Module Name: src Committed By: joerg Date: Wed Oct 14 23:37:34 UTC 2009
Modified Files: src/crypto/dist/heimdal/admin: ktutil.8 src/crypto/dist/heimdal/kadmin: kadmin.8 kadmind.8 src/crypto/dist/heimdal/kcm: kcm.8 src/crypto/dist/heimdal/kdc: hprop.8 hpropd.8 kdc.8 kstash.8 string2key.8 src/crypto/dist/heimdal/kpasswd: kpasswdd.8 src/crypto/dist/heimdal/kuser: kgetcred.1 kimpersonate.1 kinit.1 klist.1 src/crypto/dist/heimdal/lib/kadm5: iprop-log.8 iprop.8 Log Message: Do not work around ancient groff limits with .Xo/.Xc. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/heimdal/admin/ktutil.8 cvs rdiff -u -r1.9 -r1.10 src/crypto/dist/heimdal/kadmin/kadmin.8 cvs rdiff -u -r1.10 -r1.11 src/crypto/dist/heimdal/kadmin/kadmind.8 cvs rdiff -u -r1.1 -r1.2 src/crypto/dist/heimdal/kcm/kcm.8 cvs rdiff -u -r1.10 -r1.11 src/crypto/dist/heimdal/kdc/hprop.8 \ src/crypto/dist/heimdal/kdc/hpropd.8 cvs rdiff -u -r1.13 -r1.14 src/crypto/dist/heimdal/kdc/kdc.8 cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/heimdal/kdc/kstash.8 \ src/crypto/dist/heimdal/kdc/string2key.8 cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/heimdal/kpasswd/kpasswdd.8 cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/heimdal/kuser/kgetcred.1 cvs rdiff -u -r1.1 -r1.2 src/crypto/dist/heimdal/kuser/kimpersonate.1 cvs rdiff -u -r1.10 -r1.11 src/crypto/dist/heimdal/kuser/kinit.1 \ src/crypto/dist/heimdal/kuser/klist.1 cvs rdiff -u -r1.1 -r1.2 src/crypto/dist/heimdal/lib/kadm5/iprop-log.8 \ src/crypto/dist/heimdal/lib/kadm5/iprop.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/heimdal/admin/ktutil.8 diff -u src/crypto/dist/heimdal/admin/ktutil.8:1.8 src/crypto/dist/heimdal/admin/ktutil.8:1.9 --- src/crypto/dist/heimdal/admin/ktutil.8:1.8 Sat Mar 22 08:36:49 2008 +++ src/crypto/dist/heimdal/admin/ktutil.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: ktutil.8 14792 2005-04-14 16:43:57Z lha $ -.\" $NetBSD: ktutil.8,v 1.8 2008/03/22 08:36:49 mlelstv Exp $ +.\" $NetBSD: ktutil.8,v 1.9 2009/10/14 23:37:33 joerg Exp $ .\" .Dd April 14, 2005 .Dt KTUTIL 8 @@ -54,72 +54,43 @@ is a program for managing keytabs. Supported options: .Bl -tag -width Ds -.It Xo -.Fl v , -.Fl -verbose -.Xc +.It Fl v , Fl -verbose Verbose output. .El .Pp .Ar command can be one of the following: -.Bl -tag -width srvconvert -.It add Xo -.Op Fl p Ar principal -.Op Fl -principal= Ns Ar principal -.Op Fl V Ar kvno -.Op Fl -kvno= Ns Ar kvno -.Op Fl e Ar enctype -.Op Fl -enctype= Ns Ar enctype -.Op Fl w Ar password -.Op Fl -password= Ns Ar password -.Op Fl r -.Op Fl -random -.Op Fl s -.Op Fl -no-salt -.Op Fl H -.Op Fl -hex -.Xc +.Bl -tag -width srvconvert -width srvconvert +.It add Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \ +Oo Fl V Ar kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e Ar enctype Oc \ +Oo Fl -enctype= Ns Ar enctype Oc Oo Fl w Ar password Oc \ +Oo Fl -password= Ns Ar password Oc Oo Fl r Oc Oo Fl -random Oc \ +Oo Fl s Oc Oo Fl -no-salt Oc Oo Fl H Oc Op Fl -hex Adds a key to the keytab. Options that are not specified will be prompted for. This requires that you know the password or the hex key of the principal to add; if what you really want is to add a new principal to the keytab, you should consider the .Ar get command, which talks to the kadmin server. -.It change Xo -.Op Fl r Ar realm -.Op Fl -realm= Ns Ar realm -.Op Fl -a Ar host -.Op Fl -admin-server= Ns Ar host -.Op Fl -s Ar port -.Op Fl -server-port= Ns Ar port -.Xc +.It change Oo Fl r Ar realm Oc Oo Fl -realm= Ns Ar realm Oc \ +Oo Fl -a Ar host Oc Oo Fl -admin-server= Ns Ar host Oc \ +Oo Fl -s Ar port Oc Op Fl -server-port= Ns Ar port Update one or several keys to new versions. By default, use the admin server for the realm of a keytab entry. Otherwise it will use the values specified by the options. .Pp If no principals are given, all the ones in the keytab are updated. -.It copy Xo -.Ar keytab-src -.Ar keytab-dest -.Xc +.It copy Ar keytab-src Ar keytab-dest Copies all the entries from .Ar keytab-src to .Ar keytab-dest . -.It get Xo -.Op Fl p Ar admin principal -.Op Fl -principal= Ns Ar admin principal -.Op Fl e Ar enctype -.Op Fl -enctypes= Ns Ar enctype -.Op Fl r Ar realm -.Op Fl -realm= Ns Ar realm -.Op Fl a Ar admin server -.Op Fl -admin-server= Ns Ar admin server -.Op Fl s Ar server port -.Op Fl -server-port= Ns Ar server port -.Ar principal ... -.Xc +.It get Oo Fl p Ar admin principal Oc \ +Oo Fl -principal= Ns Ar admin principal Oc Oo Fl e Ar enctype Oc \ +Oo Fl -enctypes= Ns Ar enctype Oc Oo Fl r Ar realm Oc \ +Oo Fl -realm= Ns Ar realm Oc Oo Fl a Ar admin server Oc \ +Oo Fl -admin-server= Ns Ar admin server Oc Oo Fl s Ar server port Oc \ +Oo Fl -server-port= Ns Ar server port Oc Ar principal ... For each .Ar principal , generate a new key for it (creating it if it doesn't already exist), @@ -129,44 +100,28 @@ .Ar realm is specified, the realm to operate on is taken from the first principal. -.It list Xo -.Op Fl -keys -.Op Fl -timestamp -.Xc +.It list Oo Fl -keys Oc Op Fl -timestamp List the keys stored in the keytab. -.It remove Xo -.Op Fl p Ar principal -.Op Fl -principal= Ns Ar principal -.Op Fl V kvno -.Op Fl -kvno= Ns Ar kvno -.Op Fl e enctype -.Op Fl -enctype= Ns Ar enctype -.Xc +.It remove Oo Fl p Ar principal Oc Oo Fl -principal= Ns