Module Name: src
Committed By: joerg
Date: Wed Oct 14 23:37:34 UTC 2009
Modified Files:
src/crypto/dist/heimdal/admin: ktutil.8
src/crypto/dist/heimdal/kadmin: kadmin.8 kadmind.8
src/crypto/dist/heimdal/kcm: kcm.8
src/crypto/dist/heimdal/kdc: hprop.8 hpropd.8 kdc.8 kstash.8
string2key.8
src/crypto/dist/heimdal/kpasswd: kpasswdd.8
src/crypto/dist/heimdal/kuser: kgetcred.1 kimpersonate.1 kinit.1
klist.1
src/crypto/dist/heimdal/lib/kadm5: iprop-log.8 iprop.8
Log Message:
Do not work around ancient groff limits with .Xo/.Xc.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/heimdal/admin/ktutil.8
cvs rdiff -u -r1.9 -r1.10 src/crypto/dist/heimdal/kadmin/kadmin.8
cvs rdiff -u -r1.10 -r1.11 src/crypto/dist/heimdal/kadmin/kadmind.8
cvs rdiff -u -r1.1 -r1.2 src/crypto/dist/heimdal/kcm/kcm.8
cvs rdiff -u -r1.10 -r1.11 src/crypto/dist/heimdal/kdc/hprop.8 \
src/crypto/dist/heimdal/kdc/hpropd.8
cvs rdiff -u -r1.13 -r1.14 src/crypto/dist/heimdal/kdc/kdc.8
cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/heimdal/kdc/kstash.8 \
src/crypto/dist/heimdal/kdc/string2key.8
cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/heimdal/kpasswd/kpasswdd.8
cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/heimdal/kuser/kgetcred.1
cvs rdiff -u -r1.1 -r1.2 src/crypto/dist/heimdal/kuser/kimpersonate.1
cvs rdiff -u -r1.10 -r1.11 src/crypto/dist/heimdal/kuser/kinit.1 \
src/crypto/dist/heimdal/kuser/klist.1
cvs rdiff -u -r1.1 -r1.2 src/crypto/dist/heimdal/lib/kadm5/iprop-log.8 \
src/crypto/dist/heimdal/lib/kadm5/iprop.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/heimdal/admin/ktutil.8
diff -u src/crypto/dist/heimdal/admin/ktutil.8:1.8 src/crypto/dist/heimdal/admin/ktutil.8:1.9
--- src/crypto/dist/heimdal/admin/ktutil.8:1.8 Sat Mar 22 08:36:49 2008
+++ src/crypto/dist/heimdal/admin/ktutil.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: ktutil.8 14792 2005-04-14 16:43:57Z lha $
-.\" $NetBSD: ktutil.8,v 1.8 2008/03/22 08:36:49 mlelstv Exp $
+.\" $NetBSD: ktutil.8,v 1.9 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd April 14, 2005
.Dt KTUTIL 8
@@ -54,72 +54,43 @@
is a program for managing keytabs.
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
+.It Fl v , Fl -verbose
Verbose output.
.El
.Pp
.Ar command
can be one of the following:
-.Bl -tag -width srvconvert
-.It add Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V Ar kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e Ar enctype
-.Op Fl -enctype= Ns Ar enctype
-.Op Fl w Ar password
-.Op Fl -password= Ns Ar password
-.Op Fl r
-.Op Fl -random
-.Op Fl s
-.Op Fl -no-salt
-.Op Fl H
-.Op Fl -hex
-.Xc
+.Bl -tag -width srvconvert -width srvconvert
+.It add Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \
+Oo Fl V Ar kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \
+Oo Fl -enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \
+Oo Fl -password= Ns Ar password Oc Oo Fl r Oc Oo Fl -random Oc \
+Oo Fl s Oc Oo Fl -no-salt Oc Oo Fl H Oc Op Fl -hex
Adds a key to the keytab. Options that are not specified will be
prompted for. This requires that you know the password or the hex key of the
principal to add; if what you really want is to add a new principal to
the keytab, you should consider the
.Ar get
command, which talks to the kadmin server.
-.It change Xo
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl -a Ar host
-.Op Fl -admin-server= Ns Ar host
-.Op Fl -s Ar port
-.Op Fl -server-port= Ns Ar port
-.Xc
+.It change Oo Fl r Ar realm Oc Oo Fl -realm= Ns Ar realm Oc \
+Oo Fl -a Ar host Oc Oo Fl -admin-server= Ns Ar host Oc \
+Oo Fl -s Ar port Oc Op Fl -server-port= Ns Ar port
Update one or several keys to new versions. By default, use the admin
server for the realm of a keytab entry. Otherwise it will use the
values specified by the options.
.Pp
If no principals are given, all the ones in the keytab are updated.
-.It copy Xo
-.Ar keytab-src
-.Ar keytab-dest
-.Xc
+.It copy Ar keytab-src Ar keytab-dest
Copies all the entries from
.Ar keytab-src
to
.Ar keytab-dest .
-.It get Xo
-.Op Fl p Ar admin principal
-.Op Fl -principal= Ns Ar admin principal
-.Op Fl e Ar enctype
-.Op Fl -enctypes= Ns Ar enctype
-.Op Fl r Ar realm
-.Op Fl -realm= Ns Ar realm
-.Op Fl a Ar admin server
-.Op Fl -admin-server= Ns Ar admin server
-.Op Fl s Ar server port
-.Op Fl -server-port= Ns Ar server port
-.Ar principal ...
-.Xc
+.It get Oo Fl p Ar admin principal Oc \
+Oo Fl -principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \
+Oo Fl -enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \
+Oo Fl -realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \
+Oo Fl -admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \
+Oo Fl -server-port= Ns Ar server port Oc Ar principal ...
For each
.Ar principal ,
generate a new key for it (creating it if it doesn't already exist),
@@ -129,44 +100,28 @@
.Ar realm
is specified, the realm to operate on is taken from the first
principal.
-.It list Xo
-.Op Fl -keys
-.Op Fl -timestamp
-.Xc
+.It list Oo Fl -keys Oc Op Fl -timestamp
List the keys stored in the keytab.
-.It remove Xo
-.Op Fl p Ar principal
-.Op Fl -principal= Ns Ar principal
-.Op Fl V kvno
-.Op Fl -kvno= Ns Ar kvno
-.Op Fl e enctype
-.Op Fl -enctype= Ns Ar enctype
-.Xc
+.It remove Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \
+Oo Fl V kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \
+Oo Fl -enctype= Ns Ar enctype Oc
Removes the specified key or keys. Not specifying a
.Ar kvno
removes keys with any version number. Not specifying an
.Ar enctype
removes keys of any type.
