
     /* first do all the informational preauths, then the first real one */
 
     for (h=0; h<(sizeof(paorder)/sizeof(paorder[0])); h++) {
-	realdone = 0;
-	for (i=0; in_padata[i] && !realdone; i++) {
-	    int k, l, etype_found, valid_etype_found;
-	    /*
-	     * This is really gross, but is necessary to prevent
-	     * lossage when talking to a 1.0.x KDC, which returns an
-	     * erroneous PA-PW-SALT when it returns a KRB-ERROR
-	     * requiring additional preauth.
-	     */
-	    switch (in_padata[i]->pa_type) {
-	    case KRB5_PADATA_ETYPE_INFO:
-	    case KRB5_PADATA_ETYPE_INFO2:
-	    {
-		krb5_preauthtype pa_type = in_padata[i]->pa_type;
-		if (etype_info) {
-		    if (seen_etype_info2 || pa_type != KRB5_PADATA_ETYPE_INFO2)
-			continue;
-		    if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
-			krb5_free_etype_info( context, etype_info);
-			etype_info = NULL;
-		    }
-		}
-
-		scratch.length = in_padata[i]->length;
-		scratch.data = (char *) in_padata[i]->contents;
-		if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
-		    seen_etype_info2++;
-		    ret = decode_krb5_etype_info2(&scratch, &etype_info);
-		}
-		else ret = decode_krb5_etype_info(&scratch, &etype_info);
-		if (ret) {
-		    ret = 0; /*Ignore error and etype_info element*/
-		    if (etype_info) 
-		      krb5_free_etype_info( context, etype_info);
-		    etype_info = NULL;
-		    continue;
-		}
-		if (etype_info[0] == NULL) {
-		    krb5_free_etype_info(context, etype_info);
-		    etype_info = NULL;
-		    break;
-		}
-		/*
-		 * Select first etype in our request which is also in
-		 * etype-info (preferring client request ktype order).
-		 */
-		for (etype_found = 0, valid_etype_found = 0, k = 0;
-		     !etype_found && k < request->nktypes; k++) {
-		    for (l = 0; etype_info[l]; l++) {
-			if (etype_info[l]->etype == request->ktype[k]) {
-			    etype_found++;
-			    break;
-			}
-			/* check if program has support for this etype for more
-			 * precise error reporting.
-			 */
-			if (krb5_c_valid_enctype(etype_info[l]->etype))
-			    valid_etype_found++;
-		    }
-		}
-		if (!etype_found) {
-		  if (valid_etype_found) {
-			/* supported enctype but not requested */
-		    ret =  KRB5_CONFIG_ETYPE_NOSUPP;
-		    goto cleanup;
-		  }
-		  else {
-		    /* unsupported enctype */
-		    ret =  KRB5_PROG_ETYPE_NOSUPP;
-		    goto cleanup;
-		  }
-
-		}
-		scratch.data = (char *) etype_info[l]->salt;
-		scratch.length = etype_info[l]->length;
-		krb5_free_data_contents(context, salt);
-		if (scratch.length == KRB5_ETYPE_NO_SALT) 
-		  salt->data = NULL;
-		else
-		    if ((ret = krb5int_copy_data_contents( context, &scratch, salt)) != 0)
-		  goto cleanup;
-		*etype = etype_info[l]->etype;
-		krb5_free_data_contents(context, s2kparams);
-		if ((ret = krb5int_copy_data_contents(context,
-						      &etype_info[l]->s2kparams,
-						      s2kparams)) != 0)
-		  goto cleanup;
+        realdone = 0;
+        for (i=0; in_padata[i] && !realdone; i++) {
+            int k, l, etype_found, valid_etype_found;
+            /*
+             * This is really gross, but is necessary to prevent
+             * lossage when talking to a 1.0.x KDC, which returns an
+             * erroneous PA-PW-SALT when it returns a KRB-ERROR
+             * requiring additional preauth.
+             */
+            switch (in_padata[i]->pa_type) {
+            case KRB5_PADATA_ETYPE_INFO:
+            case KRB5_PADATA_ETYPE_INFO2:
+            {
+                krb5_preauthtype pa_type = in_padata[i]->pa_type;
+                if (etype_info) {
+                    if (seen_etype_info2 || pa_type != KRB5_PADATA_ETYPE_INFO2)
+                        continue;
+                    if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
+                        krb5_free_etype_info( context, etype_info);
+                        etype_info = NULL;
+                    }
+                }
+
+                scratch.length = in_padata[i]->length;
+                scratch.data = (char *) in_padata[i]->contents;
+                if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
+                    seen_etype_info2++;
+                    ret = decode_krb5_etype_info2(&scratch, &etype_info);
+                }
+                else ret = decode_krb5_etype_info(&scratch, &etype_info);
+                if (ret) {
+                    ret = 0; /*Ignore error and etype_info element*/
+                    if (etype_info)
+                        krb5_free_etype_info( context, etype_info);
+                    etype_info = NULL;
+                    continue;
+                }
+                if (etype_info[0] == NULL) {
+                    krb5_free_etype_info(context, etype_info);
+                    etype_info = NULL;
+                    break;
+                }
+                /*
+                 * Select first etype in our request which is also in
+                 * etype-info (preferring client request ktype order).
+                 */
+                for (etype_found = 0, valid_etype_found = 0, k = 0;
+                     !etype_found && k < request->nktypes; k++) {
+                    for (l = 0; etype_info[l]; l++) {
+                        if (etype_info[l]->etype == request->ktype[k]) {
+                            etype_found++;
+                            break;
+                        }
+                        /* check if program has support for this etype for more
+                         * precise error reporting.
+                         */
+                        if (krb5_c_valid_enctype(etype_info[l]->etype))
+                            valid_etype_found++;
+                    }
+                }
+                if (!etype_found) {
+                    if (valid_etype_found) {
+                        /* supported enctype but not requested */
+                        ret =  KRB5_CONFIG_ETYPE_NOSUPP;
+                        goto cleanup;
+                    }
+                    else {
+                        /* unsupported enctype */
+                        ret =  KRB5_PROG_ETYPE_NOSUPP;
+                        goto cleanup;
+                    }
+
+                }
+                scratch.data = (char *) etype_info[l]->salt;
+                scratch.length = etype_info[l]->length;
+                krb5_free_data_contents(context, salt);
+                if (scratch.length == KRB5_ETYPE_NO_SALT)
+                    salt->data = NULL;
+                else
+                    if ((ret = krb5int_copy_data_contents( context, &scratch, salt)) != 0)
+                        goto cleanup;
+                *etype = etype_info[l]->etype;
+                krb5_free_data_contents(context, s2kparams);
+                if ((ret = krb5int_copy_data_contents(context,
+                                                      &etype_info[l]->s2kparams,
+                                                      s2kparams)) != 0)
+                    goto cleanup;
 #ifdef DEBUG
-		for (j = 0; etype_info[j]; j++) {
-		    krb5_etype_info_entry *e = etype_info[j];
-		    fprintf (stderr, "etype info %d: etype %d salt len=%d",
-			     j, e->etype, e->length);
-		    if (e->length > 0 && e->length != KRB5_ETYPE_NO_SALT)
-			fprintf (stderr, " '%.*s'", e->length, e->salt);
-		    fprintf (stderr, "\n");
-		}
+                for (j = 0; etype_info[j]; j++) {
+                    krb5_etype_info_entry *e = etype_info[j];
+                    fprintf (stderr, "etype info %d: etype %d salt len=%d",
+                             j, e->etype, e->length);
+                    if (e->length > 0 && e->length != KRB5_ETYPE_NO_SALT)
+                        fprintf (stderr, " '%.*s'", e->length, e->salt);
+                    fprintf (stderr, "\n");
+                }
 #endif
-		break;
-	    }
-	    case KRB5_PADATA_PW_SALT:
-	    case KRB5_PADATA_AFS3_SALT:
-		if (etype_info)
-		    continue;
-		break;
-	    default:
-		;
-	    }
-	    /* Try the internally-provided preauth type list. */
-	    if (!realdone) for (j=0; pa_types[j].type >= 0; j++) {
-		if ((in_padata[i]->pa_type == pa_types[j].type) &&
-		    (pa_types[j].flags & paorder[h])) {
+                break;
+            }
+            case KRB5_PADATA_PW_SALT:
+            case KRB5_PADATA_AFS3_SALT:
+                if (etype_info)
+                    continue;
+                break;
+            default:
+                ;
+            }
+            /* Try the internally-provided preauth type list. */
+            if (!realdone) for (j=0; pa_types[j].type >= 0; j++) {
+                    if ((in_padata[i]->pa_type == pa_types[j].type) &&
+                        (pa_types[j].flags & paorder[h])) {
 #ifdef DEBUG
-		    fprintf (stderr, "calling internal function for pa_type "
-			     "%d, flag %d\n", pa_types[j].type, paorder[h]);
+                        fprintf (stderr, "calling internal function for pa_type "
+                                 "%d, flag %d\n", pa_types[j].type, paorder[h]);
 #endif
-		    out_pa = NULL;
-
-		    if ((ret = ((*pa_types[j].fct)(context, request,
-						   in_padata[i], &out_pa,
-						   salt, s2kparams, etype, as_key,
-						   prompter, prompter_data,
-						   gak_fct, gak_data)))) {
-                        if (paorder[h] == PA_INFO) {
+                        out_pa = NULL;
+
+                        if ((ret = ((*pa_types[j].fct)(context, request,
+                                                       in_padata[i], &out_pa,
+                                                       salt, s2kparams, etype, as_key,
+                                                       prompter, prompter_data,
+                                                       gak_fct, gak_data)))) {
+                            if (paorder[h] == PA_INFO) {
 #ifdef DEBUG
-                            fprintf (stderr, 
-                                     "internal function for type %d, flag %d "
-                                     "failed with err %d\n",
-                                     in_padata[i]->pa_type, paorder[h], ret);
+                                fprintf (stderr,
+                                         "internal function for type %d, flag %d "
+                                         "failed with err %d\n",
+                                         in_padata[i]->pa_type, paorder[h], ret);
 #endif
-                            ret = 0;
-                            continue; /* PA_INFO type failed, ignore */
+                                ret = 0;
+                                continue; /* PA_INFO type failed, ignore */
+                            }
+
+                            goto cleanup;
                         }
-                        
-		      goto cleanup;
-		    }
-
-		    ret = grow_pa_list(&out_pa_list, &out_pa_list_size,
-				       &out_pa, 1);
-		    if (ret != 0) {
-			    goto cleanup;
-		    }
-		    if (paorder[h] == PA_REAL)
-			realdone = 1;
-		}
-	    }
-
-	    /* Try to use plugins now. */
-	    if (!realdone) {
-		krb5_init_preauth_context(context);
-		if (context->preauth_context != NULL) {
-		    int module_ret = 0, module_flags;
+
+                        ret = grow_pa_list(&out_pa_list, &out_pa_list_size,
+                                           &out_pa, 1);
+                        if (ret != 0) {
+                            goto cleanup;
+                        }
+                        if (paorder[h] == PA_REAL)
+                            realdone = 1;
+                    }
+                }
+
+            /* Try to use plugins now. */
+            if (!realdone) {
+                krb5_init_preauth_context(context);
+                if (context->preauth_context != NULL) {
+                    int module_ret = 0, module_flags;
 #ifdef DEBUG
-		    fprintf (stderr, "trying modules for pa_type %d, flag %d\n",
-			     in_padata[i]->pa_type, paorder[h]);
+                    fprintf (stderr, "trying modules for pa_type %d, flag %d\n",
+                             in_padata[i]->pa_type, paorder[h]);
 #endif
-		    ret = krb5_run_preauth_plugins(context,
-						   paorder[h],
-						   request,
-						   encoded_request_body,
-						   encoded_previous_request,
-						   in_padata[i],
-						   prompter,
-						   prompter_data,
-						   gak_fct,
-						   salt, s2kparams,
-						   gak_data,
-						   get_data_rock,
-						   as_key,
-						   &out_pa_list,
-						   &out_pa_list_size,
-						   &module_ret,
-						   &module_flags,
-						   opte);
-		    if (ret == 0) {
-			if (module_ret == 0) {
-		            if (paorder[h] == PA_REAL) {
-				realdone = 1;
-			    }
-			}
-		    }
-		}
-	    }
-	}
+                    ret = krb5_run_preauth_plugins(context,
+                                                   paorder[h],
+                                                   request,
+                                                   encoded_request_body,
+                                                   encoded_previous_request,
+                                                   in_padata[i],
+                                                   prompter,
+                                                   prompter_data,
+                                                   gak_fct,
+                                                   salt, s2kparams,
+                                                   gak_data,
+                                                   get_data_rock,
+                                                   as_key,
+                                                   &out_pa_list,
+                                                   &out_pa_list_size,
+                                                   &module_ret,
+                                                   &module_flags,
+                                                   opte);
+                    if (ret == 0) {
+                        if (module_ret == 0) {
+                            if (paorder[h] == PA_REAL) {
+                                realdone = 1;
+                            }
+                        }
+                    }
+                }
+            }
+        }
     }
 
     *out_padata = out_pa_list;
     if (etype_info)
-      krb5_free_etype_info(context, etype_info);
-    
+        krb5_free_etype_info(context, etype_info);
+
     return(0);
- cleanup:
+cleanup:
     if (out_pa_list) {
-      out_pa_list[out_pa_list_size++] = NULL;
-      krb5_free_pa_data(context, out_pa_list);
+        out_pa_list[out_pa_list_size++] = NULL;
+        krb5_free_pa_data(context, out_pa_list);
     }
     if (etype_info)
-      krb5_free_etype_info(context, etype_info);
+        krb5_free_etype_info(context, etype_info);
     return (ret);
 }
diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c
index 367c11e3d..3565f2c82 100644
--- a/src/lib/krb5/krb/princ_comp.c
+++ b/src/lib/krb5/krb/princ_comp.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/princ_comp.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * compare two principals, returning a krb5_boolean true if equal, false if
  * not.
@@ -33,19 +34,19 @@
 
 static krb5_boolean
 realm_compare_flags(krb5_context context,
-		    krb5_const_principal princ1,
-		    krb5_const_principal princ2,
-		    int flags)
+                    krb5_const_principal princ1,
+                    krb5_const_principal princ2,
+                    int flags)
 {
     const krb5_data *realm1 = krb5_princ_realm(context, princ1);
     const krb5_data *realm2 = krb5_princ_realm(context, princ2);
 
     if (realm1->length != realm2->length)
-	return FALSE;
+        return FALSE;
 
     return (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) ?
-	(strncasecmp(realm1->data, realm2->data, realm2->length) == 0) :
-	(memcmp(realm1->data, realm2->data, realm2->length) == 0);
+        (strncasecmp(realm1->data, realm2->data, realm2->length) == 0) :
+        (memcmp(realm1->data, realm2->data, realm2->length) == 0);
 }
 
 krb5_boolean KRB5_CALLCONV
@@ -56,18 +57,18 @@ krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const
 
 static krb5_error_code
 upn_to_principal(krb5_context context,
-		 krb5_const_principal princ,
-		 krb5_principal *upn)
+                 krb5_const_principal princ,
+                 krb5_principal *upn)
 {
     char *unparsed_name;
     krb5_error_code code;
 
     code = krb5_unparse_name_flags(context, princ,
-				   KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				   &unparsed_name);
+                                   KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+                                   &unparsed_name);
     if (code) {
-	*upn = NULL;
-	return code;
+        *upn = NULL;
+        return code;
     }
 
     code = krb5_parse_name(context, unparsed_name, upn);
@@ -79,9 +80,9 @@ upn_to_principal(krb5_context context,
 
 krb5_boolean KRB5_CALLCONV
 krb5_principal_compare_flags(krb5_context context,
-			     krb5_const_principal princ1,
-			     krb5_const_principal princ2,
-			     int flags)
+                             krb5_const_principal princ1,
+                             krb5_const_principal princ2,
+                             int flags)
 {
     register int i;
     krb5_int32 nelem;
@@ -92,50 +93,50 @@ krb5_principal_compare_flags(krb5_context context,
     krb5_boolean ret = FALSE;
 
     if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) {
-	/* Treat UPNs as if they were real principals */
-	if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
-	    if (upn_to_principal(context, princ1, &upn1) == 0)
-		princ1 = upn1;
-	}
-	if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
-	    if (upn_to_principal(context, princ2, &upn2) == 0)
-		princ2 = upn2;
-	}
+        /* Treat UPNs as if they were real principals */
+        if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+            if (upn_to_principal(context, princ1, &upn1) == 0)
+                princ1 = upn1;
+        }
+        if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) {
+            if (upn_to_principal(context, princ2, &upn2) == 0)
+                princ2 = upn2;
+        }
     }
 
     nelem = krb5_princ_size(context, princ1);
     if (nelem != krb5_princ_size(context, princ2))
-	goto out;
+        goto out;
 
     if ((flags & KRB5_PRINCIPAL_COMPARE_IGNORE_REALM) == 0 &&
-	!realm_compare_flags(context, princ1, princ2, flags))
-	goto out;
+        !realm_compare_flags(context, princ1, princ2, flags))
+        goto out;
 
     for (i = 0; i < (int) nelem; i++) {
-	const krb5_data *p1 = krb5_princ_component(context, princ1, i);
-	const krb5_data *p2 = krb5_princ_component(context, princ2, i);
-	krb5_boolean eq;
-
-	if (casefold) {
-	    if (utf8)
-		eq = (krb5int_utf8_normcmp(p1, p2, KRB5_UTF8_CASEFOLD) == 0);
-	    else
-		eq = (p1->length == p2->length
-		      && strncasecmp(p1->data, p2->data, p2->length) == 0);
-	} else
-	    eq = data_eq(*p1, *p2);
-
-	if (!eq)
-	    goto out;
+        const krb5_data *p1 = krb5_princ_component(context, princ1, i);
+        const krb5_data *p2 = krb5_princ_component(context, princ2, i);
+        krb5_boolean eq;
+
+        if (casefold) {
+            if (utf8)
+                eq = (krb5int_utf8_normcmp(p1, p2, KRB5_UTF8_CASEFOLD) == 0);
+            else
+                eq = (p1->length == p2->length
+                      && strncasecmp(p1->data, p2->data, p2->length) == 0);
+        } else
+            eq = data_eq(*p1, *p2);
+
+        if (!eq)
+            goto out;
     }
 
     ret = TRUE;
 
 out:
     if (upn1 != NULL)
-	krb5_free_principal(context, upn1);
+        krb5_free_principal(context, upn1);
     if (upn2 != NULL)
-	krb5_free_principal(context, upn2);
+        krb5_free_principal(context, upn2);
 
     return ret;
 }
@@ -150,7 +151,7 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r)
 #ifdef DEBUG_REFERRALS
 #if 0
     printf("krb5_is_ref_realm: checking <%s> for referralness: %s\n",
-	   r->data,(r->length==0)?"true":"false");
+           r->data,(r->length==0)?"true":"false");
 #endif
 #endif
     assert(strlen(KRB5_REFERRAL_REALM)==0);
@@ -162,17 +163,16 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r)
 
 krb5_boolean KRB5_CALLCONV
 krb5_principal_compare(krb5_context context,
-		       krb5_const_principal princ1,
-		       krb5_const_principal princ2)
+                       krb5_const_principal princ1,
+                       krb5_const_principal princ2)
 {
     return krb5_principal_compare_flags(context, princ1, princ2, 0);
 }
 
 krb5_boolean KRB5_CALLCONV
 krb5_principal_compare_any_realm(krb5_context context,
-				 krb5_const_principal princ1,
-				 krb5_const_principal princ2)
+                                 krb5_const_principal princ1,
+                                 krb5_const_principal princ2)
 {
     return krb5_principal_compare_flags(context, princ1, princ2, KRB5_PRINCIPAL_COMPARE_IGNORE_REALM);
 }
-
diff --git a/src/lib/krb5/krb/rd_cred.c b/src/lib/krb5/krb/rd_cred.c
index a5d00dc4e..30ce4255f 100644
--- a/src/lib/krb5/krb/rd_cred.c
+++ b/src/lib/krb5/krb/rd_cred.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include "cleanup.h"
 #include "auth_con.h"
@@ -11,38 +12,38 @@
 /*
  * decrypt the enc_part of a krb5_cred
  */
-static krb5_error_code 
+static krb5_error_code
 decrypt_credencdata(krb5_context context, krb5_cred *pcred,
-		    krb5_key pkey, krb5_cred_enc_part *pcredenc)
+                    krb5_key pkey, krb5_cred_enc_part *pcredenc)
 {
     krb5_cred_enc_part  * ppart = NULL;
-    krb5_error_code 	  retval;
-    krb5_data 		  scratch;
+    krb5_error_code       retval;
+    krb5_data             scratch;
 
     scratch.length = pcred->enc_part.ciphertext.length;
-    if (!(scratch.data = (char *)malloc(scratch.length))) 
-	return ENOMEM;
+    if (!(scratch.data = (char *)malloc(scratch.length)))
+        return ENOMEM;
 
     if (pkey != NULL) {
-	if ((retval = krb5_k_decrypt(context, pkey,
-				     KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0,
-				     &pcred->enc_part, &scratch)))
-	    goto cleanup;
+        if ((retval = krb5_k_decrypt(context, pkey,
+                                     KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0,
+                                     &pcred->enc_part, &scratch)))
+            goto cleanup;
     } else {
-	memcpy(scratch.data, pcred->enc_part.ciphertext.data, scratch.length);
+        memcpy(scratch.data, pcred->enc_part.ciphertext.data, scratch.length);
     }
 
     /*  now decode the decrypted stuff */
     if ((retval = decode_krb5_enc_cred_part(&scratch, &ppart)))
-    	goto cleanup;
+        goto cleanup;
 
     *pcredenc = *ppart;
     retval = 0;
 
 cleanup:
     if (ppart != NULL) {
-	memset(ppart, 0, sizeof(*ppart));
-	free(ppart);
+        memset(ppart, 0, sizeof(*ppart));
+        free(ppart);
     }
     memset(scratch.data, 0, scratch.length);
     free(scratch.data);
@@ -51,40 +52,40 @@ cleanup:
 }
 /*----------------------- krb5_rd_cred_basic -----------------------*/
 
-static krb5_error_code 
+static krb5_error_code
 krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata,
-		   krb5_key pkey, krb5_replay_data *replaydata,
-		   krb5_creds ***pppcreds)
+                   krb5_key pkey, krb5_replay_data *replaydata,
+                   krb5_creds ***pppcreds)
 {
     krb5_error_code       retval;
-    krb5_cred 		* pcred;
-    krb5_int32 		  ncreds;
-    krb5_int32 		  i = 0;
-    krb5_cred_enc_part 	  encpart;
+    krb5_cred           * pcred;
+    krb5_int32            ncreds;
+    krb5_int32            i = 0;
+    krb5_cred_enc_part    encpart;
 
     /* decode cred message */
     if ((retval = decode_krb5_cred(pcreddata, &pcred)))
-    	return retval;
+        return retval;
 
     memset(&encpart, 0, sizeof(encpart));
 
     if ((retval = decrypt_credencdata(context, pcred, pkey, &encpart)))
-	goto cleanup_cred;
+        goto cleanup_cred;
 
 
     replaydata->timestamp = encpart.timestamp;
     replaydata->usec = encpart.usec;
     replaydata->seq = encpart.nonce;
 
-   /*
-    * Allocate the list of creds.  The memory is allocated so that
-    * krb5_free_tgt_creds can be used to free the list.
-    */
+    /*
+     * Allocate the list of creds.  The memory is allocated so that
+     * krb5_free_tgt_creds can be used to free the list.
+     */
     for (ncreds = 0; pcred->tickets[ncreds]; ncreds++);
-	
-    if ((*pppcreds = 
-        (krb5_creds **)malloc((size_t)(sizeof(krb5_creds *) *
-				       (ncreds + 1)))) == NULL) {
+
+    if ((*pppcreds =
+         (krb5_creds **)malloc((size_t)(sizeof(krb5_creds *) *
+                                        (ncreds + 1)))) == NULL) {
         retval = ENOMEM;
         goto cleanup_cred;
     }
@@ -95,13 +96,13 @@ krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata,
      * credentials and copy the information.
      */
     while (i < ncreds) {
-        krb5_cred_info 	* pinfo;
-        krb5_creds 	* pcur;
-	krb5_data	* pdata;
+        krb5_cred_info  * pinfo;
+        krb5_creds      * pcur;
+        krb5_data       * pdata;
 
         if ((pcur = (krb5_creds *)calloc(1, sizeof(krb5_creds))) == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
+            retval = ENOMEM;
+            goto cleanup;
         }
 
         (*pppcreds)[i] = pcur;
@@ -109,26 +110,26 @@ krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata,
         pinfo = encpart.ticket_info[i++];
 
         if ((retval = krb5_copy_principal(context, pinfo->client,
-					  &pcur->client)))
-	    goto cleanup;
+                                          &pcur->client)))
+            goto cleanup;
 
         if ((retval = krb5_copy_principal(context, pinfo->server,
-					  &pcur->server)))
-	    goto cleanup;
+                                          &pcur->server)))
+            goto cleanup;
 
-      	if ((retval = krb5_copy_keyblock_contents(context, pinfo->session,
-						  &pcur->keyblock)))
-	    goto cleanup;
+        if ((retval = krb5_copy_keyblock_contents(context, pinfo->session,
+                                                  &pcur->keyblock)))
+            goto cleanup;
 
-        if ((retval = krb5_copy_addresses(context, pinfo->caddrs, 
-					  &pcur->addresses)))
-	    goto cleanup;
+        if ((retval = krb5_copy_addresses(context, pinfo->caddrs,
+                                          &pcur->addresses)))
+            goto cleanup;
 
         if ((retval = encode_krb5_ticket(pcred->tickets[i - 1], &pdata)))
-	    goto cleanup;
+            goto cleanup;
 
-	pcur->ticket = *pdata;
-	free(pdata);
+        pcur->ticket = *pdata;
+        free(pdata);
 
 
         pcur->is_skey = FALSE;
@@ -146,7 +147,7 @@ krb5_rd_cred_basic(krb5_context context, krb5_data *pcreddata,
 
 cleanup:
     if (retval)
-	krb5_free_tgt_creds(context, *pppcreds);
+        krb5_free_tgt_creds(context, *pppcreds);
 
 cleanup_cred:
     krb5_free_cred(context, pcred);
@@ -163,8 +164,8 @@ cleanup_cred:
  */
 krb5_error_code KRB5_CALLCONV
 krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,
-	     krb5_data *pcreddata, krb5_creds ***pppcreds,
-	     krb5_replay_data *outdata)
+             krb5_data *pcreddata, krb5_creds ***pppcreds,
+             krb5_replay_data *outdata)
 {
     krb5_error_code       retval;
     krb5_key              key;
@@ -172,16 +173,16 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,
 
     /* Get key */
     if ((key = auth_context->recv_subkey) == NULL)
-	key = auth_context->key;
+        key = auth_context->key;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-      (outdata == NULL))
+         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+        (outdata == NULL))
         /* Need a better error */
         return KRB5_RC_REQUIRED;
 
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
-      (auth_context->rcache == NULL))
+        (auth_context->rcache == NULL))
         return KRB5_RC_REQUIRED;
 
 
@@ -191,12 +192,12 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,
      * that.
      */
     if ((retval = krb5_rd_cred_basic(context, pcreddata, key,
-				     &replaydata, pppcreds))) {
-	if ((retval = krb5_rd_cred_basic(context, pcreddata,
-					 auth_context->key,
-					 &replaydata, pppcreds))) {
-	    return retval;
-	}
+                                     &replaydata, pppcreds))) {
+        if ((retval = krb5_rd_cred_basic(context, pcreddata,
+                                         auth_context->key,
+                                         &replaydata, pppcreds))) {
+            return retval;
+        }
     }
 
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
@@ -206,7 +207,7 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,
             goto error;
 
         if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
-					   "_forw", &replay.client)))
+                                           "_forw", &replay.client)))
             goto error;
 
         replay.server = "";             /* XXX */
@@ -229,7 +230,7 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,
     }
 
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
         outdata->timestamp = replaydata.timestamp;
         outdata->usec = replaydata.usec;
         outdata->seq = replaydata.seq;
@@ -237,9 +238,8 @@ krb5_rd_cred(krb5_context context, krb5_auth_context auth_context,
 
 error:;
     if (retval) {
-    	krb5_free_tgt_creds(context, *pppcreds);
-	*pppcreds = NULL;
+        krb5_free_tgt_creds(context, *pppcreds);
+        *pppcreds = NULL;
     }
     return retval;
 }
-
diff --git a/src/lib/krb5/krb/rd_error.c b/src/lib/krb5/krb/rd_error.c
index 2c617154b..39d9acdeb 100644
--- a/src/lib/krb5/krb/rd_error.c
+++ b/src/lib/krb5/krb/rd_error.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/rd_error.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_rd_error() routine
  */
@@ -35,16 +36,15 @@
  *
  *  Upon return dec_error will point to allocated storage which the
  * caller should free when finished.
- * 
+ *
  *  returns system errors
  */
 
 krb5_error_code KRB5_CALLCONV
 krb5_rd_error(krb5_context context, const krb5_data *enc_errbuf,
-	      krb5_error **dec_error)
+              krb5_error **dec_error)
 {
     if (!krb5_is_krb_error(enc_errbuf))
-	return KRB5KRB_AP_ERR_MSG_TYPE;
+        return KRB5KRB_AP_ERR_MSG_TYPE;
     return(decode_krb5_error(enc_errbuf, dec_error));
 }
-
diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 9b84ad87a..a6c79300c 100644
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/rd_priv.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_rd_priv()
  */
@@ -33,97 +34,97 @@
 
 /*
 
-Parses a KRB_PRIV message from inbuf, placing the confidential user
-data in *outbuf.
+  Parses a KRB_PRIV message from inbuf, placing the confidential user
+  data in *outbuf.
+
+  key specifies the key to be used for decryption of the message.
 
-key specifies the key to be used for decryption of the message.
- 
-remote_addr and local_addr specify the full
-addresses (host and port) of the sender and receiver.
+  remote_addr and local_addr specify the full
+  addresses (host and port) of the sender and receiver.
 
-outbuf points to allocated storage which the caller should
-free when finished.
+  outbuf points to allocated storage which the caller should
+  free when finished.
 
-i_vector is used as an initialization vector for the
-encryption, and if non-NULL its contents are replaced with the last
-block of the encrypted data upon exit.
+  i_vector is used as an initialization vector for the
+  encryption, and if non-NULL its contents are replaced with the last
+  block of the encrypted data upon exit.
 
-Returns system errors, integrity errors.
+  Returns system errors, integrity errors.
 
 */
 
 static krb5_error_code
 krb5_rd_priv_basic(krb5_context context, const krb5_data *inbuf,
-		   const krb5_key key, const krb5_address *local_addr,
-		   const krb5_address *remote_addr, krb5_pointer i_vector,
-		   krb5_replay_data *replaydata, krb5_data *outbuf)
+                   const krb5_key key, const krb5_address *local_addr,
+                   const krb5_address *remote_addr, krb5_pointer i_vector,
+                   krb5_replay_data *replaydata, krb5_data *outbuf)
 {
-    krb5_error_code 	  retval;
-    krb5_priv 		* privmsg;
-    krb5_data 		  scratch;
+    krb5_error_code       retval;
+    krb5_priv           * privmsg;
+    krb5_data             scratch;
     krb5_priv_enc_part  * privmsg_enc_part;
-    size_t		  blocksize;
-    krb5_data		  ivdata;
-    krb5_enctype	  enctype;
+    size_t                blocksize;
+    krb5_data             ivdata;
+    krb5_enctype          enctype;
 
     if (!krb5_is_krb_priv(inbuf))
-	return KRB5KRB_AP_ERR_MSG_TYPE;
+        return KRB5KRB_AP_ERR_MSG_TYPE;
 
     /* decode private message */
     if ((retval = decode_krb5_priv(inbuf, &privmsg)))
-	return retval;
-    
+        return retval;
+
     if (i_vector) {
-	enctype = krb5_k_key_enctype(context, key);
-	if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
-	    goto cleanup_privmsg;
+        enctype = krb5_k_key_enctype(context, key);
+        if ((retval = krb5_c_block_size(context, enctype, &blocksize)))
+            goto cleanup_privmsg;
 
-	ivdata.length = blocksize;
-	ivdata.data = i_vector;
+        ivdata.length = blocksize;
+        ivdata.data = i_vector;
     }
 
     scratch.length = privmsg->enc_part.ciphertext.length;
     if (!(scratch.data = malloc(scratch.length))) {
-	retval = ENOMEM;
-	goto cleanup_privmsg;
+        retval = ENOMEM;
+        goto cleanup_privmsg;
     }
 
     if ((retval = krb5_k_decrypt(context, key,
-				 KRB5_KEYUSAGE_KRB_PRIV_ENCPART, 
-				 i_vector?&ivdata:0,
-				 &privmsg->enc_part, &scratch)))
-	goto cleanup_scratch;
+                                 KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
+                                 i_vector?&ivdata:0,
+                                 &privmsg->enc_part, &scratch)))
+        goto cleanup_scratch;
 
     /*  now decode the decrypted stuff */
     if ((retval = decode_krb5_enc_priv_part(&scratch, &privmsg_enc_part)))
         goto cleanup_scratch;
 
     if (!krb5_address_compare(context,remote_addr,privmsg_enc_part->s_address)){
-	retval = KRB5KRB_AP_ERR_BADADDR;
-	goto cleanup_data;
+        retval = KRB5KRB_AP_ERR_BADADDR;
+        goto cleanup_data;
     }
-    
+
     if (privmsg_enc_part->r_address) {
-	if (local_addr) {
-	    if (!krb5_address_compare(context, local_addr,
-				      privmsg_enc_part->r_address)) {
-		retval = KRB5KRB_AP_ERR_BADADDR;
-		goto cleanup_data;
-	    }
-	} else {
-	    krb5_address **our_addrs;
-	
-	    if ((retval = krb5_os_localaddr(context, &our_addrs))) {
-		goto cleanup_data;
-	    }
-	    if (!krb5_address_search(context, privmsg_enc_part->r_address, 
-				     our_addrs)) {
-		krb5_free_addresses(context, our_addrs);
-		retval =  KRB5KRB_AP_ERR_BADADDR;
-		goto cleanup_data;
-	    }
-	    krb5_free_addresses(context, our_addrs);
-	}
+        if (local_addr) {
+            if (!krb5_address_compare(context, local_addr,
+                                      privmsg_enc_part->r_address)) {
+                retval = KRB5KRB_AP_ERR_BADADDR;
+                goto cleanup_data;
+            }
+        } else {
+            krb5_address **our_addrs;
+
+            if ((retval = krb5_os_localaddr(context, &our_addrs))) {
+                goto cleanup_data;
+            }
+            if (!krb5_address_search(context, privmsg_enc_part->r_address,
+                                     our_addrs)) {
+                krb5_free_addresses(context, our_addrs);
+                retval =  KRB5KRB_AP_ERR_BADADDR;
+                goto cleanup_data;
+            }
+            krb5_free_addresses(context, our_addrs);
+        }
     }
 
     replaydata->timestamp = privmsg_enc_part->timestamp;
@@ -136,15 +137,15 @@ krb5_rd_priv_basic(krb5_context context, const krb5_data *inbuf,
 
 cleanup_data:;
     if (retval == 0)
-	privmsg_enc_part->user_data.data = 0;
+        privmsg_enc_part->user_data.data = 0;
     krb5_free_priv_enc_part(context, privmsg_enc_part);
 
 cleanup_scratch:;
-    memset(scratch.data, 0, scratch.length); 
+    memset(scratch.data, 0, scratch.length);
     free(scratch.data);
 
 cleanup_privmsg:;
-    free(privmsg->enc_part.ciphertext.data); 
+    free(privmsg->enc_part.ciphertext.data);
     free(privmsg);
 
     return retval;
@@ -152,116 +153,116 @@ cleanup_privmsg:;
 
 krb5_error_code KRB5_CALLCONV
 krb5_rd_priv(krb5_context context, krb5_auth_context auth_context,
-	     const krb5_data *inbuf, krb5_data *outbuf,
-	     krb5_replay_data *outdata)
+             const krb5_data *inbuf, krb5_data *outbuf,
+             krb5_replay_data *outdata)
 {
-    krb5_error_code 	  retval;
+    krb5_error_code       retval;
     krb5_key              key;
-    krb5_replay_data	  replaydata;
+    krb5_replay_data      replaydata;
 
     /* Get key */
     if ((key = auth_context->recv_subkey) == NULL)
-	key = auth_context->key;
+        key = auth_context->key;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-      (outdata == NULL))
-	/* Need a better error */
-	return KRB5_RC_REQUIRED;
+         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+        (outdata == NULL))
+        /* Need a better error */
+        return KRB5_RC_REQUIRED;
 
     if (!auth_context->remote_addr)
-	return KRB5_REMOTE_ADDR_REQUIRED;
+        return KRB5_REMOTE_ADDR_REQUIRED;
 
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
-      (auth_context->rcache == NULL))
-	return KRB5_RC_REQUIRED;
+        (auth_context->rcache == NULL))
+        return KRB5_RC_REQUIRED;
+
+    {
+        krb5_address * premote_fulladdr;
+        krb5_address * plocal_fulladdr = NULL;
+        krb5_address remote_fulladdr;
+        krb5_address local_fulladdr;
+        CLEANUP_INIT(2);
+
+        if (auth_context->local_addr) {
+            if (auth_context->local_port) {
+                if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+                                                  auth_context->local_port,
+                                                  &local_fulladdr))){
+                    CLEANUP_PUSH(local_fulladdr.contents, free);
+                    plocal_fulladdr = &local_fulladdr;
+                } else {
+                    return retval;
+                }
+            } else {
+                plocal_fulladdr = auth_context->local_addr;
+            }
+        }
 
-{
-    krb5_address * premote_fulladdr;
-    krb5_address * plocal_fulladdr = NULL;
-    krb5_address remote_fulladdr;
-    krb5_address local_fulladdr;
-    CLEANUP_INIT(2);
-
-    if (auth_context->local_addr) {
-    	if (auth_context->local_port) {
-            if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-                                 	      auth_context->local_port, 
-					      &local_fulladdr))){
-                CLEANUP_PUSH(local_fulladdr.contents, free);
-	        plocal_fulladdr = &local_fulladdr;
+        if (auth_context->remote_port) {
+            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+                                              auth_context->remote_port,
+                                              &remote_fulladdr))){
+                CLEANUP_PUSH(remote_fulladdr.contents, free);
+                premote_fulladdr = &remote_fulladdr;
             } else {
-	        return retval;
+                CLEANUP_DONE();
+                return retval;
             }
-	} else {
-            plocal_fulladdr = auth_context->local_addr;
+        } else {
+            premote_fulladdr = auth_context->remote_addr;
         }
-    }
 
-    if (auth_context->remote_port) {
-	if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-					  auth_context->remote_port, 
-					  &remote_fulladdr))){
-	    CLEANUP_PUSH(remote_fulladdr.contents, free);
-	    premote_fulladdr = &remote_fulladdr;
-	} else {
-	    CLEANUP_DONE();
-	    return retval;
-	}
-    } else {
-	premote_fulladdr = auth_context->remote_addr;
-    }
+        memset(&replaydata, 0, sizeof(replaydata));
+        if ((retval = krb5_rd_priv_basic(context, inbuf, key,
+                                         plocal_fulladdr,
+                                         premote_fulladdr,
+                                         auth_context->i_vector,
+                                         &replaydata, outbuf))) {
+            CLEANUP_DONE();
+            return retval;
+        }
 
-    memset(&replaydata, 0, sizeof(replaydata));
-    if ((retval = krb5_rd_priv_basic(context, inbuf, key,
-				     plocal_fulladdr,
-				     premote_fulladdr,
-				     auth_context->i_vector,
-				     &replaydata, outbuf))) {
-	CLEANUP_DONE();
-	return retval;
+        CLEANUP_DONE();
     }
 
-    CLEANUP_DONE();
-}
-
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_donot_replay replay;
-
-	if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
-	    goto error;
-
-	if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr, 
-					   "_priv", &replay.client)))
-	    goto error;
-
-	replay.server = "";		/* XXX */
-	replay.msghash = NULL;
-	replay.cusec = replaydata.usec;
-	replay.ctime = replaydata.timestamp;
-	if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
-	    free(replay.client);
-	    goto error;
-	}
-	free(replay.client);
+        krb5_donot_replay replay;
+
+        if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
+            goto error;
+
+        if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
+                                           "_priv", &replay.client)))
+            goto error;
+
+        replay.server = "";             /* XXX */
+        replay.msghash = NULL;
+        replay.cusec = replaydata.usec;
+        replay.ctime = replaydata.timestamp;
+        if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
+            free(replay.client);
+            goto error;
+        }
+        free(replay.client);
     }
 
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if (!krb5int_auth_con_chkseqnum(context, auth_context,
-					replaydata.seq)) {
-	    retval =  KRB5KRB_AP_ERR_BADORDER;
-	    goto error;
-	}
-	auth_context->remote_seq_number++;
+        if (!krb5int_auth_con_chkseqnum(context, auth_context,
+                                        replaydata.seq)) {
+            retval =  KRB5KRB_AP_ERR_BADORDER;
+            goto error;
+        }
+        auth_context->remote_seq_number++;
     }
 
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
-	outdata->timestamp = replaydata.timestamp;
-	outdata->usec = replaydata.usec;
-	outdata->seq = replaydata.seq;
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
+        outdata->timestamp = replaydata.timestamp;
+        outdata->usec = replaydata.usec;
+        outdata->seq = replaydata.seq;
     }
-	
+
     /* everything is ok - return data to the user */
     return 0;
 
@@ -272,4 +273,3 @@ error:;
 
     return retval;
 }
-
diff --git a/src/lib/krb5/krb/rd_rep.c b/src/lib/krb5/krb/rd_rep.c
index 6e9cb0808..45c990187 100644
--- a/src/lib/krb5/krb/rd_rep.c
+++ b/src/lib/krb5/krb/rd_rep.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/rd_rep.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_rd_rep()
  */
@@ -59,74 +60,74 @@
 
 /*
  *  Parses a KRB_AP_REP message, returning its contents.
- * 
+ *
  *  repl is filled in with with a pointer to allocated memory containing
- * the fields from the encrypted response. 
- * 
+ * the fields from the encrypted response.
+ *
  *  the key in kblock is used to decrypt the message.
- * 
+ *
  *  returns system errors, encryption errors, replay errors
  */
 
 krb5_error_code KRB5_CALLCONV
 krb5_rd_rep(krb5_context context, krb5_auth_context auth_context,
-	    const krb5_data *inbuf, krb5_ap_rep_enc_part **repl)
+            const krb5_data *inbuf, krb5_ap_rep_enc_part **repl)
 {
-    krb5_error_code 	  retval;
-    krb5_ap_rep 	 *reply = NULL;
+    krb5_error_code       retval;
+    krb5_ap_rep          *reply = NULL;
     krb5_ap_rep_enc_part *enc = NULL;
-    krb5_data 	 	  scratch;
+    krb5_data             scratch;
 
     *repl = NULL;
 
     if (!krb5_is_ap_rep(inbuf))
-	return KRB5KRB_AP_ERR_MSG_TYPE;
+        return KRB5KRB_AP_ERR_MSG_TYPE;
 
     /* Decode inbuf. */
     retval = decode_krb5_ap_rep(inbuf, &reply);
     if (retval)
-	return retval;
+        return retval;
 
     /* Put together an eblock for this encryption. */
     scratch.length = reply->enc_part.ciphertext.length;
     scratch.data = malloc(scratch.length);
     if (scratch.data == NULL) {
-	retval = ENOMEM;
-	goto clean_scratch;
+        retval = ENOMEM;
+        goto clean_scratch;
     }
 
     retval = krb5_k_decrypt(context, auth_context->key,
-			    KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
-			    &reply->enc_part, &scratch);
+                            KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
+                            &reply->enc_part, &scratch);
     if (retval)
-	goto clean_scratch;
+        goto clean_scratch;
 
     /* Now decode the decrypted stuff. */
     retval = decode_krb5_ap_rep_enc_part(&scratch, &enc);
     if (retval)
-	goto clean_scratch;
+        goto clean_scratch;
 
     /* Check reply fields. */
     if ((enc->ctime != auth_context->authentp->ctime)
-	|| (enc->cusec != auth_context->authentp->cusec)) {
-	retval = KRB5_MUTUAL_FAILED;
-	goto clean_scratch;
+        || (enc->cusec != auth_context->authentp->cusec)) {
+        retval = KRB5_MUTUAL_FAILED;
+        goto clean_scratch;
     }
 
     /* Set auth subkey. */
     if (enc->subkey) {
-	retval = krb5_auth_con_setrecvsubkey(context, auth_context,
-					     enc->subkey);
-	if (retval)
-	    goto clean_scratch;
-	retval = krb5_auth_con_setsendsubkey(context, auth_context,
-					     enc->subkey);
-	if (retval) {
-	    (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
-	    goto clean_scratch;
-	}
-	/* Not used for anything yet. */
-	auth_context->negotiated_etype = enc->subkey->enctype;
+        retval = krb5_auth_con_setrecvsubkey(context, auth_context,
+                                             enc->subkey);
+        if (retval)
+            goto clean_scratch;
+        retval = krb5_auth_con_setsendsubkey(context, auth_context,
+                                             enc->subkey);
+        if (retval) {
+            (void) krb5_auth_con_setrecvsubkey(context, auth_context, NULL);
+            goto clean_scratch;
+        }
+        /* Not used for anything yet. */
+        auth_context->negotiated_etype = enc->subkey->enctype;
     }
 
     /* Get remote sequence number. */
@@ -137,7 +138,7 @@ krb5_rd_rep(krb5_context context, krb5_auth_context auth_context,
 
 clean_scratch:
     if (scratch.data)
-	memset(scratch.data, 0, scratch.length); 
+        memset(scratch.data, 0, scratch.length);
     free(scratch.data);
     krb5_free_ap_rep(context, reply);
     krb5_free_ap_rep_enc_part(context, enc);
@@ -146,56 +147,56 @@ clean_scratch:
 
 krb5_error_code KRB5_CALLCONV
 krb5_rd_rep_dce(krb5_context context, krb5_auth_context auth_context,
-		const krb5_data *inbuf, krb5_ui_4 *nonce)
+                const krb5_data *inbuf, krb5_ui_4 *nonce)
 {
-    krb5_error_code 	  retval;
-    krb5_ap_rep 	* reply;
-    krb5_data 	 	  scratch;
+    krb5_error_code       retval;
+    krb5_ap_rep         * reply;
+    krb5_data             scratch;
     krb5_ap_rep_enc_part *repl = NULL;
 
     if (!krb5_is_ap_rep(inbuf))
-	return KRB5KRB_AP_ERR_MSG_TYPE;
+        return KRB5KRB_AP_ERR_MSG_TYPE;
 
     /* decode it */
 
     if ((retval = decode_krb5_ap_rep(inbuf, &reply)))
-	return retval;
+        return retval;
 
     /* put together an eblock for this encryption */
 
     scratch.length = reply->enc_part.ciphertext.length;
     if (!(scratch.data = malloc(scratch.length))) {
-	krb5_free_ap_rep(context, reply);
-	return(ENOMEM);
+        krb5_free_ap_rep(context, reply);
+        return(ENOMEM);
     }
 
     if ((retval = krb5_k_decrypt(context, auth_context->key,
-				 KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
-				 &reply->enc_part, &scratch)))
-	goto clean_scratch;
+                                 KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
+                                 &reply->enc_part, &scratch)))
+        goto clean_scratch;
 
     /* now decode the decrypted stuff */
     retval = decode_krb5_ap_rep_enc_part(&scratch, &repl);
     if (retval)
-	goto clean_scratch;
+        goto clean_scratch;
 
     *nonce = repl->seq_number;
     if (*nonce != auth_context->local_seq_number) {
-	retval = KRB5_MUTUAL_FAILED;
-	goto clean_scratch;
+        retval = KRB5_MUTUAL_FAILED;
+        goto clean_scratch;
     }
 
     /* Must be NULL to prevent echoing for client AP-REP */
     if (repl->subkey != NULL) {
-	retval = KRB5_MUTUAL_FAILED;
-	goto clean_scratch;
+        retval = KRB5_MUTUAL_FAILED;
+        goto clean_scratch;
     }
 
 clean_scratch:
-    memset(scratch.data, 0, scratch.length); 
+    memset(scratch.data, 0, scratch.length);
 
     if (repl != NULL)
-	krb5_free_ap_rep_enc_part(context, repl);
+        krb5_free_ap_rep_enc_part(context, repl);
     krb5_free_ap_rep(context, reply);
     free(scratch.data);
     return retval;
diff --git a/src/lib/krb5/krb/rd_req.c b/src/lib/krb5/krb/rd_req.c
index 50c3a9011..4e12e5b36 100644
--- a/src/lib/krb5/krb/rd_req.c
+++ b/src/lib/krb5/krb/rd_req.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/rd_req.c
  *
@@ -47,33 +48,33 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
-	    const krb5_data *inbuf, krb5_const_principal server,
-	    krb5_keytab keytab, krb5_flags *ap_req_options,
-	    krb5_ticket **ticket)
+            const krb5_data *inbuf, krb5_const_principal server,
+            krb5_keytab keytab, krb5_flags *ap_req_options,
+            krb5_ticket **ticket)
 {
-    krb5_error_code 	  retval;
-    krb5_ap_req 	* request;
-    krb5_auth_context	  new_auth_context;
+    krb5_error_code       retval;
+    krb5_ap_req         * request;
+    krb5_auth_context     new_auth_context;
     krb5_keytab           new_keytab = NULL;
 
     if (!krb5_is_ap_req(inbuf))
-	return KRB5KRB_AP_ERR_MSG_TYPE;
+        return KRB5KRB_AP_ERR_MSG_TYPE;
 #ifndef LEAN_CLIENT
     if ((retval = decode_krb5_ap_req(inbuf, &request))) {
-    	switch (retval) {
-	case KRB5_BADMSGTYPE:
-	    return KRB5KRB_AP_ERR_BADVERSION;
-	default:
-	    return(retval);
-	}
+        switch (retval) {
+        case KRB5_BADMSGTYPE:
+            return KRB5KRB_AP_ERR_BADVERSION;
+        default:
+            return(retval);
+        }
     }
 #endif /* LEAN_CLIENT */
 
     /* Get an auth context if necessary. */
     new_auth_context = NULL;
     if (*auth_context == NULL) {
-	if ((retval = krb5_auth_con_init(context, &new_auth_context)))
-	    goto cleanup_request;
+        if ((retval = krb5_auth_con_init(context, &new_auth_context)))
+            goto cleanup_request;
         *auth_context = new_auth_context;
     }
 
@@ -81,14 +82,14 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
 #ifndef LEAN_CLIENT
     /* Get a keytab if necessary. */
     if (keytab == NULL) {
-	if ((retval = krb5_kt_default(context, &new_keytab)))
-	    goto cleanup_auth_context;
-	keytab = new_keytab;
+        if ((retval = krb5_kt_default(context, &new_keytab)))
+            goto cleanup_auth_context;
+        keytab = new_keytab;
     }
 #endif /* LEAN_CLIENT */
 
     retval = krb5_rd_req_decoded(context, auth_context, request, server,
-				 keytab, ap_req_options, ticket);
+                                 keytab, ap_req_options, ticket);
 
 #ifndef LEAN_CLIENT
     if (new_keytab != NULL)
@@ -97,12 +98,11 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context,
 
 cleanup_auth_context:
     if (new_auth_context && retval) {
-	krb5_auth_con_free(context, new_auth_context);
-	*auth_context = NULL;
+        krb5_auth_con_free(context, new_auth_context);
+        *auth_context = NULL;
     }
 
 cleanup_request:
     krb5_free_ap_req(context, request);
     return retval;
 }
-
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c
index 8516c7e43..adfa4de66 100644
--- a/src/lib/krb5/krb/rd_req_dec.c
+++ b/src/lib/krb5/krb/rd_req_dec.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/rd_req_dec.c
  *
@@ -9,7 +10,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -24,7 +25,7 @@
  * CyberSAFE Corporation make any representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_rd_req_decoded()
  */
@@ -40,43 +41,43 @@
  */
 /*
  *  Parses a KRB_AP_REQ message, returning its contents.
- * 
+ *
  *  server specifies the expected server's name for the ticket; if NULL, then
  *  any server will be accepted if the key can be found, and the caller should
  *  verify that the principal is something it trusts.
- * 
+ *
  *  rcache specifies a replay detection cache used to store authenticators and
  *  server names
- * 
+ *
  *  keyproc specifies a procedure to generate a decryption key for the
  *  ticket.  If keyproc is non-NULL, keyprocarg is passed to it, and the result
  *  used as a decryption key. If keyproc is NULL, then fetchfrom is checked;
  *  if it is non-NULL, it specifies a parameter name from which to retrieve the
  *  decryption key.  If fetchfrom is NULL, then the default key store is
  *  consulted.
- * 
+ *
  *  authdat is set to point at allocated storage structures; the caller
- *  should free them when finished. 
- * 
+ *  should free them when finished.
+ *
  *  returns system errors, encryption errors, replay errors
  */
 
 static krb5_error_code decrypt_authenticator
-	(krb5_context, const krb5_ap_req *, krb5_authenticator **,
-	 int);
+(krb5_context, const krb5_ap_req *, krb5_authenticator **,
+ int);
 static krb5_error_code
 decode_etype_list(krb5_context context,
-		  const krb5_authenticator *authp,
-		  krb5_enctype **desired_etypes,
-		  int *desired_etypes_len);
+                  const krb5_authenticator *authp,
+                  krb5_enctype **desired_etypes,
+                  int *desired_etypes_len);
 static krb5_error_code
 negotiate_etype(krb5_context context,
-		const krb5_enctype *desired_etypes,
-		int desired_etypes_len,
-		int mandatory_etypes_index,
-		const krb5_enctype *permitted_etypes,
-		int permitted_etypes_len,
-		krb5_enctype *negotiated_etype);
+                const krb5_enctype *desired_etypes,
+                int desired_etypes_len,
+                int mandatory_etypes_index,
+                const krb5_enctype *permitted_etypes,
+                int permitted_etypes_len,
+                krb5_enctype *negotiated_etype);
 
 krb5_error_code
 krb5int_check_clockskew(krb5_context context, krb5_timestamp date)
@@ -86,86 +87,86 @@ krb5int_check_clockskew(krb5_context context, krb5_timestamp date)
 
     retval = krb5_timeofday(context, &currenttime);
     if (retval)
-	return retval;
+        return retval;
     if (!(labs((date)-currenttime) < context->clockskew))
-	return KRB5KRB_AP_ERR_SKEW;
+        return KRB5KRB_AP_ERR_SKEW;
     return 0;
 }
 
 static krb5_error_code
 krb5_rd_req_decrypt_tkt_part(krb5_context context, const krb5_ap_req *req,
-			     krb5_const_principal server, krb5_keytab keytab,
-			     krb5_keyblock *key)
+                             krb5_const_principal server, krb5_keytab keytab,
+                             krb5_keyblock *key)
 {
-    krb5_error_code 	  retval;
-    krb5_keytab_entry 	  ktent;
+    krb5_error_code       retval;
+    krb5_keytab_entry     ktent;
 
     retval = KRB5_KT_NOTFOUND;
 
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
     if (server != NULL || keytab->ops->start_seq_get == NULL) {
-	retval = krb5_kt_get_entry(context, keytab,
-				   server != NULL ? server : req->ticket->server,
-				   req->ticket->enc_part.kvno,
-				   req->ticket->enc_part.enctype, &ktent);
-	if (retval == 0) {
-	    retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket);
-	    if (retval == 0 && key != NULL)
-		retval = krb5_copy_keyblock_contents(context, &ktent.key, key);
-
-	    (void) krb5_free_keytab_entry_contents(context, &ktent);
-	}
+        retval = krb5_kt_get_entry(context, keytab,
+                                   server != NULL ? server : req->ticket->server,
+                                   req->ticket->enc_part.kvno,
+                                   req->ticket->enc_part.enctype, &ktent);
+        if (retval == 0) {
+            retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket);
+            if (retval == 0 && key != NULL)
+                retval = krb5_copy_keyblock_contents(context, &ktent.key, key);
+
+            (void) krb5_free_keytab_entry_contents(context, &ktent);
+        }
     } else {
-	krb5_error_code code;
-	krb5_kt_cursor cursor;
-
-	code = krb5_kt_start_seq_get(context, keytab, &cursor);
-	if (code != 0) {
-	    retval = code;
-	    goto map_error;
-	}
-
-	while ((code = krb5_kt_next_entry(context, keytab,
-					  &ktent, &cursor)) == 0) {
-	    if (ktent.key.enctype != req->ticket->enc_part.enctype)
-		continue;
-
-	    retval = krb5_decrypt_tkt_part(context, &ktent.key,
-					   req->ticket);
-
-	    if (retval == 0) {
-		krb5_principal tmp = NULL;
-
-		/*
-		 * We overwrite ticket->server to be the principal
-		 * that we match in the keytab.  The reason for doing
-		 * this is that GSS-API and other consumers look at
-		 * that principal to make authorization decisions
-		 * about whether the appropriate server is contacted.
-		 * It might be cleaner to create a new API and store
-		 * the server in the auth_context, but doing so would
-		 * probably miss existing uses of the server. Instead,
-		 * perhaps an API should be created to retrieve the
-		 * server as it appeared in the ticket.
-		 */
-		retval = krb5_copy_principal(context, ktent.principal, &tmp);
-		if (retval == 0 && key != NULL)
-		    retval = krb5_copy_keyblock_contents(context, &ktent.key, key);
-		if (retval == 0) {
-		    krb5_free_principal(context, req->ticket->server);
-		    req->ticket->server = tmp;
-		} else {
-		    krb5_free_principal(context, tmp);
-		}
-		(void) krb5_free_keytab_entry_contents(context, &ktent);
-		break;
-	    }
-	    (void) krb5_free_keytab_entry_contents(context, &ktent);
-	}
-
-	code = krb5_kt_end_seq_get(context, keytab, &cursor);
-	if (code != 0)
-	    retval = code;
+        krb5_error_code code;
+        krb5_kt_cursor cursor;
+
+        code = krb5_kt_start_seq_get(context, keytab, &cursor);
+        if (code != 0) {
+            retval = code;
+            goto map_error;
+        }
+
+        while ((code = krb5_kt_next_entry(context, keytab,
+                                          &ktent, &cursor)) == 0) {
+            if (ktent.key.enctype != req->ticket->enc_part.enctype)
+                continue;
+
+            retval = krb5_decrypt_tkt_part(context, &ktent.key,
+                                           req->ticket);
+
+            if (retval == 0) {
+                krb5_principal tmp = NULL;
+
+                /*
+                 * We overwrite ticket->server to be the principal
+                 * that we match in the keytab.  The reason for doing
+                 * this is that GSS-API and other consumers look at
+                 * that principal to make authorization decisions
+                 * about whether the appropriate server is contacted.
+                 * It might be cleaner to create a new API and store
+                 * the server in the auth_context, but doing so would
+                 * probably miss existing uses of the server. Instead,
+                 * perhaps an API should be created to retrieve the
+                 * server as it appeared in the ticket.
+                 */
+                retval = krb5_copy_principal(context, ktent.principal, &tmp);
+                if (retval == 0 && key != NULL)
+                    retval = krb5_copy_keyblock_contents(context, &ktent.key, key);
+                if (retval == 0) {
+                    krb5_free_principal(context, req->ticket->server);
+                    req->ticket->server = tmp;
+                } else {
+                    krb5_free_principal(context, tmp);
+                }
+                (void) krb5_free_keytab_entry_contents(context, &ktent);
+                break;
+            }
+            (void) krb5_free_keytab_entry_contents(context, &ktent);
+        }
+
+        code = krb5_kt_end_seq_get(context, keytab, &cursor);
+        if (code != 0)
+            retval = code;
     }
 #endif /* LEAN_CLIENT */
 
@@ -174,10 +175,10 @@ map_error:
     case KRB5_KT_KVNONOTFOUND:
     case KRB5_KT_NOTFOUND:
     case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-	retval = KRB5KRB_AP_WRONG_PRINC;
-	break;
+        retval = KRB5KRB_AP_WRONG_PRINC;
+        break;
     default:
-	break;
+        break;
     }
 
     return retval;
@@ -189,16 +190,16 @@ static void
 debug_log_authz_data(const char *which, krb5_authdata **a)
 {
     if (a) {
-	syslog(LOG_ERR|LOG_DAEMON, "%s authz data:", which);
-	while (*a) {
-	    syslog(LOG_ERR|LOG_DAEMON, "  ad_type:%d length:%d '%.*s'",
-		   (*a)->ad_type, (*a)->length, (*a)->length,
-		   (char *) (*a)->contents);
-	    a++;
-	}
-	syslog(LOG_ERR|LOG_DAEMON, "  [end]");
+        syslog(LOG_ERR|LOG_DAEMON, "%s authz data:", which);
+        while (*a) {
+            syslog(LOG_ERR|LOG_DAEMON, "  ad_type:%d length:%d '%.*s'",
+                   (*a)->ad_type, (*a)->length, (*a)->length,
+                   (char *) (*a)->contents);
+            a++;
+        }
+        syslog(LOG_ERR|LOG_DAEMON, "  [end]");
     } else
-	syslog(LOG_ERR|LOG_DAEMON, "no %s authz data", which);
+        syslog(LOG_ERR|LOG_DAEMON, "no %s authz data", which);
 }
 #else
 static void
@@ -209,91 +210,91 @@ debug_log_authz_data(const char *which, krb5_authdata **a)
 
 static krb5_error_code
 krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
-			const krb5_ap_req *req, krb5_const_principal server,
-			krb5_keytab keytab, krb5_flags *ap_req_options,
-			krb5_ticket **ticket, int check_valid_flag)
+                        const krb5_ap_req *req, krb5_const_principal server,
+                        krb5_keytab keytab, krb5_flags *ap_req_options,
+                        krb5_ticket **ticket, int check_valid_flag)
 {
-    krb5_error_code 	  retval = 0;
-    krb5_principal_data	princ_data;
-    krb5_enctype	 *desired_etypes = NULL;
-    int			  desired_etypes_len = 0;
-    int			  rfc4537_etypes_len = 0;
-    krb5_enctype	 *permitted_etypes = NULL;
-    int			  permitted_etypes_len = 0;
-    krb5_keyblock	 decrypt_key;
+    krb5_error_code       retval = 0;
+    krb5_principal_data princ_data;
+    krb5_enctype         *desired_etypes = NULL;
+    int                   desired_etypes_len = 0;
+    int                   rfc4537_etypes_len = 0;
+    krb5_enctype         *permitted_etypes = NULL;
+    int                   permitted_etypes_len = 0;
+    krb5_keyblock        decrypt_key;
 
     decrypt_key.enctype = ENCTYPE_NULL;
     decrypt_key.contents = NULL;
- 
+
     req->ticket->enc_part2 = NULL;
     if (server && krb5_is_referral_realm(&server->realm)) {
-	char *realm;
-	princ_data = *server;
-	server = &princ_data;
-	retval = krb5_get_default_realm(context, &realm);
-	if (retval)
-	    return retval;
-	princ_data.realm.data = realm;
-	princ_data.realm.length = strlen(realm);
+        char *realm;
+        princ_data = *server;
+        server = &princ_data;
+        retval = krb5_get_default_realm(context, &realm);
+        if (retval)
+            return retval;
+        princ_data.realm.data = realm;
+        princ_data.realm.length = strlen(realm);
     }
 
 
     /* if (req->ap_options & AP_OPTS_USE_SESSION_KEY)
-       do we need special processing here ?	*/
+       do we need special processing here ?     */
 
     /* decrypt the ticket */
     if ((*auth_context)->key) { /* User to User authentication */
-    	if ((retval = krb5_decrypt_tkt_part(context,
-					    &(*auth_context)->key->keyblock,
-					    req->ticket)))
-	    goto cleanup;
-	if (check_valid_flag) {
-	    decrypt_key = (*auth_context)->key->keyblock;
-	    (*auth_context)->key->keyblock.contents = NULL;
-	}
-	krb5_k_free_key(context, (*auth_context)->key);
-	(*auth_context)->key = NULL;
+        if ((retval = krb5_decrypt_tkt_part(context,
+                                            &(*auth_context)->key->keyblock,
+                                            req->ticket)))
+            goto cleanup;
+        if (check_valid_flag) {
+            decrypt_key = (*auth_context)->key->keyblock;
+            (*auth_context)->key->keyblock.contents = NULL;
+        }
+        krb5_k_free_key(context, (*auth_context)->key);
+        (*auth_context)->key = NULL;
     } else {
-    	if ((retval = krb5_rd_req_decrypt_tkt_part(context, req,
-						   server, keytab,
-			    check_valid_flag ? &decrypt_key : NULL)))
-	    goto cleanup;
+        if ((retval = krb5_rd_req_decrypt_tkt_part(context, req,
+                                                   server, keytab,
+                                                   check_valid_flag ? &decrypt_key : NULL)))
+            goto cleanup;
     }
 
-   /* XXX this is an evil hack.  check_valid_flag is set iff the call
+    /* XXX this is an evil hack.  check_valid_flag is set iff the call
        is not from inside the kdc.  we can use this to determine which
        key usage to use */
 #ifndef LEAN_CLIENT
-    if ((retval = decrypt_authenticator(context, req, 
-					&((*auth_context)->authentp),
-					check_valid_flag)))
-	goto cleanup;
+    if ((retval = decrypt_authenticator(context, req,
+                                        &((*auth_context)->authentp),
+                                        check_valid_flag)))
+        goto cleanup;
 #endif
     if (!krb5_principal_compare(context, (*auth_context)->authentp->client,
-				req->ticket->enc_part2->client)) {
-	retval = KRB5KRB_AP_ERR_BADMATCH;
-	goto cleanup;
+                                req->ticket->enc_part2->client)) {
+        retval = KRB5KRB_AP_ERR_BADMATCH;
+        goto cleanup;
     }
 
-    if ((*auth_context)->remote_addr && 
-      !krb5_address_search(context, (*auth_context)->remote_addr, 
-			   req->ticket->enc_part2->caddrs)) {
-	retval = KRB5KRB_AP_ERR_BADADDR;
-	goto cleanup;
+    if ((*auth_context)->remote_addr &&
+        !krb5_address_search(context, (*auth_context)->remote_addr,
+                             req->ticket->enc_part2->caddrs)) {
+        retval = KRB5KRB_AP_ERR_BADADDR;
+        goto cleanup;
     }
 
     if (!server) {
-	server = req->ticket->server;
+        server = req->ticket->server;
     }
     /* Get an rcache if necessary. */
     if (((*auth_context)->rcache == NULL)
-	&& ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)
-	&& server) {
-	if ((retval = krb5_get_server_rcache(context,
-					     krb5_princ_component(context,
-								  server,0),
-					     &(*auth_context)->rcache)))
-	  goto cleanup;
+        && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)
+        && server) {
+        if ((retval = krb5_get_server_rcache(context,
+                                             krb5_princ_component(context,
+                                                                  server,0),
+                                             &(*auth_context)->rcache)))
+            goto cleanup;
     }
     /* okay, now check cross-realm policy */
 
@@ -301,60 +302,60 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
 
     /* Single hop cross-realm tickets only */
 
-    { 
-	krb5_transited *trans = &(req->ticket->enc_part2->transited);
+    {
+        krb5_transited *trans = &(req->ticket->enc_part2->transited);
 
-      	/* If the transited list is empty, then we have at most one hop */
-      	if (trans->tr_contents.data && trans->tr_contents.data[0])
-	    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+        /* If the transited list is empty, then we have at most one hop */
+        if (trans->tr_contents.data && trans->tr_contents.data[0])
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
     }
 
 #elif defined(_NO_CROSS_REALM)
 
     /* No cross-realm tickets */
 
-    { 
-	char		* lrealm;
-      	krb5_data      	* realm;
-      	krb5_transited 	* trans;
-  
-	realm = krb5_princ_realm(context, req->ticket->enc_part2->client);
-	trans = &(req->ticket->enc_part2->transited);
-
-	/*
-      	 * If the transited list is empty, then we have at most one hop 
-      	 * So we also have to check that the client's realm is the local one 
-	 */
-      	krb5_get_default_realm(context, &lrealm);
-      	if ((trans->tr_contents.data && trans->tr_contents.data[0]) ||
-	    !data_eq_string(*realm, lrealm)) {
-	    retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
-      	}
-      	free(lrealm);
+    {
+        char            * lrealm;
+        krb5_data       * realm;
+        krb5_transited  * trans;
+
+        realm = krb5_princ_realm(context, req->ticket->enc_part2->client);
+        trans = &(req->ticket->enc_part2->transited);
+
+        /*
+         * If the transited list is empty, then we have at most one hop
+         * So we also have to check that the client's realm is the local one
+         */
+        krb5_get_default_realm(context, &lrealm);
+        if ((trans->tr_contents.data && trans->tr_contents.data[0]) ||
+            !data_eq_string(*realm, lrealm)) {
+            retval = KRB5KRB_AP_ERR_ILL_CR_TKT;
+        }
+        free(lrealm);
     }
 
 #else
 
     /* Hierarchical Cross-Realm */
-  
+
     {
-      	krb5_data      * realm;
-      	krb5_transited * trans;
-  
-	realm = krb5_princ_realm(context, req->ticket->enc_part2->client);
-	trans = &(req->ticket->enc_part2->transited);
-
-	/*
-      	 * If the transited list is not empty, then check that all realms 
-      	 * transited are within the hierarchy between the client's realm  
-      	 * and the local realm.
-  	 */
-	if (trans->tr_contents.data && trans->tr_contents.data[0]) {
-	    retval = krb5_check_transited_list(context, &(trans->tr_contents), 
-					       realm,
-					       krb5_princ_realm (context,
-								 server));
-      	}
+        krb5_data      * realm;
+        krb5_transited * trans;
+
+        realm = krb5_princ_realm(context, req->ticket->enc_part2->client);
+        trans = &(req->ticket->enc_part2->transited);
+
+        /*
+         * If the transited list is not empty, then check that all realms
+         * transited are within the hierarchy between the client's realm
+         * and the local realm.
+         */
+        if (trans->tr_contents.data && trans->tr_contents.data[0]) {
+            retval = krb5_check_transited_list(context, &(trans->tr_contents),
+                                               realm,
+                                               krb5_princ_realm (context,
+                                                                 server));
+        }
     }
 
 #endif
@@ -365,69 +366,69 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
        may not be able to use replay caches (such as datagram servers) */
 
     if ((*auth_context)->rcache) {
-	krb5_donot_replay  rep;
-	krb5_tkt_authent   tktauthent;
-
-	tktauthent.ticket = req->ticket;	
-	tktauthent.authenticator = (*auth_context)->authentp;
-	if (!(retval = krb5_auth_to_rep(context, &tktauthent, &rep))) {
-	    retval = krb5_rc_hash_message(context,
-					  &req->authenticator.ciphertext,
-					  &rep.msghash);
-	    if (!retval) {
-		retval = krb5_rc_store(context, (*auth_context)->rcache, &rep);
-		free(rep.msghash);
-	    }
-	    free(rep.server);
-	    free(rep.client);
-	}
-
-	if (retval)
-	    goto cleanup;
+        krb5_donot_replay  rep;
+        krb5_tkt_authent   tktauthent;
+
+        tktauthent.ticket = req->ticket;
+        tktauthent.authenticator = (*auth_context)->authentp;
+        if (!(retval = krb5_auth_to_rep(context, &tktauthent, &rep))) {
+            retval = krb5_rc_hash_message(context,
+                                          &req->authenticator.ciphertext,
+                                          &rep.msghash);
+            if (!retval) {
+                retval = krb5_rc_store(context, (*auth_context)->rcache, &rep);
+                free(rep.msghash);
+            }
+            free(rep.server);
+            free(rep.client);
+        }
+
+        if (retval)
+            goto cleanup;
     }
 
     retval = krb5_validate_times(context, &req->ticket->enc_part2->times);
     if (retval != 0)
-	    goto cleanup;
+        goto cleanup;
 
     if ((retval = krb5int_check_clockskew(context, (*auth_context)->authentp->ctime)))
-	goto cleanup;
+        goto cleanup;
 
     if (check_valid_flag) {
-      if (req->ticket->enc_part2->flags & TKT_FLG_INVALID) {
-	retval = KRB5KRB_AP_ERR_TKT_INVALID;
-	goto cleanup;
-      }
-
-      if ((retval = krb5_authdata_context_init(context,
-					       &(*auth_context)->ad_context)))
-	goto cleanup;
-      if ((retval = krb5int_authdata_verify(context,
-					    (*auth_context)->ad_context,
-					    AD_USAGE_MASK,
-					    auth_context,
-					    &decrypt_key,
-					    req)))
-        goto cleanup;
+        if (req->ticket->enc_part2->flags & TKT_FLG_INVALID) {
+            retval = KRB5KRB_AP_ERR_TKT_INVALID;
+            goto cleanup;
+        }
+
+        if ((retval = krb5_authdata_context_init(context,
+                                                 &(*auth_context)->ad_context)))
+            goto cleanup;
+        if ((retval = krb5int_authdata_verify(context,
+                                              (*auth_context)->ad_context,
+                                              AD_USAGE_MASK,
+                                              auth_context,
+                                              &decrypt_key,
+                                              req)))
+            goto cleanup;
     }
 
     /* read RFC 4537 etype list from sender */
     retval = decode_etype_list(context,
-			       (*auth_context)->authentp,
-			       &desired_etypes,
-			       &rfc4537_etypes_len);
+                               (*auth_context)->authentp,
+                               &desired_etypes,
+                               &rfc4537_etypes_len);
     if (retval != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (desired_etypes == NULL)
-	desired_etypes = (krb5_enctype *)calloc(4, sizeof(krb5_enctype));
+        desired_etypes = (krb5_enctype *)calloc(4, sizeof(krb5_enctype));
     else
-	desired_etypes = (krb5_enctype *)realloc(desired_etypes,
-						 (rfc4537_etypes_len + 4) *
-						    sizeof(krb5_enctype));
+        desired_etypes = (krb5_enctype *)realloc(desired_etypes,
+                                                 (rfc4537_etypes_len + 4) *
+                                                 sizeof(krb5_enctype));
     if (desired_etypes == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     desired_etypes_len = rfc4537_etypes_len;
@@ -457,105 +458,105 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
      */
 
     if ((*auth_context)->authentp->subkey != NULL) {
-	desired_etypes[desired_etypes_len++] = (*auth_context)->authentp->subkey->enctype;
+        desired_etypes[desired_etypes_len++] = (*auth_context)->authentp->subkey->enctype;
     }
     desired_etypes[desired_etypes_len++] = req->ticket->enc_part2->session->enctype;
     desired_etypes[desired_etypes_len] = ENCTYPE_NULL;
 
     if (((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_PERMIT_ALL) == 0) {
-	if ((*auth_context)->permitted_etypes != NULL) {
-	    permitted_etypes = (*auth_context)->permitted_etypes;
-	} else {
-	    retval = krb5_get_permitted_enctypes(context, &permitted_etypes);
-	    if (retval != 0)
-		goto cleanup;
-	}
-	for (permitted_etypes_len = 0;
-	     permitted_etypes[permitted_etypes_len] != ENCTYPE_NULL;
-	     permitted_etypes_len++)
-	    ;
+        if ((*auth_context)->permitted_etypes != NULL) {
+            permitted_etypes = (*auth_context)->permitted_etypes;
+        } else {
+            retval = krb5_get_permitted_enctypes(context, &permitted_etypes);
+            if (retval != 0)
+                goto cleanup;
+        }
+        for (permitted_etypes_len = 0;
+             permitted_etypes[permitted_etypes_len] != ENCTYPE_NULL;
+             permitted_etypes_len++)
+            ;
     } else {
-	permitted_etypes = NULL;
-	permitted_etypes_len = 0;
+        permitted_etypes = NULL;
+        permitted_etypes_len = 0;
     }
 
     /* check if the various etypes are permitted */
     retval = negotiate_etype(context,
-			     desired_etypes, desired_etypes_len,
-			     rfc4537_etypes_len,
-			     permitted_etypes, permitted_etypes_len,
-			     &(*auth_context)->negotiated_etype);
+                             desired_etypes, desired_etypes_len,
+                             rfc4537_etypes_len,
+                             permitted_etypes, permitted_etypes_len,
+                             &(*auth_context)->negotiated_etype);
     if (retval != 0)
-	goto cleanup;
+        goto cleanup;
 
     assert((*auth_context)->negotiated_etype != ENCTYPE_NULL);
 
     (*auth_context)->remote_seq_number = (*auth_context)->authentp->seq_number;
     if ((*auth_context)->authentp->subkey) {
-	if ((retval = krb5_k_create_key(context,
-					(*auth_context)->authentp->subkey,
-					&((*auth_context)->recv_subkey))))
-	    goto cleanup;
-	retval = krb5_k_create_key(context, (*auth_context)->authentp->subkey,
-				   &((*auth_context)->send_subkey));
-	if (retval) {
-	    krb5_k_free_key(context, (*auth_context)->recv_subkey);
-	    (*auth_context)->recv_subkey = NULL;
-	    goto cleanup;
-	}
+        if ((retval = krb5_k_create_key(context,
+                                        (*auth_context)->authentp->subkey,
+                                        &((*auth_context)->recv_subkey))))
+            goto cleanup;
+        retval = krb5_k_create_key(context, (*auth_context)->authentp->subkey,
+                                   &((*auth_context)->send_subkey));
+        if (retval) {
+            krb5_k_free_key(context, (*auth_context)->recv_subkey);
+            (*auth_context)->recv_subkey = NULL;
+            goto cleanup;
+        }
     } else {
-	(*auth_context)->recv_subkey = 0;
-	(*auth_context)->send_subkey = 0;
+        (*auth_context)->recv_subkey = 0;
+        (*auth_context)->send_subkey = 0;
     }
 
     if ((retval = krb5_k_create_key(context, req->ticket->enc_part2->session,
-				    &((*auth_context)->key))))
-	goto cleanup;
+                                    &((*auth_context)->key))))
+        goto cleanup;
 
     debug_log_authz_data("ticket", req->ticket->enc_part2->authorization_data);
 
     /*
-     * If not AP_OPTS_MUTUAL_REQUIRED then and sequence numbers are used 
+     * If not AP_OPTS_MUTUAL_REQUIRED then and sequence numbers are used
      * then the default sequence number is the one's complement of the
      * sequence number sent ot us.
      */
-    if ((!(req->ap_options & AP_OPTS_MUTUAL_REQUIRED)) && 
-      (*auth_context)->remote_seq_number) {
-	(*auth_context)->local_seq_number ^= 
-	  (*auth_context)->remote_seq_number;
+    if ((!(req->ap_options & AP_OPTS_MUTUAL_REQUIRED)) &&
+        (*auth_context)->remote_seq_number) {
+        (*auth_context)->local_seq_number ^=
+            (*auth_context)->remote_seq_number;
     }
 
     if (ticket)
-   	if ((retval = krb5_copy_ticket(context, req->ticket, ticket)))
-	    goto cleanup;
+        if ((retval = krb5_copy_ticket(context, req->ticket, ticket)))
+            goto cleanup;
     if (ap_req_options) {
-    	*ap_req_options = req->ap_options & AP_OPTS_WIRE_MASK;
-	if (rfc4537_etypes_len != 0)
-	    *ap_req_options |= AP_OPTS_ETYPE_NEGOTIATION;
-	if ((*auth_context)->negotiated_etype !=
-	    krb5_k_key_enctype(context, (*auth_context)->key))
-	    *ap_req_options |= AP_OPTS_USE_SUBKEY;
+        *ap_req_options = req->ap_options & AP_OPTS_WIRE_MASK;
+        if (rfc4537_etypes_len != 0)
+            *ap_req_options |= AP_OPTS_ETYPE_NEGOTIATION;
+        if ((*auth_context)->negotiated_etype !=
+            krb5_k_key_enctype(context, (*auth_context)->key))
+            *ap_req_options |= AP_OPTS_USE_SUBKEY;
     }
 
     retval = 0;
-    
+
 cleanup:
     if (desired_etypes != NULL)
-	free(desired_etypes);
+        free(desired_etypes);
     if (permitted_etypes != NULL &&
-	permitted_etypes != (*auth_context)->permitted_etypes)
-	free(permitted_etypes);
+        permitted_etypes != (*auth_context)->permitted_etypes)
+        free(permitted_etypes);
     if (server == &princ_data)
-	krb5_free_default_realm(context, princ_data.realm.data);
+        krb5_free_default_realm(context, princ_data.realm.data);
     if (retval) {
-	/* only free if we're erroring out...otherwise some
-	   applications will need the output. */
-	if (req->ticket->enc_part2)
-	    krb5_free_enc_tkt_part(context, req->ticket->enc_part2);
-	req->ticket->enc_part2 = NULL;
+        /* only free if we're erroring out...otherwise some
+           applications will need the output. */
+        if (req->ticket->enc_part2)
+            krb5_free_enc_tkt_part(context, req->ticket->enc_part2);
+        req->ticket->enc_part2 = NULL;
     }
     if (check_valid_flag)
-	krb5_free_keyblock_contents(context, &decrypt_key);
+        krb5_free_keyblock_contents(context, &decrypt_key);
 
     return retval;
 }
@@ -566,12 +567,12 @@ krb5_rd_req_decoded(krb5_context context, krb5_auth_context *auth_context,
                     krb5_keytab keytab, krb5_flags *ap_req_options,
                     krb5_ticket **ticket)
 {
-  krb5_error_code retval;
-  retval = krb5_rd_req_decoded_opt(context, auth_context,
-				   req, server, keytab,
-				   ap_req_options, ticket,
-				   1); /* check_valid_flag */
-  return retval;
+    krb5_error_code retval;
+    retval = krb5_rd_req_decoded_opt(context, auth_context,
+                                     req, server, keytab,
+                                     ap_req_options, ticket,
+                                     1); /* check_valid_flag */
+    return retval;
 }
 
 krb5_error_code
@@ -581,18 +582,18 @@ krb5_rd_req_decoded_anyflag(krb5_context context,
                             krb5_const_principal server, krb5_keytab keytab,
                             krb5_flags *ap_req_options, krb5_ticket **ticket)
 {
-  krb5_error_code retval;
-  retval = krb5_rd_req_decoded_opt(context, auth_context,
-				   req, server, keytab,
-				   ap_req_options, ticket,
-				   0); /* don't check_valid_flag */
-  return retval;
+    krb5_error_code retval;
+    retval = krb5_rd_req_decoded_opt(context, auth_context,
+                                     req, server, keytab,
+                                     ap_req_options, ticket,
+                                     0); /* don't check_valid_flag */
+    return retval;
 }
 
 #ifndef LEAN_CLIENT
 static krb5_error_code
 decrypt_authenticator(krb5_context context, const krb5_ap_req *request,
-		      krb5_authenticator **authpp, int is_ap_req)
+                      krb5_authenticator **authpp, int is_ap_req)
 {
     krb5_authenticator *local_auth;
     krb5_error_code retval;
@@ -603,23 +604,23 @@ decrypt_authenticator(krb5_context context, const krb5_ap_req *request,
 
     scratch.length = request->authenticator.ciphertext.length;
     if (!(scratch.data = malloc(scratch.length)))
-	return(ENOMEM);
+        return(ENOMEM);
 
     if ((retval = krb5_c_decrypt(context, sesskey,
-				 is_ap_req?KRB5_KEYUSAGE_AP_REQ_AUTH:
-				 KRB5_KEYUSAGE_TGS_REQ_AUTH, 0,
-				 &request->authenticator, &scratch))) {
-	free(scratch.data);
-	return(retval);
+                                 is_ap_req?KRB5_KEYUSAGE_AP_REQ_AUTH:
+                                 KRB5_KEYUSAGE_TGS_REQ_AUTH, 0,
+                                 &request->authenticator, &scratch))) {
+        free(scratch.data);
+        return(retval);
     }
 
-#define clean_scratch() {memset(scratch.data, 0, scratch.length); \
-free(scratch.data);}
+#define clean_scratch() {memset(scratch.data, 0, scratch.length);       \
+        free(scratch.data);}
 
     /*  now decode the decrypted stuff */
     if (!(retval = decode_krb5_authenticator(&scratch, &local_auth))) {
-	*authpp = local_auth;
-	debug_log_authz_data("authenticator", local_auth->authorization_data);
+        *authpp = local_auth;
+        debug_log_authz_data("authenticator", local_auth->authorization_data);
     }
     clean_scratch();
     return retval;
@@ -628,12 +629,12 @@ free(scratch.data);}
 
 static krb5_error_code
 negotiate_etype(krb5_context context,
-		const krb5_enctype *desired_etypes,
-		int desired_etypes_len,
-		int mandatory_etypes_index,
-		const krb5_enctype *permitted_etypes,
-		int permitted_etypes_len,
-		krb5_enctype *negotiated_etype)
+                const krb5_enctype *desired_etypes,
+                int desired_etypes_len,
+                int mandatory_etypes_index,
+                const krb5_enctype *permitted_etypes,
+                int permitted_etypes_len,
+                krb5_enctype *negotiated_etype)
 {
     int i, j;
 
@@ -641,26 +642,26 @@ negotiate_etype(krb5_context context,
 
     /* mandatory segment of desired_etypes must be permitted */
     for (i = mandatory_etypes_index; i < desired_etypes_len; i++) {
-	krb5_boolean permitted = FALSE;
-
-	for (j = 0; j < permitted_etypes_len; j++) {
-	    if (desired_etypes[i] == permitted_etypes[j]) {
-		permitted = TRUE;
-		break;
-	    }
-	}
-
-	if (permitted == FALSE) {
-	    char enctype_name[30];
-
-	    if (krb5_enctype_to_string(desired_etypes[i],
-				       enctype_name,
-				       sizeof(enctype_name)) == 0)
-		krb5_set_error_message(context, KRB5_NOPERM_ETYPE,
-				       "Encryption type %s not permitted",
-				       enctype_name);
-		return KRB5_NOPERM_ETYPE;
-	}
+        krb5_boolean permitted = FALSE;
+
+        for (j = 0; j < permitted_etypes_len; j++) {
+            if (desired_etypes[i] == permitted_etypes[j]) {
+                permitted = TRUE;
+                break;
+            }
+        }
+
+        if (permitted == FALSE) {
+            char enctype_name[30];
+
+            if (krb5_enctype_to_string(desired_etypes[i],
+                                       enctype_name,
+                                       sizeof(enctype_name)) == 0)
+                krb5_set_error_message(context, KRB5_NOPERM_ETYPE,
+                                       "Encryption type %s not permitted",
+                                       enctype_name);
+            return KRB5_NOPERM_ETYPE;
+        }
     }
 
     /*
@@ -668,12 +669,12 @@ negotiate_etype(krb5_context context,
      * find first desired_etype that matches.
      */
     for (j = 0; j < permitted_etypes_len; j++) {
-	for (i = 0; i < desired_etypes_len; i++) {
-	    if (desired_etypes[i] == permitted_etypes[j]) {
-		*negotiated_etype = permitted_etypes[j];
-		return 0;
-	    }
-	}
+        for (i = 0; i < desired_etypes_len; i++) {
+            if (desired_etypes[i] == permitted_etypes[j]) {
+                *negotiated_etype = permitted_etypes[j];
+                return 0;
+            }
+        }
     }
 
     /*NOTREACHED*/
@@ -682,9 +683,9 @@ negotiate_etype(krb5_context context,
 
 static krb5_error_code
 decode_etype_list(krb5_context context,
-		  const krb5_authenticator *authp,
-		  krb5_enctype **desired_etypes,
-		  int *desired_etypes_len)
+                  const krb5_authenticator *authp,
+                  krb5_enctype **desired_etypes,
+                  int *desired_etypes_len)
 {
     krb5_error_code code;
     krb5_authdata **ad_if_relevant = NULL;
@@ -696,59 +697,58 @@ decode_etype_list(krb5_context context,
     *desired_etypes = NULL;
 
     if (authp->authorization_data == NULL)
-	return 0;
+        return 0;
 
     /*
      * RFC 4537 says that ETYPE_NEGOTIATION auth data should be wrapped
      * in AD_IF_RELEVANT, but we handle the case where it is mandatory.
      */
     for (i = 0; authp->authorization_data[i] != NULL; i++) {
-	switch (authp->authorization_data[i]->ad_type) {
-	case KRB5_AUTHDATA_IF_RELEVANT:
-	    code = krb5_decode_authdata_container(context,
-						  KRB5_AUTHDATA_IF_RELEVANT,
-						  authp->authorization_data[i],
-						  &ad_if_relevant);
-	    if (code != 0)
-		continue;
-
-	    for (j = 0; ad_if_relevant[j] != NULL; j++) {
-		if (ad_if_relevant[j]->ad_type == KRB5_AUTHDATA_ETYPE_NEGOTIATION) {
-		    etype_adata = ad_if_relevant[j];
-		    break;
-		}
-	    }
-	    if (etype_adata == NULL) {
-		krb5_free_authdata(context, ad_if_relevant);
-		ad_if_relevant = NULL;
-	    }
-	    break;
-	case KRB5_AUTHDATA_ETYPE_NEGOTIATION:
-	    etype_adata = authp->authorization_data[i];
-	    break;
-	default:
-	    break;
-	}
-	if (etype_adata != NULL)
-	    break;
+        switch (authp->authorization_data[i]->ad_type) {
+        case KRB5_AUTHDATA_IF_RELEVANT:
+            code = krb5_decode_authdata_container(context,
+                                                  KRB5_AUTHDATA_IF_RELEVANT,
+                                                  authp->authorization_data[i],
+                                                  &ad_if_relevant);
+            if (code != 0)
+                continue;
+
+            for (j = 0; ad_if_relevant[j] != NULL; j++) {
+                if (ad_if_relevant[j]->ad_type == KRB5_AUTHDATA_ETYPE_NEGOTIATION) {
+                    etype_adata = ad_if_relevant[j];
+                    break;
+                }
+            }
+            if (etype_adata == NULL) {
+                krb5_free_authdata(context, ad_if_relevant);
+                ad_if_relevant = NULL;
+            }
+            break;
+        case KRB5_AUTHDATA_ETYPE_NEGOTIATION:
+            etype_adata = authp->authorization_data[i];
+            break;
+        default:
+            break;
+        }
+        if (etype_adata != NULL)
+            break;
     }
 
     if (etype_adata == NULL)
-	return 0;
+        return 0;
 
     data.data = (char *)etype_adata->contents;
     data.length = etype_adata->length;
 
     code = decode_krb5_etype_list(&data, &etype_list);
     if (code == 0) {
-	*desired_etypes = etype_list->etypes;
-	*desired_etypes_len = etype_list->length;
-	free(etype_list);
+        *desired_etypes = etype_list->etypes;
+        *desired_etypes_len = etype_list->length;
+        free(etype_list);
     }
 
     if (ad_if_relevant != NULL)
-	krb5_free_authdata(context, ad_if_relevant);
+        krb5_free_authdata(context, ad_if_relevant);
 
     return code;
 }
-
diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index 68c13317c..924cb9fc2 100644
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/rd_safe.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_rd_safe()
  */
@@ -32,27 +33,27 @@
 #include "auth_con.h"
 
 /*
- parses a KRB_SAFE message from inbuf, placing the integrity-protected user
- data in *outbuf.
+  parses a KRB_SAFE message from inbuf, placing the integrity-protected user
+  data in *outbuf.
 
- key specifies the key to be used for decryption of the message.
- 
- sender_addr and recv_addr specify the full addresses (host and port) of
- the sender and receiver.
+  key specifies the key to be used for decryption of the message.
 
- outbuf points to allocated storage which the caller should free when finished.
+  sender_addr and recv_addr specify the full addresses (host and port) of
+  the sender and receiver.
 
- returns system errors, integrity errors
- */
+  outbuf points to allocated storage which the caller should free when finished.
+
+  returns system errors, integrity errors
+*/
 static krb5_error_code
 krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf,
-		   krb5_key key,
-		   const krb5_address *recv_addr,
-		   const krb5_address *sender_addr,
-		   krb5_replay_data *replaydata, krb5_data *outbuf)
+                   krb5_key key,
+                   const krb5_address *recv_addr,
+                   const krb5_address *sender_addr,
+                   krb5_replay_data *replaydata, krb5_data *outbuf)
 {
-    krb5_error_code 	  retval;
-    krb5_safe 		* message;
+    krb5_error_code       retval;
+    krb5_safe           * message;
     krb5_data safe_body;
     krb5_checksum our_cksum, *his_cksum;
     krb5_octet zero_octet = 0;
@@ -61,45 +62,45 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf,
     struct krb5_safe_with_body swb;
 
     if (!krb5_is_krb_safe(inbuf))
-	return KRB5KRB_AP_ERR_MSG_TYPE;
+        return KRB5KRB_AP_ERR_MSG_TYPE;
 
     if ((retval = decode_krb5_safe_with_body(inbuf, &message, &safe_body)))
-	return retval;
+        return retval;
 
     if (!krb5_c_valid_cksumtype(message->checksum->checksum_type)) {
-	retval = KRB5_PROG_SUMTYPE_NOSUPP;
-	goto cleanup;
+        retval = KRB5_PROG_SUMTYPE_NOSUPP;
+        goto cleanup;
     }
     if (!krb5_c_is_coll_proof_cksum(message->checksum->checksum_type) ||
-	!krb5_c_is_keyed_cksum(message->checksum->checksum_type)) {
-	retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
-	goto cleanup;
+        !krb5_c_is_keyed_cksum(message->checksum->checksum_type)) {
+        retval = KRB5KRB_AP_ERR_INAPP_CKSUM;
+        goto cleanup;
     }
 
     if (!krb5_address_compare(context, sender_addr, message->s_address)) {
-	retval = KRB5KRB_AP_ERR_BADADDR;
-	goto cleanup;
+        retval = KRB5KRB_AP_ERR_BADADDR;
+        goto cleanup;
     }
 
     if (message->r_address) {
-	if (recv_addr) {
-	    if (!krb5_address_compare(context, recv_addr, message->r_address)) {
-		retval = KRB5KRB_AP_ERR_BADADDR;
-		goto cleanup;
-	    }
-	} else {
-	    krb5_address **our_addrs;
-	
-	    if ((retval = krb5_os_localaddr(context, &our_addrs)))
-		goto cleanup;
-	    
-	    if (!krb5_address_search(context, message->r_address, our_addrs)) {
-		krb5_free_addresses(context, our_addrs);
-		retval = KRB5KRB_AP_ERR_BADADDR;
-		goto cleanup;
-	    }
-	    krb5_free_addresses(context, our_addrs);
-	}
+        if (recv_addr) {
+            if (!krb5_address_compare(context, recv_addr, message->r_address)) {
+                retval = KRB5KRB_AP_ERR_BADADDR;
+                goto cleanup;
+            }
+        } else {
+            krb5_address **our_addrs;
+
+            if ((retval = krb5_os_localaddr(context, &our_addrs)))
+                goto cleanup;
+
+            if (!krb5_address_search(context, message->r_address, our_addrs)) {
+                krb5_free_addresses(context, our_addrs);
+                retval = KRB5KRB_AP_ERR_BADADDR;
+                goto cleanup;
+            }
+            krb5_free_addresses(context, our_addrs);
+        }
     }
 
     /* verify the checksum */
@@ -122,27 +123,27 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf,
     retval = encode_krb5_safe_with_body(&swb, &scratch);
     message->checksum = his_cksum;
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = krb5_k_verify_checksum(context, key,
-				    KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
-				    scratch, his_cksum, &valid);
+                                    KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
+                                    scratch, his_cksum, &valid);
 
     (void) memset(scratch->data, 0, scratch->length);
     krb5_free_data(context, scratch);
-    
+
     if (!valid) {
-	/*
-	 * Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in
-	 * case someone actually implements it correctly.
-	 */
-	retval = krb5_k_verify_checksum(context, key,
-					KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
-					&safe_body, his_cksum, &valid);
-	if (!valid) {
-	    retval = KRB5KRB_AP_ERR_MODIFIED;
-	    goto cleanup;
-	}
+        /*
+         * Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in
+         * case someone actually implements it correctly.
+         */
+        retval = krb5_k_verify_checksum(context, key,
+                                        KRB5_KEYUSAGE_KRB_SAFE_CKSUM,
+                                        &safe_body, his_cksum, &valid);
+        if (!valid) {
+            retval = KRB5KRB_AP_ERR_MODIFIED;
+            goto cleanup;
+        }
     }
 
     replaydata->timestamp = message->timestamp;
@@ -152,7 +153,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf,
     *outbuf = message->user_data;
     message->user_data.data = NULL;
     retval = 0;
-    
+
 cleanup:
     krb5_free_safe(context, message);
     return retval;
@@ -160,114 +161,114 @@ cleanup:
 
 krb5_error_code KRB5_CALLCONV
 krb5_rd_safe(krb5_context context, krb5_auth_context auth_context,
-	     const krb5_data *inbuf, krb5_data *outbuf,
-	     krb5_replay_data *outdata)
+             const krb5_data *inbuf, krb5_data *outbuf,
+             krb5_replay_data *outdata)
 {
-    krb5_error_code 	  retval;
-    krb5_key		  key;
-    krb5_replay_data	  replaydata;
+    krb5_error_code       retval;
+    krb5_key              key;
+    krb5_replay_data      replaydata;
 
     if (((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
-      (outdata == NULL)) 
-	/* Need a better error */
-	return KRB5_RC_REQUIRED;
+         (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
+        (outdata == NULL))
+        /* Need a better error */
+        return KRB5_RC_REQUIRED;
 
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) &&
-      (auth_context->rcache == NULL)) 
-	return KRB5_RC_REQUIRED;
+        (auth_context->rcache == NULL))
+        return KRB5_RC_REQUIRED;
 
     if (!auth_context->remote_addr)
-	return KRB5_REMOTE_ADDR_REQUIRED;
+        return KRB5_REMOTE_ADDR_REQUIRED;
 
     /* Get key */
     if ((key = auth_context->recv_subkey) == NULL)
-	key = auth_context->key;
+        key = auth_context->key;
+
+    {
+        krb5_address * premote_fulladdr;
+        krb5_address * plocal_fulladdr = NULL;
+        krb5_address remote_fulladdr;
+        krb5_address local_fulladdr;
+        CLEANUP_INIT(2);
+
+        if (auth_context->local_addr) {
+            if (auth_context->local_port) {
+                if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
+                                                  auth_context->local_port,
+                                                  &local_fulladdr))){
+                    CLEANUP_PUSH(local_fulladdr.contents, free);
+                    plocal_fulladdr = &local_fulladdr;
+                } else {
+                    return retval;
+                }
+            } else {
+                plocal_fulladdr = auth_context->local_addr;
+            }
+        }
 
-{
-    krb5_address * premote_fulladdr;
-    krb5_address * plocal_fulladdr = NULL;
-    krb5_address remote_fulladdr;
-    krb5_address local_fulladdr;
-    CLEANUP_INIT(2);
-
-    if (auth_context->local_addr) {
-    	if (auth_context->local_port) {
-            if (!(retval = krb5_make_fulladdr(context, auth_context->local_addr,
-                                 	      auth_context->local_port, 
-					      &local_fulladdr))){
-                CLEANUP_PUSH(local_fulladdr.contents, free);
-	        plocal_fulladdr = &local_fulladdr;
+        if (auth_context->remote_port) {
+            if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
+                                              auth_context->remote_port,
+                                              &remote_fulladdr))){
+                CLEANUP_PUSH(remote_fulladdr.contents, free);
+                premote_fulladdr = &remote_fulladdr;
             } else {
-	        return retval;
+                return retval;
             }
-	} else {
-            plocal_fulladdr = auth_context->local_addr;
+        } else {
+            premote_fulladdr = auth_context->remote_addr;
         }
-    }
 
-    if (auth_context->remote_port) {
-	if (!(retval = krb5_make_fulladdr(context,auth_context->remote_addr,
-					  auth_context->remote_port, 
-					  &remote_fulladdr))){
-	    CLEANUP_PUSH(remote_fulladdr.contents, free);
-	    premote_fulladdr = &remote_fulladdr;
-	} else {
-	    return retval;
-	}
-    } else {
-	premote_fulladdr = auth_context->remote_addr;
-    }
+        memset(&replaydata, 0, sizeof(replaydata));
+        if ((retval = krb5_rd_safe_basic(context, inbuf, key,
+                                         plocal_fulladdr, premote_fulladdr,
+                                         &replaydata, outbuf))) {
+            CLEANUP_DONE();
+            return retval;
+        }
 
-    memset(&replaydata, 0, sizeof(replaydata));
-    if ((retval = krb5_rd_safe_basic(context, inbuf, key,
-				     plocal_fulladdr, premote_fulladdr,
-				     &replaydata, outbuf))) {
-	CLEANUP_DONE();
-	return retval;
+        CLEANUP_DONE();
     }
 
-    CLEANUP_DONE();
-}
-
 
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) {
-	krb5_donot_replay replay;
-
-	if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
-	    goto error;
-
-	if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr, 
-					   "_safe", &replay.client)))
-	    goto error;
-
-	replay.server = "";		/* XXX */
-	replay.msghash = NULL;
-	replay.cusec = replaydata.usec;
-	replay.ctime = replaydata.timestamp;
-	if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
-	    free(replay.client);
-	    goto error;
-	}
-	free(replay.client);
+        krb5_donot_replay replay;
+
+        if ((retval = krb5int_check_clockskew(context, replaydata.timestamp)))
+            goto error;
+
+        if ((retval = krb5_gen_replay_name(context, auth_context->remote_addr,
+                                           "_safe", &replay.client)))
+            goto error;
+
+        replay.server = "";             /* XXX */
+        replay.msghash = NULL;
+        replay.cusec = replaydata.usec;
+        replay.ctime = replaydata.timestamp;
+        if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) {
+            free(replay.client);
+            goto error;
+        }
+        free(replay.client);
     }
 
     if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-	if (!krb5int_auth_con_chkseqnum(context, auth_context,
-					replaydata.seq)) {
-	    retval =  KRB5KRB_AP_ERR_BADORDER;
-	    goto error;
-	}
-	auth_context->remote_seq_number++;
+        if (!krb5int_auth_con_chkseqnum(context, auth_context,
+                                        replaydata.seq)) {
+            retval =  KRB5KRB_AP_ERR_BADORDER;
+            goto error;
+        }
+        auth_context->remote_seq_number++;
     }
 
     if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_TIME) ||
-      (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
-	outdata->timestamp = replaydata.timestamp;
-	outdata->usec = replaydata.usec;
-	outdata->seq = replaydata.seq;
+        (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) {
+        outdata->timestamp = replaydata.timestamp;
+        outdata->usec = replaydata.usec;
+        outdata->seq = replaydata.seq;
     }
-	
+
     /* everything is ok - return data to the user */
     return 0;
 
@@ -276,4 +277,3 @@ error:
     return retval;
 
 }
-
diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c
index 611546aa5..90746ba5c 100644
--- a/src/lib/krb5/krb/recvauth.c
+++ b/src/lib/krb5/krb/recvauth.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/recvauth.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * convenience sendauth/recvauth functions
  */
@@ -38,79 +39,79 @@ static const char sendauth_version[] = "KRB5_SENDAUTH_V1.0";
 
 static krb5_error_code
 recvauth_common(krb5_context context,
-		krb5_auth_context * auth_context,
-		/* IN */
-		krb5_pointer fd,
-		char *appl_version,
-		krb5_principal server,
-		krb5_int32 flags,
-		krb5_keytab keytab,
-		/* OUT */
-		krb5_ticket ** ticket,
-		krb5_data *version)
+                krb5_auth_context * auth_context,
+                /* IN */
+                krb5_pointer fd,
+                char *appl_version,
+                krb5_principal server,
+                krb5_int32 flags,
+                krb5_keytab keytab,
+                /* OUT */
+                krb5_ticket ** ticket,
+                krb5_data *version)
 {
-    krb5_auth_context	  new_auth_context;
-    krb5_flags		  ap_option = 0;
-    krb5_error_code	  retval, problem;
-    krb5_data		  inbuf;
-    krb5_data		  outbuf;
-    krb5_rcache 	  rcache = 0;
-    krb5_octet		  response;
-    krb5_data		  null_server;
+    krb5_auth_context     new_auth_context;
+    krb5_flags            ap_option = 0;
+    krb5_error_code       retval, problem;
+    krb5_data             inbuf;
+    krb5_data             outbuf;
+    krb5_rcache           rcache = 0;
+    krb5_octet            response;
+    krb5_data             null_server;
     int                   need_error_free = 0;
-    int			  local_rcache = 0, local_authcon = 0;
-	
-	/*
-	 * Zero out problem variable.  If problem is set at the end of
-	 * the intial version negotiation section, it means that we
-	 * need to send an error code back to the client application
-	 * and exit.
-	 */
-	problem = 0;
-	response = 0;
-
-	if (!(flags & KRB5_RECVAUTH_SKIP_VERSION)) {
-	    /*
-	     * First read the sendauth version string and check it.
-	     */
-	    if ((retval = krb5_read_message(context, fd, &inbuf)))
-		return(retval);
-	    if (strcmp(inbuf.data, sendauth_version)) {
-		problem = KRB5_SENDAUTH_BADAUTHVERS;
-		response = 1;
-	    }
-	    free(inbuf.data);
-	}
-	if (flags & KRB5_RECVAUTH_BADAUTHVERS) {
-	    problem = KRB5_SENDAUTH_BADAUTHVERS;
-	    response = 1;
-	}
-	
-	/*
-	 * Do the same thing for the application version string.
-	 */
-	if ((retval = krb5_read_message(context, fd, &inbuf)))
-		return(retval);
-	if (appl_version && strcmp(inbuf.data, appl_version)) {
-		if (!problem) {
-			problem = KRB5_SENDAUTH_BADAPPLVERS;
-			response = 2;
-		}
-	}
-	if (version && !problem)
-	    *version = inbuf;
-	else
-	    free(inbuf.data);
-
-	/*
-	 * Now we actually write the response.  If the response is non-zero,
-	 * exit with a return value of problem
-	 */
-	if ((krb5_net_write(context, *((int *)fd), (char *)&response, 1)) < 0) {
-		return(problem); /* We'll return the top-level problem */
-	}
-	if (problem)
-	    return(problem);
+    int                   local_rcache = 0, local_authcon = 0;
+
+    /*
+     * Zero out problem variable.  If problem is set at the end of
+     * the intial version negotiation section, it means that we
+     * need to send an error code back to the client application
+     * and exit.
+     */
+    problem = 0;
+    response = 0;
+
+    if (!(flags & KRB5_RECVAUTH_SKIP_VERSION)) {
+        /*
+         * First read the sendauth version string and check it.
+         */
+        if ((retval = krb5_read_message(context, fd, &inbuf)))
+            return(retval);
+        if (strcmp(inbuf.data, sendauth_version)) {
+            problem = KRB5_SENDAUTH_BADAUTHVERS;
+            response = 1;
+        }
+        free(inbuf.data);
+    }
+    if (flags & KRB5_RECVAUTH_BADAUTHVERS) {
+        problem = KRB5_SENDAUTH_BADAUTHVERS;
+        response = 1;
+    }
+
+    /*
+     * Do the same thing for the application version string.
+     */
+    if ((retval = krb5_read_message(context, fd, &inbuf)))
+        return(retval);
+    if (appl_version && strcmp(inbuf.data, appl_version)) {
+        if (!problem) {
+            problem = KRB5_SENDAUTH_BADAPPLVERS;
+            response = 2;
+        }
+    }
+    if (version && !problem)
+        *version = inbuf;
+    else
+        free(inbuf.data);
+
+    /*
+     * Now we actually write the response.  If the response is non-zero,
+     * exit with a return value of problem
+     */
+    if ((krb5_net_write(context, *((int *)fd), (char *)&response, 1)) < 0) {
+        return(problem); /* We'll return the top-level problem */
+    }
+    if (problem)
+        return(problem);
 
     /* We are clear of errors here */
 
@@ -121,9 +122,9 @@ recvauth_common(krb5_context context,
         return retval;
 
     if (*auth_context == NULL) {
-	problem = krb5_auth_con_init(context, &new_auth_context);
-	*auth_context = new_auth_context;
-	local_authcon = 1;
+        problem = krb5_auth_con_init(context, &new_auth_context);
+        *auth_context = new_auth_context;
+        local_authcon = 1;
     }
     krb5_auth_con_getrcache(context, *auth_context, &rcache);
     if ((!problem) && rcache == NULL) {
@@ -131,93 +132,93 @@ recvauth_common(krb5_context context,
          * Setup the replay cache.
          */
         if (server) {
-            problem = krb5_get_server_rcache(context, 
-			krb5_princ_component(context, server, 0), &rcache);
+            problem = krb5_get_server_rcache(context,
+                                             krb5_princ_component(context, server, 0), &rcache);
         } else {
-    	    null_server.length = 7;
-    	    null_server.data = "default";
-    	    problem = krb5_get_server_rcache(context, &null_server, &rcache);
+            null_server.length = 7;
+            null_server.data = "default";
+            problem = krb5_get_server_rcache(context, &null_server, &rcache);
         }
-        if (!problem) 
-	    problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
-	local_rcache = 1;
+        if (!problem)
+            problem = krb5_auth_con_setrcache(context, *auth_context, rcache);
+        local_rcache = 1;
     }
     if (!problem) {
-	problem = krb5_rd_req(context, auth_context, &inbuf, server,
-			      keytab, &ap_option, ticket);
-	free(inbuf.data);
+        problem = krb5_rd_req(context, auth_context, &inbuf, server,
+                              keytab, &ap_option, ticket);
+        free(inbuf.data);
     }
-	
+
     /*
      * If there was a problem, send back a krb5_error message,
      * preceeded by the length of the krb5_error message.  If
      * everything's ok, send back 0 for the length.
      */
     if (problem) {
-	krb5_error	error;
-	const	char *message;
-
-	memset(&error, 0, sizeof(error));
-	krb5_us_timeofday(context, &error.stime, &error.susec);
-	if(server) 
-		error.server = server;
-	else {
-		/* If this fails - ie. ENOMEM we are hosed
-		   we cannot even send the error if we wanted to... */
-		(void) krb5_parse_name(context, "????", &error.server);
-		need_error_free = 1;
-	}
-
-	error.error = problem - ERROR_TABLE_BASE_krb5;
-	if (error.error > 127)
-		error.error = KRB_ERR_GENERIC;
-	message = error_message(problem);
-	error.text.length  = strlen(message) + 1;
-	error.text.data = strdup(message);
-	if (!error.text.data) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	if ((retval = krb5_mk_error(context, &error, &outbuf))) {
-	    free(error.text.data);
-	    goto cleanup;
-	}
-	free(error.text.data);
-	if(need_error_free) 
-		krb5_free_principal(context, error.server);
+        krb5_error      error;
+        const   char *message;
+
+        memset(&error, 0, sizeof(error));
+        krb5_us_timeofday(context, &error.stime, &error.susec);
+        if(server)
+            error.server = server;
+        else {
+            /* If this fails - ie. ENOMEM we are hosed
+               we cannot even send the error if we wanted to... */
+            (void) krb5_parse_name(context, "????", &error.server);
+            need_error_free = 1;
+        }
+
+        error.error = problem - ERROR_TABLE_BASE_krb5;
+        if (error.error > 127)
+            error.error = KRB_ERR_GENERIC;
+        message = error_message(problem);
+        error.text.length  = strlen(message) + 1;
+        error.text.data = strdup(message);
+        if (!error.text.data) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        if ((retval = krb5_mk_error(context, &error, &outbuf))) {
+            free(error.text.data);
+            goto cleanup;
+        }
+        free(error.text.data);
+        if(need_error_free)
+            krb5_free_principal(context, error.server);
 
     } else {
-	outbuf.length = 0;
-	outbuf.data = 0;
+        outbuf.length = 0;
+        outbuf.data = 0;
     }
 
     retval = krb5_write_message(context, fd, &outbuf);
     if (outbuf.data) {
-	free(outbuf.data);
-    	/* We sent back an error, we need cleanup then return */
-    	retval = problem;
-    	goto cleanup;
+        free(outbuf.data);
+        /* We sent back an error, we need cleanup then return */
+        retval = problem;
+        goto cleanup;
     }
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     /* Here lies the mutual authentication stuff... */
     if ((ap_option & AP_OPTS_MUTUAL_REQUIRED)) {
-	if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) {
-	    return(retval);
-	}
-	retval = krb5_write_message(context, fd, &outbuf);
-	free(outbuf.data);
+        if ((retval = krb5_mk_rep(context, *auth_context, &outbuf))) {
+            return(retval);
+        }
+        retval = krb5_write_message(context, fd, &outbuf);
+        free(outbuf.data);
     }
 
 cleanup:;
     if (retval) {
-	if (local_authcon) {
-	    krb5_auth_con_free(context, *auth_context);
-	} else if (local_rcache && rcache != NULL) {
-	    krb5_rc_close(context, rcache);
-	    krb5_auth_con_setrcache(context, *auth_context, NULL);
-	}
+        if (local_authcon) {
+            krb5_auth_con_free(context, *auth_context);
+        } else if (local_rcache && rcache != NULL) {
+            krb5_rc_close(context, rcache);
+            krb5_auth_con_setrcache(context, *auth_context, NULL);
+        }
     }
     return retval;
 }
@@ -226,21 +227,21 @@ krb5_error_code KRB5_CALLCONV
 krb5_recvauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer fd, char *appl_version, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket **ticket)
 {
     return recvauth_common (context, auth_context, fd, appl_version,
-			    server, flags, keytab, ticket, 0);
+                            server, flags, keytab, ticket, 0);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_recvauth_version(krb5_context context,
-		      krb5_auth_context *auth_context,
-		      /* IN */
-		      krb5_pointer fd,
-		      krb5_principal server,
-		      krb5_int32 flags,
-		      krb5_keytab keytab,
-		      /* OUT */
-		      krb5_ticket **ticket,
-		      krb5_data *version)
+                      krb5_auth_context *auth_context,
+                      /* IN */
+                      krb5_pointer fd,
+                      krb5_principal server,
+                      krb5_int32 flags,
+                      krb5_keytab keytab,
+                      /* OUT */
+                      krb5_ticket **ticket,
+                      krb5_data *version)
 {
     return recvauth_common (context, auth_context, fd, 0,
-			    server, flags, keytab, ticket, version);
+                            server, flags, keytab, ticket, version);
 }
diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
index a7e519902..473386576 100644
--- a/src/lib/krb5/krb/s4u_creds.c
+++ b/src/lib/krb5/krb/s4u_creds.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/s4u_creds.c
  *
@@ -79,7 +79,7 @@ s4u_identify_user(krb5_context context,
 
     if (in_creds->client != NULL &&
         krb5_princ_type(context, in_creds->client) !=
-            KRB5_NT_ENTERPRISE_PRINCIPAL)
+        KRB5_NT_ENTERPRISE_PRINCIPAL)
         /* we already know the realm of the user */
         return krb5_copy_principal(context, in_creds->client, canon_user);
 
@@ -420,7 +420,7 @@ verify_s4u2self_reply(krb5_context context,
     if (not_newer) {
         if (enc_s4u_padata == NULL) {
             if (rep_s4u_user->user_id.options &
-                    KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE) {
+                KRB5_S4U_OPTS_USE_REPLY_KEY_USAGE) {
                 code = KRB5_KDCREP_MODIFIED;
                 goto cleanup;
             }
diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index eee47ed57..398855009 100644
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/send_tgs.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_send_tgs()
  */
@@ -30,27 +31,27 @@
 #include "k5-int.h"
 
 /*
-Constructs a TGS request
- options is used for the options in the KRB_TGS_REQ.
- timestruct values are used for from, till, rtime " " "
- enctype is used for enctype " " ", and to encrypt the authorization data, 
- sname is used for sname " " "
- addrs, if non-NULL, is used for addresses " " "
- authorization_dat, if non-NULL, is used for authorization_dat " " "
- second_ticket, if required by options, is used for the 2nd ticket in the req.
- in_cred is used for the ticket & session key in the KRB_AP_REQ header " " "
- (the KDC realm is extracted from in_cred->server's realm)
- 
- The response is placed into *rep.
- rep->response.data is set to point at allocated storage which should be
- freed by the caller when finished.
-
- returns system errors
- */
-static krb5_error_code 
+  Constructs a TGS request
+  options is used for the options in the KRB_TGS_REQ.
+  timestruct values are used for from, till, rtime " " "
+  enctype is used for enctype " " ", and to encrypt the authorization data,
+  sname is used for sname " " "
+  addrs, if non-NULL, is used for addresses " " "
+  authorization_dat, if non-NULL, is used for authorization_dat " " "
+  second_ticket, if required by options, is used for the 2nd ticket in the req.
+  in_cred is used for the ticket & session key in the KRB_AP_REQ header " " "
+  (the KDC realm is extracted from in_cred->server's realm)
+
+  The response is placed into *rep.
+  rep->response.data is set to point at allocated storage which should be
+  freed by the caller when finished.
+
+  returns system errors
+*/
+static krb5_error_code
 tgs_construct_tgsreq(krb5_context context, krb5_data *in_data,
-            krb5_creds *in_cred, krb5_data *outbuf, krb5_keyblock *subkey)
-{   
+                     krb5_creds *in_cred, krb5_data *outbuf, krb5_keyblock *subkey)
+{
     krb5_cksumtype cksumtype;
     krb5_error_code       retval;
     krb5_checksum         checksum;
@@ -70,19 +71,19 @@ tgs_construct_tgsreq(krb5_context context, krb5_data *in_data,
     case ENCTYPE_DES_CBC_MD5:
     case ENCTYPE_ARCFOUR_HMAC:
     case ENCTYPE_ARCFOUR_HMAC_EXP:
-	cksumtype = context->kdc_req_sumtype;
-	break;
+        cksumtype = context->kdc_req_sumtype;
+        break;
     default:
-	retval = krb5int_c_mandatory_cksumtype(context, in_cred->keyblock.enctype, &cksumtype);
-	if (retval)
-	    goto cleanup;
+        retval = krb5int_c_mandatory_cksumtype(context, in_cred->keyblock.enctype, &cksumtype);
+        if (retval)
+            goto cleanup;
     }
 
     /* Generate checksum */
     if ((retval = krb5_c_make_checksum(context, cksumtype,
-                       &in_cred->keyblock,
-                       KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
-                       in_data, &checksum))) {
+                                       &in_cred->keyblock,
+                                       KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                       in_data, &checksum))) {
         free(checksum.contents);
         goto cleanup;
     }
@@ -94,7 +95,7 @@ tgs_construct_tgsreq(krb5_context context, krb5_data *in_data,
     authent.client = in_cred->client;
     authent.authorization_data = in_cred->authdata;
     if ((retval = krb5_us_timeofday(context, &authent.ctime,
-                                    &authent.cusec))) 
+                                    &authent.cusec)))
         goto cleanup;
 
 
@@ -110,10 +111,10 @@ tgs_construct_tgsreq(krb5_context context, krb5_data *in_data,
         /* Cleanup scratch and scratch data */
         goto cleanup;
 
-    /* call the encryption routine */ 
+    /* call the encryption routine */
     if ((retval = krb5_encrypt_helper(context, &in_cred->keyblock,
-                      KRB5_KEYUSAGE_TGS_REQ_AUTH,
-                      scratch, &request.authenticator)))
+                                      KRB5_KEYUSAGE_TGS_REQ_AUTH,
+                                      scratch, &request.authenticator)))
         goto cleanup;
 
     if (!(retval = encode_krb5_ap_req(&request, &toutbuf))) {
@@ -132,7 +133,7 @@ cleanup:
     if (request.ticket)
         krb5_free_ticket(context, request.ticket);
 
-    if (scratch != NULL && scratch->data != NULL) { 
+    if (scratch != NULL && scratch->data != NULL) {
         zap(scratch->data,  scratch->length);
         free(scratch->data);
     }
@@ -148,17 +149,17 @@ cleanup:
  */
 krb5_error_code
 krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
-          const krb5_ticket_times *timestruct, const krb5_enctype *ktypes,
-          krb5_const_principal sname, krb5_address *const *addrs,
-          krb5_authdata *const *authorization_data,
-          krb5_pa_data *const *padata, const krb5_data *second_ticket,
-          krb5_creds *in_cred,
-          krb5_error_code (*pacb_fct)(krb5_context,
-                                      krb5_keyblock *,
-                                      krb5_kdc_req *,
-                                      void *),
-          void *pacb_data,
-          krb5_response *rep, krb5_keyblock **subkey)
+                 const krb5_ticket_times *timestruct, const krb5_enctype *ktypes,
+                 krb5_const_principal sname, krb5_address *const *addrs,
+                 krb5_authdata *const *authorization_data,
+                 krb5_pa_data *const *padata, const krb5_data *second_ticket,
+                 krb5_creds *in_cred,
+                 krb5_error_code (*pacb_fct)(krb5_context,
+                                             krb5_keyblock *,
+                                             krb5_kdc_req *,
+                                             void *),
+                 void *pacb_data,
+                 krb5_response *rep, krb5_keyblock **subkey)
 {
     krb5_error_code retval;
     krb5_kdc_req tgsreq;
@@ -174,7 +175,7 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
     assert (subkey != NULL);
     *subkey  = NULL;
 
-    /* 
+    /*
      * in_creds MUST be a valid credential NOT just a partially filled in
      * place holder for us to get credentials for the caller.
      */
@@ -196,31 +197,31 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
     rep->expected_nonce = tgsreq.nonce = (krb5_int32) time_now;
     rep->request_time = time_now;
     rep->message_type = KRB5_ERROR;  /*caller only uses the response
-                                      * element on successful return*/ 
+                                      * element on successful return*/
 
     tgsreq.addresses = (krb5_address **) addrs;
 
     /* Generate subkey*/
     if ((retval = krb5_generate_subkey( context, &in_cred->keyblock,
-                    &local_subkey)) != 0)
+                                        &local_subkey)) != 0)
         return retval;
 
     if (authorization_data) {
-    /* need to encrypt it in the request */
+        /* need to encrypt it in the request */
 
-    if ((retval = encode_krb5_authdata(authorization_data, &scratch)))
-        goto send_tgs_error_1;
+        if ((retval = encode_krb5_authdata(authorization_data, &scratch)))
+            goto send_tgs_error_1;
 
-    if ((retval = krb5_encrypt_helper(context, local_subkey,
-                      KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
-                      scratch,
-                      &tgsreq.authorization_data))) {
-        free(tgsreq.authorization_data.ciphertext.data);
-        krb5_free_data(context, scratch);
-        goto send_tgs_error_1;
-    }
+        if ((retval = krb5_encrypt_helper(context, local_subkey,
+                                          KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
+                                          scratch,
+                                          &tgsreq.authorization_data))) {
+            free(tgsreq.authorization_data.ciphertext.data);
+            krb5_free_data(context, scratch);
+            goto send_tgs_error_1;
+        }
 
-    krb5_free_data(context, scratch);
+        krb5_free_data(context, scratch);
     }
 
     /* Get the encryption types list */
@@ -255,7 +256,7 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
     /*
      * Get an ap_req.
      */
-    if ((retval = tgs_construct_tgsreq(context, scratch, in_cred, 
+    if ((retval = tgs_construct_tgsreq(context, scratch, in_cred,
                                        &scratch2, local_subkey))) {
         krb5_free_data(context, scratch);
         goto send_tgs_error_2;
@@ -332,41 +333,41 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
 
 send_again:
     use_master = 0;
-    retval = krb5_sendto_kdc(context, scratch, 
-                 krb5_princ_realm(context, sname),
-                 &rep->response, &use_master, tcp_only);
+    retval = krb5_sendto_kdc(context, scratch,
+                             krb5_princ_realm(context, sname),
+                             &rep->response, &use_master, tcp_only);
     if (retval == 0) {
         if (krb5_is_krb_error(&rep->response)) {
             if (!tcp_only) {
                 krb5_error *err_reply;
                 retval = decode_krb5_error(&rep->response, &err_reply);
-            if (retval)
-                goto send_tgs_error_3;
-            if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) {
-                tcp_only = 1;
+                if (retval)
+                    goto send_tgs_error_3;
+                if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) {
+                    tcp_only = 1;
+                    krb5_free_error(context, err_reply);
+                    free(rep->response.data);
+                    rep->response.data = NULL;
+                    goto send_again;
+                }
                 krb5_free_error(context, err_reply);
-                free(rep->response.data);
-                rep->response.data = NULL;
-                goto send_again;
-            }
-            krb5_free_error(context, err_reply);
             send_tgs_error_3:
                 ;
-        }
-        rep->message_type = KRB5_ERROR;
-    } else if (krb5_is_tgs_rep(&rep->response)) {
-        rep->message_type = KRB5_TGS_REP;
-        *subkey = local_subkey;
-    } else /* XXX: assume it's an error */
-        rep->message_type = KRB5_ERROR;
+            }
+            rep->message_type = KRB5_ERROR;
+        } else if (krb5_is_tgs_rep(&rep->response)) {
+            rep->message_type = KRB5_TGS_REP;
+            *subkey = local_subkey;
+        } else /* XXX: assume it's an error */
+            rep->message_type = KRB5_ERROR;
     }
 
     krb5_free_data(context, scratch);
-    
+
 send_tgs_error_2:;
     if (tgsreq.padata)
         krb5_free_pa_data(context, tgsreq.padata);
-    if (sec_ticket) 
+    if (sec_ticket)
         krb5_free_ticket(context, sec_ticket);
 
 send_tgs_error_1:;
@@ -374,13 +375,12 @@ send_tgs_error_1:;
         free(tgsreq.ktype);
     if (tgsreq.authorization_data.ciphertext.data) {
         memset(tgsreq.authorization_data.ciphertext.data, 0,
-               tgsreq.authorization_data.ciphertext.length); 
+               tgsreq.authorization_data.ciphertext.length);
         free(tgsreq.authorization_data.ciphertext.data);
     }
     if (rep->message_type != KRB5_TGS_REP && local_subkey){
         krb5_free_keyblock(context, *subkey);
-    } 
+    }
 
     return retval;
 }
-
diff --git a/src/lib/krb5/krb/sendauth.c b/src/lib/krb5/krb/sendauth.c
index 67b9adde0..30b72b937 100644
--- a/src/lib/krb5/krb/sendauth.c
+++ b/src/lib/krb5/krb/sendauth.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/sendauth.c
  *
diff --git a/src/lib/krb5/krb/ser_actx.c b/src/lib/krb5/krb/ser_actx.c
index 65b7e2729..ccd1e2df7 100644
--- a/src/lib/krb5/krb/ser_actx.c
+++ b/src/lib/krb5/krb/ser_actx.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/ser_actx.c
  *
@@ -32,26 +33,26 @@
 #include "int-proto.h"
 #include "auth_con.h"
 
-#define	TOKEN_RADDR	950916
-#define	TOKEN_RPORT	950917
-#define	TOKEN_LADDR	950918
-#define	TOKEN_LPORT	950919
-#define	TOKEN_KEYBLOCK	950920
-#define	TOKEN_LSKBLOCK	950921
-#define	TOKEN_RSKBLOCK	950922
+#define TOKEN_RADDR     950916
+#define TOKEN_RPORT     950917
+#define TOKEN_LADDR     950918
+#define TOKEN_LPORT     950919
+#define TOKEN_KEYBLOCK  950920
+#define TOKEN_LSKBLOCK  950921
+#define TOKEN_RSKBLOCK  950922
 
 /*
  * Routines to deal with externalizing the krb5_auth_context:
- *	krb5_auth_context_size();
- *	krb5_auth_context_externalize();
- *	krb5_auth_context_internalize();
+ *      krb5_auth_context_size();
+ *      krb5_auth_context_externalize();
+ *      krb5_auth_context_internalize();
  */
 static krb5_error_code krb5_auth_context_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_auth_context_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_auth_context_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /*
  * Other metadata serialization initializers.
@@ -59,289 +60,289 @@ static krb5_error_code krb5_auth_context_internalize
 
 /* Local data */
 static const krb5_ser_entry krb5_auth_context_ser_entry = {
-    KV5M_AUTH_CONTEXT,			/* Type			*/
-    krb5_auth_context_size,		/* Sizer routine	*/
-    krb5_auth_context_externalize,	/* Externalize routine	*/
-    krb5_auth_context_internalize	/* Internalize routine	*/
+    KV5M_AUTH_CONTEXT,                  /* Type                 */
+    krb5_auth_context_size,             /* Sizer routine        */
+    krb5_auth_context_externalize,      /* Externalize routine  */
+    krb5_auth_context_internalize       /* Internalize routine  */
 };
 
 /*
- * krb5_auth_context_size()	- Determine the size required to externalize
- *				  the krb5_auth_context.
+ * krb5_auth_context_size()     - Determine the size required to externalize
+ *                                the krb5_auth_context.
  */
 static krb5_error_code
 krb5_auth_context_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_auth_context	auth_context;
-    size_t		required;
-    krb5_enctype	enctype;
+    krb5_error_code     kret;
+    krb5_auth_context   auth_context;
+    size_t              required;
+    krb5_enctype        enctype;
 
     /*
      * krb5_auth_context requires at minimum:
-     *	krb5_int32		for KV5M_AUTH_CONTEXT
-     *	krb5_int32		for auth_context_flags
-     *	krb5_int32		for remote_seq_number
-     *	krb5_int32		for local_seq_number
-     *	krb5_int32		for req_cksumtype
-     *	krb5_int32		for safe_cksumtype
-     *	krb5_int32		for size of i_vector
-     *	krb5_int32		for KV5M_AUTH_CONTEXT
+     *  krb5_int32              for KV5M_AUTH_CONTEXT
+     *  krb5_int32              for auth_context_flags
+     *  krb5_int32              for remote_seq_number
+     *  krb5_int32              for local_seq_number
+     *  krb5_int32              for req_cksumtype
+     *  krb5_int32              for safe_cksumtype
+     *  krb5_int32              for size of i_vector
+     *  krb5_int32              for KV5M_AUTH_CONTEXT
      */
     kret = EINVAL;
     if ((auth_context = (krb5_auth_context) arg)) {
-	kret = 0;
-
-	/* Calculate size required by i_vector - ptooey */
-	if (auth_context->i_vector && auth_context->key) {
-	    enctype = krb5_k_key_enctype(kcontext, auth_context->key);
-	    kret = krb5_c_block_size(kcontext, enctype, &required);
-	} else {
-	    required = 0;
-	}
-
-	required += sizeof(krb5_int32)*8;
-
-	/* Calculate size required by remote_addr, if appropriate */
-	if (!kret && auth_context->remote_addr) {
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_ADDRESS,
-				    (krb5_pointer) auth_context->remote_addr,
-				    &required);
-	    if (!kret)
-		required += sizeof(krb5_int32);
-	}
-
-	/* Calculate size required by remote_port, if appropriate */
-	if (!kret && auth_context->remote_port) {
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_ADDRESS,
-				    (krb5_pointer) auth_context->remote_port,
-				    &required);
-	    if (!kret)
-		required += sizeof(krb5_int32);
-	}
-
-	/* Calculate size required by local_addr, if appropriate */
-	if (!kret && auth_context->local_addr) {
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_ADDRESS,
-				    (krb5_pointer) auth_context->local_addr,
-				    &required);
-	    if (!kret)
-		required += sizeof(krb5_int32);
-	}
-
-	/* Calculate size required by local_port, if appropriate */
-	if (!kret && auth_context->local_port) {
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_ADDRESS,
-				    (krb5_pointer) auth_context->local_port,
-				    &required);
-	    if (!kret)
-		required += sizeof(krb5_int32);
-	}
-
-	/* Calculate size required by key, if appropriate */
-	if (!kret && auth_context->key) {
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_KEYBLOCK, (krb5_pointer)
-				    &auth_context->key->keyblock,
-				    &required);
-	    if (!kret)
-		required += sizeof(krb5_int32);
-	}
-
-	/* Calculate size required by send_subkey, if appropriate */
-	if (!kret && auth_context->send_subkey) {
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_KEYBLOCK, (krb5_pointer)
-				    &auth_context->send_subkey->keyblock,
-				    &required);
-	    if (!kret)
-		required += sizeof(krb5_int32);
-	}
-
-	/* Calculate size required by recv_subkey, if appropriate */
-	if (!kret && auth_context->recv_subkey) {
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_KEYBLOCK, (krb5_pointer)
-				    &auth_context->recv_subkey->keyblock,
-				    &required);
-	    if (!kret)
-		required += sizeof(krb5_int32);
-	}
-
-	/* Calculate size required by authentp, if appropriate */
-	if (!kret && auth_context->authentp)
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_AUTHENTICATOR,
-				    (krb5_pointer) auth_context->authentp,
-				    &required);
+        kret = 0;
+
+        /* Calculate size required by i_vector - ptooey */
+        if (auth_context->i_vector && auth_context->key) {
+            enctype = krb5_k_key_enctype(kcontext, auth_context->key);
+            kret = krb5_c_block_size(kcontext, enctype, &required);
+        } else {
+            required = 0;
+        }
+
+        required += sizeof(krb5_int32)*8;
+
+        /* Calculate size required by remote_addr, if appropriate */
+        if (!kret && auth_context->remote_addr) {
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_ADDRESS,
+                                    (krb5_pointer) auth_context->remote_addr,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by remote_port, if appropriate */
+        if (!kret && auth_context->remote_port) {
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_ADDRESS,
+                                    (krb5_pointer) auth_context->remote_port,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by local_addr, if appropriate */
+        if (!kret && auth_context->local_addr) {
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_ADDRESS,
+                                    (krb5_pointer) auth_context->local_addr,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by local_port, if appropriate */
+        if (!kret && auth_context->local_port) {
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_ADDRESS,
+                                    (krb5_pointer) auth_context->local_port,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by key, if appropriate */
+        if (!kret && auth_context->key) {
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK, (krb5_pointer)
+                                    &auth_context->key->keyblock,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by send_subkey, if appropriate */
+        if (!kret && auth_context->send_subkey) {
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK, (krb5_pointer)
+                                    &auth_context->send_subkey->keyblock,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by recv_subkey, if appropriate */
+        if (!kret && auth_context->recv_subkey) {
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK, (krb5_pointer)
+                                    &auth_context->recv_subkey->keyblock,
+                                    &required);
+            if (!kret)
+                required += sizeof(krb5_int32);
+        }
+
+        /* Calculate size required by authentp, if appropriate */
+        if (!kret && auth_context->authentp)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_AUTHENTICATOR,
+                                    (krb5_pointer) auth_context->authentp,
+                                    &required);
 
     }
     if (!kret)
-	*sizep += required;
+        *sizep += required;
     return(kret);
 }
 
 /*
- * krb5_auth_context_externalize()	- Externalize the krb5_auth_context.
+ * krb5_auth_context_externalize()      - Externalize the krb5_auth_context.
  */
 static krb5_error_code
 krb5_auth_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_auth_context	auth_context;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_auth_context   auth_context;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
     size_t              obuf;
-    krb5_int32		obuf32;
-    krb5_enctype	enctype;
+    krb5_int32          obuf32;
+    krb5_enctype        enctype;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((auth_context = (krb5_auth_context) arg)) {
-	kret = ENOMEM;
-	if (!krb5_auth_context_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-
-	    /* Write fixed portion */
-	    (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
-	    (void) krb5_ser_pack_int32(auth_context->auth_context_flags,
-				       &bp, &remain);
-	    (void) krb5_ser_pack_int32(auth_context->remote_seq_number,
-				       &bp, &remain);
-	    (void) krb5_ser_pack_int32(auth_context->local_seq_number,
-				       &bp, &remain);
-	    (void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype,
-				       &bp, &remain);
-	    (void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype,
-				       &bp, &remain);
-
-	    kret = 0;
-
-	    /* Now figure out the number of bytes for i_vector and write it */
-	    if (auth_context->i_vector) {
-		enctype = krb5_k_key_enctype(kcontext, auth_context->key);
-		kret = krb5_c_block_size(kcontext, enctype, &obuf);
-	    } else {
-		obuf = 0;
-	    }
-
-	    /* Convert to signed 32 bit integer */
-	    obuf32 = obuf;
-	    if (kret == 0 && obuf != obuf32)
-		kret = EINVAL;
-	    if (!kret)
-		(void) krb5_ser_pack_int32(obuf32, &bp, &remain);
-
-	    /* Now copy i_vector */
-	    if (!kret && auth_context->i_vector)
-		(void) krb5_ser_pack_bytes(auth_context->i_vector,
-					   obuf,
-					   &bp, &remain);
-
-	    /* Now handle remote_addr, if appropriate */
-	    if (!kret && auth_context->remote_addr) {
-		(void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_ADDRESS,
-					       (krb5_pointer)
-					       auth_context->remote_addr,
-					       &bp,
-					       &remain);
-	    }
-
-	    /* Now handle remote_port, if appropriate */
-	    if (!kret && auth_context->remote_port) {
-		(void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_ADDRESS,
-					       (krb5_pointer)
-					       auth_context->remote_addr,
-					       &bp,
-					       &remain);
-	    }
-
-	    /* Now handle local_addr, if appropriate */
-	    if (!kret && auth_context->local_addr) {
-		(void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_ADDRESS,
-					       (krb5_pointer)
-					       auth_context->local_addr,
-					       &bp,
-					       &remain);
-	    }
-
-	    /* Now handle local_port, if appropriate */
-	    if (!kret && auth_context->local_port) {
-		(void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_ADDRESS,
-					       (krb5_pointer)
-					       auth_context->local_addr,
-					       &bp,
-					       &remain);
-	    }
-
-	    /* Now handle keyblock, if appropriate */
-	    if (!kret && auth_context->key) {
-		(void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_KEYBLOCK,
-					       (krb5_pointer)
-					       &auth_context->key->keyblock,
-					       &bp,
-					       &remain);
-	    }
-
-	    /* Now handle subkey, if appropriate */
-	    if (!kret && auth_context->send_subkey) {
-		(void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_KEYBLOCK,
-					       (krb5_pointer) &auth_context->
-					       send_subkey->keyblock,
-					       &bp,
-					       &remain);
-	    }
-
-	    /* Now handle subkey, if appropriate */
-	    if (!kret && auth_context->recv_subkey) {
-		(void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_KEYBLOCK,
-					       (krb5_pointer) &auth_context->
-					       recv_subkey->keyblock,
-					       &bp,
-					       &remain);
-	    }
-
-	    /* Now handle authentp, if appropriate */
-	    if (!kret && auth_context->authentp)
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_AUTHENTICATOR,
-					       (krb5_pointer)
-					       auth_context->authentp,
-					       &bp,
-					       &remain);
-
-	    /*
-	     * If we were successful, write trailer then update the pointer and
-	     * remaining length;
-	     */
-	    if (!kret) {
-		/* Write our trailer */
-		(void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
-		*buffer = bp;
-		*lenremain = remain;
-	    }
-	}
+        kret = ENOMEM;
+        if (!krb5_auth_context_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+
+            /* Write fixed portion */
+            (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
+            (void) krb5_ser_pack_int32(auth_context->auth_context_flags,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32(auth_context->remote_seq_number,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32(auth_context->local_seq_number,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) auth_context->req_cksumtype,
+                                       &bp, &remain);
+            (void) krb5_ser_pack_int32((krb5_int32) auth_context->safe_cksumtype,
+                                       &bp, &remain);
+
+            kret = 0;
+
+            /* Now figure out the number of bytes for i_vector and write it */
+            if (auth_context->i_vector) {
+                enctype = krb5_k_key_enctype(kcontext, auth_context->key);
+                kret = krb5_c_block_size(kcontext, enctype, &obuf);
+            } else {
+                obuf = 0;
+            }
+
+            /* Convert to signed 32 bit integer */
+            obuf32 = obuf;
+            if (kret == 0 && obuf != obuf32)
+                kret = EINVAL;
+            if (!kret)
+                (void) krb5_ser_pack_int32(obuf32, &bp, &remain);
+
+            /* Now copy i_vector */
+            if (!kret && auth_context->i_vector)
+                (void) krb5_ser_pack_bytes(auth_context->i_vector,
+                                           obuf,
+                                           &bp, &remain);
+
+            /* Now handle remote_addr, if appropriate */
+            if (!kret && auth_context->remote_addr) {
+                (void) krb5_ser_pack_int32(TOKEN_RADDR, &bp, &remain);
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_ADDRESS,
+                                               (krb5_pointer)
+                                               auth_context->remote_addr,
+                                               &bp,
+                                               &remain);
+            }
+
+            /* Now handle remote_port, if appropriate */
+            if (!kret && auth_context->remote_port) {
+                (void) krb5_ser_pack_int32(TOKEN_RPORT, &bp, &remain);
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_ADDRESS,
+                                               (krb5_pointer)
+                                               auth_context->remote_addr,
+                                               &bp,
+                                               &remain);
+            }
+
+            /* Now handle local_addr, if appropriate */
+            if (!kret && auth_context->local_addr) {
+                (void) krb5_ser_pack_int32(TOKEN_LADDR, &bp, &remain);
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_ADDRESS,
+                                               (krb5_pointer)
+                                               auth_context->local_addr,
+                                               &bp,
+                                               &remain);
+            }
+
+            /* Now handle local_port, if appropriate */
+            if (!kret && auth_context->local_port) {
+                (void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_ADDRESS,
+                                               (krb5_pointer)
+                                               auth_context->local_addr,
+                                               &bp,
+                                               &remain);
+            }
+
+            /* Now handle keyblock, if appropriate */
+            if (!kret && auth_context->key) {
+                (void) krb5_ser_pack_int32(TOKEN_KEYBLOCK, &bp, &remain);
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer)
+                                               &auth_context->key->keyblock,
+                                               &bp,
+                                               &remain);
+            }
+
+            /* Now handle subkey, if appropriate */
+            if (!kret && auth_context->send_subkey) {
+                (void) krb5_ser_pack_int32(TOKEN_LSKBLOCK, &bp, &remain);
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer) &auth_context->
+                                               send_subkey->keyblock,
+                                               &bp,
+                                               &remain);
+            }
+
+            /* Now handle subkey, if appropriate */
+            if (!kret && auth_context->recv_subkey) {
+                (void) krb5_ser_pack_int32(TOKEN_RSKBLOCK, &bp, &remain);
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer) &auth_context->
+                                               recv_subkey->keyblock,
+                                               &bp,
+                                               &remain);
+            }
+
+            /* Now handle authentp, if appropriate */
+            if (!kret && auth_context->authentp)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_AUTHENTICATOR,
+                                               (krb5_pointer)
+                                               auth_context->authentp,
+                                               &bp,
+                                               &remain);
+
+            /*
+             * If we were successful, write trailer then update the pointer and
+             * remaining length;
+             */
+            if (!kret) {
+                /* Write our trailer */
+                (void) krb5_ser_pack_int32(KV5M_AUTH_CONTEXT, &bp, &remain);
+                *buffer = bp;
+                *lenremain = remain;
+            }
+        }
     }
     return(kret);
 }
@@ -354,195 +355,195 @@ intern_key(krb5_context ctx, krb5_key *key, krb5_octet **bp, size_t *sp)
     krb5_error_code ret;
 
     ret = krb5_internalize_opaque(ctx, KV5M_KEYBLOCK,
-				  (krb5_pointer *) &keyblock, bp, sp);
+                                  (krb5_pointer *) &keyblock, bp, sp);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_create_key(ctx, keyblock, key);
     krb5_free_keyblock(ctx, keyblock);
     return ret;
 }
 
 /*
- * krb5_auth_context_internalize()	- Internalize the krb5_auth_context.
+ * krb5_auth_context_internalize()      - Internalize the krb5_auth_context.
  */
 static krb5_error_code
 krb5_auth_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_auth_context	auth_context;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
-    krb5_int32		ivlen;
-    krb5_int32		tag;
+    krb5_error_code     kret;
+    krb5_auth_context   auth_context;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    krb5_int32          ivlen;
+    krb5_int32          tag;
 
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-	ibuf = 0;
+        ibuf = 0;
     if (ibuf == KV5M_AUTH_CONTEXT) {
-	kret = ENOMEM;
-
-	/* Get memory for the auth_context */
-	if ((remain >= (5*sizeof(krb5_int32))) &&
-	    (auth_context = (krb5_auth_context)
-	     calloc(1, sizeof(struct _krb5_auth_context)))) {
-
-	    /* Get auth_context_flags */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    auth_context->auth_context_flags = ibuf;
-
-	    /* Get remote_seq_number */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    auth_context->remote_seq_number = ibuf;
-
-	    /* Get local_seq_number */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    auth_context->local_seq_number = ibuf;
-
-	    /* Get req_cksumtype */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    auth_context->req_cksumtype = (krb5_cksumtype) ibuf;
-
-	    /* Get safe_cksumtype */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    auth_context->safe_cksumtype = (krb5_cksumtype) ibuf;
-
-	    /* Get length of i_vector */
-	    (void) krb5_ser_unpack_int32(&ivlen, &bp, &remain);
-
-	    if (ivlen) {
-		if ((auth_context->i_vector =
-		     (krb5_pointer) malloc((size_t)ivlen)))
-		    kret = krb5_ser_unpack_bytes(auth_context->i_vector,
-						 (size_t) ivlen,
-						 &bp,
-						 &remain);
-		else
-		    kret = ENOMEM;
-	    }
-	    else
-		kret = 0;
-	    
-	    /* Peek at next token */
-	    tag = 0;
-	    if (!kret)
-		kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
-
-	    /* This is the remote_addr */
-	    if (!kret && (tag == TOKEN_RADDR)) {
-		if (!(kret = krb5_internalize_opaque(kcontext,
-						     KV5M_ADDRESS,
-						     (krb5_pointer *)
-						     &auth_context->
-						     remote_addr,
-						     &bp,
-						     &remain)))
-		    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
-	    }
-
-	    /* This is the remote_port */
-	    if (!kret && (tag == TOKEN_RPORT)) {
-		if (!(kret = krb5_internalize_opaque(kcontext,
-						     KV5M_ADDRESS,
-						     (krb5_pointer *)
-						     &auth_context->
-						     remote_port,
-						     &bp,
-						     &remain)))
-		    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
-	    }
-
-	    /* This is the local_addr */
-	    if (!kret && (tag == TOKEN_LADDR)) {
-		if (!(kret = krb5_internalize_opaque(kcontext,
-						     KV5M_ADDRESS,
-						     (krb5_pointer *)
-						     &auth_context->
-						     local_addr,
-						     &bp,
-						     &remain)))
-		    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
-	    }
-
-	    /* This is the local_port */
-	    if (!kret && (tag == TOKEN_LPORT)) {
-		if (!(kret = krb5_internalize_opaque(kcontext,
-						     KV5M_ADDRESS,
-						     (krb5_pointer *)
-						     &auth_context->
-						     local_port,
-						     &bp,
-						     &remain)))
-		    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
-	    }
-
-	    /* This is the keyblock */
-	    if (!kret && (tag == TOKEN_KEYBLOCK)) {
-		if (!(kret = intern_key(kcontext,
-					&auth_context->key,
-					&bp,
-					&remain)))
-		    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
-	    }
-
-	    /* This is the send_subkey */
-	    if (!kret && (tag == TOKEN_LSKBLOCK)) {
-		if (!(kret = intern_key(kcontext,
-					&auth_context->send_subkey,
-					&bp,
-					&remain)))
-		    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
-	    }
-
-	    /* This is the recv_subkey */
-	    if (!kret) {
-		if (tag == TOKEN_RSKBLOCK) {
-		    kret = intern_key(kcontext,
-				      &auth_context->recv_subkey,
-				      &bp,
-				      &remain);
-		}
-		else {
-		    /*
-		     * We read the next tag, but it's not of any use here, so
-		     * we effectively 'unget' it here.
-		     */
-		    bp -= sizeof(krb5_int32);
-		    remain += sizeof(krb5_int32);
-		}
-	    }
-
-	    /* Now find the authentp */
-	    if (!kret) {
-		if ((kret = krb5_internalize_opaque(kcontext,
-						    KV5M_AUTHENTICATOR,
-						    (krb5_pointer *)
-						    &auth_context->authentp,
-						    &bp,
-						    &remain))) {
-		    if (kret == EINVAL)
-			kret = 0;
-		}
-	    }
-
-	    /* Finally, find the trailer */
-	    if (!kret) {
-		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-		if (!kret && (ibuf != KV5M_AUTH_CONTEXT))
-		    kret = EINVAL;
-	    }
-	    if (!kret) {
-		*buffer = bp;
-		*lenremain = remain;
-		auth_context->magic = KV5M_AUTH_CONTEXT;
-		*argp = (krb5_pointer) auth_context;
-	    }
-	    else
-		krb5_auth_con_free(kcontext, auth_context);
-	}
+        kret = ENOMEM;
+
+        /* Get memory for the auth_context */
+        if ((remain >= (5*sizeof(krb5_int32))) &&
+            (auth_context = (krb5_auth_context)
+             calloc(1, sizeof(struct _krb5_auth_context)))) {
+
+            /* Get auth_context_flags */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->auth_context_flags = ibuf;
+
+            /* Get remote_seq_number */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->remote_seq_number = ibuf;
+
+            /* Get local_seq_number */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->local_seq_number = ibuf;
+
+            /* Get req_cksumtype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->req_cksumtype = (krb5_cksumtype) ibuf;
+
+            /* Get safe_cksumtype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            auth_context->safe_cksumtype = (krb5_cksumtype) ibuf;
+
+            /* Get length of i_vector */
+            (void) krb5_ser_unpack_int32(&ivlen, &bp, &remain);
+
+            if (ivlen) {
+                if ((auth_context->i_vector =
+                     (krb5_pointer) malloc((size_t)ivlen)))
+                    kret = krb5_ser_unpack_bytes(auth_context->i_vector,
+                                                 (size_t) ivlen,
+                                                 &bp,
+                                                 &remain);
+                else
+                    kret = ENOMEM;
+            }
+            else
+                kret = 0;
+
+            /* Peek at next token */
+            tag = 0;
+            if (!kret)
+                kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+
+            /* This is the remote_addr */
+            if (!kret && (tag == TOKEN_RADDR)) {
+                if (!(kret = krb5_internalize_opaque(kcontext,
+                                                     KV5M_ADDRESS,
+                                                     (krb5_pointer *)
+                                                     &auth_context->
+                                                     remote_addr,
+                                                     &bp,
+                                                     &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the remote_port */
+            if (!kret && (tag == TOKEN_RPORT)) {
+                if (!(kret = krb5_internalize_opaque(kcontext,
+                                                     KV5M_ADDRESS,
+                                                     (krb5_pointer *)
+                                                     &auth_context->
+                                                     remote_port,
+                                                     &bp,
+                                                     &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the local_addr */
+            if (!kret && (tag == TOKEN_LADDR)) {
+                if (!(kret = krb5_internalize_opaque(kcontext,
+                                                     KV5M_ADDRESS,
+                                                     (krb5_pointer *)
+                                                     &auth_context->
+                                                     local_addr,
+                                                     &bp,
+                                                     &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the local_port */
+            if (!kret && (tag == TOKEN_LPORT)) {
+                if (!(kret = krb5_internalize_opaque(kcontext,
+                                                     KV5M_ADDRESS,
+                                                     (krb5_pointer *)
+                                                     &auth_context->
+                                                     local_port,
+                                                     &bp,
+                                                     &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the keyblock */
+            if (!kret && (tag == TOKEN_KEYBLOCK)) {
+                if (!(kret = intern_key(kcontext,
+                                        &auth_context->key,
+                                        &bp,
+                                        &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the send_subkey */
+            if (!kret && (tag == TOKEN_LSKBLOCK)) {
+                if (!(kret = intern_key(kcontext,
+                                        &auth_context->send_subkey,
+                                        &bp,
+                                        &remain)))
+                    kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
+            }
+
+            /* This is the recv_subkey */
+            if (!kret) {
+                if (tag == TOKEN_RSKBLOCK) {
+                    kret = intern_key(kcontext,
+                                      &auth_context->recv_subkey,
+                                      &bp,
+                                      &remain);
+                }
+                else {
+                    /*
+                     * We read the next tag, but it's not of any use here, so
+                     * we effectively 'unget' it here.
+                     */
+                    bp -= sizeof(krb5_int32);
+                    remain += sizeof(krb5_int32);
+                }
+            }
+
+            /* Now find the authentp */
+            if (!kret) {
+                if ((kret = krb5_internalize_opaque(kcontext,
+                                                    KV5M_AUTHENTICATOR,
+                                                    (krb5_pointer *)
+                                                    &auth_context->authentp,
+                                                    &bp,
+                                                    &remain))) {
+                    if (kret == EINVAL)
+                        kret = 0;
+                }
+            }
+
+            /* Finally, find the trailer */
+            if (!kret) {
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                if (!kret && (ibuf != KV5M_AUTH_CONTEXT))
+                    kret = EINVAL;
+            }
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+                auth_context->magic = KV5M_AUTH_CONTEXT;
+                *argp = (krb5_pointer) auth_context;
+            }
+            else
+                krb5_auth_con_free(kcontext, auth_context);
+        }
     }
     return(kret);
 }
@@ -553,23 +554,23 @@ krb5_auth_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_oc
 krb5_error_code KRB5_CALLCONV
 krb5_ser_auth_context_init(krb5_context kcontext)
 {
-    krb5_error_code	kret;
+    krb5_error_code     kret;
     kret = krb5_register_serializer(kcontext, &krb5_auth_context_ser_entry);
     if (!kret)
-	kret = krb5_ser_authdata_init(kcontext);
+        kret = krb5_ser_authdata_init(kcontext);
     if (!kret)
-	kret = krb5_ser_address_init(kcontext);
+        kret = krb5_ser_address_init(kcontext);
 #ifndef LEAN_CLIENT
     if (!kret)
-	kret = krb5_ser_authenticator_init(kcontext);
+        kret = krb5_ser_authenticator_init(kcontext);
 #endif
     if (!kret)
-	kret = krb5_ser_checksum_init(kcontext);
+        kret = krb5_ser_checksum_init(kcontext);
     if (!kret)
-	kret = krb5_ser_keyblock_init(kcontext);
+        kret = krb5_ser_keyblock_init(kcontext);
     if (!kret)
-	kret = krb5_ser_principal_init(kcontext);
+        kret = krb5_ser_principal_init(kcontext);
     if (!kret)
-	kret = krb5_ser_authdata_context_init(kcontext);
+        kret = krb5_ser_authdata_context_init(kcontext);
     return(kret);
 }
diff --git a/src/lib/krb5/krb/ser_adata.c b/src/lib/krb5/krb/ser_adata.c
index 82d04dce1..77a76fdae 100644
--- a/src/lib/krb5/krb/ser_adata.c
+++ b/src/lib/krb5/krb/ser_adata.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/ser_adata.c
  *
@@ -33,157 +34,157 @@
 
 /*
  * Routines to deal with externalizing the krb5_authdata:
- *	krb5_authdata_size();
- *	krb5_authdata_externalize();
- *	krb5_authdata_internalize();
+ *      krb5_authdata_size();
+ *      krb5_authdata_externalize();
+ *      krb5_authdata_internalize();
  */
 static krb5_error_code krb5_authdata_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_authdata_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_authdata_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /* Local data */
 static const krb5_ser_entry krb5_authdata_ser_entry = {
-    KV5M_AUTHDATA,			/* Type			*/
-    krb5_authdata_size,			/* Sizer routine	*/
-    krb5_authdata_externalize,		/* Externalize routine	*/
-    krb5_authdata_internalize		/* Internalize routine	*/
+    KV5M_AUTHDATA,                      /* Type                 */
+    krb5_authdata_size,                 /* Sizer routine        */
+    krb5_authdata_externalize,          /* Externalize routine  */
+    krb5_authdata_internalize           /* Internalize routine  */
 };
 
 /*
- * krb5_authdata_esize()	- Determine the size required to externalize
- *				  the krb5_authdata.
+ * krb5_authdata_esize()        - Determine the size required to externalize
+ *                                the krb5_authdata.
  */
 static krb5_error_code
 krb5_authdata_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_authdata	*authdata;
+    krb5_error_code     kret;
+    krb5_authdata       *authdata;
 
     /*
      * krb5_authdata requires:
-     *	krb5_int32		for KV5M_AUTHDATA
-     *	krb5_int32		for ad_type
-     *	krb5_int32		for length
-     *	authdata->length	for contents
-     *	krb5_int32		for KV5M_AUTHDATA
+     *  krb5_int32              for KV5M_AUTHDATA
+     *  krb5_int32              for ad_type
+     *  krb5_int32              for length
+     *  authdata->length        for contents
+     *  krb5_int32              for KV5M_AUTHDATA
      */
     kret = EINVAL;
     if ((authdata = (krb5_authdata *) arg)) {
-	*sizep += (sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   (size_t) authdata->length);
-	kret = 0;
+        *sizep += (sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   (size_t) authdata->length);
+        kret = 0;
     }
     return(kret);
 }
 
 /*
- * krb5_authdata_externalize()	- Externalize the krb5_authdata.
+ * krb5_authdata_externalize()  - Externalize the krb5_authdata.
  */
 static krb5_error_code
 krb5_authdata_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_authdata	*authdata;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_authdata       *authdata;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((authdata = (krb5_authdata *) arg)) {
-	kret = ENOMEM;
-	if (!krb5_authdata_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    /* Our identifier */
-	    (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
-		
-	    /* Our ad_type */
-	    (void) krb5_ser_pack_int32((krb5_int32) authdata->ad_type,
-				       &bp, &remain);
+        kret = ENOMEM;
+        if (!krb5_authdata_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
 
-	    /* Our length */
-	    (void) krb5_ser_pack_int32((krb5_int32) authdata->length,
-				       &bp, &remain);
+            /* Our ad_type */
+            (void) krb5_ser_pack_int32((krb5_int32) authdata->ad_type,
+                                       &bp, &remain);
 
-	    /* Our contents */
-	    (void) krb5_ser_pack_bytes(authdata->contents,
-				       (size_t) authdata->length,
-				       &bp, &remain);
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) authdata->length,
+                                       &bp, &remain);
 
-	    /* Finally, our trailer */
-	    (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
-	    kret = 0;
-	    *buffer = bp;
-	    *lenremain = remain;
-	}
+            /* Our contents */
+            (void) krb5_ser_pack_bytes(authdata->contents,
+                                       (size_t) authdata->length,
+                                       &bp, &remain);
+
+            /* Finally, our trailer */
+            (void) krb5_ser_pack_int32(KV5M_AUTHDATA, &bp, &remain);
+            kret = 0;
+            *buffer = bp;
+            *lenremain = remain;
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_authdata_internalize()	- Internalize the krb5_authdata.
+ * krb5_authdata_internalize()  - Internalize the krb5_authdata.
  */
 static krb5_error_code
 krb5_authdata_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_authdata	*authdata;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_authdata       *authdata;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
 
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-	ibuf = 0;
+        ibuf = 0;
     if (ibuf == KV5M_AUTHDATA) {
-	kret = ENOMEM;
+        kret = ENOMEM;
 
-	/* Get a authdata */
-	if ((remain >= (2*sizeof(krb5_int32))) &&
-	    (authdata = (krb5_authdata *) calloc(1, sizeof(krb5_authdata)))) {
+        /* Get a authdata */
+        if ((remain >= (2*sizeof(krb5_int32))) &&
+            (authdata = (krb5_authdata *) calloc(1, sizeof(krb5_authdata)))) {
 
-	    /* Get the ad_type */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    authdata->ad_type = (krb5_authdatatype) ibuf;
+            /* Get the ad_type */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authdata->ad_type = (krb5_authdatatype) ibuf;
 
-	    /* Get the length */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    authdata->length = (int) ibuf;
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authdata->length = (int) ibuf;
 
-	    /* Get the string */
-	    if ((authdata->contents = (krb5_octet *)
-		 malloc((size_t) (ibuf))) &&
-		!(kret = krb5_ser_unpack_bytes(authdata->contents,
-					       (size_t) ibuf,
-					       &bp, &remain))) {
-		if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
-		    ibuf = 0;
-		if (ibuf == KV5M_AUTHDATA) {
-		    authdata->magic = KV5M_AUTHDATA;
-		    *buffer = bp;
-		    *lenremain = remain;
-		    *argp = (krb5_pointer) authdata;
-		}
-		else
-		    kret = EINVAL;
-	    }
-	    if (kret) {
-		if (authdata->contents)
-		    free(authdata->contents);
-		free(authdata);
-	    }
-	}
+            /* Get the string */
+            if ((authdata->contents = (krb5_octet *)
+                 malloc((size_t) (ibuf))) &&
+                !(kret = krb5_ser_unpack_bytes(authdata->contents,
+                                               (size_t) ibuf,
+                                               &bp, &remain))) {
+                if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+                    ibuf = 0;
+                if (ibuf == KV5M_AUTHDATA) {
+                    authdata->magic = KV5M_AUTHDATA;
+                    *buffer = bp;
+                    *lenremain = remain;
+                    *argp = (krb5_pointer) authdata;
+                }
+                else
+                    kret = EINVAL;
+            }
+            if (kret) {
+                if (authdata->contents)
+                    free(authdata->contents);
+                free(authdata);
+            }
+        }
     }
     return(kret);
 }
diff --git a/src/lib/krb5/krb/ser_addr.c b/src/lib/krb5/krb/ser_addr.c
index 11b7f6abf..e7b642130 100644
--- a/src/lib/krb5/krb/ser_addr.c
+++ b/src/lib/krb5/krb/ser_addr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/ser_addr.c
  *
@@ -33,161 +34,161 @@
 
 /*
  * Routines to deal with externalizing the krb5_address:
- *	krb5_address_size();
- *	krb5_address_externalize();
- *	krb5_address_internalize();
+ *      krb5_address_size();
+ *      krb5_address_externalize();
+ *      krb5_address_internalize();
  */
 static krb5_error_code krb5_address_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_address_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_address_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /* Local data */
 static const krb5_ser_entry krb5_address_ser_entry = {
-    KV5M_ADDRESS,			/* Type			*/
-    krb5_address_size,		/* Sizer routine	*/
-    krb5_address_externalize,		/* Externalize routine	*/
-    krb5_address_internalize		/* Internalize routine	*/
+    KV5M_ADDRESS,                       /* Type                 */
+    krb5_address_size,          /* Sizer routine        */
+    krb5_address_externalize,           /* Externalize routine  */
+    krb5_address_internalize            /* Internalize routine  */
 };
 
 /*
- * krb5_address_size()	- Determine the size required to externalize
- *				  the krb5_address.
+ * krb5_address_size()  - Determine the size required to externalize
+ *                                the krb5_address.
  */
 static krb5_error_code
 krb5_address_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_address	*address;
+    krb5_error_code     kret;
+    krb5_address        *address;
 
     /*
      * krb5_address requires:
-     *	krb5_int32		for KV5M_ADDRESS
-     *	krb5_int32		for addrtype
-     *	krb5_int32		for length
-     *	address->length		for contents
-     *	krb5_int32		for KV5M_ADDRESS
+     *  krb5_int32              for KV5M_ADDRESS
+     *  krb5_int32              for addrtype
+     *  krb5_int32              for length
+     *  address->length         for contents
+     *  krb5_int32              for KV5M_ADDRESS
      */
     kret = EINVAL;
     if ((address = (krb5_address *) arg)) {
-	*sizep += (sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   (size_t) address->length);
-	kret = 0;
+        *sizep += (sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   (size_t) address->length);
+        kret = 0;
     }
     return(kret);
 }
 
 /*
- * krb5_address_externalize()	- Externalize the krb5_address.
+ * krb5_address_externalize()   - Externalize the krb5_address.
  */
 static krb5_error_code
 krb5_address_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_address	*address;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_address        *address;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((address = (krb5_address *) arg)) {
-	kret = ENOMEM;
-	if (!krb5_address_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    /* Our identifier */
-	    (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
-		
-	    /* Our addrtype */
-	    (void) krb5_ser_pack_int32((krb5_int32) address->addrtype,
-				       &bp, &remain);
-
-	    /* Our length */
-	    (void) krb5_ser_pack_int32((krb5_int32) address->length,
-				       &bp, &remain);
-
-	    /* Our contents */
-	    (void) krb5_ser_pack_bytes(address->contents,
-				       (size_t) address->length,
-				       &bp, &remain);
-
-	    /* Finally, our trailer */
-	    (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
-
-	    kret = 0;
-	    *buffer = bp;
-	    *lenremain = remain;
-	}
+        kret = ENOMEM;
+        if (!krb5_address_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
+
+            /* Our addrtype */
+            (void) krb5_ser_pack_int32((krb5_int32) address->addrtype,
+                                       &bp, &remain);
+
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) address->length,
+                                       &bp, &remain);
+
+            /* Our contents */
+            (void) krb5_ser_pack_bytes(address->contents,
+                                       (size_t) address->length,
+                                       &bp, &remain);
+
+            /* Finally, our trailer */
+            (void) krb5_ser_pack_int32(KV5M_ADDRESS, &bp, &remain);
+
+            kret = 0;
+            *buffer = bp;
+            *lenremain = remain;
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_address_internalize()	- Internalize the krb5_address.
+ * krb5_address_internalize()   - Internalize the krb5_address.
  */
 static krb5_error_code
 krb5_address_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_address	*address;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_address        *address;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
 
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-	ibuf = 0;
+        ibuf = 0;
     if (ibuf == KV5M_ADDRESS) {
-	kret = ENOMEM;
-
-	/* Get a address */
-	if ((remain >= (2*sizeof(krb5_int32))) &&
-	    (address = (krb5_address *) calloc(1, sizeof(krb5_address)))) {
-
-	    address->magic = KV5M_ADDRESS;
-
-	    /* Get the addrtype */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    address->addrtype = (krb5_addrtype) ibuf;
-
-	    /* Get the length */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    address->length = (int) ibuf;
-
-	    /* Get the string */
-	    if ((address->contents = (krb5_octet *) malloc((size_t) (ibuf))) &&
-		!(kret = krb5_ser_unpack_bytes(address->contents,
-					       (size_t) ibuf,
-					       &bp, &remain))) {
-		/* Get the trailer */
-		if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
-		    ibuf = 0;
-
-		if (!kret && (ibuf == KV5M_ADDRESS)) {
-		    address->magic = KV5M_ADDRESS;
-		    *buffer = bp;
-		    *lenremain = remain;
-		    *argp = (krb5_pointer) address;
-		}
-		else
-		    kret = EINVAL;
-	    }
-	    if (kret) {
-		if (address->contents)
-		    free(address->contents);
-		free(address);
-	    }
-	}
+        kret = ENOMEM;
+
+        /* Get a address */
+        if ((remain >= (2*sizeof(krb5_int32))) &&
+            (address = (krb5_address *) calloc(1, sizeof(krb5_address)))) {
+
+            address->magic = KV5M_ADDRESS;
+
+            /* Get the addrtype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            address->addrtype = (krb5_addrtype) ibuf;
+
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            address->length = (int) ibuf;
+
+            /* Get the string */
+            if ((address->contents = (krb5_octet *) malloc((size_t) (ibuf))) &&
+                !(kret = krb5_ser_unpack_bytes(address->contents,
+                                               (size_t) ibuf,
+                                               &bp, &remain))) {
+                /* Get the trailer */
+                if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
+                    ibuf = 0;
+
+                if (!kret && (ibuf == KV5M_ADDRESS)) {
+                    address->magic = KV5M_ADDRESS;
+                    *buffer = bp;
+                    *lenremain = remain;
+                    *argp = (krb5_pointer) address;
+                }
+                else
+                    kret = EINVAL;
+            }
+            if (kret) {
+                if (address->contents)
+                    free(address->contents);
+                free(address);
+            }
+        }
     }
     return(kret);
 }
diff --git a/src/lib/krb5/krb/ser_auth.c b/src/lib/krb5/krb/ser_auth.c
index 6951f92fa..23b9b5745 100644
--- a/src/lib/krb5/krb/ser_auth.c
+++ b/src/lib/krb5/krb/ser_auth.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/ser_auth.c
  *
@@ -36,305 +37,305 @@
 
 /*
  * Routines to deal with externalizing the krb5_authenticator:
- *	krb5_authenticator_size();
- *	krb5_authenticator_externalize();
- *	krb5_authenticator_internalize();
+ *      krb5_authenticator_size();
+ *      krb5_authenticator_externalize();
+ *      krb5_authenticator_internalize();
  */
 static krb5_error_code krb5_authenticator_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_authenticator_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_authenticator_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /* Local data */
 static const krb5_ser_entry krb5_authenticator_ser_entry = {
-    KV5M_AUTHENTICATOR,			/* Type			*/
-    krb5_authenticator_size,		/* Sizer routine	*/
-    krb5_authenticator_externalize,	/* Externalize routine	*/
-    krb5_authenticator_internalize	/* Internalize routine	*/
+    KV5M_AUTHENTICATOR,                 /* Type                 */
+    krb5_authenticator_size,            /* Sizer routine        */
+    krb5_authenticator_externalize,     /* Externalize routine  */
+    krb5_authenticator_internalize      /* Internalize routine  */
 };
 
 /*
- * krb5_authenticator_size()	- Determine the size required to externalize
- *				  the krb5_authenticator.
+ * krb5_authenticator_size()    - Determine the size required to externalize
+ *                                the krb5_authenticator.
  */
 static krb5_error_code
 krb5_authenticator_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_authenticator	*authenticator;
-    size_t		required;
+    krb5_error_code     kret;
+    krb5_authenticator  *authenticator;
+    size_t              required;
 
     /*
      * krb5_authenticator requires at minimum:
-     *	krb5_int32		for KV5M_AUTHENTICATOR
-     *	krb5_int32		for seconds
-     *	krb5_int32		for cusec
-     *	krb5_int32		for seq_number
-     *	krb5_int32		for number in authorization_data array.
-     *	krb5_int32		for KV5M_AUTHENTICATOR
+     *  krb5_int32              for KV5M_AUTHENTICATOR
+     *  krb5_int32              for seconds
+     *  krb5_int32              for cusec
+     *  krb5_int32              for seq_number
+     *  krb5_int32              for number in authorization_data array.
+     *  krb5_int32              for KV5M_AUTHENTICATOR
      */
     kret = EINVAL;
     if ((authenticator = (krb5_authenticator *) arg)) {
-	required = sizeof(krb5_int32)*6;
-
-	/* Calculate size required by client, if appropriate */
-	if (authenticator->client)
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_PRINCIPAL,
-				    (krb5_pointer) authenticator->client,
-				    &required);
-	else
-	    kret = 0;
-
-	/* Calculate size required by checksum, if appropriate */
-	if (!kret && authenticator->checksum)
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_CHECKSUM,
-				    (krb5_pointer) authenticator->checksum,
-				    &required);
-
-	/* Calculate size required by subkey, if appropriate */
-	if (!kret && authenticator->subkey)
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_KEYBLOCK,
-				    (krb5_pointer) authenticator->subkey,
-				    &required);
-
-	/* Calculate size required by authorization_data, if appropriate */
-	if (!kret && authenticator->authorization_data) {
-	    int i;
-
-	    for (i=0; !kret && authenticator->authorization_data[i]; i++) {
-		kret = krb5_size_opaque(kcontext,
-					KV5M_AUTHDATA,
-					(krb5_pointer) authenticator->
-					authorization_data[i],
-					&required);
-	    }
-	}
+        required = sizeof(krb5_int32)*6;
+
+        /* Calculate size required by client, if appropriate */
+        if (authenticator->client)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_PRINCIPAL,
+                                    (krb5_pointer) authenticator->client,
+                                    &required);
+        else
+            kret = 0;
+
+        /* Calculate size required by checksum, if appropriate */
+        if (!kret && authenticator->checksum)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_CHECKSUM,
+                                    (krb5_pointer) authenticator->checksum,
+                                    &required);
+
+        /* Calculate size required by subkey, if appropriate */
+        if (!kret && authenticator->subkey)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK,
+                                    (krb5_pointer) authenticator->subkey,
+                                    &required);
+
+        /* Calculate size required by authorization_data, if appropriate */
+        if (!kret && authenticator->authorization_data) {
+            int i;
+
+            for (i=0; !kret && authenticator->authorization_data[i]; i++) {
+                kret = krb5_size_opaque(kcontext,
+                                        KV5M_AUTHDATA,
+                                        (krb5_pointer) authenticator->
+                                        authorization_data[i],
+                                        &required);
+            }
+        }
     }
     if (!kret)
-	*sizep += required;
+        *sizep += required;
     return(kret);
 }
 
 /*
- * krb5_authenticator_externalize()	- Externalize the krb5_authenticator.
+ * krb5_authenticator_externalize()     - Externalize the krb5_authenticator.
  */
 static krb5_error_code
 krb5_authenticator_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_authenticator	*authenticator;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
-    int			i;
+    krb5_error_code     kret;
+    krb5_authenticator  *authenticator;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+    int                 i;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((authenticator = (krb5_authenticator *) arg)) {
-	kret = ENOMEM;
-	if (!krb5_authenticator_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    /* First write our magic number */
-	    (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
-	    
-	    /* Now ctime */
-	    (void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime,
-				       &bp, &remain);
-
-	    /* Now cusec */
-	    (void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec,
-				       &bp, &remain);
-
-	    /* Now seq_number */
-	    (void) krb5_ser_pack_int32(authenticator->seq_number,
-				       &bp, &remain);
-
-	    /* Now handle client, if appropriate */
-	    if (authenticator->client)
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_PRINCIPAL,
-					       (krb5_pointer)
-					       authenticator->client,
-					       &bp,
-					       &remain);
-	    else
-		kret = 0;
-
-	    /* Now handle checksum, if appropriate */
-	    if (!kret && authenticator->checksum)
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_CHECKSUM,
-					       (krb5_pointer)
-					       authenticator->checksum,
-					       &bp,
-					       &remain);
-
-	    /* Now handle subkey, if appropriate */
-	    if (!kret && authenticator->subkey)
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_KEYBLOCK,
-					       (krb5_pointer)
-					       authenticator->subkey,
-					       &bp,
-					       &remain);
-
-	    /* Now handle authorization_data, if appropriate */
-	    if (!kret) {
-		if (authenticator->authorization_data)
-		    for (i=0; authenticator->authorization_data[i]; i++);
-		else
-		    i = 0;
-		(void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain);
-
-		/* Now pound out the authorization_data */
-		if (authenticator->authorization_data) {
-		    for (i=0; !kret && authenticator->authorization_data[i];
-			 i++)
-			kret = krb5_externalize_opaque(kcontext,
-						       KV5M_AUTHDATA,
-						       (krb5_pointer)
-						       authenticator->
-						       authorization_data[i],
-						       &bp,
-						       &remain);
-		}
-	    }
-
-	    /*
-	     * If we were successful, write trailer then update the pointer and
-	     * remaining length;
-	     */
-	    if (!kret) {
-		/* Write our trailer */
-		(void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
-		*buffer = bp;
-		*lenremain = remain;
-	    }
-	}
+        kret = ENOMEM;
+        if (!krb5_authenticator_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* First write our magic number */
+            (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
+
+            /* Now ctime */
+            (void) krb5_ser_pack_int32((krb5_int32) authenticator->ctime,
+                                       &bp, &remain);
+
+            /* Now cusec */
+            (void) krb5_ser_pack_int32((krb5_int32) authenticator->cusec,
+                                       &bp, &remain);
+
+            /* Now seq_number */
+            (void) krb5_ser_pack_int32(authenticator->seq_number,
+                                       &bp, &remain);
+
+            /* Now handle client, if appropriate */
+            if (authenticator->client)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_PRINCIPAL,
+                                               (krb5_pointer)
+                                               authenticator->client,
+                                               &bp,
+                                               &remain);
+            else
+                kret = 0;
+
+            /* Now handle checksum, if appropriate */
+            if (!kret && authenticator->checksum)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_CHECKSUM,
+                                               (krb5_pointer)
+                                               authenticator->checksum,
+                                               &bp,
+                                               &remain);
+
+            /* Now handle subkey, if appropriate */
+            if (!kret && authenticator->subkey)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer)
+                                               authenticator->subkey,
+                                               &bp,
+                                               &remain);
+
+            /* Now handle authorization_data, if appropriate */
+            if (!kret) {
+                if (authenticator->authorization_data)
+                    for (i=0; authenticator->authorization_data[i]; i++);
+                else
+                    i = 0;
+                (void) krb5_ser_pack_int32((krb5_int32) i, &bp, &remain);
+
+                /* Now pound out the authorization_data */
+                if (authenticator->authorization_data) {
+                    for (i=0; !kret && authenticator->authorization_data[i];
+                         i++)
+                        kret = krb5_externalize_opaque(kcontext,
+                                                       KV5M_AUTHDATA,
+                                                       (krb5_pointer)
+                                                       authenticator->
+                                                       authorization_data[i],
+                                                       &bp,
+                                                       &remain);
+                }
+            }
+
+            /*
+             * If we were successful, write trailer then update the pointer and
+             * remaining length;
+             */
+            if (!kret) {
+                /* Write our trailer */
+                (void) krb5_ser_pack_int32(KV5M_AUTHENTICATOR, &bp, &remain);
+                *buffer = bp;
+                *lenremain = remain;
+            }
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_authenticator_internalize()	- Internalize the krb5_authenticator.
+ * krb5_authenticator_internalize()     - Internalize the krb5_authenticator.
  */
 static krb5_error_code
 krb5_authenticator_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_authenticator	*authenticator;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
-    int			i;
-    krb5_int32		nadata;
-    size_t		len;
+    krb5_error_code     kret;
+    krb5_authenticator  *authenticator;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    int                 i;
+    krb5_int32          nadata;
+    size_t              len;
 
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-	ibuf = 0;
+        ibuf = 0;
     if (ibuf == KV5M_AUTHENTICATOR) {
-	kret = ENOMEM;
-
-	/* Get memory for the authenticator */
-	if ((remain >= (3*sizeof(krb5_int32))) &&
-	    (authenticator = (krb5_authenticator *) 
-	     calloc(1, sizeof(krb5_authenticator)))) {
-
-	    /* Get ctime */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    authenticator->ctime = (krb5_timestamp) ibuf;
-
-	    /* Get cusec */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    authenticator->cusec = ibuf;
-
-	    /* Get seq_number */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    authenticator->seq_number = ibuf;
-	    
-	    kret = 0;
-
-	    /* Attempt to read in the client */
-	    kret = krb5_internalize_opaque(kcontext,
-					   KV5M_PRINCIPAL,
-					   (krb5_pointer *)
-					   &authenticator->client,
-					   &bp,
-					   &remain);
-	    if (kret == EINVAL)
-		kret = 0;
-
-	    /* Attempt to read in the checksum */
-	    if (!kret) {
-		kret = krb5_internalize_opaque(kcontext,
-					       KV5M_CHECKSUM,
-					       (krb5_pointer *)
-					       &authenticator->checksum,
-					       &bp,
-					       &remain);
-		if (kret == EINVAL)
-		    kret = 0;
-	    }
-
-	    /* Attempt to read in the subkey */
-	    if (!kret) {
-		kret = krb5_internalize_opaque(kcontext,
-					       KV5M_KEYBLOCK,
-					       (krb5_pointer *)
-					       &authenticator->subkey,
-					       &bp,
-					       &remain);
-		if (kret == EINVAL)
-		    kret = 0;
-	    }
-
-	    /* Attempt to read in the authorization data count */
-	    if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) {
-		nadata = ibuf;
-		len = (size_t) (nadata + 1);
-
-		/* Get memory for the authorization data pointers */
-		if ((authenticator->authorization_data = (krb5_authdata **)
-		     calloc(len, sizeof(krb5_authdata *)))) {
-		    for (i=0; !kret && (i<nadata); i++) {
-			kret = krb5_internalize_opaque(kcontext,
-						       KV5M_AUTHDATA,
-						       (krb5_pointer *)
-						       &authenticator->
-						       authorization_data[i],
-						       &bp,
-						       &remain);
-		    }
-
-		    /* Finally, find the trailer */
-		    if (!kret) {
-			kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-			if (!kret && (ibuf == KV5M_AUTHENTICATOR))
-			    authenticator->magic = KV5M_AUTHENTICATOR;
-			else
-			    kret = EINVAL;
-		    }
-		}
-	    }
-	    if (!kret) {
-		*buffer = bp;
-		*lenremain = remain;
-		*argp = (krb5_pointer) authenticator;
-	    }
-	    else
-		krb5_free_authenticator(kcontext, authenticator);
-	}
+        kret = ENOMEM;
+
+        /* Get memory for the authenticator */
+        if ((remain >= (3*sizeof(krb5_int32))) &&
+            (authenticator = (krb5_authenticator *)
+             calloc(1, sizeof(krb5_authenticator)))) {
+
+            /* Get ctime */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authenticator->ctime = (krb5_timestamp) ibuf;
+
+            /* Get cusec */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authenticator->cusec = ibuf;
+
+            /* Get seq_number */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            authenticator->seq_number = ibuf;
+
+            kret = 0;
+
+            /* Attempt to read in the client */
+            kret = krb5_internalize_opaque(kcontext,
+                                           KV5M_PRINCIPAL,
+                                           (krb5_pointer *)
+                                           &authenticator->client,
+                                           &bp,
+                                           &remain);
+            if (kret == EINVAL)
+                kret = 0;
+
+            /* Attempt to read in the checksum */
+            if (!kret) {
+                kret = krb5_internalize_opaque(kcontext,
+                                               KV5M_CHECKSUM,
+                                               (krb5_pointer *)
+                                               &authenticator->checksum,
+                                               &bp,
+                                               &remain);
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            /* Attempt to read in the subkey */
+            if (!kret) {
+                kret = krb5_internalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer *)
+                                               &authenticator->subkey,
+                                               &bp,
+                                               &remain);
+                if (kret == EINVAL)
+                    kret = 0;
+            }
+
+            /* Attempt to read in the authorization data count */
+            if (!(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain))) {
+                nadata = ibuf;
+                len = (size_t) (nadata + 1);
+
+                /* Get memory for the authorization data pointers */
+                if ((authenticator->authorization_data = (krb5_authdata **)
+                     calloc(len, sizeof(krb5_authdata *)))) {
+                    for (i=0; !kret && (i<nadata); i++) {
+                        kret = krb5_internalize_opaque(kcontext,
+                                                       KV5M_AUTHDATA,
+                                                       (krb5_pointer *)
+                                                       &authenticator->
+                                                       authorization_data[i],
+                                                       &bp,
+                                                       &remain);
+                    }
+
+                    /* Finally, find the trailer */
+                    if (!kret) {
+                        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                        if (!kret && (ibuf == KV5M_AUTHENTICATOR))
+                            authenticator->magic = KV5M_AUTHENTICATOR;
+                        else
+                            kret = EINVAL;
+                    }
+                }
+            }
+            if (!kret) {
+                *buffer = bp;
+                *lenremain = remain;
+                *argp = (krb5_pointer) authenticator;
+            }
+            else
+                krb5_free_authenticator(kcontext, authenticator);
+        }
     }
     return(kret);
 }
diff --git a/src/lib/krb5/krb/ser_cksum.c b/src/lib/krb5/krb/ser_cksum.c
index 8d2870249..4d194c7d0 100644
--- a/src/lib/krb5/krb/ser_cksum.c
+++ b/src/lib/krb5/krb/ser_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/ser_cksum.c
  *
@@ -33,159 +34,159 @@
 
 /*
  * Routines to deal with externalizing the krb5_checksum:
- *	krb5_checksum_esize();
- *	krb5_checksum_externalize();
- *	krb5_checksum_internalize();
+ *      krb5_checksum_esize();
+ *      krb5_checksum_externalize();
+ *      krb5_checksum_internalize();
  */
 static krb5_error_code krb5_checksum_esize
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_checksum_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_checksum_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /* Local data */
 static const krb5_ser_entry krb5_checksum_ser_entry = {
-    KV5M_CHECKSUM,			/* Type			*/
-    krb5_checksum_esize,		/* Sizer routine	*/
-    krb5_checksum_externalize,		/* Externalize routine	*/
-    krb5_checksum_internalize		/* Internalize routine	*/
+    KV5M_CHECKSUM,                      /* Type                 */
+    krb5_checksum_esize,                /* Sizer routine        */
+    krb5_checksum_externalize,          /* Externalize routine  */
+    krb5_checksum_internalize           /* Internalize routine  */
 };
 
 /*
- * krb5_checksum_esize()	- Determine the size required to externalize
- *				  the krb5_checksum.
+ * krb5_checksum_esize()        - Determine the size required to externalize
+ *                                the krb5_checksum.
  */
 static krb5_error_code
 krb5_checksum_esize(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_checksum	*checksum;
+    krb5_error_code     kret;
+    krb5_checksum       *checksum;
 
     /*
      * krb5_checksum requires:
-     *	krb5_int32		for KV5M_CHECKSUM
-     *	krb5_int32		for checksum_type
-     *	krb5_int32		for length
-     *	krb5_int32		for KV5M_CHECKSUM
-     *	checksum->length	for contents
+     *  krb5_int32              for KV5M_CHECKSUM
+     *  krb5_int32              for checksum_type
+     *  krb5_int32              for length
+     *  krb5_int32              for KV5M_CHECKSUM
+     *  checksum->length        for contents
      */
     kret = EINVAL;
     if ((checksum = (krb5_checksum *) arg)) {
-	*sizep += (sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   (size_t) checksum->length);
-	kret = 0;
+        *sizep += (sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   (size_t) checksum->length);
+        kret = 0;
     }
     return(kret);
 }
 
 /*
- * krb5_checksum_externalize()	- Externalize the krb5_checksum.
+ * krb5_checksum_externalize()  - Externalize the krb5_checksum.
  */
 static krb5_error_code
 krb5_checksum_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_checksum	*checksum;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_checksum       *checksum;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((checksum = (krb5_checksum *) arg)) {
-	kret = ENOMEM;
-	if (!krb5_checksum_esize(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    /* Our identifier */
-	    (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
-		
-	    /* Our checksum_type */
-	    (void) krb5_ser_pack_int32((krb5_int32) checksum->checksum_type,
-				       &bp, &remain);
+        kret = ENOMEM;
+        if (!krb5_checksum_esize(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
 
-	    /* Our length */
-	    (void) krb5_ser_pack_int32((krb5_int32) checksum->length,
-				       &bp, &remain);
+            /* Our checksum_type */
+            (void) krb5_ser_pack_int32((krb5_int32) checksum->checksum_type,
+                                       &bp, &remain);
 
-	    /* Our contents */
-	    (void) krb5_ser_pack_bytes(checksum->contents,
-				       (size_t) checksum->length,
-				       &bp, &remain);
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) checksum->length,
+                                       &bp, &remain);
 
-	    /* Finally, our trailer */
-	    (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
+            /* Our contents */
+            (void) krb5_ser_pack_bytes(checksum->contents,
+                                       (size_t) checksum->length,
+                                       &bp, &remain);
 
-	    kret = 0;
-	    *buffer = bp;
-	    *lenremain = remain;
-	}
+            /* Finally, our trailer */
+            (void) krb5_ser_pack_int32(KV5M_CHECKSUM, &bp, &remain);
+
+            kret = 0;
+            *buffer = bp;
+            *lenremain = remain;
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_checksum_internalize()	- Internalize the krb5_checksum.
+ * krb5_checksum_internalize()  - Internalize the krb5_checksum.
  */
 static krb5_error_code
 krb5_checksum_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_checksum	*checksum;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_checksum       *checksum;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
 
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-	ibuf = 0;
+        ibuf = 0;
     if (ibuf == KV5M_CHECKSUM) {
-	kret = ENOMEM;
+        kret = ENOMEM;
 
-	/* Get a checksum */
-	if ((remain >= (2*sizeof(krb5_int32))) &&
-	    (checksum = (krb5_checksum *) calloc(1, sizeof(krb5_checksum)))) {
-	    /* Get the checksum_type */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    checksum->checksum_type = (krb5_cksumtype) ibuf;
+        /* Get a checksum */
+        if ((remain >= (2*sizeof(krb5_int32))) &&
+            (checksum = (krb5_checksum *) calloc(1, sizeof(krb5_checksum)))) {
+            /* Get the checksum_type */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            checksum->checksum_type = (krb5_cksumtype) ibuf;
 
-	    /* Get the length */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    checksum->length = (int) ibuf;
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            checksum->length = (int) ibuf;
 
-	    /* Get the string */
-	    if (!ibuf ||
-		((checksum->contents = (krb5_octet *)
-		  malloc((size_t) (ibuf))) &&
-		 !(kret = krb5_ser_unpack_bytes(checksum->contents,
-						(size_t) ibuf,
-						&bp, &remain)))) {
+            /* Get the string */
+            if (!ibuf ||
+                ((checksum->contents = (krb5_octet *)
+                  malloc((size_t) (ibuf))) &&
+                 !(kret = krb5_ser_unpack_bytes(checksum->contents,
+                                                (size_t) ibuf,
+                                                &bp, &remain)))) {
 
-		/* Get the trailer */
-		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-		if (!kret && (ibuf == KV5M_CHECKSUM)) {
-		    checksum->magic = KV5M_CHECKSUM;
-		    *buffer = bp;
-		    *lenremain = remain;
-		    *argp = (krb5_pointer) checksum;
-		}
-		else
-		    kret = EINVAL;
-	    }
-	    if (kret) {
-		if (checksum->contents)
-		    free(checksum->contents);
-		free(checksum);
-	    }
-	}
+                /* Get the trailer */
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                if (!kret && (ibuf == KV5M_CHECKSUM)) {
+                    checksum->magic = KV5M_CHECKSUM;
+                    *buffer = bp;
+                    *lenremain = remain;
+                    *argp = (krb5_pointer) checksum;
+                }
+                else
+                    kret = EINVAL;
+            }
+            if (kret) {
+                if (checksum->contents)
+                    free(checksum->contents);
+                free(checksum);
+            }
+        }
     }
     return(kret);
 }
diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c
index c8f673b77..b632ff02c 100644
--- a/src/lib/krb5/krb/ser_ctx.c
+++ b/src/lib/krb5/krb/ser_ctx.c
@@ -36,7 +36,7 @@
  *	krb5_context_size();
  *	krb5_context_externalize();
  *	krb5_context_internalize();
- * 
+ *
  * Routines to deal with externalizing the krb5_os_context:
  *	krb5_oscontext_size();
  *	krb5_oscontext_externalize();
@@ -197,23 +197,23 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b
 
     if (required > remain)
 	return (ENOMEM);
-    
+
     /* First write our magic number */
     kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain);
     if (kret)
 	return (kret);
-    
+
     /* Now sizeof default realm */
     kret = krb5_ser_pack_int32((context->default_realm) ?
 			       (krb5_int32) strlen(context->default_realm) : 0,
 			       &bp, &remain);
     if (kret)
 	return (kret);
-    
+
     /* Now default_realm bytes */
     if (context->default_realm) {
 	kret = krb5_ser_pack_bytes((krb5_octet *) context->default_realm,
-				   strlen(context->default_realm), 
+				   strlen(context->default_realm),
 				   &bp, &remain);
 	if (kret)
 	    return (kret);
@@ -239,7 +239,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b
     kret = krb5_ser_pack_int32(etypes_len(context->tgs_etypes), &bp, &remain);
     if (kret)
 	return (kret);
-	
+
     /* Now serialize ktypes */
     if (context->tgs_etypes) {
 	for (i = 0; context->tgs_etypes[i]; i++) {
@@ -248,19 +248,19 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b
 		return (kret);
 	}
     }
-	
+
     /* Now allowable clockskew */
     kret = krb5_ser_pack_int32((krb5_int32) context->clockskew,
 			       &bp, &remain);
     if (kret)
 	return (kret);
-	
+
     /* Now kdc_req_sumtype */
     kret = krb5_ser_pack_int32((krb5_int32) context->kdc_req_sumtype,
 			       &bp, &remain);
     if (kret)
 	return (kret);
-	
+
     /* Now default ap_req_sumtype */
     kret = krb5_ser_pack_int32((krb5_int32) context->default_ap_req_sumtype,
 			       &bp, &remain);
@@ -284,7 +284,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b
 			       &bp, &remain);
     if (kret)
 	return (kret);
-	
+
     /* Now profile_secure */
     kret = krb5_ser_pack_int32((krb5_int32) context->profile_secure,
 			       &bp, &remain);
@@ -321,7 +321,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b
 	if (kret)
 	    return (kret);
     }
-	
+
     /*
      * If we were successful, write trailer then update the pointer and
      * remaining length;
@@ -329,7 +329,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b
     kret = krb5_ser_pack_int32(KV5M_CONTEXT, &bp, &remain);
     if (kret)
 	return (kret);
-    
+
     *buffer = bp;
     *lenremain = remain;
 
@@ -379,10 +379,10 @@ krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet *
 				     (size_t) ibuf, &bp, &remain);
 	if (kret)
 	    goto cleanup;
-	
+
 	context->default_realm[ibuf] = '\0';
     }
-	
+
     /* Get the in_tkt_etypes */
     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
 	goto cleanup;
@@ -425,17 +425,17 @@ krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet *
     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
 	goto cleanup;
     context->clockskew = (krb5_deltat) ibuf;
-    
+
     /* kdc_req_sumtype */
     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
 	goto cleanup;
     context->kdc_req_sumtype = (krb5_cksumtype) ibuf;
-    
+
     /* default ap_req_sumtype */
     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
 	goto cleanup;
     context->default_ap_req_sumtype = (krb5_cksumtype) ibuf;
-    
+
     /* default_safe_sumtype */
     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
 	goto cleanup;
@@ -484,14 +484,14 @@ krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet *
 				   &bp, &remain);
     if (kret && (kret != EINVAL) && (kret != ENOENT))
 	goto cleanup;
-    
+
     /* Attempt to read in the profile */
     kret = krb5_internalize_opaque(kcontext, PROF_MAGIC_PROFILE,
 				   (krb5_pointer *) &context->profile,
 				   &bp, &remain);
     if (kret && (kret != EINVAL) && (kret != ENOENT))
 	goto cleanup;
-    
+
     /* Finally, find the trailer */
     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
 	goto cleanup;
@@ -590,7 +590,7 @@ krb5_oscontext_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet
 	kret = ENOMEM;
 
 	/* Get memory for the context */
-	if ((os_ctx = (krb5_os_context) 
+	if ((os_ctx = (krb5_os_context)
 	     calloc(1, sizeof(struct _krb5_os_context))) &&
 	    (remain >= 4*sizeof(krb5_int32))) {
 	    os_ctx->magic = KV5M_OS_CONTEXT;
diff --git a/src/lib/krb5/krb/ser_eblk.c b/src/lib/krb5/krb/ser_eblk.c
index 8bce41cf1..894a43e77 100644
--- a/src/lib/krb5/krb/ser_eblk.c
+++ b/src/lib/krb5/krb/ser_eblk.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/ser_eblk.c
  *
@@ -34,211 +35,211 @@
 
 /*
  * Routines to deal with externalizing the krb5_encrypt_block:
- *	krb5_encrypt_block_size();
- *	krb5_encrypt_block_externalize();
- *	krb5_encrypt_block_internalize();
+ *      krb5_encrypt_block_size();
+ *      krb5_encrypt_block_externalize();
+ *      krb5_encrypt_block_internalize();
  */
 static krb5_error_code krb5_encrypt_block_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_encrypt_block_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_encrypt_block_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /* Local data */
 static const krb5_ser_entry krb5_encrypt_block_ser_entry = {
-    KV5M_ENCRYPT_BLOCK,			/* Type			*/
-    krb5_encrypt_block_size,		/* Sizer routine	*/
-    krb5_encrypt_block_externalize,	/* Externalize routine	*/
-    krb5_encrypt_block_internalize	/* Internalize routine	*/
+    KV5M_ENCRYPT_BLOCK,                 /* Type                 */
+    krb5_encrypt_block_size,            /* Sizer routine        */
+    krb5_encrypt_block_externalize,     /* Externalize routine  */
+    krb5_encrypt_block_internalize      /* Internalize routine  */
 };
 
 /*
- * krb5_encrypt_block_size()	- Determine the size required to externalize
- *				  the krb5_encrypt_block.
+ * krb5_encrypt_block_size()    - Determine the size required to externalize
+ *                                the krb5_encrypt_block.
  */
 static krb5_error_code
 krb5_encrypt_block_size(kcontext, arg, sizep)
-    krb5_context	kcontext;
-    krb5_pointer	arg;
-    size_t		*sizep;
+    krb5_context        kcontext;
+    krb5_pointer        arg;
+    size_t              *sizep;
 {
-    krb5_error_code	kret;
-    krb5_encrypt_block	*encrypt_block;
-    size_t		required;
+    krb5_error_code     kret;
+    krb5_encrypt_block  *encrypt_block;
+    size_t              required;
 
     /*
      * NOTE: This ASSuMES that enctype are sufficient to recreate
      * the _krb5_cryptosystem_entry.  If this is not true, then something else
      * had better be encoded here.
-     * 
+     *
      * krb5_encrypt_block base requirements:
-     *	krb5_int32			for KV5M_ENCRYPT_BLOCK
-     *	krb5_int32			for enctype
-     *	krb5_int32			for private length
-     *	encrypt_block->priv_size	for private contents
-     *	krb5_int32			for KV5M_ENCRYPT_BLOCK
+     *  krb5_int32                      for KV5M_ENCRYPT_BLOCK
+     *  krb5_int32                      for enctype
+     *  krb5_int32                      for private length
+     *  encrypt_block->priv_size        for private contents
+     *  krb5_int32                      for KV5M_ENCRYPT_BLOCK
      */
     kret = EINVAL;
     if ((encrypt_block = (krb5_encrypt_block *) arg)) {
-	required = (sizeof(krb5_int32) +
-		    sizeof(krb5_int32) +
-		    sizeof(krb5_int32) +
-		    sizeof(krb5_int32) +
-		    sizeof(krb5_int32) +
-		    (size_t) encrypt_block->priv_size);
-	if (encrypt_block->key)
-	    kret = krb5_size_opaque(kcontext,
-				    KV5M_KEYBLOCK,
-				    (krb5_pointer) encrypt_block->key,
-				    &required);
-	else
-	    kret = 0;
-	if (!kret)
-	    *sizep += required;
+        required = (sizeof(krb5_int32) +
+                    sizeof(krb5_int32) +
+                    sizeof(krb5_int32) +
+                    sizeof(krb5_int32) +
+                    sizeof(krb5_int32) +
+                    (size_t) encrypt_block->priv_size);
+        if (encrypt_block->key)
+            kret = krb5_size_opaque(kcontext,
+                                    KV5M_KEYBLOCK,
+                                    (krb5_pointer) encrypt_block->key,
+                                    &required);
+        else
+            kret = 0;
+        if (!kret)
+            *sizep += required;
     }
     return(kret);
 }
 
 /*
- * krb5_encrypt_block_externalize()	- Externalize the krb5_encrypt_block.
+ * krb5_encrypt_block_externalize()     - Externalize the krb5_encrypt_block.
  */
 static krb5_error_code
 krb5_encrypt_block_externalize(kcontext, arg, buffer, lenremain)
-    krb5_context	kcontext;
-    krb5_pointer	arg;
-    krb5_octet		**buffer;
-    size_t		*lenremain;
+    krb5_context        kcontext;
+    krb5_pointer        arg;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
 {
-    krb5_error_code	kret;
-    krb5_encrypt_block	*encrypt_block;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_encrypt_block  *encrypt_block;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((encrypt_block = (krb5_encrypt_block *) arg)) {
-	kret = ENOMEM;
-	if (!krb5_encrypt_block_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    /* Our identifier */
-	    (void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain);
-		
-	    /* Our enctype */
-	    (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->
-				       crypto_entry->proto_enctype,
-				       &bp, &remain);
+        kret = ENOMEM;
+        if (!krb5_encrypt_block_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain);
 
-	    /* Our length */
-	    (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->priv_size,
-				       &bp, &remain);
+            /* Our enctype */
+            (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->
+                                       crypto_entry->proto_enctype,
+                                       &bp, &remain);
 
-	    /* Our private data */
-	    (void) krb5_ser_pack_bytes(encrypt_block->priv,
-				       (size_t) encrypt_block->priv_size,
-				       &bp, &remain);
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) encrypt_block->priv_size,
+                                       &bp, &remain);
 
-	    /* Finally, the key data */
-	    if (encrypt_block->key)
-		kret = krb5_externalize_opaque(kcontext,
-					       KV5M_KEYBLOCK,
-					       (krb5_pointer)
-					       encrypt_block->key,
-					       &bp,
-					       &remain);
-	    else
-		kret = 0;
+            /* Our private data */
+            (void) krb5_ser_pack_bytes(encrypt_block->priv,
+                                       (size_t) encrypt_block->priv_size,
+                                       &bp, &remain);
 
-	    if (!kret) {
-		/* Write trailer */
-		(void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain);
-		*buffer = bp;
-		*lenremain = remain;
-	    }
-	}
+            /* Finally, the key data */
+            if (encrypt_block->key)
+                kret = krb5_externalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer)
+                                               encrypt_block->key,
+                                               &bp,
+                                               &remain);
+            else
+                kret = 0;
+
+            if (!kret) {
+                /* Write trailer */
+                (void) krb5_ser_pack_int32(KV5M_ENCRYPT_BLOCK, &bp, &remain);
+                *buffer = bp;
+                *lenremain = remain;
+            }
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_encrypt_block_internalize()	- Internalize the krb5_encrypt_block.
+ * krb5_encrypt_block_internalize()     - Internalize the krb5_encrypt_block.
  */
 static krb5_error_code
 krb5_encrypt_block_internalize(kcontext, argp, buffer, lenremain)
-    krb5_context	kcontext;
-    krb5_pointer	*argp;
-    krb5_octet		**buffer;
-    size_t		*lenremain;
+    krb5_context        kcontext;
+    krb5_pointer        *argp;
+    krb5_octet          **buffer;
+    size_t              *lenremain;
 {
-    krb5_error_code	kret;
-    krb5_encrypt_block	*encrypt_block;
-    krb5_int32		ibuf;
-    krb5_enctype	ktype;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_encrypt_block  *encrypt_block;
+    krb5_int32          ibuf;
+    krb5_enctype        ktype;
+    krb5_octet          *bp;
+    size_t              remain;
 
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-	ibuf = 0;
+        ibuf = 0;
     if (ibuf == KV5M_ENCRYPT_BLOCK) {
-	kret = ENOMEM;
+        kret = ENOMEM;
 
-	/* Get an encrypt_block */
-	if ((remain >= (3*sizeof(krb5_int32))) &&
-	    (encrypt_block = (krb5_encrypt_block *)
-	     calloc(1, sizeof(krb5_encrypt_block)))) {
-	    /* Get the enctype */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    ktype = (krb5_enctype) ibuf;
+        /* Get an encrypt_block */
+        if ((remain >= (3*sizeof(krb5_int32))) &&
+            (encrypt_block = (krb5_encrypt_block *)
+             calloc(1, sizeof(krb5_encrypt_block)))) {
+            /* Get the enctype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            ktype = (krb5_enctype) ibuf;
 
-	    /* Use the ktype to determine the crypto_system entry. */
-	    krb5_use_enctype(kcontext, encrypt_block, ktype);
+            /* Use the ktype to determine the crypto_system entry. */
+            krb5_use_enctype(kcontext, encrypt_block, ktype);
 
-	    /* Get the length */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    encrypt_block->priv_size = (int) ibuf;
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            encrypt_block->priv_size = (int) ibuf;
 
-	    /* Get the string */
-	    if (!ibuf ||
-		((encrypt_block->priv = (void *) malloc((size_t) (ibuf))) &&
-		 !(kret = krb5_ser_unpack_bytes((krb5_octet *)
-						encrypt_block->priv,
-						(size_t)
-						encrypt_block->priv_size,
-						&bp, &remain)))) {
-		kret = krb5_internalize_opaque(kcontext,
-					       KV5M_KEYBLOCK,
-					       (krb5_pointer *)
-					       &encrypt_block->key,
-					       &bp,
-					       &remain);
-		if (kret == EINVAL)
-		    kret = 0;
+            /* Get the string */
+            if (!ibuf ||
+                ((encrypt_block->priv = (void *) malloc((size_t) (ibuf))) &&
+                 !(kret = krb5_ser_unpack_bytes((krb5_octet *)
+                                                encrypt_block->priv,
+                                                (size_t)
+                                                encrypt_block->priv_size,
+                                                &bp, &remain)))) {
+                kret = krb5_internalize_opaque(kcontext,
+                                               KV5M_KEYBLOCK,
+                                               (krb5_pointer *)
+                                               &encrypt_block->key,
+                                               &bp,
+                                               &remain);
+                if (kret == EINVAL)
+                    kret = 0;
 
-		if (!kret) {
-		    kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-		    if (!kret && (ibuf == KV5M_ENCRYPT_BLOCK)) {
-			*buffer = bp;
-			*lenremain = remain;
-			encrypt_block->magic = KV5M_ENCRYPT_BLOCK;
-			*argp = (krb5_pointer) encrypt_block;
-		    }
-		    else
-			kret = EINVAL;
-		}
-	    }
-	    if (kret) {
-		if (encrypt_block->priv)
-		    free(encrypt_block->priv);
-		free(encrypt_block);
-	    }
-	}
+                if (!kret) {
+                    kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                    if (!kret && (ibuf == KV5M_ENCRYPT_BLOCK)) {
+                        *buffer = bp;
+                        *lenremain = remain;
+                        encrypt_block->magic = KV5M_ENCRYPT_BLOCK;
+                        *argp = (krb5_pointer) encrypt_block;
+                    }
+                    else
+                        kret = EINVAL;
+                }
+            }
+            if (kret) {
+                if (encrypt_block->priv)
+                    free(encrypt_block->priv);
+                free(encrypt_block);
+            }
+        }
     }
     return(kret);
 }
@@ -248,7 +249,7 @@ krb5_encrypt_block_internalize(kcontext, argp, buffer, lenremain)
  */
 krb5_error_code
 krb5_ser_encrypt_block_init(kcontext)
-    krb5_context	kcontext;
+    krb5_context        kcontext;
 {
     return(krb5_register_serializer(kcontext, &krb5_encrypt_block_ser_entry));
 }
diff --git a/src/lib/krb5/krb/ser_key.c b/src/lib/krb5/krb/ser_key.c
index 25522de7b..f441e986f 100644
--- a/src/lib/krb5/krb/ser_key.c
+++ b/src/lib/krb5/krb/ser_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/ser_key.c
  *
@@ -33,157 +34,157 @@
 
 /*
  * Routines to deal with externalizing the krb5_keyblock:
- *	krb5_keyblock_size();
- *	krb5_keyblock_externalize();
- *	krb5_keyblock_internalize();
+ *      krb5_keyblock_size();
+ *      krb5_keyblock_externalize();
+ *      krb5_keyblock_internalize();
  */
 static krb5_error_code krb5_keyblock_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_keyblock_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_keyblock_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /* Local data */
 static const krb5_ser_entry krb5_keyblock_ser_entry = {
-    KV5M_KEYBLOCK,			/* Type			*/
-    krb5_keyblock_size,			/* Sizer routine	*/
-    krb5_keyblock_externalize,		/* Externalize routine	*/
-    krb5_keyblock_internalize		/* Internalize routine	*/
+    KV5M_KEYBLOCK,                      /* Type                 */
+    krb5_keyblock_size,                 /* Sizer routine        */
+    krb5_keyblock_externalize,          /* Externalize routine  */
+    krb5_keyblock_internalize           /* Internalize routine  */
 };
 
 /*
- * krb5_keyblock_size()	- Determine the size required to externalize
- *				  the krb5_keyblock.
+ * krb5_keyblock_size() - Determine the size required to externalize
+ *                                the krb5_keyblock.
  */
 static krb5_error_code
 krb5_keyblock_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_keyblock	*keyblock;
+    krb5_error_code     kret;
+    krb5_keyblock       *keyblock;
 
     /*
      * krb5_keyblock requires:
-     *	krb5_int32			for KV5M_KEYBLOCK
-     *	krb5_int32			for enctype
-     *	krb5_int32			for length
-     *	keyblock->length		for contents
-     *	krb5_int32			for KV5M_KEYBLOCK
+     *  krb5_int32                      for KV5M_KEYBLOCK
+     *  krb5_int32                      for enctype
+     *  krb5_int32                      for length
+     *  keyblock->length                for contents
+     *  krb5_int32                      for KV5M_KEYBLOCK
      */
     kret = EINVAL;
     if ((keyblock = (krb5_keyblock *) arg)) {
-	*sizep += (sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   sizeof(krb5_int32) +
-		   (size_t) keyblock->length);
-	kret = 0;
+        *sizep += (sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   sizeof(krb5_int32) +
+                   (size_t) keyblock->length);
+        kret = 0;
     }
     return(kret);
 }
 
 /*
- * krb5_keyblock_externalize()	- Externalize the krb5_keyblock.
+ * krb5_keyblock_externalize()  - Externalize the krb5_keyblock.
  */
 static krb5_error_code
 krb5_keyblock_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_keyblock	*keyblock;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_keyblock       *keyblock;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((keyblock = (krb5_keyblock *) arg)) {
-	kret = ENOMEM;
-	if (!krb5_keyblock_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    /* Our identifier */
-	    (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
-		
-	    /* Our enctype */
-	    (void) krb5_ser_pack_int32((krb5_int32) keyblock->enctype,
-				       &bp, &remain);
+        kret = ENOMEM;
+        if (!krb5_keyblock_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            /* Our identifier */
+            (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
 
-	    /* Our length */
-	    (void) krb5_ser_pack_int32((krb5_int32) keyblock->length,
-				       &bp, &remain);
+            /* Our enctype */
+            (void) krb5_ser_pack_int32((krb5_int32) keyblock->enctype,
+                                       &bp, &remain);
 
-	    /* Our contents */
-	    (void) krb5_ser_pack_bytes(keyblock->contents,
-				       (size_t) keyblock->length,
-				       &bp, &remain);
+            /* Our length */
+            (void) krb5_ser_pack_int32((krb5_int32) keyblock->length,
+                                       &bp, &remain);
 
-	    /* Finally, our trailer */
-	    (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
+            /* Our contents */
+            (void) krb5_ser_pack_bytes(keyblock->contents,
+                                       (size_t) keyblock->length,
+                                       &bp, &remain);
 
-	    kret = 0;
-	    *buffer = bp;
-	    *lenremain = remain;
-	}
+            /* Finally, our trailer */
+            (void) krb5_ser_pack_int32(KV5M_KEYBLOCK, &bp, &remain);
+
+            kret = 0;
+            *buffer = bp;
+            *lenremain = remain;
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_keyblock_internalize()	- Internalize the krb5_keyblock.
+ * krb5_keyblock_internalize()  - Internalize the krb5_keyblock.
  */
 static krb5_error_code
 krb5_keyblock_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_keyblock	*keyblock;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
+    krb5_error_code     kret;
+    krb5_keyblock       *keyblock;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
 
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
-	ibuf = 0;
+        ibuf = 0;
     if (ibuf == KV5M_KEYBLOCK) {
-	kret = ENOMEM;
+        kret = ENOMEM;
 
-	/* Get a keyblock */
-	if ((remain >= (3*sizeof(krb5_int32))) &&
-	    (keyblock = (krb5_keyblock *) calloc(1, sizeof(krb5_keyblock)))) {
-	    /* Get the enctype */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    keyblock->enctype = (krb5_enctype) ibuf;
+        /* Get a keyblock */
+        if ((remain >= (3*sizeof(krb5_int32))) &&
+            (keyblock = (krb5_keyblock *) calloc(1, sizeof(krb5_keyblock)))) {
+            /* Get the enctype */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            keyblock->enctype = (krb5_enctype) ibuf;
 
-	    /* Get the length */
-	    (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-	    keyblock->length = (int) ibuf;
+            /* Get the length */
+            (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+            keyblock->length = (int) ibuf;
 
-	    /* Get the string */
-	    if ((keyblock->contents = (krb5_octet *) malloc((size_t) (ibuf)))&&
-		!(kret = krb5_ser_unpack_bytes(keyblock->contents,
-					       (size_t) ibuf,
-					       &bp, &remain))) {
-		kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
-		if (!kret && (ibuf == KV5M_KEYBLOCK)) {
-		    kret = 0;
-		    *buffer = bp;
-		    *lenremain = remain;
-		    keyblock->magic = KV5M_KEYBLOCK;
-		    *argp = (krb5_pointer) keyblock;
-		}
-		else
-		    kret = EINVAL;
-	    }
-	    if (kret) {
-		if (keyblock->contents)
-		    free(keyblock->contents);
-		free(keyblock);
-	    }
-	}
+            /* Get the string */
+            if ((keyblock->contents = (krb5_octet *) malloc((size_t) (ibuf)))&&
+                !(kret = krb5_ser_unpack_bytes(keyblock->contents,
+                                               (size_t) ibuf,
+                                               &bp, &remain))) {
+                kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+                if (!kret && (ibuf == KV5M_KEYBLOCK)) {
+                    kret = 0;
+                    *buffer = bp;
+                    *lenremain = remain;
+                    keyblock->magic = KV5M_KEYBLOCK;
+                    *argp = (krb5_pointer) keyblock;
+                }
+                else
+                    kret = EINVAL;
+            }
+            if (kret) {
+                if (keyblock->contents)
+                    free(keyblock->contents);
+                free(keyblock);
+            }
+        }
     }
     return(kret);
 }
diff --git a/src/lib/krb5/krb/ser_princ.c b/src/lib/krb5/krb/ser_princ.c
index cb90154ff..d93fbbe7a 100644
--- a/src/lib/krb5/krb/ser_princ.c
+++ b/src/lib/krb5/krb/ser_princ.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/ser_princ.c
  *
@@ -33,103 +34,103 @@
 
 /*
  * Routines to deal with externalizing the krb5_principal:
- *	krb5_principal_size();
- *	krb5_principal_externalize();
- *	krb5_principal_internalize();
+ *      krb5_principal_size();
+ *      krb5_principal_externalize();
+ *      krb5_principal_internalize();
  */
 static krb5_error_code krb5_principal_size
-	(krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_principal_externalize
-	(krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_principal_internalize
-	(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /* Local data */
 static const krb5_ser_entry krb5_principal_ser_entry = {
-    KV5M_PRINCIPAL,			/* Type			*/
-    krb5_principal_size,		/* Sizer routine	*/
-    krb5_principal_externalize,		/* Externalize routine	*/
-    krb5_principal_internalize		/* Internalize routine	*/
+    KV5M_PRINCIPAL,                     /* Type                 */
+    krb5_principal_size,                /* Sizer routine        */
+    krb5_principal_externalize,         /* Externalize routine  */
+    krb5_principal_internalize          /* Internalize routine  */
 };
 
 /*
- * krb5_principal_size()	- Determine the size required to externalize
- *				  the krb5_principal.
+ * krb5_principal_size()        - Determine the size required to externalize
+ *                                the krb5_principal.
  */
 static krb5_error_code
 krb5_principal_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_principal	principal;
-    char		*fname;
+    krb5_error_code     kret;
+    krb5_principal      principal;
+    char                *fname;
 
     /*
      * krb5_principal requires:
-     *	krb5_int32			for KV5M_PRINCIPAL
-     *	krb5_int32			for flattened name size
-     *	strlen(name)			for name.
-     *	krb5_int32			for KV5M_PRINCIPAL
+     *  krb5_int32                      for KV5M_PRINCIPAL
+     *  krb5_int32                      for flattened name size
+     *  strlen(name)                    for name.
+     *  krb5_int32                      for KV5M_PRINCIPAL
      */
     kret = EINVAL;
     if ((principal = (krb5_principal) arg) &&
-	!(kret = krb5_unparse_name(kcontext, principal, &fname))) {
-	*sizep += (3*sizeof(krb5_int32)) + strlen(fname);
-	free(fname);
+        !(kret = krb5_unparse_name(kcontext, principal, &fname))) {
+        *sizep += (3*sizeof(krb5_int32)) + strlen(fname);
+        free(fname);
     }
     return(kret);
 }
 
 /*
- * krb5_principal_externalize()	- Externalize the krb5_principal.
+ * krb5_principal_externalize() - Externalize the krb5_principal.
  */
 static krb5_error_code
 krb5_principal_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_principal	principal;
-    size_t		required;
-    krb5_octet		*bp;
-    size_t		remain;
-    char		*fname;
+    krb5_error_code     kret;
+    krb5_principal      principal;
+    size_t              required;
+    krb5_octet          *bp;
+    size_t              remain;
+    char                *fname;
 
     required = 0;
     bp = *buffer;
     remain = *lenremain;
     kret = EINVAL;
     if ((principal = (krb5_principal) arg)) {
-	kret = ENOMEM;
-	if (!krb5_principal_size(kcontext, arg, &required) &&
-	    (required <= remain)) {
-	    if (!(kret = krb5_unparse_name(kcontext, principal, &fname))) {
+        kret = ENOMEM;
+        if (!krb5_principal_size(kcontext, arg, &required) &&
+            (required <= remain)) {
+            if (!(kret = krb5_unparse_name(kcontext, principal, &fname))) {
 
-		(void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
-		(void) krb5_ser_pack_int32((krb5_int32) strlen(fname),
-					   &bp, &remain);
-		(void) krb5_ser_pack_bytes((krb5_octet *) fname,
-					   strlen(fname), &bp, &remain);
-		(void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
-		*buffer = bp;
-		*lenremain = remain;
+                (void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
+                (void) krb5_ser_pack_int32((krb5_int32) strlen(fname),
+                                           &bp, &remain);
+                (void) krb5_ser_pack_bytes((krb5_octet *) fname,
+                                           strlen(fname), &bp, &remain);
+                (void) krb5_ser_pack_int32(KV5M_PRINCIPAL, &bp, &remain);
+                *buffer = bp;
+                *lenremain = remain;
 
-		free(fname);
-	    }
-	}
+                free(fname);
+            }
+        }
     }
     return(kret);
 }
 
 /*
- * krb5_principal_internalize()	- Internalize the krb5_principal.
+ * krb5_principal_internalize() - Internalize the krb5_principal.
  */
 static krb5_error_code
 krb5_principal_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain)
 {
-    krb5_error_code	kret;
-    krb5_principal	principal = NULL;
-    krb5_int32		ibuf;
-    krb5_octet		*bp;
-    size_t		remain;
-    char		*tmpname = NULL;
+    krb5_error_code     kret;
+    krb5_principal      principal = NULL;
+    krb5_int32          ibuf;
+    krb5_octet          *bp;
+    size_t              remain;
+    char                *tmpname = NULL;
 
     *argp = NULL;
     bp = *buffer;
@@ -137,28 +138,28 @@ krb5_principal_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet
 
     /* Read our magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_PRINCIPAL)
-	return EINVAL;
+        return EINVAL;
 
     /* Read the principal name */
     kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
     if (kret)
-	return kret;
+        return kret;
     tmpname = malloc(ibuf + 1);
     kret = krb5_ser_unpack_bytes((krb5_octet *) tmpname, (size_t) ibuf,
-				 &bp, &remain);
+                                 &bp, &remain);
     if (kret)
-	goto cleanup;
+        goto cleanup;
     tmpname[ibuf] = '\0';
 
     /* Parse the name to a principal structure */
     kret = krb5_parse_name(kcontext, tmpname, &principal);
     if (kret)
-	goto cleanup;
+        goto cleanup;
 
     /* Read the trailing magic number */
     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain) || ibuf != KV5M_PRINCIPAL) {
-	kret = EINVAL;
-	goto cleanup;
+        kret = EINVAL;
+        goto cleanup;
     }
 
     *buffer = bp;
@@ -166,7 +167,7 @@ krb5_principal_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet
     *argp = principal;
 cleanup:
     if (kret)
-	krb5_free_principal(kcontext, principal);
+        krb5_free_principal(kcontext, principal);
     free(tmpname);
     return kret;
 }
diff --git a/src/lib/krb5/krb/serialize.c b/src/lib/krb5/krb/serialize.c
index d1edcf239..4e08aa93e 100644
--- a/src/lib/krb5/krb/serialize.c
+++ b/src/lib/krb5/krb/serialize.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/serialize.c
  *
@@ -31,94 +32,94 @@
 #include "k5-int.h"
 
 /*
- * krb5_find_serializer()	- See if a particular type is registered.
+ * krb5_find_serializer()       - See if a particular type is registered.
  */
 krb5_ser_handle
 krb5_find_serializer(krb5_context kcontext, krb5_magic odtype)
 {
-    krb5_ser_handle	res;
-    krb5_ser_handle	sctx;
-    int			i;
+    krb5_ser_handle     res;
+    krb5_ser_handle     sctx;
+    int                 i;
 
     res = (krb5_ser_handle) NULL;
     sctx = (krb5_ser_handle) kcontext->ser_ctx;
     for (i=0; i<kcontext->ser_ctx_count; i++) {
-	if (sctx[i].odtype == odtype) {
-	    res = &sctx[i];
-	    break;
-	}
+        if (sctx[i].odtype == odtype) {
+            res = &sctx[i];
+            break;
+        }
     }
     return(res);
 }
 
 /*
- * krb5_register_serializer()	- Register a particular serializer.
+ * krb5_register_serializer()   - Register a particular serializer.
  */
 krb5_error_code
 krb5_register_serializer(krb5_context kcontext, const krb5_ser_entry *entry)
 {
-    krb5_error_code	kret;
-    krb5_ser_entry *	stable;
+    krb5_error_code     kret;
+    krb5_ser_entry *    stable;
 
     kret = 0;
     /* See if it's already there, if so, we're good to go. */
     if (!(stable = (krb5_ser_entry *)krb5_find_serializer(kcontext,
-							  entry->odtype))) {
-	/*
-	 * Can't find our type.  Create a new entry.
-	 */
-	if ((stable = (krb5_ser_entry *) malloc(sizeof(krb5_ser_entry) *
-						(kcontext->ser_ctx_count+1)))) {
-	    /* Copy in old table */
-	    if (kcontext->ser_ctx_count)
-	         memcpy(stable, kcontext->ser_ctx,
-			sizeof(krb5_ser_entry) * kcontext->ser_ctx_count);
-	    /* Copy in new entry */
-	    memcpy(&stable[kcontext->ser_ctx_count], entry,
-		   sizeof(krb5_ser_entry));
-	    if (kcontext->ser_ctx) free(kcontext->ser_ctx);
-	    kcontext->ser_ctx = (void *) stable;
-	    kcontext->ser_ctx_count++;
-	}
-	else
-	    kret = ENOMEM;
+                                                          entry->odtype))) {
+        /*
+         * Can't find our type.  Create a new entry.
+         */
+        if ((stable = (krb5_ser_entry *) malloc(sizeof(krb5_ser_entry) *
+                                                (kcontext->ser_ctx_count+1)))) {
+            /* Copy in old table */
+            if (kcontext->ser_ctx_count)
+                memcpy(stable, kcontext->ser_ctx,
+                       sizeof(krb5_ser_entry) * kcontext->ser_ctx_count);
+            /* Copy in new entry */
+            memcpy(&stable[kcontext->ser_ctx_count], entry,
+                   sizeof(krb5_ser_entry));
+            if (kcontext->ser_ctx) free(kcontext->ser_ctx);
+            kcontext->ser_ctx = (void *) stable;
+            kcontext->ser_ctx_count++;
+        }
+        else
+            kret = ENOMEM;
     }
     else
-	*stable = *entry;
+        *stable = *entry;
     return(kret);
 }
 
 /*
- * krb5_size_opaque()	- Determine the size necessary to serialize a given
- *			  piece of opaque data.
+ * krb5_size_opaque()   - Determine the size necessary to serialize a given
+ *                        piece of opaque data.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_size_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer arg, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_ser_handle	shandle;
+    krb5_error_code     kret;
+    krb5_ser_handle     shandle;
 
     kret = ENOENT;
     /* See if the type is supported, if so, do it */
     if ((shandle = krb5_find_serializer(kcontext, odtype)))
-	kret = (shandle->sizer) ? (*shandle->sizer)(kcontext, arg, sizep) : 0;
+        kret = (shandle->sizer) ? (*shandle->sizer)(kcontext, arg, sizep) : 0;
     return(kret);
 }
 
 /*
- * krb5_externalize_opaque()	- Externalize a piece of opaque data.
+ * krb5_externalize_opaque()    - Externalize a piece of opaque data.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_externalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer arg, krb5_octet **bufpp, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_ser_handle	shandle;
+    krb5_error_code     kret;
+    krb5_ser_handle     shandle;
 
     kret = ENOENT;
     /* See if the type is supported, if so, do it */
     if ((shandle = krb5_find_serializer(kcontext, odtype)))
-	kret = (shandle->externalizer) ?
-	    (*shandle->externalizer)(kcontext, arg, bufpp, sizep) : 0;
+        kret = (shandle->externalizer) ?
+            (*shandle->externalizer)(kcontext, arg, bufpp, sizep) : 0;
     return(kret);
 }
 
@@ -128,146 +129,146 @@ krb5_externalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer a
 krb5_error_code
 krb5_externalize_data(krb5_context kcontext, krb5_pointer arg, krb5_octet **bufpp, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_magic		*mp;
-    krb5_octet		*buffer, *bp;
-    size_t		bufsize, bsize;
+    krb5_error_code     kret;
+    krb5_magic          *mp;
+    krb5_octet          *buffer, *bp;
+    size_t              bufsize, bsize;
 
     mp = (krb5_magic *) arg;
     bufsize = 0;
     if (!(kret = krb5_size_opaque(kcontext, *mp, arg, &bufsize))) {
-	if ((buffer = (krb5_octet *) malloc(bufsize))) {
-	    bp = buffer;
-	    bsize = bufsize;
-	    if (!(kret = krb5_externalize_opaque(kcontext,
-						 *mp,
-						 arg,
-						 &bp,
-						 &bsize))) {
-		if (bsize != 0)
-		    bufsize -= bsize;
-		*bufpp = buffer;
-		*sizep = bufsize;
-	    }
-	}
-	else
-	    kret = ENOMEM;
+        if ((buffer = (krb5_octet *) malloc(bufsize))) {
+            bp = buffer;
+            bsize = bufsize;
+            if (!(kret = krb5_externalize_opaque(kcontext,
+                                                 *mp,
+                                                 arg,
+                                                 &bp,
+                                                 &bsize))) {
+                if (bsize != 0)
+                    bufsize -= bsize;
+                *bufpp = buffer;
+                *sizep = bufsize;
+            }
+        }
+        else
+            kret = ENOMEM;
     }
     return(kret);
 }
 
 /*
- * krb5_internalize_opaque()	- Convert external representation into a data
- *				  structure.
+ * krb5_internalize_opaque()    - Convert external representation into a data
+ *                                structure.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_internalize_opaque(krb5_context kcontext, krb5_magic odtype, krb5_pointer *argp, krb5_octet **bufpp, size_t *sizep)
 {
-    krb5_error_code	kret;
-    krb5_ser_handle	shandle;
+    krb5_error_code     kret;
+    krb5_ser_handle     shandle;
 
     kret = ENOENT;
     /* See if the type is supported, if so, do it */
     if ((shandle = krb5_find_serializer(kcontext, odtype)))
-	kret = (shandle->internalizer) ?
-	    (*shandle->internalizer)(kcontext, argp, bufpp, sizep) : 0;
+        kret = (shandle->internalizer) ?
+            (*shandle->internalizer)(kcontext, argp, bufpp, sizep) : 0;
     return(kret);
 }
 
 /*
- * krb5_ser_pack_int32()	- Pack a 4-byte integer if space is available.
- *				  Update buffer pointer and remaining space.
+ * krb5_ser_pack_int32()        - Pack a 4-byte integer if space is available.
+ *                                Update buffer pointer and remaining space.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_ser_pack_int32(krb5_int32 iarg, krb5_octet **bufp, size_t *remainp)
 {
     if (*remainp >= sizeof(krb5_int32)) {
-	store_32_be(iarg, *bufp);
-	*bufp += sizeof(krb5_int32);
-	*remainp -= sizeof(krb5_int32);
-	return(0);
+        store_32_be(iarg, *bufp);
+        *bufp += sizeof(krb5_int32);
+        *remainp -= sizeof(krb5_int32);
+        return(0);
     }
     else
-	return(ENOMEM);
+        return(ENOMEM);
 }
 
 /*
- * krb5_ser_pack_int64()	- Pack an 8-byte integer if space is available.
- *				  Update buffer pointer and remaining space.
+ * krb5_ser_pack_int64()        - Pack an 8-byte integer if space is available.
+ *                                Update buffer pointer and remaining space.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_ser_pack_int64(krb5_int64 iarg, krb5_octet **bufp, size_t *remainp)
 {
     if (*remainp >= sizeof(krb5_int64)) {
-	store_64_be(iarg, (unsigned char *)*bufp);
-	*bufp += sizeof(krb5_int64);
-	*remainp -= sizeof(krb5_int64);
-	return(0);
+        store_64_be(iarg, (unsigned char *)*bufp);
+        *bufp += sizeof(krb5_int64);
+        *remainp -= sizeof(krb5_int64);
+        return(0);
     }
     else
-	return(ENOMEM);
+        return(ENOMEM);
 }
 
 /*
- * krb5_ser_pack_bytes()	- Pack a string of bytes.
+ * krb5_ser_pack_bytes()        - Pack a string of bytes.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_ser_pack_bytes(krb5_octet *ostring, size_t osize, krb5_octet **bufp, size_t *remainp)
 {
     if (*remainp >= osize) {
-	memcpy(*bufp, ostring, osize);
-	*bufp += osize;
-	*remainp -= osize;
-	return(0);
+        memcpy(*bufp, ostring, osize);
+        *bufp += osize;
+        *remainp -= osize;
+        return(0);
     }
     else
-	return(ENOMEM);
+        return(ENOMEM);
 }
 
 /*
- * krb5_ser_unpack_int32()	- Unpack a 4-byte integer if it's there.
+ * krb5_ser_unpack_int32()      - Unpack a 4-byte integer if it's there.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_ser_unpack_int32(krb5_int32 *intp, krb5_octet **bufp, size_t *remainp)
 {
     if (*remainp >= sizeof(krb5_int32)) {
-	*intp = load_32_be(*bufp);
-	*bufp += sizeof(krb5_int32);
-	*remainp -= sizeof(krb5_int32);
-	return(0);
+        *intp = load_32_be(*bufp);
+        *bufp += sizeof(krb5_int32);
+        *remainp -= sizeof(krb5_int32);
+        return(0);
     }
     else
-	return(ENOMEM);
+        return(ENOMEM);
 }
 
 /*
- * krb5_ser_unpack_int64()	- Unpack an 8-byte integer if it's there.
+ * krb5_ser_unpack_int64()      - Unpack an 8-byte integer if it's there.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_ser_unpack_int64(krb5_int64 *intp, krb5_octet **bufp, size_t *remainp)
 {
     if (*remainp >= sizeof(krb5_int64)) {
-	*intp = load_64_be((unsigned char *)*bufp);
-	*bufp += sizeof(krb5_int64);
-	*remainp -= sizeof(krb5_int64);
-	return(0);
+        *intp = load_64_be((unsigned char *)*bufp);
+        *bufp += sizeof(krb5_int64);
+        *remainp -= sizeof(krb5_int64);
+        return(0);
     }
     else
-	return(ENOMEM);
+        return(ENOMEM);
 }
 
 /*
- * krb5_ser_unpack_bytes()	- Unpack a byte string if it's there.
+ * krb5_ser_unpack_bytes()      - Unpack a byte string if it's there.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_ser_unpack_bytes(krb5_octet *istring, size_t isize, krb5_octet **bufp, size_t *remainp)
 {
     if (*remainp >= isize) {
-	memcpy(istring, *bufp, isize);
-	*bufp += isize;
-	*remainp -= isize;
-	return(0);
+        memcpy(istring, *bufp, isize);
+        *bufp += isize;
+        *remainp -= isize;
+        return(0);
     }
     else
-	return(ENOMEM);
+        return(ENOMEM);
 }
diff --git a/src/lib/krb5/krb/set_realm.c b/src/lib/krb5/krb/set_realm.c
index 9a96cd1ca..0128f6cb1 100644
--- a/src/lib/krb5/krb/set_realm.c
+++ b/src/lib/krb5/krb/set_realm.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/set_realm.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -29,23 +30,21 @@
 krb5_error_code KRB5_CALLCONV
 krb5_set_principal_realm(krb5_context context, krb5_principal principal, const char *realm)
 {
-	size_t	length;
-	char	*newrealm;
-	
-	if (!realm || !*realm)
-		return -EINVAL;
+    size_t  length;
+    char    *newrealm;
 
-	length = strlen(realm);
-	newrealm = strdup(realm);
-	if (!newrealm)
-		return -ENOMEM;
-	
-	(void) free(krb5_princ_realm(context,principal)->data);
+    if (!realm || !*realm)
+        return -EINVAL;
 
-	krb5_princ_realm(context, principal)->length = length;
-	krb5_princ_realm(context, principal)->data = newrealm;
+    length = strlen(realm);
+    newrealm = strdup(realm);
+    if (!newrealm)
+        return -ENOMEM;
 
-	return 0;
-}
+    (void) free(krb5_princ_realm(context,principal)->data);
 
+    krb5_princ_realm(context, principal)->length = length;
+    krb5_princ_realm(context, principal)->data = newrealm;
 
+    return 0;
+}
diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c
index 0934e27e1..f266fa5e9 100644
--- a/src/lib/krb5/krb/srv_dec_tkt.c
+++ b/src/lib/krb5/krb/srv_dec_tkt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/srv_dec_tkt.c
  *
@@ -24,7 +25,7 @@
  * or implied warranty.
  *
  *
- * Server decrypt ticket via keytab or keyblock. 
+ * Server decrypt ticket via keytab or keyblock.
  *
  * Different from krb5_rd_req_decoded. (krb5/src/lib/krb5/krb/rd_req_dec.c)
  *   - No krb5_principal_compare or KRB5KRB_AP_ERR_BADMATCH error.
@@ -33,94 +34,94 @@
  *   - No address checking or KRB5KRB_AP_ERR_BADADDR error.
  *   - No time validation.
  *   - No permitted enctype validation or KRB5_NOPERM_ETYPE error.
- *   - Does not free ticket->enc_part2 on error. 
+ *   - Does not free ticket->enc_part2 on error.
  */
 
 #include <k5-int.h>
 
-#ifndef LEAN_CLIENT 
+#ifndef LEAN_CLIENT
 krb5_error_code KRB5_CALLCONV
 krb5int_server_decrypt_ticket_keyblock(krb5_context context,
-				       const krb5_keyblock *key,
-				       krb5_ticket *ticket)
+                                       const krb5_keyblock *key,
+                                       krb5_ticket *ticket)
 {
     krb5_error_code retval;
     krb5_data *realm;
     krb5_transited *trans;
 
     retval = krb5_decrypt_tkt_part(context, key, ticket);
-    if (retval) 
-	goto done;
+    if (retval)
+        goto done;
 
     trans = &ticket->enc_part2->transited;
     realm = &ticket->enc_part2->client->realm;
     if (trans->tr_contents.data && *trans->tr_contents.data) {
-	retval = krb5_check_transited_list(context, &trans->tr_contents,
-					   realm, &ticket->server->realm);
-	goto done;
+        retval = krb5_check_transited_list(context, &trans->tr_contents,
+                                           realm, &ticket->server->realm);
+        goto done;
     }
 
-    if (ticket->enc_part2->flags & TKT_FLG_INVALID) {	/* ie, KDC_OPT_POSTDATED */
-	retval = KRB5KRB_AP_ERR_TKT_INVALID;
-	goto done;
+    if (ticket->enc_part2->flags & TKT_FLG_INVALID) {   /* ie, KDC_OPT_POSTDATED */
+        retval = KRB5KRB_AP_ERR_TKT_INVALID;
+        goto done;
     }
 
-  done:
+done:
     return retval;
 }
 
 
 krb5_error_code KRB5_CALLCONV
 krb5_server_decrypt_ticket_keytab(krb5_context context,
-				  const krb5_keytab keytab,
-				  krb5_ticket *ticket)
+                                  const krb5_keytab keytab,
+                                  krb5_ticket *ticket)
 {
-    krb5_error_code 	  retval;
-    krb5_keytab_entry 	  ktent;
+    krb5_error_code       retval;
+    krb5_keytab_entry     ktent;
 
     retval = KRB5_KT_NOTFOUND;
 
     if (keytab->ops->start_seq_get == NULL) {
-	retval = krb5_kt_get_entry(context, keytab,
-				   ticket->server,
-				   ticket->enc_part.kvno,
-				   ticket->enc_part.enctype, &ktent);
-	if (retval == 0) {
-	    retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket);
-
-	    (void) krb5_free_keytab_entry_contents(context, &ktent);
-	}
+        retval = krb5_kt_get_entry(context, keytab,
+                                   ticket->server,
+                                   ticket->enc_part.kvno,
+                                   ticket->enc_part.enctype, &ktent);
+        if (retval == 0) {
+            retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket);
+
+            (void) krb5_free_keytab_entry_contents(context, &ktent);
+        }
     } else {
-	krb5_error_code code;
-	krb5_kt_cursor cursor;
-
-	retval = krb5_kt_start_seq_get(context, keytab, &cursor);
-	if (retval != 0)
-	    goto map_error;
-
-	while ((code = krb5_kt_next_entry(context, keytab,
-					  &ktent, &cursor)) == 0) {
-	    if (ktent.key.enctype != ticket->enc_part.enctype)
-		continue;
-
-	    retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket);
-	    if (retval == 0) {
-		krb5_principal tmp;
-
-		retval = krb5_copy_principal(context, ktent.principal, &tmp);
-		if (retval == 0) {
-		    krb5_free_principal(context, ticket->server);
-		    ticket->server = tmp;
-		}
-		(void) krb5_free_keytab_entry_contents(context, &ktent);
-		break;
-	    }
-	    (void) krb5_free_keytab_entry_contents(context, &ktent);
-	}
-
-	code = krb5_kt_end_seq_get(context, keytab, &cursor);
-	if (code != 0)
-	    retval = code;
+        krb5_error_code code;
+        krb5_kt_cursor cursor;
+
+        retval = krb5_kt_start_seq_get(context, keytab, &cursor);
+        if (retval != 0)
+            goto map_error;
+
+        while ((code = krb5_kt_next_entry(context, keytab,
+                                          &ktent, &cursor)) == 0) {
+            if (ktent.key.enctype != ticket->enc_part.enctype)
+                continue;
+
+            retval = krb5int_server_decrypt_ticket_keyblock(context, &ktent.key, ticket);
+            if (retval == 0) {
+                krb5_principal tmp;
+
+                retval = krb5_copy_principal(context, ktent.principal, &tmp);
+                if (retval == 0) {
+                    krb5_free_principal(context, ticket->server);
+                    ticket->server = tmp;
+                }
+                (void) krb5_free_keytab_entry_contents(context, &ktent);
+                break;
+            }
+            (void) krb5_free_keytab_entry_contents(context, &ktent);
+        }
+
+        code = krb5_kt_end_seq_get(context, keytab, &cursor);
+        if (code != 0)
+            retval = code;
     }
 
 map_error:
@@ -128,13 +129,12 @@ map_error:
     case KRB5_KT_KVNONOTFOUND:
     case KRB5_KT_NOTFOUND:
     case KRB5KRB_AP_ERR_BAD_INTEGRITY:
-	retval = KRB5KRB_AP_WRONG_PRINC;
-	break;
+        retval = KRB5KRB_AP_WRONG_PRINC;
+        break;
     default:
-	break;
+        break;
     }
 
     return retval;
 }
 #endif /* LEAN_CLIENT */
-
diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c
index 7d6b68a7e..6730748f3 100644
--- a/src/lib/krb5/krb/srv_rcache.c
+++ b/src/lib/krb5/krb/srv_rcache.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/srv_rcache.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Allocate & prepare a default replay cache for a server.
  */
@@ -35,7 +36,7 @@
 #define isvalidrcname(x) ((!ispunct(x))&&isgraph(x))
 krb5_error_code KRB5_CALLCONV
 krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
-		       krb5_rcache *rcptr)
+                       krb5_rcache *rcptr)
 {
     krb5_rcache rcache = 0;
     char *cachename = 0, *cachetype;
@@ -45,22 +46,22 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
 #ifdef HAVE_GETEUID
     unsigned long uid = geteuid();
 #endif
-    
+
     if (piece == NULL)
-	return ENOMEM;
-    
+        return ENOMEM;
+
     cachetype = krb5_rc_default_type(context);
 
     krb5int_buf_init_dynamic(&buf);
     krb5int_buf_add(&buf, cachetype);
     krb5int_buf_add(&buf, ":");
     for (i = 0; i < piece->length; i++) {
-	if (piece->data[i] == '-')
-	    krb5int_buf_add(&buf, "--");
-	else if (!isvalidrcname((int) piece->data[i]))
-	    krb5int_buf_add_fmt(&buf, "-%03o", piece->data[i]);
-	else
-	    krb5int_buf_add_len(&buf, &piece->data[i], 1);
+        if (piece->data[i] == '-')
+            krb5int_buf_add(&buf, "--");
+        else if (!isvalidrcname((int) piece->data[i]))
+            krb5int_buf_add_fmt(&buf, "-%03o", piece->data[i]);
+        else
+            krb5int_buf_add_len(&buf, &piece->data[i], 1);
     }
 #ifdef HAVE_GETEUID
     krb5int_buf_add_fmt(&buf, "_%lu", uid);
@@ -68,16 +69,16 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
 
     cachename = krb5int_buf_data(&buf);
     if (cachename == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     retval = krb5_rc_resolve_full(context, &rcache, cachename);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = krb5_rc_recover_or_initialize(context, rcache,
-					   context->clockskew);
+                                           context->clockskew);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     *rcptr = rcache;
     rcache = 0;
@@ -85,8 +86,8 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
 
 cleanup:
     if (rcache)
-	krb5_rc_close(context, rcache);
+        krb5_rc_close(context, rcache);
     if (cachename)
-	free(cachename);
+        free(cachename);
     return retval;
 }
diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c
index 531eba126..1f2edcc66 100644
--- a/src/lib/krb5/krb/str_conv.c
+++ b/src/lib/krb5/krb/str_conv.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kadm/str_conv.c
  *
@@ -34,16 +35,16 @@
  *
  * String decoding:
  * ----------------
- * krb5_string_to_salttype()	- Convert string to salttype (krb5_int32)
- * krb5_string_to_timestamp()	- Convert string to krb5_timestamp.
- * krb5_string_to_deltat()	- Convert string to krb5_deltat.
+ * krb5_string_to_salttype()    - Convert string to salttype (krb5_int32)
+ * krb5_string_to_timestamp()   - Convert string to krb5_timestamp.
+ * krb5_string_to_deltat()      - Convert string to krb5_deltat.
  *
  * String encoding:
  * ----------------
- * krb5_salttype_to_string()	- Convert salttype (krb5_int32) to string.
- * krb5_timestamp_to_string()	- Convert krb5_timestamp to string.
- * krb5_timestamp_to_sfstring()	- Convert krb5_timestamp to short filled string
- * krb5_deltat_to_string()	- Convert krb5_deltat to string.
+ * krb5_salttype_to_string()    - Convert salttype (krb5_int32) to string.
+ * krb5_timestamp_to_string()   - Convert krb5_timestamp to string.
+ * krb5_timestamp_to_sfstring() - Convert krb5_timestamp to short filled string
+ * krb5_deltat_to_string()      - Convert krb5_deltat to string.
  */
 
 #include "k5-int.h"
@@ -55,9 +56,9 @@
  * Local data structures.
  */
 struct salttype_lookup_entry {
-    krb5_int32		stt_enctype;		/* Salt type		*/
-    const char *	stt_specifier;		/* How to recognize it	*/
-    const char *	stt_output;		/* How to spit it out	*/
+    krb5_int32          stt_enctype;            /* Salt type            */
+    const char *        stt_specifier;          /* How to recognize it  */
+    const char *        stt_output;             /* How to spit it out   */
 };
 
 /*
@@ -66,20 +67,20 @@ struct salttype_lookup_entry {
 
 #include "kdb.h"
 static const struct salttype_lookup_entry salttype_table[] = {
-/* salt type			input specifier	output string  */
-/*-----------------------------	--------------- ---------------*/
-{ KRB5_KDB_SALTTYPE_NORMAL,	"normal",	"Version 5"	  },
-{ KRB5_KDB_SALTTYPE_V4,		"v4",		"Version 4"	  },
-{ KRB5_KDB_SALTTYPE_NOREALM,	"norealm",	"Version 5 - No Realm" },
-{ KRB5_KDB_SALTTYPE_ONLYREALM,	"onlyrealm",	"Version 5 - Realm Only" },
-{ KRB5_KDB_SALTTYPE_SPECIAL,	"special",	"Special" },
-{ KRB5_KDB_SALTTYPE_AFS3,	"afs3",		"AFS version 3"    },
+/* salt type                    input specifier output string  */
+/*----------------------------- --------------- ---------------*/
+    { KRB5_KDB_SALTTYPE_NORMAL,     "normal",       "Version 5"       },
+    { KRB5_KDB_SALTTYPE_V4,         "v4",           "Version 4"       },
+    { KRB5_KDB_SALTTYPE_NOREALM,    "norealm",      "Version 5 - No Realm" },
+    { KRB5_KDB_SALTTYPE_ONLYREALM,  "onlyrealm",    "Version 5 - Realm Only" },
+    { KRB5_KDB_SALTTYPE_SPECIAL,    "special",      "Special" },
+    { KRB5_KDB_SALTTYPE_AFS3,       "afs3",         "AFS version 3"    },
 #if PKINIT_APPLE
-{ KRB5_KDB_SALTTYPE_CERTHASH,	"certhash",	"PKINIT Cert Hash"  }
+    { KRB5_KDB_SALTTYPE_CERTHASH,   "certhash",     "PKINIT Cert Hash"  }
 #endif /* PKINIT_APPLE */
 };
 static const int salttype_table_nents = sizeof(salttype_table)/
-					sizeof(salttype_table[0]);
+    sizeof(salttype_table[0]);
 
 krb5_error_code KRB5_CALLCONV
 krb5_string_to_salttype(char *string, krb5_int32 *salttypep)
@@ -89,11 +90,11 @@ krb5_string_to_salttype(char *string, krb5_int32 *salttypep)
 
     found = 0;
     for (i=0; i<salttype_table_nents; i++) {
-	if (!strcasecmp(string, salttype_table[i].stt_specifier)) {
-	    found = 1;
-	    *salttypep = salttype_table[i].stt_enctype;
-	    break;
-	}
+        if (!strcasecmp(string, salttype_table[i].stt_specifier)) {
+            found = 1;
+            *salttypep = salttype_table[i].stt_enctype;
+            break;
+        }
     }
     return((found) ? 0 : EINVAL);
 }
@@ -112,18 +113,18 @@ krb5_salttype_to_string(krb5_int32 salttype, char *buffer, size_t buflen)
 
     out = (char *) NULL;
     for (i=0; i<salttype_table_nents; i++) {
-	if (salttype ==  salttype_table[i].stt_enctype) {
-	    out = salttype_table[i].stt_output;
-	    break;
-	}
+        if (salttype ==  salttype_table[i].stt_enctype) {
+            out = salttype_table[i].stt_output;
+            break;
+        }
     }
     if (out) {
-	if (strlcpy(buffer, out, buflen) >= buflen)
-	    return(ENOMEM);
-	return(0);
+        if (strlcpy(buffer, out, buflen) >= buflen)
+            return(ENOMEM);
+        return(0);
     }
     else
-	return(EINVAL);
+        return(EINVAL);
 }
 
 /* (absolute) time conversions */
@@ -137,7 +138,7 @@ static size_t strftime (char *, size_t, const char *, const struct tm *);
 #ifdef HAVE_STRPTIME
 #ifdef NEED_STRPTIME_PROTO
 extern char *strptime (const char *, const char *,
-			    struct tm *)
+                       struct tm *)
 #ifdef __cplusplus
     throw()
 #endif
@@ -155,7 +156,7 @@ localtime_r(const time_t *t, struct tm *buf)
 {
     struct tm *tm = localtime(t);
     if (tm == NULL)
-	return NULL;
+        return NULL;
     *buf = *tm;
     return buf;
 }
@@ -169,47 +170,47 @@ krb5_string_to_timestamp(char *string, krb5_timestamp *timestampp)
     time_t now, ret_time;
     char *s;
     static const char * const atime_format_table[] = {
-	"%Y%m%d%H%M%S",		/* yyyymmddhhmmss		*/
-	"%Y.%m.%d.%H.%M.%S",	/* yyyy.mm.dd.hh.mm.ss		*/
-	"%y%m%d%H%M%S",		/* yymmddhhmmss			*/
-	"%y.%m.%d.%H.%M.%S",	/* yy.mm.dd.hh.mm.ss		*/
-	"%y%m%d%H%M",		/* yymmddhhmm			*/
-	"%H%M%S",		/* hhmmss			*/
-	"%H%M",			/* hhmm				*/
-	"%T",			/* hh:mm:ss			*/
-	"%R",			/* hh:mm			*/
-	/* The following not really supported unless native strptime present */
-	"%x:%X",		/* locale-dependent short format */
-	"%d-%b-%Y:%T",		/* dd-month-yyyy:hh:mm:ss	*/
-	"%d-%b-%Y:%R"		/* dd-month-yyyy:hh:mm		*/
+        "%Y%m%d%H%M%S",         /* yyyymmddhhmmss               */
+        "%Y.%m.%d.%H.%M.%S",    /* yyyy.mm.dd.hh.mm.ss          */
+        "%y%m%d%H%M%S",         /* yymmddhhmmss                 */
+        "%y.%m.%d.%H.%M.%S",    /* yy.mm.dd.hh.mm.ss            */
+        "%y%m%d%H%M",           /* yymmddhhmm                   */
+        "%H%M%S",               /* hhmmss                       */
+        "%H%M",                 /* hhmm                         */
+        "%T",                   /* hh:mm:ss                     */
+        "%R",                   /* hh:mm                        */
+        /* The following not really supported unless native strptime present */
+        "%x:%X",                /* locale-dependent short format */
+        "%d-%b-%Y:%T",          /* dd-month-yyyy:hh:mm:ss       */
+        "%d-%b-%Y:%R"           /* dd-month-yyyy:hh:mm          */
     };
     static const int atime_format_table_nents =
-	sizeof(atime_format_table)/sizeof(atime_format_table[0]);
+        sizeof(atime_format_table)/sizeof(atime_format_table[0]);
 
 
     now = time((time_t *) NULL);
     if (localtime_r(&now, &timebuf2) == NULL)
-	return EINVAL;
+        return EINVAL;
     for (i=0; i<atime_format_table_nents; i++) {
         /* We reset every time throughout the loop as the manual page
-	 * indicated that no guarantees are made as to preserving timebuf
-	 * when parsing fails
-	 */
-	timebuf = timebuf2;
-	if ((s = strptime(string, atime_format_table[i], &timebuf))
-	    && (s != string)) {
- 	    /* See if at end of buffer - otherwise partial processing */
-	    while(*s != 0 && isspace((int) *s)) s++;
-	    if (*s != 0)
-	        continue;
-	    if (timebuf.tm_year <= 0)
-		continue;	/* clearly confused */
-	    ret_time = mktime(&timebuf);
-	    if (ret_time == (time_t) -1)
-		continue;	/* clearly confused */
-	    *timestampp = (krb5_timestamp) ret_time;
-	    return 0;
-	}
+         * indicated that no guarantees are made as to preserving timebuf
+         * when parsing fails
+         */
+        timebuf = timebuf2;
+        if ((s = strptime(string, atime_format_table[i], &timebuf))
+            && (s != string)) {
+            /* See if at end of buffer - otherwise partial processing */
+            while(*s != 0 && isspace((int) *s)) s++;
+            if (*s != 0)
+                continue;
+            if (timebuf.tm_year <= 0)
+                continue;       /* clearly confused */
+            ret_time = mktime(&timebuf);
+            if (ret_time == (time_t) -1)
+                continue;       /* clearly confused */
+            *timestampp = (krb5_timestamp) ret_time;
+            return 0;
+        }
     }
     return(EINVAL);
 }
@@ -220,8 +221,8 @@ krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen)
     size_t ret;
     time_t timestamp2 = timestamp;
     struct tm tmbuf;
-    const char *fmt = "%c"; /* This is to get around gcc -Wall warning that 
-			       the year returned might be two digits */
+    const char *fmt = "%c"; /* This is to get around gcc -Wall warning that
+                               the year returned might be two digits */
 
 #ifdef HAVE_LOCALTIME_R
     (void) localtime_r(&timestamp2, &tmbuf);
@@ -230,27 +231,27 @@ krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen)
 #endif
     ret = strftime(buffer, buflen, fmt, &tmbuf);
     if (ret == 0 || ret == buflen)
-	return(ENOMEM);
+        return(ENOMEM);
     return(0);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen, char *pad)
 {
-    struct tm	*tmp;
+    struct tm   *tmp;
     size_t i;
-    size_t	ndone;
+    size_t      ndone;
     time_t timestamp2 = timestamp;
     struct tm tmbuf;
 
     static const char * const sftime_format_table[] = {
-	"%c",			/* Default locale-dependent date and time */
-	"%d %b %Y %T",		/* dd mon yyyy hh:mm:ss			*/
-	"%x %X",		/* locale-dependent short format	*/
-	"%d/%m/%Y %R"		/* dd/mm/yyyy hh:mm			*/
+        "%c",                   /* Default locale-dependent date and time */
+        "%d %b %Y %T",          /* dd mon yyyy hh:mm:ss                 */
+        "%x %X",                /* locale-dependent short format        */
+        "%d/%m/%Y %R"           /* dd/mm/yyyy hh:mm                     */
     };
     static const unsigned int sftime_format_table_nents =
-	sizeof(sftime_format_table)/sizeof(sftime_format_table[0]);
+        sizeof(sftime_format_table)/sizeof(sftime_format_table[0]);
 