Ar principal Oc \ +Oo Fl V kvno Oc Oo Fl -kvno= Ns Ar kvno Oc Oo Fl e enctype Oc \ +Oo Fl -enctype= Ns Ar enctype Oc Removes the specified key or keys. Not specifying a .Ar kvno removes keys with any version number. Not specifying an .Ar enctype removes keys of any type. -.It rename Xo -.Ar from-principal -.Ar to-principal -.Xc +.It rename Ar from-principal Ar to-principal Renames all entries in the keytab that match the .Ar from-principal to .Ar to-principal . -.It purge Xo -.Op Fl -age= Ns Ar age -.Xc +.It purge Op Fl -age= Ns Ar age Removes all old versions of a key for which there is a newer version that is at least .Ar age (default one week) old. .It srvconvert -.It srv2keytab Xo -.Op Fl s Ar srvtab -.Op Fl -srvtab= Ns Ar srvtab -.Xc +.It srv2keytab Oo Fl s Ar srvtab Oc Op Fl -srvtab= Ns Ar srvtab Converts the version 4 srvtab in .Ar srvtab to a version 5 keytab and stores it in @@ -178,10 +133,7 @@ .Ar keytab .Ed .It srvcreate -.It key2srvtab Xo -.Op Fl s Ar srvtab -.Op Fl -srvtab= Ns Ar srvtab -.Xc +.It key2srvtab Oo Fl s Ar srvtab Oc Op Fl -srvtab= Ns Ar srvtab Converts the version 5 keytab in .Ar keytab to a version 4 srvtab and stores it in Index: src/crypto/dist/heimdal/kadmin/kadmin.8 diff -u src/crypto/dist/heimdal/kadmin/kadmin.8:1.9 src/crypto/dist/heimdal/kadmin/kadmin.8:1.10 --- src/crypto/dist/heimdal/kadmin/kadmin.8:1.9 Sat Mar 22 08:37:02 2008 +++ src/crypto/dist/heimdal/kadmin/kadmin.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: kadmin.8 21739 2007-07-31 15:55:32Z lha $ -.\" $NetBSD: kadmin.8,v 1.9 2008/03/22 08:37:02 mlelstv Exp $ +.\" $NetBSD: kadmin.8,v 1.10 2009/10/14 23:37:33 joerg Exp $ .\" .Dd Feb 22, 2007 .Dt KADMIN 8 @@ -41,34 +41,13 @@ .Sh SYNOPSIS .Nm .Bk -words -.Oo Fl p Ar string \*(Ba Xo -.Fl -principal= Ns Ar string -.Xc -.Oc -.Oo Fl K Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string -.Xc -.Oc -.Oo Fl c Ar file \*(Ba Xo -.Fl -config-file= Ns Ar file -.Xc -.Oc -.Oo Fl k Ar file \*(Ba Xo -.Fl -key-file= Ns Ar file -.Xc -.Oc -.Oo Fl r Ar realm \*(Ba Xo -.Fl -realm= Ns Ar realm -.Xc -.Oc -.Oo Fl a Ar host \*(Ba Xo -.Fl -admin-server= Ns Ar host -.Xc -.Oc -.Oo Fl s Ar port number \*(Ba Xo -.Fl -server-port= Ns Ar port number -.Xc -.Oc +.Op Fl p Ar string \*(Ba Fl -principal= Ns Ar string +.Op Fl K Ar string \*(Ba Fl -keytab= Ns Ar string +.Op Fl c Ar file \*(Ba Fl -config-file= Ns Ar file +.Op Fl k Ar file \*(Ba Fl -key-file= Ns Ar file +.Op Fl r Ar realm \*(Ba Fl -realm= Ns Ar realm +.Op Fl a Ar host \*(Ba Fl -admin-server= Ns Ar host +.Op Fl s Ar port number \*(Ba Fl -server-port= Ns Ar port number .Op Fl l | Fl -local .Op Fl h | Fl -help .Op Fl v | Fl -version @@ -85,45 +64,21 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl p Ar string , -.Fl -principal= Ns Ar string -.Xc +.It Fl p Ar string , Fl -principal= Ns Ar string principal to authenticate as -.It Xo -.Fl K Ar string , -.Fl -keytab= Ns Ar string -.Xc +.It Fl K Ar string , Fl -keytab= Ns Ar string keytab for authentication principal -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file location of config file -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl -key-file= Ns Ar file location of master key file -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl -realm= Ns Ar realm realm to use -.It Xo -.Fl a Ar host , -.Fl -admin-server= Ns Ar host -.Xc +.It Fl a Ar host , Fl -admin-server= Ns Ar host server to contact -.It Xo -.Fl s Ar port number , -.Fl -server-port= Ns Ar port number -.Xc +.It Fl s Ar port number , Fl -server-port= Ns Ar port number port to use -.It Xo -.Fl l , -.Fl -local -.Xc +.It Fl l , Fl -local local admin mode .El .Pp @@ -145,14 +100,12 @@ Commands include: .\" not using a list here, since groff apparently gets confused .\" with nested Xo/Xc -.Bd -ragged -offset indent +.Bl -item -offset indent +.It .Nm add .Op Fl r | Fl -random-key .Op Fl -random-password -.Oo Fl p Ar string \*(Ba Xo -.Fl -password= Ns Ar string -.Xc -.Oc +.Op Fl p Ar string \*(Ba Fl -password= Ns Ar string .Op Fl -key= Ns Ar string .Op Fl -max-ticket-life= Ns Ar lifetime .Op Fl -max-renewable-life= Ns Ar lifetime @@ -165,7 +118,7 @@ Adds a new principal to the database. The options not passed on the command line will be promped for. .Ed -.Pp +.It .Nm add_enctype .Op Fl r | Fl -random-key .Ar principal enctypes... @@ -174,14 +127,14 @@ Adds a new encryption type to the principal, only random key are supported. .Ed -.Pp +.It .Nm delete .Ar principal... .Pp .Bd -ragged -offset indent Removes a principal. .Ed -.Pp +.It .Nm del_enctype .Ar principal enctypes... .Pp @@ -190,7 +143,7 @@ service belonging to the principal is known to not handle certain enctypes. .Ed -.Pp +.It .Nm ext_keytab .Oo Fl k Ar string \*(Ba Xo .Fl -keytab= Ns Ar string @@ -201,7 +154,7 @@ .Bd -ragged -offset indent Creates a keytab with the keys of the specified principals. .Ed -.Pp +.It .Nm get .Op Fl l | Fl -long .Op Fl s | Fl -short @@ -243,7 +196,7 @@ and .Li keytypes . .Ed -.Pp +.It .Nm modify .Oo Fl a Ar attributes \*(Ba Xo .Fl -attributes= Ns Ar attributes @@ -281,7 +234,7 @@ .Pp kadmin -l modify -a -disallow-proxiable user .Ed -.Pp +.It .Nm passwd .Op Fl r | Fl -random-key .Op Fl -random-password @@ -295,7 +248,7 @@ .Bd -ragged -offset indent Changes the password of an existing