-.It rename Xo
-.Ar from-principal
-.Ar to-principal
-.Xc
+.It rename Ar from-principal Ar to-principal
Renames all entries in the keytab that match the
.Ar from-principal
to
.Ar to-principal .
-.It purge Xo
-.Op Fl -age= Ns Ar age
-.Xc
+.It purge Op Fl -age= Ns Ar age
Removes all old versions of a key for which there is a newer version
that is at least
.Ar age
(default one week) old.
.It srvconvert
-.It srv2keytab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
+.It srv2keytab Oo Fl s Ar srvtab Oc Op Fl -srvtab= Ns Ar srvtab
Converts the version 4 srvtab in
.Ar srvtab
to a version 5 keytab and stores it in
@@ -178,10 +133,7 @@
.Ar keytab
.Ed
.It srvcreate
-.It key2srvtab Xo
-.Op Fl s Ar srvtab
-.Op Fl -srvtab= Ns Ar srvtab
-.Xc
+.It key2srvtab Oo Fl s Ar srvtab Oc Op Fl -srvtab= Ns Ar srvtab
Converts the version 5 keytab in
.Ar keytab
to a version 4 srvtab and stores it in
Index: src/crypto/dist/heimdal/kadmin/kadmin.8
diff -u src/crypto/dist/heimdal/kadmin/kadmin.8:1.9 src/crypto/dist/heimdal/kadmin/kadmin.8:1.10
--- src/crypto/dist/heimdal/kadmin/kadmin.8:1.9 Sat Mar 22 08:37:02 2008
+++ src/crypto/dist/heimdal/kadmin/kadmin.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: kadmin.8 21739 2007-07-31 15:55:32Z lha $
-.\" $NetBSD: kadmin.8,v 1.9 2008/03/22 08:37:02 mlelstv Exp $
+.\" $NetBSD: kadmin.8,v 1.10 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd Feb 22, 2007
.Dt KADMIN 8
@@ -41,34 +41,13 @@
.Sh SYNOPSIS
.Nm
.Bk -words
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -principal= Ns Ar string
-.Xc
-.Oc
-.Oo Fl K Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string
-.Xc
-.Oc
-.Oo Fl c Ar file \*(Ba Xo
-.Fl -config-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl k Ar file \*(Ba Xo
-.Fl -key-file= Ns Ar file
-.Xc
-.Oc
-.Oo Fl r Ar realm \*(Ba Xo
-.Fl -realm= Ns Ar realm
-.Xc
-.Oc
-.Oo Fl a Ar host \*(Ba Xo
-.Fl -admin-server= Ns Ar host
-.Xc
-.Oc
-.Oo Fl s Ar port number \*(Ba Xo
-.Fl -server-port= Ns Ar port number
-.Xc
-.Oc
+.Op Fl p Ar string \*(Ba Fl -principal= Ns Ar string
+.Op Fl K Ar string \*(Ba Fl -keytab= Ns Ar string
+.Op Fl c Ar file \*(Ba Fl -config-file= Ns Ar file
+.Op Fl k Ar file \*(Ba Fl -key-file= Ns Ar file
+.Op Fl r Ar realm \*(Ba Fl -realm= Ns Ar realm
+.Op Fl a Ar host \*(Ba Fl -admin-server= Ns Ar host
+.Op Fl s Ar port number \*(Ba Fl -server-port= Ns Ar port number
.Op Fl l | Fl -local
.Op Fl h | Fl -help
.Op Fl v | Fl -version
@@ -85,45 +64,21 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl p Ar string ,
-.Fl -principal= Ns Ar string
-.Xc
+.It Fl p Ar string , Fl -principal= Ns Ar string
principal to authenticate as
-.It Xo
-.Fl K Ar string ,
-.Fl -keytab= Ns Ar string
-.Xc
+.It Fl K Ar string , Fl -keytab= Ns Ar string
keytab for authentication principal
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
+.It Fl k Ar file , Fl -key-file= Ns Ar file
location of master key file
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
+.It Fl r Ar realm , Fl -realm= Ns Ar realm
realm to use
-.It Xo
-.Fl a Ar host ,
-.Fl -admin-server= Ns Ar host
-.Xc
+.It Fl a Ar host , Fl -admin-server= Ns Ar host
server to contact
-.It Xo
-.Fl s Ar port number ,
-.Fl -server-port= Ns Ar port number
-.Xc
+.It Fl s Ar port number , Fl -server-port= Ns Ar port number
port to use
-.It Xo
-.Fl l ,
-.Fl -local
-.Xc
+.It Fl l , Fl -local
local admin mode
.El
.Pp
@@ -145,14 +100,12 @@
Commands include:
.\" not using a list here, since groff apparently gets confused
.\" with nested Xo/Xc
-.Bd -ragged -offset indent
+.Bl -item -offset indent
+.It
.Nm add
.Op Fl r | Fl -random-key
.Op Fl -random-password
-.Oo Fl p Ar string \*(Ba Xo
-.Fl -password= Ns Ar string
-.Xc
-.Oc
+.Op Fl p Ar string \*(Ba Fl -password= Ns Ar string
.Op Fl -key= Ns Ar string
.Op Fl -max-ticket-life= Ns Ar lifetime
.Op Fl -max-renewable-life= Ns Ar lifetime
@@ -165,7 +118,7 @@
Adds a new principal to the database. The options not passed on the
command line will be promped for.
.Ed
-.Pp
+.It
.Nm add_enctype
.Op Fl r | Fl -random-key
.Ar principal enctypes...
@@ -174,14 +127,14 @@
Adds a new encryption type to the principal, only random key are
supported.
.Ed
-.Pp
+.It
.Nm delete
.Ar principal...
.Pp
.Bd -ragged -offset indent
Removes a principal.
.Ed
-.Pp
+.It
.Nm del_enctype
.Ar principal enctypes...
.Pp
@@ -190,7 +143,7 @@
service belonging to the principal is known to not handle certain
enctypes.
.Ed
-.Pp
+.It
.Nm ext_keytab
.Oo Fl k Ar string \*(Ba Xo
.Fl -keytab= Ns Ar string
@@ -201,7 +154,7 @@
.Bd -ragged -offset indent
Creates a keytab with the keys of the specified principals.
.Ed
-.Pp
+.It
.Nm get
.Op Fl l | Fl -long
.Op Fl s | Fl -short
@@ -243,7 +196,7 @@
and
.Li keytypes .
.Ed
-.Pp
+.It
.Nm modify
.Oo Fl a Ar attributes \*(Ba Xo
.Fl -attributes= Ns Ar attributes
@@ -281,7 +234,7 @@
.Pp
kadmin -l modify -a -disallow-proxiable user
.Ed
-.Pp
+.It
.Nm passwd
.Op Fl r | Fl -random-key
.Op Fl -random-password
@@ -295,7 +248,7 @@
.Bd -ragged -offset indent
Changes the password of an existing principal.
