diff options
55 files changed, 280 insertions, 341 deletions
diff --git a/crypto/heimdal/admin/ktutil.8 b/crypto/heimdal/admin/ktutil.8 index cb86fa5..b862258 100644 --- a/crypto/heimdal/admin/ktutil.8 +++ b/crypto/heimdal/admin/ktutil.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm ktutil -.Nd -manage Kerberos keytabs +.Nd manage Kerberos keytabs .Sh SYNOPSIS .Nm .Oo Fl k Ar keytab \*(Ba Xo diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 index 872a7b8..745090c 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 @@ -38,8 +38,7 @@ .Os BSD 4.2 .Sh NAME .Nm ftpd -.Nd -Internet File Transfer Protocol server +.Nd Internet File Transfer Protocol server .Sh SYNOPSIS .Nm ftpd .Op Fl a Ar authmode diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 index c06561b..d10d15a 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 @@ -5,8 +5,7 @@ .Os KTH-KRB .Sh NAME .Pa /etc/ftpusers -.Nd -FTP access list file. +.Nd FTP access list file .Sh DESCRIPTION .Pa /etc/ftpusers contains a list of users that should be allowed or denied FTP diff --git a/crypto/heimdal/appl/kf/kf.1 b/crypto/heimdal/appl/kf/kf.1 index 27ca59f..3836a07 100644 --- a/crypto/heimdal/appl/kf/kf.1 +++ b/crypto/heimdal/appl/kf/kf.1 @@ -8,62 +8,54 @@ .Os Heimdal .Sh NAME .Nm kf -.Nd -securly forward tickets +.Nd securly forward tickets .Sh SYNOPSIS .Nm -.Oo Fl p Ar port \*(Ba Xo -.Fl -port= Ns Ar port Oc -.Xc -.Oo Fl l Ar login \*(Ba Xo -.Fl -login= Ns Ar login Oc -.Xc -.Oo Fl c Ar ccache \*(Ba Xo -.Fl -ccache= Ns Ar ccache Oc -.Xc -.Op Fl F | Fl -forwardable -.Op Fl G | Fl -no-forwardable -.Op Fl h | Fl -help +.Oo +.Fl p Ar port | +.Fl -port Ns = Ns Ar port +.Oc +.Oo +.Fl l Ar login | +.Fl -login Ns = Ns Ar login +.Oc +.Oo +.Fl c Ar ccache | +.Fl -ccache Ns = Ns Ar ccache +.Oc +.Op Fl F | -forwardable +.Op Fl G | -no-forwardable +.Op Fl h | -help .Op Fl -version .Ar host ... .Sh DESCRIPTION The .Nm program forwards tickets to a remove host through an authenticated -and encrypted stream. Options supported are: -.Bl -tag -width Ds +and encrypted stream. +Options supported are: +.Bl -tag -width indent .It Xo -.Fl p Ar port Ns , -.Fl -port= Ns Ar port +.Fl p Ar port , +.Fl -port Ns = Ns Ar port .Xc port to connect to .It Xo -.Fl l Ar login Ns , -.Fl -login= Ns Ar login +.Fl l Ar login , +.Fl -login Ns = Ns Ar login .Xc remote login name .It Xo -.Fl c Ar ccache Ns , -.Fl -ccache= Ns Ar ccache +.Fl c Ar ccache , +.Fl -ccache Ns = Ns Ar ccache .Xc remote cred cache -.It Xo -.Fl F Ns , -.Fl -forwardable -.Xc +.It Fl F , -forwardable forward forwardable credentials -.It Xo -.Fl G Ns , -.Fl -no-forwardable -.Xc +.It Fl G , -no-forwardable do not forward forwardable credentials -.It Xo -.Fl h Ns , -.Fl -help -.Xc -.It Xo -.Fl -version -.Xc +.It Fl h , -help +.It Fl -version .El .Pp .Nm @@ -83,9 +75,9 @@ is able to forward ticket by itself. .\".Sh EXAMPLES .\".Sh DIAGNOSTICS .Sh SEE ALSO -.Xr kfd 8 , .Xr kinit 1 , -.Xr telnet 1 +.Xr telnet 1 , +.Xr kfd 8 .\".Sh STANDARDS .\".Sh HISTORY .\".Sh AUTHORS diff --git a/crypto/heimdal/appl/kf/kfd.8 b/crypto/heimdal/appl/kf/kfd.8 index 3fca73b..c678c8d 100644 --- a/crypto/heimdal/appl/kf/kfd.8 +++ b/crypto/heimdal/appl/kf/kfd.8 @@ -8,33 +8,31 @@ .Os Heimdal .Sh NAME .Nm kfd -.Nd -receive forwarded tickets +.Nd receive forwarded tickets .Sh SYNOPSIS .Nm -.Oo Fl p Ar port \*(Ba Xo -.Fl -port= Ns Ar port Oc -.Xc -.Op Fl i | Fl -inetd -.Oo Fl R Ar regpag \*(Ba Xo -.Fl -regpag= Ns Ar regpag Oc -.Xc -.Op Fl h | Fl -help +.Oo +.Fl p Ar port | +.Fl -port Ns = Ns Ar port +.Oc +.Op Fl i | -inetd +.Oo +.Fl R Ar regpag | +.Fl -regpag Ns = Ns Ar regpag +.Oc +.Op Fl h | -help .Op Fl -version .Sh DESCRIPTION This is the daemon for -.Nm kf . +.Xr kf 1 . Supported options: -.Bl -tag -width Ds +.Bl -tag -width indent .It Xo -.Fl p Ar port Ns , -.Fl -port= Ns Ar port +.Fl p Ar port , +.Fl -port Ns = Ns Ar port .Xc port to listen to -.It Xo -.Fl i Ns , -.Fl -inetd -.Xc +.It Fl i , -inetd not started from inetd .It Xo .Fl R Ar regpag Ns , diff --git a/crypto/heimdal/appl/push/pfrom.1 b/crypto/heimdal/appl/push/pfrom.1 index c04d1116c..6f4110c 100644 --- a/crypto/heimdal/appl/push/pfrom.1 +++ b/crypto/heimdal/appl/push/pfrom.1 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm pfrom -.Nd -fetch a list of the current mail via POP +.Nd "fetch a list of the current mail via POP" .Sh SYNOPSIS .Nm .Op Fl 4 | Fl -krb4 diff --git a/crypto/heimdal/appl/push/push.8 b/crypto/heimdal/appl/push/push.8 index 363eb92..f9e36dd 100644 --- a/crypto/heimdal/appl/push/push.8 +++ b/crypto/heimdal/appl/push/push.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm push -.Nd -fetch mail via POP +.Nd fetch mail via POP .Sh SYNOPSIS .Nm .Op Fl 4 | Fl -krb4 @@ -16,9 +15,9 @@ fetch mail via POP .Op Fl l | -leave .Op Fl -from .Op Fl c | -count -.Op Fl -headers= Ns Ar headers +.Op Fl -headers Ns = Ns Ar headers .Oo Fl p Ar port-spec \*(Ba Xo -.Fl -port= Ns Ar port-spec +.Fl -port Ns = Ns Ar port-spec .Xc .Oc .Ar po-box @@ -81,12 +80,12 @@ behave like from. .Xc first print how many messages and bytes there are. .It Xo -.Fl -headers= Ns Ar headers +.Fl -headers Ns = Ns Ar headers .Xc a list of comma-separated headers that should get printed. .It Xo .Fl p Ar port-spec Ns , -.Fl -port= Ns Ar port-spec +.Fl -port Ns = Ns Ar port-spec .Xc use this port instead of the default .Ql kpop @@ -119,7 +118,7 @@ $ push --from -5 havregryn .Ed .Pp tries to fetch -.Nm From: +.Sy From: lines for current user at post office .Dq havregryn using Kerberos 5. diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.1 b/crypto/heimdal/appl/telnet/telnet/telnet.1 index 7170386..a89d725 100644 --- a/crypto/heimdal/appl/telnet/telnet/telnet.1 +++ b/crypto/heimdal/appl/telnet/telnet/telnet.1 @@ -98,7 +98,7 @@ BINARY option to be negotiated on output. .It Fl S Ar tos Sets the IP type-of-service (TOS) option for the telnet connection to the value -.Ar tos, +.Ar tos , which can be a numeric TOS value or, on systems that support it, a symbolic TOS name found in the /etc/iptos file. @@ -134,7 +134,7 @@ Sets the initial .Nm .Nm telnet escape character to -.Ar escape char. +.Ar escape char . If .Ar escape char is omitted, then @@ -143,7 +143,6 @@ there will be no escape character. If Kerberos V5 authentication is being used, the .Fl f option allows the local credentials to be forwarded to the remote system. -.ne 1i .It Fl k Ar realm If Kerberos authentication is being used, the .Fl k @@ -304,12 +303,12 @@ auth command are as follows: .It Ic disable Ar type Disables the specified type of authentication. To obtain a list of available types, use the -.Ic auth disable \&? +.Ic auth disable ?\& command. .It Ic enable Ar type Enables the specified type of authentication. To obtain a list of available types, use the -.Ic auth enable \&? +.Ic auth enable ?