to summarize:

openssl:
	i will upgrade openssl to 0.9.7b.  upgrade path is a little bit tricky,
	due to openssl DES API changes between 0.9.6 and 0.9.7.

	1. split libcrypto and libdes.  libdes provides old API (like des_xx)
	   based on 0.9.6.
	2. libcrypto becomes 0.9.7, and provides new DES API (like DES_xx) only.
	   (0.9.7 has source-code level backward compat code for des_xx, but
	   i would like to disable it as it is wacky)
	3. both libdes and libcrypto will have a shlib major bump.

	i have confirmed that (1) goes fine, and can run happily with heimdal
	krb4 code.  (1) is in ftp://ftp.itojun.org/pub/libdes.tar.gz.

heimdal:
	ftp://ftp.itojun.org/pub/netbsd-krb4
	has tweaks to allow disabling/enabling kerberos v4/v5 separately, based
	on http://people.su.se/~lha/patches/netbsd/v4-diff.
	due to the shlib major bump of libcrypto/libdes, i guess kerberos
	libraries has to be bumped as well.  do we want to disable v4 at this
	time?  it looks that libkafs will define different symbols depending
	on if v4 enabled/disabled.

itojun