principal. .Ed -.Pp +.It .Nm password-quality .Ar principal .Ar password @@ -307,7 +260,7 @@ The verification is done locally, if kadmin is run in remote mode, no rpc call is done to the server. .Ed -.Pp +.It .Nm privileges .Pp .Bd -ragged -offset indent @@ -322,7 +275,7 @@ and .Li modify . .Ed -.Pp +.It .Nm rename .Ar from to .Pp @@ -332,7 +285,7 @@ and clients which are unable to cope with this will fail. Kerberos 4 suffers from this. .Ed -.Pp +.It .Nm check .Op Ar realm .Pp @@ -340,11 +293,11 @@ Check database for strange configurations on important principals. If no realm is given, the default realm is used. .Ed -.Pp -.Ed +.El .Pp When running in local mode, the following commands can also be used: -.Bd -ragged -offset indent +.Bl -item -offset indent +.It .Nm dump .Op Fl d | Fl -decrypt .Op Ar dump-file @@ -357,7 +310,7 @@ .Fl -decrypt is used. .Ed -.Pp +.It .Nm init .Op Fl -realm-max-ticket-life= Ns Ar string .Op Fl -realm-max-renewable-life= Ns Ar string @@ -367,7 +320,7 @@ Initializes the Kerberos database with entries for a new realm. It's possible to have more than one realm served by one server. .Ed -.Pp +.It .Nm load .Ar file .Pp @@ -375,7 +328,7 @@ Reads a previously dumped database, and re-creates that database from scratch. .Ed -.Pp +.It .Nm merge .Ar file .Pp @@ -384,7 +337,7 @@ .Nm load but just modifies the database with the entries in the dump file. .Ed -.Pp +.It .Nm stash .Oo Fl e Ar enctype \*(Ba Xo .Fl -enctype= Ns Ar enctype @@ -401,7 +354,7 @@ Writes the Kerberos master key to a file used by the KDC. .Ed .Pp -.Ed +.El .\".Sh ENVIRONMENT .\".Sh FILES .\".Sh EXAMPLES Index: src/crypto/dist/heimdal/kadmin/kadmind.8 diff -u src/crypto/dist/heimdal/kadmin/kadmind.8:1.10 src/crypto/dist/heimdal/kadmin/kadmind.8:1.11 --- src/crypto/dist/heimdal/kadmin/kadmind.8:1.10 Sat Mar 22 08:37:02 2008 +++ src/crypto/dist/heimdal/kadmin/kadmind.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: kadmind.8 14370 2004-12-08 17:20:21Z lha $ -.\" $NetBSD: kadmind.8,v 1.10 2008/03/22 08:37:02 mlelstv Exp $ +.\" $NetBSD: kadmind.8,v 1.11 2009/10/14 23:37:33 joerg Exp $ .\" .Dd December 8, 2004 .Dt KADMIND 8 @@ -119,34 +119,17 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file location of config file -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl -key-file= Ns Ar file location of master key file -.It Xo -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl -keytab= Ns Ar keytab what keytab to use -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl -realm= Ns Ar realm realm to use -.It Xo -.Fl d , -.Fl -debug -.Xc +.It Fl d , Fl -debug enable debugging -.It Xo -.Fl p Ar port , -.Fl -ports= Ns Ar port -.Xc +.It Fl p Ar port , Fl -ports= Ns Ar port ports to listen to. By default, if run as a daemon, it listens to port 749, but you can add any number of ports with this option. The port string is a whitespace separated list of port specifications, with the Index: src/crypto/dist/heimdal/kcm/kcm.8 diff -u src/crypto/dist/heimdal/kcm/kcm.8:1.1 src/crypto/dist/heimdal/kcm/kcm.8:1.2 --- src/crypto/dist/heimdal/kcm/kcm.8:1.1 Sat Mar 22 09:29:56 2008 +++ src/crypto/dist/heimdal/kcm/kcm.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: kcm.8 15497 2005-06-20 13:32:44Z lha $ -.\" $NetBSD: kcm.8,v 1.1 2008/03/22 09:29:56 mlelstv Exp $ +.\" $NetBSD: kcm.8,v 1.2 2009/10/14 23:37:33 joerg Exp $ .\" .Dd May 29, 2005 .Dt KCM 8 @@ -128,91 +128,42 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -cache-name= Ns Ar cachename -.Xc +.It Fl -cache-name= Ns Ar cachename system cache name -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file location of config file -.It Xo -.Fl g Ar group , -.Fl -group= Ns Ar group -.Xc +.It Fl g Ar group , Fl -group= Ns Ar group system cache group -.It Xo -.Fl -max-request= Ns Ar size -.Xc +.It Fl -max-request= Ns Ar size max size for a kcm-request -.It Xo -.Fl -disallow-getting-krbtgt -.Xc +.It Fl -disallow-getting-krbtgt disallow extracting any krbtgt from the .Nm kcm daemon. -.It Xo -.Fl -detach -.Xc +.It Fl -detach detach from console -.It Xo -.Fl h , -.Fl -help -.Xc -.It Xo -.Fl k Ar principal , -.Fl -system-principal= Ns Ar principal -.Xc +.It Fl h , Fl -help +.It Fl k Ar principal , Fl -system-principal= Ns Ar principal system principal name -.It Xo -.Fl l Ar time , -.Fl -lifetime= Ns Ar time -.Xc +.It Fl l Ar time , Fl -lifetime= Ns Ar time lifetime of system tickets -.It Xo -.Fl m Ar mode , -.Fl -mode= Ns Ar mode -.Xc +.It Fl m Ar mode , Fl -mode= Ns Ar mode octal mode of system cache -.It Xo -.Fl n , -.Fl -no-name-constraints -.Xc +.It Fl n , Fl -no-name-constraints disable credentials cache name constraints -.It Xo -.Fl r Ar time , -.Fl -renewable-life= Ns Ar time -.Xc +.It Fl r Ar time , Fl -renewable-life= Ns Ar time renewable lifetime of system tickets -.It Xo -.Fl s Ar path , -.Fl -socket-path= Ns Ar path -.Xc +.It Fl s Ar path , Fl -socket-path= Ns Ar path path to kcm domain socket -.It Xo -.Fl -door-path= Ns Ar path -.Xc +.It Fl -door-path= Ns Ar path path to kcm door socket -.It Xo -.Fl S Ar principal , -.Fl -server= Ns Ar principal -.Xc +.It Fl S Ar principal , Fl -server= Ns Ar principal server to get system ticket for -.It Xo -.Fl t Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl t Ar keytab , Fl -keytab= Ns Ar keytab system keytab name -.It Xo -.Fl u Ar user , -.Fl -user= Ns Ar user -.Xc +.It Fl u Ar user , Fl -user= Ns Ar user system cache owner -.It Xo -.Fl v , -.Fl -version -.Xc +.It Fl v , Fl -version .El .