.Ed
-.Pp
+.It
.Nm password-quality
.Ar principal
.Ar password
@@ -307,7 +260,7 @@
The verification is done locally, if kadmin is run in remote mode,
no rpc call is done to the server.
.Ed
-.Pp
+.It
.Nm privileges
.Pp
.Bd -ragged -offset indent
@@ -322,7 +275,7 @@
and
.Li modify .
.Ed
-.Pp
+.It
.Nm rename
.Ar from to
.Pp
@@ -332,7 +285,7 @@
and clients which are unable to cope with this will fail. Kerberos 4
suffers from this.
.Ed
-.Pp
+.It
.Nm check
.Op Ar realm
.Pp
@@ -340,11 +293,11 @@
Check database for strange configurations on important principals. If
no realm is given, the default realm is used.
.Ed
-.Pp
-.Ed
+.El
.Pp
When running in local mode, the following commands can also be used:
-.Bd -ragged -offset indent
+.Bl -item -offset indent
+.It
.Nm dump
.Op Fl d | Fl -decrypt
.Op Ar dump-file
@@ -357,7 +310,7 @@
.Fl -decrypt
is used.
.Ed
-.Pp
+.It
.Nm init
.Op Fl -realm-max-ticket-life= Ns Ar string
.Op Fl -realm-max-renewable-life= Ns Ar string
@@ -367,7 +320,7 @@
Initializes the Kerberos database with entries for a new realm. It's
possible to have more than one realm served by one server.
.Ed
-.Pp
+.It
.Nm load
.Ar file
.Pp
@@ -375,7 +328,7 @@
Reads a previously dumped database, and re-creates that database from
scratch.
.Ed
-.Pp
+.It
.Nm merge
.Ar file
.Pp
@@ -384,7 +337,7 @@
.Nm load
but just modifies the database with the entries in the dump file.
.Ed
-.Pp
+.It
.Nm stash
.Oo Fl e Ar enctype \*(Ba Xo
.Fl -enctype= Ns Ar enctype
@@ -401,7 +354,7 @@
Writes the Kerberos master key to a file used by the KDC.
.Ed
.Pp
-.Ed
+.El
.\".Sh ENVIRONMENT
.\".Sh FILES
.\".Sh EXAMPLES
Index: src/crypto/dist/heimdal/kadmin/kadmind.8
diff -u src/crypto/dist/heimdal/kadmin/kadmind.8:1.10 src/crypto/dist/heimdal/kadmin/kadmind.8:1.11
--- src/crypto/dist/heimdal/kadmin/kadmind.8:1.10 Sat Mar 22 08:37:02 2008
+++ src/crypto/dist/heimdal/kadmin/kadmind.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: kadmind.8 14370 2004-12-08 17:20:21Z lha $
-.\" $NetBSD: kadmind.8,v 1.10 2008/03/22 08:37:02 mlelstv Exp $
+.\" $NetBSD: kadmind.8,v 1.11 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd December 8, 2004
.Dt KADMIND 8
@@ -119,34 +119,17 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
location of config file
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
+.It Fl k Ar file , Fl -key-file= Ns Ar file
location of master key file
-.It Xo
-.Fl -keytab= Ns Ar keytab
-.Xc
+.It Fl -keytab= Ns Ar keytab
what keytab to use
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
+.It Fl r Ar realm , Fl -realm= Ns Ar realm
realm to use
-.It Xo
-.Fl d ,
-.Fl -debug
-.Xc
+.It Fl d , Fl -debug
enable debugging
-.It Xo
-.Fl p Ar port ,
-.Fl -ports= Ns Ar port
-.Xc
+.It Fl p Ar port , Fl -ports= Ns Ar port
ports to listen to. By default, if run as a daemon, it listens to port
749, but you can add any number of ports with this option. The port
string is a whitespace separated list of port specifications, with the
Index: src/crypto/dist/heimdal/kcm/kcm.8
diff -u src/crypto/dist/heimdal/kcm/kcm.8:1.1 src/crypto/dist/heimdal/kcm/kcm.8:1.2
--- src/crypto/dist/heimdal/kcm/kcm.8:1.1 Sat Mar 22 09:29:56 2008
+++ src/crypto/dist/heimdal/kcm/kcm.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: kcm.8 15497 2005-06-20 13:32:44Z lha $
-.\" $NetBSD: kcm.8,v 1.1 2008/03/22 09:29:56 mlelstv Exp $
+.\" $NetBSD: kcm.8,v 1.2 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd May 29, 2005
.Dt KCM 8
@@ -128,91 +128,42 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl -cache-name= Ns Ar cachename
-.Xc
+.It Fl -cache-name= Ns Ar cachename
system cache name
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
location of config file
-.It Xo
-.Fl g Ar group ,
-.Fl -group= Ns Ar group
-.Xc
+.It Fl g Ar group , Fl -group= Ns Ar group
system cache group
-.It Xo
-.Fl -max-request= Ns Ar size
-.Xc
+.It Fl -max-request= Ns Ar size
max size for a kcm-request
-.It Xo
-.Fl -disallow-getting-krbtgt
-.Xc
+.It Fl -disallow-getting-krbtgt
disallow extracting any krbtgt from the
.Nm kcm
daemon.