\& command. .It Ic status Lists the current status of the various types of @@ -336,18 +335,22 @@ option is not supported outside of the United States and Canada. .Pp Valid arguments for the encrypt command are as follows: .Bl -tag -width Ar -.It Ic disable Ar type Ic [input|output] +.It Ic disable Ar type Xo +.Op Cm input | output +.Xc Disables the specified type of encryption. If you omit the input and output, both input and output are disabled. To obtain a list of available types, use the -.Ic encrypt disable \&? +.Ic encrypt disable ?\& command. -.It Ic enable Ar type Ic [input|output] +.It Ic enable Ar type Xo +.Op Cm input | output +.Xc Enables the specified type of encryption. If you omit input and output, both input and output are enabled. To obtain a list of available types, use the -.Ic encrypt enable \&? +.Ic encrypt enable ?\& command. .It Ic input This is the same as the @@ -365,18 +368,18 @@ command. This is the same as the .Ic encrypt stop output command. -.It Ic start Ic [input|output] +.It Ic start Op Cm input | output Attempts to start encryption. If you omit .Ic input and -.Ic output, +.Ic output , both input and output are enabled. To obtain a list of available types, use the -.Ic encrypt enable \&? +.Ic encrypt enable ?\& command. .It Ic status Lists the current status of encryption. -.It Ic stop Ic [input|output] +.It Ic stop Op Cm input | output Stops encryption. If you omit input and output, encryption is on both input and output. .It Ic type Ar type @@ -387,7 +390,7 @@ or .Ic encrypt stop commands. .El -.It Ic environ Ar arguments... +.It Ic environ Ar arguments ... The .Ic environ command is used to manipulate the @@ -407,7 +410,7 @@ variable is also exported if the or .Fl l options are used. -.br +.Pp Valid arguments for the .Ic environ command are: @@ -416,7 +419,7 @@ command are: Define the variable .Ar variable to have a value of -.Ar value. +.Ar value . Any variables defined by this command are automatically exported. The .Ar value @@ -441,7 +444,7 @@ Those marked with a .Cm * will be sent automatically, other variables will only be sent if explicitly requested. -.It Ic \&? +.It Ic ?\& Prints out help information for the .Ic environ command. @@ -512,7 +515,6 @@ option. This requires that the .Dv LINEMODE option be enabled. -.ne 1i .It Ic litecho Pq Ic \-litecho Attempt to enable (disable) the .Dv LIT_ECHO @@ -522,17 +524,15 @@ option. This requires that the .Dv LINEMODE option be enabled. -.It Ic \&? +.It Ic ?\& Prints out help information for the .Ic mode command. .El .It Xo .Ic open Ar host -.Oo Op Fl l -.Ar user -.Oc Ns Oo Fl -.Ar port Oc +.Op Fl l Ar user +.Op Oo Fl Oc Ns Ar port .Xc Open a connection to the named host. If no port number @@ -646,7 +646,6 @@ command, .Ic getstatus will send the subnegotiation to request that the server send its current option status. -.ne 1i .It Ic ip Sends the .Dv TELNET IP @@ -692,10 +691,10 @@ command. can also be either .Ic help or -.Ic \&? +.Ic ?\& to print out help information, including a list of known symbolic names. -.It Ic \&? +.It Ic ?\& Prints out help information for the .Ic send command. @@ -972,7 +971,6 @@ The initial value for the suspend character is taken to be the terminal's .Ic suspend character. -.ne 1i .It Ic tracefile This is the file to which the output, caused by .Ic netdata @@ -996,7 +994,7 @@ The initial value for the worderase character is taken to be the terminal's .Ic worderase character. -.It Ic \&? +.It Ic ?\& Displays the legal .Ic set .Pq Ic unset @@ -1040,7 +1038,7 @@ The remote default characters are those of the remote system at the time when the .Tn TELNET connection was established. -.It Ic \&? +.It Ic ?\& Prints out help information for the .Ic slc command. @@ -1115,7 +1113,6 @@ stream does not start automatically. The autoencrypt (autodecrypt) command states that encryption of the output (input) stream should be enabled as soon as possible. -.sp .Pp Note: Because of export controls, the .Dv TELNET ENCRYPT @@ -1273,7 +1270,6 @@ protocol processing (having to do with options). The initial value for this toggle is .Dv FALSE . -.ne 1i .It Ic prettydump When the .Ic netdata @@ -1295,7 +1291,7 @@ skips the reading of the file in the users home directory when connections are opened. The initial value for this toggle is -.Dv FALSE. +.Dv FALSE . .It Ic termdata Toggles the display of all terminal data (in hexadecimal format). The initial value for this toggle is @@ -1308,7 +1304,7 @@ toggle is .Tn TELNET prints out a message each time encryption is enabled or disabled. The initial value for this toggle is -.Dv FALSE. +.Dv FALSE . Note: Because of export controls, data encryption is not supported outside of the United States and Canada. .It Ic \&? @@ -1327,7 +1323,7 @@ system. If .Ic command is omitted, then an interactive subshell is invoked. -.It Ic \&? Op Ar command +.It Ic ?\& Op Ar command Get help. With no arguments, .Nm telnet prints a help summary. diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.8 b/crypto/heimdal/appl/telnet/telnetd/telnetd.8 index 81c187f..1e14425 100644 --- a/crypto/heimdal/appl/telnet/telnetd/telnetd.8 +++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.8 @@ -95,7 +95,7 @@ has been compiled with support for the .Dv AUTHENTICATION option. There are several valid values for -.Ar authmode: +.Ar authmode : .Bl -tag -width debug .It debug Turns on authentication debugging code. @@ -153,7 +153,7 @@ to the connection, allowing the user to see what .Nm telnetd is doing. There are several possible values for -.Ar debugmode: +.Ar debugmode : .Bl -tag -width exercise .It Cm options Prints information about the negotiation of @@ -166,7 +166,7 @@ information, plus some additional information about what processing is going on. .It Cm netdata Displays the data stream received by -.Nm telnetd. +.Nm telnetd . .It Cm ptydata Displays data written to the pty. .It Cm exercise @@ -194,12 +194,12 @@ be reached may be cleaned up. This option is only enabled when .Nm telnetd is compiled for -.Dv UNICOS. +.Dv UNICOS . It specifies an inclusive range of pseudo-terminal devices to use. If the system has sysconf variable .Dv _SC_CRAY_NPTY configured, the default pty search range is 0 to -.Dv _SC_CRAY_NPTY; +.Dv _SC_CRAY_NPTY ; otherwise, the default range is 0 to 128. Either .Ar lowpty or @@ -230,7 +230,6 @@ indicates that only dotted decimal addresses should be put into the .Pa utmp file. -.ne 1i .It Fl U This option causes .Nm telnetd @@ -338,7 +337,7 @@ Indicates that the client is willing to send a of the Network Virtual Terminal. .It "WILL SGA" Indicates that it will not be sending -.Dv IAC GA, +.Dv IAC GA , go ahead, commands. .It "WILL STATUS" Indicates a willingness to send the client, upon @@ -351,7 +350,6 @@ Whenever a command is received, it is always responded to with a .Dv WILL TIMING-MARK -.ne 1i .It "WILL LOGOUT" When a .Dv DO LOGOUT @@ -384,7 +382,7 @@ characters remotely. This is not really supported, but is sent to identify a 4.2BSD .Xr telnet 1 client, which will improperly respond with -.Dv WILL ECHO. +.Dv WILL ECHO . If a .Dv WILL ECHO is received, a @@ -396,7 +394,7 @@ name of the type of terminal that is attached to the client side of the connection. .It "DO SGA" Indicates that it does not need to receive -.Dv IAC GA, +.Dv IAC GA , the go ahead command. .It "DO NAWS" Requests that the client inform the server when @@ -425,9 +423,9 @@ Only sent if .Nm telnetd is compiled with support for both linemode and kludge linemode, and the client responded with -.Dv WONT LINEMODE. +.Dv WONT LINEMODE . If the client responds with -.Dv WILL TM, +.Dv WILL TM , the it is assumed that the client supports kludge linemode. Note that the @@ -448,14 +446,13 @@ the data stream. .El .Sh ENVIRONMENT .Sh FILES -.Pa /etc/services -.br -.Pa /etc/inittab +.Bl -tag -width /etc/services -compact +.It Pa /etc/services +.It Pa /etc/inittab (UNICOS systems only) -.br -.Pa /etc/iptos +.It Pa /etc/iptos (if supported) -.br +.El .Sh "SEE ALSO" .Xr telnet 1 , .Xr login 1 diff --git a/crypto/heimdal/kadmin/kadmin.8 b/crypto/heimdal/kadmin/kadmin.8 index bfb4cfc..fb23cfe 100644 --- a/crypto/heimdal/kadmin/kadmin.8 +++ b/crypto/heimdal/kadmin/kadmin.