 #ifdef HAVE_LOCALTIME_R
     tmp = localtime_r(&timestamp2, &tmbuf);
@@ -259,22 +260,22 @@ krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen
 #endif
     ndone = 0;
     for (i=0; i<sftime_format_table_nents; i++) {
-	if ((ndone = strftime(buffer, buflen, sftime_format_table[i], tmp)))
-	    break;
+        if ((ndone = strftime(buffer, buflen, sftime_format_table[i], tmp)))
+            break;
     }
     if (!ndone) {
-#define sftime_default_len	2+1+2+1+4+1+2+1+2+1
-	if (buflen >= sftime_default_len) {
-	    snprintf(buffer, buflen, "%02d/%02d/%4d %02d:%02d",
-		     tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year,
-		     tmp->tm_hour, tmp->tm_min);
-	    ndone = strlen(buffer);
-	}
+#define sftime_default_len      2+1+2+1+4+1+2+1+2+1
+        if (buflen >= sftime_default_len) {
+            snprintf(buffer, buflen, "%02d/%02d/%4d %02d:%02d",
+                     tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year,
+                     tmp->tm_hour, tmp->tm_min);
+            ndone = strlen(buffer);
+        }
     }
     if (ndone && pad) {
-	for (i=ndone; i<buflen-1; i++)
-	    buffer[i] = *pad;
-	buffer[buflen-1] = '\0';
+        for (i=ndone; i<buflen-1; i++)
+            buffer[i] = *pad;
+        buffer[buflen-1] = '\0';
     }
     return((ndone) ? 0 : ENOMEM);
 }
@@ -286,8 +287,8 @@ krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen
 krb5_error_code KRB5_CALLCONV
 krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen)
 {
-    int			days, hours, minutes, seconds;
-    krb5_deltat		dt;
+    int                 days, hours, minutes, seconds;
+    krb5_deltat         dt;
 
     /*
      * We want something like ceil(log10(2**(nbits-1))) + 1.  That log
@@ -298,7 +299,7 @@ krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen)
      *
      * This will break if bytes are more than 8 bits.
      */
-#define MAX_CHARS_FOR_INT_TYPE(TYPE)	((int) (2 + 2.408241 * sizeof (TYPE)))
+#define MAX_CHARS_FOR_INT_TYPE(TYPE)    ((int) (2 + 2.408241 * sizeof (TYPE)))
     char tmpbuf[MAX_CHARS_FOR_INT_TYPE(int) * 4 + 8];
 
     days = (int) (deltat / (24*3600L));
@@ -310,22 +311,22 @@ krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen)
 
     memset (tmpbuf, 0, sizeof (tmpbuf));
     if (days == 0)
-	snprintf(buffer, buflen, "%d:%02d:%02d", hours, minutes, seconds);
+        snprintf(buffer, buflen, "%d:%02d:%02d", hours, minutes, seconds);
     else if (hours || minutes || seconds)
-	snprintf(buffer, buflen, "%d %s %02d:%02d:%02d", days,
-		 (days > 1) ? "days" : "day",
-		 hours, minutes, seconds);
+        snprintf(buffer, buflen, "%d %s %02d:%02d:%02d", days,
+                 (days > 1) ? "days" : "day",
+                 hours, minutes, seconds);
     else
-	snprintf(buffer, buflen, "%d %s", days,
-		 (days > 1) ? "days" : "day");
+        snprintf(buffer, buflen, "%d %s", days,
+                 (days > 1) ? "days" : "day");
     if (tmpbuf[sizeof(tmpbuf)-1] != 0)
-	/* Something must be very wrong with my math above, or the
-	   assumptions going into it...  */
-	abort ();
+        /* Something must be very wrong with my math above, or the
+           assumptions going into it...  */
+        abort ();
     if (strlen (tmpbuf) > buflen)
-	return ENOMEM;
+        return ENOMEM;
     else
-	strncpy (buffer, tmpbuf, buflen);
+        strncpy (buffer, tmpbuf, buflen);
     return 0;
 }
 
@@ -348,10 +349,10 @@ struct dummy_locale_info_t {
     char am_pm[2][3];
 };
 static const struct dummy_locale_info_t dummy_locale_info = {
-    "%a %b %d %X %Y",		/* %c */
-    "%I:%M:%S %p",		/* %r */
-    "%H:%M:%S",			/* %X */
-    "%m/%d/%y",			/* %x */
+    "%a %b %d %X %Y",           /* %c */
+    "%I:%M:%S %p",              /* %r */
+    "%H:%M:%S",                 /* %X */
+    "%m/%d/%y",                 /* %x */
     { "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday",
       "Saturday" },
     { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" },
@@ -373,7 +374,7 @@ static const struct dummy_locale_info_t dummy_locale_info = {
 #undef  DAYSPERWEEK
 #define DAYSPERWEEK 7
 #undef  isleap
-#define isleap(N)	((N % 4) == 0 && (N % 100 != 0 || N % 400 == 0))
+#define isleap(N)       ((N % 4) == 0 && (N % 100 != 0 || N % 400 == 0))
 #undef  tzname
 #define tzname my_tzname
 static const char *const tzname[2] = { 0, 0 };
diff --git a/src/lib/krb5/krb/strptime.c b/src/lib/krb5/krb/strptime.c
index ac52d5c22..ffe90d4c9 100644
--- a/src/lib/krb5/krb/strptime.c
+++ b/src/lib/krb5/krb/strptime.c
@@ -82,7 +82,7 @@ strptime(buf, fmt, tm)
 			fmt++;
 			continue;
 		}
-				
+
 		if ((c = *fmt++) != '%')
 			goto literal;
 
@@ -107,7 +107,7 @@ literal:
 			LEGAL_ALT(0);
 			alt_format |= ALT_O;
 			goto again;
-			
+
 		/*
 		 * "Complex" conversion rules, implemented through recursion.
 		 */
diff --git a/src/lib/krb5/krb/t_ad_fx_armor.c b/src/lib/krb5/krb/t_ad_fx_armor.c
index 74d7e5f1a..73dbb3a6f 100644
--- a/src/lib/krb5/krb/t_ad_fx_armor.c
+++ b/src/lib/krb5/krb/t_ad_fx_armor.c
@@ -1,13 +1,14 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <memory.h>
 #include <stdio.h>
 #include <krb5/krb5.h>
 
-#define test(x) do {retval = (x); \
-  if(retval != 0) {						\
-  const char *errmsg = krb5_get_error_message(context, retval);	\
-  fprintf(stderr, "Error message: %s\n", errmsg); \
-  abort(); } \
-  } while(0);
+#define test(x) do {retval = (x);                                       \
+        if(retval != 0) {                                               \
+            const char *errmsg = krb5_get_error_message(context, retval); \
+            fprintf(stderr, "Error message: %s\n", errmsg);             \
+            abort(); }                                                  \
+    } while(0);
 
 krb5_authdata ad_fx_armor = {0, KRB5_AUTHDATA_FX_ARMOR, 1, ""};
 krb5_authdata *array[] = {&ad_fx_armor, NULL};
@@ -32,5 +33,5 @@ int main( int argc, char **argv)
     test(krb5_cc_store_cred(context, ccache, out_creds));
     test(krb5_cc_close(context,ccache));
     return 0;
-		 
-} 
+
+}
diff --git a/src/lib/krb5/krb/t_authdata.c b/src/lib/krb5/krb/t_authdata.c
index 86838cead..ed847dfbd 100644
--- a/src/lib/krb5/krb/t_authdata.c
+++ b/src/lib/krb5/krb/t_authdata.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/t_authdata.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +23,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  * Test authorization data search
  */
@@ -34,25 +35,25 @@
 #include <memory.h>
 
 krb5_authdata ad1 = {
-  KV5M_AUTHDATA,
-  22,
-  4,
-  (unsigned char *) "abcd"};
+    KV5M_AUTHDATA,
+    22,
+    4,
+    (unsigned char *) "abcd"};
 krb5_authdata ad2 = {
-  KV5M_AUTHDATA,
-  23,
-  5,
-  (unsigned char *) "abcde"
+    KV5M_AUTHDATA,
+    23,
+    5,
+    (unsigned char *) "abcde"
 };
 
 krb5_authdata ad3= {
-  KV5M_AUTHDATA,
-  22,
-  3,
-  (unsigned char *) "ab"
+    KV5M_AUTHDATA,
+    22,
+    3,
+    (unsigned char *) "ab"
 };
 /* we want three results in the return from krb5int_find_authdata so
-it has to grow its list.
+   it has to grow its list.
 */
 krb5_authdata ad4 = {
     KV5M_AUTHDATA,
@@ -73,12 +74,12 @@ krb5_keyblock key = {
 };
 
 static void compare_authdata(const krb5_authdata *adc1, krb5_authdata *adc2) {
-  assert(adc1->ad_type == adc2->ad_type);
-  assert(adc1->length == adc2->length);
-  assert(memcmp(adc1->contents, adc2->contents, adc1->length) == 0);
+    assert(adc1->ad_type == adc2->ad_type);
+    assert(adc1->length == adc2->length);
+    assert(memcmp(adc1->contents, adc2->contents, adc1->length) == 0);
 }
 
-int main() 
+int main()
 {
     krb5_context context;
     krb5_authdata **results;
@@ -98,7 +99,7 @@ int main()
     container[1] = NULL;
     assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0);
     assert(krb5int_find_authdata(context,
-				 adseq1, container_out, 22, &results) == 0);
+                                 adseq1, container_out, 22, &results) == 0);
     compare_authdata(&ad1, results[0]);
     compare_authdata( results[1], &ad4);
     compare_authdata( results[2], &ad3);
diff --git a/src/lib/krb5/krb/t_deltat.c b/src/lib/krb5/krb/t_deltat.c
index a07ba4232..dcf14af67 100644
--- a/src/lib/krb5/krb/t_deltat.c
+++ b/src/lib/krb5/krb/t_deltat.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/t_deltat.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #include "k5-int.h"
@@ -31,9 +32,9 @@ int
 main (void)
 {
     struct {
-	char *string;
-	krb5_deltat expected;
-	int is_error;
+        char *string;
+        krb5_deltat expected;
+        int is_error;
 #define GOOD(STR,VAL) { STR, VAL, 0 }
 #define BAD(STR) { STR, 0, 1 }
 #define DAY (24 * 3600)
@@ -43,116 +44,116 @@ main (void)
 #endif
 #define MIN 60
     } values[] = {
-	/* d-h-m-s patterns */
-	GOOD ("3d", 3*DAY),
-	GOOD ("3h", 3*HOUR),
-	GOOD ("3m", 3*MIN),
-	GOOD ("3s", 3),
-	BAD ("3dd"),
-	GOOD ("3d4m    42s", 3 * DAY + 4 * MIN + 42),
-	GOOD ("3d-1h", 3 * DAY - 1 * HOUR),
-	GOOD ("3d -1h", 3 * DAY - HOUR),
-	GOOD ("3d4h5m6s", 3 * DAY + 4 * HOUR + 5 * MIN + 6),
-	BAD ("3d4m5h"),
-	GOOD ("12345s", 12345),
-	GOOD ("1m 12345s", MIN + 12345),
-	GOOD ("1m12345s", MIN + 12345),
-	GOOD ("3d 0m", 3 * DAY),
-	GOOD ("3d 0m  ", 3 * DAY),
-	GOOD ("3d \n\t 0m  ", 3 * DAY),
-	/* colon patterns */
-	GOOD ("42-13:42:47", 42 * DAY + 13 * HOUR + 42 * MIN + 47),
-	BAD ("3: 4"),
-	BAD ("13:0003"),
-	GOOD ("12:34", 12 * HOUR + 34 * MIN),
-	GOOD ("1:02:03", 1 * HOUR + 2 * MIN + 3),
-	BAD ("3:-4"),
-	/* XX We might want to require exactly two digits after a colon?  */
-	GOOD ("3:4", 3 * HOUR + 4 * MIN),
-	/* misc */
-	GOOD ("42", 42),
-	BAD ("1-2"),
-	/* Test overflow limitations */
-	GOOD ("2147483647s", 2147483647),
-	BAD ("2147483648s"), 
-	GOOD ("24855d", 24855 * DAY),
-	BAD ("24856d"),
-	BAD ("24855d 100000000h"),
-	GOOD ("24855d 3h", 24855 * DAY + 3 * HOUR),
-	BAD ("24855d 4h"),
-	GOOD ("24855d 11647s", 24855 * DAY + 11647),
-	BAD ("24855d 11648s"),
-	GOOD ("24855d 194m 7s", 24855 * DAY + 194 * MIN + 7),
-	BAD ("24855d 194m 8s"),
-	BAD ("24855d 195m"),
-	BAD ("24855d 19500000000m"),
-	GOOD ("24855d 3h 14m 7s", 24855 * DAY + 3 * HOUR + 14 * MIN + 7),
-	BAD ("24855d 3h 14m 8s"),
-	GOOD ("596523h", 596523 * HOUR),
-	BAD ("596524h"),
-	GOOD ("596523h 847s", 596523 * HOUR + 847),
-	BAD ("596523h 848s"),
-	GOOD ("596523h 14m 7s", 596523 * HOUR + 14 * MIN + 7),
-	BAD ("596523h 14m 8s"),
-	GOOD ("35791394m", 35791394 * MIN),
-	GOOD ("35791394m7s", 35791394 * MIN + 7),
-	BAD ("35791394m8s"),
-	/* Test underflow */
-	GOOD ("-2147483647s", -2147483647),
-	/* This should be valid, but isn't */
-	/*BAD ("-2147483648s"),*/
-	GOOD ("-24855d", -24855 * DAY),
-	BAD ("-24856d"),
-	BAD ("-24855d -100000000h"),
-	GOOD ("-24855d -3h", -24855 * DAY - 3 * HOUR),
-	BAD ("-24855d -4h"),
-	GOOD ("-24855d -11647s", -24855 * DAY - 11647),
-	BAD ("-24855d -11649s"),
-	GOOD ("-24855d -194m -7s", -24855 * DAY - 194 * MIN - 7),
-	BAD ("-24855d -194m -9s"),
-	BAD ("-24855d -195m"),
-	BAD ("-24855d -19500000000m"),
-	GOOD ("-24855d -3h -14m -7s", -24855 * DAY - 3 * HOUR - 14 * MIN - 7),
-	BAD ("-24855d -3h -14m -9s"),
-	GOOD ("-596523h", -596523 * HOUR),
-	BAD ("-596524h"),
-	GOOD ("-596523h -847s", -596523 * HOUR - 847),
-	GOOD ("-596523h -848s", -596523 * HOUR - 848),
-	BAD ("-596523h -849s"),
-	GOOD ("-596523h -14m -8s", -596523 * HOUR - 14 * MIN - 8),
-	BAD ("-596523h -14m -9s"),
-	GOOD ("-35791394m", -35791394 * MIN),
-	GOOD ("-35791394m7s", -35791394 * MIN + 7),
-	BAD ("-35791394m-9s"),
-	
+        /* d-h-m-s patterns */
+        GOOD ("3d", 3*DAY),
+        GOOD ("3h", 3*HOUR),
+        GOOD ("3m", 3*MIN),
+        GOOD ("3s", 3),
+        BAD ("3dd"),
+        GOOD ("3d4m    42s", 3 * DAY + 4 * MIN + 42),
+        GOOD ("3d-1h", 3 * DAY - 1 * HOUR),
+        GOOD ("3d -1h", 3 * DAY - HOUR),
+        GOOD ("3d4h5m6s", 3 * DAY + 4 * HOUR + 5 * MIN + 6),
+        BAD ("3d4m5h"),
+        GOOD ("12345s", 12345),
+        GOOD ("1m 12345s", MIN + 12345),
+        GOOD ("1m12345s", MIN + 12345),
+        GOOD ("3d 0m", 3 * DAY),
+        GOOD ("3d 0m  ", 3 * DAY),
+        GOOD ("3d \n\t 0m  ", 3 * DAY),
+        /* colon patterns */
+        GOOD ("42-13:42:47", 42 * DAY + 13 * HOUR + 42 * MIN + 47),
+        BAD ("3: 4"),
+        BAD ("13:0003"),
+        GOOD ("12:34", 12 * HOUR + 34 * MIN),
+        GOOD ("1:02:03", 1 * HOUR + 2 * MIN + 3),
+        BAD ("3:-4"),
+        /* XX We might want to require exactly two digits after a colon?  */
+        GOOD ("3:4", 3 * HOUR + 4 * MIN),
+        /* misc */
+        GOOD ("42", 42),
+        BAD ("1-2"),
+        /* Test overflow limitations */
+        GOOD ("2147483647s", 2147483647),
+        BAD ("2147483648s"),
+        GOOD ("24855d", 24855 * DAY),
+        BAD ("24856d"),
+        BAD ("24855d 100000000h"),
+        GOOD ("24855d 3h", 24855 * DAY + 3 * HOUR),
+        BAD ("24855d 4h"),
+        GOOD ("24855d 11647s", 24855 * DAY + 11647),
+        BAD ("24855d 11648s"),
+        GOOD ("24855d 194m 7s", 24855 * DAY + 194 * MIN + 7),
+        BAD ("24855d 194m 8s"),
+        BAD ("24855d 195m"),
+        BAD ("24855d 19500000000m"),
+        GOOD ("24855d 3h 14m 7s", 24855 * DAY + 3 * HOUR + 14 * MIN + 7),
+        BAD ("24855d 3h 14m 8s"),
+        GOOD ("596523h", 596523 * HOUR),
+        BAD ("596524h"),
+        GOOD ("596523h 847s", 596523 * HOUR + 847),
+        BAD ("596523h 848s"),
+        GOOD ("596523h 14m 7s", 596523 * HOUR + 14 * MIN + 7),
+        BAD ("596523h 14m 8s"),
+        GOOD ("35791394m", 35791394 * MIN),
+        GOOD ("35791394m7s", 35791394 * MIN + 7),
+        BAD ("35791394m8s"),
+        /* Test underflow */
+        GOOD ("-2147483647s", -2147483647),
+        /* This should be valid, but isn't */
+        /*BAD ("-2147483648s"),*/
+        GOOD ("-24855d", -24855 * DAY),
+        BAD ("-24856d"),
+        BAD ("-24855d -100000000h"),
+        GOOD ("-24855d -3h", -24855 * DAY - 3 * HOUR),
+        BAD ("-24855d -4h"),
+        GOOD ("-24855d -11647s", -24855 * DAY - 11647),
+        BAD ("-24855d -11649s"),
+        GOOD ("-24855d -194m -7s", -24855 * DAY - 194 * MIN - 7),
+        BAD ("-24855d -194m -9s"),
+        BAD ("-24855d -195m"),
+        BAD ("-24855d -19500000000m"),
+        GOOD ("-24855d -3h -14m -7s", -24855 * DAY - 3 * HOUR - 14 * MIN - 7),
+        BAD ("-24855d -3h -14m -9s"),
+        GOOD ("-596523h", -596523 * HOUR),
+        BAD ("-596524h"),
+        GOOD ("-596523h -847s", -596523 * HOUR - 847),
+        GOOD ("-596523h -848s", -596523 * HOUR - 848),
+        BAD ("-596523h -849s"),
+        GOOD ("-596523h -14m -8s", -596523 * HOUR - 14 * MIN - 8),
+        BAD ("-596523h -14m -9s"),
+        GOOD ("-35791394m", -35791394 * MIN),
+        GOOD ("-35791394m7s", -35791394 * MIN + 7),
+        BAD ("-35791394m-9s"),
+
     };
     int fail = 0;
     int i;
 
     for (i = 0; i < sizeof(values)/sizeof(values[0]); i++) {
-	krb5_deltat result;
-	krb5_error_code code;
+        krb5_deltat result;
+        krb5_error_code code;
 
-	code = krb5_string_to_deltat (values[i].string, &result);
-	if (code && !values[i].is_error) {
-	    fprintf (stderr, "unexpected error for `%s'\n", values[i].string);
-	    fail++;
-	} else if (!code && values[i].is_error) {
-	    fprintf (stderr, "expected but didn't get error for `%s'\n",
-		     values[i].string);
-	    fail++;
-	} else if (code && values[i].is_error) {
-	    /* do nothing */
-	} else if (result != values[i].expected) {
-	    fprintf (stderr, "got %ld instead of expected %ld for `%s'\n",
-		     (long) result, (long) values[i].expected,
-		     values[i].string);
-	    fail++;
-	}
+        code = krb5_string_to_deltat (values[i].string, &result);
+        if (code && !values[i].is_error) {
+            fprintf (stderr, "unexpected error for `%s'\n", values[i].string);
+            fail++;
+        } else if (!code && values[i].is_error) {
+            fprintf (stderr, "expected but didn't get error for `%s'\n",
+                     values[i].string);
+            fail++;
+        } else if (code && values[i].is_error) {
+            /* do nothing */
+        } else if (result != values[i].expected) {
+            fprintf (stderr, "got %ld instead of expected %ld for `%s'\n",
+                     (long) result, (long) values[i].expected,
+                     values[i].string);
+            fail++;
+        }
     }
     if (fail == 0)
-	printf ("Passed all %d tests.\n", i);
+        printf ("Passed all %d tests.\n", i);
     else
-	printf ("Failed %d of %d tests.\n", fail, i);
+        printf ("Failed %d of %d tests.\n", fail, i);
     return fail;
 }
diff --git a/src/lib/krb5/krb/t_etypes.c b/src/lib/krb5/krb/t_etypes.c
index 0d89fd0af..4af7918e5 100644
--- a/src/lib/krb5/krb/t_etypes.c
+++ b/src/lib/krb5/krb/t_etypes.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * t_etypes.c -- test program for krb5int_parse_enctype_list
  *
@@ -201,4 +201,3 @@ main(int argc, char **argv)
 
     return 0;
 }
-
diff --git a/src/lib/krb5/krb/t_expand.c b/src/lib/krb5/krb/t_expand.c
index a8b2757df..b108e4bbd 100644
--- a/src/lib/krb5/krb/t_expand.c
+++ b/src/lib/krb5/krb/t_expand.c
@@ -1,2 +1,3 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #define TEST
 #include "chk_trans.c"
diff --git a/src/lib/krb5/krb/t_kerb.c b/src/lib/krb5/krb/t_kerb.c
index 8627922b2..465282561 100644
--- a/src/lib/krb5/krb/t_kerb.c
+++ b/src/lib/krb5/krb/t_kerb.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * This driver routine is used to test many of the standard Kerberos library
  * routines.
@@ -26,14 +27,14 @@ void usage (char *);
 
 void test_string_to_timestamp(krb5_context ctx, char *ktime)
 {
-    krb5_timestamp	timestamp;
-    time_t		t;
-    krb5_error_code	retval;
+    krb5_timestamp      timestamp;
+    time_t              t;
+    krb5_error_code     retval;
 
     retval = krb5_string_to_timestamp(ktime, &timestamp);
     if (retval) {
-	com_err("krb5_string_to_timestamp", retval, 0);
-	return;
+        com_err("krb5_string_to_timestamp", retval, 0);
+        return;
     }
     t = (time_t) timestamp;
     printf("Parsed time was %s", ctime(&t));
@@ -41,22 +42,22 @@ void test_string_to_timestamp(krb5_context ctx, char *ktime)
 
 void test_425_conv_principal(krb5_context ctx, char *name, char *inst, char *realm)
 {
-    krb5_error_code	retval;
-    krb5_principal	princ;
-    char		*out_name;
+    krb5_error_code     retval;
+    krb5_principal      princ;
+    char                *out_name;
 
     retval = krb5_425_conv_principal(ctx, name, inst, realm, &princ);
     if (retval) {
-	com_err("krb5_425_conv_principal", retval, 0);
-	return;
+        com_err("krb5_425_conv_principal", retval, 0);
+        return;
     }
     retval = krb5_unparse_name(ctx, princ, &out_name);
     if (retval) {
-	    com_err("krb5_unparse_name", retval, 0);
-	    return;
+        com_err("krb5_unparse_name", retval, 0);
+        return;
     }
     printf("425_converted principal(%s, %s, %s): '%s'\n",
-	   name, inst, realm, out_name);
+           name, inst, realm, out_name);
     free(out_name);
     krb5_free_principal(ctx, princ);
 }
@@ -73,98 +74,98 @@ void test_524_conv_principal(krb5_context ctx, char *name)
     aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0;
     retval = krb5_parse_name(ctx, name, &princ);
     if (retval) {
-	com_err("krb5_parse_name", retval, 0);
-	goto fail;
+        com_err("krb5_parse_name", retval, 0);
+        goto fail;
     }
     retval = krb5_524_conv_principal(ctx, princ, aname, inst, realm);
     if (retval) {
-	com_err("krb5_524_conv_principal", retval, 0);
-	goto fail;
+        com_err("krb5_524_conv_principal", retval, 0);
+        goto fail;
     }
     printf("524_converted_principal(%s): '%s' '%s' '%s'\n",
-	   name, aname, inst, realm);
- fail:
+           name, aname, inst, realm);
+fail:
     if (princ)
-	krb5_free_principal (ctx, princ);
+        krb5_free_principal (ctx, princ);
 }
 
 void test_parse_name(krb5_context ctx, const char *name)
 {
-	krb5_error_code	retval;
-	krb5_principal	princ = 0, princ2 = 0;
-	char		*outname = 0;
-
-	retval = krb5_parse_name(ctx, name, &princ);
-	if (retval) {
-		com_err("krb5_parse_name", retval, 0);
-		goto fail;
-	}
-	retval = krb5_copy_principal(ctx, princ, &princ2);
-	if (retval) {
-		com_err("krb5_copy_principal", retval, 0);
-		goto fail;
-	}
-	retval = krb5_unparse_name(ctx, princ2, &outname);
-	if (retval) {
-		com_err("krb5_unparse_name", retval, 0);
-		goto fail;
-	}
-	printf("parsed (and unparsed) principal(%s): ", name);
-	if (strcmp(name, outname) == 0)
-	    printf("MATCH\n");
-	else
-	    printf("'%s'\n", outname);
+    krb5_error_code retval;
+    krb5_principal  princ = 0, princ2 = 0;
+    char            *outname = 0;
+
+    retval = krb5_parse_name(ctx, name, &princ);
+    if (retval) {
+        com_err("krb5_parse_name", retval, 0);
+        goto fail;
+    }
+    retval = krb5_copy_principal(ctx, princ, &princ2);
+    if (retval) {
+        com_err("krb5_copy_principal", retval, 0);
+        goto fail;
+    }
+    retval = krb5_unparse_name(ctx, princ2, &outname);
+    if (retval) {
+        com_err("krb5_unparse_name", retval, 0);
+        goto fail;
+    }
+    printf("parsed (and unparsed) principal(%s): ", name);
+    if (strcmp(name, outname) == 0)
+        printf("MATCH\n");
+    else
+        printf("'%s'\n", outname);
 fail:
-	if (outname)
-		free(outname);
-	if (princ)
-		krb5_free_principal(ctx, princ);
-	if (princ2)
-		krb5_free_principal(ctx, princ2);
+    if (outname)
+        free(outname);
+    if (princ)
+        krb5_free_principal(ctx, princ);
+    if (princ2)
+        krb5_free_principal(ctx, princ2);
 }
 
 void test_set_realm(krb5_context ctx, const char *name, const char *realm)
 {
-	krb5_error_code	retval;
-	krb5_principal	princ = 0;
-	char		*outname = 0;
-
-	retval = krb5_parse_name(ctx, name, &princ);
-	if (retval) {
-		com_err("krb5_parse_name", retval, 0);
-		goto fail;
-	}
-	retval = krb5_set_principal_realm(ctx, princ, realm);
-	if (retval) {
-		com_err("krb5_set_principal_realm", retval, 0);
-		goto fail;
-	}
-	retval = krb5_unparse_name(ctx, princ, &outname);
-	if (retval) {
-		com_err("krb5_unparse_name", retval, 0);
-		goto fail;
-	}
-	printf("old principal: %s, modified principal: %s\n", name,
-	       outname);
+    krb5_error_code retval;
+    krb5_principal  princ = 0;
+    char            *outname = 0;
+
+    retval = krb5_parse_name(ctx, name, &princ);
+    if (retval) {
+        com_err("krb5_parse_name", retval, 0);
+        goto fail;
+    }
+    retval = krb5_set_principal_realm(ctx, princ, realm);
+    if (retval) {
+        com_err("krb5_set_principal_realm", retval, 0);
+        goto fail;
+    }
+    retval = krb5_unparse_name(ctx, princ, &outname);
+    if (retval) {
+        com_err("krb5_unparse_name", retval, 0);
+        goto fail;
+    }
+    printf("old principal: %s, modified principal: %s\n", name,
+           outname);
 fail:
-	if (outname)
-		free(outname);
-	if (princ)
-		krb5_free_principal(ctx, princ);
+    if (outname)
+        free(outname);
+    if (princ)
+        krb5_free_principal(ctx, princ);
 }
 
 void usage(char *progname)
 {
-	fprintf(stderr, "%s: Usage: %s 425_conv_principal <name> <inst> <realm\n",
-		progname, progname);
-	fprintf(stderr, "\t%s 524_conv_principal <name>\n", progname);
-	fprintf(stderr, "\t%s parse_name <name>\n", progname);
-	fprintf(stderr, "\t%s set_realm <name> <realm>\n", progname);
-	fprintf(stderr, "\t%s string_to_timestamp <time>\n", progname);
-	exit(1);
+    fprintf(stderr, "%s: Usage: %s 425_conv_principal <name> <inst> <realm\n",
+            progname, progname);
+    fprintf(stderr, "\t%s 524_conv_principal <name>\n", progname);
+    fprintf(stderr, "\t%s parse_name <name>\n", progname);
+    fprintf(stderr, "\t%s set_realm <name> <realm>\n", progname);
+    fprintf(stderr, "\t%s string_to_timestamp <time>\n", progname);
+    exit(1);
 }
 
-int 
+int
 main(int argc, char **argv)
 {
     krb5_context ctx;
@@ -174,52 +175,52 @@ main(int argc, char **argv)
 
     retval = krb5_init_context(&ctx);
     if (retval) {
-	fprintf(stderr, "krb5_init_context returned error %ld\n",
-		(long) retval);
-	exit(1);
+        fprintf(stderr, "krb5_init_context returned error %ld\n",
+                (long) retval);
+        exit(1);
     }
     progname = argv[0];
 
-     /* Parse arguments. */
-     argc--; argv++;
-     while (argc) {
-	 if (strcmp(*argv, "425_conv_principal") == 0) {
-	     argc--; argv++;
-	     if (!argc) usage(progname);
-	     name = *argv;
-	     argc--; argv++;
-	     if (!argc) usage(progname);
-	     inst = *argv;
-	     argc--; argv++;
-	     if (!argc) usage(progname);
-	     realm = *argv;
-	     test_425_conv_principal(ctx, name, inst, realm);
-	  } else if (strcmp(*argv, "parse_name") == 0) {
-		  argc--; argv++;
-		  if (!argc) usage(progname);
-		  name = *argv;
-		  test_parse_name(ctx, name);
-	  } else if (strcmp(*argv, "set_realm") == 0) {
-		  argc--; argv++;
-		  if (!argc) usage(progname);
-		  name = *argv;
-		  argc--; argv++;
-		  if (!argc) usage(progname);
-		  realm = *argv;
-		  test_set_realm(ctx, name, realm);
-	  } else if (strcmp(*argv, "string_to_timestamp") == 0) {
-		  argc--; argv++;
-		  if (!argc) usage(progname);
-		  test_string_to_timestamp(ctx, *argv);
-	  } else if (strcmp(*argv, "524_conv_principal") == 0) {
-	      argc--; argv++;
-	      if (!argc) usage(progname);
-	      test_524_conv_principal(ctx, *argv);
-	  }
-	  else
-	      usage(progname);
-	  argc--; argv++;
-     }
+    /* Parse arguments. */
+    argc--; argv++;
+    while (argc) {
+        if (strcmp(*argv, "425_conv_principal") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            name = *argv;
+            argc--; argv++;
+            if (!argc) usage(progname);
+            inst = *argv;
+            argc--; argv++;
+            if (!argc) usage(progname);
+            realm = *argv;
+            test_425_conv_principal(ctx, name, inst, realm);
+        } else if (strcmp(*argv, "parse_name") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            name = *argv;
+            test_parse_name(ctx, name);
+        } else if (strcmp(*argv, "set_realm") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            name = *argv;
+            argc--; argv++;
+            if (!argc) usage(progname);
+            realm = *argv;
+            test_set_realm(ctx, name, realm);
+        } else if (strcmp(*argv, "string_to_timestamp") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            test_string_to_timestamp(ctx, *argv);
+        } else if (strcmp(*argv, "524_conv_principal") == 0) {
+            argc--; argv++;
+            if (!argc) usage(progname);
+            test_524_conv_principal(ctx, *argv);
+        }
+        else
+            usage(progname);
+        argc--; argv++;
+    }
 
     krb5_free_context(ctx);
 
diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c
index 503d778a9..9e96b692e 100644
--- a/src/lib/krb5/krb/t_pac.c
+++ b/src/lib/krb5/krb/t_pac.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2006 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
@@ -40,45 +40,45 @@
  */
 
 static const unsigned char saved_pac[] = {
-        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00,
-        0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
-        0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
-        0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
-        0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
-        0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb,
-        0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
-        0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
-        0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
-        0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00,
-        0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
-        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
-        0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
-        0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
-        0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
-        0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
-        0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
-        0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
-        0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
-        0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
-        0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
-        0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
-        0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
-        0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
-        0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
-        0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
-        0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
+    0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xd8, 0x01, 0x00, 0x00,
+    0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,
+    0x20, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0x40, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,
+    0x58, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x08, 0x00, 0xcc, 0xcc, 0xcc, 0xcc,
+    0xc8, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x30, 0xdf, 0xa6, 0xcb,
+    0x4f, 0x7d, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0x7f, 0xc0, 0x3c, 0x4e, 0x59, 0x62, 0x73, 0xc5, 0x01, 0xc0, 0x3c, 0x4e, 0x59,
+    0x62, 0x73, 0xc5, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x16, 0x00, 0x16, 0x00,
+    0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x14, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x02, 0x00, 0x65, 0x00, 0x00, 0x00,
+    0xed, 0x03, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00,
+    0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x16, 0x00, 0x20, 0x00, 0x02, 0x00, 0x16, 0x00, 0x18, 0x00,
+    0x24, 0x00, 0x02, 0x00, 0x28, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x01, 0x00, 0x00, 0x00, 0x2c, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00,
+    0x57, 0x00, 0x32, 0x00, 0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00,
+    0x41, 0x00, 0x4c, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00,
+    0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0x57, 0x00, 0x32, 0x00,
+    0x30, 0x00, 0x30, 0x00, 0x33, 0x00, 0x46, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x41, 0x00, 0x4c, 0x00,
+    0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x57, 0x00, 0x49, 0x00,
+    0x4e, 0x00, 0x32, 0x00, 0x4b, 0x00, 0x33, 0x00, 0x54, 0x00, 0x48, 0x00, 0x49, 0x00, 0x4e, 0x00,
+    0x4b, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+    0x15, 0x00, 0x00, 0x00, 0x11, 0x2f, 0xaf, 0xb5, 0x90, 0x04, 0x1b, 0xec, 0x50, 0x3b, 0xec, 0xdc,
+    0x01, 0x00, 0x00, 0x00, 0x30, 0x00, 0x02, 0x00, 0x07, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+    0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x80, 0x66, 0x28, 0xea, 0x37, 0x80, 0xc5, 0x01, 0x16, 0x00, 0x77, 0x00, 0x32, 0x00, 0x30, 0x00,
+    0x30, 0x00, 0x33, 0x00, 0x66, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x24, 0x00,
+    0x76, 0xff, 0xff, 0xff, 0x37, 0xd5, 0xb0, 0xf7, 0x24, 0xf0, 0xd6, 0xd4, 0xec, 0x09, 0x86, 0x5a,
+    0xa0, 0xe8, 0xc3, 0xa9, 0x00, 0x00, 0x00, 0x00, 0x76, 0xff, 0xff, 0xff, 0xb4, 0xd8, 0xb8, 0xfe,
+    0x83, 0xb3, 0x13, 0x3f, 0xfc, 0x5c, 0x41, 0xad, 0xe2, 0x64, 0x83, 0xe0, 0x00, 0x00, 0x00, 0x00
 };
 
 static unsigned int type_1_length = 472;
@@ -145,12 +145,12 @@ main(int argc, char **argv)
         err(context, ret, "krb5_pac_parse");
 
     ret = krb5_pac_verify(context, pac, authtime, p,
-                           &member_keyblock, &kdc_keyblock);
+                          &member_keyblock, &kdc_keyblock);
     if (ret)
         err(context, ret, "krb5_pac_verify");
 
     ret = krb5int_pac_sign(context, pac, authtime, p,
-                         &member_keyblock, &kdc_keyblock, &data);
+                           &member_keyblock, &kdc_keyblock, &data);
     if (ret)
         err(context, ret, "krb5int_pac_sign");
 
@@ -162,7 +162,7 @@ main(int argc, char **argv)
         err(context, ret, "krb5_pac_parse 2");
 
     ret = krb5_pac_verify(context, pac, authtime, p,
-                           &member_keyblock, &kdc_keyblock);
+                          &member_keyblock, &kdc_keyblock);
     if (ret)
         err(context, ret, "krb5_pac_verify 2");
 
@@ -203,23 +203,23 @@ main(int argc, char **argv)
             krb5_free_data_contents(context, &data);
         }
         free(list);
-        
+
         ret = krb5int_pac_sign(context, pac2, authtime, p,
                                &member_keyblock, &kdc_keyblock, &data);
         if (ret)
             err(context, ret, "krb5int_pac_sign 4");
-        
+
         krb5_pac_free(context, pac2);
 
         ret = krb5_pac_parse(context, data.data, data.length, &pac2);
         if (ret)
             err(context, ret, "krb5_pac_parse 4");
-        
+
         ret = krb5_pac_verify(context, pac2, authtime, p,
                               &member_keyblock, &kdc_keyblock);
         if (ret)
             err(context, ret, "krb5_pac_verify 4");
-        
+
         krb5_free_data_contents(context, &data);
 
         krb5_pac_free(context, pac2);
@@ -296,7 +296,7 @@ main(int argc, char **argv)
         err(context, ret, "krb5_pac_parse 3");
 
     ret = krb5_pac_verify(context, pac, authtime, p,
-                           &member_keyblock, &kdc_keyblock);
+                          &member_keyblock, &kdc_keyblock);
     if (ret)
         err(context, ret, "krb5_pac_verify 3");
 
diff --git a/src/lib/krb5/krb/t_princ.c b/src/lib/krb5/krb/t_princ.c
index 688331722..6664a75d6 100644
--- a/src/lib/krb5/krb/t_princ.c
+++ b/src/lib/krb5/krb/t_princ.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2003 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
@@ -209,7 +209,7 @@ test_princ(krb5_context context)
                                 &p2);
     if (!ret)
         err(context, ret, "Should have failed to parse %s a "
-                 "short name", princ);
+            "short name", princ);
 
     ret = krb5_parse_name_flags(context, princ_short,
                                 KRB5_PRINCIPAL_PARSE_NO_REALM,
@@ -233,7 +233,7 @@ test_princ(krb5_context context)
                                 &p2);
     if (!ret)
         err(context, ret, "Should have failed to parse %s "
-                 "because it lacked a realm", princ_short);
+            "because it lacked a realm", princ_short);
 
     ret = krb5_parse_name_flags(context, princ,
                                 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM,
@@ -372,7 +372,7 @@ test_enterprise(krb5_context context)
         err(context, ret, "krb5_parse_name_flags");
 
     ret = krb5_unparse_name_flags(context, p, KRB5_PRINCIPAL_UNPARSE_NO_REALM,
-				  &unparsed);
+                                  &unparsed);
     if (ret)
         err(context, ret, "krb5_unparse_name");
 
diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c
index c92ce50c6..daad0c7d1 100644
--- a/src/lib/krb5/krb/t_ser.c
+++ b/src/lib/krb5/krb/t_ser.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/t_ser.c
  *
@@ -48,26 +49,26 @@ print_erep(krb5_octet *erep, size_t elen)
     int i, j;
 
     for (i=0; i<elen; ) {
-	printf("%08d: ", i);
-	for (j=0; j<15; j++) {
-	    if ((i+j) < elen)
-		printf("%02x ", erep[i+j]);
-	    else
-		printf("-- ");
-	}
-	printf("\t");
-	for (j=0; j<15; j++) {
-	    if ((i+j) < elen) {
-		if (isprint(erep[i+j]) && (erep[i+j] != '\n'))
-		    printf("%c", erep[i+j]);
-		else
-		    printf(".");
-	    }
-	    else
-		printf("-");
-	}
-	printf("\n");
-	i += 15;
+        printf("%08d: ", i);
+        for (j=0; j<15; j++) {
+            if ((i+j) < elen)
+                printf("%02x ", erep[i+j]);
+            else
+                printf("-- ");
+        }
+        printf("\t");
+        for (j=0; j<15; j++) {
+            if ((i+j) < elen) {
+                if (isprint(erep[i+j]) && (erep[i+j] != '\n'))
+                    printf("%c", erep[i+j]);
+                else
+                    printf(".");
+            }
+            else
+                printf("-");
+        }
+        printf("\n");
+        i += 15;
     }
 }
 
@@ -77,17 +78,17 @@ print_erep(krb5_octet *erep, size_t elen)
 static krb5_error_code
 ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype)
 {
-    krb5_error_code	kret;
-    krb5_context	ser_ctx;
-    krb5_pointer	nctx;
-    krb5_octet		*outrep, *ibuf, *outrep2;
-    size_t		outlen, ilen, outlen2;
+    krb5_error_code     kret;
+    krb5_context        ser_ctx;
+    krb5_pointer        nctx;
+    krb5_octet          *outrep, *ibuf, *outrep2;
+    size_t              outlen, ilen, outlen2;
 
     /* Initialize context and initialize all Kerberos serializers */
     if ((kret = krb5_init_context(&ser_ctx))) {
-	    printf("Couldn't initialize krb5 library: %s\n",
-		   error_message(kret));
-	    exit(1);
+        printf("Couldn't initialize krb5 library: %s\n",
+               error_message(kret));
+        exit(1);
     }
     krb5_ser_context_init(ser_ctx);
     krb5_ser_auth_context_init(ser_ctx);
@@ -98,96 +99,96 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype)
     /* Externalize the data */
     kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen);
     if (!kret) {
-	if (verbose) {
-	    printf("%s: externalized in %d bytes\n", msg, outlen);
-	    print_erep(outrep, outlen);
-	}
-
-	/* Now attempt to re-constitute it */
-	ibuf = outrep;
-	ilen = outlen;
-	kret = krb5_internalize_opaque(ser_ctx,
-				       dtype,
-				       (krb5_pointer *) &nctx,
-				       &ibuf,
-				       &ilen);
-	if (!kret) {
-	    if (ilen)
-		printf("%s: %d bytes left over after internalize\n",
-		       msg, ilen);
-	    /* Now attempt to re-externalize it */
-	    kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2);
-	    if (!kret) {
-		/* Compare the results. */
-		if ((outlen2 != outlen) ||
-		    memcmp(outrep, outrep2, outlen)) {
-		    printf("%s: comparison failed\n", msg);
-		    print_erep(outrep2, outlen2);
-		}
-		else {
-		    if (verbose)
-			printf("%s: compare succeeded\n", msg);
-		}
-		free(outrep2);
-	    }
-	    else
-		printf("%s: second externalize returned %d\n", msg, kret);
-
-	    /* Free the data */
-	    switch (dtype) {
-	    case KV5M_CONTEXT:
-		krb5_free_context((krb5_context) nctx);
-		break;
-	    case KV5M_AUTH_CONTEXT:
-		if (nctx) {
-		    krb5_auth_context	actx;
-
-		    actx = (krb5_auth_context) nctx;
-		    if (actx->i_vector)
-			free(actx->i_vector);
-		}
-		krb5_auth_con_free(ser_ctx, (krb5_auth_context) nctx);
-		break;
-	    case KV5M_CCACHE:
-		krb5_cc_close(ser_ctx, (krb5_ccache) nctx);
-		break;
-	    case KV5M_RCACHE:
-		krb5_rc_close(ser_ctx, (krb5_rcache) nctx);
-		break;
-	    case KV5M_KEYTAB:
-		krb5_kt_close(ser_ctx, (krb5_keytab) nctx);
-		break;
-	    case KV5M_ENCRYPT_BLOCK:
-		if (nctx) {
-		    krb5_encrypt_block *eblock;
-
-		    eblock = (krb5_encrypt_block *) nctx;
+        if (verbose) {
+            printf("%s: externalized in %d bytes\n", msg, outlen);
+            print_erep(outrep, outlen);
+        }
+
+        /* Now attempt to re-constitute it */
+        ibuf = outrep;
+        ilen = outlen;
+        kret = krb5_internalize_opaque(ser_ctx,
+                                       dtype,
+                                       (krb5_pointer *) &nctx,
+                                       &ibuf,
+                                       &ilen);
+        if (!kret) {
+            if (ilen)
+                printf("%s: %d bytes left over after internalize\n",
+                       msg, ilen);
+            /* Now attempt to re-externalize it */
+            kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2);
+            if (!kret) {
+                /* Compare the results. */
+                if ((outlen2 != outlen) ||
+                    memcmp(outrep, outrep2, outlen)) {
+                    printf("%s: comparison failed\n", msg);
+                    print_erep(outrep2, outlen2);
+                }
+                else {
+                    if (verbose)
+                        printf("%s: compare succeeded\n", msg);
+                }
+                free(outrep2);
+            }
+            else
+                printf("%s: second externalize returned %d\n", msg, kret);
+
+            /* Free the data */
+            switch (dtype) {
+            case KV5M_CONTEXT:
+                krb5_free_context((krb5_context) nctx);
+                break;
+            case KV5M_AUTH_CONTEXT:
+                if (nctx) {
+                    krb5_auth_context   actx;
+
+                    actx = (krb5_auth_context) nctx;
+                    if (actx->i_vector)
+                        free(actx->i_vector);
+                }
+                krb5_auth_con_free(ser_ctx, (krb5_auth_context) nctx);
+                break;
+            case KV5M_CCACHE:
+                krb5_cc_close(ser_ctx, (krb5_ccache) nctx);
+                break;
+            case KV5M_RCACHE:
+                krb5_rc_close(ser_ctx, (krb5_rcache) nctx);
+                break;
+            case KV5M_KEYTAB:
+                krb5_kt_close(ser_ctx, (krb5_keytab) nctx);
+                break;
+            case KV5M_ENCRYPT_BLOCK:
+                if (nctx) {
+                    krb5_encrypt_block *eblock;
+
+                    eblock = (krb5_encrypt_block *) nctx;
 #if 0
-		    if (eblock->priv && eblock->priv_size)
-			free(eblock->priv);
+                    if (eblock->priv && eblock->priv_size)
+                        free(eblock->priv);
 #endif
-		    if (eblock->key)
-			krb5_free_keyblock(ser_ctx, eblock->key);
-		    free(eblock);
-		}
-		break;
-	    case KV5M_PRINCIPAL:
-		krb5_free_principal(ser_ctx, (krb5_principal) nctx);
-		break;
-	    case KV5M_CHECKSUM:
-		krb5_free_checksum(ser_ctx, (krb5_checksum *) nctx);
-		break;
-	    default:
-		printf("don't know how to free %d\n", dtype);
-		break;
-	    }
-	}
-	else
-	    printf("%s: internalize returned %d\n", msg, kret);
-	free(outrep);
+                    if (eblock->key)
+                        krb5_free_keyblock(ser_ctx, eblock->key);
+                    free(eblock);
+                }
+                break;
+            case KV5M_PRINCIPAL:
+                krb5_free_principal(ser_ctx, (krb5_principal) nctx);
+                break;
+            case KV5M_CHECKSUM:
+                krb5_free_checksum(ser_ctx, (krb5_checksum *) nctx);
+                break;
+            default:
+                printf("don't know how to free %d\n", dtype);
+                break;
+            }
+        }
+        else
+            printf("%s: internalize returned %d\n", msg, kret);
+        free(outrep);
     }
     else
-	printf("%s: externalize_data returned %d\n", msg, kret);
+        printf("%s: externalize_data returned %d\n", msg, kret);
     krb5_free_context(ser_ctx);
     return(kret);
 }
@@ -198,161 +199,161 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype)
 static krb5_error_code
 ser_kcontext_test(krb5_context kcontext, int verbose)
 {
-    krb5_error_code	kret;
-    profile_t		sprofile;
-    char		dbname[128];
+    krb5_error_code     kret;
+    profile_t           sprofile;
+    char                dbname[128];
 
     snprintf(dbname, sizeof(dbname), "temp_%d", (int) getpid());
     sprofile = kcontext->profile;
     kcontext->profile = (profile_t) NULL;
     if (!(kret = ser_data(verbose, "> Context with no profile",
-			  (krb5_pointer) kcontext,
-			  KV5M_CONTEXT))) {
-	kcontext->profile = sprofile;
-	if (!(kret = ser_data(verbose, "> Context with no realm", 
-			      (krb5_pointer) kcontext,
-			      KV5M_CONTEXT)) &&
-	    !(kret = krb5_set_default_realm(kcontext, "this.is.a.test"))) {
-	    if (!(kret = ser_data(verbose, "> Context with default realm",
-				  (krb5_pointer) kcontext,
-				  KV5M_CONTEXT))) {
-		if (verbose)
-		    printf("* krb5_context test succeeded\n");
-	    }
-	}
+                          (krb5_pointer) kcontext,
+                          KV5M_CONTEXT))) {
+        kcontext->profile = sprofile;
+        if (!(kret = ser_data(verbose, "> Context with no realm",
+                              (krb5_pointer) kcontext,
+                              KV5M_CONTEXT)) &&
+            !(kret = krb5_set_default_realm(kcontext, "this.is.a.test"))) {
+            if (!(kret = ser_data(verbose, "> Context with default realm",
+                                  (krb5_pointer) kcontext,
+                                  KV5M_CONTEXT))) {
+                if (verbose)
+                    printf("* krb5_context test succeeded\n");
+            }
+        }
     }
     if (kret)
-	printf("* krb5_context test failed\n");
+        printf("* krb5_context test failed\n");
     return(kret);
 }
 
-/* 
+/*
  * Serialize krb5_auth_context.
  */
 static krb5_error_code
 ser_acontext_test(krb5_context kcontext, int verbose)
 {
-    krb5_error_code	kret;
-    krb5_auth_context	actx;
-    krb5_address	local_address;
-    krb5_address	remote_address;
-    krb5_octet		laddr_bytes[16];
-    krb5_octet		raddr_bytes[16];
-    krb5_keyblock	ukeyblock;
-    krb5_octet		keydata[8];
-    krb5_authenticator	aent;
-    char		clname[128];
-    krb5_authdata	*adatalist[3];
-    krb5_authdata	adataent;
+    krb5_error_code     kret;
+    krb5_auth_context   actx;
+    krb5_address        local_address;
+    krb5_address        remote_address;
+    krb5_octet          laddr_bytes[16];
+    krb5_octet          raddr_bytes[16];
+    krb5_keyblock       ukeyblock;
+    krb5_octet          keydata[8];
+    krb5_authenticator  aent;
+    char                clname[128];
+    krb5_authdata       *adatalist[3];
+    krb5_authdata       adataent;
 
     actx = (krb5_auth_context) NULL;
     if (!(kret = krb5_auth_con_init(kcontext, &actx)) &&
-	!(kret = ser_data(verbose, "> Vanilla auth context",
-			  (krb5_pointer) actx,
-			  KV5M_AUTH_CONTEXT))) {
-	memset(&local_address, 0, sizeof(local_address));
-	memset(&remote_address, 0, sizeof(remote_address));
-	memset(laddr_bytes, 0, sizeof(laddr_bytes));
-	memset(raddr_bytes, 0, sizeof(raddr_bytes));
-	local_address.addrtype = ADDRTYPE_INET;
-	local_address.length = sizeof(laddr_bytes);
-	local_address.contents = laddr_bytes;
-	laddr_bytes[0] = 6;
-	laddr_bytes[1] = 2;
-	laddr_bytes[2] = 69;
-	laddr_bytes[3] = 16;
-	laddr_bytes[4] = 1;
-	laddr_bytes[5] = 0;
-	laddr_bytes[6] = 0;
-	laddr_bytes[7] = 127;
-	remote_address.addrtype = ADDRTYPE_INET;
-	remote_address.length = sizeof(raddr_bytes);
-	remote_address.contents = raddr_bytes;
-	raddr_bytes[0] = 6;
-	raddr_bytes[1] = 2;
-	raddr_bytes[2] = 70;
-	raddr_bytes[3] = 16;
-	raddr_bytes[4] = 1;
-	raddr_bytes[5] = 0;
-	raddr_bytes[6] = 0;
-	raddr_bytes[7] = 127;
-	if (!(kret = krb5_auth_con_setaddrs(kcontext, actx,
-					    &local_address,
-					    &remote_address)) &&
-	    !(kret = krb5_auth_con_setports(kcontext, actx,
-					    &local_address,
-					    &remote_address)) &&
-	    !(kret = ser_data(verbose, "> Auth context with addrs/ports", 
-			      (krb5_pointer) actx,
-			      KV5M_AUTH_CONTEXT))) {
-	    memset(&ukeyblock, 0, sizeof(ukeyblock));
-	    memset(keydata, 0, sizeof(keydata));
-	    ukeyblock.enctype = ENCTYPE_DES_CBC_MD5;
-	    ukeyblock.length = sizeof(keydata);
-	    ukeyblock.contents = keydata;
-	    keydata[0] = 0xde;
-	    keydata[1] = 0xad;
-	    keydata[2] = 0xbe;
-	    keydata[3] = 0xef;
-	    keydata[4] = 0xfe;
-	    keydata[5] = 0xed;
-	    keydata[6] = 0xf0;
-	    keydata[7] = 0xd;
-	    if (!(kret = krb5_auth_con_setuseruserkey(kcontext, actx,
-						      &ukeyblock)) &&
-		!(kret = ser_data(verbose, "> Auth context with user key",
-				  (krb5_pointer) actx,
-				  KV5M_AUTH_CONTEXT)) &&
-		!(kret = krb5_auth_con_initivector(kcontext, actx)) &&
-		!(kret = ser_data(verbose, "> Auth context with new vector",
-				  (krb5_pointer) actx,
-				  KV5M_AUTH_CONTEXT)) &&
-		(free(actx->i_vector), actx->i_vector) &&
-		!(kret = krb5_auth_con_setivector(kcontext, actx,
-						  (krb5_pointer) print_erep)
-		  ) &&
-		!(kret = ser_data(verbose, "> Auth context with set vector",
-				  (krb5_pointer) actx,
-				  KV5M_AUTH_CONTEXT))) {
-		/*
-		 * Finally, add an authenticator.
-		 */
-		memset(&aent, 0, sizeof(aent));
-		aent.magic = KV5M_AUTHENTICATOR;
-		snprintf(clname, sizeof(clname),
-			 "help/me/%d@this.is.a.test", (int) getpid());
-		actx->authentp = &aent;
-		if (!(kret = krb5_parse_name(kcontext, clname,
-					     &aent.client)) &&
-		    !(kret = ser_data(verbose,
-				      "> Auth context with authenticator",
-				      (krb5_pointer) actx,
-				      KV5M_AUTH_CONTEXT))) {
-		    adataent.magic = KV5M_AUTHDATA;
-		    adataent.ad_type = 123;
-		    adataent.length = 128;
-		    adataent.contents = (krb5_octet *) stuff;
-		    adatalist[0] = &adataent;
-		    adatalist[1] = &adataent;
-		    adatalist[2] = (krb5_authdata *) NULL;
-		    aent.authorization_data = adatalist;
-		    if (!(kret = ser_data(verbose,
-					  "> Auth context with full auth",
-					  (krb5_pointer) actx,
-					  KV5M_AUTH_CONTEXT))) {
-			if (verbose)
-			    printf("* krb5_auth_context test succeeded\n");
-		    }
-		    krb5_free_principal(kcontext, aent.client);
-		}
-		actx->authentp = (krb5_authenticator *) NULL;
-	    }
-	}
+        !(kret = ser_data(verbose, "> Vanilla auth context",
+                          (krb5_pointer) actx,
+                          KV5M_AUTH_CONTEXT))) {
+        memset(&local_address, 0, sizeof(local_address));
+        memset(&remote_address, 0, sizeof(remote_address));
+        memset(laddr_bytes, 0, sizeof(laddr_bytes));
+        memset(raddr_bytes, 0, sizeof(raddr_bytes));
+        local_address.addrtype = ADDRTYPE_INET;
+        local_address.length = sizeof(laddr_bytes);
+        local_address.contents = laddr_bytes;
+        laddr_bytes[0] = 6;
+        laddr_bytes[1] = 2;
+        laddr_bytes[2] = 69;
+        laddr_bytes[3] = 16;
+        laddr_bytes[4] = 1;
+        laddr_bytes[5] = 0;
+        laddr_bytes[6] = 0;
+        laddr_bytes[7] = 127;
+        remote_address.addrtype = ADDRTYPE_INET;
+        remote_address.length = sizeof(raddr_bytes);
+        remote_address.contents = raddr_bytes;
+        raddr_bytes[0] = 6;
+        raddr_bytes[1] = 2;
+        raddr_bytes[2] = 70;
+        raddr_bytes[3] = 16;
+        raddr_bytes[4] = 1;
+        raddr_bytes[5] = 0;
+        raddr_bytes[6] = 0;
+        raddr_bytes[7] = 127;
+        if (!(kret = krb5_auth_con_setaddrs(kcontext, actx,
+                                            &local_address,
+                                            &remote_address)) &&
+            !(kret = krb5_auth_con_setports(kcontext, actx,
+                                            &local_address,
+                                            &remote_address)) &&
+            !(kret = ser_data(verbose, "> Auth context with addrs/ports",
+                              (krb5_pointer) actx,
+                              KV5M_AUTH_CONTEXT))) {
+            memset(&ukeyblock, 0, sizeof(ukeyblock));
+            memset(keydata, 0, sizeof(keydata));
+            ukeyblock.enctype = ENCTYPE_DES_CBC_MD5;
+            ukeyblock.length = sizeof(keydata);
+            ukeyblock.contents = keydata;
+            keydata[0] = 0xde;
+            keydata[1] = 0xad;
+            keydata[2] = 0xbe;
+            keydata[3] = 0xef;
+            keydata[4] = 0xfe;
+            keydata[5] = 0xed;
+            keydata[6] = 0xf0;
+            keydata[7] = 0xd;
+            if (!(kret = krb5_auth_con_setuseruserkey(kcontext, actx,
+                                                      &ukeyblock)) &&
+                !(kret = ser_data(verbose, "> Auth context with user key",
+                                  (krb5_pointer) actx,
+                                  KV5M_AUTH_CONTEXT)) &&
+                !(kret = krb5_auth_con_initivector(kcontext, actx)) &&
+                !(kret = ser_data(verbose, "> Auth context with new vector",
+                                  (krb5_pointer) actx,
+                                  KV5M_AUTH_CONTEXT)) &&
+                (free(actx->i_vector), actx->i_vector) &&
+                !(kret = krb5_auth_con_setivector(kcontext, actx,
+                                                  (krb5_pointer) print_erep)
+                ) &&
+                !(kret = ser_data(verbose, "> Auth context with set vector",
+                                  (krb5_pointer) actx,
+                                  KV5M_AUTH_CONTEXT))) {
+                /*
+                 * Finally, add an authenticator.
+                 */
+                memset(&aent, 0, sizeof(aent));
+                aent.magic = KV5M_AUTHENTICATOR;
+                snprintf(clname, sizeof(clname),
+                         "help/me/%d@this.is.a.test", (int) getpid());
+                actx->authentp = &aent;
+                if (!(kret = krb5_parse_name(kcontext, clname,
+                                             &aent.client)) &&
+                    !(kret = ser_data(verbose,
+                                      "> Auth context with authenticator",
+                                      (krb5_pointer) actx,
+                                      KV5M_AUTH_CONTEXT))) {
+                    adataent.magic = KV5M_AUTHDATA;
+                    adataent.ad_type = 123;
+                    adataent.length = 128;
+                    adataent.contents = (krb5_octet *) stuff;
+                    adatalist[0] = &adataent;
+                    adatalist[1] = &adataent;
+                    adatalist[2] = (krb5_authdata *) NULL;
+                    aent.authorization_data = adatalist;
+                    if (!(kret = ser_data(verbose,
+                                          "> Auth context with full auth",
+                                          (krb5_pointer) actx,
+                                          KV5M_AUTH_CONTEXT))) {
+                        if (verbose)
+                            printf("* krb5_auth_context test succeeded\n");
+                    }
+                    krb5_free_principal(kcontext, aent.client);
+                }
+                actx->authentp = (krb5_authenticator *) NULL;
+            }
+        }
     }
     if (actx)
-	krb5_auth_con_free(kcontext, actx);
+        krb5_auth_con_free(kcontext, actx);
     if (kret)
-	printf("* krb5_auth_context test failed\n");
+        printf("* krb5_auth_context test failed\n");
     return(kret);
 }
 
@@ -362,44 +363,44 @@ ser_acontext_test(krb5_context kcontext, int verbose)
 static krb5_error_code
 ser_ccache_test(krb5_context kcontext, int verbose)
 {
-    krb5_error_code	kret;
-    char		ccname[128];
-    char		princname[256];
-    krb5_ccache		ccache;
-    krb5_principal	principal;
+    krb5_error_code     kret;
+    char                ccname[128];
+    char                princname[256];
+    krb5_ccache         ccache;
+    krb5_principal      principal;
 
     snprintf(ccname, sizeof(ccname), "temp_cc_%d", (int) getpid());
     snprintf(princname, sizeof(princname),
-	     "zowie%d/instance%d@this.is.a.test",
-	     (int) getpid(), (int) getpid());
+             "zowie%d/instance%d@this.is.a.test",
+             (int) getpid(), (int) getpid());
     if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) &&
-	!(kret = ser_data(verbose, "> Resolved default ccache",
-			  (krb5_pointer) ccache, KV5M_CCACHE)) &&
-	!(kret = krb5_parse_name(kcontext, princname, &principal)) &&
-	!(kret = krb5_cc_initialize(kcontext, ccache, principal)) &&
-	!(kret = ser_data(verbose, "> Initialized default ccache",
-			  (krb5_pointer) ccache, KV5M_CCACHE)) &&
-	!(kret = krb5_cc_destroy(kcontext, ccache))) {
-	krb5_free_principal(kcontext, principal);
-	snprintf(ccname, sizeof(ccname), "FILE:temp_cc_%d", (int) getpid());
-	snprintf(princname, sizeof(princname), "xxx%d/i%d@this.is.a.test",
-		 (int) getpid(), (int) getpid());
-	if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) &&
-	    !(kret = ser_data(verbose, "> Resolved FILE ccache",
-			      (krb5_pointer) ccache, KV5M_CCACHE)) &&
-	    !(kret = krb5_parse_name(kcontext, princname, &principal)) &&
-	    !(kret = krb5_cc_initialize(kcontext, ccache, principal)) &&
-	    !(kret = ser_data(verbose, "> Initialized FILE ccache",
-			      (krb5_pointer) ccache, KV5M_CCACHE)) &&
-	    !(kret = krb5_cc_destroy(kcontext, ccache))) {
-	    krb5_free_principal(kcontext, principal);
-
-	    if (verbose)
-		printf("* ccache test succeeded\n");
-	}
+        !(kret = ser_data(verbose, "> Resolved default ccache",
+                          (krb5_pointer) ccache, KV5M_CCACHE)) &&
+        !(kret = krb5_parse_name(kcontext, princname, &principal)) &&
+        !(kret = krb5_cc_initialize(kcontext, ccache, principal)) &&
+        !(kret = ser_data(verbose, "> Initialized default ccache",
+                          (krb5_pointer) ccache, KV5M_CCACHE)) &&
+        !(kret = krb5_cc_destroy(kcontext, ccache))) {
+        krb5_free_principal(kcontext, principal);
+        snprintf(ccname, sizeof(ccname), "FILE:temp_cc_%d", (int) getpid());
+        snprintf(princname, sizeof(princname), "xxx%d/i%d@this.is.a.test",
+                 (int) getpid(), (int) getpid());
+        if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) &&
+            !(kret = ser_data(verbose, "> Resolved FILE ccache",
+                              (krb5_pointer) ccache, KV5M_CCACHE)) &&
+            !(kret = krb5_parse_name(kcontext, princname, &principal)) &&
+            !(kret = krb5_cc_initialize(kcontext, ccache, principal)) &&
+            !(kret = ser_data(verbose, "> Initialized FILE ccache",
+                              (krb5_pointer) ccache, KV5M_CCACHE)) &&
+            !(kret = krb5_cc_destroy(kcontext, ccache))) {
+            krb5_free_principal(kcontext, principal);
+
+            if (verbose)
+                printf("* ccache test succeeded\n");
+        }
     }
     if (kret)
-	printf("* krb5_ccache test failed\n");
+        printf("* krb5_ccache test failed\n");
     return(kret);
 }
 
@@ -409,33 +410,33 @@ ser_ccache_test(krb5_context kcontext, int verbose)
 static krb5_error_code
 ser_keytab_test(krb5_context kcontext, int verbose)
 {
-    krb5_error_code	kret;
-    char		ccname[128];
-    krb5_keytab		keytab;
+    krb5_error_code     kret;
+    char                ccname[128];
+    krb5_keytab         keytab;
 
     snprintf(ccname, sizeof(ccname), "temp_kt_%d", (int) getpid());
     if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) &&
-	!(kret = ser_data(verbose, "> Resolved default keytab",
-			  (krb5_pointer) keytab, KV5M_KEYTAB)) &&
-	!(kret = krb5_kt_close(kcontext, keytab))) {
-	snprintf(ccname, sizeof(ccname), "FILE:temp_kt_%d", (int) getpid());
-	if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) &&
-	    !(kret = ser_data(verbose, "> Resolved FILE keytab",
-			      (krb5_pointer) keytab, KV5M_KEYTAB)) &&
-	    !(kret = krb5_kt_close(kcontext, keytab))) {
-	    snprintf(ccname, sizeof(ccname),
-		     "WRFILE:temp_kt_%d", (int) getpid());
-	    if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) &&
-		!(kret = ser_data(verbose, "> Resolved WRFILE keytab",
-				  (krb5_pointer) keytab, KV5M_KEYTAB)) &&
-		!(kret = krb5_kt_close(kcontext, keytab))) {
-		if (verbose)
-		    printf("* keytab test succeeded\n");
-	    }
-	}
+        !(kret = ser_data(verbose, "> Resolved default keytab",
+                          (krb5_pointer) keytab, KV5M_KEYTAB)) &&
+        !(kret = krb5_kt_close(kcontext, keytab))) {
+        snprintf(ccname, sizeof(ccname), "FILE:temp_kt_%d", (int) getpid());
+        if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) &&
+            !(kret = ser_data(verbose, "> Resolved FILE keytab",
+                              (krb5_pointer) keytab, KV5M_KEYTAB)) &&
+            !(kret = krb5_kt_close(kcontext, keytab))) {
+            snprintf(ccname, sizeof(ccname),
+                     "WRFILE:temp_kt_%d", (int) getpid());
+            if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) &&
+                !(kret = ser_data(verbose, "> Resolved WRFILE keytab",
+                                  (krb5_pointer) keytab, KV5M_KEYTAB)) &&
+                !(kret = krb5_kt_close(kcontext, keytab))) {
+                if (verbose)
+                    printf("* keytab test succeeded\n");
+            }
+        }
     }
     if (kret)
-	printf("* krb5_keytab test failed\n");
+        printf("* krb5_keytab test failed\n");
     return(kret);
 }
 
@@ -445,23 +446,23 @@ ser_keytab_test(krb5_context kcontext, int verbose)
 static krb5_error_code
 ser_rcache_test(krb5_context kcontext, int verbose)
 {
-    krb5_error_code	kret;
-    char		rcname[128];
-    krb5_rcache		rcache;
+    krb5_error_code     kret;
+    char                rcname[128];
+    krb5_rcache         rcache;
 
     snprintf(rcname, sizeof(rcname), "dfl:temp_rc_%d", (int) getpid());
     if (!(kret = krb5_rc_resolve_full(kcontext, &rcache, rcname)) &&
-	!(kret = ser_data(verbose, "> Resolved FILE rcache",
-			  (krb5_pointer) rcache, KV5M_RCACHE)) &&
-	!(kret = krb5_rc_initialize(kcontext, rcache, 3600*24)) &&
-	!(kret = ser_data(verbose, "> Initialized FILE rcache",
-			  (krb5_pointer) rcache, KV5M_RCACHE)) &&
-	!(kret = krb5_rc_destroy(kcontext, rcache))) {
-	if (verbose)
-	    printf("* rcache test succeeded\n");
+        !(kret = ser_data(verbose, "> Resolved FILE rcache",
+                          (krb5_pointer) rcache, KV5M_RCACHE)) &&
+        !(kret = krb5_rc_initialize(kcontext, rcache, 3600*24)) &&
+        !(kret = ser_data(verbose, "> Initialized FILE rcache",
+                          (krb5_pointer) rcache, KV5M_RCACHE)) &&
+        !(kret = krb5_rc_destroy(kcontext, rcache))) {
+        if (verbose)
+            printf("* rcache test succeeded\n");
     }
     if (kret)
-	printf("* krb5_rcache test failed\n");
+        printf("* krb5_rcache test failed\n");
     return(kret);
 }
 
@@ -471,50 +472,50 @@ ser_rcache_test(krb5_context kcontext, int verbose)
  */
 static krb5_error_code
 ser_eblock_test(kcontext, verbose)
-    krb5_context	kcontext;
-    int			verbose;
+    krb5_context        kcontext;
+    int                 verbose;
 {
-    krb5_error_code	kret;
-    krb5_encrypt_block	eblock;    
-    krb5_keyblock	ukeyblock;
-    krb5_octet		keydata[8];
+    krb5_error_code     kret;
+    krb5_encrypt_block  eblock;
+    krb5_keyblock       ukeyblock;
+    krb5_octet          keydata[8];
 
     memset(&eblock, 0, sizeof(krb5_encrypt_block));
     eblock.magic = KV5M_ENCRYPT_BLOCK;
     krb5_use_enctype(kcontext, &eblock, DEFAULT_KDC_ENCTYPE);
     if (!(kret = ser_data(verbose, "> NULL eblock",
-			  (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) {
+                          (krb5_pointer) &eblock, KV5M_ENCRYPT_BLOCK))) {
 #if 0
-	eblock.priv = (krb5_pointer) stuff;
-	eblock.priv_size = 8;
+        eblock.priv = (krb5_pointer) stuff;
+        eblock.priv_size = 8;
 #endif
-	if (!(kret = ser_data(verbose, "> eblock with private data",
-			      (krb5_pointer) &eblock,
-			      KV5M_ENCRYPT_BLOCK))) {
-	    memset(&ukeyblock, 0, sizeof(ukeyblock));
-	    memset(keydata, 0, sizeof(keydata));
-	    ukeyblock.enctype = ENCTYPE_DES_CBC_MD5;
-	    ukeyblock.length = sizeof(keydata);
-	    ukeyblock.contents = keydata;
-	    keydata[0] = 0xde;
-	    keydata[1] = 0xad;
-	    keydata[2] = 0xbe;
-	    keydata[3] = 0xef;
-	    keydata[4] = 0xfe;
-	    keydata[5] = 0xed;
-	    keydata[6] = 0xf0;
-	    keydata[7] = 0xd;
-	    eblock.key = &ukeyblock;
-	    if (!(kret = ser_data(verbose, "> eblock with private key",
-				  (krb5_pointer) &eblock,
-				  KV5M_ENCRYPT_BLOCK))) {
-		if (verbose)
-		    printf("* eblock test succeeded\n");
-	    }
-	}
+        if (!(kret = ser_data(verbose, "> eblock with private data",
+                              (krb5_pointer) &eblock,
+                              KV5M_ENCRYPT_BLOCK))) {
+            memset(&ukeyblock, 0, sizeof(ukeyblock));
+            memset(keydata, 0, sizeof(keydata));
+            ukeyblock.enctype = ENCTYPE_DES_CBC_MD5;
+            ukeyblock.length = sizeof(keydata);
+            ukeyblock.contents = keydata;
+            keydata[0] = 0xde;
+            keydata[1] = 0xad;
+            keydata[2] = 0xbe;
+            keydata[3] = 0xef;
+            keydata[4] = 0xfe;
+            keydata[5] = 0xed;
+            keydata[6] = 0xf0;
+            keydata[7] = 0xd;
+            eblock.key = &ukeyblock;
+            if (!(kret = ser_data(verbose, "> eblock with private key",
+                                  (krb5_pointer) &eblock,
+                                  KV5M_ENCRYPT_BLOCK))) {
+                if (verbose)
+                    printf("* eblock test succeeded\n");
+            }
+        }
     }
     if (kret)
-	printf("* eblock test failed\n");
+        printf("* eblock test failed\n");
     return(kret);
 }
 #endif
@@ -525,23 +526,23 @@ ser_eblock_test(kcontext, verbose)
 static krb5_error_code
 ser_princ_test(krb5_context kcontext, int verbose)
 {
-    krb5_error_code	kret;
-    krb5_principal	princ;
-    char		pname[1024];
+    krb5_error_code     kret;
+    krb5_principal      princ;
+    char                pname[1024];
 
     snprintf(pname, sizeof(pname),
-	     "the/quick/brown/fox/jumped/over/the/lazy/dog/%d@this.is.a.test",
-	     (int) getpid());
+             "the/quick/brown/fox/jumped/over/the/lazy/dog/%d@this.is.a.test",
+             (int) getpid());
     if (!(kret = krb5_parse_name(kcontext, pname, &princ))) {
-	if (!(kret = ser_data(verbose, "> Principal",
-			      (krb5_pointer) princ, KV5M_PRINCIPAL))) {
-	    if (verbose)
-		printf("* principal test succeeded\n");
-	}
-	krb5_free_principal(kcontext, princ);
+        if (!(kret = ser_data(verbose, "> Principal",
+                              (krb5_pointer) princ, KV5M_PRINCIPAL))) {
+            if (verbose)
+                printf("* principal test succeeded\n");
+        }
+        krb5_free_principal(kcontext, princ);
     }
     if (kret)
-	printf("* principal test failed\n");
+        printf("* principal test failed\n");
     return(kret);
 }
 
@@ -551,26 +552,26 @@ ser_princ_test(krb5_context kcontext, int verbose)
 static krb5_error_code
 ser_cksum_test(krb5_context kcontext, int verbose)
 {
-    krb5_error_code	kret;
-    krb5_checksum	checksum;
-    krb5_octet		ckdata[24];
+    krb5_error_code     kret;
+    krb5_checksum       checksum;
+    krb5_octet          ckdata[24];
 
     memset(&checksum, 0, sizeof(krb5_checksum));
     checksum.magic = KV5M_CHECKSUM;
     if (!(kret = ser_data(verbose, "> NULL checksum",
-			  (krb5_pointer) &checksum, KV5M_CHECKSUM))) {
-	checksum.checksum_type = 123;
-	checksum.length = sizeof(ckdata);
-	checksum.contents = ckdata;
-	memcpy(ckdata, &stuff, sizeof(ckdata)); 
-	if (!(kret = ser_data(verbose, "> checksum with data",
-			      (krb5_pointer) &checksum, KV5M_CHECKSUM))) {
-	    if (verbose)
-		printf("* checksum test succeeded\n");
-	}
+                          (krb5_pointer) &checksum, KV5M_CHECKSUM))) {
+        checksum.checksum_type = 123;
+        checksum.length = sizeof(ckdata);
+        checksum.contents = ckdata;
+        memcpy(ckdata, &stuff, sizeof(ckdata));
+        if (!(kret = ser_data(verbose, "> checksum with data",
+                              (krb5_pointer) &checksum, KV5M_CHECKSUM))) {
+            if (verbose)
+                printf("* checksum test succeeded\n");
+        }
     }
     if (kret)
-	printf("* checksum test failed\n");
+        printf("* checksum test failed\n");
     return(kret);
 }
 
@@ -580,14 +581,14 @@ ser_cksum_test(krb5_context kcontext, int verbose)
 int
 main(int argc, char **argv)
 {
-    krb5_error_code	kret;
-    krb5_context	kcontext;
-    int			do_atest, do_ctest, do_ktest, do_rtest, do_xtest;
-    int			do_etest, do_ptest, do_stest;
-    int			verbose;
-    int			option;
-    extern char		*optarg;
-    char		ch_err;
+    krb5_error_code     kret;
+    krb5_context        kcontext;
+    int                 do_atest, do_ctest, do_ktest, do_rtest, do_xtest;
+    int                 do_etest, do_ptest, do_stest;
+    int                 verbose;
+    int                 option;
+    extern char         *optarg;
+    char                ch_err;
 
     kret = 0;
     verbose = 0;
@@ -600,125 +601,125 @@ main(int argc, char **argv)
     do_rtest = 1;
     do_stest = 1;
     while ((option = getopt(argc, argv, "acekprsxvACEKPRSX")) != -1) {
-	switch (option) {
-	case 'a':
-	    do_atest = 0;
-	    break;
-	case 'c':
-	    do_ctest = 0;
-	    break;
-	case 'e':
-	    do_etest = 0;
-	    break;
-	case 'k':
-	    do_ktest = 0;
-	    break;
-	case 'p':
-	    do_ptest = 0;
-	    break;
-	case 'r':
-	    do_rtest = 0;
-	    break;
-	case 's':
-	    do_stest = 0;
-	    break;
-	case 'x':
-	    do_xtest = 0;
-	    break;
-	case 'v':
-	    verbose = 1;
-	    break;
-	case 'A':
-	    do_atest = 1;
-	    break;
-	case 'C':
-	    do_ctest = 1;
-	    break;
+        switch (option) {
+        case 'a':
+            do_atest = 0;
+            break;
+        case 'c':
+            do_ctest = 0;
+            break;
+        case 'e':
+            do_etest = 0;
+            break;
+        case 'k':
+            do_ktest = 0;
+            break;
+        case 'p':
+            do_ptest = 0;
+            break;
+        case 'r':
+            do_rtest = 0;
+            break;
+        case 's':
+            do_stest = 0;
+            break;
+        case 'x':
+            do_xtest = 0;
+            break;
+        case 'v':
+            verbose = 1;
+            break;
+        case 'A':
+            do_atest = 1;
+            break;
+        case 'C':
+            do_ctest = 1;
+            break;
 #if 0
-	case 'E':
-	    do_etest = 1;
-	    break;
+        case 'E':
+            do_etest = 1;
+            break;
 #endif
-	case 'K':
-	    do_ktest = 1;
-	    break;
-	case 'P':
-	    do_ptest = 1;
-	    break;
-	case 'R':
-	    do_rtest = 1;
-	    break;
-	case 'S':
-	    do_stest = 1;
-	    break;
-	case 'X':
-	    do_xtest = 1;
-	    break;
-	default:
-	    fprintf(stderr,
-		    "%s: usage is %s [-acekprsxvACEKPRSX]\n",
-		    argv[0], argv[0]);
-	    exit(1);
-	    break;
-	}
+        case 'K':
+            do_ktest = 1;
+            break;
+        case 'P':
+            do_ptest = 1;
+            break;
+        case 'R':
+            do_rtest = 1;
+            break;
+        case 'S':
+            do_stest = 1;
+            break;
+        case 'X':
+            do_xtest = 1;
+            break;
+        default:
+            fprintf(stderr,
+                    "%s: usage is %s [-acekprsxvACEKPRSX]\n",
+                    argv[0], argv[0]);
+            exit(1);
+            break;
+        }
     }
     if ((kret = krb5_init_context(&kcontext))) {
-	    com_err(argv[0], kret, "while initializing krb5");
-	    exit(1);
+        com_err(argv[0], kret, "while initializing krb5");
+        exit(1);
     }
-    
+
     if (do_xtest) {
-	    ch_err = 'x';
-	    kret = ser_kcontext_test(kcontext, verbose);
-	    if (kret)
-		    goto fail;
+        ch_err = 'x';
+        kret = ser_kcontext_test(kcontext, verbose);
+        if (kret)
+            goto fail;
     }
     if (do_atest) {
-	    ch_err = 'a';
-	    kret = ser_acontext_test(kcontext, verbose);
-	    if (kret)
-		    goto fail;
+        ch_err = 'a';
+        kret = ser_acontext_test(kcontext, verbose);
+        if (kret)
+            goto fail;
     }
     if (do_ctest) {
-	    ch_err = 'c';
-	    kret = ser_ccache_test(kcontext, verbose);
-	    if (kret)
-		    goto fail;
+        ch_err = 'c';
+        kret = ser_ccache_test(kcontext, verbose);
+        if (kret)
+            goto fail;
     }
     if (do_ktest) {
-	    ch_err = 'k';
-	    kret = ser_keytab_test(kcontext, verbose);
-	    if (kret)
-		    goto fail;
+        ch_err = 'k';
+        kret = ser_keytab_test(kcontext, verbose);
+        if (kret)
+            goto fail;
     }
     if (do_rtest) {
-	    ch_err = 'r';
-	    kret = ser_rcache_test(kcontext, verbose);
-	    if (kret)
-		    goto fail;
+        ch_err = 'r';
+        kret = ser_rcache_test(kcontext, verbose);
+        if (kret)
+            goto fail;
     }
 #if 0 /* code to be tested is currently disabled */
     if (do_etest) {
-	    ch_err = 'e';
-	    kret = ser_eblock_test(kcontext, verbose);
-	    if (kret)
-		    goto fail;
+        ch_err = 'e';
+        kret = ser_eblock_test(kcontext, verbose);
+        if (kret)
+            goto fail;
     }
 #endif
     if (do_ptest) {
-	    ch_err = 'p';
-	    kret = ser_princ_test(kcontext, verbose);
-	    if (kret)
-		    goto fail;
+        ch_err = 'p';
+        kret = ser_princ_test(kcontext, verbose);
+        if (kret)
+            goto fail;
     }
     if (do_stest) {
-	    ch_err = 's';
-	    kret = ser_cksum_test(kcontext, verbose);
-	    if (kret)
-		    goto fail;
+        ch_err = 's';
+        kret = ser_cksum_test(kcontext, verbose);
+        if (kret)
+            goto fail;
     }
     krb5_free_context(kcontext);
-    
+
     exit(0);
 fail:
     com_err(argv[0], kret, "--- test %cfailed", ch_err);
diff --git a/src/lib/krb5/krb/t_walk_rtree.c b/src/lib/krb5/krb/t_walk_rtree.c
index 466118667..09e71af0f 100644
--- a/src/lib/krb5/krb/t_walk_rtree.c
+++ b/src/lib/krb5/krb/t_walk_rtree.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * t_walk_rtree.c --- test krb5_walk_realm_tree
  */
@@ -9,50 +10,49 @@
 int
 main(int argc, char **argv)
 {
-	krb5_data client, server;
-	char	realm_branch_char = '.';
-	krb5_principal *tree, *p;
-	char *name;
-	krb5_error_code	retval;
-	krb5_context context;
-	
-	krb5_init_context(&context);
-	
-	if (argc < 3 || argc > 4) {
-		fprintf(stderr,
-			"Usage: %s client-realm server-realm [sep_char]\n",
-			argv[0]);
-		exit(99);
-	}
-	client.data = argv[1];
-	client.length = strlen(client.data);
-
-	server.data = argv[2];
-	server.length = strlen(server.data);
-
-	if (argc == 4)
-		realm_branch_char = argv[3][0];
-
-	retval = krb5_walk_realm_tree(context, &client, &server, &tree,
-				      realm_branch_char);
-	if (retval) {
-		com_err("krb5_walk_realm_tree", retval, " ");
-		exit(1);
-	}
-
-	for (p = tree; *p; p++) {
-		retval = krb5_unparse_name(context, *p, &name);
-		if (retval) {
-			com_err("krb5_unprase_name", retval, " ");
-			exit(2);
-		}
-		printf("%s\n", name);
-		free(name);
-	}
-
-	krb5_free_realm_tree(context, tree);
-	krb5_free_context(context);
-
-	exit(0);
+    krb5_data client, server;
+    char    realm_branch_char = '.';
+    krb5_principal *tree, *p;
+    char *name;
+    krb5_error_code retval;
+    krb5_context context;
+
+    krb5_init_context(&context);
+
+    if (argc < 3 || argc > 4) {
+        fprintf(stderr,
+                "Usage: %s client-realm server-realm [sep_char]\n",
+                argv[0]);
+        exit(99);
+    }
+    client.data = argv[1];
+    client.length = strlen(client.data);
+
+    server.data = argv[2];
+    server.length = strlen(server.data);
+
+    if (argc == 4)
+        realm_branch_char = argv[3][0];
+
+    retval = krb5_walk_realm_tree(context, &client, &server, &tree,
+                                  realm_branch_char);
+    if (retval) {
+        com_err("krb5_walk_realm_tree", retval, " ");
+        exit(1);
+    }
+
+    for (p = tree; *p; p++) {
+        retval = krb5_unparse_name(context, *p, &name);
+        if (retval) {
+            com_err("krb5_unprase_name", retval, " ");
+            exit(2);
+        }
+        printf("%s\n", name);
+        free(name);
+    }
+
+    krb5_free_realm_tree(context, tree);
+    krb5_free_context(context);
+
+    exit(0);
 }
-
diff --git a/src/lib/krb5/krb/tgtname.c b/src/lib/krb5/krb/tgtname.c
index 4ca241623..cfd01cb0a 100644
--- a/src/lib/krb5/krb/tgtname.c
+++ b/src/lib/krb5/krb/tgtname.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/tgtname.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_tgtname()
  */
@@ -36,7 +37,7 @@ krb5_error_code
 krb5_tgtname(krb5_context context, const krb5_data *server, const krb5_data *client, krb5_principal *tgtprinc)
 {
     return krb5_build_principal_ext(context, tgtprinc, client->length, client->data,
-				    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, 
-				    server->length, server->data,
-				    0);
+                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                    server->length, server->data,
+                                    0);
 }
diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c
index ec0976fb2..cb3624295 100644
--- a/src/lib/krb5/krb/unparse.c
+++ b/src/lib/krb5/krb/unparse.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/unparse.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_unparse_name() routine
  *
@@ -37,8 +38,8 @@
 
 /*
  * converts the multi-part principal format used in the protocols to a
- * single-string representation of the name. 
- *  
+ * single-string representation of the name.
+ *
  * The name returned is in allocated storage and should be freed by
  * the caller when finished.
  *
@@ -48,14 +49,14 @@
  * backslash encoding.  ("\/", "\@", or '\0', respectively)
  *
  * returns error
- *	KRB_PARSE_MALFORMED	principal is invalid (does not contain
- *				at least 2 components)
+ *      KRB_PARSE_MALFORMED     principal is invalid (does not contain
+ *                              at least 2 components)
  * also returns system errors
- *	ENOMEM			unable to allocate memory for string
+ *      ENOMEM                  unable to allocate memory for string
  */
 
-#define REALM_SEP	'@'
-#define	COMPONENT_SEP	'/'
+#define REALM_SEP       '@'
+#define COMPONENT_SEP   '/'
 
 static int
 component_length_quoted(const krb5_data *src, int flags)
@@ -66,15 +67,15 @@ component_length_quoted(const krb5_data *src, int flags)
     int size = length;
 
     if ((flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) == 0) {
-	int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) &&
-		       !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT);
-
-	for (j = 0; j < length; j++,cp++)
-	    if ((!no_realm && *cp == REALM_SEP) ||
-		*cp == COMPONENT_SEP ||
-		*cp == '\0' || *cp == '\\' || *cp == '\t' ||
-		*cp == '\n' || *cp == '\b')
-		size++;
+        int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) &&
+            !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT);
+
+        for (j = 0; j < length; j++,cp++)
+            if ((!no_realm && *cp == REALM_SEP) ||
+                *cp == COMPONENT_SEP ||
+                *cp == '\0' || *cp == '\\' || *cp == '\t' ||
+                *cp == '\n' || *cp == '\b')
+                size++;
     }
 
     return size;
@@ -89,181 +90,180 @@ copy_component_quoting(char *dest, const krb5_data *src, int flags)
     int length = src->length;
 
     if (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) {
-	memcpy(dest, src->data, src->length);
-	return src->length;
+        memcpy(dest, src->data, src->length);
+        return src->length;
     }
 
     for (j=0; j < length; j++,cp++) {
-	int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) &&
-		       !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT);
-
-	switch (*cp) {
-	case REALM_SEP:
-	    if (no_realm) {
-		*q++ = *cp;
-		break;
-	    }
-	case COMPONENT_SEP:
-	case '\\':
-	    *q++ = '\\';
-	    *q++ = *cp;
-	    break;
-	case '\t':
-	    *q++ = '\\';
-	    *q++ = 't';
-	    break;
-	case '\n':
-	    *q++ = '\\';
-	    *q++ = 'n';
-	    break;
-	case '\b':
-	    *q++ = '\\';
-	    *q++ = 'b';
-	    break;
+        int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) &&
+            !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT);
+
+        switch (*cp) {
+        case REALM_SEP:
+            if (no_realm) {
+                *q++ = *cp;
+                break;
+            }
+        case COMPONENT_SEP:
+        case '\\':
+            *q++ = '\\';
+        *q++ = *cp;
+        break;
+        case '\t':
+            *q++ = '\\';
+            *q++ = 't';
+            break;
+        case '\n':
+            *q++ = '\\';
+            *q++ = 'n';
+            break;
+        case '\b':
+            *q++ = '\\';
+            *q++ = 'b';
+            break;
 #if 0
-	/* Heimdal escapes spaces in principal names upon unparsing */
-	case ' ':
-	    *q++ = '\\';
-	    *q++ = ' ';
-	    break;
+            /* Heimdal escapes spaces in principal names upon unparsing */
+        case ' ':
+            *q++ = '\\';
+            *q++ = ' ';
+            break;
 #endif
-	case '\0':
-	    *q++ = '\\';
-	    *q++ = '0';
-	    break;
-	default:
-	    *q++ = *cp;
-	}
+        case '\0':
+            *q++ = '\\';
+            *q++ = '0';
+            break;
+        default:
+            *q++ = *cp;
+        }
     }
     return q - dest;
 }
 
 static krb5_error_code
 k5_unparse_name(krb5_context context, krb5_const_principal principal,
-		int flags, char **name, unsigned int *size)
+                int flags, char **name, unsigned int *size)
 {
-	char *cp, *q;
-	int i;
-	int	length;
-	krb5_int32 nelem;
-	unsigned int totalsize = 0;
-	char *default_realm = NULL;
-	krb5_error_code ret = 0;
-
-	if (!principal || !name)
-		return KRB5_PARSE_MALFORMED;
-
-	if (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) {
-		/* omit realm if local realm */
-		krb5_principal_data p;
-
-		ret = krb5_get_default_realm(context, &default_realm);
-		if (ret != 0)
-			goto cleanup;
-
-		krb5_princ_realm(context, &p)->length = strlen(default_realm);
-		krb5_princ_realm(context, &p)->data = default_realm;
-
-		if (krb5_realm_compare(context, &p, principal))
-			flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM;
-	}
-
-	if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) {
-		totalsize += component_length_quoted(krb5_princ_realm(context,
-								      principal),
-						     flags);
-		totalsize++;		/* This is for the separator */
-	}
-
-	nelem = krb5_princ_size(context, principal);
-	for (i = 0; i < (int) nelem; i++) {
-		cp = krb5_princ_component(context, principal, i)->data;
-		totalsize += component_length_quoted(krb5_princ_component(context, principal, i), flags);
-		totalsize++;	/* This is for the separator */
-	}
-	if (nelem == 0)
-		totalsize++;
-
-	/*
-	 * Allocate space for the ascii string; if space has been
-	 * provided, use it, realloc'ing it if necessary.
-	 * 
-	 * We need only n-1 seperators for n components, but we need
-	 * an extra byte for the NUL at the end.
-	 */
-        if (size) {
-            if (*name && (*size < totalsize)) {
-                *name = realloc(*name, totalsize);
-            } else {
-                *name = malloc(totalsize);
-            }
-            *size = totalsize;
+    char *cp, *q;
+    int i;
+    int     length;
+    krb5_int32 nelem;
+    unsigned int totalsize = 0;
+    char *default_realm = NULL;
+    krb5_error_code ret = 0;
+
+    if (!principal || !name)
+        return KRB5_PARSE_MALFORMED;
+
+    if (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) {
+        /* omit realm if local realm */
+        krb5_principal_data p;
+
+        ret = krb5_get_default_realm(context, &default_realm);
+        if (ret != 0)
+            goto cleanup;
+
+        krb5_princ_realm(context, &p)->length = strlen(default_realm);
+        krb5_princ_realm(context, &p)->data = default_realm;
+
+        if (krb5_realm_compare(context, &p, principal))
+            flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM;
+    }
+
+    if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) {
+        totalsize += component_length_quoted(krb5_princ_realm(context,
+                                                              principal),
+                                             flags);
+        totalsize++;            /* This is for the separator */
+    }
+
+    nelem = krb5_princ_size(context, principal);
+    for (i = 0; i < (int) nelem; i++) {
+        cp = krb5_princ_component(context, principal, i)->data;
+        totalsize += component_length_quoted(krb5_princ_component(context, principal, i), flags);
+        totalsize++;    /* This is for the separator */
+    }
+    if (nelem == 0)
+        totalsize++;
+
+    /*
+     * Allocate space for the ascii string; if space has been
+     * provided, use it, realloc'ing it if necessary.
+     *
+     * We need only n-1 seperators for n components, but we need
+     * an extra byte for the NUL at the end.
+     */
+    if (size) {
+        if (*name && (*size < totalsize)) {
+            *name = realloc(*name, totalsize);
         } else {
             *name = malloc(totalsize);
         }
+        *size = totalsize;
+    } else {
+        *name = malloc(totalsize);
+    }
 
-	if (!*name) {
-		ret = ENOMEM;
-		goto cleanup;
-	}
-
-	q = *name;
-	
-	for (i = 0; i < (int) nelem; i++) {
-		cp = krb5_princ_component(context, principal, i)->data;
-		length = krb5_princ_component(context, principal, i)->length;
-		q += copy_component_quoting(q,
-					    krb5_princ_component(context,
-								 principal,
-								 i),
-					    flags);
-		*q++ = COMPONENT_SEP;
-	}
-
-	if (i > 0)
-	    q--;		/* Back up last component separator */
-	if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) {
-		*q++ = REALM_SEP;
-		q += copy_component_quoting(q, krb5_princ_realm(context, principal), flags);
-	}
-	*q++ = '\0';
+    if (!*name) {
+        ret = ENOMEM;
+        goto cleanup;
+    }
+
+    q = *name;
+
+    for (i = 0; i < (int) nelem; i++) {
+        cp = krb5_princ_component(context, principal, i)->data;
+        length = krb5_princ_component(context, principal, i)->length;
+        q += copy_component_quoting(q,
+                                    krb5_princ_component(context,
+                                                         principal,
+                                                         i),
+                                    flags);
+        *q++ = COMPONENT_SEP;
+    }
+
+    if (i > 0)
+        q--;                /* Back up last component separator */
+    if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) {
+        *q++ = REALM_SEP;
+        q += copy_component_quoting(q, krb5_princ_realm(context, principal), flags);
+    }
+    *q++ = '\0';
 
 cleanup:
-	if (default_realm != NULL)
-		krb5_free_default_realm(context, default_realm);
+    if (default_realm != NULL)
+        krb5_free_default_realm(context, default_realm);
 
-	return ret;
+    return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name)
 {
     if (name != NULL)                      /* name == NULL will return error from _ext */
-	*name = NULL;
+        *name = NULL;
 
     return k5_unparse_name(context, principal, 0, name, NULL);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal,
-		      char **name, unsigned int *size)
+                      char **name, unsigned int *size)
 {
     return k5_unparse_name(context, principal, 0, name, size);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal,
-			int flags, char **name)
+                        int flags, char **name)
 {
     if (name != NULL)
-	*name = NULL;
+        *name = NULL;
     return k5_unparse_name(context, principal, flags, name, NULL);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_unparse_name_flags_ext(krb5_context context, krb5_const_principal principal,
-			    int flags, char **name, unsigned int *size)
+                            int flags, char **name, unsigned int *size)
 {
     return k5_unparse_name(context, principal, flags, name, size);
 }
-
diff --git a/src/lib/krb5/krb/valid_times.c b/src/lib/krb5/krb/valid_times.c
index febbc369f..72304efd7 100644
--- a/src/lib/krb5/krb/valid_times.c
+++ b/src/lib/krb5/krb/valid_times.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/valid_times.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_validate_times()
  */
@@ -37,26 +38,23 @@
 krb5_error_code
 krb5_validate_times(krb5_context context, krb5_ticket_times *times)
 {
-	krb5_timestamp 	  	currenttime, starttime;
-	krb5_error_code		retval;
+    krb5_timestamp          currenttime, starttime;
+    krb5_error_code         retval;
 
-	if ((retval = krb5_timeofday(context, &currenttime)))
-		return retval;
+    if ((retval = krb5_timeofday(context, &currenttime)))
+        return retval;
 
-	/* if starttime is not in ticket, then treat it as authtime */
-	if (times->starttime != 0)
-		starttime = times->starttime;
-	else
-		starttime = times->authtime;
+    /* if starttime is not in ticket, then treat it as authtime */
+    if (times->starttime != 0)
+        starttime = times->starttime;
+    else
+        starttime = times->authtime;
 
-	if (starttime - currenttime > context->clockskew)
-		return KRB5KRB_AP_ERR_TKT_NYV;	/* ticket not yet valid */
+    if (starttime - currenttime > context->clockskew)
+        return KRB5KRB_AP_ERR_TKT_NYV;  /* ticket not yet valid */
 
-	if ((currenttime - times->endtime) > context->clockskew)
-		return KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */
+    if ((currenttime - times->endtime) > context->clockskew)
+        return KRB5KRB_AP_ERR_TKT_EXPIRED; /* ticket expired */
 
-	return 0;
+    return 0;
 }
-
-       
-
diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c
index 6f53f5728..2b9beeb91 100644
--- a/src/lib/krb5/krb/vfy_increds.c
+++ b/src/lib/krb5/krb/vfy_increds.c
@@ -1,232 +1,233 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include "int-proto.h"
 
 static krb5_error_code
 krb5_cc_copy_creds_except(krb5_context context, krb5_ccache incc, krb5_ccache outcc, krb5_principal princ)
 {
-   krb5_error_code code;
-   krb5_flags flags;
-   krb5_cc_cursor cur;
-   krb5_creds creds;
+    krb5_error_code code;
+    krb5_flags flags;
+    krb5_cc_cursor cur;
+    krb5_creds creds;
 
-   flags = 0;				/* turns off OPENCLOSE mode */
-   if ((code = krb5_cc_set_flags(context, incc, flags)))
-      return(code);
-   if ((code = krb5_cc_set_flags(context, outcc, flags)))
-      return(code);
+    flags = 0;                           /* turns off OPENCLOSE mode */
+    if ((code = krb5_cc_set_flags(context, incc, flags)))
+        return(code);
+    if ((code = krb5_cc_set_flags(context, outcc, flags)))
+        return(code);
 
-   if ((code = krb5_cc_start_seq_get(context, incc, &cur)))
-      goto cleanup;
+    if ((code = krb5_cc_start_seq_get(context, incc, &cur)))
+        goto cleanup;
 
-   while (!(code = krb5_cc_next_cred(context, incc, &cur, &creds))) {
-      if (krb5_principal_compare(context, princ, creds.server))
-	 continue;
+    while (!(code = krb5_cc_next_cred(context, incc, &cur, &creds))) {
+        if (krb5_principal_compare(context, princ, creds.server))
+            continue;
 
-      code = krb5_cc_store_cred(context, outcc, &creds);
-      krb5_free_cred_contents(context, &creds);
-      if (code)
-	 goto cleanup;
-   }
+        code = krb5_cc_store_cred(context, outcc, &creds);
+        krb5_free_cred_contents(context, &creds);
+        if (code)
+            goto cleanup;
+    }
 
-   if (code != KRB5_CC_END)
-      goto cleanup;
+    if (code != KRB5_CC_END)
+        goto cleanup;
 
-   code = 0;
+    code = 0;
 
 cleanup:
-   flags = KRB5_TC_OPENCLOSE;
+    flags = KRB5_TC_OPENCLOSE;
 
-   if (code)
-      krb5_cc_set_flags(context, incc, flags);
-   else
-      code = krb5_cc_set_flags(context, incc, flags);
+    if (code)
+        krb5_cc_set_flags(context, incc, flags);
+    else
+        code = krb5_cc_set_flags(context, incc, flags);
 
-   if (code)
-      krb5_cc_set_flags(context, outcc, flags);
-   else
-      code = krb5_cc_set_flags(context, outcc, flags);
+    if (code)
+        krb5_cc_set_flags(context, outcc, flags);
+    else
+        code = krb5_cc_set_flags(context, outcc, flags);
 
-   return(code);
+    return(code);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_verify_init_creds(krb5_context context,
-		       krb5_creds *creds,
-		       krb5_principal server_arg,
-		       krb5_keytab keytab_arg,
-		       krb5_ccache *ccache_arg,
-		       krb5_verify_init_creds_opt *options)
+                       krb5_creds *creds,
+                       krb5_principal server_arg,
+                       krb5_keytab keytab_arg,
+                       krb5_ccache *ccache_arg,
+                       krb5_verify_init_creds_opt *options)
 {
-   krb5_error_code ret;
-   krb5_principal server;
-   krb5_keytab keytab;
-   krb5_ccache ccache;
-   krb5_keytab_entry kte;
-   krb5_creds in_creds, *out_creds;
-   krb5_auth_context authcon;
-   krb5_data ap_req;
-   
-   /* KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN */
-
-   server = NULL;
-   keytab = NULL;
-   ccache = NULL;
-   out_creds = NULL;
-   authcon = NULL;
-   ap_req.data = NULL;
-
-   if (server_arg) {
-       ret = krb5_copy_principal(context, server_arg, &server);
-       if (ret)
-	   goto cleanup;
-   } else {
-      if ((ret = krb5_sname_to_principal(context, NULL, NULL, 
-					 KRB5_NT_SRV_HST, &server)))
-	 goto cleanup;
-   }
-      
-   /* first, check if the server is in the keytab.  If not, there's
-      no reason to continue.  rd_req does all this, but there's
-      no way to know that a given error is caused by a missing
-      keytab or key, and not by some other problem. */
-
-   if (keytab_arg) {
-      keytab = keytab_arg;
-   } else {
-     if ((ret = krb5_kt_default(context, &keytab)))
-	 goto cleanup;
-   }
-   if (krb5_is_referral_realm(&server->realm)) {
-       krb5_free_data_contents(context, &server->realm);
-       ret = krb5_get_default_realm(context, &server->realm.data);
-       if (ret) goto cleanup;
-       server->realm.length = strlen(server->realm.data);
-   }
-
-   if ((ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte))) {
-       /* this means there is no keying material.  This is ok, as long as
-	  it is not prohibited by the configuration */
-
-       int nofail;
-
-       if (options &&
-	   (options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL)) {
-	   if (options->ap_req_nofail)
-	       goto cleanup;
-       } else if (krb5_libdefault_boolean(context,
-					  &creds->client->realm,
-					  KRB5_CONF_VERIFY_AP_REQ_NOFAIL,
-					  &nofail)
-		  == 0) {
-	   if (nofail)
-	       goto cleanup;
-       }
-
-       ret = 0;
-       goto cleanup;
-   }
-
-   krb5_kt_free_entry(context, &kte);
-
-   /* If the creds are for the server principal, we're set, just do
-      a mk_req.	 Otherwise, do a get_credentials first. */
-
-   if (krb5_principal_compare(context, server, creds->server)) {
-      /* make an ap_req */
-      if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, creds,
-				      &ap_req)))
-	 goto cleanup;
-   } else {
-      /* this is unclean, but it's the easiest way without ripping the
-	 library into very small pieces.  store the client's initial cred
-	 in a memory ccache, then call the library.  Later, we'll copy
-	 everything except the initial cred into the ccache we return to
-	 the user.  A clean implementation would involve library
-	 internals with a coherent idea of "in" and "out". */
-
-      /* insert the initial cred into the ccache */
-
-      if ((ret = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache))) {
-	  ccache = NULL;
-	  goto cleanup;
-      }
-
-      if ((ret = krb5_cc_initialize(context, ccache, creds->client)))
-	 goto cleanup;
-
-      if ((ret = krb5_cc_store_cred(context, ccache, creds)))
-	 goto cleanup;
-
-      /* set up for get_creds */
-      memset(&in_creds, 0, sizeof(in_creds));
-      in_creds.client = creds->client;
-      in_creds.server = server;
-      if ((ret = krb5_timeofday(context, &in_creds.times.endtime)))
-	 goto cleanup;
-      in_creds.times.endtime += 5*60;
-
-      if ((ret = krb5_get_credentials(context, 0, ccache, &in_creds,
-				      &out_creds)))
-	 goto cleanup;
-
-      /* make an ap_req */
-      if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, out_creds,
-				      &ap_req)))
-	 goto cleanup;
-   }
-
-   /* wipe the auth context for mk_req */
-   if (authcon) {
-      krb5_auth_con_free(context, authcon);
-      authcon = NULL;
-   }
-
-   /* verify the ap_req */
-
-   if ((ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab,
-			  NULL, NULL)))
-      goto cleanup;
-
-   /* if we get this far, then the verification succeeded.  We can
-      still fail if the library stuff here fails, but that's it */
-
-   if (ccache_arg && ccache) {
-       if (*ccache_arg == NULL) {
-	   krb5_ccache retcc;
-
-	   retcc = NULL;
-
-	   if ((ret = krb5_cc_resolve(context, "MEMORY:rd_req2", &retcc)) ||
-	       (ret = krb5_cc_initialize(context, retcc, creds->client)) ||
-	       (ret = krb5_cc_copy_creds_except(context, ccache, retcc,
-						creds->server))) {
-	       if (retcc)
-		   krb5_cc_destroy(context, retcc);
-	   } else {
-	       *ccache_arg = retcc;
-	   }
-       } else {
-	   ret = krb5_cc_copy_creds_except(context, ccache, *ccache_arg,
-					   server);
-       }
-   }
-
-   /* if any of the above paths returned an errors, then ret is set
-      accordingly.  either that, or it's zero, which is fine, too */
+    krb5_error_code ret;
+    krb5_principal server;
+    krb5_keytab keytab;
+    krb5_ccache ccache;
+    krb5_keytab_entry kte;
+    krb5_creds in_creds, *out_creds;
+    krb5_auth_context authcon;
+    krb5_data ap_req;
+
+    /* KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN */
+
+    server = NULL;
+    keytab = NULL;
+    ccache = NULL;
+    out_creds = NULL;
+    authcon = NULL;
+    ap_req.data = NULL;
+
+    if (server_arg) {
+        ret = krb5_copy_principal(context, server_arg, &server);
+        if (ret)
+            goto cleanup;
+    } else {
+        if ((ret = krb5_sname_to_principal(context, NULL, NULL,
+                                           KRB5_NT_SRV_HST, &server)))
+            goto cleanup;
+    }
+
+    /* first, check if the server is in the keytab.  If not, there's
+       no reason to continue.  rd_req does all this, but there's
+       no way to know that a given error is caused by a missing
+       keytab or key, and not by some other problem. */
+
+    if (keytab_arg) {
+        keytab = keytab_arg;
+    } else {
+        if ((ret = krb5_kt_default(context, &keytab)))
+            goto cleanup;
+    }
+    if (krb5_is_referral_realm(&server->realm)) {
+        krb5_free_data_contents(context, &server->realm);
+        ret = krb5_get_default_realm(context, &server->realm.data);
+        if (ret) goto cleanup;
+        server->realm.length = strlen(server->realm.data);
+    }
+
+    if ((ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte))) {
+        /* this means there is no keying material.  This is ok, as long as
+           it is not prohibited by the configuration */
+
+        int nofail;
+
+        if (options &&
+            (options->flags & KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL)) {
+            if (options->ap_req_nofail)
+                goto cleanup;
+        } else if (krb5_libdefault_boolean(context,
+                                           &creds->client->realm,
+                                           KRB5_CONF_VERIFY_AP_REQ_NOFAIL,
+                                           &nofail)
+                   == 0) {
+            if (nofail)
+                goto cleanup;
+        }
+
+        ret = 0;
+        goto cleanup;
+    }
+
+    krb5_kt_free_entry(context, &kte);
+
+    /* If the creds are for the server principal, we're set, just do
+       a mk_req.  Otherwise, do a get_credentials first. */
+
+    if (krb5_principal_compare(context, server, creds->server)) {
+        /* make an ap_req */
+        if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, creds,
+                                        &ap_req)))
+            goto cleanup;
+    } else {
+        /* this is unclean, but it's the easiest way without ripping the
+           library into very small pieces.  store the client's initial cred
+           in a memory ccache, then call the library.  Later, we'll copy
+           everything except the initial cred into the ccache we return to
+           the user.  A clean implementation would involve library
+           internals with a coherent idea of "in" and "out". */
+
+        /* insert the initial cred into the ccache */
+
+        if ((ret = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache))) {
+            ccache = NULL;
+            goto cleanup;
+        }
+
+        if ((ret = krb5_cc_initialize(context, ccache, creds->client)))
+            goto cleanup;
+
+        if ((ret = krb5_cc_store_cred(context, ccache, creds)))
+            goto cleanup;
+
+        /* set up for get_creds */
+        memset(&in_creds, 0, sizeof(in_creds));
+        in_creds.client = creds->client;
+        in_creds.server = server;
+        if ((ret = krb5_timeofday(context, &in_creds.times.endtime)))
+            goto cleanup;
+        in_creds.times.endtime += 5*60;
+
+        if ((ret = krb5_get_credentials(context, 0, ccache, &in_creds,
+                                        &out_creds)))
+            goto cleanup;
+
+        /* make an ap_req */
+        if ((ret = krb5_mk_req_extended(context, &authcon, 0, NULL, out_creds,
+                                        &ap_req)))
+            goto cleanup;
+    }
+
+    /* wipe the auth context for mk_req */
+    if (authcon) {
+        krb5_auth_con_free(context, authcon);
+        authcon = NULL;
+    }
+
+    /* verify the ap_req */
+
+    if ((ret = krb5_rd_req(context, &authcon, &ap_req, server, keytab,
+                           NULL, NULL)))
+        goto cleanup;
+
+    /* if we get this far, then the verification succeeded.  We can
+       still fail if the library stuff here fails, but that's it */
+
+    if (ccache_arg && ccache) {
+        if (*ccache_arg == NULL) {
+            krb5_ccache retcc;
+
+            retcc = NULL;
+
+            if ((ret = krb5_cc_resolve(context, "MEMORY:rd_req2", &retcc)) ||
+                (ret = krb5_cc_initialize(context, retcc, creds->client)) ||
+                (ret = krb5_cc_copy_creds_except(context, ccache, retcc,
+                                                 creds->server))) {
+                if (retcc)
+                    krb5_cc_destroy(context, retcc);
+            } else {
+                *ccache_arg = retcc;
+            }
+        } else {
+            ret = krb5_cc_copy_creds_except(context, ccache, *ccache_arg,
+                                            server);
+        }
+    }
+
+    /* if any of the above paths returned an errors, then ret is set
+       accordingly.  either that, or it's zero, which is fine, too */
 
 cleanup:
-   if ( server)
-      krb5_free_principal(context, server);
-   if (!keytab_arg && keytab)
-      krb5_kt_close(context, keytab);
-   if (ccache)
-      krb5_cc_destroy(context, ccache);
-   if (out_creds)
-      krb5_free_creds(context, out_creds);
-   if (authcon)
-      krb5_auth_con_free(context, authcon);
-   if (ap_req.data)
-      free(ap_req.data);
-
-   return(ret);
+    if ( server)
+        krb5_free_principal(context, server);
+    if (!keytab_arg && keytab)
+        krb5_kt_close(context, keytab);
+    if (ccache)
+        krb5_cc_destroy(context, ccache);
+    if (out_creds)
+        krb5_free_creds(context, out_creds);
+    if (authcon)
+        krb5_auth_con_free(context, authcon);
+    if (ap_req.data)
+        free(ap_req.data);
+
+    return(ret);
 }
diff --git a/src/lib/krb5/krb/vic_opt.c b/src/lib/krb5/krb/vic_opt.c
index acdf49406..dfe21e056 100644
--- a/src/lib/krb5/krb/vic_opt.c
+++ b/src/lib/krb5/krb/vic_opt.c
@@ -1,14 +1,15 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 
 void KRB5_CALLCONV
 krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt *opt)
 {
-   opt->flags = 0;
+    opt->flags = 0;
 }
 
 void KRB5_CALLCONV
 krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *opt, int ap_req_nofail)
 {
-   opt->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
-   opt->ap_req_nofail = ap_req_nofail;
+    opt->flags |= KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL;
+    opt->ap_req_nofail = ap_req_nofail;
 }
diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c
index a22f5864a..d1be2270f 100644
--- a/src/lib/krb5/krb/walk_rtree.c
+++ b/src/lib/krb5/krb/walk_rtree.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/krb/walk_rtree.c
  *
@@ -107,19 +108,19 @@ krb5_walk_realm_tree(
     char **capvals;
 
     if (client->data == NULL || server->data == NULL)
-	return KRB5_NO_TKT_IN_RLM;
+        return KRB5_NO_TKT_IN_RLM;
 
     if (client->length == server->length &&
-	memcmp(client->data, server->data, server->length) == 0) {
-	return KRB5_NO_TKT_IN_RLM;
+        memcmp(client->data, server->data, server->length) == 0) {
+        return KRB5_NO_TKT_IN_RLM;
     }
     retval = rtree_capath_vals(context, client, server, &capvals);
     if (retval)
-	return retval;
+        return retval;
 
     if (capvals != NULL) {
-	retval = rtree_capath_tree(context, client, server, capvals, tree);
-	return retval;
+        retval = rtree_capath_tree(context, client, server, capvals, tree);
+        return retval;
     }
 
     retval = rtree_hier_tree(context, client, server, tree, realm_sep);
@@ -148,24 +149,24 @@ krb5_walk_realm_tree(
  *
  * [capaths]
  * ANL.GOV = {
- *		NERSC.GOV = ES.NET
- *		PNL.GOV = ES.NET
- *		ES.NET = .
- *		HAL.COM = K5.MOON
- *		HAL.COM = K5.JUPITER
+ *              NERSC.GOV = ES.NET
+ *              PNL.GOV = ES.NET
+ *              ES.NET = .
+ *              HAL.COM = K5.MOON
+ *              HAL.COM = K5.JUPITER
  * }
  * NERSC.GOV = {
- *		ANL.GOV = ES.NET
+ *              ANL.GOV = ES.NET
  * }
  * PNL.GOV = {
- *		ANL.GOV = ES.NET
+ *              ANL.GOV = ES.NET
  * }
  * ES.NET = {
- *		ANL.GOV = .
+ *              ANL.GOV = .
  * }
  * HAL.COM = {
- *		ANL.GOV = K5.JUPITER
- *		ANL.GOV = K5.MOON
+ *              ANL.GOV = K5.JUPITER
+ *              ANL.GOV = K5.MOON
  * }
  *
  * In the above a "." is used to mean directly connected since the
@@ -202,20 +203,20 @@ rtree_capath_tree(
     *rettree = NULL;
     tree = pprinc = NULL;
     for (nvals = 0; vals[nvals] != NULL; nvals++)
-	;
+        ;
     if (vals[0] != NULL && *vals[0] == '.') {
-	nlinks = 0;
+        nlinks = 0;
     } else {
-	nlinks = nvals;
+        nlinks = nvals;
     }
     nprincs = nlinks + 2;
     tree = calloc(nprincs + 1, sizeof(krb5_principal));
     if (tree == NULL) {
-	retval = ENOMEM;
-	goto error;
+        retval = ENOMEM;
+        goto error;
     }
     for (i = 0; i < nprincs + 1; i++)
-	tree[i] = NULL;
+        tree[i] = NULL;
     /* Invariant: PPRINC points one past end of list. */
     pprinc = &tree[0];
     /* Local TGS name */
@@ -223,11 +224,11 @@ rtree_capath_tree(
     if (retval) goto error;
     srcrealm = *client;
     for (i = 0; i < nlinks; i++) {
-	dstrealm.data = vals[i];
-	dstrealm.length = strcspn(vals[i], "\t ");
-	retval = krb5_tgtname(context, &dstrealm, &srcrealm, pprinc++);
-	if (retval) goto error;
-	srcrealm = dstrealm;
+        dstrealm.data = vals[i];
+        dstrealm.length = strcspn(vals[i], "\t ");
+        retval = krb5_tgtname(context, &dstrealm, &srcrealm, pprinc++);
+        if (retval) goto error;
+        srcrealm = dstrealm;
     }
     retval = krb5_tgtname(context, server, &srcrealm, pprinc++);
     if (retval) goto error;
@@ -236,12 +237,12 @@ rtree_capath_tree(
 error:
     profile_free_list(vals);
     if (retval) {
-	while (pprinc != NULL && pprinc > &tree[0]) {
-	    /* krb5_free_principal() correctly handles null input */
-	    krb5_free_principal(context, *--pprinc);
-	    *pprinc = NULL;
-	}
-	free(tree);
+        while (pprinc != NULL && pprinc > &tree[0]) {
+            /* krb5_free_principal() correctly handles null input */
+            krb5_free_principal(context, *--pprinc);
+            *pprinc = NULL;
+        }
+        free(tree);
     }
     return retval;
 }
@@ -267,15 +268,15 @@ rtree_capath_vals(
 
     clientz = calloc(client->length + 1, 1);
     if (clientz == NULL) {
-	retval = ENOMEM;
-	goto error;
+        retval = ENOMEM;
+        goto error;
     }
     memcpy(clientz, client->data, client->length);
 
     serverz = calloc(server->length + 1, 1);
     if (serverz == NULL) {
-	retval = ENOMEM;
-	goto error;
+        retval = ENOMEM;
+        goto error;
     }
     memcpy(serverz, server->data, server->length);
 
@@ -287,13 +288,13 @@ rtree_capath_vals(
     switch (retval) {
     case PROF_NO_SECTION:
     case PROF_NO_RELATION:
-	/*
-	 * Not found; don't return an error.
-	 */
-	retval = 0;
-	break;
+        /*
+         * Not found; don't return an error.
+         */
+        retval = 0;
+        break;
     default:
-	break;
+        break;
     }
 error:
     free(clientz);
@@ -320,31 +321,31 @@ rtree_hier_tree(
 
     *rettree = NULL;
     retval = rtree_hier_realms(context, client, server,
-			       &realms, &nrealms, sep);
+                               &realms, &nrealms, sep);
     if (retval)
-	return retval;
+        return retval;
     nprincs = nrealms;
     pprinc = tree = calloc(nprincs + 1, sizeof(krb5_principal));
     if (tree == NULL) {
-	retval = ENOMEM;
-	goto error;
+        retval = ENOMEM;
+        goto error;
     }
     for (i = 0; i < nrealms; i++)
-	tree[i] = NULL;
+        tree[i] = NULL;
     srcrealm = client;
     for (i = 0; i < nrealms; i++) {
-	dstrealm = &realms[i];
-	retval = krb5_tgtname(context, dstrealm, srcrealm, pprinc++);
-	if (retval) goto error;
-	srcrealm = dstrealm;
+        dstrealm = &realms[i];
+        retval = krb5_tgtname(context, dstrealm, srcrealm, pprinc++);
+        if (retval) goto error;
+        srcrealm = dstrealm;
     }
     *rettree = tree;
     free_realmlist(context, realms, nrealms);
     return 0;
 error:
     while (pprinc != NULL && pprinc > tree) {
-	krb5_free_principal(context, *--pprinc);
-	*pprinc = NULL;
+        krb5_free_principal(context, *--pprinc);
+        *pprinc = NULL;
     }
     free_realmlist(context, realms, nrealms);
     free(tree);
@@ -389,27 +390,27 @@ rtree_hier_realms(
 
     rp = r = calloc(nctween + nstween, sizeof(krb5_data));
     if (r == NULL) {
-	retval = ENOMEM;
-	goto error;
+        retval = ENOMEM;
+        goto error;
     }
     /* Copy client realm "tweens" forward. */
     for (twp = ctweens; twp < &ctweens[nctween]; twp++) {
-	retval = krb5int_copy_data_contents(context, twp, rp);
-	if (retval) goto error;
-	rp++;
+        retval = krb5int_copy_data_contents(context, twp, rp);
+        if (retval) goto error;
+        rp++;
     }
     /* Copy server realm "tweens" backward. */
     for (twp = &stweens[nstween]; twp-- > stweens;) {
-	retval = krb5int_copy_data_contents(context, twp, rp);
-	if (retval) goto error;
-	rp++;
+        retval = krb5int_copy_data_contents(context, twp, rp);
+        if (retval) goto error;
+        rp++;
     }
 error:
     free(ctweens);
     free(stweens);
     if (retval) {
-	free_realmlist(context, r, rp - r);
-	return retval;
+        free_realmlist(context, r, rp - r);
+        return retval;
     }
     *realms = r;
     *nrealms = rp - r;
@@ -425,7 +426,7 @@ free_realmlist(
     size_t i;
 
     for (i = 0; i < nrealms; i++)
-	krb5_free_data_contents(context, &realms[i]);
+        krb5_free_data_contents(context, &realms[i]);
     free(realms);
 }
 
@@ -457,22 +458,22 @@ rtree_hier_tweens(
     *ntweens = n = 0;
 
     for (lp = p = r; p < &r[rlen]; p++) {
-	if (*p != sep && &p[1] != &r[rlen])
-	    continue;
-	if (lp == rtail && !dotail)
-	    break;
-	ntws = realloc(tws, (n + 1) * sizeof(krb5_data));
-	if (ntws == NULL) {
-	    free(tws);
-	    return ENOMEM;
-	}
-	tws = ntws;
-	tws[n].data = lp;
-	tws[n].length = &r[rlen] - lp;
-	n++;
-	if (lp == rtail)
-	    break;
-	lp = &p[1];
+        if (*p != sep && &p[1] != &r[rlen])
+            continue;
+        if (lp == rtail && !dotail)
+            break;
+        ntws = realloc(tws, (n + 1) * sizeof(krb5_data));
+        if (ntws == NULL) {
+            free(tws);
+            return ENOMEM;
+        }
+        tws = ntws;
+        tws[n].data = lp;
+        tws[n].length = &r[rlen] - lp;
+        n++;
+        if (lp == rtail)
+            break;
+        lp = &p[1];
     }
     *tweens = tws;
     *ntweens = n;
@@ -493,7 +494,7 @@ adjtail(struct hstate *c, struct hstate *s, int sep)
     cp = c->tail;
     sp = s->tail;
     if (cp == NULL || sp == NULL)
-	return;
+        return;
     /*
      * Is it a full component?  Yes, if it's the beginning of the
      * string or there's a separator to the left.
@@ -507,18 +508,18 @@ adjtail(struct hstate *c, struct hstate *s, int sep)
      * If they're both full components, we're done.
      */
     if (cfull && sfull) {
-	return;
+        return;
     } else if (c->dot != NULL && s->dot != NULL) {
-	cp = c->dot + 1;
-	sp = s->dot + 1;
-	/*
-	 * Out of bounds? Can only happen if there are trailing dots.
-	 */
-	if (cp >= &c->str[c->len] || sp >= &s->str[s->len]) {
-	    cp = sp = NULL;
-	}
+        cp = c->dot + 1;
+        sp = s->dot + 1;
+        /*
+         * Out of bounds? Can only happen if there are trailing dots.
+         */
+        if (cp >= &c->str[c->len] || sp >= &s->str[s->len]) {
+            cp = sp = NULL;
+        }
     } else {
-	cp = sp = NULL;
+        cp = sp = NULL;
     }
     c->tail = cp;
     s->tail = sp;
@@ -538,7 +539,7 @@ comtail(struct hstate *c, struct hstate *s, int sep)
     char *cp, *sp, *cdot, *sdot;
 
     if (c->len == 0 || s->len == 0)
-	return;
+        return;
 
     cdot = sdot = NULL;
     /*
@@ -553,26 +554,26 @@ comtail(struct hstate *c, struct hstate *s, int sep)
      * style realm), keep pointers to the latest pair.
      */
     while (cp > c->str && sp > s->str) {
-	if (*--cp != *--sp) {
-	    /*
-	     * Didn't match, so most recent match is one byte to the
-	     * right (or not at all).
-	     */
-	    cp++;
-	    sp++;
-	    break;
-	}
-	/*
-	 * Keep track of matching dots.
-	 */
-	if (*cp == sep) {
-	    cdot = cp;
-	    sdot = sp;
-	}
+        if (*--cp != *--sp) {
+            /*
+             * Didn't match, so most recent match is one byte to the
+             * right (or not at all).
+             */
+            cp++;
+            sp++;
+            break;
+        }
+        /*
+         * Keep track of matching dots.
+         */
+        if (*cp == sep) {
+            cdot = cp;
+            sdot = sp;
+        }
     }
     /* No match found at all. */
     if (cp == &c->str[c->len])
-	return;
+        return;
     c->tail = cp;
     s->tail = sp;
     c->dot = cdot;
diff --git a/src/lib/krb5/krb5_libinit.c b/src/lib/krb5/krb5_libinit.c
index c154da81b..1948b7268 100644
--- a/src/lib/krb5/krb5_libinit.c
+++ b/src/lib/krb5/krb5_libinit.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <assert.h>
 
 #include "autoconf.h"
@@ -41,18 +42,18 @@ int krb5int_lib_init(void)
 
     err = krb5int_rc_finish_init();
     if (err)
-	return err;
+        return err;
 #ifndef LEAN_CLIENT
     err = krb5int_kt_initialize();
     if (err)
-	return err;
+        return err;
 #endif /* LEAN_CLIENT */
     err = krb5int_cc_initialize();
     if (err)
-	return err;
+        return err;
     err = k5_mutex_finish_init(&krb5int_us_time_mutex);
     if (err)
-	return err;
+        return err;
 
     return 0;
 }
@@ -71,9 +72,9 @@ void krb5int_lib_fini(void)
 {
     if (!INITIALIZER_RAN(krb5int_lib_init) || PROGRAM_EXITING()) {
 #ifdef SHOW_INITFINI_FUNCS
-	printf("krb5int_lib_fini: skipping\n");
+        printf("krb5int_lib_fini: skipping\n");
 #endif
-	return;
+        return;
     }
 
 #ifdef SHOW_INITFINI_FUNCS
diff --git a/src/lib/krb5/krb5_libinit.h b/src/lib/krb5/krb5_libinit.h
index 11d7248fe..ff8e5d6fd 100644
--- a/src/lib/krb5/krb5_libinit.h
+++ b/src/lib/krb5/krb5_libinit.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef KRB5_LIBINIT_H
 #define KRB5_LIBINIT_H
 
diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c
index a051736b5..20fb30d20 100644
--- a/src/lib/krb5/os/accessor.c
+++ b/src/lib/krb5/os/accessor.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/accessor.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,19 +23,19 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
-*/
+ *
+ */
 
 #include "k5-int.h"
 #include "os-proto.h"
 
 /* If this trick gets used elsewhere, move it to k5-platform.h.  */
 #ifndef DESIGNATED_INITIALIZERS
-#define DESIGNATED_INITIALIZERS				\
-  /* ANSI/ISO C 1999 supports this...  */		\
-  (__STDC_VERSION__ >= 199901L				\
-   /* ...as does GCC, since version 2.something.  */	\
-   || (!defined __cplusplus && __GNUC__ >= 3))
+#define DESIGNATED_INITIALIZERS                         \
+    /* ANSI/ISO C 1999 supports this...  */             \
+    (__STDC_VERSION__ >= 199901L                        \
+     /* ...as does GCC, since version 2.something.  */  \
+     || (!defined __cplusplus && __GNUC__ >= 3))
 #endif
 
 krb5_error_code KRB5_CALLCONV
@@ -44,105 +45,105 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version)
 #if DESIGNATED_INITIALIZERS
 #define S(FIELD, VAL)   .FIELD = VAL
 #if defined __GNUC__ && __STDC_VERSION__ < 199901L
-	__extension__
+        __extension__
 #endif
-	static const krb5int_access internals_temp = {
+            static const krb5int_access internals_temp = {
 #else
 #define S(FIELD, VAL)   internals_temp.FIELD = VAL
-	    krb5int_access internals_temp;
+            krb5int_access internals_temp;
 #endif
-	    S (free_addrlist, krb5int_free_addrlist),
-	    S (hmac, krb5int_hmac_keyblock),
-	    S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
-	    S (md5_hash_provider, &krb5int_hash_md5),
-	    S (arcfour_enc_provider, &krb5int_enc_arcfour),
-	    S (sendto_udp, &krb5int_sendto),
-	    S (add_host_to_list, krb5int_add_host_to_list),
+            S (free_addrlist, krb5int_free_addrlist),
+            S (hmac, krb5int_hmac_keyblock),
+            S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
+            S (md5_hash_provider, &krb5int_hash_md5),
+            S (arcfour_enc_provider, &krb5int_enc_arcfour),
+            S (sendto_udp, &krb5int_sendto),
+            S (add_host_to_list, krb5int_add_host_to_list),
 
 #ifdef KRB5_DNS_LOOKUP
-#define SC(FIELD, VAL)	S(FIELD, VAL)
+#define SC(FIELD, VAL)  S(FIELD, VAL)
 #else /* disable */
-#define SC(FIELD, VAL)	S(FIELD, 0)
+#define SC(FIELD, VAL)  S(FIELD, 0)
 #endif
-	    SC (make_srv_query_realm, krb5int_make_srv_query_realm),
-	    SC (free_srv_dns_data, krb5int_free_srv_dns_data),
-	    SC (use_dns_kdc, _krb5_use_dns_kdc),
+            SC (make_srv_query_realm, krb5int_make_srv_query_realm),
+            SC (free_srv_dns_data, krb5int_free_srv_dns_data),
+            SC (use_dns_kdc, _krb5_use_dns_kdc),
 #undef SC
-	    S (clean_hostname, krb5int_clean_hostname),
+            S (clean_hostname, krb5int_clean_hostname),
 
-	    S (mandatory_cksumtype, krb5int_c_mandatory_cksumtype),
+            S (mandatory_cksumtype, krb5int_c_mandatory_cksumtype),
 #ifndef LEAN_CLIENT
-#define SC(FIELD, VAL)	S(FIELD, VAL)
+#define SC(FIELD, VAL)  S(FIELD, VAL)
 #else /* disable */
-#define SC(FIELD, VAL)	S(FIELD, 0)
+#define SC(FIELD, VAL)  S(FIELD, 0)
 #endif
-	    SC (ser_pack_int64, krb5_ser_pack_int64),
-	    SC (ser_unpack_int64, krb5_ser_unpack_int64),
+            SC (ser_pack_int64, krb5_ser_pack_int64),
+            SC (ser_unpack_int64, krb5_ser_unpack_int64),
 #undef SC
 
 #ifdef ENABLE_LDAP
-#define SC(FIELD, VAL)	S(FIELD, VAL)
+#define SC(FIELD, VAL)  S(FIELD, VAL)
 #else
-#define SC(FIELD, VAL)	S(FIELD, 0)
+#define SC(FIELD, VAL)  S(FIELD, 0)
 #endif
-	    SC (asn1_ldap_encode_sequence_of_keys, krb5int_ldap_encode_sequence_of_keys),
-	    SC (asn1_ldap_decode_sequence_of_keys, krb5int_ldap_decode_sequence_of_keys),
+            SC (asn1_ldap_encode_sequence_of_keys, krb5int_ldap_encode_sequence_of_keys),
+            SC (asn1_ldap_decode_sequence_of_keys, krb5int_ldap_decode_sequence_of_keys),
 #undef SC
 
 #ifndef DISABLE_PKINIT
-#define SC(FIELD, VAL)	S(FIELD, VAL)
+#define SC(FIELD, VAL)  S(FIELD, VAL)
 #else /* disable */
-#define SC(FIELD, VAL)	S(FIELD, 0)
+#define SC(FIELD, VAL)  S(FIELD, 0)
 #endif
-	    SC (encode_krb5_pa_pk_as_req, encode_krb5_pa_pk_as_req),
-	    SC (encode_krb5_pa_pk_as_req_draft9, encode_krb5_pa_pk_as_req_draft9),
+            SC (encode_krb5_pa_pk_as_req, encode_krb5_pa_pk_as_req),
+            SC (encode_krb5_pa_pk_as_req_draft9, encode_krb5_pa_pk_as_req_draft9),
             SC (encode_krb5_pa_pk_as_rep, encode_krb5_pa_pk_as_rep),
-	    SC (encode_krb5_pa_pk_as_rep_draft9, encode_krb5_pa_pk_as_rep_draft9),
-	    SC (encode_krb5_auth_pack, encode_krb5_auth_pack),
-	    SC (encode_krb5_auth_pack_draft9, encode_krb5_auth_pack_draft9),
-	    SC (encode_krb5_kdc_dh_key_info, encode_krb5_kdc_dh_key_info),
-	    SC (encode_krb5_reply_key_pack, encode_krb5_reply_key_pack),
-	    SC (encode_krb5_reply_key_pack_draft9, encode_krb5_reply_key_pack_draft9),
-	    SC (encode_krb5_typed_data, encode_krb5_typed_data),
-	    SC (encode_krb5_td_trusted_certifiers, encode_krb5_td_trusted_certifiers),
-	    SC (encode_krb5_td_dh_parameters, encode_krb5_td_dh_parameters),
-	    SC (decode_krb5_pa_pk_as_req, decode_krb5_pa_pk_as_req),
-	    SC (decode_krb5_pa_pk_as_req_draft9, decode_krb5_pa_pk_as_req_draft9),
-	    SC (decode_krb5_pa_pk_as_rep, decode_krb5_pa_pk_as_rep),
-	    SC (decode_krb5_pa_pk_as_rep_draft9, decode_krb5_pa_pk_as_rep_draft9),
-	    SC (decode_krb5_auth_pack, decode_krb5_auth_pack),
-	    SC (decode_krb5_auth_pack_draft9, decode_krb5_auth_pack_draft9),
-	    SC (decode_krb5_kdc_dh_key_info, decode_krb5_kdc_dh_key_info),
-	    SC (decode_krb5_principal_name, decode_krb5_principal_name),
-	    SC (decode_krb5_reply_key_pack, decode_krb5_reply_key_pack),
-	    SC (decode_krb5_reply_key_pack_draft9, decode_krb5_reply_key_pack_draft9),
-	    SC (decode_krb5_typed_data, decode_krb5_typed_data),
-	    SC (decode_krb5_td_trusted_certifiers, decode_krb5_td_trusted_certifiers),
-	    SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters),
-	    SC (decode_krb5_as_req, decode_krb5_as_req),
-	    SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body),
-	    SC (free_kdc_req, krb5_free_kdc_req),
-	    SC (set_prompt_types, krb5int_set_prompt_types),
-	    SC (encode_krb5_authdata_elt, encode_krb5_authdata_elt),
+            SC (encode_krb5_pa_pk_as_rep_draft9, encode_krb5_pa_pk_as_rep_draft9),
+            SC (encode_krb5_auth_pack, encode_krb5_auth_pack),
+            SC (encode_krb5_auth_pack_draft9, encode_krb5_auth_pack_draft9),
+            SC (encode_krb5_kdc_dh_key_info, encode_krb5_kdc_dh_key_info),
+            SC (encode_krb5_reply_key_pack, encode_krb5_reply_key_pack),
+            SC (encode_krb5_reply_key_pack_draft9, encode_krb5_reply_key_pack_draft9),
+            SC (encode_krb5_typed_data, encode_krb5_typed_data),
+            SC (encode_krb5_td_trusted_certifiers, encode_krb5_td_trusted_certifiers),
+            SC (encode_krb5_td_dh_parameters, encode_krb5_td_dh_parameters),
+            SC (decode_krb5_pa_pk_as_req, decode_krb5_pa_pk_as_req),
+            SC (decode_krb5_pa_pk_as_req_draft9, decode_krb5_pa_pk_as_req_draft9),
+            SC (decode_krb5_pa_pk_as_rep, decode_krb5_pa_pk_as_rep),
+            SC (decode_krb5_pa_pk_as_rep_draft9, decode_krb5_pa_pk_as_rep_draft9),
+            SC (decode_krb5_auth_pack, decode_krb5_auth_pack),
+            SC (decode_krb5_auth_pack_draft9, decode_krb5_auth_pack_draft9),
+            SC (decode_krb5_kdc_dh_key_info, decode_krb5_kdc_dh_key_info),
+            SC (decode_krb5_principal_name, decode_krb5_principal_name),
+            SC (decode_krb5_reply_key_pack, decode_krb5_reply_key_pack),
+            SC (decode_krb5_reply_key_pack_draft9, decode_krb5_reply_key_pack_draft9),
+            SC (decode_krb5_typed_data, decode_krb5_typed_data),
+            SC (decode_krb5_td_trusted_certifiers, decode_krb5_td_trusted_certifiers),
+            SC (decode_krb5_td_dh_parameters, decode_krb5_td_dh_parameters),
+            SC (decode_krb5_as_req, decode_krb5_as_req),
+            SC (encode_krb5_kdc_req_body, encode_krb5_kdc_req_body),
+            SC (free_kdc_req, krb5_free_kdc_req),
+            SC (set_prompt_types, krb5int_set_prompt_types),
+            SC (encode_krb5_authdata_elt, encode_krb5_authdata_elt),
 #undef SC
 
-	    S (encode_krb5_sam_response_2, encode_krb5_sam_response_2),
-	    S (encode_krb5_enc_sam_response_enc_2, encode_krb5_enc_sam_response_enc_2),
-	    S (encode_enc_ts, encode_krb5_pa_enc_ts),
-	    S (decode_enc_ts, decode_krb5_pa_enc_ts),
-	    S (encode_enc_data, encode_krb5_enc_data),
-	    S(decode_enc_data, decode_krb5_enc_data),
-	    S(free_enc_ts, krb5_free_pa_enc_ts),
-	    S(free_enc_data, krb5_free_enc_data),
-	    S(encrypt_helper, krb5_encrypt_helper),
+            S (encode_krb5_sam_response_2, encode_krb5_sam_response_2),
+            S (encode_krb5_enc_sam_response_enc_2, encode_krb5_enc_sam_response_enc_2),
+            S (encode_enc_ts, encode_krb5_pa_enc_ts),
+            S (decode_enc_ts, decode_krb5_pa_enc_ts),
+            S (encode_enc_data, encode_krb5_enc_data),
+            S(decode_enc_data, decode_krb5_enc_data),
+            S(free_enc_ts, krb5_free_pa_enc_ts),
+            S(free_enc_data, krb5_free_enc_data),
+            S(encrypt_helper, krb5_encrypt_helper),
 
 #if DESIGNATED_INITIALIZERS
-	};
+        };
 #else
-	0;
+        0;
 #endif
-	*internals = internals_temp;
-	return 0;
+        *internals = internals_temp;
+        return 0;
     }
     return KRB5_OBSOLETE_FN;
 }
diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c
index 731b76b84..b5ec3a60c 100644
--- a/src/lib/krb5/os/an_to_ln.c
+++ b/src/lib/krb5/os/an_to_ln.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/an_to_ln.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_aname_to_localname()
  */
@@ -35,29 +36,29 @@
 
 #include "k5-int.h"
 #include <ctype.h>
-#if	HAVE_REGEX_H
+#if     HAVE_REGEX_H
 #include <regex.h>
-#endif	/* HAVE_REGEX_H */
+#endif  /* HAVE_REGEX_H */
 #include <string.h>
 /*
  * Use compile(3) if no regcomp present.
  */
-#if	!defined(HAVE_REGCOMP) && defined(HAVE_REGEXPR_H) && defined(HAVE_COMPILE)
-#define	RE_BUF_SIZE	1024
+#if     !defined(HAVE_REGCOMP) && defined(HAVE_REGEXPR_H) && defined(HAVE_COMPILE)
+#define RE_BUF_SIZE     1024
 #include <regexpr.h>
-#endif	/* !HAVE_REGCOMP && HAVE_REGEXP_H && HAVE_COMPILE */
+#endif  /* !HAVE_REGCOMP && HAVE_REGEXP_H && HAVE_COMPILE */
 
-#define	MAX_FORMAT_BUFFER	((size_t)1024)
-#ifndef	min
-#define	min(a,b)	((a>b) ? b : a)
-#endif	/* min */
+#define MAX_FORMAT_BUFFER       ((size_t)1024)
+#ifndef min
+#define min(a,b)        ((a>b) ? b : a)
+#endif  /* min */
 #ifdef ANAME_DB
 /*
  * Use standard DBM code.
  */
-#define	KDBM_OPEN(db, fl, mo)	dbm_open(db, fl, mo)
-#define	KDBM_CLOSE(db)		dbm_close(db)
-#define	KDBM_FETCH(db, key)	dbm_fetch(db, key)
+#define KDBM_OPEN(db, fl, mo)   dbm_open(db, fl, mo)
+#define KDBM_CLOSE(db)          dbm_close(db)
+#define KDBM_FETCH(db, key)     dbm_fetch(db, key)
 #endif /*ANAME_DB*/
 
 /*
@@ -66,21 +67,21 @@
 static char *
 aname_full_to_mapping_name(char *fprincname)
 {
-    char	*atp;
-    size_t	mlen;
-    char	*mname;
+    char        *atp;
+    size_t      mlen;
+    char        *mname;
 
     mname = (char *) NULL;
     if (fprincname) {
-	atp = strrchr(fprincname, '@');
-	if (!atp)
-	    atp = &fprincname[strlen(fprincname)];
-	mlen = (size_t) (atp - fprincname);
-	
-	if ((mname = (char *) malloc(mlen+1))) {
-	    strncpy(mname, fprincname, mlen);
-	    mname[mlen] = '\0';
-	}
+        atp = strrchr(fprincname, '@');
+        if (!atp)
+            atp = &fprincname[strlen(fprincname)];
+        mlen = (size_t) (atp - fprincname);
+
+        if ((mname = (char *) malloc(mlen+1))) {
+            strncpy(mname, fprincname, mlen);
+            mname[mlen] = '\0';
+        }
     }
     return(mname);
 }
@@ -108,15 +109,15 @@ db_an_to_ln(context, dbname, aname, lnsize, lname)
     char *princ_name;
 
     if ((retval = krb5_unparse_name(context, aname, &princ_name)))
-	return(retval);
+        return(retval);
     key.dptr = princ_name;
-    key.dsize = strlen(princ_name)+1;	/* need to store the NULL for
-					   decoding */
+    key.dsize = strlen(princ_name)+1;   /* need to store the NULL for
+                                           decoding */
 
     db = KDBM_OPEN(dbname, O_RDONLY, 0600);
     if (!db) {
-	free(princ_name);
-	return KRB5_LNAME_CANTOPEN;
+        free(princ_name);
+        return KRB5_LNAME_CANTOPEN;
     }
 
     contents = KDBM_FETCH(db, key);
@@ -124,30 +125,30 @@ db_an_to_ln(context, dbname, aname, lnsize, lname)
     free(princ_name);
 
     if (contents.dptr == NULL) {
-	retval = KRB5_LNAME_NOTRANS;
+        retval = KRB5_LNAME_NOTRANS;
     } else {
-	strncpy(lname, contents.dptr, lnsize);
-	if (lnsize < contents.dsize)
-	    retval = KRB5_CONFIG_NOTENUFSPACE;
-	else if (lname[contents.dsize-1] != '\0')
-	    retval = KRB5_LNAME_BADFORMAT;
-	else
-	    retval = 0;
+        strncpy(lname, contents.dptr, lnsize);
+        if (lnsize < contents.dsize)
+            retval = KRB5_CONFIG_NOTENUFSPACE;
+        else if (lname[contents.dsize-1] != '\0')
+            retval = KRB5_LNAME_BADFORMAT;
+        else
+            retval = 0;
     }
     /* can't close until we copy the contents. */
     (void) KDBM_CLOSE(db);
     return retval;
-#else	/* !_WIN32 && !MACINTOSH */
+#else   /* !_WIN32 && !MACINTOSH */
     /*
      * If we don't have support for a database mechanism, then we can't
      * translate this now, can we?
      */
     return KRB5_LNAME_NOTRANS;
-#endif	/* !_WIN32 && !MACINTOSH */
+#endif  /* !_WIN32 && !MACINTOSH */
 }
 #endif /*ANAME_DB*/
 
-#ifdef	AN_TO_LN_RULES
+#ifdef  AN_TO_LN_RULES
 /*
  * Format and transform a principal name to a local name.  This is particularly
  * useful when Kerberos principals and local user names are formatted to
@@ -157,31 +158,31 @@ db_an_to_ln(context, dbname, aname, lnsize, lname)
  * First part - formulate the string to perform operations on:  If not present
  * then the string defaults to the fully flattened principal minus the realm
  * name.  Otherwise the syntax is as follows:
- *	"[" <ncomps> ":" <format> "]"
- *		Where:
- *			<ncomps> is the number of expected components for this
- *			rule.  If the particular principal does not have this
- *			many components, then this rule does not apply.
+ *      "[" <ncomps> ":" <format> "]"
+ *              Where:
+ *                      <ncomps> is the number of expected components for this
+ *                      rule.  If the particular principal does not have this
+ *                      many components, then this rule does not apply.
  *
- *			<format> is a string of <component> or verbatim
- *			characters to be inserted.
+ *                      <format> is a string of <component> or verbatim
+ *                      characters to be inserted.
  *
- *			<component> is of the form "$"<number> to select the
- *			<number>th component.  <number> begins from 1.
+ *                      <component> is of the form "$"<number> to select the
+ *                      <number>th component.  <number> begins from 1.
  *
  * Second part - select rule validity:  If not present, then this rule may
  * apply to all selections.  Otherwise the syntax is as follows:
- *	"(" <regexp> ")"
- *		Where:	<regexp> is a selector regular expression.  If this
- *			regular expression matches the whole pattern generated
- *			from the first part, then this rule still applies.
+ *      "(" <regexp> ")"
+ *              Where:  <regexp> is a selector regular expression.  If this
+ *                      regular expression matches the whole pattern generated
+ *                      from the first part, then this rule still applies.
  *
  * Last part - Transform rule:  If not present, then the selection string
  * is passed verbatim and is matched.  Otherwise, the syntax is as follows:
- *	<rule> ...
- *		Where:	<rule> is of the form:
- *			"s/" <regexp> "/" <text> "/" ["g"]
- * 
+ *      <rule> ...
+ *              Where:  <rule> is of the form:
+ *                      "s/" <regexp> "/" <text> "/" ["g"]
+ *
  * In order to be able to select rule validity, the native system must support
  * one of compile(3), re_comp(3) or regcomp(3).  In order to be able to
  * transform (e.g. substitute), the native system must support regcomp(3) or
@@ -189,208 +190,208 @@ db_an_to_ln(context, dbname, aname, lnsize, lname)
  */
 
 /*
- * aname_do_match() 	- Does our name match the parenthesized regular
- *			  expression?
- * 
+ * aname_do_match()     - Does our name match the parenthesized regular
+ *                        expression?
+ *
  * Chew up the match portion of the regular expression and update *contextp.
  * If no re_comp() or regcomp(), then always return a match.
  */
 static krb5_error_code
 aname_do_match(char *string, char **contextp)
 {
-    krb5_error_code	kret;
-    char		*regexp, *startp, *endp = 0;
-    size_t		regexlen;
-#if	HAVE_REGCOMP
-    regex_t		match_exp;
-    regmatch_t		match_match;
-#elif	HAVE_REGEXPR_H
-    char		regexp_buffer[RE_BUF_SIZE];
-#endif	/* HAVE_REGEXP_H */
+    krb5_error_code     kret;
+    char                *regexp, *startp, *endp = 0;
+    size_t              regexlen;
+#if     HAVE_REGCOMP
+    regex_t             match_exp;
+    regmatch_t          match_match;
+#elif   HAVE_REGEXPR_H
+    char                regexp_buffer[RE_BUF_SIZE];
+#endif  /* HAVE_REGEXP_H */
 
     kret = 0;
     /*
      * Is this a match expression?
      */
     if (**contextp == '(') {
-	kret = KRB5_CONFIG_BADFORMAT;
-	startp = (*contextp) + 1;
-	endp = strchr(startp, ')');
-	/* Find the end of the match expression. */
-	if (endp) {
-	    regexlen = (size_t) (endp - startp);
-	    regexp = (char *) malloc((size_t) regexlen+1);
-	    kret = ENOMEM;
-	    if (regexp) {
-		strncpy(regexp, startp, regexlen);
-		regexp[regexlen] = '\0';
-		kret = KRB5_LNAME_NOTRANS;
-		/*
-		 * Perform the match.
-		 */
-#if	HAVE_REGCOMP
-		if (!regcomp(&match_exp, regexp, REG_EXTENDED) &&
-		    !regexec(&match_exp, string, 1, &match_match, 0)) {
-		    if ((match_match.rm_so == 0) &&
-			(match_match.rm_eo == strlen(string)))
-			kret = 0;
-		}
-		regfree(&match_exp);
-#elif	HAVE_REGEXPR_H
-		compile(regexp,
-			regexp_buffer,
-			&regexp_buffer[RE_BUF_SIZE]);
-		if (step(string, regexp_buffer)) {
-		    if ((loc1 == string) &&
-			(loc2 == &string[strlen(string)]))
-			kret = 0;
-		}
-#elif	HAVE_RE_COMP
-		if (!re_comp(regexp) && re_exec(string))
-		    kret = 0;
-#else	/* HAVE_RE_COMP */
-		kret = 0;
-#endif	/* HAVE_RE_COMP */
-		free(regexp);
-	    }
-	    endp++;
-	}
-	else
-	    endp = startp;
+        kret = KRB5_CONFIG_BADFORMAT;
+        startp = (*contextp) + 1;
+        endp = strchr(startp, ')');
+        /* Find the end of the match expression. */
+        if (endp) {
+            regexlen = (size_t) (endp - startp);
+            regexp = (char *) malloc((size_t) regexlen+1);
+            kret = ENOMEM;
+            if (regexp) {
+                strncpy(regexp, startp, regexlen);
+                regexp[regexlen] = '\0';
+                kret = KRB5_LNAME_NOTRANS;
+                /*
+                 * Perform the match.
+                 */
+#if     HAVE_REGCOMP
+                if (!regcomp(&match_exp, regexp, REG_EXTENDED) &&
+                    !regexec(&match_exp, string, 1, &match_match, 0)) {
+                    if ((match_match.rm_so == 0) &&
+                        (match_match.rm_eo == strlen(string)))
+                        kret = 0;
+                }
+                regfree(&match_exp);
+#elif   HAVE_REGEXPR_H
+                compile(regexp,
+                        regexp_buffer,
+                        &regexp_buffer[RE_BUF_SIZE]);
+                if (step(string, regexp_buffer)) {
+                    if ((loc1 == string) &&
+                        (loc2 == &string[strlen(string)]))
+                        kret = 0;
+                }
+#elif   HAVE_RE_COMP
+                if (!re_comp(regexp) && re_exec(string))
+                    kret = 0;
+#else   /* HAVE_RE_COMP */
+                kret = 0;
+#endif  /* HAVE_RE_COMP */
+                free(regexp);
+            }
+            endp++;
+        }
+        else
+            endp = startp;
     }
     *contextp = endp;
     return(kret);
 }
 
 /*
- * do_replacement()	- Replace the regular expression with the specified
- * 			  replacement.
+ * do_replacement()     - Replace the regular expression with the specified
+ *                        replacement.
  *
  * If "doall" is set, it's a global replacement, otherwise, just a oneshot
  * deal.
  * If no regcomp() then just return the input string verbatim in the output
  * string.
  */
-#define use_bytes(x) \
-    out_used += (x); \
+#define use_bytes(x)                                    \
+    out_used += (x);                                    \
     if (out_used > MAX_FORMAT_BUFFER) goto mem_err
 
 static int
 do_replacement(char *regexp, char *repl, int doall, char *in, char *out)
 {
     size_t out_used = 0;
-#if	HAVE_REGCOMP
-    regex_t	match_exp;
-    regmatch_t	match_match;
-    int		matched;
-    char	*cp;
-    char	*op;
+#if     HAVE_REGCOMP
+    regex_t     match_exp;
+    regmatch_t  match_match;
+    int         matched;
+    char        *cp;
+    char        *op;
 
     if (!regcomp(&match_exp, regexp, REG_EXTENDED)) {
-	cp = in;
-	op = out;
-	matched = 0;
-	do {
-	    if (!regexec(&match_exp, cp, 1, &match_match, 0)) {
-		if (match_match.rm_so) {
-		    use_bytes(match_match.rm_so);
-		    strncpy(op, cp, match_match.rm_so);
-		    op += match_match.rm_so;
-		}
-		use_bytes(strlen(repl));
-		strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out));
-		op += strlen(op);
-		cp += match_match.rm_eo;
-		if (!doall) {
-		    use_bytes(strlen(cp));
-		    strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
-		}
-		matched = 1;
-	    }
-	    else {
-		use_bytes(strlen(cp));
-		strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
-		matched = 0;
-	    }
-	} while (doall && matched);
-	regfree(&match_exp);
+        cp = in;
+        op = out;
+        matched = 0;
+        do {
+            if (!regexec(&match_exp, cp, 1, &match_match, 0)) {
+                if (match_match.rm_so) {
+                    use_bytes(match_match.rm_so);
+                    strncpy(op, cp, match_match.rm_so);
+                    op += match_match.rm_so;
+                }
+                use_bytes(strlen(repl));
+                strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out));
+                op += strlen(op);
+                cp += match_match.rm_eo;
+                if (!doall) {
+                    use_bytes(strlen(cp));
+                    strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
+                }
+                matched = 1;
+            }
+            else {
+                use_bytes(strlen(cp));
+                strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
+                matched = 0;
+            }
+        } while (doall && matched);
+        regfree(&match_exp);
     }
-#elif	HAVE_REGEXPR_H
-    int		matched;
-    char	*cp;
-    char	*op;
-    char	regexp_buffer[RE_BUF_SIZE];
-    size_t	sdispl, edispl;
+#elif   HAVE_REGEXPR_H
+    int         matched;
+    char        *cp;
+    char        *op;
+    char        regexp_buffer[RE_BUF_SIZE];
+    size_t      sdispl, edispl;
 
     compile(regexp,
-	    regexp_buffer,
-	    &regexp_buffer[RE_BUF_SIZE]);
+            regexp_buffer,
+            &regexp_buffer[RE_BUF_SIZE]);
     cp = in;
     op = out;
     matched = 0;
     do {
-	if (step(cp, regexp_buffer)) {
-	    sdispl = (size_t) (loc1 - cp);
-	    edispl = (size_t) (loc2 - cp);
-	    if (sdispl) {
-		use_bytes(sdispl);
-		strncpy(op, cp, sdispl);
-		op += sdispl;
-	    }
-	    use_bytes(strlen(repl));
-	    strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out));
-	    op += strlen(repl);
-	    cp += edispl;
-	    if (!doall) {
-		use_bytes(strlen(cp));
-		strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
-	    }
-	    matched = 1;
-	}
-	else {
-	    use_bytes(strlen(cp));
-	    strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
-	    matched = 0;
-	}
+        if (step(cp, regexp_buffer)) {
+            sdispl = (size_t) (loc1 - cp);
+            edispl = (size_t) (loc2 - cp);
+            if (sdispl) {
+                use_bytes(sdispl);
+                strncpy(op, cp, sdispl);
+                op += sdispl;
+            }
+            use_bytes(strlen(repl));
+            strncpy(op, repl, MAX_FORMAT_BUFFER - 1 - (op - out));
+            op += strlen(repl);
+            cp += edispl;
+            if (!doall) {
+                use_bytes(strlen(cp));
+                strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
+            }
+            matched = 1;
+        }
+        else {
+            use_bytes(strlen(cp));
+            strncpy(op, cp, MAX_FORMAT_BUFFER - 1 - (op - out));
+            matched = 0;
+        }
     } while (doall && matched);
-#else	/* HAVE_REGEXP_H */
+#else   /* HAVE_REGEXP_H */
     memcpy(out, in, MAX_FORMAT_BUFFER);
-#endif	/* HAVE_REGCOMP */
+#endif  /* HAVE_REGCOMP */
     return 1;
- mem_err:
+mem_err:
 #ifdef HAVE_REGCMP
-    	regfree(&match_exp);
+    regfree(&match_exp);
 #endif
-	return 0;
-	
+    return 0;
+
 }
 #undef use_bytes
 
 /*
- * aname_replacer()	- Perform the specified substitutions on the input
- *			  string and return the result.
+ * aname_replacer()     - Perform the specified substitutions on the input
+ *                        string and return the result.
  *
  * This routine enforces the "s/<pattern>/<replacement>/[g]" syntax.
  */
 static krb5_error_code
 aname_replacer(char *string, char **contextp, char **result)
 {
-    krb5_error_code	kret;
-    char		*in = NULL, *out = NULL, *rule = NULL, *repl = NULL;
-    char		*cp, *ep, *tp;
-    size_t		rule_size, repl_size;
-    int			doglobal;
+    krb5_error_code     kret;
+    char                *in = NULL, *out = NULL, *rule = NULL, *repl = NULL;
+    char                *cp, *ep, *tp;
+    size_t              rule_size, repl_size;
+    int                 doglobal;
 
     *result = NULL;
 
     /* Allocate the formatting buffers */
     in = malloc(MAX_FORMAT_BUFFER);
     if (!in)
-	return ENOMEM;
+        return ENOMEM;
     out = malloc(MAX_FORMAT_BUFFER);
     if (!out) {
-	kret = ENOMEM;
-	goto cleanup;
+        kret = ENOMEM;
+        goto cleanup;
     }
 
     /*
@@ -404,70 +405,70 @@ aname_replacer(char *string, char **contextp, char **result)
      * Pound through the expression until we're done.
      */
     for (cp = *contextp; *cp; ) {
-	/* Skip leading whitespace */
-	while (isspace((int) (*cp)))
-	    cp++;
-
-	/*
-	 * Find our separators.  First two characters must be "s/"
-	 * We must also find another "/" followed by another "/".
-	 */
-	if (!((cp[0] == 's') &&
-	      (cp[1] == '/') &&
-	      (ep = strchr(&cp[2], '/')) &&
-	      (tp = strchr(&ep[1], '/')))) {
-	    /* Bad syntax */
-	    kret = KRB5_CONFIG_BADFORMAT;
-	    goto cleanup;
-	}
-
-	/* Figure out sizes of strings and allocate them */
-	rule_size = (size_t) (ep - &cp[2]);
-	repl_size = (size_t) (tp - &ep[1]);
-	rule = malloc(rule_size + 1);
-	if (!rule) {
-	    kret = ENOMEM;
-	    goto cleanup;
-	}
-	repl = malloc(repl_size + 1);
-	if (!repl) {
-	    kret = ENOMEM;
-	    goto cleanup;
-	}
-
-	/* Copy the strings */
-	memcpy(rule, &cp[2], rule_size);
-	memcpy(repl, &ep[1], repl_size);
-	rule[rule_size] = repl[repl_size] = '\0';
-
-	/* Check for trailing "g" */
-	doglobal = (tp[1] == 'g') ? 1 : 0;
-	if (doglobal)
-	    tp++;
-
-	/* Swap previous in and out buffers */
-	ep = in;
-	in = out;
-	out = ep;
-
-	/* Do the replacemenbt */
-	memset(out, '\0', MAX_FORMAT_BUFFER);
-	if (!do_replacement(rule, repl, doglobal, in, out)) {
-	    kret = KRB5_LNAME_NOTRANS;
-	    goto cleanup;
-	}
-	free(rule);
-	free(repl);
-	rule = repl = NULL;
-
-	/* If we have no output buffer left, this can't be good */
-	if (strlen(out) == 0) {
-	    kret = KRB5_LNAME_NOTRANS;
-	    goto cleanup;
-	}
-
-	/* Advance past trailer */
-	cp = &tp[1];
+        /* Skip leading whitespace */
+        while (isspace((int) (*cp)))
+            cp++;
+
+        /*
+         * Find our separators.  First two characters must be "s/"
+         * We must also find another "/" followed by another "/".
+         */
+        if (!((cp[0] == 's') &&
+              (cp[1] == '/') &&
+              (ep = strchr(&cp[2], '/')) &&
+              (tp = strchr(&ep[1], '/')))) {
+            /* Bad syntax */
+            kret = KRB5_CONFIG_BADFORMAT;
+            goto cleanup;
+        }
+
+        /* Figure out sizes of strings and allocate them */
+        rule_size = (size_t) (ep - &cp[2]);
+        repl_size = (size_t) (tp - &ep[1]);
+        rule = malloc(rule_size + 1);
+        if (!rule) {
+            kret = ENOMEM;
+            goto cleanup;
+        }
+        repl = malloc(repl_size + 1);
+        if (!repl) {
+            kret = ENOMEM;
+            goto cleanup;
+        }
+
+        /* Copy the strings */
+        memcpy(rule, &cp[2], rule_size);
+        memcpy(repl, &ep[1], repl_size);
+        rule[rule_size] = repl[repl_size] = '\0';
+
+        /* Check for trailing "g" */
+        doglobal = (tp[1] == 'g') ? 1 : 0;
+        if (doglobal)
+            tp++;
+
+        /* Swap previous in and out buffers */
+        ep = in;
+        in = out;
+        out = ep;
+
+        /* Do the replacemenbt */
+        memset(out, '\0', MAX_FORMAT_BUFFER);
+        if (!do_replacement(rule, repl, doglobal, in, out)) {
+            kret = KRB5_LNAME_NOTRANS;
+            goto cleanup;
+        }
+        free(rule);
+        free(repl);
+        rule = repl = NULL;
+
+        /* If we have no output buffer left, this can't be good */
+        if (strlen(out) == 0) {
+            kret = KRB5_LNAME_NOTRANS;
+            goto cleanup;
+        }
+
+        /* Advance past trailer */
+        cp = &tp[1];
     }
     free(in);
     *result = out;
@@ -488,7 +489,7 @@ cleanup:
  */
 static krb5_error_code
 aname_get_selstring(krb5_context context, krb5_const_principal aname,
-		    char **contextp, char **result)
+                    char **contextp, char **result)
 {
     krb5_error_code kret;
     char *fprincname, *current, *str;
@@ -499,16 +500,16 @@ aname_get_selstring(krb5_context context, krb5_const_principal aname,
 
     *result = NULL;
     if (**contextp != '[') {
-	/* No selstring part; use the full flattened principal name. */
-	kret = krb5_unparse_name(context, aname, &fprincname);
-	if (kret)
-	    return kret;
-	str = aname_full_to_mapping_name(fprincname);
-	free(fprincname);
-	if (!str)
-	    return ENOMEM;
-	*result = str;
-	return 0;
+        /* No selstring part; use the full flattened principal name. */
+        kret = krb5_unparse_name(context, aname, &fprincname);
+        if (kret)
+            return kret;
+        str = aname_full_to_mapping_name(fprincname);
+        free(fprincname);
+        if (!str)
+            return ENOMEM;
+        *result = str;
+        return 0;
     }
 
     /* Advance past the '[' and read the number of components. */
@@ -516,42 +517,42 @@ aname_get_selstring(krb5_context context, krb5_const_principal aname,
     errno = 0;
     num_comps = strtol(current, &current, 10);
     if (errno != 0 || num_comps < 0 || *current != ':')
-	return KRB5_CONFIG_BADFORMAT;
+        return KRB5_CONFIG_BADFORMAT;
     if (num_comps != aname->length)
-	return KRB5_LNAME_NOTRANS;
+        return KRB5_LNAME_NOTRANS;
     current++;
 
     krb5int_buf_init_dynamic(&selstring);
     while (1) {
-	/* Copy in literal characters up to the next $ or ]. */
-	nlit = strcspn(current, "$]");
-	krb5int_buf_add_len(&selstring, current, nlit);
-	current += nlit;
-	if (*current != '$')
-	    break;
-
-	/* Expand $ substitution to a principal component. */
-	errno = 0;
-	compind = strtol(current + 1, &current, 10);
-	if (errno || compind > num_comps)
-	    break;
-	datap = (compind > 0)
-	    ? krb5_princ_component(context, aname, compind - 1)
-	    : krb5_princ_realm(context, aname);
-	if (!datap)
-	    break;
-	krb5int_buf_add_len(&selstring, datap->data, datap->length);
+        /* Copy in literal characters up to the next $ or ]. */
+        nlit = strcspn(current, "$]");
+        krb5int_buf_add_len(&selstring, current, nlit);
+        current += nlit;
+        if (*current != '$')
+            break;
+
+        /* Expand $ substitution to a principal component. */
+        errno = 0;
+        compind = strtol(current + 1, &current, 10);
+        if (errno || compind > num_comps)
+            break;
+        datap = (compind > 0)
+            ? krb5_princ_component(context, aname, compind - 1)
+            : krb5_princ_realm(context, aname);
+        if (!datap)
+            break;
+        krb5int_buf_add_len(&selstring, datap->data, datap->length);
     }
 
     /* Check that we hit a ']' and not the end of the string. */
     if (*current != ']') {
-	krb5int_free_buf(&selstring);
-	return KRB5_CONFIG_BADFORMAT;
+        krb5int_free_buf(&selstring);
+        return KRB5_CONFIG_BADFORMAT;
     }
 
     str = krb5int_buf_data(&selstring);
     if (str == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     *contextp = current + 1;
     *result = str;
@@ -561,7 +562,7 @@ aname_get_selstring(krb5_context context, krb5_const_principal aname,
 /* Handle aname to lname translations for RULE rules. */
 static krb5_error_code
 rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname,
-	      const unsigned int lnsize, char *lname)
+              const unsigned int lnsize, char *lname)
 {
     krb5_error_code kret;
     char *current, *selstring = 0, *outstring = 0;
@@ -570,31 +571,31 @@ rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname,
     current = rule;
     kret = aname_get_selstring(context, aname, &current, &selstring);
     if (kret)
-	return kret;
+        return kret;
 
     /* Check the selection string against the regexp, if present. */
     if (*current == '(') {
-	kret = aname_do_match(selstring, &current);
-	if (kret)
-	    goto cleanup;
+        kret = aname_do_match(selstring, &current);
+        if (kret)
+            goto cleanup;
     }
 
     /* Perform the substitution. */
     outstring = NULL;
     kret = aname_replacer(selstring, &current, &outstring);
     if (kret)
-	goto cleanup;
+        goto cleanup;
 
     /* Copy out the value if there's enough room. */
     if (strlcpy(lname, outstring, lnsize) >= lnsize)
-	kret = KRB5_CONFIG_NOTENUFSPACE;
+        kret = KRB5_CONFIG_NOTENUFSPACE;
 
 cleanup:
     free(selstring);
     free(outstring);
     return kret;
 }
-#endif	/* AN_TO_LN_RULES */
+#endif  /* AN_TO_LN_RULES */
 
 /*
  * Implementation:  This version checks the realm to see if it is the local
@@ -609,9 +610,9 @@ default_an_to_ln(krb5_context context, krb5_const_principal aname, const unsigne
     unsigned int realm_length;
 
     realm_length = krb5_princ_realm(context, aname)->length;
-    
+
     if ((retval = krb5_get_default_realm(context, &def_realm))) {
-	return(retval);
+        return(retval);
     }
     if (!data_eq_string(*krb5_princ_realm(context, aname), def_realm)) {
         free(def_realm);
@@ -620,58 +621,58 @@ default_an_to_ln(krb5_context context, krb5_const_principal aname, const unsigne
 
     if (krb5_princ_size(context, aname) != 1) {
         if (krb5_princ_size(context, aname) == 2 ) {
-           /* Check to see if 2nd component is the local realm. */
-           if ( strncmp(krb5_princ_component(context, aname,1)->data,def_realm,
-                        realm_length) ||
-                realm_length != krb5_princ_component(context, aname,1)->length)
+            /* Check to see if 2nd component is the local realm. */
+            if ( strncmp(krb5_princ_component(context, aname,1)->data,def_realm,
+                         realm_length) ||
+                 realm_length != krb5_princ_component(context, aname,1)->length)
                 return KRB5_LNAME_NOTRANS;
         }
         else
-           /* no components or more than one component to non-realm part of name
-           --no translation. */
+            /* no components or more than one component to non-realm part of name
+               --no translation. */
             return KRB5_LNAME_NOTRANS;
     }
 
     free(def_realm);
-    strncpy(lname, krb5_princ_component(context, aname,0)->data, 
-	    min(krb5_princ_component(context, aname,0)->length,lnsize));
+    strncpy(lname, krb5_princ_component(context, aname,0)->data,
+            min(krb5_princ_component(context, aname,0)->length,lnsize));
     if (lnsize <= krb5_princ_component(context, aname,0)->length ) {
-	retval = KRB5_CONFIG_NOTENUFSPACE;
+        retval = KRB5_CONFIG_NOTENUFSPACE;
     } else {
-	lname[krb5_princ_component(context, aname,0)->length] = '\0';
-	retval = 0;
+        lname[krb5_princ_component(context, aname,0)->length] = '\0';
+        retval = 0;
     }
     return retval;
 }
 
 /*
- Converts an authentication name to a local name suitable for use by
- programs wishing a translation to an environment-specific name (e.g.
- user account name).
+  Converts an authentication name to a local name suitable for use by
+  programs wishing a translation to an environment-specific name (e.g.
+  user account name).
 
- lnsize specifies the maximum length name that is to be filled into
- lname.
- The translation will be null terminated in all non-error returns.
+  lnsize specifies the maximum length name that is to be filled into
+  lname.
+  The translation will be null terminated in all non-error returns.
 
- returns system errors, NOT_ENOUGH_SPACE
+  returns system errors, NOT_ENOUGH_SPACE
 */
 
 krb5_error_code KRB5_CALLCONV
 krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int lnsize_in, char *lname)
 {
-    krb5_error_code	kret;
-    char		*realm;
-    char		*pname;
-    char		*mname;
-    const char		*hierarchy[5];
-    char		**mapping_values;
-    int			i, nvalid;
-    char		*cp, *s;
-    char		*typep, *argp;
+    krb5_error_code     kret;
+    char                *realm;
+    char                *pname;
+    char                *mname;
+    const char          *hierarchy[5];
+    char                **mapping_values;
+    int                 i, nvalid;
+    char                *cp, *s;
+    char                *typep, *argp;
     unsigned int        lnsize;
 
     if (lnsize_in < 0)
-      return KRB5_CONFIG_NOTENUFSPACE;
+        return KRB5_CONFIG_NOTENUFSPACE;
 
     lnsize = lnsize_in; /* Unsigned */
 
@@ -679,134 +680,133 @@ krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int ln
      * First get the default realm.
      */
     if (!(kret = krb5_get_default_realm(context, &realm))) {
-	/* Flatten the name */
-	if (!(kret = krb5_unparse_name(context, aname, &pname))) {
-	    if ((mname = aname_full_to_mapping_name(pname))) {
-		/*
-		 * Search first for explicit mappings of the form:
-		 *
-		 * [realms]->realm->"auth_to_local_names"->mapping_name
-		 */
-		hierarchy[0] = KRB5_CONF_REALMS;
-		hierarchy[1] = realm;
-		hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL_NAMES;
-		hierarchy[3] = mname;
-		hierarchy[4] = (char *) NULL;
-		if (!(kret = profile_get_values(context->profile,
-						hierarchy,
-						&mapping_values))) {
-		    /* We found one or more explicit mappings. */
-		    for (nvalid=0; mapping_values[nvalid]; nvalid++);
-
-		    /* Just use the last one. */
-		    /* Trim the value. */
-		    s = mapping_values[nvalid-1];
-		    cp = s + strlen(s);
-		    while (cp > s) {
-			cp--;
-			if (!isspace((int)(*cp)))
-			    break;
-			*cp = '\0';
-		    }
-
-		    /* Copy out the value if there's enough room */
-		    if (strlcpy(lname, mapping_values[nvalid-1],
-				lnsize) >= lnsize)
-			kret = KRB5_CONFIG_NOTENUFSPACE;
-
-		    /* Free residue */
-		    profile_free_list(mapping_values);
-		}
-		else {
-		    /*
-		     * OK - There's no explicit mapping.  Now check for
-		     * general auth_to_local rules of the form:
-		     *
-		     * [realms]->realm->"auth_to_local"
-		     *
-		     * This can have one or more of the following kinds of
-		     * values:
-		     *	DB:<filename>	- Look up principal in aname database.
-		     *	RULE:<sed-exp>	- Formulate lname from sed-exp.
-		     *	DEFAULT		- Use default rule.
-		     * The first rule to find a match is used.
-		     */
-		    hierarchy[0] = KRB5_CONF_REALMS;
-		    hierarchy[1] = realm;
-		    hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL;
-		    hierarchy[3] = (char *) NULL;
-		    if (!(kret = profile_get_values(context->profile,
-						    hierarchy,
-						    &mapping_values))) {
-			/*
-			 * Loop through all the mapping values.
-			 */
-			for (i=0; mapping_values[i]; i++) {
-			    typep = mapping_values[i];
-			    argp = strchr(typep, ':');
-			    if (argp) {
-				*argp = '\0';
-				argp++;
-			    }
+        /* Flatten the name */
+        if (!(kret = krb5_unparse_name(context, aname, &pname))) {
+            if ((mname = aname_full_to_mapping_name(pname))) {
+                /*
+                 * Search first for explicit mappings of the form:
+                 *
+                 * [realms]->realm->"auth_to_local_names"->mapping_name
+                 */
+                hierarchy[0] = KRB5_CONF_REALMS;
+                hierarchy[1] = realm;
+                hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL_NAMES;
+                hierarchy[3] = mname;
+                hierarchy[4] = (char *) NULL;
+                if (!(kret = profile_get_values(context->profile,
+                                                hierarchy,
+                                                &mapping_values))) {
+                    /* We found one or more explicit mappings. */
+                    for (nvalid=0; mapping_values[nvalid]; nvalid++);
+
+                    /* Just use the last one. */
+                    /* Trim the value. */
+                    s = mapping_values[nvalid-1];
+                    cp = s + strlen(s);
+                    while (cp > s) {
+                        cp--;
+                        if (!isspace((int)(*cp)))
+                            break;
+                        *cp = '\0';
+                    }
+
+                    /* Copy out the value if there's enough room */
+                    if (strlcpy(lname, mapping_values[nvalid-1],
+                                lnsize) >= lnsize)
+                        kret = KRB5_CONFIG_NOTENUFSPACE;
+
+                    /* Free residue */
+                    profile_free_list(mapping_values);
+                }
+                else {
+                    /*
+                     * OK - There's no explicit mapping.  Now check for
+                     * general auth_to_local rules of the form:
+                     *
+                     * [realms]->realm->"auth_to_local"
+                     *
+                     * This can have one or more of the following kinds of
+                     * values:
+                     *  DB:<filename>   - Look up principal in aname database.
+                     *  RULE:<sed-exp>  - Formulate lname from sed-exp.
+                     *  DEFAULT         - Use default rule.
+                     * The first rule to find a match is used.
+                     */
+                    hierarchy[0] = KRB5_CONF_REALMS;
+                    hierarchy[1] = realm;
+                    hierarchy[2] = KRB5_CONF_AUTH_TO_LOCAL;
+                    hierarchy[3] = (char *) NULL;
+                    if (!(kret = profile_get_values(context->profile,
+                                                    hierarchy,
+                                                    &mapping_values))) {
+                        /*
+                         * Loop through all the mapping values.
+                         */
+                        for (i=0; mapping_values[i]; i++) {
+                            typep = mapping_values[i];
+                            argp = strchr(typep, ':');
+                            if (argp) {
+                                *argp = '\0';
+                                argp++;
+                            }
 #ifdef ANAME_DB
-			    if (!strcmp(typep, "DB") && argp) {
-				kret = db_an_to_ln(context,
-						   argp,
-						   aname,
-						   lnsize,
-						   lname);
-				if (kret != KRB5_LNAME_NOTRANS)
-				    break;
-			    }
-			    else
+                            if (!strcmp(typep, "DB") && argp) {
+                                kret = db_an_to_ln(context,
+                                                   argp,
+                                                   aname,
+                                                   lnsize,
+                                                   lname);
+                                if (kret != KRB5_LNAME_NOTRANS)
+                                    break;
+                            }
+                            else
 #endif
-#ifdef	AN_TO_LN_RULES
-			    if (!strcmp(typep, "RULE") && argp) {
-				kret = rule_an_to_ln(context,
-						     argp,
-						     aname,
-						     lnsize,
-						     lname);
-				if (kret != KRB5_LNAME_NOTRANS)
-				    break;
-			    }
-			    else
-#endif	/* AN_TO_LN_RULES */
-			    if (!strcmp(typep, "DEFAULT") && !argp) {
-				kret = default_an_to_ln(context,
-							aname,
-							lnsize,
-							lname);
-				if (kret != KRB5_LNAME_NOTRANS)
-				    break;
-			    }
-			    else {
-				kret = KRB5_CONFIG_BADFORMAT;
-				break;
-			    }
-			}
-
-			/* We're done, clean up the droppings. */
-			profile_free_list(mapping_values);
-		    }
-		    else {
-			/*
-			 * No profile relation found, try default mapping.
-			 */
-			kret = default_an_to_ln(context,
-						aname,
-						lnsize,
-						lname);
-		    }
-		}
-		free(mname);
-	    }
-	    else
-		kret = ENOMEM;
-	    free(pname);
-	}
-	free(realm);
+#ifdef  AN_TO_LN_RULES
+                                if (!strcmp(typep, "RULE") && argp) {
+                                    kret = rule_an_to_ln(context,
+                                                         argp,
+                                                         aname,
+                                                         lnsize,
+                                                         lname);
+                                    if (kret != KRB5_LNAME_NOTRANS)
+                                        break;
+                                }
+                                else
+#endif  /* AN_TO_LN_RULES */
+                                    if (!strcmp(typep, "DEFAULT") && !argp) {
+                                        kret = default_an_to_ln(context,
+                                                                aname,
+                                                                lnsize,
+                                                                lname);
+                                        if (kret != KRB5_LNAME_NOTRANS)
+                                            break;
+                                    }
+                                    else {
+                                        kret = KRB5_CONFIG_BADFORMAT;
+                                        break;
+                                    }
+                        }
+
+                        /* We're done, clean up the droppings. */
+                        profile_free_list(mapping_values);
+                    }
+                    else {
+                        /*
+                         * No profile relation found, try default mapping.
+                         */
+                        kret = default_an_to_ln(context,
+                                                aname,
+                                                lnsize,
+                                                lname);
+                    }
+                }
+                free(mname);
+            }
+            else
+                kret = ENOMEM;
+            free(pname);
+        }
+        free(realm);
     }
     return(kret);
 }
-
diff --git a/src/lib/krb5/os/c_ustime.c b/src/lib/krb5/os/c_ustime.c
index fbb6d6128..1bfdac4af 100644
--- a/src/lib/krb5/os/c_ustime.c
+++ b/src/lib/krb5/os/c_ustime.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/os/c_ustime.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,11 +23,11 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_mstimeofday for BSD 4.3
  */
- 
+
 #include "k5-int.h"
 #include "k5-thread.h"
 
@@ -36,8 +37,8 @@ struct time_now { krb5_int32 sec, usec; };
 
 #if defined(_WIN32)
 
-   /* Microsoft Windows NT and 95   (32bit)  */
-   /* This one works for WOW (Windows on Windows, ntvdm on Win-NT) */
+/* Microsoft Windows NT and 95   (32bit)  */
+/* This one works for WOW (Windows on Windows, ntvdm on Win-NT) */
 
 #include <time.h>
 #include <sys/timeb.h>
@@ -64,7 +65,7 @@ get_time_now(struct time_now *n)
     struct timeval tv;
 
     if (gettimeofday(&tv, (struct timezone *)0) == -1)
-	return errno;
+        return errno;
 
     n->sec = tv.tv_sec;
     n->usec = tv.tv_usec;
@@ -84,11 +85,11 @@ krb5_crypto_us_timeofday(krb5_int32 *seconds, krb5_int32 *microseconds)
     now.sec = now.usec = 0;
     err = get_time_now(&now);
     if (err)
-	return err;
+        return err;
 
     err = k5_mutex_lock(&krb5int_us_time_mutex);
     if (err)
-	return err;
+        return err;
     /* Just guessing: If the number of seconds hasn't changed, yet the
        microseconds are moving backwards, we probably just got a third
        instance of returning the same clock value from the system, so
@@ -98,17 +99,17 @@ krb5_crypto_us_timeofday(krb5_int32 *seconds, krb5_int32 *microseconds)
        quite likely.  On UNIX, it appears that we always get new
        microsecond values, so this case should never trigger.  */
     if ((now.sec == last_time.sec) && (now.usec <= last_time.usec)) {
-	/* Same as last time??? */
-	now.usec = ++last_time.usec;
-	if (now.usec >= 1000000) {
-	    ++now.sec;
-	    now.usec = 0;
-	}
-	/* For now, we're not worrying about the case of enough
-	   returns of the same value that we roll over now.sec, and
-	   the next call still gets the previous now.sec value.  */
+        /* Same as last time??? */
+        now.usec = ++last_time.usec;
+        if (now.usec >= 1000000) {
+            ++now.sec;
+            now.usec = 0;
+        }
+        /* For now, we're not worrying about the case of enough
+           returns of the same value that we roll over now.sec, and
+           the next call still gets the previous now.sec value.  */
     }
-    last_time.sec = now.sec;	/* Remember for next time */
+    last_time.sec = now.sec;    /* Remember for next time */
     last_time.usec = now.usec;
     k5_mutex_unlock(&krb5int_us_time_mutex);
 
diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c
index 7587cb007..0686e721a 100644
--- a/src/lib/krb5/os/ccdefname.c
+++ b/src/lib/krb5/os/ccdefname.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/ccdefname.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Return default cred. cache name.
  */
@@ -38,50 +39,50 @@
 #if defined(_WIN32)
 static int get_from_registry_indirect(char *name_buf, int name_size)
 {
-	/* If the RegKRB5CCNAME variable is set, it will point to
-	 * the registry key that has the name of the cache to use.
-	 * The Gradient PC-DCE sets the registry key
-	 * [HKEY_CURRENT_USER\Software\Gradient\DCE\Default\KRB5CCNAME]
-	 * to point at the cache file name (including the FILE: prefix).
-	 * By indirecting with the RegKRB5CCNAME entry in kerberos.ini,
-	 * we can accomodate other versions that might set a registry
-	 * variable.
-	 */
-	char newkey[256];
-	    
-	LONG name_buf_size;
-	HKEY hkey;
-	int found = 0;
-	char *cp;
-
-        newkey[0] = 0;
-	GetPrivateProfileString(INI_FILES, "RegKRB5CCNAME", "", 
-				newkey, sizeof(newkey), KERBEROS_INI);
-	if (!newkey[0])
-		return 0;
-	
-        newkey[sizeof(newkey)-1] = 0;
-	cp = strrchr(newkey,'\\');
-	if (cp) {
-		*cp = '\0'; /* split the string */
-		cp++;
-	} else
-		cp = "";
-	
-	if (RegOpenKeyEx(HKEY_CURRENT_USER, newkey, 0,
-			 KEY_QUERY_VALUE, &hkey) != ERROR_SUCCESS)
-		return 0;
-	
-	name_buf_size = name_size;
-	if (RegQueryValueEx(hkey, cp, 0, 0, 
-			    name_buf, &name_buf_size) != ERROR_SUCCESS)
-	{
-		RegCloseKey(hkey);
-		return 0;
-	}
-
-	RegCloseKey(hkey);
-	return 1;
+    /* If the RegKRB5CCNAME variable is set, it will point to
+     * the registry key that has the name of the cache to use.
+     * The Gradient PC-DCE sets the registry key
+     * [HKEY_CURRENT_USER\Software\Gradient\DCE\Default\KRB5CCNAME]
+     * to point at the cache file name (including the FILE: prefix).
+     * By indirecting with the RegKRB5CCNAME entry in kerberos.ini,
+     * we can accomodate other versions that might set a registry
+     * variable.
+     */
+    char newkey[256];
+
+    LONG name_buf_size;
+    HKEY hkey;
+    int found = 0;
+    char *cp;
+
+    newkey[0] = 0;
+    GetPrivateProfileString(INI_FILES, "RegKRB5CCNAME", "",
+                            newkey, sizeof(newkey), KERBEROS_INI);
+    if (!newkey[0])
+        return 0;
+
+    newkey[sizeof(newkey)-1] = 0;
+    cp = strrchr(newkey,'\\');
+    if (cp) {
+        *cp = '\0'; /* split the string */
+        cp++;
+    } else
+        cp = "";
+
+    if (RegOpenKeyEx(HKEY_CURRENT_USER, newkey, 0,
+                     KEY_QUERY_VALUE, &hkey) != ERROR_SUCCESS)
+        return 0;
+
+    name_buf_size = name_size;
+    if (RegQueryValueEx(hkey, cp, 0, 0,
+                        name_buf, &name_buf_size) != ERROR_SUCCESS)
+    {
+        RegCloseKey(hkey);
+        return 0;
+    }
+
+    RegCloseKey(hkey);
+    return 1;
 }
 
 /*
@@ -94,19 +95,19 @@ static int get_from_registry_indirect(char *name_buf, int name_size)
 static int
 get_from_registry(
     HKEY hBaseKey,
-    char *name_buf, 
+    char *name_buf,
     int name_size
-    )
+)
 {
     HKEY hKey;
     DWORD name_buf_size = (DWORD)name_size;
     const char *key_path = "Software\\MIT\\Kerberos5";
     const char *value_name = "ccname";
 
-    if (RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE, 
+    if (RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE,
                      &hKey) != ERROR_SUCCESS)
         return 0;
-    if (RegQueryValueEx(hKey, value_name, 0, 0, 
+    if (RegQueryValueEx(hKey, value_name, 0, 0,
                         name_buf, &name_buf_size) != ERROR_SUCCESS)
     {
         RegCloseKey(hKey);
@@ -123,7 +124,7 @@ try_dir(
     char* dir,
     char* buffer,
     int buf_len
-    )
+)
 {
     struct _stat s;
     if (!dir)
@@ -145,53 +146,53 @@ try_dir(
 #if defined(_WIN32)
 static krb5_error_code get_from_os(char *name_buf, unsigned int name_size)
 {
-	char *prefix = krb5_cc_dfl_ops->prefix;
-        int size;
-        char *p;
-        DWORD gle;
-
-	SetLastError(0);
-	GetEnvironmentVariable(KRB5_ENV_CCNAME, name_buf, name_size);
-	gle = GetLastError();
-	if (gle == 0)
-		return 0;
-	else if (gle != ERROR_ENVVAR_NOT_FOUND)
-		return ENOMEM;
-
-	if (get_from_registry(HKEY_CURRENT_USER,
-                              name_buf, name_size) != 0)
-		return 0;
-
-	if (get_from_registry(HKEY_LOCAL_MACHINE,
-                              name_buf, name_size) != 0)
-		return 0;
-
-	if (get_from_registry_indirect(name_buf, name_size) != 0)
-		return 0;
-
-        strncpy(name_buf, prefix, name_size - 1);
-        name_buf[name_size - 1] = 0;
-        size = name_size - strlen(prefix);
-        if (size > 0)
-            strcat(name_buf, ":");
-        size--;
-        p = name_buf + name_size - size;
-	if (!strcmp(prefix, "API")) {
-		strncpy(p, "krb5cc", size);
-	} else if (!strcmp(prefix, "FILE") || !strcmp(prefix, "STDIO")) {
-		if (!try_dir(getenv("TEMP"), p, size) &&
-		    !try_dir(getenv("TMP"), p, size))
-		{
-                    int len = GetWindowsDirectory(p, size);
-                    name_buf[name_size - 1] = 0;
-                    if (len < size - sizeof(APPEND_KRB5CC))
-			strcat(p, APPEND_KRB5CC);
-		}
-	} else {
-		strncpy(p, "default_cache_name", size);
-	}
-	name_buf[name_size - 1] = 0;
-	return 0;
+    char *prefix = krb5_cc_dfl_ops->prefix;
+    int size;
+    char *p;
+    DWORD gle;
+
+    SetLastError(0);
+    GetEnvironmentVariable(KRB5_ENV_CCNAME, name_buf, name_size);
+    gle = GetLastError();
+    if (gle == 0)
+        return 0;
+    else if (gle != ERROR_ENVVAR_NOT_FOUND)
+        return ENOMEM;
+
+    if (get_from_registry(HKEY_CURRENT_USER,
+                          name_buf, name_size) != 0)
+        return 0;
+
+    if (get_from_registry(HKEY_LOCAL_MACHINE,
+                          name_buf, name_size) != 0)
+        return 0;
+
+    if (get_from_registry_indirect(name_buf, name_size) != 0)
+        return 0;
+
+    strncpy(name_buf, prefix, name_size - 1);
+    name_buf[name_size - 1] = 0;
+    size = name_size - strlen(prefix);
+    if (size > 0)
+        strcat(name_buf, ":");
+    size--;
+    p = name_buf + name_size - size;
+    if (!strcmp(prefix, "API")) {
+        strncpy(p, "krb5cc", size);
+    } else if (!strcmp(prefix, "FILE") || !strcmp(prefix, "STDIO")) {
+        if (!try_dir(getenv("TEMP"), p, size) &&
+            !try_dir(getenv("TMP"), p, size))
+        {
+            int len = GetWindowsDirectory(p, size);
+            name_buf[name_size - 1] = 0;
+            if (len < size - sizeof(APPEND_KRB5CC))
+                strcat(p, APPEND_KRB5CC);
+        }
+    } else {
+        strncpy(p, "default_cache_name", size);
+    }
+    name_buf[name_size - 1] = 0;
+    return 0;
 }
 #endif
 
@@ -199,35 +200,35 @@ static krb5_error_code get_from_os(char *name_buf, unsigned int name_size)
 
 static krb5_error_code get_from_os(char *name_buf, unsigned int name_size)
 {
-	krb5_error_code result = 0;
-	cc_context_t cc_context = NULL;
-	cc_string_t default_name = NULL;
-
-	cc_int32 ccerr = cc_initialize (&cc_context, ccapi_version_3, NULL, NULL);
-	if (ccerr == ccNoError) {
-		ccerr = cc_context_get_default_ccache_name (cc_context, &default_name);
-	}
-	
-	if (ccerr == ccNoError) {
-		if (strlen (default_name -> data) + 5 > name_size) {
-			result = ENOMEM;
-			goto cleanup;
-		} else {
-		    snprintf (name_buf, name_size, "API:%s",
-			      default_name -> data);
-		}
-	}
-	
+    krb5_error_code result = 0;
+    cc_context_t cc_context = NULL;
+    cc_string_t default_name = NULL;
+
+    cc_int32 ccerr = cc_initialize (&cc_context, ccapi_version_3, NULL, NULL);
+    if (ccerr == ccNoError) {
+        ccerr = cc_context_get_default_ccache_name (cc_context, &default_name);
+    }
+
+    if (ccerr == ccNoError) {
+        if (strlen (default_name -> data) + 5 > name_size) {
+            result = ENOMEM;
+            goto cleanup;
+        } else {
+            snprintf (name_buf, name_size, "API:%s",
+                      default_name -> data);
+        }
+    }
+
 cleanup:
-	if (cc_context != NULL) {
-		cc_context_release (cc_context);
-	}
-	
-	if (default_name != NULL) {
-		cc_string_release (default_name);
-	}
-	
-	return result;
+    if (cc_context != NULL) {
+        cc_context_release (cc_context);
+    }
+
+    if (default_name != NULL) {
+        cc_string_release (default_name);
+    }
+
+    return result;
 }
 
 #else
@@ -245,9 +246,9 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
 {
     krb5_error_code err = 0;
     char *new_ccname = NULL;
-    
+
     if (!context || context->magic != KV5M_CONTEXT) { err = KV5M_CONTEXT; }
-    
+
     if (name != NULL) {
         if (!err) {
             /* If the name isn't NULL, make a copy of it */
@@ -255,7 +256,7 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
             if (new_ccname == NULL) { err = ENOMEM; }
         }
     }
-    
+
     if (!err) {
         /* free the old ccname and store the new one */
         krb5_os_context os_ctx = &context->os_context;
@@ -263,42 +264,42 @@ krb5_cc_set_default_name(krb5_context context, const char *name)
         os_ctx->default_ccname = new_ccname;
         new_ccname = NULL;  /* don't free */
     }
-    
+
     return err;
 }
 
-	
+
 const char * KRB5_CALLCONV
 krb5_cc_default_name(krb5_context context)
 {
     krb5_error_code err = 0;
     krb5_os_context os_ctx = NULL;
-    
+
     if (!context || context->magic != KV5M_CONTEXT) { err = KV5M_CONTEXT; }
-    
+
     if (!err) {
         os_ctx = &context->os_context;
-        
+
         if (os_ctx->default_ccname == NULL) {
             /* Default ccache name has not been set yet */
             char *new_ccname = NULL;
             char new_ccbuf[1024];
-            
+
             /* try the environment variable first */
             new_ccname = getenv(KRB5_ENV_CCNAME);
-            
+
             if (new_ccname == NULL) {
                 /* fall back on the default ccache name for the OS */
                 new_ccname = new_ccbuf;
                 err = get_from_os (new_ccbuf, sizeof (new_ccbuf));
             }
-            
+
             if (!err) {
                 err = krb5_cc_set_default_name (context, new_ccname);
             }
         }
     }
-    
+
     return err ? NULL : os_ctx->default_ccname;
 }
 
@@ -314,7 +315,7 @@ krb5int_cc_os_default_name(krb5_context context, char **name)
     *name = NULL;
     tmpname = malloc(BUFSIZ);
     if (tmpname == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     retval = get_from_os(tmpname, BUFSIZ);
     *name = tmpname;
diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index 781138738..10a54d2d7 100644
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/changepw.c
  *
@@ -44,11 +45,11 @@
 #endif
 
 struct sendto_callback_context {
-    krb5_context 	context;
-    krb5_auth_context 	auth_context;
-    krb5_principal 	set_password_for;
-    char 		*newpw;
-    krb5_data 		ap_req;
+    krb5_context        context;
+    krb5_auth_context   auth_context;
+    krb5_principal      set_password_for;
+    char                *newpw;
+    krb5_data           ap_req;
     krb5_ui_4           remote_seq_num, local_seq_num;
 };
 
@@ -58,30 +59,30 @@ struct sendto_callback_context {
 
 static krb5_error_code
 krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
-		    struct addrlist *addrlist, krb5_boolean useTcp)
+                    struct addrlist *addrlist, krb5_boolean useTcp)
 {
     krb5_error_code code;
     int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM);
 
     code = krb5int_locate_server (context, realm, addrlist,
-				  locate_service_kpasswd, sockType, AF_INET);
+                                  locate_service_kpasswd, sockType, AF_INET);
 
     if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) {
-	code = krb5int_locate_server (context, realm, addrlist,
-				      locate_service_kadmin, SOCK_STREAM,
-				      AF_INET);
-	if (!code) {
-	    /* Success with admin_server but now we need to change the
-	       port number to use DEFAULT_KPASSWD_PORT and the socktype.  */
-	    int i;
-	    for (i=0; i<addrlist->naddrs; i++) {
-		struct addrinfo *a = addrlist->addrs[i].ai;
-		if (a->ai_family == AF_INET)
-		    sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
-		if (sockType != SOCK_STREAM)
-		    a->ai_socktype = sockType;
-	    }
-	}
+        code = krb5int_locate_server (context, realm, addrlist,
+                                      locate_service_kadmin, SOCK_STREAM,
+                                      AF_INET);
+        if (!code) {
+            /* Success with admin_server but now we need to change the
+               port number to use DEFAULT_KPASSWD_PORT and the socktype.  */
+            int i;
+            for (i=0; i<addrlist->naddrs; i++) {
+                struct addrinfo *a = addrlist->addrs[i].ai;
+                if (a->ai_family == AF_INET)
+                    sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
+                if (sockType != SOCK_STREAM)
+                    a->ai_socktype = sockType;
+            }
+        }
     }
     return (code);
 }
@@ -91,24 +92,24 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
  * This routine is used for a callback in sendto_kdc.c code. Simply
  * put, we need the client addr to build the krb_priv portion of the
  * password request.
- */  
+ */
 
 
 static void kpasswd_sendto_msg_cleanup (void* callback_context, krb5_data* message)
 {
     struct sendto_callback_context *ctx = callback_context;
-    krb5_free_data_contents(ctx->context, message); 
+    krb5_free_data_contents(ctx->context, message);
 }
- 
+
 
 static int kpasswd_sendto_msg_callback(struct conn_state *conn, void *callback_context, krb5_data* message)
 {
-    krb5_error_code 			code = 0;
-    struct sockaddr_storage 		local_addr;
-    krb5_address 			local_kaddr;
-    struct sendto_callback_context	*ctx = callback_context;
-    GETSOCKNAME_ARG3_TYPE 		addrlen;
-    krb5_data				output;
+    krb5_error_code                     code = 0;
+    struct sockaddr_storage             local_addr;
+    krb5_address                        local_kaddr;
+    struct sendto_callback_context      *ctx = callback_context;
+    GETSOCKNAME_ARG3_TYPE               addrlen;
+    krb5_data                           output;
 
     memset (message, 0, sizeof(krb5_data));
 
@@ -118,37 +119,37 @@ static int kpasswd_sendto_msg_callback(struct conn_state *conn, void *callback_c
     addrlen = sizeof(local_addr);
 
     if (getsockname(conn->fd, ss2sa(&local_addr), &addrlen) < 0) {
-	code = SOCKET_ERRNO;
-	goto cleanup;
+        code = SOCKET_ERRNO;
+        goto cleanup;
     }
 
     /* some brain-dead OS's don't return useful information from
      * the getsockname call.  Namely, windows and solaris.  */
 
     if (ss2sin(&local_addr)->sin_addr.s_addr != 0) {
-	local_kaddr.addrtype = ADDRTYPE_INET;
-	local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr);
-	local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr;
+        local_kaddr.addrtype = ADDRTYPE_INET;
+        local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr);
+        local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr;
     } else {
-	krb5_address **addrs;
-
-	code = krb5_os_localaddr(ctx->context, &addrs);
-	if (code)
-	    goto cleanup;
-
-	local_kaddr.magic = addrs[0]->magic;
-	local_kaddr.addrtype = addrs[0]->addrtype;
-	local_kaddr.length = addrs[0]->length;
-	local_kaddr.contents = malloc(addrs[0]->length);
-	if (local_kaddr.contents == NULL && addrs[0]->length != 0) {
-	    code = ENOMEM;
-	    krb5_free_addresses(ctx->context, addrs);
-	    goto cleanup;
-	}
-	if (addrs[0]->length)
-	    memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
-
-	krb5_free_addresses(ctx->context, addrs);
+        krb5_address **addrs;
+
+        code = krb5_os_localaddr(ctx->context, &addrs);
+        if (code)
+            goto cleanup;
+
+        local_kaddr.magic = addrs[0]->magic;
+        local_kaddr.addrtype = addrs[0]->addrtype;
+        local_kaddr.length = addrs[0]->length;
+        local_kaddr.contents = malloc(addrs[0]->length);
+        if (local_kaddr.contents == NULL && addrs[0]->length != 0) {
+            code = ENOMEM;
+            krb5_free_addresses(ctx->context, addrs);
+            goto cleanup;
+        }
+        if (addrs[0]->length)
+            memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length);
+
+        krb5_free_addresses(ctx->context, addrs);
     }
 
 
@@ -159,27 +160,27 @@ static int kpasswd_sendto_msg_callback(struct conn_state *conn, void *callback_c
 
 
     if ((code = krb5_auth_con_setaddrs(ctx->context, ctx->auth_context,
-				       &local_kaddr, NULL))) 
-	goto cleanup;
+                                       &local_kaddr, NULL)))
+        goto cleanup;
 
     ctx->auth_context->remote_seq_number = ctx->remote_seq_num;
     ctx->auth_context->local_seq_number = ctx->local_seq_num;
 
     if (ctx->set_password_for)
-	code = krb5int_mk_setpw_req(ctx->context, 
-				    ctx->auth_context, 
-				    &ctx->ap_req, 
-				    ctx->set_password_for, 
-				    ctx->newpw, 
-				    &output);
+        code = krb5int_mk_setpw_req(ctx->context,
+                                    ctx->auth_context,
+                                    &ctx->ap_req,
+                                    ctx->set_password_for,
+                                    ctx->newpw,
+                                    &output);
     else
-	code = krb5int_mk_chpw_req(ctx->context, 
-				   ctx->auth_context, 
-				   &ctx->ap_req,
-				   ctx->newpw, 
-				   &output);
+        code = krb5int_mk_chpw_req(ctx->context,
+                                   ctx->auth_context,
+                                   &ctx->ap_req,
+                                   ctx->newpw,
+                                   &output);
     if (code)
-	goto cleanup;
+        goto cleanup;
 
     message->length = output.length;
     message->data = output.data;
@@ -191,28 +192,28 @@ cleanup:
 
 /*
 ** The logic for setting and changing a password is mostly the same
-** krb5_change_set_password handles both cases 
-**	if set_password_for is NULL, then a password change is performed,
+** krb5_change_set_password handles both cases
+**      if set_password_for is NULL, then a password change is performed,
 **  otherwise, the password is set for the principal indicated in set_password_for
 */
 static krb5_error_code KRB5_CALLCONV
 krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw,
-			 krb5_principal set_password_for,
-			 int *result_code, krb5_data *result_code_string,
-			 krb5_data *result_string)
+                         krb5_principal set_password_for,
+                         int *result_code, krb5_data *result_code_string,
+                         krb5_data *result_string)
 {
-    krb5_data 			chpw_rep;
-    krb5_address 		remote_kaddr;
-    krb5_boolean		useTcp = 0;
-    GETSOCKNAME_ARG3_TYPE 	addrlen;
-    krb5_error_code 		code = 0;
-    char 			*code_string;
-    int				local_result_code;
-    
+    krb5_data                   chpw_rep;
+    krb5_address                remote_kaddr;
+    krb5_boolean                useTcp = 0;
+    GETSOCKNAME_ARG3_TYPE       addrlen;
+    krb5_error_code             code = 0;
+    char                        *code_string;
+    int                         local_result_code;
+
     struct sendto_callback_context  callback_ctx;
-    struct sendto_callback_info	callback_info;
-    struct sockaddr_storage	remote_addr;
-    struct addrlist 		al = ADDRLIST_INIT;
+    struct sendto_callback_info callback_info;
+    struct sockaddr_storage     remote_addr;
+    struct addrlist             al = ADDRLIST_INIT;
 
     memset(&chpw_rep, 0, sizeof(krb5_data));
     memset( &callback_ctx, 0, sizeof(struct sendto_callback_context));
@@ -220,123 +221,123 @@ krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw,
     callback_ctx.newpw = newpw;
     callback_ctx.set_password_for = set_password_for;
 
-    if ((code = krb5_auth_con_init(callback_ctx.context, 
-				   &callback_ctx.auth_context)))
-	goto cleanup;
+    if ((code = krb5_auth_con_init(callback_ctx.context,
+                                   &callback_ctx.auth_context)))
+        goto cleanup;
 
-    if ((code = krb5_mk_req_extended(callback_ctx.context, 
-				     &callback_ctx.auth_context,
-				     AP_OPTS_USE_SUBKEY,
-				     NULL, 
-				     creds, 
-				     &callback_ctx.ap_req)))
-	goto cleanup;
+    if ((code = krb5_mk_req_extended(callback_ctx.context,
+                                     &callback_ctx.auth_context,
+                                     AP_OPTS_USE_SUBKEY,
+                                     NULL,
+                                     creds,
+                                     &callback_ctx.ap_req)))
+        goto cleanup;
 
     callback_ctx.remote_seq_num = callback_ctx.auth_context->remote_seq_number;
     callback_ctx.local_seq_num = callback_ctx.auth_context->local_seq_number;
 
     do {
-	if ((code = krb5_locate_kpasswd(callback_ctx.context,
-					krb5_princ_realm(callback_ctx.context,
-							 creds->server),
-					&al, useTcp)))
-	    break;
-
-	addrlen = sizeof(remote_addr);
-
-	callback_info.context = (void*) &callback_ctx;
-	callback_info.pfn_callback = kpasswd_sendto_msg_callback;
-	callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
-
-	if ((code = krb5int_sendto(callback_ctx.context, 
-				   NULL, 
-				   &al, 
-				   &callback_info,
-				   &chpw_rep,
-				   NULL,
-				   NULL,
-				   ss2sa(&remote_addr),
+        if ((code = krb5_locate_kpasswd(callback_ctx.context,
+                                        krb5_princ_realm(callback_ctx.context,
+                                                         creds->server),
+                                        &al, useTcp)))
+            break;
+
+        addrlen = sizeof(remote_addr);
+
+        callback_info.context = (void*) &callback_ctx;
+        callback_info.pfn_callback = kpasswd_sendto_msg_callback;
+        callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
+
+        if ((code = krb5int_sendto(callback_ctx.context,
+                                   NULL,
+                                   &al,
+                                   &callback_info,
+                                   &chpw_rep,
+                                   NULL,
+                                   NULL,
+                                   ss2sa(&remote_addr),
                                    &addrlen,
-				   NULL,
-				   NULL,
-				   NULL
-		 ))) {
-
-	    /*
-	     * Here we may want to switch to TCP on some errors.
-	     * right?
-	     */
-	    break;
-	}
-
-	remote_kaddr.addrtype = ADDRTYPE_INET;
-	remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
-	remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
-
-	if ((code = krb5_auth_con_setaddrs(callback_ctx.context,  
-					   callback_ctx.auth_context,  
-					   NULL, 
-					   &remote_kaddr)))
-	    break;
-
-	if (set_password_for)
-	    code = krb5int_rd_setpw_rep(callback_ctx.context, 
-					callback_ctx.auth_context, 
-					&chpw_rep, 
-					&local_result_code, 
-					result_string);
-	else
-	    code = krb5int_rd_chpw_rep(callback_ctx.context, 
-				       callback_ctx.auth_context, 
-				       &chpw_rep, 
-				       &local_result_code, 
-				       result_string);
-
-	if (code) {
-	    if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
-		krb5int_free_addrlist (&al);
-		useTcp = 1;
-		continue;
-	    }
-
-	    break;
-	}
-
-	if (result_code)
-	    *result_code = local_result_code;
-	
-	if (result_code_string) {
-	    if (set_password_for)
-		code = krb5int_setpw_result_code_string(callback_ctx.context, 
-							local_result_code, 
-							(const char **)&code_string);
-	    else
-		code = krb5_chpw_result_code_string(callback_ctx.context, 
-						    local_result_code, 
-						    &code_string);
-	    if(code)
-		goto cleanup;
-
-	    result_code_string->length = strlen(code_string);
-	    result_code_string->data = malloc(result_code_string->length);
-	    if (result_code_string->data == NULL) {
-		code = ENOMEM;
-		goto cleanup;
-	    }
-	    strncpy(result_code_string->data, code_string, result_code_string->length);
-	}
-
-	if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
-	    krb5int_free_addrlist (&al);
-	    useTcp = 1;
+                                   NULL,
+                                   NULL,
+                                   NULL
+             ))) {
+
+            /*
+             * Here we may want to switch to TCP on some errors.
+             * right?
+             */
+            break;
+        }
+
+        remote_kaddr.addrtype = ADDRTYPE_INET;
+        remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
+        remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
+
+        if ((code = krb5_auth_con_setaddrs(callback_ctx.context,
+                                           callback_ctx.auth_context,
+                                           NULL,
+                                           &remote_kaddr)))
+            break;
+
+        if (set_password_for)
+            code = krb5int_rd_setpw_rep(callback_ctx.context,
+                                        callback_ctx.auth_context,
+                                        &chpw_rep,
+                                        &local_result_code,
+                                        result_string);
+        else
+            code = krb5int_rd_chpw_rep(callback_ctx.context,
+                                       callback_ctx.auth_context,
+                                       &chpw_rep,
+                                       &local_result_code,
+                                       result_string);
+
+        if (code) {
+            if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
+                krb5int_free_addrlist (&al);
+                useTcp = 1;
+                continue;
+            }
+
+            break;
+        }
+
+        if (result_code)
+            *result_code = local_result_code;
+
+        if (result_code_string) {
+            if (set_password_for)
+                code = krb5int_setpw_result_code_string(callback_ctx.context,
+                                                        local_result_code,
+                                                        (const char **)&code_string);
+            else
+                code = krb5_chpw_result_code_string(callback_ctx.context,
+                                                    local_result_code,
+                                                    &code_string);
+            if(code)
+                goto cleanup;
+
+            result_code_string->length = strlen(code_string);
+            result_code_string->data = malloc(result_code_string->length);
+            if (result_code_string->data == NULL) {
+                code = ENOMEM;
+                goto cleanup;
+            }
+            strncpy(result_code_string->data, code_string, result_code_string->length);
+        }
+
+        if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
+            krb5int_free_addrlist (&al);
+            useTcp = 1;
         } else {
-	    break;
-	} 
+            break;
+        }
     } while (TRUE);
 
 cleanup:
     if (callback_ctx.auth_context != NULL)
-	krb5_auth_con_free(callback_ctx.context, callback_ctx.auth_context);
+        krb5_auth_con_free(callback_ctx.context, callback_ctx.auth_context);
 
     krb5int_free_addrlist (&al);
     krb5_free_data_contents(callback_ctx.context, &callback_ctx.ap_req);
@@ -348,8 +349,8 @@ cleanup:
 krb5_error_code KRB5_CALLCONV
 krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string)
 {
-	return krb5_change_set_password(
-		context, creds, newpw, NULL, result_code, result_code_string, result_string );
+    return krb5_change_set_password(
+        context, creds, newpw, NULL, result_code, result_code_string, result_string );
 }
 
 /*
@@ -359,29 +360,29 @@ krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *
 
 krb5_error_code KRB5_CALLCONV
 krb5_set_password(
-	krb5_context context,
-	krb5_creds *creds,
-	char *newpw,
-	krb5_principal change_password_for,
-	int *result_code, krb5_data *result_code_string, krb5_data *result_string
-	)
+    krb5_context context,
+    krb5_creds *creds,
+    char *newpw,
+    krb5_principal change_password_for,
+    int *result_code, krb5_data *result_code_string, krb5_data *result_string
+)
 {
-	return krb5_change_set_password(
-		context, creds, newpw, change_password_for, result_code, result_code_string, result_string );
+    return krb5_change_set_password(
+        context, creds, newpw, change_password_for, result_code, result_code_string, result_string );
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_set_password_using_ccache(
-	krb5_context context,
-	krb5_ccache ccache,
-	char *newpw,
-	krb5_principal change_password_for,
-	int *result_code, krb5_data *result_code_string, krb5_data *result_string
-	)
+    krb5_context context,
+    krb5_ccache ccache,
+    char *newpw,
+    krb5_principal change_password_for,
+    int *result_code, krb5_data *result_code_string, krb5_data *result_string
+)
 {
-    krb5_creds		creds;
-    krb5_creds		*credsp;
-    krb5_error_code	code;
+    krb5_creds          creds;
+    krb5_creds          *credsp;
+    krb5_error_code     code;
 
     /*
     ** get the proper creds for use with krb5_set_password -
@@ -392,20 +393,20 @@ krb5_set_password_using_ccache(
     */
     code = krb5_cc_get_principal (context, ccache, &creds.client);
     if (!code) {
-	code = krb5_build_principal(context, &creds.server, 
-				    krb5_princ_realm(context, change_password_for)->length,
-				    krb5_princ_realm(context, change_password_for)->data,
-				    "kadmin", "changepw", NULL);
-	if (!code) {
-	    code = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
-	    if (!code) {
-		code = krb5_set_password(context, credsp, newpw, change_password_for,
-					 result_code, result_code_string,
-					 result_string);
-		krb5_free_creds(context, credsp);
-	    }
-	}
-	krb5_free_cred_contents(context, &creds);
+        code = krb5_build_principal(context, &creds.server,
+                                    krb5_princ_realm(context, change_password_for)->length,
+                                    krb5_princ_realm(context, change_password_for)->data,
+                                    "kadmin", "changepw", NULL);
+        if (!code) {
+            code = krb5_get_credentials(context, 0, ccache, &creds, &credsp);
+            if (!code) {
+                code = krb5_set_password(context, credsp, newpw, change_password_for,
+                                         result_code, result_code_string,
+                                         result_string);
+                krb5_free_creds(context, credsp);
+            }
+        }
+        krb5_free_cred_contents(context, &creds);
     }
     return code;
 }
diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c
index 998e555d1..5b6f88d7e 100644
--- a/src/lib/krb5/os/def_realm.c
+++ b/src/lib/krb5/os/def_realm.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/def_realm.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_get_default_realm(), krb5_set_default_realm(),
  * krb5_free_default_realm() functions.
@@ -32,7 +33,7 @@
 #include "os-proto.h"
 #include <stdio.h>
 
-#ifdef KRB5_DNS_LOOKUP             
+#ifdef KRB5_DNS_LOOKUP
 #ifdef WSHELPER
 #include <wshelper.h>
 #else /* WSHELPER */
@@ -58,9 +59,9 @@
  * Retrieves the default realm to be used if no user-specified realm is
  *  available.  [e.g. to interpret a user-typed principal name with the
  *  realm omitted for convenience]
- * 
+ *
  *  returns system errors, NOT_ENOUGH_SPACE, KV5M_CONTEXT
-*/
+ */
 
 /*
  * Implementation:  the default realm is stored in a configuration file,
@@ -74,8 +75,8 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
     char *realm = 0;
     krb5_error_code retval;
 
-    if (!context || (context->magic != KV5M_CONTEXT)) 
-            return KV5M_CONTEXT;
+    if (!context || (context->magic != KV5M_CONTEXT))
+        return KV5M_CONTEXT;
 
     if (!context->default_realm) {
         /*
@@ -98,7 +99,7 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
             }
         }
 #ifndef KRB5_DNS_LOOKUP
-        else 
+        else
             return KRB5_CONFIG_CANTOPEN;
 #else /* KRB5_DNS_LOOKUP */
         if (context->default_realm == 0) {
@@ -121,7 +122,7 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
                 if ( localhost[0] ) {
                     p = localhost;
                     do {
-                        retval = krb5_try_realm_txt_rr("_kerberos", p, 
+                        retval = krb5_try_realm_txt_rr("_kerberos", p,
                                                        &context->default_realm);
                         p = strchr(p,'.');
                         if (p)
@@ -129,10 +130,10 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
                     } while (retval && p && p[0]);
 
                     if (retval)
-                        retval = krb5_try_realm_txt_rr("_kerberos", "", 
+                        retval = krb5_try_realm_txt_rr("_kerberos", "",
                                                        &context->default_realm);
                 } else {
-                    retval = krb5_try_realm_txt_rr("_kerberos", "", 
+                    retval = krb5_try_realm_txt_rr("_kerberos", "",
                                                    &context->default_realm);
                 }
                 if (retval) {
@@ -152,7 +153,7 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
     }
 
     realm = context->default_realm;
-    
+
     if (!(*lrealm = strdup(realm)))
         return ENOMEM;
     return(0);
@@ -161,22 +162,22 @@ krb5_get_default_realm(krb5_context context, char **lrealm)
 krb5_error_code KRB5_CALLCONV
 krb5_set_default_realm(krb5_context context, const char *lrealm)
 {
-    if (!context || (context->magic != KV5M_CONTEXT)) 
-            return KV5M_CONTEXT;
+    if (!context || (context->magic != KV5M_CONTEXT))
+        return KV5M_CONTEXT;
 
     if (context->default_realm) {
-            free(context->default_realm);
-            context->default_realm = 0;
+        free(context->default_realm);
+        context->default_realm = 0;
     }
 
-    /* Allow the user to clear the default realm setting by passing in 
+    /* Allow the user to clear the default realm setting by passing in
        NULL */
     if (!lrealm) return 0;
 
     context->default_realm = strdup(lrealm);
 
     if (!context->default_realm)
-            return ENOMEM;
+        return ENOMEM;
 
     return(0);
 
@@ -201,10 +202,10 @@ krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char **
     if (retval)
         return retval;
     /*
-       Search for the best match for the host or domain.
-       Example: Given a host a.b.c.d, try to match on:
-         1) a.b.c.d  2) .b.c.d.   3) b.c.d  4)  .c.d  5) c.d  6) .d   7) d
-     */
+      Search for the best match for the host or domain.
+      Example: Given a host a.b.c.d, try to match on:
+      1) a.b.c.d  2) .b.c.d.   3) b.c.d  4)  .c.d  5) c.d  6) .d   7) d
+    */
 
     cp = temp_host;
     realm = (char *)NULL;
@@ -216,7 +217,7 @@ krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char **
             return retval;
         if (temp_realm != (char *)NULL)
             break;        /* Match found */
- 
+
         /* Setup for another test */
         if (*cp == '.') {
             cp++;
@@ -244,4 +245,3 @@ krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char **
     *realmsp = retrealms;
     return 0;
 }
-
diff --git a/src/lib/krb5/os/dnsglue.c b/src/lib/krb5/os/dnsglue.c
index 55e1cd912..f07f8211c 100644
--- a/src/lib/krb5/os/dnsglue.c
+++ b/src/lib/krb5/os/dnsglue.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/dnsglue.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 #include "autoconf.h"
 #ifdef KRB5_DNS_LOOKUP
@@ -72,7 +73,7 @@ static int initparse(struct krb5int_dns_state *);
  */
 int
 krb5int_dns_init(struct krb5int_dns_state **dsp,
-		 char *host, int nclass, int ntype)
+                 char *host, int nclass, int ntype)
 {
 #if USE_RES_NINIT
     struct __res_state statbuf;
@@ -84,7 +85,7 @@ krb5int_dns_init(struct krb5int_dns_state **dsp,
 
     *dsp = ds = malloc(sizeof(*ds));
     if (ds == NULL)
-	return -1;
+        return -1;
 
     ret = -1;
     ds->nclass = nclass;
@@ -106,36 +107,36 @@ krb5int_dns_init(struct krb5int_dns_state **dsp,
     ret = res_init();
 #endif
     if (ret < 0)
-	return -1;
+        return -1;
 
     do {
-	p = (ds->ansp == NULL)
-	    ? malloc(nextincr) : realloc(ds->ansp, nextincr);
+        p = (ds->ansp == NULL)
+            ? malloc(nextincr) : realloc(ds->ansp, nextincr);
 
-	if (p == NULL) {
-	    ret = -1;
-	    goto errout;
-	}
-	ds->ansp = p;
-	ds->ansmax = nextincr;
+        if (p == NULL) {
+            ret = -1;
+            goto errout;
+        }
+        ds->ansp = p;
+        ds->ansmax = nextincr;
 
 #if USE_RES_NINIT
-	len = res_nsearch(&statbuf, host, ds->nclass, ds->ntype,
-			  ds->ansp, ds->ansmax);
+        len = res_nsearch(&statbuf, host, ds->nclass, ds->ntype,
+                          ds->ansp, ds->ansmax);
 #else
-	len = res_search(host, ds->nclass, ds->ntype,
-			 ds->ansp, ds->ansmax);
+        len = res_search(host, ds->nclass, ds->ntype,
+                         ds->ansp, ds->ansmax);
 #endif
-	if (len > maxincr) {
-	    ret = -1;
-	    goto errout;
-	}
-	while (nextincr < len)
-	    nextincr *= 2;
-	if (len < 0 || nextincr > maxincr) {
-	    ret = -1;
-	    goto errout;
-	}
+        if (len > maxincr) {
+            ret = -1;
+            goto errout;
+        }
+        while (nextincr < len)
+            nextincr *= 2;
+        if (len < 0 || nextincr > maxincr) {
+            ret = -1;
+            goto errout;
+        }
     } while (len > ds->ansmax);
 
     ds->anslen = len;
@@ -145,7 +146,7 @@ krb5int_dns_init(struct krb5int_dns_state **dsp,
     ret = initparse(ds);
 #endif
     if (ret < 0)
-	goto errout;
+        goto errout;
 
     ret = 0;
 
@@ -154,10 +155,10 @@ errout:
     res_ndestroy(&statbuf);
 #endif
     if (ret < 0) {
-	if (ds->ansp != NULL) {
-	    free(ds->ansp);
-	    ds->ansp = NULL;
-	}
+        if (ds->ansp != NULL) {
+            free(ds->ansp);
+            ds->ansp = NULL;
+        }
     }
 
     return ret;
@@ -172,7 +173,7 @@ errout:
  */
 int
 krb5int_dns_nextans(struct krb5int_dns_state *ds,
-		    const unsigned char **pp, int *lenp)
+                    const unsigned char **pp, int *lenp)
 {
     int len;
     ns_rr rr;
@@ -180,16 +181,16 @@ krb5int_dns_nextans(struct krb5int_dns_state *ds,
     *pp = NULL;
     *lenp = 0;
     while (ds->cur_ans < ns_msg_count(ds->msg, ns_s_an)) {
-	len = ns_parserr(&ds->msg, ns_s_an, ds->cur_ans, &rr);
-	if (len < 0)
-	    return -1;
-	ds->cur_ans++;
-	if (ds->nclass == ns_rr_class(rr)
-	    && ds->ntype == ns_rr_type(rr)) {
-	    *pp = ns_rr_rdata(rr);
-	    *lenp = ns_rr_rdlen(rr);
-	    return 0;
-	}
+        len = ns_parserr(&ds->msg, ns_s_an, ds->cur_ans, &rr);
+        if (len < 0)
+            return -1;
+        ds->cur_ans++;
+        if (ds->nclass == ns_rr_class(rr)
+            && ds->ntype == ns_rr_type(rr)) {
+            *pp = ns_rr_rdata(rr);
+            *lenp = ns_rr_rdlen(rr);
+            return 0;
+        }
     }
     return 0;
 }
@@ -199,18 +200,18 @@ krb5int_dns_nextans(struct krb5int_dns_state *ds,
  * krb5int_dns_expand - wrapper for dn_expand()
  */
 int krb5int_dns_expand(struct krb5int_dns_state *ds,
-		       const unsigned char *p,
-		       char *buf, int len)
+                       const unsigned char *p,
+                       char *buf, int len)
 {
 
 #if HAVE_NS_NAME_UNCOMPRESS
     return ns_name_uncompress(ds->ansp,
-			      (unsigned char *)ds->ansp + ds->anslen,
-			      p, buf, (size_t)len);
+                              (unsigned char *)ds->ansp + ds->anslen,
+                              p, buf, (size_t)len);
 #else
     return dn_expand(ds->ansp,
-		     (unsigned char *)ds->ansp + ds->anslen,
-		     p, buf, len);
+                     (unsigned char *)ds->ansp + ds->anslen,
+                     p, buf, len);
 #endif
 }
 
@@ -221,9 +222,9 @@ void
 krb5int_dns_fini(struct krb5int_dns_state *ds)
 {
     if (ds == NULL)
-	return;
+        return;
     if (ds->ansp != NULL)
-	free(ds->ansp);
+        free(ds->ansp);
     free(ds);
 }
 
@@ -251,7 +252,7 @@ initparse(struct krb5int_dns_state *ds)
 #endif
 
     if (ds->anslen < sizeof(HEADER))
-	return -1;
+        return -1;
 
     hdr = (HEADER *)ds->ansp;
     p = ds->ansp;
@@ -264,14 +265,14 @@ initparse(struct krb5int_dns_state *ds)
      */
     while (nqueries--) {
 #if HAVE_DN_SKIPNAME
-	len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen);
+        len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen);
 #else
-	len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen,
-			p, host, sizeof(host));
+        len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen,
+                        p, host, sizeof(host));
 #endif
-	if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len + 4))
-	    return -1;
-	p += len + 4;
+        if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len + 4))
+            return -1;
+        p += len + 4;
     }
     ds->ptr = p;
     ds->nanswers = nanswers;
@@ -285,7 +286,7 @@ initparse(struct krb5int_dns_state *ds)
  */
 int
 krb5int_dns_nextans(struct krb5int_dns_state *ds,
-		    const unsigned char **pp, int *lenp)
+                    const unsigned char **pp, int *lenp)
 {
     int len;
     unsigned char *p;
@@ -300,30 +301,30 @@ krb5int_dns_nextans(struct krb5int_dns_state *ds,
 
     while (ds->nanswers--) {
 #if HAVE_DN_SKIPNAME
-	len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen);
+        len = dn_skipname(p, (unsigned char *)ds->ansp + ds->anslen);
 #else
-	len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen,
-			p, host, sizeof(host));
+        len = dn_expand(ds->ansp, (unsigned char *)ds->ansp + ds->anslen,
+                        p, host, sizeof(host));
 #endif
-	if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len))
-	    return -1;
-	p += len;
-	SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, ntype, out);
-	/* Also skip 4 bytes of TTL */
-	SAFE_GETUINT16(ds->ansp, ds->anslen, p, 6, nclass, out);
-	SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, rdlen, out);
-
-	if (!INCR_OK(ds->ansp, ds->anslen, p, rdlen))
-	    return -1;
-	if (rdlen > INT_MAX)
-	    return -1;
-	if (nclass == ds->nclass && ntype == ds->ntype) {
-	    *pp = p;
-	    *lenp = rdlen;
-	    ds->ptr = p + rdlen;
-	    return 0;
-	}
-	p += rdlen;
+        if (len < 0 || !INCR_OK(ds->ansp, ds->anslen, p, len))
+            return -1;
+        p += len;
+        SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, ntype, out);
+        /* Also skip 4 bytes of TTL */
+        SAFE_GETUINT16(ds->ansp, ds->anslen, p, 6, nclass, out);
+        SAFE_GETUINT16(ds->ansp, ds->anslen, p, 2, rdlen, out);
+
+        if (!INCR_OK(ds->ansp, ds->anslen, p, rdlen))
+            return -1;
+        if (rdlen > INT_MAX)
+            return -1;
+        if (nclass == ds->nclass && ntype == ds->ntype) {
+            *pp = p;
+            *lenp = rdlen;
+            ds->ptr = p + rdlen;
+            return 0;
+        }
+        p += rdlen;
     }
     return 0;
 out:
diff --git a/src/lib/krb5/os/dnsglue.h b/src/lib/krb5/os/dnsglue.h
index c73a43305..d8298862a 100644
--- a/src/lib/krb5/os/dnsglue.h
+++ b/src/lib/krb5/os/dnsglue.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/dnsglue.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -59,11 +60,11 @@
 #endif /* WSHELPER */
 
 #if HAVE_SYS_PARAM_H
-#include <sys/param.h>		/* for MAXHOSTNAMELEN */
+#include <sys/param.h>          /* for MAXHOSTNAMELEN */
 #endif
 
 #ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64	/* if we can't find it elswhere */
+#define MAXHOSTNAMELEN 64       /* if we can't find it elswhere */
 #endif
 
 #ifndef MAXDNAME
@@ -124,9 +125,9 @@
  * Given moving pointer PTR offset from BASE, return true if adding
  * INCR to PTR doesn't move it PTR than MAX bytes from BASE.
  */
-#define INCR_OK(base, max, ptr, incr)				\
-    ((incr) <= (max) - ((const unsigned char *)(ptr)		\
-			- (const unsigned char *)(base)))
+#define INCR_OK(base, max, ptr, incr)                           \
+    ((incr) <= (max) - ((const unsigned char *)(ptr)            \
+                        - (const unsigned char *)(base)))
 
 /*
  * SAFE_GETUINT16
@@ -136,21 +137,21 @@
  * failure, goto LABEL.
  */
 
-#define SAFE_GETUINT16(base, max, ptr, incr, s, label)	\
-    do {						\
-	if (!INCR_OK(base, max, ptr, incr)) goto label;	\
-	(s) = (unsigned short)(p)[0] << 8		\
-	    | (unsigned short)(p)[1];			\
-	(p) += (incr);					\
+#define SAFE_GETUINT16(base, max, ptr, incr, s, label)  \
+    do {                                                \
+        if (!INCR_OK(base, max, ptr, incr)) goto label; \
+        (s) = (unsigned short)(p)[0] << 8               \
+            | (unsigned short)(p)[1];                   \
+        (p) += (incr);                                  \
     } while (0)
 
 struct krb5int_dns_state;
 
 int krb5int_dns_init(struct krb5int_dns_state **, char *, int, int);
 int krb5int_dns_nextans(struct krb5int_dns_state *,
-			const unsigned char **, int *);
+                        const unsigned char **, int *);
 int krb5int_dns_expand(struct krb5int_dns_state *,
-		       const unsigned char *, char *, int);
+                       const unsigned char *, char *, int);
 void krb5int_dns_fini(struct krb5int_dns_state *);
 
 #endif /* KRB5_DNS_LOOKUP */
diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c
index 4dcd57cb8..31239f414 100644
--- a/src/lib/krb5/os/dnssrv.c
+++ b/src/lib/krb5/os/dnssrv.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/dnssrv.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * do DNS SRV RR queries
  */
@@ -40,10 +41,10 @@ void krb5int_free_srv_dns_data (struct srv_dns_entry *p)
 {
     struct srv_dns_entry *next;
     while (p) {
-	next = p->next;
-	free(p->host);
-	free(p);
-	p = next;
+        next = p->next;
+        free(p->host);
+        free(p);
+        p = next;
     }
 }
 
@@ -55,9 +56,9 @@ void krb5int_free_srv_dns_data (struct srv_dns_entry *p)
 
 krb5_error_code
 krb5int_make_srv_query_realm(const krb5_data *realm,
-			     const char *service,
-			     const char *protocol,
-			     struct srv_dns_entry **answers)
+                             const char *service,
+                             const char *protocol,
+                             struct srv_dns_entry **answers)
 {
     const unsigned char *p = NULL, *base = NULL;
     char host[MAXDNAME];
@@ -81,7 +82,7 @@ krb5int_make_srv_query_realm(const krb5_data *realm,
      */
 
     if (memchr(realm->data, 0, realm->length))
-	return 0;
+        return 0;
     krb5int_buf_init_fixed(&buf, host, sizeof(host));
     krb5int_buf_add_fmt(&buf, "%s.%s.", service, protocol);
     krb5int_buf_add_len(&buf, realm->data, realm->length);
@@ -89,7 +90,7 @@ krb5int_make_srv_query_realm(const krb5_data *realm,
     /* Realm names don't (normally) end with ".", but if the query
        doesn't end with "." and doesn't get an answer as is, the
        resolv code will try appending the local domain.  Since the
-       realm names are absolutes, let's stop that.  
+       realm names are absolutes, let's stop that.
 
        But only if a name has been specified.  If we are performing
        a search on the prefix alone then the intention is to allow
@@ -97,10 +98,10 @@ krb5int_make_srv_query_realm(const krb5_data *realm,
 
     len = krb5int_buf_len(&buf);
     if (len > 0 && host[len - 1] != '.')
-	krb5int_buf_add(&buf, ".");
+        krb5int_buf_add(&buf, ".");
 
     if (krb5int_buf_data(&buf) == NULL)
-	return 0;
+        return 0;
 
 #ifdef TEST
     fprintf (stderr, "sending DNS SRV query for %s\n", host);
@@ -108,75 +109,75 @@ krb5int_make_srv_query_realm(const krb5_data *realm,
 
     size = krb5int_dns_init(&ds, host, C_IN, T_SRV);
     if (size < 0)
-	goto out;
+        goto out;
 
     for (;;) {
-	ret = krb5int_dns_nextans(ds, &base, &rdlen);
-	if (ret < 0 || base == NULL)
-	    goto out;
-
-	p = base;
-
-	SAFE_GETUINT16(base, rdlen, p, 2, priority, out);
-	SAFE_GETUINT16(base, rdlen, p, 2, weight, out);
-	SAFE_GETUINT16(base, rdlen, p, 2, port, out);
-
-	/*
-	 * RFC 2782 says the target is never compressed in the reply;
-	 * do we believe that?  We need to flatten it anyway, though.
-	 */
-	nlen = krb5int_dns_expand(ds, p, host, sizeof(host));
-	if (nlen < 0 || !INCR_OK(base, rdlen, p, nlen))
-	    goto out;
-
-	/*
-	 * We got everything!  Insert it into our list, but make sure
-	 * it's in the right order.  Right now we don't do anything
-	 * with the weight field
-	 */
-
-	srv = (struct srv_dns_entry *) malloc(sizeof(struct srv_dns_entry));
-	if (srv == NULL)
-	    goto out;
-	
-	srv->priority = priority;
-	srv->weight = weight;
-	srv->port = port;
-	/* The returned names are fully qualified.  Don't let the
-	   local resolver code do domain search path stuff.  */
-	if (asprintf(&srv->host, "%s.", host) < 0) {
-	    free(srv);
-	    goto out;
-	}
-
-	if (head == NULL || head->priority > srv->priority) {
-	    srv->next = head;
-	    head = srv;
-	} else {
-	    /*
-	     * This is confusing.  Only insert an entry into this
-	     * spot if:
-	     * The next person has a higher priority (lower priorities
-	     * are preferred).
-	     * Or
-	     * There is no next entry (we're at the end)
-	     */
-	    for (entry = head; entry != NULL; entry = entry->next) {
-		if ((entry->next &&
-		     entry->next->priority > srv->priority) ||
-		    entry->next == NULL) {
-		    srv->next = entry->next;
-		    entry->next = srv;
-		    break;
-		}
-	    }
-	}
+        ret = krb5int_dns_nextans(ds, &base, &rdlen);
+        if (ret < 0 || base == NULL)
+            goto out;
+
+        p = base;
+
+        SAFE_GETUINT16(base, rdlen, p, 2, priority, out);
+        SAFE_GETUINT16(base, rdlen, p, 2, weight, out);
+        SAFE_GETUINT16(base, rdlen, p, 2, port, out);
+
+        /*
+         * RFC 2782 says the target is never compressed in the reply;
+         * do we believe that?  We need to flatten it anyway, though.
+         */
+        nlen = krb5int_dns_expand(ds, p, host, sizeof(host));
+        if (nlen < 0 || !INCR_OK(base, rdlen, p, nlen))
+            goto out;
+
+        /*
+         * We got everything!  Insert it into our list, but make sure
+         * it's in the right order.  Right now we don't do anything
+         * with the weight field
+         */
+
+        srv = (struct srv_dns_entry *) malloc(sizeof(struct srv_dns_entry));
+        if (srv == NULL)
+            goto out;
+
+        srv->priority = priority;
+        srv->weight = weight;
+        srv->port = port;
+        /* The returned names are fully qualified.  Don't let the
+           local resolver code do domain search path stuff.  */
+        if (asprintf(&srv->host, "%s.", host) < 0) {
+            free(srv);
+            goto out;
+        }
+
+        if (head == NULL || head->priority > srv->priority) {
+            srv->next = head;
+            head = srv;
+        } else {
+            /*
+             * This is confusing.  Only insert an entry into this
+             * spot if:
+             * The next person has a higher priority (lower priorities
+             * are preferred).
+             * Or
+             * There is no next entry (we're at the end)
+             */
+            for (entry = head; entry != NULL; entry = entry->next) {
+                if ((entry->next &&
+                     entry->next->priority > srv->priority) ||
+                    entry->next == NULL) {
+                    srv->next = entry->next;
+                    entry->next = srv;
+                    break;
+                }
+            }
+        }
     }
 
 out:
     if (ds != NULL) {
-	krb5int_dns_fini(ds);
-	ds = NULL;
+        krb5int_dns_fini(ds);
+        ds = NULL;
     }
     *answers = head;
     return 0;
diff --git a/src/lib/krb5/os/free_hstrl.c b/src/lib/krb5/os/free_hstrl.c
index 4900fce9b..58222a6df 100644
--- a/src/lib/krb5/os/free_hstrl.c
+++ b/src/lib/krb5/os/free_hstrl.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/free_hstrl.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_free_host_realm()
  */
@@ -31,8 +32,8 @@
 #include <stdio.h>
 
 /*
- Frees the storage taken by a realm list returned by krb5_get_host_realm.
- */
+  Frees the storage taken by a realm list returned by krb5_get_host_realm.
+*/
 
 krb5_error_code KRB5_CALLCONV
 krb5_free_host_realm(krb5_context context, char *const *realmlist)
diff --git a/src/lib/krb5/os/free_krbhs.c b/src/lib/krb5/os/free_krbhs.c
index d7776b46b..ddbbc3bb7 100644
--- a/src/lib/krb5/os/free_krbhs.c
+++ b/src/lib/krb5/os/free_krbhs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/free_krbhs.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_free_krbhst() function
  */
@@ -30,8 +31,8 @@
 #include "k5-int.h"
 
 /*
- Frees the storage taken by a host list returned by krb5_get_krbhst.
- */
+  Frees the storage taken by a host list returned by krb5_get_krbhst.
+*/
 
 krb5_error_code
 krb5_free_krbhst(krb5_context context, char *const *hostlist)
@@ -39,9 +40,9 @@ krb5_free_krbhst(krb5_context context, char *const *hostlist)
     register char * const *cp;
 
     if (hostlist == NULL)
-	return 0;
+        return 0;
     for (cp = hostlist; *cp; cp++)
-	free(*cp);
+        free(*cp);
     free((char *)hostlist);
     return 0;
 }
diff --git a/src/lib/krb5/os/full_ipadr.c b/src/lib/krb5/os/full_ipadr.c
index 795ce1e01..213e4262b 100644
--- a/src/lib/krb5/os/full_ipadr.c
+++ b/src/lib/krb5/os/full_ipadr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/full_ipadr.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Take an IP addr & port and generate a full IP address.
  */
@@ -35,7 +36,7 @@
 
 krb5_error_code
 krb5_make_full_ipaddr(krb5_context context, krb5_int32 adr,
-		      /*krb5_int16*/int port, krb5_address **outaddr)
+                      /*krb5_int16*/int port, krb5_address **outaddr)
 {
     unsigned long smushaddr = (unsigned long) adr; /* already in net order */
     unsigned short smushport = (unsigned short) port; /* ditto */
@@ -45,16 +46,16 @@ krb5_make_full_ipaddr(krb5_context context, krb5_int32 adr,
     krb5_int32 templength;
 
     if (!(retaddr = (krb5_address *)malloc(sizeof(*retaddr)))) {
-	return ENOMEM;
+        return ENOMEM;
     }
     retaddr->magic = KV5M_ADDRESS;
     retaddr->addrtype = ADDRTYPE_ADDRPORT;
     retaddr->length = sizeof(smushaddr)+ sizeof(smushport) +
-	2*sizeof(temptype) + 2*sizeof(templength);
+        2*sizeof(temptype) + 2*sizeof(templength);
 
     if (!(retaddr->contents = (krb5_octet *)malloc(retaddr->length))) {
-	free(retaddr);
-	return ENOMEM;
+        free(retaddr);
+        return ENOMEM;
     }
     marshal = retaddr->contents;
 
diff --git a/src/lib/krb5/os/gen_port.c b/src/lib/krb5/os/gen_port.c
index 681928aa5..a887408a7 100644
--- a/src/lib/krb5/os/gen_port.c
+++ b/src/lib/krb5/os/gen_port.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/gen_port.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Take an IP addr & port and generate a full IP address.
  */
@@ -38,9 +39,9 @@ krb5_gen_portaddr(krb5_context context, const krb5_address *addr, krb5_const_poi
     krb5_int16 port;
 
     if (addr->addrtype != ADDRTYPE_INET)
-	return KRB5_PROG_ATYPE_NOSUPP;
+        return KRB5_PROG_ATYPE_NOSUPP;
     port = *(const krb5_int16 *)ptr;
-    
+
     memcpy(&adr, addr->contents, sizeof(adr));
     return krb5_make_full_ipaddr(context, adr, port, outaddr);
 #else
diff --git a/src/lib/krb5/os/gen_rname.c b/src/lib/krb5/os/gen_rname.c
index a8a07d951..1d87c2bf0 100644
--- a/src/lib/krb5/os/gen_rname.c
+++ b/src/lib/krb5/os/gen_rname.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/gen_rname.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * take a port-style address and unique string, and return
  * a replay cache tag string.
@@ -40,13 +41,13 @@ krb5_gen_replay_name(krb5_context context, const krb5_address *address, const ch
 
     len = strlen(uniq) + (address->length * 2) + 1;
     if ((*string = malloc(len)) == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     snprintf(*string, len, "%s", uniq);
     tmp = *string + strlen(uniq);
     for (i = 0; i < address->length; i++) {
-	snprintf(tmp, len - (tmp-*string), "%.2x", address->contents[i] & 0xff);
-	tmp += 2;
+        snprintf(tmp, len - (tmp-*string), "%.2x", address->contents[i] & 0xff);
+        tmp += 2;
     }
     return 0;
 }
diff --git a/src/lib/krb5/os/genaddrs.c b/src/lib/krb5/os/genaddrs.c
index f3e86a504..d9028e4fb 100644
--- a/src/lib/krb5/os/genaddrs.c
+++ b/src/lib/krb5/os/genaddrs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/genaddrs.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Take an IP addr & port and generate a full IP address.
  */
@@ -38,43 +39,43 @@ struct addrpair {
     krb5_address addr, port;
 };
 
-#define SET(TARG, THING, TYPE) \
-	((TARG).contents = (krb5_octet *) &(THING),	\
-	 (TARG).length = sizeof (THING),		\
-	 (TARG).addrtype = (TYPE))
+#define SET(TARG, THING, TYPE)                  \
+    ((TARG).contents = (krb5_octet *) &(THING), \
+     (TARG).length = sizeof (THING),            \
+     (TARG).addrtype = (TYPE))
 
 static void *cvtaddr (struct sockaddr_storage *a, struct addrpair *ap)
 {
     switch (ss2sa(a)->sa_family) {
     case AF_INET:
-	SET (ap->port, ss2sin(a)->sin_port, ADDRTYPE_IPPORT);
-	SET (ap->addr, ss2sin(a)->sin_addr, ADDRTYPE_INET);
-	return a;
+        SET (ap->port, ss2sin(a)->sin_port, ADDRTYPE_IPPORT);
+        SET (ap->addr, ss2sin(a)->sin_addr, ADDRTYPE_INET);
+        return a;
 #ifdef KRB5_USE_INET6
     case AF_INET6:
-	SET (ap->port, ss2sin6(a)->sin6_port, ADDRTYPE_IPPORT);
-	if (IN6_IS_ADDR_V4MAPPED (&ss2sin6(a)->sin6_addr)) {
-	    ap->addr.addrtype = ADDRTYPE_INET;
-	    ap->addr.contents = 12 + (krb5_octet *) &ss2sin6(a)->sin6_addr;
-	    ap->addr.length = 4;
-	} else
-	    SET (ap->addr, ss2sin6(a)->sin6_addr, ADDRTYPE_INET6);
-	return a;
+        SET (ap->port, ss2sin6(a)->sin6_port, ADDRTYPE_IPPORT);
+        if (IN6_IS_ADDR_V4MAPPED (&ss2sin6(a)->sin6_addr)) {
+            ap->addr.addrtype = ADDRTYPE_INET;
+            ap->addr.contents = 12 + (krb5_octet *) &ss2sin6(a)->sin6_addr;
+            ap->addr.length = 4;
+        } else
+            SET (ap->addr, ss2sin6(a)->sin6_addr, ADDRTYPE_INET6);
+        return a;
 #endif
     default:
-	return 0;
+        return 0;
     }
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, int infd, int flags)
 {
-    krb5_error_code 	  retval;
-    krb5_address	* laddr;
-    krb5_address	* lport;
-    krb5_address	* raddr;
-    krb5_address	* rport;
-    SOCKET		fd = (SOCKET) infd;
+    krb5_error_code       retval;
+    krb5_address        * laddr;
+    krb5_address        * lport;
+    krb5_address        * raddr;
+    krb5_address        * rport;
+    SOCKET              fd = (SOCKET) infd;
     struct addrpair laddrs, raddrs;
 
 #ifdef HAVE_NETINET_IN_H
@@ -83,46 +84,46 @@ krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, int
 
     ssize = sizeof(struct sockaddr_storage);
     if ((flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR) ||
-	(flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR)) {
-    	if ((retval = getsockname(fd, (GETSOCKNAME_ARG2_TYPE *) &lsaddr, 
-				  &ssize)))
-	    return retval;
+        (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR)) {
+        if ((retval = getsockname(fd, (GETSOCKNAME_ARG2_TYPE *) &lsaddr,
+                                  &ssize)))
+            return retval;
 
-	if (cvtaddr (&lsaddr, &laddrs)) {
-	    laddr = &laddrs.addr;
-	    if (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR)
-		lport = &laddrs.port;
-	    else
-		lport = 0;
-	} else
-	    return KRB5_PROG_ATYPE_NOSUPP;
+        if (cvtaddr (&lsaddr, &laddrs)) {
+            laddr = &laddrs.addr;
+            if (flags & KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR)
+                lport = &laddrs.port;
+            else
+                lport = 0;
+        } else
+            return KRB5_PROG_ATYPE_NOSUPP;
     } else {
-	laddr = NULL;
-	lport = NULL;
+        laddr = NULL;
+        lport = NULL;
     }
 
     ssize = sizeof(struct sockaddr_storage);
     if ((flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR) ||
-	(flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR)) {
-        if ((retval = getpeername(fd, (GETPEERNAME_ARG2_TYPE *) &rsaddr, 
-				  &ssize)))
-	    return errno;
+        (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR)) {
+        if ((retval = getpeername(fd, (GETPEERNAME_ARG2_TYPE *) &rsaddr,
+                                  &ssize)))
+            return errno;
 
-	if (cvtaddr (&rsaddr, &raddrs)) {
-	    raddr = &raddrs.addr;
-	    if (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)
-		rport = &raddrs.port;
-	    else
-		rport = 0;
-	} else
-	    return KRB5_PROG_ATYPE_NOSUPP;
+        if (cvtaddr (&rsaddr, &raddrs)) {
+            raddr = &raddrs.addr;
+            if (flags & KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)
+                rport = &raddrs.port;
+            else
+                rport = 0;
+        } else
+            return KRB5_PROG_ATYPE_NOSUPP;
     } else {
-	raddr = NULL;
-	rport = NULL;
+        raddr = NULL;
+        rport = NULL;
     }
 
     if (!(retval = krb5_auth_con_setaddrs(context, auth_context, laddr, raddr)))
-    	return (krb5_auth_con_setports(context, auth_context, lport, rport));
+        return (krb5_auth_con_setports(context, auth_context, lport, rport));
     return retval;
 #else
     return KRB5_PROG_ATYPE_NOSUPP;
diff --git a/src/lib/krb5/os/get_krbhst.c b/src/lib/krb5/os/get_krbhst.c
index 1cac7514c..fe287780c 100644
--- a/src/lib/krb5/os/get_krbhst.c
+++ b/src/lib/krb5/os/get_krbhst.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/get_krbhst.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_get_krbhst() function.
  */
@@ -32,23 +33,23 @@
 #include <ctype.h>
 
 /*
- Figures out the Kerberos server names for the given realm, filling in a
- pointer to an argv[] style list of names, terminated with a null pointer.
- 
- If the realm is unknown, the filled-in pointer is set to NULL.
+  Figures out the Kerberos server names for the given realm, filling in a
+  pointer to an argv[] style list of names, terminated with a null pointer.
 
- The pointer array and strings pointed to are all in allocated storage,
- and should be freed by the caller when finished.
+  If the realm is unknown, the filled-in pointer is set to NULL.
 
- returns system errors
+  The pointer array and strings pointed to are all in allocated storage,
+  and should be freed by the caller when finished.
+
+  returns system errors
 */
 
 /*
  * Implementation:  the server names for given realms are stored in a
- * configuration file, 
+ * configuration file,
  * named by krb5_config_file;  the first token (on the first line) in
  * this file is taken as the default local realm name.
- * 
+ *
  * Each succeeding line has a realm name as the first token, and a server name
  * as a second token.  Additional tokens may be present on the line, but
  * are ignored by this function.
@@ -60,10 +61,10 @@
 krb5_error_code
 krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist)
 {
-    char	**values, **cpp, *cp;
-    const char	*realm_kdc_names[4];
-    krb5_error_code	retval;
-    int	i, count;
+    char        **values, **cpp, *cp;
+    const char  *realm_kdc_names[4];
+    krb5_error_code     retval;
+    int i, count;
     char **rethosts;
 
     rethosts = 0;
@@ -74,30 +75,30 @@ krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist)
     realm_kdc_names[3] = 0;
 
     if (context->profile == 0)
-	return KRB5_CONFIG_CANTOPEN;
+        return KRB5_CONFIG_CANTOPEN;
 
     retval = profile_get_values(context->profile, realm_kdc_names, &values);
     if (retval == PROF_NO_SECTION)
-	return KRB5_REALM_UNKNOWN;
+        return KRB5_REALM_UNKNOWN;
     if (retval == PROF_NO_RELATION)
-	return KRB5_CONFIG_BADFORMAT;
+        return KRB5_CONFIG_BADFORMAT;
     if (retval)
-	return retval;
+        return retval;
 
     /*
      * Do cleanup over the list.  We allow for some extra field to be
      * added to the kdc line later (maybe the port number)
      */
     for (cpp = values; *cpp; cpp++) {
-	cp = strchr(*cpp, ' ');
-	if (cp)
-	    *cp = 0;
-	cp = strchr(*cpp, '\t');
-	if (cp)
-	    *cp = 0;
-	cp = strchr(*cpp, ':');
-	if (cp)
-	    *cp = 0;
+        cp = strchr(*cpp, ' ');
+        if (cp)
+            *cp = 0;
+        cp = strchr(*cpp, '\t');
+        if (cp)
+            *cp = 0;
+        cp = strchr(*cpp, ':');
+        if (cp)
+            *cp = 0;
     }
     count = cpp - values;
     rethosts = malloc(sizeof(char *) * (count + 1));
@@ -106,21 +107,21 @@ krb5_get_krbhst(krb5_context context, const krb5_data *realm, char ***hostlist)
         goto cleanup;
     }
     for (i = 0; i < count; i++) {
-	unsigned int len = strlen (values[i]) + 1;
+        unsigned int len = strlen (values[i]) + 1;
         rethosts[i] = malloc(len);
         if (!rethosts[i]) {
             retval = ENOMEM;
             goto cleanup;
         }
-	memcpy (rethosts[i], values[i], len);
+        memcpy (rethosts[i], values[i], len);
     }
     rethosts[count] = 0;
- cleanup:
+cleanup:
     if (retval && rethosts) {
         for (cpp = rethosts; *cpp; cpp++)
             free(*cpp);
         free(rethosts);
-	rethosts = 0;
+        rethosts = 0;
     }
     profile_free_list(values);
     *hostlist = rethosts;
diff --git a/src/lib/krb5/os/hostaddr.c b/src/lib/krb5/os/hostaddr.c
index eaef09858..2f4c387db 100644
--- a/src/lib/krb5/os/hostaddr.c
+++ b/src/lib/krb5/os/hostaddr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/hostaddr.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * This routine returns a list of krb5 addresses given a hostname.
  *
  */
@@ -34,13 +35,13 @@
 krb5_error_code
 krb5_os_hostaddr(krb5_context context, const char *name, krb5_address ***ret_addrs)
 {
-    krb5_error_code 	retval;
-    krb5_address 	**addrs;
-    int			i, j, r;
+    krb5_error_code     retval;
+    krb5_address        **addrs;
+    int                 i, j, r;
     struct addrinfo hints, *ai, *aip;
 
     if (!name)
-	return KRB5_ERR_BAD_HOSTNAME;
+        return KRB5_ERR_BAD_HOSTNAME;
 
     memset (&hints, 0, sizeof (hints));
     hints.ai_flags = AI_NUMERICHOST;
@@ -52,86 +53,85 @@ krb5_os_hostaddr(krb5_context context, const char *name, krb5_address ***ret_add
 
     r = getaddrinfo (name, 0, &hints, &ai);
     if (r && AI_NUMERICHOST != 0) {
-	hints.ai_flags &= ~AI_NUMERICHOST;
-	r = getaddrinfo (name, 0, &hints, &ai);
+        hints.ai_flags &= ~AI_NUMERICHOST;
+        r = getaddrinfo (name, 0, &hints, &ai);
     }
     if (r)
-	return KRB5_ERR_BAD_HOSTNAME;
+        return KRB5_ERR_BAD_HOSTNAME;
 
     for (i = 0, aip = ai; aip; aip = aip->ai_next) {
-	switch (aip->ai_addr->sa_family) {
-	case AF_INET:
+        switch (aip->ai_addr->sa_family) {
+        case AF_INET:
 #ifdef KRB5_USE_INET6
-	case AF_INET6:
+        case AF_INET6:
 #endif
-	    i++;
-	default:
-	    /* Ignore addresses of unknown families.  */
-	    ;
-	}
+            i++;
+        default:
+            /* Ignore addresses of unknown families.  */
+            ;
+        }
     }
 
     addrs = malloc ((i+1) * sizeof(*addrs));
     if (!addrs)
-	return ENOMEM;
+        return ENOMEM;
 
     for (j = 0; j < i + 1; j++)
-	addrs[j] = 0;
+        addrs[j] = 0;
 
     for (i = 0, aip = ai; aip; aip = aip->ai_next) {
-	void *ptr;
-	size_t addrlen;
-	int atype;
+        void *ptr;
+        size_t addrlen;
+        int atype;
 
-	switch (aip->ai_addr->sa_family) {
-	case AF_INET:
-	    addrlen = sizeof (struct in_addr);
-	    ptr = &((struct sockaddr_in *)aip->ai_addr)->sin_addr;
-	    atype = ADDRTYPE_INET;
-	    break;
+        switch (aip->ai_addr->sa_family) {
+        case AF_INET:
+            addrlen = sizeof (struct in_addr);
+            ptr = &((struct sockaddr_in *)aip->ai_addr)->sin_addr;
+            atype = ADDRTYPE_INET;
+            break;
 #ifdef KRB5_USE_INET6
-	case AF_INET6:
-	    addrlen = sizeof (struct in6_addr);
-	    ptr = &((struct sockaddr_in6 *)aip->ai_addr)->sin6_addr;
-	    atype = ADDRTYPE_INET6;
-	    break;
+        case AF_INET6:
+            addrlen = sizeof (struct in6_addr);
+            ptr = &((struct sockaddr_in6 *)aip->ai_addr)->sin6_addr;
+            atype = ADDRTYPE_INET6;
+            break;
 #endif
-	default:
-	    continue;
-	}
-	addrs[i] = (krb5_address *) malloc(sizeof(krb5_address));
-	if (!addrs[i]) {
-	    retval = ENOMEM;
-	    goto errout;
-	}
-	addrs[i]->magic = KV5M_ADDRESS;
-	addrs[i]->addrtype = atype;
-	addrs[i]->length = addrlen;
-	addrs[i]->contents = malloc(addrs[i]->length);
-	if (!addrs[i]->contents) {
-	    retval = ENOMEM;
-	    goto errout;
-	}
-	memcpy (addrs[i]->contents, ptr, addrs[i]->length);
-	i++;
+        default:
+            continue;
+        }
+        addrs[i] = (krb5_address *) malloc(sizeof(krb5_address));
+        if (!addrs[i]) {
+            retval = ENOMEM;
+            goto errout;
+        }
+        addrs[i]->magic = KV5M_ADDRESS;
+        addrs[i]->addrtype = atype;
+        addrs[i]->length = addrlen;
+        addrs[i]->contents = malloc(addrs[i]->length);
+        if (!addrs[i]->contents) {
+            retval = ENOMEM;
+            goto errout;
+        }
+        memcpy (addrs[i]->contents, ptr, addrs[i]->length);
+        i++;
     }
 
     *ret_addrs = addrs;
     if (ai)
-	freeaddrinfo(ai);
+        freeaddrinfo(ai);
     return 0;
 
 errout:
     if (addrs) {
-	for (i = 0; addrs[i]; i++) {
-	    free (addrs[i]->contents);
-	    free (addrs[i]);
-	}
-	krb5_free_addresses(context, addrs);
+        for (i = 0; addrs[i]; i++) {
+            free (addrs[i]->contents);
+            free (addrs[i]);
+        }
+        krb5_free_addresses(context, addrs);
     }
     if (ai)
-	freeaddrinfo(ai);
+        freeaddrinfo(ai);
     return retval;
-	
-}
 
+}
diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c
index 380e5ea44..208b93223 100644
--- a/src/lib/krb5/os/hst_realm.c
+++ b/src/lib/krb5/os/hst_realm.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/hst_realm.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,25 +23,25 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_get_host_realm()
  */
 
 
 /*
- Figures out the Kerberos realm names for host, filling in a
- pointer to an argv[] style list of names, terminated with a null pointer.
- 
- If host is NULL, the local host's realms are determined.
+  Figures out the Kerberos realm names for host, filling in a
+  pointer to an argv[] style list of names, terminated with a null pointer.
 