-.It Xo
-.Fl -detach
-.Xc
+.It Fl -detach
detach from console
-.It Xo
-.Fl h ,
-.Fl -help
-.Xc
-.It Xo
-.Fl k Ar principal ,
-.Fl -system-principal= Ns Ar principal
-.Xc
+.It Fl h , Fl -help
+.It Fl k Ar principal , Fl -system-principal= Ns Ar principal
system principal name
-.It Xo
-.Fl l Ar time ,
-.Fl -lifetime= Ns Ar time
-.Xc
+.It Fl l Ar time , Fl -lifetime= Ns Ar time
lifetime of system tickets
-.It Xo
-.Fl m Ar mode ,
-.Fl -mode= Ns Ar mode
-.Xc
+.It Fl m Ar mode , Fl -mode= Ns Ar mode
octal mode of system cache
-.It Xo
-.Fl n ,
-.Fl -no-name-constraints
-.Xc
+.It Fl n , Fl -no-name-constraints
disable credentials cache name constraints
-.It Xo
-.Fl r Ar time ,
-.Fl -renewable-life= Ns Ar time
-.Xc
+.It Fl r Ar time , Fl -renewable-life= Ns Ar time
renewable lifetime of system tickets
-.It Xo
-.Fl s Ar path ,
-.Fl -socket-path= Ns Ar path
-.Xc
+.It Fl s Ar path , Fl -socket-path= Ns Ar path
path to kcm domain socket
-.It Xo
-.Fl -door-path= Ns Ar path
-.Xc
+.It Fl -door-path= Ns Ar path
path to kcm door socket
-.It Xo
-.Fl S Ar principal ,
-.Fl -server= Ns Ar principal
-.Xc
+.It Fl S Ar principal , Fl -server= Ns Ar principal
server to get system ticket for
-.It Xo
-.Fl t Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
+.It Fl t Ar keytab , Fl -keytab= Ns Ar keytab
system keytab name
-.It Xo
-.Fl u Ar user ,
-.Fl -user= Ns Ar user
-.Xc
+.It Fl u Ar user , Fl -user= Ns Ar user
system cache owner
-.It Xo
-.Fl v ,
-.Fl -version
-.Xc
+.It Fl v , Fl -version
.El
.\".Sh ENVIRONMENT
.\".Sh FILES
Index: src/crypto/dist/heimdal/kdc/hprop.8
diff -u src/crypto/dist/heimdal/kdc/hprop.8:1.10 src/crypto/dist/heimdal/kdc/hprop.8:1.11
--- src/crypto/dist/heimdal/kdc/hprop.8:1.10 Fri Nov 7 16:51:27 2008
+++ src/crypto/dist/heimdal/kdc/hprop.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: hprop.8 20456 2007-04-19 20:29:42Z lha $
-.\" $NetBSD: hprop.8,v 1.10 2008/11/07 16:51:27 wiz Exp $
+.\" $NetBSD: hprop.8,v 1.11 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd December 8, 2004
.Dt HPROP 8
@@ -91,19 +91,11 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl m Ar file ,
-.Fl -master-key= Ns Pa file
-.Xc
+.It Fl m Ar file , Fl -master-key= Ns Pa file
Where to find the master key to encrypt or decrypt keys with.
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Pa file
-.Xc
+.It Fl d Ar file , Fl -database= Ns Pa file
The database to be propagated.
-.It Xo
-.Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver
-.Xc
+.It Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver
Specifies the type of the source database. Alternatives include:
.Pp
.Bl -tag -width krb4-dump -compact -offset indent
@@ -116,36 +108,21 @@
.It kaserver
an AFS kaserver database
.El
-.It Xo
-.Fl k Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
+.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab
The keytab to use for fetching the key to be used for authenticating
to the propagation daemon(s). The key
.Pa kadmin/hprop
is used from this keytab. The default is to fetch the key from the
KDC database.
-.It Xo
-.Fl R Ar string ,
-.Fl -v5-realm= Ns Ar string
-.Xc
+.It Fl R Ar string , Fl -v5-realm= Ns Ar string
Local realm override.
-.It Xo
-.Fl D ,
-.Fl -decrypt
-.Xc
+.It Fl D , Fl -decrypt
The encryption keys in the database can either be in clear, or
encrypted with a master key. This option transmits the database with
unencrypted keys.
-.It Xo
-.Fl E ,
-.Fl -encrypt
-.Xc
+.It Fl E , Fl -encrypt
This option transmits the database with encrypted keys.
-.It Xo
-.Fl n ,
-.Fl -stdout
-.Xc
+.It Fl n , Fl -stdout
Dump the database on stdout, in a format that can be fed to hpropd.
.El
.Pp
@@ -153,32 +130,20 @@
.Nm hprop
is compiled with support for Kerberos 4 (kaserver).
.Bl -tag -width Ds
-.It Xo
-.Fl r Ar string ,
-.Fl -v4-realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -v4-realm= Ns Ar string
v4 realm to use.
-.It Xo
-.Fl c Ar cell ,
-.Fl -cell= Ns Ar cell
-.Xc
+.It Fl c Ar cell , Fl -cell= Ns Ar cell
The AFS cell name, used if reading a kaserver database.
-.It Xo
-.Fl S ,
-.Fl -kaspecials
-.Xc
+.It Fl S , Fl -kaspecials
Also dump the principals marked as special in the kaserver database.
-.It Xo
-.Fl K ,
-.Fl -ka-db
-.Xc
+.It Fl K , Fl -ka-db
Deprecated, identical to
.Sq --source=kaserver .
.El
.Sh EXAMPLES
The following will propagate a database to another machine (which
should run
-.Xr hpropd 8 ):
+.Xr hpropd 8 ) :
.Bd -literal -offset indent
$ hprop slave-1 slave-2
.Ed
Index: src/crypto/dist/heimdal/kdc/hpropd.8
diff -u src/crypto/dist/heimdal/kdc/hpropd.8:1.10 src/crypto/dist/heimdal/kdc/hpropd.8:1.11
--- src/crypto/dist/heimdal/kdc/hpropd.8:1.10 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kdc/hpropd.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: hpropd.8 14381 2004-12-10 09:44:05Z lha $
-.\" $NetBSD: hpropd.8,v 1.10 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: hpropd.8,v 1.11 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd August 27, 1997
.Dt HPROPD 8
@@ -74,34 +74,17 @@
.Pp
Options supported:
.Bl -tag -width Ds
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Ar file
-.Xc
+.It Fl d Ar file , Fl -database= Ns Ar file
database
-.It Xo
-.Fl n ,
-.Fl -stdin
-.Xc
+.It Fl n , Fl -stdin
read from stdin
-.It Xo
-.Fl -print
-.Xc
+.It Fl -print
print dump to stdout
-.It Xo
-.Fl i ,
-.Fl -no-inetd
-.Xc
+.It Fl i , Fl -no-inetd
not started from inetd
-.It Xo
-.Fl k Ar keytab ,
-.Fl -keytab= Ns Ar keytab
-.Xc
+.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab
keytab to use for authentication
-.It Xo
-.Fl 4 ,
-.Fl -v4dump
-.Xc
+.It Fl 4 , Fl -v4dump
create v4 type DB
.El
.Sh SEE ALSO
Index: src/crypto/dist/heimdal/kdc/kdc.8
diff -u src/crypto/dist/heimdal/kdc/kdc.8:1.13 src/crypto/dist/heimdal/kdc/kdc.8:1.14
--- src/crypto/dist/heimdal/kdc/kdc.8:1.13 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kdc/kdc.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: kdc.8 18419 2006-10-12 10:05:57Z lha $
-.\" $NetBSD: kdc.8,v 1.13 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: kdc.8,v 1.14 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd August 24, 2006
.Dt KDC 8
@@ -73,17 +73,11 @@
.Pp
Options supported:
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
Specifies the location of the config file, the default is
.Pa /var/heimdal/kdc.conf .
This is the only value that can't be specified in the config file.
-.It Xo
-.Fl p ,
-.Fl -no-require-preauth
-.Xc
+.It Fl p , Fl -no-require-preauth
Turn off the requirement for pre-autentication in the initial AS-REQ
for all principals.
The use of pre-authentication makes it more difficult to do offline
@@ -96,34 +90,20 @@
The default is to require pre-authentication.