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm kadmin -.Nd -Kerberos administration utility +.Nd Kerberos administration utility .Sh SYNOPSIS .Nm .Oo Fl p Ar string \*(Ba Xo @@ -101,7 +100,7 @@ will prompt for commands to process. Commands include: .Op Fl -pw-expiration-time= Ns Ar time .Ar principal... .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent creates a new principal .Ed .Pp @@ -114,21 +113,21 @@ creates a new principal .Op Fl -key= Ns Ar string .Ar principal... .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent changes the password of an existing principal .Ed .Pp .Nm delete .Ar principal... .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent removes a principal .Ed .Pp .Nm del_enctype .Ar principal enctypes... .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent removes some enctypes from a principal, this can be useful the service belonging to the principal is known to not handle certain enctypes .Ed @@ -139,7 +138,7 @@ belonging to the principal is known to not handle certain enctypes .Xc .Ar principal... .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent creates a keytab with the keys of the specified principals .Ed .Pp @@ -149,7 +148,7 @@ creates a keytab with the keys of the specified principals .Op Fl t | Fl -terse .Ar expression... .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent lists the principals that match the expressions (which are shell glob like), long format gives more information, and terse just prints the names @@ -158,7 +157,7 @@ names .Nm rename .Ar from to .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent renames a principal .Ed .Pp @@ -173,26 +172,25 @@ renames a principal .Op Fl -kvno= Ns Ar number .Ar principal .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent modifies certain attributes of a principal .Ed .Pp .Nm privileges .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent lists the operations you are allowd to perform .Ed .Pp .Ed - +.Pp When running in local mode, the following commands can also be used. - .Bd -ragged -offset indent .Nm dump .Op Fl d | Fl -decrypt .Op Ar dump-file .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent writes the database in .Dq human readable form to the specified file, or standard out @@ -203,7 +201,7 @@ form to the specified file, or standard out .Op Fl -realm-max-renewable-life= Ns Ar string .Ar realm .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent initialises the Kerberos database with entries for a new realm, it's possible to have more than one realm served by one server .Ed @@ -211,21 +209,20 @@ possible to have more than one realm served by one server .Nm load .Ar file .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent reads a previously dumped database, and re-creates that database from scratch .Ed .Pp .Nm merge .Ar file .Pp -.Bd -filled -offset indent +.Bd -ragged -offset indent similar to .Nm list but just modifies the database with the entries in the dump file .Ed .Pp .Ed - .\".Sh ENVIRONMENT .\".Sh FILES .\".Sh EXAMPLES diff --git a/crypto/heimdal/kadmin/kadmind.8 b/crypto/heimdal/kadmin/kadmind.8 index 67d5c9b..9b76683 100644 --- a/crypto/heimdal/kadmin/kadmind.8 +++ b/crypto/heimdal/kadmin/kadmind.8 @@ -3,8 +3,7 @@ .Os HEIMDAL .Sh NAME .Nm kadmind -.Nd -server for administrative access to kerberos database +.Nd "server for administrative access to kerberos database" .Sh SYNOPSIS .Nm .Oo Fl c Ar file \*(Ba Xo @@ -32,7 +31,7 @@ connection. The option causes .Nm to accept exactly one connection, which is useful for debugging. - +.Pp If built with krb4 support, it implements both the Heimdal Kerberos 5 administrative protocol and the Kerberos 4 protocol. Password changes via the Kerberos 4 protocol are also performed by diff --git a/crypto/heimdal/kdc/hprop.8 b/crypto/heimdal/kdc/hprop.8 index 441b14d..b1e1cd9 100644 --- a/crypto/heimdal/kdc/hprop.8 +++ b/crypto/heimdal/kdc/hprop.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm hprop -.Nd -propagate the KDC database +.Nd propagate the KDC database .Sh SYNOPSIS .Nm .Oo Fl m Ar file \*(Ba Xo @@ -37,8 +36,8 @@ propagate the KDC database .Op Fl v | Fl -verbose .Op Fl -version .Op Fl h | Fl -help -.Ar host Ns Op :port -... +.Ar host Ns Op : Ns Ar port +.Ar ... .Sh DESCRIPTION .Nm takes a principal database in a specified format and converts it into @@ -112,7 +111,7 @@ This option thansmits the database with encrypted keys. .Xc Dump the database on stdout, in a format that can be fed to hpropd. .El - +.Pp The following options are only valid if .Nm hprop is compiled with support for Kerberos 4 (kaserver). @@ -145,7 +144,6 @@ Deprecated, identical to Deprecated, identical to .Sq --source=kaserver . .El - .Sh EXAMPLES The following will propagate a database to another machine (which should run @@ -153,12 +151,12 @@ should run .Bd -literal -offset indent $ hprop slave-1 slave-2 .Ed - +.Pp Copy a Kerberos 4 database to a Kerberos 5 slave: .Bd -literal -offset indent $ hprop --source=krb4-db -E krb5-slave .Ed - +.Pp Convert a Kerberos 4 dump-file for use with a Heimdal KDC: .Bd -literal -offset indent $ hprop -n --source=krb4-dump -d /var/kerberos/principal.dump -E | hpropd -n diff --git a/crypto/heimdal/kdc/hpropd.8 b/crypto/heimdal/kdc/hpropd.8 index 687795e..35e416f 100644 --- a/crypto/heimdal/kdc/hpropd.8 +++ b/crypto/heimdal/kdc/hpropd.8 @@ -1,12 +1,11 @@ .\" $Id: hpropd.8,v 1.5 2000/11/12 15:37:33 joda Exp $ .\" -.Dd Aug 27, 1997 +.Dd August 27, 1997 .Dt HPROPD 8 .Os HEIMDAL .Sh NAME .Nm hpropd -.Nd -receive a propagated database +.Nd receive a propagated database .Sh SYNOPSIS .Nm .Oo Fl d Ar file \*(Ba Xo diff --git a/crypto/heimdal/kdc/kdc.8 b/crypto/heimdal/kdc/kdc.8 index 359c17d..1687dcd 100644 --- a/crypto/heimdal/kdc/kdc.8 +++ b/crypto/heimdal/kdc/kdc.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm kdc -.Nd -Kerberos 5 server +.Nd Kerberos 5 server .Sh SYNOPSIS .Nm .Oo Fl c Ar file \*(Ba Xo diff --git a/crypto/heimdal/kdc/kstash.8 b/crypto/heimdal/kdc/kstash.8 index 92b532d..a9d34c3 100644 --- a/crypto/heimdal/kdc/kstash.8 +++ b/crypto/heimdal/kdc/kstash.