- If there are no known realms for the host, the filled-in pointer is set
- to NULL.
+  If host is NULL, the local host's realms are determined.
 
- The pointer array and strings pointed to are all in allocated storage,
- and should be freed by the caller when finished.
+  If there are no known realms for the host, the filled-in pointer is set
+  to NULL.
 
- returns system errors
+  The pointer array and strings pointed to are all in allocated storage,
+  and should be freed by the caller when finished.
+
+  returns system errors
 */
 
 /*
@@ -80,7 +81,7 @@
 
 static krb5_error_code
 domain_heuristic(krb5_context context, const char *domain,
-		 char **realm, int limit);
+                 char **realm, int limit);
 
 #ifdef KRB5_DNS_LOOKUP
 
@@ -105,54 +106,54 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm)
 
     krb5int_buf_init_fixed(&buf, host, sizeof(host));
     if (name == NULL || name[0] == '\0') {
-	krb5int_buf_add(&buf, prefix);
+        krb5int_buf_add(&buf, prefix);
     } else {
-	krb5int_buf_add_fmt(&buf, "%s.%s", prefix, name);
+        krb5int_buf_add_fmt(&buf, "%s.%s", prefix, name);
 
         /* Realm names don't (normally) end with ".", but if the query
            doesn't end with "." and doesn't get an answer as is, the
            resolv code will try appending the local domain.  Since the
-           realm names are absolutes, let's stop that.  
+           realm names are absolutes, let's stop that.
 
            But only if a name has been specified.  If we are performing
            a search on the prefix alone then the intention is to allow
            the local domain or domain search lists to be expanded.
         */
 
-	len = krb5int_buf_len(&buf);
-	if (len > 0 && host[len - 1] != '.')
-	    krb5int_buf_add(&buf, ".");
+        len = krb5int_buf_len(&buf);
+        if (len > 0 && host[len - 1] != '.')
+            krb5int_buf_add(&buf, ".");
     }
     if (krb5int_buf_data(&buf) == NULL)
-	return KRB5_ERR_HOST_REALM_UNKNOWN;
+        return KRB5_ERR_HOST_REALM_UNKNOWN;
     ret = krb5int_dns_init(&ds, host, C_IN, T_TXT);
     if (ret < 0)
-	goto errout;
+        goto errout;
 
     ret = krb5int_dns_nextans(ds, &base, &rdlen);
     if (ret < 0 || base == NULL)
-	goto errout;
+        goto errout;
 
     p = base;
     if (!INCR_OK(base, rdlen, p, 1))
-	goto errout;
+        goto errout;
     len = *p++;
     *realm = malloc((size_t)len + 1);
     if (*realm == NULL) {
-	retval = ENOMEM;
-	goto errout;
+        retval = ENOMEM;
+        goto errout;
     }
     strncpy(*realm, (const char *)p, (size_t)len);
     (*realm)[len] = '\0';
     /* Avoid a common error. */
     if ( (*realm)[len-1] == '.' )
-	(*realm)[len-1] = '\0';
+        (*realm)[len-1] = '\0';
     retval = 0;
 
 errout:
     if (ds != NULL) {
-	krb5int_dns_fini(ds);
-	ds = NULL;
+        krb5int_dns_fini(ds);
+        ds = NULL;
     }
     return retval;
 }
@@ -174,9 +175,9 @@ krb5int_get_fq_hostname (char *buf, size_t bufsize, const char *name)
     hints.ai_flags = AI_CANONNAME;
     err = getaddrinfo (name, 0, &hints, &ai);
     if (err)
-	return krb5int_translate_gai_error (err);
+        return krb5int_translate_gai_error (err);
     if (ai->ai_canonname == 0)
-	return KRB5_EAI_FAIL;
+        return KRB5_EAI_FAIL;
     strncpy (buf, ai->ai_canonname, bufsize);
     buf[bufsize-1] = 0;
     freeaddrinfo (ai);
@@ -191,7 +192,7 @@ krb5int_get_fq_local_hostname (char *buf, size_t bufsiz)
 {
     buf[0] = 0;
     if (gethostname (buf, bufsiz) == -1)
-	return SOCKET_ERRNO;
+        return SOCKET_ERRNO;
     buf[bufsiz - 1] = 0;
     return krb5int_get_fq_hostname (buf, bufsiz, buf);
 }
@@ -213,16 +214,16 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
         return retval;
 
     /*
-       Search for the best match for the host or domain.
-       Example: Given a host a.b.c.d, try to match on:
-         1) A.B.C.D
-	 2) .B.C.D
-	 3) B.C.D
-	 4) .C.D
-	 5) C.D
-	 6) .D
-	 7) D
-     */
+      Search for the best match for the host or domain.
+      Example: Given a host a.b.c.d, try to match on:
+      1) A.B.C.D
+      2) .B.C.D
+      3) B.C.D
+      4) .C.D
+      5) C.D
+      6) .D
+      7) D
+    */
 
     cp = local_host;
 #ifdef DEBUG_REFERRALS
@@ -234,26 +235,26 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
 #ifdef DEBUG_REFERRALS
         printf("  trying to look up %s in the domain_realm map\n",cp);
 #endif
-	retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp,
-				    0, (char *)NULL, &temp_realm);
-	if (retval)
-	    return retval;
-	if (temp_realm != (char *)NULL)
-	    break;	/* Match found */
-
-	/* Setup for another test */
-	if (*cp == '.') {
-	    cp++;
-	} else {
-	    cp = strchr(cp, '.');
-	}
+        retval = profile_get_string(context->profile, KRB5_CONF_DOMAIN_REALM, cp,
+                                    0, (char *)NULL, &temp_realm);
+        if (retval)
+            return retval;
+        if (temp_realm != (char *)NULL)
+            break;      /* Match found */
+
+        /* Setup for another test */
+        if (*cp == '.') {
+            cp++;
+        } else {
+            cp = strchr(cp, '.');
+        }
     }
 #ifdef DEBUG_REFERRALS
     printf("  done searching the domain_realm map\n");
 #endif
     if (temp_realm) {
 #ifdef DEBUG_REFERRALS
-    printf("  temp_realm is %s\n",temp_realm);
+        printf("  temp_realm is %s\n",temp_realm);
 #endif
         realm = strdup(temp_realm);
         if (!realm) {
@@ -265,19 +266,19 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)
 
     if (realm == (char *)NULL) {
         if (!(cp = strdup(KRB5_REFERRAL_REALM)))
-	    return ENOMEM;
-	realm = cp;
+            return ENOMEM;
+        realm = cp;
     }
-    
+
     if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) {
-	if (realm != (char *)NULL)
-	    free(realm);
-	return ENOMEM;
+        if (realm != (char *)NULL)
+            free(realm);
+        return ENOMEM;
     }
 
     retrealms[0] = realm;
     retrealms[1] = 0;
-    
+
     *realmsp = retrealms;
     return 0;
 }
@@ -294,35 +295,35 @@ krb5int_translate_gai_error (int num)
     switch (num) {
 #ifdef EAI_ADDRFAMILY
     case EAI_ADDRFAMILY:
-	return EAFNOSUPPORT;
+        return EAFNOSUPPORT;
 #endif
     case EAI_AGAIN:
-	return EAGAIN;
+        return EAGAIN;
     case EAI_BADFLAGS:
-	return EINVAL;
+        return EINVAL;
     case EAI_FAIL:
-	return KRB5_EAI_FAIL;
+        return KRB5_EAI_FAIL;
     case EAI_FAMILY:
-	return EAFNOSUPPORT;
+        return EAFNOSUPPORT;
     case EAI_MEMORY:
-	return ENOMEM;
+        return ENOMEM;
 #if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
     case EAI_NODATA:
-	return KRB5_EAI_NODATA;
+        return KRB5_EAI_NODATA;
 #endif
     case EAI_NONAME:
-	return KRB5_EAI_NONAME;
+        return KRB5_EAI_NONAME;
 #if defined(EAI_OVERFLOW)
     case EAI_OVERFLOW:
-	return EINVAL;		/* XXX */
+        return EINVAL;          /* XXX */
 #endif
     case EAI_SERVICE:
-	return KRB5_EAI_SERVICE;
+        return KRB5_EAI_SERVICE;
     case EAI_SOCKTYPE:
-	return EINVAL;
+        return EINVAL;
 #ifdef EAI_SYSTEM
     case EAI_SYSTEM:
-	return errno;
+        return errno;
 #endif
     }
     abort ();
@@ -365,13 +366,13 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea
     realm = (char *)NULL;
 #ifdef KRB5_DNS_LOOKUP
     if (_krb5_use_dns_realm(context)) {
-	cp = local_host;
-	do {
-	    retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
-	    cp = strchr(cp,'.');
-	    if (cp) 
-		cp++;
-	} while (retval && cp && cp[0]);
+        cp = local_host;
+        do {
+            retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm);
+            cp = strchr(cp,'.');
+            if (cp)
+                cp++;
+        } while (retval && cp && cp[0]);
     }
 #endif /* KRB5_DNS_LOOKUP */
 
@@ -382,16 +383,16 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea
      * control which domain component is used as the realm for a host.
      */
     if (realm == (char *)NULL) {
-	int limit;
-	errcode_t code;
-
-	code = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS,
-				   KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit);
-	if (code == 0) {
-	    retval = domain_heuristic(context, local_host, &realm, limit);
-	    if (retval)
-		return retval;
-	}
+        int limit;
+        errcode_t code;
+
+        code = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                   KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit);
+        if (code == 0) {
+            retval = domain_heuristic(context, local_host, &realm, limit);
+            if (retval)
+                return retval;
+        }
     }
 
     /*
@@ -401,14 +402,14 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea
      * realm.
      */
     if (realm == (char *)NULL) {
-	cp = strchr(local_host, '.');
-	if (cp) {
-	    if (!(realm = strdup(cp + 1)))
-		return ENOMEM;
+        cp = strchr(local_host, '.');
+        if (cp) {
+            if (!(realm = strdup(cp + 1)))
+                return ENOMEM;
             for (cp = realm; *cp; cp++)
                 if (islower((int) (*cp)))
                     *cp = toupper((int) *cp);
-	}
+        }
     }
 
     /*
@@ -416,20 +417,20 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea
      * only one component--is to use the local default realm.
      */
     if (realm == (char *)NULL) {
-	retval = krb5_get_default_realm(context, &realm);
-	if (retval)
-	    return retval;
+        retval = krb5_get_default_realm(context, &realm);
+        if (retval)
+            return retval;
     }
 
     if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) {
-	if (realm != (char *)NULL)
-	    free(realm);
-	return ENOMEM;
+        if (realm != (char *)NULL)
+            free(realm);
+        return ENOMEM;
     }
 
     retrealms[0] = realm;
     retrealms[1] = 0;
-    
+
     *realmsp = retrealms;
     return 0;
 }
@@ -450,46 +451,46 @@ krb5int_clean_hostname(krb5_context context, const char *host, char *local_host,
     printf("krb5int_clean_hostname called: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
 #endif
     if (host) {
-	/* Filter out numeric addresses if the caller utterly failed to
-	   convert them to names.  */
-	/* IPv4 - dotted quads only */
-	if (strspn(host, "01234567890.") == strlen(host)) {
-	    /* All numbers and dots... if it's three dots, it's an
-	       IP address, and we reject it.  But "12345" could be
-	       a local hostname, couldn't it?  We'll just assume
-	       that a name with three dots is not meant to be an
-	       all-numeric hostname three all-numeric domains down
-	       from the current domain.  */
-	    int ndots = 0;
-	    const char *p;
-	    for (p = host; *p; p++)
-		if (*p == '.')
-		    ndots++;
-	    if (ndots == 3)
-		return KRB5_ERR_NUMERIC_REALM;
-	}
-	if (strchr(host, ':'))
-	    /* IPv6 numeric address form?  Bye bye.  */
-	    return KRB5_ERR_NUMERIC_REALM;
-
-	/* Should probably error out if strlen(host) > MAXDNAME.  */
-	strncpy(local_host, host, lhsize);
-	local_host[lhsize - 1] = '\0';
+        /* Filter out numeric addresses if the caller utterly failed to
+           convert them to names.  */
+        /* IPv4 - dotted quads only */
+        if (strspn(host, "01234567890.") == strlen(host)) {
+            /* All numbers and dots... if it's three dots, it's an
+               IP address, and we reject it.  But "12345" could be
+               a local hostname, couldn't it?  We'll just assume
+               that a name with three dots is not meant to be an
+               all-numeric hostname three all-numeric domains down
+               from the current domain.  */
+            int ndots = 0;
+            const char *p;
+            for (p = host; *p; p++)
+                if (*p == '.')
+                    ndots++;
+            if (ndots == 3)
+                return KRB5_ERR_NUMERIC_REALM;
+        }
+        if (strchr(host, ':'))
+            /* IPv6 numeric address form?  Bye bye.  */
+            return KRB5_ERR_NUMERIC_REALM;
+
+        /* Should probably error out if strlen(host) > MAXDNAME.  */
+        strncpy(local_host, host, lhsize);
+        local_host[lhsize - 1] = '\0';
     } else {
         retval = krb5int_get_fq_local_hostname (local_host, lhsize);
-	if (retval)
-	    return retval;
+        if (retval)
+            return retval;
     }
 
     /* fold to lowercase */
     for (cp = local_host; *cp; cp++) {
-	if (isupper((unsigned char) (*cp)))
-	    *cp = tolower((unsigned char) *cp);
+        if (isupper((unsigned char) (*cp)))
+            *cp = tolower((unsigned char) *cp);
     }
     l = strlen(local_host);
     /* strip off trailing dot */
     if (l && local_host[l-1] == '.')
-	    local_host[l-1] = 0;
+        local_host[l-1] = 0;
 
 #ifdef DEBUG_REFERRALS
     printf("krb5int_clean_hostname ending: host<%s>, local_host<%s>, size %d\n",host,local_host,lhsize);
@@ -513,7 +514,7 @@ krb5int_clean_hostname(krb5_context context, const char *host, char *local_host,
  */
 static krb5_error_code
 domain_heuristic(krb5_context context, const char *domain,
-		 char **realm, int limit)
+                 char **realm, int limit)
 {
     krb5_error_code retval = 0, r;
     struct addrlist alist;
@@ -522,41 +523,41 @@ domain_heuristic(krb5_context context, const char *domain,
 
     *realm = NULL;
     if (limit < 0)
-	return 0;
+        return 0;
 
     memset(&drealm, 0, sizeof (drealm));
     fqdn = strdup(domain);
     if (!fqdn) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* Upper case the domain (for use as a realm) */
     for (cp = fqdn; *cp; cp++) {
-	if (islower((int)(*cp)))
-	    *cp = toupper((int)*cp);
+        if (islower((int)(*cp)))
+            *cp = toupper((int)*cp);
     }
 
     /* Search up to limit parents, as long as we have multiple labels. */
     cp = fqdn;
     while (limit-- >= 0 && (dot = strchr(cp, '.')) != NULL) {
 
-	drealm.length = strlen(cp);
-	drealm.data = cp;
-
-	/* Find a kdc based on this part of the domain name. */
-	r = krb5_locate_kdc(context, &drealm, &alist, 0, SOCK_DGRAM, 0);
-	if (!r) { /* Found a KDC! */
-	    krb5int_free_addrlist(&alist);
-	    *realm = strdup(cp);
-	    if (!*realm) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    break;
-	}
-
-	cp = dot + 1;
+        drealm.length = strlen(cp);
+        drealm.data = cp;
+
+        /* Find a kdc based on this part of the domain name. */
+        r = krb5_locate_kdc(context, &drealm, &alist, 0, SOCK_DGRAM, 0);
+        if (!r) { /* Found a KDC! */
+            krb5int_free_addrlist(&alist);
+            *realm = strdup(cp);
+            if (!*realm) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            break;
+        }
+
+        cp = dot + 1;
     }
 
 cleanup:
diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c
index ffc8d9336..7f2110f8e 100644
--- a/src/lib/krb5/os/init_os_ctx.c
+++ b/src/lib/krb5/os/init_os_ctx.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/init_ctx.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -42,7 +43,7 @@
 static krb5_error_code
 get_from_windows_dir(
     char **pname
-    )
+)
 {
     UINT size = GetWindowsDirectory(0, 0);
     *pname = malloc(size + strlen(DEFAULT_PROFILE_FILENAME) + 2);
@@ -59,7 +60,7 @@ get_from_windows_dir(
 static krb5_error_code
 get_from_module_dir(
     char **pname
-    )
+)
 {
     const DWORD size = 1024; /* fixed buffer */
     int found = 0;
@@ -85,7 +86,7 @@ get_from_module_dir(
     name[size - 1] = 0;
     found = !_stat(name, &s);
 
- cleanup:
+cleanup:
     if (found)
         *pname = name;
     else
@@ -99,14 +100,14 @@ get_from_module_dir(
  * This will find a profile in the registry.  *pbuffer != 0 if we
  * found something.  Make sure to free(*pbuffer) when done.  It will
  * return an error code if there is an error the user should know
- * about.  We maintain the invariant: return value != 0 => 
+ * about.  We maintain the invariant: return value != 0 =>
  * *pbuffer == 0.
  */
 static krb5_error_code
 get_from_registry(
     char** pbuffer,
     HKEY hBaseKey
-    )
+)
 {
     HKEY hKey = 0;
     LONG rc = 0;
@@ -124,7 +125,7 @@ get_from_registry(
     }
     *pbuffer = 0;
 
-    if ((rc = RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE, 
+    if ((rc = RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE,
                            &hKey)) != ERROR_SUCCESS) {
         /* not a real error */
         goto cleanup;
@@ -139,7 +140,7 @@ get_from_registry(
         retval = ENOMEM;
         goto cleanup;
     }
-    if ((rc = RegQueryValueEx(hKey, value_name, 0, 0, *pbuffer, &size)) != 
+    if ((rc = RegQueryValueEx(hKey, value_name, 0, 0, *pbuffer, &size)) !=
         ERROR_SUCCESS) {
         /*
          * Let's not call it a real error in case it disappears, but
@@ -149,7 +150,7 @@ get_from_registry(
         *pbuffer = 0;
         goto cleanup;
     }
- cleanup:
+cleanup:
     if (hKey)
         RegCloseKey(hKey);
     if (retval && *pbuffer) {
@@ -169,13 +170,13 @@ free_filespecs(profile_filespec_t *files)
 
     if (files == 0)
         return;
-    
+
     for (cp = files; *cp; cp++)
         free(*cp);
     free(files);
 }
 
-/* This function is needed by KfM's KerberosPreferences API 
+/* This function is needed by KfM's KerberosPreferences API
  * because it needs to be able to specify "secure" */
 krb5_error_code
 os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
@@ -215,7 +216,7 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
         return retval;
     if (!name)
         return KRB5_CONFIG_CANTOPEN; /* should never happen */
-    
+
     files = malloc(2 * sizeof(char *));
     if (!files)
         return ENOMEM;
@@ -229,14 +230,14 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
 
 #ifdef USE_KIM
     /* If kim_library_allow_home_directory_access() == FALSE, we are probably
-     *   trying to authenticate to a fileserver for the user's homedir. 
+     *   trying to authenticate to a fileserver for the user's homedir.
      */
     if (!kim_library_allow_home_directory_access ())
         secure = 1;
 #endif
     if (secure) {
         filepath = DEFAULT_SECURE_PROFILE_PATH;
-    } else { 
+    } else {
         filepath = getenv("KRB5_CONFIG");
         if (!filepath) filepath = DEFAULT_PROFILE_PATH;
     }
@@ -327,8 +328,8 @@ os_init_paths(krb5_context ctx, krb5_boolean kdc)
         retval = add_kdc_config_file(&files);
 
     if (!retval) {
-        retval = profile_init((const_profile_filespec_t *) files, 
-                             &ctx->profile);
+        retval = profile_init((const_profile_filespec_t *) files,
+                              &ctx->profile);
 
 #ifdef KRB5_DNS_LOOKUP
         /* if none of the filenames can be opened use an empty profile */
@@ -336,7 +337,7 @@ os_init_paths(krb5_context ctx, krb5_boolean kdc)
             retval = profile_init(NULL, &ctx->profile);
             if (!retval)
                 ctx->profile_in_memory = 1;
-        }   
+        }
 #endif /* KRB5_DNS_LOOKUP */
     }
 
@@ -386,12 +387,12 @@ krb5_os_init_context(krb5_context ctx, krb5_boolean kdc)
      * If there's an error in the profile, return an error.  Just
      * ignoring the error is a Bad Thing (tm).
      */
-     
+
     if (!retval) {
         krb5_cc_set_default_name(ctx, NULL);
 
 #ifdef _WIN32
-        /* We initialize winsock to version 1.1 but 
+        /* We initialize winsock to version 1.1 but
          * we do not care if we succeed or fail.
          */
         wVersionRequested = 0x0101;
@@ -405,14 +406,14 @@ krb5_error_code KRB5_CALLCONV
 krb5_get_profile (krb5_context ctx, profile_t *profile)
 {
     return profile_copy (ctx->profile, profile);
-}    
+}
 
 krb5_error_code
 krb5_set_config_files(krb5_context ctx, const char **filenames)
 {
     krb5_error_code retval = 0;
     profile_t    profile;
-    
+
     retval = profile_init(filenames, &profile);
     if (retval)
         return retval;
@@ -444,10 +445,10 @@ krb5_secure_config_files(krb5_context ctx)
 {
     /* Obsolete interface; always return an error.
      *  This function should be removed next time a major version
-     *  number change happens. 
+     *  number change happens.
      */
     krb5_error_code retval = 0;
-    
+
     if (ctx->profile) {
         profile_release(ctx->profile);
         ctx->profile = 0;
@@ -467,7 +468,7 @@ krb5_os_free_context(krb5_context ctx)
     krb5_os_context os_ctx;
 
     os_ctx = &ctx->os_context;
-    
+
     if (os_ctx->default_ccname) {
         free(os_ctx->default_ccname);
         os_ctx->default_ccname = 0;
@@ -488,6 +489,6 @@ krb5_os_free_context(krb5_context ctx)
     krb5int_close_plugin_dirs (&ctx->libkrb5_plugins);
 
 #ifdef _WIN32
-        WSACleanup();
+    WSACleanup();
 #endif /* _WIN32 */
 }
diff --git a/src/lib/krb5/os/krbfileio.c b/src/lib/krb5/os/krbfileio.c
index 6ef16ebd0..99703aa35 100644
--- a/src/lib/krb5/os/krbfileio.c
+++ b/src/lib/krb5/os/krbfileio.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/krbfileio.c
  *
@@ -12,7 +13,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -26,14 +27,14 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_create_secure_file
  * krb5_sync_disk_file
  */
 
 #ifdef MODULE_VERSION_ID
-static char *VersionID = "@(#)krbfileio.c	2 - 08/22/91";
+static char *VersionID = "@(#)krbfileio.c       2 - 08/22/91";
 #endif
 
 
@@ -63,7 +64,7 @@ krb5_create_secure_file(krb5_context context, const char *pathname)
 
 #ifdef OPEN_MODE_NOT_TRUSTWORTHY
     /*
-     * Some systems that support default acl inheritance do not 
+     * Some systems that support default acl inheritance do not
      * apply ownership information from the process - force the file
      * to have the proper info.
      */
@@ -100,4 +101,3 @@ krb5_sync_disk_file(krb5_context context, FILE *fp)
 
     return 0;
 }
-
diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c
index 91f65858b..ce28e30d1 100644
--- a/src/lib/krb5/os/ktdefname.c
+++ b/src/lib/krb5/os/ktdefname.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/ktdefname.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Return default keytab file name.
  */
@@ -44,37 +45,36 @@ krb5_kt_default_name(krb5_context context, char *name, int name_size)
     unsigned int namesize = (name_size < 0 ? 0 : name_size);
 
     if (krb5_overridekeyname) {
-	if (strlcpy(name, krb5_overridekeyname, namesize) >= namesize)
-	    return KRB5_CONFIG_NOTENUFSPACE;
+        if (strlcpy(name, krb5_overridekeyname, namesize) >= namesize)
+            return KRB5_CONFIG_NOTENUFSPACE;
     } else if ((context->profile_secure == FALSE) &&
-	(cp = getenv("KRB5_KTNAME"))) {
-	if (strlcpy(name, cp, namesize) >= namesize)
-	    return KRB5_CONFIG_NOTENUFSPACE;
+               (cp = getenv("KRB5_KTNAME"))) {
+        if (strlcpy(name, cp, namesize) >= namesize)
+            return KRB5_CONFIG_NOTENUFSPACE;
     } else if ((profile_get_string(context->profile,
-				   KRB5_CONF_LIBDEFAULTS,
-				   KRB5_CONF_DEFAULT_KEYTAB_NAME, NULL, 
-				   NULL, &retval) == 0) &&
-	       retval) {
-	if (strlcpy(name, retval, namesize) >= namesize)
-	    return KRB5_CONFIG_NOTENUFSPACE;
-	profile_release_string(retval);
+                                   KRB5_CONF_LIBDEFAULTS,
+                                   KRB5_CONF_DEFAULT_KEYTAB_NAME, NULL,
+                                   NULL, &retval) == 0) &&
+               retval) {
+        if (strlcpy(name, retval, namesize) >= namesize)
+            return KRB5_CONFIG_NOTENUFSPACE;
+        profile_release_string(retval);
     } else {
 #if defined(_WIN32)
-	{
-	    char    defname[160];
-	    int     len;
+        {
+            char    defname[160];
+            int     len;
 
-	    len= GetWindowsDirectory( defname, sizeof(defname)-2 );
-	    defname[len]= '\0';
-	    if ( (len + strlen(krb5_defkeyname) + 1) > namesize )
-		return KRB5_CONFIG_NOTENUFSPACE;
-	    snprintf(name, namesize, krb5_defkeyname, defname);
-	}
+            len= GetWindowsDirectory( defname, sizeof(defname)-2 );
+            defname[len]= '\0';
+            if ( (len + strlen(krb5_defkeyname) + 1) > namesize )
+                return KRB5_CONFIG_NOTENUFSPACE;
+            snprintf(name, namesize, krb5_defkeyname, defname);
+        }
 #else
-	if (strlcpy(name, krb5_defkeyname, namesize) >= namesize)
-	    return KRB5_CONFIG_NOTENUFSPACE;
+        if (strlcpy(name, krb5_defkeyname, namesize) >= namesize)
+            return KRB5_CONFIG_NOTENUFSPACE;
 #endif
     }
     return 0;
 }
-    
diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c
index f76010dc9..1bc7505da 100644
--- a/src/lib/krb5/os/kuserok.c
+++ b/src/lib/krb5/os/kuserok.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/kuserok.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,13 +23,13 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_kuserok()
  */
 
 #include "k5-int.h"
-#if !defined(_WIN32)		/* Not yet for Windows */
+#if !defined(_WIN32)            /* Not yet for Windows */
 #include <stdio.h>
 #include <pwd.h>
 
@@ -41,7 +42,7 @@
 #define MAX_USERNAME 65
 
 #if defined(__APPLE__) && defined(__MACH__)
-#include <hfs/hfs_mount.h>	/* XXX */
+#include <hfs/hfs_mount.h>      /* XXX */
 #define FILE_OWNER_OK(UID)  ((UID) == 0 || (UID) == UNKNOWNUID)
 #else
 #define FILE_OWNER_OK(UID)  ((UID) == 0)
@@ -85,31 +86,31 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser)
 
     /* no account => no access */
     if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)
-	return(FALSE);
+        return(FALSE);
     result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir);
     if (SNPRINTF_OVERFLOW(result, sizeof(pbuf)))
-	return(FALSE);
+        return(FALSE);
 
-    if (access(pbuf, F_OK)) {	 /* not accessible */
-	/*
-	 * if he's trying to log in as himself, and there is no .k5login file,
-	 * let him.  To find out, call
-	 * krb5_aname_to_localname to convert the principal to a name
-	 * which we can string compare. 
-	 */
-	if (!(krb5_aname_to_localname(context, principal,
-				      sizeof(kuser), kuser))
-	    && (strcmp(kuser, luser) == 0)) {
-	    return(TRUE);
-	}
+    if (access(pbuf, F_OK)) {    /* not accessible */
+        /*
+         * if he's trying to log in as himself, and there is no .k5login file,
+         * let him.  To find out, call
+         * krb5_aname_to_localname to convert the principal to a name
+         * which we can string compare.
+         */
+        if (!(krb5_aname_to_localname(context, principal,
+                                      sizeof(kuser), kuser))
+            && (strcmp(kuser, luser) == 0)) {
+            return(TRUE);
+        }
     }
     if (krb5_unparse_name(context, principal, &princname))
-	return(FALSE);			/* no hope of matching */
+        return(FALSE);                  /* no hope of matching */
 
     /* open ~/.k5login */
     if ((fp = fopen(pbuf, "r")) == NULL) {
-	free(princname);
-	return(FALSE);
+        free(princname);
+        return(FALSE);
     }
     set_cloexec_file(fp);
     /*
@@ -117,31 +118,31 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser)
      * the user himself, or by root.  Otherwise, don't grant access.
      */
     if (fstat(fileno(fp), &sbuf)) {
-	fclose(fp);
-	free(princname);
-	return(FALSE);
+        fclose(fp);
+        free(princname);
+        return(FALSE);
     }
     if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) {
-	fclose(fp);
-	free(princname);
-	return(FALSE);
+        fclose(fp);
+        free(princname);
+        return(FALSE);
     }
 
     /* check each line */
     while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
-	/* null-terminate the input string */
-	linebuf[BUFSIZ-1] = '\0';
-	newline = NULL;
-	/* nuke the newline if it exists */
-	if ((newline = strchr(linebuf, '\n')))
-	    *newline = '\0';
-	if (!strcmp(linebuf, princname)) {
-	    isok = TRUE;
-	    continue;
-	}
-	/* clean up the rest of the line if necessary */
-	if (!newline)
-	    while (((gobble = getc(fp)) != EOF) && gobble != '\n');
+        /* null-terminate the input string */
+        linebuf[BUFSIZ-1] = '\0';
+        newline = NULL;
+        /* nuke the newline if it exists */
+        if ((newline = strchr(linebuf, '\n')))
+            *newline = '\0';
+        if (!strcmp(linebuf, princname)) {
+            isok = TRUE;
+            continue;
+        }
+        /* clean up the rest of the line if necessary */
+        if (!newline)
+            while (((gobble = getc(fp)) != EOF) && gobble != '\n');
     }
     free(princname);
     fclose(fp);
@@ -166,7 +167,7 @@ krb5_kuserok(context, principal, luser)
         return FALSE;
 
     if (strcmp(kuser, luser) == 0)
-	    return TRUE;
+        return TRUE;
 
     return FALSE;
 }
diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c
index 25079062a..dd8110c33 100644
--- a/src/lib/krb5/os/localaddr.c
+++ b/src/lib/krb5/os/localaddr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/localaddr.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Return the protocol addresses supported by this host.
  * Exports from this file:
@@ -105,7 +106,7 @@
 #ifndef USE_AF
 #define USE_AF AF_NS
 #define USE_TYPE SOCK_DGRAM
-#define USE_PROTO 0		/* guess */
+#define USE_PROTO 0             /* guess */
 #endif
 #endif
 /*
@@ -133,15 +134,15 @@
 /*
  * BSD 4.4 defines the size of an ifreq to be
  * max(sizeof(ifreq), sizeof(ifreq.ifr_name)+ifreq.ifr_addr.sa_len
- * However, under earlier systems, sa_len isn't present, so the size is 
+ * However, under earlier systems, sa_len isn't present, so the size is
  * just sizeof(struct ifreq).
  */
 #ifdef HAVE_SA_LEN
 #ifndef max
 #define max(a,b) ((a) > (b) ? (a) : (b))
 #endif
-#define ifreq_size(i) max(sizeof(struct ifreq),\
-     sizeof((i).ifr_name)+(i).ifr_addr.sa_len)
+#define ifreq_size(i) max(sizeof(struct ifreq),                         \
+                          sizeof((i).ifr_name)+(i).ifr_addr.sa_len)
 #else
 #define ifreq_size(i) sizeof(struct ifreq)
 #endif /* HAVE_SA_LEN*/
@@ -156,20 +157,20 @@
 void printaddr (struct sockaddr *);
 
 void printaddr (struct sockaddr *sa)
-    /*@modifies fileSystem@*/
+/*@modifies fileSystem@*/
 {
     char buf[NI_MAXHOST];
     int err;
 
     printf ("%p ", (void *) sa);
     err = getnameinfo (sa, socklen (sa), buf, sizeof (buf), 0, 0,
-		       NI_NUMERICHOST);
+                       NI_NUMERICHOST);
     if (err)
-	printf ("<getnameinfo error %d: %s> family=%d",
-		err, gai_strerror (err),
-		sa->sa_family);
+        printf ("<getnameinfo error %d: %s> family=%d",
+                err, gai_strerror (err),
+                sa->sa_family);
     else
-	printf ("%s", buf);
+        printf ("%s", buf);
 }
 #endif
 
@@ -178,15 +179,15 @@ is_loopback_address(struct sockaddr *sa)
 {
     switch (sa->sa_family) {
     case AF_INET: {
-	struct sockaddr_in *s4 = (struct sockaddr_in *)sa;
-	return s4->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
+        struct sockaddr_in *s4 = (struct sockaddr_in *)sa;
+        return s4->sin_addr.s_addr == htonl(INADDR_LOOPBACK);
     }
     case AF_INET6: {
-	struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)sa;
-	return IN6_IS_ADDR_LOOPBACK(&s6->sin6_addr);
+        struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)sa;
+        return IN6_IS_ADDR_LOOPBACK(&s6->sin6_addr);
     }
     default:
-	return 0;
+        return 0;
     }
 }
 
@@ -201,32 +202,32 @@ void printifaddr (struct ifaddrs *ifp)
     printf ("\tname=%s\n", ifp->ifa_name);
     printf ("\tflags=");
     {
-	int ch, flags = ifp->ifa_flags;
-	printf ("%x", flags);
-	ch = '<';
+        int ch, flags = ifp->ifa_flags;
+        printf ("%x", flags);
+        ch = '<';
 #define X(F) if (flags & IFF_##F) { printf ("%c%s", ch, #F); flags &= ~IFF_##F; ch = ','; }
-	X (UP); X (BROADCAST); X (DEBUG); X (LOOPBACK); X (POINTOPOINT);
-	X (NOTRAILERS); X (RUNNING); X (NOARP); X (PROMISC); X (ALLMULTI);
+        X (UP); X (BROADCAST); X (DEBUG); X (LOOPBACK); X (POINTOPOINT);
+        X (NOTRAILERS); X (RUNNING); X (NOARP); X (PROMISC); X (ALLMULTI);
 #ifdef IFF_OACTIVE
-	X (OACTIVE);
+        X (OACTIVE);
 #endif
 #ifdef IFF_SIMPLE
-	X (SIMPLEX);
+        X (SIMPLEX);
 #endif
-	X (MULTICAST);
-	printf (">");
+        X (MULTICAST);
+        printf (">");
 #undef X
     }
     if (ifp->ifa_addr)
-	printf ("\n\taddr="), printaddr (ifp->ifa_addr);
+        printf ("\n\taddr="), printaddr (ifp->ifa_addr);
     if (ifp->ifa_netmask)
-	printf ("\n\tnetmask="), printaddr (ifp->ifa_netmask);
+        printf ("\n\tnetmask="), printaddr (ifp->ifa_netmask);
     if (ifp->ifa_broadaddr)
-	printf ("\n\tbroadaddr="), printaddr (ifp->ifa_broadaddr);
+        printf ("\n\tbroadaddr="), printaddr (ifp->ifa_broadaddr);
     if (ifp->ifa_dstaddr)
-	printf ("\n\tdstaddr="), printaddr (ifp->ifa_dstaddr);
+        printf ("\n\tdstaddr="), printaddr (ifp->ifa_dstaddr);
     if (ifp->ifa_data)
-	printf ("\n\tdata=%p", ifp->ifa_data);
+        printf ("\n\tdata=%p", ifp->ifa_data);
     printf ("\n}\n");
 }
 #endif /* DEBUG */
@@ -238,21 +239,21 @@ static int
 addr_eq (const struct sockaddr *s1, const struct sockaddr *s2)
 {
     if (s1->sa_family != s2->sa_family)
-	return 0;
+        return 0;
 #ifdef HAVE_SA_LEN
     if (s1->sa_len != s2->sa_len)
-	return 0;
+        return 0;
     return !memcmp (s1, s2, s1->sa_len);
 #else
 #define CMPTYPE(T,F) (!memcmp(&((const T*)s1)->F,&((const T*)s2)->F,sizeof(((const T*)s1)->F)))
     switch (s1->sa_family) {
     case AF_INET:
-	return CMPTYPE (struct sockaddr_in, sin_addr);
+        return CMPTYPE (struct sockaddr_in, sin_addr);
     case AF_INET6:
-	return CMPTYPE (struct sockaddr_in6, sin6_addr);
+        return CMPTYPE (struct sockaddr_in6, sin6_addr);
     default:
-	/* Err on side of duplicate listings.  */
-	return 0;
+        /* Err on side of duplicate listings.  */
+        return 0;
     }
 #endif
 }
@@ -262,13 +263,13 @@ addr_eq (const struct sockaddr *s1, const struct sockaddr *s2)
 /*@-usereleased@*/ /* lclint doesn't understand realloc */
 static /*@null@*/ void *
 grow_or_free (/*@only@*/ void *ptr, size_t newsize)
-     /*@*/
+/*@*/
 {
     void *newptr;
     newptr = realloc (ptr, newsize);
     if (newptr == NULL && newsize != 0) {
-	free (ptr);		/* lclint complains but this is right */
-	return NULL;
+        free (ptr);             /* lclint complains but this is right */
+        return NULL;
     }
     return newptr;
 }
@@ -276,7 +277,7 @@ grow_or_free (/*@only@*/ void *ptr, size_t newsize)
 
 static int
 get_ifconf (int s, size_t *lenp, /*@out@*/ char *buf)
-    /*@modifies *buf,*lenp@*/
+/*@modifies *buf,*lenp@*/
 {
     int ret;
     struct ifconf ifc;
@@ -304,7 +305,7 @@ get_ifconf (int s, size_t *lenp, /*@out@*/ char *buf)
 #if defined(SIOCGLIFCONF) && defined(HAVE_STRUCT_LIFCONF)
 static int
 get_lifconf (int af, int s, size_t *lenp, /*@out@*/ char *buf)
-    /*@modifies *buf,*lenp@*/
+/*@modifies *buf,*lenp@*/
 {
     int ret;
     struct lifconf lifc;
@@ -319,7 +320,7 @@ get_lifconf (int af, int s, size_t *lenp, /*@out@*/ char *buf)
     /*@-moduncon@*/
     ret = ioctl (s, SIOCGLIFCONF, (char *)&lifc);
     if (ret)
-	Tperror ("SIOCGLIFCONF");
+        Tperror ("SIOCGLIFCONF");
     /*@=moduncon@*/
     /*@+matchanyintegral@*/
     *lenp = lifc.lifc_len;
@@ -332,7 +333,7 @@ get_lifconf (int af, int s, size_t *lenp, /*@out@*/ char *buf)
 /* #include <net/if6.h> */
 static int
 get_if_laddrconf (int af, int s, size_t *lenp, /*@out@*/ char *buf)
-    /*@modifies *buf,*lenp@*/
+/*@modifies *buf,*lenp@*/
 {
     int ret;
     struct if_laddrconf iflc;
@@ -345,7 +346,7 @@ get_if_laddrconf (int af, int s, size_t *lenp, /*@out@*/ char *buf)
     /*@-moduncon@*/
     ret = ioctl (s, SIOCGLIFCONF, (char *)&iflc);
     if (ret)
-	Tperror ("SIOCGLIFCONF");
+        Tperror ("SIOCGLIFCONF");
     /*@=moduncon@*/
     /*@+matchanyintegral@*/
     *lenp = iflc.iflc_len;
@@ -372,51 +373,51 @@ get_linux_ipv6_addrs ()
     /* _PATH_PROCNET_IFINET6 */
     f = fopen("/proc/net/if_inet6", "r");
     if (f) {
-	char ifname[21];
-	unsigned int idx, pfxlen, scope, dadstat;
-	struct in6_addr a6;
-	struct linux_ipv6_addr_list *nw;
-	int i;
-	unsigned int addrbyte[16];
-
-	set_cloexec_file(f);
-	while (fscanf(f,
-		      "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x"
-		      " %2x %2x %2x %2x %20s\n",
-		      &addrbyte[0], &addrbyte[1], &addrbyte[2], &addrbyte[3],
-		      &addrbyte[4], &addrbyte[5], &addrbyte[6], &addrbyte[7],
-		      &addrbyte[8], &addrbyte[9], &addrbyte[10], &addrbyte[11],
-		      &addrbyte[12], &addrbyte[13], &addrbyte[14],
-		      &addrbyte[15],
-		      &idx, &pfxlen, &scope, &dadstat, ifname) != EOF) {
-	    for (i = 0; i < 16; i++)
-		a6.s6_addr[i] = addrbyte[i];
-	    if (scope != 0)
-		continue;
+        char ifname[21];
+        unsigned int idx, pfxlen, scope, dadstat;
+        struct in6_addr a6;
+        struct linux_ipv6_addr_list *nw;
+        int i;
+        unsigned int addrbyte[16];
+
+        set_cloexec_file(f);
+        while (fscanf(f,
+                      "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x"
+                      " %2x %2x %2x %2x %20s\n",
+                      &addrbyte[0], &addrbyte[1], &addrbyte[2], &addrbyte[3],
+                      &addrbyte[4], &addrbyte[5], &addrbyte[6], &addrbyte[7],
+                      &addrbyte[8], &addrbyte[9], &addrbyte[10], &addrbyte[11],
+                      &addrbyte[12], &addrbyte[13], &addrbyte[14],
+                      &addrbyte[15],
+                      &idx, &pfxlen, &scope, &dadstat, ifname) != EOF) {
+            for (i = 0; i < 16; i++)
+                a6.s6_addr[i] = addrbyte[i];
+            if (scope != 0)
+                continue;
 #if 0 /* These symbol names are as used by ifconfig, but none of the
-	 system header files export them.  Dig up the kernel versions
-	 someday and see if they're exported.  */
-	    switch (scope) {
-	    case 0:
-	    default:
-		break;
-	    case IPV6_ADDR_LINKLOCAL:
-	    case IPV6_ADDR_SITELOCAL:
-	    case IPV6_ADDR_COMPATv4:
-	    case IPV6_ADDR_LOOPBACK:
-		continue;
-	    }
+         system header files export them.  Dig up the kernel versions
+         someday and see if they're exported.  */
+            switch (scope) {
+            case 0:
+            default:
+                break;
+            case IPV6_ADDR_LINKLOCAL:
+            case IPV6_ADDR_SITELOCAL:
+            case IPV6_ADDR_COMPATv4:
+            case IPV6_ADDR_LOOPBACK:
+                continue;
+            }
 #endif
-	    nw = calloc (1, sizeof (struct linux_ipv6_addr_list));
-	    if (nw == 0)
-		continue;
-	    nw->addr.sin6_addr = a6;
-	    nw->addr.sin6_family = AF_INET6;
-	    /* Ignore other fields, we don't actually use them here.  */
-	    nw->next = lst;
-	    lst = nw;
-	}
-	fclose (f);
+            nw = calloc (1, sizeof (struct linux_ipv6_addr_list));
+            if (nw == 0)
+                continue;
+            nw->addr.sin6_addr = a6;
+            nw->addr.sin6_family = AF_INET6;
+            /* Ignore other fields, we don't actually use them here.  */
+            nw->next = lst;
+            lst = nw;
+        }
+        fclose (f);
     }
     return lst;
 }
@@ -433,68 +434,68 @@ get_linux_ipv6_addrs ()
 
 int
 foreach_localaddr (/*@null@*/ void *data,
-		   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
-		   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
-		   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
-					      struct sockaddr *) /*@*/)
+                   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+                   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                              struct sockaddr *) /*@*/)
 #if defined(DEBUG) || defined(TEST)
-     /*@modifies fileSystem@*/
+/*@modifies fileSystem@*/
 #endif
 {
     struct ifaddrs *ifp_head, *ifp, *ifp2;
     int match;
 
     if (getifaddrs (&ifp_head) < 0)
-	return errno;
+        return errno;
     for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) {
 #ifdef DEBUG
-	printifaddr (ifp);
+        printifaddr (ifp);
 #endif
-	if ((ifp->ifa_flags & IFF_UP) == 0)
-	    continue;
-	if (ifp->ifa_addr == NULL) {
-	    /* Can't use an interface without an address.  Linux
-	       apparently does this sometimes.  [RT ticket 1770 from
-	       Maurice Massar, also Debian bug 206851, shows the
-	       problem with a PPP link on a newer kernel than I'm
-	       running.]
-
-	       Pretend it's not up, so the second pass will skip
-	       it.  */
-	    ifp->ifa_flags &= ~IFF_UP;
-	    continue;
-	}
-	if (is_loopback_address(ifp->ifa_addr)) {
-	    /* Pretend it's not up, so the second pass will skip
-	       it.  */
-	    ifp->ifa_flags &= ~IFF_UP;
-	    continue;
-	}
-	/* If this address is a duplicate, punt.  */
-	match = 0;
-	for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
-	    if ((ifp2->ifa_flags & IFF_UP) == 0)
-		continue;
-	    if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
-		match = 1;
-		ifp->ifa_flags &= ~IFF_UP;
-		break;
-	    }
-	}
-	if (match)
-	    continue;
-	if ((*pass1fn) (data, ifp->ifa_addr))
-	    goto punt;
+        if ((ifp->ifa_flags & IFF_UP) == 0)
+            continue;
+        if (ifp->ifa_addr == NULL) {
+            /* Can't use an interface without an address.  Linux
+               apparently does this sometimes.  [RT ticket 1770 from
+               Maurice Massar, also Debian bug 206851, shows the
+               problem with a PPP link on a newer kernel than I'm
+               running.]
+
+               Pretend it's not up, so the second pass will skip
+               it.  */
+            ifp->ifa_flags &= ~IFF_UP;
+            continue;
+        }
+        if (is_loopback_address(ifp->ifa_addr)) {
+            /* Pretend it's not up, so the second pass will skip
+               it.  */
+            ifp->ifa_flags &= ~IFF_UP;
+            continue;
+        }
+        /* If this address is a duplicate, punt.  */
+        match = 0;
+        for (ifp2 = ifp_head; ifp2 && ifp2 != ifp; ifp2 = ifp2->ifa_next) {
+            if ((ifp2->ifa_flags & IFF_UP) == 0)
+                continue;
+            if (addr_eq (ifp->ifa_addr, ifp2->ifa_addr)) {
+                match = 1;
+                ifp->ifa_flags &= ~IFF_UP;
+                break;
+            }
+        }
+        if (match)
+            continue;
+        if ((*pass1fn) (data, ifp->ifa_addr))
+            goto punt;
     }
     if (betweenfn && (*betweenfn)(data))
-	goto punt;
+        goto punt;
     if (pass2fn)
-	for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) {
-	    if (ifp->ifa_flags & IFF_UP)
-		if ((*pass2fn) (data, ifp->ifa_addr))
-		    goto punt;
-	}
- punt:
+        for (ifp = ifp_head; ifp; ifp = ifp->ifa_next) {
+            if (ifp->ifa_flags & IFF_UP)
+                if ((*pass2fn) (data, ifp->ifa_addr))
+                    goto punt;
+        }
+punt:
     freeifaddrs (ifp_head);
     return 0;
 }
@@ -503,12 +504,12 @@ foreach_localaddr (/*@null@*/ void *data,
 
 int
 foreach_localaddr (/*@null@*/ void *data,
-		   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
-		   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
-		   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
-					      struct sockaddr *) /*@*/)
+                   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+                   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                              struct sockaddr *) /*@*/)
 #if defined(DEBUG) || defined(TEST)
-     /*@modifies fileSystem@*/
+/*@modifies fileSystem@*/
 #endif
 {
     /* Okay, this is kind of odd.  We have to use each of the address
@@ -527,11 +528,11 @@ foreach_localaddr (/*@null@*/ void *data,
     static const int afs[] = { AF_INET, AF_NS, AF_INET6 };
 #define N_AFS (sizeof (afs) / sizeof (afs[0]))
     struct {
-	int af;
-	int sock;
-	void *buf;
-	size_t buf_size;
-	struct lifnum lifnum;
+        int af;
+        int sock;
+        void *buf;
+        size_t buf_size;
+        struct lifnum lifnum;
     } afp[N_AFS];
     int code, i, j;
     int retval = 0, afidx;
@@ -543,131 +544,131 @@ foreach_localaddr (/*@null@*/ void *data,
 
     /* init */
     FOREACH_AF () {
-	P.af = afs[afidx];
-	P.sock = -1;
-	P.buf = 0;
+        P.af = afs[afidx];
+        P.sock = -1;
+        P.buf = 0;
     }
 
     /* first pass: get raw data, discard uninteresting addresses, callback */
     FOREACH_AF () {
-	Tprintf (("trying af %d...\n", P.af));
-	P.sock = socket (P.af, USE_TYPE, USE_PROTO);
-	if (P.sock < 0) {
-	    sock_err = SOCKET_ERROR;
-	    Tperror ("socket");
-	    continue;
-	}
-	set_cloexec_fd(P.sock);
-
-	P.lifnum.lifn_family = P.af;
-	P.lifnum.lifn_flags = 0;
-	P.lifnum.lifn_count = 0;
-	code = ioctl (P.sock, SIOCGLIFNUM, &P.lifnum);
-	if (code) {
-	    Tperror ("ioctl(SIOCGLIFNUM)");
-	    retval = errno;
-	    goto punt;
-	}
-
-	P.buf_size = P.lifnum.lifn_count * sizeof (struct lifreq) * 2;
-	P.buf = malloc (P.buf_size);
-	if (P.buf == NULL) {
-	    retval = ENOMEM;
-	    goto punt;
-	}
-
-	code = get_lifconf (P.af, P.sock, &P.buf_size, P.buf);
-	if (code < 0) {
-	    retval = errno;
-	    goto punt;
-	}
-
-	for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
-	    lifr = (struct lifreq *)((caddr_t) P.buf+i);
-
-	    strncpy(lifreq.lifr_name, lifr->lifr_name,
-		    sizeof (lifreq.lifr_name));
-	    Tprintf (("interface %s\n", lifreq.lifr_name));
-	    /*@-moduncon@*/ /* ioctl unknown to lclint */
-	    if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) {
-		Tperror ("ioctl(SIOCGLIFFLAGS)");
-	    skip:
-		/* mark for next pass */
-		lifr->lifr_name[0] = '\0';
-		continue;
-	    }
-	    /*@=moduncon@*/
-
-	    /* None of the current callers want loopback addresses.  */
-	    if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
-		Tprintf (("  loopback\n"));
-		goto skip;
-	    }
-	    /* Ignore interfaces that are down.  */
-	    if ((lifreq.lifr_flags & IFF_UP) == 0) {
-		Tprintf (("  down\n"));
-		goto skip;
-	    }
-
-	    /* Make sure we didn't process this address already.  */
-	    for (j = 0; j < i; j += sizeof (*lifr2)) {
-		lifr2 = (struct lifreq *)((caddr_t) P.buf+j);
-		if (lifr2->lifr_name[0] == '\0')
-		    continue;
-		if (lifr2->lifr_addr.ss_family == lifr->lifr_addr.ss_family
-		    /* Compare address info.  If this isn't good enough --
-		       i.e., if random padding bytes turn out to differ
-		       when the addresses are the same -- then we'll have
-		       to do it on a per address family basis.  */
-		    && !memcmp (&lifr2->lifr_addr, &lifr->lifr_addr,
-				sizeof (*lifr))) {
-		    Tprintf (("  duplicate addr\n"));
-		    goto skip;
-		}
-	    }
-
-	    /*@-moduncon@*/
-	    if ((*pass1fn) (data, ss2sa (&lifr->lifr_addr)))
-		goto punt;
-	    /*@=moduncon@*/
-	}
+        Tprintf (("trying af %d...\n", P.af));
+        P.sock = socket (P.af, USE_TYPE, USE_PROTO);
+        if (P.sock < 0) {
+            sock_err = SOCKET_ERROR;
+            Tperror ("socket");
+            continue;
+        }
+        set_cloexec_fd(P.sock);
+
+        P.lifnum.lifn_family = P.af;
+        P.lifnum.lifn_flags = 0;
+        P.lifnum.lifn_count = 0;
+        code = ioctl (P.sock, SIOCGLIFNUM, &P.lifnum);
+        if (code) {
+            Tperror ("ioctl(SIOCGLIFNUM)");
+            retval = errno;
+            goto punt;
+        }
+
+        P.buf_size = P.lifnum.lifn_count * sizeof (struct lifreq) * 2;
+        P.buf = malloc (P.buf_size);
+        if (P.buf == NULL) {
+            retval = ENOMEM;
+            goto punt;
+        }
+
+        code = get_lifconf (P.af, P.sock, &P.buf_size, P.buf);
+        if (code < 0) {
+            retval = errno;
+            goto punt;
+        }
+
+        for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
+            lifr = (struct lifreq *)((caddr_t) P.buf+i);
+
+            strncpy(lifreq.lifr_name, lifr->lifr_name,
+                    sizeof (lifreq.lifr_name));
+            Tprintf (("interface %s\n", lifreq.lifr_name));
+            /*@-moduncon@*/ /* ioctl unknown to lclint */
+            if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) {
+                Tperror ("ioctl(SIOCGLIFFLAGS)");
+            skip:
+                /* mark for next pass */
+                lifr->lifr_name[0] = '\0';
+                continue;
+            }
+            /*@=moduncon@*/
+
+            /* None of the current callers want loopback addresses.  */
+            if (is_loopback_address((struct sockaddr *)&lifr->lifr_addr)) {
+                Tprintf (("  loopback\n"));
+                goto skip;
+            }
+            /* Ignore interfaces that are down.  */
+            if ((lifreq.lifr_flags & IFF_UP) == 0) {
+                Tprintf (("  down\n"));
+                goto skip;
+            }
+
+            /* Make sure we didn't process this address already.  */
+            for (j = 0; j < i; j += sizeof (*lifr2)) {
+                lifr2 = (struct lifreq *)((caddr_t) P.buf+j);
+                if (lifr2->lifr_name[0] == '\0')
+                    continue;
+                if (lifr2->lifr_addr.ss_family == lifr->lifr_addr.ss_family
+                    /* Compare address info.  If this isn't good enough --
+                       i.e., if random padding bytes turn out to differ
+                       when the addresses are the same -- then we'll have
+                       to do it on a per address family basis.  */
+                    && !memcmp (&lifr2->lifr_addr, &lifr->lifr_addr,
+                                sizeof (*lifr))) {
+                    Tprintf (("  duplicate addr\n"));
+                    goto skip;
+                }
+            }
+
+            /*@-moduncon@*/
+            if ((*pass1fn) (data, ss2sa (&lifr->lifr_addr)))
+                goto punt;
+            /*@=moduncon@*/
+        }
     }
 
     /* Did we actually get any working sockets?  */
     FOREACH_AF ()
-	if (P.sock != -1)
-	    goto have_working_socket;
+        if (P.sock != -1)
+            goto have_working_socket;
     retval = sock_err;
     goto punt;
 have_working_socket:
 
     /*@-moduncon@*/
     if (betweenfn != NULL && (*betweenfn)(data))
-	goto punt;
+        goto punt;
     /*@=moduncon@*/
 
     if (pass2fn)
-	FOREACH_AF ()
-	    if (P.sock >= 0) {
-		for (i = 0; i + sizeof (*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
-		    lifr = (struct lifreq *)((caddr_t) P.buf+i);
-
-		    if (lifr->lifr_name[0] == '\0')
-			/* Marked in first pass to be ignored.  */
-			continue;
-
-		    /*@-moduncon@*/
-		    if ((*pass2fn) (data, ss2sa (&lifr->lifr_addr)))
-			goto punt;
-		    /*@=moduncon@*/
-		}
-	    }
+        FOREACH_AF ()
+            if (P.sock >= 0) {
+                for (i = 0; i + sizeof (*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
+                    lifr = (struct lifreq *)((caddr_t) P.buf+i);
+
+                    if (lifr->lifr_name[0] == '\0')
+                        /* Marked in first pass to be ignored.  */
+                        continue;
+
+                    /*@-moduncon@*/
+                    if ((*pass2fn) (data, ss2sa (&lifr->lifr_addr)))
+                        goto punt;
+                    /*@=moduncon@*/
+                }
+            }
 punt:
     FOREACH_AF () {
-	/*@-moduncon@*/
-	closesocket(P.sock);
-	/*@=moduncon@*/
-	free (P.buf);
+        /*@-moduncon@*/
+        closesocket(P.sock);
+        /*@=moduncon@*/
+        free (P.buf);
     }
 
     return retval;
@@ -677,12 +678,12 @@ punt:
 
 int
 foreach_localaddr (/*@null@*/ void *data,
-		   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
-		   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
-		   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
-					      struct sockaddr *) /*@*/)
+                   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+                   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                              struct sockaddr *) /*@*/)
 #if defined(DEBUG) || defined(TEST)
-     /*@modifies fileSystem@*/
+/*@modifies fileSystem@*/
 #endif
 {
     /* Okay, this is kind of odd.  We have to use each of the address
@@ -701,11 +702,11 @@ foreach_localaddr (/*@null@*/ void *data,
     static const int afs[] = { AF_INET, AF_NS, AF_INET6 };
 #define N_AFS (sizeof (afs) / sizeof (afs[0]))
     struct {
-	int af;
-	int sock;
-	void *buf;
-	size_t buf_size;
-	int if_num;
+        int af;
+        int sock;
+        void *buf;
+        size_t buf_size;
+        int if_num;
     } afp[N_AFS];
     int code, i, j;
     int retval = 0, afidx;
@@ -717,128 +718,128 @@ foreach_localaddr (/*@null@*/ void *data,
 
     /* init */
     FOREACH_AF () {
-	P.af = afs[afidx];
-	P.sock = -1;
-	P.buf = 0;
+        P.af = afs[afidx];
+        P.sock = -1;
+        P.buf = 0;
     }
 
     /* first pass: get raw data, discard uninteresting addresses, callback */
     FOREACH_AF () {
-	Tprintf (("trying af %d...\n", P.af));
-	P.sock = socket (P.af, USE_TYPE, USE_PROTO);
-	if (P.sock < 0) {
-	    sock_err = SOCKET_ERROR;
-	    Tperror ("socket");
-	    continue;
-	}
-	set_cloexec_fd(P.sock);
-
-	code = ioctl (P.sock, SIOCGLIFNUM, &P.if_num);
-	if (code) {
-	    Tperror ("ioctl(SIOCGLIFNUM)");
-	    retval = errno;
-	    goto punt;
-	}
-
-	P.buf_size = P.if_num * sizeof (struct if_laddrreq) * 2;
-	P.buf = malloc (P.buf_size);
-	if (P.buf == NULL) {
-	    retval = ENOMEM;
-	    goto punt;
-	}
-
-	code = get_if_laddrconf (P.af, P.sock, &P.buf_size, P.buf);
-	if (code < 0) {
-	    retval = errno;
-	    goto punt;
-	}
-
-	for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
-	    lifr = (struct if_laddrreq *)((caddr_t) P.buf+i);
-
-	    strncpy(lifreq.iflr_name, lifr->iflr_name,
-		    sizeof (lifreq.iflr_name));
-	    Tprintf (("interface %s\n", lifreq.iflr_name));
-	    /*@-moduncon@*/ /* ioctl unknown to lclint */
-	    if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) {
-		Tperror ("ioctl(SIOCGLIFFLAGS)");
-	    skip:
-		/* mark for next pass */
-		lifr->iflr_name[0] = '\0';
-		continue;
-	    }
-	    /*@=moduncon@*/
-
-	    /* None of the current callers want loopback addresses.  */
-	    if (is_loopback_address(&lifr->iflr_addr)) {
-		Tprintf (("  loopback\n"));
-		goto skip;
-	    }
-	    /* Ignore interfaces that are down.  */
-	    if ((lifreq.iflr_flags & IFF_UP) == 0) {
-		Tprintf (("  down\n"));
-		goto skip;
-	    }
-
-	    /* Make sure we didn't process this address already.  */
-	    for (j = 0; j < i; j += sizeof (*lifr2)) {
-		lifr2 = (struct if_laddrreq *)((caddr_t) P.buf+j);
-		if (lifr2->iflr_name[0] == '\0')
-		    continue;
-		if (lifr2->iflr_addr.sa_family == lifr->iflr_addr.sa_family
-		    /* Compare address info.  If this isn't good enough --
-		       i.e., if random padding bytes turn out to differ
-		       when the addresses are the same -- then we'll have
-		       to do it on a per address family basis.  */
-		    && !memcmp (&lifr2->iflr_addr, &lifr->iflr_addr,
-				sizeof (*lifr))) {
-		    Tprintf (("  duplicate addr\n"));
-		    goto skip;
-		}
-	    }
-
-	    /*@-moduncon@*/
-	    if ((*pass1fn) (data, ss2sa (&lifr->iflr_addr)))
-		goto punt;
-	    /*@=moduncon@*/
-	}
+        Tprintf (("trying af %d...\n", P.af));
+        P.sock = socket (P.af, USE_TYPE, USE_PROTO);
+        if (P.sock < 0) {
+            sock_err = SOCKET_ERROR;
+            Tperror ("socket");
+            continue;
+        }
+        set_cloexec_fd(P.sock);
+
+        code = ioctl (P.sock, SIOCGLIFNUM, &P.if_num);
+        if (code) {
+            Tperror ("ioctl(SIOCGLIFNUM)");
+            retval = errno;
+            goto punt;
+        }
+
+        P.buf_size = P.if_num * sizeof (struct if_laddrreq) * 2;
+        P.buf = malloc (P.buf_size);
+        if (P.buf == NULL) {
+            retval = ENOMEM;
+            goto punt;
+        }
+
+        code = get_if_laddrconf (P.af, P.sock, &P.buf_size, P.buf);
+        if (code < 0) {
+            retval = errno;
+            goto punt;
+        }
+
+        for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
+            lifr = (struct if_laddrreq *)((caddr_t) P.buf+i);
+
+            strncpy(lifreq.iflr_name, lifr->iflr_name,
+                    sizeof (lifreq.iflr_name));
+            Tprintf (("interface %s\n", lifreq.iflr_name));
+            /*@-moduncon@*/ /* ioctl unknown to lclint */
+            if (ioctl (P.sock, SIOCGLIFFLAGS, (char *)&lifreq) < 0) {
+                Tperror ("ioctl(SIOCGLIFFLAGS)");
+            skip:
+                /* mark for next pass */
+                lifr->iflr_name[0] = '\0';
+                continue;
+            }
+            /*@=moduncon@*/
+
+            /* None of the current callers want loopback addresses.  */
+            if (is_loopback_address(&lifr->iflr_addr)) {
+                Tprintf (("  loopback\n"));
+                goto skip;
+            }
+            /* Ignore interfaces that are down.  */
+            if ((lifreq.iflr_flags & IFF_UP) == 0) {
+                Tprintf (("  down\n"));
+                goto skip;
+            }
+
+            /* Make sure we didn't process this address already.  */
+            for (j = 0; j < i; j += sizeof (*lifr2)) {
+                lifr2 = (struct if_laddrreq *)((caddr_t) P.buf+j);
+                if (lifr2->iflr_name[0] == '\0')
+                    continue;
+                if (lifr2->iflr_addr.sa_family == lifr->iflr_addr.sa_family
+                    /* Compare address info.  If this isn't good enough --
+                       i.e., if random padding bytes turn out to differ
+                       when the addresses are the same -- then we'll have
+                       to do it on a per address family basis.  */
+                    && !memcmp (&lifr2->iflr_addr, &lifr->iflr_addr,
+                                sizeof (*lifr))) {
+                    Tprintf (("  duplicate addr\n"));
+                    goto skip;
+                }
+            }
+
+            /*@-moduncon@*/
+            if ((*pass1fn) (data, ss2sa (&lifr->iflr_addr)))
+                goto punt;
+            /*@=moduncon@*/
+        }
     }
 
     /* Did we actually get any working sockets?  */
     FOREACH_AF ()
-	if (P.sock != -1)
-	    goto have_working_socket;
+        if (P.sock != -1)
+            goto have_working_socket;
     retval = sock_err;
     goto punt;
 have_working_socket:
 
     /*@-moduncon@*/
     if (betweenfn != NULL && (*betweenfn)(data))
-	goto punt;
+        goto punt;
     /*@=moduncon@*/
 
     if (pass2fn)
-	FOREACH_AF ()
-	    if (P.sock >= 0) {
-		for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
-		    lifr = (struct if_laddrreq *)((caddr_t) P.buf+i);
-
-		    if (lifr->iflr_name[0] == '\0')
-			/* Marked in first pass to be ignored.  */
-			continue;
-
-		    /*@-moduncon@*/
-		    if ((*pass2fn) (data, ss2sa (&lifr->iflr_addr)))
-			goto punt;
-		    /*@=moduncon@*/
-		}
-	    }
+        FOREACH_AF ()
+            if (P.sock >= 0) {
+                for (i = 0; i + sizeof(*lifr) <= P.buf_size; i+= sizeof (*lifr)) {
+                    lifr = (struct if_laddrreq *)((caddr_t) P.buf+i);
+
+                    if (lifr->iflr_name[0] == '\0')
+                        /* Marked in first pass to be ignored.  */
+                        continue;
+
+                    /*@-moduncon@*/
+                    if ((*pass2fn) (data, ss2sa (&lifr->iflr_addr)))
+                        goto punt;
+                    /*@=moduncon@*/
+                }
+            }
 punt:
     FOREACH_AF () {
-	/*@-moduncon@*/
-	closesocket(P.sock);
-	/*@=moduncon@*/
-	free (P.buf);
+        /*@-moduncon@*/
+        closesocket(P.sock);
+        /*@=moduncon@*/
+        free (P.buf);
     }
 
     return retval;
@@ -870,27 +871,27 @@ get_ifreq_array(char **bufp, size_t *np, int s)
 #ifdef SIOCGSIZIFCONF
     code = ioctl (s, SIOCGSIZIFCONF, &ifconfsize);
     if (!code) {
-	current_buf_size = ifconfsize;
-	est_if_count = ifconfsize / est_ifreq_size;
+        current_buf_size = ifconfsize;
+        est_if_count = ifconfsize / est_ifreq_size;
     }
 #elif defined (SIOCGIFNUM)
     code = ioctl (s, SIOCGIFNUM, &numifs);
     if (!code && numifs > 0)
-	est_if_count = numifs;
+        est_if_count = numifs;
 #endif
     if (current_buf_size == 0)
-	current_buf_size = est_ifreq_size * est_if_count + SLOP;
+        current_buf_size = est_ifreq_size * est_if_count + SLOP;
     buf = malloc (current_buf_size);
     if (buf == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
 ask_again:
     size = current_buf_size;
     code = get_ifconf (s, &size, buf);
     if (code < 0) {
-	code = errno;
-	free (buf);
-	return code;
+        code = errno;
+        free (buf);
+        return code;
     }
     /* Test that the buffer was big enough that another ifreq could've
        fit easily, if the OS wanted to provide one.  That seems to be
@@ -899,29 +900,29 @@ ask_again:
        bigger than the size of an ifreq.  */
     if (current_buf_size - size < SLOP
 #ifdef SIOCGSIZIFCONF
-	/* Unless we hear SIOCGSIZIFCONF is broken somewhere, let's
-	   trust the value it returns.  */
-	&& ifconfsize <= 0
+        /* Unless we hear SIOCGSIZIFCONF is broken somewhere, let's
+           trust the value it returns.  */
+        && ifconfsize <= 0
 #elif defined (SIOCGIFNUM)
-	&& numifs <= 0
+        && numifs <= 0
 #endif
-	/* And we need *some* sort of bounds.  */
-	&& current_buf_size <= 100000
-	) {
-	size_t new_size;
-
-	est_if_count *= 2;
-	new_size = est_ifreq_size * est_if_count + SLOP;
-	buf = grow_or_free (buf, new_size);
-	if (buf == 0)
-	    return ENOMEM;
-	current_buf_size = new_size;
-	goto ask_again;
+        /* And we need *some* sort of bounds.  */
+        && current_buf_size <= 100000
+    ) {
+        size_t new_size;
+
+        est_if_count *= 2;
+        new_size = est_ifreq_size * est_if_count + SLOP;
+        buf = grow_or_free (buf, new_size);
+        if (buf == 0)
+            return ENOMEM;
+        current_buf_size = new_size;
+        goto ask_again;
     }
 
     n = size;
     if (n > current_buf_size)
-	n = current_buf_size;
+        n = current_buf_size;
 
     *bufp = buf;
     *np = n;
@@ -930,12 +931,12 @@ ask_again:
 
 int
 foreach_localaddr (/*@null@*/ void *data,
-		   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
-		   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
-		   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
-					      struct sockaddr *) /*@*/)
+                   int (*pass1fn) (/*@null@*/ void *, struct sockaddr *) /*@*/,
+                   /*@null@*/ int (*betweenfn) (/*@null@*/ void *) /*@*/,
+                   /*@null@*/ int (*pass2fn) (/*@null@*/ void *,
+                                              struct sockaddr *) /*@*/)
 #if defined(DEBUG) || defined(TEST)
-     /*@modifies fileSystem@*/
+/*@modifies fileSystem@*/
 #endif
 {
     struct ifreq *ifr, ifreq, *ifr2;
@@ -950,15 +951,15 @@ foreach_localaddr (/*@null@*/ void *data,
 
     s = socket (USE_AF, USE_TYPE, USE_PROTO);
     if (s < 0)
-	return SOCKET_ERRNO;
+        return SOCKET_ERRNO;
     set_cloexec_fd(s);
 
     retval = get_ifreq_array(&buf, &n, s);
     if (retval) {
-	/*@-moduncon@*/ /* close() unknown to lclint */
-	closesocket(s);
-	/*@=moduncon@*/
-	return retval;
+        /*@-moduncon@*/ /* close() unknown to lclint */
+        closesocket(s);
+        /*@=moduncon@*/
+        return retval;
     }
 
     /* Note: Apparently some systems put the size (used or wanted?)
@@ -968,98 +969,98 @@ foreach_localaddr (/*@null@*/ void *data,
        size on these systems: *-fujitsu-uxp* *-ncr-sysv4*
        *-univel-sysv*.  */
     for (i = 0; i + sizeof(struct ifreq) <= n; i+= ifreq_size(*ifr) ) {
-	ifr = (struct ifreq *)((caddr_t) buf+i);
-	/* In case ifreq_size is more than sizeof().  */
-	if (i + ifreq_size(*ifr) > n)
-	  break;
-
-	strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name));
-	Tprintf (("interface %s\n", ifreq.ifr_name));
-	/*@-moduncon@*/ /* ioctl unknown to lclint */
-	if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0) {
-	skip:
-	    /* mark for next pass */
-	    ifr->ifr_name[0] = '\0';
-	    continue;
-	}
-	/*@=moduncon@*/
-
-	/* None of the current callers want loopback addresses.  */
-	if (is_loopback_address(&ifreq.ifr_addr)) {
-	    Tprintf (("  loopback\n"));
-	    goto skip;
-	}
-	/* Ignore interfaces that are down.  */
-	if ((ifreq.ifr_flags & IFF_UP) == 0) {
-	    Tprintf (("  down\n"));
-	    goto skip;
-	}
-
-	/* Make sure we didn't process this address already.  */
-	for (j = 0; j < i; j += ifreq_size(*ifr2)) {
-	    ifr2 = (struct ifreq *)((caddr_t) buf+j);
-	    if (ifr2->ifr_name[0] == '\0')
-		continue;
-	    if (ifr2->ifr_addr.sa_family == ifr->ifr_addr.sa_family
-		&& ifreq_size (*ifr) == ifreq_size (*ifr2)
-		/* Compare address info.  If this isn't good enough --
-		   i.e., if random padding bytes turn out to differ
-		   when the addresses are the same -- then we'll have
-		   to do it on a per address family basis.  */
-		&& !memcmp (&ifr2->ifr_addr.sa_data, &ifr->ifr_addr.sa_data,
-			    (ifreq_size (*ifr)
-			     - offsetof (struct ifreq, ifr_addr.sa_data)))) {
-		Tprintf (("  duplicate addr\n"));
-		goto skip;
-	    }
-	}
-
-	/*@-moduncon@*/
-	if ((*pass1fn) (data, &ifr->ifr_addr))
-	    goto punt;
-	/*@=moduncon@*/
+        ifr = (struct ifreq *)((caddr_t) buf+i);
+        /* In case ifreq_size is more than sizeof().  */
+        if (i + ifreq_size(*ifr) > n)
+            break;
+
+        strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof (ifreq.ifr_name));
+        Tprintf (("interface %s\n", ifreq.ifr_name));
+        /*@-moduncon@*/ /* ioctl unknown to lclint */
+        if (ioctl (s, SIOCGIFFLAGS, (char *)&ifreq) < 0) {
+        skip:
+            /* mark for next pass */
+            ifr->ifr_name[0] = '\0';
+            continue;
+        }
+        /*@=moduncon@*/
+
+        /* None of the current callers want loopback addresses.  */
+        if (is_loopback_address(&ifreq.ifr_addr)) {
+            Tprintf (("  loopback\n"));
+            goto skip;
+        }
+        /* Ignore interfaces that are down.  */
+        if ((ifreq.ifr_flags & IFF_UP) == 0) {
+            Tprintf (("  down\n"));
+            goto skip;
+        }
+
+        /* Make sure we didn't process this address already.  */
+        for (j = 0; j < i; j += ifreq_size(*ifr2)) {
+            ifr2 = (struct ifreq *)((caddr_t) buf+j);
+            if (ifr2->ifr_name[0] == '\0')
+                continue;
+            if (ifr2->ifr_addr.sa_family == ifr->ifr_addr.sa_family
+                && ifreq_size (*ifr) == ifreq_size (*ifr2)
+                /* Compare address info.  If this isn't good enough --
+                   i.e., if random padding bytes turn out to differ
+                   when the addresses are the same -- then we'll have
+                   to do it on a per address family basis.  */
+                && !memcmp (&ifr2->ifr_addr.sa_data, &ifr->ifr_addr.sa_data,
+                            (ifreq_size (*ifr)
+                             - offsetof (struct ifreq, ifr_addr.sa_data)))) {
+                Tprintf (("  duplicate addr\n"));
+                goto skip;
+            }
+        }
+
+        /*@-moduncon@*/
+        if ((*pass1fn) (data, &ifr->ifr_addr))
+            goto punt;
+        /*@=moduncon@*/
     }
 
 #ifdef LINUX_IPV6_HACK
     for (lx_v6 = linux_ipv6_addrs; lx_v6; lx_v6 = lx_v6->next)
-	if ((*pass1fn) (data, (struct sockaddr *) &lx_v6->addr))
-	    goto punt;
+        if ((*pass1fn) (data, (struct sockaddr *) &lx_v6->addr))
+            goto punt;
 #endif
 
     /*@-moduncon@*/
     if (betweenfn != NULL && (*betweenfn)(data))
-	goto punt;
+        goto punt;
     /*@=moduncon@*/
 
     if (pass2fn) {
-	for (i = 0; i + sizeof(struct ifreq) <= n; i+= ifreq_size(*ifr) ) {
-	    ifr = (struct ifreq *)((caddr_t) buf+i);
-
-	    if (ifr->ifr_name[0] == '\0')
-		/* Marked in first pass to be ignored.  */
-		continue;
-
-	    /*@-moduncon@*/
-	    if ((*pass2fn) (data, &ifr->ifr_addr))
-		goto punt;
-	    /*@=moduncon@*/
-	}
+        for (i = 0; i + sizeof(struct ifreq) <= n; i+= ifreq_size(*ifr) ) {
+            ifr = (struct ifreq *)((caddr_t) buf+i);
+
+            if (ifr->ifr_name[0] == '\0')
+                /* Marked in first pass to be ignored.  */
+                continue;
+
+            /*@-moduncon@*/
+            if ((*pass2fn) (data, &ifr->ifr_addr))
+                goto punt;
+            /*@=moduncon@*/
+        }
 #ifdef LINUX_IPV6_HACK
-	for (lx_v6 = linux_ipv6_addrs; lx_v6; lx_v6 = lx_v6->next)
-	    if ((*pass2fn) (data, (struct sockaddr *) &lx_v6->addr))
-		goto punt;
+        for (lx_v6 = linux_ipv6_addrs; lx_v6; lx_v6 = lx_v6->next)
+            if ((*pass2fn) (data, (struct sockaddr *) &lx_v6->addr))
+                goto punt;
 #endif
     }
- punt:
+punt:
     /*@-moduncon@*/
     closesocket(s);
     /*@=moduncon@*/
     free (buf);
 #ifdef LINUX_IPV6_HACK
     while (linux_ipv6_addrs) {
-	lx_v6 = linux_ipv6_addrs->next;
-	free (linux_ipv6_addrs);
-	linux_ipv6_addrs = lx_v6;
+        lx_v6 = linux_ipv6_addrs->next;
+        free (linux_ipv6_addrs);
+        linux_ipv6_addrs = lx_v6;
     }
 #endif
 
@@ -1074,7 +1075,7 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile);
 #ifdef TEST
 
 static int print_addr (/*@unused@*/ void *dataptr, struct sockaddr *sa)
-     /*@modifies fileSystem@*/
+/*@modifies fileSystem@*/
 {
     char hostbuf[NI_MAXHOST];
     int err;
@@ -1083,14 +1084,14 @@ static int print_addr (/*@unused@*/ void *dataptr, struct sockaddr *sa)
     printf ("  --> family %2d ", sa->sa_family);
     len = socklen (sa);
     err = getnameinfo (sa, len, hostbuf, (socklen_t) sizeof (hostbuf),
-		       (char *) NULL, 0, NI_NUMERICHOST);
+                       (char *) NULL, 0, NI_NUMERICHOST);
     if (err) {
-	int e = errno;
-	printf ("<getnameinfo error %d: %s>\n", err, gai_strerror (err));
-	if (err == EAI_SYSTEM)
-	    printf ("\t\t<errno is %d: %s>\n", e, strerror(e));
+        int e = errno;
+        printf ("<getnameinfo error %d: %s>\n", err, gai_strerror (err));
+        if (err == EAI_SYSTEM)
+            printf ("\t\t<errno is %d: %s>\n", e, strerror(e));
     } else
-	printf ("addr %s\n", hostbuf);
+        printf ("addr %s\n", hostbuf);
     return 0;
 }
 
@@ -1113,7 +1114,7 @@ struct localaddr_data {
 
 static int
 count_addrs (void *P_data, struct sockaddr *a)
-     /*@*/
+/*@*/
 {
     struct localaddr_data *data = P_data;
     switch (a->sa_family) {
@@ -1124,49 +1125,49 @@ count_addrs (void *P_data, struct sockaddr *a)
 #ifdef KRB5_USE_NS
     case AF_XNS:
 #endif
-	data->count++;
-	break;
+        data->count++;
+        break;
     default:
-	break;
+        break;
     }
     return 0;
 }
 
 static int
 allocate (void *P_data)
-     /*@*/
+/*@*/
 {
     struct localaddr_data *data = P_data;
     int i;
     void *n;
 
     n = realloc (data->addr_temp,
-		 (1 + data->count + data->cur_idx) * sizeof (krb5_address *));
+                 (1 + data->count + data->cur_idx) * sizeof (krb5_address *));
     if (n == 0) {
-	data->mem_err++;
-	return 1;
+        data->mem_err++;
+        return 1;
     }
     data->addr_temp = n;
     data->cur_size = 1 + data->count + data->cur_idx;
     for (i = data->cur_idx; i <= data->count + data->cur_idx; i++)
-	data->addr_temp[i] = 0;
+        data->addr_temp[i] = 0;
     return 0;
 }
 
 static /*@null@*/ krb5_address *
 make_addr (int type, size_t length, const void *contents)
-    /*@*/
+/*@*/
 {
     krb5_address *a;
     void *data;
 
     data = malloc (length);
     if (data == NULL)
-	return NULL;
+        return NULL;
     a = malloc (sizeof (krb5_address));
     if (a == NULL) {
-	free (data);
-	return NULL;
+        free (data);
+        return NULL;
     }
     memcpy (data, contents, length);
     a->magic = KV5M_ADDRESS;
@@ -1178,7 +1179,7 @@ make_addr (int type, size_t length, const void *contents)
 
 static int
 add_addr (void *P_data, struct sockaddr *a)
-     /*@modifies *P_data@*/
+/*@modifies *P_data@*/
 {
     struct localaddr_data *data = P_data;
     /*@null@*/ krb5_address *address = 0;
@@ -1186,57 +1187,57 @@ add_addr (void *P_data, struct sockaddr *a)
     switch (a->sa_family) {
 #ifdef HAVE_NETINET_IN_H
     case AF_INET:
-	address = make_addr (ADDRTYPE_INET, sizeof (struct in_addr),
-			     &((const struct sockaddr_in *) a)->sin_addr);
-	if (address == NULL)
-	    data->mem_err++;
-	break;
+        address = make_addr (ADDRTYPE_INET, sizeof (struct in_addr),
+                             &((const struct sockaddr_in *) a)->sin_addr);
+        if (address == NULL)
+            data->mem_err++;
+        break;
 
 #ifdef KRB5_USE_INET6
     case AF_INET6:
     {
-	const struct sockaddr_in6 *in = (const struct sockaddr_in6 *) a;
-	
-	if (IN6_IS_ADDR_LINKLOCAL (&in->sin6_addr))
-	    break;
-
-	address = make_addr (ADDRTYPE_INET6, sizeof (struct in6_addr),
-			     &in->sin6_addr);
-	if (address == NULL)
-	    data->mem_err++;
-	break;
+        const struct sockaddr_in6 *in = (const struct sockaddr_in6 *) a;
+
+        if (IN6_IS_ADDR_LINKLOCAL (&in->sin6_addr))
+            break;
+
+        address = make_addr (ADDRTYPE_INET6, sizeof (struct in6_addr),
+                             &in->sin6_addr);
+        if (address == NULL)
+            data->mem_err++;
+        break;
     }
 #endif /* KRB5_USE_INET6 */
 #endif /* netinet/in.h */
 
 #ifdef KRB5_USE_NS
     case AF_XNS:
-	address = make_addr (ADDRTYPE_XNS, sizeof (struct ns_addr),
-			     &((const struct sockaddr_ns *)a)->sns_addr);
-	if (address == NULL)
-	    data->mem_err++;
-	break;
+        address = make_addr (ADDRTYPE_XNS, sizeof (struct ns_addr),
+                             &((const struct sockaddr_ns *)a)->sns_addr);
+        if (address == NULL)
+            data->mem_err++;
+        break;
 #endif
 
 #ifdef AF_LINK
-	/* Some BSD-based systems (e.g. NetBSD 1.5) and AIX will
-	   include the ethernet address, but we don't want that, at
-	   least for now.  */
+        /* Some BSD-based systems (e.g. NetBSD 1.5) and AIX will
+           include the ethernet address, but we don't want that, at
+           least for now.  */
     case AF_LINK:
-	break;
+        break;
 #endif
-    /*
-     * Add more address families here..
-     */
+        /*
+         * Add more address families here..
+         */
     default:
-	break;
+        break;
     }
 #ifdef __LCLINT__
     /* Redundant but unconditional store un-confuses lclint.  */
     data->addr_temp[data->cur_idx] = address;
 #endif
     if (address) {
-	data->addr_temp[data->cur_idx++] = address;
+        data->addr_temp[data->cur_idx++] = address;
     }
 
     return data->mem_err;
@@ -1247,7 +1248,7 @@ krb5_os_localaddr_profile (krb5_context context, struct localaddr_data *datap)
 {
     krb5_error_code err;
     static const char *const profile_name[] = {
-	KRB5_CONF_LIBDEFAULTS, KRB5_CONF_EXTRA_ADDRESSES, 0
+        KRB5_CONF_LIBDEFAULTS, KRB5_CONF_EXTRA_ADDRESSES, 0
     };
     char **values;
     char **iter;
@@ -1260,69 +1261,69 @@ krb5_os_localaddr_profile (krb5_context context, struct localaddr_data *datap)
     err = profile_get_values (context->profile, profile_name, &values);
     /* Ignore all errors for now?  */
     if (err)
-	return 0;
+        return 0;
 
     for (iter = values; *iter; iter++) {
-	char *cp = *iter, *next, *current;
-	int i, count;
+        char *cp = *iter, *next, *current;
+        int i, count;
 
 #ifdef DEBUG
-	fprintf (stderr, "  found line: '%s'\n", cp);
+        fprintf (stderr, "  found line: '%s'\n", cp);
 #endif
 
-	for (cp = *iter, next = 0; *cp; cp = next) {
-	    while (isspace ((int) *cp) || *cp == ',')
-		cp++;
-	    if (*cp == 0)
-		break;
-	    /* Start of an address.  */
+        for (cp = *iter, next = 0; *cp; cp = next) {
+            while (isspace ((int) *cp) || *cp == ',')
+                cp++;
+            if (*cp == 0)
+                break;
+            /* Start of an address.  */
 #ifdef DEBUG
-	    fprintf (stderr, "    addr found in '%s'\n", cp);
+            fprintf (stderr, "    addr found in '%s'\n", cp);
 #endif
-	    current = cp;
-	    while (*cp != 0 && !isspace((int) *cp) && *cp != ',')
-		cp++;
-	    if (*cp != 0) {
-		next = cp + 1;
-		*cp = 0;
-	    } else
-		next = cp;
-	    /* Got a single address, process it.  */
+            current = cp;
+            while (*cp != 0 && !isspace((int) *cp) && *cp != ',')
+                cp++;
+            if (*cp != 0) {
+                next = cp + 1;
+                *cp = 0;
+            } else
+                next = cp;
+            /* Got a single address, process it.  */
 #ifdef DEBUG
-	    fprintf (stderr, "    processing '%s'\n", current);
+            fprintf (stderr, "    processing '%s'\n", current);
 #endif
-	    newaddrs = 0;
-	    err = krb5_os_hostaddr (context, current, &newaddrs);
-	    if (err)
-		continue;
-	    for (i = 0; newaddrs[i]; i++) {
+            newaddrs = 0;
+            err = krb5_os_hostaddr (context, current, &newaddrs);
+            if (err)
+                continue;
+            for (i = 0; newaddrs[i]; i++) {
 #ifdef DEBUG
-		fprintf (stderr, "    %d: family %d", i,
-			 newaddrs[i]->addrtype);
-		fprintf (stderr, "\n");
+                fprintf (stderr, "    %d: family %d", i,
+                         newaddrs[i]->addrtype);
+                fprintf (stderr, "\n");
 #endif
-	    }
-	    count = i;
+            }
+            count = i;
 #ifdef DEBUG
-	    fprintf (stderr, "    %d addresses\n", count);
+            fprintf (stderr, "    %d addresses\n", count);
 #endif
-	    if (datap->cur_idx + count >= datap->cur_size) {
-		krb5_address **bigger;
-		bigger = realloc (datap->addr_temp,
-				  sizeof (krb5_address *) * (datap->cur_idx + count));
-		if (bigger) {
-		    datap->addr_temp = bigger;
-		    datap->cur_size = datap->cur_idx + count;
-		}
-	    }
-	    for (i = 0; i < count; i++) {
-		if (datap->cur_idx < datap->cur_size)
-		    datap->addr_temp[datap->cur_idx++] = newaddrs[i];
-		else
-		    free (newaddrs[i]->contents), free (newaddrs[i]);
-	    }
-	    free (newaddrs);
-	}
+            if (datap->cur_idx + count >= datap->cur_size) {
+                krb5_address **bigger;
+                bigger = realloc (datap->addr_temp,
+                                  sizeof (krb5_address *) * (datap->cur_idx + count));
+                if (bigger) {
+                    datap->addr_temp = bigger;
+                    datap->cur_size = datap->cur_idx + count;
+                }
+            }
+            for (i = 0; i < count; i++) {
+                if (datap->cur_idx < datap->cur_size)
+                    datap->addr_temp[datap->cur_idx++] = newaddrs[i];
+                else
+                    free (newaddrs[i]->contents), free (newaddrs[i]);
+            }
+            free (newaddrs);
+        }
     }
     return 0;
 }
@@ -1349,92 +1350,92 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile)
     krb5_error_code err;
 
     if (use_profile) {
-	err = krb5_os_localaddr_profile (context, &data);
-	/* ignore err for now */
+        err = krb5_os_localaddr_profile (context, &data);
+        /* ignore err for now */
     }
 
     r = foreach_localaddr (&data, count_addrs, allocate, add_addr);
     if (r != 0) {
-	int i;
-	if (data.addr_temp) {
-	    for (i = 0; i < data.count; i++)
-		free (data.addr_temp[i]);
-	    free (data.addr_temp);
-	}
-	if (data.mem_err)
-	    return ENOMEM;
-	else
-	    return r;
+        int i;
+        if (data.addr_temp) {
+            for (i = 0; i < data.count; i++)
+                free (data.addr_temp[i]);
+            free (data.addr_temp);
+        }
+        if (data.mem_err)
+            return ENOMEM;
+        else
+            return r;
     }
 
     data.cur_idx++; /* null termination */
     if (data.mem_err)
-	return ENOMEM;
+        return ENOMEM;
     else if (data.cur_idx == data.count)
-	*addr = data.addr_temp;
+        *addr = data.addr_temp;
     else {
-	/* This can easily happen if we have IPv6 link-local
-	   addresses.  Just shorten the array.  */
-	*addr = (krb5_address **) realloc (data.addr_temp,
-					   (sizeof (krb5_address *)
-					    * data.cur_idx));
-	if (*addr == 0)
-	    /* Okay, shortening failed, but the original should still
-	       be intact.  */
-	    *addr = data.addr_temp;
+        /* This can easily happen if we have IPv6 link-local
+           addresses.  Just shorten the array.  */
+        *addr = (krb5_address **) realloc (data.addr_temp,
+                                           (sizeof (krb5_address *)
+                                            * data.cur_idx));
+        if (*addr == 0)
+            /* Okay, shortening failed, but the original should still
+               be intact.  */
+            *addr = data.addr_temp;
     }
 
 #ifdef DEBUG
     {
-	int j;
-	fprintf (stderr, "addresses:\n");
-	for (j = 0; addr[0][j]; j++) {
-	    struct sockaddr_storage ss;
-	    int err2;
-	    char namebuf[NI_MAXHOST];
-	    void *addrp = 0;
-
-	    fprintf (stderr, "%2d: ", j);
-	    fprintf (stderr, "addrtype %2d, length %2d", addr[0][j]->addrtype,
-		     addr[0][j]->length);
-	    memset (&ss, 0, sizeof (ss));
-	    switch (addr[0][j]->addrtype) {
-	    case ADDRTYPE_INET:
-	    {
-		struct sockaddr_in *sinp = ss2sin (&ss);
-		sinp->sin_family = AF_INET;
-		addrp = &sinp->sin_addr;
+        int j;
+        fprintf (stderr, "addresses:\n");
+        for (j = 0; addr[0][j]; j++) {
+            struct sockaddr_storage ss;
+            int err2;
+            char namebuf[NI_MAXHOST];
+            void *addrp = 0;
+
+            fprintf (stderr, "%2d: ", j);
+            fprintf (stderr, "addrtype %2d, length %2d", addr[0][j]->addrtype,
+                     addr[0][j]->length);
+            memset (&ss, 0, sizeof (ss));
+            switch (addr[0][j]->addrtype) {
+            case ADDRTYPE_INET:
+            {
+                struct sockaddr_in *sinp = ss2sin (&ss);
+                sinp->sin_family = AF_INET;
+                addrp = &sinp->sin_addr;
 #ifdef HAVE_SA_LEN
-		sinp->sin_len = sizeof (struct sockaddr_in);
+                sinp->sin_len = sizeof (struct sockaddr_in);
 #endif
-		break;
-	    }
+                break;
+            }
 #ifdef KRB5_USE_INET6
-	    case ADDRTYPE_INET6:
-	    {
-		struct sockaddr_in6 *sin6p = ss2sin6 (&ss);
-		sin6p->sin6_family = AF_INET6;
-		addrp = &sin6p->sin6_addr;
+            case ADDRTYPE_INET6:
+            {
+                struct sockaddr_in6 *sin6p = ss2sin6 (&ss);
+                sin6p->sin6_family = AF_INET6;
+                addrp = &sin6p->sin6_addr;
 #ifdef HAVE_SA_LEN
-		sin6p->sin6_len = sizeof (struct sockaddr_in6);
+                sin6p->sin6_len = sizeof (struct sockaddr_in6);
 #endif
-		break;
-	    }
+                break;
+            }
 #endif
-	    default:
-		ss2sa(&ss)->sa_family = 0;
-		break;
-	    }
-	    if (addrp)
-		memcpy (addrp, addr[0][j]->contents, addr[0][j]->length);
-	    err2 = getnameinfo (ss2sa(&ss), socklen (ss2sa (&ss)),
-				namebuf, sizeof (namebuf), 0, 0,
-				NI_NUMERICHOST);
-	    if (err2 == 0)
-		fprintf (stderr, ": addr %s\n", namebuf);
-	    else
-		fprintf (stderr, ": getnameinfo error %d\n", err2);
-	}
+            default:
+                ss2sa(&ss)->sa_family = 0;
+                break;
+            }
+            if (addrp)
+                memcpy (addrp, addr[0][j]->contents, addr[0][j]->length);
+            err2 = getnameinfo (ss2sa(&ss), socklen (ss2sa (&ss)),
+                                namebuf, sizeof (namebuf), 0, 0,
+                                NI_NUMERICHOST);
+            if (err2 == 0)
+                fprintf (stderr, ": addr %s\n", namebuf);
+            else
+                fprintf (stderr, ": getnameinfo error %d\n", err2);
+        }
     }
 #endif
 
@@ -1453,47 +1454,47 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile)
 #if defined(_WIN32)
 static struct hostent *local_addr_fallback_kludge()
 {
-	static struct hostent	host;
-	static SOCKADDR_IN	addr;
-	static char *		ip_ptrs[2];
-	SOCKET			sock;
-	int			size = sizeof(SOCKADDR);
-	int			err;
-
-	sock = socket(AF_INET, SOCK_DGRAM, 0);
-	if (sock == INVALID_SOCKET)
-		return NULL;
-	set_cloexec_fd(sock);
-
-	/* connect to arbitrary port and address (NOT loopback) */
-	addr.sin_family = AF_INET;
-	addr.sin_port = htons(IPPORT_ECHO);
-	addr.sin_addr.s_addr = inet_addr("204.137.220.51");
-
-	err = connect(sock, (LPSOCKADDR) &addr, sizeof(SOCKADDR));
-	if (err == SOCKET_ERROR)
-		return NULL;
-
-	err = getsockname(sock, (LPSOCKADDR) &addr, (int *) size);
-	if (err == SOCKET_ERROR)
-		return NULL;
-
-	closesocket(sock);
-
-	host.h_name = 0;
-	host.h_aliases = 0;
-	host.h_addrtype = AF_INET;
-	host.h_length = 4;
-	host.h_addr_list = ip_ptrs;
-	ip_ptrs[0] = (char *) &addr.sin_addr.s_addr;
-	ip_ptrs[1] = NULL;
-
-	return &host;
+    static struct hostent   host;
+    static SOCKADDR_IN      addr;
+    static char *           ip_ptrs[2];
+    SOCKET                  sock;
+    int                     size = sizeof(SOCKADDR);
+    int                     err;
+
+    sock = socket(AF_INET, SOCK_DGRAM, 0);
+    if (sock == INVALID_SOCKET)
+        return NULL;
+    set_cloexec_fd(sock);
+
+    /* connect to arbitrary port and address (NOT loopback) */
+    addr.sin_family = AF_INET;
+    addr.sin_port = htons(IPPORT_ECHO);
+    addr.sin_addr.s_addr = inet_addr("204.137.220.51");
+
+    err = connect(sock, (LPSOCKADDR) &addr, sizeof(SOCKADDR));
+    if (err == SOCKET_ERROR)
+        return NULL;
+
+    err = getsockname(sock, (LPSOCKADDR) &addr, (int *) size);
+    if (err == SOCKET_ERROR)
+        return NULL;
+
+    closesocket(sock);
+
+    host.h_name = 0;
+    host.h_aliases = 0;
+    host.h_addrtype = AF_INET;
+    host.h_length = 4;
+    host.h_addr_list = ip_ptrs;
+    ip_ptrs[0] = (char *) &addr.sin_addr.s_addr;
+    ip_ptrs[1] = NULL;
+
+    return &host;
 }
 #endif
 
-/* No ioctls in winsock so we just assume there is only one networking 
- * card per machine, so gethostent is good enough. 
+/* No ioctls in winsock so we just assume there is only one networking
+ * card per machine, so gethostent is good enough.
  */
 krb5_error_code KRB5_CALLCONV
 krb5_os_localaddr (krb5_context context, krb5_address ***addr) {
@@ -1505,24 +1506,24 @@ krb5_os_localaddr (krb5_context context, krb5_address ***addr) {
     *addr = 0;
     paddr = 0;
     err = 0;
-    
+
     if (gethostname (host, sizeof(host))) {
         err = SOCKET_ERRNO;
     }
 
     if (!err) {
-	    hostrec = gethostbyname (host);
-	    if (hostrec == NULL) {
-		    err = SOCKET_ERRNO;
-	    }
+        hostrec = gethostbyname (host);
+        if (hostrec == NULL) {
+            err = SOCKET_ERRNO;
+        }
     }
 
     if (err) {
-	    hostrec = local_addr_fallback_kludge();
-	    if (!hostrec)
-		    return err;
-		else
-			err = 0;  /* otherwise we will die at cleanup */
+        hostrec = local_addr_fallback_kludge();
+        if (!hostrec)
+            return err;
+        else
+            err = 0;  /* otherwise we will die at cleanup */
     }
 
     for (count = 0; hostrec->h_addr_list[count]; count++);
@@ -1554,7 +1555,7 @@ krb5_os_localaddr (krb5_context context, krb5_address ***addr) {
                paddr[i]->length);
     }
 
- cleanup:
+cleanup:
     if (err) {
         if (paddr) {
             for (i = 0; i < count; i++)
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index 4383fab4b..df246eff2 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/locate_kdc.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * get socket addresses for KDC.
  */
@@ -73,13 +74,13 @@ maybe_use_dns (krb5_context context, const char *name, int defalt)
     code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
                               name, 0, 0, &value);
     if (value == 0 && code == 0)
-	code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
-				  KRB5_CONF_DNS_FALLBACK, 0, 0, &value);
+        code = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
+                                  KRB5_CONF_DNS_FALLBACK, 0, 0, &value);
     if (code)
         return defalt;
 
     if (value == 0)
-	return defalt;
+        return defalt;
 
     use_dns = _krb5_conf_boolean(value);
     profile_release_string(value);
@@ -110,12 +111,12 @@ krb5int_grow_addrlist (struct addrlist *lp, int nmore)
 
     newaddrs = realloc (lp->addrs, newsize);
     if (newaddrs == NULL)
-	return ENOMEM;
+        return ENOMEM;
     lp->addrs = newaddrs;
     for (i = lp->space; i < newspace; i++) {
-	lp->addrs[i].ai = NULL;
-	lp->addrs[i].freefn = NULL;
-	lp->addrs[i].data = NULL;
+        lp->addrs[i].ai = NULL;
+        lp->addrs[i].freefn = NULL;
+        lp->addrs[i].data = NULL;
     }
     lp->space = newspace;
     return 0;
@@ -129,8 +130,8 @@ krb5int_free_addrlist (struct addrlist *lp)
 {
     int i;
     for (i = 0; i < lp->naddrs; i++)
-	if (lp->addrs[i].freefn)
-	    (lp->addrs[i].freefn)(lp->addrs[i].data);
+        if (lp->addrs[i].freefn)
+            (lp->addrs[i].freefn)(lp->addrs[i].data);
     free (lp->addrs);
     lp->addrs = NULL;
     lp->naddrs = lp->space = 0;
@@ -141,19 +142,19 @@ static int translate_ai_error (int err)
 {
     switch (err) {
     case 0:
-	return 0;
+        return 0;
     case EAI_BADFLAGS:
     case EAI_FAMILY:
     case EAI_SOCKTYPE:
     case EAI_SERVICE:
-	/* All of these indicate bad inputs to getaddrinfo.  */
-	return EINVAL;
+        /* All of these indicate bad inputs to getaddrinfo.  */
+        return EINVAL;
     case EAI_AGAIN:
-	/* Translate to standard errno code.  */
-	return EAGAIN;
+        /* Translate to standard errno code.  */
+        return EAGAIN;
     case EAI_MEMORY:
-	/* Translate to standard errno code.  */
-	return ENOMEM;
+        /* Translate to standard errno code.  */
+        return ENOMEM;
 #ifdef EAI_ADDRFAMILY
     case EAI_ADDRFAMILY:
 #endif
@@ -161,22 +162,22 @@ static int translate_ai_error (int err)
     case EAI_NODATA:
 #endif
     case EAI_NONAME:
-	/* Name not known or no address data, but no error.  Do
-	   nothing more.  */
-	return 0;
+        /* Name not known or no address data, but no error.  Do
+           nothing more.  */
+        return 0;
 #ifdef EAI_OVERFLOW
     case EAI_OVERFLOW:
-	/* An argument buffer overflowed.  */
-	return EINVAL;		/* XXX */
+        /* An argument buffer overflowed.  */
+        return EINVAL;          /* XXX */
 #endif
 #ifdef EAI_SYSTEM
     case EAI_SYSTEM:
-	/* System error, obviously.  */
-	return errno;
+        /* System error, obviously.  */
+        return errno;
 #endif
     default:
-	/* An error code we haven't handled?  */
-	return EINVAL;
+        /* An error code we haven't handled?  */
+        return EINVAL;
     }
 }
 
@@ -202,19 +203,19 @@ static inline void print_addrlist(const struct addrlist *a) { }
 #endif
 
 static int add_addrinfo_to_list (struct addrlist *lp, struct addrinfo *a,
-				 void (*freefn)(void *), void *data)
+                                 void (*freefn)(void *), void *data)
 {
     int err;
 
     dprint("\tadding %p=%A to %p (naddrs=%d space=%d)\n", a, a, lp,
-	   lp->naddrs, lp->space);
+           lp->naddrs, lp->space);
 
     if (lp->naddrs == lp->space) {
-	err = grow_list (lp, 1);
-	if (err) {
-	    Tprintf ("grow_list failed %d\n", err);
-	    return err;
-	}
+        err = grow_list (lp, 1);
+        if (err) {
+            Tprintf ("grow_list failed %d\n", err);
+            return err;
+        }
     }
     Tprintf("setting element %d\n", lp->naddrs);
     lp->addrs[lp->naddrs].ai = a;
@@ -239,8 +240,8 @@ static void call_freeaddrinfo(void *data)
 
 int
 krb5int_add_host_to_list (struct addrlist *lp, const char *hostname,
-			  int port, int secport,
-			  int socktype, int family)
+                          int port, int secport,
+                          int socktype, int family)
 {
     struct addrinfo *addrs, *a, *anext, hint;
     int err;
@@ -248,8 +249,8 @@ krb5int_add_host_to_list (struct addrlist *lp, const char *hostname,
     void (*freefn)(void *);
 
     Tprintf ("adding hostname %s, ports %d,%d, family %d, socktype %d\n",
-	     hostname, ntohs (port), ntohs (secport),
-	     family, socktype);
+             hostname, ntohs (port), ntohs (secport),
+             family, socktype);
 
     memset(&hint, 0, sizeof(hint));
     hint.ai_family = family;
@@ -258,38 +259,38 @@ krb5int_add_host_to_list (struct addrlist *lp, const char *hostname,
     hint.ai_flags = AI_NUMERICSERV;
 #endif
     if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf))
-	/* XXX */
-	return EINVAL;
+        /* XXX */
+        return EINVAL;
     if (snprintf(secportbuf, sizeof(secportbuf), "%d", ntohs(secport)) >= sizeof(secportbuf))
-	return EINVAL;
+        return EINVAL;
     err = getaddrinfo (hostname, portbuf, &hint, &addrs);
     if (err) {
-	Tprintf ("\tgetaddrinfo(\"%s\", \"%s\", ...)\n\treturns %d: %s\n",
-		 hostname, portbuf, err, gai_strerror (err));
-	return translate_ai_error (err);
+        Tprintf ("\tgetaddrinfo(\"%s\", \"%s\", ...)\n\treturns %d: %s\n",
+                 hostname, portbuf, err, gai_strerror (err));
+        return translate_ai_error (err);
     }
     freefn = call_freeaddrinfo;
     anext = 0;
     for (a = addrs; a != 0 && err == 0; a = anext, freefn = 0) {
-	anext = a->ai_next;
-	err = add_addrinfo_to_list (lp, a, freefn, a);
+        anext = a->ai_next;
+        err = add_addrinfo_to_list (lp, a, freefn, a);
     }
     if (err || secport == 0)
-	goto egress;
+        goto egress;
     if (socktype == 0)
-	socktype = SOCK_DGRAM;
+        socktype = SOCK_DGRAM;
     else if (socktype != SOCK_DGRAM)
-	goto egress;
+        goto egress;
     hint.ai_family = AF_INET;
     err = getaddrinfo (hostname, secportbuf, &hint, &addrs);
     if (err) {
-	err = translate_ai_error (err);
-	goto egress;
+        err = translate_ai_error (err);
+        goto egress;
     }
     freefn = call_freeaddrinfo;
     for (a = addrs; a != 0 && err == 0; a = anext, freefn = 0) {
-	anext = a->ai_next;
-	err = add_addrinfo_to_list (lp, a, freefn, a);
+        anext = a->ai_next;
+        err = add_addrinfo_to_list (lp, a, freefn, a);
     }
 egress:
     /* XXX Memory leaks possible here if add_addrinfo_to_list fails.  */
@@ -304,20 +305,20 @@ egress:
 
 static krb5_error_code
 krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm,
-		       const char * name, struct addrlist *addrlist,
-		       int get_masters, int socktype,
-		       int udpport, int sec_udpport, int family)
+                       const char * name, struct addrlist *addrlist,
+                       int get_masters, int socktype,
+                       int udpport, int sec_udpport, int family)
 {
-    const char	*realm_srv_names[4];
+    const char  *realm_srv_names[4];
     char **masterlist, **hostlist, *host, *port, *cp;
     krb5_error_code code;
     int i, j, count, ismaster;
 
     Tprintf ("looking in krb5.conf for realm %s entry %s; ports %d,%d\n",
-	     realm->data, name, ntohs (udpport), ntohs (sec_udpport));
+             realm->data, name, ntohs (udpport), ntohs (sec_udpport));
 
-    if ((host = malloc(realm->length + 1)) == NULL) 
-	return ENOMEM;
+    if ((host = malloc(realm->length + 1)) == NULL)
+        return ENOMEM;
 
     strncpy(host, realm->data, realm->length);
     host[realm->length] = '\0';
@@ -333,57 +334,57 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm,
     code = profile_get_values(context->profile, realm_srv_names, &hostlist);
 
     if (code) {
-	Tprintf ("config file lookup failed: %s\n",
-		 error_message(code));
+        Tprintf ("config file lookup failed: %s\n",
+                 error_message(code));
         if (code == PROF_NO_SECTION || code == PROF_NO_RELATION)
-	    code = KRB5_REALM_UNKNOWN;
- 	free(host);
-  	return code;
-     }
+            code = KRB5_REALM_UNKNOWN;
+        free(host);
+        return code;
+    }
 
     count = 0;
     while (hostlist && hostlist[count])
-	    count++;
+        count++;
     Tprintf ("found %d entries under 'kdc'\n", count);
-    
+
     if (count == 0) {
         profile_free_list(hostlist);
-	free(host);
-	addrlist->naddrs = 0;
-	return 0;
+        free(host);
+        addrlist->naddrs = 0;
+        return 0;
     }
-    
+
     if (get_masters) {
-	realm_srv_names[0] = KRB5_CONF_REALMS;
-	realm_srv_names[1] = host;
-	realm_srv_names[2] = KRB5_CONF_ADMIN_SERVER;
-	realm_srv_names[3] = 0;
-
-	code = profile_get_values(context->profile, realm_srv_names,
-				  &masterlist);
-
-	free(host);
-
-	if (code == 0) {
-	    for (i=0; masterlist[i]; i++) {
-		host = masterlist[i];
-
-		/*
-		 * Strip off excess whitespace
-		 */
-		cp = strchr(host, ' ');
-		if (cp)
-		    *cp = 0;
-		cp = strchr(host, '\t');
-		if (cp)
-		    *cp = 0;
-		cp = strchr(host, ':');
-		if (cp)
-		    *cp = 0;
-	    }
-	}
+        realm_srv_names[0] = KRB5_CONF_REALMS;
+        realm_srv_names[1] = host;
+        realm_srv_names[2] = KRB5_CONF_ADMIN_SERVER;
+        realm_srv_names[3] = 0;
+
+        code = profile_get_values(context->profile, realm_srv_names,
+                                  &masterlist);
+
+        free(host);
+
+        if (code == 0) {
+            for (i=0; masterlist[i]; i++) {
+                host = masterlist[i];
+
+                /*
+                 * Strip off excess whitespace
+                 */
+                cp = strchr(host, ' ');
+                if (cp)
+                    *cp = 0;
+                cp = strchr(host, '\t');
+                if (cp)
+                    *cp = 0;
+                cp = strchr(host, ':');
+                if (cp)
+                    *cp = 0;
+            }
+        }
     } else {
-	free(host);
+        free(host);
     }
 
     /* at this point, if master is non-NULL, then either the master kdc
@@ -392,80 +393,80 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm,
 
 #ifdef HAVE_NETINET_IN_H
     if (sec_udpport)
-	    count = count * 2;
+        count = count * 2;
 #endif
 
     for (i=0; hostlist[i]; i++) {
-	int p1, p2;
-
-	host = hostlist[i];
-	Tprintf ("entry %d is '%s'\n", i, host);
-	/*
-	 * Strip off excess whitespace
-	 */
-	cp = strchr(host, ' ');
-	if (cp)
-	    *cp = 0;
-	cp = strchr(host, '\t');
-	if (cp)
-	    *cp = 0;
-	port = strchr(host, ':');
-	if (port) {
-	    *port = 0;
-	    port++;
-	}
-
-	ismaster = 0;
-	if (masterlist) {
-	    for (j=0; masterlist[j]; j++) {
-		if (strcasecmp(hostlist[i], masterlist[j]) == 0) {
-		    ismaster = 1;
-		}
-	    }
-	}
-
-	if (get_masters && !ismaster)
-	    continue;
-
-	if (port) {
-	    unsigned long l;
+        int p1, p2;
+
+        host = hostlist[i];
+        Tprintf ("entry %d is '%s'\n", i, host);
+        /*
+         * Strip off excess whitespace
+         */
+        cp = strchr(host, ' ');
+        if (cp)
+            *cp = 0;
+        cp = strchr(host, '\t');
+        if (cp)
+            *cp = 0;
+        port = strchr(host, ':');
+        if (port) {
+            *port = 0;
+            port++;
+        }
+
+        ismaster = 0;
+        if (masterlist) {
+            for (j=0; masterlist[j]; j++) {
+                if (strcasecmp(hostlist[i], masterlist[j]) == 0) {
+                    ismaster = 1;
+                }
+            }
+        }
+
+        if (get_masters && !ismaster)
+            continue;
+
+        if (port) {
+            unsigned long l;
 #ifdef HAVE_STROUL
-	    char *endptr;
-	    l = strtoul (port, &endptr, 10);
-	    if (endptr == NULL || *endptr != 0)
-		return EINVAL;
+            char *endptr;
+            l = strtoul (port, &endptr, 10);
+            if (endptr == NULL || *endptr != 0)
+                return EINVAL;
 #else
-	    l = atoi (port);
+            l = atoi (port);
 #endif
-	    /* L is unsigned, don't need to check <0.  */
-	    if (l > 65535)
-		return EINVAL;
-	    p1 = htons (l);
-	    p2 = 0;
-	} else {
-	    p1 = udpport;
-	    p2 = sec_udpport;
-	}
-
-	if (socktype != 0)
-	    code = add_host_to_list (addrlist, hostlist[i], p1, p2,
-				     socktype, family);
-	else {
-	    code = add_host_to_list (addrlist, hostlist[i], p1, p2,
-				     SOCK_DGRAM, family);
-	    if (code == 0)
-		code = add_host_to_list (addrlist, hostlist[i], p1, p2,
-					 SOCK_STREAM, family);
-	}
-	if (code) {
-	    Tprintf ("error %d (%s) returned from add_host_to_list\n", code,
-		     error_message (code));
-	    if (hostlist)
-		profile_free_list (hostlist);
-	    if (masterlist)
-		profile_free_list (masterlist);
-	    return code;
-	}
+            /* L is unsigned, don't need to check <0.  */
+            if (l > 65535)
+                return EINVAL;
+            p1 = htons (l);
+            p2 = 0;
+        } else {
+            p1 = udpport;
+            p2 = sec_udpport;
+        }
+
+        if (socktype != 0)
+            code = add_host_to_list (addrlist, hostlist[i], p1, p2,
+                                     socktype, family);
+        else {
+            code = add_host_to_list (addrlist, hostlist[i], p1, p2,
+                                     SOCK_DGRAM, family);
+            if (code == 0)
+                code = add_host_to_list (addrlist, hostlist[i], p1, p2,
+                                         SOCK_STREAM, family);
+        }
+        if (code) {
+            Tprintf ("error %d (%s) returned from add_host_to_list\n", code,
+                     error_message (code));
+            if (hostlist)
+                profile_free_list (hostlist);
+            if (masterlist)
+                profile_free_list (masterlist);
+            return code;
+        }
     }
 
     if (hostlist)
@@ -479,17 +480,17 @@ krb5_locate_srv_conf_1(krb5_context context, const krb5_data *realm,
 #ifdef TEST
 static krb5_error_code
 krb5_locate_srv_conf(krb5_context context, const krb5_data *realm,
-		     const char *name, struct addrlist *al, int get_masters,
-		     int udpport, int sec_udpport)
+                     const char *name, struct addrlist *al, int get_masters,
+                     int udpport, int sec_udpport)
 {
     krb5_error_code ret;
 
     ret = krb5_locate_srv_conf_1 (context, realm, name, al,
-				  get_masters, 0, udpport, sec_udpport, 0);
+                                  get_masters, 0, udpport, sec_udpport, 0);
     if (ret)
-	return ret;
-    if (al->naddrs == 0)	/* Couldn't resolve any KDC names */
-	return KRB5_REALM_CANT_RESOLVE;
+        return ret;
+    if (al->naddrs == 0)        /* Couldn't resolve any KDC names */
+        return KRB5_REALM_CANT_RESOLVE;
     return 0;
 }
 #endif
@@ -497,10 +498,10 @@ krb5_locate_srv_conf(krb5_context context, const krb5_data *realm,
 #ifdef KRB5_DNS_LOOKUP
 static krb5_error_code
 krb5_locate_srv_dns_1 (const krb5_data *realm,
-		       const char *service,
-		       const char *protocol,
-		       struct addrlist *addrlist,
-		       int family)
+                       const char *service,
+                       const char *protocol,
+                       struct addrlist *addrlist,
+                       int family)
 {
     struct srv_dns_entry *head = NULL;
     struct srv_dns_entry *entry = NULL, *next;
@@ -508,7 +509,7 @@ krb5_locate_srv_dns_1 (const krb5_data *realm,
 
     code = krb5int_make_srv_query_realm(realm, service, protocol, &head);
     if (code)
-	return 0;
+        return 0;
 
     /*
      * Okay!  Now we've got a linked list of entries sorted by
@@ -517,32 +518,32 @@ krb5_locate_srv_dns_1 (const krb5_data *realm,
      */
 
     if (head == NULL)
-	return 0;
+        return 0;
 
     /* Check for the "." case indicating no support.  */
     if (head->next == 0 && head->host[0] == 0) {
-	free(head->host);
-	free(head);
-	return KRB5_ERR_NO_SERVICE;
+        free(head->host);
+        free(head);
+        return KRB5_ERR_NO_SERVICE;
     }
 
     Tprintf ("walking answer list:\n");
     for (entry = head; entry != NULL; entry = next) {
-	Tprintf ("\tport=%d host=%s\n", entry->port, entry->host);
-	next = entry->next;
-	code = add_host_to_list (addrlist, entry->host, htons (entry->port), 0,
-				 (strcmp("_tcp", protocol)
-				  ? SOCK_DGRAM
-				  : SOCK_STREAM), family);
-	if (code) {
-	    break;
-	}
-	if (entry == head) {
-	    free(entry->host);
-	    free(entry);
-	    head = next;
-	    entry = 0;
-	}
+        Tprintf ("\tport=%d host=%s\n", entry->port, entry->host);
+        next = entry->next;
+        code = add_host_to_list (addrlist, entry->host, htons (entry->port), 0,
+                                 (strcmp("_tcp", protocol)
+                                  ? SOCK_DGRAM
+                                  : SOCK_STREAM), family);
+        if (code) {
+            break;
+        }
+        if (entry == head) {
+            free(entry->host);
+            free(entry);
+            head = next;
+            entry = 0;
+        }
     }
     Tprintf ("[end]\n");
 
@@ -569,59 +570,59 @@ module_callback (void *cbdata, int socktype, struct sockaddr *sa)
 {
     struct module_callback_data *d = cbdata;
     struct {
-	struct addrinfo ai;
-	union {
-	    struct sockaddr_in sin;
+        struct addrinfo ai;
+        union {
+            struct sockaddr_in sin;
 #ifdef KRB5_USE_INET6
-	    struct sockaddr_in6 sin6;
+            struct sockaddr_in6 sin6;
 #endif
-	} u;
+        } u;
     } *x;
 
     if (socktype != SOCK_STREAM && socktype != SOCK_DGRAM)
-	return 0;
+        return 0;
     if (sa->sa_family != AF_INET
 #ifdef KRB5_USE_INET6
-	&& sa->sa_family != AF_INET6
+        && sa->sa_family != AF_INET6
 #endif
-	)
-	return 0;
+    )
+        return 0;
     x = calloc (1, sizeof (*x));
     if (x == 0) {
-	d->out_of_mem = 1;
-	return 1;
+        d->out_of_mem = 1;
+        return 1;
     }
     x->ai.ai_addr = (struct sockaddr *) &x->u;
     x->ai.ai_socktype = socktype;
     x->ai.ai_family = sa->sa_family;
     if (sa->sa_family == AF_INET) {
-	x->u.sin = *(struct sockaddr_in *)sa;
-	x->ai.ai_addrlen = sizeof(struct sockaddr_in);
+        x->u.sin = *(struct sockaddr_in *)sa;
+        x->ai.ai_addrlen = sizeof(struct sockaddr_in);
     }
 #ifdef KRB5_USE_INET6
     if (sa->sa_family == AF_INET6) {
-	x->u.sin6 = *(struct sockaddr_in6 *)sa;
-	x->ai.ai_addrlen = sizeof(struct sockaddr_in6);
+        x->u.sin6 = *(struct sockaddr_in6 *)sa;
+        x->ai.ai_addrlen = sizeof(struct sockaddr_in6);
     }
 #endif
     if (add_addrinfo_to_list (d->lp, &x->ai, free, x) != 0) {
-	/* Assumes only error is ENOMEM.  */
-	d->out_of_mem = 1;
-	return 1;
+        /* Assumes only error is ENOMEM.  */
+        d->out_of_mem = 1;
+        return 1;
     }
     return 0;
 }
 
 static krb5_error_code
 module_locate_server (krb5_context ctx, const krb5_data *realm,
-		      struct addrlist *addrlist,
-		      enum locate_service_type svc, int socktype, int family)
+                      struct addrlist *addrlist,
+                      enum locate_service_type svc, int socktype, int family)
 {
     struct krb5plugin_service_locate_result *res = NULL;
     krb5_error_code code;
     struct krb5plugin_service_locate_ftable *vtbl = NULL;
     void **ptrs;
-    char *realmz;		/* NUL-terminated realm */
+    char *realmz;               /* NUL-terminated realm */
     int i;
     struct module_callback_data cbdata = { 0, };
     const char *msg;
@@ -629,69 +630,69 @@ module_locate_server (krb5_context ctx, const krb5_data *realm,
     Tprintf("in module_locate_server\n");
     cbdata.lp = addrlist;
     if (!PLUGIN_DIR_OPEN (&ctx->libkrb5_plugins)) {
-        
-	code = krb5int_open_plugin_dirs (objdirs, NULL, &ctx->libkrb5_plugins,
-					 &ctx->err);
-	if (code)
-	    return KRB5_PLUGIN_NO_HANDLE;
+
+        code = krb5int_open_plugin_dirs (objdirs, NULL, &ctx->libkrb5_plugins,
+                                         &ctx->err);
+        if (code)
+            return KRB5_PLUGIN_NO_HANDLE;
     }
 
     code = krb5int_get_plugin_dir_data (&ctx->libkrb5_plugins,
-					"service_locator", &ptrs, &ctx->err);
+                                        "service_locator", &ptrs, &ctx->err);
     if (code) {
-	Tprintf("error looking up plugin symbols: %s\n",
-		(msg = krb5_get_error_message(ctx, code)));
-	krb5_free_error_message(ctx, msg);
-	return KRB5_PLUGIN_NO_HANDLE;
+        Tprintf("error looking up plugin symbols: %s\n",
+                (msg = krb5_get_error_message(ctx, code)));
+        krb5_free_error_message(ctx, msg);
+        return KRB5_PLUGIN_NO_HANDLE;
     }
 
     if (realm->length >= UINT_MAX) {
-	krb5int_free_plugin_dir_data(ptrs);
-	return ENOMEM;
+        krb5int_free_plugin_dir_data(ptrs);
+        return ENOMEM;
     }
     realmz = malloc(realm->length + 1);
     if (realmz == NULL) {
-	krb5int_free_plugin_dir_data(ptrs);
-	return ENOMEM;
+        krb5int_free_plugin_dir_data(ptrs);
+        return ENOMEM;
     }
     memcpy(realmz, realm->data, realm->length);
     realmz[realm->length] = '\0';
     for (i = 0; ptrs[i]; i++) {
-	void *blob;
-
-	vtbl = ptrs[i];
-	Tprintf("element %d is %p\n", i, ptrs[i]);
-
-	/* For now, don't keep the plugin data alive.  For long-lived
-	   contexts, it may be desirable to change that later.  */
-	code = vtbl->init(ctx, &blob);
-	if (code)
-	    continue;
-
-	code = vtbl->lookup(blob, svc, realmz, socktype, family,
-			    module_callback, &cbdata);
-	vtbl->fini(blob);
-	if (code == KRB5_PLUGIN_NO_HANDLE) {
-	    /* Module passes, keep going.  */
-	    /* XXX */
-	    Tprintf("plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)\n");
-	    continue;
-	}
-	if (code != 0) {
-	    /* Module encountered an actual error.  */
-	    Tprintf("plugin lookup routine returned error %d: %s\n",
-		    code, error_message(code));
-	    free(realmz);
-	    krb5int_free_plugin_dir_data (ptrs);
-	    return code;
-	}
-	break;
+        void *blob;
+
+        vtbl = ptrs[i];
+        Tprintf("element %d is %p\n", i, ptrs[i]);
+
+        /* For now, don't keep the plugin data alive.  For long-lived
+           contexts, it may be desirable to change that later.  */
+        code = vtbl->init(ctx, &blob);
+        if (code)
+            continue;
+
+        code = vtbl->lookup(blob, svc, realmz, socktype, family,
+                            module_callback, &cbdata);
+        vtbl->fini(blob);
+        if (code == KRB5_PLUGIN_NO_HANDLE) {
+            /* Module passes, keep going.  */
+            /* XXX */
+            Tprintf("plugin doesn't handle this realm (KRB5_PLUGIN_NO_HANDLE)\n");
+            continue;
+        }
+        if (code != 0) {
+            /* Module encountered an actual error.  */
+            Tprintf("plugin lookup routine returned error %d: %s\n",
+                    code, error_message(code));
+            free(realmz);
+            krb5int_free_plugin_dir_data (ptrs);
+            return code;
+        }
+        break;
     }
     if (ptrs[i] == NULL) {
-	Tprintf("ran off end of plugin list\n");
-	free(realmz);
-	krb5int_free_plugin_dir_data (ptrs);
-	return KRB5_PLUGIN_NO_HANDLE;
+        Tprintf("ran off end of plugin list\n");
+        free(realmz);
+        krb5int_free_plugin_dir_data (ptrs);
+        return KRB5_PLUGIN_NO_HANDLE;
     }
     Tprintf("stopped with plugin #%d, res=%p\n", i, res);
 
@@ -705,8 +706,8 @@ module_locate_server (krb5_context ctx, const krb5_data *realm,
 
 static krb5_error_code
 prof_locate_server (krb5_context context, const krb5_data *realm,
-		    struct addrlist *addrlist,
-		    enum locate_service_type svc, int socktype, int family)
+                    struct addrlist *addrlist,
+                    enum locate_service_type svc, int socktype, int family)
 {
     const char *profname;
     int dflport1, dflport2 = 0;
@@ -714,81 +715,81 @@ prof_locate_server (krb5_context context, const krb5_data *realm,
 
     switch (svc) {
     case locate_service_kdc:
-	profname = KRB5_CONF_KDC;
-	/* We used to use /etc/services for these, but enough systems
-	   have old, crufty, wrong settings that this is probably
-	   better.  */
+        profname = KRB5_CONF_KDC;
+        /* We used to use /etc/services for these, but enough systems
+           have old, crufty, wrong settings that this is probably
+           better.  */
     kdc_ports:
-	dflport1 = htons(KRB5_DEFAULT_PORT);
-	dflport2 = htons(KRB5_DEFAULT_SEC_PORT);
-	break;
+        dflport1 = htons(KRB5_DEFAULT_PORT);
+        dflport2 = htons(KRB5_DEFAULT_SEC_PORT);
+        break;
     case locate_service_master_kdc:
-	profname = KRB5_CONF_MASTER_KDC;
-	goto kdc_ports;
+        profname = KRB5_CONF_MASTER_KDC;
+        goto kdc_ports;
     case locate_service_kadmin:
-	profname = KRB5_CONF_ADMIN_SERVER;
-	dflport1 = htons(DEFAULT_KADM5_PORT);
-	break;
+        profname = KRB5_CONF_ADMIN_SERVER;
+        dflport1 = htons(DEFAULT_KADM5_PORT);
+        break;
     case locate_service_krb524:
-	profname = KRB5_CONF_KRB524_SERVER;
-	serv = getservbyname(KRB524_SERVICE, "udp");
-	dflport1 = serv ? serv->s_port : htons (KRB524_PORT);
-	break;
+        profname = KRB5_CONF_KRB524_SERVER;
+        serv = getservbyname(KRB524_SERVICE, "udp");
+        dflport1 = serv ? serv->s_port : htons (KRB524_PORT);
+        break;
     case locate_service_kpasswd:
-	profname = KRB5_CONF_KPASSWD_SERVER;
-	dflport1 = htons(DEFAULT_KPASSWD_PORT);
-	break;
+        profname = KRB5_CONF_KPASSWD_SERVER;
+        dflport1 = htons(DEFAULT_KPASSWD_PORT);
+        break;
     default:
-	return EBUSY;		/* XXX */
+        return EBUSY;           /* XXX */
     }
 
     return krb5_locate_srv_conf_1 (context, realm, profname, addrlist,
-				   0, socktype,
-				   dflport1, dflport2, family);
+                                   0, socktype,
+                                   dflport1, dflport2, family);
 }
 
 static krb5_error_code
 dns_locate_server (krb5_context context, const krb5_data *realm,
-		   struct addrlist *addrlist,
-		   enum locate_service_type svc, int socktype, int family)
+                   struct addrlist *addrlist,
+                   enum locate_service_type svc, int socktype, int family)
 {
     const char *dnsname;
     int use_dns = _krb5_use_dns_kdc(context);
     krb5_error_code code;
 
     if (!use_dns)
-	return KRB5_PLUGIN_NO_HANDLE;
+        return KRB5_PLUGIN_NO_HANDLE;
 
     switch (svc) {
     case locate_service_kdc:
-	dnsname = "_kerberos";
-	break;
+        dnsname = "_kerberos";
+        break;
     case locate_service_master_kdc:
-	dnsname = "_kerberos-master";
-	break;
+        dnsname = "_kerberos-master";
+        break;
     case locate_service_kadmin:
-	dnsname = "_kerberos-adm";
-	break;
+        dnsname = "_kerberos-adm";
+        break;
     case locate_service_krb524:
-	dnsname = "_krb524";
-	break;
+        dnsname = "_krb524";
+        break;
     case locate_service_kpasswd:
-	dnsname = "_kpasswd";
-	break;
+        dnsname = "_kpasswd";
+        break;
     default:
-	return KRB5_PLUGIN_NO_HANDLE;
+        return KRB5_PLUGIN_NO_HANDLE;
     }
 
     code = 0;
     if (socktype == SOCK_DGRAM || socktype == 0) {
-	code = krb5_locate_srv_dns_1(realm, dnsname, "_udp", addrlist, family);
-	if (code)
-	    Tprintf("dns udp lookup returned error %d\n", code);
+        code = krb5_locate_srv_dns_1(realm, dnsname, "_udp", addrlist, family);
+        if (code)
+            Tprintf("dns udp lookup returned error %d\n", code);
     }
     if ((socktype == SOCK_STREAM || socktype == 0) && code == 0) {
-	code = krb5_locate_srv_dns_1(realm, dnsname, "_tcp", addrlist, family);
-	if (code)
-	    Tprintf("dns tcp lookup returned error %d\n", code);
+        code = krb5_locate_srv_dns_1(realm, dnsname, "_tcp", addrlist, family);
+        if (code)
+            Tprintf("dns tcp lookup returned error %d\n", code);
     }
     return code;
 }
@@ -799,9 +800,9 @@ dns_locate_server (krb5_context context, const krb5_data *realm,
 
 krb5_error_code
 krb5int_locate_server (krb5_context context, const krb5_data *realm,
-		       struct addrlist *addrlist,
-		       enum locate_service_type svc,
-		       int socktype, int family)
+                       struct addrlist *addrlist,
+                       enum locate_service_type svc,
+                       int socktype, int family)
 {
     krb5_error_code code;
     struct addrlist al = ADDRLIST_INIT;
@@ -809,54 +810,54 @@ krb5int_locate_server (krb5_context context, const krb5_data *realm,
     *addrlist = al;
 
     if (realm == NULL || realm->data == NULL || realm->data[0] == 0) {
-	krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
-			       "Cannot find KDC for invalid realm name \"\"");
-	return KRB5_REALM_CANT_RESOLVE;
+        krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
+                               "Cannot find KDC for invalid realm name \"\"");
+        return KRB5_REALM_CANT_RESOLVE;
     }
 
     code = module_locate_server(context, realm, &al, svc, socktype, family);
     Tprintf("module_locate_server returns %d\n", code);
     if (code == KRB5_PLUGIN_NO_HANDLE) {
-	/*
-	 * We always try the local file before DNS.  Note that there
-	 * is no way to indicate "service not available" via the
-	 * config file.
-	 */
+        /*
+         * We always try the local file before DNS.  Note that there
+         * is no way to indicate "service not available" via the
+         * config file.
+         */
 
-	code = prof_locate_server(context, realm, &al, svc, socktype, family);
+        code = prof_locate_server(context, realm, &al, svc, socktype, family);
 
 #ifdef KRB5_DNS_LOOKUP
-	if (code) {		/* Try DNS for all profile errors?  */
-	    krb5_error_code code2;
-	    code2 = dns_locate_server(context, realm, &al, svc, socktype,
-				      family);
-	    if (code2 != KRB5_PLUGIN_NO_HANDLE)
-		code = code2;
-	}
+        if (code) {             /* Try DNS for all profile errors?  */
+            krb5_error_code code2;
+            code2 = dns_locate_server(context, realm, &al, svc, socktype,
+                                      family);
+            if (code2 != KRB5_PLUGIN_NO_HANDLE)
+                code = code2;
+        }
 #endif /* KRB5_DNS_LOOKUP */
 
-	/* We could put more heuristics here, like looking up a hostname
-	   of "kerberos."+REALM, etc.  */
+        /* We could put more heuristics here, like looking up a hostname
+           of "kerberos."+REALM, etc.  */
     }
     if (code == 0)
-	Tprintf ("krb5int_locate_server found %d addresses\n",
-		 al.naddrs);
+        Tprintf ("krb5int_locate_server found %d addresses\n",
+                 al.naddrs);
     else
-	Tprintf ("krb5int_locate_server returning error code %d/%s\n",
-		 code, error_message(code));
+        Tprintf ("krb5int_locate_server returning error code %d/%s\n",
+                 code, error_message(code));
     if (code != 0) {
-	if (al.space)
-	    free_list (&al);
-	return code;
+        if (al.space)
+            free_list (&al);
+        return code;
     }
-    if (al.naddrs == 0) {	/* No good servers */
-	if (al.space)
-	    free_list (&al);
-	krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
-			       "Cannot resolve network address for KDC in realm \"%.*s\"",
-			       realm->length, realm->data);
-			       
-	return KRB5_REALM_CANT_RESOLVE;
+    if (al.naddrs == 0) {       /* No good servers */
+        if (al.space)
+            free_list (&al);
+        krb5_set_error_message(context, KRB5_REALM_CANT_RESOLVE,
+                               "Cannot resolve network address for KDC in realm \"%.*s\"",
+                               realm->length, realm->data);
+
+        return KRB5_REALM_CANT_RESOLVE;
     }
     *addrlist = al;
     return 0;
@@ -864,12 +865,12 @@ krb5int_locate_server (krb5_context context, const krb5_data *realm,
 
 krb5_error_code
 krb5_locate_kdc(krb5_context context, const krb5_data *realm,
-		struct addrlist *addrlist,
-		int get_masters, int socktype, int family)
+                struct addrlist *addrlist,
+                int get_masters, int socktype, int family)
 {
     return krb5int_locate_server(context, realm, addrlist,
-				 (get_masters
-				  ? locate_service_master_kdc
-				  : locate_service_kdc),
-				 socktype, family);
+                                 (get_masters
+                                  ? locate_service_master_kdc
+                                  : locate_service_kdc),
+                                 socktype, family);
 }
diff --git a/src/lib/krb5/os/lock_file.c b/src/lib/krb5/os/lock_file.c
index 7bbd3e9d6..6565470c0 100644
--- a/src/lib/krb5/os/lock_file.c
+++ b/src/lib/krb5/os/lock_file.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/lock_file.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * libos: krb5_lock_file routine
  */
@@ -64,8 +65,8 @@
 krb5_error_code
 krb5_lock_file(krb5_context context, int fd, int mode)
 {
-    int 		lock_flag = -1;
-    krb5_error_code	retval = 0;
+    int                 lock_flag = -1;
+    krb5_error_code     retval = 0;
 #ifdef POSIX_FILE_LOCKS
     int lock_cmd = F_SETLKW;
     struct flock lock_arg = { 0 };
@@ -74,33 +75,33 @@ krb5_lock_file(krb5_context context, int fd, int mode)
     switch (mode & ~KRB5_LOCKMODE_DONTBLOCK) {
     case KRB5_LOCKMODE_SHARED:
 #ifdef POSIX_FILE_LOCKS
-	lock_arg.l_type = F_RDLCK;
+        lock_arg.l_type = F_RDLCK;
 #endif
-	lock_flag = LOCK_SH;
-	break;
+        lock_flag = LOCK_SH;
+        break;
     case KRB5_LOCKMODE_EXCLUSIVE:
 #ifdef POSIX_FILE_LOCKS
-	lock_arg.l_type = F_WRLCK;
+        lock_arg.l_type = F_WRLCK;
 #endif
-	lock_flag = LOCK_EX;
-	break;
+        lock_flag = LOCK_EX;
+        break;
     case KRB5_LOCKMODE_UNLOCK:
 #ifdef POSIX_FILE_LOCKS
-	lock_arg.l_type = F_UNLCK;
+        lock_arg.l_type = F_UNLCK;
 #endif
-	lock_flag = LOCK_UN;
-	break;
+        lock_flag = LOCK_UN;
+        break;
     }
 
     if (lock_flag == -1)
-	return(KRB5_LIBOS_BADLOCKFLAG);
+        return(KRB5_LIBOS_BADLOCKFLAG);
 
     if (mode & KRB5_LOCKMODE_DONTBLOCK) {
 #ifdef POSIX_FILE_LOCKS
-	lock_cmd = F_SETLK;
+        lock_cmd = F_SETLK;
 #endif
 #ifdef HAVE_FLOCK
-	lock_flag |= LOCK_NB;
+        lock_flag |= LOCK_NB;
 #endif
     }
 
@@ -109,21 +110,21 @@ krb5_lock_file(krb5_context context, int fd, int mode)
     lock_arg.l_start = 0;
     lock_arg.l_len = 0;
     if (fcntl(fd, lock_cmd, &lock_arg) == -1) {
-	if (errno == EACCES || errno == EAGAIN)	/* see POSIX/IEEE 1003.1-1988,
-						   6.5.2.4 */
-	    return(EAGAIN);
-	if (errno != EINVAL)	/* Fall back to flock if we get EINVAL */
-	    return(errno);
-	retval = errno;
+        if (errno == EACCES || errno == EAGAIN) /* see POSIX/IEEE 1003.1-1988,
+                                                   6.5.2.4 */
+            return(EAGAIN);
+        if (errno != EINVAL)    /* Fall back to flock if we get EINVAL */
+            return(errno);
+        retval = errno;
     } else
-	    return 0;		/* We succeeded.  Yay. */
+        return 0;           /* We succeeded.  Yay. */
 #endif
-    
+
 #ifdef HAVE_FLOCK
     if (flock(fd, lock_flag) == -1)
-	retval = errno;
+        retval = errno;
 #endif
-    
+
     return retval;
 }
 #else   /* Windows or Macintosh */
diff --git a/src/lib/krb5/os/mk_faddr.c b/src/lib/krb5/os/mk_faddr.c
index d084ded67..26fb99c84 100644
--- a/src/lib/krb5/os/mk_faddr.c
+++ b/src/lib/krb5/os/mk_faddr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/full_ipadr.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Take an IP addr & port and generate a full IP address.
  */
@@ -30,7 +31,7 @@
 #include "k5-int.h"
 
 #ifdef HAVE_NETINET_IN_H
-   
+
 #include "os-proto.h"
 #if !defined(_WINSOCKAPI_)
 
@@ -44,12 +45,12 @@ krb5_make_fulladdr(krb5_context context, krb5_address *kaddr, krb5_address *kpor
     krb5_int32 tmp32;
     krb5_int16 tmp16;
 
-    if ((kport == NULL) || (kport == NULL)) 
-	return EINVAL;
+    if ((kport == NULL) || (kport == NULL))
+        return EINVAL;
 
     raddr->length = kaddr->length + kport->length + (4 * sizeof(krb5_int32));
     if (!(raddr->contents = (krb5_octet *)malloc(raddr->length)))
-	return ENOMEM;
+        return ENOMEM;
 
     raddr->addrtype = ADDRTYPE_ADDRPORT;
     marshal = raddr->contents;
diff --git a/src/lib/krb5/os/net_read.c b/src/lib/krb5/os/net_read.c
index 1d07a95d9..fe84192d1 100644
--- a/src/lib/krb5/os/net_read.c
+++ b/src/lib/krb5/os/net_read.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/net_read.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #include "k5-int.h"
@@ -43,23 +44,23 @@ krb5_net_read(krb5_context context, int fd, register char *buf, register int len
     int cc, len2 = 0;
 
     do {
-	cc = SOCKET_READ((SOCKET)fd, buf, len);
-	if (cc < 0) {
-	    if (SOCKET_ERRNO == SOCKET_EINTR)
-		continue;
-		
-		/* XXX this interface sucks! */
-        errno = SOCKET_ERRNO;    
-               
-	    return(cc);		 /* errno is already set */
-	}		
-	else if (cc == 0) {
-	    return(len2);
-	} else {
-	    buf += cc;
-	    len2 += cc;
-	    len -= cc;
-	}
+        cc = SOCKET_READ((SOCKET)fd, buf, len);
+        if (cc < 0) {
+            if (SOCKET_ERRNO == SOCKET_EINTR)
+                continue;
+
+            /* XXX this interface sucks! */
+            errno = SOCKET_ERRNO;
+
+            return(cc);          /* errno is already set */
+        }
+        else if (cc == 0) {
+            return(len2);
+        } else {
+            buf += cc;
+            len2 += cc;
+            len -= cc;
+        }
     } while (len > 0);
     return(len2);
 }
diff --git a/src/lib/krb5/os/net_write.c b/src/lib/krb5/os/net_write.c
index 35765fb38..d4bcc148f 100644
--- a/src/lib/krb5/os/net_write.c
+++ b/src/lib/krb5/os/net_write.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/net_write.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #include "k5-int.h"
@@ -52,31 +53,31 @@ krb5int_net_writev(krb5_context context, int fd, sg_buf *sgp, int nsg)
     SOCKET_WRITEV_TEMP tmp;
 
     while (nsg > 0) {
-	/* Skip any empty data blocks.  */
-	if (SG_LEN(sgp) == 0) {
-	    sgp++, nsg--;
-	    continue;
-	}
-	cc = SOCKET_WRITEV((SOCKET)fd, sgp, nsg, tmp);
-	if (cc < 0) {
-	    if (SOCKET_ERRNO == SOCKET_EINTR)
-		continue;
+        /* Skip any empty data blocks.  */
+        if (SG_LEN(sgp) == 0) {
+            sgp++, nsg--;
+            continue;
+        }
+        cc = SOCKET_WRITEV((SOCKET)fd, sgp, nsg, tmp);
+        if (cc < 0) {
+            if (SOCKET_ERRNO == SOCKET_EINTR)
+                continue;
 
-	    /* XXX this interface sucks! */
-	    errno = SOCKET_ERRNO;           
-	    return -1;
-	}
-	len += cc;
-	while (cc > 0) {
-	    if ((unsigned)cc < SG_LEN(sgp)) {
-		SG_ADVANCE(sgp, (unsigned)cc);
-		cc = 0;
-	    } else {
-		cc -= SG_LEN(sgp);
-		sgp++, nsg--;
-		assert(nsg > 0 || cc == 0);
-	    }
-	}
+            /* XXX this interface sucks! */
+            errno = SOCKET_ERRNO;
+            return -1;
+        }
+        len += cc;
+        while (cc > 0) {
+            if ((unsigned)cc < SG_LEN(sgp)) {
+                SG_ADVANCE(sgp, (unsigned)cc);
+                cc = 0;
+            } else {
+                cc -= SG_LEN(sgp);
+                sgp++, nsg--;
+                assert(nsg > 0 || cc == 0);
+            }
+        }
     }
     return len;
 }
diff --git a/src/lib/krb5/os/os-proto.h b/src/lib/krb5/os/os-proto.h
index bb2e00ec2..477ffacb0 100644
--- a/src/lib/krb5/os/os-proto.h
+++ b/src/lib/krb5/os/os-proto.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/os-proto.h
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * LIBOS internal function prototypes.
  */
@@ -32,26 +33,26 @@
 
 struct addrlist;
 krb5_error_code krb5_locate_kdc
-    (krb5_context, const krb5_data *, struct addrlist *, int, int, int);
+(krb5_context, const krb5_data *, struct addrlist *, int, int, int);
 
 #ifdef HAVE_NETINET_IN_H
 krb5_error_code krb5_unpack_full_ipaddr
-	      (krb5_context,
-	       const krb5_address *,
-	       krb5_int32 *,
-	       krb5_int16 *);
+(krb5_context,
+ const krb5_address *,
+ krb5_int32 *,
+ krb5_int16 *);
 
 krb5_error_code krb5_make_full_ipaddr
-              (krb5_context,
-	       krb5_int32,
-	       int,			/* unsigned short promotes to signed
-					   int */
-	       krb5_address **);
+(krb5_context,
+ krb5_int32,
+ int,                     /* unsigned short promotes to signed
+                             int */
+ krb5_address **);
 
 #endif /* HAVE_NETINET_IN_H */
 
-krb5_error_code krb5_try_realm_txt_rr(const char *, const char *, 
-				      char **realm);
+krb5_error_code krb5_try_realm_txt_rr(const char *, const char *,
+                                      char **realm);
 
 /* Obsolete interface - leave prototype here until code removed */
 krb5_error_code krb5_secure_config_files(krb5_context ctx);
diff --git a/src/lib/krb5/os/osconfig.c b/src/lib/krb5/os/osconfig.c
index 2fe973dcb..d04e95ba7 100644
--- a/src/lib/krb5/os/osconfig.c
+++ b/src/lib/krb5/os/osconfig.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/osconfig.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Definition of default configuration parameters.
  *
@@ -43,4 +44,3 @@ unsigned int krb5_skdc_timeout_1 = SKDC_TIMEOUT_1;
 
 const char *krb5_default_pwd_prompt1 = DEFAULT_PWD_STRING1;
 const char *krb5_default_pwd_prompt2 = DEFAULT_PWD_STRING2;
-
diff --git a/src/lib/krb5/os/port2ip.c b/src/lib/krb5/os/port2ip.c
index 984e65fa3..d4184db11 100644
--- a/src/lib/krb5/os/port2ip.c
+++ b/src/lib/krb5/os/port2ip.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/port2ip.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Take an ADDRPORT address and split into IP addr & port.
  */
@@ -42,23 +43,23 @@ krb5_unpack_full_ipaddr(krb5_context context, const krb5_address *inaddr, krb5_i
     krb5_ui_4 templength;
 
     if (inaddr->addrtype != ADDRTYPE_ADDRPORT)
-	return KRB5_PROG_ATYPE_NOSUPP;
+        return KRB5_PROG_ATYPE_NOSUPP;
 
     if (inaddr->length != sizeof(smushaddr)+ sizeof(smushport) +
-	2*sizeof(temptype) + 2*sizeof(templength))
-	return KRB5_PROG_ATYPE_NOSUPP;
+        2*sizeof(temptype) + 2*sizeof(templength))
+        return KRB5_PROG_ATYPE_NOSUPP;
 
     marshal = inaddr->contents;
 
     (void) memcpy(&temptype, marshal, sizeof(temptype));
     marshal += sizeof(temptype);
     if (temptype != htons(ADDRTYPE_INET))
-	return KRB5_PROG_ATYPE_NOSUPP;
+        return KRB5_PROG_ATYPE_NOSUPP;
 
     (void) memcpy(&templength, marshal, sizeof(templength));
     marshal += sizeof(templength);
     if (templength != htonl(sizeof(smushaddr)))
-	return KRB5_PROG_ATYPE_NOSUPP;
+        return KRB5_PROG_ATYPE_NOSUPP;
 
     (void) memcpy(&smushaddr, marshal, sizeof(smushaddr));
     /* leave in net order */
@@ -67,12 +68,12 @@ krb5_unpack_full_ipaddr(krb5_context context, const krb5_address *inaddr, krb5_i
     (void) memcpy(&temptype, marshal, sizeof(temptype));
     marshal += sizeof(temptype);
     if (temptype != htons(ADDRTYPE_IPPORT))
-	return KRB5_PROG_ATYPE_NOSUPP;
+        return KRB5_PROG_ATYPE_NOSUPP;
 
     (void) memcpy(&templength, marshal, sizeof(templength));
     marshal += sizeof(templength);
     if (templength != htonl(sizeof(smushport)))
-	return KRB5_PROG_ATYPE_NOSUPP;
+        return KRB5_PROG_ATYPE_NOSUPP;
 
     (void) memcpy(&smushport, marshal, sizeof(smushport));
     /* leave in net order */
diff --git a/src/lib/krb5/os/prompter.c b/src/lib/krb5/os/prompter.c
index 36803ecaf..e60403590 100644
--- a/src/lib/krb5/os/prompter.c
+++ b/src/lib/krb5/os/prompter.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #if !defined(_WIN32) || (defined(_WIN32) && defined(__CYGWIN32__))
 #include <stdio.h>
@@ -17,40 +18,40 @@ typedef struct sigaction osiginfo;
 typedef struct krb5_sigtype (*osiginfo)();
 #endif
 
-static void	catch_signals(osiginfo *);
-static void	restore_signals(osiginfo *);
-static krb5_sigtype	intrfunc(int sig);
+static void     catch_signals(osiginfo *);
+static void     restore_signals(osiginfo *);
+static krb5_sigtype     intrfunc(int sig);
 
-static krb5_error_code	setup_tty(FILE*, int, struct termios *, osiginfo *);
-static krb5_error_code	restore_tty(FILE*, struct termios *, osiginfo *);
+static krb5_error_code  setup_tty(FILE*, int, struct termios *, osiginfo *);
+static krb5_error_code  restore_tty(FILE*, struct termios *, osiginfo *);
 
-static volatile int got_int;	/* should be sig_atomic_t */
+static volatile int got_int;    /* should be sig_atomic_t */
 
 krb5_error_code KRB5_CALLCONV
 krb5_prompter_posix(
-    krb5_context	context,
-    void		*data,
-    const char		*name,
-    const char		*banner,
-    int			num_prompts,
-    krb5_prompt		prompts[])
+    krb5_context        context,
+    void                *data,
+    const char          *name,
+    const char          *banner,
+    int                 num_prompts,
+    krb5_prompt         prompts[])
 {
-    int		fd, i, scratchchar;
-    FILE	*fp;
-    char	*retp;
-    krb5_error_code	errcode;
+    int         fd, i, scratchchar;
+    FILE        *fp;
+    char        *retp;
+    krb5_error_code     errcode;
     struct termios saveparm;
     osiginfo osigint;
 
     errcode = KRB5_LIBOS_CANTREADPWD;
 
     if (name) {
-	fputs(name, stdout);
-	fputs("\n", stdout);
+        fputs(name, stdout);
+        fputs("\n", stdout);
     }
     if (banner) {
-       fputs(banner, stdout);
-       fputs("\n", stdout);
+        fputs(banner, stdout);
+        fputs("\n", stdout);
     }
 
     /*
@@ -59,65 +60,65 @@ krb5_prompter_posix(
     fp = NULL;
     fd = dup(STDIN_FILENO);
     if (fd < 0)
-	return KRB5_LIBOS_CANTREADPWD;
+        return KRB5_LIBOS_CANTREADPWD;
     set_cloexec_fd(fd);
     fp = fdopen(fd, "r");
     if (fp == NULL)
-	goto cleanup;
+        goto cleanup;
     if (setvbuf(fp, NULL, _IONBF, 0))
-	goto cleanup;
+        goto cleanup;
 
     for (i = 0; i < num_prompts; i++) {
-	errcode = KRB5_LIBOS_CANTREADPWD;
-	/* fgets() takes int, but krb5_data.length is unsigned. */
-	if (prompts[i].reply->length > INT_MAX)
-	    goto cleanup;
-
-	errcode = setup_tty(fp, prompts[i].hidden, &saveparm, &osigint);
-	if (errcode)
-	    break;
-
-	/* put out the prompt */
-	(void)fputs(prompts[i].prompt, stdout);
-	(void)fputs(": ", stdout);
-	(void)fflush(stdout);
-	(void)memset(prompts[i].reply->data, 0, prompts[i].reply->length);
-
-	got_int = 0;
-	retp = fgets(prompts[i].reply->data, (int)prompts[i].reply->length,
-		     fp);
-	if (prompts[i].hidden)
-	    putchar('\n');
-	if (retp == NULL) {
-	    if (got_int)
-		errcode = KRB5_LIBOS_PWDINTR;
-	    else
-		errcode = KRB5_LIBOS_CANTREADPWD;
-	    restore_tty(fp, &saveparm, &osigint);
-	    break;
-	}
-
-	/* replace newline with null */
-	retp = strchr(prompts[i].reply->data, '\n');
-	if (retp != NULL)
-	    *retp = '\0';
-	else {
-	    /* flush rest of input line */
-	    do {
-		scratchchar = getc(fp);
-	    } while (scratchchar != EOF && scratchchar != '\n');
-	}
-
-	errcode = restore_tty(fp, &saveparm, &osigint);
-	if (errcode)
-	    break;
-	prompts[i].reply->length = strlen(prompts[i].reply->data);
+        errcode = KRB5_LIBOS_CANTREADPWD;
+        /* fgets() takes int, but krb5_data.length is unsigned. */
+        if (prompts[i].reply->length > INT_MAX)
+            goto cleanup;
+
+        errcode = setup_tty(fp, prompts[i].hidden, &saveparm, &osigint);
+        if (errcode)
+            break;
+
+        /* put out the prompt */
+        (void)fputs(prompts[i].prompt, stdout);
+        (void)fputs(": ", stdout);
+        (void)fflush(stdout);
+        (void)memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+
+        got_int = 0;
+        retp = fgets(prompts[i].reply->data, (int)prompts[i].reply->length,
+                     fp);
+        if (prompts[i].hidden)
+            putchar('\n');
+        if (retp == NULL) {
+            if (got_int)
+                errcode = KRB5_LIBOS_PWDINTR;
+            else
+                errcode = KRB5_LIBOS_CANTREADPWD;
+            restore_tty(fp, &saveparm, &osigint);
+            break;
+        }
+
+        /* replace newline with null */
+        retp = strchr(prompts[i].reply->data, '\n');
+        if (retp != NULL)
+            *retp = '\0';
+        else {
+            /* flush rest of input line */
+            do {
+                scratchchar = getc(fp);
+            } while (scratchchar != EOF && scratchchar != '\n');
+        }
+
+        errcode = restore_tty(fp, &saveparm, &osigint);
+        if (errcode)
+            break;
+        prompts[i].reply->length = strlen(prompts[i].reply->data);
     }
 cleanup:
     if (fp != NULL)
-	fclose(fp);
+        fclose(fp);
     else if (fd >= 0)
-	close(fd);
+        close(fd);
 
     return errcode;
 }
@@ -155,33 +156,33 @@ restore_signals(osiginfo *osigint)
 static krb5_error_code
 setup_tty(FILE *fp, int hidden, struct termios *saveparm, osiginfo *osigint)
 {
-    krb5_error_code	ret;
-    int			fd;
-    struct termios	tparm;
+    krb5_error_code     ret;
+    int                 fd;
+    struct termios      tparm;
 
     ret = KRB5_LIBOS_CANTREADPWD;
     catch_signals(osigint);
     fd = fileno(fp);
     do {
-	if (!isatty(fd)) {
-	    ret = 0;
-	    break;
-	}
-	if (tcgetattr(fd, &tparm) < 0)
-	    break;
-	*saveparm = tparm;
+        if (!isatty(fd)) {
+            ret = 0;
+            break;
+        }
+        if (tcgetattr(fd, &tparm) < 0)
+            break;
+        *saveparm = tparm;
 #ifndef ECHO_PASSWORD
-	if (hidden)
-	    tparm.c_lflag &= ~(ECHO|ECHONL);
+        if (hidden)
+            tparm.c_lflag &= ~(ECHO|ECHONL);
 #endif
-	tparm.c_lflag |= ISIG|ICANON;
-	if (tcsetattr(STDIN_FILENO, TCSANOW, &tparm) < 0)
-	    break;
-	ret = 0;
+        tparm.c_lflag |= ISIG|ICANON;
+        if (tcsetattr(STDIN_FILENO, TCSANOW, &tparm) < 0)
+            break;
+        ret = 0;
     } while (0);
     /* If we're losing, restore signal handlers. */
     if (ret)
-	restore_signals(osigint);
+        restore_signals(osigint);
     return ret;
 }
 
@@ -193,11 +194,11 @@ restore_tty(FILE* fp, struct termios *saveparm, osiginfo *osigint)
     ret = 0;
     fd = fileno(fp);
     if (isatty(fd)) {
-	ret = tcsetattr(fd, TCSANOW, saveparm);
-	if (ret < 0)
-	    ret = KRB5_LIBOS_CANTREADPWD;
-	else
-	    ret = 0;
+        ret = tcsetattr(fd, TCSANOW, saveparm);
+        if (ret < 0)
+            ret = KRB5_LIBOS_CANTREADPWD;
+        else
+            ret = 0;
     }
     restore_signals(osigint);
     return ret;
@@ -211,90 +212,90 @@ restore_tty(FILE* fp, struct termios *saveparm, osiginfo *osigint)
 
 krb5_error_code KRB5_CALLCONV
 krb5_prompter_posix(krb5_context context,
-		    void *data,
-		    const char *name,
-		    const char *banner,
-		    int num_prompts,
-		    krb5_prompt prompts[])
+                    void *data,
+                    const char *name,
+                    const char *banner,
+                    int num_prompts,
+                    krb5_prompt prompts[])
 {
-    HANDLE		handle;
-    DWORD		old_mode, new_mode;
-    char		*ptr;
-    int			scratchchar;
-    krb5_error_code	errcode = 0;
-    int			i;
+    HANDLE              handle;
+    DWORD               old_mode, new_mode;
+    char                *ptr;
+    int                 scratchchar;
+    krb5_error_code     errcode = 0;
+    int                 i;
 
     handle = GetStdHandle(STD_INPUT_HANDLE);
     if (handle == INVALID_HANDLE_VALUE)
-	return ENOTTY;
+        return ENOTTY;
     if (!GetConsoleMode(handle, &old_mode))
-	return ENOTTY;
+        return ENOTTY;
 
     new_mode = old_mode;
     new_mode |=  ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT );
     new_mode &= ~( ENABLE_ECHO_INPUT );
 
     if (!SetConsoleMode(handle, new_mode))
-	return ENOTTY;
+        return ENOTTY;
 
     if (!SetConsoleMode(handle, old_mode))
-	return ENOTTY;
+        return ENOTTY;
 
     if (name) {
-	fputs(name, stdout);
-	fputs("\n", stdout);
+        fputs(name, stdout);
+        fputs("\n", stdout);
     }
 
     if (banner) {
-       fputs(banner, stdout);
-       fputs("\n", stdout);
+        fputs(banner, stdout);
+        fputs("\n", stdout);
     }
 
     for (i = 0; i < num_prompts; i++) {
-	if (prompts[i].hidden) {
-	    if (!SetConsoleMode(handle, new_mode)) {
-		errcode = ENOTTY;
-		goto cleanup;
-	    }
-	}
-
-	fputs(prompts[i].prompt,stdout);
-	fputs(": ", stdout);
-	fflush(stdout);
-	memset(prompts[i].reply->data, 0, prompts[i].reply->length);
-
-	if (fgets(prompts[i].reply->data, prompts[i].reply->length, stdin)
-	    == NULL) {
-	    if (prompts[i].hidden)
-		putchar('\n');
-	    errcode = KRB5_LIBOS_CANTREADPWD;
-	    goto cleanup;
-	}
-	if (prompts[i].hidden)
-	    putchar('\n');
-	/* fgets always null-terminates the returned string */
-
-	/* replace newline with null */
-	if ((ptr = strchr(prompts[i].reply->data, '\n')))
-	    *ptr = '\0';
-	else /* flush rest of input line */
-	    do {
-		scratchchar = getchar();
-	    } while (scratchchar != EOF && scratchchar != '\n');
-    
-	prompts[i].reply->length = strlen(prompts[i].reply->data);
-
-	if (!SetConsoleMode(handle, old_mode)) {
-	    errcode = ENOTTY;
-	    goto cleanup;
-	}
+        if (prompts[i].hidden) {
+            if (!SetConsoleMode(handle, new_mode)) {
+                errcode = ENOTTY;
+                goto cleanup;
+            }
+        }
+
+        fputs(prompts[i].prompt,stdout);
+        fputs(": ", stdout);
+        fflush(stdout);
+        memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+
+        if (fgets(prompts[i].reply->data, prompts[i].reply->length, stdin)
+            == NULL) {
+            if (prompts[i].hidden)
+                putchar('\n');
+            errcode = KRB5_LIBOS_CANTREADPWD;
+            goto cleanup;
+        }
+        if (prompts[i].hidden)
+            putchar('\n');
+        /* fgets always null-terminates the returned string */
+
+        /* replace newline with null */
+        if ((ptr = strchr(prompts[i].reply->data, '\n')))
+            *ptr = '\0';
+        else /* flush rest of input line */
+            do {
+                scratchchar = getchar();
+            } while (scratchchar != EOF && scratchchar != '\n');
+
+        prompts[i].reply->length = strlen(prompts[i].reply->data);
+
+        if (!SetConsoleMode(handle, old_mode)) {
+            errcode = ENOTTY;
+            goto cleanup;
+        }
     }
 
- cleanup:
+cleanup:
     if (errcode) {
-	for (i = 0; i < num_prompts; i++) {
-	    memset(prompts[i].reply->data, 0, prompts[i].reply->length);
-	}
+        for (i = 0; i < num_prompts; i++) {
+            memset(prompts[i].reply->data, 0, prompts[i].reply->length);
+        }
     }
     return errcode;
 }
@@ -303,11 +304,11 @@ krb5_prompter_posix(krb5_context context,
 
 krb5_error_code KRB5_CALLCONV
 krb5_prompter_posix(krb5_context context,
-		    void *data,
-		    const char *name,
-		    const char *banner,
-		    int num_prompts,
-		    krb5_prompt prompts[])
+                    void *data,
+                    const char *name,
+                    const char *banner,
+                    int num_prompts,
+                    krb5_prompt prompts[])
 {
     return(EINVAL);
 }
diff --git a/src/lib/krb5/os/read_msg.c b/src/lib/krb5/os/read_msg.c
index 82a257376..8d3dfe30c 100644
--- a/src/lib/krb5/os/read_msg.c
+++ b/src/lib/krb5/os/read_msg.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/read_msg.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Write a message to the network
  */
@@ -33,34 +34,34 @@
 krb5_error_code
 krb5_read_message(krb5_context context, krb5_pointer fdp, krb5_data *inbuf)
 {
-	krb5_int32	len;
-	int		len2, ilen;
-	char		*buf = NULL;
-	int		fd = *( (int *) fdp);
+    krb5_int32      len;
+    int             len2, ilen;
+    char            *buf = NULL;
+    int             fd = *( (int *) fdp);
 
-	inbuf->data = NULL;
-	inbuf->length = 0;
+    inbuf->data = NULL;
+    inbuf->length = 0;
 
-	if ((len2 = krb5_net_read(context, fd, (char *)&len, 4)) != 4)
-		return((len2 < 0) ? errno : ECONNABORTED);
-	len = ntohl(len);
+    if ((len2 = krb5_net_read(context, fd, (char *)&len, 4)) != 4)
+        return((len2 < 0) ? errno : ECONNABORTED);
+    len = ntohl(len);
 
-	if ((len & VALID_UINT_BITS) != len)  /* Overflow size_t??? */
-		return ENOMEM;
+    if ((len & VALID_UINT_BITS) != len)  /* Overflow size_t??? */
+        return ENOMEM;
 
-	inbuf->length = ilen = (int) len;
-	if (ilen) {
-		/*
-		 * We may want to include a sanity check here someday....
-		 */
-		if (!(buf = malloc(inbuf->length))) {
-			return(ENOMEM);
-		}
-		if ((len2 = krb5_net_read(context, fd, buf, ilen)) != ilen) {
-			free(buf);
-			return((len2 < 0) ? errno : ECONNABORTED);
-		}
-	}
-	inbuf->data = buf;
-	return(0);
+    inbuf->length = ilen = (int) len;
+    if (ilen) {
+        /*
+         * We may want to include a sanity check here someday....
+         */
+        if (!(buf = malloc(inbuf->length))) {
+            return(ENOMEM);
+        }
+        if ((len2 = krb5_net_read(context, fd, buf, ilen)) != ilen) {
+            free(buf);
+            return((len2 < 0) ? errno : ECONNABORTED);
+        }
+    }
+    inbuf->data = buf;
+    return(0);
 }
diff --git a/src/lib/krb5/os/read_pwd.c b/src/lib/krb5/os/read_pwd.c
index 6f2868da7..3c88a46e6 100644
--- a/src/lib/krb5/os/read_pwd.c
+++ b/src/lib/krb5/os/read_pwd.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/read_pwd.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * libos: krb5_read_password for BSD 4.3
  */
@@ -43,7 +44,7 @@
 krb5_error_code
 krb5_read_password(krb5_context context, const char *prompt, const char *prompt2, char *return_pwd, unsigned int *size_return)
 {
-    krb5_data reply_data;      
+    krb5_data reply_data;
     krb5_prompt k5prompt;
     krb5_error_code retval;
     reply_data.length = *size_return; /* NB: size_return is also an input */
@@ -52,29 +53,29 @@ krb5_read_password(krb5_context context, const char *prompt, const char *prompt2
     k5prompt.hidden = 1;
     k5prompt.reply = &reply_data;
     retval =  krb5_prompter_posix(NULL,
-				  NULL, NULL, NULL, 1, &k5prompt);
+                                  NULL, NULL, NULL, 1, &k5prompt);
 
     if ((retval==0) && prompt2) {
-	krb5_data verify_data;
-	verify_data.data = malloc(*size_return);
-	verify_data.length = *size_return;
-	k5prompt.prompt = (char *)prompt2;
-	k5prompt.reply = &verify_data;
-	if (!verify_data.data)
-	    return ENOMEM;
-	retval = krb5_prompter_posix(NULL,
-				     NULL,NULL, NULL, 1, &k5prompt);
-	if (retval == 0) {
-	    /* compare */
-	    if (strncmp(return_pwd, (char *)verify_data.data, *size_return))
-		retval = KRB5_LIBOS_BADPWDMATCH;
-	}
-	free(verify_data.data);
+        krb5_data verify_data;
+        verify_data.data = malloc(*size_return);
+        verify_data.length = *size_return;
+        k5prompt.prompt = (char *)prompt2;
+        k5prompt.reply = &verify_data;
+        if (!verify_data.data)
+            return ENOMEM;
+        retval = krb5_prompter_posix(NULL,
+                                     NULL,NULL, NULL, 1, &k5prompt);
+        if (retval == 0) {
+            /* compare */
+            if (strncmp(return_pwd, (char *)verify_data.data, *size_return))
+                retval = KRB5_LIBOS_BADPWDMATCH;
+        }
+        free(verify_data.data);
     }
     if (!retval)
-	*size_return = k5prompt.reply->length;
+        *size_return = k5prompt.reply->length;
     else
-	memset(return_pwd, 0, *size_return);
+        memset(return_pwd, 0, *size_return);
     return retval;
 }
 #endif
@@ -97,10 +98,10 @@ void center_dialog(HWND hwnd)
     int dlgwidth, dlgheight;
     RECT r;
     HDC hdc;
-    
+
     if (hwnd == NULL)
-	return;
-    
+        return;
+
     GetWindowRect(hwnd, &r);
     dlgwidth = r.right  - r.left;
     dlgheight = r.bottom - r.top ;
@@ -116,87 +117,87 @@ void center_dialog(HWND hwnd)
 #ifdef _WIN32
 static krb5_error_code
 read_console_password(
-    krb5_context	context,
-    const char		* prompt,
-    const char		* prompt2,
-    char		* password,
-    int			* pwsize)
+    krb5_context        context,
+    const char          * prompt,
+    const char          * prompt2,
+    char                * password,
+    int                 * pwsize)
 {
-    HANDLE		handle;
-    DWORD		old_mode, new_mode;
-    char		*tmpstr = 0;
-    char		*ptr;
-    int			scratchchar;
-    krb5_error_code	errcode = 0;
+    HANDLE              handle;
+    DWORD               old_mode, new_mode;
+    char                *tmpstr = 0;
+    char                *ptr;
+    int                 scratchchar;
+    krb5_error_code     errcode = 0;
 
     handle = GetStdHandle(STD_INPUT_HANDLE);
     if (handle == INVALID_HANDLE_VALUE)
-	return ENOTTY;
+        return ENOTTY;
     if (!GetConsoleMode(handle, &old_mode))
-	return ENOTTY;
+        return ENOTTY;
 
     new_mode = old_mode;
     new_mode |=  ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT );
     new_mode &= ~( ENABLE_ECHO_INPUT );
 
     if (!SetConsoleMode(handle, new_mode))
-	return ENOTTY;
+        return ENOTTY;
 
     (void) fputs(prompt, stdout);
     (void) fflush(stdout);
     (void) memset(password, 0, *pwsize);
 
     if (fgets(password, *pwsize, stdin) == NULL) {
-	(void) putchar('\n');
-	errcode = KRB5_LIBOS_CANTREADPWD;
-	goto cleanup;
+        (void) putchar('\n');
+        errcode = KRB5_LIBOS_CANTREADPWD;
+        goto cleanup;
     }
     (void) putchar('\n');
 
     if ((ptr = strchr(password, '\n')))
-	*ptr = '\0';
+        *ptr = '\0';
     else /* need to flush */
-	do {
-	    scratchchar = getchar();
-	} while (scratchchar != EOF && scratchchar != '\n');
+        do {
+            scratchchar = getchar();
+        } while (scratchchar != EOF && scratchchar != '\n');
 
     if (prompt2) {
-	if (! (tmpstr = (char *)malloc(*pwsize))) {
-	    errcode = ENOMEM;
-	    goto cleanup;
-	}
-	(void) fputs(prompt2, stdout);
-	(void) fflush(stdout);
-	if (fgets(tmpstr, *pwsize, stdin) == NULL) {
-	    (void) putchar('\n');
-	    errcode = KRB5_LIBOS_CANTREADPWD;
-	    goto cleanup;
-	}
-	(void) putchar('\n');
-
-	if ((ptr = strchr(tmpstr, '\n')))
-	    *ptr = '\0';
-	else /* need to flush */
-	    do {
-		scratchchar = getchar();
-	    } while (scratchchar != EOF && scratchchar != '\n');
-
-	if (strncmp(password, tmpstr, *pwsize)) {
-	    errcode = KRB5_LIBOS_BADPWDMATCH;
-	    goto cleanup;
-	}
+        if (! (tmpstr = (char *)malloc(*pwsize))) {
+            errcode = ENOMEM;
+            goto cleanup;
+        }
+        (void) fputs(prompt2, stdout);
+        (void) fflush(stdout);
+        if (fgets(tmpstr, *pwsize, stdin) == NULL) {
+            (void) putchar('\n');
+            errcode = KRB5_LIBOS_CANTREADPWD;
+            goto cleanup;
+        }
+        (void) putchar('\n');
+
+        if ((ptr = strchr(tmpstr, '\n')))
+            *ptr = '\0';
+        else /* need to flush */
+            do {
+                scratchchar = getchar();
+            } while (scratchchar != EOF && scratchchar != '\n');
+
+        if (strncmp(password, tmpstr, *pwsize)) {
+            errcode = KRB5_LIBOS_BADPWDMATCH;
+            goto cleanup;
+        }
     }
 
 cleanup:
     (void) SetConsoleMode(handle, old_mode);
     if (tmpstr) {
-	(void) memset(tmpstr, 0, *pwsize);
-	(void) free(tmpstr);
+        (void) memset(tmpstr, 0, *pwsize);
+        (void) free(tmpstr);
     }
     if (errcode)
-	(void) memset(password, 0, *pwsize);
+        (void) memset(password, 0, *pwsize);
     else
-	*pwsize = strlen(password);
+        *pwsize = strlen(password);
     return errcode;
 }
 #endif
@@ -205,35 +206,35 @@ static int CALLBACK
 read_pwd_proc(HWND hdlg, UINT msg, WPARAM wParam, LPARAM lParam)
 {
     pwd_params *dp;
-    
+
     switch(msg) {
     case WM_INITDIALOG:
-	dp = (pwd_params *) lParam;
-	SetWindowLongPtr(hdlg, DWLP_USER, lParam);
-	SetDlgItemText(hdlg, ID_READ_PWD_PROMPT, dp->pwd_prompt);
-	SetDlgItemText(hdlg, ID_READ_PWD_PROMPT2, dp->pwd_prompt2);
-	SetDlgItemText(hdlg, ID_READ_PWD_PWD, "");
-	center_dialog(hdlg);
-	return TRUE;
+        dp = (pwd_params *) lParam;
+        SetWindowLongPtr(hdlg, DWLP_USER, lParam);
+        SetDlgItemText(hdlg, ID_READ_PWD_PROMPT, dp->pwd_prompt);
+        SetDlgItemText(hdlg, ID_READ_PWD_PROMPT2, dp->pwd_prompt2);
+        SetDlgItemText(hdlg, ID_READ_PWD_PWD, "");
+        center_dialog(hdlg);
+        return TRUE;
 
     case WM_COMMAND:
-	dp = (pwd_params *) GetWindowLongPtr(hdlg, DWLP_USER);
+        dp = (pwd_params *) GetWindowLongPtr(hdlg, DWLP_USER);
         switch (wParam) {
-	case IDOK:
-	    *(dp->pwd_size_return) =
-		GetDlgItemText(hdlg, ID_READ_PWD_PWD, 
-			       dp->pwd_return_pwd, *(dp->pwd_size_return));
-	    EndDialog(hdlg, TRUE);
-	    break;
-	    
-	case IDCANCEL:
-	    memset(dp->pwd_return_pwd, 0 , *(dp->pwd_size_return));
-	    *(dp->pwd_size_return) = 0;
-	    EndDialog(hdlg, FALSE);
-	    break;
+        case IDOK:
+            *(dp->pwd_size_return) =
+                GetDlgItemText(hdlg, ID_READ_PWD_PWD,
+                               dp->pwd_return_pwd, *(dp->pwd_size_return));
+            EndDialog(hdlg, TRUE);
+            break;
+
+        case IDCANCEL:
+            memset(dp->pwd_return_pwd, 0 , *(dp->pwd_size_return));
+            *(dp->pwd_size_return) = 0;
+            EndDialog(hdlg, FALSE);
+            break;
         }
         return TRUE;
- 
+
     default:
         return FALSE;
     }
@@ -254,8 +255,8 @@ krb5_read_password(context, prompt, prompt2, return_pwd, size_return)
 
 #ifdef _WIN32
     if (_isatty(_fileno(stdin)))
-	return(read_console_password
-	       (context, prompt, prompt2, return_pwd, size_return));
+        return(read_console_password
+               (context, prompt, prompt2, return_pwd, size_return));
 #endif
 
     dps.pwd_prompt = prompt;
@@ -270,7 +271,7 @@ krb5_read_password(context, prompt, prompt2, return_pwd, size_return)
     dlgproc = (FARPROC) MakeProcInstance(read_pwd_proc, hinst);
 #endif
     rc = DialogBoxParam(hinst, MAKEINTRESOURCE(ID_READ_PWD_DIALOG), 0,
-			dlgproc, (LPARAM) &dps);
+                        dlgproc, (LPARAM) &dps);
 #ifndef _WIN32
     FreeProcInstance ((FARPROC) dlgproc);
 #endif
@@ -291,7 +292,7 @@ krb5_read_password(context, prompt, prompt2, return_pwd, size_return)
     char *return_pwd;
     int *size_return;
 {
-   *size_return = 0;
-   return KRB5_LIBOS_CANTREADPWD;
+    *size_return = 0;
+    return KRB5_LIBOS_CANTREADPWD;
 }
 #endif
diff --git a/src/lib/krb5/os/realm_dom.c b/src/lib/krb5/os/realm_dom.c
index ed44e9d59..8f25caf44 100644
--- a/src/lib/krb5/os/realm_dom.c
+++ b/src/lib/krb5/os/realm_dom.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/realm_dom.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_get_realm_domain()
  */
@@ -52,7 +53,7 @@ krb5_get_realm_domain(krb5_context context, const char *realm, char **domain)
     char *temp_domain = 0;
 
     retval = profile_get_string(context->profile, KRB5_CONF_REALMS, realm,
-			       KRB5_CONF_DEFAULT_DOMAIN, realm, &temp_domain);
+                                KRB5_CONF_DEFAULT_DOMAIN, realm, &temp_domain);
     if (!retval && temp_domain)
     {
         *domain = strdup(temp_domain);
diff --git a/src/lib/krb5/os/realm_iter.c b/src/lib/krb5/os/realm_iter.c
index 0beaa2f46..cfc9e390e 100644
--- a/src/lib/krb5/os/realm_iter.c
+++ b/src/lib/krb5/os/realm_iter.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/realm_init.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * krb5_realm_iterate()
  */
 
@@ -34,11 +35,11 @@ krb5_error_code KRB5_CALLCONV
 krb5_realm_iterator_create(krb5_context context, void **iter_p)
 {
     static const char *const names[] = { "realms", 0 };
-	
+
     return profile_iterator_create(context->profile, names,
-				   PROFILE_ITER_LIST_SECTION |
-				   PROFILE_ITER_SECTIONS_ONLY,
-				   iter_p);
+                                   PROFILE_ITER_LIST_SECTION |
+                                   PROFILE_ITER_SECTIONS_ONLY,
+                                   iter_p);
 }
 
 krb5_error_code KRB5_CALLCONV
diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index dcf08d996..f12be79f4 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/sendto_kdc.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Send packet to KDC for realm; wait for response, retransmitting
  * as necessary.
@@ -53,9 +54,9 @@
 #endif
 #endif
 
-#define MAX_PASS		    3
-#define DEFAULT_UDP_PREF_LIMIT	 1465
-#define HARD_UDP_LIMIT		32700 /* could probably do 64K-epsilon ? */
+#define MAX_PASS                    3
+#define DEFAULT_UDP_PREF_LIMIT   1465
+#define HARD_UDP_LIMIT          32700 /* could probably do 64K-epsilon ? */
 
 #undef DEBUG
 
@@ -68,10 +69,10 @@ static void default_debug_handler (const void *data, size_t len)
 #if 0
     static FILE *logfile;
     if (logfile == NULL) {
-	logfile = fopen("/tmp/sendto_kdc.log", "a");
-	if (logfile == NULL)
-	    return;
-	setbuf(logfile, NULL);
+        logfile = fopen("/tmp/sendto_kdc.log", "a");
+        if (logfile == NULL)
+            return;
+        setbuf(logfile, NULL);
     }
     fwrite(data, 1, len, logfile);
 #else
@@ -95,7 +96,7 @@ void (*krb5int_sendtokdc_debug_handler) (const void *, size_t) = 0;
 #endif
 
 #define dprint krb5int_debug_fprint
- void
+void
 krb5int_debug_fprint (const char *fmt, ...)
 {
 #ifdef DEBUG
@@ -119,131 +120,131 @@ krb5int_debug_fprint (const char *fmt, ...)
     struct k5buf buf;
 
     if (!krb5int_debug_sendto_kdc)
-	return;
+        return;
 
     va_start(args, fmt);
 
-#define putf(FMT,X)	(snprintf(tmpbuf,sizeof(tmpbuf),FMT,X),putstr(tmpbuf))
+#define putf(FMT,X)     (snprintf(tmpbuf,sizeof(tmpbuf),FMT,X),putstr(tmpbuf))
 
     for (; *fmt; fmt++) {
-	if (*fmt != '%') {
-	    const char *fmt2;
-	    size_t len;
-	    for (fmt2 = fmt+1; *fmt2; fmt2++)
-		if (*fmt2 == '%')
-		    break;
-	    len = fmt2 - fmt;
-	    put(fmt, len);
-	    fmt += len - 1;	/* then fmt++ in loop header */
-	    continue;
-	}
-	/* After this, always processing a '%' sequence.  */
-	fmt++;
-	switch (*fmt) {
-	case 0:
-	default:
-	    abort();
-	case 'E':
-	    /* %E => krb5_error_code */
-	    kerr = va_arg(args, krb5_error_code);
-	    snprintf(tmpbuf, sizeof(tmpbuf), "%lu/", (unsigned long) kerr);
-	    putstr(tmpbuf);
-	    p = error_message(kerr);
-	    putstr(p);
-	    break;
-	case 'm':
-	    /* %m => errno value (int) */
-	    /* Like syslog's %m except the errno value is passed in
-	       rather than the current value.  */
-	    err = va_arg(args, int);
-	    putf("%d/", err);
-	    p = NULL;
+        if (*fmt != '%') {
+            const char *fmt2;
+            size_t len;
+            for (fmt2 = fmt+1; *fmt2; fmt2++)
+                if (*fmt2 == '%')
+                    break;
+            len = fmt2 - fmt;
+            put(fmt, len);
+            fmt += len - 1;     /* then fmt++ in loop header */
+            continue;
+        }
+        /* After this, always processing a '%' sequence.  */
+        fmt++;
+        switch (*fmt) {
+        case 0:
+        default:
+            abort();
+        case 'E':
+            /* %E => krb5_error_code */
+            kerr = va_arg(args, krb5_error_code);
+            snprintf(tmpbuf, sizeof(tmpbuf), "%lu/", (unsigned long) kerr);
+            putstr(tmpbuf);
+            p = error_message(kerr);
+            putstr(p);
+            break;
+        case 'm':
+            /* %m => errno value (int) */
+            /* Like syslog's %m except the errno value is passed in
+               rather than the current value.  */
+            err = va_arg(args, int);
+            putf("%d/", err);
+            p = NULL;
 #ifdef HAVE_STRERROR_R
-	    if (strerror_r(err, tmpbuf, sizeof(tmpbuf)) == 0)
-		p = tmpbuf;
+            if (strerror_r(err, tmpbuf, sizeof(tmpbuf)) == 0)
+                p = tmpbuf;
 #endif
-	    if (p == NULL)
-		p = strerror(err);
-	    putstr(p);
-	    break;
-	case 'F':
-	    /* %F => fd_set *, fd_set *, fd_set *, int */
-	    rfds = va_arg(args, fd_set *);
-	    wfds = va_arg(args, fd_set *);
-	    xfds = va_arg(args, fd_set *);
-	    maxfd = va_arg(args, int);
-
-	    for (i = 0; i < maxfd; i++) {
-		int r = FD_ISSET(i, rfds);
-		int w = wfds && FD_ISSET(i, wfds);
-		int x = xfds && FD_ISSET(i, xfds);
-		if (r || w || x) {
-		    putf(" %d", i);
-		    if (r)
-			putstr("r");
-		    if (w)
-			putstr("w");
-		    if (x)
-			putstr("x");
-		}
-	    }
-	    putstr(" ");
-	    break;
-	case 's':
-	    /* %s => char * */
-	    p = va_arg(args, const char *);
-	    putstr(p);
-	    break;
-	case 't':
-	    /* %t => struct timeval * */
-	    tv = va_arg(args, struct timeval *);
-	    if (tv) {
-		snprintf(tmpbuf, sizeof(tmpbuf), "%ld.%06ld",
-			(long) tv->tv_sec, (long) tv->tv_usec);
-		putstr(tmpbuf);
-	    } else
-		putstr("never");
-	    break;
-	case 'd':
-	    /* %d => int */
-	    putf("%d", va_arg(args, int));
-	    break;
-	case 'p':
-	    /* %p => pointer */
-	    putf("%p", va_arg(args, void*));
-	    break;
-	case 'A':
-	    /* %A => addrinfo */
-	    ai = va_arg(args, struct addrinfo *);
-	    krb5int_buf_init_dynamic(&buf);
-	    if (ai->ai_socktype == SOCK_DGRAM)
-		krb5int_buf_add(&buf, "dgram");
-	    else if (ai->ai_socktype == SOCK_STREAM)
-		krb5int_buf_add(&buf, "stream");
-	    else
-		krb5int_buf_add_fmt(&buf, "socktype%d", ai->ai_socktype);
-
-	    if (0 != getnameinfo (ai->ai_addr, ai->ai_addrlen,
-				  addrbuf, sizeof (addrbuf),
-				  portbuf, sizeof (portbuf),
-				  NI_NUMERICHOST | NI_NUMERICSERV)) {
-		if (ai->ai_addr->sa_family == AF_UNSPEC)
-		    krb5int_buf_add(&buf, " AF_UNSPEC");
-		else
-		    krb5int_buf_add_fmt(&buf, " af%d", ai->ai_addr->sa_family);
-	    } else
-		krb5int_buf_add_fmt(&buf, " %s.%s", addrbuf, portbuf);
-	    if (krb5int_buf_data(&buf))
-		putstr(krb5int_buf_data(&buf));
-	    krb5int_free_buf(&buf);
-	    break;
-	case 'D':
-	    /* %D => krb5_data * */
-	    d = va_arg(args, krb5_data *);
-	    /* may not be nul-terminated */
-	    put(d->data, d->length);
-	    break;
-	}
+            if (p == NULL)
+                p = strerror(err);
+            putstr(p);
+            break;
+        case 'F':
+            /* %F => fd_set *, fd_set *, fd_set *, int */
+            rfds = va_arg(args, fd_set *);
+            wfds = va_arg(args, fd_set *);
+            xfds = va_arg(args, fd_set *);
+            maxfd = va_arg(args, int);
+
+            for (i = 0; i < maxfd; i++) {
+                int r = FD_ISSET(i, rfds);
+                int w = wfds && FD_ISSET(i, wfds);
+                int x = xfds && FD_ISSET(i, xfds);
+                if (r || w || x) {
+                    putf(" %d", i);
+                    if (r)
+                        putstr("r");
+                    if (w)
+                        putstr("w");
+                    if (x)
+                        putstr("x");
+                }
+            }
+            putstr(" ");
+            break;
+        case 's':
+            /* %s => char * */
+            p = va_arg(args, const char *);
+            putstr(p);
+            break;
+        case 't':
+            /* %t => struct timeval * */
+            tv = va_arg(args, struct timeval *);
+            if (tv) {
+                snprintf(tmpbuf, sizeof(tmpbuf), "%ld.%06ld",
+                         (long) tv->tv_sec, (long) tv->tv_usec);
+                putstr(tmpbuf);
+            } else
+                putstr("never");
+            break;
+        case 'd':
+            /* %d => int */
+            putf("%d", va_arg(args, int));
+            break;
+        case 'p':
+            /* %p => pointer */
+            putf("%p", va_arg(args, void*));
+            break;
+        case 'A':
+            /* %A => addrinfo */
+            ai = va_arg(args, struct addrinfo *);
+            krb5int_buf_init_dynamic(&buf);
+            if (ai->ai_socktype == SOCK_DGRAM)
+                krb5int_buf_add(&buf, "dgram");
+            else if (ai->ai_socktype == SOCK_STREAM)
+                krb5int_buf_add(&buf, "stream");
+            else
+                krb5int_buf_add_fmt(&buf, "socktype%d", ai->ai_socktype);
+
+            if (0 != getnameinfo (ai->ai_addr, ai->ai_addrlen,
+                                  addrbuf, sizeof (addrbuf),
+                                  portbuf, sizeof (portbuf),
+                                  NI_NUMERICHOST | NI_NUMERICSERV)) {
+                if (ai->ai_addr->sa_family == AF_UNSPEC)
+                    krb5int_buf_add(&buf, " AF_UNSPEC");
+                else
+                    krb5int_buf_add_fmt(&buf, " af%d", ai->ai_addr->sa_family);
+            } else
+                krb5int_buf_add_fmt(&buf, " %s.%s", addrbuf, portbuf);
+            if (krb5int_buf_data(&buf))
+                putstr(krb5int_buf_data(&buf));
+            krb5int_free_buf(&buf);
+            break;
+        case 'D':
+            /* %D => krb5_data * */
+            d = va_arg(args, krb5_data *);
+            /* may not be nul-terminated */
+            put(d->data, d->length);
+            break;
+        }
     }
     va_end(args);
 #endif
@@ -256,7 +257,7 @@ print_addrlist (const struct addrlist *a)
     int i;
     dprint("%d{", a->naddrs);
     for (i = 0; i < a->naddrs; i++)
-	dprint("%s%p=%A", i ? "," : "", (void*)a->addrs[i].ai, a->addrs[i].ai);
+        dprint("%s%p=%A", i ? "," : "", (void*)a->addrs[i].ai, a->addrs[i].ai);
     dprint("}");
 }
 
@@ -269,26 +270,26 @@ merge_addrlists (struct addrlist *dest, struct addrlist *src)
 
     dprint("merging addrlists:\n\tlist1: ");
     for (i = 0; i < dest->naddrs; i++)
-	dprint(" %A", dest->addrs[i].ai);
+        dprint(" %A", dest->addrs[i].ai);
     dprint("\n\tlist2: ");
     for (i = 0; i < src->naddrs; i++)
-	dprint(" %A", src->addrs[i].ai);
+        dprint(" %A", src->addrs[i].ai);
     dprint("\n");
 
     err = krb5int_grow_addrlist (dest, src->naddrs);
     if (err)
-	return err;
+        return err;
     for (i = 0; i < src->naddrs; i++) {
-	dest->addrs[dest->naddrs + i] = src->addrs[i];
-	src->addrs[i].ai = 0;
-	src->addrs[i].freefn = 0;
+        dest->addrs[dest->naddrs + i] = src->addrs[i];
+        src->addrs[i].ai = 0;
+        src->addrs[i].freefn = 0;
     }
     dest->naddrs += i;
     src->naddrs = 0;
 
     dprint("\tout:   ");
     for (i = 0; i < dest->naddrs; i++)
-	dprint(" %A", dest->addrs[i].ai);
+        dprint(" %A", dest->addrs[i].ai);
     dprint("\n");
 
     return 0;
@@ -299,33 +300,33 @@ in_addrlist (struct addrinfo *thisaddr, struct addrlist *list)
 {
     int i;
     for (i = 0; i < list->naddrs; i++) {
-	if (thisaddr->ai_addrlen == list->addrs[i].ai->ai_addrlen
-	    && !memcmp(thisaddr->ai_addr, list->addrs[i].ai->ai_addr,
-		       thisaddr->ai_addrlen))
-	    return 1;
+        if (thisaddr->ai_addrlen == list->addrs[i].ai->ai_addrlen
+            && !memcmp(thisaddr->ai_addr, list->addrs[i].ai->ai_addr,
+                       thisaddr->ai_addrlen))
+            return 1;
     }
     return 0;
 }
 
 static int
 check_for_svc_unavailable (krb5_context context,
-			   const krb5_data *reply,
-			   void *msg_handler_data)
+                           const krb5_data *reply,
+                           void *msg_handler_data)
 {
     krb5_error_code *retval = (krb5_error_code *)msg_handler_data;
 
     *retval = 0;
 
     if (krb5_is_krb_error(reply)) {
-	krb5_error *err_reply;
+        krb5_error *err_reply;
 
-	if (decode_krb5_error(reply, &err_reply) == 0) {
-	    *retval = err_reply->error;
-	    krb5_free_error(context, err_reply);
+        if (decode_krb5_error(reply, &err_reply) == 0) {
+            *retval = err_reply->error;
+            krb5_free_error(context, err_reply);
 
-	    /* Returning 0 means continue to next KDC */
-	    return (*retval != KDC_ERR_SVC_UNAVAILABLE);
-	}
+            /* Returning 0 means continue to next KDC */
+            return (*retval != KDC_ERR_SVC_UNAVAILABLE);
+        }
     }
 
     return 1;
@@ -344,8 +345,8 @@ check_for_svc_unavailable (krb5_context context,
 
 krb5_error_code
 krb5_sendto_kdc (krb5_context context, const krb5_data *message,
-		 const krb5_data *realm, krb5_data *reply,
-		 int *use_master, int tcp_only)
+                 const krb5_data *realm, krb5_data *reply,
+                 int *use_master, int tcp_only)
 {
     krb5_error_code retval, retval2;
     struct addrlist addrs;
@@ -365,94 +366,94 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message,
      */
 
     dprint("krb5_sendto_kdc(%d@%p, \"%D\", use_master=%d, tcp_only=%d)\n",
-	   message->length, message->data, realm, *use_master, tcp_only);
+           message->length, message->data, realm, *use_master, tcp_only);
 
     if (!tcp_only && context->udp_pref_limit < 0) {
-	int tmp;
-	retval = profile_get_integer(context->profile,
-				     KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0,
-				     DEFAULT_UDP_PREF_LIMIT, &tmp);
-	if (retval)
-	    return retval;
-	if (tmp < 0)
-	    tmp = DEFAULT_UDP_PREF_LIMIT;
-	else if (tmp > HARD_UDP_LIMIT)
-	    /* In the unlikely case that a *really* big value is
-	       given, let 'em use as big as we think we can
-	       support.  */
-	    tmp = HARD_UDP_LIMIT;
-	context->udp_pref_limit = tmp;
+        int tmp;
+        retval = profile_get_integer(context->profile,
+                                     KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0,
+                                     DEFAULT_UDP_PREF_LIMIT, &tmp);
+        if (retval)
+            return retval;
+        if (tmp < 0)
+            tmp = DEFAULT_UDP_PREF_LIMIT;
+        else if (tmp > HARD_UDP_LIMIT)
+            /* In the unlikely case that a *really* big value is
+               given, let 'em use as big as we think we can
+               support.  */
+            tmp = HARD_UDP_LIMIT;
+        context->udp_pref_limit = tmp;
     }
 
     retval = (*use_master ? KRB5_KDC_UNREACH : KRB5_REALM_UNKNOWN);
 
     if (tcp_only)
-	socktype1 = SOCK_STREAM, socktype2 = 0;
+        socktype1 = SOCK_STREAM, socktype2 = 0;
     else if (message->length <= context->udp_pref_limit)
-	socktype1 = SOCK_DGRAM, socktype2 = SOCK_STREAM;
+        socktype1 = SOCK_DGRAM, socktype2 = SOCK_STREAM;
     else
-	socktype1 = SOCK_STREAM, socktype2 = SOCK_DGRAM;
+        socktype1 = SOCK_STREAM, socktype2 = SOCK_DGRAM;
 
     retval = krb5_locate_kdc(context, realm, &addrs, *use_master, socktype1, 0);
     if (socktype2) {
-	struct addrlist addrs2;
+        struct addrlist addrs2;
 
-	retval2 = krb5_locate_kdc(context, realm, &addrs2, *use_master,
-				  socktype2, 0);
+        retval2 = krb5_locate_kdc(context, realm, &addrs2, *use_master,
+                                  socktype2, 0);
 #if 0
-	if (retval2 == 0) {
-	    (void) merge_addrlists(&addrs, &addrs2);
-	    krb5int_free_addrlist(&addrs2);
-	    retval = 0;
-	} else if (retval == KRB5_REALM_CANT_RESOLVE) {
-	    retval = retval2;
-	}
+        if (retval2 == 0) {
+            (void) merge_addrlists(&addrs, &addrs2);
+            krb5int_free_addrlist(&addrs2);
+            retval = 0;
+        } else if (retval == KRB5_REALM_CANT_RESOLVE) {
+            retval = retval2;
+        }
 #else
-	retval = retval2;
-	if (retval == 0) {
-	    (void) merge_addrlists(&addrs, &addrs2);
-	    krb5int_free_addrlist(&addrs2);
-	}
+        retval = retval2;
+        if (retval == 0) {
+            (void) merge_addrlists(&addrs, &addrs2);
+            krb5int_free_addrlist(&addrs2);
+        }
 #endif
     }
 
     if (addrs.naddrs > 0) {
-	krb5_error_code err = 0;
+        krb5_error_code err = 0;
 
         retval = krb5int_sendto (context, message, &addrs, 0, reply, 0, 0,
-				 0, 0, &addr_used, check_for_svc_unavailable, &err);
-	switch (retval) {
-	case 0:
+                                 0, 0, &addr_used, check_for_svc_unavailable, &err);
+        switch (retval) {
+        case 0:
             /*
              * Set use_master to 1 if we ended up talking to a master when
              * we didn't explicitly request to
              */
             if (*use_master == 0) {
                 struct addrlist addrs3;
-                retval = krb5_locate_kdc(context, realm, &addrs3, 1, 
+                retval = krb5_locate_kdc(context, realm, &addrs3, 1,
                                          addrs.addrs[addr_used].ai->ai_socktype,
                                          addrs.addrs[addr_used].ai->ai_family);
                 if (retval == 0) {
-		    if (in_addrlist(addrs.addrs[addr_used].ai, &addrs3))
-			*use_master = 1;
+                    if (in_addrlist(addrs.addrs[addr_used].ai, &addrs3))
+                        *use_master = 1;
                     krb5int_free_addrlist (&addrs3);
                 }
             }
             krb5int_free_addrlist (&addrs);
             return 0;
-	default:
-	    break;
-	    /* Cases here are for constructing useful error messages.  */
-	case KRB5_KDC_UNREACH:
-	    if (err == KDC_ERR_SVC_UNAVAILABLE) {
-		retval = KRB5KDC_ERR_SVC_UNAVAILABLE;
-	    } else {
-		krb5_set_error_message(context, retval,
-				       "Cannot contact any KDC for realm '%.*s'",
-				       realm->length, realm->data);
-	    }
-	    break;
-	}
+        default:
+            break;
+            /* Cases here are for constructing useful error messages.  */
+        case KRB5_KDC_UNREACH:
+            if (err == KDC_ERR_SVC_UNAVAILABLE) {
+                retval = KRB5KDC_ERR_SVC_UNAVAILABLE;
+            } else {
+                krb5_set_error_message(context, retval,
+                                       "Cannot contact any KDC for realm '%.*s'",
+                                       realm->length, realm->data);
+            }
+            break;
+        }
         krb5int_free_addrlist (&addrs);
     }
     return retval;
@@ -461,10 +462,10 @@ krb5_sendto_kdc (krb5_context context, const krb5_data *message,
 #ifdef DEBUG
 
 #ifdef _WIN32
-#define dperror(MSG) \
-	 dprint("%s: an error occurred ... "			\
-		"\tline=%d errno=%m socketerrno=%m\n",		\
-		(MSG), __LINE__, errno, SOCKET_ERRNO)
+#define dperror(MSG)                                    \
+    dprint("%s: an error occurred ... "                 \
+           "\tline=%d errno=%m socketerrno=%m\n",       \
+           (MSG), __LINE__, errno, SOCKET_ERRNO)
 #else
 #define dperror(MSG) dprint("%s: %m\n", MSG, errno)
 #endif
@@ -510,8 +511,8 @@ static int getcurtime (struct timeval *tvp)
     return 0;
 #else
     if (gettimeofday(tvp, 0)) {
-	dperror("gettimeofday");
-	return errno;
+        dperror("gettimeofday");
+        return errno;
     }
     return 0;
 #endif
@@ -525,7 +526,7 @@ static int getcurtime (struct timeval *tvp)
  */
 krb5_error_code
 krb5int_cm_call_select (const struct select_state *in,
-			struct select_state *out, int *sret)
+                        struct select_state *out, int *sret)
 {
     struct timeval now, *timo;
     krb5_error_code e;
@@ -533,65 +534,65 @@ krb5int_cm_call_select (const struct select_state *in,
     *out = *in;
     e = getcurtime(&now);
     if (e)
-	return e;
+        return e;
     if (out->end_time.tv_sec == 0)
-	timo = 0;
+        timo = 0;
     else {
-	timo = &out->end_time;
-	out->end_time.tv_sec -= now.tv_sec;
-	out->end_time.tv_usec -= now.tv_usec;
-	if (out->end_time.tv_usec < 0) {
-	    out->end_time.tv_usec += 1000000;
-	    out->end_time.tv_sec--;
-	}
-	if (out->end_time.tv_sec < 0) {
-	    *sret = 0;
-	    return 0;
-	}
+        timo = &out->end_time;
+        out->end_time.tv_sec -= now.tv_sec;
+        out->end_time.tv_usec -= now.tv_usec;
+        if (out->end_time.tv_usec < 0) {
+            out->end_time.tv_usec += 1000000;
+            out->end_time.tv_sec--;
+        }
+        if (out->end_time.tv_sec < 0) {
+            *sret = 0;
+            return 0;
+        }
     }
     dprint("selecting on max=%d sockets [%F] timeout %t\n",
-	   out->max,
-	   &out->rfds, &out->wfds, &out->xfds, out->max,
-	   timo);
+           out->max,
+           &out->rfds, &out->wfds, &out->xfds, out->max,
+           timo);
     *sret = select(out->max, &out->rfds, &out->wfds, &out->xfds, timo);
     e = SOCKET_ERRNO;
 
     dprint("select returns %d", *sret);
     if (*sret < 0)
-	dprint(", error = %E\n", e);
+        dprint(", error = %E\n", e);
     else if (*sret == 0)
-	dprint(" (timeout)\n");
+        dprint(" (timeout)\n");
     else
-	dprint(":%F\n", &out->rfds, &out->wfds, &out->xfds, out->max);
+        dprint(":%F\n", &out->rfds, &out->wfds, &out->xfds, out->max);
 
     if (*sret < 0)
-	return e;
+        return e;
     return 0;
 }
 
 static int service_tcp_fd (struct conn_state *conn,
-			   struct select_state *selstate, int ssflags);
+                           struct select_state *selstate, int ssflags);
 static int service_udp_fd (struct conn_state *conn,
-			   struct select_state *selstate, int ssflags);
+                           struct select_state *selstate, int ssflags);
 
 static void
 set_conn_state_msg_length (struct conn_state *state, const krb5_data *message)
 {
-    if (!message || message->length == 0) 
-	return;
+    if (!message || message->length == 0)
+        return;
 
     if (!state->is_udp) {
 
-	store_32_be(message->length, state->x.out.msg_len_buf);
-	SG_SET(&state->x.out.sgbuf[0], state->x.out.msg_len_buf, 4);
-	SG_SET(&state->x.out.sgbuf[1], message->data, message->length);
-   	state->x.out.sg_count = 2;
+        store_32_be(message->length, state->x.out.msg_len_buf);
+        SG_SET(&state->x.out.sgbuf[0], state->x.out.msg_len_buf, 4);
+        SG_SET(&state->x.out.sgbuf[1], message->data, message->length);
+        state->x.out.sg_count = 2;
 
     } else {
 
-	SG_SET(&state->x.out.sgbuf[0], message->data, message->length);
-	SG_SET(&state->x.out.sgbuf[1], 0, 0);
-	state->x.out.sg_count = 1;
+        SG_SET(&state->x.out.sgbuf[0], message->data, message->length);
+        SG_SET(&state->x.out.sgbuf[1], 0, 0);
+        state->x.out.sg_count = 1;
 
     }
 }
@@ -600,7 +601,7 @@ set_conn_state_msg_length (struct conn_state *state, const krb5_data *message)
 
 static void
 setup_connection (struct conn_state *state, struct addrinfo *ai,
-		  const krb5_data *message, char **udpbufp)
+                  const krb5_data *message, char **udpbufp)
 {
     state->state = INITIALIZING;
     state->err = 0;
@@ -609,103 +610,103 @@ setup_connection (struct conn_state *state, struct addrinfo *ai,
     state->fd = INVALID_SOCKET;
     SG_SET(&state->x.out.sgbuf[1], 0, 0);
     if (ai->ai_socktype == SOCK_STREAM) {
-	/*
-	SG_SET(&state->x.out.sgbuf[0], message_len_buf, 4);
-	SG_SET(&state->x.out.sgbuf[1], message->data, message->length);
-	state->x.out.sg_count = 2;
-	*/
-	
-	state->is_udp = 0;
-	state->service = service_tcp_fd;
-	set_conn_state_msg_length (state, message);
+        /*
+          SG_SET(&state->x.out.sgbuf[0], message_len_buf, 4);
+          SG_SET(&state->x.out.sgbuf[1], message->data, message->length);
+          state->x.out.sg_count = 2;
+        */
+
+        state->is_udp = 0;
+        state->service = service_tcp_fd;
+        set_conn_state_msg_length (state, message);
     } else {
-	/*
-	SG_SET(&state->x.out.sgbuf[0], message->data, message->length);
-	SG_SET(&state->x.out.sgbuf[1], 0, 0);
-	state->x.out.sg_count = 1;
-	*/
-
-	state->is_udp = 1;
-	state->service = service_udp_fd;
-	set_conn_state_msg_length (state, message);
-
-	if (*udpbufp == 0) {
-	    *udpbufp = malloc(krb5_max_dgram_size);
-	    if (*udpbufp == 0) {
-		dperror("malloc(krb5_max_dgram_size)");
-		state->state = FAILED;
-		return;
-	    }
-	}
-	state->x.in.buf = *udpbufp;
-	state->x.in.bufsize = krb5_max_dgram_size;
+        /*
+          SG_SET(&state->x.out.sgbuf[0], message->data, message->length);
+          SG_SET(&state->x.out.sgbuf[1], 0, 0);
+          state->x.out.sg_count = 1;
+        */
+
+        state->is_udp = 1;
+        state->service = service_udp_fd;
+        set_conn_state_msg_length (state, message);
+
+        if (*udpbufp == 0) {
+            *udpbufp = malloc(krb5_max_dgram_size);
+            if (*udpbufp == 0) {
+                dperror("malloc(krb5_max_dgram_size)");
+                state->state = FAILED;
+                return;
+            }
+        }
+        state->x.in.buf = *udpbufp;
+        state->x.in.bufsize = krb5_max_dgram_size;
     }
 }
 
 static int
-start_connection (struct conn_state *state, 
-		  struct select_state *selstate, 
-		  struct sendto_callback_info* callback_info,
+start_connection (struct conn_state *state,
+                  struct select_state *selstate,
+                  struct sendto_callback_info* callback_info,
                   krb5_data* callback_buffer)
 {
     int fd, e;
     struct addrinfo *ai = state->addr;
 
     dprint("start_connection(@%p)\ngetting %s socket in family %d...", state,
-	   ai->ai_socktype == SOCK_STREAM ? "stream" : "dgram", ai->ai_family);
+           ai->ai_socktype == SOCK_STREAM ? "stream" : "dgram", ai->ai_family);
     fd = socket(ai->ai_family, ai->ai_socktype, 0);
     if (fd == INVALID_SOCKET) {
-	state->err = SOCKET_ERRNO;
-	dprint("socket: %m creating with af %d\n", state->err, ai->ai_family);
-	return -1;		/* try other hosts */
+        state->err = SOCKET_ERRNO;
+        dprint("socket: %m creating with af %d\n", state->err, ai->ai_family);
+        return -1;              /* try other hosts */
     }
 #ifndef _WIN32 /* On Windows FD_SETSIZE is a count, not a max value.  */
     if (fd >= FD_SETSIZE) {
-	closesocket(fd);
-	state->err = EMFILE;
-	dprint("socket: fd %d too high\n", fd);
-	return -1;
+        closesocket(fd);
+        state->err = EMFILE;
+        dprint("socket: fd %d too high\n", fd);
+        return -1;
     }
 #endif
     set_cloexec_fd(fd);
     /* Make it non-blocking.  */
     if (ai->ai_socktype == SOCK_STREAM) {
-	static const int one = 1;
-	static const struct linger lopt = { 0, 0 };
+        static const int one = 1;
+        static const struct linger lopt = { 0, 0 };
 
-	if (ioctlsocket(fd, FIONBIO, (const void *) &one))
-	    dperror("sendto_kdc: ioctl(FIONBIO)");
-	if (setsockopt(fd, SOL_SOCKET, SO_LINGER, &lopt, sizeof(lopt)))
-	    dperror("sendto_kdc: setsockopt(SO_LINGER)");
+        if (ioctlsocket(fd, FIONBIO, (const void *) &one))
+            dperror("sendto_kdc: ioctl(FIONBIO)");
+        if (setsockopt(fd, SOL_SOCKET, SO_LINGER, &lopt, sizeof(lopt)))
+            dperror("sendto_kdc: setsockopt(SO_LINGER)");
     }
 
     /* Start connecting to KDC.  */
     dprint(" fd %d; connecting to %A...\n", fd, ai);
     e = connect(fd, ai->ai_addr, ai->ai_addrlen);
     if (e != 0) {
-	/*
-	 * This is the path that should be followed for non-blocking
-	 * connections.
-	 */
-	if (SOCKET_ERRNO == EINPROGRESS || SOCKET_ERRNO == EWOULDBLOCK) {
-	    state->state = CONNECTING;
-	    state->fd = fd;
-	} else {
-	    dprint("connect failed: %m\n", SOCKET_ERRNO);
-	    (void) closesocket(fd);
-	    state->err = SOCKET_ERRNO;
-	    state->state = FAILED;
-	    return -2;
-	}
+        /*
+         * This is the path that should be followed for non-blocking
+         * connections.
+         */
+        if (SOCKET_ERRNO == EINPROGRESS || SOCKET_ERRNO == EWOULDBLOCK) {
+            state->state = CONNECTING;
+            state->fd = fd;
+        } else {
+            dprint("connect failed: %m\n", SOCKET_ERRNO);
+            (void) closesocket(fd);
+            state->err = SOCKET_ERRNO;
+            state->state = FAILED;
+            return -2;
+        }
     } else {
-	/*
-	 * Connect returned zero even though we tried to make it
-	 * non-blocking, which should have caused it to return before
-	 * finishing the connection.  Oh well.  Someone's network
-	 * stack is broken, but if they gave us a connection, use it.
-	 */
-	state->state = WRITING;
-	state->fd = fd;
+        /*
+         * Connect returned zero even though we tried to make it
+         * non-blocking, which should have caused it to return before
+         * finishing the connection.  Oh well.  Someone's network
+         * stack is broken, but if they gave us a connection, use it.
+         */
+        state->state = WRITING;
+        state->fd = fd;
     }
     dprint("new state = %s\n", state_strings[state->state]);
 
@@ -716,68 +717,68 @@ start_connection (struct conn_state *state,
      */
     if (callback_info) {
 
-	e = callback_info->pfn_callback(state, 
-					callback_info->context, 
-					callback_buffer);
-	if (e != 0) {
-	    dprint("callback failed: %m\n", e);
-	    (void) closesocket(fd);
-	    state->err = e;
-	    state->fd = INVALID_SOCKET;
-	    state->state = FAILED;
-	    return -3;
-	}
-
-	dprint("callback %p (message=%d@%p)\n", 
-	       state,
-	       callback_buffer->length, 
-	       callback_buffer->data);
-
-	set_conn_state_msg_length( state, callback_buffer );
+        e = callback_info->pfn_callback(state,
+                                        callback_info->context,
+                                        callback_buffer);
+        if (e != 0) {
+            dprint("callback failed: %m\n", e);
+            (void) closesocket(fd);
+            state->err = e;
+            state->fd = INVALID_SOCKET;
+            state->state = FAILED;
+            return -3;
+        }
+
+        dprint("callback %p (message=%d@%p)\n",
+               state,
+               callback_buffer->length,
+               callback_buffer->data);
+
+        set_conn_state_msg_length( state, callback_buffer );
     }
 
     if (ai->ai_socktype == SOCK_DGRAM) {
-	/* Send it now.  */
-	int ret;
-	sg_buf *sg = &state->x.out.sgbuf[0];
-
-	dprint("sending %d bytes on fd %d\n", SG_LEN(sg), state->fd);
-	ret = send(state->fd, SG_BUF(sg), SG_LEN(sg), 0);
-	if (ret != SG_LEN(sg)) {
-	    dperror("sendto");
-	    (void) closesocket(state->fd);
-	    state->fd = INVALID_SOCKET;
-	    state->state = FAILED;
-	    return -4;
-	} else {
-	    state->state = READING;
-	}
+        /* Send it now.  */
+        int ret;
+        sg_buf *sg = &state->x.out.sgbuf[0];
+
+        dprint("sending %d bytes on fd %d\n", SG_LEN(sg), state->fd);
+        ret = send(state->fd, SG_BUF(sg), SG_LEN(sg), 0);
+        if (ret != SG_LEN(sg)) {
+            dperror("sendto");
+            (void) closesocket(state->fd);
+            state->fd = INVALID_SOCKET;
+            state->state = FAILED;
+            return -4;
+        } else {
+            state->state = READING;
+        }
     }
 #ifdef DEBUG
     if (debug) {
-	struct sockaddr_storage ss;
-	socklen_t sslen = sizeof(ss);
-	if (getsockname(state->fd, (struct sockaddr *)&ss, &sslen) == 0) {
-	    struct addrinfo hack_ai;
-	    memset(&hack_ai, 0, sizeof(hack_ai));
-	    hack_ai.ai_addr = (struct sockaddr *) &ss;
-	    hack_ai.ai_addrlen = sslen;
-	    hack_ai.ai_socktype = SOCK_DGRAM;
-	    hack_ai.ai_family = ai->ai_family;
-	    dprint("local socket address is %A\n", &hack_ai);
-	}
+        struct sockaddr_storage ss;
+        socklen_t sslen = sizeof(ss);
+        if (getsockname(state->fd, (struct sockaddr *)&ss, &sslen) == 0) {
+            struct addrinfo hack_ai;
+            memset(&hack_ai, 0, sizeof(hack_ai));
+            hack_ai.ai_addr = (struct sockaddr *) &ss;
+            hack_ai.ai_addrlen = sslen;
+            hack_ai.ai_socktype = SOCK_DGRAM;
+            hack_ai.ai_family = ai->ai_family;
+            dprint("local socket address is %A\n", &hack_ai);
+        }
     }
 #endif
     FD_SET(state->fd, &selstate->rfds);
     if (state->state == CONNECTING || state->state == WRITING)
-	FD_SET(state->fd, &selstate->wfds);
+        FD_SET(state->fd, &selstate->wfds);
     FD_SET(state->fd, &selstate->xfds);
     if (selstate->max <= state->fd)
-	selstate->max = state->fd + 1;
+        selstate->max = state->fd + 1;
     selstate->nfds++;
 
     dprint("new select vectors: %F\n",
-	   &selstate->rfds, &selstate->wfds, &selstate->xfds, selstate->max);
+           &selstate->rfds, &selstate->wfds, &selstate->xfds, selstate->max);
 
     return 0;
 }
@@ -787,30 +788,30 @@ start_connection (struct conn_state *state,
    Otherwise, the caller should immediately move on to process the
    next connection.  */
 static int
-maybe_send (struct conn_state *conn, 
-	    struct select_state *selstate, 
-	    struct sendto_callback_info* callback_info,
-	    krb5_data* callback_buffer)
+maybe_send (struct conn_state *conn,
+            struct select_state *selstate,
+            struct sendto_callback_info* callback_info,
+            krb5_data* callback_buffer)
 {
     sg_buf *sg;
 
     dprint("maybe_send(@%p) state=%s type=%s\n", conn,
-	   state_strings[conn->state],
-	   conn->is_udp ? "udp" : "tcp");
+           state_strings[conn->state],
+           conn->is_udp ? "udp" : "tcp");
     if (conn->state == INITIALIZING)
-	return start_connection(conn, selstate, callback_info, callback_buffer);
+        return start_connection(conn, selstate, callback_info, callback_buffer);
 
     /* Did we already shut down this channel?  */
     if (conn->state == FAILED) {
-	dprint("connection already closed\n");
-	return -1;
+        dprint("connection already closed\n");
+        return -1;
     }
 
     if (conn->addr->ai_socktype == SOCK_STREAM) {
-	dprint("skipping stream socket\n");
-	/* The select callback will handle flushing any data we
-	   haven't written yet, and we only write it once.  */
-	return -1;
+        dprint("skipping stream socket\n");
+        /* The select callback will handle flushing any data we
+           haven't written yet, and we only write it once.  */
+        return -1;
     }
 
     /* UDP - Send message, possibly for the first time, possibly a
@@ -818,12 +819,12 @@ maybe_send (struct conn_state *conn,
     sg = &conn->x.out.sgbuf[0];
     dprint("sending %d bytes on fd %d\n", SG_LEN(sg), conn->fd);
     if (send(conn->fd, SG_BUF(sg), SG_LEN(sg), 0) != SG_LEN(sg)) {
-	dperror("send");
-	/* Keep connection alive, we'll try again next pass.
+        dperror("send");
+        /* Keep connection alive, we'll try again next pass.
 