Adding the require-preauth per principal is a more flexible way of
handling this.
-.It Xo
-.Fl -max-request= Ns Ar size
-.Xc
+.It Fl -max-request= Ns Ar size
Gives an upper limit on the size of the requests that the kdc is
willing to handle.
-.It Xo
-.Fl H ,
-.Fl -enable-http
-.Xc
+.It Fl H , Fl -enable-http
Makes the kdc listen on port 80 and handle requests encapsulated in HTTP.
-.It Xo
-.Fl -no-524
-.Xc
+.It Fl -no-524
don't respond to 524 requests
-.It Xo
-.Fl -kerberos4
-.Xc
+.It Fl -kerberos4
respond to Kerberos 4 requests
-.It Xo
-.Fl -kerberos4-cross-realm
-.Xc
+.It Fl -kerberos4-cross-realm
respond to Kerberos 4 requests from foreign realms.
This is a known security hole and should not be enabled unless you
understand the consequences and are willing to live with them.
-.It Xo
-.Fl r Ar string ,
-.Fl -v4-realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -v4-realm= Ns Ar string
What realm this server should act as when dealing with version 4
requests.
The database can contain any number of realms, but since the version 4
@@ -133,15 +113,9 @@
.Fn krb_get_lrealm .
This option is only availabe if the KDC has been compiled with version
4 support.
-.It Xo
-.Fl K ,
-.Fl -kaserver
-.Xc
+.It Fl K , Fl -kaserver
Enable kaserver emulation (in case it's compiled in).
-.It Xo
-.Fl P Ar portspec ,
-.Fl -ports= Ns Ar portspec
-.Xc
+.It Fl P Ar portspec , Fl -ports= Ns Ar portspec
Specifies the set of ports the KDC should listen on.
It is given as a
white-space separated list of services or port numbers.
@@ -199,11 +173,8 @@
.It Li max-kdc-datagram-reply-length = Va number
Maximum packet size the UDP rely that the KDC will transmit, instead
the KDC sends back a reply telling the client to use TCP instead.
-.It Li transited-policy = Xo
-.Li always-check \*(Ba
-.Li allow-per-principal |
-.Li always-honour-request
-.Xc
+.It Li transited-policy = Li always-check \*(Ba \
+Li allow-per-principal | Li always-honour-request
This controls how KDC requests with the
.Li disable-transited-check
flag are handled. It can be one of:
Index: src/crypto/dist/heimdal/kdc/kstash.8
diff -u src/crypto/dist/heimdal/kdc/kstash.8:1.7 src/crypto/dist/heimdal/kdc/kstash.8:1.8
--- src/crypto/dist/heimdal/kdc/kstash.8:1.7 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kdc/kstash.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: kstash.8 20316 2007-04-11 11:53:20Z lha $
-.\" $NetBSD: kstash.8,v 1.7 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: kstash.8,v 1.8 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd April 10, 2007
.Dt KSTASH 8
@@ -63,28 +63,16 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl e Ar string ,
-.Fl -enctype= Ns Ar string
-.Xc
+.It Fl e Ar string , Fl -enctype= Ns Ar string
the encryption type to use, defaults to DES3-CBC-SHA1.
-.It Xo
-.Fl k Ar file ,
-.Fl -key-file= Ns Ar file
-.Xc
+.It Fl k Ar file , Fl -key-file= Ns Ar file
the name of the master key file.
-.It Xo
-.Fl -convert-file
-.Xc
+.It Fl -convert-file
don't ask for a new master key, just read an old master key file, and
write it back in the new keyfile format.
-.It Xo
-.Fl -random-key
-.Xc
+.It Fl -random-key
generate a random master key.
-.It Xo
-.Fl -master-key-fd= Ns Ar fd
-.Xc
+.It Fl -master-key-fd= Ns Ar fd
filedescriptor to read passphrase from, if not specified the
passphrase will be read from the terminal.
.El
Index: src/crypto/dist/heimdal/kdc/string2key.8
diff -u src/crypto/dist/heimdal/kdc/string2key.8:1.7 src/crypto/dist/heimdal/kdc/string2key.8:1.8
--- src/crypto/dist/heimdal/kdc/string2key.8:1.7 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kdc/string2key.8 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: string2key.8 11648 2003-02-16 21:10:32Z lha $
-.\" $NetBSD: string2key.8,v 1.7 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: string2key.8,v 1.8 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd March 4, 2000
.Dt STRING2KEY 8
@@ -66,46 +66,21 @@
This is useful when you want to handle the raw key instead of the password.
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl 5 ,
-.Fl -version5
-.Xc
+.It Fl 5 , Fl -version5
Output Kerberos v5 string-to-key
-.It Xo
-.Fl 4 ,
-.Fl -version4
-.Xc
+.It Fl 4 , Fl -version4
Output Kerberos v4 string-to-key
-.It Xo
-.Fl a ,
-.Fl -afs
-.Xc
+.It Fl a , Fl -afs
Output AFS string-to-key
-.It Xo
-.Fl c Ar cell ,
-.Fl -cell= Ns Ar cell
-.Xc
+.It Fl c Ar cell , Fl -cell= Ns Ar cell
AFS cell to use
-.It Xo
-.Fl w Ar password ,
-.Fl -password= Ns Ar password
-.Xc
+.It Fl w Ar password , Fl -password= Ns Ar password
Password to use
-.It Xo
-.Fl p Ar principal ,
-.Fl -principal= Ns Ar principal
-.Xc
+.It Fl p Ar principal , Fl -principal= Ns Ar principal
Kerberos v5 principal to use
-.It Xo
-.Fl k Ar string ,
-.Fl -keytype= Ns Ar string
-.Xc
+.It Fl k Ar string , Fl -keytype= Ns Ar string
Keytype
-.It Xo
-.Fl -version
-.Xc
+.It Fl -version
print version
-.It Xo
-.Fl -help
-.Xc
+.It Fl -help
.El
Index: src/crypto/dist/heimdal/kpasswd/kpasswdd.8
diff -u src/crypto/dist/heimdal/kpasswd/kpasswdd.8:1.8 src/crypto/dist/heimdal/kpasswd/kpasswdd.8:1.9
--- src/crypto/dist/heimdal/kpasswd/kpasswdd.8:1.8 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kpasswd/kpasswdd.8 Wed Oct 14 23:37:33 2009
@@ -1,5 +1,5 @@
.\" $Heimdal: kpasswdd.8 14481 2005-01-05 18:07:44Z lha $
-.\" $NetBSD: kpasswdd.8,v 1.8 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: kpasswdd.8,v 1.9 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd April 19, 1999
.Dt KPASSWDD 8
@@ -36,20 +36,14 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl -addresses= Ns Ar address
-.Xc
+.It Fl -addresses= Ns Ar address
For each till the argument is given, add the address to what kpasswdd
should listen too.