\".Sh ENVIRONMENT .\".Sh FILES Index: src/crypto/dist/heimdal/kdc/hprop.8 diff -u src/crypto/dist/heimdal/kdc/hprop.8:1.10 src/crypto/dist/heimdal/kdc/hprop.8:1.11 --- src/crypto/dist/heimdal/kdc/hprop.8:1.10 Fri Nov 7 16:51:27 2008 +++ src/crypto/dist/heimdal/kdc/hprop.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: hprop.8 20456 2007-04-19 20:29:42Z lha $ -.\" $NetBSD: hprop.8,v 1.10 2008/11/07 16:51:27 wiz Exp $ +.\" $NetBSD: hprop.8,v 1.11 2009/10/14 23:37:33 joerg Exp $ .\" .Dd December 8, 2004 .Dt HPROP 8 @@ -91,19 +91,11 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl m Ar file , -.Fl -master-key= Ns Pa file -.Xc +.It Fl m Ar file , Fl -master-key= Ns Pa file Where to find the master key to encrypt or decrypt keys with. -.It Xo -.Fl d Ar file , -.Fl -database= Ns Pa file -.Xc +.It Fl d Ar file , Fl -database= Ns Pa file The database to be propagated. -.It Xo -.Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver -.Xc +.It Fl -source= Ns Ar heimdal|mit-dump|krb4-dump|kaserver Specifies the type of the source database. Alternatives include: .Pp .Bl -tag -width krb4-dump -compact -offset indent @@ -116,36 +108,21 @@ .It kaserver an AFS kaserver database .El -.It Xo -.Fl k Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab The keytab to use for fetching the key to be used for authenticating to the propagation daemon(s). The key .Pa kadmin/hprop is used from this keytab. The default is to fetch the key from the KDC database. -.It Xo -.Fl R Ar string , -.Fl -v5-realm= Ns Ar string -.Xc +.It Fl R Ar string , Fl -v5-realm= Ns Ar string Local realm override. -.It Xo -.Fl D , -.Fl -decrypt -.Xc +.It Fl D , Fl -decrypt The encryption keys in the database can either be in clear, or encrypted with a master key. This option transmits the database with unencrypted keys. -.It Xo -.Fl E , -.Fl -encrypt -.Xc +.It Fl E , Fl -encrypt This option transmits the database with encrypted keys. -.It Xo -.Fl n , -.Fl -stdout -.Xc +.It Fl n , Fl -stdout Dump the database on stdout, in a format that can be fed to hpropd. .El .Pp @@ -153,32 +130,20 @@ .Nm hprop is compiled with support for Kerberos 4 (kaserver). .Bl -tag -width Ds -.It Xo -.Fl r Ar string , -.Fl -v4-realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -v4-realm= Ns Ar string v4 realm to use. -.It Xo -.Fl c Ar cell , -.Fl -cell= Ns Ar cell -.Xc +.It Fl c Ar cell , Fl -cell= Ns Ar cell The AFS cell name, used if reading a kaserver database. -.It Xo -.Fl S , -.Fl -kaspecials -.Xc +.It Fl S , Fl -kaspecials Also dump the principals marked as special in the kaserver database. -.It Xo -.Fl K , -.Fl -ka-db -.Xc +.It Fl K , Fl -ka-db Deprecated, identical to .Sq --source=kaserver . .El .Sh EXAMPLES The following will propagate a database to another machine (which should run -.Xr hpropd 8 ): +.Xr hpropd 8 ) : .Bd -literal -offset indent $ hprop slave-1 slave-2 .Ed Index: src/crypto/dist/heimdal/kdc/hpropd.8 diff -u src/crypto/dist/heimdal/kdc/hpropd.8:1.10 src/crypto/dist/heimdal/kdc/hpropd.8:1.11 --- src/crypto/dist/heimdal/kdc/hpropd.8:1.10 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kdc/hpropd.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: hpropd.8 14381 2004-12-10 09:44:05Z lha $ -.\" $NetBSD: hpropd.8,v 1.10 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: hpropd.8,v 1.11 2009/10/14 23:37:33 joerg Exp $ .\" .Dd August 27, 1997 .Dt HPROPD 8 @@ -74,34 +74,17 @@ .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl d Ar file , -.Fl -database= Ns Ar file -.Xc +.It Fl d Ar file , Fl -database= Ns Ar file database -.It Xo -.Fl n , -.Fl -stdin -.Xc +.It Fl n , Fl -stdin read from stdin -.It Xo -.Fl -print -.Xc +.It Fl -print print dump to stdout -.It Xo -.Fl i , -.Fl -no-inetd -.Xc +.It Fl i , Fl -no-inetd not started from inetd -.It Xo -.Fl k Ar keytab , -.Fl -keytab= Ns Ar keytab -.Xc +.It Fl k Ar keytab , Fl -keytab= Ns Ar keytab keytab to use for authentication -.It Xo -.Fl 4 , -.Fl -v4dump -.Xc +.It Fl 4 , Fl -v4dump create v4 type DB .El .Sh SEE ALSO Index: src/crypto/dist/heimdal/kdc/kdc.8 diff -u src/crypto/dist/heimdal/kdc/kdc.8:1.13 src/crypto/dist/heimdal/kdc/kdc.8:1.14 --- src/crypto/dist/heimdal/kdc/kdc.8:1.13 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kdc/kdc.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: kdc.8 18419 2006-10-12 10:05:57Z lha $ -.\" $NetBSD: kdc.8,v 1.13 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: kdc.8,v 1.14 2009/10/14 23:37:33 joerg Exp $ .\" .Dd August 24, 2006 .Dt KDC 8 @@ -73,17 +73,11 @@ .