-	   Is this likely to catch any errors we didn't get from the
-	   select callbacks?  */
-	return -1;
+           Is this likely to catch any errors we didn't get from the
+           select callbacks?  */
+        return -1;
     }
     /* Yay, it worked.  */
     return 0;
@@ -841,12 +842,12 @@ kill_conn(struct conn_state *conn, struct select_state *selstate, int err)
     dprint("abandoning connection %d: %m\n", conn->fd, err);
     /* Fix up max fd for next select call.  */
     if (selstate->max == 1 + conn->fd) {
-	while (selstate->max > 0
-	       && ! FD_ISSET(selstate->max-1, &selstate->rfds)
-	       && ! FD_ISSET(selstate->max-1, &selstate->wfds)
-	       && ! FD_ISSET(selstate->max-1, &selstate->xfds))
-	    selstate->max--;
-	dprint("new max_fd + 1 is %d\n", selstate->max);
+        while (selstate->max > 0
+               && ! FD_ISSET(selstate->max-1, &selstate->rfds)
+               && ! FD_ISSET(selstate->max-1, &selstate->wfds)
+               && ! FD_ISSET(selstate->max-1, &selstate->xfds))
+            selstate->max--;
+        dprint("new max_fd + 1 is %d\n", selstate->max);
     }
     selstate->nfds--;
 }
@@ -862,10 +863,10 @@ get_so_error(int fd)
     sockerrlen = sizeof(sockerr);
     e = getsockopt(fd, SOL_SOCKET, SO_ERROR, &sockerr, &sockerrlen);
     if (e != 0) {
-	/* What to do now?  */
-	e = SOCKET_ERRNO;
-	dprint("getsockopt(SO_ERROR) on fd failed: %m\n", e);
-	return e;
+        /* What to do now?  */
+        e = SOCKET_ERRNO;
+        dprint("getsockopt(SO_ERROR) on fd failed: %m\n", e);
+        return e;
     }
     return sockerr;
 }
@@ -876,188 +877,188 @@ get_so_error(int fd)
 
 static int
 service_tcp_fd (struct conn_state *conn, struct select_state *selstate,
-		int ssflags)
+                int ssflags)
 {
     krb5_error_code e = 0;
     int nwritten, nread;
 
     if (!(ssflags & (SSF_READ|SSF_WRITE|SSF_EXCEPTION)))
-	abort();
+        abort();
     switch (conn->state) {
-	SOCKET_WRITEV_TEMP tmp;
+        SOCKET_WRITEV_TEMP tmp;
 
     case CONNECTING:
-	if (ssflags & SSF_READ) {
-	    /* Bad -- the KDC shouldn't be sending to us first.  */
-	    e = EINVAL /* ?? */;
-	kill_conn:
-	    kill_conn(conn, selstate, e);
-	    if (e == EINVAL) {
-		closesocket(conn->fd);
-		conn->fd = INVALID_SOCKET;
-	    }
-	    return e == 0;
-	}
-	if (ssflags & SSF_EXCEPTION) {
-	handle_exception:
-	    e = get_so_error(conn->fd);
-	    if (e)
-		dprint("socket error on exception fd: %m", e);
-	    else
-		dprint("no socket error info available on exception fd");
-	    goto kill_conn;
-	}
-
-	/*
-	 * Connect finished -- but did it succeed or fail?
-	 * UNIX sets can_write if failed.
-	 * Call getsockopt to see if error pending.
-	 *
-	 * (For most UNIX systems it works to just try writing the
-	 * first time and detect an error.  But Bill Dodd at IBM
-	 * reports that some version of AIX, SIGPIPE can result.)
-	 */
-	e = get_so_error(conn->fd);
-	if (e) {
-	    dprint("socket error on write fd: %m", e);
-	    goto kill_conn;
-	}
-	conn->state = WRITING;
-	goto try_writing;
+        if (ssflags & SSF_READ) {
+            /* Bad -- the KDC shouldn't be sending to us first.  */
+            e = EINVAL /* ?? */;
+        kill_conn:
+            kill_conn(conn, selstate, e);
+            if (e == EINVAL) {
+                closesocket(conn->fd);
+                conn->fd = INVALID_SOCKET;
+            }
+            return e == 0;
+        }
+        if (ssflags & SSF_EXCEPTION) {
+        handle_exception:
+            e = get_so_error(conn->fd);
+            if (e)
+                dprint("socket error on exception fd: %m", e);
+            else
+                dprint("no socket error info available on exception fd");
+            goto kill_conn;
+        }
+
+        /*
+         * Connect finished -- but did it succeed or fail?
+         * UNIX sets can_write if failed.
+         * Call getsockopt to see if error pending.
+         *
+         * (For most UNIX systems it works to just try writing the
+         * first time and detect an error.  But Bill Dodd at IBM
+         * reports that some version of AIX, SIGPIPE can result.)
+         */
+        e = get_so_error(conn->fd);
+        if (e) {
+            dprint("socket error on write fd: %m", e);
+            goto kill_conn;
+        }
+        conn->state = WRITING;
+        goto try_writing;
 
     case WRITING:
-	if (ssflags & SSF_READ) {
-	    e = E2BIG;
-	    /* Bad -- the KDC shouldn't be sending anything yet.  */
-	    goto kill_conn;
-	}
-	if (ssflags & SSF_EXCEPTION)
-	    goto handle_exception;
+        if (ssflags & SSF_READ) {
+            e = E2BIG;
+            /* Bad -- the KDC shouldn't be sending anything yet.  */
+            goto kill_conn;
+        }
+        if (ssflags & SSF_EXCEPTION)
+            goto handle_exception;
 
     try_writing:
-	dprint("trying to writev %d (%d bytes) to fd %d\n",
-	       conn->x.out.sg_count,
-	       ((conn->x.out.sg_count == 2 ? SG_LEN(&conn->x.out.sgp[1]) : 0)
-		+ SG_LEN(&conn->x.out.sgp[0])),
-	       conn->fd);
-	nwritten = SOCKET_WRITEV(conn->fd, conn->x.out.sgp,
-				 conn->x.out.sg_count, tmp);
-	if (nwritten < 0) {
-	    e = SOCKET_ERRNO;
-	    dprint("failed: %m\n", e);
-	    goto kill_conn;
-	}
-	dprint("wrote %d bytes\n", nwritten);
-	while (nwritten) {
-	    sg_buf *sgp = conn->x.out.sgp;
-	    if (nwritten < SG_LEN(sgp)) {
-		SG_ADVANCE(sgp, nwritten);
-		nwritten = 0;
-	    } else {
-		nwritten -= SG_LEN(conn->x.out.sgp);
-		conn->x.out.sgp++;
-		conn->x.out.sg_count--;
-		if (conn->x.out.sg_count == 0 && nwritten != 0)
-		    /* Wrote more than we wanted to?  */
-		    abort();
-	    }
-	}
-	if (conn->x.out.sg_count == 0) {
-	    /* Done writing, switch to reading.  */
-	    /* Don't call shutdown at this point because
-	     * some implementations cannot deal with half-closed connections.*/
-	    FD_CLR(conn->fd, &selstate->wfds);
-	    /* Q: How do we detect failures to send the remaining data
-	       to the remote side, since we're in non-blocking mode?
-	       Will we always get errors on the reading side?  */
-	    dprint("switching fd %d to READING\n", conn->fd);
-	    conn->state = READING;
-	    conn->x.in.bufsizebytes_read = 0;
-	    conn->x.in.bufsize = 0;
-	    conn->x.in.buf = 0;
-	    conn->x.in.pos = 0;
-	    conn->x.in.n_left = 0;
-	}
-	return 0;
+        dprint("trying to writev %d (%d bytes) to fd %d\n",
+               conn->x.out.sg_count,
+               ((conn->x.out.sg_count == 2 ? SG_LEN(&conn->x.out.sgp[1]) : 0)
+                + SG_LEN(&conn->x.out.sgp[0])),
+               conn->fd);
+        nwritten = SOCKET_WRITEV(conn->fd, conn->x.out.sgp,
+                                 conn->x.out.sg_count, tmp);
+        if (nwritten < 0) {
+            e = SOCKET_ERRNO;
+            dprint("failed: %m\n", e);
+            goto kill_conn;
+        }
+        dprint("wrote %d bytes\n", nwritten);
+        while (nwritten) {
+            sg_buf *sgp = conn->x.out.sgp;
+            if (nwritten < SG_LEN(sgp)) {
+                SG_ADVANCE(sgp, nwritten);
+                nwritten = 0;
+            } else {
+                nwritten -= SG_LEN(conn->x.out.sgp);
+                conn->x.out.sgp++;
+                conn->x.out.sg_count--;
+                if (conn->x.out.sg_count == 0 && nwritten != 0)
+                    /* Wrote more than we wanted to?  */
+                    abort();
+            }
+        }
+        if (conn->x.out.sg_count == 0) {
+            /* Done writing, switch to reading.  */
+            /* Don't call shutdown at this point because
+             * some implementations cannot deal with half-closed connections.*/
+            FD_CLR(conn->fd, &selstate->wfds);
+            /* Q: How do we detect failures to send the remaining data
+               to the remote side, since we're in non-blocking mode?
+               Will we always get errors on the reading side?  */
+            dprint("switching fd %d to READING\n", conn->fd);
+            conn->state = READING;
+            conn->x.in.bufsizebytes_read = 0;
+            conn->x.in.bufsize = 0;
+            conn->x.in.buf = 0;
+            conn->x.in.pos = 0;
+            conn->x.in.n_left = 0;
+        }
+        return 0;
 
     case READING:
-	if (ssflags & SSF_EXCEPTION) {
-	    if (conn->x.in.buf) {
-		free(conn->x.in.buf);
-		conn->x.in.buf = 0;
-	    }
-	    goto handle_exception;
-	}
-
-	if (conn->x.in.bufsizebytes_read == 4) {
-	    /* Reading data.  */
-	    dprint("reading %d bytes of data from fd %d\n",
-		   (int) conn->x.in.n_left, conn->fd);
-	    nread = SOCKET_READ(conn->fd, conn->x.in.pos, conn->x.in.n_left);
-	    if (nread <= 0) {
-		e = nread ? SOCKET_ERRNO : ECONNRESET;
-		free(conn->x.in.buf);
-		conn->x.in.buf = 0;
-		goto kill_conn;
-	    }
-	    conn->x.in.n_left -= nread;
-	    conn->x.in.pos += nread;
-	    if (conn->x.in.n_left <= 0) {
-		/* We win!  */
-		return 1;
-	    }
-	} else {
-	    /* Reading length.  */
-	    nread = SOCKET_READ(conn->fd,
-				conn->x.in.bufsizebytes + conn->x.in.bufsizebytes_read,
-				4 - conn->x.in.bufsizebytes_read);
-	    if (nread < 0) {
-		e = SOCKET_ERRNO;
-		goto kill_conn;
-	    }
-	    conn->x.in.bufsizebytes_read += nread;
-	    if (conn->x.in.bufsizebytes_read == 4) {
-		unsigned long len = load_32_be (conn->x.in.bufsizebytes);
-		dprint("received length on fd %d is %d\n", conn->fd, (int)len);
-		/* Arbitrary 1M cap.  */
-		if (len > 1 * 1024 * 1024) {
-		    e = E2BIG;
-		    goto kill_conn;
-		}
-		conn->x.in.bufsize = conn->x.in.n_left = len;
-		conn->x.in.buf = conn->x.in.pos = malloc(len);
-		dprint("allocated %d byte buffer at %p\n", (int) len,
-		       conn->x.in.buf);
-		if (conn->x.in.buf == 0) {
-		    /* allocation failure */
-		    e = ENOMEM;
-		    goto kill_conn;
-		}
-	    }
-	}
-	break;
+        if (ssflags & SSF_EXCEPTION) {
+            if (conn->x.in.buf) {
+                free(conn->x.in.buf);
+                conn->x.in.buf = 0;
+            }
+            goto handle_exception;
+        }
+
+        if (conn->x.in.bufsizebytes_read == 4) {
+            /* Reading data.  */
+            dprint("reading %d bytes of data from fd %d\n",
+                   (int) conn->x.in.n_left, conn->fd);
+            nread = SOCKET_READ(conn->fd, conn->x.in.pos, conn->x.in.n_left);
+            if (nread <= 0) {
+                e = nread ? SOCKET_ERRNO : ECONNRESET;
+                free(conn->x.in.buf);
+                conn->x.in.buf = 0;
+                goto kill_conn;
+            }
+            conn->x.in.n_left -= nread;
+            conn->x.in.pos += nread;
+            if (conn->x.in.n_left <= 0) {
+                /* We win!  */
+                return 1;
+            }
+        } else {
+            /* Reading length.  */
+            nread = SOCKET_READ(conn->fd,
+                                conn->x.in.bufsizebytes + conn->x.in.bufsizebytes_read,
+                                4 - conn->x.in.bufsizebytes_read);
+            if (nread < 0) {
+                e = SOCKET_ERRNO;
+                goto kill_conn;
+            }
+            conn->x.in.bufsizebytes_read += nread;
+            if (conn->x.in.bufsizebytes_read == 4) {
+                unsigned long len = load_32_be (conn->x.in.bufsizebytes);
+                dprint("received length on fd %d is %d\n", conn->fd, (int)len);
+                /* Arbitrary 1M cap.  */
+                if (len > 1 * 1024 * 1024) {
+                    e = E2BIG;
+                    goto kill_conn;
+                }
+                conn->x.in.bufsize = conn->x.in.n_left = len;
+                conn->x.in.buf = conn->x.in.pos = malloc(len);
+                dprint("allocated %d byte buffer at %p\n", (int) len,
+                       conn->x.in.buf);
+                if (conn->x.in.buf == 0) {
+                    /* allocation failure */
+                    e = ENOMEM;
+                    goto kill_conn;
+                }
+            }
+        }
+        break;
 
     default:
-	abort();
+        abort();
     }
     return 0;
 }
 
 static int
 service_udp_fd(struct conn_state *conn, struct select_state *selstate,
-	       int ssflags)
+               int ssflags)
 {
     int nread;
 
     if (!(ssflags & (SSF_READ|SSF_EXCEPTION)))
-	abort();
+        abort();
     if (conn->state != READING)
-	abort();
+        abort();
 
     nread = recv(conn->fd, conn->x.in.buf, conn->x.in.bufsize, 0);
     if (nread < 0) {
-	kill_conn(conn, selstate, SOCKET_ERRNO);
-	return 0;
+        kill_conn(conn, selstate, SOCKET_ERRNO);
+        return 0;
     }
     conn->x.in.pos = conn->x.in.buf + nread;
     return 1;
@@ -1065,77 +1066,77 @@ service_udp_fd(struct conn_state *conn, struct select_state *selstate,
 
 static int
 service_fds (krb5_context context,
-	     struct select_state *selstate,
-	     struct conn_state *conns, size_t n_conns, int *winning_conn,
-	     struct select_state *seltemp,
-	     int (*msg_handler)(krb5_context, const krb5_data *, void *),
-	     void *msg_handler_data)
+             struct select_state *selstate,
+             struct conn_state *conns, size_t n_conns, int *winning_conn,
+             struct select_state *seltemp,
+             int (*msg_handler)(krb5_context, const krb5_data *, void *),
+             void *msg_handler_data)
 {
     int e, selret;
 
     e = 0;
     while (selstate->nfds > 0) {
-	unsigned int i;
-
-	e = krb5int_cm_call_select(selstate, seltemp, &selret);
-	if (e == EINTR)
-	    continue;
-	if (e != 0)
-	    break;
-
-	dprint("service_fds examining results, selret=%d\n", selret);
-
-	if (selret == 0)
-	    /* Timeout, return to caller.  */
-	    return 0;
-
-	/* Got something on a socket, process it.  */
-	for (i = 0; i <= (unsigned int)selstate->max && selret > 0 && i < n_conns; i++) {
-	    int ssflags;
-
-	    if (conns[i].fd == INVALID_SOCKET)
-		continue;
-	    ssflags = 0;
-	    if (FD_ISSET(conns[i].fd, &seltemp->rfds))
-		ssflags |= SSF_READ, selret--;
-	    if (FD_ISSET(conns[i].fd, &seltemp->wfds))
-		ssflags |= SSF_WRITE, selret--;
-	    if (FD_ISSET(conns[i].fd, &seltemp->xfds))
-		ssflags |= SSF_EXCEPTION, selret--;
-	    if (!ssflags)
-		continue;
-
-	    dprint("handling flags '%s%s%s' on fd %d (%A) in state %s\n",
-		   (ssflags & SSF_READ) ? "r" : "",
-		   (ssflags & SSF_WRITE) ? "w" : "",
-		   (ssflags & SSF_EXCEPTION) ? "x" : "",
-		   conns[i].fd, conns[i].addr,
-		   state_strings[(int) conns[i].state]);
-
-	    if (conns[i].service (&conns[i], selstate, ssflags)) {
-		int stop = 1;
-
-		if (msg_handler != NULL) {
-		    krb5_data reply;
-
-		    reply.data = conns[i].x.in.buf;
-		    reply.length = conns[i].x.in.pos - conns[i].x.in.buf;
-
-		    stop = (msg_handler(context, &reply, msg_handler_data) != 0);
-		}
-
-		if (stop) {
-		    dprint("fd service routine says we're done\n");
-		    *winning_conn = i;
-		    return 1;
-		}
-	    }
-	}
+        unsigned int i;
+
+        e = krb5int_cm_call_select(selstate, seltemp, &selret);
+        if (e == EINTR)
+            continue;
+        if (e != 0)
+            break;
+
+        dprint("service_fds examining results, selret=%d\n", selret);
+
+        if (selret == 0)
+            /* Timeout, return to caller.  */
+            return 0;
+
+        /* Got something on a socket, process it.  */
+        for (i = 0; i <= (unsigned int)selstate->max && selret > 0 && i < n_conns; i++) {
+            int ssflags;
+
+            if (conns[i].fd == INVALID_SOCKET)
+                continue;
+            ssflags = 0;
+            if (FD_ISSET(conns[i].fd, &seltemp->rfds))
+                ssflags |= SSF_READ, selret--;
+            if (FD_ISSET(conns[i].fd, &seltemp->wfds))
+                ssflags |= SSF_WRITE, selret--;
+            if (FD_ISSET(conns[i].fd, &seltemp->xfds))
+                ssflags |= SSF_EXCEPTION, selret--;
+            if (!ssflags)
+                continue;
+
+            dprint("handling flags '%s%s%s' on fd %d (%A) in state %s\n",
+                   (ssflags & SSF_READ) ? "r" : "",
+                   (ssflags & SSF_WRITE) ? "w" : "",
+                   (ssflags & SSF_EXCEPTION) ? "x" : "",
+                   conns[i].fd, conns[i].addr,
+                   state_strings[(int) conns[i].state]);
+
+            if (conns[i].service (&conns[i], selstate, ssflags)) {
+                int stop = 1;
+
+                if (msg_handler != NULL) {
+                    krb5_data reply;
+
+                    reply.data = conns[i].x.in.buf;
+                    reply.length = conns[i].x.in.pos - conns[i].x.in.buf;
+
+                    stop = (msg_handler(context, &reply, msg_handler_data) != 0);
+                }
+
+                if (stop) {
+                    dprint("fd service routine says we're done\n");
+                    *winning_conn = i;
+                    return 1;
+                }
+            }
+        }
     }
     if (e != 0) {
-	dprint("select returned %m\n", e);
-	*winning_conn = -1;
-	return 1;
+        dprint("select returned %m\n", e);
+        *winning_conn = -1;
+        return 1;
     }
     return 0;
 }
@@ -1165,13 +1166,13 @@ service_fds (krb5_context context,
 krb5_error_code
 krb5int_sendto (krb5_context context, const krb5_data *message,
                 const struct addrlist *addrs,
-		struct sendto_callback_info* callback_info, krb5_data *reply,
-		struct sockaddr *localaddr, socklen_t *localaddrlen,
+                struct sendto_callback_info* callback_info, krb5_data *reply,
+                struct sockaddr *localaddr, socklen_t *localaddrlen,
                 struct sockaddr *remoteaddr, socklen_t *remoteaddrlen,
-		int *addr_used,
-		/* return 0 -> keep going, 1 -> quit */
-		int (*msg_handler)(krb5_context, const krb5_data *, void *),
-		void *msg_handler_data)
+                int *addr_used,
+                /* return 0 -> keep going, 1 -> quit */
+                int (*msg_handler)(krb5_context, const krb5_data *, void *),
+                void *msg_handler_data)
 {
     unsigned int i;
     int pass;
@@ -1186,9 +1187,9 @@ krb5int_sendto (krb5_context context, const krb5_data *message,
     char *udpbuf = NULL;
 
     if (message)
-	dprint("krb5int_sendto(message=%d@%p, addrlist=", message->length, message->data);
+        dprint("krb5int_sendto(message=%d@%p, addrlist=", message->length, message->data);
     else
-	dprint("krb5int_sendto(callback=%p, addrlist=", callback_info);
+        dprint("krb5int_sendto(callback=%p, addrlist=", callback_info);
     print_addrlist(addrs);
     dprint(")\n");
 
@@ -1197,25 +1198,25 @@ krb5int_sendto (krb5_context context, const krb5_data *message,
 
     conns = calloc(addrs->naddrs, sizeof(struct conn_state));
     if (conns == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     if (callback_info) {
-	callback_data = calloc(addrs->naddrs, sizeof(krb5_data));
-	if (callback_data == NULL) {
-	    retval = ENOMEM;
-	    goto egress;
-	}
+        callback_data = calloc(addrs->naddrs, sizeof(krb5_data));
+        if (callback_data == NULL) {
+            retval = ENOMEM;
+            goto egress;
+        }
     }
 
     for (i = 0; i < addrs->naddrs; i++)
-	conns[i].fd = INVALID_SOCKET;
+        conns[i].fd = INVALID_SOCKET;
 
     /* One for use here, listing all our fds in use, and one for
        temporary use in service_fds, for the fds of interest.  */
     sel_state = malloc(2 * sizeof(*sel_state));
     if (sel_state == NULL) {
-	retval = ENOMEM;
-	goto egress;
+        retval = ENOMEM;
+        goto egress;
     }
     sel_state->max = 0;
     sel_state->nfds = 0;
@@ -1227,100 +1228,100 @@ krb5int_sendto (krb5_context context, const krb5_data *message,
 
     /* Set up connections.  */
     for (host = 0; host < addrs->naddrs; host++) {
-	setup_connection(&conns[host], addrs->addrs[host].ai, message,
-			 &udpbuf);
+        setup_connection(&conns[host], addrs->addrs[host].ai, message,
+                         &udpbuf);
     }
     n_conns = addrs->naddrs;
     for (pass = 0; pass < MAX_PASS; pass++) {
-	/* Possible optimization: Make only one pass if TCP only.
-	   Stop making passes if all UDP ports are closed down.  */
-	dprint("pass %d delay=%d\n", pass, delay_this_pass);
-	for (host = 0; host < n_conns; host++) {
-	    dprint("host %d\n", host);
-
-	    /* Send to the host, wait for a response, then move on. */
-	    if (maybe_send(&conns[host], 
-			   sel_state,
-			   callback_info,
-			   (callback_info ? &callback_data[host] : NULL)))
-		continue;
-
-	    retval = getcurtime(&now);
-	    if (retval)
-		goto egress;
-	    sel_state->end_time = now;
-	    sel_state->end_time.tv_sec += 1;
-	    e = service_fds(context, sel_state, conns, host+1, &winning_conn,
-			    sel_state+1, msg_handler, msg_handler_data);
-	    if (e)
-		break;
-	    if (pass > 0 && sel_state->nfds == 0)
-		/*
-		 * After the first pass, if we close all fds, break
-		 * out right away.  During the first pass, it's okay,
-		 * we're probably about to open another connection.
-		 */
-		break;
-	}
-	if (e)
-	    break;
-	retval = getcurtime(&now);
-	if (retval)
-	    goto egress;
-	/* Possible optimization: Find a way to integrate this select
-	   call with the last one from the above loop, if the loop
-	   actually calls select.  */
-	sel_state->end_time.tv_sec += delay_this_pass;
-	e = service_fds(context, sel_state, conns, host+1, &winning_conn,
-		        sel_state+1, msg_handler, msg_handler_data);
-	if (e)
-	    break;
-	if (sel_state->nfds == 0)
-	    break;
-	delay_this_pass *= 2;
+        /* Possible optimization: Make only one pass if TCP only.
+           Stop making passes if all UDP ports are closed down.  */
+        dprint("pass %d delay=%d\n", pass, delay_this_pass);
+        for (host = 0; host < n_conns; host++) {
+            dprint("host %d\n", host);
+
+            /* Send to the host, wait for a response, then move on. */
+            if (maybe_send(&conns[host],
+                           sel_state,
+                           callback_info,
+                           (callback_info ? &callback_data[host] : NULL)))
+                continue;
+
+            retval = getcurtime(&now);
+            if (retval)
+                goto egress;
+            sel_state->end_time = now;
+            sel_state->end_time.tv_sec += 1;
+            e = service_fds(context, sel_state, conns, host+1, &winning_conn,
+                            sel_state+1, msg_handler, msg_handler_data);
+            if (e)
+                break;
+            if (pass > 0 && sel_state->nfds == 0)
+                /*
+                 * After the first pass, if we close all fds, break
+                 * out right away.  During the first pass, it's okay,
+                 * we're probably about to open another connection.
+                 */
+                break;
+        }
+        if (e)
+            break;
+        retval = getcurtime(&now);
+        if (retval)
+            goto egress;
+        /* Possible optimization: Find a way to integrate this select
+           call with the last one from the above loop, if the loop
+           actually calls select.  */
+        sel_state->end_time.tv_sec += delay_this_pass;
+        e = service_fds(context, sel_state, conns, host+1, &winning_conn,
+                        sel_state+1, msg_handler, msg_handler_data);
+        if (e)
+            break;
+        if (sel_state->nfds == 0)
+            break;
+        delay_this_pass *= 2;
     }
 
     if (sel_state->nfds == 0) {
-	/* No addresses?  */
-	retval = KRB5_KDC_UNREACH;
-	goto egress;
+        /* No addresses?  */
+        retval = KRB5_KDC_UNREACH;
+        goto egress;
     }
     if (e == 0 || winning_conn < 0) {
-	retval = KRB5_KDC_UNREACH;
-	goto egress;
+        retval = KRB5_KDC_UNREACH;
+        goto egress;
     }
     /* Success!  */
     reply->data = conns[winning_conn].x.in.buf;
     reply->length = (conns[winning_conn].x.in.pos
-		     - conns[winning_conn].x.in.buf);
+                     - conns[winning_conn].x.in.buf);
     dprint("returning %d bytes in buffer %p\n",
-	   (int) reply->length, reply->data);
+           (int) reply->length, reply->data);
     retval = 0;
     conns[winning_conn].x.in.buf = 0;
     if (addr_used)
         *addr_used = winning_conn;
     if (localaddr != 0 && localaddrlen != 0 && *localaddrlen > 0)
-	(void) getsockname(conns[winning_conn].fd, localaddr, localaddrlen);
+        (void) getsockname(conns[winning_conn].fd, localaddr, localaddrlen);
 
-	if (remoteaddr != 0 && remoteaddrlen != 0 && *remoteaddrlen > 0)
-	(void) getpeername(conns[winning_conn].fd, remoteaddr, remoteaddrlen);
+    if (remoteaddr != 0 && remoteaddrlen != 0 && *remoteaddrlen > 0)
+        (void) getpeername(conns[winning_conn].fd, remoteaddr, remoteaddrlen);
 
 egress:
     for (i = 0; i < n_conns; i++) {
-	if (conns[i].fd != INVALID_SOCKET)
-	    closesocket(conns[i].fd);
-	if (conns[i].state == READING && conns[i].x.in.buf != udpbuf)
-	    free(conns[i].x.in.buf);
-	if (callback_info) {
-	    callback_info->pfn_cleanup(callback_info->context,
-				       &callback_data[i]);
-	}
+        if (conns[i].fd != INVALID_SOCKET)
+            closesocket(conns[i].fd);
+        if (conns[i].state == READING && conns[i].x.in.buf != udpbuf)
+            free(conns[i].x.in.buf);
+        if (callback_info) {
+            callback_info->pfn_cleanup(callback_info->context,
+                                       &callback_data[i]);
+        }
     }
 
     free(callback_data);
     free(conns);
     if (reply->data != udpbuf)
-	free(udpbuf);
+        free(udpbuf);
     free(sel_state);
     return retval;
 }
diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c
index ee4f3bc11..8bd823090 100644
--- a/src/lib/krb5/os/sn2princ.c
+++ b/src/lib/krb5/os/sn2princ.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/sn2princ.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Convert a hostname and service name to a principal in the "standard"
  * form.
@@ -53,7 +54,7 @@ maybe_use_reverse_dns (krb5_context context, int defalt)
         return defalt;
 
     if (value == 0)
-	return defalt;
+        return defalt;
 
     use_rdns = _krb5_conf_boolean(value);
     profile_release_string(value);
@@ -75,57 +76,57 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
 #endif
 
     if ((type == KRB5_NT_UNKNOWN) ||
-	(type == KRB5_NT_SRV_HST)) {
-
-	/* if hostname is NULL, use local hostname */
-	if (! hostname) {
-	    if (gethostname(localname, MAXHOSTNAMELEN))
-		return SOCKET_ERRNO;
-	    hostname = localname;
-	}
-
-	/* if sname is NULL, use "host" */
-	if (! sname)
-	    sname = "host";
-
-	/* copy the hostname into non-volatile storage */
-
-	if (type == KRB5_NT_SRV_HST) {
-	    struct addrinfo *ai, hints;
-	    int err;
-	    char hnamebuf[NI_MAXHOST];
-
-	    /* Note that the old code would accept numeric addresses,
-	       and if the gethostbyaddr step could convert them to
-	       real hostnames, you could actually get reasonable
-	       results.  If the mapping failed, you'd get dotted
-	       triples as realm names.  *sigh*
-
-	       The latter has been fixed in hst_realm.c, but we should
-	       keep supporting numeric addresses if they do have
-	       hostnames associated.  */
-
-	    memset(&hints, 0, sizeof(hints));
-	    hints.ai_family = AF_INET;
-	    hints.ai_flags = AI_CANONNAME;
-	try_getaddrinfo_again:
-	    err = getaddrinfo(hostname, 0, &hints, &ai);
-	    if (err) {
+        (type == KRB5_NT_SRV_HST)) {
+
+        /* if hostname is NULL, use local hostname */
+        if (! hostname) {
+            if (gethostname(localname, MAXHOSTNAMELEN))
+                return SOCKET_ERRNO;
+            hostname = localname;
+        }
+
+        /* if sname is NULL, use "host" */
+        if (! sname)
+            sname = "host";
+
+        /* copy the hostname into non-volatile storage */
+
+        if (type == KRB5_NT_SRV_HST) {
+            struct addrinfo *ai, hints;
+            int err;
+            char hnamebuf[NI_MAXHOST];
+
+            /* Note that the old code would accept numeric addresses,
+               and if the gethostbyaddr step could convert them to
+               real hostnames, you could actually get reasonable
+               results.  If the mapping failed, you'd get dotted
+               triples as realm names.  *sigh*
+
+               The latter has been fixed in hst_realm.c, but we should
+               keep supporting numeric addresses if they do have
+               hostnames associated.  */
+
+            memset(&hints, 0, sizeof(hints));
+            hints.ai_family = AF_INET;
+            hints.ai_flags = AI_CANONNAME;
+        try_getaddrinfo_again:
+            err = getaddrinfo(hostname, 0, &hints, &ai);
+            if (err) {
 #ifdef DEBUG_REFERRALS
-	        printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname);
+                printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname);
 #endif
-		if (hints.ai_family == AF_INET) {
-		    /* Just in case it's an IPv6-only name.  */
-		    hints.ai_family = 0;
-		    goto try_getaddrinfo_again;
-		}
-		return KRB5_ERR_BAD_HOSTNAME;
-	    }
-	    remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname);
-	    if (!remote_host) {
-		freeaddrinfo(ai);
-		return ENOMEM;
-	    }
+                if (hints.ai_family == AF_INET) {
+                    /* Just in case it's an IPv6-only name.  */
+                    hints.ai_family = 0;
+                    goto try_getaddrinfo_again;
+                }
+                return KRB5_ERR_BAD_HOSTNAME;
+            }
+            remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname);
+            if (!remote_host) {
+                freeaddrinfo(ai);
+                return ENOMEM;
+            }
 
             if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
                 /*
@@ -140,7 +141,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
                    preserve the current behavior and only shake things up
                    once when it comes time to fix this lossage.  */
                 err = getnameinfo(ai->ai_addr, ai->ai_addrlen,
-                                   hnamebuf, sizeof(hnamebuf), 0, 0, NI_NAMEREQD);
+                                  hnamebuf, sizeof(hnamebuf), 0, 0, NI_NAMEREQD);
                 freeaddrinfo(ai);
                 if (err == 0) {
                     free(remote_host);
@@ -149,68 +150,67 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
                         return ENOMEM;
                 }
             } else
-		freeaddrinfo(ai);
-	} else /* type == KRB5_NT_UNKNOWN */ {
-	    remote_host = strdup(hostname);
-	}
-	if (!remote_host)
-	    return ENOMEM;
+                freeaddrinfo(ai);
+        } else /* type == KRB5_NT_UNKNOWN */ {
+            remote_host = strdup(hostname);
+        }
+        if (!remote_host)
+            return ENOMEM;
 #ifdef DEBUG_REFERRALS
- 	printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host);
+        printf("sname_to_princ: hostname <%s> after rdns processing\n",remote_host);
 #endif
 
-	if (type == KRB5_NT_SRV_HST)
-	    for (cp = remote_host; *cp; cp++)
-		if (isupper((unsigned char) (*cp)))
-		    *cp = tolower((unsigned char) (*cp));
-
-	/*
-	 * Windows NT5's broken resolver gratuitously tacks on a
-	 * trailing period to the hostname (at least it does in
-	 * Beta2).  Find and remove it.
-	 */
-	if (remote_host[0]) {
-		cp = remote_host + strlen(remote_host)-1;
-		if (*cp == '.')
-			*cp = 0;
-	}
-	
-
-	if ((retval = krb5_get_host_realm(context, remote_host, &hrealms))) {
-	    free(remote_host);
-	    return retval;
-	}
+        if (type == KRB5_NT_SRV_HST)
+            for (cp = remote_host; *cp; cp++)
+                if (isupper((unsigned char) (*cp)))
+                    *cp = tolower((unsigned char) (*cp));
+
+        /*
+         * Windows NT5's broken resolver gratuitously tacks on a
+         * trailing period to the hostname (at least it does in
+         * Beta2).  Find and remove it.
+         */
+        if (remote_host[0]) {
+            cp = remote_host + strlen(remote_host)-1;
+            if (*cp == '.')
+                *cp = 0;
+        }
+
+
+        if ((retval = krb5_get_host_realm(context, remote_host, &hrealms))) {
+            free(remote_host);
+            return retval;
+        }
 
 #ifdef DEBUG_REFERRALS
-	printf("sname_to_princ:  realm <%s> after krb5_get_host_realm\n",hrealms[0]);
+        printf("sname_to_princ:  realm <%s> after krb5_get_host_realm\n",hrealms[0]);
 #endif
 
-	if (!hrealms[0]) {
-	    free(remote_host);
-	    free(hrealms);
-	    return KRB5_ERR_HOST_REALM_UNKNOWN;
-	}
-	realm = hrealms[0];
+        if (!hrealms[0]) {
+            free(remote_host);
+            free(hrealms);
+            return KRB5_ERR_HOST_REALM_UNKNOWN;
+        }
+        realm = hrealms[0];
 
-	retval = krb5_build_principal(context, ret_princ, strlen(realm),
-				      realm, sname, remote_host,
-				      (char *)0);
+        retval = krb5_build_principal(context, ret_princ, strlen(realm),
+                                      realm, sname, remote_host,
+                                      (char *)0);
 
-	krb5_princ_type(context, *ret_princ) = type;
+        krb5_princ_type(context, *ret_princ) = type;
 
 #ifdef DEBUG_REFERRALS
-	printf("krb5_sname_to_principal returning\n");
-	printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n",
-	       realm,sname,remote_host);
-	krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ);
+        printf("krb5_sname_to_principal returning\n");
+        printf("realm: <%s>, sname: <%s>, remote_host: <%s>\n",
+               realm,sname,remote_host);
+        krb5int_dbgref_dump_principal("krb5_sname_to_principal",*ret_princ);
 #endif
 
-	free(remote_host);
+        free(remote_host);
 
-	krb5_free_host_realm(context, hrealms);
-	return retval;
+        krb5_free_host_realm(context, hrealms);
+        return retval;
     } else {
-	return KRB5_SNAME_UNSUPP_NAMETYPE;
+        return KRB5_SNAME_UNSUPP_NAMETYPE;
     }
 }
-
diff --git a/src/lib/krb5/os/t_an_to_ln.c b/src/lib/krb5/os/t_an_to_ln.c
index 93933a477..99ec590cd 100644
--- a/src/lib/krb5/os/t_an_to_ln.c
+++ b/src/lib/krb5/os/t_an_to_ln.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "krb5.h"
 
 #include <stdio.h>
@@ -5,36 +6,36 @@
 int
 main(int argc, char **argv)
 {
-    krb5_error_code	kret;
-    krb5_context	kcontext;
-    krb5_principal	principal;
-    char		*programname;
-    int			i;
-    char		sbuf[1024];
+    krb5_error_code     kret;
+    krb5_context        kcontext;
+    krb5_principal      principal;
+    char                *programname;
+    int                 i;
+    char                sbuf[1024];
 
     programname = argv[0];
     krb5_init_context(&kcontext);
     for (i=1; i < argc; i++) {
-	if (!(kret = krb5_parse_name(kcontext, argv[i], &principal))) {
-	    if (!(kret = krb5_aname_to_localname(kcontext,
-						 principal,
-						 1024,
-						 sbuf))) {
-		printf("%s: aname_to_lname maps %s -> <%s>\n",
-		       programname, argv[i], sbuf);
-	    }
-	    else {
-		printf("%s: aname to lname returns %s for %s\n", programname,
-		       error_message(kret), argv[i]);
-	    }
-	    krb5_free_principal(kcontext, principal);
-	}
-	else {
-	    printf("%s: parse_name returns %s\n", programname,
-		   error_message(kret));
-	}
-	if (kret)
-	    break;
+        if (!(kret = krb5_parse_name(kcontext, argv[i], &principal))) {
+            if (!(kret = krb5_aname_to_localname(kcontext,
+                                                 principal,
+                                                 1024,
+                                                 sbuf))) {
+                printf("%s: aname_to_lname maps %s -> <%s>\n",
+                       programname, argv[i], sbuf);
+            }
+            else {
+                printf("%s: aname to lname returns %s for %s\n", programname,
+                       error_message(kret), argv[i]);
+            }
+            krb5_free_principal(kcontext, principal);
+        }
+        else {
+            printf("%s: parse_name returns %s\n", programname,
+                   error_message(kret));
+        }
+        if (kret)
+            break;
     }
     krb5_free_context(kcontext);
     return((kret) ? 1 : 0);
diff --git a/src/lib/krb5/os/t_gifconf.c b/src/lib/krb5/os/t_gifconf.c
index b0d9b7de2..6ae4b85c4 100644
--- a/src/lib/krb5/os/t_gifconf.c
+++ b/src/lib/krb5/os/t_gifconf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* SIOCGIFCONF:
 
    The behavior of this ioctl varies across systems.
@@ -84,49 +85,49 @@ int main (void) {
 
     sock = socket (AF_INET, SOCK_DGRAM, 0);
     if (sock < 0) {
-	perror ("socket");
-	exit (1);
+        perror ("socket");
+        exit (1);
     }
     printf ("sizeof(struct if_req)=%d\n", sizeof (struct ifreq));
     for (t = 0; t < sizeof (buffer); t++) {
-	ifc.ifc_len = t;
-	ifc.ifc_buf = buffer;
-	memset (buffer, INIT, sizeof (buffer));
-	i = ioctl (sock, SIOCGIFCONF, (char *) &ifc);
-	if (i < 0) {
-	    /* Solaris returns "Invalid argument" if the buffer is too
-	       small.  AIX and Linux return no error indication.  */
-	    int e = errno;
-	    snprintf (buffer, sizeof(buffer), "SIOCGIFCONF(%d)", t);
-	    errno = e;
-	    perror (buffer);
-	    if (e == EINVAL)
-		continue;
-	    fprintf (stderr, "exiting on unexpected error\n");
-	    exit (1);
-	}
-	i = sizeof (buffer) - 1;
-	while (buffer[i] == ((char)INIT) && i >= 0)
-	    i--;
-	if (omod != i) {
-	    /* Okay... the gap computed on the *last* iteration is the
-	       largest for that particular size of returned data.
-	       Save it, and then start computing gaps for the next
-	       bigger size of returned data.  If we never get anything
-	       bigger back, we discard the newer value and only keep
-	       LASTGAP because all we care about is how much slop we
-	       need to "prove" that there really weren't any more
-	       entries to be returned.  */
-	    if (gap > lastgap)
-		lastgap = gap;
-	}
-	gap = t - i - 1;
-	if (olen != ifc.ifc_len || omod != i) {
-	    printf ("ifc_len in = %4d, ifc_len out = %4d, last mod = %4d\n",
-		    t, ifc.ifc_len, i);
-	    olen = ifc.ifc_len;
-	    omod = i;
-	}
+        ifc.ifc_len = t;
+        ifc.ifc_buf = buffer;
+        memset (buffer, INIT, sizeof (buffer));
+        i = ioctl (sock, SIOCGIFCONF, (char *) &ifc);
+        if (i < 0) {
+            /* Solaris returns "Invalid argument" if the buffer is too
+               small.  AIX and Linux return no error indication.  */
+            int e = errno;
+            snprintf (buffer, sizeof(buffer), "SIOCGIFCONF(%d)", t);
+            errno = e;
+            perror (buffer);
+            if (e == EINVAL)
+                continue;
+            fprintf (stderr, "exiting on unexpected error\n");
+            exit (1);
+        }
+        i = sizeof (buffer) - 1;
+        while (buffer[i] == ((char)INIT) && i >= 0)
+            i--;
+        if (omod != i) {
+            /* Okay... the gap computed on the *last* iteration is the
+               largest for that particular size of returned data.
+               Save it, and then start computing gaps for the next
+               bigger size of returned data.  If we never get anything
+               bigger back, we discard the newer value and only keep
+               LASTGAP because all we care about is how much slop we
+               need to "prove" that there really weren't any more
+               entries to be returned.  */
+            if (gap > lastgap)
+                lastgap = gap;
+        }
+        gap = t - i - 1;
+        if (olen != ifc.ifc_len || omod != i) {
+            printf ("ifc_len in = %4d, ifc_len out = %4d, last mod = %4d\n",
+                    t, ifc.ifc_len, i);
+            olen = ifc.ifc_len;
+            omod = i;
+        }
     }
     printf ("finished at ifc_len %d\n", t);
     printf ("largest gap = %d\n", lastgap);
diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c
index 9cc845a82..45fad0176 100644
--- a/src/lib/krb5/os/t_locate_kdc.c
+++ b/src/lib/krb5/os/t_locate_kdc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
@@ -31,14 +32,14 @@ static const char *stypename (int stype)
     static char buf[20];
     switch (stype) {
     case SOCK_STREAM:
-	return "stream";
+        return "stream";
     case SOCK_DGRAM:
-	return "dgram";
+        return "dgram";
     case SOCK_RAW:
-	return "raw";
+        return "raw";
     default:
-	snprintf(buf, sizeof(buf), "?%d", stype);
-	return buf;
+        snprintf(buf, sizeof(buf), "?%d", stype);
+        return buf;
     }
 }
 
@@ -50,19 +51,19 @@ static void print_addrs (void)
 
     printf ("%d addresses:\n", naddrs);
     for (i = 0; i < naddrs; i++) {
-	int err;
-	struct addrinfo *ai = al.addrs[i].ai;
-	char hostbuf[NI_MAXHOST], srvbuf[NI_MAXSERV];
-	err = getnameinfo (ai->ai_addr, ai->ai_addrlen,
-			   hostbuf, sizeof (hostbuf),
-			   srvbuf, sizeof (srvbuf),
-			   NI_NUMERICHOST | NI_NUMERICSERV);
-	if (err)
-	    printf ("%2d: getnameinfo returns error %d=%s\n",
-		    i, err, gai_strerror (err));
-	else
-	    printf ("%2d: address %s\t%s\tport %s\n", i, hostbuf,
-		    stypename (ai->ai_socktype), srvbuf);
+        int err;
+        struct addrinfo *ai = al.addrs[i].ai;
+        char hostbuf[NI_MAXHOST], srvbuf[NI_MAXSERV];
+        err = getnameinfo (ai->ai_addr, ai->ai_addrlen,
+                           hostbuf, sizeof (hostbuf),
+                           srvbuf, sizeof (srvbuf),
+                           NI_NUMERICHOST | NI_NUMERICSERV);
+        if (err)
+            printf ("%2d: getnameinfo returns error %d=%s\n",
+                    i, err, gai_strerror (err));
+        else
+            printf ("%2d: address %s\t%s\tport %s\n", i, hostbuf,
+                    stypename (ai->ai_socktype), srvbuf);
     }
 }
 
@@ -76,52 +77,52 @@ int main (int argc, char *argv[])
 
     p = strrchr (argv[0], '/');
     if (p)
-	prog = p+1;
+        prog = p+1;
     else
-	prog = argv[0];
+        prog = argv[0];
 
     switch (argc) {
     case 2:
-	/* foo $realm */
-	realmname = argv[1];
-	break;
+        /* foo $realm */
+        realmname = argv[1];
+        break;
     case 3:
-	if (!strcmp (argv[1], "-c"))
-	    how = LOOKUP_CONF;
-	else if (!strcmp (argv[1], "-d"))
-	    how = LOOKUP_DNS;
-	else if (!strcmp (argv[1], "-m"))
-	    master = 1;
-	else
-	    goto usage;
-	realmname = argv[2];
-	break;
+        if (!strcmp (argv[1], "-c"))
+            how = LOOKUP_CONF;
+        else if (!strcmp (argv[1], "-d"))
+            how = LOOKUP_DNS;
+        else if (!strcmp (argv[1], "-m"))
+            master = 1;
+        else
+            goto usage;
+        realmname = argv[2];
+        break;
     default:
     usage:
-	fprintf (stderr, "%s: usage: %s [-c | -d | -m] realm\n", prog, prog);
-	return 1;
+        fprintf (stderr, "%s: usage: %s [-c | -d | -m] realm\n", prog, prog);
+        return 1;
     }
 
     err = krb5_init_context (&ctx);
     if (err)
-	kfatal (err);
+        kfatal (err);
 
     realm.data = realmname;
     realm.length = strlen (realmname);
 
     switch (how) {
     case LOOKUP_CONF:
-	err = krb5_locate_srv_conf (ctx, &realm, "kdc", &al, 0,
-				    htons (88), htons (750));
-	break;
+        err = krb5_locate_srv_conf (ctx, &realm, "kdc", &al, 0,
+                                    htons (88), htons (750));
+        break;
 
     case LOOKUP_DNS:
-	err = krb5_locate_srv_dns_1 (&realm, "_kerberos", "_udp", &al, 0);
-	break;
+        err = krb5_locate_srv_dns_1 (&realm, "_kerberos", "_udp", &al, 0);
+        break;
 
     case LOOKUP_WHATEVER:
-	err = krb5_locate_kdc (ctx, &realm, &al, master, 0, 0);
-	break;
+        err = krb5_locate_kdc (ctx, &realm, &al, master, 0, 0);
+        break;
     }
     if (err) kfatal (err);
     print_addrs ();
diff --git a/src/lib/krb5/os/t_realm_iter.c b/src/lib/krb5/os/t_realm_iter.c
index b39693594..397826940 100644
--- a/src/lib/krb5/os/t_realm_iter.c
+++ b/src/lib/krb5/os/t_realm_iter.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "krb5.h"
 
 #include <stdio.h>
@@ -9,19 +10,19 @@ void test_realm_iterator(int ctx)
     void *iter;
 
     if ((retval = krb5_realm_iterator_create(ctx, &iter))) {
-	com_err("krb5_realm_iterator_create", retval, 0);
-	return;
+        com_err("krb5_realm_iterator_create", retval, 0);
+        return;
     }
     while (iter) {
-	if ((retval = krb5_realm_iterator(ctx, &iter, &realm))) {
-	    com_err("krb5_realm_iterator", retval, 0);
-	    krb5_realm_iterator_free(ctx, &iter);
-	    return;
-	}
-	if (realm) {
-	    printf("Realm: '%s'\n", realm);
-	    krb5_free_realm_string(ctx, realm);
-	}
+        if ((retval = krb5_realm_iterator(ctx, &iter, &realm))) {
+            com_err("krb5_realm_iterator", retval, 0);
+            krb5_realm_iterator_free(ctx, &iter);
+            return;
+        }
+        if (realm) {
+            printf("Realm: '%s'\n", realm);
+            krb5_free_realm_string(ctx, realm);
+        }
     }
 }
 
@@ -32,9 +33,9 @@ int main(int argc, char **argv)
 
     retval = krb5_init_context(&ctx);
     if (retval) {
-	fprintf(stderr, "krb5_init_context returned error %ld\n",
-		retval);
-	exit(1);
+        fprintf(stderr, "krb5_init_context returned error %ld\n",
+                retval);
+        exit(1);
     }
 
     test_realm_iterator(ctx);
diff --git a/src/lib/krb5/os/t_std_conf.c b/src/lib/krb5/os/t_std_conf.c
index 04b75d7b8..a3bd795d4 100644
--- a/src/lib/krb5/os/t_std_conf.c
+++ b/src/lib/krb5/os/t_std_conf.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- * t_std_conf.c --- This program tests standard Krb5 routines which pull 
- * 	values from the krb5 config file(s).
+ * t_std_conf.c --- This program tests standard Krb5 routines which pull
+ *      values from the krb5 config file(s).
  */
 
 #include "fake-addrinfo.h"
@@ -19,229 +20,229 @@
 
 static void test_get_default_realm(krb5_context ctx)
 {
-	char	*realm;
-	krb5_error_code	retval;
-	
-	retval = krb5_get_default_realm(ctx, &realm);
-	if (retval) {
-		com_err("krb5_get_default_realm", retval, 0);
-		return;
-	}
-	printf("krb5_get_default_realm() returned '%s'\n", realm);
-	free(realm);
+    char    *realm;
+    krb5_error_code retval;
+
+    retval = krb5_get_default_realm(ctx, &realm);
+    if (retval) {
+        com_err("krb5_get_default_realm", retval, 0);
+        return;
+    }
+    printf("krb5_get_default_realm() returned '%s'\n", realm);
+    free(realm);
 }
 
 static void test_set_default_realm(krb5_context ctx, char *realm)
 {
-	krb5_error_code	retval;
-	
-	retval = krb5_set_default_realm(ctx, realm);
-	if (retval) {
-		com_err("krb5_set_default_realm", retval, 0);
-		return;
-	}
-	printf("krb5_set_default_realm(%s)\n", realm);
+    krb5_error_code retval;
+
+    retval = krb5_set_default_realm(ctx, realm);
+    if (retval) {
+        com_err("krb5_set_default_realm", retval, 0);
+        return;
+    }
+    printf("krb5_set_default_realm(%s)\n", realm);
 }
 
 static void test_get_default_ccname(krb5_context ctx)
 {
-	const char	*ccname;
+    const char      *ccname;
 
-	ccname = krb5_cc_default_name(ctx);
-	if (ccname)
-		printf("krb5_cc_default_name() returned '%s'\n", ccname);
-	else
-		printf("krb5_cc_default_name() returned NULL\n");
+    ccname = krb5_cc_default_name(ctx);
+    if (ccname)
+        printf("krb5_cc_default_name() returned '%s'\n", ccname);
+    else
+        printf("krb5_cc_default_name() returned NULL\n");
 }
 
 static void test_set_default_ccname(krb5_context ctx, char *ccname)
 {
-	krb5_error_code	retval;
-	
-	retval = krb5_cc_set_default_name(ctx, ccname);
-	if (retval) {
-		com_err("krb5_set_default_ccname", retval, 0);
-		return;
-	}
-	printf("krb5_set_default_ccname(%s)\n", ccname);
+    krb5_error_code retval;
+
+    retval = krb5_cc_set_default_name(ctx, ccname);
+    if (retval) {
+        com_err("krb5_set_default_ccname", retval, 0);
+        return;
+    }
+    printf("krb5_set_default_ccname(%s)\n", ccname);
 }
 
 static void test_get_krbhst(krb5_context ctx, char *realm)
 {
-	char **hostlist, **cpp;
-	krb5_data rlm;
-	krb5_error_code	retval;
-
-	rlm.data = realm;
-	rlm.length = strlen(realm);
-	retval = krb5_get_krbhst(ctx, &rlm, &hostlist);
-	if (retval) {
-		com_err("krb5_get_krbhst", retval, 0);
-		return;
-	}
-	printf("krb_get_krbhst(%s) returned:", realm);
-	if (hostlist == 0) {
-		printf(" (null)\n");
-		return;
-	}
-	if (hostlist[0] == 0) {
-		printf(" (none)\n");
-		krb5_free_krbhst(ctx, hostlist);
-		return;
-	}
-	for (cpp = hostlist; *cpp; cpp++) {
-		printf(" '%s'", *cpp);
-	}
-	krb5_free_krbhst(ctx, hostlist);
-	printf("\n");
+    char **hostlist, **cpp;
+    krb5_data rlm;
+    krb5_error_code retval;
+
+    rlm.data = realm;
+    rlm.length = strlen(realm);
+    retval = krb5_get_krbhst(ctx, &rlm, &hostlist);
+    if (retval) {
+        com_err("krb5_get_krbhst", retval, 0);
+        return;
+    }
+    printf("krb_get_krbhst(%s) returned:", realm);
+    if (hostlist == 0) {
+        printf(" (null)\n");
+        return;
+    }
+    if (hostlist[0] == 0) {
+        printf(" (none)\n");
+        krb5_free_krbhst(ctx, hostlist);
+        return;
+    }
+    for (cpp = hostlist; *cpp; cpp++) {
+        printf(" '%s'", *cpp);
+    }
+    krb5_free_krbhst(ctx, hostlist);
+    printf("\n");
 }
 
 static void test_locate_kdc(krb5_context ctx, char *realm)
 {
-    	struct addrlist addrs;
-	int	i;
-	int	get_masters=0;
-	krb5_data rlm;
-	krb5_error_code	retval;
-
-	rlm.data = realm;
-	rlm.length = strlen(realm);
-	retval = krb5_locate_kdc(ctx, &rlm, &addrs, get_masters, 0, 0);
-	if (retval) {
-		com_err("krb5_locate_kdc", retval, 0);
-		return;
-	}
-	printf("krb_locate_kdc(%s) returned:", realm);
-	for (i=0; i < addrs.naddrs; i++) {
-	    struct addrinfo *ai = addrs.addrs[i].ai;
-	    switch (ai->ai_family) {
-	    case AF_INET:
-	    {
-		struct sockaddr_in *s_sin;
-		s_sin = (struct sockaddr_in *) ai->ai_addr;
-		printf(" inet:%s/%d", inet_ntoa(s_sin->sin_addr), 
-		       ntohs(s_sin->sin_port));
-	    }
-	    break;
+    struct addrlist addrs;
+    int     i;
+    int     get_masters=0;
+    krb5_data rlm;
+    krb5_error_code retval;
+
+    rlm.data = realm;
+    rlm.length = strlen(realm);
+    retval = krb5_locate_kdc(ctx, &rlm, &addrs, get_masters, 0, 0);
+    if (retval) {
+        com_err("krb5_locate_kdc", retval, 0);
+        return;
+    }
+    printf("krb_locate_kdc(%s) returned:", realm);
+    for (i=0; i < addrs.naddrs; i++) {
+        struct addrinfo *ai = addrs.addrs[i].ai;
+        switch (ai->ai_family) {
+        case AF_INET:
+        {
+            struct sockaddr_in *s_sin;
+            s_sin = (struct sockaddr_in *) ai->ai_addr;
+            printf(" inet:%s/%d", inet_ntoa(s_sin->sin_addr),
+                   ntohs(s_sin->sin_port));
+        }
+        break;
 #ifdef KRB5_USE_INET6
-	    case AF_INET6:
-	    {
-		struct sockaddr_in6 *s_sin6;
-		int j;
-		s_sin6 = (struct sockaddr_in6 *) ai->ai_addr;
-		printf(" inet6");
-		for (j = 0; j < 8; j++)
-		    printf(":%x",
-			   (s_sin6->sin6_addr.s6_addr[2*j] * 256
-			    + s_sin6->sin6_addr.s6_addr[2*j+1]));
-		printf("/%d", ntohs(s_sin6->sin6_port));
-		break;
-	    }
+        case AF_INET6:
+        {
+            struct sockaddr_in6 *s_sin6;
+            int j;
+            s_sin6 = (struct sockaddr_in6 *) ai->ai_addr;
+            printf(" inet6");
+            for (j = 0; j < 8; j++)
+                printf(":%x",
+                       (s_sin6->sin6_addr.s6_addr[2*j] * 256
+                        + s_sin6->sin6_addr.s6_addr[2*j+1]));
+            printf("/%d", ntohs(s_sin6->sin6_port));
+            break;
+        }
 #endif
-	    default:
-		printf(" unknown-af-%d", ai->ai_family);
-		break;
-	    }
-	}
-	krb5int_free_addrlist(&addrs);
-	printf("\n");
+        default:
+            printf(" unknown-af-%d", ai->ai_family);
+            break;
+        }
+    }
+    krb5int_free_addrlist(&addrs);
+    printf("\n");
 }
 
 static void test_get_host_realm(krb5_context ctx, char *host)
 {
-	char **realms, **cpp;
-	krb5_error_code retval;
-
-	retval = krb5_get_host_realm(ctx, host, &realms);
-	if (retval) {
-		com_err("krb5_get_host_realm", retval, 0);
-		return;
-	}
-	printf("krb_get_host_realm(%s) returned:", host);
-	if (realms == 0) {
-		printf(" (null)\n");
-		return;
-	}
-	if (realms[0] == 0) {
-		printf(" (none)\n");
-		free(realms);
-		return;
-	}
-	for (cpp = realms; *cpp; cpp++) {
-		printf(" '%s'", *cpp);
-		free(*cpp);
-	}
-	free(realms);
-	printf("\n");
+    char **realms, **cpp;
+    krb5_error_code retval;
+
+    retval = krb5_get_host_realm(ctx, host, &realms);
+    if (retval) {
+        com_err("krb5_get_host_realm", retval, 0);
+        return;
+    }
+    printf("krb_get_host_realm(%s) returned:", host);
+    if (realms == 0) {
+        printf(" (null)\n");
+        return;
+    }
+    if (realms[0] == 0) {
+        printf(" (none)\n");
+        free(realms);
+        return;
+    }
+    for (cpp = realms; *cpp; cpp++) {
+        printf(" '%s'", *cpp);
+        free(*cpp);
+    }
+    free(realms);
+    printf("\n");
 }
 
 static void test_get_realm_domain(krb5_context ctx, char *realm)
 {
-	krb5_error_code	retval;
-	char	*domain;
-	
-	retval = krb5_get_realm_domain(ctx, realm, &domain);
-	if (retval) {
-		com_err("krb5_get_realm_domain", retval, 0);
-		return;
-	}
-	printf("krb5_get_realm_domain(%s) returned '%s'\n", realm, domain);
-	free(domain);
+    krb5_error_code retval;
+    char    *domain;
+
+    retval = krb5_get_realm_domain(ctx, realm, &domain);
+    if (retval) {
+        com_err("krb5_get_realm_domain", retval, 0);
+        return;
+    }
+    printf("krb5_get_realm_domain(%s) returned '%s'\n", realm, domain);
+    free(domain);
 }
 
 static void usage(char *progname)
 {
-	fprintf(stderr, "%s: Usage: %s [-dc] [-k realm] [-r host] [-C ccname] [-D realm]\n",
-		progname, progname);
-	exit(1);
+    fprintf(stderr, "%s: Usage: %s [-dc] [-k realm] [-r host] [-C ccname] [-D realm]\n",
+            progname, progname);
+    exit(1);
 }
 
 int main(int argc, char **argv)
 {
-	int	c;
-	krb5_context	ctx;
-	krb5_error_code	retval;
-	extern char *optarg;
-
-	retval = krb5_init_context(&ctx);
-	if (retval) {
-		fprintf(stderr, "krb5_init_context returned error %u\n",
-			retval);
-		exit(1);
-	}
-
-	while ((c = getopt(argc, argv, "cdk:r:C:D:l:s:")) != -1) {
-	    switch (c) {
-	    case 'c':		/* Get default ccname */
-		test_get_default_ccname(ctx);
-		break;
-	    case 'd': /* Get default realm */
-		test_get_default_realm(ctx);
-		break;
-	    case 'k': /* Get list of KDC's */
-		test_get_krbhst(ctx, optarg);
-		break;
-	    case 'l':
-		test_locate_kdc(ctx, optarg);
-		break;
-	    case 'r':
-		test_get_host_realm(ctx, optarg);
-		break;
-	    case 's':
-		test_set_default_realm(ctx, optarg);
-		break;
-	    case 'C':
-		test_set_default_ccname(ctx, optarg);
-		break;
-	    case 'D':
-		test_get_realm_domain(ctx, optarg);
-		break;
-	    default:
-		usage(argv[0]);
-	    }
-	}
-
-
-	krb5_free_context(ctx);
-	exit(0);
+    int     c;
+    krb5_context    ctx;
+    krb5_error_code retval;
+    extern char *optarg;
+
+    retval = krb5_init_context(&ctx);
+    if (retval) {
+        fprintf(stderr, "krb5_init_context returned error %u\n",
+                retval);
+        exit(1);
+    }
+
+    while ((c = getopt(argc, argv, "cdk:r:C:D:l:s:")) != -1) {
+        switch (c) {
+        case 'c':           /* Get default ccname */
+            test_get_default_ccname(ctx);
+            break;
+        case 'd': /* Get default realm */
+            test_get_default_realm(ctx);
+            break;
+        case 'k': /* Get list of KDC's */
+            test_get_krbhst(ctx, optarg);
+            break;
+        case 'l':
+            test_locate_kdc(ctx, optarg);
+            break;
+        case 'r':
+            test_get_host_realm(ctx, optarg);
+            break;
+        case 's':
+            test_set_default_realm(ctx, optarg);
+            break;
+        case 'C':
+            test_set_default_ccname(ctx, optarg);
+            break;
+        case 'D':
+            test_get_realm_domain(ctx, optarg);
+            break;
+        default:
+            usage(argv[0]);
+        }
+    }
+
+
+    krb5_free_context(ctx);
+    exit(0);
 }
diff --git a/src/lib/krb5/os/thread_safe.c b/src/lib/krb5/os/thread_safe.c
index faac234f9..acd88ce85 100644
--- a/src/lib/krb5/os/thread_safe.c
+++ b/src/lib/krb5/os/thread_safe.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/thread_safec
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * krb5_is_thread_safe() function.
  */
diff --git a/src/lib/krb5/os/timeofday.c b/src/lib/krb5/os/timeofday.c
index 31d803eb5..a711b0493 100644
--- a/src/lib/krb5/os/timeofday.c
+++ b/src/lib/krb5/os/timeofday.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/timeofday.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,9 +23,9 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
  *
- * libos: krb5_timeofday function for BSD 4.3 
+ *
+ * libos: krb5_timeofday function for BSD 4.3
  */
 
 
@@ -39,18 +40,18 @@ krb5_timeofday(krb5_context context, register krb5_timestamp *timeret)
     time_t tval;
 
     if (context == NULL)
-	return EINVAL;
+        return EINVAL;
 
     os_ctx = &context->os_context;
     if (os_ctx->os_flags & KRB5_OS_TOFFSET_TIME) {
-	    *timeret = os_ctx->time_offset;
-	    return 0;
+        *timeret = os_ctx->time_offset;
+        return 0;
     }
     tval = time(0);
     if (tval == (time_t) -1)
-	return (krb5_error_code) errno;
+        return (krb5_error_code) errno;
     if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID)
-	    tval += os_ctx->time_offset;
+        tval += os_ctx->time_offset;
     *timeret = tval;
     return 0;
 }
diff --git a/src/lib/krb5/os/toffset.c b/src/lib/krb5/os/toffset.c
index 40bc108af..a9faec537 100644
--- a/src/lib/krb5/os/toffset.c
+++ b/src/lib/krb5/os/toffset.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/toffset.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,13 +48,13 @@ krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 micr
 
     retval = krb5_crypto_us_timeofday(&sec, &usec);
     if (retval)
-	    return retval;
+        return retval;
 
     os_ctx->time_offset = seconds - sec;
     os_ctx->usec_offset = (microseconds > -1) ? microseconds - usec : 0;
 
     os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
-			KRB5_OS_TOFFSET_VALID);
+                        KRB5_OS_TOFFSET_VALID);
     return 0;
 }
 
@@ -62,7 +63,7 @@ krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 micr
  * the seconds and microseconds value as input to this function.  This
  * is useful for running the krb5 routines through test suites
  */
-krb5_error_code 
+krb5_error_code
 krb5_set_debugging_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds)
 {
     krb5_os_context os_ctx = &context->os_context;
@@ -70,7 +71,7 @@ krb5_set_debugging_time(krb5_context context, krb5_timestamp seconds, krb5_int32
     os_ctx->time_offset = seconds;
     os_ctx->usec_offset = microseconds;
     os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_VALID) |
-			KRB5_OS_TOFFSET_TIME);
+                        KRB5_OS_TOFFSET_TIME);
     return 0;
 }
 
@@ -78,7 +79,7 @@ krb5_set_debugging_time(krb5_context context, krb5_timestamp seconds, krb5_int32
  * This routine turns off the time correction fields, so that the krb5
  * routines return the "natural" time.
  */
-krb5_error_code 
+krb5_error_code
 krb5_use_natural_time(krb5_context context)
 {
     krb5_os_context os_ctx = &context->os_context;
@@ -97,9 +98,9 @@ krb5_get_time_offsets(krb5_context context, krb5_timestamp *seconds, krb5_int32
     krb5_os_context os_ctx = &context->os_context;
 
     if (seconds)
-	*seconds = os_ctx->time_offset;
+        *seconds = os_ctx->time_offset;
     if (microseconds)
-	*microseconds = os_ctx->usec_offset;
+        *microseconds = os_ctx->usec_offset;
     return 0;
 }
 
@@ -107,7 +108,7 @@ krb5_get_time_offsets(krb5_context context, krb5_timestamp *seconds, krb5_int32
 /*
  * This routine sets the time offsets directly.
  */
-krb5_error_code 
+krb5_error_code
 krb5_set_time_offsets(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds)
 {
     krb5_os_context os_ctx = &context->os_context;
@@ -115,6 +116,6 @@ krb5_set_time_offsets(krb5_context context, krb5_timestamp seconds, krb5_int32 m
     os_ctx->time_offset = seconds;
     os_ctx->usec_offset = microseconds;
     os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
-			KRB5_OS_TOFFSET_VALID);
+                        KRB5_OS_TOFFSET_VALID);
     return 0;
 }
diff --git a/src/lib/krb5/os/unlck_file.c b/src/lib/krb5/os/unlck_file.c
index 0bbf7ce31..37233a337 100644
--- a/src/lib/krb5/os/unlck_file.c
+++ b/src/lib/krb5/os/unlck_file.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/unlck_file.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * libos: krb5_lock_file routine
  */
diff --git a/src/lib/krb5/os/ustime.c b/src/lib/krb5/os/ustime.c
index bb34c228e..34c2fa089 100644
--- a/src/lib/krb5/os/ustime.c
+++ b/src/lib/krb5/os/ustime.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/ustime.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * krb5_crypto_us_timeofday() does all of the real work; however, we
  * handle the time offset adjustment here, since this is context
  * specific, and the crypto version of this call doesn't have access
@@ -39,26 +40,26 @@ krb5_us_timeofday(krb5_context context, krb5_timestamp *seconds, krb5_int32 *mic
     krb5_os_context os_ctx = &context->os_context;
     krb5_int32 sec, usec;
     krb5_error_code retval;
-    
+
     if (os_ctx->os_flags & KRB5_OS_TOFFSET_TIME) {
-	    *seconds = os_ctx->time_offset;
-	    *microseconds = os_ctx->usec_offset;
-	    return 0;
+        *seconds = os_ctx->time_offset;
+        *microseconds = os_ctx->usec_offset;
+        return 0;
     }
     retval = krb5_crypto_us_timeofday(&sec, &usec);
     if (retval)
-	    return retval;
+        return retval;
     if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
-	    usec += os_ctx->usec_offset;
-	    if (usec > 1000000) {
-		    usec -= 1000000;
-		    sec++;
-	    }
-	    if (usec < 0) {
-		usec += 1000000;
-		sec--;
-	    }
-	    sec += os_ctx->time_offset;
+        usec += os_ctx->usec_offset;
+        if (usec > 1000000) {
+            usec -= 1000000;
+            sec++;
+        }
+        if (usec < 0) {
+            usec += 1000000;
+            sec--;
+        }
+        sec += os_ctx->time_offset;
     }
     *seconds = sec;
     *microseconds = usec;
diff --git a/src/lib/krb5/os/write_msg.c b/src/lib/krb5/os/write_msg.c
index e6001e8c6..6a57b1e0c 100644
--- a/src/lib/krb5/os/write_msg.c
+++ b/src/lib/krb5/os/write_msg.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/os/write_msg.c
  *
@@ -8,7 +9,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +23,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * convenience sendauth/recvauth functions
  */
@@ -42,29 +43,29 @@ krb5int_write_messages(krb5_context context, krb5_pointer fdp, krb5_data *outbuf
     int fd = *( (int *) fdp);
 
     while (nbufs) {
-	int nbufs1;
-	sg_buf sg[4];
-	krb5_int32 len[2];
+        int nbufs1;
+        sg_buf sg[4];
+        krb5_int32 len[2];
 
-	if (nbufs > 1)
-	    nbufs1 = 2;
-	else
-	    nbufs1 = 1;
-	len[0] = htonl(outbuf[0].length);
-	SG_SET(&sg[0], &len[0], 4);
-	SG_SET(&sg[1], outbuf[0].length ? outbuf[0].data : NULL,
-	       outbuf[0].length);
-	if (nbufs1 == 2) {
-	    len[1] = htonl(outbuf[1].length);
-	    SG_SET(&sg[2], &len[1], 4);
-	    SG_SET(&sg[3], outbuf[1].length ? outbuf[1].data : NULL,
-		   outbuf[1].length);
-	}
-	if (krb5int_net_writev(context, fd, sg, nbufs1 * 2) < 0) {
-	    return errno;
-	}
-	outbuf += nbufs1;
-	nbufs -= nbufs1;
+        if (nbufs > 1)
+            nbufs1 = 2;
+        else
+            nbufs1 = 1;
+        len[0] = htonl(outbuf[0].length);
+        SG_SET(&sg[0], &len[0], 4);
+        SG_SET(&sg[1], outbuf[0].length ? outbuf[0].data : NULL,
+               outbuf[0].length);
+        if (nbufs1 == 2) {
+            len[1] = htonl(outbuf[1].length);
+            SG_SET(&sg[2], &len[1], 4);
+            SG_SET(&sg[3], outbuf[1].length ? outbuf[1].data : NULL,
+                   outbuf[1].length);
+        }
+        if (krb5int_net_writev(context, fd, sg, nbufs1 * 2) < 0) {
+            return errno;
+        }
+        outbuf += nbufs1;
+        nbufs -= nbufs1;
     }
     return(0);
 }
diff --git a/src/lib/krb5/posix/syslog.c b/src/lib/krb5/posix/syslog.c
index e1318933e..418e811d0 100644
--- a/src/lib/krb5/posix/syslog.c
+++ b/src/lib/krb5/posix/syslog.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #if defined(_WIN32)
 /* Windows doesn't have the concept of a system log, so just
 ** do nothing here.
@@ -5,6 +6,6 @@
 void
 syslog(int pri, const char *fmt, ...)
 {
-   return;
+    return;
 }
 #endif
diff --git a/src/lib/krb5/rcache/rc-int.h b/src/lib/krb5/rcache/rc-int.h
index 5d91d3cc6..3030f0e5e 100644
--- a/src/lib/krb5/rcache/rc-int.h
+++ b/src/lib/krb5/rcache/rc-int.h
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/keytab/rc-int.h
  *
@@ -47,25 +47,25 @@ struct _krb5_rc_ops {
     krb5_magic magic;
     char *type;
     krb5_error_code (KRB5_CALLCONV *init)
-        (krb5_context, krb5_rcache,krb5_deltat); /* create */
+    (krb5_context, krb5_rcache,krb5_deltat); /* create */
     krb5_error_code (KRB5_CALLCONV *recover)
-        (krb5_context, krb5_rcache); /* open */
+    (krb5_context, krb5_rcache); /* open */
     krb5_error_code (KRB5_CALLCONV *recover_or_init)
-        (krb5_context, krb5_rcache,krb5_deltat);
+    (krb5_context, krb5_rcache,krb5_deltat);
     krb5_error_code (KRB5_CALLCONV *destroy)
-        (krb5_context, krb5_rcache);
+    (krb5_context, krb5_rcache);
     krb5_error_code (KRB5_CALLCONV *close)
-        (krb5_context, krb5_rcache);
+    (krb5_context, krb5_rcache);
     krb5_error_code (KRB5_CALLCONV *store)
-        (krb5_context, krb5_rcache,krb5_donot_replay *);
+    (krb5_context, krb5_rcache,krb5_donot_replay *);
     krb5_error_code (KRB5_CALLCONV *expunge)
-        (krb5_context, krb5_rcache);
+    (krb5_context, krb5_rcache);
     krb5_error_code (KRB5_CALLCONV *get_span)
-        (krb5_context, krb5_rcache,krb5_deltat *);
+    (krb5_context, krb5_rcache,krb5_deltat *);
     char *(KRB5_CALLCONV *get_name)
-        (krb5_context, krb5_rcache);
+    (krb5_context, krb5_rcache);
     krb5_error_code (KRB5_CALLCONV *resolve)
-        (krb5_context, krb5_rcache, char *);
+    (krb5_context, krb5_rcache, char *);
 };
 
 typedef struct _krb5_rc_ops krb5_rc_ops;
diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c
index 43b901fac..a7c7dd823 100644
--- a/src/lib/krb5/rcache/rc_base.c
+++ b/src/lib/krb5/rcache/rc_base.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rc_base.c
  *
diff --git a/src/lib/krb5/rcache/rc_base.h b/src/lib/krb5/rcache/rc_base.h
index b8687f2fe..1e0f83a02 100644
--- a/src/lib/krb5/rcache/rc_base.h
+++ b/src/lib/krb5/rcache/rc_base.h
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rc_base.h
  *
diff --git a/src/lib/krb5/rcache/rc_conv.c b/src/lib/krb5/rcache/rc_conv.c
index cda9c91fa..aa4b56a16 100644
--- a/src/lib/krb5/rcache/rc_conv.c
+++ b/src/lib/krb5/rcache/rc_conv.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rc_conv.c
  *
diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
index c831ba02d..f19f1cb81 100644
--- a/src/lib/krb5/rcache/rc_dfl.c
+++ b/src/lib/krb5/rcache/rc_dfl.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rc_dfl.c
  *
diff --git a/src/lib/krb5/rcache/rc_dfl.h b/src/lib/krb5/rcache/rc_dfl.h
index 4a6badafe..d1dd153f9 100644
--- a/src/lib/krb5/rcache/rc_dfl.h
+++ b/src/lib/krb5/rcache/rc_dfl.h
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rc_dfl.h
  *
@@ -15,42 +15,42 @@
 #define KRB5_RC_DFL_H
 
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_init
-        (krb5_context,
-                   krb5_rcache,
-                   krb5_deltat);
+(krb5_context,
+ krb5_rcache,
+ krb5_deltat);
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover
-        (krb5_context,
-                   krb5_rcache);
+(krb5_context,
+ krb5_rcache);
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover_or_init
-        (krb5_context, krb5_rcache, krb5_deltat);
+(krb5_context, krb5_rcache, krb5_deltat);
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_destroy
-        (krb5_context,
-                   krb5_rcache);
+(krb5_context,
+ krb5_rcache);
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_close
-        (krb5_context,
-                   krb5_rcache);
+(krb5_context,
+ krb5_rcache);
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_store
-        (krb5_context,
-                   krb5_rcache,
-                   krb5_donot_replay *);
+(krb5_context,
+ krb5_rcache,
+ krb5_donot_replay *);
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_expunge
-        (krb5_context,
-                   krb5_rcache);
+(krb5_context,
+ krb5_rcache);
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span
-        (krb5_context,
-                   krb5_rcache,
-                   krb5_deltat *);
+(krb5_context,
+ krb5_rcache,
+ krb5_deltat *);
 char * KRB5_CALLCONV krb5_rc_dfl_get_name
-        (krb5_context,
-                   krb5_rcache);
+(krb5_context,
+ krb5_rcache);
 krb5_error_code KRB5_CALLCONV krb5_rc_dfl_resolve
-        (krb5_context,
-                   krb5_rcache,
-                   char *);
+(krb5_context,
+ krb5_rcache,
+ char *);
 krb5_error_code krb5_rc_dfl_close_no_free
-        (krb5_context,
-                   krb5_rcache);
+(krb5_context,
+ krb5_rcache);
 void krb5_rc_free_entry
-        (krb5_context,
-                   krb5_donot_replay **);
+(krb5_context,
+ krb5_donot_replay **);
 #endif
diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c
index 8d7d986da..872b5fdff 100644
--- a/src/lib/krb5/rcache/rc_io.c
+++ b/src/lib/krb5/rcache/rc_io.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rc_io.c
  *
@@ -262,12 +262,12 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn,
     /* check if someone was playing with symlinks */
     if ((sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino)
         || (sb1.st_mode & S_IFMT) != S_IFREG)
-        {
-            retval = KRB5_RC_IO_PERM;
-            krb5_set_error_message(context, retval,
-                                   "rcache not a file %s", d->fn);
-            goto cleanup;
-        }
+    {
+        retval = KRB5_RC_IO_PERM;
+        krb5_set_error_message(context, retval,
+                               "rcache not a file %s", d->fn);
+        goto cleanup;
+    }
     /* check that non other can read/write/execute the file */
     if (sb1.st_mode & 077) {
         krb5_set_error_message(context, retval, "Insecure file mode "
diff --git a/src/lib/krb5/rcache/rc_io.h b/src/lib/krb5/rcache/rc_io.h
index a2e13bcc2..e58d850e3 100644
--- a/src/lib/krb5/rcache/rc_io.h
+++ b/src/lib/krb5/rcache/rc_io.h
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rc_io.h
  *
@@ -15,57 +15,57 @@
 #define KRB5_RC_IO_H
 
 typedef struct krb5_rc_iostuff
- {
-  int fd;
+{
+    int fd;
 #ifdef MSDOS_FILESYSTEM
-  long mark;
+    long mark;
 #else
-  off_t mark; /* on newer systems, should be pos_t */
+    off_t mark; /* on newer systems, should be pos_t */
 #endif
-  char *fn;
- }
-krb5_rc_iostuff;
+    char *fn;
+}
+    krb5_rc_iostuff;
 
 /* first argument is always iostuff for result file */
 
 krb5_error_code krb5_rc_io_creat
-        (krb5_context,
-                   krb5_rc_iostuff *,
-                   char **);
+(krb5_context,
+ krb5_rc_iostuff *,
+ char **);
 krb5_error_code krb5_rc_io_open
-        (krb5_context,
-                   krb5_rc_iostuff *,
-                   char *);
+(krb5_context,
+ krb5_rc_iostuff *,
+ char *);
 krb5_error_code krb5_rc_io_move
-        (krb5_context,
-                   krb5_rc_iostuff *,
-                   krb5_rc_iostuff *);
+(krb5_context,
+ krb5_rc_iostuff *,
+ krb5_rc_iostuff *);
 krb5_error_code krb5_rc_io_write
-        (krb5_context,
-                   krb5_rc_iostuff *,
-                   krb5_pointer,
-                   unsigned int);
+(krb5_context,
+ krb5_rc_iostuff *,
+ krb5_pointer,
+ unsigned int);
 krb5_error_code krb5_rc_io_read
-        (krb5_context,
-                   krb5_rc_iostuff *,
-                   krb5_pointer,
-                   unsigned int);
+(krb5_context,
+ krb5_rc_iostuff *,
+ krb5_pointer,
+ unsigned int);
 krb5_error_code krb5_rc_io_close
-        (krb5_context,
-                   krb5_rc_iostuff *);
+(krb5_context,
+ krb5_rc_iostuff *);
 krb5_error_code krb5_rc_io_destroy
-        (krb5_context,
-                   krb5_rc_iostuff *);
+(krb5_context,
+ krb5_rc_iostuff *);
 krb5_error_code krb5_rc_io_mark
-        (krb5_context,
-                   krb5_rc_iostuff *);
+(krb5_context,
+ krb5_rc_iostuff *);
 krb5_error_code krb5_rc_io_unmark
-        (krb5_context,
-                   krb5_rc_iostuff *);
+(krb5_context,
+ krb5_rc_iostuff *);
 krb5_error_code krb5_rc_io_sync
-        (krb5_context,
-                   krb5_rc_iostuff *);
+(krb5_context,
+ krb5_rc_iostuff *);
 long krb5_rc_io_size
-        (krb5_context,
-                   krb5_rc_iostuff *);
+(krb5_context,
+ krb5_rc_iostuff *);
 #endif
diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c
index a0ffed3a4..77ca83705 100644
--- a/src/lib/krb5/rcache/rc_none.c
+++ b/src/lib/krb5/rcache/rc_none.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rc_none.c
  *
diff --git a/src/lib/krb5/rcache/rcdef.c b/src/lib/krb5/rcache/rcdef.c
index 5b860f1b3..c4657b333 100644
--- a/src/lib/krb5/rcache/rcdef.c
+++ b/src/lib/krb5/rcache/rcdef.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rcdef.c
  *
diff --git a/src/lib/krb5/rcache/rcfns.c b/src/lib/krb5/rcache/rcfns.c
index 6794af621..52dec4982 100644
--- a/src/lib/krb5/rcache/rcfns.c
+++ b/src/lib/krb5/rcache/rcfns.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/rcfns.c
  *
diff --git a/src/lib/krb5/rcache/ser_rc.c b/src/lib/krb5/rcache/ser_rc.c
index 72bad88f8..04b969842 100644
--- a/src/lib/krb5/rcache/ser_rc.c
+++ b/src/lib/krb5/rcache/ser_rc.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/krb5/rcache/ser_rc.c
  *
@@ -39,11 +39,11 @@
  *      krb5_rcache_internalize();
  */
 static krb5_error_code krb5_rcache_size
-        (krb5_context, krb5_pointer, size_t *);
+(krb5_context, krb5_pointer, size_t *);
 static krb5_error_code krb5_rcache_externalize
-        (krb5_context, krb5_pointer, krb5_octet **, size_t *);
+(krb5_context, krb5_pointer, krb5_octet **, size_t *);
 static krb5_error_code krb5_rcache_internalize
-        (krb5_context,krb5_pointer *, krb5_octet **, size_t *);
+(krb5_context,krb5_pointer *, krb5_octet **, size_t *);
 
 /*
  * Serialization entry for this type.
diff --git a/src/lib/krb5/rcache/t_replay.c b/src/lib/krb5/rcache/t_replay.c
index d32d6547c..50928c5e8 100644
--- a/src/lib/krb5/rcache/t_replay.c
+++ b/src/lib/krb5/rcache/t_replay.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * test/threads/t_replay.c
  *
diff --git a/src/lib/krb5/unicode/ucdata/ucdata.c b/src/lib/krb5/unicode/ucdata/ucdata.c
index 590ad2fee..1e46744b6 100644
--- a/src/lib/krb5/unicode/ucdata/ucdata.c
+++ b/src/lib/krb5/unicode/ucdata/ucdata.c
@@ -59,7 +59,7 @@ typedef struct {
     krb5_ui_2 cnt;
     union {
         krb5_ui_4 bytes;
-        krb5_ui_2 len[2]; 
+        krb5_ui_2 len[2];
     } size;
 } _ucheader_t;
 
@@ -618,7 +618,7 @@ uccomp_hangul(krb5_ui_4 *str, int len)
         LCount = 19, VCount = 21, TCount = 28,
         NCount = VCount * TCount,   /* 588 */
         SCount = LCount * NCount;   /* 11172 */
-    
+
     int i, rlen;
     krb5_ui_4 ch, last, lindex, sindex;
 
@@ -638,7 +638,7 @@ uccomp_hangul(krb5_ui_4 *str, int len)
                 continue;
             }
         }
-        
+
         /* check if two current characters are LV and T */
         sindex = last - SBase;
         if (sindex < (krb5_ui_4) SCount
@@ -671,7 +671,7 @@ uccanoncomp(krb5_ui_4 *str, int len)
     stpos = 0;
     copos = 1;
     prevcl = uccombining_class(st) == 0 ? 0 : 256;
-        
+
     for (i = 1; i < len; i++) {
         ch = str[i];
         cl = uccombining_class(ch);
@@ -885,7 +885,7 @@ uckdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp)
     if (code < _uckdcmp_nodes[0]) {
 	return 0;
     }
-    
+
     l = 0;
     r = _uckdcmp_nodes[_uckdcmp_size] - 1;
 
diff --git a/src/lib/krb5/unicode/ucdata/ucdata.h b/src/lib/krb5/unicode/ucdata/ucdata.h
index ff3bb3456..00ece35ad 100644
--- a/src/lib/krb5/unicode/ucdata/ucdata.h
+++ b/src/lib/krb5/unicode/ucdata/ucdata.h
@@ -261,7 +261,7 @@ int uckdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp);
  */
 int ucdecomp_hangul(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 decomp[]);
 
-/*  
+/*
  * This routine does canonical decomposition of the string in of length
  * inlen, and returns the decomposed string in out with length outlen.
  * The memory for out is allocated by this routine. It returns the length
@@ -269,14 +269,14 @@ int ucdecomp_hangul(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 decomp[]);
  */
 int uccanondecomp (const krb5_ui_4 *in, int inlen,
 		     krb5_ui_4 **out, int *outlen);
-  
-/*  
+
+/*
  * Equivalent to uccanondecomp() except that it includes compatibility
  * decompositions.
  */
 int uccompatdecomp(const krb5_ui_4 *in, int inlen,
 		     krb5_ui_4 **out, int *outlen);
-  
+
 /**************************************************************************
  *
  * Functions for getting combining classes.
diff --git a/src/lib/krb5/unicode/ucdata/ucgendat.c b/src/lib/krb5/unicode/ucdata/ucgendat.c
index 42b0ecd03..a6d38fbb9 100644
--- a/src/lib/krb5/unicode/ucdata/ucgendat.c
+++ b/src/lib/krb5/unicode/ucdata/ucgendat.c
@@ -449,7 +449,7 @@ add_decomp(krb5_ui_4 code, short compat)
 	pdecomps_used = &decomps_used;
 	pdecomps_size = &decomps_size;
     }
-    
+
     /*
      * Add the code to the composite property.
      */
@@ -953,7 +953,7 @@ read_cdata(FILE *in)
               i++;
         }
         for (e = s; *e && *e != ';'; e++) ;
-    
+
         ordered_range_insert(code, s, e - s);
 
         /*
@@ -1125,7 +1125,7 @@ find_decomp(krb5_ui_4 code, short compat)
 {
     long l, r, m;
     _decomp_t *decs;
-    
+
     l = 0;
     r = (compat ? kdecomps_used : decomps_used) - 1;
     decs = compat ? kdecomps : decomps;
@@ -1479,12 +1479,12 @@ write_cdata(char *opath)
      * Generate the composition data.
      *
      *****************************************************************/
-    
+
     /*
      * Create compositions from decomposition data
      */
     create_comps();
-    
+
 #if HARDCODE_DATA
     fprintf(out, PREF "krb5_ui_4 _uccomp_size = %ld;\n\n",
         comps_used * 4L);
@@ -1512,28 +1512,28 @@ write_cdata(char *opath)
     snprintf(path, sizeof path, "%s" LDAP_DIRSEP "comp.dat", opath);
     if ((out = fopen(path, "wb")) == 0)
 	return;
-    
+
     /*
      * Write the header.
      */
     hdr[1] = (krb5_ui_2) comps_used * 4;
     fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out);
-    
+
     /*
      * Write out the byte count to maintain header size.
      */
     bytes = comps_used * sizeof(_comp_t);
     fwrite((char *) &bytes, sizeof(krb5_ui_4), 1, out);
-    
+
     /*
      * Now, if comps exist, write them out.
      */
     if (comps_used > 0)
         fwrite((char *) comps, sizeof(_comp_t), comps_used, out);
-    
+
     fclose(out);
 #endif
-    
+
     /*****************************************************************
      *
      * Generate the decomposition data.
diff --git a/src/lib/krb5/unicode/ucdata/uctable.h b/src/lib/krb5/unicode/ucdata/uctable.h
index 19d334b4a..98a8745fa 100644
--- a/src/lib/krb5/unicode/ucdata/uctable.h
+++ b/src/lib/krb5/unicode/ucdata/uctable.h
@@ -14303,4 +14303,3 @@ static const short _ucnum_vals[] = {
 	0x002a, 0x0001, 0x002b, 0x0001, 0x002c, 0x0001, 0x002d, 0x0001,
 	0x002e, 0x0001, 0x002f, 0x0001, 0x0030, 0x0001, 0x0031, 0x0001
 };
-
diff --git a/src/lib/krb5/unicode/ucstr.c b/src/lib/krb5/unicode/ucstr.c
index ec2368820..fa6796f78 100644
--- a/src/lib/krb5/unicode/ucstr.c
+++ b/src/lib/krb5/unicode/ucstr.c
@@ -4,13 +4,13 @@
  */
 /*
  * This work is part of OpenLDAP Software <http://www.openldap.org/>.
- * 
+ *
  * Copyright 1998-2008 The OpenLDAP Foundation. All rights reserved.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted only as authorized by the OpenLDAP Public
  * License.
- * 
+ *
  * A copy of this license is available in file LICENSE in the top-level
  * directory of the distribution or, alternatively, at
  * <http://www.OpenLDAP.org/license.html>.
@@ -23,7 +23,7 @@
 
 #include <ctype.h>
 
-int 
+int
 krb5int_ucstrncmp(
 		  const krb5_unicode * u1,
 		  const krb5_unicode * u2,
@@ -40,7 +40,7 @@ krb5int_ucstrncmp(
     return 0;
 }
 
-int 
+int
 krb5int_ucstrncasecmp(
 		      const krb5_unicode * u1,
 		      const krb5_unicode * u2,
@@ -91,7 +91,7 @@ krb5int_ucstrncasechr(
     return NULL;
 }
 
-void 
+void
 krb5int_ucstr2upper(
 		    krb5_unicode * u,
 		    size_t n)
@@ -309,7 +309,7 @@ cleanup:
 
 /* compare UTF8-strings, optionally ignore casing */
 /* slow, should be optimized */
-int 
+int
 krb5int_utf8_normcmp(
 		     const krb5_data * data1,
 		     const krb5_data * data2,
diff --git a/src/lib/krb5/unicode/utbm/utbmstub.c b/src/lib/krb5/unicode/utbm/utbmstub.c
index 866632807..51fa67351 100644
--- a/src/lib/krb5/unicode/utbm/utbmstub.c
+++ b/src/lib/krb5/unicode/utbm/utbmstub.c
@@ -55,7 +55,7 @@ _utbm_isspace(ucs4_t c, int compress)
               c == 0x2028 || c == 0x2029 || _platform_isspace(c)) ? 1 : 0;
 
     return _platform_isspace(c);
-        
+
 }
 
 /*
diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c
index 1debd4d69..1d6837ef0 100644
--- a/src/lib/rpc/auth_gss.c
+++ b/src/lib/rpc/auth_gss.c
@@ -2,7 +2,7 @@
   auth_gss.c
 
   RPCSEC_GSS client routines.
-  
+
   Copyright (c) 2000 The Regents of the University of Michigan.
   All rights reserved.
 
@@ -144,7 +144,7 @@ print_rpc_gss_sec(struct rpc_gss_sec *ptr)
 struct rpc_gss_data {
 	bool_t			 established;	/* context established */
 	bool_t			 inprogress;
-  gss_buffer_desc      gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier 
+  gss_buffer_desc      gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier
                                    * to process at end of context negotiation*/
 	CLIENT			*clnt;		/* client handle */
 	gss_name_t		 name;		/* service name */
@@ -166,9 +166,9 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 	OM_uint32		min_stat = 0;
 
 	log_debug("in authgss_create()");
-	
+
 	memset(&rpc_createerr, 0, sizeof(rpc_createerr));
-	
+
 	if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
 		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
 		rpc_createerr.cf_error.re_errno = ENOMEM;
@@ -200,18 +200,18 @@ authgss_create(CLIENT *clnt, gss_name_t name, struct rpc_gss_sec *sec)
 	gd->gc.gc_v = RPCSEC_GSS_VERSION;
 	gd->gc.gc_proc = RPCSEC_GSS_INIT;
 	gd->gc.gc_svc = gd->sec.svc;
-	
+
 	auth->ah_ops = &authgss_ops;
 	auth->ah_private = (caddr_t)gd;
-	
+
 	save_auth = clnt->cl_auth;
 	clnt->cl_auth = auth;
 
 	if (!authgss_refresh(auth, NULL))
 		auth = NULL;
-	
+
 	clnt->cl_auth = save_auth;
-	
+
 	log_debug("authgss_create returning auth 0x%08x", auth);
 	return (auth);
 }
@@ -225,11 +225,11 @@ authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
 	gss_name_t		 name;
 
 	log_debug("in authgss_create_default()");
-	
+
 
 	sname.value = service;
 	sname.length = strlen(service);
-	
+
 	maj_stat = gss_import_name(&min_stat, &sname,
 		(gss_OID)gss_nt_service_name,
 		&name);
@@ -241,10 +241,10 @@ authgss_create_default(CLIENT *clnt, char *service, struct rpc_gss_sec *sec)
 	}
 
 	auth = authgss_create(clnt, name, sec);
-	
+
  	if (name != GSS_C_NO_NAME)
  		gss_release_name(&min_stat, &name);
-	
+
 	log_debug("authgss_create_default returning auth 0x%08x", auth);
 	return (auth);
 }
@@ -287,16 +287,16 @@ authgss_marshal(AUTH *auth, XDR *xdrs)
 	gss_buffer_desc		 rpcbuf, checksum;
 	OM_uint32		 maj_stat, min_stat;
 	bool_t			 xdr_stat;
-	
+
 	log_debug("in authgss_marshal()");
-	
+
 	gd = AUTH_PRIVATE(auth);
 
 	if (gd->established)
 		gd->gc.gc_seq++;
-	
+
 	xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
-	
+
 	if (!xdr_rpc_gss_cred(&tmpxdrs, &gd->gc)) {
 		XDR_DESTROY(&tmpxdrs);
 		return (FALSE);
@@ -304,12 +304,12 @@ authgss_marshal(AUTH *auth, XDR *xdrs)
 	auth->ah_cred.oa_flavor = RPCSEC_GSS;
 	auth->ah_cred.oa_base = tmp;
 	auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
-	
+
 	XDR_DESTROY(&tmpxdrs);
-	
+
 	if (!xdr_opaque_auth(xdrs, &auth->ah_cred))
 		return (FALSE);
-	
+
 	if (gd->gc.gc_proc == RPCSEC_GSS_INIT ||
 	    gd->gc.gc_proc == RPCSEC_GSS_CONTINUE_INIT) {
 		return (xdr_opaque_auth(xdrs, &gssrpc__null_auth));
@@ -318,7 +318,7 @@ authgss_marshal(AUTH *auth, XDR *xdrs)
 	rpcbuf.length = XDR_GETPOS(xdrs);
 	XDR_SETPOS(xdrs, 0);
 	rpcbuf.value = XDR_INLINE(xdrs, (int)rpcbuf.length);
-	
+
 	maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
 			    &rpcbuf, &checksum);
 
@@ -333,10 +333,10 @@ authgss_marshal(AUTH *auth, XDR *xdrs)
 	auth->ah_verf.oa_flavor = RPCSEC_GSS;
 	auth->ah_verf.oa_base = checksum.value;
 	auth->ah_verf.oa_length = checksum.length;
-	
+
 	xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
 	gss_release_buffer(&min_stat, &checksum);
-	
+
 	return (xdr_stat);
 }
 
@@ -350,13 +350,13 @@ authgss_validate(AUTH *auth, struct opaque_auth *verf)
 	OM_uint32		 maj_stat, min_stat;
 
 	log_debug("in authgss_validate()");
-	
+
 	gd = AUTH_PRIVATE(auth);
 
 	if (gd->established == FALSE) {
 		/* would like to do this only on NULL rpc - gc->established is good enough.
 		 * save the on the wire verifier to validate last INIT phase packet
-		 * after decode if the major status is GSS_S_COMPLETE 
+		 * after decode if the major status is GSS_S_COMPLETE
 		 */
 		if ((gd->gc_wire_verf.value = mem_alloc(verf->oa_length)) == NULL) {
 			fprintf(stderr, "gss_validate: out of memory\n");
@@ -372,13 +372,13 @@ authgss_validate(AUTH *auth, struct opaque_auth *verf)
 		num = htonl(gd->win);
 	}
 	else num = htonl(gd->gc.gc_seq);
-	
+
 	signbuf.value = &num;
 	signbuf.length = sizeof(num);
-	
+
 	checksum.value = verf->oa_base;
 	checksum.length = verf->oa_length;
-	
+
 	maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
 				  &checksum, &qop_state);
 	if (maj_stat != GSS_S_COMPLETE || qop_state != gd->sec.qop) {
@@ -401,16 +401,16 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
 	OM_uint32		 maj_stat, min_stat, call_stat, ret_flags;
 
 	log_debug("in authgss_refresh()");
-	
+
 	gd = AUTH_PRIVATE(auth);
-	
+
 	if (gd->established || gd->inprogress)
 		return (TRUE);
-	
+
 	/* GSS context establishment loop. */
 	memset(&gr, 0, sizeof(gr));
 	recv_tokenp = GSS_C_NO_BUFFER;
-	
+
 #ifdef DEBUG
 	print_rpc_gss_sec(&gd->sec);
 #endif /*DEBUG*/
@@ -424,13 +424,13 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
 						gd->sec.mech,
 						gd->sec.req_flags,
 						0,		/* time req */
-						GSS_C_NO_CHANNEL_BINDINGS, 
+						GSS_C_NO_CHANNEL_BINDINGS,
 						recv_tokenp,
 						NULL,		/* used mech */
 						&send_token,
 						&ret_flags,
 						NULL);		/* time rec */
-		
+
 		log_status("gss_init_sec_context", maj_stat, min_stat);
 		if (recv_tokenp != GSS_C_NO_BUFFER) {
 			gss_release_buffer(&min_stat, &gr.gr_token);
@@ -443,13 +443,13 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
 		}
 		if (send_token.length != 0) {
 			memset(&gr, 0, sizeof(gr));
-			
+
 			call_stat = clnt_call(gd->clnt, NULLPROC,
 					      xdr_rpc_gss_init_args,
 					      &send_token,
 					      xdr_rpc_gss_init_res,
 					      (caddr_t)&gr, AUTH_TIMEOUT);
-			
+
 			gss_release_buffer(&min_stat, &send_token);
 
 			log_debug("authgss_refresh: call_stat=%d", call_stat);
@@ -458,7 +458,7 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
 			    (gr.gr_major != GSS_S_COMPLETE &&
 			     gr.gr_major != GSS_S_CONTINUE_NEEDED))
 				break;
-			
+
 			if (gr.gr_ctx.length != 0) {
 				if (gd->gc.gc_ctx.value)
 					gss_release_buffer(&min_stat,
@@ -472,7 +472,7 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
 			}
 			gd->gc.gc_proc = RPCSEC_GSS_CONTINUE_INIT;
 		}
-		
+
 		/* GSS_S_COMPLETE => check gss header verifier, usually checked in
 		 * gss_validate
 		 */
@@ -516,11 +516,11 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg)
 		log_debug("authgss_refresh: returning ERROR (gc_proc %d)", gd->gc.gc_proc);
 		if (gr.gr_token.length != 0)
 			gss_release_buffer(&min_stat, &gr.gr_token);
-		
+
 		authgss_destroy(auth);
 		auth = NULL;
 		rpc_createerr.cf_stat = RPC_AUTHERROR;
-		
+
 		return (FALSE);
 	}
 	log_debug("authgss_refresh: returning SUCCESS");
@@ -552,9 +552,9 @@ authgss_destroy_context(AUTH *auth)
 	enum clnt_stat		 callstat;
 
 	log_debug("in authgss_destroy_context()");
-	
+
 	gd = AUTH_PRIVATE(auth);
-	
+
 	if (gd->gc.gc_ctx.length != 0) {
 		if (gd->established) {
 			gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
@@ -584,13 +584,13 @@ authgss_destroy(AUTH *auth)
 {
 	struct rpc_gss_data	*gd;
 	OM_uint32		 min_stat;
-	
+
 	log_debug("in authgss_destroy()");
-	
+
 	gd = AUTH_PRIVATE(auth);
-	
+
 	authgss_destroy_context(auth);
-	
+
 	if (gd->name != GSS_C_NO_NAME)
 		gss_release_name(&min_stat, &gd->name);
 
@@ -604,7 +604,7 @@ authgss_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 	struct rpc_gss_data	*gd;
 
 	log_debug("in authgss_wrap()");
-	
+
 	gd = AUTH_PRIVATE(auth);
 
 	if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
@@ -621,9 +621,9 @@ authgss_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 	struct rpc_gss_data	*gd;
 
 	log_debug("in authgss_unwrap()");
-	
+
 	gd = AUTH_PRIVATE(auth);
-	
+
 	if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
 		return ((*xdr_func)(xdrs, xdr_ptr));
 	}
diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c
index 69a4fd1a4..e7a1f8b00 100644
--- a/src/lib/rpc/auth_gssapi.c
+++ b/src/lib/rpc/auth_gssapi.c
@@ -34,7 +34,7 @@ extern void gssrpcint_printf(const char *format, ...);
 #define L_PRINTF(l, args)
 #define AUTH_GSSAPI_DISPLAY_STATUS(args)
 #endif
-   
+
 static void 	auth_gssapi_nextverf(AUTH *);
 static bool_t 	auth_gssapi_marshall(AUTH *, XDR *);
 static bool_t	auth_gssapi_validate(AUTH *, struct opaque_auth *);
@@ -42,7 +42,7 @@ static bool_t	auth_gssapi_refresh(AUTH *, struct rpc_msg *);
 static bool_t	auth_gssapi_wrap(AUTH *, XDR *, xdrproc_t, caddr_t);
 static bool_t	auth_gssapi_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t);
 static void	auth_gssapi_destroy(AUTH *);
-   
+
 static bool_t	marshall_new_creds(AUTH *, bool_t, gss_buffer_t);
 
 static struct auth_ops auth_gssapi_ops = {
@@ -65,7 +65,7 @@ struct auth_gssapi_data {
      gss_buffer_desc client_handle;
      uint32_t seq_num;
      int def_cred;
-     
+
      /* pre-serialized ah_cred */
      unsigned char cred_buf[MAX_AUTH_BYTES];
      uint32_t cred_len;
@@ -86,11 +86,11 @@ AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name)
      OM_uint32 gssstat, minor_stat;
      gss_buffer_desc input_name;
      gss_name_t target_name;
-     
+
      input_name.value = service_name;
      input_name.length = strlen(service_name) + 1;
-     
-     gssstat = gss_import_name(&minor_stat, &input_name, 
+
+     gssstat = gss_import_name(&minor_stat, &input_name,
 			       gss_nt_service_name, &target_name);
      if (gssstat != GSS_S_COMPLETE) {
 	  AUTH_GSSAPI_DISPLAY_STATUS(("parsing name", gssstat,
@@ -99,7 +99,7 @@ AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name)
 	  rpc_createerr.cf_error.re_errno = ENOMEM;
 	  return NULL;
      }
-     
+
      auth = auth_gssapi_create(clnt,
 			       &gssstat,
 			       &minor_stat,
@@ -111,7 +111,7 @@ AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name)
 			       NULL,
 			       NULL,
 			       NULL);
-     
+
      gss_release_name(&minor_stat, &target_name);
      return auth;
 }
@@ -145,22 +145,22 @@ AUTH *auth_gssapi_create(
      struct timeval timeout;
      int bindings_failed;
      rpcproc_t init_func;
-     
+
      auth_gssapi_init_arg call_arg;
      auth_gssapi_init_res call_res;
      gss_buffer_desc *input_token, isn_buf;
-     
+
      memset(&rpc_createerr, 0, sizeof(rpc_createerr));
-     
+
      /* this timeout is only used if clnt_control(clnt, CLSET_TIMEOUT) */
      /* has not already been called.. therefore, we can just pick */
      /* something reasonable-sounding.. */
      timeout.tv_sec = 30;
      timeout.tv_usec = 0;
-     
+
      auth = NULL;
      pdata = NULL;
-     
+
      /* don't assume the caller will want to change clnt->cl_auth */
      save_auth = clnt->cl_auth;
 
@@ -178,23 +178,23 @@ AUTH *auth_gssapi_create(
      }
      memset(auth, 0, sizeof(*auth));
      memset(pdata, 0, sizeof(*pdata));
-     
+
      auth->ah_ops = &auth_gssapi_ops;
      auth->ah_private = (caddr_t) pdata;
-     
+
      /* initial creds are auth_msg TRUE and no handle */
      marshall_new_creds(auth, TRUE, NULL);
-     
+
      /* initial verifier is empty */
      auth->ah_verf.oa_flavor = AUTH_GSSAPI;
      auth->ah_verf.oa_base = NULL;
      auth->ah_verf.oa_length = 0;
-     
+
      AUTH_PRIVATE(auth)->established = FALSE;
      AUTH_PRIVATE(auth)->clnt = clnt;
      AUTH_PRIVATE(auth)->def_cred = (claimant_cred_handle ==
 				     GSS_C_NO_CREDENTIAL);
-     
+
      clnt->cl_auth = auth;
 
      /* start by trying latest version */
@@ -237,7 +237,7 @@ try_new_version:
 	  bindings.initiator_addrtype = GSS_C_AF_INET;
 	  bindings.initiator_address.length = 4;
 	  bindings.initiator_address.value = &laddr.sin_addr.s_addr;
-	  
+
 	  bindings.acceptor_addrtype = GSS_C_AF_INET;
 	  bindings.acceptor_address.length = 4;
 	  bindings.acceptor_address.value = &raddr.sin_addr.s_addr;
@@ -245,9 +245,9 @@ try_new_version:
      } else {
 	  bindp = NULL;
      }
-     
+
      memset(&call_res, 0, sizeof(call_res));
-     
+
 next_token:
      *gssstat = gss_init_sec_context(minor_stat,
 				     claimant_cred_handle,
@@ -262,16 +262,16 @@ next_token:
 				     &call_arg.token,
 				     ret_flags,
 				     time_rec);
-     
+
      if (*gssstat != GSS_S_COMPLETE && *gssstat != GSS_S_CONTINUE_NEEDED) {
 	  AUTH_GSSAPI_DISPLAY_STATUS(("initializing context", *gssstat,
 				      *minor_stat));
 	  goto cleanup;
      }
-     
+
      /* if we got a token, pass it on */
      if (call_arg.token.length != 0) {
-	  
+
 	  /*
 	   * sanity check: if we received a signed isn in the last
 	   * response then there *cannot* be another token to send
@@ -280,16 +280,16 @@ next_token:
 	       PRINTF(("gssapi_create: unexpected token from init_sec\n"));
 	       goto cleanup;
 	  }
-	  
+
 	  PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func));
-	  
+
 	  memset(&call_res, 0, sizeof(call_res));
 	  callstat = clnt_call(clnt, init_func,
 			       xdr_authgssapi_init_arg, &call_arg,
 			       xdr_authgssapi_init_res, &call_res,
 			       timeout);
 	  gss_release_buffer(minor_stat, &call_arg.token);
-	  
+
 	  if (callstat != RPC_SUCCESS) {
 	       struct rpc_err err;
 
@@ -306,7 +306,7 @@ next_token:
 		    PRINTF(("gssapi_create: GSSAPI_INIT (%d) failed, stat %d\n",
 			    init_func, callstat));
 	       }
-	       
+
 	       goto cleanup;
 	  } else if (call_res.version != call_arg.version &&
 		     !(call_arg.version == 2 && call_res.version == 1)) {
@@ -332,10 +332,10 @@ next_token:
 					   call_res.gss_minor));
 	       goto cleanup;
 	  }
-	  
+
 	  PRINTF(("gssapi_create: GSSAPI_INIT (%d) succeeded\n", init_func));
 	  init_func = AUTH_GSSAPI_CONTINUE_INIT;
-	  
+
 	  /* check for client_handle */
 	  if (AUTH_PRIVATE(auth)->client_handle.length == 0) {
 	       if (call_res.client_handle.length == 0) {
@@ -344,20 +344,20 @@ next_token:
 	       } else {
 		    PRINTF(("gssapi_create: got client_handle %d\n",
 			    *((uint32_t *)call_res.client_handle.value)));
-		    
+
 		    GSS_DUP_BUFFER(AUTH_PRIVATE(auth)->client_handle,
 				   call_res.client_handle);
-		    
+
 		    /* auth_msg is TRUE; there may be more tokens */
 		    marshall_new_creds(auth, TRUE,
-				       &AUTH_PRIVATE(auth)->client_handle); 
+				       &AUTH_PRIVATE(auth)->client_handle);
 	       }
 	  } else if (!GSS_BUFFERS_EQUAL(AUTH_PRIVATE(auth)->client_handle,
 					call_res.client_handle)) {
 	       PRINTF(("gssapi_create: got different client_handle\n"));
 	       goto cleanup;
 	  }
-	  
+
 	  /* check for token */
 	  if (call_res.token.length==0 && *gssstat==GSS_S_CONTINUE_NEEDED) {
 	       PRINTF(("gssapi_create: expected token\n"));
@@ -373,7 +373,7 @@ next_token:
 	       }
 	  }
      }
-     
+
      /* check for isn */
      if (*gssstat == GSS_S_COMPLETE) {
 	  if (call_res.signed_isn.length == 0) {
@@ -381,67 +381,67 @@ next_token:
 	       goto cleanup;
 	  } else {
 	       PRINTF(("gssapi_create: processing signed isn\n"));
-	       
+
 	       /* don't check conf (integ only) or qop (accpet default) */
 	       *gssstat = gss_unseal(minor_stat,
 				     AUTH_PRIVATE(auth)->context,
 				     &call_res.signed_isn,
 				     &isn_buf, NULL, NULL);
-	       
+
 	       if (*gssstat != GSS_S_COMPLETE) {
 		    AUTH_GSSAPI_DISPLAY_STATUS(("unsealing isn",
-						*gssstat, *minor_stat)); 
+						*gssstat, *minor_stat));
 		    goto cleanup;
 	       } else if (isn_buf.length != sizeof(uint32_t)) {
 		    PRINTF(("gssapi_create: gss_unseal gave %d bytes\n",
 			    (int) isn_buf.length));
 		    goto cleanup;
 	       }
-	       
+
 	       AUTH_PRIVATE(auth)->seq_num = (uint32_t)
-		    ntohl(*((uint32_t*)isn_buf.value)); 
+		    ntohl(*((uint32_t*)isn_buf.value));
 	       *gssstat = gss_release_buffer(minor_stat, &isn_buf);
 	       if (*gssstat != GSS_S_COMPLETE) {
 		    AUTH_GSSAPI_DISPLAY_STATUS(("releasing unsealed isn",
 						*gssstat, *minor_stat));
 		    goto cleanup;
 	       }
-	       
+
 	       PRINTF(("gssapi_create: isn is %d\n",
 		       AUTH_PRIVATE(auth)->seq_num));
-	       
+
 	       /* we no longer need these results.. */
 	       xdr_free(xdr_authgssapi_init_res, &call_res);
 	  }
      } else if (call_res.signed_isn.length != 0) {
 	  PRINTF(("gssapi_create: got signed isn, can't check yet\n"));
      }
-     
+
      /* results were okay.. continue if necessary */
      if (*gssstat == GSS_S_CONTINUE_NEEDED) {
 	  PRINTF(("gssapi_create: not done, continuing\n"));
 	  goto next_token;
      }
-     
+
      /*
       * Done!  Context is established, we have client_handle and isn.
       */
      AUTH_PRIVATE(auth)->established = TRUE;
-     
+
      marshall_new_creds(auth, FALSE,
-			&AUTH_PRIVATE(auth)->client_handle); 
-     
+			&AUTH_PRIVATE(auth)->client_handle);
+
      PRINTF(("gssapi_create: done. client_handle %#x, isn %d\n\n",
 	     *((uint32_t *)AUTH_PRIVATE(auth)->client_handle.value),
 	     AUTH_PRIVATE(auth)->seq_num));
-     
+
      /* don't assume the caller will want to change clnt->cl_auth */
      clnt->cl_auth = save_auth;
-     
+
      return auth;
-     
+
      /******************************************************************/
-     
+
 cleanup:
      PRINTF(("gssapi_create: bailing\n\n"));
 
@@ -452,13 +452,13 @@ cleanup:
 	     free(auth);
 	 auth = NULL;
      }
-     
+
      /* don't assume the caller will want to change clnt->cl_auth */
      clnt->cl_auth = save_auth;
-     
+
      if (rpc_createerr.cf_stat == 0)
 	  rpc_createerr.cf_stat = RPC_AUTHERROR;
-     
+
      return auth;
 }
 
@@ -480,7 +480,7 @@ cleanup:
  * Requires: auth must point to a valid GSS-API auth structure, auth_msg
  * must be TRUE or FALSE, client_handle must be a gss_buffer_t with a valid
  * value and length field or NULL.
- * 
+ *
  * Effects: auth->ah_cred is set to the serialized auth_gssapi_creds
  * version 2 structure (stored in the cred_buf field of private data)
  * containing version, auth_msg and client_handle.
@@ -496,11 +496,11 @@ static bool_t marshall_new_creds(
 {
      auth_gssapi_creds creds;
      XDR xdrs;
-     
+
      PRINTF(("marshall_new_creds: starting\n"));
 
      creds.version = 2;
-     
+
      creds.auth_msg = auth_msg;
      if (client_handle)
 	  GSS_COPY_BUFFER(creds.client_handle, *client_handle)
@@ -508,7 +508,7 @@ static bool_t marshall_new_creds(
 	  creds.client_handle.length = 0;
 	  creds.client_handle.value = NULL;
      }
-     
+
      xdrmem_create(&xdrs, (caddr_t) AUTH_PRIVATE(auth)->cred_buf,
 		   MAX_AUTH_BYTES, XDR_ENCODE);
      if (! xdr_authgssapi_creds(&xdrs, &creds)) {
@@ -518,16 +518,16 @@ static bool_t marshall_new_creds(
      }
      AUTH_PRIVATE(auth)->cred_len = xdr_getpos(&xdrs);
      XDR_DESTROY(&xdrs);
-     
+
      PRINTF(("marshall_new_creds: auth_gssapi_creds is %d bytes\n",
 	     AUTH_PRIVATE(auth)->cred_len));
-     
+
      auth->ah_cred.oa_flavor = AUTH_GSSAPI;
      auth->ah_cred.oa_base = (char *) AUTH_PRIVATE(auth)->cred_buf;
      auth->ah_cred.oa_length = AUTH_PRIVATE(auth)->cred_len;
-     
+
      PRINTF(("marshall_new_creds: succeeding\n"));
-     
+
      return TRUE;
 }
 
@@ -556,13 +556,13 @@ static void auth_gssapi_nextverf(AUTH *auth)
  * Returns: boolean indicating success/failure
  *
  * Effects:
- * 
+ *
  * The pre-serialized credentials in cred_buf are serialized.  If the
  * context is established, the sealed sequence number is serialized as
  * the verifier.  If the context is not established, an empty verifier
  * is serialized.  The sequence number is *not* incremented, because
  * this function is called multiple times if retransmission is required.
- * 
+ *
  * If this took all the header fields as arguments, it could sign
  * them.
  */
@@ -573,22 +573,22 @@ static bool_t auth_gssapi_marshall(
      OM_uint32 minor_stat;
      gss_buffer_desc out_buf;
      uint32_t seq_num;
-     
+
      if (AUTH_PRIVATE(auth)->established == TRUE)  {
 	  PRINTF(("gssapi_marshall: starting\n"));
-	  
+
 	  seq_num = AUTH_PRIVATE(auth)->seq_num + 1;
-	  
+
 	  PRINTF(("gssapi_marshall: sending seq_num %d\n", seq_num));
-	  
+
 	  if (auth_gssapi_seal_seq(AUTH_PRIVATE(auth)->context, seq_num,
 				   &out_buf) == FALSE) {
 	       PRINTF(("gssapi_marhshall: seal failed\n"));
 	  }
-	  
+
 	  auth->ah_verf.oa_base = out_buf.value;
 	  auth->ah_verf.oa_length = out_buf.length;
-	  
+
 	  if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||
 	      ! xdr_opaque_auth(xdrs, &auth->ah_verf)) {
 	       (void) gss_release_buffer(&minor_stat, &out_buf);
@@ -597,16 +597,16 @@ static bool_t auth_gssapi_marshall(
 	  (void) gss_release_buffer(&minor_stat, &out_buf);
      } else {
 	  PRINTF(("gssapi_marshall: not established, sending null verf\n"));
-	  
+
 	  auth->ah_verf.oa_base = NULL;
 	  auth->ah_verf.oa_length = 0;
-	  
+
 	  if (! xdr_opaque_auth(xdrs, &auth->ah_cred) ||
 	      ! xdr_opaque_auth(xdrs, &auth->ah_verf)) {
 	       return FALSE;
 	  }
      }
-     
+
      return TRUE;
 }
 
@@ -623,14 +623,14 @@ static bool_t auth_gssapi_validate(
 {
      gss_buffer_desc in_buf;
      uint32_t seq_num;
-     
+
      if (AUTH_PRIVATE(auth)->established == FALSE) {
 	  PRINTF(("gssapi_validate: not established, noop\n"));
 	  return TRUE;
      }
-     
+
      PRINTF(("gssapi_validate: starting\n"));
-     
+
      in_buf.length = verf->oa_length;
      in_buf.value = verf->oa_base;
      if (auth_gssapi_unseal_seq(AUTH_PRIVATE(auth)->context, &in_buf,
@@ -638,7 +638,7 @@ static bool_t auth_gssapi_validate(
 	  PRINTF(("gssapi_validate: failed unsealing verifier\n"));
 	  return FALSE;
      }
-     
+
      /* we sent seq_num+1, so we should get back seq_num+2 */
      if (AUTH_PRIVATE(auth)->seq_num+2 != seq_num) {
 	  PRINTF(("gssapi_validate: expecting seq_num %d, got %d (%#x)\n",
@@ -646,12 +646,12 @@ static bool_t auth_gssapi_validate(
 	  return FALSE;
      }
      PRINTF(("gssapi_validate: seq_num %d okay\n", seq_num));
-     
+
      /* +1 for successful transmission, +1 for successful validation */
      AUTH_PRIVATE(auth)->seq_num += 2;
-     
+
      PRINTF(("gssapi_validate: succeeding\n"));
-     
+
      return TRUE;
 }
 
@@ -661,7 +661,7 @@ static bool_t auth_gssapi_validate(
  * Purpose: Attempts to resyncrhonize the sequence number.
  *
  * Effects:
- * 
+ *
  * When the server receives a properly authenticated RPC call, it
  * increments the sequence number it is expecting from the client.
  * But if the server's response is lost for any reason, the client
@@ -706,18 +706,18 @@ static void auth_gssapi_destroy(AUTH *auth)
      OM_uint32 gssstat, minor_stat;
      gss_cred_id_t cred;
      int callstat;
-     
+
      if (AUTH_PRIVATE(auth)->client_handle.length == 0) {
 	  PRINTF(("gssapi_destroy: no client_handle, not calling destroy\n"));
 	  goto skip_call;
      }
-     
+
      PRINTF(("gssapi_destroy: marshalling new creds\n"));
      if (!marshall_new_creds(auth, TRUE, &AUTH_PRIVATE(auth)->client_handle)) {
 	  PRINTF(("gssapi_destroy: marshall_new_creds failed\n"));
 	  goto skip_call;
      }
-     
+
      PRINTF(("gssapi_destroy: calling GSSAPI_DESTROY\n"));
      timeout.tv_sec = 1;
      timeout.tv_usec = 0;
@@ -726,7 +726,7 @@ static void auth_gssapi_destroy(AUTH *auth)
      if (callstat != RPC_SUCCESS)
 	  clnt_sperror(AUTH_PRIVATE(auth)->clnt,
 		       "gssapi_destroy: GSSAPI_DESTROY failed");
-     
+
 skip_call:
      PRINTF(("gssapi_destroy: deleting context\n"));
      gssstat = gss_delete_sec_context(&minor_stat,
@@ -742,18 +742,18 @@ skip_call:
 	       AUTH_GSSAPI_DISPLAY_STATUS(("deleting default credential",
 					   gssstat, minor_stat));
      }
-     
+
      if (AUTH_PRIVATE(auth)->client_handle.length != 0)
 	  gss_release_buffer(&minor_stat,
 			     &AUTH_PRIVATE(auth)->client_handle);
-     
+
 #if 0
      PRINTF(("gssapi_destroy: calling GSSAPI_EXIT\n"));
      AUTH_PRIVATE(auth)->established = FALSE;
      callstat = clnt_call(AUTH_PRIVATE(auth)->clnt, AUTH_GSSAPI_EXIT,
 			  xdr_void, NULL, xdr_void, NULL, timeout);
 #endif
-     
+
      free(auth->ah_private);
      free(auth);
      PRINTF(("gssapi_destroy: done\n"));
@@ -774,7 +774,7 @@ static bool_t auth_gssapi_wrap(
      caddr_t xdr_ptr)
 {
      OM_uint32 gssstat, minor_stat;
-     
+
      if (! AUTH_PRIVATE(auth)->established) {
 	  PRINTF(("gssapi_wrap: context not established, noop\n"));
 	  return (*xdr_func)(out_xdrs, xdr_ptr);
@@ -805,7 +805,7 @@ static bool_t auth_gssapi_unwrap(
      caddr_t xdr_ptr)
 {
      OM_uint32 gssstat, minor_stat;
-     
+
      if (! AUTH_PRIVATE(auth)->established) {
 	  PRINTF(("gssapi_unwrap: context not established, noop\n"));
 	  return (*xdr_func)(in_xdrs, xdr_ptr);
diff --git a/src/lib/rpc/auth_gssapi_misc.c b/src/lib/rpc/auth_gssapi_misc.c
index 908ac0cb2..e1f92053d 100644
--- a/src/lib/rpc/auth_gssapi_misc.c
+++ b/src/lib/rpc/auth_gssapi_misc.c
@@ -27,10 +27,10 @@ extern void gssrpcint_printf(const char *, ...);
 #define L_PRINTF(l, args)
 #define AUTH_GSSAPI_DISPLAY_STATUS(args)
 #endif
-   
+
 static void auth_gssapi_display_status_1
 	(char *, OM_uint32, int, int);
-   
+
 bool_t xdr_gss_buf(
      XDR *xdrs,
      gss_buffer_t buf)
@@ -95,9 +95,9 @@ bool_t auth_gssapi_seal_seq(
      gss_buffer_desc in_buf;
      OM_uint32 gssstat, minor_stat;
      uint32_t nl_seq_num;
-     
+
      nl_seq_num = htonl(seq_num);
-     
+
      in_buf.length = sizeof(uint32_t);
      in_buf.value = (char *) &nl_seq_num;
      gssstat = gss_seal(&minor_stat, context, 0, GSS_C_QOP_DEFAULT,
@@ -119,13 +119,13 @@ bool_t auth_gssapi_unseal_seq(
      gss_buffer_desc out_buf;
      OM_uint32 gssstat, minor_stat;
      uint32_t nl_seq_num;
-     
+
      gssstat = gss_unseal(&minor_stat, context, in_buf, &out_buf,
 			  NULL, NULL);
      if (gssstat != GSS_S_COMPLETE) {
 	  PRINTF(("gssapi_unseal_seq: failed\n"));
 	  AUTH_GSSAPI_DISPLAY_STATUS(("unsealing sequence number",
-				      gssstat, minor_stat)); 
+				      gssstat, minor_stat));
 	  return FALSE;
      } else if (out_buf.length != sizeof(uint32_t)) {
 	  PRINTF(("gssapi_unseal_seq: unseal gave %d bytes\n",
@@ -133,11 +133,11 @@ bool_t auth_gssapi_unseal_seq(
 	  gss_release_buffer(&minor_stat, &out_buf);
 	  return FALSE;
      }
-     
+
      nl_seq_num = *((uint32_t *) out_buf.value);
      *seq_num = (uint32_t) ntohl(nl_seq_num);
      gss_release_buffer(&minor_stat, &out_buf);
-     
+
      return TRUE;
 }
 
@@ -159,7 +159,7 @@ static void auth_gssapi_display_status_1(
      OM_uint32 gssstat, minor_stat;
      gss_buffer_desc msg;
      OM_uint32 msg_ctx;
-     
+
      msg_ctx = 0;
      while (1) {
 	  gssstat = gss_display_status(&minor_stat, code,
@@ -167,7 +167,7 @@ static void auth_gssapi_display_status_1(
 				       &msg_ctx, &msg);
 	  if (gssstat != GSS_S_COMPLETE) {
  	       if (!rec) {
-		    auth_gssapi_display_status_1(m,gssstat,GSS_C_GSS_CODE,1); 
+		    auth_gssapi_display_status_1(m,gssstat,GSS_C_GSS_CODE,1);
 		    auth_gssapi_display_status_1(m, minor_stat,
 						 GSS_C_MECH_CODE, 1);
 	       } else {
@@ -185,7 +185,7 @@ static void auth_gssapi_display_status_1(
 	      gssrpcint_printf("GSS-API authentication error %s: %*s\n",
 			       m, msg.length, (char *) msg.value);
 	  (void) gss_release_buffer(&minor_stat, &msg);
-	  
+
 	  if (!msg_ctx)
 	       break;
      }
@@ -204,14 +204,14 @@ bool_t auth_gssapi_wrap_data(
      XDR temp_xdrs;
      int conf_state;
      unsigned int length;
-     
+
      PRINTF(("gssapi_wrap_data: starting\n"));
-     
+
      *major = GSS_S_COMPLETE;
      *minor = 0; /* assumption */
-     
+
      xdralloc_create(&temp_xdrs, XDR_ENCODE);
-     
+
      /* serialize the sequence number into local memory */
      PRINTF(("gssapi_wrap_data: encoding seq_num %d\n", seq_num));
      if (! xdr_u_int32(&temp_xdrs, &seq_num)) {
@@ -219,17 +219,17 @@ bool_t auth_gssapi_wrap_data(
 	  XDR_DESTROY(&temp_xdrs);
 	  return FALSE;
      }
-     
+
      /* serialize the arguments into local memory */
      if (!(*xdr_func)(&temp_xdrs, xdr_ptr)) {
 	  PRINTF(("gssapi_wrap_data: serializing arguments failed\n"));
 	  XDR_DESTROY(&temp_xdrs);
 	  return FALSE;
      }
-     
+
      in_buf.length = xdr_getpos(&temp_xdrs);
      in_buf.value = xdralloc_getdata(&temp_xdrs);
-     
+
      *major = gss_seal(minor, context, 1,
 		       GSS_C_QOP_DEFAULT, &in_buf, &conf_state,
 		       &out_buf);
@@ -237,22 +237,22 @@ bool_t auth_gssapi_wrap_data(
 	  XDR_DESTROY(&temp_xdrs);
 	  return FALSE;
      }
-     
+
      PRINTF(("gssapi_wrap_data: %d bytes data, %d bytes sealed\n",
 	     (int) in_buf.length, (int) out_buf.length));
-     
+
      /* write the token */
      length = out_buf.length;
-     if (! xdr_bytes(out_xdrs, (char **) &out_buf.value, 
+     if (! xdr_bytes(out_xdrs, (char **) &out_buf.value,
 		     (unsigned int *) &length,
 		     out_buf.length)) {
 	  PRINTF(("gssapi_wrap_data: serializing encrypted data failed\n"));
 	  XDR_DESTROY(&temp_xdrs);
 	  return FALSE;
      }
-     
+
      *major = gss_release_buffer(minor, &out_buf);
-     
+
      PRINTF(("gssapi_wrap_data: succeeding\n\n"));
      XDR_DESTROY(&temp_xdrs);
      return TRUE;
@@ -272,12 +272,12 @@ bool_t auth_gssapi_unwrap_data(
      uint32_t verf_seq_num;
      int conf, qop;
      unsigned int length;
-     
+
      PRINTF(("gssapi_unwrap_data: starting\n"));
-     
+
      *major = GSS_S_COMPLETE;
      *minor = 0; /* assumption */
-     
+
      in_buf.value = NULL;
      out_buf.value = NULL;
      if (! xdr_bytes(in_xdrs, (char **) &in_buf.value,
@@ -289,18 +289,18 @@ bool_t auth_gssapi_unwrap_data(
 	 return FALSE;
      }
      in_buf.length = length;
-     
+
      *major = gss_unseal(minor, context, &in_buf, &out_buf, &conf,
 			 &qop);
      free(in_buf.value);
      if (*major != GSS_S_COMPLETE)
 	  return FALSE;
-     
+
      PRINTF(("gssapi_unwrap_data: %d bytes data, %d bytes sealed\n",
 	     out_buf.length, in_buf.length));
-     
+
      xdrmem_create(&temp_xdrs, out_buf.value, out_buf.length, XDR_DECODE);
-     
+
      /* deserialize the sequence number */
      if (! xdr_u_int32(&temp_xdrs, &verf_seq_num)) {
 	  PRINTF(("gssapi_unwrap_data: deserializing verf_seq_num failed\n"));
@@ -316,7 +316,7 @@ bool_t auth_gssapi_unwrap_data(
 	  return FALSE;
      }
      PRINTF(("gssapi_unwrap_data: unwrap seq_num %d okay\n", verf_seq_num));
-     
+
      /* deserialize the arguments into xdr_ptr */
      if (! (*xdr_func)(&temp_xdrs, xdr_ptr)) {
 	  PRINTF(("gssapi_unwrap_data: deserializing arguments failed\n"));
@@ -325,9 +325,9 @@ bool_t auth_gssapi_unwrap_data(
 	  XDR_DESTROY(&temp_xdrs);
 	  return FALSE;
      }
-     
+
      PRINTF(("gssapi_unwrap_data: succeeding\n\n"));
-     
+
      gss_release_buffer(minor, &out_buf);
      XDR_DESTROY(&temp_xdrs);
      return TRUE;
diff --git a/src/lib/rpc/auth_none.c b/src/lib/rpc/auth_none.c
index f4869aa6a..2e176223d 100644
--- a/src/lib/rpc/auth_none.c
+++ b/src/lib/rpc/auth_none.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -33,10 +33,10 @@ static char sccsid[] = "@(#)auth_none.c 1.19 87/08/11 Copyr 1984 Sun Micro";
 
 /*
  * auth_none.c
- * Creates a client authentication handle for passing "null" 
- * credentials and verifiers to remote systems. 
- * 
- * Copyright (C) 1984, Sun Microsystems, Inc. 
+ * Creates a client authentication handle for passing "null"
+ * credentials and verifiers to remote systems.
+ *
+ * Copyright (C) 1984, Sun Microsystems, Inc.
  */
 
 #include <gssrpc/types.h>
@@ -111,7 +111,7 @@ authnone_marshal(AUTH *client, XDR *xdrs)
 }
 
 /*ARGSUSED*/
-static void 
+static void
 authnone_verf(AUTH *auth)
 {
 }
diff --git a/src/lib/rpc/auth_unix.c b/src/lib/rpc/auth_unix.c
index eaa842732..ad7b50552 100644
--- a/src/lib/rpc/auth_unix.c
+++ b/src/lib/rpc/auth_unix.c
@@ -6,11 +6,11 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
@@ -18,11 +18,11 @@
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -32,8 +32,8 @@ static char sccsid[] = "@(#)auth_unix.c 1.19 87/08/11 Copyr 1984 Sun Micro";
 #endif
 
 /*
- * auth_unix.c, Implements UNIX style authentication parameters. 
- *  
+ * auth_unix.c, Implements UNIX style authentication parameters.
+ *
  * Copyright (C) 1984, Sun Microsystems, Inc.
  *
  * The system is very weak.  The client uses no encryption for it's
@@ -145,7 +145,7 @@ authunix_create(
 	 * Serialize the parameters into origcred
 	 */
 	xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
-	if (! xdr_authunix_parms(&xdrs, &aup)) 
+	if (! xdr_authunix_parms(&xdrs, &aup))
 		abort();
 	au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
 	au->au_origcred.oa_flavor = AUTH_UNIX;
@@ -261,7 +261,7 @@ authunix_refresh(register AUTH *auth, struct rpc_msg *msg)
 	xdrmem_create(&xdrs, au->au_origcred.oa_base,
 	    au->au_origcred.oa_length, XDR_DECODE);
 	stat = xdr_authunix_parms(&xdrs, &aup);
-	if (! stat) 
+	if (! stat)
 		goto done;
 
 	/* update the time and serialize in place */
diff --git a/src/lib/rpc/authgss_prot.c b/src/lib/rpc/authgss_prot.c
index ab6e7fea0..31a8ddab3 100644
--- a/src/lib/rpc/authgss_prot.c
+++ b/src/lib/rpc/authgss_prot.c
@@ -1,12 +1,12 @@
 /*
   authgss_prot.c
-  
+
   Copyright (c) 2000 The Regents of the University of Michigan.
   All rights reserved.
-  
+
   Copyright (c) 2000 Dug Song <dugsong@UMICH.EDU>.
   All rights reserved, all wrongs reversed.
-  
+
   Redistribution and use in source and binary forms, with or without
   modification, are permitted provided that the following conditions
   are met:
@@ -98,7 +98,7 @@ xdr_rpc_gss_init_args(XDR *xdrs, gss_buffer_desc *p)
 		  (xdrs->x_op == XDR_ENCODE) ? "encode" : "decode",
 		  (xdr_stat == TRUE) ? "success" : "failure",
 		  p->value, p->length);
-	
+
 	return (xdr_stat);
 }
 
@@ -120,7 +120,7 @@ xdr_rpc_gss_init_res(XDR *xdrs, struct rpc_gss_init_res *p)
 		  p->gr_ctx.value, p->gr_ctx.length,
 		  p->gr_major, p->gr_minor, p->gr_win,
 		  p->gr_token.value, p->gr_token.length);
-	
+
 	return (xdr_stat);
 }
 
@@ -138,7 +138,7 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
 	xdralloc_create(&tmpxdrs, XDR_ENCODE);
 
 	xdr_stat = FALSE;
-	
+
 	/* Marshal rpc_gss_data_t (sequence number + arguments). */
 	if (!xdr_u_int32(&tmpxdrs, &seq) || !(*xdr_func)(&tmpxdrs, xdr_ptr))
 		goto errout;
@@ -161,7 +161,7 @@ xdr_rpc_gss_wrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
 		/* Marshal checksum. */
 		xdr_stat = xdr_rpc_gss_buf(xdrs, &wrapbuf, (unsigned int)-1);
 		gss_release_buffer(&min_stat, &wrapbuf);
-	}		
+	}
 	else if (svc == RPCSEC_GSS_SVC_PRIVACY) {
 		/* Encrypt rpc_gss_data_t. */
 		maj_stat = gss_wrap(&min_stat, ctx, TRUE, qop, &databuf,
@@ -194,10 +194,10 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
 
 	if (xdr_func == xdr_void || xdr_ptr == NULL)
 		return (TRUE);
-	
+
 	memset(&databuf, 0, sizeof(databuf));
 	memset(&wrapbuf, 0, sizeof(wrapbuf));
-	
+
 	if (svc == RPCSEC_GSS_SVC_INTEGRITY) {
 		/* Decode databody_integ. */
 		if (!xdr_rpc_gss_buf(xdrs, &databuf, (unsigned int)-1)) {
@@ -214,7 +214,7 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
 		maj_stat = gss_verify_mic(&min_stat, ctx, &databuf,
 					  &wrapbuf, &qop_state);
 		gss_release_buffer(&min_stat, &wrapbuf);
-		
+
 		if (maj_stat != GSS_S_COMPLETE || qop_state != qop) {
 			gss_release_buffer(&min_stat, &databuf);
 			log_status("gss_verify_mic", maj_stat, min_stat);
@@ -230,9 +230,9 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
 		/* Decrypt databody. */
 		maj_stat = gss_unwrap(&min_stat, ctx, &wrapbuf, &databuf,
 				      &conf_state, &qop_state);
-		
+
 		gss_release_buffer(&min_stat, &wrapbuf);
-		
+
 		/* Verify encryption and QOP. */
 		if (maj_stat != GSS_S_COMPLETE || qop_state != qop ||
 			conf_state != TRUE) {
@@ -247,7 +247,7 @@ xdr_rpc_gss_unwrap_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
 		    (*xdr_func)(&tmpxdrs, xdr_ptr));
 	XDR_DESTROY(&tmpxdrs);
 	gss_release_buffer(&min_stat, &databuf);
-	
+
 	/* Verify sequence number. */
 	if (xdr_stat == TRUE && seq_num != seq) {
 		log_debug("wrong sequence number in databody");
@@ -262,7 +262,7 @@ xdr_rpc_gss_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr,
 		 rpc_gss_svc_t svc, uint32_t seq)
 {
 	switch (xdrs->x_op) {
-		
+
 	case XDR_ENCODE:
 		return (xdr_rpc_gss_wrap_data(xdrs, xdr_func, xdr_ptr,
 					      ctx, qop, svc, seq));
@@ -316,13 +316,13 @@ log_hexdump(const u_char *buf, int len, int offset)
 {
 	u_int i, j, jm;
 	int c;
-	
+
 	fprintf(stderr, "\n");
 	for (i = 0; i < len; i += 0x10) {
 		fprintf(stderr, "  %04x: ", (u_int)(i + offset));
 		jm = len - i;
 		jm = jm > 16 ? 16 : jm;
-		
+
 		for (j = 0; j < jm; j++) {
 			if ((j % 2) == 1)
 				fprintf(stderr, "%02x ", (u_int) buf[i+j]);
@@ -334,7 +334,7 @@ log_hexdump(const u_char *buf, int len, int offset)
 			else fprintf(stderr, "  ");
 		}
 		fprintf(stderr, " ");
-		
+
 		for (j = 0; j < jm; j++) {
 			c = buf[i+j];
 			c = isprint(c) ? c : '.';
@@ -362,5 +362,3 @@ log_hexdump(const u_char *buf, int len, int offset)
 }
 
 #endif
-
-
diff --git a/src/lib/rpc/authunix_prot.c b/src/lib/rpc/authunix_prot.c
index 7eb47a4b4..4d20b018c 100644
--- a/src/lib/rpc/authunix_prot.c
+++ b/src/lib/rpc/authunix_prot.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -61,4 +61,3 @@ xdr_authunix_parms(register XDR *xdrs, register struct authunix_parms *p)
 	}
 	return (FALSE);
 }
-
diff --git a/src/lib/rpc/bindresvport.c b/src/lib/rpc/bindresvport.c
index d1ec65452..62cc529ac 100644
--- a/src/lib/rpc/bindresvport.c
+++ b/src/lib/rpc/bindresvport.c
@@ -8,23 +8,23 @@ static  char sccsid[] = "@(#)bindresvport.c	2.2 88/07/29 4.0 RPCSRC 1.8 88/02/08
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/clnt_generic.c b/src/lib/rpc/clnt_generic.c
index 696e5a2e8..880b0df9f 100644
--- a/src/lib/rpc/clnt_generic.c
+++ b/src/lib/rpc/clnt_generic.c
@@ -6,11 +6,11 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
@@ -18,11 +18,11 @@
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -42,7 +42,7 @@ static char sccsid[] = "@(#)clnt_generic.c 1.4 87/08/11 (C) 1987 SMI";
 
 /*
  * Generic client creation: takes (hostname, program-number, protocol) and
- * returns client handle. Default options are set, which the user can 
+ * returns client handle. Default options are set, which the user can
  * change using the rpc equivalent of ioctl()'s.
  */
 CLIENT *
@@ -69,7 +69,7 @@ clnt_create(
 		 * Only support INET for now
 		 */
 		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
-		rpc_createerr.cf_error.re_errno = EAFNOSUPPORT; 
+		rpc_createerr.cf_error.re_errno = EAFNOSUPPORT;
 		return (NULL);
 	}
 	memset(&sockin, 0, sizeof(sockin));
@@ -82,7 +82,7 @@ clnt_create(
 	p = getprotobyname(proto);
 	if (p == NULL) {
 		rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
-		rpc_createerr.cf_error.re_errno = EPFNOSUPPORT; 
+		rpc_createerr.cf_error.re_errno = EPFNOSUPPORT;
 		return (NULL);
 	}
 	sock = RPC_ANYSOCK;
@@ -108,7 +108,7 @@ clnt_create(
 		break;
 	default:
 		rpc_createerr.cf_stat = RPC_SYSTEMERROR;
-		rpc_createerr.cf_error.re_errno = EPFNOSUPPORT; 
+		rpc_createerr.cf_error.re_errno = EPFNOSUPPORT;
 		return (NULL);
 	}
 	return (client);
diff --git a/src/lib/rpc/clnt_perror.c b/src/lib/rpc/clnt_perror.c
index 09b432294..7a469fb57 100644
--- a/src/lib/rpc/clnt_perror.c
+++ b/src/lib/rpc/clnt_perror.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -100,7 +100,7 @@ clnt_sperror(CLIENT *rpch, char *s)
 	case RPC_SUCCESS:
 	case RPC_CANTENCODEARGS:
 	case RPC_CANTDECODERES:
-	case RPC_TIMEDOUT:     
+	case RPC_TIMEDOUT:
 	case RPC_PROGUNAVAIL:
 	case RPC_PROCUNAVAIL:
 	case RPC_CANTDECODEARGS:
@@ -117,7 +117,7 @@ clnt_sperror(CLIENT *rpch, char *s)
 		/* 10 for the string */
 		if (str - bufstart + 10 + strlen(strerror(e.re_errno)) < BUFSIZ)
 		    (void) snprintf(str, strend-str, "; errno = %s",
-				    strerror(e.re_errno)); 
+				    strerror(e.re_errno));
 		str += strlen(str);
 		break;
 
@@ -125,7 +125,7 @@ clnt_sperror(CLIENT *rpch, char *s)
 		/* 33 for the string, 22 for the numbers */
 		if(str - bufstart + 33 + 22 < BUFSIZ)
 		    (void) snprintf(str, strend-str,
-				    "; low version = %lu, high version = %lu", 
+				    "; low version = %lu, high version = %lu",
 				    (u_long) e.re_vers.low,
 				    (u_long) e.re_vers.high);
 		str += strlen(str);
@@ -188,41 +188,41 @@ struct rpc_errtab {
 };
 
 static struct rpc_errtab  rpc_errlist[] = {
-	{ RPC_SUCCESS, 
-		"RPC: Success" }, 
-	{ RPC_CANTENCODEARGS, 
+	{ RPC_SUCCESS,
+		"RPC: Success" },
+	{ RPC_CANTENCODEARGS,
 		"RPC: Can't encode arguments" },
-	{ RPC_CANTDECODERES, 
+	{ RPC_CANTDECODERES,
 		"RPC: Can't decode result" },
-	{ RPC_CANTSEND, 
+	{ RPC_CANTSEND,
 		"RPC: Unable to send" },
-	{ RPC_CANTRECV, 
+	{ RPC_CANTRECV,
 		"RPC: Unable to receive" },
-	{ RPC_TIMEDOUT, 
+	{ RPC_TIMEDOUT,
 		"RPC: Timed out" },
-	{ RPC_VERSMISMATCH, 
+	{ RPC_VERSMISMATCH,
 		"RPC: Incompatible versions of RPC" },
-	{ RPC_AUTHERROR, 
+	{ RPC_AUTHERROR,
 		"RPC: Authentication error" },
-	{ RPC_PROGUNAVAIL, 
+	{ RPC_PROGUNAVAIL,
 		"RPC: Program unavailable" },
-	{ RPC_PROGVERSMISMATCH, 
+	{ RPC_PROGVERSMISMATCH,
 		"RPC: Program/version mismatch" },
-	{ RPC_PROCUNAVAIL, 
+	{ RPC_PROCUNAVAIL,
 		"RPC: Procedure unavailable" },
-	{ RPC_CANTDECODEARGS, 
+	{ RPC_CANTDECODEARGS,
 		"RPC: Server can't decode arguments" },
-	{ RPC_SYSTEMERROR, 
+	{ RPC_SYSTEMERROR,
 		"RPC: Remote system error" },
-	{ RPC_UNKNOWNHOST, 
+	{ RPC_UNKNOWNHOST,
 		"RPC: Unknown host" },
 	{ RPC_UNKNOWNPROTO,
 		"RPC: Unknown protocol" },
-	{ RPC_PMAPFAILURE, 
+	{ RPC_PMAPFAILURE,
 		"RPC: Port mapper failure" },
-	{ RPC_PROGNOTREGISTERED, 
+	{ RPC_PROGNOTREGISTERED,
 		"RPC: Program not registered"},
-	{ RPC_FAILED, 
+	{ RPC_FAILED,
 		"RPC: Failed (unspecified error)"}
 };
 
@@ -313,7 +313,7 @@ clnt_pcreateerror(char *s)
 }
 
 struct auth_errtab {
-	enum auth_stat status;	
+	enum auth_stat status;
 	char *message;
 };
 
diff --git a/src/lib/rpc/clnt_raw.c b/src/lib/rpc/clnt_raw.c
index 06b078e99..e2fdc3536 100644
--- a/src/lib/rpc/clnt_raw.c
+++ b/src/lib/rpc/clnt_raw.c
@@ -6,11 +6,11 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
@@ -18,11 +18,11 @@
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -60,8 +60,8 @@ static struct clntraw_private {
 	u_int	mcnt;
 } *clntraw_private;
 
-static enum clnt_stat	clntraw_call(CLIENT *, rpcproc_t, xdrproc_t, 
-				     void *, xdrproc_t, void *, 
+static enum clnt_stat	clntraw_call(CLIENT *, rpcproc_t, xdrproc_t,
+				     void *, xdrproc_t, void *,
 				     struct timeval);
 static void		clntraw_abort(CLIENT *);
 static void		clntraw_geterr(CLIENT *, struct rpc_err *);
@@ -106,7 +106,7 @@ clntraw_create(
 	call_msg.rm_call.cb_rpcvers = RPC_MSG_VERSION;
 	call_msg.rm_call.cb_prog = prog;
 	call_msg.rm_call.cb_vers = vers;
-	xdrmem_create(xdrs, clp->u.mashl_callmsg, MCALL_MSG_SIZE, XDR_ENCODE); 
+	xdrmem_create(xdrs, clp->u.mashl_callmsg, MCALL_MSG_SIZE, XDR_ENCODE);
 	if (! xdr_callhdr(xdrs, &call_msg)) {
 		perror("clnt_raw.c - Fatal header serialization error.");
 	}
@@ -126,7 +126,7 @@ clntraw_create(
 	return (client);
 }
 
-static enum clnt_stat 
+static enum clnt_stat
 clntraw_call(
 	CLIENT *h,
 	rpcproc_t proc,
diff --git a/src/lib/rpc/clnt_simple.c b/src/lib/rpc/clnt_simple.c
index 3649c8048..d5dbb5a5b 100644
--- a/src/lib/rpc/clnt_simple.c
+++ b/src/lib/rpc/clnt_simple.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -31,7 +31,7 @@
 static char sccsid[] = "@(#)clnt_simple.c 1.35 87/08/11 Copyr 1984 Sun Micro";
 #endif
 
-/* 
+/*
  * clnt_simple.c
  * Simplified front end to rpc.
  *
@@ -89,7 +89,7 @@ callrpc(
 	}
 	if (crp->valid && crp->oldprognum == prognum && crp->oldversnum == versnum
 		&& strcmp(crp->oldhost, host) == 0) {
-		/* reuse old client */		
+		/* reuse old client */
 	} else {
 		crp->valid = 0;
                 (void)closesocket(crp->socket);
@@ -103,7 +103,7 @@ callrpc(
 		timeout.tv_usec = 0;
 		timeout.tv_sec = 5;
 		memset(&server_addr, 0, sizeof(server_addr));
-		memmove((char *)&server_addr.sin_addr, hp->h_addr, 
+		memmove((char *)&server_addr.sin_addr, hp->h_addr,
 			sizeof(server_addr.sin_addr));
 #if HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
 		server_addr.sin_len = sizeof(server_addr);
@@ -123,7 +123,7 @@ callrpc(
 	tottimeout.tv_usec = 0;
 	clnt_stat = clnt_call(crp->client, procnum, inproc, in,
 	    outproc, out, tottimeout);
-	/* 
+	/*
 	 * if call failed, empty cache
 	 */
 	if (clnt_stat != RPC_SUCCESS)
diff --git a/src/lib/rpc/clnt_tcp.c b/src/lib/rpc/clnt_tcp.c
index 716849336..0eb8f45dd 100644
--- a/src/lib/rpc/clnt_tcp.c
+++ b/src/lib/rpc/clnt_tcp.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -30,7 +30,7 @@
 #if !defined(lint) && defined(SCCSIDS)
 static char sccsid[] = "@(#)clnt_tcp.c 1.37 87/10/05 Copyr 1984 Sun Micro";
 #endif
- 
+
 /*
  * clnt_tcp.c, Implements a TCP/IP based, client side RPC.
  *
@@ -90,7 +90,7 @@ struct ct_data {
 	bool_t		ct_closeit;
 	struct timeval	ct_wait;
 	bool_t          ct_waitset;       /* wait set by clnt_control? */
-	struct sockaddr_in ct_addr; 
+	struct sockaddr_in ct_addr;
 	struct rpc_err	ct_error;
 	union {
 	  char		ct_mcall[MCALL_MSG_SIZE];	/* marshalled callmsg */
@@ -377,7 +377,7 @@ clnttcp_control(
 {
 	register struct ct_data *ct = (struct ct_data *)cl->cl_private;
 	GETSOCKNAME_ARG3_TYPE len;
-	
+
 	switch (request) {
 	case CLSET_TIMEOUT:
 		ct->ct_wait = *(struct timeval *)info;
diff --git a/src/lib/rpc/clnt_udp.c b/src/lib/rpc/clnt_udp.c
index 25474b9e9..a3876a70e 100644
--- a/src/lib/rpc/clnt_udp.c
+++ b/src/lib/rpc/clnt_udp.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -76,7 +76,7 @@ static struct clnt_ops udp_ops = {
 	clntudp_control
 };
 
-/* 
+/*
  * Private data kept per client handle
  */
 struct cu_data {
@@ -197,7 +197,7 @@ clntudp_bufcreate(
 	     cu->cu_llen = sizeof(cu->cu_laddr);
 	if (getsockname(*sockp, (struct sockaddr *)&cu->cu_laddr, &cu->cu_llen) < 0)
 	     goto fooy;
-	
+
 	cu->cu_sock = *sockp;
 	cl->cl_auth = authnone_create();
 	return (cl);
@@ -222,7 +222,7 @@ clntudp_create(
 	    UDPMSGSIZE, UDPMSGSIZE));
 }
 
-static enum clnt_stat 
+static enum clnt_stat
 clntudp_call(
 	register CLIENT	*cl,		/* client handle */
 	rpcproc_t	proc,		/* procedure number */
@@ -306,7 +306,7 @@ send_again:
 	for (;;) {
 		readfds = mask;
 		seltimeout = cu->cu_wait;
-		switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, 
+		switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL,
 			       (fd_set *)NULL, &seltimeout)) {
 
 		case 0:
@@ -319,7 +319,7 @@ send_again:
 			if ((time_waited.tv_sec < timeout.tv_sec) ||
 				((time_waited.tv_sec == timeout.tv_sec) &&
 				(time_waited.tv_usec < timeout.tv_usec)))
-				goto send_again;	
+				goto send_again;
 			return (cu->cu_error.re_status = RPC_TIMEDOUT);
 
 		/*
@@ -328,28 +328,28 @@ send_again:
 		 */
 		case -1:
 			if (errno == EINTR)
-				continue;	
+				continue;
 			cu->cu_error.re_errno = errno;
 			return (cu->cu_error.re_status = RPC_CANTRECV);
 		}
 		do {
 			fromlen = sizeof(struct sockaddr);
-			inlen = recvfrom(cu->cu_sock, cu->cu_inbuf, 
+			inlen = recvfrom(cu->cu_sock, cu->cu_inbuf,
 				cu->cu_recvsz, 0,
 				(struct sockaddr *)&from, &fromlen);
 		} while (inlen < 0 && errno == EINTR);
 		if (inlen < 0) {
 			if (errno == EWOULDBLOCK)
-				continue;	
+				continue;
 			cu->cu_error.re_errno = errno;
 			return (cu->cu_error.re_status = RPC_CANTRECV);
 		}
 		if (inlen < sizeof(uint32_t))
-			continue;	
+			continue;
 		/* see if reply transaction id matches sent id */
-		if (*((uint32_t *)(void *)(cu->cu_inbuf)) != 
+		if (*((uint32_t *)(void *)(cu->cu_inbuf)) !=
 		    *((uint32_t *)(void *)(cu->cu_outbuf)))
-			continue;	
+			continue;
 		/* we now assume we have the proper reply */
 		break;
 	}
@@ -387,7 +387,7 @@ send_again:
 		    xdrs->x_op = XDR_FREE;
 		    (void)xdr_opaque_auth(xdrs,
 					  &(reply_msg.acpted_rply.ar_verf));
-		} 
+		}
 	}  /* end of valid reply message */
 	else {
 		/*
@@ -435,7 +435,7 @@ clntudp_freeres(
 
 
 /*ARGSUSED*/
-static void 
+static void
 clntudp_abort(CLIENT *h)
 {
 }
@@ -447,7 +447,7 @@ clntudp_control(
 	void *info)
 {
 	register struct cu_data *cu = (struct cu_data *)cl->cl_private;
-	
+
 	switch (request) {
 	case CLSET_TIMEOUT:
 		cu->cu_total = *(struct timeval *)info;
@@ -472,7 +472,7 @@ clntudp_control(
 	}
 	return (TRUE);
 }
-	
+
 static void
 clntudp_destroy(CLIENT *cl)
 {
diff --git a/src/lib/rpc/dyn.c b/src/lib/rpc/dyn.c
index 192095cbc..bce1fd2a7 100644
--- a/src/lib/rpc/dyn.c
+++ b/src/lib/rpc/dyn.c
@@ -81,7 +81,7 @@ DynObjectP DynCopy(obj)
    DynObjectP obj;
 {
      DynObjectP obj1;
-     
+
      obj1 = (DynObjectP) malloc(sizeof(DynObjectRecP));
      if (obj1 == NULL)
 	  return NULL;
@@ -98,7 +98,7 @@ DynObjectP DynCopy(obj)
 	  free(obj1);
 	  return NULL;
      }
-     memcpy(obj1->array, obj->array, 
+     memcpy(obj1->array, obj->array,
 	    (size_t) (obj1->el_size * obj1->size));
 
      return obj1;
@@ -154,7 +154,7 @@ int DynDebug(obj, state)
 /*
  * Checkers!  Get away from that "hard disk erase" button!
  *    (Stupid dog.  He almost did it to me again ...)
- */                                 
+ */
 int DynDelete(obj, idx)
    DynObjectP obj;
    int idx;
@@ -164,7 +164,7 @@ int DynDelete(obj, idx)
 	       fprintf(stderr, "dyn: delete: bad index %d\n", idx);
 	  return DYN_BADINDEX;
      }
-     
+
      if (idx >= obj->num_el) {
 	  if (obj->debug)
 	       fprintf(stderr, "dyn: delete: Highest index is %d.\n",
@@ -182,14 +182,14 @@ int DynDelete(obj, idx)
 	       if (obj->debug)
 		    fprintf(stderr, "dyn: delete: last element, punting.\n");
 	  }
-     }	  
+     }
      else {
 	  if (obj->debug)
 	       fprintf(stderr,
 		       "dyn: delete: copying %d bytes from %p + %d to + %d.\n",
 		       obj->el_size*(obj->num_el - idx), obj->array,
 		       (idx+1)*obj->el_size, idx*obj->el_size);
-	  
+
 	  memmove(obj->array + idx*obj->el_size,
 		  obj->array + (idx+1)*obj->el_size,
 		  (size_t) obj->el_size*(obj->num_el - idx));
@@ -203,9 +203,9 @@ int DynDelete(obj, idx)
 		     (size_t) obj->el_size);
 	  }
      }
-     
+
      --obj->num_el;
-     
+
      if (obj->debug)
 	  fprintf(stderr, "dyn: delete: done.\n");
 
@@ -244,7 +244,7 @@ int DynInsert(obj, idx, els_in, num)
 {
      DynPtr els = (DynPtr) els_in;
      int ret;
-     
+
      if (idx < 0 || idx > obj->num_el) {
 	  if (obj->debug)
 	       fprintf(stderr, "dyn: insert: index %d is not in [0,%d]\n",
@@ -327,18 +327,18 @@ DynPtr DynGet(obj, num)
 	       fprintf(stderr, "dyn: get: bad index %d\n", num);
 	  return NULL;
      }
-     
+
      if (num >= obj->num_el) {
 	  if (obj->debug)
 	       fprintf(stderr, "dyn: get: highest element is %d.\n",
 		       obj->num_el);
 	  return NULL;
      }
-     
+
      if (obj->debug)
 	  fprintf(stderr, "dyn: get: Returning address %p + %d.\n",
 		  obj->array, obj->el_size*num);
-     
+
      return (DynPtr) obj->array + obj->el_size*num;
 }
 
@@ -347,7 +347,7 @@ int DynAdd(obj, el)
    void *el;
 {
      int	ret;
-     
+
      ret = DynPut(obj, el, obj->num_el);
      if (ret != DYN_OK)
 	  return ret;
@@ -371,7 +371,7 @@ int DynPut(obj, el_in, idx)
 {
      DynPtr el = (DynPtr) el_in;
      int ret;
-     
+
      if (obj->debug)
 	  fprintf(stderr, "dyn: put: Writing %d bytes from %p to %p + %d\n",
 		  obj->el_size, el, obj->array, idx*obj->el_size);
@@ -383,7 +383,7 @@ int DynPut(obj, el_in, idx)
 
      if (obj->debug)
 	  fprintf(stderr, "dyn: put: done.\n");
-     
+
      return DYN_OK;
 }
 
@@ -402,7 +402,7 @@ int _DynResize(obj, req)
    int req;
 {
      int size;
-     
+
      if (obj->size > req)
 	  return DYN_OK;
      else if (obj->inc > 0)
@@ -410,9 +410,9 @@ int _DynResize(obj, req)
      else {
 	  if (obj->size == 0)
 	       size = -obj->inc;
-	  else 
+	  else
 	       size = obj->size;
-	  
+
 	  /*@-shiftsigned@*/
 	  while (size <= req)
 	       size <<= 1;
@@ -426,7 +426,7 @@ int _DynResize(obj, req)
  * Resize the array by num_incs units.  If obj->inc is positive, this
  * means make it obj->inc*num_incs elements larger.  If obj->inc is
  * negative, this means make the array num_incs elements long.
- * 
+ *
  * Ideally, this function should not be called from outside the
  * library.  However, nothing will break if it is.
  */
@@ -441,13 +441,13 @@ int _DynRealloc(obj, num_incs)
 	  new_size_in_bytes = obj->el_size*(obj->size + obj->inc*num_incs);
      else
 	  new_size_in_bytes = obj->el_size*num_incs;
-     
+
      if (obj->debug)
 	  fprintf(stderr,
 		  "dyn: alloc: Increasing object by %d bytes (%d incs).\n",
 		  new_size_in_bytes - obj->el_size*obj->size,
 		  num_incs);
-     
+
      temp = (DynPtr) realloc(obj->array, (size_t) new_size_in_bytes);
      if (temp == NULL) {
 	  if (obj->debug)
@@ -464,7 +464,7 @@ int _DynRealloc(obj, num_incs)
 
      if (obj->debug)
 	  fprintf(stderr, "dyn: alloc: done.\n");
-	  
+
      return DYN_OK;
 }
 
@@ -546,7 +546,7 @@ Sat Dec  6 22:50:03 1997  Ezra Peisach  <epeisach@mit.edu>
 Mon Jul 22 21:37:52 1996  Ezra Peisach  <epeisach@mit.edu>
 
 	* dyn.h: If __STDC__ is not defined, generate prototypes implying
-		functions and not variables. 
+		functions and not variables.
 
 Mon Jul 22 04:20:48 1996  Marc Horowitz  <marc@mit.edu>
 
diff --git a/src/lib/rpc/dyn.h b/src/lib/rpc/dyn.h
index a888b1d7b..2e3f3e517 100644
--- a/src/lib/rpc/dyn.h
+++ b/src/lib/rpc/dyn.h
@@ -39,7 +39,7 @@ typedef struct _DynObject {
 #define DYN_NOMEM	-1001
 #define DYN_BADINDEX	-1002
 #define DYN_BADVALUE	-1003
-     
+
 #define DynCreate	gssrpcint_DynCreate
 #define DynDestroy	gssrpcint_DynDestroy
 #define DynRelease	gssrpcint_DynRelease
diff --git a/src/lib/rpc/dynP.h b/src/lib/rpc/dynP.h
index f2e1c3e88..462ce186d 100644
--- a/src/lib/rpc/dynP.h
+++ b/src/lib/rpc/dynP.h
@@ -41,7 +41,7 @@ typedef struct _DynObject DynObjectRecP, *DynObjectP;
 #define _DynResize	gssrpcint_DynResize
 
 /* Internal functions */
-int _DynRealloc (DynObjectP obj, int req), 
+int _DynRealloc (DynObjectP obj, int req),
   _DynResize (DynObjectP obj, int req);
 
 #undef P
diff --git a/src/lib/rpc/dyntest.c b/src/lib/rpc/dyntest.c
index 2a80b4fa9..5e68f6145 100644
--- a/src/lib/rpc/dyntest.c
+++ b/src/lib/rpc/dyntest.c
@@ -50,7 +50,7 @@ main(argc, argv)
      dbmallopt(MALLOC_REUSE, &arg);
 
      o_size = malloc_inuse(&hist1);
-#endif 
+#endif
 
      /*@+matchanyintegral@*/
      obj = DynCreate(sizeof(char), -8);
@@ -58,7 +58,7 @@ main(argc, argv)
 	  fprintf(stderr, "test: create failed.\n");
 	  exit(1);
      }
-     
+
      if(DynDebug(obj, 1) != DYN_OK) {
 	  fprintf(stderr, "test: setting paranoid failed.\n");
 	  exit(1);
@@ -67,9 +67,9 @@ main(argc, argv)
 	  fprintf(stderr, "test: setting paranoid failed.\n");
 	  exit(1);
      }
-       
 
-     if ((DynGet(obj, -5) != NULL) || 
+
+     if ((DynGet(obj, -5) != NULL) ||
 	 (DynGet(obj, 0) != NULL) || (DynGet(obj, 1000) != NULL)) {
 	  fprintf(stderr, "test: Get did not fail when it should have.\n");
 	  exit(1);
@@ -96,7 +96,7 @@ main(argc, argv)
 	  fprintf(stderr, "test: appending array failed.\n");
 	  exit(1);
      }
-     
+
      if (DynDelete(obj, DynHigh(obj) / 2) != DYN_OK) {
 	  fprintf(stderr, "test: deleting element failed.\n");
 	  exit(1);
@@ -153,17 +153,17 @@ main(argc, argv)
 		   1) != DYN_OK) {
 	  fprintf(stderr, "DynInsert to end failed.\n");
 	  exit(1);
-     }  
+     }
 
      if (DynInsert(obj, 19, insert2, strlen(insert2)) != DYN_OK) {
 	  fprintf(stderr, "DynInsert to middle failed.\n");
 	  exit(1);
      }
-     
+
      if (DynInsert(obj, 0, insert1, strlen(insert1)+1) != DYN_OK) {
 	  fprintf(stderr, "DynInsert to start failed.\n");
 	  exit(1);
-     }	
+     }
 
      data = DynGet(obj, 14 + strlen(insert1) + 1);
      if (data == NULL) {
@@ -194,7 +194,7 @@ main(argc, argv)
 	  malloc_list(2, hist1, hist2);
      }
 #endif
-     
+
      printf("All tests pass\n");
 
      return 0;
diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c
index 6ec017063..caaa87f6b 100644
--- a/src/lib/rpc/get_myaddress.c
+++ b/src/lib/rpc/get_myaddress.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -46,7 +46,7 @@ static char sccsid[] = "@(#)get_myaddress.c 1.4 87/08/11 Copyr 1984 Sun Micro";
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <krb5.h>
-/* 
+/*
  * don't use gethostbyname, which would invoke yellow pages
  */
 int
@@ -75,7 +75,7 @@ get_myaddress(struct sockaddr_in *addr)
 #include <arpa/inet.h>
 #include <netinet/in.h>
 
-/* 
+/*
  * don't use gethostbyname, which would invoke yellow pages
  */
 get_myaddress(struct sockaddr_in *addr)
diff --git a/src/lib/rpc/getrpcent.c b/src/lib/rpc/getrpcent.c
index 065403937..a30c01d51 100644
--- a/src/lib/rpc/getrpcent.c
+++ b/src/lib/rpc/getrpcent.c
@@ -10,23 +10,23 @@ static  char sccsid[] = "@(#)getrpcent.c 1.9 87/08/11  Copyr 1984 Sun Micro";
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/getrpcport.c b/src/lib/rpc/getrpcport.c
index 8688df2ea..e8398b9f8 100644
--- a/src/lib/rpc/getrpcport.c
+++ b/src/lib/rpc/getrpcport.c
@@ -9,23 +9,23 @@ static  char sccsid[] = "@(#)getrpcport.c 1.3 87/08/11 SMI";
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/gssrpcint.h b/src/lib/rpc/gssrpcint.h
index c9f03d868..8110596aa 100644
--- a/src/lib/rpc/gssrpcint.h
+++ b/src/lib/rpc/gssrpcint.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * <<< Description >>>
  */
diff --git a/src/lib/rpc/pmap_clnt.c b/src/lib/rpc/pmap_clnt.c
index affac9fb7..eeb5019ff 100644
--- a/src/lib/rpc/pmap_clnt.c
+++ b/src/lib/rpc/pmap_clnt.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/pmap_getmaps.c b/src/lib/rpc/pmap_getmaps.c
index 36997c22a..e961ac9f6 100644
--- a/src/lib/rpc/pmap_getmaps.c
+++ b/src/lib/rpc/pmap_getmaps.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/pmap_getport.c b/src/lib/rpc/pmap_getport.c
index 998a08199..147bbec50 100644
--- a/src/lib/rpc/pmap_getport.c
+++ b/src/lib/rpc/pmap_getport.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/pmap_prot.c b/src/lib/rpc/pmap_prot.c
index 0f39f91a4..46fcfd627 100644
--- a/src/lib/rpc/pmap_prot.c
+++ b/src/lib/rpc/pmap_prot.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -47,8 +47,8 @@ bool_t
 xdr_pmap(XDR *xdrs, struct pmap *regs)
 {
 
-	if (xdr_rpcprog(xdrs, &regs->pm_prog) && 
-		xdr_rpcvers(xdrs, &regs->pm_vers) && 
+	if (xdr_rpcprog(xdrs, &regs->pm_prog) &&
+		xdr_rpcvers(xdrs, &regs->pm_vers) &&
 		xdr_rpcprot(xdrs, &regs->pm_prot))
 		return (xdr_rpcport(xdrs, &regs->pm_port));
 	return (FALSE);
diff --git a/src/lib/rpc/pmap_prot2.c b/src/lib/rpc/pmap_prot2.c
index 13dc1afb6..491dc4045 100644
--- a/src/lib/rpc/pmap_prot2.c
+++ b/src/lib/rpc/pmap_prot2.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -43,7 +43,7 @@ static char sccsid[] = "@(#)pmap_prot2.c 1.3 87/08/11 Copyr 1984 Sun Micro";
 #include <gssrpc/pmap_prot.h>
 
 
-/* 
+/*
  * What is going on with linked lists? (!)
  * First recall the link list declaration from pmap_prot.h:
  *
@@ -52,11 +52,11 @@ static char sccsid[] = "@(#)pmap_prot2.c 1.3 87/08/11 Copyr 1984 Sun Micro";
  *	struct pmaplist *pml_map;
  * };
  *
- * Compare that declaration with a corresponding xdr declaration that 
+ * Compare that declaration with a corresponding xdr declaration that
  * is (a) pointer-less, and (b) recursive:
  *
  * typedef union switch (bool_t) {
- * 
+ *
  *	case TRUE: struct {
  *		struct pmap;
  * 		pmaplist_t foo;
@@ -69,8 +69,8 @@ static char sccsid[] = "@(#)pmap_prot2.c 1.3 87/08/11 Copyr 1984 Sun Micro";
  * the C declaration has no bool_t variable.  The bool_t can be
  * interpreted as ``more data follows me''; if FALSE then nothing
  * follows this bool_t; if TRUE then the bool_t is followed by
- * an actual struct pmap, and then (recursively) by the 
- * xdr union, pamplist_t.  
+ * an actual struct pmap, and then (recursively) by the
+ * xdr union, pamplist_t.
  *
  * This could be implemented via the xdr_union primitive, though this
  * would cause a one recursive call per element in the list.  Rather than do
@@ -105,7 +105,7 @@ xdr_pmaplist(register XDR *xdrs, register struct pmaplist **rp)
 		 * before we free the current object ...
 		 */
 		if (freeing)
-			next = &((*rp)->pml_next); 
+			next = &((*rp)->pml_next);
 		if (! xdr_reference(xdrs, (caddr_t *)rp,
 		    (u_int)sizeof(struct pmaplist), xdr_pmap))
 			return (FALSE);
diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c
index dbe597da3..ee630d21a 100644
--- a/src/lib/rpc/pmap_rmt.c
+++ b/src/lib/rpc/pmap_rmt.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -171,7 +171,7 @@ xdr_rmtcallres(
 
 /*
  * The following is kludged-up support for simple rpc broadcasts.
- * Someday a large, complicated system will replace these trivial 
+ * Someday a large, complicated system will replace these trivial
  * routines which only support udp/ip .
  */
 
@@ -216,7 +216,7 @@ getbroadcastnets(
 							   (sockin->sin_addr),
 #else /* hpux or solaris */
 							   (sockin->sin_addr.s_addr),
-#endif				
+#endif
 							   INADDR_ANY);
 #endif
 			} else {
@@ -232,7 +232,7 @@ getbroadcastnets(
 	return (i);
 }
 
-enum clnt_stat 
+enum clnt_stat
 clnt_broadcast(
 	rpcprog_t	prog,		/* program number */
 	rpcvers_t	vers,		/* version number */
@@ -268,7 +268,7 @@ clnt_broadcast(
 	struct rmtcallargs a;
 	struct rmtcallres r;
 	struct rpc_msg msg;
-	struct timeval t, t2; 
+	struct timeval t, t2;
 	char outbuf[MAX_BROADCAST_SIZE];
 #ifndef MAX
 #define MAX(A,B) ((A)<(B)?(B):(A))
@@ -355,7 +355,7 @@ clnt_broadcast(
                 msg.acpted_rply.ar_results.proc = xdr_rmtcallres;
 		readfds = mask;
 		t2 = t;
-		switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, 
+		switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL,
 			       (fd_set *)NULL, &t2)) {
 
 		case 0:  /* timed out */
@@ -421,4 +421,3 @@ done_broad:
 	AUTH_DESTROY(unix_auth);
 	return (stat);
 }
-
diff --git a/src/lib/rpc/rpc_callmsg.c b/src/lib/rpc/rpc_callmsg.c
index 2e4789abb..233fc7d38 100644
--- a/src/lib/rpc/rpc_callmsg.c
+++ b/src/lib/rpc/rpc_callmsg.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -131,7 +131,7 @@ xdr_callmsg(register XDR *xdrs, register struct rpc_msg *cmsg)
 						return (FALSE);
 					}
 				} else {
-					memmove(oa->oa_base, (caddr_t)buf, 
+					memmove(oa->oa_base, (caddr_t)buf,
 						oa->oa_length);
 					/* no real need....
 					buf += RNDUP(oa->oa_length) /
@@ -167,7 +167,7 @@ xdr_callmsg(register XDR *xdrs, register struct rpc_msg *cmsg)
 						return (FALSE);
 					}
 				} else {
-					memmove(oa->oa_base, (caddr_t) buf, 
+					memmove(oa->oa_base, (caddr_t) buf,
 					    oa->oa_length);
 					/* no real need...
 					buf += RNDUP(oa->oa_length) /
@@ -191,4 +191,3 @@ xdr_callmsg(register XDR *xdrs, register struct rpc_msg *cmsg)
 	    return (xdr_opaque_auth(xdrs, &(cmsg->rm_call.cb_verf)));
 	return (FALSE);
 }
-
diff --git a/src/lib/rpc/rpc_commondata.c b/src/lib/rpc/rpc_commondata.c
index 882b6a4ea..6da7ac8b8 100644
--- a/src/lib/rpc/rpc_commondata.c
+++ b/src/lib/rpc/rpc_commondata.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/rpc_dtablesize.c b/src/lib/rpc/rpc_dtablesize.c
index c7d23296f..a933e8e03 100644
--- a/src/lib/rpc/rpc_dtablesize.c
+++ b/src/lib/rpc/rpc_dtablesize.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -38,17 +38,17 @@ static char sccsid[] = "@(#)rpc_dtablesize.c 1.2 87/08/11 Copyr 1987 Sun Micro";
  * Cache the result of getdtablesize(), so we don't have to do an
  * expensive system call every time.
  */
-int 
+int
 gssrpc__rpc_dtablesize(void)
 {
 	static int size;
-	
+
 	if (size == 0) {
 #ifdef _SC_OPEN_MAX
 	    size = (int) sysconf(_SC_OPEN_MAX);
-#else	    
+#else
 	    size = getdtablesize();
-#endif	    
+#endif
 
 /* sysconf() can return a number larger than what will fit in an
    fd_set.  we can't use fd's larger than this, anyway. */
diff --git a/src/lib/rpc/rpc_prot.c b/src/lib/rpc/rpc_prot.c
index 17e26b101..b66d666f0 100644
--- a/src/lib/rpc/rpc_prot.c
+++ b/src/lib/rpc/rpc_prot.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -78,7 +78,7 @@ xdr_des_block(XDR *xdrs, des_block *blkp)
 /*
  * XDR the MSG_ACCEPTED part of a reply message union
  */
-bool_t 
+bool_t
 xdr_accepted_reply(XDR *xdrs, struct accepted_reply *ar)
 {
 
@@ -109,7 +109,7 @@ xdr_accepted_reply(XDR *xdrs, struct accepted_reply *ar)
 /*
  * XDR the MSG_DENIED part of a reply message union
  */
-bool_t 
+bool_t
 xdr_rejected_reply(XDR *xdrs, struct rejected_reply *rr)
 {
 
@@ -141,7 +141,7 @@ bool_t
 xdr_replymsg(XDR *xdrs, struct rpc_msg *rmsg)
 {
 	if (
-	    xdr_u_int32(xdrs, &(rmsg->rm_xid)) && 
+	    xdr_u_int32(xdrs, &(rmsg->rm_xid)) &&
 	    xdr_enum(xdrs, (enum_t *)&(rmsg->rm_direction)) &&
 	    (rmsg->rm_direction == REPLY) )
 		return (xdr_union(xdrs, (enum_t *)&(rmsg->rm_reply.rp_stat),
@@ -209,7 +209,7 @@ accepted(enum accept_stat acpt_stat, struct rpc_err *error)
 	error->re_lb.s2 = (int32_t)acpt_stat;
 }
 
-static void 
+static void
 rejected(enum reject_stat rjct_stat, struct rpc_err *error)
 {
 
diff --git a/src/lib/rpc/svc.c b/src/lib/rpc/svc.c
index 25b13f63b..86179c650 100644
--- a/src/lib/rpc/svc.c
+++ b/src/lib/rpc/svc.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -123,11 +123,11 @@ xprt_register(SVCXPRT *xprt)
 }
 
 /*
- * De-activate a transport handle. 
+ * De-activate a transport handle.
  */
 void
 xprt_unregister(SVCXPRT *xprt)
-{ 
+{
 	register int sock = xprt->xp_sock;
 
 #ifdef FD_SETSIZE
@@ -246,15 +246,15 @@ svc_sendreply(
 	xdrproc_t xdr_results,
 	caddr_t xdr_location)
 {
-	struct rpc_msg rply; 
+	struct rpc_msg rply;
 
-	rply.rm_direction = REPLY;  
-	rply.rm_reply.rp_stat = MSG_ACCEPTED; 
-	rply.acpted_rply.ar_verf = xprt->xp_verf; 
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
+	rply.acpted_rply.ar_verf = xprt->xp_verf;
 	rply.acpted_rply.ar_stat = SUCCESS;
 	rply.acpted_rply.ar_results.where = xdr_location;
 	rply.acpted_rply.ar_results.proc = xdr_results;
-	return (SVC_REPLY(xprt, &rply)); 
+	return (SVC_REPLY(xprt, &rply));
 }
 
 /*
@@ -278,13 +278,13 @@ svcerr_noproc(register SVCXPRT *xprt)
 void
 svcerr_decode(register SVCXPRT *xprt)
 {
-	struct rpc_msg rply; 
+	struct rpc_msg rply;
 
-	rply.rm_direction = REPLY; 
-	rply.rm_reply.rp_stat = MSG_ACCEPTED; 
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
 	rply.acpted_rply.ar_verf = xprt->xp_verf;
 	rply.acpted_rply.ar_stat = GARBAGE_ARGS;
-	SVC_REPLY(xprt, &rply); 
+	SVC_REPLY(xprt, &rply);
 }
 
 /*
@@ -293,13 +293,13 @@ svcerr_decode(register SVCXPRT *xprt)
 void
 svcerr_systemerr(register SVCXPRT *xprt)
 {
-	struct rpc_msg rply; 
+	struct rpc_msg rply;
 
-	rply.rm_direction = REPLY; 
-	rply.rm_reply.rp_stat = MSG_ACCEPTED; 
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
 	rply.acpted_rply.ar_verf = xprt->xp_verf;
 	rply.acpted_rply.ar_stat = SYSTEM_ERR;
-	SVC_REPLY(xprt, &rply); 
+	SVC_REPLY(xprt, &rply);
 }
 
 /*
@@ -332,14 +332,14 @@ svcerr_weakauth(SVCXPRT *xprt)
 /*
  * Program unavailable error reply
  */
-void 
+void
 svcerr_noprog(register SVCXPRT *xprt)
 {
-	struct rpc_msg rply;  
+	struct rpc_msg rply;
 
-	rply.rm_direction = REPLY;   
-	rply.rm_reply.rp_stat = MSG_ACCEPTED;  
-	rply.acpted_rply.ar_verf = xprt->xp_verf;  
+	rply.rm_direction = REPLY;
+	rply.rm_reply.rp_stat = MSG_ACCEPTED;
+	rply.acpted_rply.ar_verf = xprt->xp_verf;
 	rply.acpted_rply.ar_stat = PROG_UNAVAIL;
 	SVC_REPLY(xprt, &rply);
 }
@@ -347,7 +347,7 @@ svcerr_noprog(register SVCXPRT *xprt)
 /*
  * Program version mismatch error reply
  */
-void  
+void
 svcerr_progvers(
 	register SVCXPRT *xprt,
 	rpcvers_t low_vers,
@@ -374,9 +374,9 @@ svcerr_progvers(
  * the "raw" parameters (msg.rm_call.cb_cred and msg.rm_call.cb_verf) and
  * the "cooked" credentials (rqst->rq_clntcred).
  * However, this function does not know the structure of the cooked
- * credentials, so it make the following assumptions: 
+ * credentials, so it make the following assumptions:
  *   a) the structure is contiguous (no pointers), and
- *   b) the cred structure size does not exceed RQCRED_SIZE bytes. 
+ *   b) the cred structure size does not exceed RQCRED_SIZE bytes.
  * In all events, all three parameters are freed upon exit from this routine.
  * The storage is trivially management on the call stack in user land, but
  * is mallocated in kernel land.
diff --git a/src/lib/rpc/svc_auth.c b/src/lib/rpc/svc_auth.c
index 8732619cb..de77e4d42 100644
--- a/src/lib/rpc/svc_auth.c
+++ b/src/lib/rpc/svc_auth.c
@@ -8,11 +8,11 @@ static char sccsid[] = "@(#)svc_auth.c	2.1 88/08/07 4.0 RPCSRC; from 1.19 87/08/
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
@@ -42,12 +42,12 @@ static char sccsid[] = "@(#)svc_auth.c	2.1 88/08/07 4.0 RPCSRC; from 1.19 87/08/
 /*
  * Server side authenticators are called from authenticate by
  * using the client auth struct flavor field to index into svcauthsw.
- * The server auth flavors must implement a routine that looks  
- * like: 
- * 
+ * The server auth flavors must implement a routine that looks
+ * like:
+ *
  *	enum auth_stat
  *	flavorx_auth(rqst, msg)
- *		register struct svc_req *rqst; 
+ *		register struct svc_req *rqst;
  *		register struct rpc_msg *msg;
  *
  */
@@ -104,6 +104,6 @@ gssrpc__authenticate(
 							  no_dispatch));
 	     }
 	}
-	
+
 	return (AUTH_REJECTEDCRED);
 }
diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c
index 990e7fa85..cac57027b 100644
--- a/src/lib/rpc/svc_auth_gss.c
+++ b/src/lib/rpc/svc_auth_gss.c
@@ -1,6 +1,6 @@
 /*
   svc_auth_gss.c
-  
+
   Copyright (c) 2000 The Regents of the University of Michigan.
   All rights reserved.
 
@@ -160,7 +160,7 @@ svcauth_gss_acquire_cred(void)
 	maj_stat = gss_acquire_cred(&min_stat, svcauth_gss_name, 0,
 				    GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
 				    &svcauth_gss_creds, NULL, NULL);
-	
+
 	if (maj_stat != GSS_S_COMPLETE) {
 		log_status("gss_acquire_cred", maj_stat, min_stat);
 		return (FALSE);
@@ -172,18 +172,18 @@ static bool_t
 svcauth_gss_release_cred(void)
 {
 	OM_uint32	maj_stat, min_stat;
-	
+
 	log_debug("in svcauth_gss_release_cred()");
-	
+
 	maj_stat = gss_release_cred(&min_stat, &svcauth_gss_creds);
-	
+
 	if (maj_stat != GSS_S_COMPLETE) {
 		log_status("gss_release_cred", maj_stat, min_stat);
 		return (FALSE);
 	}
-	
+
 	svcauth_gss_creds = NULL;
-	
+
 	return (TRUE);
 }
 
@@ -198,14 +198,14 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
 	OM_uint32		 maj_stat = 0, min_stat = 0, ret_flags, seq;
 
 	log_debug("in svcauth_gss_accept_context()");
-	
+
 	gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
 	gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
 	memset(gr, 0, sizeof(*gr));
 
 	/* Deserialize arguments. */
 	memset(&recv_tok, 0, sizeof(recv_tok));
-	
+
 	if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args,
 			 (caddr_t)&recv_tok))
 		return (FALSE);
@@ -237,7 +237,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
 		goto errout;
 	}
 	/*
-	 * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers, 
+	 * ANDROS: krb5 mechglue returns ctx of size 8 - two pointers,
 	 * one to the mechanism oid, one to the internal_ctx_id
 	 */
 	if ((gr->gr_ctx.value = mem_alloc(sizeof(gss_union_ctx_id_desc))) == NULL) {
@@ -249,7 +249,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
 
 	/* gr->gr_win = 0x00000005; ANDROS: for debugging linux kernel version...  */
 	gr->gr_win = sizeof(gd->seqmask) * 8;
-	
+
 	/* Save client info. */
 	gd->sec.mech = mech;
 	gd->sec.qop = GSS_C_QOP_DEFAULT;
@@ -265,7 +265,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
 		    maj_stat = gss_display_name(&min_stat, gd->client_name,
 					    &gd->cname, &gd->sec.mech);
 #ifdef SPKM
-		}	
+		}
 #endif
 		if (maj_stat != GSS_S_COMPLETE) {
 			log_status("display_name", maj_stat, min_stat);
@@ -282,7 +282,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
 			gss_buffer_desc mechname;
 
 			gss_oid_to_str(&min_stat, mech, &mechname);
-			
+
 			log_debug("accepted context for %.*s with "
 				  "<mech %.*s, qop %d, svc %d>",
 				  gd->cname.length, (char *)gd->cname.value,
@@ -304,8 +304,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst,
 		if (maj_stat != GSS_S_COMPLETE) {
 			goto errout;
 		}
-		
-		
+
+
 		rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
 		rqst->rq_xprt->xp_verf.oa_base = gd->checksum.value;
 		rqst->rq_xprt->xp_verf.oa_length = gd->checksum.length;
@@ -326,7 +326,7 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r
 	int32_t			*buf;
 
 	log_debug("in svcauth_gss_validate()");
-	
+
 	memset(rpchdr, 0, sizeof(rpchdr));
 
 	/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
@@ -357,10 +357,10 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r
 
 	checksum.value = msg->rm_call.cb_verf.oa_base;
 	checksum.length = msg->rm_call.cb_verf.oa_length;
-	
+
 	maj_stat = gss_verify_mic(&min_stat, gd->ctx, &rpcbuf, &checksum,
 				  &qop_state);
-	
+
 	if (maj_stat != GSS_S_COMPLETE) {
 		log_status("gss_verify_mic", maj_stat, min_stat);
 		if (log_badverf != NULL)
@@ -383,7 +383,7 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
 
 	if (rqst->rq_xprt->xp_auth == NULL)
 		return (FALSE);
-	
+
 	gd = SVCAUTH_PRIVATE(rqst->rq_xprt->xp_auth);
 
 	gss_release_buffer(&min_stat, &gd->checksum);
@@ -401,7 +401,7 @@ svcauth_gss_nextverf(struct svc_req *rqst, u_int num)
 	rqst->rq_xprt->xp_verf.oa_flavor = RPCSEC_GSS;
 	rqst->rq_xprt->xp_verf.oa_base = (caddr_t)gd->checksum.value;
 	rqst->rq_xprt->xp_verf.oa_length = (u_int)gd->checksum.length;
-	
+
 	return (TRUE);
 }
 
@@ -419,7 +419,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 	OM_uint32		 min_stat;
 
 	log_debug("in svcauth_gss()");
-	
+
 	/* Initialize reply. */
 	rqst->rq_xprt->xp_verf = gssrpc__null_auth;
 
@@ -445,7 +445,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 	/* Deserialize client credentials. */
 	if (rqst->rq_cred.oa_length <= 0)
 		return (AUTH_BADCRED);
-	
+
 	gc = (struct rpc_gss_cred *)rqst->rq_clntcred;
 	memset(gc, 0, sizeof(*gc));
 
@@ -455,7 +455,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 	xdrmem_create(&xdrs, rqst->rq_cred.oa_base,
 		      rqst->rq_cred.oa_length, XDR_DECODE);
 	log_debug("xdrmem_create() returned");
-	
+
 	if (!xdr_rpc_gss_cred(&xdrs, gc)) {
 		log_debug("xdr_rpc_gss_cred() failed");
 		XDR_DESTROY(&xdrs);
@@ -495,7 +495,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 		gd->seq = gc->gc_seq;
 		gd->seqmask |= (1 << offset);
 	}
-	
+
 	if (gd->established) {
 		rqst->rq_clntname = (char *)gd->client_name;
 		rqst->rq_svccred = (char *)gd->ctx;
@@ -511,7 +511,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 
 		if (!svcauth_gss_acquire_cred())
 			ret_freegc (AUTH_FAILED);
-		
+
 		if (!svcauth_gss_accept_sec_context(rqst, &gr))
 			ret_freegc (AUTH_REJECTEDCRED);
 
@@ -522,7 +522,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 			ret_freegc (AUTH_FAILED);
 		}
 		*no_dispatch = TRUE;
-		
+
 		call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res,
 					  (caddr_t)&gr);
 
@@ -534,24 +534,24 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 
 		if (gr.gr_major == GSS_S_COMPLETE)
 			gd->established = TRUE;
-		
+
 		break;
-		
+
 	case RPCSEC_GSS_DATA:
 		if (!svcauth_gss_validate(rqst, gd, msg))
 			ret_freegc (RPCSEC_GSS_CREDPROBLEM);
-		
+
 		if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
  			ret_freegc (AUTH_FAILED);
 		break;
-		
+
 	case RPCSEC_GSS_DESTROY:
 		if (rqst->rq_proc != NULLPROC)
 			ret_freegc (AUTH_FAILED);		/* XXX ? */
 
 		if (!svcauth_gss_validate(rqst, gd, msg))
 			ret_freegc (RPCSEC_GSS_CREDPROBLEM);
-		
+
 		if (!svcauth_gss_nextverf(rqst, htonl(gc->gc_seq)))
 			ret_freegc (AUTH_FAILED);
 
@@ -564,7 +564,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 
 		if (!svcauth_gss_release_cred())
 			ret_freegc (AUTH_FAILED);
-			
+
 		SVCAUTH_DESTROY(rqst->rq_xprt->xp_auth);
 		rqst->rq_xprt->xp_auth = &svc_auth_none;
 
@@ -588,9 +588,9 @@ svcauth_gss_destroy(SVCAUTH *auth)
 	OM_uint32		 min_stat;
 
 	log_debug("in svcauth_gss_destroy()");
-	
+
 	gd = SVCAUTH_PRIVATE(auth);
-	
+
 	gss_delete_sec_context(&min_stat, &gd->ctx, GSS_C_NO_BUFFER);
 	gss_release_buffer(&min_stat, &gd->cname);
 	gss_release_buffer(&min_stat, &gd->checksum);
@@ -600,7 +600,7 @@ svcauth_gss_destroy(SVCAUTH *auth)
 
 	mem_free(gd, sizeof(*gd));
 	mem_free(auth, sizeof(*auth));
-	
+
 	return (TRUE);
 }
 
@@ -608,11 +608,11 @@ static bool_t
 svcauth_gss_wrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
 {
 	struct svc_rpc_gss_data	*gd;
-	
+
 	log_debug("in svcauth_gss_wrap()");
 
 	gd = SVCAUTH_PRIVATE(auth);
-	
+
 	if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
 		return ((*xdr_func)(xdrs, xdr_ptr));
 	}
@@ -627,7 +627,7 @@ svcauth_gss_unwrap(SVCAUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr
 	struct svc_rpc_gss_data	*gd;
 
 	log_debug("in svcauth_gss_unwrap()");
-	
+
 	gd = SVCAUTH_PRIVATE(auth);
 
 	if (!gd->established || gd->sec.svc == RPCSEC_GSS_SVC_NONE) {
diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c
index e14a581a6..9688b8cd7 100644
--- a/src/lib/rpc/svc_auth_gssapi.c
+++ b/src/lib/rpc/svc_auth_gssapi.c
@@ -162,20 +162,20 @@ enum auth_stat gssrpc__svcauth_gssapi(
      uint32_t seq_num;
 
      PRINTF(("svcauth_gssapi: starting\n"));
-     
+
      /* clean up expired entries */
      clean_client();
 
      /* use AUTH_NONE until there is a client_handle */
      rqst->rq_xprt->xp_auth = &svc_auth_none;
-     
+
      memset(&call_res, 0, sizeof(call_res));
      creds.client_handle.length = 0;
      creds.client_handle.value = NULL;
-     
+
      cred = &msg->rm_call.cb_cred;
      verf = &msg->rm_call.cb_verf;
-     
+
      if (cred->oa_length == 0) {
 	  PRINTF(("svcauth_gssapi: empty creds, failing\n"));
 	  LOG_MISCERR("empty client credentials");
@@ -184,7 +184,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
      }
 
      PRINTF(("svcauth_gssapi: decoding credentials\n"));
-     xdrmem_create(&xdrs, cred->oa_base, cred->oa_length, XDR_DECODE); 
+     xdrmem_create(&xdrs, cred->oa_base, cred->oa_length, XDR_DECODE);
      memset(&creds, 0, sizeof(creds));
      if (! xdr_authgssapi_creds(&xdrs, &creds)) {
 	  PRINTF(("svcauth_gssapi: failed decoding creds\n"));
@@ -217,7 +217,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 	  }
      }
 #endif
-	  
+
      /*
       * If this is an auth_msg and proc is GSSAPI_INIT, then create a
       * client handle for this client.  Otherwise, look up the
@@ -230,9 +230,9 @@ enum auth_stat gssrpc__svcauth_gssapi(
 	       ret = AUTH_FAILED;
 	       goto error;
 	  }
-	       
+
 	  PRINTF(("svcauth_gssapi: GSSAPI_INIT, creating client.\n"));
-	  
+
 	  client_data = create_client();
 	  if (client_data == NULL) {
 	       PRINTF(("svcauth_gssapi: create_client failed\n"));
@@ -247,8 +247,8 @@ enum auth_stat gssrpc__svcauth_gssapi(
 	       ret = AUTH_FAILED;
 	       goto error;
 	  }
-	  
-	  PRINTF(("svcauth_gssapi: incoming client_handle %d, len %d\n", 
+
+	  PRINTF(("svcauth_gssapi: incoming client_handle %d, len %d\n",
 		  *((uint32_t *) creds.client_handle.value),
 		  (int) creds.client_handle.length));
 
@@ -265,7 +265,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
      /* any response we send will use client_handle, so set it now */
      call_res.client_handle.length = sizeof(client_data->key);
      call_res.client_handle.value = (char *) &client_data->key;
-     
+
      /* mark this call as using AUTH_GSSAPI via client_data's SVCAUTH */
      rqst->rq_xprt->xp_auth = &client_data->svcauth;
 
@@ -304,7 +304,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 
 	  /*
 	   * Process the call arg version number.
-	   * 
+	   *
 	   * Set the krb5_gss backwards-compatibility mode based on client
 	   * version.  This controls whether the AP_REP message is
 	   * encrypted with the session key (version 2+, correct) or the
@@ -369,7 +369,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 	   * If accept_sec_context returns something other than
 	   * success and GSS_S_FAILURE, then assume different
 	   * credentials won't help and stop looping.
-	   * 
+	   *
 	   * Note that there are really two cases here: (1) the client
 	   * has a server_creds already, and (2) it does not.  They
 	   * are both written in the same loop so that there is only
@@ -384,7 +384,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 		    PRINTF(("svcauth_gssapi: trying creds %d\n", i));
 		    server_creds = server_creds_list[i];
 	       }
-	       
+
 	       /* Free previous output_token from loop */
 	       if(i != 0) gss_release_buffer(&minor_stat, &output_token);
 
@@ -428,7 +428,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 		    break;
 	       }
 	  }
-	  
+
 	  gssstat = call_res.gss_major;
 	  minor_stat = call_res.gss_minor;
 
@@ -448,7 +448,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 				   call_res.gss_minor,
 				   &rqst->rq_xprt->xp_raddr,
 				   log_badauth_data);
-	       
+
 	       gss_release_buffer(&minor_stat, &output_token);
 	       svc_sendreply(rqst->rq_xprt, xdr_authgssapi_init_res,
 			     (caddr_t) &call_res);
@@ -456,7 +456,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 	       ret = AUTH_OK;
 	       goto error;
 	  }
-	      
+
 	  if (output_token.length != 0) {
 	       PRINTF(("svcauth_gssapi: got new output token\n"));
 	       GSS_COPY_BUFFER(call_res.token, output_token);
@@ -468,7 +468,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 			     (time_rec == GSS_C_INDEFINITE ?
 			      INDEF_EXPIRE : time_rec) + time(0));
 
-	       PRINTF(("svcauth_gssapi: context established, isn %d\n", 
+	       PRINTF(("svcauth_gssapi: context established, isn %d\n",
 		       client_data->seq_num));
 
 	       if (auth_gssapi_seal_seq(client_data->context,
@@ -503,17 +503,17 @@ enum auth_stat gssrpc__svcauth_gssapi(
 	  /* check the verifier */
 	  PRINTF(("svcauth_gssapi: checking verifier, len %d\n",
 		  verf->oa_length));
-	  
+
 	  in_buf.length = verf->oa_length;
 	  in_buf.value = verf->oa_base;
-	  
+
 	  if (auth_gssapi_unseal_seq(client_data->context, &in_buf,
 				     &seq_num) == FALSE) {
 	       ret = AUTH_BADVERF;
 	       LOG_MISCERR("internal error unsealing sequence number");
 	       goto error;
 	  }
-	  
+
 	  if (seq_num != client_data->seq_num + 1) {
 	       PRINTF(("svcauth_gssapi: expected isn %d, got %d\n",
 		       client_data->seq_num + 1, seq_num));
@@ -521,12 +521,12 @@ enum auth_stat gssrpc__svcauth_gssapi(
 		    (*log_badverf)(client_data->client_name,
 				   client_data->server_name,
 				   rqst, msg, log_badverf_data);
-	       
+
 	       ret = AUTH_REJECTEDVERF;
 	       goto error;
 	  }
 	  client_data->seq_num++;
-	  
+
 	  PRINTF(("svcauth_gssapi: seq_num %d okay\n", seq_num));
 
 	  /* free previous response verifier, if any */
@@ -534,7 +534,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 	       gss_release_buffer(&minor_stat, &client_data->prev_verf);
 	       client_data->prev_verf.length = 0;
 	  }
-	  
+
 	  /* prepare response verifier */
 	  seq_num = client_data->seq_num + 1;
 	  if (auth_gssapi_seal_seq(client_data->context, seq_num,
@@ -543,17 +543,17 @@ enum auth_stat gssrpc__svcauth_gssapi(
 	       LOG_MISCERR("internal error sealing sequence number");
 	       goto error;
 	  }
-	  
+
 	  client_data->seq_num++;
-	  
+
 	  PRINTF(("svcauth_gssapi; response seq_num %d\n", seq_num));
-	  
+
 	  rqst->rq_xprt->xp_verf.oa_flavor = AUTH_GSSAPI;
-	  rqst->rq_xprt->xp_verf.oa_base = out_buf.value; 
+	  rqst->rq_xprt->xp_verf.oa_base = out_buf.value;
 	  rqst->rq_xprt->xp_verf.oa_length = out_buf.length;
 
 	  /* save verifier so it can be freed next time */
-	  client_data->prev_verf.value = out_buf.value; 
+	  client_data->prev_verf.value = out_buf.value;
 	  client_data->prev_verf.length = out_buf.length;
 
 	  /*
@@ -590,7 +590,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 
 		    /* done with call args */
 		    xdr_free(xdr_authgssapi_init_arg, &call_arg);
-		    
+
 		    if (gssstat != GSS_S_COMPLETE) {
 			 AUTH_GSSAPI_DISPLAY_STATUS(("processing token",
 						     gssstat, minor_stat));
@@ -604,7 +604,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 
 	       case AUTH_GSSAPI_DESTROY:
 		    PRINTF(("svcauth_gssapi: GSSAPI_DESTROY\n"));
-		    
+
 		    PRINTF(("svcauth_gssapi: sending reply\n"));
 		    svc_sendreply(rqst->rq_xprt, xdr_void, NULL);
 		    *no_dispatch = TRUE;
@@ -634,7 +634,7 @@ enum auth_stat gssrpc__svcauth_gssapi(
 		  (int) creds.client_handle.length));
 	  xdr_free(xdr_authgssapi_creds, &creds);
      }
-     
+
      PRINTF(("\n"));
      return AUTH_OK;
 
@@ -644,7 +644,7 @@ error:
 		  (int) creds.client_handle.length));
 	  xdr_free(xdr_authgssapi_creds, &creds);
      }
-     
+
      PRINTF(("\n"));
      return ret;
 }
@@ -664,7 +664,7 @@ static void cleanup(void)
      }
 
      exit(0);
-}     
+}
 
 /*
  * Function: create_client
@@ -675,7 +675,7 @@ static void cleanup(void)
  * Returns: the new client_data structure, or NULL on failure.
  *
  * Effects:
- * 
+ *
  * A new client_data is created and stored in the hash table and
  * b-tree.  A new key that is unique in the current database is
  * chosen; this key should be used as the client's client_handle.
@@ -685,41 +685,41 @@ static svc_auth_gssapi_data *create_client(void)
      client_list *c;
      svc_auth_gssapi_data *client_data;
      static int client_key = 1;
-     
+
      PRINTF(("svcauth_gssapi: empty creds, creating\n"));
 
      client_data = (svc_auth_gssapi_data *) malloc(sizeof(*client_data));
      if (client_data == NULL)
 	  return NULL;
      memset(client_data, 0, sizeof(*client_data));
-     L_PRINTF(2, ("create_client: new client_data = %p\n", 
+     L_PRINTF(2, ("create_client: new client_data = %p\n",
 		  (void *) client_data));
-     
+
      /* set up client data structure */
      client_data->established = 0;
      client_data->context = GSS_C_NO_CONTEXT;
      client_data->expiration = time(0) + INITIATION_TIMEOUT;
-     
+
      /* set up psycho-recursive SVCAUTH hack */
      client_data->svcauth.svc_ah_ops = &svc_auth_gssapi_ops;
      client_data->svcauth.svc_ah_private = (caddr_t) client_data;
 
      client_data->key = client_key++;
-     
+
      c = (client_list *) malloc(sizeof(client_list));
      if (c == NULL)
 	  return NULL;
      c->client = client_data;
      c->next = NULL;
-     
-     
+
+
      if (clients == NULL)
 	  clients = c;
      else {
 	  c->next = clients;
 	  clients = c;
      }
-     
+
      PRINTF(("svcauth_gssapi: new handle %d\n", client_data->key));
      L_PRINTF(2, ("create_client: done\n"));
 
@@ -773,18 +773,18 @@ static svc_auth_gssapi_data *get_client(gss_buffer_t client_handle)
 {
      client_list *c;
      uint32_t handle;
-     
+
      memcpy(&handle, client_handle->value, 4);
-     
+
      L_PRINTF(2, ("get_client: looking for client %d\n", handle));
-     
+
      c = clients;
      while (c) {
 	  if (c->client->key == handle)
 	       return c->client;
 	  c = c->next;
      }
-     
+
      L_PRINTF(2, ("get_client: client_handle lookup failed\n"));
      return NULL;
 }
@@ -825,7 +825,7 @@ static void destroy_client(svc_auth_gssapi_data *client_data)
      if (gssstat != GSS_S_COMPLETE)
 	  AUTH_GSSAPI_DISPLAY_STATUS(("deleting context", gssstat,
 				      minor_stat));
-     
+
      gss_release_buffer(&minor_stat, &out_buf);
      gss_release_name(&minor_stat, &client_data->client_name);
      if (client_data->prev_verf.length != 0)
@@ -854,13 +854,13 @@ static void destroy_client(svc_auth_gssapi_data *client_data)
 	  PRINTF(("destroy_client: client_handle delete failed\n"));
 	  abort();
      }
-     
+
 done:
-     
+
      L_PRINTF(2, ("destroy_client: client %d destroyed\n", client_data->key));
-     
+
      free(client_data);
-     
+
 #if 0 /*ifdef PURIFY*/
      purify_watch_n(client_data, sizeof(*client_data), "rw");
 #endif
@@ -894,10 +894,10 @@ static void clean_client(void)
      c = clients;
      while (c) {
 	  client_data = c->client;
-	  
+
 	  L_PRINTF(2, ("clean_client: client_data = %p\n",
 		       (void *) client_data));
-	  
+
 	  if (client_data->expiration < time(0)) {
 	       PRINTF(("clean_client: client %d expired\n",
 		       client_data->key));
@@ -926,28 +926,28 @@ bool_t svcauth_gssapi_set_names(
      OM_uint32 gssstat, minor_stat;
      gss_buffer_desc in_buf;
      int i;
-     
+
      if (num == 0)
 	  for (; names[num].name != NULL; num++)
 	       ;
 
      server_creds_list = NULL;
      server_name_list = NULL;
-     
+
      server_creds_list = (gss_cred_id_t *) malloc(num*sizeof(gss_cred_id_t));
      if (server_creds_list == NULL)
 	  goto fail;
      server_name_list = (gss_name_t *) malloc(num*sizeof(gss_name_t));
      if (server_name_list == NULL)
 	  goto fail;
-     
+
      for (i = 0; i < num; i++) {
 	  server_name_list[i] = 0;
 	  server_creds_list[i] = 0;
      }
 
      server_creds_count = num;
-     
+
      for (i = 0; i < num; i++) {
 	  in_buf.value = names[i].name;
 	  in_buf.length = strlen(in_buf.value) + 1;
@@ -955,8 +955,8 @@ bool_t svcauth_gssapi_set_names(
 	  PRINTF(("svcauth_gssapi_set_names: importing %s\n", names[i].name));
 
 	  gssstat = gss_import_name(&minor_stat, &in_buf, names[i].type,
-				    &server_name_list[i]); 
-     
+				    &server_name_list[i]);
+
 	  if (gssstat != GSS_S_COMPLETE) {
 	       AUTH_GSSAPI_DISPLAY_STATUS(("importing name", gssstat,
 					   minor_stat));
diff --git a/src/lib/rpc/svc_auth_none.c b/src/lib/rpc/svc_auth_none.c
index 2df9580a5..ab9942e8b 100644
--- a/src/lib/rpc/svc_auth_none.c
+++ b/src/lib/rpc/svc_auth_none.c
@@ -1,6 +1,6 @@
 /*
   svc_auth_none.c
-  
+
   Copyright (c) 2000 The Regents of the University of Michigan.
   All rights reserved.
 
@@ -70,6 +70,6 @@ gssrpc__svcauth_none(struct svc_req *rqst, struct rpc_msg *msg,
 		     bool_t *no_dispatch)
 {
 	rqst->rq_xprt->xp_auth = &svc_auth_none;
-	
+
 	return (AUTH_OK);
 }
diff --git a/src/lib/rpc/svc_auth_unix.c b/src/lib/rpc/svc_auth_unix.c
index 016644b40..160188e40 100644
--- a/src/lib/rpc/svc_auth_unix.c
+++ b/src/lib/rpc/svc_auth_unix.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -68,7 +68,7 @@ gssrpc__svcauth_unix(
 	register int i;
 
 	rqst->rq_xprt->xp_auth = &svc_auth_none;
-	
+
 	area = (struct area *) rqst->rq_clntcred;
 	aup = &area->area_aup;
 	aup->aup_machname = area->area_machname;
@@ -130,7 +130,7 @@ done:
  * Looks up longhand in a cache.
  */
 /*ARGSUSED*/
-enum auth_stat 
+enum auth_stat
 gssrpc__svcauth_short(
 	struct svc_req *rqst,
 	struct rpc_msg *msg,
diff --git a/src/lib/rpc/svc_raw.c b/src/lib/rpc/svc_raw.c
index d2507ae8d..8ca65cb47 100644
--- a/src/lib/rpc/svc_raw.c
+++ b/src/lib/rpc/svc_raw.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -143,7 +143,7 @@ svcraw_getargs(SVCXPRT *xprt, xdrproc_t xdr_args, void *args_ptr)
 
 static bool_t
 svcraw_freeargs(SVCXPRT *xprt, xdrproc_t xdr_args, void *args_ptr)
-{ 
+{
 	register struct svcraw_private *srp = svcraw_private;
 	register XDR *xdrs;
 
@@ -152,7 +152,7 @@ svcraw_freeargs(SVCXPRT *xprt, xdrproc_t xdr_args, void *args_ptr)
 	xdrs = &srp->xdr_stream;
 	xdrs->x_op = XDR_FREE;
 	return ((*xdr_args)(xdrs, args_ptr));
-} 
+}
 
 static void
 svcraw_destroy(SVCXPRT *xprt)
diff --git a/src/lib/rpc/svc_run.c b/src/lib/rpc/svc_run.c
index b661f88b3..43d6f05e8 100644
--- a/src/lib/rpc/svc_run.c
+++ b/src/lib/rpc/svc_run.c
@@ -10,23 +10,23 @@ static char sccsid[] = "@(#)svc_run.c 1.1 87/10/13 Copyr 1984 Sun Micro";
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/svc_simple.c b/src/lib/rpc/svc_simple.c
index 6ae85ce52..64e720c49 100644
--- a/src/lib/rpc/svc_simple.c
+++ b/src/lib/rpc/svc_simple.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -31,7 +31,7 @@
 static char sccsid[] = "@(#)svc_simple.c 1.18 87/08/11 Copyr 1984 Sun Micro";
 #endif
 
-/* 
+/*
  * svc_simple.c
  * Simplified front end to rpc.
  *
@@ -65,7 +65,7 @@ registerrpc(
 	xdrproc_t outproc)
 {
         struct proglst *pl;
-	
+
 	if (procnum == NULLPROC) {
 		(void) fprintf(stderr,
 		    "can't reassign procedure number %d\n", NULLPROC);
@@ -109,7 +109,7 @@ universal(
 	char xdrbuf[UDPMSGSIZE];
 	struct proglst *pl;
 
-	/* 
+	/*
 	 * enforce "procnum 0 is echo" convention
 	 */
 	if (rqstp->rq_proc == NULLPROC) {
@@ -146,4 +146,3 @@ universal(
 	(void) fprintf(stderr, "never registered prog %d\n", prog);
 	exit(1);
 }
-
diff --git a/src/lib/rpc/svc_tcp.c b/src/lib/rpc/svc_tcp.c
index 46c207adb..796627f2f 100644
--- a/src/lib/rpc/svc_tcp.c
+++ b/src/lib/rpc/svc_tcp.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -32,7 +32,7 @@ static char sccsid[] = "@(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro";
 #endif
 
 /*
- * svc_tcp.c, Server side for TCP/IP based RPC. 
+ * svc_tcp.c, Server side for TCP/IP based RPC.
  *
  * Copyright (C) 1984, Sun Microsystems, Inc.
  *
@@ -223,7 +223,7 @@ makefd_xprt(
 {
 	register SVCXPRT *xprt;
 	register struct tcp_conn *cd;
- 
+
 #ifdef FD_SETSIZE
 	if (fd >= FD_SETSIZE) {
 		(void) fprintf(stderr, "svc_tcp: makefd_xprt: fd too high\n");
@@ -288,7 +288,7 @@ rendezvous_request(
 	set_cloexec_fd(sock);
 	if (getsockname(sock, (struct sockaddr *) &laddr, &llen) < 0)
 	     return (FALSE);
-	
+
 	/*
 	 * make a new transporter (re-uses xprt)
 	 */
@@ -477,7 +477,7 @@ static bool_t svctcp_reply(
 		(struct tcp_conn *)(xprt->xp_p1);
 	register XDR *xdrs = &(cd->xdrs);
 	register bool_t stat;
-     
+
 	xdrproc_t xdr_results;
 	caddr_t xdr_location;
 	bool_t has_args;
@@ -487,12 +487,12 @@ static bool_t svctcp_reply(
 		has_args = TRUE;
 		xdr_results = msg->acpted_rply.ar_results.proc;
 		xdr_location = msg->acpted_rply.ar_results.where;
-	  
+
 		msg->acpted_rply.ar_results.proc = xdr_void;
 		msg->acpted_rply.ar_results.where = NULL;
 	} else
 		has_args = FALSE;
-     
+
 	xdrs->x_op = XDR_ENCODE;
 	msg->rm_xid = cd->x_id;
 	stat = FALSE;
@@ -530,4 +530,3 @@ static bool_t abortx_freeargs(
 {
 	return abortx();
 }
-
diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c
index 232872dd8..a85bf9a16 100644
--- a/src/lib/rpc/svc_udp.c
+++ b/src/lib/rpc/svc_udp.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -177,7 +177,7 @@ static enum xprt_stat
 svcudp_stat(SVCXPRT *xprt)
 {
 
-	return (XPRT_IDLE); 
+	return (XPRT_IDLE);
 }
 
 static bool_t
@@ -208,7 +208,7 @@ svcudp_recv(
 	     else
 		  return (FALSE);
 	}
-	
+
 	xprt->xp_addrlen = sizeof(struct sockaddr_in);
 	rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz,
 	    0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen));
@@ -239,7 +239,7 @@ static bool_t svcudp_reply(
      register XDR *xdrs = &(su->su_xdrs);
      register int slen;
      register bool_t stat = FALSE;
-     
+
      xdrproc_t xdr_results;
      caddr_t xdr_location;
      bool_t has_args;
@@ -249,12 +249,12 @@ static bool_t svcudp_reply(
 	  has_args = TRUE;
 	  xdr_results = msg->acpted_rply.ar_results.proc;
 	  xdr_location = msg->acpted_rply.ar_results.where;
-	  
+
 	  msg->acpted_rply.ar_results.proc = xdr_void;
 	  msg->acpted_rply.ar_results.where = NULL;
      } else
 	  has_args = FALSE;
-	  
+
      xdrs->x_op = XDR_ENCODE;
      XDR_SETPOS(xdrs, 0);
      msg->rm_xid = su->su_xid;
@@ -337,7 +337,7 @@ svcudp_destroy(register SVCXPRT *xprt)
 	(type *) mem_alloc((unsigned) (sizeof(type) * (size)))
 
 #define BZERO(addr, type, size)	 \
-	memset(addr, 0, sizeof(type) * (int) (size)) 
+	memset(addr, 0, sizeof(type) * (int) (size))
 
 /*
  * An entry in the cache
@@ -360,7 +360,7 @@ struct cache_node {
 	/*
  	 * Next node on the list, if there is a collision
 	 */
-	cache_ptr cache_next;	
+	cache_ptr cache_next;
 };
 
 
@@ -384,11 +384,11 @@ struct udp_cache {
  * the hashing function
  */
 #define CACHE_LOC(transp, xid)	\
- (xid % (SPARSENESS*((struct udp_cache *) su_data(transp)->su_cache)->uc_size))	
+ (xid % (SPARSENESS*((struct udp_cache *) su_data(transp)->su_cache)->uc_size))
 
 
 /*
- * Enable use of the cache. 
+ * Enable use of the cache.
  * Note: there is no disable.
  */
 int
@@ -401,7 +401,7 @@ svcudp_enablecache(
 
 	if (su->su_cache != NULL) {
 		CACHE_PERROR("enablecache: cache already enabled");
-		return(0);	
+		return(0);
 	}
 	uc = ALLOC(struct udp_cache, 1);
 	if (uc == NULL) {
@@ -435,7 +435,7 @@ cache_set(
 	SVCXPRT *xprt,
 	uint32_t replylen)
 {
-	register cache_ptr victim;	
+	register cache_ptr victim;
 	register cache_ptr *vicp;
 	register struct svcudp_data *su = su_data(xprt);
 	struct udp_cache *uc = (struct udp_cache *) su->su_cache;
@@ -449,9 +449,9 @@ cache_set(
 	victim = uc->uc_fifo[uc->uc_nextvictim];
 	if (victim != NULL) {
 		loc = CACHE_LOC(xprt, victim->cache_xid);
-		for (vicp = &uc->uc_entries[loc]; 
-		  *vicp != NULL && *vicp != victim; 
-		  vicp = &(*vicp)->cache_next) 
+		for (vicp = &uc->uc_entries[loc];
+		  *vicp != NULL && *vicp != victim;
+		  vicp = &(*vicp)->cache_next)
 				;
 		if (*vicp == NULL) {
 			CACHE_PERROR("cache_set: victim not found");
@@ -485,7 +485,7 @@ cache_set(
 	victim->cache_prog = uc->uc_prog;
 	victim->cache_addr = uc->uc_addr;
 	loc = CACHE_LOC(xprt, victim->cache_xid);
-	victim->cache_next = uc->uc_entries[loc];	
+	victim->cache_next = uc->uc_entries[loc];
 	uc->uc_entries[loc] = victim;
 	uc->uc_fifo[uc->uc_nextvictim++] = victim;
 	uc->uc_nextvictim %= uc->uc_size;
@@ -531,4 +531,3 @@ cache_get(
 	uc->uc_addr = xprt->xp_raddr;
 	return(0);
 }
-
diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c
index 662a8c51c..df7144ab2 100644
--- a/src/lib/rpc/unit-test/client.c
+++ b/src/lib/rpc/unit-test/client.c
@@ -74,7 +74,7 @@ main(argc, argv)
      count = 1026;
      auth_once = 0;
      prot = NULL;
-     
+
      while ((c = getopt(argc, argv, "a:m:os:tu")) != -1) {
 	  switch (c) {
 	  case 'a':
@@ -120,20 +120,20 @@ main(argc, argv)
      default:
 	  usage();
      }
-     
+
      /* client handle to rstat */
      clnt = clnt_create(host, RPC_TEST_PROG, RPC_TEST_VERS_1, prot);
      if (clnt == NULL) {
 	  clnt_pcreateerror(whoami);
 	  exit(1);
      }
-     
+
      clnt->cl_auth = auth_gssapi_create_default(clnt, target);
      if (clnt->cl_auth == NULL) {
 	  clnt_pcreateerror(whoami);
 	  exit(2);
      }
-     
+
      /*
       * Call the echo service multiple times.
       */
@@ -183,7 +183,7 @@ main(argc, argv)
      echo_resp = rpc_test_echo_1(&echo_arg, clnt);
      if (echo_resp == NULL)
 	  clnt_perror(clnt, "Sequence number improperly reset");
-     
+
      /*
       * Now simulate a lost server response, and see if
       * auth_gssapi_refresh recovers.
@@ -193,7 +193,7 @@ main(argc, argv)
      echo_resp = rpc_test_echo_1(&echo_arg, clnt);
      if (echo_resp == NULL)
 	  clnt_perror(clnt, "Auto-resynchronization failed");
-     
+
      /*
       * Now make sure auto-resyncrhonization actually worked
       */
@@ -207,7 +207,7 @@ main(argc, argv)
       * unique.  Create another context from the same credentials; it
       * should have the same expiration time and will cause the server
       * to abort if the clients are not differentiated.
-      * 
+      *
       * Test fix for secure-rpc/586, part 2: btree keys cannot be
       * mutated in place.  To test this: a second client, *with a
       * later expiration time*, must be run.  The second client should
@@ -238,7 +238,7 @@ main(argc, argv)
 	  AUTH_DESTROY(clnt->cl_auth);
 	  clnt->cl_auth = tmp_auth;
      }
-     
+
      /*
       * Try RPC calls with argument/result lengths [0, 1025].  Do
       * this last, since it takes a while..
@@ -258,7 +258,7 @@ main(argc, argv)
 			    "RPC_TEST_LENGTHS call %d response wrong\n", i);
 	       gssrpc_xdr_free(xdr_wrapstring, echo_resp);
 	  }
-	  
+
 	  /* cycle from 1 to 255 */
 	  buf[i] = (i % 255) + 1;
 
@@ -273,4 +273,3 @@ main(argc, argv)
      CLNT_DESTROY(clnt);
      exit(0);
 }
-
diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c
index e373a3314..ee5446598 100644
--- a/src/lib/rpc/unit-test/server.c
+++ b/src/lib/rpc/unit-test/server.c
@@ -68,7 +68,7 @@ main(int argc, char **argv)
      extern int optind;
 #ifdef POSIX_SIGNALS
      struct sigaction sa;
-#endif     
+#endif
 
      names[0].name = SERVICE_NAME;
      names[0].type = (gss_OID) gss_nt_service_name;
@@ -118,13 +118,13 @@ main(int argc, char **argv)
 	  exit(1);
      }
      if (!svc_register(transp, RPC_TEST_PROG, RPC_TEST_VERS_1,
-		       rpc_test_prog_1_svc, prot)) { 
+		       rpc_test_prog_1_svc, prot)) {
 	  fprintf(stderr,
 		  "unable to register (RPC_TEST_PROG, RPC_TEST_VERS_1, %s).",
 		  prot == IPPROTO_TCP ? "tcp" : "udp");
 	  exit(1);
      }
-     
+
      if (svcauth_gssapi_set_names(names, 0) == FALSE) {
 	  fprintf(stderr, "unable to set gssapi names\n");
 	  exit(1);
@@ -147,7 +147,7 @@ main(int argc, char **argv)
      signal(SIGTERM, handlesig);
 #endif
      printf("running\n");
-     
+
      svc_run();
      fprintf(stderr, "svc_run returned");
      exit(1);
@@ -177,7 +177,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server,
 
      printf("rpc_test server: bad verifier from %.*s at %s:%d for %.*s\n",
 	    (int) client_name.length, (char *) client_name.value,
-	    inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr), 
+	    inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr),
 	    ntohs(rqst->rq_xprt->xp_raddr.sin_port),
 	    (int) server_name.length, (char *) server_name.value);
 
@@ -205,7 +205,7 @@ void rpc_test_badauth(OM_uint32 major, OM_uint32 minor,
 		 struct sockaddr_in *addr, caddr_t data)
 {
      char *a;
-     
+
      /* Authentication attempt failed: <IP address>, <GSS-API error */
      /* strings> */
 
@@ -220,7 +220,7 @@ void log_miscerr(struct svc_req *rqst, struct rpc_msg *msg,
 		 char *error, char *data)
 {
      char *a;
-     
+
      a = inet_ntoa(rqst->rq_xprt->xp_raddr.sin_addr);
      printf("Miscellaneous RPC error: %s, %s\n", a, error);
 }
@@ -243,19 +243,19 @@ void log_badauth_display_status_1(OM_uint32 code, int type, int rec)
 				       &msg_ctx, &msg);
 	  if (gssstat != GSS_S_COMPLETE) {
  	       if (!rec) {
-		    log_badauth_display_status_1(gssstat,GSS_C_GSS_CODE,1); 
+		    log_badauth_display_status_1(gssstat,GSS_C_GSS_CODE,1);
 		    log_badauth_display_status_1(minor_stat,
 						 GSS_C_MECH_CODE, 1);
 	       } else
 		    printf("GSS-API authentication error %.*s: "
-			   "recursive failure!\n", (int) msg.length, 
+			   "recursive failure!\n", (int) msg.length,
 			   (char *)msg.value);
 	       return;
 	  }
-	  
-	  printf(", %.*s", (int) msg.length, (char *)msg.value); 
+
+	  printf(", %.*s", (int) msg.length, (char *)msg.value);
 	  (void) gss_release_buffer(&minor_stat, &msg);
-	  
+
 	  if (!msg_ctx)
 	       break;
      }
diff --git a/src/lib/rpc/xdr.c b/src/lib/rpc/xdr.c
index 5eb6eaa0c..ff67e90f6 100644
--- a/src/lib/rpc/xdr.c
+++ b/src/lib/rpc/xdr.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -74,7 +74,7 @@ void
 xdr_free(xdrproc_t proc, void *objp)
 {
 	XDR x;
-	
+
 	x.x_op = XDR_FREE;
 	(*proc)(&x, objp);
 }
@@ -501,7 +501,7 @@ xdr_int32(XDR *xdrs, int32_t *ip)
 	case XDR_ENCODE:
 		VALGRIND_CHECK_DEFINED(*ip);
 		l = *ip;
-		return (xdr_long(xdrs, &l));    
+		return (xdr_long(xdrs, &l));
 
 	case XDR_DECODE:
 		if (!xdr_long(xdrs, &l)) {
@@ -511,7 +511,7 @@ xdr_int32(XDR *xdrs, int32_t *ip)
 		return (TRUE);
 
 	case XDR_FREE:
-		return (TRUE);    
+		return (TRUE);
 	}
 	return (FALSE);
 }
@@ -526,7 +526,7 @@ xdr_u_int32(XDR *xdrs, uint32_t *up)
 	case XDR_ENCODE:
 		VALGRIND_CHECK_DEFINED(*up);
 		ul = *up;
-		return (xdr_u_long(xdrs, &ul));    
+		return (xdr_u_long(xdrs, &ul));
 
 	case XDR_DECODE:
 		if (!xdr_u_long(xdrs, &ul)) {
@@ -536,7 +536,7 @@ xdr_u_int32(XDR *xdrs, uint32_t *up)
 		return (TRUE);
 
 	case XDR_FREE:
-		return (TRUE);    
+		return (TRUE);
 	}
 	return (FALSE);
 }
@@ -661,8 +661,8 @@ xdr_string(XDR *xdrs, char **cpp, u_int maxsize)
 	return (FALSE);
 }
 
-/* 
- * Wrapper for xdr_string that can be called directly from 
+/*
+ * Wrapper for xdr_string that can be called directly from
  * routines like clnt_call
  */
 bool_t
diff --git a/src/lib/rpc/xdr_alloc.c b/src/lib/rpc/xdr_alloc.c
index b0aa032c6..cbba8572d 100644
--- a/src/lib/rpc/xdr_alloc.c
+++ b/src/lib/rpc/xdr_alloc.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -61,7 +61,7 @@ static struct	xdr_ops xdralloc_ops = {
 
 /*
  * The procedure xdralloc_create initializes a stream descriptor for a
- * memory buffer.  
+ * memory buffer.
  */
 void xdralloc_create(XDR *xdrs, enum xdr_op op)
 {
diff --git a/src/lib/rpc/xdr_array.c b/src/lib/rpc/xdr_array.c
index 7d5745d4e..18dfac62e 100644
--- a/src/lib/rpc/xdr_array.c
+++ b/src/lib/rpc/xdr_array.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -93,7 +93,7 @@ xdr_array(
 				return (TRUE);
 			*addrp = target = mem_alloc(nodesize);
 			if (target == NULL) {
-				(void) fprintf(stderr, 
+				(void) fprintf(stderr,
 					"xdr_array: out of memory\n");
 				return (FALSE);
 			}
@@ -106,7 +106,7 @@ xdr_array(
 		case XDR_ENCODE:
 			break;
 	}
-	
+
 	/*
 	 * now we xdr each element of array
 	 */
@@ -153,6 +153,5 @@ xdr_vector(
 		}
 		elptr += elemsize;
 	}
-	return(TRUE);	
+	return(TRUE);
 }
-
diff --git a/src/lib/rpc/xdr_float.c b/src/lib/rpc/xdr_float.c
index 3e4805d97..73faa7202 100644
--- a/src/lib/rpc/xdr_float.c
+++ b/src/lib/rpc/xdr_float.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/xdr_mem.c b/src/lib/rpc/xdr_mem.c
index 6908aa8a3..f54bb88fb 100644
--- a/src/lib/rpc/xdr_mem.c
+++ b/src/lib/rpc/xdr_mem.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -72,7 +72,7 @@ static struct	xdr_ops xdrmem_ops = {
 
 /*
  * The procedure xdrmem_create initializes a stream descriptor for a
- * memory buffer.  
+ * memory buffer.
  */
 void
 xdrmem_create(
diff --git a/src/lib/rpc/xdr_rec.c b/src/lib/rpc/xdr_rec.c
index 05e42e975..1a203d040 100644
--- a/src/lib/rpc/xdr_rec.c
+++ b/src/lib/rpc/xdr_rec.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -44,7 +44,7 @@ static char sccsid[] = "@(#)xdr_rec.c 1.21 87/08/11 Copyr 1984 Sun Micro";
  * by n bytes of data, where n is contained in the header.  The header
  * is represented as a htonl(uint32_t).  Thegh order bit encodes
  * whether or not the fragment is the last fragment of the record
- * (1 => fragment is last, 0 => more fragments to follow. 
+ * (1 => fragment is last, 0 => more fragments to follow.
  * The other 31 bits encode the byte length of the fragment.
  */
 
@@ -147,8 +147,8 @@ xdrrec_create(
 
 	if (rstrm == NULL) {
 		(void)fprintf(stderr, "xdrrec_create: out of memory\n");
-		/* 
-		 *  This is bad.  Should rework xdrrec_create to 
+		/*
+		 *  This is bad.  Should rework xdrrec_create to
 		 *  return a handle, and in this case return NULL
 		 */
 		return;
@@ -256,7 +256,7 @@ xdrrec_getbytes(XDR *xdrs, caddr_t addr, u_int len)
 		current = (len < current) ? len : current;
 		if (! get_input_bytes(rstrm, addr, current))
 			return (FALSE);
-		addr += current; 
+		addr += current;
 		rstrm->fbtbc -= current;
 		len -= current;
 	}
@@ -270,7 +270,7 @@ xdrrec_putbytes(XDR *xdrs, caddr_t addr, u_int len)
 	register size_t current;
 
 	while (len > 0) {
-		current = (size_t) ((long)rstrm->out_boundry - 
+		current = (size_t) ((long)rstrm->out_boundry -
 				 (long)rstrm->out_finger);
 		current = (len < current) ? len : current;
 		memmove(rstrm->out_finger, addr, current);
@@ -418,7 +418,7 @@ xdrrec_skiprecord(XDR *xdrs)
 
 /*
  * Look ahead fuction.
- * Returns TRUE iff there is no more input in the buffer 
+ * Returns TRUE iff there is no more input in the buffer
  * after consuming the rest of the current record.
  */
 bool_t
@@ -472,7 +472,7 @@ static bool_t
 flush_out(RECSTREAM *rstrm, bool_t eor)
 {
 	register uint32_t eormask = (eor == TRUE) ? LAST_FRAG : 0;
-	register uint32_t len = (u_long)(rstrm->out_finger) - 
+	register uint32_t len = (u_long)(rstrm->out_finger) -
 		(u_long)(rstrm->frag_header) - BYTES_PER_XDR_UNIT;
 
 	*(rstrm->frag_header) = htonl(len | eormask);
@@ -510,7 +510,7 @@ get_input_bytes(RECSTREAM *rstrm, caddr_t addr, int len)
 	register size_t current;
 
 	while (len > 0) {
-		current = (size_t)((long)rstrm->in_boundry - 
+		current = (size_t)((long)rstrm->in_boundry -
 				(long)rstrm->in_finger);
 		if (current == 0) {
 			if (! fill_input_buf(rstrm))
@@ -546,7 +546,7 @@ skip_input_bytes(RECSTREAM *rstrm, int32_t cnt)
 	register int current;
 
 	while (cnt > 0) {
-		current = (int)((long)rstrm->in_boundry - 
+		current = (int)((long)rstrm->in_boundry -
 				(long)rstrm->in_finger);
 		if (current == 0) {
 			if (! fill_input_buf(rstrm))
diff --git a/src/lib/rpc/xdr_reference.c b/src/lib/rpc/xdr_reference.c
index 50a4fe4ae..323de5ea1 100644
--- a/src/lib/rpc/xdr_reference.c
+++ b/src/lib/rpc/xdr_reference.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/xdr_sizeof.c b/src/lib/rpc/xdr_sizeof.c
index 3a1c1e189..85e394d08 100644
--- a/src/lib/rpc/xdr_sizeof.c
+++ b/src/lib/rpc/xdr_sizeof.c
@@ -5,23 +5,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
diff --git a/src/lib/rpc/xdr_stdio.c b/src/lib/rpc/xdr_stdio.c
index 471d9f2ee..9b2a59092 100644
--- a/src/lib/rpc/xdr_stdio.c
+++ b/src/lib/rpc/xdr_stdio.c
@@ -6,23 +6,23 @@
  * may copy or modify Sun RPC without charge, but are not authorized
  * to license or distribute it to anyone else except as part of a product or
  * program developed by the user.
- * 
+ *
  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- * 
+ *
  * Sun RPC is provided with no support and without any obligation on the
  * part of Sun Microsystems, Inc. to assist in its use, correction,
  * modification or enhancement.
- * 
+ *
  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  * OR ANY PART THEREOF.
- * 
+ *
  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  * or profits or other special, indirect and consequential damages, even if
  * Sun has been advised of the possibility of such damages.
- * 
+ *
  * Sun Microsystems, Inc.
  * 2550 Garcia Avenue
  * Mountain View, California  94043
@@ -122,7 +122,7 @@ static bool_t
 xdrstdio_getbytes(XDR *xdrs, caddr_t addr, u_int len)
 {
 
-	if ((len != 0) && (fread(addr, (size_t)len, 1, 
+	if ((len != 0) && (fread(addr, (size_t)len, 1,
 				 (FILE *)xdrs->x_private) != 1))
 		return (FALSE);
 	return (TRUE);
@@ -132,7 +132,7 @@ static bool_t
 xdrstdio_putbytes(XDR *xdrs, caddr_t addr, u_int len)
 {
 
-	if ((len != 0) && (fwrite(addr, (size_t)len, 1, 
+	if ((len != 0) && (fwrite(addr, (size_t)len, 1,
 			   (FILE *)xdrs->x_private) != 1))
 		return (FALSE);
 	return (TRUE);
@@ -147,7 +147,7 @@ xdrstdio_getpos(XDR *xdrs)
 
 static bool_t
 xdrstdio_setpos(XDR *xdrs, u_int pos)
-{ 
+{
 
 	return ((fseek((FILE *)xdrs->x_private, (long)pos, 0) < 0) ?
 		FALSE : TRUE);
diff --git a/src/lib/win_glue.c b/src/lib/win_glue.c
index 3b2cbc599..b18178e1c 100644
--- a/src/lib/win_glue.c
+++ b/src/lib/win_glue.c
@@ -137,7 +137,7 @@ void GetCallingAppVerInfo( char *AppTitle, char *AppVer, char *AppIni,
 	wsprintf(szVerQ,
 		 "\\StringFileInfo\\%04x%04x\\",
 		 LOWORD(*lpLangInfo), HIWORD(*lpLangInfo));
-	
+
 	cp = szVerQ + lstrlen(szVerQ);
 
 	lstrcpy(cp, "ProductName");
@@ -227,12 +227,12 @@ static int CallVersionServer(app_title, app_version, app_ini, code_cover)
 	vstatus = VSProcessRequest(vrequest);
 	/*
 	 * Only complain periodically, if the test tracker isn't
-	 * working... 
+	 * working...
 	 */
 	if (v_complain(vstatus, app_ini)) {
-		WinVSReportRequest(vrequest, NULL, 
+		WinVSReportRequest(vrequest, NULL,
 				   "Version Server Status Report");
-	}                                                         
+	}
 	if (vstatus == V_REQUIRED) {
 		SetCursor(LoadCursor(NULL, IDC_WAIT));
 		VSDestroyRequest(vrequest);
@@ -240,7 +240,7 @@ static int CallVersionServer(app_title, app_version, app_ini, code_cover)
 	}
 	VSDestroyRequest(vrequest);
 	return (0);
-}   
+}
 #endif
 
 #ifdef TIMEBOMB
@@ -320,7 +320,7 @@ krb5_error_code krb5_vercheck()
 				return KRB5_APPL_EXPIRED;
 		}
 #endif
-		
+
 	}
 #endif
         verchecked = 1;
@@ -375,7 +375,7 @@ control(int mode)
 	break;
     }
 #elif defined KRB4
-    switch (mode){ 
+    switch (mode){
     case DLL_STARTUP:
       add_error_table(&et_krb_error_table);
       add_error_table(&et_kadm_error_table);
@@ -456,7 +456,7 @@ BOOL WINAPI DllMain (HANDLE hModule, DWORD fdwReason, LPVOID lpReserved)
         default:
 	    return FALSE;
     }
- 
+
     return TRUE;   // successful DLL_PROCESS_ATTACH
 }
 
@@ -472,7 +472,7 @@ LPSTR CmdLine;
     hlibinstance = hInst;
     if (control(DLL_STARTUP))
 	return 0;
-    else 
+    else
 	return 1;
 }
 
diff --git a/src/patchlevel.h b/src/patchlevel.h
index 288422287..e12942959 100644
--- a/src/patchlevel.h
+++ b/src/patchlevel.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/plugins/authdata/greet/greet_auth.c b/src/plugins/authdata/greet/greet_auth.c
index 91b9a697f..e759128e7 100644
--- a/src/plugins/authdata/greet/greet_auth.c
+++ b/src/plugins/authdata/greet/greet_auth.c
@@ -7,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +21,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Sample authorization data plugin
  */
diff --git a/src/plugins/authdata/greet_server/greet_auth.c b/src/plugins/authdata/greet_server/greet_auth.c
index 80a68a86f..9a0533286 100644
--- a/src/plugins/authdata/greet_server/greet_auth.c
+++ b/src/plugins/authdata/greet_server/greet_auth.c
@@ -7,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +21,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Sample authorization data plugin
  */
diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c
index 453c73b02..58c49328c 100644
--- a/src/plugins/kdb/db2/adb_openclose.c
+++ b/src/plugins/kdb/db2/adb_openclose.c
@@ -1,7 +1,7 @@
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
- * $Header$ 
+ * $Header$
  */
 
 #if !defined(lint) && !defined(__CODECENTER__)
@@ -29,7 +29,7 @@ krb5_error_code osa_adb_create_db(char *filename, char *lockfilename,
      int lf;
      DB *db;
      BTREEINFO btinfo;
-     
+
      memset(&btinfo, 0, sizeof(btinfo));
      btinfo.flags = 0;
      btinfo.cachesize = 0;
@@ -49,7 +49,7 @@ krb5_error_code osa_adb_create_db(char *filename, char *lockfilename,
      if (lf == -1)
 	  return errno;
      (void) close(lf);
-     
+
      return OSA_ADB_OK;
 }
 
@@ -104,7 +104,7 @@ krb5_error_code osa_adb_rename_db(char *filefrom, char *lockfrom,
 	  (void) osa_adb_fini_db(todb, magic);
 	  return ret;
      }
-	  
+
      (void) osa_adb_fini_db(fromdb, magic);
      (void) osa_adb_fini_db(todb, magic);
      return 0;
@@ -117,7 +117,7 @@ krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
      static struct _locklist *locklist = NULL;
      struct _locklist *lockp;
      krb5_error_code code;
-     
+
      if (dbp == NULL || filename == NULL)
 	  return EINVAL;
 
@@ -222,7 +222,7 @@ krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
      db->magic = magic;
 
      *dbp = db;
-     
+
      return OSA_ADB_OK;
 }
 
@@ -255,8 +255,8 @@ krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic)
      free(db->filename);
      free(db);
      return OSA_ADB_OK;
-}     
-     
+}
+
 krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode)
 {
      int tries, gotlock, perm, krb5_mode, ret = 0;
@@ -314,9 +314,9 @@ krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode)
 				KRB5_LOCKMODE_UNLOCK);
 	  return OSA_ADB_NOLOCKFILE;
      }
-     
+
      /* we have the shared/exclusive lock */
-     
+
      if (perm) {
 	  if (unlink(db->lock->filename) < 0) {
 	       /* somehow we can't delete the file, but we already */
@@ -326,7 +326,7 @@ krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode)
 	       (void) krb5_lock_file(db->lock->context,
 				     fileno(db->lock->lockfile),
 				     KRB5_LOCKMODE_UNLOCK);
-	       
+
 	       /* maybe we should return CANTLOCK_DB.. but that would */
 	       /* look just like the db was already locked */
 	       return ret;
@@ -336,7 +336,7 @@ krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode)
 	  /* now no one else can get one either */
 	  (void) fclose(db->lock->lockfile);
      }
-     
+
      db->lock->lockmode = mode;
      db->lock->lockcnt++;
      return OSA_ADB_OK;
@@ -345,7 +345,7 @@ krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode)
 krb5_error_code osa_adb_release_lock(osa_adb_db_t db)
 {
      int ret, fd;
-     
+
      if (!db->lock->lockcnt)		/* lock already unlocked */
 	  return OSA_ADB_NOTLOCKED;
 
@@ -363,7 +363,7 @@ krb5_error_code osa_adb_release_lock(osa_adb_db_t db)
 					  fileno(db->lock->lockfile),
 					  KRB5_LOCKMODE_UNLOCK)))
 	       return ret;
-	  
+
 	  db->lock->lockmode = 0;
      }
      return OSA_ADB_OK;
diff --git a/src/plugins/kdb/db2/adb_policy.c b/src/plugins/kdb/db2/adb_policy.c
index 04cc48970..d585c0852 100644
--- a/src/plugins/kdb/db2/adb_policy.c
+++ b/src/plugins/kdb/db2/adb_policy.c
@@ -36,7 +36,7 @@ static char *rcsid = "$Header$";
 
 /*
  * Function: osa_adb_create_policy
- * 
+ *
  * Purpose: create a policy entry in the policy db.
  *
  * Arguments:
@@ -45,13 +45,13 @@ static char *rcsid = "$Header$";
  *
  * Requires:
  *	entry have a valid name.
- * 
+ *
  * Effects:
  *	creates the entry in the db
  *
  * Modifies:
  *	the policy db.
- * 
+ *
  */
 krb5_error_code
 osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
@@ -69,7 +69,7 @@ osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
     }
     dbkey.data = entry->name;
     dbkey.size = (strlen(entry->name) + 1);
-		
+
     switch(db->db->get(db->db, &dbkey, &dbdata, 0)) {
     case 0:
 	 ret = OSA_ADB_DUP;
@@ -110,7 +110,7 @@ error:
 
 /*
  * Function: osa_adb_destroy_policy
- * 
+ *
  * Purpose: destroy a policy entry
  *
  * Arguments:
@@ -126,7 +126,7 @@ error:
  *
  * Modifies:
  *	policy db.
- * 
+ *
  */
 krb5_error_code
 osa_adb_destroy_policy(osa_adb_policy_t db, char *name)
@@ -135,7 +135,7 @@ osa_adb_destroy_policy(osa_adb_policy_t db, char *name)
     int	    status, ret;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
-    
+
     if(name == NULL) {
 	 ret = EINVAL;
 	 goto error;
@@ -167,7 +167,7 @@ error:
 
 /*
  * Function: osa_adb_get_policy
- * 
+ *
  * Purpose: retrieve policy
  *
  * Arguments:
@@ -222,10 +222,10 @@ osa_adb_get_policy(osa_adb_policy_t db, char *name,
 	 ret = ENOMEM;
 	 goto error;
     }
-    memcpy(aligned_data, dbdata.data, dbdata.size);	
+    memcpy(aligned_data, dbdata.data, dbdata.size);
     memset(*entry, 0, sizeof(osa_policy_ent_rec));
     xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
-    if (!xdr_osa_policy_ent_rec(&xdrs, *entry)) 
+    if (!xdr_osa_policy_ent_rec(&xdrs, *entry))
 	ret =  OSA_ADB_FAILURE;
     else ret = OSA_ADB_OK;
     xdr_destroy(&xdrs);
@@ -238,7 +238,7 @@ error:
 
 /*
  * Function: osa_adb_put_policy
- * 
+ *
  * Purpose: update a policy in the dababase
  *
  * Arguments:
@@ -248,13 +248,13 @@ error:
  *
  * Requires:
  *	[requires]
- * 
+ *
  * Effects:
  *	[effects]
  *
  * Modifies:
  *	[modifies]
- * 
+ *
  */
 krb5_error_code
 osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
@@ -266,7 +266,7 @@ osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
     int			ret;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
-    
+
     if(entry->name == NULL) {
 	 ret = EINVAL;
 	 goto error;
@@ -310,7 +310,7 @@ error:
 
 /*
  * Function: osa_adb_iter_policy
- * 
+ *
  * Purpose: iterate over the policy database.
  *
  * Arguments:
@@ -352,7 +352,7 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
 	     goto error;
 	}
 	memcpy(aligned_data, dbdata.data, dbdata.size);
-	
+
 	memset(entry, 0, sizeof(osa_policy_ent_rec));
 	xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
 	if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
@@ -364,7 +364,7 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
 	}
 	(*func)(data, entry);
 	xdr_destroy(&xdrs);
-	free(aligned_data);	
+	free(aligned_data);
 	osa_free_policy_ent(entry);
 	ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT);
     }
diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c
index 2e1f3b519..356f6dfca 100644
--- a/src/plugins/kdb/db2/db2_exp.c
+++ b/src/plugins/kdb/db2/db2_exp.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -26,7 +26,7 @@
 *
 *	C %name:		db2_exp.c %
 *	Instance:		idc_sec_2
-*	Description:	
+*	Description:
 *	%created_by:	spradeep %
 *	%date_created:	Tue Apr  5 11:44:00 2005 %
 *
@@ -110,8 +110,8 @@ WRAP_K (krb5_db2_db_get_age,
 	 time_t *t),
 	(ctx, s, t));
 WRAP_K (krb5_db2_db_set_option,
-	( krb5_context kcontext, 
-	  int option, 
+	( krb5_context kcontext,
+	  int option,
 	  void *value ),
 	(kcontext, option, value));
 
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index b987039d1..363a1f3d1 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -246,7 +246,7 @@ k5db2_dbopen(krb5_db2_context *dbc, char *fname, int flags, int mode, int tempdb
 	errno = ENOMEM;
 	return NULL;
     }
-    
+
 
     hashi.bsize = 4096;
     hashi.cachesize = 0;
@@ -2009,4 +2009,3 @@ errout:
 
     return retval;
 }
-
diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h
index cef7b648a..9f3cbc5c9 100644
--- a/src/plugins/kdb/db2/kdb_db2.h
+++ b/src/plugins/kdb/db2/kdb_db2.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * KDC Database backend definitions for Berkely DB.
  */
@@ -53,37 +53,37 @@ typedef struct _krb5_db2_context {
 #define KDB2_LOCK_EXT ".ok"
 #define KDB2_TEMP_LOCK_EXT "~.ok"
 
-krb5_error_code krb5_db2_db_init 
+krb5_error_code krb5_db2_db_init
 	(krb5_context);
-krb5_error_code krb5_db2_db_fini 
+krb5_error_code krb5_db2_db_fini
 	(krb5_context);
-krb5_error_code krb5_db2_db_get_age 
+krb5_error_code krb5_db2_db_get_age
 	(krb5_context,
 		   char *,
 		   time_t * );
-krb5_error_code krb5_db2_db_create 
+krb5_error_code krb5_db2_db_create
 	(krb5_context,
 		   char *,
 		   krb5_int32);
-krb5_error_code krb5_db2_db_destroy 
+krb5_error_code krb5_db2_db_destroy
 	(krb5_context,
 		   char * );
-krb5_error_code krb5_db2_db_rename 
+krb5_error_code krb5_db2_db_rename
 	(krb5_context,
 		   char *,
 		   char *,
 		   int );
-krb5_error_code krb5_db2_db_get_principal 
+krb5_error_code krb5_db2_db_get_principal
 	(krb5_context,
 		   krb5_const_principal,
 		   krb5_db_entry *,
 		   int *,
 		   krb5_boolean * );
-krb5_error_code krb5_db2_db_free_principal 
+krb5_error_code krb5_db2_db_free_principal
 	(krb5_context,
 		   krb5_db_entry *,
 		   int );
-krb5_error_code krb5_db2_db_put_principal 
+krb5_error_code krb5_db2_db_put_principal
 	(krb5_context,
 	 krb5_db_entry *,
 	 int *,
@@ -99,21 +99,21 @@ krb5_error_code krb5_db2_db_iterate
 		   krb5_error_code (*) (krb5_pointer,
 					          krb5_db_entry *),
 	           krb5_pointer );
-krb5_error_code krb5_db2_db_set_nonblocking 
+krb5_error_code krb5_db2_db_set_nonblocking
 	(krb5_context,
 		   krb5_boolean,
 		   krb5_boolean * );
 krb5_boolean krb5_db2_db_set_lockmode
 	(krb5_context,
 		   krb5_boolean );
-krb5_error_code krb5_db2_db_open_database 
+krb5_error_code krb5_db2_db_open_database
 	(krb5_context);
-krb5_error_code krb5_db2_db_close_database 
+krb5_error_code krb5_db2_db_close_database
 	(krb5_context);
 
-krb5_error_code 
-krb5_db2_set_master_key_ext ( krb5_context kcontext, 
-			      char *pwd, 
+krb5_error_code
+krb5_db2_set_master_key_ext ( krb5_context kcontext,
+			      char *pwd,
 			      krb5_keyblock *key);
 
 krb5_error_code
@@ -146,7 +146,7 @@ krb5_error_code krb5_db2_lib_init(void);
 
 krb5_error_code krb5_db2_lib_cleanup(void);
 
-krb5_error_code 
+krb5_error_code
 krb5_db2_db_unlock(krb5_context);
 
 krb5_error_code
@@ -154,9 +154,9 @@ krb5_db2_promote_db(krb5_context kcontext,
 		    char *conf_section,
 		    char **db_args);
 
-krb5_error_code 
-krb5_db2_db_set_option ( krb5_context kcontext, 
-			 int option, 
+krb5_error_code
+krb5_db2_db_set_option ( krb5_context kcontext,
+			 int option,
 			 void *value );
 
 krb5_error_code
@@ -164,7 +164,7 @@ krb5_db2_db_lock( krb5_context 	  context,
 		  int 	 	  in_mode);
 
 
-krb5_error_code 
+krb5_error_code
 krb5_db2_open( krb5_context kcontext,
 			       char *conf_section,
 			       char **db_args,
@@ -181,13 +181,13 @@ krb5_error_code krb5_db2_destroy( krb5_context kcontext,
 const char * krb5_db2_err2str( krb5_context kcontext,
 			       long err_code );
 
-void * 
-krb5_db2_alloc( krb5_context kcontext,  
-		void *ptr, 
+void *
+krb5_db2_alloc( krb5_context kcontext,
+		void *ptr,
 		size_t size );
 
-void 
-krb5_db2_free( krb5_context kcontext, 
+void
+krb5_db2_free( krb5_context kcontext,
 		    void *ptr );
 
 
diff --git a/src/plugins/kdb/db2/kdb_ext.c b/src/plugins/kdb/db2/kdb_ext.c
index 9d73966b4..69c5522ac 100644
--- a/src/plugins/kdb/db2/kdb_ext.c
+++ b/src/plugins/kdb/db2/kdb_ext.c
@@ -96,4 +96,3 @@ krb5_db2_invoke(krb5_context context,
 
     return code;
 }
-
diff --git a/src/plugins/kdb/db2/kdb_xdr.c b/src/plugins/kdb/db2/kdb_xdr.c
index f00131a00..38dc658fd 100644
--- a/src/plugins/kdb/db2/kdb_xdr.c
+++ b/src/plugins/kdb/db2/kdb_xdr.c
@@ -1,14 +1,14 @@
 /*
  * lib/kdb/kdb_xdr.c
  *
- * Copyright 1995 by the Massachusetts Institute of Technology. 
+ * Copyright 1995 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #include "k5-int.h"
@@ -42,7 +42,7 @@ krb5_encode_princ_dbkey(context, key, principal)
 
     if (!(retval = krb5_unparse_name(context, principal, &princ_name))) {
         /* need to store the NULL for decoding */
-        key->length = strlen(princ_name)+1;	
+        key->length = strlen(princ_name)+1;
         key->data = princ_name;
     }
     return(retval);
@@ -76,8 +76,8 @@ krb5_encode_princ_contents(context, content, entry)
      * compact and extensible.
      */
 
-    /* 
-     * First allocate enough space for all the data. 
+    /*
+     * First allocate enough space for all the data.
      * Need  2 bytes for the length of the base structure
      * then 36 [ 8 * 4 + 2 * 2] bytes for the base information
      *         [ attributes, max_life, max_renewable_life, expiration,
@@ -95,7 +95,7 @@ krb5_encode_princ_contents(context, content, entry)
 
     unparse_princ_size = strlen(unparse_princ) + 1;
     content->length += unparse_princ_size;
-    content->length += 2;		
+    content->length += 2;
 
     i = 0;
     /* tl_data is a linked list */
@@ -118,14 +118,14 @@ krb5_encode_princ_contents(context, content, entry)
 	    content->length += 4; /* type + length */
 	}
     }
-	
+
     if ((content->data = malloc(content->length)) == NULL) {
 	retval = ENOMEM;
 	goto epc_error;
     }
 
-    /* 
-     * Now we go through entry again, this time copying data 
+    /*
+     * Now we go through entry again, this time copying data
      * These first entries are always saved regardless of version
      */
     nextloc = (unsigned char *)content->data;
@@ -137,31 +137,31 @@ krb5_encode_princ_contents(context, content, entry)
 	/* Attributes */
     krb5_kdb_encode_int32(entry->attributes, nextloc);
     nextloc += 4;
-  
+
 	/* Max Life */
     krb5_kdb_encode_int32(entry->max_life, nextloc);
     nextloc += 4;
-  
+
 	/* Max Renewable Life */
     krb5_kdb_encode_int32(entry->max_renewable_life, nextloc);
     nextloc += 4;
-  
+
 	/* When the client expires */
     krb5_kdb_encode_int32(entry->expiration, nextloc);
     nextloc += 4;
-  
+
 	/* When its passwd expires */
     krb5_kdb_encode_int32(entry->pw_expiration, nextloc);
     nextloc += 4;
-  
+
 	/* Last successful passwd */
     krb5_kdb_encode_int32(entry->last_success, nextloc);
     nextloc += 4;
-  
+
 	/* Last failed passwd attempt */
     krb5_kdb_encode_int32(entry->last_failed, nextloc);
     nextloc += 4;
-  
+
 	/* # of failed passwd attempt */
     krb5_kdb_encode_int32(entry->fail_auth_count, nextloc);
     nextloc += 4;
@@ -169,11 +169,11 @@ krb5_encode_princ_contents(context, content, entry)
 	/* # tl_data strutures */
     krb5_kdb_encode_int16(entry->n_tl_data, nextloc);
     nextloc += 2;
-  
+
 	/* # key_data strutures */
     krb5_kdb_encode_int16(entry->n_key_data, nextloc);
     nextloc += 2;
-  
+
     	/* Put extended fields here */
     if (entry->len != KRB5_KDB_V1_BASE_LENGTH)
 	abort();
@@ -183,8 +183,8 @@ krb5_encode_princ_contents(context, content, entry)
 	memcpy(nextloc, entry->e_data, entry->e_length);
 	nextloc += entry->e_length;
     }
-  
-	/* 
+
+	/*
 	 * Now we get to the principal.
 	 * To squeze a few extra bytes out it is always assumed to come
 	 * after the base type.
@@ -228,7 +228,7 @@ krb5_encode_princ_contents(context, content, entry)
 	    }
 	}
     }
-	
+
 epc_error:;
     free(unparse_princ);
     return retval;
@@ -271,7 +271,7 @@ krb5_decode_princ_contents(context, content, entry)
     /* First do the easy stuff */
     nextloc = (unsigned char *)content->data;
     sizeleft = content->length;
-    if ((sizeleft -= KRB5_KDB_V1_BASE_LENGTH) < 0) 
+    if ((sizeleft -= KRB5_KDB_V1_BASE_LENGTH) < 0)
 	return KRB5_KDB_TRUNCATED_RECORD;
 
 	/* Base Length */
@@ -336,7 +336,7 @@ krb5_decode_princ_contents(context, content, entry)
     }
 
     /*
-     * Get the principal name for the entry 
+     * Get the principal name for the entry
      * (stored as a string which gets unparsed.)
      */
     if ((sizeleft -= 2) < 0) {
@@ -434,7 +434,7 @@ krb5_decode_princ_contents(context, content, entry)
 	                retval = ENOMEM;
 	                goto error_out;
 	            }
-	            memcpy(key_data->key_data_contents[j], nextloc, 
+	            memcpy(key_data->key_data_contents[j], nextloc,
 		           key_data->key_data_length[j]);
 	            nextloc += key_data->key_data_length[j];
 		}
@@ -450,10 +450,10 @@ error_out:;
     krb5_dbe_free_contents(context, entry);
     return retval;
 }
-	    
+
 void
 krb5_dbe_free_contents(context, entry)
-     krb5_context 	  context; 
+     krb5_context 	  context;
      krb5_db_entry 	* entry;
 {
     krb5_tl_data 	* tl_data_next;
@@ -475,8 +475,8 @@ krb5_dbe_free_contents(context, entry)
 	    for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
 	    	if (entry->key_data[i].key_data_length[j]) {
 		    if (entry->key_data[i].key_data_contents[j]) {
-		        memset(entry->key_data[i].key_data_contents[j], 
-			       0, 
+		        memset(entry->key_data[i].key_data_contents[j],
+			       0,
 			       (unsigned) entry->key_data[i].key_data_length[j]);
 		    	free (entry->key_data[i].key_data_contents[j]);
 		    }
diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_delete.c b/src/plugins/kdb/db2/libdb2/btree/bt_delete.c
index d002a66ed..02ae2e9be 100644
--- a/src/plugins/kdb/db2/libdb2/btree/bt_delete.c
+++ b/src/plugins/kdb/db2/libdb2/btree/bt_delete.c
@@ -154,7 +154,7 @@ __bt_stkacq(t, hp, c)
 	db_pgno_t pgno;
 	recno_t nextpg, prevpg;
 	int exact, level;
-	
+
 	/*
 	 * Find the first occurrence of the key in the tree.  Toss the
 	 * currently locked page so we don't hit an already-locked page.
@@ -270,7 +270,7 @@ __bt_stkacq(t, hp, c)
 		if ((h = mpool_get(t->bt_mp, prevpg, 0)) == NULL)
 			return (1);
 	}
-	
+
 
 ret:	mpool_put(t->bt_mp, h, 0);
 	return ((*hp = mpool_get(t->bt_mp, c->pg.pgno, 0)) == NULL);
@@ -402,7 +402,7 @@ __bt_pdelete(t, h)
 		/* Get the parent page. */
 		if ((pg = mpool_get(t->bt_mp, parent->pgno, 0)) == NULL)
 			return (RET_ERROR);
-		
+
 		idx = parent->index;
 		bi = GETBINTERNAL(pg, idx);
 
@@ -571,7 +571,7 @@ __bt_curdel(t, key, h, idx)
 			key = &c->key;
 		}
 		/* Check previous key, if not at the beginning of the page. */
-		if (idx > 0) { 
+		if (idx > 0) {
 			e.page = h;
 			e.index = idx - 1;
 			if (__bt_cmp(t, key, &e) == 0) {
diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c
index 0f848d8ad..069b2dfde 100644
--- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c
+++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c
@@ -202,7 +202,7 @@ __bt_open(fname, flags, mode, openinfo, dflags)
 		default:
 			goto einval;
 		}
-		
+
 		if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0)
 			goto err;
 
diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_seq.c b/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
index bbfb9c6c6..6124f968b 100644
--- a/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
+++ b/src/plugins/kdb/db2/libdb2/btree/bt_seq.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -419,7 +419,7 @@ __bt_first(t, key, erval, exactp)
 			*erval = *ep;
 			return (RET_SUCCESS);
 		}
-			
+
 		/*
 		 * Walk backwards, as long as the entry matches and there are
 		 * keys left in the tree.  Save a copy of each match in case
diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c
index c1a66088a..2343d223c 100644
--- a/src/plugins/kdb/db2/libdb2/hash/hash.c
+++ b/src/plugins/kdb/db2/libdb2/hash/hash.c
@@ -428,7 +428,7 @@ hget_header(hashp, page_size)
 
 	hdr_dest = (u_int8_t *)&hashp->hdr;
 
-	/* 
+	/*
 	 * XXX
 	 * This should not be printing to stderr on a "normal" error case.
 	 */
@@ -514,14 +514,14 @@ hdestroy(hashp)
 		free(hashp->bigkey_buf);
 	if (hashp->bigdata_buf)
 		free(hashp->bigdata_buf);
- 
+
 	/* XXX This should really iterate over the cursor queue, but
 	   it's not clear how to do that, and the only cursor a hash
 	   table ever creates is the one used by hash_seq().  Passing
 	   NULL as the first arg is also a kludge, but I know that
 	   it's never used, so I do it.  The intent is to plug the
 	   memory leak.  Correctness can come later. */
- 
+
 	if (hashp->seq_cursor)
 		hashp->seq_cursor->delete(NULL, hashp->seq_cursor, 0);
 
@@ -532,7 +532,7 @@ hdestroy(hashp)
 	if (hashp->fp != -1)
 		(void)close(hashp->fp);
 
-	/* 
+	/*
 	 * *** This may cause problems if hashp->fname is set in any case
 	 * other than the case that we are generating a temporary file name.
 	 * Note that the new version of mpool should support temporary
@@ -704,7 +704,7 @@ hash_access(hashp, action, key, val)
 
 	num_items = 0;
 
-	/* 
+	/*
 	 * Set up item_info so that we're looking for space to add an item
 	 * as we cycle through the pages looking for the key.
 	 */
@@ -868,7 +868,7 @@ cursor_get(dbp, cursorp, key, val, flags)
 	/*
 	 * This needs to be changed around.  As is, get_item_next advances
 	 * the pointers on the page but this function actually advances
-	 * bucket pointers.  This works, since the only other place we 
+	 * bucket pointers.  This works, since the only other place we
 	 * use get_item_next is in hash_access which only deals with one
 	 * bucket at a time.  However, there is the problem that certain other
 	 * functions (such as find_bigpair and delpair) depend on the
@@ -920,7 +920,7 @@ cursor_delete(dbp, cursor, flags)
 	/* XXX this is empirically determined, so it might not be completely
 	   correct, but it seems to work.  At the very least it fixes
 	   a memory leak */
- 
+
 	free(cursor->internal);
 	free(cursor);
 
@@ -937,7 +937,7 @@ hash_seq(dbp, key, val, flag)
 
 	/*
 	 * Seq just uses the default cursor to go sequecing through the
-	 * database.  Note that the default cursor is the first in the list. 
+	 * database.  Note that the default cursor is the first in the list.
 	 */
 
 	hashp = (HTAB *)dbp->internal;
diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.h b/src/plugins/kdb/db2/libdb2/hash/hash.h
index b202fc9f2..32793ca5b 100644
--- a/src/plugins/kdb/db2/libdb2/hash/hash.h
+++ b/src/plugins/kdb/db2/libdb2/hash/hash.h
@@ -193,4 +193,4 @@ typedef struct item_info {
 #define	ITEM_GET_N	4
 
 #define	UNKNOWN		0xffffffff		/* for num_items */
-#define	NO_EXPAND	0xfffffffe 
+#define	NO_EXPAND	0xfffffffe
diff --git a/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c b/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c
index 06210a57c..6874f4703 100644
--- a/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c
+++ b/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c
@@ -75,7 +75,7 @@ static int32_t collect_data __P((HTAB *, PAGE16 *, int32_t));
 /*
  * Big_insert
  *
- * You need to do an insert and the key/data pair is greater than 
+ * You need to do an insert and the key/data pair is greater than
  * MINFILL * the bucket size
  *
  * Returns:
diff --git a/src/plugins/kdb/db2/libdb2/hash/hash_page.c b/src/plugins/kdb/db2/libdb2/hash/hash_page.c
index e25115d3f..f27e7dd86 100644
--- a/src/plugins/kdb/db2/libdb2/hash/hash_page.c
+++ b/src/plugins/kdb/db2/libdb2/hash/hash_page.c
@@ -102,7 +102,7 @@ __get_item(hashp, cursorp, key, val, item_info)
 			cursorp->pgno = ADDR(cursorp->pagep);
 			cursorp->ndx = 0;
 			cursorp->pgndx = 0;
-		} else 
+		} else
 			cursorp->pagep =
 			    __get_page(hashp, cursorp->pgno, A_RAW);
 		if (!cursorp->pagep) {
@@ -140,7 +140,7 @@ __get_item(hashp, cursorp, key, val, item_info)
 			    KEY_OFF(cursorp->pagep, cursorp->pgndx);
 	}
 
-	/* 
+	/*
 	 * All of this information will be set incorrectly for big keys, but
 	 * it will be ignored anyway.
 	 */
@@ -183,7 +183,7 @@ __get_item_done(hashp, cursorp)
 		__put_page(hashp, cursorp->pagep, A_RAW, 0);
 	cursorp->pagep = NULL;
 
-	/* 
+	/*
 	 * We don't throw out the page number since we might want to
 	 * continue getting on this page.
 	 */
@@ -354,7 +354,7 @@ __delpair(hashp, cursorp, item_info)
 			 * item on the page.
 			 */
 			src = (u_int8_t *)pagep + OFFSET(pagep) + 1;
-			/* 
+			/*
 			 * Length is the distance between where to start
 			 * deleting and end of the data on the page.
 			 */
@@ -399,7 +399,7 @@ __delpair(hashp, cursorp, item_info)
 		db_pgno_t to_find, next_pgno, link_page;
 
 		/*
-		 * We need to go back to the first page in the chain and 
+		 * We need to go back to the first page in the chain and
 		 * look for this page so that we can update the previous
 		 * page's NEXT_PGNO field.
 		 */
@@ -511,7 +511,7 @@ __split_page(hashp, obucket, nbucket)
 }
 
 /*
- * Add the given pair to the page.  
+ * Add the given pair to the page.
  *
  *
  * Returns:
@@ -545,7 +545,7 @@ __addel(hashp, item_info, key, val, num_items, expanding)
 
 	/* Advance to first page in chain with room for item. */
 	while (NUM_ENT(pagep) && NEXT_PGNO(pagep) != INVALID_PGNO) {
-		/* 
+		/*
 		 * This may not be the end of the chain, but the pair may fit
 		 * anyway.
 		 */
@@ -577,9 +577,9 @@ __addel(hashp, item_info, key, val, num_items, expanding)
 			return (-1);
 		}
 	}
- 
+
 	/* At this point, we know the page fits, so we just add it */
- 
+
 	if (ISBIG(PAIRSIZE(key, val), hashp)) {
 		if (__big_insert(hashp, pagep, key, val))
 			return (-1);
@@ -624,7 +624,7 @@ __addel(hashp, item_info, key, val, num_items, expanding)
 	return (0);
 }
 
-/* 
+/*
  * Special __addel used in big splitting; this one just puts the pointer
  * to an already-allocated big page in the appropriate bucket.
  */
@@ -866,8 +866,8 @@ __pgin_routine(pg_cookie, pgno, page)
 	pagep = (PAGE16 *)page;
 	hashp = (HTAB *)pg_cookie;
 
-	/* 
-	 * There are the following cases for swapping: 
+	/*
+	 * There are the following cases for swapping:
 	 * 0) New page that may be unitialized.
 	 * 1) Bucket page or overflow page.  Either swap
 	 *	the header or initialize the page.
@@ -906,8 +906,8 @@ __pgout_routine(pg_cookie, pgno, page)
 	pagep = (PAGE16 *)page;
 	hashp = (HTAB *)pg_cookie;
 
-	/* 
-	 * There are the following cases for swapping: 
+	/*
+	 * There are the following cases for swapping:
 	 * 1) Bucket page or overflow page.  Just swap the header.
 	 * 2) Bitmap page.  Swap the whole page!
 	 * 3) Header pages.  Not handled here; these are written directly
diff --git a/src/plugins/kdb/db2/libdb2/hash/page.h b/src/plugins/kdb/db2/libdb2/hash/page.h
index 8ef8a2e29..989f967c5 100644
--- a/src/plugins/kdb/db2/libdb2/hash/page.h
+++ b/src/plugins/kdb/db2/libdb2/hash/page.h
@@ -57,7 +57,7 @@
  * other (since we use that fact to compute key lengths).  In the accessor
  * macros below, P means a pointer to the page, I means an index of the
  * particular entry being accessed.
- * 
+ *
  * Hash base page format
  * BYTE ITEM			NBYTES 	TYPE		ACCESSOR MACRO
  * ---- ------------------	------	--------	--------------
@@ -167,7 +167,7 @@ typedef unsigned char  PAGE8;
 #define FREESPACE(P) \
 	((OFFSET((P)) + 1 - PAGE_OVERHEAD - (NUM_ENT((P)) * PAIR_OVERHEAD)))
 
-/* 
+/*
  * Overhead on header pages is just one word -- the length of the
  * header info stored on that page.
  */
diff --git a/src/plugins/kdb/db2/libdb2/include/db-queue.h b/src/plugins/kdb/db2/libdb2/include/db-queue.h
index 40d32ccb6..65612ce6f 100644
--- a/src/plugins/kdb/db2/libdb2/include/db-queue.h
+++ b/src/plugins/kdb/db2/libdb2/include/db-queue.h
@@ -1,4 +1,4 @@
-/* 
+/*
  * Copyright (c) 1991, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
diff --git a/src/plugins/kdb/db2/libdb2/include/db.hin b/src/plugins/kdb/db2/libdb2/include/db.hin
index ad86d0af9..dca0b0067 100644
--- a/src/plugins/kdb/db2/libdb2/include/db.hin
+++ b/src/plugins/kdb/db2/libdb2/include/db.hin
@@ -154,7 +154,7 @@ typedef struct {
 	int	lorder;		/* byte order */
 	size_t	reclen;		/* record length (fixed-length records) */
 	u_char	bval;		/* delimiting byte (variable-length records */
-	char	*bfname;	/* btree file name */ 
+	char	*bfname;	/* btree file name */
 } RECNOINFO;
 
 #if defined(__cplusplus)
diff --git a/src/plugins/kdb/db2/libdb2/mpool/mpool.c b/src/plugins/kdb/db2/libdb2/mpool/mpool.c
index 3b0be3f55..acdc1b827 100644
--- a/src/plugins/kdb/db2/libdb2/mpool/mpool.c
+++ b/src/plugins/kdb/db2/libdb2/mpool/mpool.c
@@ -106,7 +106,7 @@ mpool_filter(mp, pgin, pgout, pgcookie)
 	mp->pgout = pgout;
 	mp->pgcookie = pgcookie;
 }
-	
+
 /*
  * mpool_new --
  *	Get a new page of memory.
@@ -173,8 +173,8 @@ mpool_delete(mp, page)
 
 	free(bp);
 	return (RET_SUCCESS);
-}	
-	
+}
+
 /*
  * mpool_get
  *	Get a page.
@@ -486,7 +486,7 @@ mpool_stat(mp)
 	    mp->pagealloc, mp->pageflush);
 	if (mp->cachehit + mp->cachemiss)
 		(void)fprintf(stderr,
-		    "%.0f%% cache hit rate (%lu hits, %lu misses)\n", 
+		    "%.0f%% cache hit rate (%lu hits, %lu misses)\n",
 		    ((double)mp->cachehit / (mp->cachehit + mp->cachemiss))
 		    * 100, mp->cachehit, mp->cachemiss);
 	(void)fprintf(stderr, "%lu page reads, %lu page writes\n",
@@ -506,7 +506,7 @@ mpool_stat(mp)
 			cnt = 0;
 		} else
 			sep = ", ";
-			
+
 	}
 	(void)fprintf(stderr, "\n");
 }
diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_put.c b/src/plugins/kdb/db2/libdb2/recno/rec_put.c
index e7fa75882..bd710df84 100644
--- a/src/plugins/kdb/db2/libdb2/recno/rec_put.c
+++ b/src/plugins/kdb/db2/libdb2/recno/rec_put.c
@@ -170,7 +170,7 @@ einval:		errno = EINVAL;
 
 	if (flags == R_SETCURSOR)
 		t->bt_cursor.rcursor = nrec;
-	
+
 	F_SET(t, R_MODIFIED);
 	return (__rec_ret(t, NULL, nrec, key, NULL));
 }
diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_search.c b/src/plugins/kdb/db2/libdb2/recno/rec_search.c
index a328f1be0..15042627d 100644
--- a/src/plugins/kdb/db2/libdb2/recno/rec_search.c
+++ b/src/plugins/kdb/db2/libdb2/recno/rec_search.c
@@ -92,7 +92,7 @@ __rec_search(t, recno, op)
 		}
 
 		BT_PUSH(t, pg, idx - 1);
-		
+
 		pg = r->pgno;
 		switch (op) {
 		case SDELETE:
diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_seq.c b/src/plugins/kdb/db2/libdb2/recno/rec_seq.c
index 1edaa998e..8af1378c3 100644
--- a/src/plugins/kdb/db2/libdb2/recno/rec_seq.c
+++ b/src/plugins/kdb/db2/libdb2/recno/rec_seq.c
@@ -107,7 +107,7 @@ __rec_seq(dbp, key, data, flags)
 einval:		errno = EINVAL;
 		return (RET_ERROR);
 	}
-	
+
 	if (t->bt_nrecs == 0 || nrec > t->bt_nrecs) {
 		if (!F_ISSET(t, R_EOF | R_INMEM) &&
 		    (status = t->bt_irec(t, nrec)) != RET_SUCCESS)
diff --git a/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c b/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
index f77b676f1..cfd1a4211 100644
--- a/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
+++ b/src/plugins/kdb/db2/libdb2/test/SEQ_TEST/t.c
@@ -8,7 +8,7 @@
 #include <stdlib.h>
 #include <string.h>
 
- 
+
 void main(int argc, char *argv[]) {
   char id1[] = {"          "}, id2[] = {"          "};
   int i;
@@ -27,13 +27,13 @@ void main(int argc, char *argv[]) {
     printf("\n Open error on test.db %d %s\n",errno,strerror(errno));
     exit(25);
   }
-   
+
   while (fscanf(fin," %10s%10s",id1,id2) > 0) {
     key.size = 11;
     data.size = 11;
     key.data = id1;
     data.data = id2;
-    printf("%10s %10s\n",key.data,data.data); 
+    printf("%10s %10s\n",key.data,data.data);
     if (dbp->put(dbp, &key, &data,R_NOOVERWRITE) != 0) {
       printf("Error writing output\n");
     }
@@ -41,7 +41,7 @@ void main(int argc, char *argv[]) {
   }
   printf("%d Records in\n",out);
   dbp->close(dbp);
-  
+
   if ((dbp = dbopen("test.db", O_RDWR | O_BINARY, 0664
        , DB_BTREE, NULL )) == NULL) {
     printf("\n Error on dbopen %d %s\n",errno,strerror(errno));
@@ -56,7 +56,7 @@ void main(int argc, char *argv[]) {
     strcpy(id2,data.data);
     id2[0] = 'U';
     datao.data=id2;
-    printf("%10s %10s\n",key.data,data.data); 
+    printf("%10s %10s\n",key.data,data.data);
     in++;
     if (in > 10) break;
 #ifdef notdef
@@ -74,11 +74,11 @@ void main(int argc, char *argv[]) {
   printf("%d Records copied\n",in);
   in = 0;
     dbp->seq(dbp, &key, &data,R_FIRST);
-    printf("%10s %10s\n",key.data,data.data); 
+    printf("%10s %10s\n",key.data,data.data);
     in++;
   while (dbp->seq(dbp, &key, &data,R_NEXT) == 0) {
     in++;
-    printf("%10s %10s\n",key.data,data.data); 
+    printf("%10s %10s\n",key.data,data.data);
   }
   printf("%d Records read\n",in);
   dbp->close(dbp);
diff --git a/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c b/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
index 06f02b3ad..0d78d5934 100644
--- a/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
+++ b/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c
@@ -691,7 +691,7 @@ load(db, argv)
 			key.size = sizeof(recno_t);
 			data.data = lp;
 			data.size = len + 1;
-		} else { 
+		} else {
 			key.data = lp;
 			key.size = len + 1;
 			for (p = lp + len - 1, t = buf; p >= lp; *t++ = *p--);
diff --git a/src/plugins/kdb/db2/libdb2/test/dbtest.c b/src/plugins/kdb/db2/libdb2/test/dbtest.c
index b0aee708d..df92cd79e 100644
--- a/src/plugins/kdb/db2/libdb2/test/dbtest.c
+++ b/src/plugins/kdb/db2/libdb2/test/dbtest.c
@@ -390,7 +390,7 @@ get(dbp, kp)
 			exit(1);
 		} else
 			(void)fprintf(stderr, "%lu: %.*s: %s",
-			    lineno, (int) MIN(kp->size, 20), (char *) kp->data, 
+			    lineno, (int) MIN(kp->size, 20), (char *) kp->data,
 				      NOSUCHKEY);
 #undef	NOSUCHKEY
 		break;
@@ -447,8 +447,8 @@ rem(dbp, kp)
 		if (ofd != STDOUT_FILENO)
 			(void)write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1);
 		else if (flags != R_CURSOR)
-			(void)fprintf(stderr, "%lu: %.*s: %s", 
-			    lineno, (int) MIN(kp->size, 20), (char *) kp->data, 
+			(void)fprintf(stderr, "%lu: %.*s: %s",
+			    lineno, (int) MIN(kp->size, 20), (char *) kp->data,
 				      NOSUCHKEY);
 		else
 			(void)fprintf(stderr,
@@ -492,8 +492,8 @@ seq(dbp, kp)
 		if (ofd != STDOUT_FILENO)
 			(void)write(ofd, NOSUCHKEY, sizeof(NOSUCHKEY) - 1);
 		else if (flags == R_CURSOR)
-			(void)fprintf(stderr, "%lu: %.*s: %s", 
-			    lineno, (int) MIN(kp->size, 20), (char *) kp->data, 
+			(void)fprintf(stderr, "%lu: %.*s: %s",
+			    lineno, (int) MIN(kp->size, 20), (char *) kp->data,
 				      NOSUCHKEY);
 		else
 			(void)fprintf(stderr,
@@ -534,7 +534,7 @@ dump(dbp, rev)
 		}
 done:	return;
 }
-	
+
 u_int
 setflags(s)
 	char *s;
@@ -578,7 +578,7 @@ sflags(lflags)
 
 	return ("UNKNOWN!");
 }
-	
+
 DBTYPE
 dbtype(s)
 	char *s;
@@ -608,7 +608,7 @@ setinfo(db_type, s)
 	*eq++ = '\0';
 	if (!isdigit((int) *eq))
 		err("%s: structure set statement must be a number", s);
-		
+
 	switch (db_type) {
 	case DB_BTREE:
 		if (!strcmp("flags", s)) {
diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c
index 34397ecaa..02982b162 100644
--- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c
+++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c
@@ -109,6 +109,3 @@ main(argc, argv)
 	}
 	exit(0);
 }
-
-	
-
diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c
index f11487b32..6767de5e9 100644
--- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c
+++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/tcreat3.c
@@ -97,7 +97,7 @@ char **argv;
 			fprintf(stderr, "cannot enter: key %s\n",
 				item.data);
 			exit(1);
-		}			
+		}
 	}
 
 	(dbp->close)(dbp);
diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
index 826611486..32d8250fc 100644
--- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
+++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/tdel.c
@@ -99,7 +99,7 @@ char **argv;
 			fprintf(stderr, "cannot enter: key %s\n",
 				item.data);
 			exit(1);
-		}			
+		}
 	}
 
 	if ( --argc ) {
@@ -113,7 +113,7 @@ char **argv;
 		    if (stat) {
 			fprintf ( stderr, "Error retrieving %s\n", key.data );
 			exit(1);
-		    } 
+		    }
 		}
 		fclose(fp);
 	}
diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
index b15b617bc..830d7a185 100644
--- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
+++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/thash4.c
@@ -85,8 +85,8 @@ char **argv;
 
 	key.data = wp1;
 	item.data = wp2;
-	while ( fgets(wp1, 8192, stdin) && 
-		fgets(wp2, 8192, stdin) && 
+	while ( fgets(wp1, 8192, stdin) &&
+		fgets(wp2, 8192, stdin) &&
 		i++ < MAXWORDS) {
 /*
 * put info in structure, and structure in the item
@@ -102,14 +102,14 @@ char **argv;
 				item.data);
 			fprintf(stderr, "\terrno: %d\n", errno);
 			exit(1);
-		}			
+		}
 	}
 
 	if ( --argc ) {
 		fp = fopen ( argv[0], "r");
 		i = 0;
-		while ( fgets(wp1, 256, fp) && 
-			fgets(wp2, 8192, fp) && 
+		while ( fgets(wp1, 256, fp) &&
+			fgets(wp2, 8192, fp) &&
 			i++ < MAXWORDS) {
 
 		    key.size = strlen(wp1);
diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c
index d2d36862d..bee41961e 100644
--- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c
+++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/tseq.c
@@ -72,7 +72,7 @@ char **argv;
 /*
 * put info in structure, and structure in the item
 */
-	for ( stat = (dbp->seq) (dbp, &res, &item, 1 ); 
+	for ( stat = (dbp->seq) (dbp, &res, &item, 1 );
 	      stat == 0;
 	      stat = (dbp->seq) (dbp, &res, &item, 0 ) ) {
 
diff --git a/src/plugins/kdb/db2/libdb2/test/hash2.tests/bigtest.c b/src/plugins/kdb/db2/libdb2/test/hash2.tests/bigtest.c
index 81c559ad2..c8070c503 100644
--- a/src/plugins/kdb/db2/libdb2/test/hash2.tests/bigtest.c
+++ b/src/plugins/kdb/db2/libdb2/test/hash2.tests/bigtest.c
@@ -33,9 +33,9 @@ main(void)
 		returned.data = NULL;
 		if (n == 4627)
 			printf("");
-		if (n % 50 == 0) 
+		if (n % 50 == 0)
 			printf("put n = %d\n", n);
-		if (db->put(db, &key, &value, 0) != 0)	
+		if (db->put(db, &key, &value, 0) != 0)
 			printf("put error, n = %d\n", n);
 		if (db->get(db, &key, &returned, 0) != 0)
 			printf("Immediate get error, n = %d\n", n);
@@ -47,7 +47,7 @@ main(void)
 	}
 
 	for (n = 0; n < 200000; n++) {
-		if (n % 50 == 0) 
+		if (n % 50 == 0)
 			printf("seq n = %d\n", n);
 		if ((db->seq(db, &key, &returned, 0)) != 0)
 			printf("Seq error, n = %d\n", n);
@@ -57,10 +57,10 @@ main(void)
 		for (i = 0; i < 800; i++)
 			if (((int *)returned.data)[i] != 0xDEADBEEF)
 				printf("ERRORRRRRR!!! seq %d\n", n);
-	}		
+	}
 
 	for (n = 0; n < 2000; n++) {
-		if (n % 50 == 0) 
+		if (n % 50 == 0)
 			printf("get n = %d\n", n);
 		if (db->get(db, &key, &returned, 0) != 0)
 			printf("Late get error, n = %d\n", n);
@@ -73,4 +73,3 @@ main(void)
 	free(value.data);
 	return(0);
 }
-
diff --git a/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c b/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
index adb72c004..43895a429 100644
--- a/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
+++ b/src/plugins/kdb/db2/libdb2/test/hash2.tests/passtest.c
@@ -14,7 +14,7 @@ main(void)
     char *key_line, *val_line, *get_key, *get_val, *old, *key2;
     HASHINFO passwd;
     int n = 0, i = 0, expected;
-   
+
     key_line = (char *)malloc(100);
     val_line = (char *)malloc(300);
     old = (char *)malloc(300);
@@ -28,15 +28,15 @@ main(void)
     passwd.hash = NULL;
     passwd.nelem = 0;
     passwd.lorder = 4321;
-	
 
-    db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_CREAT|O_TRUNC|O_BINARY, 0664, DB_HASH, 
+
+    db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_CREAT|O_TRUNC|O_BINARY, 0664, DB_HASH,
 		&passwd);
     if (!db) {
 	fprintf(stderr, "create_db: couldn't create database file\n");
 	exit(1);
     }
- 
+
     while ((key_line = fgets(key_line, 100, keys)) != NULL) {
 	if (n % 1000 == 0)
 	  fprintf(stderr, "Putting #%d.\n", n);
@@ -52,7 +52,7 @@ main(void)
 	  fprintf(stderr, "Immediate get error, n = %d\n", n);
     }
     fprintf(stderr, "Done with put!\n");
-    free(key_line);	
+    free(key_line);
     free(val_line);
     fclose(keys);
     fclose(vals);
@@ -60,7 +60,7 @@ main(void)
 
 
 
-	
+
     keys = fopen("yp.keys", "rt");
     vals = fopen("yp.total", "rt");
     get_key = (char *)malloc(100);
@@ -81,7 +81,7 @@ main(void)
 	fgets(get_val, 300, vals);
 	if (memcmp(val.data, (void *)get_val, val.size)) {
 	    fprintf(stderr, "Unmatched get on %s.\n", get_key);
-	    fprintf(stderr, "Input = %s\nOutput = %s\n", get_val, 
+	    fprintf(stderr, "Input = %s\nOutput = %s\n", get_val,
 		    (char *)val.data);
 	}
     }
@@ -107,7 +107,7 @@ main(void)
 	if (n % 1000 == 0)
 	  fprintf(stderr, "Sequence getting #%d.\n", n);
 	if (db->seq(db, &key, &val, 0) != 0) {
-	    fprintf(stderr, 
+	    fprintf(stderr,
 		    "Exiting sequence retrieve; n = %d, expected = %d\n",
 		    n - 1 , expected);
 	    break;
@@ -131,7 +131,7 @@ main(void)
 	n+=2;
 	key2 = fgets(get_key, 100, keys);
 	if (!key2)
-	  break;	
+	  break;
 	key.data = (void *)key2;
 	key.size = strlen(key2);
 	if (db->del(db, &key, 0) != 0)
@@ -150,7 +150,7 @@ main(void)
 
     keys = fopen("yp.keys", "rt");
     vals = fopen("yp.total", "rt");
-	
+
     db = dbopen("/usr/tmp/passwd.db", O_RDWR|O_BINARY, 0664, DB_HASH, &passwd);
     n = 0;
     while ((get_key = fgets(get_key, 100, keys)) != NULL) {
@@ -160,14 +160,14 @@ main(void)
 	key2 = fgets(key2, 100, keys);
 	if (!key2)
 	  break;
-	key.data = (void *)get_key;	
+	key.data = (void *)get_key;
 	key.size = strlen(get_key);
-	if (db->get(db, &key, &val, 0) != 0)	
+	if (db->get(db, &key, &val, 0) != 0)
 	  fprintf(stderr, "Retrieval after delete error on %d\n", n);
 	fgets(get_val, 300, vals);
 	if (memcmp(val.data, (void *)get_val, val.size)) {
 	    fprintf(stderr, "Unmatched get after delete on %s.\n", get_key);
-	    fprintf(stderr, "Input = %s\nOutput = %s\n", get_val, 
+	    fprintf(stderr, "Input = %s\nOutput = %s\n", get_val,
 		    (char *)val.data);
 	}
 	fgets(get_val, 300, vals);
diff --git a/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c b/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c
index da3767687..7d03e609c 100644
--- a/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c
+++ b/src/plugins/kdb/db2/libdb2/test/hash2.tests/passwd/genpass.c
@@ -6,7 +6,7 @@ main(int argc, char **argv)
 {
 	int i,j,n;
 	char *pass[8], r;
-	
+
 	n = atoi(argv[1]);
 
 	srandom(101173);
@@ -20,4 +20,3 @@ main(int argc, char **argv)
 		printf("\n");
 	}
 }
-
diff --git a/src/plugins/kdb/db2/lockout.c b/src/plugins/kdb/db2/lockout.c
index 1e6602dcc..e6c4b65e0 100644
--- a/src/plugins/kdb/db2/lockout.c
+++ b/src/plugins/kdb/db2/lockout.c
@@ -193,4 +193,3 @@ krb5_db2_lockout_audit(krb5_context context,
 
     return 0;
 }
-
diff --git a/src/plugins/kdb/db2/pol_xdr.c b/src/plugins/kdb/db2/pol_xdr.c
index 31856fbd2..315d0d1c5 100644
--- a/src/plugins/kdb/db2/pol_xdr.c
+++ b/src/plugins/kdb/db2/pol_xdr.c
@@ -8,11 +8,11 @@
 #endif
 #include <string.h>
 
-static 
+static
 bool_t xdr_nullstring(XDR *xdrs, char **objp)
 {
      u_int size;
-                                                                                                                            
+
      if (xdrs->x_op == XDR_ENCODE) {
           if (*objp == NULL)
                size = 0;
@@ -35,22 +35,22 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp)
                }
           }
           return (xdr_opaque(xdrs, *objp, size));
-                                                                                                                            
+
      case XDR_ENCODE:
           if (size != 0)
                return (xdr_opaque(xdrs, *objp, size));
           return TRUE;
-                                                                                                                            
+
      case XDR_FREE:
           if (*objp != NULL)
                mem_free(*objp, size);
           *objp = NULL;
           return TRUE;
      }
-                                                                                                                            
+
      return FALSE;
 }
-                                                                                                                            
+
 static int
 osa_policy_min_vers(osa_policy_ent_t objp)
 {
@@ -85,7 +85,7 @@ xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp)
 	      return FALSE;
 	 break;
     }
-    
+
     if(!xdr_nullstring(xdrs, &objp->name))
 	return (FALSE);
     if (!xdr_u_int32(xdrs, &objp->pw_min_life))
diff --git a/src/plugins/kdb/db2/policy_db.h b/src/plugins/kdb/db2/policy_db.h
index d841d7376..54af70cd6 100644
--- a/src/plugins/kdb/db2/policy_db.h
+++ b/src/plugins/kdb/db2/policy_db.h
@@ -63,7 +63,7 @@ typedef struct _osa_adb_db_ent_t {
 /*
  * Return Code (the rest are in adb_err.h)
  */
- 
+
 #define OSA_ADB_OK		0
 
 /*
diff --git a/src/plugins/kdb/hdb/hdb.h b/src/plugins/kdb/hdb/hdb.h
index 39fbec7e5..620080888 100644
--- a/src/plugins/kdb/hdb/hdb.h
+++ b/src/plugins/kdb/hdb/hdb.h
@@ -1,34 +1,34 @@
 /*
  * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
  *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
  *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
  *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
  *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
  */
 
 /* $Id: hdb.h 22198 2007-12-07 13:09:25Z lha $ */
@@ -77,7 +77,7 @@ typedef struct HDB{
 				struct HDB*,
 				int,
 				mode_t);
-    krb5_error_code (*hdb_close)(heim_context, 
+    krb5_error_code (*hdb_close)(heim_context,
 				 struct HDB*);
     void	    (*hdb_free)(heim_context,
 				struct HDB*,
@@ -116,10 +116,10 @@ typedef struct HDB{
 				heim_octet_string*);
     krb5_error_code (*hdb__put)(heim_context,
 				struct HDB*,
-				int, 
+				int,
 				heim_octet_string,
 				heim_octet_string);
-    krb5_error_code (*hdb__del)(heim_context, 
+    krb5_error_code (*hdb__del)(heim_context,
 				struct HDB*,
 				heim_octet_string);
     krb5_error_code (*hdb_destroy)(heim_context,
diff --git a/src/plugins/kdb/hdb/kdb_hdb.c b/src/plugins/kdb/hdb/kdb_hdb.c
index d22489eec..e42b05586 100644
--- a/src/plugins/kdb/hdb/kdb_hdb.c
+++ b/src/plugins/kdb/hdb/kdb_hdb.c
@@ -173,7 +173,7 @@ kh_db_context_init(krb5_context context,
     GET_PLUGIN_FUNC(libkrb5, "krb5_pac_parse",        heim_pac_parse);
     GET_PLUGIN_FUNC(libkrb5, "krb5_pac_verify",       heim_pac_verify);
     GET_PLUGIN_FUNC(libkrb5, "_krb5_pac_sign",        heim_pac_sign);
-    
+
     if (asprintf(&libhdb, "%s/libhdb%s", libdir, SHLIBEXT) < 0)
         goto cleanup;
 