-.It Xo
-.Fl -check-library= Ns Ar library
-.Xc
+.It Fl -check-library= Ns Ar library
If your system has support for dynamic loading of shared libraries,
you can use an external function to check password quality. This
option specifies which library to load.
-.It Xo
-.Fl -check-function= Ns Ar function
-.Xc
+.It Fl -check-function= Ns Ar function
This is the function to call in the loaded library. The function
should look like this:
.Pp
@@ -64,20 +58,11 @@
is the new password. Note that the password (in
.Fa password->data )
is not zero terminated.
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
+.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec
Keytab to get authentication key from.
-.It Xo
-.Fl r Ar realm ,
-.Fl -realm= Ns Ar realm
-.Xc
+.It Fl r Ar realm , Fl -realm= Ns Ar realm
Default realm.
-.It Xo
-.Fl p Ar string ,
-.Fl -port= Ns Ar string
-.Xc
+.It Fl p Ar string , Fl -port= Ns Ar string
Port to listen on (default service kpasswd - 464).
.El
.Sh DIAGNOSTICS
Index: src/crypto/dist/heimdal/kuser/kgetcred.1
diff -u src/crypto/dist/heimdal/kuser/kgetcred.1:1.7 src/crypto/dist/heimdal/kuser/kgetcred.1:1.8
--- src/crypto/dist/heimdal/kuser/kgetcred.1:1.7 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kuser/kgetcred.1 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: kgetcred.1 14090 2004-08-05 18:49:47Z lha $
-.\" $NetBSD: kgetcred.1,v 1.7 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: kgetcred.1,v 1.8 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd March 12, 2004
.Dt KGETCRED 1
@@ -62,30 +62,16 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl -canonicalize
-.Xc
+.It Fl -canonicalize
requests that the KDC canonicalize the principal.
-.It Xo
-.Fl c Ar cache ,
-.Fl -cache= Ns Ar cache
-.Xc
+.It Fl c Ar cache , Fl -cache= Ns Ar cache
the credential cache to use.
-.It Xo
-.Fl e Ar enctype ,
-.Fl -enctype= Ns Ar enctype
-.Xc
+.It Fl e Ar enctype , Fl -enctype= Ns Ar enctype
encryption type to use.
-.It Xo
-.Fl -no-transit-check
-.Xc
+.It Fl -no-transit-check
requests that the KDC doesn't do trasnit checking.
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
+.It Fl -version
+.It Fl -help
.El
.Sh SEE ALSO
.Xr kinit 1 ,
Index: src/crypto/dist/heimdal/kuser/kimpersonate.1
diff -u src/crypto/dist/heimdal/kuser/kimpersonate.1:1.1 src/crypto/dist/heimdal/kuser/kimpersonate.1:1.2
--- src/crypto/dist/heimdal/kuser/kimpersonate.1:1.1 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kuser/kimpersonate.1 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: kimpersonate.1 20259 2007-02-17 23:49:54Z lha $
-.\" $NetBSD: kimpersonate.1,v 1.1 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: kimpersonate.1,v 1.2 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd September 18, 2006
.Dt KERBEROS 1
@@ -41,28 +41,14 @@
impersonate a user when there exist a srvtab, keyfile or KeyFile
.Sh SYNOPSIS
.Nm
-.Oo Fl s Ar string \*(Ba Xo
-.Fl -server= Ns Ar string Oc
-.Xc
-.Oo Fl c Ar string \*(Ba Xo
-.Fl -client= Ns Ar string Oc
-.Xc
-.Oo Fl k Ar string \*(Ba Xo
-.Fl -keytab= Ns Ar string Oc
-.Xc
+.Op Fl s Ar string \*(Ba Fl -server= Ns Ar string
+.Op Fl c Ar string \*(Ba Fl -client= Ns Ar string
+.Op Fl k Ar string \*(Ba Fl -keytab= Ns Ar string
.Op Fl 5 | Fl -krb5
-.Oo Fl e Ar integer \*(Ba Xo
-.Fl -expire-time= Ns Ar integer Oc
-.Xc
-.Oo Fl a Ar string \*(Ba Xo
-.Fl -client-address= Ns Ar string Oc
-.Xc
-.Oo Fl t Ar string \*(Ba Xo
-.Fl -enc-type= Ns Ar string Oc
-.Xc
-.Oo Fl f Ar string \*(Ba Xo
-.Fl -ticket-flags= Ns Ar string Oc
-.Xc
+.Op Fl e Ar integer \*(Ba Fl -expire-time= Ns Ar integer
+.Op Fl a Ar string \*(Ba Fl -client-address= Ns Ar string
+.Op Fl t Ar string \*(Ba Fl -enc-type= Ns Ar string
+.Op Fl f Ar string \*(Ba Fl -ticket-flags= Ns Ar string
.Op Fl -verbose
.Op Fl -version
.Op Fl -help
@@ -74,57 +60,27 @@
(if compiled with support for Kerberos 4) a Kerberos 4 srvtab.
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl s Ar string Ns ,
-.Fl -server= Ns Ar string
-.Xc
+.It Fl s Ar string Ns , Fl -server= Ns Ar string
name of server principal
-.It Xo
-.Fl c Ar string Ns ,
-.Fl -client= Ns Ar string
-.Xc
+.It Fl c Ar string Ns , Fl -client= Ns Ar string
name of client principal
-.It Xo
-.Fl k Ar string Ns ,
-.Fl -keytab= Ns Ar string
-.Xc
+.It Fl k Ar string Ns , Fl -keytab= Ns Ar string
name of keytab file
-.It Xo
-.Fl 5 Ns ,
-.Fl -krb5
-.Xc
+.It Fl 5 Ns , Fl -krb5
create a Kerberos 5 ticket
-.It Xo
-.Fl e Ar integer Ns ,
-.Fl -expire-time= Ns Ar integer
-.Xc
+.It Fl e Ar integer Ns , Fl -expire-time= Ns Ar integer
lifetime of ticket in seconds
-.It Xo
-.Fl a Ar string Ns ,
-.Fl -client-address= Ns Ar string
-.Xc
+.It Fl a Ar string Ns , Fl -client-address= Ns Ar string
address of client
-.It Xo
-.Fl t Ar string Ns ,
-.Fl -enc-type= Ns Ar string
-.Xc
+.It Fl t Ar string Ns , Fl -enc-type= Ns Ar string
encryption type
-.It Xo
-.Fl f Ar string Ns ,
-.Fl -ticket-flags= Ns Ar string
-.Xc
+.It Fl f Ar string Ns , Fl -ticket-flags= Ns Ar string
ticket flags for krb5 ticket
-.It Xo
-.Fl -verbose
-.Xc
+.It Fl -verbose
Verbose output
-.It Xo
-.Fl -version
-.Xc
+.It Fl -version
Print version
-.It Xo
-.Fl -help
-.Xc
+.It Fl -help
.El
.Sh FILES
Uses
Index: src/crypto/dist/heimdal/kuser/kinit.1
diff -u src/crypto/dist/heimdal/kuser/kinit.1:1.10 src/crypto/dist/heimdal/kuser/kinit.1:1.11
--- src/crypto/dist/heimdal/kuser/kinit.1:1.10 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kuser/kinit.1 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: kinit.1 17822 2006-07-10 14:46:58Z lha $
-.\" $NetBSD: kinit.1,v 1.10 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: kinit.1,v 1.11 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd April 25, 2006
.Dt KINIT 1
@@ -106,40 +106,22 @@
.Pp
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cachename
-.Fl -cache= Ns Ar cachename
-.Xc
+.It Fl c Ar cachename , Fl -cache= Ns Ar cachename
The credentials cache to put the acquired ticket in, if other than
default.