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm kstash -.Nd -store the KDC master password in a file +.Nd "store the KDC master password in a file" .Sh SYNOPSIS .Nm .Oo Fl e Ar string \*(Ba Xo diff --git a/crypto/heimdal/kdc/string2key.8 b/crypto/heimdal/kdc/string2key.8 index be8b1f6..b286733 100644 --- a/crypto/heimdal/kdc/string2key.8 +++ b/crypto/heimdal/kdc/string2key.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm string2key -.Nd -map a password into a key +.Nd map a password into a key .Sh SYNOPSIS .Nm .Op Fl 5 | Fl -version5 diff --git a/crypto/heimdal/kpasswd/kpasswd.1 b/crypto/heimdal/kpasswd/kpasswd.1 index d4c986d..eddb7ef 100644 --- a/crypto/heimdal/kpasswd/kpasswd.1 +++ b/crypto/heimdal/kpasswd/kpasswd.1 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm kpasswd -.Nd -Kerberos 5 password changing program +.Nd Kerberos 5 password changing program .Sh SYNOPSIS .Nm .Op Ar principal diff --git a/crypto/heimdal/kpasswd/kpasswdd.8 b/crypto/heimdal/kpasswd/kpasswdd.8 index a54b9a1..21e918b 100644 --- a/crypto/heimdal/kpasswd/kpasswdd.8 +++ b/crypto/heimdal/kpasswd/kpasswdd.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm kpasswdd -.Nd -Kerberos 5 password changing server +.Nd Kerberos 5 password changing server .Sh SYNOPSIS .Nm .Op Fl -check-library= Ns Ar library diff --git a/crypto/heimdal/kuser/kdestroy.1 b/crypto/heimdal/kuser/kdestroy.1 index 18c5320..6ac96a2 100644 --- a/crypto/heimdal/kuser/kdestroy.1 +++ b/crypto/heimdal/kuser/kdestroy.1 @@ -1,12 +1,11 @@ .\" $Id: kdestroy.1,v 1.2 1999/05/14 14:05:40 assar Exp $ .\" -.Dd Aug 27, 1997 +.Dd August 27, 1997 .Dt KDESTROY 1 .Os HEIMDAL .Sh NAME .Nm kdestroy -.Nd -destroy the current ticket file +.Nd destroy the current ticket file .Sh SYNOPSIS .Nm .Op Fl c Ar cachefile diff --git a/crypto/heimdal/kuser/kgetcred.1 b/crypto/heimdal/kuser/kgetcred.1 index 0dbbbff..4fcadbb 100644 --- a/crypto/heimdal/kuser/kgetcred.1 +++ b/crypto/heimdal/kuser/kgetcred.1 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm kgetcred -.Nd -get a ticket for a particular service +.Nd "get a ticket for a particular service" .Sh SYNOPSIS .Nm .Oo Fl e Ar enctype \*(Ba Xo diff --git a/crypto/heimdal/kuser/kinit.1 b/crypto/heimdal/kuser/kinit.1 index 37d7390..8775e7a 100644 --- a/crypto/heimdal/kuser/kinit.1 +++ b/crypto/heimdal/kuser/kinit.1 @@ -6,8 +6,7 @@ .Sh NAME .Nm kinit , .Nm kauth -.Nd -acquire initial tickets +.Nd acquire initial tickets .Sh SYNOPSIS .Nm kinit .Op Fl 4 | Fl -524init diff --git a/crypto/heimdal/kuser/klist.1 b/crypto/heimdal/kuser/klist.1 index 384ce8e..7676508 100644 --- a/crypto/heimdal/kuser/klist.1 +++ b/crypto/heimdal/kuser/klist.1 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm klist -.Nd -list Kerberos credentials +.Nd list Kerberos credentials .Sh SYNOPSIS .Nm .Oo Fl c Ar cache \*(Ba Xo @@ -81,7 +80,7 @@ pre-authenticated .It H hardware authenticated .El - +.Pp This information is also output with the .Fl -verbose option, but in a more verbose way. diff --git a/crypto/heimdal/lib/krb5/kerberos.8 b/crypto/heimdal/lib/krb5/kerberos.8 index 1b2ec91..ac9d3d5 100644 --- a/crypto/heimdal/lib/krb5/kerberos.8 +++ b/crypto/heimdal/lib/krb5/kerberos.8 @@ -42,8 +42,8 @@ without giving your password. .Pp For more information on how Kerberos works, and other general Kerberos questions see the Kerberos FAQ at -.Ad http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html . - +.Pa http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html . +.Pp For setup instructions see the Heimdal Texinfo manual. .Sh SEE ALSO .Xr ftp 1 diff --git a/crypto/heimdal/lib/krb5/krb5.conf.5 b/crypto/heimdal/lib/krb5/krb5.conf.5 index 51f6cfb..6ff4aef 100644 --- a/crypto/heimdal/lib/krb5/krb5.conf.5 +++ b/crypto/heimdal/lib/krb5/krb5.conf.5 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm /etc/krb5.conf -.Nd -Configuration file for Kerberos 5 +.Nd configuration file for Kerberos 5 .Sh DESCRIPTION The .Nm diff --git a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 index ff90c64..3a3bb85 100644 --- a/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_425_conv_principal.3 @@ -7,7 +7,7 @@ .Nm krb5_425_conv_principal , .Nm krb5_425_conv_principal_ext , .Nm krb5_524_conv_principal -.Nd Converts to and from version 4 principals +.Nd converts to and from version 4 principals .Sh SYNOPSIS .Fd #include <krb5.h> .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_appdefault.3 b/crypto/heimdal/lib/krb5/krb5_appdefault.3 index 3ce6fc9..7c45925 100644 --- a/crypto/heimdal/lib/krb5/krb5_appdefault.3 +++ b/crypto/heimdal/lib/krb5/krb5_appdefault.3 @@ -7,27 +7,23 @@ .Nm krb5_appdefault_boolean , .Nm krb5_appdefault_string , .Nm krb5_appdefault_time -.Nd Get application configuration value - +.Nd get application configuration value .Sh SYNOPSIS .Fd #include <krb5.h> - .Ft void .Fn krb5_appdefault_boolean "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "krb5_boolean def_val" "krb5_boolean *ret_val" .Ft void .Fn krb5_appdefault_string "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "const char *def_val" "char **ret_val" .Ft void .Fn krb5_appdefault_time "krb5_context context" "const char *appname" "krb5_realm realm" "const char *option" "time_t def_val" "time_t *ret_val" - .Sh DESCRIPTION - These functions get application application defaults from the .Dv appdefaults section of the .Xr krb5.conf 5 configuration file. These defaults can be specified per application, and/or per realm. - +.Pp These values will be looked for in .Xr krb5.conf 5 , in order of descending importance. @@ -46,12 +42,11 @@ in order of descending importance. } option = value .Ed - +.Pp If the realm is omitted it will not be used for resolving values. If no value can be found, .Fa def_val is returned instead. - .Sh SEE ALSO .Xr krb5_config 3 , .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_auth_context.3 b/crypto/heimdal/lib/krb5/krb5_auth_context.3 index 42a96ec..d383c0a 100644 --- a/crypto/heimdal/lib/krb5/krb5_auth_context.3 +++ b/crypto/heimdal/lib/krb5/krb5_auth_context.3 @@ -34,7 +34,7 @@ .Nm krb5_auth_con_setrcache , .Nm krb5_auth_con_initivector , .Nm krb5_auth_con_setivector -.Nd manage authetication on connection level. +.Nd manage authetication on connection level .Sh SYNOPSIS .Fd #include <krb5.h> .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_build_principal.3 b/crypto/heimdal/lib/krb5/krb5_build_principal.3 index db703a4..af01cd8 100644 --- a/crypto/heimdal/lib/krb5/krb5_build_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_build_principal.3 @@ -9,7 +9,7 @@ .Nm krb5_build_principal_va , .Nm krb5_build_principal_va_ext , .Nm krb5_make_principal -.Nd Principal creation functions +.Nd principal creation functions .Sh SYNOPSIS .Fd #include <krb5.h> .