@@ -1423,4 +1423,3 @@ kdb_vftabl kdb_function_table = {
     kh_dbekd_encrypt_key_data,
     kh_db_invoke,
 };
-
diff --git a/src/plugins/kdb/hdb/kdb_hdb.h b/src/plugins/kdb/hdb/kdb_hdb.h
index 9cfbef6a3..6ba5fbcb5 100644
--- a/src/plugins/kdb/hdb/kdb_hdb.h
+++ b/src/plugins/kdb/hdb/kdb_hdb.h
@@ -169,4 +169,3 @@ kh_hdb_windc_init(krb5_context context,
                   kh_db_context *kh);
 
 #endif /* KRB5_KDB_HDB_H */
-
diff --git a/src/plugins/kdb/hdb/kdb_marshal.c b/src/plugins/kdb/hdb/kdb_marshal.c
index 17bbdc808..d5e469347 100644
--- a/src/plugins/kdb/hdb/kdb_marshal.c
+++ b/src/plugins/kdb/hdb/kdb_marshal.c
@@ -108,7 +108,7 @@ kh_unmarshal_octet_string(krb5_context context,
     krb5_error_code code;
 
     *out_data = k5alloc(sizeof(krb5_data), &code);
-    if (code != 0) 
+    if (code != 0)
         return code;
 
     code = kh_unmarshal_octet_string_contents(context, in_data, *out_data);
@@ -807,4 +807,3 @@ cleanup:
 
     return code;
 }
-
diff --git a/src/plugins/kdb/hdb/kdb_windc.c b/src/plugins/kdb/hdb/kdb_windc.c
index a419d29de..9481876c6 100644
--- a/src/plugins/kdb/hdb/kdb_windc.c
+++ b/src/plugins/kdb/hdb/kdb_windc.c
@@ -370,7 +370,7 @@ kh_db_sign_auth_data(krb5_context context,
                                           &rep->auth_data);
     if (code != 0)
         goto cleanup;
-                                          
+
 cleanup:
     if (req->client == NULL)
         kh_free_Principal(context, client_hprinc);
@@ -612,4 +612,3 @@ kh_hdb_windc_init(krb5_context context,
 
     return code;
 }
-
diff --git a/src/plugins/kdb/hdb/windc_plugin.h b/src/plugins/kdb/hdb/windc_plugin.h
index 7df2a2147..d2d549703 100644
--- a/src/plugins/kdb/hdb/windc_plugin.h
+++ b/src/plugins/kdb/hdb/windc_plugin.h
@@ -1,34 +1,34 @@
 /*
  * Copyright (c) 2006 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden). 
- * All rights reserved. 
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
- * modification, are permitted provided that the following conditions 
- * are met: 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
  *
- * 1. Redistributions of source code must retain the above copyright 
- *    notice, this list of conditions and the following disclaimer. 
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
  *
- * 2. Redistributions in binary form must reproduce the above copyright 
- *    notice, this list of conditions and the following disclaimer in the 
- *    documentation and/or other materials provided with the distribution. 
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
  *
- * 3. Neither the name of the Institute nor the names of its contributors 
- *    may be used to endorse or promote products derived from this software 
- *    without specific prior written permission. 
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
  *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
- * SUCH DAMAGE. 
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
  */
 
 /* $Id: windc_plugin.h 22693 2008-03-19 08:57:49Z lha $ */
@@ -52,17 +52,17 @@ struct hdb_entry_ex;
 struct _heim_pac_data;
 typedef struct _heim_pac_data *heim_pac;
 
-typedef krb5_error_code 
+typedef krb5_error_code
 (*krb5plugin_windc_pac_generate)(void *, heim_context,
 				 struct hdb_entry_ex *, heim_pac *);
 
-typedef krb5_error_code 
+typedef krb5_error_code
 (*krb5plugin_windc_pac_verify)(void *, heim_context,
 			       const Principal *,
-			       struct hdb_entry_ex *, 
+			       struct hdb_entry_ex *,
 			       struct hdb_entry_ex *,
 			       heim_pac *);
-typedef krb5_error_code 
+typedef krb5_error_code
 (*krb5plugin_windc_client_access)(
     void *, heim_context, struct hdb_entry_ex *, KDC_REQ *, heim_octet_string *);
 
@@ -79,4 +79,3 @@ typedef struct krb5plugin_windc_ftable {
 } krb5plugin_windc_ftable;
 
 #endif /* HEIMDAL_WINDC_PLUGIN_H */
-
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
index 835b2350b..09b50797d 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
@@ -284,4 +284,3 @@ int list_modify_int_array(destlist, sourcelist, mode)
 
     return tcount;
 }
-
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
index b6402e592..a251fde3f 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
@@ -1,33 +1,32 @@
-
 /*
  * kadmin/ldap_util/kdb5_ldap_list.h
  */
- 
+
 /* Copyright (c) 2004-2005, Novell, Inc.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   * Redistributions of source code must retain the above copyright notice,
  *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright 
- *       notice, this list of conditions and the following disclaimer in the 
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
  *       documentation and/or other materials provided with the distribution.
  *   * The copyright holder's name is not used to endorse or promote products
  *       derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE. 
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 
@@ -43,5 +42,5 @@ extern void krb5_free_list_entries(char **list);
 extern void list_modify_str_array(char ***destlist, const char **sourcelist, int mode);
 extern int list_modify_int_array(int *destlist, const int *sourcelist, int mode);
 extern int list_count_str_array(char **list);
-extern int list_count_int_array(int *list); 
+extern int list_count_int_array(int *list);
 extern int compare_int(const void*, const void *);
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
index e794e6159..b22e63184 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
@@ -47,7 +47,7 @@ static char *strdur(time_t duration);
 
 extern char *yes;
 extern kadm5_config_params global_params;
-                                                                                                                             
+
 static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
     /* This operation is being performed in the context of a realm. So,
      * initialize the realm */
@@ -55,14 +55,14 @@ static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
     krb5_error_code retval = 0;
     kdb5_dal_handle *dal_handle = NULL;
     krb5_ldap_context *ldap_context=NULL;
-                                                                                                                             
+
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!ldap_context) {
         retval = EINVAL;
         goto cleanup;
     }
-                                                                                                                             
+
     if (ldap_context->krbcontainer == NULL) {
         retval = krb5_ldap_read_krbcontainer_params (util_context,
                 &(ldap_context->krbcontainer));
@@ -71,13 +71,13 @@ static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
             goto cleanup;
         }
     }
-                                                                                                                             
+
     if (ldap_context->lrparams == NULL) {
         retval = krb5_ldap_read_realm_params(util_context,
                 global_params.realm,
                 &(ldap_context->lrparams),
                 &mask);
-                                                                                                                             
+
         if (retval != 0) {
             goto cleanup;
         }
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
index 60d9e25f7..017a5cddf 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
@@ -939,7 +939,7 @@ void kdb5_ldap_modify(argc, argv)
     char **newadmindns = NULL;
     char **newpwddns = NULL;
     char **oldsubtrees = NULL;
-    char *oldcontainerref = NULL; 
+    char *oldcontainerref = NULL;
     int rightsmask = 0;
     int subtree_changed = 0;
 #endif
@@ -1558,7 +1558,7 @@ void kdb5_ldap_modify(argc, argv)
 		    }
 		}
             }
-                                                                                                                             
+
             if (subtree_changed && (mask & LDAP_REALM_KDCSERVERS)) {
                 char **newdns = rparams->kdcservers;
 
@@ -1591,7 +1591,7 @@ void kdb5_ldap_modify(argc, argv)
         }
 
         if (subtree_changed || (mask & LDAP_REALM_ADMINSERVERS)) {
-                                                                                                                             
+
             if (!(mask & LDAP_REALM_ADMINSERVERS)) {
                 if (rparams->adminservers != NULL) {
                     char **admindns = rparams->adminservers;
@@ -1692,7 +1692,7 @@ void kdb5_ldap_modify(argc, argv)
 		    }
 		}
             }
-                                                                                                                             
+
             if (subtree_changed && (mask & LDAP_REALM_ADMINSERVERS)) {
                 char **newdns = rparams->adminservers;
 
@@ -1725,7 +1725,7 @@ void kdb5_ldap_modify(argc, argv)
         }
 
         if (subtree_changed || (mask & LDAP_REALM_PASSWDSERVERS)) {
-                                                                                                                             
+
             if (!(mask & LDAP_REALM_PASSWDSERVERS)) {
                 if (rparams->passwdservers != NULL) {
                     char **passwddns = rparams->passwdservers;
@@ -1826,7 +1826,7 @@ void kdb5_ldap_modify(argc, argv)
 		    }
 		}
             }
-                                                                                                                             
+
             if (subtree_changed && (mask & LDAP_REALM_PASSWDSERVERS)) {
                 char **newdns = rparams->passwdservers;
 
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
index 273400c18..48cbe5a88 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
@@ -509,7 +509,7 @@ void kdb5_ldap_modify_service(argc, argv)
     int argc;
     char *argv[];
 {
-    char *me = progname; 
+    char *me = progname;
     krb5_error_code retval = 0;
     krb5_ldap_service_params *srvparams = NULL;
     krb5_boolean print_usage = FALSE;
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
index 934f1abea..0322558cc 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
@@ -66,4 +66,3 @@ extern void kdb5_ldap_view_service(int argc, char **argv);
 extern int  kdb5_ldap_set_service_password(int argc, char **argv);
 extern void kdb5_ldap_set_service_certificate(int argc, char **argv);
 extern void kdb5_ldap_stash_service_password(int argc, char **argv);
-
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
index d27dd5247..8eb65af5d 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
@@ -1,4 +1,4 @@
-/* 
+/*
  * kadmin/ldap_util/kdb5_ldap_util.h
  */
 
@@ -42,7 +42,7 @@
 #define LIST_REALM            5
 
 #ifdef HAVE_EDIRECTORY
-# define CREATE_SERVICE        6 
+# define CREATE_SERVICE        6
 # define MODIFY_SERVICE        7
 # define VIEW_SERVICE          8
 # define DESTROY_SERVICE       9
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
index 0009b59d6..717daee22 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
@@ -96,4 +96,3 @@ krb5_ldap_invoke(krb5_context context,
 
     return code;
 }
-
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index 0d86801d6..8f7e3bdd3 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -105,7 +105,7 @@ krb5_ldap_read_startup_information(krb5_context context)
     kdb5_dal_handle      *dal_handle=NULL;
     krb5_ldap_context    *ldap_context=NULL;
     int                  mask = 0;
-                                                                                                                             
+
     SETUP_CONTEXT();
     if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) {
 	prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
@@ -450,7 +450,7 @@ krb5_error_code krb5_ldap_open(krb5_context context,
 	    /* ignore hash argument. Might have been passed from create */
 	    status = EINVAL;
 	    if (opt && !strcmp(opt, "temporary")) {
-		/* 
+		/*
 		 * temporary is passed in when kdb5_util load without -update is done.
 		 * This is unsupported by the LDAP plugin.
 		 */
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index d14b48bf9..ea6d3706a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -161,7 +161,7 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
 					      && ldap_context->server_info_list)) { \
 					  return KRB5_KDB_DBNOTINITED; \
 					}
-     
+
 #define HNDL_LOCK(lcontext) k5_mutex_lock(&lcontext->hndl_lock)
 #define HNDL_UNLOCK(lcontext) k5_mutex_unlock(&lcontext->hndl_lock)
 
@@ -204,7 +204,7 @@ struct _krb5_ldap_server_info {
 
 /* ldap server structure */
 
-typedef enum {SERVICE_DN_TYPE_SERVER, SERVICE_DN_TYPE_CLIENT} krb5_ldap_servicetype; 
+typedef enum {SERVICE_DN_TYPE_SERVER, SERVICE_DN_TYPE_CLIENT} krb5_ldap_servicetype;
 
 typedef struct _krb5_ldap_context {
   krb5_ldap_servicetype         service_type;
@@ -250,16 +250,16 @@ krb5_ldap_rebind(krb5_ldap_context *, krb5_ldap_server_handle **);
 krb5_error_code
 krb5_ldap_db_get_age(krb5_context, char *, time_t *);
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_lib_init(void);
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_lib_cleanup(void);
 
-void * 
+void *
 krb5_ldap_alloc( krb5_context kcontext,  void *ptr, size_t size );
 
-void 
+void
 krb5_ldap_free( krb5_context kcontext, void *ptr );
 krb5_error_code
 krb5_ldap_get_mkey(krb5_context, krb5_keyblock **);
@@ -276,11 +276,11 @@ krb5_ldap_set_mkey_list(krb5_context, krb5_keylist_node *);
 krb5_error_code
 krb5_ldap_create(krb5_context , char *, char **);
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_open( krb5_context , char *,
 		char **db_args,
 		int mode );
-krb5_error_code 
+krb5_error_code
 krb5_ldap_close( krb5_context );
 
 krb5_error_code
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index db1f76a69..d757a6ee3 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -129,9 +129,9 @@ krb5_ldap_bind(ldap_context, ldap_server_handle)
 	/* password based simple bind */
         bv.bv_val = ldap_context->bind_pwd;
         bv.bv_len = strlen(ldap_context->bind_pwd);
-        st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle, 
+        st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
                                 ldap_context->bind_dn,
-                                NULL, &bv, NULL, 
+                                NULL, &bv, NULL,
                                 NULL, NULL);
     }
     return st;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
index c048c9340..9974b1721 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
@@ -39,7 +39,7 @@
 #include "ldap_krbcontainer.h"
 #include "ldap_err.h"
 
-/* 
+/*
  * ******************************************************************************
  * DAL functions
  * ******************************************************************************
@@ -214,7 +214,7 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 	/* ignore hash argument. Might have been passed from create */
 	    status = EINVAL;
 	    if (opt && !strcmp(opt, "temporary")) {
-		/* 
+		/*
 		 * temporary is passed in when kdb5_util load without -update is done.
 		 * This is unsupported by the LDAP plugin.
 		 */
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
index 15ea6b4b9..5bfaa7801 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
@@ -13,7 +13,7 @@
 #define LDAP_NAME_ERROR(x) (0)
 #endif
 #endif
- 
+
 #ifndef LDAP_SECURITY_ERROR
 #define LDAP_SECURITY_ERROR(x) (0)
 #endif
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
index 6da080664..ad90109da 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
@@ -139,4 +139,3 @@ krb5_ldap_set_mkey_list(krb5_context context, krb5_keylist_node *key_list)
     r_params->mkey_list = key_list;
     return 0;
 }
-
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
index dac02498d..8187cdc02 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
@@ -275,4 +275,3 @@ krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle)
     }
     return;
 }
-
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
index a3b0885f4..c351c1fd7 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
@@ -31,7 +31,7 @@
 #ifndef _LDAP_HANDLE_H_
 #define _LDAP_HANDLE_H_
 
-krb5_error_code 
+krb5_error_code
 krb5_update_ldap_handle(krb5_ldap_server_handle *, krb5_ldap_server_info *);
 
 krb5_error_code
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
index 7177af601..27531a8da 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
@@ -86,7 +86,7 @@ krb5_error_code
 is_principal_in_realm(krb5_ldap_context *, krb5_const_principal);
 
 krb5_error_code
-krb5_get_subtree_info(krb5_ldap_context *, char ***, unsigned int *); 
+krb5_get_subtree_info(krb5_ldap_context *, char ***, unsigned int *);
 
 krb5_error_code
 krb5_ldap_read_server_params(krb5_context , char *, int);
@@ -100,16 +100,16 @@ copy_arrays(char **, char ***, int);
 krb5_error_code
 krb5_ldap_list(krb5_context, char ***, char *, char *);
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_value(LDAP *, LDAPMessage *, char *, int *);
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_string(LDAP *, LDAPMessage *, char *, char **, krb5_boolean *);
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_strings(LDAP *, LDAPMessage *, char *, char ***, krb5_boolean *);
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_time(LDAP *, LDAPMessage *, char *, krb5_timestamp *, krb5_boolean *);
 
 krb5_error_code
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
index 1cf67629b..ecc4d3c8a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -143,7 +143,7 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 {
     krb5_db_entry            entry;
     krb5_principal           principal;
-    char                     **subtree=NULL, *princ_name=NULL, *realm=NULL, **values=NULL, *filter=NULL; 
+    char                     **subtree=NULL, *princ_name=NULL, *realm=NULL, **values=NULL, *filter=NULL;
     unsigned int             tree=0, ntree=1, i=0;
     krb5_error_code          st=0, tempst=0;
     LDAP                     *ld=NULL;
@@ -169,7 +169,7 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 	}
     }
 
-    /* 
+    /*
      * If no match_expr then iterate through all krb princs like the db2 plugin
      */
     if (match_expr == NULL)
@@ -179,7 +179,7 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 	filter = NULL;
     CHECK_NULL(filter);
 
-    if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0) 
+    if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0)
 	goto cleanup;
 
     GET_HANDLE();
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index f81d39904..42a76859a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -294,11 +294,11 @@ process_db_args(context, db_args, xargs, optype)
 		dptr = &xargs->tktpolicydn;
 	    } else {
 		if (strcmp(arg, USERDN_ARG) == 0) {
-		    if (optype == MODIFY_PRINCIPAL || 
-			xargs->dn != NULL || xargs->containerdn != NULL || 
+		    if (optype == MODIFY_PRINCIPAL ||
+			xargs->dn != NULL || xargs->containerdn != NULL ||
 			xargs->linkdn != NULL) {
 			st = EINVAL;
-			snprintf(errbuf, sizeof(errbuf), 
+			snprintf(errbuf, sizeof(errbuf),
 				 "%s option not supported", arg);
 			krb5_set_error_message(context, st, "%s", errbuf);
 			goto cleanup;
@@ -308,7 +308,7 @@ process_db_args(context, db_args, xargs, optype)
 		    if (optype == MODIFY_PRINCIPAL ||
 			xargs->dn != NULL || xargs->containerdn != NULL) {
 			st = EINVAL;
-			snprintf(errbuf, sizeof(errbuf), 
+			snprintf(errbuf, sizeof(errbuf),
 				 "%s option not supported", arg);
 			krb5_set_error_message(context, st, "%s", errbuf);
 			goto cleanup;
@@ -317,7 +317,7 @@ process_db_args(context, db_args, xargs, optype)
 		} else if (strcmp(arg, LINKDN_ARG) == 0) {
 		    if (xargs->dn != NULL || xargs->linkdn != NULL) {
 			st = EINVAL;
-			snprintf(errbuf, sizeof(errbuf), 
+			snprintf(errbuf, sizeof(errbuf),
 				 "%s option not supported", arg);
 			krb5_set_error_message(context, st, "%s", errbuf);
 			goto cleanup;
@@ -329,11 +329,11 @@ process_db_args(context, db_args, xargs, optype)
 		    krb5_set_error_message(context, st, "%s", errbuf);
 		    goto cleanup;
 		}
-		
+
 		xargs->dn_from_kbd = TRUE;
 		if (arg_val == NULL || strlen(arg_val) == 0) {
 		    st = EINVAL;
-		    snprintf(errbuf, sizeof(errbuf), 
+		    snprintf(errbuf, sizeof(errbuf),
 			     "%s option value missing", arg);
 		    krb5_set_error_message(context, st, "%s", errbuf);
 		    goto cleanup;
@@ -342,7 +342,7 @@ process_db_args(context, db_args, xargs, optype)
 
 	    if (arg_val == NULL) {
 		st = EINVAL;
-		snprintf(errbuf, sizeof(errbuf), 
+		snprintf(errbuf, sizeof(errbuf),
 			 "%s option value missing", arg);
 		krb5_set_error_message(context, st, "%s", errbuf);
 		goto cleanup;
@@ -350,8 +350,8 @@ process_db_args(context, db_args, xargs, optype)
 	    arg_val_len = strlen(arg_val) + 1;
 
 	    if (strcmp(arg, TKTPOLICY_ARG) == 0) {
-		if ((st = krb5_ldap_name_to_policydn (context, 
-						      arg_val, 
+		if ((st = krb5_ldap_name_to_policydn (context,
+						      arg_val,
 						      dptr)) != 0)
 		    goto cleanup;
 	    } else {
@@ -639,7 +639,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
 		    free(filter);
 		    goto cleanup;
 		}
-		/* 
+		/*
 		 * If it isn't found then assume a standalone princ entry is to
 		 * be created.
 		 */
@@ -648,7 +648,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
 	    free(filter);
 
 	    if (found_entry == FALSE && principal_dn != NULL) {
-		/* 
+		/*
 		 * if principal_dn is null then there is code further down to
 		 * deal with setting standalone_principal_dn.  Also note that
 		 * this will set create_standalone_prinicipal true for
@@ -1011,7 +1011,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
 		goto cleanup;
 	    }
 	} else if (entries->mask & KADM5_LOAD && found_entry == TRUE) {
-	    /* 
+	    /*
 	     * a load is special in that existing entries must have attrs that
 	     * removed.
 	     */
@@ -1403,4 +1403,3 @@ getstringtime(epochtime)
     strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme);
     return strtime;
 }
-
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
index 49fa85ecb..846014eb6 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
@@ -30,7 +30,7 @@
 
 #ifndef _LDAP_KRBPWDPOLICY_H_
 #define _LDAP_KRBPWDPOLICY_H_
- 
+
 krb5_error_code
 krb5_ldap_get_password_policy (krb5_context , char *, osa_policy_ent_t *, int *);
 
@@ -44,7 +44,7 @@ krb5_error_code
 krb5_ldap_delete_password_policy ( krb5_context kcontext, char *policy );
 
 krb5_error_code
-krb5_ldap_iterate_password_policy(krb5_context, char *, 
+krb5_ldap_iterate_password_policy(krb5_context, char *,
 				  void (*) (krb5_pointer, osa_policy_ent_t ),
 				  krb5_pointer);
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
index e02a51a4a..fc84019e5 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -40,7 +40,7 @@
 #include "ldap_err.h"
 
 #define END_OF_LIST -1
-char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef", 
+char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef",
 			     "krbMaxTicketLife", "krbMaxRenewableAge",
 			     "krbTicketFlags", "krbUpEnabled",
 			     "krbTicketPolicyReference",
@@ -953,9 +953,9 @@ krb5_ldap_create_realm(context, rparams, mask)
     krb5_error_code             st=0;
     char                        *dn=NULL;
     char                        *strval[4]={NULL};
-    char		        *contref[2]={NULL}; 
+    char		        *contref[2]={NULL};
     LDAPMod                     **mods = NULL;
-    int                         i=0, objectmask=0, subtreecount=0; 
+    int                         i=0, objectmask=0, subtreecount=0;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -972,7 +972,7 @@ krb5_ldap_create_realm(context, rparams, mask)
 	rparams == NULL ||
 	rparams->realm_name == NULL ||
 	((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
-	((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) || 
+	((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
 	((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
 #ifdef HAVE_EDIRECTORY
 	((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
@@ -1007,7 +1007,7 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     strval[0] = "top";
     strval[1] = "krbrealmcontainer";
-    strval[2] = "krbticketpolicyaux"; 
+    strval[2] = "krbticketpolicyaux";
     strval[3] = NULL;
 
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
@@ -1476,7 +1476,7 @@ krb5_ldap_free_realm_params(rparams)
     return;
 }
 
-/* 
+/*
  * ******************************************************************************
  * DAL functions
  * ******************************************************************************
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
index db17509ae..cfdf39c55 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
@@ -43,7 +43,7 @@
 #define LDAP_REALM_MAXTICKETLIFE      0x0100
 #define LDAP_REALM_MAXRENEWLIFE       0x0200
 #define LDAP_REALM_KRBTICKETFLAGS     0x0400
-#define LDAP_REALM_CONTREF  	      0x0800 
+#define LDAP_REALM_CONTREF  	      0x0800
 
 extern char *policy_attributes[];
 
@@ -54,8 +54,8 @@ extern char *realm_attributes[];
 typedef struct _krb5_ldap_realm_params {
   char          *realmdn;
   char          *realm_name;
-  char          **subtree; 
-  char		*containerref;  
+  char          **subtree;
+  char		*containerref;
   char          *policyreference;
   int           search_scope;
   int           upenabled;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
index d670f59fb..8d87d46ac 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
@@ -133,7 +133,7 @@ static char *kdcrights_realmcontainer[][2]={
     {"2#subtree#","#krbMKey"},
     {"2#subtree#","#krbUPEnabled"},
     {"2#subtree#","#krbSubTrees"},
-    {"2#subtree#","#krbPrincContainerRef"}, 
+    {"2#subtree#","#krbPrincContainerRef"},
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
     {"2#subtree#","#krbKdcServers"},
@@ -167,7 +167,7 @@ static char *adminrights_realmcontainer[][2]={
     {"2#subtree#","#krbMKey"},
     {"6#subtree#","#krbUPEnabled"},
     {"2#subtree#","#krbSubTrees"},
-    {"2#subtree#","#krbPrincContainerRef"}, 
+    {"2#subtree#","#krbPrincContainerRef"},
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
     {"2#subtree#","#krbKdcServers"},
@@ -208,7 +208,7 @@ static char *pwdrights_realmcontainer[][2]={
     {"2#subtree#","#krbMKey"},
     {"2#subtree#","#krbUPEnabled"},
     {"2#subtree#","#krbSubTrees"},
-    {"2#subtree#","#krbPrincContainerRef"}, 
+    {"2#subtree#","#krbPrincContainerRef"},
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
     {"2#subtree#","#krbKdcServers"},
@@ -271,8 +271,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt
     int                 servicetype;
     char                *serviceobjdn;
     char                *realmname;
-    char                **subtreeparam;                         
-    char                *contref;                         
+    char                **subtreeparam;
+    char                *contref;
     int                 mask;
 {
 
@@ -559,7 +559,7 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
     int             servicetype;
     char            *serviceobjdn;
     char            *realmname;
-    char            **subtreeparam; 
+    char            **subtreeparam;
     char            *contref;
     int             mask;
 {
@@ -574,7 +574,7 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
     kdb5_dal_handle        *dal_handle=NULL;
     krb5_ldap_context      *ldap_context=NULL;
     krb5_ldap_server_handle *ldap_server_handle=NULL;
-    int                     subtreecount = 0;  
+    int                     subtreecount = 0;
 
     SETUP_CONTEXT();
     GET_HANDLE();
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
index bd7e3dc63..05dd40a95 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
@@ -42,14 +42,13 @@ struct data{
 #define ERR_PWD_BAD     3
 #define ERR_PWD_NOT_HEX 4
 
-int 
+int
 dec_password(struct data, struct data *);
 
 krb5_error_code
 krb5_ldap_readpassword(krb5_context, krb5_ldap_context *, unsigned char **);
 
-int 
+int
 tohex(krb5_data, krb5_data *);
 
 #endif
-
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h
index 0ad580d13..5f0b1d7e6 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h
@@ -87,7 +87,7 @@ krb5_ldap_free_service( krb5_context, krb5_ldap_service_params *);
 krb5_error_code
 krb5_ldap_set_service_passwd( krb5_context, char *, char *);
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_add_service_rights( krb5_context, int, char *, char *, char **, char *, int);
 
 krb5_error_code
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
index 65a03f7dd..5f40e4330 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.h
@@ -34,7 +34,7 @@ ldap_xdr_krb5_ui_2(XDR *xdrs, krb5_ui_2 *objp);
 bool_t
 ldap_xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp);
 
-bool_t 
+bool_t
 ldap_xdr_nullstring(XDR *xdrs, char **objp);
 
 bool_t
diff --git a/src/plugins/locate/python/py-locate.c b/src/plugins/locate/python/py-locate.c
index 5167230a0..6f4943a75 100644
--- a/src/plugins/locate/python/py-locate.c
+++ b/src/plugins/locate/python/py-locate.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c
index 523951351..77de0a8b6 100644
--- a/src/plugins/preauth/cksum_body/cksum_body_main.c
+++ b/src/plugins/preauth/cksum_body/cksum_body_main.c
@@ -235,7 +235,7 @@ client_gic_opt(krb5_context kcontext,
 {
 #ifdef DEBUG
     fprintf(stderr, "(cksum_body) client_gic_opt: received '%s' = '%s'\n",
-	    attr, value); 
+	    attr, value);
 #endif
     return 0;
 }
diff --git a/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c b/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
index 1229d2a7d..45b309d8b 100644
--- a/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
+++ b/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +22,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  * Implement EncryptedChallenge fast factor from draft-ietf-krb-wg-preauth-framework
  */
@@ -64,7 +64,7 @@ static krb5_error_code process_preauth
     krb5_keyblock *challenge_key = NULL, *armor_key = NULL;
     krb5_data *etype_data = NULL;
     krb5int_access kaccess;
-    
+
     if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0)
         return 0;
     retval = fast_get_armor_key(context, get_data_proc, rock, &armor_key);
@@ -174,10 +174,10 @@ static krb5_error_code process_preauth
                       &etype_data);
     return retval;
 }
-    
-    
-                      
-                      
+
+
+
+
 static krb5_error_code kdc_include_padata
 (krb5_context context,
                  krb5_kdc_req *request,
@@ -222,10 +222,10 @@ static krb5_error_code kdc_verify_preauth
     krb5_data *client_data = NULL;
     krb5_keyblock *challenge_key = NULL;
     int i = 0;
-    
+
     plain.data = NULL;
     if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0)
-        return 0; 
+        return 0;
 
     retval = fast_kdc_get_armor_key(context, get_entry_proc, request, client, &armor_key);
     if (retval == 0 &&armor_key == NULL) {
@@ -243,7 +243,7 @@ static krb5_error_code kdc_verify_preauth
             retval = ENOMEM;
     }
     if (retval == 0)
-        retval = get_entry_proc(context, request, client, 
+        retval = get_entry_proc(context, request, client,
                                 krb5plugin_preauth_keys, &client_data);
     if (retval == 0) {
         client_keys = (krb5_keyblock *) client_data->data;
@@ -274,7 +274,7 @@ static krb5_error_code kdc_verify_preauth
         for (j = i+1; client_keys[j].enctype; j++)
             krb5_free_keyblock_contents(context, &client_keys[j]);
     }
-    
+
     }
     if (retval == 0)
         retval = kaccess.decode_enc_ts(&plain, &ts);
@@ -301,7 +301,7 @@ static krb5_error_code kdc_verify_preauth
     }
     if (armor_key)
         krb5_free_keyblock(context, armor_key);
-    if (plain.data) 
+    if (plain.data)
         free(plain.data);
     if (enc)
         kaccess.free_enc_data(context, enc);
@@ -332,7 +332,7 @@ static krb5_error_code kdc_return_preauth
     krb5_data *encoded = NULL;
     krb5_pa_data *pa = NULL;
     krb5int_access kaccess;
-   
+
     if (krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION) != 0)
         return 0;
     if (challenge_key == NULL)
@@ -408,4 +408,3 @@ struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
     NULL,                    /* try_again function */
     NULL                /* get init creds opt function */
 };
-
diff --git a/src/plugins/preauth/fast_factor.h b/src/plugins/preauth/fast_factor.h
index 4059b2876..1e7696f02 100644
--- a/src/plugins/preauth/fast_factor.h
+++ b/src/plugins/preauth/fast_factor.h
@@ -30,7 +30,7 @@ static krb5_error_code fast_kdc_get_armor_key
      if (retval == 0) {
 	 *armor_key = (krb5_keyblock *) data->data;
 	 data->data = NULL;
-	 get_entry(context, request, client, 
+	 get_entry(context, request, client,
 		   krb5plugin_preauth_free_fast_armor, &data);
      }
      return retval;
diff --git a/src/plugins/preauth/pkinit/pkinit.h b/src/plugins/preauth/pkinit/pkinit.h
index 04c64a4a8..65984824e 100644
--- a/src/plugins/preauth/pkinit/pkinit.h
+++ b/src/plugins/preauth/pkinit/pkinit.h
@@ -103,7 +103,7 @@ static inline void pkiDebug (const char *fmt, ...) { }
 /* #define pkiDebug	(void) */
 #endif
 
-/* Solaris compiler doesn't grok __FUNCTION__ 
+/* Solaris compiler doesn't grok __FUNCTION__
  * hack for now.  Fix all the uses eventually. */
 #define __FUNCTION__ __func__
 
@@ -125,15 +125,15 @@ extern const krb5_octet_data dh_oid;
  * (the kdc's identity is at the plugin level, the client's identity
  * information could change per-request.)
  * the identity context is meant to have the entity's cert,
- * a list of trusted and intermediate cas, a list of crls, and any 
+ * a list of trusted and intermediate cas, a list of crls, and any
  * pkcs11 information.  the req context is meant to have the
  * received certificate and the DH related information. the plugin
  * context is meant to have global crypto information, i.e., OIDs
  * and constant DH parameter information.
- */ 
+ */
 
 /*
- * plugin crypto context should keep plugin common information, 
+ * plugin crypto context should keep plugin common information,
  * eg., OIDs, known DHparams
  */
 typedef struct _pkinit_plg_crypto_context *pkinit_plg_crypto_context;
@@ -159,7 +159,7 @@ typedef struct _pkinit_plg_opts {
     int accept_secondary_eku;/* accept secondary EKU (default is false) */
     int allow_upn;	    /* allow UPN-SAN instead of pkinit-SAN */
     int dh_or_rsa;	    /* selects DH or RSA based pkinit */
-    int require_crl_checking; /* require CRL for a CA (default is false) */ 
+    int require_crl_checking; /* require CRL for a CA (default is false) */
     int dh_min_bits;	    /* minimum DH modulus size allowed */
 } pkinit_plg_opts;
 
@@ -255,7 +255,7 @@ typedef struct _pkinit_kdc_req_context *pkinit_kdc_req_context;
 
 /*
  * Functions in pkinit_lib.c
- */ 
+ */
 
 krb5_error_code pkinit_init_req_opts(pkinit_req_opts **);
 void pkinit_fini_req_opts(pkinit_req_opts *);
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 935ed2faf..7fa42f34a 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -271,7 +271,7 @@ pkinit_as_req_create(krb5_context context,
 
 	    /* add List of CMS algorithms */
 	    retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
-			reqctx->cryptoctx, reqctx->idctx, 
+			reqctx->cryptoctx, reqctx->idctx,
 			&auth_pack->supportedCMSTypes);
 	    if (retval)
 		goto cleanup;
@@ -434,7 +434,7 @@ cleanup:
 	    free(auth_pack9);
 	    break;
     }
-	
+
 
     pkiDebug("pkinit_as_req_create retval=%d\n", (int) retval);
 
@@ -501,7 +501,7 @@ verify_kdc_san(krb5_context context,
     *need_eku_checking = 1;
 
     retval = pkinit_libdefault_strings(context,
-				       krb5_princ_realm(context, kdcprinc), 
+				       krb5_princ_realm(context, kdcprinc),
 				       KRB5_CONF_PKINIT_KDC_HOSTNAME,
 				       &cfghosts);
     if (retval || cfghosts == NULL) {
@@ -595,7 +595,7 @@ out:
 	     __FUNCTION__, retval, *valid_san, *need_eku_checking);
     return retval;
 }
- 
+
 static krb5_error_code
 verify_kdc_eku(krb5_context context,
 	       pkinit_context plgctx,
@@ -719,7 +719,7 @@ pkinit_as_rep_parse(krb5_context context,
     }
 
     if (need_eku_checking) {
-	retval = verify_kdc_eku(context, plgctx, reqctx, 
+	retval = verify_kdc_eku(context, plgctx, reqctx,
 				&valid_eku);
 	if (retval)
 	    goto cleanup;
@@ -729,7 +729,7 @@ pkinit_as_rep_parse(krb5_context context,
 	    retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE;
 	    goto cleanup;
 	}
-    } else 
+    } else
 	pkiDebug("%s: skipping EKU check\n", __FUNCTION__);
 
     OCTETDATA_TO_KRB5DATA(&dh_data, &k5data);
@@ -863,7 +863,7 @@ cleanup:
     if (key_pack != NULL) {
 	free_krb5_reply_key_pack(&key_pack);
 	free(cksum.contents);
-    } 
+    }
     if (key_pack9 != NULL)
 	free_krb5_reply_key_pack_draft9(&key_pack9);
 
@@ -1146,7 +1146,7 @@ pkinit_client_tryagain(krb5_context context,
 	if (retval)
 	    goto cleanup;
     }
-	
+
     retval = 0;
 cleanup:
     if (krb5_trusted_certifiers != NULL)
@@ -1202,7 +1202,7 @@ pkinit_client_req_init(krb5_context context,
     retval = pkinit_init_req_opts(&reqctx->opts);
     if (retval)
 	goto cleanup;
-	
+
     reqctx->opts->require_eku = plgctx->opts->require_eku;
     reqctx->opts->accept_secondary_eku = plgctx->opts->accept_secondary_eku;
     reqctx->opts->dh_or_rsa = plgctx->opts->dh_or_rsa;
@@ -1365,7 +1365,7 @@ add_string_to_array(krb5_context context, char ***array, const char *addition)
 	free(*array);
     }
     *array = out;
-	
+
     return 0;
 }
 static krb5_error_code
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h
index 779c08cae..83d2f1e19 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto.h
+++ b/src/plugins/preauth/pkinit/pkinit_crypto.h
@@ -136,7 +136,7 @@ krb5_error_code cms_signeddata_create
 	unsigned char **signed_data,			/* OUT
 		    for CMS_SIGN_CLIENT receives DER encoded
 		    SignedAuthPack (CMS_SIGN_CLIENT) or DER
-		    encoded DHInfo (CMS_SIGN_SERVER) */ 
+		    encoded DHInfo (CMS_SIGN_SERVER) */
 	unsigned int *signed_data_len);			/* OUT
 		    receives length of signed_data */
 
@@ -177,12 +177,12 @@ krb5_error_code cms_signeddata_verify
 /*
  * this function creates a CMS message where eContentType is EnvelopedData
  */
-krb5_error_code cms_envelopeddata_create	
+krb5_error_code cms_envelopeddata_create
 	(krb5_context context,				/* IN */
 	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
 	pkinit_req_crypto_context req_cryptoctx,	/* IN */
 	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
-	krb5_preauthtype pa_type,			/* IN */ 
+	krb5_preauthtype pa_type,			/* IN */
 	int include_certchain,				/* IN
 		    specifies whether the certificates field in
 		    SignedData should contain certificate path */
@@ -210,7 +210,7 @@ krb5_error_code cms_envelopeddata_verify
 	unsigned char *envel_data,			/* IN
 		    contains DER encoded encKeyPack */
 	unsigned int envel_data_len,			/* IN
-		    contains length of envel_data */ 
+		    contains length of envel_data */
 	unsigned char **signed_data,			/* OUT
 		    receives ReplyKeyPack */
 	unsigned int *signed_data_len);			/* OUT
@@ -222,7 +222,7 @@ krb5_error_code cms_envelopeddata_verify
  * upn_sans, or kdc_hostnames must be non-NULL.
  */
 krb5_error_code crypto_retrieve_cert_sans
-	(krb5_context context,				/* IN */ 
+	(krb5_context context,				/* IN */
 	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
 	pkinit_req_crypto_context req_cryptoctx,	/* IN */
 	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
@@ -237,7 +237,7 @@ krb5_error_code crypto_retrieve_cert_sans
 	unsigned char ***kdc_hostname);			/* OUT
 		    if non-NULL, a null-terminated array of
 		    dNSName (hostname) SAN values found in the
-		    certificate are returned */ 
+		    certificate are returned */
 
 /*
  * this function checks for acceptable key usage values
@@ -301,14 +301,14 @@ krb5_error_code client_create_dh
 	unsigned int *dh_params_len,			/* OUT
 		    contains length of dh_parmas */
 	unsigned char **dh_pubkey,			/* OUT
-		    receives DER encoded DH pub key */ 
+		    receives DER encoded DH pub key */
 	unsigned int *dh_pubkey_len);			/* OUT
 		    receives length of dh_pubkey */
 
 /*
  * this function completes client's the DH protocol. client
  * processes received DH pub key from the KDC and computes
- * the DH secret key 
+ * the DH secret key
  */
 krb5_error_code client_process_dh
 	(krb5_context context,				/* IN */
@@ -353,7 +353,7 @@ krb5_error_code server_process_dh
 	unsigned int received_pub_len,			/* IN
 		    contains length of received_pubkey */
 	unsigned char **dh_pubkey,			/* OUT
-		    receives KDC's DER encoded DH pub key */ 
+		    receives KDC's DER encoded DH pub key */
 	unsigned int *dh_pubkey_len,			/* OUT
 		    receives length of dh_pubkey */
 	unsigned char **server_key,			/* OUT
@@ -521,7 +521,7 @@ krb5_error_code crypto_load_cas_and_crls
 	pkinit_req_crypto_context req_cryptoctx,	/* IN */
 	pkinit_identity_opts *idopts,			/* IN */
 	pkinit_identity_crypto_context id_cryptoctx,	/* IN/OUT */
-	int idtype,					/* IN 
+	int idtype,					/* IN
 		    defines the storage type (file, directory, etc) */
 	int catype,					/* IN
 		    defines the ca type (anchor, intermediate, crls) */
@@ -571,7 +571,7 @@ krb5_error_code pkinit_process_td_dh_params
 krb5_error_code pkinit_create_td_invalid_certificate
 	(krb5_context context,				/* IN */
 	pkinit_plg_crypto_context plg_cryptoctx,	/* IN */
-	pkinit_req_crypto_context req_cryptoctx,	/* IN */ 
+	pkinit_req_crypto_context req_cryptoctx,	/* IN */
 	pkinit_identity_crypto_context id_cryptoctx,	/* IN */
 	krb5_data **edata);				/* OUT */
 
@@ -586,7 +586,7 @@ krb5_error_code pkinit_create_td_trusted_certifiers
 	krb5_data **edata);				/* OUT */
 
 /*
- * this function processes edata that contains either 
+ * this function processes edata that contains either
  * TD-TRUSTED-CERTIFICATES or TD-INVALID-CERTIFICATES.
  * current implementation only decodes the received message
  * but does not act on it
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 2f0f09d31..84259e63a 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -415,7 +415,7 @@ pkinit_init_pkinit_oids(pkinit_plg_crypto_context ctx)
 	    } \
 	} \
 	ctx->vn = OBJ_nid2obj(nid);
-    
+
     CREATE_OBJ_IF_NEEDED("1.3.6.1.5.2.2", id_pkinit_san,
 			 "id-pkinit-san", "KRB5PrincipalName");
 
@@ -771,9 +771,9 @@ cms_signeddata_create(krb5_context context,
 			    id_cryptoctx->intermediateCAs);
 	X509_STORE_CTX_trusted_stack(&certctx, id_cryptoctx->trustedCAs);
 	if (!X509_verify_cert(&certctx)) {
-	    pkiDebug("failed to create a certificate chain: %s\n", 
+	    pkiDebug("failed to create a certificate chain: %s\n",
 	    X509_verify_cert_error_string(X509_STORE_CTX_get_error(&certctx)));
-	    if (!sk_X509_num(id_cryptoctx->trustedCAs)) 
+	    if (!sk_X509_num(id_cryptoctx->trustedCAs))
 		pkiDebug("No trusted CAs found. Check your X509_anchors\n");
 	    goto cleanup;
 	}
@@ -851,7 +851,7 @@ cms_signeddata_create(krb5_context context,
 				   V_ASN1_OCTET_STRING, (char *) digest_attr);
 
 	/* create a content-type attr */
-	PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType, 
+	PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
 				   V_ASN1_OBJECT, oid);
 
 	/* create the signature over signed attributes. get DER encoded value */
@@ -871,12 +871,12 @@ cms_signeddata_create(krb5_context context,
      *	digestAlgorithm  AlgorithmIdentifier,
      *	digest OCTET STRING }
      */
-    if (id_cryptoctx->pkcs11_method == 1 && 
+    if (id_cryptoctx->pkcs11_method == 1 &&
 	    id_cryptoctx->mech == CKM_RSA_PKCS) {
 	pkiDebug("mech = CKM_RSA_PKCS\n");
 	EVP_MD_CTX_init(&ctx2);
 	/* if this is not draft9 request, include digest signed attribute */
-	if (cms_msg_type != CMS_SIGN_DRAFT9) 
+	if (cms_msg_type != CMS_SIGN_DRAFT9)
 	    EVP_DigestInit_ex(&ctx2, md_tmp, NULL);
 	else
 	    EVP_DigestInit_ex(&ctx2, EVP_sha1(), NULL);
@@ -929,7 +929,7 @@ cms_signeddata_create(krb5_context context,
 #ifdef DEBUG_SIG
     print_buffer(sig, sig_len);
 #endif
-    if (cms_msg_type != CMS_SIGN_DRAFT9) 
+    if (cms_msg_type != CMS_SIGN_DRAFT9)
 	free(abuf);
     if (retval)
 	goto cleanup2;
@@ -1013,10 +1013,10 @@ cms_signeddata_create(krb5_context context,
 #endif
 
   cleanup2:
-    if (cms_msg_type != CMS_SIGN_DRAFT9) 
+    if (cms_msg_type != CMS_SIGN_DRAFT9)
 	EVP_MD_CTX_cleanup(&ctx);
 #ifndef WITHOUT_PKCS11
-    if (id_cryptoctx->pkcs11_method == 1 && 
+    if (id_cryptoctx->pkcs11_method == 1 &&
 	    id_cryptoctx->mech == CKM_RSA_PKCS) {
 	EVP_MD_CTX_cleanup(&ctx2);
 	free(digest_buf);
@@ -1029,7 +1029,7 @@ cms_signeddata_create(krb5_context context,
     if (alg != NULL)
 	X509_ALGOR_free(alg);
   cleanup:
-    if (p7 != NULL) 
+    if (p7 != NULL)
 	PKCS7_free(p7);
     free(sig);
 
@@ -1235,7 +1235,7 @@ cms_signeddata_verify(krb5_context context,
 #endif
     } else {
 	/* retrieve verified certificate chain */
-	if (cms_msg_type == CMS_SIGN_CLIENT || cms_msg_type == CMS_SIGN_DRAFT9) 
+	if (cms_msg_type == CMS_SIGN_CLIENT || cms_msg_type == CMS_SIGN_DRAFT9)
 	    verified_chain = X509_STORE_CTX_get1_chain(&cert_ctx);
     }
     X509_STORE_CTX_cleanup(&cert_ctx);
@@ -1248,7 +1248,7 @@ cms_signeddata_verify(krb5_context context,
     if (PKCS7_verify(p7, NULL, store, NULL, out, flags)) {
 	int valid_oid = 0;
 
-	if (!OBJ_cmp(p7->d.sign->contents->type, oid)) 
+	if (!OBJ_cmp(p7->d.sign->contents->type, oid))
 	    valid_oid = 1;
 	else if (cms_msg_type == CMS_SIGN_DRAFT9) {
 	    /*
@@ -1266,11 +1266,11 @@ cms_signeddata_verify(krb5_context context,
 		valid_oid = 1;
 	}
 
-	if (valid_oid) 
+	if (valid_oid)
 	    pkiDebug("PKCS7 Verification successful\n");
 	else {
 	    pkiDebug("wrong oid in eContentType\n");
-	    print_buffer(p7->d.sign->contents->type->data, 
+	    print_buffer(p7->d.sign->contents->type->data,
 		(unsigned int)p7->d.sign->contents->type->length);
 	    retval = KRB5KDC_ERR_PREAUTH_FAILED;
 	    krb5_set_error_message(context, retval, "wrong oid\n");
@@ -1310,11 +1310,11 @@ cms_signeddata_verify(krb5_context context,
     /* generate authorization data */
     if (cms_msg_type == CMS_SIGN_CLIENT || cms_msg_type == CMS_SIGN_DRAFT9) {
 
-	if (authz_data == NULL || authz_data_len == NULL) 
+	if (authz_data == NULL || authz_data_len == NULL)
 	    goto out;
 
 	*authz_data = NULL;
-	retval = create_identifiers_from_stack(verified_chain, 
+	retval = create_identifiers_from_stack(verified_chain,
 					       &krb5_verified_chain);
 	if (retval) {
 	    pkiDebug("create_identifiers_from_stack failed\n");
@@ -1447,18 +1447,18 @@ cms_envelopeddata_create(krb5_context context,
     }
     switch (pa_type) {
 	case KRB5_PADATA_PK_AS_REQ:
-	    p7->d.enveloped->enc_data->content_type = 
+	    p7->d.enveloped->enc_data->content_type =
 		OBJ_nid2obj(NID_pkcs7_signed);
 	    break;
 	case KRB5_PADATA_PK_AS_REP_OLD:
 	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    p7->d.enveloped->enc_data->content_type = 
+	    p7->d.enveloped->enc_data->content_type =
 		OBJ_nid2obj(NID_pkcs7_data);
 	    break;
 	break;
     break;
 break;
-    } 
+    }
 
     *out_len = i2d_PKCS7(p7, NULL);
     if (!*out_len || (p = *out = malloc(*out_len)) == NULL) {
@@ -1485,7 +1485,7 @@ cleanup:
     free(enc_data);
     if (encerts != NULL)
 	sk_X509_free(encerts);
-	
+
     return retval;
 }
 
@@ -1631,7 +1631,7 @@ cms_envelopeddata_verify(krb5_context context,
 
     if (!retval)
 	pkiDebug("PKCS7 Verification Success\n");
-    else { 	
+    else {
 	pkiDebug("PKCS7 Verification Failure\n");
 	goto cleanup;
     }
@@ -1774,7 +1774,7 @@ crypto_retrieve_X509_sans(krb5_context context,
 		    pkiDebug("%s: found dns name = %s\n",
 			     __FUNCTION__, gen->d.dNSName->data);
 		    dnss[d] = (unsigned char *)
-				    strdup((char *)gen->d.dNSName->data); 
+				    strdup((char *)gen->d.dNSName->data);
 		    if (dnss[d] == NULL) {
 			pkiDebug("%s: failed to duplicate dns name\n",
 				 __FUNCTION__);
@@ -2937,7 +2937,7 @@ pkinit_pkcs7type2oid(pkinit_plg_crypto_context cryptoctx, int pkcs7_type)
 	     * We need this shadow version because our code
 	     * depends on the "other" type to be unknown to the
 	     * OpenSSL code.
-	     */ 
+	     */
 	    if (cryptoctx->id_pkinit_authData9 == NULL) {
 		pkiDebug("%s: Creating shadow instance of pkcs7-data oid\n",
 			 __FUNCTION__);
@@ -3954,7 +3954,7 @@ pkinit_get_certs_dir(krb5_context context,
     retval = 0;
 
   cleanup:
-    if (d) 
+    if (d)
 	closedir(d);
 
     return retval;
@@ -4099,7 +4099,7 @@ pkinit_get_certs_pkcs11(krb5_context context,
     }
 
     for (i = 0; ; i++) {
-	if (i >= MAX_CREDS_ALLOWED) 
+	if (i >= MAX_CREDS_ALLOWED)
 	    return KRB5KDC_ERR_PREAUTH_FAILED;
 
 	/* Look for x.509 cert */
@@ -4338,7 +4338,7 @@ crypto_cert_iteration_next(krb5_context context,
 
     if (id_cryptoctx->creds[id->index] == NULL)
 	return PKINIT_ITER_NO_MORE;
-    
+
     cd = calloc(1, sizeof(*cd));
     if (cd == NULL)
 	return ENOMEM;
@@ -4392,7 +4392,7 @@ crypto_retieve_X509_key_usage(krb5_context context,
 	pkiDebug("%s: EKUs not requested, not checking\n", __FUNCTION__);
 	goto check_kus;
     }
-    
+
     /* Start with Extended Key usage */
     i = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
     if (i >= 0) {
@@ -4612,12 +4612,12 @@ crypto_cert_select(krb5_context context,
     cd = (struct _pkinit_cert_data *)md->ch;
     if (cd == NULL || cd->magic != CERT_MAGIC)
 	return EINVAL;
-    
-    /* copy the selected cert into our id_cryptoctx */ 
+
+    /* copy the selected cert into our id_cryptoctx */
     if (cd->idctx->my_certs != NULL) {
 	sk_X509_pop_free(cd->idctx->my_certs, X509_free);
     }
-    cd->idctx->my_certs = sk_X509_new_null();	
+    cd->idctx->my_certs = sk_X509_new_null();
     sk_X509_push(cd->idctx->my_certs, cd->cred->cert);
     cd->idctx->creds[cd->index]->cert = NULL;	    /* Don't free it twice */
     cd->idctx->cert_index = 0;
@@ -4625,7 +4625,7 @@ crypto_cert_select(krb5_context context,
     if (cd->idctx->pkcs11_method != 1) {
 	cd->idctx->my_key = cd->cred->key;
 	cd->idctx->creds[cd->index]->key = NULL;    /* Don't free it twice */
-    } 
+    }
 #ifndef WITHOUT_PKCS11
     else {
 	cd->idctx->cert_id = cd->cred->cert_id;
@@ -4662,11 +4662,11 @@ crypto_cert_select_default(krb5_context context,
 	retval = EINVAL;
 	goto errout;
     }
-    /* copy the selected cert into our id_cryptoctx */ 
+    /* copy the selected cert into our id_cryptoctx */
     if (id_cryptoctx->my_certs != NULL) {
 	sk_X509_pop_free(id_cryptoctx->my_certs, X509_free);
     }
-    id_cryptoctx->my_certs = sk_X509_new_null();	
+    id_cryptoctx->my_certs = sk_X509_new_null();
     sk_X509_push(id_cryptoctx->my_certs, id_cryptoctx->creds[0]->cert);
     id_cryptoctx->creds[0]->cert = NULL;	/* Don't free it twice */
     id_cryptoctx->cert_index = 0;
@@ -4674,7 +4674,7 @@ crypto_cert_select_default(krb5_context context,
     if (id_cryptoctx->pkcs11_method != 1) {
 	id_cryptoctx->my_key = id_cryptoctx->creds[0]->key;
 	id_cryptoctx->creds[0]->key = NULL;	/* Don't free it twice */
-    } 
+    }
 #ifndef WITHOUT_PKCS11
     else {
 	id_cryptoctx->cert_id = id_cryptoctx->creds[0]->cert_id;
@@ -4757,7 +4757,7 @@ load_cas_and_crls(krb5_context context,
      */
     for (i = 0; i < sk_X509_INFO_num(sk); i++) {
 	X509_INFO *xi = sk_X509_INFO_value(sk, i);
-	if (xi != NULL && xi->x509 != NULL && catype != CATYPE_CRLS) { 
+	if (xi != NULL && xi->x509 != NULL && catype != CATYPE_CRLS) {
 	    int j = 0, size = sk_X509_num(ca_certs), flag = 0;
 
 	    if (!size) {
@@ -4770,7 +4770,7 @@ load_cas_and_crls(krb5_context context,
 		flag = X509_cmp(x, xi->x509);
 		if (flag == 0)
 		    break;
-		else 
+		else
 		    continue;
 	    }
 	    if (flag != 0) {
@@ -4804,7 +4804,7 @@ load_cas_and_crls(krb5_context context,
     case CATYPE_ANCHORS:
 	if (sk_X509_num(ca_certs) == 0) {
 	    pkiDebug("no anchors in file, %s\n", filename);
-	    if (id_cryptoctx->trustedCAs == NULL) 
+	    if (id_cryptoctx->trustedCAs == NULL)
 		sk_X509_free(ca_certs);
 	} else {
 	    if (id_cryptoctx->trustedCAs == NULL)
@@ -4814,7 +4814,7 @@ load_cas_and_crls(krb5_context context,
     case CATYPE_INTERMEDIATES:
 	if (sk_X509_num(ca_certs) == 0) {
 	    pkiDebug("no intermediates in file, %s\n", filename);
-	    if (id_cryptoctx->intermediateCAs == NULL) 
+	    if (id_cryptoctx->intermediateCAs == NULL)
 		sk_X509_free(ca_certs);
 	} else {
 	    if (id_cryptoctx->intermediateCAs == NULL)
@@ -4855,7 +4855,7 @@ load_cas_and_crls_dir(krb5_context context,
 		      pkinit_req_crypto_context req_cryptoctx,
 		      pkinit_identity_crypto_context id_cryptoctx,
 		      int catype,
-		      char *dirname) 
+		      char *dirname)
 {
     krb5_error_code retval = EINVAL;
     DIR *d = NULL;
@@ -4866,7 +4866,7 @@ load_cas_and_crls_dir(krb5_context context,
 	return EINVAL;
 
     d = opendir(dirname);
-    if (d == NULL) 
+    if (d == NULL)
 	return ENOENT;
 
     while ((dentry = readdir(d))) {
@@ -4893,7 +4893,7 @@ load_cas_and_crls_dir(krb5_context context,
     retval = 0;
 
   cleanup:
-    if (d != NULL) 
+    if (d != NULL)
 	closedir(d);
 
     return retval;
@@ -4907,7 +4907,7 @@ crypto_load_cas_and_crls(krb5_context context,
 			 pkinit_identity_crypto_context id_cryptoctx,
 			 int idtype,
 			 int catype,
-			 char *id) 
+			 char *id)
 {
     pkiDebug("%s: called with idtype %s and catype %s\n",
 	     __FUNCTION__, idtype2string(idtype), catype2string(catype));
@@ -5008,7 +5008,7 @@ if (longhorn == 0) {	/* XXX Longhorn doesn't like this */
 		if ((p = krb5_cas[i]->subjectKeyIdentifier.data =
 		     malloc((size_t) len)) == NULL)
 		    goto cleanup;
-		i2d_ASN1_OCTET_STRING(ikeyid, &p);		
+		i2d_ASN1_OCTET_STRING(ikeyid, &p);
 		krb5_cas[i]->subjectKeyIdentifier.length = len;
 	    }
 	    if (ikeyid != NULL)
@@ -5052,7 +5052,7 @@ create_krb5_invalidCertificates(krb5_context context,
 	return KRB5KDC_ERR_PREAUTH_FAILED;
 
     sk = sk_X509_new_null();
-    if (sk == NULL) 
+    if (sk == NULL)
 	goto cleanup;
     sk_X509_push(sk, req_cryptoctx->received_cert);
 
@@ -5419,7 +5419,7 @@ pkcs7_dataDecode(krb5_context context,
 		     PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
 	    goto cleanup;
 	}
-	
+
     }
 
     /* If we haven't got a certificate try each ri in turn */
diff --git a/src/plugins/preauth/pkinit/pkinit_identity.c b/src/plugins/preauth/pkinit/pkinit_identity.c
index b71f7c945..48426e348 100644
--- a/src/plugins/preauth/pkinit/pkinit_identity.c
+++ b/src/plugins/preauth/pkinit/pkinit_identity.c
@@ -459,7 +459,7 @@ static krb5_error_code
 process_option_ca_crl(krb5_context context,
 		      pkinit_plg_crypto_context plg_cryptoctx,
 		      pkinit_req_crypto_context req_cryptoctx,
-		      pkinit_identity_opts *idopts, 
+		      pkinit_identity_opts *idopts,
 		      pkinit_identity_crypto_context id_cryptoctx,
 		      const char *value,
 		      int catype)
@@ -558,7 +558,7 @@ pkinit_identity_initialize(krb5_context context,
 	    goto errout;
 	}
     }
-    
+
     retval = crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
 				   id_cryptoctx);
     if (retval)
@@ -595,4 +595,3 @@ pkinit_identity_initialize(krb5_context context,
 errout:
     return retval;
 }
-
diff --git a/src/plugins/preauth/pkinit/pkinit_matching.c b/src/plugins/preauth/pkinit/pkinit_matching.c
index 778ae38c9..806fcbb87 100644
--- a/src/plugins/preauth/pkinit/pkinit_matching.c
+++ b/src/plugins/preauth/pkinit/pkinit_matching.c
@@ -135,10 +135,10 @@ typedef struct _rule_component {
     kw_value_type kwval_type;
     regex_t regexp;	    /* Compiled regular expression */
     char *regsrc;	    /* The regular expression source (for debugging) */
-    unsigned int ku_bits;   
+    unsigned int ku_bits;
     unsigned int eku_bits;
 } rule_component;
- 
+
 /* Set rule components */
 typedef struct _rule_set {
     relation_type relation;
@@ -180,7 +180,7 @@ free_rule_set(krb5_context context,
 
 static krb5_error_code
 parse_list_value(krb5_context context,
-		 keyword_type type, 
+		 keyword_type type,
 		 char *value,
 		 rule_component *rc)
 {
@@ -609,7 +609,7 @@ nextcert:
     pkiDebug("%s: After checking %d certs, we found %d matches\n",
 	     __FUNCTION__, certs_checked, total_cert_matches);
     if (total_cert_matches == 1) {
-	*match_found = 1;	
+	*match_found = 1;
 	*matching_cert = save_match;
     }
 
@@ -764,7 +764,7 @@ pkinit_cert_matching(krb5_context context,
 	if (retval) {
 	    if (retval == EINVAL) {
 		pkiDebug("%s: Ignoring invalid rule pkinit_cert_match = '%s'\n",
-			 __FUNCTION__, rules[x]); 
+			 __FUNCTION__, rules[x]);
 		continue;
 	    }
 	    goto cleanup;
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 1de10da1f..8b7447214 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -118,7 +118,7 @@ pkinit_server_get_edata(krb5_context context,
 
     /*
      * If we don't have a realm context for the given realm,
-     * don't tell the client that we support pkinit! 
+     * don't tell the client that we support pkinit!
      */
     plgctx = pkinit_find_realm_context(context, pa_plugin_context,
 				       request->server);
@@ -142,7 +142,7 @@ verify_client_san(krb5_context context,
 #ifdef DEBUG_SAN_INFO
     char *client_string = NULL, *san_string;
 #endif
-    
+
     retval = crypto_retrieve_cert_sans(context, plgctx->cryptoctx,
 				       reqctx->cryptoctx, plgctx->idctx,
 				       &princs,
@@ -295,7 +295,7 @@ pkinit_server_verify_padata(krb5_context context,
 			    krb5_data **e_data,
 			    krb5_authdata ***authz_data)
 {
-    krb5_error_code retval = 0;	
+    krb5_error_code retval = 0;
     krb5_octet_data authp_data = {0, 0, NULL}, krb5_authz = {0, 0, NULL};
     krb5_data *encoded_pkinit_authz_data = NULL;
     krb5_pa_pk_as_req *reqp = NULL;
@@ -363,7 +363,7 @@ pkinit_server_verify_padata(krb5_context context,
 		reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_CLIENT,
 		plgctx->opts->require_crl_checking,
 		reqp->signedAuthPack.data, reqp->signedAuthPack.length,
-		&authp_data.data, &authp_data.length, &krb5_authz.data, 
+		&authp_data.data, &authp_data.length, &krb5_authz.data,
 		&krb5_authz.length);
 	    break;
 	case KRB5_PADATA_PK_AS_REP_OLD:
@@ -385,7 +385,7 @@ pkinit_server_verify_padata(krb5_context context,
 		reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_DRAFT9,
 		plgctx->opts->require_crl_checking,
 		reqp9->signedAuthPack.data, reqp9->signedAuthPack.length,
-		&authp_data.data, &authp_data.length, &krb5_authz.data, 
+		&authp_data.data, &authp_data.length, &krb5_authz.data,
 		&krb5_authz.length);
 	    break;
 	default:
@@ -433,7 +433,7 @@ pkinit_server_verify_padata(krb5_context context,
 	    }
 
 	    /* check dh parameters */
-	    if (auth_pack->clientPublicValue != NULL) {	
+	    if (auth_pack->clientPublicValue != NULL) {
 		retval = server_check_dh(context, plgctx->cryptoctx,
 		    reqctx->cryptoctx, plgctx->idctx,
 		    &auth_pack->clientPublicValue->algorithm.parameters,
@@ -450,12 +450,12 @@ pkinit_server_verify_padata(krb5_context context,
 	     * came from the client.  Therefore, we use the original
 	     * packet contents.
 	     */
-	    retval = k5int_decode_krb5_as_req(req_pkt, &tmp_as_req); 
+	    retval = k5int_decode_krb5_as_req(req_pkt, &tmp_as_req);
 	    if (retval) {
 		pkiDebug("decode_krb5_as_req returned %d\n", (int)retval);
 		goto cleanup;
 	    }
-		
+
 	    retval = k5int_encode_krb5_kdc_req_body(tmp_as_req, &der_req);
 	    if (retval) {
 		pkiDebug("encode_krb5_kdc_req_body returned %d\n", (int) retval);
@@ -514,7 +514,7 @@ pkinit_server_verify_padata(krb5_context context,
 		pkiDebug("failed to decode krb5_auth_pack_draft9\n");
 		goto cleanup;
 	    }
-	    if (auth_pack9->clientPublicValue != NULL) {	
+	    if (auth_pack9->clientPublicValue != NULL) {
 		retval = server_check_dh(context, plgctx->cryptoctx,
 		    reqctx->cryptoctx, plgctx->idctx,
 		    &auth_pack9->clientPublicValue->algorithm.parameters,
@@ -567,7 +567,7 @@ pkinit_server_verify_padata(krb5_context context,
 	     */
 	    pkinit_authz_data->contents = krb5_authz.data;
 	    pkinit_authz_data->length = krb5_authz.length;
-	    retval = k5int_encode_krb5_authdata_elt(pkinit_authz_data, 
+	    retval = k5int_encode_krb5_authdata_elt(pkinit_authz_data,
 			    &encoded_pkinit_authz_data);
 #ifdef DEBUG_ASN1
 	    print_buffer_bin((unsigned char *)encoded_pkinit_authz_data->data,
@@ -586,12 +586,12 @@ pkinit_server_verify_padata(krb5_context context,
 			    (krb5_octet *) encoded_pkinit_authz_data->data;
 	    my_authz_data[0]->length = encoded_pkinit_authz_data->length;
 	    *authz_data = my_authz_data;
-	    pkiDebug("Returning %d bytes of authorization data\n", 
+	    pkiDebug("Returning %d bytes of authorization data\n",
 		     krb5_authz.length);
 	    encoded_pkinit_authz_data->data = NULL; /* Don't free during cleanup*/
 	    free(encoded_pkinit_authz_data);
 	    break;
-	default: 
+	default:
 	    *authz_data = NULL;
     }
     /* remember to set the PREAUTH flag in the reply */
@@ -619,7 +619,7 @@ pkinit_server_verify_padata(krb5_context context,
 	    free_krb5_pa_pk_as_req_draft9(&reqp9);
     }
     if (tmp_as_req != NULL)
-	k5int_krb5_free_kdc_req(context, tmp_as_req); 
+	k5int_krb5_free_kdc_req(context, tmp_as_req);
     free(authp_data.data);
     free(krb5_authz.data);
     if (reqctx != NULL)
@@ -684,7 +684,7 @@ pkinit_server_return_padata(krb5_context context,
 	pkiDebug("missing request context \n");
 	return EINVAL;
     }
-    
+
     plgctx = pkinit_find_realm_context(context, pa_plugin_context,
 				       request->server);
     if (plgctx == NULL) {
@@ -762,14 +762,14 @@ pkinit_server_return_padata(krb5_context context,
 	pkiDebug("received DH key delivery AS REQ\n");
 	retval = server_process_dh(context, plgctx->cryptoctx,
 	    reqctx->cryptoctx, plgctx->idctx, subjectPublicKey,
-	    subjectPublicKey_len, &dh_pubkey, &dh_pubkey_len, 
+	    subjectPublicKey_len, &dh_pubkey, &dh_pubkey_len,
 	    &server_key, &server_key_len);
 	if (retval) {
 	    pkiDebug("failed to process/create dh paramters\n");
 	    goto cleanup;
 	}
     }
-	
+
     if ((rep9 != NULL &&
 	    rep9->choice == choice_pa_pk_as_rep_draft9_dhSignedData) ||
 	(rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo)) {
@@ -846,7 +846,7 @@ pkinit_server_return_padata(krb5_context context,
 	pkiDebug("%s: return checksum instead of nonce = %d\n",
 		 __FUNCTION__, fixed_keypack);
 
-	/* if this is an RFC reply or draft9 client requested a checksum 
+	/* if this is an RFC reply or draft9 client requested a checksum
 	 * in the reply instead of the nonce, create an RFC-style keypack
 	 */
 	if ((int)padata->pa_type == KRB5_PADATA_PK_AS_REQ || fixed_keypack) {
@@ -873,7 +873,7 @@ pkinit_server_return_padata(krb5_context context,
 	    pkiDebug("calculating checksum on buf size = %d\n", req_pkt->length);
 	    print_buffer(req_pkt->data, req_pkt->length);
 	    pkiDebug("checksum size = %d\n", key_pack->asChecksum.length);
-	    print_buffer(key_pack->asChecksum.contents, 
+	    print_buffer(key_pack->asChecksum.contents,
 			 key_pack->asChecksum.length);
 	    pkiDebug("encrypting key (%d)\n", encrypting_key->length);
 	    print_buffer(encrypting_key->contents, encrypting_key->length);
@@ -894,7 +894,7 @@ pkinit_server_return_padata(krb5_context context,
 	    case KRB5_PADATA_PK_AS_REQ:
 		rep->choice = choice_pa_pk_as_rep_encKeyPack;
 		retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1, 
+		    reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1,
 		    (unsigned char *)encoded_key_pack->data,
 		    encoded_key_pack->length,
 		    &rep->u.encKeyPack.data, &rep->u.encKeyPack.length);
@@ -902,7 +902,7 @@ pkinit_server_return_padata(krb5_context context,
 	    case KRB5_PADATA_PK_AS_REP_OLD:
 	    case KRB5_PADATA_PK_AS_REQ_OLD:
 		/* if the request is from the broken draft9 client that
-		 * expects back a nonce, create it now 
+		 * expects back a nonce, create it now
 		 */
 		if (!fixed_keypack) {
 		    init_krb5_reply_key_pack_draft9(&key_pack9);
@@ -920,11 +920,11 @@ pkinit_server_return_padata(krb5_context context,
 			pkiDebug("failed to encode reply_key_pack\n");
 			goto cleanup;
 		    }
-		} 
+		}
 
 		rep9->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
 		retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1, 
+		    reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1,
 		    (unsigned char *)encoded_key_pack->data,
 		    encoded_key_pack->length,
 		    &rep9->u.encKeyPack.data, &rep9->u.encKeyPack.length);
diff --git a/src/prototype/getopt.c b/src/prototype/getopt.c
index 7f3882c96..5206e0f15 100644
--- a/src/prototype/getopt.c
+++ b/src/prototype/getopt.c
@@ -4,8 +4,8 @@ extern int optind;
 extern char *optarg;
 
 main(argc, argv)
-    int argc;
-    char **argv;
+int argc;
+char **argv;
 {
     int c;
     int errflg = 0;
@@ -13,19 +13,19 @@ main(argc, argv)
     <<<other globals here>>>;
 
     while ((c = getopt(argc, argv, "<<<>>>")) != -1) {
-	switch (c) {
-	    <<<add cases for arguments here>>>;
-	case '?':
-	default:
-	    errflg++;
-	    break;
-	}
+        switch (c) {
+            <<<add cases for arguments here>>>;
+        case '?':
+        default:
+            errflg++;
+        break;
+        }
     }
     if (errflg) {
-	fprintf(stderr, "Usage: %s <<<args>>>", argv[0]);
-	exit(2);
+        fprintf(stderr, "Usage: %s <<<args>>>", argv[0]);
+        exit(2);
     }
     for (; optind < argc; optind++) {
-	<<<process arg optind>>>;
+        <<<process arg optind>>>;
     }
 }
diff --git a/src/slave/kprop.c b/src/slave/kprop.c
index 0c2709ae9..fd9ac5808 100644
--- a/src/slave/kprop.c
+++ b/src/slave/kprop.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  */
 
@@ -72,23 +72,23 @@ void	PRS
 	(int, char **);
 void	get_tickets
 	(krb5_context);
-static void usage 
+static void usage
 	(void);
-krb5_error_code open_connection 
+krb5_error_code open_connection
 	(char *, int *, char *, unsigned int);
-void	kerberos_authenticate 
-	(krb5_context, krb5_auth_context *, 
+void	kerberos_authenticate
+	(krb5_context, krb5_auth_context *,
 		   int, krb5_principal, krb5_creds **);
-int	open_database 
+int	open_database
 	(krb5_context, char *, int *);
-void	close_database 
+void	close_database
 	(krb5_context, int);
-void	xmit_database 
-	(krb5_context, krb5_auth_context, krb5_creds *, 
+void	xmit_database
+	(krb5_context, krb5_auth_context, krb5_creds *,
 		   int, int, int);
-void	send_error 
+void	send_error
 	(krb5_context, krb5_creds *, int, char *, krb5_error_code);
-void	update_last_prop_file 
+void	update_last_prop_file
 	(char *, char *);
 
 static void usage()
@@ -109,7 +109,7 @@ main(argc, argv)
 	krb5_creds *my_creds;
 	krb5_auth_context auth_context;
 	char	Errmsg[256];
-	
+
 	retval = krb5_init_context(&context);
 	if (retval) {
 		com_err(argv[0], retval, "while initializing krb5");
@@ -130,9 +130,9 @@ main(argc, argv)
 			progname, Errmsg, slave_host);
 		exit(1);
 	}
-	kerberos_authenticate(context, &auth_context, fd, my_principal, 
+	kerberos_authenticate(context, &auth_context, fd, my_principal,
 			      &my_creds);
-	xmit_database(context, auth_context, my_creds, fd, database_fd, 
+	xmit_database(context, auth_context, my_creds, fd, database_fd,
 		      database_size);
 	update_last_prop_file(slave_host, file);
 	printf("Database propagation to %s: SUCCEEDED\n", slave_host);
@@ -146,7 +146,7 @@ void PRS(argc, argv)
 	char	**argv;
 {
 	register char	*word, ch;
-	
+
 	progname = *argv++;
 	while (--argc && (word = *argv++)) {
 		if (*word == '-') {
@@ -195,7 +195,7 @@ void PRS(argc, argv)
 				default:
 					usage();
 				}
-				
+
 			}
 		} else {
 			if (slave_host)
@@ -228,7 +228,7 @@ void get_tickets(context)
 	if (realm) {
 	    retval = krb5_set_principal_realm(context, my_principal, realm);
 	    if (retval) {
-	        com_err(progname, errno, 
+	        com_err(progname, errno,
 			"while setting client principal realm");
 		exit(1);
 	    }
@@ -274,7 +274,7 @@ void get_tickets(context)
 	if (realm) {
 	    retval = krb5_set_principal_realm(context, creds.server, realm);
 	    if (retval) {
-	        com_err(progname, errno, 
+	        com_err(progname, errno,
 			"while setting server principal realm");
 		exit(1);
 	    }
@@ -308,7 +308,7 @@ void get_tickets(context)
 
 	if (keytab)
 	    (void) krb5_kt_close(context, keytab);
-	
+
 	/*
 	 * Now destroy the cache right away --- the credentials we
 	 * need will be in my_creds.
@@ -329,7 +329,7 @@ open_connection(host, fd, Errmsg, ErrmsgSz)
 {
 	int	s;
 	krb5_error_code	retval;
-	
+
 	struct hostent	*hp;
 	register struct servent *sp;
 	struct sockaddr_in my_sin;
@@ -353,7 +353,7 @@ open_connection(host, fd, Errmsg, ErrmsgSz)
 	} else
 		my_sin.sin_port = port;
 	s = socket(AF_INET, SOCK_STREAM, 0);
-	
+
 	if (s < 0) {
 		(void) snprintf(Errmsg, ErrmsgSz, "in call to socket");
 		return(errno);
@@ -404,10 +404,10 @@ void kerberos_authenticate(context, auth_context, fd, me, new_creds)
 	krb5_ap_rep_enc_part	*rep_result;
 
     retval = krb5_auth_con_init(context, auth_context);
-    if (retval) 
+    if (retval)
 	exit(1);
 
-    krb5_auth_con_setflags(context, *auth_context, 
+    krb5_auth_con_setflags(context, *auth_context,
 			   KRB5_AUTH_CONTEXT_DO_SEQUENCE);
 
     retval = krb5_auth_con_setaddrs(context, *auth_context, &sender_addr,
@@ -417,7 +417,7 @@ void kerberos_authenticate(context, auth_context, fd, me, new_creds)
 	exit(1);
     }
 
-    retval = krb5_sendauth(context, auth_context, (void *)&fd, 
+    retval = krb5_sendauth(context, auth_context, (void *)&fd,
 			   kprop_version, me, creds.server,
 			   AP_OPTS_MUTUAL_REQUIRED, NULL, &creds, NULL,
 			   &error, &rep_result, new_creds);
@@ -486,7 +486,7 @@ open_database(context, data_fn, size)
 	} else if (err) {
 	    com_err(progname, err, "while trying to lock '%s'", dbpathname);
 	    exit(1);
-	}	    
+	}
 	if (fstat(fd, &stbuf)) {
 		com_err(progname, errno, "while trying to stat %s",
 			data_fn);
@@ -525,18 +525,18 @@ close_database(context, fd)
     (void)close(fd);
     return;
 }
-  
+
 /*
  * Now we send over the database.  We use the following protocol:
  * Send over a KRB_SAFE message with the size.  Then we send over the
  * database in blocks of KPROP_BLKSIZE, encrypted using KRB_PRIV.
  * Then we expect to see a KRB_SAFE message with the size sent back.
- * 
+ *
  * At any point in the protocol, we may send a KRB_ERROR message; this
  * will abort the entire operation.
  */
 void
-xmit_database(context, auth_context, my_creds, fd, database_fd, 
+xmit_database(context, auth_context, my_creds, fd, database_fd,
 	      in_database_size)
     krb5_context context;
     krb5_auth_context auth_context;
@@ -551,7 +551,7 @@ xmit_database(context, auth_context, my_creds, fd, database_fd,
 	krb5_error_code	retval;
 	krb5_error	*error;
 	/* These must be 4 bytes */
-	krb5_ui_4	database_size = in_database_size; 
+	krb5_ui_4	database_size = in_database_size;
 	krb5_ui_4	send_size;
 
 	/*
@@ -561,7 +561,7 @@ xmit_database(context, auth_context, my_creds, fd, database_fd,
 	inbuf.data = (char *) &send_size;
 	inbuf.length = sizeof(send_size); /* must be 4, really */
 	/* KPROP_CKSUMTYPE */
-	retval = krb5_mk_safe(context, auth_context, &inbuf, 
+	retval = krb5_mk_safe(context, auth_context, &inbuf,
 			      &outbuf, NULL);
 	if (retval) {
 		com_err(progname, retval, "while encoding database size");
@@ -581,12 +581,12 @@ xmit_database(context, auth_context, my_creds, fd, database_fd,
 	 */
 	retval = krb5_auth_con_initivector(context, auth_context);
 	if (retval) {
-	    send_error(context, my_creds, fd, 
+	    send_error(context, my_creds, fd,
 		       "failed while initializing i_vector", retval);
 	    com_err(progname, retval, "while allocating i_vector");
 	    exit(1);
 	}
- 
+
 	/*
 	 * Send over the file, block by block....
 	 */
@@ -652,8 +652,8 @@ xmit_database(context, auth_context, my_creds, fd, database_fd,
 					"Generic remote error: %s\n",
 					error->text.data);
 		} else if (error->error) {
-			com_err(progname, 
-				(krb5_error_code) error->error + 
+			com_err(progname,
+				(krb5_error_code) error->error +
 				  ERROR_TABLE_BASE_krb5,
 				"signalled from server");
 			if (error->text.data)
diff --git a/src/slave/kprop.h b/src/slave/kprop.h
index bc601de54..28425507d 100644
--- a/src/slave/kprop.h
+++ b/src/slave/kprop.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  */
 
diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
index c9841e2f8..defef323f 100644
--- a/src/slave/kpropd.c
+++ b/src/slave/kpropd.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -34,7 +34,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -48,7 +48,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * XXX We need to modify the protocol so that an acknowledge is set
  * after each block, instead after the entire series is sent over.
@@ -344,7 +344,7 @@ retry:
 	    }
 	}
 	if (!debug && iproprole != IPROP_SLAVE)
-		daemon(1, 0);	    
+		daemon(1, 0);
 #ifdef PID_FILE
 	if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
 		fprintf(pidfile, "%d\n", getpid());
@@ -360,7 +360,7 @@ retry:
 	while (1) {
 		int child_pid;
 		int status;
-	    
+
 		memset(&frominet, 0, sizeof(frominet));
 		fromlen = sizeof(frominet);
 		if (debug)
@@ -424,7 +424,7 @@ retry:
 		    close(s);
 		    if (iproprole == IPROP_SLAVE)
 			close(finet);
- 
+
 		    if ((ret = WEXITSTATUS(status)) != 0)
 			return (ret);
 		}
@@ -532,7 +532,7 @@ void doit(fd)
 	omask = umask(077);
 	lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600);
 	(void) umask(omask);
-	retval = krb5_lock_file(kpropd_context, lock_fd, 
+	retval = krb5_lock_file(kpropd_context, lock_fd,
 				KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK);
 	if (retval) {
 	    com_err(progname, retval, "while trying to lock '%s'",
@@ -571,7 +571,7 @@ void doit(fd)
 	 * recv_database, then close the socket.
 	 */
 	retval = krb5_write_message(kpropd_context, (void *) &fd, &confmsg);
-	if (retval) { 
+	if (retval) {
 		krb5_free_data_contents(kpropd_context, &confmsg);
 		com_err(progname, retval,
 			"while sending # of received bytes");
@@ -583,7 +583,7 @@ void doit(fd)
 			"while trying to close database file");
 		exit(1);
 	}
-	
+
 	exit(0);
 }
 
@@ -669,7 +669,7 @@ krb5_error_code do_iprop(kdb_log_context *log_ctx)
 
 	if (master_svc_princstr == NULL) {
 		if ((retval = kadm5_get_kiprop_host_srv_name(kpropd_context,
-							     def_realm, 
+							     def_realm,
 							     &master_svc_princstr))) {
 			com_err(progname, retval,
 				_("%s: unable to get kiprop host based "
@@ -776,7 +776,7 @@ reinit:
 	 * Reset the handle to the correct type for the RPC call
 	 */
 	handle = server_handle;
-	
+
 	for (;;) {
 		incr_ret = NULL;
 		full_ret = NULL;
@@ -834,7 +834,7 @@ reinit:
 			switch (full_ret->ret) {
 			case UPDATE_OK:
 				backoff_cnt = 0;
-				/* 
+				/*
 				 * We now listen on the kprop port for
 				 * the full dump
 				 */
@@ -1164,7 +1164,7 @@ void PRS(argv)
 				default:
 					usage();
 				}
-				
+
 			}
 		} else
 			/* We don't take any arguments, only options */
@@ -1191,7 +1191,7 @@ void PRS(argv)
 	if (realm) {
 	    retval = krb5_set_principal_realm(kpropd_context, server, realm);
 	    if (retval) {
-	        com_err(progname, errno, 
+	        com_err(progname, errno,
 			"while constructing my service realm");
 		exit(1);
 	    }
@@ -1214,10 +1214,10 @@ void PRS(argv)
 		ulog_set_role(kpropd_context, IPROP_SLAVE);
 
 		if (ulog_map(kpropd_context, params.iprop_logfile,
-			     params.iprop_ulogsize, FKPROPD, db_args)) { 
+			     params.iprop_ulogsize, FKPROPD, db_args)) {
  			com_err(progname, errno,
-			    _("Unable to map log!\n")); 
-			exit(1); 
+			    _("Unable to map log!\n"));
+			exit(1);
 		}
 	}
 	log_ctx = kpropd_context->kdblog_context;
@@ -1282,7 +1282,7 @@ kerberos_authenticate(context, fd, clientp, etype, my_sin)
     	exit(1);
     }
 
-    retval = krb5_auth_con_setflags(context, auth_context, 
+    retval = krb5_auth_con_setflags(context, auth_context,
 				    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
     if (retval) {
 	syslog(LOG_ERR, "Error in krb5_auth_con_setflags: %s",
@@ -1315,7 +1315,7 @@ kerberos_authenticate(context, fd, clientp, etype, my_sin)
 
     retval = krb5_copy_principal(context, ticket->enc_part2->client, clientp);
     if (retval) {
-	syslog(LOG_ERR, "Error in krb5_copy_prinicpal: %s", 
+	syslog(LOG_ERR, "Error in krb5_copy_prinicpal: %s",
 	       error_message(retval));
 	exit(1);
     }
@@ -1357,7 +1357,7 @@ authorized_principal(context, p, auth_etype)
     FILE		*acl_file;
     int			end;
     krb5_enctype	acl_etype;
-    
+
     retval = krb5_unparse_name(context, p, &name);
     if (retval)
 	return FALSE;
@@ -1430,7 +1430,7 @@ recv_database(context, fd, database_fd, confmsg)
 		recv_error(context, &inbuf);
 	retval = krb5_rd_safe(context,auth_context,&inbuf,&outbuf,NULL);
 	if (retval) {
-		send_error(context, fd, retval, 
+		send_error(context, fd, retval,
 			   "while decoding database size");
 		krb5_free_data_contents(context, &inbuf);
 		com_err(progname, retval,
@@ -1447,7 +1447,7 @@ recv_database(context, fd, database_fd, confmsg)
 	 */
 	retval = krb5_auth_con_initivector(context, auth_context);
 	if (retval) {
-	  send_error(context, fd, retval, 
+	  send_error(context, fd, retval,
 		     "failed while initializing i_vector");
 	  com_err(progname, retval, "while initializing i_vector");
 	  exit(1);
@@ -1469,7 +1469,7 @@ recv_database(context, fd, database_fd, confmsg)
 		}
 		if (krb5_is_krb_error(&inbuf))
 			recv_error(context, &inbuf);
-		retval = krb5_rd_priv(context, auth_context, &inbuf, 
+		retval = krb5_rd_priv(context, auth_context, &inbuf,
 				      &outbuf, NULL);
 		if (retval) {
 			snprintf(buf, sizeof(buf),
@@ -1539,12 +1539,12 @@ send_error(context, fd, err_code, err_text)
 	krb5_us_timeofday(context, &error.stime, &error.susec);
 	error.server = server;
 	error.client = client;
-	
+
 	if (err_text)
 		text = err_text;
 	else
 		text = error_message(err_code);
-	
+
 	error.error = err_code - ERROR_TABLE_BASE_krb5;
 	if (error.error > 127) {
 		error.error = KRB_ERR_GENERIC;
@@ -1553,7 +1553,7 @@ send_error(context, fd, err_code, err_text)
 				 error_message(err_code), err_text);
 			text = buf;
 		}
-	} 
+	}
 	error.text.length = strlen(text) + 1;
 	error.text.data = strdup(text);
 	if (error.text.data) {
@@ -1585,7 +1585,7 @@ recv_error(context, inbuf)
 				"Generic remote error: %s\n",
 				error->text.data);
 	} else if (error->error) {
-		com_err(progname, 
+		com_err(progname,
 			(krb5_error_code) error->error + ERROR_TABLE_BASE_krb5,
 			"signaled from server");
 		if (error->text.data)
@@ -1629,8 +1629,8 @@ load_database(context, kdb_util, database_file_name)
 	edit_av[0] = kdb_util;
 	count = 1;
 	if (realm) {
-		edit_av[count++] = "-r";	
-		edit_av[count++] = realm;	
+		edit_av[count++] = "-r";
+		edit_av[count++] = realm;
 	}
 	edit_av[count++] = "load";
 	if (kerb_database) {
@@ -1678,7 +1678,7 @@ load_database(context, kdb_util, database_file_name)
 			exit(1);
 		}
 	}
-	
+
 	error_ret = WEXITSTATUS(waitb);
 	if (error_ret) {
 		com_err(progname, 0, "%s returned a bad exit status (%d)",
diff --git a/src/tests/asn.1/krb5_decode_leak.c b/src/tests/asn.1/krb5_decode_leak.c
index 3eb6f3c66..1b90bf769 100644
--- a/src/tests/asn.1/krb5_decode_leak.c
+++ b/src/tests/asn.1/krb5_decode_leak.c
@@ -49,7 +49,7 @@ main(int argc, char **argv)
         exit(1);
     }
     init_access(argv[0]);
-  
+
 #define setup(value, typestring, constructor) \
     retval = constructor(&(value)); \
     if (retval) { \
@@ -83,7 +83,7 @@ main(int argc, char **argv)
             freefn(test_context, tmp); \
     } \
     krb5_free_data(test_context, code);
-      
+
     /****************************************************************/
     /* encode_krb5_authenticator */
     {
@@ -105,7 +105,7 @@ main(int argc, char **argv)
                   decode_krb5_authenticator, krb5_free_authenticator);
         ktest_empty_authenticator(&authent);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_ticket */
     {
@@ -126,8 +126,8 @@ main(int argc, char **argv)
         leak_test(keyblk, encode_krb5_encryption_key,
                   decode_krb5_encryption_key, krb5_free_keyblock);
         ktest_empty_keyblock(&keyblk);
-    }  
-  
+    }
+
     /****************************************************************/
     /* encode_krb5_enc_tkt_part */
     {
@@ -143,23 +143,23 @@ main(int argc, char **argv)
 
         leak_test(*(tkt.enc_part2), encode_krb5_enc_tkt_part,
                   decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part);
-  
+
         tkt.enc_part2->times.starttime = 0;
         tkt.enc_part2->times.renew_till = 0;
         ktest_destroy_address(&(tkt.enc_part2->caddrs[1]));
         ktest_destroy_address(&(tkt.enc_part2->caddrs[0]));
         ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1]));
         ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0]));
-  
+
         /* ISODE version fails on the empty caddrs field */
         ktest_destroy_addresses(&(tkt.enc_part2->caddrs));
         ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
-  
+
         leak_test(*(tkt.enc_part2), encode_krb5_enc_tkt_part,
                   decode_krb5_enc_tkt_part, krb5_free_enc_tkt_part);
         ktest_empty_ticket(&tkt);
-    }  
-  
+    }
+
     /****************************************************************/
     /* encode_krb5_enc_kdc_rep_part */
     {
@@ -167,26 +167,26 @@ main(int argc, char **argv)
         krb5_enc_kdc_rep_part *tmp;
 
         memset(&kdcr, 0, sizeof(kdcr));
- 
+
         kdcr.enc_part2 = calloc(1, sizeof(krb5_enc_kdc_rep_part));
         if (kdcr.enc_part2 == NULL)
             com_err("allocating enc_kdc_rep_part", errno, "");
         setup(*(kdcr.enc_part2), "enc_kdc_rep_part",
               ktest_make_sample_enc_kdc_rep_part);
-  
+
         leak_test(*(kdcr.enc_part2), encode_krb5_enc_kdc_rep_part,
                   decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part);
-  
+
         kdcr.enc_part2->key_exp = 0;
         kdcr.enc_part2->times.starttime = 0;
         kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE;
         ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
-  
+
         leak_test(*(kdcr.enc_part2), encode_krb5_enc_kdc_rep_part,
                   decode_krb5_enc_kdc_rep_part, krb5_free_enc_kdc_rep_part);
 
         ktest_empty_kdc_rep(&kdcr);
-    }  
+    }
 
     /****************************************************************/
     /* encode_krb5_as_rep */
@@ -197,15 +197,15 @@ main(int argc, char **argv)
         kdcr.msg_type = KRB5_AS_REP;
         leak_test(kdcr, encode_krb5_as_rep, decode_krb5_as_rep,
                   krb5_free_kdc_rep);
-  
+
         ktest_destroy_pa_data_array(&(kdcr.padata));
         leak_test(kdcr, encode_krb5_as_rep, decode_krb5_as_rep,
                   krb5_free_kdc_rep);
 
         ktest_empty_kdc_rep(&kdcr);
 
-    }  
-  
+    }
+
     /****************************************************************/
     /* encode_krb5_tgs_rep */
     {
@@ -222,8 +222,8 @@ main(int argc, char **argv)
 
         ktest_empty_kdc_rep(&kdcr);
 
-    }  
-  
+    }
+
     /****************************************************************/
     /* encode_krb5_ap_req */
     {
@@ -233,7 +233,7 @@ main(int argc, char **argv)
         leak_test(apreq, encode_krb5_ap_req, decode_krb5_ap_req,
                   krb5_free_ap_req);
         ktest_empty_ap_req(&apreq);
-    }  
+    }
 
     /****************************************************************/
     /* encode_krb5_ap_rep */
@@ -244,7 +244,7 @@ main(int argc, char **argv)
         leak_test(aprep, encode_krb5_ap_rep, decode_krb5_ap_rep,
                   krb5_free_ap_rep);
         ktest_empty_ap_rep(&aprep);
-    }  
+    }
 
     /****************************************************************/
     /* encode_krb5_ap_rep_enc_part */
@@ -254,14 +254,14 @@ main(int argc, char **argv)
         setup(apenc, "ap_rep_enc_part", ktest_make_sample_ap_rep_enc_part);
         leak_test(apenc, encode_krb5_ap_rep_enc_part,
                   decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part);
-  
+
         ktest_destroy_keyblock(&(apenc.subkey));
         apenc.seq_number = 0;
         leak_test(apenc, encode_krb5_ap_rep_enc_part,
                   decode_krb5_ap_rep_enc_part, krb5_free_ap_rep_enc_part);
         ktest_empty_ap_rep_enc_part(&apenc);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_as_req */
     {
@@ -295,7 +295,7 @@ main(int argc, char **argv)
                   krb5_free_kdc_req);
         ktest_empty_kdc_req(&asreq);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_tgs_req */
     {
@@ -329,7 +329,7 @@ main(int argc, char **argv)
                   krb5_free_kdc_req);
         ktest_empty_kdc_req(&tgsreq);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_kdc_req_body */
     {
@@ -362,7 +362,7 @@ main(int argc, char **argv)
                   krb5_free_kdc_req);
         ktest_empty_kdc_req(&kdcrb);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_safe */
     {
@@ -378,7 +378,7 @@ main(int argc, char **argv)
         leak_test(s, encode_krb5_safe, decode_krb5_safe, krb5_free_safe);
         ktest_empty_safe(&s);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_priv */
     {
@@ -388,7 +388,7 @@ main(int argc, char **argv)
         leak_test(p, encode_krb5_priv, decode_krb5_priv, krb5_free_priv);
         ktest_empty_priv(&p);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_enc_priv_part */
     {
@@ -406,7 +406,7 @@ main(int argc, char **argv)
                   krb5_free_priv_enc_part);
         ktest_empty_priv_enc_part(&ep);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_cred */
     {
@@ -416,12 +416,12 @@ main(int argc, char **argv)
         leak_test(c, encode_krb5_cred, decode_krb5_cred, krb5_free_cred);
         ktest_empty_cred(&c);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_enc_cred_part */
     {
         krb5_cred_enc_part cep, *tmp;
-        
+
         setup(cep, "cred_enc_part", ktest_make_sample_cred_enc_part);
         leak_test(cep, encode_krb5_enc_cred_part, decode_krb5_enc_cred_part,
                   free_cred_enc_part_whole);
@@ -442,7 +442,7 @@ main(int argc, char **argv)
                   free_cred_enc_part_whole);
         ktest_empty_cred_enc_part(&cep);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_error */
     {
@@ -459,7 +459,7 @@ main(int argc, char **argv)
 
         ktest_empty_error(&kerr);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_authdata */
     {
@@ -470,7 +470,7 @@ main(int argc, char **argv)
                   krb5_free_authdata);
         ktest_destroy_authorization_data(&ad);
     }
-  
+
     /****************************************************************/
     /* encode_pwd_sequence */
     {
@@ -497,7 +497,7 @@ main(int argc, char **argv)
     /* encode_padata_sequence */
     {
         krb5_pa_data **pa, **tmp;
-    
+
         setup(pa, "PreauthData", ktest_make_sample_pa_data_array);
         leak_test(*pa, encode_krb5_padata_sequence,
                   decode_krb5_padata_sequence, krb5_free_pa_data);
@@ -508,7 +508,7 @@ main(int argc, char **argv)
     /* encode_padata_sequence (empty) */
     {
         krb5_pa_data **pa, **tmp;
-    
+
         setup(pa,"EmptyPreauthData",ktest_make_sample_empty_pa_data_array);
         leak_test(*pa, encode_krb5_padata_sequence,
                   decode_krb5_padata_sequence, krb5_free_pa_data);
@@ -536,7 +536,7 @@ main(int argc, char **argv)
     /* encode_etype_info */
     {
         krb5_etype_info_entry **info, **tmp;
-    
+
         setup(info, "etype_info", ktest_make_sample_etype_info);
         leak_test(*info, encode_krb5_etype_info, decode_krb5_etype_info,
                   krb5_free_etype_info);
@@ -556,7 +556,7 @@ main(int argc, char **argv)
     /* encode_etype_info 2*/
     {
         krb5_etype_info_entry **info, **tmp;
-    
+
         setup(info, "etype_info2", ktest_make_sample_etype_info2);
         leak_test(*info, encode_krb5_etype_info2, decode_krb5_etype_info2,
                   krb5_free_etype_info);
diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c
index 401b26240..903697292 100644
--- a/src/tests/asn.1/krb5_decode_test.c
+++ b/src/tests/asn.1/krb5_decode_test.c
@@ -11,7 +11,7 @@ krb5_context test_context;
 int error_count = 0;
 
 void krb5_ktest_free_alt_method(krb5_context context, krb5_alt_method *val);
-void krb5_ktest_free_pwd_sequence(krb5_context context, 
+void krb5_ktest_free_pwd_sequence(krb5_context context,
 				  passwd_phrase_element *val);
 void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val);
 
@@ -21,14 +21,14 @@ int main(argc, argv)
 {
     krb5_data code;
     krb5_error_code retval;
-  
+
     retval = krb5_init_context(&test_context);
     if (retval) {
 	com_err(argv[0], retval, "while initializing krb5");
 	exit(1);
     }
     init_access(argv[0]);
-  
+
 
 #define setup(type,typestring,constructor)				\
     type ref, *var;							\
@@ -236,12 +236,12 @@ int main(argc, argv)
 	decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
 
 	ktest_destroy_authorization_data(&(ref.authorization_data));
-    
+
 	decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
 
 	ktest_empty_authenticator(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_ticket */
     {
@@ -320,14 +320,14 @@ int main(argc, argv)
 	decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
 
 	ktest_empty_keyblock(&ref);
-    }  
-  
+    }
+
     /****************************************************************/
     /* decode_krb5_enc_tkt_part */
     {
 	setup(krb5_enc_tkt_part,"krb5_enc_tkt_part",ktest_make_sample_enc_tkt_part);
 	decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
-  
+
 	/* ref.times.starttime = 0; */
 	ref.times.starttime = ref.times.authtime;
 	ref.times.renew_till = 0;
@@ -338,7 +338,7 @@ int main(argc, argv)
 	/* ISODE version fails on the empty caddrs field */
 	ktest_destroy_addresses(&(ref.caddrs));
 	ktest_destroy_authorization_data(&(ref.authorization_data));
-  
+
 	decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part, krb5_free_enc_tkt_part);
 
 	decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
@@ -352,26 +352,26 @@ int main(argc, argv)
 	decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
 	ktest_empty_enc_tkt_part(&ref);
-    }  
-  
+    }
+
     /****************************************************************/
     /* decode_krb5_enc_kdc_rep_part */
     {
 	setup(krb5_enc_kdc_rep_part,"krb5_enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part);
-  
+
 #ifdef KRB5_GENEROUS_LR_TYPE
 	decode_run("enc_kdc_rep_part","(compat_lr_type)","7A 82 01 10 30 82 01 0C A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 #endif
-  
+
 	decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
-  
+
 	ref.key_exp = 0;
 	/* ref.times.starttime = 0;*/
 	ref.times.starttime = ref.times.authtime;
 	ref.times.renew_till = 0;
 	ref.flags &= ~TKT_FLG_RENEWABLE;
 	ktest_destroy_addresses(&(ref.caddrs));
-  
+
 #ifdef KRB5_GENEROUS_LR_TYPE
 	decode_run("enc_kdc_rep_part","(optionals NULL)(compat lr_type)","7A 81 B4 30 81 B1 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 #endif
@@ -379,7 +379,7 @@ int main(argc, argv)
 	decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 
 	ktest_empty_enc_kdc_rep_part(&ref);
-    }  
+    }
 
     /****************************************************************/
     /* decode_krb5_as_rep */
@@ -443,8 +443,8 @@ int main(argc, argv)
 	decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
 
 	ktest_empty_kdc_rep(&ref);
-    }  
-  
+    }
+
     /****************************************************************/
     /* decode_krb5_tgs_rep */
     {
@@ -457,8 +457,8 @@ int main(argc, argv)
 	decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
 
 	ktest_empty_kdc_rep(&ref);
-    }  
-  
+    }
+
     /****************************************************************/
     /* decode_krb5_ap_req */
     {
@@ -466,7 +466,7 @@ int main(argc, argv)
 	decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req,krb5_free_ap_req);
 	ktest_empty_ap_req(&ref);
 
-    }  
+    }
 
     /****************************************************************/
     /* decode_krb5_ap_rep */
@@ -474,7 +474,7 @@ int main(argc, argv)
 	setup(krb5_ap_rep,"krb5_ap_rep",ktest_make_sample_ap_rep);
 	decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep,krb5_free_ap_rep);
 	ktest_empty_ap_rep(&ref);
-    }  
+    }
 
     /****************************************************************/
     /* decode_krb5_ap_rep_enc_part */
@@ -482,7 +482,7 @@ int main(argc, argv)
 	setup(krb5_ap_rep_enc_part,"krb5_ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part);
 
 	decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
-  
+
 	ktest_destroy_keyblock(&(ref.subkey));
 	ref.seq_number = 0;
 	decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
@@ -504,7 +504,7 @@ int main(argc, argv)
 
 	ktest_empty_ap_rep_enc_part(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_as_req */
     {
@@ -536,7 +536,7 @@ int main(argc, argv)
 
     }
 
-  
+
     /****************************************************************/
     /* decode_krb5_tgs_req */
     {
@@ -567,7 +567,7 @@ int main(argc, argv)
 
 	ktest_empty_kdc_req(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_kdc_req_body */
     {
@@ -606,7 +606,7 @@ int main(argc, argv)
 	ktest_empty_kdc_req(&ref);
     }
 
-  
+
     /****************************************************************/
     /* decode_krb5_safe */
     {
@@ -621,7 +621,7 @@ int main(argc, argv)
 
 	ktest_empty_safe(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_priv */
     {
@@ -629,7 +629,7 @@ int main(argc, argv)
 	decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv,krb5_free_priv);
 	ktest_empty_priv(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_enc_priv_part */
     {
@@ -643,7 +643,7 @@ int main(argc, argv)
 	decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
 	ktest_empty_priv_enc_part(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_cred */
     {
@@ -651,7 +651,7 @@ int main(argc, argv)
 	decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred,krb5_free_cred);
 	ktest_empty_cred(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_enc_cred_part */
     {
@@ -678,7 +678,7 @@ int main(argc, argv)
 
 	ktest_empty_cred_enc_part(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_error */
     {
@@ -693,7 +693,7 @@ int main(argc, argv)
 
 	ktest_empty_error(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_authdata */
     {
@@ -715,7 +715,7 @@ int main(argc, argv)
 	krb5_free_authdata(test_context, var);
 	ktest_destroy_authorization_data(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_pwd_sequence */
     {
@@ -753,7 +753,7 @@ int main(argc, argv)
 	krb5_free_data_contents(test_context, &code);
 	ktest_destroy_pa_data_array(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_krb5_padata_sequence (empty) */
     {
@@ -775,7 +775,7 @@ int main(argc, argv)
 	krb5_free_data_contents(test_context, &code);
 	ktest_destroy_pa_data_array(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_pwd_sequence */
     {
@@ -812,7 +812,7 @@ int main(argc, argv)
 	ktest_destroy_etype_info_entry(ref[2]);      ref[2] = 0;
 	ktest_destroy_etype_info_entry(ref[1]);      ref[1] = 0;
 	krb5_free_data_contents(test_context, &code);
-      
+
 	retval = krb5_data_hex_parse(&code,"30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30");
 	if (retval) {
 	    com_err("krb5_decode_test", retval,
@@ -825,11 +825,11 @@ int main(argc, argv)
 		    "while decoding etype_info (only one)");
 	}
 	test(ktest_equal_etype_info(ref,var),"etype_info (only one)\n");
-      
+
 	ktest_destroy_etype_info(var);
 	ktest_destroy_etype_info_entry(ref[0]);      ref[0] = 0;
 	krb5_free_data_contents(test_context, &code);
-      
+
 	retval = krb5_data_hex_parse(&code,"30 00");
 	if (retval) {
 	    com_err("krb5_decode_test", retval,
@@ -856,7 +856,7 @@ int main(argc, argv)
 	ref.pausec = 0;
 	decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
     }
-  
+
     /****************************************************************/
     /* decode_enc_data */
     {
@@ -864,7 +864,7 @@ int main(argc, argv)
 	decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
 	ktest_destroy_enc_data(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_sam_challenge */
     {
@@ -873,7 +873,7 @@ int main(argc, argv)
 	ktest_empty_sam_challenge(&ref);
 
     }
-  
+
     /****************************************************************/
     /* decode_sam_challenge */
     {
@@ -881,7 +881,7 @@ int main(argc, argv)
 	decode_run("sam_challenge","","30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge);
 	ktest_empty_sam_challenge(&ref);
     }
-  
+
     /****************************************************************/
     /* decode_sam_response */
     {
@@ -931,7 +931,7 @@ void krb5_ktest_free_alt_method(krb5_context context, krb5_alt_method *val)
     free(val);
 }
 
-void krb5_ktest_free_pwd_sequence(krb5_context context, 
+void krb5_ktest_free_pwd_sequence(krb5_context context,
 				  passwd_phrase_element *val)
 {
     krb5_free_data(context, val->passwd);
diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c
index c010af9ab..db99f1080 100644
--- a/src/tests/asn.1/krb5_encode_test.c
+++ b/src/tests/asn.1/krb5_encode_test.c
@@ -50,13 +50,13 @@ static void encoder_print_results(code, typestring, description)
 	free(code_string);
     }
     ktest_destroy_data(&code);
-}	
+}
 
 static void PRS(argc, argv)
     int	argc;
     char	**argv;
 {
-    extern char *optarg;	
+    extern char *optarg;
     int optchar;
     extern int print_types, print_krb5_types, print_id_and_len,
 	print_constructed_length, print_skip_context,
@@ -95,21 +95,21 @@ main(argc, argv)
     krb5_error_code retval;
 
     PRS(argc, argv);
-  
+
     retval = krb5_init_context(&test_context);
     if (retval) {
 	com_err(argv[0], retval, "while initializing krb5");
 	exit(1);
     }
     init_access(argv[0]);
-  
+
 #define setup(value,type,typestring,constructor)			\
     retval = constructor(&(value));					\
     if (retval) {							\
 	com_err("krb5_encode_test", retval, "while making sample %s", typestring); \
 	exit(1);							\
     }
-    
+
 #define encode_run(value,type,typestring,description,encoder)		\
     retval = encoder(&(value),&(code));					\
     if (retval) {							\
@@ -117,7 +117,7 @@ main(argc, argv)
 	exit(1);							\
     }									\
     encoder_print_results(code, typestring, description);
-      
+
     /****************************************************************/
     /* encode_krb5_authenticator */
     {
@@ -136,7 +136,7 @@ main(argc, argv)
 	encode_run(authent,authenticator,"authenticator","(optionals NULL)",encode_krb5_authenticator);
 	ktest_empty_authenticator(&authent);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_ticket */
     {
@@ -154,8 +154,8 @@ main(argc, argv)
 	current_appl_type = 1005;
 	encode_run(keyblk,keyblock,"keyblock","",encode_krb5_encryption_key);
 	ktest_empty_keyblock(&keyblk);
-    }  
-  
+    }
+
     /****************************************************************/
     /* encode_krb5_enc_tkt_part */
     {
@@ -164,69 +164,69 @@ main(argc, argv)
 	tkt.enc_part2 = (krb5_enc_tkt_part*)calloc(1,sizeof(krb5_enc_tkt_part));
 	if (tkt.enc_part2 == NULL) com_err("allocating enc_tkt_part",errno,"");
 	setup(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part",ktest_make_sample_enc_tkt_part);
-  
+
 	encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","",encode_krb5_enc_tkt_part);
-  
+
 	tkt.enc_part2->times.starttime = 0;
 	tkt.enc_part2->times.renew_till = 0;
 	ktest_destroy_address(&(tkt.enc_part2->caddrs[1]));
 	ktest_destroy_address(&(tkt.enc_part2->caddrs[0]));
 	ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1]));
 	ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0]));
-  
+
 	/* ISODE version fails on the empty caddrs field */
 	ktest_destroy_addresses(&(tkt.enc_part2->caddrs));
 	ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
-  
+
 	encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","(optionals NULL)",encode_krb5_enc_tkt_part);
 	ktest_empty_ticket(&tkt);
-    }  
-  
+    }
+
     /****************************************************************/
     /* encode_krb5_enc_kdc_rep_part */
     {
 	krb5_kdc_rep kdcr;
 
 	memset(&kdcr, 0, sizeof(kdcr));
- 
+
 	kdcr.enc_part2 = (krb5_enc_kdc_rep_part*)
 	    calloc(1,sizeof(krb5_enc_kdc_rep_part));
 	if (kdcr.enc_part2 == NULL) com_err("allocating enc_kdc_rep_part",errno,"");
 	setup(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part);
-  
+
 	encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","",encode_krb5_enc_kdc_rep_part);
-  
+
 	kdcr.enc_part2->key_exp = 0;
 	kdcr.enc_part2->times.starttime = 0;
 	kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE;
 	ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
-  
+
 	encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","(optionals NULL)",encode_krb5_enc_kdc_rep_part);
 
 	ktest_empty_kdc_rep(&kdcr);
-    }  
+    }
 
     /****************************************************************/
     /* encode_krb5_as_rep */
     {
 	krb5_kdc_rep kdcr;
 	setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep);
-  
+
 /*    kdcr.msg_type = KRB5_TGS_REP;
       test(encode_krb5_as_rep(&kdcr,&code) == KRB5_BADMSGTYPE,
       "encode_krb5_as_rep type check\n");
       ktest_destroy_data(&code);*/
-  
+
 	kdcr.msg_type = KRB5_AS_REP;
 	encode_run(kdcr,as_rep,"as_rep","",encode_krb5_as_rep);
-  
+
 	ktest_destroy_pa_data_array(&(kdcr.padata));
 	encode_run(kdcr,as_rep,"as_rep","(optionals NULL)",encode_krb5_as_rep);
 
 	ktest_empty_kdc_rep(&kdcr);
 
-    }  
-  
+    }
+
     /****************************************************************/
     /* encode_krb5_tgs_rep */
     {
@@ -236,7 +236,7 @@ main(argc, argv)
 /*    kdcr.msg_type = KRB5_AS_REP;
       test(encode_krb5_tgs_rep(&kdcr,&code) == KRB5_BADMSGTYPE,
       "encode_krb5_tgs_rep type check\n");*/
-  
+
 	kdcr.msg_type = KRB5_TGS_REP;
 	encode_run(kdcr,tgs_rep,"tgs_rep","",encode_krb5_tgs_rep);
 
@@ -245,8 +245,8 @@ main(argc, argv)
 
 	ktest_empty_kdc_rep(&kdcr);
 
-    }  
-  
+    }
+
     /****************************************************************/
     /* encode_krb5_ap_req */
     {
@@ -254,7 +254,7 @@ main(argc, argv)
 	setup(apreq,ap_req,"ap_req",ktest_make_sample_ap_req);
 	encode_run(apreq,ap_req,"ap_req","",encode_krb5_ap_req);
 	ktest_empty_ap_req(&apreq);
-    }  
+    }
 
     /****************************************************************/
     /* encode_krb5_ap_rep */
@@ -263,7 +263,7 @@ main(argc, argv)
 	setup(aprep,ap_rep,"ap_rep",ktest_make_sample_ap_rep);
 	encode_run(aprep,ap_rep,"ap_rep","",encode_krb5_ap_rep);
 	ktest_empty_ap_rep(&aprep);
-    }  
+    }
 
     /****************************************************************/
     /* encode_krb5_ap_rep_enc_part */
@@ -271,13 +271,13 @@ main(argc, argv)
 	krb5_ap_rep_enc_part apenc;
 	setup(apenc,ap_rep_enc_part,"ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part);
 	encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","",encode_krb5_ap_rep_enc_part);
-  
+
 	ktest_destroy_keyblock(&(apenc.subkey));
 	apenc.seq_number = 0;
 	encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","(optionals NULL)",encode_krb5_ap_rep_enc_part);
 	ktest_empty_ap_rep_enc_part(&apenc);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_as_req */
     {
@@ -306,7 +306,7 @@ main(argc, argv)
 	encode_run(asreq,as_req,"as_req","(optionals NULL except server)",encode_krb5_as_req);
 	ktest_empty_kdc_req(&asreq);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_tgs_req */
     {
@@ -337,7 +337,7 @@ main(argc, argv)
 
 	ktest_empty_kdc_req(&tgsreq);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_kdc_req_body */
     {
@@ -370,7 +370,7 @@ main(argc, argv)
 
 	ktest_empty_kdc_req(&kdcrb);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_safe */
     {
@@ -386,7 +386,7 @@ main(argc, argv)
 
 	ktest_empty_safe(&s);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_priv */
     {
@@ -395,7 +395,7 @@ main(argc, argv)
 	encode_run(p,priv,"priv","",encode_krb5_priv);
 	ktest_empty_priv(&p);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_enc_priv_part */
     {
@@ -411,7 +411,7 @@ main(argc, argv)
 
 	ktest_empty_priv_enc_part(&ep);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_cred */
     {
@@ -420,7 +420,7 @@ main(argc, argv)
 	encode_run(c,cred,"cred","",encode_krb5_cred);
 	ktest_empty_cred(&c);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_enc_cred_part */
     {
@@ -444,7 +444,7 @@ main(argc, argv)
 
 	ktest_empty_cred_enc_part(&cep);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_error */
     {
@@ -460,7 +460,7 @@ main(argc, argv)
 
 	ktest_empty_error(&kerr);
     }
-  
+
     /****************************************************************/
     /* encode_krb5_authdata */
     {
@@ -477,7 +477,7 @@ main(argc, argv)
 
 	ktest_destroy_authorization_data(&ad);
     }
-  
+
     /****************************************************************/
     /* encode_pwd_sequence */
     {
@@ -500,7 +500,7 @@ main(argc, argv)
     /* encode_padata_sequence */
     {
 	krb5_pa_data **pa;
-    
+
 	setup(pa,krb5_pa_data,"PreauthData",ktest_make_sample_pa_data_array);
 	retval = encode_krb5_padata_sequence(pa,&(code));
 	if (retval) {
@@ -508,7 +508,7 @@ main(argc, argv)
 	    exit(1);
 	}
 	encoder_print_results(code, "padata_sequence", "");
-    
+
 	ktest_destroy_pa_data_array(&pa);
     }
 
@@ -516,7 +516,7 @@ main(argc, argv)
     /* encode_padata_sequence (empty) */
     {
 	krb5_pa_data **pa;
-    
+
 	setup(pa,krb5_pa_data,"EmptyPreauthData",ktest_make_sample_empty_pa_data_array);
 	retval = encode_krb5_padata_sequence(pa,&(code));
 	if (retval) {
@@ -547,7 +547,7 @@ main(argc, argv)
     /* encode_etype_info */
     {
 	krb5_etype_info_entry **info;
-    
+
 	setup(info,krb5_etype_info_entry **,"etype_info",
 	      ktest_make_sample_etype_info);
 	retval = encode_krb5_etype_info(info,&(code));
@@ -567,7 +567,7 @@ main(argc, argv)
 	encoder_print_results(code, "etype_info (only 1)", "");
 
 	ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;
-    
+
 	retval = encode_krb5_etype_info(info,&(code));
 	if (retval) {
 	    com_err("encoding etype_info (no info)",retval,"");
@@ -581,7 +581,7 @@ main(argc, argv)
     /* encode_etype_info 2*/
     {
 	krb5_etype_info_entry **info;
-    
+
 	setup(info,krb5_etype_info_entry **,"etype_info2",
 	      ktest_make_sample_etype_info2);
 	retval = encode_krb5_etype_info2(info,&(code));
@@ -602,7 +602,7 @@ main(argc, argv)
 
 	ktest_destroy_etype_info(info);
 /*    ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;*/
-    
+
     }
 
     /****************************************************************/
diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c
index f41347c0f..6ca9652ab 100644
--- a/src/tests/asn.1/ktest.c
+++ b/src/tests/asn.1/ktest.c
@@ -404,7 +404,7 @@ krb5_error_code ktest_make_sample_kdc_req_body(krb)
     if (retval) return retval;
     return 0;
 }
-  
+
 krb5_error_code ktest_make_sample_safe(s)
     krb5_safe * s;
 {
@@ -765,7 +765,7 @@ krb5_error_code ktest_make_sample_sam_response(p)
     p->sam_enc_key.kvno = 1942;
     p->sam_enc_nonce_or_ts.ciphertext.data = strdup("nonce or ts");
     if (p->sam_enc_nonce_or_ts.ciphertext.data == NULL) return ENOMEM;
-    p->sam_enc_nonce_or_ts.ciphertext.length = 
+    p->sam_enc_nonce_or_ts.ciphertext.length =
 	strlen(p->sam_enc_nonce_or_ts.ciphertext.data);
     p->sam_enc_nonce_or_ts.enctype = ENCTYPE_DES_CBC_CRC;
     p->sam_enc_nonce_or_ts.kvno = 3382;
@@ -785,7 +785,7 @@ krb5_error_code ktest_make_sample_sam_response_2(p)
     p->sam_track_id.length = strlen(p->sam_track_id.data);
     p->sam_enc_nonce_or_sad.ciphertext.data = strdup("nonce or sad");
     if (p->sam_enc_nonce_or_sad.ciphertext.data == NULL) return ENOMEM;
-    p->sam_enc_nonce_or_sad.ciphertext.length = 
+    p->sam_enc_nonce_or_sad.ciphertext.length =
 	strlen(p->sam_enc_nonce_or_sad.ciphertext.data);
     p->sam_enc_nonce_or_sad.enctype = ENCTYPE_DES_CBC_CRC;
     p->sam_enc_nonce_or_sad.kvno = 3382;
@@ -931,7 +931,7 @@ void ktest_empty_data(d)
 	d->data = NULL;
 	d->length = 0;
     }
-}  
+}
 
 void ktest_destroy_checksum(cs)
     krb5_checksum ** cs;
@@ -1038,7 +1038,7 @@ void ktest_empty_addresses(a)
 
     for (i=0; a[i] != NULL; i++)
 	ktest_destroy_address(&(a[i]));
-}  
+}
 
 void ktest_destroy_addresses(a)
     krb5_address *** a;
@@ -1096,7 +1096,7 @@ void ktest_destroy_ticket(tkt)
     /*  ktest_empty_enc_tkt_part(((*tkt)->enc_part2));*/
     free(*tkt);
     *tkt = NULL;
-}  
+}
 
 void ktest_empty_ticket(tkt)
     krb5_ticket * tkt;
@@ -1107,7 +1107,7 @@ void ktest_empty_ticket(tkt)
     if (tkt->enc_part2) {
 	ktest_destroy_enc_tkt_part(&(tkt->enc_part2));
     }
-}  
+}
 
 void ktest_destroy_enc_data(ed)
     krb5_enc_data * ed;
@@ -1134,7 +1134,7 @@ void ktest_destroy_etype_info(info)
 	ktest_destroy_etype_info_entry(info[i]);
     free(info);
 }
-    
+
 
 void ktest_empty_kdc_req(kr)
     krb5_kdc_req *kr;
@@ -1185,7 +1185,7 @@ void ktest_empty_authenticator(a)
     krb5_authenticator * a;
 {
 
-    if (a->client) 
+    if (a->client)
 	ktest_destroy_principal(&(a->client));
     if (a->checksum)
 	ktest_destroy_checksum(&(a->checksum));
@@ -1201,7 +1201,7 @@ void ktest_empty_enc_tkt_part(etp)
 
     if (etp->session)
 	ktest_destroy_keyblock(&(etp->session));
-    if (etp->client) 
+    if (etp->client)
 	ktest_destroy_principal(&(etp->client));
     if (etp->caddrs)
 	ktest_destroy_addresses(&(etp->caddrs));
@@ -1227,7 +1227,7 @@ void ktest_empty_enc_kdc_rep_part(ekr)
     if (ekr->session)
 	ktest_destroy_keyblock(&(ekr->session));
 
-    if (ekr->server) 
+    if (ekr->server)
 	ktest_destroy_principal(&(ekr->server));
 
     if (ekr->caddrs)
@@ -1275,9 +1275,9 @@ void ktest_destroy_cred_info(ci)
 {
     if ((*ci)->session)
 	ktest_destroy_keyblock(&((*ci)->session));
-    if ((*ci)->client) 
+    if ((*ci)->client)
 	ktest_destroy_principal(&((*ci)->client));
-    if ((*ci)->server) 
+    if ((*ci)->server)
 	ktest_destroy_principal(&((*ci)->server));
     if ((*ci)->caddrs)
 	ktest_destroy_addresses(&((*ci)->caddrs));
@@ -1380,7 +1380,7 @@ void ktest_empty_pwd_data(pd)
 	}
     }
     free(pd->element);
-  
+
 }
 
 void ktest_empty_alt_method(am)
diff --git a/src/tests/asn.1/t_trval.c b/src/tests/asn.1/t_trval.c
index 75dcc0caa..d1b261fab 100644
--- a/src/tests/asn.1/t_trval.c
+++ b/src/tests/asn.1/t_trval.c
@@ -3,13 +3,13 @@
  *
  * Permission to include this software in the Kerberos V5 distribution
  * was graciously provided by Trusted Information Systems.
- * 
+ *
  * Trusted Information Systems makes no representation about the
  * suitability of this software for any purpose.  It is provided
  * "as is" without express or implied warranty.
- * 
+ *
  * Copyright (C) 1994 Massachusetts Institute of Technology
- * 
+ *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
@@ -28,7 +28,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 /* Split out from "#ifdef STANDALONE" code previously in trval.c, so
@@ -67,7 +67,7 @@ int main(argc, argv)
     int optflg = 1;
     FILE *fp;
     int r = 0;
-	
+
     while (--argc > 0) {
 	argv++;
 	if (optflg && *(argv)[0] == '-') {
@@ -102,6 +102,6 @@ int main(argc, argv)
 	}
     }
     if (optflg) r = trval(stdin, stdout);
-	
+
     exit(r);
 }
diff --git a/src/tests/asn.1/trval.c b/src/tests/asn.1/trval.c
index 99c0c3846..4d80ed587 100644
--- a/src/tests/asn.1/trval.c
+++ b/src/tests/asn.1/trval.c
@@ -3,13 +3,13 @@
  *
  * Permission to include this software in the Kerberos V5 distribution
  * was graciously provided by Trusted Information Systems.
- * 
+ *
  * Trusted Information Systems makes no representation about the
  * suitability of this software for any purpose.  It is provided
  * "as is" without express or implied warranty.
- * 
+ *
  * Copyright (C) 1994 Massachusetts Institute of Technology
- * 
+ *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
@@ -28,7 +28,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 /*****************************************************************************
@@ -43,21 +43,21 @@
 
 #define OK 0
 #define NOTOK (-1)
-	
+
 /* IDENTIFIER OCTET = TAG CLASS | FORM OF ENCODING | TAG NUMBER */
-	
+
 /* TAG CLASSES */
 #define ID_CLASS   0xc0		/* bits 8 and 7 */
 #define CLASS_UNIV 0x00		/* 0 = universal */
 #define CLASS_APPL 0x40		/* 1 = application */
 #define CLASS_CONT 0x80		/* 2 = context-specific */
 #define CLASS_PRIV 0xc0		/* 3 = private */
-	
+
 /* FORM OF ENCODING */
 #define ID_FORM   0x20		/* bit 6 */
 #define FORM_PRIM 0x00		/* 0 = primitive */
 #define FORM_CONS 0x20		/* 1 = constructed */
-	
+
 /* TAG NUMBERS */
 #define ID_TAG    0x1f		/* bits 5-1 */
 #define PRIM_BOOL 0x01		/* Boolean */
@@ -84,17 +84,17 @@
 #define DEFN_VISS 0x1a		/* Visible string */
 #define DEFN_GENS 0x1b		/* General string */
 #define DEFN_CHRS 0x1c		/* Character string */
-	
+
 #define	LEN_XTND	0x80	/* long or indefinite form */
 #define	LEN_SMAX	127	/* largest short form */
 #define	LEN_MASK	0x7f	/* mask to get number of bytes in length */
 #define	LEN_INDF	(-1)	/* indefinite length */
 
 #define KRB5	/* Do krb5 application types */
-	
+
 int print_types = 0;
 int print_id_and_len = 1;
-int print_constructed_length = 1;	
+int print_constructed_length = 1;
 int print_primitive_length = 1;
 int print_skip_context = 0;
 int print_skip_tagnum = 1;
@@ -140,7 +140,7 @@ int trval(fin, fout)
     int cc, cc2, n1, n2;
     int r;
     int rlen;
-	
+
     maxlen = BUFSIZ;
     p = (unsigned char *)malloc(maxlen);
     len = 0;
@@ -184,10 +184,10 @@ int trval2(fp, enc, len, lev, rlen)
 	fprintf(fp, "missing id and length octets (%d)\n", len);
 	return(NOTOK);
     }
-	
+
     fprintf(fp, "\n");
     for (l=0; l<lev; l++) fprintf(fp, ".  ");
-	
+
 context_restart:
     eid = enc[0];
     elen = enc[1];
@@ -196,13 +196,13 @@ context_restart:
 	fprintf(fp, "%02x ", eid);
 	fprintf(fp, "%02x ", elen);
     }
-	
+
     if (elen == LEN_XTND) {
 	fprintf(fp,
 		"indefinite length encoding not implemented (0x%02x)\n", elen);
 	return(NOTOK);
     }
-	
+
     xlen = 0;
     if (elen & LEN_XTND) {
 	xlen = elen & LEN_MASK;
@@ -212,12 +212,12 @@ context_restart:
 	}
 	elen = decode_len(fp, enc+2, xlen);
     }
-	
+
     if (elen > len - 2 - xlen) {
 	fprintf(fp, "length too long (%d > %d - 2 - %d)\n", elen, len, xlen);
 	return(NOTOK);
     }
-	
+
     print_tag_type(fp, eid, lev);
 
     if (print_context_shortcut &&
@@ -241,7 +241,7 @@ context_restart:
 	*rlen = 2 + xlen + rlen2 + rlen_ext;
 	break;
     }
-	
+
     return(r);
 }
 
@@ -252,7 +252,7 @@ int decode_len(fp, enc, len)
 {
     int rlen;
     int i;
-	
+
     if (print_id_and_len)
 	fprintf(fp, "%02x ", enc[0]);
     rlen = enc[0];
@@ -367,9 +367,9 @@ int do_prim(fp, tag, enc, len, lev)
 
     if (print_primitive_length)
 	fprintf(fp, "<%d>", len);
-	
+
     width = (80 - (lev * 3) - 8) / 4;
-	
+
     for (n = 0; n < len; n++) {
 	if ((n % width) == 0) {
 	    fprintf(fp, "\n");
@@ -501,30 +501,30 @@ struct typestring_table krb5_fields[] = {
     { 1000, 1, "name-string"},
 
     { 1001, 0, "etype"},	/* Encrypted data */
-    { 1001, 1, "kvno"},	
+    { 1001, 1, "kvno"},
     { 1001, 2, "cipher"},
 
     { 1002, 0, "addr-type"},	/* HostAddress */
-    { 1002, 1, "address"},	
+    { 1002, 1, "address"},
 
     { 1003, 0, "addr-type"},	/* HostAddresses */
-    { 1003, 1, "address"},	
+    { 1003, 1, "address"},
 
     { 1004, 0, "ad-type"},	/* AuthorizationData */
-    { 1004, 1, "ad-data"},	
+    { 1004, 1, "ad-data"},
 
     { 1005, 0, "keytype"},	/* EncryptionKey */
-    { 1005, 1, "keyvalue"},	
+    { 1005, 1, "keyvalue"},
 
     { 1006, 0, "cksumtype"},	/* Checksum */
     { 1006, 1, "checksum"},
 
     { 1007, 0, "kdc-options"},	/* KDC-REQ-BODY */
-    { 1007, 1, "cname", 1000},	
+    { 1007, 1, "cname", 1000},
     { 1007, 2, "realm"},
-    { 1007, 3, "sname", 1000},	
+    { 1007, 3, "sname", 1000},
     { 1007, 4, "from"},
-    { 1007, 5, "till"},	
+    { 1007, 5, "till"},
     { 1007, 6, "rtime"},
     { 1007, 7, "nonce"},
     { 1007, 8, "etype"},
@@ -536,9 +536,9 @@ struct typestring_table krb5_fields[] = {
     { 1008, 2, "pa-data"},
 
     { 1009, 0, "user-data"},	/* KRB-SAFE-BODY */
-    { 1009, 1, "timestamp"},	
+    { 1009, 1, "timestamp"},
     { 1009, 2, "usec"},
-    { 1009, 3, "seq-number"},	
+    { 1009, 3, "seq-number"},
     { 1009, 4, "s-address", 1002},
     { 1009, 5, "r-address", 1002},
 
@@ -546,11 +546,11 @@ struct typestring_table krb5_fields[] = {
     { 1010, 1, "lr-value"},
 
     { 1011, 0, "key", 1005},	/* KRB-CRED-INFO */
-    { 1011, 1, "prealm"},	
+    { 1011, 1, "prealm"},
     { 1011, 2, "pname", 1000},
-    { 1011, 3, "flags"},	
+    { 1011, 3, "flags"},
     { 1011, 4, "authtime"},
-    { 1011, 5, "startime"},	
+    { 1011, 5, "startime"},
     { 1011, 6, "endtime"},
     { 1011, 7, "renew-till"},
     { 1011, 8, "srealm"},
@@ -619,7 +619,7 @@ struct typestring_table krb5_fields[] = {
     { 15, 0, "pvno"},	/* AP-REP */
     { 15, 1, "msg-type"},
     { 15, 2, "enc-part", 1001},
-	
+
     { 20, 0, "pvno"},	/* KRB-SAFE */
     { 20, 1, "msg-type"},
     { 20, 2, "safe-body", 1009},
@@ -646,7 +646,7 @@ struct typestring_table krb5_fields[] = {
     { 25, 9, "srealm"},
     { 25, 10, "sname", 1000},
     { 25, 11, "caddr", 1003},
-	
+
     { 26, 0, "key", 1005},	/* EncTGSRepPart */
     { 26, 1, "last-req", 1010},
     { 26, 2, "nonce"},
@@ -659,7 +659,7 @@ struct typestring_table krb5_fields[] = {
     { 26, 9, "srealm"},
     { 26, 10, "sname", 1000},
     { 26, 11, "caddr", 1003},
-	
+
     { 27, 0, "ctime"},	/* EncApRepPart */
     { 27, 1, "cusec"},
     { 27, 2, "subkey", 1005},
@@ -692,7 +692,7 @@ struct typestring_table krb5_fields[] = {
     { 30, 10, "sname", 1000},
     { 30, 11, "e-text"},
     { 30, 12, "e-data"},
-	
+
     { -1, -1, 0}
 };
 #endif
@@ -707,7 +707,7 @@ void print_tag_type(fp, eid, lev)
     char	*str;
 
     fprintf(fp, "[");
-	
+
     switch(eid & ID_CLASS) {
     case CLASS_UNIV:
 	if (print_types && print_skip_tagnum)
@@ -748,7 +748,7 @@ void print_tag_type(fp, eid, lev)
 	fprintf(fp, "PRIV %d", tag);
 	break;
     }
-	
+
     if (print_types && ((eid & ID_CLASS) == CLASS_UNIV)) {
 	if (do_space)
 	    fputs(" ", fp);
@@ -758,10 +758,9 @@ void print_tag_type(fp, eid, lev)
 	else
 	    fprintf(fp, "UNIV %d???", eid & ID_TAG);
     }
-	
+
     fprintf(fp, "] ");
-	
-}	
 
-/*****************************************************************************/
+}
 
+/*****************************************************************************/
diff --git a/src/tests/asn.1/utility.c b/src/tests/asn.1/utility.c
index 00d7f6298..1b2e9827b 100644
--- a/src/tests/asn.1/utility.c
+++ b/src/tests/asn.1/utility.c
@@ -13,7 +13,7 @@ asn1_error_code asn1_krb5_data_unparse(code, s)
     char ** s;
 {
     if (*s != NULL) free(*s);
-  
+
     if (code==NULL) {
 	*s = strdup("<NULL>");
 	if (*s == NULL) return ENOMEM;
@@ -105,7 +105,7 @@ void asn1buf_print(buf)
     char *s=NULL;
     int length;
     int i;
-  
+
     bufcopy.base = bufcopy.next = buf->next;
     bufcopy.bound = buf->bound;
     length = asn1buf_len(&bufcopy);
diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c
index 8e3eae637..2f78a3001 100644
--- a/src/tests/create/kdb5_mkdums.c
+++ b/src/tests/create/kdb5_mkdums.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Edit a KDC database.
  */
@@ -86,7 +86,7 @@ main(argc, argv)
     int argc;
     char *argv[];
 {
-    extern char *optarg;	
+    extern char *optarg;
     int optchar, i, n;
     char tmp[4096], tmp2[BUFSIZ], *str_newprinc;
 
@@ -169,14 +169,14 @@ main(argc, argv)
 	if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
 	    com_err(progname, retval, "while retrieving default realm name");
 	    exit(1);
-	}	    
+	}
     }
     if ((retval = set_dbname_help(progname, dbname)))
 	exit(retval);
 
     for (n = 1; n <= num_to_create; n++) {
       /* build the new principal name */
-      /* we can't pick random names because we need to generate all the names 
+      /* we can't pick random names because we need to generate all the names
 	 again given a prefix and count to test the db lib and kdb */
       (void) snprintf(suffix, suffix_size, "%d", n);
       (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
@@ -195,7 +195,7 @@ main(argc, argv)
     }
 
     retval = krb5_db_fini(test_context);
-    memset(master_keyblock.contents, 0, 
+    memset(master_keyblock.contents, 0,
 	   (size_t) master_keyblock.length);
     if (retval && retval != KRB5_KDB_DBNOTINITED) {
 	com_err(progname, retval, "while closing database");
@@ -232,10 +232,10 @@ add_princ(context, str_newprinc)
     newentry.max_renewable_life = mblock.max_rlife;
     newentry.expiration = mblock.expiration;
     newentry.pw_expiration = mblock.expiration;
-    
+
     /* Add princ to db entry */
     if ((retval = krb5_copy_principal(context, newprinc, &newentry.princ))) {
-      	com_err(progname, retval, "while encoding princ to db entry for '%s'", 
+      	com_err(progname, retval, "while encoding princ to db entry for '%s'",
 	        princ_name);
 	krb5_free_principal(context, newprinc);
 	goto error;
@@ -275,7 +275,7 @@ add_princ(context, str_newprinc)
 
     	pwd.length = strlen(princ_name);
     	pwd.data = princ_name;  /* must be able to regenerate */
-    	if ((retval = krb5_c_string_to_key(context, master_keyblock.enctype, 
+    	if ((retval = krb5_c_string_to_key(context, master_keyblock.enctype,
 					   &pwd, &salt, &key))) {
 	    com_err(progname,retval,"while converting password to key for '%s'",
 		    princ_name);
@@ -291,10 +291,10 @@ add_princ(context, str_newprinc)
 	    goto error;
         }
 
-        if ((retval = krb5_dbekd_encrypt_key_data(context,&master_keyblock, 
-						  &key, NULL, 1, 
+        if ((retval = krb5_dbekd_encrypt_key_data(context,&master_keyblock,
+						  &key, NULL, 1,
 						  newentry.key_data))) {
-    	    com_err(progname, retval, "while encrypting key for '%s'", 
+    	    com_err(progname, retval, "while encrypting key for '%s'",
 		    princ_name);
             free(key.contents);
 	    goto error;
@@ -338,7 +338,7 @@ char *dbname;
 
     /* assemble & parse the master key name */
 
-    if ((retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm, 
+    if ((retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm,
 					  0, &master_princ))) {
 	com_err(pname, retval, "while setting up master key name");
 	return(1);
@@ -362,8 +362,8 @@ char *dbname;
 	}
 	free(scratch.data);
     } else {
-	if ((retval = krb5_db_fetch_mkey(test_context, master_princ, 
-					master_keyblock.enctype, manual_mkey, 
+	if ((retval = krb5_db_fetch_mkey(test_context, master_princ,
+					master_keyblock.enctype, manual_mkey,
 					FALSE, 0, NULL, NULL,
                                         &master_keyblock))) {
 	    com_err(pname, retval, "while reading master key");
@@ -391,14 +391,14 @@ char *dbname;
     /* Done with args */
     free(args[0]);
 
-    if ((retval = krb5_db_verify_master_key(test_context, master_princ, 
+    if ((retval = krb5_db_verify_master_key(test_context, master_princ,
 					   IGNORE_VNO, &master_keyblock))){
 	com_err(pname, retval, "while verifying master key");
 	(void) krb5_db_fini(test_context);
 	return(1);
     }
     nentries = 1;
-    if ((retval = krb5_db_get_principal(test_context, master_princ, 
+    if ((retval = krb5_db_get_principal(test_context, master_princ,
 				       &master_entry, &nentries, &more))) {
 	com_err(pname, retval, "while retrieving master entry");
 	(void) krb5_db_fini(test_context);
@@ -424,4 +424,3 @@ char *dbname;
     krb5_db_free_principal(test_context, &master_entry, nentries);
     return 0;
 }
-
diff --git a/src/tests/dejagnu/t_inetd.c b/src/tests/dejagnu/t_inetd.c
index aa369d4f1..702f0256e 100644
--- a/src/tests/dejagnu/t_inetd.c
+++ b/src/tests/dejagnu/t_inetd.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,15 +22,15 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * A simple program to simulate starting a process from inetd.
  *
- * Unlike a proper inetd situation, environment variables are passed 
+ * Unlike a proper inetd situation, environment variables are passed
  * to the client.
  *
  * usage: t_inetd port program argv0 ...
- *		
+ *
  */
 
 #include "autoconf.h"
@@ -137,4 +137,3 @@ main(argc, argv)
 		fprintf(stderr, "t_inetd: Could not exec %s\n", path);
 	exit(1);
 }
-
diff --git a/src/tests/dump.c b/src/tests/dump.c
index 1e40ffeda..3f49c46e5 100644
--- a/src/tests/dump.c
+++ b/src/tests/dump.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Dump out a krb5_data to stderr (for debugging purposes).
  */
@@ -39,5 +39,5 @@ void dump_data (data)
 	fprintf(stderr, "%02x ", ptr[i]);
 	if ((i % 16) == 15) fprintf(stderr, "\n");
     }
-    fprintf(stderr, "\n");    
+    fprintf(stderr, "\n");
 }
diff --git a/src/tests/gss-threads/gss-client.c b/src/tests/gss-threads/gss-client.c
index 1057c05c4..098718400 100644
--- a/src/tests/gss-threads/gss-client.c
+++ b/src/tests/gss-threads/gss-client.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -27,7 +27,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -110,7 +110,7 @@ static int get_server_info(host, port)
 	  fprintf(stderr, "Unknown host: %s\n", host);
 	  return -1;
      }
-     
+
      saddr.sin_family = hp->h_addrtype;
      memcpy(&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
      saddr.sin_port = htons(port);
@@ -171,13 +171,13 @@ static int connect_to_server()
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * service_name is imported as a GSS-API name and a GSS-API context is
  * established with the corresponding service; the service should be
  * listening on the TCP connection s.  The default GSS-API mechanism
  * is used, and mutual authentication and replay detection are
  * requested.
- * 
+ *
  * If successful, the context handle is returned in context.  If
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
@@ -211,7 +211,7 @@ static int client_establish_context(s, service_name, gss_flags, auth_flag,
 	 display_status("parsing name", maj_stat, min_stat);
 	 return -1;
        }
-     
+
        if (!v1_format) {
 	 if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) {
 	   (void) gss_release_name(&min_stat, &target_name);
@@ -228,13 +228,13 @@ static int client_establish_context(s, service_name, gss_flags, auth_flag,
 	* transmitted to the server; every received token is stored in
 	* recv_tok, which token_ptr is then set to, to be processed by
 	* the next call to gss_init_sec_context.
-	* 
+	*
 	* GSS-API guarantees that send_tok's length will be non-zero
 	* if and only if the server is expecting another token from us,
 	* and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
 	* and only if the server has another token to send us.
 	*/
-     
+
        token_ptr = GSS_C_NO_BUFFER;
        *gss_context = GSS_C_NO_CONTEXT;
 
@@ -273,7 +273,7 @@ static int client_establish_context(s, service_name, gss_flags, auth_flag,
 	   }
 	 }
 	 (void) gss_release_buffer(&min_stat, &send_tok);
- 
+
 	 if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
 	      display_status("initializing context", maj_stat,
 			     init_sec_min_stat);
@@ -283,7 +283,7 @@ static int client_establish_context(s, service_name, gss_flags, auth_flag,
 					     GSS_C_NO_BUFFER);
 	      return -1;
 	 }
-	  
+
 	 if (maj_stat == GSS_S_CONTINUE_NEEDED) {
 	   if (verbose)
 	     printf("continue needed...");
@@ -313,7 +313,7 @@ static void read_file(file_name, in_buf)
 {
     int fd, count;
     struct stat stat_buf;
-    
+
     if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
 	perror("open");
 	fprintf(stderr, "Couldn't open file %s\n", file_name);
@@ -371,7 +371,7 @@ static void read_file(file_name, in_buf)
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * call_server opens a TCP connection to <host:port> and establishes a
  * GSS-API context with service_name over the connection.  It then
  * seals msg in a GSS-API token with gss_wrap, sends it to the server,
@@ -605,7 +605,7 @@ static void parse_oid(char *mechanism, gss_OID *oid)
     char	*mechstr = 0, *cp;
     gss_buffer_desc tok;
     OM_uint32 maj_stat, min_stat;
-    
+
     if (isdigit((int) mechanism[0])) {
 	if (asprintf(&mechstr, "{ %s }", mechanism) < 0) {
 	    fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
@@ -773,13 +773,13 @@ int main(argc, argv)
 	       argc--; argv++;
 	       if (!argc) usage();
 	       mechanism = *argv;
-	   } 
+	   }
 #if defined(_WIN32) || 1
            else if (strcmp(*argv, "-threads") == 0) {
                argc--; argv++;
                if (!argc) usage();
                max_threads = atoi(*argv);
-           } 
+           }
 #endif
            else if (strcmp(*argv, "-d") == 0) {
 	       gss_flags |= GSS_C_DELEG_FLAG;
@@ -871,7 +871,7 @@ int main(argc, argv)
 
     if (oid != GSS_C_NULL_OID)
         (void) gss_release_oid(&min_stat, &oid);
-	 
+
 #ifdef _WIN32
     CleanupHandles();
 #else
diff --git a/src/tests/gss-threads/gss-misc.c b/src/tests/gss-threads/gss-misc.c
index 27a8af6a5..c456f4944 100644
--- a/src/tests/gss-threads/gss-misc.c
+++ b/src/tests/gss-threads/gss-misc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -27,7 +27,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -184,8 +184,8 @@ int send_token(s, flags, tok)
 	  return -1;
      } else if (ret != 4) {
 	 if (display_file)
-	     fprintf(display_file, 
-		     "sending token length: %d of %d bytes written\n", 
+	     fprintf(display_file,
+		     "sending token length: %d of %d bytes written\n",
 		     ret, 4);
 	  return -1;
      }
@@ -196,12 +196,12 @@ int send_token(s, flags, tok)
 	  return -1;
      } else if (ret != tok->length) {
 	 if (display_file)
-	     fprintf(display_file, 
-		     "sending token data: %d of %d bytes written\n", 
+	     fprintf(display_file,
+		     "sending token data: %d of %d bytes written\n",
 		     ret, (int) tok->length);
 	 return -1;
      }
-     
+
      return 0;
 }
 
@@ -219,7 +219,7 @@ int send_token(s, flags, tok)
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * recv_token reads the token flags (a single byte, even though
  * they're stored into an integer, then reads the token length (as a
  * network long), allocates memory to hold the data, and then reads
@@ -257,8 +257,8 @@ int recv_token(s, flags, tok)
 	 return -1;
      } else if (ret != 3) {
 	 if (display_file)
-	     fprintf(display_file, 
-		     "reading token length: %d of %d bytes read\n", 
+	     fprintf(display_file,
+		     "reading token length: %d of %d bytes read\n",
 		     ret, 3);
 	 return -1;
      }
@@ -270,8 +270,8 @@ int recv_token(s, flags, tok)
 	 return -1;
        } else if (ret != 4) {
 	 if (display_file)
-	   fprintf(display_file, 
-		   "reading token length: %d of %d bytes read\n", 
+	   fprintf(display_file,
+		   "reading token length: %d of %d bytes read\n",
 		   ret, 4);
 	 return -1;
        }
@@ -284,7 +284,7 @@ int recv_token(s, flags, tok)
      tok->value = (char *) malloc(tok->length ? tok->length : 1);
      if (tok->length && tok->value == NULL) {
 	 if (display_file)
-	     fprintf(display_file, 
+	     fprintf(display_file,
 		     "Out of memory allocating token data\n");
 	  return -1;
      }
@@ -295,7 +295,7 @@ int recv_token(s, flags, tok)
 	  free(tok->value);
 	  return -1;
      } else if (ret != tok->length) {
-	  fprintf(stderr, "sending token data: %d of %d bytes written\n", 
+	  fprintf(stderr, "sending token data: %d of %d bytes written\n",
 		  ret, (int) tok->length);
 	  free(tok->value);
 	  return -1;
@@ -312,7 +312,7 @@ static void display_status_1(m, code, type)
      OM_uint32 maj_stat, min_stat;
      gss_buffer_desc msg;
      OM_uint32 msg_ctx;
-     
+
      msg_ctx = 0;
      while (1) {
 	  maj_stat = gss_display_status(&min_stat, code,
@@ -320,9 +320,9 @@ static void display_status_1(m, code, type)
 				       &msg_ctx, &msg);
 	  if (display_file)
 	      fprintf(display_file, "GSS-API error %s: %s\n", m,
-		      (char *)msg.value); 
+		      (char *)msg.value);
 	  (void) gss_release_buffer(&min_stat, &msg);
-	  
+
 	  if (!msg_ctx)
 	       break;
      }
diff --git a/src/tests/gss-threads/gss-misc.h b/src/tests/gss-threads/gss-misc.h
index 35b3b7390..77d8190f9 100644
--- a/src/tests/gss-threads/gss-misc.h
+++ b/src/tests/gss-threads/gss-misc.h
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/tests/gss-threads/gss-server.c b/src/tests/gss-threads/gss-server.c
index bc22f83e5..a751bf209 100644
--- a/src/tests/gss-threads/gss-server.c
+++ b/src/tests/gss-threads/gss-server.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -27,7 +27,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -116,7 +116,7 @@ static int server_acquire_creds(service_name, server_creds)
 
      name_buf.value = service_name;
      name_buf.length = strlen(name_buf.value) + 1;
-     maj_stat = gss_import_name(&min_stat, &name_buf, 
+     maj_stat = gss_import_name(&min_stat, &name_buf,
 				(gss_OID) gss_nt_service_name, &server_name);
      if (maj_stat != GSS_S_COMPLETE) {
 	  display_status("importing name", maj_stat, min_stat);
@@ -159,7 +159,7 @@ static int server_acquire_creds(service_name, server_creds)
  * in client_name and 0 is returned.  If unsuccessful, an error
  * message is displayed and -1 is returned.
  */
-static int server_establish_context(s, server_creds, context, client_name, 
+static int server_establish_context(s, server_creds, context, client_name,
 				    ret_flags)
      int s;
      gss_cred_id_t server_creds;
@@ -242,7 +242,7 @@ static int server_establish_context(s, server_creds, context, client_name,
 					     GSS_C_NO_BUFFER);
 	      return -1;
 	 }
- 
+
 	 if (verbose && logfile) {
 	   if (maj_stat == GSS_S_CONTINUE_NEEDED)
 	     fprintf(logfile, "continue needed...\n");
@@ -309,7 +309,7 @@ static int create_socket(port)
      struct sockaddr_in saddr;
      int s;
      int on = 1;
-     
+
      saddr.sin_family = AF_INET;
      saddr.sin_port = htons(port);
      saddr.sin_addr.s_addr = INADDR_ANY;
@@ -351,7 +351,7 @@ static int test_import_export_context(context)
 	OM_uint32	min_stat, maj_stat;
 	gss_buffer_desc context_token, copied_token;
 	struct timeval tm1, tm2;
-	
+
 	/*
 	 * Attempt to save and then restore the context.
 	 */
@@ -364,7 +364,7 @@ static int test_import_export_context(context)
 	gettimeofday(&tm2, (struct timezone *)0);
 	if (verbose && logfile)
 		fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
-			(int) context_token.length, 
+			(int) context_token.length,
 			timeval_subtract(&tm2, &tm1));
 	copied_token.length = context_token.length;
 	copied_token.value = malloc(context_token.length);
@@ -400,7 +400,7 @@ static int test_import_export_context(context)
  * 	service_name	(r) the ASCII name of the GSS-API service to
  * 			establish a context as
  *	export		(r) whether to test context exporting
- * 
+ *
  * Returns: -1 on error
  *
  * Effects:
@@ -506,7 +506,7 @@ static int sign_server(s, server_creds, export)
             cp = msg_buf.value;
             if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
                  (isprint((int) cp[1]) || isspace((int) cp[1]))) {
-                fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length, 
+                fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length,
                          (char *) msg_buf.value);
                  } else {
                      fprintf(logfile, "\n");
@@ -674,7 +674,7 @@ worker_bee(void * param)
     struct _work_plan *work = (struct _work_plan *) param;
 
     /* this return value is not checked, because there's
-     * not really anything to do if it fails 
+     * not really anything to do if it fails
      */
     sign_server(work->s, work->server_creds, work->export);
     closesocket(work->s);
@@ -709,13 +709,13 @@ main(argc, argv)
 	       argc--; argv++;
 	       if (!argc) usage();
 	       port = atoi(*argv);
-	  } 
+	  }
 #if defined _WIN32 || 1
           else if (strcmp(*argv, "-threads") == 0) {
               argc--; argv++;
               if (!argc) usage();
               max_threads = atoi(*argv);
-          } 
+          }
 #endif
           else if (strcmp(*argv, "-verbose") == 0) {
 	      verbose = 1;
@@ -769,7 +769,7 @@ main(argc, argv)
 
      if (server_acquire_creds(service_name, &server_creds) < 0)
 	 return -1;
-     
+
      if (do_inetd) {
 	 close(1);
 	 close(2);
@@ -796,13 +796,13 @@ main(argc, argv)
                      perror("accepting connection");
                      continue;
                  }
-                  
+
                  work->server_creds = server_creds;
                  work->export = export;
 
                  if (max_threads == 1) {
                      worker_bee((void *)work);
-                 } 
+                 }
 #if defined _WIN32 || 1
                  else {
                      if ( WaitAndIncrementThreadCounter() ) {
diff --git a/src/tests/gssapi/t_imp_name.c b/src/tests/gssapi/t_imp_name.c
index b7001b216..e64a1f559 100644
--- a/src/tests/gssapi/t_imp_name.c
+++ b/src/tests/gssapi/t_imp_name.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -23,7 +23,7 @@
  *
  * Simple test program for testing how GSSAPI import name works.  (May
  * be made into a more full-fledged test program later.)
- * 
+ *
  */
 
 #include <unistd.h>
@@ -71,7 +71,7 @@ static int test_import_name(name)
 		display_status("parsing name", maj_stat, min_stat);
 		return -1;
 	}
-	
+
 	maj_stat = gss_display_name(&min_stat, gss_name, &buffer_name,
 				    &name_oid);
 	if (maj_stat != GSS_S_COMPLETE) {
@@ -99,8 +99,8 @@ static void display_buffer(buffer)
 	gss_buffer_desc buffer;
 {
     char *namebuf;
-    
-    namebuf = malloc(buffer.length+1);    
+
+    namebuf = malloc(buffer.length+1);
     if (!namebuf) {
 	fprintf(stderr, "display_buffer: couldn't allocate buffer!\n");
 	exit(1);
@@ -132,7 +132,7 @@ static void display_status_1(m, code, type)
 #else	/* GSSAPI_V2 */
      int msg_ctx;
 #endif	/* GSSAPI_V2 */
-     
+
      msg_ctx = 0;
      while (1) {
 	  (void) gss_display_status(&min_stat, code,
@@ -140,11 +140,10 @@ static void display_status_1(m, code, type)
 				       &msg_ctx, &msg);
 	  if (display_file)
 	      fprintf(display_file, "GSS-API error %s: %s\n", m,
-		      (char *)msg.value); 
+		      (char *)msg.value);
 	  (void) gss_release_buffer(&min_stat, &msg);
-	  
+
 	  if (!msg_ctx)
 	       break;
      }
 }
-
diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c
index 3dae0a1c7..1f771c44b 100644
--- a/src/tests/gssapi/t_namingexts.c
+++ b/src/tests/gssapi/t_namingexts.c
@@ -485,4 +485,3 @@ out:
 
     return GSS_ERROR(major) ? 1 : 0;
 }
-
diff --git a/src/tests/gssapi/t_s4u.c b/src/tests/gssapi/t_s4u.c
index 394313a68..08cf84f18 100644
--- a/src/tests/gssapi/t_s4u.c
+++ b/src/tests/gssapi/t_s4u.c
@@ -548,4 +548,3 @@ out:
 
     return GSS_ERROR(major) ? 1 : 0;
 }
-
diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c
index d5bab36b4..63ac31e2a 100644
--- a/src/tests/hammer/kdc5_hammer.c
+++ b/src/tests/hammer/kdc5_hammer.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Initialize a credentials cache.
  */
@@ -53,12 +53,12 @@ static char *cur_realm = 0;
 static int do_timer = 0;
 
 krb5_data tgtname = {
-    0, 
+    0,
     KRB5_TGS_NAME_SIZE,
     KRB5_TGS_NAME
 };
 
-int verify_cs_pair 
+int verify_cs_pair
 	(krb5_context,
 		   char *,
 		   krb5_principal,
@@ -67,7 +67,7 @@ int verify_cs_pair
 		   int, int, int,
 		   krb5_ccache);
 
-int get_tgt 
+int get_tgt
 	(krb5_context,
 		   char *,
 		   krb5_principal *,
@@ -171,7 +171,7 @@ main(argc, argv)
 	case 'c':
 	    if (ccache == NULL) {
 		cache_name = optarg;
-		
+
 		code = krb5_cc_resolve (test_context, cache_name, &ccache);
 		if (code != 0) {
 		    com_err (prog, code, "resolving %s", cache_name);
@@ -195,7 +195,7 @@ main(argc, argv)
 	if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
 	    com_err(prog, retval, "while retrieving default realm name");
 	    exit(1);
-	}	    
+	}
     }
 
     if (ccache == NULL) {
@@ -213,7 +213,7 @@ main(argc, argv)
 
       for (n = 1; n <= num_to_check; n++) {
 	/* build the new principal name */
-	/* we can't pick random names because we need to generate all the names 
+	/* we can't pick random names because we need to generate all the names
 	   again given a prefix and count to test the db lib and kdb */
 	ctmp[0] = '\0';
 	for (i = 1; i <= depth; i++) {
@@ -239,7 +239,7 @@ main(argc, argv)
 	    strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp));
 	    stmp[sizeof(stmp) - 1] = '\0';
 	    snprintf(server, sizeof(server), "%s@%s", stmp, cur_realm);
-	    if (verify_cs_pair(test_context, client, client_princ, 
+	    if (verify_cs_pair(test_context, client, client_princ,
 			       stmp, cur_realm, n, i, j, ccache))
 	      errors++;
 	    n_tried++;
@@ -251,7 +251,7 @@ main(argc, argv)
     fprintf (stderr, "\nTried %d.  Got %d errors.\n", n_tried, errors);
     if (do_timer) {
 	if (in_tkt_times.ht_observations)
-	    fprintf(stderr, 
+	    fprintf(stderr,
 		    "%8d  AS_REQ requests: %9.6f average (min: %9.6f, max:%9.6f)\n",
 		    in_tkt_times.ht_observations,
 		    in_tkt_times.ht_cumulative /
@@ -259,7 +259,7 @@ main(argc, argv)
 		    in_tkt_times.ht_min,
 		    in_tkt_times.ht_max);
 	if (tgs_req_times.ht_observations)
-	    fprintf(stderr, 
+	    fprintf(stderr,
 		    "%8d TGS_REQ requests: %9.6f average (min: %9.6f, max:%9.6f)\n",
 		    tgs_req_times.ht_observations,
 		    tgs_req_times.ht_cumulative /
@@ -276,7 +276,7 @@ main(argc, argv)
   }
 
 
-static krb5_error_code 
+static krb5_error_code
 get_server_key(context, server, enctype, key)
     krb5_context context;
     krb5_principal server;
@@ -302,7 +302,7 @@ get_server_key(context, server, enctype, key)
     	krb5_use_enctype(context, &eblock, enctype);
     	if ((retval = krb5_string_to_key(context, &eblock, *key, &pwd, &salt)))
 	    free(*key);
-    } else 
+    } else
         retval = ENOMEM;
 
     free(string);
@@ -312,7 +312,7 @@ cleanup_salt:
     return retval;
 }
 
-int verify_cs_pair(context, p_client_str, p_client, service, hostname, 
+int verify_cs_pair(context, p_client_str, p_client, service, hostname,
 		   p_num, c_depth, s_depth, ccache)
     krb5_context context;
     char *p_client_str;
@@ -333,10 +333,10 @@ int verify_cs_pair(context, p_client_str, p_client, service, hostname,
     float		  dt;
 
     if (brief)
-      fprintf(stderr, "\tprinc (%d) client (%d) for server (%d)\n", 
+      fprintf(stderr, "\tprinc (%d) client (%d) for server (%d)\n",
 	      p_num, c_depth, s_depth);
     else
-      fprintf(stderr, "\tclient %s for server %s\n", p_client_str, 
+      fprintf(stderr, "\tclient %s for server %s\n", p_client_str,
 	      service);
 
     /* Initialize variables */
@@ -398,9 +398,9 @@ int verify_cs_pair(context, p_client_str, p_client, service, hostname,
 	goto cleanup_keyblock;
     }
 
-    if ((retval = krb5_rd_req(context, &auth_context, &request_data, 
-			     NULL /* server */, 0, NULL, &ticket))) { 
-	com_err(prog, retval, "while decoding AP_REQ for %s", hostname); 
+    if ((retval = krb5_rd_req(context, &auth_context, &request_data,
+			     NULL /* server */, 0, NULL, &ticket))) {
+	com_err(prog, retval, "while decoding AP_REQ for %s", hostname);
         krb5_auth_con_free(context, auth_context);
 	goto cleanup_keyblock;
     }
@@ -419,9 +419,9 @@ int verify_cs_pair(context, p_client_str, p_client, service, hostname,
 
     if (!(krb5_principal_compare(context,ticket->enc_part2->client,p_client))){
     	char *returned_client;
-        if ((retval = krb5_unparse_name(context, ticket->enc_part2->client, 
-			       	       &returned_client))) 
-	    com_err (prog, retval, 
+        if ((retval = krb5_unparse_name(context, ticket->enc_part2->client,
+			       	       &returned_client)))
+	    com_err (prog, retval,
 		     "Client not as expected, but cannot unparse client name");
       	else
 	    com_err (prog, 0, "Client not as expected (%s).", returned_client);
@@ -467,7 +467,7 @@ int get_tgt (context, p_client_str, p_client, ccache)
     }
 
     memset(&my_creds, 0, sizeof(my_creds));
-    
+
     if ((code = krb5_parse_name (context, p_client_str, p_client))) {
 	com_err (prog, code, "when parsing name %s", p_client_str);
 	return(-1);
diff --git a/src/tests/misc/test_getsockname.c b/src/tests/misc/test_getsockname.c
index 5f59da468..6254cca59 100644
--- a/src/tests/misc/test_getsockname.c
+++ b/src/tests/misc/test_getsockname.c
@@ -1,6 +1,6 @@
 /*
  * test_getsockname.c
- * 
+ *
  * This routine demonstrates a bug in the socket emulation library of
  * Solaris and other monstrosities that uses STREAMS.  On other
  * machines with a real networking layer, it prints the local
@@ -29,7 +29,7 @@ main(argc, argv)
     struct hostent *host;
     struct sockaddr_in s_sock;		/* server address */
     struct sockaddr_in c_sock;		/* client address */
-    
+
     char *hostname;
 
     if (argc == 2) {
@@ -54,7 +54,7 @@ main(argc, argv)
 #endif
     s_sock.sin_family = AF_INET;
     s_sock.sin_port = htons(5555);
-    
+
     /* Open a socket */
     if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
 	perror("socket");
@@ -69,14 +69,14 @@ main(argc, argv)
 	perror("bind");
 	exit(1);
     }
-	
+
     /* "connect" the datagram socket; this is necessary to get a local address
        properly bound for getsockname() below. */
     if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) {
 	perror("connect");
 	exit(1);
     }
-    
+
     /* Get my address */
     memset(&c_sock, 0, sizeof(c_sock));
     i = sizeof(c_sock);
@@ -86,6 +86,6 @@ main(argc, argv)
     }
 
     printf("My interface address is: %s\n", inet_ntoa(c_sock.sin_addr));
-    
+
     exit(0);
 }
diff --git a/src/tests/misc/test_nfold.c b/src/tests/misc/test_nfold.c
index 7a0bffe07..dc26b3958 100644
--- a/src/tests/misc/test_nfold.c
+++ b/src/tests/misc/test_nfold.c
@@ -1,13 +1,13 @@
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -18,7 +18,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/src/tests/resolve/addrinfo-test.c b/src/tests/resolve/addrinfo-test.c
index dff8df1dd..f011b6ad4 100644
--- a/src/tests/resolve/addrinfo-test.c
+++ b/src/tests/resolve/addrinfo-test.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * A simple program to test the functionality of the getaddrinfo function.
  *
@@ -73,7 +73,7 @@ static const char *protoname (int p) {
 
     snprintf(buf, sizeof(buf), " %-2d", p);
     return buf;
-}	
+}
 
 static const char *socktypename (int t) {
     static char buf[30];
diff --git a/src/tests/resolve/resolve.c b/src/tests/resolve/resolve.c
index 0be8244a2..09be1486e 100644
--- a/src/tests/resolve/resolve.c
+++ b/src/tests/resolve/resolve.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,14 +22,14 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * A simple program to test the functionality of the resolver library.
- * It simply will try to get the IP address of the host, and then look 
+ * It simply will try to get the IP address of the host, and then look
  * up the name from the address. If the resulting name does not contain the
  * domain name, then the resolve library is broken.
  *
- * Warning: It is possible to fool this program into thinking everything is 
+ * Warning: It is possible to fool this program into thinking everything is
  * alright byt a clever use of /etc/hosts - but this is better than nothing.
  *
  * Usage:
@@ -88,7 +88,7 @@ main(argc, argv)
 	    if ((strcmp(*argv, "--quiet") == 0) ||
 		(strcmp(*argv, "-q") == 0)) {
 		quiet++;
-	    } else 
+	    } else
 		break;
 	    argc--; argv++;
 	}
@@ -101,13 +101,13 @@ main(argc, argv)
 			exit(1);
 		}
 	}
-	
+
 	myname[MAXHOSTNAMELEN] = '\0';	/* for safety */
-	
+
 	/* Look up the address... */
 	if (!quiet)
 	    printf("Hostname:  %s\n", myname);
-	
+
 
 	/* Set the hosts db to close each time - effectively rewinding file */
 	sethostent(0);
@@ -118,11 +118,11 @@ main(argc, argv)
 			myname);
 		exit(2);
 	}
-	
+
 	ptr = host->h_addr_list[0];
 #define UC(a) (((int)a)&0xff)
 	if (!quiet)
-	    printf("Host address: %d.%d.%d.%d\n", 
+	    printf("Host address: %d.%d.%d.%d\n",
 		   UC(ptr[0]), UC(ptr[1]), UC(ptr[2]), UC(ptr[3]));
 
 	memcpy(&addrcopy.s_addr, ptr, 4);
@@ -132,12 +132,12 @@ main(argc, argv)
 		fprintf(stderr, "Error looking up IP address - fatal\n");
 		exit(2);
 	}
-	
+
 	if (quiet)
 	    printf("%s\n", host->h_name);
 	else
 	    printf("FQDN: %s\n", host->h_name);
-	
+
 	/*
 	 * The host name must have at least one '.' in the name, and
 	 * if there is only one '.', it must not be at the end of the
@@ -168,5 +168,3 @@ main(argc, argv)
 	exit(0);
 
 }
-
-
diff --git a/src/tests/test1.c b/src/tests/test1.c
index bb142ead4..5ecac0ecf 100644
--- a/src/tests/test1.c
+++ b/src/tests/test1.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Regression tests for the kerberos library.
  */
@@ -45,7 +45,7 @@ tkt_test_1()
     krb5_address addr_1;
     static krb5_octet ip_addr_1[4] = { 18, 72, 0, 122 };
     char *out;
-    
+
     /*
      * fill in some values on the "in" side of the ticket
      */
@@ -58,13 +58,13 @@ tkt_test_1()
     serv_k.enctype = 1;		/* XXX symbolic constant */
     serv_k.length = 8;		/* XXX symbolic constant */
     serv_k.contents = key_one;
-    
+
     sess_k.enctype = 1;		/* XXX symbolic constant */
     sess_k.length = 8;		/* XXX symbolic constant */
     sess_k.contents = key_two;
 
     tk_in.etype = 1;		/* XXX symbolic constant here */
-    tk_in.skvno = 4;		
+    tk_in.skvno = 4;
 
     tk_in.enc_part2 = &tk_in_enc;
 
@@ -74,7 +74,7 @@ tkt_test_1()
     tk_in_enc.times.authtime = 42;
     tk_in_enc.times.starttime = 43;
     tk_in_enc.times.endtime = 44;
-    
+
     code = krb5_parse_name ("client/test/1@BOGUS.ORG", &tk_in_enc.client);
     if (code != 0) {
 	com_err("tkt_test_1", code, " parsing client principal");
@@ -89,7 +89,7 @@ tkt_test_1()
     addr_list[0] = &addr_1;
     addr_list[1] = 0;
 
-    
+
     tk_in_enc.caddrs = addr_list;
     tk_in_enc.authorization_data = 0;
 
@@ -99,8 +99,8 @@ tkt_test_1()
 	return;
     }
 
-    data = 0;    
-    
+    data = 0;
+
     code = krb5_encode_ticket (&tk_in,  &data);
     if (code != 0) {
 	com_err ("tkt_test_1", code, " encoding ticket");
@@ -136,7 +136,7 @@ tkt_test_1()
     }
     free(out);
     out = 0;
-    
+
     /* decode the ciphertext */
     code = krb5_decrypt_tkt_part (&serv_k, tk_out);
     if (code != 0) {
diff --git a/src/tests/threads/gss-perf.c b/src/tests/threads/gss-perf.c
index 5e5fab9e1..5c7cd2fb7 100644
--- a/src/tests/threads/gss-perf.c
+++ b/src/tests/threads/gss-perf.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/tests/threads/t_rcache.c b/src/tests/threads/t_rcache.c
index 3a654a4b3..eb94b2eaf 100644
--- a/src/tests/threads/t_rcache.c
+++ b/src/tests/threads/t_rcache.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,8 +22,8 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
- * 
+ *
+ *
  *
  */
 
diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c
index 01ba3e32f..a2a0f906f 100644
--- a/src/tests/verify/kdb5_verify.c
+++ b/src/tests/verify/kdb5_verify.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Edit a KDC database.
  */
@@ -86,7 +86,7 @@ main(argc, argv)
     int argc;
     char *argv[];
 {
-    extern char *optarg;	
+    extern char *optarg;
     int optchar, i, n;
     char tmp[4096], tmp2[BUFSIZ], *str_princ;
 
@@ -172,7 +172,7 @@ main(argc, argv)
 	if ((retval = krb5_get_default_realm(context, &cur_realm))) {
 	    com_err(progname, retval, "while retrieving default realm name");
 	    exit(1);
-	}	    
+	}
     }
     if ((retval = set_dbname_help(context, progname, dbname)))
 	exit(retval);
@@ -183,7 +183,7 @@ main(argc, argv)
 
     for (n = 1; n <= num_to_check; n++) {
       /* build the new principal name */
-      /* we can't pick random names because we need to generate all the names 
+      /* we can't pick random names because we need to generate all the names
 	 again given a prefix and count to test the db lib and kdb */
       (void) snprintf(suffix, suffix_size, "%d", n);
       (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
@@ -256,9 +256,9 @@ check_princ(context, str_princ)
 	goto out;
     }
 
-    if ((retval = krb5_string_to_key(context, &master_encblock, 
+    if ((retval = krb5_string_to_key(context, &master_encblock,
 				    &pwd_key, &pwd, &salt))) {
-	com_err(progname, retval, "while converting password to key for '%s'", 
+	com_err(progname, retval, "while converting password to key for '%s'",
 		princ_name);
 	krb5_free_data_contents(context, &salt);
 	krb5_free_principal(context, princ);
@@ -266,7 +266,7 @@ check_princ(context, str_princ)
     }
     krb5_free_data_contents(context, &salt);
 
-    if ((retval = krb5_db_get_principal(context, princ, &kdbe, 
+    if ((retval = krb5_db_get_principal(context, princ, &kdbe,
 					&nprincs, &more))) {
       com_err(progname, retval, "while attempting to verify principal's existence");
       krb5_free_principal(context, princ);
@@ -280,7 +280,7 @@ check_princ(context, str_princ)
       goto errout;
     }
 
-    if ((retval = krb5_dbekd_decrypt_key_data(context, &master_keyblock, 
+    if ((retval = krb5_dbekd_decrypt_key_data(context, &master_keyblock,
 				       	     kdbe.key_data, &db_key, NULL))) {
 	com_err(progname, retval, "while decrypting key for '%s'", princ_name);
 	goto errout;
@@ -295,9 +295,9 @@ errout:
       return(-1);
     }
     else {
-      if (memcmp((char *)pwd_key.contents, (char *) db_key.contents, 
+      if (memcmp((char *)pwd_key.contents, (char *) db_key.contents,
 		 (size_t) pwd_key.length)) {
-	fprintf(stderr, "\t key did not match stored value for %s\n", 
+	fprintf(stderr, "\t key did not match stored value for %s\n",
 		princ_name);
 	goto errout;
       }
@@ -312,13 +312,13 @@ errout:
     }
 
     if (kdbe.max_life != mblock.max_life) {
-      fprintf(stderr, "\tmax life did not match stored value for %s.\n", 
+      fprintf(stderr, "\tmax life did not match stored value for %s.\n",
 	      princ_name);
       goto errout;
     }
 
     if (kdbe.max_renewable_life != mblock.max_rlife) {
-      fprintf(stderr, 
+      fprintf(stderr,
 	      "\tmax renewable life did not match stored value for %s.\n",
 	      princ_name);
       goto errout;
@@ -383,7 +383,7 @@ set_dbname_help(context, pname, dbname)
 	    com_err(pname, retval, "while calculated master key salt");
 	    return(1);
 	}
-	if ((retval = krb5_string_to_key(context, &master_encblock, 
+	if ((retval = krb5_string_to_key(context, &master_encblock,
 				    &master_keyblock, &pwd, &scratch))) {
 	    com_err(pname, retval,
 		    "while transforming master key from password");
@@ -418,14 +418,14 @@ set_dbname_help(context, pname, dbname)
 	com_err(pname, retval, "while initializing database");
 	return(1);
     }
-    if ((retval = krb5_db_verify_master_key(context, master_princ, 
+    if ((retval = krb5_db_verify_master_key(context, master_princ,
 					    IGNORE_VNO, &master_keyblock))) {
 	com_err(pname, retval, "while verifying master key");
 	(void) krb5_db_fini(context);
 	return(1);
     }
     nentries = 1;
-    if ((retval = krb5_db_get_principal(context, master_princ, &master_entry, 
+    if ((retval = krb5_db_get_principal(context, master_princ, &master_entry,
 				       &nentries, &more))) {
 	com_err(pname, retval, "while retrieving master entry");
 	(void) krb5_db_fini(context);
@@ -441,7 +441,7 @@ set_dbname_help(context, pname, dbname)
 	return(1);
     }
 
-    if ((retval = krb5_unparse_name(context, master_princ, 
+    if ((retval = krb5_unparse_name(context, master_princ,
 				    &str_master_princ))) {
       com_err(pname, retval, "while unparsing master principal");
       krb5_db_fini(context);
@@ -471,4 +471,3 @@ set_dbname_help(context, pname, dbname)
     krb5_db_free_principal(context, &master_entry, nentries);
     return 0;
 }
-
diff --git a/src/util/et/com_err.c b/src/util/et/com_err.c
index c759e17b6..a483e541a 100644
--- a/src/util/et/com_err.c
+++ b/src/util/et/com_err.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1997 by Massachusetts Institute of Technology
- * 
+ *
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
  * Permission to use, copy, modify, and distribute this software
@@ -74,7 +74,7 @@ static void default_com_err_proc (const char *whoami, errcode_t code,
 	    MessageBox ((HWND)NULL, errbuf, "Kerberos", MB_ICONEXCLAMATION);
 
 #else /* !_WIN32 */
-    
+
 	if (whoami) {
 		fputs(whoami, stderr);
 		fputs(": ", stderr);
diff --git a/src/util/et/com_err.h b/src/util/et/com_err.h
index 58c43d31d..66004603b 100644
--- a/src/util/et/com_err.h
+++ b/src/util/et/com_err.h
@@ -26,7 +26,7 @@
 typedef long errcode_t;
 typedef void (*et_old_error_hook_func) (const char *, errcode_t,
 					const char *, va_list ap);
-	
+
 struct error_table {
 	/*@shared@*/ char const * const * msgs;
         long base;
diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c
index e9d681b6c..734cedf2e 100644
--- a/src/util/et/error_message.c
+++ b/src/util/et/error_message.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1997,2000,2001,2004,2008 by Massachusetts Institute of Technology
- * 
+ *
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
  * Permission to use, copy, modify, and distribute this software
@@ -213,7 +213,7 @@ error_message(long code)
 		divisor = WSABASEERR;
 	}
 #endif
-#ifdef _WIN32	
+#ifdef _WIN32
 	{
 		LPVOID msgbuf;
 
diff --git a/src/util/et/et_name.c b/src/util/et/et_name.c
index 64923c998..507a111c8 100644
--- a/src/util/et/et_name.c
+++ b/src/util/et/et_name.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1997 by Massachusetts Institute of Technology
- * 
+ *
  * Copyright 1987 by MIT Student Information Processing Board
  *
  * Permission to use, copy, modify, and distribute this software
diff --git a/src/util/et/init_et.c b/src/util/et/init_et.c
index e397a2706..501528c0b 100644
--- a/src/util/et/init_et.c
+++ b/src/util/et/init_et.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1997, 2008 by Massachusetts Institute of Technology
- * 
+ *
  * Copyright 1986, 1987, 1988 by MIT Student Information Processing Board
  *
  * Permission to use, copy, modify, and distribute this software
@@ -69,13 +69,13 @@ extern errcode_t KRB5_CALLCONV et_init(ectx)
 	ctx->tables = 0;
 	ctx->hook_func = 0;
 	ctx->hook_func_data = 0;
-	
+
 	*ectx = ctx;
 	return 0;
 }
 
 extern void KRB5_CALLCONV et_shutdown(ectx)
-	et_ctx ectx;	
+	et_ctx ectx;
 {
 	struct et_list *p, *n;
 
@@ -97,11 +97,11 @@ extern errcode_t KRB5_CALLCONV et_add_error_table(ectx, tbl)
 	e = malloc(sizeof(struct et_list));
 	if (!e)
 		return ENOMEM;
-	
+
 	e->table = tbl;
 	e->next = ectx->tables;
 	ectx->tables = e;
-	
+
 	return 0;
 }
 
diff --git a/src/util/et/mit-sipb-copyright.h b/src/util/et/mit-sipb-copyright.h
index d7c4ee096..9c4375dbc 100644
--- a/src/util/et/mit-sipb-copyright.h
+++ b/src/util/et/mit-sipb-copyright.h
@@ -19,4 +19,3 @@ the suitability of this software for any purpose.  It is
 provided "as is" without express or implied warranty.
 
 */
-
diff --git a/src/util/exitsleep.c b/src/util/exitsleep.c
index 95232e5b3..3b3737b1c 100644
--- a/src/util/exitsleep.c
+++ b/src/util/exitsleep.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/util/mac/k5_mig_client.c b/src/util/mac/k5_mig_client.c
index 603ffdc70..6964abcca 100644
--- a/src/util/mac/k5_mig_client.c
+++ b/src/util/mac/k5_mig_client.c
@@ -53,15 +53,15 @@ typedef struct k5_ipc_service_port {
 
 /* global service ports and mutex to protect it */
 static k5_mutex_t g_service_ports_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
-static k5_ipc_service_port g_service_ports[KIPC_SERVICE_COUNT] = { 
+static k5_ipc_service_port g_service_ports[KIPC_SERVICE_COUNT] = {
 { "edu.mit.Kerberos.CCacheServer", MACH_PORT_NULL },
 { "edu.mit.Kerberos.KerberosAgent", MACH_PORT_NULL } };
 
 /* ------------------------------------------------------------------------ */
 
 /* This struct exists to hold the per-thread connection port used for ipc
- * messages to the server.  Each thread is issued a separate connection 
- * port so that the server can distinguish between threads in the same 
+ * messages to the server.  Each thread is issued a separate connection
+ * port so that the server can distinguish between threads in the same
  * application. */
 
 typedef struct k5_ipc_connection {
@@ -76,7 +76,7 @@ typedef struct k5_ipc_connection_info {
 } *k5_ipc_connection_info;
 
 /* initializer for k5_ipc_request_port to fill in server names in TLS */
-static const char *k5_ipc_known_services[KIPC_SERVICE_COUNT] = { 
+static const char *k5_ipc_known_services[KIPC_SERVICE_COUNT] = {
 "edu.mit.Kerberos.CCacheServer",
 "edu.mit.Kerberos.KerberosAgent" };
 
@@ -87,11 +87,11 @@ static void k5_ipc_client_cinfo_free (void *io_cinfo)
     if (io_cinfo) {
         k5_ipc_connection_info cinfo = io_cinfo;
         int i;
-        
+
         for (i = 0; i < KIPC_SERVICE_COUNT; i++) {
             if (MACH_PORT_VALID (cinfo->connections[i].port)) {
-                mach_port_mod_refs (mach_task_self(), 
-                                    cinfo->connections[i].port, 
+                mach_port_mod_refs (mach_task_self(),
+                                    cinfo->connections[i].port,
                                     MACH_PORT_RIGHT_SEND, -1 );
                 cinfo->connections[i].port = MACH_PORT_NULL;
             }
@@ -107,29 +107,29 @@ static int k5_ipc_client_cinfo_allocate (k5_ipc_connection_info *out_cinfo)
 {
     int err = 0;
     k5_ipc_connection_info cinfo = NULL;
-    
+
     cinfo = malloc (sizeof (*cinfo));
     if (!cinfo) { err = ENOMEM; }
-    
+
     if (!err) {
         int i;
-        
+
         cinfo->server_died = 0;
         cinfo->reply_stream = NULL;
-        
+
         for (i = 0; i < KIPC_SERVICE_COUNT; i++) {
             cinfo->connections[i].service_id = k5_ipc_known_services[i];
             cinfo->connections[i].port = MACH_PORT_NULL;
         }
     }
-    
+
     if (!err) {
         *out_cinfo = cinfo;
         cinfo = NULL;
     }
-    
+
     k5_ipc_client_cinfo_free (cinfo);
-    
+
     return err;
 }
 
@@ -144,38 +144,38 @@ MAKE_FINI_FUNCTION(k5_cli_ipc_thread_fini);
 static int k5_cli_ipc_thread_init (void)
 {
     int err = 0;
-    
-    err = k5_key_register (K5_KEY_IPC_CONNECTION_INFO, 
+
+    err = k5_key_register (K5_KEY_IPC_CONNECTION_INFO,
                            k5_ipc_client_cinfo_free);
-    
+
     if (!err) {
         err = k5_mutex_finish_init (&g_service_ports_mutex);
     }
-    
+
     return err;
 }
 
 /* ------------------------------------------------------------------------ */
 
 static void k5_cli_ipc_thread_fini (void)
-{    
+{
     int err = 0;
-    
+
     err = k5_mutex_lock (&g_service_ports_mutex);
 
     if (!err) {
         int i;
-        
+
         for (i = 0; i < KIPC_SERVICE_COUNT; i++) {
             if (MACH_PORT_VALID (g_service_ports[i].service_port)) {
-                mach_port_destroy (mach_task_self (), 
-                                   g_service_ports[i].service_port); 
+                mach_port_destroy (mach_task_self (),
+                                   g_service_ports[i].service_port);
                 g_service_ports[i].service_port = MACH_PORT_NULL;
             }
         }
         k5_mutex_unlock (&g_service_ports_mutex);
     }
-    
+
     k5_key_delete (K5_KEY_IPC_CONNECTION_INFO);
     k5_mutex_destroy (&g_service_ports_mutex);
 }
@@ -187,22 +187,22 @@ static void k5_cli_ipc_thread_fini (void)
 static kern_return_t k5_ipc_client_lookup_server (const char  *in_service_id,
                                                   boolean_t    in_launch_if_necessary,
                                                   boolean_t    in_use_cached_port,
-                                                  mach_port_t *out_service_port) 
+                                                  mach_port_t *out_service_port)
 {
     kern_return_t err = 0;
     kern_return_t lock_err = 0;
     mach_port_t k5_service_port = MACH_PORT_NULL;
     boolean_t found_entry = 0;
     int i;
-    
+
     if (!in_service_id   ) { err = EINVAL; }
     if (!out_service_port) { err = EINVAL; }
-    
+
     if (!err) {
         lock_err = k5_mutex_lock (&g_service_ports_mutex);
         if (lock_err) { err = lock_err; }
     }
-    
+
     for (i = 0; !err && i < KIPC_SERVICE_COUNT; i++) {
         if (!strcmp (in_service_id, g_service_ports[i].service_id)) {
             found_entry = 1;
@@ -212,65 +212,65 @@ static kern_return_t k5_ipc_client_lookup_server (const char  *in_service_id,
             break;
         }
     }
-    
+
     if (!err && (!MACH_PORT_VALID (k5_service_port) || !in_use_cached_port)) {
         mach_port_t boot_port = MACH_PORT_NULL;
         char *service = NULL;
-        
+
         /* Get our bootstrap port */
         err = task_get_bootstrap_port (mach_task_self (), &boot_port);
-        
+
         if (!err && !in_launch_if_necessary) {
             char *lookup = NULL;
             mach_port_t lookup_port = MACH_PORT_NULL;
-            
-            int w = asprintf (&lookup, "%s%s", 
+
+            int w = asprintf (&lookup, "%s%s",
                               in_service_id, K5_MIG_LOOKUP_SUFFIX);
             if (w < 0) { err = ENOMEM; }
-            
+
             if (!err) {
-                /* Use the lookup name because the service name will return 
+                /* Use the lookup name because the service name will return
                  * a valid port even if the server isn't running */
                 err = bootstrap_look_up (boot_port, lookup, &lookup_port);
             }
-            
+
             free (lookup);
-            if (MACH_PORT_VALID (lookup_port)) { 
-                mach_port_deallocate (mach_task_self (), lookup_port); 
+            if (MACH_PORT_VALID (lookup_port)) {
+                mach_port_deallocate (mach_task_self (), lookup_port);
             }
         }
-        
+
         if (!err) {
-            int w = asprintf (&service, "%s%s", 
+            int w = asprintf (&service, "%s%s",
                               in_service_id, K5_MIG_SERVICE_SUFFIX);
             if (w < 0) { err = ENOMEM; }
         }
-        
+
         if (!err) {
             err = bootstrap_look_up (boot_port, service, &k5_service_port);
-            
+
             if (!err && found_entry) {
                 /* Free old port if it is valid */
                 if (!err && MACH_PORT_VALID (g_service_ports[i].service_port)) {
-                    mach_port_deallocate (mach_task_self (), 
+                    mach_port_deallocate (mach_task_self (),
                                           g_service_ports[i].service_port);
                 }
-                
+
                 g_service_ports[i].service_port = k5_service_port;
             }
         }
-        
+
         free (service);
-        if (MACH_PORT_VALID (boot_port)) { mach_port_deallocate (mach_task_self (), 
+        if (MACH_PORT_VALID (boot_port)) { mach_port_deallocate (mach_task_self (),
                                                                  boot_port); }
     }
-    
+
     if (!err) {
         *out_service_port = k5_service_port;
     }
-    
+
     if (!lock_err) { k5_mutex_unlock (&g_service_ports_mutex); }
-    
+
     return err;
 }
 
@@ -278,29 +278,29 @@ static kern_return_t k5_ipc_client_lookup_server (const char  *in_service_id,
 
 /* ------------------------------------------------------------------------ */
 
-static boolean_t k5_ipc_reply_demux (mach_msg_header_t *request, 
-                                     mach_msg_header_t *reply) 
+static boolean_t k5_ipc_reply_demux (mach_msg_header_t *request,
+                                     mach_msg_header_t *reply)
 {
     boolean_t handled = 0;
-    
+
     if (CALL_INIT_FUNCTION (k5_cli_ipc_thread_init) != 0) {
         return 0;
-    }    
-    
+    }
+
     if (!handled && request->msgh_id == MACH_NOTIFY_NO_SENDERS) {
         k5_ipc_connection_info cinfo = k5_getspecific (K5_KEY_IPC_CONNECTION_INFO);
-        if (cinfo) { 
+        if (cinfo) {
             cinfo->server_died = 1;
         }
-        
+
         handled = 1; /* server died */
     }
-    
+
     if (!handled) {
         handled = k5_ipc_reply_server (request, reply);
     }
-    
-    return handled;    
+
+    return handled;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -313,34 +313,34 @@ kern_return_t k5_ipc_client_reply (mach_port_t             in_reply_port,
 {
     kern_return_t err = KERN_SUCCESS;
     k5_ipc_connection_info cinfo = NULL;
-    
+
     if (!err) {
         err = CALL_INIT_FUNCTION (k5_cli_ipc_thread_init);
     }
-    
+
     if (!err) {
         cinfo = k5_getspecific (K5_KEY_IPC_CONNECTION_INFO);
         if (!cinfo || !cinfo->reply_stream) { err = EINVAL; }
     }
-    
+
     if (!err) {
         if (in_inl_replyCnt) {
-            err = krb5int_ipc_stream_write (cinfo->reply_stream, 
+            err = krb5int_ipc_stream_write (cinfo->reply_stream,
 					    in_inl_reply, in_inl_replyCnt);
-            
+
         } else if (in_ool_replyCnt) {
-            err = krb5int_ipc_stream_write (cinfo->reply_stream, 
+            err = krb5int_ipc_stream_write (cinfo->reply_stream,
 					    in_ool_reply, in_ool_replyCnt);
-            
+
         } else {
             err = EINVAL;
         }
     }
-    
-    if (in_ool_replyCnt) { vm_deallocate (mach_task_self (), 
-                                          (vm_address_t) in_ool_reply, 
+
+    if (in_ool_replyCnt) { vm_deallocate (mach_task_self (),
+                                          (vm_address_t) in_ool_reply,
                                           in_ool_replyCnt); }
-    
+
     return err;
 }
 
@@ -367,29 +367,29 @@ int32_t k5_ipc_send_request (const char    *in_service_id,
 
     if (!in_request_stream) { err = EINVAL; }
     if (!out_reply_stream ) { err = EINVAL; }
-    
+
     if (!err) {
         err = CALL_INIT_FUNCTION (k5_cli_ipc_thread_init);
-    }    
-    
+    }
+
     if (!err) {
-        /* depending on how big the message is, use the fast inline buffer or  
+        /* depending on how big the message is, use the fast inline buffer or
          * the slow dynamically allocated buffer */
         mach_msg_type_number_t request_length = krb5int_ipc_stream_size (in_request_stream);
-        
+
         if (request_length > K5_IPC_MAX_INL_MSG_SIZE) {
-            /*dprintf ("%s choosing out of line buffer (size is %d)", 
+            /*dprintf ("%s choosing out of line buffer (size is %d)",
              *                  __FUNCTION__, request_length); */
-            
-            err = vm_read (mach_task_self (), 
-                           (vm_address_t) krb5int_ipc_stream_data (in_request_stream), 
-                           request_length, 
-                           (vm_address_t *) &ool_request, 
-                           &ool_request_length);        
+
+            err = vm_read (mach_task_self (),
+                           (vm_address_t) krb5int_ipc_stream_data (in_request_stream),
+                           request_length,
+                           (vm_address_t *) &ool_request,
+                           &ool_request_length);
         } else {
             /*dprintf ("%s choosing in line buffer (size is %d)",
              *                  __FUNCTION__, request_length); */
-            
+
             inl_request_length = request_length;
             inl_request = krb5int_ipc_stream_data (in_request_stream);
         }
@@ -405,7 +405,7 @@ int32_t k5_ipc_send_request (const char    *in_service_id,
                 err = k5_setspecific (K5_KEY_IPC_CONNECTION_INFO, cinfo);
             }
         }
-        
+
         if (!err) {
             int i, found = 0;
 
@@ -416,114 +416,114 @@ int32_t k5_ipc_send_request (const char    *in_service_id,
                     break;
                 }
             }
-            
+
             if (!found) { err = EINVAL; }
         }
     }
-    
+
     if (!err) {
-        err = k5_ipc_client_lookup_server (in_service_id, in_launch_server, 
+        err = k5_ipc_client_lookup_server (in_service_id, in_launch_server,
                                            TRUE, &server_port);
     }
 
     if (!err) {
-        err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE, 
+        err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE,
                                   &reply_port);
     }
-    
+
     while (!err && !done) {
         if (!err && !MACH_PORT_VALID (connection->port)) {
-            err = k5_ipc_client_create_client_connection (server_port, 
+            err = k5_ipc_client_create_client_connection (server_port,
                                                           &connection->port);
         }
-        
+
         if (!err) {
             err = k5_ipc_client_request (connection->port, reply_port,
                                          inl_request, inl_request_length,
                                          ool_request, ool_request_length);
-            
+
         }
-        
+
         if (err == MACH_SEND_INVALID_DEST) {
-            if (try_count < 2) { 
+            if (try_count < 2) {
                 try_count++;
                 err = 0;
             }
 
             if (MACH_PORT_VALID (connection->port)) {
-                mach_port_mod_refs (mach_task_self(), connection->port, 
+                mach_port_mod_refs (mach_task_self(), connection->port,
                                     MACH_PORT_RIGHT_SEND, -1 );
                 connection->port = MACH_PORT_NULL;
-            }    
-            
+            }
+
             /* Look up server name again without using the cached copy */
-            err = k5_ipc_client_lookup_server (in_service_id,  
-                                               in_launch_server, 
+            err = k5_ipc_client_lookup_server (in_service_id,
+                                               in_launch_server,
                                                FALSE, &server_port);
-            
+
         } else {
             /* Talked to server, though we may have gotten an error */
             done = 1;
-            
-            /* Because we use ",dealloc" ool_request will be freed by mach. 
+
+            /* Because we use ",dealloc" ool_request will be freed by mach.
             * Don't double free it. */
-            ool_request = NULL; 
-            ool_request_length = 0;                
-        }            
+            ool_request = NULL;
+            ool_request_length = 0;
+        }
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&cinfo->reply_stream);
     }
-    
+
     if (!err) {
         mach_port_t old_notification_target = MACH_PORT_NULL;
 
         /* request no-senders notification so we know when server dies */
-        err = mach_port_request_notification (mach_task_self (), reply_port, 
-                                              MACH_NOTIFY_NO_SENDERS, 1, 
-                                              reply_port, 
-                                              MACH_MSG_TYPE_MAKE_SEND_ONCE, 
+        err = mach_port_request_notification (mach_task_self (), reply_port,
+                                              MACH_NOTIFY_NO_SENDERS, 1,
+                                              reply_port,
+                                              MACH_MSG_TYPE_MAKE_SEND_ONCE,
                                               &old_notification_target);
-        
+
         if (!err && old_notification_target != MACH_PORT_NULL) {
             mach_port_deallocate (mach_task_self (), old_notification_target);
         }
     }
-    
+
     if (!err) {
         cinfo->server_died = 0;
-        
-        err = mach_msg_server_once (k5_ipc_reply_demux, K5_IPC_MAX_MSG_SIZE, 
+
+        err = mach_msg_server_once (k5_ipc_reply_demux, K5_IPC_MAX_MSG_SIZE,
                                     reply_port, MACH_MSG_TIMEOUT_NONE);
-        
+
         if (!err && cinfo->server_died) {
             err = ENOTCONN;
         }
     }
-    
+
     if (err == BOOTSTRAP_UNKNOWN_SERVICE && !in_launch_server) {
         err = 0;  /* If server is not running just return an empty stream. */
     }
-    
+
     if (!err) {
         *out_reply_stream = cinfo->reply_stream;
         cinfo->reply_stream = NULL;
     }
- 
-    if (reply_port != MACH_PORT_NULL) { 
-        mach_port_destroy (mach_task_self (), reply_port); 
+
+    if (reply_port != MACH_PORT_NULL) {
+        mach_port_destroy (mach_task_self (), reply_port);
     }
-    if (ool_request_length) { 
-        vm_deallocate (mach_task_self (), 
-                       (vm_address_t) ool_request, ool_request_length); 
+    if (ool_request_length) {
+        vm_deallocate (mach_task_self (),
+                       (vm_address_t) ool_request, ool_request_length);
     }
-    if (cinfo && cinfo->reply_stream) { 
-        krb5int_ipc_stream_release (cinfo->reply_stream); 
+    if (cinfo && cinfo->reply_stream) {
+        krb5int_ipc_stream_release (cinfo->reply_stream);
         cinfo->reply_stream = NULL;
     }
-    
-    return err;    
+
+    return err;
 }
 
 #endif /* LEAN CLIENT */
diff --git a/src/util/mac/k5_mig_server.c b/src/util/mac/k5_mig_server.c
index 03a7a8130..815fbed71 100644
--- a/src/util/mac/k5_mig_server.c
+++ b/src/util/mac/k5_mig_server.c
@@ -44,15 +44,15 @@ static boolean_t g_ready_to_quit = 0;
 
 /* ------------------------------------------------------------------------ */
 
-static boolean_t k5_ipc_request_demux (mach_msg_header_t *request, 
-                                       mach_msg_header_t *reply) 
+static boolean_t k5_ipc_request_demux (mach_msg_header_t *request,
+                                       mach_msg_header_t *reply)
 {
     boolean_t handled = 0;
-    
+
     if (!handled) {
         handled = k5_ipc_request_server (request, reply);
     }
-    
+
     /* Our session has a send right. If that goes away it's time to quit. */
     if (!handled && (request->msgh_id == MACH_NOTIFY_NO_SENDERS &&
                      request->msgh_local_port == g_notify_port)) {
@@ -63,21 +63,21 @@ static boolean_t k5_ipc_request_demux (mach_msg_header_t *request,
     /* Check here for a client death.  If so remove it */
     if (!handled && request->msgh_id == MACH_NOTIFY_NO_SENDERS) {
         kern_return_t err = KERN_SUCCESS;
-        
+
         err = k5_ipc_server_remove_client (request->msgh_local_port);
-        
+
         if (!err) {
-            err = mach_port_mod_refs (mach_task_self (), 
-                                      request->msgh_local_port, 
+            err = mach_port_mod_refs (mach_task_self (),
+                                      request->msgh_local_port,
                                       MACH_PORT_RIGHT_RECEIVE, -1);
         }
-        
+
         if (!err) {
             handled = 1;  /* was a port we are tracking */
         }
     }
-     
-    return handled;    
+
+    return handled;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -88,39 +88,39 @@ kern_return_t k5_ipc_server_create_client_connection (mach_port_t    in_server_p
     kern_return_t err = KERN_SUCCESS;
     mach_port_t connection_port = MACH_PORT_NULL;
     mach_port_t old_notification_target = MACH_PORT_NULL;
-    
+
     if (!err) {
-        err = mach_port_allocate (mach_task_self (), 
+        err = mach_port_allocate (mach_task_self (),
                                   MACH_PORT_RIGHT_RECEIVE, &connection_port);
     }
-    
+
     if (!err) {
-        err = mach_port_move_member (mach_task_self (), 
+        err = mach_port_move_member (mach_task_self (),
                                      connection_port, g_listen_port_set);
     }
-    
+
     if (!err) {
         /* request no-senders notification so we can tell when client quits/crashes */
-        err = mach_port_request_notification (mach_task_self (), 
-                                              connection_port, 
-                                              MACH_NOTIFY_NO_SENDERS, 1, 
-                                              connection_port, 
-                                              MACH_MSG_TYPE_MAKE_SEND_ONCE, 
+        err = mach_port_request_notification (mach_task_self (),
+                                              connection_port,
+                                              MACH_NOTIFY_NO_SENDERS, 1,
+                                              connection_port,
+                                              MACH_MSG_TYPE_MAKE_SEND_ONCE,
                                               &old_notification_target );
     }
-    
+
     if (!err) {
         err = k5_ipc_server_add_client (connection_port);
     }
-    
+
     if (!err) {
         *out_connection_port = connection_port;
         connection_port = MACH_PORT_NULL;
     }
-    
+
     if (MACH_PORT_VALID (connection_port)) { mach_port_deallocate (mach_task_self (), connection_port); }
-    
-    return err;    
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -134,36 +134,36 @@ kern_return_t k5_ipc_server_request (mach_port_t             in_connection_port,
 {
     kern_return_t err = KERN_SUCCESS;
     k5_ipc_stream request_stream = NULL;
-    
+
     if (!err) {
         err = krb5int_ipc_stream_new (&request_stream);
     }
-    
+
     if (!err) {
         if (in_inl_requestCnt) {
             err = krb5int_ipc_stream_write (request_stream, in_inl_request, in_inl_requestCnt);
-            
+
         } else if (in_ool_requestCnt) {
             err = krb5int_ipc_stream_write (request_stream, in_ool_request, in_ool_requestCnt);
-            
+
         } else {
             err = EINVAL;
         }
     }
-    
+
     if (!err) {
         err = k5_ipc_server_handle_request (in_connection_port, in_reply_port, request_stream);
     }
-    
+
     krb5int_ipc_stream_release (request_stream);
     if (in_ool_requestCnt) { vm_deallocate (mach_task_self (), (vm_address_t) in_ool_request, in_ool_requestCnt); }
-    
+
     return err;
 }
 
 /* ------------------------------------------------------------------------ */
 
-static kern_return_t k5_ipc_server_get_lookup_and_service_names (char **out_lookup, 
+static kern_return_t k5_ipc_server_get_lookup_and_service_names (char **out_lookup,
                                                                  char **out_service)
 {
     kern_return_t err = KERN_SUCCESS;
@@ -173,32 +173,32 @@ static kern_return_t k5_ipc_server_get_lookup_and_service_names (char **out_look
     char *service_id = NULL;
     char *lookup = NULL;
     char *service = NULL;
-    
+
     if (!out_lookup ) { err = EINVAL; }
     if (!out_service) { err = EINVAL; }
-    
+
     if (!err) {
         bundle = CFBundleGetMainBundle ();
         if (!bundle) { err = ENOENT; }
     }
-    
+
     if (!err) {
         id_string = CFBundleGetIdentifier (bundle);
         if (!id_string) { err = ENOMEM; }
     }
-    
+
     if (!err) {
-        len = CFStringGetMaximumSizeForEncoding (CFStringGetLength (id_string), 
+        len = CFStringGetMaximumSizeForEncoding (CFStringGetLength (id_string),
                                                     kCFStringEncodingUTF8) + 1;
     }
-    
+
     if (!err) {
         service_id = calloc (len, sizeof (char));
         if (!service_id) { err = errno; }
     }
-    
-    if (!err && !CFStringGetCString (id_string, service_id, len, 
-                                     kCFStringEncodingUTF8)) { 
+
+    if (!err && !CFStringGetCString (id_string, service_id, len,
+                                     kCFStringEncodingUTF8)) {
         err = ENOMEM;
     }
 
@@ -206,23 +206,23 @@ static kern_return_t k5_ipc_server_get_lookup_and_service_names (char **out_look
         int w = asprintf (&lookup, "%s%s", service_id, K5_MIG_LOOKUP_SUFFIX);
         if (w < 0) { err = ENOMEM; }
     }
-    
+
     if (!err) {
         int w = asprintf (&service, "%s%s", service_id, K5_MIG_SERVICE_SUFFIX);
         if (w < 0) { err = ENOMEM; }
     }
-    
+
     if (!err) {
         *out_lookup = lookup;
         lookup = NULL;
         *out_service = service;
         service = NULL;
     }
-    
+
     free (service);
     free (lookup);
     free (service_id);
-   
+
     return err;
 }
 
@@ -232,101 +232,101 @@ static kern_return_t k5_ipc_server_get_lookup_and_service_names (char **out_look
 
 int32_t k5_ipc_server_listen_loop (void)
 {
-    /* Run the Mach IPC listen loop.  
+    /* Run the Mach IPC listen loop.
      * This will call k5_ipc_server_create_client_connection for new clients
      * and k5_ipc_server_request for existing clients */
-    
+
     kern_return_t  err = KERN_SUCCESS;
     char          *service = NULL;
     char          *lookup = NULL;
     mach_port_t    lookup_port = MACH_PORT_NULL;
     mach_port_t    boot_port = MACH_PORT_NULL;
     mach_port_t    previous_notify_port = MACH_PORT_NULL;
-    
+
     if (!err) {
         err = k5_ipc_server_get_lookup_and_service_names (&lookup, &service);
     }
-    
+
     if (!err) {
         /* Get the bootstrap port */
         err = task_get_bootstrap_port (mach_task_self (), &boot_port);
     }
-    
+
     if (!err) {
         /* We are an on-demand server so our lookup port already exists. */
         err = bootstrap_check_in (boot_port, lookup, &lookup_port);
-    }  
-    
+    }
+
     if (!err) {
         /* We are an on-demand server so our service port already exists. */
         err = bootstrap_check_in (boot_port, service, &g_service_port);
-    }      
+    }
 
     if (!err) {
         /* Create the port set that the server will listen on */
-        err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE, 
+        err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE,
                                   &g_notify_port);
-    }    
-    
+    }
+
     if (!err) {
         /* Ask for notification when the server port has no more senders
-         * A send-once right != a send right so our send-once right will 
+         * A send-once right != a send right so our send-once right will
          * not interfere with the notification */
-        err = mach_port_request_notification (mach_task_self (), g_service_port, 
-                                              MACH_NOTIFY_NO_SENDERS, true, 
-                                              g_notify_port, 
-                                              MACH_MSG_TYPE_MAKE_SEND_ONCE, 
+        err = mach_port_request_notification (mach_task_self (), g_service_port,
+                                              MACH_NOTIFY_NO_SENDERS, true,
+                                              g_notify_port,
+                                              MACH_MSG_TYPE_MAKE_SEND_ONCE,
                                               &previous_notify_port);
     }
-    
+
     if (!err) {
         /* Create the port set that the server will listen on */
-        err = mach_port_allocate (mach_task_self (), 
+        err = mach_port_allocate (mach_task_self (),
                                   MACH_PORT_RIGHT_PORT_SET, &g_listen_port_set);
-    }    
-    
+    }
+
     if (!err) {
         /* Add the lookup port to the port set */
-        err = mach_port_move_member (mach_task_self (), 
+        err = mach_port_move_member (mach_task_self (),
                                      lookup_port, g_listen_port_set);
-    }    
-    
+    }
+
     if (!err) {
         /* Add the service port to the port set */
-        err = mach_port_move_member (mach_task_self (), 
+        err = mach_port_move_member (mach_task_self (),
                                      g_service_port, g_listen_port_set);
-    }    
-    
+    }
+
     if (!err) {
         /* Add the notify port to the port set */
-        err = mach_port_move_member (mach_task_self (), 
+        err = mach_port_move_member (mach_task_self (),
                                      g_notify_port, g_listen_port_set);
-    } 
-    
+    }
+
     while (!err && !g_ready_to_quit) {
-        /* Handle one message at a time so we can check to see if 
+        /* Handle one message at a time so we can check to see if
          * the server wants to quit */
-        err = mach_msg_server_once (k5_ipc_request_demux, K5_IPC_MAX_MSG_SIZE, 
+        err = mach_msg_server_once (k5_ipc_request_demux, K5_IPC_MAX_MSG_SIZE,
                                     g_listen_port_set, MACH_MSG_OPTION_NONE);
     }
-    
+
     /* Clean up the ports and strings */
-    if (MACH_PORT_VALID (g_notify_port)) { 
-        mach_port_destroy (mach_task_self (), g_notify_port); 
+    if (MACH_PORT_VALID (g_notify_port)) {
+        mach_port_destroy (mach_task_self (), g_notify_port);
         g_notify_port = MACH_PORT_NULL;
     }
-    if (MACH_PORT_VALID (g_listen_port_set)) { 
-        mach_port_destroy (mach_task_self (), g_listen_port_set); 
-        g_listen_port_set = MACH_PORT_NULL; 
+    if (MACH_PORT_VALID (g_listen_port_set)) {
+        mach_port_destroy (mach_task_self (), g_listen_port_set);
+        g_listen_port_set = MACH_PORT_NULL;
     }
-    if (MACH_PORT_VALID (boot_port)) { 
-        mach_port_deallocate (mach_task_self (), boot_port); 
+    if (MACH_PORT_VALID (boot_port)) {
+        mach_port_deallocate (mach_task_self (), boot_port);
     }
-    
+
     free (service);
     free (lookup);
-    
-    return err;    
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -339,46 +339,46 @@ int32_t k5_ipc_server_send_reply (mach_port_t   in_reply_port,
     mach_msg_type_number_t inl_reply_length = 0;
     k5_ipc_ool_reply_t ool_reply = NULL;
     mach_msg_type_number_t ool_reply_length = 0;
-    
+
     if (!MACH_PORT_VALID (in_reply_port)) { err = EINVAL; }
     if (!in_reply_stream                ) { err = EINVAL; }
-    
+
     if (!err) {
-        /* depending on how big the message is, use the fast inline buffer or  
+        /* depending on how big the message is, use the fast inline buffer or
          * the slow dynamically allocated buffer */
         mach_msg_type_number_t reply_length = krb5int_ipc_stream_size (in_reply_stream);
-        
-        if (reply_length > K5_IPC_MAX_INL_MSG_SIZE) {            
-            //dprintf ("%s choosing out of line buffer (size is %d)", 
+
+        if (reply_length > K5_IPC_MAX_INL_MSG_SIZE) {
+            //dprintf ("%s choosing out of line buffer (size is %d)",
             //                  __FUNCTION__, reply_length);
-            
-            err = vm_read (mach_task_self (), 
-                           (vm_address_t) krb5int_ipc_stream_data (in_reply_stream), reply_length, 
+
+            err = vm_read (mach_task_self (),
+                           (vm_address_t) krb5int_ipc_stream_data (in_reply_stream), reply_length,
                            (vm_address_t *) &ool_reply, &ool_reply_length);
-            
+
         } else {
             //cci_debug_printf ("%s choosing in line buffer (size is %d)",
             //                  __FUNCTION__, reply_length);
-            
+
             inl_reply_length = reply_length;
             memcpy (inl_reply, krb5int_ipc_stream_data (in_reply_stream), reply_length);
         }
     }
-    
+
     if (!err) {
-        err = k5_ipc_server_reply (in_reply_port, 
+        err = k5_ipc_server_reply (in_reply_port,
                                    inl_reply, inl_reply_length,
                                    ool_reply, ool_reply_length);
     }
-    
+
     if (!err) {
         /* Because we use ",dealloc" ool_reply will be freed by mach. Don't double free it. */
         ool_reply = NULL;
         ool_reply_length = 0;
     }
-    
+
     if (ool_reply_length) { vm_deallocate (mach_task_self (), (vm_address_t) ool_reply, ool_reply_length); }
-    
+
     return err;
 }
 
diff --git a/src/util/mac/k5_mig_server.h b/src/util/mac/k5_mig_server.h
index 0c66ae5bf..4bd4c2c02 100644
--- a/src/util/mac/k5_mig_server.h
+++ b/src/util/mac/k5_mig_server.h
@@ -35,8 +35,8 @@ int32_t k5_ipc_server_add_client (mach_port_t in_client_port);
 
 int32_t k5_ipc_server_remove_client (mach_port_t in_client_port);
 
-int32_t k5_ipc_server_handle_request (mach_port_t   in_connection_port, 
-                                      mach_port_t   in_reply_port, 
+int32_t k5_ipc_server_handle_request (mach_port_t   in_connection_port,
+                                      mach_port_t   in_reply_port,
                                       k5_ipc_stream in_request_stream);
 
 /* Server control functions */
diff --git a/src/util/mac/k5_mig_types.h b/src/util/mac/k5_mig_types.h
index 0f877a314..87c786b1f 100644
--- a/src/util/mac/k5_mig_types.h
+++ b/src/util/mac/k5_mig_types.h
@@ -1,14 +1,14 @@
 /* $Copyright:
 *
 * Copyright 2004-2006 by the Massachusetts Institute of Technology.
-* 
+*
 * All rights reserved.
-* 
+*
 * Export of this software from the United States of America may require a
 * specific license from the United States Government.  It is the
 * responsibility of any person or organization contemplating export to
 * obtain such a license before exporting.
-* 
+*
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
 * this software and its documentation for any purpose and without fee is
 * hereby granted, provided that the above copyright notice appear in all
@@ -21,19 +21,19 @@
 * the original MIT software. M.I.T. makes no representations about the
 * suitability of this software for any purpose.  It is provided "as is"
 * without express or implied warranty.
-* 
+*
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-* 
+*
 * Individual source code files are copyright MIT, Cygnus Support,
 * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
-* 
+*
 * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
 * and Zephyr are trademarks of the Massachusetts Institute of Technology
 * (MIT).  No commercial use of these trademarks may be made without prior
 * written permission of MIT.
-* 
+*
 * "Commercial use" means use of a name in a product or other for-profit
 * manner.  It does NOT prevent a commercial firm from referring to the MIT
 * trademarks in order to convey information (although in doing so,
diff --git a/src/util/profile/argv_parse.c b/src/util/profile/argv_parse.c
index 7740d5345..acdced8a3 100644
--- a/src/util/profile/argv_parse.c
+++ b/src/util/profile/argv_parse.c
@@ -1,7 +1,7 @@
 /*
  * argv_parse.c --- utility function for parsing a string into a
  * 	argc, argv array.
- * 
+ *
  * This file defines a function argv_parse() which parsing a
  * passed-in string, handling double quotes and backslashes, and
  * creates an allocated argv vector which can be freed using the
@@ -10,7 +10,7 @@
  * See argv_parse.h for the formal definition of the functions.
  *
  * Copyright 1999 by Theodore Ts'o.
- * 
+ *
  * Permission to use, copy, modify, and distribute this software for
  * any purpose with or without fee is hereby granted, provided that
  * the above copyright notice and this permission notice appear in all
diff --git a/src/util/profile/argv_parse.h b/src/util/profile/argv_parse.h
index 84568e7bd..86f4564e5 100644
--- a/src/util/profile/argv_parse.h
+++ b/src/util/profile/argv_parse.h
@@ -3,7 +3,7 @@
  *
  * This file defines the interface for the functions argv_parse() and
  * argv_free().
- * 
+ *
  ***********************************************************************
  * int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv)
  *
@@ -16,12 +16,12 @@
  * ret_argc and ret_argv, respectively.
  ***********************************************************************
  * extern void argv_free(char **argv);
- * 
+ *
  * This function frees the argument vector created by argv_parse().
  ***********************************************************************
  *
  * Copyright 1999 by Theodore Ts'o.
- * 
+ *
  * Permission to use, copy, modify, and distribute this software for
  * any purpose with or without fee is hereby granted, provided that
  * the above copyright notice and this permission notice appear in all
diff --git a/src/util/profile/prof_FSp_glue.c b/src/util/profile/prof_FSp_glue.c
index 511c85f15..6b9b5f063 100644
--- a/src/util/profile/prof_FSp_glue.c
+++ b/src/util/profile/prof_FSp_glue.c
@@ -29,22 +29,22 @@ FSp_profile_init(files, ret_profile)
             break;
         fileCount++;
     }
-    
+
     pathArray = (profile_filespec_t *) malloc ((fileCount + 1) * sizeof(const_profile_filespec_t));
     if (pathArray == NULL) {
         retval = ENOMEM;
     }
-    
+
     if (retval == 0) {
         for (i = 0; i < fileCount + 1; i++) {
             pathArray [i] = NULL;
         }
     }
-        
+
     if (retval == 0) {
         for (i = 0; i < fileCount; i++) {
             OSStatus err = noErr;
-            
+
             if (err == noErr) {
                 pathArray[i] = (char *) malloc (sizeof(char) * PATH_MAX);
                 if (pathArray[i] == NULL) {
@@ -65,12 +65,12 @@ FSp_profile_init(files, ret_profile)
             }
         }
     }
-    
+
     if (retval == 0) {
-        retval = profile_init ((const_profile_filespec_t *) pathArray, 
+        retval = profile_init ((const_profile_filespec_t *) pathArray,
                                ret_profile);
     }
-    
+
     if (pathArray != NULL) {
         for (i = 0; i < fileCount; i++) {
             if (pathArray [i] != 0)
@@ -78,7 +78,7 @@ FSp_profile_init(files, ret_profile)
         }
         free (pathArray);
     }
-    
+
     return retval;
 }
 
diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
index b24fa59f9..13aa18c4c 100644
--- a/src/util/profile/prof_file.c
+++ b/src/util/profile/prof_file.c
@@ -24,7 +24,7 @@
 
 #if defined(_WIN32)
 #include <io.h>
-#define HAVE_STAT	
+#define HAVE_STAT
 #define stat _stat
 #endif
 
@@ -409,7 +409,7 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile,
 	errcode_t	retval = 0;
 
 	retval = ENOMEM;
-	
+
 	new_file = old_file = 0;
 	if (asprintf(&new_file, "%s.$$$", outfile) < 0) {
 	    new_file = NULL;
@@ -504,7 +504,7 @@ errcode_t profile_flush_file_data(prf_data_t data)
 	retval = k5_mutex_lock(&data->lock);
 	if (retval)
 	    return retval;
-	
+
 	if ((data->flags & PROFILE_FILE_DIRTY) == 0) {
 	    k5_mutex_unlock(&data->lock);
 	    return 0;
@@ -600,7 +600,7 @@ static void profile_free_file_data(prf_data_t data)
 errcode_t profile_close_file(prf_file_t prf)
 {
 	errcode_t	retval;
-	
+
 	retval = profile_flush_file(prf);
 	if (retval)
 		return retval;
diff --git a/src/util/profile/prof_get.c b/src/util/profile/prof_get.c
index 6c94d96cc..87861fce3 100644
--- a/src/util/profile/prof_get.c
+++ b/src/util/profile/prof_get.c
@@ -76,7 +76,7 @@ static errcode_t add_to_list(struct profile_string_list *list, const char *str)
 {
 	char 	*newstr, **newlist;
 	unsigned int	newmax;
-	
+
 	if (list->num+1 >= list->max) {
 		newmax = list->max + 10;
 		newlist = realloc(list->list, newmax * sizeof(char *));
@@ -109,8 +109,8 @@ static int is_list_member(struct profile_string_list *list, const char *str)
 			return 1;
 	}
 	return 0;
-}	
-	
+}
+
 /*
  * This function frees a null-terminated list as returned by
  * profile_get_values.
@@ -121,7 +121,7 @@ void KRB5_CALLCONV profile_free_list(char **list)
 
     if (list == 0)
 	    return;
-    
+
     for (cp = list; *cp; cp++)
 	free(*cp);
     free(list);
@@ -158,7 +158,7 @@ profile_get_values(profile_t profile, const char *const *names,
 
 	end_list(&values, ret_values);
 	return 0;
-	
+
 cleanup:
 	end_list(&values, 0);
 	return retval;
@@ -187,7 +187,7 @@ errcode_t profile_get_value(profile_t profile, const char **names,
 		*ret_value = value;
 	else
 		retval = PROF_NO_RELATION;
-	
+
 cleanup:
 	profile_node_iterator_free(&state);
 	return retval;
@@ -214,7 +214,7 @@ profile_get_string(profile_t profile, const char *name, const char *subname,
 			return retval;
 	} else
 		value = def_val;
-    
+
 	if (value) {
 		*ret_string = strdup(value);
 		if (*ret_string == 0)
@@ -264,8 +264,8 @@ profile_get_integer(profile_t profile, const char *name, const char *subname,
 	/* Garbage in string.  */
 	if (end_value != value + strlen (value))
 	    return PROF_BAD_INTEGER;
-	
-   
+
+
 	*ret_int = ret_long;
 	return 0;
 }
@@ -284,7 +284,7 @@ static errcode_t
 profile_parse_boolean(const char *s, int *ret_boolean)
 {
     const char *const *p;
-    
+
     if (ret_boolean == NULL)
     	return PROF_EINVAL;
 
@@ -301,7 +301,7 @@ profile_parse_boolean(const char *s, int *ret_boolean)
 			return 0;
 		}
     }
-	
+
 	return PROF_BAD_BOOLEAN;
 }
 
@@ -328,7 +328,7 @@ profile_get_boolean(profile_t profile, const char *name, const char *subname,
 		return 0;
 	} else if (retval)
 		return retval;
-   
+
 	return profile_parse_boolean (value, ret_boolean);
 }
 
@@ -362,7 +362,7 @@ profile_get_subsection_names(profile_t profile, const char **names,
 
 	end_list(&values, ret_names);
 	return 0;
-	
+
 cleanup:
 	end_list(&values, 0);
 	return retval;
@@ -398,7 +398,7 @@ profile_get_relation_names(profile_t profile, const char **names,
 
 	end_list(&values, ret_names);
 	return 0;
-	
+
 cleanup:
 	end_list(&values, 0);
 	return retval;
@@ -422,7 +422,7 @@ profile_iterator(void **iter_p, char **ret_name, char **ret_value)
 {
 	char *name, *value;
 	errcode_t	retval;
-	
+
 	retval = profile_node_iterator(iter_p, 0, &name, &value);
 	if (retval)
 		return retval;
diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c
index d8653049c..91ace9810 100644
--- a/src/util/profile/prof_init.c
+++ b/src/util/profile/prof_init.c
@@ -118,7 +118,7 @@ profile_init_path(const_profile_filespec_list_t filepath,
 		if (*s == ':')
 			n_entries++;
 	}
-	
+
 	/* the array is NULL terminated */
 	filenames = (profile_filespec_t*) malloc((n_entries+1) * sizeof(char*));
 	if (filenames == 0)
@@ -144,7 +144,7 @@ profile_init_path(const_profile_filespec_list_t filepath,
 	/* cap the array */
 	filenames[i] = 0;
 
-	retval = profile_init((const_profile_filespec_t *) filenames, 
+	retval = profile_init((const_profile_filespec_t *) filenames,
 			      ret_profile);
 
 	/* count back down and free the entries */
@@ -159,13 +159,13 @@ profile_is_writable(profile_t profile, int *writable)
 {
     if (!profile || profile->magic != PROF_MAGIC_PROFILE)
         return PROF_MAGIC_PROFILE;
-    
-    if (!writable) 
+
+    if (!writable)
         return EINVAL;
-    
+
     if (profile->first_file)
         *writable = profile_file_is_writable(profile->first_file);
-    
+
     return 0;
 }
 
@@ -174,13 +174,13 @@ profile_is_modified(profile_t profile, int *modified)
 {
     if (!profile || profile->magic != PROF_MAGIC_PROFILE)
         return PROF_MAGIC_PROFILE;
-    
-    if (!modified) 
+
+    if (!modified)
         return EINVAL;
-    
+
     if (profile->first_file)
         *modified = (profile->first_file->data->flags & PROFILE_FILE_DIRTY);
-    
+
     return 0;
 }
 
@@ -350,19 +350,19 @@ errcode_t profile_ser_internalize(const char *unused, profile_t *profilep,
 		(void) unpack_int32(&tmp, &bp, &remain);
 	else
 		tmp = 0;
-	
+
 	if (tmp != PROF_MAGIC_PROFILE) {
 		retval = EINVAL;
 		goto cleanup;
 	}
-	
+
 	(void) unpack_int32(&fcount, &bp, &remain);
 	retval = ENOMEM;
 
 	flist = (profile_filespec_t *) malloc(sizeof(profile_filespec_t) * (size_t) (fcount + 1));
 	if (!flist)
 		goto cleanup;
-	
+
 	memset(flist, 0, sizeof(char *) * (size_t) (fcount+1));
 	for (i=0; i<fcount; i++) {
 		if (!unpack_int32(&tmp, &bp, &remain)) {
@@ -382,13 +382,13 @@ errcode_t profile_ser_internalize(const char *unused, profile_t *profilep,
 		goto cleanup;
 	}
 
-	if ((retval = profile_init((const_profile_filespec_t *) flist, 
+	if ((retval = profile_init((const_profile_filespec_t *) flist,
 				   profilep)))
 		goto cleanup;
-	
+
 	*bufpp = bp;
 	*remainp = remain;
-    
+
 cleanup:
 	if (flist) {
 		for (i=0; i<fcount; i++) {
@@ -399,4 +399,3 @@ cleanup:
 	}
 	return(retval);
 }
-
diff --git a/src/util/profile/prof_int.h b/src/util/profile/prof_int.h
index 216c5986d..9dc7d940d 100644
--- a/src/util/profile/prof_int.h
+++ b/src/util/profile/prof_int.h
@@ -73,7 +73,7 @@ typedef struct _prf_file_t *prf_file_t;
 /*
  * The profile flags
  *
- * Deprecated use of read/write profile flag.  
+ * Deprecated use of read/write profile flag.
  * Check whether file is writable lazily so we don't call access as often.
  */
 #define PROFILE_FILE_DEPRECATED_RW	0x0001
@@ -136,7 +136,7 @@ errcode_t profile_add_node
 
 errcode_t profile_make_node_final
 	(struct profile_node *node);
-	
+
 int profile_is_node_final
 	(struct profile_node *node);
 
@@ -161,11 +161,11 @@ errcode_t profile_find_node_subsection
 	(struct profile_node *section,
 		    const char *name, void **state,
 		    char **ret_name, struct profile_node **subsection);
-		   
+
 errcode_t profile_get_node_parent
 	(struct profile_node *section,
 		   struct profile_node **parent);
-		   
+
 errcode_t profile_delete_node_relation
 	(struct profile_node *section, const char *name);
 
@@ -249,5 +249,5 @@ errcode_t profile_get_value
 	(profile_t profile, const char **names,
 		    const char	**ret_value);
 /* Others included from profile.h */
-	
+
 /* prof_set.c -- included from profile.h */
diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index 701d5e4a9..a48ae58e1 100644
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -81,7 +81,7 @@ static errcode_t parse_std_line(char *line, struct parse_state *state)
 	struct profile_node	*node;
 	int do_subsection = 0;
 	void *iter = 0;
-	
+
 	if (*line == 0)
 		return 0;
 	cp = skip_over_blanks(line);
@@ -120,7 +120,7 @@ static errcode_t parse_std_line(char *line, struct parse_state *state)
 			cp++;
 		}
 		/*
-		 * A space after ']' should not be fatal 
+		 * A space after ']' should not be fatal
 		 */
 		cp = skip_over_blanks(cp);
 		if (*cp)
@@ -203,7 +203,7 @@ static errcode_t parse_std_line(char *line, struct parse_state *state)
 static errcode_t parse_line(char *line, struct parse_state *state)
 {
 	char	*cp;
-	
+
 	switch (state->state) {
 	case STATE_INIT_COMMENT:
 		if (line[0] != '[')
@@ -380,7 +380,7 @@ static void dump_profile(struct profile_node *root, int level,
 	void *iter;
 	long retval;
 	char *name, *value;
-	
+
 	iter = 0;
 	do {
 		retval = profile_find_node_relation(root, 0, &iter,
diff --git a/src/util/profile/prof_set.c b/src/util/profile/prof_set.c
index 85f228630..a08bfd757 100644
--- a/src/util/profile/prof_set.c
+++ b/src/util/profile/prof_set.c
@@ -7,7 +7,7 @@
  * In the future it may be necessary to modify this public interface,
  * or possibly add higher level functions to support this correctly.
  *
- * WARNING: We're not yet doing locking yet, either.  
+ * WARNING: We're not yet doing locking yet, either.
  *
  */
 
@@ -74,15 +74,15 @@ static errcode_t rw_setup(profile_t profile)
 }
 
 
-/* 
- * Delete or update a particular child node 
- * 
+/*
+ * Delete or update a particular child node
+ *
  * ADL - 2/23/99, rewritten TYT 2/25/99
  */
 errcode_t KRB5_CALLCONV
 profile_update_relation(profile_t profile, const char **names,
 			const char *old_value, const char *new_value)
-{	
+{
 	errcode_t	retval;
 	struct profile_node *section, *node;
 	void		*state;
@@ -91,7 +91,7 @@ profile_update_relation(profile_t profile, const char **names,
 	retval = rw_setup(profile);
 	if (retval)
 		return retval;
-	
+
 	if (names == 0 || names[0] == 0 || names[1] == 0)
 		return PROF_BAD_NAMESET;
 
@@ -123,18 +123,18 @@ profile_update_relation(profile_t profile, const char **names,
 	if (retval == 0)
 	    profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
 	k5_mutex_unlock(&profile->first_file->data->lock);
-	
+
 	return retval;
 }
 
-/* 
+/*
  * Clear a particular all of the relations with a specific name.
- * 
+ *
  * TYT - 2/25/99
  */
 errcode_t KRB5_CALLCONV
 profile_clear_relation(profile_t profile, const char **names)
-{	
+{
 	errcode_t	retval;
 	struct profile_node *section, *node;
 	void		*state;
@@ -143,7 +143,7 @@ profile_clear_relation(profile_t profile, const char **names)
 	retval = rw_setup(profile);
 	if (retval)
 		return retval;
-	
+
 	if (names == 0 || names[0] == 0 || names[1] == 0)
 		return PROF_BAD_NAMESET;
 
@@ -167,29 +167,29 @@ profile_clear_relation(profile_t profile, const char **names)
 	} while (state);
 
 	profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
-	
+
 	return 0;
 }
 
-/* 
+/*
  * Rename a particular section; if the new_section name is NULL,
  * delete it.
- * 
+ *
  * ADL - 2/23/99, rewritten TYT 2/25/99
  */
 errcode_t KRB5_CALLCONV
 profile_rename_section(profile_t profile, const char **names,
 		       const char *new_name)
-{	
+{
 	errcode_t	retval;
 	struct profile_node *section, *node;
 	void		*state;
 	const char	**cpp;
-	
+
 	retval = rw_setup(profile);
 	if (retval)
 		return retval;
-	
+
 	if (names == 0 || names[0] == 0 || names[1] == 0)
 		return PROF_BAD_NAMESET;
 
@@ -242,7 +242,7 @@ profile_add_relation(profile_t profile, const char **names,
 	retval = rw_setup(profile);
 	if (retval)
 		return retval;
-	
+
 	if (names == 0 || names[0] == 0 || names[1] == 0)
 		return PROF_BAD_NAMESET;
 
@@ -283,4 +283,3 @@ profile_add_relation(profile_t profile, const char **names,
 	k5_mutex_unlock(&profile->first_file->data->lock);
 	return 0;
 }
-
diff --git a/src/util/profile/prof_tree.c b/src/util/profile/prof_tree.c
index d8db45daf..6663dc1b5 100644
--- a/src/util/profile/prof_tree.c
+++ b/src/util/profile/prof_tree.c
@@ -1,16 +1,16 @@
 /*
  * prof_tree.c --- these routines maintain the parse tree of the
  * 	config file.
- * 
+ *
  * All of the details of how the tree is stored is abstracted away in
  * this file; all of the other profile routines build, access, and
  * modify the tree via the accessor functions found in this file.
  *
  * Each node may represent either a relation or a section header.
- * 
+ *
  * A section header must have its value field set to 0, and may a one
  * or more child nodes, pointed to by first_child.
- * 
+ *
  * A relation has as its value a pointer to allocated memory
  * containing a string.  Its first_child pointer must be null.
  *
@@ -52,7 +52,7 @@ void profile_free_node(struct profile_node *node)
 
 	if (node->magic != PROF_MAGIC_NODE)
 		return;
-	
+
 	if (node->name)
 		free(node->name);
 	if (node->value)
@@ -63,7 +63,7 @@ void profile_free_node(struct profile_node *node)
 		profile_free_node(child);
 	}
 	node->magic = 0;
-	
+
 	free(node);
 }
 
@@ -159,7 +159,7 @@ errcode_t profile_add_node(struct profile_node *section, const char *name,
 
 	/*
 	 * Find the place to insert the new node.  We look for the
-	 * place *after* the last match of the node name, since 
+	 * place *after* the last match of the node name, since
 	 * order matters.
 	 */
 	for (p=section->first_child, last = 0; p; last = p, p = p->next) {
@@ -233,7 +233,7 @@ const char *profile_get_node_value(struct profile_node *node)
  * section which matches the name; don't return relations.  If value
  * is non-NULL, then only return relations which match the requested
  * value.  (The value argument is ignored if section_flag is non-zero.)
- * 
+ *
  * The first time this routine is called, the state pointer must be
  * null.  When this profile_find_node_relation() returns, if the state
  * pointer is non-NULL, then this routine should be called again.
@@ -252,7 +252,7 @@ errcode_t profile_find_node(struct profile_node *section, const char *name,
 		CHECK_MAGIC(p);
 	} else
 		p = section->first_child;
-	
+
 	for (; p; p = p->next) {
 		if (name && (strcmp(p->name, name)))
 			continue;
@@ -344,7 +344,7 @@ errcode_t profile_find_node_relation(struct profile_node *section,
  *
  * This is (plus accessor functions for the name and value given a
  * profile node) makes this function mostly syntactic sugar for
- * profile_find_node. 
+ * profile_find_node.
  */
 errcode_t profile_find_node_subsection(struct profile_node *section,
 				       const char *name, void **state,
@@ -379,7 +379,7 @@ errcode_t profile_get_node_parent(struct profile_node *section,
 
 /*
  * This is a general-purpose iterator for returning all nodes that
- * match the specified name array.  
+ * match the specified name array.
  */
 struct profile_iterator {
 	prf_magic_t		magic;
@@ -601,9 +601,9 @@ get_new_file:
 	return 0;
 }
 
-/* 
+/*
  * Remove a particular node.
- * 
+ *
  * TYT, 2/25/99
  */
 errcode_t profile_remove_node(struct profile_node *node)
@@ -612,7 +612,7 @@ errcode_t profile_remove_node(struct profile_node *node)
 
 	if (node->parent == 0)
 		return PROF_EINVAL; /* Can't remove the root! */
-	
+
 	node->deleted = 1;
 
 	return 0;
@@ -627,7 +627,7 @@ errcode_t profile_set_relation_value(struct profile_node *node,
 				     const char *new_value)
 {
 	char	*cp;
-	
+
 	CHECK_MAGIC(node);
 
 	if (!node->value)
diff --git a/src/util/profile/profile.hin b/src/util/profile/profile.hin
index 10abe725a..128676c6f 100644
--- a/src/util/profile/profile.hin
+++ b/src/util/profile/profile.hin
@@ -72,7 +72,7 @@ void KRB5_CALLCONV profile_free_list
 	(char **list);
 
 long KRB5_CALLCONV profile_get_string
-	(profile_t profile, const char *name, const char *subname, 
+	(profile_t profile, const char *name, const char *subname,
 			const char *subsubname, const char *def_val,
 			char **ret_string);
 long KRB5_CALLCONV profile_get_integer
@@ -97,25 +97,25 @@ long KRB5_CALLCONV profile_iterator_create
 
 void KRB5_CALLCONV profile_iterator_free
 	(void **iter_p);
-	
+
 long KRB5_CALLCONV profile_iterator
 	(void	**iter_p, char **ret_name, char **ret_value);
 
 void KRB5_CALLCONV profile_release_string (char *str);
 
 long KRB5_CALLCONV profile_update_relation
-	(profile_t profile, const char **names, 
+	(profile_t profile, const char **names,
 		   const char *old_value, const char *new_value);
 
 long KRB5_CALLCONV profile_clear_relation
 	(profile_t profile, const char **names);
 
 long KRB5_CALLCONV profile_rename_section
-	(profile_t profile, const char **names, 
+	(profile_t profile, const char **names,
 		   const char *new_name);
 
 long KRB5_CALLCONV profile_add_relation
-	(profile_t profile, const char **names, 
+	(profile_t profile, const char **names,
 		   const char *new_value);
 
 #ifdef __cplusplus
diff --git a/src/util/profile/profile_tcl.c b/src/util/profile/profile_tcl.c
index 6a2476e47..199c01b29 100644
--- a/src/util/profile/profile_tcl.c
+++ b/src/util/profile/profile_tcl.c
@@ -1,11 +1,11 @@
 /* ----------------------------------------------------------------------------
  * This file was automatically generated by SWIG (http://www.swig.org).
  * Version 1.3.21
- * 
- * This file is not intended to be easily readable and contains a number of 
+ *
+ * This file is not intended to be easily readable and contains a number of
  * coding conventions designed to improve portability and efficiency. Do not make
- * changes to this file unless you know what you are doing--modify the SWIG 
- * interface file instead. 
+ * changes to this file unless you know what you are doing--modify the SWIG
+ * interface file instead.
  * ----------------------------------------------------------------------------- */
 
 /*************************************************************** -*- c -*-
@@ -23,8 +23,8 @@
 #define SWIG_TypeName        SWIG_Tcl_TypeName
 #define SWIG_TypeQuery       SWIG_Tcl_TypeQuery
 #define SWIG_TypeClientData  SWIG_Tcl_TypeClientData
-#define SWIG_PackData        SWIG_Tcl_PackData 
-#define SWIG_UnpackData      SWIG_Tcl_UnpackData 
+#define SWIG_PackData        SWIG_Tcl_PackData
+#define SWIG_UnpackData      SWIG_Tcl_UnpackData
 
 
 /***********************************************************************
@@ -37,7 +37,7 @@
  * Author : David Beazley (beazley@cs.uchicago.edu)
  *
  * Copyright (c) 1999-2000, The University of Chicago
- * 
+ *
  * This file may be freely redistributed without license or fee provided
  * this copyright message remains intact.
  ************************************************************************/
@@ -146,7 +146,7 @@ SWIG_TypeRegister(swig_type_info *ti) {
 }
 
 /* Check the typename */
-SWIGRUNTIME(swig_type_info *) 
+SWIGRUNTIME(swig_type_info *)
 SWIG_TypeCheck(char *c, swig_type_info *ty) {
   swig_type_info *s;
   if (!ty) return 0;        /* Void pointer */
@@ -172,14 +172,14 @@ SWIG_TypeCheck(char *c, swig_type_info *ty) {
 }
 
 /* Cast a pointer up an inheritance hierarchy */
-SWIGRUNTIME(void *) 
+SWIGRUNTIME(void *)
 SWIG_TypeCast(swig_type_info *ty, void *ptr) {
   if ((!ty) || (!ty->converter)) return ptr;
   return (*ty->converter)(ptr);
 }
 
 /* Dynamic pointer casting. Down an inheritance hierarchy */
-SWIGRUNTIME(swig_type_info *) 
+SWIGRUNTIME(swig_type_info *)
 SWIG_TypeDynamicCast(swig_type_info *ty, void **ptr) {
   swig_type_info *lastty = ty;
   if (!ty || !ty->dcast) return ty;
@@ -274,7 +274,7 @@ SWIG_UnpackData(char *c, void *ptr, int sz) {
 
 /*
  * $Header: /cvsroot/SWIG/Lib/tcl/swigtcl8.swg,v 1.19 2003/12/09 12:44:49 beazley Exp $
- * 
+ *
  * swigtcl8.swg
  */
 
@@ -453,7 +453,7 @@ SWIG_Tcl_ConvertPtrFromString(Tcl_Interp *interp, char *c, void **ptr, swig_type
       continue;
     }
     Tcl_ResetResult(interp);
-    if (flags & SWIG_POINTER_EXCEPTION) 
+    if (flags & SWIG_POINTER_EXCEPTION)
       Tcl_SetResult(interp, (char *) "Type error. Expected a pointer", TCL_STATIC);
     return TCL_ERROR;
   }
@@ -1036,13 +1036,13 @@ typedef struct {
 
 /* -------- TYPES TABLE (BEGIN) -------- */
 
-#define  SWIGTYPE_p_p_char swig_types[0] 
-#define  SWIGTYPE_p_p_p_char swig_types[1] 
-#define  SWIGTYPE_p_iter_t swig_types[2] 
-#define  SWIGTYPE_iter_t swig_types[3] 
-#define  SWIGTYPE_p_profile_t swig_types[4] 
-#define  SWIGTYPE_profile_t swig_types[5] 
-#define  SWIGTYPE_p_int swig_types[6] 
+#define  SWIGTYPE_p_p_char swig_types[0]
+#define  SWIGTYPE_p_p_p_char swig_types[1]
+#define  SWIGTYPE_p_iter_t swig_types[2]
+#define  SWIGTYPE_iter_t swig_types[3]
+#define  SWIGTYPE_p_profile_t swig_types[4]
+#define  SWIGTYPE_profile_t swig_types[5]
+#define  SWIGTYPE_p_int swig_types[6]
 static swig_type_info *swig_types[8];
 
 /* -------- TYPES TABLE (END) -------- */
@@ -1077,7 +1077,7 @@ SWIGEXPORT(int) SWIG_init(Tcl_Interp *);
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -1179,7 +1179,7 @@ extern int		MacintoshInit _ANSI_ARGS_((void));
 
 int Tcl_AppInit(Tcl_Interp *interp){
 
-  if (Tcl_Init(interp) == TCL_ERROR) 
+  if (Tcl_Init(interp) == TCL_ERROR)
     return TCL_ERROR;
 
   /* Now initialize our functions */
@@ -1194,7 +1194,7 @@ int Tcl_AppInit(Tcl_Interp *interp){
 #ifdef SWIG_RcRsrcName
   Tcl_SetVar(interp, (char *) "tcl_rcRsrcName",SWIG_RcRsrcName,TCL_GLOBAL);
 #endif
-  
+
   return TCL_OK;
 }
 
@@ -1202,7 +1202,7 @@ int Tcl_AppInit(Tcl_Interp *interp){
 int main(int argc, char **argv) {
 #ifdef MAC_TCL
     char *newArgv[2];
-    
+
     if (MacintoshInit()  != TCL_OK) {
 	Tcl_Exit(1);
     }
@@ -1231,13 +1231,13 @@ _wrap_profile_init_path(ClientData clientData, Tcl_Interp *interp, int objc, Tcl
     profile_t *arg2 = (profile_t *) 0 ;
     errcode_t result;
     profile_t tmp2 ;
-    
+
     {
         /*generic swigtype hack*/ arg2 = &tmp2;
     }
     if (SWIG_GetArgs(interp, objc, objv,"|s:profile_init_path ?path? ",&arg1) == TCL_ERROR) SWIG_fail;
     result = (errcode_t)profile_init_path((char const *)arg1,arg2);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1260,7 +1260,7 @@ _wrap_profile_init(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj
     profile_t *arg2 = (profile_t *) 0 ;
     errcode_t result;
     profile_t tmp2 ;
-    
+
     {
         /*generic swigtype hack*/ arg2 = &tmp2;
     }
@@ -1273,7 +1273,7 @@ _wrap_profile_init(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj
         }
     }
     result = (errcode_t)profile_init((char const **)arg1,arg2);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1287,7 +1287,7 @@ _wrap_profile_init(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj
     {
         /* freearg char **nullterm */
         if (arg1) {
-            Tcl_Free((char *)arg1); arg1 = (char **) NULL; 
+            Tcl_Free((char *)arg1); arg1 = (char **) NULL;
         }
     }
     return TCL_OK;
@@ -1295,7 +1295,7 @@ _wrap_profile_init(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj
     {
         /* freearg char **nullterm */
         if (arg1) {
-            Tcl_Free((char *)arg1); arg1 = (char **) NULL; 
+            Tcl_Free((char *)arg1); arg1 = (char **) NULL;
         }
     }
     return TCL_ERROR;
@@ -1306,11 +1306,11 @@ static int
 _wrap_profile_flush(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
     profile_t arg1 = (profile_t) 0 ;
     errcode_t result;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"o:profile_flush profile_t ",0) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     result = (errcode_t)profile_flush(arg1);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1331,11 +1331,11 @@ _wrap_profile_flush_to_file(ClientData clientData, Tcl_Interp *interp, int objc,
     profile_t arg1 = (profile_t) 0 ;
     char *arg2 ;
     errcode_t result;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"os:profile_flush_to_file profile_t path ",0,&arg2) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     result = (errcode_t)profile_flush_to_file(arg1,(char const *)arg2);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1354,12 +1354,12 @@ _wrap_profile_flush_to_file(ClientData clientData, Tcl_Interp *interp, int objc,
 static int
 _wrap_profile_abandon(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
     profile_t arg1 = (profile_t) 0 ;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"o:profile_abandon profile_t ",0) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     profile_abandon(arg1);
-    
-    
+
+
     return TCL_OK;
     fail:
     return TCL_ERROR;
@@ -1369,12 +1369,12 @@ _wrap_profile_abandon(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_O
 static int
 _wrap_profile_release(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
     profile_t arg1 = (profile_t) 0 ;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"o:profile_release profile_t ",0) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     profile_release(arg1);
-    
-    
+
+
     return TCL_OK;
     fail:
     return TCL_ERROR;
@@ -1388,7 +1388,7 @@ _wrap_profile_get_values(ClientData clientData, Tcl_Interp *interp, int objc, Tc
     char ***arg3 = (char ***) 0 ;
     errcode_t result;
     char **tmp3 ;
-    
+
     {
         /* in char ***OUTPUT */
         tmp3 = NULL;
@@ -1402,7 +1402,7 @@ _wrap_profile_get_values(ClientData clientData, Tcl_Interp *interp, int objc, Tc
         if (Tcl_SplitList(interp, Tcl_GetStringFromObj(objv[2],NULL), &n, &arg2) == TCL_ERROR) SWIG_fail;
     }
     result = (errcode_t)profile_get_values(arg1,(char const **)arg2,arg3);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1421,7 +1421,7 @@ _wrap_profile_get_values(ClientData clientData, Tcl_Interp *interp, int objc, Tc
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     {
@@ -1433,7 +1433,7 @@ _wrap_profile_get_values(ClientData clientData, Tcl_Interp *interp, int objc, Tc
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     {
@@ -1454,7 +1454,7 @@ _wrap_profile_get_string(ClientData clientData, Tcl_Interp *interp, int objc, Tc
     char **arg6 = (char **) 0 ;
     errcode_t result;
     char *tmp6 ;
-    
+
     {
         /* in char **OUTPUT */
         tmp6 = NULL;
@@ -1463,7 +1463,7 @@ _wrap_profile_get_string(ClientData clientData, Tcl_Interp *interp, int objc, Tc
     if (SWIG_GetArgs(interp, objc, objv,"oss|ss:profile_get_string p name subname ?subsubname? ?defval? ",0,&arg2,&arg3,&arg4,&arg5) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     result = (errcode_t)profile_get_string(arg1,(char const *)arg2,(char const *)arg3,(char const *)arg4,(char const *)arg5,arg6);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1506,12 +1506,12 @@ _wrap_profile_get_integer(ClientData clientData, Tcl_Interp *interp, int objc, T
     int *arg6 = (int *) 0 ;
     errcode_t result;
     int temp6 ;
-    
+
     arg6 = &temp6;
     if (SWIG_GetArgs(interp, objc, objv,"oss|si:profile_get_integer p name subname ?subsubname? ?defval? ",0,&arg2,&arg3,&arg4,&arg5) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     result = (errcode_t)profile_get_integer(arg1,(char const *)arg2,(char const *)arg3,(char const *)arg4,arg5,arg6);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1542,12 +1542,12 @@ _wrap_profile_get_boolean(ClientData clientData, Tcl_Interp *interp, int objc, T
     int *arg6 = (int *) 0 ;
     errcode_t result;
     int temp6 ;
-    
+
     arg6 = &temp6;
     if (SWIG_GetArgs(interp, objc, objv,"oss|si:profile_get_boolean p name subname ?subsubname? ?defval? ",0,&arg2,&arg3,&arg4,&arg5) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     result = (errcode_t)profile_get_boolean(arg1,(char const *)arg2,(char const *)arg3,(char const *)arg4,arg5,arg6);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1575,7 +1575,7 @@ _wrap_profile_get_relation_names(ClientData clientData, Tcl_Interp *interp, int
     char ***arg3 = (char ***) 0 ;
     errcode_t result;
     char **tmp3 ;
-    
+
     {
         /* in char ***OUTPUT */
         tmp3 = NULL;
@@ -1589,7 +1589,7 @@ _wrap_profile_get_relation_names(ClientData clientData, Tcl_Interp *interp, int
         if (Tcl_SplitList(interp, Tcl_GetStringFromObj(objv[2],NULL), &n, &arg2) == TCL_ERROR) SWIG_fail;
     }
     result = (errcode_t)profile_get_relation_names(arg1,(char const **)arg2,arg3);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1608,7 +1608,7 @@ _wrap_profile_get_relation_names(ClientData clientData, Tcl_Interp *interp, int
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     {
@@ -1620,7 +1620,7 @@ _wrap_profile_get_relation_names(ClientData clientData, Tcl_Interp *interp, int
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     {
@@ -1638,7 +1638,7 @@ _wrap_profile_get_subsection_names(ClientData clientData, Tcl_Interp *interp, in
     char ***arg3 = (char ***) 0 ;
     errcode_t result;
     char **tmp3 ;
-    
+
     {
         /* in char ***OUTPUT */
         tmp3 = NULL;
@@ -1652,7 +1652,7 @@ _wrap_profile_get_subsection_names(ClientData clientData, Tcl_Interp *interp, in
         if (Tcl_SplitList(interp, Tcl_GetStringFromObj(objv[2],NULL), &n, &arg2) == TCL_ERROR) SWIG_fail;
     }
     result = (errcode_t)profile_get_subsection_names(arg1,(char const **)arg2,arg3);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1671,7 +1671,7 @@ _wrap_profile_get_subsection_names(ClientData clientData, Tcl_Interp *interp, in
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     {
@@ -1683,7 +1683,7 @@ _wrap_profile_get_subsection_names(ClientData clientData, Tcl_Interp *interp, in
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     {
@@ -1702,7 +1702,7 @@ _wrap_profile_iterator_create(ClientData clientData, Tcl_Interp *interp, int obj
     iter_t *arg4 = (iter_t *) 0 ;
     errcode_t result;
     iter_t tmp4 ;
-    
+
     {
         /*generic swigtype hack*/ arg4 = &tmp4;
     }
@@ -1714,7 +1714,7 @@ _wrap_profile_iterator_create(ClientData clientData, Tcl_Interp *interp, int obj
         if (Tcl_SplitList(interp, Tcl_GetStringFromObj(objv[2],NULL), &n, &arg2) == TCL_ERROR) SWIG_fail;
     }
     result = (errcode_t)iter_create(arg1,(char const **)arg2,arg3,arg4);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1728,7 +1728,7 @@ _wrap_profile_iterator_create(ClientData clientData, Tcl_Interp *interp, int obj
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_OK;
@@ -1736,7 +1736,7 @@ _wrap_profile_iterator_create(ClientData clientData, Tcl_Interp *interp, int obj
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_ERROR;
@@ -1747,11 +1747,11 @@ static int
 _wrap_profile_iterator_free(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
     iter_t arg1 = (iter_t) 0 ;
     errcode_t result;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"o:profile_iterator_free i ",0) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_iter_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     result = (errcode_t)iter_free(arg1);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1775,7 +1775,7 @@ _wrap_profile_iterator(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_
     errcode_t result;
     char *tmp2 ;
     char *tmp3 ;
-    
+
     {
         /* in char **OUTPUT */
         tmp2 = NULL;
@@ -1789,7 +1789,7 @@ _wrap_profile_iterator(ClientData clientData, Tcl_Interp *interp, int objc, Tcl_
     if (SWIG_GetArgs(interp, objc, objv,"o:profile_iterator iter_t ",0) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_iter_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     result = (errcode_t)profile_iterator(arg1,arg2,arg3);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1846,7 +1846,7 @@ _wrap_profile_update_relation(ClientData clientData, Tcl_Interp *interp, int obj
     char *arg3 ;
     char *arg4 = (char *) NULL ;
     errcode_t result;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"oos|s:profile_update_relation p nullterm oldval ?newval? ",0,0,&arg3,&arg4) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     {
@@ -1855,7 +1855,7 @@ _wrap_profile_update_relation(ClientData clientData, Tcl_Interp *interp, int obj
         if (Tcl_SplitList(interp, Tcl_GetStringFromObj(objv[2],NULL), &n, &arg2) == TCL_ERROR) SWIG_fail;
     }
     result = (errcode_t)profile_update_relation(arg1,(char const **)arg2,(char const *)arg3,(char const *)arg4);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1868,7 +1868,7 @@ _wrap_profile_update_relation(ClientData clientData, Tcl_Interp *interp, int obj
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_OK;
@@ -1876,7 +1876,7 @@ _wrap_profile_update_relation(ClientData clientData, Tcl_Interp *interp, int obj
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_ERROR;
@@ -1888,7 +1888,7 @@ _wrap_profile_clear_relation(ClientData clientData, Tcl_Interp *interp, int objc
     profile_t arg1 = (profile_t) 0 ;
     char **arg2 = (char **) 0 ;
     errcode_t result;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"oo:profile_clear_relation p nullterm ",0,0) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     {
@@ -1897,7 +1897,7 @@ _wrap_profile_clear_relation(ClientData clientData, Tcl_Interp *interp, int objc
         if (Tcl_SplitList(interp, Tcl_GetStringFromObj(objv[2],NULL), &n, &arg2) == TCL_ERROR) SWIG_fail;
     }
     result = (errcode_t)profile_clear_relation(arg1,(char const **)arg2);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1910,7 +1910,7 @@ _wrap_profile_clear_relation(ClientData clientData, Tcl_Interp *interp, int objc
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_OK;
@@ -1918,7 +1918,7 @@ _wrap_profile_clear_relation(ClientData clientData, Tcl_Interp *interp, int objc
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_ERROR;
@@ -1931,7 +1931,7 @@ _wrap_profile_rename_section(ClientData clientData, Tcl_Interp *interp, int objc
     char **arg2 = (char **) 0 ;
     char *arg3 = (char *) NULL ;
     errcode_t result;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"oo|s:profile_rename_section p nullterm ?new_name? ",0,0,&arg3) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     {
@@ -1940,7 +1940,7 @@ _wrap_profile_rename_section(ClientData clientData, Tcl_Interp *interp, int objc
         if (Tcl_SplitList(interp, Tcl_GetStringFromObj(objv[2],NULL), &n, &arg2) == TCL_ERROR) SWIG_fail;
     }
     result = (errcode_t)profile_rename_section(arg1,(char const **)arg2,(char const *)arg3);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1953,7 +1953,7 @@ _wrap_profile_rename_section(ClientData clientData, Tcl_Interp *interp, int objc
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_OK;
@@ -1961,7 +1961,7 @@ _wrap_profile_rename_section(ClientData clientData, Tcl_Interp *interp, int objc
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_ERROR;
@@ -1974,7 +1974,7 @@ _wrap_profile_add_relation(ClientData clientData, Tcl_Interp *interp, int objc,
     char **arg2 = (char **) 0 ;
     char *arg3 = (char *) NULL ;
     errcode_t result;
-    
+
     if (SWIG_GetArgs(interp, objc, objv,"oo|s:profile_add_relation p nullterm ?new_val? ",0,0,&arg3) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     {
@@ -1983,7 +1983,7 @@ _wrap_profile_add_relation(ClientData clientData, Tcl_Interp *interp, int objc,
         if (Tcl_SplitList(interp, Tcl_GetStringFromObj(objv[2],NULL), &n, &arg2) == TCL_ERROR) SWIG_fail;
     }
     result = (errcode_t)profile_add_relation(arg1,(char const **)arg2,(char const *)arg3);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -1996,7 +1996,7 @@ _wrap_profile_add_relation(ClientData clientData, Tcl_Interp *interp, int objc,
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_OK;
@@ -2004,7 +2004,7 @@ _wrap_profile_add_relation(ClientData clientData, Tcl_Interp *interp, int objc,
     {
         /* freearg char **nullterm */
         if (arg2) {
-            Tcl_Free((char *)arg2); arg2 = (char **) NULL; 
+            Tcl_Free((char *)arg2); arg2 = (char **) NULL;
         }
     }
     return TCL_ERROR;
@@ -2017,7 +2017,7 @@ _wrap_profile_flush_to_buffer(ClientData clientData, Tcl_Interp *interp, int obj
     char **arg2 = (char **) 0 ;
     errcode_t result;
     char *tmp2 ;
-    
+
     {
         /* in char **OUTPUT */
         tmp2 = NULL;
@@ -2026,7 +2026,7 @@ _wrap_profile_flush_to_buffer(ClientData clientData, Tcl_Interp *interp, int obj
     if (SWIG_GetArgs(interp, objc, objv,"o:profile_flush_to_buffer p ",0) == TCL_ERROR) SWIG_fail;
     if ((SWIG_ConvertPtr(objv[1], (void **) &arg1, SWIGTYPE_profile_t,SWIG_POINTER_EXCEPTION | 0) != TCL_OK)) SWIG_fail;
     result = (errcode_t)profile_flush_to_buffer(arg1,arg2);
-    
+
     {
         /* out errcode_t result */
         if (result) {
@@ -2103,13 +2103,13 @@ static swig_type_info _swigt__profile_t[] = {{"_profile_t", 0, "profile_t", 0},{
 static swig_type_info _swigt__p_int[] = {{"_p_int", 0, "int *", 0},{"_p_int"},{0}};
 
 static swig_type_info *swig_types_initial[] = {
-_swigt__p_p_char, 
-_swigt__p_p_p_char, 
-_swigt__p_iter_t, 
-_swigt__iter_t, 
-_swigt__p_profile_t, 
-_swigt__profile_t, 
-_swigt__p_int, 
+_swigt__p_p_char,
+_swigt__p_p_p_char,
+_swigt__p_iter_t,
+_swigt__iter_t,
+_swigt__p_profile_t,
+_swigt__profile_t,
+_swigt__p_int,
 0
 };
 
@@ -2129,9 +2129,9 @@ SWIGEXPORT(int) SWIG_init(Tcl_Interp *interp) {
         return TCL_ERROR;
     }
 #endif
-    
+
     Tcl_PkgProvide(interp, (char*)SWIG_name, (char*)SWIG_version);
-    
+
 #ifdef SWIG_namespace
     Tcl_Eval(interp, "namespace eval " SWIG_namespace " { }");
 #endif
@@ -2150,10 +2150,9 @@ SWIGEXPORT(int) SWIG_init(Tcl_Interp *interp) {
         Tcl_TraceVar(interp, (char *) swig_variables[i].name, TCL_TRACE_WRITES | TCL_GLOBAL_ONLY, (Tcl_VarTraceProc *) swig_variables[i].set, (ClientData) swig_variables[i].addr);
     }
     SWIG_InstallConstants(interp, swig_constants);
-    
+
     return TCL_OK;
 }
 SWIGEXPORT(int) Profile_SafeInit(Tcl_Interp *interp) {
     return SWIG_init(interp);
 }
-
diff --git a/src/util/profile/test_parse.c b/src/util/profile/test_parse.c
index 961149c80..f524c90f2 100644
--- a/src/util/profile/test_parse.c
+++ b/src/util/profile/test_parse.c
@@ -32,15 +32,15 @@ int main(argc, argv)
 
 	retval = profile_parse_file(f, &root);
 	if (retval) {
-		printf("profile_parse_file error %s\n", 
+		printf("profile_parse_file error %s\n",
 		       error_message((errcode_t) retval));
 		exit(1);
 	}
 	fclose(f);
-	
+
 	printf("\n\nDebugging dump.\n");
 	profile_write_tree_file(root, stdout);
-	
+
 	retval = profile_verify_node(root);
 	if (retval) {
 		printf("profile_verify_node reported an error: %s\n",
diff --git a/src/util/profile/test_profile.c b/src/util/profile/test_profile.c
index 5cdbf7689..6f47a7d4e 100644
--- a/src/util/profile/test_profile.c
+++ b/src/util/profile/test_profile.c
@@ -53,11 +53,11 @@ static void do_batchmode(profile)
 			retval = profile_get_value(profile, names, &value);
 			print_status = PRINT_VALUE;
 		} else if (!strcmp(cmd, "list_sections")) {
-			retval = profile_get_subsection_names(profile, names, 
+			retval = profile_get_subsection_names(profile, names,
 							      &values);
 			print_status = PRINT_VALUES;
 		} else if (!strcmp(cmd, "list_relations")) {
-			retval = profile_get_relation_names(profile, names, 
+			retval = profile_get_relation_names(profile, names,
 							    &values);
 			print_status = PRINT_VALUES;
 		} else if (!strcmp(cmd, "dump")) {
@@ -104,7 +104,7 @@ static void do_batchmode(profile)
 	}
 	profile_release(profile);
 	exit(0);
-	
+
 }
 
 
@@ -119,14 +119,14 @@ int main(argc, argv)
     const char	**names;
     char	*cmd;
     int		print_value = 0;
-    
+
     if (argc < 2) {
 	    fprintf(stderr, "Usage: %s filename [cmd argset]\n", program_name);
 	    exit(1);
     }
 
     initialize_prof_error_table();
-    
+
     retval = profile_init_path(argv[1], &profile);
     if (retval) {
 	com_err(program_name, retval, "while initializing profile");
@@ -165,5 +165,3 @@ int main(argc, argv)
 
     return 0;
 }
-    
-    
diff --git a/src/util/ss/copyright.h b/src/util/ss/copyright.h
index d118f10bf..07d487f9d 100644
--- a/src/util/ss/copyright.h
+++ b/src/util/ss/copyright.h
@@ -19,4 +19,3 @@ the suitability of this software for any purpose.  It is
 provided "as is" without express or implied warranty.
 