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file Specifies the location of the config file, the default is .Pa /var/heimdal/kdc.conf . This is the only value that can't be specified in the config file. -.It Xo -.Fl p , -.Fl -no-require-preauth -.Xc +.It Fl p , Fl -no-require-preauth Turn off the requirement for pre-autentication in the initial AS-REQ for all principals. The use of pre-authentication makes it more difficult to do offline @@ -96,34 +90,20 @@ The default is to require pre-authentication. Adding the require-preauth per principal is a more flexible way of handling this. -.It Xo -.Fl -max-request= Ns Ar size -.Xc +.It Fl -max-request= Ns Ar size Gives an upper limit on the size of the requests that the kdc is willing to handle. -.It Xo -.Fl H , -.Fl -enable-http -.Xc +.It Fl H , Fl -enable-http Makes the kdc listen on port 80 and handle requests encapsulated in HTTP. -.It Xo -.Fl -no-524 -.Xc +.It Fl -no-524 don't respond to 524 requests -.It Xo -.Fl -kerberos4 -.Xc +.It Fl -kerberos4 respond to Kerberos 4 requests -.It Xo -.Fl -kerberos4-cross-realm -.Xc +.It Fl -kerberos4-cross-realm respond to Kerberos 4 requests from foreign realms. This is a known security hole and should not be enabled unless you understand the consequences and are willing to live with them. -.It Xo -.Fl r Ar string , -.Fl -v4-realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -v4-realm= Ns Ar string What realm this server should act as when dealing with version 4 requests. The database can contain any number of realms, but since the version 4 @@ -133,15 +113,9 @@ .Fn krb_get_lrealm . This option is only availabe if the KDC has been compiled with version 4 support. -.It Xo -.Fl K , -.Fl -kaserver -.Xc +.It Fl K , Fl -kaserver Enable kaserver emulation (in case it's compiled in). -.It Xo -.Fl P Ar portspec , -.Fl -ports= Ns Ar portspec -.Xc +.It Fl P Ar portspec , Fl -ports= Ns Ar portspec Specifies the set of ports the KDC should listen on. It is given as a white-space separated list of services or port numbers. @@ -199,11 +173,8 @@ .It Li max-kdc-datagram-reply-length = Va number Maximum packet size the UDP rely that the KDC will transmit, instead the KDC sends back a reply telling the client to use TCP instead. -.It Li transited-policy = Xo -.Li always-check \*(Ba -.Li allow-per-principal | -.Li always-honour-request -.Xc +.It Li transited-policy = Li always-check \*(Ba \ +Li allow-per-principal | Li always-honour-request This controls how KDC requests with the .Li disable-transited-check flag are handled. It can be one of: Index: src/crypto/dist/heimdal/kdc/kstash.8 diff -u src/crypto/dist/heimdal/kdc/kstash.8:1.7 src/crypto/dist/heimdal/kdc/kstash.8:1.8 --- src/crypto/dist/heimdal/kdc/kstash.8:1.7 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kdc/kstash.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: kstash.8 20316 2007-04-11 11:53:20Z lha $ -.\" $NetBSD: kstash.8,v 1.7 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: kstash.8,v 1.8 2009/10/14 23:37:33 joerg Exp $ .\" .Dd April 10, 2007 .Dt KSTASH 8 @@ -63,28 +63,16 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl e Ar string , -.Fl -enctype= Ns Ar string -.Xc +.It Fl e Ar string , Fl -enctype= Ns Ar string the encryption type to use, defaults to DES3-CBC-SHA1. -.It Xo -.Fl k Ar file , -.Fl -key-file= Ns Ar file -.Xc +.It Fl k Ar file , Fl -key-file= Ns Ar file the name of the master key file. -.It Xo -.Fl -convert-file -.Xc +.It Fl -convert-file don't ask for a new master key, just read an old master key file, and write it back in the new keyfile format. -.It Xo -.Fl -random-key -.Xc +.It Fl -random-key generate a random master key. -.It Xo -.Fl -master-key-fd= Ns Ar fd -.Xc +.It Fl -master-key-fd= Ns Ar fd filedescriptor to read passphrase from, if not specified the passphrase will be read from the terminal. .El Index: src/crypto/dist/heimdal/kdc/string2key.8 diff -u src/crypto/dist/heimdal/kdc/string2key.8:1.7 src/crypto/dist/heimdal/kdc/string2key.8:1.8 --- src/crypto/dist/heimdal/kdc/string2key.8:1.7 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kdc/string2key.8 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: string2key.8 11648 2003-02-16 21:10:32Z lha $ -.\" $NetBSD: string2key.8,v 1.7 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: string2key.8,v 1.8 2009/10/14 23:37:33 joerg Exp $ .\" .Dd March 4, 2000 .Dt STRING2KEY 8 @@ -66,46 +66,21 @@ This is useful when you want to handle the raw key instead of the password. Supported options: .Bl -tag -width Ds -.It Xo -.Fl 5 , -.Fl -version5 -.Xc +.It Fl 5 , Fl -version5 Output Kerberos v5 string-to-key -.It Xo -.Fl 4 , -.Fl -version4 -.Xc +.It Fl 4 , Fl -version4 Output Kerberos v4 string-to-key -.It Xo -.Fl a , -.Fl -afs -.Xc +.It Fl a , Fl -afs Output AFS string-to-key -.It Xo -.Fl c Ar cell , -.Fl -cell= Ns Ar cell -.Xc +.It Fl c Ar cell , Fl -cell= Ns Ar cell AFS cell to use -.It Xo -.Fl w Ar password , -.Fl -password= Ns Ar password -.Xc +.It Fl w Ar password , Fl -password= Ns Ar password Password to use -.It Xo -.Fl p Ar principal , -.Fl -principal= Ns Ar principal -.Xc +.It Fl p Ar principal , Fl -principal= Ns Ar principal Kerberos v5 principal to use -.It Xo -.Fl k Ar string , -.Fl -keytype= Ns Ar string -.Xc +.It Fl k Ar string , Fl -keytype= Ns Ar string Keytype -.It Xo -.Fl -version -.Xc +.It Fl -version print version -.It Xo -.Fl -help -.Xc +.It Fl -help .El Index: src/crypto/dist/heimdal/kpasswd/kpasswdd.8 diff -u src/crypto/dist/heimdal/kpasswd/kpasswdd.8:1.8 src/crypto/dist/heimdal/kpasswd/kpasswdd.8:1.9 --- src/crypto/dist/heimdal/kpasswd/kpasswdd.8:1.8 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kpasswd/kpasswdd.8 Wed Oct 14 23:37:33 2009 @@ -1,5 +1,5 @@ .\" $Heimdal: kpasswdd.8 14481 2005-01-05 18:07:44Z lha $ -.