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_config.3 b/crypto/heimdal/lib/krb5/krb5_config.3 index b5a74db..3f2de83 100644 --- a/crypto/heimdal/lib/krb5/krb5_config.3 +++ b/crypto/heimdal/lib/krb5/krb5_config.3 @@ -8,11 +8,9 @@ .Nm krb5_config_get_int_default , .Nm krb5_config_get_string_default , .Nm krb5_config_get_time_default -.Nd Get configuration value - +.Nd get configuration value .Sh SYNOPSIS .Fd #include <krb5.h> - .Ft krb5_boolean .Fn krb5_config_get_bool_default "krb5_context context" "krb5_config_section *c" "krb5_boolean def_value" "..." .Ft int @@ -21,27 +19,24 @@ .Fn krb5_config_get_string_default "krb5_context context" "krb5_config_section *c" "const char *def_value" "..." .Ft int .Fn krb5_config_get_time_default "krb5_context context" "krb5_config_section *c" "int def_value" "..." - .Sh DESCRIPTION - These functions get values from the .Xr krb5.conf 5 configuration file, or another configuration database specified by the .Fa c parameter. - +.Pp The variable arguments should be a list of strings naming each subsection to look for. For example: - .Bd -literal -offset indent krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults", "log_utc", NULL) .Ed - +.Pp gets the boolean value for the .Dv log_utc option, defaulting to .Dv FALSE . - +.Pp .Fn krb5_config_get_bool_default will convert the option value to a boolean value, where .Sq yes , @@ -50,22 +45,19 @@ and any non-zero number means .Dv TRUE , and any other value .Dv FALSE . - +.Pp .Fn krb5_config_get_int_default will convert the value to an integer. - +.Pp .Fn krb5_config_get_time_default will convert the value to a period of time (not a time stamp) in seconds, so the string .Sq 2 weeks will be converted to 1209600 (2 * 7 * 24 * 60 * 60). - .Sh BUGS - Other than for the string case, there's no way to tell whether there was a value specified or not. - .Sh SEE ALSO .Xr krb5_appdefault 3 , .Xr krb5.conf 5 diff --git a/crypto/heimdal/lib/krb5/krb5_free_principal.3 b/crypto/heimdal/lib/krb5/krb5_free_principal.3 index 1f318cc..023853b 100644 --- a/crypto/heimdal/lib/krb5/krb5_free_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_free_principal.3 @@ -5,7 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm krb5_free_principal -.Nd Principal free function +.Nd principal free function .Sh SYNOPSIS .Fd #include <krb5.h> .Ft void diff --git a/crypto/heimdal/lib/krb5/krb5_parse_name.3 b/crypto/heimdal/lib/krb5/krb5_parse_name.3 index c5b0c1d..05ba77b 100644 --- a/crypto/heimdal/lib/krb5/krb5_parse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_parse_name.3 @@ -5,7 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm krb5_parse_name -.Nd String to principal conversion +.Nd string to principal conversion .Sh SYNOPSIS .Fd #include <krb5.h> .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 index 2c9f405..5f7f096 100644 --- a/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 +++ b/crypto/heimdal/lib/krb5/krb5_sname_to_principal.3 @@ -6,7 +6,7 @@ .Sh NAME .Nm krb5_sname_to_principal , .Nm krb5_sock_to_principal -.Nd Create a service principal +.Nd create a service principal .Sh SYNOPSIS .Fd #include <krb5.h> .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 index 5a744af..a335eb2 100644 --- a/crypto/heimdal/lib/krb5/krb5_unparse_name.3 +++ b/crypto/heimdal/lib/krb5/krb5_unparse_name.3 @@ -6,7 +6,7 @@ .Sh NAME .Nm krb5_unparse_name .\" .Nm krb5_unparse_name_ext -.Nd Principal to string conversion +.Nd principal to string conversion .Sh SYNOPSIS .Fd #include <krb5.h> .Ft krb5_error_code diff --git a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 b/crypto/heimdal/lib/krb5/verify_krb5_conf.8 index 55cdc92..c071d24 100644 --- a/crypto/heimdal/lib/krb5/verify_krb5_conf.8 +++ b/crypto/heimdal/lib/krb5/verify_krb5_conf.8 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm verify_krb5_conf -.Nd -does a crude test that +.Nd does a crude test that .Pa krb5.conf does not contain any obvious syntax error .Sh SYNOPSIS diff --git a/crypto/heimdal/lib/vers/make-print-version.c b/crypto/heimdal/lib/vers/make-print-version.c index 6102e75..5d62cc6 100644 --- a/crypto/heimdal/lib/vers/make-print-version.c +++ b/crypto/heimdal/lib/vers/make-print-version.c @@ -42,7 +42,7 @@ RCSID("$Id: make-print-version.c,v 1.2 2000/07/08 10:46:36 assar Exp $"); extern const char *heimdal_version; #endif #ifdef KRB4 -extern const char *krb4_version; +extern char *krb4_version; #endif #include <version.h> diff --git a/crypto/heimdal/tools/krb5-config.1 b/crypto/heimdal/tools/krb5-config.1 index 1eb2e09..7b04601 100644 --- a/crypto/heimdal/tools/krb5-config.1 +++ b/crypto/heimdal/tools/krb5-config.1 @@ -5,8 +5,7 @@ .Os HEIMDAL .Sh NAME .Nm krb5-config -.Nd -give information on how to link code against Heimdal libraries +.Nd "give information on how to link code against Heimdal libraries" .Sh SYNOPSIS .Nm .Op Fl -prefix Ns Op = Ns Ar dir diff --git a/crypto/kerberosIV/lib/roken/getarg.3 b/crypto/kerberosIV/lib/roken/getarg.3 index 78a8802..fc4ca83c 100644 --- a/crypto/kerberosIV/lib/roken/getarg.3 +++ b/crypto/kerberosIV/lib/roken/getarg.3 @@ -9,13 +9,10 @@ .Nd collect command line options .Sh SYNOPSIS .Fd #include <getarg.h> - .Ft int .Fn getarg "struct getargs *args" "size_t num_args" "int argc" "char **argv" "int *optind" - .Ft void .Fn arg_printusage "struct getargs *args" "size_t num_args" "const char *progname" "const char *extra_string" - .Sh DESCRIPTION .Fn getarg collects any command line options given to a program in an easily used way. @@ -45,7 +42,8 @@ take the same and .Fa num_args as getarg; -.Fa progname is the name of the program (to be used in the help text), and +.Fa progname +is the name of the program (to be used in the help text), and .Fa extra_string is a string to print after the actual options to indicate more arguments. The usefulness of this function is realised only be people @@ -55,7 +53,6 @@ the code does. The .Fa getargs struct has the following elements. - .Bd -literal struct getargs{ const char *long_name; @@ -176,7 +173,7 @@ and .Fa *optarg , but to do this correct you (more or less) have to know about the inner workings of getarg. - +.Pp You can skip parts of arguments by increasing .Fa *optarg (you could @@ -233,8 +230,6 @@ and if you're really confused you can do it multiple times .Pf ( Fl -no-no-help= Ns Ar false , or even .Fl -no-no-help= Ns Ar maybe ) . - -.Pp .Sh EXAMPLE .Bd -literal #include <stdio.h> @@ -276,11 +271,11 @@ main(int argc, char **argv) exit (0); } if (destination == NULL) { - fprintf(stderr, "%s: must specify destination\n", progname); + fprintf(stderr, "%s: must specify destination\en", progname); exit(1); } if (strcmp(source, destination) == 0) { - fprintf(stderr, "%s: destination must be different from source\n"); + fprintf(stderr, "%s: destination must be different from source\en"); exit(1); } /* include more stuff here ... */ @@ -298,7 +293,6 @@ Usage: ship++ [--source=city] [-s city] [--destination=city] [-d city] -w tons, --weight=tons weight of shippment -c, --no-catalog include product catalog .Ed - .Sh BUGS It should be more flexible, so it would be possible to use other more complicated option syntaxes, such as what diff --git a/crypto/kerberosIV/man/afslog.1 b/crypto/kerberosIV/man/afslog.1 index 625f831..5202a71 100644 --- a/crypto/kerberosIV/man/afslog.1 +++ b/crypto/kerberosIV/man/afslog.1 @@ -5,8 +5,7 @@ .Os KTH-KRB .Sh NAME .Nm