 */
-
diff --git a/src/util/ss/error.c b/src/util/ss/error.c
index 72bf989e5..ee2738aef 100644
--- a/src/util/ss/error.c
+++ b/src/util/ss/error.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -38,7 +38,7 @@ char * ss_name(sci_idx)
     int sci_idx;
 {
     register ss_data *infop;
-    
+
     infop = ss_info(sci_idx);
     if (infop->current_request == (char const *)NULL) {
 	return strdup(infop->subsystem_name);
diff --git a/src/util/ss/invocation.c b/src/util/ss/invocation.c
index f4efe0288..a7e17bd42 100644
--- a/src/util/ss/invocation.c
+++ b/src/util/ss/invocation.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/util/ss/list_rqs.c b/src/util/ss/list_rqs.c
index fd863bbf4..f7d03c5eb 100644
--- a/src/util/ss/list_rqs.c
+++ b/src/util/ss/list_rqs.c
@@ -58,7 +58,7 @@ ss_list_requests(argc, argv, sci_idx, info_ptr)
     sigemptyset(&nmask);
     sigaddset(&nmask, SIGINT);
     sigprocmask(SIG_BLOCK, &nmask, &omask);
-    
+
     nsig.sa_handler = SIG_IGN;
     sigemptyset(&nsig.sa_mask);
     nsig.sa_flags = 0;
diff --git a/src/util/ss/listen.c b/src/util/ss/listen.c
index ae9700757..36f261961 100644
--- a/src/util/ss/listen.c
+++ b/src/util/ss/listen.c
@@ -2,7 +2,7 @@
  * Listener loop for subsystem library libss.a.
  *
  *	util/ss/listen.c
- * 
+ *
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
  * For copyright information, see copyright.h.
@@ -57,7 +57,7 @@ int ss_listen (sci_idx)
     RETSIGTYPE (*sig_int)(), (*old_sig_cont)();
     int mask;
 #endif
-    
+
     current_info = info = ss_info(sci_idx);
     info->abort = 0;
 
@@ -156,7 +156,7 @@ void ss_abort_subsystem(sci_idx, code)
 {
     ss_info(sci_idx)->abort = 1;
     ss_info(sci_idx)->exit_status = code;
-    
+
 }
 
 void ss_quit(argc, argv, sci_idx, infop)
diff --git a/src/util/ss/mit-sipb-copyright.h b/src/util/ss/mit-sipb-copyright.h
index d6d5f1edc..5e8ec1731 100644
--- a/src/util/ss/mit-sipb-copyright.h
+++ b/src/util/ss/mit-sipb-copyright.h
@@ -19,4 +19,3 @@ the suitability of this software for any purpose.  It is
 provided "as is" without express or implied warranty.
 
 */
-
diff --git a/src/util/ss/pager.c b/src/util/ss/pager.c
index 49e8eb6ed..8e8aeeda4 100644
--- a/src/util/ss/pager.c
+++ b/src/util/ss/pager.c
@@ -29,10 +29,10 @@ extern char *getenv();
 void ss_page_stdin();
 
 #ifndef NO_FORK
-int ss_pager_create() 
+int ss_pager_create()
 {
 	int filedes[2];
-     
+
 	if (pipe(filedes) != 0)
 		return(-1);
 
diff --git a/src/util/ss/parse.c b/src/util/ss/parse.c
index 7ff39512b..28507b1d1 100644
--- a/src/util/ss/parse.c
+++ b/src/util/ss/parse.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
diff --git a/src/util/support/cache-addrinfo.h b/src/util/support/cache-addrinfo.h
index 0a4e44385..95f522dcb 100644
--- a/src/util/support/cache-addrinfo.h
+++ b/src/util/support/cache-addrinfo.h
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 2004 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 
 /* Approach overview:
diff --git a/src/util/support/errors.c b/src/util/support/errors.c
index 8d523b98b..e89d8ad45 100644
--- a/src/util/support/errors.c
+++ b/src/util/support/errors.c
@@ -69,7 +69,7 @@ krb5int_vset_error_fl (struct errinfo *ep, long code,
     va_list args2;
     char *str = NULL, *str2, *slash;
     const char *loc_fmt = NULL;
-    
+
 #ifdef USE_KIM
     /* Try to localize the format string */
     if (kim_os_string_create_localized(&loc_fmt, fmt) != KIM_NO_ERROR) {
@@ -78,7 +78,7 @@ krb5int_vset_error_fl (struct errinfo *ep, long code,
 #else
     loc_fmt = fmt;
 #endif
-    
+
     /* try vasprintf first */
     va_copy(args2, args);
     if (vasprintf(&str, loc_fmt, args2) < 0) {
@@ -96,21 +96,21 @@ krb5int_vset_error_fl (struct errinfo *ep, long code,
 	    str = str2;
 	}
     }
-    
+
     /* If that failed, try using scratch_buf */
     if (str == NULL) {
         vsnprintf(ep->scratch_buf, sizeof(ep->scratch_buf), loc_fmt, args);
         str = strdup(ep->scratch_buf); /* try allocating again */
     }
-    
+
     /* free old string before setting new one */
     if (ep->msg && ep->msg != ep->scratch_buf) {
 	free ((char *) ep->msg);
 	ep->msg = NULL;
-    }    
+    }
     ep->code = code;
     ep->msg = str ? str : ep->scratch_buf;
-    
+
 #ifdef USE_KIM
     if (loc_fmt != fmt) { kim_string_free(&loc_fmt); }
 #else
@@ -197,7 +197,7 @@ krb5int_get_error (struct errinfo *ep, long code)
 	unlock();
 	goto format_number;
     }
-    
+
     r2 = strdup(r);
     if (r2 == NULL) {
 	strncpy(ep->scratch_buf, r, sizeof(ep->scratch_buf));
diff --git a/src/util/support/fake-addrinfo.c b/src/util/support/fake-addrinfo.c
index 34ce7701b..5d90e7217 100644
--- a/src/util/support/fake-addrinfo.c
+++ b/src/util/support/fake-addrinfo.c
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 2001,2002,2003,2004,2005,2006 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 
 /* Approach overview:
@@ -383,7 +383,7 @@ static const char *protoname (int p, char *buf, size_t bufsize) {
 
     snprintf(buf, bufsize, " %-2d", p);
     return buf;
-}	
+}
 
 static const char *socktypename (int t, char *buf, size_t bufsize) {
     switch (t) {
diff --git a/src/util/support/init-addrinfo.c b/src/util/support/init-addrinfo.c
index 186950fb8..af8746762 100644
--- a/src/util/support/init-addrinfo.c
+++ b/src/util/support/init-addrinfo.c
@@ -1,42 +1,42 @@
 /*
  * Copyright (C) 2004 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
- * 
- * This software is being provided to you, the LICENSEE, by the 
- * Massachusetts Institute of Technology (M.I.T.) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
+ *
+ * This software is being provided to you, the LICENSEE, by the
+ * Massachusetts Institute of Technology (M.I.T.) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
  * Export of this software from the United States of America may
  * require a specific license from the United States Government.
  * It is the responsibility of any person or organization contemplating
  * export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute 
- * this software and its documentation for any purpose and without fee or 
- * royalty is hereby granted, provided that you agree to comply with the 
- * following copyright notice and statements, including the disclaimer, and 
- * that the same appear on ALL copies of the software and documentation, 
- * including modifications that you make for internal use or for 
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
+ * this software and its documentation for any purpose and without fee or
+ * royalty is hereby granted, provided that you agree to comply with the
+ * following copyright notice and statements, including the disclaimer, and
+ * that the same appear on ALL copies of the software and documentation,
+ * including modifications that you make for internal use or for
  * distribution:
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF 
- * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF 
- * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY 
- * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the Massachusetts Institute of Technology or M.I.T. may NOT 
- * be used in advertising or publicity pertaining to distribution of the 
- * software.  Title to copyright in this software and any associated 
- * documentation shall at all times remain with M.I.T., and USER agrees to 
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
+ * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
+ * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
+ * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the Massachusetts Institute of Technology or M.I.T. may NOT
+ * be used in advertising or publicity pertaining to distribution of the
+ * software.  Title to copyright in this software and any associated
+ * documentation shall at all times remain with M.I.T., and USER agrees to
  * preserve same.
  *
  * Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.  
+ * fashion that it might be confused with the original M.I.T. software.
  */
 
 /* Stuff that needs initialization for fake-addrinfo.c.
diff --git a/src/util/support/ipc_stream.c b/src/util/support/ipc_stream.c
index 92d47e6ec..778d6f1f2 100644
--- a/src/util/support/ipc_stream.c
+++ b/src/util/support/ipc_stream.c
@@ -57,20 +57,20 @@ static uint32_t krb5int_ipc_stream_reallocate (k5_ipc_stream io_stream,
 {
     int32_t err = 0;
     uint64_t new_max_size = 0;
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         uint64_t old_max_size = io_stream->max_size;
         new_max_size = io_stream->max_size;
-        
+
         if (in_new_size > old_max_size) {
             /* Expand the stream */
             while (in_new_size > new_max_size) {
                 new_max_size += K5_IPC_STREAM_SIZE_INCREMENT;
             }
-            
-            
+
+
         } else if ((in_new_size + K5_IPC_STREAM_SIZE_INCREMENT) < old_max_size) {
             /* Shrink the array, but never drop below K5_IPC_STREAM_SIZE_INCREMENT */
             while ((in_new_size + K5_IPC_STREAM_SIZE_INCREMENT) < new_max_size &&
@@ -79,25 +79,25 @@ static uint32_t krb5int_ipc_stream_reallocate (k5_ipc_stream io_stream,
             }
         }
     }
-    
+
     if (!err && new_max_size != io_stream->max_size) {
         char *data = io_stream->data;
-        
+
         if (!data) {
             data = malloc (new_max_size * sizeof (*data));
         } else {
             data = realloc (data, new_max_size * sizeof (*data));
         }
-        
-        if (data) { 
+
+        if (data) {
             io_stream->data = data;
             io_stream->max_size = new_max_size;
         } else {
-            err = k5_check_error (ENOMEM); 
+            err = k5_check_error (ENOMEM);
         }
     }
-    
-    return k5_check_error (err);    
+
+    return k5_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
@@ -106,41 +106,41 @@ int32_t krb5int_ipc_stream_new (k5_ipc_stream *out_stream)
 {
     int32_t err = 0;
     k5_ipc_stream stream = NULL;
-    
+
     if (!out_stream) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         stream = malloc (sizeof (*stream));
-        if (stream) { 
+        if (stream) {
             *stream = k5_ipc_stream_initializer;
         } else {
-            err = k5_check_error (ENOMEM); 
+            err = k5_check_error (ENOMEM);
         }
     }
-    
+
     if (!err) {
         *out_stream = stream;
         stream = NULL;
     }
-    
+
     krb5int_ipc_stream_release (stream);
-    
-    return k5_check_error (err);    
+
+    return k5_check_error (err);
 }
 
 
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_release (k5_ipc_stream io_stream)
-{	
+{
     int32_t err = 0;
-    
+
     if (!err && io_stream) {
         free (io_stream->data);
         free (io_stream);
     }
-    
-    return err;    
+
+    return err;
 }
 
 /* ------------------------------------------------------------------------ */
@@ -164,63 +164,63 @@ const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream)
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_read (k5_ipc_stream  io_stream, 
-				  void         *io_data, 
+uint32_t krb5int_ipc_stream_read (k5_ipc_stream  io_stream,
+				  void         *io_data,
 				  uint64_t     in_size)
 {
     int32_t err = 0;
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
     if (!io_data  ) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
-        if (in_size > io_stream->size) { 
-            err = k5_check_error (EINVAL); 
+        if (in_size > io_stream->size) {
+            err = k5_check_error (EINVAL);
         }
     }
-    
+
     if (!err) {
         memcpy (io_data, io_stream->data, in_size);
-        memmove (io_stream->data, &io_stream->data[in_size], 
+        memmove (io_stream->data, &io_stream->data[in_size],
                  io_stream->size - in_size);
-        
+
         err = krb5int_ipc_stream_reallocate (io_stream, io_stream->size - in_size);
-        
+
         if (!err) {
             io_stream->size -= in_size;
         }
     }
-    
+
     return k5_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_write (k5_ipc_stream  io_stream,
-				   const void   *in_data, 
+				   const void   *in_data,
 				   uint64_t     in_size)
 {
     int32_t err = 0;
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
     if (!in_data  ) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         /* Security check: Do not let the caller overflow the length */
         if (in_size > (UINT64_MAX - io_stream->size)) {
             err = k5_check_error (EINVAL);
         }
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_reallocate (io_stream, io_stream->size + in_size);
     }
-    
+
     if (!err) {
         memcpy (&io_stream->data[io_stream->size], in_data, in_size);
         io_stream->size += in_size;
     }
-    
+
     return k5_check_error (err);
 }
 
@@ -237,60 +237,60 @@ void krb5int_ipc_stream_free_string (char *in_string)
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream   io_stream, 
+uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream   io_stream,
 					 char         **out_string)
 {
     int32_t err = 0;
     uint32_t length = 0;
     char *string = NULL;
-    
+
     if (!io_stream ) { err = k5_check_error (EINVAL); }
     if (!out_string) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read_uint32 (io_stream, &length);
     }
-    
+
     if (!err) {
         string = malloc (length);
         if (!string) { err = k5_check_error (ENOMEM); }
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, string, length);
     }
-    
+
     if (!err) {
         *out_string = string;
         string = NULL;
     }
-    
+
     free (string);
-    
+
     return k5_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream,
 					  const char    *in_string)
 {
     int32_t err = 0;
     uint32_t length = 0;
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
     if (!in_string) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         length = strlen (in_string) + 1;
-        
+
         err = krb5int_ipc_stream_write_uint32 (io_stream, length);
     }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, in_string, length);
     }
-    
+
     return k5_check_error (err);
 }
 
@@ -300,40 +300,40 @@ uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream,
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream  io_stream,
 					int32_t       *out_int32)
 {
     int32_t err = 0;
     int32_t int32 = 0;
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
     if (!out_int32) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, &int32, sizeof (int32));
     }
-    
+
     if (!err) {
         *out_int32 = ntohl (int32);
     }
-    
+
     return k5_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream,
 					 int32_t       in_int32)
 {
     int32_t err = 0;
     int32_t int32 = htonl (in_int32);
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, &int32, sizeof (int32));
     }
-    
+
     return k5_check_error (err);
 }
 
@@ -343,40 +343,40 @@ uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream,
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream  io_stream,
 					 uint32_t      *out_uint32)
 {
     int32_t err = 0;
     uint32_t uint32 = 0;
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
     if (!out_uint32) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, &uint32, sizeof (uint32));
     }
-    
+
     if (!err) {
         *out_uint32 = ntohl (uint32);
     }
-    
+
     return k5_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream,
 					  uint32_t      in_uint32)
 {
     int32_t err = 0;
     int32_t uint32 = htonl (in_uint32);
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, &uint32, sizeof (uint32));
     }
-    
+
     return k5_check_error (err);
 }
 
@@ -386,40 +386,40 @@ uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream,
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream  io_stream,
 					int64_t       *out_int64)
 {
     int32_t err = 0;
     uint64_t int64 = 0;
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
     if (!out_int64) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, &int64, sizeof (int64));
     }
-    
+
     if (!err) {
         *out_int64 = ntohll (int64);
     }
-    
+
     return k5_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream,
 					 int64_t     in_int64)
 {
     int32_t err = 0;
     int64_t int64 = htonll (in_int64);
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, &int64, sizeof (int64));
     }
-    
+
     return k5_check_error (err);
 }
 
@@ -430,39 +430,39 @@ uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream,
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream  io_stream, 
+uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream  io_stream,
 					 uint64_t     *out_uint64)
 {
     int32_t err = 0;
     uint64_t uint64 = 0;
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
     if (!out_uint64) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_read (io_stream, &uint64, sizeof (uint64));
     }
-    
+
     if (!err) {
         *out_uint64 = ntohll (uint64);
     }
-    
+
     return k5_check_error (err);
 }
 
 /* ------------------------------------------------------------------------ */
 
-uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream, 
+uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream,
 					  uint64_t      in_uint64)
 {
     int32_t err = 0;
     int64_t uint64 = htonll (in_uint64);
-    
+
     if (!io_stream) { err = k5_check_error (EINVAL); }
-    
+
     if (!err) {
         err = krb5int_ipc_stream_write (io_stream, &uint64, sizeof (uint64));
     }
-    
+
     return k5_check_error (err);
 }
diff --git a/src/util/support/plugins.c b/src/util/support/plugins.c
index 26ec3912f..8c7fb5ffe 100644
--- a/src/util/support/plugins.c
+++ b/src/util/support/plugins.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Plugin module support, and shims around dlopen/whatever.
  */
@@ -192,10 +192,10 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct
 #endif /* USE_CFBUNDLE */
         )) {
         void *handle = NULL;
-        
+
 #if USE_CFBUNDLE
         char executablepath[MAXPATHLEN];
-        
+
         if ((statbuf.st_mode & S_IFMT) == S_IFDIR) {
             int lock_err = 0;
             CFStringRef pluginString = NULL;
@@ -208,51 +208,51 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct
              * because this code is Mac-specific */
             lock_err = pthread_mutex_lock(&krb5int_bundle_mutex);
             if (lock_err) { err = lock_err; }
-            
+
             if (!err) {
-                pluginString = CFStringCreateWithCString (kCFAllocatorDefault, 
-                                                          filepath, 
+                pluginString = CFStringCreateWithCString (kCFAllocatorDefault,
+                                                          filepath,
                                                           kCFStringEncodingASCII);
                 if (pluginString == NULL) { err = ENOMEM; }
             }
-            
+
             if (!err) {
-                pluginURL = CFURLCreateWithFileSystemPath (kCFAllocatorDefault, 
-                                                           pluginString, 
-                                                           kCFURLPOSIXPathStyle, 
+                pluginURL = CFURLCreateWithFileSystemPath (kCFAllocatorDefault,
+                                                           pluginString,
+                                                           kCFURLPOSIXPathStyle,
                                                            true);
                 if (pluginURL == NULL) { err = ENOMEM; }
             }
-            
+
             if (!err) {
                 pluginBundle = CFBundleCreate (kCFAllocatorDefault, pluginURL);
                 if (pluginBundle == NULL) { err = ENOENT; } /* XXX need better error */
             }
-            
+
             if (!err) {
                 executableURL = CFBundleCopyExecutableURL (pluginBundle);
                 if (executableURL == NULL) { err = ENOMEM; }
             }
-            
+
             if (!err) {
                 if (!CFURLGetFileSystemRepresentation (executableURL,
                                                        true, /* absolute */
-                                                       (UInt8 *)executablepath, 
+                                                       (UInt8 *)executablepath,
                                                        sizeof (executablepath))) {
                     err = ENOMEM;
                 }
             }
-            
+
             if (!err) {
                 /* override the path the caller passed in */
                 filepath = executablepath;
             }
-            
+
             if (executableURL    != NULL) { CFRelease (executableURL); }
             if (pluginBundle     != NULL) { CFRelease (pluginBundle); }
             if (pluginURL        != NULL) { CFRelease (pluginURL); }
             if (pluginString     != NULL) { CFRelease (pluginString); }
-            
+
             /* unlock after CFRelease calls since they modify refcounts */
             if (!lock_err) { pthread_mutex_unlock (&krb5int_bundle_mutex); }
         }
@@ -282,7 +282,7 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct
         if (handle != NULL) { dlclose (handle); }
     }
 #endif /* USE_DLOPEN */
-        
+
 #ifdef _WIN32
     if (!err && (statbuf.st_mode & S_IFMT) == S_IFREG) {
         HMODULE handle = NULL;
@@ -300,33 +300,33 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct
             handle = NULL;
         }
 
-        if (handle != NULL) 
-            FreeLibrary(handle); 
+        if (handle != NULL)
+            FreeLibrary(handle);
     }
 #endif
 
     if (!err && !got_plugin) {
         err = ENOENT;  /* no plugin or no way to load plugins */
     }
-    
+
     if (!err) {
         *h = htmp;
         htmp = NULL;  /* h takes ownership */
     }
-    
+
     if (htmp != NULL) { free (htmp); }
-    
+
     return err;
 }
 
 static long
-krb5int_get_plugin_sym (struct plugin_file_handle *h, 
+krb5int_get_plugin_sym (struct plugin_file_handle *h,
                         const char *csymname, int isfunc, void **ptr,
 			struct errinfo *ep)
 {
     long err = 0;
     void *sym = NULL;
-    
+
 #if USE_DLOPEN
     if (!err && !sym && (h->dlhandle != NULL)) {
         /* XXX Do we need to add a leading "_" to the symbol name on any
@@ -340,7 +340,7 @@ krb5int_get_plugin_sym (struct plugin_file_handle *h,
         }
     }
 #endif
-    
+
 #ifdef _WIN32
     LPVOID lpMsgBuf;
     DWORD dw;
@@ -354,7 +354,7 @@ krb5int_get_plugin_sym (struct plugin_file_handle *h,
             krb5int_set_error(ep, err, "%s", e);
 
             dw = GetLastError();
-            if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | 
+            if (FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
                               FORMAT_MESSAGE_FROM_SYSTEM,
                               NULL,
                               dw,
@@ -372,11 +372,11 @@ krb5int_get_plugin_sym (struct plugin_file_handle *h,
     if (!err && (sym == NULL)) {
         err = ENOENT;  /* unimplemented */
     }
-    
+
     if (!err) {
         *ptr = sym;
     }
-    
+
     return err;
 }
 
@@ -391,7 +391,7 @@ long KRB5_CALLCONV
 krb5int_get_plugin_func (struct plugin_file_handle *h, const char *csymname,
 			 void (**ptr)(), struct errinfo *ep)
 {
-    void *dptr = NULL;    
+    void *dptr = NULL;
     long err = krb5int_get_plugin_sym (h, csymname, 1, &dptr, ep);
     if (!err) {
         /* Cast function pointers to avoid code duplication */
@@ -453,15 +453,15 @@ krb5int_plugin_file_handle_array_init (struct plugin_file_handle ***harray)
 }
 
 static long
-krb5int_plugin_file_handle_array_add (struct plugin_file_handle ***harray, size_t *count, 
+krb5int_plugin_file_handle_array_add (struct plugin_file_handle ***harray, size_t *count,
                                       struct plugin_file_handle *p)
 {
     long err = 0;
     struct plugin_file_handle **newharray = NULL;
     size_t newcount = *count + 1;
-    
+
     newharray = realloc (*harray, ((newcount + 1) * sizeof (**harray))); /* +1 for NULL */
-    if (newharray == NULL) { 
+    if (newharray == NULL) {
         err = ENOMEM;
     } else {
         newharray[newcount - 1] = p;
@@ -470,7 +470,7 @@ krb5int_plugin_file_handle_array_add (struct plugin_file_handle ***harray, size_
         *harray = newharray;
     }
 
-    return err;    
+    return err;
 }
 
 static void
@@ -494,20 +494,20 @@ krb5int_plugin_file_handle_array_free (struct plugin_file_handle **harray)
 #endif
 
 
-static void 
+static void
 krb5int_free_plugin_filenames (char **filenames)
 {
-    if (filenames != NULL) { 
+    if (filenames != NULL) {
         int i;
         for (i = 0; filenames[i] != NULL; i++) {
             free (filenames[i]);
         }
-        free (filenames); 
-    }    
+        free (filenames);
+    }
 }
 
 
-static long 
+static long
 krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames)
 {
     long err = 0;
@@ -519,7 +519,7 @@ krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames)
 
     if (!filebases) { err = EINVAL; }
     if (!filenames) { err = EINVAL; }
-   
+
     if (!err) {
         for (i = 0; filebases[i]; i++) { bases_count++; }
         for (i = 0; fileexts[i]; i++) { exts_count++; }
@@ -531,7 +531,7 @@ krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames)
         size_t j;
         for (i = 0; !err && filebases[i]; i++) {
             for (j = 0; !err && fileexts[j]; j++) {
-		if (asprintf(&tempnames[(i*exts_count)+j], "%s%s", 
+		if (asprintf(&tempnames[(i*exts_count)+j], "%s%s",
                              filebases[i], fileexts[j]) < 0) {
 		    tempnames[(i*exts_count)+j] = NULL;
 		    err = ENOMEM;
@@ -540,20 +540,20 @@ krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames)
         }
         tempnames[bases_count * exts_count] = NULL; /* NUL-terminate */
     }
-    
+
     if (!err) {
         *filenames = tempnames;
         tempnames = NULL;
     }
-    
+
     if (tempnames) { krb5int_free_plugin_filenames (tempnames); }
-    
+
     return err;
 }
 
 
 /* Takes a NULL-terminated list of directories.  If filebases is NULL, filebases is ignored
- * all plugins in the directories are loaded.  If filebases is a NULL-terminated array of names, 
+ * all plugins in the directories are loaded.  If filebases is a NULL-terminated array of names,
  * only plugins in the directories with those name (plus any platform extension) are loaded. */
 
 long KRB5_CALLCONV
@@ -571,52 +571,52 @@ krb5int_open_plugin_dirs (const char * const *dirnames,
     if (!err) {
         err = krb5int_plugin_file_handle_array_init (&h);
     }
-    
+
     if (!err && (filebases != NULL)) {
 	err = krb5int_get_plugin_filenames (filebases, &filenames);
     }
-    
+
     for (i = 0; !err && dirnames[i] != NULL; i++) {
         if (filenames != NULL) {
             /* load plugins with names from filenames from each directory */
             int j;
-            
+
             for (j = 0; !err && filenames[j] != NULL; j++) {
                 struct plugin_file_handle *handle = NULL;
 		char *filepath = NULL;
-		
+
 		if (!err) {
 		    if (asprintf(&filepath, "%s/%s", dirnames[i], filenames[j]) < 0) {
 			filepath = NULL;
 			err = ENOMEM;
 		    }
 		}
-		
+
                 if (krb5int_open_plugin (filepath, &handle, ep) == 0) {
                     err = krb5int_plugin_file_handle_array_add (&h, &count, handle);
                     if (!err) { handle = NULL; }  /* h takes ownership */
                 }
-                
+
 		if (filepath != NULL) { free (filepath); }
 		if (handle   != NULL) { krb5int_close_plugin (handle); }
             }
         } else {
             /* load all plugins in each directory */
 	    DIR *dir = opendir (dirnames[i]);
-            
+
             while (dir != NULL && !err) {
                 struct dirent *d = NULL;
                 char *filepath = NULL;
                 struct plugin_file_handle *handle = NULL;
-                
+
                 d = readdir (dir);
                 if (d == NULL) { break; }
-                
-                if ((strcmp (d->d_name, ".") == 0) || 
+
+                if ((strcmp (d->d_name, ".") == 0) ||
                     (strcmp (d->d_name, "..") == 0)) {
                     continue;
                 }
-                
+
 		if (!err) {
                     int len = NAMELEN (d);
 		    if (asprintf(&filepath, "%s/%*s", dirnames[i], len, d->d_name) < 0) {
@@ -624,34 +624,34 @@ krb5int_open_plugin_dirs (const char * const *dirnames,
 			err = ENOMEM;
 		    }
 		}
-                
-                if (!err) {            
+
+                if (!err) {
                     if (krb5int_open_plugin (filepath, &handle, ep) == 0) {
                         err = krb5int_plugin_file_handle_array_add (&h, &count, handle);
                         if (!err) { handle = NULL; }  /* h takes ownership */
                     }
                 }
-                
+
                 if (filepath  != NULL) { free (filepath); }
                 if (handle    != NULL) { krb5int_close_plugin (handle); }
             }
-            
+
             if (dir != NULL) { closedir (dir); }
         }
     }
-        
+
     if (err == ENOENT) {
         err = 0;  /* ran out of plugins -- do nothing */
     }
-     
+
     if (!err) {
         dirhandle->files = h;
         h = NULL;  /* dirhandle->files takes ownership */
     }
-    
+
     if (filenames != NULL) { krb5int_free_plugin_filenames (filenames); }
     if (h         != NULL) { krb5int_plugin_file_handle_array_free (h); }
-    
+
     return err;
 }
 
@@ -687,14 +687,14 @@ krb5int_get_plugin_dir_data (struct plugin_dir_handle *dirhandle,
 
     /* XXX Do we need to add a leading "_" to the symbol name on any
        modern platforms?  */
-    
+
     Tprintf("get_plugin_data_sym(%s)\n", symname);
 
     if (!err) {
         p = calloc (1, sizeof (*p)); /* calloc initializes to NULL */
         if (p == NULL) { err = ENOMEM; }
     }
-    
+
     if (!err && (dirhandle != NULL) && (dirhandle->files != NULL)) {
         int i = 0;
 
@@ -706,8 +706,8 @@ krb5int_get_plugin_dir_data (struct plugin_dir_handle *dirhandle,
 
                 count++;
                 newp = realloc (p, ((count + 1) * sizeof (*p))); /* +1 for NULL */
-                if (newp == NULL) { 
-                    err = ENOMEM; 
+                if (newp == NULL) {
+                    err = ENOMEM;
                 } else {
                     p = newp;
                     p[count - 1] = sym;
@@ -716,14 +716,14 @@ krb5int_get_plugin_dir_data (struct plugin_dir_handle *dirhandle,
             }
         }
     }
-    
+
     if (!err) {
         *ptrs = p;
         p = NULL; /* ptrs takes ownership */
     }
-    
+
     if (p != NULL) { free (p); }
-    
+
     return err;
 }
 
@@ -743,29 +743,29 @@ krb5int_get_plugin_dir_func (struct plugin_dir_handle *dirhandle,
     long err = 0;
     void (**p)() = NULL;
     size_t count = 0;
-    
+
     /* XXX Do we need to add a leading "_" to the symbol name on any
         modern platforms?  */
-    
+
     Tprintf("get_plugin_data_sym(%s)\n", symname);
-    
+
     if (!err) {
         p = calloc (1, sizeof (*p)); /* calloc initializes to NULL */
         if (p == NULL) { err = ENOMEM; }
     }
-    
+
     if (!err && (dirhandle != NULL) && (dirhandle->files != NULL)) {
         int i = 0;
-        
+
         for (i = 0; !err && (dirhandle->files[i] != NULL); i++) {
             void (*sym)() = NULL;
-            
+
             if (krb5int_get_plugin_func (dirhandle->files[i], symname, &sym, ep) == 0) {
                 void (**newp)() = NULL;
 
                 count++;
                 newp = realloc (p, ((count + 1) * sizeof (*p))); /* +1 for NULL */
-                if (newp == NULL) { 
+                if (newp == NULL) {
                     err = ENOMEM;
                 } else {
                     p = newp;
@@ -775,13 +775,13 @@ krb5int_get_plugin_dir_func (struct plugin_dir_handle *dirhandle,
             }
         }
     }
-    
+
     if (!err) {
         *ptrs = p;
         p = NULL; /* ptrs takes ownership */
     }
-    
+
     if (p != NULL) { free (p); }
-    
+
     return err;
 }
diff --git a/src/util/support/printf.c b/src/util/support/printf.c
index 0df8c84ca..88552d297 100644
--- a/src/util/support/printf.c
+++ b/src/util/support/printf.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Provide {,v}asprintf for platforms that don't have them.
  */
diff --git a/src/util/support/supp-int.h b/src/util/support/supp-int.h
index ffc0e6455..85641005f 100644
--- a/src/util/support/supp-int.h
+++ b/src/util/support/supp-int.h
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  *  Internal prototypes for the krb5support library
  */
diff --git a/src/util/support/threads.c b/src/util/support/threads.c
index 316be8a1c..12b549286 100644
--- a/src/util/support/threads.c
+++ b/src/util/support/threads.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Preliminary thread support.
  */
@@ -83,7 +83,7 @@ void krb5int_thread_detach_hook (void)
     }
 }
 
-/* Stub function not used on Windows. */ 
+/* Stub function not used on Windows. */
 int krb5int_pthread_loaded (void)
 {
     return 0;
@@ -187,15 +187,15 @@ static void thread_termination (void *tptr)
     if (err == 0) {
         int i, pass, none_found;
         struct tsd_block *t = tptr;
-        
+
         /* Make multiple passes in case, for example, a libkrb5 cleanup
             function wants to print out an error message, which causes
             com_err to allocate a thread-specific buffer, after we just
             freed up the old one.
-            
+
             Shouldn't actually happen, if we're careful, but check just in
             case.  */
-        
+
         pass = 0;
         none_found = 0;
         while (pass < 4 && !none_found) {
@@ -212,7 +212,7 @@ static void thread_termination (void *tptr)
         free (t);
         err = k5_mutex_unlock(&key_lock);
    }
-    
+
     /* remove thread from global linked list */
 }
 
diff --git a/src/util/support/utf8.c b/src/util/support/utf8.c
index 4468673dc..3d9021317 100644
--- a/src/util/support/utf8.c
+++ b/src/util/support/utf8.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -117,7 +117,7 @@ int krb5int_utf8_charlen(const char *p)
 
 /*
  * Make sure the UTF-8 char used the shortest possible encoding
- * returns charlen if valid, 0 if not. 
+ * returns charlen if valid, 0 if not.
  *
  * Here are the valid UTF-8 encodings, taken from RFC 2279 page 4.
  * The table is slightly modified from that of the RFC.
@@ -336,7 +336,7 @@ int krb5int_utf8_copy(char* dst, const char *src)
 
     for (i=1; i<6; i++) {
 	if ((u[i] & 0xc0) != 0x80) {
-	    return i; 
+	    return i;
 	}
 	dst[i] = src[i];
     }
diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c
index f972565f9..03303d744 100644
--- a/src/util/support/utf8_conv.c
+++ b/src/util/support/utf8_conv.c
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -37,7 +37,7 @@
  * <http://www.OpenLDAP.org/license.html>.
  */
 /* Portions Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved.
- * 
+ *
  * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND
  * TREATIES. USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT
  * TO VERSION 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS
@@ -45,7 +45,7 @@
  * IN THE TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION
  * OF THIS WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP
  * PUBLIC LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT
- * THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY. 
+ * THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY.
  */
 
 /*
@@ -86,22 +86,22 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str,
     while (*utf8str && ucs2len < count) {
 	/* Get UTF-8 sequence length from 1st byte */
 	utflen = KRB5_UTF8_CHARLEN2(utf8str, utflen);
-		
+
 	if (utflen == 0 || utflen > KRB5_MAX_UTF8_LEN)
 	    return -1;
 
 	/* First byte minus length tag */
 	ch = (krb5_ucs2)(utf8str[0] & mask[utflen]);
-		
+
 	for (i = 1; i < utflen; i++) {
 	    /* Subsequent bytes must start with 10 */
 	    if ((utf8str[i] & 0xc0) != 0x80)
 		return -1;
-		
+
 	    ch <<= 6;			/* 6 bits of data in each subsequent byte */
 	    ch |= (krb5_ucs2)(utf8str[i] & 0x3f);
 	}
-		
+
 	if (ucs2str != NULL) {
 #ifdef K5_BE
 #ifndef SWAP16
@@ -119,7 +119,7 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str,
     }
 
     assert(ucs2len < count);
-    
+
     if (ucs2str != NULL) {
 	/* Add null terminator if there's room in the buffer. */
 	ucs2str[ucs2len] = 0;
@@ -284,7 +284,7 @@ k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str,
 
 	return len;
     }
-	
+
     /* Do the actual conversion. */
 
     n = 1;					/* In case of empty ucs2str */
@@ -296,10 +296,10 @@ k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str,
 #endif
 
 	n = krb5int_ucs2_to_utf8(ch, p);
-		
+
 	if (n < 1)
 	    break;
-		
+
 	p += n;
 	count -= n;			/* Space left in output buffer */
     }
@@ -317,7 +317,7 @@ k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str,
     if (n == -1)			/* Conversion encountered invalid wide char. */
 	return -1;
 
-    /* Return the number of bytes written to output buffer, excl null. */ 
+    /* Return the number of bytes written to output buffer, excl null. */
     return (p - utf8str);
 }
 
@@ -453,4 +453,3 @@ krb5int_ucs2lecs_to_utf8s(const unsigned char *ucs2les,
 
     return 0;
 }
-
diff --git a/src/util/windows/getopt_long.c b/src/util/windows/getopt_long.c
index bb819628e..d22ac23f1 100644
--- a/src/util/windows/getopt_long.c
+++ b/src/util/windows/getopt_long.c
@@ -149,7 +149,7 @@ getopt2(nargc, nargv, ostr)
 
 	if ((retval = getopt_internal(nargc, nargv, ostr)) == -2) {
 		retval = -1;
-		++optind; 
+		++optind;
 	}
 	return(retval);
 }
@@ -187,11 +187,11 @@ getopt_long(nargc, nargv, options, long_options, index)
 		} else
 			current_argv_len = strlen(current_argv);
 
-		for (i = 0; long_options[i].name; i++) { 
+		for (i = 0; long_options[i].name; i++) {
 			if (strncmp(current_argv, long_options[i].name, current_argv_len))
 				continue;
 
-			if (strlen(long_options[i].name) == (unsigned)current_argv_len) { 
+			if (strlen(long_options[i].name) == (unsigned)current_argv_len) {
 				match = i;
 				break;
 			}
@@ -227,7 +227,7 @@ getopt_long(nargc, nargv, options, long_options, index)
 		if (long_options[match].flag) {
 			*long_options[match].flag = long_options[match].val;
 			retval = 0;
-		} else 
+		} else
 			retval = long_options[match].val;
 		if (index)
 			*index = match;
diff --git a/src/wconfig.c b/src/wconfig.c
index 27531b8e2..c5f5e634c 100644
--- a/src/wconfig.c
+++ b/src/wconfig.c
@@ -132,7 +132,7 @@ int main(int argc, char *argv[])
 
 	if (mit_specific)
 		add_ignore_list("MIT##");
-		
+
 	if (wflags[0] && (argc > 0))
 		printf("WCONFIG_FLAGS=%s\n", wflags);
 
@@ -140,7 +140,7 @@ int main(int argc, char *argv[])
 		copy_file (*argv, "win-pre.in");
 
 	copy_file("", "-");
-    
+
 	if (argc > 0)
 		copy_file (*argv, "win-post.in");
 
@@ -164,13 +164,13 @@ void add_ignore_list(char *str)
 	*cpp = str;
 }
 
-		
+
 /*
- * 
+ *
  * Copy_file
- * 
+ *
  * Copies file 'path\fname' to stdout.
- * 
+ *
  */
 static int
 copy_file (char *path, char *fname)
@@ -203,7 +203,7 @@ copy_file (char *path, char *fname)
 		    return 1;
 	    }
     }
-    
+
 
     while (fgets (buf, sizeof(buf), fin) != NULL) { /* Copy file over */
 	    if (buf[0] == '@') {
diff --git a/src/windows/cns/cns.c b/src/windows/cns/cns.c
index 7a02abba7..c8ca06937 100644
--- a/src/windows/cns/cns.c
+++ b/src/windows/cns/cns.c
@@ -576,7 +576,7 @@ kwin_init_name(HWND hwnd, char *fullname)
 #ifdef KRB5
   krb5_error_code code;
   char *ptr;
-#endif    
+#endif
 
   if (fullname == NULL || fullname[0] == 0) {
 #ifdef KRB4
@@ -590,7 +590,7 @@ kwin_init_name(HWND hwnd, char *fullname)
 
 #ifdef KRB5
     strcpy(name, cns_res.name);
-    
+
     *realm = '\0';
     code = krb5_get_default_realm(k5_context, &ptr);
     if (!code) {
@@ -1046,7 +1046,7 @@ kwin_timer(HWND hwnd, UINT timer_id)
   }
   if (code == 0 || code == KRB5_CC_END)
     krb5_cc_end_seq_get(k5_context, k5_ccache, &cursor);
-    
+
 #endif
 
   if (!expired) {
@@ -1209,7 +1209,7 @@ kwin_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
 
 #ifdef KRB5
     principal = NULL;
-    
+
     /*
      * convert the name + realm into a krb5 principal string and parse it into a principal
      */
@@ -1217,7 +1217,7 @@ kwin_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
     code = krb5_parse_name(k5_context, menuitem, &principal);
     if (code)
       goto errorpoint;
-    
+
     /*
      * set the various ticket options.  First, initialize the structure, then set the ticket
      * to be forwardable if desired, and set the lifetime.
@@ -1227,7 +1227,7 @@ kwin_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
     krb5_get_init_creds_opt_set_tkt_life(&opts, lifetime * 60);
     if (noaddresses) {
 		krb5_get_init_creds_opt_set_address_list(&opts, NULL);
- 	}    
+ 	}
 
     /*
      * get the initial creds using the password and the options we set above
@@ -1235,41 +1235,41 @@ kwin_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
     gd.hinstance = hinstance;
     gd.hwnd = hwnd;
     gd.id = ID_VARDLG;
-    code = krb5_get_init_creds_password(k5_context, &creds, principal, password, 
+    code = krb5_get_init_creds_password(k5_context, &creds, principal, password,
 					gic_prompter, &gd, 0, NULL, &opts);
     if (code)
       goto errorpoint;
-    
+
     /*
      * initialize the credential cache
      */
     code = krb5_cc_initialize(k5_context, k5_ccache, principal);
     if (code)
       goto errorpoint;
-    
+
     /*
      * insert the principal into the cache
      */
     code = krb5_cc_store_cred(k5_context, k5_ccache, &creds);
-    
+
   errorpoint:
-    
+
     if (principal)
       krb5_free_principal(k5_context, principal);
 
     end_blocking_hook();
     SetCursor(hcursor);
     kwin_set_default_focus(hwnd);
-    
+
     if (code) {
       if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-	MessageBox(hwnd, "Password incorrect", NULL, 
+	MessageBox(hwnd, "Password incorrect", NULL,
 		   MB_OK | MB_ICONEXCLAMATION);
-      else 
+      else
 	com_err(NULL, code, "while logging in");
     }
 #endif /* KRB5 */
-    
+
 #ifdef KRB4
     if (krc != KSUCCESS) {
       MessageBox(hwnd, krb_get_err_text(krc),	"",
@@ -1449,7 +1449,7 @@ kwin_paint(HWND hwnd)
       continue;
     expiration = c.times.endtime;
     break;
-                
+
   }
   if (code == 0 || code == KRB5_CC_END)
     krb5_cc_end_seq_get(k5_context, k5_ccache, &cursor);
@@ -1528,7 +1528,7 @@ kwin_wnd_proc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
     HANDLE_MSG(hwnd, WM_TIMER, kwin_timer);
 
     HANDLE_MSG(hwnd, WM_PAINT, kwin_paint);
-    
+
   case WM_ERASEBKGND:
     if (!IsIconic(hwnd))
       break;
@@ -1914,7 +1914,7 @@ krb_gethostbyname_wnd_proc(HWND hwnd, UINT message,
     iscompleted = TRUE;
     return 0;
   }
-  
+
   return DefWindowProc(hwnd, message, wParam, lParam);
 }
 
@@ -1935,7 +1935,7 @@ krb_gethostbyname(
   BOOL FARPROC blockinghook;
   WNDCLASS wc;
   static BOOL isregistered;
-  
+
   blockinghook = WSASetBlockingHook(NULL);
   WSASetBlockingHook(blockinghook);
 
@@ -2006,11 +2006,11 @@ k5_dest_tkt(void)
 }
 
 /*
- * 
+ *
  * k5_get_num_cred
- * 
+ *
  * Returns: number of creds in the credential cache, -1 on error
- * 
+ *
  */
 int
 k5_get_num_cred(int verbose)
@@ -2168,19 +2168,19 @@ k5_init_ccache(krb5_ccache *ccache)
 
 
 /*
- * 
+ *
  * Function: Reads the name and realm out of the ccache.
- * 
+ *
  * Parameters:
  *  ccache - credentials cache to get info from
- * 
+ *
  *  name - buffer to hold user name
- * 
+ *
  *  realm - buffer to hold the realm
- * 
- * 
+ *
+ *
  * Returns: TRUE if read names, FALSE if not
- * 
+ *
  */
 int
 k5_name_from_ccache(krb5_ccache k5_ccache)
diff --git a/src/windows/cns/cns_reg.c b/src/windows/cns/cns_reg.c
index 92255fe4f..357e5d636 100644
--- a/src/windows/cns/cns_reg.c
+++ b/src/windows/cns/cns_reg.c
@@ -46,7 +46,7 @@ cns_load_registry(void)
   cns_res.lifetime = DEFAULT_TKT_LIFE * 5;
   cns_res.forwardable = 1;
   cns_res.noaddresses = 0;
-    
+
   for (i = 1 ; i < FILE_MENU_MAX_LOGINS ; i++)
     cns_res.logins[i][0] = '\0';
 
@@ -60,7 +60,7 @@ cns_load_registry(void)
   {
 	char *s;
 	s = krb5_cc_default_name(k5_context);
-	
+
 	strcpy(cns_res.def_ccname, s);
   }
 
@@ -119,7 +119,7 @@ cns_load_registry(void)
 
   if (registry_dword_get(key, "noaddresses", &tdw) == 0)
    	  cns_res.noaddresses = tdw;
- 
+
   if (registry_dword_get(key, "alert", &tdw) == 0)
 	  cns_res.alert = tdw;
 
diff --git a/src/windows/cns/debug.c b/src/windows/cns/debug.c
index d35e64ed5..052bf4e68 100644
--- a/src/windows/cns/debug.c
+++ b/src/windows/cns/debug.c
@@ -47,7 +47,7 @@ debug_check()
   /*   _CrtMemDumpAllObjectsSince( NULL ); */
 
   _CrtMemCheckpoint( &s2 );
-  
+
   if ( _CrtMemDifference( &s3, &s1, &s2 ) )
     _CrtMemDumpStatistics( &s3 );
 
@@ -88,4 +88,3 @@ debug_init()
    SET_CRT_DEBUG_FIELD( _CRTDBG_LEAK_CHECK_DF );
 }
 #endif /* DEBUG */
-
diff --git a/src/windows/cns/kpasswd.c b/src/windows/cns/kpasswd.c
index 3219ea2aa..09991c383 100644
--- a/src/windows/cns/kpasswd.c
+++ b/src/windows/cns/kpasswd.c
@@ -17,7 +17,7 @@
 
 /*
  * k5_change_password
- * 
+ *
  * Use the new functions to change the password.
  */
 krb5_error_code
diff --git a/src/windows/cns/krbini.h b/src/windows/cns/krbini.h
index 8daf93b73..c6113d1dd 100644
--- a/src/windows/cns/krbini.h
+++ b/src/windows/cns/krbini.h
@@ -33,5 +33,5 @@
 #endif /* KRB5 */
 #define INI_KRB_REALMS  "krb.realms"    /* Location of krb.realms file */
 #define DEF_KRB_REALMS  "krb.realms"    /* Default name for krb.realms file */
-#define INI_RECENT_LOGINS "Recent Logins"    
+#define INI_RECENT_LOGINS "Recent Logins"
 #define INI_LOGIN       "Login"
diff --git a/src/windows/cns/options.c b/src/windows/cns/options.c
index 9e7c30e94..0992f1a74 100644
--- a/src/windows/cns/options.c
+++ b/src/windows/cns/options.c
@@ -76,7 +76,7 @@ opts_initdialog(HWND hwnd, HWND hwndFocus, LPARAM lParam)
 
   noaddresses = cns_res.noaddresses;
   SendDlgItemMessage(hwnd, IDD_NOADDRESSES, BM_SETCHECK, noaddresses, 0);
- 
+
   return TRUE;
 }
 
@@ -135,7 +135,7 @@ opts_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
 
       code = k5_init_ccache(&cctemp);
       if (code) {                     /* Problem opening new one? */
-	com_err(NULL, code, 
+	com_err(NULL, code,
 		"while changing ccache.\r\nRestoring old ccache.");
       } else {
         strcpy(ccname, newname);
diff --git a/src/windows/cns/tktlist.c b/src/windows/cns/tktlist.c
index 68a6f1c62..e3f333251 100644
--- a/src/windows/cns/tktlist.c
+++ b/src/windows/cns/tktlist.c
@@ -153,9 +153,9 @@ ticket_init_list (HWND hwnd)
   }
 
 #endif
-  
+
 #ifdef KRB5
-  
+
   ncred = 0;
   flags = 0;
   if (code = krb5_cc_set_flags(k5_context, k5_ccache, flags)) {
@@ -170,7 +170,7 @@ ticket_init_list (HWND hwnd)
       code = krb5_cc_next_cred(k5_context, k5_ccache, &cursor, &c);
       if (code != 0)
 	break;
-      
+
       ncred++;
       strcpy (buf, "  ");
       strncat(buf, short_date (c.times.starttime - kwin_get_epoch()),
@@ -179,7 +179,7 @@ ticket_init_list (HWND hwnd)
       strncat(buf, short_date (c.times.endtime - kwin_get_epoch()),
 	      sizeof(buf) - 1 - strlen(buf));
       strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
-      
+
       /* Add ticket service name and realm */
       code = krb5_unparse_name (k5_context, c.server, &sname);
       if (code) {
@@ -189,22 +189,22 @@ ticket_init_list (HWND hwnd)
       strncat (buf, sname, sizeof(buf) - 1 - strlen(buf));
 
       strncat (buf, flags_string (&c), sizeof(buf) - 1 - strlen(buf)); /* Add flag info */
-      
+
       l = strlen(buf);
       lpinfo = (LPTICKETINFO) malloc(sizeof(TICKETINFO) + l + 1);
       assert(lpinfo != NULL);
-      
+
       if (lpinfo == NULL)
 	return -1;
-      
+
       lpinfo->ticket = TRUE;
       lpinfo->issue_time = c.times.starttime - kwin_get_epoch();
       lpinfo->lifetime = c.times.endtime - c.times.starttime;
       strcpy(lpinfo->buf, buf);
-      
+
       rc = ListBox_AddItemData(hwnd, lpinfo);
       assert(rc >= 0);
-      
+
       if (rc < 0)
 	return -1;
     }
@@ -221,23 +221,23 @@ ticket_init_list (HWND hwnd)
     }
   }
 #endif
-  
+
   if (ncred <= 0) {
     strcpy(buf, " No Tickets");
     lpinfo = (LPTICKETINFO) malloc(sizeof(TICKETINFO) + strlen(buf) + 1);
     assert(lpinfo != NULL);
-    
+
     if (lpinfo == NULL)
       return -1;
-    
+
     lpinfo->ticket = FALSE;
     strcpy (lpinfo->buf, buf);
     rc = ListBox_AddItemData(hwnd, lpinfo);
     assert(rc >= 0);
   }
-  
+
   SetWindowRedraw(hwnd, TRUE);
-  
+
   return ncred;
 }
 
@@ -396,19 +396,19 @@ ticket_drawitem(HWND hwnd, const DRAWITEMSTRUCT *lpdi)
 #ifdef KRB5
 
 /*
- * 
+ *
  * Flags_string
- * 
+ *
  * Return buffer with the current flags for the credential
- * 
+ *
  */
 char *
 flags_string(krb5_creds *cred) {
   static char buf[32];
   int i = 0;
 
-  buf[i++] = ' ';    
-  buf[i++] = '(';    
+  buf[i++] = ' ';
+  buf[i++] = '(';
   if (cred->ticket_flags & TKT_FLG_FORWARDABLE)
     buf[i++] = 'F';
   if (cred->ticket_flags & TKT_FLG_FORWARDED)
@@ -432,7 +432,7 @@ flags_string(krb5_creds *cred) {
   if (cred->ticket_flags & TKT_FLG_PRE_AUTH)
     buf[i++] = 'A';
 
-  buf[i++] = ')';    
+  buf[i++] = ')';
   buf[i] = '\0';
   if (i <= 3)
     buf[0] = '\0';
diff --git a/src/windows/cns/tktlist.h b/src/windows/cns/tktlist.h
index a522f76c7..6b1e7cd5c 100644
--- a/src/windows/cns/tktlist.h
+++ b/src/windows/cns/tktlist.h
@@ -3,10 +3,10 @@
  *
  * Handle all actions of the Kerberos ticket list.
  *
- * Copyright 1994 by the Massachusetts Institute of Technology. 
+ * Copyright 1994 by the Massachusetts Institute of Technology.
  *
  * For copying and distribution information, please see the file
- * <mit-copyright.h>. 
+ * <mit-copyright.h>.
  */
 
 /* Only one time, please */
diff --git a/src/windows/gina/ginastub.c b/src/windows/gina/ginastub.c
index ec4291b2b..0e807a026 100644
--- a/src/windows/gina/ginastub.c
+++ b/src/windows/gina/ginastub.c
@@ -1,4 +1,3 @@
-
 /*
   Copyright (c) 1996 Microsoft Corporation
 
@@ -183,7 +182,7 @@ WlxInitialize(
 	PVOID *pWlxContext)
 {
     pWlxFuncs = (PGWLX_DISPATCH_VERSION) pWinlogonFunctions;
-    
+
     return (* GWlxInitialize)(
 	lpWinsta,
 	hWlx,
@@ -214,7 +213,7 @@ WlxLoggedOutSAS(
 	PVOID *pProfile)
 {
     int iRet;
-  
+
     iRet = (* GWlxLoggedOutSAS)(
 	pWlxContext,
 	dwSasType,
@@ -225,16 +224,16 @@ WlxLoggedOutSAS(
 	pMprNotifyInfo,
 	pProfile
 	);
-  
+
     if (iRet == WLX_SAS_ACTION_LOGON) {
 	/* copy pMprNotifyInfo and pLogonSid for later use */
-	
+
 	/* pMprNotifyInfo->pszUserName */
 	/* pMprNotifyInfo->pszDomain */
 	/* pMprNotifyInfo->pszPassword */
 	/* pMprNotifyInfo->pszOldPassword */
     }
-  
+
     return iRet;
 }
 
@@ -296,13 +295,13 @@ WlxIsLogoffOk(
 	)
 {
     BOOL bSuccess;
-  
+
     bSuccess = (* GWlxIsLogoffOk)(pWlxContext);
     if (bSuccess) {
 	/* if it's ok to logoff, finish with the stored credentials */
 	/* and scrub the buffers */
     }
-  
+
     return bSuccess;
 }
 
@@ -337,7 +336,7 @@ BOOL * pSecure
 {
     if (GWlxScreenSaverNotify)
 	return (* GWlxScreenSaverNotify)(pWlxContext, pSecure);
-  
+
     /* if not exported, return something intelligent */
     *pSecure = TRUE;
     return TRUE;
diff --git a/src/windows/gss/gss-client.c b/src/windows/gss/gss-client.c
index d9c1491c2..35156dec6 100644
--- a/src/windows/gss/gss-client.c
+++ b/src/windows/gss/gss-client.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -27,7 +27,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -81,12 +81,12 @@ static int connect_to_server(host, port)
      struct sockaddr_in saddr;
      struct hostent *hp;
      int s;
-     
+
      if ((hp = gethostbyname(host)) == NULL) {
 	  printf("Unknown host: %s\r\n", host);
 	  return -1;
      }
-     
+
      saddr.sin_family = hp->h_addrtype;
      memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
      saddr.sin_port = htons(port);
@@ -122,24 +122,24 @@ static int connect_to_server(host, port)
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * service_name is imported as a GSS-API name and a GSS-API context is
  * established with the corresponding service; the service should be
  * listening on the TCP connection s.  The default GSS-API mechanism
  * is used, and mutual authentication and replay detection are
  * requested.
- * 
+ *
  * If successful, the context handle is returned in context.  If
  * unsuccessful, the GSS-API error messages are displayed on stderr
  * and -1 is returned.
  */
-int client_establish_context( int s, 
+int client_establish_context( int s,
                               char *service_name,
-                              OM_uint32 gss_flags, 
+                              OM_uint32 gss_flags,
                               int auth_flag,
-                              int v1_format, 
-                              gss_OID oid, 
-                              gss_ctx_id_t *gss_context, 
+                              int v1_format,
+                              gss_OID oid,
+                              gss_ctx_id_t *gss_context,
                               OM_uint32 *ret_flags)
 {
     if (auth_flag) {
@@ -160,7 +160,7 @@ int client_establish_context( int s,
             display_status("parsing name", maj_stat, min_stat);
             return -1;
         }
-     
+
         if (!v1_format) {
             if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) {
                 (void) gss_release_name(&min_stat, &target_name);
@@ -177,7 +177,7 @@ int client_establish_context( int s,
         * transmitted to the server; every received token is stored in
         * recv_tok, which token_ptr is then set to, to be processed by
         * the next call to gss_init_sec_context.
-        * 
+        *
         * GSS-API guarantees that send_tok's length will be non-zero
         * if and only if the server is expecting another token from us,
         * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
@@ -257,7 +257,7 @@ static void read_file(file_name, in_buf)
 {
     int fd, count;
     struct stat stat_buf;
-    
+
     if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
 	perror("open");
 	printf("Couldn't open file %s\r\n", file_name);
@@ -315,16 +315,16 @@ static void read_file(file_name, in_buf)
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * call_server opens a TCP connection to <host:port> and establishes a
  * GSS-API context with service_name over the connection.  It then
  * seals msg in a GSS-API token with gss_wrap, sends it to the server,
  * reads back a GSS-API signature block for msg from the server, and
  * verifies it with gss_verify.  -1 is returned if any step fails,
  * otherwise 0 is returned.  */
-int call_server(char *host, u_short port, gss_OID oid, char *service_name, 
+int call_server(char *host, u_short port, gss_OID oid, char *service_name,
                 OM_uint32 gss_flags, int auth_flag,
-		        int wrap_flag, int encrypt_flag, int mic_flag, int v1_format, 
+		        int wrap_flag, int encrypt_flag, int mic_flag, int v1_format,
                 char *msg, int use_file, int mcount)
 {
      gss_ctx_id_t context;
@@ -445,7 +445,7 @@ int call_server(char *host, u_short port, gss_OID oid, char *service_name,
              (void) gss_release_oid_set(&min_stat, &mech_names);
          }
      }
-     
+
      if (use_file) {
          read_file(msg, &in_buf);
      } else {
@@ -542,7 +542,7 @@ static void parse_oid(char *mechanism, gss_OID *oid)
     char	*mechstr = 0, *cp;
     gss_buffer_desc tok;
     OM_uint32 maj_stat, min_stat;
-    
+
     if (isdigit((int) mechanism[0])) {
 	mechstr = malloc(strlen(mechanism)+5);
 	if (!mechstr) {
@@ -568,7 +568,7 @@ static void parse_oid(char *mechanism, gss_OID *oid)
 
 int
 gss (char *server_host, char *service_name, char *mechanism, char *msg, int port,
-     int verbose, int delegate, int mutual, int replay, int sequence, 
+     int verbose, int delegate, int mutual, int replay, int sequence,
      int v1_format, int auth_flag, int wrap_flag,
      int encrypt_flag, int mic_flag, int ccount, int mcount, char *ccache)
 {
@@ -610,6 +610,6 @@ gss (char *server_host, char *service_name, char *mechanism, char *msg, int port
 
     if (oid != GSS_C_NULL_OID)
         (void) gss_release_oid(&min_stat, &oid);
-	 
+
     return rc;
 }
diff --git a/src/windows/gss/gss-misc.c b/src/windows/gss/gss-misc.c
index 28227e248..74f005ea8 100644
--- a/src/windows/gss/gss-misc.c
+++ b/src/windows/gss/gss-misc.c
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
@@ -27,7 +27,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -155,7 +155,7 @@ int send_token(int s, int flags, gss_buffer_t tok)
         return -1;
     } else if (ret != 4) {
         if (verbose)
-            printf("sending token length: %d of %d bytes written\r\n", 
+            printf("sending token length: %d of %d bytes written\r\n",
                      ret, 4);
         return -1;
     }
@@ -167,7 +167,7 @@ int send_token(int s, int flags, gss_buffer_t tok)
         return -1;
     } else if (ret != tok->length) {
         if (verbose)
-            printf("sending token data: %d of %d bytes written\r\n", 
+            printf("sending token data: %d of %d bytes written\r\n",
                      ret, (int) tok->length);
         return -1;
     }
@@ -189,7 +189,7 @@ int send_token(int s, int flags, gss_buffer_t tok)
  * Returns: 0 on success, -1 on failure
  *
  * Effects:
- * 
+ *
  * recv_token reads the token flags (a single byte, even though
  * they're stored into an integer, then reads the token length (as a
  * network long), allocates memory to hold the data, and then reads
@@ -226,7 +226,7 @@ int recv_token(int s, int * flags, gss_buffer_t tok)
             return -1;
         } else if (ret != 3) {
             if (verbose)
-                printf("reading token length: %d of %d bytes read\r\n", 
+                printf("reading token length: %d of %d bytes read\r\n",
                          ret, 3);
             return -1;
         }
@@ -239,7 +239,7 @@ int recv_token(int s, int * flags, gss_buffer_t tok)
             return -1;
         } else if (ret != 4) {
             if (verbose)
-                printf("reading token length: %d of %d bytes read\r\n", 
+                printf("reading token length: %d of %d bytes read\r\n",
                          ret, 4);
             return -1;
         }
@@ -263,7 +263,7 @@ int recv_token(int s, int * flags, gss_buffer_t tok)
         free(tok->value);
         return -1;
     } else if (ret != tok->length) {
-        printf("sending token data: %d of %d bytes written\r\n", 
+        printf("sending token data: %d of %d bytes written\r\n",
                  ret, (int) tok->length);
         free(tok->value);
         return -1;
@@ -272,7 +272,7 @@ int recv_token(int s, int * flags, gss_buffer_t tok)
     return 0;
 }
 
-void 
+void
 free_token(gss_buffer_t tok)
 {
     if (tok->length <= 0 || tok->value == NULL)
@@ -311,7 +311,7 @@ display_status_1(char *m, OM_uint32 code, int type) {
     OM_uint32 maj_stat, min_stat;
     gss_buffer_desc msg;
     OM_uint32 msg_ctx;
-     
+
     msg_ctx = 0;
     while (1) {
         maj_stat = gss_display_status(&min_stat, code,
@@ -319,11 +319,11 @@ display_status_1(char *m, OM_uint32 code, int type) {
                                       &msg_ctx, &msg);
         if (verbose)
             printf("GSS-API error %s: %s\r\n", m,
-                     (char *)msg.value); 
+                     (char *)msg.value);
         OkMsgBox ("GSS-API error %s: %s\n", m,
             (char *)msg.value);
         (void) gss_release_buffer(&min_stat, &msg);
-	  
+
         if (!msg_ctx)
             break;
     }
@@ -393,11 +393,11 @@ int gettimeofday (struct timeval *tv, void *ignore_tz)
 }
 
 /*+*************************************************************************
-** 
+**
 ** OkMsgBox
-** 
+**
 ** A MessageBox version of printf
-** 
+**
 ***************************************************************************/
 void
 OkMsgBox (char *format, ...) {
@@ -409,11 +409,11 @@ OkMsgBox (char *format, ...) {
     MessageBox(NULL, buf, "", MB_OK);
 }
 /*+*************************************************************************
-** 
+**
 ** My_perror
-** 
+**
 ** A windows conversion of perror displaying the output into a MessageBox.
-** 
+**
 ***************************************************************************/
 void
 my_perror (char *msg) {
@@ -421,9 +421,8 @@ my_perror (char *msg) {
 
     err = strerror (errno);
 
-    if (msg && *msg != '\0') 
+    if (msg && *msg != '\0')
         OkMsgBox ("%s: %s", msg, err);
     else
         MessageBox (NULL, err, "", MB_OK);
 }
-
diff --git a/src/windows/gss/gss-misc.h b/src/windows/gss/gss-misc.h
index 35b3b7390..77d8190f9 100644
--- a/src/windows/gss/gss-misc.h
+++ b/src/windows/gss/gss-misc.h
@@ -1,6 +1,6 @@
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
- * 
+ *
  * Permission to use, copy, modify, distribute, and sell this software
  * and its documentation for any purpose is hereby granted without fee,
  * provided that the above copyright notice appears in all copies and
@@ -10,7 +10,7 @@
  * without specific, written prior permission. OpenVision makes no
  * representations about the suitability of this software for any
  * purpose.  It is provided "as is" without express or implied warranty.
- * 
+ *
  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
diff --git a/src/windows/gss/gss.c b/src/windows/gss/gss.c
index f42d293ea..fea0253fc 100644
--- a/src/windows/gss/gss.c
+++ b/src/windows/gss/gss.c
@@ -6,7 +6,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -50,7 +50,7 @@
 #define INI_MSG	    "Message"					// INI file line label
 #define INI_MECHS	"GSSAPI Mechanisms"			// INI file section
 #define INI_MECH	"Mech"  					// INI file line label
-#define INI_LAST    "GSSAPI Most Recent" 
+#define INI_LAST    "GSSAPI Most Recent"
 #define INI_LAST_HOST "Host"
 #define INI_LAST_PORT "Port"
 #define INI_LAST_SVC  "Service"
@@ -132,7 +132,7 @@ WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpszCmdLine, int nC
 		       MB_OK | MB_ICONSTOP);
 	    return FALSE;
 	}
-	
+
 	rc = DialogBoxParam (hInstance, "GSSAPIDLG", HWND_DESKTOP, OpenGssapiDlg, 0L);
 	rc = GetLastError();
 
@@ -153,7 +153,7 @@ do_gssapi_test (void) {
 
 	hcursor = SetCursor(LoadCursor(NULL, IDC_WAIT));
 	n = gss (szHost, szService, szMech, szMessage[0] ? szMessage : "Test Gssapi Message", port,
-             verbose, delegate, mutual, replay, sequence, 
+             verbose, delegate, mutual, replay, sequence,
              gssv1, !noauth, !nowrap, !nocrypt, !nomic, ccount, mcount,
              szCCache);
 	SetCursor(hcursor);
@@ -211,7 +211,7 @@ OpenGssapiDlg(
     case WM_HSCROLL:
 		switch (LOWORD(wParam)) {
 		case TB_THUMBTRACK:
-		case TB_THUMBPOSITION: 
+		case TB_THUMBPOSITION:
 			{
 				long pos = HIWORD(wParam); // the position of the slider
 				int  ctrlID = GetDlgCtrlID((HWND)lParam);
@@ -313,7 +313,7 @@ OpenGssapiDlg(
 
 			//EndDialog(hDlg, TRUE);
 			break;
-		
+
         case GSS_NO_AUTH:
             if ( IsDlgButtonChecked(hDlg, GSS_NO_AUTH) ) {
                 // disable the other no_xxx options
@@ -347,7 +347,7 @@ parse_name (char *name) {
 	char *ptr;
 	char seps[] = " ,\t";
 	char tempname[256];
-	
+
 	memset( &tempname[0], '\0', 256 );
 	strcpy( tempname, name);
 	ptr = strtok( tempname, seps);
@@ -394,7 +394,7 @@ static void
 read_saved (void) {
 	int i;					/* Index */
 	char buff[32];
-	
+
 	for (i = 0; MAX_SAVED; ++i) {		/* Read this many entries */
 		wsprintf (buff, INI_HOST "%d", i);
 		GetPrivateProfileString(INI_HOSTS, buff, "", hosts[i], 256, GSSAPI_INI);
@@ -421,47 +421,47 @@ read_saved (void) {
 	}
     GetPrivateProfileString(INI_LAST, INI_LAST_HOST, "", szHost, 256, GSSAPI_INI);
     GetPrivateProfileString(INI_LAST, INI_LAST_PORT, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         port = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_SVC, "", szService, 256, GSSAPI_INI);
     GetPrivateProfileString(INI_LAST, INI_LAST_MSG, "", szMessage, 256, GSSAPI_INI);
     GetPrivateProfileString(INI_LAST, INI_LAST_MECH, "", szMech, 256, GSSAPI_INI);
     GetPrivateProfileString(INI_LAST, INI_LAST_CCACHE, "", szCCache, 256, GSSAPI_INI);
     GetPrivateProfileString(INI_LAST, INI_LAST_DELEGATE, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         delegate = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_MUTUAL, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         mutual = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_REPLAY, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         replay = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_SEQUENCE, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         sequence = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_VERBOSE, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         verbose = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_CCOUNT, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         ccount = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_MCOUNT, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         mcount = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_VER1, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         gssv1 = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_NOAUTH, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         noauth = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_NOWRAP, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         nowrap = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_NOCRYPT, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         nocrypt = atoi(buff);
     GetPrivateProfileString(INI_LAST, INI_LAST_NOMIC, "", buff, 32, GSSAPI_INI);
-    if ( buff[0] )  
+    if ( buff[0] )
         nomic = atoi(buff);
 }
 
@@ -637,7 +637,7 @@ fill_combo (HWND hDlg) {
         goto skip_ccache;
 
     retval = cc_get_NC_info(cc_ctx, &pNCi);
-    if (retval) 
+    if (retval)
         goto clean_ccache;
 
     for ( i=0; pNCi[i]; i++ ) {
diff --git a/src/windows/gss/gss.h b/src/windows/gss/gss.h
index 60d91bf6b..ca00a1a85 100644
--- a/src/windows/gss/gss.h
+++ b/src/windows/gss/gss.h
@@ -1,8 +1,8 @@
 /*+*************************************************************************
-** 
+**
 ** gss.h
-** 
-** 
+**
+**
 ***************************************************************************/
 #include <windows.h>
 #include "winsock.h"
@@ -26,16 +26,16 @@ void my_perror (char *msg);
 // gss-client.c
 int
 gss (char *server_host, char *service_name, char *mechanism, char *msg, int port,
-     int verbose, int delegate, int mutual, int replay, int sequence, 
+     int verbose, int delegate, int mutual, int replay, int sequence,
      int v1_format, int auth_flag, int wrap_flag,
      int encrypt_flag, int mic_flag, int ccount, int mcount, char * ccache);
-int call_server(char *host, u_short port, gss_OID oid, char *service_name, 
+int call_server(char *host, u_short port, gss_OID oid, char *service_name,
                 OM_uint32 deleg_flag, int auth_flag,
-		        int wrap_flag, int encrypt_flag, int mic_flag, int v1_format, 
+		        int wrap_flag, int encrypt_flag, int mic_flag, int v1_format,
                 char *msg, int use_file, int mcount);
 int connect_to_server(char *host, u_short port);
 int client_establish_context(int s, char *service_name, OM_uint32 deleg_flag,
-                             int auth_flag, int v1_format, gss_OID oid, 
+                             int auth_flag, int v1_format, gss_OID oid,
                              gss_ctx_id_t *gss_context, OM_uint32 *ret_flags);
 
 
diff --git a/src/windows/gss/resource.h b/src/windows/gss/resource.h
index de7b2c127..c3428f023 100644
--- a/src/windows/gss/resource.h
+++ b/src/windows/gss/resource.h
@@ -38,7 +38,7 @@
 #define IDD_GSSAPIDLG                   101
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NO_MFC                     1
diff --git a/src/windows/identity/config/netidmgr_intver.h.in b/src/windows/identity/config/netidmgr_intver.h.in
index e025fde20..b754a08ec 100644
--- a/src/windows/identity/config/netidmgr_intver.h.in
+++ b/src/windows/identity/config/netidmgr_intver.h.in
@@ -2,7 +2,7 @@ $(VERSIONINT): Makefile Makefile.w32
 	$(CP) << $(VERSIONINT)
 /*
  * This is an autogenerated file.  Do not modify directly.
- * 
+ *
  * File generated by running $(MAKE) in $(MAKEDIR)
  * To regenerate, run "$(MAKE) clean" and "$(MAKE) all" on $(MAKEDIR)
  */
@@ -44,4 +44,3 @@ $(VERSIONINT): Makefile Makefile.w32
 ! endif
 
 <<
-
diff --git a/src/windows/identity/config/netidmgr_version.h.in b/src/windows/identity/config/netidmgr_version.h.in
index febbeb3d7..babcc53a9 100644
--- a/src/windows/identity/config/netidmgr_version.h.in
+++ b/src/windows/identity/config/netidmgr_version.h.in
@@ -60,4 +60,3 @@ $(VERSIONEXT): Makefile Makefile.w32
 
 #endif
 <<
-
diff --git a/src/windows/identity/doc/cred_aquisition.h b/src/windows/identity/doc/cred_aquisition.h
index 613d5a04b..0161f74f1 100644
--- a/src/windows/identity/doc/cred_aquisition.h
+++ b/src/windows/identity/doc/cred_aquisition.h
@@ -212,7 +212,7 @@
 
     For information on how the dialog procedure should be written, see
     \ref cred_acq_dlgproc .
- 
+
 */
 
 /*! \page cred_acq_dlgproc Writing the dialog procedure for a cred type panel
diff --git a/src/windows/identity/doc/cred_data_types.h b/src/windows/identity/doc/cred_data_types.h
index f2a412211..b02edf22b 100644
--- a/src/windows/identity/doc/cred_data_types.h
+++ b/src/windows/identity/doc/cred_data_types.h
@@ -242,7 +242,7 @@
     count.  It can not be assigned \a KCDB_CBSIZE_AUTO even if the data type
     supports it.  The \a pcb_dst parameter is used internally to allocate
     memory for the object.
-    
+
     \subsubsection kcdb_pg_cb_iv isValid
 
     \code
diff --git a/src/windows/identity/doc/main_page.h b/src/windows/identity/doc/main_page.h
index 9dd55406a..dc7d1e3cc 100644
--- a/src/windows/identity/doc/main_page.h
+++ b/src/windows/identity/doc/main_page.h
@@ -57,7 +57,7 @@
     Copyright &copy; 2004,2005,2006,2007 Massachusetts Institute of Technology
 
     Copyright &copy; 2005,2006,2007 Secure Endpoints Inc.
- 
+
     Permission is hereby granted, free of charge, to any person
     obtaining a copy of this software and associated documentation
     files (the "Software"), to deal in the Software without
@@ -92,8 +92,8 @@
 
 /*! \page bugs Reporting bugs
 
-    Network Identity Manager bugs can be reported to 
-    <a href="mailto:kfw-bugs@mit.edu">kfw-bugs@mit.edu</a> or 
+    Network Identity Manager bugs can be reported to
+    <a href="mailto:kfw-bugs@mit.edu">kfw-bugs@mit.edu</a> or
     <a href="mailto:netidmgr@secure-endpoints.com">netidmgr@secure-endpoints.com</a>
 
     When reporting bugs, please include as much information as
diff --git a/src/windows/identity/doc/plugin_framework.h b/src/windows/identity/doc/plugin_framework.h
index cfe40e458..84ad71c17 100644
--- a/src/windows/identity/doc/plugin_framework.h
+++ b/src/windows/identity/doc/plugin_framework.h
@@ -177,7 +177,7 @@ following sequence of events occur:
     localized libraries will be loaded. See \ref pi_localization
    </li>
 
-   <li> 
+   <li>
     During processing of init_module(), the module registers all the
     plug-ins that it is implementing by calling kmm_provide_plugin()
     for each.
diff --git a/src/windows/identity/doc/plugin_locale.h b/src/windows/identity/doc/plugin_locale.h
index 3c6a236e6..e6d1e1ef0 100644
--- a/src/windows/identity/doc/plugin_locale.h
+++ b/src/windows/identity/doc/plugin_locale.h
@@ -74,7 +74,7 @@ See kmm_set_locale_info() and ::kmm_module_locale for more info.
 The module manager searches the array of ::kmm_module_locale objects
 passed into the kmm_set_locale_info() function for one that matches
 the current user locale (as opposed to the current system locale).  A
-record matches the locale if it has the same language ID.  
+record matches the locale if it has the same language ID.
 
 If a match is found, that library is selected.  Otherwise, the list is
 searched for one that is compatible with the current user locale.  A
@@ -105,5 +105,3 @@ the regular WIN32 API.
 - ::kmm_LoadString
 
 */
-
-
diff --git a/src/windows/identity/doc/plugin_main.h b/src/windows/identity/doc/plugin_main.h
index 9542150a8..bde85558d 100644
--- a/src/windows/identity/doc/plugin_main.h
+++ b/src/windows/identity/doc/plugin_main.h
@@ -111,5 +111,3 @@ Since credential managers may receive privileged information, the
 signature requirements for credential managers are specially strict.
 
 */
-
-
diff --git a/src/windows/identity/doc/ui_context.h b/src/windows/identity/doc/ui_context.h
index 9799b5c4a..f5f4e037e 100644
--- a/src/windows/identity/doc/ui_context.h
+++ b/src/windows/identity/doc/ui_context.h
@@ -92,7 +92,7 @@
     Next: \ref khui_context_using "Using Contexts"
  */
 
-/*! \page khui_context_using Using Contexts 
+/*! \page khui_context_using Using Contexts
 
     \section khui_context_using_1 Obtaining the context
 
diff --git a/src/windows/identity/include/khdefs.h b/src/windows/identity/include/khdefs.h
index c39d6f4ea..e1246c4ae 100644
--- a/src/windows/identity/include/khdefs.h
+++ b/src/windows/identity/include/khdefs.h
@@ -120,7 +120,7 @@ typedef __int64    ssize_t;
 typedef _W64 int   ssize_t;
 #endif
 #define _SSIZE_T_DEFINED
-#endif 
+#endif
 
 typedef ssize_t khm_ssize;
 
@@ -135,7 +135,7 @@ typedef unsigned __int64 khm_lparm;
 #error khm_wparm and khm_lparm need to be defined for this platform
 #endif
 
-/*!\def KHMAPI 
+/*!\def KHMAPI
    \brief Calling convention for NetIDMgr exported functions
 
    The caling convention for all NetIDMgr exported functions is \b
@@ -204,7 +204,7 @@ typedef unsigned __int64 khm_lparm;
 
     Returns the smallest integer greater than or equal to the
     parameter that is a multiple of 4.
-    
+
     \note Only use with positive integers. */
 #define UBOUND32(d) ((((d)-1)&~3) + 4)
 
diff --git a/src/windows/identity/include/kherror.h b/src/windows/identity/include/kherror.h
index a8ee64505..1250e9cfd 100644
--- a/src/windows/identity/include/kherror.h
+++ b/src/windows/identity/include/kherror.h
@@ -41,7 +41,7 @@
 
 /*! \brief Range for error codes
 
-    NetIDMgr errors range from \a KHM_ERROR_BASE to 
+    NetIDMgr errors range from \a KHM_ERROR_BASE to
     KHM_ERROR_BASE + KHM_ERROR_RANGE.
 */
 #define KHM_ERROR_RANGE 256L
diff --git a/src/windows/identity/include/khmsgtypes.h b/src/windows/identity/include/khmsgtypes.h
index cfb43f94e..d4737f7ff 100644
--- a/src/windows/identity/include/khmsgtypes.h
+++ b/src/windows/identity/include/khmsgtypes.h
@@ -63,7 +63,7 @@
 #define KMSG_KCDB       2
 
 /*! \brief NetIDMgr Module Manager messages
- 
+
     \see \ref kmq_msg_kmm
 */
 #define KMSG_KMM        3
@@ -122,7 +122,7 @@
 
 /*@}*/
 
-/*! \defgroup kmq_msg_system KMSG_SYSTEM subtypes 
+/*! \defgroup kmq_msg_system KMSG_SYSTEM subtypes
 @{*/
 /*! \brief Generic initialization message
 
@@ -159,7 +159,7 @@
 #define KMSG_SYSTEM_COMPLETION 3
 /*@}*/
 
-/*! \defgroup kmq_msg_kcdb KMSG_KCDB subtypes 
+/*! \defgroup kmq_msg_kcdb KMSG_KCDB subtypes
 @{*/
 #define KMSG_KCDB_IDENT     1
 #define KMSG_KCDB_CREDTYPE  2
@@ -248,7 +248,7 @@
 /*! \defgroup kmq_msg_cred KMSG_CRED subtypes
   @{*/
 /*! \brief Root credential set changed
-    
+
     This message is issued when the root credential set successfully
     collected credentials from another credential set.
 
@@ -553,9 +553,9 @@
  */
 #define IS_CRED_ACQ_MSG(msg) ((msg) >= 16 && (msg) <=31)
 
-/*@}*/ /* /KMSG_CRED subtypes */ 
+/*@}*/ /* /KMSG_CRED subtypes */
 
-/*! \defgroup kmq_msg_alert KMSG_ALERT Subtypes 
+/*! \defgroup kmq_msg_alert KMSG_ALERT Subtypes
   @{*/
 
 /*! \brief Show an alert
@@ -691,7 +691,7 @@
     guaranteed to be in canonical form.  The return value should be
     akin to strcmp().
 
-    Message parameters: 
+    Message parameters:
 
     - \b vparam : A pointer to a ::kcdb_ident_name_xfer structure.
         The \a name_src member points at the first name, and the \a
diff --git a/src/windows/identity/kconfig/api.c b/src/windows/identity/kconfig/api.c
index 8317e6c9b..c219a6207 100644
--- a/src/windows/identity/kconfig/api.c
+++ b/src/windows/identity/kconfig/api.c
@@ -193,7 +193,7 @@ khcint_dump_handles(FILE * f) {
 #endif
 
 /* obtains cs_conf_handle/cs_conf_global */
-kconf_handle * 
+kconf_handle *
 khcint_handle_from_space(kconf_conf_space * s, khm_int32 flags)
 {
     kconf_handle * h;
@@ -218,7 +218,7 @@ khcint_handle_from_space(kconf_conf_space * s, khm_int32 flags)
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-void 
+void
 khcint_handle_free(kconf_handle * h)
 {
     kconf_handle * lower;
@@ -259,7 +259,7 @@ khcint_handle_free(kconf_handle * h)
 }
 
 /* obains cs_conf_handle/cs_conf_global */
-kconf_handle * 
+kconf_handle *
 khcint_handle_dup(kconf_handle * o)
 {
     kconf_handle * h;
@@ -279,7 +279,7 @@ khcint_handle_dup(kconf_handle * o)
 }
 
 /* obtains cs_conf_global */
-void 
+void
 khcint_space_hold(kconf_conf_space * s) {
     EnterCriticalSection(&cs_conf_global);
     s->refcount ++;
@@ -310,7 +310,7 @@ khcint_try_free_space(kconf_conf_space * s) {
 }
 
 /* obtains cs_conf_global */
-void 
+void
 khcint_space_release(kconf_conf_space * s) {
     khm_int32 l;
 
@@ -345,7 +345,7 @@ khcint_space_release(kconf_conf_space * s) {
 }
 
 /* case sensitive replacement for RegOpenKeyEx */
-LONG 
+LONG
 khcint_RegOpenKeyEx(HKEY hkey, LPCWSTR sSubKey, DWORD ulOptions,
                     REGSAM samDesired, PHKEY phkResult) {
     int i;
@@ -683,7 +683,7 @@ khcint_RegCreateKeyEx(HKEY hKey,
 }
 
 /* obtains cs_conf_global */
-HKEY 
+HKEY
 khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) {
     HKEY hk = NULL;
     int nflags = 0;
@@ -691,12 +691,12 @@ khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) {
     if(flags & KCONF_FLAG_MACHINE) {
         if(s->regkey_machine)
             return s->regkey_machine;
-        if((khcint_RegOpenKeyEx(HKEY_LOCAL_MACHINE, s->regpath, 0, 
-                                KEY_READ | KEY_WRITE, &hk) != 
-            ERROR_SUCCESS) && 
+        if((khcint_RegOpenKeyEx(HKEY_LOCAL_MACHINE, s->regpath, 0,
+                                KEY_READ | KEY_WRITE, &hk) !=
+            ERROR_SUCCESS) &&
            !(flags & KHM_PERM_WRITE)) {
 
-            if(khcint_RegOpenKeyEx(HKEY_LOCAL_MACHINE, s->regpath, 0, 
+            if(khcint_RegOpenKeyEx(HKEY_LOCAL_MACHINE, s->regpath, 0,
                                    KEY_READ, &hk) == ERROR_SUCCESS) {
                 nflags = KHM_PERM_READ;
             }
@@ -704,8 +704,8 @@ khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) {
         }
         if(!hk && (flags & KHM_FLAG_CREATE)) {
 
-            khcint_RegCreateKeyEx(HKEY_LOCAL_MACHINE, 
-                                  s->regpath, 
+            khcint_RegCreateKeyEx(HKEY_LOCAL_MACHINE,
+                                  s->regpath,
                                   0,
                                   NULL,
                                   REG_OPTION_NON_VOLATILE,
@@ -725,17 +725,17 @@ khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) {
     } else {
         if(s->regkey_user)
             return s->regkey_user;
-        if((khcint_RegOpenKeyEx(HKEY_CURRENT_USER, s->regpath, 0, 
-                                KEY_READ | KEY_WRITE, &hk) != 
-            ERROR_SUCCESS) && 
+        if((khcint_RegOpenKeyEx(HKEY_CURRENT_USER, s->regpath, 0,
+                                KEY_READ | KEY_WRITE, &hk) !=
+            ERROR_SUCCESS) &&
            !(flags & KHM_PERM_WRITE)) {
-            if(khcint_RegOpenKeyEx(HKEY_CURRENT_USER, s->regpath, 0, 
+            if(khcint_RegOpenKeyEx(HKEY_CURRENT_USER, s->regpath, 0,
                                    KEY_READ, &hk) == ERROR_SUCCESS) {
                 nflags = KHM_PERM_READ;
             }
         }
         if(!hk && (flags & KHM_FLAG_CREATE)) {
-            khcint_RegCreateKeyEx(HKEY_CURRENT_USER, 
+            khcint_RegCreateKeyEx(HKEY_CURRENT_USER,
                                   s->regpath, 0, NULL,
                                   REG_OPTION_NON_VOLATILE,
                                   KEY_READ | KEY_WRITE,
@@ -753,7 +753,7 @@ khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) {
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_shadow_space(khm_handle upper, khm_handle lower)
 {
     kconf_handle * h;
@@ -792,7 +792,7 @@ khc_shadow_space(khm_handle upper, khm_handle lower)
 }
 
 /* no locks */
-kconf_conf_space * 
+kconf_conf_space *
 khcint_create_empty_space(void) {
     kconf_conf_space * r;
 
@@ -804,7 +804,7 @@ khcint_create_empty_space(void) {
 }
 
 /* called with cs_conf_global */
-void 
+void
 khcint_free_space(kconf_conf_space * r) {
     kconf_conf_space * c;
 
@@ -833,9 +833,9 @@ khcint_free_space(kconf_conf_space * r) {
 }
 
 /* obtains cs_conf_global */
-khm_int32 
-khcint_open_space(kconf_conf_space * parent, 
-                  const wchar_t * sname, size_t n_sname, 
+khm_int32
+khcint_open_space(kconf_conf_space * parent,
+                  const wchar_t * sname, size_t n_sname,
                   khm_int32 flags, kconf_conf_space **result) {
     kconf_conf_space * p;
     kconf_conf_space * c;
@@ -890,7 +890,7 @@ khcint_open_space(kconf_conf_space * parent,
         /* we are not creating the space, so it must exist in the form of a
         registry key in HKLM or HKCU.  If it existed as a schema, we
         would have already retured it above. */
-        
+
         if (flags & KCONF_FLAG_USER)
             pkey = khcint_space_open_key(p, KHM_PERM_READ | KCONF_FLAG_USER);
 
@@ -916,7 +916,7 @@ khcint_open_space(kconf_conf_space * parent,
     }
 
     c = khcint_create_empty_space();
-    
+
     /*SAFE: buf: is of known length < KCONF_MAXCCH_NAME */
     c->name = PWCSDUP(buf);
 
@@ -947,8 +947,8 @@ khcint_open_space(kconf_conf_space * parent,
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
-khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags, 
+KHMEXP khm_int32 KHMAPI
+khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags,
                khm_handle * result) {
     kconf_handle * h;
     kconf_conf_space * p;
@@ -1042,7 +1042,7 @@ khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags,
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_close_space(khm_handle csp) {
     if(!khc_is_config_running())
         return KHM_ERROR_NOT_READY;
@@ -1059,11 +1059,11 @@ khc_close_space(khm_handle csp) {
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
-khc_read_string(khm_handle pconf, 
-                const wchar_t * pvalue, 
-                wchar_t * buf, 
-                khm_size * bufsize) 
+KHMEXP khm_int32 KHMAPI
+khc_read_string(khm_handle pconf,
+                const wchar_t * pvalue,
+                wchar_t * buf,
+                khm_size * bufsize)
 {
     kconf_conf_space * c;
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -1086,9 +1086,9 @@ khc_read_string(khm_handle pconf,
         if((value = wcsrchr(pvalue, L'\\')) != NULL) {
 
             if(KHM_FAILED(khc_open_space(
-                pconf, 
-                pvalue, 
-                KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0), 
+                pconf,
+                pvalue,
+                KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0),
                 &conf)))
                 goto _shadow;
 
@@ -1218,7 +1218,7 @@ _exit:
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_read_int32(khm_handle pconf, const wchar_t * pvalue, khm_int32 * buf) {
     kconf_conf_space * c;
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -1244,9 +1244,9 @@ khc_read_int32(khm_handle pconf, const wchar_t * pvalue, khm_int32 * buf) {
 
         if((value = wcsrchr(pvalue, L'\\')) != NULL) {
             if(KHM_FAILED(khc_open_space(
-                pconf, 
-                pvalue, 
-                KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0), 
+                pconf,
+                pvalue,
+                KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0),
                 &conf)))
                 goto _shadow;
             free_space = 1;
@@ -1336,7 +1336,7 @@ _exit:
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_read_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 * buf) {
     kconf_conf_space * c;
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -1359,9 +1359,9 @@ khc_read_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 * buf) {
 
         if((value = wcsrchr(pvalue, L'\\')) != NULL) {
             if(KHM_FAILED(khc_open_space(
-                pconf, 
-                pvalue, 
-                KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0), 
+                pconf,
+                pvalue,
+                KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0),
                 &conf)))
                 goto _shadow;
             free_space = 1;
@@ -1451,8 +1451,8 @@ _exit:
 }
 
 /* obtaincs cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
-khc_read_binary(khm_handle pconf, const wchar_t * pvalue, 
+KHMEXP khm_int32 KHMAPI
+khc_read_binary(khm_handle pconf, const wchar_t * pvalue,
                 void * buf, khm_size * bufsize) {
     kconf_conf_space * c;
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -1473,9 +1473,9 @@ khc_read_binary(khm_handle pconf, const wchar_t * pvalue,
 
         if((value = wcsrchr(pvalue, L'\\')) != NULL) {
             if(KHM_FAILED(khc_open_space(
-                pconf, 
-                pvalue, 
-                KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0), 
+                pconf,
+                pvalue,
+                KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0),
                 &conf)))
                 goto _shadow;
             free_space = 1;
@@ -1571,10 +1571,10 @@ _exit:
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
-khc_write_string(khm_handle pconf, 
-                 const wchar_t * pvalue, 
-                 wchar_t * buf) 
+KHMEXP khm_int32 KHMAPI
+khc_write_string(khm_handle pconf,
+                 const wchar_t * pvalue,
+                 wchar_t * buf)
 {
     HKEY pk = NULL;
     kconf_conf_space * c;
@@ -1628,8 +1628,8 @@ khc_write_string(khm_handle pconf,
     }
 
     if((value = wcsrchr(pvalue, L'\\')) != NULL) {
-        if(KHM_FAILED(khc_open_space(pconf, pvalue, 
-                                     KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0), 
+        if(KHM_FAILED(khc_open_space(pconf, pvalue,
+                                     KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0),
                                      &conf)))
             return KHM_ERROR_INVALID_PARAM;
         free_space = 1;
@@ -1672,10 +1672,10 @@ _exit:
 }
 
 /* obtaincs cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
-khc_write_int32(khm_handle pconf, 
-                const wchar_t * pvalue, 
-                khm_int32 buf) 
+KHMEXP khm_int32 KHMAPI
+khc_write_int32(khm_handle pconf,
+                const wchar_t * pvalue,
+                khm_int32 buf)
 {
     HKEY pk = NULL;
     kconf_conf_space * c;
@@ -1703,9 +1703,9 @@ khc_write_int32(khm_handle pconf,
 
     if((value = wcsrchr(pvalue, L'\\')) != NULL) {
         if(KHM_FAILED(khc_open_space(
-            pconf, 
-            pvalue, 
-            KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0), 
+            pconf,
+            pvalue,
+            KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0),
             &conf)))
             return KHM_ERROR_INVALID_PARAM;
         free_space = 1;
@@ -1746,7 +1746,7 @@ khc_write_int32(khm_handle pconf,
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) {
     HKEY pk = NULL;
     kconf_conf_space * c;
@@ -1774,9 +1774,9 @@ khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) {
 
     if((value = wcsrchr(pvalue, L'\\')) != NULL) {
         if(KHM_FAILED(khc_open_space(
-            pconf, 
-            pvalue, 
-            KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0), 
+            pconf,
+            pvalue,
+            KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0),
             &conf)))
             return KHM_ERROR_INVALID_PARAM;
         free_space = 1;
@@ -1817,9 +1817,9 @@ khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) {
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
-khc_write_binary(khm_handle pconf, 
-                 const wchar_t * pvalue, 
+KHMEXP khm_int32 KHMAPI
+khc_write_binary(khm_handle pconf,
+                 const wchar_t * pvalue,
                  void * buf, khm_size bufsize) {
     HKEY pk = NULL;
     kconf_conf_space * c;
@@ -1838,9 +1838,9 @@ khc_write_binary(khm_handle pconf,
 
     if((value = wcsrchr(pvalue, L'\\')) != NULL) {
         if(KHM_FAILED(khc_open_space(
-            pconf, 
-            pvalue, 
-            KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0), 
+            pconf,
+            pvalue,
+            KCONF_FLAG_TRAILINGVALUE | (pconf?khc_handle_flags(pconf):0),
             &conf)))
             return KHM_ERROR_INVALID_PARAM;
         free_space = 1;
@@ -1881,8 +1881,8 @@ khc_write_binary(khm_handle pconf,
 }
 
 /* no locks */
-KHMEXP khm_int32 KHMAPI 
-khc_get_config_space_name(khm_handle conf, 
+KHMEXP khm_int32 KHMAPI
+khc_get_config_space_name(khm_handle conf,
                           wchar_t * buf, khm_size * bufsize) {
     kconf_conf_space * c;
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -1923,7 +1923,7 @@ khc_get_config_space_name(khm_handle conf,
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_get_config_space_parent(khm_handle conf, khm_handle * parent) {
     kconf_conf_space * c;
 
@@ -1944,7 +1944,7 @@ khc_get_config_space_parent(khm_handle conf, khm_handle * parent) {
 }
 
 /* obtains cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_get_type(khm_handle conf, const wchar_t * value) {
     HKEY hkm = NULL;
     HKEY hku = NULL;
@@ -2003,7 +2003,7 @@ khc_get_type(khm_handle conf, const wchar_t * value) {
 }
 
 /* obtains cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_value_exists(khm_handle conf, const wchar_t * value) {
     HKEY hku = NULL;
     HKEY hkm = NULL;
@@ -2075,7 +2075,7 @@ khc_remove_value(khm_handle conf, const wchar_t * value, khm_int32 flags) {
 
     if((flags == 0 ||
         (flags & KCONF_FLAG_USER)) &&
-       hku && (RegQueryValueEx(hku, value, NULL, 
+       hku && (RegQueryValueEx(hku, value, NULL,
                                &t, NULL, NULL) == ERROR_SUCCESS)) {
         l = RegDeleteValue(hku, value);
         if (l == ERROR_SUCCESS)
@@ -2085,11 +2085,11 @@ khc_remove_value(khm_handle conf, const wchar_t * value, khm_int32 flags) {
     }
     if((flags == 0 ||
         (flags & KCONF_FLAG_MACHINE)) &&
-       hkm && (RegQueryValueEx(hkm, value, NULL, 
+       hkm && (RegQueryValueEx(hkm, value, NULL,
                                &t, NULL, NULL) == ERROR_SUCCESS)) {
         l = RegDeleteValue(hkm, value);
         if (l == ERROR_SUCCESS)
-            rv = (rv == KHM_ERROR_UNKNOWN)?KHM_ERROR_PARTIAL: 
+            rv = (rv == KHM_ERROR_UNKNOWN)?KHM_ERROR_PARTIAL:
                 KHM_ERROR_SUCCESS;
         else
             rv = (rv == KHM_ERROR_SUCCESS)?KHM_ERROR_PARTIAL:
@@ -2222,7 +2222,7 @@ khc_remove_space(khm_handle conf) {
 }
 
 /* no locks */
-khm_boolean 
+khm_boolean
 khcint_is_valid_name(wchar_t * name)
 {
     size_t cbsize;
@@ -2232,7 +2232,7 @@ khcint_is_valid_name(wchar_t * name)
 }
 
 /* no locks */
-khm_int32 
+khm_int32
 khcint_validate_schema(const kconf_schema * schema,
                        int begin,
                        int *end)
@@ -2295,8 +2295,8 @@ khcint_validate_schema(const kconf_schema * schema,
 }
 
 /* obtains cs_conf_handle/cs_conf_global; called with cs_conf_global */
-khm_int32 
-khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, 
+khm_int32
+khcint_load_schema_i(khm_handle parent, const kconf_schema * schema,
                      int begin, int * end)
 {
     int i;
@@ -2310,7 +2310,7 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema,
         switch(state) {
             case 0: /* initial.  this record should start a config space */
                 LeaveCriticalSection(&cs_conf_global);
-                if(KHM_FAILED(khc_open_space(parent, schema[i].name, 
+                if(KHM_FAILED(khc_open_space(parent, schema[i].name,
                                              KHM_FLAG_CREATE, &h))) {
                     EnterCriticalSection(&cs_conf_global);
                     return KHM_ERROR_INVALID_PARAM;
@@ -2366,7 +2366,7 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema,
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_load_schema(khm_handle conf, const kconf_schema * schema)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -2381,15 +2381,15 @@ khc_load_schema(khm_handle conf, const kconf_schema * schema)
         return KHM_ERROR_INVALID_PARAM;
 
     EnterCriticalSection(&cs_conf_global);
-    rv = khcint_load_schema_i(conf, schema, 0, NULL);        
+    rv = khcint_load_schema_i(conf, schema, 0, NULL);
     LeaveCriticalSection(&cs_conf_global);
 
     return rv;
 }
 
 /* obtains cs_conf_handle/cs_conf_global; called with cs_conf_global */
-khm_int32 
-khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, 
+khm_int32
+khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema,
                        int begin, int * end)
 {
     int i;
@@ -2458,7 +2458,7 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema,
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_unload_schema(khm_handle conf, const kconf_schema * schema)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -2480,7 +2480,7 @@ khc_unload_schema(khm_handle conf, const kconf_schema * schema)
 }
 
 /* obtaincs cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_enum_subspaces(khm_handle conf,
                    khm_handle prev,
                    khm_handle * next)
@@ -2516,7 +2516,7 @@ khc_enum_subspaces(khm_handle conf,
                 int idx;
 
                 idx = 0;
-                while(RegEnumKey(hk_conf, idx, 
+                while(RegEnumKey(hk_conf, idx,
                                  name, ARRAYLENGTH(name)) == ERROR_SUCCESS) {
                     wchar_t * tilde;
                     tilde = wcschr(name, L'~');
@@ -2540,14 +2540,14 @@ khc_enum_subspaces(khm_handle conf,
                 int idx;
 
                 idx = 0;
-                while(RegEnumKey(hk_conf, idx, 
+                while(RegEnumKey(hk_conf, idx,
                                  name, ARRAYLENGTH(name)) == ERROR_SUCCESS) {
                     wchar_t * tilde;
                     tilde = wcschr(name, L'~');
                     if (tilde)
                         *tilde = 0;
 
-                    if(KHM_SUCCEEDED(khc_open_space(conf, name, 
+                    if(KHM_SUCCEEDED(khc_open_space(conf, name,
                                                     KCONF_FLAG_MACHINE, &h)))
                         khc_close_space(h);
                     idx++;
@@ -2588,7 +2588,7 @@ khc_enum_subspaces(khm_handle conf,
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_write_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf)
 {
     size_t cb;
@@ -2620,8 +2620,8 @@ khc_write_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf)
 }
 
 /* obtains cs_conf_handle/cs_conf_global */
-KHMEXP khm_int32 KHMAPI 
-khc_read_multi_string(khm_handle conf, const wchar_t * value, 
+KHMEXP khm_int32 KHMAPI
+khc_read_multi_string(khm_handle conf, const wchar_t * value,
                       wchar_t * buf, khm_size * bufsize)
 {
     wchar_t vbuf[KCONF_MAXCCH_STRING];
diff --git a/src/windows/identity/kconfig/kconfig.h b/src/windows/identity/kconfig/kconfig.h
index 689992c29..25411eebd 100644
--- a/src/windows/identity/kconfig/kconfig.h
+++ b/src/windows/identity/kconfig/kconfig.h
@@ -33,7 +33,7 @@
 /*! \defgroup kconf NetIDMgr Configuration Provider */
 /*@{*/
 
-/*! \brief Configuration schema descriptor record 
+/*! \brief Configuration schema descriptor record
 
     The schema descriptor is a convenient way to provide a default set
     of configuration options for a part of an application.  It
@@ -94,7 +94,7 @@ typedef struct tag_kconf_schema {
 */
 #define KC_INT32        3
 
-/*! \brief A 64 bit integer 
+/*! \brief A 64 bit integer
 
     Specifies a configuration parameter named \a name which is of this
     type.  Use \a description to provide an optional description of
@@ -104,7 +104,7 @@ typedef struct tag_kconf_schema {
 */
 #define KC_INT64        4
 
-/*! \brief A unicode string 
+/*! \brief A unicode string
 
     Specifies a configuration parameter named \a name which is of this
     type.  Use \a description to provide an optional description of
@@ -116,7 +116,7 @@ typedef struct tag_kconf_schema {
 */
 #define KC_STRING       5
 
-/*! \brief An unparsed binary stream 
+/*! \brief An unparsed binary stream
 
     Specifies a configuration parameter named \a name which is of this
     type.  Use \a description to provide an optional description of
@@ -187,7 +187,7 @@ typedef struct tag_kconf_schema {
  */
 #define KCONF_FLAG_NOPARSENAME   0x00000040
 
-/*! \brief Maximum number of allowed characters (including terminating NULL) in a name 
+/*! \brief Maximum number of allowed characters (including terminating NULL) in a name
 
     \note This is a hard limit in Windows, since we are mapping
         configuration spaces to registry keys.
@@ -233,7 +233,7 @@ typedef struct tag_kconf_schema {
 
     \param[in] parent The parent configuration space.  The path
         specified in \a cspace is relative to the parent.  Set this to
-        NULL to indicate the root configuration space.  
+        NULL to indicate the root configuration space.
 
     \param[in] cspace The configuration path.  This can be up to
         ::KCONF_MAXCCH_PATH characters in length.  Use backslashes to
@@ -253,8 +253,8 @@ typedef struct tag_kconf_schema {
         and settings \a flags to the required flags.
 
 */
-KHMEXP khm_int32 KHMAPI 
-khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags, 
+KHMEXP khm_int32 KHMAPI
+khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags,
                khm_handle * result);
 
 /*! \brief Set the shadow space for a configuration handle
@@ -277,12 +277,12 @@ khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags,
 
     Specify NULL for \a lower to remove any prior shadow.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_shadow_space(khm_handle upper, khm_handle lower);
 
 /*! \brief Close a handle opened with khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_close_space(khm_handle conf);
 
 /*! \brief Read a string value from a configuration space
@@ -321,7 +321,7 @@ khc_close_space(khm_handle conf);
 
     \param[in] buf Buffer to copy the string to.  Specify NULL to just
         retrieve the number of required bytes.
-    
+
     \param[in,out] bufsize On entry, specifies the number of bytes of
         space available at the location specified by \a buf.  On exit
         specifies the number of bytes actually copied or the size of
@@ -336,10 +336,10 @@ khc_close_space(khm_handle conf);
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_read_string(khm_handle conf, 
-                const wchar_t * value_name, 
-                wchar_t * buf, 
+KHMEXP khm_int32 KHMAPI
+khc_read_string(khm_handle conf,
+                const wchar_t * value_name,
+                wchar_t * buf,
                 khm_size * bufsize);
 
 /*! \brief Read a multi-string value from a configuration space
@@ -386,7 +386,7 @@ khc_read_string(khm_handle conf,
 
     \param[in] buf Buffer to copy the multi-string to.  Specify NULL
         to just retrieve the number of required bytes.
-    
+
     \param[in,out] bufsize On entry, specifies the number of bytes of
         space available at the location specified by \a buf.  On exit
         specifies the number of bytes actually copied or the size of
@@ -401,10 +401,10 @@ khc_read_string(khm_handle conf,
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_read_multi_string(khm_handle conf, 
-                      const wchar_t * value_name, 
-                      wchar_t * buf, 
+KHMEXP khm_int32 KHMAPI
+khc_read_multi_string(khm_handle conf,
+                      const wchar_t * value_name,
+                      wchar_t * buf,
                       khm_size * bufsize);
 
 /*! \brief Read a 32 bit integer value from a configuration space
@@ -452,9 +452,9 @@ khc_read_multi_string(khm_handle conf,
     \retval KHM_ERROR_TYPE_MISMATCH The specified value was found but was not of the correct type.
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_read_int32(khm_handle conf, 
-               const wchar_t * value_name, 
+KHMEXP khm_int32 KHMAPI
+khc_read_int32(khm_handle conf,
+               const wchar_t * value_name,
                khm_int32 * buf);
 
 /*! \brief Read a 64 bit integer value from a configuration space
@@ -503,9 +503,9 @@ khc_read_int32(khm_handle conf,
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_read_int64(khm_handle conf, 
-               const wchar_t * value_name, 
+KHMEXP khm_int32 KHMAPI
+khc_read_int64(khm_handle conf,
+               const wchar_t * value_name,
                khm_int64 * buf);
 
 /*! \brief Read a binary value from a configuration space
@@ -542,7 +542,7 @@ khc_read_int64(khm_handle conf,
 
     \param[in] buf Buffer to copy the string to.  Specify NULL to just
         retrieve the number of required bytes.
-    
+
     \param[in,out] bufsize On entry, specifies the number of bytes of
         space available at the location specified by \a buf.  On exit
         specifies the number of bytes actually copied or the size of
@@ -554,10 +554,10 @@ khc_read_int64(khm_handle conf,
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_read_binary(khm_handle conf, 
-                const wchar_t * value_name, 
-                void * buf, 
+KHMEXP khm_int32 KHMAPI
+khc_read_binary(khm_handle conf,
+                const wchar_t * value_name,
+                void * buf,
                 khm_size * bufsize);
 
 /*! \brief Write a string value to a configuration space
@@ -603,9 +603,9 @@ khc_read_binary(khm_handle conf,
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_write_string(khm_handle conf, 
-                 const wchar_t * value_name, 
+KHMEXP khm_int32 KHMAPI
+khc_write_string(khm_handle conf,
+                 const wchar_t * value_name,
                  wchar_t * buf);
 
 /*! \brief Write a multi-string value to a configuration space
@@ -653,9 +653,9 @@ khc_write_string(khm_handle conf,
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_write_multi_string(khm_handle conf, 
-                       const wchar_t * value_name, 
+KHMEXP khm_int32 KHMAPI
+khc_write_multi_string(khm_handle conf,
+                       const wchar_t * value_name,
                        wchar_t * buf);
 
 /*! \brief Write a 32 bit integer value to a configuration space
@@ -693,9 +693,9 @@ khc_write_multi_string(khm_handle conf,
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_write_int32(khm_handle conf, 
-                const wchar_t * value_name, 
+KHMEXP khm_int32 KHMAPI
+khc_write_int32(khm_handle conf,
+                const wchar_t * value_name,
                 khm_int32 buf);
 
 /*! \brief Write a 64 bit integer value to a configuration space
@@ -733,9 +733,9 @@ khc_write_int32(khm_handle conf,
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_write_int64(khm_handle conf, 
-                const wchar_t * value_name, 
+KHMEXP khm_int32 KHMAPI
+khc_write_int64(khm_handle conf,
+                const wchar_t * value_name,
                 khm_int64 buf);
 
 /*! \brief Write a binary value to a configuration space
@@ -768,10 +768,10 @@ khc_write_int64(khm_handle conf,
 
     \see khc_open_space()
 */
-KHMEXP khm_int32 KHMAPI 
-khc_write_binary(khm_handle conf, 
-                 const wchar_t * value_name, 
-                 void * buf, 
+KHMEXP khm_int32 KHMAPI
+khc_write_binary(khm_handle conf,
+                 const wchar_t * value_name,
+                 void * buf,
                  khm_size bufsize);
 
 /*! \brief Get the type of a value in a configuration space
@@ -779,7 +779,7 @@ khc_write_binary(khm_handle conf,
     \return The return value is the type of the specified value, or
         KC_NONE if the value does not exist.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_get_type(khm_handle conf, const wchar_t * value_name);
 
 /*! \brief Check which configuration stores contain a specific value.
@@ -802,7 +802,7 @@ khc_get_type(khm_handle conf, const wchar_t * value_name);
         and ::KCONF_FLAG_SCHEMA indicating which stores contain the
         value.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_value_exists(khm_handle conf, const wchar_t * value);
 
 /*! \brief Remove a value from a configuration space
@@ -857,9 +857,9 @@ khc_remove_value(khm_handle conf, const wchar_t * value_name, khm_int32 flags);
         pointed to by \a buf.  On exit, holds the number of bytes
         copied into the buffer including the NULL terminator.
  */
-KHMEXP khm_int32 KHMAPI 
-khc_get_config_space_name(khm_handle conf, 
-                          wchar_t * buf, 
+KHMEXP khm_int32 KHMAPI
+khc_get_config_space_name(khm_handle conf,
+                          wchar_t * buf,
                           khm_size * bufsize);
 
 /*! \brief Get a handle to the parent space
@@ -870,8 +870,8 @@ khc_get_config_space_name(khm_handle conf,
         call succeeds.  Receives NULL otherwise.  The returned handle
         must be closed using khc_close_space()
  */
-KHMEXP khm_int32 KHMAPI 
-khc_get_config_space_parent(khm_handle conf, 
+KHMEXP khm_int32 KHMAPI
+khc_get_config_space_parent(khm_handle conf,
                             khm_handle * parent);
 
 /*! \brief Load a configuration schema into the specified configuration space
@@ -884,14 +884,14 @@ khc_get_config_space_parent(khm_handle conf,
 
     \see khc_unload_schema()
  */
-KHMEXP khm_int32 KHMAPI 
-khc_load_schema(khm_handle conf, 
+KHMEXP khm_int32 KHMAPI
+khc_load_schema(khm_handle conf,
                 const kconf_schema * schema);
 
 /*! \brief Unload a schema from a configuration space
  */
-KHMEXP khm_int32 KHMAPI 
-khc_unload_schema(khm_handle conf, 
+KHMEXP khm_int32 KHMAPI
+khc_unload_schema(khm_handle conf,
                   const kconf_schema * schema);
 
 /*! \brief Enumerate the subspaces of a configuration space
@@ -941,7 +941,7 @@ khc_unload_schema(khm_handle conf,
 	However, the returned handle has the same domain restrictions
 	as \a conf.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khc_enum_subspaces(khm_handle conf,
                    khm_handle prev,
                    khm_handle * next);
diff --git a/src/windows/identity/kconfig/registry.c b/src/windows/identity/kconfig/registry.c
index d1e4009f2..3a3f1cd68 100644
--- a/src/windows/identity/kconfig/registry.c
+++ b/src/windows/identity/kconfig/registry.c
@@ -25,4 +25,3 @@
 /* $Id$ */
 
 #include<kconfiginternal.h>
-
diff --git a/src/windows/identity/kconfig/test/utiltest.c b/src/windows/identity/kconfig/test/utiltest.c
index f999dfa71..4131d07cf 100644
--- a/src/windows/identity/kconfig/test/utiltest.c
+++ b/src/windows/identity/kconfig/test/utiltest.c
@@ -130,7 +130,7 @@ int ms_append_test(void)
     printf("MS[");
     print_ms(wbuf);
     printf("] + [foo]=[");
-  
+
     cbbuf = sizeof(wbuf);
     code = khc_multi_string_append(wbuf, &cbbuf, L"foo");
 
diff --git a/src/windows/identity/kcreddb/attrib.c b/src/windows/identity/kcreddb/attrib.c
index 983e3cc98..f4291778c 100644
--- a/src/windows/identity/kcreddb/attrib.c
+++ b/src/windows/identity/kcreddb/attrib.c
@@ -33,27 +33,27 @@ kcdb_attrib_i ** kcdb_attrib_tbl = NULL;
 kcdb_attrib_i ** kcdb_property_tbl = NULL;
 kcdb_attrib_i * kcdb_attribs = NULL;
 
-void 
+void
 kcdb_attrib_add_ref_func(const void * key, void * va)
 {
     kcdb_attrib_hold((kcdb_attrib_i *) va);
 }
 
-void 
+void
 kcdb_attrib_del_ref_func(const void * key, void * va)
 {
     kcdb_attrib_release((kcdb_attrib_i *) va);
 }
 
-void 
-kcdb_attrib_msg_completion(kmq_message * m) 
+void
+kcdb_attrib_msg_completion(kmq_message * m)
 {
     if(m && m->vparam) {
         kcdb_attrib_release((kcdb_attrib_i *) m->vparam);
     }
 }
 
-khm_int32 
+khm_int32
 kcdb_attrib_hold(kcdb_attrib_i * ai)
 {
     if(!ai)
@@ -65,7 +65,7 @@ kcdb_attrib_hold(kcdb_attrib_i * ai)
     return KHM_ERROR_SUCCESS;
 }
 
-khm_int32 
+khm_int32
 kcdb_attrib_release(kcdb_attrib_i * ai)
 {
     if(!ai)
@@ -77,17 +77,17 @@ kcdb_attrib_release(kcdb_attrib_i * ai)
     return KHM_ERROR_SUCCESS;
 }
 
-void 
+void
 kcdb_attrib_post_message(khm_int32 op, kcdb_attrib_i * ai)
 {
     kcdb_attrib_hold(ai);
     kmq_post_message(KMSG_KCDB, KMSG_KCDB_ATTRIB, op, (void *) ai);
 }
 
-khm_int32 KHMAPI 
-kcdb_attr_sys_cb(khm_handle vcred, 
-                 khm_int32 attr, 
-                 void * buf, 
+khm_int32 KHMAPI
+kcdb_attr_sys_cb(khm_handle vcred,
+                 khm_int32 attr,
+                 void * buf,
                  khm_size * pcb_buf)
 {
     kcdb_cred * c;
@@ -109,7 +109,7 @@ kcdb_attr_sys_cb(khm_handle vcred,
         }
 
     case KCDB_ATTR_ID_NAME:
-        return kcdb_identity_get_name((khm_handle) c->identity, 
+        return kcdb_identity_get_name((khm_handle) c->identity,
                                       (wchar_t *) buf, pcb_buf);
 
     case KCDB_ATTR_TYPE:
@@ -123,7 +123,7 @@ kcdb_attr_sys_cb(khm_handle vcred,
         }
 
     case KCDB_ATTR_TYPE_NAME:
-        return kcdb_credtype_describe(c->type, buf, 
+        return kcdb_credtype_describe(c->type, buf,
                                       pcb_buf, KCDB_TS_SHORT);
 
     case KCDB_ATTR_TIMELEFT:
@@ -148,7 +148,7 @@ kcdb_attr_sys_cb(khm_handle vcred,
                 iftc = FtToInt(&ftc);
 
                 *((FILETIME *) buf) =
-                    IntToFt(FtToInt((FILETIME *) 
+                    IntToFt(FtToInt((FILETIME *)
                                     kcdb_cred_buf_get(c,KCDB_ATTR_EXPIRE))
                             - iftc);
                 *pcb_buf = sizeof(FILETIME);
@@ -210,36 +210,36 @@ kcdb_attr_sys_cb(khm_handle vcred,
     }
 }
 
-void 
+void
 kcdb_attrib_init(void)
 {
     kcdb_attrib attrib;
     wchar_t sbuf[256];
 
     InitializeCriticalSection(&cs_attrib);
-    kcdb_attrib_namemap = 
+    kcdb_attrib_namemap =
         hash_new_hashtable(KCDB_ATTRIB_HASH_SIZE,
                            hash_string,
                            hash_string_comp,
                            kcdb_attrib_add_ref_func,
                            kcdb_attrib_del_ref_func);
 
-    kcdb_attrib_tbl = 
+    kcdb_attrib_tbl =
         PMALLOC(sizeof(kcdb_attrib_i *) * (KCDB_ATTR_MAX_ID + 1));
     assert(kcdb_attrib_tbl != NULL);
-    ZeroMemory(kcdb_attrib_tbl, 
+    ZeroMemory(kcdb_attrib_tbl,
                sizeof(kcdb_attrib_i *) * (KCDB_ATTR_MAX_ID + 1));
 
-    kcdb_property_tbl = 
+    kcdb_property_tbl =
         PMALLOC(sizeof(kcdb_attrib_i *) * KCDB_ATTR_MAX_PROPS);
     assert(kcdb_property_tbl != NULL);
-    ZeroMemory(kcdb_property_tbl, 
+    ZeroMemory(kcdb_property_tbl,
                sizeof(kcdb_attrib_i *) * KCDB_ATTR_MAX_PROPS);
 
     kcdb_attribs = NULL;
 
     /* register standard attributes */
-    
+
     /* Name */
     attrib.id = KCDB_ATTR_NAME;
     attrib.name = KCDB_ATTRNAME_NAME;
@@ -247,9 +247,9 @@ kcdb_attrib_init(void)
     LoadString(hinst_kcreddb, IDS_NAME, sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
-    attrib.flags = 
-        KCDB_ATTR_FLAG_REQUIRED | 
-        KCDB_ATTR_FLAG_COMPUTED | 
+    attrib.flags =
+        KCDB_ATTR_FLAG_REQUIRED |
+        KCDB_ATTR_FLAG_COMPUTED |
         KCDB_ATTR_FLAG_SYSTEM;
     attrib.compute_cb = kcdb_attr_sys_cb;
     attrib.compute_min_cbsize = sizeof(wchar_t);
@@ -264,9 +264,9 @@ kcdb_attrib_init(void)
     LoadString(hinst_kcreddb, IDS_IDENTITY, sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
-    attrib.flags = 
-        KCDB_ATTR_FLAG_REQUIRED | 
-        KCDB_ATTR_FLAG_COMPUTED | 
+    attrib.flags =
+        KCDB_ATTR_FLAG_REQUIRED |
+        KCDB_ATTR_FLAG_COMPUTED |
         KCDB_ATTR_FLAG_SYSTEM |
         KCDB_ATTR_FLAG_HIDDEN;
     attrib.compute_cb = kcdb_attr_sys_cb;
@@ -283,9 +283,9 @@ kcdb_attrib_init(void)
     LoadString(hinst_kcreddb, IDS_IDENTITY, sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
-    attrib.flags = 
-        KCDB_ATTR_FLAG_REQUIRED | 
-        KCDB_ATTR_FLAG_COMPUTED | 
+    attrib.flags =
+        KCDB_ATTR_FLAG_REQUIRED |
+        KCDB_ATTR_FLAG_COMPUTED |
         KCDB_ATTR_FLAG_ALTVIEW |
         KCDB_ATTR_FLAG_SYSTEM;
     attrib.compute_cb = kcdb_attr_sys_cb;
@@ -301,9 +301,9 @@ kcdb_attrib_init(void)
     LoadString(hinst_kcreddb, IDS_TYPE, sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
-    attrib.flags = 
-        KCDB_ATTR_FLAG_REQUIRED | 
-        KCDB_ATTR_FLAG_COMPUTED | 
+    attrib.flags =
+        KCDB_ATTR_FLAG_REQUIRED |
+        KCDB_ATTR_FLAG_COMPUTED |
         KCDB_ATTR_FLAG_SYSTEM |
         KCDB_ATTR_FLAG_HIDDEN;
     attrib.compute_cb = kcdb_attr_sys_cb;
@@ -320,8 +320,8 @@ kcdb_attrib_init(void)
     LoadString(hinst_kcreddb, IDS_TYPE, sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
-    attrib.flags = 
-        KCDB_ATTR_FLAG_REQUIRED | 
+    attrib.flags =
+        KCDB_ATTR_FLAG_REQUIRED |
         KCDB_ATTR_FLAG_COMPUTED |
         KCDB_ATTR_FLAG_ALTVIEW |
         KCDB_ATTR_FLAG_SYSTEM;
@@ -377,7 +377,7 @@ kcdb_attrib_init(void)
     attrib.id = KCDB_ATTR_RENEW_EXPIRE;
     attrib.name = KCDB_ATTRNAME_RENEW_EXPIRE;
     attrib.type = KCDB_TYPE_DATE;
-    LoadString(hinst_kcreddb, IDS_RENEW_EXPIRES, 
+    LoadString(hinst_kcreddb, IDS_RENEW_EXPIRES,
                sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
@@ -411,7 +411,7 @@ kcdb_attrib_init(void)
     attrib.alt_id = KCDB_ATTR_RENEW_EXPIRE;
     attrib.name = KCDB_ATTRNAME_RENEW_TIMELEFT;
     attrib.type = KCDB_TYPE_INTERVAL;
-    LoadString(hinst_kcreddb, 
+    LoadString(hinst_kcreddb,
                IDS_RENEW_TIMELEFT, sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
@@ -457,7 +457,7 @@ kcdb_attrib_init(void)
     attrib.id = KCDB_ATTR_RENEW_LIFETIME;
     attrib.name = KCDB_ATTRNAME_RENEW_LIFETIME;
     attrib.type = KCDB_TYPE_INTERVAL;
-    LoadString(hinst_kcreddb, 
+    LoadString(hinst_kcreddb,
                IDS_RENEW_LIFETIME, sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
@@ -475,9 +475,9 @@ kcdb_attrib_init(void)
     LoadString(hinst_kcreddb, IDS_FLAGS, sbuf, ARRAYLENGTH(sbuf));
     attrib.short_desc = sbuf;
     attrib.long_desc = NULL;
-    attrib.flags = 
-        KCDB_ATTR_FLAG_REQUIRED | 
-        KCDB_ATTR_FLAG_COMPUTED | 
+    attrib.flags =
+        KCDB_ATTR_FLAG_REQUIRED |
+        KCDB_ATTR_FLAG_COMPUTED |
         KCDB_ATTR_FLAG_SYSTEM |
         KCDB_ATTR_FLAG_HIDDEN;
     attrib.compute_cb = kcdb_attr_sys_cb;
@@ -487,11 +487,11 @@ kcdb_attrib_init(void)
     kcdb_attrib_register(&attrib, NULL);
 }
 
-void 
+void
 kcdb_attrib_exit(void)
 {
     DeleteCriticalSection(&cs_attrib);
-    
+
     if(kcdb_attrib_tbl)
         PFREE(kcdb_attrib_tbl);
 
@@ -499,7 +499,7 @@ kcdb_attrib_exit(void)
         PFREE(kcdb_property_tbl);
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_attrib_get_id(const wchar_t *name, khm_int32 * id)
 {
     kcdb_attrib_i * ai;
@@ -520,7 +520,7 @@ kcdb_attrib_get_id(const wchar_t *name, khm_int32 * id)
     }
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_attrib_register(const kcdb_attrib * attrib, khm_int32 * new_id)
 {
     kcdb_attrib_i * ai;
@@ -553,7 +553,7 @@ kcdb_attrib_register(const kcdb_attrib * attrib, khm_int32 * new_id)
     } else
         cb_long_desc = 0;
 
-    if((attrib->flags & KCDB_ATTR_FLAG_COMPUTED) && 
+    if((attrib->flags & KCDB_ATTR_FLAG_COMPUTED) &&
         (!attrib->compute_cb ||
         attrib->compute_min_cbsize <= 0 ||
         attrib->compute_max_cbsize < attrib->compute_min_cbsize))
@@ -568,15 +568,15 @@ kcdb_attrib_register(const kcdb_attrib * attrib, khm_int32 * new_id)
 
     EnterCriticalSection(&cs_attrib);
 
-    if(!prop && 
-       (attrib->id < 0 || attrib->id > KCDB_ATTR_MAX_ID)) 
+    if(!prop &&
+       (attrib->id < 0 || attrib->id > KCDB_ATTR_MAX_ID))
     {
         if(KHM_FAILED(kcdb_attrib_next_free_id(&attr_id))) {
             LeaveCriticalSection(&cs_attrib);
             return KHM_ERROR_NO_RESOURCES;
         }
     } else if (prop &&
-               (attrib->id < KCDB_ATTR_MIN_PROP_ID || 
+               (attrib->id < KCDB_ATTR_MIN_PROP_ID ||
                 attrib->id > KCDB_ATTR_MAX_PROP_ID)) {
 
         if(KHM_FAILED(kcdb_attrib_next_free_prop_id(&attr_id))) {
@@ -644,7 +644,7 @@ kcdb_attrib_register(const kcdb_attrib * attrib, khm_int32 * new_id)
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_attrib_get_info(
-    khm_int32 id, 
+    khm_int32 id,
     kcdb_attrib ** attrib)
 {
     kcdb_attrib_i * ai;
@@ -692,9 +692,9 @@ KHMEXP khm_int32 KHMAPI kcdb_attrib_unregister(khm_int32 id)
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_attrib_describe(
-    khm_int32 id, 
-    wchar_t * buffer, 
-    khm_size * cbsize, 
+    khm_int32 id,
+    wchar_t * buffer,
+    khm_size * cbsize,
     khm_int32 flags)
 {
     kcdb_attrib_i * ai;
@@ -708,7 +708,7 @@ KHMEXP khm_int32 KHMAPI kcdb_attrib_describe(
         prop = FALSE;
     else if(id >= KCDB_ATTR_MIN_PROP_ID && id <= KCDB_ATTR_MAX_PROP_ID)
         prop = TRUE;
-    else 
+    else
 	return KHM_ERROR_INVALID_PARAM;
 
     if(prop)
@@ -720,7 +720,7 @@ KHMEXP khm_int32 KHMAPI kcdb_attrib_describe(
         return KHM_ERROR_NOT_FOUND;
 
     if((flags & KCDB_TS_SHORT) &&
-        ai->attr.short_desc) 
+        ai->attr.short_desc)
     {
         if(FAILED(StringCbLength(ai->attr.short_desc, KCDB_MAXCB_SHORT_DESC, &cb_size)))
             return KHM_ERROR_UNKNOWN;
diff --git a/src/windows/identity/kcreddb/buf.c b/src/windows/identity/kcreddb/buf.c
index 521baeb97..14038decf 100644
--- a/src/windows/identity/kcreddb/buf.c
+++ b/src/windows/identity/kcreddb/buf.c
@@ -142,11 +142,11 @@ void kcdb_buf_alloc(kcdb_buf * buf, khm_size slot, khm_ui_2 id, khm_size cbsize)
                 buf->cb_used - (f->offset + cbold));
 
             for(i=0; i < (int) buf->n_fields; i++) {
-                if(i != slot && 
+                if(i != slot &&
                     (buf->fields[i].flags & KCDB_CREDF_FLAG_ALLOCD) &&
-                    buf->fields[i].offset > f->offset) 
+                    buf->fields[i].offset > f->offset)
                 {
-                    buf->fields[i].offset = 
+                    buf->fields[i].offset =
                         (khm_ui_4)(((khm_ssize) buf->fields[i].offset) + cbdelta);
                 }
             }
@@ -183,7 +183,7 @@ void kcdb_buf_dup(kcdb_buf * dest, const kcdb_buf * src)
 #if 0
         /* replaced by UBOUNDSS() above */
         (src->cb_used <= kcdb_cred_initial_size)? kcdb_cred_initial_size:
-        kcdb_cred_initial_size + 
+        kcdb_cred_initial_size +
             (((src->cb_used - (kcdb_cred_initial_size + 1)) / kcdb_cred_growth_factor + 1) * kcdb_cred_growth_factor);
 #endif
 
@@ -241,7 +241,7 @@ int kcdb_buf_val_exist(kcdb_buf * buf, khm_size slot)
 
 void * kcdb_buf_get(kcdb_buf * buf, khm_size slot)
 {
-    if(slot >= buf->n_fields || 
+    if(slot >= buf->n_fields ||
         !(buf->fields[slot].flags & KCDB_CREDF_FLAG_ALLOCD))
         return NULL;
     return (((BYTE *) buf->buffer) + buf->fields[slot].offset);
@@ -249,7 +249,7 @@ void * kcdb_buf_get(kcdb_buf * buf, khm_size slot)
 
 khm_size kcdb_buf_size(kcdb_buf * buf, khm_size slot)
 {
-    if(slot >= buf->n_fields || 
+    if(slot >= buf->n_fields ||
         !(buf->fields[slot].flags & KCDB_CREDF_FLAG_ALLOCD))
         return 0;
     return (buf->fields[slot].cbsize);
@@ -257,7 +257,7 @@ khm_size kcdb_buf_size(kcdb_buf * buf, khm_size slot)
 
 void kcdb_buf_set_value_flag(kcdb_buf * buf, khm_size slot)
 {
-    if(slot >= buf->n_fields || 
+    if(slot >= buf->n_fields ||
         !(buf->fields[slot].flags & KCDB_CREDF_FLAG_ALLOCD))
         return;
 
@@ -282,10 +282,10 @@ khm_size kcdb_buf_slot_by_id(kcdb_buf * buf, khm_ui_2 id)
 /* API for accessing generic buffers */
 
 KHMEXP khm_int32 KHMAPI kcdb_buf_get_attr(
-    khm_handle  record, 
-    khm_int32   attr_id, 
-    khm_int32 * attr_type, 
-    void *      buffer, 
+    khm_handle  record,
+    khm_int32   attr_id,
+    khm_int32 * attr_type,
+    void *      buffer,
     khm_size *  pcb_buf)
 {
     if(kcdb_cred_is_active_cred(record))
@@ -388,4 +388,3 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_release(khm_handle record)
     else
         return KHM_ERROR_INVALID_PARAM;
 }
-
diff --git a/src/windows/identity/kcreddb/credential.c b/src/windows/identity/kcreddb/credential.c
index c241943d0..12618f237 100644
--- a/src/windows/identity/kcreddb/credential.c
+++ b/src/windows/identity/kcreddb/credential.c
@@ -59,11 +59,11 @@ void kcdb_cred_exit(void)
     can be called by kcdb_cred_dup with a write lock on l_creds and in other
     places with a read lock on l_creds.  New credentials must be creatable while
     holding either lock. */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_create(const wchar_t *   name, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_create(const wchar_t *   name,
                  khm_handle  identity,
                  khm_int32   cred_type,
-                 khm_handle * result) 
+                 khm_handle * result)
 {
     kcdb_cred * cred;
     size_t cb_name;
@@ -87,7 +87,7 @@ kcdb_cred_create(const wchar_t *   name,
     cred->type = cred_type;
 
     cred->refcount = 1; /* initially held */
-    
+
     LINIT(cred);
 
     kcdb_buf_new(&cred->buf, KCDB_ATTR_MAX_ID + 1);
@@ -218,7 +218,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_dup(
     if(KHM_FAILED(kcdb_cred_create(cred->name,
                                    cred->identity,
                                    cred->type,
-                                   &vnewcred))) 
+                                   &vnewcred)))
     {
         code = KHM_ERROR_UNKNOWN;
         goto _exit;
@@ -317,9 +317,9 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_type(
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_cred_set_attrib(
-    khm_handle cred, 
-    const wchar_t * name, 
-    void * buffer, 
+    khm_handle cred,
+    const wchar_t * name,
+    void * buffer,
     khm_size cbbuf)
 {
     khm_int32 attr_id = -1;
@@ -335,9 +335,9 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_set_attrib(
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_cred_set_attr(
-    khm_handle vcred, 
-    khm_int32 attr_id, 
-    void * buffer, 
+    khm_handle vcred,
+    khm_int32 attr_id,
+    void * buffer,
     khm_size cbbuf)
 {
     kcdb_cred * cred;
@@ -400,7 +400,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_set_attr(
     }
 
     if(KHM_FAILED(code =
-        type->dup(buffer, cbbuf, kcdb_cred_buf_get(cred,attr_id), &cbdest))) 
+        type->dup(buffer, cbbuf, kcdb_cred_buf_get(cred,attr_id), &cbdest)))
     {
         kcdb_buf_alloc(&cred->buf, attr_id, (khm_ui_2) attr_id, 0);
         goto _exit;
@@ -420,11 +420,11 @@ _exit:
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib(
-    khm_handle cred, 
-    const wchar_t * name, 
+    khm_handle cred,
+    const wchar_t * name,
     khm_int32 * attr_type,
-    void * buffer, 
-    khm_size * cbbuf) 
+    void * buffer,
+    khm_size * cbbuf)
 {
     khm_int32 attr_id = -1;
 
@@ -440,11 +440,11 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib(
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib_string(
-    khm_handle cred, 
-    const wchar_t * name, 
-    wchar_t * buffer, 
+    khm_handle cred,
+    const wchar_t * name,
+    wchar_t * buffer,
     khm_size * cbbuf,
-    khm_int32 flags) 
+    khm_int32 flags)
 {
     khm_int32 attr_id = -1;
 
@@ -459,11 +459,11 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib_string(
         flags);
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_get_attr(khm_handle vcred, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_get_attr(khm_handle vcred,
                    khm_int32 attr_id,
                    khm_int32 * attr_type,
-                   void * buffer, 
+                   void * buffer,
                    khm_size * pcbbuf)
 {
     khm_int32 code = KHM_ERROR_SUCCESS;
@@ -530,9 +530,9 @@ _exit:
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_cred_get_attr_string(
-    khm_handle vcred, 
+    khm_handle vcred,
     khm_int32 attr_id,
-    wchar_t * buffer, 
+    wchar_t * buffer,
     khm_size * pcbbuf,
     khm_int32 flags)
 {
@@ -627,8 +627,8 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_attr_string(
 
 
 KHMEXP khm_int32 KHMAPI kcdb_cred_get_name(
-    khm_handle vcred, 
-    wchar_t * buffer, 
+    khm_handle vcred,
+    wchar_t * buffer,
     khm_size * cbbuf)
 {
     khm_int32 code = KHM_ERROR_SUCCESS;
@@ -639,7 +639,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_name(
         return KHM_ERROR_INVALID_PARAM;
 
     kcdb_cred_lock_read();
-    
+
     if(!kcdb_cred_is_active_cred(vcred)) {
         code = KHM_ERROR_INVALID_PARAM;
         goto _exit;
@@ -671,7 +671,7 @@ _exit:
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_cred_get_identity(
-    khm_handle vcred, 
+    khm_handle vcred,
     khm_handle * identity)
 {
     khm_int32 code = KHM_ERROR_SUCCESS;
@@ -692,7 +692,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_identity(
     kcdb_identity_hold((khm_handle) cred->identity);
 
     *identity = cred->identity;
-    
+
 _exit:
     kcdb_cred_unlock_read();
     return code;
@@ -739,7 +739,7 @@ _exit:
     kcdb_cred_unlock_write();
 
     kcdb_cred_check_and_delete(vcred);
-    
+
     return code;
 }
 
@@ -809,9 +809,9 @@ _exit:
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_creds_comp_attrib(khm_handle cred1, 
-                       khm_handle cred2, 
+KHMEXP khm_int32 KHMAPI
+kcdb_creds_comp_attrib(khm_handle cred1,
+                       khm_handle cred2,
                        const wchar_t * name)
 {
     khm_int32 attr_id;
@@ -822,9 +822,9 @@ kcdb_creds_comp_attrib(khm_handle cred1,
     return kcdb_creds_comp_attr(cred1, cred2, attr_id);
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_creds_comp_attr(khm_handle vcred1, 
-                     khm_handle vcred2, 
+KHMEXP khm_int32 KHMAPI
+kcdb_creds_comp_attr(khm_handle vcred1,
+                     khm_handle vcred2,
                      khm_int32 attr_id)
 {
     khm_int32 code = 0;
@@ -879,11 +879,11 @@ kcdb_creds_comp_attr(khm_handle vcred1,
 
         code = 0;
 
-        if(attrib->compute_cb(vcred1, attr_id, 
+        if(attrib->compute_cb(vcred1, attr_id,
                               NULL, &cb1) != KHM_ERROR_TOO_LONG)
             goto _exit_1;
 
-        if(attrib->compute_cb(vcred2, attr_id, 
+        if(attrib->compute_cb(vcred2, attr_id,
                               NULL, &cb2) != KHM_ERROR_TOO_LONG)
             goto _exit_1;
 
@@ -910,7 +910,7 @@ kcdb_creds_comp_attr(khm_handle vcred1,
         code = type->comp(buf1, cb1,
                           buf2, cb2);
 _exit_1:
-        if(buf1 && (buf1 < (void *)vbuf || 
+        if(buf1 && (buf1 < (void *)vbuf ||
                     buf1 >= (void*)(vbuf + sizeof(vbuf))))
             PFREE(buf1);
         if(buf2 && (buf2 < (void *)vbuf ||
@@ -933,7 +933,7 @@ _exit:
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_creds_is_equal(khm_handle vcred1,
                     khm_handle vcred2)
 {
@@ -982,7 +982,7 @@ _exit:
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_get_flags(khm_handle vcred,
                     khm_int32 * pflags)
 {
@@ -1006,13 +1006,13 @@ kcdb_cred_get_flags(khm_handle vcred,
 
     /* Update flags if necessary */
 
-    if (!(f & KCDB_CRED_FLAG_EXPIRED) && 
+    if (!(f & KCDB_CRED_FLAG_EXPIRED) &&
         kcdb_cred_buf_exist(cred, KCDB_ATTR_EXPIRE)) {
 
         FILETIME ftc;
-            
+
         GetSystemTimeAsFileTime(&ftc);
-        if (CompareFileTime(&ftc, ((FILETIME *) 
+        if (CompareFileTime(&ftc, ((FILETIME *)
                                    kcdb_cred_buf_get(cred, KCDB_ATTR_EXPIRE)))
             >= 0)
             f |= KCDB_CRED_FLAG_EXPIRED;
diff --git a/src/windows/identity/kcreddb/credset.c b/src/windows/identity/kcreddb/credset.c
index 92f6c0519..007a54b23 100644
--- a/src/windows/identity/kcreddb/credset.c
+++ b/src/windows/identity/kcreddb/credset.c
@@ -31,7 +31,7 @@ CRITICAL_SECTION cs_credset;
 kcdb_credset * kcdb_credsets = NULL;
 kcdb_credset * kcdb_root_credset = NULL;
 
-void 
+void
 kcdb_credset_init(void)
 {
     khm_handle rc;
@@ -44,7 +44,7 @@ kcdb_credset_init(void)
     kcdb_root_credset->flags |= KCDB_CREDSET_FLAG_ROOT;
 }
 
-void 
+void
 kcdb_credset_exit(void)
 {
     /*TODO: free the credsets */
@@ -52,20 +52,20 @@ kcdb_credset_exit(void)
 }
 
 /* called on an unreleased credset, or with credset::cs held */
-void 
+void
 kcdb_credset_buf_new(kcdb_credset * cs)
 {
-    cs->clist = PMALLOC(KCDB_CREDSET_INITIAL_SIZE * 
+    cs->clist = PMALLOC(KCDB_CREDSET_INITIAL_SIZE *
                         sizeof(kcdb_credset_credref));
-    ZeroMemory(cs->clist, 
-               KCDB_CREDSET_INITIAL_SIZE * 
+    ZeroMemory(cs->clist,
+               KCDB_CREDSET_INITIAL_SIZE *
                sizeof(kcdb_credset_credref));
     cs->nc_clist = KCDB_CREDSET_INITIAL_SIZE;
     cs->nclist = 0;
 }
 
 /* called on an unreleased credset, or with credset::cs held */
-void 
+void
 kcdb_credset_buf_delete(kcdb_credset * cs)
 {
     PFREE(cs->clist);
@@ -73,14 +73,14 @@ kcdb_credset_buf_delete(kcdb_credset * cs)
     cs->nclist = 0;
 }
 
-void 
+void
 kcdb_credset_buf_assert_size(kcdb_credset * cs, khm_int32 nclist)
 {
     if(cs->nc_clist < nclist) {
         kcdb_credset_credref * new_clist;
-        
+
         /* nclist had better be greater than KCDB_CREDSET_INITIAL_SIZE */
-        nclist = KCDB_CREDSET_INITIAL_SIZE + 
+        nclist = KCDB_CREDSET_INITIAL_SIZE +
             (((nclist - (KCDB_CREDSET_INITIAL_SIZE + 1)) / KCDB_CREDSET_GROWTH_FACTOR) + 1) *
             KCDB_CREDSET_GROWTH_FACTOR;
 
@@ -94,7 +94,7 @@ kcdb_credset_buf_assert_size(kcdb_credset * cs, khm_int32 nclist)
     }
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_create(khm_handle * result)
 {
     kcdb_credset * cs;
@@ -118,7 +118,7 @@ kcdb_credset_create(khm_handle * result)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_delete(khm_handle vcredset)
 {
     kcdb_credset * cs;
@@ -163,7 +163,7 @@ cl1 and cl2.
 
 cl1 and cl2 will be modified.
 */
-khm_int32 
+khm_int32
 kcdb_credset_collect_core(kcdb_credset * cs1,
                           kcdb_cred ** cl1,
                           khm_int32 ncl1,
@@ -177,9 +177,9 @@ kcdb_credset_collect_core(kcdb_credset * cs1,
     khm_int32 rv;
 
     /* find matching creds and update them */
-    for(i=0; i<ncl1; i++) 
+    for(i=0; i<ncl1; i++)
         if(cl1[i]) {
-            for(j=0; j<ncl2; j++) 
+            for(j=0; j<ncl2; j++)
                 if(cl2[j] && kcdb_creds_is_equal((khm_handle) cl1[i], (khm_handle) cl2[j])) {
                     /* they are equivalent. make them equal */
 
@@ -234,10 +234,10 @@ kcdb_credset_collect_core(kcdb_credset * cs1,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_collect(khm_handle cs_dest,
-		     khm_handle cs_src, 
-		     khm_handle identity, 
+		     khm_handle cs_src,
+		     khm_handle identity,
 		     khm_int32 type,
 		     khm_int32 * delta)
 {
@@ -328,7 +328,7 @@ kcdb_credset_collect(khm_handle cs_dest,
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_collect_filtered(khm_handle cs_dest,
 			      khm_handle cs_src,
 			      kcdb_cred_filter_func filter,
@@ -386,9 +386,9 @@ kcdb_credset_collect_filtered(khm_handle cs_dest,
     rcs->flags |= KCDB_CREDSET_FLAG_ENUM;
 
     for(i=0; i<rcs->nclist; i++) {
-        if(rcs->clist[i].cred && 
-           (*filter)((khm_handle)rcs->clist[i].cred, 
-                     KCDB_CREDCOLL_FILTER_DEST | rcs_f, 
+        if(rcs->clist[i].cred &&
+           (*filter)((khm_handle)rcs->clist[i].cred,
+                     KCDB_CREDCOLL_FILTER_DEST | rcs_f,
                      rock))
         {
             r_sel[nr_sel++] = rcs->clist[i].cred;
@@ -433,7 +433,7 @@ kcdb_credset_collect_filtered(khm_handle cs_dest,
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_flush(khm_handle vcredset)
 {
     int i;
@@ -464,10 +464,10 @@ kcdb_credset_flush(khm_handle vcredset)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_credset_extract(khm_handle destcredset, 
-		     khm_handle sourcecredset, 
-		     khm_handle identity, 
+KHMEXP khm_int32 KHMAPI
+kcdb_credset_extract(khm_handle destcredset,
+		     khm_handle sourcecredset,
+		     khm_handle identity,
 		     khm_int32 type)
 {
     khm_int32 code = KHM_ERROR_SUCCESS;
@@ -543,7 +543,7 @@ _exit:
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_extract_filtered(khm_handle destcredset,
 			      khm_handle sourcecredset,
 			      kcdb_cred_filter_func filter,
@@ -623,7 +623,7 @@ _exit:
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_apply(khm_handle vcredset, kcdb_cred_apply_func f,
 		   void * rock)
 {
@@ -666,7 +666,7 @@ kcdb_credset_apply(khm_handle vcredset, kcdb_cred_apply_func f,
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_get_cred(khm_handle vcredset,
 		      khm_int32 idx,
 		      khm_handle * cred)
@@ -699,7 +699,7 @@ kcdb_credset_get_cred(khm_handle vcredset,
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_find_filtered(khm_handle credset,
 			   khm_int32 idx_start,
 			   kcdb_cred_filter_func f,
@@ -758,7 +758,7 @@ kcdb_credset_find_filtered(khm_handle credset,
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_find_cred(khm_handle vcredset,
                        khm_handle vcred_src,
                        khm_handle *cred_dest) {
@@ -800,7 +800,7 @@ kcdb_credset_find_cred(khm_handle vcredset,
     }
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_del_cred(khm_handle vcredset,
 		      khm_int32 idx)
 {
@@ -827,9 +827,9 @@ kcdb_credset_del_cred(khm_handle vcredset,
     if (!(cs->flags & KCDB_CREDSET_FLAG_ENUM)) {
 
         if(idx + 1 < cs->nclist)
-            memmove(&(cs->clist[idx]), 
-                    &(cs->clist[idx+1]), 
-                    sizeof(kcdb_credset_credref) * 
+            memmove(&(cs->clist[idx]),
+                    &(cs->clist[idx+1]),
+                    sizeof(kcdb_credset_credref) *
                     (cs->nclist - (idx + 1)));
 
         cs->nclist--;
@@ -843,7 +843,7 @@ _exit:
     return code;
 }
 
-khm_int32 
+khm_int32
 kcdb_credset_update_cred_ref(khm_handle credset,
 			     khm_handle cred)
 {
@@ -873,7 +873,7 @@ kcdb_credset_update_cred_ref(khm_handle credset,
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_del_cred_ref(khm_handle credset,
 			  khm_handle cred)
 {
@@ -906,7 +906,7 @@ kcdb_credset_del_cred_ref(khm_handle credset,
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_add_cred(khm_handle credset,
 		      khm_handle cred,
 		      khm_int32 idx)
@@ -948,7 +948,7 @@ kcdb_credset_add_cred(khm_handle credset,
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_get_size(khm_handle credset,
 		      khm_size * size)
 {
@@ -1016,7 +1016,7 @@ kcdb_credset_purge(khm_handle credset)
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_seal(khm_handle credset) {
     kcdb_credset * cs;
 
@@ -1059,15 +1059,15 @@ static void * _creds_comp_rock = NULL;
 static kcdb_cred_comp_func _creds_comp_func = NULL;
 
 /* Need cs_credset when calling this function. */
-int __cdecl 
+int __cdecl
 kcdb_creds_comp_wrapper(const void * a, const void * b)
 {
-    return (*_creds_comp_func)((khm_handle) ((kcdb_credset_credref *)a)->cred, 
-                               (khm_handle) ((kcdb_credset_credref *)b)->cred, 
+    return (*_creds_comp_func)((khm_handle) ((kcdb_credset_credref *)a)->cred,
+                               (khm_handle) ((kcdb_credset_credref *)b)->cred,
                                _creds_comp_rock);
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_sort(khm_handle credset,
 		  kcdb_cred_comp_func comp,
 		  void * rock)
@@ -1103,9 +1103,9 @@ kcdb_credset_sort(khm_handle credset,
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_comp_generic(khm_handle cred1, 
-		       khm_handle cred2, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_comp_generic(khm_handle cred1,
+		       khm_handle cred2,
 		       void * rock)
 {
     kcdb_cred_comp_order * o = (kcdb_cred_comp_order *) rock;
diff --git a/src/windows/identity/kcreddb/credtype.c b/src/windows/identity/kcreddb/credtype.c
index b88852cfc..176d1b350 100644
--- a/src/windows/identity/kcreddb/credtype.c
+++ b/src/windows/identity/kcreddb/credtype.c
@@ -72,8 +72,8 @@ void kcdb_credtype_check_and_delete(khm_int32 id)
     }
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_credtype_register(const kcdb_credtype * type, khm_int32 * new_id) 
+KHMEXP khm_int32 KHMAPI
+kcdb_credtype_register(const kcdb_credtype * type, khm_int32 * new_id)
 {
     khm_int32 id;
     kcdb_credtype_i * ict;
@@ -174,7 +174,7 @@ kcdb_credtype_register(const kcdb_credtype * type, khm_int32 * new_id)
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_credtype_get_info(
-    khm_int32 id, 
+    khm_int32 id,
     kcdb_credtype ** type)
 {
     int found = 0;
@@ -183,8 +183,8 @@ KHMEXP khm_int32 KHMAPI kcdb_credtype_get_info(
         return KHM_ERROR_INVALID_PARAM;
 
     EnterCriticalSection(&cs_credtype);
-    if(kcdb_credtype_tbl[id] && 
-        !(kcdb_credtype_tbl[id]->flags & KCDB_CTI_FLAG_DELETED)) 
+    if(kcdb_credtype_tbl[id] &&
+        !(kcdb_credtype_tbl[id]->flags & KCDB_CTI_FLAG_DELETED))
     {
         found = 1;
         if(type) {
@@ -203,7 +203,7 @@ KHMEXP khm_int32 KHMAPI kcdb_credtype_get_info(
         return KHM_ERROR_NOT_FOUND;
 }
 
-KHMEXP khm_int32 KHMAPI kcdb_credtype_release_info(kcdb_credtype * type) 
+KHMEXP khm_int32 KHMAPI kcdb_credtype_release_info(kcdb_credtype * type)
 {
     kcdb_credtype_i * ict;
 
@@ -214,7 +214,7 @@ KHMEXP khm_int32 KHMAPI kcdb_credtype_release_info(kcdb_credtype * type)
     return kcdb_credtype_release(ict);
 }
 
-KHMEXP khm_int32 KHMAPI kcdb_credtype_unregister(khm_int32 id) 
+KHMEXP khm_int32 KHMAPI kcdb_credtype_unregister(khm_int32 id)
 {
     kcdb_credtype_i * ict;
 
@@ -330,7 +330,7 @@ KHMEXP khm_int32 KHMAPI kcdb_credtype_get_name(
 }
 
 KHMEXP khm_int32 KHMAPI kcdb_credtype_get_id(
-    const wchar_t * name, 
+    const wchar_t * name,
     khm_int32 * id)
 {
     int i;
@@ -353,7 +353,7 @@ KHMEXP khm_int32 KHMAPI kcdb_credtype_get_id(
         return KHM_ERROR_NOT_FOUND;
 }
 
-khm_int32 kcdb_credtype_get_next_free_id(khm_int32 * id) 
+khm_int32 kcdb_credtype_get_next_free_id(khm_int32 * id)
 {
     int i;
 
@@ -374,7 +374,7 @@ khm_int32 kcdb_credtype_get_next_free_id(khm_int32 * id)
 }
 
 khm_int32 kcdb_credtype_hold(kcdb_credtype_i * ict) {
-    
+
     if(!ict)
         return KHM_ERROR_INVALID_PARAM;
 
@@ -385,7 +385,7 @@ khm_int32 kcdb_credtype_hold(kcdb_credtype_i * ict) {
 }
 
 khm_int32 kcdb_credtype_release(kcdb_credtype_i * ict) {
-    
+
     if(!ict)
         return KHM_ERROR_INVALID_PARAM;
 
@@ -396,7 +396,7 @@ khm_int32 kcdb_credtype_release(kcdb_credtype_i * ict) {
     return KHM_ERROR_SUCCESS;
 }
 
-void kcdb_credtype_msg_completion(kmq_message * m) 
+void kcdb_credtype_msg_completion(kmq_message * m)
 {
     kcdb_credtype_release((kcdb_credtype_i *) m->vparam);
 }
diff --git a/src/windows/identity/kcreddb/credtype.h b/src/windows/identity/kcreddb/credtype.h
index 3bb0a7d5e..1aeab81f0 100644
--- a/src/windows/identity/kcreddb/credtype.h
+++ b/src/windows/identity/kcreddb/credtype.h
@@ -25,7 +25,7 @@
 /* $Id$ */
 
 #ifndef __KHIMAIRA_KCDB_CREDTYPE_H
-#define __KHIMAIRA_KCDB_CREDTYPE_H 
+#define __KHIMAIRA_KCDB_CREDTYPE_H
 
 /* credtype */
 typedef struct kcdb_credtype_i_t {
diff --git a/src/windows/identity/kcreddb/identity.c b/src/windows/identity/kcreddb/identity.c
index 78cdedbf6..c6d443eed 100644
--- a/src/windows/identity/kcreddb/identity.c
+++ b/src/windows/identity/kcreddb/identity.c
@@ -34,7 +34,7 @@ khm_int32 kcdb_n_identities = 0;
 kcdb_identity * kcdb_identities = NULL;
 kcdb_identity * kcdb_def_identity = NULL;
 khm_handle kcdb_ident_sub = NULL; /* identity provider */
-khm_int32  kcdb_ident_cred_type = KCDB_CREDTYPE_INVALID; 
+khm_int32  kcdb_ident_cred_type = KCDB_CREDTYPE_INVALID;
 /* primary credentials type */
 khm_ui_4 kcdb_ident_refresh_cycle = 0;
 khm_boolean kcdb_checked_config = FALSE;
@@ -49,7 +49,7 @@ kcdb_identity_is_equal(khm_handle identity1,
 
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_provider(khm_handle sub)
 {
     EnterCriticalSection(&cs_ident);
@@ -75,7 +75,7 @@ kcdb_identity_set_provider(khm_handle sub)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_provider(khm_handle * sub)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -92,7 +92,7 @@ kcdb_identity_get_provider(khm_handle * sub)
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_type(khm_int32 cred_type)
 {
     EnterCriticalSection(&cs_ident);
@@ -102,7 +102,7 @@ kcdb_identity_set_type(khm_int32 cred_type)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_type(khm_int32 * ptype)
 {
     if (!ptype)
@@ -119,26 +119,26 @@ kcdb_identity_get_type(khm_int32 * ptype)
 }
 
 /* message completion routine */
-void 
+void
 kcdbint_ident_msg_completion(kmq_message * m) {
     kcdb_identity_release(m->vparam);
 }
 
-void 
+void
 kcdbint_ident_add_ref(const void * key, void * vid) {
     /* References in the hashtable are not refcounted */
 
     // kcdb_identity_hold(vid);
 }
 
-void 
+void
 kcdbint_ident_del_ref(const void * key, void * vid) {
     /* References in the hashtable are not refcounted */
 
     // kcdb_identity_release(vid);
 }
 
-void 
+void
 kcdbint_ident_init(void) {
     InitializeCriticalSection(&cs_ident);
     kcdb_identities_namemap = hash_new_hashtable(
@@ -149,7 +149,7 @@ kcdbint_ident_init(void) {
         kcdbint_ident_del_ref);
 }
 
-void 
+void
 kcdbint_ident_exit(void) {
     EnterCriticalSection(&cs_ident);
     hash_del_hashtable(kcdb_identities_namemap);
@@ -158,7 +158,7 @@ kcdbint_ident_exit(void) {
 }
 
 /* NOT called with cs_ident held */
-KHMEXP khm_boolean KHMAPI 
+KHMEXP khm_boolean KHMAPI
 kcdb_identity_is_valid_name(const wchar_t * name)
 {
     khm_int32 rv;
@@ -177,9 +177,9 @@ kcdb_identity_is_valid_name(const wchar_t * name)
         return KHM_SUCCEEDED(rv);
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_create(const wchar_t *name, 
-                     khm_int32 flags, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_create(const wchar_t *name,
+                     khm_int32 flags,
                      khm_handle * result) {
     kcdb_identity * id = NULL;
     kcdb_identity * id_tmp = NULL;
@@ -249,12 +249,12 @@ kcdb_identity_create(const wchar_t *name,
         khm_handle h_cfg;
 
         kcdb_identity_hold((khm_handle) id);
-        hash_add(kcdb_identities_namemap, 
-                 (void *) id->name, 
+        hash_add(kcdb_identities_namemap,
+                 (void *) id->name,
                  (void *) id);
         LPUSH(&kcdb_identities, id);
 
-        if(KHM_SUCCEEDED(kcdb_identity_get_config((khm_handle) id, 
+        if(KHM_SUCCEEDED(kcdb_identity_get_config((khm_handle) id,
                                                   0,
                                                   &h_cfg))) {
             /* don't need to set the KCDB_IDENT_FLAG_CONFIG flags
@@ -282,7 +282,7 @@ kcdb_identity_create(const wchar_t *name,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_delete(khm_handle vid) {
     kcdb_identity * id;
     khm_int32 code = KHM_ERROR_SUCCESS;
@@ -328,8 +328,8 @@ kcdb_identity_delete(khm_handle vid) {
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_set_flags(khm_handle vid, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_set_flags(khm_handle vid,
                         khm_int32 flag,
                         khm_int32 mask) {
     kcdb_identity * id;
@@ -400,15 +400,15 @@ kcdb_identity_set_flags(khm_handle vid,
         if ((flag ^ id->flags) & KCDB_IDENT_FLAG_STICKY) {
             khm_handle h_conf;
 
-            if (KHM_SUCCEEDED(kcdb_identity_get_config(vid, 
-                                                       KHM_FLAG_CREATE, 
+            if (KHM_SUCCEEDED(kcdb_identity_get_config(vid,
+                                                       KHM_FLAG_CREATE,
                                                        &h_conf))) {
                 khc_write_int32(h_conf, L"Sticky",
                                 !!(flag & KCDB_IDENT_FLAG_STICKY));
                 khc_close_space(h_conf);
             }
 
-            id->flags = 
+            id->flags =
                 ((id->flags & ~KCDB_IDENT_FLAG_STICKY) |
                  (flag & KCDB_IDENT_FLAG_STICKY));
 
@@ -440,13 +440,13 @@ kcdb_identity_set_flags(khm_handle vid,
 
     if((delta & KCDB_IDENT_FLAG_HIDDEN)) {
         kcdbint_ident_post_message(
-            (newflags & KCDB_IDENT_FLAG_HIDDEN)?KCDB_OP_HIDE:KCDB_OP_UNHIDE, 
+            (newflags & KCDB_IDENT_FLAG_HIDDEN)?KCDB_OP_HIDE:KCDB_OP_UNHIDE,
             vid);
     }
 
     if((delta & KCDB_IDENT_FLAG_SEARCHABLE)) {
         kcdbint_ident_post_message(
-            (newflags & KCDB_IDENT_FLAG_SEARCHABLE)?KCDB_OP_SETSEARCH:KCDB_OP_UNSETSEARCH, 
+            (newflags & KCDB_IDENT_FLAG_SEARCHABLE)?KCDB_OP_SETSEARCH:KCDB_OP_UNSETSEARCH,
             vid);
     }
 
@@ -456,8 +456,8 @@ kcdb_identity_set_flags(khm_handle vid,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_get_flags(khm_handle vid, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_flags(khm_handle vid,
                         khm_int32 * flags) {
     kcdb_identity * id;
 
@@ -475,9 +475,9 @@ kcdb_identity_get_flags(khm_handle vid,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_get_name(khm_handle vid, 
-                       wchar_t * buffer, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_name(khm_handle vid,
+                       wchar_t * buffer,
                        khm_size * pcbsize) {
     size_t namesize;
     kcdb_identity * id;
@@ -503,7 +503,7 @@ kcdb_identity_get_name(khm_handle vid,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_default(khm_handle * pvid) {
     khm_handle def;
 
@@ -578,7 +578,7 @@ kcdbint_ident_set_default(khm_handle vid,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_default(khm_handle vid) {
     return kcdbint_ident_set_default(vid, TRUE);
 }
@@ -588,8 +588,8 @@ kcdb_identity_set_default_int(khm_handle vid) {
     return kcdbint_ident_set_default(vid, FALSE);
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_get_config(khm_handle vid, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_config(khm_handle vid,
                          khm_int32 flags,
                          khm_handle * result) {
     khm_handle hkcdb;
@@ -611,7 +611,7 @@ kcdb_identity_get_config(khm_handle vid,
             goto _exit;
 
         rv = khc_open_space(hidents,
-                            id->name, 
+                            id->name,
                             flags | KCONF_FLAG_NOPARSENAME,
                             &hident);
 
@@ -643,14 +643,14 @@ _exit:
 }
 
 /*! \note cs_ident must be available. */
-void 
+void
 kcdbint_ident_post_message(khm_int32 op, kcdb_identity * id) {
     kcdb_identity_hold(id);
     kmq_post_message(KMSG_KCDB, KMSG_KCDB_IDENT, op, (void *) id);
 }
 
 /*! \note cs_ident must be available. */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_hold(khm_handle vid) {
     kcdb_identity * id;
 
@@ -667,7 +667,7 @@ kcdb_identity_hold(khm_handle vid) {
 }
 
 /*! \note cs_ident must be available. */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_release(khm_handle vid) {
     kcdb_identity * id;
     khm_int32 refcount;
@@ -697,7 +697,7 @@ struct kcdb_idref_result {
     khm_size count;
 };
 
-static khm_int32 KHMAPI 
+static khm_int32 KHMAPI
 kcdbint_idref_proc(khm_handle cred, void * r) {
     khm_handle vid;
     struct kcdb_idref_result *result;
@@ -736,7 +736,7 @@ kcdbint_idref_proc(khm_handle cred, void * r) {
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_refresh(khm_handle vid) {
     kcdb_identity * ident;
     khm_int32 code = KHM_ERROR_SUCCESS;
@@ -780,7 +780,7 @@ kcdb_identity_refresh(khm_handle vid) {
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_refresh_all(void) {
     kcdb_identity * ident;
     kcdb_identity * next;
@@ -799,7 +799,7 @@ kcdb_identity_refresh_all(void) {
     do {
         hit_count = 0;
 
-        for (ident = kcdb_identities; 
+        for (ident = kcdb_identities;
              ident != NULL;
              ident = next) {
 
@@ -833,7 +833,7 @@ kcdb_identity_refresh_all(void) {
 /*****************************************/
 /* Custom property functions             */
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_attr(khm_handle vid,
                        khm_int32 attr_id,
                        void * buffer,
@@ -931,7 +931,7 @@ _exit:
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_attrib(khm_handle vid,
                          const wchar_t * attr_name,
                          void * buffer,
@@ -949,7 +949,7 @@ kcdb_identity_set_attrib(khm_handle vid,
         cbbuf);
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_attr(khm_handle vid,
                        khm_int32 attr_id,
                        khm_int32 * attr_type,
@@ -985,7 +985,7 @@ kcdb_identity_get_attr(khm_handle vid,
 
     if(!(id->flags & KCDB_IDENT_FLAG_ATTRIBS) ||
        (slot = kcdb_buf_slot_by_id(&id->buf, (khm_ui_2) attr_id)) == KCDB_BUF_INVALID_SLOT ||
-        !kcdb_buf_val_exist(&id->buf, slot)) 
+        !kcdb_buf_val_exist(&id->buf, slot))
     {
         code = KHM_ERROR_NOT_FOUND;
         goto _exit;
@@ -1026,7 +1026,7 @@ _exit:
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_attrib(khm_handle vid,
                          const wchar_t * attr_name,
                          khm_int32 * attr_type,
@@ -1045,7 +1045,7 @@ kcdb_identity_get_attrib(khm_handle vid,
                                   pcbbuf);
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_attr_string(khm_handle vid,
                               khm_int32 attr_id,
                               wchar_t * buffer,
@@ -1078,7 +1078,7 @@ kcdb_identity_get_attr_string(khm_handle vid,
 
     if(!(id->flags & KCDB_IDENT_FLAG_ATTRIBS) ||
        (slot = kcdb_buf_slot_by_id(&id->buf, (khm_ui_2) attr_id)) == KCDB_BUF_INVALID_SLOT ||
-        !kcdb_buf_val_exist(&id->buf, slot)) 
+        !kcdb_buf_val_exist(&id->buf, slot))
     {
         code = KHM_ERROR_NOT_FOUND;
         goto _exit;
@@ -1122,7 +1122,7 @@ _exit:
     return code;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_attrib_string(khm_handle vid,
                                 const wchar_t * attr_name,
                                 wchar_t * buffer,
@@ -1146,7 +1146,7 @@ kcdb_identity_get_attrib_string(khm_handle vid,
 /* Identity provider interface functions */
 
 /* NOT called with cs_ident held */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_validate_name(const wchar_t * name)
 {
     kcdb_ident_name_xfer namex;
@@ -1165,7 +1165,7 @@ kcdb_identpro_validate_name(const wchar_t * name)
     if(wcsspn(name, KCDB_IDENT_VALID_CHARS) != cch)
         return KHM_ERROR_INVALID_NAME;
 #endif
-    
+
     EnterCriticalSection(&cs_ident);
     if(kcdb_ident_sub != NULL) {
         sub = kcdb_ident_sub;
@@ -1189,11 +1189,11 @@ kcdb_identpro_validate_name(const wchar_t * name)
 
         rv = namex.result;
     }
-    
+
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_validate_identity(khm_handle identity)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -1210,7 +1210,7 @@ kcdb_identpro_validate_identity(khm_handle identity)
         rv = KHM_ERROR_NO_PROVIDER;
     }
     LeaveCriticalSection(&cs_ident);
-    
+
     if(sub != NULL) {
         rv = kmq_send_sub_msg(sub,
                               KMSG_IDENT,
@@ -1222,9 +1222,9 @@ kcdb_identpro_validate_identity(khm_handle identity)
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kcdb_identpro_canon_name(const wchar_t * name_in, 
-                         wchar_t * name_out, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_canon_name(const wchar_t * name_in,
+                         wchar_t * name_out,
                          khm_size * cb_name_out)
 {
     khm_handle sub;
@@ -1260,7 +1260,7 @@ kcdb_identpro_canon_name(const wchar_t * name_in,
                               KMSG_IDENT_CANON_NAME,
                               0,
                               (void *) &namex);
-        
+
         if(KHM_SUCCEEDED(namex.result)) {
             const wchar_t * name_result;
             khm_size cb;
@@ -1269,7 +1269,7 @@ kcdb_identpro_canon_name(const wchar_t * name_in,
                 name_result = name_tmp;
             else
                 name_result = name_in;
-			
+
             if(FAILED(StringCbLength(name_result, KCDB_IDENT_MAXCB_NAME, &cb)))
                 rv = KHM_ERROR_UNKNOWN;
             else {
@@ -1289,7 +1289,7 @@ kcdb_identpro_canon_name(const wchar_t * name_in,
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_compare_name(const wchar_t * name1,
                            const wchar_t * name2)
 {
@@ -1328,13 +1328,13 @@ kcdb_identpro_compare_name(const wchar_t * name1,
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_set_default(khm_handle identity)
 {
     khm_handle sub;
     khm_int32 rv = KHM_ERROR_SUCCESS;
 
-    if((identity != NULL) && 
+    if((identity != NULL) &&
        !kcdb_is_active_identity(identity))
         return KHM_ERROR_INVALID_PARAM;
 
@@ -1358,7 +1358,7 @@ kcdb_identpro_set_default(khm_handle identity)
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_set_searchable(khm_handle identity,
                              khm_boolean searchable)
 {
@@ -1390,7 +1390,7 @@ kcdb_identpro_set_searchable(khm_handle identity,
 }
 
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_update(khm_handle identity)
 {
     khm_handle sub;
@@ -1419,7 +1419,7 @@ kcdb_identpro_update(khm_handle identity)
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_notify_create(khm_handle identity)
 {
     khm_handle sub;
@@ -1449,7 +1449,7 @@ kcdb_identpro_notify_create(khm_handle identity)
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_get_ui_cb(void * rock)
 {
     khm_handle sub;
@@ -1476,7 +1476,7 @@ kcdb_identpro_get_ui_cb(void * rock)
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_enum(khm_int32 and_flags,
                    khm_int32 eq_flags,
                    wchar_t * name_buf,
@@ -1550,7 +1550,7 @@ kcdb_identity_enum(khm_int32 and_flags,
     for ( id = kcdb_identities;
           id != NULL;
           id = LNEXT(id) ) {
-        if (((id->flags & KCDB_IDENT_FLAG_ACTIVE) == 
+        if (((id->flags & KCDB_IDENT_FLAG_ACTIVE) ==
              KCDB_IDENT_FLAG_ACTIVE) &&
             ((id->flags & and_flags) == eq_flags)) {
             n_idents ++;
@@ -1559,7 +1559,7 @@ kcdb_identity_enum(khm_int32 and_flags,
             assert(SUCCEEDED(hr));
 #endif
             cb_req += cb_curr + sizeof(wchar_t);
-        } 
+        }
     }
 
     cb_req += sizeof(wchar_t);
@@ -1577,15 +1577,15 @@ kcdb_identity_enum(khm_int32 and_flags,
         for (id = kcdb_identities;
              id != NULL;
              id = LNEXT(id)) {
-            if (((id->flags & KCDB_IDENT_FLAG_ACTIVE) == 
+            if (((id->flags & KCDB_IDENT_FLAG_ACTIVE) ==
                  KCDB_IDENT_FLAG_ACTIVE) &&
                 ((id->flags & and_flags) == eq_flags)) {
-                StringCchLength(id->name, KCDB_IDENT_MAXCCH_NAME, 
+                StringCchLength(id->name, KCDB_IDENT_MAXCCH_NAME,
                                 &cch_curr);
                 cch_curr++;
                 StringCchCopy(name_buf, cch_left, id->name);
                 cch_left -= cch_curr;
-                name_buf += cch_curr; 
+                name_buf += cch_curr;
             }
         }
 
diff --git a/src/windows/identity/kcreddb/kcreddb.h b/src/windows/identity/kcreddb/kcreddb.h
index 6621d43cc..e58c8ffa3 100644
--- a/src/windows/identity/kcreddb/kcreddb.h
+++ b/src/windows/identity/kcreddb/kcreddb.h
@@ -34,37 +34,37 @@
 /*! \defgroup kcdb NetIDMgr Credentials Database */
 /*@{*/
 
-/*! \brief Maximum length in characters of short description 
+/*! \brief Maximum length in characters of short description
 
     The length includes the terminating \a NULL character.
     */
 #define KCDB_MAXCCH_SHORT_DESC  256
 
-/*! \brief Maximum length in bytes of short description 
+/*! \brief Maximum length in bytes of short description
 
     The length includes the terminating \a NULL character.
     */
 #define KCDB_MAXCB_SHORT_DESC   (sizeof(wchar_t) * KCDB_MAXCCH_SHORT_DESC)
 
-/*! \brief Maximum length in characters of long description 
+/*! \brief Maximum length in characters of long description
 
     The length includes the terminating \a NULL character.
     */
 #define KCDB_MAXCCH_LONG_DESC   8192
 
-/*! \brief Maximum length in characters of long description 
+/*! \brief Maximum length in characters of long description
 
     The length includes the terminating \a NULL character.
     */
 #define KCDB_MAXCB_LONG_DESC    (sizeof(wchar_t) * KCDB_MAXCCH_LONG_DESC)
 
-/*! \brief Maximum length in characters of name 
+/*! \brief Maximum length in characters of name
 
     The length includes the terminating \a NULL character.
     */
 #define KCDB_MAXCCH_NAME        256
 
-/*! \brief Maximum length in bytes of short description 
+/*! \brief Maximum length in bytes of short description
 
     The length includes the terminating \a NULL character.
     */
@@ -106,7 +106,7 @@ Functions, macros etc. for manipulating identities.
 \name Flags for identities */
 /*@{*/
 
-/*! \brief Create the identity if it doesn't already exist. 
+/*! \brief Create the identity if it doesn't already exist.
     \note  Only to be used with kcdb_identity_create() */
 #define KCDB_IDENT_FLAG_CREATE      0x10000000L
 
@@ -131,7 +131,7 @@ Functions, macros etc. for manipulating identities.
  */
 #define KCDB_IDENT_FLAG_ATTRIBS     0x08000000L
 
-/*! \brief This is the default identity. 
+/*! \brief This is the default identity.
 
     At most one identity will have this flag set at any given time.
     To set or reset the flag, use kcdb_identity_set_default() */
@@ -317,7 +317,7 @@ typedef struct tag_kcdb_ident_info {
 
     \see ::KMSG_IDENT_VALIDATE_NAME
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_validate_name(const wchar_t * name);
 
 /*! \brief Validate an identity
@@ -327,47 +327,47 @@ kcdb_identpro_validate_name(const wchar_t * name);
 
     \see ::KMSG_IDENT_VALIDATE_IDENTITY
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_validate_identity(khm_handle identity);
 
-/*! \brief Canonicalize the name 
+/*! \brief Canonicalize the name
 
 
     \see ::KMSG_IDENT_CANON_NAME
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_identpro_canon_name(const wchar_t * name_in, 
-                         wchar_t * name_out, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identpro_canon_name(const wchar_t * name_in,
+                         wchar_t * name_out,
                          khm_size * cb_name_out);
 
-/*! \brief Compare two identity names 
+/*! \brief Compare two identity names
 
     \see ::KMSG_IDENT_COMPARE_NAME
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_compare_name(const wchar_t * name1,
                            const wchar_t * name2);
 
-/*! \brief Set the specified identity as the default 
+/*! \brief Set the specified identity as the default
 
     \see ::KMSG_IDENT_SET_DEFAULT
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_set_default(khm_handle identity);
 
-/*! \brief Set the specified identity as searchable 
+/*! \brief Set the specified identity as searchable
 
     \see ::KMSG_IDENT_SET_SEARCHABLE
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_set_searchable(khm_handle identity,
                              khm_boolean searchable);
 
-/*! \brief Update the specified identity 
+/*! \brief Update the specified identity
 
     \see ::KMSG_IDENT_UPDATE
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_update(khm_handle identity);
 
 /*! \brief Obtain the UI callback
@@ -377,14 +377,14 @@ kcdb_identpro_update(khm_handle identity);
 
     \see ::KMSG_IDENT_GET_UI_CALLBACK
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_get_ui_cb(void * rock);
 
-/*! \brief Notify an identity provider of the creation of a new identity 
+/*! \brief Notify an identity provider of the creation of a new identity
 
     \see ::KMSG_IDENT_NOTIFY_CREATE
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identpro_notify_create(khm_handle identity);
 
 /*@}*/
@@ -393,7 +393,7 @@ kcdb_identpro_notify_create(khm_handle identity);
 
     \return TRUE or FALSE to the question, is this valid?
 */
-KHMEXP khm_boolean KHMAPI 
+KHMEXP khm_boolean KHMAPI
 kcdb_identity_is_valid_name(const wchar_t * name);
 
 /*! \brief Create or open an identity.
@@ -416,9 +416,9 @@ kcdb_identity_is_valid_name(const wchar_t * name);
         kcdb_identity_release() to release the identity once it is no
         longer needed.
     */
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_create(const wchar_t *name, 
-                     khm_int32 flags, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_create(const wchar_t *name,
+                     khm_int32 flags,
                      khm_handle * result);
 
 /*! \brief Mark an identity for deletion.
@@ -428,7 +428,7 @@ kcdb_identity_create(const wchar_t *name,
     identity.  Once all references to the identity are released, it
     will be removed from memory.  All associated credentials will also
     be removed. */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_delete(khm_handle id);
 
 /*! \brief Set or unset the specified flags in the specified identity.
@@ -464,8 +464,8 @@ kcdb_identity_delete(khm_handle id);
     check the flags in the identity using kcdb_identity_get_flags() to
     check which flags have been set and which have failed.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_set_flags(khm_handle id, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_set_flags(khm_handle id,
                         khm_int32 flags,
                         khm_int32 mask);
 
@@ -473,11 +473,11 @@ kcdb_identity_set_flags(khm_handle id,
 
     The returned flags may include internal flags.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_get_flags(khm_handle id, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_flags(khm_handle id,
                         khm_int32 * flags);
 
-/*! \brief Return the name of the identity 
+/*! \brief Return the name of the identity
 
     \param[out] buffer Buffer to copy the identity name into.  The
         maximum size of an identity name is \a KCDB_IDENT_MAXCB_NAME.
@@ -485,9 +485,9 @@ kcdb_identity_get_flags(khm_handle id,
         is returned in \a pcbsize.
 
     \param[in,out] pcbsize Size of buffer in bytes. */
-KHMEXP khm_int32 KHMAPI 
-kcdb_identity_get_name(khm_handle id, 
-                       wchar_t * buffer, 
+KHMEXP khm_int32 KHMAPI
+kcdb_identity_get_name(khm_handle id,
+                       wchar_t * buffer,
                        khm_size * pcbsize);
 
 /*! \brief Set the specified identity as the default.
@@ -497,7 +497,7 @@ kcdb_identity_get_name(khm_handle id,
 
     \see kcdb_identity_set_flags()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_default(khm_handle id);
 
 /*! \brief Mark the specified identity as the default.
@@ -505,7 +505,7 @@ kcdb_identity_set_default(khm_handle id);
     This API is reserved for use by identity providers as a means of
     specifying which identity is default.  The difference between
     kcdb_identity_set_default() and kcdb_identity_set_default_int() is
-    in semantics.  
+    in semantics.
 
     - kcdb_identity_set_default() is used to request the KCDB to
       designate the specified identity as the default.  When
@@ -529,10 +529,10 @@ kcdb_identity_set_default_int(khm_handle id);
     If there is no default identity, then the handle pointed to by \a
     pvid is set to \a NULL and the function returns
     KHM_ERROR_NOT_FOUND. */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_default(khm_handle * pvid);
 
-/*! \brief Get the configuration space for the identity. 
+/*! \brief Get the configuration space for the identity.
 
     If the configuration space for the identity does not exist and the
     flags parameter does not specify ::KHM_FLAG_CREATE, then the
@@ -551,7 +551,7 @@ kcdb_identity_get_default(khm_handle * pvid);
         successful, this receives a handle to the configuration space.
         Use khc_close_space() to close the handle.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_config(khm_handle id,
                          khm_int32 flags,
                          khm_handle * result);
@@ -562,12 +562,12 @@ kcdb_identity_get_config(khm_handle id,
     held.  \note Once the handle is released, it can not be
     revalidated by calling kcdb_identity_hold().  Doing so would lead
     to unpredictable consequences. */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_hold(khm_handle id);
 
 /*! \brief Release a reference to an identity.
     \see kcdb_identity_hold() */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_release(khm_handle id);
 
 /*! \brief Set the identity provider subscription
@@ -577,7 +577,7 @@ kcdb_identity_release(khm_handle id);
 
     \param[in] sub New identity provider subscription
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_provider(khm_handle sub);
 
 /*! \brief Set the primary credentials type
@@ -586,7 +586,7 @@ kcdb_identity_set_provider(khm_handle sub);
     provider.  As such, this function should only be called by an
     identity provider.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_type(khm_int32 cred_type);
 
 /*! \brief Retrieve the identity provider subscription
@@ -602,7 +602,7 @@ kcdb_identity_set_type(khm_int32 cred_type);
         identity provider.  If \a sub was not NULL, the handle it
         points to has been set to NULL.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_provider(khm_handle * sub);
 
 /*! \brief Retrieve the identity provider credentials type
@@ -610,7 +610,7 @@ kcdb_identity_get_provider(khm_handle * sub);
     This is the credentials type that the identity provider has
     designated as the primary credentials type.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_type(khm_int32 * ptype);
 
 /*! \brief Returns TRUE if the two identities are equal
@@ -633,7 +633,7 @@ kcdb_identity_is_equal(khm_handle identity1,
         individual data type handlers may copy in less than this many
         bytes in to the credential.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_attr(khm_handle identity,
                        khm_int32 attr_id,
                        void * buffer,
@@ -648,7 +648,7 @@ kcdb_identity_set_attr(khm_handle identity,
         individual data type handlers may copy in less than this many
         bytes in to the credential.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_set_attrib(khm_handle identity,
                          const wchar_t * attr_name,
                          void * buffer,
@@ -672,7 +672,7 @@ kcdb_identity_set_attrib(khm_handle identity,
         exists in this identity then the function will return
         KHM_ERROR_SUCCESS, otherwise it returns KHM_ERROR_NOT_FOUND.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_attr(khm_handle identity,
                        khm_int32 attr_id,
                        khm_int32 * attr_type,
@@ -694,7 +694,7 @@ kcdb_identity_get_attr(khm_handle identity,
         exists in this identity then the function will return
         KHM_ERROR_SUCCESS, otherwise it returns KHM_ERROR_NOT_FOUND.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_attrib(khm_handle identity,
                          const wchar_t * attr_name,
                          khm_int32 * attr_type,
@@ -729,7 +729,7 @@ kcdb_identity_get_attrib(khm_handle identity,
     \retval KHM_ERROR_TOO_LONG Either \a buffer was NULL or the
         supplied buffer was insufficient
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_attr_string(khm_handle identity,
                               khm_int32 attr_id,
                               wchar_t * buffer,
@@ -759,7 +759,7 @@ kcdb_identity_get_attr_string(khm_handle identity,
 
     \see kcdb_identity_get_attr_string()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_get_attrib_string(khm_handle identity,
                                 const wchar_t * attr_name,
                                 wchar_t * buffer,
@@ -817,7 +817,7 @@ kcdb_identity_get_attrib_string(khm_handle identity,
         guaranteed to work since the list of identities may change
         between the two calls.
   */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_enum(khm_int32 and_flags,
                    khm_int32 eq_flags,
                    wchar_t * name_buf,
@@ -835,7 +835,7 @@ kcdb_identity_enum(khm_int32 and_flags,
 
     \see kcdb_identity_refresh()
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_refresh(khm_handle vid);
 
 /*! \brief Refresh all identities
@@ -845,7 +845,7 @@ kcdb_identity_refresh(khm_handle vid);
 
     \see kcdb_identityt_refresh()
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_identity_refresh_all(void);
 
 /* KSMG_KCDB_IDENT notifications are structured as follows:
@@ -876,8 +876,8 @@ kcdb_identity_refresh_all(void);
 
     \see kcdb_credset_apply()
 */
-typedef khm_int32 
-(KHMAPI *kcdb_cred_apply_func)(khm_handle cred, 
+typedef khm_int32
+(KHMAPI *kcdb_cred_apply_func)(khm_handle cred,
                                void * rock);
 
 /*! \brief Credentials filter function.
@@ -893,9 +893,9 @@ typedef khm_int32
     \see kcdb_credset_collect_filtered()
     \see kcdb_credset_extract_filtered()
 */
-typedef khm_int32 
-(KHMAPI *kcdb_cred_filter_func)(khm_handle cred, 
-                                khm_int32 flags, 
+typedef khm_int32
+(KHMAPI *kcdb_cred_filter_func)(khm_handle cred,
+                                khm_int32 flags,
                                 void * rock);
 
 /*! \brief Credentials compare function.
@@ -909,9 +909,9 @@ typedef khm_int32
     \see kcdb_credset_sort()
     \see ::kcdb_credtype
 */
-typedef khm_int32 
-(KHMAPI *kcdb_cred_comp_func)(khm_handle cred1, 
-                              khm_handle cred2, 
+typedef khm_int32
+(KHMAPI *kcdb_cred_comp_func)(khm_handle cred1,
+                              khm_handle cred2,
                               void * rock);
 
 /*! \defgroup kcdb_credset Credential sets */
@@ -936,14 +936,14 @@ typedef khm_int32
     \see kcdb_credset_delete()
     \see kcdb_credset_collect()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_create(khm_handle * result);
 
 /** \brief Delete a credential set
 
     \see kcdb_credset_create()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_delete(khm_handle credset);
 
 /** \brief Collect credentials from a credential set to another credential set.
@@ -1024,10 +1024,10 @@ kcdb_credset_delete(khm_handle credset);
 
     \note The destination credential set cannot be sealed.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_collect(khm_handle cs_dest,
                      khm_handle cs_src,
-                     khm_handle identity, 
+                     khm_handle identity,
                      khm_int32 type,
                      khm_int32 * delta);
 
@@ -1035,7 +1035,7 @@ kcdb_credset_collect(khm_handle cs_dest,
     \see kcdb_credset_collect() */
 #define KCDB_DELTA_ADD      1
 
-/*! \brief Credentials were deleted 
+/*! \brief Credentials were deleted
     \see kcdb_credset_collect() */
 #define KCDB_DELTA_DEL      2
 
@@ -1050,14 +1050,14 @@ kcdb_credset_collect(khm_handle cs_dest,
 #define KCDB_CREDCOLL_FILTER_ROOT   1
 
 /*! \brief Indicates that the credential to be filtered is from the source
-        credential set 
-        
+        credential set
+
     \see kcdb_credset_collect_filtered() */
 #define KCDB_CREDCOLL_FILTER_SRC    2
 
 /*! \brief Indicates that the credential to be filtered is from the destination
-        credential set 
-        
+        credential set
+
     \see kcdb_credset_collect_filtered() */
 #define KCDB_CREDCOLL_FILTER_DEST   4
 
@@ -1086,7 +1086,7 @@ kcdb_credset_collect(khm_handle cs_dest,
 
     \see kcdb_credset_collect()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_collect_filtered(khm_handle cs_dest,
                               khm_handle cs_src,
                               kcdb_cred_filter_func filter,
@@ -1101,7 +1101,7 @@ kcdb_credset_collect_filtered(khm_handle cs_dest,
 
     \note The credential set cannot be sealed
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_flush(khm_handle credset);
 
 /*! \brief Extract credentials from one credential set to another
@@ -1130,10 +1130,10 @@ kcdb_credset_flush(khm_handle credset);
 
     \note The destination credential set cannot be sealed.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_credset_extract(khm_handle destcredset, 
-                     khm_handle sourcecredset, 
-                     khm_handle identity, 
+KHMEXP khm_int32 KHMAPI
+kcdb_credset_extract(khm_handle destcredset,
+                     khm_handle sourcecredset,
+                     khm_handle identity,
                      khm_int32 type);
 
 /*! \brief Extract credentials from one credential set to another using a filter.
@@ -1145,7 +1145,7 @@ kcdb_credset_extract(khm_handle destcredset,
 
     \note The destination credential set cannot be sealed.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_extract_filtered(khm_handle destcredset,
                               khm_handle sourcecredset,
                               kcdb_cred_filter_func filter,
@@ -1156,7 +1156,7 @@ kcdb_credset_extract_filtered(khm_handle destcredset,
     \param[in] idx The index of the credential to retrieve.  This is a
         zero based index which goes from 0 ... (size of credset - 1).
 
-    \param[out] cred The held reference to a credential.  Call 
+    \param[out] cred The held reference to a credential.  Call
         kcdb_cred_release() to release the credential.
 
     \retval KHM_ERROR_SUCCESS Success. \a cred has a held reference to the credential.
@@ -1165,7 +1165,7 @@ kcdb_credset_extract_filtered(khm_handle destcredset,
 
     \see kcdb_cred_release()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_get_cred(khm_handle credset,
                       khm_int32 idx,
                       khm_handle * cred);
@@ -1217,7 +1217,7 @@ kcdb_credset_get_cred(khm_handle credset,
         matches are possible if the order of the credentials in the
         set was changed.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_find_filtered(khm_handle credset,
                            khm_int32 idx_start,
                            kcdb_cred_filter_func f,
@@ -1231,7 +1231,7 @@ kcdb_credset_find_filtered(khm_handle credset,
     specified credential.  For a credential to be a match, it must
     have the same identity, credential type and name.
 
-    \param[in] credset Credential set to search 
+    \param[in] credset Credential set to search
 
     \param[in] cred_src Credetial to search on
 
@@ -1245,11 +1245,11 @@ kcdb_credset_find_filtered(khm_handle credset,
 
     \retval KHM_ERROR_NOT_FOUND A matching credential was not found.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_find_cred(khm_handle credset,
                        khm_handle cred_src,
                        khm_handle *cred_dest);
-                                               
+
 
 /*! \brief Delete a credential from a credential set.
 
@@ -1273,7 +1273,7 @@ kcdb_credset_find_cred(khm_handle credset,
 
     \see kcdb_credset_del_cred_ref()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_del_cred(khm_handle credset,
                       khm_int32 idx);
 
@@ -1286,7 +1286,7 @@ kcdb_credset_del_cred(khm_handle credset,
 
     \see kcdb_credset_del_cred()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_del_cred_ref(khm_handle credset,
                           khm_handle cred);
 
@@ -1302,7 +1302,7 @@ kcdb_credset_del_cred_ref(khm_handle credset,
 
     \note The credential set cannot be sealed.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_add_cred(khm_handle credset,
                       khm_handle cred,
                       khm_int32 idx);
@@ -1324,7 +1324,7 @@ kcdb_credset_add_cred(khm_handle credset,
     \see kcdb_credset_purge()
     \see kcdb_credset_get_cred()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_get_size(khm_handle credset,
                       khm_size * size);
 
@@ -1339,7 +1339,7 @@ kcdb_credset_get_size(khm_handle credset,
     \see kcdb_credset_get_size()
     \see kcdb_credset_get_cred()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_purge(khm_handle credset);
 
 /*! \brief Applies a function to all the credentials in a credentials set
@@ -1365,9 +1365,9 @@ kcdb_credset_purge(khm_handle credset);
 
     \retval KHM_ERROR_INVALID_PARAM One or more parameters were invalid.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_credset_apply(khm_handle credset, 
-                   kcdb_cred_apply_func f, 
+KHMEXP khm_int32 KHMAPI
+kcdb_credset_apply(khm_handle credset,
+                   kcdb_cred_apply_func f,
                    void * rock);
 
 /*! \brief Sort the contents of a credential set.
@@ -1378,7 +1378,7 @@ kcdb_credset_apply(khm_handle credset,
 
     \see kcdb_cred_comp_generic()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_sort(khm_handle credset,
                   kcdb_cred_comp_func comp,
                   void * rock);
@@ -1400,7 +1400,7 @@ kcdb_credset_sort(khm_handle credset,
 
     \see kcdb_credset_unseal()
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credset_seal(khm_handle credset);
 
 /*! \brief Unseal a credential set
@@ -1425,7 +1425,7 @@ typedef struct tag_kcdb_cred_comp_field {
                        with either. */
 } kcdb_cred_comp_field;
 
-/*! \brief Defines the sort order for a field in ::kcdb_cred_comp_field 
+/*! \brief Defines the sort order for a field in ::kcdb_cred_comp_field
 
     Sorts lexicographically ascending by string representation of field.
 */
@@ -1438,7 +1438,7 @@ typedef struct tag_kcdb_cred_comp_field {
  */
 #define KCDB_CRED_COMP_DECREASING 1
 
-/*! \brief Defines the sort order for a field in ::kcdb_cred_comp_field 
+/*! \brief Defines the sort order for a field in ::kcdb_cred_comp_field
 
     Any credentials which have the ::KCDB_CRED_FLAG_INITIAL will be
     grouped above any that don't.
@@ -1478,9 +1478,9 @@ typedef struct tag_kcdb_cred_comp_order {
 
     \param[in] rock a pointer to a ::kcdb_cred_comp_order object
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_comp_generic(khm_handle cred1, 
-                       khm_handle cred2, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_comp_generic(khm_handle cred1,
+                       khm_handle cred2,
                        void * rock);
 
 /*@}*/
@@ -1542,7 +1542,7 @@ kcdb_cred_comp_generic(khm_handle cred1,
  */
 #define KCDB_CRED_FLAGMASK_EXT     (KCDB_CRED_FLAG_INITIAL | KCDB_CRED_FLAG_EXPIRED | KCDB_CRED_FLAG_INVALID | KCDB_CRED_FLAG_RENEWABLE)
 
-/*! \brief Bitmask indicating dditive flags 
+/*! \brief Bitmask indicating dditive flags
 
     Additive flags are special flags which are added to exiting
     credentials based on new credentials when doing a collect
@@ -1611,17 +1611,17 @@ typedef struct tag_kcdb_cred_request {
 /*! \brief Create a new credential
 
     \param[in] name Name of credential.  \a name cannot be NULL and cannot
-        exceed \a KCDB_CRED_MAXCCH_NAME unicode characters including the 
+        exceed \a KCDB_CRED_MAXCCH_NAME unicode characters including the
         \a NULL terminator.
     \param[in] identity A reference to an identity.
     \param[in] cred_type A credentials type identifier for the credential.
     \param[out] result Gets a held reference to the newly created credential.
-        Call kcdb_cred_release() or kcdb_cred_delete() to release the 
+        Call kcdb_cred_release() or kcdb_cred_delete() to release the
         reference.
     \see kcdb_cred_release()
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_create(const wchar_t *   name, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_create(const wchar_t *   name,
                  khm_handle  identity,
                  khm_int32   cred_type,
                  khm_handle * result);
@@ -1631,7 +1631,7 @@ kcdb_cred_create(const wchar_t *   name,
     \param[out] newcred A held reference to the new credential if the call
         succeeds.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_dup(khm_handle cred,
               khm_handle * newcred);
 
@@ -1645,13 +1645,13 @@ kcdb_cred_dup(khm_handle cred,
     \retval KHM_ERROR_SUCCESS vdest was successfully updated
     \retval KHM_ERROR_EQUIVALENT all fields in vsrc were present and equivalent in vdest
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_update(khm_handle vdest,
                  khm_handle vsrc);
 
 /*! \brief Set an attribute in a credential by name
 
-    
+
 
     \param[in] cbbuf Number of bytes of data in \a buffer.  The
         individual data type handlers may copy in less than this many
@@ -1660,10 +1660,10 @@ kcdb_cred_update(khm_handle vdest,
         contents, you can specify ::KCDB_CBSIZE_AUTO for this
         parameter.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_set_attrib(khm_handle cred, 
-                     const wchar_t * name, 
-                     void * buffer, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_set_attrib(khm_handle cred,
+                     const wchar_t * name,
+                     void * buffer,
                      khm_size cbbuf);
 
 /*! \brief Set an attribute in a credential by attribute id
@@ -1678,10 +1678,10 @@ kcdb_cred_set_attrib(khm_handle cred,
         individual data type handlers may copy in less than this many
         bytes in to the credential.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_set_attr(khm_handle cred, 
-                   khm_int32 attr_id, 
-                   void * buffer, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_set_attr(khm_handle cred,
+                   khm_int32 attr_id,
+                   void * buffer,
                    khm_size cbbuf);
 
 /*! \brief Get an attribute from a credential by name.
@@ -1699,11 +1699,11 @@ kcdb_cred_set_attr(khm_handle cred,
         exists in this credential then the function will return
         KHM_ERROR_SUCCESS, otherwise it returns KHM_ERROR_NOT_FOUND.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_get_attrib(khm_handle cred, 
-                     const wchar_t * name, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_get_attrib(khm_handle cred,
+                     const wchar_t * name,
                      khm_int32 * attr_type,
-                     void * buffer, 
+                     void * buffer,
                      khm_size * cbbuf);
 
 /*! \brief Get an attribute from a credential by attribute id.
@@ -1724,11 +1724,11 @@ kcdb_cred_get_attrib(khm_handle cred,
         exists in this credential then the function will return
         KHM_ERROR_SUCCESS, otherwise it returns KHM_ERROR_NOT_FOUND.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_get_attr(khm_handle cred, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_get_attr(khm_handle cred,
                    khm_int32 attr_id,
                    khm_int32 * attr_type,
-                   void * buffer, 
+                   void * buffer,
                    khm_size * cbbuf);
 
 /*! \brief Get the name of a credential.
@@ -1741,9 +1741,9 @@ kcdb_cred_get_attr(khm_handle cred,
         If \a buffer is not sufficient, returns KHM_ERROR_TOO_LONG and
         sets this to the required buffer size.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_get_name(khm_handle cred, 
-                   wchar_t * buffer, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_get_name(khm_handle cred,
+                   wchar_t * buffer,
                    khm_size * cbbuf);
 
 /*! \brief Get the string representation of a credential attribute.
@@ -1774,10 +1774,10 @@ kcdb_cred_get_name(khm_handle cred,
     \retval KHM_ERROR_TOO_LONG Either \a buffer was NULL or the
         supplied buffer was insufficient
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_get_attr_string(khm_handle vcred, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_get_attr_string(khm_handle vcred,
                           khm_int32 attr_id,
-                          wchar_t * buffer, 
+                          wchar_t * buffer,
                           khm_size * pcbbuf,
                           khm_int32 flags);
 
@@ -1804,10 +1804,10 @@ kcdb_cred_get_attr_string(khm_handle vcred,
 
     \see kcdb_cred_get_attr_string()
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_get_attrib_string(khm_handle cred, 
-                            const wchar_t * name, 
-                            wchar_t * buffer, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_get_attrib_string(khm_handle cred,
+                            const wchar_t * name,
+                            wchar_t * buffer,
                             khm_size * cbbuf,
                             khm_int32 flags) ;
 
@@ -1819,8 +1819,8 @@ kcdb_cred_get_attrib_string(khm_handle cred,
 
     \see kcdb_identity_relase()
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_cred_get_identity(khm_handle cred, 
+KHMEXP khm_int32 KHMAPI
+kcdb_cred_get_identity(khm_handle cred,
                        khm_handle * identity);
 
 /*! \brief Set the identity of a credential
@@ -1831,7 +1831,7 @@ kcdb_cred_get_identity(khm_handle cred,
     credential that is not placed in a credential set or placed in a
     credential set that is only used by a single entity.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_set_identity(khm_handle vcred,
                        khm_handle id);
 
@@ -1842,7 +1842,7 @@ kcdb_cred_set_identity(khm_handle vcred,
 
     \param[out] pserial Receives the serial number. Cannot be NULL.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_get_serial(khm_handle cred,
                      khm_ui_8 * pserial);
 
@@ -1852,7 +1852,7 @@ kcdb_cred_get_serial(khm_handle cred,
 
     \param[out] type Receives the type.  Cannot be NULL.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_get_type(khm_handle cred,
                    khm_int32 * type);
 
@@ -1863,7 +1863,7 @@ kcdb_cred_get_type(khm_handle cred,
     credential for the operation to succeed.  This means the
     ::KCDB_CRED_FLAG_DELETED will never be retured by this function.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_get_flags(khm_handle cred,
                     khm_int32 * flags);
 
@@ -1879,7 +1879,7 @@ kcdb_cred_get_flags(khm_handle cred,
 
     \see ::KCDB_CRED_FLAGMASK_ALL
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_set_flags(khm_handle cred,
                     khm_int32 flags,
                     khm_int32 mask);
@@ -1890,12 +1890,12 @@ kcdb_cred_set_flags(khm_handle cred,
 
     \see kcdb_cred_release()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_hold(khm_handle cred);
 
 /*! \brief Release a held reference to a credential.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_release(khm_handle cred);
 
 /*! \brief Delete a credential.
@@ -1905,7 +1905,7 @@ kcdb_cred_release(khm_handle cred);
     is bound to a credential set or the root credential store, it will
     be removed from the respective container.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_cred_delete(khm_handle cred);
 
 /*! \brief Compare an attribute of two credentials by name.
@@ -1916,9 +1916,9 @@ kcdb_cred_delete(khm_handle cred);
     attribute, the return value is 0, which signifies that no ordering
     can be determined.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_creds_comp_attrib(khm_handle cred1, 
-                       khm_handle cred2, 
+KHMEXP khm_int32 KHMAPI
+kcdb_creds_comp_attrib(khm_handle cred1,
+                       khm_handle cred2,
                        const wchar_t * name);
 
 /*! \brief Compare an attribute of two credentials by attribute id.
@@ -1929,9 +1929,9 @@ kcdb_creds_comp_attrib(khm_handle cred1,
     attribute, the return value is 0, which signifies that no ordering
     can be determined.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_creds_comp_attr(khm_handle cred1, 
-                     khm_handle cred2, 
+KHMEXP khm_int32 KHMAPI
+kcdb_creds_comp_attr(khm_handle cred1,
+                     khm_handle cred2,
                      khm_int32 attr_id);
 
 /*! \brief Compare two credentials for equivalence
@@ -1942,7 +1942,7 @@ kcdb_creds_comp_attr(khm_handle cred1,
         - Both have the same name.
         - Both have the same type.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_creds_is_equal(khm_handle cred1,
                     khm_handle cred2);
 
@@ -2006,7 +2006,7 @@ kcdb_creds_is_equal(khm_handle cred1,
 
     \see ::kcdb_type
  */
-typedef khm_int32 
+typedef khm_int32
 (KHMAPI *kcdb_dtf_toString)(const void *     data,
                             khm_size         cb_data,
                             wchar_t *        s_buf,
@@ -2036,7 +2036,7 @@ typedef khm_int32
 
     \see ::kcdb_type
 */
-typedef khm_boolean 
+typedef khm_boolean
 (KHMAPI *kcdb_dtf_isValid)(const void *     data,
                            khm_size         cb_data);
 
@@ -2075,7 +2075,7 @@ typedef khm_boolean
 
     \see ::kcdb_type
 */
-typedef khm_int32 
+typedef khm_int32
 (KHMAPI *kcdb_dtf_comp)(const void *     data_l,
                         khm_size         cb_data_l,
                         const void *     data_r,
@@ -2121,7 +2121,7 @@ typedef khm_int32
 
     \see ::kcdb_type
  */
-typedef khm_int32 
+typedef khm_int32
 (KHMAPI *kcdb_dtf_dup)(const void * data_src,
                        khm_size cb_data_src,
                        void * data_dst,
@@ -2156,7 +2156,7 @@ typedef struct tag_kcdb_type {
 
 /*! \name Flags for kcdb_type::toString
 @{*/
-/*! \brief Specify that the short form of the string representation should be returned. 
+/*! \brief Specify that the short form of the string representation should be returned.
 
     Flags for #kcdb_type::toString.  The flag specifies how long the
     string representation should be.  The specific length of a short
@@ -2166,11 +2166,11 @@ typedef struct tag_kcdb_type {
     Usually, KCDB_TS_SHORT is specified when the amount of space that
     is available to display the string is very restricted.  It may be
     the case that the string is truncated to facilitate displaying in
-    a constrainted space.  
+    a constrainted space.
 */
 #define KCDB_TS_SHORT   1
 
-/*! \brief Specify that the long form of the string representation should be returned 
+/*! \brief Specify that the long form of the string representation should be returned
 
     Flags for #kcdb_type::toString.  The flag specifies how long the
     string representation should be.  The specific length of a short
@@ -2206,7 +2206,7 @@ typedef struct tag_kcdb_type {
 
     \note If this flag is used in conjunction with \a
     KCDB_TYPE_FLAG_CB_MAX then, \a cb_min must be less than or equal
-    to \a cb_max. 
+    to \a cb_max.
 */
 #define KCDB_TYPE_FLAG_CB_MIN       128
 
@@ -2233,7 +2233,7 @@ typedef struct tag_kcdb_type {
 
 /*@}*/
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_type_get_id(const wchar_t *name, khm_int32 * id);
 
 /*! \brief Return the type descriptor for a given type id
@@ -2246,7 +2246,7 @@ kcdb_type_get_id(const wchar_t *name, khm_int32 * id);
 
     \see kcdb_type_release_info()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_type_get_info(khm_int32 id, kcdb_type ** info);
 
 /*! \brief Release a reference to a type info structure
@@ -2254,16 +2254,16 @@ kcdb_type_get_info(khm_int32 id, kcdb_type ** info);
     Releases the reference to the type information obtained with a
     prior call to kcdb_type_get_info().
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_type_release_info(kcdb_type * info);
 
 /*! \brief Get the name of a type
 
     Retrieves the non-localized name of the specified type.
  */
-KHMEXP khm_int32 KHMAPI 
-kcdb_type_get_name(khm_int32 id, 
-                   wchar_t * buffer, 
+KHMEXP khm_int32 KHMAPI
+kcdb_type_get_name(khm_int32 id,
+                   wchar_t * buffer,
                    khm_size * cbbuf);
 
 /*! \brief Register a credentials attribute type
@@ -2276,8 +2276,8 @@ kcdb_type_get_name(khm_int32 id,
     \param[in] type The type descriptor
     \param[out] new_id Receives the identifier for the credential attribute type.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_type_register(const kcdb_type * type, 
+KHMEXP khm_int32 KHMAPI
+kcdb_type_register(const kcdb_type * type,
                    khm_int32 * new_id);
 
 /*! \brief Unregister a credential attribute type
@@ -2285,32 +2285,32 @@ kcdb_type_register(const kcdb_type * type,
     Removes the registration for the specified credentials attribute
     type.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_type_unregister(khm_int32 id);
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_type_get_next_free(khm_int32 * id);
 
 /*! \name Conversion functions
 @{*/
 /*! \brief Convert a time_t value to FILETIME
 */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 TimetToFileTime( time_t t, LPFILETIME pft );
 
 /*! \brief Convert a time_t interval to a FILETIME interval
 */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 TimetToFileTimeInterval(time_t t, LPFILETIME pft);
 
 /*! \brief Convert a FILETIME interval to seconds
 */
-KHMEXP long KHMAPI 
+KHMEXP long KHMAPI
 FtIntervalToSeconds(LPFILETIME pft);
 
 /*! \brief Convert a FILETIME interval to milliseconds
 */
-KHMEXP long KHMAPI 
+KHMEXP long KHMAPI
 FtIntervalToMilliseconds(LPFILETIME pft);
 
 /*! \brief Compare two FILETIME values
@@ -2318,7 +2318,7 @@ FtIntervalToMilliseconds(LPFILETIME pft);
     The return value is similar to the return value of strcmp(), based
     on the comparison of the two FILETIME values.
  */
-KHMEXP long KHMAPI 
+KHMEXP long KHMAPI
 FtCompare(LPFILETIME pft1, LPFILETIME pft2);
 
 /*! \brief Convert a FILETIME to a 64 bit int
@@ -2343,9 +2343,9 @@ KHMEXP FILETIME KHMAPI FtAdd(LPFILETIME ft1, LPFILETIME ft2);
 
 /*! \brief Convert a FILETIME inverval to a string
 */
-KHMEXP khm_int32 KHMAPI 
-FtIntervalToString(LPFILETIME data, 
-                   wchar_t * buffer, 
+KHMEXP khm_int32 KHMAPI
+FtIntervalToString(LPFILETIME data,
+                   wchar_t * buffer,
                    khm_size * cb_buf);
 
 /*! \brief Parse a string representing an interval into a FILETIME interval
@@ -2378,7 +2378,7 @@ FtIntervalToString(LPFILETIME data,
     \retval KHM_ERROR_SUCCESS The string was successfully parsed and
         the result was placed in \a pft.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 IntervalStringToFt(FILETIME * pft, wchar_t * str);
 
 /*! \brief Return number of milliseconds till next representation change
@@ -2389,7 +2389,7 @@ IntervalStringToFt(FILETIME * pft, wchar_t * str);
 
    Returns 0 if the representation is not expected to change.
 */
-KHMEXP long KHMAPI 
+KHMEXP long KHMAPI
 FtIntervalMsToRepChange(LPFILETIME pft);
 
 /*! \brief Convert a safe ANSI string to a Unicode string
@@ -2403,7 +2403,7 @@ FtIntervalMsToRepChange(LPFILETIME pft);
     \return the number of characters converted.  This is always either
         the length of the string \a astr or 0.
 */
-KHMEXP int KHMAPI 
+KHMEXP int KHMAPI
 AnsiStrToUnicode( wchar_t * wstr, size_t cbwstr, const char * astr);
 
 /*! \brief Convert a Unicode string to ANSI
@@ -2414,11 +2414,11 @@ AnsiStrToUnicode( wchar_t * wstr, size_t cbwstr, const char * astr);
     \return the number of characters converted.  This is always either
         the length of the string \a src or 0.
 */
-KHMEXP int KHMAPI 
+KHMEXP int KHMAPI
 UnicodeStrToAnsi( char * dest, size_t cbdest, const wchar_t * src);
 /*@}*/
 
-/*! \name Standard type identifiers and names 
+/*! \name Standard type identifiers and names
 @{*/
 
 /*! Maximum identifier number */
@@ -2507,8 +2507,8 @@ UnicodeStrToAnsi( char * dest, size_t cbdest, const wchar_t * src);
     buffer is \a NULL, then the required buffer size should be placed
     in \a cbsize.
  */
-typedef khm_int32 
-(KHMAPI *kcdb_attrib_compute_cb)(khm_handle cred, 
+typedef khm_int32
+(KHMAPI *kcdb_attrib_compute_cb)(khm_handle cred,
                                  khm_int32 id,
                                  void * buffer,
                                  khm_size * cbsize);
@@ -2559,8 +2559,8 @@ typedef struct tag_kcdb_attrib {
 } kcdb_attrib;
 
 /*! \brief Retrieve the ID of a named attribute */
-KHMEXP khm_int32 KHMAPI 
-kcdb_attrib_get_id(const wchar_t *name, 
+KHMEXP khm_int32 KHMAPI
+kcdb_attrib_get_id(const wchar_t *name,
                    khm_int32 * id);
 
 /*! \brief Register an attribute
@@ -2568,11 +2568,11 @@ kcdb_attrib_get_id(const wchar_t *name,
     \param[out] new_id Receives the ID of the newly registered
         attribute.  If the \a id member of the ::kcdb_attrib object is
         set to KCDB_ATTR_INVALID, then a unique ID is generated. */
-KHMEXP khm_int32 KHMAPI 
-kcdb_attrib_register(const kcdb_attrib * attrib, 
+KHMEXP khm_int32 KHMAPI
+kcdb_attrib_register(const kcdb_attrib * attrib,
                      khm_int32 * new_id);
 
-/*! \brief Retrieve the attribute descriptor for an attribute 
+/*! \brief Retrieve the attribute descriptor for an attribute
 
     The descriptor that is returned must be released through a call to
     kcdb_attrib_release_info()
@@ -2581,35 +2581,35 @@ kcdb_attrib_register(const kcdb_attrib * attrib,
     checked, you can pass in NULL for \a attrib.  In this case, if the
     identifier is valid, then the funciton will return
     KHM_ERROR_SUCCESS, otherwise it will return KHM_ERROR_NOT_FOUND.
-    
+
     \see kcdb_attrib_release_info()
     */
-KHMEXP khm_int32 KHMAPI 
-kcdb_attrib_get_info(khm_int32 id, 
+KHMEXP khm_int32 KHMAPI
+kcdb_attrib_get_info(khm_int32 id,
                      kcdb_attrib ** attrib);
 
 /*! \brief Release an attribute descriptor
 
     \see kcdb_attrib_get_info()
     */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_attrib_release_info(kcdb_attrib * attrib);
 
-/*! \brief Unregister an attribute 
+/*! \brief Unregister an attribute
 
     Once an attribute ID has been unregistered, it may be reclaimed by
     a subsequent call to kcdb_attrib_register().
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_attrib_unregister(khm_int32 id);
 
-/*! \brief Retrieve the description of an attribute 
+/*! \brief Retrieve the description of an attribute
 
     \param[in] flags Specify \a KCDB_TS_SHORT to retrieve the short description. */
-KHMEXP khm_int32 KHMAPI 
-kcdb_attrib_describe(khm_int32 id, 
-                     wchar_t * buffer, 
-                     khm_size * cbsize, 
+KHMEXP khm_int32 KHMAPI
+kcdb_attrib_describe(khm_int32 id,
+                     wchar_t * buffer,
+                     khm_size * cbsize,
                      khm_int32 flags);
 
 /*! \brief Count attributes
@@ -2624,7 +2624,7 @@ kcdb_attrib_describe(khm_int32 id,
 
     The number of attributes that match are returned in \a pcount.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_attrib_get_count(khm_int32 and_flags,
                       khm_int32 eq_flags,
                       khm_size * pcount);
@@ -2665,7 +2665,7 @@ kcdb_attrib_get_count(khm_int32 and_flags,
         array.  This is different from the usual size parameters used
         in the NetIDMgr API.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_attrib_get_ids(khm_int32 and_flags,
                     khm_int32 eq_flags,
                     khm_int32 * plist,
@@ -2792,7 +2792,7 @@ kcdb_attrib_get_ids(khm_int32 and_flags,
 */
 #define KCDB_ATTR_ID            1
 
-/*! \brief The name of the identity 
+/*! \brief The name of the identity
 
     - \b Type: STRING
     - \b Flags: REQUIRED, COMPUTED, SYSTEM
@@ -2806,42 +2806,42 @@ kcdb_attrib_get_ids(khm_int32 and_flags,
 */
 #define KCDB_ATTR_TYPE          3
 
-/*! \brief Type name for the credential 
+/*! \brief Type name for the credential
 
     - \b Type: STRING
     - \b Flags: REQUIRED, COMPUTED, SYSTEM
 */
 #define KCDB_ATTR_TYPE_NAME     4
 
-/*! \brief Name of the parent credential 
+/*! \brief Name of the parent credential
 
     - \b Type: STRING
     - \b Flags: SYSTEM
 */
 #define KCDB_ATTR_PARENT_NAME   5
 
-/*! \brief Issed on 
+/*! \brief Issed on
 
     - \b Type: DATE
     - \b Flags: SYSTEM
 */
 #define KCDB_ATTR_ISSUE         6
 
-/*! \brief Expires on 
+/*! \brief Expires on
 
     - \b Type: DATE
     - \b Flags: SYSTEM
 */
 #define KCDB_ATTR_EXPIRE        7
 
-/*! \brief Renewable period expires on 
+/*! \brief Renewable period expires on
 
     - \b Type: DATE
     - \b Flags: SYSTEM
 */
 #define KCDB_ATTR_RENEW_EXPIRE  8
 
-/*! \brief Time left till expiration 
+/*! \brief Time left till expiration
 
     - \b Type: INTERVAL
     - \b Flags: SYSTEM, COMPUTED, VOLATILE
@@ -2857,7 +2857,7 @@ kcdb_attrib_get_ids(khm_int32 and_flags,
 */
 #define KCDB_ATTR_LOCATION      11
 
-/*! \brief Lifetime of the credential 
+/*! \brief Lifetime of the credential
 
     - \b Type: INTERVAL
     - \b Flags: SYSTEM
@@ -3024,8 +3024,8 @@ typedef struct tag_kcdb_credtype {
     \retval KHM_ERROR_DUPLICATE The \a name or \a id that was
         specified is already in use.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_credtype_register(const kcdb_credtype * type, 
+KHMEXP khm_int32 KHMAPI
+kcdb_credtype_register(const kcdb_credtype * type,
                        khm_int32 * new_id);
 
 /*! \brief Return a held reference to a \a kcdb_credtype object describing the credential type.
@@ -3049,8 +3049,8 @@ kcdb_credtype_register(const kcdb_credtype * type,
     \see kcdb_credtype_release_info()
     \see kcdb_credtype_register()
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_credtype_get_info(khm_int32 id, 
+KHMEXP khm_int32 KHMAPI
+kcdb_credtype_get_info(khm_int32 id,
                        kcdb_credtype ** type);
 
 /*! \brief Release a reference to a \a kcdb_credtype object
@@ -3060,7 +3060,7 @@ kcdb_credtype_get_info(khm_int32 id,
 
     \see kcdb_credtype_get_info()
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credtype_release_info(kcdb_credtype * type);
 
 /*! \brief Unregister a credentials type
@@ -3070,7 +3070,7 @@ kcdb_credtype_release_info(kcdb_credtype * type);
     This should only be done when the credentials provider is being
     unloaded.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credtype_unregister(khm_int32 id);
 
 /*! \brief Retrieve the name of a credentials type
@@ -3094,7 +3094,7 @@ kcdb_credtype_unregister(khm_int32 id);
 
     \retval KHM_ERROR_INVALID_PARAM Invalid parameter.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credtype_get_name(khm_int32 id,
                        wchar_t * buf,
                        khm_size * cbbuf);
@@ -3105,7 +3105,7 @@ kcdb_credtype_get_name(khm_int32 id,
     type specific subcription.  It may return NULL if the subscription
     is not available.
  */
-KHMEXP khm_handle KHMAPI 
+KHMEXP khm_handle KHMAPI
 kcdb_credtype_get_sub(khm_int32 id);
 
 /*! \brief Get the description of a credentials type
@@ -3129,7 +3129,7 @@ kcdb_credtype_get_sub(khm_int32 id);
    \retval KHM_ERROR_TOO_LONG Either \a buf was NULL or the supplied buffer was insufficient.  The required size is specified in \a cbbuf.
    \retval KHM_ERROR_INVALID_PARAM One or more parameters were invalid.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_credtype_describe(khm_int32 id,
                        wchar_t * buf,
                        khm_size * cbbuf,
@@ -3143,15 +3143,15 @@ kcdb_credtype_describe(khm_int32 id,
     \param[out] id Receives the identifier if the call succeeds
 
  */
-KHMEXP khm_int32 KHMAPI 
-kcdb_credtype_get_id(const wchar_t * name, 
+KHMEXP khm_int32 KHMAPI
+kcdb_credtype_get_id(const wchar_t * name,
                      khm_int32 * id);
 
 /*@}*/
 
 /*********************************************************************/
 
-/*! \defgroup kcdb_buf Generic access to buffer 
+/*! \defgroup kcdb_buf Generic access to buffer
 
     Currently, credentials and identities both hold record data types.
     This set of API's allow an application to access fields in the
@@ -3182,11 +3182,11 @@ kcdb_credtype_get_id(const wchar_t * name,
         exists in this record then the function will return
         KHM_ERROR_SUCCESS, otherwise it returns KHM_ERROR_NOT_FOUND.
 */
-KHMEXP khm_int32 KHMAPI 
-kcdb_buf_get_attr(khm_handle  record, 
-                  khm_int32   attr_id, 
-                  khm_int32 * attr_type, 
-                  void *      buffer, 
+KHMEXP khm_int32 KHMAPI
+kcdb_buf_get_attr(khm_handle  record,
+                  khm_int32   attr_id,
+                  khm_int32 * attr_type,
+                  void *      buffer,
                   khm_size *  pcb_buf);
 
 /*! \brief Get an attribute from a record by name.
@@ -3204,7 +3204,7 @@ kcdb_buf_get_attr(khm_handle  record,
         exists in this record then the function will return
         KHM_ERROR_SUCCESS, otherwise it returns KHM_ERROR_NOT_FOUND.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_buf_get_attrib(khm_handle  record,
                     const wchar_t *   attr_name,
                     khm_int32 * attr_type,
@@ -3239,7 +3239,7 @@ kcdb_buf_get_attrib(khm_handle  record,
     \retval KHM_ERROR_TOO_LONG Either \a buffer was NULL or the
         supplied buffer was insufficient
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_buf_get_attr_string(khm_handle  record,
                          khm_int32   attr_id,
                          wchar_t *   buffer,
@@ -3269,7 +3269,7 @@ kcdb_buf_get_attr_string(khm_handle  record,
 
     \see kcdb_cred_get_attr_string()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_buf_get_attrib_string(khm_handle  record,
                            const wchar_t *   attr_name,
                            wchar_t *   buffer,
@@ -3282,7 +3282,7 @@ kcdb_buf_get_attrib_string(khm_handle  record,
         individual data type handlers may copy in less than this many
         bytes in to the record.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_buf_set_attr(khm_handle  record,
                   khm_int32   attr_id,
                   void *      buffer,
@@ -3294,16 +3294,16 @@ kcdb_buf_set_attr(khm_handle  record,
         individual data type handlers may copy in less than this many
         bytes in to the record.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_buf_set_attrib(khm_handle  record,
                     const wchar_t *   attr_name,
                     void *      buffer,
                     khm_size    cbbuf);
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_buf_hold(khm_handle  record);
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kcdb_buf_release(khm_handle record);
 
 /*@}*/
diff --git a/src/windows/identity/kcreddb/langres.h b/src/windows/identity/kcreddb/langres.h
index 1c3258b3d..8f03240db 100644
--- a/src/windows/identity/kcreddb/langres.h
+++ b/src/windows/identity/kcreddb/langres.h
@@ -37,7 +37,7 @@
 #define IDS_RENEW_LIFETIME              132
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        102
diff --git a/src/windows/identity/kcreddb/resource.h b/src/windows/identity/kcreddb/resource.h
index bc587b278..56739331f 100644
--- a/src/windows/identity/kcreddb/resource.h
+++ b/src/windows/identity/kcreddb/resource.h
@@ -16,7 +16,7 @@
 #define IDS_MUTEX_TIMEOUT               401
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        201
diff --git a/src/windows/identity/kcreddb/type.c b/src/windows/identity/kcreddb/type.c
index e4fd2df2c..5e23b5e1a 100644
--- a/src/windows/identity/kcreddb/type.c
+++ b/src/windows/identity/kcreddb/type.c
@@ -37,10 +37,10 @@ kcdb_type_i * kcdb_types = NULL;
 #define GENERIC_VOID_STR L"(Void)"
 
 khm_int32 KHMAPI kcdb_type_void_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags)
 {
     size_t cbsize;
@@ -98,10 +98,10 @@ khm_int32 KHMAPI kcdb_type_void_dup(
 
 /* String */
 khm_int32 KHMAPI kcdb_type_string_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags)
 {
     size_t cbsize;
@@ -189,10 +189,10 @@ khm_int32 KHMAPI kcdb_type_string_dup(
 
 
 khm_int32 KHMAPI kcdb_type_date_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags)
 {
     size_t cbsize;
@@ -315,7 +315,7 @@ khm_int32 KHMAPI kcdb_type_date_dup(
 /* returns the number of milliseconds that must elapse away from the
    interval specified in pft for the representation of pft to change
    from whatever it is right now */
-KHMEXP long KHMAPI 
+KHMEXP long KHMAPI
 FtIntervalMsToRepChange(LPFILETIME pft)
 {
     __int64 ms,s,m,h,d;
@@ -324,7 +324,7 @@ FtIntervalMsToRepChange(LPFILETIME pft)
 
     ift = FtToInt(pft);
     ms = ift / 10000i64;
-    
+
     if(ms < 0 || ift == _I64_MAX)
         return -1;
 
@@ -350,7 +350,7 @@ FtIntervalMsToRepChange(LPFILETIME pft)
     return l;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 FtIntervalToString(LPFILETIME data, wchar_t * buffer, khm_size * cb_buf)
 {
     size_t cbsize;
@@ -469,11 +469,11 @@ FtIntervalToString(LPFILETIME data, wchar_t * buffer, khm_size * cb_buf)
     return KHM_ERROR_SUCCESS;
 }
 
-khm_int32 KHMAPI 
-kcdb_type_interval_toString(const void * data, 
-                            khm_size cbd, 
-                            wchar_t * buffer, 
-                            khm_size * cb_buf, 
+khm_int32 KHMAPI
+kcdb_type_interval_toString(const void * data,
+                            khm_size cbd,
+                            wchar_t * buffer,
+                            khm_size * cb_buf,
                             khm_int32 flags)
 {
     return FtIntervalToString((LPFILETIME) data, buffer, cb_buf);
@@ -524,10 +524,10 @@ khm_int32 KHMAPI kcdb_type_interval_dup(
 /* Int32 */
 
 khm_int32 KHMAPI kcdb_type_int32_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags)
 {
     size_t cbsize;
@@ -586,10 +586,10 @@ khm_int32 KHMAPI kcdb_type_int32_dup(
 /* Int64 */
 
 khm_int32 KHMAPI kcdb_type_int64_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags)
 {
     size_t cbsize;
@@ -650,10 +650,10 @@ khm_int32 KHMAPI kcdb_type_int64_dup(
 #define GENERIC_DATA_STR L"(Data)"
 
 khm_int32 KHMAPI kcdb_type_data_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags)
 {
     size_t cbsize;
@@ -729,7 +729,7 @@ khm_int32 KHMAPI kcdb_type_data_dup(
 }
 
 
-void kcdb_type_msg_completion(kmq_message * m) 
+void kcdb_type_msg_completion(kmq_message * m)
 {
     kcdb_type_release((kcdb_type_i *) m->vparam);
 }
@@ -990,11 +990,11 @@ KHMEXP khm_int32 KHMAPI kcdb_type_register(const kcdb_type * type, khm_int32 * n
     size_t cbsize;
     khm_int32 type_id;
 
-    if(!type || 
-        !type->comp || 
-        !type->dup || 
-        !type->isValid || 
-        !type->toString || 
+    if(!type ||
+        !type->comp ||
+        !type->dup ||
+        !type->isValid ||
+        !type->toString ||
         !type->name)
         return KHM_ERROR_INVALID_PARAM;
 
@@ -1084,8 +1084,8 @@ KHMEXP khm_int32 KHMAPI kcdb_type_unregister(khm_int32 id)
         /* we are going to remove t from the hash table.  If no one is holding
             a reference to it, then we can free it (actually, the del_ref code
             will take care of that anyway).  If there is a hold, then it will
-            get freed when they release it. 
-            
+            get freed when they release it.
+
             Actually, the post_message call above pretty much guarantees that
             the type has a hold on it.*/
         t->type.flags |= KCDB_TYPE_FLAG_DELETED;
@@ -1141,7 +1141,7 @@ KHMEXP void KHMAPI TimetToFileTime( time_t t, LPFILETIME pft )
 KHMEXP void KHMAPI TimetToFileTimeInterval(time_t t, LPFILETIME pft)
 {
     LONGLONG ll;
-    
+
     if ( sizeof(time_t) == 4 )
 	ll = Int32x32To64(t, 10000000);
     else {
@@ -1224,11 +1224,11 @@ KHMEXP int KHMAPI AnsiStrToUnicode( wchar_t * wstr, size_t cbwstr, const char *
 
     nc = strlen(astr);
     if(nc == MultiByteToWideChar(
-        CP_ACP, 
-        0, 
-        astr, 
-        (int) nc, 
-        wstr, 
+        CP_ACP,
+        0,
+        astr,
+        (int) nc,
+        wstr,
         (int)(cbwstr / sizeof(wchar_t) - 1))) {
         wstr[nc] = L'\0';
     } else {
@@ -1253,13 +1253,13 @@ KHMEXP int KHMAPI UnicodeStrToAnsi( char * dest, size_t cbdest, const wchar_t *
         return 0;
 
     nc = WideCharToMultiByte(
-        CP_ACP, 
-        WC_NO_BEST_FIT_CHARS, 
-        src, 
-        (int) nc, 
-        dest, 
-        (int) cbdest, 
-        NULL, 
+        CP_ACP,
+        WC_NO_BEST_FIT_CHARS,
+        src,
+        (int) nc,
+        dest,
+        (int) cbdest,
+        NULL,
         NULL);
 
     dest[nc] = 0;
@@ -1296,7 +1296,7 @@ int _iv_is_in_spec(wchar_t *s, int n, wchar_t * spec)
         e = wcschr(b, L',');
         if(!e)
             e = b + wcslen(b);
-    
+
         if((e - b) == n  && !_wcsnicmp(b, s, n)) {
             return TRUE;
         }
diff --git a/src/windows/identity/kcreddb/type.h b/src/windows/identity/kcreddb/type.h
index 698e5f386..5b30e5422 100644
--- a/src/windows/identity/kcreddb/type.h
+++ b/src/windows/identity/kcreddb/type.h
@@ -53,10 +53,10 @@ void kcdb_type_check_and_delete(khm_int32 id);
 void kcdb_type_post_message(khm_int32 op, kcdb_type_i * t);
 
 khm_int32 KHMAPI kcdb_type_void_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags);
 
 khm_boolean KHMAPI kcdb_type_void_isValid(
@@ -76,10 +76,10 @@ khm_int32 KHMAPI kcdb_type_void_dup(
     khm_size * cbd_dst);
 
 khm_int32 KHMAPI kcdb_type_string_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags);
 
 khm_boolean KHMAPI kcdb_type_string_isValid(
@@ -99,10 +99,10 @@ khm_int32 KHMAPI kcdb_type_string_dup(
     khm_size * cbd_dst);
 
 khm_int32 KHMAPI kcdb_type_date_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags);
 
 khm_boolean KHMAPI kcdb_type_date_isValid(
@@ -122,10 +122,10 @@ khm_int32 KHMAPI kcdb_type_date_dup(
     khm_size * cbd_dst);
 
 khm_int32 KHMAPI kcdb_type_interval_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags);
 
 khm_boolean KHMAPI kcdb_type_interval_isValid(
@@ -145,10 +145,10 @@ khm_int32 KHMAPI kcdb_type_interval_dup(
     khm_size * cbd_dst);
 
 khm_int32 KHMAPI kcdb_type_int32_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags);
 
 khm_boolean KHMAPI kcdb_type_int32_isValid(
@@ -168,10 +168,10 @@ khm_int32 KHMAPI kcdb_type_int32_dup(
     khm_size * cbd_dst);
 
 khm_int32 KHMAPI kcdb_type_int64_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags);
 
 khm_boolean KHMAPI kcdb_type_int64_isValid(
@@ -191,10 +191,10 @@ khm_int32 KHMAPI kcdb_type_int64_dup(
     khm_size * cbd_dst);
 
 khm_int32 KHMAPI kcdb_type_data_toString(
-    const void * d, 
-    khm_size cbd, 
-    wchar_t * buffer, 
-    khm_size * cb_buf, 
+    const void * d,
+    khm_size cbd,
+    wchar_t * buffer,
+    khm_size * cb_buf,
     khm_int32 flags);
 
 khm_boolean KHMAPI kcdb_type_data_isValid(
diff --git a/src/windows/identity/kherr/kherr.c b/src/windows/identity/kherr/kherr.c
index 006feb3af..cd5cbc50f 100644
--- a/src/windows/identity/kherr/kherr.c
+++ b/src/windows/identity/kherr/kherr.c
@@ -44,7 +44,7 @@ kherr_serial ctx_serial = 0;
 #ifdef DEBUG
 #define DEBUG_CONTEXT
 
-KHMEXP void 
+KHMEXP void
 kherr_debug_printf(wchar_t * fmt, ...)
 {
     va_list vl;
@@ -57,7 +57,7 @@ kherr_debug_printf(wchar_t * fmt, ...)
 }
 #endif
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 kherr_add_ctx_handler(kherr_ctx_handler h,
                       khm_int32 filter,
                       kherr_serial serial)
@@ -114,7 +114,7 @@ kherr_add_ctx_handler(kherr_ctx_handler h,
     LeaveCriticalSection(&cs_error);
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 kherr_remove_ctx_handler(kherr_ctx_handler h,
                          kherr_serial serial)
 {
@@ -134,7 +134,7 @@ kherr_remove_ctx_handler(kherr_ctx_handler h,
             ctx_handlers[i] = ctx_handlers[i + 1];
         }
     }
-    
+
     LeaveCriticalSection(&cs_error);
 }
 
@@ -182,7 +182,7 @@ attach_this_thread(void)
     if (t)
         return;
 
-    t = PMALLOC(sizeof(kherr_thread) + 
+    t = PMALLOC(sizeof(kherr_thread) +
                 sizeof(kherr_context *) * THREAD_STACK_SIZE);
     t->nc_ctx = THREAD_STACK_SIZE;
     t->n_ctx = 0;
@@ -247,7 +247,7 @@ push_context(kherr_context * c)
         kherr_thread * nt;
 
         nc_new = t->nc_ctx + THREAD_STACK_SIZE;
-        cb_new = sizeof(kherr_thread) + 
+        cb_new = sizeof(kherr_thread) +
             sizeof(kherr_context *) * nc_new;
 
         nt = PMALLOC(cb_new);
@@ -399,7 +399,7 @@ get_empty_context(void)
     else {
         c = PMALLOC(sizeof(kherr_context));
     }
- 
+
     ZeroMemory(c,sizeof(*c));
     c->severity = KHERR_NONE;
     c->flags = KHERR_CF_UNBOUND;
@@ -409,7 +409,7 @@ get_empty_context(void)
     LPUSH(&ctx_root_list, c);
 
     LeaveCriticalSection(&cs_error);
-   
+
     return c;
 }
 
@@ -497,7 +497,7 @@ pick_err_event(kherr_context * c)
     EnterCriticalSection(&cs_error);
     e = QTOP(c);
     while(e) {
-        if(!(e->flags & KHERR_RF_INERT) && 
+        if(!(e->flags & KHERR_RF_INERT) &&
            s >= e->severity) {
             ce = e;
             s = e->severity;
@@ -589,7 +589,7 @@ resolve_string_resource(kherr_event * e,
 
     if(e->flags & if_flag) {
         if(e->h_module != NULL)
-            chars = LoadString(e->h_module, (UINT)(INT_PTR) *str, 
+            chars = LoadString(e->h_module, (UINT)(INT_PTR) *str,
                                tfmt, ARRAYLENGTH(tbuf));
         if(e->h_module == NULL || chars == 0)
             *str = NULL;
@@ -867,7 +867,7 @@ kherr_reportf_ex(enum kherr_severity severity,
     return e;
 }
 
-KHMEXP kherr_event * KHMAPI 
+KHMEXP kherr_event * KHMAPI
 kherr_report(enum kherr_severity severity,
              const wchar_t * short_desc,
              const wchar_t * facility,
@@ -938,7 +938,7 @@ kherr_report(enum kherr_severity severity,
 }
 
 KHMEXP void KHMAPI
-kherr_suggest(wchar_t * suggestion, 
+kherr_suggest(wchar_t * suggestion,
               enum kherr_suggestion suggestion_id,
               khm_int32 flags)
 {
@@ -1005,7 +1005,7 @@ _exit:
 }
 
 KHMEXP void KHMAPI
-kherr_facility(wchar_t * facility, 
+kherr_facility(wchar_t * facility,
                khm_int32 facility_id)
 {
     kherr_context * c;
@@ -1118,7 +1118,7 @@ kherr_push_context(kherr_context * c)
 }
 
 KHMEXP void KHMAPI
-kherr_push_new_context(khm_int32 flags) 
+kherr_push_new_context(khm_int32 flags)
 {
     kherr_context * p = NULL;
     kherr_context * c;
@@ -1405,8 +1405,8 @@ get_progress(kherr_context * c, khm_ui_4 * pnum, khm_ui_4 * pdenom)
 }
 
 KHMEXP void KHMAPI
-kherr_get_progress_i(kherr_context * c, 
-                     khm_ui_4 * num, 
+kherr_get_progress_i(kherr_context * c,
+                     khm_ui_4 * num,
                      khm_ui_4 * denom)
 {
     if (num == NULL || denom == NULL)
@@ -1577,4 +1577,3 @@ kherr_dup_string(const wchar_t * s)
 
     return _tstr(dest);
 }
-
diff --git a/src/windows/identity/kherr/kherr.h b/src/windows/identity/kherr/kherr.h
index 90a72a35a..a4ab68d06 100644
--- a/src/windows/identity/kherr/kherr.h
+++ b/src/windows/identity/kherr/kherr.h
@@ -54,7 +54,7 @@
 
     If left undefined, the convenience macros will leave the facility
     value undefined.
- */ 
+ */
 #define KHERR_FACILITY NULL
 #endif
 
@@ -177,13 +177,13 @@ typedef struct tag_kherr_event {
     const wchar_t * suggestion; /*!< A suggested way to fix it
 			          (localized,formatted) */
 
-    kherr_severity   severity;  
+    kherr_severity   severity;
                                 /*!< Severity level.  One of the
 				  severity levels listed in
 				  enumeration ::kherr_severity */
     khm_int32   facility_id;    /*!< Left to the application to
 				  interpret */
-    kherr_suggestion suggestion_id; 
+    kherr_suggestion suggestion_id;
                                 /*!< One of the suggestion ID's from
 				  the enumeration
 				  ::kherr_suggestion */
@@ -217,44 +217,44 @@ typedef struct tag_kherr_event {
     is mutually exclusive.
  */
 enum kherr_event_flags {
-    KHERR_RF_CSTR_SHORT_DESC= 0x00000000, 
+    KHERR_RF_CSTR_SHORT_DESC= 0x00000000,
                                 /*!< Short description is a constant
                                   string */
-    KHERR_RF_RES_SHORT_DESC = 0x00000001, 
+    KHERR_RF_RES_SHORT_DESC = 0x00000001,
                                 /*!< Short description is a string
                                   resource */
-    KHERR_RF_MSG_SHORT_DESC = 0x00000002, 
+    KHERR_RF_MSG_SHORT_DESC = 0x00000002,
                                 /*!< Short description is a message
                                   resource */
-    KHERR_RF_FREE_SHORT_DESC= 0x00000004, 
+    KHERR_RF_FREE_SHORT_DESC= 0x00000004,
                                 /*!< Short description is an allocated
                                   string */
     KHERR_RFMASK_SHORT_DESC = 0x00000007,
 
-    KHERR_RF_CSTR_LONG_DESC = 0x00000000, 
+    KHERR_RF_CSTR_LONG_DESC = 0x00000000,
                                 /*!< Long description is a constant
                                   string */
-    KHERR_RF_RES_LONG_DESC  = 0x00000008, 
+    KHERR_RF_RES_LONG_DESC  = 0x00000008,
                                 /*!< Long description is a string
                                   resource */
-    KHERR_RF_MSG_LONG_DESC  = 0x00000010, 
+    KHERR_RF_MSG_LONG_DESC  = 0x00000010,
                                 /*!< Long description is a message
                                   resouce  */
-    KHERR_RF_FREE_LONG_DESC = 0x00000020, 
+    KHERR_RF_FREE_LONG_DESC = 0x00000020,
                                 /*!< Long description is an allocated
                                   string */
     KHERR_RFMASK_LONG_DESC  = 0x00000038,
 
-    KHERR_RF_CSTR_SUGGEST   = 0x00000000, 
+    KHERR_RF_CSTR_SUGGEST   = 0x00000000,
                                 /*!< Suggestion is a constant
                                   string */
-    KHERR_RF_RES_SUGGEST    = 0x00000040, 
+    KHERR_RF_RES_SUGGEST    = 0x00000040,
                                 /*!< Suggestion is a string
                                   resource */
-    KHERR_RF_MSG_SUGGEST    = 0x00000080, 
+    KHERR_RF_MSG_SUGGEST    = 0x00000080,
                                 /*!< Suggestion is a message
                                   resource */
-    KHERR_RF_FREE_SUGGEST   = 0x00000100,  
+    KHERR_RF_FREE_SUGGEST   = 0x00000100,
                                 /*!< Suggestion is an allocated
                                   string */
     KHERR_RFMASK_SUGGEST    = 0x000001C0,
@@ -298,7 +298,7 @@ typedef struct tag_kherr_context {
                                   number as well as the pointer to the
                                   context object. */
 
-    kherr_severity severity;    
+    kherr_severity severity;
 				/*!< Severity level.  One of the
 				  severity levels listed below. This
 				  is the severity level of the context
@@ -406,7 +406,7 @@ enum kherr_ctx_event {
 
     \see kherr_add_ctx_handler()
  */
-typedef void (KHMAPI * kherr_ctx_handler)(enum kherr_ctx_event, 
+typedef void (KHMAPI * kherr_ctx_handler)(enum kherr_ctx_event,
                                          kherr_context *);
 
 /*! \brief Add a context event handler
@@ -468,7 +468,7 @@ typedef void (KHMAPI * kherr_ctx_handler)(enum kherr_ctx_event,
         should be tracked.  If this is zero, all error contexts can
         trigger the handler.
  */
-KHMEXP void KHMAPI kherr_add_ctx_handler(kherr_ctx_handler h, 
+KHMEXP void KHMAPI kherr_add_ctx_handler(kherr_ctx_handler h,
                                          khm_int32 filter,
                                          kherr_serial serial);
 
diff --git a/src/windows/identity/kmm/kmm.h b/src/windows/identity/kmm/kmm.h
index 56d43984b..58e9e1b24 100644
--- a/src/windows/identity/kmm/kmm.h
+++ b/src/windows/identity/kmm/kmm.h
@@ -171,7 +171,7 @@ typedef struct tag_kmm_plugin_info {
  */
 #define KHM_PITYPE_CRED     1
 
-/*! \brief A identity provider 
+/*! \brief A identity provider
 
     \see \ref pi_pt_cred for more information
  */
@@ -330,14 +330,14 @@ enum KMM_MODULE_STATES {
 
     \note Only called by the NetIDMgr core.
 */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 kmm_init(void);
 
 /*! \brief Stop the Module Manager
 
     \note Only called by the NetIDMgr core.
 */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 kmm_exit(void);
 
 /*! \brief Return the plugin handle for the current plugin
@@ -347,7 +347,7 @@ kmm_exit(void);
     kmm_release_plugin().  Returns NULL if the current thread is not
     owned by any plugin.
  */
-KHMEXP kmm_plugin KHMAPI 
+KHMEXP kmm_plugin KHMAPI
 kmm_this_plugin(void);
 
 /*! \brief Return the module handle for the current module
@@ -356,7 +356,7 @@ kmm_this_plugin(void);
     thread.  The returned handle must be released by calling
     kmm_release_module()
 */
-KHMEXP kmm_module KHMAPI 
+KHMEXP kmm_module KHMAPI
 kmm_this_module(void);
 
 /*! \name Flags for kmm_load_module()
@@ -446,22 +446,22 @@ kmm_this_module(void);
     \see \ref pi_fw_pm_load
     \see ::KMM_LM_FLAG_SYNC, ::KMM_LM_FLAG_NOLOAD
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_load_module(wchar_t * modname, khm_int32 flags, kmm_module * result);
 
 /*! \brief Hold a handle to a module
 
     Use kmm_release_module() to release the hold.
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_hold_module(kmm_module module);
 
 /*! \brief Release a handle to a module
 
-    Release a held referece to a module that was returned in a call to 
+    Release a held referece to a module that was returned in a call to
     kmm_load_module().
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_release_module(kmm_module m);
 
 /*! \brief Query the state of a module
@@ -473,7 +473,7 @@ kmm_release_module(kmm_module m);
     \return The return value is one of the ::KMM_MODULE_STATES
         enumerations.
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_module_state(kmm_module m);
 
 /*! \brief Unload a module
@@ -483,7 +483,7 @@ kmm_get_module_state(kmm_module m);
 
     \see \ref pi_fw_pm_unload
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_unload_module(kmm_module module);
 
 /*! \brief Loads the default modules as specified in the configuration
@@ -492,7 +492,7 @@ kmm_unload_module(kmm_module module);
     This function dispatches the necessary message for loading these
     modules and reutnrs.
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_load_default_modules(void);
 
 /*! \brief Checks whether there are any pending loads
@@ -511,7 +511,7 @@ kmm_load_pending(void);
     change in ways which are inconsistent from the internal data
     structures that kmm maintains.
  */
-KHMEXP HMODULE     KHMAPI 
+KHMEXP HMODULE     KHMAPI
 kmm_get_hmodule(kmm_module m);
 #endif
 
@@ -521,7 +521,7 @@ kmm_get_hmodule(kmm_module m);
     until the hold is released with a call to kmm_release_plugin().
     No guarantees are made on the handle once the handle is released.
  */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_hold_plugin(kmm_plugin p);
 
 /*! \brief Release a plugin
@@ -530,7 +530,7 @@ kmm_hold_plugin(kmm_plugin p);
     kmm_hold_plugin().  The plugin handle should no longer be
     considered valied once this is called.
  */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_release_plugin(kmm_plugin p);
 
 /*! \brief Provide a plugin
@@ -571,14 +571,14 @@ kmm_release_plugin(kmm_plugin p);
 
     \note This can only be called when handing init_module()
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_provide_plugin(kmm_module module, kmm_plugin_reg * plugin);
 
 /*! \brief Query the state of a plugin.
 