\" $NetBSD: kpasswdd.8,v 1.8 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: kpasswdd.8,v 1.9 2009/10/14 23:37:33 joerg Exp $ .\" .Dd April 19, 1999 .Dt KPASSWDD 8 @@ -36,20 +36,14 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -addresses= Ns Ar address -.Xc +.It Fl -addresses= Ns Ar address For each till the argument is given, add the address to what kpasswdd should listen too. -.It Xo -.Fl -check-library= Ns Ar library -.Xc +.It Fl -check-library= Ns Ar library If your system has support for dynamic loading of shared libraries, you can use an external function to check password quality. This option specifies which library to load. -.It Xo -.Fl -check-function= Ns Ar function -.Xc +.It Fl -check-function= Ns Ar function This is the function to call in the loaded library. The function should look like this: .Pp @@ -64,20 +58,11 @@ is the new password. Note that the password (in .Fa password->data ) is not zero terminated. -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec Keytab to get authentication key from. -.It Xo -.Fl r Ar realm , -.Fl -realm= Ns Ar realm -.Xc +.It Fl r Ar realm , Fl -realm= Ns Ar realm Default realm. -.It Xo -.Fl p Ar string , -.Fl -port= Ns Ar string -.Xc +.It Fl p Ar string , Fl -port= Ns Ar string Port to listen on (default service kpasswd - 464). .El .Sh DIAGNOSTICS Index: src/crypto/dist/heimdal/kuser/kgetcred.1 diff -u src/crypto/dist/heimdal/kuser/kgetcred.1:1.7 src/crypto/dist/heimdal/kuser/kgetcred.1:1.8 --- src/crypto/dist/heimdal/kuser/kgetcred.1:1.7 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kuser/kgetcred.1 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: kgetcred.1 14090 2004-08-05 18:49:47Z lha $ -.\" $NetBSD: kgetcred.1,v 1.7 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: kgetcred.1,v 1.8 2009/10/14 23:37:33 joerg Exp $ .\" .Dd March 12, 2004 .Dt KGETCRED 1 @@ -62,30 +62,16 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl -canonicalize -.Xc +.It Fl -canonicalize requests that the KDC canonicalize the principal. -.It Xo -.Fl c Ar cache , -.Fl -cache= Ns Ar cache -.Xc +.It Fl c Ar cache , Fl -cache= Ns Ar cache the credential cache to use. -.It Xo -.Fl e Ar enctype , -.Fl -enctype= Ns Ar enctype -.Xc +.It Fl e Ar enctype , Fl -enctype= Ns Ar enctype encryption type to use. -.It Xo -.Fl -no-transit-check -.Xc +.It Fl -no-transit-check requests that the KDC doesn't do trasnit checking. -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl -version +.It Fl -help .El .Sh SEE ALSO .Xr kinit 1 , Index: src/crypto/dist/heimdal/kuser/kimpersonate.1 diff -u src/crypto/dist/heimdal/kuser/kimpersonate.1:1.1 src/crypto/dist/heimdal/kuser/kimpersonate.1:1.2 --- src/crypto/dist/heimdal/kuser/kimpersonate.1:1.1 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kuser/kimpersonate.1 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: kimpersonate.1 20259 2007-02-17 23:49:54Z lha $ -.\" $NetBSD: kimpersonate.1,v 1.1 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: kimpersonate.1,v 1.2 2009/10/14 23:37:33 joerg Exp $ .\" .Dd September 18, 2006 .Dt KERBEROS 1 @@ -41,28 +41,14 @@ impersonate a user when there exist a srvtab, keyfile or KeyFile .Sh SYNOPSIS .Nm -.Oo Fl s Ar string \*(Ba Xo -.Fl -server= Ns Ar string Oc -.Xc -.Oo Fl c Ar string \*(Ba Xo -.Fl -client= Ns Ar string Oc -.Xc -.Oo Fl k Ar string \*(Ba Xo -.Fl -keytab= Ns Ar string Oc -.Xc +.Op Fl s Ar string \*(Ba Fl -server= Ns Ar string +.Op Fl c Ar string \*(Ba Fl -client= Ns Ar string +.Op Fl k Ar string \*(Ba Fl -keytab= Ns Ar string .Op Fl 5 | Fl -krb5 -.Oo Fl e Ar integer \*(Ba Xo -.Fl -expire-time= Ns Ar integer Oc -.Xc -.Oo Fl a Ar string \*(Ba Xo -.Fl -client-address= Ns Ar string Oc -.Xc -.Oo Fl t Ar string \*(Ba Xo -.Fl -enc-type= Ns Ar string Oc -.Xc -.Oo Fl f Ar string \*(Ba Xo -.Fl -ticket-flags= Ns Ar string Oc -.Xc +.Op Fl e Ar integer \*(Ba Fl -expire-time= Ns Ar integer +.Op Fl a Ar string \*(Ba Fl -client-address= Ns Ar string +.Op Fl t Ar string \*(Ba Fl -enc-type= Ns Ar string +.Op Fl f Ar string \*(Ba Fl -ticket-flags= Ns Ar string .Op Fl -verbose .Op Fl -version .Op Fl -help @@ -74,57 +60,27 @@ (if compiled with support for Kerberos 4) a Kerberos 4 srvtab. Supported options: .Bl -tag -width Ds -.It Xo -.Fl s Ar string Ns , -.Fl -server= Ns Ar string -.Xc +.It Fl s Ar string Ns , Fl -server= Ns Ar string name of server principal -.It Xo -.Fl c Ar string Ns , -.Fl -client= Ns Ar string -.Xc +.It Fl c Ar string Ns , Fl -client= Ns Ar string name of client principal -.It Xo -.Fl k Ar string Ns , -.Fl -keytab= Ns Ar string -.Xc +.It Fl k Ar string Ns , Fl -keytab= Ns Ar string name of keytab file -.It Xo -.Fl 5 Ns , -.Fl -krb5 -.Xc +.It Fl 5 Ns , Fl -krb5 create a Kerberos 5 ticket -.It Xo -.Fl e Ar integer Ns , -.Fl -expire-time= Ns Ar integer -.Xc +.It Fl e Ar integer Ns , Fl -expire-time= Ns Ar integer lifetime of ticket in seconds -.It Xo -.Fl a Ar string Ns , -.Fl -client-address= Ns Ar string -.Xc +.It Fl a Ar string Ns , Fl -client-address= Ns Ar string address of client -.It Xo -.Fl t Ar string Ns , -.Fl -enc-type= Ns Ar string -.Xc +.It Fl t Ar string Ns , Fl -enc-type= Ns Ar string encryption type -.It Xo -.Fl f Ar string Ns , -.Fl -ticket-flags= Ns Ar string -.Xc +.It Fl f Ar string Ns , Fl -ticket-flags= Ns Ar string ticket flags for krb5 ticket -.It Xo -.Fl -verbose -.Xc +.It Fl -verbose Verbose output -.It Xo -.Fl -version -.Xc +.It Fl -version Print version -.It Xo -.Fl -help -.Xc +.It Fl -help .El .Sh FILES Uses Index: src/crypto/dist/heimdal/kuser/kinit.1 diff -u src/crypto/dist/heimdal/kuser/kinit.1:1.10 src/crypto/dist/heimdal/kuser/kinit.1:1.11 --- src/crypto/dist/heimdal/kuser/kinit.1:1.10 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kuser/kinit.1 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: kinit.1 17822 2006-07-10 14:46:58Z lha $ -.