afslog -.Nd -obtains AFS tokens for specified cells +.Nd "obtains AFS tokens for specified cells" .Sh SYNOPSIS .Nm .Op Fl d diff --git a/crypto/kerberosIV/man/ftp.1 b/crypto/kerberosIV/man/ftp.1 index e5c21f0..9ad7f4c 100644 --- a/crypto/kerberosIV/man/ftp.1 +++ b/crypto/kerberosIV/man/ftp.1 @@ -913,7 +913,7 @@ if verbose is on, when a file transfer completes, statistics regarding the efficiency of the transfer are reported. By default, verbose is on. -.It Ic ? Op Ar command +.It Ic \&? Op Ar command A synonym for help. .El .Pp diff --git a/crypto/kerberosIV/man/ftpd.8 b/crypto/kerberosIV/man/ftpd.8 index c51de1c..745090c 100644 --- a/crypto/kerberosIV/man/ftpd.8 +++ b/crypto/kerberosIV/man/ftpd.8 @@ -38,8 +38,7 @@ .Os BSD 4.2 .Sh NAME .Nm ftpd -.Nd -Internet File Transfer Protocol server +.Nd Internet File Transfer Protocol server .Sh SYNOPSIS .Nm ftpd .Op Fl a Ar authmode @@ -81,7 +80,7 @@ but only OTP is allowed. .It Ar ftp Allow anonymous login. .El - +.Pp The following combination modes exists for backwards compatibility: .Bl -tag -width plain .It Ar none @@ -319,7 +318,7 @@ that the .Dq ftp subtree be constructed with care, consider following these guidelines for anonymous ftp. - +.Pp In general all files should be owned by .Dq root , and have non-write permissions (644 or 755 depending on the kind of @@ -377,7 +376,7 @@ and .Xr group 5 files here, ls will be able to produce owner names rather than numbers. Remember to remove any passwords from these files. - +.Pp The file .Pa motd , if present, will be printed after a successful login. @@ -388,7 +387,7 @@ here. .It Pa ~ftp/pub Traditional place to put whatever you want to make public. .El - +.Pp If you want guests to be able to upload files, create a .Pa ~ftp/incoming directory owned by @@ -459,6 +458,7 @@ FTP PROTOCOL SPECIFICATION OTP Specification .It Cm RFC 2228 FTP Security Extensions. +.El .Sh BUGS The server must run as the super-user to create sockets with privileged port numbers. It maintains diff --git a/crypto/kerberosIV/man/ftpusers.5 b/crypto/kerberosIV/man/ftpusers.5 index dfd66f9..c1960d1 100644 --- a/crypto/kerberosIV/man/ftpusers.5 +++ b/crypto/kerberosIV/man/ftpusers.5 @@ -5,8 +5,7 @@ .Os KTH-KRB .Sh NAME .Pa /etc/ftpusers -.Nd -FTP access list file. +.Nd FTP access list file .Sh DESCRIPTION .Pa /etc/ftpusers contains a list of users that should be allowed or denied FTP @@ -20,7 +19,7 @@ matches any user. Users that has an explicit .Dq allow , or that does not match any line, are allowed access. Anyone else is denied access. - +.Pp Note that this is compatible with the old format, where this file contained a list of users that should be denied access. .Sh EXAMPLES diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8 index afd9126..bc2f43b 100644 --- a/crypto/kerberosIV/man/kadmin.8 +++ b/crypto/kerberosIV/man/kadmin.8 @@ -4,14 +4,12 @@ .\" For copying and distribution information, .\" please see the file <mit-copyright.h>. .\" - .Dd February 3, 1998 .Dt KADMIN 8 .Os "KTH-KRB" .Sh NAME .Nm kadmin -.Nd -network utility for Kerberos database administration +.Nd "network utility for Kerberos database administration" .Sh SYNOPSIS .Nm .Op Fl p Ar principal @@ -23,7 +21,7 @@ network utility for Kerberos database administration .Op Fl -version .Op Fl h .Op Fl -help -.Ar [command] +.Op Ar command .Sh DESCRIPTION This utility provides a unified administration interface to the Kerberos master database. Kerberos administrators use @@ -64,7 +62,7 @@ for .It Fl t Use existing tickets (if any are available), this also disbles timeout, and doesn't destroy any tickets upon exit. - +.Pp These tickets have to be for the changepw.kerberos service. Use .Nm kinit -p to acquire them. diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3 index 4a7b5ef..9afac16 100644 --- a/crypto/kerberosIV/man/kafs.3 +++ b/crypto/kerberosIV/man/kafs.3 @@ -11,8 +11,8 @@ .Nm k_afs_cell_of_file , .Nm krb_afslog , .Nm krb_afslog_uid -\" .Nm krb5_afslog , -\" .Nm krb5_afslog_uid +.\" .Nm krb5_afslog , +.\" .Nm krb5_afslog_uid .Nd AFS library .Sh SYNOPSIS .Fd #include <kafs.h> @@ -30,10 +30,10 @@ .Fn krb_afslog "char *cell" "char *realm" .Ft int .Fn krb_afslog_uid "char *cell" "char *realm" "uid_t uid" -\" .Ft krb5_error_code -\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" -\" .Ft krb5_error_code -\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" +.\" .Ft krb5_error_code +.\" .Fn krb5_afslog_uid "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" "uid_t uid" +.\" .Ft krb5_error_code +.\" .Fn krb5_afslog "krb5_context context" "krb5_ccache id" "const char *cell" "krb5_const_realm realm" .Sh DESCRIPTION .Fn k_hasafs initializes some library internal structures, and tests for the @@ -41,7 +41,7 @@ presense of AFS in the kernel, none of the other functions should be called before .Fn k_hasafs is called, or if it fails. - +.Pp .Fn krb_afslog , and .Fn krb_afslog_uid @@ -66,22 +66,22 @@ field in the token, .Fn krb_afslog_uid will use .Fa uid . - -\" .Fn krb5_afslog , -\" and -\" .Fn krb5_afslog_uid -\" are the Kerberos 5 equivalents of -\" .Fn krb_afslog , -\" and -\" .Fn krb_afslog_uid . -\" The extra arguments are the ubiquitous context, and the cache id where -\" to store any obtained tickets. Since AFS servers normally can't handle -\" Kerberos 5 tickets directly, these functions will first obtain version -\" 5 tickets for the requested cells, and then convert them to version 4 -\" tickets, that can be stashed in the kernel. To convert tickets the -\" .Fn krb524_convert_creds_kdc -\" function will be used. - +.Pp +.\" .Fn krb5_afslog , +.\" and +.\" .Fn krb5_afslog_uid +.\" are the Kerberos 5 equivalents of +.\" .Fn krb_afslog , +.\" and +.\" .Fn krb_afslog_uid . +.\" The extra arguments are the ubiquitous context, and the cache id where +.\" to store any obtained tickets. Since AFS servers normally can't handle +.\" Kerberos 5 tickets directly, these functions will first obtain version +.\" 5 tickets for the requested cells, and then convert them to version 4 +.\" tickets, that can be stashed in the kernel. To convert tickets the +.\" .Fn krb524_convert_creds_kdc +.\" function will be used. +.