     \return One of ::_kmm_plugin_states
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_plugin_state(wchar_t * plugin);
 
 /*! \defgroup kmm_reg Registration
@@ -612,7 +612,7 @@ kmm_get_plugin_state(wchar_t * plugin);
     \see khc_open_space()
     \see khc_close_space()
  */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_plugin_config(wchar_t * plugin, khm_int32 flags, khm_handle * result);
 
 /*! \brief Obtain the configuration space for a named module
@@ -633,7 +633,7 @@ kmm_get_plugin_config(wchar_t * plugin, khm_int32 flags, khm_handle * result);
     \see khc_open_space()
     \see khc_close_space()
 */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_module_config(wchar_t * module, khm_int32 flags, khm_handle * result);
 
 /*! \brief Retrieve a handle to the configuration space for plugins
@@ -653,7 +653,7 @@ kmm_get_module_config(wchar_t * module, khm_int32 flags, khm_handle * result);
     \see khc_open_space()
     \see khc_close_space()
  */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_plugins_config(khm_int32 flags, khm_handle * result);
 
 /*! \brief Retrieve the handle to the configuration space for modules
@@ -672,7 +672,7 @@ kmm_get_plugins_config(khm_int32 flags, khm_handle * result);
     \see khc_open_space()
     \see khc_close_space()
  */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_modules_config(khm_int32 flags, khm_handle * result);
 
 /*! \brief Return information about a loaded module
@@ -707,8 +707,8 @@ kmm_get_modules_config(khm_int32 flags, khm_handle * result);
     \retval KHM_ERROR_NOT_FOUND The specified module is not a
         registered module.
  */
-KHMEXP khm_int32   KHMAPI 
-kmm_get_module_info(wchar_t *  module_name, khm_int32 flags, 
+KHMEXP khm_int32   KHMAPI
+kmm_get_module_info(wchar_t *  module_name, khm_int32 flags,
                     kmm_module_info * buffer, khm_size * cb_buffer);
 
 /*! \brief Get information about a module
@@ -765,9 +765,9 @@ kmm_release_module_info_i(kmm_module_info * info);
     \retval KHM_ERROR_NOT_FOUND The specified plugin was not found
         among the registered plugins.
 */
-KHMEXP khm_int32   KHMAPI 
-kmm_get_plugin_info(wchar_t * plugin_name, 
-                    kmm_plugin_info * buffer, 
+KHMEXP khm_int32   KHMAPI
+kmm_get_plugin_info(wchar_t * plugin_name,
+                    kmm_plugin_info * buffer,
                     khm_size * cb_buffer);
 
 /*! \brief Obtain information about a plugin using a plugin handle
@@ -862,7 +862,7 @@ kmm_enable_plugin(kmm_plugin p, khm_boolean enable);
 
     \see kmm_register_module()
  */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_register_plugin(kmm_plugin_reg * plugin, khm_int32 config_flags);
 
 /*! \brief Register a module
@@ -883,7 +883,7 @@ kmm_register_plugin(kmm_plugin_reg * plugin, khm_int32 config_flags);
         can be used to choose the configuration store in which the
         module registration will be performed.
   */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_register_module(kmm_module_reg * module, khm_int32 config_flags);
 
 /*! \brief Unregister a plugin
@@ -902,7 +902,7 @@ kmm_register_module(kmm_module_reg * module, khm_int32 config_flags);
         is unloaded and the associated module is either also unloaded
         or in a state where the plugin can be unregistered.
  */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_unregister_plugin(wchar_t * plugin, khm_int32 config_flags);
 
 /*! \brief Unregister a module
@@ -921,7 +921,7 @@ kmm_unregister_plugin(wchar_t * plugin, khm_int32 config_flags);
         the module.  The caller should make sure that the module is
         unloaded and in a state where it can be unregistered.
  */
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_unregister_module(wchar_t * module, khm_int32 config_flags);
 
 /*@}*/ /* kmm_reg */
@@ -982,9 +982,9 @@ typedef struct tag_kmm_module_locale {
 
     \note This can only be called when handing init_module()
 */
-KHMEXP khm_int32   KHMAPI 
-kmm_set_locale_info(kmm_module module, 
-                    kmm_module_locale * locales, 
+KHMEXP khm_int32   KHMAPI
+kmm_set_locale_info(kmm_module module,
+                    kmm_module_locale * locales,
                     khm_int32 n_locales);
 
 #ifdef _WIN32
@@ -994,21 +994,21 @@ kmm_set_locale_info(kmm_module module,
     NetIDMgr allows the specification of an alternate resource library
     that will be used to load localized resources from.  This function
     returns a handle to this library.
-    
+
     While you can use the convenience macros to access resources in a
     localization library using the module handle, it is recommended,
     for performance reasons, to use this function to obtain the handle
     to the resource library and then use that handle in calls to
     LoadString, LoadImage etc. directly.
 */
-KHMEXP HMODULE     KHMAPI 
+KHMEXP HMODULE     KHMAPI
 kmm_get_resource_hmodule(kmm_module m);
 
 /*! \name Convenience Macros
 @{*/
 /*! \brief Convenience macro for using calling LoadAccelerators using a module handle
 
-    \param[in] module A handle to a loaded module.  The corresponding resource 
+    \param[in] module A handle to a loaded module.  The corresponding resource
         module will be located through a call to kmm_get_resource_hmodule()
 */
 #define kmm_LoadAccelerators(module, lpTableName) \
@@ -1016,7 +1016,7 @@ kmm_get_resource_hmodule(kmm_module m);
 
 /*! \brief Convenience macro for using calling LoadBitmap using a module handle
 
-    \param[in] module A handle to a loaded module.  The corresponding resource 
+    \param[in] module A handle to a loaded module.  The corresponding resource
         module will be located through a call to kmm_get_resource_hmodule()
 */
 #define kmm_LoadBitmap(module, lpBitmapName) \
@@ -1024,7 +1024,7 @@ kmm_get_resource_hmodule(kmm_module m);
 
 /*! \brief Convenience macro for using calling LoadImage using a module handle
 
-    \param[in] module A handle to a loaded module.  The corresponding resource 
+    \param[in] module A handle to a loaded module.  The corresponding resource
         module will be located through a call to kmm_get_resource_hmodule()
 */
 #define kmm_LoadImage(module, lpszName, uType, cxDesired, cyDesired, fuLoad) \
@@ -1032,7 +1032,7 @@ kmm_get_resource_hmodule(kmm_module m);
 
 /*! \brief Convenience macro for using calling LoadCursor using a module handle
 
-    \param[in] module A handle to a loaded module.  The corresponding resource 
+    \param[in] module A handle to a loaded module.  The corresponding resource
         module will be located through a call to kmm_get_resource_hmodule()
 */
 #define kmm_LoadCursor(module, lpCursorName) \
@@ -1040,7 +1040,7 @@ kmm_get_resource_hmodule(kmm_module m);
 
 /*! \brief Convenience macro for using calling LoadIcon using a module handle
 
-    \param[in] module A handle to a loaded module.  The corresponding resource 
+    \param[in] module A handle to a loaded module.  The corresponding resource
         module will be located through a call to kmm_get_resource_hmodule()
 */
 #define kmm_LoadIcon(module, lpIconName) \
@@ -1048,7 +1048,7 @@ kmm_get_resource_hmodule(kmm_module m);
 
 /*! \brief Convenience macro for using calling LoadMenu using a module handle
 
-    \param[in] module A handle to a loaded module.  The corresponding resource 
+    \param[in] module A handle to a loaded module.  The corresponding resource
         module will be located through a call to kmm_get_resource_hmodule()
 */
 #define kmm_LoadMenu(module, lpMenuName) \
@@ -1056,7 +1056,7 @@ kmm_get_resource_hmodule(kmm_module m);
 
 /*! \brief Convenience macro for using calling LoadString using a module handle
 
-    \param[in] module A handle to a loaded module.  The corresponding resource 
+    \param[in] module A handle to a loaded module.  The corresponding resource
         module will be located through a call to kmm_get_resource_hmodule()
 */
 #define kmm_LoadString(module, uID, lpBuffer, nBufferMax) \
diff --git a/src/windows/identity/kmm/kmm_module.c b/src/windows/identity/kmm/kmm_module.c
index 13fae87d3..bfa984af5 100644
--- a/src/windows/identity/kmm/kmm_module.c
+++ b/src/windows/identity/kmm/kmm_module.c
@@ -120,7 +120,7 @@ KHMEXP khm_int32   KHMAPI kmm_release_module(kmm_module vm)
 
     EnterCriticalSection(&cs_kmm);
     m = kmm_module_from_handle(vm);
-    if(! --(m->refcount)) 
+    if(! --(m->refcount))
     {
         /* note that a 0 ref count means that there are no active
            plugins */
@@ -264,7 +264,7 @@ kmmint_read_module_info(kmm_module_i * m) {
     if (!VerQueryValue(m->version_info,
                        resname, (LPVOID *) &r, &c)) {
         rv = KHM_ERROR_INVALID_PARAM;
-        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING, 
+        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING,
                     _cstr(TEXT(NIMV_MODULE)));
         goto _cleanup;
     }
@@ -293,7 +293,7 @@ kmmint_read_module_info(kmm_module_i * m) {
     if (!VerQueryValue(m->version_info,
                        resname, (LPVOID *) &r, &c)) {
         rv = KHM_ERROR_INVALID_PARAM;
-        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING, 
+        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING,
                     _cstr(TEXT(NIMV_APIVER)));
         goto _cleanup;
     }
@@ -331,7 +331,7 @@ kmmint_read_module_info(kmm_module_i * m) {
     if (!VerQueryValue(m->version_info,
                        resname, (LPVOID *) &r, &c)) {
         rv = KHM_ERROR_INVALID_PARAM;
-        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING, 
+        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING,
                     _cstr(L"FileDescription"));
         goto _cleanup;
     }
@@ -401,7 +401,7 @@ kmmint_read_module_info(kmm_module_i * m) {
     if (!VerQueryValue(m->version_info,
                        resname, (LPVOID *) &r, &c)) {
         rv = KHM_ERROR_INVALID_PARAM;
-        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING, 
+        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING,
                     _cstr(L"LegalCopyright"));
         goto _cleanup;
     }
@@ -428,7 +428,7 @@ kmmint_read_module_info(kmm_module_i * m) {
         c != sizeof(*vff)) {
 
         rv = KHM_ERROR_INVALID_PARAM;
-        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING, 
+        _report_mr1(KHERR_WARNING, MSG_RMI_RES_MISSING,
                     _cstr(L"Fixed Version Info"));
         goto _cleanup;
     }
@@ -456,8 +456,8 @@ kmmint_read_module_info(kmm_module_i * m) {
     return rv;
 }
 
-KHMEXP khm_int32   KHMAPI kmm_load_module(wchar_t * modname, 
-                                          khm_int32 flags, 
+KHMEXP khm_int32   KHMAPI kmm_load_module(wchar_t * modname,
+                                          khm_int32 flags,
                                           kmm_module * result)
 {
     kmm_module_i * m = NULL;
@@ -477,8 +477,8 @@ KHMEXP khm_int32   KHMAPI kmm_load_module(wchar_t * modname,
         /* check if the module has either failed to load either or if
         it has been terminated.  If so, we try once again to load the
         module. */
-        if(!(flags & KMM_LM_FLAG_NOLOAD) && 
-            (mi->state < 0 || mi->state == KMM_MODULE_STATE_EXITED)) 
+        if(!(flags & KMM_LM_FLAG_NOLOAD) &&
+            (mi->state < 0 || mi->state == KMM_MODULE_STATE_EXITED))
         {
             mi->state = KMM_MODULE_STATE_PREINIT;
         }
@@ -517,9 +517,9 @@ KHMEXP khm_int32   KHMAPI kmm_load_module(wchar_t * modname,
 
     if(flags & KMM_LM_FLAG_SYNC) {
         kmm_hold_module(kmm_handle_from_module(m));
-        kmq_send_message(KMSG_KMM, 
-                         KMSG_KMM_I_REG, 
-                         KMM_REG_INIT_MODULE, 
+        kmq_send_message(KMSG_KMM,
+                         KMSG_KMM_I_REG,
+                         KMM_REG_INIT_MODULE,
                          (void*) m);
         if(m->state <= 0) {
             /* failed to load ? */
@@ -541,9 +541,9 @@ KHMEXP khm_int32   KHMAPI kmm_load_module(wchar_t * modname,
         }
     } else {
         kmm_hold_module(kmm_handle_from_module(m));
-        kmq_post_message(KMSG_KMM, 
-                         KMSG_KMM_I_REG, 
-                         KMM_REG_INIT_MODULE, 
+        kmq_post_message(KMSG_KMM,
+                         KMSG_KMM_I_REG,
+                         KMM_REG_INIT_MODULE,
                          (void*) m);
         if(result)
             *result = kmm_handle_from_module(m);
@@ -554,7 +554,7 @@ KHMEXP khm_int32   KHMAPI kmm_load_module(wchar_t * modname,
     return rv;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_module_state(kmm_module m)
 {
     if(!kmm_is_module(m))
@@ -608,22 +608,22 @@ kmm_release_module_info_i(kmm_module_info * info) {
 }
 
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_unload_module(kmm_module module) {
 
     if(!kmm_is_module(module))
         return KHM_ERROR_INVALID_PARAM;
 
     kmm_hold_module(module);
-    kmq_post_message(KMSG_KMM, 
-		     KMSG_KMM_I_REG, 
-		     KMM_REG_EXIT_MODULE, 
+    kmq_post_message(KMSG_KMM,
+		     KMSG_KMM_I_REG,
+		     KMM_REG_EXIT_MODULE,
 		     (void *) kmm_module_from_handle(module));
 
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_load_default_modules(void) {
     khm_handle csm = NULL;
     khm_handle cs_mod = NULL;
@@ -665,7 +665,7 @@ kmm_load_default_modules(void) {
 }
 
 #ifdef _WIN32
-KHMEXP HMODULE     KHMAPI 
+KHMEXP HMODULE     KHMAPI
 kmm_get_hmodule(kmm_module m)
 {
     if(!kmm_is_module(m))
diff --git a/src/windows/identity/kmm/kmm_plugin.c b/src/windows/identity/kmm/kmm_plugin.c
index 89e31ad84..e44d59862 100644
--- a/src/windows/identity/kmm/kmm_plugin.c
+++ b/src/windows/identity/kmm/kmm_plugin.c
@@ -31,7 +31,7 @@
    if one isn't found, we create an empty one.
 */
 
-kmm_plugin_i * 
+kmm_plugin_i *
 kmmint_get_plugin_i(wchar_t * name)
 {
     kmm_plugin_i * p;
@@ -60,7 +60,7 @@ kmmint_get_plugin_i(wchar_t * name)
     return p;
 }
 
-kmm_plugin_i * 
+kmm_plugin_i *
 kmmint_find_plugin_i(wchar_t * name)
 {
     kmm_plugin_i * p;
@@ -77,12 +77,12 @@ kmmint_find_plugin_i(wchar_t * name)
 }
 
 /* the plugin must be delisted before calling this */
-void 
+void
 kmmint_list_plugin(kmm_plugin_i * p)
 {
     EnterCriticalSection(&cs_kmm);
     if((p->flags & KMM_PLUGIN_FLAG_IN_MODLIST) ||
-        (p->flags & KMM_PLUGIN_FLAG_IN_LIST)) 
+        (p->flags & KMM_PLUGIN_FLAG_IN_LIST))
     {
         RaiseException(2, EXCEPTION_NONCONTINUABLE, 0, NULL);
     }
@@ -91,7 +91,7 @@ kmmint_list_plugin(kmm_plugin_i * p)
     LeaveCriticalSection(&cs_kmm);
 }
 
-void 
+void
 kmmint_delist_plugin(kmm_plugin_i * p)
 {
     EnterCriticalSection(&cs_kmm);
@@ -106,7 +106,7 @@ kmmint_delist_plugin(kmm_plugin_i * p)
     LeaveCriticalSection(&cs_kmm);
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_hold_plugin(kmm_plugin p)
 {
     kmm_plugin_i * pi;
@@ -123,7 +123,7 @@ kmm_hold_plugin(kmm_plugin p)
 }
 
 /* called with cs_kmm held */
-void 
+void
 kmmint_free_plugin(kmm_plugin_i * pi)
 {
     int i;
@@ -314,7 +314,7 @@ kmm_get_next_plugin(kmm_plugin p, kmm_plugin * p_next) {
     return rv;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_release_plugin(kmm_plugin p)
 {
     kmm_plugin_i * pi;
@@ -333,7 +333,7 @@ kmm_release_plugin(kmm_plugin p)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_provide_plugin(kmm_module module, kmm_plugin_reg * plugin)
 {
     kmm_module_i * m;
@@ -348,15 +348,15 @@ kmm_provide_plugin(kmm_module module, kmm_plugin_reg * plugin)
     if(m->state != KMM_MODULE_STATE_INIT)
         return KHM_ERROR_INVALID_OPERATION;
 
-    if(!plugin || 
-       FAILED(StringCbLength(plugin->name, KMM_MAXCB_NAME - sizeof(wchar_t), 
+    if(!plugin ||
+       FAILED(StringCbLength(plugin->name, KMM_MAXCB_NAME - sizeof(wchar_t),
                              &cb_name)) ||
-       (plugin->description && 
-        FAILED(StringCbLength(plugin->description, 
-                              KMM_MAXCB_DESC - sizeof(wchar_t), 
+       (plugin->description &&
+        FAILED(StringCbLength(plugin->description,
+                              KMM_MAXCB_DESC - sizeof(wchar_t),
                               &cb_desc))) ||
-       (plugin->dependencies && 
-        KHM_FAILED(multi_string_length_cb(plugin->dependencies, 
+       (plugin->dependencies &&
+        KHM_FAILED(multi_string_length_cb(plugin->dependencies,
                                           KMM_MAXCB_DEPS, &cb_dep)))) {
         return KHM_ERROR_INVALID_PARAM;
     }
@@ -411,4 +411,3 @@ kmm_provide_plugin(kmm_module module, kmm_plugin_reg * plugin)
     /* leave the plugin held because it is in the module's plugin list */
     return KHM_ERROR_SUCCESS;
 }
-
diff --git a/src/windows/identity/kmm/kmm_reg.c b/src/windows/identity/kmm/kmm_reg.c
index e1adaa0c3..00626550f 100644
--- a/src/windows/identity/kmm/kmm_reg.c
+++ b/src/windows/identity/kmm/kmm_reg.c
@@ -27,23 +27,23 @@
 
 #include<kmminternal.h>
 
-KHMEXP khm_int32   KHMAPI 
-kmm_get_module_info(wchar_t * module_name, khm_int32 flags, 
+KHMEXP khm_int32   KHMAPI
+kmm_get_module_info(wchar_t * module_name, khm_int32 flags,
                     kmm_module_info * buffer, khm_size * cb_buffer)
 {
     /*TODO:Implement this */
     return KHM_ERROR_NOT_IMPLEMENTED;
 }
 
-KHMEXP khm_int32   KHMAPI 
-kmm_get_plugin_info(wchar_t * plugin_name, 
+KHMEXP khm_int32   KHMAPI
+kmm_get_plugin_info(wchar_t * plugin_name,
                     kmm_plugin_info * buffer, khm_size * cb_buffer)
 {
     /*TODO:Implement this */
     return KHM_ERROR_NOT_IMPLEMENTED;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_plugins_config(khm_int32 flags, khm_handle * result) {
     khm_handle csp_root;
     khm_handle csp_plugins;
@@ -66,7 +66,7 @@ kmm_get_plugins_config(khm_int32 flags, khm_handle * result) {
 }
 
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_modules_config(khm_int32 flags, khm_handle * result) {
     khm_handle croot;
     khm_handle kmm_all_modules;
@@ -89,7 +89,7 @@ kmm_get_modules_config(khm_int32 flags, khm_handle * result) {
 }
 
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_plugin_config(wchar_t * plugin, khm_int32 flags, khm_handle * result)
 {
     khm_handle csplugins;
@@ -111,7 +111,7 @@ kmm_get_plugin_config(wchar_t * plugin, khm_int32 flags, khm_handle * result)
 }
 
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_get_module_config(wchar_t * module, khm_int32 flags, khm_handle * result)
 {
     khm_handle csmodules;
@@ -132,7 +132,7 @@ kmm_get_module_config(wchar_t * module, khm_int32 flags, khm_handle * result)
     return rv;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_register_plugin(kmm_plugin_reg * plugin, khm_int32 config_flags)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -144,8 +144,8 @@ kmm_register_plugin(kmm_plugin_reg * plugin, khm_int32 config_flags)
     config_flags &= ~KHM_FLAG_CREATE;
 
     if((plugin == NULL) ||
-       (plugin->dependencies && 
-        KHM_FAILED(multi_string_length_cch(plugin->dependencies, 
+       (plugin->dependencies &&
+        KHM_FAILED(multi_string_length_cch(plugin->dependencies,
                                            KMM_MAXCCH_DEPS, &cch))) ||
        FAILED(StringCchLength(plugin->module, KMM_MAXCCH_NAME, &cch)) ||
        (plugin->description &&
@@ -162,7 +162,7 @@ kmm_register_plugin(kmm_plugin_reg * plugin, khm_int32 config_flags)
 
 #define CKRV if(KHM_FAILED(rv)) goto _exit
 
-    rv = kmm_get_plugin_config(plugin->name, 
+    rv = kmm_get_plugin_config(plugin->name,
                                config_flags | KHM_FLAG_CREATE, &csp_plugin);
     CKRV;
 
@@ -182,7 +182,7 @@ kmm_register_plugin(kmm_plugin_reg * plugin, khm_int32 config_flags)
     }
 
     if(plugin->dependencies) {
-        rv = khc_write_multi_string(csp_plugin, L"Dependencies", 
+        rv = khc_write_multi_string(csp_plugin, L"Dependencies",
                                     plugin->dependencies);
         CKRV;
     }
@@ -248,7 +248,7 @@ _exit:
     return rv;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_register_module(kmm_module_reg * module, khm_int32 config_flags)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -258,8 +258,8 @@ kmm_register_module(kmm_module_reg * module, khm_int32 config_flags)
 
     if((module == NULL) ||
         FAILED(StringCchLength(module->name, KMM_MAXCCH_NAME, &cch)) ||
-        (module->description && 
-            FAILED(StringCchLength(module->description, 
+        (module->description &&
+            FAILED(StringCchLength(module->description,
                                    KMM_MAXCCH_DESC, &cch))) ||
         FAILED(StringCchLength(module->path, MAX_PATH, &cch)) ||
         (module->n_plugins > 0 && module->plugin_reg_info == NULL)) {
@@ -268,7 +268,7 @@ kmm_register_module(kmm_module_reg * module, khm_int32 config_flags)
 
 #define CKRV if(KHM_FAILED(rv)) goto _exit
 
-    rv = kmm_get_module_config(module->name, config_flags | KHM_FLAG_CREATE, 
+    rv = kmm_get_module_config(module->name, config_flags | KHM_FLAG_CREATE,
                                &csp_module);
     CKRV;
 
@@ -294,7 +294,7 @@ _exit:
     return rv;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_unregister_plugin(wchar_t * plugin, khm_int32 config_flags)
 {
     khm_handle csp_plugin = NULL;
@@ -315,7 +315,7 @@ kmm_unregister_plugin(wchar_t * plugin, khm_int32 config_flags)
     return rv;
 }
 
-KHMEXP khm_int32   KHMAPI 
+KHMEXP khm_int32   KHMAPI
 kmm_unregister_module(wchar_t * module, khm_int32 config_flags)
 {
     khm_handle csp_module = NULL;
diff --git a/src/windows/identity/kmm/kmm_registrar.c b/src/windows/identity/kmm/kmm_registrar.c
index 75f3b782a..c3bcdb9a9 100644
--- a/src/windows/identity/kmm/kmm_registrar.c
+++ b/src/windows/identity/kmm/kmm_registrar.c
@@ -92,8 +92,8 @@ kmm_load_pending(void) {
 
 /*! \internal
   \brief Message handler for the registrar thread. */
-khm_boolean KHMAPI kmmint_reg_cb(khm_int32 msg_type, 
-                                 khm_int32 msg_sub_type, 
+khm_boolean KHMAPI kmmint_reg_cb(khm_int32 msg_type,
+                                 khm_int32 msg_sub_type,
                                  khm_ui_4 uparam,
                                  void *vparam)
 {
@@ -173,7 +173,7 @@ DWORD WINAPI kmmint_plugin_broker(LPVOID lpParameter)
 
     p->tid_thread = GetCurrentThreadId();
 
-    rv = (*p->p.msg_proc)(KMSG_SYSTEM, KMSG_SYSTEM_INIT, 
+    rv = (*p->p.msg_proc)(KMSG_SYSTEM, KMSG_SYSTEM_INIT,
                           0, (void *) &(p->p));
     _report_mr1(KHERR_INFO, MSG_PB_INIT_RV, _int32(rv));
 
@@ -282,7 +282,7 @@ DWORD WINAPI kmmint_plugin_broker(LPVOID lpParameter)
         p->state = KMM_PLUGIN_STATE_EXITED;
 
     /* the following call will automatically release the plugin */
-    kmq_post_message(KMSG_KMM, KMSG_KMM_I_REG, 
+    kmq_post_message(KMSG_KMM, KMSG_KMM_I_REG,
                      KMM_REG_EXIT_PLUGIN, (void *) p);
 
     TlsSetValue(tls_kmm, (LPVOID) 0);
@@ -353,7 +353,7 @@ void kmmint_init_plugin(kmm_plugin_i * p) {
             p->state = KMM_PLUGIN_STATE_FAIL_NOT_REGISTERED;
             goto _exit;
         }
-        
+
         if(KHM_FAILED(kmm_get_plugin_config(p->p.name, 0, &csp_plugin))) {
             _report_mr0(KHERR_ERROR, MSG_IP_NOT_REGISTERED);
 
@@ -378,18 +378,18 @@ void kmmint_init_plugin(kmm_plugin_i * p) {
 
     p->n_depends = 0;
     p->n_unresolved = 0;
-    
+
     do {
         wchar_t * deps = NULL;
         wchar_t * d;
         khm_size sz = 0;
 
-        if(khc_read_multi_string(csp_plugin, L"Dependencies", 
+        if(khc_read_multi_string(csp_plugin, L"Dependencies",
                                  NULL, &sz) != KHM_ERROR_TOO_LONG)
             break;
 
         deps = PMALLOC(sz);
-        if(KHM_FAILED(khc_read_multi_string(csp_plugin, L"Dependencies", 
+        if(KHM_FAILED(khc_read_multi_string(csp_plugin, L"Dependencies",
                                             deps, &sz))) {
             if(deps)
                 PFREE(deps);
@@ -473,11 +473,11 @@ _exit_post:
     if(csp_plugins != NULL)
         khc_close_space(csp_plugins);
 
-    _report_mr2(KHERR_INFO, MSG_IP_STATE, 
+    _report_mr2(KHERR_INFO, MSG_IP_STATE,
                 _dupstr(p->p.name), _int32(p->state));
 
     _end_task();
-    
+
     return;
 
     /* jump here if an error condition happens before the plugin
@@ -489,7 +489,7 @@ _exit:
     if(csp_plugins != NULL)
         khc_close_space(csp_plugins);
 
-    _report_mr2(KHERR_WARNING, MSG_IP_EXITING, 
+    _report_mr2(KHERR_WARNING, MSG_IP_EXITING,
                 _dupstr(p->p.name), _int32(p->state));
     _end_task();
 
@@ -512,7 +512,7 @@ _exit:
 
   In addition to terminating the thread, and removing p from the
   linked list and hashtable, it also frees up p.
-   
+
   \note Should only be called from the context of the registrar thread. */
 void kmmint_exit_plugin(kmm_plugin_i * p) {
     int np;
@@ -654,7 +654,7 @@ void kmmint_init_module(kmm_module_i * m) {
 
         ct = (FtToInt(&fct) - tm) / 10000000i64;
 
-        if(tm > 0 && 
+        if(tm > 0 &&
            ct > fail_reset_time) {
             i = 0;
             khc_write_int32(csp_mod, L"FailureCount", 0);
@@ -666,7 +666,7 @@ void kmmint_init_module(kmm_module_i * m) {
         /* did we exceed the max failure count?  However, we ignore
            the max failure count if the reason why it didn't load the
            last time was because the module wasn't found. */
-        if(i > max_fail_count && 
+        if(i > max_fail_count &&
            last_reason != KMM_MODULE_STATE_FAIL_NOT_FOUND) {
             /* failed too many times */
             _report_mr0(KHERR_INFO, MSG_IM_MAX_FAIL);
@@ -676,15 +676,15 @@ void kmmint_init_module(kmm_module_i * m) {
         }
     }
 
-    if(khc_read_string(csp_mod, KMM_VALNAME_IMAGEPATH, NULL, &sz) == 
+    if(khc_read_string(csp_mod, KMM_VALNAME_IMAGEPATH, NULL, &sz) ==
        KHM_ERROR_TOO_LONG) {
         if(m->path)
             PFREE(m->path);
         m->path = PMALLOC(sz);
         khc_read_string(csp_mod, KMM_VALNAME_IMAGEPATH, m->path, &sz);
     } else {
-	/* 
-	 * If there is no image path, then the module has not been 
+	/*
+	 * If there is no image path, then the module has not been
 	 * installed.  Do not report an error and bother the user.
 	 *   _report_mr0(KHERR_ERROR, MSG_IM_NOT_REGISTERED);
 	 */
@@ -831,7 +831,7 @@ void kmmint_init_module(kmm_module_i * m) {
     if(csp_mods)
         khc_close_space(csp_mods);
 
-    _report_mr2(KHERR_INFO, MSG_IM_MOD_STATE, 
+    _report_mr2(KHERR_INFO, MSG_IM_MOD_STATE,
                 _dupstr(m->name), _int32(m->state));
 
     kmmint_remove_from_module_queue();
@@ -900,7 +900,7 @@ void kmmint_init_module(kmm_module_i * m) {
 void kmmint_exit_module(kmm_module_i * m) {
     kmm_plugin_i * p;
 
-    /*  Exiting a module happens in two stages.  
+    /*  Exiting a module happens in two stages.
 
         If the module state is running (there are active plugins) then
         those plugins must be exited.  This has to be done from the
@@ -942,7 +942,7 @@ void kmmint_exit_module(kmm_module_i * m) {
                (p->flags & KMM_PLUGIN_FLAG_IN_MODCOUNT)) {
 
                 kmm_hold_plugin(kmm_handle_from_plugin(p));
-                kmq_post_message(KMSG_KMM, KMSG_KMM_I_REG, 
+                kmq_post_message(KMSG_KMM, KMSG_KMM_I_REG,
                                  KMM_REG_EXIT_PLUGIN, (void *) p);
                 np++;
 
@@ -986,8 +986,8 @@ void kmmint_exit_module(kmm_module_i * m) {
         if(m->state > 0)
             m->state = KMM_MODULE_STATE_EXIT;
 
-        p_exit_module = 
-            (exit_module_t) GetProcAddress(m->h_module, 
+        p_exit_module =
+            (exit_module_t) GetProcAddress(m->h_module,
                                            EXP_EXIT_MODULE);
         if(p_exit_module) {
             LeaveCriticalSection(&cs_kmm);
diff --git a/src/windows/identity/kmm/kmminternal.h b/src/windows/identity/kmm/kmminternal.h
index 96f8ac24a..c4109495e 100644
--- a/src/windows/identity/kmm/kmminternal.h
+++ b/src/windows/identity/kmm/kmminternal.h
@@ -123,7 +123,7 @@ typedef struct kmm_plugin_i_t {
 
     khm_int32   state;
     khm_int32   flags;
-    
+
     int         refcount;
 
     int         n_depends;
@@ -193,9 +193,9 @@ extern kconf_schema schema_kmmconfig[];
 
 /* Registrar */
 
-khm_boolean KHMAPI 
-kmmint_reg_cb(khm_int32 msg_type, 
-              khm_int32 msg_sub_type, 
+khm_boolean KHMAPI
+kmmint_reg_cb(khm_int32 msg_type,
+              khm_int32 msg_sub_type,
               khm_ui_4 uparam,
               void *vparam);
 
@@ -209,35 +209,35 @@ void kmmint_init_module(kmm_module_i * m);
 void kmmint_exit_module(kmm_module_i * m);
 
 /* Modules */
-kmm_module_i * 
+kmm_module_i *
 kmmint_get_module_i(wchar_t * name);
 
-kmm_module_i * 
+kmm_module_i *
 kmmint_find_module_i(wchar_t * name);
 
-void 
+void
 kmmint_free_module(kmm_module_i * m);
 
 khm_int32
 kmmint_read_module_info(kmm_module_i * m);
 
 /* Plugins */
-kmm_plugin_i * 
+kmm_plugin_i *
 kmmint_get_plugin_i(wchar_t * name);
 
-kmm_plugin_i * 
+kmm_plugin_i *
 kmmint_find_plugin_i(wchar_t * name);
 
-void 
+void
 kmmint_free_plugin(kmm_plugin_i * pi);
 
-void 
+void
 kmmint_list_plugin(kmm_plugin_i * p);
 
-void 
+void
 kmmint_delist_plugin(kmm_plugin_i * p);
 
-khm_boolean 
+khm_boolean
 kmmint_load_locale_lib(kmm_module_i * m, kmm_module_locale * l);
 
 #define KMM_CSNAME_ROOT L"PluginManager"
diff --git a/src/windows/identity/kmm/kmmmain.c b/src/windows/identity/kmm/kmmmain.c
index 49384ccdb..598c10507 100644
--- a/src/windows/identity/kmm/kmmmain.c
+++ b/src/windows/identity/kmm/kmmmain.c
@@ -57,10 +57,10 @@ KHMEXP void KHMAPI kmm_init(void)
     tls_kmm = TlsAlloc();
 
     hash_plugins = hash_new_hashtable(
-        KMM_HASH_SIZE, 
-        hash_string, 
-        hash_string_comp, 
-        NULL, 
+        KMM_HASH_SIZE,
+        hash_string,
+        hash_string_comp,
+        NULL,
         NULL);
 
     hash_modules = hash_new_hashtable(
@@ -148,7 +148,7 @@ void kmm_dll_exit(void)
     evt_startup = NULL;
 }
 
-void 
+void
 kmm_process_attach(HINSTANCE hinstDLL) {
     kmm_hInstance = hinstDLL;
     kmm_dll_init();
@@ -158,4 +158,3 @@ void
 kmm_process_detach(void) {
     kmm_dll_exit();
 }
-
diff --git a/src/windows/identity/kmm/kplugin.h b/src/windows/identity/kmm/kplugin.h
index a5b7a088a..00e3e06ed 100644
--- a/src/windows/identity/kmm/kplugin.h
+++ b/src/windows/identity/kmm/kplugin.h
@@ -34,7 +34,7 @@
 @{*/
 /*! \defgroup kplugin NetIDMgr Plugin Callbacks
 
-See the following related documentation pages for more information 
+See the following related documentation pages for more information
 about NetIDMgr plugins.
 
 These are prototypes of functions that must be implemented by a NetIDMgr
diff --git a/src/windows/identity/kmq/consumer.c b/src/windows/identity/kmq/consumer.c
index dd21834c6..87d24130f 100644
--- a/src/windows/identity/kmq/consumer.c
+++ b/src/windows/identity/kmq/consumer.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2005 Massachusetts Institute of Technology
- * 
+ *
  * Copyright (c) 2007 Secure Endpoints Inc.
  *
  * Permission is hereby granted, free of charge, to any person
@@ -219,7 +219,7 @@ void kmqint_post(kmq_msg_subscription * s, kmq_message * m, khm_boolean try_send
                the message queue. */
             m->refcount++;
             m->nSent++;
-            rv = s->recipient.cb(m->type, m->subtype, 
+            rv = s->recipient.cb(m->type, m->subtype,
                                  m->uparam, m->vparam);
             m->refcount--;
             if(KHM_SUCCEEDED(rv))
@@ -254,8 +254,8 @@ void kmqint_post(kmq_msg_subscription * s, kmq_message * m, khm_boolean try_send
 
 #ifdef _WIN32
     else if(s->rcpt_type == KMQ_RCPTTYPE_HWND) {
-        if(try_send && 
-           GetCurrentThreadId() == GetWindowThreadProcessId(s->recipient.hwnd, 
+        if(try_send &&
+           GetCurrentThreadId() == GetWindowThreadProcessId(s->recipient.hwnd,
                                                             NULL)) {
             /* kmqint_post does not know whether there are any other
                messages waiting to be posted at this point.  Hence,
@@ -270,7 +270,7 @@ void kmqint_post(kmq_msg_subscription * s, kmq_message * m, khm_boolean try_send
             /* the kmq_wm_begin()/kmq_wm_end() and kmq_wm_dispatch()
                handlers decrement the reference count on the message
                when they are done. */
-            SendMessage(s->recipient.hwnd, KMQ_WM_DISPATCH, 
+            SendMessage(s->recipient.hwnd, KMQ_WM_DISPATCH,
                         m->type, (LPARAM) m);
 
             m->nSent++;
@@ -282,7 +282,7 @@ void kmqint_post(kmq_msg_subscription * s, kmq_message * m, khm_boolean try_send
             /* the kmq_wm_begin()/kmq_wm_end() and kmq_wm_dispatch()
                handlers decrement the reference count on the message
                when they are done. */
-            PostMessage(s->recipient.hwnd, KMQ_WM_DISPATCH, 
+            PostMessage(s->recipient.hwnd, KMQ_WM_DISPATCH,
                         m->type, (LPARAM) m);
         }
     }
@@ -360,7 +360,7 @@ KHMEXP khm_int32 KHMAPI kmq_create_hwnd_subscription(HWND hw,
 /*! \internal
     \note Obtains ::cs_kmq_global
 */
-KHMEXP khm_int32 KHMAPI kmq_create_subscription(kmq_callback_t cb, 
+KHMEXP khm_int32 KHMAPI kmq_create_subscription(kmq_callback_t cb,
                                                 khm_handle * result)
 {
     kmq_msg_subscription * s;
@@ -498,7 +498,7 @@ KHMEXP khm_boolean KHMAPI kmq_is_call_aborted(void) {
 
 /*! \internal
 
-    \note Obtains ::cs_kmq_global, kmq_queue::cs, ::cs_kmq_msg_ref, ::cs_kmq_msg, 
+    \note Obtains ::cs_kmq_global, kmq_queue::cs, ::cs_kmq_msg_ref, ::cs_kmq_msg,
 */
 KHMEXP khm_int32 KHMAPI kmq_dispatch(kmq_timer timeout) {
     kmq_queue * q;
diff --git a/src/windows/identity/kmq/init.c b/src/windows/identity/kmq/init.c
index 1c2023fc8..f73fd01a5 100644
--- a/src/windows/identity/kmq/init.c
+++ b/src/windows/identity/kmq/init.c
@@ -158,7 +158,7 @@ void kmqint_detach_this_thread(void) {
         q->wait_o = NULL;
 
         q->flags &= ~KMQ_QUEUE_FLAG_DETACHING;
-        
+
         LeaveCriticalSection(&q->cs);
 
         /* For now, we don't free the queue. */
@@ -190,7 +190,7 @@ DWORD WINAPI kmqint_completion_thread_proc(LPVOID p) {
 
     EnterCriticalSection(&cs_compl);
     do {
-       
+
         if (QTOP(&kmq_completion_xfer) == NULL) {
             LeaveCriticalSection(&cs_compl);
             WaitForSingleObject(compl_wx, INFINITE);
diff --git a/src/windows/identity/kmq/kmq.h b/src/windows/identity/kmq/kmq.h
index db6d5b262..046ec0d71 100644
--- a/src/windows/identity/kmq/kmq.h
+++ b/src/windows/identity/kmq/kmq.h
@@ -29,7 +29,7 @@
 #ifndef __KHIMAIRA_KMQ_H__
 #define __KHIMAIRA_KMQ_H__
 
-/*! \defgroup kmq NetIDMgr Message Queue 
+/*! \defgroup kmq NetIDMgr Message Queue
 
     The Network Identity Manager Message Queue handles all the
     messaging within the application and all loaded plug-ins.
@@ -67,9 +67,9 @@ typedef DWORD kmq_timer;
 
     Should return TRUE if the message is properly handled.  Otherwise
     return FALSE */
-typedef khm_int32 (KHMAPI *kmq_callback_t)(khm_int32 msg_type, 
-                                           khm_int32 msg_sub_type, 
-                                           khm_ui_4 uparam, 
+typedef khm_int32 (KHMAPI *kmq_callback_t)(khm_int32 msg_type,
+                                           khm_int32 msg_sub_type,
+                                           khm_ui_4 uparam,
                                            void * vparam);
 
 /* message */
@@ -97,7 +97,7 @@ typedef struct tag_kmq_message {
 
     khm_ui_4 uparam;             /*!< Integer parameter */
     void * vparam;            /*!< Pointer to parameter blob */
-	
+
     khm_int32 nSent;            /*!< Number of instances of message
                                   sent (for broadcast messages) */
 
@@ -393,7 +393,7 @@ KHMEXP khm_int32 KHMAPI kmq_unsubscribe_hwnd(khm_int32 type, HWND hwnd);
         kmq_delete_subscription()
 */
 KHMEXP khm_int32 KHMAPI kmq_create_subscription(
-    kmq_callback_t cb, 
+    kmq_callback_t cb,
     khm_handle * result);
 
 /*! \brief Create an ad-hoc subscription for a window
@@ -422,20 +422,20 @@ KHMEXP khm_int32 KHMAPI kmq_delete_subscription(khm_handle sub);
     specified subscription.
  */
 KHMEXP khm_int32 KHMAPI kmq_post_sub_msg(
-    khm_handle sub, 
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
+    khm_handle sub,
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
     void * vparam);
 
 /*! \brief Post a message to a subscription and acquire a handle to the call
  */
 KHMEXP khm_int32 KHMAPI kmq_post_sub_msg_ex(
-    khm_handle sub, 
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
-    void * vparam, 
+    khm_handle sub,
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
+    void * vparam,
     kmq_call * call);
 
 /*! \brief Send a synchronous message to a subscription
@@ -444,10 +444,10 @@ KHMEXP khm_int32 KHMAPI kmq_post_sub_msg_ex(
     \retval KHM_ERROR_PARTIAL The call succeeded, but at least one subscriber reported errors
  */
 KHMEXP khm_int32 KHMAPI kmq_send_sub_msg(
-    khm_handle sub, 
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
+    khm_handle sub,
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
     void * vparam);
 
 /*! \brief Post a message to a group of subscriptions
@@ -458,11 +458,11 @@ KHMEXP khm_int32 KHMAPI kmq_send_sub_msg(
     be dispatched to all of the subscription points in the array.
  */
 KHMEXP khm_int32 KHMAPI kmq_post_subs_msg(
-    khm_handle * subs, 
-    khm_size  n_subs, 
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
+    khm_handle * subs,
+    khm_size  n_subs,
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
     void * vparam);
 
 /*! \brief Post a message to a group of subscriptions and acquire a handle to the call
@@ -477,12 +477,12 @@ KHMEXP khm_int32 KHMAPI kmq_post_subs_msg(
     were made.
 */
 KHMEXP khm_int32 KHMAPI kmq_post_subs_msg_ex(
-    khm_handle * subs, 
-    khm_int32 n_subs, 
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
-    void * vparam, 
+    khm_handle * subs,
+    khm_int32 n_subs,
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
+    void * vparam,
     kmq_call * call);
 
 /*! \brief Send a synchronous message to a group of subscriptions
@@ -497,11 +497,11 @@ KHMEXP khm_int32 KHMAPI kmq_post_subs_msg_ex(
     \retval KHM_ERROR_PARTIAL The call succeeded, but at least one subscriber reported errors
 */
 KHMEXP khm_int32 KHMAPI kmq_send_subs_msg(
-    khm_handle *subs, 
+    khm_handle *subs,
     khm_int32 n_subs,
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
     void * vparam);
 
 /*! \brief Dispatch a message for the current thread.
@@ -530,7 +530,7 @@ KHMEXP khm_int32 KHMAPI kmq_dispatch(kmq_timer timeout);
     The specified message will be posted to all the subscribers of the
     message type.  Then the function will wait for all the subscribers
     to finish processing the message before returning.
-    
+
     \param[in] type The type of the message
     \param[in] subtype The subtype
     \param[in] uparam The khm_ui_4 parameter for the message
@@ -544,16 +544,16 @@ KHMEXP khm_int32 KHMAPI kmq_dispatch(kmq_timer timeout);
     \retval KHM_ERROR_PARTIAL The call succeeded but at least one subscriber returned an error
 */
 KHMEXP khm_int32 KHMAPI kmq_send_message(
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
     void * blob);
 
 /*! \brief Post a message
 
     The specified message will be posted to all the subscribers of the
     message type.  The function returns immediately.
-    
+
     If you want to be able to wait for all the subscribers to finish
     processing the message, you should use kmq_post_message_ex()
     instead.
@@ -564,9 +564,9 @@ KHMEXP khm_int32 KHMAPI kmq_send_message(
     \param[in] blob The parameter blob for the message
 */
 KHMEXP khm_int32 KHMAPI kmq_post_message(
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
     void * blob);
 
 /*! \brief Post a message and acquire a handle to the call.
@@ -586,10 +586,10 @@ KHMEXP khm_int32 KHMAPI kmq_post_message(
     \see kmq_free_call()
 */
 KHMEXP khm_int32 KHMAPI kmq_post_message_ex(
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
-    void * blob, 
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
+    void * blob,
     kmq_call * call);
 
 /*! \brief Free a handle to a call obtained through kmq_post_message_ex()
@@ -611,7 +611,7 @@ KHMEXP khm_int32 KHMAPI kmq_free_call(kmq_call call);
     \a thread parameter.
     */
 KHMEXP khm_int32 KHMAPI kmq_send_thread_quit_message(
-    kmq_thread_id thread, 
+    kmq_thread_id thread,
     khm_ui_4 uparam);
 
 /*! \brief Post a <KMSG_SYSTEM,KMSG_SYSTEM_EXIT> message to the specified thread.
@@ -622,8 +622,8 @@ KHMEXP khm_int32 KHMAPI kmq_send_thread_quit_message(
     kmq_post_thread_quit_message() will return immediately.
     */
 KHMEXP khm_int32 KHMAPI kmq_post_thread_quit_message(
-    kmq_thread_id thread, 
-    khm_ui_4 uparam, 
+    kmq_thread_id thread,
+    khm_ui_4 uparam,
     kmq_call * call);
 
 KHMEXP khm_int32 KHMAPI kmq_get_next_response(kmq_call call, void ** resp);
@@ -706,7 +706,7 @@ KHMEXP khm_boolean KHMAPI kmq_is_call_aborted(void);
         handler.
 */
 KHMEXP khm_int32 KHMAPI kmq_set_completion_handler(
-    khm_int32 type, 
+    khm_int32 type,
     kmq_msg_completion_handler hander);
 
 /*@}*/
diff --git a/src/windows/identity/kmq/kmqinternal.h b/src/windows/identity/kmq/kmqinternal.h
index 8ae0ab67e..fe42e5c65 100644
--- a/src/windows/identity/kmq/kmqinternal.h
+++ b/src/windows/identity/kmq/kmqinternal.h
@@ -212,10 +212,10 @@ void kmqint_attach_this_thread(void);
 void kmqint_detach_this_thread(void);
 
 khm_int32 kmqint_post_message_ex(
-    khm_int32 type, 
-    khm_int32 subtype, 
-    khm_ui_4 uparam, 
-    void * blob, 
+    khm_int32 type,
+    khm_int32 subtype,
+    khm_ui_4 uparam,
+    void * blob,
     kmq_call * call,
     khm_boolean try_send);
 
diff --git a/src/windows/identity/kmq/msgtype.c b/src/windows/identity/kmq/msgtype.c
index b5b23e920..3a529a07b 100644
--- a/src/windows/identity/kmq/msgtype.c
+++ b/src/windows/identity/kmq/msgtype.c
@@ -132,7 +132,7 @@ void kmqint_msg_type_create(int t) {
     LeaveCriticalSection(&cs_kmq_types);
 }
 
-KHMEXP khm_int32 KHMAPI kmq_register_type(wchar_t * name, 
+KHMEXP khm_int32 KHMAPI kmq_register_type(wchar_t * name,
                                           khm_int32 * new_id)
 {
     int i;
@@ -154,7 +154,7 @@ KHMEXP khm_int32 KHMAPI kmq_register_type(wchar_t * name,
             /* continue searching since we might find that this type
                is already registered. */
         } else {
-            if(msg_types[i]->name != NULL && 
+            if(msg_types[i]->name != NULL &&
                !wcscmp(msg_types[i]->name, name)) {
 
                 registered = TRUE;
@@ -318,8 +318,8 @@ kmq_msg_subscription * kmqint_msg_type_del_sub_cb(khm_int32 t, kmq_callback_t cb
     s = msg_types[t]->subs;
     while(s) {
         kmq_msg_subscription * n = LNEXT(s);
-        if(s->rcpt_type == KMQ_RCPTTYPE_CB && 
-           s->recipient.cb == cb && 
+        if(s->rcpt_type == KMQ_RCPTTYPE_CB &&
+           s->recipient.cb == cb &&
            s->queue == q) {
             /*TODO: do more here? */
             LDELETE(&msg_types[t]->subs, s);
diff --git a/src/windows/identity/kmq/publisher.c b/src/windows/identity/kmq/publisher.c
index 754288811..5876f00c6 100644
--- a/src/windows/identity/kmq/publisher.c
+++ b/src/windows/identity/kmq/publisher.c
@@ -95,7 +95,7 @@ kmqint_dump_publisher(FILE * f) {
 /*! \internal
     \brief Get a message object
     \note called with ::cs_kmq_msg held */
-kmq_message * 
+kmq_message *
 kmqint_get_message(void) {
     kmq_message * m;
 
@@ -115,7 +115,7 @@ kmqint_get_message(void) {
     \brief Frees a message object
     \note called with ::cs_kmq_msg held
     */
-void 
+void
 kmqint_put_message(kmq_message *m) {
     int queued;
     /* we can only free a message if the refcount is zero.
@@ -144,8 +144,8 @@ kmqint_put_message(kmq_message *m) {
 /*! \internal
     \note Obtains ::cs_kmq_msg, ::cs_kmq_types, ::cs_kmq_msg_ref, kmq_queue::cs
     */
-KHMEXP khm_int32 KHMAPI 
-kmq_send_message(khm_int32 type, khm_int32 subtype, 
+KHMEXP khm_int32 KHMAPI
+kmq_send_message(khm_int32 type, khm_int32 subtype,
                  khm_ui_4 uparam, void * blob) {
     kmq_call c;
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -166,8 +166,8 @@ kmq_send_message(khm_int32 type, khm_int32 subtype,
 /*! \internal
     \note Obtains ::cs_kmq_msg, ::cs_kmq_types, ::cs_kmq_msg_ref, kmq_queue::cs
     */
-KHMEXP khm_int32 KHMAPI 
-kmq_post_message(khm_int32 type, khm_int32 subtype, 
+KHMEXP khm_int32 KHMAPI
+kmq_post_message(khm_int32 type, khm_int32 subtype,
                  khm_ui_4 uparam, void * blob) {
     return kmqint_post_message_ex(type, subtype, uparam, blob, NULL, FALSE);
 }
@@ -176,7 +176,7 @@ kmq_post_message(khm_int32 type, khm_int32 subtype,
     \brief Frees a call
     \note Obtains ::cs_kmq_msg
     */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kmq_free_call(kmq_call call) {
     kmq_message * m;
 
@@ -193,11 +193,11 @@ kmq_free_call(kmq_call call) {
 }
 
 /*! \internal
-    \note Obtains ::cs_kmq_msg, ::cs_kmq_types, ::cs_kmq_msg_ref, kmq_queue::cs 
+    \note Obtains ::cs_kmq_msg, ::cs_kmq_types, ::cs_kmq_msg_ref, kmq_queue::cs
     */
-khm_int32 
-kmqint_post_message_ex(khm_int32 type, khm_int32 subtype, khm_ui_4 uparam, 
-    void * blob, kmq_call * call, khm_boolean try_send) 
+khm_int32
+kmqint_post_message_ex(khm_int32 type, khm_int32 subtype, khm_ui_4 uparam,
+    void * blob, kmq_call * call, khm_boolean try_send)
 {
     kmq_message * m;
     kherr_context * ctx;
@@ -236,8 +236,8 @@ kmqint_post_message_ex(khm_int32 type, khm_int32 subtype, khm_ui_4 uparam,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kmq_post_message_ex(khm_int32 type, khm_int32 subtype, 
+KHMEXP khm_int32 KHMAPI
+kmq_post_message_ex(khm_int32 type, khm_int32 subtype,
                     khm_ui_4 uparam, void * blob, kmq_call * call)
 {
     return kmqint_post_message_ex(type, subtype, uparam, blob, call, FALSE);
@@ -252,8 +252,8 @@ kmq_abort_call(kmq_call call)
 
 /*! \internal
 */
-KHMEXP khm_int32 KHMAPI 
-kmq_post_sub_msg(khm_handle sub, khm_int32 type, khm_int32 subtype, 
+KHMEXP khm_int32 KHMAPI
+kmq_post_sub_msg(khm_handle sub, khm_int32 type, khm_int32 subtype,
                  khm_ui_4 uparam, void * vparam)
 {
     return kmq_post_sub_msg_ex(sub, type, subtype, uparam, vparam, NULL);
@@ -261,9 +261,9 @@ kmq_post_sub_msg(khm_handle sub, khm_int32 type, khm_int32 subtype,
 
 /*! \internal
 */
-khm_int32 
-kmqint_post_sub_msg_ex(khm_handle sub, khm_int32 type, khm_int32 subtype, 
-                       khm_ui_4 uparam, void * vparam, 
+khm_int32
+kmqint_post_sub_msg_ex(khm_handle sub, khm_int32 type, khm_int32 subtype,
+                       khm_ui_4 uparam, void * vparam,
                        kmq_call * call, khm_boolean try_send)
 {
     kmq_message * m;
@@ -313,17 +313,17 @@ kmqint_post_sub_msg_ex(khm_handle sub, khm_int32 type, khm_int32 subtype,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kmq_post_sub_msg_ex(khm_handle sub, khm_int32 type, khm_int32 subtype, 
+KHMEXP khm_int32 KHMAPI
+kmq_post_sub_msg_ex(khm_handle sub, khm_int32 type, khm_int32 subtype,
                     khm_ui_4 uparam, void * vparam, kmq_call * call)
 {
-    return kmqint_post_sub_msg_ex(sub, type, subtype, 
+    return kmqint_post_sub_msg_ex(sub, type, subtype,
                                   uparam, vparam, call, FALSE);
 }
 
-khm_int32 
-kmqint_post_subs_msg_ex(khm_handle * subs, khm_size   n_subs, khm_int32 type, 
-                        khm_int32 subtype, khm_ui_4 uparam, void * vparam, 
+khm_int32
+kmqint_post_subs_msg_ex(khm_handle * subs, khm_size   n_subs, khm_int32 type,
+                        khm_int32 subtype, khm_ui_4 uparam, void * vparam,
                         kmq_call * call, khm_boolean try_send)
 {
     kmq_message * m;
@@ -379,12 +379,12 @@ kmqint_post_subs_msg_ex(khm_handle * subs, khm_size   n_subs, khm_int32 type,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-kmq_post_subs_msg(khm_handle * subs, 
-                  khm_size   n_subs, 
-                  khm_int32 type, 
-                  khm_int32 subtype, 
-                  khm_ui_4 uparam, 
+KHMEXP khm_int32 KHMAPI
+kmq_post_subs_msg(khm_handle * subs,
+                  khm_size   n_subs,
+                  khm_int32 type,
+                  khm_int32 subtype,
+                  khm_ui_4 uparam,
                   void * vparam)
 {
     return kmqint_post_subs_msg_ex(subs,
@@ -397,25 +397,25 @@ kmq_post_subs_msg(khm_handle * subs,
                                    FALSE);
 }
 
-KHMEXP khm_int32 KHMAPI 
-kmq_post_subs_msg_ex(khm_handle * subs, 
-                     khm_int32 n_subs, 
-                     khm_int32 type, 
-                     khm_int32 subtype, 
-                     khm_ui_4 uparam, 
-                     void * vparam, 
+KHMEXP khm_int32 KHMAPI
+kmq_post_subs_msg_ex(khm_handle * subs,
+                     khm_int32 n_subs,
+                     khm_int32 type,
+                     khm_int32 subtype,
+                     khm_ui_4 uparam,
+                     void * vparam,
                      kmq_call * call)
 {
-    return kmqint_post_subs_msg_ex(subs, n_subs, type, subtype, 
+    return kmqint_post_subs_msg_ex(subs, n_subs, type, subtype,
                                    uparam, vparam, call, FALSE);
 }
 
-KHMEXP khm_int32 KHMAPI 
-kmq_send_subs_msg(khm_handle *subs, 
+KHMEXP khm_int32 KHMAPI
+kmq_send_subs_msg(khm_handle *subs,
                   khm_int32 n_subs,
-                  khm_int32 type, 
-                  khm_int32 subtype, 
-                  khm_ui_4 uparam, 
+                  khm_int32 type,
+                  khm_int32 subtype,
+                  khm_ui_4 uparam,
                   void * vparam)
 {
     kmq_call c;
@@ -437,8 +437,8 @@ kmq_send_subs_msg(khm_handle *subs,
 
 /*! \internal
 */
-KHMEXP khm_int32 KHMAPI 
-kmq_send_sub_msg(khm_handle sub, khm_int32 type, khm_int32 subtype, 
+KHMEXP khm_int32 KHMAPI
+kmq_send_sub_msg(khm_handle sub, khm_int32 type, khm_int32 subtype,
                  khm_ui_4 uparam, void * vparam)
 {
     kmq_call c;
@@ -460,7 +460,7 @@ kmq_send_sub_msg(khm_handle sub, khm_int32 type, khm_int32 subtype,
 /*! \internal
     \note Obtains ::cs_kmq_global, ::cs_kmq_msg, ::cs_kmq_msg_ref, kmq_queue::cs
     */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kmq_send_thread_quit_message(kmq_thread_id thread, khm_ui_4 uparam) {
     kmq_call c;
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -478,9 +478,9 @@ kmq_send_thread_quit_message(kmq_thread_id thread, khm_ui_4 uparam) {
 
 /*! \internal
     \note Obtains ::cs_kmq_global, ::cs_kmq_msg, ::cs_kmq_msg_ref, kmq_queue::cs
-    */ 
-KHMEXP khm_int32 KHMAPI 
-kmq_post_thread_quit_message(kmq_thread_id thread, 
+    */
+KHMEXP khm_int32 KHMAPI
+kmq_post_thread_quit_message(kmq_thread_id thread,
                              khm_ui_4 uparam, kmq_call * call) {
     kmq_message * m;
     kmq_queue * q;
@@ -521,13 +521,13 @@ kmq_post_thread_quit_message(kmq_thread_id thread,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kmq_get_next_response(kmq_call call, void ** resp) {
     /* TODO: Implement this */
     return 0;
 }
 
-KHMEXP khm_boolean KHMAPI 
+KHMEXP khm_boolean KHMAPI
 kmq_has_completed(kmq_call call) {
     khm_boolean completed;
 
@@ -538,7 +538,7 @@ kmq_has_completed(kmq_call call) {
     return completed;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 kmq_wait(kmq_call call, kmq_timer timeout) {
     kmq_message * m = call;
     DWORD rv;
@@ -557,11 +557,8 @@ kmq_wait(kmq_call call, kmq_timer timeout) {
 /*! \internal
     \note Obtains ::cs_kmq_types
     */
-KHMEXP khm_int32 KHMAPI 
-kmq_set_completion_handler(khm_int32 type, 
+KHMEXP khm_int32 KHMAPI
+kmq_set_completion_handler(khm_int32 type,
                            kmq_msg_completion_handler handler) {
     return kmqint_msg_type_set_handler(type, handler);
 }
-
-
-
diff --git a/src/windows/identity/nidmgrdll/dllmain.c b/src/windows/identity/nidmgrdll/dllmain.c
index 696911df4..647a23f34 100644
--- a/src/windows/identity/nidmgrdll/dllmain.c
+++ b/src/windows/identity/nidmgrdll/dllmain.c
@@ -63,7 +63,7 @@ kcdb_process_attach(HINSTANCE);
 void
 kcdb_process_detach(void);
 
-void 
+void
 kmm_process_attach(HINSTANCE);
 
 void
diff --git a/src/windows/identity/plugins/common/dynimport.c b/src/windows/identity/plugins/common/dynimport.c
index 99a93dd25..bb1bb0412 100644
--- a/src/windows/identity/plugins/common/dynimport.c
+++ b/src/windows/identity/plugins/common/dynimport.c
@@ -36,8 +36,8 @@ HINSTANCE hSecur32 = 0;
 HINSTANCE hComErr = 0;
 HINSTANCE hService = 0;
 HINSTANCE hProfile = 0;
-HINSTANCE hPsapi = 0; 
-HINSTANCE hToolHelp32 = 0; 
+HINSTANCE hPsapi = 0;
+HINSTANCE hToolHelp32 = 0;
 HINSTANCE hCCAPI = 0;
 
 DWORD     AfsAvailable = 0;
@@ -158,9 +158,9 @@ DECL_FUNC_PTR(com_err);
 DECL_FUNC_PTR(error_message);
 
 // Profile functions
-DECL_FUNC_PTR(profile_init);    
+DECL_FUNC_PTR(profile_init);
 DECL_FUNC_PTR(profile_flush);
-DECL_FUNC_PTR(profile_release); 
+DECL_FUNC_PTR(profile_release);
 DECL_FUNC_PTR(profile_get_subsection_names);
 DECL_FUNC_PTR(profile_free_list);
 DECL_FUNC_PTR(profile_get_string);
@@ -311,7 +311,7 @@ FUNC_INFO k524_fi[] = {
 FUNC_INFO profile_fi[] = {
     MAKE_FUNC_INFO(profile_init),
     MAKE_FUNC_INFO(profile_flush),
-    MAKE_FUNC_INFO(profile_release), 
+    MAKE_FUNC_INFO(profile_release),
     MAKE_FUNC_INFO(profile_get_subsection_names),
     MAKE_FUNC_INFO(profile_free_list),
     MAKE_FUNC_INFO(profile_get_string),
@@ -428,7 +428,7 @@ khm_int32 init_imports(void) {
         CKRV(TOOLHELPDLL);
 
         hPsapi = 0;
-    }             
+    }
     else if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
     {
         // Windows NT
diff --git a/src/windows/identity/plugins/common/krb5common.c b/src/windows/identity/plugins/common/krb5common.c
index 36d647cc7..f3a5e988e 100644
--- a/src/windows/identity/plugins/common/krb5common.c
+++ b/src/windows/identity/plugins/common/krb5common.c
@@ -36,9 +36,9 @@
 /**************************************/
 /* khm_krb5_error():           */
 /**************************************/
-int 
-khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, 
-                 int FreeContextFlag, krb5_context * ctx, 
+int
+khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
+                 int FreeContextFlag, krb5_context * ctx,
                  krb5_ccache * cache)
 {
 #ifdef NO_KRB5
@@ -48,17 +48,17 @@ khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
 #ifdef SHOW_MESSAGE_IN_AN_ANNOYING_WAY
     char message[256];
     const char *errText;
-    int krb5Error = ((int)(rc & 255));  
+    int krb5Error = ((int)(rc & 255));
 
-    errText = perror_message(rc);   
-    _snprintf(message, sizeof(message), 
-        "%s\n(Kerberos error %ld)\n\n%s failed", 
-        errText, 
-        krb5Error, 
+    errText = perror_message(rc);
+    _snprintf(message, sizeof(message),
+        "%s\n(Kerberos error %ld)\n\n%s failed",
+        errText,
+        krb5Error,
         FailedFunctionName);
 
-    MessageBoxA(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR | 
-        MB_TASKMODAL | 
+    MessageBoxA(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR |
+        MB_TASKMODAL |
         MB_SETFOREGROUND);
 #endif
 
@@ -81,9 +81,9 @@ khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
 #endif //!NO_KRB5
 }
 
-int 
-khm_krb5_initialize(khm_handle ident, 
-                    krb5_context *ctx, 
+int
+khm_krb5_initialize(khm_handle ident,
+                    krb5_context *ctx,
                     krb5_ccache *cache)
 {
 #ifdef NO_KRB5
@@ -161,7 +161,7 @@ khm_krb5_initialize(khm_handle ident,
     if ((rc = (*pkrb5_cc_set_flags)(*ctx, *cache, flags)))
     {
         if (rc != KRB5_FCC_NOFILE && rc != KRB5_CC_NOTFOUND)
-            khm_krb5_error(rc, "krb5_cc_set_flags()", 0, ctx, 
+            khm_krb5_error(rc, "krb5_cc_set_flags()", 0, ctx,
             cache);
         else if ((rc == KRB5_FCC_NOFILE || rc == KRB5_CC_NOTFOUND) && *ctx != NULL) {
             if (*cache != NULL) {
@@ -181,8 +181,8 @@ on_error:
 #define TIMET_TOLERANCE (60*5)
 
 khm_int32 KHMAPI
-khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, 
-                                 khm_handle ident, 
+khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
+                                 khm_handle ident,
                                  krb5_timestamp * pexpiration)
 {
     krb5_principal principal = 0;
@@ -238,20 +238,20 @@ khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
         krb5_data * c1  = krb5_princ_component(ctx, creds.server, 1);
         krb5_data * r = krb5_princ_realm(ctx, creds.server);
 
-        if ( c0 && c1 && r && c1->length == r->length && 
+        if ( c0 && c1 && r && c1->length == r->length &&
              !strncmp(c1->data,r->data,r->length) &&
              !strncmp("krbtgt",c0->data,c0->length) ) {
 
             /* we have a TGT, check for the expiration time.
-             * if it is valid and renewable, use the renew time 
+             * if it is valid and renewable, use the renew time
              */
 
             if (!(creds.ticket_flags & TKT_FLG_INVALID) &&
-                creds.times.starttime < (now + TIMET_TOLERANCE) && 
+                creds.times.starttime < (now + TIMET_TOLERANCE) &&
                 (creds.times.endtime + TIMET_TOLERANCE) > now) {
                 expiration = creds.times.endtime;
 
-                if ((creds.ticket_flags & TKT_FLG_RENEWABLE) && 
+                if ((creds.ticket_flags & TKT_FLG_RENEWABLE) &&
                     (creds.times.renew_till > creds.times.endtime)) {
                     expiration = creds.times.renew_till;
                 }
@@ -304,7 +304,7 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
 
     code = pcc_get_NC_info(cc_ctx, &pNCi);
 
-    if (code) 
+    if (code)
         goto _exit;
 
     for(i=0; pNCi[i]; i++) {
@@ -316,22 +316,22 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
             continue;
 
         /* need a function to check the cache for the identity
-         * and determine if it has valid tickets.  If it has 
-         * the right identity and valid tickets, store the 
+         * and determine if it has valid tickets.  If it has
+         * the right identity and valid tickets, store the
          * expiration time and the cache name.  If it has the
          * right identity but no valid tickets, store the ccache
          * name and an expiration time of zero.  if it does not
          * have the right identity don't save the name.
-         * 
+         *
          * Keep searching to find the best cache available.
          */
 
-        if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, 
-                                                           ident, 
+        if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
+                                                           ident,
                                                            &expiration))) {
             if ( expiration > best_match_expiration ) {
                 best_match_expiration = expiration;
-                StringCbCopyA(best_match_ccname, 
+                StringCbCopyA(best_match_ccname,
                               sizeof(best_match_ccname),
                               "API:");
                 StringCbCatA(best_match_ccname,
@@ -364,8 +364,8 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
         KHM_SUCCEEDED(khc_read_int32(csp_params, L"MsLsaList", &t)) && t) {
         code = (*pkrb5_cc_resolve)(ctx, "MSLSA:", &cache);
         if (code == 0 && cache) {
-            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, 
-                                                               ident, 
+            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
+                                                               ident,
                                                                &expiration))) {
                 if ( expiration > best_match_expiration ) {
                     best_match_expiration = expiration;
@@ -405,8 +405,8 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
             if (code)
                 continue;
 
-            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, 
-                                                               ident, 
+            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
+                                                               ident,
                                                                &expiration))) {
                 if ( expiration > best_match_expiration ) {
                     best_match_expiration = expiration;
@@ -435,8 +435,8 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
         (*pcc_shutdown)(&cc_ctx);
 
     if (best_match_ccname[0]) {
-        
-        if (*pcbbuf = AnsiStrToUnicode((wchar_t *)buffer, 
+
+        if (*pcbbuf = AnsiStrToUnicode((wchar_t *)buffer,
                                        *pcbbuf,
                                        best_match_ccname)) {
 
diff --git a/src/windows/identity/plugins/common/krb5common.h b/src/windows/identity/plugins/common/krb5common.h
index 29cae71ee..b01e0d5ce 100644
--- a/src/windows/identity/plugins/common/krb5common.h
+++ b/src/windows/identity/plugins/common/krb5common.h
@@ -32,7 +32,7 @@
 #include<krb5.h>
 
 #ifndef NO_KRB5
-int khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, 
+int khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
                    int FreeContextFlag, krb5_context *ctx,
                    krb5_ccache *cache);
 
@@ -48,8 +48,8 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
                                   void * buffer, khm_size * pcbbuf);
 
 khm_int32 KHMAPI
-khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, 
-                                 khm_handle ident, 
+khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
+                                 khm_handle ident,
                                  krb5_timestamp * pexpiration);
 #endif /* NO_KRB5 */
 
diff --git a/src/windows/identity/plugins/krb4/errorfuncs.c b/src/windows/identity/plugins/krb4/errorfuncs.c
index f436a40a7..3441316e5 100644
--- a/src/windows/identity/plugins/krb4/errorfuncs.c
+++ b/src/windows/identity/plugins/krb4/errorfuncs.c
@@ -156,7 +156,7 @@ LPSTR err_describe(LPSTR buf, size_t len, long code)
         case GT_PW_NULLTKT:  /* 55    Null tkt returned by KDC */
             /* no error msg yet */
             break;
-	  
+
             /* Values returned by send_to_kdc */
         case SKDC_RETRY   :  /* 56    Retry count exceeded */
         case SKDC_CANT    :  /* 57    Can't send request */
@@ -187,9 +187,9 @@ LPSTR err_describe(LPSTR buf, size_t len, long code)
              * message box is too small for VGA screens.
              * It does work well if we only have to support 1024x768
              */
-	
+
             com_err_msg = "You have entered an insecure or weak password.";
-	
+
         default:
             /* no extra error msg */
             break;
@@ -216,11 +216,10 @@ LPSTR err_describe(LPSTR buf, size_t len, long code)
 #endif
              ")", etype, offset
              //")\nPress F1 for help on this error.", etype, offset
-#ifdef DEBUG_COM_ERR 
+#ifdef DEBUG_COM_ERR
              , code
 #endif
         );
-  
+
     return (LPSTR)buf;
 }
-
diff --git a/src/windows/identity/plugins/krb4/errorfuncs.h b/src/windows/identity/plugins/krb4/errorfuncs.h
index d760c6259..0d4d75f1e 100644
--- a/src/windows/identity/plugins/krb4/errorfuncs.h
+++ b/src/windows/identity/plugins/krb4/errorfuncs.h
@@ -35,7 +35,7 @@
 /*
  * This is a hack needed because the real com_err.h does
  * not define err_func.  We need it in the case where
- * we pull in the real com_err instead of the krb4 
+ * we pull in the real com_err instead of the krb4
  * impostor.
  */
 #ifndef _DCNS_MIT_COM_ERR_H
diff --git a/src/windows/identity/plugins/krb4/krb4configdlg.c b/src/windows/identity/plugins/krb4/krb4configdlg.c
index c2ab3f562..f13f9ad9e 100644
--- a/src/windows/identity/plugins/krb4/krb4configdlg.c
+++ b/src/windows/identity/plugins/krb4/krb4configdlg.c
@@ -259,7 +259,7 @@ k4_id_write_params(HWND hwnd, k4_id_data * d) {
 
     if (csp_ident)
         khc_close_space(csp_ident);
-    
+
     if (csp_idk4)
         khc_close_space(csp_idk4);
 
@@ -409,7 +409,7 @@ krb4_confg_proc(HWND hwnd,
 
             in_init = TRUE;
 
-            // Set KRB.CON 
+            // Set KRB.CON
             memset(krb_path, '\0', sizeof(krb_path));
             if (!pkrb_get_krbconf2(krb_path, &krb_path_sz)) {
                 // Error has happened
@@ -419,9 +419,9 @@ krb4_confg_proc(HWND hwnd,
                 StringCbCopyA(d->krb_path, sizeof(d->krb_path), krb_path);
             }
 
-            // Set KRBREALM.CON 
+            // Set KRBREALM.CON
             memset(krbrealm_path, '\0', sizeof(krbrealm_path));
-            if (!pkrb_get_krbrealm2(krbrealm_path, &krbrealm_path_sz)) {   
+            if (!pkrb_get_krbrealm2(krbrealm_path, &krbrealm_path_sz)) {
                 // Error has happened
             } else {
                 AnsiStrToUnicode(wbuf, sizeof(wbuf), krbrealm_path);
@@ -442,13 +442,13 @@ krb4_confg_proc(HWND hwnd,
                 // Set TICKET.KRB file Editbox
                 *ticketName = 0;
                 pkrb_set_tkt_string(0);
-    
-                pticketName = ptkt_string(); 
+
+                pticketName = ptkt_string();
                 if (pticketName)
                     StringCbCopyA(ticketName, sizeof(ticketName), pticketName);
 
             }
-	
+
             if (!*ticketName) {
                 // error
             } else {
diff --git a/src/windows/identity/plugins/krb4/krb4funcs.c b/src/windows/identity/plugins/krb4/krb4funcs.c
index e5287ca9f..33a94996e 100644
--- a/src/windows/identity/plugins/krb4/krb4funcs.c
+++ b/src/windows/identity/plugins/krb4/krb4funcs.c
@@ -44,7 +44,7 @@ int com_addr(void)
 {
     long ipAddr;
     char loc_addr[ADDR_SZ];
-    CREDENTIALS cred;    
+    CREDENTIALS cred;
     char service[40];
     char instance[40];
     //    char addr[40];
@@ -71,11 +71,11 @@ int com_addr(void)
         break;
     } // while()
     return 0;
-} 
+}
 
 
-long 
-khm_krb4_list_tickets(void) 
+long
+khm_krb4_list_tickets(void)
 {
     char    ptktname[MAX_PATH + 5];
     char    pname[ANAME_SZ];
@@ -103,15 +103,15 @@ khm_krb4_list_tickets(void)
         goto collect;
 
     com_addr();
-    
+
     // Open ticket file
     if ((k_errno = (*ptf_init)((*ptkt_string)(), R_TKT_FIL)))
     {
         goto cleanup;
     }
-    // Close ticket file 
+    // Close ticket file
     (void) (*ptf_close)();
-    
+
     // We must find the realm of the ticket file here before calling
     // tf_init because since the realm of the ticket file is not
     // really stored in the principal section of the file, the
@@ -121,9 +121,9 @@ khm_krb4_list_tickets(void)
     {
         goto cleanup;
     }
-	
-    // Open ticket file 
-    if (k_errno = (*ptf_init)((*ptkt_string)(), R_TKT_FIL)) 
+
+    // Open ticket file
+    if (k_errno = (*ptf_init)((*ptkt_string)(), R_TKT_FIL))
     {
         goto cleanup;
     }
@@ -132,12 +132,12 @@ khm_krb4_list_tickets(void)
 
     open = 1;
 
-    // Get principal name and instance 
-    if ((k_errno = (*ptf_get_pname)(pname)) || (k_errno = (*ptf_get_pinst)(pinst))) 
+    // Get principal name and instance
+    if ((k_errno = (*ptf_get_pname)(pname)) || (k_errno = (*ptf_get_pinst)(pinst)))
     {
         goto cleanup;
     }
-	
+
     // You may think that this is the obvious place to get the
     // realm of the ticket file, but it can't be done here as the
     // routine to do this must open the ticket file.  This is why
@@ -189,7 +189,7 @@ khm_krb4_list_tickets(void)
         return(KSUCCESS);
 
     if (open)
-        (*ptf_close)(); //close ticket file 
+        (*ptf_close)(); //close ticket file
 
     if (k_errno == EOF)
         k_errno = 0;
@@ -211,7 +211,7 @@ khm_krb4_list_tickets(void)
     {
         CHAR message[256];
         CHAR errBuf[256];
-        LPCSTR errText; 
+        LPCSTR errText;
 
         if (!Lerror_message)
             return -1;
@@ -219,7 +219,7 @@ khm_krb4_list_tickets(void)
         errText = err_describe(errBuf, KRBERR(k_errno));
 
         sprintf(message, "%s\n\n%s failed", errText, functionName);
-        MessageBox(NULL, message, "Kerberos Four", 
+        MessageBox(NULL, message, "Kerberos Four",
                    MB_OK | MB_ICONERROR | MB_TASKMODAL | MB_SETFOREGROUND);
     }
 #endif
@@ -234,11 +234,11 @@ khm_krb4_list_tickets(void)
 #define KRBREALM_FILE           "KRBREALM.CON"
 #define KRB5_FILE               "KRB5.INI"
 
-BOOL 
+BOOL
 khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
 {
     char **configFile = NULL;
-    if (pkrb5_get_default_config_files(&configFile)) 
+    if (pkrb5_get_default_config_files(&configFile))
     {
         GetWindowsDirectoryA(confname,szConfname);
         confname[szConfname-1] = '\0';
@@ -248,15 +248,15 @@ khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
 
         return FALSE;
     }
-    
+
     *confname = 0;
-    
+
     if (configFile)
     {
         StringCchCopyA(confname, szConfname, *configFile);
-        pkrb5_free_config_files(configFile); 
+        pkrb5_free_config_files(configFile);
     }
-    
+
     if (!*confname)
     {
         GetWindowsDirectoryA(confname,szConfname);
@@ -265,7 +265,7 @@ khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
         StringCchCatA(confname, szConfname, "\\");
         StringCchCatA(confname, szConfname, KRB5_FILE);
     }
-    
+
     return FALSE;
 }
 
@@ -296,7 +296,7 @@ khm_get_krb4_con_file(LPSTR confname, UINT szConfname)
         }
 
         StringCchCopyA(confname, szConfname, krbConFile);
-    } else if (hKrb4) { 
+    } else if (hKrb4) {
         size_t size = szConfname;
         memset(confname, '\0', szConfname);
         if (!pkrb_get_krbconf2(confname, &size)) {
@@ -316,7 +316,7 @@ readstring(FILE * file, char * buf, int len)
 	int  c,i;
 	memset(buf, '\0', sizeof(buf));
 	for (i=0, c=fgetc(file); c != EOF ; c=fgetc(file), i++)
-	{	
+	{
 		if (i < sizeof(buf)) {
 			if (c == '\n') {
                             buf[i] = '\0';
@@ -346,7 +346,7 @@ readstring(FILE * file, char * buf, int len)
 /*! \internal
     \brief Return a list of configured realms
 
-    The string that is returned is a set of null terminated unicode strings, 
+    The string that is returned is a set of null terminated unicode strings,
     each of which denotes one realm.  The set is terminated by a zero length
     null terminated string.
 
@@ -354,7 +354,7 @@ readstring(FILE * file, char * buf, int len)
 
     \return The string with the list of realms or NULL if the operation fails.
 */
-wchar_t * khm_krb5_get_realm_list(void) 
+wchar_t * khm_krb5_get_realm_list(void)
 {
     wchar_t * rlist = NULL;
 
@@ -383,7 +383,7 @@ wchar_t * khm_krb5_get_realm_list(void)
                 {
                     /* first figure out how much space to allocate */
                     cbsize = 0;
-                    for (cpp = sections; *cpp; cpp++) 
+                    for (cpp = sections; *cpp; cpp++)
                     {
                         cbsize += sizeof(wchar_t) * (strlen(*cpp) + 1);
                     }
@@ -420,7 +420,7 @@ wchar_t * khm_krb5_get_realm_list(void)
         size_t cbsize, t;
         wchar_t * d;
 
-        if (!khm_get_krb4_con_file(krb_conf,sizeof(krb_conf)) && 
+        if (!khm_get_krb4_con_file(krb_conf,sizeof(krb_conf)) &&
 #if _MSC_VER >= 1400
             !fopen_s(&file, krb_conf, "rt")
 #else
@@ -492,7 +492,7 @@ wchar_t * khm_krb5_get_default_realm(void)
 
     pkrb5_init_context(&ctx);
     pkrb5_get_default_realm(ctx,&def);
-    
+
     if (def) {
         cch = strlen(def) + 1;
         realm = PMALLOC(sizeof(wchar_t) * cch);
@@ -570,7 +570,7 @@ khm_krb4_set_def_tkt_string(void) {
 
         UnicodeStrToAnsi(tkt_string, sizeof(tkt_string),
                          wtkt_string);
-        pkrb_set_tkt_string(tkt_string);        
+        pkrb_set_tkt_string(tkt_string);
     }
 }
 
@@ -618,7 +618,7 @@ khm_krb4_changepwd(char * principal,
 
     k_errno = make_temp_cache_v4("_chgpwd");
     if (k_errno) return k_errno;
-    k_errno = pkadm_change_your_password(principal, password, newpassword, 
+    k_errno = pkadm_change_your_password(principal, password, newpassword,
                                          error_str);
     make_temp_cache_v4(0);
     return k_errno;
@@ -674,7 +674,7 @@ khm_krb4_find_tgt(khm_handle credset, khm_handle identity) {
                                           idname,
                                           &cb)))
         return NULL;
-    
+
     t = wcsrchr(idname, L'@');
     if (t == NULL)
         return NULL;
@@ -747,7 +747,7 @@ khm_convert524(khm_handle identity)
                                       NULL))) {
         goto cleanup;
     }
-    
+
     increds.client = me;
     increds.server = server;
     increds.times.endtime = 0;
@@ -814,7 +814,7 @@ khm_convert524(khm_handle identity)
     }
 
     return (code || icode);
-#endif /* NO_KRB5 */    
+#endif /* NO_KRB5 */
 }
 
 long
@@ -862,11 +862,11 @@ khm_krb4_kinit(char * aname,
 
     khm_krb4_set_def_tkt_string();
 
-    err_context = L"fetching ticket";	
-    rc4 = (*pkrb_get_pw_in_tkt)(aname, inst, realm, "krbtgt", realm, 
+    err_context = L"fetching ticket";
+    rc4 = (*pkrb_get_pw_in_tkt)(aname, inst, realm, "krbtgt", realm,
                                 lifetime, password);
 
-    if (rc4) /* XXX: do we want: && (rc != NO_TKT_FIL) as well? */ { 
+    if (rc4) /* XXX: do we want: && (rc != NO_TKT_FIL) as well? */ {
         functionName = L"krb_get_pw_in_tkt()";
         msg = IDS_ERR_PWINTKT;
         goto cleanup;
diff --git a/src/windows/identity/plugins/krb4/krb4funcs.h b/src/windows/identity/plugins/krb4/krb4funcs.h
index 05ed3e75d..1328b4136 100644
--- a/src/windows/identity/plugins/krb4/krb4funcs.h
+++ b/src/windows/identity/plugins/krb4/krb4funcs.h
@@ -68,15 +68,15 @@ khm_krb4_kinit(char * aname,
                char * inst,
                char * realm,
                long lifetime,
-               char * password);    
+               char * password);
 
-long 
+long
 khm_krb4_list_tickets(void);
 
 int khm_krb4_kdestroy(void);
 
 khm_handle
-khm_krb4_find_tgt(khm_handle credset, 
+khm_krb4_find_tgt(khm_handle credset,
                   khm_handle identity);
 
 LONG
diff --git a/src/windows/identity/plugins/krb4/krb4newcreds.c b/src/windows/identity/plugins/krb4/krb4newcreds.c
index 9c200b618..bcc3bc745 100644
--- a/src/windows/identity/plugins/krb4/krb4newcreds.c
+++ b/src/windows/identity/plugins/krb4/krb4newcreds.c
@@ -188,7 +188,7 @@ void k4_read_identity_data(k4_dlg_data * d) {
                                                    &csp_ident))) {
 
             khc_open_space(csp_ident, CSNAME_KRB4CRED, 0, &csp_k4);
-            
+
             if (csp_k4) {
                 if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4NewCreds", &t)))
                     d->k4_enabled = !!t;
@@ -741,7 +741,7 @@ krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype,
                 /* only supported for new credentials */
                 if (method == K4_METHOD_AUTO ||
                     method == K4_METHOD_PASSWORD) {
-                    
+
                     khm_size n_prompts = 0;
                     khm_size idx;
                     khm_size cb;
diff --git a/src/windows/identity/plugins/krb4/krb4plugin.c b/src/windows/identity/plugins/krb4/krb4plugin.c
index 9a50249f7..168a0f8a7 100644
--- a/src/windows/identity/plugins/krb4/krb4plugin.c
+++ b/src/windows/identity/plugins/krb4/krb4plugin.c
@@ -40,8 +40,8 @@ khm_boolean krb4_initialized = FALSE;
 khm_handle krb4_credset = NULL;
 
 /* Kerberos IV stuff */
-khm_int32 KHMAPI 
-krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, 
+khm_int32 KHMAPI
+krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
                 khm_ui_4 uparam, void * vparam)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -65,7 +65,7 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
             ct.id = KCDB_CREDTYPE_AUTO;
             ct.name = KRB4_CREDTYPE_NAME;
 
-            if(LoadString(hResModule, IDS_KRB4_SHORT_DESC, 
+            if(LoadString(hResModule, IDS_KRB4_SHORT_DESC,
                           buf, ARRAYLENGTH(buf)))
                 {
                     StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
@@ -77,7 +77,7 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
             /* even though ideally we should be setting limits
                based KCDB_MAXCB_LONG_DESC, our long description
                actually fits nicely in KCDB_MAXCB_SHORT_DESC */
-            if(LoadString(hResModule, IDS_KRB4_LONG_DESC, 
+            if(LoadString(hResModule, IDS_KRB4_LONG_DESC,
                           buf, ARRAYLENGTH(buf)))
                 {
                     StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
@@ -95,7 +95,7 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
                 rv = kcdb_credset_create(&krb4_credset);
 
             if (KHM_SUCCEEDED(rv))
-                rv = kcdb_credtype_get_id(KRB5_CREDTYPE_NAME, 
+                rv = kcdb_credtype_get_id(KRB5_CREDTYPE_NAME,
                                           &credtype_id_krb5);
 
             if(ct.short_desc)
@@ -165,38 +165,38 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
             }
 
             /* Lookup common data types */
-            if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ENCTYPE, 
+            if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ENCTYPE,
                                            &type_id_enctype))) {
                 rv = KHM_ERROR_UNKNOWN;
             }
 
-            if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ADDR_LIST, 
+            if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ADDR_LIST,
                                            &type_id_addr_list))) {
                 rv = KHM_ERROR_UNKNOWN;
             }
 
-            if(KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_FLAGS, 
+            if(KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_FLAGS,
                                            &type_id_krb5_flags))) {
                 rv = KHM_ERROR_UNKNOWN;
             }
 
             /* Lookup common attributes */
-            if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KEY_ENCTYPE, 
+            if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KEY_ENCTYPE,
                                              &attr_id_key_enctype))) {
                 rv = KHM_ERROR_UNKNOWN;
             }
 
-            if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_TKT_ENCTYPE, 
+            if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_TKT_ENCTYPE,
                                              &attr_id_tkt_enctype))) {
                 rv = KHM_ERROR_UNKNOWN;
             }
 
-            if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_ADDR_LIST, 
+            if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_ADDR_LIST,
                                              &attr_id_addr_list))) {
                 rv = KHM_ERROR_UNKNOWN;
             }
 
-            if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_FLAGS, 
+            if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_FLAGS,
                                              &attr_id_krb5_flags))) {
                 rv = KHM_ERROR_UNKNOWN;
             }
@@ -230,8 +230,8 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
     return rv;
 }
 
-khm_int32 KHMAPI 
-krb4_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, 
+khm_int32 KHMAPI
+krb4_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype,
               khm_ui_4 uparam, void * vparam)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -283,8 +283,8 @@ krb4_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype,
     return rv;
 }
 
-khm_int32 KHMAPI 
-krb4_cb(khm_int32 msg_type, khm_int32 msg_subtype, 
+khm_int32 KHMAPI
+krb4_cb(khm_int32 msg_type, khm_int32 msg_subtype,
         khm_ui_4 uparam, void * vparam)
 {
     switch(msg_type) {
diff --git a/src/windows/identity/plugins/krb4/krbcred.h b/src/windows/identity/plugins/krb4/krbcred.h
index 0b6a148ee..834d3f9a3 100644
--- a/src/windows/identity/plugins/krb4/krbcred.h
+++ b/src/windows/identity/plugins/krb4/krbcred.h
@@ -106,8 +106,8 @@ extern khm_boolean krb4_initialized;
 extern khm_handle krb4_credset;
 
 /* plugin callbacks */
-khm_int32 KHMAPI 
-krb4_cb(khm_int32 msg_type, khm_int32 msg_subtype, 
+khm_int32 KHMAPI
+krb4_cb(khm_int32 msg_type, khm_int32 msg_subtype,
         khm_ui_4 uparam, void * vparam);
 
 INT_PTR CALLBACK
diff --git a/src/windows/identity/plugins/krb4/langres.h b/src/windows/identity/plugins/krb4/langres.h
index 5c0e46f9a..b4f911874 100644
--- a/src/windows/identity/plugins/krb4/langres.h
+++ b/src/windows/identity/plugins/krb4/langres.h
@@ -38,7 +38,7 @@
 #define IDC_CFG_GETTIX                  1037
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        108
diff --git a/src/windows/identity/plugins/krb5/datarep.c b/src/windows/identity/plugins/krb5/datarep.c
index 5c292e478..d0478a070 100644
--- a/src/windows/identity/plugins/krb5/datarep.c
+++ b/src/windows/identity/plugins/krb5/datarep.c
@@ -33,7 +33,7 @@
 #include<strsafe.h>
 #include<assert.h>
 
-khm_int32 KHMAPI 
+khm_int32 KHMAPI
 enctype_toString(const void * data, khm_size cbdata,
 		 wchar_t *destbuf, khm_size *pcbdestbuf,
 		 khm_int32 flags)
@@ -214,10 +214,10 @@ addr_list_toString(const void *d, khm_size cb_d,
 }
 
 khm_int32 KHMAPI
-krb5flags_toString(const void *d, 
-		   khm_size cb_d, 
-		   wchar_t *buf, 
-		   khm_size *pcb_buf, 
+krb5flags_toString(const void *d,
+		   khm_size cb_d,
+		   wchar_t *buf,
+		   khm_size *pcb_buf,
 		   khm_int32 f)
 {
     wchar_t sbuf[32];
@@ -348,7 +348,7 @@ one_addr(k5_serial_address *a, wchar_t * buf, khm_size cbbuf)
 #ifdef AF_INET6
         || (a->addrtype == ADDRTYPE_INET6 && a->length == 16)
 #endif
-        ) 
+        )
     {
         int af = AF_INET;
 #ifdef AF_INET6
@@ -404,4 +404,3 @@ one_addr(k5_serial_address *a, wchar_t * buf, khm_size cbbuf)
  _copy_string:
     StringCbCopy(buf, cbbuf, retstr);
 }
-
diff --git a/src/windows/identity/plugins/krb5/errorfuncs.c b/src/windows/identity/plugins/krb5/errorfuncs.c
index 4c2d78c63..d99c4bf6d 100644
--- a/src/windows/identity/plugins/krb5/errorfuncs.c
+++ b/src/windows/identity/plugins/krb5/errorfuncs.c
@@ -54,7 +54,7 @@ HWND GetRootParent (HWND Child)
 }
 #endif
 
-void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, 
+void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf,
                       DWORD * suggestion,
                       kherr_suggestion * suggest_code)
 {
@@ -163,7 +163,7 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf,
             /* no error msg yet */
             sugg_code = KHERR_SUGGEST_RETRY;
             break;
-	  
+
             /* Values returned by send_to_kdc */
         case SKDC_RETRY   :     /* 56    Retry count exceeded */
         case SKDC_CANT    :     /* 57    Can't send request */
@@ -199,7 +199,7 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf,
             msg_id = MSG_ERR_INSECURE_PW;
             sugg_code = KHERR_SUGGEST_RETRY;
             break;
-	
+
         default:
             /* no extra error msg */
             break;
@@ -260,18 +260,18 @@ int lsh_com_err_proc (LPSTR whoami, long code,
     HWND hOldFocus;
     char buf[1024], *cp;
     WORD mbformat = MB_OK | MB_ICONEXCLAMATION;
-  
+
     cp = buf;
     memset(buf, '\0', sizeof(buf));
     cp[0] = '\0';
-  
+
     if (code)
     {
         err_describe(buf, code);
         while (*cp)
             cp++;
     }
-  
+
     if (fmt)
     {
         if (fmt[0] == '%' && fmt[1] == 'b')
@@ -289,7 +289,7 @@ int lsh_com_err_proc (LPSTR whoami, long code,
         wvsprintfA((LPSTR)cp, fmt, args);
     }
     hOldFocus = GetFocus();
-    retval = MessageBoxA(/*GetRootParent(hOldFocus)*/NULL, buf, whoami, 
+    retval = MessageBoxA(/*GetRootParent(hOldFocus)*/NULL, buf, whoami,
                         mbformat | MB_ICONHAND | MB_TASKMODAL);
     SetFocus(hOldFocus);
     return retval;
diff --git a/src/windows/identity/plugins/krb5/errorfuncs.h b/src/windows/identity/plugins/krb5/errorfuncs.h
index 4b1d2e2b5..c03eba575 100644
--- a/src/windows/identity/plugins/krb5/errorfuncs.h
+++ b/src/windows/identity/plugins/krb5/errorfuncs.h
@@ -35,7 +35,7 @@
 /*
  * This is a hack needed because the real com_err.h does
  * not define err_func.  We need it in the case where
- * we pull in the real com_err instead of the krb4 
+ * we pull in the real com_err instead of the krb4
  * impostor.
  */
 #ifndef _DCNS_MIT_COM_ERR_H
@@ -54,7 +54,7 @@ typedef LPSTR (*err_func)(int, long);
 #endif
 
 /*! \internal
-    \brief Describe an error 
+    \brief Describe an error
 
     \param[in] code Error code returned by Kerberos
     \param[out] buf Receives the error string
@@ -62,8 +62,8 @@ typedef LPSTR (*err_func)(int, long);
     \param[out] suggestion Message ID of suggestion
     \param[out] suggest_code Suggestion ID
 */
-void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, 
-                      DWORD * suggestion, 
+void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf,
+                      DWORD * suggestion,
                       kherr_suggestion * suggest_code);
 
 /* */
diff --git a/src/windows/identity/plugins/krb5/krb5configcc.c b/src/windows/identity/plugins/krb5/krb5configcc.c
index 13c5ac86b..8b0286f0f 100644
--- a/src/windows/identity/plugins/krb5/krb5configcc.c
+++ b/src/windows/identity/plugins/krb5/krb5configcc.c
@@ -296,7 +296,7 @@ void k5_ccc_update_data(HWND hwnd, k5_ccc_data * d) {
     /* everything else is controlled by buttons */
 }
 
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_ccconfig_dlgproc(HWND hwnd,
                     UINT uMsg,
                     WPARAM wParam,
@@ -345,7 +345,7 @@ k5_ccconfig_dlgproc(HWND hwnd,
             ListView_InsertColumn(lv, 0, &lvc);
         }
 
-        SendDlgItemMessage(hwnd, IDC_CFG_FCNAME, EM_SETLIMITTEXT, 
+        SendDlgItemMessage(hwnd, IDC_CFG_FCNAME, EM_SETLIMITTEXT,
                            MAX_PATH - 1, 0);
 
         k5_ccc_update_ui(hwnd, d);
@@ -365,7 +365,7 @@ k5_ccconfig_dlgproc(HWND hwnd,
                 wchar_t cpath[MAX_PATH];
                 khm_size i;
 
-                GetDlgItemText(hwnd, IDC_CFG_FCNAME, 
+                GetDlgItemText(hwnd, IDC_CFG_FCNAME,
                                cpath, ARRAYLENGTH(cpath));
 
                 PathCanonicalize(path, cpath);
@@ -520,7 +520,7 @@ k5_ccconfig_dlgproc(HWND hwnd,
 #endif
 
                 lv_idx = -1;
-                while((lv_idx = ListView_GetNextItem(lv, lv_idx, 
+                while((lv_idx = ListView_GetNextItem(lv, lv_idx,
                                                      LVNI_SELECTED)) != -1) {
                     ListView_GetItemText(lv, lv_idx, 0, buf, ARRAYLENGTH(buf));
                     for (i=0; i < d->work.n_file_ccs; i++) {
diff --git a/src/windows/identity/plugins/krb5/krb5configdlg.c b/src/windows/identity/plugins/krb5/krb5configdlg.c
index ed11f7ec8..d6221123c 100644
--- a/src/windows/identity/plugins/krb5/krb5configdlg.c
+++ b/src/windows/identity/plugins/krb5/krb5configdlg.c
@@ -364,7 +364,7 @@ k5_read_config_data(k5_config_data * d) {
         /* now go through each and fish out the kdcs, admin_server
            and master_kdc. */
         for (s=0; sections[s] && sections[s][0]; s++) {
-            const char * sec_kdcs[] = 
+            const char * sec_kdcs[] =
                 { "realms", sections[s], "kdc", NULL };
 
             const char * sec_admin[] =
@@ -562,7 +562,7 @@ k5_write_config_data(k5_config_data * d) {
         applied = TRUE;
     }
 
-    if (!(d->flags & 
+    if (!(d->flags &
           (K5_CDFLAG_MOD_DEF_REALM |
            K5_CDFLAG_MOD_CONF_FILE |
            K5_CDFLAG_MOD_DNS_FALLBACK |
@@ -616,7 +616,7 @@ k5_write_config_data(k5_config_data * d) {
                 s > 0) {
                 char defrealm[K5_MAXCCH_REALM];
 
-                UnicodeStrToAnsi(defrealm, sizeof(defrealm), 
+                UnicodeStrToAnsi(defrealm, sizeof(defrealm),
                                  d->def_realm);
 
                 khm_krb5_set_default_realm(d->def_realm);
@@ -697,7 +697,7 @@ k5_write_config_data(k5_config_data * d) {
             char realm[K5_MAXCCH_REALM];
             char host[K5_MAXCCH_HOST];
 
-            const char * sec_kdcs[] = 
+            const char * sec_kdcs[] =
                 { "realms", realm, "kdc", NULL };
 
             const char * sec_admin[] =
@@ -811,9 +811,9 @@ k5_write_config_data(k5_config_data * d) {
 
                         if (!rv) {
                             if (!strcmp(maprealm, realm)) {
-                                StringCbCopyA(host, sizeof(host), 
+                                StringCbCopyA(host, sizeof(host),
                                               values[v]);
-                                pprofile_clear_relation(profile, 
+                                pprofile_clear_relation(profile,
                                                         sec_domain_map);
                                 applied = TRUE;
                             }
@@ -973,7 +973,7 @@ k5_write_config_data(k5_config_data * d) {
         khui_alert_set_title(alert, title);
         khui_alert_set_message(alert, msg);
         khui_alert_set_suggestion(alert, sugg);
-        
+
         khui_alert_show(alert);
     }
 
@@ -992,7 +992,7 @@ k5_write_config_data(k5_config_data * d) {
 static k5_config_data k5_config_dlg_data;
 static khm_boolean    k5_dlg_data_valid = FALSE;
 
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_config_dlgproc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
@@ -1073,7 +1073,7 @@ k5_config_dlgproc(HWND hwnd,
 #endif
             SendMessage(hw, CB_RESETCONTENT, 0, 0);
 
-            for (t=importopts; 
+            for (t=importopts;
                  t && *t && *t != L' ' &&
                      t < importopts + ARRAYLENGTH(importopts);
                  t = multi_string_next(t)) {
@@ -1607,7 +1607,7 @@ k5_delete_realms(HWND hwnd, k5_config_data * d) {
         lvi.iItem = idx;
         lvi.iSubItem = 0;
         lvi.mask = LVIF_PARAM;
-        
+
         ListView_GetItem(hw_rlm, &lvi);
 
         if (lvi.lParam != -1 &&
@@ -1619,7 +1619,7 @@ k5_delete_realms(HWND hwnd, k5_config_data * d) {
 
     if (modified) {
         d->flags |= K5_CDFLAG_MOD_REALMS;
-        
+
         k5_purge_config_data(d, TRUE, TRUE, TRUE);
         k5_update_realms_display(hw_rlm, d);
         k5_update_dmap_display(GetDlgItem(hwnd, IDC_CFG_DMAP), NULL, 0);
@@ -1638,7 +1638,7 @@ k5_delete_servers(HWND hwnd, k5_config_data * d) {
 
     hw_kdc = GetDlgItem(hwnd, IDC_CFG_KDC);
     r = d->c_realm;
-    
+
     idx = -1;
     while((idx = ListView_GetNextItem(hw_kdc, idx,
                                       LVNI_SELECTED))
@@ -1660,7 +1660,7 @@ k5_delete_servers(HWND hwnd, k5_config_data * d) {
     if (modified) {
         d->flags |= K5_CDFLAG_MOD_REALMS;
         d->realms[r].flags |= K5_RDFLAG_MODIFED;
-        
+
         k5_purge_config_data(d, TRUE, TRUE, TRUE);
         k5_update_realms_display(GetDlgItem(hwnd, IDC_CFG_REALMS), d);
         k5_update_kdcs_display(hw_kdc, d, r);
@@ -1687,7 +1687,7 @@ k5_delete_dmap(HWND hwnd, k5_config_data * d) {
         lvi.iItem = idx;
         lvi.iSubItem = 0;
         lvi.mask = LVIF_PARAM;
-        
+
         ListView_GetItem(hw_dmp, &lvi);
 
         if (lvi.lParam != -1 &&
@@ -1700,7 +1700,7 @@ k5_delete_dmap(HWND hwnd, k5_config_data * d) {
     if (modified) {
         d->flags |= K5_CDFLAG_MOD_REALMS;
         k5_purge_config_data(d, FALSE, FALSE, TRUE);
-        
+
         if (!(d->realms[r].flags & K5_RDFLAG_MODIFED)) {
             d->realms[r].flags |= K5_RDFLAG_MODIFED;
 
@@ -1711,7 +1711,7 @@ k5_delete_dmap(HWND hwnd, k5_config_data * d) {
     }
 }
 
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_realms_dlgproc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
@@ -1846,7 +1846,7 @@ k5_realms_dlgproc(HWND hwnd,
 
                     SetMenuItemInfo(hm, CMD_DEL_REALM, FALSE, &mii);
                 }
-                
+
             } else if (id == IDC_CFG_KDC) {
                 HWND hw_kdc;
                 int n;
@@ -1883,7 +1883,7 @@ k5_realms_dlgproc(HWND hwnd,
                     mii.fState = MFS_ENABLED;
 
                     SetMenuItemInfo(hm, CMD_DEL_SERVER, FALSE, &mii);
-                    
+
                     mii.fState = MFS_DISABLED;
 
                     SetMenuItemInfo(hm, CMD_MAKE_ADMIN, FALSE, &mii);
@@ -2562,7 +2562,7 @@ k5_realms_dlgproc(HWND hwnd,
 
                 if (ListView_GetSelectedCount(hw_kdc) != 1)
                     return TRUE;
-                
+
                 idx = -1;
                 while ((idx = ListView_GetNextItem(hw_kdc, idx,
                                                    LVNI_SELECTED)) != -1) {
@@ -2613,7 +2613,7 @@ k5_realms_dlgproc(HWND hwnd,
 
                 if (ListView_GetSelectedCount(hw_kdc) != 1)
                     return TRUE;
-                
+
                 idx = -1;
                 while ((idx = ListView_GetNextItem(hw_kdc, idx,
                                                    LVNI_SELECTED)) != -1) {
@@ -2850,7 +2850,7 @@ k5_unregister_config_panels(void) {
 #endif
     }
 
-    if (KHM_SUCCEEDED(khui_cfg_open(node_main, L"KerberosRealms", 
+    if (KHM_SUCCEEDED(khui_cfg_open(node_main, L"KerberosRealms",
                                     &node_realms))) {
         khui_cfg_remove(node_realms);
         khui_cfg_release(node_realms);
diff --git a/src/windows/identity/plugins/krb5/krb5configid.c b/src/windows/identity/plugins/krb5/krb5configid.c
index 2f3fe62c8..b0dff3cb9 100644
--- a/src/windows/identity/plugins/krb5/krb5configid.c
+++ b/src/windows/identity/plugins/krb5/krb5configid.c
@@ -273,7 +273,7 @@ k5_id_write_params(HWND hw, k5_id_dlg_data * d) {
                             KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED);
 }
 
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_id_tab_dlgproc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
diff --git a/src/windows/identity/plugins/krb5/krb5configids.c b/src/windows/identity/plugins/krb5/krb5configids.c
index 4699f056a..70af85716 100644
--- a/src/windows/identity/plugins/krb5/krb5configids.c
+++ b/src/windows/identity/plugins/krb5/krb5configids.c
@@ -101,7 +101,7 @@ k5_ids_write_params(k5_ids_dlg_data * d) {
    rv = khc_write_int32(csp_params, vn, (khm_int32) po); \
    assert(KHM_SUCCEEDED(rv));       \
   }
-    
+
     WRITEPARAM(d->life,d->tc_life.current, L"DefaultLifetime");
     WRITEPARAM(d->renew_life,d->tc_renew.current, L"DefaultRenewLifetime");
     WRITEPARAM(d->life_max,d->tc_life_max.current, L"MaxLifetime");
@@ -170,7 +170,7 @@ k5_ids_read_params(k5_ids_dlg_data * d) {
     d->tc_renew_max.max = d->tc_renew.max;
 }
 
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_ids_tab_dlgproc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
@@ -279,6 +279,3 @@ k5_ids_tab_dlgproc(HWND hwnd,
     }
     return FALSE;
 }
-
-
-
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c
index efab36e5e..a78ed45d7 100644
--- a/src/windows/identity/plugins/krb5/krb5funcs.c
+++ b/src/windows/identity/plugins/krb5/krb5funcs.c
@@ -96,7 +96,7 @@ khm_convert524(krb5_context alt_ctx)
         krb5_princ_realm(ctx, me)->data,
         "krbtgt",
         krb5_princ_realm(ctx, me)->data,
-        NULL))) 
+        NULL)))
     {
         goto cleanup;
     }
@@ -108,21 +108,21 @@ khm_convert524(krb5_context alt_ctx)
     if ((code = pkrb5_get_credentials(ctx, 0,
                                       cc,
                                       &increds,
-                                      &v5creds))) 
+                                      &v5creds)))
     {
         goto cleanup;
     }
 
     if ((icode = pkrb524_convert_creds_kdc(ctx,
         v5creds,
-        v4creds))) 
+        v4creds)))
     {
         goto cleanup;
     }
 
     /* initialize ticket cache */
     if ((icode = pkrb_in_tkt(v4creds->pname, v4creds->pinst, v4creds->realm)
-        != KSUCCESS)) 
+        != KSUCCESS))
     {
         goto cleanup;
     }
@@ -134,7 +134,7 @@ khm_convert524(krb5_context alt_ctx)
         v4creds->lifetime,
         v4creds->kvno,
         &(v4creds->ticket_st),
-        v4creds->issue_date))) 
+        v4creds->issue_date)))
     {
         goto cleanup;
     }
@@ -170,7 +170,7 @@ int com_addr(void)
 {
     long ipAddr;
     char loc_addr[ADDR_SZ];
-    CREDENTIALS cred;    
+    CREDENTIALS cred;
     char service[40];
     char instance[40];
     //    char addr[40];
@@ -197,7 +197,7 @@ int com_addr(void)
         break;
     } // while()
     return 0;
-} 
+}
 #endif
 
 /* we use these structures to keep track of identities that we find
@@ -492,7 +492,7 @@ tc_free_idlist(identlist * idlist) {
 
 #define MAX_ADDRS 256
 
-static long get_tickets_from_cache(krb5_context ctx, 
+static long get_tickets_from_cache(krb5_context ctx,
                                    krb5_ccache cache,
                                    identlist * idlist)
 {
@@ -564,8 +564,8 @@ static long get_tickets_from_cache(krb5_context ctx,
     PrincipalName = NULL;
     ClientName = NULL;
     sServerName = NULL;
-    if ((code = (*pkrb5_unparse_name)(ctx, KRBv5Principal, 
-        (char **)&PrincipalName))) 
+    if ((code = (*pkrb5_unparse_name)(ctx, KRBv5Principal,
+        (char **)&PrincipalName)))
     {
         if (PrincipalName != NULL)
             (*pkrb5_free_unparsed_name)(ctx, PrincipalName);
@@ -586,7 +586,7 @@ static long get_tickets_from_cache(krb5_context ctx,
     }
 
     AnsiStrToUnicode(wbuf, sizeof(wbuf), PrincipalName);
-    if(KHM_FAILED(kcdb_identity_create(wbuf, KCDB_IDENT_FLAG_CREATE, 
+    if(KHM_FAILED(kcdb_identity_create(wbuf, KCDB_IDENT_FLAG_CREATE,
                                        &ident))) {
         /* something bad happened */
         code = 1;
@@ -597,9 +597,9 @@ static long get_tickets_from_cache(krb5_context ctx,
 
     (*pkrb5_free_principal)(ctx, KRBv5Principal);
 
-    if ((code = (*pkrb5_cc_start_seq_get)(ctx, cache, &KRBv5Cursor))) 
+    if ((code = (*pkrb5_cc_start_seq_get)(ctx, cache, &KRBv5Cursor)))
     {
-        goto _exit; 
+        goto _exit;
     }
 
     memset(&KRBv5Credentials, '\0', sizeof(KRBv5Credentials));
@@ -608,8 +608,8 @@ static long get_tickets_from_cache(krb5_context ctx,
     sServerName = NULL;
     cred = NULL;
 
-    while (!(code = pkrb5_cc_next_cred(ctx, cache, &KRBv5Cursor, 
-                                       &KRBv5Credentials))) 
+    while (!(code = pkrb5_cc_next_cred(ctx, cache, &KRBv5Cursor,
+                                       &KRBv5Credentials)))
     {
         khm_handle tident = NULL;
         khm_int32 cred_flags = 0;
@@ -643,7 +643,7 @@ static long get_tickets_from_cache(krb5_context ctx,
            reason, we need to create a new identity */
         if(strcmp(ClientName, PrincipalName)) {
             AnsiStrToUnicode(wbuf, sizeof(wbuf), ClientName);
-            if(KHM_FAILED(kcdb_identity_create(wbuf, KCDB_IDENT_FLAG_CREATE, 
+            if(KHM_FAILED(kcdb_identity_create(wbuf, KCDB_IDENT_FLAG_CREATE,
                                                &tident))) {
                 (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials);
                 continue;
@@ -653,7 +653,7 @@ static long get_tickets_from_cache(krb5_context ctx,
         }
 
         AnsiStrToUnicode(wbuf, sizeof(wbuf), sServerName);
-        if(KHM_FAILED(kcdb_cred_create(wbuf, tident, credtype_id_krb5, 
+        if(KHM_FAILED(kcdb_cred_create(wbuf, tident, credtype_id_krb5,
                                        &cred))) {
             (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials);
             continue;
@@ -682,12 +682,12 @@ static long get_tickets_from_cache(krb5_context ctx,
 
             tt = KRBv5Credentials.times.renew_till;
             TimetToFileTime(tt, &eft);
-            kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_EXPIRE, &eft, 
+            kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_EXPIRE, &eft,
                                sizeof(eft));
 
 
             ftl = FtSub(&eft, &ft);
-            kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_LIFETIME, &ftl, 
+            kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_LIFETIME, &ftl,
                                sizeof(ftl));
         }
 
@@ -710,7 +710,7 @@ static long get_tickets_from_cache(krb5_context ctx,
 		c1 = krb5_princ_component(ctx,KRBv5Credentials.server,1);
 		r  = krb5_princ_realm(ctx,KRBv5Credentials.server);
 
-		if ( c0 && c1 && r && c1->length == r->length && 
+		if ( c0 && c1 && r && c1->length == r->length &&
 		     !strncmp(c1->data,r->data,r->length) &&
 		     !strncmp("krbtgt",c0->data,c0->length) )
 		    nflags |= KCDB_CRED_FLAG_INITIAL;
@@ -733,7 +733,7 @@ static long get_tickets_from_cache(krb5_context ctx,
         ti = KRBv5Credentials.keyblock.enctype;
         kcdb_cred_set_attr(cred, attr_id_key_enctype, &ti, sizeof(ti));
 
-        kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wcc_name, 
+        kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wcc_name,
                            KCDB_CBSIZE_AUTO);
 
         if ( KRBv5Credentials.addresses && KRBv5Credentials.addresses[0] ) {
@@ -843,7 +843,7 @@ static long get_tickets_from_cache(krb5_context ctx,
 
     if ((code == KRB5_CC_END) || (code == KRB5_CC_NOTFOUND))
     {
-        if ((code = pkrb5_cc_end_seq_get(ctx, cache, &KRBv5Cursor))) 
+        if ((code = pkrb5_cc_end_seq_get(ctx, cache, &KRBv5Cursor)))
         {
             goto _exit;
         }
@@ -852,12 +852,12 @@ static long get_tickets_from_cache(krb5_context ctx,
 #ifdef KRB5_TC_NOTICKET
         flags |= KRB5_TC_NOTICKET;
 #endif
-        if ((code = pkrb5_cc_set_flags(ctx, cache, flags))) 
+        if ((code = pkrb5_cc_set_flags(ctx, cache, flags)))
         {
             goto _exit;
         }
     }
-    else 
+    else
     {
         goto _exit;
     }
@@ -901,7 +901,7 @@ khm_krb5_list_tickets(krb5_context *krbv5Context)
         goto _exit;
 
     code = pcc_get_NC_info(cc_ctx, &pNCi);
-    if (code) 
+    if (code)
         goto _exit;
 
     for(i=0; pNCi[i]; i++) {
@@ -1038,7 +1038,7 @@ khm_krb5_renew_cred(khm_handle cred)
 	goto cleanup;
 
     code = pkrb5_cc_get_principal(ctx, cc, &me);
-    if (code) 
+    if (code)
         goto cleanup;
 
     cbname = sizeof(wname);
@@ -1058,7 +1058,7 @@ khm_krb5_renew_cred(khm_handle cred)
     pkrb5_cc_set_flags(ctx, cc, ccflags);
 
     if (strlen("krbtgt") != krb5_princ_name(ctx, server)->length ||
-        strncmp("krbtgt", krb5_princ_name(ctx, server)->data, krb5_princ_name(ctx, server)->length)) 
+        strncmp("krbtgt", krb5_princ_name(ctx, server)->data, krb5_princ_name(ctx, server)->length))
     {
 	code = pkrb5_get_renewed_creds(ctx, &cc_creds, me, cc, name);
 	if (code) {
@@ -1110,7 +1110,7 @@ khm_krb5_renew_cred(khm_handle cred)
 	pkrb5_free_principal(ctx, server);
 
     pkrb5_free_cred_contents(ctx, &in_creds);
-    pkrb5_free_cred_contents(ctx, &cc_creds);			      
+    pkrb5_free_cred_contents(ctx, &cc_creds);
 
     if (out_creds)
 	pkrb5_free_creds(ctx, out_creds);
@@ -1280,11 +1280,11 @@ khm_krb5_renew_ident(khm_handle identity)
     }
 
     code = khm_krb5_initialize(identity, &ctx, &cc);
-    if (code) 
+    if (code)
         goto cleanup;
 
     code = pkrb5_cc_get_principal(ctx, cc, &me);
-    if (code) 
+    if (code)
         goto cleanup;
 
     realm = krb5_princ_realm(ctx, me);
@@ -1295,7 +1295,7 @@ khm_krb5_renew_ident(khm_handle identity)
                                      realm->length,realm->data,
                                      0);
 
-    if (code) 
+    if (code)
         goto cleanup;
 
     my_creds.client = me;
@@ -1635,7 +1635,7 @@ khm_krb5_canon_cc_name(wchar_t * wcc_name,
     size_t cb_len;
     wchar_t * colon;
 
-    if (FAILED(StringCbLength(wcc_name, 
+    if (FAILED(StringCbLength(wcc_name,
                               cb_cc_name,
                               &cb_len))) {
 #ifdef DEBUG
@@ -1672,7 +1672,7 @@ khm_krb5_canon_cc_name(wchar_t * wcc_name,
     return 0;
 }
 
-int 
+int
 khm_krb5_cc_name_cmp(const wchar_t * cc_name_1,
                      const wchar_t * cc_name_2) {
     if (!wcsncmp(cc_name_1, L"API:", 4))
@@ -2026,7 +2026,7 @@ khm_krb5_destroy_by_credset(khm_handle p_cs)
             }
             goto _del_this_cred;
         }
-        
+
 
     _done_with_this_set:
         pkrb5_free_principal(ctx, princ);
@@ -2297,10 +2297,10 @@ khm_krb5_ms2mit(char * match_princ, BOOL match_realm, BOOL save_creds,
 
     } else {
         /* Enumerate tickets from cache looking for an initial ticket */
-        if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) 
+        if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor)))
             goto cleanup;
 
-        while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache, 
+        while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache,
                                            &cursor, &creds))) {
             if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
                 rc = TRUE;
@@ -2337,7 +2337,7 @@ cleanup:
 #define KRB5_FILE               "KRB5.INI"
 #define KRB5_TMP_FILE           "KRB5.INI.TMP"
 
-BOOL 
+BOOL
 khm_krb5_get_temp_profile_file(LPSTR confname, UINT szConfname)
 {
     GetTempPathA(szConfname, confname);
@@ -2368,11 +2368,11 @@ khm_krb5_set_profile_file(krb5_context ctx, LPSTR confname)
 }
 #endif
 
-BOOL 
+BOOL
 khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
 {
     char **configFile = NULL;
-    if (pkrb5_get_default_config_files(&configFile)) 
+    if (pkrb5_get_default_config_files(&configFile))
     {
         GetWindowsDirectoryA(confname,szConfname);
         confname[szConfname-1] = '\0';
@@ -2382,15 +2382,15 @@ khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
 
         return FALSE;
     }
-    
+
     *confname = 0;
-    
+
     if (configFile)
     {
         StringCchCopyA(confname, szConfname, *configFile);
-        pkrb5_free_config_files(configFile); 
+        pkrb5_free_config_files(configFile);
     }
-    
+
     if (!*confname)
     {
         GetWindowsDirectoryA(confname,szConfname);
@@ -2398,7 +2398,7 @@ khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
         StringCchCatA(confname, szConfname, "\\");
         StringCchCatA(confname, szConfname, KRB5_FILE);
     }
-    
+
     return FALSE;
 }
 
@@ -2415,7 +2415,7 @@ khm_get_krb4_con_file(LPSTR confname, UINT szConfname)
             krbConFile[MAX_PATH-1] = '\0';
             StringCchCatA(confname, szConfname, "\\");
         }
-        
+
         pFind = strrchr(krbConFile, '\\');
         if (pFind) {
             *pFind = '\0';
@@ -2427,7 +2427,7 @@ khm_get_krb4_con_file(LPSTR confname, UINT szConfname)
 
         StringCchCopyA(confname, szConfname, krbConFile);
     }
-    else if (hKrb4) { 
+    else if (hKrb4) {
         size_t size = szConfname;
         memset(confname, '\0', szConfname);
         if (!pkrb_get_krbconf2(confname, &size))
@@ -2446,7 +2446,7 @@ readstring(FILE * file, char * buf, int len)
 {
     int  c,i;
     memset(buf, '\0', sizeof(buf));
-    for (i=0, c=fgetc(file); c != EOF ; c=fgetc(file), i++) {	
+    for (i=0, c=fgetc(file); c != EOF ; c=fgetc(file), i++) {
         if (i < sizeof(buf)) {
             if (c == '\n') {
                 buf[i] = '\0';
@@ -2485,8 +2485,8 @@ readstring(FILE * file, char * buf, int len)
     \return The string with the list of realms or NULL if the
     operation fails.
 */
-wchar_t * 
-khm_krb5_get_realm_list(void) 
+wchar_t *
+khm_krb5_get_realm_list(void)
 {
     wchar_t * rlist = NULL;
 
@@ -2509,14 +2509,14 @@ khm_krb5_get_realm_list(void)
             filenames[1] = NULL;
             retval = pprofile_init(filenames, &profile);
             if (!retval) {
-                retval = pprofile_get_subsection_names(profile,	rootsec, 
+                retval = pprofile_get_subsection_names(profile,	rootsec,
                                                        &sections);
 
                 if (!retval)
                     {
                     /* first figure out how much space to allocate */
                     cbsize = 0;
-                    for (cpp = sections; *cpp; cpp++) 
+                    for (cpp = sections; *cpp; cpp++)
                     {
                         cbsize += sizeof(wchar_t) * (strlen(*cpp) + 1);
                     }
@@ -2553,7 +2553,7 @@ khm_krb5_get_realm_list(void)
         size_t cbsize, t;
         wchar_t * d;
 
-        if (!khm_get_krb4_con_file(krb_conf,sizeof(krb_conf)) && 
+        if (!khm_get_krb4_con_file(krb_conf,sizeof(krb_conf)) &&
 #if _MSC_VER >= 1400 && __STDC_WANT_SECURE_LIB__
             !fopen_s(&file, krb_conf, "rt")
 #else
@@ -2616,7 +2616,7 @@ khm_krb5_get_realm_list(void)
 
     Returns NULL if the operation fails.
 */
-wchar_t * 
+wchar_t *
 khm_krb5_get_default_realm(void)
 {
     wchar_t * realm;
@@ -2630,7 +2630,7 @@ khm_krb5_get_default_realm(void)
         return NULL;
 
     pkrb5_get_default_realm(ctx,&def);
-    
+
     if (def) {
         cch = strlen(def) + 1;
         realm = PMALLOC(sizeof(wchar_t) * cch);
@@ -2670,7 +2670,7 @@ khm_krb5_set_default_realm(wchar_t * realm) {
     return rv;
 }
 
-wchar_t * 
+wchar_t *
 khm_get_realm_from_princ(wchar_t * princ) {
     wchar_t * t;
 
@@ -2727,8 +2727,8 @@ khm_krb5_changepwd(char * principal,
     pkrb5_get_init_creds_opt_set_proxiable(&opts, 0);
     pkrb5_get_init_creds_opt_set_address_list(&opts,NULL);
 
-    if (rc = pkrb5_get_init_creds_password(context, &creds, princ, 
-                                           password, 0, 0, 0, 
+    if (rc = pkrb5_get_init_creds_password(context, &creds, princ,
+                                           password, 0, 0, 0,
                                            "kadmin/changepw", &opts)) {
         if (rc == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
 #if 0
@@ -2753,7 +2753,7 @@ khm_krb5_changepwd(char * principal,
     }
 
     if (result_code) {
-        int len = result_code_string.length + 
+        int len = result_code_string.length +
             (result_string.length ? (sizeof(": ") - 1) : 0) +
             result_string.length;
         if (len && error_str) {
@@ -2761,10 +2761,10 @@ khm_krb5_changepwd(char * principal,
             if (*error_str)
                 StringCchPrintfA(*error_str, len+1,
                                  "%.*s%s%.*s",
-                                 result_code_string.length, 
+                                 result_code_string.length,
                                  result_code_string.data,
                                  result_string.length?": ":"",
-                                 result_string.length, 
+                                 result_string.length,
                                  result_string.data);
         }
         rc = result_code;
@@ -3036,7 +3036,7 @@ get_libdefault_string(profile_t profile, const char * realm,
      * [libdefaults]
      *		option = <boolean>
      */
-    
+
     names[1] = option;
     names[2] = 0;
     code = pprofile_get_values(profile, names, &nameval);
@@ -3044,7 +3044,7 @@ get_libdefault_string(profile_t profile, const char * realm,
 	goto goodbye;
 
  goodbye:
-    if (!nameval) 
+    if (!nameval)
 	return(ENOENT);
 
     if (!nameval[0]) {
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.h b/src/windows/identity/plugins/krb5/krb5funcs.h
index 62e4bd536..d41ffb6b2 100644
--- a/src/windows/identity/plugins/krb5/krb5funcs.h
+++ b/src/windows/identity/plugins/krb5/krb5funcs.h
@@ -102,10 +102,10 @@ typedef struct tag_k5params {
 
 #define K5PARAM_FM_ALL    0x000007ff
 #define K5PARAM_FM_PROF   0x0000007f
- 
+
 /* Credential and principal operations */
 
-BOOL 
+BOOL
 khm_krb5_ms2mit(char * match_princ,
                 BOOL   match_realm,
                 BOOL   save_creds,
@@ -144,10 +144,10 @@ khm_convert524(krb5_context ctx);
 int
 khm_krb5_renew_cred(khm_handle cred);
 
-int 
+int
 khm_krb5_renew_ident(khm_handle identity);
 
-long 
+long
 khm_krb5_list_tickets(krb5_context *krbv5Context);
 
 long
@@ -165,19 +165,19 @@ khm_krb5_creds_is_equal(khm_handle vcred1, khm_handle vcred2, void * dummy);
 
 /* Configuration */
 
-BOOL 
+BOOL
 khm_krb5_get_profile_file(LPSTR confname, UINT szConfname);
 
-BOOL 
+BOOL
 khm_krb5_get_temp_profile_file(LPSTR confname, UINT szConfname);
 
-wchar_t * 
+wchar_t *
 khm_krb5_get_default_realm(void);
 
 long
 khm_krb5_set_default_realm(wchar_t * realm);
 
-wchar_t * 
+wchar_t *
 khm_krb5_get_realm_list(void);
 
 khm_int32
@@ -207,14 +207,14 @@ khm_krb5_get_identity_default_ccacheA(khm_handle ident, char * buf, khm_size * p
 
 /* Utility */
 
-wchar_t * 
+wchar_t *
 khm_get_realm_from_princ(wchar_t * princ);
 
 long
 khm_krb5_canon_cc_name(wchar_t * wcc_name,
                        size_t cb_cc_name);
 
-int 
+int
 khm_krb5_cc_name_cmp(const wchar_t * cc_name_1,
                      const wchar_t * cc_name_2);
 
diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c
index 996918351..1b1ec403e 100644
--- a/src/windows/identity/plugins/krb5/krb5identpro.c
+++ b/src/windows/identity/plugins/krb5/krb5identpro.c
@@ -80,9 +80,9 @@ trim_str(wchar_t * s, khm_size cch) {
 }
 
 /* Runs in the UI thread */
-int 
-k5_get_realm_from_nc(khui_new_creds * nc, 
-                     wchar_t * buf, 
+int
+k5_get_realm_from_nc(khui_new_creds * nc,
+                     wchar_t * buf,
                      khm_size cch_buf) {
     k5_new_cred_data * d;
     khm_size s;
@@ -102,7 +102,7 @@ k5_get_realm_from_nc(khui_new_creds * nc,
 
    Runs in the UI thread
 */
-static void 
+static void
 set_identity_from_ui(khui_new_creds * nc,
                      k5_new_cred_data * d) {
     wchar_t un[KCDB_IDENT_MAXCCH_NAME];
@@ -328,13 +328,13 @@ update_crossfeed(khui_new_creds * nc,
 
     SetWindowText(d->hw_username, un);
 
-    return TRUE;    
+    return TRUE;
 }
 
 /* Handle window messages for the identity specifiers
 
    runs in UI thread */
-static LRESULT 
+static LRESULT
 handle_wnd_msg(khui_new_creds * nc,
                HWND hwnd,
                UINT uMsg,
@@ -351,7 +351,7 @@ handle_wnd_msg(khui_new_creds * nc,
             /* the username has changed.  Instead of handling this
                for every keystroke, set a timer that elapses some
                time afterwards and then handle the event. */
-            SetTimer(hwnd, NC_UNCHANGE_TIMER, 
+            SetTimer(hwnd, NC_UNCHANGE_TIMER,
                      NC_UNCHANGE_TIMEOUT, NULL);
             return TRUE;
 
@@ -400,7 +400,7 @@ handle_wnd_msg(khui_new_creds * nc,
 /* UI Callback
 
    runs in UI thread */
-static LRESULT KHMAPI 
+static LRESULT KHMAPI
 ui_cb(khui_new_creds * nc,
       UINT cmd,
       HWND hwnd,
@@ -443,7 +443,7 @@ ui_cb(khui_new_creds * nc,
             nc->ident_aux = (LPARAM) d;
             khui_cw_unlock_nc(nc);
 
-            LoadString(hResModule, IDS_NC_USERNAME, 
+            LoadString(hResModule, IDS_NC_USERNAME,
                        wbuf, ARRAYLENGTH(wbuf));
 
             d->hw_username_label = CreateWindow
@@ -460,7 +460,7 @@ ui_cb(khui_new_creds * nc,
             d->hw_username = CreateWindow
                 (L"COMBOBOX",
                  L"",
-                 CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | 
+                 CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT |
                  WS_CHILD | WS_VISIBLE | WS_TABSTOP | WS_VSCROLL,
                  0, 0, 100, 100, /* bogus values */
                  hw_parent,
@@ -501,7 +501,7 @@ ui_cb(khui_new_creds * nc,
             d->hw_realm = CreateWindow
                 (L"COMBOBOX",
                  L"",
-                 CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | 
+                 CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT |
                  WS_CHILD | WS_VISIBLE | WS_TABSTOP | WS_VSCROLL,
                  0, 0, 100, 100, /* bogus */
                  hw_parent,
@@ -741,7 +741,7 @@ ui_cb(khui_new_creds * nc,
             khui_cw_lock_nc(nc);
             nc->ident_aux = 0;
             khui_cw_unlock_nc(nc);
-            
+
             /* since we created all the windows as child windows of
                the new creds window, they will be destroyed when that
                window is destroyed. */
@@ -869,7 +869,7 @@ k5_ident_set_default_int(khm_handle def_ident) {
         khm_krb5_cc_name_cmp(reg_ccname, id_ccname)) {
 
         /* we have to write the new value in */
-            
+
         l = RegSetValueEx(hk_ccname, L"ccname", 0, REG_SZ, (BYTE *) id_ccname,
                           (DWORD) cb);
     }
@@ -892,7 +892,7 @@ k5_ident_set_default(khm_int32 msg_type,
                      khm_ui_4 uparam,
                      void * vparam) {
 
-    /* 
+    /*
        Currently, setting the default identity simply sets the
        "ccname" registry value at "Software\MIT\kerberos5".
     */
@@ -1262,7 +1262,7 @@ k5_refresh_default_identity(krb5_context ctx) {
         _reportf(L"Can't open default ccache. code=%d", code);
         goto _nc_cleanup;
     }
-    
+
     code = pkrb5_cc_get_principal(ctx, cc, &princ);
     if (code) {
         /* try to determine the identity from the ccache name */
@@ -1499,10 +1499,10 @@ k5_ident_(khm_int32 msg_type,
 }
 #endif
 
-khm_int32 KHMAPI 
-k5_msg_ident(khm_int32 msg_type, 
-               khm_int32 msg_subtype, 
-               khm_ui_4 uparam, 
+khm_int32 KHMAPI
+k5_msg_ident(khm_int32 msg_type,
+               khm_int32 msg_subtype,
+               khm_ui_4 uparam,
                void * vparam)
 {
     switch(msg_subtype) {
@@ -1654,7 +1654,7 @@ DWORD WINAPI k5_ccname_monitor_thread(LPVOID lpParameter) {
     }
 
     dwSize = sizeof(reg_ccname);
-    
+
     l = RegQueryValueEx(hk_ccname,
                         L"ccname",
                         NULL,
@@ -1701,7 +1701,7 @@ DWORD WINAPI k5_ccname_monitor_thread(LPVOID lpParameter) {
             wchar_t new_ccname[KRB5_MAXCCH_CCNAME];
 
             dwSize = sizeof(new_ccname);
-    
+
             l = RegQueryValueEx(hk_ccname,
                                 L"ccname",
                                 NULL,
@@ -1756,7 +1756,7 @@ k5_msg_system_idpro(khm_int32 msg_type, khm_int32 msg_subtype,
             pkrb5_init_context(&k5_identpro_ctx);
             kcdb_identity_set_type(credtype_id_krb5);
 
-            if (KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_PRINC, 
+            if (KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_PRINC,
                                             &type_id_krb5_princ))) {
                 kcdb_type dt;
                 kcdb_type * pstr;
diff --git a/src/windows/identity/plugins/krb5/krb5main.c b/src/windows/identity/plugins/krb5/krb5main.c
index 4875a80f8..fc64e27f3 100644
--- a/src/windows/identity/plugins/krb5/krb5main.c
+++ b/src/windows/identity/plugins/krb5/krb5main.c
@@ -245,7 +245,7 @@ KHMEXP_EXP khm_int32 KHMAPI init_module(kmm_module h_module) {
         LoadString(hResModule, IDS_KEY_ENCTYPE_LONG_DESC, lbuf, ARRAYLENGTH(lbuf));
         attrib.short_desc = sbuf;
         attrib.long_desc = lbuf;
-        
+
         rv = kcdb_attrib_register(&attrib, &attr_id_key_enctype);
 
         if(KHM_FAILED(rv))
@@ -271,7 +271,7 @@ KHMEXP_EXP khm_int32 KHMAPI init_module(kmm_module h_module) {
         LoadString(hResModule, IDS_TKT_ENCTYPE_LONG_DESC, lbuf, ARRAYLENGTH(lbuf));
         attrib.short_desc = sbuf;
         attrib.long_desc = lbuf;
-        
+
         rv = kcdb_attrib_register(&attrib, &attr_id_tkt_enctype);
 
         if(KHM_FAILED(rv))
@@ -297,7 +297,7 @@ KHMEXP_EXP khm_int32 KHMAPI init_module(kmm_module h_module) {
         LoadString(hResModule, IDS_ADDR_LIST_LONG_DESC, lbuf, ARRAYLENGTH(lbuf));
         attrib.short_desc = sbuf;
         attrib.long_desc = lbuf;
-        
+
         rv = kcdb_attrib_register(&attrib, &attr_id_addr_list);
 
         if(KHM_FAILED(rv))
@@ -322,7 +322,7 @@ KHMEXP_EXP khm_int32 KHMAPI init_module(kmm_module h_module) {
         LoadString(hResModule, IDS_KRB5_FLAGS_SHORT_DESC, sbuf, ARRAYLENGTH(sbuf));
         attrib.short_desc = sbuf;
         attrib.long_desc = NULL;
-        
+
         rv = kcdb_attrib_register(&attrib, &attr_id_krb5_flags);
 
         if(KHM_FAILED(rv))
@@ -350,7 +350,7 @@ KHMEXP_EXP khm_int32 KHMAPI init_module(kmm_module h_module) {
         LoadString(hResModule, IDS_KRB5_CCNAME_LONG_DESC, lbuf, ARRAYLENGTH(lbuf));
         attrib.short_desc = sbuf;
         attrib.long_desc = lbuf;
-        
+
         rv = kcdb_attrib_register(&attrib, &attr_id_krb5_ccname);
 
         if(KHM_FAILED(rv))
diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c
index 48c10a4d7..7f2b93198 100644
--- a/src/windows/identity/plugins/krb5/krb5newcreds.c
+++ b/src/windows/identity/plugins/krb5/krb5newcreds.c
@@ -67,7 +67,7 @@ k5_handle_wm_initdialog(HWND hwnd,
     HWND hw;
     k5_dlg_data * d;
     khui_new_creds_by_type * nct;
-    
+
     d = PMALLOC(sizeof(*d));
     ZeroMemory(d, sizeof(*d));
     /* lParam is a pointer to a khui_new_creds structure */
@@ -174,7 +174,7 @@ k5_force_password_change(k5_dlg_data * d) {
 
 INT_PTR
 k5_handle_wmnc_notify(HWND hwnd,
-                      WPARAM wParam, 
+                      WPARAM wParam,
                       LPARAM lParam)
 {
     switch(HIWORD(wParam)) {
@@ -182,7 +182,7 @@ k5_handle_wmnc_notify(HWND hwnd,
         {
             k5_dlg_data * d;
 
-            d = (k5_dlg_data *)(LONG_PTR) 
+            d = (k5_dlg_data *)(LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
 
             if (d == NULL)
@@ -202,7 +202,7 @@ k5_handle_wmnc_notify(HWND hwnd,
             k5_dlg_data * d;
             BOOL old_sync;
 
-            d = (k5_dlg_data *)(LONG_PTR) 
+            d = (k5_dlg_data *)(LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
 
             if (d == NULL)
@@ -217,17 +217,17 @@ k5_handle_wmnc_notify(HWND hwnd,
             old_sync = d->sync;
 
             /* need to update the controls with d->* */
-            SendDlgItemMessage(hwnd, IDC_NCK5_RENEWABLE, 
+            SendDlgItemMessage(hwnd, IDC_NCK5_RENEWABLE,
                                BM_SETCHECK,
-			       (d->renewable? BST_CHECKED : BST_UNCHECKED), 
+			       (d->renewable? BST_CHECKED : BST_UNCHECKED),
                                0);
-            EnableWindow(GetDlgItem(hwnd, IDC_NCK5_RENEW_EDIT), 
+            EnableWindow(GetDlgItem(hwnd, IDC_NCK5_RENEW_EDIT),
                          !!d->renewable);
 
             khui_tracker_refresh(&d->tc_lifetime);
             khui_tracker_refresh(&d->tc_renew);
 
-            SendDlgItemMessage(hwnd, IDC_NCK5_FORWARDABLE, 
+            SendDlgItemMessage(hwnd, IDC_NCK5_FORWARDABLE,
                                BM_SETCHECK,
                                (d->forwardable ? BST_CHECKED : BST_UNCHECKED),
                                0);
@@ -286,7 +286,7 @@ k5_handle_wmnc_notify(HWND hwnd,
             size_t cbsize;
             khm_int32 flags;
 
-            d = (k5_dlg_data *)(LONG_PTR) 
+            d = (k5_dlg_data *)(LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
             if (d == NULL)
                 return TRUE;
@@ -304,7 +304,7 @@ k5_handle_wmnc_notify(HWND hwnd,
             tbuf[0] = L'\0';
 
             if (nc->n_identities > 0 &&
-                KHM_SUCCEEDED(kcdb_identity_get_flags(nc->identities[0], 
+                KHM_SUCCEEDED(kcdb_identity_get_flags(nc->identities[0],
                                                       &flags)) &&
                 (flags & KCDB_IDENT_FLAG_VALID) &&
                 nc->subtype == KMSG_CRED_NEW_CREDS &&
@@ -313,14 +313,14 @@ k5_handle_wmnc_notify(HWND hwnd,
                 if (is_k5_identpro)
                     k5_get_realm_from_nc(nc, tbuf, ARRAYLENGTH(tbuf));
                 else
-                    GetDlgItemText(hwnd, IDC_NCK5_REALM, tbuf, 
+                    GetDlgItemText(hwnd, IDC_NCK5_REALM, tbuf,
                                    ARRAYLENGTH(tbuf));
 
                 /*TODO: if additional realms were specified, then those
                   must be listed as well */
-                LoadString(hResModule, IDS_KRB5_CREDTEXT_0, 
+                LoadString(hResModule, IDS_KRB5_CREDTEXT_0,
                            fbuf, ARRAYLENGTH(fbuf));
-                StringCbPrintf(sbuf, sizeof(sbuf), fbuf, 
+                StringCbPrintf(sbuf, sizeof(sbuf), fbuf,
                                tbuf);
 
                 StringCbLength(sbuf, sizeof(sbuf), &cbsize);
@@ -364,13 +364,13 @@ k5_handle_wmnc_notify(HWND hwnd,
             /* There has been a change of identity */
             k5_dlg_data * d;
 
-            d = (k5_dlg_data *)(LONG_PTR) 
+            d = (k5_dlg_data *)(LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
             if (d == NULL)
                 break;
 
-            kmq_post_sub_msg(k5_sub, KMSG_CRED, 
-                             KMSG_CRED_DIALOG_NEW_IDENTITY, 
+            kmq_post_sub_msg(k5_sub, KMSG_CRED,
+                             KMSG_CRED_DIALOG_NEW_IDENTITY,
                              0, (void *) d->nc);
         }
         break;
@@ -379,14 +379,14 @@ k5_handle_wmnc_notify(HWND hwnd,
         {
             k5_dlg_data * d;
 
-            d = (k5_dlg_data *)(LONG_PTR) 
+            d = (k5_dlg_data *)(LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
             if (d == NULL)
                 break;
 
             if(!d->sync && d->nc->result == KHUI_NC_RESULT_PROCESS) {
-                kmq_post_sub_msg(k5_sub, KMSG_CRED, 
-                                 KMSG_CRED_DIALOG_NEW_OPTIONS, 
+                kmq_post_sub_msg(k5_sub, KMSG_CRED,
+                                 KMSG_CRED_DIALOG_NEW_OPTIONS,
                                  0, (void *) d->nc);
             }
         }
@@ -474,7 +474,7 @@ k5_handle_wm_command(HWND hwnd,
 
     if(notif == BN_CLICKED && cid == IDC_NCK5_RENEWABLE) {
         int c;
-        c = (int) SendDlgItemMessage(hwnd, IDC_NCK5_RENEWABLE, 
+        c = (int) SendDlgItemMessage(hwnd, IDC_NCK5_RENEWABLE,
                                      BM_GETCHECK, 0, 0);
         if(c==BST_CHECKED) {
             EnableWindow(GetDlgItem(hwnd, IDC_NCK5_RENEW_EDIT), TRUE);
@@ -487,7 +487,7 @@ k5_handle_wm_command(HWND hwnd,
         d->sync = FALSE;
     } else if(notif == BN_CLICKED && cid == IDC_NCK5_FORWARDABLE) {
         int c;
-        c = (int) SendDlgItemMessage(hwnd, IDC_NCK5_FORWARDABLE, 
+        c = (int) SendDlgItemMessage(hwnd, IDC_NCK5_FORWARDABLE,
                                      BM_GETCHECK, 0, 0);
         if(c==BST_CHECKED) {
             d->forwardable = TRUE;
@@ -515,8 +515,8 @@ k5_handle_wm_command(HWND hwnd,
                                       cid == IDC_NCK5_LIFETIME_EDIT)) {
         d->dirty = TRUE;
         d->sync = FALSE;
-    } else if((notif == CBN_SELCHANGE || 
-               notif == CBN_KILLFOCUS) && 
+    } else if((notif == CBN_SELCHANGE ||
+               notif == CBN_KILLFOCUS) &&
               cid == IDC_NCK5_REALM &&
               !is_k5_identpro) {
         /* find out what the realm of the current identity
@@ -531,16 +531,16 @@ k5_handle_wm_command(HWND hwnd,
 
         if(d->nc->n_identities > 0) {
             if(notif == CBN_SELCHANGE) {
-                idx = (int) SendDlgItemMessage(hwnd, IDC_NCK5_REALM, 
+                idx = (int) SendDlgItemMessage(hwnd, IDC_NCK5_REALM,
                                                CB_GETCURSEL, 0, 0);
-                SendDlgItemMessage(hwnd, IDC_NCK5_REALM, 
+                SendDlgItemMessage(hwnd, IDC_NCK5_REALM,
                                    CB_GETLBTEXT, idx, (LPARAM) realm);
             } else {
-                GetDlgItemText(hwnd, IDC_NCK5_REALM, 
+                GetDlgItemText(hwnd, IDC_NCK5_REALM,
                                realm, ARRAYLENGTH(realm));
             }
             cbsize = sizeof(idname);
-            if(KHM_SUCCEEDED(kcdb_identity_get_name(d->nc->identities[0], 
+            if(KHM_SUCCEEDED(kcdb_identity_get_name(d->nc->identities[0],
                                                   idname, &cbsize))) {
                 r = wcschr(idname, L'@');
                 if(r && !wcscmp(realm, r+1))
@@ -553,11 +553,11 @@ k5_handle_wm_command(HWND hwnd,
                 }
 
                 /* if we get here, we have a new user */
-                StringCchCopy(r+1, 
-                              ARRAYLENGTH(idname) - ((r+1) - idname), 
+                StringCchCopy(r+1,
+                              ARRAYLENGTH(idname) - ((r+1) - idname),
                               realm);
-                if(KHM_SUCCEEDED(kcdb_identity_create(idname, 
-                                                    KCDB_IDENT_FLAG_CREATE, 
+                if(KHM_SUCCEEDED(kcdb_identity_create(idname,
+                                                    KCDB_IDENT_FLAG_CREATE,
                                                     &ident))) {
                     khui_cw_set_primary_id(d->nc, ident);
                     kcdb_identity_release(ident);
@@ -568,26 +568,26 @@ k5_handle_wm_command(HWND hwnd,
 
         /* if we get here, we have a new realm, but there is no
            identity */
-        PostMessage(d->nc->hwnd, KHUI_WM_NC_NOTIFY, 
+        PostMessage(d->nc->hwnd, KHUI_WM_NC_NOTIFY,
                     MAKEWPARAM(0, WMNC_UPDATE_CREDTEXT), 0);
     }
 
     return 0;
 }
-                       
+
 
 /*  Dialog procedure for the Krb5 credentials type panel.
 
     NOTE: Runs in the context of the UI thread
 */
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_nc_dlg_proc(HWND hwnd,
                UINT uMsg,
                WPARAM wParam,
                LPARAM lParam)
 {
     switch(uMsg) {
-    case WM_INITDIALOG: 
+    case WM_INITDIALOG:
         return k5_handle_wm_initdialog(hwnd, wParam, lParam);
 
     case WM_COMMAND:
@@ -606,7 +606,7 @@ k5_nc_dlg_proc(HWND hwnd,
 }
 
 /* forward dcl */
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 k5_kinit_prompter(krb5_context context,
                   void *data,
                   const char *name,
@@ -618,7 +618,7 @@ k5_kinit_prompter(krb5_context context,
 
 fiber_job g_fjob;   /* global fiber job object */
 
-static BOOL 
+static BOOL
 k5_cached_kinit_prompter(void);
 
 static BOOL
@@ -627,7 +627,7 @@ k5_cp_check_continue(void);
 /*
     Runs in the context of the krb5 plugin's slave fiber
 */
-VOID CALLBACK 
+VOID CALLBACK
 k5_kinit_fiber_proc(PVOID lpParameter)
 {
     while(TRUE)
@@ -775,7 +775,7 @@ k5_cp_check_continue(void) {
 }
 
 /* returns true if we find cached prompts */
-static BOOL 
+static BOOL
 k5_cached_kinit_prompter(void) {
     BOOL rv = FALSE;
     khm_handle ident;
@@ -836,7 +836,7 @@ k5_cached_kinit_prompter(void) {
     /* check if there are any prompts currently showing.  If there are
        we check if they are the same as the ones we are going to show.
        In which case we just reuse the exisitng prompts */
-    if (KHM_FAILED(khui_cw_get_prompt_count(g_fjob.nc, 
+    if (KHM_FAILED(khui_cw_get_prompt_count(g_fjob.nc,
                                             &n_cur_prompts)) ||
         n_prompts != (khm_int32) n_cur_prompts)
         goto _show_new_prompts;
@@ -858,7 +858,7 @@ k5_cached_kinit_prompter(void) {
             break;
 
         cb = sizeof(wprompt);
-        if (KHM_FAILED(khc_read_string(csp_p, L"Prompt", 
+        if (KHM_FAILED(khc_read_string(csp_p, L"Prompt",
                                        wprompt, &cb))) {
             khc_close_space(csp_p);
             break;
@@ -896,7 +896,7 @@ k5_cached_kinit_prompter(void) {
             break;
 
         }
-        
+
 
         khc_close_space(csp_p);
     }
@@ -915,7 +915,7 @@ k5_cached_kinit_prompter(void) {
         wchar_t wpname[KHUI_MAXCCH_PNAME];
 
         cb = sizeof(wbanner);
-        if (KHM_FAILED(khc_read_string(csp_prcache, L"Banner", 
+        if (KHM_FAILED(khc_read_string(csp_prcache, L"Banner",
                                       wbanner, &cb)))
             wbanner[0] = 0;
 
@@ -943,7 +943,7 @@ k5_cached_kinit_prompter(void) {
             break;
 
         cb = sizeof(wprompt);
-        if (KHM_FAILED(khc_read_string(csp_p, L"Prompt", 
+        if (KHM_FAILED(khc_read_string(csp_p, L"Prompt",
                                        wprompt, &cb))) {
             khc_close_space(csp_p);
             break;
@@ -965,7 +965,7 @@ k5_cached_kinit_prompter(void) {
     } else {
         rv = TRUE;
     }
-     
+
  _cleanup:
 
     if (csp_prcache)
@@ -981,7 +981,7 @@ k5_cached_kinit_prompter(void) {
 }
 
 /*  Runs in the context of the Krb5 plugin's slave fiber */
-krb5_error_code KRB5_CALLCONV 
+krb5_error_code KRB5_CALLCONV
 k5_kinit_prompter(krb5_context context,
                   void *data,
                   const char *name,
@@ -1040,7 +1040,7 @@ k5_kinit_prompter(krb5_context context,
         khui_new_creds_prompt * p;
 
         if(prompts[i].prompt) {
-            AnsiStrToUnicode(wprompt, sizeof(wprompt), 
+            AnsiStrToUnicode(wprompt, sizeof(wprompt),
                              prompts[i].prompt);
         } else {
             wprompt[0] = 0;
@@ -1176,8 +1176,8 @@ k5_kinit_prompter(krb5_context context,
         khui_cw_clear_prompts(nc);
 
         khui_cw_begin_custom_prompts(
-            nc, 
-            num_prompts, 
+            nc,
+            num_prompts,
             (banner)?wbanner:NULL,
             (name)?wname:NULL);
 
@@ -1228,7 +1228,7 @@ k5_kinit_prompter(krb5_context context,
         wchar_t wprompt[KHUI_MAXCCH_PROMPT];
 
         if(prompts[i].prompt) {
-            AnsiStrToUnicode(wprompt, sizeof(wprompt), 
+            AnsiStrToUnicode(wprompt, sizeof(wprompt),
                              prompts[i].prompt);
         } else {
             wprompt[0] = 0;
@@ -1249,7 +1249,7 @@ k5_kinit_prompter(krb5_context context,
             wnum[0] = 0;
             StringCbPrintf(wnum, sizeof(wnum), L"%d", i);
 
-            khc_open_space(csp_prcache, wnum, 
+            khc_open_space(csp_prcache, wnum,
                            KHM_FLAG_CREATE, &csp_p);
 
             if (csp_p) {
@@ -1309,7 +1309,7 @@ k5_kinit_prompter(krb5_context context,
             d->length = 0;
         }
 
-        if (ptypes && 
+        if (ptypes &&
             ptypes[i] == KRB5_PROMPT_TYPE_PASSWORD &&
             d->length == 0)
 
@@ -1328,7 +1328,7 @@ k5_kinit_prompter(krb5_context context,
 }
 
 
-void 
+void
 k5_read_dlg_params(k5_dlg_data * d, khm_handle identity)
 {
     k5_params p;
@@ -1463,7 +1463,7 @@ k5_ensure_identity_ccache_is_watched(khm_handle identity, char * ccache)
     } while(FALSE);
 }
 
-void 
+void
 k5_write_dlg_params(k5_dlg_data * d, khm_handle identity, char * ccache)
 {
 
@@ -1498,7 +1498,7 @@ k5_write_dlg_params(k5_dlg_data * d, khm_handle identity, char * ccache)
     d->dirty = FALSE;
 }
 
-void 
+void
 k5_free_kinit_job(void)
 {
     if (g_fjob.principal)
@@ -1519,7 +1519,7 @@ k5_free_kinit_job(void)
     ZeroMemory(&g_fjob, sizeof(g_fjob));
 }
 
-void 
+void
 k5_prep_kinit_job(khui_new_creds * nc)
 {
     khui_new_creds_by_type * nct;
@@ -1534,7 +1534,7 @@ k5_prep_kinit_job(khui_new_creds * nc)
     if (!nct)
         return;
 
-    d = (k5_dlg_data *)(LONG_PTR) 
+    d = (k5_dlg_data *)(LONG_PTR)
         GetWindowLongPtr(nct->hwnd_panel, DWLP_USER);
 
     if (!d)
@@ -1642,7 +1642,7 @@ k5_prep_kinit_job(khui_new_creds * nc)
     /* leave identity held, since we added a reference above */
 }
 
-static khm_int32 KHMAPI 
+static khm_int32 KHMAPI
 k5_find_tgt_filter(khm_handle cred,
                    khm_int32 flags,
                    void * rock) {
@@ -1777,7 +1777,7 @@ k5_update_LRU(khm_handle identity)
     } else if (rv == KHM_ERROR_SUCCESS) {
         if (multi_string_find(wbuf, realm, KHM_CASE_SENSITIVE) != NULL) {
             /* remove the realm and add it at the top later. */
-            multi_string_delete(wbuf, realm, KHM_CASE_SENSITIVE); 
+            multi_string_delete(wbuf, realm, KHM_CASE_SENSITIVE);
         }
     } else {
         multi_string_init(wbuf, cb_ms);
@@ -1795,7 +1795,7 @@ k5_update_LRU(khm_handle identity)
     }
 
     rv = khc_write_multi_string(csp_params, L"LRURealms", wbuf);
-    
+
     assert(KHM_SUCCEEDED(rv));
 
  _done_with_LRU:
@@ -1812,10 +1812,10 @@ k5_update_LRU(khm_handle identity)
 
     Runs in the context of the Krb5 plugin
 */
-khm_int32 KHMAPI 
-k5_msg_cred_dialog(khm_int32 msg_type, 
-                   khm_int32 msg_subtype, 
-                   khm_ui_4 uparam, 
+khm_int32 KHMAPI
+k5_msg_cred_dialog(khm_int32 msg_type,
+                   khm_int32 msg_subtype,
+                   khm_ui_4 uparam,
                    void * vparam)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -1838,7 +1838,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
             nct->type = credtype_id_krb5;
             nct->ordinal = 1;
 
-            LoadString(hResModule, IDS_KRB5_NC_NAME, 
+            LoadString(hResModule, IDS_KRB5_NC_NAME,
                        wbuf, ARRAYLENGTH(wbuf));
             StringCbLength(wbuf, sizeof(wbuf), &cbsize);
             cbsize += sizeof(wchar_t);
@@ -1891,7 +1891,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                 break;
 
             hwnd = nct->hwnd_panel;
-            d = (k5_dlg_data *)(LONG_PTR) 
+            d = (k5_dlg_data *)(LONG_PTR)
                 GetWindowLongPtr(nct->hwnd_panel, DWLP_USER);
 
             /* this can be NULL if the dialog was closed while the
@@ -1902,14 +1902,14 @@ k5_msg_cred_dialog(khm_int32 msg_type,
             if (!is_k5_identpro) {
 
                 /* enumerate all realms and place in realms combo box */
-                SendDlgItemMessage(hwnd, IDC_NCK5_REALM, 
-                                   CB_RESETCONTENT, 
+                SendDlgItemMessage(hwnd, IDC_NCK5_REALM,
+                                   CB_RESETCONTENT,
                                    0, 0);
 
                 realms = khm_krb5_get_realm_list();
                 if(realms) {
                     for (t = realms; t && *t; t = multi_string_next(t)) {
-                        SendDlgItemMessage(hwnd, IDC_NCK5_REALM, 
+                        SendDlgItemMessage(hwnd, IDC_NCK5_REALM,
                                            CB_ADDSTRING,
                                            0, (LPARAM) t);
                     }
@@ -1924,8 +1924,8 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                                        (WPARAM) -1,
                                        (LPARAM) defrealm);
 
-                    SendDlgItemMessage(hwnd, IDC_NCK5_REALM, 
-                                       WM_SETTEXT, 
+                    SendDlgItemMessage(hwnd, IDC_NCK5_REALM,
+                                       WM_SETTEXT,
                                        0, (LPARAM) defrealm);
                     PFREE(defrealm);
                 }
@@ -1946,24 +1946,24 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                 k5_read_dlg_params(d, NULL);
             }
 
-            PostMessage(hwnd, KHUI_WM_NC_NOTIFY, 
+            PostMessage(hwnd, KHUI_WM_NC_NOTIFY,
                         MAKEWPARAM(0,WMNC_DIALOG_SETUP), 0);
         }
         break;
-            
+
     case KMSG_CRED_DIALOG_NEW_IDENTITY:
         {
             khui_new_creds * nc;
             khui_new_creds_by_type * nct;
             k5_dlg_data * d;
-            
+
             nc = (khui_new_creds *) vparam;
 
             khui_cw_find_type(nc, credtype_id_krb5, &nct);
             if (!nct)
                 break;
 
-            d = (k5_dlg_data *)(LONG_PTR) 
+            d = (k5_dlg_data *)(LONG_PTR)
                 GetWindowLongPtr(nct->hwnd_panel, DWLP_USER);
 
             if (d == NULL)
@@ -1980,7 +1980,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
 
                 k5_read_dlg_params(d, nc->identities[0]);
 
-                PostMessage(nct->hwnd_panel, KHUI_WM_NC_NOTIFY, 
+                PostMessage(nct->hwnd_panel, KHUI_WM_NC_NOTIFY,
                             MAKEWPARAM(0,WMNC_DIALOG_SETUP), 0);
             }
 
@@ -2004,7 +2004,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
             if (!nct)
                 break;
 
-            d = (k5_dlg_data *)(LONG_PTR) 
+            d = (k5_dlg_data *)(LONG_PTR)
                 GetWindowLongPtr(nct->hwnd_panel, DWLP_USER);
             if (d == NULL)
                 break;
@@ -2028,7 +2028,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
 
                     LoadString(hResModule, IDS_NC_PWD_PWD,
                                wbuf, ARRAYLENGTH(wbuf));
-                    khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_PASSWORD, 
+                    khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_PASSWORD,
                                        wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN);
 
                     LoadString(hResModule, IDS_NC_PWD_NPWD,
@@ -2121,7 +2121,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
 
                     }
 
-                    if(g_fjob.code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && 
+                    if(g_fjob.code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN &&
 		       is_k5_identpro) {
                         kcdb_identity_set_flags(ident,
                                                 KCDB_IDENT_FLAG_INVALID,
@@ -2212,7 +2212,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                     /* this is what we want.  Leave the fiber there. */
 
                     if(is_k5_identpro)
-                        kcdb_identity_set_flags(ident, 
+                        kcdb_identity_set_flags(ident,
                                                 KCDB_IDENT_FLAG_VALID,
                                                 KCDB_IDENT_FLAG_VALID);
                 } else {
@@ -2226,7 +2226,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                    we should update the cred text as well */
                 kcdb_identity_release(ident);
                 khui_cw_lock_nc(nc);
-                PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY, 
+                PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY,
                             MAKEWPARAM(0, WMNC_UPDATE_CREDTEXT), 0);
             } else {
                 khui_cw_unlock_nc(nc);
@@ -2434,7 +2434,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                         pkrb5_free_context(ctx);
                 } else if (g_fjob.state == FIBER_STATE_NONE) {
                     /* the user cancelled the operation */
-                    r = KHUI_NC_RESPONSE_EXIT | 
+                    r = KHUI_NC_RESPONSE_EXIT |
                         KHUI_NC_RESPONSE_SUCCESS;
                 }
 
@@ -2456,7 +2456,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                     }
                 } else {
                     khui_cw_set_response(nc, credtype_id_krb5,
-                                         KHUI_NC_RESPONSE_NOEXIT | 
+                                         KHUI_NC_RESPONSE_NOEXIT |
                                          KHUI_NC_RESPONSE_PENDING | r);
                 }
 
@@ -2518,15 +2518,15 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                     if (code == 0) {
 			_reportf(L"Tickets successfully renewed");
 
-                        khui_cw_set_response(nc, credtype_id_krb5, 
-                                             KHUI_NC_RESPONSE_EXIT | 
+                        khui_cw_set_response(nc, credtype_id_krb5,
+                                             KHUI_NC_RESPONSE_EXIT |
                                              KHUI_NC_RESPONSE_SUCCESS);
                     } else if (nc->ctx.identity == 0) {
 
                         _report_mr0(KHERR_ERROR, MSG_ERR_NO_IDENTITY);
 
-                        khui_cw_set_response(nc, credtype_id_krb5, 
-                                             KHUI_NC_RESPONSE_EXIT | 
+                        khui_cw_set_response(nc, credtype_id_krb5,
+                                             KHUI_NC_RESPONSE_EXIT |
                                              KHUI_NC_RESPONSE_FAILED);
                     } else if (CompareFileTime(&ftcurrent, &ftidexp) < 0) {
                         wchar_t tbuf[1024];
@@ -2548,7 +2548,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
 
                         _resolve();
 
-                        khui_cw_set_response(nc, credtype_id_krb5, 
+                        khui_cw_set_response(nc, credtype_id_krb5,
                                              KHUI_NC_RESPONSE_EXIT |
                                              KHUI_NC_RESPONSE_SUCCESS);
                     } else {
@@ -2565,13 +2565,13 @@ k5_msg_cred_dialog(khm_int32 msg_type,
 
                         _resolve();
 
-                        khui_cw_set_response(nc, credtype_id_krb5, 
+                        khui_cw_set_response(nc, credtype_id_krb5,
                                              ((sug_id == KHERR_SUGGEST_RETRY)?KHUI_NC_RESPONSE_NOEXIT:KHUI_NC_RESPONSE_EXIT) |
                                              KHUI_NC_RESPONSE_FAILED);
                     }
                 } else {
-                    khui_cw_set_response(nc, credtype_id_krb5, 
-                                         KHUI_NC_RESPONSE_EXIT | 
+                    khui_cw_set_response(nc, credtype_id_krb5,
+                                         KHUI_NC_RESPONSE_EXIT |
                                          KHUI_NC_RESPONSE_SUCCESS);
                 }
 
@@ -2833,7 +2833,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                             _resolve();
                         }
 
-                        khui_cw_set_response(nc, credtype_id_krb5, 
+                        khui_cw_set_response(nc, credtype_id_krb5,
                                              KHUI_NC_RESPONSE_NOEXIT|
                                              KHUI_NC_RESPONSE_FAILED);
                     } else {
@@ -2862,7 +2862,7 @@ k5_msg_cred_dialog(khm_int32 msg_type,
                 break;
 
             khui_cw_del_type(nc, credtype_id_krb5);
-    
+
             if (nct->name)
                 PFREE(nct->name);
             if (nct->credtext)
diff --git a/src/windows/identity/plugins/krb5/krb5plugin.c b/src/windows/identity/plugins/krb5/krb5plugin.c
index 61331f384..d8877a9c0 100644
--- a/src/windows/identity/plugins/krb5/krb5plugin.c
+++ b/src/windows/identity/plugins/krb5/krb5plugin.c
@@ -51,8 +51,8 @@ krb5_context k5_identpro_ctx = NULL;
 /*  The system message handler.
 
     Runs in the context of the plugin thread */
-khm_int32 KHMAPI 
-k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, 
+khm_int32 KHMAPI
+k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
               khm_ui_4 uparam, void * vparam)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -70,7 +70,7 @@ k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
             ct.id = KCDB_CREDTYPE_AUTO;
             ct.name = KRB5_CREDTYPE_NAME;
 
-            if(LoadString(hResModule, IDS_KRB5_SHORT_DESC, 
+            if(LoadString(hResModule, IDS_KRB5_SHORT_DESC,
                           buf, ARRAYLENGTH(buf))) {
                 StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
                 cbsize += sizeof(wchar_t);
@@ -81,7 +81,7 @@ k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
             /* even though ideally we should be setting limits
                based KCDB_MAXCB_LONG_DESC, our long description
                actually fits nicely in KCDB_MAXCB_SHORT_DESC */
-            if(LoadString(hResModule, IDS_KRB5_LONG_DESC, 
+            if(LoadString(hResModule, IDS_KRB5_LONG_DESC,
                           buf, ARRAYLENGTH(buf))) {
                 StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
                 cbsize += sizeof(wchar_t);
@@ -191,8 +191,8 @@ k5_msg_kcdb(khm_int32 msg_type, khm_int32 msg_subtype,
 
     Runs in the context of the Krb5 plugin
 */
-khm_int32 KHMAPI 
-k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, 
+khm_int32 KHMAPI
+k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype,
             khm_ui_4 uparam, void * vparam)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -237,7 +237,7 @@ k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype,
 
     default:
         if(IS_CRED_ACQ_MSG(msg_subtype))
-            return k5_msg_cred_dialog(msg_type, msg_subtype, 
+            return k5_msg_cred_dialog(msg_type, msg_subtype,
                                       uparam, vparam);
     }
 
@@ -249,8 +249,8 @@ k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype,
 
     Runs in the context of the Krb5 plugin
 */
-khm_int32 KHMAPI 
-k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype, 
+khm_int32 KHMAPI
+k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype,
                 khm_ui_4 uparam, void * vparam)
 {
     switch(msg_type) {
diff --git a/src/windows/identity/plugins/krb5/krb5props.c b/src/windows/identity/plugins/krb5/krb5props.c
index 312b576fd..d1553e6d6 100644
--- a/src/windows/identity/plugins/krb5/krb5props.c
+++ b/src/windows/identity/plugins/krb5/krb5props.c
@@ -42,7 +42,7 @@ INT_PTR CALLBACK krb5_pp_proc(HWND hwnd,
     UINT uMsg,
     WPARAM wParam,
     LPARAM lParam
-    ) 
+    )
 {
     switch(uMsg) {
     case WM_INITDIALOG:
@@ -72,8 +72,8 @@ INT_PTR CALLBACK krb5_pp_proc(HWND hwnd,
                 SetDlgItemText(hwnd, IDC_PPK5_NAME, buf);
 
                 cbsize = sizeof(buf);
-                rv = kcdb_cred_get_attr_string(s->cred, 
-                                               KCDB_ATTR_ISSUE, 
+                rv = kcdb_cred_get_attr_string(s->cred,
+                                               KCDB_ATTR_ISSUE,
                                                buf, &cbsize, 0);
                 if (KHM_SUCCEEDED(rv))
                     SetDlgItemText(hwnd, IDC_PPK5_ISSUE, buf);
@@ -81,8 +81,8 @@ INT_PTR CALLBACK krb5_pp_proc(HWND hwnd,
                     SetDlgItemText(hwnd, IDC_PPK5_ISSUE, unavailable);
 
                 cbsize = sizeof(buf);
-                rv = kcdb_cred_get_attr_string(s->cred, 
-                                               KCDB_ATTR_EXPIRE, 
+                rv = kcdb_cred_get_attr_string(s->cred,
+                                               KCDB_ATTR_EXPIRE,
                                                buf, &cbsize, 0);
                 if (KHM_SUCCEEDED(rv))
                     SetDlgItemText(hwnd, IDC_PPK5_VALID, buf);
@@ -90,8 +90,8 @@ INT_PTR CALLBACK krb5_pp_proc(HWND hwnd,
                     SetDlgItemText(hwnd, IDC_PPK5_VALID, unavailable);
 
                 cbsize = sizeof(buf);
-                rv = kcdb_cred_get_attr_string(s->cred, 
-                                               KCDB_ATTR_RENEW_EXPIRE, 
+                rv = kcdb_cred_get_attr_string(s->cred,
+                                               KCDB_ATTR_RENEW_EXPIRE,
                                                buf, &cbsize, 0);
                 if (KHM_SUCCEEDED(rv))
                     SetDlgItemText(hwnd, IDC_PPK5_RENEW, buf);
@@ -173,4 +173,3 @@ void k5_pp_end(khui_property_sheet * s)
         p->p_page = NULL;
     }
 }
-
diff --git a/src/windows/identity/plugins/krb5/krbcred.h b/src/windows/identity/plugins/krb5/krbcred.h
index ddc745c93..d90a39e46 100644
--- a/src/windows/identity/plugins/krb5/krbcred.h
+++ b/src/windows/identity/plugins/krb5/krbcred.h
@@ -190,30 +190,30 @@ extern fiber_job g_fjob;   /* global fiber job object */
 
 #define K5_SET_CRED_MSG     WMNC_USER
 
-void 
+void
 k5_pp_begin(khui_property_sheet * s);
 
-void 
+void
 k5_pp_end(khui_property_sheet * s);
 
-khm_int32 KHMAPI 
-k5_msg_cred_dialog(khm_int32 msg_type, 
-                   khm_int32 msg_subtype, 
-                   khm_ui_4 uparam, 
+khm_int32 KHMAPI
+k5_msg_cred_dialog(khm_int32 msg_type,
+                   khm_int32 msg_subtype,
+                   khm_ui_4 uparam,
                    void * vparam);
 
-khm_int32 KHMAPI 
-k5_msg_ident(khm_int32 msg_type, 
-               khm_int32 msg_subtype, 
-               khm_ui_4 uparam, 
+khm_int32 KHMAPI
+k5_msg_ident(khm_int32 msg_type,
+               khm_int32 msg_subtype,
+               khm_ui_4 uparam,
                void * vparam);
 
 khm_int32
 k5_remove_from_LRU(khm_handle identity);
 
-int 
-k5_get_realm_from_nc(khui_new_creds * nc, 
-                     wchar_t * buf, 
+int
+k5_get_realm_from_nc(khui_new_creds * nc,
+                     wchar_t * buf,
                      khm_size cch_buf);
 
 void
@@ -222,19 +222,19 @@ k5_register_config_panels(void);
 void
 k5_unregister_config_panels(void);
 
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_ccconfig_dlgproc(HWND hwnd,
                     UINT uMsg,
                     WPARAM wParam,
                     LPARAM lParam);
 
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_id_tab_dlgproc(HWND hwndDlg,
                   UINT uMsg,
                   WPARAM wParam,
                   LPARAM lParam);
 
-INT_PTR CALLBACK 
+INT_PTR CALLBACK
 k5_ids_tab_dlgproc(HWND hwnd,
                    UINT uMsg,
                    WPARAM wParam,
diff --git a/src/windows/identity/plugins/krb5/langres.h b/src/windows/identity/plugins/krb5/langres.h
index 117754b3e..2c6566d78 100644
--- a/src/windows/identity/plugins/krb5/langres.h
+++ b/src/windows/identity/plugins/krb5/langres.h
@@ -205,7 +205,7 @@
 #define ID_FOO_BAR                      40001
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        219
diff --git a/src/windows/identity/sample/templates/credprov/langres.h b/src/windows/identity/sample/templates/credprov/langres.h
index 962c4cb22..f59404a8d 100644
--- a/src/windows/identity/sample/templates/credprov/langres.h
+++ b/src/windows/identity/sample/templates/credprov/langres.h
@@ -23,7 +23,7 @@
 #define IDS_CFG_ID_LONG_DESC            120
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        116
diff --git a/src/windows/identity/sample/templates/credprov/proppage.c b/src/windows/identity/sample/templates/credprov/proppage.c
index eaffde23e..dc6148ae1 100644
--- a/src/windows/identity/sample/templates/credprov/proppage.c
+++ b/src/windows/identity/sample/templates/credprov/proppage.c
@@ -56,4 +56,3 @@ pp_cred_dlg_proc(HWND hwnd,
 
     return FALSE;
 }
-
diff --git a/src/windows/identity/ui/aboutwnd.c b/src/windows/identity/ui/aboutwnd.c
index cc88705d7..a9efcfbff 100644
--- a/src/windows/identity/ui/aboutwnd.c
+++ b/src/windows/identity/ui/aboutwnd.c
@@ -54,7 +54,7 @@ about_dlg_proc(HWND hwnd,
             SetDlgItemText(hwnd, IDC_BUILDINFO,
                            TEXT(KH_VERSTR_BUILDINFO_1033));
 
-            hsnap = 
+            hsnap =
                 CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,
                                          0);
 
diff --git a/src/windows/identity/ui/addrchange.c b/src/windows/identity/ui/addrchange.c
index 3953e4f10..9058ebec7 100644
--- a/src/windows/identity/ui/addrchange.c
+++ b/src/windows/identity/ui/addrchange.c
@@ -65,7 +65,7 @@ addr_change_thread(LPVOID dummy) {
             goto _end_thread;
         }
     } while(TRUE);
-    
+
  _end_thread:
     ExitThread(0);
 }
diff --git a/src/windows/identity/ui/cfg_general_wnd.c b/src/windows/identity/ui/cfg_general_wnd.c
index f4dfa7712..bb2635855 100644
--- a/src/windows/identity/ui/cfg_general_wnd.c
+++ b/src/windows/identity/ui/cfg_general_wnd.c
@@ -364,7 +364,7 @@ khm_cfg_general_proc(HWND hwnd,
                     StringCbPrintf(msg, sizeof(msg), fmt, buf);
 
                     MessageBox(hwnd, title, msg, MB_OK);
-                    
+
                 } else {
                     wchar_t cmdline[550];
                     STARTUPINFO si;
diff --git a/src/windows/identity/ui/cfg_identities_wnd.c b/src/windows/identity/ui/cfg_identities_wnd.c
index 02eb44212..d419e2837 100644
--- a/src/windows/identity/ui/cfg_identities_wnd.c
+++ b/src/windows/identity/ui/cfg_identities_wnd.c
@@ -46,7 +46,7 @@ set_window_node(HWND hwnd, khui_config_node node) {
 }
 
 static void
-add_subpanels(HWND hwnd, 
+add_subpanels(HWND hwnd,
               khui_config_node ctx_node,
               khui_config_node ref_node) {
 
@@ -128,7 +128,7 @@ add_subpanels(HWND hwnd,
 }
 
 static void
-apply_all(HWND hwnd, 
+apply_all(HWND hwnd,
           HWND hw_tab,
           khui_config_node noderef) {
     TCITEM tci;
@@ -271,7 +271,7 @@ handle_notify(HWND hwnd,
         case TCN_SELCHANGING:
             i = TabCtrl_GetCurSel(lpnm->hwndFrom);
 
-            show_tab_panel(hwnd, 
+            show_tab_panel(hwnd,
                            node,
                            lpnm->hwndFrom,
                            i,
@@ -619,12 +619,12 @@ init_idents_data(void) {
         goto _cleanup;
     }
 
-    cfg_idents.idents = PMALLOC(sizeof(*cfg_idents.idents) * 
+    cfg_idents.idents = PMALLOC(sizeof(*cfg_idents.idents) *
                                cfg_idents.n_idents);
 #ifdef DEBUG
     assert(cfg_idents.idents);
 #endif
-    ZeroMemory(cfg_idents.idents, 
+    ZeroMemory(cfg_idents.idents,
                sizeof(*cfg_idents.idents) * cfg_idents.n_idents);
     cfg_idents.nc_idents = cfg_idents.n_idents;
 
@@ -1067,7 +1067,7 @@ khm_cfg_add_ident_proc(HWND hwnd,
                 break;
             }
             break;
-            
+
         } else if (LOWORD(wParam) == IDCANCEL) {
             EndDialog(hwnd, 1);
         } else {
@@ -1107,9 +1107,9 @@ khm_cfg_ids_tab_proc(HWND hwnd,
             if (cfg_idents.hi_status)
                 goto _done_with_icons;
 
-            cfg_idents.hi_status = 
+            cfg_idents.hi_status =
                 ImageList_Create(GetSystemMetrics(SM_CXSMICON),
-                                 GetSystemMetrics(SM_CYSMICON), 
+                                 GetSystemMetrics(SM_CYSMICON),
                                  ILC_COLOR8 | ILC_MASK,
                                  4,4);
 
@@ -1125,37 +1125,37 @@ khm_cfg_ids_tab_proc(HWND hwnd,
             DestroyIcon(hicon);
 
             hicon = LoadImage(khm_hInstance, MAKEINTRESOURCE(IDI_CFG_DEFAULT),
-                              IMAGE_ICON, GetSystemMetrics(SM_CXSMICON), 
+                              IMAGE_ICON, GetSystemMetrics(SM_CXSMICON),
                               GetSystemMetrics(SM_CYSMICON), LR_DEFAULTCOLOR);
 
-            cfg_idents.idx_default = ImageList_AddIcon(cfg_idents.hi_status, 
+            cfg_idents.idx_default = ImageList_AddIcon(cfg_idents.hi_status,
                                                        hicon) + 1;
 
             DestroyIcon(hicon);
 
             hicon = LoadImage(khm_hInstance, MAKEINTRESOURCE(IDI_CFG_MODIFIED),
-                              IMAGE_ICON, GetSystemMetrics(SM_CXSMICON), 
+                              IMAGE_ICON, GetSystemMetrics(SM_CXSMICON),
                               GetSystemMetrics(SM_CYSMICON), LR_DEFAULTCOLOR);
 
-            cfg_idents.idx_modified = ImageList_AddIcon(cfg_idents.hi_status, 
+            cfg_idents.idx_modified = ImageList_AddIcon(cfg_idents.hi_status,
                                                         hicon) + 1;
 
             DestroyIcon(hicon);
 
             hicon = LoadImage(khm_hInstance, MAKEINTRESOURCE(IDI_CFG_APPLIED),
-                              IMAGE_ICON, GetSystemMetrics(SM_CXSMICON), 
+                              IMAGE_ICON, GetSystemMetrics(SM_CXSMICON),
                               GetSystemMetrics(SM_CYSMICON), LR_DEFAULTCOLOR);
 
-            cfg_idents.idx_applied = ImageList_AddIcon(cfg_idents.hi_status, 
+            cfg_idents.idx_applied = ImageList_AddIcon(cfg_idents.hi_status,
                                                        hicon) + 1;
 
             DestroyIcon(hicon);
 
             hicon = LoadImage(khm_hInstance, MAKEINTRESOURCE(IDI_CFG_DELETED),
-                              IMAGE_ICON, GetSystemMetrics(SM_CXSMICON), 
+                              IMAGE_ICON, GetSystemMetrics(SM_CXSMICON),
                               GetSystemMetrics(SM_CYSMICON), LR_DEFAULTCOLOR);
 
-            cfg_idents.idx_deleted = ImageList_AddIcon(cfg_idents.hi_status, 
+            cfg_idents.idx_deleted = ImageList_AddIcon(cfg_idents.hi_status,
                                                        hicon) + 1;
 
             DestroyIcon(hicon);
@@ -1508,7 +1508,7 @@ khm_cfg_id_tab_proc(HWND hwnd,
                         *cont = FALSE;
                 } else {
                     khui_cfg_set_flags_inst(idata, KHUI_CNFLAG_APPLIED,
-                                            KHUI_CNFLAG_APPLIED | 
+                                            KHUI_CNFLAG_APPLIED |
                                             KHUI_CNFLAG_MODIFIED);
                 }
                 break;
diff --git a/src/windows/identity/ui/cfg_notif_wnd.c b/src/windows/identity/ui/cfg_notif_wnd.c
index 846d41714..5bb2d6667 100644
--- a/src/windows/identity/ui/cfg_notif_wnd.c
+++ b/src/windows/identity/ui/cfg_notif_wnd.c
@@ -43,7 +43,7 @@ typedef struct tag_notif_data {
     khui_tracker tc_warn2;
 } notif_data;
 
-static void 
+static void
 read_params(notif_data * d) {
     khm_handle csp_cw;
     khm_int32 rv;
@@ -118,7 +118,7 @@ check_for_modification(notif_data * d) {
         d->tc_warn1.current != t.tc_warn1.current ||
         d->tc_warn2.current != t.tc_warn2.current) {
 
-        khui_cfg_set_flags(d->node, 
+        khui_cfg_set_flags(d->node,
                            KHUI_CNFLAG_MODIFIED,
                            KHUI_CNFLAG_MODIFIED);
 
@@ -160,15 +160,15 @@ write_params(notif_data * d) {
     assert(KHM_SUCCEEDED(rv));
 
 
-    rv = khc_write_int32(csp_cw, L"AutoRenewThreshold", 
+    rv = khc_write_int32(csp_cw, L"AutoRenewThreshold",
                          (khm_int32) d->tc_renew.current);
     assert(KHM_SUCCEEDED(rv));
 
-    rv = khc_write_int32(csp_cw, L"WarnThreshold", 
+    rv = khc_write_int32(csp_cw, L"WarnThreshold",
                          (khm_int32) d->tc_warn1.current);
     assert(KHM_SUCCEEDED(rv));
 
-    rv = khc_write_int32(csp_cw, L"CriticalThreshold", 
+    rv = khc_write_int32(csp_cw, L"CriticalThreshold",
                          (khm_int32) d->tc_warn2.current);
     assert(KHM_SUCCEEDED(rv));
 
@@ -183,15 +183,15 @@ write_params(notif_data * d) {
 
 static void
 refresh_view(HWND hwnd, notif_data * d) {
-    CheckDlgButton(hwnd, IDC_NOTIF_MONITOR, 
+    CheckDlgButton(hwnd, IDC_NOTIF_MONITOR,
                    (d->monitor?BST_CHECKED:BST_UNCHECKED));
-    CheckDlgButton(hwnd, IDC_NOTIF_RENEW, 
+    CheckDlgButton(hwnd, IDC_NOTIF_RENEW,
                    (d->renew?BST_CHECKED:BST_UNCHECKED));
     CheckDlgButton(hwnd, IDC_NOTIF_HALFLIFE,
                    (d->halflife?BST_CHECKED:BST_UNCHECKED));
-    CheckDlgButton(hwnd, IDC_NOTIF_WARN1, 
+    CheckDlgButton(hwnd, IDC_NOTIF_WARN1,
                    (d->warn1?BST_CHECKED:BST_UNCHECKED));
-    CheckDlgButton(hwnd, IDC_NOTIF_WARN2, 
+    CheckDlgButton(hwnd, IDC_NOTIF_WARN2,
                    (d->warn2?BST_CHECKED:BST_UNCHECKED));
     khui_tracker_refresh(&d->tc_renew);
     khui_tracker_refresh(&d->tc_warn1);
diff --git a/src/windows/identity/ui/cfg_plugins_wnd.c b/src/windows/identity/ui/cfg_plugins_wnd.c
index f0789e8d0..dc26f097b 100644
--- a/src/windows/identity/ui/cfg_plugins_wnd.c
+++ b/src/windows/identity/ui/cfg_plugins_wnd.c
@@ -61,7 +61,7 @@ void update_dialog_fields(HWND hwnd,
         StringCbPrintf(buf, sizeof(buf), fmt, info->plugin.reg.name);
         SetDlgItemText(hwnd, IDC_CFG_DESC, buf);
     }
-    
+
     switch(info->plugin.state) {
     case KMM_PLUGIN_STATE_FAIL_INIT:
         resid = IDS_PISTATE_FAILINIT;
@@ -369,7 +369,7 @@ khm_cfg_plugins_proc(HWND hwnd,
             LPNMHDR lpnm;
             HWND hw;
 
-            d = (plugin_dlg_data *) (LONG_PTR) 
+            d = (plugin_dlg_data *) (LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
             if (d == NULL)
                 return FALSE;
@@ -393,7 +393,7 @@ khm_cfg_plugins_proc(HWND hwnd,
                     EnableWindow(GetDlgItem(hwnd, IDC_CFG_ENABLE), FALSE);
                     EnableWindow(GetDlgItem(hwnd, IDC_CFG_DISABLE), FALSE);
                     EnableWindow(GetDlgItem(hwnd, IDC_CFG_UNREGISTER), FALSE);
-                    SendDlgItemMessage(hwnd, IDC_CFG_DEPS, 
+                    SendDlgItemMessage(hwnd, IDC_CFG_DEPS,
                                        LB_RESETCONTENT, 0, 0);
                     SendDlgItemMessage(hwnd, IDC_CFG_ICON, STM_SETICON,
                                        (WPARAM) d->plugin_ico, 0);
@@ -615,7 +615,7 @@ khm_cfg_plugins_proc(HWND hwnd,
 
             case MAKEWPARAM(IDC_CFG_REGISTER, BN_CLICKED):
                 {
-                    
+
                 }
                 break;
             }
@@ -626,7 +626,7 @@ khm_cfg_plugins_proc(HWND hwnd,
         {
             khm_size i;
 
-            d = (plugin_dlg_data *) (LONG_PTR) 
+            d = (plugin_dlg_data *) (LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
 #ifdef DEBUG
             assert(d);
diff --git a/src/windows/identity/ui/configwnd.c b/src/windows/identity/ui/configwnd.c
index f97dc6a4e..cf3cdfdd0 100644
--- a/src/windows/identity/ui/configwnd.c
+++ b/src/windows/identity/ui/configwnd.c
@@ -45,7 +45,7 @@ typedef struct tag_cfgui_wnd_data {
 
 static cfgui_wnd_data *
 cfgui_get_wnd_data(HWND hwnd) {
-    return (cfgui_wnd_data *)(LONG_PTR) 
+    return (cfgui_wnd_data *)(LONG_PTR)
         GetWindowLongPtr(hwnd, DWLP_USER);
 }
 
@@ -132,7 +132,7 @@ cfgui_add_node(cfgui_wnd_data * d,
     }
 }
 
-static void 
+static void
 cfgui_initialize_dialog(HWND hwnd) {
     cfgui_wnd_data * d;
     HWND hwtv;
@@ -147,7 +147,7 @@ cfgui_initialize_dialog(HWND hwnd) {
 
     /* create and fill the image list for the treeview */
 
-    d->hi_status = ImageList_Create(GetSystemMetrics(SM_CXSMICON), GetSystemMetrics(SM_CYSMICON), 
+    d->hi_status = ImageList_Create(GetSystemMetrics(SM_CXSMICON), GetSystemMetrics(SM_CYSMICON),
                                     ILC_COLOR8 | ILC_MASK,
                                     4,4);
 
@@ -184,8 +184,8 @@ cfgui_initialize_dialog(HWND hwnd) {
     cfgui_add_node(d, hwtv, NULL, NULL, FALSE);
 
     hdc = GetDC(hwnd);
-    hf = CreateFont(-MulDiv(12, 
-                            GetDeviceCaps(hdc, LOGPIXELSY), 
+    hf = CreateFont(-MulDiv(12,
+                            GetDeviceCaps(hdc, LOGPIXELSY),
                             72),
                     0,          /* nWidth */
                     0,          /* nEscapement */
@@ -633,7 +633,7 @@ cfgui_sync_node_list(cfgui_wnd_data * d, HWND hwnd) {
 }
 
 static void
-cfgui_update_state(HWND hwnd, 
+cfgui_update_state(HWND hwnd,
                    khm_int32 flags,
                    khui_config_node node) {
     cfgui_wnd_data * d;
@@ -739,7 +739,7 @@ cfgui_dlgproc_generic(HWND hwnd,
     return FALSE;
 }
 
-static INT_PTR CALLBACK 
+static INT_PTR CALLBACK
 cfgui_dlgproc(HWND hwnd,
               UINT uMsg,
               WPARAM wParam,
@@ -761,7 +761,7 @@ cfgui_dlgproc(HWND hwnd,
 
         d->hbr_white = CreateSolidBrush(RGB(255,255,255));
 
-        d->hw_generic_pane = 
+        d->hw_generic_pane =
             CreateDialogParam(khm_hInstance,
                               MAKEINTRESOURCE(IDD_CFG_GENERIC),
                               hwnd,
@@ -825,7 +825,7 @@ cfgui_dlgproc(HWND hwnd,
             case TVN_SELCHANGED:
                 lptv = (LPNMTREEVIEW) lParam;
                 cfgui_activate_node(hwnd,
-                                    (khui_config_node) 
+                                    (khui_config_node)
                                     lptv->itemNew.lParam);
                 return TRUE;
 
@@ -893,7 +893,7 @@ cfgui_dlgproc(HWND hwnd,
             break;
 
         case WMCFG_UPDATE_STATE:
-            cfgui_update_state(hwnd, LOWORD(wParam), 
+            cfgui_update_state(hwnd, LOWORD(wParam),
                                (khui_config_node) lParam);
             break;
 
@@ -912,7 +912,7 @@ cfgui_dlgproc(HWND hwnd,
     return FALSE;
 }
 
-static void 
+static void
 cfgui_create_window(khui_config_node node) {
 #ifdef DEBUG
     assert(cfgui_hwnd == NULL);
@@ -931,14 +931,14 @@ cfgui_create_window(khui_config_node node) {
     ShowWindow(cfgui_hwnd,SW_SHOW);
 }
 
-static void 
+static void
 cfgui_destroy_window(void) {
     if (cfgui_hwnd)
         DestroyWindow(cfgui_hwnd);
     /* cfgui_hwnd will be set to NULL in the dialog proc */
 }
 
-void 
+void
 khm_show_config_pane(khui_config_node node) {
     if (cfgui_hwnd != NULL) {
         SendMessage(cfgui_hwnd, KHUI_WM_CFG_NOTIFY,
diff --git a/src/windows/identity/ui/configwnd.h b/src/windows/identity/ui/configwnd.h
index 712805fc1..c1bacb21c 100644
--- a/src/windows/identity/ui/configwnd.h
+++ b/src/windows/identity/ui/configwnd.h
@@ -29,7 +29,7 @@
 
 #define CFGACTION_MAGIC 0x38f8
 
-void 
+void
 khm_show_config_pane(khui_config_node node);
 
 void khm_init_config(void);
diff --git a/src/windows/identity/ui/credfuncs.c b/src/windows/identity/ui/credfuncs.c
index c8b6727b8..af0386313 100644
--- a/src/windows/identity/ui/credfuncs.c
+++ b/src/windows/identity/ui/credfuncs.c
@@ -58,7 +58,7 @@ dialog_sync_init(void) {
     }
 }
 
-BOOL 
+BOOL
 khm_cred_begin_dialog(void) {
     BOOL rv;
 
@@ -97,7 +97,7 @@ khm_cred_begin_dialog(void) {
     return rv;
 }
 
-void 
+void
 khm_cred_end_dialog(khui_new_creds * nc) {
     dialog_sync_init();
 
@@ -185,7 +185,7 @@ khm_cred_wait_for_dialog(DWORD timeout, khm_int32 * result,
    credentials operation is triggered, each successive message
    completion notification will be used to dispatch the messages for
    the next step in processing the operation. */
-void KHMAPI 
+void KHMAPI
 kmsg_cred_completion(kmq_message *m)
 {
     khui_new_creds * nc;
@@ -203,7 +203,7 @@ kmsg_cred_completion(kmq_message *m)
     case KMSG_CRED_NEW_CREDS:
         /* Cred types have attached themselves.  Trigger the next
            phase. */
-        kmq_post_message(KMSG_CRED, KMSG_CRED_DIALOG_SETUP, 0, 
+        kmq_post_message(KMSG_CRED, KMSG_CRED_DIALOG_SETUP, 0,
                          m->vparam);
         break;
 
@@ -220,17 +220,17 @@ kmsg_cred_completion(kmq_message *m)
         nc = (khui_new_creds *) m->vparam;
 
         khm_prep_newcredwnd(nc->hwnd);
-            
+
         /* all the controls have been created.  Now initialize them */
         if (nc->n_types > 0) {
-            kmq_post_subs_msg(nc->type_subs, 
-                              nc->n_types, 
-                              KMSG_CRED, 
-                              KMSG_CRED_DIALOG_PRESTART, 
-                              0, 
+            kmq_post_subs_msg(nc->type_subs,
+                              nc->n_types,
+                              KMSG_CRED,
+                              KMSG_CRED_DIALOG_PRESTART,
+                              0,
                               m->vparam);
         } else {
-            PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY, 
+            PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY,
                         MAKEWPARAM(0, WMNC_DIALOG_PROCESS_COMPLETE), 0);
         }
         break;
@@ -239,12 +239,12 @@ kmsg_cred_completion(kmq_message *m)
         /* all prestart stuff is done.  Now to activate the dialog */
         nc = (khui_new_creds *) m->vparam;
         khm_show_newcredwnd(nc->hwnd);
-        
+
         kmq_post_subs_msg(nc->type_subs,
                           nc->n_types,
-                          KMSG_CRED, 
-                          KMSG_CRED_DIALOG_START, 
-                          0, 
+                          KMSG_CRED,
+                          KMSG_CRED_DIALOG_START,
+                          0,
                           m->vparam);
         /* at this point, the dialog window takes over.  We let it run
            the show until KMSG_CRED_DIALOG_END is posted by the dialog
@@ -418,10 +418,10 @@ kmsg_cred_completion(kmq_message *m)
         done_with_op:
 
             if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
-                kmq_post_message(KMSG_CRED, KMSG_CRED_END, 0, 
+                kmq_post_message(KMSG_CRED, KMSG_CRED_END, 0,
                                  m->vparam);
             } else {
-                PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY, 
+                PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY,
                             MAKEWPARAM(0, WMNC_DIALOG_PROCESS_COMPLETE),
                             0);
             }
@@ -471,12 +471,12 @@ kmsg_cred_completion(kmq_message *m)
     case KMSG_CRED_PP_BEGIN:
         /* all the pages should have been added by now.  Just send out
            the precreate message */
-        kmq_post_message(KMSG_CRED, KMSG_CRED_PP_PRECREATE, 0, 
+        kmq_post_message(KMSG_CRED, KMSG_CRED_PP_PRECREATE, 0,
                          m->vparam);
         break;
 
     case KMSG_CRED_PP_END:
-        kmq_post_message(KMSG_CRED, KMSG_CRED_PP_DESTROY, 0, 
+        kmq_post_message(KMSG_CRED, KMSG_CRED_PP_DESTROY, 0,
                          m->vparam);
         break;
 
@@ -577,18 +577,18 @@ void khm_cred_destroy_creds(khm_boolean sync, khm_boolean quiet)
         wchar_t title[256];
         wchar_t message[256];
 
-        LoadString(khm_hInstance, 
-                   IDS_ALERT_NOSEL_TITLE, 
-                   title, 
+        LoadString(khm_hInstance,
+                   IDS_ALERT_NOSEL_TITLE,
+                   title,
                    ARRAYLENGTH(title));
 
-        LoadString(khm_hInstance, 
-                   IDS_ALERT_NOSEL, 
-                   message, 
+        LoadString(khm_hInstance,
+                   IDS_ALERT_NOSEL,
+                   message,
                    ARRAYLENGTH(message));
 
-        khui_alert_show_simple(title, 
-                               message, 
+        khui_alert_show_simple(title,
+                               message,
                                KHERR_WARNING);
 
         khui_context_release(pctx);
@@ -964,7 +964,7 @@ void khm_cred_obtain_new_creds(wchar_t * title)
         _report_sr0(KHERR_NONE, IDS_CTX_NEW_CREDS);
         _describe();
 
-        kmq_post_message(KMSG_CRED, KMSG_CRED_NEW_CREDS, 0, 
+        kmq_post_message(KMSG_CRED, KMSG_CRED_NEW_CREDS, 0,
                          (void *) nc);
 
         _end_task();
@@ -979,7 +979,7 @@ void khm_cred_obtain_new_creds(wchar_t * title)
 /* this is called by khm_cred_dispatch_process_message and the
    kmsg_cred_completion to initiate and continue checked broadcasts of
    KMSG_CRED_DIALOG_PROCESS messages.
-   
+
    Returns TRUE if more KMSG_CRED_DIALOG_PROCESS messages were
    posted. */
 BOOL khm_cred_dispatch_process_level(khui_new_creds *nc)
@@ -1040,7 +1040,7 @@ BOOL khm_cred_dispatch_process_level(khui_new_creds *nc)
     return cont;
 }
 
-void 
+void
 khm_cred_dispatch_process_message(khui_new_creds *nc)
 {
     khm_size i;
@@ -1085,7 +1085,7 @@ khm_cred_dispatch_process_message(khui_new_creds *nc)
             kcdb_identity_get_name(nc->ctx.identity, wsinsert, &cbsize);
         else if (nc->ctx.scope == KHUI_SCOPE_CREDTYPE) {
             if (nc->ctx.identity != NULL)
-                kcdb_identity_get_name(nc->ctx.identity, wsinsert, 
+                kcdb_identity_get_name(nc->ctx.identity, wsinsert,
                                        &cbsize);
             else
                 kcdb_credtype_get_name(nc->ctx.cred_type, wsinsert,
@@ -1096,7 +1096,7 @@ khm_cred_dispatch_process_message(khui_new_creds *nc)
             StringCbCopy(wsinsert, sizeof(wsinsert), L"(?)");
         }
 
-        _report_sr1(KHERR_NONE, IDS_CTX_PROC_RENEW_CREDS, 
+        _report_sr1(KHERR_NONE, IDS_CTX_PROC_RENEW_CREDS,
                     _cstr(wsinsert));
         _resolve();
     } else if (nc->subtype == KMSG_CRED_PASSWORD) {
@@ -1125,7 +1125,7 @@ khm_cred_dispatch_process_message(khui_new_creds *nc)
     if (nc->subtype == KMSG_CRED_RENEW_CREDS)
         kmq_post_message(KMSG_CRED, KMSG_CRED_END, 0, (void *) nc);
     else
-        PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY, 
+        PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY,
                     MAKEWPARAM(0, WMNC_DIALOG_PROCESS_COMPLETE), 0);
 }
 
diff --git a/src/windows/identity/ui/credfuncs.h b/src/windows/identity/ui/credfuncs.h
index 9bc289089..051679647 100644
--- a/src/windows/identity/ui/credfuncs.h
+++ b/src/windows/identity/ui/credfuncs.h
@@ -28,10 +28,10 @@
 #ifndef __KHIMAIRA_CREDFUNCS_H
 #define __KHIMAIRA_CREDFUNCS_H
 
-void KHMAPI 
+void KHMAPI
 kmsg_cred_completion(kmq_message *m);
 
-void 
+void
 khm_cred_destroy_creds(khm_boolean sync,
                        khm_boolean quiet);
 
@@ -41,33 +41,33 @@ khm_cred_destroy_identity(khm_handle identity);
 void
 khm_cred_renew_all_identities(void);
 
-void 
+void
 khm_cred_renew_identity(khm_handle identity);
 
-void 
+void
 khm_cred_renew_cred(khm_handle cred);
 
-void 
+void
 khm_cred_renew_creds(void);
 
-void 
+void
 khm_cred_obtain_new_creds(wchar_t * window_title);
 
 void
 khm_cred_obtain_new_creds_for_ident(khm_handle ident, wchar_t * title);
 
-void 
+void
 khm_cred_set_default(void);
 
 void khm_cred_set_default_identity(khm_handle identity);
 
-void 
+void
 khm_cred_change_password(wchar_t * window_title);
 
-void 
+void
 khm_cred_dispatch_process_message(khui_new_creds *nc);
 
-BOOL 
+BOOL
 khm_cred_dispatch_process_level(khui_new_creds *nc);
 
 BOOL
diff --git a/src/windows/identity/ui/credwnd.c b/src/windows/identity/ui/credwnd.c
index c5eb0d147..f7d7ca15e 100644
--- a/src/windows/identity/ui/credwnd.c
+++ b/src/windows/identity/ui/credwnd.c
@@ -38,16 +38,16 @@ khm_int32 attr_to_action[KCDB_ATTR_MAX_ID + 1];
 static void
 cw_select_row_creds(khui_credwnd_tbl * tbl, int row, int selected);
 
-static void 
+static void
 cw_set_row_context(khui_credwnd_tbl * tbl, int row);
 
 static void
 cw_update_outline(khui_credwnd_tbl * tbl);
 
-static void 
+static void
 cw_update_selection_state(khui_credwnd_tbl * tbl);
 
-static void 
+static void
 cw_select_row(khui_credwnd_tbl * tbl, int row, WPARAM wParam);
 
 
@@ -273,7 +273,7 @@ cw_refresh_attribs(HWND hwnd) {
     }
 }
 
-khm_int32 
+khm_int32
 cw_get_custom_attr_id(wchar_t * s)
 {
     if(!wcscmp(s, CW_CANAME_FLAGS))
@@ -481,7 +481,7 @@ cw_get_theme_color(khm_handle hc, const wchar_t * name, COLORREF ref_color) {
     return cw_mix_colors(ref_color, c, alpha);
 }
 
-void 
+void
 cw_load_view(khui_credwnd_tbl * tbl, wchar_t * view, HWND hwnd) {
     khm_handle hc_cw = NULL;
     khm_handle hc_vs = NULL;
@@ -779,7 +779,7 @@ _skip_col:
         } else {
 #ifdef DEBUG
             assert(FALSE);
-#endif            
+#endif
         }
 
         if (hc_theme)
@@ -1001,7 +1001,7 @@ cw_credset_iter_func(khm_handle cred, void * rock) {
     return KHM_ERROR_SUCCESS;
 }
 
-void 
+void
 cw_update_creds(khui_credwnd_tbl * tbl)
 {
     kcdb_cred_comp_field * fields;
@@ -1043,8 +1043,8 @@ cw_update_creds(khui_credwnd_tbl * tbl)
             if(si < 0 || si >= (int) tbl->n_cols)
             {
                 /* this shouldn't happen */
-                tbl->cols[i].flags &= ~(KHUI_CW_COL_SORT_INC | 
-                                        KHUI_CW_COL_SORT_DEC | 
+                tbl->cols[i].flags &= ~(KHUI_CW_COL_SORT_INC |
+                                        KHUI_CW_COL_SORT_DEC |
                                         KHUI_CW_COL_GROUP);
                 continue;
             }
@@ -1077,8 +1077,8 @@ cw_update_creds(khui_credwnd_tbl * tbl)
     comp_order.nFields = n;
     comp_order.fields = fields;
 
-    kcdb_credset_sort(tbl->credset, 
-                      kcdb_cred_comp_generic, 
+    kcdb_credset_sort(tbl->credset,
+                      kcdb_cred_comp_generic,
                       (void *) &comp_order);
 
     /* also, if new credentials were added, initialize the UI flag
@@ -1091,7 +1091,7 @@ cw_update_creds(khui_credwnd_tbl * tbl)
             if(KHM_FAILED(kcdb_credset_get_cred(tbl->credset,
                                                 (khm_int32) i, &hc)))
                 continue; /* lost a race */
-            if(KHM_FAILED(kcdb_cred_get_attr(hc, khui_cw_flag_id, NULL, 
+            if(KHM_FAILED(kcdb_cred_get_attr(hc, khui_cw_flag_id, NULL,
                                              NULL, NULL))) {
                 flags = 0;
                 kcdb_cred_set_attr(hc, khui_cw_flag_id, &flags, sizeof(flags));
@@ -1116,7 +1116,7 @@ cw_update_creds(khui_credwnd_tbl * tbl)
         PFREE(fields);
 }
 
-void 
+void
 cw_del_outline(khui_credwnd_outline *o) {
     khui_credwnd_outline * c;
     if(!o)
@@ -1147,14 +1147,14 @@ cw_del_outline(khui_credwnd_outline *o) {
     PFREE(o);
 }
 
-khui_credwnd_outline * 
+khui_credwnd_outline *
 cw_new_outline_node(wchar_t * heading) {
     khui_credwnd_outline * o;
     size_t cblen;
 
     o = PMALLOC(sizeof(khui_credwnd_outline));
     ZeroMemory(o, sizeof(khui_credwnd_outline));
-    
+
     if(SUCCEEDED(StringCbLength(heading, KHUI_MAXCB_HEADING, &cblen))) {
         cblen += sizeof(wchar_t);
         o->header = PMALLOC(cblen);
@@ -1167,7 +1167,7 @@ cw_new_outline_node(wchar_t * heading) {
 
 /* buf is a handle to a credential or an identity.  the kcdb_buf_*
    functions work with either. */
-khm_int32 
+khm_int32
 cw_get_buf_exp_flags(khui_credwnd_tbl * tbl, khm_handle buf)
 {
     khm_int32 flags;
@@ -1200,7 +1200,7 @@ cw_get_buf_exp_flags(khui_credwnd_tbl * tbl, khm_handle buf)
     return flags;
 }
 
-VOID CALLBACK 
+VOID CALLBACK
 cw_timer_proc(HWND hwnd,
               UINT uMsg,
               UINT_PTR idEvent,
@@ -1320,10 +1320,10 @@ cw_timer_proc(HWND hwnd,
     }
 }
 
-void 
-cw_set_tbl_row_cred(khui_credwnd_tbl * tbl, 
-                    int row, 
-                    khm_handle cred, 
+void
+cw_set_tbl_row_cred(khui_credwnd_tbl * tbl,
+                    int row,
+                    khm_handle cred,
                     int col)
 {
     FILETIME ft;
@@ -1358,9 +1358,9 @@ cw_set_tbl_row_cred(khui_credwnd_tbl * tbl,
     }
 }
 
-void 
-cw_set_tbl_row_header(khui_credwnd_tbl * tbl, 
-                      int row, int col, 
+void
+cw_set_tbl_row_header(khui_credwnd_tbl * tbl,
+                      int row, int col,
                       khui_credwnd_outline * o)
 {
     if((int) tbl->n_total_rows <= row) {
@@ -1415,7 +1415,7 @@ cw_set_tbl_row_header(khui_credwnd_tbl * tbl,
     }
 }
 
-static int 
+static int
 iwcscmp(const void * p1, const void * p2) {
     const wchar_t * s1 = *(wchar_t **) p1;
     const wchar_t * s2 = *(wchar_t **) p2;
@@ -1425,7 +1425,7 @@ iwcscmp(const void * p1, const void * p2) {
 
 #define MAX_GROUPING 256
 
-static void 
+static void
 cw_update_outline(khui_credwnd_tbl * tbl)
 {
     int i,j,n_rows;
@@ -1511,7 +1511,7 @@ cw_update_outline(khui_credwnd_tbl * tbl)
         tbl->rows = PMALLOC(sizeof(khui_credwnd_row) * tbl->n_total_rows);
     } else {
         /* kill any pending timers */
-        for(i=0; i < (int) tbl->n_rows; i++) 
+        for(i=0; i < (int) tbl->n_rows; i++)
             if(tbl->rows[i].flags & KHUI_CW_ROW_TIMERSET) {
                 KillTimer(tbl->hwnd, (UINT_PTR) &(tbl->rows[i]));
                 tbl->rows[i].flags &= ~KHUI_CW_ROW_TIMERSET;
@@ -1577,7 +1577,7 @@ cw_update_outline(khui_credwnd_tbl * tbl)
         }
 
         if(ol) {
-            visible = (ol->flags & KHUI_CW_O_VISIBLE) && 
+            visible = (ol->flags & KHUI_CW_O_VISIBLE) &&
                 (ol->flags & KHUI_CW_O_EXPAND);
             selected = !!(ol->flags & KHUI_CW_O_SELECTED);
         } else {
@@ -1595,8 +1595,8 @@ cw_update_outline(khui_credwnd_tbl * tbl)
             cbbuf = sizeof(buf);
             buf[0] = L'\0';
             if(KHM_FAILED
-               (kcdb_cred_get_attr_string(thiscred, 
-                                          tbl->cols[grouping[j]].attr_id, 
+               (kcdb_cred_get_attr_string(thiscred,
+                                          tbl->cols[grouping[j]].attr_id,
                                           buf, &cbbuf, 0))) {
                 cbbuf = sizeof(wchar_t);
                 buf[0] = L'\0';
@@ -1642,7 +1642,7 @@ cw_update_outline(khui_credwnd_tbl * tbl)
                     }
                     else
                         ol->data = 0;
-                } else if(tbl->cols[grouping[j]].attr_id == 
+                } else if(tbl->cols[grouping[j]].attr_id ==
                           KCDB_ATTR_TYPE_NAME) {
                     khm_int32 t;
 
@@ -1656,7 +1656,7 @@ cw_update_outline(khui_credwnd_tbl * tbl)
                     khm_int32 alt_id;
                     kcdb_attrib * attrib;
 
-                    rv = 
+                    rv =
                         kcdb_attrib_get_info(tbl->cols[grouping[j]].attr_id,
                                              &attrib);
                     assert(KHM_SUCCEEDED(rv));
@@ -1753,7 +1753,7 @@ cw_update_outline(khui_credwnd_tbl * tbl)
            grouping[n_grouping - 1] < tbl->n_cols - 1) {
             khm_int32 c_flags;
 
-            cw_set_tbl_row_cred(tbl, n_rows, thiscred, 
+            cw_set_tbl_row_cred(tbl, n_rows, thiscred,
                                 grouping[n_grouping-1]);
 
             flags = cw_get_buf_exp_flags(tbl, thiscred);
@@ -1800,7 +1800,7 @@ cw_update_outline(khui_credwnd_tbl * tbl)
 
     /* Add any default identities with no credentials and sticky
        identities that we haven't seen yet */
-    if (n_grouping > 0 && 
+    if (n_grouping > 0 &&
         tbl->cols[grouping[0]].attr_id == KCDB_ATTR_ID_NAME) {
 
         khui_credwnd_outline * o;
@@ -1916,7 +1916,7 @@ cw_update_outline(khui_credwnd_tbl * tbl)
             khm_int32 f_sticky;
             khm_int32 flags;
 
-            if (KHM_FAILED(kcdb_identity_create(idarray[i], 
+            if (KHM_FAILED(kcdb_identity_create(idarray[i],
                                                 KCDB_IDENT_FLAG_CREATE, &h)))
                 continue;
 
@@ -2022,7 +2022,7 @@ _exit:
     }
 }
 
-void 
+void
 cw_unload_view(khui_credwnd_tbl * tbl)
 {
 #define SafeDeleteObject(o) \
@@ -2126,7 +2126,7 @@ cw_unload_view(khui_credwnd_tbl * tbl)
     }
 }
 
-void 
+void
 cw_hditem_from_tbl_col(khui_credwnd_col * col, HDITEM *phi)
 {
     size_t cchsize;
@@ -2205,8 +2205,8 @@ cw_update_header_column_width(khui_credwnd_tbl * tbl, int c) {
 }
 
 /* returns a bitmask indicating which measures were changed */
-int 
-cw_update_extents(khui_credwnd_tbl * tbl, 
+int
+cw_update_extents(khui_credwnd_tbl * tbl,
                   khm_boolean update_scroll) {
     int ext_x = 0;
     int ext_y = 0;
@@ -2356,12 +2356,12 @@ cw_update_extents(khui_credwnd_tbl * tbl,
             tbl->header_height = pw.cy;
 
         SetWindowPos(
-            tbl->hwnd_header, 
-            pw.hwndInsertAfter, 
-            pw.x, 
-            pw.y, 
-            pw.cx, 
-            pw.cy, 
+            tbl->hwnd_header,
+            pw.hwndInsertAfter,
+            pw.x,
+            pw.y,
+            pw.cx,
+            pw.cy,
             pw.flags);
 
         si.cbSize = sizeof(si);
@@ -2384,14 +2384,14 @@ cw_update_extents(khui_credwnd_tbl * tbl,
     return 0;
 }
 
-void 
+void
 cw_insert_header_cols(khui_credwnd_tbl * tbl) {
     HWND hdr;
     HDITEM hi;
     int i;
 
     hdr = tbl->hwnd_header;
-    
+
     for(i=0; i < (int) tbl->n_cols; i++) {
         cw_hditem_from_tbl_col(&(tbl->cols[i]), &hi);
         Header_InsertItem(hdr, 512, &hi);
@@ -2404,11 +2404,11 @@ cw_insert_header_cols(khui_credwnd_tbl * tbl) {
 
 #pragma warning(push)
 #pragma warning(disable: 4701)
-void 
-cw_erase_rect(HDC hdc, 
-              khui_credwnd_tbl * tbl, 
-              RECT * r_wnd, 
-              RECT * r_erase, 
+void
+cw_erase_rect(HDC hdc,
+              khui_credwnd_tbl * tbl,
+              RECT * r_wnd,
+              RECT * r_erase,
               int type)
 {
     RECT rlogo;
@@ -2452,10 +2452,10 @@ cw_erase_rect(HDC hdc,
     } else {
 	HDC hdcb = CreateCompatibleDC(hdc);
         HBITMAP hbmold = SelectObject(hdcb, tbl->kbm_logo_shade.hbmp);
-        
+
         BitBlt(hdc, ri.left, ri.top, ri.right - ri.left, ri.bottom - ri.top,
                hdcb, ri.left - rlogo.left, ri.top - rlogo.top, SRCCOPY);
-            
+
         SelectObject(hdcb, hbmold);
         DeleteDC(hdcb);
 
@@ -2486,10 +2486,10 @@ cw_erase_rect(HDC hdc,
 }
 #pragma warning(pop)
 
-void 
-cw_draw_header(HDC hdc, 
-               khui_credwnd_tbl * tbl, 
-               int row, 
+void
+cw_draw_header(HDC hdc,
+               khui_credwnd_tbl * tbl,
+               int row,
                RECT * r)
 {
     int colattr;
@@ -2502,7 +2502,7 @@ cw_draw_header(HDC hdc,
 
     /* each header consists of a couple of widgets and some text */
     /* we need to figure out the background color first */
-    
+
     cr = &(tbl->rows[row]);
     o = (khui_credwnd_outline *) cr->data;
 
@@ -2528,7 +2528,7 @@ cw_draw_header(HDC hdc,
             else if ((o->flags & CW_EXPSTATE_MASK) == CW_EXPSTATE_WARN)
                 hbr = tbl->hb_hdr_bg_warn_s;
             else if ((colattr == KCDB_ATTR_ID_NAME) && !(o->flags & KHUI_CW_O_EMPTY) &&
-                     cwi && cwi->id_credcount > 0) 
+                     cwi && cwi->id_credcount > 0)
                 hbr = tbl->hb_hdr_bg_cred_s;
             else
                 hbr = tbl->hb_hdr_bg_s;
@@ -2559,7 +2559,7 @@ cw_draw_header(HDC hdc,
 
     if (!(o->flags & KHUI_CW_O_NOOUTLINE) &&
         !(o->flags & KHUI_CW_O_EMPTY)) {
-        if((tbl->mouse_state & CW_MOUSE_WOUTLINE) && 
+        if((tbl->mouse_state & CW_MOUSE_WOUTLINE) &&
            tbl->mouse_row == row) {
             if(o->flags & KHUI_CW_O_EXPAND) {
                 khui_ilist_draw_id(tbl->ilist, IDB_WDG_EXPAND_HI,
@@ -2616,11 +2616,11 @@ cw_draw_header(HDC hdc,
             r->left += cx + KHUI_SMICON_CX / 2;
 
         } else {
-            khui_ilist_draw_id(tbl->ilist, 
+            khui_ilist_draw_id(tbl->ilist,
                                (((o->flags & KHUI_CW_O_EMPTY) ||
                                  cwi == NULL || cwi->id_credcount == 0)?
                                 IDB_ID_DIS_SM:
-                                IDB_ID_SM), 
+                                IDB_ID_SM),
                                hdc,
                                r->left,
                                (r->top + r->bottom - KHUI_SMICON_CY) / 2, 0);
@@ -2653,7 +2653,7 @@ cw_draw_header(HDC hdc,
 
             r->left += size.cx + KHUI_SMICON_CX * 2;
 
-            TextOut(hdc, r->left, r->bottom - tbl->vpad, 
+            TextOut(hdc, r->left, r->bottom - tbl->vpad,
                     defstr, (int) wcslen(defstr));
         }
     } else {
@@ -2782,7 +2782,7 @@ cw_draw_header(HDC hdc,
     }
 }
 
-LRESULT 
+LRESULT
 cw_handle_header_msg(khui_credwnd_tbl * tbl, LPNMHEADER ph) {
     HDITEM hi;
 
@@ -2862,7 +2862,7 @@ cw_handle_header_msg(khui_credwnd_tbl * tbl, LPNMHEADER ph) {
 
             if (drag_end_index <= i)
                 return TRUE;
- 
+
             tcol = tbl->cols[drag_start_index];
             if (drag_end_index < drag_start_index) {
                 MoveMemory(&tbl->cols[drag_end_index + 1],
@@ -3118,7 +3118,7 @@ cw_handle_header_msg(khui_credwnd_tbl * tbl, LPNMHEADER ph) {
     return 0;
 }
 
-LRESULT 
+LRESULT
 cw_wm_create(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     khui_credwnd_tbl * tbl;
@@ -3174,12 +3174,12 @@ cw_wm_create(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
         Header_Layout(tbl->hwnd_header, &hdl);
 
         SetWindowPos(
-            tbl->hwnd_header, 
-            pw.hwndInsertAfter, 
-            pw.x, 
-            pw.y, 
-            pw.cx, 
-            pw.cy, 
+            tbl->hwnd_header,
+            pw.hwndInsertAfter,
+            pw.x,
+            pw.y,
+            pw.cx,
+            pw.cy,
             pw.flags | SWP_SHOWWINDOW);
     }
 
@@ -3209,7 +3209,7 @@ cw_wm_destroy(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 }
 
 /* handles WM_PAINT and WM_PRINTCLIENT */
-LRESULT 
+LRESULT
 cw_wm_paint(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     khui_credwnd_tbl * tbl;
@@ -3488,7 +3488,7 @@ cw_wm_paint(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
     return TRUE;
 }
 
-LRESULT 
+LRESULT
 cw_wm_size(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     RECT rect;
@@ -3513,7 +3513,7 @@ cw_wm_size(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
     return DefWindowProc(hwnd, uMsg, wParam, lParam);
 }
 
-LRESULT 
+LRESULT
 cw_wm_notify(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     khui_credwnd_tbl * tbl;
@@ -3537,14 +3537,14 @@ static void cw_pp_precreate(khui_property_sheet * s);
 static void cw_pp_end(khui_property_sheet * s);
 static void cw_pp_destroy(khui_property_sheet *ps);
 
-LRESULT 
+LRESULT
 cw_kmq_wm_dispatch(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     kmq_message * m;
     khm_int32 rv = KHM_ERROR_SUCCESS;
     khui_credwnd_tbl * tbl;
 
-    tbl = (khui_credwnd_tbl *)(LONG_PTR) GetWindowLongPtr(hwnd, 0); 
+    tbl = (khui_credwnd_tbl *)(LONG_PTR) GetWindowLongPtr(hwnd, 0);
 
     kmq_wm_begin(lParam, &m);
 
@@ -3589,7 +3589,7 @@ cw_kmq_wm_dispatch(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
             InvalidateRect(hwnd, NULL, FALSE);
 
         }
-        else if (m->subtype == KMSG_KCDB_IDENT && 
+        else if (m->subtype == KMSG_KCDB_IDENT &&
                  m->uparam == KCDB_OP_NEW_DEFAULT) {
             wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
             khm_size cb;
@@ -3795,7 +3795,7 @@ cw_kmq_wm_dispatch(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
     return kmq_wm_end(m, rv);
 }
 
-static void 
+static void
 cw_select_outline_level(khui_credwnd_outline * o,
                         BOOL select)
 {
@@ -3859,7 +3859,7 @@ cw_select_row_creds(khui_credwnd_tbl * tbl, int row, int selected) {
     }
 }
 
-static void 
+static void
 cw_unselect_all(khui_credwnd_tbl * tbl)
 {
     int i;
@@ -3969,7 +3969,7 @@ cw_update_outline_selection_state(khui_credwnd_tbl * tbl,
     }
 }
 
-static void 
+static void
 cw_update_selection_state(khui_credwnd_tbl * tbl)
 {
     int i;
@@ -3990,7 +3990,7 @@ cw_update_selection_state(khui_credwnd_tbl * tbl)
 }
 
 /* Examine the current row and set the UI context */
-static void 
+static void
 cw_set_row_context(khui_credwnd_tbl * tbl, int row)
 {
     khui_credwnd_outline * o;
@@ -4094,11 +4094,11 @@ cw_set_row_context(khui_credwnd_tbl * tbl, int row)
             do {
                 headers[n_headers].attr_id =
                     o->attr_id;
-                if (tbl->cols[o->col].attr_id == 
+                if (tbl->cols[o->col].attr_id ==
                     KCDB_ATTR_ID_NAME) {
                     headers[n_headers].data = &(o->data);
                     headers[n_headers].cb_data = sizeof(khm_handle);
-                } else if (tbl->cols[o->col].attr_id == 
+                } else if (tbl->cols[o->col].attr_id ==
                            KCDB_ATTR_TYPE_NAME) {
                     headers[n_headers].data = &(o->data);
                     headers[n_headers].cb_data = sizeof(khm_int32);
@@ -4155,7 +4155,7 @@ cw_select_all(khui_credwnd_tbl * tbl)
     InvalidateRect(tbl->hwnd, NULL, FALSE);
 }
 
-static void 
+static void
 cw_select_row(khui_credwnd_tbl * tbl, int row, WPARAM wParam)
 {
     int i;
@@ -4290,7 +4290,7 @@ cw_toggle_outline_state(khui_credwnd_tbl * tbl,
 
 LRESULT cw_properties(HWND hwnd);
 
-LRESULT 
+LRESULT
 cw_wm_mouse(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     khui_credwnd_tbl * tbl;
@@ -4356,7 +4356,7 @@ cw_wm_mouse(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
             if (!(o->flags & KHUI_CW_O_NOOUTLINE)) {
                 if(x >= 0 && x < KHUI_SMICON_CX) /* hit */ {
                     nm_state |= CW_MOUSE_WOUTLINE | CW_MOUSE_WIDGET;
-                } else if (tbl->cols[tbl->rows[row].col].attr_id == 
+                } else if (tbl->cols[tbl->rows[row].col].attr_id ==
                            KCDB_ATTR_ID_NAME &&
                            col == tbl->rows[row].col &&
                            x >= KHUI_SMICON_CX * 3 / 2 &&
@@ -4391,7 +4391,7 @@ cw_wm_mouse(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
         nm_state &= ~CW_MOUSE_WMASK;
     }
 
-    if(!(nm_state & CW_MOUSE_LDOWN) && 
+    if(!(nm_state & CW_MOUSE_LDOWN) &&
        (tbl->mouse_state & CW_MOUSE_LDOWN) &&
        tbl->mouse_row == nm_row) {
 
@@ -4455,7 +4455,7 @@ cw_wm_mouse(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 
         if(tbl->mouse_state & CW_MOUSE_WOUTLINE) {
             r.left = tbl->cols[tbl->mouse_col].x - tbl->scr_left;
-            r.top = tbl->mouse_row * tbl->cell_height + 
+            r.top = tbl->mouse_row * tbl->cell_height +
                 tbl->header_height - tbl->scr_top;
             r.right = r.left + KHUI_SMICON_CX;
             r.bottom = r.top + tbl->cell_height;
@@ -4472,9 +4472,9 @@ cw_wm_mouse(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
                 }
 
             } else {
-                r.left = KHUI_SMICON_CX * 3 / 2 + 
+                r.left = KHUI_SMICON_CX * 3 / 2 +
                     tbl->cols[tbl->mouse_col].x - tbl->scr_left;
-                r.top = tbl->mouse_row * tbl->cell_height + 
+                r.top = tbl->mouse_row * tbl->cell_height +
                     tbl->header_height - tbl->scr_top;
                 r.right = r.left + KHUI_SMICON_CX;
                 r.bottom = r.top + tbl->cell_height;
@@ -4494,7 +4494,7 @@ cw_wm_mouse(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
         /* same code block as above */
         if(tbl->mouse_state & CW_MOUSE_WOUTLINE) {
             r.left = tbl->cols[tbl->mouse_col].x - tbl->scr_left;
-            r.top = tbl->mouse_row * tbl->cell_height + 
+            r.top = tbl->mouse_row * tbl->cell_height +
                 tbl->header_height - tbl->scr_top;
             r.right = r.left + KHUI_SMICON_CX;
             r.bottom = r.top + tbl->cell_height;
@@ -4511,9 +4511,9 @@ cw_wm_mouse(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
                 }
 
             } else {
-                r.left = KHUI_SMICON_CX * 3 / 2 + 
+                r.left = KHUI_SMICON_CX * 3 / 2 +
                     tbl->cols[tbl->mouse_col].x - tbl->scr_left;
-                r.top = tbl->mouse_row * tbl->cell_height + 
+                r.top = tbl->mouse_row * tbl->cell_height +
                     tbl->header_height - tbl->scr_top;
                 r.right = r.left + KHUI_SMICON_CX;
                 r.bottom = r.top + tbl->cell_height;
@@ -4543,7 +4543,7 @@ cw_wm_mouse(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
     return 0;
 }
 
-LRESULT 
+LRESULT
 cw_wm_hscroll(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     khui_credwnd_tbl * tbl;
@@ -4618,13 +4618,13 @@ cw_wm_hscroll(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
         sr.top = cr.top;
         sr.bottom = lr.top;
         ScrollWindowEx(
-            hwnd, 
-            dx, 
-            0, 
-            &sr, 
-            &sr, 
-            NULL, 
-            NULL, 
+            hwnd,
+            dx,
+            0,
+            &sr,
+            &sr,
+            NULL,
+            NULL,
             SW_INVALIDATE | SW_SCROLLCHILDREN);
     }
 
@@ -4634,13 +4634,13 @@ cw_wm_hscroll(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
         sr.top = lr.top;
         sr.bottom = lr.bottom;
         ScrollWindowEx(
-            hwnd, 
-            dx, 
-            0, 
-            &sr, 
-            &sr, 
-            NULL, 
-            NULL, 
+            hwnd,
+            dx,
+            0,
+            &sr,
+            &sr,
+            NULL,
+            NULL,
             SW_INVALIDATE | SW_SCROLLCHILDREN);
     }
 
@@ -4679,13 +4679,13 @@ cw_vscroll_to_pos(HWND hwnd, khui_credwnd_tbl * tbl, int newpos) {
         sr.top = cr.top;
         sr.bottom = cr.bottom;
         ScrollWindowEx(
-            hwnd, 
-            0, 
-            dy, 
-            &sr, 
-            &sr, 
-            NULL, 
-            NULL, 
+            hwnd,
+            0,
+            dy,
+            &sr,
+            &sr,
+            NULL,
+            NULL,
             SW_INVALIDATE);
     }
 
@@ -4695,13 +4695,13 @@ cw_vscroll_to_pos(HWND hwnd, khui_credwnd_tbl * tbl, int newpos) {
         sr.top = cr.top;
         sr.bottom = lr.top;
         ScrollWindowEx(
-            hwnd, 
-            0, 
-            dy, 
-            &sr, 
-            &sr, 
-            NULL, 
-            NULL, 
+            hwnd,
+            0,
+            dy,
+            &sr,
+            &sr,
+            NULL,
+            NULL,
             SW_INVALIDATE);
     }
 
@@ -4710,7 +4710,7 @@ cw_vscroll_to_pos(HWND hwnd, khui_credwnd_tbl * tbl, int newpos) {
     }
 }
 
-LRESULT 
+LRESULT
 cw_wm_vscroll(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     khui_credwnd_tbl * tbl;
@@ -4793,7 +4793,7 @@ cw_ensure_row_visible(HWND hwnd, khui_credwnd_tbl * tbl, int row) {
     cw_vscroll_to_pos(hwnd, tbl, newpos);
 }
 
-static INT_PTR CALLBACK 
+static INT_PTR CALLBACK
 cw_pp_ident_proc(HWND hwnd,
                  UINT uMsg,
                  WPARAM wParam,
@@ -4849,7 +4849,7 @@ cw_pp_ident_proc(HWND hwnd,
         return TRUE;
 
     case WM_COMMAND:
-        s = (khui_property_sheet *) (LONG_PTR) 
+        s = (khui_property_sheet *) (LONG_PTR)
             GetWindowLongPtr(hwnd, DWLP_USER);
         if (s == NULL)
             return 0;
@@ -4909,7 +4909,7 @@ cw_pp_ident_proc(HWND hwnd,
             khm_int32 flags;
 
             lpp = (LPPSHNOTIFY) lParam;
-            s = (khui_property_sheet *) (LONG_PTR) 
+            s = (khui_property_sheet *) (LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
             if (s == NULL)
                 return 0;
@@ -4931,8 +4931,8 @@ cw_pp_ident_proc(HWND hwnd,
             case PSN_RESET:
                 kcdb_identity_get_flags(s->identity, &flags);
 
-                CheckDlgButton(hwnd, 
-                               IDC_PP_IDDEF, 
+                CheckDlgButton(hwnd,
+                               IDC_PP_IDDEF,
                                ((flags & KCDB_IDENT_FLAG_DEFAULT)?BST_CHECKED:
                                 BST_UNCHECKED));
 
@@ -4954,7 +4954,7 @@ cw_pp_ident_proc(HWND hwnd,
     return FALSE;
 }
 
-static INT_PTR CALLBACK 
+static INT_PTR CALLBACK
 cw_pp_cred_proc(HWND hwnd,
                 UINT uMsg,
                 WPARAM wParam,
@@ -4987,7 +4987,7 @@ cw_pp_cred_proc(HWND hwnd,
     return FALSE;
 }
 
-static void 
+static void
 cw_pp_begin(khui_property_sheet * s)
 {
     PROPSHEETPAGE *p;
@@ -5021,7 +5021,7 @@ cw_pp_begin(khui_property_sheet * s)
     }
 }
 
-static void 
+static void
 cw_pp_precreate(khui_property_sheet * s)
 {
     khui_ps_show_sheet(khm_hwnd_main, s);
@@ -5029,7 +5029,7 @@ cw_pp_precreate(khui_property_sheet * s)
     khm_add_property_sheet(s);
 }
 
-static void 
+static void
 cw_pp_end(khui_property_sheet * s)
 {
     khui_property_page * p = NULL;
@@ -5049,7 +5049,7 @@ cw_pp_end(khui_property_sheet * s)
     }
 }
 
-static void 
+static void
 cw_pp_destroy(khui_property_sheet *ps)
 {
     if(ps->ctx.scope == KHUI_SCOPE_CRED) {
@@ -5203,7 +5203,7 @@ cw_properties(HWND hwnd)
     return TRUE;
 }
 
-LRESULT 
+LRESULT
 cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     khui_credwnd_tbl * tbl;
@@ -5212,7 +5212,7 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
     if (tbl == NULL)
         return 0;
 
-    if(HIWORD(wParam) == BN_CLICKED && 
+    if(HIWORD(wParam) == BN_CLICKED &&
        LOWORD(wParam) == KHUI_HTWND_CTLID) {
 
         wchar_t wid[256];
@@ -5223,13 +5223,13 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
         wid[l->id_len] = 0;
 
         if(!wcscmp(wid, L"NewCreds")) {
-            PostMessage(khm_hwnd_main, WM_COMMAND, 
+            PostMessage(khm_hwnd_main, WM_COMMAND,
                         MAKEWPARAM(KHUI_ACTION_NEW_CRED,0), 0);
         }
         return TRUE;
     }
 
-    switch(LOWORD(wParam)) 
+    switch(LOWORD(wParam))
     {
     case KHUI_PACTION_ENTER:
         /* enter key is a synonym for the default action, on the
@@ -5524,10 +5524,10 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
                 break;
             }
 
-            for(r = tbl->cursor_row; 
+            for(r = tbl->cursor_row;
                 (r >= 0 && !(tbl->rows[r].flags & KHUI_CW_ROW_HEADER));
                 r--);
-            
+
             if(r < 0)
                 break;
 
@@ -5563,7 +5563,7 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
             khui_credwnd_outline * o;
             int r;
 
-            if(tbl->cursor_row < 0 || 
+            if(tbl->cursor_row < 0 ||
                tbl->cursor_row >= (int) tbl->n_rows) {
                 cw_select_row(tbl, 0, 0);
                 break;
@@ -5589,7 +5589,7 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
     return DefWindowProc(hwnd, uMsg, wParam, lParam);
 }
 
-LRESULT 
+LRESULT
 cw_wm_contextmenu(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     RECT r;
@@ -5629,7 +5629,7 @@ cw_wm_contextmenu(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 
         x = r.left;
         y = y + r.top + tbl->header_height - tbl->scr_top;
-        
+
         goto have_row;
     }
 
@@ -5688,18 +5688,18 @@ cw_wm_contextmenu(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 
 /* copy and paste template */
 #if 0
-LRESULT 
+LRESULT
 cw_wm_msg(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
 {
     return DefWindowProc(hwnd, uMsg, wParam, lParam);
 }
 #endif
 
-LRESULT CALLBACK 
+LRESULT CALLBACK
 khm_credwnd_proc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
-                  LPARAM lParam) 
+                  LPARAM lParam)
 {
     switch(uMsg) {
     case WM_COMMAND:
@@ -5884,7 +5884,7 @@ khm_draw_identity_menu_item(HWND hwnd, LPDRAWITEMSTRUCT lpd, khui_action * act)
     }
 }
 
-void 
+void
 khm_register_credwnd_class(void) {
     WNDCLASSEX wcx;
     kcdb_attrib attrib;
@@ -5920,12 +5920,12 @@ khm_register_credwnd_class(void) {
     khui_cw_flag_id = attr_id;
 }
 
-void 
+void
 khm_unregister_credwnd_class(void) {
     UnregisterClass(MAKEINTATOM(khui_credwnd_cls), khm_hInstance);
 }
 
-HWND 
+HWND
 khm_create_credwnd(HWND parent) {
     RECT r;
     HWND hwnd;
diff --git a/src/windows/identity/ui/debugfuncs.c b/src/windows/identity/ui/debugfuncs.c
index 384f40ea6..ad478e5fd 100644
--- a/src/windows/identity/ui/debugfuncs.c
+++ b/src/windows/identity/ui/debugfuncs.c
@@ -140,7 +140,7 @@ debug_event_handler(enum kherr_ctx_event e,
 
 	    kherr_evaluate_event(evt);
 	    FileTimeToSystemTime(&evt->time_ft, &systime);
-	    
+
 	    fprintf(logfile,
 		    "%d[%d](%S)\t",
 		    c->serial,
diff --git a/src/windows/identity/ui/htwnd.c b/src/windows/identity/ui/htwnd.c
index 7586b3e87..29c4221a7 100644
--- a/src/windows/identity/ui/htwnd.c
+++ b/src/windows/identity/ui/htwnd.c
@@ -75,7 +75,7 @@ ATOM khui_htwnd_cls;
 struct tx_tbl_t {
     wchar_t *   string;
     LONG        value;
-} 
+}
 
 htw_color_table[] = {
     {L"black", RGB(0,0,0)},
@@ -278,7 +278,7 @@ static wchar_t * skip_ws(wchar_t * s) {
     return s;
 }
 
-/* s points to something like " = \"value\"" 
+/* s points to something like " = \"value\""
    start and len will point to the start and
    length of value.  return value will point to the
    character following the last double quote. */
@@ -332,14 +332,14 @@ We currently support the following tags:
 */
 
 static int htw_parse_tag(
-    wchar_t * start, 
-    wchar_t ** end, 
-    int * align, 
-    khui_htwnd_data * d, 
-    format_stack * s, 
+    wchar_t * start,
+    wchar_t ** end,
+    int * align,
+    khui_htwnd_data * d,
+    format_stack * s,
     PPOINT p_abs,
     PPOINT p_rel,
-    int lh, 
+    int lh,
     BOOL dry_run)
 {
     wchar_t * c;
@@ -454,7 +454,7 @@ static int htw_parse_tag(
         c = wcschr(c, L'>');
         if(!c)
             c = c + wcslen(c);
-        
+
 
         if(align_s)
             *align = table_lookup(htw_align_table, ARRAYLENGTH(htw_align_table), align_s, align_len);
@@ -489,7 +489,7 @@ static int htw_parse_tag(
         *align = ALIGN_CENTER;
         n = 1;
     } else if(!_wcsnicmp(start, L"left", c - start) ||
-        !_wcsnicmp(start, L"p", c - start)) 
+        !_wcsnicmp(start, L"p", c - start))
     {
         c = wcschr(c, L'>');
         if(!c)
@@ -1048,7 +1048,7 @@ LRESULT CALLBACK khui_htwnd_proc(HWND hwnd,
 
             if(hwnd != (HWND)wParam)
                 break;
-                
+
             d = (khui_htwnd_data *)(LONG_PTR) GetWindowLongPtr(hwnd, 0);
             if (d == NULL)
                 break;
@@ -1221,7 +1221,7 @@ LRESULT CALLBACK khui_htwnd_proc(HWND hwnd,
 
             p.x = GET_X_LPARAM(lParam) + d->scroll_left;
             p.y = GET_Y_LPARAM(lParam) + d->scroll_top;
-                
+
             for(i=0; i<d->n_links; i++) {
                 if(d->links && d->links[i] && PtInRect(&(d->links[i]->r), p))
                     break;
diff --git a/src/windows/identity/ui/main.c b/src/windows/identity/ui/main.c
index f8bcde882..d1d3ecdca 100644
--- a/src/windows/identity/ui/main.c
+++ b/src/windows/identity/ui/main.c
@@ -177,9 +177,9 @@ khm_cmdline_dlg_proc(HWND hwnd,
         return TRUE;
 
     case WM_CLOSE:
-	
+
 	EndDialog(hwnd, KHM_ERROR_EXIT);
-    	
+
 	return TRUE;
     }
 
@@ -192,7 +192,7 @@ void khm_show_commandline_help(void) {
     hm_richedit = LoadLibrary(L"riched20.dll");
     if (hm_richedit == NULL)
         return;
-    
+
     DialogBox(khm_hInstance, MAKEINTRESOURCE(IDD_CMDLINE),
               NULL, khm_cmdline_dlg_proc);
 
@@ -302,7 +302,7 @@ void khm_register_window_classes(void) {
 
     ZeroMemory(&ics, sizeof(ics));
     ics.dwSize = sizeof(ics);
-    ics.dwICC = 
+    ics.dwICC =
         ICC_COOL_CLASSES |
         ICC_BAR_CLASSES |
         ICC_DATE_CLASSES |
@@ -481,7 +481,7 @@ void khm_del_dialog(HWND dlg) {
         if(khui_dialogs[i].hwnd == dlg)
             break;
     }
-    
+
     if(i < n_khui_dialogs)
         n_khui_dialogs--;
     else
@@ -696,7 +696,7 @@ int khm_compare_version(const khm_version * v1, const khm_version * v2) {
 int WINAPI WinMain(HINSTANCE hInstance,
                    HINSTANCE hPrevInstance,
                    LPSTR lpCmdLine,
-                   int nCmdShow) 
+                   int nCmdShow)
 {
     int rv = 0;
     HANDLE h_appmutex;
@@ -741,7 +741,7 @@ int WINAPI WinMain(HINSTANCE hInstance,
 
         khm_commctl_version = khm_get_commctl_version(NULL);
 
-        /* we only open a main window if this is the only instance 
+        /* we only open a main window if this is the only instance
            of the application that is running. */
         kmq_init();
         khm_init_gui();
@@ -888,7 +888,7 @@ int WINAPI WinMain(HINSTANCE hInstance,
 
             MessageBox(NULL, error_msg, error_title,
                        MB_OK);
-            
+
             goto done_with_remote;
         }
 
diff --git a/src/windows/identity/ui/mainmenu.c b/src/windows/identity/ui/mainmenu.c
index 8645dc7bc..d61b8d7cc 100644
--- a/src/windows/identity/ui/mainmenu.c
+++ b/src/windows/identity/ui/mainmenu.c
@@ -44,8 +44,8 @@ int il_icon_id[MAX_ILIST];
 void khui_init_menu(void) {
     int i;
 
-    il_icon = khui_create_ilist(ILIST_ICON_X, 
-                                ILIST_ICON_Y, 
+    il_icon = khui_create_ilist(ILIST_ICON_X,
+                                ILIST_ICON_Y,
                                 MAX_ILIST, 5, 0);
     for(i=0;i<MAX_ILIST;i++)
         il_icon_id[i] = -1;
@@ -66,10 +66,10 @@ int khui_get_icon_index(int id) {
             return i;
         }
 
-    hbm = LoadImage(khm_hInstance, 
-                    MAKEINTRESOURCE(id), 
-                    IMAGE_BITMAP, 
-                    ILIST_ICON_X, ILIST_ICON_Y, 
+    hbm = LoadImage(khm_hInstance,
+                    MAKEINTRESOURCE(id),
+                    IMAGE_BITMAP,
+                    ILIST_ICON_X, ILIST_ICON_Y,
                     LR_DEFAULTCOLOR);
     i = khui_ilist_add_masked(il_icon, hbm, KHUI_TOOLBAR_BGCOLOR);
     il_icon_id[i] = id;
@@ -122,7 +122,7 @@ void khm_get_action_tooltip(khm_int32 action, wchar_t * buf, khm_size cb_buf) {
     khui_action_unlock();
 }
 
-void add_action_to_menu(HMENU hm, khui_action * act, 
+void add_action_to_menu(HMENU hm, khui_action * act,
                         int idx, int flags) {
     MENUITEMINFO mii;
     wchar_t buf[MAX_RES_STRING] = L"";
@@ -148,7 +148,7 @@ void add_action_to_menu(HMENU hm, khui_action * act,
         } else {
             khm_get_action_caption(act->cmd, buf, sizeof(buf));
 
-            if(khui_get_cmd_accel_string(act->cmd, accel, 
+            if(khui_get_cmd_accel_string(act->cmd, accel,
                                          ARRAYLENGTH(accel))) {
                 StringCbCat(buf, sizeof(buf), L"\t");
                 StringCbCat(buf, sizeof(buf), accel);
@@ -170,7 +170,7 @@ void add_action_to_menu(HMENU hm, khui_action * act,
             mii.fState = 0;
         }
 
-        if((act->type & KHUI_ACTIONTYPE_TOGGLE) && 
+        if((act->type & KHUI_ACTIONTYPE_TOGGLE) &&
            (act->state & KHUI_ACTIONSTATE_CHECKED)) {
             mii.fMask |= MIIM_STATE;
             mii.fState |= MFS_CHECKED;
@@ -200,7 +200,7 @@ void add_action_to_menu(HMENU hm, khui_action * act,
 
 static void refresh_menu(HMENU hm, khui_menu_def * def);
 
-static int refresh_menu_item(HMENU hm, khui_action * act, 
+static int refresh_menu_item(HMENU hm, khui_action * act,
                              int idx, int flags) {
     MENUITEMINFO mii;
     khui_menu_def * def;
@@ -339,9 +339,9 @@ static void mm_show_panel_def(khui_menu_def * def, LONG x, LONG y)
     if (mm_hot_track)
         mm_begin_hot_track();
 
-    TrackPopupMenuEx(hm, 
-                     TPM_LEFTALIGN | TPM_TOPALIGN | 
-                     TPM_VERPOSANIMATION, 
+    TrackPopupMenuEx(hm,
+                     TPM_LEFTALIGN | TPM_TOPALIGN |
+                     TPM_VERPOSANIMATION,
                      x, y, khm_hwnd_main, NULL);
 
     mm_last_hot_item = -1;
@@ -377,17 +377,17 @@ LRESULT khm_menu_activate(int menu_id) {
         else
             menu_id = 0;
     } else if(menu_id == MENU_ACTIVATE_LEFT) {
-        menu_id = (mm_last_hot_item > 0)? 
-            mm_last_hot_item - 1: 
+        menu_id = (mm_last_hot_item > 0)?
+            mm_last_hot_item - 1:
             ((mm_last_hot_item == 0)? nmm - 1: 0);
     } else if(menu_id == MENU_ACTIVATE_RIGHT) {
-        menu_id = (mm_last_hot_item >=0 && mm_last_hot_item < nmm - 1)? 
-            mm_last_hot_item + 1: 
+        menu_id = (mm_last_hot_item >=0 && mm_last_hot_item < nmm - 1)?
+            mm_last_hot_item + 1:
             0;
     } else if(menu_id == MENU_ACTIVATE_NONE) {
         menu_id = -1;
     }
-    
+
     SendMessage(khui_main_menu_toolbar,
                 TB_SETHOTITEM,
                 menu_id,
@@ -438,7 +438,7 @@ LRESULT khm_menu_draw_item(WPARAM wParam, LPARAM lParam) {
         if(!resid) /* nothing to draw */
             return TRUE;
 
-    
+
         iidx = khui_get_icon_index(resid);
         if(iidx == -1)
             return TRUE;
@@ -448,10 +448,10 @@ LRESULT khm_menu_draw_item(WPARAM wParam, LPARAM lParam) {
         if(lpd->itemState & ODS_HOTLIGHT || lpd->itemState & ODS_SELECTED) {
             style |= ILD_SELECTED;
         }
-    
-        khui_ilist_draw(il_icon, 
-                        iidx, 
-                        lpd->hDC, 
+
+        khui_ilist_draw(il_icon,
+                        iidx,
+                        lpd->hDC,
                         lpd->rcItem.left, lpd->rcItem.top, style);
     }
 
@@ -487,7 +487,7 @@ void khm_track_menu(int menu) {
             mm_last_hot_item = mm_next_hot_item;
             mm_next_hot_item = -1;
 
-            PostMessage(khm_hwnd_main, WM_COMMAND, 
+            PostMessage(khm_hwnd_main, WM_COMMAND,
                         MAKEWPARAM(KHUI_PACTION_MENU,0),
                         MAKELPARAM(mm_last_hot_item,1));
         }
@@ -499,7 +499,7 @@ void khm_menu_track_current(void) {
 }
 
 LRESULT khm_menu_handle_select(WPARAM wParam, LPARAM lParam) {
-    if((HIWORD(wParam) == 0xffff && lParam == 0) || 
+    if((HIWORD(wParam) == 0xffff && lParam == 0) ||
        (HIWORD(wParam) & MF_POPUP)) {
         /* the menu was closed */
         khm_statusbar_set_part(KHUI_SBPART_INFO, NULL, NULL);
@@ -602,8 +602,8 @@ LRESULT khm_menu_notify_main(LPNMHDR notice) {
     case TBN_DROPDOWN:
         khm_track_menu(-1);
         /*
-        khm_menu_show_panel(nmt->iItem, 
-                        r.left + nmt->rcButton.left, 
+        khm_menu_show_panel(nmt->iItem,
+                        r.left + nmt->rcButton.left,
                         r.top + nmt->rcButton.bottom);
         */
         ret = TBDDRET_DEFAULT;
@@ -628,7 +628,7 @@ LRESULT khm_menu_notify_main(LPNMHDR notice) {
                 }
             }
 
-            if (mm_hot_track && 
+            if (mm_hot_track &&
                 new_item != mm_last_hot_item &&
                 new_item != -1 &&
                 mm_last_hot_item != -1) {
@@ -1156,8 +1156,8 @@ void khm_menu_create_main(HWND parent) {
                           ,
                           TOOLBARCLASSNAME,
                           (LPWSTR) NULL,
-                          WS_CHILD | 
-                          CCS_ADJUSTABLE | 
+                          WS_CHILD |
+                          CCS_ADJUSTABLE |
                           TBSTYLE_FLAT |
                           TBSTYLE_AUTOSIZE |
                           TBSTYLE_LIST |
@@ -1183,18 +1183,18 @@ void khm_menu_create_main(HWND parent) {
                 0);
 
     for(i=0; i<nmm; i++) {
-        khui_add_action_to_toolbar(hwtb, 
-                                   khui_find_action(mm[i].action), 
-                                   KHUI_TOOLBAR_ADD_TEXT | 
-                                   KHUI_TOOLBAR_ADD_DROPDOWN | 
-                                   KHUI_TOOLBAR_VARSIZE, 
+        khui_add_action_to_toolbar(hwtb,
+                                   khui_find_action(mm[i].action),
+                                   KHUI_TOOLBAR_ADD_TEXT |
+                                   KHUI_TOOLBAR_ADD_DROPDOWN |
+                                   KHUI_TOOLBAR_VARSIZE,
                                    NULL);
     }
 
     SendMessage(hwtb,
                 TB_AUTOSIZE,
                 0,0);
-    
+
     SendMessage(hwtb,
                 TB_GETMAXSIZE,
                 0,
@@ -1204,15 +1204,15 @@ void khm_menu_create_main(HWND parent) {
 
     rbi.cbSize = sizeof(rbi);
 
-    rbi.fMask = 
+    rbi.fMask =
         RBBIM_ID |
-        RBBIM_STYLE | 
-        RBBIM_CHILD | 
-        RBBIM_CHILDSIZE | 
-        RBBIM_SIZE | 
-        RBBIM_IDEALSIZE; 
+        RBBIM_STYLE |
+        RBBIM_CHILD |
+        RBBIM_CHILDSIZE |
+        RBBIM_SIZE |
+        RBBIM_IDEALSIZE;
 
-    rbi.fStyle = 
+    rbi.fStyle =
         RBBS_USECHEVRON;
 
     rbi.hwndChild = hwtb;
diff --git a/src/windows/identity/ui/mainwnd.c b/src/windows/identity/ui/mainwnd.c
index 6802cd257..9d1556798 100644
--- a/src/windows/identity/ui/mainwnd.c
+++ b/src/windows/identity/ui/mainwnd.c
@@ -187,7 +187,7 @@ khm_ui_cb(LPARAM lParam) {
 }
 
 
-static void 
+static void
 main_wnd_save_sizepos() {
     RECT r;
     khm_handle csp_cw;
@@ -218,7 +218,7 @@ main_wnd_save_sizepos() {
             khc_write_int32(csp_mw, L"Width", r.right - r.left);
             khc_write_int32(csp_mw, L"Height", r.bottom - r.top);
 
-            if (KHM_SUCCEEDED(khc_read_int32(csp_mw, L"Dock", &t)) && 
+            if (KHM_SUCCEEDED(khc_read_int32(csp_mw, L"Dock", &t)) &&
                 t != KHM_DOCK_NONE) {
                 khc_write_int32(csp_mw, L"Dock", KHM_DOCK_AUTO);
             }
@@ -230,11 +230,11 @@ main_wnd_save_sizepos() {
     }
 }
 
-LRESULT CALLBACK 
+LRESULT CALLBACK
 khm_main_wnd_proc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
-                  LPARAM lParam) 
+                  LPARAM lParam)
 {
     LPNMHDR lpnm;
 
@@ -399,7 +399,7 @@ khm_main_wnd_proc(HWND hwnd,
             /* properties are not handled by the main window.
                Just bounce it to credwnd.  However, use SendMessage
                instead of PostMessage so we don't lose context */
-            return SendMessage(khm_hwnd_main_cred, uMsg, 
+            return SendMessage(khm_hwnd_main_cred, uMsg,
                                wParam, lParam);
 
         case KHUI_ACTION_UICB:
@@ -409,7 +409,7 @@ khm_main_wnd_proc(HWND hwnd,
             /* layout control */
 
         case KHUI_ACTION_VIEW_ALL_IDS:
-            return SendMessage(khm_hwnd_main_cred, uMsg, 
+            return SendMessage(khm_hwnd_main_cred, uMsg,
                                wParam, lParam);
 
         case KHUI_ACTION_LAYOUT_MINI:
@@ -419,11 +419,11 @@ khm_main_wnd_proc(HWND hwnd,
             } else {
                 khm_set_main_window_mode(KHM_MAIN_WND_MINI);
             }
-            return SendMessage(khm_hwnd_main_cred, uMsg, 
+            return SendMessage(khm_hwnd_main_cred, uMsg,
                                wParam, lParam);
 
         case KHUI_ACTION_LAYOUT_RELOAD:
-            return SendMessage(khm_hwnd_main_cred, uMsg, 
+            return SendMessage(khm_hwnd_main_cred, uMsg,
                                wParam, lParam);
 
         case KHUI_ACTION_LAYOUT_ID:
@@ -431,7 +431,7 @@ khm_main_wnd_proc(HWND hwnd,
         case KHUI_ACTION_LAYOUT_LOC:
         case KHUI_ACTION_LAYOUT_CUST:
             khm_set_main_window_mode(KHM_MAIN_WND_NORMAL);
-            return SendMessage(khm_hwnd_main_cred, uMsg, 
+            return SendMessage(khm_hwnd_main_cred, uMsg,
                                wParam, lParam);
 
             /* menu commands */
@@ -490,7 +490,7 @@ khm_main_wnd_proc(HWND hwnd,
 
         case KHUI_PACTION_SELALL:
             /* otherwise fallthrough and bounce to the creds window */
-            return SendMessage(khm_hwnd_main_cred, uMsg, 
+            return SendMessage(khm_hwnd_main_cred, uMsg,
                                wParam, lParam);
 
         default:
@@ -533,7 +533,7 @@ khm_main_wnd_proc(HWND hwnd,
 
     case WM_DRAWITEM:
         /* sent to draw a menu item */
-        if(!wParam) 
+        if(!wParam)
             return khm_menu_draw_item(wParam, lParam);
         break;
 
@@ -543,8 +543,8 @@ khm_main_wnd_proc(HWND hwnd,
         return TRUE;
         break;
 
-    case WM_SIZE: 
-        if(hwnd == khm_hwnd_main && 
+    case WM_SIZE:
+        if(hwnd == khm_hwnd_main &&
            (wParam == SIZE_MAXIMIZED || wParam == SIZE_RESTORED)) {
             int cwidth, cheight;
             RECT r_rebar, r_status;
@@ -556,15 +556,15 @@ khm_main_wnd_proc(HWND hwnd,
             SendMessage(khm_hwnd_rebar, WM_SIZE, 0, 0);
 
             khm_update_statusbar(hwnd);
-            
+
             GetWindowRect(khm_hwnd_rebar, &r_rebar);
             GetWindowRect(khm_hwnd_statusbar, &r_status);
 
             /* the cred window fills the area between the rebar
                and the status bar */
-            MoveWindow(khm_hwnd_main_cred, 0, 
-                       r_rebar.bottom - r_rebar.top, 
-                       r_status.right - r_status.left, 
+            MoveWindow(khm_hwnd_main_cred, 0,
+                       r_rebar.bottom - r_rebar.top,
+                       r_status.right - r_status.left,
                        r_status.top - r_rebar.bottom, TRUE);
 
             SetTimer(hwnd,
@@ -820,7 +820,7 @@ khm_main_wnd_proc(HWND hwnd,
 
             xfer = MapViewOfFile(hmap, FILE_MAP_WRITE, 0, 0,
                                  sizeof(khm_query_app_version));
-            
+
             if (xfer) {
                 khm_process_query_app_ver((khm_query_app_version *) xfer);
 
@@ -835,7 +835,7 @@ khm_main_wnd_proc(HWND hwnd,
     return DefWindowProc(hwnd,uMsg,wParam,lParam);
 }
 
-LRESULT CALLBACK 
+LRESULT CALLBACK
 khm_null_wnd_proc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
@@ -843,7 +843,7 @@ khm_null_wnd_proc(HWND hwnd,
     return DefWindowProc(hwnd, uMsg, wParam, lParam);
 }
 
-LRESULT 
+LRESULT
 khm_rebar_notify(LPNMHDR lpnm) {
     switch(lpnm->code) {
 #if (_WIN32_WINNT >= 0x0501)
@@ -873,20 +873,20 @@ khm_rebar_notify(LPNMHDR lpnm) {
     return 1;
 }
 
-void 
+void
 khm_create_main_window_controls(HWND hwnd_main) {
     REBARINFO rbi;
     HWND hwRebar;
 
     khm_menu_create_main(hwnd_main);
 
-    hwRebar = 
+    hwRebar =
         CreateWindowEx(WS_EX_TOOLWINDOW,
                        REBARCLASSNAME,
                        L"Rebar",
-                       WS_CHILD | 
-                       WS_VISIBLE| 
-                       WS_CLIPSIBLINGS | 
+                       WS_CHILD |
+                       WS_VISIBLE|
+                       WS_CLIPSIBLINGS |
                        WS_CLIPCHILDREN |
                        CCS_NODIVIDER |
                        RBS_VARHEIGHT |
@@ -1116,10 +1116,10 @@ khm_set_main_window_mode(int mode) {
 
     khui_refresh_actions();
 
-    /* 
-     * set the window position before the global khm_main_wnd_mode 
+    /*
+     * set the window position before the global khm_main_wnd_mode
      * is updated.  otherwise, the windows position for the wrong
-     * mode will be set.  Do not set the window position if the 
+     * mode will be set.  Do not set the window position if the
      * main application window has not yet been created.
      */
     if (khm_hwnd_main)
@@ -1148,13 +1148,13 @@ khm_set_main_window_mode(int mode) {
     khm_cred_refresh();
 }
 
-void 
+void
 khm_create_main_window(void) {
     wchar_t buf[1024];
     khm_handle csp_cw = NULL;
     RECT r;
 
-    LoadString(khm_hInstance, IDS_MAIN_WINDOW_TITLE, 
+    LoadString(khm_hInstance, IDS_MAIN_WINDOW_TITLE,
                buf, ARRAYLENGTH(buf));
 
     khm_hwnd_null =
@@ -1185,11 +1185,11 @@ khm_create_main_window(void) {
 
     khm_get_main_window_rect(&r);
 
-    khm_hwnd_main = 
+    khm_hwnd_main =
         CreateWindowEx(WS_EX_OVERLAPPEDWINDOW | WS_EX_APPWINDOW,
                        MAKEINTATOM(khm_main_window_class),
                        buf,
-                       WS_OVERLAPPEDWINDOW | WS_CLIPCHILDREN | 
+                       WS_OVERLAPPEDWINDOW | WS_CLIPCHILDREN |
                        WS_CLIPSIBLINGS,
                        r.left, r.top,
                        r.right - r.left,
@@ -1202,7 +1202,7 @@ khm_create_main_window(void) {
     khui_set_main_window(khm_hwnd_main);
 }
 
-void 
+void
 khm_show_main_window(void) {
 
     if (khm_nCmdShow == SW_RESTORE) {
@@ -1214,11 +1214,11 @@ khm_show_main_window(void) {
     }
     /*
      * We test for the values of khm_nCmdShow that
-     * can be set at process startup.  They will 
-     * only be seen the first time this function is 
+     * can be set at process startup.  They will
+     * only be seen the first time this function is
      * called.  After the first time, the value of
      * khm_nCmdShow will always be SW_RESTORE.
-     * When one of the minimized values is set, 
+     * When one of the minimized values is set,
      * khm_show_main_window() will not be called
      * unless the user initiates a request to show
      * the window.
@@ -1232,7 +1232,7 @@ khm_show_main_window(void) {
 
     ShowWindow(khm_hwnd_main, khm_nCmdShow);
     UpdateWindow(khm_hwnd_main);
-    
+
     khm_cred_refresh();
 
     khm_nCmdShow = SW_RESTORE;
@@ -1257,7 +1257,7 @@ khm_activate_main_window(void) {
     }
 }
 
-void 
+void
 khm_close_main_window(void) {
     khm_handle csp_cw;
     BOOL keep_running = FALSE;
@@ -1266,7 +1266,7 @@ khm_close_main_window(void) {
                                      KHM_PERM_READ, &csp_cw))) {
         khm_int32 t;
 
-        if (KHM_SUCCEEDED(khc_read_int32(csp_cw, L"KeepRunning", 
+        if (KHM_SUCCEEDED(khc_read_int32(csp_cw, L"KeepRunning",
                                          &t))) {
             keep_running = t;
         } else {
@@ -1288,7 +1288,7 @@ khm_close_main_window(void) {
         DestroyWindow(khm_hwnd_main);
 }
 
-void 
+void
 khm_hide_main_window(void) {
     khm_handle csp_notices = NULL;
     khm_int32 show_warning = FALSE;
@@ -1324,12 +1324,12 @@ khm_hide_main_window(void) {
     ShowWindow(khm_hwnd_main, SW_HIDE);
 }
 
-BOOL 
+BOOL
 khm_is_main_window_visible(void) {
     return IsWindowVisible(khm_hwnd_main);
 }
 
-BOOL 
+BOOL
 khm_is_main_window_active(void) {
     if (!IsWindowVisible(khm_hwnd_main))
         return FALSE;
@@ -1338,7 +1338,7 @@ khm_is_main_window_active(void) {
     return khm_is_dialog_active();
 }
 
-void 
+void
 khm_register_main_wnd_class(void) {
     WNDCLASSEX wc;
 
@@ -1373,7 +1373,7 @@ khm_register_main_wnd_class(void) {
     khm_main_window_class = RegisterClassEx(&wc);
 }
 
-void 
+void
 khm_unregister_main_wnd_class(void) {
     UnregisterClass(MAKEINTATOM(khm_main_window_class),khm_hInstance);
     UnregisterClass(MAKEINTATOM(khm_null_window_class),khm_hInstance);
diff --git a/src/windows/identity/ui/mainwnd.h b/src/windows/identity/ui/mainwnd.h
index 5a00631c1..7916697be 100644
--- a/src/windows/identity/ui/mainwnd.h
+++ b/src/windows/identity/ui/mainwnd.h
@@ -57,7 +57,7 @@ LRESULT khm_rebar_notify(LPNMHDR lpnm);
 void
 khm_set_dialog_result(HWND hwnd, LRESULT lr);
 
-LRESULT CALLBACK 
+LRESULT CALLBACK
 khm_main_wnd_proc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
diff --git a/src/windows/identity/ui/newcredwnd.c b/src/windows/identity/ui/newcredwnd.c
index e40e9da9a..e0c60f5c0 100644
--- a/src/windows/identity/ui/newcredwnd.c
+++ b/src/windows/identity/ui/newcredwnd.c
@@ -50,7 +50,7 @@ nc_layout_main_panel(khui_nc_wnd_data * d);
 static void
 nc_layout_new_cred_window(khui_nc_wnd_data * d);
 