\" $NetBSD: kinit.1,v 1.10 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: kinit.1,v 1.11 2009/10/14 23:37:33 joerg Exp $ .\" .Dd April 25, 2006 .Dt KINIT 1 @@ -106,40 +106,22 @@ .Pp Supported options: .Bl -tag -width Ds -.It Xo -.Fl c Ar cachename -.Fl -cache= Ns Ar cachename -.Xc +.It Fl c Ar cachename , Fl -cache= Ns Ar cachename The credentials cache to put the acquired ticket in, if other than default. -.It Xo -.Fl f , -.Fl -forwardable -.Xc +.It Fl f , Fl -forwardable Get ticket that can be forwarded to another host. -.It Xo -.Fl t Ar keytabname , -.Fl -keytab= Ns Ar keytabname -.Xc +.It Fl t Ar keytabname , Fl -keytab= Ns Ar keytabname Don't ask for a password, but instead get the key from the specified keytab. -.It Xo -.Fl l Ar time , -.Fl -lifetime= Ns Ar time -.Xc +.It Fl l Ar time , Fl -lifetime= Ns Ar time Specifies the lifetime of the ticket. The argument can either be in seconds, or a more human readable string like .Sq 1h . -.It Xo -.Fl p , -.Fl -proxiable -.Xc +.It Fl p , Fl -proxiable Request tickets with the proxiable flag set. -.It Xo -.Fl R , -.Fl -renew -.Xc +.It Fl R , .Fl -renew Try to renew ticket. The ticket must have the .Sq renewable @@ -148,46 +130,26 @@ The same as .Fl -renewable-life , with an infinite time. -.It Xo -.Fl r Ar time , -.Fl -renewable-life= Ns Ar time -.Xc +.It Fl r Ar time , Fl -renewable-life= Ns Ar time The max renewable ticket life. -.It Xo -.Fl S Ar principal , -.Fl -server= Ns Ar principal -.Xc +.It Fl S Ar principal , Fl -server= Ns Ar principal Get a ticket for a service other than krbtgt/LOCAL.REALM. -.It Xo -.Fl s Ar time , -.Fl -start-time= Ns Ar time -.Xc +.It Fl s Ar time , Fl -start-time= Ns Ar time Obtain a ticket that starts to be valid .Ar time (which can really be a generic time specification, like .Sq 1h ) seconds into the future. -.It Xo -.Fl k , -.Fl -use-keytab -.Xc +.It Fl k , Fl -use-keytab The same as .Fl -keytab , but with the default keytab name (normally .Ar FILE:/etc/krb5.keytab ) . -.It Xo -.Fl v , -.Fl -validate -.Xc +.It Fl v , Fl -validate Try to validate an invalid ticket. -.It Xo -.Fl e , -.Fl -enctypes= Ns Ar enctypes -.Xc +.It Fl e , Fl -enctypes= Ns Ar enctypes Request tickets with this particular enctype. -.It Xo -.Fl -password-file= Ns Ar filename -.Xc +.It Fl -password-file= Ns Ar filename read the password from the first line of .Ar filename . If the @@ -195,15 +157,10 @@ is .Ar STDIN , the password will be read from the standard input. -.It Xo -.Fl -fcache-version= Ns Ar version-number -.Xc +.It Fl -fcache-version= Ns Ar version-number Create a credentials cache of version .Ar version-number . -.It Xo -.Fl a , -.Fl -extra-addresses= Ns Ar enctypes -.Xc +.It Fl a , Fl -extra-addresses= Ns Ar enctypes Adds a set of addresses that will, in addition to the systems local addresses, be put in the ticket. This can be useful if all addresses a client can use can't be @@ -213,14 +170,9 @@ .Li libdefaults/extra_addresses in .Xr krb5.conf 5 . -.It Xo -.Fl A , -.Fl -no-addresses -.Xc +.It Fl A , Fl -no-addresses Request a ticket with no addresses. -.It Xo -.Fl -anonymous -.Xc +.It Fl -anonymous Request an anonymous ticket (which means that the ticket will be issued to an anonymous principal, typically .Dq anonym...@realm ) . @@ -230,17 +182,11 @@ .Nm has been compiled with support for Kerberos 4. .Bl -tag -width Ds -.It Xo -.Fl 4 , -.Fl -524init -.Xc +.It Fl 4 , Fl -524init Try to convert the obtained Kerberos 5 krbtgt to a version 4 compatible ticket. It will store this ticket in the default Kerberos 4 ticket file. -.It Xo -.Fl 9 , -.Fl -524convert -.Xc +.It Fl 9 , Fl -524convert only convert ticket to version 4 .It Fl -afslog Gets AFS tickets, converts them to version 4 format, and stores them Index: src/crypto/dist/heimdal/kuser/klist.1 diff -u src/crypto/dist/heimdal/kuser/klist.1:1.10 src/crypto/dist/heimdal/kuser/klist.1:1.11 --- src/crypto/dist/heimdal/kuser/klist.1:1.10 Sat Mar 22 08:37:03 2008 +++ src/crypto/dist/heimdal/kuser/klist.1 Wed Oct 14 23:37:33 2009 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" $Heimdal: klist.1 20458 2007-04-19 20:41:27Z lha $ -.\" $NetBSD: klist.1,v 1.10 2008/03/22 08:37:03 mlelstv Exp $ +.\" $NetBSD: klist.1,v 1.11 2009/10/14 23:37:33 joerg Exp $ .