\" .Pp .Fn k_afs_cell_of_file will in .Fa cell @@ -89,23 +89,22 @@ return the cell of a specified file, no more than .Fa len characters is put in .Fa cell . - +.Pp .Fn k_pioctl does a .Fn pioctl syscall with the specified arguments. This function is equivalent to .Fn lpioctl . - +.Pp .Fn k_setpag initializes a new PAG. - +.Pp .Fn k_unlog removes destroys all tokens in the current PAG. - .Sh ENVIRONMENT The following environment variable affect the mode of operation of .Nm kafs : -.Bl -tag +.Bl -tag -width AFS_SYSCALL .It Ev AFS_SYSCALL Normally, .Nm kafs diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1 index 2efb709..72146e6 100644 --- a/crypto/kerberosIV/man/kauth.1 +++ b/crypto/kerberosIV/man/kauth.1 @@ -5,8 +5,7 @@ .Os KTH-KRB .Sh NAME .Nm kauth -.Nd -overworked Kerberos login program +.Nd overworked Kerberos login program .Sh SYNOPSIS .Nm .Op Fl n Ar name diff --git a/crypto/kerberosIV/man/kauthd.8 b/crypto/kerberosIV/man/kauthd.8 index 4978ff2..541e696 100644 --- a/crypto/kerberosIV/man/kauthd.8 +++ b/crypto/kerberosIV/man/kauthd.8 @@ -5,8 +5,7 @@ .Os KTH-KRB .Sh NAME .Nm kauthd -.Nd -remote Kerberos login daemon +.Nd remote Kerberos login daemon .Sh SYNOPSIS .Nm .Sh DESCRIPTION @@ -19,7 +18,7 @@ Options supported by .Bl -tag -width Ds .It Fl i Interactive. Do not expect to be started by -.Nm inetd, +.Nm inetd , but allocate and listen to the socket yourself. Handy for testing and debugging. .El diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8 index 5d89635..0ad1a4a 100644 --- a/crypto/kerberosIV/man/kerberos.8 +++ b/crypto/kerberosIV/man/kerberos.8 @@ -5,7 +5,7 @@ .Os KTH-KRB .Sh NAME .Nm kerberos -.Nd The kerberos daemon +.Nd the kerberos daemon .Sh SYNPOSIS .Nm .Op Fl mns @@ -52,7 +52,8 @@ port specification follows the format: The .Ar port can be either a symbolic port name (from -.Pa /etc/services), or a number; +.Pa /etc/services ) , +or a number; .Ar protocol can be either .Li udp , or @@ -71,13 +72,12 @@ Run as a server for realm Set slave parameters. This will enable check to see if data is getting too stale relative to the master. .El - +.Pp If no .Ar database is given a default datbase will be used, normally .Pa /var/kerberos/principal . .Sh DIAGNOSTICS - The server logs several messages in a log file .Pf ( Pa /var/run/kerberos.log by default). The logging mechanism opens and closes the log file for @@ -115,7 +115,6 @@ An initial (password authenticated) request was received. .Xc A tgt-based request for a ticket was made. .El - .Ss Error messages These messages reflects misconfigured clients, invalid requests, or possibly attepted attacks. @@ -167,7 +166,6 @@ because of a broken client, or possibly an attack. .It Li KRB protocol version mismatch ( Ar number ) The server received a request with an unknown version number. .El - .Ss Fatal error messages The following messages indicate problems when starting the server. .Bl -tag -width xxxxx @@ -186,7 +184,6 @@ The database doesn't contain a .Sq krbtgt.REALM for the local realm. .El - .Sh SEE ALSO .Xr kprop 8 , .Xr kpropd 8 diff --git a/crypto/kerberosIV/man/krb.equiv.5 b/crypto/kerberosIV/man/krb.equiv.5 index e38f94b..511dbf0 100644 --- a/crypto/kerberosIV/man/krb.equiv.5 +++ b/crypto/kerberosIV/man/krb.equiv.5 @@ -5,8 +5,7 @@ .Os KTH-KRB .Sh NAME .Nm krb.equiv -.Nd -Kerberos equivalent hosts file +.Nd Kerberos equivalent hosts file .Sh DESCRIPTION .Nm contains a list of IP addresses that is to be considered being the diff --git a/crypto/kerberosIV/man/krb.extra.5 b/crypto/kerberosIV/man/krb.extra.5 index 38569fd..5652323 100644 --- a/crypto/kerberosIV/man/krb.extra.5 +++ b/crypto/kerberosIV/man/krb.extra.5 @@ -5,8 +5,7 @@ .Os KTH-KRB .Sh NAME .Nm krb.extra -.Nd -Kerberos misc configuration file +.Nd Kerberos misc configuration file .Sh DESCRIPTION .Nm contains a number of settings that are used by the kerberos library, diff --git a/crypto/kerberosIV/man/login.1 b/crypto/kerberosIV/man/login.1 index b05a6a4..dcdc919 100644 --- a/crypto/kerberosIV/man/login.1 +++ b/crypto/kerberosIV/man/login.1 @@ -43,7 +43,7 @@ .Op Fl h Ar hostname .Op Ar user .Sh DESCRIPTION -.Sy Note: +.Sy Note : this manual page describes the original login program for NetBSD. Everything in here might not be true. .Pp diff --git a/crypto/kerberosIV/man/login.access.5 b/crypto/kerberosIV/man/login.access.5 index 28d423c..da93b9d 100644 --- a/crypto/kerberosIV/man/login.access.5 +++ b/crypto/kerberosIV/man/login.access.5 @@ -1,10 +1,10 @@ .\" this is comment .Dd April 30, 1994 .Dt SKEY.ACCESS 5 -.Os FreeBSD 1.2 +.Os FreeBSD .Sh NAME .Nm login.access -.Nd Login access control table +.Nd login access control table .Sh DESCRIPTION The .Nm login.access @@ -21,7 +21,7 @@ be accepted or refused. .Pp Each line of the login access control table has three fields separated by a ":" character: permission : users : origins - +.Pp The first field should be a "+" (access granted) or "-" (access denied) character. The second field should be a list of one or more login names, group names, or ALL (always matches). The third field should be a list @@ -30,9 +30,9 @@ names (begin with "."), host addresses, internet network numbers (end with "."), ALL (always matches) or LOCAL (matches any string that does not contain a "." character). If you run NIS you can use @netgroupname in host or user patterns. - +.Pp The EXCEPT operator makes it possible to write very compact rules. - +.Pp The group file is searched only when a name does not match that of the logged-in user. Only groups are matched in which users are explicitly listed: the program does not look at a user's primary group id value. diff --git a/crypto/kerberosIV/man/pagsh.1 b/crypto/kerberosIV/man/pagsh.1 index cd95f8b..2208fc8 100644 --- a/crypto/kerberosIV/man/pagsh.1 +++ b/crypto/kerberosIV/man/pagsh.1 @@ -5,18 +5,21 @@ .Os KTH-KRB .Sh NAME .Nm pagsh -.Nd -execute a command without authentication +.Nd execute a command without authentication .Sh SYNOPSIS .Nm pagsh -.Op Oo Fl c Oc Nm command Ar args +.Oo +.Op Fl c +.Ar command Ar args +.Oc .Sh DESCRIPTION Starts a new subprocess that is detached from any Kerberos ticket -cache and AFS tokens. Without -.Nm command +cache and AFS tokens. +Without +.Ar command a new shell is started. .Sh ENVIRONMENT -.Bl -tag -width Fl +.Bl -tag -width $SHELL .It Ev $SHELL Default shell. .El diff --git a/crypto/kerberosIV/man/rcp.1 b/crypto/kerberosIV/man/rcp.1 index cc5efd0..c52258e 100644 --- a/crypto/kerberosIV/man/rcp.1 +++ b/crypto/kerberosIV/man/rcp.1 @@ -47,7 +47,7 @@ .Nm rcp .Op Fl Kprx .Op Fl k Ar realm -.Ar file ... +.Ar .Ar directory .Sh DESCRIPTION .Nm Rcp diff --git a/crypto/kerberosIV/man/rlogin.1 b/crypto/kerberosIV/man/rlogin.1 index 3e1fd8d..c2d8b77 100644 --- a/crypto/kerberosIV/man/rlogin.1 +++ b/crypto/kerberosIV/man/rlogin.1 @@ -98,7 +98,7 @@ This specification may be as a literal character, or as an octal value in the form \ennn. .It Fl k The -.FL k +.Fl k option requests rlogin to obtain tickets for the remote host in realm .Ar realm diff --git a/crypto/kerberosIV/man/telnet.1 b/crypto/kerberosIV/man/telnet.1 index 2b3198e..962783f 100644 --- a/crypto/kerberosIV/man/telnet.1 +++ b/crypto/kerberosIV/man/telnet.1 @@ -98,7 +98,7 @@ BINARY option to be negotiated on output. .It Fl S Ar tos Sets the IP type-of-service (TOS) option for the telnet connection to the value -.Ar tos, +.Ar tos , which can be a numeric TOS value or, on systems that support it, a symbolic TOS name found in the /etc/iptos file. @@ -134,7 +134,7 @@ Sets the initial .Nm .Nm telnet escape character to -.Ar escape char. +.Ar escape char . If .Ar escape char is omitted, then @@ -304,12 +304,12 @@ auth command are as follows: .It Ic disable Ar type Disables the specified type of authentication. To obtain a list of available types, use the -.Ic auth disable \&? +.Ic auth disable ?\& command. .It Ic enable Ar type Enables the specified type of authentication. To obtain a list of available types, use the -.Ic auth enable \&? +.Ic auth enable ?