-static INT_PTR CALLBACK 
+static INT_PTR CALLBACK
 nc_common_dlg_proc(HWND hwnd,
                    UINT uMsg,
                    WPARAM wParam,
@@ -94,7 +94,7 @@ nc_common_dlg_proc(HWND hwnd,
     case KHUI_WM_NC_NOTIFY:
         {
             khui_nc_wnd_data * d;
-            d = (khui_nc_wnd_data *)(LONG_PTR) 
+            d = (khui_nc_wnd_data *)(LONG_PTR)
                 GetWindowLongPtr(hwnd, DWLP_USER);
             if (d == NULL)
                 break;
@@ -128,7 +128,7 @@ nc_common_dlg_proc(HWND hwnd,
            originated or pertain to the identity selection
            controls. */
         if (d && d->nc && d->nc->ident_cb) {
-            return d->nc->ident_cb(d->nc, WMNC_IDENT_WMSG, hwnd, uMsg, 
+            return d->nc->ident_cb(d->nc, WMNC_IDENT_WMSG, hwnd, uMsg,
                                    wParam, lParam);
         }
     }
@@ -678,7 +678,7 @@ nc_layout_main_panel(khui_nc_wnd_data * d)
                        d->r_credtext.top, /* y */
                        d->r_n_input.right - d->r_n_input.left, /* width */
                        d->r_credtext.bottom - d->r_credtext.top, /* height */
-                       SWP_NOACTIVATE | SWP_NOOWNERZORDER | 
+                       SWP_NOACTIVATE | SWP_NOOWNERZORDER |
                        SWP_NOZORDER | SWP_SHOWWINDOW);
 
         DeferWindowPos(hdwp,
@@ -750,7 +750,7 @@ nc_tab_sort_func(const void * v1, const void * v2)
     }
 }
 
-static void 
+static void
 nc_notify_types(khui_new_creds * c, UINT uMsg,
                 WPARAM wParam, LPARAM lParam, BOOL sync)
 {
@@ -829,8 +829,8 @@ nc_enable_controls(khui_nc_wnd_data * d, khm_boolean enable)
 #define NC_MAXCCH_CREDTEXT 16384
 #define NC_MAXCB_CREDTEXT (NC_MAXCCH_CREDTEXT * sizeof(wchar_t))
 
-static void 
-nc_update_credtext(khui_nc_wnd_data * d) 
+static void
+nc_update_credtext(khui_nc_wnd_data * d)
 {
     wchar_t * ctbuf = NULL;
     wchar_t * buf;
@@ -846,7 +846,7 @@ nc_update_credtext(khui_nc_wnd_data * d)
     LoadString(khm_hInstance, IDS_NC_CREDTEXT_TABS, ctbuf, NC_MAXCCH_CREDTEXT);
     StringCchLength(ctbuf, NC_MAXCCH_CREDTEXT, &cch);
     buf = ctbuf + cch;
-    nc_notify_types(d->nc, KHUI_WM_NC_NOTIFY, 
+    nc_notify_types(d->nc, KHUI_WM_NC_NOTIFY,
                     MAKEWPARAM(0, WMNC_UPDATE_CREDTEXT), (LPARAM) d->nc, TRUE);
 
     /* hopefully all the types have updated their credential texts */
@@ -894,7 +894,7 @@ nc_update_credtext(khui_nc_wnd_data * d)
                    password, we don't expect the identity provider to
                    validate the identity in real time.  As such, we
                    assume that the identity is valid. */
- 
+
                /* identity is valid */
                 if (d->notif_type != NC_NOTIFY_NONE) {
                     nc_notify_clear(d);
@@ -940,7 +940,7 @@ nc_update_credtext(khui_nc_wnd_data * d)
         khm_size cbbuf;
         khm_int32 flags;
 
-        LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_ONE, 
+        LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_ONE,
                    main_fmt, (int) ARRAYLENGTH(main_fmt));
 
         cbbuf = sizeof(id_name);
@@ -949,25 +949,25 @@ nc_update_credtext(khui_nc_wnd_data * d)
         kcdb_identity_get_flags(d->nc->identities[0], &flags);
 
         if (flags & KCDB_IDENT_FLAG_INVALID) {
-            LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_INVALID, 
+            LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_INVALID,
                        id_fmt, (int) ARRAYLENGTH(id_fmt));
         } else if(flags & KCDB_IDENT_FLAG_VALID) {
-            LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_VALID, 
+            LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_VALID,
                        id_fmt, (int) ARRAYLENGTH(id_fmt));
         } else if(flags & KCDB_IDENT_FLAG_UNKNOWN) {
             LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_UNCHECKED,
                        id_fmt, (int) ARRAYLENGTH(id_fmt));
         } else if(d->nc->subtype == KMSG_CRED_NEW_CREDS) {
-            LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_CHECKING, 
+            LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_CHECKING,
                        id_fmt, (int) ARRAYLENGTH(id_fmt));
         } else {
-            LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_UNCHECKED, 
+            LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_UNCHECKED,
                        id_fmt, (int) ARRAYLENGTH(id_fmt));
         }
 
         StringCbPrintf(id_string, sizeof(id_string), id_fmt, id_name);
 
-        StringCbPrintf(buf, NC_MAXCB_CREDTEXT - cch*sizeof(wchar_t), 
+        StringCbPrintf(buf, NC_MAXCB_CREDTEXT - cch*sizeof(wchar_t),
                        main_fmt, id_string);
 
         if (flags & KCDB_IDENT_FLAG_VALID) {
@@ -996,17 +996,17 @@ nc_update_credtext(khui_nc_wnd_data * d)
         wchar_t main_fmt[256];
         khm_size cbbuf;
 
-        LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_MANY, 
+        LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_MANY,
                    main_fmt, (int) ARRAYLENGTH(main_fmt));
 
         /* we are going to concatenate all the identity names into
            a comma separated string */
 
         /* d->nc->n_identities is at least 2 */
-        ids_string = PMALLOC((KCDB_IDENT_MAXCB_NAME + sizeof(id_fmt)) * 
+        ids_string = PMALLOC((KCDB_IDENT_MAXCB_NAME + sizeof(id_fmt)) *
                             (d->nc->n_identities - 1));
-        cb_ids_string = 
-            (KCDB_IDENT_MAXCB_NAME + sizeof(id_fmt)) * 
+        cb_ids_string =
+            (KCDB_IDENT_MAXCB_NAME + sizeof(id_fmt)) *
             (d->nc->n_identities - 1);
 
         assert(ids_string != NULL);
@@ -1028,13 +1028,13 @@ nc_update_credtext(khui_nc_wnd_data * d)
                 kcdb_identity_get_name(d->nc->identities[i], id_name, &cbbuf);
                 kcdb_identity_get_flags(d->nc->identities[i], &flags);
                 if(flags & KCDB_IDENT_FLAG_INVALID) {
-                    LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_INVALID, 
+                    LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_INVALID,
                                id_fmt, (int) ARRAYLENGTH(id_fmt));
                 } else if(flags & KCDB_IDENT_FLAG_VALID) {
-                    LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_VALID, 
+                    LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_VALID,
                                id_fmt, (int) ARRAYLENGTH(id_fmt));
                 } else {
-                    LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_UNCHECKED, 
+                    LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_UNCHECKED,
                                id_fmt, (int) ARRAYLENGTH(id_fmt));
                 }
 
@@ -1046,24 +1046,24 @@ nc_update_credtext(khui_nc_wnd_data * d)
             kcdb_identity_get_name(d->nc->identities[0], id_name, &cbbuf);
             kcdb_identity_get_flags(d->nc->identities[0], &flags);
             if(flags & KCDB_IDENT_FLAG_INVALID) {
-                LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_INVALID, 
+                LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_INVALID,
                            id_fmt, (int) ARRAYLENGTH(id_fmt));
             } else if(flags & KCDB_IDENT_FLAG_VALID) {
-                LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_VALID, 
+                LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_VALID,
                            id_fmt, (int) ARRAYLENGTH(id_fmt));
             } else {
-                LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_UNCHECKED, 
+                LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_UNCHECKED,
                            id_fmt, (int) ARRAYLENGTH(id_fmt));
             }
             StringCbPrintf(id_string, sizeof(id_string), id_fmt, id_name);
 
-            StringCbPrintf(buf, NC_MAXCB_CREDTEXT - cch*sizeof(wchar_t), 
+            StringCbPrintf(buf, NC_MAXCB_CREDTEXT - cch*sizeof(wchar_t),
                            main_fmt, id_string, ids_string);
 
             PFREE(ids_string);
         }
     } else {
-        LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_NONE, 
+        LoadString(khm_hInstance, IDS_NC_CREDTEXT_ID_NONE,
                    buf, (int)(NC_MAXCCH_CREDTEXT - cch));
     }
 
@@ -1078,7 +1078,7 @@ nc_update_credtext(khui_nc_wnd_data * d)
 
         for(i=0; i<d->nc->n_types; i++) {
             if(d->nc->types[i]->credtext != NULL) {
-                StringCbCatEx(buf, cb, 
+                StringCbCatEx(buf, cb,
                               d->nc->types[i]->credtext,
                               &buf, &cb,
                               0);
@@ -1097,7 +1097,7 @@ nc_update_credtext(khui_nc_wnd_data * d)
     if(d->nc->n_identities > 0) {
         khm_int32 flags = 0;
 
-        if(KHM_SUCCEEDED(kcdb_identity_get_flags(d->nc->identities[0], 
+        if(KHM_SUCCEEDED(kcdb_identity_get_flags(d->nc->identities[0],
                                                &flags)) &&
            (flags & KCDB_IDENT_FLAG_VALID)) {
             validId = TRUE;
@@ -1117,7 +1117,7 @@ nc_update_credtext(khui_nc_wnd_data * d)
                 LoadString(khm_hInstance, IDS_WTPOST_PASSWORD,
                            wpostfix, (int) ARRAYLENGTH(wpostfix));
             else
-                LoadString(khm_hInstance, IDS_WTPOST_NEW_CREDS, 
+                LoadString(khm_hInstance, IDS_WTPOST_NEW_CREDS,
                            wpostfix, (int) ARRAYLENGTH(wpostfix));
 
             StringCbCat(wtitle, sizeof(wtitle), wpostfix);
@@ -1130,7 +1130,7 @@ nc_update_credtext(khui_nc_wnd_data * d)
                 LoadString(khm_hInstance, IDS_WT_PASSWORD,
                            wtitle, (int) ARRAYLENGTH(wtitle));
             else
-                LoadString(khm_hInstance, IDS_WT_NEW_CREDS, 
+                LoadString(khm_hInstance, IDS_WT_NEW_CREDS,
                            wtitle, (int) ARRAYLENGTH(wtitle));
 
             SetWindowText(d->nc->hwnd, wtitle);
@@ -1336,7 +1336,7 @@ nc_layout_new_cred_window(khui_nc_wnd_data * ncd) {
 
 #define CW_PARAM DWLP_USER
 
-static LRESULT 
+static LRESULT
 nc_handle_wm_create(HWND hwnd,
                     UINT uMsg,
                     WPARAM wParam,
@@ -1415,7 +1415,7 @@ nc_handle_wm_create(HWND hwnd,
         RECT r_area;
         RECT r_row;
         HWND hw;
-            
+
         /* During the operation of the new credentials window, we will
            need to dynamically change the layout of the controls as a
            result of custom prompting from credentials providers and
@@ -1616,7 +1616,7 @@ nc_handle_wm_create(HWND hwnd,
 
 /* add a control row supplied by an identity provider */
 static void
-nc_add_control_row(khui_nc_wnd_data * d, 
+nc_add_control_row(khui_nc_wnd_data * d,
                    HWND label,
                    HWND input,
                    khui_control_size size)
@@ -1697,7 +1697,7 @@ nc_add_control_row(khui_nc_wnd_data * d,
 }
 
 
-static LRESULT 
+static LRESULT
 nc_handle_wm_destroy(HWND hwnd,
                      UINT uMsg,
                      WPARAM wParam,
@@ -1733,7 +1733,7 @@ nc_handle_wm_destroy(HWND hwnd,
     return TRUE;
 }
 
-static LRESULT 
+static LRESULT
 nc_handle_wm_command(HWND hwnd,
                      UINT uMsg,
                      WPARAM wParam,
@@ -1761,9 +1761,9 @@ nc_handle_wm_command(HWND hwnd,
 
             nc_enable_controls(d, FALSE);
 
-            nc_notify_types(d->nc, 
-                            KHUI_WM_NC_NOTIFY, 
-                            MAKEWPARAM(0,WMNC_DIALOG_PREPROCESS), 
+            nc_notify_types(d->nc,
+                            KHUI_WM_NC_NOTIFY,
+                            MAKEWPARAM(0,WMNC_DIALOG_PREPROCESS),
                             (LPARAM) d->nc,
                             TRUE);
 
@@ -1795,10 +1795,10 @@ nc_handle_wm_command(HWND hwnd,
             return FALSE;
 
         case IDC_NC_BASIC:
-        case IDC_NC_ADVANCED: 
+        case IDC_NC_ADVANCED:
             /* the Options button in the main window was clicked.  we
                respond by expanding the dialog. */
-            PostMessage(hwnd, KHUI_WM_NC_NOTIFY, 
+            PostMessage(hwnd, KHUI_WM_NC_NOTIFY,
                         MAKEWPARAM(0, WMNC_DIALOG_EXPAND), 0);
             return FALSE;
 
@@ -1818,7 +1818,7 @@ nc_handle_wm_command(HWND hwnd,
                 StringCchCopyN(sid, ARRAYLENGTH(sid), l->id, l->id_len);
                 sid[l->id_len] = L'\0'; /* just make sure */
 
-                if(l->param != NULL && 
+                if(l->param != NULL &&
                    l->param_len < ARRAYLENGTH(sparam) &&
                    l->param_len > 0) {
 
@@ -1870,7 +1870,7 @@ nc_handle_wm_command(HWND hwnd,
                     khm_int32 credtype;
                     khui_new_creds_by_type * t;
 
-                    if (KHM_SUCCEEDED(kcdb_credtype_get_id(sparam, 
+                    if (KHM_SUCCEEDED(kcdb_credtype_get_id(sparam,
                                                            &credtype)) &&
                         KHM_SUCCEEDED(khui_cw_find_type(d->nc,
                                                         credtype, &t))) {
@@ -1918,7 +1918,7 @@ static LRESULT nc_handle_wm_moving(HWND hwnd,
     if (d == NULL)
         return FALSE;
 
-    nc_notify_types(d->nc, KHUI_WM_NC_NOTIFY, 
+    nc_notify_types(d->nc, KHUI_WM_NC_NOTIFY,
                     MAKEWPARAM(0, WMNC_DIALOG_MOVE), (LPARAM) d->nc, TRUE);
 
     return FALSE;
@@ -1996,7 +1996,7 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
                     d->nc->types[i]->hwnd_panel = NULL;
                 } else {
                     /* Create the dialog panel */
-                    d->nc->types[i]->hwnd_panel = 
+                    d->nc->types[i]->hwnd_panel =
                         CreateDialogParam(d->nc->types[i]->h_module,
                                           d->nc->types[i]->dlg_template,
                                           d->nc->hwnd,
@@ -2035,7 +2035,7 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
 
             tabitem.mask = TCIF_PARAM | TCIF_TEXT;
 
-            LoadString(khm_hInstance, IDS_NC_IDENTITY, 
+            LoadString(khm_hInstance, IDS_NC_IDENTITY,
                        wname, ARRAYLENGTH(wname));
 
             tabitem.pszText = wname;
@@ -2050,9 +2050,9 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
 
                 /* We should sort the tabs first.  See
                    nc_tab_sort_func() for sort criteria. */
-                qsort(d->nc->types, 
-                      d->nc->n_types, 
-                      sizeof(*(d->nc->types)), 
+                qsort(d->nc->types,
+                      d->nc->n_types,
+                      sizeof(*(d->nc->types)),
                       nc_tab_sort_func);
 
                 for(i=0; i < d->nc->n_types;i++) {
@@ -2068,9 +2068,9 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
 
                         if(KHM_FAILED
                            (kcdb_credtype_describe
-                            (d->nc->types[i]->type, 
-                             wname, 
-                             &cbsize, 
+                            (d->nc->types[i]->type,
+                             wname,
+                             &cbsize,
                              KCDB_TS_SHORT))) {
 
 #ifdef DEBUG
@@ -2207,7 +2207,7 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
             }
 
             for(i=0;i<d->nc->n_prompts;i++) {
-                if(!(d->nc->prompts[i]->flags & 
+                if(!(d->nc->prompts[i]->flags &
                      KHUI_NCPROMPT_FLAG_STOCK)) {
                     if(d->nc->prompts[i]->hwnd_static != NULL)
                         DestroyWindow(d->nc->prompts[i]->hwnd_static);
@@ -2251,7 +2251,7 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
 #if 0
             /* special case, we have one prompt and it is a password
                prompt.  very common */
-            if(d->nc->n_prompts == 1 && 
+            if(d->nc->n_prompts == 1 &&
                d->nc->prompts[0]->type == KHUI_NCPROMPT_TYPE_PASSWORD) {
 
                 hw = GetDlgItem(d->dlg_main, IDC_NC_PASSWORD);
@@ -2283,7 +2283,7 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
                      d->nc->pname,
                      SS_SUNKEN | WS_CHILD,
                      d->r_area.left, y,
-                     d->r_row.right, 
+                     d->r_row.right,
                      d->r_n_label.bottom - d->r_n_label.top,
                      d->dlg_main,
                      NULL,
@@ -2301,7 +2301,7 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
             }
 
             if (d->nc->banner != NULL) {
-                hw = 
+                hw =
                     CreateWindowEx
                     (0,
                      L"STATIC",
@@ -2334,8 +2334,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
                 if (d->nc->prompts[i]->prompt != NULL) {
                     SIZE s;
 
-                    GetTextExtentPoint32(hdc, 
-                                         d->nc->prompts[i]->prompt, 
+                    GetTextExtentPoint32(hdc,
+                                         d->nc->prompts[i]->prompt,
                                          (int) wcslen(d->nc->prompts[i]->prompt),
                                          &s);
 
@@ -2352,8 +2352,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
                 int dy;
 
                 if(d->nc->prompts[i]->prompt != NULL) {
-                    GetTextExtentPoint32(hdc, 
-                                         d->nc->prompts[i]->prompt, 
+                    GetTextExtentPoint32(hdc,
+                                         d->nc->prompts[i]->prompt,
                                          (int) wcslen(d->nc->prompts[i]->prompt),
                                          &s);
                     if(s.cx < d->r_n_label.right - d->r_n_label.left &&
@@ -2372,11 +2372,11 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
                         pr.left = 0;
                         pr.right = d->r_row.right;
                         pr.top = 0;
-                        pr.bottom = d->r_n_label.bottom - 
+                        pr.bottom = d->r_n_label.bottom -
                             d->r_n_label.top;
                         CopyRect(&er, &d->r_n_input);
                         OffsetRect(&er, 0, pr.bottom);
-                        dy = er.bottom + (d->r_row.bottom - 
+                        dy = er.bottom + (d->r_row.bottom -
                                           d->r_n_input.bottom);
                     }
                 } else {
@@ -2405,7 +2405,7 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
                     assert(hw);
 #endif
 
-                    SendMessage(hw, WM_SETFONT, 
+                    SendMessage(hw, WM_SETFONT,
                                 (WPARAM) hf, (LPARAM) TRUE);
 
                     SetWindowPos(hw, hw_prev,
@@ -2423,11 +2423,11 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
                 hw = CreateWindowEx
                     (0,
                      L"EDIT",
-                     (d->nc->prompts[i]->def ? 
+                     (d->nc->prompts[i]->def ?
                       d->nc->prompts[i]->def : L""),
                      WS_CHILD | WS_TABSTOP |
                      WS_BORDER | ES_AUTOHSCROLL |
-                     ((d->nc->prompts[i]->flags & 
+                     ((d->nc->prompts[i]->flags &
                        KHUI_NCPROMPT_FLAG_HIDDEN)? ES_PASSWORD:0),
                      er.left, er.top,
                      er.right - er.left, er.bottom - er.top,
@@ -2440,13 +2440,13 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
                 assert(hw);
 #endif
 
-                SendMessage(hw, WM_SETFONT, 
+                SendMessage(hw, WM_SETFONT,
                             (WPARAM) hf, (LPARAM) TRUE);
 
                 SetWindowPos(hw, hw_prev,
-                             0, 0, 0, 0, 
-                             SWP_NOACTIVATE | SWP_NOMOVE | 
-                             SWP_NOOWNERZORDER | SWP_NOSIZE | 
+                             0, 0, 0, 0,
+                             SWP_NOACTIVATE | SWP_NOMOVE |
+                             SWP_NOOWNERZORDER | SWP_NOSIZE |
                              SWP_SHOWWINDOW);
 
                 SendMessage(hw, EM_SETLIMITTEXT,
@@ -2984,12 +2984,12 @@ HWND khm_create_newcredwnd(HWND parent, khui_new_creds * c)
 
     if (c->window_title == NULL) {
         if (c->subtype == KMSG_CRED_PASSWORD)
-            LoadString(khm_hInstance, 
+            LoadString(khm_hInstance,
                        IDS_WT_PASSWORD,
                        wtitle,
                        ARRAYLENGTH(wtitle));
         else
-            LoadString(khm_hInstance, 
+            LoadString(khm_hInstance,
                        IDS_WT_NEW_CREDS,
                        wtitle,
                        ARRAYLENGTH(wtitle));
@@ -3022,13 +3022,13 @@ HWND khm_create_newcredwnd(HWND parent, khui_new_creds * c)
 
 void khm_prep_newcredwnd(HWND hwnd)
 {
-    SendMessage(hwnd, KHUI_WM_NC_NOTIFY, 
+    SendMessage(hwnd, KHUI_WM_NC_NOTIFY,
                 MAKEWPARAM(0, WMNC_DIALOG_SETUP), 0);
 }
 
 void khm_show_newcredwnd(HWND hwnd)
 {
     /* add all the panels in and prep UI */
-    PostMessage(hwnd, KHUI_WM_NC_NOTIFY, 
+    PostMessage(hwnd, KHUI_WM_NC_NOTIFY,
                 MAKEWPARAM(0, WMNC_DIALOG_ACTIVATE), 0);
 }
diff --git a/src/windows/identity/ui/notifier.c b/src/windows/identity/ui/notifier.c
index 84db735c0..fe057c78f 100644
--- a/src/windows/identity/ui/notifier.c
+++ b/src/windows/identity/ui/notifier.c
@@ -62,10 +62,10 @@ typedef struct tag_alerter_wnd_data alerter_wnd_data;
 struct tag_alert_list;
 typedef struct tag_alert_list alert_list;
 
-static khm_int32 
+static khm_int32
 alert_show(khui_alert * a);
 
-static khm_int32 
+static khm_int32
 alert_show_minimized(khui_alert * a);
 
 static khm_int32
@@ -145,7 +145,7 @@ khm_int32    alert_queue_tail = 0;
 /* NOTE: the alert queue functions are unsafe to call from any thread
    other than the UI thread. */
 
-static void 
+static void
 alert_queue_put_alert(khui_alert * a) {
     if (is_alert_queue_full()) return;
     alert_queue[alert_queue_tail++] = a;
@@ -154,7 +154,7 @@ alert_queue_put_alert(khui_alert * a) {
 }
 
 /* the caller needs to release the alert that's returned  */
-static khui_alert * 
+static khui_alert *
 alert_queue_get_alert(void) {
     khui_alert * a;
 
@@ -228,7 +228,7 @@ alert_queue_delete_alert(khui_alert * a) {
 }
 
 /* the caller needs to release the alert that's returned */
-static khui_alert * 
+static khui_alert *
 alert_queue_peek(void) {
     khui_alert * a;
 
@@ -321,7 +321,7 @@ alert_list_destroy(alert_list * alist) {
 #endif
 
 
-static LRESULT CALLBACK 
+static LRESULT CALLBACK
 notifier_wnd_proc(HWND hwnd,
                   UINT uMsg,
                   WPARAM wParam,
@@ -410,7 +410,7 @@ notifier_wnd_proc(HWND hwnd,
         /* wParam is the identifier of the notify icon, but we only
            have one. */
         switch(lParam) {
-        case WM_CONTEXTMENU: 
+        case WM_CONTEXTMENU:
             {
                 POINT pt;
                 int menu_id;
@@ -497,10 +497,10 @@ notifier_wnd_proc(HWND hwnd,
                     !(a->flags & KHUI_ALERT_FLAG_REQUEST_WINDOW) &&
                     a->n_alert_commands > 0) {
                     PostMessage(khm_hwnd_main, WM_COMMAND,
-                                MAKEWPARAM(a->alert_commands[0], 
+                                MAKEWPARAM(a->alert_commands[0],
                                            0),
                                 0);
-                } else if (a->flags & 
+                } else if (a->flags &
                            KHUI_ALERT_FLAG_REQUEST_WINDOW) {
                     khm_show_main_window();
                     alert_show_normal(a);
@@ -545,7 +545,7 @@ notifier_wnd_proc(HWND hwnd,
     return DefWindowProc(hwnd, uMsg, wParam, lParam);
 }
 
-ATOM 
+ATOM
 khm_register_notifier_wnd_class(void)
 {
     WNDCLASSEX wcx;
@@ -1984,7 +1984,7 @@ alert_check_consolidate_window(alerter_wnd_data * d, khui_alert * a) {
     return n_added;
 }
 
-static khm_int32 
+static khm_int32
 alert_show_minimized(khui_alert * a) {
     wchar_t tbuf[64];           /* corresponds to NOTIFYICONDATA::szInfoTitle[] */
     wchar_t mbuf[256];          /* corresponds to NOTIFYICONDATA::szInfo[] */
@@ -2060,7 +2060,7 @@ alert_show_minimized(khui_alert * a) {
     return KHM_ERROR_SUCCESS;
 }
 
-static khm_int32 
+static khm_int32
 alert_show_normal(khui_alert * a) {
     wchar_t buf[256];
     wchar_t * title;
@@ -2069,7 +2069,7 @@ alert_show_normal(khui_alert * a) {
     khui_alert_lock(a);
 
     if(a->title == NULL) {
-        LoadString(khm_hInstance, IDS_ALERT_DEFAULT, 
+        LoadString(khm_hInstance, IDS_ALERT_DEFAULT,
                    buf, ARRAYLENGTH(buf));
         title = buf;
     } else
@@ -2096,7 +2096,7 @@ alert_show_list(alert_list * alist) {
        because the window procedure adds it to the dialog
        list automatically */
 
-    hwa = 
+    hwa =
         CreateWindowEx(ALERT_WINDOW_EX_SYLES,
                        MAKEINTATOM(atom_alerter),
                        alist->title,
@@ -2112,7 +2112,7 @@ alert_show_list(alert_list * alist) {
     return (hwa != NULL);
 }
 
-static khm_int32 
+static khm_int32
 alert_show(khui_alert * a) {
     khm_boolean show_normal = FALSE;
     khm_boolean show_mini = FALSE;
@@ -2309,7 +2309,7 @@ alert_enqueue(khui_alert * a) {
 }
 
 /* the alerter window is actually a dialog */
-static LRESULT CALLBACK 
+static LRESULT CALLBACK
 alerter_wnd_proc(HWND hwnd,
                  UINT uMsg,
                  WPARAM wParam,
@@ -2356,7 +2356,7 @@ alerter_wnd_proc(HWND hwnd,
             //khm_leave_modal();
             khm_del_dialog(hwnd);
 
-            d = (alerter_wnd_data *)(LONG_PTR) 
+            d = (alerter_wnd_data *)(LONG_PTR)
                 GetWindowLongPtr(hwnd, NTF_PARAM);
 
             if (d) {
@@ -2372,7 +2372,7 @@ alerter_wnd_proc(HWND hwnd,
         {
             alerter_wnd_data * d;
 
-            d = (alerter_wnd_data *)(LONG_PTR) 
+            d = (alerter_wnd_data *)(LONG_PTR)
                 GetWindowLongPtr(hwnd, NTF_PARAM);
 
             if(HIWORD(wParam) == BN_CLICKED) {
@@ -2404,7 +2404,7 @@ alerter_wnd_proc(HWND hwnd,
     return DefDlgProc(hwnd, uMsg, wParam, lParam);
 }
 
-static LRESULT CALLBACK 
+static LRESULT CALLBACK
 alert_bin_wnd_proc(HWND hwnd,
                    UINT uMsg,
                    WPARAM wParam,
@@ -2576,8 +2576,8 @@ alert_bin_wnd_proc(HWND hwnd,
                     else
                         iid = OIC_NOTE;
 
-                    hicon = (HICON) LoadImage(NULL, 
-                                              MAKEINTRESOURCE(iid), 
+                    hicon = (HICON) LoadImage(NULL,
+                                              MAKEINTRESOURCE(iid),
                                               IMAGE_ICON,
                                               GetSystemMetrics(SM_CXICON),
                                               GetSystemMetrics(SM_CYICON),
@@ -2850,7 +2850,7 @@ void khm_notify_icon_add(void) {
     Shell_NotifyIcon(NIM_SETVERSION, &ni);
 }
 
-void 
+void
 khm_notify_icon_balloon(khm_int32 severity,
                          wchar_t * title,
                          wchar_t * msg,
@@ -2886,16 +2886,16 @@ khm_notify_icon_balloon(khm_int32 severity,
     if (FAILED(StringCbCopy(ni.szInfo, sizeof(ni.szInfo), msg))) {
         /* too long? */
         StringCchCopyN(ni.szInfo, ARRAYLENGTH(ni.szInfo),
-                       msg, 
+                       msg,
                        ARRAYLENGTH(ni.szInfo) - ARRAYLENGTH(ELLIPSIS));
         StringCchCat(ni.szInfo, ARRAYLENGTH(ni.szInfo),
                      ELLIPSIS);
     }
 
-    if (FAILED(StringCbCopy(ni.szInfoTitle, sizeof(ni.szInfoTitle), 
+    if (FAILED(StringCbCopy(ni.szInfoTitle, sizeof(ni.szInfoTitle),
                             title))) {
         StringCchCopyN(ni.szInfoTitle, ARRAYLENGTH(ni.szInfoTitle),
-                       title, 
+                       title,
                        ARRAYLENGTH(ni.szInfoTitle) - ARRAYLENGTH(ELLIPSIS));
         StringCchCat(ni.szInfoTitle, ARRAYLENGTH(ni.szInfoTitle),
                      ELLIPSIS);
@@ -3051,7 +3051,7 @@ void khm_notify_icon_activate(void) {
             (a->n_alert_commands > 0)) {
 
             PostMessage(khm_hwnd_main, WM_COMMAND,
-                        MAKEWPARAM(a->alert_commands[0], 
+                        MAKEWPARAM(a->alert_commands[0],
                                    0),
                         0);
             alert_done = TRUE;
@@ -3171,4 +3171,3 @@ void khm_exit_notifier(void)
 
     notifier_ready = FALSE;
 }
-
diff --git a/src/windows/identity/ui/notifier.h b/src/windows/identity/ui/notifier.h
index 2bdbdf701..4366fcb07 100644
--- a/src/windows/identity/ui/notifier.h
+++ b/src/windows/identity/ui/notifier.h
@@ -39,19 +39,19 @@ enum khm_notif_expstate {
 extern khm_int32 khm_notifier_actions[];
 extern khm_size  n_khm_notifier_actions;
 
-void 
+void
 khm_init_notifier(void);
 
-void 
+void
 khm_exit_notifier(void);
 
-void 
+void
 khm_notify_icon_change(khm_int32 severity);
 
 void
 khm_notify_icon_tooltip(wchar_t * s);
 
-void 
+void
 khm_notify_icon_balloon(khm_int32 severity,
                          wchar_t * title,
                          wchar_t * msg,
diff --git a/src/windows/identity/ui/passwnd.c b/src/windows/identity/ui/passwnd.c
index 65cc06fe7..e9c266051 100644
--- a/src/windows/identity/ui/passwnd.c
+++ b/src/windows/identity/ui/passwnd.c
@@ -4,8 +4,8 @@ static ATOM sAtom = 0;
 static HINSTANCE shInstance = 0;
 
 /* Callback for the MITPasswordControl
-This is a replacement for the normal edit control.  It does not show the 
-annoying password char in the edit box so that the number of chars in the 
+This is a replacement for the normal edit control.  It does not show the
+annoying password char in the edit box so that the number of chars in the
 password are not known.
 */
 
@@ -25,10 +25,10 @@ MITPasswordEditProc(
 {
     static SIZE pwdcharsz;
     BOOL pass_the_buck = FALSE;
-  
+
     if (message > WM_USER && message < 0x7FFF)
         pass_the_buck = TRUE;
-  
+
     switch(message)
     {
     case WM_GETTEXT:
@@ -41,7 +41,7 @@ MITPasswordEditProc(
         HDC hdc;
         PAINTSTRUCT ps;
         RECT r;
-        
+
         hdc = BeginPaint(hWnd, &ps);
         GetClientRect(hWnd, &r);
         Rectangle(hdc, 0, 0, r.right, r.bottom);
@@ -69,7 +69,7 @@ MITPasswordEditProc(
         hdc = GetDC(hWnd);
         GetTextExtentPoint32(hdc, &pwdchar, 1, &pwdcharsz);
         ReleaseDC(hWnd, hdc);
-        
+
         heditchild =
             CreateWindow(L"edit", L"", WS_CHILD | WS_VISIBLE | ES_AUTOHSCROLL |
                          ES_LEFT | ES_PASSWORD | WS_TABSTOP,
@@ -82,7 +82,7 @@ MITPasswordEditProc(
     }
     break;
     }
-  
+
     if (pass_the_buck)
         return SendMessage(GetDlgItem(hWnd, 1), message, wParam, lParam);
     return DefWindowProc(hWnd, message, wParam, lParam);
@@ -106,7 +106,7 @@ khm_register_passwnd_class(void)
         wndclass.hbrBackground = (void *)(COLOR_WINDOW + 1);
         wndclass.lpszClassName = MIT_PWD_DLL_CLASS;
         wndclass.hCursor = LoadCursor((HINSTANCE)NULL, IDC_IBEAM);
-    
+
         sAtom = RegisterClass(&wndclass);
     }
 
diff --git a/src/windows/identity/ui/propertywnd.c b/src/windows/identity/ui/propertywnd.c
index 340684889..5f3030e59 100644
--- a/src/windows/identity/ui/propertywnd.c
+++ b/src/windows/identity/ui/propertywnd.c
@@ -123,7 +123,7 @@ LRESULT CALLBACK khui_property_wnd_proc(
     pw_data * child;
 
     switch(msg) {
-        case WM_CREATE: 
+        case WM_CREATE:
             {
                 CREATESTRUCT * cs;
                 LVCOLUMN lvc;
@@ -140,18 +140,18 @@ LRESULT CALLBACK khui_property_wnd_proc(
 #pragma warning(pop)
 
                 child->hwnd_lv = CreateWindow(
-                    WC_LISTVIEW, 
+                    WC_LISTVIEW,
                     L"",
                     WS_CHILD | WS_VISIBLE | WS_HSCROLL | WS_VSCROLL |
                     LVS_REPORT | LVS_SORTASCENDING,
                     0, 0,
                     cs->cx, cs->cy,
-                    hwnd, 
-                    (HMENU) ID_LISTVIEW, 
-                    khm_hInstance, 
+                    hwnd,
+                    (HMENU) ID_LISTVIEW,
+                    khm_hInstance,
                     NULL);
 
-                ListView_SetExtendedListViewStyle(child->hwnd_lv, 
+                ListView_SetExtendedListViewStyle(child->hwnd_lv,
                     LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES);
 
                 ZeroMemory(&lvc, sizeof(lvc));
diff --git a/src/windows/identity/ui/reqdaemon.c b/src/windows/identity/ui/reqdaemon.c
index 20b126e27..ce3e0f9ed 100644
--- a/src/windows/identity/ui/reqdaemon.c
+++ b/src/windows/identity/ui/reqdaemon.c
@@ -281,7 +281,7 @@ reqdaemonwnd_proc(HWND hwnd,
 
             dlginfo.size = NETID_DLGINFO_V1_SZ;
             dlginfo.dlgtype = NETID_DLGTYPE_TGT;
-            
+
             if (title)
                 StringCbCopy(dlginfo.in.title, sizeof(dlginfo.in.title),
                              wtitle);
@@ -415,7 +415,7 @@ khm_register_reqdaemonwnd_class(void) {
 
 #ifdef DEBUG
     assert(reqdaemon_atom != 0);
-#endif    
+#endif
 }
 
 void
@@ -441,7 +441,7 @@ khm_init_request_daemon(void) {
 
 #ifdef DEBUG
     assert(reqdaemon_thread != NULL);
-#endif    
+#endif
 }
 
 void
diff --git a/src/windows/identity/ui/resource.h b/src/windows/identity/ui/resource.h
index 19cd49de6..d14a95fde 100644
--- a/src/windows/identity/ui/resource.h
+++ b/src/windows/identity/ui/resource.h
@@ -410,7 +410,7 @@
 #define IDA_ENTER                       40009
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        214
diff --git a/src/windows/identity/ui/statusbar.c b/src/windows/identity/ui/statusbar.c
index b785dfdd0..51b7ad302 100644
--- a/src/windows/identity/ui/statusbar.c
+++ b/src/windows/identity/ui/statusbar.c
@@ -43,7 +43,7 @@ int khm_n_statusbar_parts = sizeof(khm_statusbar_parts) / sizeof(khm_statusbar_p
 
 HWND khm_hwnd_statusbar = NULL;
 
-LRESULT 
+LRESULT
 khm_statusbar_notify(LPNMHDR nmhdr) {
     LPNMMOUSE pnmm;
 
@@ -66,7 +66,7 @@ khm_statusbar_notify(LPNMHDR nmhdr) {
     return FALSE;
 }
 
-void 
+void
 khui_statusbar_set_parts(HWND parent) {
     int i;
     int fillerwidth;
@@ -204,5 +204,3 @@ void khm_statusbar_set_part(int id, HICON icon, wchar_t * text) {
                 idx,
                 (LPARAM) text);
 }
-
-
diff --git a/src/windows/identity/ui/timer.c b/src/windows/identity/ui/timer.c
index 9a270c3ee..b481ead37 100644
--- a/src/windows/identity/ui/timer.c
+++ b/src/windows/identity/ui/timer.c
@@ -57,7 +57,7 @@ CRITICAL_SECTION cs_timers;
 
 #define KHUI_TIMER_ALLOC_INCR 16
 
-void 
+void
 khm_timer_init(void) {
 #ifdef DEBUG
     assert(khui_timers == NULL);
@@ -118,7 +118,7 @@ tmr_fire_timer(void) {
     ZeroMemory(tmr_offset, sizeof(tmr_offset));
 
     for (i=0; i < (int) khui_n_timers; i++) {
-        if (!(khui_timers[i].flags & 
+        if (!(khui_timers[i].flags &
               (KHUI_TE_FLAG_STALE | KHUI_TE_FLAG_EXPIRED)) &&
             khui_timers[i].type != KHUI_TTYPE_ID_MARK &&
             khui_timers[i].expire < curtime + err) {
@@ -157,7 +157,7 @@ tmr_fire_timer(void) {
                         tmr_offset[t] > khui_timers[i].offset)
                         tmr_offset[t] = khui_timers[i].offset;
                     if (next_event == 0 ||
-                        next_event > 
+                        next_event >
                         khui_timers[i].expire + khui_timers[i].offset)
                         next_event = khui_timers[i].expire +
                             khui_timers[i].offset;
@@ -245,7 +245,7 @@ tmr_fire_timer(void) {
                 LoadString(khm_hInstance, IDS_WARN_EXPIRED,
                            wmsg, ARRAYLENGTH(wmsg));
             } else {
-                LoadString(khm_hInstance, IDS_WARN_EXPIRE, 
+                LoadString(khm_hInstance, IDS_WARN_EXPIRE,
                            fmt, ARRAYLENGTH(fmt));
 
                 StringCbPrintf(wmsg, sizeof(wmsg), fmt, wtime);
@@ -279,7 +279,7 @@ tmr_fire_timer(void) {
 
 }
 
-void 
+void
 khm_timer_fire(HWND hwnd) {
     EnterCriticalSection(&cs_timers);
     tmr_fire_timer();
@@ -608,7 +608,7 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) {
             /* already expired */
             goto _done_with_ident;
 
-        rv = khc_open_space(NULL, L"CredWindow", KHM_PERM_READ, 
+        rv = khc_open_space(NULL, L"CredWindow", KHM_PERM_READ,
                             &csp_cw);
 
         assert(KHM_SUCCEEDED(rv));
@@ -631,7 +631,7 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) {
             do_warn = t;
 
         rv = khc_read_int32(csp_id, L"AllowCritical", &t);
-        if (KHM_SUCCEEDED(rv)) 
+        if (KHM_SUCCEEDED(rv))
             do_crit = t;
 
         rv = khc_read_int32(csp_id, L"AllowAutoRenew", &t);
@@ -683,7 +683,7 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) {
                 if (CompareFileTime(&fte, &ft_current) < 0)
                     fte = ft_current;
 
-                tmr_update(ident, KHUI_TTYPE_ID_RENEW, 
+                tmr_update(ident, KHUI_TTYPE_ID_RENEW,
                            FtToInt(&fte), FtToInt(&ft), 0,
                            CompareFileTime(&fte,&ft_creinst) > 0);
                 renew_done = TRUE;
@@ -725,7 +725,7 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) {
 
         if (monitor && !renew_done) {
             if (CompareFileTime(&ft_expiry, &ft_current) > 0)
-                tmr_update(ident, KHUI_TTYPE_ID_EXP, 
+                tmr_update(ident, KHUI_TTYPE_ID_EXP,
                            FtToInt(&ft_expiry), 0, 0,
                            CompareFileTime(&fte, &ft_creinst) > 0);
         }
@@ -784,7 +784,7 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) {
         fte = IntToFt(FtToInt(&ft_cred_expiry) - khui_timers[idx].offset);
         if (CompareFileTime(&fte, &ft_current) > 0) {
 	    tmr_update(cred, KHUI_TTYPE_CRED_WARN,
-		       FtToInt(&fte), 
+		       FtToInt(&fte),
 		       khui_timers[idx].offset, 0,
 		       CompareFileTime(&fte, &ft_creinst) > 0);
 	    kcdb_cred_hold(cred);
@@ -877,28 +877,28 @@ tmr_purge(void) {
                 {
                     int idx;
 
-                    idx = tmr_find(khui_timers[i].key, 
+                    idx = tmr_find(khui_timers[i].key,
                                    KHUI_TTYPE_ID_CRIT, 0, 0);
-                    assert(idx < 0 || 
-                           (khui_timers[idx].flags & 
+                    assert(idx < 0 ||
+                           (khui_timers[idx].flags &
                             KHUI_TE_FLAG_STALE));
 
-                    idx = tmr_find(khui_timers[i].key, 
+                    idx = tmr_find(khui_timers[i].key,
                                    KHUI_TTYPE_ID_RENEW, 0, 0);
-                    assert(idx < 0 || 
-                           (khui_timers[idx].flags & 
+                    assert(idx < 0 ||
+                           (khui_timers[idx].flags &
                             KHUI_TE_FLAG_STALE));
 
-                    idx = tmr_find(khui_timers[i].key, 
+                    idx = tmr_find(khui_timers[i].key,
                                    KHUI_TTYPE_ID_WARN, 0, 0);
-                    assert(idx < 0 || 
-                           (khui_timers[idx].flags & 
+                    assert(idx < 0 ||
+                           (khui_timers[idx].flags &
                             KHUI_TE_FLAG_STALE));
 
-                    idx = tmr_find(khui_timers[i].key, 
+                    idx = tmr_find(khui_timers[i].key,
                                    KHUI_TTYPE_ID_EXP, 0, 0);
-                    assert(idx < 0 || 
-                           (khui_timers[idx].flags & 
+                    assert(idx < 0 ||
+                           (khui_timers[idx].flags &
                             KHUI_TE_FLAG_STALE));
                 }
 #endif
@@ -920,7 +920,7 @@ tmr_purge(void) {
 
 /* go through all the credentials and set timers as appropriate.  hwnd
    is the window that will receive the timer events.*/
-void 
+void
 khm_timer_refresh(HWND hwnd) {
     int i;
     khm_int64 next_event = 0;
diff --git a/src/windows/identity/ui/timer.h b/src/windows/identity/ui/timer.h
index af4ece723..91ca52032 100644
--- a/src/windows/identity/ui/timer.h
+++ b/src/windows/identity/ui/timer.h
@@ -35,7 +35,7 @@ typedef enum tag_khui_timer_type {
     KHUI_TTYPE_ID_CRIT,         /* Identity critical */
     KHUI_TTYPE_ID_WARN,         /* Identity warning */
     KHUI_TTYPE_CRED_EXP,        /* Credential expiration */
-    KHUI_TTYPE_CRED_CRIT,       /* Credential critical */ 
+    KHUI_TTYPE_CRED_CRIT,       /* Credential critical */
     KHUI_TTYPE_CRED_WARN,       /* Credential warning */
 
     KHUI_N_TTYPES,              /* Count of the timers that we
diff --git a/src/windows/identity/ui/toolbar.c b/src/windows/identity/ui/toolbar.c
index c543e6923..4a3c61f7f 100644
--- a/src/windows/identity/ui/toolbar.c
+++ b/src/windows/identity/ui/toolbar.c
@@ -142,17 +142,17 @@ LRESULT khm_toolbar_notify(LPNMHDR notice) {
                 HBITMAP hbmp;
                 RECT r;
 
-                khui_action * act = 
+                khui_action * act =
                     khui_find_action((int) nmcd->nmcd.dwItemSpec);
 
                 if(!act || !act->ib_normal)
                     return CDRF_DODEFAULT;
 
-                if((act->state & KHUI_ACTIONSTATE_DISABLED) && 
+                if((act->state & KHUI_ACTIONSTATE_DISABLED) &&
                    act->ib_disabled) {
                     ibmp = act->ib_disabled;
-                } else if(act->ib_hot && 
-                          ((nmcd->nmcd.uItemState & CDIS_HOT) || 
+                } else if(act->ib_hot &&
+                          ((nmcd->nmcd.uItemState & CDIS_HOT) ||
                            (nmcd->nmcd.uItemState & CDIS_SELECTED))){
                     ibmp = act->ib_hot;
                 } else {
@@ -161,15 +161,15 @@ LRESULT khm_toolbar_notify(LPNMHDR notice) {
 
                 iidx = khui_ilist_lookup_id(ilist_toolbar, ibmp);
                 if(iidx < 0) {
-                    hbmp = LoadImage(khm_hInstance, 
-                                     MAKEINTRESOURCE(ibmp), 
-                                     IMAGE_BITMAP, 
-                                     KHUI_TOOLBAR_IMAGE_WIDTH, 
+                    hbmp = LoadImage(khm_hInstance,
+                                     MAKEINTRESOURCE(ibmp),
+                                     IMAGE_BITMAP,
+                                     KHUI_TOOLBAR_IMAGE_WIDTH,
                                      KHUI_TOOLBAR_IMAGE_HEIGHT, 0);
-                    iidx = 
-                        khui_ilist_add_masked_id(ilist_toolbar, 
-                                                 hbmp, 
-                                                 KHUI_TOOLBAR_BGCOLOR, 
+                    iidx =
+                        khui_ilist_add_masked_id(ilist_toolbar,
+                                                 hbmp,
+                                                 KHUI_TOOLBAR_BGCOLOR,
                                                  ibmp);
                     DeleteObject(hbmp);
                 }
@@ -183,14 +183,14 @@ LRESULT khm_toolbar_notify(LPNMHDR notice) {
                 r.top += ((r.bottom - r.top) -
                           KHUI_TOOLBAR_IMAGE_HEIGHT) / 2;
 #if 0
-                r.left += ((r.right - r.left) - 
+                r.left += ((r.right - r.left) -
                            KHUI_TOOLBAR_IMAGE_WIDTH) / 2;
 #endif
-                khui_ilist_draw(ilist_toolbar, 
-                                iidx, 
-                                nmcd->nmcd.hdc, 
+                khui_ilist_draw(ilist_toolbar,
+                                iidx,
+                                nmcd->nmcd.hdc,
                                 r.left,
-                                r.top, 
+                                r.top,
                                 0);
 
                 return CDRF_DODEFAULT;
@@ -231,15 +231,15 @@ void khui_add_action_to_toolbar(HWND tb, khui_action *a, int opt, HIMAGELIST hiL
 
     if(opt & KHUI_TOOLBAR_ADD_TEXT) {
         int sid = 0;
-        if((opt & KHUI_TOOLBAR_ADD_LONGTEXT) == 
+        if((opt & KHUI_TOOLBAR_ADD_LONGTEXT) ==
            KHUI_TOOLBAR_ADD_LONGTEXT) {
             sid = a->is_tooltip;
         }
         if(!sid)
             sid = a->is_caption;
         if(sid) {
-            LoadString(khm_hInstance, 
-                       sid, 
+            LoadString(khm_hInstance,
+                       sid,
                        buf, ARRAYLENGTH(buf));
             buf[wcslen(buf) + 1] = L'\0';
             idx_caption = (int) SendMessage(tb,
@@ -312,8 +312,8 @@ void khm_update_standard_toolbar(void)
             BOOL enable;
 
             enable = !(act->state & KHUI_ACTIONSTATE_DISABLED);
-            SendMessage(khui_hwnd_standard_toolbar, 
-                        TB_ENABLEBUTTON, 
+            SendMessage(khui_hwnd_standard_toolbar,
+                        TB_ENABLEBUTTON,
                         (WPARAM) act->cmd,
                         MAKELPARAM(enable, 0));
         }
@@ -347,9 +347,9 @@ void khm_create_standard_toolbar(HWND rebar) {
                           (LPWSTR) NULL,
                           WS_CHILD |
                           TBSTYLE_FLAT |
-                          TBSTYLE_AUTOSIZE | 
+                          TBSTYLE_AUTOSIZE |
                           TBSTYLE_TOOLTIPS |
-                          CCS_NORESIZE | 
+                          CCS_NORESIZE |
                           CCS_NOPARENTALIGN |
                           CCS_ADJUSTABLE |
                           CCS_NODIVIDER,
@@ -376,10 +376,10 @@ void khm_create_standard_toolbar(HWND rebar) {
         (int) khui_action_list_length(def->items),
         3);
 
-    hbm_blank = LoadImage(khm_hInstance, 
-                          MAKEINTRESOURCE(IDB_TB_BLANK), 
-                          IMAGE_BITMAP, 
-                          KHUI_TOOLBAR_IMAGE_WIDTH, 
+    hbm_blank = LoadImage(khm_hInstance,
+                          MAKEINTRESOURCE(IDB_TB_BLANK),
+                          IMAGE_BITMAP,
+                          KHUI_TOOLBAR_IMAGE_WIDTH,
                           KHUI_TOOLBAR_IMAGE_HEIGHT, 0);
     idx_blank = ImageList_AddMasked(hiList, hbm_blank, RGB(0,0,0));
 
@@ -412,14 +412,14 @@ void khm_create_standard_toolbar(HWND rebar) {
 
     while(aref && aref->action != KHUI_MENU_END) {
         if(aref->action == KHUI_MENU_SEP) {
-            khui_add_action_to_toolbar(hwtb, 
-                                       NULL, 
-                                       KHUI_TOOLBAR_ADD_SEP, 
+            khui_add_action_to_toolbar(hwtb,
+                                       NULL,
+                                       KHUI_TOOLBAR_ADD_SEP,
                                        hiList);
         } else {
             act = khui_find_action(aref->action);
-            khui_add_action_to_toolbar(hwtb, 
-                                       act, 
+            khui_add_action_to_toolbar(hwtb,
+                                       act,
                                        KHUI_TOOLBAR_ADD_BITMAP |
                                        ((aref->flags & KHUI_ACTIONREF_SUBMENU)?
                                         KHUI_TOOLBAR_ADD_DROPDOWN: 0),
@@ -442,14 +442,14 @@ void khm_create_standard_toolbar(HWND rebar) {
     ZeroMemory(&rbi, sizeof(rbi));
 
     rbi.cbSize = sizeof(rbi);
-    rbi.fMask = 
+    rbi.fMask =
         RBBIM_ID |
-        RBBIM_CHILD | 
-        RBBIM_CHILDSIZE | 
-        RBBIM_IDEALSIZE | 
-        RBBIM_SIZE | 
+        RBBIM_CHILD |
+        RBBIM_CHILDSIZE |
+        RBBIM_IDEALSIZE |
+        RBBIM_SIZE |
         RBBIM_STYLE;
-    rbi.fStyle =  
+    rbi.fStyle =
         RBBS_USECHEVRON |
         RBBS_BREAK;
     rbi.hwndChild = hwtb;
diff --git a/src/windows/identity/uilib/action.c b/src/windows/identity/uilib/action.c
index 04fb52a84..50a72ef37 100644
--- a/src/windows/identity/uilib/action.c
+++ b/src/windows/identity/uilib/action.c
@@ -275,12 +275,12 @@ HWND khui_hwnd_main;			/* main window, for notifying
                                            dispatching messages to the
                                            application. */
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_init_actions(void) {
     InitializeCriticalSection(&cs_actions);
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_exit_actions(void) {
     DeleteCriticalSection(&cs_actions);
 }
@@ -441,7 +441,7 @@ khui_action_delete(khm_int32 action) {
 
 #define MENU_NC_ITEMS 8
 
-KHMEXP khui_menu_def * KHMAPI 
+KHMEXP khui_menu_def * KHMAPI
 khui_menu_create(khm_int32 action)
 {
     khui_menu_def * d;
@@ -512,7 +512,7 @@ khui_action_trigger(khm_int32 action, khui_action_context * ctx) {
     }
 }
 
-KHMEXP khui_menu_def * KHMAPI 
+KHMEXP khui_menu_def * KHMAPI
 khui_menu_dup(khui_menu_def * src)
 {
     khui_menu_def * d;
@@ -541,7 +541,7 @@ khui_menu_dup(khui_menu_def * src)
     return d;
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_menu_delete(khui_menu_def * d)
 {
     int i;
@@ -1019,9 +1019,9 @@ khui_create_global_accel_table(void) {
     return ha;
 }
 
-KHMEXP khm_boolean KHMAPI 
-khui_get_cmd_accel_string(khm_int32 cmd, 
-                          wchar_t * buf, 
+KHMEXP khm_boolean KHMAPI
+khui_get_cmd_accel_string(khm_int32 cmd,
+                          wchar_t * buf,
                           khm_size bufsiz) {
     int i;
     khui_accel_def * def;
@@ -1127,9 +1127,9 @@ khui_get_cmd_accel_string(khm_int32 cmd,
             break;
 
         default:
-            if((def->key >= '0' && 
-                def->key <= '9') || 
-               (def->key >= 'A' && 
+            if((def->key >= '0' &&
+                def->key <= '9') ||
+               (def->key >= 'A' &&
                 def->key <= 'Z')) {
                 ap = mbuf;
                 mbuf[0] = (wchar_t) def->key;
@@ -1241,13 +1241,13 @@ khuiint_copy_context(khui_action_context * ctxdest,
             ctxdest->headers[i].attr_id = ctxsrc->headers[i].attr_id;
             ctxdest->headers[i].cb_data = ctxsrc->headers[i].cb_data;
             if (ctxsrc->headers[i].cb_data > 0) {
-                ctxdest->headers[i].data = 
+                ctxdest->headers[i].data =
                     BYTEOFFSET(ctxdest->int_buf,
                                ctxdest->int_cb_used);
                 memcpy(ctxdest->headers[i].data,
                        ctxsrc->headers[i].data,
                        ctxsrc->headers[i].cb_data);
-                ctxdest->int_cb_used += 
+                ctxdest->int_cb_used +=
                     UBOUND32(ctxsrc->headers[i].cb_data);
             } else {
                 ctxdest->headers[i].data = NULL;
@@ -1264,7 +1264,7 @@ khuiint_copy_context(khui_action_context * ctxdest,
 #endif
 
         kcdb_credset_flush(ctxdest->credset);
-        
+
         kcdb_credset_extract_filtered(ctxdest->credset,
                                       ctxsrc->credset,
                                       khuiint_filter_selected,
@@ -1298,7 +1298,7 @@ khuiint_copy_context(khui_action_context * ctxdest,
 #endif
 }
 
-static void 
+static void
 khuiint_context_init(khui_action_context * ctx) {
     ctx->magic = KHUI_ACTION_CONTEXT_MAGIC;
     ctx->scope = KHUI_SCOPE_NONE;
@@ -1319,8 +1319,8 @@ khuiint_context_init(khui_action_context * ctx) {
 khui_action_context khui_ctx = {
     KHUI_ACTION_CONTEXT_MAGIC,
     KHUI_SCOPE_NONE,
-    NULL, 
-    KCDB_CREDTYPE_INVALID, 
+    NULL,
+    KCDB_CREDTYPE_INVALID,
     NULL,
     {
         {KCDB_ATTR_INVALID,NULL,0},
@@ -1402,10 +1402,10 @@ khui_context_create(khui_action_context * ctx,
     khuiint_copy_context(ctx, &tctx);
 }
 
-KHMEXP void KHMAPI 
-khui_context_set(khui_scope scope, 
-                 khm_handle identity, 
-                 khm_int32 cred_type, 
+KHMEXP void KHMAPI
+khui_context_set(khui_scope scope,
+                 khm_handle identity,
+                 khm_int32 cred_type,
                  khm_handle cred,
                  khui_header *headers,
                  khm_size n_headers,
@@ -1422,10 +1422,10 @@ khui_context_set(khui_scope scope,
                         0);
 }
 
-KHMEXP void KHMAPI 
-khui_context_set_ex(khui_scope scope, 
-                    khm_handle identity, 
-                    khm_int32 cred_type, 
+KHMEXP void KHMAPI
+khui_context_set_ex(khui_scope scope,
+                    khm_handle identity,
+                    khm_int32 cred_type,
                     khm_handle cred,
                     khui_header *headers,
                     khm_size n_headers,
@@ -1482,7 +1482,7 @@ khui_context_set_indirect(khui_action_context * ctx)
     LeaveCriticalSection(&cs_actions);
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_context_refresh(void) {
     khm_int32 flags;
 
@@ -1515,7 +1515,7 @@ khui_context_refresh(void) {
     kmq_post_message(KMSG_ACT, KMSG_ACT_REFRESH, 0, 0);
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_context_get(khui_action_context * ctx)
 {
     EnterCriticalSection(&cs_actions);
@@ -1530,7 +1530,7 @@ khui_context_get(khui_action_context * ctx)
     LeaveCriticalSection(&cs_actions);
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_context_release(khui_action_context * ctx)
 {
 #ifdef DEBUG
@@ -1558,7 +1558,7 @@ khui_context_release(khui_action_context * ctx)
 #endif
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_context_reset(void)
 {
     EnterCriticalSection(&cs_actions);
diff --git a/src/windows/identity/uilib/alert.c b/src/windows/identity/uilib/alert.c
index 02df7a1e3..62861eff9 100644
--- a/src/windows/identity/uilib/alert.c
+++ b/src/windows/identity/uilib/alert.c
@@ -41,19 +41,19 @@
 khui_alert * kh_alerts = NULL;
 CRITICAL_SECTION cs_alerts;
 
-void 
+void
 alert_init(void)
 {
     InitializeCriticalSection(&cs_alerts);
 }
 
-void 
+void
 alert_exit(void)
 {
     DeleteCriticalSection(&cs_alerts);
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_create_empty(khui_alert ** result)
 {
     khui_alert * a;
@@ -81,10 +81,10 @@ khui_alert_create_empty(khui_alert ** result)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_alert_create_simple(const wchar_t * title, 
-                         const wchar_t * message, 
-                         khm_int32 severity, 
+KHMEXP khm_int32 KHMAPI
+khui_alert_create_simple(const wchar_t * title,
+                         const wchar_t * message,
+                         khm_int32 severity,
                          khui_alert ** result)
 {
     khui_alert * a;
@@ -99,7 +99,7 @@ khui_alert_create_simple(const wchar_t * title,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_set_title(khui_alert * alert, const wchar_t * title)
 {
     size_t cb = 0;
@@ -107,8 +107,8 @@ khui_alert_set_title(khui_alert * alert, const wchar_t * title)
     assert(alert->magic == KHUI_ALERT_MAGIC);
 
     if(title) {
-        if(FAILED(StringCbLength(title, 
-                                 KHUI_MAXCB_TITLE, 
+        if(FAILED(StringCbLength(title,
+                                 KHUI_MAXCB_TITLE,
                                  &cb))) {
             return KHM_ERROR_INVALID_PARAM;
         }
@@ -132,7 +132,7 @@ khui_alert_set_title(khui_alert * alert, const wchar_t * title)
 }
 
 KHMEXP khm_int32 KHMAPI
-khui_alert_set_flags(khui_alert * alert, khm_int32 mask, khm_int32 flags) 
+khui_alert_set_flags(khui_alert * alert, khm_int32 mask, khm_int32 flags)
 {
     assert(alert->magic == KHUI_ALERT_MAGIC);
 
@@ -140,7 +140,7 @@ khui_alert_set_flags(khui_alert * alert, khm_int32 mask, khm_int32 flags)
         return KHM_ERROR_INVALID_PARAM;
 
     EnterCriticalSection(&cs_alerts);
-    alert->flags = 
+    alert->flags =
         (alert->flags & ~mask) |
         (flags & mask);
     LeaveCriticalSection(&cs_alerts);
@@ -148,7 +148,7 @@ khui_alert_set_flags(khui_alert * alert, khm_int32 mask, khm_int32 flags)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_set_severity(khui_alert * alert, khm_int32 severity)
 {
 
@@ -160,7 +160,7 @@ khui_alert_set_severity(khui_alert * alert, khm_int32 severity)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_set_suggestion(khui_alert * alert,
                           const wchar_t * suggestion) {
     size_t cb = 0;
@@ -168,8 +168,8 @@ khui_alert_set_suggestion(khui_alert * alert,
     assert(alert->magic == KHUI_ALERT_MAGIC);
 
     if(suggestion) {
-        if(FAILED(StringCbLength(suggestion, 
-                                 KHUI_MAXCB_MESSAGE - sizeof(wchar_t), 
+        if(FAILED(StringCbLength(suggestion,
+                                 KHUI_MAXCB_MESSAGE - sizeof(wchar_t),
                                  &cb))) {
             return KHM_ERROR_INVALID_PARAM;
         }
@@ -177,7 +177,7 @@ khui_alert_set_suggestion(khui_alert * alert,
     }
 
     EnterCriticalSection(&cs_alerts);
-    if(alert->suggestion && 
+    if(alert->suggestion &&
        (alert->flags & KHUI_ALERT_FLAG_FREE_SUGGEST)) {
 
         PFREE(alert->suggestion);
@@ -196,7 +196,7 @@ khui_alert_set_suggestion(khui_alert * alert,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_set_message(khui_alert * alert, const wchar_t * message)
 {
     size_t cb = 0;
@@ -204,8 +204,8 @@ khui_alert_set_message(khui_alert * alert, const wchar_t * message)
     assert(alert->magic == KHUI_ALERT_MAGIC);
 
     if(message) {
-        if(FAILED(StringCbLength(message, 
-                                 KHUI_MAXCB_MESSAGE - sizeof(wchar_t), 
+        if(FAILED(StringCbLength(message,
+                                 KHUI_MAXCB_MESSAGE - sizeof(wchar_t),
                                  &cb))) {
             return KHM_ERROR_INVALID_PARAM;
         }
@@ -213,7 +213,7 @@ khui_alert_set_message(khui_alert * alert, const wchar_t * message)
     }
 
     EnterCriticalSection(&cs_alerts);
-    if(alert->message && 
+    if(alert->message &&
        (alert->flags & KHUI_ALERT_FLAG_FREE_MESSAGE)) {
 
         PFREE(alert->message);
@@ -232,7 +232,7 @@ khui_alert_set_message(khui_alert * alert, const wchar_t * message)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_clear_commands(khui_alert * alert)
 {
     assert(alert->magic == KHUI_ALERT_MAGIC);
@@ -243,7 +243,7 @@ khui_alert_clear_commands(khui_alert * alert)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_add_command(khui_alert * alert, khm_int32 command_id)
 {
     khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -312,7 +312,7 @@ khui_alert_get_response(khui_alert * alert)
     return response;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_show(khui_alert * alert)
 {
     assert(alert->magic == KHUI_ALERT_MAGIC);
@@ -349,9 +349,9 @@ khui_alert_queue(khui_alert * alert)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_alert_show_simple(const wchar_t * title, 
-                       const wchar_t * message, 
+KHMEXP khm_int32 KHMAPI
+khui_alert_show_simple(const wchar_t * title,
+                       const wchar_t * message,
                        khm_int32 severity)
 {
     khui_alert * a = NULL;
@@ -369,8 +369,8 @@ khui_alert_show_simple(const wchar_t * title,
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_alert_hold(khui_alert * alert) 
+KHMEXP khm_int32 KHMAPI
+khui_alert_hold(khui_alert * alert)
 {
     assert(alert->magic == KHUI_ALERT_MAGIC);
 
@@ -381,7 +381,7 @@ khui_alert_hold(khui_alert * alert)
 }
 
 /* called with cs_alert held */
-static void 
+static void
 free_alert(khui_alert * alert)
 {
     assert(alert->magic == KHUI_ALERT_MAGIC);
@@ -416,8 +416,8 @@ free_alert(khui_alert * alert)
     }
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_alert_release(khui_alert * alert) 
+KHMEXP khm_int32 KHMAPI
+khui_alert_release(khui_alert * alert)
 {
     assert(alert->magic == KHUI_ALERT_MAGIC);
 
diff --git a/src/windows/identity/uilib/configui.c b/src/windows/identity/uilib/configui.c
index 6f4f940a8..a87ea72ca 100644
--- a/src/windows/identity/uilib/configui.c
+++ b/src/windows/identity/uilib/configui.c
@@ -59,7 +59,7 @@ cfgui_create_new_node(void) {
 }
 
 /* called with cs_cfgui held */
-static void 
+static void
 cfgui_free_node(khui_config_node_i * node) {
     if (!cfgui_is_valid_node(node))
         return;
@@ -111,7 +111,7 @@ cfgui_release_node(khui_config_node_i * node) {
     LeaveCriticalSection(&cs_cfgui);
 }
 
-static void 
+static void
 cfgui_init_once(void) {
     if (init_once == 0 &&
         InterlockedIncrement(&init_once) == 1) {
@@ -431,7 +431,7 @@ khui_cfg_get_next(khui_config_node vnode,
         node = cfgui_node_i_from_handle(vnode);
         for(nxt_node = LNEXT(node);
             nxt_node &&
-                ((node->reg.flags ^ nxt_node->reg.flags) & 
+                ((node->reg.flags ^ nxt_node->reg.flags) &
                  KHUI_CNFLAG_SUBPANEL);
             nxt_node = LNEXT(nxt_node));
         if (nxt_node)
@@ -455,7 +455,7 @@ khui_cfg_get_next_release(khui_config_node * pvnode) {
     khui_config_node_i * node;
     khui_config_node_i * nxt_node;
 
-    if (!pvnode || 
+    if (!pvnode ||
         !cfgui_is_valid_node_handle(*pvnode))
         return KHM_ERROR_INVALID_PARAM;
 
@@ -464,7 +464,7 @@ khui_cfg_get_next_release(khui_config_node * pvnode) {
         node = cfgui_node_i_from_handle(*pvnode);
         for(nxt_node = LNEXT(node);
             nxt_node &&
-                (((node->reg.flags ^ nxt_node->reg.flags) & 
+                (((node->reg.flags ^ nxt_node->reg.flags) &
                   KHUI_CNFLAG_SUBPANEL) ||
                  (nxt_node->flags & KHUI_CN_FLAG_DELETED));
             nxt_node = LNEXT(nxt_node));
@@ -531,7 +531,7 @@ khui_cfg_get_hwnd(khui_config_node vnode) {
         node = cfgui_node_i_from_handle(vnode);
     else if (!vnode)
         node = cfgui_root_config;
-    else 
+    else
         node = NULL;
 
     if (node)
@@ -559,7 +559,7 @@ khui_cfg_get_param(khui_config_node vnode) {
         node = cfgui_node_i_from_handle(vnode);
     else if (!vnode)
         node = cfgui_root_config;
-    else 
+    else
         node = NULL;
 
     if (node)
@@ -624,7 +624,7 @@ clear_node_data(khui_config_node_i * node) {
 
 static cfg_node_data *
 get_node_data(khui_config_node_i * node,
-              void * key, 
+              void * key,
               khm_boolean create) {
     khm_size i;
 
@@ -686,7 +686,7 @@ khui_cfg_get_hwnd_inst(khui_config_node vnode,
         node = cfgui_node_i_from_handle(vnode);
     else if (!vnode)
         node = cfgui_root_config;
-    else 
+    else
         node = NULL;
 
     if (node) {
@@ -720,7 +720,7 @@ khui_cfg_get_param_inst(khui_config_node vnode,
         node = cfgui_node_i_from_handle(vnode);
     else if (!vnode)
         node = cfgui_root_config;
-    else 
+    else
         node = NULL;
 
     if (node) {
@@ -737,7 +737,7 @@ khui_cfg_get_param_inst(khui_config_node vnode,
 }
 
 KHMEXP void KHMAPI
-khui_cfg_set_hwnd_inst(khui_config_node vnode, 
+khui_cfg_set_hwnd_inst(khui_config_node vnode,
                        khui_config_node noderef,
                        HWND hwnd) {
     khui_config_node_i * node;
@@ -754,7 +754,7 @@ khui_cfg_set_hwnd_inst(khui_config_node vnode,
         node = cfgui_node_i_from_handle(vnode);
     else if (!vnode)
         node = cfgui_root_config;
-    else 
+    else
         node = NULL;
 
     if (node) {
@@ -766,7 +766,7 @@ khui_cfg_set_hwnd_inst(khui_config_node vnode,
 }
 
 KHMEXP void KHMAPI
-khui_cfg_set_param_inst(khui_config_node vnode, 
+khui_cfg_set_param_inst(khui_config_node vnode,
                         khui_config_node noderef,
                         LPARAM param) {
     khui_config_node_i * node;
@@ -783,7 +783,7 @@ khui_cfg_set_param_inst(khui_config_node vnode,
         node = cfgui_node_i_from_handle(vnode);
     else if (!vnode)
         node = cfgui_root_config;
-    else 
+    else
         node = NULL;
 
     if (node) {
@@ -796,7 +796,7 @@ khui_cfg_set_param_inst(khui_config_node vnode,
 
 
 /* called with cs_cfgui held  */
-static void 
+static void
 cfgui_clear_params(khui_config_node_i * node) {
     khui_config_node_i * c;
 
@@ -830,7 +830,7 @@ khui_cfg_set_configui_handle(HWND hwnd) {
 }
 
 KHMEXP void KHMAPI
-khui_cfg_set_flags(khui_config_node vnode, 
+khui_cfg_set_flags(khui_config_node vnode,
                    khm_int32 flags,
                    khm_int32 mask) {
     khui_config_node_i * node;
@@ -847,7 +847,7 @@ khui_cfg_set_flags(khui_config_node vnode,
 
         node = cfgui_node_i_from_handle(vnode);
 
-        newflags = 
+        newflags =
             (flags & mask) |
             (node->flags & ~mask);
 
@@ -933,7 +933,7 @@ khui_cfg_set_flags_inst(khui_config_init_data * d,
     EnterCriticalSection(&cs_cfgui);
     if (cfgui_is_valid_node_handle(d->this_node))
         node = cfgui_node_i_from_handle(d->this_node);
-    else 
+    else
         node = NULL;
 
     if (node) {
diff --git a/src/windows/identity/uilib/creddlg.c b/src/windows/identity/uilib/creddlg.c
index e78ced68c..f975be1e3 100644
--- a/src/windows/identity/uilib/creddlg.c
+++ b/src/windows/identity/uilib/creddlg.c
@@ -37,7 +37,7 @@ static void cw_free_prompts(khui_new_creds * c);
 
 static void cw_free_prompt(khui_new_creds_prompt * p);
 
-static khui_new_creds_prompt * 
+static khui_new_creds_prompt *
 cw_create_prompt(
     khm_size idx,
     khm_int32 type,
@@ -45,7 +45,7 @@ cw_create_prompt(
     wchar_t * def,
     khm_int32 flags);
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_create_cred_blob(khui_new_creds ** ppnc)
 {
     khui_new_creds * c;
@@ -65,7 +65,7 @@ khui_cw_create_cred_blob(khui_new_creds ** ppnc)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_destroy_cred_blob(khui_new_creds *c)
 {
     khm_size i;
@@ -102,14 +102,14 @@ khui_cw_destroy_cred_blob(khui_new_creds *c)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_lock_nc(khui_new_creds * c)
 {
     EnterCriticalSection(&c->cs);
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_unlock_nc(khui_new_creds * c)
 {
     LeaveCriticalSection(&c->cs);
@@ -118,8 +118,8 @@ khui_cw_unlock_nc(khui_new_creds * c)
 
 #define NC_N_IDENTITIES 4
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_add_identity(khui_new_creds * c, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_add_identity(khui_new_creds * c,
                      khm_handle id)
 {
     if(id == NULL)
@@ -130,17 +130,17 @@ khui_cw_add_identity(khui_new_creds * c,
 
     if(c->identities == NULL) {
         c->nc_identities = NC_N_IDENTITIES;
-        c->identities = PMALLOC(sizeof(*(c->identities)) * 
+        c->identities = PMALLOC(sizeof(*(c->identities)) *
                                c->nc_identities);
         c->n_identities = 0;
     } else if(c->n_identities + 1 > c->nc_identities) {
         khm_handle * ni;
 
-        c->nc_identities = UBOUNDSS(c->n_identities + 1, 
-                                    NC_N_IDENTITIES, 
+        c->nc_identities = UBOUNDSS(c->n_identities + 1,
+                                    NC_N_IDENTITIES,
                                     NC_N_IDENTITIES);
         ni = PMALLOC(sizeof(*(c->identities)) * c->nc_identities);
-        memcpy(ni, c->identities, 
+        memcpy(ni, c->identities,
                sizeof(*(c->identities)) * c->n_identities);
         PFREE(c->identities);
         c->identities = ni;
@@ -153,8 +153,8 @@ khui_cw_add_identity(khui_new_creds * c,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_set_primary_id(khui_new_creds * c, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_set_primary_id(khui_new_creds * c,
                        khm_handle id)
 {
     khm_size  i;
@@ -177,14 +177,14 @@ khui_cw_set_primary_id(khui_new_creds * c,
     LeaveCriticalSection(&(c->cs));
     rv = khui_cw_add_identity(c,id);
     if(c->hwnd != NULL) {
-        PostMessage(c->hwnd, KHUI_WM_NC_NOTIFY, 
+        PostMessage(c->hwnd, KHUI_WM_NC_NOTIFY,
                     MAKEWPARAM(0, WMNC_IDENTITY_CHANGE), 0);
     }
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_add_type(khui_new_creds * c, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_add_type(khui_new_creds * c,
                  khui_new_creds_by_type * t)
 {
     EnterCriticalSection(&c->cs);
@@ -227,8 +227,8 @@ khui_cw_add_type(khui_new_creds * c,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_del_type(khui_new_creds * c, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_del_type(khui_new_creds * c,
                  khm_int32 type_id)
 {
     khm_size  i;
@@ -251,9 +251,9 @@ khui_cw_del_type(khui_new_creds * c,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_find_type(khui_new_creds * c, 
-                  khm_int32 type, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_find_type(khui_new_creds * c,
+                  khm_int32 type,
                   khui_new_creds_by_type **t)
 {
     khm_size i;
@@ -274,7 +274,7 @@ khui_cw_find_type(khui_new_creds * c,
 }
 
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_enable_type(khui_new_creds * c,
                     khm_int32 type,
                     khm_boolean enable)
@@ -301,7 +301,7 @@ khui_cw_enable_type(khui_new_creds * c,
     return (t)?KHM_ERROR_SUCCESS:KHM_ERROR_NOT_FOUND;
 }
 
-KHMEXP khm_boolean KHMAPI 
+KHMEXP khm_boolean KHMAPI
 khui_cw_type_succeeded(khui_new_creds * c,
                        khm_int32 type)
 {
@@ -319,7 +319,7 @@ khui_cw_type_succeeded(khui_new_creds * c,
     return s;
 }
 
-static khui_new_creds_prompt * 
+static khui_new_creds_prompt *
 cw_create_prompt(khm_size idx,
                  khm_int32 type,
                  wchar_t * prompt,
@@ -360,7 +360,7 @@ cw_create_prompt(khm_size idx,
     return p;
 }
 
-static void 
+static void
 cw_free_prompt(khui_new_creds_prompt * p) {
     size_t cb;
 
@@ -385,7 +385,7 @@ cw_free_prompt(khui_new_creds_prompt * p) {
     PFREE(p);
 }
 
-static void 
+static void
 cw_free_prompts(khui_new_creds * c)
 {
     khm_size i;
@@ -416,13 +416,13 @@ cw_free_prompts(khui_new_creds * c)
     c->n_prompts = 0;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_clear_prompts(khui_new_creds * c)
 {
     /* the WMNC_CLEAR_PROMPT message needs to be sent before freeing
        the prompts, because the prompts structure still holds the
        window handles for the custom prompt controls. */
-    SendMessage(c->hwnd, KHUI_WM_NC_NOTIFY, 
+    SendMessage(c->hwnd, KHUI_WM_NC_NOTIFY,
                 MAKEWPARAM(0,WMNC_CLEAR_PROMPTS), (LPARAM) c);
 
     EnterCriticalSection(&c->cs);
@@ -432,15 +432,15 @@ khui_cw_clear_prompts(khui_new_creds * c)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_begin_custom_prompts(khui_new_creds * c, 
-                             khm_size n_prompts, 
-                             wchar_t * banner, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_begin_custom_prompts(khui_new_creds * c,
+                             khm_size n_prompts,
+                             wchar_t * banner,
                              wchar_t * pname)
 {
     size_t cb;
 
-    PostMessage(c->hwnd, KHUI_WM_NC_NOTIFY, 
+    PostMessage(c->hwnd, KHUI_WM_NC_NOTIFY,
                 MAKEWPARAM(0,WMNC_CLEAR_PROMPTS), (LPARAM) c);
 
     EnterCriticalSection(&c->cs);
@@ -449,7 +449,7 @@ khui_cw_begin_custom_prompts(khui_new_creds * c,
 #endif
     cw_free_prompts(c);
 
-    if(SUCCEEDED(StringCbLength(banner, KHUI_MAXCB_BANNER, &cb)) && 
+    if(SUCCEEDED(StringCbLength(banner, KHUI_MAXCB_BANNER, &cb)) &&
        cb > 0) {
         cb += sizeof(wchar_t);
         c->banner = PMALLOC(cb);
@@ -458,7 +458,7 @@ khui_cw_begin_custom_prompts(khui_new_creds * c,
         c->banner = NULL;
     }
 
-    if(SUCCEEDED(StringCbLength(pname, KHUI_MAXCB_PNAME, &cb)) && 
+    if(SUCCEEDED(StringCbLength(pname, KHUI_MAXCB_PNAME, &cb)) &&
        cb > 0) {
 
         cb += sizeof(wchar_t);
@@ -483,7 +483,7 @@ khui_cw_begin_custom_prompts(khui_new_creds * c,
         c->n_prompts = 0;
         c->nc_prompts = 0;
 
-        PostMessage(c->hwnd, KHUI_WM_NC_NOTIFY, 
+        PostMessage(c->hwnd, KHUI_WM_NC_NOTIFY,
                     MAKEWPARAM(0, WMNC_SET_PROMPTS), (LPARAM) c);
     }
 
@@ -492,11 +492,11 @@ khui_cw_begin_custom_prompts(khui_new_creds * c,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_add_prompt(khui_new_creds * c, 
-                   khm_int32 type, 
-                   wchar_t * prompt, 
-                   wchar_t * def, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_add_prompt(khui_new_creds * c,
+                   khm_int32 type,
+                   wchar_t * prompt,
+                   wchar_t * def,
                    khm_int32 flags)
 {
     khui_new_creds_prompt * p;
@@ -519,7 +519,7 @@ khui_cw_add_prompt(khui_new_creds * c,
     LeaveCriticalSection(&c->cs);
 
     if(c->n_prompts == c->nc_prompts) {
-        PostMessage(c->hwnd, KHUI_WM_NC_NOTIFY, 
+        PostMessage(c->hwnd, KHUI_WM_NC_NOTIFY,
                     MAKEWPARAM(0, WMNC_SET_PROMPTS), (LPARAM) c);
         /* once we are done adding prompts, switch to the auth
            panel */
@@ -527,8 +527,8 @@ khui_cw_add_prompt(khui_new_creds * c,
         /* Actually, don't. Doing so can mean an unexpected panel
            switch if fiddling on some other panel causes a change in
            custom prompts. */
-        SendMessage(c->hwnd, KHUI_WM_NC_NOTIFY, 
-                    MAKEWPARAM(0, WMNC_DIALOG_SWITCH_PANEL), 
+        SendMessage(c->hwnd, KHUI_WM_NC_NOTIFY,
+                    MAKEWPARAM(0, WMNC_DIALOG_SWITCH_PANEL),
                     (LPARAM) c);
 #endif
     }
@@ -536,7 +536,7 @@ khui_cw_add_prompt(khui_new_creds * c,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_get_prompt_count(khui_new_creds * c,
                          khm_size * np) {
 
@@ -547,9 +547,9 @@ khui_cw_get_prompt_count(khui_new_creds * c,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_get_prompt(khui_new_creds * c, 
-                   khm_size idx, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_get_prompt(khui_new_creds * c,
+                   khm_size idx,
                    khui_new_creds_prompt ** prompt)
 {
     khm_int32 rv;
@@ -599,7 +599,7 @@ khuiint_trim_str(wchar_t * s, khm_size cch) {
         *last_ws = L'\0';
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_sync_prompt_values(khui_new_creds * c)
 {
     khm_size i;
@@ -634,10 +634,10 @@ khui_cw_sync_prompt_values(khui_new_creds * c)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_get_prompt_value(khui_new_creds * c, 
-                         khm_size idx, 
-                         wchar_t * buf, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_get_prompt_value(khui_new_creds * c,
+                         khm_size idx,
+                         wchar_t * buf,
                          khm_size *cbbuf)
 {
     khui_new_creds_prompt * p;
@@ -672,9 +672,9 @@ khui_cw_get_prompt_value(khui_new_creds * c,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-khui_cw_set_response(khui_new_creds * c, 
-                     khm_int32 type, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_set_response(khui_new_creds * c,
+                     khm_int32 type,
                      khm_int32 response)
 {
     khui_new_creds_by_type * t = NULL;
diff --git a/src/windows/identity/uilib/intalert.h b/src/windows/identity/uilib/intalert.h
index dc4fbc6ef..498c8488f 100644
--- a/src/windows/identity/uilib/intalert.h
+++ b/src/windows/identity/uilib/intalert.h
@@ -88,14 +88,14 @@ typedef struct tag_khui_alert {
                                  ::khui_alert_flags.  Do not modify
                                  directly. */
 
-    kherr_context *     err_context; 
+    kherr_context *     err_context;
                                 /*!< If non-NULL at the time the alert
                                   window is shown, this indicates that
                                   the alert window should provide an
                                   error viewer for the given error
                                   context. */
 
-    kherr_event *       err_event; 
+    kherr_event *       err_event;
                                 /*!< If non-NULL at the time the alert
                                   window is shown, this indicates that
                                   the alert window should provide an
@@ -110,7 +110,7 @@ typedef struct tag_khui_alert {
     khui_action_context ctx;    /*!< Context to which this alert
                                   applies to. */
 
-    khm_int32           response; 
+    khm_int32           response;
                                 /*!< Once the alert is displayed to
                                   the user, when the user clicks one
                                   of the command buttons, the command
diff --git a/src/windows/identity/uilib/khaction.h b/src/windows/identity/uilib/khaction.h
index cd6ad8e5e..479e39230 100644
--- a/src/windows/identity/uilib/khaction.h
+++ b/src/windows/identity/uilib/khaction.h
@@ -470,7 +470,7 @@ khui_menu_get_size(khui_menu_def * d);
 KHMEXP khui_action_ref *
 khui_menu_get_action(khui_menu_def * d, khm_size idx);
 
-/*! \brief Action scope identifiers 
+/*! \brief Action scope identifiers
 
     The scope identifier is a value which describes the scope of the
     cursor context.  See documentation on individual scope identifiers
@@ -485,7 +485,7 @@ khui_menu_get_action(khui_menu_def * d, khm_size idx);
     selected.
 
     Note that the scope typically only apply to cursor contexts and
-    not the selection context.  Please see 
+    not the selection context.  Please see
     \ref khui_context "UI Contexts" for more information.
 
     \see \ref khui_context "UI Contexts"
@@ -494,11 +494,11 @@ typedef enum tag_khui_scope {
     KHUI_SCOPE_NONE,
     /*!< No context.  Nothing is selected. */
 
-    KHUI_SCOPE_IDENT,     
+    KHUI_SCOPE_IDENT,
     /*!< Identity.  The selection is the entire identity specified in
       the \a identity field of the context. */
 
-    KHUI_SCOPE_CREDTYPE,  
+    KHUI_SCOPE_CREDTYPE,
     /*!< A credentials type.  The selection is an entire credentials
       type.  If \a identity is non-NULL, then the scope is all the
       credentials of type \a cred_type which belong to \a identity.
@@ -627,10 +627,10 @@ typedef struct tag_khui_action_context {
 
     \note This function should only be called from the UI thread.
  */
-KHMEXP void KHMAPI 
-khui_context_set(khui_scope  scope, 
-                 khm_handle  identity, 
-                 khm_int32   cred_type, 
+KHMEXP void KHMAPI
+khui_context_set(khui_scope  scope,
+                 khm_handle  identity,
+                 khm_int32   cred_type,
                  khm_handle  cred,
                  khui_header *headers,
                  khm_size    n_headers,
@@ -685,10 +685,10 @@ khui_context_set(khui_scope  scope,
 
     \note This function should only be called from the UI thread.
  */
-KHMEXP void KHMAPI 
-khui_context_set_ex(khui_scope scope, 
-                    khm_handle identity, 
-                    khm_int32 cred_type, 
+KHMEXP void KHMAPI
+khui_context_set_ex(khui_scope scope,
+                    khm_handle identity,
+                    khm_int32 cred_type,
                     khm_handle cred,
                     khui_header *headers,
                     khm_size n_headers,
@@ -717,7 +717,7 @@ khui_context_set_indirect(khui_action_context * ctx);
     \note The returned context should not be modified prior to calling
     khui_context_release().
 */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_context_get(khui_action_context * ctx);
 
 /*! \brief Create a new UI context
@@ -745,7 +745,7 @@ khui_context_create(khui_action_context * ctx,
     \note The context should not have been modified between calling
     khui_context_get() and khui_context_release()
  */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_context_release(khui_action_context * ctx);
 
 /*! \brief Reset the UI context
@@ -753,7 +753,7 @@ khui_context_release(khui_action_context * ctx);
     Nullifies the current UI context and releases any holds obtained
     on objects related to the previous context.
 */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_context_reset(void);
 
 /*! \brief Refresh context data
@@ -770,7 +770,7 @@ khui_context_reset(void);
     khui_context_refresh() should be called to adjust the state of the
     ::KHUI_ACTION_SET_DEF_ID action.
  */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_context_refresh(void);
 
 /*! \brief A filter function that filters for credentials in the cursor context
diff --git a/src/windows/identity/uilib/khactiondef.h b/src/windows/identity/uilib/khactiondef.h
index 33d8347eb..f159771a1 100644
--- a/src/windows/identity/uilib/khactiondef.h
+++ b/src/windows/identity/uilib/khactiondef.h
@@ -73,7 +73,7 @@
 #define KHUI_ACTION_VIEW_ALL_IDS (KHUI_ACTION_BASE + 37)
 /*@}*/
 
-/*! \name Pseudo actions 
+/*! \name Pseudo actions
 
 Pseudo actions do not trigger any specific function, but acts as a
 signal of some generic event which will be interpreted based on
diff --git a/src/windows/identity/uilib/khalerts.h b/src/windows/identity/uilib/khalerts.h
index 751abce01..d4e44d8de 100644
--- a/src/windows/identity/uilib/khalerts.h
+++ b/src/windows/identity/uilib/khalerts.h
@@ -66,7 +66,7 @@ typedef struct tag_khui_alert khui_alert;
 
 /*! \brief Flags for an alert */
 enum khui_alert_flags {
-    KHUI_ALERT_FLAG_FREE_STRUCT     =0x00000001, 
+    KHUI_ALERT_FLAG_FREE_STRUCT     =0x00000001,
     /*!< Internal. Free the structure once the alert is done. */
 
     KHUI_ALERT_FLAG_FREE_TITLE      =0x00000002,
@@ -144,7 +144,7 @@ typedef enum tag_khui_alert_types {
     The returned result is a held pointer to a ::khui_alert object.
     Use khui_alert_release() to release the object.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_create_empty(khui_alert ** result);
 
 /*! \brief Create a simple alert object
@@ -163,33 +163,33 @@ khui_alert_create_empty(khui_alert ** result);
     \param[out] result Receives a held pointer to a ::khui_alert
         object upon successful completion.
  */
-KHMEXP khm_int32 KHMAPI 
-khui_alert_create_simple(const wchar_t * title, 
-                         const wchar_t * message, 
-                         khm_int32 severity, 
+KHMEXP khm_int32 KHMAPI
+khui_alert_create_simple(const wchar_t * title,
+                         const wchar_t * message,
+                         khm_int32 severity,
                          khui_alert ** result);
 
 /*! \brief Set the title of an alert object
 
     The title is limited by ::KHUI_MAXCCH_TITLE.
  */
-KHMEXP khm_int32 KHMAPI 
-khui_alert_set_title(khui_alert * alert, 
+KHMEXP khm_int32 KHMAPI
+khui_alert_set_title(khui_alert * alert,
                      const wchar_t * title);
 
 /*! \brief Set the message of an alert object
 
     The message is limited by ::KHUI_MAXCCH_MESSAGE.
  */
-KHMEXP khm_int32 KHMAPI 
-khui_alert_set_message(khui_alert * alert, 
+KHMEXP khm_int32 KHMAPI
+khui_alert_set_message(khui_alert * alert,
                        const wchar_t * message);
 
-/*! \brief Set the suggestion of an alert object 
+/*! \brief Set the suggestion of an alert object
 
     The suggestion is limited by ::KHUI_MAXCCH_SUGGESTION
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_set_suggestion(khui_alert * alert,
                           const wchar_t * suggestion);
 
@@ -197,8 +197,8 @@ khui_alert_set_suggestion(khui_alert * alert,
 
     The severity value is one of ::tag_kherr_severity
  */
-KHMEXP khm_int32 KHMAPI 
-khui_alert_set_severity(khui_alert * alert, 
+KHMEXP khm_int32 KHMAPI
+khui_alert_set_severity(khui_alert * alert,
                         khm_int32 severity);
 
 /*! \brief Sets the flags of the alert
@@ -215,15 +215,15 @@ khui_alert_set_flags(khui_alert * alert, khm_int32 mask, khm_int32 flags);
 
     \see khui_alert_add_command()
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_clear_commands(khui_alert * alert);
 
 /*! \brief Add a command to an alert object
 
     The command ID should be a valid registered action.
  */
-KHMEXP khm_int32 KHMAPI 
-khui_alert_add_command(khui_alert * alert, 
+KHMEXP khm_int32 KHMAPI
+khui_alert_add_command(khui_alert * alert,
                        khm_int32 command_id);
 
 /*! \brief Set the type of alert
@@ -261,15 +261,15 @@ khui_alert_get_response(khui_alert * alert);
 
     The method used to display the alert is as follows:
 
-    - A balloon alert will be shown if one of the following is true: 
-      - The NetIDMgr application is minimized or in the background.  
-      - ::KHUI_ALERT_FLAG_REQUEST_BALLOON is specified in \a flags.  
+    - A balloon alert will be shown if one of the following is true:
+      - The NetIDMgr application is minimized or in the background.
+      - ::KHUI_ALERT_FLAG_REQUEST_BALLOON is specified in \a flags.
     - Otherwise an alert window will be shown.
 
     If the message, title of the alert is too long to fit in a balloon
     prompt, there's a suggestion or if there are custom commands then
     a placeholder balloon prompt will be shown which when clicked on,
-    shows the actual alert in an alert window.  
+    shows the actual alert in an alert window.
 
     An exception is when ::KHUI_ALERT_FLAG_DEFACTION is specified in
     flags.  In this case instead of a placeholder balloon prompt, one
@@ -312,7 +312,7 @@ khui_alert_get_response(khui_alert * alert);
       retrieved via a call to khui_alert_get_response().
 
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_show(khui_alert * alert);
 
 /*! \brief Display a modal alert
@@ -341,9 +341,9 @@ khui_alert_queue(khui_alert * alert);
 
     \see khui_alert_show()
  */
-KHMEXP khm_int32 KHMAPI 
-khui_alert_show_simple(const wchar_t * title, 
-                       const wchar_t * message, 
+KHMEXP khm_int32 KHMAPI
+khui_alert_show_simple(const wchar_t * title,
+                       const wchar_t * message,
                        khm_int32 severity);
 
 /*! \brief Obtain a hold on the alert
@@ -353,7 +353,7 @@ khui_alert_show_simple(const wchar_t * title,
 
     Use khui_alert_release() to release the hold.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_hold(khui_alert * alert);
 
 /*! \brief Release the hold on the alert
@@ -362,10 +362,10 @@ khui_alert_hold(khui_alert * alert);
     return a held pointer to an alert or implicitly obtains a hold on
     it need to be undone through a call to khui_alert_release().
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_alert_release(khui_alert * alert);
 
-/*! \brief Lock an alert 
+/*! \brief Lock an alert
 
     Locking an alert disallows any other thread from accessing the
     alert at the same time.  NetIDMgr keeps a global list of all alert
@@ -387,14 +387,14 @@ khui_alert_release(khui_alert * alert);
         require obtaining a lock, as they perform synchronization
         internally.
 */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_alert_lock(khui_alert * alert);
 
-/*! \brief Unlock an alert 
+/*! \brief Unlock an alert
 
     \see khui_alert_lock()
 */
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_alert_unlock(khui_alert * alert);
 
 /*!@}*/
diff --git a/src/windows/identity/uilib/khconfigui.h b/src/windows/identity/uilib/khconfigui.h
index bbc712a36..16a83c024 100644
--- a/src/windows/identity/uilib/khconfigui.h
+++ b/src/windows/identity/uilib/khconfigui.h
@@ -204,7 +204,7 @@ typedef struct tag_khui_config_node_reg {
  */
 #define CFGDLG_WIDTH 255
 
-/*! \brief Height of a configuration dialog in dialog units 
+/*! \brief Height of a configuration dialog in dialog units
 
     \see ::CFGDLG_WIDTH
 */
@@ -231,7 +231,7 @@ typedef struct tag_khui_config_node_reg {
 */
 typedef khm_handle khui_config_node;
 
-/*! \brief Initialization data passed in to a subpanel 
+/*! \brief Initialization data passed in to a subpanel
 
     When creating a subpanel, a pointer to the following strucutred
     will be passed in as the creation parameter for the dialog.
@@ -415,7 +415,7 @@ khui_cfg_get_next(khui_config_node node,
 KHMEXP khm_int32 KHMAPI
 khui_cfg_get_next_release(khui_config_node * node);
 
-/*! \brief Get the name of a configuration node 
+/*! \brief Get the name of a configuration node
 
     Gets the name (not the short description or the long description)
     of the given configuration node.
@@ -464,7 +464,7 @@ khui_cfg_get_param_inst(khui_config_node node,
     This function is used internally by NetIDMgr.  Do not use.
 */
 KHMEXP void KHMAPI
-khui_cfg_set_hwnd_inst(khui_config_node node, 
+khui_cfg_set_hwnd_inst(khui_config_node node,
                        khui_config_node noderef,
                        HWND hwnd);
 
@@ -473,7 +473,7 @@ khui_cfg_set_hwnd_inst(khui_config_node node,
     This function is used internally by NetIDMgr.  Do not use.
 */
 KHMEXP void KHMAPI
-khui_cfg_set_param_inst(khui_config_node node, 
+khui_cfg_set_param_inst(khui_config_node node,
                         khui_config_node noderef,
                         LPARAM param);
 
@@ -581,16 +581,16 @@ khui_cfg_init_dialog_data(HWND hwnd_dlg,
                           khui_config_init_data ** new_data,
                           void ** extra);
 
-/*! \brief Utility function: Retrieves dialog data 
+/*! \brief Utility function: Retrieves dialog data
 
     Retrieves the dialog data previoulsy stored using
     khui_cfg_init_dialog_data().
 
-    \param[in] hwnd_dlg Handle to the dialog box 
+    \param[in] hwnd_dlg Handle to the dialog box
 
     \param[out] data Receives a pointer to the ::khui_config_init_data
         block.
-    
+
     \param[out] extra Receives a pointer to the extra memory
         allocated. Optional (set to NULL if this value is not needed).
 */
diff --git a/src/windows/identity/uilib/khhtlink.h b/src/windows/identity/uilib/khhtlink.h
index be6abb21c..5cae47682 100644
--- a/src/windows/identity/uilib/khhtlink.h
+++ b/src/windows/identity/uilib/khhtlink.h
@@ -27,10 +27,10 @@
 #ifndef __KHIMAIRA_KHHTLINK_H
 #define __KHIMAIRA_KHHTLINK_H
 
-/*! \addtogroup khui 
+/*! \addtogroup khui
 @{ */
 
-/*! \defgroup khui_hyperlink Hyperlink 
+/*! \defgroup khui_hyperlink Hyperlink
 @{*/
 
 /*! \brief A hyperlink
diff --git a/src/windows/identity/uilib/khnewcred.h b/src/windows/identity/uilib/khnewcred.h
index db70b41f8..67531c117 100644
--- a/src/windows/identity/uilib/khnewcred.h
+++ b/src/windows/identity/uilib/khnewcred.h
@@ -34,7 +34,7 @@
 /*! \addtogroup khui
 @{ */
 
-/*! \defgroup khui_cred Credentials acquisition 
+/*! \defgroup khui_cred Credentials acquisition
 
     Declarations associated with credentials acquisition.
 
@@ -68,7 +68,7 @@
     window as a ::KHUI_WM_NC_NOTIFY message.
 */
 enum khui_wm_nc_notifications {
-    WMNC_DIALOG_EXPAND = 1, 
+    WMNC_DIALOG_EXPAND = 1,
     /*!< The dialog is switching from basic to advanced mode or vice
       versa.
 
@@ -82,7 +82,7 @@ enum khui_wm_nc_notifications {
     WMNC_DIALOG_SETUP,
     /*!< Sent to the new creds window to notify it that the dialog
       should create all the type configuration panels.
-        
+
       Until this message is issued, none of the credentials type
       panels exist.  The credentials type panels will receive
       WM_INITDIALOG etc as per the normal dialog creation process.
@@ -258,7 +258,7 @@ enum khui_wm_nc_notifications {
     /*!< Sent to the new creds window to set custom prompts.
 
       Only sent to the new credentials window. */
-    
+
     WMNC_DIALOG_PREPROCESS,
     /*!< The credentials acquisition process is about to start.
 
@@ -311,7 +311,7 @@ enum khui_wm_nc_notifications {
     the callback.
  */
 enum khui_wm_nc_ident_notify {
-    WMNC_IDENT_INIT,            
+    WMNC_IDENT_INIT,
     /*!< Initialize an identity selector for a new credentials
          dialog. The \a lParam parameter contains a handle to the
          dialog window which will contain the identity selector
@@ -341,7 +341,7 @@ enum khui_wm_nc_ident_notify {
 @{*/
 
 /*! \brief Switch the panel
-    
+
     The \a id attribute of the link specifies the ordinal of the panel
     to switch to.
 */
@@ -465,7 +465,7 @@ typedef struct tag_khui_new_creds {
 /*!\brief No known response */
 #define KHUI_NC_RESPONSE_NONE     0
 
-/*!\brief It is okay to exit the dialog now 
+/*!\brief It is okay to exit the dialog now
 
     This is the default, which is why it has a value of zero.  In
     order to prevent the dialog from exiting, set the
@@ -691,7 +691,7 @@ typedef struct tag_khui_new_creds_by_type {
 /*!\name Flags for khui_new_creds_by_type
 
     Note that KHUI_NC_RESPONSE_SUCCESS, KHUI_NC_RESPONSE_FAILED,
-    KHUI_NC_RESPONSE_PENDING are also stored in the flags. 
+    KHUI_NC_RESPONSE_PENDING are also stored in the flags.
 
 @{*/
 #define KHUI_NCT_FLAG_PROCESSED 1024
@@ -817,7 +817,7 @@ typedef struct tag_khui_control_row {
 
     \see khui_cw_destroy_cred_blob()
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_create_cred_blob(khui_new_creds ** c);
 
 /*! \brief Destroy a ::khui_new_creds object
@@ -831,7 +831,7 @@ khui_cw_create_cred_blob(khui_new_creds ** c);
 
     \see khui_cw_create_cred_blob()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_destroy_cred_blob(khui_new_creds *c);
 
 /*! \brief Lock the new_creds object
@@ -847,17 +847,17 @@ khui_cw_destroy_cred_blob(khui_new_creds *c);
     It is not necessary to lock a new credentials object when
     modifying it using the NetIDMgr API.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_lock_nc(khui_new_creds * c);
 
 /*! \brief Unlock a new_creds object
 
     \see khui_cw_lock_nc()
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_unlock_nc(khui_new_creds * c);
 
-/*! \brief Add a new panel to a new credentials acquisition window 
+/*! \brief Add a new panel to a new credentials acquisition window
 
     See the description of ::khui_new_cred_panel for information on
     how to populate it to describe a credentials type panel.
@@ -883,16 +883,16 @@ khui_cw_unlock_nc(khui_new_creds * c);
     \see ::khui_new_cred_panel
     \see ::khui_new_creds
 */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_add_type(khui_new_creds * c, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_add_type(khui_new_creds * c,
                  khui_new_creds_by_type * t);
 
 /*! \brief Remove a panel from a new credentials acquisition window
 
     \see khui_cw_add_type()
  */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_del_type(khui_new_creds * c, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_del_type(khui_new_creds * c,
                  khm_int32 type);
 
 /*! \brief Find the panel belonging to a particular credentials type
@@ -902,9 +902,9 @@ khui_cw_del_type(khui_new_creds * c,
 
     \see khui_cw_add_type()
  */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_find_type(khui_new_creds * c, 
-                  khm_int32 type, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_find_type(khui_new_creds * c,
+                  khm_int32 type,
                   khui_new_creds_by_type **t);
 
 /*! \brief Enable/disable a particular credentials type
@@ -914,7 +914,7 @@ khui_cw_find_type(khui_new_creds * c,
     participating in the new credentials acquisition.  However, the
     user will be prevented from interacting with the specific panel.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_enable_type(khui_new_creds * c,
                     khm_int32 type,
                     khm_boolean enable);
@@ -935,8 +935,8 @@ khui_cw_enable_type(khui_new_creds * c,
     identities associated with the new credentials acquisition dialog
     will also be discarded.
  */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_set_primary_id(khui_new_creds * c, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_set_primary_id(khui_new_creds * c,
                        khm_handle id);
 
 /*! \brief Add an additional identity to the new credentials acquisition
@@ -949,15 +949,15 @@ khui_cw_set_primary_id(khui_new_creds * c,
 
     Calling this function with \a id of NULL does nothing.
 */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_add_identity(khui_new_creds * c, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_add_identity(khui_new_creds * c,
                      khm_handle id);
 
 /*! \brief Clear all custom prompts
 
     Removes all the custom prompts from the new credentials dialog.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_clear_prompts(khui_new_creds * c);
 
 /*! \brief Synchronize custom prompt values
@@ -967,7 +967,7 @@ khui_cw_clear_prompts(khui_new_creds * c);
     values in the ::khui_new_creds object periodically.  However, the
     values may lose sync intermittently.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_sync_prompt_values(khui_new_creds * c);
 
 /*! \brief Begin custom prompting
@@ -982,10 +982,10 @@ khui_cw_sync_prompt_values(khui_new_creds * c);
     khui_cw_add_prompt().  The number of promtps that can be added
     will be exactly \a n_prompts.
  */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_begin_custom_prompts(khui_new_creds * c, 
-                             khm_size n_prompts, 
-                             wchar_t * banner, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_begin_custom_prompts(khui_new_creds * c,
+                             khm_size n_prompts,
+                             wchar_t * banner,
                              wchar_t * name);
 
 /*! \brief Add a custom prompt
@@ -1016,11 +1016,11 @@ khui_cw_begin_custom_prompts(khui_new_creds * c,
     \param[in] flags Flags.  Combination of
         ::KHUI_NCPROMPT_FLAG_HIDDEN
  */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_add_prompt(khui_new_creds * c, 
-                   khm_int32 type, 
-                   wchar_t * prompt, 
-                   wchar_t * def, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_add_prompt(khui_new_creds * c,
+                   khm_int32 type,
+                   wchar_t * prompt,
+                   wchar_t * def,
                    khm_int32 flags);
 
 /*! \brief Retrieve a custom prompt
@@ -1029,9 +1029,9 @@ khui_cw_add_prompt(khui_new_creds * c,
     zero-based index of the prompt to retrieve.  The ordering is the
     same as the order in which khui_cw_add_prompt() was called.
  */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_get_prompt(khui_new_creds * c, 
-                   khm_size idx, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_get_prompt(khui_new_creds * c,
+                   khm_size idx,
                    khui_new_creds_prompt ** prompt);
 
 /*! \brief Get the number of custom prompts
@@ -1043,7 +1043,7 @@ khui_cw_get_prompt(khui_new_creds * c,
     be registered (i.e. the \a n_prompts parameter passed to
     khui_cw_begin_custom_prompts()).
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_get_prompt_count(khui_new_creds * c,
                          khm_size * np);
 
@@ -1060,10 +1060,10 @@ khui_cw_get_prompt_count(khui_new_creds * c,
     starting to call khui_cw_get_prompt_value() so that the values
     returned are up-to-date.
  */
-KHMEXP khm_int32 KHMAPI 
-khui_cw_get_prompt_value(khui_new_creds * c, 
-                         khm_size idx, 
-                         wchar_t * buf, 
+KHMEXP khm_int32 KHMAPI
+khui_cw_get_prompt_value(khui_new_creds * c,
+                         khm_size idx,
+                         wchar_t * buf,
                          khm_size *cbbuf);
 
 /*! \brief Set the response for a plugin
@@ -1082,7 +1082,7 @@ khui_cw_get_prompt_value(khui_new_creds * c,
     - ::KHUI_NC_RESPONSE_NOEXIT
     - ::KHUI_NC_RESPONSE_EXIT
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_cw_set_response(khui_new_creds * c,
                      khm_int32 type,
                      khm_int32 response);
@@ -1099,7 +1099,7 @@ khui_cw_set_response(khui_new_creds * c,
     \return TRUE iff the queried type has reported that it successfully
         completed the credentials acquision operation.
  */
-KHMEXP khm_boolean KHMAPI 
+KHMEXP khm_boolean KHMAPI
 khui_cw_type_succeeded(khui_new_creds * c,
                        khm_int32 type);
 
diff --git a/src/windows/identity/uilib/khprops.h b/src/windows/identity/uilib/khprops.h
index a00c65f7f..181183cbb 100644
--- a/src/windows/identity/uilib/khprops.h
+++ b/src/windows/identity/uilib/khprops.h
@@ -33,7 +33,7 @@
   Property sheets
 **********************************************************************/
 
-/*! \addtogroup khui 
+/*! \addtogroup khui
 
 @{*/
 
@@ -122,7 +122,7 @@ typedef struct tag_khui_property_page {
 
     \note Only called by the NetIDMgr application.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_ps_create_sheet(khui_property_sheet ** sheet);
 
 /*! \brief Add a page to a property sheet
@@ -163,7 +163,7 @@ khui_ps_create_sheet(khui_property_sheet ** sheet);
         khui_ps_find_page() to retrieve a pointer to the structure
         later.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_ps_add_page(khui_property_sheet * sheet,
                  khm_int32 credtype,
                  khm_int32 ordinal,
@@ -181,26 +181,26 @@ khui_ps_find_page(khui_property_sheet * sheet,
 
     \note Only called by the NetIDMgr application
  */
-KHMEXP HWND KHMAPI 
-khui_ps_show_sheet(HWND parent, 
+KHMEXP HWND KHMAPI
+khui_ps_show_sheet(HWND parent,
                    khui_property_sheet * sheet);
 
 /*! \brief Check if the given message belongs to the property sheet
 
     \note Only called by the NetIDMgr application
  */
-KHMEXP LRESULT KHMAPI 
-khui_ps_check_message(khui_property_sheet * sheet, 
+KHMEXP LRESULT KHMAPI
+khui_ps_check_message(khui_property_sheet * sheet,
                       PMSG msg);
 
 /*! \brief Destroy a property sheet and all associated data structures.
 
     \note Only called by the NetIDMgr application.
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_ps_destroy_sheet(khui_property_sheet * sheet);
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_property_wnd_set_record(HWND hwnd_pwnd, khm_handle record);
 
 /*!@}*/
diff --git a/src/windows/identity/uilib/khremote.h b/src/windows/identity/uilib/khremote.h
index 3a79d6555..74e71a3d1 100644
--- a/src/windows/identity/uilib/khremote.h
+++ b/src/windows/identity/uilib/khremote.h
@@ -44,7 +44,7 @@
 #define NETID_REALM_SZ          192
 #define NETID_TITLE_SZ          256
 #define NETID_CCACHE_NAME_SZ    264
-  
+
 #define NETID_DLGTYPE_TGT      0
 #define NETID_DLGTYPE_CHPASSWD 1
 typedef struct {
@@ -72,7 +72,7 @@ typedef struct {
     } out;
     // Version 1 of this structure ends here
 } NETID_DLGINFO, *LPNETID_DLGINFO;
-  
+
 #define NETID_DLGINFO_V1_SZ (10 * sizeof(DWORD) \
          + sizeof(WCHAR) * (NETID_TITLE_SZ + \
          2 * NETID_USERNAME_SZ + 2 * NETID_REALM_SZ + \
diff --git a/src/windows/identity/uilib/khrescache.h b/src/windows/identity/uilib/khrescache.h
index 63baa1f72..2f0ba275b 100644
--- a/src/windows/identity/uilib/khrescache.h
+++ b/src/windows/identity/uilib/khrescache.h
@@ -29,16 +29,16 @@
 
 #include<khdefs.h>
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_init_rescache(void);
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_exit_rescache(void);
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_cache_bitmap(UINT id, HBITMAP hbm);
 
-KHMEXP HBITMAP KHMAPI 
+KHMEXP HBITMAP KHMAPI
 khui_get_cached_bitmap(UINT id);
 
 typedef struct khui_ilist_t {
@@ -58,7 +58,7 @@ typedef struct khui_bitmap_t {
     int cy;
 } khui_bitmap;
 
-KHMEXP void KHMAPI  
+KHMEXP void KHMAPI
 khui_bitmap_from_hbmp(khui_bitmap * kbm, HBITMAP hbm);
 
 KHMEXP void KHMAPI
@@ -68,27 +68,27 @@ KHMEXP void KHMAPI
 khui_draw_bitmap(HDC hdc, int x, int y, khui_bitmap * kbm);
 
 /* image lists */
-KHMEXP khui_ilist * KHMAPI  
+KHMEXP khui_ilist * KHMAPI
 khui_create_ilist(int cx, int cy, int n, int ng, int opt);
 
-KHMEXP BOOL KHMAPI          
+KHMEXP BOOL KHMAPI
 khui_delete_ilist(khui_ilist * il);
 
-KHMEXP int KHMAPI           
+KHMEXP int KHMAPI
 khui_ilist_add_masked(khui_ilist * il, HBITMAP hbm, COLORREF cbkg);
 
-KHMEXP int KHMAPI           
-khui_ilist_add_masked_id(khui_ilist *il, HBITMAP hbm, 
+KHMEXP int KHMAPI
+khui_ilist_add_masked_id(khui_ilist *il, HBITMAP hbm,
                          COLORREF cbkg, int id);
 
-KHMEXP int KHMAPI           
+KHMEXP int KHMAPI
 khui_ilist_lookup_id(khui_ilist *il, int id);
 
-KHMEXP void KHMAPI          
+KHMEXP void KHMAPI
 khui_ilist_draw(khui_ilist * il, int idx, HDC dc, int x, int y, int opt);
 
-KHMEXP void KHMAPI          
-khui_ilist_draw_bg(khui_ilist * il, int idx, HDC dc, int x, int y, 
+KHMEXP void KHMAPI
+khui_ilist_draw_bg(khui_ilist * il, int idx, HDC dc, int x, int y,
                    int opt, COLORREF bgcolor);
 
 #define khui_ilist_draw_id(il, id, dc, x, y, opt) \
diff --git a/src/windows/identity/uilib/khtracker.h b/src/windows/identity/uilib/khtracker.h
index 38be29a13..86adb344a 100644
--- a/src/windows/identity/uilib/khtracker.h
+++ b/src/windows/identity/uilib/khtracker.h
@@ -29,7 +29,7 @@
 
 #include<time.h>
 
-/*! \addtogroup khui 
+/*! \addtogroup khui
 
 @{ */
 
diff --git a/src/windows/identity/uilib/propsheet.c b/src/windows/identity/uilib/propsheet.c
index 068bcf00c..76e74043d 100644
--- a/src/windows/identity/uilib/propsheet.c
+++ b/src/windows/identity/uilib/propsheet.c
@@ -44,7 +44,7 @@ ps_exit(void) {
     DeleteCriticalSection(&cs_props);
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_ps_create_sheet(khui_property_sheet ** sheet)
 {
     khui_property_sheet * ps;
@@ -61,7 +61,7 @@ khui_ps_create_sheet(khui_property_sheet ** sheet)
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_ps_add_page(khui_property_sheet * sheet,
                  khm_int32 credtype,
                  khm_int32 ordinal,
@@ -77,7 +77,7 @@ khui_ps_add_page(khui_property_sheet * sheet,
     p->ordinal = ordinal;
     p->p_page = ppage;
 
-    EnterCriticalSection(&cs_props);    
+    EnterCriticalSection(&cs_props);
     QPUT(sheet, p);
     sheet->n_pages++;
     LeaveCriticalSection(&cs_props);
@@ -88,7 +88,7 @@ khui_ps_add_page(khui_property_sheet * sheet,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_ps_find_page(khui_property_sheet * sheet,
                   khm_int32 credtype,
                   khui_property_page ** page)
@@ -114,7 +114,7 @@ khui_ps_find_page(khui_property_sheet * sheet,
     }
 }
 
-int __cdecl 
+int __cdecl
 ps_order_func(const void *l, const void * r) {
     khui_property_page * lp;
     khui_property_page * rp;
@@ -128,7 +128,7 @@ ps_order_func(const void *l, const void * r) {
         return lp->ordinal - rp->ordinal;
 }
 
-KHMEXP HWND KHMAPI 
+KHMEXP HWND KHMAPI
 khui_ps_show_sheet(HWND parent, khui_property_sheet * s)
 {
     khui_property_page * p;
@@ -188,8 +188,8 @@ khui_ps_show_sheet(HWND parent, khui_property_sheet * s)
     return hw;
 }
 
-KHMEXP LRESULT KHMAPI 
-khui_ps_check_message(khui_property_sheet * sheet, 
+KHMEXP LRESULT KHMAPI
+khui_ps_check_message(khui_property_sheet * sheet,
                       PMSG pmsg)
 {
     LRESULT lr;
@@ -200,7 +200,7 @@ khui_ps_check_message(khui_property_sheet * sheet,
     lr = PropSheet_IsDialogMessage(sheet->hwnd, pmsg);
     if(lr) {
         sheet->hwnd_page = PropSheet_GetCurrentPageHwnd(sheet->hwnd);
-        if(sheet->hwnd_page == NULL && 
+        if(sheet->hwnd_page == NULL &&
            sheet->status == KHUI_PS_STATUS_RUNNING)
 
             sheet->status = KHUI_PS_STATUS_DONE;
@@ -209,7 +209,7 @@ khui_ps_check_message(khui_property_sheet * sheet,
     return lr;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 khui_ps_destroy_sheet(khui_property_sheet * sheet)
 {
     khui_property_page * p;
diff --git a/src/windows/identity/uilib/rescache.c b/src/windows/identity/uilib/rescache.c
index 7715cfdee..7b770b3e3 100644
--- a/src/windows/identity/uilib/rescache.c
+++ b/src/windows/identity/uilib/rescache.c
@@ -32,7 +32,7 @@
 
 hashtable * h_bitmaps;
 
-khm_int32 
+khm_int32
 hash_id(const void *p) {
 #pragma warning(push)
 #pragma warning(disable: 4311)
@@ -40,7 +40,7 @@ hash_id(const void *p) {
 #pragma warning(pop)
 }
 
-khm_int32 
+khm_int32
 comp_id(const void *p1, const void *p2) {
 #pragma warning(push)
 #pragma warning(disable: 4311)
@@ -48,33 +48,33 @@ comp_id(const void *p1, const void *p2) {
 #pragma warning(pop)
 }
 
-void 
+void
 del_ref_object(const void *k, void * data) {
     DeleteObject((HGDIOBJ) data);
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_init_rescache(void) {
-    h_bitmaps = hash_new_hashtable(127, hash_id, comp_id, NULL, 
+    h_bitmaps = hash_new_hashtable(127, hash_id, comp_id, NULL,
                                    del_ref_object);
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_exit_rescache(void) {
     hash_del_hashtable(h_bitmaps);
 }
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_cache_bitmap(UINT id, HBITMAP hbm) {
     hash_add(h_bitmaps, (void *)(size_t) id, (void *) hbm);
 }
 
-KHMEXP HBITMAP KHMAPI 
+KHMEXP HBITMAP KHMAPI
 khui_get_cached_bitmap(UINT id) {
     return (HBITMAP) hash_lookup(h_bitmaps, (void *)(size_t) id);
 }
 
-KHMEXP khui_ilist * KHMAPI 
+KHMEXP khui_ilist * KHMAPI
 khui_create_ilist(int cx, int cy, int n, int ng, int opt) {
     BITMAPV5HEADER head;
     HDC hdc;
@@ -110,7 +110,7 @@ khui_create_ilist(int cx, int cy, int n, int ng, int opt) {
     return il;
 }
 
-KHMEXP BOOL KHMAPI 
+KHMEXP BOOL KHMAPI
 khui_delete_ilist(khui_ilist * il) {
     DeleteObject(il->img);
     DeleteObject(il->mask);
@@ -120,10 +120,10 @@ khui_delete_ilist(khui_ilist * il) {
     return TRUE;
 }
 
-KHMEXP int KHMAPI 
-khui_ilist_add_masked_id(khui_ilist *il, 
-                         HBITMAP hbm, 
-                         COLORREF cbkg, 
+KHMEXP int KHMAPI
+khui_ilist_add_masked_id(khui_ilist *il,
+                         HBITMAP hbm,
+                         COLORREF cbkg,
                          int id) {
     int idx;
 
@@ -135,7 +135,7 @@ khui_ilist_add_masked_id(khui_ilist *il,
     return idx;
 }
 
-KHMEXP int KHMAPI 
+KHMEXP int KHMAPI
 khui_ilist_lookup_id(khui_ilist *il, int id) {
     int i;
 
@@ -147,7 +147,7 @@ khui_ilist_lookup_id(khui_ilist *il, int id) {
     return -1;
 }
 
-KHMEXP int KHMAPI 
+KHMEXP int KHMAPI
 khui_ilist_add_masked(khui_ilist * il, HBITMAP hbm, COLORREF cbkg) {
     HDC dcr,dci,dct,dcb;
     HBITMAP hb_oldb, hb_oldi, hb_oldt;
@@ -194,12 +194,12 @@ khui_ilist_add_masked(khui_ilist * il, HBITMAP hbm, COLORREF cbkg) {
     return i;
 }
 
-KHMEXP void KHMAPI 
-khui_ilist_draw(khui_ilist * il, 
-                int idx, 
-                HDC dc, 
-                int x, 
-                int y, 
+KHMEXP void KHMAPI
+khui_ilist_draw(khui_ilist * il,
+                int idx,
+                HDC dc,
+                int x,
+                int y,
                 int opt) {
     HDC dci;
     HBITMAP hb_oldi;
@@ -220,13 +220,13 @@ khui_ilist_draw(khui_ilist * il,
     DeleteDC(dci);
 }
 
-KHMEXP void KHMAPI 
-khui_ilist_draw_bg(khui_ilist * il, 
-                   int idx, 
-                   HDC dc, 
-                   int x, 
-                   int y, 
-                   int opt, 
+KHMEXP void KHMAPI
+khui_ilist_draw_bg(khui_ilist * il,
+                   int idx,
+                   HDC dc,
+                   int x,
+                   int y,
+                   int opt,
                    COLORREF bgcolor) {
     HDC dcm;
     HBITMAP hb_oldm, hb_mem;
@@ -253,7 +253,7 @@ khui_ilist_draw_bg(khui_ilist * il,
     BitBlt(dc,x,y,il->cx,il->cy,dcm,0,0,SRCCOPY);
 
     SelectObject(dcm, hb_oldm);
-    
+
     DeleteObject(hb_mem);
     DeleteObject(hbr);
 
@@ -261,7 +261,7 @@ khui_ilist_draw_bg(khui_ilist * il,
 }
 
 
-KHMEXP void KHMAPI 
+KHMEXP void KHMAPI
 khui_bitmap_from_hbmp(khui_bitmap * kbm, HBITMAP hbm)
 {
     HDC hdc;
diff --git a/src/windows/identity/uilib/trackerwnd.c b/src/windows/identity/uilib/trackerwnd.c
index cc434d95f..70c3137f7 100644
--- a/src/windows/identity/uilib/trackerwnd.c
+++ b/src/windows/identity/uilib/trackerwnd.c
@@ -105,8 +105,8 @@ time_t ticks_to_time_t(int ticks, time_t tmin)
 
     NOTE: Runs in the context of the UI thread
 */
-void 
-initialize_tracker(HWND hwnd, 
+void
+initialize_tracker(HWND hwnd,
                    khui_tracker * tc)
 {
     RECT r;
@@ -142,7 +142,7 @@ initialize_tracker(HWND hwnd,
 
    NOTE: Runs in the context of the UI thread
    */
-LRESULT CALLBACK 
+LRESULT CALLBACK
 duration_tracker_proc(HWND hwnd,
                       UINT uMsg,
                       WPARAM wParam,
@@ -184,7 +184,7 @@ duration_tracker_proc(HWND hwnd,
 
             SetTextAlign(hdc, TA_LEFT | TA_TOP | TA_NOUPDATECP);
             TextOut(hdc, tc->lbl_lx, tc->lbl_y, buf, (int) wcslen(buf));
-                
+
             TimetToFileTimeInterval(tc->max, &ft);
             cbbuf = sizeof(buf);
             FtIntervalToString(&ft, buf, &cbbuf);
@@ -195,7 +195,7 @@ duration_tracker_proc(HWND hwnd,
             ((HFONT) SelectObject((hdc), (HGDIOBJ)(HFONT)(hfold)));
 
             ReleaseDC(hwnd, hdc);
-                
+
             return lr;
         }
         break;
@@ -240,9 +240,9 @@ duration_tracker_proc(HWND hwnd,
 
 
 /* Create the subclassed duration slider on behalf of an edit control */
-void 
-create_edit_sliders(HWND hwnd, 
-                       HWND hwnd_dlg, 
+void
+create_edit_sliders(HWND hwnd,
+                       HWND hwnd_dlg,
                        khui_tracker * tc)
 {
     RECT r;
@@ -258,19 +258,19 @@ create_edit_sliders(HWND hwnd,
     rs.right -= rs.left;
     rs.bottom -= rs.top;
 
-    tc->hw_slider = 
+    tc->hw_slider =
         CreateWindowEx(WS_EX_OVERLAPPEDWINDOW,
                        TRACKBAR_CLASS,
                        L"NetIDMgrTimeTickerTrackbar",
                        WS_POPUP | TBS_AUTOTICKS | TBS_BOTTOM |
 #if (_WIN32_IE >= 0x0501)
-                       TBS_DOWNISLEFT | 
+                       TBS_DOWNISLEFT |
 #endif
                        TBS_HORZ | WS_CLIPCHILDREN,
                        r.left,r.bottom,rs.right,rs.bottom,
                        hwnd,
                        NULL,
-                       (HINSTANCE)(DWORD_PTR) 
+                       (HINSTANCE)(DWORD_PTR)
                        GetWindowLongPtr(hwnd, GWLP_HINSTANCE),
                        NULL);
 
@@ -288,7 +288,7 @@ create_edit_sliders(HWND hwnd,
 
     NOTE: Runs in the context of the UI thread
     */
-LRESULT CALLBACK 
+LRESULT CALLBACK
 duration_edit_proc(HWND hwnd,
                    UINT uMsg,
                    WPARAM wParam,
@@ -425,8 +425,8 @@ khui_tracker_install(HWND hwnd_edit, khui_tracker * tc) {
 
 #pragma warning(push)
 #pragma warning(disable: 4244)
-    tc->fn_edit = (WNDPROC)(LONG_PTR) 
-        SetWindowLongPtr(hwnd_edit, GWLP_WNDPROC, 
+    tc->fn_edit = (WNDPROC)(LONG_PTR)
+        SetWindowLongPtr(hwnd_edit, GWLP_WNDPROC,
                          (LONG_PTR) duration_edit_proc);
 #pragma warning(pop)
 }
@@ -439,9 +439,9 @@ khui_tracker_reposition(khui_tracker * tc) {
         GetWindowRect(tc->hw_edit, &r);
         SetWindowPos(tc->hw_slider,
                      NULL,
-                     r.left, r.bottom, 
-                     0, 0, 
-                     SWP_NOOWNERZORDER | SWP_NOSIZE | 
+                     r.left, r.bottom,
+                     0, 0,
+                     SWP_NOOWNERZORDER | SWP_NOSIZE |
                      SWP_NOZORDER | SWP_NOACTIVATE);
     }
 }
@@ -457,7 +457,7 @@ khui_tracker_refresh(khui_tracker * tc) {
         return;
 
     SendMessage(tc->hw_edit,
-                KHUI_WM_NC_NOTIFY, 
+                KHUI_WM_NC_NOTIFY,
                 MAKEWPARAM(0,WMNC_DIALOG_SETUP), 0);
 }
 
@@ -472,6 +472,3 @@ khui_tracker_kill_controls(khui_tracker * tc) {
     tc->fn_edit = NULL;
     tc->fn_tracker = NULL;
 }
-
-
-
diff --git a/src/windows/identity/uilib/uibind.c b/src/windows/identity/uilib/uibind.c
index f2f44cc3e..a03b35da3 100644
--- a/src/windows/identity/uilib/uibind.c
+++ b/src/windows/identity/uilib/uibind.c
@@ -57,6 +57,3 @@ khui_request_UI_callback(khm_ui_callback cb, void * rock) {
 
     return cbdata.rv;
 }
-
-
-
diff --git a/src/windows/identity/util/hashtable.c b/src/windows/identity/util/hashtable.c
index 7836179d6..9d3b42cf4 100644
--- a/src/windows/identity/util/hashtable.c
+++ b/src/windows/identity/util/hashtable.c
@@ -30,11 +30,11 @@
 #include<hashtable.h>
 #include<stdlib.h>
 
-KHMEXP hashtable * KHMAPI hash_new_hashtable(khm_int32 n, 
-                               hash_function_t hash, 
+KHMEXP hashtable * KHMAPI hash_new_hashtable(khm_int32 n,
+                               hash_function_t hash,
                                comp_function_t comp,
                                add_ref_function_t addr,
-                               del_ref_function_t delr) 
+                               del_ref_function_t delr)
 {
     hashtable * h;
 
@@ -160,7 +160,7 @@ KHMEXP khm_int32 hash_string(const void *vs) {
 
     khm_int32 hv = 13331;
     wchar_t * c;
-    
+
     for(c = (wchar_t *) vs; *c; c++) {
         hv = ((hv<<5) + hv) + (khm_int32) *c;
     }
diff --git a/src/windows/identity/util/hashtable.h b/src/windows/identity/util/hashtable.h
index 72fff2294..c9647b5da 100644
--- a/src/windows/identity/util/hashtable.h
+++ b/src/windows/identity/util/hashtable.h
@@ -106,8 +106,8 @@ typedef struct hashtable_t {
     \param[in] delr A del-ref function. Optional; can be NULL.
 
  */
-KHMEXP hashtable * KHMAPI hash_new_hashtable(khm_int32 n, 
-                               hash_function_t hash, 
+KHMEXP hashtable * KHMAPI hash_new_hashtable(khm_int32 n,
+                               hash_function_t hash,
                                comp_function_t comp,
                                add_ref_function_t addr,
                                del_ref_function_t delr);
diff --git a/src/windows/identity/util/mstring.c b/src/windows/identity/util/mstring.c
index 176afc46c..0d5c86178 100644
--- a/src/windows/identity/util/mstring.c
+++ b/src/windows/identity/util/mstring.c
@@ -45,7 +45,7 @@ multi_string_init(wchar_t * ms,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 multi_string_append(wchar_t * ms,
                     khm_size * pcb_ms,
                     const wchar_t * str)
@@ -91,7 +91,7 @@ multi_string_append(wchar_t * ms,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 multi_string_prepend(wchar_t * ms,
                      khm_size * pcb_ms,
                      const wchar_t * str)
@@ -129,7 +129,7 @@ multi_string_prepend(wchar_t * ms,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 multi_string_delete(wchar_t * ms,
                     const wchar_t * str,
                     const khm_int32 flags)
@@ -168,7 +168,7 @@ multi_string_delete(wchar_t * ms,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP wchar_t * KHMAPI 
+KHMEXP wchar_t * KHMAPI
 multi_string_find(const wchar_t * ms,
                   const wchar_t * str,
                   const khm_int32 flags)
@@ -207,7 +207,7 @@ multi_string_find(const wchar_t * ms,
     return NULL;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 multi_string_to_csv(wchar_t * csvbuf,
                     khm_size * pcb_csvbuf,
                     const wchar_t * ms)
@@ -298,7 +298,7 @@ multi_string_to_csv(wchar_t * csvbuf,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 csv_to_multi_string(wchar_t * ms,
                     khm_size * pcb_ms,
                     const wchar_t * csv)
@@ -389,7 +389,7 @@ csv_to_multi_string(wchar_t * ms,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP wchar_t * KHMAPI 
+KHMEXP wchar_t * KHMAPI
 multi_string_next(const wchar_t * str)
 {
     size_t cch;
@@ -407,7 +407,7 @@ multi_string_next(const wchar_t * str)
     }
 }
 
-KHMEXP khm_size KHMAPI 
+KHMEXP khm_size KHMAPI
 multi_string_length_n(const wchar_t * str)
 {
     size_t n = 0;
@@ -421,28 +421,28 @@ multi_string_length_n(const wchar_t * str)
     return n;
 }
 
-KHMEXP khm_int32 KHMAPI 
-multi_string_length_cb(const wchar_t * str, 
-                       khm_size max_cb, 
+KHMEXP khm_int32 KHMAPI
+multi_string_length_cb(const wchar_t * str,
+                       khm_size max_cb,
                        khm_size * len_cb)
 {
     khm_size cch;
     khm_int32 rv;
 
     rv = multi_string_length_cch(str, max_cb / sizeof(wchar_t), &cch);
-    
+
     if(KHM_FAILED(rv))
         return rv;
-    
+
     if(len_cb)
         *len_cb = cch * sizeof(wchar_t);
 
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
-multi_string_length_cch(const wchar_t * str, 
-                        khm_size max_cch, 
+KHMEXP khm_int32 KHMAPI
+multi_string_length_cch(const wchar_t * str,
+                        khm_size max_cch,
                         khm_size * len_cch)
 {
     const wchar_t * s;
@@ -471,9 +471,9 @@ multi_string_length_cch(const wchar_t * str,
     return KHM_ERROR_SUCCESS;
 }
 
-KHMEXP khm_int32 KHMAPI 
-multi_string_copy_cb(wchar_t * s_dest, 
-                         khm_size max_cb_dest, 
+KHMEXP khm_int32 KHMAPI
+multi_string_copy_cb(wchar_t * s_dest,
+                         khm_size max_cb_dest,
                          const wchar_t * src)
 {
     khm_size cb_dest;
@@ -491,9 +491,9 @@ multi_string_copy_cb(wchar_t * s_dest,
     return rv;
 }
 
-KHMEXP khm_int32 KHMAPI 
-multi_string_copy_cch(wchar_t * s_dest, 
-                      khm_size max_cch_dest, 
+KHMEXP khm_int32 KHMAPI
+multi_string_copy_cch(wchar_t * s_dest,
+                      khm_size max_cch_dest,
                       const wchar_t * src)
 {
     khm_size cch_dest;
diff --git a/src/windows/identity/util/mstring.h b/src/windows/identity/util/mstring.h
index 497cb777d..3eebb4317 100644
--- a/src/windows/identity/util/mstring.h
+++ b/src/windows/identity/util/mstring.h
@@ -66,7 +66,7 @@ multi_string_init(wchar_t * ms,
         longer than KHM_MAXCCH_STRING in characters including the
         terminating NULL.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 multi_string_prepend(wchar_t * ms,
                      khm_size * pcb_ms,
                      const wchar_t * str);
@@ -97,7 +97,7 @@ multi_string_prepend(wchar_t * ms,
 
     \retval KHM_ERROR_INVALID_PARAM One of more of the parameters were invalid.
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 multi_string_append(wchar_t * ms,
                     khm_size * pcb_ms,
                     const wchar_t * str);
@@ -111,7 +111,7 @@ multi_string_append(wchar_t * ms,
 
     \param[in] ms The multi string to modify.  The length of the multi
         string in characters cannot exceed KHM_MAXCCH_STRING.
- 
+
     \param[in] str The string to search for
 
     \param[in] flags How \a str is to be matched to existing strings
@@ -132,7 +132,7 @@ multi_string_append(wchar_t * ms,
     \note The search for the existing string is done with
         multi_string_find()
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 multi_string_delete(wchar_t * ms,
                     const wchar_t * str,
                     const khm_int32 flags);
@@ -163,7 +163,7 @@ multi_string_delete(wchar_t * ms,
         NULL if no matches were found.
 
  */
-KHMEXP wchar_t * KHMAPI 
+KHMEXP wchar_t * KHMAPI
 multi_string_find(const wchar_t * ms,
                   const wchar_t * str,
                   const khm_int32 flags);
@@ -173,9 +173,9 @@ multi_string_find(const wchar_t * ms,
     Converts a multi string to a comma separated value string based on
     the following rules.
 
-    - Each string in the multi string is treated an individual field 
+    - Each string in the multi string is treated an individual field
 
-    - A field is quoted if it has double quotes or commas 
+    - A field is quoted if it has double quotes or commas
 
     - Double quotes within quoted fields are escaped by two
       consecutive double quotes.
@@ -213,7 +213,7 @@ multi_string_find(const wchar_t * ms,
 
     \see csv_to_multi_string()
 */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 multi_string_to_csv(wchar_t * csvbuf,
                     khm_size * pcb_csvbuf,
                     const wchar_t * ms);
@@ -243,7 +243,7 @@ multi_string_to_csv(wchar_t * csvbuf,
     \retval KHM_ERROR_INVALID_PARAM One or more parameters were invalid.
 
  */
-KHMEXP khm_int32 KHMAPI 
+KHMEXP khm_int32 KHMAPI
 csv_to_multi_string(wchar_t * ms,
                     khm_size * pcb_ms,
                     const wchar_t * csv);
@@ -266,7 +266,7 @@ csv_to_multi_string(wchar_t * ms,
     \return A pointer to the start of the next string in the multi
         string or NULL if there is no more strings.
  */
-KHMEXP wchar_t * KHMAPI 
+KHMEXP wchar_t * KHMAPI
 multi_string_next(const wchar_t * str);
 
 /*! \brief Get the length of a multi string in bytes
@@ -285,9 +285,9 @@ multi_string_next(const wchar_t * str);
     \retval KHM_ERROR_TOO_LONG The multi string is longer than \a
         max_cb bytes.
  */
-KHMEXP khm_int32 KHMAPI 
-multi_string_length_cb(const wchar_t * str, 
-                       khm_size max_cb, 
+KHMEXP khm_int32 KHMAPI
+multi_string_length_cb(const wchar_t * str,
+                       khm_size max_cb,
                        khm_size * len_cb);
 
 /*! \brief Get the length of a multi string in characters
@@ -306,14 +306,14 @@ multi_string_length_cb(const wchar_t * str,
     \retval KHM_ERROR_TOO_LONG The multi string is longer than \a
         max_cch characters.
  */
-KHMEXP khm_int32 KHMAPI 
-multi_string_length_cch(const wchar_t * str, 
-                        khm_size max_cch, 
+KHMEXP khm_int32 KHMAPI
+multi_string_length_cch(const wchar_t * str,
+                        khm_size max_cch,
                         khm_size * len_cch);
 
 /*! \brief Get the number of strings in a multi string
  */
-KHMEXP khm_size KHMAPI 
+KHMEXP khm_size KHMAPI
 multi_string_length_n(const wchar_t * str);
 
 /*! \brief Copy a multi string with byte counts
@@ -331,9 +331,9 @@ multi_string_length_n(const wchar_t * str);
     \retval KHM_ERROR_TOO_LONG The size of the destination buffer was
         insufficient.
  */
-KHMEXP khm_int32 KHMAPI 
-multi_string_copy_cb(wchar_t * s_dest, 
-                     khm_size max_cb_dest, 
+KHMEXP khm_int32 KHMAPI
+multi_string_copy_cb(wchar_t * s_dest,
+                     khm_size max_cb_dest,
                      const wchar_t * src);
 
 /*! \brief Copy a multi string with character count
@@ -351,9 +351,9 @@ multi_string_copy_cb(wchar_t * s_dest,
     \retval KHM_ERROR_TOO_LONG The size of the destination buffer was
         insufficient.
  */
-KHMEXP khm_int32 KHMAPI 
-multi_string_copy_cch(wchar_t * s_dest, 
-                      khm_size max_cch_dest, 
+KHMEXP khm_int32 KHMAPI
+multi_string_copy_cch(wchar_t * s_dest,
+                      khm_size max_cch_dest,
                       const wchar_t * src);
 
 /*@}*/
diff --git a/src/windows/identity/util/perfstat.c b/src/windows/identity/util/perfstat.c
index aece7e273..6eddb4697 100644
--- a/src/windows/identity/util/perfstat.c
+++ b/src/windows/identity/util/perfstat.c
@@ -209,7 +209,7 @@ perf_calloc(const char * file, int line, size_t num, size_t size) {
     return ptr;
 }
 
-KHMEXP void * 
+KHMEXP void *
 perf_malloc(const char * file, int line, size_t s) {
     allocation * a;
     void * ptr;
diff --git a/src/windows/identity/util/sync.c b/src/windows/identity/util/sync.c
index ba20424c4..23465ce56 100644
--- a/src/windows/identity/util/sync.c
+++ b/src/windows/identity/util/sync.c
@@ -39,7 +39,7 @@ KHMEXP void KHMAPI InitializeRwLock(PRWLOCK pLock)
     pLock->locks = 0;
     pLock->status = LOCK_OPEN;
     InitializeCriticalSection(&(pLock->cs));
-    pLock->writewx = CreateEvent(NULL, 
+    pLock->writewx = CreateEvent(NULL,
                                  FALSE, /* Manual reset */
                                  TRUE,  /* Initial state */
                                  NULL);
@@ -95,7 +95,7 @@ KHMEXP void KHMAPI LockReleaseRead(PRWLOCK pLock)
 KHMEXP void KHMAPI LockObtainWrite(PRWLOCK pLock)
 {
     EnterCriticalSection(&(pLock->cs));
-    if(pLock->status == LOCK_WRITING && 
+    if(pLock->status == LOCK_WRITING &&
        pLock->writer == GetCurrentThreadId()) {
         pLock->locks++;
         LeaveCriticalSection(&(pLock->cs));
diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c
index c07bd81c3..bd09fcd4b 100644
--- a/src/windows/kfwlogon/kfwcommon.c
+++ b/src/windows/kfwlogon/kfwcommon.c
@@ -301,12 +301,12 @@ BOOL IsDebugLogging(void)
     HKEY NPKey;
     DWORD dwDebug = FALSE;
 
-    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, 
-		     "System\\CurrentControlSet\\Services\\MIT Kerberos\\NetworkProvider", 
-		     0, KEY_QUERY_VALUE, &NPKey) == ERROR_SUCCESS) 
+    if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
+		     "System\\CurrentControlSet\\Services\\MIT Kerberos\\NetworkProvider",
+		     0, KEY_QUERY_VALUE, &NPKey) == ERROR_SUCCESS)
     {
 	LSPsize=sizeof(dwDebug);
-	if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS) 
+	if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS)
 	{
 	    dwDebug = FALSE;
 	}
@@ -316,10 +316,10 @@ BOOL IsDebugLogging(void)
     return(dwDebug ? TRUE : FALSE);
 }
 
-void DebugEvent0(char *a) 
+void DebugEvent0(char *a)
 {
     HANDLE h; char *ptbuf[1];
-    
+
     if (IsDebugLogging()) {
 	h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);
 	if (h) {
@@ -331,7 +331,7 @@ void DebugEvent0(char *a)
 }
 
 #define MAXBUF_ 512
-void DebugEvent(char *b,...) 
+void DebugEvent(char *b,...)
 {
     HANDLE h; char *ptbuf[1],buf[MAXBUF_+1];
     va_list marker;
@@ -352,7 +352,7 @@ void DebugEvent(char *b,...)
 
 void
 UnloadFuncs(
-    FUNC_INFO fi[], 
+    FUNC_INFO fi[],
     HINSTANCE h
     )
 {
@@ -365,8 +365,8 @@ UnloadFuncs(
 
 int
 LoadFuncs(
-    const char* dll_name, 
-    FUNC_INFO fi[], 
+    const char* dll_name,
+    FUNC_INFO fi[],
     HINSTANCE* ph,  // [out, optional] - DLL handle
     int* pindex,    // [out, optional] - index of last func loaded (-1 if none)
     int cleanup,    // cleanup function pointers and unload on error
@@ -433,7 +433,7 @@ KFW_initialize(void)
         HANDLE hMutex = NULL;
 
         sprintf(mutexName, "AFS KFW Init pid=%d", getpid());
-        
+
         hMutex = CreateMutex( NULL, TRUE, mutexName );
         if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
             if ( WaitForSingleObject( hMutex, INFINITE ) != WAIT_OBJECT_0 ) {
@@ -480,13 +480,13 @@ KFW_cleanup(void)
 }
 
 
-int 
+int
 KFW_is_available(void)
 {
     KFW_initialize();
-    if ( hKrb5 && hComErr && hService && 
+    if ( hKrb5 && hComErr && hService &&
 #ifdef USE_MS2MIT
-         hSecur32 && 
+         hSecur32 &&
 #endif /* USE_MS2MIT */
          hProfile && hLeash && hCCAPI )
         return TRUE;
@@ -581,16 +581,16 @@ KFW_kinit( krb5_context alt_ctx,
     if ( alt_cc ) {
         cc = alt_cc;
     } else {
-        code = pkrb5_cc_default(ctx, &cc);  
+        code = pkrb5_cc_default(ctx, &cc);
         if (code) goto cleanup;
     }
 
     code = pkrb5_parse_name(ctx, principal_name, &me);
-    if (code) 
+    if (code)
 	goto cleanup;
 
     code = pkrb5_unparse_name(ctx, me, &name);
-    if (code) 
+    if (code)
 	goto cleanup;
 
     if (lifetime == 0)
@@ -664,14 +664,14 @@ KFW_kinit( krb5_context alt_ctx,
 
             netIPAddr = htonl(publicIP);
             memcpy(addrs[i]->contents,&netIPAddr,4);
-        
+
             pkrb5_get_init_creds_opt_set_address_list(&options,addrs);
 
         }
     }
 
-    code = pkrb5_get_init_creds_password(ctx, 
-                                       &my_creds, 
+    code = pkrb5_get_init_creds_password(ctx,
+                                       &my_creds,
                                        me,
                                        password, // password
                                        NULL,     // no prompter
@@ -679,15 +679,15 @@ KFW_kinit( krb5_context alt_ctx,
                                        0, // start time
                                        0, // service name
                                        &options);
-    if (code) 
+    if (code)
 	goto cleanup;
 
     code = pkrb5_cc_initialize(ctx, cc, me);
-    if (code) 
+    if (code)
 	goto cleanup;
 
     code = pkrb5_cc_store_cred(ctx, cc, &my_creds);
-    if (code) 
+    if (code)
 	goto cleanup;
 
  cleanup:
@@ -716,7 +716,7 @@ KFW_kinit( krb5_context alt_ctx,
 
 
 int
-KFW_get_cred( char * username, 
+KFW_get_cred( char * username,
 	      char * password,
 	      int lifetime,
 	      char ** reasonP )
@@ -748,7 +748,7 @@ KFW_get_cred( char * username,
     } else {
 	goto cleanup;
     }
-    
+
     DebugEvent0(realm);
     DebugEvent0(pname);
 
@@ -766,8 +766,8 @@ KFW_get_cred( char * username,
 
     DebugEvent0("got lifetime");
 
-    code = KFW_kinit( ctx, cc, HWND_DESKTOP, 
-		      pname, 
+    code = KFW_kinit( ctx, cc, HWND_DESKTOP,
+		      pname,
 		      password,
 		      lifetime,
 		      pLeash_get_default_forwardable(),
@@ -802,7 +802,7 @@ int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken)
     PTOKEN_USER pTokenUser = NULL;
     DWORD retLen;
     DWORD gle;
-    int ret = 0;  
+    int ret = 0;
 
     if (!filename) {
 	DebugEvent0("KFW_set_ccache_dacl - invalid parms");
@@ -833,13 +833,13 @@ int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken)
 		{
 		    DebugEvent("GetTokenInformation failed: GLE = %lX", GetLastError());
 		}
-	    }		 
+	    }
 	}
 
 	if (pTokenUser) {
 	    UserSIDlength = GetLengthSid(pTokenUser->User.Sid);
 
-	    ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength 
+	    ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength
 		- sizeof(DWORD);
 	}
     }
@@ -862,7 +862,7 @@ int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken)
 	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
 				   DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
 				   NULL,
-				   NULL, 
+				   NULL,
 				   ccacheACL,
 				   NULL)) {
 	    gle = GetLastError();
@@ -873,7 +873,7 @@ int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken)
 	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
 				   OWNER_SECURITY_INFORMATION,
 				   pTokenUser->User.Sid,
-				   NULL, 
+				   NULL,
 				   NULL,
 				   NULL)) {
 	    gle = GetLastError();
@@ -885,7 +885,7 @@ int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken)
 	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
 				   DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
 				   NULL,
-				   NULL, 
+				   NULL,
 				   ccacheACL,
 				   NULL)) {
 	    gle = GetLastError();
@@ -913,7 +913,7 @@ int KFW_set_ccache_dacl_with_user_sid(char *filename, PSID pUserSID)
     PACL ccacheACL = NULL;
     DWORD ccacheACLlength = 0;
     DWORD gle;
-    int ret = 0;  
+    int ret = 0;
 
     if (!filename) {
 	DebugEvent0("KFW_set_ccache_dacl_with_user_sid - invalid parms");
@@ -937,7 +937,7 @@ int KFW_set_ccache_dacl_with_user_sid(char *filename, PSID pUserSID)
     if (pUserSID) {
 	UserSIDlength = GetLengthSid(pUserSID);
 
-	ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength 
+	ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength
 	    - sizeof(DWORD);
     }
 
@@ -959,7 +959,7 @@ int KFW_set_ccache_dacl_with_user_sid(char *filename, PSID pUserSID)
 	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
 				   DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
 				   NULL,
-				   NULL, 
+				   NULL,
 				   ccacheACL,
 				   NULL)) {
 	    gle = GetLastError();
@@ -970,7 +970,7 @@ int KFW_set_ccache_dacl_with_user_sid(char *filename, PSID pUserSID)
 	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
 				   OWNER_SECURITY_INFORMATION,
 				   pUserSID,
-				   NULL, 
+				   NULL,
 				   NULL,
 				   NULL)) {
 	    gle = GetLastError();
@@ -982,7 +982,7 @@ int KFW_set_ccache_dacl_with_user_sid(char *filename, PSID pUserSID)
 	if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
 				   DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
 				   NULL,
-				   NULL, 
+				   NULL,
 				   ccacheACL,
 				   NULL)) {
 	    gle = GetLastError();
@@ -1031,7 +1031,7 @@ KFW_copy_cache_to_system_file(const char * user, const char * filename)
     krb5_ccache			cc  = 0;
     krb5_ccache                 ncc = 0;
     PSECURITY_ATTRIBUTES        pSA = NULL;
-    
+
     if (!pkrb5_init_context || !user || !filename)
         return;
 
@@ -1107,7 +1107,7 @@ KFW_copy_file_cache_to_default_cache(char * filename)
 	DebugEvent0("kfwcpcc krb5_cc_resolve failed");
 	goto cleanup;
     }
-    
+
     code = pkrb5_cc_get_principal(ctx, cc, &princ);
     if (code) {
 	DebugEvent0("kfwcpcc krb5_cc_get_principal failed");
@@ -1184,7 +1184,7 @@ KFW_copy_file_cache_to_api_cache(char * filename)
 	DebugEvent0("kfwcpcc krb5_cc_resolve failed");
 	goto cleanup;
     }
-    
+
     code = pkrb5_cc_get_principal(ctx, cc, &princ);
     if (code) {
 	DebugEvent0("kfwcpcc krb5_cc_get_principal failed");
@@ -1244,7 +1244,7 @@ KFW_copy_file_cache_to_api_cache(char * filename)
 }
 
 
-int 
+int
 KFW_destroy_tickets_for_principal(char * user)
 {
     krb5_context		ctx = 0;
@@ -1285,7 +1285,7 @@ KFW_destroy_tickets_for_principal(char * user)
 /* There are scenarios in which an interactive logon will not
  * result in the LogonScript being executed.  This will result
  * in orphaned cache files being left in the Temp directory.
- * This function will search for cache files in the Temp 
+ * This function will search for cache files in the Temp
  * directory and delete any that are older than five minutes.
  */
 void
diff --git a/src/windows/kfwlogon/kfwcpcc.c b/src/windows/kfwlogon/kfwcpcc.c
index fb0861e47..0ddd0a190 100644
--- a/src/windows/kfwlogon/kfwcpcc.c
+++ b/src/windows/kfwlogon/kfwcpcc.c
@@ -35,5 +35,3 @@ int main(int argc, char *argv[])
 
     return KFW_copy_file_cache_to_api_cache(argv[1]);
 }
-
-
diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c
index 54d7a5a1d..d851c4685 100644
--- a/src/windows/kfwlogon/kfwlogon.c
+++ b/src/windows/kfwlogon/kfwlogon.c
@@ -77,7 +77,7 @@ DWORD APIENTRY NPGetCaps(DWORD index)
     default:
         return 0;
     }
-}       
+}
 
 
 static BOOL
@@ -91,7 +91,7 @@ UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOu
     if (CodePageInfo.MaxCharSize > 1)
         // Only supporting non-Unicode strings
         return FALSE;
-    
+
     if (uInputString.Buffer && ((LPBYTE) uInputString.Buffer)[1] == '\0')
     {
         // Looks like unicode, better translate it
@@ -134,16 +134,16 @@ is_windows_vista(void)
 
 
 /* Construct a Logon Script that will cause the LogonEventHandler to be executed
- * under in the logon session 
+ * under in the logon session
  */
 
 #define RUNDLL32_CMDLINE "rundll32.exe kfwlogon.dll,LogonEventHandler "
-VOID 
+VOID
 ConfigureLogonScript(LPWSTR *lpLogonScript, char * filename) {
     DWORD dwLogonScriptLen;
     LPWSTR lpScript;
     LPSTR lpTemp;
-    
+
     if (!lpLogonScript)
 	return;
     *lpLogonScript = NULL;
@@ -152,7 +152,7 @@ ConfigureLogonScript(LPWSTR *lpLogonScript, char * filename) {
 	return;
 
     dwLogonScriptLen = strlen(RUNDLL32_CMDLINE) + strlen(filename) + 2;
-    lpTemp = (LPSTR) malloc(dwLogonScriptLen); 
+    lpTemp = (LPSTR) malloc(dwLogonScriptLen);
     if (!lpTemp)
 	return;
 
@@ -208,10 +208,10 @@ DWORD APIENTRY NPLogonNotify(
 
     DebugEvent0("NPLogonNotify start");
 
-    /* Remote Desktop / Terminal Server connections to existing sessions 
+    /* Remote Desktop / Terminal Server connections to existing sessions
      * are interactive logons.  Unfortunately, because the session already
-     * exists the logon script does not get executed and this prevents 
-     * us from being able to execute the rundll32 entrypoint 
+     * exists the logon script does not get executed and this prevents
+     * us from being able to execute the rundll32 entrypoint
      * LogonEventHandlerA which would process the credential cache this
      * routine will produce.  Therefore, we must cleanup orphaned cache
      * files from this routine.  We will take care of it before doing
@@ -228,9 +228,9 @@ DWORD APIENTRY NPLogonNotify(
         DWORD rv;
 
         SetLastError(0);
-	rv = WideCharToMultiByte(CP_UTF8, 0, lpStationName, -1, 
+	rv = WideCharToMultiByte(CP_UTF8, 0, lpStationName, -1,
 			    station, sizeof(station), NULL, NULL);
-        DebugEvent("Skipping NPLogonNotify- LoginId(%d,%d) - Interactive(%d:%s) - gle %d", 
+        DebugEvent("Skipping NPLogonNotify- LoginId(%d,%d) - Interactive(%d:%s) - gle %d",
                     lpLogonId->HighPart, lpLogonId->LowPart, interactive, rv != 0 ? station : "failure", GetLastError());
         return 0;
     } else
@@ -238,15 +238,15 @@ DWORD APIENTRY NPLogonNotify(
 
     /* Initialize Logon Script to none */
     *lpLogonScript=NULL;
-    
+
     /* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for
      * our purposes */
 
-    if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") && 
+    if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") &&
          wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") )
     {
 	char msg[64];
-	WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, -1, 
+	WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, -1,
 			    msg, sizeof(msg), NULL, NULL);
 	msg[sizeof(msg)-1]='\0';
         DebugEvent("NPLogonNotify - Unsupported Authentication Info Type: %s", msg);
@@ -277,9 +277,9 @@ DWORD APIENTRY NPLogonNotify(
 
     code = KFW_get_cred(uname, password, 0, &reason);
     DebugEvent("NPLogonNotify - KFW_get_cred  uname=[%s] code=[%d]",uname, code);
-    
+
     /* remove any kerberos 5 tickets currently held by the SYSTEM account
-     * for this user 
+     * for this user
      */
     if (!code) {
 	char filename[MAX_PATH+1] = "";
@@ -301,7 +301,7 @@ DWORD APIENTRY NPLogonNotify(
         }
 
 	if (_snprintf(filename, sizeof(filename), "%s\\kfwlogon-%x.%x",
-		       filename, lpLogonId->HighPart, lpLogonId->LowPart) < 0) 
+		       filename, lpLogonId->HighPart, lpLogonId->LowPart) < 0)
 	{
 	    code = -1;
 	    goto cleanup;
@@ -328,7 +328,7 @@ DWORD APIENTRY NPLogonNotify(
 	    pReferencedDomainName = (LPTSTR) malloc (dwDomainLen * sizeof(TCHAR));
 	    memset(pReferencedDomainName,0,dwDomainLen * sizeof(TCHAR));
 	}
- 
+
 	//Now get the SID and the domain name
 	if (pUserSid && LookupAccountName( NULL,
 					   acctname,
@@ -336,14 +336,14 @@ DWORD APIENTRY NPLogonNotify(
 					   &dwSidLen,
 					   pReferencedDomainName,
 					   &dwDomainLen,
-					   &eUse)) 
+					   &eUse))
 	{
 	    DebugEvent("LookupAccountName obtained user %s sid in domain %s", acctname, pReferencedDomainName);
 	    code = KFW_set_ccache_dacl_with_user_sid(filename, pUserSid);
 
 #ifdef USE_WINLOGON_EVENT
-	    /* If we are on Vista, setup a LogonScript 
-	     * that will execute the LogonEventHandler entry point via rundll32.exe 
+	    /* If we are on Vista, setup a LogonScript
+	     * that will execute the LogonEventHandler entry point via rundll32.exe
 	     */
 	    if (is_windows_vista()) {
 		ConfigureLogonScript(lpLogonScript, filename);
@@ -356,7 +356,7 @@ DWORD APIENTRY NPLogonNotify(
 	    ConfigureLogonScript(lpLogonScript, filename);
 	    if (*lpLogonScript)
 		    DebugEvent0("LogonScript assigned");
-	    else	
+	    else
 		    DebugEvent0("No Logon Script");
 #endif
 	} else {
@@ -394,7 +394,7 @@ DWORD APIENTRY NPLogonNotify(
 	DebugEvent0("NPLogonNotify success");
 
     return code;
-}       
+}
 
 
 DWORD APIENTRY NPPasswordChangeNotify(
@@ -413,14 +413,14 @@ DWORD APIENTRY NPPasswordChangeNotify(
 #include <Winwlx.h>
 
 #ifdef COMMENT
-typedef struct _WLX_NOTIFICATION_INFO {  
-    ULONG Size;  
-    ULONG Flags;  
-    PWSTR UserName;  
-    PWSTR Domain;  
-    PWSTR WindowStation;  
-    HANDLE hToken;  
-    HDESK hDesktop;  
+typedef struct _WLX_NOTIFICATION_INFO {
+    ULONG Size;
+    ULONG Flags;
+    PWSTR UserName;
+    PWSTR Domain;
+    PWSTR WindowStation;
+    HANDLE hToken;
+    HDESK hDesktop;
     PFNMSGECALLBACK pStatusCallback;
 } WLX_NOTIFICATION_INFO, *PWLX_NOTIFICATION_INFO;
 #endif
@@ -511,9 +511,9 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
     }
 
     strcat(filename, "\\");
-    strcat(filename, szLogonId);    
+    strcat(filename, szLogonId);
 
-    hf = CreateFile(filename, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, 
+    hf = CreateFile(filename, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING,
 		    FILE_ATTRIBUTE_NORMAL, NULL);
     if (hf == INVALID_HANDLE_VALUE) {
         DebugEvent0("KFW_Logon_Event - file cannot be opened");
@@ -538,9 +538,9 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
     }
 
     strcat(newfilename, "\\");
-    strcat(newfilename, szLogonId);    
+    strcat(newfilename, szLogonId);
 
-    if (!MoveFileEx(filename, newfilename, 
+    if (!MoveFileEx(filename, newfilename,
 		     MOVEFILE_COPY_ALLOWED | MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) {
         DebugEvent("KFW_Logon_Event - MoveFileEx failed GLE = 0x%x", GetLastError());
 	return;
@@ -559,7 +559,7 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
                              NULL,
                              NULL,
                              &startupinfo,
-                             &procinfo)) 
+                             &procinfo))
     {
 	DebugEvent("KFW_Logon_Event - CommandLine %s", commandline);
 
@@ -578,8 +578,8 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
 }
 
 
-/* Documentation on the use of RunDll32 entrypoints can be found 
- * at http://support.microsoft.com/kb/164787 
+/* Documentation on the use of RunDll32 entrypoints can be found
+ * at http://support.microsoft.com/kb/164787
  */
 void CALLBACK
 LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
@@ -592,7 +592,7 @@ LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
     DebugEvent0("LogonEventHandler - Start");
 
     /* Validate lpszCmdLine as a file */
-    hf = CreateFile(lpszCmdLine, GENERIC_READ | DELETE, 0, NULL, OPEN_EXISTING, 
+    hf = CreateFile(lpszCmdLine, GENERIC_READ | DELETE, 0, NULL, OPEN_EXISTING,
 		    FILE_ATTRIBUTE_NORMAL, NULL);
     if (hf == INVALID_HANDLE_VALUE) {
         DebugEvent("LogonEventHandler - \"%s\" cannot be opened", lpszCmdLine);
@@ -614,7 +614,7 @@ LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
 		       NULL,
 		       NULL,
 		       &startupinfo,
-		       &procinfo)) 
+		       &procinfo))
     {
 	DebugEvent("KFW_Logon_Event - CommandLine %s", commandline);
 
@@ -623,7 +623,7 @@ LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
 	CloseHandle(procinfo.hThread);
 	CloseHandle(procinfo.hProcess);
     } else {
-	DebugEvent("KFW_Logon_Event - CreateProcessFailed \"%s\" GLE 0x%x", 
+	DebugEvent("KFW_Logon_Event - CreateProcessFailed \"%s\" GLE 0x%x",
                      commandline, GetLastError());
         DebugEvent("KFW_Logon_Event PATH %s", getenv("PATH"));
     }
diff --git a/src/windows/kfwlogon/kfwlogon.h b/src/windows/kfwlogon/kfwlogon.h
index 2f1a62b6e..141b9c36b 100644
--- a/src/windows/kfwlogon/kfwlogon.h
+++ b/src/windows/kfwlogon/kfwlogon.h
@@ -28,13 +28,13 @@ SOFTWARE.
 #pragma once
 
 /* _WIN32_WINNT must be 0x0501 or greater to pull in definition of
- * all required LSA data types when the Vista SDK NtSecAPI.h is used. 
+ * all required LSA data types when the Vista SDK NtSecAPI.h is used.
  */
 #ifndef _WIN32_WINNT
 #define _WIN32_WINNT 0x0501
 #else
 #if _WIN32_WINNT < 0x0501
-#undef _WIN32_WINNT 
+#undef _WIN32_WINNT
 #define _WIN32_WINNT 0x0501
 #endif
 #endif
diff --git a/src/windows/lib/cacheapi.h b/src/windows/lib/cacheapi.h
index 722eb7e54..42189ee69 100644
--- a/src/windows/lib/cacheapi.h
+++ b/src/windows/lib/cacheapi.h
@@ -3,34 +3,34 @@
  *
  * Copyright 1997 by the Regents of the University of Michigan
  *
- * This software is being provided to you, the LICENSEE, by the 
- * Regents of the University of Michigan (UM) under the following 
- * license.  By obtaining, using and/or copying this software, you agree 
- * that you have read, understood, and will comply with these terms and 
- * conditions:  
- * 
- * Permission to use, copy, modify and distribute this software and its 
- * documentation for any purpose and without fee or royalty is hereby 
- * granted, provided that you agree to comply with the following copyright 
- * notice and statements, including the disclaimer, and that the same 
- * appear on ALL copies of the software and documentation, including 
+ * This software is being provided to you, the LICENSEE, by the
+ * Regents of the University of Michigan (UM) under the following
+ * license.  By obtaining, using and/or copying this software, you agree
+ * that you have read, understood, and will comply with these terms and
+ * conditions:
+ *
+ * Permission to use, copy, modify and distribute this software and its
+ * documentation for any purpose and without fee or royalty is hereby
+ * granted, provided that you agree to comply with the following copyright
+ * notice and statements, including the disclaimer, and that the same
+ * appear on ALL copies of the software and documentation, including
  * modifications that you make for internal use or for distribution:
- * 
- * Copyright 1997 by the Regents of the University of Michigan.  
- * All rights reserved.  
- * 
- * THIS SOFTWARE IS PROVIDED "AS IS", AND UM MAKES NO REPRESENTATIONS 
- * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not 
- * limitation, UM MAKES NO REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY 
- * OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE LICENSED 
- * SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS, 
- * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.   
- * 
- * The name of the University of Michigan or UM may NOT be used in 
+ *
+ * Copyright 1997 by the Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * THIS SOFTWARE IS PROVIDED "AS IS", AND UM MAKES NO REPRESENTATIONS
+ * OR WARRANTIES, EXPRESS OR IMPLIED.  By way of example, but not
+ * limitation, UM MAKES NO REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY
+ * OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE LICENSED
+ * SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS,
+ * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+ *
+ * The name of the University of Michigan or UM may NOT be used in
  * advertising or publicity pertaining to distribution of the software.
- * Title to copyright in this software and any associated documentation 
+ * Title to copyright in this software and any associated documentation
  * shall at all times remain with UM, and USER agrees to preserve same.
- * 
+ *
  * The University of Michigan
  * c/o Steve Rothwell <sgr@umich.edu>
  * 535 W. William Street
@@ -39,7 +39,7 @@
  */
 
 /*
-**  CacheAPI.h 
+**  CacheAPI.h
 **
 **      The externally visible functions and data structures
 **      for the Kerberos Common Cache DLL
@@ -105,11 +105,11 @@ typedef struct opaque_ccache_pointer_type* ccache_p;
 typedef struct opaque_credential_iterator_type* ccache_cit;
 
 #if 0
-enum _cc_data_type { 
+enum _cc_data_type {
     type_ticket = 0,                /* 0 for ticket, second_ticket */
-    /* Ted's draft spec says these are to be 
+    /* Ted's draft spec says these are to be
        "as defined in the Kerberos V5 protocol"
-       all I can find are typdefs, 
+       all I can find are typdefs,
        can't find an enumerated type or #define
     */
     type_address,           /* =  <"as defined in the Kerberos V5 protocol"> */
@@ -122,7 +122,7 @@ enum _cc_data_type {
 typedef struct _cc_data
 {
     cc_uint32       type;		// should be one of _cc_data_type
-    cc_uint32       length; 
+    cc_uint32       length;
     unsigned char*  data;		// the proverbial bag-o-bits
 } cc_data;
 
@@ -219,7 +219,7 @@ extern "C" /* this entire list of functions */
 */
 CCACHE_API
 cc_initialize(
-    apiCB** cc_ctx,           // <  DLL's primary control structure. 
+    apiCB** cc_ctx,           // <  DLL's primary control structure.
                               //    returned here, passed everywhere else
     cc_int32 api_version,     // >  ver supported by caller (use CC_API_VER_1)
     cc_int32*  api_supported, // <  if ~NULL, max ver supported by DLL
@@ -240,7 +240,7 @@ cc_get_change_time(
 
 /*
 ** Named Cache (NC) routines
-**   create, open, close, destroy, get_principal, get_cred_version, & 
+**   create, open, close, destroy, get_principal, get_cred_version, &
 **   lock_request
 **
 ** Multiple NCs are allowed within the main cache.  Each has a Name
@@ -284,13 +284,13 @@ cc_destroy(
 
 CCACHE_API
 cc_seq_fetch_NCs_begin(
-    apiCB* cc_ctx, 
+    apiCB* cc_ctx,
     ccache_cit** itNCs
     );
 
 CCACHE_API
 cc_seq_fetch_NCs_end(
-    apiCB* cc_ctx, 
+    apiCB* cc_ctx,
     ccache_cit** itNCs
     );
 
@@ -305,7 +305,7 @@ CCACHE_API
 cc_seq_fetch_NCs(
     apiCB* cc_ctx,         // >  DLL's primary control structure
     ccache_p** ccache_ptr, // <  NC control structure (free via cc_close())
-    ccache_cit** itNCs     // <> iterator used by DLL, 
+    ccache_cit** itNCs     // <> iterator used by DLL,
                            //    set to NULL before first call
                            //    returned NULL at CC_END
     );
@@ -313,14 +313,14 @@ cc_seq_fetch_NCs(
 CCACHE_API
 cc_get_NC_info(
     apiCB* cc_ctx,          // >  DLL's primary control structure
-    struct _infoNC*** ppNCi // <  (NULL before call) null terminated, 
+    struct _infoNC*** ppNCi // <  (NULL before call) null terminated,
                             //    list of a structs (free via cc_free_infoNC())
     );
 
 CCACHE_API
 cc_free_NC_info(
     apiCB* cc_ctx,
-    struct _infoNC*** ppNCi // <  free list of structs returned by 
+    struct _infoNC*** ppNCi // <  free list of structs returned by
                             //    cc_get_cache_names().  set to NULL on return
     );
 
@@ -332,7 +332,7 @@ CCACHE_API
 cc_get_name(
     apiCB* cc_ctx,              // > DLL's primary control structure
     const ccache_p* ccache_ptr, // > NC control structure
-    char** name                 // < name of NC associated with ccache_ptr 
+    char** name                 // < name of NC associated with ccache_ptr
                                 //   (free via cc_free_name())
     );
 
@@ -343,8 +343,8 @@ cc_set_principal(
     const cc_int32 vers,
     const char* principal           // > name of principal associated with NC
                                     //   Free via cc_free_principal()
-    ); 	
-				  
+    );
+
 CCACHE_API
 cc_get_principal(
     apiCB* cc_ctx,                  // > DLL's primary control structure
@@ -369,14 +369,14 @@ CCACHE_API
 cc_lock_request(
     apiCB* cc_ctx,     	        // > DLL's primary control structure
     const ccache_p* ccache_ptr, // > NC control structure
-    const cc_int32 lock_type    // > one (or combination) of above defined 
+    const cc_int32 lock_type    // > one (or combination) of above defined
                                 //   lock types
     );
 
 
 /*
 ** Credentials routines (work within an NC)
-** store, remove_cred, seq_fetch_creds 
+** store, remove_cred, seq_fetch_creds
 */
 CCACHE_API
 cc_store(
@@ -397,33 +397,33 @@ cc_seq_fetch_creds(
     apiCB* cc_ctx,              // > DLL's primary control structure
     const ccache_p* ccache_ptr, // > NC control structure
     cred_union** creds,         // < filled in by DLL, free via cc_free_creds()
-    ccache_cit** itCreds        // <> iterator used by DLL, set to NULL 
+    ccache_cit** itCreds        // <> iterator used by DLL, set to NULL
                                 //    before first call -- Also NULL for final
                                 //    call if loop ends before CC_END
     );
 
 CCACHE_API
 cc_seq_fetch_creds_begin(
-    apiCB* cc_ctx, 
-    const ccache_p* ccache_ptr, 
+    apiCB* cc_ctx,
+    const ccache_p* ccache_ptr,
     ccache_cit** itCreds
     );
 
 CCACHE_API
 cc_seq_fetch_creds_end(
-    apiCB* cc_ctx, 
+    apiCB* cc_ctx,
     ccache_cit** itCreds
     );
 
 CCACHE_API
 cc_seq_fetch_creds_next(
-    apiCB* cc_ctx, 
-    cred_union** cred, 
+    apiCB* cc_ctx,
+    cred_union** cred,
     ccache_cit* itCreds
     );
 
 /*
-** methods of liberation, 
+** methods of liberation,
 ** or freeing space via the free that goes with the malloc used to get it
 ** It's important to use the free carried in the DLL, not the one supplied
 ** by your compiler vendor.
diff --git a/src/windows/lib/registry.c b/src/windows/lib/registry.c
index 7dfbb5bff..5b7ff1e82 100644
--- a/src/windows/lib/registry.c
+++ b/src/windows/lib/registry.c
@@ -84,7 +84,7 @@ registry_string_get(HKEY hkey, char *sub, char **val)
 		*val = NULL;
 		return -1;
 	}
-	
+
 	return 0;
 }
 
@@ -106,7 +106,7 @@ registry_dword_get(HKEY hkey, char *sub, DWORD *val)
 		*val = 0;
 		return -1;
 	}
-	
+
 	return 0;
 }
 
diff --git a/src/windows/lib/vardlg.c b/src/windows/lib/vardlg.c
index dae8cdbbc..3bec6e4e6 100644
--- a/src/windows/lib/vardlg.c
+++ b/src/windows/lib/vardlg.c
@@ -54,7 +54,7 @@ ADD_UNICODE_STRING(unsigned char *p, const char *s)
 	w = (WORD *)p;
 
 	len = strlen(s) + 1; /* copy the null, too */
-	
+
 	for (i = 0 ; i < len ; i++)
 		*w++ = *s++;
 
@@ -112,7 +112,7 @@ ADD_DLGITEM(unsigned char *dlg, short x, short y, short cx, short cy,
 {
 	unsigned char    *p;
 	DLGITEMTEMPLATE   dit;
-	
+
 	p = dlg;
 
 	dit.style = style;
@@ -429,7 +429,7 @@ vardlg_config(HWND hwnd, WORD width, const char *banner, WORD num_prompts,
  * button is IDCANCEL, as usual.
  *
  * After calling bld_dlg, the banner will have ID "id", and the labels
- * will be "1 + id + i * 2" (i is the entry number, starting with zero) and 
+ * will be "1 + id + i * 2" (i is the entry number, starting with zero) and
  * the entries will be "2 + id + i * 2".
  *
  *	unsigned char *dlg = vardlg_build(minwidth, banner, num_prompts,
diff --git a/src/windows/ms2mit/mit2ms.c b/src/windows/ms2mit/mit2ms.c
index 6f30d9f6d..ac36cba6d 100644
--- a/src/windows/ms2mit/mit2ms.c
+++ b/src/windows/ms2mit/mit2ms.c
@@ -36,7 +36,7 @@ extern char *optarg;
 
 static char *prog;
 
-static void 
+static void
 xusage(void)
 {
     fprintf(stderr, "xusage: %s [-c ccache]\n", prog);
@@ -79,7 +79,7 @@ main(
         com_err(argv[0], code, "while initializing kerberos library");
         exit(1);
     }
-  
+
     if (ccachestr)
         code = krb5_cc_resolve(kcontext, ccachestr, &ccache);
     else
@@ -99,7 +99,7 @@ main(
         exit(1);
     }
 
-    while (!(code = krb5_cc_next_cred(kcontext, ccache, &cursor, &creds))) 
+    while (!(code = krb5_cc_next_cred(kcontext, ccache, &cursor, &creds)))
     {
         if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
             krb5_free_cred_contents(kcontext, &creds);
diff --git a/src/windows/ms2mit/ms2mit.c b/src/windows/ms2mit/ms2mit.c
index 5999a1847..3d73d0adf 100644
--- a/src/windows/ms2mit/ms2mit.c
+++ b/src/windows/ms2mit/ms2mit.c
@@ -36,7 +36,7 @@ extern char *optarg;
 
 static char *prog;
 
-static void 
+static void
 xusage(void)
 {
     fprintf(stderr, "xusage: %s [-c ccache]\n", prog);
@@ -74,12 +74,12 @@ main(
             break;
         }
     }
-        
+
     if (code = krb5_init_context(&kcontext)) {
         com_err(argv[0], code, "while initializing kerberos library");
         exit(1);
     }
-  
+
     if (code = krb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) {
         com_err(argv[0], code, "while opening MS LSA ccache");
         krb5_free_context(kcontext);
@@ -101,7 +101,7 @@ main(
         exit(1);
     }
 
-    while (!(code = krb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds))) 
+    while (!(code = krb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds)))
     {
         if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
             krb5_free_cred_contents(kcontext, &creds);
diff --git a/src/windows/ntsecapitest.c b/src/windows/ntsecapitest.c
index 7fbbacbaa..459e5dbd7 100644
--- a/src/windows/ntsecapitest.c
+++ b/src/windows/ntsecapitest.c
@@ -4,8 +4,8 @@
 

 #include "ntsecapi.h"

 

-#ifdef TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS 

+#ifdef TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS

 VISTA_SDK_VERSION

 #else

 NT_SDK_VERSION

-#endif
\ No newline at end of file
+#endif

diff --git a/src/windows/winlevel.h b/src/windows/winlevel.h
index fc8f4c6d8..7f56b569b 100644
--- a/src/windows/winlevel.h
+++ b/src/windows/winlevel.h
@@ -25,9 +25,9 @@
  */
 
 /*
- * This is the slave file for Windows version stamping purposes. 
-/* This value should be an ever increasing number that is 
+ * This is the slave file for Windows version stamping purposes.
+/* This value should be an ever increasing number that is
  * updated for each alpha, beta, final release.   This will ensure
  * that file identifiers are unique
- */ 
+ */
 #define KRB5_BUILDLEVEL		0
diff --git a/src/windows/wintel/auth.c b/src/windows/wintel/auth.c
index 28f515b6c..433bce38c 100644
--- a/src/windows/wintel/auth.c
+++ b/src/windows/wintel/auth.c
@@ -99,10 +99,10 @@ Data(kstream ks, int type, void *d, int c)
 {
   unsigned char *p = str_data + 4;
   unsigned char *cd = (unsigned char *)d;
-  
+
   if (c == -1)
     c = strlen((char *)cd);
-  
+
   *p++ = AUTHTYPE_KERBEROS_V5;
   *p = AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL;
 #ifdef ENCRYPTION
@@ -144,16 +144,16 @@ static void
 auth_abort(kstream ks, char *errmsg, long r)
 {
   char buf[9];
-  
+
   wsprintf(buf, "%c%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION,
 	   TELQUAL_IS, AUTHTYPE_NULL,
 	   AUTHTYPE_NULL, IAC, SE);
   TelnetSend(ks, (LPSTR)buf, 8, 0);
-  
+
   if (errmsg != NULL) {
     strTmp[sizeof(strTmp) - 1] = '\0';
     strncpy(strTmp, errmsg, sizeof(strTmp) - 1);
-    
+
     if (r != KSUCCESS) {
       strncat(strTmp, "\n", sizeof(strTmp) - 1 - strlen(strTmp));
 #ifdef KRB4
@@ -163,7 +163,7 @@ auth_abort(kstream ks, char *errmsg, long r)
       lstrcat(strTmp, error_message(r));
 #endif
     }
-    
+
     MessageBox(HWND_DESKTOP, strTmp, "Kerberos authentication failed!",
 	       MB_OK | MB_ICONEXCLAMATION);
   }
@@ -234,7 +234,7 @@ auth_send(kstream ks, unsigned char *parsedat, int end_sub)
 #ifdef KRB4
   r = k4_auth_send(ks);
 #endif /* KRB4 */
-    
+
 #ifdef KRB5
   r = k5_auth_send(ks, auth_how);
 #endif /* KRB5 */
@@ -400,9 +400,9 @@ auth_decrypt(struct kstream_data_block *out,
 
 #ifdef KRB4
 /*
- * 
+ *
  * K4_auth_send - gets authentication bits we need to send to KDC.
- * 
+ *
  * Result is left in auth
  *
  * Returns: 0 on failure, 1 on success
@@ -482,7 +482,7 @@ k4_auth_reply(kstream ks, unsigned char *parsedat, int end_sub)
 
   if (end_sub < 4)
     return KFAILURE;
-		
+
   if (parsedat[2] != KERBEROS_V4)
     return KFAILURE;
 
@@ -552,7 +552,7 @@ k4_auth_reply(kstream ks, unsigned char *parsedat, int end_sub)
 
     return KSUCCESS;
   }
-	
+
   return KFAILURE;
 
 }
@@ -562,18 +562,18 @@ k4_auth_reply(kstream ks, unsigned char *parsedat, int end_sub)
 #ifdef KRB5
 
 /*
- * 
+ *
  * K5_auth_send - gets authentication bits we need to send to KDC.
- * 
+ *
  * Code lifted from telnet sample code in the appl directory.
- *  
+ *
  * Result is left in auth
  *
  * Returns: 0 on failure, 1 on success
- * 
+ *
  */
 
-static int 
+static int
 k5_auth_send(kstream ks, int how)
 {
   krb5_error_code r;
@@ -652,14 +652,14 @@ k5_auth_send(kstream ks, int how)
 
   r = krb5_mk_req_extended(k5_context, &auth_context, ap_opts,
 			   NULL, new_creds, &auth);
-  
+
 #ifdef ENCRYPTION
   krb5_auth_con_getlocalsubkey(k5_context, auth_context, &newkey);
   if (session_key) {
     krb5_free_keyblock(k5_context, session_key);
     session_key = 0;
   }
-  
+
   if (newkey) {
     /*
      * keep the key in our private storage, but don't use it
@@ -682,7 +682,7 @@ k5_auth_send(kstream ks, int how)
 
   krb5_free_cred_contents(k5_context, &creds);
   krb5_free_creds(k5_context, new_creds);
-  
+
   if (r) {
     com_err(NULL, r, "while authorizing.");
     return(0);
@@ -692,11 +692,11 @@ k5_auth_send(kstream ks, int how)
 }
 
 /*
- * 
+ *
  * K5_auth_reply -- checks the reply for mutual authentication.
  *
  * Code lifted from telnet sample code in the appl directory.
- * 
+ *
  */
 static int
 k5_auth_reply(kstream ks, int how, unsigned char *data, int cnt)
@@ -843,14 +843,14 @@ kerberos5_forward(kstream ks)
       com_err(NULL, r, "Kerberos V5: error getting forwarded creds");
       goto cleanup;
     }
-    
+
     /* Send forwarded credentials */
     if (!Data(ks, KRB_FORWARD, forw_creds.data, forw_creds.length)) {
       MessageBox(HWND_DESKTOP,
 		 "Not enough room for authentication data", "",
 		 MB_OK | MB_ICONEXCLAMATION);
     }
-    
+
 cleanup:
     if (client)
       krb5_free_principal(k5_context, client);
diff --git a/src/windows/wintel/edit.c b/src/windows/wintel/edit.c
index aa230cfc9..b27585034 100644
--- a/src/windows/wintel/edit.c
+++ b/src/windows/wintel/edit.c
@@ -28,11 +28,11 @@ void Edit_LbuttonDown(
   assert(pScr != NULL);
 
   hDC = GetDC(hWnd);
-  for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) {        
+  for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) {
     if (cInvertedArray[iTmp]) {
       PatBlt(hDC, iTmp % pScr->width * pScr->cxChar,
 	     (int) (iTmp / pScr->width) * pScr->cyChar,
-	     pScr->cxChar, pScr->cyChar, DSTINVERT);                
+	     pScr->cxChar, pScr->cyChar, DSTINVERT);
       cInvertedArray[iTmp] = 0;
     }
   }
@@ -82,7 +82,7 @@ void Edit_LbuttonUp(
   else {
     hMenu = GetMenu(hWnd);
     EnableMenuItem(hMenu, IDM_COPY, MF_ENABLED);
-  }    
+  }
 
 } /* Edit_LbuttonUp */
 
@@ -113,7 +113,7 @@ void Edit_MouseMove(HWND hWnd, LPARAM lParam){
     iYlocCurr = pScr->height - 1;
   iLocCurr = iXlocCurr + (iYlocCurr * pScr->width);
   if (iLocCurr > iLocStart) {
-    for (iTmp=0; iTmp < iLocStart; iTmp++) {        
+    for (iTmp=0; iTmp < iLocStart; iTmp++) {
       if (cInvertedArray[iTmp]) {
 	PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar,
 	       (int) (iTmp / pScr->width) * pScr->cyChar,
@@ -134,7 +134,7 @@ void Edit_MouseMove(HWND hWnd, LPARAM lParam){
 	  cInvertedArray[iTmp2 + (pScr->width * iY)] = pScrLine->text[iTmp2];
 	}
       }
-    }            
+    }
     else {
       pScrLine = GetScreenLineFromY(pScr, iY);
 
@@ -164,24 +164,24 @@ void Edit_MouseMove(HWND hWnd, LPARAM lParam){
 	    PatBlt(hDC, iTmp2 * pScr->cxChar, iY2 * pScr->cyChar,
 		   pScr->cxChar, pScr->cyChar, DSTINVERT);
 	    cInvertedArray[iTmp2 + (pScr->width * iY2)] = pScrLine->text[iTmp2];
-	  }    
-	}    
-      }                
+	  }
+	}
+      }
     }
 
-    for (iTmp = iLocCurr; iTmp < pScr->width * pScr->height; iTmp++) {        
+    for (iTmp = iLocCurr; iTmp < pScr->width * pScr->height; iTmp++) {
       if (cInvertedArray[iTmp]) {
 	PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, (int) (iTmp / pScr->width) * pScr->cyChar,
-	       pScr->cxChar, pScr->cyChar, DSTINVERT);                
+	       pScr->cxChar, pScr->cyChar, DSTINVERT);
 	cInvertedArray[iTmp] = 0;
       }
     }
   }
   else { /* going backwards */
-    for (iTmp = 0; iTmp < iLocCurr; iTmp++) {        
+    for (iTmp = 0; iTmp < iLocCurr; iTmp++) {
       if (cInvertedArray[iTmp]) {
 	PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, (int) (iTmp / pScr->width) * pScr->cyChar,
-	       pScr->cxChar, pScr->cyChar, DSTINVERT);                
+	       pScr->cxChar, pScr->cyChar, DSTINVERT);
 	cInvertedArray[iTmp] = 0;
       }
     }
@@ -198,7 +198,7 @@ void Edit_MouseMove(HWND hWnd, LPARAM lParam){
 	  cInvertedArray[iTmp2 + (pScr->width * iY)] = pScrLine->text[iTmp2];
 	}
       }
-    }            
+    }
     else {
       pScrLine = GetScreenLineFromY(pScr, iY);
       for (iTmp2 = iX; iTmp2 < pScr->width; iTmp2++) {
@@ -206,8 +206,8 @@ void Edit_MouseMove(HWND hWnd, LPARAM lParam){
 	  PatBlt(hDC, iTmp2 * pScr->cxChar, iY * pScr->cyChar,
 		 pScr->cxChar, pScr->cyChar, DSTINVERT);
 	  cInvertedArray[iTmp2 + (pScr->width * iY)] = pScrLine->text[iTmp2];
-	}    
-      }                
+	}
+      }
       for (iTmp = iY + 1; iTmp < iY2; iTmp++) {
 	pScrLine = GetScreenLineFromY(pScr, iTmp);
 	for (iTmp2 = 0; iTmp2 < pScr->width; iTmp2++) {
@@ -225,18 +225,18 @@ void Edit_MouseMove(HWND hWnd, LPARAM lParam){
 	    PatBlt(hDC, iTmp2 * pScr->cxChar, iY2 * pScr->cyChar,
 		   pScr->cxChar, pScr->cyChar, DSTINVERT);
 	    cInvertedArray[iTmp2 + (pScr->width * iY2)] = pScrLine->text[iTmp2];
-	  }    
-	}    
-      }                
-    }    
-    for (iTmp = iLocStart; iTmp < pScr->width * pScr->height; iTmp++) {        
+	  }
+	}
+      }
+    }
+    for (iTmp = iLocStart; iTmp < pScr->width * pScr->height; iTmp++) {
       if (cInvertedArray[iTmp]) {
 	PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, (int) (iTmp / pScr->width) * pScr->cyChar,
 	       pScr->cxChar, pScr->cyChar, DSTINVERT);
 	cInvertedArray[iTmp] = 0;
-      }    
+      }
     }
-  }            
+  }
   ReleaseDC(hWnd, hDC);
 } /* Edit_MouseMove */
 
@@ -259,7 +259,7 @@ void Edit_ClearSelection(
   }
   bSelection = FALSE;
   hMenu=GetMenu(pScr->hWnd);
-  EnableMenuItem(hMenu, IDM_COPY, MF_GRAYED);    
+  EnableMenuItem(hMenu, IDM_COPY, MF_GRAYED);
   ReleaseDC(pScr->hWnd, hDC);
 } /* Edit_ClearSelection */
 
@@ -311,7 +311,7 @@ void Edit_Paste(
   static HGLOBAL hMyClipBuffer;
   LPSTR lpClipMemory;
   LPSTR lpMyClipBuffer;
-  SCREEN *pScr;                              
+  SCREEN *pScr;
 
   if (hMyClipBuffer)
     GlobalFree(hMyClipBuffer);
@@ -329,9 +329,9 @@ void Edit_Paste(
   OutputDebugString(lpMyClipBuffer);
 #endif
   PostMessage(pScr->hwndTel, WM_MYSCREENBLOCK, (WPARAM) hMyClipBuffer, (LPARAM) pScr);
-  CloseClipboard();                    
+  CloseClipboard();
   GlobalUnlock(hClipMemory);
-  GlobalUnlock(hMyClipBuffer);    
+  GlobalUnlock(hMyClipBuffer);
 
 } /* Edit_Paste */
 
@@ -352,7 +352,7 @@ void Edit_LbuttonDblclk(
   assert(pScr != NULL);
 
   hDC = GetDC(hWnd);
-  for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) {        
+  for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) {
     if (cInvertedArray[iTmp]) {
       PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar,
 	     (int) (iTmp / pScr->width) * pScr->cyChar,
@@ -411,13 +411,13 @@ void Edit_TripleClick(
   assert(pScr != NULL);
 
   hDC = GetDC(hWnd);
-  for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) {        
+  for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) {
     if (cInvertedArray[iTmp]) {
       PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar,
 	     (int) (iTmp / pScr->width) * pScr->cyChar,
 	     pScr->cxChar, pScr->cyChar, DSTINVERT);
       cInvertedArray[iTmp] = 0;
-    }    
+    }
   }
   bSelection = FALSE;
   iYloc = (int) HIWORD(lParam) / pScr->cyChar;
diff --git a/src/windows/wintel/emul.c b/src/windows/wintel/emul.c
index 18547ab80..2a7ef4cd0 100644
--- a/src/windows/wintel/emul.c
+++ b/src/windows/wintel/emul.c
@@ -13,12 +13,12 @@ ScreenEmChars(SCREEN *pScr, char *c, int len)
    *   control chracters or cause wrapping to another line.  When a control
    *   character is encountered or wrapping occurs, display stops and a
    *   count of the number of characters is returned.
-   * 
+   *
    * Parameters:
    *   pScr - the screen to place the characters on.
    *   c - the string of characters to place on the screen.
    *   len - the number of characters contained in the string
-   * 
+   *
    * Returns: The number of characters actually placed on the screen.
    */
 
@@ -31,10 +31,10 @@ ScreenEmChars(SCREEN *pScr, char *c, int len)
   char *current; 	/* place to put characters */
   char *start;
   SCREENLINE *pScrLine;
-  
+
   if (len <= 0)
     return(0);
-  
+
   if (pScr->x != pScr->width - 1)
     pScr->bWrapPending = FALSE;
   else {
@@ -44,24 +44,24 @@ ScreenEmChars(SCREEN *pScr, char *c, int len)
       ScreenIndex(pScr);
     }
   }
-  
+
   pScrLine = GetScreenLineFromY(pScr, pScr->y);
   if (pScrLine == NULL)
     return(0);
-  
+
   current = &pScrLine->text[pScr->x];
   acurrent = &pScrLine->attrib[pScr->x];
   start = current;
   ocount = pScr->x;
   extra = 0;
-  
+
   attrib = pScr->attrib;
   insert = pScr->IRM;
-  
+
   for (nchars = 0; nchars < len && *c >= 32; nchars++) {
     if (insert)
       ScreenInsChar(pScr, 1);
-    
+
     *current = *c;
     *acurrent = (char) attrib;
     c++;
@@ -79,10 +79,10 @@ ScreenEmChars(SCREEN *pScr, char *c, int len)
       }
     }
   }
-  
+
   ScreenDraw(pScr, ocount, pScr->y, pScr->attrib,
 	     pScr->x - ocount + extra, start);
-  
+
   return(nchars);
 }
 
@@ -96,16 +96,16 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
   char stat[20];
   int i;
   int nchars;
-  
+
   if (pScr->screen_bottom != pScr->buffer_bottom) {
     ScreenUnscroll(pScr);
     InvalidateRect(pScr->hWnd, NULL, TRUE);
     SetScrollPos(pScr->hWnd, SB_VERT, pScr->numlines, TRUE);
   }
-  
+
   ScreenCursorOff(pScr);
   escflg = pScr->escflg;
-  
+
 #ifdef UM
   if (pScr->localprint && len > 0) {	/* see if printer needs anything */
     pcount = send_localprint(c, len);
@@ -113,7 +113,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
     c += pcount;
   }
 #endif
-  
+
   while (len > 0) {
     /*
      * look at first character in the vt100 string, if it is a
@@ -121,43 +121,43 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
      */
     while((*c < 32) && (escflg == 0) && (len > 0)) {
       switch(*c) {
-	
+
       case 0x1b:		/* ESC found (begin vt100 control sequence) */
 	escflg++;
 	break;
-	
+
       case -1:			/* IAC from telnet session */
 	escflg = 6;
 	break;
-	
+
 #ifdef CISB
       case 0x05:		/* CTRL-E found (answerback) */
 	bp_ENQ();
 	break;
 #endif
-	
+
       case 0x07:		/* CTRL-G found (bell) */
 	ScreenBell(pScr);
 	break;
-	
+
       case 0x08:		/* CTRL-H found (backspace) */
 	ScreenBackspace(pScr);
 	break;
-	
+
       case 0x09:		/* CTRL-I found (tab) */
 	ScreenTab(pScr);	/* Later change for versatile tabbing */
 	break;
-	
+
       case 0x0a:		/* CTRL-J found (line feed) */
       case 0x0b:		/* CTRL-K found (treat as line feed) */
       case 0x0c:		/* CTRL-L found (treat as line feed) */
 	ScreenIndex(pScr);
 	break;
-	
+
       case 0x0d:		/* CTRL-M found (carriage feed) */
 	ScreenCarriageFeed(pScr);
 	break;
-	
+
 #if 0
       case 0x0e:      	/* CTRL-N found (invoke Graphics (G1) character set) */
 	if (pScr->G1)
@@ -166,7 +166,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	  pScr->attrib = VSnotgraph(pScr->attrib);
 	pScr->charset = 1;
 	break;
-	
+
       case 0x0f:	/* CTRL-O found (invoke 'normal' (G0) character set) */
 	if(pScr->G0)
 	  pScr->attrib = VSgraph(pScr->attrib);
@@ -175,14 +175,14 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	pScr->charset = 0;
 	break;
 #endif
-	
+
 #ifdef CISB
       case 0x10:      		/* CTRL-P found (undocumented in vt100) */
 	bp_DLE(c, len);
 	len = 0;
 	break;
 #endif
-	
+
 #if 0
       case 0x11:      		/* CTRL-Q found (XON) (unused presently) */
       case 0x13:      		/* CTRL-S found (XOFF) (unused presently) */
@@ -191,24 +191,24 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	break;
 #endif
       }
-      
+
       c++;		/* advance to the next character in the string */
       len--;		/* decrement the counter */
     }
-    
+
     if (escflg == 0) {	/* check for normal character to print */
       nchars = ScreenEmChars(pScr, c, len);
       c += nchars;
       len -= nchars;
     }
-    
+
     while ((len > 0) && (escflg == 1)) {	/* ESC character was found */
       switch(*c) {
-	
+
       case 0x08:      			/* CTRL-H found (backspace) */
 	ScreenBackspace(pScr);
 	break;
-	
+
 	/*
 	 * mostly cursor movement options, and DEC private stuff following
 	 */
@@ -216,77 +216,77 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	ScreenApClear(pScr);
 	escflg = 2;
 	break;
-	
+
       case '#':               	/* various screen adjustments */
 	escflg = 3;
 	break;
-	
+
       case '(':               	/* G0 character set options */
 	escflg = 4;
 	break;
-	
+
       case ')':               	/* G1 character set options */
 	escflg = 5;
 	break;
-	
+
       case '>':               	/* keypad numeric mode (DECKPAM) */
 	pScr->DECPAM = 0;
 	escflg = 0;
 	break;
-	
+
       case '=':               	/* keypad application mode (DECKPAM) */
 	pScr->DECPAM = 1;
 	escflg = 0;
 	break;
-	
+
       case '7':               	/* save cursor (DECSC) */
 	ScreenSaveCursor(pScr);
 	escflg = 0;
 	break;
-	
+
       case '8':               	/* restore cursor (DECRC) */
 	ScreenRestoreCursor(pScr);
 	escflg = 0;
 	break;
-	
+
 #if 0
       case 'c':				/* reset to initial state (RIS) */
 	ScreenReset(pScr);
 	escflg = 0;
 	break;
 #endif
-	
+
       case 'D':				/* index (move down one line) (IND) */
 	ScreenIndex(pScr);
 	escflg = 0;
 	break;
-	
+
       case 'E':	/* next line (move down one line and to first column) (NEL) */
 	pScr->x = 0;
 	ScreenIndex(pScr);
 	escflg = 0;
 	break;
-	
+
       case 'H':				/* horizontal tab set (HTS) */
 	pScr->tabs[pScr->x] = 'x';
 	escflg = 0;
 	break;
-	
+
 #ifdef CISB
       case 'I':				/* undoumented in vt100 */
 	bp_ESC_I();
 	break;
 #endif
-	
+
       case 'M':					/* reverse index (move up one line) (RI) */
 	ScreenRevIndex(pScr);
 	escflg = 0;
 	break;
-	
+
       case 'Z':					/* identify terminal (DECID) */
 	escflg = 0;
 	break;
-	
+
       default:
 	/* put the ESC character into the Screen */
 	ScreenEmChars(pScr, "\033", 1);
@@ -294,20 +294,20 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	ScreenEmChars(pScr, c, 1);
 	escflg = 0;
 	break;
-	
+
       } /* end switch */
-      
+
       c++;
       len--;
     }
-    
-    while((escflg == 2) && (len > 0)) {     /* '[' handling */            
+
+    while((escflg == 2) && (len > 0)) {     /* '[' handling */
       switch(*c) {
-	
+
       case 0x08:			/* backspace */
 	ScreenBackspace(pScr);
 	break;
-	
+
       case '0':
       case '1':
       case '2':
@@ -323,15 +323,15 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	pScr->parms[pScr->parmptr] *= 10;
 	pScr->parms[pScr->parmptr] += *c - '0';
 	break;
-	
+
       case '?':					/* vt100 mode change */
 	pScr->parms[pScr->parmptr++] = -2;
 	break;
-	
+
       case ';':					/* parameter divider */
 	pScr->parmptr++;
 	break;
-	
+
       case 'A':					/* cursor up (CUU) */
 	pScr->bWrapPending = FALSE;
 	rc.left = pScr->x * pScr->cxChar;
@@ -349,7 +349,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	escflg = 0;
 	SendMessage(pScr->hWnd, WM_PAINT, 0, 0);
 	break;
-	
+
       case 'B':					/* cursor down (CUD) */
 	pScr->bWrapPending = FALSE;
 	rc.left = pScr->x * pScr->cxChar;
@@ -367,7 +367,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	escflg = 0;
 	SendMessage(pScr->hWnd, WM_PAINT, 0, 0);
 	break;
-	
+
       case 'C':		/* cursor forward (right) (CUF) */
 	pScr->bWrapPending = FALSE;
 	rc.left = pScr->x * pScr->cxChar;
@@ -385,7 +385,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	escflg = 0;
 	SendMessage(pScr->hWnd, WM_PAINT, 0, 0);
 	break;
-	
+
       case 'D':		/* cursor backward (left) (CUB) */
 	pScr->bWrapPending = FALSE;
 	rc.left = pScr->x * pScr->cxChar;
@@ -401,7 +401,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	escflg = 0;
 	SendMessage(pScr->hWnd, WM_PAINT, 0, 0);
 	break;
-	
+
       case 'f':			/* horizontal & vertical position (HVP) */
       case 'H':			/* cursor position (CUP) */
 	pScr->bWrapPending = FALSE;
@@ -416,10 +416,10 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	escflg = 0;
 	SendMessage(pScr->hWnd, WM_PAINT, 0, 0);
 	break;
-	
+
       case 'J':					/* erase in display (ED) */
 	switch(pScr->parms[0]) {
-	  
+
 	case -1:
 	case 0:		/* erase from active position to end of screen */
 	  ScreenEraseToEndOfScreen(pScr);
@@ -429,73 +429,73 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	  ScreenEraseToPosition(pScr);
 #endif
 	  break;
-	  
+
 	case 2:					/* erase whole screen */
 	  ScreenEraseScreen(pScr);
 	  break;
-	  
+
 	default:
 	  break;
 	}
-	
+
 	escflg = 0;
 	break;
-	
+
       case 'K':					/* erase in line (EL) */
 	switch(pScr->parms[0]) {
 	case -1:
 	case 0:					/* erase to end of line */
 	  ScreenEraseToEOL(pScr);
 	  break;
-	  
+
 	case 1:				/* erase to beginning of line */
 	  ScreenEraseToBOL(pScr);
 	  break;
-	  
+
 	case 2:					/* erase whole line */
 	  ScreenEraseLine(pScr, -1);
 	  break;
-	  
+
 	default:
 	  break;
 	}
-	
+
 	escflg = 0;
 	break;
-	
+
       case 'L':		/* insert n lines preceding current line (IL) */
 	if (pScr->parms[0] < 1)
 	  pScr->parms[0] = 1;
 	ScreenInsLines(pScr, pScr->parms[0], -1);
 	escflg = 0;
 	break;
-	
+
       case 'M':	/* delete n lines from current position downward (DL) */
 	if (pScr->parms[0] < 1)
 	  pScr->parms[0] = 1;
 	ScreenDelLines(pScr, pScr->parms[0], -1);
 	escflg = 0;
 	break;
-	
+
       case 'P':		/* delete n chars from cursor to the left (DCH) */
 	if (pScr->parms[0] < 1)
 	  pScr->parms[0] = 1;
 	ScreenDelChars(pScr, pScr->parms[0]);
 	escflg = 0;
 	break;
-	
+
 #if 0
       case 'R':		/* receive cursor position status from host */
 	break;
 #endif
-	
+
 #if 0
       case 'c':				/* device attributes (DA) */
 	ScreenSendIdent();
 	escflg = 0;
 	break;
 #endif
-	
+
       case 'g':               	/* tabulation clear (TBC) */
 	if (pScr->parms[0] == 3)/* clear all tabs */
 	  ScreenTabClear(pScr);
@@ -504,12 +504,12 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	    pScr->tabs[pScr->x] = ' ';
 	escflg = 0;
 	break;
-	
+
       case 'h':               	/* set mode (SM) */
 	ScreenSetOption(pScr,1);
 	escflg = 0;
 	break;
-	
+
       case 'i':               	/* toggle printer */
 #if 0
 	if(pScr->parms[pScr->parmptr] == 5)
@@ -519,16 +519,16 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 #endif
 	escflg = 0;
 	break;
-	
+
       case 'l':					/* reset mode (RM) */
 	ScreenSetOption(pScr,0);
 	escflg = 0;
 	break;
-	
+
       case 'm':				/* select graphics rendition (SGR) */
 	{
 	  int temp = 0;
-	  
+
 	  while (temp <= pScr->parmptr) {
 	    if (pScr->parms[temp] < 1)
 	      pScr->attrib &= 128;
@@ -539,7 +539,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	}
       escflg = 0;
       break;
-      
+
       case 'n':               	/* device status report (DSR) */
 	switch (pScr->parms[0]) {
 #if 0
@@ -556,11 +556,11 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	} /* end switch */
 	escflg = 0;
 	break;
-	
+
       case 'q':			/* load LEDs (unsupported) (DECLL) */
 	escflg = 0;
 	break;
-	
+
       case 'r':			/* set top & bottom margins (DECSTBM) */
 	if (pScr->parms[0] < 0)
 	  pScr->top = 0;
@@ -596,23 +596,23 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 #endif
 	escflg = 0;
 	break;
-	
-#if 0 
+
+#if 0
       case 'x':	/* request/report terminal parameters
 		   (DECREQTPARM/DECREPTPARM) */
       case 'y':				/* invoke confidence test (DECTST) */
 	break;
 #endif
-	
+
       default:
 	escflg = 0;
 	break;
-	
+
       }
-      
+
       c++;
       len--;
-      
+
 #if 0
       if (pScr->localprint && (len > 0)) {  /* see if printer needs anything */
 	pcount = send_localprint(c, len);
@@ -621,13 +621,13 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
       }
 #endif
     }
-    
+
     while ((escflg == 3) && (len > 0)) { /* #  Handling */
       switch (*c) {
       case 0x08:      			/* backspace */
 	ScreenBackspace(pScr);
 	break;
-	
+
 #if 0
       case '3':			/* top half of double line (DECDHL) */
       case '4':			/* bottom half of double line (DECDHL) */
@@ -635,29 +635,29 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
       case '6':			/* double width line (DECDWL) */
 	break;
 #endif
-	
+
       case '8':               	/* screen alignment display (DECALN) */
 	ScreenAlign(pScr);
 	escflg = 0;
 	break;
-	
+
       default:
 	escflg = 0;
 	break;
-	
+
       }
-      
+
       c++;
       len--;
     }
-    
+
     while ((escflg == 4) && (len > 0)) { /* ( Handling (GO character set) */
       switch (*c) {
-	
+
       case 0x08:      			/* backspace */
 	ScreenBackspace(pScr);
 	break;
-	
+
 #if 0
       case 'A':               /* united kingdom character set (unsupported) */
       case 'B':               /* ASCII character set */
@@ -667,7 +667,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	  pScr->attrib = ScreenNotGraph(pScr->attrib);
 	escflg = 0;
 	break;
-	
+
       case '0':               /* choose special graphics set */
       case '2':               /* alternate character set (special graphics) */
 	pScr->G0 = 1;
@@ -676,24 +676,24 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	escflg = 0;
 	break;
 #endif
-	
+
       default:
 	escflg = 0;
 	break;
       }
-      
+
       c++;
       len--;
-      
+
     } /* end while */
-    
+
     while((escflg == 5) && (len > 0)) { /* ) Handling (G1 handling) */
       switch (*c) {
-	
+
       case 0x08:					/* backspace */
 	ScreenBackspace(pScr);
 	break;
-	
+
 #if 0
       case 'A':               /* united kingdom character set (unsupported) */
       case 'B':               /* ASCII character set */
@@ -703,7 +703,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	  pScr->attrib = ScreenNotGraph(pScr->attrib);
 	escflg = 0;
 	break;
-	
+
       case '0':               /* choose special graphics set */
       case '2':               /* alternate character set (special graphics) */
 	pScr->G1 = 1;
@@ -712,20 +712,20 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	escflg = 0;
 	break;
 #endif
-	
+
       default:
 	escflg = 0;
 	break;
       } /* end switch */
-      
+
       c++;
       len--;
     } /* end while */
-    
+
     while ((escflg >= 6) && (escflg <= 10) && (len > 0)) { /* Handling IAC */
       ic = (unsigned char) *c;
       switch (escflg) {
-	
+
       case 6:				/* Handling IAC xx */
 	if (ic == 255) 			/* if IAC */
 	  escflg = 0;
@@ -734,19 +734,19 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
 	else
 	  escflg = 9;
 	break;
-	
+
       case 7:				/* Handling IAC SB xx */
 	if (ic == 255)			/* if IAC */
 	  escflg = 8;
 	break;
-	
+
       case 8:				/* Handling IAC SB IAC xx */
 	if (ic == 255)			/* if IAC IAC */
 	  escflg = 7;
 	else if (ic == 240)		/* if IAC SE */
 	  escflg = 0;
 	break;
-	
+
       case 9:						/* IAC xx xx */
 	escflg = 0;
 	break;
@@ -754,7 +754,7 @@ ScreenEm(LPSTR c, int len, SCREEN *pScr)
       c++;		/* advance to the next character in the string */
       len--;		/* decrement the counter */
     }
-    
+
     if (escflg > 2 && escflg < 6 && len > 0) {
       escflg = 0;
       c++;
diff --git a/src/windows/wintel/enc_des.c b/src/windows/wintel/enc_des.c
index 7bf72f488..33472ecd6 100644
--- a/src/windows/wintel/enc_des.c
+++ b/src/windows/wintel/enc_des.c
@@ -582,7 +582,7 @@ fb64_stream_key(key, stp)
  *  INPUT --(--------->(+)+---> DATA
  *          |             |
  *	    +-------------+
- *         
+ *
  *
  * Given:
  *	iV: Initial vector, 64 bits (8 bytes) long.
@@ -643,7 +643,7 @@ cfb64_decrypt(data)
 		des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
 		memcpy((void *)stp->str_feed, (void *)b, sizeof(Block));
 		stp->str_index = 1;	/* Next time will be 1 */
-		index = 0;		/* But now use 0 */ 
+		index = 0;		/* But now use 0 */
 	}
 
 	/* On decryption we store (data) which is cypher. */
@@ -716,7 +716,7 @@ ofb64_decrypt(data)
 		des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
 		memcpy((void *)stp->str_feed, (void *)b, sizeof(Block));
 		stp->str_index = 1;	/* Next time will be 1 */
-		index = 0;		/* But now use 0 */ 
+		index = 0;		/* But now use 0 */
 	}
 
 	return(data ^ stp->str_feed[index]);
diff --git a/src/windows/wintel/encrypt.c b/src/windows/wintel/encrypt.c
index 6d97ccd5d..a26674d4c 100644
--- a/src/windows/wintel/encrypt.c
+++ b/src/windows/wintel/encrypt.c
@@ -110,20 +110,20 @@ kstream EncryptKSGlobalHack = NULL;
 
 static long i_support_encrypt =
 	typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64);
-static long i_support_decrypt = 
+static long i_support_decrypt =
 	typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64);
 static long i_wont_support_encrypt = 0;
 static long i_wont_support_decrypt = 0;
 #define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
 #define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)
-     
+
 static long remote_supports_encrypt = 0;
 static long remote_supports_decrypt = 0;
 
 static Encryptions encryptions[] = {
   { "DES_CFB64",
     ENCTYPE_DES_CFB64,
-    cfb64_encrypt,	
+    cfb64_encrypt,
     cfb64_decrypt,
     cfb64_init,
     cfb64_start,
@@ -134,7 +134,7 @@ static Encryptions encryptions[] = {
     NULL },
   { "DES_OFB64",
     ENCTYPE_DES_OFB64,
-    ofb64_encrypt,	
+    ofb64_encrypt,
     ofb64_decrypt,
     ofb64_init,
     ofb64_start,
@@ -311,7 +311,7 @@ Encryptions *
 finddecryption(int type)
 {
   Encryptions *ep = encryptions;
-  
+
   if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
     return(0);
   while (ep->type && ep->type != type)
@@ -336,18 +336,18 @@ void
 encrypt_init(kstream iks, kstream_ptr data)
 {
   Encryptions *ep = encryptions;
-  
+
   i_support_encrypt = i_support_decrypt = 0;
   remote_supports_encrypt = remote_supports_decrypt = 0;
   encrypt_mode = 0;
   decrypt_mode = 0;
   encrypt_output = NULL;
   decrypt_input = NULL;
-  
+
   str_suplen = 4;
 
   EncryptKSGlobalHack = iks;
-  
+
   while (ep->type) {
 #ifdef DEBUG
 	  if (encrypt_debug_mode) {
@@ -671,7 +671,7 @@ encrypt_request_end()
  * Called when ENCRYPT REQUEST-START is received.  If we receive
  * this before a type is picked, then that indicates that the
  * other side wants us to start encrypting data as soon as we
- * can. 
+ * can.
  */
 void
 encrypt_request_start(data, cnt)
@@ -688,7 +688,7 @@ static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
 
 void
 encrypt_keyid();
-		
+
 void
 encrypt_enc_keyid(keyid, len)
      unsigned char *keyid;
diff --git a/src/windows/wintel/font.c b/src/windows/wintel/font.c
index d2858cd10..9224c41f7 100644
--- a/src/windows/wintel/font.c
+++ b/src/windows/wintel/font.c
@@ -16,7 +16,7 @@ void ProcessFontChange(
   TEXTMETRIC tm;
   char buf[16];
   char szStyle[LF_FACESIZE];
-		
+
   pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE);
   assert(pScr != NULL);
 
@@ -32,7 +32,7 @@ void ProcessFontChange(
   cf.Flags |= CF_FORCEFONTEXIST;
   cf.Flags |= CF_FIXEDPITCHONLY;
   cf.Flags |= CF_NOSIMULATIONS;
- 
+
   if (ChooseFont(&cf)) {
     if (pScr->hSelectedFont)
       DeleteObject(pScr->hSelectedFont);
@@ -47,7 +47,7 @@ void ProcessFontChange(
     pScr->cxChar = tm.tmAveCharWidth;
     pScr->cyChar = tm.tmHeight + tm.tmExternalLeading;
     ReleaseDC(hWnd, hDC);
-    SetWindowPos(hWnd, NULL, 0, 0, pScr->cxChar * pScr->width + 
+    SetWindowPos(hWnd, NULL, 0, 0, pScr->cxChar * pScr->width +
 		 FRAME_WIDTH, pScr->cyChar * pScr->height +
 		 FRAME_HEIGHT, SWP_NOMOVE | SWP_NOZORDER);
 
@@ -78,13 +78,13 @@ void InitializeStruct(
 			   HWND hWnd)
 {
   LPCHOOSEFONT lpFontChunk;
-   
+
   if (wCommDlgType == IDC_FONT) {
     lpFontChunk = (LPCHOOSEFONT) lpStruct;
 
     lpFontChunk->lStructSize = sizeof(CHOOSEFONT);
     lpFontChunk->hwndOwner = hWnd;
-    lpFontChunk->Flags = CF_SCREENFONTS | CF_FIXEDPITCHONLY 
+    lpFontChunk->Flags = CF_SCREENFONTS | CF_FIXEDPITCHONLY
       | CF_INITTOLOGFONTSTRUCT | CF_APPLY;
     lpFontChunk->rgbColors = RGB(0, 0, 255);
     lpFontChunk->lCustData = 0L;
diff --git a/src/windows/wintel/intern.c b/src/windows/wintel/intern.c
index 0cdd5537d..8ff860556 100644
--- a/src/windows/wintel/intern.c
+++ b/src/windows/wintel/intern.c
@@ -84,16 +84,16 @@ ScreenELO(SCREEN *pScr, int s)
 {
   SCREENLINE *pScrLine;
   RECT rc;
-			
-  if (s < 0) 
+
+  if (s < 0)
     s = pScr->y;
-	
+
   pScrLine = GetScreenLineFromY(pScr,s);
   memset(pScrLine->attrib, ScreenClearAttrib, pScr->width);
   memset(pScrLine->text, ' ', pScr->width);
   rc.left = 0;
   rc.right = pScr->width * pScr->cxChar;
-  rc.top = pScr->cyChar * s;    
+  rc.top = pScr->cyChar * s;
   rc.bottom = pScr->cyChar * (s+1);
   InvalidateRect(pScr->hWnd, &rc, TRUE);
 }
@@ -107,7 +107,7 @@ ScreenEraseScreen(SCREEN *pScr)
   int x2 = pScr->width;
   int y2 = pScr->height;
   int n = -1;
-			
+
   for(i = 0; i < pScr->height; i++)
     ScreenELO(pScr,i);
 
@@ -135,7 +135,7 @@ ScreenTabInit(SCREEN *pScr)
 
   ScreenTabClear(pScr);
 
-  while(x <= pScr->width) { 
+  while(x <= pScr->width) {
     pScr->tabs[x] = 'x';
     x += 8;
   }
@@ -185,10 +185,10 @@ ScreenListMove(SCREENLINE *TD, SCREENLINE *BD, SCREENLINE *TI, SCREENLINE *BI)
   TD->prev = TI;                    /* Place the node in its new home */
   BD->next = BI;
 
-  if (TI != NULL) 
+  if (TI != NULL)
     TI->next = TD;                /* Ditto prev->prev */
 
-  if (BI != NULL) 
+  if (BI != NULL)
     BI->prev = BD;
 }
 
@@ -204,10 +204,10 @@ ScreenDelLines(SCREEN *pScr, int n, int s)
   int idx;
   RECT rc;
   HDC hDC;
-	
+
   pScr->bWrapPending = FALSE;
 
-  if (s < 0) 
+  if (s < 0)
     s = pScr->y;
 
   if (s + n - 1 > pScr->bottom)
@@ -289,13 +289,13 @@ ScreenInsLines(SCREEN *pScr, int n, int s)
   int idx;
   RECT rc;
   HDC hDC;
- 
+
   pScr->bWrapPending = FALSE;
 
   if (s < 0)
     s = pScr->y;
 
-  if (s + n - 1 > pScr->bottom) 
+  if (s + n - 1 > pScr->bottom)
     n = pScr->bottom - s + 1;
 
   /*
@@ -400,7 +400,7 @@ ScreenEraseToEOL(SCREEN *pScr)
   int n = -1;
   SCREENLINE *pScrLine;
   RECT rc;
-		
+
   ScreenWrapNow(pScr, &x1, &y1);
 
   y2 = y1;
@@ -428,7 +428,7 @@ ScreenDelChars(SCREEN *pScr, int n)
   int width;
   SCREENLINE *pScrLine;
   RECT rc;
-	
+
   pScr->bWrapPending = FALSE;
 
   pScrLine = GetScreenLineFromY(pScr, y);
@@ -442,7 +442,7 @@ ScreenDelChars(SCREEN *pScr, int n)
 
   memset(&pScrLine->attrib[pScr->width - n], ScreenClearAttrib, n);
   memset(&pScrLine->text[pScr->width - n], ' ', n);
-	
+
   rc.left = x * pScr->cxChar;
   rc.right = pScr->width * pScr->cxChar;
   rc.top = pScr->cyChar * y;
@@ -459,12 +459,12 @@ ScreenRevIndex(SCREEN *pScr)
 {
   SCREENLINE *pScrLine;
   SCREENLINE *pTopLine;
-	
+
   pScr->bWrapPending = FALSE;
   pScrLine = GetScreenLineFromY(pScr, pScr->y);
   pTopLine = GetScreenLineFromY(pScr, pScr->top);
 
-  if(pScrLine == pTopLine) 
+  if(pScrLine == pTopLine)
     ScreenInsertLine(pScr, pScr->y);
   else
     pScr->y--;
@@ -500,7 +500,7 @@ ScreenEraseLine(SCREEN *pScr, int s)
   int n = -1;
   SCREENLINE *pScrLine;
   RECT rc;
-	
+
   if (s < 0) {
     ScreenWrapNow(pScr, &x1, &y1);
     s = y2 = y1;
@@ -566,7 +566,7 @@ ScreenAlign(SCREEN *pScr)  /* vt100 alignment, fill screen with 'E's */
   int i;
   int j;
   SCREENLINE *pScrLine;
-	
+
   pScrLine = GetScreenLineFromY(pScr, pScr->top);
   ScreenEraseScreen(pScr);
 
@@ -685,7 +685,7 @@ ScreenInsChar(SCREEN *pScr, int x)
   int i;
   SCREENLINE *pScrLine;
   RECT rc;
-		
+
   pScrLine = GetScreenLineFromY(pScr, pScr->y);
   if (pScrLine == NULL)
     return(FALSE);
@@ -732,9 +732,9 @@ ScreenDraw(SCREEN *pScr, int x, int y, int a, int len, char *c)
   SCREENLINE *pScrLine;
   RECT rc;
 
-  pScrLine = GetScreenLineFromY(pScr, y);  
+  pScrLine = GetScreenLineFromY(pScr, y);
   assert(pScrLine != NULL);
-	
+
   for(idx = x; idx < x + len; idx++) {
     pScrLine->text[idx] = c[idx - x];
     pScrLine->attrib[idx - x] = a;
diff --git a/src/windows/wintel/k5stream.c b/src/windows/wintel/k5stream.c
index a31538518..f39daa861 100644
--- a/src/windows/wintel/k5stream.c
+++ b/src/windows/wintel/k5stream.c
@@ -1,9 +1,9 @@
 /*
- * 
+ *
  * K5stream
- * 	
+ *
  * Emulates the kstream package in Kerberos 4
- * 
+ *
  */
 
 #include <stdio.h>
@@ -13,7 +13,7 @@
 #include "k5stream.h"
 #include "auth.h"
 
-int 
+int
 kstream_destroy(kstream ks)
 {
   if (ks != NULL) {
@@ -25,13 +25,13 @@ kstream_destroy(kstream ks)
   return 0;
 }
 
-void 
+void
 kstream_set_buffer_mode(kstream ks, int mode)
 {
 }
 
 
-kstream 
+kstream
 kstream_create_from_fd(int fd,
 		       const struct kstream_crypt_ctl_block *ctl,
 		       kstream_ptr data)
@@ -60,7 +60,7 @@ kstream_create_from_fd(int fd,
   return ks;
 }
 
-int 
+int
 kstream_write(kstream ks, void *p_data, size_t p_len)
 {
   int n;
@@ -80,12 +80,12 @@ kstream_write(kstream ks, void *p_data, size_t p_len)
   }
 
   n = send(ks->fd, p_data, p_len, 0);        /* Write the data */
-    
+
   return n;                                   /* higher layer does retries */
 }
 
 
-int 
+int
 kstream_read(kstream ks, void *p_data, size_t p_len)
 {
   int n;
@@ -113,7 +113,6 @@ kstream_read(kstream ks, void *p_data, size_t p_len)
     hexdump("decrypted data:", p_data, n);
 #endif
   }
-  
+
   return n;                                   /* higher layer does retries */
 }
-
diff --git a/src/windows/wintel/negotiat.c b/src/windows/wintel/negotiat.c
index 685092df5..28f23b1de 100644
--- a/src/windows/wintel/negotiat.c
+++ b/src/windows/wintel/negotiat.c
@@ -147,7 +147,7 @@ static char *SLCflags[]={      /* ascii strings for Linemode SLC flags */
 };
 
 /* Linemode default character for each function */
-static unsigned char LMdefaults[NTELOPTS + 1]={   
+static unsigned char LMdefaults[NTELOPTS + 1]={
   (unsigned char)-1,          /* zero isn't used */
   (unsigned char)-1,          /* we don't support SYNCH */
   3,                          /* ^C is default for BRK */
@@ -197,7 +197,7 @@ void
 start_negotiation(kstream ks)
 {
   char buf[128];
-    
+
   /* Send the initial telnet negotiations */
 #ifdef ENCRYPTION /* XXX */
   if (encrypt_flag)
@@ -220,7 +220,7 @@ start_negotiation(kstream ks)
 
 #ifdef NOT
   /* check whether we are going to be output mapping */
-  if(tw->mapoutput) { 
+  if(tw->mapoutput) {
     netprintf(tw->pnum,"%c%c%c",IAC,DO,TELOPT_BINARY);
     /* set the flag indicating we wanted server to start transmitting binary */
     tw->uwantbinary=1;
@@ -247,7 +247,7 @@ start_negotiation(kstream ks)
 	  teloptions[BINARY]);
   tprintf(cvs,"SEND: %s %s\r\n",telstates[WILL - TELCMD_FIRST],
 	  teloptions[BINARY]);
-#endif      
+#endif
 #endif
 }   /* end start_negotiation() */
 
@@ -269,13 +269,13 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
   unsigned char *mark, *orig;
   char buf[256];
   kstream ks;
-        
+
   ks = con->ks;
-   
+
 #ifdef PRINT_EVERYTHING
   hexdump("Options to process:", st, cnt);
 #endif /* PRINT_EVERYTHING */
-      
+
   orig = st;                /* remember beginning point */
   mark = st + cnt;            /* set to end of input string */
 
@@ -289,7 +289,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
    */
   while(st < mark) {
 
-    while(con->telstate != STNORM && st < mark) {   
+    while(con->telstate != STNORM && st < mark) {
       switch(con->telstate) {
       case IACFOUND:              /* telnet option negotiation */
 	if(*st == IAC) {          /* real data=255 */
@@ -306,7 +306,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 #ifdef NEGOTIATEDEBUG
 	wsprintf(buf, "\r\n strange telnet option");
 	OutputDebugString(buf);
-#endif                    
+#endif
 	orig=++st;
 	con->telstate=STNORM;
 	break;
@@ -352,7 +352,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 #ifdef NOT
 	case TELOPT_BINARY:       /* DO: binary transmission */
 	  if(!tw->ibinary) { /* binary */
-	    if(!tw->iwantbinary) { 
+	    if(!tw->iwantbinary) {
 	      netprintf(tw->pnum,"%c%c%c",
 			IAC,WILL,BINARY);
 	      if(tw->condebug>0)
@@ -428,7 +428,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 	   * its default character set
 	   */
 	  netprintf(tw->pnum,"%c%c%c%c",
-		    IAC,SB,TELOPT_LINEMODE,SLC,0,SLC_DEFAULT,0,IAC,SE);  
+		    IAC,SB,TELOPT_LINEMODE,SLC,0,SLC_DEFAULT,0,IAC,SE);
 	  if(tw->condebug>0) {
 	    tprintf(cv,"SEND: %s %s\r\n",
 		    telstates[WILL - TELCMD_FIRST],
@@ -498,7 +498,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 #ifdef NOT
 	case BINARY: /* DONT: check for binary neg. */
 	  if(tw->ibinary) {   /* binary */
-	    if(!tw->iwantbinary) { 
+	    if(!tw->iwantbinary) {
 	      netprintf(tw->pnum,"%c%c%c",IAC,WONT,BINARY);
 	      if(tw->condebug>0)
 		tprintf(cv,"SEND: %s %s\r\n",
@@ -523,13 +523,13 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 	  break;
 #endif
 	}
-	
+
 	/* all these just fall through to here... */
 
 	con->telstate=STNORM;
 	orig=++st;
 	break;
-	
+
       case WILL:       /* received a telnet WILL option */
 #ifdef NEGOTIATEDEBUG
 	wsprintf(strTmp,"RECV: %s %s\r\n",
@@ -554,7 +554,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 	    tw->ubinary=1;
 	  } /* end if */
 	  else {
-	    if(tw->condebug>0)    
+	    if(tw->condebug>0)
 	      tprintf(cv,"NO REPLY NEEDED: %s %s\r\n",
 		      telstates[DO - TELCMD_FIRST],
 		      teloptions[TELOPT_BINARY]);
@@ -609,7 +609,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 #endif
 	  break;
 #endif
-	  
+
 	default:
 	  wsprintf(buf,"%c%c%c",IAC,DONT,*st);
 	  TelnetSend(ks,buf,lstrlen(buf),0);
@@ -649,7 +649,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 	    tw->mapoutput=0; /* turn output mapping off */
 	  } /* end if */
 	  else {
-	    if(tw->condebug>0) 
+	    if(tw->condebug>0)
 	      tprintf(cv,"NO REPLY NEEDED: %s %s\r\n",
 		      telstates[DONT-TELCMD_FIRST],
 		      teloptions[BINARY]);
@@ -680,7 +680,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 	case TELOPT_ENCRYPT:   /* WONT: don't encrypt our input */
 	  break;
 #endif
-	  
+
 	default:
 	  break;
 	} /* end switch */
@@ -698,7 +698,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 
       case NEGOTIATE:
         /* until we change sub-negotiation states, accumulate bytes */
-	if(con->substate==0) { 
+	if(con->substate==0) {
 	  if(*st==IAC) {  /* check if we found an IAC byte */
 	    if(*(st+1)==IAC) {  /* skip over double IAC's */
 	      st++;
@@ -715,7 +715,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 	else {
 	  con->substate=*st++;
 	  /* check if we've really ended the sub-negotiations */
-	  if(con->substate==SE)    
+	  if(con->substate==SE)
 	    parse_subnegotiat(ks,end_sub);
 
 	  orig=st;
@@ -753,7 +753,7 @@ parse(CONNECTION *con,unsigned char *st,int cnt)
 	st++;
       } /* end while */
 #if 0
-      if(!tw->timing) 
+      if(!tw->timing)
 	parsewrite(tw,orig,st-orig);
 #endif
       orig=st;                /* forget what we have sent already */
@@ -803,8 +803,8 @@ parse_subnegotiat(kstream ks, int end_sub)
 	       "SEND: SB TERMINAL-TYPE IS vt100 \r\n len=%d \r\n",
 	       lstrlen((LPSTR)buf));
       OutputDebugString(strTmp);
-#endif                
-    }    
+#endif
+    }
     break;
 
   case TELOPT_AUTHENTICATION:
diff --git a/src/windows/wintel/resource.h b/src/windows/wintel/resource.h
index 0d39d5ca0..db79dee14 100644
--- a/src/windows/wintel/resource.h
+++ b/src/windows/wintel/resource.h
@@ -6,7 +6,7 @@
 #define IDC_STATIC                      -1
 
 // Next default values for new objects
-// 
+//
 #ifdef APSTUDIO_INVOKED
 #ifndef APSTUDIO_READONLY_SYMBOLS
 #define _APS_NEXT_RESOURCE_VALUE        103
diff --git a/src/windows/wintel/screen.c b/src/windows/wintel/screen.c
index 206c97c89..91de8dd8b 100644
--- a/src/windows/wintel/screen.c
+++ b/src/windows/wintel/screen.c
@@ -87,7 +87,7 @@ GetNewScreen(void)
 }
 
 SCREENLINE *
-ScreenNewLine(void) 
+ScreenNewLine(void)
 {
   SCREENLINE *pScrLine;
 
@@ -185,7 +185,7 @@ InitNewScreen(CONFIG *Config)
   scr->width = Config->width;
   scr->height = Config->height;
   scr->ID = id;
-  scr->x = 0;    
+  scr->x = 0;
   scr->y = 0;
   scr->Oldx = 0;
   scr->Oldy = 0;
@@ -296,19 +296,19 @@ int ScreenScroll(
     pNext = pScrollTop->next;
     pPrev = pScrollTop->prev;
 
-    pPrev->next = pNext;        
+    pPrev->next = pNext;
     pNext->prev = pPrev;
 
     pScrLine = pScrollTop;
     ScreenClearLine(pScr, pScrLine);
   }
   else {
-    pScr->numlines++;                
-    pScrLine = ScreenNewLine(); 
+    pScr->numlines++;
+    pScrLine = ScreenNewLine();
     if (pScrLine == NULL)
       return(0);
     pScr->screen_top = pScrollTop->next;
-  }    
+  }
 
   if (pScrLine == NULL)
     return(0);
@@ -347,7 +347,7 @@ int ScreenScroll(
 
   if (bFullScreen)
     ScrollDC(hDC, 0, -pScr->cyChar, NULL, NULL, NULL, NULL);
-  else 
+  else
     ScrollDC(hDC, 0, -pScr->cyChar, &rc, &rc, NULL, NULL);
 
   PatBlt(hDC, 0, pScr->bottom * pScr->cyChar,
@@ -387,7 +387,7 @@ int DrawTextScreen(
     if (!pScrLine)
       continue;
 
-    if (YPOS >= rcInvalid.top - pScr->cyChar && 
+    if (YPOS >= rcInvalid.top - pScr->cyChar &&
 	YPOS <= rcInvalid.bottom + pScr->cyChar) {
 
       if (y < 0)
@@ -415,12 +415,12 @@ int DrawTextScreen(
 	}
 
 	if (SCR_isrev(pScrLine->attrib[x])) {
-	  SelectObject(hDC, pScr->hSelectedFont);                
+	  SelectObject(hDC, pScr->hSelectedFont);
 	  SetTextColor(hDC, RGB(255, 255, 255));
 	  SetBkColor(hDC, RGB(0, 0, 0));
 	}
 	else if (SCR_isblnk(pScrLine->attrib[x])) {
-	  SelectObject(hDC, pScr->hSelectedFont);                
+	  SelectObject(hDC, pScr->hSelectedFont);
 	  SetTextColor(hDC, RGB(255, 0, 0));
 	  SetBkColor(hDC, RGB(255, 255, 255));
 	}
@@ -446,7 +446,7 @@ int DrawTextScreen(
 	TextOut(hDC, x*pScr->cxChar, y*pScr->cyChar, &pScrLine->text[x], len);
 	x += len;
       }
-    }                
+    }
     pScrLineTmp = pScrLine->next;
     pScrLine = pScrLineTmp;
   }
@@ -638,9 +638,9 @@ long PASCAL ScreenWndProc(
 			      LPARAM lParam)
 {
   MINMAXINFO *lpmmi;
-  SCREEN *pScr;                              
+  SCREEN *pScr;
   HMENU hMenu;
-  PAINTSTRUCT ps;    
+  PAINTSTRUCT ps;
   int x = 0;
   int y = 0;
   int ScrollPos;
@@ -657,7 +657,7 @@ long PASCAL ScreenWndProc(
     pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE);
     assert (pScr != NULL);
 
-    switch (wParam) {               
+    switch (wParam) {
 
     case IDM_EXIT:
       if (MessageBox(hWnd, "Terminate this connection?", "Telnet", MB_OKCANCEL) == IDOK) {
@@ -690,7 +690,7 @@ long PASCAL ScreenWndProc(
     case IDM_COPY:
       Edit_Copy(hWnd);
       hMenu=GetMenu(hWnd);
-      Edit_ClearSelection(pScr);                
+      Edit_ClearSelection(pScr);
       break;
 
     case IDM_PASTE:
@@ -730,7 +730,7 @@ long PASCAL ScreenWndProc(
       CheckScreen(pScr);
       break;
 #endif
-    }        
+    }
 
     break;
 
@@ -860,7 +860,7 @@ long PASCAL ScreenWndProc(
 
   case WM_KEYDOWN:
     if (wParam == VK_INSERT) {
-      if (GetKeyState(VK_SHIFT) < 0) 
+      if (GetKeyState(VK_SHIFT) < 0)
 	PostMessage(hWnd, WM_COMMAND, IDM_PASTE, 0);
       else if (GetKeyState(VK_CONTROL) < 0)
 	PostMessage(hWnd, WM_COMMAND, IDM_COPY, 0);
@@ -933,7 +933,7 @@ long PASCAL ScreenWndProc(
     lpmmi->ptMinTrackSize.y = FRAME_HEIGHT + 4 * pScr->cyChar;
     break;
 
-  case WM_LBUTTONDOWN: 
+  case WM_LBUTTONDOWN:
     if (bDoubleClick)
       Edit_TripleClick(hWnd, lParam);
     else
@@ -972,13 +972,13 @@ long PASCAL ScreenWndProc(
 #if 0
     pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE);
     assert (pScr != NULL);
-    wsprintf(strTmp,"fp->x=%d fp->y=%d text=%s \r\n", 
+    wsprintf(strTmp,"fp->x=%d fp->y=%d text=%s \r\n",
 	     pScr->screen_top->x, pScr->screen_top->y, pScr->screen_top->text);
     OutputDebugString(strTmp);
 #endif
     break;
 
-  case WM_PAINT:        
+  case WM_PAINT:
     pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE);
     assert (pScr != NULL);
     BeginPaint (hWnd, &ps);
@@ -988,7 +988,7 @@ long PASCAL ScreenWndProc(
     else
       OutputDebugString("screen_bottom is NULL.\r\n");
     EndPaint(hWnd, &ps);
-    break;         
+    break;
 
   case WM_CLOSE:
     if (MessageBox(hWnd, "Terminate this connection?", "Telnet", MB_OKCANCEL) == IDOK) {
@@ -996,7 +996,7 @@ long PASCAL ScreenWndProc(
       assert (pScr != NULL);
       SendMessage(pScr->hwndTel, WM_MYSCREENCLOSE, 0, (LPARAM) pScr);
       return (DefWindowProc(hWnd, message, wParam, lParam));
-    }    
+    }
     break;
 
   case WM_DESTROY:
diff --git a/src/windows/wintel/screen.h b/src/windows/wintel/screen.h
index 7cba678ce..e3e7460c8 100644
--- a/src/windows/wintel/screen.h
+++ b/src/windows/wintel/screen.h
@@ -4,7 +4,7 @@ extern long PASCAL ScreenWndProc(HWND,UINT,WPARAM,LPARAM);
 *          Definition of attribute bits in the Virtual Screen
 *
 *          0   -   Bold
-*          1   -   
+*          1   -
 *          2   -
 *          3   -   Underline
 *          4   -   Blink
@@ -81,7 +81,7 @@ typedef struct SCREEN {
 	int DECCKM;         /* Cursor key mode */
 	int DECPAM;         /* keyPad Application mode */
 	int IRM;            /* Insert/Replace mode */
-	int escflg;         /* Current Escape level */      
+	int escflg;         /* Current Escape level */
 	int top;            /* Vertical bounds of screen */
 	int bottom;
 	int parmptr;
@@ -242,7 +242,7 @@ intern.c
 	void ScreenSetOption(
 		SCREEN *pScr,
 		int toggle);
-	
+
 	BOOL ScreenInsChar(
 		SCREEN *pScr,
 		int x);
diff --git a/src/windows/wintel/telnet.c b/src/windows/wintel/telnet.c
index 449471b7b..a2f5083ca 100644
--- a/src/windows/wintel/telnet.c
+++ b/src/windows/wintel/telnet.c
@@ -1,23 +1,23 @@
 /****************************************************************************
-  
+
   Program: telnet.c
-  
+
   PURPOSE: Windows networking kernel - Telnet
-  
+
   FUNCTIONS:
-  
+
   WinMain() - calls initialization function, processes message loop
   InitApplication() - initializes window data and registers window
   InitInstance() - saves instance handle and creates main window
   MainWndProc() - processes messages
   About() - processes messages for "About" dialog box
-  
+
   COMMENTS:
-  
+
   Windows can have several copies of your application running at the
   same time.  The variable hInst keeps track of which instance this
   application is so that processing will be to the correct window.
-  
+
   ****************************************************************************/
 
 #include <windows.h>
@@ -36,7 +36,7 @@ static SCREEN *pScr;
 static int debug = 1;
 
 char strTmp[1024];			/* Scratch buffer */
-BOOL bAutoConnection = FALSE; 
+BOOL bAutoConnection = FALSE;
 short port_no = 23;
 char szUserName[64];			/* Used in auth.c */
 char szHostName[64];
@@ -53,22 +53,22 @@ krb5_context k5_context;
 /*
  *
  * FUNCTION: WinMain(HINSTANCE, HINSTANCE, LPSTR, int)
- * 
+ *
  * PURPOSE: calls initialization function, processes message loop
- * 
+ *
  * COMMENTS:
- * 
- * Windows recognizes this function by name as the initial entry point 
- * for the program.  This function calls the application initialization 
- * routine, if no other instance of the program is running, and always 
- * calls the instance initialization routine.  It then executes a message 
- * retrieval and dispatch loop that is the top-level control structure 
- * for the remainder of execution.  The loop is terminated when a WM_QUIT 
- * message is received, at which time this function exits the application 
- * instance by returning the value passed by PostQuitMessage(). 
- * 
- * If this function must abort before entering the message loop, it 
- * returns the conventional value NULL.  
+ *
+ * Windows recognizes this function by name as the initial entry point
+ * for the program.  This function calls the application initialization
+ * routine, if no other instance of the program is running, and always
+ * calls the instance initialization routine.  It then executes a message
+ * retrieval and dispatch loop that is the top-level control structure
+ * for the remainder of execution.  The loop is terminated when a WM_QUIT
+ * message is received, at which time this function exits the application
+ * instance by returning the value passed by PostQuitMessage().
+ *
+ * If this function must abort before entering the message loop, it
+ * returns the conventional value NULL.
  */
 
 int PASCAL
@@ -79,12 +79,12 @@ WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdS
   if (!hPrevInstance)
     if (!InitApplication(hInstance))
       return(FALSE);
-  
+
   /*
    * Perform initializations that apply to a specific instance
    */
   bAutoConnection = parse_cmdline(lpCmdLine);
-  
+
   if (!InitInstance(hInstance, nCmdShow))
     return(FALSE);
 
@@ -105,7 +105,7 @@ WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdS
     {
 	if (msg.message == WM_QUIT)	// Special case: WM_QUIT -- return
 	    return msg.wParam;		//   the value from PostQuitMessage
-	
+
 	TranslateMessage(&msg);
 	DispatchMessage(&msg);
     }
@@ -116,35 +116,35 @@ WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdS
 
 /*
  * FUNCTION: InitApplication(HINSTANCE)
- * 
+ *
  * PURPOSE: Initializes window data and registers window class
- * 
+ *
  * COMMENTS:
- * 
- * This function is called at initialization time only if no other 
- * instances of the application are running.  This function performs 
- * initialization tasks that can be done once for any number of running 
- * instances.  
- * 
- * In this case, we initialize a window class by filling out a data 
- * structure of type WNDCLASS and calling the Windows RegisterClass() 
- * function.  Since all instances of this application use the same window 
- * class, we only need to do this when the first instance is initialized.  
+ *
+ * This function is called at initialization time only if no other
+ * instances of the application are running.  This function performs
+ * initialization tasks that can be done once for any number of running
+ * instances.
+ *
+ * In this case, we initialize a window class by filling out a data
+ * structure of type WNDCLASS and calling the Windows RegisterClass()
+ * function.  Since all instances of this application use the same window
+ * class, we only need to do this when the first instance is initialized.
  */
 
 BOOL
 InitApplication(HINSTANCE hInstance)
 {
   WNDCLASS  wc;
-  
+
   ScreenInit(hInstance);
-  
+
   /*
    * Fill in window class structure with parameters that describe the
    * main window.
    */
   wc.style = CS_HREDRAW | CS_VREDRAW; /* Class style(s). */
-  wc.lpfnWndProc = MainWndProc;       /* Function to retrieve messages for 
+  wc.lpfnWndProc = MainWndProc;       /* Function to retrieve messages for
 				       * windows of this class.
 				       */
   wc.cbClsExtra = 0;                  /* No per-class extra data. */
@@ -155,24 +155,24 @@ InitApplication(HINSTANCE hInstance)
   wc.hbrBackground = NULL;	      /* GetStockObject(WHITE_BRUSH); */
   wc.lpszMenuName =  NULL; 	      /* Name of menu resource in .RC file. */
   wc.lpszClassName = WINDOW_CLASS;    /* Name used in call to CreateWindow. */
-  
+
   return(RegisterClass(&wc));
 }
 
 
 /*
  * FUNCTION:  InitInstance(HANDLE, int)
- * 
+ *
  * PURPOSE:  Saves instance handle and creates main window
- * 
+ *
  * COMMENTS:
- * 
- * This function is called at initialization time for every instance of 
- * this application.  This function performs initialization tasks that 
- * cannot be shared by multiple instances.  
- * 
- * In this case, we save the instance handle in a static variable and 
- * create and display the main program window.  
+ *
+ * This function is called at initialization time for every instance of
+ * this application.  This function performs initialization tasks that
+ * cannot be shared by multiple instances.
+ *
+ * In this case, we save the instance handle in a static variable and
+ * create and display the main program window.
  */
 BOOL
 InitInstance(HINSTANCE hInstance, int nCmdShow)
@@ -180,15 +180,15 @@ InitInstance(HINSTANCE hInstance, int nCmdShow)
   int xScreen = 0;
   int yScreen = 0;
   WSADATA wsaData;
-  
+
   SetScreenInstance(hInstance);
-  
+
   /*
    * Save the instance handle in static variable, which will be used in
    * many subsequence calls from this application to Windows.
    */
   hInst = hInstance;
-  
+
   /*
    * Create a main window for this application instance.
    */
@@ -207,12 +207,12 @@ InitInstance(HINSTANCE hInstance, int nCmdShow)
 
   if (!hWnd)
     return (FALSE);
-		
+
   if (WSAStartup(0x0101, &wsaData) != 0) {   /* Initialize the network */
     MessageBox(NULL, "Couldn't initialize Winsock!", NULL,
 	       MB_OK | MB_ICONEXCLAMATION);
     return(FALSE);
-  }        	
+  }
 
   if (!OpenTelnetConnection()) {
     WSACleanup();
@@ -242,12 +242,12 @@ LRESULT CALLBACK
 MainWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
 {
   HGLOBAL hBuffer;
-  LPSTR lpBuffer; 
+  LPSTR lpBuffer;
   int iEvent, cnt, ret;
   char *tmpCommaLoc;
   struct sockaddr_in remote_addr;
   struct hostent *remote_host;
-	
+
   switch (message) {
   case WM_MYSCREENCHANGEBKSP:
     if (!con)
@@ -255,12 +255,12 @@ MainWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
     con->backspace = wParam;
     if (con->backspace == VK_BACK) {
       con->ctrl_backspace = 0x7f;
-      WritePrivateProfileString(INI_TELNET, INI_BACKSPACE, 
+      WritePrivateProfileString(INI_TELNET, INI_BACKSPACE,
 				INI_BACKSPACE_BS, TELNET_INI);
     }
     else {
       con->ctrl_backspace = VK_BACK;
-      WritePrivateProfileString(INI_TELNET, INI_BACKSPACE, 
+      WritePrivateProfileString(INI_TELNET, INI_BACKSPACE,
 				INI_BACKSPACE_DEL, TELNET_INI);
     }
     GetPrivateProfileString(INI_HOSTS, INI_HOST "0", "", buf, 128, TELNET_INI);
@@ -323,7 +323,7 @@ MainWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
     }
 #endif
     DestroyWindow(hWnd);
-    break;        
+    break;
 
   case WM_QUERYOPEN:
     return(0);
@@ -339,10 +339,10 @@ MainWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
     PostQuitMessage(0);
     break;
 
-  case WM_NETWORKEVENT: 
+  case WM_NETWORKEVENT:
     iEvent = WSAGETSELECTEVENT(lParam);
 
-    switch (iEvent) {    	
+    switch (iEvent) {
 
     case FD_READ:
       if (con == NULL)
@@ -373,10 +373,10 @@ MainWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
 	break;
       }
       start_negotiation(con->ks);
-      break;		
+      break;
     }
 
-    break;  	        
+    break;
 
   case WM_HOSTNAMEFOUND:
     ret = WSAGETASYNCERROR(lParam);
@@ -408,7 +408,7 @@ MainWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
     wsprintf(buf, "%d", con->width);
     WritePrivateProfileString(INI_TELNET, INI_WIDTH, buf, TELNET_INI);
     break;
-		
+
   default:              		/* Passes it on if unproccessed */
     return(DefWindowProc(hWnd, message, wParam, lParam));
   }
@@ -447,7 +447,7 @@ SaveHostName(char *host, int port)
   comma = NULL;
   for (i = 0; i < 10; i++) {
     wsprintf(buf, INI_HOST "%d", i); /* INI item to fetch */
-    GetPrivateProfileString(INI_HOSTS, buf, "", hostName[i], 
+    GetPrivateProfileString(INI_HOSTS, buf, "", hostName[i],
 			    128, TELNET_INI);
 
     if (!hostName[i][0])
@@ -467,7 +467,7 @@ SaveHostName(char *host, int port)
       bs = 0x7f;
   }
   else {					/* No matching entry */
-    GetPrivateProfileString(INI_TELNET, INI_BACKSPACE, INI_BACKSPACE_BS, 
+    GetPrivateProfileString(INI_TELNET, INI_BACKSPACE, INI_BACKSPACE_BS,
 			    buf, sizeof(buf), TELNET_INI);
     bs = VK_BACK;				/* Default value */
     if (_stricmp(buf, INI_BACKSPACE_DEL) == 0)
@@ -505,7 +505,7 @@ OpenTelnetConnection(void)
   char buf[128];
 
   tmpConfig = calloc(sizeof(CONFIG), 1);
-	
+
   if (bAutoConnection) {
     tmpConfig->title = calloc(lstrlen(szHostName), 1);
     lstrcpy(tmpConfig->title, (char *) szHostName);
@@ -514,7 +514,7 @@ OpenTelnetConnection(void)
     if (nReturn == FALSE)
       return(FALSE);
   }
-					 	
+
   con = (CONNECTION *) GetNewConnection();
   if (con == NULL)
     return(0);
@@ -548,7 +548,7 @@ OpenTelnetConnection(void)
   }
 
   ret = (SOCKET) socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-	
+
   if (ret == SOCKET_ERROR) {
     wsprintf(buf, "Socket error on socket = %d!", WSAGetLastError());
     MessageBox(NULL, buf, NULL, MB_OK | MB_ICONEXCLAMATION);
@@ -557,17 +557,17 @@ OpenTelnetConnection(void)
     free(con);
     free(tmpConfig);
     return(-1);
-  } 
-	
+  }
+
   con->socket = ret;
-	
-  sockaddr.sin_family = AF_INET;  
+
+  sockaddr.sin_family = AF_INET;
   sockaddr.sin_addr.s_addr = htonl(INADDR_ANY);
   sockaddr.sin_port = htons(0);
-	
-  ret = bind(con->socket, (struct sockaddr *) &sockaddr, 
+
+  ret = bind(con->socket, (struct sockaddr *) &sockaddr,
 	     (int) sizeof(struct sockaddr_in));
-	
+
   if (ret == SOCKET_ERROR) {
     wsprintf(buf, "Socket error on bind!");
     MessageBox(NULL, buf, NULL, MB_OK | MB_ICONEXCLAMATION);
@@ -589,7 +589,7 @@ OpenTelnetConnection(void)
     strcpy(szHostName, ++p);
   }
 
-  WSAAsyncGetHostByName(hWnd, WM_HOSTNAMEFOUND, szHostName, hostdata, 
+  WSAAsyncGetHostByName(hWnd, WM_HOSTNAMEFOUND, szHostName, hostdata,
 			MAXGETHOSTSTRUCT);
 
   ctl.encrypt = auth_encrypt;
@@ -626,7 +626,7 @@ int
 DoDialog(char *szDialog, DLGPROC lpfnDlgProc)
 {
   int nReturn;
-	
+
   nReturn = DialogBox(hInst, szDialog, hWnd, lpfnDlgProc);
   return (nReturn);
 }
@@ -655,31 +655,31 @@ OpenTelnetDlg(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
   char tmpName[128];
   char tmpBuf[80];
   char *tmpCommaLoc;
-	
+
   switch (message) {
   case WM_INITDIALOG:
     hDC = GetDC(hDlg);
     Ext = GetDialogBaseUnits();
     xExt = (190 *LOWORD(Ext)) /4 ;
     yExt = (72 * HIWORD(Ext)) /8 ;
-    GetPrivateProfileString(INI_HOSTS, INI_HOST "0", "", tmpName, 
+    GetPrivateProfileString(INI_HOSTS, INI_HOST "0", "", tmpName,
 			    128, TELNET_INI);
     if (tmpName[0]) {
       tmpCommaLoc = strchr(tmpName, ',');
       if (tmpCommaLoc)
 	*tmpCommaLoc = '\0';
       SetDlgItemText(hDlg, TEL_CONNECT_NAME, tmpName);
-    }	
+    }
     hEdit = GetWindow(GetDlgItem(hDlg, TEL_CONNECT_NAME), GW_CHILD);
     while (TRUE) {
       wsprintf(tmpBuf, INI_HOST "%d", iHostNum++);
-      GetPrivateProfileString(INI_HOSTS, tmpBuf, "", tmpName, 
+      GetPrivateProfileString(INI_HOSTS, tmpBuf, "", tmpName,
 			      128, TELNET_INI);
-      tmpCommaLoc = strchr(tmpName, ',');  
+      tmpCommaLoc = strchr(tmpName, ',');
       if (tmpCommaLoc)
 	*tmpCommaLoc = '\0';
       if (tmpName[0])
-	SendDlgItemMessage(hDlg, TEL_CONNECT_NAME, CB_ADDSTRING, 0, 
+	SendDlgItemMessage(hDlg, TEL_CONNECT_NAME, CB_ADDSTRING, 0,
 			   (LPARAM) ((LPSTR) tmpName));
       else
 	break;
@@ -707,7 +707,7 @@ OpenTelnetDlg(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
 		 (GetSystemMetrics(SM_CXSCREEN)/2)-(xExt/2),
 		 (GetSystemMetrics(SM_CYSCREEN)/2)-(yExt/2),
 		 0, 0, SWP_NOSIZE | SWP_NOZORDER | SWP_SHOWWINDOW);
-    ReleaseDC(hDlg, hDC);      
+    ReleaseDC(hDlg, hDC);
     SendMessage(hEdit, WM_USER + 1, 0, 0);
     SendMessage(hDlg, WM_SETFOCUS, 0, 0);
     return (TRUE);
@@ -728,7 +728,7 @@ OpenTelnetDlg(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
       else
 	EnableWindow(GetDlgItem(hDlg, IDC_FORWARDFORWARD), 0);
       break;
-				
+
     case IDC_FORWARDFORWARD:
       forwardable_flag = (BOOL)SendDlgItemMessage(hDlg, IDC_FORWARDFORWARD,
 						  BM_GETCHECK, 0, 0);
@@ -747,7 +747,7 @@ OpenTelnetDlg(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
 
     case TEL_OK:
       GetDlgItemText(hDlg, TEL_CONNECT_NAME, szConnectName, 256);
-			
+
       n = parse_cmdline (szConnectName);
       if (! n) {
 	MessageBox(hDlg, "You must enter a session name!",
@@ -758,8 +758,8 @@ OpenTelnetDlg(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
       lstrcpy(tmpConfig->title, szConnectName);
       EndDialog(hDlg, TRUE);
       break;
-    }                
-    return (FALSE);                    
+    }
+    return (FALSE);
   }
   return(FALSE);
 }
@@ -773,7 +773,7 @@ OpenTelnetDlg(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
  *		send a buffer of characters to an output socket.  It differs
  *		by retrying endlessly if sending the bytes would cause
  *		the send() to block.  <gnu@cygnus.com> observed EWOULDBLOCK
- *		errors when running using TCP Software's PC/TCP 3.0 stack, 
+ *		errors when running using TCP Software's PC/TCP 3.0 stack,
  *		even when writing as little as 109 bytes into a socket
  *		that had no more than 9 bytes queued for output.  Note also
  *		that a kstream is used during output rather than a socket
@@ -839,9 +839,9 @@ trim(char *s)
 
 
 /*
- * 
+ *
  * Parse_cmdline
- * 
+ *
  * Reads hostname and port number off the command line.
  *
  * Formats: telnet
@@ -855,7 +855,7 @@ BOOL
 parse_cmdline(char *cmdline)
 {
   char *ptr;
-	
+
   *szHostName = '\0';                 /* Nothing yet */
   if (*cmdline == '\0')               /* Empty command line? */
     return(FALSE);
@@ -896,7 +896,7 @@ hexdump(char *msg, unsigned char *st, int cnt)
       if (j == 8)
 	OutputDebugString("| ");
       OutputDebugString(strTmp);
-    }    
+    }
     i += j - 1;
     OutputDebugString("\r\n");
   } /* end for */
diff --git a/src/windows/wintel/telopts.h b/src/windows/wintel/telopts.h
index 54d67cde3..d8b6a06d2 100644
--- a/src/windows/wintel/telopts.h
+++ b/src/windows/wintel/telopts.h
@@ -97,7 +97,7 @@
 
 #define FORWARDMASK 2
 
-#define SLC 3 
+#define SLC 3
 #define SLC_DEFAULT     3
 #define SLC_VALUE       2
 #define SLC_CANTCHANGE  1
@@ -147,7 +147,7 @@
 #define XOPTIONS		255
 
 #define LINEMODE_MODES_SUPPORTED    0x1B
-/* 
+/*
  * set this flag for linemode special functions which are supported by
  * Telnet, even though they are not currently active.  This is to allow
  * the other side to negotiate to a "No Support" state for an option
@@ -155,8 +155,8 @@
  * our "No Support" state to something else ("Can't Change", "Value",
  * whatever)
  */
-#define SLC_SUPPORTED       0x10    
-	
+#define SLC_SUPPORTED       0x10
+
 #define ESCFOUND 5
 #define IACFOUND 6
 #define NEGOTIATE 1