\" .Dd October 6, 2005 .Dt KLIST 1 @@ -61,27 +61,14 @@ .Pp Options supported: .Bl -tag -width Ds -.It Xo -.Fl c Ar cache , -.Fl -cache= Ns Ar cache -.Xc +.It Fl c Ar cache , Fl -cache= Ns Ar cache credential cache to list -.It Xo -.Fl s , -.Fl t , -.Fl -test -.Xc +.It Fl s , Fl t , Fl -test Test for there being an active and valid TGT for the local realm of the user in the credential cache. -.It Xo -.Fl T , -.Fl -tokens -.Xc +.It Fl T , Fl -tokens display AFS tokens -.It Xo -.Fl 5 , -.Fl -v5 -.Xc +.It Fl 5 , Fl -v5 display v5 cred cache (this is the default) .It Fl f Include ticket flags in short form, each character stands for a @@ -114,10 +101,7 @@ This information is also output with the .Fl -verbose option, but in a more verbose way. -.It Xo -.Fl v , -.Fl -verbose -.Xc +.It Fl v , Fl -verbose Verbose output. Include all possible information: .Bl -tag -width XXXX -offset indent .It Server @@ -142,10 +126,7 @@ .It Addresses the set of addresses from which this ticket is valid .El -.It Xo -.Fl l , -.Fl -list-caches -.Xc +.It Fl l , Fl -list-caches List the credential caches for the current users, not all cache types supports listing multiple caches. .Pp Index: src/crypto/dist/heimdal/lib/kadm5/iprop-log.8 diff -u src/crypto/dist/heimdal/lib/kadm5/iprop-log.8:1.1 src/crypto/dist/heimdal/lib/kadm5/iprop-log.8:1.2 --- src/crypto/dist/heimdal/lib/kadm5/iprop-log.8:1.1 Sat Mar 22 08:37:12 2008 +++ src/crypto/dist/heimdal/lib/kadm5/iprop-log.8 Wed Oct 14 23:37:34 2009 @@ -1,5 +1,5 @@ .\" $Heimdal: iprop-log.8 21713 2007-07-27 14:38:49Z lha $ -.\" $NetBSD: iprop-log.8,v 1.1 2008/03/22 08:37:12 mlelstv Exp $ +.\" $NetBSD: iprop-log.8,v 1.2 2009/10/14 23:37:34 joerg Exp $ .\" .\" Copyright (c) 2005 - 2007 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -32,7 +32,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: iprop-log.8,v 1.1 2008/03/22 08:37:12 mlelstv Exp $ +.\" $Id: iprop-log.8,v 1.2 2009/10/14 23:37:34 joerg Exp $ .\" .Dd February 18, 2007 .Dt IPROP-LOG 8 @@ -84,28 +84,17 @@ .Sh DESCRIPTION Supported options: .Bl -tag -width Ds -.It Xo -.Fl -version -.Xc -.It Xo -.Fl h , -.Fl -help -.Xc +.It Fl -version +.It Fl h , Fl -help .El .Pp command can be one of the following: .Bl -tag -width truncate .It truncate .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -realm= Ns Ar string realm .El .Pp @@ -114,38 +103,22 @@ file, the log will start over at the first version (0). .It dump .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -realm= Ns Ar string realm .El .Pp Print out all entires in the log to standard output. .It replay .Bl -tag -width Ds -.It Xo -.Fl -start-version= Ns Ar version-number -.Xc +.It Fl -start-version= Ns Ar version-number start replay with this version -.It Xo -.Fl -end-version= Ns Ar version-number -.Xc +.It Fl -end-version= Ns Ar version-number end replay with this version -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -realm= Ns Ar string realm .El .Pp @@ -153,15 +126,9 @@ specified) in the transaction log to the database. .It last-version .Bl -tag -width Ds -.It Xo -.Fl c Ar file , -.Fl -config-file= Ns Ar file -.Xc +.It Fl c Ar file , Fl -config-file= Ns Ar file configuration file -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc +.It Fl r Ar string , Fl -realm= Ns Ar string realm .El .Pp Index: src/crypto/dist/heimdal/lib/kadm5/iprop.8 diff -u src/crypto/dist/heimdal/lib/kadm5/iprop.8:1.1 src/crypto/dist/heimdal/lib/kadm5/iprop.8:1.2 --- src/crypto/dist/heimdal/lib/kadm5/iprop.8:1.1 Sat Mar 22 08:37:12 2008 +++ src/crypto/dist/heimdal/lib/kadm5/iprop.8 Wed Oct 14 23:37:34 2009 @@ -1,5 +1,5 @@ .\" $Heimdal: iprop.8 21940 2007-09-28 22:28:09Z lha $ -.\" $NetBSD: iprop.8,v 1.1 2008/03/22 08:37:12 mlelstv Exp $ +.\" $NetBSD: iprop.8,v 1.2 2009/10/14 23:37:34 joerg Exp $ .\" .\" Copyright (c) 2005 Kungliga Tekniska Högskolan .\" (Royal Institute of Technology, Stockholm, Sweden). @@ -137,78 +137,37 @@ Supported options for .Nm ipropd-master : .Bl -tag -width Ds -.It Xo -.Fl c Ar string , -.Fl -config-file= Ns Ar string -.Xc -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl c Ar string , Fl -config-file= Ns Ar string +.It Fl r Ar string , Fl -realm= Ns Ar string +.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec keytab to get authentication from -.It Xo -.Fl d Ar file , -.Fl -database= Ns Ar file -.Xc +.It Fl d Ar file , Fl -database= Ns Ar file Database (default per KDC) -.It Xo -.Fl -slave-stats-file= Ns Ar file -.Xc +.It Fl -slave-stats-file= Ns Ar file file for slave status information -.It Xo -.Fl -time-missing= Ns Ar time -.Xc +.It Fl -time-missing= Ns Ar time time before slave is polled for presence (default 2 min) -.It Xo -.Fl -time-gone= Ns Ar time -.Xc +.It Fl -time-gone= Ns Ar time time of inactivity after which a slave is considered gone (default 5 min) -.It Xo -.Fl -detach -.Xc +.It Fl -detach detach from console -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl -version +.It Fl -help .El .Pp Supported options for .Nm ipropd-slave : .Bl -tag -width Ds -.It Xo -.Fl c Ar string , -.Fl -config-file= Ns Ar string -.Xc -.It Xo -.Fl r Ar string , -.Fl -realm= Ns Ar string -.Xc -.It Xo -.Fl k Ar kspec , -.Fl -keytab= Ns Ar kspec -.Xc +.It Fl c Ar string , Fl -config-file= Ns Ar string +.It Fl r Ar string , Fl -realm= Ns Ar string +.It Fl k Ar kspec , Fl -keytab= Ns Ar kspec keytab to get authentication from -.It Xo -.Fl -time-lost= Ns Ar time -.Xc +.It Fl -time-lost= Ns Ar time time before server is considered lost (default 5 min) -.It Xo -.Fl -detach -.Xc +.It Fl -detach detach from console -.It Xo -.Fl -version -.Xc -.It Xo -.Fl -help -.Xc +.It Fl -version +.It Fl -help .El Time arguments for the relevant options above may be specified in forms like 5 min, 300 s, or simply a number of seconds.