-.It Xo
-.Fl f ,
-.Fl -forwardable
-.Xc
+.It Fl f , Fl -forwardable
Get ticket that can be forwarded to another host.
-.It Xo
-.Fl t Ar keytabname ,
-.Fl -keytab= Ns Ar keytabname
-.Xc
+.It Fl t Ar keytabname , Fl -keytab= Ns Ar keytabname
Don't ask for a password, but instead get the key from the specified
keytab.
-.It Xo
-.Fl l Ar time ,
-.Fl -lifetime= Ns Ar time
-.Xc
+.It Fl l Ar time , Fl -lifetime= Ns Ar time
Specifies the lifetime of the ticket.
The argument can either be in seconds, or a more human readable string
like
.Sq 1h .
-.It Xo
-.Fl p ,
-.Fl -proxiable
-.Xc
+.It Fl p , Fl -proxiable
Request tickets with the proxiable flag set.
-.It Xo
-.Fl R ,
-.Fl -renew
-.Xc
+.It Fl R , .Fl -renew
Try to renew ticket.
The ticket must have the
.Sq renewable
@@ -148,46 +130,26 @@
The same as
.Fl -renewable-life ,
with an infinite time.
-.It Xo
-.Fl r Ar time ,
-.Fl -renewable-life= Ns Ar time
-.Xc
+.It Fl r Ar time , Fl -renewable-life= Ns Ar time
The max renewable ticket life.
-.It Xo
-.Fl S Ar principal ,
-.Fl -server= Ns Ar principal
-.Xc
+.It Fl S Ar principal , Fl -server= Ns Ar principal
Get a ticket for a service other than krbtgt/LOCAL.REALM.
-.It Xo
-.Fl s Ar time ,
-.Fl -start-time= Ns Ar time
-.Xc
+.It Fl s Ar time , Fl -start-time= Ns Ar time
Obtain a ticket that starts to be valid
.Ar time
(which can really be a generic time specification, like
.Sq 1h )
seconds into the future.
-.It Xo
-.Fl k ,
-.Fl -use-keytab
-.Xc
+.It Fl k , Fl -use-keytab
The same as
.Fl -keytab ,
but with the default keytab name (normally
.Ar FILE:/etc/krb5.keytab ) .
-.It Xo
-.Fl v ,
-.Fl -validate
-.Xc
+.It Fl v , Fl -validate
Try to validate an invalid ticket.
-.It Xo
-.Fl e ,
-.Fl -enctypes= Ns Ar enctypes
-.Xc
+.It Fl e , Fl -enctypes= Ns Ar enctypes
Request tickets with this particular enctype.
-.It Xo
-.Fl -password-file= Ns Ar filename
-.Xc
+.It Fl -password-file= Ns Ar filename
read the password from the first line of
.Ar filename .
If the
@@ -195,15 +157,10 @@
is
.Ar STDIN ,
the password will be read from the standard input.
-.It Xo
-.Fl -fcache-version= Ns Ar version-number
-.Xc
+.It Fl -fcache-version= Ns Ar version-number
Create a credentials cache of version
.Ar version-number .
-.It Xo
-.Fl a ,
-.Fl -extra-addresses= Ns Ar enctypes
-.Xc
+.It Fl a , Fl -extra-addresses= Ns Ar enctypes
Adds a set of addresses that will, in addition to the systems local
addresses, be put in the ticket.
This can be useful if all addresses a client can use can't be
@@ -213,14 +170,9 @@
.Li libdefaults/extra_addresses
in
.Xr krb5.conf 5 .
-.It Xo
-.Fl A ,
-.Fl -no-addresses
-.Xc
+.It Fl A , Fl -no-addresses
Request a ticket with no addresses.
-.It Xo
-.Fl -anonymous
-.Xc
+.It Fl -anonymous
Request an anonymous ticket (which means that the ticket will be
issued to an anonymous principal, typically
.Dq anonym...@realm ) .
@@ -230,17 +182,11 @@
.Nm
has been compiled with support for Kerberos 4.
.Bl -tag -width Ds
-.It Xo
-.Fl 4 ,
-.Fl -524init
-.Xc
+.It Fl 4 , Fl -524init
Try to convert the obtained Kerberos 5 krbtgt to a version 4
compatible ticket.
It will store this ticket in the default Kerberos 4 ticket file.
-.It Xo
-.Fl 9 ,
-.Fl -524convert
-.Xc
+.It Fl 9 , Fl -524convert
only convert ticket to version 4
.It Fl -afslog
Gets AFS tickets, converts them to version 4 format, and stores them
Index: src/crypto/dist/heimdal/kuser/klist.1
diff -u src/crypto/dist/heimdal/kuser/klist.1:1.10 src/crypto/dist/heimdal/kuser/klist.1:1.11
--- src/crypto/dist/heimdal/kuser/klist.1:1.10 Sat Mar 22 08:37:03 2008
+++ src/crypto/dist/heimdal/kuser/klist.1 Wed Oct 14 23:37:33 2009
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" $Heimdal: klist.1 20458 2007-04-19 20:41:27Z lha $
-.\" $NetBSD: klist.1,v 1.10 2008/03/22 08:37:03 mlelstv Exp $
+.\" $NetBSD: klist.1,v 1.11 2009/10/14 23:37:33 joerg Exp $
.\"
.Dd October 6, 2005
.Dt KLIST 1
@@ -61,27 +61,14 @@
.Pp
Options supported:
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar cache ,
-.Fl -cache= Ns Ar cache
-.Xc
+.It Fl c Ar cache , Fl -cache= Ns Ar cache
credential cache to list
-.It Xo
-.Fl s ,
-.Fl t ,
-.Fl -test
-.Xc
+.It Fl s , Fl t , Fl -test
Test for there being an active and valid TGT for the local realm of
the user in the credential cache.
