Remove more single-space hard sentence breaks.

1 files changed, 70 insertions, 35 deletions

diff --git a/share/man/man5/passwd.5 b/share/man/man5/passwd.5
index 890f021..53f6b7b 100644
--- a/share/man/man5/passwd.5
+++ b/share/man/man5/passwd.5
@@ -190,7 +190,8 @@ The system administrator can configure
 to use NIS/YP for
 its password information by adding special records to the
 .Pa /etc/master.passwd
-file. These entries should be added with
+file.
+These entries should be added with
 .Xr vipw 8
 so that the changes can be properly merged with the hashed
 password databases and the
@@ -220,10 +221,12 @@ Note that the entry shown above is known as a
 .Em wildcard
 entry, because it matches all users (the `+' without any other information
 matches everybody) and allows all NIS password data to be retrieved
-unaltered. However, by
+unaltered.
+However, by
 specifying a username or netgroup next to the `+' in the NIS
 entry, the administrator can affect what data are extracted from the
-NIS passwd maps and how it is interpreted. Here are a few example
+NIS passwd maps and how it is interpreted.
+Here are a few example
 records that illustrate this feature (note that you can have several
 NIS entries in a single
 .Pa master.passwd
@@ -240,8 +243,10 @@ file):
 Specific usernames are listed explicitly while netgroups are signified
 by a preceding `@'. In the above example, users in the ``staff'' and
 ``permitted-users'' netgroups will have their password information
-read from NIS and used unaltered. In other words, they will be allowed
-normal access to the machine. Users ``ken'' and ``dennis,'' who have
+read from NIS and used unaltered.
+In other words, they will be allowed
+normal access to the machine.
+Users ``ken'' and ``dennis,'' who have
 been named explicitly rather than through a netgroup, will also have
 their password data read from NIS, _except_ that user ``ken'' will
 have his shell remapped to
@@ -250,7 +255,8 @@ This means that value for his shell specified in the NIS password map
 will be overridden by the value specified in the special NIS entry in
 the local
 .Pa master.passwd
-file. User ``ken'' may have been assigned the csh shell because his
+file.
+User ``ken'' may have been assigned the csh shell because his
 NIS password entry specified a different shell that may not be
 installed on the client machine for political or technical reasons.
 Meanwhile, users in the ``rejected-users'' netgroup are prevented
@@ -261,12 +267,14 @@ User ``mitnick'' will be be ignored entirely because his entry is
 specified with a `-' instead of a `+'. A minus entry can be used
 to block out certain NIS password entries completely; users who's
 password data has been excluded in this way are not recognized by
-the system at all. (Any overrides specified with minus entries are
+the system at all.
+(Any overrides specified with minus entries are
 also ignored since there is no point in processing override information
 for a user that the system isn't going to recognize in the first place.)
 In general, a minus entry is used to specifically exclude a user
 who might otherwise be granted access because he happens to be a
-member of an authorized netgroup. For example, if ``mitnick'' is
+member of an authorized netgroup.
+For example, if ``mitnick'' is
 a member of the ``permitted-users'' netgroup and must, for whatever
 the reason, be permitted to remain in that netgroup (possibly to
 retain access to other machines within the domain), the administrator
@@ -276,12 +284,14 @@ allowed access rather than generate a possibly complicated list of
 users who are allowed access and omit the rest.
 .Pp
 Note that the plus and minus entries are evaluated in order from
-first to last with the first match taking precedence. This means
+first to last with the first match taking precedence.
+This means
 the system will only use the first entry that matches a particular user.
 If, for instance, we have a user ``foo'' who is a member of both the ``staff''
 netgroup and the ``rejected-users'' netgroup, he will be admitted to
 the system because the above example lists the entry for ``staff'' 
-before the entry for ``rejected-users.'' If we reversed the order,
+before the entry for ``rejected-users.''
+If we reversed the order,
 user ``foo'' would be flagged as a ``rejected-user'' instead and
 denied access.
 .Pp
@@ -294,11 +304,13 @@ entries). In our example shown above, we do not have a wildcard
 entry at the end of the list; therefore, the system will not recognize
 anyone except
 ``ken,'' ``dennis,'' the ``staff'' netgroup and the ``permitted-users''
-netgroup as authorized users. The ``rejected-users'' netgroup will
+netgroup as authorized users.
+The ``rejected-users'' netgroup will
 be recognized but all members will have their shells remapped and
 therefore be denied access.
 All other NIS password records
-will be ignored. The administrator may add a wildcard entry to the
+will be ignored.
+The administrator may add a wildcard entry to the
 end of the list such as:
 .Bd -literal -offset indent
 +:::::::::/usr/local/bin/go_away
@@ -309,7 +321,8 @@ any of the other entries.
 .Pa /usr/local/bin/go_away
 can be a short shell script or program
 that prints a message telling the user that he is not allowed access
-to the system. This technique is sometimes useful when it is
+to the system.
+This technique is sometimes useful when it is
 desirable to have the system be able to recognize all users in a
 particular NIS domain without necessarily granting them login access.
 See the above text on the shell field regarding security concerns when using
@@ -318,7 +331,8 @@ a shell script as the login shell.
 The primary use of this
 .Pa override
 feature is to permit the administrator
-to enforce access restrictions on NIS client systems. Users can be
+to enforce access restrictions on NIS client systems.
+Users can be
 granted access to one group of machines and denied access to other
 machines simply by adding or removing them from a particular netgroup.
 Since the netgroup database can also be accessed via NIS, this allows
@@ -334,10 +348,12 @@ are stored only in
 .Pa /etc/master.passwd
 and
 .Pa /etc/spwd.db ,
-which are readable and writable only by the superuser. This is done
+which are readable and writable only by the superuser.