\& command. .It Ic status Lists the current status of the various types of @@ -336,18 +336,22 @@ option is not supported outside of the United States and Canada. .Pp Valid arguments for the encrypt command are as follows: .Bl -tag -width Ar -.It Ic disable Ar type Ic [input|output] +.It Ic disable Ar type Xo +.Op Cm input | output +.Xc Disables the specified type of encryption. If you omit the input and output, both input and output are disabled. To obtain a list of available types, use the -.Ic encrypt disable \&? +.Ic encrypt disable ?\& command. -.It Ic enable Ar type Ic [input|output] +.It Ic enable Ar type Xo +.Op Cm input | output +.Xc Enables the specified type of encryption. If you omit input and output, both input and output are enabled. To obtain a list of available types, use the -.Ic encrypt enable \&? +.Ic encrypt enable ?\& command. .It Ic input This is the same as the @@ -365,18 +369,18 @@ command. This is the same as the .Ic encrypt stop output command. -.It Ic start Ic [input|output] +.It Ic start Op Cm input | output Attempts to start encryption. If you omit .Ic input and -.Ic output, +.Ic output , both input and output are enabled. To obtain a list of available types, use the -.Ic encrypt enable \&? +.Ic encrypt enable ?\& command. .It Ic status Lists the current status of encryption. -.It Ic stop Ic [input|output] +.It Ic stop Op Cm input | output Stops encryption. If you omit input and output, encryption is on both input and output. .It Ic type Ar type @@ -387,7 +391,7 @@ or .Ic encrypt stop commands. .El -.It Ic environ Ar arguments... +.It Ic environ Ar arguments ... The .Ic environ command is used to manipulate the @@ -416,7 +420,7 @@ command are: Define the variable .Ar variable to have a value of -.Ar value. +.Ar value . Any variables defined by this command are automatically exported. The .Ar value @@ -441,7 +445,7 @@ Those marked with a .Cm * will be sent automatically, other variables will only be sent if explicitly requested. -.It Ic \&? +.It Ic ?\& Prints out help information for the .Ic environ command. @@ -522,17 +526,15 @@ option. This requires that the .Dv LINEMODE option be enabled. -.It Ic \&? +.It Ic ?\& Prints out help information for the .Ic mode command. .El .It Xo .Ic open Ar host -.Oo Op Fl l -.Ar user -.Oc Ns Oo Fl -.Ar port Oc +.Op Fl l Ar user +.Op Oo Fl Oc Ns Ar port .Xc Open a connection to the named host. If no port number @@ -692,10 +694,10 @@ command. can also be either .Ic help or -.Ic \&? +.Ic ?\& to print out help information, including a list of known symbolic names. -.It Ic \&? +.It Ic ?\& Prints out help information for the .Ic send command. @@ -996,7 +998,7 @@ The initial value for the worderase character is taken to be the terminal's .Ic worderase character. -.It Ic \&? +.It Ic ?\& Displays the legal .Ic set .Pq Ic unset @@ -1040,7 +1042,7 @@ The remote default characters are those of the remote system at the time when the .Tn TELNET connection was established. -.It Ic \&? +.It Ic ?\& Prints out help information for the .Ic slc command. @@ -1251,10 +1253,12 @@ has ever been enabled, then is sent as .Ic abort , and -.Ic eof and -.B suspend +.Ic eof +and +.Ic suspend are sent as -.Ic eof and +.Ic eof +and .Ic susp , see .Ic send @@ -1293,7 +1297,7 @@ skips the reading of the file in the users home directory when connections are opened. The initial value for this toggle is -.Dv FALSE. +.Dv FALSE . .It Ic termdata Toggles the display of all terminal data (in hexadecimal format). The initial value for this toggle is @@ -1306,7 +1310,7 @@ toggle is .Tn TELNET prints out a message each time encryption is enabled or disabled. The initial value for this toggle is -.Dv FALSE. +.Dv FALSE . Note: Because of export controls, data encryption is not supported outside of the United States and Canada. .It Ic \&? @@ -1325,7 +1329,7 @@ system. If .Ic command is omitted, then an interactive subshell is invoked. -.It Ic \&? Op Ar command +.It Ic ?\& Op Ar command Get help. With no arguments, .Nm telnet prints a help summary. diff --git a/crypto/kerberosIV/man/telnetd.8 b/crypto/kerberosIV/man/telnetd.8 index b26d8dd..6609a48 100644 --- a/crypto/kerberosIV/man/telnetd.8 +++ b/crypto/kerberosIV/man/telnetd.8 @@ -95,7 +95,7 @@ has been compiled with support for the .Dv AUTHENTICATION option. There are several valid values for -.Ar authmode: +.Ar authmode : .Bl -tag -width debug .It debug Turns on authentication debugging code. @@ -153,7 +153,7 @@ to the connection, allowing the user to see what .Nm telnetd is doing. There are several possible values for -.Ar debugmode: +.Ar debugmode : .Bl -tag -width exercise .It Cm options Prints information about the negotiation of @@ -166,7 +166,7 @@ information, plus some additional information about what processing is going on. .It Cm netdata Displays the data stream received by -.Nm telnetd. +.Nm telnetd . .It Cm ptydata Displays data written to the pty. .It Cm exercise @@ -194,12 +194,12 @@ be reached may be cleaned up. This option is only enabled when .Nm telnetd is compiled for -.Dv UNICOS. +.Dv UNICOS . It specifies an inclusive range of pseudo-terminal devices to use. If the system has sysconf variable .Dv _SC_CRAY_NPTY configured, the default pty search range is 0 to -.Dv _SC_CRAY_NPTY; +.Dv _SC_CRAY_NPTY ; otherwise, the default range is 0 to 128. Either .Ar lowpty or @@ -298,7 +298,9 @@ DO TIMING-MARK .Ed .Pp The pseudo-terminal allocated to the client is configured -to operate in \*(lqcooked\*(rq mode, and with +to operate in +.Dq cooked +mode, and with .Dv XTABS and .Dv CRMOD enabled (see @@ -336,7 +338,7 @@ Indicates that the client is willing to send a of the Network Virtual Terminal. .It "WILL SGA" Indicates that it will not be sending -.Dv IAC GA, +.Dv IAC GA , go ahead, commands. .It "WILL STATUS" Indicates a willingness to send the client, upon @@ -382,7 +384,7 @@ characters remotely. This is not really supported, but is sent to identify a 4.2BSD .Xr telnet 1 client, which will improperly respond with -.Dv WILL ECHO. +.Dv WILL ECHO . If a .Dv WILL ECHO is received, a @@ -394,7 +396,7 @@ name of the type of terminal that is attached to the client side of the connection. .It "DO SGA" Indicates that it does not need to receive -.Dv IAC GA, +.Dv IAC GA , the go ahead command. .It "DO NAWS" Requests that the client inform the server when @@ -423,9 +425,9 @@ Only sent if .Nm telnetd is compiled with support for both linemode and kludge linemode, and the client responded with -.Dv WONT LINEMODE. +.Dv WONT LINEMODE . If the client responds with -.Dv WILL TM, +.Dv WILL TM , the it is assumed that the client supports kludge linemode. Note that the @@ -443,6 +445,7 @@ Only sent if is compiled with support for data encryption, and indicates a willingness to decrypt the data stream. +.El .Sh ENVIRONMENT .Sh FILES .Pa /etc/services @@ -501,6 +504,7 @@ Telnet Authentication: SPX Telnet Environment Option Interoperability Issues .It Cm RFC-1572 Telnet Environment Option +.El .Sh BUGS Some .Tn TELNET |