-.It Xo
-.Fl T ,
-.Fl -tokens
-.Xc
+.It Fl T , Fl -tokens
display AFS tokens
-.It Xo
-.Fl 5 ,
-.Fl -v5
-.Xc
+.It Fl 5 , Fl -v5
display v5 cred cache (this is the default)
.It Fl f
Include ticket flags in short form, each character stands for a
@@ -114,10 +101,7 @@
This information is also output with the
.Fl -verbose
option, but in a more verbose way.
-.It Xo
-.Fl v ,
-.Fl -verbose
-.Xc
+.It Fl v , Fl -verbose
Verbose output. Include all possible information:
.Bl -tag -width XXXX -offset indent
.It Server
@@ -142,10 +126,7 @@
.It Addresses
the set of addresses from which this ticket is valid
.El
-.It Xo
-.Fl l ,
-.Fl -list-caches
-.Xc
+.It Fl l , Fl -list-caches
List the credential caches for the current users, not all cache types
supports listing multiple caches.
.Pp
Index: src/crypto/dist/heimdal/lib/kadm5/iprop-log.8
diff -u src/crypto/dist/heimdal/lib/kadm5/iprop-log.8:1.1 src/crypto/dist/heimdal/lib/kadm5/iprop-log.8:1.2
--- src/crypto/dist/heimdal/lib/kadm5/iprop-log.8:1.1 Sat Mar 22 08:37:12 2008
+++ src/crypto/dist/heimdal/lib/kadm5/iprop-log.8 Wed Oct 14 23:37:34 2009
@@ -1,5 +1,5 @@
.\" $Heimdal: iprop-log.8 21713 2007-07-27 14:38:49Z lha $
-.\" $NetBSD: iprop-log.8,v 1.1 2008/03/22 08:37:12 mlelstv Exp $
+.\" $NetBSD: iprop-log.8,v 1.2 2009/10/14 23:37:34 joerg Exp $
.\"
.\" Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -32,7 +32,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: iprop-log.8,v 1.1 2008/03/22 08:37:12 mlelstv Exp $
+.\" $Id: iprop-log.8,v 1.2 2009/10/14 23:37:34 joerg Exp $
.\"
.Dd February 18, 2007
.Dt IPROP-LOG 8
@@ -84,28 +84,17 @@
.Sh DESCRIPTION
Supported options:
.Bl -tag -width Ds
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl h ,
-.Fl -help
-.Xc
+.It Fl -version
+.It Fl h , Fl -help
.El
.Pp
command can be one of the following:
.Bl -tag -width truncate
.It truncate
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
@@ -114,38 +103,22 @@
file, the log will start over at the first version (0).
.It dump
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
Print out all entires in the log to standard output.
.It replay
.Bl -tag -width Ds
-.It Xo
-.Fl -start-version= Ns Ar version-number
-.Xc
+.It Fl -start-version= Ns Ar version-number
start replay with this version
-.It Xo
-.Fl -end-version= Ns Ar version-number
-.Xc
+.It Fl -end-version= Ns Ar version-number
end replay with this version
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
@@ -153,15 +126,9 @@
specified) in the transaction log to the database.
.It last-version
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar file ,
-.Fl -config-file= Ns Ar file
-.Xc
+.It Fl c Ar file , Fl -config-file= Ns Ar file
configuration file
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
+.It Fl r Ar string , Fl -realm= Ns Ar string
realm
.El
.Pp
Index: src/crypto/dist/heimdal/lib/kadm5/iprop.8
diff -u src/crypto/dist/heimdal/lib/kadm5/iprop.8:1.1 src/crypto/dist/heimdal/lib/kadm5/iprop.8:1.2
--- src/crypto/dist/heimdal/lib/kadm5/iprop.8:1.1 Sat Mar 22 08:37:12 2008
+++ src/crypto/dist/heimdal/lib/kadm5/iprop.8 Wed Oct 14 23:37:34 2009
@@ -1,5 +1,5 @@
.\" $Heimdal: iprop.8 21940 2007-09-28 22:28:09Z lha $
-.\" $NetBSD: iprop.8,v 1.1 2008/03/22 08:37:12 mlelstv Exp $
+.\" $NetBSD: iprop.8,v 1.2 2009/10/14 23:37:34 joerg Exp $
.\"
.\" Copyright (c) 2005 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
@@ -137,78 +137,37 @@
Supported options for
.Nm ipropd-master :
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar string ,
-.Fl -config-file= Ns Ar string
-.Xc
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
+.It Fl c Ar string , Fl -config-file= Ns Ar string
+.It Fl r Ar string , Fl -realm= Ns Ar string
+.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec
keytab to get authentication from
-.It Xo
-.Fl d Ar file ,
-.Fl -database= Ns Ar file
-.Xc
+.It Fl d Ar file , Fl -database= Ns Ar file
Database (default per KDC)
-.It Xo
-.Fl -slave-stats-file= Ns Ar file
-.Xc
+.It Fl -slave-stats-file= Ns Ar file
file for slave status information
-.It Xo
-.Fl -time-missing= Ns Ar time
-.Xc
+.It Fl -time-missing= Ns Ar time
time before slave is polled for presence (default 2 min)
-.It Xo
-.Fl -time-gone= Ns Ar time
-.Xc
+.It Fl -time-gone= Ns Ar time
time of inactivity after which a slave is considered gone (default 5 min)
-.It Xo
-.Fl -detach
-.Xc
+.It Fl -detach
detach from console
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
+.It Fl -version
+.It Fl -help
.El
.Pp
Supported options for
.Nm ipropd-slave :
.Bl -tag -width Ds
-.It Xo
-.Fl c Ar string ,
-.Fl -config-file= Ns Ar string
-.Xc
-.It Xo
-.Fl r Ar string ,
-.Fl -realm= Ns Ar string
-.Xc
-.It Xo
-.Fl k Ar kspec ,
-.Fl -keytab= Ns Ar kspec
-.Xc
+.It Fl c Ar string , Fl -config-file= Ns Ar string
+.It Fl r Ar string , Fl -realm= Ns Ar string
+.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec
keytab to get authentication from
-.It Xo
-.Fl -time-lost= Ns Ar time
-.Xc
+.It Fl -time-lost= Ns Ar time
time before server is considered lost (default 5 min)
-.It Xo
-.Fl -detach
-.Xc
+.It Fl -detach
detach from console
-.It Xo
-.Fl -version
-.Xc
-.It Xo
-.Fl -help
-.Xc
+.It Fl -version
+.It Fl -help
.El
Time arguments for the relevant options above may be specified in forms
like 5 min, 300 s, or simply a number of seconds.