+This is done
 to prevent users from running the encrypted passwords through
 password-guessing programs and gaining unauthorized access to
-other users' accounts. NIS does not support a standard means of
+other users' accounts.
+NIS does not support a standard means of
 password shadowing, which implies that placing your password data
 into the NIS passwd maps totally defeats the security of
 .Tn FreeBSD Ns 's
@@ -345,11 +361,13 @@ password shadowing system.
 .Pp
 .Tn FreeBSD
 provides a few special features to help get around this
-problem. It is possible to implement password shadowing between
+problem.
+It is possible to implement password shadowing between
 .Tn FreeBSD
 NIS clients and
 .Tn FreeBSD
-NIS servers. The
+NIS servers.
+The
 .Xr getpwent 3
 routines will search for a
 .Pa master.passwd.byname
@@ -357,7 +375,8 @@ and
 .Pa master.passwd.byuid
 maps which should contain the same data found in the
 .Pa /etc/master.passwd
-file. If the maps exist,
+file.
+If the maps exist,
 .Tn FreeBSD
 will attempt to use them for user
 authentication instead of the standard
@@ -368,12 +387,14 @@ maps.
 .Tn FreeBSD Ns 's
 .Xr ypserv 8
 will also check client requests to make sure they originate on a
-privileged port. Since only the superuser is allowed to bind to
+privileged port.
+Since only the superuser is allowed to bind to
 a privileged port, the server can tell if the requesting user
 is the superuser; all requests from non-privileged users to access
 the
 .Pa master.passwd
-maps will be refused. Since all user authentication programs run
+maps will be refused.
+Since all user authentication programs run
 with superuser privilege, they should have the required access to
 users' encrypted password data while normal users will only
 be allowed access to the standard
@@ -382,7 +403,8 @@ maps which contain no password information.
 .Pp
 Note that this feature cannot be used in an environment with
 .No non- Ns Tn FreeBSD
-systems. Note also that a truly determined user with
+systems.
+Note also that a truly determined user with
 unrestricted access to your network could still compromise the
 .Pa master.passwd
 maps.
@@ -407,7 +429,8 @@ This entry will cause all users in the `foo-users' netgroup to
 have
 .Pa all
 of their password information overridden, including UIDs,
-GIDs and passwords. The result is that all `foo-users' will be
+GIDs and passwords.
+The result is that all `foo-users' will be
 locked out of the system, since their passwords will be remapped
 to invalid values.
 .Pp
@@ -451,21 +474,25 @@ password
 .Pa /etc/passwd
 file is in plain
 .Tn ASCII
-format. The
+format.
+The
 .Tn SunOS
 documentation claims that
 adding a '+' entry to the password file causes the contents of
 the NIS password database to be 'inserted' at the position in
-the file where the '+' entry appears. If, for example, the
+the file where the '+' entry appears.
+If, for example, the
 administrator places the +:::::: entry in the middle of
 .Pa /etc/passwd,
 then the entire contents of the NIS password map would appear
 as though it had been copied into the middle of the password
-file. If the administrator places the +:::::: entry at both the
+file.
+If the administrator places the +:::::: entry at both the
 middle and the end of
 .Pa /etc/passwd ,
 then the NIS password map would appear twice: once in the middle
-of the file and once at the end. (By using override entries
+of the file and once at the end.
+(By using override entries
 instead of simple wildcards, other combinations could be achieved.)
 .Pp
 By contrast,
@@ -473,7 +500,8 @@ By contrast,
 does not have a single
 .Tn ASCII
 password file: it
-has a hashed password database. This database does not have an
+has a hashed password database.
+This database does not have an
 easily-defined beginning, middle or end, which makes it very hard
 to design a scheme that is 100% compatible with
 .Tn SunOS .
@@ -485,8 +513,10 @@ and
 functions in
 .Tn FreeBSD
 are designed to do direct queries to the
-hash database rather than a linear search. This approach is faster
-on systems where the password database is large. However, when
+hash database rather than a linear search.
+This approach is faster
+on systems where the password database is large.
+However, when
 using direct database queries, the system does not know or care
 about the order of the original password file, and therefore
 it cannot easily apply the same override logic used by
@@ -495,7 +525,8 @@ it cannot easily apply the same override logic used by
 Instead,
 .Tn FreeBSD
 groups all the NIS override entries together
-and constructs a filter out of them. Each NIS password entry
+and constructs a filter out of them.
+Each NIS password entry
 is compared against the override filter exactly once and 
 treated accordingly: if the filter allows the entry through
 unaltered, it's treated unaltered; if the filter calls for remapping
@@ -536,13 +567,15 @@ In %99 of all
 configurations, NIS client behavior will be
 indistinguishable from that of
 .Tn SunOS
-or other similar systems. Even
+or other similar systems.
+Even
 so, users should be aware of these architectural differences.
 .Pp
 .Ss Using groups instead of netgroups for NIS overrides
 .Tn FreeBSD
 offers the capability to do override matching based on
-user groups rather than netgroups. If, for example, an NIS entry
+user groups rather than netgroups.
+If, for example, an NIS entry
 is specified as:
 .Bd -literal -offset indent
 +@operator:::::::::
@@ -567,7 +600,8 @@ was possible for
 .Fn getpwuid
 to return a login name that
 .Fn getpwnam
-would not recognize. This has been fixed: overrides specified
+would not recognize.
+This has been fixed: overrides specified
 in
 .Pa /etc/master.passwd
 now apply to all
@@ -580,7 +614,8 @@ netgroup overrides did not work at
 all, largely because
 .Tn FreeBSD
 did not have support for reading
-netgroups through NIS. Again, this has been fixed, and
+netgroups through NIS.
+Again, this has been fixed, and
 netgroups can be specified just as in
 .Tn SunOS
 and similar NIS-capable